Reboot now emulates the nextboot shell script completely. Retire the
nextboot.sh script and install the link. Retain the same manual page,
since there's enough differences between nextboot and reboot that
talking about nextboot would likely be confusing in nextboot.8
The nextboot.sh script no longer exists, so doesn't need to be fixed up
to create rescue. However, now we need a link from nextboot to reboot.
Sponsored by: Netflix
Reviewed by: kevans
Differential Revision: https://reviews.freebsd.org/D43831
Differential Revision: https://reviews.freebsd.org/D43843
Allow nextboot to be a symlink link to reboot. It does everything reboot
does, except doesn't actually setup the sytem to reboot and reboot. Also,
don't accept the reboot args related to rebooting when in nextboot mode.
Sponsored by: Netflix
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D43830
kernel isn't special, beyond the sanity checks we do. Add it to the env
rather than pass it into write_nextboot().
Sponsored by: Netflix
Reviewed by: kevans, kib
Differential Revision: https://reviews.freebsd.org/D43828
Implement -e foo=bar to add loader environment variables to
nextboot.conf. bar is enclosed in quotes if it isn't already.
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D43827
Implement full support for ZFS -k support. For ZFS, we have to set a
property that gets cleared by the boot loaeder for whether or not to
process nextboot.conf. Do this using system("zfsbootcfg..." rather than
coding the small subset of that program inline to avoid CDDL
contamination of reboot and the complications of disabling CDDL and/or
ZFS. The few bytes needed to implement reboot for systems with zfs is
not worth saving for systems w/o ZFS.
Only set nextboot_enable=YES for UFS filesystems. They are the only one
that need that as the first line. Its presence on ZFS can cause the
kernel to not be oneshot.
Sponsored by: Netflix
Reviewed by: kevans, kib
Differential Revision: https://reviews.freebsd.org/D43824
Implement -D from nextboot.sh which deletes the nextboot.conf file and
exists.
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D43822
Add sanity checking to the write to nextboot. Move to separate function
and allow force to override all errors. If we can't write nextboot.conf,
don't silently fail anymore.
Sponsored by: Netflix
Reviewed by: kevans, kib, markj, jhb
Differential Revision: https://reviews.freebsd.org/D43803
reboot -k garbage won't boot garbage unless /boot/garbage/kernel is
there. Refuse to reboot if it is missing, though allow -f to force
it for special-use cases. This is in keeping with nextboot.sh.
Sponsored by: Netflix
Reviewed by: kevans, kib, markj, emaste
Differential Revision: https://reviews.freebsd.org/D43802
Convert all the command line flags to bools, since that's how we use
them. Sort the includes while adding stdbool.h.
Sponsored by: Netflix
Reviewed by: kevans, kib, emaste
Differential Revision: https://reviews.freebsd.org/D43801
When we're re-rooting to a new /, there is no next kernel. Error out
rather than leaving a timebomb in /boot/nextboot.conf.
Sponsored by: Netflix
Reviewed by: kevans, kib, emaste
Differential Revision: https://reviews.freebsd.org/D43800
When using the zfsbootcfg library, we're talking only to it, not to the
rest of ZFS, nor are we using anything that needs access to the ZFS
compilation environment. Remove all the compiling OpenZFS itself flags.
Sponsored by: Netflix
Reviewed by: kevans
Differential Revision: https://reviews.freebsd.org/D43823
When a temporary/bootonce boot environment is renamed, we need to also
update the bootenv nvlist on-disk to reflect the new name. Additionally,
when a temporary/bootonce boot environment is destroyed, we also need to
clear out the on-disk state.
Reviewed by: kevans
Approved by: kp
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D43591
Introduce a verbose output mode to pflowctl, and expose the status of
the socket to userspace. This can be helpful in debugging configuration
errors.
Sponsored by: Rubicon Communications, LLC ("Netgate")
atime is enabled by default, but may be specified explicitly so that any
future change in the default would not have an effect on a given mount.
Reviewed by: olce, rgrimes
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D43580
ccd(4) previoulsy had knowledge of BSD disklabels, and relied on their
use on the underlying disks, but this hasn't been the case since 2003
(commit 0f76d6d822).
Remove disklabel references from the man page.
Reviewed by: imp
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D43574
bsdlabel is intended to support up to 20 partitions, but the disklabel
struct has a d_partitions array with only BSD_NPARTS_MIN (8) entries.
Previously, an attempt to operate on a bsdlabel with more than eight
partitions resulted in a buffer overflow.
As a stopgap limit bsdlabel to 8 partitions until this is fixed
properly.
PR: 276517
Ensure we print it as such, rather than as a signed integer, as that
would lead to confusion.
Reported by: Jim Pingle <jimp@netgate.com>
Sponsored by: Rubicon Communications, LLC ("Netgate")
The usual use case in 2024 for newfs_msdosfs is creating filesystems on SD cards
for older hardware. In most tutorials, they call the cluster size "allocation
size". Therefore, add a small note next to cluster size that it is also called
allocation size, and add an example for how to do this.
