systat pool: show only active pools
I'm always distracted by the huge number of (inactive) pools filling my screen when I do systat pool. So the diff below change the behavior of this view to only show statistics of ``active'' pools by default, the current behavior can be restored by pressing 'A'. Anybody else find this useful? ok? Index: pool.c === RCS file: /home/ncvs/src/usr.bin/systat/pool.c,v retrieving revision 1.7 diff -u -p -r1.7 pool.c --- pool.c 2 Jul 2014 00:12:34 - 1.7 +++ pool.c 12 Aug 2014 09:05:41 - @@ -30,6 +30,7 @@ int read_pool(void); void sort_pool(void); int select_pool(void); void showpool(int k); +int pool_keyboard_callback(int); /* qsort callbacks */ int sort_name_callback(const void *s1, const void *s2); @@ -43,6 +44,7 @@ struct pool_info { }; +int print_all = 0; int num_pools = 0; struct pool_info *pools = NULL; @@ -94,7 +96,7 @@ order_type pool_order_list[] = { /* Define view managers */ struct view_manager pool_mgr = { Pool, select_pool, read_pool, sort_pool, print_header, - print_pool, keyboard_callback, pool_order_list, pool_order_list + print_pool, pool_keyboard_callback, pool_order_list, pool_order_list }; field_view views_pool[] = { @@ -257,14 +259,21 @@ read_pool(void) void print_pool(void) { + struct pool_info *p; int i, n, count = 0; if (pools == NULL) return; for (n = i = 0; i num_pools; i++) { - if (pools[i].name[0] == 0) + p = pools[i]; + if (p-name[0] == 0) continue; + + if (!print_all + (p-pool.pr_nget == 0 p-pool.pr_npagealloc == 0)) + continue; + if (n++ dispstart) continue; showpool(i); @@ -316,4 +325,18 @@ showpool(int k) print_fld_size(FLD_POOL_IDLE, p-pool.pr_nidle); end_line(); +} + +int +pool_keyboard_callback(int ch) +{ + switch (ch) { + case 'A': + print_all ^= 1; + gotsig_alarm = 1; + default: + return keyboard_callback(ch); + }; + + return (1); } Index: systat.1 === RCS file: /home/ncvs/src/usr.bin/systat/systat.1,v retrieving revision 1.97 diff -u -p -r1.97 systat.1 --- systat.11 Nov 2013 10:40:15 - 1.97 +++ systat.112 Aug 2014 09:05:41 - @@ -375,6 +375,10 @@ Available orderings are: .Ic size , and .Ic number of pages . +.Pp +By default only the statistics of active pools are displayed but pressing +.Ic A +changes the view to show all of them. .It Ic queues Display statistics about the active queues, similar to the output of
nickle script in Xenocara
During a conversation with aja@, I've run a check for any #!/usr/bin/env foo users in base, and found this: $ head -1 /usr/X11R6/bin/xkeystone #!/usr/bin/env nickle $ locate */nickle /home/pers/FreeBSD/ports/lang/nickle Is it on purpose, or should it be removed? I found that it cames together with xrandr. I'm not sure how to deal with bsd.xorg.mk callers in such case, so no patch yet, sorry. -- WBR, Vadim Zhukov
Re: nickle script in Xenocara
On Tue, Aug 12, 2014 at 01:39:11PM +0400, Vadim Zhukov wrote: During a conversation with aja@, I've run a check for any #!/usr/bin/env foo users in base, and found this: $ head -1 /usr/X11R6/bin/xkeystone #!/usr/bin/env nickle $ locate */nickle /home/pers/FreeBSD/ports/lang/nickle Is it on purpose, or should it be removed? I found that it cames together with xrandr. I'm not sure how to deal with bsd.xorg.mk callers in such case, so no patch yet, sorry. Since it doesn't do any harm and there's no option in the default xrandr package to disable its installation, I just let it get installed. If someone submits a patch to configure.ac that adds an option to disable it (and may be some autodetection for lazy ppl), I can take care of pushing it upstreams. -- Matthieu Herrb
arp(8) output and expire timer
