aboutsummaryrefslogtreecommitdiff
path: root/sbin
Commit message (Collapse)AuthorAgeFilesLines
* route(8): correctly return exit status when "-q" flag is used.Eugene Grosbein2018-10-271-4/+6
| | | | | | | | | | | Previously, route returned 1 in case of error properly signalling failure but "route -q" it returned 0 for same case. Fix it. PR: 186333 MFC after: 1 month Notes: svn path=/head/; revision=339811
* dumpon.8: Significantly revamp pageConrad Meyer2018-10-261-165/+177
| | | | | | | | | | | | | | | Start with a short summary and cover the options in a standard list style. Organize sections by common focus and prioritize more useful information closer to the top. Flesh out authors, history, caveats, and security considerations sections. Reviewed by: markj, eadler (previous version) Differential Revision: https://reviews.freebsd.org/D17679 Notes: svn path=/head/; revision=339785
* dumpon(8): Provide seatbelt against weak RSA keysConrad Meyer2018-10-262-1/+37
| | | | | | | | | | | | | | | | | | | | | | | | | | The premise of dumpon -k foo.pem is that dump contents will be confidential except to anyone holding the corresponding RSA private key. This guarantee breaks down when weak RSA keys are used. Small RSA keys (e.g. 512 bits) can be broken on a single personal computer in tractible time. Marginal RSA keys (768 bits) can be broken by EC2 and a few dollars. Even 1024 bit keys can probably be broken by sophisticated and wealthy attackers. NIST SP800-57 (2016) recommends a minimum of 2048 bit RSA keys, and estimates this provides 112 bits of security. It would also be good to protect users from weak values of 'e' (i.e., 3) and perhaps sanity check that their public key .pem does not accidentally contain their private key as well. These considerations are left as future work. Reviewed by: markj, darius AT dons.net.au (previous version) Discussed with: bjk Differential Revision: https://reviews.freebsd.org/D17678 Notes: svn path=/head/; revision=339784
* Use correct format specificator to print setdscp action.Andrey V. Elsukov2018-10-251-1/+1
| | | | | | | | PR: 232642 MFC after: 3 days Notes: svn path=/head/; revision=339740
* Allow fdisk(8) to deal with sectors larger than 2048Rodney W. Grimes2018-10-251-1/+1
| | | | | | | | | | especially for 4Kn drives with PMBR's Approved by: bde (mentor) MFC: 3 days Notes: svn path=/head/; revision=339707
* Continuing efforts to provide hardening of FFS, this change adds aKirk McKusick2018-10-232-4/+8
| | | | | | | | | | | | | | | | | | check hash to the superblock. If a check hash fails when an attempt is made to mount a filesystem, the mount fails with EINVAL (Invalid argument). This avoids a class of filesystem panics related to corrupted superblocks. The hash is done using crc32c. Check hases are added only to UFS2 and not to UFS1 as UFS1 is primarily used in embedded systems with small memories and low-powered processors which need as light-weight a filesystem as possible. Reviewed by: kib Tested by: Peter Holm Sponsored by: Netflix Notes: svn path=/head/; revision=339671
* pf tests: Fix incorrect test for PR 231323Kristof Provost2018-10-222-3/+4
| | | | | | | | | | Fix r339466. The test result file did not list the rdr rule. Additionally, the route-to rule needs a redirection address. X-MFC-with: 339466 Notes: svn path=/head/; revision=339627
* pfctl: Fix line numbers when \ is used inside ""Kristof Provost2018-10-221-1/+3
| | | | | | | | | PR: 201520 Obtained from: OpenBSD MFC after: 2 weeks Notes: svn path=/head/; revision=339578
* Retire IPFIREWALL_NAT64_DIRECT_OUTPUT kernel option. And add abilityAndrey V. Elsukov2018-10-211-3/+43
| | | | | | | | | | | | | | | | | | to switch the output method in run-time. Also document some sysctl variables that can by changed for NAT64 module. NAT64 had compile time option IPFIREWALL_NAT64_DIRECT_OUTPUT to use if_output directly from nat64 module. By default is used netisr based output method. Now both methods can be used, but they require different handling by rules. Obtained from: Yandex LLC MFC after: 3 weeks Sponsored by: Yandex LLC Differential Revision: https://reviews.freebsd.org/D16647 Notes: svn path=/head/; revision=339542
* Add IPFW_RULE_JUSTOPTS flag, that is used by ipfw(8) to mark rule,Andrey V. Elsukov2018-10-211-1/+10
| | | | | | | | | | | | | that was added using "new rule format". And then, when the kernel returns rule with this flag, ipfw(8) can correctly show it. Reported by: lev MFC after: 3 weeks Sponsored by: Yandex LLC Differential Revision: https://reviews.freebsd.org/D17373 Notes: svn path=/head/; revision=339539
* Fix grammar.Andrey V. Elsukov2018-10-211-1/+1
| | | | | | | | Reported by: yuripv MFC after: 3 weeks Notes: svn path=/head/; revision=339536
* Do not allow use `create` keyword as hostname when ifconfig(8) is invokedAndrey V. Elsukov2018-10-211-0/+12
| | | | | | | | | | | | | | | | | | | | for already existing interface. It appeared, that ifconfig(8) assumes `create` keyword as hostname and tries to resolve it, when `ifconfig ifname create` invoked for already existing interface. This can produce some unexpected results, when hostname resolving has successfully happened. This patch adds check for such case. When an interface is already exists, and create is only one argument, return error message. But when there are some other arguments, just remove create keyword from the arguments list. Obtained from: Yandex LLC MFC after: 3 weeks Sponsored by: Yandex LLC Differential Revision: https://reviews.freebsd.org/D17171 Notes: svn path=/head/; revision=339535
* mdmfs(8): Check for other types of helper-program failureConrad Meyer2018-10-201-10/+49
| | | | | | | | | | | | | | | | | | | | | Exiting with a signal should not be treated the same as successful exit with zero status. Return signal exit information to the callers via negative integers, to enable distinction from normal exit statuses. (All consumers that check for errors don't care what the exact non-zero exit value is -- in such a case they print a diagnostic message and either continue or bail.) Additionally, check for unexpected sources of waitpid() wakeup and bail if we encounter them. Reported by: lev@ Reviewed by: kib, lev, markj (earlier version) Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D17035 Notes: svn path=/head/; revision=339494
* Fix typoWarner Losh2018-10-201-0/+2
| | | | | | | | | | The vendor name wds should have been wdc. Add wdc and keep the wds for script compat. MFC after: 3 days Notes: svn path=/head/; revision=339493
* pfctl tests: Basic test case for PR 231323Kristof Provost2018-10-204-1/+7
| | | | | | | | | PR: 231323 MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D17508 Notes: svn path=/head/; revision=339466
* pfctl: Dup stringsKristof Provost2018-10-201-2/+2
| | | | | | | | | | | | When we set the ifname we have to copy the string, rather than just keep the pointer. PR: 231323 MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D17507 Notes: svn path=/head/; revision=339464
* Fix spelling of an error message and add warning to another errorBjoern A. Zeeb2018-10-171-2/+4
| | | | | | | | | | | case in tunefs(8). Reviewed by: imp (2017 version of the same diff) Approved by: re (gjb) Differential Revision: https://reviews.freebsd.org/D10046 Notes: svn path=/head/; revision=339414
* Move the rc framework out of sbin/init into libexec/rc.Bjoern A. Zeeb2018-10-17178-17154/+1
| | | | | | | | | | | | | | | | | The reasons for this are forward looking to pkgbase: * /sbin/init is a special binary; try not to replace it with every package update because an rc script was touched. (a follow-up commit will make init its own package) * having rc in its own place will allow more easy replacement of the rc framework with alternatives, such as openrc. Discussed with: brd (during BSDCam), kmoore Requested by: cem, bz PR: 231522 Approved by: re (gjb) Notes: svn path=/head/; revision=339413
* MFH r339206-r339212, r339215-r339239Glen Barber2018-10-081-1/+1
|\ | | | | | | | | | | | | Sponsored by: The FreeBSD Foundation Notes: svn path=/projects/openssl111/; revision=339240
| * Fix information about $firewall_myservicesDanilo G. Baio2018-10-051-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | After r273201 it is supported "/{udp,tcp,proto}" suffix into $firewall_myservices, and in the rc.conf the information is outdated. Reviewed by: bcr, rgrimes Approved by: re (gjb), doc (bcr), src (rgrimes) MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D17338 Notes: svn path=/head/; revision=339208
* | MFH r338661 through r339200.Glen Barber2018-10-0515-55/+806
|\| | | | | | | | | | | | | Sponsored by: The FreeBSD Foundation Notes: svn path=/projects/openssl111/; revision=339201
| * Add missing newline in pwarn message.Kirk McKusick2018-10-021-1/+1
| | | | | | | | | | | | | | | | Reported by: Mark Millard <marklmi@yahoo.com> Approved by: re (kib) Notes: svn path=/head/; revision=339082
| * Run 32-bit compat ldconfig on mips64.John Baldwin2018-09-281-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | mips64 supports COMPAT_FREEBSD32 (for o32 binaries), so run the 32-bit compat ldconfig on it as well. Reported by: brooks Reviewed by: brooks, kib Approved by: re (gjb) Differential Revision: https://reviews.freebsd.org/D17342 Notes: svn path=/head/; revision=339000
| * Add description, parameters, options, sysctl and examples of using AQMs to ↵Guangyuan Yang2018-09-271-3/+426
| | | | | | | | | | | | | | | | | | | | | | | | | | ipfw man page. CoDel, PIE, FQ-CoDel and FQ-PIE AQM for Dummynet exist in FreeBSD 11 and 10.3. Submitted by: ralsaadi@swin.edu.au Reviewed by: AllanJude Approved by: re (gjb) MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D12507 Notes: svn path=/head/; revision=338977
| * Remove -m (update) from ldconfig -32 & -soft invocation on startup.Konstantin Belousov2018-09-271-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Since r154114 which introduced ldconfig_local32_dirs, ldconfig -32 was called with -m. This means that ld-elf32.so.hints paths set is not cleared for compat32 on boot, unlike ld,so,hints. Same -m was used in r294295 for ld-elf-soft.so.hints on arm. The patch fixes the asymmetry. Noted by: Andreas Longwitz <longwitz@incore.de> Reviewed by: brooks, emaste, imp Discussed with: bdrewery Sponsored by: The FreeBSD Foundation Approved by: re (gjb) MFC after: 1 week Differential revision: https://reviews.freebsd.org/D17331 Notes: svn path=/head/; revision=338964
| * Add "src-ip" or "dst-ip" keyword to the output, when we are printing theAndrey V. Elsukov2018-09-261-0/+12
| | | | | | | | | | | | | | | | | | | | | | rest of rule options. Reported by: lev Approved by: re (gjb) MFC after: 1 week Notes: svn path=/head/; revision=338947
| * sysctl(8): Add a standard exit status section.Mateusz Piotrowski2018-09-241-1/+3
| | | | | | | | | | | | | | | | | | Reviewed by: bcr Approved by: re (gjb), krion (mentor) Differential Revision: https://reviews.freebsd.org/D17147 Notes: svn path=/head/; revision=338920
| * Update ifr_name before invoking IPSECSREQID ioctl, this fixes the case,Andrey V. Elsukov2018-09-221-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | when `ifconfig ipsec create reqid N` command invoked without interface unit number. The "name" global variable is updated after interface cloning in the ifclonecreate() and contains actual interface name. Reported by: lev Approved by: re (kib) MFC after: 1 week Notes: svn path=/head/; revision=338890
| * We don't need shell protection for when we're expanding matches.Warner Losh2018-09-222-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | Don't add it. This should fix when we do regepx matches against variables we've set and fix wifi bring up. PR: 231441 Approved by: re@ (kib) Differential Revision: https://reviews.freebsd.org/D17267 Notes: svn path=/head/; revision=338888
| * Move disktab to sbin/bsdlabel/Brad Davis2018-09-182-0/+205
| | | | | | | | | | | | | | | | | | | | This leverages CONFS to handle the install. Approved by: re (blanket, pkgbase), will (mentor) Differential Revision: https://reviews.freebsd.org/D17217 Notes: svn path=/head/; revision=338759
| * Move dhclient.conf to sbin/dhclient/.Brad Davis2018-09-182-0/+9
| | | | | | | | | | | | | | | | | | | | This also leverages CONFS for handling config files. Approved by: re (gjb), will (mentor) Differential Revision: https://reviews.freebsd.org/D17160 Notes: svn path=/head/; revision=338740
| * Remove dhclient.conf from here in prep for the move of it from etc/.Brad Davis2018-09-181-39/+0
| | | | | | | | | | | | | | | | | | | | This is being done a separate step to ease importing into other VCSes. Approved by: re (gjb), will (mentor) Differential Revision: https://reviews.freebsd.org/D17160 Notes: svn path=/head/; revision=338739
| * Fix "fasthalt" to halt instead of rebootEric van Gyzen2018-09-141-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | fasthalt has behaved like reboot, instead of like halt, since r228408 (2011, 10.0-RELEASE). Fix it. One wonders if anyone will notice. Approved by: re (kib) MFC after: 3 days Sponsored by: Dell EMC Isilon Notes: svn path=/head/; revision=338688
| * Add the "-t" option to geom(8) utility, to display geoms hierarchy.Edward Tomasz Napierala2018-09-142-4/+142
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Sample output: % geom -t Geom Class Provider da0 DISK da0 da0 PART da0s1 da0s1 PART da0s1a ffs.da0s1a VFS da0s1a DEV da0s1 DEV da0 DEV da1 DISK da1 swap SWAP da1 DEV cd0 DISK cd0 cd0 DEV Reviewed by: oshogbo Approved by: re (kib) MFC after: 2 weeks Relnotes: yes Sponsored by: DARPA, AFRL Differential Revision: https://reviews.freebsd.org/D17151 Notes: svn path=/head/; revision=338684
* | Make decryptcore(8) buildable.Jung-uk Kim2018-09-191-8/+12
|/ | | | Notes: svn path=/projects/openssl111/; revision=338782
* Add new option to the geom(8) utility, "-p". It makes it easy to look upEdward Tomasz Napierala2018-09-132-1/+80
| | | | | | | | | | | | | | the GEOM class instance from the provider name. Reviewed by: oshogbo, 0mp Approved by: re (kib) MFC after: 2 weeks Relnotes: yes Sponsored by: DARPA, AFRL Differential Revision: https://reviews.freebsd.org/D17116 Notes: svn path=/head/; revision=338640
* umount: remove sync(2) call when used with -fMateusz Guzik2018-09-131-4/+0
| | | | | | | | | | | | It completely unnecessarily iterates over all filesystems and happens to be executed a lot e.g. by synth. Reviewed by: kib Approved by: re (gjb) Differential Revision: https://reviews.freebsd.org/D17143 Notes: svn path=/head/; revision=338639
* Minor usability improvements to geom(8).Edward Tomasz Napierala2018-09-111-9/+12
| | | | | | | | | Approved by: re (kib) MFC after: 2 weeks Sponsored by: DARPA, AFRL Notes: svn path=/head/; revision=338589
* Allow dhclient and ping to build WITHOUT_DYNAMICROOTEd Maste2018-09-092-2/+6
| | | | | | | | | | | | | | | | | dhclient and ping normally use libcasper services. These are not available in statically-linked binaries, so when WITHOUT_DYNAMICROOT is set disable libcasper use, as with rescue builds. Also emit a warning as it's undesirable to build this way. Reported by: Michael Dexter Reviewed by: rgrimes Tested by: Michael Dexter Approved by: re (kib) Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D17074 Notes: svn path=/head/; revision=338543
* Improve handling of the EFI map types[] array.Konstantin Belousov2018-09-081-18/+19
| | | | | | | | | | | | | Use nitems(), do not assume EFI_MD_TYPE_ contiguous allocation, in particular, switch to use designated array initializers. Reviewed by: jhb (previous version) Sponsored by: The FreeBSD Foundation MFC after: 1 week Approved by: re (gjb) Notes: svn path=/head/; revision=338533
* Teach sysctl(8) about the Persistent memory type.Konstantin Belousov2018-09-071-2/+3
| | | | | | | | | | | | Add PersistentMemory to the list of sysctl's known memory types when decoding an EFI memory map. Submitted by: D Scott Phillips <d.scott.phillips@intel.com> MFC after: 1 week Approved by: re (rgrimes) Notes: svn path=/head/; revision=338523
* Trim whitespace.Konstantin Belousov2018-09-071-2/+2
| | | | | | | Approved by: re (gjb) Notes: svn path=/head/; revision=338522
* Move etc/ttys to sbin/init/.Brad Davis2018-09-049-1/+398
| | | | | | | | | | And simplify this a little by flattening the directory structure. Approved by: re (gjb), will (mentor) Differential Revision: https://reviews.freebsd.org/D16955 Notes: svn path=/head/; revision=338454
* Add in a missing newlineWarner Losh2018-08-251-1/+1
| | | | | | | | | | | | | In the conversion, the newline got stripped. It worked fine when there was only one module, but not when there are many. Add back the missing newline. Approved by: re@ (kib) PR: 230868 Differential Revision: https://reviews.freebsd.org/D16895 Notes: svn path=/head/; revision=338314
* libbe(3)/bectl(8): Make consistent with beadmKyle Evans2018-08-242-6/+6
| | | | | | | | | | | | | | | | | | | | vermaden (maintainer of beadm) points out the following inconsistencies: - "missing command" is not printed prior to usage if the error is simply a missing command; this should be obvious from the context - "bectl rename" isn't using the "don't unmount" flag (zfs rename -u), so the active BE can't be renamed. It doesn't make sense in our context to *not* use -u, so use it. Documentation updates reflect the above and note an inconsistency with the 'destroy' command that is consistent with other parts of the base system. A fix for libbe(3) not properly being installed to /lib is included. SHLIBDIR should have been added when it was moved in r337995. Approved by: re (kib) Notes: svn path=/head/; revision=338303
* Allow bootstrapping md5 on Linux, MacOS and FreeBSD < 12Alex Richardson2018-08-232-2/+22
| | | | | | | | | | | | In order to build on a Linux host we need to bootstrap md5 since the Linux md5sum command produces output in a different format. Reviewed By: emaste Approved By: brooks (mentor) Differential Revision: https://reviews.freebsd.org/D16846 Notes: svn path=/head/; revision=338267
* Fix warning about crossing INT32_MAX boundary in computation of constant value.Patrick Kelsey2018-08-231-1/+1
| | | | Notes: svn path=/head/; revision=338260
* Extend tbrsize heuristic in pfctl(8) to provide a sensible value forPatrick Kelsey2018-08-231-1/+3
| | | | | | | | | | | | | | | | | | | | | | higher bandwidth interfaces. The new value is used above 2.5 Gbps, which is the highest standard rate that could be used prior to r338209, so the default behavior for all existing systems should remain the same. The value of 128 chosen is a balance between being big enough to reduce potential precision/quantization effects stemming from frequent bucket refills over small time intervals and being small enough to prevent a greedy driver from burst dequeuing more packets than it has available hardware ring slots for whenever altq transitions from idle to backlogged. Reviewed by: jmallett, kp MFC after: 2 weeks Sponsored by: RG Nets Differential Revision: https://reviews.freebsd.org/D16852 Notes: svn path=/head/; revision=338253
* Implement blacklisting for devmatchWarner Losh2018-08-232-5/+12
| | | | | | | | | | devmatch_blacklist is a space separated list of modules (w/o the .ko or full path) to exclude from devmatch's processing. Differential Revision: https://reviews.freebsd.org/D16735 Notes: svn path=/head/; revision=338238
* When trying to match the nomatch event passed to us, attempt to lookWarner Losh2018-08-231-5/+60
| | | | | | | | | | | | | | | up the device described by the nomatch event in the device tree. If we find it, then if the device is marked as have already attached to a device once, then ignore the device. This keeps us from reloading the device driver when it has just been manually unloaded. All devies that have had a driver attach to them at least once no longer participate in pnp-based autoloading. Differential Revision: https://reviews.freebsd.org/D16735 Notes: svn path=/head/; revision=338237