Commit Graph

7962 Commits

Author SHA1 Message Date
joel
fb7abcd8fc mdoc: remove EOL whitespace. 2014-12-29 13:50:59 +00:00
joel
8ef635d30e mdoc: improvements to SEE ALSO. 2014-12-27 08:22:58 +00:00
gleb
9bea39ca06 Adjust printf format specifiers for dev_t and ino_t in user space.
ino_t and dev_t are about to become uint64_t.

Reviewed by:	kib, mckusick
2014-12-17 07:10:48 +00:00
bryanv
bd42e1aaf2 Prefix all the vxlan ifconfig commands so they are unique
And rehook ifvxlan back into the build.
2014-12-17 05:36:34 +00:00
ae
34b8e89a50 Add ability to not specify a zone identifier twice, when both source and
destination addresses are specified.
For example:
	# ping6 -S fe80::1%ix0 ff02::1
or
	# ping6 -S fe80::1 fe80::2%ix0

Obtained from:	Yandex LLC
Sponsored by:	Yandex LLC
2014-12-16 14:59:20 +00:00
gleb
5efc0d3799 sbin/shutdown: Support time units as in 'shutdown -r +5sec'
Units supported: s, sec, m, min, h, hour.

Differential Revision:	https://reviews.freebsd.org/D1272
2014-12-16 08:29:02 +00:00
trasz
3e3c248f83 Add fstyp(8). This utility, named after its SVR4 counterpart, detects
filesystems.  It differs from file(1) in that it gives machine-parseable
output, it outputs filesystem labels, doesn't get confused by other
formats metadata, and runs in Capsicum sandbox.

Differential Revision:	https://reviews.freebsd.org/D1255
Relnotes:	yes
Sponsored by:	The FreeBSD Foundation
2014-12-10 14:14:16 +00:00
trasz
6e4144dd5e Move iscsi.conf.5 from sbin/iscontrol/ to usr.bin/iscsictl/, as the
former is obsolete.

MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
2014-12-05 12:38:01 +00:00
delphij
d70b42ed01 Fix inverted logic introduced in r272154.
Noticed by:	trasz
MFC after:	2 weeks
2014-12-01 20:51:01 +00:00
des
02a2569d57 Disable the vxlan code until the people reponsible for it can come up with
new command names that don't conflict with existing commands.

Pointy hat to:	bryanv
2014-12-01 12:59:16 +00:00
ngie
244d05e746 Convert sbin/mdconfig/tests from prove format tests to ATF format tests
As a side effect...
1. The tests now checks for the root user before continuing with kyua, which is
   more visible than the test being skipped with the TAP protocol
2. The tests work with devices that aren't /dev/md0 by caching the device
   attached during the test to a file, and later use the cached information to
   detach the device in the cleanup routine
3. The tests no longer require perl to run

MFC after: 1 week
PR: 191191
Sponsored by: EMC / Isilon Storage Division
2014-11-27 06:04:00 +00:00
bapt
6fdc031751 Convert sbin/ to LIBADD
Reduce overlinking
2014-11-25 11:23:12 +00:00
joel
121294362f Misc mdoc fixes:
- Remove superfluous paragraph macros.
- Remove/fix empty or incorrect macros.
- Sort sections into conventional order.
- Terminate quoted strings properly.
- Remove EOL whitespace.
2014-11-23 21:00:00 +00:00
trasz
9a52c87383 Cross-reference autounmountd(8) from umount(8).
MFC after:	1 month
Sponsored by:	The FreeBSD Foundation
2014-11-22 16:46:00 +00:00
trasz
ea8a12a723 Cross-reference automount(8) from mount(8).
MFC after:	1 month
Sponsored by:	The FreeBSD Foundation
2014-11-22 16:43:36 +00:00
imp
8723ec4461 Recommit r274750. 2014-11-21 01:43:55 +00:00
imp
4c1f21b94e Back our r274750 until discussions on proper fix are over. 2014-11-20 21:18:19 +00:00
ae
e50f01ba84 Use geom attribute "PART::type" to determine partition type and choose
relevant fsck_xxx utility.

MFC after:	1 week
2014-11-20 16:31:31 +00:00
trasz
a8d9ef1225 Uniformly refer to a file system as "file system".
MFC after:	1 month
Sponsored by:	The FreeBSD Foundation
2014-11-20 06:14:40 +00:00
trasz
3f6d71ae79 Add example on how to use gpart before growfs. While here, reorder examples
so that the simplest one comes first.

MFC after:	1 month
Sponsored by:	The FreeBSD Foundation
2014-11-20 06:12:11 +00:00
trasz
15dd233652 Document growfs(8) feature apparently nobody knows about.
MFC after:	1 month
Sponsored by:	The FreeBSD Foundation
2014-11-20 05:31:41 +00:00
trasz
ddfb3f1a15 Use proper ordering in EXAMPLES section in growfs(8).
MFC after:	1 month
Sponsored by:	The FreeBSD Foundation
2014-11-20 05:25:52 +00:00
feld
caef3be9c6 Expose groups by default in ifconfig output. This was never hidden by
OpenBSD; unsure why we chose to do so. As groups are a requirement for
pf, exposing them by default will make our pf implementation less
confusing.

While here add a missing free() that OpenBSD fixed 7 years ago.

PR:		194925
Differential Revision:	https://reviews.freebsd.org/D1185
Approved by:	des
Obtained from:	OpenBSD
2014-11-19 13:57:39 +00:00
sjg
e909cd6c36 Updated/new dependencies 2014-11-19 07:10:38 +00:00
sjg
b137080f19 Merge from head@274682 2014-11-19 01:07:58 +00:00
feld
2cfe78eed8 Fix geom's "usage" generation to not fabricate usage/help output for any
imaginary class we give it.

Differential Revision:	https://reviews.freebsd.org/D1150
Submitted by:	homerj
Approved by:	pjd
2014-11-17 15:19:57 +00:00
melifaro
f8d64c469a Finish r274175: do control plane MTU tracking.
Update route MTU in case of ifnet MTU change.
Add new RTF_FIXEDMTU to track explicitly specified MTU.

Old behavior:
ifconfig em0 mtu 1500->9000 -> all routes traversing em0 do not change MTU.
User has to manually update all routes.
ifconfig em0 mtu 9000->1500 -> all routes traversing em0 do not change MTU.
However, if ip[6]_output finds route with rt_mtu > interface mtu, rt_mtu
gets updated.

New behavior:
ifconfig em0 mtu 1500->9000 -> all interface routes in all fibs gets updated
with new MTU unless RTF_FIXEDMTU flag set on them.
ifconfig em0 mtu 9000->1500 -> all routes in all fibs gets updated with new
MTU unless RTF_FIXEDMTU flag set on them AND rt_mtu is less than ifp mtu.

route add ... -mtu XXX automatically sets RTF_FIXEDMTU flag.
route change .. -mtu 0 automatically removes RTF_FIXEDMTU flag.

PR:		194238
MFC after:	1 month
CR:		D1125
2014-11-17 01:05:29 +00:00
emaste
ed62ae8a62 Reference uefi(8) from i386 boot(8)
Suggested by trasz.

Differential Revision: https://reviews.freebsd.org/D1162
2014-11-14 20:12:33 +00:00
melifaro
12580bcaa8 Kill custom in_matroute() radix mathing function removing one rte mutex lock.
Initially in_matrote() in_clsroute() in their current state was introduced by
r4105 20 years ago. Instead of deleting inactive routes immediately, we kept them
in route table, setting RTPRF_OURS flag and some expire time. After that, either
GC came or RTPRF_OURS got removed on first-packet. It was a good solution
in that days (and probably another decade after that) to keep TCP metrics.
However, after moving metrics to TCP hostcache in r122922, most of in_rmx
functionality became unused. It might had been used for flushing icmp-originated
routes before rte mutexes/refcounting, but I'm not sure about that.

So it looks like this is nearly impossible to make GC do its work nowadays:

in_rtkill() ignores non-RTPRF_OURS routes.
route can only become RTPRF_OURS after dropping last reference via rtfree()
which calls in_clsroute(), which, it turn, ignores UP and non-RTF_DYNAMIC routes.

Dynamic routes can still be installed via received redirect, but they
have default lifetime (no specific rt_expire) and no one has another trie walker
to call RTFREE() on them.

So, the changelist:
* remove custom rnh_match / rnh_close matching function.
* remove all GC functions
* partially revert r256695 (proto3 is no more used inside kernel,
  it is not possible to use rt_expire from user point of view, proto3 support
  is not complete)
* Finish r241884 (similar to this commit) and remove remaining IPv6 parts

MFC after:	1 month
2014-11-11 02:52:40 +00:00
bryanv
31cb3eec1a Attempt to report a better error if sanitize is not supported
MFC after:	1 month
2014-11-09 18:13:08 +00:00
phk
0f5b16fa3e Report the 1-based key numbers rather than the 0-based ones to be consistent.
Fix documentation for destroy command.  Not sure how the wrong explanation
happened.

Spotted by:	mwlucas
2014-11-09 15:53:29 +00:00
ae
7144dc8bc2 Overhaul if_gre(4).
Split it into two modules: if_gre(4) for GRE encapsulation and
if_me(4) for minimal encapsulation within IP.

gre(4) changes:
* convert to if_transmit;
* rework locking: protect access to softc with rmlock,
  protect from concurrent ioctls with sx lock;
* correct interface accounting for outgoing datagramms (count only payload size);
* implement generic support for using IPv6 as delivery header;
* make implementation conform to the RFC 2784 and partially to RFC 2890;
* add support for GRE checksums - calculate for outgoing datagramms and check
  for inconming datagramms;
* add support for sending sequence number in GRE header;
* remove support of cached routes. This fixes problem, when gre(4) doesn't
  work at system startup. But this also removes support for having tunnels with
  the same addresses for inner and outer header.
* deprecate support for various GREXXX ioctls, that doesn't used in FreeBSD.
  Use our standard ioctls for tunnels.

me(4):
* implementation conform to RFC 2004;
* use if_transmit;
* use the same locking model as gre(4);

PR:		164475
Differential Revision:	D1023
No objections from:	net@
Relnotes:	yes
Sponsored by:	Yandex LLC
2014-11-07 19:13:19 +00:00
bapt
f9dd90308a fsirand does not actually use libutil 2014-11-05 22:46:11 +00:00
melifaro
5df7994652 Put "break" after err() to please coverity.
Reported by:	Coverity
CID:		1250795
2014-11-04 10:21:34 +00:00
melifaro
71195eab36 Print human-readable error for "route not found" case.
Submitted by:	vsevolod (initial version)
MFC after:	2 weeks
Sponsored by:	Yandex LLC
2014-10-31 13:37:47 +00:00
trasz
96f82a0d0c Build mount_nfs(8) with WARNS=6.
Reviewed by:	rmacklem@
MFC after:	1 month
Sponsored by:	The FreeBSD Foundation
2014-10-31 09:51:54 +00:00
ambrisko
37cb22f7f4 Make UEFI booting of 4Kn disks work:
-	convert boot1.efi to corrrectly calculate the lba for what the
	media reports and convert the size based on what FreeBSD uses.
	The existing code would use the 512 byte lba and convert the
	size using 4K byte size.
      -	make fsck_msdosfs read the boot block as 4K so the read doesn't
	fail on a 4Kn drive since FreeBSD will error out parition reads
	of a block.  Make the bpbBytesPerSec check a multiple of 512 since
	it can be 512 or 4K depending on the disk.  This allows fsck to
	pass checking the EFI partition on a 4Kn disk.

