aboutsummaryrefslogtreecommitdiff
path: root/sbin
Commit message (Collapse)AuthorAgeFilesLines
* gpart: "gpart --libxo:JP list" duplicates attribute keysAlan Somers3 days1-2/+6
| | | | | | | | | | | | | | | | Add leaf-list modifier to attrib as it's possible to have multiple attributes on a gpart provider. I purposely made it so that the normal output still says "attrib:" just so we don't break any scripts people may be using to parse the output, but the libxo output now says "attribute" just like `gpart show` will do once https://reviews.freebsd.org/D53950 is merged. PR: 291377 MFC after: 1 week Reviewed by: asomers Sponsored by: ConnectWise Differential Revision: https://reviews.freebsd.org/D54080
* shutdown: Adapt to changes in rebootDag-Erling Smørgrav3 days2-8/+8
| | | | | | | | | Now that halt and reboot actually signal init, shutdown needs to run fasthalt or fastboot instead when given the -o option. MFC after: 1 month Reviewed by: imp, allanjude Differential Revision: https://reviews.freebsd.org/D54122
* reboot: Default to a clean shutdownDag-Erling Smørgrav3 days2-32/+88
| | | | | | | | | | | | | | | | | | | | | | | | | * If invoked as fasthalt or fastboot, behavior is unchanged. * If not invoked as fasthalt or fastboot, we simply signal init(8), just like shutdown(8) does, instead of taking the system down ourselves. * Since only init can handle the RB_REROOT case, the -r flag is not supported in fast mode. * Update the usage string to correctly reflect the program being run (fast or normal; halt, boot, or nextboot) and the options available in each case. * Update the manual page to make the distinction between normal and fast mode clear, better explain what shutdown(8) still does that reboot(8) does not, and add a historical note explaining what the difference between the two used to be. MFC after: 1 month Relnotes: yes Reviewed by: imp Differential Revision: https://reviews.freebsd.org/D54117
* shutdown(8): Document additional formats supported by the code.Xin LI4 days1-15/+47
| | | | MFC after: 1 week
* ipfilter: Disable ipfs(8) by defaultCy Schubert5 days1-1/+6
| | | | | | | | | | | | | At the moment ipfs(8) is a tool that can be easily abused. Though the concept is sound the implementation needs some work. ipfs(8) should be considered experimental at the moment. This commit also makes ipfs support in the kernel optional. Reviewed by: emaste, glebius MFC after: 1 week Differential revision: https://reviews.freebsd.org/D53787
* ipfilter: Restrict ipfilter within a jailCy Schubert5 days1-0/+1
| | | | | | | | | | | | | | | | | | | | Add a sysctl/tunable (net.inet.ipf.jail_allowed) to control whether a jail can manage its own ipfilter rules, pools, and settings. A jail's control over its own ipfilter rules and settings may not be desireable. The default is jail access to ipfilter is denied. The host system can stil manage a jail's rules by attaching the rules, using the on keyword, limiting the rule to the jail's interface. Or the sysctl/tunable can be enabled to allow a jail control over its own ipfilter rules and settings. Implementation note: Rather than store the jail_allowed variable, referenced by sysctl(9), in a global area, storing the variable in the ipfilter softc is consistent with ipfilter's use of its softc. Discussed with: emaste, jrm MFC after: 1 week Differential revision: https://reviews.freebsd.org/D53623
* nextboot: Reimplement missing -a optionDag-Erling Smørgrav5 days2-12/+36
| | | | | | | | | | | | | | * Reimplement the -a option which was available in the original shell script and is still documented. * Print the correct usage string when invoked as nextboot. * Add the -D option to the manual page synopsis. MFC after: 1 week Fixes: fd6d47375a78 ("rescue,nextboot: Install nextboot as a link to reboot, rm nextboot.sh") Reviewed by: imp Differential Revision: https://reviews.freebsd.org/D54120
* pfctl: move astats query into libpfctlKristof Provost8 days1-19/+1
| | | | Sponsored by: Rubicon Communications, LLC ("Netgate")
* ipsec: Fix typos in references to IPsec's ESPMateusz Piotrowski9 days3-5/+5
