aboutsummaryrefslogtreecommitdiff
path: root/sbin
Commit message (Collapse)AuthorAgeFilesLines
* Continuing efforts to provide hardening of FFS. This change adds aKirk McKusick2018-12-114-2/+33
| | | | | | | | | | | | | | | | | | | | | | | | | check hash to the filesystem inodes. Access attempts to files associated with an inode with an invalid check hash will fail with EINVAL (Invalid argument). Access is reestablished after an fsck is run to find and validate the inodes with invalid check-hashes. This check avoids a class of filesystem panics related to corrupted inodes. The hash is done using crc32c. Note this check-hash is for the inode itself and not any of its indirect blocks. Check-hash validation may be extended to also cover indirect block pointers, but that will be a separate (and more costly) feature. Check hashes are added only to UFS2 and not to UFS1 as UFS1 is primarily used in embedded systems with small memories and low-powered processors which need as light-weight a filesystem as possible. Reviewed by: kib Tested by: Peter Holm Sponsored by: Netflix Notes: svn path=/head/; revision=341836
* Rework how protocol number is tracked in rule. Save it when O_PROTOAndrey V. Elsukov2018-12-101-10/+6
| | | | | | | | | | | opcode will be printed. This should solve the problem, when protocol name is not printed in `ipfw -N show`. Reported by: Claudio Eichenberger <cei at yourshop.com> MFC after: 1 week Notes: svn path=/head/; revision=341799
* Use correct size for IPv4 address in gethostbyaddr().Andrey V. Elsukov2018-12-101-1/+2
| | | | | | | | | | When u_long is 8 bytes, it returns EINVAL and 'ipfw -N show' doesn't work. Reported by: Claudio Eichenberger <cei at yourshop.com> MFC after: 1 week Notes: svn path=/head/; revision=341798
* ping(8): add space after "<=" as per style(9).Eugene Grosbein2018-12-101-1/+1
| | | | | | | | MFC after: 1 week X-MFC-with: r341768 Notes: svn path=/head/; revision=341795
* ping(8): remove needless comparision with LONG_MAXEugene Grosbein2018-12-091-1/+1
| | | | | | | | | after unsigned long ultmp changed to long ltmp in r340245. MFC after: 1 week Notes: svn path=/head/; revision=341768
* Update paths based on last-minute changes from libexec to lib.Warner Losh2018-12-061-2/+2
| | | | Notes: svn path=/head/; revision=341664
* Declare global function print_intel_add_smart in headerWarner Losh2018-12-061-0/+1
| | | | Notes: svn path=/head/; revision=341663
* Use proper prototypes.Warner Losh2018-12-061-2/+2
| | | | Notes: svn path=/head/; revision=341662
* It's useful to have this be a global function.Warner Losh2018-12-061-1/+1
| | | | | | | | | | Other vendors base their additional smart info pages on what Intel did plus some other bits. So it's convenient to have this be global. Sponsored by: Netflix Notes: svn path=/head/; revision=341661
* This is not a samsung standard, so remove that alias.Warner Losh2018-12-061-4/+1
| | | | | | | | | | | This was never documented, and isn't needed, so it's best removed to avoid confusion. Sponsored by: Netflix Differential Revision: https://reviews.freebsd.org/D18460 Notes: svn path=/head/; revision=341660
* Move intel and wdc files to their own modulesWarner Losh2018-12-067-1/+31
| | | | | | | | | | Move the intel and wdc vendor specific stuff to their own modules. Sponsored by: Netflix Differential Revision: https://reviews.freebsd.org/D18460 Notes: svn path=/head/; revision=341659
* Const poison the command interfaceWarner Losh2018-12-0612-39/+41
| | | | | | | | | | | | Make the pointers we pass into the commands const, also make the linker set mirrors const. Suggested by: cem@ Sponsored by: Netflix Differential Revision: https://reviews.freebsd.org/D18459 Notes: svn path=/head/; revision=341658
* Dynamically load .so modules to expand functionalityWarner Losh2018-12-067-13/+134