To create the EFI file system I used:
	newfs_msdos -F 32 -S 4096 -c 1 -m 0xf8 <partition>
This works for booting 512 and 4Kn disks.

Caveat is that loader.efi cannot read the 4Kn EFI partition.  This isn't
critical right now since boot1.efi will read loader.efi from the ufs
partition.  It looks like loader.efi can be fixed via making some of the
512 bytes reads more flexible.  loader.efi doesn't have trouble reading
the ufs partition.  This is probably a simple fix.

I now have FreeBSD installed on a system with 4Kn drives and tested the
same code works on 512.

MFC after:	1 week
2014-10-30 15:52:01 +00:00
trasz
4f7fdc1c95 Remove two functions unused after r273848. Would be nice if clang
or at least scan-build yelled about it.

MFC after:	1 month
Sponsored by:	The FreeBSD Foundation
2014-10-30 14:05:48 +00:00
trasz
315deabb66 Note that the "timeout" nfs option is in tenths of a second.
MFC after:	1 month
Sponsored by:	The FreeBSD Foundation
2014-10-30 09:06:52 +00:00
trasz
d140ecd680 Add support for "timeo", "actimeo", "noac", and "proto" options
to mount_nfs(8).  They are implemented on Linux, OS X, and Solaris,
and thus can be expected to appear in automounter maps.

Reviewed by:	rmacklem@
MFC after:	1 month
Sponsored by:	The FreeBSD Foundation
2014-10-30 08:50:01 +00:00
trasz
bc68f22467 Get rid of obsolete code in mount_nfs(8).
Reviewed by:	rmacklem@
Sponsored by:	The FreeBSD Foundation
2014-10-30 08:05:51 +00:00
melifaro
46565044f0 Fix documentation issue.
PR:		194581
Submitted by:	madpilot
2014-10-24 17:06:56 +00:00
melifaro
c909035802 Fix displaying non-contiguous netmasks.
Found by:	ae
Sponsored by:	Yandex LLC
2014-10-24 13:29:12 +00:00
melifaro
9dce247ae1 Show SFP+/QSFP memory map dump on higher verbose levels.
Sponsored by:	Yandex LLC
MFC after:	1 week
2014-10-23 11:01:49 +00:00
bryanv
783bd6e089 Add vxlan interface
vxlan creates a virtual LAN by encapsulating the inner Ethernet frame in
a UDP packet. This implementation is based on RFC7348.

Currently, the IPv6 support is not fully compliant with the specification:
we should be able to receive UPDv6 packets with a zero checksum, but we
need to support RFC6935 first. Patches for this should come soon.

Encapsulation protocols such as vxlan emphasize the need for the FreeBSD
network stack to support batching, GRO, and GSO. Each frame has to make
two trips through the network stack, and each frame will be at most MTU
sized. Performance suffers accordingly.

Some latest generation NICs have begun to support vxlan HW offloads that
we should also take advantage of. VIMAGE support should also be added soon.

Differential Revision:	https://reviews.freebsd.org/D384
Reviewed by:	gnn
Relnotes:	yes
2014-10-20 14:42:42 +00:00
hrs
4a3d5910e2 WARNS=3 and style fixes. No functionality change. 2014-10-20 00:27:40 +00:00
melifaro
d7ea66893f * Zero rule buffer.
* Rename 'read' variable.

Pointed by:	luigi
2014-10-18 15:18:31 +00:00
melifaro
48fe6db658 * Fix table sets handling.
* Simplify formatting.

Suggested by:	luigi
2014-10-17 20:47:55 +00:00
hrs
0799e08a15 Add -x waittime and -X timeout options for feature parity. These are
equivalent to -W and -t options of ping(8).  Different letters are used
because both have already been used for another purposes in ping6(8).
2014-10-17 09:33:09 +00:00
melifaro
76e89c3500 Show error when deleting non-existing rule number.
Found by:	Oleg Ginzburg
2014-10-13 12:49:04 +00:00
melifaro
14eb15740e * Fix zeroing individual entries via ipfw(8).
* Report error and return non-zero exit code if zeroing non-matched entries

Found by:	Oleg Ginzburg
2014-10-13 11:26:17 +00:00
trasz
4b6f54abd2 Mark iscontrol(8) and iscsi_initiator(4) obsolete.
Differential Revision:	https://reviews.freebsd.org/D931
Reviewed by:	wblock@
MFC after:	3 days
Sponsored by:	The FreeBSD Foundation
2014-10-11 05:18:22 +00:00
melifaro
4b5577b783 Partially fix build on !amd64
Pointed by:	bz
2014-10-10 17:24:56 +00:00
hrs
855894fab0 Do not add late flag when file= is specified because it has a bad
side-effect.  The specified file should exist before the fstab line.

Reported by:	wblock (long time ago)
MFC after:	1 day
2014-10-10 03:20:12 +00:00
melifaro
d23efba7dd Sync to HEAD@r272825. 2014-10-09 15:35:28 +00:00
melifaro
7740b8f739 * Fix use-after-free in table printing code.
* Fix showing human-readable error in table cmds code.
2014-10-09 12:54:56 +00:00
ae
301ee8d315 Revert r156046. We support setting dumpdev via loader tunable again.
Also change default disk name to ada.

MFC after:	3 weeks
2014-10-08 12:19:48 +00:00
melifaro
bbf0fe2f55 Sync to HEAD@r272609. 2014-10-06 11:29:50 +00:00
melifaro
de047d9894 Improve "reserved keywords" hack:
we can't easily predict (in current parsing model)
if the keyword is ipfw(8) reserved keyword or port name.
Checking proto database via getprotobyname() consumes a lot of
CPU and leads to tens of seconds for parsing large ruleset.
Use list of reserved keywords and check them as pre-requisite
before doing getprotobyname().

Obtained from:	Yandex LLC
2014-10-06 11:00:47 +00:00
melifaro
6d4e1e4f7b Fix tracked interface list retrieval. 2014-10-05 10:20:47 +00:00
hrs
d278f7c187 Use printb() for boolean flags in ro_opts and actor_state for LACP. 2014-10-05 02:37:01 +00:00
melifaro
94289f5d39 Fix GCC wardnings. 2014-10-04 17:21:30 +00:00
melifaro
e8d559896c Sync to HEAD@r272516. 2014-10-04 12:42:37 +00:00
melifaro
461f5f72ce Document new table values.
Sponsored by:	Yandex LLC
2014-10-03 15:36:58 +00:00
hrs
424e7334fb Revert r272390.
Pointed out by:	glebius
2014-10-02 20:17:16 +00:00
hrs
db53b4f174 Separate option handling from SIOC[SG]LAGG to SIOC[SG]LAGGOPTS for
backward compatibility with old ifconfig(8).
2014-10-02 20:01:13 +00:00
hrs
f64371468d Add IFCAP_HWSTATS. 2014-10-02 00:19:24 +00:00
hrs
667a2b7369 Virtualize lagg(4) cloner. This change fixes a panic when tearing down
if_lagg(4) interfaces which were cloned in a vnet jail.

Sysctl nodes which are dynamically generated for each cloned interface
(net.link.lagg.N.*) have been removed, and use_flowid and flowid_shift
ifconfig(8) parameters have been added instead.  Flags and per-interface
statistics counters are displayed in "ifconfig -v".

CR:	D842
2014-10-01 21:37:32 +00:00
nyan
7f50c94166 Merged from r183296.
Add missing library dependencies.
2014-09-28 08:23:26 +00:00
delphij
478dd486cc Refactor the code a little bit to reduce duplicated code.
Reviewed by:	mjg
MFC after:	2 weeks
2014-09-26 05:05:34 +00:00
delphij
f092aede04 Explicitly set errno to 0 before calling strto*.
Suggested by:	mjg
MFC after:	2 weeks
2014-09-25 22:47:19 +00:00
delphij
d8ef9b3342 The strtol(3) family of functions would set errno when it hits one.
Check errno and handle it as invalid input.

Obtained from:	HardenedBSD
Submitted by:	David CARLIER <devnexen@gmail.com>
MFC after:	2 weeks
2014-09-25 22:37:27 +00:00
delphij
9f680150f9 Constify a parameter of name2oid. No functional change.
MFC after:	2 months
2014-09-23 22:15:00 +00:00
hrs
6d85720d18 Fix a typo. 2014-09-21 05:03:04 +00:00
hrs
7aad5f07dd Fix a bug which could make routed(8) daemon exit by sending a special RIP
query from a remote machine, and disable accepting it by default.  This
requests a routed(8) daemon to dump routing information base for debugging
purpose.  An -i flag to enable it has been added.
2014-09-21 04:00:28 +00:00
hrs
b5317f446c Fix a problem that reply packets are not received when -i T option is set
and (T < RTT).

- Use select(2) for timeout instead of interval timer. Remove poll(2) support.
- Use sigaction(2) instead of signal(3).
- Exit in SIGINT handler when two signals are received and doing reverse DNS
  lookup as ping(8) does.
- Remove redundant variables used for getaddrinfo(3).

PR:	151023
2014-09-20 19:54:19 +00:00
hrs
44e120581b Revert changes in r269180. It could cause -c N option to enter an
infinite loop if no reply packet is received.

PR:	151023
2014-09-20 18:48:50 +00:00
araujo
b72df5c2ba The lagg(4) interface is based on trunk(4) interface from OpenBSD.
The FreeBSD is the only system that has the FEC protocol, that is a simple alias
to loadbalance protocol and does not implement the ancient Cisco FEC standard.

From now on, we remove the fec protocol from the documentation and keep the FEC
code only for compatibility.

Phabric:	D539
Reviewed by:	glebius, thompsa
Approved by:	glebius
Sponsored by:	QNAP Systems Inc.
2014-09-18 02:22:02 +00:00
araujo
d7a9c633d7 Add laggproto broadcast, it allows sends frames to all ports of the lagg(4) group
and receives frames on any port of the lagg(4).

Phabric:	D549
Reviewed by:	glebius, thompsa
Approved by:	glebius
Obtained from:	OpenBSD
Sponsored by:	QNAP Systems Inc.
2014-09-18 02:12:48 +00:00
bdrewery
3f85fc7387 If fgets(3) fails in getbounds(), show strerror(3) if not an EOF. Also fix
a FILE* leak in getbounds().

Submitted by:	Conrad Meyer <conrad.meyer@isilon.com>
PR:		192032
Sponsored by:	EMC / Isilon Storage Division
MFC after:	1 week
2014-09-17 19:09:58 +00:00
bryanv
80ccb248ca Add DEF_CLONE_CMD_ARG2
This will be used in the forthcoming vxlan import.

Reviewed by:	gnn
Phabric:	https://reviews.freebsd.org/D382
2014-09-14 22:10:35 +00:00
mav
b2cfbc4e0b Update CAM CCB accounting for the new status quo.
devq_openings counter lost its meaning after allocation queues has gone.
held counter is still meaningful, but problematic to update due to separate
locking of CCB allocation and queuing.

To fix that replace devq_openings counter with allocated counter.  held is
now calculated on request as difference between number of allocated, queued
and active CCBs.

MFC after:	1 month
2014-09-14 11:59:49 +00:00
melifaro
cca53e2bbc Do not try to read i2c info when no transceiver is present.
MFC with:	r270064
Sponsored by:	Yandex LLC
2014-09-13 16:04:55 +00:00
jhb
9741565697 Add a sysctl to export the EFI memory map along with a handler in the
sysctl(8) binary to format it.

