{,ipv6_}static_routes and rc.d/routing. For example:
static_routes="foo bar:em0"
route_foo="-net 10.0.0.0/24 -gateway 192.168.2.1"
route_bar="-net 192.168.1.0/24 -gateway 192.168.0.2"
At boot time, all of the static routes are installed as before.
The differences are:
- "/etc/rc.d/netif start/stop <if>" now configures static routes
with :<if> if any.
- "/etc/rc.d/routing start/stop <af> <if>" works as well. <af> cannot be
omitted when <if> is specified, but a keyword "any" or "all" can be used
for <af> and <if>.
debug files for userland programs and libraries. The "-g" debug flag
is automatically applied when WITH_DEBUG_FILES is set.
The debug files are now named ${prog}.debug and ${shlib}.debug for
consistency with other systems and documentation. In addition they are
installed under /usr/lib/debug, to simplify the process of installing
them if needed after a crash. Users of bsd.{prog,lib}.mk outside of the
base system place the standalone debug files in a .debug subdirectory.
GDB automatically searches both of these directories for standalone
debug files.
Thanks to everyone who contributed changes, review, and testing during
development.
apply to most jails but do apply to vnet jails. This includes adding
a new sysctl "security.jail.vnet" to identify vnet jails.
PR: conf/149050
Submitted by: mdodd
MFC after: 3 days
Add netif as a requirement of syslogd to get lo0 up. Currently, this
doesn't affect the rc order, because mountcritremote already depends on
netif.
Reviewed by: eadler
Approved by: kenm (mentor)
MFC after: 2 weeks
- Use the absolute pathname for ip6addrctl.
- Use "install" instead of "add" to reduce the number of invocations.
Reported by: Tatsuki Makino [*]
PR: conf/175006 [*]
MFC after: 1 week
upcoming 3.3 release (branching and freezing expected in a few weeks).
Preliminary release notes can be found at the usual location:
<http://llvm.org/docs/ReleaseNotes.html>
An MFC is planned once the actual 3.3 release is finished.
The rules themselves typically have shell-like patterns and it is
incorrect when they get replaced with matching filesystem entries.
Shell magic by: jilles
MFC after: 2 weeks
There are three situations where the sysctl script is called:
1. "start", very early
2. "lastload", near the end of rc
3. "reload", at admin request while the system is booted
Ignore unknown OIDs in situation 1 because kernel modules may not be loaded
yet and complain about them in situations 2 and 3.
PR: conf/174595
Submitted by: Olivier Smedts
space configured for rc.d/dumpon to designate for dumping -- then exit
silently rather than with a
> realpath: /dev/dumpdev: No such file or directory
error message.
An argument could be made that we should print a (more informative) warning
message; but given that under the same conditions the rc.d/dumpon script will
already print a
> No suitable dump device was found
warning, it seems that printing an additional
> Dump device does not exist. Savecore not run.
warning would be superfluous.
than number as is done in install so as to differ binding of names to
ids.
Remove the -W flag from the mtree command so that the correct user and
group is recorded rather than the default.
targets to be run without root privilege.
Information about ownership, group, flags, and suid bits are stored in
the file specified by METALOG which defaults to ${DESTDIR}/METALOG.
This file can be used in conjunction with bsdtar or makefs to generate
archives or file system images with correct permissions.
The packageworld target has been altered to use this metadata allowing
non-root releases (subject to further changes in release/Makefile.)
Sponsored by: DARPA, AFRL
Reviewed by: ian, ray
"ln -sfh <bar> <foo>" or the links would fail when a valid link to a
directly was in place at <foo>.
Reported by: peter
Tested by: peter
Pointy hat to: brooks
refactor the link section of distrib-dirs to alwasy install to a full
path (the link contents remain relative as they should).
Eliminate the use of the "rm -r[f] <foo>; ln -s <bar> <foo>" pattern in
favor of "ln -sf <bar> <foo>". None of these links could be directories
on a system installed in the last decade.