| | | | | | | | | | | | | | | | | | | | o Dynamically load all the .so files found in /libexec/nvmecontrol and /usr/local/libexec/nvmecontrol. o Link nvmecontrol -rdynamic so that its symbols are visible to the libraries we load. o Create concatinated linker sets that we dynamically expand. o Add the linked-in top and logpage linker sets to the mirrors for them and add those sets to the mirrors when we load a new .so. o Add some macros to help hide the names of the linker sets. o Update the man page. Sponsored by: Netflix Differential Revision: https://reviews.freebsd.org/D18455 fold Notes: svn path=/head/; revision=341657
* Normally when an attempt is made to mount a UFS/FFS filesystem whoseKirk McKusick2018-12-065-5/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | superblock has a check-hash error, an error message noting the superblock check-hash failure is printed and the mount fails. The administrator then runs fsck to repair the filesystem and when successful, the filesystem can once again be mounted. This approach fails if the filesystem in question is a root filesystem from which you are trying to boot. Here, the loader fails when trying to access the filesystem to get the kernel to boot. So it is necessary to allow the loader to ignore the superblock check-hash error and make a best effort to read the kernel. The filesystem may be suffiently corrupted that the read attempt fails, but there is no harm in trying since the loader makes no attempt to write to the filesystem. Once the kernel is loaded and starts to run, it attempts to mount its root filesystem. Once again, failure means that it breaks to its prompt to ask where to get its root filesystem. Unless you have an alternate root filesystem, you are stuck. Since the root filesystem is initially mounted read-only, it is safe to make an attempt to mount the root filesystem with the failed superblock check-hash. Thus, when asked to mount a root filesystem with a failed superblock check-hash, the kernel prints a warning message that the root filesystem superblock check-hash needs repair, but notes that it is ignoring the error and proceeding. It does mark the filesystem as needing an fsck which prevents it from being enabled for writing until fsck has been run on it. The net effect is that the reboot fails to single user, but at least at that point the administrator has the tools at hand to fix the problem. Reported by: Rick Macklem (rmacklem@) Discussed with: Warner Losh (imp@) Sponsored by: Netflix Notes: svn path=/head/; revision=341608
* Ensure that cylinder-group check-hashes are properly updated when firstKirk McKusick2018-12-056-16/+42
| | | | | | | | | | creating them and when correcting them when they are found to be corrupted. Reported by: Don Lewis (truckman@) Sponsored by: Netflix Notes: svn path=/head/; revision=341510
* Add ability to request listing and deleting only for dynamic states.Andrey V. Elsukov2018-12-044-25/+61
| | | | | | | | | | | | | | | | | | | | This can be useful, when net.inet.ip.fw.dyn_keep_states is enabled, but after rules reloading some state must be deleted. Added new flag '-D' for such purpose. Retire '-e' flag, since there can not be expired states in the meaning that this flag historically had. Also add "verbose" mode for listing of dynamic states, it can be enabled with '-v' flag and adds additional information to states list. This can be useful for debugging. Obtained from: Yandex LLC MFC after: 2 months Sponsored by: Yandex LLC Notes: svn path=/head/; revision=341472
* ggated: do not expose stack data in sendfail()Ed Maste2018-12-041-0/+1
| | | | | | | | | admbugs: 590 Submitted by: Fabian Keil <fk@fabiankeil.de> Obtained from: ElectroBSD Notes: svn path=/head/; revision=341470
* Restore /var/crash permissions to 0750, as declared in mtree file. AfterRenato Botelho2018-12-041-1/+3
| | | | | | | | | | | | | r337337 it changed to 0755. Reviewed by: loos Approved by: loos MFC after: 3 days Sponsored by: Rubicon Communications, LLC (Netgate) Differential Revision: https://reviews.freebsd.org/D18355 Notes: svn path=/head/; revision=341464