Reviewed by: jhb
Pull Request: https://github.com/freebsd/freebsd-src/pull/1045
gcc is unhappy with the nested extern declaration of __progname, so move
it out of the usage() function.
Sponsored by: Rubicon Communications, LLC ("Netgate")
Extend pflow(4) to send NAT44 Session Create and Delete events.
This applies only to IPFIX (i.e. proto version 10), and requires no
user configuration.
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D43114
Only generate ipfix/netflow reports (through pflow) for the rules where
this is enabled. Reports can also be enabled globally through 'set
state-default pflow'.
Obtained from: OpenBSD
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D43108
pflow is a pseudo device to export flow accounting data over UDP.
It's compatible with netflow version 5 and IPFIX (10).
The data is extracted from the pf state table. States are exported once
they are removed.
Reviewed by: melifaro
Obtained from: OpenBSD
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D43106
The quota options are pseudo options and not passed to the mount system
call when a filesystem is mounted. They are not part of the info
returned from getmntinfo(3), so can't be printed. Add a note to this
effect.
Route destinations like 10/8 are most likely intended as a shorthand
for 10.0.0.0/8, but instead it means 0.0.0.10/8, which includes
only bits in the host part of the mask, and hence adds a route to
0.0.0.0/8. In 12.x, there was code to "do what I mean", which was
removed as part of a cleanup of old network class remnants. Given
that we have gone this long without that code, do not restore that
behavior. Instead, detect the issue and produce an error.
Specifically, if there are no dots in a numeric IPv4 address, the
mask is specified with CIDR notation (using a slash), and there are
bits set in the host part, produce an error like this for 10/8:
route: malformed address, bits set after mask; 10 means 0.0.0.10
PR: 258874
MFC after: 1 week
Reviewed by: melifaro, emaste
Differential Revision: https://reviews.freebsd.org/D43384
Consumers of libpfctl can (and in future, should) open a handle. This
handle is an opaque object which contains the /dev/pf file descriptor
and a netlink handle. This means that libpfctl users can open the handle
as root, then drop privileges and still access pf.
Already add the handle to pfctl_startstop() and pfctl_get_creatorids()
as these are new in main, and not present on stable branches. Other
calls will have handle-enabled alternatives implemented in subsequent
commits.
Sponsored by: Rubicon Communications, LLC ("Netgate")
Thanks to Toshiba for providing the SCSI spec for their latest
generation drives so I could confirm how they operate.
The firmware download works in a pretty standard way, so this
is a straightforward table addition.
sbin/camcontrol/camcontrol.8:
Document that Toshiba drives are supported for fwdownload,
and that it was tested on TOSHIBA MG10SFA22TE 22TB drives.
sbin/camcontrol/fwdownload.c:
Add TOSHIBA to the known SCSI vendors list for fwdownload.
Sponsored by: Spectra Logic
MFC after: 3 days
As the name suggests, this sends a SCSI REQUEST SENSE to a device,
and prints out decoded sense information. It can also print out a
hexdump of the sense data.
sbin/camcontrol/camcontrol.c:
Add the new sense subcommand.
sbin/camcontrol/camcontrol.8:
Document camcontrol sense.
Sponsored by: Spectra Logic
Reviewed by: mav
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D43225
On line 354, "go up from" is mistyped as "go up form".
Event: Advanced UNIX Programming Course (Fall’23) at NTHU.
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/951
On line 748, "bigger than" is mistyped as "bigger then", and on line
765, "more than" is mistyped as "more then".
Event: Advanced UNIX Programming Course (Fall’23) at NTHU.
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/949
Replace ieee80211_ie_vhtcap with ieee80211_vht_cap and
ieee80211_ie_vht_operation with ieee80211_vht_operation.
The "ie" version has the two bytes type/length at the beginning which
we did not actually use as such (the one place doing did just as unused
extra work).
Using the non-"ie" versions allows us to re-use them on shared code.
Using an enum helps us to not accidentally get unsuppored or unhandled
values tough we cannot use it in the struct as we need to ensure the
field width.
ieee80211_vht_operation is guarded by _KERNEL/WANT_NET80211. While the
header is supposed to be exported to user land historically, software
such as wpa bring their own structure definitions. For in-tree usage
it is only ifconfig which really cares (at least for now).
Sponsored by: The FreeBSD Foundation
MFC after: 3 days
Reviewed by: adrian (earlier), cc
Differential Revision: https://reviews.freebsd.org/D42901
Have a simple Gilbert-Elliott channel model in
dummynet to mimick correlated loss behavior of
realistic environments. This allows simpler testing
of burst-loss environments.
Reviewed By: tuexen, kp, pauamma_gundo.com, #manpages
Sponsored by: NetApp, Inc.
Differential Revision: https://reviews.freebsd.org/D42980
As a followup to D41330 and D41436, this patch introduces two new tests
for sbin/route: interface_route_v[46].
These tests fail without D41330.