Sponsored by: DARPA, AFRL
Reviewed by: mtree
mtree in a shell loop so there is only one mtree commandline. Move the
implementation of LOCAL_MTREE into etc/Makefile.
Sponsored by: DARPA, AFRL
Reviewed by: mtree :)
Do this per jail started, not per address. This will allow DAD to complete
and services to properly start. Before we have seen problems with services
trying to start before the IPv6 address was available to use and thus
erroring and failing to start.
MFC after: 3 days
installing. This allows things like running installworld for 10-CURRENT
on a 9.0-RELEASE system without adding extra users and groups to the
passwd and group files.
To prevent potentially risky uid/gid mismatches on systems with
non-standard local values, require that DESTDIR be set if DB_FROM_SRC is
set.
Sponsored by: DARPA, AFRL
Reviewed by: peter
This prevents unprivileged users to lock too much memory.
- Set memorylocked limit to 64Mb for daemon login class.
Some daemons such as amd(8) and watchdogd(8) calls mlockall(2) on
startup, they are run from init(8) which uses daemon login class.
- Set memorylocked limit to unlimited for root login class.
Suggested by: avg
Approved by: kib (mentor)
MFC after: 1 week
be kept around to the 10 most recent ones.
Add UPDATING entry with info how to return to the previous behaviour (no
limits).
Obtained from: WHEEL Systems
provide dump directory. Eliminate this redundant argument. This changes
the usage, but the only risk here is that a warning will be printed
about directory given as device.
- Update usage of -C option.
- When clearing dump header from the given device there is also no need to
provide dump directory, although additional arguments for -c were not
documented.
- Document that -v can be used with -c and that list of devices can be given.
Obtained from: WHEEL Systems
The XC900M acts as a Ubiquiti XR9 (and I _think_ SR9) by default;
it uses the same 900MHz<->2.4GHz downconverter mapping.
However it has an alternative frequency mapping which squeezes in a couple
more half/quarter rate channels. Since the default HAL doesn't support
fractional tuning (sub-1MHz) in 2.4GHz mode on the AR5413/AR5414, they
implement it using a jumper.
Datasheet: http://www.xagyl.com/download/XC900M_Datasheet.pdf
Thankyou to Xagyl Communications for the XC900M NICs and Edgar Martinez
for organising the donation.
Tested:
* XC900M <-> XC900M
* Ubiquiti XR9 <-> XC900M
TODO:
* Test against SR9 and GZ901 if possible (the IEEE channel<->frequency
mapping may not match up, thanks to the slightly different channels
involved)
auditdistd (distributed audit daemon) to the build:
- Manual cross references
- Makefile for auditdistd
- rc.d script, rc.conf entrie
- New group and user for auditdistd; associated aliases, etc.
The audit trail distribution daemon provides reliable,
cryptographically protected (and sandboxed) delivery of audit tails
from live clients to audit server hosts in order to both allow
centralised analysis, and improve resilience in the event of client
compromises: clients are not permitted to change trail contents
after submission.
Submitted by: pjd
Sponsored by: The FreeBSD Foundation (auditdistd)
It also doesn't work with make -s.
Prefer the use of builtin make features.
PR: misc/126312
Reported by: Nejc Skoberne <nejc@skoberne.net>
Submitted by: bdrewery
Approved by: cperciva
MFC after: 1 week
Since I've committed this I've receieved roughly an equal
amount of email thanking me for making this change
and asking me to revert it.
I've resisted making this change because
new users tend to prefer less over more
and these users are the least likely to know
how to change the PAGER on their own.
Requested by: many
Objected to: just as many
Decision made by: core
Approved by: cperciva
MFC after: 3 days
floppies.
Its unlikely that anyone actually uses these or cares about these
anymore, since we support other floppy types and this change doesn't
hurt - just add it.
PR: conf/40777
Submitted by: Antti Kantee <pooka@cubical.fi>
Arrival-Date: Fri Jul 19 08:50:02 PDT 2002
Approved by: cperciva (implicit)
MFC after: 1 week
but committing it helps to get everyone on the same page and makes
sure we make progress.
