environment variables to override the sector number, and the
bytes-offset in the sector, where disklabel(8) writes a disklabel.
If disklabel(8) was compiled as a host tool, then the defaults
still come from the port's LABELOFFSET and LABELSECTOR #defines.
Otherwise, the defaults still come from the sysctls, kern.labelsector
and kern.labeloffset.
This change helps me create a bootable CompactFlash image with both
a Master Boot Record (MBR) and a BSD disklabel for the RouterBOARD
153. The RB 153 is an evbmips board with a CompactFlash slot. It
searches the MBR on a CompactFlash card for a partition containing
an ELF kernel. When disklabel(8) is built for evbmips, it will
ordinarily overwrite an MBR with the BSD disklabel.
to modify the whole VLAN tags, but it is permitted to change 12-bit
VLAN identificators only. Reflect this fact on the appropriate man
pages.
Antti Kantee and Mihai Chelaru from #netbsd-code were helpful in
better understanding of VLAN stuff. Thank you!
FORTIFY_SOURCE feature of libssp, thus checking the size of arguments to
various string and memory copy and set functions (as well as a few system
calls and other miscellany) where known at function entry. RedHat has
evidently built all "core system packages" with this option for some time.
This option should be used at the top of Makefiles (or Makefile.inc where
this is used for subdirectories) but after any setting of LIB.
This is only useful for userland code, and cannot be used in libc or in
any code which includes the libc internals, because it overrides certain
libc functions with macros. Some effort has been made to make USE_FORT=yes
work correctly for a full-system build by having the bsd.sys.mk logic
disable the feature where it should not be used (libc, libssp iteself,
the kernel) but no attempt has been made to build the entire system with
USE_FORT and doing so will doubtless expose numerous bugs and misfeatures.
Adjust the system build so that all programs and libraries that are setuid,
directly handle network data (including serial comm data), perform
authentication, or appear likely to have (or have a history of having)
data-driven bugs (e.g. file(1)) are built with USE_FORT=yes by default,
with the exception of libc, which cannot use USE_FORT and thus uses
only USE_SSP by default. Tested on i386 with no ill results; USE_FORT=no
per-directory or in a system build will disable if desired.
Bug fixes:
- Fix crash reported by Scott Ellis on current-users@.
- Fix race conditions in enforcing the Veriexec rename and remove
policies. These are NOT security issues.
- Fix memory leak in rename handling when overwriting a monitored
file.
- Fix table deletion logic.
- Don't prevent query requests if not in learning mode.
KPI updates:
- fileassoc_table_run() now takes a cookie to pass to the callback.
- veriexec_table_add() was removed, it is now done internally. As a
result, there's no longer a need for VERIEXEC_TABLESIZE.
- veriexec_report() was removed, it is now internal.
- Perform sanity checks on the entry type, and enforce default type
in veriexec_file_add() rather than in veriexecctl.
- Add veriexec_flush(), used to delete all Veriexec tables, and
veriexec_dump(), used to fill an array with all Veriexec entries.
New features:
- Add a '-k' flag to veriexecctl, to keep the filenames in the kernel
database. This allows Veriexec to produce slightly more accurate
logs under certain circumstances. In the future, this can be either
replaced by vnode->pathname translation, or combined with it.
- Add a VERIEXEC_DUMP ioctl, to dump the entire Veriexec database.
This can be used to recover a database if the file was lost.
Example usage:
# veriexecctl dump > /etc/signatures
Note that only entries with the filename kept (that is, were loaded
with the '-k' flag) will be dumped.
Idea from Brett Lymn.
- Add a VERIEXEC_FLUSH ioctl, to delete all Veriexec entries. Sample
usage:
# veriexecctl flush
- Add a 'veriexec_flags' rc(8) variable, and make its default have
the '-k' flag. On systems using the default signatures file
(generaetd from running 'veriexecgen' with no arguments), this will
use additional 32kb of kernel memory on average.
- Add a '-e' flag to veriexecctl, to evaluate the fingerprint during
load. This is done automatically for files marked as 'untrusted'.
Misc. stuff:
- The code for veriexecctl was massively simplified as a result of
eliminating the need for VERIEXEC_TABLESIZE, and now uses a single
pass of the signatures file, making the loading somewhat faster.
- Lots of minor fixes found using the (still under development)
Veriexec regression testsuite.
- Some of the messages Veriexec prints were improved.
- Various documentation fixes.
All relevant man-pages were updated to reflect the above changes.
Binary compatibility with existing veriexecctl binaries is maintained.
device controllers, and more specifically raid controllers.
Add a new sensor type, ENVSYS_DRIVE, to report drive status. From OpenBSD.
Add bio and sysmon support to mfi(4). This allow userland to query
status for drives and logical volumes attached to a mfi(4) controller. While
there fix some debug printfs in mfi so they compile.