| | | | | | | | | | | | ESP is "Encapsulating Security Payload", not "Encapsulated Security Payload". This patch fixes all the place in the tree I could find with `grep -i encapsulated security`. MFC after: 3 days Reviewed by: ae Differential Revision: https://reviews.freebsd.org/D53769
* pfctl: restore '-Tload -f pf.conf' functionalityKristof Provost12 days1-1/+2
| | | | | | | | | | | Allow only tables to be loaded from a file, rather than everything (i.e. including options, rules). Add a test case for this. PR: 291318 MFC after: 1 week Sponsored by: Rubicon Communications, LLC ("Netgate")
* cam/scsi: Add power condition support to START STOP UNITJaeyoon Choi12 days1-0/+1
| | | | | | | | | This patch adds a power_condition parameter to the scsi_start_stop() function and sets the power condition via SSU. Reviewed by: imp (mentor) Sponsored by: Samsung Electronic Differential Revision: https://reviews.freebsd.org/D53922
* ipfilter: Verify ipnat on entry into kernelCy Schubert2025-11-261-0/+6
| | | | | | | | | | | | | | | | The ipnat struct is built by ipnat(8), specifically ipnat_y.y when parsing the ipnat configuration file (typically ipnat.conf). ipnat contains a variable length string field at the end of the struct. This data field, called in_names, may contain various text strings such as NIC names. There is no upper bound limit to the length of strings as long as the in_namelen length field specifies the length of in_names within the ipnat structure and in_size specifies the size of the ipnat structure itself. Reported by: Ilja Van Sprundel <ivansprundel@ioactive.com> Reviewed by: markj MFC after: 1 week Differential revision: https://reviews.freebsd.org/D53843
* ipfilter: Verify frentry on entry into kernelCy Schubert2025-11-261-0/+5
| | | | | | | | | | | | | | | | | | | | The frentry struct is built by ipf(8), specifically ipf_y.y when parsing the ipfilter configuration file (typically ipf.conf). frentry contains a variable length string field at the end of the struct. This data field, called fr_names, may contain various text strings such as NIC names, destination list (dstlist) names, and filter rule comments. The length field specifies the length of fr_names within the frentry structure and fr_size specifies the size of the frentry structure itself. The upper bound limit to the length of strings field is controlled by the fr_max_namelen sysctl/kenv or the max_namelen ipfilter tuneable. The initial concepts were discussed with emaste and jrm. Reported by: Ilja Van Sprundel <ivansprundel@ioactive.com> Reviewed by: markj MFC after: 1 week Differential revision: https://reviews.freebsd.org/D53843
* Use ZFSTOP more broadlyJohn Baldwin2025-11-241-5/+5
| | | | | | Reviewed by: brooks Obtained from: CheriBSD Differential Revision: https://reviews.freebsd.org/D53791
* mount.8: document nosymfollow optionWolfram Schneider2025-11-241-2/+7
| | | | | Document the nosymfollow mount option in more details. Forgotten in 5ddc8ded1dbe650b7d83240a1f86a1eb6e2b9b5a
* dmesg.8: Index kern.msgbuf_show_timestampAlexander Ziaee2025-11-211-1/+1
| | | | | | | | | This is the only place this important debugging tunable is documented. Mark it up with the Va macro according to style.mdoc(5) so that people can find it via `apropos Va=kern.msg`, the standard syntax to search the FreeBSD manual for sysctls and tunables. Fixes: 6910fee62e77 (dmesg: Document kern.msgbuf_show_timestamp)
* pfctl(8): Fix a typo in an error messageGordon Bergling2025-11-211-1/+1
| | | | | | - s/registeration/registration/ MFC after: 5 days
* zfs: fix build after openzfs/zfs@e63d026b9Martin Matuska2025-11-171-1/+2
| | | | | Fix Makefiles Update zfs_config.h and zfs_gitrev.h
* newfs_msdos: Improve error messagesEd Maste2025-11-101-3/+3
| | | | | | | | | | | - Report overly long OEM string as too long, not just "bad". - Use warn instead of warnx for open or ftruncate failure to report the error string. Reviewed by: se Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D53649
* dumpon.8: use .Nm macro when refer to itselfMaxim Konovalov2025-11-061-2/+2
| | | | Bump .Dd too while I am here.