Tinderbox breakages that are the result of this commit are entirely
the committer's fault -- in other words: buildworld testing on amd64
only.
Credits follow:
Submitted by: Garrett Cooper <yanegomi@gmail.com>
Sponsored by: Isilon Systems
Based on work by: keramida@
Thanks to: gnn@, mdf@, mlaier@, sjg@
Special thanks to: keramida@
local.9600. Whilst the actual binary termios(4) definitions and preceeding
comments for local.9600 indicate that parity is disabled, getty(8)
internally simulates parity based on the presence or absence of the 'np'
flag.
PR: conf/76226
Submitted by: peter
Approved by: grog (co-mentor)
MFC after: 1 month
GIANT from VFS. In addition, disconnect also netsmb, which is a base
requirement for SMBFS.
In the while SMBFS regular users can use FUSE interface and smbnetfs
port to work with their SMBFS partitions.
Also, there are ongoing efforts by vendor to support in-kernel smbfs,
so there are good chances that it will get relinked once properly locked.
This is not targeted for MFC.
GIANT from VFS. This code is particulary broken and fragile and other
in-kernel implementations around, found in other operating systems,
don't really seem clean and solid enough to be imported at all.
If someone wants to reconsider in-kernel NTFS implementation for
inclusion again, a fair effort for completely fixing and cleaning it
up is expected.
In the while NTFS regular users can use FUSE interface and ntfs-3g
port to work with their NTFS partitions.
This is not targeted for MFC.
GIANT from VFS. In addition, disconnect also netncp, which is a base
requirement for NWFS.
In the possibility of a future maintenance of the code and later
readd to the FreeBSD base, maybe we should think about a better location
for netncp. I'm not entirely sure the / top location is actually right,
however I will let network people to comment on that more specifically.
This is not targeted for MFC.
umsX character device returns a read error. Update devd.conf rules
to use "DEVFS" events which are generated after that the umsX
character device node has been created/destroyed, and then there
should be no need for moused to wait up to 10 seconds for umsX to
be ready. Opening umsX should not fail except if the kernel is low
on memory. In that case the user can replug the USB mouse or use
"usbconfig" to reset the device. In case of USB mouse devices,
moused should neither retry to open its character device,
once the first read error has happened. This is an indication
of device detach.
MFC after: 1 week
Trying to determine current lowest C-state after an AC event is racy
with C-states actually being changed by ACPI platform and kernel driver.
MFC after: 3 weeks
systems are fully "ready to go".
'FILESYSTEMS' states: "This is a dummy dependency, for services which
require file systems to be mounted before starting." However, we have
'var' which is was run after 'FILESYSTEMS' and can mount /var if it
already isn't mounted. Furthermore, several scripts cannot use /var
until 'cleanvar' has done its thing. Thus "FILESYSTEMS" hasn't really
meant all critical file systems are fully usable.
gives machine unique values from the firmware.
* The kernel is more likely to be unique than /bin/ls (but no need to
stuff many megabytes into /dev/random, so hash it).
* Change ordering to give larger variance across reboots to reduce
predictability.
r128060 for "hardware-supplied entropy" reversed this without reason,
seems a typo.
* Isolate "better than nothing" implementation to a function.
Submitted by: obrien & Arthur Mesh <arthurmesh@gmail.com>
Sponsored by: Juniper Networks
- Add -P option to support PID file. When -a is specified /var/run/rarpd.pid
is used, and when an interface is specified /var/run/rarpd.<ifname>.pid is
used by default.
Adjust power_profile script to handle the new world order as well.