Reviewed by:	emaste
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D771
2014-09-13 03:10:02 +00:00
jhb
31267eaaaf Pass the length of an structure to the pretty-printer backends as a
size_t instead of an int.
2014-09-12 21:01:39 +00:00
glebius
0c2257eddc Since r270929 raw sockets expect network byte order.
Submitted by:	avg
2014-09-11 05:48:39 +00:00
hrs
08cd0ead43 Fix a bug which could break extended attributes in a dump output.
This occurred when a file was >892kB long and had a large data (>1kB)
in the extended attributes.

Reported by:	Masashi Toriumi
Reviewed by:	mckusick
2014-09-10 22:37:20 +00:00
ae
7d73ba1804 Add the ability to set `prefer_source' flag to an IPv6 address.
It affects the IPv6 source address selection algorithm (RFC 6724)
and allows override the last rule ("longest matching prefix") for
choosing among equivalent addresses. The address with `prefer_source'
will be preferred source address.

Obtained from:	Yandex LLC
MFC after:	1 month
Sponsored by:	Yandex LLC
2014-09-09 10:52:50 +00:00
melifaro
f7e6823045 Make ipfw_nat module use IP_FW3 codes.
Kernel changes:
* Split kernel/userland nat structures eliminating IPFW_INTERNAL hack.
* Add IP_FW_NAT44_* codes resemblin old ones.
* Assume that instances can be named (no kernel support currently).
* Use both UH+WLOCK locks for all configuration changes.
* Provide full ABI support for old sockopts.

Userland changes:
* Use IP_FW_NAT44_* codes for nat operations.
* Remove undocumented ability to show ranges of nat "log" entries.
2014-09-07 18:30:29 +00:00
melifaro
595fec1055 Change copyrights to the proper one. 2014-09-05 14:19:02 +00:00
melifaro
6cdcf30fda Return setsockopt() directly.
Suggested by:	Steven Hartland  at killing@multiplay.co.uk.
2014-09-05 13:56:05 +00:00
melifaro
21fa37c8e5 Sync to HEAD@r271160. 2014-09-05 13:52:39 +00:00
melifaro
81481843c8 Use per-function errno handling instead of global one.
Requested by:	luigi
2014-09-05 11:48:32 +00:00
melifaro
0db31aaac8 * Unconditionally turn on SIOCGI2C probing for all interfaces
on "ifconfig -v". I've seen no measurable timing difference
    for doing additional SIOCGI2C call for system with 4k vlans.
* Determine appropriate handler (SFP/QSFP) by reading identification
    byte (which is the same for both SFF-8472 and SFF-8436) instead
   of checking driver name.

MFC with:	r270064
Sponsored by:	Yandex LLC
2014-09-03 11:07:49 +00:00
ed
eded564156 Add lock annotations to the threading API used by hastd.
Approved by:	pjd@
2014-09-01 18:37:17 +00:00
se
dd5b14a1ea Add references to vt(4) to further man-pages.
MFC after:	3 days
2014-09-01 16:25:08 +00:00
melifaro
a1eca3cc0c Add support for multi-field values inside ipfw tables.
This is the last major change in given branch.

Kernel changes:
* Use 64-bytes structures to hold multi-value variables.
* Use shared array to hold values from all tables (assume
  each table algo is capable of holding 32-byte variables).
* Add some placeholders to support per-table value arrays in future.
* Use simple eventhandler-style API to ease the process of adding new
  table items. Currently table addition may required multiple UH drops/
  acquires which is quite tricky due to atomic table modificatio/swap
  support, shared array resize, etc. Deal with it by calling special
  notifier capable of rolling back state before actually performing
  swap/resize operations. Original operation then restarts itself after
  acquiring UH lock.
* Bump all objhash users default values to at least 64
* Fix custom hashing inside objhash.

Userland changes:
* Add support for dumping shared value array via "vlist" internal cmd.
* Some small print/fill_flags dixes to support u32 values.
* valtype is now bitmask of
  <skipto|pipe|fib|nat|dscp|tag|divert|netgraph|limit|ipv4|ipv6>.
  New values can hold distinct values for each of this types.
* Provide special "legacy" type which assumes all values are the same.
* More helpers/docs following..

Some examples:

3:41 [1] zfscurr0# ipfw table mimimi create valtype skipto,limit,ipv4,ipv6
3:41 [1] zfscurr0# ipfw table mimimi info
+++ table(mimimi), set(0) +++
 kindex: 2, type: addr
 references: 0, valtype: skipto,limit,ipv4,ipv6
 algorithm: addr:radix
 items: 0, size: 296
3:42 [1] zfscurr0# ipfw table mimimi add 10.0.0.5 3000,10,10.0.0.1,2a02:978:2::1
added: 10.0.0.5/32 3000,10,10.0.0.1,2a02:978:2::1
3:42 [1] zfscurr0# ipfw table mimimi list
+++ table(mimimi), set(0) +++
10.0.0.5/32 3000,0,10.0.0.1,2a02:978:2::1
2014-08-31 23:51:09 +00:00
gavin
d5f758fb15 Fix character case in examples for "camcontrol security" - should be
"-U user" not "-u user".

PR:		193179
Submitted by:	milios ccsys com
MFC after:	3 days
2014-08-31 10:28:31 +00:00
jhb
9d531dc3c1 - Add a new structure type for the ACPI 3.0 SMAP entry that includes the
optional attributes field.
- Add a 'machdep.smap' sysctl that exports the SMAP table of the running
  system as an array of the ACPI 3.0 structure.  (On older systems, the
  attributes are given a value of zero.)  Note that the sysctl only
  exports the SMAP table if it is available via the metadata passed from
  the loader to the kernel.  If an SMAP is not available, an empty array
  is returned.
- Add a format handler for the ACPI 3.0 SMAP structure to the sysctl(8)
  binary to format the SMAP structures in a readable format similar to
  the format found in boot messages.

MFC after:	2 weeks
2014-08-29 21:25:47 +00:00
melifaro
69a7dea554 * Add SIOCGI2C driver ioctl used to retrieve i2c info.
* Convert ixgbe to use this ioctl
* Convert ifconfig to use generic i2c handler for  "ix" interfaces.

Approved by:	Eric Joyner (ixgbe part)
MFC after:	2 weeks
Sponsored by:	Yandex LLC
2014-08-29 18:02:58 +00:00
jhb
5b6f86660b Correct the destroy example. The -n argument is not needed (and is not
valid).

Reported by:	mwlucas
Reviewed by:	phk
MFC after:	1 week
2014-08-27 17:44:59 +00:00
ngie
f97171e018 Garbage collect libl dependency
The application links and runs without libl

Approved by: rpaulo (mentor)
Phabric: D673
X-MFC with: r270117
Submitted by: trociny
2014-08-23 20:45:00 +00:00
melifaro
06eb65b248 Whitespace/style changes merged from projects/ipfw. 2014-08-23 17:57:06 +00:00
melifaro
f99eb0fb2f Merge buffer-printing changes from from projects/ipfw as preparation
for branch merge.

Requested by:	luigi
2014-08-23 17:37:18 +00:00
melifaro
cf94663e69 Sync to HEAD@r270409. 2014-08-23 14:58:31 +00:00
neel
d00c242753 Change file permissions for some setuid executables so they are "o+r".
The executable itself doesn't contain any privileged information.

An example of where this is useful is when makefs(8) is creating an image
that includes /sbin/shutdown. This can now be done without root privileges.

Reviewed by:	delphij
Discussed with:	delphij, des
CR:		https://reviews.freebsd.org/D662
2014-08-21 19:04:15 +00:00
melifaro
81b97334ef * Add new net/sff8436.h containing constants used to access
QSFP+ data via i2c inteface. These constants has been taken
  from SFF-8436 "QSFP+ 10 Gbs 4X PLUGGABLE TRANSCEIVER" standard
  rev 4.8.
* Add support for printing QSFP+ information from 40G NICs
  such as Chelsio T5.

This commit does not contain ioctl changes necessary for this
functionality work, there will be another commit soon.

Example:
cxl1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=ec07bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,.....>
        ether 00:07:43:28:ad:08
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
        media: Ethernet 40Gbase-LR4 <full-duplex>
        status: active
        plugged: QSFP+ 40GBASE-LR4 (MPO Parallel Optic)
        vendor: OEM PN: OP-QSFP-40G-LR4 SN: 20140318001 DATE: 2014-03-18
        module temperature: 64.06 C voltage: 3.26 Volts
        lane 1: RX: 0.47 mW (-3.21 dBm) TX: 2.78 mW (4.46 dBm)
        lane 2: RX: 0.20 mW (-6.94 dBm) TX: 2.80 mW (4.47 dBm)
        lane 3: RX: 0.18 mW (-7.38 dBm) TX: 2.79 mW (4.47 dBm)
        lane 4: RX: 0.90 mW (-0.45 dBm) TX: 2.80 mW (4.48 dBm)

Tested on:	Chelsio T5
Tested on:	Mellanox/Huawei passive/active cables/transceivers.
MFC after:	2 weeks
Sponsored by:	Yandex LLC
2014-08-21 17:54:42 +00:00
asomers
ab6d2528d2 Misc fixes suggested by Coverity.
sbin/devd/tests/client_test.c
	* In the event that popen fails, don't dereference its return value.
	* Fix array overwrite in the stream and seqpacket tests.
	* Close sockets at the end of successful ATF tests.

Reported by:	Coverity scan
CID:		1232019, 1232020, 1232029, 1232030
MFC after:	1 week
Sponsored by:	Spectra Logic
2014-08-20 17:04:49 +00:00
trasz
e067fb3d98 Add description for the "automounted" mount flag.
Reviewed by:	emaste@
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
2014-08-20 13:52:47 +00:00
bdrewery
b619f0c747 Revert r267233 for now. PIE support needs to be reworked.
1. 50+% of NO_PIE use is fixed by adding -fPIC to INTERNALLIB and other
   build-only utility libraries.
2. Another 40% is fixed by generating _pic.a variants of various libraries.
3. Some of the NO_PIE use is a bit absurd as it is disabling PIE (and ASLR)
   where it never would work anyhow, such as csu or loader. This suggests
   there may be better ways of adding support to the tree. Many of these
   cases can be fixed such that -fPIE will work but there is really no
   reason to have it in those cases.
4. Some of the uses are working around hacks done to some Makefiles that are
   really building libraries but have been using bsd.prog.mk because the code
   is cleaner. Had they been using bsd.lib.mk then NO_PIE would not have
   been needed.

We likely do want to enable PIE by default (opt-out) for non-tree consumers
(such as ports). For in-tree though we probably want to only enable PIE
(opt-in) for common attack targets such as remote service daemons and setuid
utilities. This is also a great performance compromise since ASLR is expected
to reduce performance. As such it does not make sense to enable it in all
utilities such as ls(1) that have little benefit to having it enabled.

Reported by:	kib
2014-08-19 15:04:32 +00:00
sjg
d7cd1d425c Merge head from 7/28 2014-08-19 06:50:54 +00:00
melifaro
34d4d0dfc0 Zero buffer before request. 2014-08-18 08:07:50 +00:00
ngie
a1f9f1210c Add LIBUTIL to DPADD
This will fix "make checkdpadd"

MFC after: 5 days
PR: 192759
Approved by: rpaulo (mentor)
2014-08-18 01:21:41 +00:00
ngie
73936dff91 Add -ll to LDADD to fix "make checkdpadd"
Phabric: D622
MFC after: 2 weeks
Approved by: rpaulo (mentor)
2014-08-18 00:50:09 +00:00
melifaro
ccc6b4ec37 Add forgotten DPADD to ifconfig(8).
PR:		192760
Submitted by:	yaneurabeya at gmail.com
MFC after:	2 weeks
2014-08-17 20:06:47 +00:00
neel
eb80e5e63b Remove LOG_ODELAY because it does nothing.
Reviewed by:	jilles
CR:		https://reviews.freebsd.org/D611
2014-08-17 19:06:26 +00:00
trasz
cac9beab7d Bring in the new automounter, similar to what's provided in most other
UNIX systems, eg. MacOS X and Solaris.  It uses Sun-compatible map format,
has proper kernel support, and LDAP integration.