I find arp(8) output really difficult to read, but more importantly it does not print the expire time of non permanent entries like ndp(8). So the diff below change arp(8)'s output to be more similar to ndp(8)'s one. Before: $ arp -a ? (10.0.5.1) at 00:72:17:ab:94:3e on vlan3 static ? (10.0.5.3) at (incomplete) on vlan3 ? (10.0.5.41) at 00:90:27:bb:cc:dd on vlan3 permanent static ? (10.0.5.42) at 00:90:27:bb:cc:dd on vlan3 static published ? (10.0.5.255) at (incomplete) on vlan3 static ? (10.3.3.9) at 00:72:17:ab:94:3e on vlan3 static ? (10.3.3.255) at (incomplete) on vlan3 static ? (192.168.6.1) at 00:72:17:ab:94:3e on em1 static ? (192.168.6.255) at (incomplete) on em1 static dizzy (192.168.172.111) at 00:2f:c6:55:8b:dd on em0 DHCP-225.inside.wafwaf.net (192.168.172.225) at 00:32:68:ba:4c:dd on em0 static radar.inside.wafwaf.net (192.168.172.249) at 00:2f:fe:f4:0f:00 on em0 dns.inside.wafwaf.net (192.168.172.254) at 00:20:28:a6:96:a0 on em0 ? (192.168.172.255) at (incomplete) on em0 static After: $ arp -a Host Ethernet Address Netif Expire Flags 10.0.5.1 0:72:17:ab:94:3e vlan3 static 10.0.5.3 (incomplete) vlan3 expired 10.0.5.410:90:27:bb:cc:dd vlan3 permanent 10.0.5.420:90:27:bb:cc:dd vlan3 static p 10.0.5.255 (incomplete) vlan3 static 10.3.3.9 0:72:17:ab:94:3e vlan3 static 10.3.3.255 (incomplete) vlan3 static 192.168.6.1 0:72:17:ab:94:3e em1 static 192.168.6.255(incomplete) em1 static dizzy0:2f:c6:55:8b:dd em0 10m54s dhcp.inside.wafwaf.net 0:32:68:ba:4c:dd em0 static radar.inside.wafwaf.net 0:2f:fe:f4:f:0 em0 20s dns.inside.wafwaf.net0:20:28:a6:96:a0 em0 10m54s 192.168.172.255 (incomplete) em0 static Does anybody parse the output of arp(8)? Is it a concern? Ok? Index: arp.8 === RCS file: /home/ncvs/src/usr.sbin/arp/arp.8,v retrieving revision 1.33 diff -u -p -r1.33 arp.8 --- arp.8 9 May 2014 06:37:38 - 1.33 +++ arp.8 12 Aug 2014 13:23:11 - @@ -79,6 +79,31 @@ Display all of the current ARP entries. See also the .Fl d option below. +The following information will be printed: +.Bl -tag -width Ds -offset 3n +.It Host +The network address of the host. +.It Ethernet Address +The Ethernet address of the host. +If the address is not available, +it will be displayed as +.Dq (incomplete) . +.It Netif +The network interface associated with the ARP entry. +.It Expire +The time until expiry of the entry. +If the entry is marked +.Dq permanent +or +.Dq static , +it will never expire. +.It Flags +Flags on the ARP entry, in a single letter. +They are: proxy +.Pq Sq P +and published +.Pq Sq p . +.El .It Fl d Delete an entry for the host called .Ar hostname . Index: arp.c === RCS file: /home/ncvs/src/usr.sbin/arp/arp.c,v retrieving revision 1.57 diff -u -p -r1.57 arp.c --- arp.c 11 Aug 2014 09:47:56 - 1.57 +++ arp.c 12 Aug 2014 13:23:11 - @@ -61,6 +61,7 @@ #include unistd.h #include ifaddrs.h +void dump(void); int delete(const char *, const char *); void search(in_addr_t addr, void (*action)(struct sockaddr_dl *sdl, struct sockaddr_inarp *sin, struct rt_msghdr *rtm)); @@ -68,8 +69,8 @@ void print_entry(struct sockaddr_dl *sdl struct sockaddr_inarp *sin, struct rt_msghdr *rtm); void nuke_entry(struct sockaddr_dl *sdl, struct sockaddr_inarp *sin, struct rt_msghdr *rtm); +static char *ether_str(struct sockaddr_dl *); int wake(const char *ether_addr, const char *iface); -void ether_print(const char *); int file(char *); int get(const char *); int getinetaddr(const char *, struct in_addr *); @@ -77,6 +78,7 @@ void getsocket(void); int rtmsg(int); int set(int, char **); void usage(void); +static char *sec2str(time_t); static pid_t pid; static int replace;/* replace entries when adding */ @@ -160,7 +162,7 @@ main(int argc, char *argv[]) switch (func) { case F_GET: if (aflag argc == 0) - search(0, print_entry); + dump(); else if (!aflag argc == 1) rtn = get(argv[0]); else @@ -360,6 +362,10 @@ overwrite: return (rtmsg(RTM_ADD)); } +#define W_ADDR 36 +#define W_LL 17 +#define W_IF 6 + /* * Display an individual arp entry */ @@ -372,9 +378,15 @@ get(const char *host) sin_m = blank_sin; /* struct copy */
Re: pf: once for match rules?
