aboutsummaryrefslogtreecommitdiff
path: root/sbin
diff options
context:
space:
mode:
Diffstat (limited to 'sbin')
-rw-r--r--sbin/Makefile11
-rw-r--r--sbin/Makefile.amd641
-rw-r--r--sbin/camcontrol/Makefile2
-rw-r--r--sbin/camcontrol/camcontrol.877
-rw-r--r--sbin/camcontrol/camcontrol.c17
-rw-r--r--sbin/camcontrol/camcontrol.h3
-rw-r--r--sbin/camcontrol/depop.c297
-rw-r--r--sbin/devd/devd.88
-rw-r--r--sbin/devd/devd.conf.511
-rw-r--r--sbin/devfs/devfs.rules3
-rw-r--r--sbin/devmatch/devmatch.83
-rw-r--r--sbin/fsck_ffs/dir.c1
-rw-r--r--sbin/fsck_ffs/inode.c18
-rw-r--r--sbin/fsck_msdosfs/dir.c17
-rw-r--r--sbin/geom/core/geom.c17
-rw-r--r--sbin/geom/core/geom.h13
-rw-r--r--sbin/growfs/growfs.c5
-rw-r--r--sbin/ifconfig/Makefile1
-rw-r--r--sbin/ifconfig/af_inet.c11
-rw-r--r--sbin/ifconfig/af_inet6.c3
-rw-r--r--sbin/ifconfig/ifconfig.86
-rw-r--r--sbin/ifconfig/ifconfig.c19
-rw-r--r--sbin/ifconfig/ifconfig.h3
-rw-r--r--sbin/ifconfig/ifstf.c152
-rw-r--r--sbin/ipf/ipfstat/Makefile2
-rw-r--r--sbin/iscontrol/Makefile14
-rw-r--r--sbin/iscontrol/Makefile.depend21
-rw-r--r--sbin/iscontrol/auth_subr.c206
-rw-r--r--sbin/iscontrol/config.c382
-rw-r--r--sbin/iscontrol/fsm.c759
-rw-r--r--sbin/iscontrol/iscontrol.8141
-rw-r--r--sbin/iscontrol/iscontrol.c264
-rw-r--r--sbin/iscontrol/iscontrol.h167
-rw-r--r--sbin/iscontrol/login.c442
-rw-r--r--sbin/iscontrol/misc.c228
-rw-r--r--sbin/iscontrol/pdu.c178
-rw-r--r--sbin/kldstat/kldstat.c261
-rw-r--r--sbin/ldconfig/Makefile1
-rw-r--r--sbin/ldconfig/elfhints.c19
-rw-r--r--sbin/ldconfig/ldconfig.86
-rw-r--r--sbin/ldconfig/ldconfig.c67
-rw-r--r--sbin/ldconfig/ldconfig.h5
-rw-r--r--sbin/mount/Makefile2
-rw-r--r--sbin/mount/mount.814
-rw-r--r--sbin/mount/mount.c153
-rw-r--r--sbin/mount_fusefs/mount_fusefs.86
-rw-r--r--sbin/natd/icmp.c1
-rw-r--r--sbin/natd/natd.c1
-rw-r--r--sbin/nvmecontrol/identify.c12
-rw-r--r--sbin/nvmecontrol/identify_ext.c32
-rw-r--r--sbin/pfctl/parse.y183
-rw-r--r--sbin/pfctl/pfctl.c57
-rw-r--r--sbin/pfctl/pfctl.h2
-rw-r--r--sbin/pfctl/pfctl_parser.c16
-rw-r--r--sbin/pfctl/pfctl_parser.h9
-rw-r--r--sbin/ping/main.c14
-rw-r--r--sbin/ping/main.h20
-rw-r--r--sbin/ping/ping.c10
-rw-r--r--sbin/ping/ping6.c20
-rw-r--r--sbin/ping/tests/ping_test.sh58
-rw-r--r--sbin/sconfig/Makefile2
-rw-r--r--sbin/sconfig/sconfig.85
-rw-r--r--sbin/sconfig/sconfig.c5
-rw-r--r--sbin/spppcontrol/Makefile9
-rw-r--r--sbin/spppcontrol/Makefile.depend17
-rw-r--r--sbin/spppcontrol/spppcontrol.8275
-rw-r--r--sbin/spppcontrol/spppcontrol.c266
-rw-r--r--sbin/veriexec/veriexec.c2
68 files changed, 1279 insertions, 3774 deletions
diff --git a/sbin/Makefile b/sbin/Makefile
index 6d6b647651ad..69cf51a83e26 100644
--- a/sbin/Makefile
+++ b/sbin/Makefile
@@ -53,7 +53,6 @@ SUBDIR=adjkerntz \
nfsiod \
nos-tun \
pfilctl \
- ping \
rcorder \
reboot \
recoverdisk \
@@ -63,12 +62,15 @@ SUBDIR=adjkerntz \
savecore \
setkey \
shutdown \
- spppcontrol \
swapon \
sysctl \
tunefs \
umount
+.if ${MK_INET} != "no" || ${MK_INET6} != "no"
+SUBDIR+= ping
+.endif
+
SUBDIR.${MK_CCD}+= ccdconfig
SUBDIR.${MK_CXX}+= devd
SUBDIR.${MK_HAST}+= hastctl
@@ -77,7 +79,6 @@ SUBDIR.${MK_INET6}+= rtsol
SUBDIR.${MK_IPFILTER}+= ipf
SUBDIR.${MK_IPFW}+= ipfw
SUBDIR.${MK_IPFW}+= natd
-SUBDIR.${MK_ISCSI}+= iscontrol
SUBDIR.${MK_NVME}+= nvmecontrol
SUBDIR.${MK_OPENSSL}+= decryptcore
SUBDIR.${MK_PF}+= pfctl
@@ -94,10 +95,6 @@ SUBDIR.${MK_TESTS}+= tests
SUBDIR_PARALLEL=
-# Add architecture-specific manpages
-# to be included anyway
-MAN= sconfig/sconfig.8
-
.include <bsd.prog.mk>
.include <bsd.subdir.mk>
diff --git a/sbin/Makefile.amd64 b/sbin/Makefile.amd64
index 2d231b0cb2b0..4135c44082c9 100644
--- a/sbin/Makefile.amd64
+++ b/sbin/Makefile.amd64
@@ -2,3 +2,4 @@
SUBDIR += bsdlabel
SUBDIR += fdisk
+SUBDIR += sconfig
diff --git a/sbin/camcontrol/Makefile b/sbin/camcontrol/Makefile
index 3ed8b92372f8..958f37714662 100644
--- a/sbin/camcontrol/Makefile
+++ b/sbin/camcontrol/Makefile
@@ -5,7 +5,7 @@
PACKAGE=runtime
PROG= camcontrol
SRCS= camcontrol.c util.c
-SRCS+= attrib.c epc.c fwdownload.c modeedit.c persist.c progress.c timestamp.c zone.c
+SRCS+= attrib.c depop.c epc.c fwdownload.c modeedit.c persist.c progress.c timestamp.c zone.c
.if ${MK_NVME} != "no"
.PATH: ${SRCTOP}/sbin/nvmecontrol
CFLAGS+= -I${SRCTOP}/sbin/nvmecontrol -DWITH_NVME
diff --git a/sbin/camcontrol/camcontrol.8 b/sbin/camcontrol/camcontrol.8
index 9c128131d817..6f1d00269633 100644
--- a/sbin/camcontrol/camcontrol.8
+++ b/sbin/camcontrol/camcontrol.8
@@ -27,7 +27,7 @@
.\"
.\" $FreeBSD$
.\"
-.Dd August 6, 2019
+.Dd October 20, 2021
.Dt CAMCONTROL 8
.Os
.Sh NAME
@@ -366,6 +366,13 @@
.Ic devtype
.Op device id
.Nm
+.Ic depop
+.Op device id
+.Op generic args
+.Ao Fl l | Fl d | Fl r Ac
+.Op Fl e Ar elem
+.Op Fl c Ar capacity
+.Nm
.Ic help
.Sh DESCRIPTION
The
@@ -1085,18 +1092,8 @@ to print out the tagged queueing related fields of the XPT_GDEV_TYPE CCB:
This is the amount of capacity for transactions queued to a given device.
.It dev_active
This is the number of transactions currently queued to a device.
-.It devq_openings
-This is the kernel queue space for transactions.
-This count usually mirrors
-dev_openings except during error recovery operations when
-the device queue is frozen (device is not allowed to receive
-commands), the number of dev_openings is reduced, or transaction
-replay is occurring.
-.It devq_queued
-This is the number of transactions waiting in the kernel queue for capacity
-on the device.
-This number is usually zero unless error recovery is in
-progress.
+.It allocated
+This is the number of CCBs allocated for the device.
.It held
The held count is the number of CCBs held by peripheral drivers that have
either just been completed or are about to be released to the transport
@@ -2594,6 +2591,60 @@ Device type is unknown
.It illegal
A programming error occurred
.El
+.It Ic depop
+Commands necessary to support the depopulation (depop) of defective elements of a device
+(typically heads for hard drives) or setting capacity point (typically used on
+flash drives).
+Issues either GET PHYSICAL ELEMENT STATUS, REMOVE ELEMENT AND TRUNCATE, or RESTORE
+ELEMENT AND REBUILD command to manage storage elements of a drive.
+Removal or restoration of elements may take up to a day to complete.
+One of the
+.Fl d ,
+.Fl l ,
+or
+.Fl r
+options must be specified.
+These options are mutually exclusive.
+Only SCSI drives are supported.
+Changing the storage elements of a storage drive may result in the loss of all
+data on that storage drive.
+The drive may need to reinitialize after
+.Fl d
+or
+.Fl r
+commands.
+The data on the drive is inaccessible until one of these commands complete.
+Once one of these commands start, the drive is format corrupt until the
+operation successfully completes.
+While format corrupt, no read or write I/O is possible to the drive.
+If the drive power cycles, it will remain format corrupt and the operation
+must be restarted.
+TEST UNIT READY or
+.Dq camcontrol tur
+can monitor an in-progress depop operation.
+.Bl -tag -width 6n
+.It Fl c Ar capacity
+Specify the desired capacity point for the drive.
+Valid only for the
+.Fl d
+flag.
+.It Fl d
+Remove the physical element from service or set the capacity point specified by the
+.Fl e
+or
+.Fl c
+flags.
+The drive's capacity may be reduced by this operation.
+.It Fl e Ar element
+Specify the physical element to remove from service.
+Valid only for the
+.Fl d
+flag.
+.It Fl l
+Report the current status of the physical elements of a drive.
+.It Fl r
+Restore all the eligible physical elements to service.
+.El
.It Ic help
Print out verbose usage information.
.El
diff --git a/sbin/camcontrol/camcontrol.c b/sbin/camcontrol/camcontrol.c
index 69939715898e..facabbe2ecdc 100644
--- a/sbin/camcontrol/camcontrol.c
+++ b/sbin/camcontrol/camcontrol.c
@@ -111,6 +111,7 @@ typedef enum {
CAM_CMD_POWER_MODE,
CAM_CMD_DEVTYPE,
CAM_CMD_AMA,
+ CAM_CMD_DEPOP,
} cam_cmd;
typedef enum {
@@ -228,6 +229,7 @@ static struct camcontrol_opts option_table[] = {
{"zone", CAM_CMD_ZONE, CAM_ARG_NONE, "ac:l:No:P:"},
{"epc", CAM_CMD_EPC, CAM_ARG_NONE, "c:dDeHp:Pr:sS:T:"},
{"timestamp", CAM_CMD_TIMESTAMP, CAM_ARG_NONE, "f:mrsUT:"},
+ {"depop", CAM_CMD_DEPOP, CAM_ARG_NONE, "ac:de:ls"},
{"help", CAM_CMD_USAGE, CAM_ARG_NONE, NULL},
{"-?", CAM_CMD_USAGE, CAM_ARG_NONE, NULL},
{"-h", CAM_CMD_USAGE, CAM_ARG_NONE, NULL},
@@ -8138,6 +8140,8 @@ mmcsdcmd(struct cam_device *device, int argc, char **argv, char *combinedopt,
break;
default:
printf("No command-specific decoder for CMD %d\n", mmc_opcode);
+ if (mmc_data_len > 0)
+ hexdump(mmc_data, mmc_data_len, NULL, 0);
}
}
mmccmd_bailout:
@@ -9946,6 +9950,7 @@ usage(int printlong)
" camcontrol timestamp [dev_id][generic_args] <-r [-f format|-m|-U]>|\n"
" <-s <-f format -T time | -U >>\n"
" camcontrol devtype [dev_id]\n"
+" camcontrol depop [dev_id] [-d | -l | -r] [-e element] [-c capacity]\n"
" camcontrol mmcsdcmd [dev_id] [[-c mmc_opcode] [-a mmc_arg]\n"
" [-f mmc_flags] [-l data_len]\n"
" [-W [-b data_byte]]] |\n"
@@ -9999,6 +10004,7 @@ usage(int printlong)
"epc send ATA Extended Power Conditions commands\n"
"timestamp report or set the device's timestamp\n"
"devtype report the type of device\n"
+"depop manage drive storage elements\n"
"mmcsdcmd send the given MMC command, needs -c and -a as well\n"
"help this message\n"
"Device Identifiers:\n"
@@ -10208,6 +10214,12 @@ usage(int printlong)
"-f format the format of the time string passed into strptime(3)\n"
"-T time the time value passed into strptime(3)\n"
"-U set the timestamp of the device to UTC time\n"
+"depop arguments:\n"
+"-d remove an element from service\n"
+"-l list status of all elements of drive\n"
+"-r restore all elements to service\n"
+"-e elm element to remove\n"
+"-c capacity requested new capacity\n"
"mmcsdcmd arguments:\n"
"-c mmc_cmd MMC command to send to the card\n"
"-a mmc_arg Argument for the MMC command\n"
@@ -10631,6 +10643,11 @@ main(int argc, char **argv)
task_attr, retry_count, timeout,
arglist & CAM_ARG_VERBOSE);
break;
+ case CAM_CMD_DEPOP:
+ error = depop(cam_dev, argc, argv, combinedopt,
+ task_attr, retry_count, timeout,
+ arglist & CAM_ARG_VERBOSE);
+ break;
case CAM_CMD_USAGE:
usage(1);
break;
diff --git a/sbin/camcontrol/camcontrol.h b/sbin/camcontrol/camcontrol.h
index 85f2e8658fe8..b84587df7a3e 100644
--- a/sbin/camcontrol/camcontrol.h
+++ b/sbin/camcontrol/camcontrol.h
@@ -88,6 +88,9 @@ int epc(struct cam_device *device, int argc, char **argv, char *combinedopt,
int timestamp(struct cam_device *device, int argc, char **argv,
char *combinedopt, int task_attr, int retry_count, int timeout,
int verbosemode);
+int depop(struct cam_device *device, int argc, char **argv,
+ char *combinedopt, int task_attr, int retry_count, int timeout,
+ int verbosemode);
void mode_sense(struct cam_device *device, int *cdb_len, int dbd, int llbaa,
int pc, int page, int subpage, int task_attr, int retry_count,
int timeout, uint8_t *data, int datalen);
diff --git a/sbin/camcontrol/depop.c b/sbin/camcontrol/depop.c
new file mode 100644
index 000000000000..3dbd2ba5358d
--- /dev/null
+++ b/sbin/camcontrol/depop.c
@@ -0,0 +1,297 @@
+/*-
+ * Copyright (c) 2021 Netflix, Inc.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions, and the following disclaimer,
+ * without modification.
+ * 2. Redistributions in binary form must reproduce at minimum a disclaimer
+ * substantially similar to the "NO WARRANTY" disclaimer below
+ * ("Disclaimer") and any redistribution must be conditioned upon
+ * including a substantially similar Disclaimer requirement for further
+ * binary redistribution.
+ *
+ * NO WARRANTY
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDERS OR CONTRIBUTORS BE LIABLE FOR SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
+ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGES.
+ *
+ */
+/*
+ * SCSI disk depop (head depopulation) support
+ *
+ * The standard defines 'storage elements' as the generic way of referring to a
+ * disk drive head. Each storage element has an identifier and an active status.
+ * The health of an element can be querried. Active elements may be removed from
+ * service with a REMOVE ELEMENT AND TRUNCATE (RET) command. Inactive element
+ * may be returned to service with a RESTORE ELEMENTS AND REBUILD (RER)
+ * command. GET PHYSICAL ELEMENT STATUS (GPES) will return a list of elements,
+ * their health, whether they are in service, how much capacity the element is
+ * used for, etc.
+ *
+ * When a depop operation starts, the drive becomes format corrupt. No normal
+ * I/O can be done to the drive and a limited number of CDBs will
+ * succeed. Status can be obtained by either a TEST UNIT READY or a GPES
+ * command. A drive reset will not stop a depop operation, but a power cycle
+ * will. A failed depop operation will be reported when the next TEST UNIT READY
+ * is sent to the drive. Drives that are format corrupt after an interrupted
+ * operation need to have that operation repeated.
+ *
+ * 'depop' provides a wrapper around all these functions.
+ */
+
+#include <sys/cdefs.h>
+__FBSDID("$FreeBSD$");
+
+#include <sys/types.h>
+
+#include <err.h>
+#include <inttypes.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#include <cam/cam.h>
+#include <cam/cam_debug.h>
+#include <cam/cam_ccb.h>
+#include <cam/scsi/scsi_all.h>
+#include <cam/scsi/scsi_message.h>
+#include <camlib.h>
+#include <scsi_wrap.h>
+#include "camcontrol.h"
+
+enum depop_action {
+ DEPOP_NONE,
+ DEPOP_LIST,
+ DEPOP_RESTORE,
+ DEPOP_REMOVE,
+};
+
+static int
+depop_list(struct cam_device *device, int task_attr, int retry_count,
+ int timeout, int verbosemode __unused)
+{
+ int error = 0;
+ uint32_t dtors;
+ struct scsi_get_physical_element_hdr *hdr;
+ struct scsi_get_physical_element_descriptor *dtor_ptr;
+
+ hdr = scsi_wrap_get_physical_element_status(device, task_attr, retry_count, timeout,
+ SCSI_GPES_FILTER_ALL | SCSI_GPES_REPORT_TYPE_PHYS, 1);
+ if (hdr == NULL)
+ errx(1, "scsi_wrap_get_physical_element_status returned an error");
+
+ /*
+ * OK, we have the data, not report it out.
+ */
+ dtor_ptr = (struct scsi_get_physical_element_descriptor *)(hdr + 1);
+ dtors = scsi_4btoul(hdr->num_descriptors);
+ printf("Elem ID * Health Capacity\n");
+ for (uint32_t i = 0; i < dtors; i++) {
+ uint32_t id = scsi_4btoul(dtor_ptr[i].element_identifier);
+ uint8_t ralwd = dtor_ptr[i].ralwd;
+ uint8_t type = dtor_ptr[i].physical_element_type;
+ uint8_t health = dtor_ptr[i].physical_element_health;
+ uint64_t cap = scsi_8btou64(dtor_ptr[i].capacity);
+ if (type != GPED_TYPE_STORAGE)
+ printf("0x%08x -- type unknown %d\n", id, type);
+ else
+ printf("0x%08x %c 0x%02x %jd\n", id, ralwd ? '*' : ' ', health, cap);
+ }
+ printf("* -- Element can be restored\n");
+
+ free(hdr);
+ return (error);
+}
+
+static int
+depop_remove(struct cam_device *device, int task_attr, int retry_count,
+ int timeout, int verbosemode __unused, uint32_t elem, uint64_t capacity)
+{
+ union ccb *ccb;
+ int error = 0;
+
+ ccb = cam_getccb(device);
+ if (ccb == NULL) {
+ warnx("Can't allocate ccb");
+ return (1);
+ }
+ scsi_remove_element_and_truncate(&ccb->csio,
+ retry_count,
+ NULL,
+ task_attr,
+ capacity,
+ elem,
+ SSD_FULL_SIZE,
+ timeout);
+ /* Disable freezing the device queue */
+ ccb->ccb_h.flags |= CAM_DEV_QFRZDIS;
+ if (cam_send_ccb(device, ccb) < 0) {
+ warn("error sending GET PHYSICAL ELEMENT STATUS command");
+ error = 1;
+ goto out;
+ }
+
+ if ((ccb->ccb_h.status & CAM_STATUS_MASK) != CAM_REQ_CMP) {
+ cam_error_print(device, ccb, CAM_ESF_ALL,
+ CAM_EPF_ALL, stderr);
+ error = 1;
+ }
+
+out:
+ cam_freeccb(ccb);
+ return (error);
+}
+
+static int
+depop_restore(struct cam_device *device, int task_attr, int retry_count,
+ int timeout, int verbosemode __unused)
+{
+ union ccb *ccb;
+ int error = 0;
+
+ ccb = cam_getccb(device);
+ if (ccb == NULL) {
+ warnx("Can't allocate ccb");
+ return (1);
+ }
+ scsi_restore_elements_and_rebuild(&ccb->csio,
+ retry_count,
+ NULL,
+ task_attr,
+ SSD_FULL_SIZE,
+ timeout);
+
+ /* Disable freezing the device queue */
+ ccb->ccb_h.flags |= CAM_DEV_QFRZDIS;
+ if (cam_send_ccb(device, ccb) < 0) {
+ warn("error sending GET PHYSICAL ELEMENT STATUS command");
+ error = 1;
+ goto out;
+ }
+
+ if ((ccb->ccb_h.status & CAM_STATUS_MASK) != CAM_REQ_CMP) {
+ cam_error_print(device, ccb, CAM_ESF_ALL,
+ CAM_EPF_ALL, stderr);
+ error = 1;
+ }
+
+out:
+ cam_freeccb(ccb);
+ return (error);
+}
+
+#define MUST_BE_NONE() \
+ if (action != DEPOP_NONE) { \
+ warnx("Use only one of -d, -l, or -r"); \
+ error = 1; \
+ goto bailout; \
+ }
+
+int
+depop(struct cam_device *device, int argc, char **argv, char *combinedopt,
+ int task_attr, int retry_count, int timeout, int verbosemode)
+{
+ int c;
+ int action = DEPOP_NONE;
+ char *endptr;
+ int error = 0;
+ uint32_t elem = 0;
+ uint64_t capacity = 0;
+
+ while ((c = getopt(argc, argv, combinedopt)) != -1) {
+ switch (c) {
+ case 'c':
+ capacity = strtoumax(optarg, &endptr, 0);
+ if (*endptr != '\0') {
+ warnx("Invalid capacity: %s", optarg);
+ error = 1;
+ goto bailout;
+ }
+ break;
+ case 'e':
+ elem = strtoul(optarg, &endptr, 0);
+ if (*endptr != '\0') {
+ warnx("Invalid element: %s", optarg);
+ error = 1;
+ goto bailout;
+ }
+ break;
+ case 'd':
+ MUST_BE_NONE();
+ action = DEPOP_REMOVE;
+ break;
+ case 'l':
+ MUST_BE_NONE();
+ action = DEPOP_LIST;
+ break;
+ case 'r':
+ MUST_BE_NONE();
+ action = DEPOP_RESTORE;
+ break;
+ default:
+ break;
+ }
+ }
+
+ /*
+ * Compute a sane timeout if none given. 5 seconds for the list command
+ * and whatever the block device characteristics VPD says for other
+ * depop commands. If there's no value in that field, default to 1
+ * day. Experience has shown that these operations take the better part
+ * of a day to complete, so a 1 day timeout default seems appropriate.
+ */
+ if (timeout == 0 && action != DEPOP_NONE) {
+ if (action == DEPOP_LIST) {
+ timeout = 5 * 1000;
+ } else {
+ struct scsi_vpd_block_device_characteristics *bdc;
+
+ timeout = 24 * 60 * 60 * 1000; /* 1 day */
+ bdc = scsi_wrap_vpd_block_device_characteristics(device);
+ if (bdc != NULL) {
+ timeout = scsi_4btoul(bdc->depopulation_time);
+ }
+ free(bdc);
+ }
+ }
+
+ switch (action) {
+ case DEPOP_NONE:
+ warnx("Must specify one of -d, -l, or -r");
+ error = 1;
+ break;
+ case DEPOP_REMOVE:
+ if (elem == 0 && capacity == 0) {
+ warnx("Must specify at least one of -e and/or -c");
+ error = 1;
+ break;
+ }
+ error = depop_remove(device, task_attr, retry_count, timeout,
+ verbosemode, elem, capacity);
+ break;
+ case DEPOP_RESTORE:
+ error = depop_restore(device, task_attr, retry_count, timeout,
+ verbosemode);
+ break;
+ case DEPOP_LIST:
+ error = depop_list(device, task_attr, retry_count, timeout,
+ verbosemode);
+ break;
+ }
+
+bailout:
+
+ return (error);
+}
diff --git a/sbin/devd/devd.8 b/sbin/devd/devd.8
index fa05db734b88..77c8e4aac2fb 100644
--- a/sbin/devd/devd.8
+++ b/sbin/devd/devd.8
@@ -24,7 +24,7 @@
.\"
.\" $FreeBSD$
.\"
-.Dd October 5, 2016
+.Dd October 19, 2021
.Dt DEVD 8
.Os
.Sh NAME
@@ -115,10 +115,16 @@ option and uses that file to drive the rest of the process.
While the format of this file is described in
.Xr devd.conf 5 ,
some basics are covered here.
+.Pp
In the
.Ic options
section, one can define multiple directories to search
for config files.
+The default config file specifies
+.Pa /etc/devd
+and
+.Pa /usr/local/etc/devd
+as directories to search.
All files in these directories whose names match the pattern
.Pa *.conf
are parsed.
diff --git a/sbin/devd/devd.conf.5 b/sbin/devd/devd.conf.5
index f6579ac3f20f..dd9faa05c869 100644
--- a/sbin/devd/devd.conf.5
+++ b/sbin/devd/devd.conf.5
@@ -40,7 +40,7 @@
.\" ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
.\" SOFTWARE.
.\"
-.Dd June 23, 2021
+.Dd November 3, 2021
.Dt DEVD.CONF 5
.Os
.Sh NAME
@@ -604,6 +604,15 @@ Notification of a filesystem being unmounted.
.Pp
.Bl -column "System" "Subsystem" "1234567" -compact
.Sy "System" Ta Sy "Subsystem" Ta Sy "Type" Ta Sy "Description"
+.It Li VT Ta BELL Ta RING Ta
+Notification that the console bell has rung.
+See
+.Xr vt 4
+for details.
+.El
+.Pp
+.Bl -column "System" "Subsystem" "1234567" -compact
+.Sy "System" Ta Sy "Subsystem" Ta Sy "Type" Ta Sy "Description"
.It Li ZFS Ta ZFS Ta Ta
Events about the ZFS subsystem.
See
diff --git a/sbin/devfs/devfs.rules b/sbin/devfs/devfs.rules
index 01d8e5194c17..9543e20947d9 100644
--- a/sbin/devfs/devfs.rules
+++ b/sbin/devfs/devfs.rules
@@ -88,5 +88,8 @@ add path fuse unhide
add path zfs unhide
[devfsrules_jail_vnet=5]
+add include $devfsrules_hide_all
+add include $devfsrules_unhide_basic
+add include $devfsrules_unhide_login
add include $devfsrules_jail
add path pf unhide
diff --git a/sbin/devmatch/devmatch.8 b/sbin/devmatch/devmatch.8
index 914dacf58fdc..11cf844bef9f 100644
--- a/sbin/devmatch/devmatch.8
+++ b/sbin/devmatch/devmatch.8
@@ -23,7 +23,7 @@
.\"
.\" $FreeBSD$
.\"
-.Dd October 12, 2020
+.Dd November 21, 2021
.Dt DEVMATCH 8
.Os
.Sh NAME
@@ -67,6 +67,7 @@ tables with that PNP info can not be found.
Produce more verbose output.
