aboutsummaryrefslogtreecommitdiff
path: root/sbin
Commit message (Collapse)AuthorAgeFilesLines
* devd: Warn for deprecated 'kern' system typeWarner Losh19 hours1-0/+34
| | | | | | | | | | | | | One year ago, I deprecated 'kern' in favor of 'kernel' for the system name for some power events. I'm about to remove it from the kernel, but realized there's been no warning generated for users. Preserve POLA by converting on the fly here and issuing a warning for 14.x, and an fatal error after we branch 15. Make compiling it an error on 16 to remove the gross hack after we branch. Sponsored by: Netflix Reviewed by: bapt Differential Revision: https://reviews.freebsd.org/D37584
* newbus: Remove deprecated "kern" system name for resume events.Warner Losh19 hours1-9/+1
| | | | | | | | | | The new "kernel" system name is the one that's documented and has been generated for a year now. Remove the old one now that 14.0 is getting close. Sponsored by: Netflix Reviewed by: bapt Differential Revision: https://reviews.freebsd.org/D37582
* ping: Fix handling of IP packet sizesTom Jones4 days1-9/+60
| | | | | | | | | | | | | | | | | | | | Ping reads raw IP packets to parse ICMP responses. When reading the IP Header Len (IHL) ping was was taking the value from the provided packet without any validation. This could lead to remotely triggerable stack corruption. Validate the IHL against expected and recieved data sizes when reading from the received packet and when reading any quoted packets from within the ICMP response. Approved by: so Reviewed by: markj, asomers Security: FreeBSD-SA-22:15.ping Security: CVE-2022-23093 Sponsored by: NetApp, Inc. Sponsored by: Klara, Inc. X-NetApp-PR: #77 Differential Revision: https://reviews.freebsd.org/D37195
* pf: drop support for fragment crop|drop-ovlKristof Provost5 days1-5/+1
| | | | | | | | | | | We removed the code for these modes back in 2015, but converted such configurations to 'scrub fragment reassemble'. It's been long enough, drop the backwards compatibility glue too. Reviewed by: mjg MFC after: never Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D37460
* pf: allow scrub rules without fragment reassembleKristof Provost5 days7-2/+10
| | | | | | | | | | | | | | | scrub rules have defaulted to handling fragments for a long time, but since we removed "fragment crop" and "fragment drop-ovl" in 64b3b4d611 this has become less obvious and more expensive ("reassemble" being the more expensive option, even if it's the one the vast majority of users should be using). Extend the 'scrub' syntax to allow fragment reassembly to be disabled, while retaining the other scrub behaviour (e.g. TTL changes, random-id, ..) using 'scrub fragment no reassemble'. Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D37459
* ipfw: Fix ipfw/dnctl detectionGoran Mekic11 days1-1/+2
| | | | | | | | Running "dnctl" vs "/sbin/dnctl" gave different results, because we looked at the entire argv[0] string, rather than the basename. Reviewed by: kp Differential Revision: https://reviews.freebsd.org/D37431
* Make devd shared now that libc++ is in /libEd Maste13 days1-2/+0
| | | | | | | | | | Commit 5e6a2d6eb220 moved libc++ from /usr/lib to /lib, so we no longer have an interval during boot when it is not available (before /usr is mounted). We no longer need to force devd to be statically linked. Reviewed by: jhb Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D37409
* nvmecontrol: Fix IEEE OUI Identifier outputWanpeng Qian13 days1-1/+1
| | | | | | | | | | | | Current sequence of IEEE OUI Identifier output is wrong. For Intel, current output is e4 d2 5c, specification is 5CD2E4h For Samsung, current output is 38 25 00, specification is 002538h also check with Linux nvme-cli. Reviewed by: imp, chuck MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D33856
* ipfilter: replace defunct home page link with FAQ URLEd Maste2022-11-151-2/+1
| | | | | ipfilter.org disappeared in mid 2004. There is still a FAQ at https://www.phildev.net/ipf so point to that.
