From f1d57c3c1d02519ec765da870b064747b6d743ae Mon Sep 17 00:00:00 2001 From: bdrewery Date: Sun, 14 Apr 2013 21:11:19 +0000 Subject: Run configtest before restarting so that the system is not left without a running sshd. Approved by: des MFC after: 1 week --- etc/rc.d/sshd | 1 + 1 file changed, 1 insertion(+) (limited to 'etc') diff --git a/etc/rc.d/sshd b/etc/rc.d/sshd index 19b47d8..a02e9ec 100755 --- a/etc/rc.d/sshd +++ b/etc/rc.d/sshd @@ -14,6 +14,7 @@ rcvar="sshd_enable" command="/usr/sbin/${name}" keygen_cmd="sshd_keygen" start_precmd="sshd_precmd" +restart_precmd="sshd_configtest" configtest_cmd="sshd_configtest" pidfile="/var/run/${name}.pid" extra_commands="configtest keygen reload" -- cgit v1.1 From b5bdbccc2dbc78f19b1620d5e937e6de1f9dd0b3 Mon Sep 17 00:00:00 2001 From: bdrewery Date: Tue, 16 Apr 2013 17:30:13 +0000 Subject: Also call configtest before reload to ensure working config. Approved by: jhb MFC after: 1 week X-MFC-With: r249489 --- etc/rc.d/sshd | 1 + 1 file changed, 1 insertion(+) (limited to 'etc') diff --git a/etc/rc.d/sshd b/etc/rc.d/sshd index a02e9ec..aad672c 100755 --- a/etc/rc.d/sshd +++ b/etc/rc.d/sshd @@ -14,6 +14,7 @@ rcvar="sshd_enable" command="/usr/sbin/${name}" keygen_cmd="sshd_keygen" start_precmd="sshd_precmd" +reload_precmd="sshd_configtest" restart_precmd="sshd_configtest" configtest_cmd="sshd_configtest" pidfile="/var/run/${name}.pid" -- cgit v1.1 From e106d00d68b4f6d6afe1524ffa452e8c297aaab7 Mon Sep 17 00:00:00 2001 From: gshapiro Date: Sun, 21 Apr 2013 17:11:45 +0000 Subject: Minor changes to force commit these files so new freebsd*.cf files are built to use the new sendmail-8.14.6/cf tree. MFC after: 4 days --- etc/sendmail/freebsd.mc | 2 +- etc/sendmail/freebsd.submit.mc | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) (limited to 'etc') diff --git a/etc/sendmail/freebsd.mc b/etc/sendmail/freebsd.mc index 92efee1..6d75636 100644 --- a/etc/sendmail/freebsd.mc +++ b/etc/sendmail/freebsd.mc @@ -41,7 +41,7 @@ divert(-1) # The best documentation for this .mc file is: # /usr/share/sendmail/cf/README or # /usr/src/contrib/sendmail/cf/README -# +# divert(0) VERSIONID(`$FreeBSD$') diff --git a/etc/sendmail/freebsd.submit.mc b/etc/sendmail/freebsd.submit.mc index fbb036c..c6ec655 100644 --- a/etc/sendmail/freebsd.submit.mc +++ b/etc/sendmail/freebsd.submit.mc @@ -9,7 +9,6 @@ divert(-1) # # - # # This is the FreeBSD configuration for a set-group-ID sm-msp sendmail # that acts as a initial mail submission program. -- cgit v1.1 From ac509d44addfcb895b3f26f8dfaf16770727a496 Mon Sep 17 00:00:00 2001 From: brooks Date: Tue, 30 Apr 2013 19:26:44 +0000 Subject: Make an attempt to detect missing MTREE files in distrib-dirs. Not perfect, but this is just a developer seatbelt. PR: conf/176897 Submitted by: Garrett Cooper MFC after: 1 week --- etc/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'etc') diff --git a/etc/Makefile b/etc/Makefile index 81ef45a..c0806e8 100644 --- a/etc/Makefile +++ b/etc/Makefile @@ -328,7 +328,7 @@ MTREES+= mtree/BSD.sendmail.dist / MTREES+= ../${mtree} / .endfor -distrib-dirs: +distrib-dirs: ${MTREES:N/*} @set ${MTREES}; \ while test $$# -ge 2; do \ m=${.CURDIR}/$$1; \ -- cgit v1.1 From 6473a2540f9533d31ae4872e4485cd1f7eb2e402 Mon Sep 17 00:00:00 2001 From: crees Date: Sat, 4 May 2013 14:00:16 +0000 Subject: Introduce and use new flag -L to mount for mounting only late filesystems. Previously, rc.d/mountlate mounted *all* filesystems, causing problems with background NFS mounts being mounted twice. PR: conf/137629 Submitted by: eadler (original concept) Reviewed by: mjg Approved by: hrs --- etc/rc.d/mountlate | 17 ++++------------- 1 file changed, 4 insertions(+), 13 deletions(-) (limited to 'etc') diff --git a/etc/rc.d/mountlate b/etc/rc.d/mountlate index 5b8ff73..34defc5 100755 --- a/etc/rc.d/mountlate +++ b/etc/rc.d/mountlate @@ -21,19 +21,10 @@ mountlate_start() # Mount "late" filesystems. # err=0 - latefs= - # / (root) fs is always remounted, so remove from list - latefs="`/sbin/mount -d -a -l | grep -v ' /$'`" - case ${latefs} in - '') - ;; - *) - echo -n 'Mounting late file systems:' - mount -a -l - err=$? - echo '.' - ;; - esac + echo -n 'Mounting late file systems:' + mount -a -L + err=$? + echo '.' case ${err} in 0) -- cgit v1.1 From 4bf79fd9477deb4474ffe0cbce91163140844cff Mon Sep 17 00:00:00 2001 From: hrs Date: Sat, 4 May 2013 15:42:55 +0000 Subject: - Fix exit status when ip6addrctl_verbose=yes [*] - Use the absolute pathname for ip6addrctl. - Use "install" instead of "add" to reduce the number of invocations. Reported by: Tatsuki Makino [*] PR: conf/175006 [*] MFC after: 1 week --- etc/rc.d/ip6addrctl | 60 ++++++++++++++++++++++++++++++----------------------- 1 file changed, 34 insertions(+), 26 deletions(-) (limited to 'etc') diff --git a/etc/rc.d/ip6addrctl b/etc/rc.d/ip6addrctl index 914ca8c..a7aa90c 100755 --- a/etc/rc.d/ip6addrctl +++ b/etc/rc.d/ip6addrctl @@ -24,38 +24,42 @@ config_file="/etc/ip6addrctl.conf" set_rcvar_obsolete ipv6_enable ipv6_activate_all_interfaces set_rcvar_obsolete ipv6_prefer ip6addrctl_policy +IP6ADDRCTL_CMD="/usr/sbin/ip6addrctl" + ip6addrctl_prefer_ipv6() { afexists inet6 || return 0 - ip6addrctl flush >/dev/null 2>&1 - ip6addrctl add ::1/128 50 0 - ip6addrctl add ::/0 40 1 - ip6addrctl add ::ffff:0:0/96 35 4 - ip6addrctl add 2002::/16 30 2 - ip6addrctl add 2001::/32 5 5 - ip6addrctl add fc00::/7 3 13 - ip6addrctl add ::/96 1 3 - ip6addrctl add fec0::/10 1 11 - ip6addrctl add 3ffe::/16 1 12 - checkyesno ip6addrctl_verbose && ip6addrctl + ${IP6ADDRCTL_CMD} flush >/dev/null 2>&1 + cat </dev/null 2>&1 - ip6addrctl add ::1/128 50 0 - ip6addrctl add ::/0 40 1 - ip6addrctl add ::ffff:0:0/96 100 4 - ip6addrctl add 2002::/16 30 2 - ip6addrctl add 2001::/32 5 5 - ip6addrctl add fc00::/7 3 13 - ip6addrctl add ::/96 1 3 - ip6addrctl add fec0::/10 1 11 - ip6addrctl add 3ffe::/16 1 12 - checkyesno ip6addrctl_verbose && ip6addrctl + ${IP6ADDRCTL_CMD} flush >/dev/null 2>&1 + cat </dev/null 2>&1 - ip6addrctl install "${config_file}" - checkyesno ip6addrctl_verbose && ip6addrctl + ${IP6ADDRCTL_CMD} flush >/dev/null 2>&1 + ${IP6ADDRCTL_CMD} install "${config_file}" else if checkyesno ipv6_activate_all_interfaces; then ip6addrctl_prefer_ipv6 @@ -92,7 +95,7 @@ ip6addrctl_start() ip6addrctl_prefer_ipv4 ;; [Nn][Oo][Nn][Ee]) - ip6addrctl flush >/dev/null 2>&1 + ${IP6ADDRCTL_CMD} flush >/dev/null 2>&1 ;; *) warn "\$ip6addrctl_policy is invalid: ${ip6addrctl_policy}. " \ @@ -100,6 +103,11 @@ ip6addrctl_start() ip6addrctl_prefer_ipv4 ;; esac + + if checkyesno ip6addrctl_verbose; then + echo 'Address selection policy table for IPv4 and IPv6:' + ${IP6ADDRCTL_CMD} + fi } ip6addrctl_stop() -- cgit v1.1 From 921cd169ef894c12737cfebc8e0ac9e41b31f959 Mon Sep 17 00:00:00 2001 From: eadler Date: Fri, 10 May 2013 13:57:44 +0000 Subject: Bring /etc/protocols up to date. PR: conf/175397 Submitted by: ak --- etc/protocols | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'etc') diff --git a/etc/protocols b/etc/protocols index a27b226..20dd889 100644 --- a/etc/protocols +++ b/etc/protocols @@ -92,6 +92,7 @@ vmtp 81 VMTP # Versatile Message Transport secure-vmtp 82 SECURE-VMTP # SECURE-VMTP vines 83 VINES # VINES ttp 84 TTP # TTP +#iptm 84 IPTM # Protocol Internet Protocol Traffic nsfnet-igp 85 NSFNET-IGP # NSFNET-IGP dgp 86 DGP # Dissimilar Gateway Protocol tcf 87 TCF # TCF @@ -145,7 +146,13 @@ rsvp-e2e-ignore 134 RSVP-E2E-IGNORE # Aggregation of RSVP for IP reservations mobility-header 135 Mobility-Header # Mobility Support in IPv6 udplite 136 UDPLite # The UDP-Lite Protocol mpls-in-ip 137 MPLS-IN-IP # Encapsulating MPLS in IP +manet 138 MANET # MANET Protocols (RFC5498) +hip 139 HIP # Host Identity Protocol (RFC5201) +shim6 140 SHIM6 # Shim6 Protocol (RFC5533) +wesp 141 WESP # Wrapped Encapsulating Security Payload (RFC5840) +rohc 142 ROHC # Robust Header Compression (RFC5858) # 138-254 # Unassigned pfsync 240 PFSYNC # PF Synchronization +# 253-254 # Use for experimentation and testing (RFC3692) # 255 # Reserved divert 258 DIVERT # Divert pseudo-protocol [non IANA] -- cgit v1.1 From e48cd1a04fbee38a9769182d29b84d77a2d86cf6 Mon Sep 17 00:00:00 2001 From: eadler Date: Sat, 11 May 2013 23:55:43 +0000 Subject: Unconditionally install 210.backup-aliases as many MTAs other than sendmail support the use of /etc/aliases. PR: conf/176098 Submitted by: ak MFC after: 2 weeks --- etc/periodic/daily/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'etc') diff --git a/etc/periodic/daily/Makefile b/etc/periodic/daily/Makefile index b377be9..5a4e2d2 100644 --- a/etc/periodic/daily/Makefile +++ b/etc/periodic/daily/Makefile @@ -6,6 +6,7 @@ FILES= 100.clean-disks \ 110.clean-tmps \ 120.clean-preserve \ 200.backup-passwd \ + 210.backup-aliases \ 330.news \ 400.status-disks \ 401.status-graid \ @@ -51,7 +52,6 @@ FILES+= 140.clean-rwho \ .if ${MK_SENDMAIL} != "no" FILES+= 150.clean-hoststat \ - 210.backup-aliases \ 440.status-mailq \ 460.status-mail-rejects \ 500.queuerun -- cgit v1.1 From 168bd583e81022553017d75b42291248fd1b0f3e Mon Sep 17 00:00:00 2001 From: eadler Date: Sun, 12 May 2013 15:23:59 +0000 Subject: Make newsyslog compress logs with xz instead of bzip2 to save space. PR: conf/178504 Submitted by: ak Reviewed by: smh --- etc/newsyslog.conf | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) (limited to 'etc') diff --git a/etc/newsyslog.conf b/etc/newsyslog.conf index 76e0707..a863978 100644 --- a/etc/newsyslog.conf +++ b/etc/newsyslog.conf @@ -17,23 +17,23 @@ # future, these defaults may change to more conservative ones. # # logfilename [owner:group] mode count size when flags [/pid_file] [sig_num] -/var/log/all.log 600 7 * @T00 J -/var/log/amd.log 644 7 100 * J -/var/log/auth.log 600 7 100 @0101T JC -/var/log/console.log 600 5 100 * J -/var/log/cron 600 3 100 * JC -/var/log/daily.log 640 7 * @T00 JN -/var/log/debug.log 600 7 100 * JC -/var/log/init.log 644 3 100 * J -/var/log/kerberos.log 600 7 100 * J -/var/log/lpd-errs 644 7 100 * JC -/var/log/maillog 640 7 * @T00 JC -/var/log/messages 644 5 100 @0101T JC -/var/log/monthly.log 640 12 * $M1D0 JN -/var/log/pflog 600 3 100 * JB /var/run/pflogd.pid -/var/log/ppp.log root:network 640 3 100 * JC -/var/log/security 600 10 100 * JC +/var/log/all.log 600 7 * @T00 X +/var/log/amd.log 644 7 100 * X +/var/log/auth.log 600 7 100 @0101T XC +/var/log/console.log 600 5 100 * X +/var/log/cron 600 3 100 * XC +/var/log/daily.log 640 7 * @T00 XN +/var/log/debug.log 600 7 100 * XC +/var/log/init.log 644 3 100 * X +/var/log/kerberos.log 600 7 100 * X +/var/log/lpd-errs 644 7 100 * XC +/var/log/maillog 640 7 * @T00 XC +/var/log/messages 644 5 100 @0101T XC +/var/log/monthly.log 640 12 * $M1D0 XN +/var/log/pflog 600 3 100 * XB /var/run/pflogd.pid +/var/log/ppp.log root:network 640 3 100 * XC +/var/log/security 600 10 100 * XC /var/log/sendmail.st 640 10 * 168 BN /var/log/utx.log 644 3 * @01T05 B -/var/log/weekly.log 640 5 * $W6D0 JN -/var/log/xferlog 600 7 100 * JC +/var/log/weekly.log 640 5 * $W6D0 XN +/var/log/xferlog 600 7 100 * XC -- cgit v1.1 From a29b04fcf3b1dfe691773859175d8fcc46459f11 Mon Sep 17 00:00:00 2001 From: eadler Date: Sun, 12 May 2013 21:24:18 +0000 Subject: Revert r250565 which causes issues for older CPUs PR: conf/178504 Requested by: many --- etc/newsyslog.conf | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) (limited to 'etc') diff --git a/etc/newsyslog.conf b/etc/newsyslog.conf index a863978..76e0707 100644 --- a/etc/newsyslog.conf +++ b/etc/newsyslog.conf @@ -17,23 +17,23 @@ # future, these defaults may change to more conservative ones. # # logfilename [owner:group] mode count size when flags [/pid_file] [sig_num] -/var/log/all.log 600 7 * @T00 X -/var/log/amd.log 644 7 100 * X -/var/log/auth.log 600 7 100 @0101T XC -/var/log/console.log 600 5 100 * X -/var/log/cron 600 3 100 * XC -/var/log/daily.log 640 7 * @T00 XN -/var/log/debug.log 600 7 100 * XC -/var/log/init.log 644 3 100 * X -/var/log/kerberos.log 600 7 100 * X -/var/log/lpd-errs 644 7 100 * XC -/var/log/maillog 640 7 * @T00 XC -/var/log/messages 644 5 100 @0101T XC -/var/log/monthly.log 640 12 * $M1D0 XN -/var/log/pflog 600 3 100 * XB /var/run/pflogd.pid -/var/log/ppp.log root:network 640 3 100 * XC -/var/log/security 600 10 100 * XC +/var/log/all.log 600 7 * @T00 J +/var/log/amd.log 644 7 100 * J +/var/log/auth.log 600 7 100 @0101T JC +/var/log/console.log 600 5 100 * J +/var/log/cron 600 3 100 * JC +/var/log/daily.log 640 7 * @T00 JN +/var/log/debug.log 600 7 100 * JC +/var/log/init.log 644 3 100 * J +/var/log/kerberos.log 600 7 100 * J +/var/log/lpd-errs 644 7 100 * JC +/var/log/maillog 640 7 * @T00 JC +/var/log/messages 644 5 100 @0101T JC +/var/log/monthly.log 640 12 * $M1D0 JN +/var/log/pflog 600 3 100 * JB /var/run/pflogd.pid +/var/log/ppp.log root:network 640 3 100 * JC +/var/log/security 600 10 100 * JC /var/log/sendmail.st 640 10 * 168 BN /var/log/utx.log 644 3 * @01T05 B -/var/log/weekly.log 640 5 * $W6D0 XN -/var/log/xferlog 600 7 100 * XC +/var/log/weekly.log 640 5 * $W6D0 JN +/var/log/xferlog 600 7 100 * JC -- cgit v1.1 From 641feb7a9e39f8bdd8a2e873ebbe96b0a7bb0a14 Mon Sep 17 00:00:00 2001 From: asomers Date: Mon, 13 May 2013 20:28:24 +0000 Subject: etc/rc.d/syslogd Add netif as a requirement of syslogd to get lo0 up. Currently, this doesn't affect the rc order, because mountcritremote already depends on netif. Reviewed by: eadler Approved by: kenm (mentor) MFC after: 2 weeks --- etc/rc.d/syslogd | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'etc') diff --git a/etc/rc.d/syslogd b/etc/rc.d/syslogd index e68e506..87f7de2 100755 --- a/etc/rc.d/syslogd +++ b/etc/rc.d/syslogd @@ -3,8 +3,10 @@ # $FreeBSD$ # +# netif is required for lo0 because syslogd tries to open a local socket +# # PROVIDE: syslogd -# REQUIRE: mountcritremote FILESYSTEMS newsyslog +# REQUIRE: mountcritremote FILESYSTEMS newsyslog netif # BEFORE: SERVERS . /etc/rc.subr -- cgit v1.1 From 7941fefd80009514446ab99f32ddfd03121d225b Mon Sep 17 00:00:00 2001 From: jamie Date: Sun, 19 May 2013 04:10:34 +0000 Subject: Refine the "nojail" rc keyword, adding "nojailvnet" for files that don't apply to most jails but do apply to vnet jails. This includes adding a new sysctl "security.jail.vnet" to identify vnet jails. PR: conf/149050 Submitted by: mdodd MFC after: 3 days --- etc/rc | 3 +++ etc/rc.d/ipfw | 2 +- etc/rc.d/netif | 2 +- etc/rc.d/routing | 2 +- etc/rc.shutdown | 7 ++++++- 5 files changed, 12 insertions(+), 4 deletions(-) (limited to 'etc') diff --git a/etc/rc b/etc/rc index 99cfda8..59dece8 100644 --- a/etc/rc +++ b/etc/rc @@ -77,6 +77,9 @@ if [ `/sbin/sysctl -n security.jail.jailed` -eq 1 ]; then if [ "$early_late_divider" = "FILESYSTEMS" ]; then early_late_divider=NETWORKING fi + if [ `/sbin/sysctl -n security.jail.vnet` -ne 1 ]; then + skip="$skip -s nojailvnet" + fi fi # Do a first pass to get everything up to $early_late_divider so that diff --git a/etc/rc.d/ipfw b/etc/rc.d/ipfw index f405832..e84445c 100755 --- a/etc/rc.d/ipfw +++ b/etc/rc.d/ipfw @@ -5,7 +5,7 @@ # PROVIDE: ipfw # REQUIRE: ppp -# KEYWORD: nojail +# KEYWORD: nojailvnet . /etc/rc.subr . /etc/network.subr diff --git a/etc/rc.d/netif b/etc/rc.d/netif index 19b857f..2ace581 100755 --- a/etc/rc.d/netif +++ b/etc/rc.d/netif @@ -28,7 +28,7 @@ # PROVIDE: netif # REQUIRE: atm1 FILESYSTEMS serial sppp sysctl # REQUIRE: ipfilter ipfs -# KEYWORD: nojail +# KEYWORD: nojailvnet . /etc/rc.subr . /etc/network.subr diff --git a/etc/rc.d/routing b/etc/rc.d/routing index 0fe86c7..f4f3f7b 100755 --- a/etc/rc.d/routing +++ b/etc/rc.d/routing @@ -7,7 +7,7 @@ # PROVIDE: routing # REQUIRE: faith netif ppp stf -# KEYWORD: nojail +# KEYWORD: nojailvnet . /etc/rc.subr . /etc/network.subr diff --git a/etc/rc.shutdown b/etc/rc.shutdown index 81cc994..a0dd698 100644 --- a/etc/rc.shutdown +++ b/etc/rc.shutdown @@ -81,7 +81,12 @@ fi # and perform the operation # rcorder_opts="-k shutdown" -[ `/sbin/sysctl -n security.jail.jailed` -eq 1 ] && rcorder_opts="$rcorder_opts -s nojail" +if [ `/sbin/sysctl -n security.jail.jailed` -eq 1 ]; then + rcorder_opts="$rcorder_opts -s nojail" + if [ `/sbin/sysctl -n security.jail.vnet` -ne 1 ]; then + rcorder_opts="$rcorder_opts -s nojailvnet" + fi +fi case ${local_startup} in [Nn][Oo] | '') ;; -- cgit v1.1 From 390d8402e005d267efedefcb438af08e196b3d95 Mon Sep 17 00:00:00 2001 From: emaste Date: Fri, 7 Jun 2013 21:40:02 +0000 Subject: Add a new knob WITH_DEBUG_FILES to control the building of standalone debug files for userland programs and libraries. The "-g" debug flag is automatically applied when WITH_DEBUG_FILES is set. The debug files are now named ${prog}.debug and ${shlib}.debug for consistency with other systems and documentation. In addition they are installed under /usr/lib/debug, to simplify the process of installing them if needed after a crash. Users of bsd.{prog,lib}.mk outside of the base system place the standalone debug files in a .debug subdirectory. GDB automatically searches both of these directories for standalone debug files. Thanks to everyone who contributed changes, review, and testing during development. --- etc/Makefile | 6 ++++++ etc/mtree/BSD.debug.dist | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ etc/mtree/Makefile | 4 ++++ 3 files changed, 58 insertions(+) create mode 100644 etc/mtree/BSD.debug.dist (limited to 'etc') diff --git a/etc/Makefile b/etc/Makefile index c0806e8..f509a19 100644 --- a/etc/Makefile +++ b/etc/Makefile @@ -143,6 +143,9 @@ MTREE+= BIND.chroot.dist MTREE+= BIND.include.dist .endif .endif +.if ${MK_DEBUG_FILES} != "no" +MTREE+= BSD.debug.dist +.endif PPPCNF= ppp.conf @@ -312,6 +315,9 @@ MTREES= mtree/BSD.root.dist / \ mtree/BSD.var.dist /var \ mtree/BSD.usr.dist /usr \ mtree/BSD.include.dist /usr/include +.if ${MK_DEBUG_FILES} != "no" +MTREES+= mtree/BSD.debug.dist /usr/lib +.endif .if ${MK_BIND_LIBS} != "no" MTREES+= mtree/BIND.include.dist /usr/include .endif diff --git a/etc/mtree/BSD.debug.dist b/etc/mtree/BSD.debug.dist new file mode 100644 index 0000000..ab75d0f --- /dev/null +++ b/etc/mtree/BSD.debug.dist @@ -0,0 +1,48 @@ +# $FreeBSD$ +# +# Please see the file src/etc/mtree/README before making changes to this file. +# + +/set type=dir uname=root gname=wheel mode=0755 +. + debug + bin + .. + boot + .. + lib + geom + .. + .. + libexec + .. + sbin + .. + usr + bin + .. + games + .. + lib + engines + .. + .. + lib32 + .. + libexec + bsdinstall + .. + lpr + ru + .. + .. + sendmail + .. + sm.bin + .. + .. + sbin + .. + .. + .. +.. diff --git a/etc/mtree/Makefile b/etc/mtree/Makefile index 15da1bf..06aeb19 100644 --- a/etc/mtree/Makefile +++ b/etc/mtree/Makefile @@ -4,6 +4,7 @@ FILES= ${_BIND.chroot.dist} \ ${_BIND.include.dist} \ + ${_BSD.debug.dist} \ BSD.include.dist \ BSD.root.dist \ ${_BSD.sendmail.dist} \ @@ -16,6 +17,9 @@ _BIND.chroot.dist= BIND.chroot.dist _BIND.include.dist= BIND.include.dist .endif .endif +.if ${MK_DEBUG_FILES} != "no" +_BSD.debug.dist= BSD.debug.dist +.endif .if ${MK_GROFF} != "no" _BSD.groff.dist= BSD.groff.dist .endif -- cgit v1.1 From 2ec3ccab05ceb9d46ff8bfd7510e7859e344aa5a Mon Sep 17 00:00:00 2001 From: hrs Date: Sun, 9 Jun 2013 18:11:36 +0000 Subject: Add :ifname modifier to specify interface-specific routes into {,ipv6_}static_routes and rc.d/routing. For example: static_routes="foo bar:em0" route_foo="-net 10.0.0.0/24 -gateway 192.168.2.1" route_bar="-net 192.168.1.0/24 -gateway 192.168.0.2" At boot time, all of the static routes are installed as before. The differences are: - "/etc/rc.d/netif start/stop " now configures static routes with : if any. - "/etc/rc.d/routing start/stop " works as well. cannot be omitted when is specified, but a keyword "any" or "all" can be used for and . --- etc/rc.d/netif | 15 +++++ etc/rc.d/routing | 199 ++++++++++++++++++++++++++++++++----------------------- 2 files changed, 132 insertions(+), 82 deletions(-) (limited to 'etc') diff --git a/etc/rc.d/netif b/etc/rc.d/netif index 2ace581..d623503 100755 --- a/etc/rc.d/netif +++ b/etc/rc.d/netif @@ -46,6 +46,8 @@ set_rcvar_obsolete ipv6_prefer network_start() { + local _if + # Set the list of interfaces to work on. # cmdifn=$* @@ -81,16 +83,29 @@ network_start() if [ -f /etc/rc.d/bridge -a -n "$cmdifn" ] ; then /etc/rc.d/bridge start $cmdifn fi + if [ -f /etc/rc.d/routing -a -n "$cmdifn" ] ; then + for _if in $cmdifn; do + /etc/rc.d/routing start any $_if + done + fi } network_stop() { + local _if + # Set the list of interfaces to work on. # cmdifn=$* # Deconfigure the interface(s) network_common ifn_stop + + if [ -f /etc/rc.d/routing -a -n "$cmdifn" ] ; then + for _if in $cmdifn; do + /etc/rc.d/routing stop any $_if + done + fi } # network_common routine diff --git a/etc/rc.d/routing b/etc/rc.d/routing index f4f3f7b..74e5472 100755 --- a/etc/rc.d/routing +++ b/etc/rc.d/routing @@ -19,56 +19,73 @@ extra_commands="options