* Fix typo in commentWarner Losh2018-12-021-1/+1
| | | | | | | Sponsored by: Netflix Notes: svn path=/head/; revision=341416
* Delete the undocumented alias 'wds'.Warner Losh2018-12-021-3/+0
| | | | | | | | | | | | This was a typo for wdc. Eliminate it since it was in error. People should use either 'wdc' or 'hgst' for the vendor from now on. 'hgst' works for all versions this functionality is present for. Sponsored by: Netflix Differential Revision: https://reviews.freebsd.org/D18403 Notes: svn path=/head/; revision=341415
* Move Intel specific log pages to intel.cWarner Losh2018-12-024-151/+202
| | | | | | | | | | | | Move the Intel specific log pages (including the one that samsung implements) to intel.c. Add comment to the samsung vendor that it will be going away soon. Sponsored by: Netflix Differential Revision: https://reviews.freebsd.org/D18403 Notes: svn path=/head/; revision=341414
* Usage cleanup pt 2Warner Losh2018-12-0211-20/+37
| | | | | | | | | | | | | Eliminage redundant spaces and nvmecontrol at start of all the usage strings. Update the usage printing code to add them back when presenting to the user. Allow multi-line usage messages and print proper leading spaces for lines starting with a space. Sponsored by: Netflix Differential Revision: https://reviews.freebsd.org/D18403 Notes: svn path=/head/; revision=341413
* Usage cleanup pt 1Warner Losh2018-12-0212-183/+96
| | | | | | | | | | | | | Provide a usage() function that takes a struct nvme_function pointer and produces a usage mssage. Eliminate all now-redundant usage functions. Propigate the new argument through the program as needed. Use common routine to print usage. Sponsored by: Netflix Differential Revision: https://reviews.freebsd.org/D18403 Notes: svn path=/head/; revision=341412
* Return after we find the dispatched function.Warner Losh2018-12-021-1/+3
| | | | | | | | | | | | If the dispatched function doesn't exit, then we get can get a spurious function not found message. They all do exit, but this is a little cleaner. Sponsored by: Netflix Differential Revision: https://reviews.freebsd.org/D18403 Notes: svn path=/head/; revision=341411
* Move the hgst/wdc log page printing code into wdc.cWarner Losh2018-12-022-408/+408
| | | | | | | | | | | These are all hgst/wdc specific, so move them into the wdc.c to live with the wdc command. Sponsored by: Netflix Differential Revision: https://reviews.freebsd.org/D18403 Notes: svn path=/head/; revision=341410
* Move common logpage routines into nvmecontrol.hWarner Losh2018-12-022-8/+9
| | | | | | | | | | | | For the upcoming move of vendor specific code into vendor specific files, make the common logpage routines global and move them to nvmecontrol.h. Sponsored by: Netflix Differential Revision: https://reviews.freebsd.org/D18403 Notes: svn path=/head/; revision=341409
* Make logpage functions a linker set.Warner Losh2018-12-022-45/+67
| | | | | | | | | | | | Move logpage function def to header. Convert all the logpage_function elements to elements of the linker set. Leave them all in logpage.c for the moment. Sponsored by: Netflix Differential Revision: https://reviews.freebsd.org/D18403 Notes: svn path=/head/; revision=341408
* Move nvmecontrol to using linker sets for commandsWarner Losh2018-12-0212-96/+103
| | | | | | | | | | | | | | | | | More commands will be added to nvmecontrol. Also, there will be a few more vendor commands (some of which may need to remain private to companies writing them). The first step on that journey is to move to using linker sets to dispatch commands. The next step will be using dlopen to bring in the .so's that have the command that might need to remain private for seamless integration. Similar changes to this will be needed for vendor specific log pages. Sponsored by: Netflix Differential Revision: https://reviews.freebsd.org/D18403 Notes: svn path=/head/; revision=341407