* nvmecontrol: Fix condition when print number of Firmware Slots and Firmware ↵Wanpeng Qian2022-11-151-10/+2
| | | | | | | | | | | | | Slot1 Readonly. The Number of Firmware Slots should never be zero. So, a Firmware Slot 1 should always exist. For that reason, always print the Number of Firmware Slots and the Firmware Slot 1 Read-Only value. Reviewed by: imp Approved by: manu (mentor) MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D34700
* dhclient(8): Verify lease-, renewal- and rebinding-time option sizes.Hans Petter Selasky2022-11-141-3/+3
| | | | | | | | | | | | Else out-of-bound reads and undefined behaviour may happen. The current code only checked for the presence of the first of four bytes. Make sure the fields in question have the minium size required. No functional change intended. Reviewed by: rrs@ MFC after: 1 week Sponsored by: NVIDIA Networking
* Enable taking snapshots on UFS/FFS filesystems using journaled soft updates.Kirk McKusick2022-11-132-6/+2
| | | | | | | | | | | All the needed infrastructure updates have been made to allow snapshots to be taken on UFS/FFS filesystems that are using journaled soft updates. The most immediate benefit is the ability to use a snapshot to take a consistent filesystem dump on a live filesystem using the -L option to dump(8). Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D36491
* nvmecontrol: fix wrong temperature unit for INTEL SSDs.Wanpeng Qian2022-11-114-10/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Although intel's specification did not tell which unit for Temperature Statistics (Log Identifier C5h), I believe it is based on Celsius instead of Kelvin. here is my P3700 SSDs result(before): Intel Temperature Log ===================== Current: 30 K, -243.15 C, -405.67 F Overtemp Last Flags 0 Overtemp Lifetime Flags 0 Max Temperature 53 K, -220.15 C, -364.27 F Min Temperature 17 K, -256.15 C, -429.07 F Max Operating Temperature 63 K, -210.15 C, -346.27 F Min Operating Temperature 0 K, -273.15 C, -459.67 F Estimated Temperature Offset: 0 C/K after apply the patch, result is Intel Temperature Log ===================== Current: 303.15 K, 30 C, 86.00 F Overtemp Last Flags 0 Overtemp Lifetime Flags 0 Max Temperature 326.15 K, 53 C, 127.40 F Min Temperature 290.15 K, 17 C, 62.60 F Max Operating Temperature 336.15 K, 63 C, 145.40 F Min Operating Temperature 273.15 K, 0 C, 32.00 F Estimated Temperature Offset: 0 C/K I also compare to smartctl's report. it match very well. also tested on Intel P3600, it fixed the problem. Signed-off-by: Wanpeng Qian <wanpengqian@gmail.com> Reviewed by: imp (added tweak to samsung.c so it still compiles) Differential Revision: https://reviews.freebsd.org/D32845
* Fix printfs for fsck_ffs(8) i386 build.Kirk McKusick2022-11-101-3/+3
| | | | | Reported by: jenkins Sponsored by: The FreeBSD Foundation
* Fix types for fsck_ffs(8) i386 build.Kirk McKusick2022-11-103-7/+7
| | | | | | Reported by: jenkins Reported by: Cy Schubert Sponsored by: The FreeBSD Foundation
* pfsync: prepare code to accommodate AF_INET6 familyLuiz Amaral2022-11-091-77/+245
| | | | | | | | | | | | Work is ongoing to add support for pfsync over IPv6. This required some changes to allow for differentiating between the two families in a more generic way. This patch converts the relevant ioctls to using nvlists, making future extensions (such as supporting IPv6 addresses) easier. Sponsored by: InnoGames GmbH Differential Revision: https://reviews.freebsd.org/D36277
* Add support for managing UFS/FFS snapshots to fsck_ffs(8).Kirk McKusick2022-11-097-105/+891