.El
.Sh SEE ALSO
+.Xr rc.conf 5 ,
.Xr devinfo 8 ,
.Xr MODULE_PNP_INFO 9
.Sh HISTORY
diff --git a/sbin/fsck_ffs/dir.c b/sbin/fsck_ffs/dir.c
index e806f113ff16..42ecf4112253 100644
--- a/sbin/fsck_ffs/dir.c
+++ b/sbin/fsck_ffs/dir.c
@@ -132,7 +132,6 @@ dirscan(struct inodesc *idesc)
(size_t)dsize);
dirty(bp);
sbdirty();
- rerun = 1;
}
if (n & STOP)
return (n);
diff --git a/sbin/fsck_ffs/inode.c b/sbin/fsck_ffs/inode.c
index ba2d5892238e..dafc99bd92da 100644
--- a/sbin/fsck_ffs/inode.c
+++ b/sbin/fsck_ffs/inode.c
@@ -264,6 +264,8 @@ ino_blkatoff(union dinode *dp, ino_t ino, ufs_lbn_t lbn, int *frags,
int i;
*frags = 0;
+ if (bpp != NULL)
+ *bpp = NULL;
/*
* Handle extattr blocks first.
*/
@@ -300,6 +302,8 @@ ino_blkatoff(union dinode *dp, ino_t ino, ufs_lbn_t lbn, int *frags,
continue;
if (lbn > 0 && lbn >= next)
continue;
+ if (DIP(dp, di_ib[i]) == 0)
+ return (0);
return (indir_blkatoff(DIP(dp, di_ib[i]), ino, -cur - i, lbn,
bpp));
}
@@ -321,8 +325,6 @@ indir_blkatoff(ufs2_daddr_t blk, ino_t ino, ufs_lbn_t cur, ufs_lbn_t lbn,
ufs_lbn_t base;
int i, level;
- if (blk == 0)
- return (0);
level = lbn_level(cur);
if (level == -1)
pfatal("Invalid indir lbn %jd in ino %ju\n",
@@ -352,12 +354,14 @@ indir_blkatoff(ufs2_daddr_t blk, ino_t ino, ufs_lbn_t cur, ufs_lbn_t lbn,
return (0);
blk = IBLK(bp, i);
bp->b_index = i;
- if (bpp != NULL)
- *bpp = bp;
- else
- brelse(bp);
- if (cur == lbn)
+ if (cur == lbn || blk == 0) {
+ if (bpp != NULL)
+ *bpp = bp;
+ else
+ brelse(bp);
return (blk);
+ }
+ brelse(bp);
if (level == 0)
pfatal("Invalid lbn %jd at level 0 for ino %ju\n", lbn,
(uintmax_t)ino);
diff --git a/sbin/fsck_msdosfs/dir.c b/sbin/fsck_msdosfs/dir.c
index 471f6cc0335e..dbe4e0c7db2f 100644
--- a/sbin/fsck_msdosfs/dir.c
+++ b/sbin/fsck_msdosfs/dir.c
@@ -400,8 +400,21 @@ checksize(struct fat_descriptor *fat, u_char *p, struct dosDirEntry *dir)
if (dir->head == CLUST_FREE) {
physicalSize = 0;
} else {
- if (!fat_is_valid_cl(fat, dir->head))
- return FSERROR;
+ if (!fat_is_valid_cl(fat, dir->head) || !fat_is_cl_head(fat, dir->head)) {
+ pwarn("Directory entry %s of size %u referencing invalid cluster %u\n",
+ fullpath(dir), dir->size, dir->head);
+ if (ask(1, "Truncate")) {
+ p[28] = p[29] = p[30] = p[31] = 0;
+ p[26] = p[27] = 0;
+ if (boot->ClustMask == CLUST32_MASK)
+ p[20] = p[21] = 0;
+ dir->size = 0;
+ dir->head = CLUST_FREE;
+ return FSDIRMOD;
+ } else {
+ return FSERROR;
+ }
+ }
ret = checkchain(fat, dir->head, &chainsize);
/*
* Upon return, chainsize would hold the chain length
diff --git a/sbin/geom/core/geom.c b/sbin/geom/core/geom.c
index 58b33a067700..0202be9a063e 100644
--- a/sbin/geom/core/geom.c
+++ b/sbin/geom/core/geom.c
@@ -314,7 +314,7 @@ parse_arguments(struct g_command *cmd, struct gctl_req *req, int *argc,
struct g_option *opt;
char opts[64];
unsigned i;
- int ch;
+ int ch, vcount;
*opts = '\0';
if ((cmd->gc_flags & G_FLAG_VERBOSE) != 0)
@@ -336,17 +336,22 @@ parse_arguments(struct g_command *cmd, struct gctl_req *req, int *argc,
/*
* Add specified arguments.
*/
+ vcount = 0;
while ((ch = getopt(*argc, *argv, opts)) != -1) {
/* Standard (not passed to kernel) options. */
- switch (ch) {
- case 'v':
+ if (ch == 'v' && (cmd->gc_flags & G_FLAG_VERBOSE) != 0)
verbose = 1;
- continue;
- }
/* Options passed to kernel. */
opt = find_option(cmd, ch);
- if (opt == NULL)
+ if (opt == NULL) {
+ if (ch == 'v' && (cmd->gc_flags & G_FLAG_VERBOSE) != 0){
+ if (++vcount < 2)
+ continue;
+ else
+ warnx("Option 'v' specified twice.");
+ }
usage();
+ }
if (!G_OPT_ISMULTI(opt) && G_OPT_ISDONE(opt)) {
warnx("Option '%c' specified twice.", opt->go_char);
usage();
diff --git a/sbin/geom/core/geom.h b/sbin/geom/core/geom.h
index 89c5828c6429..38a99032f692 100644
--- a/sbin/geom/core/geom.h
+++ b/sbin/geom/core/geom.h
@@ -32,6 +32,19 @@
#define _GEOM_H_
#define G_LIB_VERSION 5
+/*
+ * The G_FLAG_VERBOSE flag on a command specification means that the
+ * comand will accept a -v option and the GEOM framework will print
+ * out status information after the command when it is run with -v.
+ * Additionally a GEOM command can explicitly specify a -v option and
+ * handle it as it would any other option. If both a -v option and
+ * G_FLAG_VERBOSE are specified for a command then both types of verbose
+ * information will be output when that command is run with -v.
+ *
+ * When the G_FLAG_LOADKLD is specified for a command, the GEOM kernel
+ * module will be loaded when that command is run if it has not yet been
+ * loaded. This flag is typically specified for the `create' command.
+ */
#define G_FLAG_NONE 0x0000
#define G_FLAG_VERBOSE 0x0001
#define G_FLAG_LOADKLD 0x0002
diff --git a/sbin/growfs/growfs.c b/sbin/growfs/growfs.c
index 510192dada0b..1f1bcf82c965 100644
--- a/sbin/growfs/growfs.c
+++ b/sbin/growfs/growfs.c
@@ -1503,7 +1503,10 @@ main(int argc, char **argv)
humanize_number(newsizebuf, sizeof(newsizebuf), size,
"B", HN_AUTOSCALE, HN_B | HN_NOSPACE | HN_DECIMAL);
- errx(1, "requested size %s is not larger than the current "
+ if (size == (uint64_t)(osblock.fs_size * osblock.fs_fsize))
+ errx(0, "requested size %s is equal to the current "
+ "filesystem size %s", newsizebuf, oldsizebuf);
+ errx(1, "requested size %s is smaller than the current "
"filesystem size %s", newsizebuf, oldsizebuf);
}
diff --git a/sbin/ifconfig/Makefile b/sbin/ifconfig/Makefile
index b178dc0c7e6a..c48375b8c6d9 100644
--- a/sbin/ifconfig/Makefile
+++ b/sbin/ifconfig/Makefile
@@ -24,6 +24,7 @@ SRCS+= af_inet6.c # IPv6 support
.endif
.if ${MK_INET6_SUPPORT} != "no"
SRCS+= af_nd6.c # ND6 support
+SRCS+= ifstf.c # STF configuration options
.endif
SRCS+= ifclone.c # clone device support
diff --git a/sbin/ifconfig/af_inet.c b/sbin/ifconfig/af_inet.c
index 3d44a4c0b992..c5c40de155d6 100644
--- a/sbin/ifconfig/af_inet.c
+++ b/sbin/ifconfig/af_inet.c
@@ -176,6 +176,16 @@ in_getaddr(const char *s, int which)
}
static void
+in_postproc(int s, const struct afswtch *afp, int newaddr, int ifflags)
+{
+ if (sintab[ADDR]->sin_len != 0 && sintab[MASK]->sin_len == 0 &&
+ newaddr && (ifflags & (IFF_POINTOPOINT | IFF_LOOPBACK)) == 0) {
+ warnx("WARNING: setting interface address without mask "
+ "is deprecated,\ndefault mask may not be correct.");
+ }
+}
+
+static void
in_status_tunnel(int s)
{
char src[NI_MAXHOST];
@@ -222,6 +232,7 @@ static struct afswtch af_inet = {
.af_af = AF_INET,
.af_status = in_status,
.af_getaddr = in_getaddr,
+ .af_postproc = in_postproc,
.af_status_tunnel = in_status_tunnel,
.af_settunnel = in_set_tunnel,
.af_difaddr = SIOCDIFADDR,
diff --git a/sbin/ifconfig/af_inet6.c b/sbin/ifconfig/af_inet6.c
index 50568de4f148..08902b934ad8 100644
--- a/sbin/ifconfig/af_inet6.c
+++ b/sbin/ifconfig/af_inet6.c
@@ -419,7 +419,8 @@ sec2str(time_t total)
}
static void
-in6_postproc(int s, const struct afswtch *afp)
+in6_postproc(int s, const struct afswtch *afp, int newaddr __unused,
+ int ifflags __unused)
{
if (explicit_prefix == 0) {
/* Aggregatable address architecture defines all prefixes
diff --git a/sbin/ifconfig/ifconfig.8 b/sbin/ifconfig/ifconfig.8
index f183bc3dd66f..621e22452c59 100644
--- a/sbin/ifconfig/ifconfig.8
+++ b/sbin/ifconfig/ifconfig.8
@@ -28,7 +28,7 @@
.\" From: @(#)ifconfig.8 8.3 (Berkeley) 1/5/94
.\" $FreeBSD$
.\"
-.Dd April 29, 2021
+.Dd November 8, 2021
.Dt IFCONFIG 8
.Os
.Sh NAME
@@ -587,10 +587,10 @@ Note that this must be configured on a physical interface associated with
not on a
.Xr vlan 4
interface itself.
-.It Fl vlanmtu , vlanhwtag , vlanhwfilter , vlanhwtso
+.It Fl vlanmtu , vlanhwtag , vlanhwfilter , vlanhwcsum , vlanhwtso
If the driver offers user-configurable VLAN support, disable
reception of extended frames, tag processing in hardware,
-frame filtering in hardware, or TSO on VLAN,
+frame filtering in hardware, checksum offloading, or TSO on VLAN,
respectively.
.It Cm vxlanhwcsum , vxlanhwtso
If the driver offers user-configurable VXLAN support, enable inner checksum
diff --git a/sbin/ifconfig/ifconfig.c b/sbin/ifconfig/ifconfig.c
index 5e114b43c126..9e7d38d4c2a4 100644
--- a/sbin/ifconfig/ifconfig.c
+++ b/sbin/ifconfig/ifconfig.c
@@ -116,7 +116,7 @@ static void status(const struct afswtch *afp, const struct sockaddr_dl *sdl,
static void tunnel_status(int s);
static _Noreturn void usage(void);
-static int getifflags(const char *ifname, int us);
+static int getifflags(const char *ifname, int us, bool err_ok);
static struct afswtch *af_getbyname(const char *name);
static struct afswtch *af_getbyfamily(int af);
@@ -603,7 +603,7 @@ main(int argc, char *argv[])
if (iflen >= sizeof(name)) {
warnx("%s: interface name too long, skipping", ifname);
} else {
- flags = getifflags(name, -1);
+ flags = getifflags(name, -1, false);
if (!(((flags & IFF_CANTCONFIG) != 0) ||
(downonly && (flags & IFF_UP) != 0) ||
(uponly && (flags & IFF_UP) == 0)))
@@ -1000,7 +1000,7 @@ top:
* Do any post argument processing required by the address family.
*/
if (afp->af_postproc != NULL)
- afp->af_postproc(s, afp);
+ afp->af_postproc(s, afp, newaddr, getifflags(name, s, true));
/*
* Do deferred callbacks registered while processing
* command-line arguments.
@@ -1179,7 +1179,7 @@ setifdstaddr(const char *addr, int param __unused, int s,
}
static int
-getifflags(const char *ifname, int us)
+getifflags(const char *ifname, int us, bool err_ok)
{
struct ifreq my_ifr;
int s;
@@ -1192,8 +1192,10 @@ getifflags(const char *ifname, int us)
} else
s = us;
if (ioctl(s, SIOCGIFFLAGS, (caddr_t)&my_ifr) < 0) {
- Perror("ioctl (SIOCGIFFLAGS)");
- exit(1);
+ if (!err_ok) {
+ Perror("ioctl (SIOCGIFFLAGS)");
+ exit(1);
+ }
}
if (us < 0)
close(s);
@@ -1211,7 +1213,7 @@ setifflags(const char *vname, int value, int s, const struct afswtch *afp)
struct ifreq my_ifr;
int flags;
- flags = getifflags(name, s);
+ flags = getifflags(name, s, false);
if (value < 0) {
value = -value;
flags &= ~value;
@@ -1241,6 +1243,9 @@ setifcap(const char *vname, int value, int s, const struct afswtch *afp)
} else
flags |= value;
flags &= ifr.ifr_reqcap;
+ /* Check for no change in capabilities. */
+ if (ifr.ifr_curcap == flags)
+ return;
ifr.ifr_reqcap = flags;
if (ioctl(s, SIOCSIFCAP, (caddr_t)&ifr) < 0)
Perror(vname);
diff --git a/sbin/ifconfig/ifconfig.h b/sbin/ifconfig/ifconfig.h
index ea541c5e9257..2c0b8a100b0d 100644
--- a/sbin/ifconfig/ifconfig.h
+++ b/sbin/ifconfig/ifconfig.h
@@ -110,7 +110,8 @@ struct afswtch {
void (*af_getaddr)(const char *, int);
/* parse prefix method (IPv6) */
void (*af_getprefix)(const char *, int);
- void (*af_postproc)(int s, const struct afswtch *);
+ void (*af_postproc)(int s, const struct afswtch *,
+ int newaddr, int ifflags);
u_long af_difaddr; /* set dst if address ioctl */
u_long af_aifaddr; /* set if address ioctl */
void *af_ridreq; /* */
diff --git a/sbin/ifconfig/ifstf.c b/sbin/ifconfig/ifstf.c
new file mode 100644
index 000000000000..f6c3cb5d5447
--- /dev/null
+++ b/sbin/ifconfig/ifstf.c
@@ -0,0 +1,152 @@
+/*-
+ * Copyright 2013 Ermal Luci
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY WASABI SYSTEMS, INC. ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL WASABI SYSTEMS, INC
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <sys/param.h>
+#include <sys/ioctl.h>
+#include <sys/socket.h>
+#include <sys/sockio.h>
+
+#include <stdlib.h>
+#include <unistd.h>
+
+#include <net/ethernet.h>
+#include <net/if.h>
+#include <net/route.h>
+
+#include <netinet/in.h>
+#include <sys/mbuf.h>
+#include <net/if_stf.h>
+#include <arpa/inet.h>
+
+#include <ctype.h>
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <err.h>
+#include <errno.h>
+
+#include "ifconfig.h"
+
+static int
+do_cmd(int sock, u_long op, void *arg, size_t argsize, int set)
+{
+ struct ifdrv ifd;
+
+ memset(&ifd, 0, sizeof(ifd));
+
+ strlcpy(ifd.ifd_name, ifr.ifr_name, sizeof(ifd.ifd_name));
+ ifd.ifd_cmd = op;
+ ifd.ifd_len = argsize;
+ ifd.ifd_data = arg;
+
+ return (ioctl(sock, set ? SIOCSDRVSPEC : SIOCGDRVSPEC, &ifd));
+}
+
+static void
+stf_status(int s)
+{
+ struct stfv4args param;
+
+ if (do_cmd(s, STF6RD_GV4NET, &param, sizeof(param), 0) < 0)
+ return;
+
+ printf("\tv4net %s/%d -> ", inet_ntoa(param.srcv4_addr),
+ param.v4_prefixlen ? param.v4_prefixlen : 32);
+ printf("tv4br %s\n", inet_ntoa(param.braddr));
+}
+
+static void
+setstf_br(const char *val, int d, int s, const struct afswtch *afp)
+{
+ struct stfv4args req;
+ struct sockaddr_in sin;
+
+ memset(&req, 0, sizeof(req));
+
+ sin.sin_len = sizeof(sin);
+ sin.sin_family = AF_INET;
+
+ if (!inet_aton(val, &sin.sin_addr))
+ errx(1, "%s: bad value", val);
+
+ req.braddr = sin.sin_addr;
+ if (do_cmd(s, STF6RD_SBR, &req, sizeof(req), 1) < 0)
+ err(1, "STF6RD_SBR%s", val);
+}
+
+static void
+setstf_set(const char *val, int d, int s, const struct afswtch *afp)
+{
+ struct stfv4args req;
+ struct sockaddr_in sin;
+ const char *errstr;
+ char *p = NULL;
+
+ memset(&req, 0, sizeof(req));
+
+ sin.sin_len = sizeof(sin);
+ sin.sin_family = AF_INET;
+
+ p = strrchr(val, '/');
+ if (p == NULL)
+ errx(2, "Wrong argument given");
+
+ *p = '\0';
+ req.v4_prefixlen = (int)strtonum(p + 1, 0, 32, &errstr);
+ if (errstr != NULL || req.v4_prefixlen == 0) {
+ *p = '/';
+ errx(1, "%s: bad value (prefix length %s)", val, errstr);
+ }
+
+ if (!inet_aton(val, &sin.sin_addr))
+ errx(1, "%s: bad value", val);
+
+ memcpy(&req.srcv4_addr, &sin.sin_addr, sizeof(req.srcv4_addr));
+ if (do_cmd(s, STF6RD_SV4NET, &req, sizeof(req), 1) < 0)
+ err(1, "STF6RD_SV4NET %s", val);
+}
+
+static struct cmd stf_cmds[] = {
+ DEF_CMD_ARG("stfv4net", setstf_set),
+ DEF_CMD_ARG("stfv4br", setstf_br),
+};
+
+static struct afswtch af_stf = {
+ .af_name = "af_stf",
+ .af_af = AF_UNSPEC,
+ .af_other_status = stf_status,
+};
+
+static __constructor void
+stf_ctor(void)
+{
+ int i;
+
+ for (i = 0; i < nitems(stf_cmds); i++)
+ cmd_register(&stf_cmds[i]);
+ af_register(&af_stf);
+}
diff --git a/sbin/ipf/ipfstat/Makefile b/sbin/ipf/ipfstat/Makefile
index 4714f2c0394e..80c2e89a2c88 100644
--- a/sbin/ipf/ipfstat/Makefile
+++ b/sbin/ipf/ipfstat/Makefile
@@ -6,6 +6,6 @@ PACKAGE= ipf
PROG= ipfstat
SRCS= ipfstat.c
MAN= ipfstat.8
-LIBADD+= ncursesw
+LIBADD+= tinfow ncursesw
.include <bsd.prog.mk>
diff --git a/sbin/iscontrol/Makefile b/sbin/iscontrol/Makefile
deleted file mode 100644
index 613444a468f4..000000000000
--- a/sbin/iscontrol/Makefile
+++ /dev/null
@@ -1,14 +0,0 @@
-# $FreeBSD$
-
-PACKAGE=iscsilegacy
-SRCS= iscontrol.c pdu.c fsm.c config.c login.c auth_subr.c misc.c
-PROG= iscontrol
-LIBADD= cam md
-S= ${SRCTOP}/sys
-
-WARNS?= 3
-CFLAGS+= -I$S
-
-MAN= iscontrol.8
-
-.include <bsd.prog.mk>
diff --git a/sbin/iscontrol/Makefile.depend b/sbin/iscontrol/Makefile.depend
deleted file mode 100644
index c800a3df77c3..000000000000
--- a/sbin/iscontrol/Makefile.depend
+++ /dev/null
@@ -1,21 +0,0 @@
-# $FreeBSD$
-# Autogenerated - do NOT edit!
-
-DIRDEPS = \
- gnu/lib/csu \
- include \
- include/arpa \
- include/xlocale \
- lib/${CSU_DIR} \
- lib/libc \
- lib/libcam \
- lib/libcompiler_rt \
- lib/libmd \
- lib/libsbuf \
-
-
-.include <dirdeps.mk>
-
-.if ${DEP_RELDIR} == ${_DEP_RELDIR}
-# local dependencies - needed for -jN in clean tree
-.endif
diff --git a/sbin/iscontrol/auth_subr.c b/sbin/iscontrol/auth_subr.c
deleted file mode 100644
index a4c17ba20868..000000000000
--- a/sbin/iscontrol/auth_subr.c
+++ /dev/null
@@ -1,206 +0,0 @@
-/*-
- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
- *
- * Copyright (c) 2005-2010 Daniel Braniss <danny@cs.huji.ac.il>
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- */
-
-/*
- | $Id: auth_subr.c,v 2.2 2007/06/01 08:09:37 danny Exp $
- */
-
-#include <sys/cdefs.h>
-__FBSDID("$FreeBSD$");
-
-#include <sys/param.h>
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <sys/sysctl.h>
-
-#include <netinet/in.h>
-#include <netinet/tcp.h>
-#include <arpa/inet.h>
-#include <unistd.h>
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
-#include <fcntl.h>
-
-#include <md5.h>
-#include <sha.h>
-
-#include <dev/iscsi_initiator/iscsi.h>
-#include "iscontrol.h"
-
-static int
-chapMD5(char id, char *cp, char *chapSecret, unsigned char *digest)
-{
- MD5_CTX ctx;
- char *tmp;
- int len;
-
- debug_called(3);
-
- MD5Init(&ctx);
-
- MD5Update(&ctx, &id, 1);
-
- if((len = str2bin(chapSecret, &tmp)) == 0) {
- // print error
- return -1;
- }
- MD5Update(&ctx, tmp, len);
- free(tmp);
-
- if((len = str2bin(cp, &tmp)) == 0) {
- // print error
- return -1;
- }
- MD5Update(&ctx, tmp, len);
- free(tmp);
-
- MD5Final(digest, &ctx);
-
-
- return 0;
-}
-
-static int
-chapSHA1(char id, char *cp, char *chapSecret, unsigned char *digest)
-{
- SHA1_CTX ctx;
- char *tmp;
- int len;
-
- debug_called(3);
-
- SHA1_Init(&ctx);
-
- SHA1_Update(&ctx, &id, 1);
-
- if((len = str2bin(chapSecret, &tmp)) == 0) {
- // print error
- return -1;
- }
- SHA1_Update(&ctx, tmp, len);
- free(tmp);
-
- if((len = str2bin(cp, &tmp)) == 0) {
- // print error
- return -1;
- }
- SHA1_Update(&ctx, tmp, len);
- free(tmp);
-
- SHA1_Final(digest, &ctx);
-
- return 0;
-
-}
-/*
- | the input text format can be anything that the rfc3270 defines
- | (see section 5.1 and str2bin)
- | digest length for md5 is 128bits, and for sha1 is 160bits.
- | digest is an ASCII string which represents the bits in
- | hexadecimal or base64 according to the challenge(cp) format
- */
-char *
-chapDigest(char *ap, char id, char *cp, char *chapSecret)
-{
- int len;
- unsigned char digest[20];
- char encoding[3];
-
- debug_called(3);
-
- len = 0;
- if(strcmp(ap, "5") == 0 && chapMD5(id, cp, chapSecret, digest) == 0)
- len = 16;
- else
- if(strcmp(ap, "7") == 0 && chapSHA1(id, cp, chapSecret, digest) == 0)
- len = 20;
-
- if(len) {
- sprintf(encoding, "%.2s", cp);
- return bin2str(encoding, digest, len);
- }
-
- return NULL;
-}
-
-char *
-genChapChallenge(char *encoding, uint len)
-{
- int fd;
- unsigned char tmp[1024];
-
- if(len > sizeof(tmp))
- return NULL;
-
- if((fd = open("/dev/random", O_RDONLY)) != -1) {
- read(fd, tmp, len);
- close(fd);
- return bin2str(encoding, tmp, len);
- }
- perror("/dev/random");
- // make up something ...