There are still a few outstanding problems; they will be fixed shortly.

Reviewed by:	allanjude@, emaste@, kib@, wblock@ (earlier versions)
Phabric:	D523
MFC after:	2 weeks
Relnotes:	yes
Sponsored by:	The FreeBSD Foundation
2014-08-17 09:44:42 +00:00
melifaro
f2c90b28e8 Clean up unused definitions. 2014-08-16 22:55:58 +00:00
melifaro
3142dab2d4 * Use standard net/sff8472.h header for sff bits and offsets.
* Convert sff_8472_id to 'const char *' to please clang.

Pointed by:	np
2014-08-16 21:53:44 +00:00
melifaro
0c02adae03 Add support for reading i2c SFP/SFP+ data from NIC driver and
presenting most interesting fields via ifconfig -v.
This version supports Intel ixgbe driver only.

Tested on:	Cisco,Intel,Mellanox,ModuleTech,Molex transceivers
MFC after:	2 weeks
2014-08-16 19:13:52 +00:00
peter
f01a1ba088 Use mount protocol version 3 by default for showmount and umount.
mount_nfs effectively uses mount protocol v3 by default already.
v1 mount protocol is being removed along with nfsv2 by a high profile NFS
appliance vendor and our legacy v1 mount protocol usage causes rpc errors.
2014-08-16 14:56:11 +00:00
ngie
e4261b2c3a Fix atmconfig compilation when MK_ATM == yes and MK_BSNMP == no
Makefile.inc1:
Always compile gensnmptree with bootstrap-tools when MK_BSNMP != no
instead of depending on a potentially stale tool installed on the build host

sbin/atm/atmconfig/Makefile:
- Always remove oid.h to avoid cluttering up the build/src tree.
- Consolidate all of the RESCUE/MK_BSNMP != no logic under one
conditional to improve readability
- Remove unnecessary ${.OBJDIR} prefixing for oid.h and use ${.TARGET} instead
  of spelling out oid.h
- Add a missing DPADD for ${LIBCRYPTO} when compiled MK_BSNMP == yes and
  MK_OPENSSL == yes and not compiling for /rescue/rescue

sbin/atm/atmconfig/main.c:
Change #ifndef RESCUE to #ifdef WITH_BSNMP in main.c to make it
clear that we're compiling bsnmp support into atmconfig

Approved by: jmmv (mentor)
Phabric: D579
PR: 143830
MFC after: 2 weeks
Sponsored by: EMC / Isilon Storage Division
2014-08-15 21:22:49 +00:00
melifaro
b921074dbb Make room for multi-type values in struct tentry. 2014-08-15 12:58:32 +00:00
bz
bd04c6de5d Remove bogus ; at the end of the if condition in order to unbreak gcc builds
after r270004.

MFC after:	4 days
X-MFX with:	r270004
2014-08-15 10:01:33 +00:00
asomers
c511ec0ad8 Convert devd's client socket to type SOCK_SEQPACKET.
This change consists of two merges from projects/zfsd/head along with the
addition of an ATF test case for the new functionality.

sbin/devd/tests/Makefile
sbin/devd/tests/client_test.c
	Add ATF test cases for reading events from both devd socket types.

r266519:
sbin/devd/devd.8
sbin/devd/devd.cc
	Create a new socket, of type SOCK_SEQPACKET, for communicating with
	clients. SOCK_SEQPACKET sockets preserve record boundaries,
	simplying code in the client. The old SOCK_STREAM socket is retained
	for backwards-compatibility with existing clients.

r269993:
sbin/devd/devd.8
	Fix grammar bug.

CR:		https://reviews.freebsd.org/rS266519
MFC after:	5 days
Sponsored by:	Spectra Logic
2014-08-14 22:33:56 +00:00
melifaro
6f8397b648 Replace "cidr" table type with "addr" type.
Suggested by:	luigi
2014-08-14 21:43:20 +00:00
melifaro
9b0fd0e183 * Document internal commands.
* Do not require/set default table type if algo name is specified.
* Add TA_FLAG_READONLY option for algorithms.
2014-08-14 17:31:04 +00:00
pfg
b7d1d90916 Use "NO NAME" as the default unnamed label.
Microsoft recommends avoiding the use of spaces in the
string structures for FAT. Unfortunately they do just
that by default in the case of unlabeled filesystems.

Follow the default MS behavior to avoid confusion in
common tools like file(1). This was actually the
default behavior before r203868.

Obtained from:	NetBSD (CVS rev. 1.39)
MFC after:	3 days
2014-08-13 21:18:31 +00:00
melifaro
03e33c1ac5 Sync to HEAD@r269943. 2014-08-13 16:20:41 +00:00
melifaro
35ad1fed6c Document table set-awareness in ipfw(8). 2014-08-13 15:29:29 +00:00
melifaro
21ceaa3a9f * Pass proper table set numbers from userland side.
* Ignore them, but honor V_fw_tables_sets value on kernel side.
2014-08-13 12:04:45 +00:00
melifaro
cb5593124f Update op3 cmds. 2014-08-13 06:39:44 +00:00
melifaro
6f37722ac8 * Do not crash on incorrect "flow" type inputs.
* Do not auto-create tables for operations other than add.
2014-08-13 06:16:37 +00:00
melifaro
9dd998e46b Document most of the changes that have happened. 2014-08-13 00:19:18 +00:00
melifaro
4db6b3801c Move one step further towards libipfw: convert show_static_rule() to
bpprint-output style, so one can now output human-readable rule
representation to preallocated buffer.
2014-08-12 19:56:26 +00:00
gjb
3a0070cced Fix a typo in a comment: s/interprete/interpret/
Submitted by:	Sam Fourman Jr.
MFC after:	3 days
Sponsored by:	The FreeBSD Foundation
2014-08-12 19:37:49 +00:00
melifaro
72d98439fa * Update table_handler cmd list
* Implement partial cmd matching inside table handler.
2014-08-12 18:02:10 +00:00
melifaro
20eb17aed6 Change tablearg value to be 0 (try #2).
Most of the tablearg-supported opcodes does not accept 0 as valid value:
 O_TAG, O_TAGGED, O_PIPE, O_QUEUE, O_DIVERT, O_TEE, O_SKIPTO, O_CALLRET,
 O_NETGRAPH, O_NGTEE, O_NAT treats 0 as invalid input.

The rest are O_SETDSCP and O_SETFIB.
'Fix' them by adding high-order bit (0x8000) set for non-tablearg values.
Do translation in kernel for old clients (import_rule0 / export_rule0),
teach current ipfw(8) binary to add/remove given bit.

This change does not affect handling SETDSCP values, but limit
O_SETFIB values to 32767 instead of 65k. Since currently we have either
old (16) or new (2^32) max fibs, this should not be a big deal:
we're definitely OK for former and have to add another opcode to deal
with latter, regardless of tablearg value.
2014-08-12 15:51:48 +00:00
ae
74e6245779 Turn off kern.geom.part.mbr.enforce_chs by default. 2014-08-12 10:31:31 +00:00
ae
bce854ccde Remove duplicate entry. 2014-08-12 09:34:53 +00:00
ae
e3be5d165d Add sysctl and loader tunable kern.geom.part.mbr.enforce_chs that is set
by default. It can be used to disable automatic alignment to CHS geometry,
that GEOM_PART_MBR does.

Reviewed by:	wblock
MFC after:	1 week
2014-08-12 09:10:13 +00:00
melifaro
25473f8f4a * Add the abilify to lock/unlock given table from changes.
Example:

# ipfw table si lock
# ipfw table si info
+++ table(si), set(0) +++
 kindex: 0, type: cidr, locked
 valtype: number, references: 0
 algorithm: cidr:radix
 items: 0, size: 288
# ipfw table si add 4.5.6.7
ignored: 4.5.6.7/32 0
ipfw: Adding record failed: table is locked
# ipfw table si unlock
# ipfw table si add 4.5.6.7
added: 4.5.6.7/32 0
# ipfw table si lock
# ipfw table si delete 4.5.6.7
ignored: 4.5.6.7/32 0
ipfw: Deleting record failed: table is locked
# ipfw table si unlock
# ipfw table si delete 4.5.6.7
deleted: 4.5.6.7/32 0
2014-08-11 18:09:37 +00:00
melifaro
377bb9d131 * Add support for batched add/delete for ipfw tables
* Add support for atomic batches add (all or none).
* Fix panic on deleting non-existing entry in radix algo.

Examples:

# si is empty
# ipfw table si add 1.1.1.1/32 1111 2.2.2.2/32 2222
added: 1.1.1.1/32 1111
added: 2.2.2.2/32 2222
# ipfw table si add 2.2.2.2/32 2200 4.4.4.4/32 4444
exists: 2.2.2.2/32 2200
added: 4.4.4.4/32 4444
ipfw: Adding record failed: record already exists
^^^^^ Returns error but keeps inserted items
# ipfw table si list
+++ table(si), set(0) +++
1.1.1.1/32 1111
2.2.2.2/32 2222
4.4.4.4/32 4444
# ipfw table si atomic add 3.3.3.3/32 3333 4.4.4.4/32 4400 5.5.5.5/32 5555
added(reverted): 3.3.3.3/32 3333
exists: 4.4.4.4/32 4400
ignored: 5.5.5.5/32 5555
ipfw: Adding record failed: record already exists
^^^^^ Returns error and reverts added records
# ipfw table si list
+++ table(si), set(0) +++
1.1.1.1/32 1111
2.2.2.2/32 2222
4.4.4.4/32 4444
2014-08-11 17:34:25 +00:00
melifaro
57d917cb99 Kernel changes:
* Fix buffer calculation for table dumps
* Fix IPv6 radix entiries addition broken in r269371.

Userland changes:
* Fix bug in retrieving statric ruleset
* Fix several bugs in retrieving table list
2014-08-08 21:09:22 +00:00
melifaro
deeb40d882 Partially revert previous commit:
"0" value is perfectly valid for O_SETFIB and O_SETDSCP,
  so tablearg remains to be 655535 for now.
2014-08-08 15:33:26 +00:00
melifaro
bc102dcade * Switch tablearg value from 65535 to 0.
* Use u16 table kidx instead of integer on for iface opcode.
* Provide compability layer for old clients.
2014-08-08 14:23:20 +00:00
melifaro
2a5da00f23 * Add IP_FW_TABLE_XMODIFY opcode
* Since there seems to be lack of consensus on strict value typing,
  remove non-default value types. Use userland-only "value format type"
  to print values.

Kernel changes:
* Add IP_FW_XMODIFY to permit table run-time modifications.
  Currently we support changing limit and value format type.

Userland changes:
* Support IP_FW_XMODIFY opcode.
* Support specifying value format type (ftype) in tablble create/modify req
* Fine-print value type/value format type.
2014-08-08 09:27:49 +00:00
melifaro
3ad34df447 Remove IP_FW_TABLES_XGETSIZE opcode.
It is superseded by IP_FW_TABLES_XLIST.
2014-08-08 06:36:26 +00:00
melifaro
61bb76b813 Kernel changes:
* Implement proper checks for switching between global and set-aware tables
* Split IP_FW_DEL mess into the following opcodes:
  * IP_FW_XDEL (del rules matching pattern)
  * IP_FW_XMOVE (move rules matching pattern to another set)
  * IP_FW_SET_SWAP (swap between 2 sets)
  * IP_FW_SET_MOVE (move one set to another one)
  * IP_FW_SET_ENABLE (enable/disable sets)
* Add IP_FW_XZERO / IP_FW_XRESETLOG to finish IP_FW3 migration.
* Use unified ipfw_range_tlv as range description for all of the above.
* Check dynamic states IFF there was non-zero number of deleted dyn rules,
* Del relevant dynamic states with singe traversal instead of per-rule one.