On Tue, Jul 22, 2014 at 19:03 +0200, Mike Belopuhov wrote: Hi, Before I send a diff for pfctl to disable once on match rules, I've decided to try and see how much work is it to make it actually work. Turns out that I need to extend pf_rule_item by 3 pointers to track the match rule ruleset, anchor rule and the ruleset it belongs to. Here's what this means in practice. Consider a ruleset: block drop all match out log proto tcp to port 22 once anchor foo all { match out log proto tcp to port 22 once anchor bar all { match out log proto tcp to port 22 once pass out quick proto tcp to port 22 once } } Once we send a packet to port 22 the ruleset collapses to just: block drop all Thoughts? Henning thinks it's a bit of an overkill. Any other opinions? diff --git sys/net/pf.c sys/net/pf.c index 9f0e2d6..5679a40 100644 --- sys/net/pf.c +++ sys/net/pf.c @@ -3279,15 +3279,16 @@ pf_test_rule(struct pf_pdesc *pd, struct pf_rule **rm, struct pf_state **sm, PR_NOWAIT)) == NULL) { REASON_SET(reason, PFRES_MEMORY); goto cleanup; } ri-r = r; + ri-ar = a; + ri-rs = ruleset; + ri-ars = aruleset; /* order is irrelevant */ SLIST_INSERT_HEAD(rules, ri, entry); pf_rule_to_actions(r, act); - if (r-rule_flag PFRULE_AFTO) - pd-naf = r-naf; if (pf_get_transaddr(r, pd, sns, nr) == -1) { REASON_SET(reason, PFRES_TRANSLATE); goto cleanup; } if (r-log || act.log PF_LOG_MATCHES) { @@ -3428,10 +3429,12 @@ pf_test_rule(struct pf_pdesc *pd, struct pf_rule **rm, struct pf_state **sm, virtual_type, icmp_dir); } } else { while ((ri = SLIST_FIRST(rules))) { SLIST_REMOVE_HEAD(rules, entry); + if (ri-r-rule_flag PFRULE_ONCE) + pf_purge_rule(ri-rs, ri-r, ri-ars, ri-ar); pool_put(pf_rule_item_pl, ri); } } /* copy back packet headers if needed */ @@ -3454,10 +3457,23 @@ pf_test_rule(struct pf_pdesc *pd, struct pf_rule **rm, struct pf_state **sm, } #endif if (r-rule_flag PFRULE_ONCE) pf_purge_rule(ruleset, r, aruleset, a); + if (*sm) { + SLIST_FOREACH(ri, (*sm)-match_rules, entry) { + if (ri-r-rule_flag PFRULE_ONCE) + /* + * We can be sure that pf_purge_rule won't + * pool_put the rule because when *sm != NULL + * STATE_INC_COUNTERS has increased states_cur. + * pf_rule_item's and rules will be g/c'ed by + * pf_free_state. + */ + pf_purge_rule(ri-rs, ri-r, ri-ars, ri-ar); + } + } #if INET INET6 if (rewrite skw-af != sks-af) return (PF_AFRT); #endif /* INET INET6 */ diff --git sys/net/pfvar.h sys/net/pfvar.h index a0d94f7..49af7b4 100644 --- sys/net/pfvar.h +++ sys/net/pfvar.h @@ -691,10 +691,13 @@ struct pf_threshold { }; struct pf_rule_item { SLIST_ENTRY(pf_rule_item)entry; struct pf_rule *r; + struct pf_rule *ar; + struct pf_ruleset *rs; + struct pf_ruleset *ars; }; SLIST_HEAD(pf_rule_slist, pf_rule_item); enum pf_sn_types { PF_SN_NONE, PF_SN_NAT, PF_SN_RDR, PF_SN_ROUTE, PF_SN_MAX };
endian.h and sys/cdefs.h
According to the recent changes to byteorder(3), including endian.h is sufficient to use the byteorder functions. However, endian.h does not pull in sys/cdefs.h. This causes two problems: 1. Various byteorder functions are hidden behind __BSD_VISIBLE. Programs wishing to use these functions therefore explicitly have to define __BSD_VISIBLE. This is unlike other extensions where the relevant headers do include sys/cdefs.h (which by default defines __BSD_VISIBLE appropriately). 2. sys/_endian.h (which is included by endian.h) uses __statement() which is defined by sys/cdefs.h. As a result, programs that use a byteorder function but include only endian.h won't compile. Perhaps this sums it up best: $ cat test.c #include endian.h main() { swap16(0); } $ cc test.c /tmp//ccRwShqf.o(.text+0x25): In function `main': : undefined reference to `swap16' collect2: ld returned 1 exit status $ cc -D__BSD_VISIBLE test.c test.c: In function 'main': test.c:2: error: expected expression before '{' token $ cc -D__BSD_VISIBLE -D__statement(x) test.c $ A straightforward fix is to include sys/cdefs.h. The diff below does just that, but I'm not sure about the ramifications. Index: endian.h === RCS file: /cvs/src/sys/sys/endian.h,v retrieving revision 1.24 diff -p -u -r1.24 endian.h --- endian.h20 Jul 2014 21:41:54 - 1.24 +++ endian.h12 Aug 2014 18:15:24 - @@ -37,6 +37,7 @@ #ifndef _SYS_ENDIAN_H_ #define _SYS_ENDIAN_H_ +#include sys/cdefs.h #include sys/_endian.h /* Public names */