- return NULL;
-}
-
-#ifdef TEST_AUTH
-static void
-puke(char *str, unsigned char *dg, int len)
-{
- printf("%3d] %s\n 0x", len, str);
- while(len-- > 0)
- printf("%02x", *dg++);
- printf("\n");
-}
-
-main(int cc, char **vv)
-{
- char *p, *ap, *ip, *cp, *chapSecret, *digest;
- int len;
-
-#if 0
- ap = "5";
- chapSecret = "0xa5aff013dd839b1edd31ee73a1df0b1b";
-// chapSecret = "abcdefghijklmnop";
- len = str2bin(chapSecret, &cp);
- puke(chapSecret, cp, len);
-
- ip = "238";
- cp = "0xbd456029";
-
-
- if((digest = chapDigest(ap, ip, cp, chapSecret)) != NULL) {
- len = str2bin(digest, &cp);
- puke(digest, cp, len);
- }
-#else
- printf("%d] %s\n", 24, genChallenge("0X", 24));
-#endif
-}
-#endif
diff --git a/sbin/iscontrol/config.c b/sbin/iscontrol/config.c
deleted file mode 100644
index 2fe44512f311..000000000000
--- a/sbin/iscontrol/config.c
+++ /dev/null
@@ -1,382 +0,0 @@
-/*-
- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
- *
- * Copyright (c) 2005-2009 Daniel Braniss <danny@cs.huji.ac.il>
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- */
-/*
- | $Id: config.c,v 2.1 2006/11/12 08:06:51 danny Exp danny $
- */
-
-#include <sys/cdefs.h>
-__FBSDID("$FreeBSD$");
-
-#include <stdlib.h>
-#include <unistd.h>
-#include <stdio.h>
-#include <string.h>
-#include <errno.h>
-#include <fcntl.h>
-#include <time.h>
-#include <ctype.h>
-#include <camlib.h>
-
-#include <dev/iscsi_initiator/iscsi.h>
-#include "iscontrol.h"
-
-/*
- | ints
- */
-#define OPT_port 1
-#define OPT_tags 2
-
-#define OPT_maxConnections 3
-#define OPT_maxRecvDataSegmentLength 4
-#define OPT_maxXmitDataSegmentLength 5
-#define OPT_maxBurstLength 6
-#define OPT_firstBurstLength 7
-#define OPT_defaultTime2Wait 8
-#define OPT_defaultTime2Retain 9
-#define OPT_maxOutstandingR2T 10
-#define OPT_errorRecoveryLevel 11
-#define OPT_targetPortalGroupTag 12
-#define OPT_headerDigest 13
-#define OPT_dataDigest 14
-/*
- | Booleans
- */
-#define OPT_initialR2T 16
-#define OPT_immediateData 17
-#define OPT_dataPDUInOrder 18
-#define OPT_dataSequenceInOrder 19
-/*
- | strings
- */
-#define OPT_sessionType 15
-
-#define OPT_targetAddress 21
-#define OPT_targetAlias 22
-#define OPT_targetName 23
-#define OPT_initiatorName 24
-#define OPT_initiatorAlias 25
-#define OPT_authMethod 26
-
-#define OPT_chapSecret 27
-#define OPT_chapIName 28
-#define OPT_chapDigest 29
-#define OPT_tgtChapName 30
-#define OPT_tgtChapSecret 31
-#define OPT_tgtChallengeLen 32
-/*
- | private
- */
-#define OPT_maxluns 33
-#define OPT_iqn 34
-#define OPT_sockbufsize 35
-
-/*
- | sentinel
- */
-#define OPT_end 0
-
-#define _OFF(v) ((int)&((isc_opt_t *)NULL)->v)
-#define _E(u, s, v) {.usage=u, .scope=s, .name=#v, .tokenID=OPT_##v}
-
-textkey_t keyMap[] = {
- _E(U_PR, S_PR, port),
- _E(U_PR, S_PR, tags),
- _E(U_PR, S_PR, maxluns),
- _E(U_PR, S_PR, sockbufsize),
-
- _E(U_PR, S_PR, iqn),
- _E(U_PR, S_PR, chapSecret),
- _E(U_PR, S_PR, chapIName),
- _E(U_PR, S_PR, chapDigest),
- _E(U_PR, S_PR, tgtChapName),
- _E(U_PR, S_PR, tgtChapSecret),
- _E(U_PR, S_PR, tgtChallengeLen),
-
- _E(U_IO, S_CO, headerDigest),
- _E(U_IO, S_CO, dataDigest),
-
- _E(U_IO, S_CO, authMethod),
-
- _E(U_LO, S_SW, maxConnections),
- _E(U_IO, S_SW, targetName),
-
- _E(U_IO, S_SW, initiatorName),
- _E(U_ALL,S_SW, targetAlias),
- _E(U_ALL,S_SW, initiatorAlias),
- _E(U_ALL,S_SW, targetAddress),
-
- _E(U_ALL,S_SW, targetPortalGroupTag),
-
- _E(U_LO, S_SW, initialR2T),
- _E(U_LO, S_SW, immediateData),
-
- _E(U_ALL,S_CO, maxRecvDataSegmentLength),
- _E(U_ALL,S_CO, maxXmitDataSegmentLength),
-
- _E(U_LO, S_SW, maxBurstLength),
- _E(U_LO, S_SW, firstBurstLength),
- _E(U_LO, S_SW, defaultTime2Wait),
- _E(U_LO, S_SW, defaultTime2Retain),
-
- _E(U_LO, S_SW, maxOutstandingR2T),
- _E(U_LO, S_SW, dataPDUInOrder),
- _E(U_LO, S_SW, dataSequenceInOrder),
-
- _E(U_LO, S_SW, errorRecoveryLevel),
-
- _E(U_LO, S_SW, sessionType),
-
- _E(0, 0, end)
-};
-
-#define _OPT_INT(w) strtol((char *)w, NULL, 0)
-#define _OPT_STR(w) (char *)(w)
-
-static __inline int
-_OPT_BOOL(char *w)
-{
- if(isalpha((unsigned char)*w))
- return strcasecmp(w, "TRUE") == 0;
- else
- return _OPT_INT(w);
-}
-
-#define _CASE(k, v) case OPT_##k: op->k = v; break
-static void
-setOption(isc_opt_t *op, int which, void *rval)
-{
- switch(which) {
- _CASE(port, _OPT_INT(rval));
- _CASE(tags, _OPT_INT(rval));
- _CASE(maxluns, _OPT_INT(rval));
- _CASE(iqn, _OPT_STR(rval));
- _CASE(sockbufsize, _OPT_INT(rval));
-
- _CASE(maxConnections, _OPT_INT(rval));
- _CASE(maxRecvDataSegmentLength, _OPT_INT(rval));
- _CASE(maxXmitDataSegmentLength, _OPT_INT(rval));
- _CASE(maxBurstLength, _OPT_INT(rval));
- _CASE(firstBurstLength, _OPT_INT(rval));
- _CASE(defaultTime2Wait, _OPT_INT(rval));
- _CASE(defaultTime2Retain, _OPT_INT(rval));
- _CASE(maxOutstandingR2T, _OPT_INT(rval));
- _CASE(errorRecoveryLevel, _OPT_INT(rval));
- _CASE(targetPortalGroupTag, _OPT_INT(rval));
- _CASE(headerDigest, _OPT_STR(rval));
- _CASE(dataDigest, _OPT_STR(rval));
-
- _CASE(targetAddress, _OPT_STR(rval));
- _CASE(targetAlias, _OPT_STR(rval));
- _CASE(targetName, _OPT_STR(rval));
- _CASE(initiatorName, _OPT_STR(rval));
- _CASE(initiatorAlias, _OPT_STR(rval));
- _CASE(authMethod, _OPT_STR(rval));
- _CASE(chapSecret, _OPT_STR(rval));
- _CASE(chapIName, _OPT_STR(rval));
- _CASE(chapDigest, _OPT_STR(rval));
-
- _CASE(tgtChapName, _OPT_STR(rval));
- _CASE(tgtChapSecret, _OPT_STR(rval));
-
- _CASE(initialR2T, _OPT_BOOL(rval));
- _CASE(immediateData, _OPT_BOOL(rval));
- _CASE(dataPDUInOrder, _OPT_BOOL(rval));
- _CASE(dataSequenceInOrder, _OPT_BOOL(rval));
- }
-}
-
-static char *
-get_line(FILE *fd)
-{
- static char *sp, line[BUFSIZ];
- char *lp, *p;
-
- do {
- if(sp == NULL)
- sp = fgets(line, sizeof line, fd);
-
- if((lp = sp) == NULL)
- break;
- if((p = strchr(lp, '\n')) != NULL)
- *p = 0;
- if((p = strchr(lp, '#')) != NULL)
- *p = 0;
- if((p = strchr(lp, ';')) != NULL) {
- *p++ = 0;
- sp = p;
- } else
- sp = NULL;
- if(*lp)
- return lp;
- } while (feof(fd) == 0);
- return NULL;
-}
-
-static int
-getConfig(FILE *fd, char *key, char **Ar, int *nargs)
-{
- char *lp, *p, **ar;
- int state, len, n;
-
- ar = Ar;
- if(key)
- len = strlen(key);
- else
- len = 0;
- state = 0;
- while((lp = get_line(fd)) != NULL) {
- for(; isspace((unsigned char)*lp); lp++)
- ;
- switch(state) {
- case 0:
- if((p = strchr(lp, '{')) != NULL) {
- while((--p > lp) && *p && isspace((unsigned char)*p));
- n = p - lp;
- if(len && strncmp(lp, key, MAX(n, len)) == 0)
- state = 2;
- else
- state = 1;
- continue;
- }
- break;
-
- case 1:
- if(*lp == '}')
- state = 0;
- continue;
-
- case 2:
- if(*lp == '}')
- goto done;
-
- break;
- }
-
-
- for(p = &lp[strlen(lp)-1]; isspace((unsigned char)*p); p--)
- *p = 0;
- if((*nargs)-- > 0)
- *ar++ = strdup(lp);
- }
-
- done:
- if(*nargs > 0)
- *ar = 0;
- *nargs = ar - Ar;
- return ar - Ar;
-}
-
-static textkey_t *
-keyLookup(char *key)
-{
- textkey_t *tk;
-
- for(tk = keyMap; tk->name && strcmp(tk->name, "end"); tk++) {
- if(strcasecmp(key, tk->name) == 0)
- return tk;
- }
- return NULL;
-}
-
-static void
-puke(isc_opt_t *op)
-{
- printf("%24s = %d\n", "port", op->port);
- printf("%24s = %d\n", "tags", op->tags);
- printf("%24s = %d\n", "maxluns", op->maxluns);
- printf("%24s = %s\n", "iqn", op->iqn);
-
- printf("%24s = %d\n", "maxConnections", op->maxConnections);
- printf("%24s = %d\n", "maxRecvDataSegmentLength", op->maxRecvDataSegmentLength);
- printf("%24s = %d\n", "maxXmitDataSegmentLength", op->maxRecvDataSegmentLength);
- printf("%24s = %d\n", "maxBurstLength", op->maxBurstLength);
- printf("%24s = %d\n", "firstBurstLength", op->firstBurstLength);
- printf("%24s = %d\n", "defaultTime2Wait", op->defaultTime2Wait);
- printf("%24s = %d\n", "defaultTime2Retain", op->defaultTime2Retain);
- printf("%24s = %d\n", "maxOutstandingR2T", op->maxOutstandingR2T);
- printf("%24s = %d\n", "errorRecoveryLevel", op->errorRecoveryLevel);
- printf("%24s = %d\n", "targetPortalGroupTag", op->targetPortalGroupTag);
-
- printf("%24s = %s\n", "headerDigest", op->headerDigest);
- printf("%24s = %s\n", "dataDigest", op->dataDigest);
-
- printf("%24s = %d\n", "initialR2T", op->initialR2T);
- printf("%24s = %d\n", "immediateData", op->immediateData);
- printf("%24s = %d\n", "dataPDUInOrder", op->dataPDUInOrder);
- printf("%24s = %d\n", "dataSequenceInOrder", op->dataSequenceInOrder);
-
- printf("%24s = %s\n", "sessionType", op->sessionType);
- printf("%24s = %s\n", "targetAddress", op->targetAddress);
- printf("%24s = %s\n", "targetAlias", op->targetAlias);
- printf("%24s = %s\n", "targetName", op->targetName);
- printf("%24s = %s\n", "initiatorName", op->initiatorName);
- printf("%24s = %s\n", "initiatorAlias", op->initiatorAlias);
- printf("%24s = %s\n", "authMethod", op->authMethod);
- printf("%24s = %s\n", "chapSecret", op->chapSecret);
- printf("%24s = %s\n", "chapIName", op->chapIName);
- printf("%24s = %s\n", "tgtChapName", op->tgtChapName);
- printf("%24s = %s\n", "tgtChapSecret", op->tgtChapSecret);
- printf("%24s = %d\n", "tgttgtChallengeLen", op->tgtChallengeLen);
-}
-
-void
-parseArgs(int nargs, char **args, isc_opt_t *op)
-{
- char **ar;
- char *p, *v;
- textkey_t *tk;
-
- for(ar = args; nargs > 0; nargs--, ar++) {
- p = strchr(*ar, '=');
- if(p == NULL)
- continue;
- *p = 0;
- v = p + 1;
- while(isspace((unsigned char)*--p))
- *p = 0;
- while(isspace((unsigned char)*v))
- v++;
- if((tk = keyLookup(*ar)) == NULL)
- continue;
- setOption(op, tk->tokenID, v);
- }
-}
-
-void
-parseConfig(FILE *fd, char *key, isc_opt_t *op)
-{
- char *Ar[256];
- int cc;
-
- cc = 256;
- if(getConfig(fd, key, Ar, &cc))
- parseArgs(cc, Ar, op);
- if(vflag)
- puke(op);
-}
diff --git a/sbin/iscontrol/fsm.c b/sbin/iscontrol/fsm.c
deleted file mode 100644
index 8efbe6667b16..000000000000
--- a/sbin/iscontrol/fsm.c
+++ /dev/null
@@ -1,759 +0,0 @@
-/*-
- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
- *
- * Copyright (c) 2005-2010 Daniel Braniss <danny@cs.huji.ac.il>
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- */
-
-/*
- | $Id: fsm.c,v 2.8 2007/05/19 16:34:21 danny Exp danny $
- */
-
-#include <sys/cdefs.h>
-__FBSDID("$FreeBSD$");
-
-#include <sys/param.h>
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <sys/sysctl.h>
-
-#include <netinet/in.h>
-#include <netinet/tcp.h>
-#include <arpa/inet.h>
-#include <sys/ioctl.h>
-#include <netdb.h>
-#include <stdlib.h>
-#include <unistd.h>
-#include <stdio.h>
-#include <string.h>
-#include <errno.h>
-#include <fcntl.h>
-#include <time.h>
-#include <syslog.h>
-#include <stdarg.h>
-#include <camlib.h>
-
-#include <dev/iscsi_initiator/iscsi.h>
-#include "iscontrol.h"
-
-typedef enum {
- T1 = 1,
- T2, /*T3,*/ T4, T5, /*T6,*/ T7, T8, T9,
- T10, T11, T12, T13, T14, T15, T16, T18
-} trans_t;
-
-/*
- | now supports IPV6
- | thanks to:
- | Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan
- | ume@mahoroba.org ume@{,jp.}FreeBSD.org
- | http://www.imasy.org/~ume/
- */
-static trans_t
-tcpConnect(isess_t *sess)
-{
- isc_opt_t *op = sess->op;
- int val, sv_errno, soc;
- struct addrinfo *res, *res0, hints;
- char pbuf[10];
-
- debug_called(3);
- if(sess->flags & (SESS_RECONNECT|SESS_REDIRECT)) {
- syslog(LOG_INFO, "%s", (sess->flags & SESS_RECONNECT)
- ? "Reconnect": "Redirected");
-
- debug(1, "%s", (sess->flags & SESS_RECONNECT) ? "Reconnect": "Redirected");
- shutdown(sess->soc, SHUT_RDWR);
- //close(sess->soc);
- sess->soc = -1;
-
- sess->flags &= ~SESS_CONNECTED;
- if(sess->flags & SESS_REDIRECT) {
- sess->redirect_cnt++;
- sess->flags |= SESS_RECONNECT;
- } else
- sleep(2); // XXX: actually should be ?
-#ifdef notyet
- {
- time_t sec;
- // make sure we are not in a loop
- // XXX: this code has to be tested
- sec = time(0) - sess->reconnect_time;
- if(sec > (5*60)) {
- // if we've been connected for more that 5 minutes
- // then just reconnect
- sess->reconnect_time = sec;
- sess->reconnect_cnt1 = 0;
- }
- else {
- //
- sess->reconnect_cnt1++;
- if((sec / sess->reconnect_cnt1) < 2) {
- // if less that 2 seconds from the last reconnect
- // we are most probably looping
- syslog(LOG_CRIT, "too many reconnects %d", sess->reconnect_cnt1);
- return 0;
- }
- }
- }
-#endif
- sess->reconnect_cnt++;
- }
-
- snprintf(pbuf, sizeof(pbuf), "%d", op->port);
- memset(&hints, 0, sizeof(hints));
- hints.ai_family = PF_UNSPEC;
- hints.ai_socktype = SOCK_STREAM;
- debug(1, "targetAddress=%s port=%d", op->targetAddress, op->port);
- if((val = getaddrinfo(op->targetAddress, pbuf, &hints, &res0)) != 0) {
- fprintf(stderr, "getaddrinfo(%s): %s\n", op->targetAddress, gai_strerror(val));
- return 0;
- }
- sess->flags &= ~SESS_CONNECTED;
- sv_errno = 0;
- soc = -1;
- for(res = res0; res; res = res->ai_next) {
- soc = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
- if (soc == -1)
- continue;
-
- // from Patrick.Guelat@imp.ch:
- // iscontrol can be called without waiting for the socket entry to time out
- val = 1;
- if(setsockopt(soc, SOL_SOCKET, SO_REUSEADDR, &val, (socklen_t)sizeof(val)) < 0) {
- fprintf(stderr, "Cannot set socket SO_REUSEADDR %d: %s\n\n",
- errno, strerror(errno));
- }
-
- if(connect(soc, res->ai_addr, res->ai_addrlen) == 0)
- break;
- sv_errno = errno;
- close(soc);
- soc = -1;
- }
- freeaddrinfo(res0);
- if(soc != -1) {
- sess->soc = soc;
-
-#if 0
- struct timeval timeout;
-
- val = 1;
- if(setsockopt(sess->soc, IPPROTO_TCP, TCP_KEEPALIVE, &val, sizeof(val)) < 0)
- fprintf(stderr, "Cannot set socket KEEPALIVE option err=%d %s\n",
- errno, strerror(errno));
-
- if(setsockopt(sess->soc, IPPROTO_TCP, TCP_NODELAY, &val, sizeof(val)) < 0)
- fprintf(stderr, "Cannot set socket NO delay option err=%d %s\n",
- errno, strerror(errno));
-
- timeout.tv_sec = 10;
- timeout.tv_usec = 0;
- if((setsockopt(sess->soc, SOL_SOCKET, SO_SNDTIMEO, &timeout, sizeof(timeout)) < 0)
- || (setsockopt(sess->soc, SOL_SOCKET, SO_RCVTIMEO, &timeout, sizeof(timeout)) < 0)) {
- fprintf(stderr, "Cannot set socket timeout to %ld err=%d %s\n",
- timeout.tv_sec, errno, strerror(errno));
- }
-#endif
-#ifdef CURIOUS
- {
- int len = sizeof(val);
- if(getsockopt(sess->soc, SOL_SOCKET, SO_SNDBUF, &val, &len) == 0)
- fprintf(stderr, "was: SO_SNDBUF=%dK\n", val/1024);
- }
-#endif
- if(sess->op->sockbufsize) {
- val = sess->op->sockbufsize * 1024;
- if((setsockopt(sess->soc, SOL_SOCKET, SO_SNDBUF, &val, sizeof(val)) < 0)
- || (setsockopt(sess->soc, SOL_SOCKET, SO_RCVBUF, &val, sizeof(val)) < 0)) {
- fprintf(stderr, "Cannot set socket sndbuf & rcvbuf to %d err=%d %s\n",
- val, errno, strerror(errno));
- return 0;
- }
- }
- sess->flags |= SESS_CONNECTED;
- return T1;
- }
-
- fprintf(stderr, "errno=%d\n", sv_errno);
- perror("connect");
- switch(sv_errno) {
- case ECONNREFUSED:
- case EHOSTUNREACH:
- case ENETUNREACH:
- case ETIMEDOUT:
- if((sess->flags & SESS_REDIRECT) == 0) {
- if(strcmp(op->targetAddress, sess->target.address) != 0) {
- syslog(LOG_INFO, "reconnecting to original target address");
- free(op->targetAddress);
- op->targetAddress = sess->target.address;
- op->port = sess->target.port;
- op->targetPortalGroupTag = sess->target.pgt;
- return T1;
- }
- }
- sleep(5); // for now ...
- return T1;
- default:
- return 0; // terminal error
- }
-}
-
-int
-setOptions(isess_t *sess, int flag)
-{
- isc_opt_t oop;
- char *sep;
-
- debug_called(3);
-
- bzero(&oop, sizeof(isc_opt_t));
-
- if((flag & SESS_FULLFEATURE) == 0) {
- oop.initiatorName = sess->op->initiatorName;
- oop.targetAddress = sess->op->targetAddress;
- if(sess->op->targetName != 0)
- oop.targetName = sess->op->targetName;
-
- oop.maxRecvDataSegmentLength = sess->op->maxRecvDataSegmentLength;
- oop.maxXmitDataSegmentLength = sess->op->maxXmitDataSegmentLength; // XXX:
- oop.maxBurstLength = sess->op->maxBurstLength;
- oop.maxluns = sess->op->maxluns;
- }
- else {
- /*
- | turn on digestion only after login
- */
- if(sess->op->headerDigest != NULL) {
- sep = strchr(sess->op->headerDigest, ',');
- if(sep == NULL)
- oop.headerDigest = sess->op->headerDigest;
- debug(1, "oop.headerDigest=%s", oop.headerDigest);
- }
- if(sess->op->dataDigest != NULL) {
- sep = strchr(sess->op->dataDigest, ',');
- if(sep == NULL)
- oop.dataDigest = sess->op->dataDigest;
- debug(1, "oop.dataDigest=%s", oop.dataDigest);
- }
- }
-
- if(ioctl(sess->fd, ISCSISETOPT, &oop)) {
- perror("ISCSISETOPT");
- return -1;
- }
- return 0;
-}
-
-static trans_t
-startSession(isess_t *sess)
-{
-
- int n, fd, nfd;
- char *dev;
-
- debug_called(3);
-
- if((sess->flags & SESS_CONNECTED) == 0) {
- return T2;
- }
- if(sess->fd == -1) {
- fd = open(iscsidev, O_RDWR);
- if(fd < 0) {
- perror(iscsidev);
- return 0;
- }
- {
- // XXX: this has to go
- size_t n;
- n = sizeof(sess->isid);
- if(sysctlbyname("net.iscsi_initiator.isid", (void *)sess->isid, (size_t *)&n, 0, 0) != 0)
- perror("sysctlbyname");
- }
- if(ioctl(fd, ISCSISETSES, &n)) {
- perror("ISCSISETSES");
- return 0;
- }
- asprintf(&dev, "%s%d", iscsidev, n);
- nfd = open(dev, O_RDWR);
- if(nfd < 0) {
- perror(dev);
- free(dev);
- return 0;
- }
- free(dev);
- close(fd);
- sess->fd = nfd;
-
- if(setOptions(sess, 0) != 0)
- return -1;
- }
-
- if(ioctl(sess->fd, ISCSISETSOC, &sess->soc)) {
- perror("ISCSISETSOC");
- return 0;
- }
-
- return T4;
-}
-
-isess_t *currsess;
-
-static void
-trap(int sig)
-{
- syslog(LOG_NOTICE, "trapped signal %d", sig);
- fprintf(stderr, "trapped signal %d\n", sig);
-
- switch(sig) {
- case SIGHUP:
- currsess->flags |= SESS_DISCONNECT;
- break;
-
- case SIGUSR1:
- currsess->flags |= SESS_RECONNECT;
- break;
-
- case SIGINT:
- case SIGTERM:
- default:
- return; // ignore
- }
-}
-
-static int
-doCAM(isess_t *sess)
-{
- char pathstr[1024];
- union ccb *ccb;
- int i, n;
-
- if(ioctl(sess->fd, ISCSIGETCAM, &sess->cam) != 0) {
- syslog(LOG_WARNING, "ISCSIGETCAM failed: %d", errno);
- return 0;
- }
- debug(1, "nluns=%d", sess->cam.target_nluns);
- /*
- | for now will do this for each lun ...
- */
- for(n = i = 0; i < sess->cam.target_nluns; i++) {
- debug(2, "CAM path_id=%d target_id=%d",
- sess->cam.path_id, sess->cam.target_id);
-
- sess->camdev = cam_open_btl(sess->cam.path_id, sess->cam.target_id,
- i, O_RDWR, NULL);
- if(sess->camdev == NULL) {
- //syslog(LOG_WARNING, "%s", cam_errbuf);
- debug(3, "%s", cam_errbuf);
- continue;
- }
-
- cam_path_string(sess->camdev, pathstr, sizeof(pathstr));
- debug(2, "pathstr=%s", pathstr);
-
- ccb = cam_getccb(sess->camdev);
- CCB_CLEAR_ALL_EXCEPT_HDR(&ccb->crs);
- ccb->ccb_h.func_code = XPT_REL_SIMQ;
- ccb->crs.release_flags = RELSIM_ADJUST_OPENINGS;
- ccb->crs.openings = sess->op->tags;
- if(cam_send_ccb(sess->camdev, ccb) < 0)
- debug(2, "%s", cam_errbuf);
- else
- if((ccb->ccb_h.status & CAM_STATUS_MASK) != CAM_REQ_CMP) {
- syslog(LOG_WARNING, "XPT_REL_SIMQ CCB failed");
- // cam_error_print(sess->camdev, ccb, CAM_ESF_ALL, CAM_EPF_ALL, stderr);
- }
- else {
- n++;
- syslog(LOG_INFO, "%s tagged openings now %d\n", pathstr, ccb->crs.openings);
- }
- cam_freeccb(ccb);
- cam_close_device(sess->camdev);
- }
- return n;
-}
-
-static trans_t
-supervise(isess_t *sess)
-{
- int sig, val;
-
- debug_called(3);
-
- if(strcmp(sess->op->sessionType, "Discovery") == 0) {
- sess->flags |= SESS_DISCONNECT;
- return T9;
- }
-
- if(vflag)
- printf("ready to go scsi\n");
-
- if(setOptions(sess, SESS_FULLFEATURE) != 0)
- return 0; // failure
-
- if((sess->flags & SESS_FULLFEATURE) == 0) {
- if(daemon(0, 1) != 0) {
- perror("daemon");
- exit(1);
- }
- if(sess->op->pidfile != NULL) {
- FILE *pidf;
-
- pidf = fopen(sess->op->pidfile, "w");
- if(pidf != NULL) {
- fprintf(pidf, "%d\n", getpid());
- fclose(pidf);
- }
- }
- openlog("iscontrol", LOG_CONS|LOG_PERROR|LOG_PID|LOG_NDELAY, LOG_KERN);
- syslog(LOG_INFO, "running");
-
- currsess = sess;
- if(ioctl(sess->fd, ISCSISTART)) {
- perror("ISCSISTART");
- return -1;
- }
- if(doCAM(sess) == 0) {
- syslog(LOG_WARNING, "no device found");
- ioctl(sess->fd, ISCSISTOP);
- return T15;
- }
-
- }
- else {
- if(ioctl(sess->fd, ISCSIRESTART)) {
- perror("ISCSIRESTART");
- return -1;
- }
- }
-
- signal(SIGINT, trap);
- signal(SIGHUP, trap);
- signal(SIGTERM, trap);
-
- sig = SIGUSR1;
- signal(sig, trap);
- if(ioctl(sess->fd, ISCSISIGNAL, &sig)) {
- perror("ISCSISIGNAL");
- return -1;
- }
- sess->flags |= SESS_FULLFEATURE;
-
- sess->flags &= ~(SESS_REDIRECT | SESS_RECONNECT);
- if(vflag)
- printf("iscontrol: supervise starting main loop\n");
- /*
- | the main loop - actually do nothing
- | all the work is done inside the kernel
- */
- while((sess->flags & (SESS_REDIRECT|SESS_RECONNECT|SESS_DISCONNECT)) == 0) {
- // do something?
- // like sending a nop_out?
- sleep(60);
- }
- printf("iscontrol: supervise going down\n");
- syslog(LOG_INFO, "sess flags=%x", sess->flags);
-
- sig = 0;
- if(ioctl(sess->fd, ISCSISIGNAL, &sig)) {
- perror("ISCSISIGNAL");
- }
-
- if(sess->flags & SESS_DISCONNECT) {
- sess->flags &= ~SESS_FULLFEATURE;
- return T9;
- }
- else {
- val = 0;
- if(ioctl(sess->fd, ISCSISTOP, &val)) {
- perror("ISCSISTOP");
- }
- sess->flags |= SESS_INITIALLOGIN1;
- }
- return T8;
-}
-
-static int
-handledDiscoveryResp(isess_t *sess, pdu_t *pp)
-{
- u_char *ptr;
- int len, n;
-
- debug_called(3);
-
- len = pp->ds_len;
- ptr = pp->ds_addr;
- while(len > 0) {
- if(*ptr != 0)
- printf("%s\n", ptr);
- n = strlen((char *)ptr) + 1;
- len -= n;
- ptr += n;
- }
- return 0;
-}
-
-static int
-doDiscovery(isess_t *sess)
-{
- pdu_t spp;
- text_req_t *tp = (text_req_t *)&spp.ipdu.bhs;
-
- debug_called(3);
-
- bzero(&spp, sizeof(pdu_t));
- tp->cmd = ISCSI_TEXT_CMD /*| 0x40 */; // because of a bug in openiscsi-target
- tp->F = 1;
- tp->ttt = 0xffffffff;
- addText(&spp, "SendTargets=All");
- return sendPDU(sess, &spp, handledDiscoveryResp);
-}
-
-static trans_t
-doLogin(isess_t *sess)
-{
- isc_opt_t *op = sess->op;
- int status, count;
-
- debug_called(3);
-
- if(op->chapSecret == NULL && op->tgtChapSecret == NULL)
- /*
- | don't need any security negotiation
- | or in other words: we don't have any secrets to exchange
- */
- sess->csg = LON_PHASE;
- else
- sess->csg = SN_PHASE;
-
- if(sess->tsih) {
- sess->tsih = 0; // XXX: no 'reconnect' yet
- sess->flags &= ~SESS_NEGODONE; // XXX: KLUDGE
- }
- count = 10; // should be more than enough
- do {
- debug(3, "count=%d csg=%d", count, sess->csg);
- status = loginPhase(sess);
- if(count-- == 0)
- // just in case we get into a loop
- status = -1;
- } while(status == 0 && (sess->csg != FF_PHASE));
-
- sess->flags &= ~SESS_INITIALLOGIN;
- debug(3, "status=%d", status);
-
- switch(status) {
- case 0: // all is ok ...
- sess->flags |= SESS_LOGGEDIN;
- if(strcmp(sess->op->sessionType, "Discovery") == 0)
- doDiscovery(sess);
- return T5;
-
- case 1: // redirect - temporary/permanent
- /*
- | start from scratch?
- */
- sess->flags &= ~SESS_NEGODONE;
- sess->flags |= (SESS_REDIRECT | SESS_INITIALLOGIN1);
- syslog(LOG_DEBUG, "target sent REDIRECT");
- return T7;
-
- case 2: // initiator terminal error
- return 0;
- case 3: // target terminal error -- could retry ...