Reviewed by: kp
Approved by: kp (mentor)
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")
Add -D option to add the drivername and unit number to ifconfig output
for normal display, including -a. Use ifconfig_get_orig_name() from
libifconfig to fetch the name. Note that this is the original name
for many drivers, but not for some exceptions like epair (which appends
'a' or 'b' to the unit number). epair interface pairs both display
as "epair0", etc. Make -v imply -D; might as well be fully verbose.
MFC after: 1 week
Reviewed by: zlei, kp
Differential Revision: https://reviews.freebsd.org/D42721
We recently noticed that the recursive printing of labels wasn't working
like the recursive printing of rules.
When running pfctl -sr -a* we get a listing of all rules, including the
ones inside anchors. On the other hand, when running pfctl -sl -a*, it
would only print the labels in the root level, just like without the
-a* argument.
As in our use-case we are interested on labels only and our labels are
unique even between anchors, we didn't add indentation or hierarchy to
the printing.
Sponsored by: InnoGames GmbH
Differential Revision: https://reviews.freebsd.org/D42728
Apply the following automated changes to try to eliminate
no-longer-needed sys/cdefs.h includes as well as now-empty
blank lines in a row.
Remove /^#if.*\n#endif.*\n#include\s+<sys/cdefs.h>.*\n/
Remove /\n+#include\s+<sys/cdefs.h>.*\n+#if.*\n#endif.*\n+/
Remove /\n+#if.*\n#endif.*\n+/
Remove /^#if.*\n#endif.*\n/
Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/types.h>/
Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/param.h>/
Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/capsicum.h>/
Sponsored by: Netflix
We've ifdef'd out the copyright strings for some time now. Go ahead and
remove the ifdefs. Plus whatever other detritis was left over from other
recent removals. These copyright strings are present in the comments and
are largely from CSRG's attempt at adding their copyright to every
binary file (which modern interpretations of the license doesn't
require).
Sponsored by: Netflix
For the uncommon items: Go through the tree and remove sccs tags that
didn't fit any nice pattern. If in the neighborhood, other SCM tags were
removed when they were detritis of long-ago CVS somehow in the early
mists of the project. Some adjacent copyrights stringswere removed (they
duplicated the copyright notices in the file). This also removed
non-standard formations of omission of SCCS tags (usually by adding an
extra #if 0 somewhere.
After this commit, a number of strings tagged with the 'what' @(#)
prefix remain, but they are primarily copyright notices.
Sponsored by: Netflix
Remove ancient SCCS tags from the tree, automated scripting, with two
minor fixup to keep things compiling. All the common forms in the tree
were removed with a perl script.
Sponsored by: Netflix
If a user don't have FreeBSD-autofs installed there is no need to try calling
automount on every GEOM event.
It's also easier to add/delete autofs related event in a separate file.
Sponsored by: Beckhoff Automation GmbH & Co. KG
Differential Revision: https://reviews.freebsd.org/D42495
Reviewed by: imp
Various disk controllers require their buffers to be aligned to a
cache-line size (128 bytes). For buffers allocated in structures,
ensure that they are 128-byte aligned. Use aligned_malloc to allocate
memory to ensure that the returned memory is 128-byte aligned.
While we are here, we replace the dynamically allocated inode buffer
with a buffer allocated in the uufsd structure just as the superblock
and cylinder group buffers do.
This can be removed if/when the kernel is fixed. Because this problem
has existed on one I/O subsystem or another since the 1990's, we
are probably stuck with dealing with it forever.
The problem most recent showed up in Azure, see:
https://reviews.freebsd.org/D41728https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=267654
Before these fixes were applied, it was confirmed that the changes
in this commit also fixed the issue in Azure.
Reviewed-by: Warner Losh, kib
Tested-by: Souradeep Chakrabarti of Microsoft (earlier version)
PR: 267654
Differential Revision: https://reviews.freebsd.org/D41724
On D40102 we implemented support for transport over IPv6 but the
documentation was not updated to reflect the new feature.
Clarify what is available and how it can be used.
MFC after: 1 week
Sponsored by: InnoGames GmbH
Differential Revision: https://reviews.freebsd.org/D42505
Allow SCTP state timeouts to be configured independently from TCP state
timeouts.
Reviewed by: tuexen
MFC after: 1 week
Sponsored by: Orange Business Services
Differential Revision: https://reviews.freebsd.org/D42393
We know that calling devmatch will be futile if there's no plug and play
information for it to match on. Avoid this generically when we see
"? at +on"
which happens only when the location and pnpinfo aren't provided. Don't
call "service devmatch quietstart" here.
We also ignore ACPI devices with a _HID of none. These also will never
load a new driver, so avoid calling "service devmatch quietstart" here too.
Use the more compatct "$*" instead of "'?'$_" when calling "service
devmatch quietstart" since it will evaluate to the same thing.
On my laptop, this eliminates 45% of the calls to devmatch. While it
would be even better to integrate devmatch into devd (so we only parse
linker.hints once), that will have to wait for another day as it's a bit
more complex to arrange that avoiding easy to avoid calls.