Re: improve ldomctl(8) man page
Hi Stefan, Stefan Sperling wrote on Fri, Aug 08, 2014 at 08:56:30PM +0200: I can never remember the exact steps of configuring logical domains on sparc64 without referencing the undeadly article at http://undeadly.org/cgi?action=articlesid=20121214153413 It would be nice if this information was in the man page. The diff below fills in missing bits of documentation for ldomctl and its config syntax, That should certainly go in, the manual is clearly incomplete. I cannot judge whether the content of your text is accurate, though. and also adds an EXAMPLES section based on the above article. Apparently, there is quite some work to so, so having an EXAMPLES section in this style makes sense to me, too. There is more work to be done here, e.g. usage() of ldomctl is lacking many subcommands. I realise the EXAMPLES section might not be a very good place for tutorial-style walkthroughs. But I would find it convenient to have a single place to look this up. If the FAQ would be a much better place for the examples I will a diff for that instead. IMHO, the FAQ is ideal for questions that people ask *without* knowing which tool(s) they are going to use. Information pertaining to one specific tool does have a place in the manual, i think. In any style, your mdoc(7) usage is ok; well, some nits inline... Yours, Ingo Index: ldomctl.8 === RCS file: /cvs/src/usr.sbin/ldomctl/ldomctl.8,v retrieving revision 1.6 diff -u -p -r1.6 ldomctl.8 --- ldomctl.8 16 Jul 2013 11:13:33 - 1.6 +++ ldomctl.8 8 Aug 2014 18:48:16 - @@ -28,17 +28,79 @@ The .Nm program is used to manage logical domains on sun4v systems. -It can be used to start and stop guest domains and to display information -about domains running on the system. +It can be used to assign resources to the primary and guest domains, +start and stop guest domains from the primary domain, and to display +information about domains running on the system. .Pp The following commands are available: .Bl -tag -width Ds +.It Cm init-system Ar file +Generates files describing a logical domain configuration. +The generated files are written to the current working directory. +The provided +.Ar file +describes resources assigned to logical domains in a plain text format +with the following syntax: +.Bl -tag -width Ds +.It Ic domain Ar name { ... } That should probably be .It Ic domain Ar name Ic \{ Ar resource ... Ic \} +Declares a scope for resources assigned to the specified domain. +The scope must be opened and closed with curly brackets and contains I'd prefer curly braces. +one or more of the following keywords, each on a separate line. +A scope with +.Ar name +primary configures resources for the primary domain. +If no configuration for the primary domain exists it is assigned +all CPU and memory resources not used by any guest domains. +.It Ic vcpu Ar number +Declares the number of virtual CPUs assigned to a domain. +.It Ic memory Ar number[unit] .It Ic memory Ar number Ns Op Ar unit +Declares the amount of memory assigned to a domain, in bytes. +Optionally, the units 'K', 'M', or 'G', for kilo-, mega-, and gigabytes +can be used. +.It Ic vdisk Ar file +The specified disk image file is used to back a virtual disk of the guest +domain. +A disk image file is created with +.Xr dd 1 . +This keyword can be used multiple times. +.It Ic vnet { ... } Probably .It Ic vnet Op Ic \{ Ar keyword value ... Ic \} or something similar. +Assign a +.Xr vnet 4 +network interface to the guest domain. +This keyword can be used multiple times. +The curly brackets are optional and can contain the following keywords: braces +.Bl -tag -width Ds +.It Ic mac-addr Ar address +Configures the MAC address of the interface. +.It Ic mtu Ar number +Configures the MTU of the interface. +.El +.El +.It Cm download Ar directory +Save a logical domain configuration to