| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |\ |
|
| | |
| |
| |
| |
| |
| | |
Approved by: so
Security: FreeBSD-SA-19:10.ufs
Security: CVE-2019-5601
|
| | |
| |
| |
| |
| |
| |
| |
| | |
This allows the use of VLAN PCP in dhclient.
Ticket #7425
(cherry picked from commit f22c29d90e15667cd92c3a0b7b99fdb7c482014a)
|
| |\ \
| |/ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
dhclient(8): allow to supersede interface-mtu option
In some cases broken DHCP servers might send invalid MTU value, so allow to
use 'supersede' in dhclient.conf to override this. When superseded value is
0, MTU value is not updated at all.
PR: 206721
Submitted by: novel@
Reported by: <jimp AT pfsense.org>
Approved by: re (gjb)
Relnotes: yes (potentially surprising behavior change w/ broken dhcpd mtu)
Differential Revision: https://reviews.freebsd.org/D15484
|
| | |
| |
| |
| | |
This reverts commit 2f66803611bf19db8e0b634be8c9464febc394e5.
|
| | |
| |
| |
| | |
This patch allows dhclient to supsersed interface-mtu
|
| |\ \
| |/ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
r315733 (imp):
Impelemnt ttys onifexists in init.
Implement a new init(8) option in /etc/ttys. If this option is present
on the entry in /etc/ttys, the entry will be active if and only if it
exists. If the name starts with a '/', it will be considered an
absolute path. If not, it will be a path relative to /dev.
This allows one to turn off video console getty that aren't present
(while running a getty on them even when they aren't the system
console). Likewise with serial ports.
It differs from onifconsole in only requiring the device exist rather
than it be listed as one of the system consoles.
r315737 (ngie):
Unbreak world by adding sys/stat.h for stat(2)
r315740 (imp):
Simplify the code a little.
r330054 (trasz):
Improve missing tty handling in init(8). This removes a check that did
nothing - it was checking for ENXIO, which, with devfs, is no longer
returned - and was badly placed anyway, and replaces it with similar
one that works, and is done just before starting getty, instead of being
done when rereading ttys(5).
From the practical point of view, this makes init(8) handle disappearing
terminals (eg /dev/ttyU*) gracefully, without unneccessary getty restarts
and resulting error messages.
Reported by: Bart Ender, Andre Albsmeier
PR: 228315
Blocks: 11.2-BETA2
Approved by: re (marius)
Sponsored by: The FreeBSD Foundation
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fix the printing of rule comments.
Change uint8_t type of opcode argument to int in the print_opcode()
function. Use negative value to print the rest of opcodes, because
zero value is O_NOP, and it can't be uses for this purpose.
Reported by: lev
Approved by: re (gjb)
|
| |\ \
| |/ |
|
| | |
| |
| |
| |
| |
| | |
transceivers
Approved by: re (marius, gjb)
|
| |\ \
| |/ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
pfctl: Don't break connections on skipped interfaces on reload
On reload we used to first flush everything, including the list of skipped
interfaces. This can lead to termination of these connections if they send
packets before the new configuration is applied.
Note that this doesn't currently happen on 12 or 11, because of special EACCES
handling introduced in r315514. This special behaviour in tcp_output() may
change, hence the fix in pfctl.
PR: 214613
Submitted by: Andreas Longwitz <longwitz at incore.de>
|
| | | |
|
| |\ \
| |/ |
|
| | |
| |
| |
| |
| |
| | |
Allow to specify PCP on packets not belonging to any VLAN.
Sponsored by: Mellanox Technologies
|
| | |
| |
| |
| | |
Fix a typo.
|
| | |
| |
| |
| | |
Fix indenting in ipv6.c file, use tabs instead of mixing tabs and spaces.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Remove printing of "not" keyword from print_ip6() function.
After r331668 handling of F_NOT flag done in one place by
print_instruction() function. Also remove unused argument from
print_ip[6]() functions.
|
| | |
| |
| |
| |
| |
| |
| | |
Remove printing of "not" keyword from print_ip() function.