Add bio(4) to amd64 and i386 GENERIC.
- NetBSD's "newfs" doesn't accept a second (non-option) argument.
Patch provided by Jeff Ito in PR bin/36241.
- Use "sd0" instead of "rp0" because NetBSD's doesnt have a disk driver
called "rp".
- Use "/dev/rst0" instead of "/dev/rst8". With NetBSD's device numbering
scheme a system would have to have 9 tape drives to get "/dev/rst8".
print out the values of the bytes that do not match.
Add comment explaining that there is no documented rationale for the
check.
fsck_msdos checks that several bytes are equal in the primary and
backup bootblock. There is no documented rationale. The kernel does
not enforce this when mounting a filesystem. I have a FAT32
filesystem on my disk (mounted as /share) which fails this check, but
is accepted by both Windows XP and NetBSD. My volume differs in bytes
71-81. The primary contains "SHARE " and the backup NUL bytes.
Further, fsck_msdos does not have code to repair the mismatch. As a
result such filesystems can be used not checked.
- pass WARNS=4 and lint
- use size_t/time_t where appropriate
- get/setprogname()
- before executing rc.shutdown, set the real user id to 0, because shutdown
scripts may depend on it (for example su depends on being root).
- use warn instead of perror, and make sure we use the right errno.
Also pass "-ppax" in an attempt to get improved performance,
but this doesn't really work in the typical case, because the
install ramdisk image contains a version of pax(1) that doesn't
support the -M flag. (MAKEDEV detects the failure and falls back
to using mknod(8) as usual.)
always print an error message. If bootable and -v flag was
specified, print a success message. If -v flag was specified
more than once, also try to decode more information from
the PBR.
Input from dsl and bad.
Removes a load of code that is easier done as a script.
Whenever init exits, use a different error number. Since it is difficult
for init to output messages when /dev/console is absent, having the exit
code reported by the kernel panic gives a chance of identifying the fault.
Also exit if MAKEDEV fails to create /dev/console.
archs) and add wedges for them. Similar to the kernel options
DKWEDGE_AUTODISCOVER and DKWEDGE_METHOD_BSDLABEL, and actually reusing
most of that code.
This means, for example, you can plug a sparc64 disk into an i386, run
this tool and mount the partitions (provided your kernel has the FFS_EI
option).
MAKEDEV, MAKEDEV.subr and MAKEDEV.local in the set of files that are
copied if they exist.
Now booting an INSTALL kernel with an embedded ramdisk correctly creates
/dev again, fixing a problem introduced when MAKEDEV.subr was created a
few days ago.
ffs_checkver() and later use it in the switch statement, just
use ffs_checkver.
* Remove unneded <sys/queue.h> header.
* Remove LFS from fstypes, it was never used.
* Increase SBCOUNT to 128, works faster.
* Remove unneded casts.
* (-F mode) close fd when the scan has finished or if pread() failed.
* (-F mode) print total size of file.
Here the bitmaps are written as
CLRI or BITS with c_count <= 512
ADDR* for the remaining blocks
Remove the bitmap handling from getfile(), remove xtrmap() and xtrmapskip().
Add new function getbitmap() modeled after getfile() that does bitmap
allocation, bitmap expansion and sets maxino.
Reviewed by: Manuel Bouyer <bouyer@netbsd.org>
* Replaced atoi() with parse_int().
* Use an enum for ACTION_* instead of #define.
* Use strdup() or asnprintf() instead of strlcpy() to avoid truncation.
* pread() returns ssize_t not int.
* Suppress "unused parameter" warnings.
* verify_disklabel(): Pass the correct size to disklabel_scan().
* verify_ffs():
* Don't indicate success if pread() fails.
* Check the amount of bytes read.
* Don't cast buf to (struct fs *), it's not aligned.
* eliminate_cores(): No need for a temporary variable.
logical operation, rather than compliment, as in praise, the magic
number of the disk.
There are probably other instances of this in the tree. We should fix
them.
also (and ICMP is implied) and that other types are blocked.
Point to pf(4) and pfil man pages.
Based on discussion in January 2006 on tech-kern. (This has been
in my tree for around 11 months.)
This part of my work to change this (and related to use) pfil (instead
of ipf). That is done back then but needs some testing.
sysctl.7. Remove the list of MIBs from sysctl.8 so we don't have to
maintain duplicate information, as proposed by YAMAMOTO Takashi on
tech-userlevel. Also remove references to header files from sysctl.8.
The numeric constants remain documented, they are still needed in some
cases. See the discussion on tech-userlevel. ("mib list in sysctl.8")
OK by YAMAMOTO Takashi.
in entries for Veriexec.
This has been requested for a long time, most recently by Brad Harder.