static" static_cmd="routing_start static" options_cmd="routing_start options" -afcheck() -{ - case $_af in - ""|inet|inet6|ipx|atm) - ;; - *) - err 1 "Unsupported address family: $_af." - ;; - esac -} +ROUTE_CMD="/sbin/route" routing_start() { - local _cmd _af _a + local _cmd _af _if _a _cmd=$1 _af=$2 + _if=$3 - afcheck + case $_if in + ""|[Aa][Ll][Ll]|[Aa][Nn][Yy]) _if="" ;; + esac case $_af in inet|inet6|ipx|atm) - setroutes $_cmd $_af + if afexists $_af; then + setroutes $_cmd $_af $_if + else + err 1 "Unsupported address family: $_af." + fi ;; - "") + ""|[Aa][Ll][Ll]|[Aa][Nn][Yy]) for _a in inet inet6 ipx atm; do - afexists $_a && setroutes $_cmd $_a + afexists $_a && setroutes $_cmd $_a $_if done ;; + *) + err 1 "Unsupported address family: $_af." + ;; esac } routing_stop() { - local _af _a + local _af _if _a _af=$1 + _if=$2 - afcheck + case $_if in + ""|[Aa][Ll][Ll]|[Aa][Nn][Yy]) _if="" ;; + esac case $_af in inet|inet6|ipx|atm) - eval static_${_af} delete - eval routing_stop_${_af} + if afexists $_af; then + eval static_${_af} delete $_if + # When $_if is specified, do not flush routes. + if ! [ -n "$_if" ]; then + eval routing_stop_${_af} + fi + else + err 1 "Unsupported address family: $_af." + fi ;; - "") + ""|[Aa][Ll][Ll]|[Aa][Nn][Yy]) for _a in inet inet6 ipx atm; do afexists $_a || continue - eval static_${_a} delete - eval routing_stop_${_a} + eval static_${_a} delete $_if + # When $_if is specified, do not flush routes. + if ! [ -n "$_if" ]; then + eval routing_stop_${_a} + fi done ;; + *) + err 1 "Unsupported address family: $_af." + ;; esac } @@ -76,13 +93,13 @@ setroutes() { case $1 in static) - static_$2 add + static_$2 add $3 ;; options) options_$2 ;; doall) - static_$2 add + static_$2 add $3 options_$2 ;; esac @@ -90,14 +107,14 @@ setroutes() routing_stop_inet() { - route -n flush -inet + ${ROUTE_CMD} -n flush -inet } routing_stop_inet6() { local i - route -n flush -inet6 + ${ROUTE_CMD} -n flush -inet6 for i in `list_net_interfaces`; do if ipv6if $i; then ifconfig $i inet6 -defaultif @@ -117,30 +134,47 @@ routing_stop_ipx() static_inet() { - local _action + local _action _if _skip _action=$1 + _if=$2 + # Add default route. case ${defaultrouter} in [Nn][Oo] | '') ;; *) - static_routes="default ${static_routes}" - route_default="default ${defaultrouter}" + static_routes="_default ${static_routes}" + route__default="default ${defaultrouter}" ;; esac + # Install configured routes. if [ -n "${static_routes}" ]; then for i in ${static_routes}; do - route_args=`get_if_var $i route_IF` - route ${_action} ${route_args} + _skip=0 + if [ -n "$_if" ]; then + case $i in + *:$_if) ;; + *) _skip=1 ;; + esac + fi + if [ $_skip = 0 ]; then + route_args=`get_if_var ${i%:*} route_IF` + if [ -n "$route_args" ]; then + ${ROUTE_CMD} ${_action} ${route_args} + else + warn "route_${i%:*} not found." + fi + fi done fi } static_inet6() { - local _action fibmod fibs + local _action _if _skip fibmod fibs _action=$1 + _if=$2 # get the number of FIBs supported. fibs=$((`${SYSCTL_N} net.fibs` - 1)) @@ -150,58 +184,74 @@ static_inet6() fibmod= fi + # Add pre-defined static routes first. + ipv6_static_routes="_v4mapped _v4compat ${ipv6_static_routes}" + ipv6_static_routes="_lla _llma ${ipv6_static_routes}" + # disallow "internal" addresses to appear on the wire - route ${_action} -inet6 ::ffff:0.0.0.0 -prefixlen 96 ::1 -reject ${fibmod} - route ${_action} -inet6 ::0.0.0.0 -prefixlen 96 ::1 -reject ${fibmod} + ipv6_route__v4mapped="::ffff:0.0.0.0 -prefixlen 96 ::1 -reject ${fibmod}" + ipv6_route__v4compat="::0.0.0.0 -prefixlen 96 ::1 -reject ${fibmod}" + # Disallow link-local unicast packets without outgoing scope + # identifiers. However, if you set "ipv6_default_interface", + # for the host case, you will allow to omit the identifiers. + # Under this configuration, the packets will go to the default + # interface. + ipv6_route__lla="fe80:: -prefixlen 10 ::1 -reject ${fibmod}" + ipv6_route__llma="ff02:: -prefixlen 16 ::1 -reject ${fibmod}" + + # Add default route. case ${ipv6_defaultrouter} in [Nn][Oo] | '') ;; *) - ipv6_static_routes="default ${ipv6_static_routes}" - ipv6_route_default="default ${ipv6_defaultrouter}" + ipv6_static_routes="_default ${ipv6_static_routes}" + ipv6_route__default="default ${ipv6_defaultrouter}" ;; esac + # Install configured routes. if [ -n "${ipv6_static_routes}" ]; then for i in ${ipv6_static_routes}; do - ipv6_route_args=`get_if_var $i ipv6_route_IF` - route ${_action} -inet6 ${ipv6_route_args} + _skip=0 + if [ -n "$_if" ]; then + case $i in + *:$_if) ;; + *) _skip=1 ;; + esac + fi + if [ $_skip = 0 ]; then + ipv6_route_args=`get_if_var ${i%:*} ipv6_route_IF` + if [ -n "$ipv6_route_args" ]; then + ${ROUTE_CMD} ${_action} \ + -inet6 ${ipv6_route_args} + else + warn "route_${i%:*} not found" + fi + fi done fi - # Fixup $ipv6_network_interfaces - case ${ipv6_network_interfaces} in - [Nn][Oo][Nn][Ee]) - ipv6_network_interfaces='' - ;; - esac + # Install the "default interface" to kernel, which will be used + # as the default route when there's no router. + # Disable installing the default interface when we act + # as router to avoid conflict between the default + # router list and the manual configured default route. if checkyesno ipv6_gateway_enable; then - for i in ${ipv6_network_interfaces}; do - - laddr=`network6_getladdr $i exclude_tentative` - case ${laddr} in - '') - ;; - *) - ipv6_working_interfaces="$i \ - ${ipv6_working_interfaces}" - ;; - esac - done - ipv6_network_interfaces=${ipv6_working_interfaces} + return fi - # Install the "default interface" to kernel, which will be used - # as the default route when there's no router. case "${ipv6_default_interface}" in [Nn][Oo] | [Nn][Oo][Nn][Ee]) - ipv6_default_interface="" + return ;; [Aa][Uu][Tt][Oo] | "") for i in ${ipv6_network_interfaces}; do case $i in + [Nn][Oo][Nn][Ee]) + return + ;; lo0|faith[0-9]*) continue ;; @@ -219,27 +269,8 @@ static_inet6() ;; esac - # Disallow link-local unicast packets without outgoing scope - # identifiers. However, if you set "ipv6_default_interface", - # for the host case, you will allow to omit the identifiers. - # Under this configuration, the packets will go to the default - # interface. - route ${_action} -inet6 fe80:: -prefixlen 10 ::1 -reject ${fibmod} - route ${_action} -inet6 ff02:: -prefixlen 16 ::1 -reject ${fibmod} - - case ${ipv6_default_interface} in - '') - ;; - *) - # Disable installing the default interface when we act - # as router to avoid conflict between the default - # router list and the manual configured default route. - if ! checkyesno ipv6_gateway_enable; then - ifconfig ${ipv6_default_interface} inet6 defaultif - sysctl net.inet6.ip6.use_defaultzone=1 - fi - ;; - esac + ifconfig ${ipv6_default_interface} inet6 defaultif + sysctl net.inet6.ip6.use_defaultzone=1 } static_atm() @@ -250,7 +281,11 @@ static_atm() if [ -n "${natm_static_routes}" ]; then for i in ${natm_static_routes}; do route_args=`get_if_var $i route_IF` - atmconfig natm ${_action} ${route_args} + if [ -n "$route_args" ]; then + atmconfig natm ${_action} ${route_args} + else + warn "route_${i} not found." + fi done fi } -- cgit v1.1 From 9d1db4bf39053659975019da16730ef58e794398 Mon Sep 17 00:00:00 2001 From: rpaulo Date: Mon, 10 Jun 2013 05:45:53 +0000 Subject: Regen. --- etc/devd/usb.conf | 231 +++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 229 insertions(+), 2 deletions(-) (limited to 'etc') diff --git a/etc/devd/usb.conf b/etc/devd/usb.conf index b1dc797..d44206d 100644 --- a/etc/devd/usb.conf +++ b/etc/devd/usb.conf @@ -53,6 +53,17 @@ nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; match "vendor" "0x05ac"; + match "product" "0x12a0"; + match "intclass" "0xff"; + match "intsubclass" "0xfd"; + match "intprotocol" "0x01"; + action "kldload -n if_ipheth"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x05ac"; match "product" "0x12a8"; match "intclass" "0xff"; match "intsubclass" "0xfd"; @@ -679,6 +690,14 @@ nomatch 32 { nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; + match "vendor" "0x04f2"; + match "product" "(0xaff7|0xaff8|0xaff9|0xaffa|0xaffa)"; + action "kldload -n if_urtwn"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; match "vendor" "0x0502"; match "product" "(0x1631|0x1632|0x16e1|0x16e2|0x16e3)"; action "kldload -n uipaq"; @@ -744,6 +763,14 @@ nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; match "vendor" "0x050d"; + match "product" "0x1102"; + action "kldload -n if_urtwn"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x050d"; match "product" "0x1203"; action "kldload -n ubsa"; }; @@ -752,6 +779,14 @@ nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; match "vendor" "0x050d"; + match "product" "(0x2102|0x2103)"; + action "kldload -n if_urtwn"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x050d"; match "product" "0x4050"; action "kldload -n if_zyd"; }; @@ -1039,6 +1074,14 @@ nomatch 32 { nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; + match "vendor" "0x0586"; + match "product" "0x341f"; + action "kldload -n if_urtwn"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; match "vendor" "0x058f"; match "product" "0x9720"; action "kldload -n uplcom"; @@ -1271,6 +1314,14 @@ nomatch 32 { nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; + match "vendor" "0x06f8"; + match "product" "0xe033"; + action "kldload -n if_urtwn"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; match "vendor" "0x0707"; match "product" "0x0100"; action "kldload -n if_kue"; @@ -1472,6 +1523,14 @@ nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; match "vendor" "0x07aa"; + match "product" "0x0056"; + action "kldload -n if_urtwn"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x07aa"; match "product" "0x9601"; action "kldload -n if_udav"; }; @@ -1528,6 +1587,14 @@ nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; match "vendor" "0x07b8"; + match "product" "(0x8178|0x8188|0x8189)"; + action "kldload -n if_urtwn"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x07b8"; match "product" "0xabc1"; action "kldload -n if_aue"; }; @@ -1735,6 +1802,14 @@ nomatch 32 { nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; + match "vendor" "0x0846"; + match "product" "(0x9021|0x9041)"; + action "kldload -n if_urtwn"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; match "vendor" "0x0856"; match "product" "(0xac01|0xac02|0xac03|0xac11|0xac12|0xac16|0xac17|0xac18|0xac19|0xac25|0xac26|0xac27|0xac33|0xac34|0xac49|0xac50|0xba02)"; action "kldload -n uftdi"; @@ -2136,6 +2211,14 @@ nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; match "vendor" "0x0b05"; + match "product" "0x17ab"; + action "kldload -n if_urtwn"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0b05"; match "product" "(0x4200|0x4201|0x4202|0x420f|0x9200|0x9202)"; action "kldload -n uipaq"; }; @@ -2240,6 +2323,14 @@ nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; match "vendor" "0x0bda"; + match "product" "(0x018a|0x317f)"; + action "kldload -n if_urtwn"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0bda"; match "product" "0x8150"; action "kldload -n if_rue"; }; @@ -2248,13 +2339,45 @@ nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; match "vendor" "0x0bda"; - match "product" "(0x8187|0x8189|0x8197|0x8198)"; + match "product" "(0x8170|0x8176|0x8177|0x8178|0x817a|0x817b|0x817c|0x817d|0x817e)"; + action "kldload -n if_urtwn"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0bda"; + match "product" "(0x8187|0x8189)"; + action "kldload -n if_urtw"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0bda"; + match "product" "0x818a"; + action "kldload -n if_urtwn"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0bda"; + match "product" "(0x8197|0x8198)"; action "kldload -n if_urtw"; }; nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; + match "vendor" "0x0bda"; + match "product" "0x8754"; + action "kldload -n if_urtwn"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; match "vendor" "0x0bed"; match "product" "(0x1100|0x1101)"; action "kldload -n uslcom"; @@ -2560,6 +2683,14 @@ nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; match "vendor" "0x0df6"; + match "product" "(0x0052|0x005c|0x0061)"; + action "kldload -n if_urtwn"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0df6"; match "product" "0x061c"; action "kldload -n if_axe"; }; @@ -2616,6 +2747,14 @@ nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; match "vendor" "0x0e66"; + match "product" "0x0019"; + action "kldload -n if_urtwn"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0e66"; match "product" "0x400c"; action "kldload -n if_aue"; }; @@ -2671,6 +2810,14 @@ nomatch 32 { nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; + match "vendor" "0x0eb0"; + match "product" "0x9071"; + action "kldload -n if_urtwn"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; match "vendor" "0x0eba"; match "product" "(0x1080|0x2080)"; action "kldload -n uplcom"; @@ -2807,6 +2954,14 @@ nomatch 32 { nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; + match "vendor" "0x103c"; + match "product" "0x1629"; + action "kldload -n if_urtwn"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; match "vendor" "0x103e"; match "product" "0x03e8"; action "kldload -n uftdi"; @@ -3304,6 +3459,14 @@ nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; match "vendor" "0x13d3"; + match "product" "(0x3357|0x3358|0x3359)"; + action "kldload -n if_urtwn"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x13d3"; match "product" "(0x3362|0x3375|0x3393)"; action "kldload -n ng_ubt"; }; @@ -4136,6 +4299,14 @@ nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; match "vendor" "0x2001"; + match "product" "(0x3307|0x3308|0x3309|0x330a)"; + action "kldload -n if_urtwn"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x2001"; match "product" "(0x3a00|0x3a02|0x3a04)"; action "kldload -n if_uath"; }; @@ -4200,6 +4371,14 @@ nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; match "vendor" "0x2019"; + match "product" "(0x1201|0x4902)"; + action "kldload -n if_urtwn"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x2019"; match "product" "0x5303"; action "kldload -n if_zyd"; }; @@ -4224,6 +4403,14 @@ nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; match "vendor" "0x2019"; + match "product" "(0xab2a|0xab2b|0xab2e)"; + action "kldload -n if_urtwn"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x2019"; match "product" "0xab50"; action "kldload -n if_rum"; }; @@ -4255,6 +4442,14 @@ nomatch 32 { nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; + match "vendor" "0x2019"; + match "product" "0xed17"; + action "kldload -n if_urtwn"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; match "vendor" "0x203d"; match "product" "(0x1480|0x14a1|0x14a9)"; action "kldload -n if_run"; @@ -4287,6 +4482,14 @@ nomatch 32 { nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; + match "vendor" "0x20f4"; + match "product" "(0x624d|0x648b)"; + action "kldload -n if_urtwn"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; match "vendor" "0x2100"; match "product" "(0x9e52|0x9e54)"; action "kldload -n uftdi"; @@ -4431,6 +4634,14 @@ nomatch 32 { nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; + match "vendor" "0x4855"; + match "product" "(0x0090|0x0091)"; + action "kldload -n if_urtwn"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; match "vendor" "0x5050"; match "product" "(0x0100|0x0101|0x0102|0x0103|0x0104|0x0105|0x0106|0x0107|0x0300|0x0301|0x0400|0x0500|0x0700|0x0800|0x0900|0x0a00|0x0b00|0x0c00|0x0d00|0x0e00|0x0f00|0x1000|0x8000|0x8001|0x8002|0x8003|0x8004|0x8005)"; action "kldload -n uftdi"; @@ -4527,6 +4738,14 @@ nomatch 32 { nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; + match "vendor" "0x7392"; + match "product" "(0x7811|0x7822)"; + action "kldload -n if_urtwn"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; match "vendor" "0x8516"; match "product" "(0x2070|0x2770|0x2870|0x3070|0x3071|0x3072|0x3572)"; action "kldload -n if_run"; @@ -4575,6 +4794,14 @@ nomatch 32 { nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; + match "vendor" "0x9846"; + match "product" "0x9041"; + action "kldload -n if_urtwn"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; match "vendor" "0x9e88"; match "product" "0x9e8f"; action "kldload -n uftdi"; @@ -4749,5 +4976,5 @@ nomatch 32 { action "kldload -n umass"; }; -# 2422 USB entries processed +# 2479 USB entries processed -- cgit v1.1 From 5219f99e6a6b2825f119d9181112455eacffa110 Mon Sep 17 00:00:00 2001 From: crees Date: Wed, 12 Jun 2013 16:44:17 +0000 Subject: Clean up swapfile memory disk on shutdown Make the md unit number configurable so that it can be predicted PR: bin/168544 Submitted by: wblock (based on) Approved by: kevlo --- etc/defaults/rc.conf | 1 + etc/rc.d/addswap | 43 +++++++++++++++++++++++++++++++++++++++---- 2 files changed, 40 insertions(+), 4 deletions(-) (limited to 'etc') diff --git a/etc/defaults/rc.conf b/etc/defaults/rc.conf index 3760fc0..687b092 100644 --- a/etc/defaults/rc.conf +++ b/etc/defaults/rc.conf @@ -33,6 +33,7 @@ always_force_depends="NO" # Set to check that indicated dependencies are # running during boot (can increase boot time). swapfile="NO" # Set to name of swapfile if aux swapfile desired. +swapfile_mdunit="99" # Swapfile md(4) unit number created by mdconfig(8). apm_enable="NO" # Set to YES to enable APM BIOS functions (or NO). apmd_enable="NO" # Run apmd to handle APM event from userland. apmd_flags="" # Flags to apmd (if enabled). diff --git a/etc/rc.d/addswap b/etc/rc.d/addswap index 8dec456..a6ff187 100755 --- a/etc/rc.d/addswap +++ b/etc/rc.d/addswap @@ -8,13 +8,13 @@ # PROVIDE: addswap # REQUIRE: FILESYSTEMS kld # BEFORE: netif -# KEYWORD: nojail +# KEYWORD: nojail shutdown . /etc/rc.subr name="addswap" start_cmd="addswap_start" -stop_cmd=":" +stop_cmd="addswap_stop" addswap_start() { @@ -23,8 +23,43 @@ addswap_start() ;; *) if [ -w "${swapfile}" ]; then - echo "Adding ${swapfile} as additional swap" - mdev=`mdconfig -a -t vnode -f ${swapfile}` && swapon /dev/${mdev} + check_startmsgs && echo "Adding ${swapfile} as additional swap" + + if [ -n "${swapfile_mdunit}" ]; then + mdev="/dev/md${swapfile_mdunit#md}" + mdconfig -a -t vnode -f "${swapfile}" -u ${swapfile_mdunit} + else + mdev="/dev/`mdconfig -a -t vnode -f "${swapfile}"`" + fi + + if [ $? -eq 0 ]; then + swapon ${mdev} + else + echo "error creating swapfile device" + fi + fi + ;; + esac +} + +addswap_stop() +{ + case ${swapfile} in + [Nn][Oo] | '') + ;; + *) + if [ -n "${swapfile_mdunit}" ]; then + mdev="/dev/md${swapfile_mdunit#md}" + else + mdev="/dev/`mdconfig -lv | grep "${swapfile}" | cut -f1`" + swapfile_mdunit=${mdev#md} + fi + if [ -n "${swapfile_mdunit}" ]; then + swapctl -l | grep -q ${mdev} + if [ $? -eq 0 ]; then + echo "Dismounting swapfile ${swapfile}" + swapoff ${mdev} && mdconfig -d -u ${swapfile_mdunit} + fi fi ;; esac -- cgit v1.1 From bf7c0f2705c32e44d3c3b62d60453a30dbbffe3f Mon Sep 17 00:00:00 2001 From: eadler Date: Sat, 15 Jun 2013 20:29:07 +0000 Subject: Remove CVS from the base system. Discussed with: many Reviewed by: peter, zi Approved by: core --- etc/inetd.conf | 4 ++-- etc/mtree/BSD.usr.dist | 6 ------ 2 files changed, 2 insertions(+), 8 deletions(-) (limited to 'etc') diff --git a/etc/inetd.conf b/etc/inetd.conf index 8b8e604..77b4eda 100644 --- a/etc/inetd.conf +++ b/etc/inetd.conf @@ -58,8 +58,8 @@ # --allow-root path correctly or you open a trivial to exploit but # deadly security hole. # -#cvspserver stream tcp nowait root /usr/bin/cvs cvs --allow-root=/your/cvsroot/here pserver -#cvspserver stream tcp nowait root /usr/bin/cvs cvs --allow-root=/your/cvsroot/here kserver +#cvspserver stream tcp nowait root /usr/local/bin/cvs cvs --allow-root=/your/cvsroot/here pserver +#cvspserver stream tcp nowait root /usr/local/bin/cvs cvs --allow-root=/your/cvsroot/here kserver # # RPC based services (you MUST have rpcbind running to use these) # diff --git a/etc/mtree/BSD.usr.dist b/etc/mtree/BSD.usr.dist index 0064d10..02d2286 100644 --- a/etc/mtree/BSD.usr.dist +++ b/etc/mtree/BSD.usr.dist @@ -148,8 +148,6 @@ .. 