* dumpon(8): Add a SYSCTL VARIABLES sectionFelix Johnson2025-11-061-0/+15
| | | | | | | | | Document debug.minidump and machdep.dump_retry_count sysctl variables. PR: 259393 MFC after: 3 seconds Reviewed by: gbe (previous), markj, ziaee Differential Revision: https://reviews.freebsd.org/D32618
* ipfilter: Don't trust userland supplied iph_sizeCy Schubert2025-11-051-0/+2
| | | | | | | | | | | | | | | | | | | ipf_htable_create() trusts a user-supplied iph_size from iphtable_t and computes the allocation size as iph->iph_size * sizeof(*iph->iph_table) without checking for integer overflow. A sufficiently large iph_size causes the multiplication to wrap, resulting in an under-sized allocation for the table pointer array. Subsequent code (e.g., in ipf_htent_insert()) can then write past the end of the allocated buffer, corrupting kernel memory and causing DoS or potential privilege escalation. This is not typically a problem when using the ipfilter provided userland tools as calculate the correct lengths. This mitigates a rogue actor calling ipfilter ioctls directly. Reported by: Ilja Van Sprundel <ivansprundel@ioactive.com> Reviewed by: markj MFC after: 1 week Differential revision: https://reviews.freebsd.org/D53286
* ipfilter: Calculate the number of elements in ipf_errorsCy Schubert2025-11-051-2/+2
| | | | | | | | | It serves no purpose to manually manage the IPF_NUM_ERRORS count. Calculate it instead. Reviewed by: emaste, markj MFC after: 1 week Differential revision: https://reviews.freebsd.org/D53308
* pf: convert DIOCRGETADDRS to netlinkKristof Provost2025-11-051-1/+1
| | | | Sponsored by: Rubicon Communications, LLC ("Netgate")
* ifconfig: Fix invalid free() in ifbridgeLexi Winter2025-11-041-3/+5
| | | | | | | | | | | | | | | | parse_vlans() does 's = strdup(str)', then calls strsep(&s, ...), then attempts to free(s) at the end of the function. For the success case, this is fine (s is NULL, so it's a trivial memory leak), but in the error case, we will attempt to free an invalid pointer. Fix this by storing the original return value from strdup() and freeing that instead. MFC after: 3 seconds Reported by: David Gwynne <dlg@openbsd.org> Reviewed by: zlei, kevans Sponsored by: https://www.patreon.com/bsdivy Differential Revision: https://reviews.freebsd.org/D53545
* Refinements to the --libxo support for geom status and list sub commands.Kirk McKusick2025-11-031-55/+70
| | | | | | | | | | | | Changes based on comments in D53110: tags should be lowercase; rename a few containers so that the JSON/XML output says "DISK" or "MULTIPATH" (depending on class) instead of a generic "Geom"; adds {t:} to trim extra whitespaces that sometimes appeared in the value fields of JSON/XML output. Submitted-by: Johan Söllvander MFC-after: 1 week Differential Revision: https://reviews.freebsd.org/D53313
* pf: convert DIOCRSETADDRS to netlinkKristof Provost2025-10-313-14/+5
| | | | | | | | | The list of addresses is potentially very large. Larger than we can fit in a single netlink request, so we indicate via the PFR_FLAG_START/PFR_FLAG_DONE flags when we start and finish, so the kernel can work out which addresses need to be removed. Sponsored by: Rubicon Communications, LLC ("Netgate")
* ifconfig.8: Mention max name lengthWilliam Carrel2025-10-301-0/+3
| | | | | PR: 289113 MFC after: 3 days
* pfctl: only set limit restore handler if limits are changedKristof Provost2025-10-291-1/+5
| | | | | | | | | | | Arm restore atexit(3) handler if and only if the pf(4) limits are being changed to prevent bogus error messages on stderr. OK @bluhm Obtained from: OpenBSD, sashan <sashan@openbsd.org>, 67a69daaf0 Sponsored by: Rubicon Communications, LLC ("Netgate")
* getvfsbyname.3 mount.8: Reference lsvfs(1)Mateusz Piotrowski2025-10-281-1/+2
| | | | | | MFC after: 3 days Reviewed by: ziaee Differential Revision: https://reviews.freebsd.org/D53411
* bsdlabel: Bump removal to FreeBSD 16.0.Ed Maste2025-10-282-2/+2
| | | | | | It is deprecated but was not removed prior to 15.0. Sponsored by: The FreeBSD Foundation
* pfctl: Do not warn if there is no Ethernet anchorJose Luis Duran2025-10-281-4/+1
| | | | | | | | | | | | | | Avoid emitting a warning if there is no Ethernet anchor. If the anchor --regardless of its type-- is nonexistent, should be caught earlier. This can be misleading when there is a layer 3 anchor but not an Ethernet anchor, giving the user the impression that there is no layer 3 anchor with that name. PR: 280516 Approved by: kp MFC after: 2 days Differential Revision: https://reviews.freebsd.org/D53360
* ipfs: Fix typo in error messageCy Schubert2025-10-281-1/+1
| | | | MFC after: 3 days
* ipfw: Remove more unused IP_FW_* casesEd Maste2025-10-271-5/+1