Sponsored by: Netflix
Reviewed by: emaste
Differential Revision: https://reviews.freebsd.org/D42326
These examples are wrong, and with devmatch, nobody would ever see them
(since it's a higher priority).
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D42325
We compile correctly on all platforms with clang and WARNS=6. We build
on amd64 with gcc12 and WARNS.6. Restore WARNS=6. This reverts
3741a56c31, since that's no longer relevant.
Sponsored by: Netflix
When fsck_ffs(8) runs in background, it creates a snapshot named
fsck_snapshot in the filesystem's .snap directory. The fsck_snapshot
file was removed when the background fsck finished. If the system
crashed or the fsck exited unexpectedly, the fsck_snapshot file
would remain. The snapshot would consume ever more space as the
filesystem changed over time until it was removed by a system
administrator or a future run of background fsck removed it to
create a new snapshot file.
This commit unlinks the .snap/fsck_snapshot file immediately after
opening it so that it will be reclaimed when fsck closes it at the
conclusion of its run. After a system crash, it will be removed as
part of the filesystem cleanup because of its zero reference count.
As only a few milliseconds pass between its creation and unlinking,
there is far less opportunity for it to be accidentally left behind.
PR: 106107
MFC-after: 1 week
This file does not exist, remove it from the list of files to avoid
confusion. The example file is just /etc/devfs.conf.
Reviewed by: mhorne
Pull Request: https://github.com/freebsd/freebsd-src/pull/871
If a connection is NAT-ed we could previously only terminate it by its
ID or the post-NAT IP address. Allow users to specify they want look for
the state by its pre-NAT address. Usage: `pfctl -k nat -k <address>`.
See also: https://redmine.pfsense.org/issues/11556
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D42312
Allow users(pace) to specify a protocol, interface, address family and/
or address and mask, allowing the state listing to be pre-filtered in
the kernel.
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D42280
If a request ends up growing beyong the initially allocated space the
netlink functions (such as snl_add_msg_attr_u32()) will allocate a
new buffer. This invalidates the header pointer we can have received
from snl_create_msg_request(). Always use the hdr returned by
snl_finalize_msg().
Reviewed by: melifaro
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D42223
Since fd7edfcdc3 ("bridge: fix lookup for untagged packets in
bridge_transmit()") and b0e38a1373 ("bridge: distinguish no vlan and
vlan 1") we do a better job of distinguishing between untagged and VLAN
1 traffic.
However, ifconfig still defaulted to adding addresses for VLAN 1, rather
than for untagged traffic. Change this to be the most common (i.e.
untagged) option.
Reviewed by: zlei, philip
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D42188
Implement equivalents to DIOCSTART and DIOCSTOP in netlink. Provide a
libpfctl implementation and add a basic test case, mostly to verify that
we still return the same errors as before the conversion
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D42145
Traditionally, ping returned exit code EX_NOHOST if a DNS lookup failed.
That is still the case for the legacy code in the new merged ping, but
not for IPv6 targets, nor when a DNS lookup is performed in order to
determine which version of the tool to invoke.
While here, also make sure that the error message is consistent.
Sponsored by: NetApp, Inc.
Sponsored by: Klara, Inc.
Reviewed by: kevans
Differential Revision: https://reviews.freebsd.org/D42159
atf_python may use vnet jails for creating an isolated test environment.
Mark these tests that require root user privileges.
Reviewed by: markj
MFC after: 1 week
Pull Request: https://github.com/freebsd/freebsd-src/pull/863
Very early on, the Src/Dst IP addresses were printed in hex notation
(%08x), which will always be 8-characters wide. It was later changed to
use a dot-decimal notation. Depending on the IP address length, the Src
and Dst headers may require a different padding. Use the source and
destination IP lengths as padding for the headers.
Also, print an Opts (options) header, if there are options present. It
has been abbreviated to Opts to match the length of the previous Data
header, removed in ef9e6dc7ee.
Print the header info such that no trailing spaces are produced. As
some git workflows may automatically trim them, and make the tests fail
(see 25b86f8559).
Before
Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
4 f 00 007c 0001 0 0000 40 01 d868 192.0.2.1 192.0.2.2␣
After
Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
4 f 00 007c 0001 0 0000 40 01 d868 192.0.2.1 192.0.2.2
And with options:
Before
Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
4 f 00 007c 0001 0 0000 40 01 d868 192.0.2.1 192.0.2.2 01...
After
Vr HL TOS Len ID Flg off TTL Pro cks Src Dst Opts
4 f 00 007c 0001 0 0000 40 01 d868 192.0.2.1 192.0.2.2 01...
Reviewed by: markj
MFC after: 1 week
Pull Request: https://github.com/freebsd/freebsd-src/pull/863
Differential Revision: https://reviews.freebsd.org/D39561
When an echo reply packet is received, the data is compared with the
sent data. When a wrong byte is detected the command displays a report
with the differences.