- sleep(5);
- return T7; // lets try
- default:
- return 0;
- }
-}
-
-static int
-handleLogoutResp(isess_t *sess, pdu_t *pp)
-{
- if(sess->flags & SESS_DISCONNECT) {
- int val = 0;
- if(ioctl(sess->fd, ISCSISTOP, &val)) {
- perror("ISCSISTOP");
- }
- return 0;
- }
- return T13;
-}
-
-static trans_t
-startLogout(isess_t *sess)
-{
- pdu_t spp;
- logout_req_t *p = (logout_req_t *)&spp.ipdu.bhs;
-
- bzero(&spp, sizeof(pdu_t));
- p->cmd = ISCSI_LOGOUT_CMD| 0x40;
- p->reason = BIT(7) | 0;
- p->CID = htons(1);
-
- return sendPDU(sess, &spp, handleLogoutResp);
-}
-
-static trans_t
-inLogout(isess_t *sess)
-{
- if(sess->flags & SESS_RECONNECT)
- return T18;
- return 0;
-}
-
-typedef enum {
- S1, S2, /*S3,*/ S4, S5, S6, S7, S8
-} state_t;
-
-/**
- S1: FREE
- S2: XPT_WAIT
- S4: IN_LOGIN
- S5: LOGGED_IN
- S6: IN_LOGOUT
- S7: LOGOUT_REQUESTED
- S8: CLEANUP_WAIT
-
- -------<-------------+
- +--------->/ S1 \<----+ |
- T13| +->\ /<-+ \ |
- | / ---+--- \ \ |
- | / | T2 \ | |
- | T8 | |T1 | | |
- | | | / |T7 |
- | | | / | |
- | | | / | |
- | | V / / |
- | | ------- / / |
- | | / S2 \ / |
- | | \ / / |
- | | ---+--- / |
- | | |T4 / |
- | | V / | T18
- | | ------- / |
- | | / S4 \ |
- | | \ / |
- | | ---+--- | T15
- | | |T5 +--------+---------+
- | | | /T16+-----+------+ |
- | | | / -+-----+--+ | |
- | | | / / S7 \ |T12| |
- | | | / +->\ /<-+ V V
- | | | / / -+----- -------
- | | | / /T11 |T10 / S8 \
- | | V / / V +----+ \ /
- | | ---+-+- ----+-- | -------
- | | / S5 \T9 / S6 \<+ ^
- | +-----\ /--->\ / T14 |
- | ------- --+----+------+T17
- +---------------------------+
-*/
-
-int
-fsm(isc_opt_t *op)
-{
- state_t state;
- isess_t *sess;
-
- if((sess = calloc(1, sizeof(isess_t))) == NULL) {
- // boy, is this a bad start ...
- fprintf(stderr, "no memory!\n");
- return -1;
- }
-
- state = S1;
- sess->op = op;
- sess->fd = -1;
- sess->soc = -1;
- sess->target.address = strdup(op->targetAddress);
- sess->target.port = op->port;
- sess->target.pgt = op->targetPortalGroupTag;
-
- sess->flags = SESS_INITIALLOGIN | SESS_INITIALLOGIN1;
-
- do {
- switch(state) {
-
- case S1:
- switch(tcpConnect(sess)) {
- case T1: state = S2; break;
- default: state = S8; break;
- }
- break;
-
- case S2:
- switch(startSession(sess)) {
- case T2: state = S1; break;
- case T4: state = S4; break;
- default: state = S8; break;
- }
- break;
-
- case S4:
- switch(doLogin(sess)) {
- case T7: state = S1; break;
- case T5: state = S5; break;
- default: state = S8; break;
- }
- break;
-
- case S5:
- switch(supervise(sess)) {
- case T8: state = S1; break;
- case T9: state = S6; break;
- case T11: state = S7; break;
- case T15: state = S8; break;
- default: state = S8; break;
- }
- break;
-
- case S6:
- switch(startLogout(sess)) {
- case T13: state = S1; break;
- case T14: state = S6; break;
- case T16: state = S8; break;
- default: state = S8; break;
- }
- break;
-
- case S7:
- switch(inLogout(sess)) {
- case T18: state = S1; break;
- case T10: state = S6; break;
- case T12: state = S7; break;
- case T16: state = S8; break;
- default: state = S8; break;
- }
- break;
-
- case S8:
- // maybe do some clean up?
- syslog(LOG_INFO, "terminated");
- return 0;
- }
- } while(1);
-}
diff --git a/sbin/iscontrol/iscontrol.8 b/sbin/iscontrol/iscontrol.8
deleted file mode 100644
index abebf0c534d8..000000000000
--- a/sbin/iscontrol/iscontrol.8
+++ /dev/null
@@ -1,141 +0,0 @@
-.\" Copyright (c) 2007-2010 Daniel Braniss <danny@cs.huji.ac.il>
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\" 1. Redistributions of source code must retain the above copyright
-.\" notice, this list of conditions and the following disclaimer.
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\" notice, this list of conditions and the following disclaimer in the
-.\" documentation and/or other materials provided with the distribution.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" $FreeBSD$
-.\"
-.Dd September 9, 2016
-.Dt ISCONTROL 8
-.Os
-.Sh NAME
-.Nm iscontrol
-.Nd login/negotiator/control for an iSCSI initiator session
-.Sh SYNOPSIS
-.Nm
-.Op Fl dv
-.Oo
-.Fl c Ar file
-.Op Fl n Ar nickname
-.Oc
-.Op Fl p Ar pidfile
-.Op Fl t Ar target
-.Op Ar variable Ns = Ns Ar value
-.Sh DESCRIPTION
-.Bf -symbolic
-This command, along with its kernel counterpart
-.Xr iscsi_initiator 4 ,
-is obsolete.
-Users are advised to use
-.Xr iscsictl 8
-instead.
-.Ef
-.Pp
-Internet SCSI (iSCSI) is a network protocol standard, that allows the
-use of the SCSI protocol over TCP/IP networks,
-the
-.Nm
-program is the userland side of an iSCSI session, see
-.Xr iscsi_initiator 4 .
-It has 2 modes of operation, if -d (discovery session) is specified,
-it will print out the
-.Em target names
-returned by the target and exit.
-In the second mode, it will, after a successful login/negotiation, run
-in daemon mode, monitoring the connection, and will try to reconnect
-in case of a network/target failure.
-It will terminate/logout the session
-when a SIGHUP signal is received.
-The flags are as follows:
-.Bl -tag -width variable=value
-.It Fl c Ar file
-a file containing configuration
-.Em key-options ,
-see
-.Xr iscsi.conf 5 .
-.It Fl d
-do a
-.Em discovery session
-and exit.
-.It Fl n Ar nickname
-if
-.Sy -c file
-is specified, then search for the block named
-.Em nickname
-in that file, see
-.Xr iscsi.conf 5 .
-.It Fl p Ar pidfile
-will write the process ID of the session to the specified
-.Em pidfile
-.It Fl t Ar target
-the target's IP address or name.
-.It Fl v
-verbose mode.
-.It Ar variable Ns = Ns Ar value
-see
-.Xr iscsi.conf 5
-for the complete list of variables/options and their
-possible values.
-.El
-.Sh EXAMPLES
-.Dl iscontrol -dt myiscsitarget
-.Pp
-will start a
-.Em discovery session
-with the target and
-print to stdout the list of available targetnames/targetadresses.
-Note: this listing does not necessarily mean availability, since
-depending on the target configuration, a discovery session might
-not need login/access permission, but a
-.Em full session
-certainly does.
-.sp
-.Dl iscontrol -c /etc/iscsi.conf -n myiscsi
-.Pp
-will read options from
-.Pa /etc/iscsi.conf ,
-use the targetaddress
-found in the block nicknamed myiscsi, login and negotiate
-whatever options are specified, and start an iscsi-session.
-.Sh SEE ALSO
-.Xr da 4 ,
-.Xr iscsi_initiator 4 ,
-.Xr sa 4 ,
-.Xr iscsi.conf 5 ,
-.Xr camcontrol 8 ,
-.Xr iscsictl 8
-.Sh STANDARDS
-RFC 3720
-.Sh HISTORY
-The
-.Nm
-utility appeared in
-.Fx 7.0 .
-.Sh BUGS
-.Nm
-should probably load the iscsi_initiator module if needed.
-.br
-Not all functions/specifications have been implemented yet, noticeably
-missing are the Task Management Functions.
-The error recovery, though not
-.Em fully compliant
-does a brave effort to recover from network disconnects.
diff --git a/sbin/iscontrol/iscontrol.c b/sbin/iscontrol/iscontrol.c
deleted file mode 100644
index a623d0ca81e3..000000000000
--- a/sbin/iscontrol/iscontrol.c
+++ /dev/null
@@ -1,264 +0,0 @@
-/*-
- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
- *
- * Copyright (c) 2005-2010 Daniel Braniss <danny@cs.huji.ac.il>
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- */
-/*
- | $Id: iscontrol.c,v 2.2 2006/12/01 09:11:56 danny Exp danny $
- */
-/*
- | the user level initiator (client)
- */
-
-#include <sys/cdefs.h>
-__FBSDID("$FreeBSD$");
-
-#include <sys/param.h>
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <sys/sysctl.h>
-
-#include <netinet/in.h>
-#include <netinet/tcp.h>
-#include <arpa/inet.h>
-#include <sys/ioctl.h>
-#include <netdb.h>
-#include <err.h>
-#include <errno.h>
-#include <fcntl.h>
-#include <libgen.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <time.h>
-#include <unistd.h>
-#include <camlib.h>
-
-#include <dev/iscsi_initiator/iscsi.h>
-#include "iscontrol.h"
-
-static char version[] = "2.3.1"; // keep in sync with iscsi_initiator
-
-#define USAGE "[-v] [-d] [-c config] [-n name] [-t target] [-p pidfile]"
-#define OPTIONS "vdc:t:n:p:"
-
-token_t AuthMethods[] = {
- {"None", NONE},
- {"KRB5", KRB5},
- {"SPKM1", SPKM1},
- {"SPKM2", SPKM2},
- {"SRP", SRP},
- {"CHAP", CHAP},
- {0, 0}
-};
-
-token_t DigestMethods[] = {
- {"None", 0},
- {"CRC32", 1},
- {"CRC32C", 1},
- {0, 0}
-};
-
-int vflag;
-char *iscsidev;
-
-u_char isid[6 + 6];
-/*
- | Default values
- */
-isc_opt_t opvals = {
- .port = 3260,
- .sockbufsize = 128,
- .iqn = "iqn.2005-01.il.ac.huji.cs:",
-
- .sessionType = "Normal",
- .targetAddress = 0,
- .targetName = 0,
- .initiatorName = 0,
- .authMethod = "None",
- .headerDigest = "None,CRC32C",
- .dataDigest = "None,CRC32C",
- .maxConnections = 1,
- .maxRecvDataSegmentLength = 64 * 1024,
- .maxXmitDataSegmentLength = 8 * 1024, // 64 * 1024,
- .maxBurstLength = 128 * 1024,
- .firstBurstLength = 64 * 1024, // must be less than maxBurstLength
- .defaultTime2Wait = 0,
- .defaultTime2Retain = 0,
- .maxOutstandingR2T = 1,
- .errorRecoveryLevel = 0,
-
- .dataPDUInOrder = TRUE,
- .dataSequenceInOrder = TRUE,
-
- .initialR2T = TRUE,
- .immediateData = TRUE,
-};
-
-static void
-usage(const char *pname)
-{
- fprintf(stderr, "usage: %s " USAGE "\n", pname);
- exit(1);
-}
-
-int
-lookup(token_t *tbl, char *m)
-{
- token_t *tp;
-
- for(tp = tbl; tp->name != NULL; tp++)
- if(strcasecmp(tp->name, m) == 0)
- return tp->val;
- return 0;
-}
-
-int
-main(int cc, char **vv)
-{
- int ch, disco;
- char *pname, *pidfile, *p, *q, *ta, *kw, *v;
- isc_opt_t *op;
- FILE *fd;
- size_t n;
-
- op = &opvals;
- iscsidev = "/dev/"ISCSIDEV;
- fd = NULL;
- pname = vv[0];
- if ((pname = basename(pname)) == NULL)
- err(1, "basename");
-
- kw = ta = 0;
- disco = 0;
- pidfile = NULL;
- /*
- | check for driver & controller version match
- */
- n = 0;
-#define VERSION_OID_S "net.iscsi_initiator.driver_version"
- if (sysctlbyname(VERSION_OID_S, 0, &n, 0, 0) != 0) {
- if (errno == ENOENT)
- errx(1, "sysctlbyname(\"" VERSION_OID_S "\") "
- "failed; is the iscsi driver loaded?");
- err(1, "sysctlbyname(\"" VERSION_OID_S "\")");
- }
- v = malloc(n+1);
- if (v == NULL)
- err(1, "malloc");
- if (sysctlbyname(VERSION_OID_S, v, &n, 0, 0) != 0)
- err(1, "sysctlbyname");
-
- if (strncmp(version, v, 3) != 0)
- errx(1, "versions mismatch");
-
- while((ch = getopt(cc, vv, OPTIONS)) != -1) {
- switch(ch) {
- case 'v':
- vflag++;
- break;
- case 'c':
- fd = fopen(optarg, "r");
- if (fd == NULL)
- err(1, "fopen(\"%s\")", optarg);
- break;
- case 'd':
- disco = 1;
- break;
- case 't':
- ta = optarg;
- break;
- case 'n':
- kw = optarg;
- break;
- case 'p':
- pidfile = optarg;
- break;
- default:
- usage(pname);
- }
- }
- if(fd == NULL)
- fd = fopen("/etc/iscsi.conf", "r");
-
- if(fd != NULL) {
- parseConfig(fd, kw, op);
- fclose(fd);
- }
- cc -= optind;
- vv += optind;
- if(cc > 0) {
- if(vflag)
- printf("adding '%s'\n", *vv);
- parseArgs(cc, vv, op);
- }
- if(ta)
- op->targetAddress = ta;
-
- if(op->targetAddress == NULL) {
- warnx("no target specified!");
- usage(pname);
- }
- q = op->targetAddress;
- if(*q == '[' && (q = strchr(q, ']')) != NULL) {
- *q++ = '\0';
- op->targetAddress++;
- } else
- q = op->targetAddress;
- if((p = strchr(q, ':')) != NULL) {
- *p++ = 0;
- op->port = atoi(p);
- p = strchr(p, ',');
- }
- if(p || ((p = strchr(q, ',')) != NULL)) {
- *p++ = 0;
- op->targetPortalGroupTag = atoi(p);
- }
- if(op->initiatorName == 0) {
- char hostname[MAXHOSTNAMELEN];
-
- if(op->iqn) {
- if(gethostname(hostname, sizeof(hostname)) == 0)
- asprintf(&op->initiatorName, "%s:%s", op->iqn, hostname);
- else
- asprintf(&op->initiatorName, "%s:%d", op->iqn, (int)time(0) & 0xff); // XXX:
- }
- else {
- if(gethostname(hostname, sizeof(hostname)) == 0)
- asprintf(&op->initiatorName, "%s", hostname);
- else
- asprintf(&op->initiatorName, "%d", (int)time(0) & 0xff); // XXX:
- }
- }
- if(disco) {
- op->sessionType = "Discovery";
- op->targetName = 0;
- }
- op->pidfile = pidfile;
- fsm(op);
-
- exit(0);
-}
diff --git a/sbin/iscontrol/iscontrol.h b/sbin/iscontrol/iscontrol.h
deleted file mode 100644
index dddb21bb562e..000000000000
--- a/sbin/iscontrol/iscontrol.h
+++ /dev/null
@@ -1,167 +0,0 @@
-/*-
- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
- *
- * Copyright (c) 2005-2010 Daniel Braniss <danny@cs.huji.ac.il>
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * $FreeBSD$
- */
-/*
- | $Id: iscontrol.h,v 2.3 2007/04/27 08:36:49 danny Exp danny $
- */
-#ifdef DEBUG
-int vflag;
-
-# define debug(level, fmt, args...) do {if (level <= vflag) printf("%s: " fmt "\n", __func__ , ##args);} while(0)
-# define debug_called(level) do {if (level <= vflag) printf("%s: called\n", __func__);} while(0)
-#else
-# define debug(level, fmt, args...)
-# define debug_called(level)
-#endif // DEBUG
-#define xdebug(fmt, args...) printf("%s: " fmt "\n", __func__ , ##args)
-
-#define BIT(n) (1 <<(n))
-
-#define MAXREDIRECTS 2
-
-typedef int auth_t(void *sess);
-
-typedef struct {
- char *address;
- int port;
- int pgt;
-} target_t;
-
-typedef struct isess {
- int flags;
-#define SESS_CONNECTED BIT(0)
-#define SESS_DISCONNECT BIT(1)
-#define SESS_LOGGEDIN BIT(2)
-#define SESS_RECONNECT BIT(3)
-#define SESS_REDIRECT BIT(4)
-
-#define SESS_NEGODONE BIT(10) // XXX: kludge
-
-#define SESS_FULLFEATURE BIT(29)
-#define SESS_INITIALLOGIN1 BIT(30)
-#define SESS_INITIALLOGIN BIT(31)
-
-
- isc_opt_t *op; // operational values
- target_t target; // the Original target address
- int fd; // the session fd
- int soc; // the socket
- iscsi_cam_t cam;
- struct cam_device *camdev;
-
- time_t open_time;
- int redirect_cnt;
- time_t redirect_time;
- int reconnect_cnt;
- int reconnect_cnt1;
- time_t reconnect_time;
- char isid[6+1];
- int csg; // current stage
- int nsg; // next stage
- // Phases/Stages
-#define SN_PHASE 0 // Security Negotiation
-#define LON_PHASE 1 // Login Operational Negotiation
-#define FF_PHASE 3 // FuLL-Feature
- uint tsih;
- sn_t sn;
-} isess_t;
-
-typedef struct token {
- char *name;
- int val;
-} token_t;
-
-typedef enum {
- NONE = 0,
- KRB5,
- SPKM1,
- SPKM2,
- SRP,
- CHAP
-} authm_t;
-
-extern token_t AuthMethods[];
-extern token_t DigestMethods[];
-
-typedef enum {
- SET,
- GET
-} oper_t;
-
-typedef enum {
- U_PR, // private
- U_IO, // Initialize Only -- during login
- U_LO, // Leading Only -- when TSIH is zero
- U_FFPO, // Full Feature Phase Only
- U_ALL // in any phase
-} usage_t;
-
-typedef enum {
- S_PR,
- S_CO, // Connect only
- S_SW // Session Wide
-} scope_t;
-
-typedef void keyfun_t(isess_t *, oper_t);
-
-typedef struct {
- usage_t usage;
- scope_t scope;
- char *name;
- int tokenID;
-} textkey_t;
-
-typedef int handler_t(isess_t *sess, pdu_t *pp);
-
-int authenticateLogin(isess_t *sess);
-int fsm(isc_opt_t *op);
-int sendPDU(isess_t *sess, pdu_t *pp, handler_t *hdlr);
-int addText(pdu_t *pp, char *fmt, ...);
-void freePDU(pdu_t *pp);
-int xmitpdu(isess_t *sess, pdu_t *pp);
-int recvpdu(isess_t *sess, pdu_t *pp);
-
-int lookup(token_t *tbl, char *m);
-
-extern int vflag;
-extern char *iscsidev;
-
-void parseArgs(int nargs, char **args, isc_opt_t *op);
-void parseConfig(FILE *fd, char *key, isc_opt_t *op);
-
-char *chapDigest(char *ap, char id, char *cp, char *chapSecret);
-char *genChapChallenge(char *encoding, uint len);
-
-int str2bin(char *str, char **rsp);
-char *bin2str(char *fmt, unsigned char *md, int blen);
-
-int negotiateOPV(isess_t *sess);
-int setOptions(isess_t *sess, int flag);
-
-int loginPhase(isess_t *sess);
diff --git a/sbin/iscontrol/login.c b/sbin/iscontrol/login.c
deleted file mode 100644
index c4fbc46548e9..000000000000
--- a/sbin/iscontrol/login.c
+++ /dev/null
@@ -1,442 +0,0 @@
-/*-
- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
- *
- * Copyright (c) 2005-2010 Daniel Braniss <danny@cs.huji.ac.il>
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- */
-/*
- | $Id: login.c,v 1.4 2007/04/27 07:40:40 danny Exp danny $
- */
-
-#include <sys/cdefs.h>
-__FBSDID("$FreeBSD$");
-
-#include <sys/param.h>
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <sys/sysctl.h>
-
-#include <netinet/in.h>
-#include <netinet/tcp.h>
-#include <arpa/inet.h>
-#include <sys/ioctl.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include <dev/iscsi_initiator/iscsi.h>
-#include "iscontrol.h"
-
-static char *status_class1[] = {
- "Initiator error",
- "Authentication failure",
- "Authorization failure",
- "Not found",
- "Target removed",
- "Unsupported version",
- "Too many connections",
- "Missing parameter",
- "Can't include in session",
- "Session type not supported",
- "Session does not exist",
- "Invalid during login",
-};
-#define CLASS1_ERRS ((sizeof status_class1) / sizeof(char *))
-
-static char *status_class3[] = {
- "Target error",
- "Service unavailable",
- "Out of resources"
-};
-#define CLASS3_ERRS ((sizeof status_class3) / sizeof(char *))
-
-static char *
-selectFrom(char *str, token_t *list)
-{
- char *sep, *sp;
- token_t *lp;
- int n;
-
- sp = str;
- do {
- sep = strchr(sp, ',');
- if(sep != NULL)
- n = sep - sp;
- else
- n = strlen(sp);
-
- for(lp = list; lp->name != NULL; lp++) {
- if(strncasecmp(lp->name, sp, n) == 0)
- return strdup(lp->name);
- }
- sp = sep + 1;
- } while(sep != NULL);
-
- return NULL;
-}
-
-static char *
-getkeyval(char *key, pdu_t *pp)
-{
- char *ptr;
- int klen, len, n;
-
- debug_called(3);
-
- len = pp->ds_len;
- ptr = (char *)pp->ds_addr;
- klen = strlen(key);
- while(len > klen) {
- if(strncmp(key, ptr, klen) == 0)
- return ptr+klen;
- n = strlen(ptr) + 1;
- len -= n;
- ptr += n;
- }
- return 0;
-}
-
-static int
-handleTgtResp(isess_t *sess, pdu_t *pp)
-{
- isc_opt_t *op = sess->op;
- char *np, *rp, *d1, *d2;
- int res, l1, l2;
-
- res = -1;
- if(((np = getkeyval("CHAP_N=", pp)) == NULL) ||
- ((rp = getkeyval("CHAP_R=", pp)) == NULL))
- goto out;
- if(strcmp(np, op->tgtChapName? op->tgtChapName: op->initiatorName) != 0) {
- fprintf(stderr, "%s does not match\n", np);
- goto out;
- }
- l1 = str2bin(op->tgtChapDigest, &d1);
- l2 = str2bin(rp, &d2);
-
- debug(3, "l1=%d '%s' l2=%d '%s'", l1, op->tgtChapDigest, l2, rp);
- if(l1 == l2 && memcmp(d1, d2, l1) == 0)
- res = 0;
- if(l1)
- free(d1);
- if(l2)
- free(d2);
- out:
- free(op->tgtChapDigest);
- op->tgtChapDigest = NULL;
-
- debug(3, "res=%d", res);
-
- return res;
-}
-
-static void
-processParams(isess_t *sess, pdu_t *pp)
-{
- isc_opt_t *op = sess->op;
- int len, klen, n;
- char *eq, *ptr;
-
- debug_called(3);
-
- len = pp->ds_len;
- ptr = (char *)pp->ds_addr;
- while(len > 0) {
- if(vflag > 1)
- printf("got: len=%d %s\n", len, ptr);
- klen = 0;
- if((eq = strchr(ptr, '=')) != NULL)
- klen = eq - ptr;
- if(klen > 0) {
- if(strncmp(ptr, "TargetAddress", klen) == 0) {
- char *p, *q, *ta = NULL;
-
- // TargetAddress=domainname[:port][,portal-group-tag]
- // XXX: if(op->targetAddress) free(op->targetAddress);
- q = op->targetAddress = strdup(eq+1);
- if(*q == '[') {
- // bracketed IPv6
- if((q = strchr(q, ']')) != NULL) {
- *q++ = '\0';
- ta = op->targetAddress;
- op->targetAddress = strdup(ta+1);
- } else
- q = op->targetAddress;
- }
- if((p = strchr(q, ',')) != NULL) {
- *p++ = 0;
- op->targetPortalGroupTag = atoi(p);
- }
- if((p = strchr(q, ':')) != NULL) {
- *p++ = 0;
- op->port = atoi(p);
- }
- if(ta)
- free(ta);
- } else if(strncmp(ptr, "MaxRecvDataSegmentLength", klen) == 0) {
- // danny's RFC
- op->maxXmitDataSegmentLength = strtol(eq+1, (char **)NULL, 0);
- } else if(strncmp(ptr, "TargetPortalGroupTag", klen) == 0) {
- op->targetPortalGroupTag = strtol(eq+1, (char **)NULL, 0);
- } else if(strncmp(ptr, "HeaderDigest", klen) == 0) {
- op->headerDigest = selectFrom(eq+1, DigestMethods);
- } else if(strncmp(ptr, "DataDigest", klen) == 0) {
- op->dataDigest = selectFrom(eq+1, DigestMethods);
- } else if(strncmp(ptr, "MaxOutstandingR2T", klen) == 0)
- op->maxOutstandingR2T = strtol(eq+1, (char **)NULL, 0);
-#if 0
- else
- for(kp = keyMap; kp->name; kp++) {
- if(strncmp(ptr, kp->name, kp->len) == 0 && ptr[kp->len] == '=')
- mp->func(sess, ptr+kp->len+1, GET);
- }
-#endif
- }
- n = strlen(ptr) + 1;
- len -= n;
- ptr += n;
- }
-
-}
-
-static int
-handleLoginResp(isess_t *sess, pdu_t *pp)
-{
- login_rsp_t *lp = (login_rsp_t *)pp;
- uint st_class, status = ntohs(lp->status);
-
- debug_called(3);
- debug(4, "Tbit=%d csg=%d nsg=%d status=%x", lp->T, lp->CSG, lp->NSG, status);
-
- st_class = status >> 8;
- if(status) {
- uint st_detail = status & 0xff;
-
- switch(st_class) {
- case 1: // Redirect
- switch(st_detail) {
- // the ITN (iSCSI target Name) requests a:
- case 1: // temporary address change
- case 2: // permanent address change
- status = 0;
- }
- break;
-
- case 2: // Initiator Error
- if(st_detail < CLASS1_ERRS)
- printf("0x%04x: %s\n", status, status_class1[st_detail]);
- break;
-
- case 3:
- if(st_detail < CLASS3_ERRS)
- printf("0x%04x: %s\n", status, status_class3[st_detail]);
- break;
- }
- }
-
- if(status == 0) {
- processParams(sess, pp);
- setOptions(sess, 0); // XXX: just in case ...
-
- if(lp->T) {
- isc_opt_t *op = sess->op;
-
- if(sess->csg == SN_PHASE && (op->tgtChapDigest != NULL))
- if(handleTgtResp(sess, pp) != 0)
- return 1; // XXX: Authentication failure ...
- sess->csg = lp->NSG;
- if(sess->csg == FF_PHASE) {
- // XXX: will need this when implementing reconnect.
- sess->tsih = lp->tsih;
- debug(2, "TSIH=%x", sess->tsih);
- }
- }
- }
-
- return st_class;
-}
-
-static int
-handleChap(isess_t *sess, pdu_t *pp)
-{
- pdu_t spp;
- login_req_t *lp;
- isc_opt_t *op = sess->op;
- char *ap, *ip, *cp, *digest; // MD5 is 128bits, SHA1 160bits
-
- debug_called(3);
-
- bzero(&spp, sizeof(pdu_t));
- lp = (login_req_t *)&spp.ipdu.bhs;
- lp->cmd = ISCSI_LOGIN_CMD | 0x40; // login request + Inmediate
- memcpy(lp->isid, sess->isid, 6);
- lp->tsih = sess->tsih; // MUST be zero the first time!
