summaryrefslogtreecommitdiffstats
path: root/sbin
Commit message (Collapse)AuthorAgeFilesLines
* pf: Remove support for 'scrub fragment crop|drop-ovl'kp2015-08-272-8/+3
| | | | | | | | | | | | | | The crop/drop-ovl fragment scrub modes are not very useful and likely to confuse users into making poor choices. It's also a fairly large amount of complex code, so just remove the support altogether. Users who have 'scrub fragment crop|drop-ovl' in their pf configuration will be implicitly converted to 'scrub fragment reassemble'. Reviewed by: gnn, eri Relnotes: yes Differential Revision: https://reviews.freebsd.org/D3466
* Code cleanup unused-but-set-variable spotted by gcc.araujo2015-08-251-2/+0
| | | | | Approved by: bapt (mentor) Differential Revision: D3475
* Code cleanup unused-but-set-variable spotted by gcc.araujo2015-08-253-14/+4
| | | | | | Reviewed by: melifaro Approved by: bapt (mentor) Differential Revision: D3473
* Upgrade libxo to 0.4.5.marcel2015-08-241-1/+1
| | | | | | | Local changes incorporated by 0.4.5: r284340 Local changes retained: r276260, r282117 Obtained from: https://github.com/Juniper/libxo
* Add ALTQ(9) support for the CoDel algorithm.loos2015-08-214-9/+149
| | | | | | | | | | | | | CoDel is a parameterless queue discipline that handles variable bandwidth and RTT. It can be used as the single queue discipline on an interface or as a sub discipline of existing queue disciplines such as PRIQ, CBQ, HFSC, FAIRQ. Differential Revision: https://reviews.freebsd.org/D3272 Reviewd by: rpaulo, gnn (previous version) Obtained from: pfSense Sponsored by: Rubicon Communications (Netgate)
* Revamp camcontrol(8) fwdownload support and add the opcodes subcommand.ken2015-08-205-216/+1580
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The significant changes and bugs fixed here are: 1. Fixed a bug in the progress display code: When the user's filename is too big, or his terminal width is too small, the progress code could wind up using a negative number for the length of the "stars" that it uses to indicate progress. This negative value was assigned to an unsigned variable, resulting in a very large positive value. The result is that we wound up writing garbage from memory to the user's terminal. With an 80 column terminal, a file name length of more than 35 characters would generate this problem. To address this, we now set a minimum progress bar length, and truncate the user's file name as needed. This has been tested with large filenames and small terminals, and at least produces reasonable results. If the terminal is too narrow, the progress display takes up an additional line with each update, but this is more user friendly than writing garbage to the tty. 2. SATA drives connected via a SATA controller didn't have SCSI Inquiry data populated in struct cam_device. This meant that the code in fw_get_vendor() in fwdownload.c would try to match a zero-length vendor ID, and so return the first entry in the vendor table. (Which used to be HITACHI.) Fixed by grabbing identify data, passing the identify buffer into fw_get_vendor(), and matching against the model name. 3. SATA drives connected via a SAS controller do have Inquiry data populated. The table included a couple of entries -- "ATA ST" and "ATA HDS", intended to handle Seagate and Hitachi SATA drives attached via a SAS controller. SCSI to ATA translation layers use a vendor ID of "ATA" (which is standard), and then the model name from the ATA identify data as the SCSI product name when they are returning data on SATA disks. The cam_strmatch code will match the first part of the string (because the length it is given is the length of the vendor, "ATA"), and return 0 (i.e. a match). So all SATA drives attached to a SAS controller would be programmed using the Seagate method (WRITE BUFFER mode 7) of SCSI firmware downloading. 4. Issue #2 above covered up a bug in fw_download_img() -- if the maximum packet size in the vendor table was 0, it tried to default to a packet size of 32K. But then it didn't actually succeed in doing that, because it set the packet size to the value that was in the vendor table (0). Now that we actually have ATA attached drives fall use the VENDOR_ATA case, we need a reasonable default packet size. So this is fixed to properly set the default packet size. 5. Add support for downloading firmware to IBM LTO drives, and add a firmware file validation method to make sure that the firmware file matches the drive type. IBM tape drives include a Load ID and RU name in their vendor-specific VPD page 0x3. Those should match the IDs in the header of the firmware file to insure that the proper firmware file is loaded. 6. This also adds a new -q option to the camcontrol fwdownload subcommand to suppress informational output. When -q is used in combination with -y, the firmware upgrade will happen without prompting and without output except if an error condition occurs. 7. Re-add support for printing out SCSI inquiry information when asking the user to confirm that they want to download firmware, and add printing of ATA Identify data if it is a SATA disk. This was removed in r237281 when support for flashing ATA disks was added. 