The first row (the first 8-bytes of data after the ICMP header) should
include the time stamp (if data is at least 8-bytes), this value is not
taken into consideration for the comparison. The remaining rows
represent the data (padded pattern) received/sent, with each byte being
compared for differences.
Print the space before (not after), to add an extra space after cp:/dp:
for better readability when the first time stamp octet is not
zero-padded, and to remove trailing spaces in the output.
Before:
cp:99 0 0 c 1 5 c 0␣
ab cd ab cd ab cd ab cd ab cd ab cd ab cd ab cd␣
...
After:
cp: 99 0 0 c 1 5 c 0
ab cd ab cd ab cd ab cd ab cd ab cd ab cd ab cd
...
Reviewed by: markj
MFC after: 1 week
Pull Request: https://github.com/freebsd/freebsd-src/pull/863
Differential Revision: https://reviews.freebsd.org/D39492
This is a first step towards a unification/simplification of ping/ping6
(internally). The end goal is to produce a standardized user-facing
output.
Before (ping6):
PING6(56=40+8+8 bytes) 2001:db8::1 --> 2001:db8::2
16 bytes from ::1, icmp_seq=0 hlim=64 time=0.168 ms
16 bytes from ::1, icmp_seq=1 hlim=64 time=0.068 ms
--- 2001:db8::2 ping6 statistics ---
round-trip min/avg/max/std-dev = 0.068/0.118/0.168/0.050 ms
After (ping6):
PING(56=40+8+8 bytes) 2001:db8::1 --> 2001:db8::2
16 bytes from ::1, icmp_seq=0 hlim=64 time=0.168 ms
16 bytes from ::1, icmp_seq=1 hlim=64 time=0.068 ms
--- 2001:db8::2 ping statistics ---
round-trip min/avg/max/stddev = 0.068/0.118/0.168/0.050 ms
This has the nice side-effect of adding units to SIGINFO's statistics,
as printing numbers without units may not be of much help. Also
mentions the fact that these times are round-trip.
Before (ping/ping6 SIGINFO):
2/2 packets received (100.0%) 0.068 min / 0.118 avg / 0.168 max
After (ping/ping6 SIGINFO):
--- <ipv4/ipv6 address> ping statistics ---
2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.068/0.118/0.168/0.050 ms
In the case of a SIGINFO, the output will be printed to stderr, for both
ping and ping6.
Reviewed by: markj
MFC after: 1 week
Pull Request: https://github.com/freebsd/freebsd-src/pull/863
Differential Revision: https://reviews.freebsd.org/D39126
Commit 46d7b45a26 introduced these code
paths. Test and document them.
- Add inner packet too short test
- Add inner IHL too short test
- Add quoted data too short test
- Add IHL too short test
- Add max inner packet IHL without payload test
Reviewed by: markj
MFC after: 1 week
Pull Request: https://github.com/freebsd/freebsd-src/pull/863
Differential Revision: https://reviews.freebsd.org/D38528
Avoid calculating the square root of negative zero, which can easily
happen on certain architectures when calculating the population standard
deviation with a sample size of one, e.g., 0.01 - (0.1 * 0.1) =
-0.000000.
Avoid returning a NaN by capping the minimum possible variance value to
zero (positive).
In the future, maybe skip reporting statistics at all for a single
sample.
Reported by: Jenkins
Reviewed by: asomers
MFC after: 1 week
Pull Request: https://github.com/freebsd/freebsd-src/pull/863
Differential Revision: https://reviews.freebsd.org/D42114
* Interrupt the option loop as soon as we have an indication of which
protocol is intended.
* If we end up having to perform a DNS lookup, loop over the entire
result looking for either IPv4 or IPv6 addresses.
Sponsored by: NetApp, Inc.
Sponsored by: Klara, Inc.
Reviewed by: rscheff, kevans, allanjude
Differential Revision: https://reviews.freebsd.org/D42137
Allow userspace to retrieve a list of distinct creator ids for the
current states.
This is used by pfSense, and used to require dumping all states to
userspace. It's rather inefficient to export a (potentially extremely
large) state table to obtain a handful (typically 2) of 32-bit integers.
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D42092
Allow consumers to start processing states as the kernel supplies them,
rather than having to build a full list and only then start processing.
Especially for very large state tables this can significantly reduce
memory use.
Without this change when retrieving 1M states time -l reports:
real 3.55
user 1.95
sys 1.05
318832 maximum resident set size
194 average shared memory size
15 average unshared data size
127 average unshared stack size
79041 page reclaims
0 page faults
0 swaps
0 block input operations
0 block output operations
15096 messages sent
250001 messages received
0 signals received
22 voluntary context switches
34 involuntary context switches
With it it reported:
real 3.32
user 1.88
sys 0.86
3220 maximum resident set size
195 average shared memory size
11 average unshared data size
128 average unshared stack size
260 page reclaims
0 page faults
0 swaps
0 block input operations
0 block output operations
15096 messages sent
250001 messages received
0 signals received
21 voluntary context switches
31 involuntary context switches
Reviewed by: mjg
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D42091
Previously when printing the sysctl description (via the -d flag) we
omitted the newline if the node provided no description (i.e., NULL).