* Small language fix after r340978.Eugene Grosbein2018-11-261-1/+1
| | | | | | | MFC after: 3 days Notes: svn path=/head/; revision=340979
* ipfw.8: add new section to EXAMPLES:Eugene Grosbein2018-11-261-0/+51
| | | | | | | | | | | SELECTIVE MIRRORING If your network has network traffic analyzer connected to your host directly via dedicated interface or remotely via RSPAN vlan, you can selectively mirror some ethernet layer2 frames to the analyzer. ... Notes: svn path=/head/; revision=340978
* bectl: sync usage with man page, removing stray multibyte charactersYuri Pankov2018-11-261-9/+11
| | | | | | | | | | | | | | in the process. PR: 233526 Submitted by: tigersharke@gmail.com (original version) Reviewed by: kevans Approved by: kib (mentor, implicit) MFC after: 3 days Differential revision: https://reviews.freebsd.org/D18335 Notes: svn path=/head/; revision=340974
* Properly recover from superblock check-hash failures. Specifically,Kirk McKusick2018-11-251-5/+3
| | | | | | | | | | | | | report the check-hash failure and offer to search for and use alternate superblocks. Prior to this fix fsck_ffs would simply report the check-hash failure and exit. Reported by: Julian H. Stacey <jhs@berklix.com> Tested by: Peter Holm Sponsored by: Netflix Notes: svn path=/head/; revision=340925
* Fix a minor typo in ipfw(8) manual page.Guangyuan Yang2018-11-231-1/+1
| | | | | | | | | PR: 230747 Submitted by: f.toscan@hotmail.it MFC after: 1 week Notes: svn path=/head/; revision=340792
* Cross-reference libbe(3) and bectl(8).Mateusz Piotrowski2018-11-211-1/+2
| | | | | | | | | | | | | Those two manual pages are already referencing each other in the HISTORY sections, which people might skip. Mention those manual pages explicitly in the SEE ALSO sections. Also, remove a reference to be(1) from libbe(3). Reviewed by: bcr Approved by: krion (mentor, implicit), mat (mentor, implicit) Differential Revision: https://reviews.freebsd.org/D18136 Notes: svn path=/head/; revision=340723
* Fix incorrect DSCP value range from 0..64 to 0..63.Guangyuan Yang2018-11-211-2/+2
| | | | | | | | | | PR: 232786 Submitted by: Sergey Akhmatov <sergey@akhmatov.ru> Reviewed by: AllanJude MFC after: 1 week Notes: svn path=/head/; revision=340717
* Make multiline APPLY_MASK() macro to be function-like.Andrey V. Elsukov2018-11-201-1/+1
| | | | | | | | Reported by: cem MFC after: 1 week Notes: svn path=/head/; revision=340689
* Avoid clobbering a user-specified -g value after r340547.Mark Johnston2018-11-201-5/+8
| | | | | | | | CID: 1396919 MFC with: r340547 Notes: svn path=/head/; revision=340686
* bectl(8) tests: attempt to load the ZFS moduleKyle Evans2018-11-191-1/+1
| | | | | | | | | | | | | Observed in a CI test image, bectl_create test will run and be marked as skipped because the module is not loaded. The first zpool invocation will automagically load the module, but bectl_create is still skipped. Subsequent tests all pass as expected because the module is now loaded and everything is OK. MFC after: 3 days Notes: svn path=/head/; revision=340636
* bectl(8): Add some regression testsKyle Evans2018-11-193-0/+311
| | | | | | | | | | | | | | | | These tests operate on a file-backed zpool that gets created in the kyua temp dir. root and ZFS support are both required for these tests. Current tests cover create, destroy, export/import, jail, list (kind of), mount, rename, and jail. List tests should later be extended to cover formatting and the different list flags, but for now only covers basic "are create/destroy actually reflected properly" MFC after: 3 days Notes: svn path=/head/; revision=340594