| | | | | | | | | | All of the do_cmd() calls are in dummynet.c and specify the socket option at compile time; none of these removed cases are used in ipfw after the v3 work. Reviewed by: markj Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D53378
* ipfw: Correct error messageEd Maste2025-10-271-1/+1
| | | | | | | | | The failed allocation in the error pertains to IP_FW_XADD, not IP_FW_ADD. Reviewed by: ae Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D53359
* pfctl(8): Fix a typo in an error messageGordon Bergling2025-10-261-1/+1
| | | | | | - s/addresess/addresses/ MFC after: 1 week
* nvmecontrol(8): Fix a typo in an error messageGordon Bergling2025-10-261-1/+1
| | | | | | - s/speciifed/specified/ MFC after: 1 week
* ipfw: Remove IP_DUMMYNET_GET caseEd Maste2025-10-251-1/+1
| | | | | | | | IP_DUMMYNET_GET is no longer used in ipfw(1). Reviewed by: markj Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D53348
* ipfw: Update warning/error setsockopt referencesEd Maste2025-10-241-2/+2
| | | | | | | | | Dummynet v3 switched to IP_DUMMYNET3 but did not update these warnings/errors. Fixes: cc4d3c30ea28 ("Bring in the most recent version of ipfw and dummynet, developed") Sponsored by: The FreeBSD Foundation Differential Revision: sbin/ipfw/ipfw2.c
* fdisk: Bump deprecated version in warning message as wellEd Maste2025-10-241-1/+1
| | | | | Fixes: f817f6e7f4a8 ("fdisk: Bump removal to FreeBSD 16.0") Sponsored by: The FreeBSD Foundation
* fdisk: Bump removal to FreeBSD 16.0Ed Maste2025-10-241-2/+2
| | | | | | Removal did not happen prior to 15.0. Sponsored by: The FreeBSD Foundation
* geom: fix glabel status not showing componentsBrad Davis2025-10-201-15/+22
| | | | | | | | | Also fix some typos and move a couple NULL checks earlier. Reviewed by: mckusick, Johan Söllvander, markj, kevans, adrian Fixes: 0d4642a67e59f8da5e00a05001c342bdad2a806f MFC after: 3 days Differential Revision: https://reviews.freebsd.org/D53180
* devd/snd.conf: Note that any command can be used for the actionChristos Margiolis2025-10-181-1/+4
| | | | | | Sponsored by: The FreeBSD Foundation MFC after: 1 day Differential Revision: https://reviews.freebsd.org/D53175
* Update commit 0d4642a to fix failed tests.Kirk McKusick2025-10-161-2/+2
| | | | | | | | | Tests that fail are in /root/.kyua/store/results.usr_tests_sys_geom_class_multipath.20251015-085403-959737.db Submitted-by: Johan Söllvander MFC-after: 1 week Differential Revision: https://reviews.freebsd.org/D53110
* fsck_ffs: garbage collect calcsbRyan Libby2025-10-151-47/+0
| | | | | | | | | | calcsb is unused since the logic moved to sbsearch / ffs_sbsearch in e68866164212 ("Move the ability to search for alternate UFS superblocks from fsck_ffs(8) into ffs_sbsearch() to allow use by other parts of the system.") Reviewed by: mckusick Differential Revision: https://reviews.freebsd.org/D53038
* ipfw: do not use errno value for error reportingBoris Lytochkin2025-10-141-3/+0
| | | | | | | | | | | table_do_modify_record() already uses errno value on error. Also this fixes problem when `ipfw table add` returns ENOTTY that is unrelated to operation. Tested by: dhw Fixes: 09025a714708 MFC after: 3 days Differential Revision: https://reviews.freebsd.org/D53050
* Ping: Make build reproducibleColin Percival2025-10-141-1/+2
| | | | | | | | | | | | | | | As recently fixed in sockstat (9934558460e4), having tests/Makefile include files from the parent directory with SRCS= ../foo.c results in a race condition as the parent build and the tests build try to produce the same object file but contain different paths. Use .PATH to tell make to find sockstat.c in the parent directory but place the object file in the current object directory. Reviewed by: emaste, jrtc27, kevans MFC after: 3 days Sponsored by: https://www.patreon.com/cperciva Differential Revision: https://reviews.freebsd.org/D53075
* Add --libxo support for geom status and list sub commands.Kirk McKusick2025-10-132-77/+157
| | | | | | Submitted-by: Johan Söllvander MFC-after: 1 week Differential Revision: https://reviews.freebsd.org/D37615
* mdconfig_test: determine page size at run time rather than assuming 4kChuck Silvers2025-10-131-7/+8
| | | | | | Sponsored by: Netflix Reviewed by: imp Differential Revision: https://reviews.freebsd.org/D52736
* bridge.4: Fix the synopsis for -ifuntaggedLexi Winter2025-10-131-2/+2
| | | | | | | | | | | This command doesn't accept a vlan-id. PR: 290141 MFC after: 3 days Reported by: Paul Procacci <pprocacci@gmail.com> Reviewed by: ziaee (manpages) Sponsored by: https://www.patreon.com/bsdivy Differential Revision: https://reviews.freebsd.org/D53049
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-13 14:54:28 +0000