After r331668 handling of F_NOT flag done in one place by
print_instruction() function.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
If the operation is not an update, if neither r/w nor r/o mode is
explicitly requested, if the error code hints at the possibility of the
media being read-only, and if the fallback is allowed, then we can try
to automatically downgrade to the readonly mode.
This is especially useful for auto-mounting of removable media that
sometimes can happen to be write-protected.
The fallback to r/o is not enabled by default. It can be requested on a
per-mount basis with a new mount option, 'autoro'. Or it can be
globally allowed by setting vfs.default_autoro.
Relnotes: yes
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
dhclient: raise WARNS to 4
Mostly const-correctness fixes. There were also some variable-shadowing,
unused variable, and a couple of sockaddr type-correctness changes. I also had
trouble with cast-align warnings. I was able to prove that one of them was a
false positive. But ultimately I had to disable the warning program-wide to
deal with the others.
Reviewed by: cem
Sponsored by: Spectra Logic Corp
Differential Revision: https://reviews.freebsd.org/D14460
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
r308137:
Fix alignment issues on MIPS: align the pointers properly.
All the 5520 GEOM_ELI tests passed successfully on MIPS64EB.
r316312:
sys/geom/eli: Switch bzero() to explicit_bzero() for sensitive data
In GELI, anywhere we are zeroing out possibly sensitive data, like
the metadata struct, the metadata sector (both contain the encrypted
master key), the user key, or the master key, use explicit_bzero.
Didn't touch the bzero() used to initialize structs.
r332361:
Introduce dry run option for attaching the device.
This will allow us to verify if passphrase and key is valid without
decrypting whole device.
|
| | |
| |
| |
| |
| |
| |
| | |
Exit with usage when extra arguments are on command line
preventing mistakes such as "halt 0p" for "halt -p".
Approved by: bde (mentor, implicit), phk (mentor,implicit)
MFC after: 1 week
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Rework ipfw rules parsing and printing code.
Introduce show_state structure to keep information about printed opcodes.
Split show_static_rule() function into several smaller functions. Make
parsing and printing opcodes into several passes. Each printed opcode
is marked in show_state structure and will be skipped in next passes.
Now show_static_rule() function is simple, it just prints each part
of rule separately: action, modifiers, proto, src and dst addresses,
options. The main goal of this change is avoiding occurrence of wrong
result of `ifpw show` command, that can not be parsed by ipfw(8).
Also now it is possible to make some simple static optimizations
by reordering of opcodes in the rule.
PR: 222705
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add to ipfw support for sending an SCTP packet containing an ABORT chunk.
This is similar to the TCP case. where a TCP RST segment can be sent.
There is one limitation: When sending an ABORT in response to an incoming
packet, it should be tested if there is no ABORT chunk in the received
packet. Currently, it is only checked if the first chunk is an ABORT
chunk to avoid parsing the whole packet, which could result in a DOS attack.
Thanks to Timo Voelker for helping me to test this patch.
MFC r327200:
When adding support for sending SCTP packets containing an ABORT chunk
to ipfw in https://svnweb.freebsd.org/changeset/base/326233,
a dependency on the SCTP stack was added to ipfw by accident.
This was noted by Kevel Bowling in https://reviews.freebsd.org/D13594
where also a solution was suggested. This patch is based on Kevin's
suggestion, but implements the required SCTP checksum computation
without any dependency on other SCTP sources.
While there, do some cleanups and improve comments.
Thanks to Kevin Kevin Bowling for reporting the issue and suggesting
a fix.
|
| | |
| |
| |
| | |
Whitespace changes: Remove leading spaces followed by a tab.
|
| | |
| |
| |
| |
| |
| |
| | |
Fix a bug which avoided that rules for matching port numbers for SCTP
packets where actually matched.
While there, make clean in the man-page that SCTP port numbers are
supported in rules.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
r305860:
Add an option called "random" that combined with "ether" can generate a
random MAC address for an Ethernet interface.