This could be observed via e.g. `sysctl -d dev`.
PR: 44034
Reviewed by: zlei
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D42112
In mount_nfs.c the -t option is deprecated and advises to use
timeout=<N> instead. However, since that refers to NFS over UDP, which
is not used nowadays, mark this option as deprecated in the man page.
PR: 260611
Suggested by: rmacklem
A PF rule using an IPv4 address followed by an IPv6 address and then a
dynamic address, e.g. "pass from {192.0.2.1 2001:db8::1} to (pppoe0)",
will have an incorrect /32 mask applied to the dynamic address.
MFC after: 3 weeks
Obtained from: OpenBSD
See also: https://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/007_pfctl.patch.sig
Sponsored by: Rubicon Communications, LLC ("Netgate")
Event: Oslo Hackathon at Modirum
We have overused err(1), so it's hard to distinguish when an error is
very, very serious, and when it's just a user-error, or even harmless.
This patch changes the current behaviour to distinguish between the
following three:
1 for usage errors
2 for recoverable errors
3 or higher for unrecoverable errors
Reviewed by: jilles, pauamma_gundo.com, des
Differential Revision: https://reviews.freebsd.org/D27161
The EXAMPLES mis-comments caused an obnoxious amount of blank space
above SEE ALSO when rendered by mandoc to a terminal. The missing
termination of .Xo meant the description of -h ran together with the
subcommand synopsis. The other changes were generally ignored tags due
to context that simply don't need to be there.
Provoked by: grahamperrin
Move the descriptions of loader tunables from section 'SYSCTL VARIABLES'
to section 'LOADER TUNABLES'.
See also 49197c391b (ipfw: Add sysctl flag CTLFLAG_TUN to loader tunables).
MFC after: 2 days
Differential Revision: https://reviews.freebsd.org/D41981
Fix route(8) incorrectly returning a zero exit code even when unable to
find the specified route with route -n get <route>.
Reviewed by: kp
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D41882
The rtnetlink(4) RTM_GETADDR does not list link level addresses, thus
the correct match for interfaces that have a link level address should
be based on what was returned by RTM_GETLINK.
Reviewed by: melifaro
Differential Revision: https://reviews.freebsd.org/D41586
When matching interfaces for being Ethernet, use same trick that
the link module does - pass if_type through convert_iftype().
That restores historicaly behaviour of listing lagg(4) ports.
Reviewed by: melifaro
Differential Revision: https://reviews.freebsd.org/D41585
This affects only ifconfig(8) compiled WITHOUT_NETLINK_SUPPORT, which
is not the default.
Reviewed by: melifaro
Differential Revision: https://reviews.freebsd.org/D41584
Fixes: d1cd0344f7
This module allows controlled privilege escallation via mac labels
securely associated with a process via mac_veriexec.
There are over 700 PRIV_* but we can compress many of them into
a single GBL_* thus constraining the size of gbl labels.
The goal is to allow a daemon to run as an unprivileged process while
still being able a set of privileged operations needed.
We add APIs to libveriexec so that userland processes can check labels
and an exec_script API that allows a suitably labeled process to run
something like a python interpreter directly if necessary;
overcomming the 'indirect' flag applied to the interpreter.
Add -l option to sbin/veriexec to report labels.
Reviewed by: stevek
Sponsored by: Juniper Networks, Inc.
Differential Revision: https://reviews.freebsd.org/D41431
The mount subcommand currently produces output such as:
# bectl mount <bootenv>
Successfully mounted <bootenv> at <mountpoint>
This commit changes it to only print the mountpoint:
# bectl mount <bootenv>
<mountpoint>
This makes it easier to script the mount subcommand. If an error occurs
while mounting, an error message is printed to stderr and bectl will
exit with a non-zero value.
PR: 273180
Reviewed by: kevans, asomers
Differential Revision: https://reviews.freebsd.org/D41562
9600 was a standard baud rate decades ago, but 115200 is now more common
so choose defaults that are useful to the largest number of users.
Note that boot0sio does not support rates above 9600 so it remains
unchanged.
Reviewed by: bz, imp, manu
Relnotes: Yes
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D36295
In setups without hints whatsoever one can get a long list of
"Can't read linker hints file" error messages during boot.
Add a -q/--quiet option which would suppress the noise and leave
space for more essential information.
While here switch to a pre-defined exit code from sysexits.
MFC after: 4 weeks
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D41443
When listing anchors pfctl lists both 'regular' layer 3 anchors and
Ethernet anchors. It's possible to have the same anchor name in both,
which can be confusing.
Mitigate this a little by explicitly marking where the Ethernet anchors
start. Avoid breaking scripts by only doing this at the second level
of verbosity.
Sponsored by: Rubicon Communications, LLC ("Netgate")
In 4849767cb1, we did a large refactor of the md5(1) source code.