27.nfsrfc .. - 28.cvs - .. .. smm 01.setup @@ -223,10 +221,6 @@ .. csh .. - cvs - contrib - .. - .. cvsup .. diskless -- cgit v1.1 From 59d4cd396536c7c66a68c62cdeab33c771138b11 Mon Sep 17 00:00:00 2001 From: dteske Date: Tue, 18 Jun 2013 02:37:15 +0000 Subject: Allow $ntpdate_config to be NULL. Due to a lack of surrounding quotes, when ntpdate_config was set to NULL the conditional would (counter to prevailing logic) succeed -- leading to awk attempting to redirect from a NULL pathname standard-in. While we're here, make the script consistant with itself by removing the {curlies} around ntpdate_config (they are unnecessary). --- etc/rc.d/ntpdate | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'etc') diff --git a/etc/rc.d/ntpdate b/etc/rc.d/ntpdate index 4a8b845..235e6c0 100755 --- a/etc/rc.d/ntpdate +++ b/etc/rc.d/ntpdate @@ -16,13 +16,13 @@ start_cmd="ntpdate_start" ntpdate_start() { - if [ -z "$ntpdate_hosts" -a -f ${ntpdate_config} ]; then + if [ -z "$ntpdate_hosts" -a -f "$ntpdate_config" ]; then ntpdate_hosts=`awk ' /^server[ \t]*127.127/ {next} /^(server|peer)/ { if ($2 ~/^-/) {print $3} else {print $2}} - ' < ${ntpdate_config}` + ' < "$ntpdate_config"` fi if [ -n "$ntpdate_hosts" -o -n "$rc_flags" ]; then echo "Setting date via ntp." -- cgit v1.1 From 754a6006f2fc6e7c09e7656fc738654fe481b4ae Mon Sep 17 00:00:00 2001 From: hrs Date: Thu, 20 Jun 2013 02:29:49 +0000 Subject: - Add CIDR notation support like 192.168.1-2.10-16/24 to $ifconfig_IF_aliasN. This is an extended version of ipv4_addr_IF which supports both IPv4 and IPv6, and multiple range specifications. To avoid to generate too many addresses, the maximum number of the generated addresses is currently limited to 31. - Add $ifconfig_IF_aliases, which accepts multiple IP aliases in a variable. - ipv6_prefix_IF now supports !/64 prefix length. In addition to the old 64-bit format (2001:db8:1:1), a full 128-bit format like 2001:db8:1:1::/64 is supported. - Replace ifconfig command with $IFCONFIG_CMD variable to support a dry-run mode in the future. - Remove IP aliases before removing all of IPv4 addresses when doing "rc.d/netif down". - Add a DAD wait to network6_getladdr() because it is possible to fail to configure an EUI64 address when ipv6_prefix_IF is specified. A summary of the supported ifconfig_* variables is as follows: # IPv4 configuration. ifconfig_em0="inet 192.168.0.1" # IPv6 configuration. ifconfig_em0_ipv6="inet6 2001:db8::1/64" # IPv4 address range spec. Now deprecated. ipv4_addr_em0="10.2.1.1-10" # IPv6 alias. ifconfig_em0_alias0="inet6 2001:db8:5::1 prefixlen 70" # IPv4 alias. ifconfig_em0_alias1="inet 10.2.2.1/24" # IPv4 alias with range spec w/o AF keyword (backward compat). ifconfig_em0_alias2="10.3.1.1-10/32" # IPv6 alias with range spec. ifconfig_em0_alias3="inet6 2001:db8:20-2f::1/64" # ifconfig_IF_aliases is just like ifconfig_IF_aliasN. ifconfig_em0_aliases="inet 10.3.3.201-204/24 inet6 2001:db8:210-213::1/64 inet 10.1.1.1/24" # IPv6 alias (backward compat) ipv6_ifconfig_em0_alias0="inet6 2001:db8:f::1/64" # IPv6 alias w/o AF keyword (backward compat) ipv6_ifconfig_em0_alias1="2001:db8:f:1::1/64" # IPv6 prefix. ipv6_prefix_em0="2001:db8::/64" Tested by: Kimmo Paasiala --- etc/network.subr | 607 ++++++++++++++++++++++++++++++++++--------------------- 1 file changed, 372 insertions(+), 235 deletions(-) (limited to 'etc') diff --git a/etc/network.subr b/etc/network.subr index f7a7241..04b31c7 100644 --- a/etc/network.subr +++ b/etc/network.subr @@ -24,6 +24,10 @@ # # $FreeBSD$ # +IFCONFIG_CMD="/sbin/ifconfig" + +# Maximum number of addresses expanded from a address range specification. +_IPEXPANDMAX=31 # # Subroutines commonly used from network startup scripts. @@ -94,7 +98,7 @@ ifconfig_up() # ifconfig_IF ifconfig_args=`ifconfig_getargs $1` if [ -n "${ifconfig_args}" ]; then - eval ifconfig $1 ${ifconfig_args} + eval ${IFCONFIG_CMD} $1 ${ifconfig_args} _cfg=0 fi @@ -122,7 +126,7 @@ ifconfig_up() esac if [ -n "${_ipv6_opts}" ]; then - ifconfig $1 inet6 ${_ipv6_opts} + ${IFCONFIG_CMD} $1 inet6 ${_ipv6_opts} fi # ifconfig_IF_ipv6 @@ -136,8 +140,8 @@ ifconfig_up() ifconfig_args="inet6 ${ifconfig_args}" ;; esac - ifconfig $1 inet6 -ifdisabled - eval ifconfig $1 ${ifconfig_args} + ${IFCONFIG_CMD} $1 inet6 -ifdisabled + eval ${IFCONFIG_CMD} $1 ${ifconfig_args} _cfg=0 fi @@ -145,7 +149,7 @@ ifconfig_up() # ipv6_prefix_hostid_addr_common(). ifconfig_args=`get_if_var $1 ipv6_prefix_IF` if [ -n "${ifconfig_args}" ]; then - ifconfig $1 inet6 -ifdisabled + ${IFCONFIG_CMD} $1 inet6 -ifdisabled _cfg=0 fi @@ -154,14 +158,14 @@ ifconfig_up() if [ -n "${ifconfig_args}" ]; then warn "\$ipv6_ifconfig_$1 is obsolete." \ " Use ifconfig_$1_ipv6 instead." - ifconfig $1 inet6 -ifdisabled - eval ifconfig $1 inet6 ${ifconfig_args} + ${IFCONFIG_CMD} $1 inet6 -ifdisabled + eval ${IFCONFIG_CMD} $1 inet6 ${ifconfig_args} _cfg=0 fi fi if [ ${_cfg} -eq 0 ]; then - ifconfig $1 up + ${IFCONFIG_CMD} $1 up fi if wpaif $1; then @@ -171,7 +175,7 @@ ifconfig_up() if dhcpif $1; then if [ $_cfg -ne 0 ] ; then - ifconfig $1 up + ${IFCONFIG_CMD} $1 up fi if syncdhcpif $1; then /etc/rc.d/dhclient start $1 @@ -202,7 +206,7 @@ ifconfig_down() fi if ifexists $1; then - ifconfig $1 down + ${IFCONFIG_CMD} $1 down _cfg=0 fi @@ -539,7 +543,7 @@ ipv6_autoconfif() ifexists() { [ -z "$1" ] && return 1 - ifconfig -n $1 > /dev/null 2>&1 + ${IFCONFIG_CMD} -n $1 > /dev/null 2>&1 } # ipv4_up if @@ -554,11 +558,10 @@ ipv4_up() if [ "${_if}" = "lo0" ]; then ifconfig_args=`get_if_var ${_if} ifconfig_IF` if [ -z "${ifconfig_args}" ]; then - ifconfig ${_if} inet 127.0.0.1/8 alias + ${IFCONFIG_CMD} ${_if} inet 127.0.0.1/8 alias fi fi - ifalias_up ${_if} inet && _ret=0 - ipv4_addrs_common ${_if} alias && _ret=0 + ifalias ${_if} inet alias && _ret=0 return $_ret } @@ -575,7 +578,7 @@ ipv6_up() return 0 fi - ifalias_up ${_if} inet6 && _ret=0 + ifalias ${_if} inet6 alias && _ret=0 ipv6_prefix_hostid_addr_common ${_if} alias && _ret=0 ipv6_accept_rtadv_up ${_if} && _ret=0 @@ -591,7 +594,9 @@ ipv4_down() _ifs="^" _ret=1 - inetList="`ifconfig ${_if} | grep 'inet ' | tr "\n" "$_ifs"`" + ifalias ${_if} inet -alias && _ret=0 + + inetList="`${IFCONFIG_CMD} ${_if} | grep 'inet ' | tr "\n" "$_ifs"`" oldifs="$IFS" IFS="$_ifs" @@ -602,15 +607,12 @@ ipv4_down() _inet=`expr "$_inet" : '.*\(inet \([0-9]\{1,3\}\.\)\{3\}[0-9]\{1,3\}\).*'` IFS="$oldifs" - ifconfig ${_if} ${_inet} delete + ${IFCONFIG_CMD} ${_if} ${_inet} delete IFS="$_ifs" _ret=0 done IFS="$oldifs" - ifalias_down ${_if} inet && _ret=0 - ipv4_addrs_common ${_if} -alias && _ret=0 - return $_ret } @@ -629,9 +631,9 @@ ipv6_down() ipv6_accept_rtadv_down ${_if} && _ret=0 ipv6_prefix_hostid_addr_common ${_if} -alias && _ret=0 - ifalias_down ${_if} inet6 && _ret=0 + ifalias ${_if} inet6 -alias && _ret=0 - inetList="`ifconfig ${_if} | grep 'inet6 ' | tr "\n" "$_ifs"`" + inetList="`${IFCONFIG_CMD} ${_if} | grep 'inet6 ' | tr "\n" "$_ifs"`" oldifs="$IFS" IFS="$_ifs" @@ -642,7 +644,7 @@ ipv6_down() _inet6=`expr "$_inet6" : '.*\(inet6 \([0-9a-f:]*\)\).*'` IFS="$oldifs" - ifconfig ${_if} ${_inet6} -alias + ${IFCONFIG_CMD} ${_if} ${_inet6} -alias IFS="$_ifs" _ret=0 done @@ -651,234 +653,349 @@ ipv6_down() return $_ret } -# ipv4_addrs_common if action -# Evaluate the ifconfig_if_ipv4 arguments for interface $if and -# use $action to add or remove IPv4 addresses from $if. -ipv4_addrs_common() -{ - local _ret _if _action _cidr _cidr_addr - local _ipaddr _netmask _range _ipnet _iplow _iphigh _ipcount - _ret=1 - _if=$1 - _action=$2 - - # get ipv4-addresses - cidr_addr=`get_if_var $_if ipv4_addrs_IF` - - for _cidr in ${cidr_addr}; do - _ipaddr=${_cidr%%/*} - _netmask="/"${_cidr##*/} - _range=${_ipaddr##*.} - _ipnet=${_ipaddr%.*} - _iplow=${_range%-*} - _iphigh=${_range#*-} - - # clear netmask when removing aliases - if [ "${_action}" = "-alias" ]; then - _netmask="" - fi - - _ipcount=${_iplow} - while [ "${_ipcount}" -le "${_iphigh}" ]; do - eval "ifconfig ${_if} ${_action} ${_ipnet}.${_ipcount}${_netmask}" - _ipcount=$((${_ipcount}+1)) - _ret=0 - - # only the first ipaddr in a subnet need the real netmask - if [ "${_action}" != "-alias" ]; then - _netmask="/32" - fi - done - done - - return $_ret -} - -# ifalias_up if af -# Configure aliases for network interface $if. +# ifalias if af action +# Configure or remove aliases for network interface $if. # It returns 0 if at least one alias was configured or -# 1 if there were none. +# removed, or 1 if there were none. # -ifalias_up() +ifalias() { local _ret _ret=1 + afexists $2 || return $_ret + case "$2" in - inet) - _ret=`ifalias_ipv4_up "$1"` - ;; - inet6) - _ret=`ifalias_ipv6_up "$1"` + inet|inet6) + ifalias_af_common $1 $2 $3 && _ret=0 ;; esac return $_ret } -# ifalias_ipv4_up if -# Helper function for ifalias_up(). Handles IPv4. +# ifalias_expand_addr af action addr +# Expand address range ("N-M") specification in addr. +# "addr" must not include an address-family keyword. +# The results will include an address-family keyword. # -ifalias_ipv4_up() +ifalias_expand_addr() { - local _ret alias ifconfig_args - _ret=1 - - # ifconfig_IF_aliasN which starts with "inet" - alias=0 - while : ; do - ifconfig_args=`get_if_var $1 ifconfig_IF_alias${alias}` - case "${ifconfig_args}" in - inet\ *) - ifconfig $1 ${ifconfig_args} alias && _ret=0 - ;; - inet6\ *) - ;; - "") - break - ;; - *) - warn "\$ifconfig_$1_alias${alias} needs " \ - "\"inet\" keyword for an IPv4 address." - ifconfig $1 ${ifconfig_args} alias && _ret=0 - ;; - esac - alias=$((${alias} + 1)) - done - return $_ret + afexists $1 || return + ifalias_expand_addr_$1 $2 $3 } -# ifalias_ipv6_up if -# Helper function for ifalias_up(). Handles IPv6. +# ifalias_expand_addr_inet action addr +# Helper function for ifalias_expand_addr(). Handles IPv4. # -ifalias_ipv6_up() +ifalias_expand_addr_inet() { - local _ret alias ifconfig_args - _ret=1 + local _action _arg _cidr _cidr_addr + local _ipaddr _plen _range _iphead _iptail _iplow _iphigh _ipcount + local _retstr _c + _action=$1 + _arg=$2 + _retstr= + + case $_action:$_arg in + *:*--*) return ;; # invalid + tmp:*) echo $_arg && return ;; # already expanded + tmp:*-*) _action="alias" ;; # to be expanded + *:*-*) ;; # to be expanded + *:*) echo inet $_arg && return ;; # already expanded + esac - # ifconfig_IF_aliasN which starts with "inet6" - alias=0 - while : ; do - ifconfig_args=`get_if_var $1 ifconfig_IF_alias${alias}` - case "${ifconfig_args}" in - inet6\ *) - ifconfig $1 ${ifconfig_args} alias && _ret=0 - ;; - "") - break - ;; + for _cidr in $_arg; do + _ipaddr=${_cidr%%/*} + _plen=${_cidr##*/} + # When subnet prefix length is not specified, use /32. + case $_plen in + $_ipaddr) _plen=32 ;; # "/" character not found esac - alias=$((${alias} + 1)) - done - # backward compatibility: ipv6_ifconfig_IF_aliasN. - alias=0 - while : ; do - ifconfig_args=`get_if_var $1 ipv6_ifconfig_IF_alias${alias}` - case "${ifconfig_args}" in - "") - break + OIFS=$IFS + IFS=. set -- $_ipaddr + _range= + _iphead= + _iptail= + for _c in $@; do + case $_range:$_c in + :[0-9]*-[0-9]*) + _range=$_c ;; - *) - ifconfig $1 inet6 ${ifconfig_args} alias && _ret=0 - warn "\$ipv6_ifconfig_$1_alias${alias} is obsolete." \ - " Use ifconfig_$1_aliasN instead." + :*) + _iphead="${_iphead}${_iphead:+.}${_c}" ;; - esac - alias=$((${alias} + 1)) + *:*) + _iptail="${_iptail}${_iptail:+.}${_c}" + ;; + esac + done + IFS=$OIFS + _iplow=${_range%-*} + _iphigh=${_range#*-} + + # clear netmask when removing aliases + if [ "$_action" = "-alias" ]; then + _plen="" + fi + + _ipcount=$_iplow + while [ "$_ipcount" -le "$_iphigh" ]; do + _retstr="${_retstr} ${_iphead}${_iphead:+.}${_ipcount}${_iptail:+.}${_iptail}${_plen:+/}${_plen}" + if [ $_ipcount -gt $(($_iplow + $_IPEXPANDMAX)) ]; then + warn "Range specification is too large (${_iphead}${_iphead:+.}${_iplow}${_iptail:+.}${_iptail}-${_iphead}${_iphead:+.}${_iphigh}${_iptail:+.}${_iptail}). ${_iphead}${_iphead:+.}${_iplow}${_iptail:+.}${_iptail}-${_iphead}${_iphead:+.}${_ipcount}${_iptail:+.}${_iptail} was processed." + break + else + _ipcount=$(($_ipcount + 1)) + fi + # Forcibly set /32 for remaining aliases. + _plen=32 + done done - return $_ret + for _c in $_retstr; do + ifalias_expand_addr_inet $_action $_c + done } -# ifalias_down if af -# Remove aliases for network interface $if. -# It returns 0 if at least one alias was removed or -# 1 if there were none. +# ifalias_expand_addr_inet6 action addr +# Helper function for ifalias_expand_addr(). Handles IPv6. # -ifalias_down() +ifalias_expand_addr_inet6() { - local _ret - _ret=1 - - case "$2" in - inet) - _ret=`ifalias_ipv4_down "$1"` - ;; - inet6) - _ret=`ifalias_ipv6_down "$1"` - ;; + local _action _arg _cidr _cidr_addr + local _ipaddr _plen _ipleft _ipright _iplow _iphigh _ipcount + local _ipv4part + local _retstr _c + _action=$1 + _arg=$2 + _retstr= + + case $_action:$_arg in + *:*--*) return ;; # invalid + tmp:*) echo $_arg && return ;; + tmp:*-*) _action="alias" ;; + *:*-*) ;; + *:*) echo inet6 $_arg && return ;; esac - return $_ret + for _cidr in $_arg; do + _ipaddr="${_cidr%%/*}" + _plen="${_cidr##*/}" + + case $_action:$_ipaddr:$_cidr in + -alias:*:*) unset _plen ;; + *:$_cidr:$_ipaddr) unset _plen ;; + esac + + if [ "${_ipaddr%:*.*.*.*}" = "$_ipaddr" ]; then + # Handle !v4mapped && !v4compat addresses. + + # The default prefix length is 64. + case $_ipaddr:$_cidr in + $_cidr:$_ipaddr) _plen="64" ;; + esac + _ipleft=${_ipaddr%-*} + _ipright=${_ipaddr#*-} + _iplow=${_ipleft##*:} + _iphigh=${_ipright%%:*} + _ipleft=${_ipleft%:*} + _ipright=${_ipright#*:} + + if [ "$_iphigh" = "$_ipright" ]; then + unset _ipright + else + _ipright=:$_ipright + fi + + if [ -n "$_iplow" -a -n "$_iphigh" ]; then + _iplow=$((0x$_iplow)) + _iphigh=$((0x$_iphigh)) + _ipcount=$_iplow + while [ $_ipcount -le $_iphigh ]; do + _r=`printf "%s:%04x%s%s" \ + $_ipleft $_ipcount $_ipright \ + ${_plen:+/}$_plen` + _retstr="$_retstr $_r" + if [ $_ipcount -gt $(($_iplow + $_IPEXPANDMAX)) ] + then + warn "Range specification is too large $(printf '(%s:%04x%s-%s:%04x%s)' $_ipleft $_iplow $_ipright $_ipleft $_iphigh $_ipright). $(printf '%s:%04x%s-%s:%04x%s' $_ipleft $_iplow $_ipright $_ipleft $_ipcount $_ipright) was processed." + break + else + _ipcount=$(($_ipcount + 1)) + fi + done + else + _retstr="${_ipaddr}${_plen:+/}${_plen}" + fi + + for _c in $_retstr; do + ifalias_expand_addr_inet6 $_action $_c + done + else + # v4mapped/v4compat should handle as an IPv4 alias + _ipv4part=${_ipaddr##*:} + + # Adjust prefix length if any. If not, set the + # default prefix length as 32. + case $_ipaddr:$_cidr in + $_cidr:$_ipaddr) _plen=32 ;; + *) _plen=$(($_plen - 96)) ;; + esac + + _retstr=`ifalias_expand_addr_inet \ + tmp ${_ipv4part}${_plen:+/}${_plen}` + for _c in $_retstr; do + ifalias_expand_addr_inet $_action $_c + done + fi + done } -# ifalias_ipv4_down if -# Helper function for ifalias_down(). Handles IPv4. +# ifalias_af_common_handler if af action args +# Helper function for ifalias_af_common(). # -ifalias_ipv4_down() +ifalias_af_common_handler() { - local _ret alias ifconfig_args + local _ret _if _af _action _args _c _tmpargs + _ret=1 + _if=$1 + _af=$2 + _action=$3 + shift 3 + _args=$* + + case $_args in + ${_af}\ *) ;; + *) return ;; + esac - # ifconfig_IF_aliasN which starts with "inet" - alias=0 - while : ; do - ifconfig_args=`get_if_var $1 ifconfig_IF_alias${alias}` - case "${ifconfig_args}" in - inet\ *) - ifconfig $1 ${ifconfig_args} -alias && _ret=0 + _tmpargs= + for _c in $_args; do + case $_c in + ${_af}) + case $_tmpargs in + ${_af}\ *-*) + ifalias_af_common_handler $_if $_af $_action \ + `ifalias_expand_addr $_af $_action ${_tmpargs#${_af}\ }` ;; - "") - break + ${_af}\ *) + ${IFCONFIG_CMD} $_if $_tmpargs $_action && _ret=0 ;; + esac + _tmpargs=$_af + ;; + *) + _tmpargs="$_tmpargs $_c" + ;; esac - alias=$((${alias} + 1)) done + # Process the last component if any. + if [ -n "$_tmpargs}" ]; then + case $_tmpargs in + ${_af}\ *-*) + ifalias_af_common_handler $_if $_af $_action \ + `ifalias_expand_addr $_af $_action ${_tmpargs#${_af}\ }` + ;; + ${_af}\ *) + ${IFCONFIG_CMD} $_if $_tmpargs $_action && _ret=0 + ;; + esac + fi return $_ret } -# ifalias_ipv6_down if -# Helper function for ifalias_down(). Handles IPv6. +# ifalias_af_common if af action +# Helper function for ifalias(). # -ifalias_ipv6_down() +ifalias_af_common() { - local _ret alias ifconfig_args + local _ret _if _af _action alias ifconfig_args _aliasn _c _tmpargs _iaf + _ret=1 + _aliasn= + _if=$1 + _af=$2 + _action=$3 - # ifconfig_IF_aliasN which starts with "inet6" + # ifconfig_IF_aliasN which starts with $_af alias=0 while : ; do - ifconfig_args=`get_if_var $1 ifconfig_IF_alias${alias}` - case "${ifconfig_args}" in - inet6\ *) - ifconfig $1 ${ifconfig_args} -alias && _ret=0 + ifconfig_args=`get_if_var $_if ifconfig_IF_alias${alias}` + _iaf= + case $ifconfig_args in + inet\ *) _iaf=inet ;; + inet6\ *) _iaf=inet6 ;; + ipx\ *) _iaf=ipx ;; + esac + + case ${_af}:${_action}:${_iaf}:"${ifconfig_args}" in + ${_af}:*:${_af}:*) + _aliasn="$_aliasn $ifconfig_args" ;; - "") + ${_af}:*:"":"") break ;; + inet:alias:"":*) + _aliasn="$_aliasn inet $ifconfig_args" + warn "\$ifconfig_${_if}_alias${alias} needs " \ + "\"inet\" keyword for an IPv4 address." esac - alias=$((${alias} + 1)) + alias=$(($alias + 1)) done # backward compatibility: ipv6_ifconfig_IF_aliasN. - alias=0 - while : ; do - ifconfig_args=`get_if_var $1 ipv6_ifconfig_IF_alias${alias}` - case "${ifconfig_args}" in - "") - break + case $_af in + inet6) + alias=0 + while : ; do + ifconfig_args=`get_if_var $_if ipv6_ifconfig_IF_alias${alias}` + case ${_action}:"${ifconfig_args}" in + *:"") + break ;; - *) - ifconfig $1 inet6 ${ifconfig_args} -alias && _ret=0 - warn "\$ipv6_ifconfig_$1_alias${alias} is obsolete." \ - " Use ifconfig_$1_aliasN instead." + alias:*) + _aliasn="${_aliasn} inet6 ${ifconfig_args}" + warn "\$ipv6_ifconfig_${_if}_alias${alias} " \ + "is obsolete. Use ifconfig_$1_aliasN " \ + "instead." + ;; + esac + alias=$(($alias + 1)) + done + esac + + # backward compatibility: ipv4_addrs_IF. + for _tmpargs in `get_if_var $_if ipv4_addrs_IF`; do + _aliasn="$_aliasn inet $_tmpargs" + done + + # Handle ifconfig_IF_aliases, ifconfig_IF_aliasN, and the others. + _tmpargs= + for _c in `get_if_var $_if ifconfig_IF_aliases` $_aliasn; do + case $_c in + inet|inet6|ipx) + case $_tmpargs in + ${_af}\ *) + eval ifalias_af_common_handler $_if $_af $_action $_tmpargs && _ret=0 ;; + esac + _tmpargs=$_c + ;; + *) + _tmpargs="$_tmpargs $_c" esac - alias=$((${alias} + 1)) done + # Process the last component + case $_tmpargs in + ${_af}\ *) + ifalias_af_common_handler $_if $_af $_action $_tmpargs && _ret=0 + ;; + esac return $_ret } @@ -899,14 +1016,32 @@ ipv6_prefix_hostid_addr_common() hostid=${hostid%\%*} for j in ${prefix}; do - address=$j\:${hostid} - ifconfig ${_if} inet6 ${address} prefixlen 64 ${_action} + # The default prefixlen is 64. + plen=${j#*/} + case $j:$plen in + $plen:$j) plen=64 ;; + *) j=${j%/*} ;; + esac + + # Normalize the last part by removing ":" + j=${j%:*} + j=${j%:} + OIFS=$IFS; IFS=":"; set -- $j; nj=$#; IFS=$OIFS + OIFS=$IFS; IFS=":"; set -- $hostid; nh=$#; IFS=$OIFS + if [ $(($nj + $nh)) -eq 8 ]; then + address=$j\:$hostid + else + address=$j\::$hostid + fi + + ${IFCONFIG_CMD} ${_if} inet6 ${address} \ + prefixlen $plen ${_action} # if I am a router, add subnet router # anycast address (RFC 2373). if checkyesno ipv6_gateway_enable; then - ifconfig ${_if} inet6 $j:: prefixlen 64 \ - ${_action} anycast + ${IFCONFIG_CMD} ${_if} inet6 $j:: \ + prefixlen $plen ${_action} anycast fi done fi @@ -918,7 +1053,7 @@ ipv6_prefix_hostid_addr_common() ipv6_accept_rtadv_up() { if ipv6_autoconfif $1; then - ifconfig $1 inet6 accept_rtadv up + ${IFCONFIG_CMD} $1 inet6 accept_rtadv up if ! checkyesno rtsold_enable; then rtsol ${rtsol_flags} $1 fi @@ -930,7 +1065,7 @@ ipv6_accept_rtadv_up() ipv6_accept_rtadv_down() { if ipv6_autoconfif $1; then - ifconfig $1 inet6 -accept_rtadv + ${IFCONFIG_CMD} $1 inet6 -accept_rtadv fi } @@ -975,7 +1110,7 @@ clone_up() # create_args_IF for ifn in ${cloned_interfaces}; do - ifconfig ${ifn} create `get_if_var ${ifn} create_args_IF` + ${IFCONFIG_CMD} ${ifn} create `get_if_var ${ifn} create_args_IF` if [ $? -eq 0 ]; then _list="${_list}${_prefix}${ifn}" [ -z "$_prefix" ] && _prefix=' ' @@ -995,7 +1130,7 @@ clone_down() _list= for ifn in ${cloned_interfaces}; do - ifconfig -n ${ifn} destroy + ${IFCONFIG_CMD} -n ${ifn} destroy if [ $? -eq 0 ]; then _list="${_list}${_prefix}${ifn}" [ -z "$_prefix" ] && _prefix=' ' @@ -1022,16 +1157,16 @@ childif_create() debug_flags="`get_if_var $child wlandebug_IF`" if expr $child : 'wlan[0-9][0-9]*$' >/dev/null 2>&1; then - ifconfig $child create ${create_args} && cfg=0 + ${IFCONFIG_CMD} $child create ${create_args} && cfg=0 if [ -n "${debug_flags}" ]; then wlandebug -i $child ${debug_flags} fi else - i=`ifconfig wlan create ${create_args}` + i=`${IFCONFIG_CMD} wlan create ${create_args}` if [ -n "${debug_flags}" ]; then wlandebug -i $i ${debug_flags} fi - ifconfig $i name $child && cfg=0 + ${IFCONFIG_CMD} $i name $child && cfg=0 fi if autoif $child; then ifn_start $child @@ -1049,14 +1184,14 @@ childif_create() if expr $child : '[1-9][0-9]*$' >/dev/null 2>&1; then child="${ifn}.