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The kernel handles the managment of UFS/FFS snapshots. Since UFS/FFS updates filesystem data (rather than always writing changes to new locations like ZFS), the kernel must check every filesystem write to see if the block being written is part of a snapshot. If it is part of a snapshot, then the kernel must make a copy of the old block value into a newly allocated block for the snapshot before allowing the write to be done. Similarly, if a block is being freed, the kernel must check to see if it is part of a snapshot and let the snapshot claim the block rather than freeing it for future use. When a snapshot is freed, its blocks need to be offered to older snapshots and freed only if no older snapshots wish to claim them. When snapshots were added to UFS/FFS they were integrated into soft updates and just a small part of the management of snapshots needed to be added to fsck_ffs(8) as soft updates minimized the set of snapshot changes that might need correction. When journaling was added to soft updates a much more complete knowledge of snapshots needed to be added to fsck_ffs(8) for it to be able to properly handle the filesystem changes that a journal rollback needs to do (specifically the freeing and allocation of blocks). Since this functionality was unavailable, the use of snapshots was disabled when running with journaled soft updates. This set of changes imports the kernel code for the management of snapshots to fsck_ffs(8). With this code in place it will become possible to enable snapshots when running with journalled soft updates. The most immediate benefit will be the ability to use snapshots to take consistent filesystem dumps on live filesystems. Future work will be done to update fsck_ffs(8) to be able to use snapshots to run in background on live filesystems running with journaled soft updates. Reviewed by: kib Tested by: Peter Holm Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D36491
* Clean up error output for extended attributes in fsck_ffs(8).Kirk McKusick2022-11-071-3/+4
| | | | | MFC after: 1 week Sponsored by: The FreeBSD Foundation
* shutdown.8: Add a note about needed priviledges to run the commandGordon Bergling2022-11-071-1/+5
| | | | | | | | | | | In order to use the shutdown command, the user must have root privileges or be a member of the operator group. PR: 266525 Reported by: Zsolt Udvari <uzsolt at uzsolt hu> Reviewed by: pauamma MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D36688
* ping_test: Fix tests ping_46 and ping6_46Jose Luis Duran2022-11-031-4/+12
| | | | | | | | | | | | | | | If no IPv4-host, IPv4-mcast-group or IPv6-host is passed, it will display the usage. The tests are passing because they are just checking that the exit code is 1. Fix the tests by checking the appropriate output message. While here, change the description to match the output and add the missing requirements. Reviewed by: markj MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D37250
* ping_test: Code cleanupJose Luis Duran2022-11-031-86/+107
| | | | | | | | Mostly style fixes. Reviewed by: markj MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D37248
* ping: Remove a vestigial notdefJose Luis Duran2022-11-031-16/+0
| | | | | | | | | | | | | | | | | It was once a function on 4.3BSD, pr_type() [1], used to convert an ICMP "type" field to a printable string. In 4.4BSD it was superseded by pr_icmph() [2]. NetBSD [3] and OpenBSD [4] have already removed it. [1]: https://minnie.tuhs.org/cgi-bin/utree.pl?file=4.3BSD/usr/src/etc/ping.c [2]: https://minnie.tuhs.org/cgi-bin/utree.pl?file=4.4BSD/usr/src/sbin/ping/ping.c [3]: https://github.com/NetBSD/src/commit/203dfd34867991fd002f747d74a96f26ae80d41c [4]: https://github.com/openbsd/src/commit/9bbbbbb75d24e3d166ddd0cb6cb4417b78561309 Reviewed by: markj MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D37247
* ping: main.c: Consistent use of white space/tabsJose Luis Duran2022-11-031-19/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If a user has tabs set at a value other than 8, the output of the usage may not be consistently aligned. % tabs -2 Before: % ping usage: ping [-4AaDdfHnoQqRrv] [-C pcp] [-c count] [-G sweepmaxsize] [-g sweepminsize] [-h sweepincrsize] [-i wait] [-l preload] [-M mask | time] [-m ttl] [-P policy] [-p pattern] [-S src_addr] [-s packetsize] [-t timeout] [-W waittime] [-z tos] IPv4-host ping [-4AaDdfHLnoQqRrv] [-C pcp] [-c count] [-I iface] [-i wait] [-l preload] [-M mask | time] [-m ttl] [-P policy] [-p pattern] [-S src_addr] [-s packetsize] [-T ttl] [-t timeout] [-W waittime] [-z tos] IPv4-mcast-group ping [-6AaDdfHnNoOquvyY] [-b bufsiz] [-c count] [-e gateway] [-I interface] [-i wait] [-k addrtype] [-l preload] [-m hoplimit] [-p pattern] [-P policy] [-S sourceaddr] [-s packetsize] [-t timeout] [-W waittime] [-z tclass] [IPv6-hops ...] IPv6-host After: % ping usage: ping [-4AaDdfHnoQqRrv] [-C pcp] [-c count] [-G sweepmaxsize] [-g sweepminsize] [-h sweepincrsize] [-i wait] [-l preload] [-M mask | time] [-m ttl] [-P policy] [-p pattern] [-S src_addr] [-s packetsize] [-t timeout] [-W waittime] [-z tos] IPv4-host ping [-4AaDdfHLnoQqRrv] [-C pcp] [-c count] [-I iface] [-i wait] [-l preload] [-M mask | time] [-m ttl] [-P policy] [-p pattern] [-S src_addr] [-s packetsize] [-T ttl] [-t timeout] [-W waittime] [-z tos] IPv4-mcast-group ping [-6AaDdfHnNoOquvyY] [-b bufsiz] [-c count] [-e gateway] [-I interface] [-i wait] [-k addrtype] [-l preload] [-m hoplimit] [-p pattern] [-P policy] [-S sourceaddr] [-s packetsize] [-t timeout] [-W waittime] [-z tclass] [IPv6-hops ...] IPv6-host Reviewed by: markj MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D37246
* Make SYNOPSIS match DESCRIPTION.Pau Amma2022-11-021-10/+10
| | | | | | | | | | | | While there, fix nits reported by igor and mandoc -T lint. Differential Revision: https://reviews.freebsd.org/D35405 Reviewed by: debdrup, gbe, gjb Approved by: gjb (mentor) MFC after: 3 days
* pf: bridge-toKristof Provost2022-11-022-16/+34
| | | | | | | | | | | | Allow pf (l2) to be used to redirect ethernet packets to a different interface. The intended use case is to send 802.1x challenges out to a side interface, to enable AT&T links to function with pfSense as a gateway, rather than the AT&T provided hardware. Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D37193
* ipsec: add support for CHACHA20POLY1305Kristof Provost2022-11-022-1/+5
| | | | | | | | Based on a patch by ae@. Reviewed by: gbe (man page), pauamma (man page) Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D37180
* mount_unionfs: remove jokey cautions from man pageEd Maste2022-10-311-5/+1
| | | | | | | | | | There are known issues with unionfs, and the mount_unionfs man page has a cautionary statement about its use. The caution had additional "humourous" statements like "BEWARE OF DOG" but they served only to confuse the situation. Remove them. MFC after: 1 week Sponsored by: The FreeBSD Foundation
* pf: expose syncookie active/inactive statusKristof Provost2022-10-311-0/+2
| | | | | | | | When syncookies are in adaptive mode they may be active or inactive. Expose this status to users. Suggested by: Guido van Rooij Sponsored by: Rubicon Communications, LLC ("Netgate")
* Additional diagnostic output when running fsck_ffs with debugging flag (-d)Kirk McKusick2022-10-301-0/+16
| | | | | MFC after: 1 week Sponsored by: The FreeBSD Foundation
* pkgbase: Put devmatch in its own packageEmmanuel Vadot2022-10-261-0/+1
| | | | | | | devmatch is useful on standalone machine but not on jails. Put devinfo(8) and libdevinfo there too. Differential Revision: https://reviews.freebsd.org/D36229
* pkgbase: Put devd in its own packageEmmanuel Vadot2022-10-261-1/+1
| | | | | | It's not that useful in a jail or in a mdroot. Differential Revision: https://reviews.freebsd.org/D36228
* pkgbase: Put ufs related tools and lib in their own packageEmmanuel Vadot2022-10-2612-11/+12
| | | | | | | | It's not really useful in a jail or in a mdroot or even if a users wants to do a full zfs machine. Reviewed by: mckusick Differential Revision: https://reviews.freebsd.org/D36227
* pkgbase: Put zfs utilities and lib in their own packageEmmanuel Vadot2022-10-261-1/+1
| | | | | | | | | It is useful to have zfs utilities and lib in a separate package as it allow users to create image that can support ZFS (i.e. not with WITHOUT_ZFS in src.conf set) without bloating the default image with all zfs tools (for example for jails). Differential Revision: https://reviews.freebsd.org/D36225
* pkgbase: Put geom utilities in their own packageEmmanuel Vadot2022-10-263-3/+3
| | | | | | | | For most users it's not needed to boot and they are also available in the FreeBSD-rescue package in case an update break and FreeBSD-geom package isn't updated correctly. Differential Revision: https://reviews.freebsd.org/D36224
* pkgbase: Put resolvconf in its own packageEmmanuel Vadot2022-10-261-1/+1
| | | | | | | It doesn't really make sense to have it in runtime and let's not bloat utilities more. Differential Revision: https://reviews.freebsd.org/D36223
* pkgbase: Put dhclient in its own packageEmmanuel Vadot2022-10-261-1/+1
| | | | | | | | It doesn't really make sense to have it in runtime and let's not bloat utilities more. Reviewed by: emaste, imp Differential Revision: https://reviews.freebsd.org/D36222
* pkgbase: Put nvmecontrol in its own packageEmmanuel Vadot2022-10-262-2/+2
| | | | | | | | It doesn't really make sense to have it in runtime and let's not bloat utilities more. Reviewed by: emaste Differential Revision: https://reviews.freebsd.org/D36221
* Increase the maximum size of the journaled soft-updates journal.Kirk McKusick2022-10-211-1/+0
| | | | | | | | | | | | | | The size of the journaled soft-updates journal should be big enough to hold two minutes of filesystem metadata-update activity. The maximum size of the soft updates journal was set in the 1990s. At the time it was assummed that disk arrays would top out at 16 drives and disk writes per drive would top out at 500 per second. Today's I/O subsystems are considerably bigger and faster than those limits. Thus this delta removes the hard upper limit and lets tunefs(8) and newfs(8) set the upper bound based on the size of the filesystem and its cylinder groups. Sponsored by: The FreeBSD Foundation
* Add a description of soft updates journaling to newfs(8).Kirk McKusick2022-10-211-1/+41
| | | | | | | | | | Add a descrition to the newfs(8) -j (journal enablement) flag that explains what soft updates journaling does, the tradeoffs to using it, and the limitations that it imposes. Copied from the description in tunefs(8). PR: 261944 Sponsored by: The FreeBSD Foundation
* init: allow to start script executions with sh -o verifySebastien Bini2022-10-111-23/+30
| | | | | | | | | | | | | | On systems where mac_veriexec is enforced, init should run its scripts in verified mode. This relies on the verify shell option introduced by D30464. init will detect if the shell is /bin/sh, and in which case, add the verify option to the argument vector. The verify option propagates to all files sourced by the shell, ensuring a better protection than if the script was tested against an open(O_VERIFY) before running it. This security can be bypassed with the kenv which overloads the shell to use. However we feel confident that on systems running with mac_veriexec, this kenv will be blocked somehow. Also, the verify option has no effect on systems where mac_veriexec is not loaded nor enforced. Differential revision: https://reviews.freebsd.org/D34622 Reviewed by: sjg, wma