Some vendors are opting out of a C2 state and only defining C1 & C3. This
leads the acpi_cpu display to indicate that the machine supports C1 & C2
which is caused by the (mis)use of the index of the cx_state array as the
ACPI_STATE_CX value.
e.g. the code was pretending that cx_state[i] would
always convert to i by subtracting 1.
cx_state[2] == ACPI_STATE_C3
cx_state[1] == ACPI_STATE_C2
cx_state[0] == ACPI_STATE_C1
however, on certain machines this would lead to
cx_state[1] == ACPI_STATE_C3
cx_state[0] == ACPI_STATE_C1
This didn't break anything but led to a display of:
* dev.cpu.0.cx_supported: C1/1 C2/96
Instead of
* dev.cpu.0.cx_supported: C1/1 C3/96
MFC after: 2 weeks
thing it was still used for was to set the "global default" password
hash. Since the stock auth.conf contained nothing but comments, the
global default was actually the first algorithm in crypt(3)'s list,
which happens to be DES; I take the fact that nobody noticed as proof
that it was not used outside of crypt(3).
The only other use in our tree was in the Kerberos support code in
in tinyware's passwd(1). I removed that code in an earlier commit;
it would not have compiled anyway, as it only supported Kerberos IV.
The auth_getval() function is now a stub that always returns NULL,
which has the same effect as a functional auth_getval() with an
empty auth.conf.
MFC after: 3 weeks
to the build system. FreeBSD written scripts are stored in
src/share and the toolkit scripts are brought from the cddl directory
into a working tree via install.
MFC after: 2 weeks
The NAND Flash environment consists of several distinct components:
- NAND framework (drivers harness for NAND controllers and NAND chips)
- NAND simulator (NANDsim)
- NAND file system (NAND FS)
- Companion tools and utilities
- Documentation (manual pages)
This work is still experimental. Please use with caution.
Obtained from: Semihalf
Supported by: FreeBSD Foundation, Juniper Networks
o change rcname to kfd;
o move mandatory options to command_args;
o add missing "shutdown" keyword;
o fix require line. Kfd doesn't really need to be started before
daemons.
Suggested by: dougb
if the accounting log file is atomically replaced with a new file
(such as during log rotation).
- Simplify accounting log rotation a bit. There is no need to re-run
accton(8) after renaming the new log file to it's real name.
PR: kern/167321
Tested by: Jeremy Chadwick
- make the default prompt a bit more like scp
- make the user show as root even when using 'su' instead of 'su -'
- the key bindings didn't hurt anything but likely hide a bug
- merge history instead of overwriting it
Submitted by: gavin, joel
Approved by: cperciva
- Add an examples file with many of the not accepted suggestions from the discussion
PR: conf/160689
Reviewed by: many
Discussed on: current
Approved by: cperciva
several new kerberos related libraries and applications to FreeBSD:
o kgetcred(1) allows one to manually get a ticket for a particular service.
o kf(1) securily forwards ticket to another host through an authenticated
and encrypted stream.
o kcc(1) is an umbrella program around klist(1), kswitch(1), kgetcred(1)
and other user kerberos operations. klist and kswitch are just symlinks
to kcc(1) now.
o kswitch(1) allows you to easily switch between kerberos credentials if
you're running KCM.
o hxtool(1) is a certificate management tool to use with PKINIT.
o string2key(1) maps a password into key.
o kdigest(8) is a userland tool to access the KDC's digest interface.
o kimpersonate(8) creates a "fake" ticket for a service.
We also now install manpages for some lirbaries that were not installed
before, libheimntlm and libhx509.
- The new HEIMDAL version no longer supports Kerberos 4. All users are
recommended to switch to Kerberos 5.
- Weak ciphers are now disabled by default. To enable DES support (used
by telnet(8)), use "allow_weak_crypto" option in krb5.conf.
- libtelnet, pam_ksu and pam_krb5 are now compiled with error on warnings
disabled due to the function they use (krb5_get_err_text(3)) being
deprecated. I plan to work on this next.
- Heimdal's KDC now require sqlite to operate. We use the bundled version
and install it as libheimsqlite. If some other FreeBSD components will
require it in the future we can rename it to libbsdsqlite and use for these
components as well.