Userland changes:
* Switch ipfw(8) to use new opcodes.
2014-08-07 21:37:31 +00:00
skreuzer
575d5e9106 Mention tmpfs(5)
PR:		192389
Submitted by:	yaneurabeya@gmail.com
Approved by:	hrs (mentor)
2014-08-06 14:38:09 +00:00
cy
d63d43ae33 Honour WITH and WITHOUT_INET6_SUPPORT.
Approved by:	glebius (mentor)
MFC after:	3 days
2014-08-05 13:01:21 +00:00
bz
4ae596a432 Provide -o vers= support for mount_nfs.
Our mount_nfs does use -o nfsv<2|3|4> or -2 or -3 to specify the version.
OSX (these days), Solaris, and Linux use -o vers=<2,3,4>.

With the upcoming autofs support we can make a lot of (entrerprisy) setups
getting mount options from LDAP just work by providing -o vers= compatibility.

PR:		192379
Reviewed by:	wblock, bjk (man page), rmacklem, emaste
MFC after:	3 days
Sponsored by:	DARPA,AFRL
2014-08-05 12:04:40 +00:00
issyl0
b7491c3532 Add generic list, status, load and unload docs to gpart(8)
- In the style of gmirror(8).

PR:		docs/191534
Reviewed by:	gavin
2014-08-03 21:54:22 +00:00
melifaro
42eca8abfb Implement atomic ipfw table swap.
Kernel changes:
* Add opcode IP_FW_TABLE_XSWAP
* Add support for swapping 2 tables with the same type/ftype/vtype.
* Make skipto cache init after ipfw locks init.

Userland changes:
* Add "table X swap Y" command.
2014-08-03 21:37:12 +00:00
melifaro
becbec7be8 * Move "talist" and "iflist" cmds into newly-create "internal" ipfw(8) cmd.
* Add "table X detail" cmd and show detailed algo info there instead
  of "info".
2014-08-03 16:22:14 +00:00
melifaro
6e882e1221 Show algorithm-specific data in "table info" output. 2014-08-03 12:19:45 +00:00
melifaro
178311d9d4 * Permit limiting number of items in table.
Kernel changes:
* Add TEI_FLAGS_DONTADD entry flag to indicate that insert is not possible
* Support given flag in all algorithms
* Add "limit" field to ipfw_xtable_info
* Add actual limiting code into add_table_entry()

Userland changes:
* Add "limit" option as "create" table sub-option. Limit modification
  is currently impossible.
* Print human-readable errors in table enry addition/deletion code.
2014-08-01 15:17:46 +00:00
melifaro
58e70e361d * Add new "flow" table type to support N=1..5-tuple lookups
* Add "flow:hash" algorithm

Kernel changes:
* Add O_IP_FLOW_LOOKUP opcode to support "flow" lookups
* Add IPFW_TABLE_FLOW table type
* Add "struct tflow_entry" as strage for 6-tuple flows
* Add "flow:hash" algorithm. Basically it is auto-growing chained hash table.
  Additionally, we store mask of fields we need to compare in each instance/

* Increase ipfw_obj_tentry size by adding struct tflow_entry
* Add per-algorithm stat (ifpw_ta_tinfo) to ipfw_xtable_info
* Increase algoname length: 32 -> 64 (algo options passed there as string)
* Assume every table type can be customized by flags, use u8 to store "tflags" field.
* Simplify ipfw_find_table_entry() by providing @tentry directly to algo callback.
* Fix bug in cidr:chash resize procedure.

Userland changes:
* add "flow table(NAME)" syntax to support n-tuple checking tables.
* make fill_flags() separate function to ease working with _s_x arrays
* change "table info" output to reflect longer "type" fields

Syntax:
ipfw table fl2 create type flow:[src-ip][,proto][,src-port][,dst-ip][dst-port] [algo flow:hash]

Examples:

0:02 [2] zfscurr0# ipfw table fl2 create type flow:src-ip,proto,dst-port algo flow:hash
0:02 [2] zfscurr0# ipfw table fl2 info
+++ table(fl2), set(0) +++
 kindex: 0, type: flow:src-ip,proto,dst-port
 valtype: number, references: 0
 algorithm: flow:hash
 items: 0, size: 280
0:02 [2] zfscurr0# ipfw table fl2 add 2a02:6b8::333,tcp,443 45000
0:02 [2] zfscurr0# ipfw table fl2 add 10.0.0.92,tcp,80 22000
0:02 [2] zfscurr0# ipfw table fl2 list
+++ table(fl2), set(0) +++
2a02:6b8::333,6,443 45000
10.0.0.92,6,80 22000
0:02 [2] zfscurr0# ipfw add 200 count tcp from me to 78.46.89.105 80 flow 'table(fl2)'
00200 count tcp from me to 78.46.89.105 dst-port 80 flow table(fl2)
0:03 [2] zfscurr0# ipfw show
00200   0     0 count tcp from me to 78.46.89.105 dst-port 80 flow table(fl2)
65535 617 59416 allow ip from any to any
0:03 [2] zfscurr0# telnet -s 10.0.0.92 78.46.89.105 80
Trying 78.46.89.105...
..
0:04 [2] zfscurr0# ipfw show
00200   5   272 count tcp from me to 78.46.89.105 dst-port 80 flow table(fl2)
65535 682 66733 allow ip from any to any
2014-07-31 20:08:19 +00:00
melifaro
41bd5f650b Improve "ipfw talist" readability. 2014-07-30 15:01:32 +00:00
melifaro
4419c812fe * Add number:array algorithm lookup method.
Kernel changes:
* s/IPFW_TABLE_U32/IPFW_TABLE_NUMBER/
* Force "lookup <port|uid|gid|jid>" to be IPFW_TABLE_NUMBER
* Support "lookup" method for number tables
* Add number:array algorihm (i32 as key, auto-growing).

Userland changes:
* Support named tables in "lookup <tag> Table"
* Fix handling of "table(NAME,val)" case
* Support printing "number" table data.
2014-07-30 14:52:26 +00:00
mckusick
8724757123 When restoring a UFS dump onto a ZFS filesystem, an assertion in
restore was failing because ZFS was reporting a blocksize that was
not a multiple of 1024.  Replace restore's failed assertion with
code that writes restored files in a blocksize that works for
restore (a multiple of 1024) despite being non-optimal for ZFS.

Submitted by: Dmitry Morozovsky
Tested by:    Dmitry Morozovsky
MFC after:    1 week
2014-07-30 14:52:04 +00:00
melifaro
bf787a59a7 * Dump available table algorithms via "ipfw talist" cmd.
Kernel changes:
* Add type/refcount fields to table algo instances.
* Add IP_FW_TABLES_ALIST opcode to export available algorihms to userland.

Userland changes:
* Fix cores on empty input inside "ipfw table" handler.
* Add "ipfw talist" cmd to print availabled kernel algorithms.
* Change "table info" output to reflect long algorithm config lines.
2014-07-29 22:44:26 +00:00
joel
3696964107 mdoc: sort sections. 2014-07-29 19:38:17 +00:00
melifaro
fa3f38a6a0 * Add generic ipfw interface tracking API
* Rewrite interface tables to use interface indexes

Kernel changes:
* Add generic interface tracking API:
 - ipfw_iface_ref (must call unlocked, performs lazy init if needed, allocates
  state & bumps ref)
 - ipfw_iface_add_ntfy(UH_WLOCK+WLOCK, links comsumer & runs its callback to
  update ifindex)
 - ipfw_iface_del_ntfy(UH_WLOCK+WLOCK, unlinks consumer)
 - ipfw_iface_unref(unlocked, drops reference)
Additionally, consumer callbacks are called in interface withdrawal/departure.

* Rewrite interface tables to use iface tracking API. Currently tables are
  implemented the following way:
  runtime data is stored as sorted array of {ifidx, val} for existing interfaces
  full data is stored inside namedobj instance (chained hashed table).

* Add IP_FW_XIFLIST opcode to dump status of tracked interfaces

* Pass @chain ptr to most non-locked algorithm callbacks:
  (prepare_add, prepare_del, flush_entry ..). This may be needed for better
  interaction of given algorithm an other ipfw subsystems

* Add optional "change_ti" algorithm handler to permit updating of
  cached table_info pointer (happens in case of table_max resize)

* Fix small bug in ipfw_list_tables()
* Add badd (insert into sorted array) and bdel (remove from sorted array) funcs

Userland changes:
* Add "iflist" cmd to print status of currently tracked interface
* Add stringnum_cmp for better interface/table names sorting
2014-07-28 19:01:25 +00:00
delphij
ac0bb67e4e When interval is set to very small value with limited amount of packets,
ping6(8) would quit before the remote side gets a chance to respond.

Solve this by resetting the itimer when we have reached the maximum packet
number have reached, but let the other handling to continue.

PR:		bin/151023
Submitted by:	tjmao at tjmao.net
MFC after:	2 weeks
2014-07-28 08:22:08 +00:00
melifaro
505e5ae081 * Require explicit table creation before use on kernel side.
* Add resize callbacks for upcoming table-based algorithms.

Kernel changes:
* s/ipfw_modify_table/ipfw_manage_table_ent/
* Simplify add_table_entry(): make table creation a separate piece of code.
  Do not perform creation if not in "compat" mode.
* Add ability to perform modification of algorithm state (like table resize).
  The following callbacks were added:
 - prepare_mod (allocate new state, without locks)
 - fill_mod (UH_WLOCK, copy old state to new one)
 - modify (UH_WLOCK + WLOCK, switch state)
 - flush_mod (no locks, flushes allocated data)
 Given callbacks are called if table modification has been requested by add or
   delete callbacks. Additional u64 tc->'flags' field was added to pass these
   requests.
* Change add/del table ent format: permit adding/removing multiple entries
   at once (only 1 supported at the moment).

Userland changes:
* Auto-create tables with warning
2014-07-26 13:37:25 +00:00
wblock
bdf1998fc1 Fix spelling of Camellia algorithm. While here, replace blank lines
between examples with actual .Pp breaks.

PR:		192067
Submitted by:	dmitry2004@yandex.ru
MFC after:	1 week
2014-07-25 17:09:48 +00:00
brooks
ea5a037d1f Replace all uses of libncurses and libtermcap with their wide character
variants.  This allows usable file system images (i.e. those with both a
shell and an editor) to be created with only one copy of the curses library.

Exp-run:	antoine
PR:		189842
Discussed with:	bapt
Sponsored by:	DARPA, AFRL
2014-07-17 18:24:34 +00:00
pfg
ce102225bd newfs_msdosfs: Respect FSFIXFAT
Fix some whitespace issues while here.

Obtained from:	NetBSD (rev. 1.9)
MFC after:	3 days
2014-07-14 21:32:40 +00:00
pfg
375de29597 msdosfs: Assorted fixes from other BSDs.
When truncating cluster chains fix the length of the cluster head.
http://marc.info/?t=140304310700005&r=1&w=2

Avoid infinite loops in cluster chain linked lists.
http://marc.info/?l=openbsd-tech&m=140275150804337&w=2

Avoid off-by-one on FAT12 filesystems.
http://marc.info/?l=openbsd-tech&m=140234174104724&w=2

Obtained from:	NetBSD (from OpenBSD)
MFC after:	1 week
2014-07-14 20:58:02 +00:00
pfg
7716a7c65e fsck_msdosfs: be a bit more permissive
The free space value in the FSInfo block is merely unitialized when it is
0xffffffff. This fixes a bug found in NetBSD.