PR: 211984
Submitted by: pi@
Reviewed by: gnn, cem, jhb, lidl, rpokala, wblock
Approved by: wblock (manpages)
r306371:
Indicate that this is a locally administered MAC address.
Submitted by: lidl
Differential Revision: https://reviews.freebsd.org/D7903
PR: 226459
Requested by: tobik
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This was intended to be a non-functional change. It wasn't. The commit
message was thus wrong. In addition it broke arm, and merged crypto
related code.
Revert with prejudice.
This revert skips files touched in r316370 since that commit was since
MFCed. This revert also skips files that require $FreeBSD$ property
changes.
Thank you to those who helped me get out of this mess including but not
limited to gonzo, kevans, rgrimes.
Requested by: gjb (re)
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Permit sysctl(8) to set an array of numeric values for a single node.
Most sysctl nodes only return a single value, but some nodes return an
array of values (e.g. kern.cp_time). sysctl(8) understand how to display
the values of a node that returns multiple values (it prints out each
numeric value separated by spaces). However, until now sysctl(8) has
only been able to set sysctl nodes to a single value. This change
allows sysctl to accept a new value for a numeric sysctl node that contains
multiple values separated by either spaces or commas. sysctl(8) parses
this list into an array of values and passes the array as the "new" value
to sysctl(2).
Sponsored by: Chelsio Communications
|
| | |
| |
| |
| |
| | |
Remove note that `fwd tablearg` is supported only by IPv4. IPv6 is
supported too.
|
| | |
| |
| |
| |
| |
| | |
Whilst mount_pcfs originated as a patch in 386BSD, NetBSD 0.8 actually
was the first release of an OS to ship with it.
Heads up by Ingo Schwarze.
|
| | |
| |
| |
| |
| |
| |
| | |
Add missing parenthesis on error message
Approved by: loos
Sponsored by: Rubicon Communications, LLC (Netgate)
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Do not try to reassemble IPv6 fragments in "reass" rule.
ip_reass() expects IPv4 packet and will just corrupt any IPv6 packets
that it gets. Until proper IPv6 fragments handling function will be
implemented, pass IPv6 packets to next rule.
PR: 170604
|
| | |
| |
| |
| | |
ipfw: dummynet: Add 'G' and 'g' suffix for bandwidth configuration/display
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
dhclient: add support for interface-mtu (26)
Make dhclient set interface MTU if it was provided.
This version implements MTU setting in dhclient itself before it runs
dhclient-script.
PR: 206721
|
| | |
| |
| |
| |
| |
| | |
devd: minor nits
- mark usage as noreturn
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
sbin/rcorder/rcorder.8: Amend HISTORY
rcorder appeared in FreeBSD 5.0.
Address issues raised by igor.
PR: 212547
Submitted by: Sevan Janiyan <venture37@geeklan.co.uk>
------------------------------------------------------------------------
r305858 | allanjude | 2016-09-16 04:11:04 +0000 (Fri, 16 Sep 2016) | 10 lines
sbin/reboot/reboot.8: Amend HISTORY
A standalone reboot utility showed up in 4.0BSD, in AT&T UNIX init has a
case for reboot and is present in the version shipped with V5
either way, current entry is incorrect.
PR: 212548
Submitted by: Sevan Janiyan <venture37@geeklan.co.uk>
------------------------------------------------------------------------
r305859 | allanjude | 2016-09-16 04:12:32 +0000 (Fri, 16 Sep 2016) | 8 lines
sbin/umount/umount.8: Amend HISTORY
umount first appeared in V1, confirmed using TUHS archive
http://minnie.tuhs.org/cgi-bin/utree.pl?file=V1/man/man1/umount.1
PR: 212554
Submitted by: Sevan Janiyan <venture37@geeklan.co.uk>
|
| | |
| |
| |
| |
| |
| |
| | |
These changes are incomplete but are making it difficult
to determine what other changes can/should be merged.