Thanks a lot to Michael van Elst for the patch, done during the latest
hackathon.
Obviously, this breaks the already unstable Veriexec ABI, but that's
it. Some cool additions are planned to be introduced, and this just
makes it so that NetBSD 4.0 users will be able to easily use them as
well.
This also removes the fingerprint type name limit, so relevant code
was adjusted.
Thoroughly tested (even uncovered a bug in proplib! thanks for fixing
that cube@!). Documentation updated.
The progress bar will now travel from 0 to 20% during pass 1, from 20%
to 95% during pass 2, and from 95% to 100% during passes 3, 4, and 5.
Previously, the progress bar was not displayed at all during pass 1,
slowly traveled from 0 to about 50% during pass 2, and then very rapidly
traveled from 50% to 100% during passes 3, 4, and 5.
Note that fsck_ffs is the only user of fsck/progress.{c,h}.
Also, add ioctls SIOCGIFADDRPREF/SIOCSIFADDRPREF to get/set preference
numbers for addresses. Make ifconfig(8) set/display preference
numbers.
To activate source-address selection policies in your kernel, add
'options IPSELSRC' to your kernel configuration.
Miscellaneous changes in support of source-address selection:
1 Factor out some common code, producing rt_replace_ifa().
2 Abbreviate a for-loop with TAILQ_FOREACH().
3 Add the predicates on IPv4 addresses IN_LINKLOCAL() and
IN_PRIVATE(), that are true for link-local unicast
(169.254/16) and RFC1918 private addresses, respectively.
Add the predicate IN_ANY_LOCAL() that is true for link-local
unicast and multicast.
4 Add IPv4-specific interface attach/detach routines,
in_domifattach and in_domifdetach, which build #ifdef
IPSELSRC.
See in_getifa(9) for a more thorough description of source-address
selection policy.
1. don't print the program name in the message [syslog does it]
2. no extraneous \n [syslog takes care of it]
3. quote strings as `%s' [we are using syslog]
4. use %m instead of error = %d
and -host flags, which is useful for displaying/flushing ARP entries:
# route -n show -inet -llinfo -host
Routing table
Internet:
Destination Gateway Flags
169.254.1.119 link#1 UH
169.254.230.110 00:02:6f:21:e6:6e UH
# route -n flush -inet -llinfo -host
169.254.1.119 done
169.254.230.110 0.2.6f.21.e6.6e done
169.254.237.70 done
# route -n show -inet -llinfo -host
Routing table
#
This will help me address bin/11079, "dhclient may require arp and sed".
Extract common code from flushroutes() and show(), creating
parse_show_opts().
While I'm here, make small cosmetic changes to flushroutes().
"execute a command" ioctl that takes a dictionary as an argument
(specifying the command and arguments) and returns a dictionary
with the results (error code, optional error message, optional
result data).
- Define and implement a "get-properties" command for DRVCTLCOMMAND
that returns the properties dictionary of the specified device.
- Add a -p flag to drvctl(8) to fetch and display the properties of
the specified device.
This is a great example of how to use prop_dictionary_sendrecv_ioctl().
First one was incorrectly loading entries -- we were treating each file as
a mount, which resulted in huge mess. I have no excuse for how I didn't
catch this earlier.
Second, use the table name we create for the Veriexec sysctl node and not
the fixed "table0".
Both are fileassoc(9) integration fallout.
Both available for IPv4 and IPv6.
Basic implementation test results are available at
http://netbsd-soc.sourceforge.net/projects/ecn/testresults.html.
Work sponsored by the Google Summer of Code project 2006.
Special thanks to Kentaro Kurahone, Allen Briggs and Matt Thomas for their
help, comments and support during the project.
Fix MOBILE encapsulation. Add many debugging printfs (mainly
concerning UDP mode). Clean up the gre(4) code a bit. Add the
capability to setup UDP tunnels to ifconfig. Update documentation.
In UDP mode, gre(4) puts a GRE header onto transmitted packets,
and hands them to a UDP socket for transmission. That is, the
encapsulation looks like this: IP+UDP+GRE+encapsulated packet.
There are two ways to set up a UDP tunnel. One way is to tell the
source and destination IP+port to gre(4), and let gre(4) create
the socket. The other way to create a UDP tunnel is for userland
to "delegate" a UDP socket to the kernel.
auto flag, which queries all local harddisks for swap partitions/
wedges and adds/removes them as swap device, a -f option to use the
first found swap device as dump device, and a -o option to only
auto-configure the dump device, but leave swap alone.
Add a -n option to make swapctl only say what it would do, but not
change any system state.
struct disklabel.
Functionality lost:
1. struct disklabel used to be updated to contain bsize, fsize, cpg.
This information was used to locate the alternative superblock in
the filesystem if the primary superblock was corrupted. We need
to find a new place to store this information if we need this
functionality.