${child}" create_args=`get_if_var $child create_args_IF` - ifconfig $child create ${create_args} && cfg=0 + ${IFCONFIG_CMD} $child create ${create_args} && cfg=0 else create_args="vlandev $ifn `get_if_var $child create_args_IF`" if expr $child : 'vlan[0-9][0-9]*$' >/dev/null 2>&1; then - ifconfig $child create ${create_args} && cfg=0 + ${IFCONFIG_CMD} $child create ${create_args} && cfg=0 else - i=`ifconfig vlan create ${create_args}` - ifconfig $i name $child && cfg=0 + i=`${IFCONFIG_CMD} vlan create ${create_args}` + ${IFCONFIG_CMD} $i name $child && cfg=0 fi fi if autoif $child; then @@ -1080,7 +1215,7 @@ childif_destroy() if ! ifexists $child; then continue fi - ifconfig -n $child destroy && cfg=0 + ${IFCONFIG_CMD} -n $child destroy && cfg=0 done child_vlans=`get_if_var $ifn vlans_IF` @@ -1091,7 +1226,7 @@ childif_destroy() if ! ifexists $child; then continue fi - ifconfig -n $child destroy && cfg=0 + ${IFCONFIG_CMD} -n $child destroy && cfg=0 done return ${cfg} @@ -1138,13 +1273,13 @@ gif_up() ;; *) if expr $i : 'gif[0-9][0-9]*$' >/dev/null 2>&1; then - ifconfig $i create >/dev/null 2>&1 + ${IFCONFIG_CMD} $i create >/dev/null 2>&1 else - gif=`ifconfig gif create` - ifconfig $gif name $i + gif=`${IFCONFIG_CMD} gif create` + ${IFCONFIG_CMD} $gif name $i fi - ifconfig $i tunnel ${peers} - ifconfig $i up + ${IFCONFIG_CMD} $i tunnel ${peers} + ${IFCONFIG_CMD} $i up ;; esac done @@ -1210,7 +1345,7 @@ ipx_up() # ifconfig_IF_ipx ifconfig_args=`_ifconfig_getargs $ifn ipx` if [ -n "${ifconfig_args}" ]; then - ifconfig ${ifn} ${ifconfig_args} + ${IFCONFIG_CMD} ${ifn} ${ifconfig_args} return 0 fi @@ -1227,7 +1362,7 @@ ipx_down() _if=$1 _ifs="^" _ret=1 - ipxList="`ifconfig ${_if} | grep 'ipx ' | tr "\n" "$_ifs"`" + ipxList="`${IFCONFIG_CMD} ${_if} | grep 'ipx ' | tr "\n" "$_ifs"`" oldifs="$IFS" IFS="$_ifs" @@ -1238,7 +1373,7 @@ ipx_down() _ipx=`expr "$_ipx" : '.*\(ipx [0-9a-h]\{1,8\}H*\.[0-9a-h]\{1,12\}\).*'` IFS="$oldifs" - ifconfig ${_if} ${_ipx} delete + ${IFCONFIG_CMD} ${_if} ${_ipx} delete IFS="$_ifs" _ret=0 done @@ -1255,10 +1390,10 @@ ifnet_rename() local _if _ifname # ifconfig_IF_name - for _if in `ifconfig -l`; do + for _if in `${IFCONFIG_CMD} -l`; do _ifname=`get_if_var $_if ifconfig_IF_name` if [ ! -z "$_ifname" ]; then - ifconfig $_if name $_ifname + ${IFCONFIG_CMD} $_if name $_ifname fi done @@ -1290,7 +1425,7 @@ list_net_interfaces() _tmplist= case ${network_interfaces} in [Aa][Uu][Tt][Oo]) - _autolist="`ifconfig -l`" + _autolist="`${IFCONFIG_CMD} -l`" _lo= for _if in ${_autolist} ; do if autoif $_if; then @@ -1398,7 +1533,7 @@ is_wired_interface() { local media - case `ifconfig $1 2>/dev/null` in + case `${IFCONFIG_CMD} $1 2>/dev/null` in *media:?Ethernet*) media=Ethernet ;; esac @@ -1410,25 +1545,27 @@ is_wired_interface() # If flag is defined, tentative ones will be excluded. network6_getladdr() { - local proto addr rest - ifconfig $1 2>/dev/null | while read proto addr rest; do - case ${proto} in - inet6) - case ${addr} in - fe80::*) - if [ -z "$2" ]; then - echo ${addr} - return - fi - case ${rest} in - *tentative*) - continue - ;; - *) - echo ${addr} - return - esac - esac + local _if _flag proto addr rest + _if=$1 + _flag=$2 + + ${IFCONFIG_CMD} $_if 2>/dev/null | while read proto addr rest; do + case "${proto}/${addr}/${_flag}/${rest}" in + inet6/fe80::*//*) + echo ${addr} + ;; + inet6/fe80:://*tentative*) # w/o flag + sleep `${SYSCTL_N} net.inet6.ip6.dad_count` + network6_getladdr $_if $_flags + ;; + inet6/fe80::/*/*tentative*) # w/ flag + echo ${addr} + ;; + *) + continue + ;; esac + + return done } -- cgit v1.1 From 8d3f5f270f62e1ca418f0b0b69ede89ac0c31511 Mon Sep 17 00:00:00 2001 From: delphij Date: Fri, 21 Jun 2013 17:23:19 +0000 Subject: Call sshd_precmd instead of sshd_configtest when the operator requests reload or restart, which, in addition of testing the configuration, will also generate host keys when they are not present (previous behavior). Obtained from: FreeNAS Ok'ed by: bdrewery, des MFC after: 1 week --- etc/rc.d/sshd | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'etc') diff --git a/etc/rc.d/sshd b/etc/rc.d/sshd index aad672c..490a1c7 100755 --- a/etc/rc.d/sshd +++ b/etc/rc.d/sshd @@ -14,8 +14,8 @@ rcvar="sshd_enable" command="/usr/sbin/${name}" keygen_cmd="sshd_keygen" start_precmd="sshd_precmd" -reload_precmd="sshd_configtest" -restart_precmd="sshd_configtest" +reload_precmd="sshd_precmd" +restart_precmd="sshd_precmd" configtest_cmd="sshd_configtest" pidfile="/var/run/${name}.pid" extra_commands="configtest keygen reload" -- cgit v1.1 From cf77f1cdfb8d0de597efcb4e96147b99d921d1fc Mon Sep 17 00:00:00 2001 From: kevlo Date: Tue, 25 Jun 2013 07:17:30 +0000 Subject: Regenerate usb.conf after r252196. Spotted by: rpaulo --- etc/devd/usb.conf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'etc') diff --git a/etc/devd/usb.conf b/etc/devd/usb.conf index d44206d..9aaa636 100644 --- a/etc/devd/usb.conf +++ b/etc/devd/usb.conf @@ -4299,7 +4299,7 @@ nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; match "vendor" "0x2001"; - match "product" "(0x3307|0x3308|0x3309|0x330a)"; + match "product" "(0x3307|0x3308|0x3309|0x330a|0x330d)"; action "kldload -n if_urtwn"; }; @@ -4976,5 +4976,5 @@ nomatch 32 { action "kldload -n umass"; }; -# 2479 USB entries processed +# 2480 USB entries processed -- cgit v1.1 From b29359892ac52ab49c49c6c28c886afd659a2d4c Mon Sep 17 00:00:00 2001 From: jhb Date: Tue, 25 Jun 2013 15:45:31 +0000 Subject: If daily_status_security_inline is set, the rc value needs to be forced to 3 so that the output of this script is always displayed. In fact, setting this flag is identical to setting daily_status_security_output to an empty string. To make the logic less confusing, change the behavior of daily_status_security_inline such that it just forces daily_status_security_output to an empty string and then applies the normal logic. PR: conf/178611 Submitted by: Jason Unovitch MFC after: 3 days --- etc/periodic/daily/450.status-security | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) (limited to 'etc') diff --git a/etc/periodic/daily/450.status-security b/etc/periodic/daily/450.status-security index 362bf3d..38a1c3c 100755 --- a/etc/periodic/daily/450.status-security +++ b/etc/periodic/daily/450.status-security @@ -18,19 +18,19 @@ case "$daily_status_security_enable" in case "$daily_status_security_inline" in [Yy][Ee][Ss]) - export security_output="";; + daily_status_security_output="";; + esac + + export security_output="${daily_status_security_output}" + case "${daily_status_security_output}" in + "") + rc=3;; + /*) + echo " (output logged separately)" + rc=0;; *) - export security_output="${daily_status_security_output}" - case "${daily_status_security_output}" in - "") - rc=3;; - /*) - echo " (output logged separately)" - rc=0;; - *) - echo " (output mailed separately)" - rc=0;; - esac;; + echo " (output mailed separately)" + rc=0;; esac periodic security || rc=3;; -- cgit v1.1 From 5d588b2eef337c7d94616bb7f500e5b563f70733 Mon Sep 17 00:00:00 2001 From: rpaulo Date: Wed, 26 Jun 2013 04:00:52 +0000 Subject: Implement ifconfig_wlanX="HOSTAP". Not only this is a bit cleaner, it allows multiple instances of hostapd to be running on the system host, useful for simultaneous dual-band WiFi. This is similar to ifconfig_wlanX="WPA" but it uses /etc/hostapd-wlanX.conf. Compatibility with hostapd_enable=YES/NO was kept. Reviewed by: adrian --- etc/network.subr | 25 +++++++++++++++++++++++++ etc/rc.d/hostapd | 13 ++++++++++--- 2 files changed, 35 insertions(+), 3 deletions(-) (limited to 'etc') diff --git a/etc/network.subr b/etc/network.subr index 04b31c7..63c3db3 100644 --- a/etc/network.subr +++ b/etc/network.subr @@ -171,6 +171,9 @@ ifconfig_up() if wpaif $1; then /etc/rc.d/wpa_supplicant start $1 _cfg=0 # XXX: not sure this should count + elif hostapif $1; then + /etc/rc.d/hostapd start $1 + _cfg=0 fi if dhcpif $1; then @@ -198,6 +201,9 @@ ifconfig_down() if wpaif $1; then /etc/rc.d/wpa_supplicant stop $1 _cfg=0 + elif hostapif $1; then + /etc/rc.d/hostapd stop $1 + _cfg=0 fi if dhcpif $1; then @@ -276,6 +282,7 @@ ifconfig_getargs() [Nn][Oo][Ss][Yy][Nn][Cc][Dd][Hh][Cc][Pp]) ;; [Ss][Yy][Nn][Cc][Dd][Hh][Cc][Pp]) ;; [Ww][Pp][Aa]) ;; + [Hh][Oo][Ss][Tt][Aa][Pp]) ;; *) _args="$_args $_arg" ;; @@ -376,6 +383,24 @@ wpaif() return 1 } +# hostapif if +# Returns 0 if the interface is a HOSTAP interface and 1 otherwise. +hostapif() +{ + local _tmpargs _arg + _tmpargs=`_ifconfig_getargs $1` + + for _arg in $_tmpargs; do + case $_arg in + [Hh][Oo][Ss][Tt][Aa][Pp]) + return 0 + ;; + esac + done + + return 1 +} + # afexists af # Returns 0 if the address family is enabled in the kernel # 1 otherwise. diff --git a/etc/rc.d/hostapd b/etc/rc.d/hostapd index f65fcde..95d315b 100755 --- a/etc/rc.d/hostapd +++ b/etc/rc.d/hostapd @@ -10,11 +10,18 @@ . /etc/rc.subr name="hostapd" -rcvar="hostapd_enable" command="/usr/sbin/${name}" -conf_file="/etc/${name}.conf" -pidfile="/var/run/${name}.pid" +ifn="$2" +if [ -z "$ifn" ]; then + rcvar="hostapd_enable" + conf_file="/etc/${name}.conf" + pidfile="/var/run/${name}.pid" +else + rcvar= + conf_file="/etc/${name}-${ifn}.conf" + pidfile="/var/run/${name}-${ifn}.pid" +fi command_args="-P ${pidfile} -B ${conf_file}" required_files="${conf_file}" -- cgit v1.1 From 8a3748f531c8740f607c4699474b610e9fd67f6c Mon Sep 17 00:00:00 2001 From: hrs Date: Thu, 27 Jun 2013 18:28:45 +0000 Subject: - Add vnode-backed swap space specification support. This is enabled when device names "md" or "md[0-9]*" and a "file" option are specified in /etc/fstab like this: md none swap sw,file=/swap.bin 0 0 - Add GBDE/GELI encrypted swap space specification support, which rc.d/encswap supported. The /etc/fstab lines are like the following: /dev/ada1p1.bde none swap sw 0 0 /dev/ada1p2.eli none swap sw 0 0 .eli devices accepts aalgo, ealgo, keylen, and sectorsize as options. swapctl(8) can understand an encrypted device in the command line like this: # swapctl -a /dev/ada2p1.bde - "-L" flag is added to support "late" option to defer swapon until rc.d/mountlate runs. - rc.d script change: rc.d/encswap -> removed rc.d/addswap -> just display a warning message if $swapfile is defined rc.d/swap1 -> renamed to rc.d/swap rc.d/swaplate -> newly added to support "late" option These changes alleviate a race condition between device creation/removal and swapon/swapoff. MFC after: 1 week Reviewed by: wblock (manual page) --- etc/defaults/rc.conf | 5 ----- etc/rc.d/Makefile | 4 ++-- etc/rc.d/addswap | 55 +++++--------------------------------------------- etc/rc.d/encswap | 57 ---------------------------------------------------- etc/rc.d/fsck | 2 +- etc/rc.d/mdconfig | 2 +- etc/rc.d/swap | 17 ++++++++++++++++ etc/rc.d/swap1 | 17 ---------------- etc/rc.d/swaplate | 17 ++++++++++++++++ 9 files changed, 43 insertions(+), 133 deletions(-) delete mode 100755 etc/rc.d/encswap create mode 100755 etc/rc.d/swap delete mode 100755 etc/rc.d/swap1 create mode 100755 etc/rc.d/swaplate (limited to 'etc') diff --git a/etc/defaults/rc.conf b/etc/defaults/rc.conf index 687b092..dda1855 100644 --- a/etc/defaults/rc.conf +++ b/etc/defaults/rc.conf @@ -32,8 +32,6 @@ early_late_divider="FILESYSTEMS" # Script that separates early/late always_force_depends="NO" # Set to check that indicated dependencies are # running during boot (can increase boot time). -swapfile="NO" # Set to name of swapfile if aux swapfile desired. -swapfile_mdunit="99" # Swapfile md(4) unit number created by mdconfig(8). apm_enable="NO" # Set to YES to enable APM BIOS functions (or NO). apmd_enable="NO" # Run apmd to handle APM event from userland. apmd_flags="" # Flags to apmd (if enabled). @@ -85,9 +83,6 @@ geli_autodetach="YES" # Automatically detach on last close. #geli_da1_autodetach="NO" #geli_mirror_home_flags="-k /etc/geli/home.keys" -geli_swap_flags="-e aes -l 256 -s 4096 -d" # Options for GELI-encrypted - # swap partitions. - root_rw_mount="YES" # Set to NO to inhibit remounting root read-write. fsck_y_enable="NO" # Set to YES to do fsck -y if the initial preen fails. fsck_y_flags="" # Additional flags for fsck -y diff --git a/etc/rc.d/Makefile b/etc/rc.d/Makefile index aace4b1..3defd97 100644 --- a/etc/rc.d/Makefile +++ b/etc/rc.d/Makefile @@ -37,7 +37,6 @@ FILES= DAEMON \ dhclient \ dmesg \ dumpon \ - encswap \ faith \ fsck \ ftp-proxy \ @@ -139,7 +138,8 @@ FILES= DAEMON \ static_arp \ static_ndp \ stf \ - swap1 \ + swap \ + swaplate \ syscons \ sysctl \ syslogd \ diff --git a/etc/rc.d/addswap b/etc/rc.d/addswap index a6ff187..1758df8 100755 --- a/etc/rc.d/addswap +++ b/etc/rc.d/addswap @@ -13,57 +13,12 @@ . /etc/rc.subr name="addswap" -start_cmd="addswap_start" -stop_cmd="addswap_stop" +start_cmd=":" +stop_cmd=":" +rcvar= -addswap_start() -{ - case ${swapfile} in - [Nn][Oo] | '') - ;; - *) - if [ -w "${swapfile}" ]; then - check_startmsgs && echo "Adding ${swapfile} as additional swap" - - if [ -n "${swapfile_mdunit}" ]; then - mdev="/dev/md${swapfile_mdunit#md}" - mdconfig -a -t vnode -f "${swapfile}" -u ${swapfile_mdunit} - else - mdev="/dev/`mdconfig -a -t vnode -f "${swapfile}"`" - fi - - if [ $? -eq 0 ]; then - swapon ${mdev} - else - echo "error creating swapfile device" - fi - fi - ;; - esac -} - -addswap_stop() -{ - case ${swapfile} in - [Nn][Oo] | '') - ;; - *) - if [ -n "${swapfile_mdunit}" ]; then - mdev="/dev/md${swapfile_mdunit#md}" - else - mdev="/dev/`mdconfig -lv | grep "${swapfile}" | cut -f1`" - swapfile_mdunit=${mdev#md} - fi - if [ -n "${swapfile_mdunit}" ]; then - swapctl -l | grep -q ${mdev} - if [ $? -eq 0 ]; then - echo "Dismounting swapfile ${swapfile}" - swapoff ${mdev} && mdconfig -d -u ${swapfile_mdunit} - fi - fi - ;; - esac -} +set_rcvar_obsolete swapfile +set_rcvar_obsolete geli_swap_flags load_rc_config $name run_rc_command "$1" diff --git a/etc/rc.d/encswap b/etc/rc.d/encswap deleted file mode 100755 index 6221998..0000000 --- a/etc/rc.d/encswap +++ /dev/null @@ -1,57 +0,0 @@ -#!/bin/sh -# -# $FreeBSD$ -# - -# PROVIDE: disks -# REQUIRE: initrandom -# KEYWORD: nojail - -. /etc/rc.subr - -name="encswap" -start_cmd="encswap_attach" -stop_cmd="encswap_detach" - -encswap_attach() -{ - while read device mountpoint type options rest ; do - case ":${device}:${type}:${options}" in - :#*) - continue - ;; - *.bde:swap:sw) - passphrase=`dd if=/dev/random count=1 2>/dev/null | md5 -q` - device="${device%.bde}" - gbde init "${device}" -P "${passphrase}" || return 1 - gbde attach "${device}" -p "${passphrase}" || return 1 - ;; - *.eli:swap:sw) - device="${device%.eli}" - geli onetime ${geli_swap_flags} "${device}" || return 1 - ;; - esac - done < /etc/fstab -} - -encswap_detach() -{ - while read device mountpoint type options rest ; do - case ":${device}:${type}:${options}" in - :#*) - continue - ;; - *.bde:swap:sw) - device="${device%.bde}" - gbde detach "${device}" - ;; - *.eli:swap:sw) - # Nothing here, because geli swap devices should be - # created with the auto-detach-on-last-close option. - ;; - esac - done < /etc/fstab -} - -load_rc_config $name -run_rc_command "$1" diff --git a/etc/rc.d/fsck b/etc/rc.d/fsck index c1fe155..ad06106 100755 --- a/etc/rc.d/fsck +++ b/etc/rc.d/fsck @@ -4,7 +4,7 @@ # # PROVIDE: fsck -# REQUIRE: localswap +# REQUIRE: swap # KEYWORD: nojail . /etc/rc.subr diff --git a/etc/rc.d/mdconfig b/etc/rc.d/mdconfig index c697c35..7b9ddf8 100755 --- a/etc/rc.d/mdconfig +++ b/etc/rc.d/mdconfig @@ -28,7 +28,7 @@ # # PROVIDE: mdconfig -# REQUIRE: localswap root +# REQUIRE: swap root . /etc/rc.subr diff --git a/etc/rc.d/swap b/etc/rc.d/swap new file mode 100755 index 0000000..4122e61 --- /dev/null +++ b/etc/rc.d/swap @@ -0,0 +1,17 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: swap +# REQUIRE: disks +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="swap" +start_cmd='/sbin/swapon -aq' +stop_cmd=':' + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/swap1 b/etc/rc.d/swap1 deleted file mode 100755 index 71a1908..0000000 --- a/etc/rc.d/swap1 +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/sh -# -# $FreeBSD$ -# - -# PROVIDE: localswap -# REQUIRE: disks -# KEYWORD: nojail shutdown - -. /etc/rc.subr - -name="swap1" -start_cmd='swapon -aq' -stop_cmd=':' - -load_rc_config swap -run_rc_command "$1" diff --git a/etc/rc.d/swaplate b/etc/rc.d/swaplate new file mode 100755 index 0000000..64fa989 --- /dev/null +++ b/etc/rc.d/swaplate @@ -0,0 +1,17 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: swaplate +# REQUIRE: mountlate +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="swaplate" +start_cmd='/sbin/swapon -aLq' +stop_cmd='/sbin/swapoff -aq' + +load_rc_config swap +run_rc_command "$1" -- cgit v1.1 From 0dd1d9c578ddc35507ac2072c5062f5d57c53147 Mon Sep 17 00:00:00 2001 From: davide Date: Fri, 28 Jun 2013 21:00:08 +0000 Subject: - Trim an unused and bogus Makefile for mount_smbfs. - Reconnect with some minor modifications, in particular now selsocket() internals are adapted to use sbintime units after recent'ish calloutng switch. --- etc/defaults/rc.conf | 2 +- etc/mtree/BSD.include.dist | 2 ++ etc/mtree/BSD.usr.dist | 4 ++++ 3 files changed, 7 insertions(+), 1 deletion(-) (limited to 'etc') diff --git a/etc/defaults/rc.conf b/etc/defaults/rc.conf index dda1855..47d5145 100644 --- a/etc/defaults/rc.conf +++ b/etc/defaults/rc.conf @@ -88,7 +88,7 @@ fsck_y_enable="NO" # Set to YES to do fsck -y if the initial preen fails. fsck_y_flags="" # Additional flags for fsck -y background_fsck="YES" # Attempt to run fsck in the background where possible. background_fsck_delay="60" # Time to wait (seconds) before starting the fsck. -netfs_types="nfs:NFS oldnfs:OLDNFS" # Net filesystems. +netfs_types="nfs:NFS oldnfs:OLDNFS smbfs:SMB" # Net filesystems. extra_netfs_types="NO" # List of network extra filesystem types for delayed # mount at startup (or NO). diff --git a/etc/mtree/BSD.include.dist b/etc/mtree/BSD.include.dist index 02e831d..e295348 100644 --- a/etc/mtree/BSD.include.dist +++ b/etc/mtree/BSD.include.dist @@ -176,6 +176,8 @@ .. procfs .. + smbfs + .. udf .. unionfs diff --git a/etc/mtree/BSD.usr.dist b/etc/mtree/BSD.usr.dist index 02d2286..98e89b9 100644 --- a/etc/mtree/BSD.usr.dist +++ b/etc/mtree/BSD.usr.dist @@ -309,6 +309,10 @@ srcs .. .. + smbfs + print + .. + .. sunrpc dir .. -- cgit v1.1 From 3c207809e56f6d75e9b13731b02775626c3ad628 Mon Sep 17 00:00:00 2001 From: delphij Date: Fri, 28 Jun 2013 22:25:37 +0000 Subject: Don't attempt to do DHCP on certain interfaces, similar to what's done for ipv6_autoconfif() in r212577. MFC after: 1 week --- etc/network.subr | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) (limited to 'etc') diff --git a/etc/network.subr b/etc/network.subr index 63c3db3..44894c9 100644 --- a/etc/network.subr +++ b/etc/network.subr @@ -318,6 +318,15 @@ dhcpif() local _tmpargs _arg _tmpargs=`_ifconfig_getargs $1` + case $1 in + lo[0-9]*|\ + stf[0-9]*|\ + faith[0-9]*|\ + lp[0-9]*|\ + sl[0-9]*) + return 1 + ;; + esac if noafif $1; then return 1 fi @@ -509,7 +518,7 @@ ipv6_autoconfif() _if=$1 case $_if in - lo0|\ + lo[0-9]*|\ stf[0-9]*|\ faith[0-9]*|\ lp[0-9]*|\ -- cgit v1.1 From e4c2fc3046400a4aacfe4b75983f17553e2f8aba Mon Sep 17 00:00:00 2001 From: hrs Date: Sun, 30 Jun 2013 19:52:45 +0000 Subject: Add "ether" and "link" to ifconfig_alias{es,N}. --- etc/network.subr | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) (limited to 'etc') diff --git a/etc/network.subr b/etc/network.subr index 44894c9..c6b8585 100644 --- a/etc/network.subr +++ b/etc/network.subr @@ -164,6 +164,9 @@ ifconfig_up() fi fi + ifalias $1 link alias + ifalias $1 ether alias + if [ ${_cfg} -eq 0 ]; then ${IFCONFIG_CMD} $1 up fi @@ -432,6 +435,9 @@ afexists() return 1 fi ;; + link|ether) + return 0 + ;; *) err 1 "afexists(): Unsupported address family: $_af" ;; @@ -700,7 +706,7 @@ ifalias() afexists $2 || return $_ret case "$2" in - inet|inet6) + inet|inet6|link|ether) ifalias_af_common $1 $2 $3 && _ret=0 ;; esac @@ -907,6 +913,11 @@ ifalias_af_common_handler() *) return ;; esac + # link(ether) does not support address removal. + case $_af:$_action in + link:-alias|ether:-alias) return ;; + esac + _tmpargs= for _c in $_args; do case $_c in @@ -965,6 +976,8 @@ ifalias_af_common() inet\ *) _iaf=inet ;; inet6\ *) _iaf=inet6 ;; ipx\ *) _iaf=ipx ;; + link\ *) _iaf=link ;; + ether\ *) _iaf=ether ;; esac case ${_af}:${_action}:${_iaf}:"${ifconfig_args}" in @@ -1012,7 +1025,7 @@ ifalias_af_common() _tmpargs= for _c in `get_if_var $_if ifconfig_IF_aliases` $_aliasn; do case $_c in - inet|inet6|ipx) + inet|inet6|ipx|link|ether) case $_tmpargs in ${_af}\ *) eval ifalias_af_common_handler $_if $_af $_action $_tmpargs && _ret=0 -- cgit v1.1 From 16596db60f50f7a2f26b1e45158d41df037b88c3 Mon Sep 17 00:00:00 2001 From: asomers Date: Mon, 1 Jul 2013 21:20:17 +0000 Subject: Add syslog(3) support to devd(8). sbin/devd/devd.cc All output will now go to syslog(3) if devd is daemonized, or stderr if it's running in the foreground. sbin/devd/devd.8 Remove the "-D" flag. Filtering messages by priority now happens in the usual syslog way. For performance reasons, a few extra-verbose debugging statements are now conditional on the "-d" (do not daemonize) flag. etc/syslog.conf etc/newsyslog.conf Direct messages from devd(8) to /var/log/devd.log, but leave it disabled by default Reviewed by: eadler Approved by: gibbs (co-mentor) MFC after: never (removed a command-line option from devd) --- etc/newsyslog.conf | 1 + etc/syslog.conf | 4 ++++ 2 files changed, 5 insertions(+) (limited to 'etc') diff --git a/etc/newsyslog.conf b/etc/newsyslog.conf index 76e0707..9572f84 100644 --- a/etc/newsyslog.conf +++ b/etc/newsyslog.conf @@ -32,6 +32,7 @@ /var/log/monthly.log 640 12 * $M1D0 JN /var/log/pflog 600 3 100 * JB /var/run/pflogd.pid /var/log/ppp.log root:network 640 3 100 * JC +/var/log/devd.log 644 3 100 * JC /var/log/security 600 10 100 * JC /var/log/sendmail.st 640 10 * 168 BN /var/log/utx.log 644 3 * @01T05 B diff --git a/etc/syslog.conf b/etc/syslog.conf index 242d27a..702bd66 100644 --- a/etc/syslog.conf +++ b/etc/syslog.conf @@ -13,6 +13,7 @@ mail.info /var/log/maillog lpr.info /var/log/lpd-errs ftp.info /var/log/xferlog cron.