It must be noted that we never supported all the checks that NetBSD does
as some of them would cause failures with a freshly created FAT32
from MS-Windows.

While here, bring some space fixes.

Obtained from:	NetBSD (rev. 1.22)
MFC after:	3 days
2014-07-14 20:17:09 +00:00
pfg
cbc817e242 Minor (mostly cosmetic) cleanups
Several whitespace fixes
convert *rootDir from external to static.

Obtained from:	NetBSD, OpenBSD (partial)
MFC after:	3 days
2014-07-14 19:16:49 +00:00
jlh
a07e081f5d Make the description of the "no_prefer_iface" flag easier to understand.
Reviewed by:	Silence on -net@ and from ume@
2014-07-12 10:18:33 +00:00
melifaro
3f7d90b385 * Use different rule structures in kernel/userland.
* Switch kernel to use per-cpu counters for rules.
* Keep ABI/API.

Kernel changes:
* Each rules is now exported as TLV with optional extenable
  counter block (ip_fW_bcounter for base one) and
  ip_fw_rule for rule&cmd data.
* Counters needs to be explicitly requested by IPFW_CFG_GET_COUNTERS flag.
* Separate counters from rules in kernel and clean up ip_fw a bit.
* Pack each rule in IPFW_TLV_RULE_ENT tlv to ease parsing.
* Introduce versioning in container TLV (may be needed in future).
* Fix ipfw_cfg_lheader broken u64 alignment.

Userland changes:
* Use set_mask from cfg header when requesting config
* Fix incorrect read accouting in ipfw_show_config()
* Use IPFW_RULE_NOOPT flag instead of playing with _pad
* Fix "ipfw -d list": do not print counters for dynamic states
* Some small fixes
2014-07-08 23:11:15 +00:00
gjb
422b01d09f Fix non-version text after .Fx macro usage.
Sponsored by:	The FreeBSD Foundation
2014-07-08 14:53:51 +00:00
marcel
9f28abd980 Remove ia64.
This includes:
o   All directories named *ia64*
o   All files named *ia64*
o   All ia64-specific code guarded by __ia64__
o   All ia64-specific makefile logic
o   Mention of ia64 in comments and documentation

This excludes:
o   Everything under contrib/
o   Everything under crypto/
o   sys/xen/interface
o   sys/sys/elf_common.h

Discussed at: BSDcan
2014-07-07 00:27:09 +00:00
melifaro
7189aec01e * Prepare to pass other dynamic states via ipfw_dump_config()
Kernel changes:
* Change dump format for dynamic states:
  each state is now stored inside ipfw_obj_dyntlv
  last dynamic state is indicated by IPFW_DF_LAST flag
* Do not perform sooptcopyout() for !SOPT_GET requests.

Userland changes:
* Introduce foreach_state() function handler to ease work
  with different states passed by ipfw_dump_config().
2014-07-06 23:26:34 +00:00
melifaro
0eba52a18e * Add "lookup" table functionality to permit userland entry lookups.
* Bump table dump format preserving old ABI.

Kernel size:
* Add IP_FW_TABLE_XFIND to handle "lookup" request from userland.
* Add ta_find_tentry() algorithm callbacks/handlers to support lookups.
* Fully switch to ipfw_obj_tentry for various table dumps:
  algorithms are now required to support the latest (ipfw_obj_tentry) entry
    dump format, the rest is handled by generic dump code.
  IP_FW_TABLE_XLIST opcode version bumped (0 -> 1).
* Eliminate legacy ta_dump_entry algo handler:
  dump_table_entry() converts data from current to legacy format.

Userland side:
* Add "lookup" table parameter.
* Change the way table type is guessed: call table_get_info() first,
  and check value for IPv4/IPv6 type IFF table does not exist.
* Fix table_get_list(): do more tries if supplied buffer is not enough.
* Sparate table_show_entry() from table_show_list().
2014-07-06 18:16:04 +00:00
loos
f995552a76 Check the number of returned entries before doing any access to ifm_ulist. 2014-07-05 20:16:02 +00:00
nwhitehorn
6fa381c0bf After EFI support was added to the installer, it needed to allow boot
partitions of types other than "freebsd-boot" (in particular, "efi").
This allows the removal of some nasty hacks for supporting PowerPC systems,
in particular aliasing freebsd-boot to apple-boot on APM and an IBM-specific
code on MBR.

This changes the installer to use the correct names, which also breaks a
degeneracy in the meaning of "freebsd-boot" that allows the addition
of support for some newer IBM systems that can boot from GPT in addition to
MBR. Since I have no idea how to detect which those systems are, leave
the default on IBM PPC systems as MBR for now.
2014-07-04 15:55:32 +00:00
ken
ea871d446f Add persistent reservation support to camcontrol(8).
camcontrol(8) now supports a new 'persist' subcommand that allows users to
issue SCSI PERSISTENT RESERVE IN / OUT commands.

sbin/camcontrol/Makefile:
	Add persist.c.

sbin/camcontrol/persist.c:
	New persistent reservation support for camcontrol(8).

	We have support for all known operation modes for PERSISTENT RESERVE
	IN and PERSISTENT RESERVE OUT.
	exceptions noted above.

sbin/camcontrol/camcontrol.8:
	Document the new 'persist' subcommand.

	In the section on the Transport ID (-I) option, explain what
	Transport IDs for each protocol should look like.  At some point
	some of this information could probably get moved off in a
	separate man page, either on Transport IDs alone or a man page
	documenting the Transport ID parsing code.

	Add a number of examples of persistent reservation commands.
	Persistent Reservations are complex enough that the average user
	probably won't be able to get the commands exactly right by just
	reading the man page.  These examples show a few basic and
	advanced examples of how to use persistent reservations.

sbin/camcontrol/camcontrol.h:
	Move the definition for camcontrol_optret here, so we can use it
	for the persistent reservation code.

	Add a definition for the new scsipersist() function.

sbin/camcontrol/camcontrol.c:
	Add 'persist' to the list of subcommands.

	Document 'persist' in the help text.

sys/cam/scsi/scsi_all.c:
	Add the scsi_persistent_reserve_in() and
	scsi_persistent_reserve_out() CCB building functions.

	Add a new function, scsi_transportid_sbuf().  This takes a
	SCSI Transport ID (documented in SPC-4), and prints it to
	an sbuf(9).  There are some transports (like ATA, USB, and
	SSA) for which there is no transport defined.  We need to
	come up with a reasonable thing to do if we're presented
	with a Transport ID that claims to be for one of those
	protocols.

	Add new routines scsi_get_nv() and scsi_nv_to_str().

	These functions do a table lookup to go between a string and an
	integer.  There are lots of table lookups needed in the
	persistent reservation code in camcontrol(8).

	Add a new function, scsi_parse_transportid(), along with leaf node
	functions to parse:
	FC, 1394 and SAS (scsi_parse_transportid_64bit())
	iSCSI (scsi_parse_transportid_iscsi())
	SPI (scsi_parse_transportid_spi())
	RDMA (scsi_parse_transportid_rdma())
	PCIe (scsi_parse_transportid_sop())

	Transport IDs.  Given a string with the general form proto,id these
	functions create a SCSI Transport ID structure.

sys/cam/scsi/scsi_all.h:
	Update the various persistent reservation data structures to
	SPC4r36l, but also rename some fields that were previously
	obsolete with the proper names from older SCSI specs.  This
	allows using older, obsolete persistent reservation types when
	desired.

	Add function prototypes for the new persistent reservation CCB
	building functions.

	Add a data strucure for the READ FULL STATUS service action
	of the PERSISTENT RESERVE IN command.

	Add Transport ID structures for all protocols described in SPC-4.

	Add a new series of SCSI_PROTO_XXX definitions, and
	redefine other defines in terms of these new definitions.

	Add a prototype for scsi_transportid_sbuf().

	Change a couple of "obsolete" persistent reservation data
	structure fields into something more meaningful, based on
	what the field was called when it was defined in the spec.
	(e.g. SPC, SPC-2, etc.)

	Create a new define, SPRI_MAX_LEN, for the maximum allocation
	length allowed for the PERSISTENT RESERVE IN command.

	Add data structures and enumerations for the new name/value
	translation functions.

	Add data structures for SCSI over PCIe Routing IDs.

	Bring the PERSISTENT RESERVE OUT Register and Move parameter list
	structure (struct scsi_per_res_out_parms) up to date with SPC-4.

	Add a data structure for the transport IDs that can optionally be
	appended to the basic PERSISTENT RESERVE OUT parameter list.

	Move SCSI protocol macro definitions out of the VPD page 0x83
	definition and combine them with the more up to date protocol
	definitions higher in the file.

	Add function prototypes for scsi_nv_to_str(), scsi_get_nv(),
	scsi_parse_transportid_64bit(), scsi_parse_transportid_spi(),
	scsi_parse_transportid_rdma(), scsi_parse_transportid_iscsi(),
	scsi_parse_transportid_sop(), and scsi_parse_transportid().

Sponsored by:	Spectra Logic Corporation
MFC after:	1 week
2014-07-03 23:09:44 +00:00
melifaro
99023231d3 Fully switch to named tables:
Kernel changes:
* Introduce ipfw_obj_tentry table entry structure to force u64 alignment.
* Support "update-on-existing-key" "add" bahavior (TEI_FLAGS_UPDATED).
* Use "subtype" field to distingush between IPv4 and IPv6 table records
  instead of previous hack.
* Add value type (vtype) field for kernel tables. Current types are
  number,ip and dscp
* Fix sets mask retrieval for old binaries
* Fix crash while using interface tables

Userland changes:
* Switch ipfw_table_handler() to use named-only tables.
* Add "table NAME create [type {cidr|iface|u32} [valtype {number|ip|dscp}] ..."
* Switch ipfw_table_handler to match_token()-based parser.
* Switch ipfw_sets_handler to use new ipfw_get_config() for mask  retrieval.
* Allow ipfw set X table ... syntax to permit using per-set table namespaces.
2014-07-03 22:25:59 +00:00
ae
fab5fb6e46 Document all aliases supported by GEOM_PART class.
MFC after:	1 week
2014-07-01 12:44:47 +00:00
ume
0a796d1e92 Fix ifconfig to show pltime and vltime with -L option,
again after usage change from time_second to time_uptime.

PR:		188520
Submitted by:	Guy Yur <guyyur__at__gmail.com>
MFC after:	1 week
2014-06-30 16:39:37 +00:00
melifaro
75913dd997 * Add new IP_FW_XADD opcode which permits to
a) specify table ids as names
  b) add multiple rules at once.
Partially convert current code for atomic addition of multiple rules.
2014-06-29 22:35:47 +00:00
melifaro
145faf7cb6 Enable kernel-side rule filtering based on user request.
Make do_get3() function return real error.
2014-06-29 09:29:27 +00:00
melifaro
5d627fdb8b Suppord showing named tables in ipfw(8) rule listing.
Kernel changes:
* change base TLV header to be u64 (so size can be u32).
* Introduce ipfw_obj_ctlv generc container TLV.
* Add IP_FW_XGET opcode which is now used for atomic configuration
  retrieval. One can specify needed configuration pieces to retrieve
  via flags field. Currently supported are
  IPFW_CFG_GET_STATIC (static rules) and
  IPFW_CFG_GET_STATES (dynamic states).
  Other configuration pieces (tables, pipes, etc..) support is planned.