- lp->CID = htons(1);
- lp->CSG = SN_PHASE; // Security Negotiation
- lp->NSG = LON_PHASE;
- lp->T = 1;
-
- if(((ap = getkeyval("CHAP_A=", pp)) == NULL) ||
- ((ip = getkeyval("CHAP_I=", pp)) == NULL) ||
- ((cp = getkeyval("CHAP_C=", pp)) == NULL))
- return -1;
-
- if((digest = chapDigest(ap, (char)strtol(ip, (char **)NULL, 0), cp, op->chapSecret)) == NULL)
- return -1;
-
- addText(&spp, "CHAP_N=%s", op->chapIName? op->chapIName: op->initiatorName);
- addText(&spp, "CHAP_R=%s", digest);
- free(digest);
-
- if(op->tgtChapSecret != NULL) {
- op->tgtChapID = (random() >> 24) % 255; // should be random enough ...
- addText(&spp, "CHAP_I=%d", op->tgtChapID);
- cp = genChapChallenge(cp, op->tgtChallengeLen? op->tgtChallengeLen: 8);
- addText(&spp, "CHAP_C=%s", cp);
- op->tgtChapDigest = chapDigest(ap, op->tgtChapID, cp, op->tgtChapSecret);
- }
-
- return sendPDU(sess, &spp, handleLoginResp);
-}
-
-static int
-authenticate(isess_t *sess)
-{
- pdu_t spp;
- login_req_t *lp;
- isc_opt_t *op = sess->op;
-
- bzero(&spp, sizeof(pdu_t));
- lp = (login_req_t *)&spp.ipdu.bhs;
- lp->cmd = ISCSI_LOGIN_CMD | 0x40; // login request + Inmediate
- memcpy(lp->isid, sess->isid, 6);
- lp->tsih = sess->tsih; // MUST be zero the first time!
- lp->CID = htons(1);
- lp->CSG = SN_PHASE; // Security Negotiation
- lp->NSG = SN_PHASE;
- lp->T = 0;
-
- switch((authm_t)lookup(AuthMethods, op->authMethod)) {
- case NONE:
- return 0;
-
- case KRB5:
- case SPKM1:
- case SPKM2:
- case SRP:
- return 2;
-
- case CHAP:
- if(op->chapDigest == 0)
- addText(&spp, "CHAP_A=5");
- else
- if(strcmp(op->chapDigest, "MD5") == 0)
- addText(&spp, "CHAP_A=5");
- else
- if(strcmp(op->chapDigest, "SHA1") == 0)
- addText(&spp, "CHAP_A=7");
- else
- addText(&spp, "CHAP_A=5,7");
- return sendPDU(sess, &spp, handleChap);
- }
- return 1;
-}
-
-int
-loginPhase(isess_t *sess)
-{
- pdu_t spp, *sp = &spp;
- isc_opt_t *op = sess->op;
- login_req_t *lp;
- int status = 1;
-
- debug_called(3);
-
- bzero(sp, sizeof(pdu_t));
- lp = (login_req_t *)&spp.ipdu.bhs;
- lp->cmd = ISCSI_LOGIN_CMD | 0x40; // login request + Inmediate
- memcpy(lp->isid, sess->isid, 6);
- lp->tsih = sess->tsih; // MUST be zero the first time!
- lp->CID = htons(1); // sess->cid?
-
- if((lp->CSG = sess->csg) == LON_PHASE)
- lp->NSG = FF_PHASE; // lets try and go full feature ...
- else
- lp->NSG = LON_PHASE;
- lp->T = 1; // transit to next login stage
-
- if(sess->flags & SESS_INITIALLOGIN1) {
- sess->flags &= ~SESS_INITIALLOGIN1;
-
- addText(sp, "SessionType=%s", op->sessionType);
- addText(sp, "InitiatorName=%s", op->initiatorName);
- if(strcmp(op->sessionType, "Discovery") != 0) {
- addText(sp, "TargetName=%s", op->targetName);
- }
- }
- switch(sess->csg) {
- case SN_PHASE: // Security Negotiation
- addText(sp, "AuthMethod=%s", op->authMethod);
- break;
-
- case LON_PHASE: // Login Operational Negotiation
- if((sess->flags & SESS_NEGODONE) == 0) {
- sess->flags |= SESS_NEGODONE;
- addText(sp, "MaxBurstLength=%d", op->maxBurstLength);
- addText(sp, "HeaderDigest=%s", op->headerDigest);
- addText(sp, "DataDigest=%s", op->dataDigest);
- addText(sp, "MaxRecvDataSegmentLength=%d", op->maxRecvDataSegmentLength);
- addText(sp, "ErrorRecoveryLevel=%d", op->errorRecoveryLevel);
- addText(sp, "DefaultTime2Wait=%d", op->defaultTime2Wait);
- addText(sp, "DefaultTime2Retain=%d", op->defaultTime2Retain);
- addText(sp, "DataPDUInOrder=%s", op->dataPDUInOrder? "Yes": "No");
- addText(sp, "DataSequenceInOrder=%s", op->dataSequenceInOrder? "Yes": "No");
- addText(sp, "MaxOutstandingR2T=%d", op->maxOutstandingR2T);
-
- if(strcmp(op->sessionType, "Discovery") != 0) {
- addText(sp, "MaxConnections=%d", op->maxConnections);
- addText(sp, "FirstBurstLength=%d", op->firstBurstLength);
- addText(sp, "InitialR2T=%s", op->initialR2T? "Yes": "No");
- addText(sp, "ImmediateData=%s", op->immediateData? "Yes": "No");
- }
- }
-
- break;
- }
-
- status = sendPDU(sess, &spp, handleLoginResp);
-
- switch(status) {
- case 0: // all is ok ...
- if(sess->csg == SN_PHASE)
- /*
- | if we are still here, then we need
- | to exchange some secrets ...
- */
- status = authenticate(sess);
- }
-
- return status;
-}
diff --git a/sbin/iscontrol/misc.c b/sbin/iscontrol/misc.c
deleted file mode 100644
index 339763404e78..000000000000
--- a/sbin/iscontrol/misc.c
+++ /dev/null
@@ -1,228 +0,0 @@
-/*-
- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
- *
- * Copyright (c) 2005-2010 Daniel Braniss <danny@cs.huji.ac.il>
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- */
-
-/*
- | $Id: misc.c,v 2.1 2006/11/12 08:06:51 danny Exp $
- */
-
-#include <sys/cdefs.h>
-__FBSDID("$FreeBSD$");
-
-#include <sys/param.h>
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <sys/sysctl.h>
-
-#include <netinet/in.h>
-#include <netinet/tcp.h>
-#include <arpa/inet.h>
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
-
-#include <dev/iscsi_initiator/iscsi.h>
-#include "iscontrol.h"
-
-static inline char
-c2b(unsigned char c)
-{
- switch(c) {
- case '0' ... '9':
- return c - '0';
- case 'a' ... 'f':
- return c - 'a' + 10;
- case 'A' ... 'F':
- return c - 'A' + 10;
- }
- return 0;
-}
-
-static char base64[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
- "abcdefghijklmnopqrstuvwxyz"
- "0123456789+/";
-
-static __inline unsigned char
-c64tobin(unsigned char c64)
-{
- int i;
- for(i = 0; i < 64; i++)
- if(base64[i] == c64)
- break;
- return i;
-}
-/*
- | according to rfc3720, the binary string
- | cannot be larger than 1024 - but i can't find it :-) XXX
- | not enforced yet.
- */
-int
-str2bin(char *str, char **rsp)
-{
- char *src, *dst, *tmp;
- int i, len = 0;
-
- src = str;
- tmp = NULL;
- if(strncasecmp("0x", src, 2) == 0) {
- src += 2;
- len = strlen(src);
-
- if((tmp = malloc((len+1)/2)) == NULL) {
- // XXX: print some error?
- return 0;
- }
- dst = tmp;
- if(len & 1)
- *dst++ = c2b(*src++);
- while(*src) {
- *dst = c2b(*src++) << 4;
- *dst++ |= c2b(*src++);
- }
- len = dst - tmp;
- } else
- if(strncasecmp("0b", src , 2) == 0) {
- // base64
- unsigned char b6;
-
- src += 2;
- len = strlen(src) / 4 * 3;
- if((tmp = malloc(len)) == NULL) {
- // XXX: print some error?
- return 0;
- }
- dst = tmp;
- i = 0;
- while(*src && ((b6 = c64tobin(*src++)) != 64)) {
- switch(i % 4) {
- case 0:
- *dst = b6 << 2;
- break;
- case 1:
- *dst++ |= b6 >> 4;
- *dst = b6 << 4;
- break;
- case 2:
- *dst++ |= b6 >> 2;
- *dst = b6 << 6;
- break;
- case 3:
- *dst++ |= b6;
- break;
- }
- i++;
- }
- len = dst - tmp;
- }
- else {
- /*
- | assume it to be an ascii string, so just copy it
- */
- len = strlen(str);
- if((tmp = malloc(len)) == NULL)
- return 0;
- dst = tmp;
- src = str;
- while(*src)
- *dst++ = *src++;
- }
-
- *rsp = tmp;
- return len;
-}
-
-char *
-bin2str(char *encoding, unsigned char *md, int blen)
-{
- int len;
- char *dst, *ds;
- unsigned char *cp;
-
- if(strncasecmp(encoding, "0x", 2) == 0) {
- char ofmt[5];
-
- len = blen * 2;
- dst = malloc(len + 3);
- strcpy(dst, encoding);
- ds = dst + 2;
- cp = md;
- sprintf(ofmt, "%%02%c", encoding[1]);
- while(blen-- > 0) {
- sprintf(ds, ofmt, *cp++);
- ds += 2;
- }
- *ds = 0;
- return dst;
- }
- if(strncasecmp(encoding, "0b", 2) == 0) {
- int i, b6;
-
- len = (blen + 2) * 4 / 3;
- dst = malloc(len + 3);
- strcpy(dst, encoding);
- ds = dst + 2;
- cp = md;
- b6 = 0; // to keep compiler happy.
- for(i = 0; i < blen; i++) {
- switch(i % 3) {
- case 0:
- *ds++ = base64[*cp >> 2];
- b6 = (*cp & 0x3) << 4;
- break;
- case 1:
- b6 += (*cp >> 4);
- *ds++ = base64[b6];
- b6 = (*cp & 0xf) << 2;
- break;
- case 2:
- b6 += (*cp >> 6);
- *ds++ = base64[b6];
- *ds++ = base64[*cp & 0x3f];
- }
- cp++;
- }
- switch(blen % 3) {
- case 0:
- break;
- case 1:
- *ds++ = base64[b6];
- *ds++ = '=';
- *ds++ = '=';
- break;
- case 2:
- *ds++ = base64[b6];
- *ds++ = '=';
- break;
- }
-
- *ds = 0;
- return dst;
- }
-
- return NULL;
-}
diff --git a/sbin/iscontrol/pdu.c b/sbin/iscontrol/pdu.c
deleted file mode 100644
index 3133e5367f25..000000000000
--- a/sbin/iscontrol/pdu.c
+++ /dev/null
@@ -1,178 +0,0 @@
-/*-
- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
- *
- * Copyright (c) 2005-2010 Daniel Braniss <danny@cs.huji.ac.il>
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- */
-/*
- | $Id: pdu.c,v 2.2 2006/12/01 09:11:56 danny Exp danny $
- */
-
-#include <sys/cdefs.h>
-__FBSDID("$FreeBSD$");
-
-#include <sys/types.h>
-#include <sys/time.h>
-#include <sys/uio.h>
-#include <sys/ioctl.h>
-#include <unistd.h>
-#include <stdlib.h>
-#include <string.h>
-#include <errno.h>
-#include <stdio.h>
-#include <stdarg.h>
-#include <camlib.h>
-
-#include <dev/iscsi_initiator/iscsi.h>
-#include "iscontrol.h"
-
-static void pukeText(char *it, pdu_t *pp);
-
-int
-xmitpdu(isess_t *sess, pdu_t *pp)
-{
- if(ioctl(sess->fd, ISCSISEND, pp)) {
- perror("xmitpdu");
- return -1;
- }
- if(vflag)
- pukeText("I-", pp);
-
- return 0;
-}
-
-int
-recvpdu(isess_t *sess, pdu_t *pp)
-{
- if(ioctl(sess->fd, ISCSIRECV, pp)) {
- perror("recvpdu");
- return -1;
- }
- // XXX: return error if truncated via
- // the FUDGE factor.
- if(vflag)
- pukeText("T-", pp);
-
- return 0;
-}
-
-int
-sendPDU(isess_t *sess, pdu_t *pp, handler_t *hdlr)
-{
- if(xmitpdu(sess, pp))
- return 0;
- if(hdlr) {
- int res;
-
- pp->ahs_size = 8 * 1024;
- if((pp->ahs_addr = malloc(pp->ahs_size)) == NULL) {
- fprintf(stderr, "out of mem!");
- return -1;
- }
- pp->ds_size = 0;
- if((res = recvpdu(sess, pp)) != 0) {
- fprintf(stderr, "recvpdu failed\n");
- return res;
- }
- res = hdlr(sess, pp);
- freePDU(pp);
- return res;
- }
- return 1;
-}
-
-
-#define FUDGE (512 * 8)
-/*
- | We use the same memory for the response
- | so make enough room ...
- | XXX: must find a better way.
- */
-int
-addText(pdu_t *pp, char *fmt, ...)
-{
- u_int len;
- char *str;
- va_list ap;
-
- va_start(ap, fmt);
- len = vasprintf(&str, fmt, ap) + 1;
- if((pp->ds_len + len) > 0xffffff) {
- printf("ds overflow\n");
- free(str);
- return 0;
- }
-
- if((pp->ds_len + len) > pp->ds_size) {
- u_char *np;
-
- np = realloc(pp->ds_addr, pp->ds_size + len + FUDGE);
- if(np == NULL) {
- free(str);
- //XXX: out of memory!
- return -1;
- }
- pp->ds_addr = np;
- pp->ds_size += len + FUDGE;
- }
- memcpy(pp->ds_addr + pp->ds_len, str, len);
- pp->ds_len += len;
- free(str);
- return len;
-}
-
-void
-freePDU(pdu_t *pp)
-{
- if(pp->ahs_size)
- free(pp->ahs_addr);
- if(pp->ds_size)
- free(pp->ds_addr);
- bzero(&pp->ipdu, sizeof(union ipdu_u));
- pp->ahs_addr = NULL;
- pp->ds_addr = NULL;
- pp->ahs_size = 0;
- pp->ds_size = pp->ds_len = 0;
-}
-
-static void
-pukeText(char *it, pdu_t *pp)
-{
- char *ptr;
- int cmd;
- size_t len, n;
-
- len = pp->ds_len;
- ptr = (char *)pp->ds_addr;
- cmd = pp->ipdu.bhs.opcode;
-
- printf("%s: cmd=0x%x len=%d\n", it, cmd, (int)len);
- while(len > 0) {
- printf("\t%s\n", ptr);
- n = strlen(ptr) + 1;
- len -= n;
- ptr += n;
- }
-}
diff --git a/sbin/kldstat/kldstat.c b/sbin/kldstat/kldstat.c
index 38918890b879..0925223da23a 100644
--- a/sbin/kldstat/kldstat.c
+++ b/sbin/kldstat/kldstat.c
@@ -40,166 +40,171 @@ __FBSDID("$FreeBSD$");
#include <sys/linker.h>
#include <strings.h>
-#define POINTER_WIDTH ((int)(sizeof(void *) * 2 + 2))
+#define POINTER_WIDTH ((int)(sizeof(void *) * 2 + 2))
static int showdata = 0;
static void
printmod(int modid)
{
- struct module_stat stat;
-
- bzero(&stat, sizeof(stat));
- stat.version = sizeof(struct module_stat);
- if (modstat(modid, &stat) < 0)
- warn("can't stat module id %d", modid);
- else
- if (showdata) {
- printf("\t\t%3d %s (%d, %u, 0x%lx)\n", stat.id, stat.name,
- stat.data.intval, stat.data.uintval, stat.data.ulongval);
- } else {
- printf("\t\t%3d %s\n", stat.id, stat.name);
+ struct module_stat stat;
+
+ bzero(&stat, sizeof(stat));
+ stat.version = sizeof(struct module_stat);
+ if (modstat(modid, &stat) < 0)
+ warn("can't stat module id %d", modid);
+ else {
+ if (showdata)
+ printf("\t\t%3d %s (%d, %u, 0x%lx)\n", stat.id,
+ stat.name, stat.data.intval, stat.data.uintval,
+ stat.data.ulongval);
+ else
+ printf("\t\t%3d %s\n", stat.id, stat.name);
}
}
static void
printfile(int fileid, int verbose, int humanized)
{
- struct kld_file_stat stat;
- int modid;
- char buf[5];
-
- stat.version = sizeof(struct kld_file_stat);
- if (kldstat(fileid, &stat) < 0) {
- err(1, "can't stat file id %d", fileid);
- } else {
- if (humanized) {
- humanize_number(buf, sizeof(buf), stat.size,
- "", HN_AUTOSCALE, HN_DECIMAL | HN_NOSPACE);
-
- printf("%2d %4d %*p %5s %s",
- stat.id, stat.refs, POINTER_WIDTH, stat.address, buf,
- stat.name);
+ struct kld_file_stat stat;
+ int modid;
+ char buf[5];
+
+ stat.version = sizeof(struct kld_file_stat);
+ if (kldstat(fileid, &stat) < 0) {
+ err(1, "can't stat file id %d", fileid);
} else {
- printf("%2d %4d %*p %8zx %s",
- stat.id, stat.refs, POINTER_WIDTH, stat.address, stat.size,
- stat.name);
+ if (humanized) {
+ humanize_number(buf, sizeof(buf), stat.size,
+ "", HN_AUTOSCALE, HN_DECIMAL | HN_NOSPACE);
+
+ printf("%2d %4d %*p %5s %s",
+ stat.id, stat.refs, POINTER_WIDTH, stat.address,
+ buf, stat.name);
+ } else {
+ printf("%2d %4d %*p %8zx %s",
+ stat.id, stat.refs, POINTER_WIDTH, stat.address,
+ stat.size, stat.name);
+ }
}
- }
-
- if (verbose) {
- printf(" (%s)\n", stat.pathname);
- printf("\tContains modules:\n");
- printf("\t\t Id Name\n");
- for (modid = kldfirstmod(fileid); modid > 0;
- modid = modfnext(modid))
- printmod(modid);
- } else
- printf("\n");
+
+ if (verbose) {
+ printf(" (%s)\n", stat.pathname);
+ printf("\tContains modules:\n");
+ printf("\t\t Id Name\n");
+ for (modid = kldfirstmod(fileid); modid > 0; modid = modfnext(modid))
+ printmod(modid);
+ } else
+ printf("\n");
}
static void
usage(void)
{
- fprintf(stderr, "usage: kldstat [-d] [-h] [-q] [-v] [-i id] [-n filename]\n");
- fprintf(stderr, " kldstat [-d] [-q] [-m modname]\n");
- exit(1);
+ fprintf(stderr, "usage: kldstat [-d] [-h] [-q] [-v] [-i id] [-n filename]\n");
+ fprintf(stderr, " kldstat [-d] [-q] [-m modname]\n");
+ exit(1);
}
int
main(int argc, char** argv)
{
- int c;
- int humanized = 0;
- int verbose = 0;
- int fileid = 0;
- int quiet = 0;
- char* filename = NULL;
- char* modname = NULL;
- char* p;
-
- while ((c = getopt(argc, argv, "dhi:m:n:qv")) != -1)
- switch (c) {
- case 'd':
- showdata = 1;
- break;
- case 'h':
- humanized = 1;
- break;
- case 'i':
- fileid = (int)strtoul(optarg, &p, 10);
- if (*p != '\0')
+ int c;
+ int humanized = 0;
+ int verbose = 0;
+ int fileid = 0;
+ int quiet = 0;
+ char* filename = NULL;
+ char* modname = NULL;
+ char* p;
+
+ while ((c = getopt(argc, argv, "dhi:m:n:qv")) != -1)
+ switch (c) {
+ case 'd':
+ showdata = 1;
+ break;
+ case 'h':
+ humanized = 1;
+ break;
+ case 'i':
+ fileid = (int)strtoul(optarg, &p, 10);
+ if (*p != '\0')
+ usage();
+ break;
+ case 'm':
+ modname = optarg;
+ break;
+ case 'n':
+ filename = optarg;
+ break;
+ case 'q':
+ quiet = 1;
+ break;
+ case 'v':
+ verbose = 1;
+ break;
+ default:
+ usage();
+ }
+ argc -= optind;
+ argv += optind;
+
+ if (argc != 0)
usage();
- break;
- case 'm':
- modname = optarg;
- break;
- case 'n':
- filename = optarg;
- break;
- case 'q':
- quiet = 1;
- break;
- case 'v':
- verbose = 1;
- break;
- default:
- usage();
- }
- argc -= optind;
- argv += optind;
- if (argc != 0)
- usage();
+ if (modname != NULL) {
+ int modid;
+ struct module_stat stat;
- if (modname != NULL) {
- int modid;
- struct module_stat stat;
+ if ((modid = modfind(modname)) < 0) {
+ if (!quiet)
+ warn("can't find module %s", modname);
+ return 1;
+ } else if (quiet) {
+ return 0;
+ }
+
+ stat.version = sizeof(struct module_stat);
+ if (modstat(modid, &stat) < 0)
+ warn("can't stat module id %d", modid);
+ else {
+ if (showdata) {
+ printf("Id Refs Name data..(int, uint, ulong)\n");
+ printf("%3d %4d %s (%d, %u, 0x%lx)\n",
+ stat.id, stat.refs, stat.name,
+ stat.data.intval, stat.data.uintval,
+ stat.data.ulongval);
+ } else {
+ printf("Id Refs Name\n");
+ printf("%3d %4d %s\n", stat.id, stat.refs,
+ stat.name);
+ }
+ }
- if ((modid = modfind(modname)) < 0) {
- if (!quiet)
- warn("can't find module %s", modname);
- return 1;
- } else if (quiet) {
- return 0;
+ return 0;
}
- stat.version = sizeof(struct module_stat);
- if (modstat(modid, &stat) < 0)
- warn("can't stat module id %d", modid);
- else {
- if (showdata) {
- printf("Id Refs Name data..(int, uint, ulong)\n");
- printf("%3d %4d %s (%d, %u, 0x%lx)\n", stat.id, stat.refs, stat.name,
- stat.data.intval, stat.data.uintval, stat.data.ulongval);
- } else {
- printf("Id Refs Name\n");
- printf("%3d %4d %s\n", stat.id, stat.refs, stat.name);
+ if (filename != NULL) {
+ if ((fileid = kldfind(filename)) < 0) {
+ if (!quiet)
+ warn("can't find file %s", filename);
+ return 1;
+ } else if (quiet) {
+ return 0;
}
}
+ if (humanized)
+ printf("Id Refs Address%*c %5s Name\n", POINTER_WIDTH - 7,
+ ' ', "Size");
+ else
+ printf("Id Refs Address%*c %8s Name\n", POINTER_WIDTH - 7,
+ ' ', "Size");
+ if (fileid != 0)
+ printfile(fileid, verbose, humanized);
+ else
+ for (fileid = kldnext(0); fileid > 0; fileid = kldnext(fileid))
+ printfile(fileid, verbose, humanized);
+
return 0;
- }
-
- if (filename != NULL) {
- if ((fileid = kldfind(filename)) < 0) {
- if (!quiet)
- warn("can't find file %s", filename);
- return 1;
- } else if (quiet) {
- return 0;
- }
- }
-
- if (humanized)
- printf("Id Refs Address%*c %5s Name\n", POINTER_WIDTH - 7, ' ', "Size");
- else
- printf("Id Refs Address%*c %8s Name\n", POINTER_WIDTH - 7, ' ', "Size");
- if (fileid != 0)
- printfile(fileid, verbose, humanized);
- else
- for (fileid = kldnext(0); fileid > 0; fileid = kldnext(fileid))
- printfile(fileid, verbose, humanized);
-
- return 0;
}
diff --git a/sbin/ldconfig/Makefile b/sbin/ldconfig/Makefile
index 2ead668578f6..070c2c3d6901 100644
--- a/sbin/ldconfig/Makefile
+++ b/sbin/ldconfig/Makefile
@@ -3,6 +3,7 @@
PACKAGE=runtime
PROG= ldconfig
SRCS= elfhints.c ldconfig.c
+CFLAGS+= -I${SRCTOP}/libexec/rtld-elf
MAN= ldconfig.8
.include <bsd.prog.mk>
diff --git a/sbin/ldconfig/elfhints.c b/sbin/ldconfig/elfhints.c
index bbedac64b3ff..81236feec5ca 100644
--- a/sbin/ldconfig/elfhints.c
+++ b/sbin/ldconfig/elfhints.c
@@ -48,17 +48,17 @@
#define MAXDIRS 1024 /* Maximum directories in path */
#define MAXFILESIZE (16*1024) /* Maximum hints file size */
-static void add_dir(const char *, const char *, int);
+static void add_dir(const char *, const char *, bool);
static void read_dirs_from_file(const char *, const char *);
-static void read_elf_hints(const char *, int);
+static void read_elf_hints(const char *, bool);
static void write_elf_hints(const char *);
static const char *dirs[MAXDIRS];
static int ndirs;
-int insecure;
+bool insecure;
static void
-add_dir(const char *hintsfile, const char *name, int trusted)
+add_dir(const char *hintsfile, const char *name, bool trusted)
{
struct stat stbuf;
int i;
@@ -186,7 +186,7 @@ read_dirs_from_file(const char *hintsfile, const char *listfile)
}
static void
-read_elf_hints(const char *hintsfile, int must_exist)
+read_elf_hints(const char *hintsfile, bool must_exist)
{
int fd;
struct stat s;
@@ -231,15 +231,14 @@ read_elf_hints(const char *hintsfile, int must_exist)
}
void
-update_elf_hints(const char *hintsfile, int argc, char **argv, int merge)
+update_elf_hints(const char *hintsfile, int argc, char **argv, bool merge)
{
- int i;
+ struct stat s;
+ int i;
if (merge)
- read_elf_hints(hintsfile, 0);
+ read_elf_hints(hintsfile, false);
for (i = 0; i < argc; i++) {
- struct stat s;
-
if (stat(argv[i], &s) == -1)
warn("warning: %s", argv[i]);
else if (S_ISREG(s.st_mode))
diff --git a/sbin/ldconfig/ldconfig.8 b/sbin/ldconfig/ldconfig.8
index 63e2271b7cd5..7718f018bc70 100644
--- a/sbin/ldconfig/ldconfig.8
+++ b/sbin/ldconfig/ldconfig.8
@@ -43,7 +43,7 @@
.Sh SYNOPSIS
.Nm
.Op Fl 32
-.Op Fl Rimrsv
+.Op Fl Rimrv
.Op Fl f Ar hints_file
.Op Ar directory | Ar
.Sh DESCRIPTION
@@ -128,10 +128,6 @@ on the standard output.
The hints file is not modified.
.Pp
Scan and print all libraries found on the directories list.
-.It Fl s
-Do not scan the built-in system directory
-.Pq Dq /usr/lib
-for shared libraries.
.It Fl v
Switch on verbose mode.