- This is not a latest Heimdal version, the new one was released while I was
working on the update. I will update it to 1.5.2 soon, as it fixes some
important bugs and security issues.
If the environment doesn't offer a working /dev/console, the existing
version of init(8) will simply refuse running rc(8) scripts. This means
you'll only have a system running init(8) and nothing else.
Change the code to do the following:
- Open /dev/console like we used to do, but make it more robust to use
O_NONBLOCK to prevent blocking on a carrier.
- If this fails, use /dev/null as stdin and /var/log/init.log as stdout
and stderr.
- If even this fails, use /dev/null as stdin, stdout and stderr.
So why us this useful? Well, if you remove the `getpid() == 1' check in
main(), you can now use init(8) inside jails to properly execute rc(8).
It still requires some polishing, as existing tools assume init(8) has
PID 1.
Also it is now possible to use use init(8) on `headless' devices that
don't even have a serial boot console.
If rc(8) is executed without using a TTY, this error appears at the
beginning:
stty: stdin isn't a terminal
Because this is to be expected and of course not harmful, it is better
to simply hide the error message.
MFC after: 1 week
for the default FIB followed by a statement with a list of FIB numbers for
all the other FIBs we install the routes for.
Request by: kib (to make it less noisy)
Tested by: kib
MFC after: 3 days
Without this change, pressing ^T could result in rc.d script putting
junk strings like:
Script <filename> running
in configuration files when redirecting standard output to these files.
MFC after: 2 weeks
certain systems that take a long time to shut down, without adversely
affecting things that shut down quickly. It's also 30 seconds less than
the default hard limit of 120 seconds in kern.init_shutdown_timeout.
PR: conf/109272
Submitted by: Radim Kolar SF.NET <hsn@sendmail.cz>
Extend the so far IPv4-only support for multiple routing tables (FIBs)
introduced in r178888 to IPv6 providing feature parity.
This includes an extended rtalloc(9) KPI for IPv6, the necessary
adjustments to the network stack, and user land support as in netstat.
Sponsored by: Cisco Systems, Inc.
Reviewed by: melifaro (basically)
MFC after: 10 days
- Address performance regressions encountered by das@ by caching per-thread
data in TLS where available.
- Add a __NO_TLS flag to cdefs.h to indicate where not available.
- Reorganise the xlocale.h definitions into xlocale/*.h so that they can be
included from multiple places.
- Export the POSIX2008 subset of xlocale when POSIX2008 says it should be
exported, independently of whether xlocale.h is included.
- Fix the bug where programs using ctype functions always assumed ASCII unless
recompiled.
- Fix some style(9) violations.
Reviewed by: brooks (mentor)
Approved by: dim (mentor)
1. Add new functionality to the force_depend method to incorporate the
tests for whether the service is enabled and/or already running.
2. Add a new option to bypass checking only that the service is enabled
at boot time, and always check if it is running.
3. Use this new functionality to greatly simplify the rc.d scripts that
use force_depend.
4. Add a force_depend for statd in lockd
5. Remove the check that either nfs_server or nfs_client is _enable'd
from statd and lockd. This was always overkill, and prevented using
the {one|force}start options, as well as stop'ing on the command line.
6. The yp* scripts had some of their arguments in various weird orders.
Bring them into line with the model.
7. If mountd fails to create /var/db/mountdtab, err out.
Ideas, suggestions, and/or review from delphij and jilles.
Pointy hats are completely my responsibility however.
The main benefit is that watchdogd would shutdown after most of other
daemons/servers and thus, for example, would remedy a system hang caused
by unlucky X server shutdown.
Reviewed by: dougb (earlier version)
MFC after: 2 weeks
This has the following advantages:
- During boot, the BOOT_TIME record is now written right after the file
systems become writable, but before users are allowed to log in. This
means that they can't cause `hidden logins' by logging in right before
init(8) kicks in.
- The pututxline(3) function may potentially block on file locking,
though this is very rare to occur. By placing it in an rc script, the
user can still kill it with ^C if needed.