* ipfilter: Removed unused ioctl typedefCy Schubert2022-10-091-6/+1
| | | | | | | Defunct operating systems no longer pollute the ipfilter sources. Remove their typedefs. MFC after: 1 week
* nvmecontrol: use uintmax_t for a sizeWarner Losh2022-10-081-1/+1
| | | | | | | | Use uintmax_t cast to print the size of the device for the non-humanize case to avoid issues with 32-bit longs. Fixes: 9c1bec9c21a2 Sponsored by: Netflix
* nvmecontrol: improve namespace size unit of devlist command outputWanpeng Qian2022-10-072-6/+39
| | | | | | | | | Add an option of -h --human to output human readable size unit instead of the fixed unit (MB). Signed-off-by: Wanpeng Qian <wanpengqian@gmail.com> Reviewed by: imp, bcr Differential Revision: https://reviews.freebsd.org/D32957
* nvmecontrol: Apply castCy Schubert2022-10-061-2/+2
| | | | | | | The proper fix also casts to uintmax_t. Reported by: imp Fixes: a7b568109ec7
* nvmecontrol: Fix i386 buildCy Schubert2022-10-061-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | Fix: --- all_subdir_sbin --- /opt/src/git-src/sbin/nvmecontrol/modules/samsung/samsung.c:149:64: error: format specifies type 'unsigned long' but the argument has type 'uint64_t' (aka 'unsigned long long') [-Werror,-Wformat] printf(" Read Reclaim Count : %lu\n", le64dec(&temp->rrc)); ~~~ ^~~~~~~~~~~~~~~~~~~ %llu /opt/src/git-src/sbin/nvmecontrol/modules/samsung/samsung.c:150:64: error: forma t specifies type 'unsigned long' but the argument has type 'uint64_t' (aka 'unsigned long long') [-Werror,-Wformat] printf(" Lifetime Uncorrectable ECC Count : %lu\n", le64dec(&temp->lueccc)); ~~~ ^~~~~~~~~~~~~~~~~~~~~~ %llu 2 errors generated. Fixes: 84e86788705c176cc195e4a9831c0be08dcece31
* nvmecontrol: Add Samsung Extended SMART Information logpage supportWanpeng Qian2022-10-064-2/+175
| | | | | | | | | | Samsung PM983 SSD has a 0xca logpage. It has more information compared to Intel's this patch tested on PM983 M2 SSD and works as expected. Reviewed by: imp@ Approved by: kp@ Event: Aberdeen Hackathon 2022 Differential revision: https://reviews.freebsd.org/D33749
* pf: use time_to for timestampsKristof Provost2022-10-051-4/+4
| | | | | | | | | | Use time_t rather than uint32_t to represent the timestamps. That means we have 64 bits rather than 32 on all platforms except i386, avoiding the Y2K38 issues on most platforms. Reviewed by: Zhenlei Huang Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D36837
* dhclient-script: cope with /32 address leasesKristof Provost2022-10-051-0/+4
| | | | | | | | | | | | | | | | | | On certain cloud platforms (Google Cloud, Packet.net and others) the DHCP server offers a /32 address. This makes adding the default route fail since it is not reachable via any interface. Linux's dhclient-script seem to usually have a special case for that and explicitly adds an interface route to the router's address. FreeBSD's dhclient-script already has a special case for when the router address is the same as the leased address. Now also add one for when it's a different address that doesn't fall in the interface's subnet. PR: 241792 Event: Aberdeen hackathon 2022 Submitted by: sigsys@gmail.com Reviewed by: dch, kp, bz (+1 on the idea, not reviewed), thj MFC after: 1 week
* nvmecontrol wdc: Don't pass a bogus pointer to free().John Baldwin2022-10-031-3/+3
| | | | | | | | | | wdc_get_dui_log_size allocates a buffer and then advances the returned pointer. Passing this advanced pointer to free() is UB, so save the original pointer to pass to free() instead. Reviewed by: imp Reported by: GCC 12 -Wfree-nonheap-object Differential Revision: https://reviews.freebsd.org/D36827
* nvmecontrol wdc: Remove unused but set variable.John Baldwin2022-10-031-3/+1
| | | | | Reviewed by: imp Differential Revision: https://reviews.freebsd.org/D36812