No objections from: pfg
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
r323314:
Audit userspace geom code for leaking memory to disk
Any geom class using g_metadata_store, as well as geom_virstor which
duplicated g_metadata_store internally, would dump sectorsize - mdsize bytes
of userspace memory following the metadata block stored. This is most or all
geom classes (gcache, gconcat, geli, gjournal, glabel, gmirror, gmultipath,
graid3, gshsec, gstripe, and geom_virstor).
PR: 222077 (comment #3)
Reported by: Maxim Khitrov <max AT mxcrypt.com>
Reviewed by: des
Security: yes
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D12269
r323338:
Fix information leak in geli(8) integrity mode
In integrity mode, a larger logical sector (e.g., 4096 bytes) spans several
physical sectors (e.g., 512 bytes) on the backing device. Due to hash
overhead, a 4096 byte logical sector takes 8.5625 512-byte physical sectors.
This means that only 288 bytes (256 data + 32 hash) of the last 512 byte
sector are used.
The memory allocation used to store the encrypted data to be written to the
physical sectors comes from malloc(9) and does not use M_ZERO.
Previously, nothing initialized the final physical sector backing each
logical sector, aside from the hash + encrypted data portion. So 224 bytes
of kernel heap memory was leaked to every block :-(.
This patch addresses the issue by initializing the trailing portion of the
physical sector in every logical sector to zeros before use. A much simpler
but higher overhead fix would be to tag the entire allocation M_ZERO.
PR: 222077
Reported by: Maxim Khitrov <max AT mxcrypt.com>
Reviewed by: emaste
Security: yes
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D12272
r328849:
geom: don't write stack garbage in disk labels
Most consumers of g_metadata_store were passing in partially unallocated
memory, resulting in stack garbage being written to disk labels. Fix them by
zeroing the memory first.
gvirstor repeated the same mistake, but in the kernel.
Also, glabel's label contained a fixed-size string that wasn't
initialized to zero.
PR: 222077
Reported by: Maxim Khitrov <max@mxcrypt.com>
Reviewed by: cem
X-MFC-With: 323314
X-MFC-With: 323338
Differential Revision: https://reviews.freebsd.org/D14164
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
dhclient violates RFC2131 when sending early DHCPREQUEST message to re-obtain old IP
When dhclient first starts, if an old IP address exists in the
dhclient.leases file, dhclient(8) sends early DHCPREQUEST message(s)
in an attempt to re-obtain the old IP address again. These messages
contain the old IP as a requested-IP-address option in the message
body (correct) but also use the old IP address as the packet's source
IP (incorrect).
RFC2131 sec 4.1 states:
DHCP messages broadcast by a client prior to that client obtaining
its IP address must have the source address field in the IP header
set to 0.
The use of the old IP as the packet's source address is incorrect if
(a) the computer is now on a different network or (b) it is on the
same network, but the old IP has been reallocated to another host.
Fix dhclient to use 0.0.0.0 as the source IP in this circumstance
without removing any existing functionality. Any previously-used old
IP is still requested in the body of an early DHCPREQUEST message.
PR: 199378
Submitted by: J.R. Oldroyd <fbsd@opal.com>
Reported by: J.R. Oldroyd <fbsd@opal.com>
Sponsored by: Dell EMC
|
| | |
| |
| |
| | |
Use nitems() from sys/param.h.
|
| | |
| |
| |
| | |
Tone down the description for the growfs "-y" flag.
|
| | |
| |
| |
| |
| | |
Reported by: Andreas Longwitz <longwitz@incore.de>
Approved by: avg (mentor)
|
| | |
| |
| |
| | |
[ifconfig] fix a memory leak!
|
| | |
| |
| |
| | |
[ifconfig] fix a memory leak.
|
| | |
| |
| |
| | |
[ifconfig] correctly display RSSI.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
various: general adoption of SPDX licensing ID tags.
Mainly focus on files that use BSD 2-Clause license, however the tool I
was using misidentified many licenses so this was mostly a manual - error
prone - task.
The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.
No functional change intended.
|