* bectl(3)/libbe(3): Allow BE root to be specifiedKyle Evans2018-11-191-4/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | Add an undocumented -r option preceding the bectl subcommand to specify a BE root to operate out of. This will remain undocumented for now, as some caveats apply: - BEs cannot be activated in the pool that doesn't contain the rootfs - bectl create cannot work out of the box without the -e option right now, since it defaults to the rootfs and cross-pool cloning doesn't work like that (IIRC) Plumb the BE root through to libbe(3) so that some things -can- be done to it, e.g. bectl -r tank/ROOT create -e default upgrade bectl -r tank/ROOT mount upgrade /mnt this aides in some upgrade setups where rootfs is not necessarily ZFS, and also makes it easier/possible to regression-test bectl when combined with a file-backed zpool. MFC after: 3 days Differential Revision: https://reviews.freebsd.org/D18029 Notes: svn path=/head/; revision=340592
* Change dumpon(8)'s handling of -g.Mark Johnston2018-11-182-23/+24
| | | | | | | | | | | | | | | Rather than using a special value to denote "use the default router", treat the absence of the -g option to mean the same thing. The in-kernel netdump client will always attempt to reach the server directly before falling back to the configured gateway anyway. This change makes it cleaner to support a hostname value for -g. Reviewed by: cem MFC after: 3 days Differential Revision: https://reviews.freebsd.org/D18025 Notes: svn path=/head/; revision=340547
* mount_fusefs.8: expand HISTORY sectionAlan Somers2018-11-171-6/+10
| | | | | | | | | | Note that fuse was available from ports long before joining the base system. Also, update the upstream URL. MFC after: 2 weeks Notes: svn path=/head/; revision=340525
* Fix build break from dump incompatibility I introduced in -r340411Kirk McKusick2018-11-143-7/+7
| | | | | | | Pointy-hat to: mckusick Notes: svn path=/head/; revision=340422
* Plug build break after r340411.Gleb Smirnoff2018-11-133-7/+7
| | | | Notes: svn path=/head/; revision=340416
* In preparation for adding inode check-hashes, clean up andKirk McKusick2018-11-1312-232/+232
| | | | | | | | | | | | | | | | | | | document the libufs interface for fetching and storing inodes. The undocumented getino / putino interface has been replaced with a new getinode / putinode interface. Convert the utilities that had been using the undocumented interface to use the new documented interface. No functional change (as for now the libufs library does not do inode check-hashes). Reviewed by: kib Tested by: Peter Holm Sponsored by: Netflix Notes: svn path=/head/; revision=340411
* Fix part of the SYNOPSIS documenting LIST OF RULES AND PREPROCESSINGEugene Grosbein2018-11-131-11/+11
| | | | | | | | | | that is still referred as last section of the SYNOPSIS later but was erroneously situated in the section IN-KERNEL NAT. MFC after: 1 month Notes: svn path=/head/; revision=340394
* libcasper: ange the name of limits in cap_dns so the intentions are obvious.Mariusz Zaborski2018-11-121-3/+3
| | | | | | | | Reported by: pjd MFC after: 3 weeks Notes: svn path=/head/; revision=340363
* Add ability to use dynamic external prefix in ipfw_nptv6 module.Andrey V. Elsukov2018-11-123-5/+37
| | | | | | | | | | | | | | | | Now an interface name can be specified for nptv6 instance instead of ext_prefix. The module will track if_addr_ext events and when suitable IPv6 address will be added to specified interface, it will be configured as external prefix. When address disappears instance becomes unusable, i.e. it doesn't match any packets. Reviewed by: 0mp (manpages) Tested by: Dries Michiels <driesm dot michiels gmail com> MFC after: 1 month Differential Revision: https://reviews.freebsd.org/D17765 Notes: svn path=/head/; revision=340360
* pfctl: Populate ifname in ifa_lookup()Kristof Provost2018-11-081-0/+1
| | | | | | | | | pfctl_adjust_skip_ifaces() relies on this name. MFC after: 2 weeks Notes: svn path=/head/; revision=340264
* ipfw.8: fix small syntax error in an exampleEugene Grosbein2018-11-081-1/+1
| | | | | | | MFC after: 3 days Notes: svn path=/head/; revision=340249