One of them is that instead of reading data using read(2) syscall, we
are using binary stream input (fread(3)).
fread(3) requires additional Capsicum capabilities:
sha256 CAP operation requires CAP_FSTAT, descriptor holds CAP_READ
sha256 RET fstat -1 errno 93 Capabilities insufficient
Reviewed by: des
Differential Revision: https://reviews.freebsd.org/D41348
Delete note that UFS/FFS filesystems running with journaled soft updates
cannot run background fsck as 344b5bf made it possible to do so.
MFC-with: 344b5bf
Sponsored-by: The FreeBSD Foundation
Previously dumpfs(8) exited when a cylinder group read failed (such
as a cylinder-group check-hash failure). Now an error message
indicating the cylinder group number and the type of failure is
printed and the output continues for the remaining cylinder groups.
MFC-after: 1 week
Sponsored-by: The FreeBSD Foundation
An earlier addition of code to fsck_ffs(8) allowed it to support
snapshots when running with journalled soft updates. Further
functionality has now been added to fsck_ffs(8) to allow it to use
snapshots to run in background on live filesystems running with
journaled soft updates. This commit enables the use of this functionality.
Tested-by: Peter Holm
Sponsored-by: The FreeBSD Foundation
MFC-after: 2 weeks
A new command, quitclean, is added to fsdb(8) to request that the
filesystem not be marked as needing a full fsck(8). This is useful
when creating deliberately bad filesystem images to be used to check
that fsck is properly able to clean them up.
MFC-after: 1 week
Sponsored-by: The FreeBSD Foundation
Until this update, the fsdb(8) command always marked a filesystem
as needing a full fsck unless it was run with the -n flag which
allowed no changes to be made.
This change tracks modifications to the filesystem. Two types of
changes are tracked. The first type of changes are those that are
not critical to the integrity of the filesystem such as changes to
owner, group, time stamps, access mode, and generation number. The
second type of changes are those that do affect the integrity of
the filesystem including zeroing inodes, changing block pointers,
directory entries, link counts, file lengths, file types, and file
flags.
When quitting having made no changes or only changes to data that
is not critical to filesystem integrity, the clean state of the
filesystem is left unchanged. But if filesystem critical data are
changed then fsdb will set the unclean flag which will require a
full fsck to be run before the filesystem can be mounted.
MFC-after: 1 week
Sponsored-by: The FreeBSD Foundation
Basic state tracking for SCTP. This means we scan through the packet to
identify the different chunks (so we can identify state changes).
MFC after: 3 weeks
Sponsored by: Orange Business Services
Differential Revision: https://reviews.freebsd.org/D40862
The capabilities in if_capabilities2/if_capenable2 are reported in the
second 32b and were not being displayed correctly. v does not need to
be advanced because v[i / 32] is the correct 32b value already.
Sponsored by: Chelsio Communications
Reviewed by: kib@
Differential Revision: https://reviews.freebsd.org/D41107
beadm will recursively promote deep BE datasets. In order to match the
beadm behavior, we need to recursively iterate over child filesystems
and promote them along the way.
This patch further refines the work from D40903, completing the fix for
promotion.
Reviewed by: kevans, rew
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D40972
This matches the beadm behavior; generally, we need to keep promoting
until the BE is no longer a clone from a snapshot. This fixes scenarios
where the dataset associated with a BE's origin is itself a clone,
activating the BE previously would promote it to a clone of the origin's
origin.
We could keep using be_get_dataset_props here, except for two
annoyances:
1.) I couldn't find a clean way to just clear an nvlist rather than
having to re-alloc it, and I didn't want to just remove the one prop
we're inspecting out of it.
2.) That's a lot of overhead when all we want to do is fetch the origin
anyways.
Note that this is not a complete fix, but it does fix the majority of
cases; deep BE subordinates are still notably broken, pending a patch
from Christian.
Reported by: R. Christian McDonald <rcm@rcm.sh>
Reviewed by: rew
Differential Revision: https://reviews.freebsd.org/D40903
Only i386 still uses a 32-bit time_t. I knew this, and I still failed
to compile-test on i386. My bad.
Reported by: cy
Fixes: c210cac00f ("dhclient: fix time parsing for leases...")
Sponsored by: Dell EMC Isilon
Convert lease parsing to timegm to calculate timestamp. For reference, when
writing the lease, we use gmtime to convert the timestamp to struct tm.
Reviewed By: markj, vangyzen
MFC after: 2 weeks
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D40760
This will allow the latter to be removed, reducing the boilerplate
needed for a new libcompat.
Reviewed by: kib, brooks, jhb
Differential Revision: https://reviews.freebsd.org/D40933
In most cases, usage does not return, so mark them as __dead2. For the
cases where they do return, they have not been marked __dead2.
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/735
The function that uses nextnum expects to return a u_int32_t, not a mere
int, so let's make nextnum a u_int32_t instead.
Note: retained current u_int32_t style, since the rest of the file uses
it.