2. On vax SMD drives that contained bad sector lists, the newfs program
knew how to get the offset and skip to the correct location in order
to place the label.
so that we don't run multiple fsck's on the same spindle at the same time!
- Add some partition getting utilities that are wedge aware (soon to be able
to use the native geometry ioctl), so that we can fsck wedges.
is NOT disarmed when wdogctl closes the watchdog device. The -x
mode protects against the case where the kernel kills wdogctl,
sshd, and other essential userland programs (due to memory exhaustion,
for example), lobotomizing a mission-critical NetBSD system and
necessitating an operator visit to reboot it.
commands to the controller.
Add a amrctl(8) control tool, which for now only allows to get status
from the adapter (status of adapter, logical volumes and and individual
drives).
From FreeBSD, with some adjustements by Andrew Doran and me.
* Add lfs_balloc capability to the lfs library.
* Extend the Ifile if we run out of free inodes when creating lost+found.
* Don't roll forward if we have allocated a lost+found, to avoid
conflicts when adding new files in roll-forward.
* Make some messages slightly more verbose (e.g. include inode number,
and use pwarn() instead of printf() so the messages include the device
name when preening).
* Change superblock detection/avoidance to use the offset table in the
primary superblock, rather than looking at the contents.
* Be more verbose about various operations when passed the -d flag,
especially roll-forward.
* Be more careful about dirops during roll forward, since the cleaner can
sometimes write blocks from dirop vnodes. Detect and avoid this problem.
* Always check the free list, even if given -i; if we're going to write
it we have to check it first.
* Mark inodes dirty when blocks are found during roll forward, so the
inodes are written with the new block locations.
* Update size of inodes if blocks beyond EOF are found during roll
forward.
* Fix segment accounting for blocks and inodes found during roll
forward.
* Report statistics on roll forward: how many new/deleted/moved files
and how many updated blocks (or "nothing new").
* Don't care if the device being checked is really a device, if we have
been passed the -f flag (to facilitate automated testing).
* When writing to the disk, use the current time in the segment headers
rathern than time 0.
* When passed the -i flag, locate the partial segment containing the
Ifile inode and use that to calculate lfs_offset, lfs_curseg,
lfs_nextseg. (Again for automated testing.)
introduce fileassoc(9), a kernel interface for associating meta-data with
files using in-kernel memory. this is very similar to what we had in
veriexec till now, only abstracted so it can be used more easily by more
consumers.
this also prompted the redesign of the interface, making it work on vnodes
and mounts and not directly on devices and inodes. internally, we still
use file-id but that's gonna change soon... the interface will remain
consistent.
as a result, veriexec went under some heavy changes to conform to the new
interface. since we no longer use device numbers to identify file-systems,
the veriexec sysctl stuff changed too: kern.veriexec.count.dev_N is now
kern.veriexec.tableN.* where 'N' is NOT the device number but rather a
way to distinguish several mounts.
also worth noting is the plugging of unmount/delete operations
wrt/fileassoc and veriexec.
tons of input from yamt@, wrstuden@, martin@, and christos@.
if the kernel does not set the interface up after we set an address,
do it explicitly, unless we (previously) set it down on user request.
This will allow the network drivers to be "fixed" while keeping visible
behaviour the same. Part of fixing PR 30694.
- note that ifconfig(8) create subcommand is required before slattach(8)
- network addresses aren't defined by slattach(8) but ifconfig(8)
- Add a BUGS section in slattach(8) to note that currently there is no way to
specify/see an interface name to be attached
- move description about link[0-2] flags from slattach(8) to sl(4)
(rather than adding a new description...)
- move description about SLIP limitations to a new BUGS section in sl(4)
- remove inappropriate MLINKS of slip.8 to slattach.8
- create MLINKS of slip.4 to sl.4 instead
- add some more xrefs
Ok'ed by christos, and closes PR kern/33672 and PR bin/33923.
particular, the caller can now choose whether to wait for the condition
to be met, and if the caller of LFCNWRAPSTOP dies or otherwise closes
the descriptor, the filesystem is started again. Updated the ckckp
regression test to use the new semantics.
dump_lfs(8) now uses the fcntls to implement LFS-style snapshotting through
the -X flag, addressing PR#33457 albeit not using fss(4). Fixed a couple
other problems with dump_lfs that manifested themselves during testing.
NetBSD Foundation Membership still pending.) This stack was written by
Iain under sponsorship from Itronix Inc.
The stack includes support for rfcomm networking (networking via your
bluetooth enabled cell phone), hid devices (keyboards/mice), and headsets.
Drivers for both PCMCIA and USB bluetooth controllers are included.
ifconfig(8) from printing errors like "ifconfig: socket: Address
family not supported by protocol family" when examining the status
of a network interface.