* /var/log/cron +!-devd *.=debug /var/log/debug.log *.emerg * # uncomment this to log all writes to /dev/console to /var/log/console.log @@ -27,6 +28,9 @@ cron.* /var/log/cron # news.crit /var/log/news/news.crit # news.err /var/log/news/news.err # news.notice /var/log/news/news.notice +# Uncomment this if you wish to see messages produced by devd +# !devd +# *.>=info /var/log/devd.log !ppp *.* /var/log/ppp.log !* -- cgit v1.1 From a7f2f1e583440115e32108c3bbc4163830456481 Mon Sep 17 00:00:00 2001 From: rpaulo Date: Thu, 4 Jul 2013 07:32:40 +0000 Subject: wpa_supplicant should be able to reassociate when resuming, so remove a comment saying it can't. --- etc/rc.resume | 4 ---- 1 file changed, 4 deletions(-) (limited to 'etc') diff --git a/etc/rc.resume b/etc/rc.resume index 4d17190..cce6161 100755 --- a/etc/rc.resume +++ b/etc/rc.resume @@ -52,10 +52,6 @@ fi # suspend and reloading it on resume. Example: # kldload usb -# wpa_supplicant(8) doesn't seem to reassociate during resume. Uncomment -# the following to signal it to reassociate. -# /usr/sbin/wpa_cli reassociate - /usr/bin/logger -t $subsystem resumed at `/bin/date +'%Y%m%d %H:%M:%S'` /bin/sync && /bin/sync && /bin/sync -- cgit v1.1 From 22e327d0053fd6094d76854a6c73d640ef59799a Mon Sep 17 00:00:00 2001 From: avg Date: Tue, 9 Jul 2013 08:59:39 +0000 Subject: rc.d/zfs: pass -v option to zfs mount this should make boot process more informative (and entertaining) on systems with lots of zfs filesystems. MFC after: 7 days --- etc/rc.d/zfs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'etc') diff --git a/etc/rc.d/zfs b/etc/rc.d/zfs index cabbcf6..598723a 100755 --- a/etc/rc.d/zfs +++ b/etc/rc.d/zfs @@ -23,7 +23,7 @@ zfs_start_jail() zfs_start_main() { - zfs mount -a + zfs mount -va zfs share -a if [ ! -r /etc/zfs/exports ]; then touch /etc/zfs/exports -- cgit v1.1 From 60f83c2b99802d815a842d511e9fafb72237cfe9 Mon Sep 17 00:00:00 2001 From: des Date: Mon, 15 Jul 2013 08:48:45 +0000 Subject: When stopping pfsync, remove the pfsync interface's syncpeer setting. MFC after: 3 days --- etc/rc.d/pfsync | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'etc') diff --git a/etc/rc.d/pfsync b/etc/rc.d/pfsync index 3dab3a8..3c46575 100755 --- a/etc/rc.d/pfsync +++ b/etc/rc.d/pfsync @@ -42,7 +42,7 @@ pfsync_start() pfsync_stop() { echo "Disabling pfsync." - ifconfig pfsync0 -syncdev down + ifconfig pfsync0 -syncdev -syncpeer down } load_rc_config $name -- cgit v1.1 From ff98999e181dd14ac3c4115951e196a31adf10ca Mon Sep 17 00:00:00 2001 From: hrs Date: Thu, 18 Jul 2013 02:58:24 +0000 Subject: - Fix a bug in ipv6_prefix_IF. It did not work with the 64-bit prefix notation like 2001:db8:1:1. - Use eui64 flag in ifconfig(8) instead of network6_getladdr()[*] for interface indentifier part. Suggested by: ume [*] MFC after: 3 days --- etc/network.subr | 20 ++++---------------- 1 file changed, 4 insertions(+), 16 deletions(-) (limited to 'etc') diff --git a/etc/network.subr b/etc/network.subr index c6b8585..3c26b13 100644 --- a/etc/network.subr +++ b/etc/network.subr @@ -1052,16 +1052,12 @@ ifalias_af_common() # ipv6_prefix_hostid_addr_common() { - local _if _action prefix laddr hostid j address + local _if _action prefix j _if=$1 _action=$2 prefix=`get_if_var ${_if} ipv6_prefix_IF` if [ -n "${prefix}" ]; then - laddr=`network6_getladdr ${_if}` - hostid=${laddr#fe80::} - hostid=${hostid%\%*} - for j in ${prefix}; do # The default prefixlen is 64. plen=${j#*/} @@ -1071,18 +1067,10 @@ ipv6_prefix_hostid_addr_common() esac # Normalize the last part by removing ":" - j=${j%:*} + j=${j%::*} j=${j%:} - OIFS=$IFS; IFS=":"; set -- $j; nj=$#; IFS=$OIFS - OIFS=$IFS; IFS=":"; set -- $hostid; nh=$#; IFS=$OIFS - if [ $(($nj + $nh)) -eq 8 ]; then - address=$j\:$hostid - else - address=$j\::$hostid - fi - - ${IFCONFIG_CMD} ${_if} inet6 ${address} \ - prefixlen $plen ${_action} + ${IFCONFIG_CMD} ${_if} inet6 $j:: \ + prefixlen $plen eui64 ${_action} # if I am a router, add subnet router # anycast address (RFC 2373). -- cgit v1.1 From 43ff25fce868f013654ddbc0496bc7928c10bbdf Mon Sep 17 00:00:00 2001 From: hrs Date: Sat, 20 Jul 2013 16:58:17 +0000 Subject: Fix address range specification with ifconfig(8) options such as: - inet 192.0.2.1-10 netmask 255.255.255.0 (inet range spec + ifconfig options) - inet6 2001:db8:1::1-f prefixlen 60 (inet6 range spec + ifconfig options) If prefixlen or netmask option is specified with CIDR notation at the same time, the option is used. Tested by: Michael Grimm MFC after: 3 days --- etc/network.subr | 73 +++++++++++++++++++++++++++++++++++++++++--------------- 1 file changed, 54 insertions(+), 19 deletions(-) (limited to 'etc') diff --git a/etc/network.subr b/etc/network.subr index 3c26b13..f9c1950 100644 --- a/etc/network.subr +++ b/etc/network.subr @@ -721,9 +721,14 @@ ifalias() # ifalias_expand_addr() { + local _af _action - afexists $1 || return - ifalias_expand_addr_$1 $2 $3 + _af=$1 + _action=$2 + shift 2 + + afexists $_af || return + ifalias_expand_addr_$_af $_action $* } # ifalias_expand_addr_inet action addr @@ -731,19 +736,34 @@ ifalias_expand_addr() # ifalias_expand_addr_inet() { - local _action _arg _cidr _cidr_addr + local _action _arg _cidr _cidr_addr _exargs local _ipaddr _plen _range _iphead _iptail _iplow _iphigh _ipcount local _retstr _c _action=$1 _arg=$2 + shift 2 + _exargs=$* _retstr= - case $_action:$_arg in - *:*--*) return ;; # invalid - tmp:*) echo $_arg && return ;; # already expanded - tmp:*-*) _action="alias" ;; # to be expanded - *:*-*) ;; # to be expanded - *:*) echo inet $_arg && return ;; # already expanded + case $_action:$_arg:$_exargs in + *:*--*) return ;; # invalid + tmp:*[0-9]-[0-9]*:*) # to be expanded + _action="alias" + ;; + *:*[0-9]-[0-9]*:*) # to be expanded + ;; + tmp:*:*netmask*) # already expanded w/ netmask option + echo ${_arg%/[0-9]*} $_exargs && return + ;; + tmp:*:*) # already expanded w/o netmask option + echo $_arg $_exargs && return + ;; + *:*:*netmask*) # already expanded w/ netmask option + echo inet ${_arg%/[0-9]*} $_exargs && return + ;; + *:*:*) # already expanded w/o netmask option + echo inet $_arg $_exargs && return + ;; esac for _cidr in $_arg; do @@ -796,7 +816,7 @@ ifalias_expand_addr_inet() done for _c in $_retstr; do - ifalias_expand_addr_inet $_action $_c + ifalias_expand_addr_inet $_action $_c $_exargs done } @@ -805,20 +825,35 @@ ifalias_expand_addr_inet() # ifalias_expand_addr_inet6() { - local _action _arg _cidr _cidr_addr + local _action _arg _cidr _cidr_addr _exargs local _ipaddr _plen _ipleft _ipright _iplow _iphigh _ipcount local _ipv4part local _retstr _c _action=$1 _arg=$2 + shift 2 + _exargs=$* _retstr= - case $_action:$_arg in - *:*--*) return ;; # invalid - tmp:*) echo $_arg && return ;; - tmp:*-*) _action="alias" ;; - *:*-*) ;; - *:*) echo inet6 $_arg && return ;; + case $_action:$_arg:$_exargs in + *:*--*:*) return ;; # invalid + tmp:*[0-9a-zA-Z]-[0-9a-zA-Z]*:*)# to be expanded + _action="alias" + ;; + *:*[0-9a-zA-Z]-[0-9a-zA-Z]*:*) # to be expanded + ;; + tmp:*:*prefixlen*) # already expanded w/ prefixlen option + echo ${_arg%/[0-9]*} $_exargs && return + ;; + tmp:*:*) # already expanded w/o prefixlen option + echo $_arg $_exargs && return + ;; + *:*:*prefixlen*) # already expanded w/ prefixlen option + echo inet6 ${_arg%/[0-9]*} $_exargs && return + ;; + *:*:*) # already expanded w/o prefixlen option + echo inet6 $_arg $_exargs && return + ;; esac for _cidr in $_arg; do @@ -872,7 +907,7 @@ ifalias_expand_addr_inet6() fi for _c in $_retstr; do - ifalias_expand_addr_inet6 $_action $_c + ifalias_expand_addr_inet6 $_action $_c $_exargs done else # v4mapped/v4compat should handle as an IPv4 alias @@ -888,7 +923,7 @@ ifalias_expand_addr_inet6() _retstr=`ifalias_expand_addr_inet \ tmp ${_ipv4part}${_plen:+/}${_plen}` for _c in $_retstr; do - ifalias_expand_addr_inet $_action $_c + ifalias_expand_addr_inet $_action $_c $_exargs done fi done -- cgit v1.1 From 5d72d2ce1e1864fb4cb9432e8b0c72469f83a025 Mon Sep 17 00:00:00 2001 From: hrs Date: Sun, 21 Jul 2013 15:26:25 +0000 Subject: Do not set ND6_IFF_ACCEPT_RTADV on if_bridge(4) interfaces when ipv6_enable=yes. MFC after: 3 days --- etc/network.subr | 28 +++++++++++++++++++++++----- 1 file changed, 23 insertions(+), 5 deletions(-) (limited to 'etc') diff --git a/etc/network.subr b/etc/network.subr index f9c1950..3b13f99 100644 --- a/etc/network.subr +++ b/etc/network.subr @@ -113,9 +113,18 @@ ifconfig_up() # backward compatibility: $ipv6_enable case $ipv6_enable in [Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1) - if ! checkyesno ipv6_gateway_enable; then - _ipv6_opts="${_ipv6_opts} accept_rtadv" - fi + case $1 in + bridge[0-9]*) + # No accept_rtadv by default on if_bridge(4) + # to avoid a conflict with the member + # interfaces. + ;; + *) + if ! checkyesno ipv6_gateway_enable; then + _ipv6_opts="${_ipv6_opts} accept_rtadv" + fi + ;; + esac ;; esac @@ -550,9 +559,18 @@ ipv6_autoconfif() [Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1) if checkyesno ipv6_gateway_enable; then return 1 - else - return 0 fi + case $1 in + bridge[0-9]*) + # No accept_rtadv by default on if_bridge(4) + # to avoid a conflict with the member + # interfaces. + return 1 + ;; + *) + return 0 + ;; + esac ;; esac -- cgit v1.1 From 56a6c80c3f62e1f1330fac31e6547dd61f17143a Mon Sep 17 00:00:00 2001 From: rpaulo Date: Thu, 25 Jul 2013 03:54:08 +0000 Subject: Add pkgconf files for libusb. Reviewed by: hselasky --- etc/mtree/BSD.usr.dist | 2 ++ 1 file changed, 2 insertions(+) (limited to 'etc') diff --git a/etc/mtree/BSD.usr.dist b/etc/mtree/BSD.usr.dist index 98e89b9..339ae55 100644 --- a/etc/mtree/BSD.usr.dist +++ b/etc/mtree/BSD.usr.dist @@ -38,6 +38,8 @@ .. lint .. + pkgconfig + .. .. libexec bsdinstall -- cgit v1.1 From 07e87da933bbd84bf1ecb44155f79558a7d8465c Mon Sep 17 00:00:00 2001 From: hselasky Date: Fri, 26 Jul 2013 10:25:18 +0000 Subject: Regenerate usb.conf MFC after: 1 week --- etc/devd/usb.conf | 94 ++++++++++++++++--------------------------------------- 1 file changed, 27 insertions(+), 67 deletions(-) (limited to 'etc') diff --git a/etc/devd/usb.conf b/etc/devd/usb.conf index 9aaa636..577fc64 100644 --- a/etc/devd/usb.conf +++ b/etc/devd/usb.conf @@ -8,72 +8,6 @@ nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; - match "vendor" "0x05ac"; - match "product" "0x1290"; - match "intclass" "0xff"; - match "intsubclass" "0xfd"; - match "intprotocol" "0x01"; - action "kldload -n if_ipheth"; -}; - -nomatch 32 { - match "bus" "uhub[0-9]+"; - match "mode" "host"; - match "vendor" "0x05ac"; - match "product" "0x1292"; - match "intclass" "0xff"; - match "intsubclass" "0xfd"; - match "intprotocol" "0x01"; - action "kldload -n if_ipheth"; -}; - -nomatch 32 { - match "bus" "uhub[0-9]+"; - match "mode" "host"; - match "vendor" "0x05ac"; - match "product" "0x1294"; - match "intclass" "0xff"; - match "intsubclass" "0xfd"; - match "intprotocol" "0x01"; - action "kldload -n if_ipheth"; -}; - -nomatch 32 { - match "bus" "uhub[0-9]+"; - match "mode" "host"; - match "vendor" "0x05ac"; - match "product" "0x1297"; - match "intclass" "0xff"; - match "intsubclass" "0xfd"; - match "intprotocol" "0x01"; - action "kldload -n if_ipheth"; -}; - -nomatch 32 { - match "bus" "uhub[0-9]+"; - match "mode" "host"; - match "vendor" "0x05ac"; - match "product" "0x12a0"; - match "intclass" "0xff"; - match "intsubclass" "0xfd"; - match "intprotocol" "0x01"; - action "kldload -n if_ipheth"; -}; - -nomatch 32 { - match "bus" "uhub[0-9]+"; - match "mode" "host"; - match "vendor" "0x05ac"; - match "product" "0x12a8"; - match "intclass" "0xff"; - match "intsubclass" "0xfd"; - match "intprotocol" "0x01"; - action "kldload -n if_ipheth"; -}; - -nomatch 32 { - match "bus" "uhub[0-9]+"; - match "mode" "host"; match "vendor" "0x0104"; match "product" "0x00be"; action "kldload -n uipaq"; @@ -2938,6 +2872,14 @@ nomatch 32 { nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; + match "vendor" "0x1004"; + match "product" "0x618f"; + action "kldload -n u3g"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; match "vendor" "0x100d"; match "product" "(0x9031|0x9032)"; action "kldload -n if_run"; @@ -4042,6 +3984,14 @@ nomatch 32 { nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; + match "vendor" "0x17ef"; + match "product" "0x7203"; + action "kldload -n if_axe"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; match "vendor" "0x17f4"; match "product" "0xaaaa"; action "kldload -n uslcom"; @@ -4826,6 +4776,16 @@ nomatch 32 { nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; + match "vendor" "0x05ac"; + match "intclass" "0xff"; + match "intsubclass" "0xfd"; + match "intprotocol" "0x01"; + action "kldload -n if_ipheth"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; match "vendor" "0x0a5c"; match "intclass" "0xff"; match "intsubclass" "0x01"; @@ -4976,5 +4936,5 @@ nomatch 32 { action "kldload -n umass"; }; -# 2480 USB entries processed +# 2477 USB entries processed -- cgit v1.1 From 29177b0ce822d54a4139f17afb242ada19710aa8 Mon Sep 17 00:00:00 2001 From: jlh Date: Thu, 1 Aug 2013 05:50:42 +0000 Subject: Include /usr/local/etc/libmap.d/ by default. PR: 180568 Reviewed by: bapt Obtained from: kib MFC after: 3 days --- etc/Makefile | 1 + etc/libmap.conf | 2 ++ 2 files changed, 3 insertions(+) create mode 100644 etc/libmap.conf (limited to 'etc') diff --git a/etc/Makefile b/etc/Makefile index f509a19..6e2a716 100644 --- a/etc/Makefile +++ b/etc/Makefile @@ -22,6 +22,7 @@ BIN1= crontab \ hosts.equiv \ inetd.conf \ libalias.conf \ + libmap.conf \ login.access \ login.conf \ mac.conf \ diff --git a/etc/libmap.conf b/etc/libmap.conf new file mode 100644 index 0000000..b2c91b2 --- /dev/null +++ b/etc/libmap.conf @@ -0,0 +1,2 @@ +# $FreeBSD$ +includedir /usr/local/etc/libmap.d -- cgit v1.1 From cbd7fe2b24d8f0b3ad6d6dad1cc3804f62921b2d Mon Sep 17 00:00:00 2001 From: hrs Date: Sun, 4 Aug 2013 06:36:17 +0000 Subject: - Reimplement $gif_interfaces as a variant of $cloned_interfaces. Newly-configured systems should use $cloned_interfaces. - Call clone_{up,down}() and ifnet_rename() in rc.d/netif {start,stop}. ifnet_rename() now accepts an interface name list as its argument. - Add rc.d/netif clear. The "clear" subcommand is basically equivalent to "stop" but it does not call clone_down(). - Add "ifname:sticky" keyword into $cloned_interfaces. If :sticky is specified, the interface will not be destroyed in rc.d/netif stop. - Add cloned_interfaces_sticky={YES,NO}. This variable globally sets :sticky keyword above for all interfaces. The default value is NO. When cloned_interfaces_sticky=YES, :nosticky keyword can be used to override it on per interface basis. --- etc/network.subr | 112 +++++++++++++++++++++++++++++++++++++++---------------- etc/rc.d/netif | 43 ++++++++++++++++----- 2 files changed, 114 insertions(+), 41 deletions(-) (limited to 'etc') diff --git a/etc/network.subr b/etc/network.subr index 3b13f99..f690725 100644 --- a/etc/network.subr +++ b/etc/network.subr @@ -660,6 +660,11 @@ ipv4_down() IFS="$_ifs" for _inet in $inetList ; do # get rid of extraneous line + case $_inet in + "") break ;; + inet\ *) ;; + *) continue ;; + esac [ -z "$_inet" ] && break _inet=`expr "$_inet" : '.*\(inet \([0-9]\{1,3\}\.\)\{3\}[0-9]\{1,3\}\).*'` @@ -1192,18 +1197,62 @@ ifscript_down() # clone_up() { - local _prefix _list ifn + local _prefix _list ifn ifopt _iflist _n tmpargs _prefix= _list= + _iflist=$* # create_args_IF for ifn in ${cloned_interfaces}; do + # Parse ifn:ifopt. + OIFS=$IFS; IFS=:; set -- $ifn; ifn=$1; ifopt=$2; IFS=$OIFS + case $_iflist in + ""|$ifn|$ifn\ *|*\ $ifn\ *|*\ $ifn) ;; + *) continue ;; + esac + # Skip if ifn already exists. + if ${IFCONFIG_CMD} $ifn > /dev/null 2>&1; then + continue + fi ${IFCONFIG_CMD} ${ifn} create `get_if_var ${ifn} create_args_IF` if [ $? -eq 0 ]; then _list="${_list}${_prefix}${ifn}" [ -z "$_prefix" ] && _prefix=' ' fi done + if [ -n "$gif_interfaces" ]; then + warn "\$gif_interfaces is obsolete. Use \$cloned_interfaces instead." + fi + for ifn in ${gif_interfaces}; do + # Parse ifn:ifopt. + OIFS=$IFS; IFS=:; set -- $ifn; ifn=$1; ifopt=$2; IFS=$OIFS + case $_iflist in + ""|$ifn|$ifn\ *|*\ $ifn\ *|*\ $ifn) ;; + *) continue ;; + esac + # Skip if ifn already exists. + if ${IFCONFIG_CMD} $ifn > /dev/null 2>&1; then + continue + fi + case $ifn in + gif[0-9]*) + ${IFCONFIG_CMD} $ifn create + ;; + *) + _n=$(${IFCONFIG_CMD} gif create) + ${IFCONFIG_CMD} $_n name $ifn + ;; + esac + if [ $? -eq 0 ]; then + _list="${_list}${_prefix}${ifn}" + [ -z "$_prefix" ] && _prefix=' ' + fi + tmpargs=$(get_if_var $ifn gifconfig_IF) + eval ifconfig_${ifn}=\"tunnel \$tmpargs\" + done + if [ -n "${_list}" ]; then + echo "Created clone interfaces: ${_list}." + fi debug "Cloned: ${_list}" } @@ -1213,17 +1262,42 @@ clone_up() # clone_down() { - local _prefix _list ifn + local _prefix _list ifn ifopt _iflist _sticky _prefix= _list= + _iflist=$* - for ifn in ${cloned_interfaces}; do + : ${cloned_interfaces_sticky:=NO} + if checkyesno cloned_interfaces_sticky; then + _sticky=1 + else + _sticky=0 + fi + for ifn in ${cloned_interfaces} ${gif_interfaces}; do + # Parse ifn:ifopt. + OIFS=$IFS; IFS=:; set -- $ifn; ifn=$1; ifopt=$2; IFS=$OIFS + case $ifopt:$_sticky in + sticky:*) continue ;; # :sticky => not destroy + nosticky:*) ;; # :nosticky => destroy + *:1) continue ;; # global sticky knob == 1 + esac + case $_iflist in + ""|$ifn|$ifn\ *|*\ $ifn\ *|*\ $ifn) ;; + *) continue ;; + esac + # Skip if ifn does not exist. + if ! ${IFCONFIG_CMD} $ifn > /dev/null 2>&1; then + continue + fi ${IFCONFIG_CMD} -n ${ifn} destroy if [ $? -eq 0 ]; then _list="${_list}${_prefix}${ifn}" [ -z "$_prefix" ] && _prefix=' ' fi done + if [ -n "${_list}" ]; then + echo "Destroyed clone interfaces: ${_list}." + fi debug "Destroyed clones: ${_list}" } @@ -1347,32 +1421,6 @@ ng_create_one() done } -# gif_up -# Create gif(4) tunnel interfaces. -gif_up() -{ - local i peers - - for i in ${gif_interfaces}; do - peers=`get_if_var $i gifconfig_IF` - case ${peers} in - '') - continue - ;; - *) - if expr $i : 'gif[0-9][0-9]*$' >/dev/null 2>&1; then - ${IFCONFIG_CMD} $i create >/dev/null 2>&1 - else - gif=`${IFCONFIG_CMD} gif create` - ${IFCONFIG_CMD} $gif name $i - fi - ${IFCONFIG_CMD} $i tunnel ${peers} - ${IFCONFIG_CMD} $i up - ;; - esac - done -} - # ng_fec_create ifn # Configure Fast EtherChannel for interface $ifn. Returns 0 if # FEC arguments were found and configured; returns !0 otherwise. @@ -1470,15 +1518,15 @@ ipx_down() return $_ret } -# ifnet_rename -# Rename all requested interfaces. +# ifnet_rename [ifname] +# Rename interfaces if ifconfig_IF_name is defined. # ifnet_rename() { local _if _ifname # ifconfig_IF_name - for _if in `${IFCONFIG_CMD} -l`; do + for _if in ${*:-$(${IFCONFIG_CMD} -l)}; do _ifname=`get_if_var $_if ifconfig_IF_name` if [ ! -z "$_ifname" ]; then ${IFCONFIG_CMD} $_if name $_ifname diff --git a/etc/rc.d/netif b/etc/rc.d/netif index d623503..7aac42d 100755 --- a/etc/rc.d/netif +++ b/etc/rc.d/netif @@ -38,7 +38,8 @@ start_cmd="network_start" stop_cmd="network_stop" cloneup_cmd="clone_up" clonedown_cmd="clone_down" -extra_commands="cloneup clonedown" +clear_cmd="doclear" +extra_commands="cloneup clonedown clear" cmdifn= set_rcvar_obsolete ipv6_enable ipv6_activate_all_interfaces @@ -60,18 +61,15 @@ network_start() # disable SIGINT (Ctrl-c) when running at startup trap : 2 - # Create cloned interfaces - clone_up - # Create Fast EtherChannel interfaces fec_up + fi - # Create IPv6<-->IPv4 tunnels - gif_up + # Create cloned interfaces + clone_up $cmdifn - # Rename interfaces. - ifnet_rename - fi + # Rename interfaces. + ifnet_rename $cmdifn # Configure the interface(s). network_common ifn_start @@ -92,6 +90,18 @@ network_start() network_stop() { + _clone_down=1 + network_stop0 $* +} + +doclear() +{ + _clone_down= + network_stop0 $* +} + +network_stop0() +{ local _if # Set the list of interfaces to work on. @@ -101,6 +111,11 @@ network_stop() # Deconfigure the interface(s) network_common ifn_stop + # Destroy cloned interfaces + if [ -n "$_clone_down" ]; then + clone_down $cmdifn + fi + if [ -f /etc/rc.d/routing -a -n "$cmdifn" ] ; then for _if in $cmdifn; do /etc/rc.d/routing stop any $_if @@ -142,6 +157,16 @@ network_common() _fail= _ok= for ifn in ${_cooked_list}; do + # Skip if ifn does not exist. + case $_func in + ifn_stop) + if ! ${IFCONFIG_CMD} $ifn > /dev/null 2>&1; then + warn "$ifn does not exist. Skipped." + _fail="${_fail} ${ifn}" + continue + fi + ;; + esac if ${_func} ${ifn} $2; then _ok="${_ok} ${ifn}" if ipv6if ${ifn}; then -- cgit v1.1 From 3da4e5b6934abda3c9ad204f3e815d41b360e03f Mon Sep 17 00:00:00 2001 From: rpaulo Date: Sun, 4 Aug 2013 19:36:46 +0000 Subject: Regen for if_rsu. --- etc/devd/usb.conf | 246 ++++++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 239 insertions(+), 7 deletions(-) (limited to 'etc') diff --git a/etc/devd/usb.conf b/etc/devd/usb.conf index 577fc64..8be81ed 100644 --- a/etc/devd/usb.conf +++ b/etc/devd/usb.conf @@ -777,7 +777,7 @@ nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; match "vendor" "0x050d"; - match "product" "(0x8053|0x805c|0x815c|0x825a|0x825b)"; + match "product" "(0x8053|0x805c|0x815c)"; action "kldload -n if_run"; }; @@ -785,6 +785,30 @@ nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; match "vendor" "0x050d"; + match "product" "0x815f"; + action "kldload -n if_rsu"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x050d"; + match "product" "(0x825a|0x825b)"; + action "kldload -n if_run"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x050d"; + match "product" "0x845a"; + action "kldload -n if_rsu"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x050d"; match "product" "0x905b"; action "kldload -n if_rum"; }; @@ -800,6 +824,14 @@ nomatch 32 { nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; + match "vendor" "0x050d"; + match "product" "0x945a"; + action "kldload -n if_rsu"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; match "vendor" "0x0525"; match "product" "(0x1080|0xa4a0)"; action "kldload -n udbp"; @@ -1249,6 +1281,14 @@ nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; match "vendor" "0x06f8"; + match "product" "(0xe031|0xe032)"; + action "kldload -n if_rsu"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x06f8"; match "product" "0xe033"; action "kldload -n if_urtwn"; }; @@ -1457,6 +1497,14 @@ nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; match "vendor" "0x07aa"; + match "product" "0x0047"; + action "kldload -n if_rsu"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x07aa"; match "product" "0x0056"; action "kldload -n if_urtwn"; }; @@ -1561,6 +1609,14 @@ nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; match "vendor" "0x07d1"; + match "product" "(0x3300|0x3302|0x3303)"; + action "kldload -n if_rsu"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x07d1"; match "product" "0x3a0c"; action "kldload -n if_uath"; }; @@ -1657,7 +1713,23 @@ nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; match "vendor" "0x083a"; - match "product" "(0x6618|0x7511|0x7512|0x7522|0x8522|0xa512|0xa618|0xa701|0xa702|0xb522|0xc522|0xd522)"; + match "product" "(0x6618|0x7511|0x7512|0x7522|0x8522|0xa512|0xa618|0xa701|0xa702|0xb522)"; + action "kldload -n if_run"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x083a"; + match "product" "0xc512"; + action "kldload -n if_rsu"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x083a"; + match "product" "(0xc522|0xd522)"; action "kldload -n if_run"; }; @@ -2137,7 +2209,39 @@ nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; match "vendor" "0x0b05"; - match "product" "(0x1731|0x1732|0x1742|0x1760|0x1761|0x1784|0x1790|0x179d)"; + match "product" "(0x1731|0x1732|0x1742|0x1760|0x1761|0x1784)"; + action "kldload -n if_run"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0b05"; + match "product" "0x1786"; + action "kldload -n if_rsu"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0b05"; + match "product" "0x1790"; + action "kldload -n if_run"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0b05"; + match "product" "0x1791"; + action "kldload -n if_rsu"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0b05"; + match "product" "0x179d"; action "kldload -n if_run"; }; @@ -2273,7 +2377,23 @@ nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; match "vendor" "0x0bda"; - match "product" "(0x8170|0x8176|0x8177|0x8178|0x817a|0x817b|0x817c|0x817d|0x817e)"; + match "product" "0x8170"; + action "kldload -n if_urtwn"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0bda"; + match "product" "(0x8171|0x8172|0x8173|0x8174)"; + action "kldload -n if_rsu"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0bda"; + match "product" "(0x8176|0x8177|0x8178|0x817a|0x817b|0x817c|0x817d|0x817e)"; action "kldload -n if_urtwn"; }; @@ -2305,6 +2425,14 @@ nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; match "vendor" "0x0bda"; + match "product" "(0x8712|0x8712)"; + action "kldload -n if_rsu"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0bda"; match "product" "0x8754"; action "kldload -n if_urtwn"; }; @@ -2312,6 +2440,14 @@ nomatch 32 { nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; + match "vendor" "0x0bda"; + match "product" "0xc512"; + action "kldload -n if_rsu"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; match "vendor" "0x0bed"; match "product" "(0x1100|0x1101)"; action "kldload -n uslcom"; @@ -2609,7 +2745,39 @@ nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; match "vendor" "0x0df6"; - match "product" "(0x002b|0x002c|0x002d|0x0039|0x003b|0x003c|0x003d|0x003e|0x003f|0x0040|0x0041|0x0042|0x0047|0x0048|0x004a|0x004d)"; + match "product" "(0x002b|0x002c|0x002d|0x0039|0x003b|0x003c|0x003d|0x003e|0x003f|0x0040|0x0041|0x0042)"; + action "kldload -n if_run"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0df6"; + match "product" "0x0045"; + action "kldload -n if_rsu"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0df6"; + match "product" "(0x0047|0x0048|0x004a)"; + action "kldload -n if_run"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0df6"; + match "product" "0x004b"; + action "kldload -n if_rsu"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0df6"; + match "product" "0x004d"; action "kldload -n if_run"; }; @@ -2681,6 +2849,14 @@ nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; match "vendor" "0x0e66"; + match "product" "(0x0015|0x0016)"; + action "kldload -n if_rsu"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0e66"; match "product" "0x0019"; action "kldload -n if_urtwn"; }; @@ -3401,6 +3577,14 @@ nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; match "vendor" "0x13d3"; + match "product" "(0x3306|0x3309|0x3310|0x3311|0x3325)"; + action "kldload -n if_rsu"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x13d3"; match "product" "(0x3357|0x3358|0x3359)"; action "kldload -n if_urtwn"; }; @@ -3553,6 +3737,14 @@ nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; match "vendor" "0x14b2"; + match "product" "(0x3300|0x3301|0x3302)"; + action "kldload -n if_rsu"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x14b2"; match "product" "0x3c02"; action "kldload -n if_ural"; }; @@ -3945,6 +4137,14 @@ nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; match "vendor" "0x1740"; + match "product" "(0x9603|0x9605)"; + action "kldload -n if_rsu"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x1740"; match "product" "(0x9701|0x9702|0x9703|0x9705|0x9706|0x9707|0x9708|0x9709|0x9801)"; action "kldload -n if_run"; }; @@ -3961,7 +4161,23 @@ nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; match "vendor" "0x177f"; - match "product" "(0x0153|0x0302|0x0313)"; + match "product" "0x0153"; + action "kldload -n if_run"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x177f"; + match "product" "0x0154"; + action "kldload -n if_rsu"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x177f"; + match "product" "(0x0302|0x0313)"; action "kldload -n if_run"; }; @@ -4353,6 +4569,14 @@ nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; match "vendor" "0x2019"; + match "product" "0xab28"; + action "kldload -n if_rsu"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x2019"; match "product" "(0xab2a|0xab2b|0xab2e)"; action "kldload -n if_urtwn"; }; @@ -4681,6 +4905,14 @@ nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; match "vendor" "0x7392"; + match "product" "(0x7611|0x7612|0x7622)"; + action "kldload -n if_rsu"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x7392"; match "product" "(0x7711|0x7717|0x7718)"; action "kldload -n if_run"; }; @@ -4936,5 +5168,5 @@ nomatch 32 { action "kldload -n umass"; }; -# 2477 USB entries processed +# 2515 USB entries processed -- cgit v1.1 From d073be3ad1145092808b4209092acf1e3fea4326 Mon Sep 17 00:00:00 2001 From: erwin Date: Fri, 9 Aug 2013 07:57:04 +0000 Subject: Add empty zones for Shared Address Space (RFC 6598) Approved by: delphij (mentor) MFC after: 3 days Sponsored by: DK Hostmaster A/S --- etc/namedb/named.conf | 66 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 66 insertions(+) (limited to 'etc') diff --git a/etc/namedb/named.conf b/etc/namedb/named.conf index 0b6d1ac..5f01106 100644 --- a/etc/namedb/named.conf +++ b/etc/namedb/named.conf @@ -153,6 +153,72 @@ zone "30.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; zone "31.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; zone "168.192.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +// Shared Address Space (RFC 6598) +zone "64.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "65.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "66.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "67.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "68.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "69.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "70.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "71.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "72.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "73.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "74.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "75.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "76.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "77.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "78.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "79.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "80.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "81.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "82.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "83.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "84.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "85.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "86.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "87.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "88.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "89.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "90.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "91.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "92.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "93.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "94.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "95.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "96.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "97.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "98.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "99.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "100.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "101.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "102.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "103.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "104.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "105.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "106.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "107.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "108.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "109.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "110.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "111.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "112.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "113.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "114.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "115.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "116.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "117.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "118.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "119.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "120.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "121.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "122.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "123.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "124.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "125.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "126.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "127.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; + // Link-local/APIPA (RFCs 3927, 5735 and 6303) zone "254.169.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; -- cgit v1.1 From d80ee1955bb81944081da04233926bb470fb14fb Mon Sep 17 00:00:00 2001 From: peter Date: Mon, 19 Aug 2013 04:56:03 +0000 Subject: Add the optional ability to run as a different user. Obtained from: Antique freebsd.org cluster archive images --- etc/rc.d/bsnmpd | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) (limited to 'etc') diff --git a/etc/rc.d/bsnmpd b/etc/rc.d/bsnmpd index 2aad72e..49d2d90 100755 --- a/etc/rc.d/bsnmpd +++ b/etc/rc.d/bsnmpd @@ -12,7 +12,17 @@ name="bsnmpd" rcvar="bsnmpd_enable" command="/usr/sbin/${name}" -pidfile="/var/run/snmpd.pid" +start_cmd="bsnmpd_start" + +bsnmpd_start() +{ + rc_flags="-p ${pidfile} ${bsnmpd_flags}" + echo -n "Starting bsnmpd" + su -m $user -c "$command ${rc_flags}" + echo "." +} load_rc_config $name +user="${bsnmpd_username:-root}" +pidfile="${bsnmpd_pidfile:-/var/run/snmpd.pid}" run_rc_command "$1" -- cgit v1.1 From d7ac7dd6dc3d453db355a2c23a9928b259309eb6 Mon Sep 17 00:00:00 2001 From: peter Date: Mon, 19 Aug 2013 05:12:38 +0000 Subject: Revert r254508. --- etc/rc.d/bsnmpd | 12 +----------- 1 file changed, 1 insertion(+), 11 deletions(-) (limited to 'etc') diff --git a/etc/rc.d/bsnmpd b/etc/rc.d/bsnmpd index 49d2d90..2aad72e 100755 --- a/etc/rc.d/bsnmpd +++ b/etc/rc.d/bsnmpd @@ -12,17 +12,7 @@ name="bsnmpd" rcvar="bsnmpd_enable" command="/usr/sbin/${name}" -start_cmd="bsnmpd_start" - -bsnmpd_start() -{ - rc_flags="-p ${pidfile} ${bsnmpd_flags}" - echo -n "Starting bsnmpd" - su -m $user -c "$command ${rc_flags}" - echo "." -} +pidfile="/var/run/snmpd.pid" load_rc_config $name -user="${bsnmpd_username:-root}" -pidfile="${bsnmpd_pidfile:-/var/run/snmpd.pid}" run_rc_command "$1" -- cgit v1.1 From 088808bf23327b9d849bcd92dc3a839743c06aa7 Mon Sep 17 00:00:00 2001 From: peter Date: Mon, 19 Aug 2013 05:37:49 +0000 Subject: Pass pidfile to bsnmpd if it's been changed (parts cut/pasted from rc.d/rarpd and rc.d/wpa_supplicant) --- etc/rc.d/bsnmpd | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'etc') diff --git a/etc/rc.d/bsnmpd b/etc/rc.d/bsnmpd index 2aad72e..7700b39 100755 --- a/etc/rc.d/bsnmpd +++ b/etc/rc.d/bsnmpd @@ -12,7 +12,8 @@ name="bsnmpd" rcvar="bsnmpd_enable" command="/usr/sbin/${name}" -pidfile="/var/run/snmpd.pid" load_rc_config $name +pidfile="${bsnmpd_pidfile:-/var/run/snmpd.pid}" +command_args="-p ${pidfile}" run_rc_command "$1" -- cgit v1.1 From 2dbc95284850f1d96e8a2e075080a1b1c17986f5 Mon Sep 17 00:00:00 2001 From: asomers Date: Fri, 23 Aug 2013 23:12:16 +0000 Subject: Correctly remove an interface's ipv4 address when the user calls "/etc/rc.d/netif stop XXX". The old globbing pattern failed to account for the possibility of a tab occuring before "inet". Reviewed by: will Approved by: ken (mentor, implicit) MFC after: Never (bug affects head only) Sponsored by: Spectra Logic --- etc/network.subr | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'etc') diff --git a/etc/network.subr b/etc/network.subr index f690725..7dfb328 100644 --- a/etc/network.subr +++ b/etc/network.subr @@ -661,9 +661,9 @@ ipv4_down() for _inet in $inetList ; do # get rid of extraneous line case $_inet in - "") break ;; - inet\ *) ;; - *) continue ;; + "") break ;; + \ inet\ *|inet\ *) ;; + *) continue ;; esac [ -z "$_inet" ] && break -- cgit v1.1 From 43f8960ec8512d0bdff16abf521438e31c9432b8 Mon Sep 17 00:00:00 2001 From: jlh Date: Sun, 25 Aug 2013 07:46:18 +0000 Subject: Move daily_status_security_noamd next to 200.chkmounts's variables. --- etc/defaults/periodic.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'etc') diff --git a/etc/defaults/periodic.conf b/etc/defaults/periodic.conf index e630e1d..4dc2478 100644 --- a/etc/defaults/periodic.conf +++ b/etc/defaults/periodic.conf @@ -166,7 +166,6 @@ daily_local="/etc/daily.local" # Local scripts # 450.status-security above. daily_status_security_inline="NO" # Run inline ? daily_status_security_output="root" # user or /file -daily_status_security_noamd="NO" # Don't check amd mounts daily_status_security_logdir="/var/log" # Directory for logs daily_status_security_diff_flags="-b -u" # flags for diff output @@ -180,6 +179,7 @@ daily_status_security_neggrpperm_enable="YES" daily_status_security_chkmounts_enable="YES" #daily_status_security_chkmounts_ignore="^amd:" # Don't check matching # FS types +daily_status_security_noamd="NO" # Don't check amd mounts # 300.chkuid0 daily_status_security_chkuid0_enable="YES" -- cgit v1.1 From 2194a6603d76d977fda661e9938aebfe18cf3375 Mon Sep 17 00:00:00 2001 From: jlh Date: Tue, 27 Aug 2013 21:20:28 +0000 Subject: Make the period of each periodic security script configurable. There are now six additional variables weekly_status_security_enable weekly_status_security_inline weekly_status_security_output monthly_status_security_enable monthly_status_security_inline monthly_status_security_output alongside their existing daily counterparts. They all have the same default values. All other "daily_status_security_${scriptname}_${whatever}" variables have been renamed to "security_status_${name}_${whatever}". A compatibility shim has been introduced for the old variable names, which we will be able to remove in 11.0-RELEASE. "security_status_${name}_enable" is still a boolean but a new "security_status_${name}_period" allows to define the period of each script. The value is one of "daily" (the default for backward compatibility), "weekly", "monthly" and "NO". Note that when the security periodic scripts are run directly from crontab(5) (as opposed to being called by daily or weekly periodic scripts), they will run unless the test is explicitely disabled with a "NO", either for in the "_enable" or the "_period" variable. When the security output is not inlined, the mail subject has been changed from "$host $arg run output" to "$host $arg $period run output". For instance: myfbsd security run output -> myfbsd security daily run output I don't think this is considered as a stable API, but feel free to correct me if I'm wrong. Finally, I will rearrange periodic.conf(5) and default/periodic.conf to put the security options in their own section. I left them in place for this commit to make reviewing easier. Reviewed by: hackers@ --- etc/defaults/periodic.conf | 147 ++++++++++++++++++++++++++----- etc/periodic/monthly/450.status-security | 41 +++++++++ etc/periodic/security/100.chksetuid | 12 ++- etc/periodic/security/110.neggrpperm | 9 +- etc/periodic/security/200.chkmounts | 17 ++-- etc/periodic/security/300.chkuid0 | 13 +-- etc/periodic/security/400.passwdless | 13 +-- etc/periodic/security/410.logincheck | 13 +-- etc/periodic/security/460.chkportsum | 12 ++- etc/periodic/security/500.ipfwdenied | 11 +-- etc/periodic/security/510.ipfdenied | 11 +-- etc/periodic/security/520.pfdenied | 11 +-- etc/periodic/security/550.ipfwlimit | 11 +-- etc/periodic/security/610.ipf6denied | 11 +-- etc/periodic/security/700.kernelmsg | 11 +-- etc/periodic/security/800.loginfail | 16 ++-- etc/periodic/security/900.tcpwrap | 16 ++-- etc/periodic/security/security.functions | 12 ++- etc/periodic/weekly/450.status-security | 41 +++++++++ etc/periodic/weekly/Makefile | 1 + 20 files changed, 322 insertions(+), 107 deletions(-) create mode 100755 etc/periodic/monthly/450.status-security create mode 100755 etc/periodic/weekly/450.status-security (limited to 'etc') diff --git a/etc/defaults/periodic.conf b/etc/defaults/periodic.conf index 4dc2478..5dd7fa9 100644 --- a/etc/defaults/periodic.conf +++ b/etc/defaults/periodic.conf @@ -128,7 +128,9 @@ daily_status_include_submit_mailq="YES" # Also submit queue # 450.status-security daily_status_security_enable="YES" # Security check -# See "Security options" below for more options +# See also "Security options" below for more options +daily_status_security_inline="NO" # Run inline ? +daily_status_security_output="root" # user or /file # 460.status-mail-rejects daily_status_mail_rejects_enable="YES" # Check mail rejects @@ -163,59 +165,78 @@ daily_local="/etc/daily.local" # Local scripts # Security options # These options are used by the security periodic(8) scripts spawned in -# 450.status-security above. -daily_status_security_inline="NO" # Run inline ? -daily_status_security_output="root" # user or /file -daily_status_security_logdir="/var/log" # Directory for logs -daily_status_security_diff_flags="-b -u" # flags for diff output +# daily and weekly 450.status-security. +security_status_logdir="/var/log" # Directory for logs +security_status_diff_flags="-b -u" # flags for diff output + +# Each of the security_status_*_enable options below can have one of the +# following values: +# - NO +# - daily: only run during the daily security status +# - weekly: only run during the weekly security status # 100.chksetuid -daily_status_security_chksetuid_enable="YES" +security_status_chksetuid_enable="YES" +security_status_chksetuid_period="daily" # 110.neggrpperm -daily_status_security_neggrpperm_enable="YES" +security_status_neggrpperm_enable="YES" +security_status_neggrpperm_period="daily" # 200.chkmounts -daily_status_security_chkmounts_enable="YES" -#daily_status_security_chkmounts_ignore="^amd:" # Don't check matching +security_status_chkmounts_enable="YES" +security_status_chkmounts_period="daily" +#security_status_chkmounts_ignore="^amd:" # Don't check matching # FS types -daily_status_security_noamd="NO" # Don't check amd mounts +security_status_noamd="NO" # Don't check amd mounts # 300.chkuid0 -daily_status_security_chkuid0_enable="YES" +security_status_chkuid0_enable="YES" +security_status_chkuid0_period="daily" # 400.passwdless -daily_status_security_passwdless_enable="YES" +security_status_passwdless_enable="YES" +security_status_passwdless_period="daily" # 410.logincheck -daily_status_security_logincheck_enable="YES" +security_status_logincheck_enable="YES" +security_status_logincheck_period="daily" # 460.chkportsum -daily_status_security_chkportsum_enable="NO" # Check ports w/ wrong checksum +security_status_chkportsum_enable="NO" # Check ports w/ wrong checksum +security_status_chkportsum_period="daily" # 500.ipfwdenied -daily_status_security_ipfwdenied_enable="YES" +security_status_ipfwdenied_enable="YES" +security_status_ipfwdenied_period="daily" # 510.ipfdenied -daily_status_security_ipfdenied_enable="YES" +security_status_ipfdenied_enable="YES" +security_status_ipfdenied_period="daily" # 520.pfdenied -daily_status_security_pfdenied_enable="YES" +security_status_pfdenied_enable="YES" +security_status_pfdenied_period="daily" # 550.ipfwlimit -daily_status_security_ipfwlimit_enable="YES" +security_status_ipfwlimit_enable="YES" +security_status_ipfwlimit_period="daily" # 610.ipf6denied -daily_status_security_ipf6denied_enable="YES" +security_status_ipf6denied_enable="YES" +security_status_ipf6denied_period="daily" # 700.kernelmsg -daily_status_security_kernelmsg_enable="YES" +security_status_kernelmsg_enable="YES" +security_status_kernelmsg_period="daily" # 800.loginfail -daily_status_security_loginfail_enable="YES" +security_status_loginfail_enable="YES" +security_status_loginfail_period="daily" # 900.tcpwrap -daily_status_security_tcpwrap_enable="YES" +security_status_tcpwrap_enable="YES" +security_status_tcpwrap_period="daily" # Weekly options @@ -248,6 +269,12 @@ weekly_status_pkg_enable="NO" # Find out-of-date pkgs pkg_version=pkg_version # Use this program pkg_version_index=/usr/ports/INDEX-10 # Use this index file +# 450.status-security +weekly_status_security_enable="YES" # Security check +# See also "Security options" above for more options +weekly_status_security_inline="NO" # Run inline ? +weekly_status_security_output="root" # user or /file + # 999.local weekly_local="/etc/weekly.local" # Local scripts @@ -267,6 +294,12 @@ monthly_show_badconfig="NO" # scripts returning 2 # 200.accounting monthly_accounting_enable="YES" # Login accounting +# 450.status-security +monthly_status_security_enable="YES" # Security check +# See also "Security options" above for more options +monthly_status_security_inline="NO" # Run inline ? +monthly_status_security_output="root" # user or /file + # 999.local monthly_local="/etc/monthly.local" # Local scripts @@ -276,6 +309,74 @@ monthly_local="/etc/monthly.local" # Local scripts if [ -z "${source_periodic_confs_defined}" ]; then source_periodic_confs_defined=yes + + # Compatibility with old daily variable names. + # They can be removed in stable/11. + security_daily_compat_var() { + local var=$1 dailyvar value + + dailyvar=daily_status_security${#status_security} + periodvar=${var%enable}period + eval value=\"\$$dailyvar\" + [ -z "$value" ] && return + echo "Warning: Variable \$$dailyvar is deprecated," \ + "use \$$var instead." >&2 + case "$value" in + [Yy][Ee][Ss]) + $var=YES + $periodvar=daily + ;; + *) + $var="$value" + ;; + esac + } + + check_yesno_period() { + local var="$1" periodvar value period + + eval value=\"\$$var\" + case "$value" in + [Yy][Ee][Ss]) ;; + *) return 1 ;; + esac + + periodvar=${var%enable}period + eval period=\"\$$periodvar\" + case "$PERIODIC" in + "security daily") + case "$period" in + [Dd][Aa][Ii][Ll][Yy]) return 0 ;; + *) return 1 ;; + esac + ;; + "security weekly") + case "$period" in + [Ww][Ee][Ee][Kk][Ll][Yy]) return 0 ;; + *) return 1 ;; + esac + ;; + "security monthly") + case "$period" in + [Mm][Oo][Nn][Tt][Hh][Ll][Yy]) return 0 ;; + *) return 1 ;; + esac + ;; + security) + # Run directly from crontab(5). + case "$period" in + [Nn][Oo]) return 1 ;; + *) return 0 ;; + esac + ;; + *) + echo "ASSERTION FAILED: Unexpected value for " \ + "\$PERIODIC: '$PERIODIC'" >&2 + exit 127 + ;; + esac + } + source_periodic_confs() { local i sourced_files diff --git a/etc/periodic/monthly/450.status-security b/etc/periodic/monthly/450.status-security new file mode 100755 index 0000000..027c896 --- /dev/null +++ b/etc/periodic/monthly/450.status-security @@ -0,0 +1,41 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# If there is a global system configuration file, suck it in. +# +if [ -r /etc/defaults/periodic.conf ] +then + . /etc/defaults/periodic.conf + source_periodic_confs +fi + +case "$monthly_status_security_enable" in + [Yy][Ee][Ss]) + echo "" + echo "Security check:" + + case "$monthly_status_security_inline" in + [Yy][Ee][Ss]) + monthly_status_security_output="";; + esac + + export security_output="${monthly_status_security_output}" + case "${monthly_status_security_output}" in + "") + rc=3;; + /*) + echo " (output logged separately)" + rc=0;; + *) + echo " (output mailed separately)" + rc=0;; + esac + + periodic security || rc=3;; + + *) rc=0;; +esac + +exit $rc diff --git a/etc/periodic/security/100.chksetuid b/etc/periodic/security/100.chksetuid index 5b93b20..95920a6 100755 --- a/etc/periodic/security/100.chksetuid +++ b/etc/periodic/security/100.chksetuid @@ -37,10 +37,12 @@ fi . /etc/periodic/security/security.functions +security_daily_compat_var security_status_chksetuid_enable + rc=0 -case "$daily_status_security_chksetuid_enable" in - [Yy][Ee][Ss]) +if check_yesno_period security_status_chksetuid_enable +then echo "" echo 'Checking setuid files and devices:' MP=`mount -t ufs,zfs | awk '$0 !~ /no(suid|exec)/ { print $3 }'` @@ -49,10 +51,6 @@ case "$daily_status_security_chksetuid_enable" in \( -perm -u+s -or -perm -g+s \) -exec ls -liTd \{\} \+ | check_diff setuid - "${host} setuid diffs:" rc=$? - ;; - *) - rc=0 - ;; -esac +fi exit $rc diff --git a/etc/periodic/security/110.neggrpperm b/etc/periodic/security/110.neggrpperm index 68d1e7b..1d545ac 100755 --- a/etc/periodic/security/110.neggrpperm +++ b/etc/periodic/security/110.neggrpperm @@ -35,10 +35,12 @@ then source_periodic_confs fi +security_daily_compat_var security_status_neggrpperm_enable + rc=0 -case "$daily_status_security_neggrpperm_enable" in - [Yy][Ee][Ss]) +if check_yesno_period security_status_neggrpperm_enable +then echo "" echo 'Checking negative group permissions:' MP=`mount -t ufs,zfs | awk '$0 !~ /no(suid|exec)/ { print $3 }'` @@ -48,7 +50,6 @@ case "$daily_status_security_neggrpperm_enable" in \( ! -perm +040 -and -perm +004 \) \) \ -exec ls -liTd \{\} \+ | tee /dev/stderr | wc -l) [ $n -gt 0 ] && rc=1 || rc=0 - ;; -esac +fi exit $rc diff --git a/etc/periodic/security/200.chkmounts b/etc/periodic/security/200.chkmounts index 17b114e..7b14866 100755 --- a/etc/periodic/security/200.chkmounts +++ b/etc/periodic/security/200.chkmounts @@ -40,12 +40,16 @@ fi . /etc/periodic/security/security.functions -ignore="${daily_status_security_chkmounts_ignore}" +security_daily_compat_var security_status_chkmounts_enable +security_daily_compat_var security_status_chkmounts_ignore +security_daily_compat_var security_status_noamd + +ignore="${security_status_chkmounts_ignore}" rc=0 -case "$daily_status_security_chkmounts_enable" in - [Yy][Ee][Ss]) - case "$daily_status_security_noamd" in +if check_yesno_period security_status_chkmounts_enable +then + case "$security_status_noamd" in [Yy][Ee][Ss]) ignore="${ignore}|^amd:" esac @@ -55,8 +59,7 @@ case "$daily_status_security_chkmounts_enable" in fi mount -p | sort | ${cmd} | check_diff mount - "${host} changes in mounted filesystems:" - rc=$?;; - *) rc=0;; -esac + rc=$? +fi exit "$rc" diff --git a/etc/periodic/security/300.chkuid0 b/etc/periodic/security/300.chkuid0 index 32cc16c..73578e2 100755 --- a/etc/periodic/security/300.chkuid0 +++ b/etc/periodic/security/300.chkuid0 @@ -36,16 +36,19 @@ then source_periodic_confs fi -case "$daily_status_security_chkuid0_enable" in - [Yy][Ee][Ss]) +security_daily_compat_var security_status_chkuid0_enable + +rc=0 + +if check_yesno_period security_status_chkuid0_enable +then echo "" echo 'Checking for uids of 0:' n=$(awk -F: '/^#/ {next} $3==0 {print $1,$3}' /etc/master.passwd | tee /dev/stderr | sed -e '/^root 0$/d' -e '/^toor 0$/d' | wc -l) - [ $n -gt 0 ] && rc=1 || rc=0;; - *) rc=0;; -esac + [ $n -gt 0 ] && rc=1 || rc=0 +fi exit "$rc" diff --git a/etc/periodic/security/400.passwdless b/etc/periodic/security/400.passwdless index 42ece04..5e851ac 100755 --- a/etc/periodic/security/400.passwdless +++ b/etc/periodic/security/400.passwdless @@ -35,14 +35,17 @@ then source_periodic_confs fi -case "$daily_status_security_passwdless_enable" in - [Yy][Ee][Ss]) +security_daily_compat_var security_status_passwdless_enable + +rc=0 + +if check_yesno_period security_status_passwdless_enable +then echo "" echo 'Checking for passwordless accounts:' n=$(awk -F: 'NF > 1 && $1 !~ /^[#+-]/ && $2=="" {print $0}' /etc/master.passwd | tee /dev/stderr | wc -l) - [ $n -gt 0 ] && rc=1 || rc=0;; - *) rc=0;; -esac + [ $n -gt 0 ] && rc=1 || rc=0 +fi exit "$rc" diff --git a/etc/periodic/security/410.logincheck b/etc/periodic/security/410.logincheck index f6cf405..41e7f65 100755 --- a/etc/periodic/security/410.logincheck +++ b/etc/periodic/security/410.logincheck @@ -35,8 +35,12 @@ then source_periodic_confs fi -case "$daily_status_security_logincheck_enable" in - [Yy][Ee][Ss]) +security_daily_compat_var security_status_logincheck_enable + +rc=0 + +if check_yesno_period security_status_logincheck_enable +then echo "" echo 'Checking login.conf permissions:' if [ -G /etc/login.conf -a -O /etc/login.conf ]; then @@ -45,8 +49,7 @@ case "$daily_status_security_logincheck_enable" in echo "Bad ownership of /etc/login.conf" n=1 fi - [ $n -gt 0 ] && rc=1 || rc=0;; - *) rc=0;; -esac + [ $n -gt 0 ] && rc=1 || rc=0 +fi exit "$rc" diff --git a/etc/periodic/security/460.chkportsum b/etc/periodic/security/460.chkportsum index 3a39c84..18a12ec 100755 --- a/etc/periodic/security/460.chkportsum +++ b/etc/periodic/security/460.chkportsum @@ -35,13 +35,15 @@ fi . /etc/periodic/security/security.functions +security_daily_compat_var security_status_chkportsum_enable + rc=0 echo "" echo 'Checking for ports with mismatched checksums:' -case "${daily_status_security_chkportsum_enable}" in - [Yy][Ee][Ss]) +if check_yesno_period security_status_chkportsum_enable +then set -f pkg_info -ga 2>/dev/null | \ while IFS= read -r line; do @@ -59,10 +61,6 @@ case "${daily_status_security_chkportsum_enable}" in ;; esac done - ;; - *) - rc=0 - ;; -esac +fi exit $rc diff --git a/etc/periodic/security/500.ipfwdenied b/etc/periodic/security/500.ipfwdenied index 6a6fb8b4..f39ca0e 100755 --- a/etc/periodic/security/500.ipfwdenied +++ b/etc/periodic/security/500.ipfwdenied @@ -37,17 +37,18 @@ fi . /etc/periodic/security/security.functions +security_daily_compat_var security_status_ipfwdenied_enable + rc=0 -case "$daily_status_security_ipfwdenied_enable" in - [Yy][Ee][Ss]) +if check_yesno_period security_status_ipfwdenied_enable +then TMP=`mktemp -t security` if ipfw -a list 2>/dev/null | egrep "deny|reset|unreach" > ${TMP}; then check_diff new_only ipfw ${TMP} "${host} ipfw denied packets:" fi rc=$? - rm -f ${TMP};; - *) rc=0;; -esac + rm -f ${TMP} +fi exit $rc diff --git a/etc/periodic/security/510.ipfdenied b/etc/periodic/security/510.ipfdenied index 2058d2b..bed75e6 100755 --- a/etc/periodic/security/510.ipfdenied +++ b/etc/periodic/security/510.ipfdenied @@ -37,17 +37,18 @@ fi . /etc/periodic/security/security.functions +security_daily_compat_var security_status_ipfdenied_enable + rc=0 -case "$daily_status_security_ipfdenied_enable" in - [Yy][Ee][Ss]) +if check_yesno_period security_status_ipfdenied_enable +then TMP=`mktemp -t security` if ipfstat -nhio 2>/dev/null | grep block > ${TMP}; then check_diff new_only ipf ${TMP} "${host} ipf denied packets:" fi rc=$? - rm -f ${TMP};; - *) rc=0;; -esac + rm -f ${TMP} +fi exit $rc diff --git a/etc/periodic/security/520.pfdenied b/etc/periodic/security/520.pfdenied index 5e51393..7a32bf2 100755 --- a/etc/periodic/security/520.pfdenied +++ b/etc/periodic/security/520.pfdenied @@ -37,17 +37,18 @@ fi . /etc/periodic/security/security.functions +security_daily_compat_var security_status_pfdenied_enable + rc=0 -case "$daily_status_security_pfdenied_enable" in - [Yy][Ee][Ss]) +if check_yesno_period security_status_pfdenied_enable +then TMP=`mktemp -t security` if pfctl -sr -v 2>/dev/null | nawk '{if (/^block/) {buf=$0; getline; gsub(" +"," ",$0); print buf$0;} }' > ${TMP}; then check_diff new_only pf ${TMP} "${host} pf denied packets:" fi rc=$? - rm -f ${TMP};; - *) rc=0;; -esac + rm -f ${TMP} +fi exit $rc diff --git a/etc/periodic/security/550.ipfwlimit b/etc/periodic/security/550.ipfwlimit index daa0f86..86932c6 100755 --- a/etc/periodic/security/550.ipfwlimit +++ b/etc/periodic/security/550.ipfwlimit @@ -38,10 +38,12 @@ then source_periodic_confs fi +security_daily_compat_var security_status_ipfwlimit_enable + rc=0 -case "$daily_status_security_ipfwlimit_enable" in - [Yy][Ee][Ss]) +if check_yesno_period security_status_ipfwlimit_enable +then IPFW_VERBOSE=`sysctl -n net.inet.ip.fw.verbose 2> /dev/null` if [ $? -ne 0 ] || [ "$IPFW_VERBOSE" -eq 0 ]; then exit 0 @@ -61,8 +63,7 @@ case "$daily_status_security_ipfwlimit_enable" in echo 'ipfw log limit reached:' cat ${TMP} fi - rm -f ${TMP};; - *) rc=0;; -esac + rm -f ${TMP} +fi exit $rc diff --git a/etc/periodic/security/610.ipf6denied b/etc/periodic/security/610.ipf6denied index 6c64d92..7e02cfc 100755 --- a/etc/periodic/security/610.ipf6denied +++ b/etc/periodic/security/610.ipf6denied @@ -37,17 +37,18 @@ fi . /etc/periodic/security/security.functions +security_daily_compat_var security_status_ipf6denied_enable + rc=0 -case "$daily_status_security_ipf6denied_enable" in - [Yy][Ee][Ss]) +if check_yesno_period security_status_ipf6denied_enable +then TMP=`mktemp ${TMPDIR:-/tmp}/security.XXXXXXXXXX` if ipfstat -nhio6 2>/dev/null | grep block > ${TMP}; then check_diff new_only ipf6 ${TMP} "${host} ipf6 denied packets:" fi rc=$? - rm -f ${TMP};; - *) rc=0;; -esac + rm -f ${TMP} +fi exit $rc diff --git a/etc/periodic/security/700.kernelmsg b/etc/periodic/security/700.kernelmsg index fb5ed63..8bf6491 100755 --- a/etc/periodic/security/700.kernelmsg +++ b/etc/periodic/security/700.kernelmsg @@ -40,14 +40,15 @@ fi . /etc/periodic/security/security.functions +security_daily_compat_var security_status_kernelmsg_enable + rc=0 -case "$daily_status_security_kernelmsg_enable" in - [Yy][Ee][Ss]) +if check_yesno_period security_status_kernelmsg_enable +then dmesg 2>/dev/null | check_diff new_only dmesg - "${host} kernel log messages:" - rc=$?;; - *) rc=0;; -esac + rc=$? +fi exit $rc diff --git a/etc/periodic/security/800.loginfail b/etc/periodic/security/800.loginfail index 767b959..a0de96d 100755 --- a/etc/periodic/security/800.loginfail +++ b/etc/periodic/security/800.loginfail @@ -38,7 +38,10 @@ then source_periodic_confs fi -LOG="${daily_status_security_logdir}" +security_daily_compat_var security_status_logdir +security_daily_compat_var security_status_loginfail_enable + +LOG="${security_status_logdir}" yesterday=`date -v-1d "+%b %e "` @@ -55,14 +58,15 @@ catmsgs() { [ -f ${LOG}/auth.log ] && cat $LOG/auth.log } -case "$daily_status_security_loginfail_enable" in - [Yy][Ee][Ss]) +rc=0 + +if check_yesno_period security_status_loginfail_enable +then echo "" echo "${host} login failures:" n=$(catmsgs | egrep -ia "^$yesterday.*: .*(fail|invalid|bad|illegal)" | tee /dev/stderr | wc -l) - [ $n -gt 0 ] && rc=1 || rc=0;; - *) rc=0;; -esac + [ $n -gt 0 ] && rc=1 || rc=0 +fi exit $rc diff --git a/etc/periodic/security/900.tcpwrap b/etc/periodic/security/900.tcpwrap index 55f7709..10b02e9 100755 --- a/etc/periodic/security/900.tcpwrap +++ b/etc/periodic/security/900.tcpwrap @@ -38,7 +38,10 @@ then source_periodic_confs fi -LOG="${daily_status_security_logdir}" +security_daily_compat_var security_status_logdir +security_daily_compat_var security_status_tcpwrap_enable + +LOG="${security_status_logdir}" yesterday=`date -v-1d "+%b %e "` @@ -55,14 +58,15 @@ catmsgs() { [ -f ${LOG}/messages ] && cat $LOG/messages } -case "$daily_status_security_tcpwrap_enable" in - [Yy][Ee][Ss]) +rc=0 + +if check_yesno_period security_status_tcpwrap_enable +then echo "" echo "${host} refused connections:" n=$(catmsgs | grep -i "^$yesterday.*refused connect" | tee /dev/stderr | wc -l) - [ $n -gt 0 ] && rc=1 || rc=0;; - *) rc=0;; -esac + [ $n -gt 0 ] && rc=1 || rc=0 +fi exit $rc diff --git a/etc/periodic/security/security.functions b/etc/periodic/security/security.functions index f5b8dcd..bc2bcba 100644 --- a/etc/periodic/security/security.functions +++ b/etc/periodic/security/security.functions @@ -27,11 +27,19 @@ # $FreeBSD$ # +# This is a library file, so we only try to do something when sourced. +case "$0" in +*/security.functions) exit 0 ;; +esac + +security_daily_compat_var security_status_logdir +security_daily_compat_var security_status_diff_flags + # # Show differences in the output of an audit command # -LOG="${daily_status_security_logdir}" +LOG="${security_status_logdir}" rc=0 # Usage: COMMAND | check_diff [new_only] LABEL - MSG @@ -67,7 +75,7 @@ check_diff() { [ $rc -lt 1 ] && rc=1 echo "" echo "${msg}" - diff ${daily_status_security_diff_flags} ${LOG}/${label}.today \ + diff ${security_status_diff_flags} ${LOG}/${label}.today \ ${tmpf} | eval "${filter}" mv ${LOG}/${label}.today ${LOG}/${label}.yesterday || rc=3 mv ${tmpf} ${LOG}/${label}.today || rc=3 diff --git a/etc/periodic/weekly/450.status-security b/etc/periodic/weekly/450.status-security new file mode 100755 index 0000000..513fbda --- /dev/null +++ b/etc/periodic/weekly/450.status-security @@ -0,0 +1,41 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# If there is a global system configuration file, suck it in. +# +if [ -r /etc/defaults/periodic.conf ] +then + . /etc/defaults/periodic.conf + source_periodic_confs +fi + +case "$weekly_status_security_enable" in + [Yy][Ee][Ss]) + echo "" + echo "Security check:" + + case "$weekly_status_security_inline" in + [Yy][Ee][Ss]) + weekly_status_security_output="";; + esac + + export security_output="${weekly_status_security_output}" + case "${weekly_status_security_output}" in + "") + rc=3;; + /*) + echo " (output logged separately)" + rc=0;; + *) + echo " (output mailed separately)" + rc=0;; + esac + + periodic security || rc=3;; + + *) rc=0;; +esac + +exit $rc diff --git a/etc/periodic/weekly/Makefile b/etc/periodic/weekly/Makefile index 7f2eae2..057653d 100644 --- a/etc/periodic/weekly/Makefile +++ b/etc/periodic/weekly/Makefile @@ -3,6 +3,7 @@ .include FILES= 340.noid \ + 450.status-security \ 999.local # NB: keep these sorted by MK_* knobs -- cgit v1.1 From 976074d43e046c7be4a8f1855ef3005150d23eb3 Mon Sep 17 00:00:00 2001 From: jlh Date: Tue, 27 Aug 2013 21:28:12 +0000 Subject: Install 450.status-security. --- etc/periodic/monthly/Makefile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'etc') diff --git a/etc/periodic/monthly/Makefile b/etc/periodic/monthly/Makefile index 77c1d66..b7fb6e4 100644 --- a/etc/periodic/monthly/Makefile +++ b/etc/periodic/monthly/Makefile @@ -2,7 +2,8 @@ .include -FILES= 999.local +FILES= 450.status-security \ + 999.LOCAL # NB: keep these sorted by MK_* knobs -- cgit v1.1 From d0a699d53c2a04569b291206089fe531b5e57b82 Mon Sep 17 00:00:00 2001 From: jkim Date: Tue, 27 Aug 2013 22:37:29 +0000 Subject: Fix a typo introduced in r254975. --- etc/periodic/monthly/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'etc') diff --git a/etc/periodic/monthly/Makefile b/etc/periodic/monthly/Makefile index b7fb6e4..d9e4969 100644 --- a/etc/periodic/monthly/Makefile +++ b/etc/periodic/monthly/Makefile @@ -3,7 +3,7 @@ .include FILES= 450.status-security \ - 999.LOCAL + 999.local # NB: keep these sorted by MK_* knobs -- cgit v1.1 From 3289affe76fc0e2203d4103c7e856aabd6f7aa32 Mon Sep 17 00:00:00 2001 From: gavin Date: Wed, 28 Aug 2013 15:12:15 +0000 Subject: After writing a kernel core dump into /var/crash, call sync(8). If we panic again shortly after boot (say, within 30 seconds), any core dump we wrote out may be lost on reboot. In this situation, we really want to keep that core file, as it may be the only way to have the issue resolved. Call sync(8) after writing out the core file and running crashinfo(8), in the hope that these will not be lost if we panic again. sync(8) is only called in the case where there is a core dump to be written out, so won't be called during normal boots. Discovered by: Trying to debug an IPSEC panic MFC after: 1 week --- etc/rc.d/savecore | 1 + 1 file changed, 1 insertion(+) (limited to 'etc') diff --git a/etc/rc.d/savecore b/etc/rc.d/savecore index a39d5ba..2176be9 100755 --- a/etc/rc.d/savecore +++ b/etc/rc.d/savecore @@ -70,6 +70,7 @@ savecore_start() if checkyesno crashinfo_enable; then ${crashinfo_program} -d ${dumpdir} fi + sync else check_startmsgs && echo 'No core dumps found.' fi -- cgit v1.1 From a58112bf45ed15f61878fa7d68f2a492dacfdb85 Mon Sep 17 00:00:00 2001 From: delphij Date: Thu, 29 Aug 2013 17:40:03 +0000 Subject: Add a few missing language directories for /usr. --- etc/mtree/BSD.usr.dist | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'etc') diff --git a/etc/mtree/BSD.usr.dist b/etc/mtree/BSD.usr.dist index 339ae55..62117f5 100644 --- a/etc/mtree/BSD.usr.dist +++ b/etc/mtree/BSD.usr.dist @@ -63,6 +63,8 @@ atf .. calendar + de_AT.ISO_8859-15 + .. de_DE.ISO8859-1 .. fr_FR.ISO8859-1 @@ -71,8 +73,14 @@ .. hu_HU.ISO8859-2 .. + pt_BR.ISO8859-1 + .. + pt_BR.UTF-8 + .. ru_RU.KOI8-R .. + ru_RU.UTF-8 + .. uk_UA.KOI8-U .. .. -- cgit v1.1 From 4d90834da43f660fc930f3946a35b5cb4e9b4e55 Mon Sep 17 00:00:00 2001 From: delphij Date: Thu, 29 Aug 2013 17:45:13 +0000 Subject: Add directories that is installed as part of bsdconfig. These are included unconditionally for now because bsdconfig is currently installed unconditionally. This fixes 'make -j 17 installworld' caused by a race condition. MFC candidate. --- etc/mtree/BSD.usr.dist | 74 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 74 insertions(+) (limited to 'etc') diff --git a/etc/mtree/BSD.usr.dist b/etc/mtree/BSD.usr.dist index 62117f5..636a5d2 100644 --- a/etc/mtree/BSD.usr.dist +++ b/etc/mtree/BSD.usr.dist @@ -42,6 +42,62 @@ .. .. libexec + bsdconfig + 020.docsinstall + include + .. + .. + 030.packages + include + .. + .. + 040.password + include + .. + .. + 050.diskmgmt + include + .. + .. + 070.usermgmt + include + .. + .. + 080.console + include + .. + .. + 090.timezone + include + .. + .. + 110.mouse + include + .. + .. + 120.networking + include + .. + .. + 130.security + include + .. + .. + 140.startup + include + .. + .. + 150.ttys + include + .. + .. + dot + include + .. + .. + include + .. + .. bsdinstall .. lpr @@ -62,6 +118,22 @@ share atf .. + bsdconfig + media + .. + networking + .. + packages + .. + password + .. + startup + .. + timezone + .. + usermgmt + .. + .. calendar de_AT.ISO_8859-15 .. @@ -229,6 +301,8 @@ .. bootforth .. + bsdconfig + .. csh .. cvsup -- cgit v1.1 From f611b39b097571da28419bf99f104f2ce7d2d7ae Mon Sep 17 00:00:00 2001 From: ian Date: Sun, 1 Sep 2013 14:28:12 +0000 Subject: Regenerate after recent addition of FTDI and bluetooth device IDs. --- etc/devd/usb.conf | 100 +++++++++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 96 insertions(+), 4 deletions(-) (limited to 'etc') diff --git a/etc/devd/usb.conf b/etc/devd/usb.conf index 8be81ed..449b20b 100644 --- a/etc/devd/usb.conf +++ b/etc/devd/usb.conf @@ -129,7 +129,7 @@ nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; match "vendor" "0x0403"; - match "product" "(0x6001|0x6004|0x6006|0x6006|0x6010|0x6011|0x6014|0x8372|0x9378|0x9379|0x937a|0x937c|0x9868|0x9e90|0x9f80|0xa6d0|0xabb8|0xb810|0xb811|0xb812|0xbaf8|0xbbe2|0xbca0|0xbca1|0xbca2|0xbca4|0xbcd8|0xbcd9|0xbcda|0xbdc8|0xbfd8|0xbfd9|0xbfda|0xbfdb|0xbfdc|0xc7d0|0xc850|0xc991|0xcaa0|0xcc48|0xcc49|0xcc4a|0xd010|0xd011|0xd012|0xd013|0xd014|0xd015|0xd016|0xd017|0xd070|0xd071|0xd388|0xd389|0xd38a|0xd38b|0xd38c|0xd38d|0xd38e|0xd38f|0xd578|0xd678|0xd738|0xd780|0xdaf8|0xdaf9|0xdafa|0xdafb|0xdafc|0xdafd|0xdafe|0xdaff|0xdc00|0xdc01|0xdd20|0xdf28|0xdf30|0xdf31|0xdf32|0xdf33|0xdf35|0xe000|0xe001|0xe002|0xe004|0xe006|0xe008|0xe009|0xe00a|0xe050|0xe0e8|0xe0e9|0xe0ea|0xe0eb|0xe0ec|0xe0ed|0xe0ee|0xe0ef|0xe0f0|0xe0f1|0xe0f2|0xe0f3|0xe0f4|0xe0f5|0xe0f6|0xe0f7|0xe40b|0xe520|0xe548|0xe6c8|0xe700|0xe729|0xe808|0xe809|0xe80a|0xe80b|0xe80c|0xe80d|0xe80e|0xe80f|0xe888|0xe889|0xe88a|0xe88b|0xe88c|0xe88d|0xe88e|0xe88f|0xea90|0xebe0|0xec88|0xec89|0xed22|0xed71|0xed72|0xed73|0xed74|0xee18|0xeee8|0xeee9|0xeeea|0xeeeb|0xeeec|0xeeed|0xeeee|0xeeef|0xef50|0xef51|0xf068|0xf069|0xf06a|0xf06b|0xf06c|0xf06d|0xf06e|0xf06f|0xf070|0xf0c0|0xf0c8|0xf208|0xf2d0|0xf3c0|0xf3c1|0xf3c2|0xf448|0xf449|0xf44a|0xf44b|0xf44c|0xf460|0xf608|0xf60b|0xf680|0xf850|0xf857|0xf9d0|0xf9d1|0xf9d2|0xf9d3|0xf9d4|0xf9d5|0xfa00|0xfa01|0xfa02|0xfa03|0xfa04|0xfa05|0xfa06|0xfa10|0xfa33|0xfa88|0xfad0|0xfaf0|0xfb58|0xfb59|0xfb5a|0xfb5b|0xfb5c|0xfb5d|0xfb5e|0xfb5f|0xfb80|0xfb99|0xfbfa|0xfc08|0xfc09|0xfc0a|0xfc0b|0xfc0c|0xfc0d|0xfc0e|0xfc0f|0xfc60|0xfc70|0xfc71|0xfc72|0xfc73|0xfc82|0xfd60|0xfe38|0xff00|0xff18|0xff1c|0xff1d|0xff20|0xff38|0xff39|0xff3a|0xff3b|0xff3c|0xff3d|0xff3e|0xff3f|0xffa8)"; + match "product" "(0x6001|0x6004|0x6006|0x6006|0x6010|0x6011|0x6014|0x6015|0x8372|0x9378|0x9379|0x937a|0x937c|0x9868|0x9e90|0x9f80|0xa6d0|0xabb8|0xb810|0xb811|0xb812|0xbaf8|0xbbe2|0xbca0|0xbca1|0xbca2|0xbca4|0xbcd8|0xbcd9|0xbcda|0xbdc8|0xbfd8|0xbfd9|0xbfda|0xbfdb|0xbfdc|0xc7d0|0xc850|0xc991|0xcaa0|0xcc48|0xcc49|0xcc4a|0xd010|0xd011|0xd012|0xd013|0xd014|0xd015|0xd016|0xd017|0xd070|0xd071|0xd388|0xd389|0xd38a|0xd38b|0xd38c|0xd38d|0xd38e|0xd38f|0xd578|0xd678|0xd738|0xd780|0xdaf8|0xdaf9|0xdafa|0xdafb|0xdafc|0xdafd|0xdafe|0xdaff|0xdc00|0xdc01|0xdd20|0xdf28|0xdf30|0xdf31|0xdf32|0xdf33|0xdf35|0xe000|0xe001|0xe002|0xe004|0xe006|0xe008|0xe009|0xe00a|0xe050|0xe0e8|0xe0e9|0xe0ea|0xe0eb|0xe0ec|0xe0ed|0xe0ee|0xe0ef|0xe0f0|0xe0f1|0xe0f2|0xe0f3|0xe0f4|0xe0f5|0xe0f6|0xe0f7|0xe40b|0xe520|0xe548|0xe6c8|0xe700|0xe729|0xe808|0xe809|0xe80a|0xe80b|0xe80c|0xe80d|0xe80e|0xe80f|0xe888|0xe889|0xe88a|0xe88b|0xe88c|0xe88d|0xe88e|0xe88f|0xea90|0xebe0|0xec88|0xec89|0xed22|0xed71|0xed72|0xed73|0xed74|0xee18|0xeee8|0xeee9|0xeeea|0xeeeb|0xeeec|0xeeed|0xeeee|0xeeef|0xef50|0xef51|0xf068|0xf069|0xf06a|0xf06b|0xf06c|0xf06d|0xf06e|0xf06f|0xf070|0xf0c0|0xf0c8|0xf208|0xf2d0|0xf3c0|0xf3c1|0xf3c2|0xf448|0xf449|0xf44a|0xf44b|0xf44c|0xf460|0xf608|0xf60b|0xf680|0xf850|0xf857|0xf9d0|0xf9d1|0xf9d2|0xf9d3|0xf9d4|0xf9d5|0xfa00|0xfa01|0xfa02|0xfa03|0xfa04|0xfa05|0xfa06|0xfa10|0xfa33|0xfa88|0xfad0|0xfaf0|0xfb58|0xfb59|0xfb5a|0xfb5b|0xfb5c|0xfb5d|0xfb5e|0xfb5f|0xfb80|0xfb99|0xfbfa|0xfc08|0xfc09|0xfc0a|0xfc0b|0xfc0c|0xfc0d|0xfc0e|0xfc0f|0xfc60|0xfc70|0xfc71|0xfc72|0xfc73|0xfc82|0xfd60|0xfe38|0xff00|0xff18|0xff1c|0xff1d|0xff20|0xff38|0xff39|0xff3a|0xff3b|0xff3c|0xff3d|0xff3e|0xff3f|0xffa8)"; action "kldload -n uftdi"; }; @@ -296,6 +296,14 @@ nomatch 32 { nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; + match "vendor" "0x044e"; + match "product" "(0x3001|0x3002)"; + action "kldload -n ng_ubt"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; match "vendor" "0x0456"; match "product" "(0xf000|0xf001)"; action "kldload -n uftdi"; @@ -385,7 +393,7 @@ nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; match "vendor" "0x0489"; - match "product" "(0xe027|0xe02c|0xe036|0xe03c|0xe03d|0xe04e|0xe056|0xe057)"; + match "product" "(0xe027|0xe02c|0xe036|0xe03c|0xe03d|0xe042|0xe04e|0xe056|0xe057)"; action "kldload -n ng_ubt"; }; @@ -520,6 +528,14 @@ nomatch 32 { nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; + match "vendor" "0x04bf"; + match "product" "0x030a"; + action "kldload -n ng_ubt"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; match "vendor" "0x04c5"; match "product" "(0x1058|0x1079)"; action "kldload -n uipaq"; @@ -529,7 +545,7 @@ nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; match "vendor" "0x04ca"; - match "product" "(0x3005|0x3006|0x3008)"; + match "product" "(0x2003|0x3005|0x3006|0x3008)"; action "kldload -n ng_ubt"; }; @@ -1080,6 +1096,14 @@ nomatch 32 { nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; + match "vendor" "0x05ac"; + match "product" "(0x8213|0x8215|0x8218|0x821a|0x821b|0x821f|0x8281|0x828f)"; + action "kldload -n ng_ubt"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; match "vendor" "0x05ad"; match "product" "0x0fba"; action "kldload -n uplcom"; @@ -2048,6 +2072,14 @@ nomatch 32 { nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; + match "vendor" "0x0a5c"; + match "product" "0x21e1"; + action "kldload -n ng_ubt"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; match "vendor" "0x0acd"; match "product" "0x0300"; action "kldload -n uftdi"; @@ -2257,6 +2289,14 @@ nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; match "vendor" "0x0b05"; + match "product" "0x17b5"; + action "kldload -n ng_ubt"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0b05"; match "product" "(0x4200|0x4201|0x4202|0x420f|0x9200|0x9202)"; action "kldload -n uipaq"; }; @@ -2448,6 +2488,14 @@ nomatch 32 { nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; + match "vendor" "0x0bdb"; + match "product" "0x1002"; + action "kldload -n ng_ubt"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; match "vendor" "0x0bed"; match "product" "(0x1100|0x1101)"; action "kldload -n uslcom"; @@ -2472,6 +2520,14 @@ nomatch 32 { nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; + match "vendor" "0x0c10"; + match "product" "0x0000"; + action "kldload -n ng_ubt"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; match "vendor" "0x0c26"; match "product" "(0x0004|0x0009|0x000a|0x000b|0x000c|0x000d|0x0010|0x0011|0x0012|0x0013|0x0018)"; action "kldload -n uftdi"; @@ -2888,6 +2944,14 @@ nomatch 32 { nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; + match "vendor" "0x0e8d"; + match "product" "0x763f"; + action "kldload -n ng_ubt"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; match "vendor" "0x0ea0"; match "product" "0x6858"; action "kldload -n uplcom"; @@ -4777,6 +4841,14 @@ nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; match "vendor" "0x413c"; + match "product" "0x8197"; + action "kldload -n ng_ubt"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x413c"; match "product" "0x9500"; action "kldload -n uslcom"; }; @@ -5008,6 +5080,26 @@ nomatch 32 { nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; + match "vendor" "0x0489"; + match "intclass" "0xff"; + match "intsubclass" "0x01"; + match "intprotocol" "0x01"; + action "kldload -n ng_ubt"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x05ac"; + match "intclass" "0xff"; + match "intsubclass" "0x01"; + match "intprotocol" "0x01"; + action "kldload -n ng_ubt"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; match "vendor" "0x05ac"; match "intclass" "0xff"; match "intsubclass" "0xfd"; @@ -5168,5 +5260,5 @@ nomatch 32 { action "kldload -n umass"; }; -# 2515 USB entries processed +# 2537 USB entries processed -- cgit v1.1 From a866db8b145bb3b71d3076bbda88ca69ce0ac4da Mon Sep 17 00:00:00 2001 From: delphij Date: Mon, 2 Sep 2013 23:52:25 +0000 Subject: Create the default router last. This allows using an static interface route for default routes, which seems to be common among many dedicated hosting providers. Reviewed by: hrs MFC after: 2 weeks --- etc/rc.d/routing | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'etc') diff --git a/etc/rc.d/routing b/etc/rc.d/routing index 74e5472..284aa7d 100755 --- a/etc/rc.d/routing +++ b/etc/rc.d/routing @@ -143,7 +143,7 @@ static_inet() [Nn][Oo] | '') ;; *) - static_routes="_default ${static_routes}" + static_routes="${static_routes} _default" route__default="default ${defaultrouter}" ;; esac @@ -205,7 +205,7 @@ static_inet6() [Nn][Oo] | '') ;; *) - ipv6_static_routes="_default ${ipv6_static_routes}" + ipv6_static_routes="${ipv6_static_routes} _default" ipv6_route__default="default ${ipv6_defaultrouter}" ;; esac -- cgit v1.1 From 652fad2cc8551cdf68fbb773be68048c584756c5 Mon Sep 17 00:00:00 2001 From: jlh Date: Tue, 3 Sep 2013 07:47:53 +0000 Subject: Since r254974, periodic scripts' period can be configured independently. There is no reason to leave their options with the daily ones, so move them to their own section. Move periodic scripts' options into their own section. Since r254974, --- etc/defaults/periodic.conf | 136 +++++++++++++++++++++++---------------------- 1 file changed, 70 insertions(+), 66 deletions(-) (limited to 'etc') diff --git a/etc/defaults/periodic.conf b/etc/defaults/periodic.conf index 5dd7fa9..9fb6859 100644 --- a/etc/defaults/periodic.conf +++ b/etc/defaults/periodic.conf @@ -162,6 +162,71 @@ daily_scrub_zfs_default_threshold="35" # days between scrubs daily_local="/etc/daily.local" # Local scripts +# Weekly options + +# These options are used by periodic(8) itself to determine what to do +# with the output of the sub-programs that are run, and where to send +# that output. $weekly_output might be set to /var/log/weekly.log if you +# wish to log the weekly output and have the files rotated by newsyslog(8) +# +weekly_output="root" # user or /file +weekly_show_success="YES" # scripts returning 0 +weekly_show_info="YES" # scripts returning 1 +weekly_show_badconfig="NO" # scripts returning 2 + +# 310.locate +weekly_locate_enable="YES" # Update locate weekly + +# 320.whatis +weekly_whatis_enable="YES" # Update whatis weekly + +# 330.catman +weekly_catman_enable="NO" # Preformat man pages + +# 340.noid +weekly_noid_enable="NO" # Find unowned files +weekly_noid_dirs="/" # Look here + +# 400.status-pkg +weekly_status_pkg_enable="NO" # Find out-of-date pkgs +pkg_version=pkg_version # Use this program +pkg_version_index=/usr/ports/INDEX-10 # Use this index file + +# 450.status-security +weekly_status_security_enable="YES" # Security check +# See also "Security options" above for more options +weekly_status_security_inline="NO" # Run inline ? +weekly_status_security_output="root" # user or /file + +# 999.local +weekly_local="/etc/weekly.local" # Local scripts + + +# Monthly options + +# These options are used by periodic(8) itself to determine what to do +# with the output of the sub-programs that are run, and where to send +# that output. $monthly_output might be set to /var/log/monthly.log if you +# wish to log the monthly output and have the files rotated by newsyslog(8) +# +monthly_output="root" # user or /file +monthly_show_success="YES" # scripts returning 0 +monthly_show_info="YES" # scripts returning 1 +monthly_show_badconfig="NO" # scripts returning 2 + +# 200.accounting +monthly_accounting_enable="YES" # Login accounting + +# 450.status-security +monthly_status_security_enable="YES" # Security check +# See also "Security options" above for more options +monthly_status_security_inline="NO" # Run inline ? +monthly_status_security_output="root" # user or /file + +# 999.local +monthly_local="/etc/monthly.local" # Local scripts + + # Security options # These options are used by the security periodic(8) scripts spawned in @@ -169,11 +234,14 @@ daily_local="/etc/daily.local" # Local scripts security_status_logdir="/var/log" # Directory for logs security_status_diff_flags="-b -u" # flags for diff output -# Each of the security_status_*_enable options below can have one of the +# Each of the security_status_*_period options below can have one of the # following values: -# - NO +# - NO: do not run at all # - daily: only run during the daily security status # - weekly: only run during the weekly security status +# - monthly: only run during the monthly security status +# Note that if periodic security scripts are run from crontab(5) directly, +# they will be run unless _enable or _period is set to "NO". # 100.chksetuid security_status_chksetuid_enable="YES" @@ -239,70 +307,6 @@ security_status_tcpwrap_enable="YES" security_status_tcpwrap_period="daily" -# Weekly options - -# These options are used by periodic(8) itself to determine what to do -# with the output of the sub-programs that are run, and where to send -# that output. $weekly_output might be set to /var/log/weekly.log if you -# wish to log the weekly output and have the files rotated by newsyslog(8) -# -weekly_output="root" # user or /file -weekly_show_success="YES" # scripts returning 0 -weekly_show_info="YES" # scripts returning 1 -weekly_show_badconfig="NO" # scripts returning 2 - -# 310.locate -weekly_locate_enable="YES" # Update locate weekly - -# 320.whatis -weekly_whatis_enable="YES" # Update whatis weekly - -# 330.catman -weekly_catman_enable="NO" # Preformat man pages - -# 340.noid -weekly_noid_enable="NO" # Find unowned files -weekly_noid_dirs="/" # Look here - -# 400.status-pkg -weekly_status_pkg_enable="NO" # Find out-of-date pkgs -pkg_version=pkg_version # Use this program -pkg_version_index=/usr/ports/INDEX-10 # Use this index file - -# 450.status-security -weekly_status_security_enable="YES" # Security check -# See also "Security options" above for more options -weekly_status_security_inline="NO" # Run inline ? -weekly_status_security_output="root" # user or /file - -# 999.local -weekly_local="/etc/weekly.local" # Local scripts - - -# Monthly options - -# These options are used by periodic(8) itself to determine what to do -# with the output of the sub-programs that are run, and where to send -# that output. $monthly_output might be set to /var/log/monthly.log if you -# wish to log the monthly output and have the files rotated by newsyslog(8) -# -monthly_output="root" # user or /file -monthly_show_success="YES" # scripts returning 0 -monthly_show_info="YES" # scripts returning 1 -monthly_show_badconfig="NO" # scripts returning 2 - -# 200.accounting -monthly_accounting_enable="YES" # Login accounting - -# 450.status-security -monthly_status_security_enable="YES" # Security check -# See also "Security options" above for more options -monthly_status_security_inline="NO" # Run inline ? -monthly_status_security_output="root" # user or /file - -# 999.local -monthly_local="/etc/monthly.local" # Local scripts - # Define source_periodic_confs, the mechanism used by /etc/periodic/*/* # scripts to source defaults/periodic.conf overrides safely. -- cgit v1.1 From 8b9f5e4153f464a09e85934bf33883277727a66c Mon Sep 17 00:00:00 2001 From: theraven Date: Wed, 4 Sep 2013 15:02:14 +0000 Subject: Add a c++/v1/tr1 include directory containing symlinks to all of the standard headrs. Lots of third-party code expects to find C++03 headers under tr1 because that's where GNU decided to hide them. This should fix ports that expect them there. MFC after: 1 week --- etc/mtree/BSD.include.dist | 2 ++ 1 file changed, 2 insertions(+) (limited to 'etc') diff --git a/etc/mtree/BSD.include.dist b/etc/mtree/BSD.include.dist index e295348..dbfbfc9 100644 --- a/etc/mtree/BSD.include.dist +++ b/etc/mtree/BSD.include.dist @@ -83,6 +83,8 @@ v1 ext .. + tr1 + .. .. .. cam -- cgit v1.1 From 795da63f42e0a9f2beb0ea81351fc839f169fa6e Mon Sep 17 00:00:00 2001 From: des Date: Thu, 5 Sep 2013 12:35:23 +0000 Subject: authpf needs /var/authpf to exist and be writable by group authpf. --- etc/mtree/BSD.var.dist | 2 ++ 1 file changed, 2 insertions(+) (limited to 'etc') diff --git a/etc/mtree/BSD.var.dist b/etc/mtree/BSD.var.dist index 6a9a7f4..196ee42 100644 --- a/etc/mtree/BSD.var.dist +++ b/etc/mtree/BSD.var.dist @@ -23,6 +23,8 @@ remote uname=auditdistd gname=wheel mode=0700 .. .. + authpf uname=root gname=authpf mode=0770 + .. /set gname=wheel backups .. -- cgit v1.1