Previously when printing the sysctl description (via the -d flag) we
omitted the newline if the node provided no description (i.e., NULL).
This could be observed via e.g. `sysctl -d dev`.
PR: 44034
Reviewed by: zlei
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D42112
In mount_nfs.c the -t option is deprecated and advises to use
timeout=<N> instead. However, since that refers to NFS over UDP, which
is not used nowadays, mark this option as deprecated in the man page.
PR: 260611
Suggested by: rmacklem
A PF rule using an IPv4 address followed by an IPv6 address and then a
dynamic address, e.g. "pass from {192.0.2.1 2001:db8::1} to (pppoe0)",
will have an incorrect /32 mask applied to the dynamic address.
MFC after: 3 weeks
Obtained from: OpenBSD
See also: https://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/007_pfctl.patch.sig
Sponsored by: Rubicon Communications, LLC ("Netgate")
Event: Oslo Hackathon at Modirum
We have overused err(1), so it's hard to distinguish when an error is
very, very serious, and when it's just a user-error, or even harmless.
This patch changes the current behaviour to distinguish between the
following three:
1 for usage errors
2 for recoverable errors
3 or higher for unrecoverable errors
Reviewed by: jilles, pauamma_gundo.com, des
Differential Revision: https://reviews.freebsd.org/D27161
The EXAMPLES mis-comments caused an obnoxious amount of blank space
above SEE ALSO when rendered by mandoc to a terminal. The missing
termination of .Xo meant the description of -h ran together with the
subcommand synopsis. The other changes were generally ignored tags due
to context that simply don't need to be there.
Provoked by: grahamperrin
Move the descriptions of loader tunables from section 'SYSCTL VARIABLES'
to section 'LOADER TUNABLES'.
See also 49197c391b (ipfw: Add sysctl flag CTLFLAG_TUN to loader tunables).
MFC after: 2 days
Differential Revision: https://reviews.freebsd.org/D41981
Fix route(8) incorrectly returning a zero exit code even when unable to
find the specified route with route -n get <route>.
Reviewed by: kp
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D41882
The rtnetlink(4) RTM_GETADDR does not list link level addresses, thus
the correct match for interfaces that have a link level address should
be based on what was returned by RTM_GETLINK.
Reviewed by: melifaro
Differential Revision: https://reviews.freebsd.org/D41586
When matching interfaces for being Ethernet, use same trick that
the link module does - pass if_type through convert_iftype().
That restores historicaly behaviour of listing lagg(4) ports.
Reviewed by: melifaro
Differential Revision: https://reviews.freebsd.org/D41585
This affects only ifconfig(8) compiled WITHOUT_NETLINK_SUPPORT, which
is not the default.
Reviewed by: melifaro
Differential Revision: https://reviews.freebsd.org/D41584
Fixes: d1cd0344f7
This module allows controlled privilege escallation via mac labels
securely associated with a process via mac_veriexec.
There are over 700 PRIV_* but we can compress many of them into
a single GBL_* thus constraining the size of gbl labels.
The goal is to allow a daemon to run as an unprivileged process while
still being able a set of privileged operations needed.
We add APIs to libveriexec so that userland processes can check labels
and an exec_script API that allows a suitably labeled process to run
something like a python interpreter directly if necessary;
overcomming the 'indirect' flag applied to the interpreter.
Add -l option to sbin/veriexec to report labels.
Reviewed by: stevek
Sponsored by: Juniper Networks, Inc.
Differential Revision: https://reviews.freebsd.org/D41431
The mount subcommand currently produces output such as:
# bectl mount <bootenv>
Successfully mounted <bootenv> at <mountpoint>
This commit changes it to only print the mountpoint:
# bectl mount <bootenv>
<mountpoint>
This makes it easier to script the mount subcommand. If an error occurs
while mounting, an error message is printed to stderr and bectl will
exit with a non-zero value.
PR: 273180
Reviewed by: kevans, asomers
Differential Revision: https://reviews.freebsd.org/D41562
9600 was a standard baud rate decades ago, but 115200 is now more common
so choose defaults that are useful to the largest number of users.
Note that boot0sio does not support rates above 9600 so it remains
unchanged.
Reviewed by: bz, imp, manu
Relnotes: Yes
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D36295
In setups without hints whatsoever one can get a long list of
"Can't read linker hints file" error messages during boot.
Add a -q/--quiet option which would suppress the noise and leave
space for more essential information.
While here switch to a pre-defined exit code from sysexits.
MFC after: 4 weeks
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D41443
When listing anchors pfctl lists both 'regular' layer 3 anchors and
Ethernet anchors. It's possible to have the same anchor name in both,
which can be confusing.
Mitigate this a little by explicitly marking where the Ethernet anchors
start. Avoid breaking scripts by only doing this at the second level
of verbosity.
Sponsored by: Rubicon Communications, LLC ("Netgate")
In 4849767cb1, we did a large refactor of the md5(1) source code.