Reviewed by: imp, mckusick
Pull Request: https://github.com/freebsd/freebsd-src/pull/734
Because fnmatch has no side effects, we can safely avoid calling fnmatch
if the end result does not matter anyway (the compiler cannot see this,
so it calls fnmatch in the event it has side-effects).
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/747
I have several environments, and at least one of them fails to build
because bool is undefined. Since we use bool, always include stdbool.h
rather than relying on any indirect definitions to pull it in.
Sponsored by: Netflix
Remove a set but never used variable, and use the protocol variable for
its intended purpose.
Sponsored by: Netflix
Reviewed by: mav
Differential Revision: https://reviews.freebsd.org/D40528
camcontrol(8) says that -S to start at a different offset implies that
we're using the 12 byte command. But really, we're using the 10-byte
command. Fix this by setting use_12byte for -S.
Sponsored by: Netflix
Reviewed by: mav
Differential Revision: https://reviews.freebsd.org/D40526
We don't need to count the number of lists requested. Instead, use the
more general form of checking to see if any of the non-defect format
bits are set. Also, check summary boolean to control summary reporting
behavior.
Sponsored by: Netflix
Reviewed by: mav
Differential Revision: https://reviews.freebsd.org/D40524
We can or in the the list_format bits directly if we or in the
list_format when we look it up the first time. Free up CAM_ARG_[PG]LIST
from the CAM_ARG_xxx enum.
Sponsored by: Netflix
Reviewed by: mav (I made his suggested change)
Differential Revision: https://reviews.freebsd.org/D40523
We always start out using the 10-byte version of READ DEFECT DATA, and
then switch to 12-byte when necessary due to errors or data length
requirements. We always need to get the length again when we do this,
and we're always going to be using 12-byte commands from that point
forward. Simplify the logic a bit based on this observation.
Sponsored by: Netflix
Reviewed by: mav
Differential Revision: https://reviews.freebsd.org/D40522
Remove CAM_ARG_FORMAT_{BLOCK,BLI,PHYS} since they are not used. Label
all the unused CAM_ARG_ bits as unused in comments to make them stand
out.
Sponsored by: Netflix
Reviewed by: mav
Differential Revision: https://reviews.freebsd.org/D40520
Both ic_flags values are unsigned (uint32_t), so cast them to a signed
int to generate a signed result. Both ic_req values are also
unsigned, but since they are uint16_t, they are implicitly promited to
int before the subtraction.
Reported by: GCC -Wsign-compare
Reviewed by: emaste
Differential Revision: https://reviews.freebsd.org/D40610
The if_flags and if_cap fields hold a bitmask of flags. If a flag is
the MSB of the field, then the logic in setifflags and setifcap which
uses a < 0 check does the wrong thing (it tries to clear the flag
rather than setting it). Also, trying to use -<FOO> doesn't actually
work as the result is a nop. To fix, stop overloading setifcap and
setifflags and instead add new dedicated action functions clearifcap
and clearifflags for clearing a flag. The value passed in the
argument to the command is now always the raw flag.
This was reported by a GCC warning after raising WARNS:
sbin/ifconfig/ifconfig.c:2061:33: error: integer overflow in expression '-2147483648' of type 'int' results in '-2147483648' [-Werror=overflow]
2061 | DEF_CMD("-txtlsrtlmt", -IFCAP_TXTLS_RTLMT, setifcap),
| ^
Reviewed by: emaste
Differential Revision: https://reviews.freebsd.org/D40608
The "nconnect" NFS mount option will not work
correctly for servers where the TCP connections
might connect to different NFS clusters that do not
share NFSv4.1/4.2 state information, such as file locks.
This patch adds a sentence to the "nconnect" section
of mount_nfs.8 noting this case.
This is a content change.
Reviewed by: karels, pauamma_gundo.com (manpages)
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D40547
rc.suspend has gained an rcorder keyword recently. Document it alongside
the existing resume keyword.
Reviewed By: mhorne, Pau Amma <pauamma@gundo.com>
Differential Revision: https://reviews.freebsd.org/D40484
This change exports interface capabilities using the standard
Netlink attribute type, bitset, and switches `ifconfig(8)` to use
it when displaying interface data.
Bitset comes in two representations. The first one is "compact",
where the bits are exported via two arrays - "mask" listing the
"valid" bits and "values, providing the values for those bits.
The second one is more verbose, listing each bit as a separate item,
with its name, id and value. The latter option is handy when submitting
update requests.
The support for setting capabilities will be added in the upcoming diffs.
Differential Revision: https://reviews.freebsd.org/D40331
It is hard to reason about the contents of 'ifr' at any given time
as nearly every function sets random fields or pointers in this
structure.
Use local on-stack clean 'struct ifreq' for each function instead.
Reviewed by: kp
Differential Revision: https://reviews.freebsd.org/D40534
MFC after: 2 weeks
Remove "goto charg" from the action parser.
This is a prerequisite for the further split of the gigantic
compile_rule().
Differential Revision: https://reviews.freebsd.org/D40490
MFC after: 2 weeks