.El
diff --git a/sbin/ldconfig/ldconfig.c b/sbin/ldconfig/ldconfig.c
index d0c6c9802a52..b039412a648b 100644
--- a/sbin/ldconfig/ldconfig.c
+++ b/sbin/ldconfig/ldconfig.c
@@ -30,11 +30,6 @@
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
-#ifndef lint
-static const char rcsid[] =
- "$FreeBSD$";
-#endif /* not lint */
-
#include <sys/param.h>
#include <sys/types.h>
#include <sys/stat.h>
@@ -46,41 +41,29 @@ static const char rcsid[] =
#include <err.h>
#include <errno.h>
#include <fcntl.h>
+#include <stdbool.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include "ldconfig.h"
-
-#if DEBUG
-/* test */
-#undef _PATH_ELF_HINTS
-#define _PATH_ELF_HINTS "./ld-elf.so.hints"
-#endif
+#include "rtld_paths.h"
#define _PATH_LD32_HINTS "/var/run/ld32.so.hints"
#define _PATH_ELF32_HINTS "/var/run/ld-elf32.so.hints"
#define _PATH_ELFSOFT_HINTS "/var/run/ld-elf-soft.so.hints"
-#undef major
-#undef minor
-
-static int verbose;
-static int nostd;
-static int justread;
-static int merge;
-static int rescan;
-static const char *hints_file;
-
-static void usage(void);
+static void usage(void);
int
main(int argc, char **argv)
{
- int c;
- int is_32 = 0;
- int is_soft = 0;
+ const char *hints_file;
+ int c;
+ bool is_32, is_soft, justread, merge, rescan, verbose;
+
+ is_32 = is_soft = justread = merge = rescan = verbose = false;
while (argc > 1) {
if (strcmp(argv[1], "-aout") == 0) {
@@ -89,11 +72,11 @@ main(int argc, char **argv)
argc--;
argv++;
} else if (strcmp(argv[1], "-32") == 0) {
- is_32 = 1;
+ is_32 = true;
argc--;
argv++;
} else if (strcmp(argv[1], "-soft") == 0) {
- is_soft = 1;
+ is_soft = true;
argc--;
argv++;
} else {
@@ -102,35 +85,33 @@ main(int argc, char **argv)
}
if (is_soft)
- hints_file = _PATH_ELFSOFT_HINTS; /* Never will have a.out softfloat */
+ hints_file = _PATH_SOFT_ELF_HINTS;
else if (is_32)
hints_file = _PATH_ELF32_HINTS;
else
hints_file = _PATH_ELF_HINTS;
- if (argc == 1)
- rescan = 1;
- else while((c = getopt(argc, argv, "Rf:imrsv")) != -1) {
+ while((c = getopt(argc, argv, "Rf:imrsv")) != -1) {
switch (c) {
case 'R':
- rescan = 1;
+ rescan = true;
break;
case 'f':
hints_file = optarg;
break;
case 'i':
- insecure = 1;
+ insecure = true;
break;
case 'm':
- merge = 1;
+ merge = true;
break;
case 'r':
- justread = 1;
+ justread = true;
break;
case 's':
- nostd = 1;
+ /* was nostd */
break;
case 'v':
- verbose = 1;
+ verbose = true;
break;
default:
usage();
@@ -138,18 +119,22 @@ main(int argc, char **argv)
}
}
- if (justread)
+ if (justread) {
list_elf_hints(hints_file);
- else
+ } else {
+ if (argc == optind)
+ rescan = true;
update_elf_hints(hints_file, argc - optind,
argv + optind, merge || rescan);
- return 0;
+ }
+ exit(0);
}
static void
usage(void)
{
fprintf(stderr,
- "usage: ldconfig [-32] [-elf] [-Rimrsv] [-f hints_file] [directory | file ...]\n");
+ "usage: ldconfig [-32] [-elf] [-Rimrv] [-f hints_file] "
+ "[directory | file ...]\n");
exit(1);
}
diff --git a/sbin/ldconfig/ldconfig.h b/sbin/ldconfig/ldconfig.h
index 9b278255ac07..8aff4e6a5ef2 100644
--- a/sbin/ldconfig/ldconfig.h
+++ b/sbin/ldconfig/ldconfig.h
@@ -32,12 +32,13 @@
#define LDCONFIG_H 1
#include <sys/cdefs.h>
+#include <stdbool.h>
-extern int insecure; /* -i flag, needed here for elfhints.c */
+extern bool insecure; /* -i flag, needed here for elfhints.c */
__BEGIN_DECLS
void list_elf_hints(const char *);
-void update_elf_hints(const char *, int, char **, int);
+void update_elf_hints(const char *, int, char **, bool);
__END_DECLS
#endif
diff --git a/sbin/mount/Makefile b/sbin/mount/Makefile
index 68c7ee9819d8..34ba498a2a3f 100644
--- a/sbin/mount/Makefile
+++ b/sbin/mount/Makefile
@@ -7,6 +7,6 @@ SRCS= mount.c mount_fs.c getmntopts.c vfslist.c
MAN= mount.8
# We do NOT install the getmntopts.3 man page.
-LIBADD= util
+LIBADD= util xo
.include <bsd.prog.mk>
diff --git a/sbin/mount/mount.8 b/sbin/mount/mount.8
index 3aee1bb86151..59a0f6bb0329 100644
--- a/sbin/mount/mount.8
+++ b/sbin/mount/mount.8
@@ -28,7 +28,7 @@
.\" @(#)mount.8 8.8 (Berkeley) 6/16/94
.\" $FreeBSD$
.\"
-.Dd August 28, 2019
+.Dd May 18, 2021
.Dt MOUNT 8
.Os
.Sh NAME
@@ -36,14 +36,17 @@
.Nd mount file systems
.Sh SYNOPSIS
.Nm
+.Op Fl -libxo
.Op Fl adflpruvw
.Op Fl F Ar fstab
.Op Fl o Ar options
.Op Fl t Oo Cm no Oc Ns Cm Ar type Ns Op Cm , Ns Ar type ...
.Nm
+.Op Fl -libxo
.Op Fl dfpruvw
.Ar special | node
.Nm
+.Op Fl -libxo
.Op Fl dfpruvw
.Op Fl o Ar options
.Op Fl t Oo Cm no Oc Ns Cm Ar type Ns Op Cm , Ns Ar type ...
@@ -72,6 +75,13 @@ this list is printed.
.Pp
The options are as follows:
.Bl -tag -width indent
+.It Fl -libxo
+Generate output via
+.Xr libxo 3
+in a selection of different human and machine readable formats.
+See
+.Xr xo_parse_args 3
+for details on command line arguments.
.It Fl a
All the file systems described in
.Xr fstab 5
@@ -552,6 +562,8 @@ support for a particular file system might be provided either on a static
.Xr setfacl 1 ,
.Xr nmount 2 ,
.Xr acl 3 ,
+.Xr libxo 3 ,
+.Xr xo_parse_args 3 ,
.Xr mac 4 ,
.Xr cd9660 5 ,
.Xr devfs 5 ,
diff --git a/sbin/mount/mount.c b/sbin/mount/mount.c
index fad999c97dc9..9550ecd1c54e 100644
--- a/sbin/mount/mount.c
+++ b/sbin/mount/mount.c
@@ -60,11 +60,18 @@ __FBSDID("$FreeBSD$");
#include <string.h>
#include <unistd.h>
#include <libutil.h>
+#include <libxo/xo.h>
#include "extern.h"
#include "mntopts.h"
#include "pathnames.h"
+#define EXIT(a) { \
+ xo_close_container("mount"); \
+ xo_finish(); \
+ exit(a); \
+ }
+
/* `meta' options */
#define MOUNT_META_OPTION_FSTAB "fstab"
#define MOUNT_META_OPTION_CURRENT "current"
@@ -146,21 +153,21 @@ exec_mountprog(const char *name, const char *execname, char *const argv[])
switch (pid = fork()) {
case -1: /* Error. */
- warn("fork");
- exit (1);
+ xo_warn("fork");
+ EXIT(1);
case 0: /* Child. */
/* Go find an executable. */
execvP(execname, _PATH_SYSPATH, argv);
if (errno == ENOENT) {
- warn("exec %s not found", execname);
+ xo_warn("exec %s not found", execname);
if (execname[0] != '/') {
- warnx("in path: %s", _PATH_SYSPATH);
+ xo_warnx("in path: %s", _PATH_SYSPATH);
}
}
- exit(1);
+ EXIT(1);
default: /* Parent. */
if (waitpid(pid, &status, 0) < 0) {
- warn("waitpid");
+ xo_warn("waitpid");
return (1);
}
@@ -168,7 +175,7 @@ exec_mountprog(const char *name, const char *execname, char *const argv[])
if (WEXITSTATUS(status) != 0)
return (WEXITSTATUS(status));
} else if (WIFSIGNALED(status)) {
- warnx("%s: %s", name, sys_siglist[WTERMSIG(status)]);
+ xo_warnx("%s: %s", name, sys_siglist[WTERMSIG(status)]);
return (1);
}
break;
@@ -185,7 +192,7 @@ specified_ro(const char *arg)
optbuf = strdup(arg);
if (optbuf == NULL)
- err(1, NULL);
+ xo_err(1, "strdup failed");
for (opt = optbuf; (opt = strtok(opt, ",")) != NULL; opt = NULL) {
if (strcmp(opt, "ro") == 0) {
@@ -220,13 +227,13 @@ restart_mountd(void)
* happened due to the bugs in pidfile(3).
*/
if (mountdpid <= 0) {
- warnx("mountd pid %d, refusing to send SIGHUP", mountdpid);
+ xo_warnx("mountd pid %d, refusing to send SIGHUP", mountdpid);
return;
}
/* We have mountd(8) PID in mountdpid varible, let's signal it. */
if (kill(mountdpid, SIGHUP) == -1)
- err(1, "signal mountd");
+ xo_err(1, "signal mountd");
}
int
@@ -244,6 +251,12 @@ main(int argc, char *argv[])
options = NULL;
vfslist = NULL;
vfstype = "ufs";
+
+ argc = xo_parse_args(argc, argv);
+ if (argc < 0)
+ exit(1);
+ xo_open_container("mount");
+
while ((ch = getopt(argc, argv, "adF:fLlno:prt:uvw")) != -1)
switch (ch) {
case 'a':
@@ -285,7 +298,7 @@ main(int argc, char *argv[])
break;
case 't':
if (vfslist != NULL)
- errx(1, "only one -t option may be specified");
+ xo_errx(1, "only one -t option may be specified");
vfslist = makevfslist(optarg);
vfstype = optarg;
break;
@@ -318,7 +331,7 @@ main(int argc, char *argv[])
case 0:
if ((mntsize = getmntinfo(&mntbuf,
verbose ? MNT_WAIT : MNT_NOWAIT)) == 0)
- err(1, "getmntinfo");
+ xo_err(1, "getmntinfo");
if (all) {
while ((fs = getfsent()) != NULL) {
if (BADTYPE(fs->fs_type))
@@ -347,12 +360,17 @@ main(int argc, char *argv[])
rval = 1;
}
} else if (fstab_style) {
+ xo_open_list("fstab");
for (i = 0; i < mntsize; i++) {
if (checkvfsname(mntbuf[i].f_fstypename, vfslist))
continue;
+ xo_open_instance("fstab");
putfsent(&mntbuf[i]);
+ xo_close_instance("fstab");
}
+ xo_close_list("fstab");
} else {
+ xo_open_list("mounted");
for (i = 0; i < mntsize; i++) {
if (checkvfsname(mntbuf[i].f_fstypename,
vfslist))
@@ -360,10 +378,13 @@ main(int argc, char *argv[])
if (!verbose &&
(mntbuf[i].f_flags & MNT_IGNORE) != 0)
continue;
+ xo_open_instance("mounted");
prmount(&mntbuf[i]);
+ xo_close_instance("mounted");
}
+ xo_close_list("mounted");
}
- exit(rval);
+ EXIT(rval);
case 1:
if (vfslist != NULL)
usage();
@@ -373,7 +394,7 @@ main(int argc, char *argv[])
mntfromname = NULL;
have_fstab = 0;
if ((mntbuf = getmntpt(*argv)) == NULL)
- errx(1, "not currently mounted %s", *argv);
+ xo_errx(1, "not currently mounted %s", *argv);
/*
* Only get the mntflags from fstab if both mntpoint
* and mntspec are identical. Also handle the special
@@ -411,10 +432,10 @@ main(int argc, char *argv[])
}
if ((fs = getfsfile(*argv)) == NULL &&
(fs = getfsspec(*argv)) == NULL)
- errx(1, "%s: unknown special file or file system",
+ xo_errx(1, "%s: unknown special file or file system",
*argv);
if (BADTYPE(fs->fs_type))
- errx(1, "%s has unknown file system type",
+ xo_errx(1, "%s has unknown file system type",
*argv);
rval = mountfs(fs->fs_vfstype, fs->fs_spec, fs->fs_file,
init_flags, options, fs->fs_mntops);
@@ -460,7 +481,7 @@ main(int argc, char *argv[])
if (rval == 0 && getuid() == 0)
restart_mountd();
- exit(rval);
+ EXIT(rval);
}
int
@@ -537,7 +558,7 @@ append_arg(struct cpa *sa, char *arg)
sa->sz = sa->sz == 0 ? 8 : sa->sz * 2;
sa->a = realloc(sa->a, sizeof(*sa->a) * sa->sz);
if (sa->a == NULL)
- errx(1, "realloc failed");
+ xo_errx(1, "realloc failed");
}
sa->a[++sa->c] = arg;
}
@@ -553,7 +574,7 @@ mountfs(const char *vfstype, const char *spec, const char *name, int flags,
/* resolve the mountpoint with realpath(3) */
if (checkpath(name, mntpath) != 0) {
- warn("%s", mntpath);
+ xo_warn("%s", mntpath);
return (1);
}
name = mntpath;
@@ -596,12 +617,12 @@ mountfs(const char *vfstype, const char *spec, const char *name, int flags,
if (debug) {
if (use_mountprog(vfstype))
- printf("exec: %s", execname);
+ xo_emit("{Lwc:exec}{:execname/%s}", execname);
else
- printf("mount -t %s", vfstype);
+ xo_emit("{:execname/mount}{P: }{l:opts/-t}{P: }{l:opts/%s}", vfstype);
for (i = 1; i < mnt_argv.c; i++)
- (void)printf(" %s", mnt_argv.a[i]);
- (void)printf("\n");
+ xo_emit("{P: }{l:opts}", mnt_argv.a[i]);
+ xo_emit("\n");
free(optbuf);
free(mountprog);
mountprog = NULL;
@@ -620,13 +641,22 @@ mountfs(const char *vfstype, const char *spec, const char *name, int flags,
if (verbose) {
if (statfs(name, &sf) < 0) {
- warn("statfs %s", name);
+ xo_warn("statfs %s", name);
return (1);
}
- if (fstab_style)
+ if (fstab_style) {
+ xo_open_list("fstab");
+ xo_open_instance("fstab");
putfsent(&sf);
- else
+ xo_close_instance("fstab");
+ xo_close_list("fstab");
+ } else {
+ xo_open_list("mounted");
+ xo_open_instance("mounted");
prmount(&sf);
+ xo_close_instance("mounted");
+ xo_close_list("mounted");
+ }
}
return (ret);
@@ -639,14 +669,15 @@ prmount(struct statfs *sfp)
unsigned int i;
struct mntoptnames *o;
struct passwd *pw;
+ char *fsidbuf;
- (void)printf("%s on %s (%s", sfp->f_mntfromname, sfp->f_mntonname,
- sfp->f_fstypename);
+ xo_emit("{:special/%hs}{L: on }{:node/%hs}{L: (}{:fstype}", sfp->f_mntfromname,
+ sfp->f_mntonname, sfp->f_fstypename);
flags = sfp->f_flags & MNT_VISFLAGMASK;
for (o = optnames; flags != 0 && o->o_opt != 0; o++)
if (flags & o->o_opt) {
- (void)printf(", %s", o->o_name);
+ xo_emit("{D:, }{l:opts}", o->o_name);
flags &= ~o->o_opt;
}
/*
@@ -654,28 +685,40 @@ prmount(struct statfs *sfp)
* or privileged non-root user.
*/
if ((flags & MNT_USER) != 0 || sfp->f_owner != 0) {
- (void)printf(", mounted by ");
+ xo_emit("{D:, }{L:mounted by }");
if ((pw = getpwuid(sfp->f_owner)) != NULL)
- (void)printf("%s", pw->pw_name);
+ xo_emit("{:mounter/%hs}", pw->pw_name);
else
- (void)printf("%d", sfp->f_owner);
+ xo_emit("{:mounter/%hs}", sfp->f_owner);
}
if (verbose) {
- if (sfp->f_syncwrites != 0 || sfp->f_asyncwrites != 0)
- (void)printf(", writes: sync %ju async %ju",
+ if (sfp->f_syncwrites != 0 || sfp->f_asyncwrites != 0) {
+ xo_open_container("writes");
+ xo_emit("{D:, }{Lwc:writes}{Lw:sync}{w:sync/%ju}{Lw:async}{:async/%ju}",
(uintmax_t)sfp->f_syncwrites,
(uintmax_t)sfp->f_asyncwrites);
- if (sfp->f_syncreads != 0 || sfp->f_asyncreads != 0)
- (void)printf(", reads: sync %ju async %ju",
+ xo_close_container("writes");
+ }
+ if (sfp->f_syncreads != 0 || sfp->f_asyncreads != 0) {
+ xo_open_container("reads");
+ xo_emit("{D:, }{Lwc:reads}{Lw:sync}{w:sync/%ju}{Lw:async}{:async/%ju}",
(uintmax_t)sfp->f_syncreads,
(uintmax_t)sfp->f_asyncreads);
+ xo_close_container("reads");
+ }
if (sfp->f_fsid.val[0] != 0 || sfp->f_fsid.val[1] != 0) {
- (void)printf(", fsid ");
+ fsidbuf = malloc(sizeof(sfp->f_fsid) * 2 + 1);
+ if (fsidbuf == NULL)
+ xo_errx(1, "malloc failed");
for (i = 0; i < sizeof(sfp->f_fsid); i++)
- (void)printf("%02x", ((u_char *)&sfp->f_fsid)[i]);
+ sprintf(&fsidbuf[i * 2], "%02x",
+ ((u_char *)&sfp->f_fsid)[i]);
+ fsidbuf[i * 2] = '\0';
+ xo_emit("{D:, }{Lw:fsid}{:fsid}", fsidbuf);
+ free(fsidbuf);
}
}
- (void)printf(")\n");
+ xo_emit("{D:)}\n");
}
struct statfs *
@@ -703,7 +746,7 @@ catopt(char *s0, const char *s1)
if (s0 && *s0) {
if (asprintf(&cp, "%s,%s", s0, s1) == -1)
- errx(1, "asprintf failed");
+ xo_errx(1, "asprintf failed");
} else
cp = strdup(s1);
@@ -758,7 +801,7 @@ mangle(char *options, struct cpa *a)
}
if (mountprog == NULL) {
- errx(1, "Need value for -o mountprog");
+ xo_errx(1, "Need value for -o mountprog");
}
continue;
} else if (strcmp(p, "userquota") == 0) {
@@ -824,7 +867,7 @@ update_options(char *opts, char *fstab, int curflags)
newopt = NULL;
for (p = expopt; (o = strsep(&p, ",")) != NULL;) {
if ((tmpopt = malloc( strlen(o) + 2 + 1 )) == NULL)
- errx(1, "malloc failed");
+ xo_errx(1, "malloc failed");
strcpy(tmpopt, "no");
strcat(tmpopt, o);
@@ -867,11 +910,11 @@ void
usage(void)
{
- (void)fprintf(stderr, "%s\n%s\n%s\n",
+ xo_error("%s\n%s\n%s\n",
"usage: mount [-adflpruvw] [-F fstab] [-o options] [-t ufs | external_type]",
" mount [-dfpruvw] special | node",
" mount [-dfpruvw] [-o options] [-t ufs | external_type] special node");
- exit(1);
+ EXIT(1);
}
void
@@ -899,32 +942,36 @@ putfsent(struct statfs *ent)
}
l = strlen(ent->f_mntfromname);
- printf("%s%s%s%s", ent->f_mntfromname,
+ xo_emit("{:device}{P:/%s}{P:/%s}{P:/%s}",
+ ent->f_mntfromname,
l < 8 ? "\t" : "",
l < 16 ? "\t" : "",
l < 24 ? "\t" : " ");
l = strlen(ent->f_mntonname);
- printf("%s%s%s%s", ent->f_mntonname,
+ xo_emit("{:mntpoint}{P:/%s}{P:/%s}{P:/%s}",
+ ent->f_mntonname,
l < 8 ? "\t" : "",
l < 16 ? "\t" : "",
l < 24 ? "\t" : " ");
- printf("%s\t", ent->f_fstypename);
+ xo_emit("{:fstype}{P:\t}", ent->f_fstypename);
l = strlen(opts);
- printf("%s%s", opts,
+ xo_emit("{:opts}{P:/%s}", opts,
l < 8 ? "\t" : " ");
free(opts);
if ((fst = getfsspec(ent->f_mntfromname)))
- printf("\t%u %u\n", fst->fs_freq, fst->fs_passno);
+ xo_emit("{P:\t}{n:dump/%u}{P: }{n:pass/%u}\n",
+ fst->fs_freq, fst->fs_passno);
else if ((fst = getfsfile(ent->f_mntonname)))
- printf("\t%u %u\n", fst->fs_freq, fst->fs_passno);
+ xo_emit("{P:\t}{n:dump/%u}{P: }{n:pass/%u}\n",
+ fst->fs_freq, fst->fs_passno);
else if (strcmp(ent->f_fstypename, "ufs") == 0) {
if (strcmp(ent->f_mntonname, "/") == 0)
- printf("\t1 1\n");
+ xo_emit("{P:\t}{n:dump/1}{P: }{n:pass/1}\n");
else
- printf("\t2 2\n");
+ xo_emit("{P:\t}{n:dump/2}{P: }{n:pass/2}\n");
} else
- printf("\t0 0\n");
+ xo_emit("{P:\t}{n:dump/0}{P: }{n:pass/0}\n");
}
diff --git a/sbin/mount_fusefs/mount_fusefs.8 b/sbin/mount_fusefs/mount_fusefs.8
index 051a5c273ef7..9740d0ed59ff 100644
--- a/sbin/mount_fusefs/mount_fusefs.8
+++ b/sbin/mount_fusefs/mount_fusefs.8
@@ -34,7 +34,7 @@
.\"
.\" $FreeBSD$
.\"
-.Dd July 31, 2019
+.Dd October 9, 2021
.Dt MOUNT_FUSEFS 8
.Os
.Sh NAME
@@ -162,7 +162,7 @@ Limit size of read requests to
Do not refuse unmounting if there are secondary mounts.
.It Cm private
Refuse shared mounting of the daemon.
-This is the default behaviour, to allow sharing, expicitly use
+This is the default behaviour, to allow sharing, explicitly use
.Fl o Cm noprivate .
.It Cm push_symlinks_in
Prefix absolute symlinks with the mountpoint.
@@ -293,7 +293,7 @@ option.
.It Ev MOUNT_FUSEFS_IGNORE_UNKNOWN
If set,
.Nm
-will ignore uknown mount options.
+will ignore unknown mount options.
.It Ev MOUNT_FUSEFS_CALL_BY_LIB
Adjust behavior to the needs of the FUSE library.
Currently it effects help output.
diff --git a/sbin/natd/icmp.c b/sbin/natd/icmp.c
index 1509b965f4b8..f85457ac4773 100644
--- a/sbin/natd/icmp.c
+++ b/sbin/natd/icmp.c
@@ -30,7 +30,6 @@
#include <netinet/in_systm.h>
#include <netinet/ip.h>
#include <netinet/ip_icmp.h>
-#include <machine/in_cksum.h>
#include <alias.h>
diff --git a/sbin/natd/natd.c b/sbin/natd/natd.c
index 268850c0a95a..402c430dfdfd 100644
--- a/sbin/natd/natd.c
+++ b/sbin/natd/natd.c
@@ -24,7 +24,6 @@ __FBSDID("$FreeBSD$");
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
-#include <machine/in_cksum.h>
#include <netinet/tcp.h>
#include <netinet/udp.h>
#include <netinet/ip_icmp.h>
diff --git a/sbin/nvmecontrol/identify.c b/sbin/nvmecontrol/identify.c
index 6cd7ad0fdc2d..0d4d8003e5d2 100644
--- a/sbin/nvmecontrol/identify.c
+++ b/sbin/nvmecontrol/identify.c
@@ -84,7 +84,17 @@ print_namespace(struct nvme_namespace_data *nsdata)
printf("Thin Provisioning: %s\n",
thin_prov ? "Supported" : "Not Supported");
printf("Number of LBA Formats: %d\n", nsdata->nlbaf+1);
- printf("Current LBA Format: LBA Format #%02d\n", flbas_fmt);
+ printf("Current LBA Format: LBA Format #%02d", flbas_fmt);
+ if (nsdata->lbaf[flbas_fmt] >> NVME_NS_DATA_LBAF_MS_SHIFT & NVME_NS_DATA_LBAF_MS_MASK)
+ printf(" %s metadata\n", nsdata->flbas >> NVME_NS_DATA_FLBAS_EXTENDED_SHIFT &
+ NVME_NS_DATA_FLBAS_EXTENDED_MASK ? "Extended" : "Separate");
+ else
+ printf("\n");
+ printf("Metadata Capabilities\n");
+ printf(" Extended: %s\n",
+ nsdata->mc >> NVME_NS_DATA_MC_EXTENDED_SHIFT & NVME_NS_DATA_MC_EXTENDED_MASK ? "Supported" : "Not Supported");
+ printf(" Separate: %s\n",
+ nsdata->mc >> NVME_NS_DATA_MC_POINTER_SHIFT & NVME_NS_DATA_MC_POINTER_MASK ? "Supported" : "Not Supported");
printf("Data Protection Caps: %s%s%s%s%s%s\n",
(nsdata->dpc == 0) ? "Not Supported" : "",
((nsdata->dpc >> NVME_NS_DATA_DPC_MD_END_SHIFT) &
diff --git a/sbin/nvmecontrol/identify_ext.c b/sbin/nvmecontrol/identify_ext.c
index 311c8cba09a9..50b8901b799e 100644
--- a/sbin/nvmecontrol/identify_ext.c
+++ b/sbin/nvmecontrol/identify_ext.c
@@ -124,6 +124,38 @@ nvme_print_controller(struct nvme_controller_data *cdata)
printf("Unlimited\n");
else
printf("%ld bytes\n", PAGE_SIZE * (1L << cdata->mdts));
+ printf("Sanitize Crypto Erase: %s\n",
+ ((cdata->sanicap >> NVME_CTRLR_DATA_SANICAP_CES_SHIFT) &
+ NVME_CTRLR_DATA_SANICAP_CES_MASK) ?
+ "Supported" : "Not Supported");
+ printf("Sanitize Block Erase: %s\n",
+ ((cdata->sanicap >> NVME_CTRLR_DATA_SANICAP_BES_SHIFT) &
+ NVME_CTRLR_DATA_SANICAP_BES_MASK) ?
+ "Supported" : "Not Supported");
+ printf("Sanitize Overwrite: %s\n",
+ ((cdata->sanicap >> NVME_CTRLR_DATA_SANICAP_OWS_SHIFT) &
+ NVME_CTRLR_DATA_SANICAP_OWS_MASK) ?
+ "Supported" : "Not Supported");
+ printf("Sanitize NDI: %s\n",
+ ((cdata->sanicap >> NVME_CTRLR_DATA_SANICAP_NDI_SHIFT) &
+ NVME_CTRLR_DATA_SANICAP_NDI_MASK) ?
+ "Supported" : "Not Supported");
+ printf("Sanitize NODMMAS: ");
+ switch (((cdata->sanicap >> NVME_CTRLR_DATA_SANICAP_NODMMAS_SHIFT) &
+ NVME_CTRLR_DATA_SANICAP_NODMMAS_MASK)) {
+ case NVME_CTRLR_DATA_SANICAP_NODMMAS_UNDEF:
+ printf("Undefined\n");
+ break;
+ case NVME_CTRLR_DATA_SANICAP_NODMMAS_NO:
+ printf("No\n");
+ break;
+ case NVME_CTRLR_DATA_SANICAP_NODMMAS_YES:
+ printf("Yes\n");
+ break;
+ default:
+ printf("Unknown\n");
+ break;
+ }
printf("Controller ID: 0x%04x\n", cdata->ctrlr_id);
printf("Version: %d.%d.%d\n",
(cdata->ver >> 16) & 0xffff, (cdata->ver >> 8) & 0xff,
diff --git a/sbin/pfctl/parse.y b/sbin/pfctl/parse.y
index dbfe299cf34f..a21643070028 100644
--- a/sbin/pfctl/parse.y
+++ b/sbin/pfctl/parse.y
@@ -236,6 +236,7 @@ static struct filter_opts {
struct node_icmp *icmpspec;
u_int32_t tos;
u_int32_t prob;
+ u_int32_t ridentifier;
struct {
int action;
struct node_state_opt *options;
@@ -248,6 +249,9 @@ static struct filter_opts {
char *tag;
char *match_tag;
u_int8_t match_tag_not;
+ u_int16_t dnpipe;
+ u_int16_t dnrpipe;
+ u_int32_t free_flags;
u_int rtableid;
u_int8_t prio;
u_int8_t set_prio[2];
@@ -260,6 +264,7 @@ static struct filter_opts {
static struct antispoof_opts {
char *label[PF_RULE_MAX_LABEL_COUNT];
int labelcount;
+ u_int32_t ridentifier;
u_int rtableid;
} antispoof_opts;
@@ -317,6 +322,7 @@ static struct codel_opts codel_opts;
static struct node_hfsc_opts hfsc_opts;
static struct node_fairq_opts fairq_opts;
static struct node_state_opt *keep_state_defaults = NULL;
+static struct pfctl_watermarks syncookie_opts;
int disallow_table(struct node_host *, const char *);
int disallow_urpf_failed(struct node_host *, const char *);
@@ -329,14 +335,12 @@ int process_tabledef(char *, struct table_opts *);
void expand_label_str(char *, size_t, const char *, const char *);
void expand_label_if(const char *, char *, size_t, const char *);
void expand_label_addr(const char *, char *, size_t, u_int8_t,
- struct node_host *);
+ struct pf_rule_addr *);
void expand_label_port(const char *, char *, size_t,
- struct node_port *);
+ struct pf_rule_addr *);
void expand_label_proto(const char *, char *, size_t, u_int8_t);
-void expand_label_nr(const char *, char *, size_t);
-void expand_label(char *, size_t, const char *, u_int8_t,
- struct node_host *, struct node_port *, struct node_host *,
- struct node_port *, u_int8_t);
+void expand_label_nr(const char *, char *, size_t,
+ struct pfctl_rule *);
void expand_rule(struct pfctl_rule *, struct node_if *,
struct node_host *, struct node_proto *, struct node_os *,
struct node_host *, struct node_port *, struct node_host *,
@@ -442,6 +446,7 @@ typedef struct {
struct node_hfsc_opts hfsc_opts;
struct node_fairq_opts fairq_opts;
struct codel_opts codel_opts;
+ struct pfctl_watermarks *watermarks;
} v;
int lineno;
} YYSTYPE;
@@ -468,6 +473,7 @@ int parseport(char *, struct range *r, int);
%token BITMASK RANDOM SOURCEHASH ROUNDROBIN STATICPORT PROBABILITY MAPEPORTSET
%token ALTQ CBQ CODEL PRIQ HFSC FAIRQ BANDWIDTH TBRSIZE LINKSHARE REALTIME
%token UPPERLIMIT QUEUE PRIORITY QLIMIT HOGS BUCKETS RTABLE TARGET INTERVAL
+%token DNPIPE DNQUEUE RIDENTIFIER
%token LOAD RULESET_OPTIMIZATION PRIO
%token STICKYADDRESS MAXSRCSTATES MAXSRCNODES SOURCETRACK GLOBAL RULE
%token MAXSRCCONN MAXSRCCONNRATE OVERLOAD FLUSH SLOPPY
@@ -527,6 +533,7 @@ int parseport(char *, struct range *r, int);
%type <v.pool_opts> pool_opts pool_opt pool_opts_l
%type <v.tagged> tagged
%type <v.rtableid> rtable
+%type <v.watermarks> syncookie_opts
%%
ruleset : /* empty */
@@ -725,14 +732,19 @@ option : SET OPTIMIZATION STRING {
| SET KEEPCOUNTERS {
pf->keep_counters = true;
}
- | SET SYNCOOKIES syncookie_val {
- pf->syncookies = $3;
+ | SET SYNCOOKIES syncookie_val syncookie_opts {
+ if (pfctl_cfg_syncookies(pf, $3, $4)) {
+ yyerror("error setting syncookies");
+ YYERROR;
+ }
}
;
syncookie_val : STRING {
if (!strcmp($1, "never"))
$$ = PFCTL_SYNCOOKIES_NEVER;
+ else if (!strcmp($1, "adaptive"))
+ $$ = PFCTL_SYNCOOKIES_ADAPTIVE;
else if (!strcmp($1, "always"))
$$ = PFCTL_SYNCOOKIES_ALWAYS;
else {
@@ -741,6 +753,37 @@ syncookie_val : STRING {
}
}
;
+syncookie_opts : /* empty */ { $$ = NULL; }
+ | {
+ memset(&syncookie_opts, 0, sizeof(syncookie_opts));
+ } '(' syncookie_opt_l ')' { $$ = &syncookie_opts; }
+ ;
+
+syncookie_opt_l : syncookie_opt_l comma syncookie_opt
+ | syncookie_opt
+ ;
+
+syncookie_opt : STRING STRING {
+ double val;
+ char *cp;
+
+ val = strtod($2, &cp);
+ if (cp == NULL || strcmp(cp, "%"))
+ YYERROR;
+ if (val <= 0 || val > 100) {
+ yyerror("illegal percentage value");
+ YYERROR;
+ }
+ if (!strcmp($1, "start")) {
+ syncookie_opts.hi = val;
+ } else if (!strcmp($1, "end")) {
+ syncookie_opts.lo = val;
+ } else {
+ yyerror("illegal syncookie option");
+ YYERROR;
+ }
+ }
+ ;
stringall : STRING { $$ = $1; }
| ALL {
@@ -815,7 +858,6 @@ pfa_anchor : '{'
/* steping into a brace anchor */
pf->asd++;
pf->bn++;
- pf->brace = 1;
/* create a holding ruleset in the root */
snprintf(ta, PF_ANCHOR_NAME_SIZE, "_%d", pf->bn);
@@ -887,6 +929,7 @@ anchorrule : ANCHOR anchorname dir quick interface af proto fromto
r.af = $6;
r.prob = $9.prob;
r.rtableid = $9.rtableid;
+ r.ridentifier = $9.ridentifier;
if ($9.tag)
if (strlcpy(r.tagname, $9.tag,
@@ -1286,6 +1329,7 @@ antispoof : ANTISPOOF logquick antispoof_ifspc af antispoof_opts {
r.logif = $2.logif;
r.quick = $2.quick;
r.af = $4;
+ r.ridentifier = $5.ridentifier;
if (rule_label(&r, $5.label))
YYERROR;
r.rtableid = $5.rtableid;
@@ -1338,6 +1382,7 @@ antispoof : ANTISPOOF logquick antispoof_ifspc af antispoof_opts {
r.logif = $2.logif;
r.quick = $2.quick;
r.af = $4;
+ r.ridentifier = $5.ridentifier;
if (rule_label(&r, $5.label))
YYERROR;
r.rtableid = $5.rtableid;
@@ -1400,6 +1445,9 @@ antispoof_opt : label {
}
antispoof_opts.label[antispoof_opts.labelcount++] = $1;
}
+ | RIDENTIFIER number {
+ antispoof_opts.ridentifier = $2;
+ }
| RTABLE NUMBER {
if ($2 < 0 || $2 > rt_tableid_max()) {
yyerror("invalid rtable id");
@@ -2115,6 +2163,7 @@ pfrule : action dir logquick interface route af proto fromto
YYERROR;
for (int i = 0; i < PF_RULE_MAX_LABEL_COUNT; i++)
free($9.label[i]);
+ r.ridentifier = $9.ridentifier;
r.flags = $9.flags.b1;
r.flagset = $9.flags.b2;
if (($9.flags.b1 & $9.flags.b2) != $9.flags.b1) {
@@ -2464,6 +2513,15 @@ pfrule : action dir logquick interface route af proto fromto
}
#endif
+ if ($9.dnpipe || $9.dnrpipe) {
+ r.dnpipe = $9.dnpipe;
+ r.dnrpipe = $9.dnrpipe;
+ if ($9.free_flags & PFRULE_DN_IS_PIPE)
+ r.free_flags |= PFRULE_DN_IS_PIPE;
+ else
+ r.free_flags |= PFRULE_DN_IS_QUEUE;
+ }
+
expand_rule(&r, $4, $5.host, $7, $8.src_os,
$8.src.host, $8.src.port, $8.dst.host, $8.dst.port,
$9.uid, $9.gid, $9.icmpspec, "");
@@ -2545,6 +2603,9 @@ filter_opt : USER uids {
filter_opts.keep.action = $1.action;
filter_opts.keep.options = $1.options;
}
+ | RIDENTIFIER number {
+ filter_opts.ridentifier = $2;
+ }
| FRAGMENT {
filter_opts.fragment = 1;
}
@@ -2565,6 +2626,32 @@ filter_opt : USER uids {
}
filter_opts.queues = $1;
}
+ | DNPIPE number {
+ filter_opts.dnpipe = $2;
+ filter_opts.free_flags |= PFRULE_DN_IS_PIPE;
+ }
+ | DNPIPE '(' number ')' {
+ filter_opts.dnpipe = $3;
+ filter_opts.free_flags |= PFRULE_DN_IS_PIPE;
+ }
+ | DNPIPE '(' number comma number ')' {
+ filter_opts.dnrpipe = $5;
+ filter_opts.dnpipe = $3;
+ filter_opts.free_flags |= PFRULE_DN_IS_PIPE;
+ }
+ | DNQUEUE number {
+ filter_opts.dnpipe = $2;
+ filter_opts.free_flags |= PFRULE_DN_IS_QUEUE;
+ }
+ | DNQUEUE '(' number comma number ')' {
+ filter_opts.dnrpipe = $5;
+ filter_opts.dnpipe = $3;
+ filter_opts.free_flags |= PFRULE_DN_IS_QUEUE;
+ }
+ | DNQUEUE '(' number ')' {
+ filter_opts.dnpipe = $3;
+ filter_opts.free_flags |= PFRULE_DN_IS_QUEUE;
+ }
| TAG string {
filter_opts.tag = $2;
}
@@ -4945,17 +5032,17 @@ expand_label_if(const char *name, char *label, size_t len, const char *ifname)
void
expand_label_addr(const char *name, char *label, size_t len, sa_family_t af,
- struct node_host *h)
+ struct pf_rule_addr *addr)
{
char tmp[64], tmp_not[66];
if (strstr(label, name) != NULL) {
- switch (h->addr.type) {
+ switch (addr->addr.type) {
case PF_ADDR_DYNIFTL:
- snprintf(tmp, sizeof(tmp), "(%s)", h->addr.v.ifname);
+ snprintf(tmp, sizeof(tmp), "(%s)", addr->addr.v.ifname);
break;
case PF_ADDR_TABLE:
- snprintf(tmp, sizeof(tmp), "<%s>", h->addr.v.tblname);
+ snprintf(tmp, sizeof(tmp), "<%s>", addr->addr.v.tblname);
break;
case PF_ADDR_NOROUTE:
snprintf(tmp, sizeof(tmp), "no-route");
@@ -4964,18 +5051,18 @@ expand_label_addr(const char *name, char *label, size_t len, sa_family_t af,
snprintf(tmp, sizeof(tmp), "urpf-failed");
break;
case PF_ADDR_ADDRMASK:
- if (!af || (PF_AZERO(&h->addr.v.a.addr, af) &&
- PF_AZERO(&h->addr.v.a.mask, af)))
+ if (!af || (PF_AZERO(&addr->addr.v.a.addr, af) &&
+ PF_AZERO(&addr->addr.v.a.mask, af)))
snprintf(tmp, sizeof(tmp), "any");
else {
char a[48];
int bits;
- if (inet_ntop(af, &h->addr.v.a.addr, a,
+ if (inet_ntop(af, &addr->addr.v.a.addr, a,
sizeof(a)) == NULL)
snprintf(tmp, sizeof(tmp), "?");
else {
- bits = unmask(&h->addr.v.a.mask, af);
+ bits = unmask(&addr->addr.v.a.mask, af);
if ((af == AF_INET && bits < 32) ||
(af == AF_INET6 && bits < 128))
snprintf(tmp, sizeof(tmp),
@@ -4991,7 +5078,7 @@ expand_label_addr(const char *name, char *label, size_t len, sa_family_t af,
break;
}
- if (h->not) {
+ if (addr->neg) {
snprintf(tmp_not, sizeof(tmp_not), "! %s", tmp);
expand_label_str(label, len, name, tmp_not);
} else
@@ -5001,30 +5088,30 @@ expand_label_addr(const char *name, char *label, size_t len, sa_family_t af,
void
expand_label_port(const char *name, char *label, size_t len,
- struct node_port *port)
+ struct pf_rule_addr *addr)
{
char a1[6], a2[6], op[13] = "";
if (strstr(label, name) != NULL) {
- snprintf(a1, sizeof(a1), "%u", ntohs(port->port[0]));
- snprintf(a2, sizeof(a2), "%u", ntohs(port->port[1]));
- if (!port->op)
+ snprintf(a1, sizeof(a1), "%u", ntohs(addr->port[0]));
+ snprintf(a2, sizeof(a2), "%u", ntohs(addr->port[1]));
+ if (!addr->port_op)
;
- else if (port->op == PF_OP_IRG)
+ else if (addr->port_op == PF_OP_IRG)
snprintf(op, sizeof(op), "%s><%s", a1, a2);
- else if (port->op == PF_OP_XRG)
+ else if (addr->port_op == PF_OP_XRG)
snprintf(op, sizeof(op), "%s<>%s", a1, a2);
- else if (port->op == PF_OP_EQ)
+ else if (addr->port_op == PF_OP_EQ)
snprintf(op, sizeof(op), "%s", a1);
- else if (port->op == PF_OP_NE)
+ else if (addr->port_op == PF_OP_NE)
snprintf(op, sizeof(op), "!=%s", a1);
- else if (port->op == PF_OP_LT)
+ else if (addr->port_op == PF_OP_LT)
snprintf(op, sizeof(op), "<%s", a1);
- else if (port->op == PF_OP_LE)
+ else if (addr->port_op == PF_OP_LE)
snprintf(op, sizeof(op), "<=%s", a1);
- else if (port->op == PF_OP_GT)
+ else if (addr->port_op == PF_OP_GT)
snprintf(op, sizeof(op), ">%s", a1);
- else if (port->op == PF_OP_GE)
+ else if (addr->port_op == PF_OP_GE)
snprintf(op, sizeof(op), ">=%s", a1);
expand_label_str(label, len, name, op);
}
@@ -5048,29 +5135,27 @@ expand_label_proto(const char *name, char *label, size_t len, u_int8_t proto)
}
void
-expand_label_nr(const char *name, char *label, size_t len)
+expand_label_nr(const char *name, char *label, size_t len,
+ struct pfctl_rule *r)
{
char n[11];
if (strstr(label, name) != NULL) {
- snprintf(n, sizeof(n), "%u", pf->anchor->match);
+ snprintf(n, sizeof(n), "%u", r->nr);
expand_label_str(label, len, name, n);
}
}
void
-expand_label(char *label, size_t len, const char *ifname, sa_family_t af,
- struct node_host *src_host, struct node_port *src_port,
- struct node_host *dst_host, struct node_port *dst_port,
- u_int8_t proto)
+expand_label(char *label, size_t len, struct pfctl_rule *r)
{
- expand_label_if("$if", label, len, ifname);
- expand_label_addr("$srcaddr", label, len, af, src_host);
- expand_label_addr("$dstaddr", label, len, af, dst_host);
- expand_label_port("$srcport", label, len, src_port);
- expand_label_port("$dstport", label, len, dst_port);
- expand_label_proto("$proto", label, len, proto);
- expand_label_nr("$nr", label, len);
+ expand_label_if("$if", label, len, r->ifname);
+ expand_label_addr("$srcaddr", label, len, r->af, &r->src);
+ expand_label_addr("$dstaddr", label, len, r->af, &r->dst);
+ expand_label_port("$srcport", label, len, &r->src);
+ expand_label_port("$dstport", label, len, &r->dst);
+ expand_label_proto("$proto", label, len, r->proto);
+ expand_label_nr("$nr", label, len, r);
}
int
@@ -5404,15 +5489,6 @@ expand_rule(struct pfctl_rule *r,
if (strlcpy(r->match_tagname, match_tagname,
sizeof(r->match_tagname)) >= sizeof(r->match_tagname))
errx(1, "expand_rule: strlcpy");
- for (int i = 0; i < PF_RULE_MAX_LABEL_COUNT; i++)
- expand_label(r->label[i], PF_RULE_LABEL_SIZE,
- r->ifname, r->af, src_host, src_port, dst_host,
- dst_port, proto->proto);
- expand_label(r->tagname, PF_TAG_NAME_SIZE, r->ifname, r->af,
- src_host, src_port, dst_host, dst_port, proto->proto);
- expand_label(r->match_tagname, PF_TAG_NAME_SIZE, r->ifname,
- r->af, src_host, src_port, dst_host, dst_port,
- proto->proto);
error += check_netmask(src_host, r->af);
error += check_netmask(dst_host, r->af);
@@ -5592,6 +5668,8 @@ lookup(char *s)
{ "debug", DEBUG},
{ "divert-reply", DIVERTREPLY},
{ "divert-to", DIVERTTO},
+ { "dnpipe", DNPIPE},
+ { "dnqueue", DNQUEUE},
{ "drop", DROP},
{ "drop-ovl", FRAGDROP},
{ "dup-to", DUPTO},
@@ -5670,6 +5748,7 @@ lookup(char *s)
{ "return-icmp", RETURNICMP},
{ "return-icmp6", RETURNICMP6},
{ "return-rst", RETURNRST},
+ { "ridentifier", RIDENTIFIER},
{ "round-robin", ROUNDROBIN},
{ "route", ROUTE},
{ "route-to", ROUTETO},
diff --git a/sbin/pfctl/pfctl.c b/sbin/pfctl/pfctl.c
index 8f3698e398f6..a0eec1b09289 100644
--- a/sbin/pfctl/pfctl.c
+++ b/sbin/pfctl/pfctl.c
@@ -1528,6 +1528,12 @@ pfctl_load_ruleset(struct pfctl *pf, char *path, struct pfctl_ruleset *rs,
while ((r = TAILQ_FIRST(rs->rules[rs_num].active.ptr)) != NULL) {
TAILQ_REMOVE(rs->rules[rs_num].active.ptr, r, entries);
+
+ for (int i = 0; i < PF_RULE_MAX_LABEL_COUNT; i++)
+ expand_label(r->label[i], PF_RULE_LABEL_SIZE, r);
+ expand_label(r->tagname, PF_TAG_NAME_SIZE, r);
+ expand_label(r->match_tagname, PF_TAG_NAME_SIZE, r);
+
if ((error = pfctl_load_rule(pf, path, r, depth)))
goto error;
if (r->anchor) {
@@ -1812,6 +1818,10 @@ pfctl_init_options(struct pfctl *pf)
pf->limit[PF_LIMIT_TABLE_ENTRIES] = PFR_KENTRY_HIWAT;
pf->debug = PF_DEBUG_URGENT;
+
+ pf->syncookies = false;
+ pf->syncookieswat[0] = PF_SYNCOOKIES_LOWATPCT;
+ pf->syncookieswat[1] = PF_SYNCOOKIES_HIWATPCT;
}
int
@@ -2069,7 +2079,9 @@ pfctl_load_syncookies(struct pfctl *pf, u_int8_t val)
bzero(&cookies, sizeof(cookies));
- cookies.mode = val ? PFCTL_SYNCOOKIES_ALWAYS : PFCTL_SYNCOOKIES_NEVER;
+ cookies.mode = val;
+ cookies.lowwater = pf->syncookieswat[0];
+ cookies.highwater = pf->syncookieswat[1];
if (pfctl_set_syncookies(dev, &cookies)) {
warnx("DIOCSETSYNCOOKIES");
@@ -2079,6 +2091,49 @@ pfctl_load_syncookies(struct pfctl *pf, u_int8_t val)
}
int
+pfctl_cfg_syncookies(struct pfctl *pf, uint8_t val, struct pfctl_watermarks *w)
+{
+ if (val != PF_SYNCOOKIES_ADAPTIVE && w != NULL) {
+ warnx("syncookies start/end only apply to adaptive");
+ return (1);
+ }
+ if (val == PF_SYNCOOKIES_ADAPTIVE && w != NULL) {
+ if (!w->hi)
+ w->hi = PF_SYNCOOKIES_HIWATPCT;
+ if (!w->lo)
+ w->lo = w->hi / 2;
+ if (w->lo >= w->hi) {
+ warnx("start must be higher than end");
+ return (1);
+ }
+ pf->syncookieswat[0] = w->lo;
+ pf->syncookieswat[1] = w->hi;
+ pf->syncookieswat_set = 1;
+ }
+
+ if (pf->opts & PF_OPT_VERBOSE) {
+ if (val == PF_SYNCOOKIES_NEVER)
+ printf("set syncookies never\n");
+ else if (val == PF_SYNCOOKIES_ALWAYS)
+ printf("set syncookies always\n");
+ else if (val == PF_SYNCOOKIES_ADAPTIVE) {
+ if (pf->syncookieswat_set)
+ printf("set syncookies adaptive (start %u%%, "
+ "end %u%%)\n", pf->syncookieswat[1],
+ pf->syncookieswat[0]);
+ else
+ printf("set syncookies adaptive\n");
+ } else { /* cannot happen */
+ warnx("king bula ate all syncookies");
+ return (1);
+ }
+ }
+
+ pf->syncookies = val;
+ return (0);
+}
+
+int
pfctl_set_debug(struct pfctl *pf, char *d)
{
u_int32_t level;
diff --git a/sbin/pfctl/pfctl.h b/sbin/pfctl/pfctl.h
index 80ef184fa90f..606eb729cd44 100644
--- a/sbin/pfctl/pfctl.h
+++ b/sbin/pfctl/pfctl.h
@@ -138,6 +138,8 @@ void pf_remove_if_empty_ruleset(struct pfctl_ruleset *);
struct pfctl_ruleset *pf_find_ruleset(const char *);
struct pfctl_ruleset *pf_find_or_create_ruleset(const char *);
+void expand_label(char *, size_t, struct pfctl_rule *);
+
const char *pfctl_proto2name(int);
#endif /* _PFCTL_H_ */
diff --git a/sbin/pfctl/pfctl_parser.c b/sbin/pfctl/pfctl_parser.c
index 89c9bc349ca3..a9bea39a6771 100644
--- a/sbin/pfctl/pfctl_parser.c
+++ b/sbin/pfctl/pfctl_parser.c
@@ -50,6 +50,7 @@ __FBSDID("$FreeBSD$");
#include <net/pfvar.h>
#include <arpa/inet.h>
+#include <assert.h>
#include <search.h>
#include <stdio.h>
#include <stdlib.h>
@@ -618,9 +619,9 @@ print_status(struct pfctl_status *s, struct pfctl_syncookies *cookies, int opts)
}
printf("Syncookies\n");
+ assert(cookies->mode <= PFCTL_SYNCOOKIES_ADAPTIVE);
printf(" %-25s %s\n", "mode",
- cookies->mode == PFCTL_SYNCOOKIES_NEVER ?