One of them is that instead of reading data using read(2) syscall, we
are using binary stream input (fread(3)).
fread(3) requires additional Capsicum capabilities:
sha256 CAP operation requires CAP_FSTAT, descriptor holds CAP_READ
sha256 RET fstat -1 errno 93 Capabilities insufficient
Reviewed by: des
Differential Revision: https://reviews.freebsd.org/D41348
Delete note that UFS/FFS filesystems running with journaled soft updates
cannot run background fsck as 344b5bf made it possible to do so.
MFC-with: 344b5bf
Sponsored-by: The FreeBSD Foundation
Previously dumpfs(8) exited when a cylinder group read failed (such
as a cylinder-group check-hash failure). Now an error message
indicating the cylinder group number and the type of failure is
printed and the output continues for the remaining cylinder groups.
MFC-after: 1 week
Sponsored-by: The FreeBSD Foundation
An earlier addition of code to fsck_ffs(8) allowed it to support
snapshots when running with journalled soft updates. Further
functionality has now been added to fsck_ffs(8) to allow it to use
snapshots to run in background on live filesystems running with
journaled soft updates. This commit enables the use of this functionality.
Tested-by: Peter Holm
Sponsored-by: The FreeBSD Foundation
MFC-after: 2 weeks
A new command, quitclean, is added to fsdb(8) to request that the
filesystem not be marked as needing a full fsck(8). This is useful
when creating deliberately bad filesystem images to be used to check
that fsck is properly able to clean them up.
MFC-after: 1 week
Sponsored-by: The FreeBSD Foundation
Until this update, the fsdb(8) command always marked a filesystem
as needing a full fsck unless it was run with the -n flag which
allowed no changes to be made.
This change tracks modifications to the filesystem. Two types of
changes are tracked. The first type of changes are those that are
not critical to the integrity of the filesystem such as changes to
owner, group, time stamps, access mode, and generation number. The
second type of changes are those that do affect the integrity of
the filesystem including zeroing inodes, changing block pointers,
directory entries, link counts, file lengths, file types, and file
flags.
When quitting having made no changes or only changes to data that
is not critical to filesystem integrity, the clean state of the
filesystem is left unchanged. But if filesystem critical data are
changed then fsdb will set the unclean flag which will require a
full fsck to be run before the filesystem can be mounted.
MFC-after: 1 week
Sponsored-by: The FreeBSD Foundation
Basic state tracking for SCTP. This means we scan through the packet to
identify the different chunks (so we can identify state changes).
MFC after: 3 weeks
Sponsored by: Orange Business Services
Differential Revision: https://reviews.freebsd.org/D40862
The capabilities in if_capabilities2/if_capenable2 are reported in the
second 32b and were not being displayed correctly. v does not need to
be advanced because v[i / 32] is the correct 32b value already.
Sponsored by: Chelsio Communications
Reviewed by: kib@
Differential Revision: https://reviews.freebsd.org/D41107
beadm will recursively promote deep BE datasets. In order to match the
beadm behavior, we need to recursively iterate over child filesystems
and promote them along the way.
This patch further refines the work from D40903, completing the fix for
promotion.
Reviewed by: kevans, rew
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D40972
This matches the beadm behavior; generally, we need to keep promoting
until the BE is no longer a clone from a snapshot. This fixes scenarios
where the dataset associated with a BE's origin is itself a clone,
activating the BE previously would promote it to a clone of the origin's
origin.
We could keep using be_get_dataset_props here, except for two
annoyances:
1.) I couldn't find a clean way to just clear an nvlist rather than
having to re-alloc it, and I didn't want to just remove the one prop
we're inspecting out of it.
2.) That's a lot of overhead when all we want to do is fetch the origin
anyways.
Note that this is not a complete fix, but it does fix the majority of
cases; deep BE subordinates are still notably broken, pending a patch
from Christian.
Reported by: R. Christian McDonald <rcm@rcm.sh>
Reviewed by: rew
Differential Revision: https://reviews.freebsd.org/D40903
Only i386 still uses a 32-bit time_t. I knew this, and I still failed
to compile-test on i386. My bad.
Reported by: cy
Fixes: c210cac00f ("dhclient: fix time parsing for leases...")
Sponsored by: Dell EMC Isilon
Convert lease parsing to timegm to calculate timestamp. For reference, when
writing the lease, we use gmtime to convert the timestamp to struct tm.
Reviewed By: markj, vangyzen
MFC after: 2 weeks
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D40760
This will allow the latter to be removed, reducing the boilerplate
needed for a new libcompat.
Reviewed by: kib, brooks, jhb
Differential Revision: https://reviews.freebsd.org/D40933
In most cases, usage does not return, so mark them as __dead2. For the
cases where they do return, they have not been marked __dead2.
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/735
The function that uses nextnum expects to return a u_int32_t, not a mere
int, so let's make nextnum a u_int32_t instead.
Note: retained current u_int32_t style, since the rest of the file uses
it.