Userland changes:
* Switch ipfw(8) to use new IP_FW_XGET for rule listing.
* Split rule listing code get and show pieces.
* Make several steps forward towards libipfw:
  permit printing states and rules(paritally) to supplied buffer.
  do not die on malloc/kernel failure inside given printing functions.
  stop assuming cmdline_opts is global symbol.
2014-06-28 23:20:24 +00:00
hselasky
465e750b14 Don't hide zero-length strings when doing sysctl listings.
MFC after:	1 week
2014-06-27 15:23:12 +00:00
pjd
64b5b5018d Remove duplicated includes.
Submitted by:	Mariusz Zaborski <oshogbo@FreeBSD.org>
2014-06-26 13:57:44 +00:00
joel
d94b51f5b9 mdoc: remove superfluous paragraph macros. 2014-06-23 18:40:21 +00:00
bapt
42044eb342 use .Mt to mark up email addresses consistently (part1)
PR:		191174
Submitted by:	Franco Fichtner  <franco@lastsummer.de>
2014-06-20 09:40:43 +00:00
wblock
138c50f9b9 Fix spelling, typos, missing articles, contractions. Expanded version
of patch supplied with PR.

PR:		191001
Submitted by:	olgeni
MFC after:	1 week
2014-06-18 18:27:16 +00:00
melifaro
b06860b3e2 Simplify opcode handling.
* Use one u16 from op3 header to implement opcode versioning.
* IP_FW_TABLE_XLIST has now 2 handlers, for ver.0 (old) and ver.1 (current).
* Every getsockopt request is now handled in ip_fw_table.c
* Rename new opcodes:
IP_FW_OBJ_DEL -> IP_FW_TABLE_XDESTROY
IP_FW_OBJ_LISTSIZE -> IP_FW_TABLES_XGETSIZE
IP_FW_OBJ_LIST -> IP_FW_TABLES_XLIST
IP_FW_OBJ_INFO -> IP_FW_TABLE_XINFO
IP_FW_OBJ_INFO -> IP_FW_TABLE_XFLUSH

* Add some docs about using given opcodes.
* Group some legacy opcode/handlers.
2014-06-15 13:40:27 +00:00
melifaro
fe9646e6ff Move further to eliminate next pieces of number-assuming code inside tables.
Kernel changes:
* Add IP_FW_OBJ_FLUSH opcode (flush table based on its name/set)
* Add IP_FW_OBJ_DUMP opcode (dumps table data based on its names/set)
* Add IP_FW_OBJ_LISTSIZE / IP_FW_OBJ_LIST opcodes (get list of kernel tables)

Userland changes:
* move tables code to separate tables.c file
* get rid of tables_max
* switch "all"/list handling to new opcodes
2014-06-14 22:47:25 +00:00
melifaro
f9fb63fe8c Add API to ease adding new algorithms/new tabletypes to ipfw.
Kernel-side changelog:
* Split general tables code and algorithm-specific table data.
  Current algorithms (IPv4/IPv6 radix and interface tables radix) moved to
  new ip_fw_table_algo.c file.
  Tables code now supports any algorithm implementing the following callbacks:
+struct table_algo {
+       char            name[64];
+       int             idx;
+       ta_init         *init;
+       ta_destroy      *destroy;
+       table_lookup_t  *lookup;
+       ta_prepare_add  *prepare_add;
+       ta_prepare_del  *prepare_del;
+       ta_add          *add;
+       ta_del          *del;
+       ta_flush_entry  *flush_entry;
+       ta_foreach      *foreach;
+       ta_dump_entry   *dump_entry;
+       ta_dump_xentry  *dump_xentry;
+};

* Change ->state, ->xstate, ->tabletype fields of ip_fw_chain to
   ->tablestate pointer (array of 32 bytes structures necessary for
   runtime lookups (can be probably shrinked to 16 bytes later):

   +struct table_info {
   +       table_lookup_t  *lookup;        /* Lookup function */
   +       void            *state;         /* Lookup radix/other structure */
   +       void            *xstate;        /* eXtended state */
   +       u_long          data;           /* Hints for given func */
   +};

* Add count method for namedobj instance to ease size calculations
* Bump ip_fw3 buffer in ipfw_clt 128->256 bytes.
* Improve bitmask resizing on tables_max change.
* Remove table numbers checking from most places.
* Fix wrong nesting in ipfw_rewrite_table_uidx().

* Add IP_FW_OBJ_LIST opcode (list all objects of given type, currently
    implemented for IPFW_OBJTYPE_TABLE).
* Add IP_FW_OBJ_LISTSIZE (get buffer size to hold IP_FW_OBJ_LIST data,
    currenly implemented for IPFW_OBJTYPE_TABLE).
* Add IP_FW_OBJ_INFO (requests info for one object of given type).

Some name changes:
s/ipfw_xtable_tlv/ipfw_obj_tlv/ (no table specifics)
s/ipfw_xtable_ntlv/ipfw_obj_ntlv/ (no table specifics)

Userland changes:
* Add do_set3() cmd to ipfw2 to ease dealing with op3-embeded opcodes.
* Add/improve support for destroy/info cmds.
2014-06-14 10:58:39 +00:00
melifaro
01ec53e019 Make ipfw tables use names as used-level identifier internally:
* Add namedobject set-aware api capable of searching/allocation objects by their name/idx.
* Switch tables code to use string ids for configuration tasks.
* Change locking model: most configuration changes are protected with UH lock, runtime-visible are protected with both locks.
* Reduce number of arguments passed to ipfw_table_add/del by using separate structure.
* Add internal V_fw_tables_sets tunable (set to 0) to prepare for set-aware tables (requires opcodes/client support)
* Implement typed table referencing (and tables are implicitly allocated with all state like radix ptrs on reference)
* Add "destroy" ipfw(8) using new IP_FW_DELOBJ opcode

Namedobj more detailed:
* Blackbox api providing methods to add/del/search/enumerate objects
* Statically-sized hashes for names/indexes
* Per-set bitmask to indicate free indexes
* Separate methods for index alloc/delete/resize

Basically, there should not be any user-visible changes except the following:
* reducing table_max is not supported
* flush & add change table type won't work if table is referenced

Sponsored by:	Yandex LLC
2014-06-12 09:59:11 +00:00
ae
c78bc4087e Add disklabel64 support to GEOM_PART class.
This partitioning scheme is used in DragonFlyBSD. It is similar to
BSD disklabel, but has the following improvements:
* metadata has own dedicated place and isn't accessible through partitions;
* all offsets are 64-bit;
* supports 16 partitions by default (has reserved place for more);
* has reserved place for backup label (but not yet implemented);
* has UUIDs for partitions and partition types;

No objections from:	geom
MFC after:	2 weeks
Relnotes:	yes
2014-06-11 10:42:34 +00:00
bdrewery
989e2c6000 In preparation for ASLR [1] support add WITH_PIE to support building with -fPIE.
This is currently an opt-in build flag. Once ASLR support is ready and stable
it should changed to opt-out and be enabled by default along with ASLR.

Each application Makefile uses opt-out to ensure that ASLR will be enabled by
default in new directories when the system is compiled with PIE/ASLR. [2]

Mark known build failures as NO_PIE for now.

The only known runtime failure was rtld.

[1] http://www.bsdcan.org/2014/schedule/events/452.en.html
Submitted by:		Shawn Webb <lattera@gmail.com>
Discussed between:	des@ and Shawn Webb [2]
2014-06-08 17:29:31 +00:00
joel
1f9618e6f7 Minor mdoc improvements. 2014-06-06 19:00:43 +00:00
pjd
7132d23023 The 'create' subcommand doesn't have '-h' option. 2014-06-06 13:00:53 +00:00
allanjude
13ec5f36b0 Style cleanups on ifconfig.8
fix igor warnings
uppercase all instances of Ethernet
replace bad e.g.

CR:		D91
Approved by:	wblock (mentor)
2014-06-06 00:22:19 +00:00
ivoras
5fab5f26be Bulk document the kern.geom.label.*.enable sysctls and tunables. 2014-06-04 16:29:18 +00:00
ivoras
da8de155a0 Document the diskid automatic label class.
While there, also document the glabel "native" labels and explain why
there are additional nodes created for nested GEOM classes.

Reminded by:	jmg
2014-06-02 15:05:25 +00:00
hiren
cc47b6d947 ECN marking implenetation for dummynet.
Changes include both DCTCP and RFC 3168 ECN marking methodology.

DCTCP draft: http://tools.ietf.org/html/draft-bensley-tcpm-dctcp-00

Submitted by:	Midori Kato (aoimidori27@gmail.com)
Worked with:	Lars Eggert (lars@netapp.com)
Reviewed by:	luigi, hiren
2014-06-01 07:28:24 +00:00
allanjude
f7278db038 improve ifconfig(8) man page by describing special behaviour of -l ether
PR:		docs/187644
Submitted by:	Andrew Merenbach (original patch)
Approved by:	bcr (mentor)
2014-05-27 20:45:15 +00:00
trhodes
f22bac81aa If called without -T or -t, fsck attempts to detect the
file system type.  If this fails, fsck will fail with
"unknown file system type" message.

PR:		188214
2014-05-23 14:32:57 +00:00
marck
2dc0b17921 Document VMware-related filesystems additions.
Reviewed by:    jmg
MFC after:      1 week
2014-05-21 05:27:57 +00:00
bjk
e0a0a75cf1 Assorted updates to md5.1
Note that the -c argument's parameter is compared against the digest of
the file, not the file. [1]

Update the "current time" parentheticals for notes about reversing
and colliding the hash functions. [1]

Some general mdoc updates.

PR:		docs/188043 [1]
Submitted by:	Jamie Landeg-Jones [1]
Approved by:	hrs (mentor)
MFC after:	1 week
2014-05-18 21:16:59 +00:00
melifaro
f4783a05e9 Fix wrong formatting of 0.0.0.0/X table records in ipfw(8).
Add `flags` u16 field to the hole in ipfw_table_xentry structure.
Kernel has been guessing address family for supplied record based
on xent length size.
Userland, however, has been getting fixed-size ipfw_table_xentry structures
guessing address family by checking address by IN6_IS_ADDR_V4COMPAT().

Fix this behavior by providing specific IPFW_TCF_INET flag for IPv4 records.

PR:		bin/189471
Submitted by:	Dennis Yusupoff <dyr@smartspb.net>
MFC after:	2 weeks
2014-05-17 13:45:03 +00:00
sjg
5860f0d106 Updated dependencies 2014-05-16 14:09:51 +00:00
thomas
681730d4b1 Add mention of metadata version 7 in FreeBSD 10.0
Reviewed by:	pjd
MFC after:	1 day
2014-05-13 15:46:52 +00:00
sjg
1a7e48acf1 Updated dependencies 2014-05-10 05:16:28 +00:00
sjg
ed3fc70bf5 Merge from head 2014-05-08 23:54:15 +00:00
melifaro
4a170f05aa Fix incorrect netmasks being passed via rtsock.
Since radix has been ignoring sa_family in passed sockaddrs,
no one ever has bothered filling valid sa_family in netmasks.
Additionally, radix adjusts sa_len field in every netmask not to
compare zero bytes at all.

This leads us to rt_mask with sa_family of AF_UNSPEC (-1) and
arbitrary sa_len field (0 for default route, for example).

However, rtsock have been passing that rt_mask intact for ages,
requiring all rtsock consumers to make ther own local hacks.
We even have unfixed on in base:

do `route -n monitor` in one window and issue `route -n get addr`
for some directly-connected address. You will probably see the following:

got message of size 304 on Thu May  8 15:06:06 2014
RTM_GET: Report Metrics: len 304, pid: 30493, seq 1, errno 0, flags:<UP,DONE,PINNED>
locks:  inits:
sockaddrs: <DST,GATEWAY,NETMASK,IFP,IFA>
 10.0.0.0 link#1 (255) ffff ffff ff em0:8.0.27.c5.29.d4 10.0.0.92
_________________^^^^^^^^^^^^^^^^^^

after the change:

got message of size 312 on Thu May  8 15:44:07 2014
RTM_GET: Report Metrics: len 312, pid: 2895, seq 1, errno 0, flags:<UP,DONE,PINNED>
locks:  inits:
sockaddrs: <DST,GATEWAY,NETMASK,IFP,IFA>
 10.0.0.0 link#1 255.255.255.0 em0:8.0.27.c5.29.d4 10.0.0.92
_________________^^^^^^^^^^^^^^^^^^

Sponsored by:	Yandex LLC
MFC after:	1 month
2014-05-08 11:56:06 +00:00
marius
8d7e1b3f39 - Sprinkle const and static as appropriate.
- Fix whitespace bugs.
- Remove pointless returns in void functions.
- Nuke pointless switch cases mirroring the default.

MFC after:	3 days
Sponsored by:	Bally Wulff Games & Entertainment GmbH
2014-05-07 09:15:46 +00:00
marius
72755774fc - Allow foot shooting with the resetconfig command via the -f option.
- Fix typos preventing -f to actually work with the create command.
- Initialize flags to zero rather than using stack garbage when handling
  the grow command.

MFC after:	3 days
Sponsored by:	Bally Wulff Games & Entertainment GmbH
2014-05-06 16:29:02 +00:00
imp
2118f42afd Use src.opts.mk in preference to bsd.own.mk except where we need stuff
from the latter.
2014-05-06 04:22:01 +00:00
asomers
cef1d11432 Remove the ifconfig test added in rev 263445. After discussion with
melifaro, we agreed that ifconfig's behavior was not a bug.  The main
motivation for bin/187551 was to partially resolve kern/187549, but we
resolved kern/187549 in a different way instead.

ObsoleteFiles.inc
etc/mtree/BSD.tests.dist
sbin/ifconfig/tests/fibs_test.sh
sbin/ifconfig/tests/Makefile
sbin/ifconfig/Makefile
	Remove /usr/tests/sbin/ifconfig

PR:		bin/187551
MFC after:	3 days
Sponsored by:	Spectra Logic
2014-05-05 19:38:29 +00:00
sjg
a3e7613c6a New/updated dependencies 2014-05-05 18:31:00 +00:00
marius
ed48e9a0db Allow GEOM_VINUM to be statically compiled into the kernel.
Submitted by:	gleb
MFC after:	3 days
2014-05-02 23:23:18 +00:00
pfg
0681f0fd55 Small cleanup: mostly whitespace vs. tabs. 2014-04-30 21:19:46 +00:00
sjg
5e568154a0 Merge head 2014-04-28 07:50:45 +00:00
emaste
f2b36dcede Correct min/max cluster counts for FAT12/16/32
FAT12      1..4084
FAT16   4085..65524
FAT32  65525..

This is required for interoperability with other FAT implementations,
and in particular UEFI.

Obtained from:      NetBSD
Sponsored by:       The FreeBSD Foundation
2014-04-24 20:53:09 +00:00
smh
0c70f2535b Add information about supported NCQ functionality to camcontrol identify.
MFC after:	2 weeks
2014-04-24 02:16:23 +00:00
bz
5745e3fab3 When switching variables to flags in r243185 a few cases were missed.
After r263152 this leaves unused variables if route(8) is compiled
without INET support.
Switch the remaining variable accesses to flags and remove now obsolete
variables.

Reviewed by:	glebius
MFC after:	1 week
2014-04-16 12:29:45 +00:00
brueffer
d8b63f3ba1 Add a missing break in option parsing.
CID:		1011452
Found with:	Coverity Prevent(tm)
MFC after:	1 week
2014-04-15 07:37:56 +00:00
brueffer
8ac2dd562f Fix double fclose() in an error case.
CID:		1006120
Found with:	Coverity Prevent(tm)
MFC after:	1 week
2014-04-14 21:44:34 +00:00
imp
857dd5f125 In tree makefile shouldn't be setting policy piecemeal. Don't set
NO_MANCOMPRESS here.
2014-04-13 05:22:22 +00:00
imp
c39e6fc2c9 NO_MAN= has been deprecated in favor of MAN= for some time, go ahead
and finish the job. ncurses is now the only Makefile in the tree that
uses it since it wasn't a simple mechanical change, and will be
addressed in a future commit.
2014-04-13 05:21:56 +00:00
delphij
727357321c Detach from controlling session of parent. This is similar
to what is done in daemon(3), which we can not use directly
in this context.

Reviewed by:	pjd
MFC after:	2 weeks
2014-04-03 22:14:18 +00:00
ae
f61f9c0347 Document more parition types.
Requested by:	glebius
MFC after:	1 week
2014-04-02 11:12:48 +00:00
jmmv
4dc52363bb Fix path to the run.pl script to let these tests run.
Submitted by:	Peel, Casey
Obtained from:	freebsd-testing
2014-03-27 13:15:22 +00:00
dim
905ed8bc75 Add a SUBDIR_PARALLEL option to bsd.subdir.mk, to allow make to process
all the SUBDIR entries in parallel, instead of serially.  Apply this
option to a selected number of Makefiles, which can greatly speed up the
build on multi-core machines, when using make -j.

This can be extended to more Makefiles later on, whenever they are
verified to work correctly with parallel building.

I tested this on a 24-core machine, with make -j48 buildworld (N = 6):

                before    stddev       after    stddev
                =======   ======       =======  ======
real time        1741.1     16.5         959.8     2.7
user time       12468.7     16.4       14393.0    16.8
sys  time        1825.0     54.8        2110.6    22.8

(user+sys)/real     8.2                   17.1

E.g. the build was approximately 45% faster in real time.  On machines
with less cores, or with lower -j settings, the speedup will not be as
impressive.  But at least you can now almost max out a machine with
buildworld!

Submitted by:	jilles
MFC after:	2 weeks
2014-03-26 22:30:38 +00:00
dim
d8bb143013 Revert r263694, and apply a better fix to squelch unnecessary warnings
from clang about possible keywords being treated as identifiers for the
remainder of the translation unit (a.k.a. -Wkeyword-compat), when using
libstdc++ in combination with -Wsystem-headers.  This will not only fix
devd, but any C++ program using libstdc++.

MFC after:	3 days
X-MFC-With:	r263694
2014-03-26 19:31:33 +00:00
mjg
00964cfdfb Update userspace users of hw.bus.devctl_disable.
This fixes breakage resulting from r263754.

Reported by:	AN <andy@neu.net>
Reviewed by:	imp
Pointy hat to:	me
2014-03-26 02:25:40 +00:00
dim
64e77380a7 Apply a temporary band-aid for building devd with clang 3.4, libstdc++
and -Wsystem-headers enabled (which is the default for any non-zero
WARNS level, crazily enough!).  This is primarily meant to be MFC'd as
soon as possible.

MFC after:	3 days
2014-03-24 20:30:39 +00:00
asomers
c03f0a88b5 Add several ATF tests that deal with multiple fibs. They're described in
several different PRs, but the tests share some common code, so I'm
committing them together.

sbin/ifconfig/tests
sbin/ifconfig/tests/fibs_test.sh
sbin/ifconfig/tests/Makefile
sbin/ifconfig/Makefile
	Add fibs_test.sh, which regresses bin/187551

tests/sys/netinet
tests/sys/netinet/fibs_test.sh
tests/sys/netinet/udp_dontroute.c
tests/sys/netinet/Makefile
tests/sys/Makefile
	Add fibs_test.sh, which regresses kern/167947, kern/187552
	kern/187549, kern/187550, and kern/187553

etc/mtree/BSD.tests.dist
	Add newly created directories

PR:		bin/187551
PR:		kern/167947
PR:		kern/187552
PR:		kern/187549
PR:		kern/187550
PR:		kern/187553
Discussed with:	melifaro
MFC after:	3 weeks
Sponsored by:	Spectra Logic Corporation
2014-03-20 20:39:41 +00:00
jilles
a704d83919 Fix statically-linked build (WITHOUT_DYNAMICROOT). 2014-03-16 13:43:06 +00:00
rwatson
a400e9c007 Update most userspace consumers of capability.h to use capsicum.h instead.
auditdistd is not updated as I will make the change upstream and then do a
vendor import sometime in the next week or two.

MFC after:	3 weeks
2014-03-16 11:04:44 +00:00
jmmv
0ee5980c22 Add Makefile missed in r263220. 2014-03-16 02:32:44 +00:00
jmmv
f965a606e8 Migrate tools/regression/sbin/ to the new tests layout.
Pretty much all that this change does is shuffles the code around and hooks
it into the regular build.  The code of the old tests has not changed.
2014-03-16 02:07:08 +00:00
glebius
80e85e32a5 Remove AppleTalk support.
AppleTalk was a network transport protocol for Apple Macintosh devices
in 80s and then 90s. Starting with Mac OS X in 2000 the AppleTalk was
a legacy protocol and primary networking protocol is TCP/IP. The last
Mac OS X release to support AppleTalk happened in 2009. The same year
routing equipment vendors (namely Cisco) end their support.

Thus, AppleTalk won't be supported in FreeBSD 11.0-RELEASE.
2014-03-14 06:29:43 +00:00
eadler
118094e60b multiple: Remove 3rd clause from BSD license where approved by the
regents and renumber.

This patch skips files in contrib/ and crypto/

Acked by:	imp
Discussed with:	emaste
2014-03-14 03:07:51 +00:00
glebius
d494babace Remove IPX support.
IPX was a network transport protocol in Novell's NetWare network operating
system from late 80s and then 90s. The NetWare itself switched to TCP/IP
as default transport in 1998. Later, in this century the Novell Open
Enterprise Server became successor of Novell NetWare. The last release
that claimed to still support IPX was OES 2 in 2007. Routing equipment
vendors (e.g. Cisco) discontinued support for IPX in 2011.

Thus, IPX won't be supported in FreeBSD 11.0-RELEASE.
2014-03-14 02:58:48 +00:00
mckusick
0abf3679fe Avoid segment fault when attempting to clean up cylinder group
buffer cache.

PR:		187221
Submitted by:	Petr Lampa <lampa@fit.vutbr.cz>
Obtained from:	Petr Lampa <lampa@fit.vutbr.cz>
MFC after:	1 week
2014-03-12 01:28:21 +00:00
jilles
c594471e96 kldconfig: Remove some code for compatibility with FreeBSD 4.x.
Verified using md5(1).
2014-03-09 13:19:37 +00:00
asomers
94889417b9 sbin/devd/devd.8
sbin/devd/devd.cc
	Add a -q flag to devd that will suppress syslog logging at
	LOG_NOTICE or below.

Requested by:	ian@ and imp@
MFC after:	3 weeks
Sponsored by:	Spectra Logic Corporation
2014-03-07 23:30:48 +00:00
imp
ebcdff1527 Slight if reordering to make error branch last. 2014-03-07 01:01:57 +00:00
glebius
453f59d0c8 Fix compilation for 32-bit machines. 2014-03-05 19:26:22 +00:00
markj
bfcbf2a469 Log the name of the device that we failed to open rather than an
uninitialized buffer.

MFC after:	3 days
2014-03-05 04:15:17 +00:00