- "never" : "always");
+ PFCTL_SYNCOOKIES_MODE_NAMES[cookies->mode]);
}
}
@@ -1018,6 +1019,17 @@ print_rule(struct pfctl_rule *r, const char *anchor_call, int verbose, int numer
i = 0;
while (r->label[i][0])
printf(" label \"%s\"", r->label[i++]);
+ if (r->ridentifier)
+ printf(" ridentifier %u", r->ridentifier);
+ /* Only dnrpipe as we might do (0, 42) to only queue return traffic. */
+ if (r->dnrpipe)
+ printf(" %s(%d, %d)",
+ r->free_flags & PFRULE_DN_IS_PIPE ? "dnpipe" : "dnqueue",
+ r->dnpipe, r->dnrpipe);
+ else if (r->dnpipe)
+ printf(" %s %d",
+ r->free_flags & PFRULE_DN_IS_PIPE ? "dnpipe" : "dnqueue",
+ r->dnpipe);
if (r->qname[0] && r->pqname[0])
printf(" queue(%s, %s)", r->qname, r->pqname);
else if (r->qname[0])
diff --git a/sbin/pfctl/pfctl_parser.h b/sbin/pfctl/pfctl_parser.h
index 12a66e1ae710..4e144b97567b 100644
--- a/sbin/pfctl/pfctl_parser.h
+++ b/sbin/pfctl/pfctl_parser.h
@@ -82,7 +82,6 @@ struct pfctl {
int loadopt;
int asd; /* anchor stack depth */
int bn; /* brace number */
- int brace;
int tdirty; /* kernel dirty */
#define PFCTL_ANCHOR_STACK_DEPTH 64
struct pfctl_anchor *astack[PFCTL_ANCHOR_STACK_DEPTH];
@@ -101,6 +100,8 @@ struct pfctl {
char *ifname;
bool keep_counters;
u_int8_t syncookies;
+ u_int8_t syncookieswat[2]; /* lowat, highwat, in % */
+ u_int8_t syncookieswat_set;
u_int8_t timeout_set[PFTM_MAX];
u_int8_t limit_set[PF_LIMIT_MAX];
@@ -200,6 +201,11 @@ struct pfctl_altq {
} meta;
};
+struct pfctl_watermarks {
+ uint32_t hi;
+ uint32_t lo;
+};
+
#ifdef __FreeBSD__
/*
* XXX
@@ -270,6 +276,7 @@ int pfctl_set_logif(struct pfctl *, char *);
int pfctl_set_hostid(struct pfctl *, u_int32_t);
int pfctl_set_debug(struct pfctl *, char *);
int pfctl_set_interface_flags(struct pfctl *, char *, int, int);
+int pfctl_cfg_syncookies(struct pfctl *, uint8_t, struct pfctl_watermarks *);
int parse_config(char *, struct pfctl *);
int parse_flags(char *);
diff --git a/sbin/ping/main.c b/sbin/ping/main.c
index 01442679efff..1d0b714f1480 100644
--- a/sbin/ping/main.c
+++ b/sbin/ping/main.c
@@ -52,13 +52,13 @@ __FBSDID("$FreeBSD$");
#endif
#if defined(INET) && defined(INET6)
-#define OPTSTR ":46"
+#define OPTSTR PING6OPTS PING4OPTS
#elif defined(INET)
-#define OPTSTR ":4"
+#define OPTSTR PING4OPTS
#elif defined(INET6)
-#define OPTSTR ":6"
+#define OPTSTR PING6OPTS
#else
-#define OPTSTR ""
+#error At least one of INET and INET6 is required
#endif
int
@@ -82,7 +82,7 @@ main(int argc, char *argv[])
ipv6 = true;
#endif
- while ((ch = getopt(argc, argv, OPTSTR)) != -1) {
+ while ((ch = getopt(argc, argv, ":" OPTSTR)) != -1) {
switch(ch) {
#ifdef INET
case '4':
@@ -170,7 +170,7 @@ usage(void)
"[-G sweepmaxsize]\n"
" [-g sweepminsize] [-h sweepincrsize] [-i wait] "
"[-l preload]\n"
- " [-M mask | time] [-m ttl]"
+ " [-M mask | time] [-m ttl] "
#ifdef IPSEC
"[-P policy] "
#endif
@@ -188,7 +188,7 @@ usage(void)
" [-z tos] IPv4-mcast-group\n"
#endif /* INET */
#ifdef INET6
- "\tping [-6aADd"
+ "\tping [-6AaDd"
#if defined(IPSEC) && !defined(IPSEC_POLICY_IPSEC)
"E"
#endif
diff --git a/sbin/ping/main.h b/sbin/ping/main.h
index f9707ccfb5ff..0f987e9a20ae 100644
--- a/sbin/ping/main.h
+++ b/sbin/ping/main.h
@@ -31,6 +31,26 @@
#ifndef MAIN_H
#define MAIN_H 1
+#ifdef IPSEC
+#include <netipsec/ipsec.h>
+#endif /*IPSEC*/
+
+#if defined(INET) && defined(IPSEC) && defined(IPSEC_POLICY_IPSEC)
+ #define PING4ADDOPTS "P:"
+#else
+ #define PING4ADDOPTS
+#endif
+#define PING4OPTS "4AaC:c:DdfG:g:Hh:I:i:Ll:M:m:nop:QqRrS:s:T:t:vW:z:" PING4ADDOPTS
+
+#if defined(INET6) && defined(IPSEC) && defined(IPSEC_POLICY_IPSEC)
+ #define PING6ADDOPTS "P:"
+#elif defined(INET6) && defined(IPSEC) && !defined(IPSEC_POLICY_IPSEC)
+ #define PING6ADDOPTS "ZE"
+#else
+ #define PING6ADDOPTS
+#endif
+#define PING6OPTS "6Aab:C:c:Dde:fHI:i:k:l:m:nNoOp:qS:s:t:uvyYW:z:" PING6ADDOPTS
+
void usage(void) __dead2;
#endif
diff --git a/sbin/ping/ping.c b/sbin/ping/ping.c
index fe197928085e..be535f72146a 100644
--- a/sbin/ping/ping.c
+++ b/sbin/ping/ping.c
@@ -301,15 +301,7 @@ ping(int argc, char *const *argv)
alarmtimeout = df = preload = tos = pcp = 0;
outpack = outpackhdr + sizeof(struct ip);
- while ((ch = getopt(argc, argv,
- "4AaC:c:DdfG:g:Hh:I:i:Ll:M:m:nop:QqRrS:s:T:t:vW:z:"
-#ifdef IPSEC
-#ifdef IPSEC_POLICY_IPSEC
- "P:"
-#endif /*IPSEC_POLICY_IPSEC*/
-#endif /*IPSEC*/
- )) != -1)
- {
+ while ((ch = getopt(argc, argv, PING4OPTS)) != -1) {
switch(ch) {
case '4':
/* This option is processed in main(). */
diff --git a/sbin/ping/ping6.c b/sbin/ping/ping6.c
index 4cbeae770372..76a96f0631ff 100644
--- a/sbin/ping/ping6.c
+++ b/sbin/ping/ping6.c
@@ -293,7 +293,11 @@ static void pr_rthdr(void *, size_t);
static int pr_bitrange(u_int32_t, int, int);
static void pr_retip(struct ip6_hdr *, u_char *);
static void summary(void);
+#ifdef IPSEC
+#ifdef IPSEC_POLICY_IPSEC
static int setpolicy(int, char *);
+#endif
+#endif
static char *nigroup(char *, int);
int
@@ -345,18 +349,8 @@ ping6(int argc, char *argv[])
alarmtimeout = preload = 0;
datap = &outpack[ICMP6ECHOLEN + ICMP6ECHOTMLEN];
capdns = capdns_setup();
-#ifndef IPSEC
-#define ADDOPTS
-#else
-#ifdef IPSEC_POLICY_IPSEC
-#define ADDOPTS "P:"
-#else
-#define ADDOPTS "ZE"
-#endif /*IPSEC_POLICY_IPSEC*/
-#endif
- while ((ch = getopt(argc, argv,
- "6k:b:C:c:DdfHe:m:I:i:l:unNop:qaAS:s:OvyYW:t:z:" ADDOPTS)) != -1) {
-#undef ADDOPTS
+
+ while ((ch = getopt(argc, argv, PING6OPTS)) != -1) {
switch (ch) {
case '6':
/* This option is processed in main(). */
@@ -2667,7 +2661,9 @@ pr_retip(struct ip6_hdr *ip6, u_char *end)
nh = ip6->ip6_nxt;
cp += hlen;
while (end - cp >= 8) {
+#ifdef IPSEC
struct ah ah;
+#endif
switch (nh) {
case IPPROTO_HOPOPTS:
diff --git a/sbin/ping/tests/ping_test.sh b/sbin/ping/tests/ping_test.sh
index ed95594abbd2..54af89f4a22b 100644
--- a/sbin/ping/tests/ping_test.sh
+++ b/sbin/ping/tests/ping_test.sh
@@ -27,14 +27,23 @@
#
# $FreeBSD$
+require_ipv4() {
+ if ! getaddrinfo -f inet localhost 1>/dev/null 2>&1; then
+ atf_skip "IPv4 is not configured"
+ fi
+}
+require_ipv6() {
+ if ! getaddrinfo -f inet6 localhost 1>/dev/null 2>&1; then
+ atf_skip "IPv6 is not configured"
+ fi
+}
+
atf_test_case ping_c1_s56_t1
ping_c1_s56_t1_head() {
atf_set "descr" "Stop after receiving 1 ECHO_RESPONSE packet"
}
ping_c1_s56_t1_body() {
- if ! getaddrinfo -f inet localhost 1>/dev/null 2>&1; then
- atf_skip "IPv4 is not configured"
- fi
+ require_ipv4
atf_check -s exit:0 -o save:std.out -e empty \
ping -4 -c 1 -s 56 -t 1 localhost
check_ping_statistics std.out $(atf_get_srcdir)/ping_c1_s56_t1.out
@@ -45,9 +54,7 @@ ping_6_c1_s8_t1_head() {
atf_set "descr" "Stop after receiving 1 ECHO_RESPONSE packet"
}
ping_6_c1_s8_t1_body() {
- if ! getaddrinfo -f inet6 localhost 1>/dev/null 2>&1; then
- atf_skip "IPv6 is not configured"
- fi
+ require_ipv6
atf_check -s exit:0 -o save:std.out -e empty \
ping -6 -c 1 -s 8 -t 1 localhost
check_ping_statistics std.out $(atf_get_srcdir)/ping_6_c1_s8_t1.out
@@ -58,18 +65,51 @@ ping6_c1_s8_t1_head() {
atf_set "descr" "Use IPv6 when invoked as ping6"
}
ping6_c1_s8_t1_body() {
- if ! getaddrinfo -f inet6 localhost 1>/dev/null 2>&1; then
- atf_skip "IPv6 is not configured"
- fi
+ require_ipv6
atf_check -s exit:0 -o save:std.out -e empty \
ping6 -c 1 -s 8 -t 1 localhost
check_ping_statistics std.out $(atf_get_srcdir)/ping_6_c1_s8_t1.out
}
+ping_c1t6_head() {
+ atf_set "descr" "-t6 is not interpreted as -t -6 by ping"
+}
+ping_c1t6_body() {
+ require_ipv4
+ atf_check -s exit:0 -o ignore -e empty ping -c1 -t6 127.0.0.1
+}
+
+ping6_c1t4_head() {
+ atf_set "descr" "-t4 is not interpreted as -t -4 by ping6"
+}
+ping6_c1t4_body() {
+ require_ipv6
+ atf_check -s exit:0 -o ignore -e empty ping6 -c1 -t4 ::1
+}
+
+ping_46_head() {
+ atf_set "descr" "-4 and -6 may not be used together"
+}
+ping_46_body() {
+ atf_check -s exit:1 -e ignore ping -4 -6
+}
+
+ping6_46_head() {
+ atf_set "descr" "-4 and -6 may not be used together"
+}
+ping6_46_body() {
+ atf_check -s exit:1 -e ignore ping6 -4 -6
+}
+
+
atf_init_test_cases() {
atf_add_test_case ping_c1_s56_t1
atf_add_test_case ping_6_c1_s8_t1
atf_add_test_case ping6_c1_s8_t1
+ atf_add_test_case ping_c1t6
+ atf_add_test_case ping6_c1t4
+ atf_add_test_case ping_46
+ atf_add_test_case ping6_46
}
check_ping_statistics() {
diff --git a/sbin/sconfig/Makefile b/sbin/sconfig/Makefile
index bce914f40868..96fb46434d7a 100644
--- a/sbin/sconfig/Makefile
+++ b/sbin/sconfig/Makefile
@@ -4,7 +4,7 @@
PACKAGE=runtime
PROG= sconfig
MAN= sconfig.8
-MANSUBDIR= /i386
WARNS?= 2
+CFLAGS+= -I${SRCTOP}/sys/dev/cp
.include <bsd.prog.mk>
diff --git a/sbin/sconfig/sconfig.8 b/sbin/sconfig/sconfig.8
index 713f76d88c9d..a55bf911e3dd 100644
--- a/sbin/sconfig/sconfig.8
+++ b/sbin/sconfig/sconfig.8
@@ -216,9 +216,6 @@ Select the Frame Relay synchronous protocol
T1.617 Annex D).
.It Cm ppp
Select the synchronous PPP protocol.
-PPP parameters can be configured using the
-.Xr spppcontrol 8
-utility.
.It Sm Cm keepalive No = Bro Cm on , off Brc Sm
Turn on/off transmission of keepalive messages.
This option is used only for synchronous PPP.
@@ -569,10 +566,8 @@ Test error (G.703 only).
.Sh SEE ALSO
.Xr stty 1 ,
.Xr ioctl 2 ,
-.Xr sppp 4 ,
.Xr ifconfig 8 ,
.Xr route 8 ,
-.Xr spppcontrol 8
.\"--------------------------------------------------------------
.Sh HISTORY
The
diff --git a/sbin/sconfig/sconfig.c b/sbin/sconfig/sconfig.c
index eebf6013e167..48363036e412 100644
--- a/sbin/sconfig/sconfig.c
+++ b/sbin/sconfig/sconfig.c
@@ -29,10 +29,7 @@ __FBSDID("$FreeBSD$");
#include <ctype.h>
#include <sys/ioctl.h>
#include <sys/types.h>
-#include <sys/stat.h>
-#include <sys/socket.h>
-#include <net/if.h>
-#include <machine/cserial.h>
+#include "cserial.h"
#define MAXCHAN 128
diff --git a/sbin/spppcontrol/Makefile b/sbin/spppcontrol/Makefile
deleted file mode 100644
index 04173201cfde..000000000000
--- a/sbin/spppcontrol/Makefile
+++ /dev/null
@@ -1,9 +0,0 @@
-# $FreeBSD$
-
-PACKAGE= ppp
-
-PROG= spppcontrol
-MAN= spppcontrol.8
-WARNS?= 2
-
-.include <bsd.prog.mk>
diff --git a/sbin/spppcontrol/Makefile.depend b/sbin/spppcontrol/Makefile.depend
deleted file mode 100644
index 6cfaab1c3644..000000000000
--- a/sbin/spppcontrol/Makefile.depend
+++ /dev/null
@@ -1,17 +0,0 @@
-# $FreeBSD$
-# Autogenerated - do NOT edit!
-
-DIRDEPS = \
- gnu/lib/csu \
- include \
- include/xlocale \
- lib/${CSU_DIR} \
- lib/libc \
- lib/libcompiler_rt \
-
-
-.include <dirdeps.mk>
-
-.if ${DEP_RELDIR} == ${_DEP_RELDIR}
-# local dependencies - needed for -jN in clean tree
-.endif
diff --git a/sbin/spppcontrol/spppcontrol.8 b/sbin/spppcontrol/spppcontrol.8
deleted file mode 100644
index 4d948a60651a..000000000000
--- a/sbin/spppcontrol/spppcontrol.8
+++ /dev/null
@@ -1,275 +0,0 @@
-.\" Copyright (C) 1997, 2001 by Joerg Wunsch, Dresden
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\" 1. Redistributions of source code must retain the above copyright
-.\" notice, this list of conditions and the following disclaimer.
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\" notice, this list of conditions and the following disclaimer in the
-.\" documentation and/or other materials provided with the distribution.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS
-.\" OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-.\" WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-.\" DISCLAIMED. IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT,
-.\" INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
-.\" (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
-.\" SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
-.\" IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-.\" POSSIBILITY OF SUCH DAMAGE.
-.\"
-.\" $FreeBSD$
-.\"
-.Dd December 30, 2001
-.Dt SPPPCONTROL 8
-.Os
-.Sh NAME
-.Nm spppcontrol
-.Nd display or set parameters for an sppp interface
-.Sh SYNOPSIS
-.Nm
-.Op Fl v
-.Ar ifname
-.Op Ar parameter Ns Op Li = Ns Ar value
-.Op Ar ...
-.Sh DESCRIPTION
-The
-.Xr sppp 4
-driver might require a number of additional arguments or optional
-parameters besides the settings that can be adjusted with
-.Xr ifconfig 8 .
-These are things like authentication protocol parameters, but also
-other tunable configuration variables.
-The
-.Nm
-utility can be used to display the current settings, or adjust these
-parameters as required.
-.Pp
-For whatever intent
-.Nm
-is being called, at least the parameter
-.Ar ifname
-needs to be specified, naming the interface for which the settings
-are to be performed or displayed.
-Use
-.Xr ifconfig 8 ,
-or
-.Xr netstat 1
-to see which interfaces are available.
-.Pp
-If no other parameter is given,
-.Nm
-will just list the current settings for
-.Ar ifname
-and exit.
-The reported settings include the current PPP phase the
-interface is in, which can be one of the names
-.Em dead ,
-.Em establish ,
-.Em authenticate ,
-.Em network ,
-or
-.Em terminate .
-If an authentication protocol is configured for the interface, the
-name of the protocol to be used, as well as the system name to be used
-or expected will be displayed, plus any possible options to the
-authentication protocol if applicable.
-Note that the authentication
-secrets (sometimes also called
-.Em keys )
-are not being returned by the underlying system call, and are thus not
-displayed.
-.Pp
-If any additional parameter is supplied, superuser privileges are
-required, and the command works in the
-.Dq set
-mode.
-This is normally done quietly, unless the option
-.Fl v
-is also enabled, which will cause a final printout of the settings as
-described above once all other actions have been taken.
-Use of this
-mode will be rejected if the interface is currently in any other phase
-than
-.Em dead .
-Note that you can force an interface into
-.Em dead
-phase by calling
-.Xr ifconfig 8
-with the parameter
-.Cm down .
-.Pp
-The currently supported parameters include:
-.Bl -tag -offset indent -width indent
-.It Va authproto Ns Li = Ns Ar protoname
-Set both, his and my authentication protocol to
-.Ar protoname .
-The protocol name can be one of
-.Dq Li chap ,
-.Dq Li pap ,
-or
-.Dq Li none .
-In the latter case, the use of an authentication protocol will be
-turned off for the named interface.
-This has the side-effect of
-clearing the other authentication-related parameters for this
-interface as well (i.e., system name and authentication secret will
-be forgotten).
-.It Va myauthproto Ns Li = Ns Ar protoname
-Same as above, but only for my end of the link.
-I.e., this is the
-protocol when remote is authenticator, and I am the peer required to
-authenticate.
-.It Va hisauthproto Ns Li = Ns Ar protoname
-Same as above, but only for his end of the link.
-.It Va myauthname Ns Li = Ns Ar name
-Set my system name for the authentication protocol.
-.It Va hisauthname Ns Li = Ns Ar name
-Set his system name for the authentication protocol.
-For CHAP, this
-will only be used as a hint, causing a warning message if remote did
-supply a different name.
-For PAP, it is the name remote must use to
-authenticate himself (in connection with his secret).
-.It Va myauthsecret Ns Li = Ns Ar secret
-Set my secret (key, password) for use in the authentication phase.
-For CHAP, this will be used to compute the response hash value, based
-on remote's challenge.
-For PAP, it will be transmitted as plain text
-together with the system name.
-Do not forget to quote the secrets from
-the shell if they contain shell metacharacters (or white space).
-.It Va myauthkey Ns Li = Ns Ar secret
-Same as above.
-.It Va hisauthsecret Ns Li = Ns Ar secret
-Same as above, to be used if we are an authenticator and the remote peer
-needs to authenticate.
-.It Va hisauthkey Ns Li = Ns Va secret
-Same as above.
-.It Va callin
-Require remote to authenticate himself only when he is calling in, but
-not when we are caller.
-This is required for some peers that do not
-implement the authentication protocols symmetrically (like Ascend
-routers, for example).
-.It Va always
-The opposite of
-.Va callin .
-Require remote to always authenticate, regardless of which side is
-placing the call.
-This is the default, and will not be explicitly
-displayed in the
-.Dq list
-mode.
-.It Va norechallenge
-Only meaningful with CHAP.
-Do not re-challenge peer once the initial
-CHAP handshake was successful.
-Used to work around broken peer
-implementations that cannot grok being re-challenged once the
-connection is up.
-.It Ar rechallenge
-With CHAP, send re-challenges at random intervals while the connection
-is in network phase.
-(The intervals are currently in the range of 300
-through approximately 800 seconds.)
-This is the default, and will not
-be explicitly displayed in the
-.Dq list
-mode.
-.It Va lcp-timeout Ns Li = Ns Ar timeout-value
-Allows to change the value of the LCP restart timer.
-Values are
-specified in milliseconds.
-The value must be between 10 and 20000 ms,
-defaulting to 3000 ms.
-.It Va enable-vj
-Enable negotiation of Van Jacobsen header compression.
-(Enabled by default.)
-.It Va disable-vj
-Disable negotiation of Van Jacobsen header compression.
-.It Va enable-ipv6
-Enable negotiation of the IPv6 network control protocol.
-(Enabled by default if the kernel has IPv6 enabled.)
-.It Va disable-ipv6
-Disable negotiation of the IPv6 network control protocol.
-Since every
-IPv4 interface in an IPv6-enabled kernel automatically gets an IPv6
-address assigned, this option provides for a way to administratively
-prevent the link from attempting to negotiate IPv6.
-Note that
-initialization of an IPv6 interface causes a multicast packet to be
-sent, which can cause unwanted traffic costs (for dial-on-demand
-interfaces).
-.El
-.Sh EXAMPLES
-.Bd -literal
-# spppcontrol bppp0
-bppp0: phase=dead
- myauthproto=chap myauthname="uriah"
- hisauthproto=chap hisauthname="ifb-gw" norechallenge
- lcp-timeout=3000
- enable-vj
- enable-ipv6
-.Ed
-.Pp
-Display the settings for
-.Li bppp0 .
-The interface is currently in
-.Em dead
-phase, i.e., the LCP layer is down, and no traffic is possible.
-Both
-ends of the connection use the CHAP protocol, my end tells remote the
-system name
-.Dq Li uriah ,
-and remote is expected to authenticate by the name
-.Dq Li ifb-gw .
-Once the initial CHAP handshake was successful, no further CHAP
-challenges will be transmitted.
-There are supposedly some known CHAP
-secrets for both ends of the link which are not being shown.
-.Bd -literal
-# spppcontrol bppp0 \e
- authproto=chap \e
- myauthname=uriah myauthsecret='some secret' \e
- hisauthname=ifb-gw hisauthsecret='another' \e
- norechallenge
-.Ed
-.Pp
-A possible call to
-.Nm
-that could have been used to bring the interface into the state shown
-by the previous example.
-.Sh SEE ALSO
-.Xr netstat 1 ,
-.Xr sppp 4 ,
-.Xr ifconfig 8
-.Rs
-.%A B. Lloyd
-.%A W. Simpson
-.%T "PPP Authentication Protocols"
-.%O RFC 1334
-.Re
-.Rs
-.%A W. Simpson, Editor
-.%T "The Point-to-Point Protocol (PPP)"
-.%O RFC 1661
-.Re
-.Rs
-.%A W. Simpson
-.%T "PPP Challenge Handshake Authentication Protocol (CHAP)"
-.%O RFC 1994
-.Re
-.Sh HISTORY
-The
-.Nm
-utility appeared in
-.Fx 3.0 .
-.Sh AUTHORS
-The program was written by
-.An J\(:org Wunsch ,
-Dresden.
diff --git a/sbin/spppcontrol/spppcontrol.c b/sbin/spppcontrol/spppcontrol.c
deleted file mode 100644
index e56310c635e9..000000000000
--- a/sbin/spppcontrol/spppcontrol.c
+++ /dev/null
@@ -1,266 +0,0 @@
-/*-
- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
- *
- * Copyright (c) 1997, 2001 Joerg Wunsch
- *
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE DEVELOPERS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include <sys/cdefs.h>
-__FBSDID("$FreeBSD$");
-
-#include <sys/types.h>
-#include <sys/ioctl.h>
-#include <sys/socket.h>
-
-#include <net/if.h>
-#include <net/if_sppp.h>
-
-#include <err.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sysexits.h>
-#include <unistd.h>
-
-static void usage(void);
-void print_vals(const char *ifname, struct spppreq *sp);
-const char *phase_name(enum ppp_phase phase);
-const char *proto_name(u_short proto);
-const char *authflags(u_short flags);
-
-#define PPP_PAP 0xc023
-#define PPP_CHAP 0xc223
-
-int
-main(int argc, char **argv)
-{
- int s, c;
- int errs = 0, verbose = 0;
- size_t off;
- long to;
- char *endp;
- const char *ifname, *cp;
- struct ifreq ifr;
- struct spppreq spr;
-
- while ((c = getopt(argc, argv, "v")) != -1)
- switch (c) {
- case 'v':
- verbose++;
- break;
-
- default:
- errs++;
- break;
- }
- argv += optind;
- argc -= optind;
-
- if (errs || argc < 1)
- usage();
-
- ifname = argv[0];
- strncpy(ifr.ifr_name, ifname, sizeof ifr.ifr_name);
-
- /* use a random AF to create the socket */
- if ((s = socket(AF_INET, SOCK_DGRAM, 0)) < 0)
- err(EX_UNAVAILABLE, "ifconfig: socket");
-
- argc--;
- argv++;
-
- spr.cmd = (uintptr_t) SPPPIOGDEFS;
- ifr.ifr_data = (caddr_t)&spr;
-
- if (ioctl(s, SIOCGIFGENERIC, &ifr) == -1)
- err(EX_OSERR, "SIOCGIFGENERIC(SPPPIOGDEFS)");
-
- if (argc == 0) {
- /* list only mode */
- print_vals(ifname, &spr);
- return 0;
- }
-
-#define startswith(s) strncmp(argv[0], s, (off = strlen(s))) == 0
-
- while (argc > 0) {
- if (startswith("authproto=")) {
- cp = argv[0] + off;
- if (strcmp(cp, "pap") == 0)
- spr.defs.myauth.proto =
- spr.defs.hisauth.proto = PPP_PAP;
- else if (strcmp(cp, "chap") == 0)
- spr.defs.myauth.proto =
- spr.defs.hisauth.proto = PPP_CHAP;
- else if (strcmp(cp, "none") == 0)
- spr.defs.myauth.proto =
- spr.defs.hisauth.proto = 0;
- else
- errx(EX_DATAERR, "bad auth proto: %s", cp);
- } else if (startswith("myauthproto=")) {
- cp = argv[0] + off;
- if (strcmp(cp, "pap") == 0)
- spr.defs.myauth.proto = PPP_PAP;
- else if (strcmp(cp, "chap") == 0)
- spr.defs.myauth.proto = PPP_CHAP;
- else if (strcmp(cp, "none") == 0)
- spr.defs.myauth.proto = 0;
- else
- errx(EX_DATAERR, "bad auth proto: %s", cp);
- } else if (startswith("myauthname="))
- strncpy(spr.defs.myauth.name, argv[0] + off,
- AUTHNAMELEN);
- else if (startswith("myauthsecret=") ||
- startswith("myauthkey="))
- strncpy(spr.defs.myauth.secret, argv[0] + off,
- AUTHKEYLEN);
- else if (startswith("hisauthproto=")) {
- cp = argv[0] + off;
- if (strcmp(cp, "pap") == 0)
- spr.defs.hisauth.proto = PPP_PAP;
- else if (strcmp(cp, "chap") == 0)
- spr.defs.hisauth.proto = PPP_CHAP;
- else if (strcmp(cp, "none") == 0)
- spr.defs.hisauth.proto = 0;
- else
- errx(EX_DATAERR, "bad auth proto: %s", cp);
- } else if (startswith("hisauthname="))
- strncpy(spr.defs.hisauth.name, argv[0] + off,
- AUTHNAMELEN);
- else if (startswith("hisauthsecret=") ||
- startswith("hisauthkey="))
- strncpy(spr.defs.hisauth.secret, argv[0] + off,
- AUTHKEYLEN);
- else if (strcmp(argv[0], "callin") == 0)
- spr.defs.hisauth.flags |= AUTHFLAG_NOCALLOUT;
- else if (strcmp(argv[0], "always") == 0)
- spr.defs.hisauth.flags &= ~AUTHFLAG_NOCALLOUT;
- else if (strcmp(argv[0], "norechallenge") == 0)
- spr.defs.hisauth.flags |= AUTHFLAG_NORECHALLENGE;
- else if (strcmp(argv[0], "rechallenge") == 0)
- spr.defs.hisauth.flags &= ~AUTHFLAG_NORECHALLENGE;
- else if (startswith("lcp-timeout=")) {
- cp = argv[0] + off;
- to = strtol(cp, &endp, 10);
- if (*cp == '\0' || *endp != '\0' ||
- /*
- * NB: 10 ms is the minimal possible value for
- * hz=100. We assume no kernel has less clock
- * frequency than that...
- */
- to < 10 || to > 20000)
- errx(EX_DATAERR, "bad lcp timeout value: %s",
- cp);
- spr.defs.lcp.timeout = to;
- } else if (strcmp(argv[0], "enable-vj") == 0)
- spr.defs.enable_vj = 1;
- else if (strcmp(argv[0], "disable-vj") == 0)
- spr.defs.enable_vj = 0;
- else if (strcmp(argv[0], "enable-ipv6") == 0)
- spr.defs.enable_ipv6 = 1;
- else if (strcmp(argv[0], "disable-ipv6") == 0)
- spr.defs.enable_ipv6 = 0;
- else
- errx(EX_DATAERR, "bad parameter: \"%s\"", argv[0]);
-
- argv++;
- argc--;
- }
-
- spr.cmd = (uintptr_t)SPPPIOSDEFS;
-
- if (ioctl(s, SIOCSIFGENERIC, &ifr) == -1)
- err(EX_OSERR, "SIOCSIFGENERIC(SPPPIOSDEFS)");
-
- if (verbose)
- print_vals(ifname, &spr);
-
- return 0;
-}
-
-static void
-usage(void)
-{
- fprintf(stderr, "%s\n%s\n",
- "usage: spppcontrol [-v] ifname [{my|his}auth{proto|name|secret}=...]",
- " spppcontrol [-v] ifname callin|always");
- exit(EX_USAGE);
-}
-
-void
-print_vals(const char *ifname, struct spppreq *sp)
-{
- printf("%s:\tphase=%s\n", ifname, phase_name(sp->defs.pp_phase));
- if (sp->defs.myauth.proto) {
- printf("\tmyauthproto=%s myauthname=\"%.*s\"\n",
- proto_name(sp->defs.myauth.proto),
- AUTHNAMELEN, sp->defs.myauth.name);
- }
- if (sp->defs.hisauth.proto) {
- printf("\thisauthproto=%s hisauthname=\"%.*s\"%s\n",
- proto_name(sp->defs.hisauth.proto),
- AUTHNAMELEN, sp->defs.hisauth.name,
- authflags(sp->defs.hisauth.flags));
- }
- printf("\tlcp-timeout=%d ms\n", sp->defs.lcp.timeout);
- printf("\t%sable-vj\n", sp->defs.enable_vj? "en": "dis");
- printf("\t%sable-ipv6\n", sp->defs.enable_ipv6? "en": "dis");
-}
-
-const char *
-phase_name(enum ppp_phase phase)
-{
- switch (phase) {
- case PHASE_DEAD: return "dead";
- case PHASE_ESTABLISH: return "establish";
- case PHASE_TERMINATE: return "terminate";
- case PHASE_AUTHENTICATE: return "authenticate";
- case PHASE_NETWORK: return "network";
- }
- return "illegal";
-}
-
-const char *
-proto_name(u_short proto)
-{
- static char buf[12];
- switch (proto) {
- case PPP_PAP: return "pap";
- case PPP_CHAP: return "chap";
- }
- sprintf(buf, "0x%x", (unsigned)proto);
- return buf;
-}
-
-const char *
-authflags(u_short flags)
-{
- static char buf[30];
- buf[0] = '\0';
- if (flags & AUTHFLAG_NOCALLOUT)
- strcat(buf, " callin");
- if (flags & AUTHFLAG_NORECHALLENGE)
- strcat(buf, " norechallenge");
- return buf;
-}
diff --git a/sbin/veriexec/veriexec.c b/sbin/veriexec/veriexec.c
index c1facbd4a9fa..1eb7a9af7d6f 100644
--- a/sbin/veriexec/veriexec.c
+++ b/sbin/veriexec/veriexec.c
@@ -91,7 +91,7 @@ main(int argc, char *argv[])
ctl = VERIEXEC_STATE_ENFORCE;
break;
case 'l': /* loaded/locked */
- ctl = (strncmp(optarg, "lock", 4)) ?
+ ctl = (strncmp(optarg, "lock", 4) == 0) ?
VERIEXEC_STATE_LOCKED :
VERIEXEC_STATE_LOADED;
break;