- Most importantly: jails don't use init(8). This means that a force
reboot of a system running jails will leave stale entries in the
accounting database of the jails individually.
of rcorder. Somehow in the intervening period addswap got moved to the
very end, which is almost certainly not what we want.
This change moves it to right after kld so that for users who need it,
they'll get it ASAP.
side effect of something else using them. If they haven't been loaded
already but you want to use them, say for configuring a jail, you're out
of luck.
So add a knob to always load the default rulesets. While I'm here document
the other devfs_ knobs in rc.conf.5.
- ipv6_enable + ipv6_gateway_enable should unset ACCEPT_RTADV by default for
backward compatibility.
- Configurations in ipv6_prefix_IF should be recognized even if there is no
ifconfig_IF_ipv6.
- DAD wait should be performed at once, not on a per-interface basis, if
possible. This fixes an issue that a system with a lot of IPv6-capable
interfaces takes too long for booting.
MFC after: 1 week
creating stray "log" symlinks if the mount fails. That apparently
happens in some ezjail configs.
PR: conf/143084
Submitted by: Dirk Engling <erdgeist at erdgeist.org>
Reviewed by: simon
MFC after: 2 weeks
dhclient is no longer a real service, it is a helper script
for /etc/rc.d/netif and devd. Its direct invocation isn't
needed to bring the network up.
Approved by: jhb
The concept of set_rcvar() was nice in theory, but the forks
it creates are a drag on the startup process, which is especially
noticeable on slower systems, such as embedded ones.
assignments to the literal values it would have returned.
The concept of set_rcvar() was nice in theory, but the forks
it creates are a drag on the startup process, which is especially
noticeable on slower systems, such as embedded ones.
During the discussion on freebsd-rc@ a preference was expressed for
using ${name}_enable instead of the literal values. However the
code portability concept doesn't really apply since there are so
many other places where the literal name has to be searched for
and replaced. Also, using the literal value is also a tiny bit
faster than dereferencing the variables, and every little bit helps.
Document the current semantics of the 'quiet' command prefix
in the rc.subr(8).
Fix dhclient rc.d script: it should not call err() for
non-DHCP-enabled interface when it is called from devd, because the
latter just blindly calls 'service dhclient quietstart' on each "link
up" event.
Since the 'quietstart' will silence the message "Cannot 'start' <foo>.
Set <foo>_enable to YES in /etc/rc.conf or use 'onestart' instead of
'start'." and running dhclient on the non-DHCP-enabled interface is
the same thing as running the service <foo> without <foo>_enable set,
such modification is in sync with the current semantics of the 'quiet'
prefix.
Approved by: glebius
Reviewed by: freebsd-rc list
MFC after: 2 weeks
o Make the pfsync.ko actually usable. Before this change loading it
didn't register protosw, so was a nop. However, a module /boot/kernel
did confused users.
o Rewrite the way we are joining multicast group:
- Move multicast initialization/destruction to separate functions.
- Don't allocate memory if we aren't going to join a multicast group.
- Use modern API for joining/leaving multicast group.
- Now the utterly wrong pfsync_ifdetach() isn't needed.
o Move module initialization from SYSINIT(9) to moduledata_t method.
o Refuse to unload module, unless asked forcibly.
o Improve a bit some FreeBSD porting code:
- Use separate malloc type.
- Simplify swi sheduling.
This change is probably wrong from VIMAGE viewpoint, however pfsync
wasn't VIMAGE-correct before this change, too.
Glanced at by: bz
with FreeBSD easier for vendors.
- For optional files use variables starting with underscore.
Both changes make rc.d/Makefile look similar to sys/modules/Makefile.
Reviewed by: dim
MK_LIBCPLUSPLUS=yes to enable). This is a work-in-progress. It works for
me, but is not guaranteed to work for anyone else and may eat your dog.
To build C++ using libc++, add -stdlib=libc++ to your CXX and LD flags.