8. Add a new camcontrol(8) "opcodes" subcommand, and use the underlying code to get recommended timeout values for drive firmware downloads. Many SCSI devices support the REPORT SUPPORTED OPERATION CODES command, and some support the optional timeout descriptor that specifies nominal and recommended timeouts for the commands supported by the device. The new camcontrol opcodes subcommand allows displaying all opcodes supported by a drive, information about which fields in a SCSI CDB are actually used by a given SCSI device, and the nominal and recommended timeout values for each command. Since firmware downloads can take a long time in some devices, and the time varies greatly between different types of devices, take advantage of the infrastructure used by the camcontrol opcodes subcommand to determine the best timeout to use for the WRITE BUFFER command in SCSI device firmware downloads. If the device recommends a timeout, it is likely to be more accurate than the default 50 second timeout used by the firmware download code. If the user specifies a timeout, it will override the default or device recommended timeout. If the device doesn't support timeout descriptors, we fall back to the default. 9. Instead of downloading firmware to SATA drives behind a SAS controller using WRITE BUFFER, use the SCSI ATA PASS-THROUGH command to compose an ATA DOWNLOAD MICROCODE command and it to the drive. The previous version of this code attempted to send a SCSI WRITE BUFFER command to SATA drives behind a SAS controller. Although that is part of the SAT-3 spec, it doesn't work with the parameters used with LSI controllers at least. 10.Add a new mechanism for making common ATA passthrough and ATA-behind-SCSI passthrough commands. The existing camcontrol(8) ATA command mechanism checks the device type on every command executed. That works fine for individual commands, but is cumbersome for things like a firmware download that send a number of commands. The fwdownload code detects the device type up front, and then sends the appropriate commands. 11.In simulation mode (-s), if the user specifies the -v flag, print out the SCSI CDB or ATA registers that would be sent to the drive. This will aid in debugging any firmware download issues. sbin/camcontrol/fwdownload.c: Add a device type to the fw_vendor structure, so that we can specify different download methods for different devices from the same vendor. In this case, IBM hard drives (from when they still made hard drives) and tape drives. Add a tur_status field to the fw_vendor structure so that we can specify whether the drive to be upgraded should be ready, not ready, or whether it doesn't matter. Add the corresponding capability in fw_download_img(). Add comments describing each of the vendor table fields. Add HGST and SmrtStor to the supported SCSI vendors list. In fw_get_vendor(), look at ATA identify data if we have a SATA device to try to identify what the drive vendor is. Add IBM firmware file validation. This gets VPD page 0x3, and compares the Load ID and RU name in the page to the values included in the header. The validation code will refuse to load a firmware file if the values don't match. This does allow the user to attempt a downgrade; whether or not it succeeds will likely depend on the drive settings. Add a -q option, and disable all informative output (progress bars, etc.) when this is enabled. Re-add the inquiry in the confirmation dialog so the user has a better idea of which device he is talking to. Add support for displaying ATA identify data. Don't automatically disable confirmation in simulation (-s) mode. This allows the user to see the inquiry or identify data in the dialog, and see exactly what they would see when the command actually runs. Also, in simulation mode, if the user specifies the -v flag, print out the SCSI CDB or ATA registers that would be sent to the drive. This will aid in debugging any firmware download issues. Add a timeout field and timeout type to the firmware download vendor table. This allows specifying a default timeout and allows specifying whether we should attempt to probe for a recommended timeout from the drive. Add a new fuction, fw_get_timeout(), that will determine which timeout to use for the WRITE BUFFER command. If the user specifies a timeout, we always use that. Otherwise, we will use the drive recommended timeout, if available, and fall back to the default when a drive recommended timeout isn't available. When we prompt the user, tell him what timeout we're going to use, and the source of the timeout. Revamp the way SATA devices are handled. In fwdownload(), use the new get_device_type() function to determine what kind of device we're talking to. Allow firmware downloads to any SATA device, but restrict SCSI downloads to known devices. (The latter is not a change in behavior.) Break out the "ready" check from fw_download_img() into a new subfunction, fw_check_device_ready(). This sends the appropriate command to the device in question -- a TEST UNIT READY or an IDENTIFY. The IDENTIFY for SATA devices a SAT layer is done using the SCSI ATA PASS-THROUGH command. Use the new build_ata_cmd() function to build either a SCSI or ATA I/O CCB to issue the DOWNLOAD MICROCODE command to SATA devices. build_ata_cmd() figures looks at the devtype argument and fills in the correct CCB type and CDB or ATA registers. Revamp the vendor table to remove the previous vendor-specific ATA entries and use a generic ATA vendor placeholder. We currently use the same method for all ATA drives, although we may have to add vendor-specific behavior once we test this with more drives. sbin/camcontrol/progress.c: In progress_draw(), make barlength a signed value so that we can easily detect a negative value. If barlength (the length of the progress bar) would wind up negative due to a small TTY width or a large filename, set the bar length to the new minimum (10 stars) and truncate the user's filename. We will truncate it down to 0 characters if necessary. Calculate a new prefix_len variable (user's filename length) and use it as the precision when printing the filename. sbin/camcontrol/camcontrol.c: Implement a new camcontrol(8) subcommand, "opcodes". The opcodes subcommand allows displaying the entire list of SCSI commands supported by a device, or details on an individual command. In either case, it can display nominal and recommended timeout values. Add the scsiopcodes() function, which calls the new scsigetopcodes() function to fetch opcode data from a drive. Add two new functions, scsiprintoneopcode() and scsiprintopcodes(), which print information about one opcode or all opcodes, respectively. Remove the get_disk_type() function. It is no longer used. Add a new function, dev_has_vpd_page(), that fetches the supported INQUIRY VPD list from a device and tells the caller whether the requested VPD page is available. Add a new function, get_device_type(), that returns a more precise device type than the old get_disk_type() function. The get_disk_type() function only distinguished between SCSI and ATA devices, and SATA devices behind a SCSI to ATA translation layer were considered to be "SCSI". get_device_type() offers a third type, CC_DT_ATA_BEHIND_SCSI. We need to know this to know whether to attempt to send ATA passthrough commands. If the device has the ATA Information VPD page (0x89), then it is an ATA device behind a SCSI to ATA translation layer. Remove the type argument from the fwdownload() subcommand. Add a new function, build_ata_cmd(), that will take one set of common arguments and build either a SCSI or ATA I/O CCB, depending on the device type passed in. sbin/camcontrol/camcontrol.h: Add a prototype for scsigetopcodes(). Add a new enumeration, camcontrol_devtype. Add prototypes for dev_has_vpd_page(), get_device_type() and build_ata_cmd(). Remove the type argument from the fwdownload() subcommand. sbin/camcontrol/camcontrol.8 Explain that the fwdownload subcommand will use the drive recommended timeout if available, and that the user can override the timeout. Document the new opcodes subcommand. Explain that we will attempt to download firmware to any SATA device. Document supported SCSI vendors, and models tested if known. Explain the commands used to download firmware for the three different drive and controller combinations. Document that the -v flag in simulation mode for the fwdownload subcommand will print out the SCSI CDBs or ATA registers that would be used. sys/cam/scsi/scsi_all.h: Add new bit definitions for the one opcode descriptor for the REPORT SUPPORTED OPCODES command. Add a function prototype for scsi_report_supported_opcodes(). sys/cam/scsi/scsi_all.c: Add a new CDB building function, scsi_report_supported_opcodes(). Sponsored by: Spectra Logic MFC after: 1 week
* Use arc4random_buf(). While there, unifdef the code for HAVE_ARC4RANDOM.delphij2015-08-162-16/+2
| | | | MFC after: 2 weeks
* In ipfw2, avoid left-shifting negative integers, which is undefined.dim2015-08-121-4/+4
| | | | | | While here, make some other arguments to htonl(3) unsigned too. MFC after: 3 days
* Make LAG LACP fast timeout tunable through IOCTL.hiren2015-08-122-1/+9
| | | | | | | | Differential Revision: D3300 Submitted by: LN Sundararajan <lakshmi.n at msystechnologies> Reviewed by: wblock, smh, gnn, hiren, rpokala at panasas MFC after: 2 weeks Sponsored by: Panasas
* Fix a few mandoc warnings.brueffer2015-08-122-2/+0
| | | | MFC after: 1 week
* sbin/ipfw fix typo: info -> intofeld2015-08-101-1/+1
| | | | | | | | example: DEPRECATED: inserting data into non-existent table sshguard. (auto-created) Approved by: bdrewery
* Allow to disable BIO_DELETE passthru in fstab for swap-on-geli devices bypjd2015-08-081-4/+6
| | | | | | | passing 'notrim' option. PR: 198863 Submitted by: Matthew D. Fuller fullermd at over-yonder dot net
* Enable BIO_DELETE passthru in GELI, so TRIM/UNMAP can work as expected whenpjd2015-08-082-15/+82
| | | | | | | | | | | | | | | | | | | GELI is used on a SSD or inside virtual machine, so that guest can tell host that it is no longer using some of the storage. Enabling BIO_DELETE passthru comes with a small security consequence - an attacker can tell how much space is being really used on encrypted device and has less data no analyse then. This is why the -T option can be given to the init subcommand to turn off this behaviour and -t/T options for the configure subcommand can be used to adjust this setting later. PR: 198863 Submitted by: Matthew D. Fuller fullermd at over-yonder dot net This commit also includes a fix from Fabian Keil freebsd-listen at fabiankeil.de for 'configure' on onetime providers which is not strictly related, but is entangled in the same code, so would cause conflicts if separated out.
* Whoops, wrong flag.trasz2015-08-061-1/+1
| | | | | MFC after: 1 month Sponsored by: The FreeBSD Foundation
* Tweak mdconfig(8) manual page, in particular revise the EXAMPLEStrasz2015-08-061-47/+46
| | | | | | | | | | section. This removes stuff that doesn't really belong there, and simplifies examples for the basic operations. Reviewed by: wblock@ MFC after: 1 month Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D3198
* Fix a bug which could make routed(8) daemon exit by sending a special RIPdelphij2015-08-051-0/+6
| | | | | | query from a remote machine, similar to SA-14:21.routed. Submitted by: hrs
* Fix ipfw range deletion.melifaro2015-08-031-3/+8
| | | | Spotted by: ian,julian
* Add support for keys that include 4 byte SALT values,gnn2015-07-312-2/+25
| | | | | | | | including GCM and ICM/CTR modes for AES. Reviewed by: jmg MFC after: 1 week Sponsored by: Rubicon Communications (Netgate)
* Summary: Remove unsupported 3des-deriv encryption algorithm from documentation.gnn2015-07-311-1/+0
|
* Teach sysctl about the new optional suffix after IK to specifyimp2015-07-291-8/+42
| | | | | | | precision. Update input as well. Add IK to the manual (it was missing completely). Differential Revision: https://reviews.freebsd.org/D3181
* Add missing SIGUSR1 description.trasz2015-07-241-1/+2
| | | | | MFC after: 2 weeks Sponsored by: The FreeBSD Foundation
* mount_nfs: Be more clear on nmount(2) error with errmsg unsetcem2015-07-221-1/+2
| | | | | | | | Differential Revision: https://reviews.freebsd.org/D3147 Reviewed by: rmacklem Approved by: markj (mentor) MFC after: 2 weeks Sponsored by: EMC / Isilon Storage Division
* nvmecontrol: read controller identify data before any log page operationsjimharris2015-07-221-1/+2
| | | | | MFC after: 3 days Sponsored by: Intel
* lseek() allows an offset to be set beyond the end of file. Usingae2015-07-211-7/+4
| | | | | | | | it to check that partition has enough space to write bootcode doesn't work. Use the known size of provider instead. PR: 201504 MFC after: 1 week
* Only report the lack of ALTQ support if pfctl is using verbose (-v) mode.gnn2015-07-201-1/+1
| | | | | | PR: 194935 Submitted by: Jim Thompson MFC after: 2 weeks
* Document suspend/resume notification in devd.conf(5).trasz2015-07-181-0/+4
| | | | | MFC after: 2 weeks Sponsored by: The FreeBSD Foundation
* Add CARP events description to devd.conf(5).trasz2015-07-181-1/+21
| | | | | MFC after: 2 weeks Sponsored by: The FreeBSD Foundation
* Fix contraction spotted by igor(1) and remove 2 .Ed spotted by mandoc(1).araujo2015-07-181-7/+5
| | | | | | | | | Also, don't capitalize "module" and remove a redundant phrase introduced in my previous commit. Differential Revision: D3112 Reviewed by: wblock Sponsored by: gandi.net
* Describe how to load gmultipath at boot time.araujo2015-07-171-1/+11
| | | | | | Differential Revision: D3112 Reviewed by: allanjude, bapt Sponsored by: gandi.net
* fix the docs, the number of frags per inode (NFPI) changed in r228794jmg2015-07-151-4/+4
| | | | | | | | to 2 from 4, but the man page didn't get updated... other minor changes to make igor happy... MFC after: 3 days
* Add a new option to gpart(8) to fix Lenovo BIOS boot issueallanjude2015-07-151-1/+7
| | | | | | | | | | PR: 184910 Reviewed by: ae, wblock Approved by: marcel MFC after: 3 days Relnotes: yes Sponsored by: ScaleEngine Inc. Differential Revision: https://reviews.freebsd.org/D3065
* Cleanup; mostly language with a little bit of mdoc style.brueffer2015-07-143-17/+18
| | | | MFC after: 1 week
* Unbreak ggatec and ggatel on i386 after r238119, which added two morebrueffer2015-07-142-0/+2
| | | | | | | | | | | | | 'struct g_gate_ctl_create' fields. While the behaviour was technically undefined on other architectures as well, on the reporter's amd64 systems the uninitialized bytes the kernel cares about were always zero so everything worked as expected. PR: 197309, 199559 Submitted by: ota@j.email.ne.jp, Fabian Keil Reviewed by: pjd MFC after: 1 week
* If ggated's exports_find() fails, the connection is removed beforebrueffer2015-07-141-1/+1
| | | | | | | | | | | | | | (trying to) report the problem to the client. sendfail() is called with an already closed socket and thus it fails to inform the client about the problem. Fix this by calling sendfail() before connection_remove(). PR: 195944 Submitted by: Fabian Keil Reviewed by: pjd MFC after: 1 week
* Since the case where secflavor < 0 indicates the security flavor isrmacklem2015-07-071-2/+2
| | | | | | | | | | | | to be negotiated, it could be a Kerberized mount. As such, filling in the "principal" argument using the canonized host name makes sense. If it is negotiated as AUTH_SYS, the "principal" argument is meaningless but harmless. Requested by: masato@itc.naist.jp Tested by: masato@itc.naist.jp PR: 201073 MFC after: 1 month
* Remove unused variable flags reported by clang. The function zygote_clone()araujo2015-07-043-6/+4
| | | | | | | | always receive the flags with value 0 and this flags is never checked on zygote_main(). Differential Revision: D2689 Reviewed by: rodrigc, oshogbo
* Update the date on the manual page.gnn2015-07-031-1/+1
| | | | Noticed by: bz
* New AES modes for IPSec, user space components.gnn2015-07-032-1/+3
| | | | | | | | | | | | Update setkey and libipsec to understand aes-gcm-16 as an encryption method. A partial commit of the work in review D2936. Submitted by: eri Reviewed by: jmg MFC after: 2 weeks Sponsored by: Rubicon Communications (Netgate)
* Let the nv.h and dnv.h includes be only in sys directory.oshogbo2015-07-022-2/+2
| | | | | | | Change consumers to include those files from sys. Add duplicated files to ObsoleteFiles. Approved by: pjd (mentor)
* Add -b to the devlist usage info, forgotten in r260059.brueffer2015-07-021-1/+1
| | | | | | PR: 195094 Submitted by: robin.hahling@gw-computing.net MFC after: 1 week
* Fix an obviously wrong boolean operator.brueffer2015-07-021-1/+1
| | | | | | PR: 200983 Submitted by: David Bindeman MFC after: 1 week
* Allow to omit keyfile number for the first keyfile.pjd2015-07-021-1/+8
|
* Fix support for the null encryption algorithm which now requiresgnn2015-06-251-1/+1
| | | | | | a key. Sponsored by: Rubicon Communications (Netgate)
* ALTQ FAIRQ discipline import from DragonFLYeri2015-06-244-4/+337
| | | | | | | | Differential Revision: https://reviews.freebsd.org/D2847 Reviewed by: glebius, wblock(manpage) Approved by: gnn(mentor) Obtained from: pfSense Sponsored by: Netgate
* Document that a forced dismount of an NFSv3 mount when thermacklem2015-06-171-1/+4
| | | | | | | | | NLM (rpc.lockd) is running can crash the system. Unfortunately this is not easy to fix, but I have left PR#200585 open. PR: 200585 MFC after: 3 days
* new dependssjg2015-06-163-1/+2
|
* Revert r284417 it is not necessary anymorebapt2015-06-151-1/+1
|
* Enforce overwritting SHLIBDIRbapt2015-06-151-1/+1
| | | | | | | | | Since METAMODE has been added, sys.mk loads bsd.mkopt.mk which ends load loading bsd.own.mk which then defines SHLIBDIR before all the Makefile.inc everywhere. This makes /lib being populated again. Reported by: many
* Add META_MODE support.sjg2015-06-13112-0/+2333
|\ | | | | | | | | | | | | | | | | | | | | Off by default, build behaves normally. WITH_META_MODE we get auto objdir creation, the ability to start build from anywhere in the tree. Still need to add real targets under targets/ to build packages. Differential Revision: D2796 Reviewed by: brooks imp
| * Revert unneeded changesjg2015-06-101-1/+1
| |
OpenPOWER on IntegriCloud