Commit Graph

4576 Commits

Author SHA1 Message Date
avatar
07cb91236d Re-sync'ing pf rules in post command as we already did for ipfilter.
With this patch, pf rules with dynamically created devices such like tun0
works without further intervention.

Reviewed by:	mlaier
MFC after:	3 days
2006-10-26 00:29:43 +00:00
delphij
d95f4fb5ef Synchronize pf.os with OpenBSD.
Obtained from:	OpenBSD
MFC After:	3 days
Approved by:	mlaier (maintainer)
2006-10-23 05:09:44 +00:00
hrs
1b1b112c84 Suppress a spurious warning message when a kernel without INET6 is
used.

Spotted by:	ru
Reviewed by:	ume
MFC after:	3 days
2006-10-22 17:21:03 +00:00
flz
cbad7c02dc Add 'reload' to the list of available commands for the amd rc.d script.
PR:		conf/104507
Submitted by:	Douglas K. Rand <rand@meridian-enviro.com>
MFC after:	3 days
2006-10-18 15:56:11 +00:00
yar
26039aabd1 Improve cleartmp in a number of aspects:
+ Use rc.subr(8) features properly.
+ Do the whole job of obliterating /tmp contents in find(1).
+ Leave lost+found and quota.{user,group} in /tmp only if root-owned.
+ Make the overall structure clearer by first removing the X dirs
  (perhaps along with the rest of /tmp) and then re-creating them.
+ Use "find -exec rm -rf {} +" for efficiency: each rm instance gets
  a chance to kill as much files in /tmp as ARG_MAX permits.

PR:		bin/104044
Submitted by:	Andrey Simonenko <see PR for email>
Hacked by:	yar
MFC after:	1 month
2006-10-16 13:01:45 +00:00
ceri
e4ea7afca1 Add idmapd_flags to defaults/rc.conf.
Document it and idmapd_enable.
2006-10-15 15:55:00 +00:00
ceri
7b28cc9b2f RC script for idmapd(8), defaulting to off. 2006-10-15 14:19:06 +00:00
ru
34fd4e5d2b Replace duplicate and not quite accurate capabilities
description with a reference to the disktab(5) manpage.

PR:		doc/48105
2006-10-14 16:39:03 +00:00
ume
73c8098699 Revert the default value of net.inet6.ip6.auto_linklocal to 1.
If ipv6_enable is not set to "YES", net.inet6.ip6.auto_linklocal
is turned to 0 at boot.

Discussed with:	re@, gnn@
MFC after:	3 days
2006-10-13 12:41:36 +00:00
piso
5696dc1060 Fix a regression: let natd load libalias modules before /usr is mounted
renaming /lib/libalias_*.so.4 to /lib/libalias_*.so.

Approved by: glebius
Reviewed by: glebius, ru
2006-10-08 14:02:00 +00:00
ume
364695cff6 Restore the behavior that net.inet6.ip6.auto_linklocal=0 could
be coexist with ipv6_enable="YES".

MFC after:	3 days
2006-10-07 15:45:56 +00:00
flz
8587b166ef Introduce mixer_enable (default: YES).
PR:		conf/101268
Submitted by:	Eugene Grosbein <eugen@grosbein.pp.ru>
Approved by:	cperciva (mentor)
X-MFC after:	6.2-RELEASE
Sponsored by:	FreeBSD Test-Bugathon
2006-10-06 23:22:13 +00:00
ru
f53bc81fe1 A GEOM cache can speed up read performance by sending fixed size
read requests to its consumer.  It has been developed to address
the problem of a horrible read performance of a 64k blocksize FS
residing on a RAID3 array with 8 data components, where a single
disk component would only get 8k read requests, thus effectively
killing disk performance under high load.  Documentation will be
provided later.  I'd like to thank Vsevolod Lobko for his bright
ideas, and Pawel Jakub Dawidek for helping me fix the nasty bug.
2006-10-06 08:27:07 +00:00
brooks
120ed3e161 Pull in /etc/rc.conf.d/network so that ifconfig_<if> variables can be
set there.  This is required for consistency with /etc/rc.d/netif.

PR:		conf/103893
Submitted by:	Nick Hibma <nick at anywi.com>
MFC after:	3 days
2006-10-02 18:50:58 +00:00
gnn
3b143b31f6 Turn off automatic link local address if ipv6_enable is not set to YES
in rc.conf

Reviewed by:    KAME core team, cperciva
MFC after:      3 days
2006-10-02 10:13:30 +00:00
yar
53d4e5c17e debug() shouldn't misidentify itself to logger(1).
Noticed by:	David Thompson <dat1965 yahoo com>
2006-10-02 08:20:37 +00:00
ache
38c8b0a34c Add mn_MN.UTF-8 2006-10-02 00:23:14 +00:00
ru
a929436732 Create section 8 man subdirectories for PowerPC. 2006-09-30 09:02:38 +00:00
bms
686e54733a Push removal of mrouted down to the rest of the tree. 2006-09-29 15:45:11 +00:00
piso
5582e56d9d Summer of Code 2005: improve libalias - part 1 of 2
With the first part of my previous Summer of Code work, we get:

-made libalias modular:

 -support for 'particular' protocols (like ftp/irc/etcetc) is no more
  hardcoded inside libalias, but it's available through external
  modules loadable at runtime

 -modules are available both in kernel (/boot/kernel/alias_*.ko) and
  user land (/lib/libalias_*)

 -protocols/applications modularized are: cuseeme, ftp, irc, nbt, pptp,
  skinny and smedia

-added logging support for kernel side

-cleanup

After a buildworld, do a 'mergemaster -i' to install the file libalias.conf
in /etc or manually copy it.

During startup (and after every HUP signal) user land applications running
the new libalias will try to read a file in /etc called libalias.conf:
that file contains the list of modules to load.

User land applications affected by this commit are ppp and natd:
if libalias.conf is present in /etc you won't notice any difference.

The only kernel land bit affected by this commit is ng_nat:
if you are using ng_nat, and it doesn't correctly handle
ftp/irc/etcetc sessions anymore, remember to kldload
the correspondent module (i.e. kldload alias_ftp).

General information and details about the inner working are available
in the libalias man page under the section 'MODULAR ARCHITECTURE
(AND ipfw(4) SUPPORT)'.

NOTA BENE: this commit affects _ONLY_ libalias, ipfw in-kernel nat
support will be part of the next libalias-related commit.

Approved by: glebius
Reviewed by: glebius, ru
2006-09-26 23:26:53 +00:00
rwatson
249296fc03 Sleep for one second after calling audit -t to give the audit daemon a
chance to actually terminate the audit service and exit.  Otherwise, on
an rc.d/auditd restart, the new audit daemon instance may try to start
auditing while the previous session is still running.  Likewise, this
ensures a chance for auditd to terminate the audit trail at system
shutdown.

Perhaps more ideally, the script would wait synchronously for auditd to
exit rather than for an arbitrary but short period of time.

MFC after:	3 days
Obtained from:	TrustedBSD Project
2006-09-24 17:31:04 +00:00
brooks
a1e5239462 network_ipv6 also does some interface configuration so require it to run
before starting devd so they don't trip over each other.

PR:		conf/103428
2006-09-21 14:29:32 +00:00
brooks
aa92e52181 Introduce a new method ipv6if which attemptes to figure out if an
interface is an IPv6 interface.

Use this method to decide if we should attempt to configure an interface
with an IPv6 address in pccard_ether.  The mechanism pccard_ether uses
to do this is unsuited to the task because it assumes the list of
interfaces it is passed is the full list of IPv6 interfaces and makes
decissions based on that.  This is at least a step in the right
direction and is probably about as much as we can MFC safely.

PR:		conf/103428
MFC after:	3 days
2006-09-21 01:44:52 +00:00
brooks
68deeefe49 Flushing all IPv4 routes when an interface is removed or unconfigured
makes no sense.  Remove the undocumented removable_route_flush feature
from pccard_ether.

X-MFC after:	never
2006-09-20 19:48:31 +00:00
brooks
6e1b63c897 Search the list of up interfaces provided by "ifconfig -ul" instead of
greping for UP in "ifconfig $ifn".  This eliminates a dependancy on
/usr.
2006-09-20 19:45:30 +00:00
emax
6f44289f61 Add bthidd(8) rc(8) script
MFC after:	1 month
2006-09-07 22:25:08 +00:00
emax
59b2f67d03 Prepare for upcoming bthidd(8) update. Install vkbd(4) header into dev/vkbd.
MFC after:	1 month
2006-09-07 18:24:24 +00:00
marcel
fe9fda2d7c Unbreak PowerPC build after addition of powermac_nvram(4powerpc). 2006-09-02 20:58:37 +00:00
brooks
931f11f642 - Document /conf/diskless_remount in the list of special files.
- Note that diskless_remount files may use ".." to support mounts above
  the root path.
- Copy dot files when populating directories from /conf. [1]

PR:		misc/102724 [1]
Submitted by:	Attila Nagy <bra at fsn.hu> [1]
2006-09-01 16:33:15 +00:00
ru
907b65e65a Kill the default phone numbers.
Obtained from:	OpenBSD
2006-08-31 21:13:12 +00:00
obrien
c3fa754b3f Re-add lukemftpd. It has: PAM, MAC, per-class nologin files,
login.conf resource limits and features.
2006-08-31 17:15:10 +00:00
cperciva
1caefdfb4b Add FreeBSD Update 2.0 client code. The build code is in the projects
repository.

Sponsored by:	FreeBSD security development fundraiser
2006-08-31 09:51:34 +00:00
ru
fbc656e8b0 Comment out lines that use example addresses and example.com names so
that local changes can be made more easily (without having to comment
these lines, and making the diff more readable).
2006-08-29 09:20:48 +00:00
ru
8b1d56c480 The kvm_mkdb(8) is long dead. 2006-08-29 08:49:58 +00:00
cperciva
c690e33e8e When stopping powerd, set the CPU frequency back to its maximum value
(i.e., what it was almost certainly at before powerd was started).

Submitted by:	R.B. Riddick
MFC after:	3 days
2006-08-27 11:04:39 +00:00
dougb
d7beaaec70 Use ports INDEX-7 instead of INDEX-6
Submitted by:	Niclas Zeising <lothrandil@n00b.apagnu.se>
2006-08-27 08:12:53 +00:00
trhodes
f21ca27dec Add login.conf checking to periodic security scripts. If the login.conf file
is not UID/GID 0, limits will be ignored and a strange error sent to auth.log.

Head nod:	ru, rwatson
2006-08-25 07:34:36 +00:00
trhodes
e3d91b1fd3 Send more Alpha bits to the bin. 2006-08-25 00:36:59 +00:00
ru
dc5b14d7bc Fix example:
/conf/base/diskless_remount -> /conf/base/etc/diskless_remount

MFC after:	3 days
2006-08-22 16:21:16 +00:00
flz
93d42de8b0 - Add ypserv to the REQUIRE list.
Reported by:	David Thompson <dat1965@yahoo.com>
Discussed on:	-rc (brooks)
Approved by:	cperciva (mentor, implicit)
MFC after:	3 days
2006-08-22 14:58:23 +00:00
flz
54b7b1d84e Backout this commit since it breaks startup and some scripts in
certain conditions. I haven't been able to find a better solution yet:

    - Set a two read-only variables (${prefix} and ${etcdir}). This is
    especially useful when using /etc/rc.d scripts with third-party
    software installed from ports.
    - Fix rc.d/sshd to work with openssh from ports using ${etcdir}
    instead of hardcoded /etc.
    - Reflect prefix/etcdir changes in rc.subr.8.

        src/etc/rc.d/sshd: rev 1.9 -> 1.10
        src/etc/rc.subr: rev 1.51 -> 1.52
        src/share/man/man8/rc.subr.8: rev 1.11 -> 1.12

Approved by:	cperciva (mentor)
2006-08-22 11:17:29 +00:00
flz
0c85546033 - Remove ramdisk rc.d scripts since they've been replaced by mdconfig{,2}.
- Update ObsoleteFiles.inc.

Approved by:	cperciva (mentor)
2006-08-22 11:12:09 +00:00
brooks
91d01c20f9 Don't try to start interfaces that don't exist.
Reported by:    Dominique Goncalves <dominique.goncalves at gmail.com>
2006-08-18 13:19:45 +00:00
yar
3f0988c978 Eliminate header line(s) from ps(1) output instead of skipping over them. 2006-08-18 13:07:38 +00:00
yar
904a0ff853 The ps(1) command is unfriendly to scripts by default because
it limits the width of its output to the value of $COLUMNS, or
what TIOCGWINSZ reports, or 79 columns.  We should specify -ww
to ps(1) so that it removes the limit and prints lines in full.
Otherwise very long command pathnames could be mishandled, e.g.,
by _find_processes().

MFC after:	1 week
2006-08-18 12:10:18 +00:00
brian
85df8020c4 Make it a little clearer that interface-specific flags aren't additional
to specified dhclient flags.

Mention background_dhclient_iface.

Suggested by: ru
2006-08-17 20:13:24 +00:00
brian
97f069fb74 Add a missing quote
Spotted by: ru
2006-08-17 19:57:10 +00:00
brian
a3922ffaf6 Add a -p switch to dhclient. The switch tells dhclient to persist
despite the interface link status.

Add dhclient_flags_iface and background_dhclient_iface rc.conf options.
(where iface is a specific interface).  These can be used to give
interface specific flags to dhclient.

Reviewed by:	brooks@
2006-08-17 17:12:27 +00:00
yar
d5c64fa997 Allow for setting negative priority (niceness) when $foo_user is non-root.
The order in _doit must be "nice su", not "su nice", for that.
In addition, don't ignore the exit status from "cd $foo_chdir".

Reviewed by:	freebsd-rc (silence)
MFC after:	1 week
2006-08-17 08:04:20 +00:00
brooks
753b3bce68 Introduce a new function, ifexists and use it to avoid attempting to
touch interfaces that don't actually exist in the stop case.  In the
process move some IPv4 specific code from ifconfig_down to ipv4_down.

This should solve problems with ifconfig: error messages on boot when
interfaces are renamed.
2006-08-17 03:03:38 +00:00