Reviewed by: imp, mckusick
Pull Request: https://github.com/freebsd/freebsd-src/pull/734
Because fnmatch has no side effects, we can safely avoid calling fnmatch
if the end result does not matter anyway (the compiler cannot see this,
so it calls fnmatch in the event it has side-effects).
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/747
I have several environments, and at least one of them fails to build
because bool is undefined. Since we use bool, always include stdbool.h
rather than relying on any indirect definitions to pull it in.
Sponsored by: Netflix
Remove a set but never used variable, and use the protocol variable for
its intended purpose.
Sponsored by: Netflix
Reviewed by: mav
Differential Revision: https://reviews.freebsd.org/D40528
camcontrol(8) says that -S to start at a different offset implies that
we're using the 12 byte command. But really, we're using the 10-byte
command. Fix this by setting use_12byte for -S.
Sponsored by: Netflix
Reviewed by: mav
Differential Revision: https://reviews.freebsd.org/D40526
We don't need to count the number of lists requested. Instead, use the
more general form of checking to see if any of the non-defect format
bits are set. Also, check summary boolean to control summary reporting
behavior.
Sponsored by: Netflix
Reviewed by: mav
Differential Revision: https://reviews.freebsd.org/D40524
We can or in the the list_format bits directly if we or in the
list_format when we look it up the first time. Free up CAM_ARG_[PG]LIST
from the CAM_ARG_xxx enum.
Sponsored by: Netflix
Reviewed by: mav (I made his suggested change)
Differential Revision: https://reviews.freebsd.org/D40523
We always start out using the 10-byte version of READ DEFECT DATA, and
then switch to 12-byte when necessary due to errors or data length
requirements. We always need to get the length again when we do this,
and we're always going to be using 12-byte commands from that point
forward. Simplify the logic a bit based on this observation.
Sponsored by: Netflix
Reviewed by: mav
Differential Revision: https://reviews.freebsd.org/D40522
Remove CAM_ARG_FORMAT_{BLOCK,BLI,PHYS} since they are not used. Label
all the unused CAM_ARG_ bits as unused in comments to make them stand
out.
Sponsored by: Netflix
Reviewed by: mav
Differential Revision: https://reviews.freebsd.org/D40520
Both ic_flags values are unsigned (uint32_t), so cast them to a signed
int to generate a signed result. Both ic_req values are also
unsigned, but since they are uint16_t, they are implicitly promited to
int before the subtraction.
Reported by: GCC -Wsign-compare
Reviewed by: emaste
Differential Revision: https://reviews.freebsd.org/D40610
The if_flags and if_cap fields hold a bitmask of flags. If a flag is
the MSB of the field, then the logic in setifflags and setifcap which
uses a < 0 check does the wrong thing (it tries to clear the flag
rather than setting it). Also, trying to use -<FOO> doesn't actually
work as the result is a nop. To fix, stop overloading setifcap and
setifflags and instead add new dedicated action functions clearifcap
and clearifflags for clearing a flag. The value passed in the
argument to the command is now always the raw flag.
This was reported by a GCC warning after raising WARNS:
sbin/ifconfig/ifconfig.c:2061:33: error: integer overflow in expression '-2147483648' of type 'int' results in '-2147483648' [-Werror=overflow]
2061 | DEF_CMD("-txtlsrtlmt", -IFCAP_TXTLS_RTLMT, setifcap),
| ^
Reviewed by: emaste
Differential Revision: https://reviews.freebsd.org/D40608
The "nconnect" NFS mount option will not work
correctly for servers where the TCP connections
might connect to different NFS clusters that do not
share NFSv4.1/4.2 state information, such as file locks.
This patch adds a sentence to the "nconnect" section
of mount_nfs.8 noting this case.
This is a content change.
Reviewed by: karels, pauamma_gundo.com (manpages)
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D40547
rc.suspend has gained an rcorder keyword recently. Document it alongside
the existing resume keyword.
Reviewed By: mhorne, Pau Amma <pauamma@gundo.com>
Differential Revision: https://reviews.freebsd.org/D40484
This change exports interface capabilities using the standard
Netlink attribute type, bitset, and switches `ifconfig(8)` to use
it when displaying interface data.
Bitset comes in two representations. The first one is "compact",
where the bits are exported via two arrays - "mask" listing the
"valid" bits and "values, providing the values for those bits.
The second one is more verbose, listing each bit as a separate item,
with its name, id and value. The latter option is handy when submitting
update requests.
The support for setting capabilities will be added in the upcoming diffs.
Differential Revision: https://reviews.freebsd.org/D40331
It is hard to reason about the contents of 'ifr' at any given time
as nearly every function sets random fields or pointers in this
structure.
Use local on-stack clean 'struct ifreq' for each function instead.
Reviewed by: kp
Differential Revision: https://reviews.freebsd.org/D40534
MFC after: 2 weeks
Remove "goto charg" from the action parser.
This is a prerequisite for the further split of the gigantic
compile_rule().
Differential Revision: https://reviews.freebsd.org/D40490
MFC after: 2 weeks