Bug reports welcome, bug fixes even more welcome...
Approved by: dim (mentor)
only 1 old file to be saved, so fix this. Problem raised in the PR,
but actually required a different solution.
While I'm here, fix a very old off-by-one error causing 1 more file
than specified in daily_accounting_save to be saved because acct.0
was not taken into account (pun intended). Change that, and use a more
thorough method of finding old files to delete. Partly just because this
is the right thing to do, but also to silently fix the extra log that
would have been left behind forever with the previous method.
PR: conf/160848
Submitted by: Andrey Zonov <andrey@zonov.org>
the /etc/rc.d/nfsd script sets vfs.nfsd.server_max_nfsvers to 3.
Then, when you set nfsv4_server_enable=YES in rc.conf, and restart nfsd
via the rc.d script, without rebooting, the sysctl does *not* get reset
to max version 4, so NFSv4 still doesn't work.
Fix this by explicitly setting vfs.nfsd.server_max_nfsvers to 4 when
NFSv4 is requested.
I also added resetting of the nfs_privport sysctls, since this has the
same issue: nfs_reserved_port_only=YES in rc.conf sets the nfs_privport
sysctl to 1, but in the other case, the sysctl doesn't get reset to 0.
Reviewed by: rmacklem
Silence from: rc@
MFC after: 3 days
Variable 'rc_force' is accessible only at the time of rc_run_command,
so it can't be examined from the script's main code.
Spotted by: hrs
Reviewed by: hrs, des
Approved by: des
MFC after: 2 weeks
the logic (true/false) of the matching.
- Add "!usbus[0-9]+" to IFNET ATTACH notification handler in the default
devd.conf to prevent rc.d/netif from running when usbus[0-9]+ is attached.
Reviewed by: imp
Make sure that static ARP and NDP bindings are set before NETWORKING.
As static_ndp is based on static_arp, pass copyright to the project with
permission of the original author (delphij@).
Reviewed by: delphij@FreeBSD.org
MFC after: 3 days
for interfaces which were not configured for DHCP *unless* rc_force was set;
the correct logic is to run dhclient for those interfaces *only if* rc_force
is set.
Broken by: des@
Noticed by: everybody and his dog
Submitted by: rea@
PR: bin/161733
too-thorough cleanup of unused files, in r213695. Also make sure these
get installed under /usr/share/doc.
Submitted by: rwatson, brooks
Pointy hat to: dim
MFC after: 3 days
(r225485). When setting an interface name to it, the following
configurations will be enabled:
1. "no_radr" is set to all IPv6 interfaces automatically.
2. "-no_radr accept_rtadv" will be set only for $ipv6_cpe_wanif. This is
done just before evaluating $ifconfig_IF_ipv6 in the rc.d scripts (this
means you can manually supersede this configuration if necessary).
3. The node will add RA-sending routers to the default router list
even if net.inet6.ip6.forwarding=1.
This mode is added to conform to RFC 6204 (a router which connects
the end-user network to a service provider network). To enable
packet forwarding, you still need to set ipv6_gateway_enable=YES.
Note that accepting router entries into the default router list when
packet forwarding capability and a routing daemon are enabled can
result in messing up the routing table. To minimize such unexpected
behaviors, "no_radr" is set on all interfaces but $ipv6_cpe_wanif.
Approved by: re (bz)
comment out the NIS _compat options by default, but leave them in
the file for the convenience of users who want to enable it.
Update the comment in the file accordingly.
Reviewed by: ed
Approved by: re (hrs)
We already modify various configuration files in /etc based on build
configuration. This is not done for nsswitch.conf right now when setting
WITHOUT_NIS. This breaks various utilities, including crond, that depend
on working databases.
Approved by: re (kib)
MFC after: 1 month
Print a separate "Additional routing options" line for each address family
which has additional options, so that it does not get mixed up with the
output from adding routes.
This also reverts r224048 which added newlines to two arbitrary routing
options.