non-volatile storage on the +service processor. +The configuration will take effect after the primary domain is rebooted. +The name of the configuration is taken from the name of the +.Ar directory +which must contain files created with the +.Cm init-system +command. +The download is aborted if a configuration with the same name already exists. +.It Cm delete Ar configuration +Delete the specified configuration from non-volatile storage. +.It Cm dump Ar configuration +Dump the specified configuration from non-volatile storage into the current +working directory. +.It Cm list +List configurations stored in non-volatile storage. Indicate the currently New sentence, new line. +running configuration, and the configuration which will be used next (after +rebooting the primary domain) if it differs from the currently running one. .It Cm start Ar domain -Start a domain. +Start a guest domain. .It Cm stop Ar domain -Stop a domain. +Stop a guest
ssh man page additions for unix domain socket forwarding
It might be desired to change some of the usage strings as well. Index: ssh.1 === RCS file: /cvs/src/usr.bin/ssh/ssh.1,v retrieving revision 1.348 diff -u -p -r1.348 ssh.1 --- ssh.1 24 Jul 2014 22:57:10 - 1.348 +++ ssh.1 13 Aug 2014 04:42:30 - @@ -307,7 +307,9 @@ made to port .Ar hostport from the remote machine. -Port forwardings can also be specified in the configuration file. +.Pp +Port forwardings can also be specified in the configuration file +.Pq see Cm LocalForward . IPv6 addresses can be specified by enclosing the address in square brackets. Only the superuser can forward privileged ports. By default, the local port is bound in accordance with the @@ -324,6 +326,11 @@ indicates that the listening port be bou empty address or .Sq * indicates that the port should be available from all interfaces. +.Pp +The local and/or remote forward endpoints may also be +.Xr unix 4 +domain sockets by specifying a pathname (that must contain at least +one slash character) in place of the hostname and port. .It Fl l Ar login_name Specifies the user to log in as on the remote machine. This also may be specified on a per-host basis in the configuration file. @@ -522,7 +529,8 @@ port .Ar hostport from the local machine. .Pp -Port forwardings can also be specified in the configuration file. +Port forwardings can also be specified in the configuration file +.Pq see Cm RemoteForward . Privileged ports can be forwarded only when logging in as root on the remote machine. IPv6 addresses can be specified by enclosing the address in square brackets. @@ -552,6 +560,11 @@ to the client at run time. When used together with .Ic -O forward the allocated port will be printed to the standard output. +.Pp +The local and/or remote forward endpoints may also be +.Xr unix 4 +domain sockets by specifying a pathname (that must contain at least +one slash character) in place of the hostname and port. .It Fl S Ar ctl_path Specifies the location of a control socket for connection sharing, or the string Index: ssh_config.5 === RCS file: /cvs/src/usr.bin/ssh/ssh_config.5,v retrieving revision 1.191 diff -u -p -r1.191 ssh_config.5 --- ssh_config.515 Jul 2014 15:54:14 - 1.191 +++ ssh_config.513 Aug 2014 04:42:30 - @@ -981,6 +988,11 @@ indicates that the listening port be bou empty address or .Sq * indicates that the port should be available from all interfaces. +.Pp +The local and/or remote forward endpoints may also be +.Xr unix 4 +domain sockets by specifying a pathname (that must contain at least +one slash character) in place of the hostname and port. .It Cm LogLevel Gives the verbosity level that is used when logging messages from .Xr ssh 1 . @@ -1204,6 +1216,11 @@ will only succeed if the server's .Cm GatewayPorts option is enabled (see .Xr sshd_config 5 ) . +.Pp +The local and/or remote forward endpoints may also be +.Xr unix 4 +domain sockets by specifying a pathname (that must contain at least +one slash character) in place of the hostname and port. .It Cm RequestTTY Specifies whether to request a pseudo-tty for the session. The argument may be one of: