diff options
| author | Jerry Jelinek <jerry.jelinek@joyent.com> | 2015-06-15 12:24:15 +0000 |
|---|---|---|
| committer | Jerry Jelinek <jerry.jelinek@joyent.com> | 2015-06-15 12:24:15 +0000 |
| commit | b6b487396033090d1de5616ac688feb1734b7204 (patch) | |
| tree | fb426f8cb82f21bb7232ddce083cf5c8387530c5 | |
| parent | d3d503df41a5b109ed16044a59d94b8c658a5c9c (diff) | |
| parent | b884368dd61598a2c84215e7b8620e34fba645a1 (diff) | |
| download | illumos-joyent-b6b487396033090d1de5616ac688feb1734b7204.tar.gz | |
[illumos-gate merge]
commit b884368dd61598a2c84215e7b8620e34fba645a1
4751 ipadm(1M) should make it clear that static v6 addrs on an interface require addrconf addrs
commit 5ce9dfc844a5f2a338bcba6fcfd718a0e60956fe
2056 update boot(1m) for right location of the GRUB menu
commit 68b2bbf26c7040fea4281dcb58b81e7627e46f34
5995 RPC over SMB named pipes should use AF_UNIX sockets
commit 5a48565528ab0659af6d43ebe1659bfff8074e8f
5994 Access Based Enumeration not working after 1527
commit b6f078ed90209a1b0e143e0abd10e14a6a2a7397
5993 SMB server fails setting dates earlier than 1970
commit 46e1baa6cf6d5432f5fd231bb588df8f9570c858
5911 ZFS "hangs" while deleting file
commit 83885279ef0a4e648dec5ed9b6933631923e8a6a
5618 webrev is unable to format (mi in man pages
commit b3cff10cdd26674d8dc66e0b349fd185df709fad
5409 Remove shareiscsi description and example from zfs(1M)
5988 zfs(1M) diff is excessively indented
commit b735fab62707bcb6832e1654b9265bd13e0ae959
1209 fnmatch(3C) should mention FNM_IGNORECASE
Conflicts:
usr/src/man/man1m/zfs.1m
47 files changed, 5168 insertions, 7053 deletions
diff --git a/usr/src/cmd/smbsrv/fksmbd/Makefile b/usr/src/cmd/smbsrv/fksmbd/Makefile index cb72f8239e..615818e44a 100644 --- a/usr/src/cmd/smbsrv/fksmbd/Makefile +++ b/usr/src/cmd/smbsrv/fksmbd/Makefile @@ -31,7 +31,7 @@ OBJS_SMBD= \ smbd_logon.o \ smbd_main.o \ smbd_nicmon.o \ - smbd_opipe_doorsvc.o \ + smbd_pipesvc.o \ smbd_share_doorsvc.o \ smbd_spool.o \ smbd_vss.o \ @@ -41,7 +41,6 @@ OBJS_LOCAL = \ fksmbd_door.o \ fksmbd_kmod.o \ fksmbd_ksock.o \ - fksmbd_opipe.o \ fksmbd_log.o \ fksmbd_shr.o diff --git a/usr/src/cmd/smbsrv/fksmbd/Watch-pipesvc.d b/usr/src/cmd/smbsrv/fksmbd/Watch-pipesvc.d new file mode 100644 index 0000000000..f11156001d --- /dev/null +++ b/usr/src/cmd/smbsrv/fksmbd/Watch-pipesvc.d @@ -0,0 +1,62 @@ +#!/usr/sbin/dtrace -s +/* + * This file and its contents are supplied under the terms of the + * Common Development and Distribution License ("CDDL"), version 1.0. + * You may only use this file in accordance with the terms of version + * 1.0 of the CDDL. + * + * A full copy of the text of the CDDL should have accompanied this + * source. A copy of the CDDL is also available via the Internet at + * http://www.illumos.org/license/CDDL. + */ + +/* + * Copyright 2013 Nexenta Systems, Inc. All rights reserved. + */ + +/* + * User-level dtrace for smbd + * Usage: dtrace -s ThisScript.d -p PID + */ + +#pragma D option flowindent + +pid$target:fksmbd:pipesvc_worker:entry +{ + self->trace++; +} +pid$target:fksmbd:pipesvc_worker:return +{ + self->trace--; +} + +pid$target:fksmbd::entry, +pid$target:libfksmbsrv.so.1::entry, +pid$target:libmlsvc.so.1::entry, +pid$target:libmlrpc.so.1::entry, +pid$target:libsmbns.so.1::entry, +pid$target:libsmb.so.1::entry +/self->trace/ +{ + printf("\t0x%x", arg0); + printf("\t0x%x", arg1); + printf("\t0x%x", arg2); + printf("\t0x%x", arg3); +} + +pid$target:fksmbd::return, +pid$target:libfksmbsrv.so.1::return, +pid$target:libmlsvc.so.1::return, +pid$target:libmlrpc.so.1::return, +pid$target:libsmbns.so.1::return, +pid$target:libsmb.so.1::return +/self->trace/ +{ + printf("\t0x%x", arg1); +} + +pid$target:libmlrpc.so.1:ndo_trace:entry +/self->trace/ +{ + printf("ndo_trace: %s", copyinstr(arg0)); +} diff --git a/usr/src/cmd/smbsrv/fksmbd/fksmbd_kmod.c b/usr/src/cmd/smbsrv/fksmbd/fksmbd_kmod.c index 067639453b..65fc7cecbb 100644 --- a/usr/src/cmd/smbsrv/fksmbd/fksmbd_kmod.c +++ b/usr/src/cmd/smbsrv/fksmbd/fksmbd_kmod.c @@ -134,7 +134,7 @@ smb_kmod_start(int opipe, int lmshr, int udoor) /* These are the "door" dispatch callbacks */ ioc.lmshr_func = NULL; /* not used */ - ioc.opipe_func = (void *)fksmbd_opipe_dispatch; + ioc.opipe_func = NULL; /* not used */ ioc.udoor_func = (void *)fksmbd_door_dispatch; rc = smb_kmod_ioctl(SMB_IOC_START, &ioc.hdr, sizeof (ioc)); diff --git a/usr/src/cmd/smbsrv/fksmbd/fksmbd_opipe.c b/usr/src/cmd/smbsrv/fksmbd/fksmbd_opipe.c deleted file mode 100644 index 7fd8df64d3..0000000000 --- a/usr/src/cmd/smbsrv/fksmbd/fksmbd_opipe.c +++ /dev/null @@ -1,156 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License (the "License"). - * You may not use this file except in compliance with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ -/* - * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved. - */ - -#include <sys/list.h> -#include <assert.h> -#include <alloca.h> -#include <door.h> -#include <errno.h> -#include <syslog.h> -#include <unistd.h> -#include <stdio.h> -#include <synch.h> -#include <string.h> -#include <stdlib.h> -#include <sys/stat.h> -#include <fcntl.h> -#include <pthread.h> -#include <strings.h> -#include <umem.h> - -#include <smbsrv/smb_door.h> -#include <smbsrv/smb_xdr.h> -#include <smbsrv/smb_token.h> -#include <smbsrv/libmlsvc.h> -#include <smbsrv/libsmbns.h> -#include "smbd.h" - -static int smbd_opipe_exec(uint32_t fid); - - -/* - * Process smbd opipe requests. - * - * This is a special version of smb_opipe_dispatch() - * for the "fake" smbsrv (running in user space). - * This is called via function pointer from - * smbsrv: smb_opipe_door_call() - * - * Very similar to smbd_opipe_dispatch() - */ -int -fksmbd_opipe_dispatch(door_arg_t *da) -{ - uint8_t *buf = (uint8_t *)da->data_ptr; - smb_doorhdr_t hdr; - size_t hdr_size; - uint8_t *data; - uint32_t datalen; - - if (!smbd_online()) - return (-1); - - bzero(&hdr, sizeof (smb_doorhdr_t)); - hdr_size = xdr_sizeof(smb_doorhdr_xdr, &hdr); - - if (da->data_ptr == NULL || da->data_size < hdr_size) - return (-1); - - if (smb_doorhdr_decode(&hdr, buf, hdr_size) == -1) - return (-1); - - if ((hdr.dh_magic != SMB_OPIPE_HDR_MAGIC) || (hdr.dh_fid == 0)) - return (-1); - - if (hdr.dh_datalen > SMB_OPIPE_DOOR_BUFSIZE) - hdr.dh_datalen = SMB_OPIPE_DOOR_BUFSIZE; - - data = buf + hdr_size; - datalen = hdr.dh_datalen; - - switch (hdr.dh_op) { - case SMB_OPIPE_OPEN: - hdr.dh_door_rc = ndr_pipe_open(hdr.dh_fid, data, datalen); - hdr.dh_datalen = 0; - hdr.dh_resid = 0; - datalen = hdr_size; - break; - - case SMB_OPIPE_CLOSE: - hdr.dh_door_rc = ndr_pipe_close(hdr.dh_fid); - hdr.dh_datalen = 0; - hdr.dh_resid = 0; - datalen = hdr_size; - break; - - case SMB_OPIPE_READ: - data = (uint8_t *)buf + hdr_size; - datalen = hdr.dh_datalen; - hdr.dh_door_rc = ndr_pipe_read(hdr.dh_fid, data, &datalen, - &hdr.dh_resid); - hdr.dh_datalen = datalen; - datalen += hdr_size; - break; - - case SMB_OPIPE_WRITE: - hdr.dh_door_rc = ndr_pipe_write(hdr.dh_fid, data, datalen); - hdr.dh_datalen = 0; - hdr.dh_resid = 0; - datalen = hdr_size; - break; - - case SMB_OPIPE_EXEC: - hdr.dh_door_rc = smbd_opipe_exec(hdr.dh_fid); - hdr.dh_datalen = 0; - hdr.dh_resid = 0; - datalen = hdr_size; - break; - - default: - return (-1); - } - - (void) smb_doorhdr_encode(&hdr, (uint8_t *)buf, hdr_size); - return (0); -} - -/* - * Normal (from a real kernel) up calls get a thread here. - * In the "fake" kernel (all user space) we don't need that. - * NB: arg will be freed by ndr_pipe_transact() - */ -static int -smbd_opipe_exec(uint32_t fid) -{ - uint32_t *arg; - - if ((arg = malloc(sizeof (uint32_t))) == NULL) - return (ENOMEM); - - *arg = fid; - - (void) ndr_pipe_transact(arg); - - return (0); -} diff --git a/usr/src/cmd/smbsrv/smbd/Makefile b/usr/src/cmd/smbsrv/smbd/Makefile index 2927c33ca1..8fd9ccb74a 100644 --- a/usr/src/cmd/smbsrv/smbd/Makefile +++ b/usr/src/cmd/smbsrv/smbd/Makefile @@ -31,7 +31,7 @@ OBJS= \ smbd_logon.o \ smbd_main.o \ smbd_nicmon.o \ - smbd_opipe_doorsvc.o \ + smbd_pipesvc.o \ smbd_share_doorsvc.o \ smbd_spool.o \ smbd_syslog.o \ diff --git a/usr/src/cmd/smbsrv/smbd/smbd.h b/usr/src/cmd/smbsrv/smbd/smbd.h index 750a662e9e..3ec5877fac 100644 --- a/usr/src/cmd/smbsrv/smbd/smbd.h +++ b/usr/src/cmd/smbsrv/smbd/smbd.h @@ -40,8 +40,8 @@ extern "C" { #include <smbsrv/libmlsvc.h> void smbd_report(const char *fmt, ...); -int smbd_opipe_start(void); -void smbd_opipe_stop(void); +int smbd_pipesvc_start(void); +void smbd_pipesvc_stop(void); int smbd_share_start(void); void smbd_share_stop(void); int smbd_nicmon_start(const char *); @@ -143,7 +143,6 @@ void *smbd_door_dispatch_op(void *); /* For fksmbd */ void fksmbd_init(void); int fksmbd_door_dispatch(smb_doorarg_t *); -int fksmbd_opipe_dispatch(door_arg_t *); #ifdef __cplusplus } diff --git a/usr/src/cmd/smbsrv/smbd/smbd_main.c b/usr/src/cmd/smbsrv/smbd/smbd_main.c index a0a8793aba..59b11eb702 100644 --- a/usr/src/cmd/smbsrv/smbd/smbd_main.c +++ b/usr/src/cmd/smbsrv/smbd/smbd_main.c @@ -431,7 +431,8 @@ smbd_service_init(void) { SMB_CVOL, 0755 }, { SMB_SYSROOT, 0755 }, { SMB_SYSTEM32, 0755 }, - { SMB_VSS, 0755 } + { SMB_VSS, 0755 }, + { SMB_PIPE_DIR, 0755 }, }; int rc, i; @@ -497,14 +498,13 @@ smbd_service_init(void) smbd_report("DC monitor initialization failed %s", strerror(errno)); - if (mlsvc_init() != 0) { - smbd_report("msrpc initialization failed"); + if (smbd_pipesvc_start() != 0) { + smbd_report("pipesvc initialization failed"); return (-1); } smbd.s_door_srv = smbd_door_start(); - smbd.s_door_opipe = smbd_opipe_start(); - if (smbd.s_door_srv < 0 || smbd.s_door_opipe < 0) { + if (smbd.s_door_srv < 0) { smbd_report("door initialization failed %s", strerror(errno)); return (-1); } @@ -553,7 +553,7 @@ smbd_service_fini(void) smb_kmod_stop(); smb_logon_abort(); smb_lgrp_stop(); - smbd_opipe_stop(); + smbd_pipesvc_stop(); smbd_door_stop(); smbd_spool_stop(); smbd_kernel_unbind(); diff --git a/usr/src/cmd/smbsrv/smbd/smbd_opipe_doorsvc.c b/usr/src/cmd/smbsrv/smbd/smbd_opipe_doorsvc.c deleted file mode 100644 index c092e1b395..0000000000 --- a/usr/src/cmd/smbsrv/smbd/smbd_opipe_doorsvc.c +++ /dev/null @@ -1,210 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License (the "License"). - * You may not use this file except in compliance with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ -/* - * Copyright 2010 Sun Microsystems, Inc. All rights reserved. - * Use is subject to license terms. - */ - -#include <stdio.h> -#include <strings.h> -#include <stdlib.h> -#include <unistd.h> -#include <fcntl.h> -#include <sys/types.h> -#include <sys/stat.h> -#include <door.h> -#include <errno.h> -#include <pthread.h> - -#include <smbsrv/libsmb.h> -#include <smbsrv/libmlrpc.h> -#include "smbd.h" - -static int smbd_opipe_fd = -1; -static int smbd_opipe_cookie = 0x50495045; /* PIPE */ -static pthread_mutex_t smbd_opipe_mutex = PTHREAD_MUTEX_INITIALIZER; -static smbd_door_t smbd_opipe_sdh; - -static void smbd_opipe_dispatch(void *, char *, size_t, door_desc_t *, uint_t); -static int smbd_opipe_exec_async(uint32_t); - -/* - * Create the smbd opipe door service. - * Returns the door descriptor on success. Otherwise returns -1. - */ -int -smbd_opipe_start(void) -{ - (void) pthread_mutex_lock(&smbd_opipe_mutex); - - if (smbd_opipe_fd != -1) { - (void) pthread_mutex_unlock(&smbd_opipe_mutex); - errno = EEXIST; - return (-1); - } - - smbd_door_init(&smbd_opipe_sdh, "opipe"); - - errno = 0; - if ((smbd_opipe_fd = door_create(smbd_opipe_dispatch, - &smbd_opipe_cookie, (DOOR_UNREF | DOOR_REFUSE_DESC))) < 0) { - smbd_opipe_fd = -1; - } - - (void) pthread_mutex_unlock(&smbd_opipe_mutex); - return (smbd_opipe_fd); -} - -/* - * Stop the smbd opipe door service. - */ -void -smbd_opipe_stop(void) -{ - (void) pthread_mutex_lock(&smbd_opipe_mutex); - - smbd_door_fini(&smbd_opipe_sdh); - - if (smbd_opipe_fd != -1) { - (void) door_revoke(smbd_opipe_fd); - smbd_opipe_fd = -1; - } - - (void) pthread_mutex_unlock(&smbd_opipe_mutex); -} - -/* - * Process smbd opipe requests. - */ -/*ARGSUSED*/ -static void -smbd_opipe_dispatch(void *cookie, char *argp, size_t arg_size, - door_desc_t *dd, uint_t n_desc) -{ - char buf[SMB_OPIPE_DOOR_BUFSIZE]; - smb_doorhdr_t hdr; - size_t hdr_size; - uint8_t *data; - uint32_t datalen; - - smbd_door_enter(&smbd_opipe_sdh); - - if (!smbd_online()) - smbd_door_return(&smbd_opipe_sdh, NULL, 0, NULL, 0); - - bzero(&hdr, sizeof (smb_doorhdr_t)); - hdr_size = xdr_sizeof(smb_doorhdr_xdr, &hdr); - - if ((cookie != &smbd_opipe_cookie) || (argp == NULL) || - (arg_size < hdr_size)) { - smbd_door_return(&smbd_opipe_sdh, NULL, 0, NULL, 0); - } - - if (smb_doorhdr_decode(&hdr, (uint8_t *)argp, hdr_size) == -1) - smbd_door_return(&smbd_opipe_sdh, NULL, 0, NULL, 0); - - if ((hdr.dh_magic != SMB_OPIPE_HDR_MAGIC) || (hdr.dh_fid == 0)) - smbd_door_return(&smbd_opipe_sdh, NULL, 0, NULL, 0); - - if (hdr.dh_datalen > SMB_OPIPE_DOOR_BUFSIZE) - hdr.dh_datalen = SMB_OPIPE_DOOR_BUFSIZE; - - data = (uint8_t *)argp + hdr_size; - datalen = hdr.dh_datalen; - - switch (hdr.dh_op) { - case SMB_OPIPE_OPEN: - hdr.dh_door_rc = ndr_pipe_open(hdr.dh_fid, data, datalen); - - hdr.dh_datalen = 0; - hdr.dh_resid = 0; - datalen = hdr_size; - break; - - case SMB_OPIPE_CLOSE: - hdr.dh_door_rc = ndr_pipe_close(hdr.dh_fid); - - hdr.dh_datalen = 0; - hdr.dh_resid = 0; - datalen = hdr_size; - break; - - case SMB_OPIPE_READ: - data = (uint8_t *)buf + hdr_size; - datalen = hdr.dh_datalen; - - hdr.dh_door_rc = ndr_pipe_read(hdr.dh_fid, data, &datalen, - &hdr.dh_resid); - - hdr.dh_datalen = datalen; - datalen += hdr_size; - break; - - case SMB_OPIPE_WRITE: - hdr.dh_door_rc = ndr_pipe_write(hdr.dh_fid, data, datalen); - - hdr.dh_datalen = 0; - hdr.dh_resid = 0; - datalen = hdr_size; - break; - - case SMB_OPIPE_EXEC: - hdr.dh_door_rc = smbd_opipe_exec_async(hdr.dh_fid); - - hdr.dh_datalen = 0; - hdr.dh_resid = 0; - datalen = hdr_size; - break; - - default: - smbd_door_return(&smbd_opipe_sdh, NULL, 0, NULL, 0); - break; - } - - (void) smb_doorhdr_encode(&hdr, (uint8_t *)buf, hdr_size); - smbd_door_return(&smbd_opipe_sdh, buf, datalen, NULL, 0); -} - -/* - * On success, arg will be freed by the thread. - */ -static int -smbd_opipe_exec_async(uint32_t fid) -{ - pthread_attr_t attr; - pthread_t tid; - uint32_t *arg; - int rc; - - if ((arg = malloc(sizeof (uint32_t))) == NULL) - return (ENOMEM); - - *arg = fid; - - (void) pthread_attr_init(&attr); - (void) pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_DETACHED); - rc = pthread_create(&tid, &attr, ndr_pipe_transact, arg); - (void) pthread_attr_destroy(&attr); - - if (rc != 0) - free(arg); - return (rc); -} diff --git a/usr/src/cmd/smbsrv/smbd/smbd_pipesvc.c b/usr/src/cmd/smbsrv/smbd/smbd_pipesvc.c new file mode 100644 index 0000000000..c6e6682b8e --- /dev/null +++ b/usr/src/cmd/smbsrv/smbd/smbd_pipesvc.c @@ -0,0 +1,394 @@ +/* + * This file and its contents are supplied under the terms of the + * Common Development and Distribution License ("CDDL"), version 1.0. + * You may only use this file in accordance with the terms of version + * 1.0 of the CDDL. + * + * A full copy of the text of the CDDL should have accompanied this + * source. A copy of the CDDL is also available via the Internet at + * http://www.illumos.org/license/CDDL. + */ + +/* + * Copyright 2015 Nexenta Systems, Inc. All rights reserved. + */ + +/* + * This is the named pipe service for smbd. + */ + +#include <sys/types.h> +#include <sys/stat.h> + +#include <stdio.h> +#include <strings.h> +#include <stdlib.h> +#include <synch.h> +#include <unistd.h> +#include <fcntl.h> +#include <door.h> +#include <errno.h> +#include <pthread.h> +#include <signal.h> + +#include <smbsrv/libsmb.h> +#include <smbsrv/libmlsvc.h> +#include <smbsrv/smb_xdr.h> +#include "smbd.h" + +struct pipe_listener { + const char *name; + int max_allowed; + int max_seen; + int current; + pthread_t tid; +}; + +static void *pipesvc_listener(void *); +static void *pipesvc_worker(void *); +static int pipe_send(ndr_pipe_t *, void *, size_t); +static int pipe_recv(ndr_pipe_t *, void *, size_t); + +mutex_t pipesvc_mutex = DEFAULTMUTEX; +int pipesvc_workers_max = 500; +int pipesvc_workers_cur = 0; + +uint16_t pipe_max_msgsize = SMB_PIPE_MAX_MSGSIZE; + +/* + * Allow more opens on SRVSVC because that's used by many clients + * to get the share list, etc. + */ +#define SRVSVC_MAX_OPENS 200 +#define DEF_MAX_OPENS 50 + +#define NLISTENERS 11 +static struct pipe_listener +pipe_listeners[NLISTENERS] = { + { "eventlog", DEF_MAX_OPENS, 0, 0 }, + { "lsarpc", DEF_MAX_OPENS, 0, 0 }, + { "lsass", DEF_MAX_OPENS, 0, 0 }, + { "netdfs", DEF_MAX_OPENS, 0, 0 }, + { "netlogon", DEF_MAX_OPENS, 0, 0 }, + { "samr", DEF_MAX_OPENS, 0, 0 }, + { "spoolss", DEF_MAX_OPENS, 0, 0 }, + { "srvsvc", SRVSVC_MAX_OPENS, 0, 0 }, + { "svcctl", DEF_MAX_OPENS, 0, 0 }, + { "winreg", DEF_MAX_OPENS, 0, 0 }, + { "wkssvc", DEF_MAX_OPENS, 0, 0 }, +}; + +static ndr_pipe_t * +np_new(struct pipe_listener *pl, int fid) +{ + ndr_pipe_t *np; + size_t len; + + /* + * Allocating ndr_pipe_t + smb_netuserinfo_t as one. + * We could just make that part of ndr_pipe_t, but + * that struct is opaque to libmlrpc. + */ + len = sizeof (*np) + sizeof (smb_netuserinfo_t); + np = malloc(len); + if (np == NULL) + return (NULL); + + bzero(np, len); + np->np_listener = pl; + np->np_endpoint = pl->name; + np->np_user = (void*)(np + 1); + np->np_send = pipe_send; + np->np_recv = pipe_recv; + np->np_fid = fid; + np->np_max_xmit_frag = pipe_max_msgsize; + np->np_max_recv_frag = pipe_max_msgsize; + + return (np); +} + +static void +np_free(ndr_pipe_t *np) +{ + (void) close(np->np_fid); + free(np); +} + +/* + * Create the smbd opipe door service. + * Returns the door descriptor on success. Otherwise returns -1. + */ +int +smbd_pipesvc_start(void) +{ + pthread_t tid; + pthread_attr_t tattr; + struct pipe_listener *pl; + int i, rc; + + if (mlsvc_init() != 0) { + smbd_report("msrpc initialization failed"); + return (-1); + } + + (void) pthread_attr_init(&tattr); + (void) pthread_attr_setdetachstate(&tattr, PTHREAD_CREATE_DETACHED); + + for (i = 0; i < NLISTENERS; i++) { + pl = &pipe_listeners[i]; + pl->max_seen = 0; + + if (strcasecmp(pl->name, "spoolss") == 0 && + smb_config_getbool(SMB_CI_PRINT_ENABLE) == B_FALSE) + continue; + + rc = pthread_create(&tid, &tattr, pipesvc_listener, pl); + if (rc != 0) + break; + pipe_listeners[i].tid = tid; + } + + if (rc != 0) { + smbd_report("pipesvc pthread_create, %d", rc); + } + + (void) pthread_attr_destroy(&tattr); + + return (rc); +} + +void +smbd_pipesvc_stop(void) +{ + int i; + + (void) mutex_lock(&pipesvc_mutex); + for (i = 0; i < NLISTENERS; i++) { + if (pipe_listeners[i].tid == 0) + continue; + (void) pthread_kill(pipe_listeners[i].tid, SIGTERM); + pipe_listeners[i].tid = 0; + } + (void) mutex_unlock(&pipesvc_mutex); +} + +static void * +pipesvc_listener(void *varg) +{ + struct sockaddr_un sa; + int err, listen_fd, newfd, snlen; + struct pipe_listener *pl = varg; + ndr_pipe_t *np; + pthread_t tid; + int rc; + + listen_fd = socket(AF_UNIX, SOCK_STREAM, 0); + if (listen_fd < 0) { + smbd_report("pipesvc_listener, so_create: %d", errno); + return (NULL); + } + + bzero(&sa, sizeof (sa)); + sa.sun_family = AF_UNIX; + (void) snprintf(sa.sun_path, sizeof (sa.sun_path), + "%s/%s", SMB_PIPE_DIR, pl->name); + + /* Bind it to a listening name. */ + (void) unlink(sa.sun_path); + if (bind(listen_fd, (struct sockaddr *)&sa, sizeof (sa)) < 0) { + smbd_report("pipesvc_listener, so_bind: %d", errno); + (void) close(listen_fd); + return (NULL); + } + + if (listen(listen_fd, SOMAXCONN) < 0) { + smbd_report("pipesvc_listener, listen: %d", errno); + (void) close(listen_fd); + return (NULL); + } + + for (;;) { + + snlen = sizeof (sa); + newfd = accept(listen_fd, (struct sockaddr *)&sa, &snlen); + if (newfd < 0) { + err = errno; + switch (err) { + case ECONNABORTED: + continue; + case EINTR: + /* normal termination */ + goto out; + default: + smbd_report("pipesvc_listener, " + "accept failed: %d", errno); + } + smbd_report("pipesvc_listener, accept: %d", err); + break; + } + + np = np_new(pl, newfd); + if (np == NULL) { + smbd_report("pipesvc_listener, alloc1 failed"); + (void) close(newfd); + continue; + } + + rc = pthread_create(&tid, NULL, pipesvc_worker, np); + if (rc != 0) { + smbd_report("pipesvc_listener, pthread_create: %d", + errno); + np_free(np); + continue; + } + (void) pthread_detach(tid); + + /* Note: np_free in pipesvc_worker */ + np = NULL; + } + +out: + (void) close(listen_fd); + pl->tid = 0; + return (NULL); +} + +static void * +pipesvc_worker(void *varg) +{ + XDR xdrs; + smb_pipehdr_t phdr; + ndr_pipe_t *np = varg; + struct pipe_listener *pl = np->np_listener; + void *buf = NULL; + uint32_t status; + ssize_t rc; + + (void) mutex_lock(&pipesvc_mutex); + if (pipesvc_workers_cur >= pipesvc_workers_max || + pl->current >= pl->max_allowed) { + (void) mutex_unlock(&pipesvc_mutex); + status = NT_STATUS_PIPE_NOT_AVAILABLE; + (void) send(np->np_fid, &status, sizeof (status), 0); + goto out_free_np; + } + pipesvc_workers_cur++; + pl->current++; + if (pl->max_seen < pl->current) + pl->max_seen = pl->current; + (void) mutex_unlock(&pipesvc_mutex); + + /* + * The smbsrv kmod sends us one initial message containing an + * XDR encoded smb_netuserinfo_t that we read and decode here, + * all unbeknownst to libmlrpc. + * + * Might be nice to enhance getpeerucred() so it can give us + * all the info smb_netuserinfo_t carries, and then use that, + * which would allow using a more generic RPC service. + */ + rc = pipe_recv(np, &phdr, sizeof (phdr)); + if (rc != 0) { + smbd_report("pipesvc_worker, recv1: %d", rc); + goto out_decr; + } + if (phdr.ph_magic != SMB_PIPE_HDR_MAGIC || + phdr.ph_uilen > 8192) { + smbd_report("pipesvc_worker, bad hdr"); + goto out_decr; + } + buf = malloc(phdr.ph_uilen); + if (buf == NULL) { + smbd_report("pipesvc_worker, alloc1 failed"); + goto out_decr; + } + rc = pipe_recv(np, buf, phdr.ph_uilen); + if (rc != 0) { + smbd_report("pipesvc_worker, recv2: %d", rc); + goto out_decr; + } + + xdrmem_create(&xdrs, buf, phdr.ph_uilen, XDR_DECODE); + if (!smb_netuserinfo_xdr(&xdrs, np->np_user)) { + smbd_report("pipesvc_worker, bad uinfo"); + goto out_free_buf; + } + + /* + * Later, could disallow opens of some pipes by + * anonymous users, etc. For now, reply "OK". + */ + status = 0; + rc = pipe_send(np, &status, sizeof (status)); + if (rc != 0) { + smbd_report("pipesvc_worker, send1: %d", rc); + goto out_free_buf; + } + + /* + * Run the RPC service loop worker, which + * returns when it sees the pipe close. + */ + ndr_pipe_worker(np); + + xdrs.x_op = XDR_FREE; + (void) smb_netuserinfo_xdr(&xdrs, np->np_user); + +out_free_buf: + free(buf); + xdr_destroy(&xdrs); + +out_decr: + (void) mutex_lock(&pipesvc_mutex); + pipesvc_workers_cur--; + pl->current--; + (void) mutex_unlock(&pipesvc_mutex); + +out_free_np: + /* Cleanup what came in by varg. */ + (void) shutdown(np->np_fid, SHUT_RDWR); + np_free(np); + return (NULL); +} + +/* + * These are the transport get/put callback functions provided + * via the ndr_pipe_t object to the libmlrpc`ndr_pipe_worker. + * These are called only with known PDU sizes and should + * loop as needed to transfer the entire message. + */ +static int +pipe_recv(ndr_pipe_t *np, void *buf, size_t len) +{ + int x; + + while (len > 0) { + x = recv(np->np_fid, buf, len, 0); + if (x < 0) + return (errno); + if (x == 0) + return (EIO); + buf = (char *)buf + x; + len -= x; + } + + return (0); +} + +static int +pipe_send(ndr_pipe_t *np, void *buf, size_t len) +{ + int x; + + while (len > 0) { + x = send(np->np_fid, buf, len, 0); + if (x < 0) + return (errno); + if (x == 0) + return (EIO); + buf = (char *)buf + x; + len -= x; + } + + return (0); +} diff --git a/usr/src/lib/libfakekernel/common/ksocket.c b/usr/src/lib/libfakekernel/common/ksocket.c index 53bcf87576..5ff3538926 100644 --- a/usr/src/lib/libfakekernel/common/ksocket.c +++ b/usr/src/lib/libfakekernel/common/ksocket.c @@ -21,7 +21,7 @@ /* * Copyright (c) 2008, 2010, Oracle and/or its affiliates. All rights reserved. - * Copyright 2013 Nexenta Systems, Inc. All rights reserved. + * Copyright 2014 Nexenta Systems, Inc. All rights reserved. */ #include <sys/types.h> @@ -504,6 +504,27 @@ ksocket_setsockopt(ksocket_t ks, int level, int optname, const void *optval, return (0); } +int +ksocket_ioctl(ksocket_t ks, int cmd, intptr_t arg, int *rvp, struct cred *cr) +{ + int rval; + + /* All Solaris components should pass a cred for this operation. */ + ASSERT(cr != NULL); + + if (!KSOCKET_VALID(ks)) + return (ENOTSOCK); + + rval = ioctl(KSTOSO(ks), cmd, arg); + if (rvp != NULL) + *rvp = rval; + + if (rval != 0) + rval = errno; + + return (rval); +} + void ksocket_hold(ksocket_t ks) { diff --git a/usr/src/lib/libfakekernel/common/mapfile-vers b/usr/src/lib/libfakekernel/common/mapfile-vers index ea8b9b8ca0..ffbff01f7f 100644 --- a/usr/src/lib/libfakekernel/common/mapfile-vers +++ b/usr/src/lib/libfakekernel/common/mapfile-vers @@ -10,7 +10,7 @@ # # -# Copyright 2013 Nexenta Systems, Inc. All rights reserved. +# Copyright 2014 Nexenta Systems, Inc. All rights reserved. # # @@ -105,6 +105,7 @@ SYMBOL_VERSION SUNWprivate_1.1 { ksocket_getpeername; ksocket_getsockname; ksocket_hold; + ksocket_ioctl; ksocket_listen; ksocket_recv; ksocket_recvfrom; diff --git a/usr/src/lib/smbsrv/libfksmbsrv/Makefile.com b/usr/src/lib/smbsrv/libfksmbsrv/Makefile.com index 92afcba6ae..d40fa8d629 100644 --- a/usr/src/lib/smbsrv/libfksmbsrv/Makefile.com +++ b/usr/src/lib/smbsrv/libfksmbsrv/Makefile.com @@ -34,7 +34,6 @@ OBJS_LOCAL = \ fksmb_idmap.o \ fksmb_init.o \ fksmb_kdoor.o \ - fksmb_opipe_door.o \ fksmb_sign_pkcs.o \ fake_lookup.o \ fake_nblk.o \ diff --git a/usr/src/lib/smbsrv/libfksmbsrv/common/fksmb_opipe_door.c b/usr/src/lib/smbsrv/libfksmbsrv/common/fksmb_opipe_door.c deleted file mode 100644 index a61ea7194c..0000000000 --- a/usr/src/lib/smbsrv/libfksmbsrv/common/fksmb_opipe_door.c +++ /dev/null @@ -1,131 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License (the "License"). - * You may not use this file except in compliance with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ -/* - * Copyright 2011 Nexenta Systems, Inc. All rights reserved. - * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved. - */ - -/* - * This module provides the interface to NDR RPC. - */ - -#include <sys/stat.h> -#include <sys/door.h> -#include <sys/door_data.h> -#include <sys/uio.h> -#include <sys/ksynch.h> -#include <smbsrv/smb_kproto.h> -#include <smbsrv/smb_door.h> - -/* - * opipe door client (to user space door server). - */ -void -smb_opipe_door_init(smb_server_t *sv) -{ - sv->sv_opipe_door_id = -1; - mutex_init(&sv->sv_opipe_door_mutex, NULL, MUTEX_DEFAULT, NULL); - cv_init(&sv->sv_opipe_door_cv, NULL, CV_DEFAULT, NULL); -} - -void -smb_opipe_door_fini(smb_server_t *sv) -{ - smb_opipe_door_close(sv); - cv_destroy(&sv->sv_opipe_door_cv); - mutex_destroy(&sv->sv_opipe_door_mutex); -} - -void -fksmb_opipe_door_open(smb_server_t *sv, void *varg) -{ - /* varg is the "door" dispatch function. */ - sv->sv_opipe_door_hd = varg; -} - -/* - * Close the (user space) door. - */ -void -smb_opipe_door_close(smb_server_t *sv) -{ - sv->sv_opipe_door_hd = NULL; - sv->sv_opipe_door_id = -1; -} - - -/* - * opipe door call interface. - * Door serialization and call reference accounting is handled here. - */ -int -smb_opipe_door_call(smb_opipe_t *opipe) -{ - smb_server_t *sv = opipe->p_server; - fksmb_opipe_disp_func_t *func; - door_arg_t da; - smb_doorhdr_t hdr; - int rc; - - if (sv == NULL) - return (EFAULT); - if (smb_server_is_stopping(sv)) - return (-1); - - func = (fksmb_opipe_disp_func_t *)(sv->sv_opipe_door_hd); - if (func == NULL) - return (EFAULT); - - da.data_ptr = (char *)opipe->p_doorbuf; - da.data_size = SMB_OPIPE_DOOR_BUFSIZE; - da.desc_ptr = NULL; - da.desc_num = 0; - da.rbuf = (char *)opipe->p_doorbuf; - da.rsize = SMB_OPIPE_DOOR_BUFSIZE; - - - /* - * Do the "upcall" to smbd-d. In-kernel, this is: - * door_ki_upcall_limited(...) - */ - rc = (*func)(&da); - if (rc != 0) - return (rc); - - /* Check for door_return(NULL, 0, NULL, 0) */ - if (rc != 0 || da.data_size == 0 || da.rsize == 0) - return (-1); - - if (smb_doorhdr_decode(&hdr, (uint8_t *)da.data_ptr, da.rsize) == -1) - return (-1); - - if ((hdr.dh_magic != SMB_OPIPE_HDR_MAGIC) || - (hdr.dh_fid != opipe->p_hdr.dh_fid) || - (hdr.dh_op != opipe->p_hdr.dh_op) || - (hdr.dh_door_rc != 0) || - (hdr.dh_datalen > SMB_OPIPE_DOOR_BUFSIZE)) { - return (-1); - } - - opipe->p_hdr.dh_datalen = hdr.dh_datalen; - opipe->p_hdr.dh_resid = hdr.dh_resid; - return (0); -} diff --git a/usr/src/lib/smbsrv/libmlrpc/common/libmlrpc.h b/usr/src/lib/smbsrv/libmlrpc/common/libmlrpc.h index ba89e34739..5b55ce4c54 100644 --- a/usr/src/lib/smbsrv/libmlrpc/common/libmlrpc.h +++ b/usr/src/lib/smbsrv/libmlrpc/common/libmlrpc.h @@ -19,8 +19,8 @@ * CDDL HEADER END */ /* - * Copyright 2011 Nexenta Systems, Inc. All rights reserved. * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright 2013 Nexenta Systems, Inc. All rights reserved. */ #ifndef _LIBMLRPC_H @@ -247,28 +247,18 @@ typedef struct ndr_binding { #define NDR_N_BINDING_POOL 2 typedef struct ndr_pipe { + void *np_listener; + const char *np_endpoint; + smb_netuserinfo_t *np_user; + int (*np_send)(struct ndr_pipe *, void *, size_t); + int (*np_recv)(struct ndr_pipe *, void *, size_t); int np_fid; - uint32_t np_txid; - smb_netuserinfo_t np_user; - char *np_buf; - struct uio np_uio; - iovec_t np_iov; - ndr_fraglist_t np_frags; - int np_refcnt; uint16_t np_max_xmit_frag; uint16_t np_max_recv_frag; ndr_binding_t *np_binding; ndr_binding_t np_binding_pool[NDR_N_BINDING_POOL]; } ndr_pipe_t; -typedef struct ndr_pipe_info { - uint32_t npi_fid; - uint32_t npi_permissions; - uint32_t npi_num_locks; - char npi_pathname[MAXPATHLEN]; - char npi_username[MAXNAMELEN]; -} ndr_pipe_info_t; - /* * Number of bytes required to align SIZE on the next dword/4-byte * boundary. @@ -429,7 +419,6 @@ int ndr_heap_avail(ndr_heap_t *); #define NDR_SIDDUP(XA, S) ndr_heap_siddup((XA)->heap, (S)) typedef struct ndr_xa { - int fid; unsigned short ptype; /* high bits special */ unsigned short opnum; ndr_stream_t recv_nds; @@ -476,7 +465,7 @@ typedef struct ndr_client { typedef struct ndr_handle { ndr_hdid_t nh_id; struct ndr_handle *nh_next; - int nh_fid; + ndr_pipe_t *nh_pipe; const ndr_service_t *nh_svc; ndr_client_t *nh_clnt; void *nh_data; @@ -495,7 +484,6 @@ typedef struct ndr_buf { /* ndr_ops.c */ int nds_initialize(ndr_stream_t *, unsigned, int, ndr_heap_t *); -void nds_finalize(ndr_stream_t *, ndr_fraglist_t *); void nds_destruct(ndr_stream_t *); void nds_show_state(ndr_stream_t *); @@ -522,11 +510,7 @@ unsigned ndr_bind_ack_hdr_size(ndr_xa_t *); unsigned ndr_alter_context_rsp_hdr_size(void); /* ndr_server.c */ -int ndr_pipe_open(int, uint8_t *, uint32_t); -int ndr_pipe_close(int); -int ndr_pipe_read(int, uint8_t *, uint32_t *, uint32_t *); -int ndr_pipe_write(int, uint8_t *, uint32_t); -void *ndr_pipe_transact(void *); +void ndr_pipe_worker(ndr_pipe_t *); int ndr_generic_call_stub(ndr_xa_t *); @@ -550,7 +534,7 @@ void ndr_uuid_unparse(ndr_uuid_t *, char *); ndr_hdid_t *ndr_hdalloc(const ndr_xa_t *, const void *); void ndr_hdfree(const ndr_xa_t *, const ndr_hdid_t *); ndr_handle_t *ndr_hdlookup(const ndr_xa_t *, const ndr_hdid_t *); -void ndr_hdclose(int fid); +void ndr_hdclose(ndr_pipe_t *); ssize_t ndr_uiomove(caddr_t, size_t, enum uio_rw, struct uio *); diff --git a/usr/src/lib/smbsrv/libmlrpc/common/mapfile-vers b/usr/src/lib/smbsrv/libmlrpc/common/mapfile-vers index c6a32420e0..5822d32711 100644 --- a/usr/src/lib/smbsrv/libmlrpc/common/mapfile-vers +++ b/usr/src/lib/smbsrv/libmlrpc/common/mapfile-vers @@ -20,6 +20,7 @@ # # # Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved. +# Copyright 2013 Nexenta Systems, Inc. All rights reserved. # # @@ -68,11 +69,7 @@ SYMBOL_VERSION SUNWprivate { ndr_mbtowc; ndr_native_os; ndr_params; - ndr_pipe_open; - ndr_pipe_close; - ndr_pipe_read; - ndr_pipe_transact; - ndr_pipe_write; + ndr_pipe_worker; ndr_svc_binding_pool_init; ndr_svc_lookup_name; ndr_svc_register; diff --git a/usr/src/lib/smbsrv/libmlrpc/common/ndr_ops.c b/usr/src/lib/smbsrv/libmlrpc/common/ndr_ops.c index 0e8fdf575e..0cbcdc6e90 100644 --- a/usr/src/lib/smbsrv/libmlrpc/common/ndr_ops.c +++ b/usr/src/lib/smbsrv/libmlrpc/common/ndr_ops.c @@ -21,6 +21,7 @@ /* * Copyright (c) 2008, 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright 2013 Nexenta Systems, Inc. All rights reserved. */ /* @@ -160,44 +161,6 @@ nds_initialize(ndr_stream_t *nds, unsigned pdu_size_hint, return (0); } -void -nds_finalize(ndr_stream_t *nds, ndr_fraglist_t *frags) -{ - iovec_t *iov; - ndr_frag_t *frag; - uint32_t size = 0; - - bzero(frags, sizeof (ndr_fraglist_t)); - - for (frag = nds->frags.head; frag; frag = frag->next) - size += frag->len; - - if (size == 0 || size >= NDR_PDU_MAX_SIZE) - return; - - frags->iov = malloc(nds->frags.nfrag * sizeof (iovec_t)); - if (frags->iov == NULL) - return; - - frags->head = nds->frags.head; - frags->tail = nds->frags.tail; - frags->nfrag = nds->frags.nfrag; - bzero(&nds->frags, sizeof (ndr_fraglist_t)); - - frags->uio.uio_iov = frags->iov; - frags->uio.uio_iovcnt = frags->nfrag; - frags->uio.uio_offset = 0; - frags->uio.uio_segflg = UIO_USERSPACE; - frags->uio.uio_resid = size; - - iov = frags->uio.uio_iov; - for (frag = frags->head; frag; frag = frag->next) { - iov->iov_base = (caddr_t)frag->buf; - iov->iov_len = frag->len; - ++iov; - } -} - /* * nds_destruct * @@ -424,7 +387,6 @@ ndo_reset(ndr_stream_t *nds) static void ndo_destruct(ndr_stream_t *nds) { - ndr_frag_t *frag; ndo_printf(nds, 0, "destruct"); @@ -437,13 +399,6 @@ ndo_destruct(ndr_stream_t *nds) nds->pdu_base_offset = 0; } - while ((frag = nds->frags.head) != NULL) { - nds->frags.head = frag->next; - free(frag); - } - - bzero(&nds->frags, sizeof (ndr_fraglist_t)); - nds->outer_queue_head = 0; nds->outer_current = 0; nds->outer_queue_tailp = &nds->outer_queue_head; diff --git a/usr/src/lib/smbsrv/libmlrpc/common/ndr_server.c b/usr/src/lib/smbsrv/libmlrpc/common/ndr_server.c index bd51913552..198daa7d55 100644 --- a/usr/src/lib/smbsrv/libmlrpc/common/ndr_server.c +++ b/usr/src/lib/smbsrv/libmlrpc/common/ndr_server.c @@ -20,6 +20,7 @@ */ /* * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright 2015 Nexenta Systems, Inc. All rights reserved. */ /* @@ -27,478 +28,248 @@ */ #include <sys/byteorder.h> -#include <sys/errno.h> #include <sys/uio.h> -#include <thread.h> +#include <errno.h> #include <synch.h> #include <stdlib.h> #include <strings.h> #include <string.h> -#include <time.h> +#include <thread.h> #include <smbsrv/libsmb.h> #include <smbsrv/libmlrpc.h> #include <smbsrv/ntaccess.h> -/* - * Fragment size (5680: NT style). - */ -#define NDR_FRAG_SZ 5680 - -#define NDR_GROW_SIZE (8 * 1024) -#define NDR_GROW_MASK (NDR_GROW_SIZE - 1) -#define NDR_ALIGN_BUF(S) (((S) + NDR_GROW_SIZE) & ~NDR_GROW_MASK) - -#define NDR_PIPE_BUFSZ (64 * 1024) -#define NDR_PIPE_BUFMAX (64 * 1024 * 1024) -#define NDR_PIPE_MAX 128 - -static ndr_pipe_t ndr_pipe_table[NDR_PIPE_MAX]; -static mutex_t ndr_pipe_lock; - -static int ndr_pipe_process(ndr_pipe_t *); -static ndr_pipe_t *ndr_pipe_lookup(int); -static void ndr_pipe_release(ndr_pipe_t *); -static ndr_pipe_t *ndr_pipe_allocate(int); -static int ndr_pipe_grow(ndr_pipe_t *, size_t); -static void ndr_pipe_deallocate(ndr_pipe_t *); -static void ndr_pipe_rewind(ndr_pipe_t *); -static void ndr_pipe_flush(ndr_pipe_t *); +#define NDR_PIPE_SEND(np, buf, len) \ + ((np)->np_send)((np), (buf), (len)) +#define NDR_PIPE_RECV(np, buf, len) \ + ((np)->np_recv)((np), (buf), (len)) static int ndr_svc_process(ndr_xa_t *); -static int ndr_svc_defrag(ndr_xa_t *); static int ndr_svc_bind(ndr_xa_t *); static int ndr_svc_request(ndr_xa_t *); static void ndr_reply_prepare_hdr(ndr_xa_t *); static int ndr_svc_alter_context(ndr_xa_t *); static void ndr_reply_fault(ndr_xa_t *, unsigned long); -static int ndr_build_reply(ndr_xa_t *); -static void ndr_build_frag(ndr_stream_t *, uint8_t *, uint32_t); + +static int ndr_recv_request(ndr_xa_t *mxa); +static int ndr_recv_frag(ndr_xa_t *mxa); +static int ndr_send_reply(ndr_xa_t *); + +static int ndr_pipe_process(ndr_pipe_t *, ndr_xa_t *); /* - * Allocate and associate a service context with a fid. + * External entry point called by smbd. */ -int -ndr_pipe_open(int fid, uint8_t *data, uint32_t datalen) +void +ndr_pipe_worker(ndr_pipe_t *np) { - ndr_pipe_t *np; - - (void) mutex_lock(&ndr_pipe_lock); - - if ((np = ndr_pipe_lookup(fid)) != NULL) { - ndr_pipe_release(np); - (void) mutex_unlock(&ndr_pipe_lock); - return (EEXIST); - } - - if ((np = ndr_pipe_allocate(fid)) == NULL) { - (void) mutex_unlock(&ndr_pipe_lock); - return (ENOMEM); - } - - if (smb_netuserinfo_decode(&np->np_user, data, datalen, NULL) == -1) { - ndr_pipe_release(np); - (void) mutex_unlock(&ndr_pipe_lock); - return (EINVAL); - } + ndr_xa_t *mxa; + int rc; ndr_svc_binding_pool_init(&np->np_binding, np->np_binding_pool, NDR_N_BINDING_POOL); - (void) mutex_unlock(&ndr_pipe_lock); - return (0); -} - -/* - * Release the context associated with a fid when an opipe is closed. - */ -int -ndr_pipe_close(int fid) -{ - ndr_pipe_t *np; + if ((mxa = malloc(sizeof (*mxa))) == NULL) + return; - (void) mutex_lock(&ndr_pipe_lock); + do { + bzero(mxa, sizeof (*mxa)); + rc = ndr_pipe_process(np, mxa); + } while (rc == 0); - if ((np = ndr_pipe_lookup(fid)) == NULL) { - (void) mutex_unlock(&ndr_pipe_lock); - return (ENOENT); - } + free(mxa); /* - * Release twice: once for the lookup above - * and again to close the fid. + * Ensure that there are no RPC service policy handles + * (associated with this fid) left around. */ - ndr_pipe_release(np); - ndr_pipe_release(np); - (void) mutex_unlock(&ndr_pipe_lock); - return (0); -} - -/* - * Write RPC request data to the input stream. Input data is buffered - * until the response is requested. - */ -int -ndr_pipe_write(int fid, uint8_t *buf, uint32_t len) -{ - ndr_pipe_t *np; - ssize_t nbytes; - int rc; - - if (len == 0) - return (0); - - (void) mutex_lock(&ndr_pipe_lock); - - if ((np = ndr_pipe_lookup(fid)) == NULL) { - (void) mutex_unlock(&ndr_pipe_lock); - return (ENOENT); - } - - if ((rc = ndr_pipe_grow(np, len)) != 0) { - (void) mutex_unlock(&ndr_pipe_lock); - return (rc); - } - - nbytes = ndr_uiomove((caddr_t)buf, len, UIO_READ, &np->np_uio); - - ndr_pipe_release(np); - (void) mutex_unlock(&ndr_pipe_lock); - return ((nbytes == len) ? 0 : EIO); -} - -/* - * Read RPC response data. - */ -int -ndr_pipe_read(int fid, uint8_t *buf, uint32_t *len, uint32_t *resid) -{ - ndr_pipe_t *np; - ssize_t nbytes = *len; - - if (nbytes == 0) { - *resid = 0; - return (0); - } - - (void) mutex_lock(&ndr_pipe_lock); - if ((np = ndr_pipe_lookup(fid)) == NULL) { - (void) mutex_unlock(&ndr_pipe_lock); - return (ENOENT); - } - (void) mutex_unlock(&ndr_pipe_lock); - - *len = ndr_uiomove((caddr_t)buf, nbytes, UIO_WRITE, &np->np_frags.uio); - *resid = np->np_frags.uio.uio_resid; - - if (*resid == 0) { - /* - * Nothing left, cleanup the output stream. - */ - ndr_pipe_flush(np); - } - - (void) mutex_lock(&ndr_pipe_lock); - ndr_pipe_release(np); - (void) mutex_unlock(&ndr_pipe_lock); - return (0); -} - -/* - * If the input stream contains an RPC request, process the RPC transaction, - * which will place the RPC response in the output (frags) stream. - * - * arg is freed here; it must have been allocated by malloc(). - */ -void * -ndr_pipe_transact(void *arg) -{ - uint32_t *tmp = (uint32_t *)arg; - uint32_t fid; - ndr_pipe_t *np; - - if (arg == NULL) - return (NULL); - - fid = *tmp; - - (void) mutex_lock(&ndr_pipe_lock); - if ((np = ndr_pipe_lookup(fid)) == NULL) { - (void) mutex_unlock(&ndr_pipe_lock); - (void) smb_kmod_event_notify(fid); - free(arg); - return (NULL); - } - (void) mutex_unlock(&ndr_pipe_lock); - - if (ndr_pipe_process(np) != 0) - ndr_pipe_flush(np); - - (void) mutex_lock(&ndr_pipe_lock); - ndr_pipe_release(np); - (void) mutex_unlock(&ndr_pipe_lock); - (void) smb_kmod_event_notify(fid); - free(arg); - return (NULL); + ndr_hdclose(np); } /* - * Process a server-side RPC request. + * Process one server-side RPC request. */ static int -ndr_pipe_process(ndr_pipe_t *np) +ndr_pipe_process(ndr_pipe_t *np, ndr_xa_t *mxa) { - ndr_xa_t *mxa; ndr_stream_t *recv_nds; ndr_stream_t *send_nds; - char *data; - int datalen; - int rc; + int rc = ENOMEM; - data = np->np_buf; - datalen = np->np_uio.uio_offset; - - if (datalen == 0) - return (0); - - if ((mxa = (ndr_xa_t *)malloc(sizeof (ndr_xa_t))) == NULL) - return (ENOMEM); - - bzero(mxa, sizeof (ndr_xa_t)); - mxa->fid = np->np_fid; mxa->pipe = np; mxa->binding_list = np->np_binding; - if ((mxa->heap = ndr_heap_create()) == NULL) { - free(mxa); - return (ENOMEM); - } + if ((mxa->heap = ndr_heap_create()) == NULL) + goto out1; recv_nds = &mxa->recv_nds; - rc = nds_initialize(recv_nds, datalen, NDR_MODE_CALL_RECV, mxa->heap); - if (rc != 0) { - ndr_heap_destroy(mxa->heap); - free(mxa); - return (ENOMEM); - } - - /* - * Copy the input data and reset the input stream. - */ - bcopy(data, recv_nds->pdu_base_addr, datalen); - ndr_pipe_rewind(np); + rc = nds_initialize(recv_nds, 0, NDR_MODE_CALL_RECV, mxa->heap); + if (rc != 0) + goto out2; send_nds = &mxa->send_nds; rc = nds_initialize(send_nds, 0, NDR_MODE_RETURN_SEND, mxa->heap); - if (rc != 0) { - nds_destruct(&mxa->recv_nds); - ndr_heap_destroy(mxa->heap); - free(mxa); - return (ENOMEM); - } + if (rc != 0) + goto out3; + + rc = ndr_recv_request(mxa); + if (rc != 0) + goto out4; (void) ndr_svc_process(mxa); + (void) ndr_send_reply(mxa); + rc = 0; - nds_finalize(send_nds, &np->np_frags); - nds_destruct(&mxa->recv_nds); +out4: nds_destruct(&mxa->send_nds); +out3: + nds_destruct(&mxa->recv_nds); +out2: ndr_heap_destroy(mxa->heap); - free(mxa); - return (0); +out1: + return (rc); } /* - * Must be called with ndr_pipe_lock held. + * Check whether or not the specified user has administrator privileges, + * i.e. is a member of Domain Admins or Administrators. + * Returns true if the user is an administrator, otherwise returns false. */ -static ndr_pipe_t * -ndr_pipe_lookup(int fid) +boolean_t +ndr_is_admin(ndr_xa_t *xa) { - ndr_pipe_t *np; - int i; - - for (i = 0; i < NDR_PIPE_MAX; ++i) { - np = &ndr_pipe_table[i]; - - if (np->np_fid == fid) { - if (np->np_refcnt == 0) - return (NULL); + smb_netuserinfo_t *ctx = xa->pipe->np_user; - np->np_refcnt++; - return (np); - } - } - - return (NULL); + return (ctx->ui_flags & SMB_ATF_ADMIN); } /* - * Must be called with ndr_pipe_lock held. + * Check whether or not the specified user has power-user privileges, + * i.e. is a member of Domain Admins, Administrators or Power Users. + * This is typically required for operations such as managing shares. + * Returns true if the user is a power user, otherwise returns false. */ -static void -ndr_pipe_release(ndr_pipe_t *np) +boolean_t +ndr_is_poweruser(ndr_xa_t *xa) { - np->np_refcnt--; - ndr_pipe_deallocate(np); + smb_netuserinfo_t *ctx = xa->pipe->np_user; + + return ((ctx->ui_flags & SMB_ATF_ADMIN) || + (ctx->ui_flags & SMB_ATF_POWERUSER)); } -/* - * Must be called with ndr_pipe_lock held. - */ -static ndr_pipe_t * -ndr_pipe_allocate(int fid) +int32_t +ndr_native_os(ndr_xa_t *xa) { - ndr_pipe_t *np = NULL; - int i; + smb_netuserinfo_t *ctx = xa->pipe->np_user; - for (i = 0; i < NDR_PIPE_MAX; ++i) { - np = &ndr_pipe_table[i]; - - if (np->np_fid == 0) { - bzero(np, sizeof (ndr_pipe_t)); - - if ((np->np_buf = malloc(NDR_PIPE_BUFSZ)) == NULL) - return (NULL); - - ndr_pipe_rewind(np); - np->np_fid = fid; - np->np_refcnt = 1; - return (np); - } - } - - return (NULL); + return (ctx->ui_native_os); } /* - * If the desired space exceeds the current pipe size, try to expand - * the pipe. Leave the current pipe intact if the realloc fails. - * - * Must be called with ndr_pipe_lock held. + * Receive an entire RPC request (all fragments) + * Returns zero or an NDR fault code. */ static int -ndr_pipe_grow(ndr_pipe_t *np, size_t desired) +ndr_recv_request(ndr_xa_t *mxa) { - char *newbuf; - size_t current; - size_t required; - - required = np->np_uio.uio_offset + desired; - current = np->np_uio.uio_offset + np->np_uio.uio_resid; - - if (required <= current) - return (0); - - if (required > NDR_PIPE_BUFMAX) { - smb_tracef("ndr_pipe_grow: required=%d, max=%d (ENOSPC)", - required, NDR_PIPE_BUFMAX); - return (ENOSPC); - } - - required = NDR_ALIGN_BUF(required); - if (required > NDR_PIPE_BUFMAX) - required = NDR_PIPE_BUFMAX; - - if ((newbuf = realloc(np->np_buf, required)) == NULL) { - smb_tracef("ndr_pipe_grow: realloc failed (ENOMEM)"); - return (ENOMEM); - } + ndr_common_header_t *hdr = &mxa->recv_hdr.common_hdr; + ndr_stream_t *nds = &mxa->recv_nds; + unsigned long saved_size; + int rc; - np->np_buf = newbuf; - np->np_iov.iov_base = np->np_buf + np->np_uio.uio_offset; - np->np_uio.uio_resid += desired; - np->np_iov.iov_len += desired; - return (0); -} + rc = ndr_recv_frag(mxa); + if (rc != 0) + return (rc); + if (!NDR_IS_FIRST_FRAG(hdr->pfc_flags)) + return (NDR_DRC_FAULT_DECODE_FAILED); -/* - * Must be called with ndr_pipe_lock held. - */ -static void -ndr_pipe_deallocate(ndr_pipe_t *np) -{ - if (np->np_refcnt == 0) { - /* - * Ensure that there are no RPC service policy handles - * (associated with this fid) left around. - */ - ndr_hdclose(np->np_fid); - - ndr_pipe_rewind(np); - ndr_pipe_flush(np); - free(np->np_buf); - free(np->np_user.ui_domain); - free(np->np_user.ui_account); - free(np->np_user.ui_workstation); - bzero(np, sizeof (ndr_pipe_t)); + while (!NDR_IS_LAST_FRAG(hdr->pfc_flags)) { + rc = ndr_recv_frag(mxa); + if (rc != 0) + return (rc); } -} - -/* - * Rewind the input data stream, ready for the next write. - */ -static void -ndr_pipe_rewind(ndr_pipe_t *np) -{ - np->np_uio.uio_iov = &np->np_iov; - np->np_uio.uio_iovcnt = 1; - np->np_uio.uio_offset = 0; - np->np_uio.uio_segflg = UIO_USERSPACE; - np->np_uio.uio_resid = NDR_PIPE_BUFSZ; - np->np_iov.iov_base = np->np_buf; - np->np_iov.iov_len = NDR_PIPE_BUFSZ; -} - -/* - * Flush the output data stream. - */ -static void -ndr_pipe_flush(ndr_pipe_t *np) -{ - ndr_frag_t *frag; + nds->pdu_scan_offset = 0; - while ((frag = np->np_frags.head) != NULL) { - np->np_frags.head = frag->next; - free(frag); - } + /* + * This whacks nds->pdu_size, so save/restore. + * It leaves scan_offset after the header. + */ + saved_size = nds->pdu_size; + rc = ndr_decode_pdu_hdr(mxa); + nds->pdu_size = saved_size; - free(np->np_frags.iov); - bzero(&np->np_frags, sizeof (ndr_fraglist_t)); + return (rc); } /* - * Check whether or not the specified user has administrator privileges, - * i.e. is a member of Domain Admins or Administrators. - * Returns true if the user is an administrator, otherwise returns false. + * Read one fragment, leaving the decoded frag header in + * recv_hdr.common_hdr, and the data in the recv_nds. + * + * Returns zero or an NDR fault code. + * + * If a first frag, the header is included in the data + * placed in recv_nds (because it's not fully decoded + * until later - we only decode the common part here). + * Additional frags are placed in the recv_nds without + * the header, so that after the first frag header, + * the remaining data will be contiguous. We do this + * by simply not advancing the offset in recv_nds after + * reading and decoding these additional fragments, so + * the payload of such frags will overwrite what was + * (temporarily) the frag header. */ -boolean_t -ndr_is_admin(ndr_xa_t *xa) +static int +ndr_recv_frag(ndr_xa_t *mxa) { - smb_netuserinfo_t *ctx = &xa->pipe->np_user; + ndr_common_header_t *hdr = &mxa->recv_hdr.common_hdr; + ndr_stream_t *nds = &mxa->recv_nds; + unsigned char *data; + unsigned long next_offset; + unsigned long pay_size; + int rc; - return (ctx->ui_flags & SMB_ATF_ADMIN); -} + /* Make room for the frag header. */ + next_offset = nds->pdu_scan_offset + NDR_RSP_HDR_SIZE; + if (!NDS_GROW_PDU(nds, next_offset, 0)) + return (NDR_DRC_FAULT_OUT_OF_MEMORY); -/* - * Check whether or not the specified user has power-user privileges, - * i.e. is a member of Domain Admins, Administrators or Power Users. - * This is typically required for operations such as managing shares. - * Returns true if the user is a power user, otherwise returns false. - */ -boolean_t -ndr_is_poweruser(ndr_xa_t *xa) -{ - smb_netuserinfo_t *ctx = &xa->pipe->np_user; + /* Read the frag header. */ + data = nds->pdu_base_addr + nds->pdu_scan_offset; + rc = NDR_PIPE_RECV(mxa->pipe, data, NDR_RSP_HDR_SIZE); + if (rc != 0) + return (NDR_DRC_FAULT_RPCHDR_RECEIVED_RUNT); - return ((ctx->ui_flags & SMB_ATF_ADMIN) || - (ctx->ui_flags & SMB_ATF_POWERUSER)); -} + /* + * Decode the frag header, get the length. + * NB: It uses nds->pdu_scan_offset + */ + ndr_decode_frag_hdr(nds, hdr); + ndr_show_hdr(hdr); + if (hdr->frag_length < NDR_RSP_HDR_SIZE || + hdr->frag_length > mxa->pipe->np_max_xmit_frag) + return (NDR_DRC_FAULT_DECODE_FAILED); + + if (nds->pdu_scan_offset == 0) { + /* First frag: header stays in the data. */ + nds->pdu_scan_offset = next_offset; + } /* else overwrite with the payload */ + + /* Make room for the payload. */ + pay_size = hdr->frag_length - NDR_RSP_HDR_SIZE; + next_offset = nds->pdu_scan_offset + pay_size; + if (!NDS_GROW_PDU(nds, next_offset, 0)) + return (NDR_DRC_FAULT_OUT_OF_MEMORY); -int32_t -ndr_native_os(ndr_xa_t *xa) -{ - smb_netuserinfo_t *ctx = &xa->pipe->np_user; + /* Read the payload. */ + data = nds->pdu_base_addr + nds->pdu_scan_offset; + rc = NDR_PIPE_RECV(mxa->pipe, data, pay_size); + if (rc != 0) + return (NDR_DRC_FAULT_RPCHDR_RECEIVED_RUNT); + nds->pdu_scan_offset = next_offset; - return (ctx->ui_native_os); + return (NDR_DRC_OK); } /* @@ -508,16 +279,8 @@ ndr_native_os(ndr_xa_t *xa) static int ndr_svc_process(ndr_xa_t *mxa) { - ndr_common_header_t *hdr = &mxa->recv_hdr.common_hdr; - ndr_stream_t *nds = &mxa->recv_nds; - unsigned long saved_offset; - unsigned long saved_size; int rc; - rc = ndr_decode_pdu_hdr(mxa); - if (!NDR_DRC_IS_OK(rc)) - return (-1); - (void) ndr_reply_prepare_hdr(mxa); switch (mxa->ptype) { @@ -526,35 +289,6 @@ ndr_svc_process(ndr_xa_t *mxa) break; case NDR_PTYPE_REQUEST: - if (!NDR_IS_FIRST_FRAG(hdr->pfc_flags)) { - ndr_show_hdr(hdr); - rc = NDR_DRC_FAULT_DECODE_FAILED; - goto ndr_svc_process_fault; - } - - if (!NDR_IS_LAST_FRAG(hdr->pfc_flags)) { - /* - * Multi-fragment request. Preserve the PDU scan - * offset and size during defrag so that we can - * continue as if we had received contiguous data. - */ - saved_offset = nds->pdu_scan_offset; - saved_size = nds->pdu_size; - - nds->pdu_scan_offset = hdr->frag_length; - nds->pdu_size = nds->pdu_max_size; - - rc = ndr_svc_defrag(mxa); - if (NDR_DRC_IS_FAULT(rc)) { - ndr_show_hdr(hdr); - nds_show_state(nds); - goto ndr_svc_process_fault; - } - - nds->pdu_scan_offset = saved_offset; - nds->pdu_size = saved_size; - } - rc = ndr_svc_request(mxa); break; @@ -567,61 +301,13 @@ ndr_svc_process(ndr_xa_t *mxa) break; } -ndr_svc_process_fault: if (NDR_DRC_IS_FAULT(rc)) ndr_reply_fault(mxa, rc); - (void) ndr_build_reply(mxa); return (rc); } /* - * Remove RPC fragment headers from the received data stream. - * The first fragment has already been accounted for before this call. - * - * NDR stream on entry: - * - * |<-- frag 2 -->|<-- frag 3 -->| ... |<- last frag ->| - * - * +-----+--------+-----+--------+-----+-----+---------+ - * | hdr | data | hdr | data | ... | hdr | data | - * +-----+--------+-----+--------+-----+-----+---------+ - * - * NDR stream on return: - * - * +----------------------------------+ - * | data | - * +----------------------------------+ - */ -static int -ndr_svc_defrag(ndr_xa_t *mxa) -{ - ndr_stream_t *nds = &mxa->recv_nds; - ndr_common_header_t frag_hdr; - int frag_size; - int last_frag; - - do { - ndr_decode_frag_hdr(nds, &frag_hdr); - ndr_show_hdr(&frag_hdr); - - if (NDR_IS_FIRST_FRAG(frag_hdr.pfc_flags)) - return (NDR_DRC_FAULT_DECODE_FAILED); - - last_frag = NDR_IS_LAST_FRAG(frag_hdr.pfc_flags); - frag_size = frag_hdr.frag_length; - - if (frag_size > (nds->pdu_size - nds->pdu_scan_offset)) - return (NDR_DRC_FAULT_DECODE_FAILED); - - ndr_remove_frag_hdr(nds); - nds->pdu_scan_offset += frag_size - NDR_RSP_HDR_SIZE; - } while (!last_frag); - - return (NDR_DRC_OK); -} - -/* * Multiple p_cont_elem[]s, multiple transfer_syntaxes[] and multiple * p_results[] not supported. */ @@ -919,25 +605,37 @@ ndr_reply_prepare_hdr(ndr_xa_t *mxa) switch (mxa->ptype) { case NDR_PTYPE_BIND: + /* + * Compute the maximum fragment sizes for xmit/recv + * and store in the pipe endpoint. Note "xmit" is + * client-to-server; "recv" is server-to-client. + */ + if (mxa->pipe->np_max_xmit_frag > + mxa->recv_hdr.bind_hdr.max_xmit_frag) + mxa->pipe->np_max_xmit_frag = + mxa->recv_hdr.bind_hdr.max_xmit_frag; + if (mxa->pipe->np_max_recv_frag > + mxa->recv_hdr.bind_hdr.max_recv_frag) + mxa->pipe->np_max_recv_frag = + mxa->recv_hdr.bind_hdr.max_recv_frag; + hdr->ptype = NDR_PTYPE_BIND_ACK; mxa->send_hdr.bind_ack_hdr.max_xmit_frag = - mxa->recv_hdr.bind_hdr.max_xmit_frag; + mxa->pipe->np_max_xmit_frag; mxa->send_hdr.bind_ack_hdr.max_recv_frag = - mxa->recv_hdr.bind_hdr.max_recv_frag; + mxa->pipe->np_max_recv_frag; + + /* + * We're supposed to assign a unique "assoc group" + * (identifies this connection for the client). + * Using the pipe address is adequate. + */ mxa->send_hdr.bind_ack_hdr.assoc_group_id = mxa->recv_hdr.bind_hdr.assoc_group_id; - if (mxa->send_hdr.bind_ack_hdr.assoc_group_id == 0) - mxa->send_hdr.bind_ack_hdr.assoc_group_id = time(0); + mxa->send_hdr.bind_ack_hdr.assoc_group_id = + (DWORD)(uintptr_t)mxa->pipe; - /* - * Save the maximum fragment sizes - * for use with subsequent requests. - */ - mxa->pipe->np_max_xmit_frag = - mxa->recv_hdr.bind_hdr.max_xmit_frag; - mxa->pipe->np_max_recv_frag = - mxa->recv_hdr.bind_hdr.max_recv_frag; break; case NDR_PTYPE_REQUEST: @@ -1031,7 +729,7 @@ ndr_reply_fault(ndr_xa_t *mxa, unsigned long drc) * non-standard. */ static int -ndr_build_reply(ndr_xa_t *mxa) +ndr_send_reply(ndr_xa_t *mxa) { ndr_common_header_t *hdr = &mxa->send_hdr.common_hdr; ndr_stream_t *nds = &mxa->send_nds; @@ -1041,7 +739,7 @@ ndr_build_reply(ndr_xa_t *mxa) unsigned long pdu_data_size; unsigned long frag_data_size; - frag_size = NDR_FRAG_SZ; + frag_size = mxa->pipe->np_max_recv_frag; pdu_size = nds->pdu_size; pdu_buf = nds->pdu_base_addr; @@ -1079,22 +777,14 @@ ndr_build_reply(ndr_xa_t *mxa) nds->pdu_scan_offset = 0; (void) ndr_encode_pdu_hdr(mxa); pdu_size = nds->pdu_size; - ndr_build_frag(nds, pdu_buf, pdu_size); + (void) NDR_PIPE_SEND(mxa->pipe, pdu_buf, pdu_size); return (0); } /* * Multiple fragment response. - */ - hdr->pfc_flags = NDR_PFC_FIRST_FRAG; - hdr->frag_length = frag_size; - mxa->send_hdr.response_hdr.alloc_hint = pdu_size - NDR_RSP_HDR_SIZE; - nds->pdu_scan_offset = 0; - (void) ndr_encode_pdu_hdr(mxa); - ndr_build_frag(nds, pdu_buf, frag_size); - - /* - * We need to update the 24-byte header in subsequent fragments. + * + * We need to update the RPC header for every fragment. * * pdu_data_size: total data remaining to be handled * frag_size: total fragment size including header @@ -1104,61 +794,45 @@ ndr_build_reply(ndr_xa_t *mxa) pdu_data_size = pdu_size - NDR_RSP_HDR_SIZE; frag_data_size = frag_size - NDR_RSP_HDR_SIZE; - while (pdu_data_size) { - mxa->send_hdr.response_hdr.alloc_hint -= frag_data_size; - pdu_data_size -= frag_data_size; - pdu_buf += frag_data_size; + /* + * Send the first frag. + */ + hdr->pfc_flags = NDR_PFC_FIRST_FRAG; + hdr->frag_length = frag_size; + mxa->send_hdr.response_hdr.alloc_hint = pdu_data_size; + nds->pdu_scan_offset = 0; + (void) ndr_encode_pdu_hdr(mxa); + (void) NDR_PIPE_SEND(mxa->pipe, pdu_buf, frag_size); + pdu_data_size -= frag_data_size; + pdu_buf += frag_data_size; - if (pdu_data_size <= frag_data_size) { - frag_data_size = pdu_data_size; - frag_size = frag_data_size + NDR_RSP_HDR_SIZE; - hdr->pfc_flags = NDR_PFC_LAST_FRAG; - } else { - hdr->pfc_flags = 0; - } + /* + * Send "middle" (full-sized) fragments... + */ + hdr->pfc_flags = 0; + while (pdu_data_size > frag_data_size) { hdr->frag_length = frag_size; + mxa->send_hdr.response_hdr.alloc_hint = pdu_data_size; nds->pdu_scan_offset = 0; (void) ndr_encode_pdu_hdr(mxa); bcopy(nds->pdu_base_addr, pdu_buf, NDR_RSP_HDR_SIZE); - - ndr_build_frag(nds, pdu_buf, frag_size); - - if (hdr->pfc_flags & NDR_PFC_LAST_FRAG) - break; + (void) NDR_PIPE_SEND(mxa->pipe, pdu_buf, frag_size); + pdu_data_size -= frag_data_size; + pdu_buf += frag_data_size; } - return (0); -} - -/* - * ndr_build_frag - * - * Build an RPC PDU fragment from the specified buffer. - * If malloc fails, the client will see a header/pdu inconsistency - * and report an error. - */ -static void -ndr_build_frag(ndr_stream_t *nds, uint8_t *buf, uint32_t len) -{ - ndr_frag_t *frag; - int size = sizeof (ndr_frag_t) + len; - - if ((frag = (ndr_frag_t *)malloc(size)) == NULL) - return; + /* + * Last frag (pdu_data_size <= frag_data_size) + */ + hdr->pfc_flags = NDR_PFC_LAST_FRAG; + frag_size = pdu_data_size + NDR_RSP_HDR_SIZE; + hdr->frag_length = frag_size; + mxa->send_hdr.response_hdr.alloc_hint = pdu_data_size; + nds->pdu_scan_offset = 0; + (void) ndr_encode_pdu_hdr(mxa); + bcopy(nds->pdu_base_addr, pdu_buf, NDR_RSP_HDR_SIZE); + (void) NDR_PIPE_SEND(mxa->pipe, pdu_buf, frag_size); - frag->next = NULL; - frag->buf = (uint8_t *)frag + sizeof (ndr_frag_t); - frag->len = len; - bcopy(buf, frag->buf, len); - - if (nds->frags.head == NULL) { - nds->frags.head = frag; - nds->frags.tail = frag; - nds->frags.nfrag = 1; - } else { - nds->frags.tail->next = frag; - nds->frags.tail = frag; - ++nds->frags.nfrag; - } + return (0); } diff --git a/usr/src/lib/smbsrv/libmlrpc/common/ndr_svc.c b/usr/src/lib/smbsrv/libmlrpc/common/ndr_svc.c index ce4af4c094..d5c5f95f01 100644 --- a/usr/src/lib/smbsrv/libmlrpc/common/ndr_svc.c +++ b/usr/src/lib/smbsrv/libmlrpc/common/ndr_svc.c @@ -21,6 +21,8 @@ /* * Copyright 2009 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. + * + * Copyright 2013 Nexenta Systems, Inc. All rights reserved. */ #include <uuid/uuid.h> @@ -211,7 +213,7 @@ ndr_hdalloc(const ndr_xa_t *xa, const void *data) ++id.data2; bcopy(&id, &hd->nh_id, sizeof (ndr_hdid_t)); - hd->nh_fid = xa->fid; + hd->nh_pipe = xa->pipe; hd->nh_svc = xa->binding->service; hd->nh_data = (void *)data; hd->nh_data_free = NULL; @@ -290,7 +292,7 @@ ndr_hdlookup(const ndr_xa_t *xa, const ndr_hdid_t *id) * Called when a pipe is closed to release any associated handles. */ void -ndr_hdclose(int fid) +ndr_hdclose(ndr_pipe_t *pipe) { ndr_handle_t *hd; ndr_handle_t **pphd; @@ -301,7 +303,7 @@ ndr_hdclose(int fid) while (*pphd) { hd = *pphd; - if (hd->nh_fid == fid) { + if (hd->nh_pipe == pipe) { *pphd = hd->nh_next; if (hd->nh_data_free) diff --git a/usr/src/lib/smbsrv/libmlsvc/common/lsar_svc.c b/usr/src/lib/smbsrv/libmlsvc/common/lsar_svc.c index e04ef02503..31e3175416 100644 --- a/usr/src/lib/smbsrv/libmlsvc/common/lsar_svc.c +++ b/usr/src/lib/smbsrv/libmlsvc/common/lsar_svc.c @@ -21,6 +21,7 @@ /* * Copyright (c) 2009, 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright 2013 Nexenta Systems, Inc. All rights reserved. */ /* @@ -517,7 +518,7 @@ static int lsarpc_s_GetConnectedUser(void *arg, ndr_xa_t *mxa) { struct mslsa_GetConnectedUser *param = arg; - smb_netuserinfo_t *user = &mxa->pipe->np_user; + smb_netuserinfo_t *user = mxa->pipe->np_user; DWORD status = NT_STATUS_SUCCESS; smb_domainex_t di; int rc1; diff --git a/usr/src/lib/smbsrv/libmlsvc/common/spoolss_svc.c b/usr/src/lib/smbsrv/libmlsvc/common/spoolss_svc.c index 5c1bba93cf..ba1c9caece 100644 --- a/usr/src/lib/smbsrv/libmlsvc/common/spoolss_svc.c +++ b/usr/src/lib/smbsrv/libmlsvc/common/spoolss_svc.c @@ -20,7 +20,7 @@ */ /* * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved. - * Copyright 2012 Nexenta Systems, Inc. All rights reserved. + * Copyright 2013 Nexenta Systems, Inc. All rights reserved. */ /* @@ -326,9 +326,9 @@ spoolss_s_StartDocPrinter(void *arg, ndr_xa_t *mxa) else (void) strlcpy(spfile->sd_printer_name, "printer", MAXPATHLEN); - spfile->sd_ipaddr = mxa->pipe->np_user.ui_ipaddr; + spfile->sd_ipaddr = mxa->pipe->np_user->ui_ipaddr; (void) strlcpy((char *)spfile->sd_username, - mxa->pipe->np_user.ui_account, MAXNAMELEN); + mxa->pipe->np_user->ui_account, MAXNAMELEN); (void) memcpy(&spfile->sd_handle, ¶m->handle, sizeof (ndr_hdid_t)); /* diff --git a/usr/src/lib/smbsrv/libmlsvc/common/srvsvc_svc.c b/usr/src/lib/smbsrv/libmlsvc/common/srvsvc_svc.c index 4a6dace4b4..89a395cca5 100644 --- a/usr/src/lib/smbsrv/libmlsvc/common/srvsvc_svc.c +++ b/usr/src/lib/smbsrv/libmlsvc/common/srvsvc_svc.c @@ -21,6 +21,7 @@ /* * Copyright (c) 2009, 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright 2013 Nexenta Systems, Inc. All rights reserved. */ /* @@ -2677,7 +2678,7 @@ mlsvc_NetShareEnumCommon(ndr_xa_t *mxa, smb_svcenum_t *se, static boolean_t srvsvc_add_autohome(ndr_xa_t *mxa, smb_svcenum_t *se, void *infop) { - smb_netuserinfo_t *user = &mxa->pipe->np_user; + smb_netuserinfo_t *user = mxa->pipe->np_user; char *username; smb_share_t si; DWORD status; diff --git a/usr/src/man/man1m/boot.1m b/usr/src/man/man1m/boot.1m index 07de722086..3c567f126a 100644 --- a/usr/src/man/man1m/boot.1m +++ b/usr/src/man/man1m/boot.1m @@ -5,7 +5,7 @@ .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. .\" See the License for the specific language governing permissions and limitations under the License. When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the .\" fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH BOOT 1M "Jan 14, 2015" +.TH BOOT 1M "Jun 13, 2015" .SH NAME boot \- start the system kernel or a standalone program .SH SYNOPSIS @@ -1264,15 +1264,6 @@ drive, or, if that fails, from the first hard disk. The processor then jumps to the first byte of the sector image in memory. .SH X86 PRIMARY BOOT .LP -The first sector on a floppy disk contains the master boot block (GRUB -\fBstage1\fR). The stage 1 is responsible for loading GRUB \fBstage2\fR. Now -GRUB is fully functional. It reads and executes the menu file -\fB/boot/grub/menu.lst\fR. A similar sequence occurs for DVD or CD boot, but -the master boot block location and contents are dictated by the El Torito -specification. The El Torito boot also leads to \fBstrap.com\fR, which in turn -loads \fBboot.bin\fR. -.sp -.LP The first sector on a hard disk contains the master boot block, which contains the master boot program and the \fBFDISK\fR table, named for the \fBPC\fR program that maintains it. The master boot finds the active partition in the @@ -1283,6 +1274,15 @@ sequence. If GRUB \fBstage1\fR is installed on the master boot block (see the from the Solaris partition regardless of the active partition. .sp .LP +A similar sequence occurs for DVD or CD boot, but the master boot block location +and contents are dictated by the El Torito specification. The El Torito boot +will then continue in the same way as with the hard disk. +.sp +.LP +Floppy booting is not longer supported. Booting from USB devices follows the +same procedure as with hard disks. +.sp +.LP An x86 \fBFDISK\fR partition for the Solaris software begins with a one-cylinder boot slice, which contains GRUB \fBstage1\fR in the first sector, the standard Solaris disk label and volume table of contents (VTOC) in the @@ -1479,16 +1479,6 @@ to \fB/boot/grub/menu.lst\fR, and use the \fBset-menu\fR subcommand of .SH FILES .ne 2 .na -\fB\fB/platform/\fR\fIplatform-name\fR\fB/ufsboot\fR\fR -.ad -.sp .6 -.RS 4n -Second-level program to boot from a disk, DVD, or CD -.RE - -.sp -.ne 2 -.na \fB\fB/etc/inittab\fR\fR .ad .sp .6 @@ -1529,11 +1519,16 @@ Directory containing boot-related files. .sp .ne 2 .na -\fB\fB/boot/grub/menu.lst\fR\fR +\fB\fB/rpool/boot/grub/menu.lst\fR\fR .ad .sp .6 .RS 4n Menu of bootable operating systems displayed by GRUB. +.sp +\fBNote:\fR this file is located on the root ZFS pool. While many installs +often name their root zpool 'rpool', this is not required and the +/rpool in the path above should be substituted with the name of +the root pool of your current system. .RE .sp diff --git a/usr/src/man/man1m/ipadm.1m b/usr/src/man/man1m/ipadm.1m index 01a0b428a2..1c5e8ad498 100644 --- a/usr/src/man/man1m/ipadm.1m +++ b/usr/src/man/man1m/ipadm.1m @@ -1,1254 +1,834 @@ -'\" te +.\" +.\" This file and its contents are supplied under the terms of the +.\" Common Development and Distribution License ("CDDL"), version 1.0. +.\" You may only use this file in accordance with the terms of version +.\" 1.0 of the CDDL. +.\" +.\" A full copy of the text of the CDDL should have accompanied this +.\" source. A copy of the CDDL is also available via the Internet at +.\" http://www.illumos.org/license/CDDL. +.\" +.\" .\" Copyright (c) 2012, Joyent, Inc. All Rights Reserved .\" Copyright (c) 2013 by Delphix. All rights reserved. -.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. -.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. -.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH IPADM 1M "May 14, 2012" -.SH NAME -ipadm \- configure IP network interfaces and protocol properties. -.SH SYNOPSIS -.LP -.nf -\fBipadm\fR create-if [\fB-t\fR] \fIinterface\fR -.fi - -.LP -.nf -\fBipadm\fR disable-if [\fB-t\fR] \fIinterface\fR -.fi - -.LP -.nf -\fBipadm\fR enable-if [\fB-t\fR] \fIinterface\fR -.fi - -.LP -.nf -\fBipadm\fR delete-if \fIinterface\fR -.fi - -.LP -.nf -\fBipadm\fR show-if [[\fB-p\fR] \fB-o\fR \fIfield\fR[,...]] [\fIinterface\fR] -.fi - -.LP -.nf -\fBipadm\fR set-ifprop [\fB-t\fR] \fB-p\fR \fIprop\fR=<\fIvalue\fR[,...]> \fB-m\fR \fIprotocol\fR \fIinterface\fR -.fi - -.LP -.nf -\fBipadm\fR reset-ifprop [\fB-t\fR] \fB-p\fR \fIprop\fR \fB-m\fR \fIprotocol\fR \fIinterface\fR -.fi - -.LP -.nf -\fBipadm\fR show-ifprop [[\fB-c\fR]\fB-o\fR \fIfield\fR[,...]] [\fB-p\fR \fIprop\fR,...] [\fB-m\fR \fIprotocol\fR] - [\fIinterface\fR] -.fi - -.LP -.nf -\fBipadm\fR create-addr [\fB-t\fR] \fB-T\fR static [\fB-d\fR] - \fB-a\fR {local|remote}=\fIaddr\fR[/\fIprefixlen\fR],... \fIaddrobj\fR -.fi - -.LP -.nf -\fBipadm\fR create-addr [\fB-t\fR] \fB-T\fR dhcp [\fB-w\fR \fIseconds\fR | forever ] \fIaddrobj\fR -.fi - -.LP -.nf -\fBipadm\fR create-addr [\fB-t\fR] \fB-T\fR addrconf [\fB-i\fR \fIinterface-id\fR] - [\fB-p\fR {stateful|stateless}={yes|no},..] \fIaddrobj\fR -.fi - -.LP -.nf -\fBipadm\fR down-addr [\fB-t\fR] \fIaddrobj\fR -.fi - -.LP -.nf -\fBipadm\fR up-addr [\fB-t\fR] \fIaddrobj\fR -.fi - -.LP -.nf -\fBipadm\fR disable-addr [\fB-t\fR] \fIaddrobj\fR -.fi - -.LP -.nf -\fBipadm\fR enable-addr [\fB-t\fR] \fIaddrobj\fR -.fi - -.LP -.nf -\fBipadm\fR refresh-addr [\fB-i\fR] \fIaddrobj\fR -.fi - -.LP -.nf -\fBipadm\fR delete-addr [\fB-r\fR] \fIaddrobj\fR -.fi - -.LP -.nf -\fBipadm\fR show-addr [[\fB-p\fR] \fB-o\fR \fIfield\fR[,...]] [\fIaddrobj\fR] -.fi - -.LP -.nf -\fBipadm\fR set-addrprop [\fB-t\fR] \fB-p\fR \fIprop\fR=<\fIvalue\fR[,...]> \fIaddrobj\fR -.fi - -.LP -.nf -\fBipadm\fR reset-addrprop [\fB-t\fR] \fB-p\fR \fIprop\fR=<\fIvalue\fR[,...]> \fIaddrobj\fR -.fi - -.LP -.nf -\fBipadm\fR show-addrprop [[\fB-c\fR] \fB-o\fR \fIfield\fR[,...]] [\fB-p\fR \fIprop\fR,...] [\fIaddrobj\fR] -.fi - -.LP -.nf -\fBipadm\fR set-prop [\fB-t\fR] \fB-p\fR \fIprop\fR[+|-]=<\fIvalue\fR[,...]> \fIprotocol\fR -.fi - -.LP -.nf -\fBipadm\fR reset-prop [\fB-t\fR] \fB-p\fR \fIprop\fR \fIprotocol\fR -.fi - -.LP -.nf -\fBipadm\fR show-prop [[\fB-c\fR] \fB-o\fR \fIfield\fR[,...]] [\fB-p\fR \fIprop\fR[,...]] [\fIprotocol\fR] -.fi - -.SH DESCRIPTION -.sp -.LP - -The \fBipadm\fR command is a stable replacement for the \fBifconfig\fR(1M) and -\fBndd\fR(1M) commands. It is used to create IP interfaces and to confgure IP -addresses on those interfaces. It is also used to get, set or reset properties -on interfaces, addresses and protocols. -.LP -For subcommands that take an \fIaddrobj\fR, the \fIaddrobj\fR specifies a -unique address on the system. It is made up of two parts, delimited by a '/'. +.\" Copyright 2014 Nexenta Systems, Inc. All rights reserved. +.\" +.Dd December 10, 2014 +.Dt IPADM 1M +.Os +.Sh NAME +.Nm ipadm +.Nd configure IP interfaces, addresses and protocols +.Sh SYNOPSIS +.Nm +.Ic create-if +.Op Fl t +.Ar interface +.Nm +.Ic disable-if +.Fl t +.Ar interface +.Nm +.Ic enable-if +.Fl t +.Ar interface +.Nm +.Ic delete-if +.Ar interface +.Nm +.Ic show-if +.Op Oo Fl p Oc Fl o Ar field Ns Oo , Ns Ar field Oc Ns ... +.Op Ar interface +.Nm +.Ic set-ifprop +.Op Fl t +.Fl p Ar prop Ns = Ns Ar value Ns Oo , Ns Ar value Oc Ns ... +.Fl m Ar protocol +.Ar interface +.Nm +.Ic reset-ifprop +.Op Fl t +.Fl p Ar prop +.Fl m Ar protocol +.Ar interface +.Nm +.Ic show-ifprop +.Op Oo Fl c Oc Fl o Ar field Ns Oo , Ns Ar value Oc Ns ... +.Op Fl p Ar prop Ns Oo , Ns Ar prop Oc Ns ... +.Op Fl m Ar protocol +.Op Ar interface +.Nm +.Ic create-addr +.Op Fl t +.Fl T Cm static +.Op Fl d +.Fl a Oo Cm local Ns | Ns Cm remote Ns = Oc Ns +.Ar addr Ns Oo / Ns Ar prefixlen Oc Ns ... +.Ar addrobj +.Nm +.Ic create-addr +.Op Fl t +.Fl T Cm dhcp +.Op Fl w Ar seconds Ns | Ns Cm forever +.Ar addrobj +.Nm +.Ic create-addr +.Op Fl t +.Fl T Cm addrconf +.Op Fl i Ar interface-id +.Oo Fl p Bro Cm stateful Ns | Ns Cm stateless Brc Ns = Ns +.Bro Cm yes Ns | Ns Cm no Brc Oc Ns ... +.Ar addrobj +.Nm +.Ic down-addr +.Op Fl t +.Ar addrobj +.Nm +.Ic up-addr +.Op Fl t +.Ar addrobj +.Nm +.Ic disable-addr +.Op Fl t +.Ar addrobj +.Nm +.Ic enable-addr +.Op Fl t +.Ar addrobj +.Nm +.Ic refresh-addr +.Op Fl i +.Ar addrobj +.Nm +.Ic delete-addr +.Op Fl r +.Ar addrobj +.Nm +.Ic show-addr +.Op Oo Fl p Oc Fl o Ar field Ns Oo , Ns Ar field Oc Ns ... +.Op Ar addrobj +.Nm +.Ic set-addrprop +.Op Fl t +.Fl p Ar prop Ns = Ns Ar value Ns Oo , Ns Ar value Oc Ns ... +.Ar addrobj +.Nm +.Ic reset-addrprop +.Op Fl t +.Fl p Ar prop +.Ar addrobj +.Nm +.Ic show-addrprop +.Op Oo Fl c Oc Fl o Ar field Ns Oo , Ns Ar field Oc Ns ... +.Op Fl p Ar prop Ns Oo , Ns Ar prop Oc Ns ... +.Op Ar addrobj +.Nm +.Ic set-prop +.Op Fl t +.Fl p Ar prop Ns Oo Cm + Ns | Ns Cm - Oc Ns = Ns +.Ar value Ns Oo , Ns Ar value Oc Ns ... +.Ar protocol +.Nm +.Ic reset-prop +.Op Fl t +.Fl p Ar prop +.Ar protocol +.Nm +.Ic show-prop +.Op Oo Fl c Oc Fl o Ar field Ns Oo , Ns Ar field Oc Ns ... +.Op Fl p Ar prop Ns Oo , Ns Ar prop Oc Ns ... +.Op Ar protocol +.Sh DESCRIPTION +The +.Nm +command is a stable replacement for the +.Xr ifconfig 1M +and +.Xr ndd 1M +commands. It is used to create IP interfaces and to configure IP addresses on +those interfaces. It is also used to get, set or reset properties on interfaces, +addresses and protocols. +.Pp +For subcommands that take an +.Em addrobj , +the +.Em addrobj +specifies a unique address on the system. It is made up of two parts, delimited +by a +.Sq / . The first part is the name of the interface and the second part is a string up -to 32 characters long. For example, "lo0/v4" is a loopback interface -addrobj name. -.LP -For subcommands that take a \fIprotocol\fR, this can be one of -the following values: ip, ipv4, ipv6, icmp, tcp, sctp or udp. - -.SH SUBCOMMANDS -.sp -.LP +to 32 characters long. For example, +.Qq lo0/v4 +is a loopback interface +.Em addrobj +name. +.Pp +For subcommands that take a +.Em protocol , +this can be one of the following values: +.Cm ip , +.Cm ipv4 , +.Cm ipv6 , +.Cm icmp , +.Cm tcp , +.Cm sctp +or +.Cm udp. +.Sh SUBCOMMANDS The following subcommands are supported: -.sp -.ne 2 -.na -\fB\fBcreate-if\fR [\fB-t\fR] \fIinterface\fR\fR -.ad -.sp .6 -.RS 4n -The \fBcreate-if\fR subcommand is used to create an IP interface that will -handle both IPv4 and IPv6 packets. The interface will be enabled as part of -the creation process. The IPv4 interface will have the address 0.0.0.0. -The IPv6 interface will have the adress ::. -.sp -The \fB-t\fR option (also \fB--temporary\fR) means -that the creation is temporary and will not be persistent across reboots. -.sp - -.RE - -.sp -.ne 2 -.na -\fB\fBdisable-if\fR [\fB-t\fR] \fIinterface\fR\fR -.ad -.sp .6 -.RS 4n -The \fBdisable-if\fR subcommand is used to disable an IP interface. -.sp -The \fB-t\fR option (also \fB--temporary\fR) means -that the disable is temporary and will not be persistent across reboots. -.sp - -.RE - -.sp -.ne 2 -.na -\fB\fBenable-if\fR [\fB-t\fR] \fIinterface\fR\fR -.ad -.sp .6 -.RS 4n -The \fBenable-if\fR subcommand is used to enable an IP interface. -.sp -The \fB-t\fR option (also \fB--temporary\fR) means -that the enable is temporary and will not be persistent across reboots. -.sp - -.RE - -.sp -.ne 2 -.na -\fB\fbdelete-if\fR \fIinterface\fR\fR -.ad -.sp .6 -.RS 4n -The \fBdelete-if\fR subcommand is used to permanently delete an IP interface. -.sp - -.RE - -.sp -.ne 2 -.na -\fB\fBshow-if\fR [[\fB-p\fR] \fB-o\fR \fIfield\fR[,...]] [\fIinterface\fR]\fR -.ad -.sp .6 -.RS 4n -The \fBshow-if\fR subcommand is used to show the current IP interface -configuration. -.sp -The \fB-p\fR option (also \fB--parsable\fR) prints -the output in a parsable format. -.sp -The \fB-o\fR option (also \fB--output\fR) is used -to select which fields will be shown. The field value can be one of the -following names: -.sp -.ne 2 -.na -.RS 4n -\fBALL\fR -.ad -.RS 4n -Display all fields -.RE - -.sp -.ne 2 -.na -\fBIFNAME\fR -.ad -.RS 4n -The name of the interface -.RE - -.sp -.ne 2 -.na -\fBSTATE\fR -.ad -.RS 4n +.Bl -tag -width "" +.It Xo +.Nm +.Ic create-if +.Op Fl t +.Ar interface +.Xc +Create an IP interface that will handle both IPv4 and IPv6 packets. The +interface will be enabled as part of the creation process. The IPv4 interface +will have the address 0.0.0.0. The IPv6 interface will have the adress ::. +.Bl -tag -width "" +.It Fl t Ns , Ns Fl -temporary +Temporary, not persistent across reboots. +.El +.It Xo +.Nm +.Ic disable-if +.Fl t +.Ar interface +.Xc +Disable an IP interface. +.Bl -tag -width "" +.It Fl t Ns , Ns Fl -temporary +Temporary, not persistent across reboots. +.El +.It Xo +.Nm +.Ic enable-if +.Fl t +.Ar interface +.Xc +Enable an IP interface. +.Bl -tag -width "" +.It Fl t Ns , Ns Fl -temporary +Temporary, not persistent across reboots. +.El +.It Xo +.Nm +.Ic delete-if +.Ar interface +.Xc +Permanently delete an IP interface. +.It Xo +.Nm +.Ic show-if +.Op Oo Fl p Oc Fl o Ar field Ns Oo , Ns Ar field Oc Ns ... +.Op Ar interface +.Xc +Show the current IP interface configuration. +.Bl -tag -width "" +.It Fl o Ns , Ns Fl -output +Select which fields will be shown. The field value can be one of the following +names: +.Bl -tag -compact -width "PERSISTENT" +.It Cm ALL +Display all fields. +.It Cm IFNAME +The name of the interface. +.It Cm STATE The state can be one of the following values: -.sp -.ne 2 -.na -.RS 4n -ok - resources for the interface have been allocated -.sp -offline - the interface is offline -.sp -failed - the interface's datalink is down -.sp -down - the interface is down -.sp -disabled - the interface is disabled -.RE -.RE - -.sp -.ne 2 -.na -\fBCURRENT\fR -.ad -.RS 4n +.Bl -tag -compact -width "disabled" +.It Sy ok +resources for the interface have been allocated +.It Sy offline +the interface is offline +.It Sy failed +the interface's datalink is down +.It Sy down +the interface is down +.It Sy disabled +the interface is disabled +.El +.It Cm CURRENT A set of single character flags indicating the following: -.sp -.ne 2 -.na -.RS 4n -b - broadcast (mutually exclusive with 'p') -.br -m - multicast -.br -p - point-to-point (mutually exclusive with 'b') -.br -v - virtual interface -.br -I - IPMP -.br -s - IPMP standby -.br -i - IPMP inactive -.br -V - VRRP -.br -a - VRRP accept mode -.br -4 - IPv4 -.br -6 - IPv6 -.RE -.RE - -.sp -.ne 2 -.na -\fBPERSISTENT\fR -.ad -.RS 4n +.Bl -tag -compact -width "b" +.It Sy b +broadcast (mutually exclusive with +.Sq p ) +.It Sy m +multicast +.It Sy p +point-to-point (mutually exclusive with +.Sq b ) +.It Sy v +virtual interface +.It Sy I +IPMP +.It Sy s +IPMP standby +.It Sy i +IPMP inactive +.It Sy V +VRRP +.It Sy a +VRRP accept mode +.It Sy 4 +IPv4 +.It Sy 6 +IPv6 +.El +.It Cm PERSISTENT A set of single character flags showing what configuration will be used the next time the interface is enabled: -.sp -.ne 2 -.na -.RS 4n -s - IPMP standby -.br -4 - IPv4 -.br -6 - IPv6 -.RE -.RE -.RE - -.RE - -.sp -.ne 2 -.na -\fB\fBset-ifprop\fR [\fB-t\fR] \fB-p\fR \fIprop\fR=<\fIvalue\fR[,...]> \fB-m\fR \fIprotocol\fR \fIinterface\fR\fR -.ad -.sp .6 -.RS 4n -The \fBset-ifprop\fR subcommand is used to set a property's value(s) on the IP -interface. -.sp -The \fB-t\fR option (also \fB--temporary\fR) means -that the setting is temporary and will not be persistent across reboots. -.sp -The \fB-p\fR option (also \fB--prop\fR) specifies the property name and -value(s). The property name can be one of the following: -.sp -.ne 2 -.na - -.RS 4n - -\fBarp\fR -.ad -.RS 4n -Enables ("on") or disables ("off") ARP. -.RE - -.sp -.ne 2 -.na -\fBexchange_routes\fR -.ad -.RS 4n -Enables ("on") or disables ("off") the exchange of routing data. -.RE - -.sp -.ne 2 -.na -\fBforwarding\fR -.ad -.RS 4n -Enables ("on") or disables ("off") IP forwarding. -.RE - -.sp -.ne 2 -.na -\fBmetric\fR -.ad -.RS 4n +.Bl -tag -compact -width "s" +.It Sy s +IPMP standby +.It Sy 4 +IPv4 +.It Sy 6 +IPv6 +.El +.El +.It Fl p Ns , Ns Fl -parsable +Print the output in a parsable format. +.El +.It Xo +.Nm +.Ic set-ifprop +.Op Fl t +.Fl p Ar prop Ns = Ns Ar value Ns Oo , Ns Ar value Oc Ns ... +.Fl m Ar protocol +.Ar interface +.Xc +Set a property's value(s) on the IP interface. +.Bl -tag -width "" +.It Fl m Ns , Ns Fl -module +Specify which protocol the setting applies to. +.It Fl p Ns , Ns Fl -prop +Specify the property name and value(s). The property name can be one of the +following: +.Bl -tag -compact -width "exchange_routes" +.It Cm arp +Address resolution protocol +.Pq Cm on Ns / Ns Cm off . +.It Cm exchange_routes +Exchange of routing data +.Pq Cm on Ns / Ns Cm off . +.It Cm forwarding +IP Forwarding +.Pq Cm on Ns / Ns Cm off +.It Cm metric Set the routing metric to the numeric value. The value is treated as extra hops to the destination. -.RE - -.sp -.ne 2 -.na -\fBmtu\fR -.ad -.RS 4n +.It Cm mtu Set the maximum transmission unit to the numeric value. -.RE - -.sp -.ne 2 -.na -\fBnud\fR -.ad -.RS 4n -Enables ("on") or disables ("off") neighbor unreachability detection. -.RE - -.sp -.ne 2 -.na -\fBusesrc\fR -.ad -.RS 4n +.It Cm nud +Neighbor unreachability detection +.Pq Cm on Ns / Ns Cm off +.It Cm usesrc Indicates which interface to use for source address selection. A value -"none" may also be used. -.RE -.RE - -.sp -The \fB-m\fR option (also \fB--module\fR) specifies which protocol -the setting applies to. -.sp - -.RE - -.sp -.ne 2 -.na -\fB\fBreset-ifprop\fR [\fB-t\fR] \fB-p\fR \fIprop\fR \fB-m\fR \fIprotocol\fR \fIinterface\fR\fR -.ad -.sp .6 -.RS 4n -The \fBreset-ifprop\fR subcommand is used to reset an IP interface's property -value to the default. -.sp -The \fB-t\fR option (also \fB--temporary\fR) means -that the disable is temporary and will not be persistent across reboots. -.sp -The \fB-p\fR option (also \fB--prop\fR) specifies the property name. -See the \fBset-ifprop\fR subcommand for the list of property names. -.sp -The \fB-m\fR option (also \fB--module\fR) specifies which protocol -the setting applies to. -.sp - -.RE - -.sp -.ne 2 -.na -\fB\fBshow-ifprop\fR [[\fB-c\fR]\fB-o\fR \fIfield\fR[,...]] [\fB-p\fR \fIprop\fR,...] [\fB-m\fR \fIprotocol\fR] - [\fIinterface\fR]\fR -.ad -.sp .6 -.RS 4n -The \fBshow-ifprop\fR subcommand is used to display the property values -for one or all of the IP interfaces. -.sp -The \fB-c\fR option (also \fB--parsable\fR) prints -the output in a parsable format. -.sp -The \fB-o\fR option (also \fB--output\fR) is used -to select which fields will be shown. The field value can be one of the -following names: -.sp -.ne 2 -.na -.RS 4n -\fBALL\fR -.ad -.RS 4n -Display all fields -.RE - -.sp -.ne 2 -.na -\fBIFNAME\fR -.ad -.RS 4n -The name of the interface -.RE - -.sp -.ne 2 -.na -\fBPROPERTY\fR -.ad -.RS 4n -The name of the property -.RE - -.sp -.ne 2 -.na -\fBPROTO\fR -.ad -.RS 4n -The name of the protocol -.RE - -.sp -.ne 2 -.na -\fBPERM\fR -.ad -.RS 4n -If the property is readable ("r") and/or writable ("w"). -.RE - -.sp -.ne 2 -.na -\fBCURRENT\fR -.ad -.RS 4n -The value of the property -.RE - -.sp -.ne 2 -.na -\fBPERSISTENT\fR -.ad -.RS 4n -The persistent value of the property -.RE - -.sp -.ne 2 -.na -\fBDEFAULT\fR -.ad -.RS 4n -The default value of the property -.RE - -.sp -.ne 2 -.na -\fBPOSSIBLE\fR -.ad -.RS 4n -The possible values for the property -.RE -.RE - -.sp -The \fB-p\fR option (also \fB--prop\fR) is used -to specify which properties to display. See the \fBset-ifprop\fR +.Cm none +may also be used. +.El +.It Fl t Ns , Ns Fl -temporary +Temporary, not persistent across reboots. +.El +.It Xo +.Nm +.Ic reset-ifprop +.Op Fl t +.Fl p Ar prop +.Fl m Ar protocol +.Ar interface +.Xc +Reset an IP interface's property value to the default. +.Bl -tag -width "" +.It Fl m Ns , Ns Fl -module +Specify which protocol the setting applies to. +.It Fl p Ns , Ns Fl -prop +Specify the property name. See the +.Nm ipadm Ic set-ifprop +subcommand for the list of property names. +.It Fl t Ns , Ns Fl -temporary +Temporary, not persistent across reboots. +.El +.It Xo +.Nm +.Ic show-ifprop +.Op Oo Fl c Oc Fl o Ar field Ns Oo , Ns Ar value Oc Ns ... +.Op Fl p Ar prop Ns Oo , Ns Ar prop Oc Ns ... +.Op Fl m Ar protocol +.Op Ar interface +.Xc +Display the property values for one or all of the IP interfaces. +.Bl -tag -width "" +.It Fl c Ns , Ns Fl -parsable +Print the output in a parsable format. +.It Fl m Ns , Ns Fl -module +Specify which protocol to display. +.It Fl o Ns , Ns Fl -output +Select which fields will be shown. The field value can be one of the following +names: +.Bl -tag -compact -width "PERSISTENT" +.It Cm ALL +Display all fields. +.It Cm IFNAME +The name of the interface. +.It Cm PROPERTY +The name of the property. +.It Cm PROTO +The name of the protocol. +.It Cm PERM +If the property is readable +.Pq Qq r +and/or writable +.Pq Qq w . +.It Cm CURRENT +The value of the property. +.It Cm PERSISTENT +The persistent value of the property. +.It Cm DEFAULT +The default value of the property. +.It Cm POSSIBLE +The possible values for the property. +.El +.It Fl p Ns , Ns Fl -prop +Specify which properties to display. See the +.Nm ipadm Ic set-ifprop subcommand for the list of property names. -.sp -The \fB-m\fR option (also \fB--module\fR) specifies which protocol -to display. -.sp - -.RE - -.sp -.ne 2 -.na -\fB\fBcreate-addr\fR [\fB-t\fR] \fB-T\fR static [\fB-d\fR] \\ - \fB-a\fR {local|remote}=\fIaddr\fR[/\fIprefixlen\fR],... \fIaddrobj\fR\fR +.El +.It Xo +.Nm +.Ic create-addr +.Op Fl t +.Fl T Cm static +.Op Fl d +.Fl a Oo Cm local Ns | Ns Cm remote Ns = Oc Ns +.Ar addr Ns Oo / Ns Ar prefixlen Oc Ns ... +.Ar addrobj .br -\fB\fBcreate-addr\fR [\fB-t\fR] \fB-T\fR dhcp [\fB-w\fR \fIseconds\fR | forever ] \fIaddrobj\fR\fR +.Nm +.Ic create-addr +.Op Fl t +.Fl T Cm dhcp +.Op Fl w Ar seconds Ns | Ns Cm forever +.Ar addrobj .br -\fB\fBcreate-addr\fR [\fB-t\fR] \fB-T\fR addrconf [\fB-i\fR \fIinterface-id\fR] \\ - [\fB-p\fR {stateful|stateless}={yes|no},..] \fIaddrobj\fR\fR -.ad -.sp .6 -.RS 4n -The \fBcreate-addr\fR subcommand is used to set an address on an IP interface. -The address will be enabled but can disabled using the \fBdisable-addr\fR +.Nm +.Ic create-addr +.Op Fl t +.Fl T Cm addrconf +.Op Fl i Ar interface-id +.Oo Fl p Bro Cm stateful Ns | Ns Cm stateless Brc Ns = Ns +.Bro Cm yes Ns | Ns Cm no Brc Oc Ns ... +.Ar addrobj +.Xc +Create an address on an IP interface. The address will be enabled but can +disabled using the +.Nm ipadm Ic disable-addr subcommand. This subcommand has three different forms, depending on the -value of the \fB-T\fR option. -.sp -The \fB-t\fR option (also \fB--temporary\fR) means -that the address is temporary and will not be persistent across reboots. -.sp -The \fB-T\fR static option creates a static addrobj. This takes the following -options: -.RS 4n - -The \fB-d\fR option (also \fB--down\fR) means the address is down. -.sp -The \fB-a\fR option (also \fB--address\fR) specifies the address. -The "local" or "remote" prefix can be used for a point-to-point interface. -In this case, both addresses must be given. -Otherwise, the equal sign ("=") should be omitted and the address should be -provided by itself and with no second address. -.sp - -.RE - -The \fB-T\fR dhcp option causes the address to be obtained via DHCP. -This takes the following options: -.RS 4n - -The \fB-w\fR option (also \fB--wait\fR) gives the time, in seconds, -that the command should wait to obtain an address. -.sp - -.RE - -The \fB-T\fR addrconf option creates an auto-configured address. -This takes the following options: -.RS 4n - -The \fB-i\fR option (also \fB--interface-id\fR) gives the interface ID to -be used. -.sp -The \fB-p\fR option (also \fB--prop\fR) indicates which method of -auto-configuration should be used. -.sp - -.RE -.RE - -.sp -.ne 2 -.na -\fB\fBdown-addr\fR [\fB-t\fR] \fIaddrobj\fR\fR -.ad -.sp .6 -.RS 4n -The \fBdown-addr\fR subcommand is used to down the address. This will -stop packets from being sent or received. -.sp -The \fB-t\fR option (also \fB--temporary\fR) means -that the down is temporary and will not be persistent across reboots. -.sp - -.RE - -.sp -.ne 2 -.na -\fB\fBup-addr\fR [\fB-t\fR] \fIaddrobj\fR\fR -.ad -.sp .6 -.RS 4n -The \fBup-addr\fR subcommand is used to up the address. This will -enable packets to be sent and received. -.sp -The \fB-t\fR option (also \fB--temporary\fR) means -that the up is temporary and will not be persistent across reboots. -.sp - -.RE - -.sp -.ne 2 -.na -\fB\fBdisable-addr\fR [\fB-t\fR] \fIaddrobj\fR\fR -.ad -.sp .6 -.RS 4n -The \fBdisable-addr\fR subcommand is used to disable the address. -.sp -The \fB-t\fR option (also \fB--temporary\fR) means -that the disable is temporary and will not be persistent across reboots. -.sp - -.RE - -.sp -.ne 2 -.na -\fB\fBenable-addr\fR [\fB-t\fR] \fIaddrobj\fR\fR -.ad -.sp .6 -.RS 4n -The \fBenable-addr\fR subcommand is used to enable the address. -.sp -The \fB-t\fR option (also \fB--temporary\fR) means -that the enable is temporary and will not be persistent across reboots. -.sp - -.RE - -.sp -.ne 2 -.na -\fB\fBrefresh-addr\fR [\fB-i\fR] \fIaddrobj\fR\fR -.ad -.sp .6 -.RS 4n -The \fBrefresh-addr\fR subcommand is used to extend the lease for DHCP -addresses. It also restarts duplicate address detection for Static addresses. -.sp -The \fB-i\fR option (also \fB--inform\fR) means -that the network configuration will be obtained from DHCP without taking -a lease on the address. -.sp - -.RE - -.sp -.ne 2 -.na -\fB\fBdelete-addr\fR [\fB-r\fR] \fIaddrobj\fR\fR -.ad -.sp .6 -.RS 4n -The \fBdelete-addr\fR subcommand deletes the given address. -.sp -The \fB-r\fR option (also \fB--release\fR) is used for DHCP-assigned -addresses to indicate that the address should be released. -.sp - -.RE - -.sp -.ne 2 -.na -\fB\fBshow-addr\fR [[\fB-p\fR] \fB-o\fR \fIfield\fR[,...]] [\fIaddrobj\fR]\fR -.ad -.sp .6 -.RS 4n -The \fBshow-addr\fR subcommand is used to show the current address properties. -.sp -The \fB-p\fR option (also \fB--parsable\fR) prints -the output in a parsable format. -.sp -The \fB-o\fR option (also \fB--output\fR) is used -to select which fields will be shown. The field value can be one of the -following names: -.sp -.ne 2 -.na -.RS 4n -\fBALL\fR -.ad -.RS 4n -Display all fields -.RE - -.sp -.ne 2 -.na -\fBADDROBJ\fR -.ad -.RS 4n -The name of the address -.RE - -.sp -.ne 2 -.na -\fBTYPE\fR -.ad -.RS 4n -The type of the address. It can be "static", "dhcp" or "addrconf". -.RE - -.sp -.ne 2 -.na -\fBSTATE\fR -.ad -.RS 4n -The state of the address. It can be one of the following values: -.sp -.ne 2 -.na -.RS 4n -disabled s see the \fBdisable-addr\fR subcommand -.sp -down - see the \fBdown-addr\fR subcommand -.sp -duplicate - the address is a duplicate -.sp -inaccessible - the interface for this address has failed -.sp -ok - the address is up -.sp -tentative - duplicate address detection in progress -.RE -.RE - -.sp -.ne 2 -.na -\fBCURRENT\fR -.ad -.RS 4n +value of the +.Fl T +option. +.Bl -tag -width "" +.It Fl T Cm static +Create a static addrobj. Note that +.Cm addrconf +address configured on an interface is required to configure +.Cm static +IPv6 address on the same interface. This takes the following options: +.Bl -tag -width "" +.It Fl a Ns , Ns Fl -address +Specify the address. The +.Cm local +or +.Cm remote +prefix can be used for a point-to-point interface. In this case, both addresses +must be given. Otherwise, the equal sign +.Pq Qq = +should be omitted and the address should be provided by itself without second +address. +.It Fl d Ns , Ns Fl -down +The address is down. +.El +.It Fl T Cm dhcp +Obtain the address via DHCP. This takes the following options: +.Bl -tag -width "" +.It Fl w Ns , Ns Fl -wait +Specify the time, in seconds, that the command should wait to obtain an address. +.El +.It Fl T Cm addrconf +Create an auto-configured address. This takes the following options: +.Bl -tag -width "" +.It Fl i Ns , Ns Fl -interface-id +Specify the interface ID to be used. +.It Fl p Ns , Ns Fl -prop +Specify which method of auto-configuration should be used. +.El +.It Fl t Ns , Ns Fl -temporary +Temporary, not persistent across reboots. +.El +.It Xo +.Nm +.Ic down-addr +.Op Fl t +.Ar addrobj +.Xc +Down the address. This will stop packets from being sent or received. +.Bl -tag -width "" +.It Fl t Ns , Ns Fl -temporary +Temporary, not persistent across reboots. +.El +.It Xo +.Nm +.Ic up-addr +.Op Fl t +.Ar addrobj +.Xc +Up the address. This will enable packets to be sent and received. +.Bl -tag -width "" +.It Fl t Ns , Ns Fl -temporary +Temporary, not persistent across reboots. +.El +.It Xo +.Nm +.Ic disable-addr +.Op Fl t +.Ar addrobj +.Xc +Disable the address. +.Bl -tag -width "" +.It Fl t Ns , Ns Fl -temporary +Temporary, not persistent across reboots. +.El +.It Xo +.Nm +.Ic enable-addr +.Op Fl t +.Ar addrobj +.Xc +Enable the address. +.Bl -tag -width "" +.It Fl t Ns , Ns Fl -temporary +Temporary, not persistent across reboots. +.El +.It Xo +.Nm +.Ic refresh-addr +.Op Fl i +.Ar addrobj +.Xc +Extend the lease for +.Sy DHCP +addresses. It also restarts duplicate address +detection for +.Cm static +addresses. +.Bl -tag -width "" +.It Fl i Ns , Ns Fl -inform +Obtain network configuration from DHCP without taking a lease on the address. +.El +.It Xo +.Nm +.Ic delete-addr +.Op Fl r +.Ar addrobj +.Xc +Delete the given address. +.Bl -tag -width "" +.It Fl r Ns , Ns Fl -release +Indicate that the DHCP-assigned address should be released. +.El +.It Xo +.Nm +.Ic show-addr +.Op Oo Fl p Oc Fl o Ar field Ns Oo , Ns Ar field Oc Ns ... +.Op Ar addrobj +.Xc +Show the current address properties. +.Bl -tag -width "" +.It Fl o Ns , Ns Fl -output +Select which fields will be shown. The field value can be one of the following +names: +.Bl -tag -compact -width "PERSISTENT" +.It Cm ALL +Display all fields. +.It Cm ADDROBJ +The name of the address. +.It Cm TYPE +The type of the address +.Pq Sy static Ns / Ns Sy dhcp Ns / Ns Sy addrconf . +.It Cm STATE +The state of the address. It can be one of the following values: +.Bl -tag -compact -width "inaccessible" +.It Sy disabled +see the +.Nm ipadm Ic disable-addr +subcommand +.It Sy down +see the +.Nm ipadm Ic down-addr +subcommand +.It Sy duplicate +the address is a duplicate +.It Sy inaccessible +the interface for this address has failed +.It Sy ok +the address is up +.It Sy tentative +duplicate address detection in progress +.El +.It Cm CURRENT A set of single character flags indicating the following: -.sp -.ne 2 -.na -.RS 4n -U - up -.br -u - unnumbered (matches another local address) -.br -p - private, not advertised to routing -.br -t - temporary IPv6 address -.br -d - deprecated (not used for outgoing packets) -.RE -.RE - -.sp -.ne 2 -.na -\fBPERSISTENT\fR -.ad -.RS 4n +.Bl -tag -compact -width "U" +.It Sy U +up +.It Sy u +unnumbered +.Pq matches another local address +.It Sy p +private, not advertised to routing +.It Sy t +temporary IPv6 address +.It Sy d +deprecated +.Pq not used for outgoing packets +.El +.It Cm PERSISTENT A set of single character flags showing the configuration which will be used when the address is enabled. -.sp -.ne 2 -.na -.RS 4n -U - up -.br -p - private, not advertised to routing -.br -d - deprecated (not used for outgoing packets) -.RE -.RE - -.sp -.ne 2 -.na -\fBADDR\fR -.ad -.RS 4n -The address -.RE -.RE - -.RE - -.sp -.ne 2 -.na -\fB\fBset-addrprop\fR [\fB-t\fR] \fB-p\fR \fIprop\fR=<\fIvalue\fR[,...]> \fIaddrobj\fR -.ad -.sp .6 -.RS 4n -The \fBset-addrprop\fR subcommand is used to set a property's value(s) on the -addrobj. -.sp -The \fB-t\fR option (also \fB--temporary\fR) means -that the setting is temporary and will not be persistent across reboots. -.sp -The \fB-p\fR option (also \fB--prop\fR) specifies the property name and -value(s). The property name can be one of the following: -.sp -.ne 2 -.na - -.RS 4n - -\fBbroadcast\fR -.ad -.RS 4n -The broadcast address (read-only) -.RE - -.sp -.ne 2 -.na -\fBdeprecated\fR -.ad -.RS 4n -The address should not be used to send packets but can still receive packets. -Can be "on" or "off". -.RE - -.sp -.ne 2 -.na -\fBprefixlen\fR -.ad -.RS 4n +.Bl -tag -compact -width "U" +.It Sy U +up +.It Sy p +private, not advertised to routing +.It Sy d +deprecated +.Pq not used for outgoing packets +.El +.It Cm ADDR +The address. +.El +.It Fl p Ns , Ns Fl -parsable +Print the output in a parsable format. +.El +.It Xo +.Nm +.Ic set-addrprop +.Op Fl t +.Fl p Ar prop Ns = Ns Ar value Ns Oo , Ns Ar value Oc Ns ... +.Ar addrobj +.Xc +Set a property's value(s) on the addrobj. +.Bl -tag -width "" +.It Fl p Ns , Ns Fl -prop +Specify the property name and value(s). The property name can be one of the +following: +.Bl -tag -compact -width "deprecated" +.It Cm broadcast +The broadcast address (read-only). +.It Cm deprecated +The address should not be used to send packets but can still receive packets +.Pq Cm on Ns / Ns Cm off . +.It Cm prefixlen The number of bits in the IPv4 netmask or IPv6 prefix. -.RE - -.sp -.ne 2 -.na -\fBprivate\fR -.ad -.RS 4n -The address is not advertised to routing. -Can be "on" or "off". -.RE - -.sp -.ne 2 -.na -\fBtransmit\fR -.ad -.RS 4n -Packets can be transmitted. -Can be "on" or "off". -.RE - -.sp -.ne 2 -.na -\fBzone\fR -.ad -.RS 4n +.It Cm private +The address is not advertised to routing +.Pq Cm on Ns / Ns Cm off . +.It Cm transmit +Packets can be transmitted +.Pq Cm on Ns / Ns Cm off . +.It Cm zone The zone the addrobj is in. -.RE - -.RE -.RE - -.sp -.ne 2 -.na -\fB\fBreset-addrprop\fR [\fB-t\fR] \fB-p\fR \fIprop\fR \fIaddrobj\fR\fR -.ad -.sp .6 -.RS 4n -The \fBreset-addrprop\fR subcommand is used to reset an addrobj's property -value to the default. -.sp -The \fB-t\fR option (also \fB--temporary\fR) means -that the disable is temporary and will not be persistent across reboots. -.sp -The \fB-p\fR option (also \fB--prop\fR) specifies the property name. -See the \fBset-addrprop\fR subcommand for the list of property names. -.sp - -.RE - -.sp -.ne 2 -.na -\fB\fBshow-addrprop\fR [[\fB-c\fR]\fB-o\fR \fIfield\fR[,...]] [\fB-p\fR \fIprop\fR,...] \fIaddrobj\fR] -.ad -.sp .6 -.RS 4n -The \fBshow-addrprop\fR subcommand is used to display the property values -for one or all of the addrobjs. -.sp -The \fB-c\fR option (also \fB--parsable\fR) prints -the output in a parsable format. -.sp -The \fB-o\fR option (also \fB--output\fR) is used -to select which fields will be shown. The field value can be one of the -following names: -.sp -.ne 2 -.na -.RS 4n -\fBALL\fR -.ad -.RS 4n -Display all fields -.RE - -.sp -.ne 2 -.na -\fBADDROBJ\fR -.ad -.RS 4n -The name of the addrobj -.RE - -.sp -.ne 2 -.na -\fBPROPERTY\fR -.ad -.RS 4n -The name of the property -.RE - -.sp -.ne 2 -.na -\fBPERM\fR -.ad -.RS 4n -If the property is readable ("r") and/or writable ("w"). -.RE - -.sp -.ne 2 -.na -\fBCURRENT\fR -.ad -.RS 4n -The value of the property -.RE - -.sp -.ne 2 -.na -\fBPERSISTENT\fR -.ad -.RS 4n -The persistent value of the property -.RE - -.sp -.ne 2 -.na -\fBDEFAULT\fR -.ad -.RS 4n -The default value of the property -.RE - -.sp -.ne 2 -.na -\fBPOSSIBLE\fR -.ad -.RS 4n -The possible values for the property -.RE -.RE - -.sp -The \fB-p\fR option (also \fB--prop\fR) is used -to specify which properties to display. See the \fBset-addrprop\fR +.El +.It Fl t Ns , Ns Fl -temporary +Temporary, not persistent across reboots. +.El +.It Xo +.Nm +.Ic reset-addrprop +.Op Fl t +.Fl p Ar prop +.Ar addrobj +.Xc +Reset an addrobj's property value to the default. +.Bl -tag -width "" +.It Fl p Ns , Ns Fl -prop +Specify the property name. See the +.Nm ipadm Ic set-addrprop subcommand for the list of property names. -.sp - -.RE - -.sp -.ne 2 -.na -\fB\fBset-prop\fR [\fB-t\fR] \fB-p\fR \fIprop\fR[+|-]=<\fIvalue\fR[,...]> \fIprotocol\fR -.ad -.sp .6 -.RS 4n -The \fBset-prop\fR subcommand is used to set a property's value(s) on the -protocol. -.sp -The \fB-t\fR option (also \fB--temporary\fR) means -that the setting is temporary and will not be persistent across reboots. -.sp -The \fB-p\fR option (also \fB--prop\fR) specifies the property name and -value(s). The optional [+|-] syntax can be used to add/remove values from the -current list of values on the property. -The property name can be one of the following: -.sp -.ne 2 -.na - -.RS 4n - -\fBecn\fR -.ad -.RS 4n -Explicit congestion control (TCP-only) -Can be "never", "passive" or "active". -.RE - -\fBextra_priv_ports\fR -.ad -.RS 4n -Additional privileged ports (SCTP, TCP or UDP) -.RE - -\fBforwarding\fR -.ad -.RS 4n -Packet forwarding is enabled. -Can be "on" or "off". -.RE - -\fBhoplimit\fR -.ad -.RS 4n +.It Fl t Ns , Ns Fl -temporary +Temporary, not persistent across reboots. +.El +.It Xo +.Nm +.Ic show-addrprop +.Op Oo Fl c Oc Fl o Ar field Ns Oo , Ns Ar field Oc Ns ... +.Op Fl p Ar prop Ns Oo , Ns Ar prop Oc Ns ... +.Op Ar addrobj +.Xc +Display the property values for one or all of the addrobjs. +.Bl -tag -width "" +.It Fl c Ns , Ns Fl -parsable +Print the output in a parsable format. +.It Fl o Ns , Ns Fl -output +Select which fields will be shown. The field value can be one of the following +names: +.Bl -tag -compact -width "PERSISTENT" +.It Cm ALL +Display all fields. +.It Cm ADDROBJ +The name of the addrobj. +.It Cm PROPERTY +The name of the property. +.It Cm PERM +If the property is readable +.Pq Qq r +and/or writable +.Pq Qq w . +.It Cm CURRENT +The value of the property. +.It Cm PERSISTENT +The persistent value of the property. +.It Cm DEFAULT +The default value of the property. +.It Cm POSSIBLE +The possible values for the property. +.El +.It Fl p Ns , Ns Fl -prop +Specify which properties to display. See the +.Nm ipadm Ic set-addrprop +subcommand for the list of property names. +.El +.It Xo +.Ic set-prop +.Op Fl t +.Fl p Ar prop Ns Oo Cm + Ns | Ns Cm - Oc Ns = Ns +.Ar value Ns Oo , Ns Ar value Oc Ns ... +.Ar protocol +.Xc +Set a property's value(s) on the protocol. +.Bl -tag -width "" +.It Fl p Ns , Ns Fl -prop +Specify the property name and value(s). The optional +.Sy + Ns | Ns Sy - +syntax can be used to add/remove values from the current list of values on the +property. The property name can be one of the following: +.Bl -tag -compact -width "smallest_nonpriv_port" +.It Cm ecn +Explicit congestion control +.Pq Cm never Ns / Ns Cm passive Ns / Ns Cm active +.Pq TCP . +.It Cm extra_priv_ports +Additional privileged ports +.Pq SCTP/TCP/UDP . +.It Cm forwarding +Packet forwarding +.Pq Cm on Ns / Ns Cm off . +.It Cm hoplimit The IPv6 hoplimit. -.RE - -\fBlargest_anon_port\fR -.ad -.RS 4n -Largest ephemeral port (SCTP, TCP or UDP) -.RE - -\fBmax_buf\fR -.ad -.RS 4n -Maximum receive or send buffer size (ICMP, SCTP, TCP, or UDP). This also -sets the upper limit for the \fBrecv_buf\fB and \fBsend_buf\fB properties. -.RE - -\fBrecv_buf\fR -.ad -.RS 4n -Default receive buffer size (ICMP, SCTP, TCP, or UDP). The maximum value for -this property is controlled by the \fBmax_buf\fR property. -.RE - -\fBsack\fR -.ad -.RS 4n -Selective acknowledgement (TCP). -Can be "active", "passive" or "never". -.RE - -\fBsend_buf\fR -.ad -.RS 4n -Default send buffer size (ICMP, SCTP, TCP, or UDP). The maximum value for -this property is controlled by the \fBmax_buf\fR property. -.RE - -\fBsmallest_anon_port\fR -.ad -.RS 4n -Smallest ephemeral port (SCTP, TCP or UDP) -.RE - -\fBsmallest_nonpriv_port\fR -.ad -.RS 4n -Smallest non-privileged port (SCTP, TCP or UDP) -.RE - -\fBttl\fR -.ad -.RS 4n +.It Cm largest_anon_port +Largest ephemeral port +.Pq SCTP/TCP/UDP . +.It Cm max_buf +Maximum receive or send buffer size +.Pq ICMP/SCTP/TCP/UDP . +This also sets the upper limit for the +.Cm recv_buf +and +.Cm send_buf +properties. +.It Cm recv_buf +Default receive buffer size +.Pq ICMP/SCTP/TCP/UDP . +The maximum value for this property is controlled by the +.Cm max_buf +property. +.It Cm sack +Selective acknowledgement +.Pq Cm active Ns / Ns Cm passive Ns / Ns Cm never +.Pq TCP . +.It Cm send_buf +Default send buffer size +.Pq ICMP/SCTP/TCP/UDP . +The maximum value for this property is controlled by the +.Cm max_buf +property. +.It Cm smallest_anon_port +Smallest ephemeral port +.Pq SCTP/TCP/UDP . +.It Cm smallest_nonpriv_port +Smallest non-privileged port +.Pq SCTP/TCP/UDP . +.It Cm ttl The IPv4 time-to-live. -.RE - -.RE -.RE - -.sp -.ne 2 -.na -\fB\fBreset-prop\fR [\fB-t\fR] \fB-p\fR \fIprop\fR \fIprotocol\fR\fR -.ad -.sp .6 -.RS 4n -The \fBreset-prop\fR subcommand is used to reset a protocol's property -value to the default. -.sp -The \fB-t\fR option (also \fB--temporary\fR) means -that the disable is temporary and will not be persistent across reboots. -.sp -The \fB-p\fR option (also \fB--prop\fR) specifies the property name. -See the \fBset-prop\fR subcommand for the list of property names. -.sp - -.RE - -.sp -.ne 2 -.na -\fB\fBshow-prop\fR [[\fB-c\fR]\fB-o\fR \fIfield\fR[,...]] [\fB-p\fR \fIprop\fR,...] \fIprotocol\fR] -.ad -.sp .6 -.RS 4n -The \fBshow-prop\fR subcommand is used to display the property values -for one or all of the protocols. -.sp -The \fB-c\fR option (also \fB--parsable\fR) prints -the output in a parsable format. -.sp -The \fB-o\fR option (also \fB--output\fR) is used -to select which fields will be shown. The field value can be one of the -following names: -.sp -.ne 2 -.na -.RS 4n -\fBALL\fR -.ad -.RS 4n -Display all fields -.RE - -.sp -.ne 2 -.na -\fBPROTO\fR -.ad -.RS 4n -The name of the protocol -.RE - -.sp -.ne 2 -.na -\fBPROPERTY\fR -.ad -.RS 4n -The name of the property -.RE - -.sp -.ne 2 -.na -\fBPERM\fR -.ad -.RS 4n -If the property is readable ("r") and/or writable ("w"). -.RE - -.sp -.ne 2 -.na -\fBCURRENT\fR -.ad -.RS 4n -The value of the property -.RE - -.sp -.ne 2 -.na -\fBPERSISTENT\fR -.ad -.RS 4n -The persistent value of the property -.RE - -.sp -.ne 2 -.na -\fBDEFAULT\fR -.ad -.RS 4n -The default value of the property -.RE - -.sp -.ne 2 -.na -\fBPOSSIBLE\fR -.ad -.RS 4n -The possible values for the property -.RE -.RE - -.sp -The \fB-p\fR option (also \fB--prop\fR) is used -to specify which properties to display. See the \fBset-prop\fR +.El +.It Fl t Ns , Ns Fl -temporary +Temporary, not persistent across reboots. +.El +.It Xo +.Nm +.Ic reset-prop +.Op Fl t +.Fl p Ar prop +.Ar protocol +.Xc +Reset a protocol's property value to the default. +.Bl -tag -width "" +.It Fl p Ns , Ns Fl -prop +Specify the property name. See the +.Nm ipadm Ic set-prop +subcommand for the list of property names. +.It Fl t Ns , Ns Fl -temporary +Temporary, not persistent across reboots. +.El +.It Xo +.Nm +.Ic show-prop +.Op Oo Fl c Oc Fl o Ar field Ns Oo , Ns Ar field Oc Ns ... +.Op Fl p Ar prop Ns Oo , Ns Ar prop Oc Ns ... +.Op Ar protocol +.Xc +Display the property values for one or all of the protocols. +.Bl -tag -width "" +.It Fl c Ns , Ns Fl -parsable +Print the output in a parsable format. +.It Fl o Ns , Ns Fl -output +Select which fields will be shown. The field value can be one of the following +names: +.Bl -tag -compact -width "PERSISTENT" +.It Cm ALL +Display all fields. +.It Cm PROTO +The name of the protocol. +.It Cm PROPERTY +The name of the property. +.It Cm PERM +If the property is readable +.Pq Qq r +and/or writable +.Pq Qq w . +.It Cm CURRENT +The value of the property. +.It Cm PERSISTENT +The persistent value of the property. +.It Cm DEFAULT +The default value of the property. +.It Cm POSSIBLE +The possible values for the property. +.El +.It Fl p Ns , Ns Fl -prop +Specify which properties to display. See the +.Nm ipadm Ic set-prop subcommand for the list of property names. -.sp - -.RE - -.SH SEE ALSO -.sp -.LP -\fBifconfig\fR(1M), \fBdladm\fR(1M), \fBndd\fR(1M), \fBzonecfg\fR(1M), -\fBarp\fR(1M), \fBcfgadm\fR(1M), \fBif_mpadm\fR(1M), \fBnsswitch.conf\fR(4), -and \fBdhcp\fR(5). +.El +.El +.Sh SEE ALSO +.Xr arp 1M , +.Xr cfgadm 1M , +.Xr dladm 1M , +.Xr if_mpadm 1M , +.Xr ifconfig 1M , +.Xr ndd 1M , +.Xr zonecfg 1M , +.Xr nsswitch.conf 4 , +.Xr dhcp 5 . diff --git a/usr/src/man/man1m/zfs.1m b/usr/src/man/man1m/zfs.1m index 3347291fc5..d066942296 100644 --- a/usr/src/man/man1m/zfs.1m +++ b/usr/src/man/man1m/zfs.1m @@ -1,4 +1,3 @@ -'\" t .\" .\" CDDL HEADER START .\" @@ -26,647 +25,574 @@ .\" Copyright (c) 2013 by Saso Kiselkov. All rights reserved. .\" Copyright (c) 2015, Joyent, Inc. All rights reserved. .\" Copyright (c) 2014 by Adam Stevko. All rights reserved. -.\" Copyright 2014 Nexenta Systems, Inc. All Rights Reserved. +.\" Copyright 2015 Nexenta Systems, Inc. All Rights Reserved. .\" -.TH ZFS 1M "November 11, 2014" -.SH NAME -zfs \- configures ZFS file systems -.SH SYNOPSIS -.LP -.nf -\fBzfs\fR [\fB-?\fR] -.fi - -.LP -.nf -\fBzfs\fR \fBcreate\fR [\fB-p\fR] [\fB-o\fR \fIproperty\fR=\fIvalue\fR]... \fIfilesystem\fR -.fi - -.LP -.nf -\fBzfs\fR \fBcreate\fR [\fB-ps\fR] [\fB-b\fR \fIblocksize\fR] [\fB-o\fR \fIproperty\fR=\fIvalue\fR]... \fB-V\fR \fIsize\fR \fIvolume\fR -.fi - -.LP -.nf -\fBzfs\fR \fBdestroy\fR [\fB-fnpRrv\fR] \fIfilesystem\fR|\fIvolume\fR -.fi - -.LP -.nf -\fBzfs\fR \fBdestroy\fR [\fB-dnpRrv\fR] \fIfilesystem\fR|\fIvolume\fR@\fIsnap\fR[%\fIsnap\fR][,\fIsnap\fR[%\fIsnap\fR]]... -.fi - -.LP -.nf -\fBzfs\fR \fBdestroy\fR \fIfilesystem\fR|\fIvolume\fR#\fIbookmark\fR -.fi - -.LP -.nf -\fBzfs\fR \fBsnapshot\fR [\fB-r\fR] [\fB-o\fR \fIproperty\fR=\fIvalue\fR]... - \fIfilesystem@snapname\fR|\fIvolume@snapname\fR... -.fi - -.LP -.nf -\fBzfs\fR \fBrollback\fR [\fB-rRf\fR] \fIsnapshot\fR -.fi - -.LP -.nf -\fBzfs\fR \fBclone\fR [\fB-p\fR] [\fB-o\fR \fIproperty\fR=\fIvalue\fR]... \fIsnapshot\fR \fIfilesystem\fR|\fIvolume\fR -.fi - -.LP -.nf -\fBzfs\fR \fBpromote\fR \fIclone-filesystem\fR -.fi - -.LP -.nf -\fBzfs\fR \fBrename\fR [\fB-f\fR] \fIfilesystem\fR|\fIvolume\fR|\fIsnapshot\fR - \fIfilesystem\fR|\fIvolume\fR|\fIsnapshot\fR -.fi - -.LP -.nf -\fBzfs\fR \fBrename\fR [\fB-fp\fR] \fIfilesystem\fR|\fIvolume\fR \fIfilesystem\fR|\fIvolume\fR -.fi - -.LP -.nf -\fBzfs\fR \fBrename\fR \fB-r\fR \fIsnapshot\fR \fIsnapshot\fR -.fi - -.LP -.nf -\fBzfs\fR \fBlist\fR [\fB-r\fR|\fB-d\fR \fIdepth\fR][\fB-Hp\fR][\fB-o\fR \fIproperty\fR[,\fIproperty\fR]...] [\fB-t\fR \fItype\fR[,\fItype\fR]...] - [\fB-s\fR \fIproperty\fR]... [\fB-S\fR \fIproperty\fR]... [\fIfilesystem\fR|\fIvolume\fR|\fIsnapshot\fR]... -.fi - -.LP -.nf -\fBzfs\fR \fBset\fR \fIproperty\fR=\fIvalue\fR... \fIfilesystem\fR|\fIvolume\fR|\fIsnapshot\fR... -.fi - -.LP -.nf -\fBzfs\fR \fBget\fR [\fB-r\fR|\fB-d\fR \fIdepth\fR][\fB-Hpc\fR][\fB-o\fR \fIfield\fR[,\fIfield\fR]...] [\fB-t\fR \fItype\fR[,\fItype\fR]...] - [\fB-s\fR \fIsource\fR[,\fIsource\fR]...] \fBall\fR | \fIproperty\fR[,\fIproperty\fR]... - \fIfilesystem\fR|\fIvolume\fR|\fIsnapshot\fR... -.fi - -.LP -.nf -\fBzfs\fR \fBinherit\fR [\fB-rS\fR] \fIproperty\fR \fIfilesystem\fR|\fIvolume|snapshot\fR... -.fi - -.LP -.nf -\fBzfs\fR \fBupgrade\fR [\fB-v\fR] -.fi - -.LP -.nf -\fBzfs\fR \fBupgrade\fR [\fB-r\fR] [\fB-V\fR \fIversion\fR] \fB-a\fR | \fIfilesystem\fR -.fi - -.LP -.nf -\fBzfs\fR \fBuserspace\fR [\fB-Hinp\fR] [\fB-o\fR \fIfield\fR[,\fIfield\fR]...] [\fB-s\fR \fIfield\fR]... - [\fB-S\fR \fIfield\fR]... [\fB-t\fR \fItype\fR[,\fItype\fR]...] \fIfilesystem\fR|\fIsnapshot\fR -.fi - -.LP -.nf -\fBzfs\fR \fBgroupspace\fR [\fB-Hinp\fR] [\fB-o\fR \fIfield\fR[,\fIfield\fR]...] [\fB-s\fR \fIfield\fR]... - [\fB-S\fR \fIfield\fR]... [\fB-t\fR \fItype\fR[,\fItype\fR]...] \fIfilesystem\fR|\fIsnapshot\fR -.fi - -.LP -.nf -\fBzfs\fR \fBmount\fR -.fi - -.LP -.nf -\fBzfs\fR \fBmount\fR [\fB-vO\fR] [\fB-o \fIoptions\fR\fR] \fB-a\fR | \fIfilesystem\fR -.fi - -.LP -.nf -\fBzfs\fR \fBunmount\fR [\fB-f\fR] \fB-a\fR | \fIfilesystem\fR|\fImountpoint\fR -.fi - -.LP -.nf -\fBzfs\fR \fBshare\fR \fB-a\fR | \fIfilesystem\fR -.fi - -.LP -.nf -\fBzfs\fR \fBunshare\fR \fB-a\fR \fIfilesystem\fR|\fImountpoint\fR -.fi - -.LP -.nf -\fBzfs\fR \fBbookmark\fR \fIsnapshot\fR \fIbookmark\fR -.fi - -.LP -.nf -\fBzfs\fR \fBsend\fR [\fB-DnPpRveL\fR] [\fB-\fR[\fBiI\fR] \fIsnapshot\fR] \fIsnapshot\fR -.fi - -.LP -.nf -\fBzfs\fR \fBsend\fR [\fB-eL\fR] [\fB-i \fIsnapshot\fR|\fIbookmark\fR]\fR \fIfilesystem\fR|\fIvolume\fR|\fIsnapshot\fR -.fi - -.LP -.nf -\fBzfs\fR \fBreceive\fR [\fB-vnFu\fR] \fIfilesystem\fR|\fIvolume\fR|\fIsnapshot\fR -.fi - -.LP -.nf -\fBzfs\fR \fBreceive\fR [\fB-vnFu\fR] [\fB-d\fR|\fB-e\fR] \fIfilesystem\fR -.fi - -.LP -.nf -\fBzfs\fR \fBallow\fR \fIfilesystem\fR|\fIvolume\fR -.fi - -.LP -.nf -\fBzfs\fR \fBallow\fR [\fB-ldug\fR] \fIuser\fR|\fIgroup\fR[,\fIuser\fR|\fIgroup\fR]... - \fIperm\fR|\fI@setname\fR[,\fIperm\fR|\fI@setname\fR]... \fIfilesystem\fR|\fIvolume\fR -.fi - -.LP -.nf -\fBzfs\fR \fBallow\fR [\fB-ld\fR] \fB-e\fR|\fBeveryone\fR \fIperm\fR|@\fIsetname\fR[,\fIperm\fR|\fI@setname\fR]... - \fIfilesystem\fR|\fIvolume\fR -.fi - -.LP -.nf -\fBzfs\fR \fBallow\fR \fB-c\fR \fIperm\fR|@\fIsetname\fR[,\fIperm\fR|\fI@setname\fR]... \fIfilesystem\fR|\fIvolume\fR -.fi - -.LP -.nf -\fBzfs\fR \fBallow\fR \fB-s\fR @\fIsetname\fR \fIperm\fR|@\fIsetname\fR[,\fIperm\fR|\fI@setname\fR]... \fIfilesystem\fR|\fIvolume\fR -.fi - -.LP -.nf -\fBzfs\fR \fBunallow\fR [\fB-rldug\fR] \fIuser\fR|\fIgroup\fR[,\fIuser\fR|\fIgroup\fR]... - [\fIperm\fR|@\fIsetname\fR[,\fIperm\fR|\fI@setname\fR]...] \fIfilesystem\fR|\fIvolume\fR -.fi - -.LP -.nf -\fBzfs\fR \fBunallow\fR [\fB-rld\fR] \fB-e\fR|\fBeveryone\fR [\fIperm\fR|@\fIsetname\fR[,\fIperm\fR|\fI@setname\fR]...] - \fIfilesystem\fR|\fIvolume\fR -.fi - -.LP -.nf -\fBzfs\fR \fBunallow\fR [\fB-r\fR] \fB-c\fR [\fIperm\fR|@\fIsetname\fR[,\fIperm\fR|\fI@setname\fR]...] \fIfilesystem\fR|\fIvolume\fR -.fi - -.LP -.nf -\fBzfs\fR \fBunallow\fR [\fB-r\fR] \fB-s\fR @\fIsetname\fR [\fIperm\fR|@\fIsetname\fR[,\fIperm\fR|\fI@setname\fR]...] - \fIfilesystem\fR|\fIvolume\fR -.fi - -.LP -.nf -\fBzfs\fR \fBhold\fR [\fB-r\fR] \fItag\fR \fIsnapshot\fR... -.fi - -.LP -.nf -\fBzfs\fR \fBholds\fR [\fB-r\fR] \fIsnapshot\fR... -.fi - -.LP -.nf -\fBzfs\fR \fBrelease\fR [\fB-r\fR] \fItag\fR \fIsnapshot\fR... -.fi - -.LP -.nf -\fBzfs\fR \fBdiff\fR [\fB-FHt\fR] \fIsnapshot\fR \fIsnapshot|filesystem\fR - -.SH DESCRIPTION -.LP -The \fBzfs\fR command configures \fBZFS\fR datasets within a \fBZFS\fR storage -pool, as described in \fBzpool\fR(1M). A dataset is identified by a unique path -within the \fBZFS\fR namespace. For example: -.sp -.in +2 -.nf +.Dd June 8, 2015 +.Dt ZFS 1M +.Os +.Sh NAME +.Nm zfs +.Nd configures ZFS file systems +.Sh SYNOPSIS +.Nm +.Op Fl \? +.Nm +.Cm create +.Op Fl p +.Oo Fl o Ar property Ns = Ns Ar value Oc Ns ... +.Ar filesystem +.Nm +.Cm create +.Op Fl ps +.Op Fl b Ar blocksize +.Oo Fl o Ar property Ns = Ns Ar value Oc Ns ... +.Fl V Ar size Ar volume +.Nm +.Cm destroy +.Op Fl Rfnprv +.Ar filesystem Ns | Ns Ar volume +.Nm +.Cm destroy +.Op Fl Rdnprv +.Ar filesystem Ns | Ns Ar volume Ns @ Ns Ar snap Ns +.Oo % Ns Ar snap Ns Oo , Ns Ar snap Ns Oo % Ns Ar snap Oc Oc Oc Ns ... +.Nm +.Cm destroy +.Ar filesystem Ns | Ns Ar volume Ns # Ns Ar bookmark +.Nm +.Cm snapshot +.Op Fl r +.Oo Fl o Ar property Ns = Ns value Oc Ns ... +.Ar filesystem Ns @ Ns Ar snapname Ns | Ns Ar volume Ns @ Ns Ar snapname Ns ... +.Nm +.Cm rollback +.Op Fl Rfr +.Ar snapshot +.Nm +.Cm clone +.Op Fl p +.Oo Fl o Ar property Ns = Ns Ar value Oc Ns ... +.Ar snapshot Ar filesystem Ns | Ns Ar volume +.Nm +.Cm promote +.Ar clone-filesystem +.Nm +.Cm rename +.Op Fl f +.Ar filesystem Ns | Ns Ar volume Ns | Ns Ar snapshot +.Ar filesystem Ns | Ns Ar volume Ns | Ns Ar snapshot +.Nm +.Cm rename +.Op Fl fp +.Ar filesystem Ns | Ns Ar volume +.Ar filesystem Ns | Ns Ar volume +.Nm +.Cm rename +.Fl r +.Ar snapshot Ar snapshot +.Nm +.Cm list +.Op Fl r Ns | Ns Fl d Ar depth +.Op Fl Hp +.Oo Fl o Ar property Ns Oo , Ns Ar property Oc Ns ... Oc +.Oo Fl s Ar property Oc Ns ... +.Oo Fl S Ar property Oc Ns ... +.Oo Fl t Ar type Ns Oo , Ns Ar type Oc Ns ... Oc +.Oo Ar filesystem Ns | Ns Ar volume Ns | Ns Ar snapshot Oc Ns ... +.Nm +.Cm set +.Ar property Ns = Ns Ar value Oo Ar property Ns = Ns Ar value Oc Ns ... +.Ar filesystem Ns | Ns Ar volume Ns | Ns Ar snapshot Ns ... +.Nm +.Cm get +.Op Fl r Ns | Ns Fl d Ar depth +.Op Fl Hp +.Oo Fl o Ar field Ns Oo , Ns Ar field Oc Ns ... Oc +.Oo Fl s Ar source Ns Oo , Ns Ar source Oc Ns ... Oc +.Oo Fl t Ar type Ns Oo , Ns Ar type Oc Ns ... Oc +.Cm all | Ar property Ns Oo , Ns Ar property Oc Ns ... +.Ar filesystem Ns | Ns Ar volume Ns | Ns Ar snapshot Ns ... +.Nm +.Cm inherit +.Op Fl rS +.Ar property Ar filesystem Ns | Ns Ar volume Ns | Ns Ar snapshot Ns ... +.Nm +.Cm upgrade +.Nm +.Cm upgrade +.Fl v +.Nm +.Cm upgrade +.Op Fl r +.Op Fl V Ar version +.Fl a | Ar filesystem +.Nm +.Cm userspace +.Op Fl Hinp +.Oo Fl o Ar field Ns Oo , Ns Ar field Oc Ns ... Oc +.Oo Fl s Ar field Oc Ns ... +.Oo Fl S Ar field Oc Ns ... +.Oo Fl t Ar type Ns Oo , Ns Ar type Oc Ns ... Oc +.Ar filesystem Ns | Ns Ar snapshot +.Nm +.Cm groupspace +.Op Fl Hinp +.Oo Fl o Ar field Ns Oo , Ns Ar field Oc Ns ... Oc +.Oo Fl s Ar field Oc Ns ... +.Oo Fl S Ar field Oc Ns ... +.Oo Fl t Ar type Ns Oo , Ns Ar type Oc Ns ... Oc +.Ar filesystem Ns | Ns Ar snapshot +.Nm +.Cm mount +.Nm +.Cm mount +.Op Fl Ov +.Op Fl o Ar options +.Fl a | Ar filesystem +.Nm +.Cm unmount +.Op Fl f +.Fl a | Ar filesystem Ns | Ns Ar mountpoint +.Nm +.Cm share +.Fl a | Ar filesystem +.Nm +.Cm unshare +.Fl a | Ar filesystem Ns | Ns Ar mountpoint +.Nm +.Cm bookmark +.Ar snapshot bookmark +.Nm +.Cm send +.Op Fl DLPRenpv +.Op Oo Fl I Ns | Ns Fl i Oc Ar snapshot +.Ar snapshot +.Nm +.Cm send +.Op Fl Le +.Op Fl i Ar snapshot Ns | Ns Ar bookmark +.Ar filesystem Ns | Ns Ar volume Ns | Ns Ar snapshot +.Nm +.Cm receive +.Op Fl Fnuv +.Ar filesystem Ns | Ns Ar volume Ns | Ns Ar snapshot +.Nm +.Cm receive +.Op Fl Fnuv +.Op Fl d Ns | Ns Fl e +.Ar filesystem +.Nm +.Cm allow +.Ar filesystem Ns | Ns Ar volume +.Nm +.Cm allow +.Op Fl dglu +.Ar user Ns | Ns Ar group Ns Oo , Ns Ar user Ns | Ns Ar group Oc Ns ... +.Ar perm Ns | Ns @ Ns Ar setname Ns Oo , Ns Ar perm Ns | Ns @ Ns +.Ar setname Oc Ns ... +.Ar filesystem Ns | Ns Ar volume +.Nm +.Cm allow +.Op Fl dl +.Fl e Ns | Ns Sy everyone +.Ar perm Ns | Ns @ Ns Ar setname Ns Oo , Ns Ar perm Ns | Ns @ Ns +.Ar setname Oc Ns ... +.Ar filesystem Ns | Ns Ar volume +.Nm +.Cm allow +.Fl c +.Ar perm Ns | Ns @ Ns Ar setname Ns Oo , Ns Ar perm Ns | Ns @ Ns +.Ar setname Oc Ns ... +.Ar filesystem Ns | Ns Ar volume +.Nm +.Cm allow +.Fl s No @ Ns Ar setname +.Ar perm Ns | Ns @ Ns Ar setname Ns Oo , Ns Ar perm Ns | Ns @ Ns +.Ar setname Oc Ns ... +.Ar filesystem Ns | Ns Ar volume +.Nm +.Cm unallow +.Op Fl dglru +.Ar user Ns | Ns Ar group Ns Oo , Ns Ar user Ns | Ns Ar group Oc Ns ... +.Oo Ar perm Ns | Ns @ Ns Ar setname Ns Oo , Ns Ar perm Ns | Ns @ Ns +.Ar setname Oc Ns ... Oc +.Ar filesystem Ns | Ns Ar volume +.Nm +.Cm unallow +.Op Fl dlr +.Fl e Ns | Ns Sy everyone +.Oo Ar perm Ns | Ns @ Ns Ar setname Ns Oo , Ns Ar perm Ns | Ns @ Ns +.Ar setname Oc Ns ... Oc +.Ar filesystem Ns | Ns Ar volume +.Nm +.Cm unallow +.Op Fl r +.Fl c +.Oo Ar perm Ns | Ns @ Ns Ar setname Ns Oo , Ns Ar perm Ns | Ns @ Ns +.Ar setname Oc Ns ... Oc +.Ar filesystem Ns | Ns Ar volume +.Nm +.Cm unallow +.Op Fl r +.Fl s @ Ns Ar setname +.Oo Ar perm Ns | Ns @ Ns Ar setname Ns Oo , Ns Ar perm Ns | Ns @ Ns +.Ar setname Oc Ns ... Oc +.Ar filesystem Ns | Ns Ar volume +.Nm +.Cm hold +.Op Fl r +.Ar tag Ar snapshot Ns ... +.Nm +.Cm holds +.Op Fl r +.Ar snapshot Ns ... +.Nm +.Cm release +.Op Fl r +.Ar tag Ar snapshot Ns ... +.Nm +.Cm diff +.Op Fl FHt +.Ar snapshot Ar snapshot Ns | Ns Ar filesystem +.Sh DESCRIPTION +The +.Nm +command configures ZFS datasets within a ZFS storage pool, as described in +.Xr zpool 1M . +A dataset is identified by a unique path within the ZFS namespace. For example: +.Bd -literal pool/{filesystem,volume,snapshot} -.fi -.in -2 -.sp - -.sp -.LP -where the maximum length of a dataset name is \fBMAXNAMELEN\fR (256 bytes). -.sp -.LP +.Ed +.Pp +where the maximum length of a dataset name is +.Dv MAXNAMELEN +.Pq 256 bytes . +.Pp A dataset can be one of the following: -.sp -.ne 2 -.na -\fB\fIfile system\fR\fR -.ad -.sp .6 -.RS 4n -A \fBZFS\fR dataset of type \fBfilesystem\fR can be mounted within the standard -system namespace and behaves like other file systems. While \fBZFS\fR file -systems are designed to be \fBPOSIX\fR compliant, known issues exist that -prevent compliance in some cases. Applications that depend on standards -conformance might fail due to nonstandard behavior when checking file system -free space. -.RE - -.sp -.ne 2 -.na -\fB\fIvolume\fR\fR -.ad -.sp .6 -.RS 4n +.Bl -tag -width "file system" +.It Sy file system +A ZFS dataset of type +.Sy filesystem +can be mounted within the standard system namespace and behaves like other file +systems. While ZFS file systems are designed to be POSIX compliant, known issues +exist that prevent compliance in some cases. Applications that depend on +standards conformance might fail due to non-standard behavior when checking file +system free space. +.It Sy volume A logical volume exported as a raw or block device. This type of dataset should only be used under special circumstances. File systems are typically used in most environments. -.RE - -.sp -.ne 2 -.na -\fB\fIsnapshot\fR\fR -.ad -.sp .6 -.RS 4n +.It Sy snapshot A read-only version of a file system or volume at a given point in time. It is -specified as \fIfilesystem@name\fR or \fIvolume@name\fR. -.RE - -.SS "ZFS File System Hierarchy" -.LP -A \fBZFS\fR storage pool is a logical collection of devices that provide space -for datasets. A storage pool is also the root of the \fBZFS\fR file system -hierarchy. -.sp -.LP +specified as +.Ar filesystem Ns @ Ns Ar name +or +.Ar volume Ns @ Ns Ar name . +.El +.Ss ZFS File System Hierarchy +A ZFS storage pool is a logical collection of devices that provide space for +datasets. A storage pool is also the root of the ZFS file system hierarchy. +.Pp The root of the pool can be accessed as a file system, such as mounting and unmounting, taking snapshots, and setting properties. The physical storage -characteristics, however, are managed by the \fBzpool\fR(1M) command. -.sp -.LP -See \fBzpool\fR(1M) for more information on creating and administering pools. -.SS "Snapshots" -.LP +characteristics, however, are managed by the +.Xr zpool 1M +command. +.Pp +See +.Xr zpool 1M +for more information on creating and administering pools. +.Ss Snapshots A snapshot is a read-only copy of a file system or volume. Snapshots can be created extremely quickly, and initially consume no additional space within the pool. As data within the active dataset changes, the snapshot consumes more data than would otherwise be shared with the active dataset. -.sp -.LP +.Pp Snapshots can have arbitrary names. Snapshots of volumes can be cloned or rolled back, but cannot be accessed independently. -.sp -.LP -File system snapshots can be accessed under the \fB\&.zfs/snapshot\fR directory -in the root of the file system. Snapshots are automatically mounted on demand -and may be unmounted at regular intervals. The visibility of the \fB\&.zfs\fR -directory can be controlled by the \fBsnapdir\fR property. -.SS "Clones" -.LP +.Pp +File system snapshots can be accessed under the +.Pa .zfs/snapshot +directory in the root of the file system. Snapshots are automatically mounted on +demand and may be unmounted at regular intervals. The visibility of the +.Pa .zfs +directory can be controlled by the +snapdir +property. +.Ss Clones A clone is a writable volume or file system whose initial contents are the same -as another dataset. As with snapshots, creating a clone is nearly -instantaneous, and initially consumes no additional space. -.sp -.LP +as another dataset. As with snapshots, creating a clone is nearly instantaneous, +and initially consumes no additional space. +.Pp Clones can only be created from a snapshot. When a snapshot is cloned, it creates an implicit dependency between the parent and child. Even though the clone is created somewhere else in the dataset hierarchy, the original snapshot -cannot be destroyed as long as a clone exists. The \fBorigin\fR property -exposes this dependency, and the \fBdestroy\fR command lists any such -dependencies, if they exist. -.sp -.LP +cannot be destroyed as long as a clone exists. The +.Sy origin +property exposes this dependency, and the +.Cm destroy +command lists any such dependencies, if they exist. +.Pp The clone parent-child dependency relationship can be reversed by using the -\fBpromote\fR subcommand. This causes the "origin" file system to become a -clone of the specified file system, which makes it possible to destroy the file -system that the clone was created from. -.SS "Mount Points" -.LP -Creating a \fBZFS\fR file system is a simple operation, so the number of file -systems per system is likely to be numerous. To cope with this, \fBZFS\fR -automatically manages mounting and unmounting file systems without the need to -edit the \fB/etc/vfstab\fR file. All automatically managed file systems are -mounted by \fBZFS\fR at boot time. -.sp -.LP -By default, file systems are mounted under \fB/\fIpath\fR\fR, where \fIpath\fR -is the name of the file system in the \fBZFS\fR namespace. Directories are -created and destroyed as needed. -.sp -.LP -A file system can also have a mount point set in the \fBmountpoint\fR property. -This directory is created as needed, and \fBZFS\fR automatically mounts the -file system when the \fBzfs mount -a\fR command is invoked (without editing -\fB/etc/vfstab\fR). The \fBmountpoint\fR property can be inherited, so if -\fBpool/home\fR has a mount point of \fB/export/stuff\fR, then -\fBpool/home/user\fR automatically inherits a mount point of -\fB/export/stuff/user\fR. -.sp -.LP -A file system \fBmountpoint\fR property of \fBnone\fR prevents the file system -from being mounted. -.sp -.LP -If needed, \fBZFS\fR file systems can also be managed with traditional tools -(\fBmount\fR, \fBumount\fR, \fB/etc/vfstab\fR). If a file system's mount point -is set to \fBlegacy\fR, \fBZFS\fR makes no attempt to manage the file system, -and the administrator is responsible for mounting and unmounting the file -system. -.SS "Zones" -.LP -A \fBZFS\fR file system can be added to a non-global zone by using the -\fBzonecfg\fR \fBadd fs\fR subcommand. A \fBZFS\fR file system that is added to -a non-global zone must have its \fBmountpoint\fR property set to \fBlegacy\fR. -.sp -.LP +.Cm promote +subcommand. This causes the +.Qq origin +file system to become a clone of the specified file system, which makes it +possible to destroy the file system that the clone was created from. +.Ss "Mount Points" +Creating a ZFS file system is a simple operation, so the number of file systems +per system is likely to be numerous. To cope with this, ZFS automatically +manages mounting and unmounting file systems without the need to edit the +.Pa /etc/vfstab +file. All automatically managed file systems are mounted by ZFS at boot time. +.Pp +By default, file systems are mounted under +.Pa /path , +where +.Ar path +is the name of the file system in the ZFS namespace. Directories are created and +destroyed as needed. +.Pp +A file system can also have a mount point set in the +.Sy mountpoint +property. This directory is created as needed, and ZFS automatically mounts the +file system when the +.Nm zfs Cm mount Fl a +command is invoked +.Po without editing +.Pa /etc/vfstab +.Pc . +The +.Sy mountpoint +property can be inherited, so if +.Em pool/home +has a mount point of +.Pa /export/stuff , +then +.Em pool/home/user +automatically inherits a mount point of +.Pa /export/stuff/user . +.Pp +A file system +.Sy mountpoint +property of +.Sy none +prevents the file system from being mounted. +.Pp +If needed, ZFS file systems can also be managed with traditional tools +.Po +.Nm mount , +.Nm umount , +.Pa /etc/vfstab +.Pc . +If a file system's mount point is set to +.Sy legacy , +ZFS makes no attempt to manage the file system, and the administrator is +responsible for mounting and unmounting the file system. +.Ss "Zones" +A ZFS file system can be added to a non-global zone by using the +.Nm zonecfg Cm add Sy fs +subcommand. A ZFS file system that is added to a non-global zone must have its +.Sy mountpoint +property set to +.Sy legacy . +.Pp The physical properties of an added file system are controlled by the global administrator. However, the zone administrator can create, modify, or destroy -files within the added file system, depending on how the file system is -mounted. -.sp -.LP -A dataset can also be delegated to a non-global zone by using the \fBzonecfg\fR -\fBadd dataset\fR subcommand. You cannot delegate a dataset to one zone and the -children of the same dataset to another zone. The zone administrator can change -properties of the dataset or any of its children. However, the \fBquota\fR, -\fBfilesystem_limit\fR and \fBsnapshot_limit\fR properties of the delegated -dataset can be modified only by the global administrator. -.sp -.LP -A \fBZFS\fR volume can be added as a device to a non-global zone by using the -\fBzonecfg\fR \fBadd device\fR subcommand. However, its physical properties can -be modified only by the global administrator. -.sp -.LP -For more information about \fBzonecfg\fR syntax, see \fBzonecfg\fR(1M). -.sp -.LP -After a dataset is delegated to a non-global zone, the \fBzoned\fR property is -automatically set. A zoned file system cannot be mounted in the global zone, -since the zone administrator might have to set the mount point to an -unacceptable value. -.sp -.LP -The global administrator can forcibly clear the \fBzoned\fR property, though -this should be done with extreme care. The global administrator should verify -that all the mount points are acceptable before clearing the property. -.SS "Native Properties" -.LP -Properties are divided into two types, native properties and user-defined (or -"user") properties. Native properties either export internal statistics or -control \fBZFS\fR behavior. In addition, native properties are either editable -or read-only. User properties have no effect on \fBZFS\fR behavior, but you can -use them to annotate datasets in a way that is meaningful in your environment. -For more information about user properties, see the "User Properties" section, -below. -.sp -.LP +files within the added file system, depending on how the file system is mounted. +.Pp +A dataset can also be delegated to a non-global zone by using the +.Nm zonecfg Cm add Sy dataset +subcommand. You cannot delegate a dataset to one zone and the children of the +same dataset to another zone. The zone administrator can change properties of +the dataset or any of its children. However, the +.Sy quota , +.Sy filesystem_limit +and +.Sy snapshot_limit +properties of the delegated dataset can be modified only by the global +administrator. +.Pp +A ZFS volume can be added as a device to a non-global zone by using the +.Nm zonecfg Cm add Sy device +subcommand. However, its physical properties can be modified only by the global +administrator. +.Pp +For more information about +.Nm zonecfg +syntax, see +.Xr zonecfg 1M . +.Pp +After a dataset is delegated to a non-global zone, the +.Sy zoned +property is automatically set. A zoned file system cannot be mounted in the +global zone, since the zone administrator might have to set the mount point to +an unacceptable value. +.Pp +The global administrator can forcibly clear the +.Sy zoned +property, though this should be done with extreme care. The global administrator +should verify that all the mount points are acceptable before clearing the +property. +.Ss Native Properties +Properties are divided into two types, native properties and user-defined +.Po or +.Qq user +.Pc +properties. Native properties either export internal statistics or control ZFS +behavior. In addition, native properties are either editable or read-only. User +properties have no effect on ZFS behavior, but you can use them to annotate +datasets in a way that is meaningful in your environment. For more information +about user properties, see the +.Sx User Properties +section, below. +.Pp Every dataset has a set of properties that export statistics about the dataset as well as control various behaviors. Properties are inherited from the parent unless overridden by the child. Some properties apply only to certain types of -datasets (file systems, volumes, or snapshots). -.sp -.LP +datasets +.Pq file systems, volumes, or snapshots . +.Pp The values of numeric properties can be specified using human-readable suffixes -(for example, \fBk\fR, \fBKB\fR, \fBM\fR, \fBGb\fR, and so forth, up to \fBZ\fR -for zettabyte). The following are all valid (and equal) specifications: -.sp -.in +2 -.nf -1536M, 1.5g, 1.50GB -.fi -.in -2 -.sp - -.sp -.LP +.Po for example, +.Sy k , +.Sy KB , +.Sy M , +.Sy Gb , +and so forth, up to +.Sy Z +for zettabyte +.Pc . +The following are all valid +.Pq and equal +specifications: +.Li 1536M, 1.5g, 1.50GB . +.Pp The values of non-numeric properties are case sensitive and must be lowercase, -except for \fBmountpoint\fR, \fBsharenfs\fR, and \fBsharesmb\fR. -.sp -.LP +except for +.Sy mountpoint , +.Sy sharenfs , +and +.Sy sharesmb . +.Pp The following native properties consist of read-only statistics about the dataset. These properties can be neither set, nor inherited. Native properties apply to all dataset types unless otherwise noted. -.sp -.ne 2 -.na -\fB\fBavailable\fR\fR -.ad -.sp .6 -.RS 4n -The amount of space available to the dataset and all its children, assuming -that there is no other activity in the pool. Because space is shared within a -pool, availability can be limited by any number of factors, including physical -pool size, quotas, reservations, or other datasets within the pool. -.sp +.Bl -tag -width "usedbyrefreservation" +.It Sy available +The amount of space available to the dataset and all its children, assuming that +there is no other activity in the pool. Because space is shared within a pool, +availability can be limited by any number of factors, including physical pool +size, quotas, reservations, or other datasets within the pool. +.Pp This property can also be referred to by its shortened column name, -\fBavail\fR. -.RE - -.sp -.ne 2 -.na -\fB\fBcompressratio\fR\fR -.ad -.sp .6 -.RS 4n -For non-snapshots, the compression ratio achieved for the \fBused\fR -space of this dataset, expressed as a multiplier. The \fBused\fR -property includes descendant datasets, and, for clones, does not include -the space shared with the origin snapshot. For snapshots, the -\fBcompressratio\fR is the same as the \fBrefcompressratio\fR property. -Compression can be turned on by running: \fBzfs set compression=on -\fIdataset\fR\fR. The default value is \fBoff\fR. -.RE - -.sp -.ne 2 -.na -\fB\fBcreation\fR\fR -.ad -.sp .6 -.RS 4n +.Sy avail . +.It Sy compressratio +For non-snapshots, the compression ratio achieved for the +.Sy used +space of this dataset, expressed as a multiplier. The +.Sy used +property includes descendant datasets, and, for clones, does not include the +space shared with the origin snapshot. For snapshots, the +.Sy compressratio +is the same as the +.Sy refcompressratio +property. Compression can be turned on by running: +.Nm zfs Cm set Sy compression Ns = Ns Sy on Ar dataset . +The default value is +.Sy off . +.It Sy creation The time this dataset was created. -.RE - -.sp -.ne 2 -.na -\fB\fBclones\fR\fR -.ad -.sp .6 -.RS 4n -For snapshots, this property is a comma-separated list of filesystems or -volumes which are clones of this snapshot. The clones' \fBorigin\fR property -is this snapshot. If the \fBclones\fR property is not empty, then this -snapshot can not be destroyed (even with the \fB-r\fR or \fB-f\fR options). -.RE - -.sp -.ne 2 -.na -\fB\fBdefer_destroy\fR\fR -.ad -.sp .6 -.RS 4n -This property is \fBon\fR if the snapshot has been marked for deferred destroy -by using the \fBzfs destroy\fR \fB-d\fR command. Otherwise, the property is -\fBoff\fR. -.RE - -.sp -.ne 2 -.na -\fB\fBfilesystem_count\fR -.ad -.sp .6 -.RS 4n -The total number of filesystems and volumes that exist under this location in the -dataset tree. This value is only available when a \fBfilesystem_limit\fR has -been set somewhere in the tree under which the dataset resides. -.RE - -.sp -.ne 2 -.na -\fB\fBlogicalreferenced\fR\fR -.ad -.sp .6 -.RS 4n -The amount of space that is "logically" accessible by this dataset. See -the \fBreferenced\fR property. The logical space ignores the effect of -the \fBcompression\fR and \fBcopies\fR properties, giving a quantity -closer to the amount of data that applications see. However, it does -include space consumed by metadata. -.sp +.It Sy clones +For snapshots, this property is a comma-separated list of filesystems or volumes +which are clones of this snapshot. The clones' +.Sy origin +property is this snapshot. If the +.Sy clones +property is not empty, then this snapshot can not be destroyed +.Po even with the +.Fl r +or +.Fl f +options +.Pc . +.It Sy defer_destroy +This property is +.Sy on +if the snapshot has been marked for deferred destroy by using the +.Nm zfs Cm destroy Fl d +command. Otherwise, the property is +.Sy off . +.It Sy filesystem_count +The total number of filesystems and volumes that exist under this location in +the dataset tree. This value is only available when a +.Sy filesystem_limit +has been set somewhere in the tree under which the dataset resides. +.It Sy logicalreferenced +The amount of space that is +.Qq logically +accessible by this dataset. See the +.Sy referenced +property. The logical space ignores the effect of the +.Sy compression +and +.Sy copies +properties, giving a quantity closer to the amount of data that applications +see. However, it does include space consumed by metadata. +.Pp This property can also be referred to by its shortened column name, -\fBlrefer\fR. -.RE - -.sp -.ne 2 -.na -\fB\fBlogicalused\fR\fR -.ad -.sp .6 -.RS 4n -The amount of space that is "logically" consumed by this dataset and all -its descendents. See the \fBused\fR property. The logical space -ignores the effect of the \fBcompression\fR and \fBcopies\fR properties, -giving a quantity closer to the amount of data that applications see. -However, it does include space consumed by metadata. -.sp +.Sy lrefer . +.It Sy logicalused +The amount of space that is +.Qq logically +consumed by this dataset and all its descendents. See the +.Sy used +property. The logical space ignores the effect of the +.Sy compression +and +.Sy copies +properties, giving a quantity closer to the amount of data that applications +see. However, it does include space consumed by metadata. +.Pp This property can also be referred to by its shortened column name, -\fBlused\fR. -.RE - -.sp -.ne 2 -.na -\fB\fBmounted\fR\fR -.ad -.sp .6 -.RS 4n +.Sy lused . +.It Sy mounted For file systems, indicates whether the file system is currently mounted. This -property can be either \fByes\fR or \fBno\fR. -.RE - -.sp -.ne 2 -.na -\fB\fBorigin\fR\fR -.ad -.sp .6 -.RS 4n +property can be either +.Sy yes +or +.Sy no . +.It Sy origin For cloned file systems or volumes, the snapshot from which the clone was -created. See also the \fBclones\fR property. -.RE - -.sp -.ne 2 -.na -\fB\fBreferenced\fR\fR -.ad -.sp .6 -.RS 4n +created. See also the +.Sy clones +property. +.It Sy referenced The amount of data that is accessible by this dataset, which may or may not be shared with other datasets in the pool. When a snapshot or clone is created, it initially references the same amount of space as the file system or snapshot it was created from, since its contents are identical. -.sp +.Pp This property can also be referred to by its shortened column name, -\fBrefer\fR. -.RE - -.sp -.ne 2 -.na -\fB\fBrefcompressratio\fR\fR -.ad -.sp .6 -.RS 4n -The compression ratio achieved for the \fBreferenced\fR space of this -dataset, expressed as a multiplier. See also the \fBcompressratio\fR +.Sy refer . +.It Sy refcompressratio +The compression ratio achieved for the +.Sy referenced +space of this dataset, expressed as a multiplier. See also the +.Sy compressratio property. -.RE - -.sp -.ne 2 -.na -\fB\fBsnapshot_count\fR -.ad -.sp .6 -.RS 4n -The total number of snapshots that exist under this location in the dataset tree. -This value is only available when a \fBsnapshot_limit\fR has been set somewhere -in the tree under which the dataset resides. -.RE - -.sp -.ne 2 -.na -\fB\fBtype\fR\fR -.ad -.sp .6 -.RS 4n -The type of dataset: \fBfilesystem\fR, \fBvolume\fR, or \fBsnapshot\fR. -.RE - -.sp -.ne 2 -.na -\fB\fBused\fR\fR -.ad -.sp .6 -.RS 4n +.It Sy snapshot_count +The total number of snapshots that exist under this location in the dataset +tree. This value is only available when a +.Sy snapshot_limit +has been set somewhere in the tree under which the dataset resides. +.It Sy type +The type of dataset: +.Sy filesystem , +.Sy volume , +or +.Sy snapshot . +.It Sy used The amount of space consumed by this dataset and all its descendents. This is the value that is checked against this dataset's quota and reservation. The space used does not include this dataset's reservation, but does take into @@ -674,2743 +600,2222 @@ account the reservations of any descendent datasets. The amount of space that a dataset consumes from its parent, as well as the amount of space that are freed if this dataset is recursively destroyed, is the greater of its space used and its reservation. -.sp -When snapshots (see the "Snapshots" section) are created, their space is -initially shared between the snapshot and the file system, and possibly with -previous snapshots. As the file system changes, space that was previously -shared becomes unique to the snapshot, and counted in the snapshot's space -used. Additionally, deleting snapshots can increase the amount of space unique -to (and used by) other snapshots. -.sp +.Pp +When snapshots +.Po see the +.Sx Snapshots +section +.Pc +are created, their space is initially shared between the snapshot and +the file system, and possibly with previous snapshots. As the file system +changes, space that was previously shared becomes unique to the snapshot, and +counted in the snapshot's space used. Additionally, deleting snapshots can +increase the amount of space unique to +.Pq and used by +other snapshots. +.Pp The amount of space used, available, or referenced does not take into account pending changes. Pending changes are generally accounted for within a few -seconds. Committing a change to a disk using \fBfsync\fR(3c) or \fBO_SYNC\fR +seconds. Committing a change to a disk using +.Xr fsync 3C +or +.Dv O_SYNC does not necessarily guarantee that the space usage information is updated immediately. -.RE - -.sp -.ne 2 -.na -\fB\fBusedby*\fR\fR -.ad -.sp .6 -.RS 4n -The \fBusedby*\fR properties decompose the \fBused\fR properties into the -various reasons that space is used. Specifically, \fBused\fR = -\fBusedbychildren\fR + \fBusedbydataset\fR + \fBusedbyrefreservation\fR +, -\fBusedbysnapshots\fR. These properties are only available for datasets created -on \fBzpool\fR "version 13" pools. -.RE - -.sp -.ne 2 -.na -\fB\fBusedbychildren\fR\fR -.ad -.sp .6 -.RS 4n +.It Sy usedby* +The +.Sy usedby* +properties decompose the +.Sy used +properties into the various reasons that space is used. Specifically, +.Sy used No = +.Sy usedbychildren No + +.Sy usedbydataset No + +.Sy usedbyrefreservation No + +.Sy usedbysnapshots . +These properties are only available for datasets created on +.Nm zpool +.Qo version 13 Qc +pools. +.It Sy usedbychildren The amount of space used by children of this dataset, which would be freed if all the dataset's children were destroyed. -.RE - -.sp -.ne 2 -.na -\fB\fBusedbydataset\fR\fR -.ad -.sp .6 -.RS 4n +.It Sy usedbydataset The amount of space used by this dataset itself, which would be freed if the -dataset were destroyed (after first removing any \fBrefreservation\fR and -destroying any necessary snapshots or descendents). -.RE - -.sp -.ne 2 -.na -\fB\fBusedbyrefreservation\fR\fR -.ad -.sp .6 -.RS 4n -The amount of space used by a \fBrefreservation\fR set on this dataset, which -would be freed if the \fBrefreservation\fR was removed. -.RE - -.sp -.ne 2 -.na -\fB\fBusedbysnapshots\fR\fR -.ad -.sp .6 -.RS 4n +dataset were destroyed +.Po after first removing any +.Sy refreservation +and destroying any necessary snapshots or descendents +.Pc . +.It Sy usedbyrefreservation +The amount of space used by a +.Sy refreservation +set on this dataset, which would be freed if the +.Sy refreservation +was removed. +.It Sy usedbysnapshots The amount of space consumed by snapshots of this dataset. In particular, it is the amount of space that would be freed if all of this dataset's snapshots were -destroyed. Note that this is not simply the sum of the snapshots' \fBused\fR +destroyed. Note that this is not simply the sum of the snapshots' +.Sy used properties because space can be shared by multiple snapshots. -.RE - -.sp -.ne 2 -.na -\fB\fBuserused@\fR\fIuser\fR\fR -.ad -.sp .6 -.RS 4n +.It Sy userused Ns @ Ns Em user The amount of space consumed by the specified user in this dataset. Space is -charged to the owner of each file, as displayed by \fBls\fR \fB-l\fR. The -amount of space charged is displayed by \fBdu\fR and \fBls\fR \fB-s\fR. See the -\fBzfs userspace\fR subcommand for more information. -.sp +charged to the owner of each file, as displayed by +.Nm ls Fl l . +The amount of space charged is displayed by +.Nm du +and +.Nm ls Fl s . +See the +.Nm zfs Cm userspace +subcommand for more information. +.Pp Unprivileged users can access only their own space usage. The root user, or a -user who has been granted the \fBuserused\fR privilege with \fBzfs allow\fR, +user who has been granted the +.Sy userused +privilege with +.Nm zfs Cm allow , can access everyone's usage. -.sp -The \fBuserused@\fR... properties are not displayed by \fBzfs get all\fR. The -user's name must be appended after the \fB@\fR symbol, using one of the -following forms: -.RS +4 -.TP -.ie t \(bu -.el o -\fIPOSIX name\fR (for example, \fBjoe\fR) -.RE -.RS +4 -.TP -.ie t \(bu -.el o -\fIPOSIX numeric ID\fR (for example, \fB789\fR) -.RE -.RS +4 -.TP -.ie t \(bu -.el o -\fISID name\fR (for example, \fBjoe.smith@mydomain\fR) -.RE -.RS +4 -.TP -.ie t \(bu -.el o -\fISID numeric ID\fR (for example, \fBS-1-123-456-789\fR) -.RE -.RE - -.sp -.ne 2 -.na -\fB\fBuserrefs\fR\fR -.ad -.sp .6 -.RS 4n +.Pp +The +.Sy userused Ns @ Ns Em ... +properties are not displayed by +.Nm zfs Cm get Sy all . +The user's name must be appended after the @ symbol, using one of the following +forms: +.Bl -bullet -width "" +.It +.Em POSIX name +.Po for example, +.Sy joe +.Pc +.It +.Em POSIX numeric ID +.Po for example, +.Sy 789 +.Pc +.It +.Em SID name +.Po for example, +.Sy joe.smith@mydomain +.Pc +.It +.Em SID numeric ID +.Po for example, +.Sy S-1-123-456-789 +.Pc +.El +.It Sy userrefs This property is set to the number of user holds on this snapshot. User holds -are set by using the \fBzfs hold\fR command. -.RE - -.sp -.ne 2 -.na -\fB\fBgroupused@\fR\fIgroup\fR\fR -.ad -.sp .6 -.RS 4n +are set by using the +.Nm zfs Cm hold +command. +.It Sy groupused Ns @ Ns Em group The amount of space consumed by the specified group in this dataset. Space is -charged to the group of each file, as displayed by \fBls\fR \fB-l\fR. See the -\fBuserused@\fR\fIuser\fR property for more information. -.sp -Unprivileged users can only access their own groups' space usage. The root -user, or a user who has been granted the \fBgroupused\fR privilege with \fBzfs -allow\fR, can access all groups' usage. -.RE - -.sp -.ne 2 -.na -\fB\fBvolblocksize\fR=\fIblocksize\fR\fR -.ad -.sp .6 -.RS 4n -For volumes, specifies the block size of the volume. The \fBblocksize\fR cannot -be changed once the volume has been written, so it should be set at volume -creation time. The default \fBblocksize\fR for volumes is 8 Kbytes. Any power -of 2 from 512 bytes to 128 Kbytes is valid. -.sp +charged to the group of each file, as displayed by +.Nm ls Fl l . +See the +.Sy userused Ns @ Ns Em user +property for more information. +.Pp +Unprivileged users can only access their own groups' space usage. The root user, +or a user who has been granted the +.Sy groupused +privilege with +.Nm zfs Cm allow , +can access all groups' usage. +.It Sy volblocksize Ns = Ns Em blocksize +For volumes, specifies the block size of the volume. The +.Sy blocksize +cannot be changed once the volume has been written, so it should be set at +volume creation time. The default +.Sy blocksize +for volumes is 8 Kbytes. Any power of 2 from 512 bytes to 128 Kbytes is valid. +.Pp This property can also be referred to by its shortened column name, -\fBvolblock\fR. -.RE - -.sp -.ne 2 -.na -\fB\fBwritten\fR\fR -.ad -.sp .6 -.RS 4n -The amount of \fBreferenced\fR space written to this dataset since the -previous snapshot. -.RE - -.sp -.ne 2 -.na -\fB\fBwritten@\fR\fIsnapshot\fR\fR -.ad -.sp .6 -.RS 4n -The amount of \fBreferenced\fR space written to this dataset since the -specified snapshot. This is the space that is referenced by this dataset -but was not referenced by the specified snapshot. -.sp -The \fIsnapshot\fR may be specified as a short snapshot name (just the part -after the \fB@\fR), in which case it will be interpreted as a snapshot in -the same filesystem as this dataset. -The \fIsnapshot\fR be a full snapshot name (\fIfilesystem\fR@\fIsnapshot\fR), -which for clones may be a snapshot in the origin's filesystem (or the origin -of the origin's filesystem, etc). -.RE - -.sp -.LP -The following native properties can be used to change the behavior of a -\fBZFS\fR dataset. -.sp -.ne 2 -.na -\fB\fBaclinherit\fR=\fBdiscard\fR | \fBnoallow\fR | \fBrestricted\fR | -\fBpassthrough\fR | \fBpassthrough-x\fR\fR -.ad -.sp .6 -.RS 4n -Controls how \fBACL\fR entries are inherited when files and directories are -created. A file system with an \fBaclinherit\fR property of \fBdiscard\fR does -not inherit any \fBACL\fR entries. A file system with an \fBaclinherit\fR -property value of \fBnoallow\fR only inherits inheritable \fBACL\fR entries -that specify "deny" permissions. The property value \fBrestricted\fR (the -default) removes the \fBwrite_acl\fR and \fBwrite_owner\fR permissions when the -\fBACL\fR entry is inherited. A file system with an \fBaclinherit\fR property -value of \fBpassthrough\fR inherits all inheritable \fBACL\fR entries without -any modifications made to the \fBACL\fR entries when they are inherited. A file -system with an \fBaclinherit\fR property value of \fBpassthrough-x\fR has the -same meaning as \fBpassthrough\fR, except that the \fBowner@\fR, \fBgroup@\fR, -and \fBeveryone@\fR \fBACE\fRs inherit the execute permission only if the file -creation mode also requests the execute bit. -.sp -When the property value is set to \fBpassthrough\fR, files are created with a -mode determined by the inheritable \fBACE\fRs. If no inheritable \fBACE\fRs +.Sy volblock . +.It Sy written +The amount of +.Sy referenced +space written to this dataset since the previous snapshot. +.It Sy written Ns @ Ns Em snapshot +The amount of +.Sy referenced +space written to this dataset since the specified snapshot. This is the space +that is referenced by this dataset but was not referenced by the specified +snapshot. +.Pp +The +.Em snapshot +may be specified as a short snapshot name +.Po just the part after the +.Sy @ +.Pc , +in which case it will be interpreted as a snapshot in the same filesystem as +this dataset. The +.Em snapshot +may be a full snapshot name +.No Po Em filesystem Ns @ Ns Em snapshot Pc , +which for clones may be a snapshot in the origin's filesystem +.Pq or the origin of the origin's filesystem, etc. +.El +.Pp +The following native properties can be used to change the behavior of a ZFS +dataset. +.Bl -tag -width "" +.It Xo +.Sy aclinherit Ns = Ns Sy discard Ns | Ns Sy noallow Ns | Ns +.Sy restricted Ns | Ns Sy passthrough Ns | Ns Sy passthrough-x +.Xc +Controls how +.Sy ACE Ns s +are inherited when files and directories are created. +.Bl -tag -width "passthrough-x" +.It Sy discard +does not inherit any +.Sy ACE Ns s . +.It Sy noallow +only inherits inheritable +.Sy ACE Ns s +that specify +.Qq deny +permissions. +.It Sy restricted +default, removes the +.Sy write_acl +and +.Sy write_owner +permissions when the +.Sy ACE +is inherited. +.It Sy passthrough +inherits all inheritable +.Sy ACE Ns s +without any modifications. +.It Sy passthrough-x +same meaning as +.Sy passthrough , +except that the +.Sy owner@ , +.Sy group@ , +and +.Sy everyone@ +.Sy ACE Ns s +inherit the execute permission only if the file creation mode also requests the +execute bit. +.El +.Pp +When the property value is set to +.Sy passthrough , +files are created with a mode determined by the inheritable +.Sy ACE Ns s . +If no inheritable +.Sy ACE Ns s exist that affect the mode, then the mode is set in accordance to the requested mode from the application. -.RE - -.sp -.ne 2 -.na -\fB\fBaclmode\fR=\fBdiscard\fR | \fBgroupmask\fR | \fBpassthrough\fR\fR | \fBrestricted\fR\fR -.ad -.sp .6 -.RS 4n -Controls how an \fBACL\fR is modified during \fBchmod\fR(2). A file system with -an \fBaclmode\fR property of \fBdiscard\fR (the default) deletes all \fBACL\fR -entries that do not represent the mode of the file. An \fBaclmode\fR property -of \fBgroupmask\fR reduces permissions granted in all \fBALLOW\fR entries found -in the \fBACL\fR such that they are no greater than the group permissions -specified by \fBchmod\fR(2). A file system with an \fBaclmode\fR property of -\fBpassthrough\fR indicates that no changes are made to the \fBACL\fR other -than creating or updating the necessary \fBACL\fR entries to represent the new -mode of the file or directory. An \fBaclmode\fR property of \fBrestricted\fR -will cause the \fBchmod\fR(2) operation to return an error when used on any -file or directory which has a non-trivial \fBACL\fR whose entries can not be -represented by a mode. \fBchmod\fR(2) is required to change the set user ID, -set group ID, or sticky bits on a file or directory, as they do not have -equivalent \fBACL\fR entries. In order to use \fBchmod\fR(2) on a file or -directory with a non-trivial \fBACL\fR when \fBaclmode\fR is set to -\fBrestricted\fR, you must first remove all \fBACL\fR entries which do not -represent the current mode. -.RE - -.sp -.ne 2 -.na -\fB\fBatime\fR=\fBon\fR | \fBoff\fR\fR -.ad -.sp .6 -.RS 4n +.It Xo +.Sy aclmode Ns = Ns Sy discard Ns | Ns Sy groupmask Ns | Ns +.Sy passthrough Ns | Ns Sy restricted +.Xc +Controls how an +.Sy ACL +is modified during +.Xr chmod 2 . +.Bl -tag -width "passthrough" +.It Sy discard +default, deletes all +.Sy ACE Ns s +that do not represent the mode of the file. +.It Sy groupmask +reduces permissions granted in all +.Sy ALLOW +entries found in the +.Sy ACL +such that they are no greater than the group permissions specified by +.Xr chmod 2 . +.It Sy passthrough +indicates that no changes are made to the +.Sy ACL +other than creating or updating the necessary +.Sy ACE Ns s +to represent the new mode of the file or directory. +.It Sy restricted +causes the +.Xr chmod 2 +operation to return an error when used on any file or directory which has a +non-trivial +.Sy ACE Ns s +whose entries can not be represented by a mode. +.El +.Pp +.Xr chmod 2 +is required to change the set user ID, set group ID, or sticky bits on a file or +directory, as they do not have equivalent +.Sy ACE Ns s. +In order to use +.Xr chmod 2 +on a file or directory with a non-trivial +.Sy ACL +when +.Sy aclmode +is set to +.Sy restricted , +you must first remove all +.Sy ACE Ns s +which do not represent the current mode. +.It Sy atime Ns = Ns Sy on Ns | Ns Sy off Controls whether the access time for files is updated when they are read. Turning this property off avoids producing write traffic when reading files and can result in significant performance gains, though it might confuse mailers -and other similar utilities. The default value is \fBon\fR. -.RE - -.sp -.ne 2 -.na -\fB\fBcanmount\fR=\fBon\fR | \fBoff\fR | \fBnoauto\fR\fR -.ad -.sp .6 -.RS 4n -If this property is set to \fBoff\fR, the file system cannot be mounted, and is -ignored by \fBzfs mount -a\fR. Setting this property to \fBoff\fR is similar to -setting the \fBmountpoint\fR property to \fBnone\fR, except that the dataset -still has a normal \fBmountpoint\fR property, which can be inherited. Setting -this property to \fBoff\fR allows datasets to be used solely as a mechanism to -inherit properties. One example of setting \fBcanmount=\fR\fBoff\fR is to have -two datasets with the same \fBmountpoint\fR, so that the children of both -datasets appear in the same directory, but might have different inherited -characteristics. -.sp -When the \fBnoauto\fR option is set, a dataset can only be mounted and -unmounted explicitly. The dataset is not mounted automatically when the dataset -is created or imported, nor is it mounted by the \fBzfs mount -a\fR command or -unmounted by the \fBzfs unmount -a\fR command. -.sp +and other similar utilities. The default value is +.Sy on . +.It Sy canmount Ns = Ns Sy on Ns | Ns Sy off Ns | Ns Sy noauto +If this property is set to +.Sy off , +the file system cannot be mounted, and is ignored by +.Nm zfs Cm mount Fl a . +Setting this property to +.Sy off +is similar to setting the +.Sy mountpoint +property to +.Sy none , +except that the dataset still has a normal +.Sy mountpoint +property, which can be inherited. Setting this property to +.Sy off +allows datasets to be used solely as a mechanism to inherit properties. One +example of setting +.Sy canmount Ns = Ns Sy off +is to have two datasets with the same +.Sy mountpoint , +so that the children of both datasets appear in the same directory, but might +have different inherited characteristics. +.Pp +When set to +.Sy noauto , +a dataset can only be mounted and unmounted explicitly. The dataset is not +mounted automatically when the dataset is created or imported, nor is it mounted +by the +.Nm zfs Cm mount Fl a +command or unmounted by the +.Nm zfs Cm unmount Fl a +command. +.Pp This property is not inherited. -.RE - -.sp -.ne 2 -.na -\fB\fBchecksum\fR=\fBon\fR | \fBoff\fR | \fBfletcher2\fR | \fBfletcher4\fR | -\fBsha256\fR | \fBnoparity\fR \fR -.ad -.sp .6 -.RS 4n +.It Xo +.Sy checksum Ns = Ns Sy on Ns | Ns Sy off Ns | Ns Sy fletcher2 Ns | Ns +.Sy fletcher4 Ns | Ns Sy sha256 Ns | Ns Sy noparity +.Xc Controls the checksum used to verify data integrity. The default value is -\fBon\fR, which automatically selects an appropriate algorithm (currently, -\fBfletcher4\fR, but this may change in future releases). The value \fBoff\fR -disables integrity checking on user data. The value \fBnoparity\fR not only -disables integrity but also disables maintaining parity for user data. This -setting is used internally by a dump device residing on a RAID-Z pool and should -not be used by any other dataset. Disabling checksums is \fBNOT\fR a recommended -practice. -.sp +.Sy on , +which automatically selects an appropriate algorithm +.Po currently, +.Sy fletcher4 , +but this may change in future releases +.Pc . +The value +.Sy off +disables integrity checking on user data. The value +.Sy noparity +not only disables integrity but also disables maintaining parity for user data. +This setting is used internally by a dump device residing on a RAID-Z pool and +should not be used by any other dataset. Disabling checksums is +.Sy NOT +a recommended practice. +.Pp Changing this property affects only newly-written data. -.RE - -.sp -.ne 2 -.na -\fB\fBcompression\fR=\fBon\fR | \fBoff\fR | \fBlzjb\fR | \fBlz4\fR | -\fBgzip\fR | \fBgzip-\fR\fIN\fR | \fBzle\fR\fR -.ad -.sp .6 -.RS 4n +.It Xo +.Sy compression Ns = Ns Sy on Ns | Ns Sy off Ns | Ns Sy gzip Ns | Ns +.Sy gzip- Ns Em N Ns | Ns Sy lz4 Ns | Ns Sy lzjb Ns | Ns Sy zle +.Xc Controls the compression algorithm used for this dataset. -.sp -Setting compression to \fBon\fR indicates that the current default -compression algorithm should be used. The default balances compression -and decompression speed, with compression ratio and is expected to -work well on a wide variety of workloads. Unlike all other settings for -this property, \fBon\fR does not select a fixed compression type. As -new compression algorithms are added to ZFS and enabled on a pool, the -default compression algorithm may change. The current default compression -algorthm is either \fBlzjb\fR or, if the \fBlz4_compress\fR feature is -enabled, \fBlz4\fR. -.sp -The \fBlzjb\fR compression algorithm is optimized for performance while -providing decent data compression. -.sp -The \fBlz4\fR compression algorithm is a high-performance replacement -for the \fBlzjb\fR algorithm. It features significantly faster -compression and decompression, as well as a moderately higher -compression ratio than \fBlzjb\fR, but can only be used on pools with -the \fBlz4_compress\fR feature set to \fIenabled\fR. See -\fBzpool-features\fR(5) for details on ZFS feature flags and the -\fBlz4_compress\fR feature. -.sp -The \fBgzip\fR compression algorithm uses the same compression as -the \fBgzip\fR(1) command. You can specify the \fBgzip\fR level by using the -value \fBgzip-\fR\fIN\fR where \fIN\fR is an integer from 1 (fastest) to 9 -(best compression ratio). Currently, \fBgzip\fR is equivalent to \fBgzip-6\fR -(which is also the default for \fBgzip\fR(1)). The \fBzle\fR compression -algorithm compresses runs of zeros. -.sp +.Pp +Setting compression to +.Sy on +indicates that the current default compression algorithm should be used. The +default balances compression and decompression speed, with compression ratio and +is expected to work well on a wide variety of workloads. Unlike all other +settings for this property, +.Sy on +does not select a fixed compression type. As new compression algorithms are +added to ZFS and enabled on a pool, the default compression algorithm may +change. The current default compression algorthm is either +.Sy lzjb +or, if the +.Sy lz4_compress +feature is enabled, +.Sy lz4 . +.Pp +The +.Sy lz4 +compression algorithm is a high-performance replacement for the +.Sy lzjb +algorithm. It features significantly faster compression and decompression, as +well as a moderately higher compression ratio than +.Sy lzjb , +but can only be used on pools with the +.Sy lz4_compress +feature set to +.Sy enabled . +See +.Xr zpool-features 5 +for details on ZFS feature flags and the +.Sy lz4_compress +feature. +.Pp +The +.Sy lzjb +compression algorithm is optimized for performance while providing decent data +compression. +.Pp +The +.Sy gzip +compression algorithm uses the same compression as the +.Xr gzip 1 +command. You can specify the +.Sy gzip +level by using the value +.Sy gzip- Ns Em N , +where +.Em N +is an integer from 1 +.Pq fastest +to 9 +.Pq best compression ratio . +Currently, +.Sy gzip +is equivalent to +.Sy gzip-6 +.Po which is also the default for +.Xr gzip 1 +.Pc . +.Pp +The +.Sy zle +compression algorithm compresses runs of zeros. +.Pp This property can also be referred to by its shortened column name \fBcompress\fR. Changing this property affects only newly-written data. -.RE - -.sp -.ne 2 -.na -\fB\fBcopies\fR=\fB1\fR | \fB2\fR | \fB3\fR\fR -.ad -.sp .6 -.RS 4n +.It Sy copies Ns = Ns Sy 1 Ns | Ns Sy 2 Ns | Ns Sy 3 Controls the number of copies of data stored for this dataset. These copies are in addition to any redundancy provided by the pool, for example, mirroring or RAID-Z. The copies are stored on different disks, if possible. The space used by multiple copies is charged to the associated file and dataset, changing the -\fBused\fR property and counting against quotas and reservations. -.sp +.Sy used +property and counting against quotas and reservations. +.Pp Changing this property only affects newly-written data. Therefore, set this -property at file system creation time by using the \fB-o\fR -\fBcopies=\fR\fIN\fR option. -.RE - -.sp -.ne 2 -.na -\fB\fBdevices\fR=\fBon\fR | \fBoff\fR\fR -.ad -.sp .6 -.RS 4n +property at file system creation time by using the +.Fl o Sy copies Ns = Ns Ar N +option. +.It Sy devices Ns = Ns Sy on Ns | Ns Sy off Controls whether device nodes can be opened on this file system. The default -value is \fBon\fR. -.RE - -.sp -.ne 2 -.na -\fB\fBexec\fR=\fBon\fR | \fBoff\fR\fR -.ad -.sp .6 -.RS 4n +value is +.Sy on . +.It Sy exec Ns = Ns Sy on Ns | Ns Sy off Controls whether processes can be executed from within this file system. The -default value is \fBon\fR. -.RE - -.sp -.ne 2 -.na -\fB\fBfilesystem_limit\fR=\fIcount\fR | \fBnone\fR\fR -.ad -.sp .6 -.RS 4n +default value is +.Sy on . +.It Sy filesystem_limit Ns = Ns Em count Ns | Ns Sy none Limits the number of filesystems and volumes that can exist under this point in -the dataset tree. The limit is not enforced if the user is allowed to change -the limit. Setting a filesystem_limit on a descendent of a filesystem that -already has a filesystem_limit does not override the ancestor's filesystem_limit, +the dataset tree. The limit is not enforced if the user is allowed to change +the limit. Setting a +.Sy filesystem_limit +to +.Sy on +a descendent of a filesystem that already has a +.Sy filesystem_limit +does not override the ancestor's +.Sy filesystem_limit , but rather imposes an additional limit. This feature must be enabled to be used -(see \fBzpool-features\fR(5)). -.RE - -.sp -.ne 2 -.na -\fB\fBmountpoint\fR=\fIpath\fR | \fBnone\fR | \fBlegacy\fR\fR -.ad -.sp .6 -.RS 4n -Controls the mount point used for this file system. See the "Mount Points" +.Po see +.Xr zpool-features 5 +.Pc . +.It Sy mountpoint Ns = Ns Pa path Ns | Ns Sy none Ns | Ns Sy legacy +Controls the mount point used for this file system. See the +.Sx Mount Points section for more information on how this property is used. -.sp -When the \fBmountpoint\fR property is changed for a file system, the file -system and any children that inherit the mount point are unmounted. If the new -value is \fBlegacy\fR, then they remain unmounted. Otherwise, they are -automatically remounted in the new location if the property was previously -\fBlegacy\fR or \fBnone\fR, or if they were mounted before the property was -changed. In addition, any shared file systems are unshared and shared in the -new location. -.RE - -.sp -.ne 2 -.na -\fB\fBnbmand\fR=\fBon\fR | \fBoff\fR\fR -.ad -.sp .6 -.RS 4n -Controls whether the file system should be mounted with \fBnbmand\fR (Non -Blocking mandatory locks). This is used for \fBCIFS\fR clients. Changes to this -property only take effect when the file system is umounted and remounted. See -\fBmount\fR(1M) for more information on \fBnbmand\fR mounts. -.RE - -.sp -.ne 2 -.na -\fB\fBprimarycache\fR=\fBall\fR | \fBnone\fR | \fBmetadata\fR\fR -.ad -.sp .6 -.RS 4n -Controls what is cached in the primary cache (ARC). If this property is set to -\fBall\fR, then both user data and metadata is cached. If this property is set -to \fBnone\fR, then neither user data nor metadata is cached. If this property -is set to \fBmetadata\fR, then only metadata is cached. The default value is -\fBall\fR. -.RE - -.sp -.ne 2 -.na -\fB\fBquota\fR=\fIsize\fR | \fBnone\fR\fR -.ad -.sp .6 -.RS 4n +.Pp +When the +.Sy mountpoint +property is changed for a file system, the file system and any children that +inherit the mount point are unmounted. If the new value is +.Sy legacy , +then they remain unmounted. Otherwise, they are automatically remounted in the +new location if the property was previously +.Sy legacy +or +.Sy none , +or if they were mounted before the property was changed. In addition, any shared +file systems are unshared and shared in the new location. +.It Sy nbmand Ns = Ns Sy on Ns | Ns Sy off +Controls whether the file system should be mounted with +.Sy nbmand +.Pq Non Blocking mandatory locks . +This is used for SMB clients. Changes to this property only take effect when the +file system is umounted and remounted. See +.Xr mount 1M +for more information on +.Sy nbmand +mounts. +.It Sy primarycache Ns = Ns Sy all Ns | Ns Sy none Ns | Ns Sy metadata +Controls what is cached in the primary cache +.Pq ARC . +If this property is set to +.Sy all , +then both user data and metadata is cached. If this property is set to +.Sy none , +then neither user data nor metadata is cached. If this property is set to +.Sy metadata , +then only metadata is cached. The default value is +.Sy all . +.It Sy quota Ns = Ns Em size Ns | Ns Sy none Limits the amount of space a dataset and its descendents can consume. This property enforces a hard limit on the amount of space used. This includes all space consumed by descendents, including file systems and snapshots. Setting a quota on a descendent of a dataset that already has a quota does not override the ancestor's quota, but rather imposes an additional limit. -.sp -Quotas cannot be set on volumes, as the \fBvolsize\fR property acts as an -implicit quota. -.RE - -.sp -.ne 2 -.na -\fB\fBsnapshot_limit\fR=\fIcount\fR | \fBnone\fR\fR -.ad -.sp .6 -.RS 4n +.Pp +Quotas cannot be set on volumes, as the +.Sy volsize +property acts as an implicit quota. +.It Sy snapshot_limit Ns = Ns Em count Ns | Ns Sy none Limits the number of snapshots that can be created on a dataset and its -descendents. Setting a snapshot_limit on a descendent of a dataset that already -has a snapshot_limit does not override the ancestor's snapshot_limit, but -rather imposes an additional limit. The limit is not enforced if the user is +descendents. Setting a +.Sy snapshot_limit +on a descendent of a dataset that already has a +.Sy snapshot_limit +does not override the ancestor's +.Sy snapshot_limit , +but rather imposes an additional limit. The limit is not enforced if the user is allowed to change the limit. For example, this means that recursive snapshots taken from the global zone are counted against each delegated dataset within -a zone. This feature must be enabled to be used (see \fBzpool-features\fR(5)). -.RE - -.sp -.ne 2 -.na -\fB\fBuserquota@\fR\fIuser\fR=\fIsize\fR | \fBnone\fR\fR -.ad -.sp .6 -.RS 4n +a zone. This feature must be enabled to be used +.Po see +.Xr zpool-features 5 +.Pc . +.It Sy userquota@ Ns Em user Ns = Ns Em size Ns | Ns Sy none Limits the amount of space consumed by the specified user. User space -consumption is identified by the \fBuserspace@\fR\fIuser\fR property. -.sp +consumption is identified by the +.Sy userspace@ Ns Em user +property. +.Pp Enforcement of user quotas may be delayed by several seconds. This delay means that a user might exceed their quota before the system notices that they are -over quota and begins to refuse additional writes with the \fBEDQUOT\fR error -message . See the \fBzfs userspace\fR subcommand for more information. -.sp +over quota and begins to refuse additional writes with the +.Er EDQUOT +error message. See the +.Nm zfs Cm userspace +subcommand for more information. +.Pp Unprivileged users can only access their own groups' space usage. The root -user, or a user who has been granted the \fBuserquota\fR privilege with \fBzfs -allow\fR, can get and set everyone's quota. -.sp +user, or a user who has been granted the +.Sy userquota +privilege with +.Nm zfs Cm allow , +can get and set everyone's quota. +.Pp This property is not available on volumes, on file systems before version 4, or -on pools before version 15. The \fBuserquota@\fR... properties are not -displayed by \fBzfs get all\fR. The user's name must be appended after the -\fB@\fR symbol, using one of the following forms: -.RS +4 -.TP -.ie t \(bu -.el o -\fIPOSIX name\fR (for example, \fBjoe\fR) -.RE -.RS +4 -.TP -.ie t \(bu -.el o -\fIPOSIX numeric ID\fR (for example, \fB789\fR) -.RE -.RS +4 -.TP -.ie t \(bu -.el o -\fISID name\fR (for example, \fBjoe.smith@mydomain\fR) -.RE -.RS +4 -.TP -.ie t \(bu -.el o -\fISID numeric ID\fR (for example, \fBS-1-123-456-789\fR) -.RE -.RE - -.sp -.ne 2 -.na -\fB\fBgroupquota@\fR\fIgroup\fR=\fIsize\fR | \fBnone\fR\fR -.ad -.sp .6 -.RS 4n +on pools before version 15. The +.Sy userquota@ Ns Em ... +properties are not displayed by +.Nm zfs Cm get Sy all . +The user's name must be appended after the +.Sy @ +symbol, using one of the following forms: +.Bl -bullet +.It +.Em POSIX name +.Po for example, +.Sy joe +.Pc +.It +.Em POSIX numeric ID +.Po for example, +.Sy 789 +.Pc +.It +.Em SID name +.Po for example, +.Sy joe.smith@mydomain +.Pc +.It +.Em SID numeric ID +.Po for example, +.Sy S-1-123-456-789 +.Pc +.El +.It Sy groupquota@ Ns Em group Ns = Ns Em size Ns | Ns Sy none Limits the amount of space consumed by the specified group. Group space -consumption is identified by the \fBuserquota@\fR\fIuser\fR property. -.sp +consumption is identified by the +.Sy groupused@ Ns Em group +property. +.Pp Unprivileged users can access only their own groups' space usage. The root -user, or a user who has been granted the \fBgroupquota\fR privilege with \fBzfs -allow\fR, can get and set all groups' quotas. -.RE - -.sp -.ne 2 -.na -\fB\fBreadonly\fR=\fBon\fR | \fBoff\fR\fR -.ad -.sp .6 -.RS 4n -Controls whether this dataset can be modified. The default value is \fBoff\fR. -.sp +user, or a user who has been granted the +.Sy groupquota +privilege with +.Nm zfs Cm allow , +can get and set all groups' quotas. +.It Sy readonly Ns = Ns Sy on Ns | Ns Sy off +Controls whether this dataset can be modified. The default value is +.Sy off . +.Pp This property can also be referred to by its shortened column name, -\fBrdonly\fR. -.RE - -.sp -.ne 2 -.na -\fB\fBrecordsize\fR=\fIsize\fR\fR -.ad -.sp .6 -.RS 4n +.Sy rdonly . +.It Sy recordsize Ns = Ns Em size Specifies a suggested block size for files in the file system. This property is designed solely for use with database workloads that access files in fixed-size -records. \fBZFS\fR automatically tunes block sizes according to internal -algorithms optimized for typical access patterns. -.sp +records. ZFS automatically tunes block sizes according to internal algorithms +optimized for typical access patterns. +.Pp For databases that create very large files but access them in small random -chunks, these algorithms may be suboptimal. Specifying a \fBrecordsize\fR +chunks, these algorithms may be suboptimal. Specifying a +.Sy recordsize greater than or equal to the record size of the database can result in significant performance gains. Use of this property for general purpose file systems is strongly discouraged, and may adversely affect performance. -.sp +.Pp The size specified must be a power of two greater than or equal to 512 and less -than or equal to 128 Kbytes. If the \fBlarge_blocks\fR feature is enabled -on the pool, the size may be up to 1 Mbyte. See \fBzpool-features\fR(5) +than or equal to 128 Kbytes. If the +.Sy large_blocks +feature is enabled on the pool, the size may be up to 1 Mbyte. See +.Xr zpool-features 5 for details on ZFS feature flags. -.sp -Changing the file system's \fBrecordsize\fR affects only files created -afterward; existing files are unaffected. -.sp +.Pp +Changing the file system's +.Sy recordsize +affects only files created afterward; existing files are unaffected. +.Pp This property can also be referred to by its shortened column name, -\fBrecsize\fR. -.RE - -.sp -.ne 2 -.na -\fB\fBredundant_metadata\fR=\fBall\fR | \fBmost\fR\fR -.ad -.sp .6 -.RS 4n -Controls what types of metadata are stored redundantly. ZFS stores an -extra copy of metadata, so that if a single block is corrupted, the -amount of user data lost is limited. This extra copy is in addition to -any redundancy provided at the pool level (e.g. by mirroring or RAID-Z), -and is in addition to an extra copy specified by the \fBcopies\fR -property (up to a total of 3 copies). For example if the pool is -mirrored, \fBcopies\fR=2, and \fBredundant_metadata\fR=most, then ZFS -stores 6 copies of most metadata, and 4 copies of data and some +.Sy recsize . +.It Sy redundant_metadata Ns = Ns Sy all Ns | Ns Sy most +Controls what types of metadata are stored redundantly. ZFS stores an extra copy +of metadata, so that if a single block is corrupted, the amount of user data +lost is limited. This extra copy is in addition to any redundancy provided at +the pool level +.Pq e.g. by mirroring or RAID-Z , +and is in addition to an extra copy specified by the +.Sy copies +property +.Pq up to a total of 3 copies . +For example if the pool is mirrored, +.Sy copies Ns = Ns 2 , +and +.Sy redundant_metadata Ns = Ns Sy most , +then ZFS stores 6 copies of most metadata, and 4 copies of data and some metadata. -.sp -When set to \fBall\fR, ZFS stores an extra copy of all metadata. If a -single on-disk block is corrupt, at worst a single block of user data -(which is \fBrecordsize\fR bytes long) can be lost. -.sp -When set to \fBmost\fR, ZFS stores an extra copy of most types of -metadata. This can improve performance of random writes, because less -metadata must be written. In practice, at worst about 100 blocks (of -\fBrecordsize\fR bytes each) of user data can be lost if a single -on-disk block is corrupt. The exact behavior of which metadata blocks -are stored redundantly may change in future releases. -.sp -The default value is \fBall\fR. -.RE - -.sp -.ne 2 -.na -\fB\fBrefquota\fR=\fIsize\fR | \fBnone\fR\fR -.ad -.sp .6 -.RS 4n +.Pp +When set to +.Sy all , +ZFS stores an extra copy of all metadata. If a single on-disk block is corrupt, +at worst a single block of user data +.Po which is +.Sy recordsize +bytes long +.Pc +can be lost. +.Pp +When set to +.Sy most , +ZFS stores an extra copy of most types of metadata. This can improve performance +of random writes, because less metadata must be written. In practice, at worst +about 100 blocks +.Po of +.Sy recordsize +bytes each +.Pc +of user data can be lost if a single on-disk block is corrupt. The exact +behavior of which metadata blocks are stored redundantly may change in future +releases. +.Pp +The default value is +.Sy all . +.It Sy refquota Ns = Ns Em size Ns | Ns Sy none Limits the amount of space a dataset can consume. This property enforces a hard limit on the amount of space used. This hard limit does not include space used by descendents, including file systems and snapshots. -.RE - -.sp -.ne 2 -.na -\fB\fBrefreservation\fR=\fIsize\fR | \fBnone\fR\fR -.ad -.sp .6 -.RS 4n +.It Sy refreservation Ns = Ns Em size Ns | Ns Sy none The minimum amount of space guaranteed to a dataset, not including its descendents. When the amount of space used is below this value, the dataset is treated as if it were taking up the amount of space specified by -\fBrefreservation\fR. The \fBrefreservation\fR reservation is accounted for in -the parent datasets' space used, and counts against the parent datasets' quotas -and reservations. -.sp -If \fBrefreservation\fR is set, a snapshot is only allowed if there is enough -free pool space outside of this reservation to accommodate the current number -of "referenced" bytes in the dataset. -.sp +.Sy refreservation . +The +.Sy refreservation +reservation is accounted for in the parent datasets' space used, and counts +against the parent datasets' quotas and reservations. +.Pp +If +.Sy refreservation +is set, a snapshot is only allowed if there is enough free pool space outside of +this reservation to accommodate the current number of +.Qq referenced +bytes in the dataset. +.Pp This property can also be referred to by its shortened column name, -\fBrefreserv\fR. -.RE - -.sp -.ne 2 -.na -\fB\fBreservation\fR=\fIsize\fR | \fBnone\fR\fR -.ad -.sp .6 -.RS 4n +.Sy refreserv . +.It Sy reservation Ns = Ns Em size Ns | Ns Sy none The minimum amount of space guaranteed to a dataset and its descendents. When the amount of space used is below this value, the dataset is treated as if it were taking up the amount of space specified by its reservation. Reservations are accounted for in the parent datasets' space used, and count against the parent datasets' quotas and reservations. -.sp +.Pp This property can also be referred to by its shortened column name, -\fBreserv\fR. -.RE - -.sp -.ne 2 -.na -\fB\fBsecondarycache\fR=\fBall\fR | \fBnone\fR | \fBmetadata\fR\fR -.ad -.sp .6 -.RS 4n -Controls what is cached in the secondary cache (L2ARC). If this property is set -to \fBall\fR, then both user data and metadata is cached. If this property is -set to \fBnone\fR, then neither user data nor metadata is cached. If this -property is set to \fBmetadata\fR, then only metadata is cached. The default -value is \fBall\fR. -.RE - -.sp -.ne 2 -.na -\fB\fBsetuid\fR=\fBon\fR | \fBoff\fR\fR -.ad -.sp .6 -.RS 4n -Controls whether the set-\fBUID\fR bit is respected for the file system. The -default value is \fBon\fR. -.RE - -.sp -.ne 2 -.na -\fB\fBshareiscsi\fR=\fBon\fR | \fBoff\fR\fR -.ad -.sp .6 -.RS 4n -Like the \fBsharenfs\fR property, \fBshareiscsi\fR indicates whether a -\fBZFS\fR volume is exported as an \fBiSCSI\fR target. The acceptable values -for this property are \fBon\fR, \fBoff\fR, and \fBtype=disk\fR. The default -value is \fBoff\fR. In the future, other target types might be supported. For -example, \fBtape\fR. -.sp -You might want to set \fBshareiscsi=on\fR for a file system so that all -\fBZFS\fR volumes within the file system are shared by default. However, -setting this property on a file system has no direct effect. -.RE - -.sp -.ne 2 -.na -\fB\fBsharesmb\fR=\fBon\fR | \fBoff\fR | \fIopts\fR\fR -.ad -.sp .6 -.RS 4n -Controls whether the file system is shared by using the Solaris \fBCIFS\fR -service, and what options are to be used. A file system with the \fBsharesmb\fR -property set to \fBoff\fR is managed through traditional tools such as -\fBsharemgr\fR(1M). Otherwise, the file system is automatically shared and -unshared with the \fBzfs share\fR and \fBzfs unshare\fR commands. If the -property is set to \fBon\fR, the \fBsharemgr\fR(1M) command is invoked with no -options. Otherwise, the \fBsharemgr\fR(1M) command is invoked with options -equivalent to the contents of this property. -.sp -Because \fBSMB\fR shares requires a resource name, a unique resource name is -constructed from the dataset name. The constructed name is a copy of the -dataset name except that the characters in the dataset name, which would be -illegal in the resource name, are replaced with underscore (\fB_\fR) -characters. A pseudo property "name" is also supported that allows you to -replace the data set name with a specified name. The specified name is then -used to replace the prefix dataset in the case of inheritance. For example, if -the dataset \fBdata/home/john\fR is set to \fBname=john\fR, then -\fBdata/home/john\fR has a resource name of \fBjohn\fR. If a child dataset of -\fBdata/home/john/backups\fR, it has a resource name of \fBjohn_backups\fR. -.sp +.Sy reserv . +.It Sy secondarycache Ns = Ns Sy all Ns | Ns Sy none Ns | Ns Sy metadata +Controls what is cached in the secondary cache +.Pq L2ARC . +If this property is set to +.Sy all , +then both user data and metadata is cached. If this property is set to +.Sy none , +then neither user data nor metadata is cached. If this property is set to +.Sy metadata , +then only metadata is cached. The default value is +.Sy all . +.It Sy setuid Ns = Ns Sy on Ns | Ns Sy off +Controls whether the setuid bit is respected for the file system. The default +value is +.Sy on . +.It Sy sharesmb Ns = Ns Sy on Ns | Ns Sy off Ns | Ns Em opts +Controls whether the file system is shared via SMB, and what options are to be +used. A file system with the +.Sy sharesmb +property set to +.Sy off +is managed through traditional tools such as +.Xr sharemgr 1M . +Otherwise, the file system is automatically shared and unshared with the +.Nm zfs Cm share +and +.Nm zfs Cm unshare +commands. If the property is set to +.Sy on , +the +.Xr sharemgr 1M +command is invoked with no options. Otherwise, the +.Xr sharemgr 1M +command is invoked with options equivalent to the contents of this property. +.Pp +Because SMB shares requires a resource name, a unique resource name is +constructed from the dataset name. The constructed name is a copy of the dataset +name except that the characters in the dataset name, which would be illegal in +the resource name, are replaced with underscore +.Pq Sy _ +characters. A pseudo property +.Qq name +is also supported that allows you to replace the data set name with a specified +name. The specified name is then used to replace the prefix dataset in the case +of inheritance. For example, if the dataset +.Em data/home/john +is set to +.Sy name Ns = Ns Sy john , +then +.Em data/home/john +has a resource name of +.Sy john . +If a child dataset +.Em data/home/john/backups +is shared, it has a resource name of +.Sy john_backups . +.Pp When SMB shares are created, the SMB share name appears as an entry in the -\fB\&.zfs/shares\fR directory. You can use the \fBls\fR or \fBchmod\fR command -to display the share-level ACLs on the entries in this directory. -.sp -When the \fBsharesmb\fR property is changed for a dataset, the dataset and any -children inheriting the property are re-shared with the new options, only if -the property was previously set to \fBoff\fR, or if they were shared before the -property was changed. If the new property is set to \fBoff\fR, the file systems -are unshared. -.RE - -.sp -.ne 2 -.na -\fB\fBsharenfs\fR=\fBon\fR | \fBoff\fR | \fIopts\fR\fR -.ad -.sp .6 -.RS 4n -Controls whether the file system is shared via \fBNFS\fR, and what options are -used. A file system with a \fBsharenfs\fR property of \fBoff\fR is managed -through traditional tools such as \fBshare\fR(1M), \fBunshare\fR(1M), and -\fBdfstab\fR(4). Otherwise, the file system is automatically shared and -unshared with the \fBzfs share\fR and \fBzfs unshare\fR commands. If the -property is set to \fBon\fR, the \fBshare\fR(1M) command is invoked with no -options. Otherwise, the \fBshare\fR(1M) command is invoked with options -equivalent to the contents of this property. -.sp -When the \fBsharenfs\fR property is changed for a dataset, the dataset and any -children inheriting the property are re-shared with the new options, only if -the property was previously \fBoff\fR, or if they were shared before the -property was changed. If the new property is \fBoff\fR, the file systems are -unshared. -.RE - -.sp -.ne 2 -.na -\fB\fBlogbias\fR = \fBlatency\fR | \fBthroughput\fR\fR -.ad -.sp .6 -.RS 4n -Provide a hint to ZFS about handling of synchronous requests in this dataset. -If \fBlogbias\fR is set to \fBlatency\fR (the default), ZFS will use pool log -devices (if configured) to handle the requests at low latency. If \fBlogbias\fR -is set to \fBthroughput\fR, ZFS will not use configured pool log devices. ZFS -will instead optimize synchronous operations for global pool throughput and -efficient use of resources. -.RE - -.sp -.ne 2 -.na -\fB\fBsnapdir\fR=\fBhidden\fR | \fBvisible\fR\fR -.ad -.sp .6 -.RS 4n -Controls whether the \fB\&.zfs\fR directory is hidden or visible in the root of -the file system as discussed in the "Snapshots" section. The default value is -\fBhidden\fR. -.RE - -.sp -.ne 2 -.na -\fB\fBsync\fR=\fBstandard\fR | \fBalways\fR | \fBdisabled\fR\fR -.ad -.sp .6 -.RS 4n -Controls the behavior of synchronous requests (e.g. fsync, O_DSYNC). -\fBstandard\fR is the POSIX specified behavior of ensuring all synchronous -requests are written to stable storage and all devices are flushed to ensure -data is not cached by device controllers (this is the default). \fBalways\fR +.Pa .zfs/shares +directory. You can use the +.Nm ls +or +.Nm chmod +command to display the share-level ACLs on the entries in this directory. +.Pp +When the +.Sy sharesmb +property is changed for a dataset, the dataset and any children inheriting the +property are re-shared with the new options, only if the property was previously +set to +.Sy off , +or if they were shared before the property was changed. If the new property is +set to +.Sy off , +the file systems are unshared. +.It Sy sharenfs Ns = Ns Sy on Ns | Ns Sy off Ns | Ns Em opts +Controls whether the file system is shared via NFS, and what options are to be +used. A file system with a +.Sy sharenfs +property of +.Sy off +is managed through traditional tools such as +.Xr share 1M , +.Xr unshare 1M , +and +.Xr dfstab 4 . +Otherwise, the file system is automatically shared and unshared with the +.Nm zfs Cm share +and +.Nm zfs Cm unshare +commands. If the property is set to +.Sy on , +.Xr share 1M +command is invoked with no options. Otherwise, the +.Xr share 1M +command is invoked with options equivalent to the contents of this property. +.Pp +When the +.Sy sharenfs +property is changed for a dataset, the dataset and any children inheriting the +property are re-shared with the new options, only if the property was previously +.Sy off , +or if they were shared before the property was changed. If the new property is +.Sy off , +the file systems are unshared. +.It Sy logbias Ns = Ns Sy latency Ns | Ns Sy throughput +Provide a hint to ZFS about handling of synchronous requests in this dataset. If +.Sy logbias +is set to +.Sy latency +.Pq the default , +ZFS will use pool log devices +.Pq if configured +to handle the requests at low latency. If +.Sy logbias +is set to +.Sy throughput , +ZFS will not use configured pool log devices. ZFS will instead optimize +synchronous operations for global pool throughput and efficient use of +resources. +.It Sy snapdir Ns = Ns Sy hidden Ns | Ns Sy visible +Controls whether the +.Pa .zfs +directory is hidden or visible in the root of the file system as discussed in +the +.Sx Snapshots +section. The default value is +.Sy hidden . +.It Sy sync Ns = Ns Sy standard Ns | Ns Sy always Ns | Ns Sy disabled +Controls the behavior of synchronous requests +.Pq e.g. fsync, O_DSYNC . +.Sy standard +is the +.Tn POSIX +specified behavior of ensuring all synchronous requests are written to stable +storage and all devices are flushed to ensure data is not cached by device +controllers +.Pq this is the default . +.Sy always causes every file system transaction to be written and flushed before its -system call returns. This has a large performance penalty. \fBdisabled\fR +system call returns. This has a large performance penalty. +.Sy disabled disables synchronous requests. File system transactions are only committed to stable storage periodically. This option will give the highest performance. However, it is very dangerous as ZFS would be ignoring the synchronous -transaction demands of applications such as databases or NFS. Administrators +transaction demands of applications such as databases or NFS. Administrators should only use this option when the risks are understood. -.RE - -.sp -.ne 2 -.na -\fB\fBversion\fR=\fB1\fR | \fB2\fR | \fBcurrent\fR\fR -.ad -.sp .6 -.RS 4n +.It Sy version Ns = Ns Em N Ns | Ns Sy current The on-disk version of this file system, which is independent of the pool version. This property can only be set to later supported versions. See the -\fBzfs upgrade\fR command. -.RE - -.sp -.ne 2 -.na -\fB\fBvolsize\fR=\fIsize\fR\fR -.ad -.sp .6 -.RS 4n +.Nm zfs Cm upgrade +command. +.It Sy volsize Ns = Ns Em size For volumes, specifies the logical size of the volume. By default, creating a -volume establishes a reservation of equal size. For storage pools with a -version number of 9 or higher, a \fBrefreservation\fR is set instead. Any -changes to \fBvolsize\fR are reflected in an equivalent change to the -reservation (or \fBrefreservation\fR). The \fBvolsize\fR can only be set to a -multiple of \fBvolblocksize\fR, and cannot be zero. -.sp -The reservation is kept equal to the volume's logical size to prevent -unexpected behavior for consumers. Without the reservation, the volume could -run out of space, resulting in undefined behavior or data corruption, depending -on how the volume is used. These effects can also occur when the volume size is -changed while it is in use (particularly when shrinking the size). Extreme care -should be used when adjusting the volume size. -.sp -Though not recommended, a "sparse volume" (also known as "thin provisioning") -can be created by specifying the \fB-s\fR option to the \fBzfs create -V\fR +volume establishes a reservation of equal size. For storage pools with a version +number of 9 or higher, a +.Sy refreservation +is set instead. Any changes to +.Sy volsize +are reflected in an equivalent change to the reservation +.Po or +.Sy refreservation +.Pc . +The +.Sy volsize +can only be set to a multiple of +.Sy volblocksize , +and cannot be zero. +.Pp +The reservation is kept equal to the volume's logical size to prevent unexpected +behavior for consumers. Without the reservation, the volume could run out of +space, resulting in undefined behavior or data corruption, depending on how the +volume is used. These effects can also occur when the volume size is changed +while it is in use +.Pq particularly when shrinking the size . +Extreme care should be used when adjusting the volume size. +.Pp +Though not recommended, a +.Qq sparse volume +.Po also known as +.Qq thin provisioning +.Pc +can be created by specifying the +.Fl s +option to the +.Nm zfs Cm create Fl V command, or by changing the reservation after the volume has been created. A -"sparse volume" is a volume where the reservation is less then the volume size. -Consequently, writes to a sparse volume can fail with \fBENOSPC\fR when the -pool is low on space. For a sparse volume, changes to \fBvolsize\fR are not -reflected in the reservation. -.RE - -.sp -.ne 2 -.na -\fB\fBvscan\fR=\fBon\fR | \fBoff\fR\fR -.ad -.sp .6 -.RS 4n +.Qq sparse volume +is a volume where the reservation is less then the volume size. Consequently, +writes to a sparse volume can fail with +.Er ENOSPC +when the pool is low on space. For a sparse volume, changes to +.Sy volsize +are not reflected in the reservation. +.It Sy vscan Ns = Ns Sy on Ns | Ns Sy off Controls whether regular files should be scanned for viruses when a file is opened and closed. In addition to enabling this property, the virus scan service must also be enabled for virus scanning to occur. The default value is -\fBoff\fR. -.RE - -.sp -.ne 2 -.na -\fB\fBxattr\fR=\fBon\fR | \fBoff\fR\fR -.ad -.sp .6 -.RS 4n +.Sy off . +.It Sy xattr Ns = Ns Sy on Ns | Ns Sy off Controls whether extended attributes are enabled for this file system. The -default value is \fBon\fR. -.RE - -.sp -.ne 2 -.na -\fB\fBzoned\fR=\fBon\fR | \fBoff\fR\fR -.ad -.sp .6 -.RS 4n -Controls whether the dataset is managed from a non-global zone. See the "Zones" -section for more information. The default value is \fBoff\fR. -.RE - -.sp -.LP +default value is +.Sy on . +.It Sy zoned Ns = Ns Sy on Ns | Ns Sy off +Controls whether the dataset is managed from a non-global zone. See the +.Sx Zones +section for more information. The default value is +.Sy off . +.El +.Pp The following three properties cannot be changed after the file system is created, and therefore, should be set when the file system is created. If the -properties are not set with the \fBzfs create\fR or \fBzpool create\fR +properties are not set with the +.Nm zfs Cm create +or +.Nm zpool Cm create commands, these properties are inherited from the parent dataset. If the parent dataset lacks these properties due to having been created prior to these features being supported, the new file system will have the default values for these properties. -.sp -.ne 2 -.na -\fB\fBcasesensitivity\fR=\fBsensitive\fR | \fBinsensitive\fR | \fBmixed\fR\fR -.ad -.sp .6 -.RS 4n +.Bl -tag -width "" +.It Xo +.Sy casesensitivity Ns = Ns Sy sensitive Ns | Ns +.Sy insensitive Ns | Ns Sy mixed +.Xc Indicates whether the file name matching algorithm used by the file system should be case-sensitive, case-insensitive, or allow a combination of both -styles of matching. The default value for the \fBcasesensitivity\fR property is -\fBsensitive\fR. Traditionally, UNIX and POSIX file systems have case-sensitive -file names. -.sp -The \fBmixed\fR value for the \fBcasesensitivity\fR property indicates that the -file system can support requests for both case-sensitive and case-insensitive -matching behavior. Currently, case-insensitive matching behavior on a file -system that supports mixed behavior is limited to the Solaris CIFS server -product. For more information about the \fBmixed\fR value behavior, see the -\fISolaris ZFS Administration Guide\fR. -.RE - -.sp -.ne 2 -.na -\fB\fBnormalization\fR = \fBnone\fR | \fBformC\fR | \fBformD\fR | \fBformKC\fR -| \fBformKD\fR\fR -.ad -.sp .6 -.RS 4n -Indicates whether the file system should perform a \fBunicode\fR normalization -of file names whenever two file names are compared, and which normalization -algorithm should be used. File names are always stored unmodified, names are -normalized as part of any comparison process. If this property is set to a -legal value other than \fBnone\fR, and the \fButf8only\fR property was left -unspecified, the \fButf8only\fR property is automatically set to \fBon\fR. The -default value of the \fBnormalization\fR property is \fBnone\fR. This property -cannot be changed after the file system is created. -.RE - -.sp -.ne 2 -.na -\fB\fButf8only\fR=\fBon\fR | \fBoff\fR\fR -.ad -.sp .6 -.RS 4n +styles of matching. The default value for the +.Sy casesensitivity +property is +.Sy sensitive . +Traditionally, +.Ux +and +.Tn POSIX +file systems have case-sensitive file names. +.Pp +The +.Sy mixed +value for the +.Sy casesensitivity +property indicates that the file system can support requests for both +case-sensitive and case-insensitive matching behavior. Currently, +case-insensitive matching behavior on a file system that supports mixed behavior +is limited to the SMB server product. For more information about the +.Sy mixed +value behavior, see the "ZFS Administration Guide". +.It Xo +.Sy normalization Ns = Ns Sy none Ns | Ns Sy formC Ns | Ns +.Sy formD Ns | Ns Sy formKC Ns | Ns Sy formKD +.Xc +Indicates whether the file system should perform a +.Sy unicode +normalization of file names whenever two file names are compared, and which +normalization algorithm should be used. File names are always stored unmodified, +names are normalized as part of any comparison process. If this property is set +to a legal value other than +.Sy none , +and the +.Sy utf8only +property was left unspecified, the +.Sy utf8only +property is automatically set to +.Sy on . +The default value of the +.Sy normalization +property is +.Sy none . +This property cannot be changed after the file system is created. +.It Sy utf8only Ns = Ns Sy on Ns | Ns Sy off Indicates whether the file system should reject file names that include -characters that are not present in the \fBUTF-8\fR character code set. If this -property is explicitly set to \fBoff\fR, the normalization property must either -not be explicitly set or be set to \fBnone\fR. The default value for the -\fButf8only\fR property is \fBoff\fR. This property cannot be changed after the -file system is created. -.RE - -.sp -.LP -The \fBcasesensitivity\fR, \fBnormalization\fR, and \fButf8only\fR properties -are also new permissions that can be assigned to non-privileged users by using -the \fBZFS\fR delegated administration feature. -.SS "Temporary Mount Point Properties" -.LP -When a file system is mounted, either through \fBmount\fR(1M) for legacy mounts -or the \fBzfs mount\fR command for normal file systems, its mount options are -set according to its properties. The correlation between properties and mount -options is as follows: -.sp -.in +2 -.nf +characters that are not present in the +.Sy UTF-8 +character code set. If this property is explicitly set to +.Sy off , +the normalization property must either not be explicitly set or be set to +.Sy none . +The default value for the +.Sy utf8only +property is +.Sy off . +This property cannot be changed after the file system is created. +.El +.Pp +The +.Sy casesensitivity , +.Sy normalization , +and +.Sy utf8only +properties are also new permissions that can be assigned to non-privileged users +by using the ZFS delegated administration feature. +.Ss "Temporary Mount Point Properties" +When a file system is mounted, either through +.Xr mount 1M +for legacy mounts or the +.Nm zfs Cm mount +command for normal file systems, its mount options are set according to its +properties. The correlation between properties and mount options is as follows: +.Bd -literal PROPERTY MOUNT OPTION - devices devices/nodevices - exec exec/noexec - readonly ro/rw - setuid setuid/nosetuid - xattr xattr/noxattr -.fi -.in -2 -.sp - -.sp -.LP -In addition, these options can be set on a per-mount basis using the \fB-o\fR + devices devices/nodevices + exec exec/noexec + readonly ro/rw + setuid setuid/nosetuid + xattr xattr/noxattr +.Ed +.Pp +In addition, these options can be set on a per-mount basis using the +.Fl o option, without affecting the property that is stored on disk. The values specified on the command line override the values stored in the dataset. The -\fB-nosuid\fR option is an alias for \fBnodevices,nosetuid\fR. These properties -are reported as "temporary" by the \fBzfs get\fR command. If the properties are -changed while the dataset is mounted, the new setting overrides any temporary -settings. -.SS "User Properties" -.LP -In addition to the standard native properties, \fBZFS\fR supports arbitrary -user properties. User properties have no effect on \fBZFS\fR behavior, but -applications or administrators can use them to annotate datasets (file systems, -volumes, and snapshots). -.sp -.LP -User property names must contain a colon (\fB:\fR) character to distinguish -them from native properties. They may contain lowercase letters, numbers, and -the following punctuation characters: colon (\fB:\fR), dash (\fB-\fR), period -(\fB\&.\fR), and underscore (\fB_\fR). The expected convention is that the -property name is divided into two portions such as -\fImodule\fR\fB:\fR\fIproperty\fR, but this namespace is not enforced by -\fBZFS\fR. User property names can be at most 256 characters, and cannot begin -with a dash (\fB-\fR). -.sp -.LP -When making programmatic use of user properties, it is strongly suggested to -use a reversed \fBDNS\fR domain name for the \fImodule\fR component of property -names to reduce the chance that two independently-developed packages use the -same property name for different purposes. Property names beginning with -\fBcom.sun\fR. are reserved for use by Sun Microsystems. -.sp -.LP +.Sy nosuid +option is an alias for +.Sy nodevices Ns , Ns Sy nosetuid . +These properties are reported as +.Qq temporary +by the +.Nm zfs Cm get +command. If the properties are changed while the dataset is mounted, the new +setting overrides any temporary settings. +.Ss "User Properties" +In addition to the standard native properties, ZFS supports arbitrary user +properties. User properties have no effect on ZFS behavior, but applications or +administrators can use them to annotate datasets +.Pq file systems, volumes, and snapshots . +.Pp +User property names must contain a colon +.No Po Ns Sy \&: Ns Pc +character to distinguish them from native properties. They may contain lowercase +letters, numbers, and the following punctuation characters: colon +.Pq Qq Sy \&: , +dash +.Pq Qq Sy - , +period +.Pq Qq Sy \&. , +and underscore +.Pq Qq Sy _ . +The expected convention is that the property name is divided into two portions +such as +.Em module Ns : Ns Em property , +but this namespace is not enforced by ZFS. +User property names can be at most 256 characters, and cannot begin with a dash +.Pq Qq Sy - . +.Pp +When making programmatic use of user properties, it is strongly suggested to use +a reversed +.Sy DNS +domain name for the +.Em module +component of property names to reduce the chance that two +independently-developed packages use the same property name for different +purposes. +.Pp The values of user properties are arbitrary strings, are always inherited, and -are never validated. All of the commands that operate on properties (\fBzfs -list\fR, \fBzfs get\fR, \fBzfs set\fR, and so forth) can be used to manipulate -both native properties and user properties. Use the \fBzfs inherit\fR command -to clear a user property . If the property is not defined in any parent +are never validated. All of the commands that operate on properties +.Po Nm zfs Cm list , +.Nm zfs Cm get , +.Nm zfs Cm set , +and so forth +.Pc +can be used to manipulate both native properties and user properties. Use the +.Nm zfs Cm inherit +command to clear a user property . If the property is not defined in any parent dataset, it is removed entirely. Property values are limited to 1024 characters. -.SS "ZFS Volumes as Swap or Dump Devices" -.LP -During an initial installation a swap device and dump device are created on -\fBZFS\fR volumes in the \fBZFS\fR root pool. By default, the swap area size is -based on 1/2 the size of physical memory up to 2 Gbytes. The size of the dump -device depends on the kernel's requirements at installation time. Separate -\fBZFS\fR volumes must be used for the swap area and dump devices. Do not swap -to a file on a \fBZFS\fR file system. A \fBZFS\fR swap file configuration is -not supported. -.sp -.LP +.Ss ZFS Volumes as Swap or Dump Devices +During an initial installation a swap device and dump device are created on ZFS +volumes in the ZFS root pool. By default, the swap area size is based on 1/2 the +size of physical memory up to 2 Gbytes. The size of the dump device depends on +the kernel's requirements at installation time. Separate ZFS volumes must be +used for the swap area and dump devices. Do not swap to a file on a ZFS file +system. A ZFS swap file configuration is not supported. +.Pp If you need to change your swap area or dump device after the system is -installed or upgraded, use the \fBswap\fR(1M) and \fBdumpadm\fR(1M) commands. -If you need to change the size of your swap area or dump device, see the -\fISolaris ZFS Administration Guide\fR. -.SH SUBCOMMANDS -.LP +installed or upgraded, use the +.Xr swap 1M +and +.Xr dumpadm 1M +commands. +.Sh SUBCOMMANDS All subcommands that modify state are logged persistently to the pool in their original form. -.sp -.ne 2 -.na -\fB\fBzfs ?\fR\fR -.ad -.sp .6 -.RS 4n +.Bl -tag -width "" +.It Nm Fl \? Displays a help message. -.RE - -.sp -.ne 2 -.na -\fB\fBzfs create\fR [\fB-p\fR] [\fB-o\fR \fIproperty\fR=\fIvalue\fR]... -\fIfilesystem\fR\fR -.ad -.sp .6 -.RS 4n -Creates a new \fBZFS\fR file system. The file system is automatically mounted -according to the \fBmountpoint\fR property inherited from the parent. -.sp -.ne 2 -.na -\fB\fB-p\fR\fR -.ad -.sp .6 -.RS 4n +.It Xo +.Nm +.Cm create +.Op Fl p +.Oo Fl o Ar property Ns = Ns Ar value Oc Ns ... +.Ar filesystem +.Xc +Creates a new ZFS file system. The file system is automatically mounted +according to the +.Sy mountpoint +property inherited from the parent. +.Bl -tag -width "-o" +.It Fl o Ar property Ns = Ns Ar value +Sets the specified property as if the command +.Nm zfs Cm set Ar property Ns = Ns Ar value +was invoked at the same time the dataset was created. Any editable ZFS property +can also be set at creation time. Multiple +.Fl o +options can be specified. An error results if the same property is specified in +multiple +.Fl o +options. +.It Fl p Creates all the non-existing parent datasets. Datasets created in this manner -are automatically mounted according to the \fBmountpoint\fR property inherited -from their parent. Any property specified on the command line using the -\fB-o\fR option is ignored. If the target filesystem already exists, the -operation completes successfully. -.RE - -.sp -.ne 2 -.na -\fB\fB-o\fR \fIproperty\fR=\fIvalue\fR\fR -.ad -.sp .6 -.RS 4n -Sets the specified property as if the command \fBzfs set\fR -\fIproperty\fR=\fIvalue\fR was invoked at the same time the dataset was -created. Any editable \fBZFS\fR property can also be set at creation time. -Multiple \fB-o\fR options can be specified. An error results if the same -property is specified in multiple \fB-o\fR options. -.RE - -.RE - -.sp -.ne 2 -.na -\fB\fBzfs create\fR [\fB-ps\fR] [\fB-b\fR \fIblocksize\fR] [\fB-o\fR -\fIproperty\fR=\fIvalue\fR]... \fB-V\fR \fIsize\fR \fIvolume\fR\fR -.ad -.sp .6 -.RS 4n +are automatically mounted according to the +.Sy mountpoint +property inherited from their parent. Any property specified on the command line +using the +.Fl o +option is ignored. If the target filesystem already exists, the operation +completes successfully. +.El +.It Xo +.Nm +.Cm create +.Op Fl ps +.Op Fl b Ar blocksize +.Oo Fl o Ar property Ns = Ns Ar value Oc Ns ... +.Fl V Ar size Ar volume +.Xc Creates a volume of the given size. The volume is exported as a block device in -\fB/dev/zvol/{dsk,rdsk}/\fR\fIpath\fR, where \fIpath\fR is the name of the -volume in the \fBZFS\fR namespace. The size represents the logical size as -exported by the device. By default, a reservation of equal size is created. -.sp -\fIsize\fR is automatically rounded up to the nearest 128 Kbytes to ensure that -the volume has an integral number of blocks regardless of \fIblocksize\fR. -.sp -.ne 2 -.na -\fB\fB-p\fR\fR -.ad -.sp .6 -.RS 4n +.Pa /dev/zvol/{dsk,rdsk}/path , +where +.Em path +is the name of the volume in the ZFS namespace. The size represents the logical +size as exported by the device. By default, a reservation of equal size is +created. +.Pp +.Ar size +is automatically rounded up to the nearest 128 Kbytes to ensure that the volume +has an integral number of blocks regardless of +.Sy blocksize . +.Bl -tag -width "-b" +.It Fl b Ar blocksize +Equivalent to +.Fl o Sy volblocksize Ns = Ns Ar blocksize . +If this option is specified in conjunction with +.Fl o Sy volblocksize , +the resulting behavior is undefined. +.It Fl o Ar property Ns = Ns Ar value +Sets the specified property as if the +.Nm zfs Cm set Ar property Ns = Ns Ar value +command was invoked at the same time the dataset was created. Any editable ZFS +property can also be set at creation time. Multiple +.Fl o +options can be specified. An error results if the same property is specified in +multiple +.Fl o +options. +.It Fl p Creates all the non-existing parent datasets. Datasets created in this manner -are automatically mounted according to the \fBmountpoint\fR property inherited -from their parent. Any property specified on the command line using the -\fB-o\fR option is ignored. If the target filesystem already exists, the -operation completes successfully. -.RE - -.sp -.ne 2 -.na -\fB\fB-s\fR\fR -.ad -.sp .6 -.RS 4n -Creates a sparse volume with no reservation. See \fBvolsize\fR in the Native -Properties section for more information about sparse volumes. -.RE - -.sp -.ne 2 -.na -\fB\fB-o\fR \fIproperty\fR=\fIvalue\fR\fR -.ad -.sp .6 -.RS 4n -Sets the specified property as if the \fBzfs set\fR \fIproperty\fR=\fIvalue\fR -command was invoked at the same time the dataset was created. Any editable -\fBZFS\fR property can also be set at creation time. Multiple \fB-o\fR options -can be specified. An error results if the same property is specified in -multiple \fB-o\fR options. -.RE - -.sp -.ne 2 -.na -\fB\fB-b\fR \fIblocksize\fR\fR -.ad -.sp .6 -.RS 4n -Equivalent to \fB-o\fR \fBvolblocksize\fR=\fIblocksize\fR. If this option is -specified in conjunction with \fB-o\fR \fBvolblocksize\fR, the resulting -behavior is undefined. -.RE - -.RE - -.sp -.ne 2 -.na -\fBzfs destroy\fR [\fB-fnpRrv\fR] \fIfilesystem\fR|\fIvolume\fR -.ad -.sp .6 -.RS 4n +are automatically mounted according to the +.Sy mountpoint +property inherited from their parent. Any property specified on the command line +using the +.Fl o +option is ignored. If the target filesystem already exists, the operation +completes successfully. +.It Fl s +Creates a sparse volume with no reservation. See +.Sy volsize +in the +.Sx Native Properties +section for more information about sparse volumes. +.El +.It Xo +.Nm +.Cm destroy +.Op Fl Rfnprv +.Ar filesystem Ns | Ns Ar volume +.Xc Destroys the given dataset. By default, the command unshares any file systems that are currently shared, unmounts any file systems that are currently -mounted, and refuses to destroy a dataset that has active dependents (children -or clones). -.sp -.ne 2 -.na -\fB\fB-r\fR\fR -.ad -.sp .6 -.RS 4n -Recursively destroy all children. -.RE - -.sp -.ne 2 -.na -\fB\fB-R\fR\fR -.ad -.sp .6 -.RS 4n +mounted, and refuses to destroy a dataset that has active dependents +.Pq children or clones . +.Bl -tag -width "-R" +.It Fl R Recursively destroy all dependents, including cloned file systems outside the target hierarchy. -.RE - -.sp -.ne 2 -.na -\fB\fB-f\fR\fR -.ad -.sp .6 -.RS 4n -Force an unmount of any file systems using the \fBunmount -f\fR command. This -option has no effect on non-file systems or unmounted file systems. -.RE - -.sp -.ne 2 -.na -\fB\fB-n\fR\fR -.ad -.sp .6 -.RS 4n -Do a dry-run ("No-op") deletion. No data will be deleted. This is -useful in conjunction with the \fB-v\fR or \fB-p\fR flags to determine what -data would be deleted. -.RE - -.sp -.ne 2 -.na -\fB\fB-p\fR\fR -.ad -.sp .6 -.RS 4n +.It Fl f +Force an unmount of any file systems using the +.Nm unmount Fl f +command. This option has no effect on non-file systems or unmounted file +systems. +.It Fl n +Do a dry-run +.Pq Qq No-op +deletion. No data will be deleted. This is useful in conjunction with the +.Fl v +or +.Fl p +flags to determine what data would be deleted. +.It Fl p Print machine-parsable verbose information about the deleted data. -.RE - -.sp -.ne 2 -.na -\fB\fB-v\fR\fR -.ad -.sp .6 -.RS 4n +.It Fl r +Recursively destroy all children. +.It Fl v Print verbose information about the deleted data. -.RE -.sp -Extreme care should be taken when applying either the \fB-r\fR or the \fB-R\fR +.El +.Pp +Extreme care should be taken when applying either the +.Fl r +or the +.Fl R options, as they can destroy large portions of a pool and cause unexpected behavior for mounted file systems in use. -.RE - -.sp -.ne 2 -.na -\fBzfs destroy\fR [\fB-dnpRrv\fR] \fIfilesystem\fR|\fIvolume\fR@\fIsnap\fR[%\fIsnap\fR][,\fIsnap\fR[%\fIsnap\fR]]... -.ad -.sp .6 -.RS 4n -The given snapshots are destroyed immediately if and only if the \fBzfs -destroy\fR command without the \fB-d\fR option would have destroyed it. Such -immediate destruction would occur, for example, if the snapshot had no clones -and the user-initiated reference count were zero. -.sp +.It Xo +.Nm +.Cm destroy +.Op Fl Rdnprv +.Ar filesystem Ns | Ns Ar volume Ns @ Ns Ar snap Ns +.Oo % Ns Ar snap Ns Oo , Ns Ar snap Ns Oo % Ns Ar snap Oc Oc Oc Ns ... +.Xc +The given snapshots are destroyed immediately if and only if the +.Nm zfs Cm destroy +command without the +.Fl d +option would have destroyed it. Such immediate destruction would occur, for +example, if the snapshot had no clones and the user-initiated reference count +were zero. +.Pp If a snapshot does not qualify for immediate destruction, it is marked for deferred deletion. In this state, it exists as a usable, visible snapshot until both of the preconditions listed above are met, at which point it is destroyed. -.sp -An inclusive range of snapshots may be specified by separating the -first and last snapshots with a percent sign. -The first and/or last snapshots may be left blank, in which case the -filesystem's oldest or newest snapshot will be implied. -.sp +.Pp +An inclusive range of snapshots may be specified by separating the first and +last snapshots with a percent sign. The first and/or last snapshots may be left +blank, in which case the filesystem's oldest or newest snapshot will be implied. +.Pp Multiple snapshots -(or ranges of snapshots) of the same filesystem or volume may be specified -in a comma-separated list of snapshots. -Only the snapshot's short name (the -part after the \fB@\fR) should be specified when using a range or -comma-separated list to identify multiple snapshots. -.sp -.ne 2 -.na -\fB\fB-d\fR\fR -.ad -.sp .6 -.RS 4n -Defer snapshot deletion. -.RE - -.sp -.ne 2 -.na -\fB\fB-r\fR\fR -.ad -.sp .6 -.RS 4n -Destroy (or mark for deferred deletion) all snapshots with this name in -descendent file systems. -.RE - -.sp -.ne 2 -.na -\fB\fB-R\fR\fR -.ad -.sp .6 -.RS 4n +.Pq or ranges of snapshots +of the same filesystem or volume may be specified in a comma-separated list of +snapshots. Only the snapshot's short name +.Po the part after the +.Sy @ +.Pc +should be specified when using a range or comma-separated list to identify +multiple snapshots. +.Bl -tag -width "-R" +.It Fl R Recursively destroy all clones of these snapshots, including the clones, -snapshots, and children. If this flag is specified, the \fB-d\fR flag will -have no effect. -.RE - -.sp -.ne 2 -.na -\fB\fB-n\fR\fR -.ad -.sp .6 -.RS 4n -Do a dry-run ("No-op") deletion. No data will be deleted. This is -useful in conjunction with the \fB-v\fR or \fB-p\fR flags to determine what -data would be deleted. -.RE - -.sp -.ne 2 -.na -\fB\fB-p\fR\fR -.ad -.sp .6 -.RS 4n +snapshots, and children. If this flag is specified, the +.Fl d +flag will have no effect. +.It Fl d +Defer snapshot deletion. +.It Fl n +Do a dry-run +.Pq Qq No-op +deletion. No data will be deleted. This is +useful in conjunction with the +.Fl p +or +.Fl v +flags to determine what data would be deleted. +.It Fl p Print machine-parsable verbose information about the deleted data. -.RE - -.sp -.ne 2 -.na -\fB\fB-v\fR\fR -.ad -.sp .6 -.RS 4n +.It Fl r +Destroy +.Pq or mark for deferred deletion +all snapshots with this name in descendent file systems. +.It Fl v Print verbose information about the deleted data. -.RE - -.sp -Extreme care should be taken when applying either the \fB-r\fR or the \fB-R\fR +.Pp +Extreme care should be taken when applying either the +.Fl r +or the +.Fl R options, as they can destroy large portions of a pool and cause unexpected behavior for mounted file systems in use. -.RE - -.sp -.ne 2 -.na -\fBzfs destroy\fR \fIfilesystem\fR|\fIvolume\fR#\fIbookmark\fR -.ad -.sp .6 -.RS 4n +.El +.It Xo +.Nm +.Cm destroy +.Ar filesystem Ns | Ns Ar volume Ns # Ns Ar bookmark +.Xc The given bookmark is destroyed. - -.RE - -.sp -.ne 2 -.na -\fB\fBzfs snapshot\fR [\fB-r\fR] [\fB-o\fR \fIproperty\fR=\fIvalue\fR]... -\fIfilesystem@snapname\fR|\fIvolume@snapname\fR\fR... -.ad -.sp .6 -.RS 4n -Creates snapshots with the given names. All previous modifications by -successful system calls to the file system are part of the snapshots. -Snapshots are taken atomically, so that all snapshots correspond to the same -moment in time. See the "Snapshots" section for details. -.sp -.ne 2 -.na -\fB\fB-r\fR\fR -.ad -.sp .6 -.RS 4n +.It Xo +.Nm +.Cm snapshot +.Op Fl r +.Oo Fl o Ar property Ns = Ns value Oc Ns ... +.Ar filesystem Ns @ Ns Ar snapname Ns | Ns Ar volume Ns @ Ns Ar snapname Ns ... +.Xc +Creates snapshots with the given names. All previous modifications by successful +system calls to the file system are part of the snapshots. Snapshots are taken +atomically, so that all snapshots correspond to the same moment in time. See the +.Sx Snapshots +section for details. +.Bl -tag -width "-o" +.It Fl o Ar property Ns = Ns Ar value +Sets the specified property; see +.Nm zfs Cm create +for details. +.It Fl r Recursively create snapshots of all descendent datasets -.RE - -.sp -.ne 2 -.na -\fB\fB-o\fR \fIproperty\fR=\fIvalue\fR\fR -.ad -.sp .6 -.RS 4n -Sets the specified property; see \fBzfs create\fR for details. -.RE - -.RE - -.sp -.ne 2 -.na -\fB\fBzfs rollback\fR [\fB-rRf\fR] \fIsnapshot\fR\fR -.ad -.sp .6 -.RS 4n +.El +.It Xo +.Nm +.Cm rollback +.Op Fl Rfr +.Ar snapshot +.Xc Roll back the given dataset to a previous snapshot. When a dataset is rolled -back, all data that has changed since the snapshot is discarded, and the -dataset reverts to the state at the time of the snapshot. By default, the -command refuses to roll back to a snapshot other than the most recent one. In -order to do so, all intermediate snapshots and bookmarks must be destroyed -by specifying the \fB-r\fR option. -.sp -The \fB-rR\fR options do not recursively destroy the child snapshots of a -recursive snapshot. Only direct snapshots of the specified filesystem -are destroyed by either of these options. To completely roll back a -recursive snapshot, you must rollback the individual child snapshots. -.sp -.ne 2 -.na -\fB\fB-r\fR\fR -.ad -.sp .6 -.RS 4n -Destroy any snapshots and bookmarks more recent than the one specified. -.RE - -.sp -.ne 2 -.na -\fB\fB-R\fR\fR -.ad -.sp .6 -.RS 4n +back, all data that has changed since the snapshot is discarded, and the dataset +reverts to the state at the time of the snapshot. By default, the command +refuses to roll back to a snapshot other than the most recent one. In order to +do so, all intermediate snapshots and bookmarks must be destroyed by specifying +the +.Fl r +option. +.Pp +The +.Fl rR +options do not recursively destroy the child snapshots of a recursive snapshot. +Only direct snapshots of the specified filesystem are destroyed by either of +these options. To completely roll back a recursive snapshot, you must rollback +the individual child snapshots. +.Bl -tag -width "-R" +.It Fl R Destroy any more recent snapshots and bookmarks, as well as any clones of those snapshots. -.RE - -.sp -.ne 2 -.na -\fB\fB-f\fR\fR -.ad -.sp .6 -.RS 4n -Used with the \fB-R\fR option to force an unmount of any clone file systems -that are to be destroyed. -.RE - -.RE - -.sp -.ne 2 -.na -\fB\fBzfs clone\fR [\fB-p\fR] [\fB-o\fR \fIproperty\fR=\fIvalue\fR]... -\fIsnapshot\fR \fIfilesystem\fR|\fIvolume\fR\fR -.ad -.sp .6 -.RS 4n -Creates a clone of the given snapshot. See the "Clones" section for details. -The target dataset can be located anywhere in the \fBZFS\fR hierarchy, and is -created as the same type as the original. -.sp -.ne 2 -.na -\fB\fB-p\fR\fR -.ad -.sp .6 -.RS 4n +.It Fl f +Used with the +.Fl R +option to force an unmount of any clone file systems that are to be destroyed. +.It Fl r +Destroy any snapshots and bookmarks more recent than the one specified. +.El +.It Xo +.Nm +.Cm clone +.Op Fl p +.Oo Fl o Ar property Ns = Ns Ar value Oc Ns ... +.Ar snapshot Ar filesystem Ns | Ns Ar volume +.Xc +Creates a clone of the given snapshot. See the +.Sx Clones +section for details. The target dataset can be located anywhere in the ZFS +hierarchy, and is created as the same type as the original. +.Bl -tag -width "-o" +.It Fl o Ar property Ns = Ns Ar value +Sets the specified property; see +.Nm zfs Cm create +for details. +.It Fl p Creates all the non-existing parent datasets. Datasets created in this manner -are automatically mounted according to the \fBmountpoint\fR property inherited -from their parent. If the target filesystem or volume already exists, the -operation completes successfully. -.RE - -.sp -.ne 2 -.na -\fB\fB-o\fR \fIproperty\fR=\fIvalue\fR\fR -.ad -.sp .6 -.RS 4n -Sets the specified property; see \fBzfs create\fR for details. -.RE - -.RE - -.sp -.ne 2 -.na -\fB\fBzfs promote\fR \fIclone-filesystem\fR\fR -.ad -.sp .6 -.RS 4n -Promotes a clone file system to no longer be dependent on its "origin" +are automatically mounted according to the +.Sy mountpoint +property inherited from their parent. If the target filesystem or volume already +exists, the operation completes successfully. +.El +.It Xo +.Nm +.Cm promote +.Ar clone-filesystem +.Xc +Promotes a clone file system to no longer be dependent on its +.Qq origin snapshot. This makes it possible to destroy the file system that the clone was created from. The clone parent-child dependency relationship is reversed, so that the origin file system becomes a clone of the specified file system. -.sp +.Pp The snapshot that was cloned, and any snapshots previous to this snapshot, are now owned by the promoted clone. The space they use moves from the origin file system to the promoted clone, so enough space must be available to accommodate these snapshots. No new space is consumed by this operation, but the space accounting is adjusted. The promoted clone must not have any conflicting -snapshot names of its own. The \fBrename\fR subcommand can be used to rename -any conflicting snapshots. -.RE - -.sp -.ne 2 -.na -\fB\fBzfs rename\fR [\fB-f\fR] \fIfilesystem\fR|\fIvolume\fR|\fIsnapshot\fR\fR -.ad +snapshot names of its own. The +.Cm rename +subcommand can be used to rename any conflicting snapshots. +.It Xo +.Nm +.Cm rename +.Op Fl f +.Ar filesystem Ns | Ns Ar volume Ns | Ns Ar snapshot +.Ar filesystem Ns | Ns Ar volume Ns | Ns Ar snapshot .br -.na -\fB\fIfilesystem\fR|\fIvolume\fR|\fIsnapshot\fR\fR -.ad -.br -.na -\fB\fBzfs rename\fR [\fB-fp\fR] \fIfilesystem\fR|\fIvolume\fR -\fIfilesystem\fR|\fIvolume\fR\fR -.ad -.sp .6 -.RS 4n -Renames the given dataset. The new target can be located anywhere in the -\fBZFS\fR hierarchy, with the exception of snapshots. Snapshots can only be -renamed within the parent file system or volume. When renaming a snapshot, the -parent file system of the snapshot does not need to be specified as part of the -second argument. Renamed file systems can inherit new mount points, in which -case they are unmounted and remounted at the new mount point. -.sp -.ne 2 -.na -\fB\fB-p\fR\fR -.ad -.sp .6 -.RS 4n -Creates all the nonexistent parent datasets. Datasets created in this manner -are automatically mounted according to the \fBmountpoint\fR property inherited -from their parent. -.RE - -.sp -.ne 2 -.na -\fB\fB-f\fR\fR -.ad -.sp .6 -.RS 4n +.Nm +.Cm rename +.Op Fl fp +.Ar filesystem Ns | Ns Ar volume +.Ar filesystem Ns | Ns Ar volume +.Xc +Renames the given dataset. The new target can be located anywhere in the ZFS +hierarchy, with the exception of snapshots. Snapshots can only be renamed within +the parent file system or volume. When renaming a snapshot, the parent file +system of the snapshot does not need to be specified as part of the second +argument. Renamed file systems can inherit new mount points, in which case they +are unmounted and remounted at the new mount point. +.Bl -tag -width "-a" +.It Fl f Force unmount any filesystems that need to be unmounted in the process. -.RE - -.RE - -.sp -.ne 2 -.na -\fB\fBzfs rename\fR \fB-r\fR \fIsnapshot\fR \fIsnapshot\fR\fR -.ad -.sp .6 -.RS 4n +.It Fl p +Creates all the nonexistent parent datasets. Datasets created in this manner are +automatically mounted according to the +.Sy mountpoint +property inherited from their parent. +.El +.It Xo +.Nm +.Cm rename +.Fl r +.Ar snapshot Ar snapshot +.Xc Recursively rename the snapshots of all descendent datasets. Snapshots are the only dataset that can be renamed recursively. -.RE - -.sp -.ne 2 -.na -\fB\fBzfs\fR \fBlist\fR [\fB-r\fR|\fB-d\fR \fIdepth\fR] [\fB-Hp\fR] [\fB-o\fR -\fIproperty\fR[,\fIproperty\fR]...] [ \fB-t\fR \fItype\fR[,\fItype\fR]...] [ \fB-s\fR -\fIproperty\fR ]... [ \fB-S\fR \fIproperty\fR ]... -[\fIfilesystem\fR|\fIvolume\fR|\fIsnapshot\fR]...\fR -.ad -.sp .6 -.RS 4n +.It Xo +.Nm +.Cm list +.Op Fl r Ns | Ns Fl d Ar depth +.Op Fl Hp +.Oo Fl o Ar property Ns Oo , Ns Ar property Oc Ns ... Oc +.Oo Fl s Ar property Oc Ns ... +.Oo Fl S Ar property Oc Ns ... +.Oo Fl t Ar type Ns Oo , Ns Ar type Oc Ns ... Oc +.Oo Ar filesystem Ns | Ns Ar volume Ns | Ns Ar snapshot Oc Ns ... +.Xc Lists the property information for the given datasets in tabular form. If specified, you can list property information by the absolute pathname or the relative pathname. By default, all file systems and volumes are displayed. -Snapshots are displayed if the \fBlistsnaps\fR property is \fBon\fR (the -default is \fBoff\fR) . The following fields are displayed, -\fBname,used,available,referenced,mountpoint\fR. -.sp -.ne 2 -.na -\fB\fB-H\fR\fR -.ad -.sp .6 -.RS 4n +Snapshots are displayed if the +.Sy listsnaps +property is +.Sy on +.Po the default is +.Sy off +.Pc . +The following fields are displayed, +.Sy name Ns , Ns Sy used Ns , Ns Sy available Ns , Ns Sy referenced Ns , Ns +.Sy mountpoint . +.Bl -tag -width "-H" +.It Fl H Used for scripting mode. Do not print headers and separate fields by a single tab instead of arbitrary white space. -.RE - -.sp -.ne 2 -.na -\fB\fB-p\fR\fR -.ad -.sp .6 -.RS 4n -Display numbers in parsable (exact) values. -.RE - -.sp -.ne 2 -.na -\fB\fB-r\fR\fR -.ad -.sp .6 -.RS 4n -Recursively display any children of the dataset on the command line. -.RE - -.sp -.ne 2 -.na -\fB\fB-d\fR \fIdepth\fR\fR -.ad -.sp .6 -.RS 4n +.It Fl S Ar property +Same as the +.Fl s +option, but sorts by property in descending order. +.It Fl d Ar depth Recursively display any children of the dataset, limiting the recursion to -\fIdepth\fR. A depth of \fB1\fR will display only the dataset and its direct -children. -.RE - -.sp -.ne 2 -.na -\fB\fB-o\fR \fIproperty\fR\fR -.ad -.sp .6 -.RS 4n +.It Fl o Ar property A comma-separated list of properties to display. The property must be: -.RS +4 -.TP -.ie t \(bu -.el o -One of the properties described in the "Native Properties" section -.RE -.RS +4 -.TP -.ie t \(bu -.el o +.Bl -bullet +.It +One of the properties described in the +.Sx Native Properties +section +.It A user property -.RE -.RS +4 -.TP -.ie t \(bu -.el o -The value \fBname\fR to display the dataset name -.RE -.RS +4 -.TP -.ie t \(bu -.el o -The value \fBspace\fR to display space usage properties on file systems and -volumes. This is a shortcut for specifying \fB-o -name,avail,used,usedsnap,usedds,usedrefreserv,usedchild\fR \fB-t -filesystem,volume\fR syntax. -.RE -.RE - -.sp -.ne 2 -.na -\fB\fB-s\fR \fIproperty\fR\fR -.ad -.sp .6 -.RS 4n +.It +The value +.Sy name +to display the dataset name +.It +The value +.Sy space +to display space usage properties on file systems and volumes. This is a +shortcut for specifying +.Fl o Sy name Ns , Ns Sy avail Ns , Ns Sy used Ns , Ns Sy usedsnap Ns , Ns +.Sy usedds Ns , Ns Sy usedrefreserv Ns , Ns Sy usedchild Fl t +.Sy filesystem Ns , Ns Sy volume +syntax. +.El +.It Fl p +Display numbers in parsable +.Pq exact +values. +.It Fl r +Recursively display any children of the dataset on the command line. +.Ar depth . +A depth of +.Sy 1 +will display only the dataset and its direct children. +.It Fl s Ar property A property for sorting the output by column in ascending order based on the value of the property. The property must be one of the properties described in -the "Properties" section, or the special value \fBname\fR to sort by the -dataset name. Multiple properties can be specified at one time using multiple -\fB-s\fR property options. Multiple \fB-s\fR options are evaluated from left to -right in decreasing order of importance. -.sp -The following is a list of sorting criteria: -.RS +4 -.TP -.ie t \(bu -.el o +the +.Sx Properties +section, or the special value +.Sy name +to sort by the dataset name. Multiple properties can be specified at one time +using multiple +.Fl s +property options. Multiple +.Fl s +options are evaluated from left to right in decreasing order of importance. The +following is a list of sorting criteria: +.Bl -bullet +.It Numeric types sort in numeric order. -.RE -.RS +4 -.TP -.ie t \(bu -.el o +.It String types sort in alphabetical order. -.RE -.RS +4 -.TP -.ie t \(bu -.el o -Types inappropriate for a row sort that row to the literal bottom, regardless -of the specified ordering. -.RE -.RS +4 -.TP -.ie t \(bu -.el o -If no sorting options are specified the existing behavior of \fBzfs list\fR is -preserved. -.RE -.RE - -.sp -.ne 2 -.na -\fB\fB-S\fR \fIproperty\fR\fR -.ad -.sp .6 -.RS 4n -Same as the \fB-s\fR option, but sorts by property in descending order. -.RE - -.sp -.ne 2 -.na -\fB\fB-t\fR \fItype\fR\fR -.ad -.sp .6 -.RS 4n -A comma-separated list of types to display, where \fItype\fR is one of -\fBfilesystem\fR, \fBsnapshot\fR , \fBvolume\fR, \fBbookmark\fR, or \fBall\fR. -For example, specifying \fB-t snapshot\fR displays only snapshots. -.RE - -.sp -.ne 2 -.na -\fB\fB-p\fR\fR -.ad -.sp .6 -.RS 4n -Display numbers in parseable (exact) values. -.RE - -.RE - -.sp -.ne 2 -.na -\fB\fBzfs set\fR \fIproperty\fR=\fIvalue\fR[ \fIproperty\fR=\fIvalue\fR]... -\fIfilesystem\fR|\fIvolume\fR|\fIsnapshot\fR...\fR -.ad -.sp .6 -.RS 4n +.It +Types inappropriate for a row sort that row to the literal bottom, regardless of +the specified ordering. +.El +.Pp +If no sorting options are specified the existing behavior of +.Nm zfs Cm list +is preserved. +.It Fl t Ar type +A comma-separated list of types to display, where +.Ar type +is one of +.Sy filesystem , +.Sy snapshot , +.Sy volume , +.Sy bookmark , +or +.Sy all . +For example, specifying +.Fl t Sy snapshot +displays only snapshots. +.El +.It Xo +.Nm +.Cm set +.Ar property Ns = Ns Ar value Oo Ar property Ns = Ns Ar value Oc Ns ... +.Ar filesystem Ns | Ns Ar volume Ns | Ns Ar snapshot Ns ... +.Xc Sets the property or list of properties to the given value(s) for each dataset. -Only some properties can be edited. See the "Properties" section for more -information on what properties can be set and acceptable values. Numeric values -can be specified as exact values, or in a human-readable form with a suffix of -\fBB\fR, \fBK\fR, \fBM\fR, \fBG\fR, \fBT\fR, \fBP\fR, \fBE\fR, \fBZ\fR (for -bytes, kilobytes, megabytes, gigabytes, terabytes, petabytes, exabytes, or -zettabytes, respectively). User properties can be set on snapshots. For more -information, see the "User Properties" section. -.RE - -.sp -.ne 2 -.na -\fB\fBzfs get\fR [\fB-r\fR|\fB-d\fR \fIdepth\fR] [\fB-Hpc\fR] [\fB-o\fR -\fIfield\fR[,\fIfield\fR]... [\fB-t\fR \fItype\fR[,\fItype\fR]...] [\fB-s\fR \fIsource\fR[,\fIsource\fR]... \fBall\fR | -\fIproperty\fR[,\fIproperty\fR]... \fIfilesystem\fR|\fIvolume\fR|\fIsnapshot\fR...\fR -.ad -.sp .6 -.RS 4n +Only some properties can be edited. See the +.Sx Properties +section for more information on what properties can be set and acceptable +values. Numeric values can be specified as exact values, or in a human-readable +form with a suffix of +.Sy B , K , M , G , T , P , E , Z +.Po for bytes, kilobytes, megabytes, gigabytes, terabytes, petabytes, exabytes, +or zettabytes, respectively +.Pc . +User properties can be set on snapshots. For more information, see the +.Sx User Properties +section. +.It Xo +.Nm +.Cm get +.Op Fl r Ns | Ns Fl d Ar depth +.Op Fl Hp +.Oo Fl o Ar field Ns Oo , Ns Ar field Oc Ns ... Oc +.Oo Fl s Ar source Ns Oo , Ns Ar source Oc Ns ... Oc +.Oo Fl t Ar type Ns Oo , Ns Ar type Oc Ns ... Oc +.Cm all | Ar property Ns Oo , Ns Ar property Oc Ns ... +.Ar filesystem Ns | Ns Ar volume Ns | Ns Ar snapshot Ns ... +.Xc Displays properties for the given datasets. If no datasets are specified, then the command displays properties for all datasets on the system. For each property, the following columns are displayed: -.sp -.in +2 -.nf +.Bd -literal name Dataset name - property Property name - value Property value - source Property source. Can either be local, default, - temporary, inherited, received, or none (-). -.fi -.in -2 -.sp - -All columns are displayed by default, though this can be controlled by using -the \fB-o\fR option. This command takes a comma-separated list of properties as -described in the "Native Properties" and "User Properties" sections. -.sp -The special value \fBall\fR can be used to display all properties that apply to -the given dataset's type (filesystem, volume, snapshot, or bookmark). -.sp -.ne 2 -.na -\fB\fB-r\fR\fR -.ad -.sp .6 -.RS 4n -Recursively display properties for any children. -.RE - -.sp -.ne 2 -.na -\fB\fB-d\fR \fIdepth\fR\fR -.ad -.sp .6 -.RS 4n + property Property name + value Property value + source Property source. Can either be local, default, + temporary, inherited, or none (-). +.Ed +.Pp +All columns are displayed by default, though this can be controlled by using the +.Fl o +option. This command takes a comma-separated list of properties as described in +the +.Sx Native Properties +and +.Sx User Properties +sections. +.Pp +The special value +.Sy all +can be used to display all properties that apply to the given dataset's type +.Pq filesystem, volume, snapshot, or bookmark . +.Bl -tag -width "-H" +.It Fl H +Display output in a form more easily parsed by scripts. Any headers are omitted, +and fields are explicitly separated by a single tab instead of an arbitrary +amount of space. +.It Fl d Ar depth Recursively display any children of the dataset, limiting the recursion to -\fIdepth\fR. A depth of \fB1\fR will display only the dataset and its direct -children. -.RE - -.sp -.ne 2 -.na -\fB\fB-H\fR\fR -.ad -.sp .6 -.RS 4n -Display output in a form more easily parsed by scripts. Any headers are -omitted, and fields are explicitly separated by a single tab instead of an -arbitrary amount of space. -.RE - -.sp -.ne 2 -.na -\fB\fB-o\fR \fIfield\fR\fR -.ad -.sp .6 -.RS 4n -A comma-separated list of columns to display. \fBname,property,value,source\fR +.Ar depth . +A depth of +.Sy 1 +will display only the dataset and its direct children. +.It Fl o Ar field +A comma-separated list of columns to display. +.Sy name Ns , Ns Sy property Ns , Ns Sy value Ns , Ns Sy source is the default value. -.RE - -.sp -.ne 2 -.na -\fB\fB-s\fR \fIsource\fR\fR -.ad -.sp .6 -.RS 4n +.It Fl p +Display numbers in parsable +.Pq exact +values. +.It Fl r +Recursively display properties for any children. +.It Fl s Ar source A comma-separated list of sources to display. Those properties coming from a -source other than those in this list are ignored. Each source must be one of -the following: \fBlocal,default,inherited,received,temporary,none\fR. The -default value is all sources. -.RE - -.sp -.ne 2 -.na -\fB\fB-p\fR\fR -.ad -.sp .6 -.RS 4n -Display numbers in parsable (exact) values. -.RE - -.sp -.ne 2 -.na -\fB\fB-c\fR\fR -.ad -.sp .6 -.RS 4n -Only display properties which can be retrieved without issuing any I/O requests, -i.e. properties which are already cached. Most properties are cached except for -create-time properties (normalization, utf8only, casesensitivity) as well as a -volume's size and block size. -.RE - -.RE - -.sp -.ne 2 -.na -\fB\fBzfs inherit\fR [\fB-rS\fR] \fIproperty\fR -\fIfilesystem\fR|\fIvolume\fR|\fIsnapshot\fR...\fR -.ad -.sp .6 -.RS 4n +source other than those in this list are ignored. Each source must be one of the +following: +.Sy local , +.Sy default , +.Sy inherited , +.Sy temporary , +and +.Sy none . +The default value is all sources. +.It Fl t Ar type +A comma-separated list of types to display, where +.Ar type +is one of +.Sy filesystem , +.Sy snapshot , +.Sy volume , +.Sy bookmark , +or +.Sy all . +.El +.It Xo +.Nm +.Cm inherit +.Op Fl rS +.Ar property Ar filesystem Ns | Ns Ar volume Ns | Ns Ar snapshot Ns ... +.Xc Clears the specified property, causing it to be inherited from an ancestor, -restored to default if no ancestor has the property set, or with the \fB-S\fR -option reverted to the received value if one exists. See the "Properties" +restored to default if no ancestor has the property set, or with the +.Fl S +option reverted to the received value if one exists. See the +.Sx Properties section for a listing of default values, and details on which properties can be inherited. -.sp -.ne 2 -.na -\fB\fB-r\fR\fR -.ad -.sp .6 -.RS 4n +.Bl -tag -width "-r" +.It Fl r Recursively inherit the given property for all children. -.RE -.sp -.ne 2 -.na -\fB\fB-S\fR\fR -.ad -.sp .6 -.RS 4n +.It Fl S Revert the property to the received value if one exists; otherwise operate as -if the \fB-S\fR option was not specified. -.RE - -.RE - -.sp -.ne 2 -.na -\fB\fBzfs upgrade\fR [\fB-v\fR]\fR -.ad -.sp .6 -.RS 4n +if the +.Fl S +option was not specified. +.El +.It Xo +.Nm +.Cm upgrade +.Xc Displays a list of file systems that are not the most recent version. -.RE - -.sp -.ne 2 -.na -\fB\fBzfs upgrade\fR [\fB-r\fR] [\fB-V\fR \fIversion\fR] [\fB-a\fR | -\fIfilesystem\fR]\fR -.ad -.sp .6 -.RS 4n +.It Xo +.Nm +.Cm upgrade +.Fl v +.Xc +Displays a list of currently supported file system versions. +.It Xo +.Nm +.Cm upgrade +.Op Fl r +.Op Fl V Ar version +.Fl a | Ar filesystem +.Xc Upgrades file systems to a new on-disk version. Once this is done, the file systems will no longer be accessible on systems running older versions of the -software. \fBzfs send\fR streams generated from new snapshots of these file -systems cannot be accessed on systems running older versions of the software. -.sp +software. +.Nm zfs Cm send +streams generated from new snapshots of these file systems cannot be accessed on +systems running older versions of the software. +.Pp In general, the file system version is independent of the pool version. See -\fBzpool\fR(1M) for information on the \fBzpool upgrade\fR command. -.sp -In some cases, the file system version and the pool version are interrelated -and the pool version must be upgraded before the file system version can be -upgraded. -.sp -.ne 2 -.na -\fB\fB-a\fR\fR -.ad -.sp .6 -.RS 4n +.Xr zpool 1M +for information on the +.Nm zpool Cm upgrade +command. +.Pp +In some cases, the file system version and the pool version are interrelated and +the pool version must be upgraded before the file system version can be upgraded. +.Bl -tag -width "-V" +.It Fl V Ar version +Upgrade to the specified +.Ar version . +If the +.Fl V +flag is not specified, this command upgrades to the most recent version. This +option can only be used to increase the version number, and only up to the most +recent version supported by this software. +.It Fl a Upgrade all file systems on all imported pools. -.RE - -.sp -.ne 2 -.na -\fB\fIfilesystem\fR\fR -.ad -.sp .6 -.RS 4n +.It Ar filesystem Upgrade the specified file system. -.RE - -.sp -.ne 2 -.na -\fB\fB-r\fR\fR -.ad -.sp .6 -.RS 4n -Upgrade the specified file system and all descendent file systems -.RE - -.sp -.ne 2 -.na -\fB\fB-V\fR \fIversion\fR\fR -.ad -.sp .6 -.RS 4n -Upgrade to the specified \fIversion\fR. If the \fB-V\fR flag is not specified, -this command upgrades to the most recent version. This option can only be used -to increase the version number, and only up to the most recent version -supported by this software. -.RE - -.RE - -.sp -.ne 2 -.na -\fBzfs\fR \fBuserspace\fR [\fB-Hinp\fR] [\fB-o\fR \fIfield\fR[,\fIfield\fR]...] -[\fB-s\fR \fIfield\fR]... -[\fB-S\fR \fIfield\fR]... -[\fB-t\fR \fItype\fR[,\fItype\fR]...] \fIfilesystem\fR|\fIsnapshot\fR -.ad -.sp .6 -.RS 4n -Displays space consumed by, and quotas on, each user in the specified -filesystem or snapshot. This corresponds to the \fBuserused@\fR\fIuser\fR and -\fBuserquota@\fR\fIuser\fR properties. -.sp -.ne 2 -.na -\fB\fB-n\fR\fR -.ad -.sp .6 -.RS 4n -Print numeric ID instead of user/group name. -.RE - -.sp -.ne 2 -.na -\fB\fB-H\fR\fR -.ad -.sp .6 -.RS 4n +.It Fl r +Upgrade the specified file system and all descendent file systems. +.El +.It Xo +.Nm +.Cm userspace +.Op Fl Hinp +.Oo Fl o Ar field Ns Oo , Ns Ar field Oc Ns ... Oc +.Oo Fl s Ar field Oc Ns ... +.Oo Fl S Ar field Oc Ns ... +.Oo Fl t Ar type Ns Oo , Ns Ar type Oc Ns ... Oc +.Ar filesystem Ns | Ns Ar snapshot +.Xc +Displays space consumed by, and quotas on, each user in the specified filesystem +or snapshot. This corresponds to the +.Sy userused@ Ns Em user +and +.Sy userquota@ Ns Em user +properties. +.Bl -tag -width "-H" +.It Fl H Do not print headers, use tab-delimited output. -.RE - -.sp -.ne 2 -.na -\fB\fB-p\fR\fR -.ad -.sp .6 -.RS 4n -Use exact (parsable) numeric output. -.RE - -.sp -.ne 2 -.na -\fB\fB-o\fR \fIfield\fR[,\fIfield\fR]...\fR -.ad -.sp .6 -.RS 4n -Display only the specified fields from the following -set: \fBtype, name, used, quota\fR. The default is to display all fields. -.RE - -.sp -.ne 2 -.na -\fB\fB-s\fR \fIfield\fR\fR -.ad -.sp .6 -.RS 4n -Sort output by this field. The \fIs\fR and \fIS\fR flags may be specified -multiple times to sort first by one field, then by another. The default is -\fB-s type\fR \fB-s name\fR. -.RE - -.sp -.ne 2 -.na -\fB\fB-S\fR \fIfield\fR\fR -.ad -.sp .6 -.RS 4n -Sort by this field in reverse order. See \fB-s\fR. -.RE - -.sp -.ne 2 -.na -\fB\fB-t\fR \fItype\fR[,\fItype\fR]...\fR -.ad -.sp .6 -.RS 4n -Print only the specified types from the following -set: \fBall, posixuser, smbuser, posixgroup, smbgroup\fR. The default -is \fB-t posixuser,smbuser\fR. The default can be changed to include group -types. -.RE - -.sp -.ne 2 -.na -\fB\fB-i\fR\fR -.ad -.sp .6 -.RS 4n +.It Fl S Ar field +Sort by this field in reverse order. See +.Fl s . +.It Fl i Translate SID to POSIX ID. The POSIX ID may be ephemeral if no mapping exists. -Normal POSIX interfaces (for example, \fBstat\fR(2), \fBls\fR \fB-l\fR) perform -this translation, so the \fB-i\fR option allows the output from \fBzfs -userspace\fR to be compared directly with those utilities. However, \fB-i\fR +Normal POSIX interfaces +.Po for example, +.Xr stat 2 , +.Nm ls Fl l +.Pc +perform this translation, so the +.Fl i +option allows the output from +.Nm zfs Cm userspace +to be compared directly with those utilities. However, +.Fl i may lead to confusion if some files were created by an SMB user before a -SMB-to-POSIX name mapping was established. In such a case, some files will be owned -by the SMB entity and some by the POSIX entity. However, the \fB-i\fR option -will report that the POSIX entity has the total usage and quota for both. -.RE - -.RE - -.sp -.ne 2 -.na -\fBzfs\fR \fBgroupspace\fR [\fB-Hinp\fR] [\fB-o\fR \fIfield\fR[,\fIfield\fR]...] -[\fB-s\fR \fIfield\fR]... -[\fB-S\fR \fIfield\fR]... -[\fB-t\fR \fItype\fR[,\fItype\fR]...] \fIfilesystem\fR|\fIsnapshot\fR -.ad -.sp .6 -.RS 4n +SMB-to-POSIX name mapping was established. In such a case, some files will be +owned by the SMB entity and some by the POSIX entity. However, the +.Fl i +option will report that the POSIX entity has the total usage and quota for both. +.It Fl n +Print numeric ID instead of user/group name. +.It Fl o Ar field Ns Oo , Ns Ar field Oc Ns ... +Display only the specified fields from the following set: +.Sy type , +.Sy name , +.Sy used , +.Sy quota . +The default is to display all fields. +.It Fl p +Use exact +.Pq parsable +numeric output. +.It Fl s Ar field +Sort output by this field. The +.Fl s +and +.Fl S +flags may be specified multiple times to sort first by one field, then by +another. The default is +.Fl s Sy type Fl s Sy name . +.It Fl t Ar type Ns Oo , Ns Ar type Oc Ns ... +Print only the specified types from the following set: +.Sy all , +.Sy posixuser , +.Sy smbuser , +.Sy posixgroup , +.Sy smbgroup . +The default is +.Fl t Sy posixuser Ns , Ns Sy smbuser . +The default can be changed to include group types. +.El +.It Xo +.Nm +.Cm groupspace +.Op Fl Hinp +.Oo Fl o Ar field Ns Oo , Ns Ar field Oc Ns ... Oc +.Oo Fl s Ar field Oc Ns ... +.Oo Fl S Ar field Oc Ns ... +.Oo Fl t Ar type Ns Oo , Ns Ar type Oc Ns ... Oc +.Ar filesystem Ns | Ns Ar snapshot +.Xc Displays space consumed by, and quotas on, each group in the specified -filesystem or snapshot. This subcommand is identical to \fBzfs userspace\fR, -except that the default types to display are \fB-t posixgroup,smbgroup\fR. -.RE - -.sp -.ne 2 -.na -\fB\fBzfs mount\fR\fR -.ad -.sp .6 -.RS 4n -Displays all \fBZFS\fR file systems currently mounted. -.RE - -.sp -.ne 2 -.na -\fB\fBzfs mount\fR [\fB-vO\fR] [\fB-o\fR \fIoptions\fR] \fB-a\fR | -\fIfilesystem\fR\fR -.ad -.sp .6 -.RS 4n -Mounts \fBZFS\fR file systems. Invoked automatically as part of the boot +filesystem or snapshot. This subcommand is identical to +.Nm zfs Cm userspace , +except that the default types to display are +.Fl t Sy posixgroup Ns , Ns Sy smbgroup . +.It Xo +.Nm +.Cm mount +.Xc +Displays all ZFS file systems currently mounted. +.It Xo +.Nm +.Cm mount +.Op Fl Ov +.Op Fl o Ar options +.Fl a | Ar filesystem +.Xc +Mounts ZFS file systems. +.Bl -tag -width "-O" +.It Fl O +Perform an overlay mount. See +.Xr mount 1M +for more information. +.It Fl a +Mount all available ZFS file systems. Invoked automatically as part of the boot process. -.sp -.ne 2 -.na -\fB\fB-o\fR \fIoptions\fR\fR -.ad -.sp .6 -.RS 4n +.It Ar filesystem +Mount the specified filesystem. +.It Fl o Ar options An optional, comma-separated list of mount options to use temporarily for the -duration of the mount. See the "Temporary Mount Point Properties" section for -details. -.RE - -.sp -.ne 2 -.na -\fB\fB-O\fR\fR -.ad -.sp .6 -.RS 4n -Perform an overlay mount. See \fBmount\fR(1M) for more information. -.RE - -.sp -.ne 2 -.na -\fB\fB-v\fR\fR -.ad -.sp .6 -.RS 4n +duration of the mount. See the +.Sx Temporary Mount Point Properties +section for details. +.It Fl v Report mount progress. -.RE - -.sp -.ne 2 -.na -\fB\fB-a\fR\fR -.ad -.sp .6 -.RS 4n -Mount all available \fBZFS\fR file systems. Invoked automatically as part of -the boot process. -.RE - -.sp -.ne 2 -.na -\fB\fIfilesystem\fR\fR -.ad -.sp .6 -.RS 4n -Mount the specified filesystem. -.RE - -.RE - -.sp -.ne 2 -.na -\fB\fBzfs unmount\fR [\fB-f\fR] \fB-a\fR | \fIfilesystem\fR|\fImountpoint\fR\fR -.ad -.sp .6 -.RS 4n -Unmounts currently mounted \fBZFS\fR file systems. Invoked automatically as -part of the shutdown process. -.sp -.ne 2 -.na -\fB\fB-f\fR\fR -.ad -.sp .6 -.RS 4n +.El +.It Xo +.Nm +.Cm unmount +.Op Fl f +.Fl a | Ar filesystem Ns | Ns Ar mountpoint +.Xc +Unmounts currently mounted ZFS file systems. +.Bl -tag -width "-a" +.It Fl a +Unmount all available ZFS file systems. Invoked automatically as part of the +shutdown process. +.It Ar filesystem Ns | Ns Ar mountpoint +Unmount the specified filesystem. The command can also be given a path to a ZFS +file system mount point on the system. +.It Fl f Forcefully unmount the file system, even if it is currently in use. -.RE - -.sp -.ne 2 -.na -\fB\fB-a\fR\fR -.ad -.sp .6 -.RS 4n -Unmount all available \fBZFS\fR file systems. Invoked automatically as part of -the boot process. -.RE - -.sp -.ne 2 -.na -\fB\fIfilesystem\fR|\fImountpoint\fR\fR -.ad -.sp .6 -.RS 4n -Unmount the specified filesystem. The command can also be given a path to a -\fBZFS\fR file system mount point on the system. -.RE - -.RE - -.sp -.ne 2 -.na -\fB\fBzfs share\fR \fB-a\fR | \fIfilesystem\fR\fR -.ad -.sp .6 -.RS 4n -Shares available \fBZFS\fR file systems. -.sp -.ne 2 -.na -\fB\fB-a\fR\fR -.ad -.sp .6 -.RS 4n -Share all available \fBZFS\fR file systems. Invoked automatically as part of -the boot process. -.RE - -.sp -.ne 2 -.na -\fB\fIfilesystem\fR\fR -.ad -.sp .6 -.RS 4n -Share the specified filesystem according to the \fBsharenfs\fR and -\fBsharesmb\fR properties. File systems are shared when the \fBsharenfs\fR or -\fBsharesmb\fR property is set. -.RE - -.RE - -.sp -.ne 2 -.na -\fB\fBzfs unshare\fR \fB-a\fR | \fIfilesystem\fR|\fImountpoint\fR\fR -.ad -.sp .6 -.RS 4n -Unshares currently shared \fBZFS\fR file systems. This is invoked automatically -as part of the shutdown process. -.sp -.ne 2 -.na -\fB\fB-a\fR\fR -.ad -.sp .6 -.RS 4n -Unshare all available \fBZFS\fR file systems. Invoked automatically as part of -the boot process. -.RE - -.sp -.ne 2 -.na -\fB\fIfilesystem\fR|\fImountpoint\fR\fR -.ad -.sp .6 -.RS 4n -Unshare the specified filesystem. The command can also be given a path to a -\fBZFS\fR file system shared on the system. -.RE - -.RE - -.sp -.ne 2 -.na -\fB\fBzfs bookmark\fR \fIsnapshot\fR \fIbookmark\fR\fR -.ad -.sp .6 -.RS 4n -Creates a bookmark of the given snapshot. Bookmarks mark the point in time -when the snapshot was created, and can be used as the incremental source for -a \fBzfs send\fR command. -.sp -This feature must be enabled to be used. -See \fBzpool-features\fR(5) for details on ZFS feature flags and the -\fBbookmarks\fR feature. -.RE - - -.sp -.ne 2 -.na -\fBzfs send\fR [\fB-DnPpRrveL\fR] [\fB-\fR[\fBiI\fR] \fIsnapshot\fR] \fIsnapshot\fR -.ad -.sp .6 -.RS 4n -Creates a stream representation of the second \fIsnapshot\fR, which is written -to standard output. The output can be redirected to a file or to a different -system (for example, using \fBssh\fR(1). By default, a full stream is -generated. -.sp -.ne 2 -.na -\fB\fB-i\fR \fIsnapshot\fR\fR -.ad -.sp .6 -.RS 4n -Generate an incremental stream from the first \fIsnapshot\fR -(the incremental source) to the second \fIsnapshot\fR (the incremental target). -The incremental source can be specified as the last component of the -snapshot name (the \fB@\fR character and following) and -it is assumed to be from the same file system as the incremental target. -.sp -If the destination is a clone, the source may be the origin snapshot, which -must be fully specified (for example, \fBpool/fs@origin\fR, not just -\fB@origin\fR). -.RE - -.sp -.ne 2 -.na -\fB\fB-I\fR \fIsnapshot\fR\fR -.ad -.sp .6 -.RS 4n +.El +.It Xo +.Nm +.Cm share +.Fl a | Ar filesystem +.Xc +Shares available ZFS file systems. +.Bl -tag -width "-a" +.It Fl a +Share all available ZFS file systems. Invoked automatically as part of the boot +process. +.It Ar filesystem +Share the specified filesystem according to the +.Sy sharenfs +and +.Sy sharesmb +properties. File systems are shared when the +.Sy sharenfs +or +.Sy sharesmb +property is set. +.El +.It Xo +.Nm +.Cm unshare +.Fl a | Ar filesystem Ns | Ns Ar mountpoint +.Xc +Unshares currently shared ZFS file systems. +.Bl -tag -width "-a" +.It Fl a +Unshare all available ZFS file systems. Invoked automatically as part of the +shutdown process. +.It Ar filesystem Ns | Ns Ar mountpoint +Unshare the specified filesystem. The command can also be given a path to a ZFS +file system shared on the system. +.El +.It Xo +.Nm +.Cm bookmark +.Ar snapshot bookmark +.Xc +Creates a bookmark of the given snapshot. Bookmarks mark the point in time when +the snapshot was created, and can be used as the incremental source for a +.Nm zfs Cm send +command. +.Pp +This feature must be enabled to be used. See +.Xr zpool-features 5 +for details on ZFS feature flags and the +.Sy bookmarks +feature. +.It Xo +.Nm +.Cm send +.Op Fl DLPRenpv +.Op Oo Fl I Ns | Ns Fl i Oc Ar snapshot +.Ar snapshot +.Xc +Creates a stream representation of the second +.Ar snapshot , +which is written to standard output. The output can be redirected to a file or +to a different system +.Po for example, using +.Xr ssh 1 +.Pc . +By default, a full stream is generated. +.Bl -tag -width "-D" +.It Fl D +Generate a deduplicated stream. Blocks which would have been sent multiple times +in the send stream will only be sent once. The receiving system must also +support this feature to recieve a deduplicated stream. This flag can be used +regardless of the dataset's +.Sy dedup +property, but performance will be much better if the filesystem uses a +dedup-capable checksum +.Po for example, +.Sy sha256 +.Pc . +.It Fl I Ar snapshot Generate a stream package that sends all intermediary snapshots from the first -snapshot to the second snapshot. For example, \fB-I @a fs@d\fR is -similar to \fB-i @a fs@b; -i @b fs@c; -i @c fs@d\fR. The incremental -source may be specified as with the \fB-i\fR option. -.RE - -.sp -.ne 2 -.na -\fB\fB-R\fR\fR -.ad -.sp .6 -.RS 4n +snapshot to the second snapshot. For example, +.Fl I Em @a Em fs@d +is similar to +.Fl i Em @a Em fs@b Ns ; Fl i Em @b Em fs@c Ns ; Fl i Em @c Em fs@d . +The incremental source may be specified as with the +.Fl i +option. +.It Fl L +Generate a stream which may contain blocks larger than 128KB. This flag has no +effect if the +.Sy large_blocks +pool feature is disabled, or if the +.Sy recordsize +property of this filesystem has never been set above 128KB. The receiving system +must have the +.Sy large_blocks +pool feature enabled as well. See +.Xr zpool-features 5 +for details on ZFS feature flags and the +.Sy large_blocks +feature. +.It Fl P +Print machine-parsable verbose information about the stream package generated. +.It Fl R Generate a replication stream package, which will replicate the specified -filesystem, and all descendent file systems, up to the named snapshot. When +file system, and all descendent file systems, up to the named snapshot. When received, all properties, snapshots, descendent file systems, and clones are preserved. -.sp -If the \fB-i\fR or \fB-I\fR flags are used in conjunction with the \fB-R\fR +.Pp +If the +.Fl i +or +.Fl I +flags are used in conjunction with the +.Fl R flag, an incremental replication stream is generated. The current values of properties, and current snapshot and file system names are set when the stream -is received. If the \fB-F\fR flag is specified when this stream is received, -snapshots and file systems that do not exist on the sending side are destroyed. -.RE - -.sp -.ne 2 -.na -\fB\fB-D\fR\fR -.ad -.sp .6 -.RS 4n -Generate a deduplicated stream. Blocks which would have been sent multiple -times in the send stream will only be sent once. The receiving system must -also support this feature to recieve a deduplicated stream. This flag can -be used regardless of the dataset's \fBdedup\fR property, but performance -will be much better if the filesystem uses a dedup-capable checksum (eg. -\fBsha256\fR). -.RE - -.sp -.ne 2 -.na -\fB\fB-r\fR\fR -.ad -.sp .6 -.RS 4n -Recursively send all descendant snapshots. This is similar to the \fB-R\fR -flag, but information about deleted and renamed datasets is not included, and -property information is only included if the \fB-p\fR flag is specified. -.RE - -.sp -.ne 2 -.na -\fB\fB-L\fR\fR -.ad -.sp .6 -.RS 4n -Generate a stream which may contain blocks larger than 128KB. This flag -has no effect if the \fBlarge_blocks\fR pool feature is disabled, or if -the \fRrecordsize\fR property of this filesystem has never been set above -128KB. The receiving system must have the \fBlarge_blocks\fR pool feature -enabled as well. See \fBzpool-features\fR(5) for details on ZFS feature -flags and the \fBlarge_blocks\fR feature. -.RE - -.sp -.ne 2 -.na -\fB\fB-e\fR\fR -.ad -.sp .6 -.RS 4n -Generate a more compact stream by using WRITE_EMBEDDED records for blocks -which are stored more compactly on disk by the \fBembedded_data\fR pool -feature. This flag has no effect if the \fBembedded_data\fR feature is -disabled. The receiving system must have the \fBembedded_data\fR feature -enabled. If the \fBlz4_compress\fR feature is active on the sending system, -then the receiving system must have that feature enabled as well. See -\fBzpool-features\fR(5) for details on ZFS feature flags and the -\fBembedded_data\fR feature. -.RE - -.sp -.ne 2 -.na -\fB\fB-p\fR\fR -.ad -.sp .6 -.RS 4n -Include the dataset's properties in the stream. This flag is implicit when -\fB-R\fR is specified. The receiving system must also support this feature. -.RE - -.sp -.ne 2 -.na -\fB\fB-n\fR\fR -.ad -.sp .6 -.RS 4n -Do a dry-run ("No-op") send. Do not generate any actual send data. This is -useful in conjunction with the \fB-v\fR or \fB-P\fR flags to determine what -data will be sent. In this case, the verbose output will be written to -standard output (contrast with a non-dry-run, where the stream is written -to standard output and the verbose output goes to standard error). -.RE - -.sp -.ne 2 -.na -\fB\fB-P\fR\fR -.ad -.sp .6 -.RS 4n -Print machine-parsable verbose information about the stream package generated. -.RE - -.sp -.ne 2 -.na -\fB\fB-v\fR\fR -.ad -.sp .6 -.RS 4n -Print verbose information about the stream package generated. This information +is received. If the +.Fl F +flag is specified when this stream is received, snapshots and file systems that +do not exist on the sending side are destroyed. +.It Fl e +Generate a more compact stream by using +.Sy WRITE_EMBEDDED +records for blocks which are stored more compactly on disk by the +.Sy embedded_data +pool feature. This flag has no effect if the +.Sy embedded_data +feature is disabled. The receiving system must have the +.Sy embedded_data +feature enabled. If the +.Sy lz4_compress +feature is active on the sending system, then the receiving system must have +that feature enabled as well. See +.Xr zpool-features 5 +for details on ZFS feature flags and the +.Sy embedded_data +feature. +.It Fl i Ar snapshot +Generate an incremental stream from the first +.Ar snapshot +.Pq the incremental source +to the second +.Ar snapshot +.Pq the incremental target . +The incremental source can be specified as the last component of the snapshot +name +.Po the +.Sy @ +character and following +.Pc +and it is assumed to be from the same file system as the incremental target. +.Pp +If the destination is a clone, the source may be the origin snapshot, which must +be fully specified +.Po for example, +.Em pool/fs@origin , +not just +.Em @origin +.Pc . +.It Fl n +Do a dry-run +.Pq Qq No-op +send. Do not generate any actual send data. This is useful in conjunction with +the +.Fl v +or +.Fl P +flags to determine what data will be sent. In this case, the verbose output will +be written to standard output +.Po contrast with a non-dry-run, where the stream is written to standard output +and the verbose output goes to standard error +.Pc . +.It Fl p +Include the dataset's properties in the stream. This flag is implicit when +.Fl R +is specified. The receiving system must also support this feature. +.It Fl v +Print verbose information about the stream package generated. This information includes a per-second report of how much data has been sent. -.RE - +.Pp The format of the stream is committed. You will be able to receive your streams -on future versions of \fBZFS\fR. -.RE - -.sp -.ne 2 -.na -\fBzfs send\fR [\fB-eL\fR] [\fB-i\fR \fIsnapshot\fR|\fIbookmark\fR] \fIfilesystem\fR|\fIvolume\fR|\fIsnapshot\fR -.ad -.sp .6 -.RS 4n -Generate a send stream, which may be of a filesystem, and may be -incremental from a bookmark. If the destination is a filesystem or volume, -the pool must be read-only, or the filesystem must not be mounted. When the -stream generated from a filesystem or volume is received, the default snapshot -name will be "--head--". - -.sp -.ne 2 -.na -\fB-i\fR \fIsnapshot\fR|\fIbookmark\fR -.ad -.sp .6 -.RS 4n -Generate an incremental send stream. The incremental source must be an earlier -snapshot in the destination's history. It will commonly be an earlier -snapshot in the destination's filesystem, in which case it can be -specified as the last component of the name (the \fB#\fR or \fB@\fR character -and following). -.sp -If the incremental target is a clone, the incremental source can -be the origin snapshot, or an earlier snapshot in the origin's filesystem, -or the origin's origin, etc. -.RE - -.sp -.ne 2 -.na -\fB\fB-L\fR\fR -.ad -.sp .6 -.RS 4n -Generate a stream which may contain blocks larger than 128KB. This flag -has no effect if the \fBlarge_blocks\fR pool feature is disabled, or if -the \fRrecordsize\fR property of this filesystem has never been set above -128KB. The receiving system must have the \fBlarge_blocks\fR pool feature -enabled as well. See \fBzpool-features\fR(5) for details on ZFS feature -flags and the \fBlarge_blocks\fR feature. -.RE - -.sp -.ne 2 -.na -\fB\fB-e\fR\fR -.ad -.sp .6 -.RS 4n -Generate a more compact stream by using WRITE_EMBEDDED records for blocks -which are stored more compactly on disk by the \fBembedded_data\fR pool -feature. This flag has no effect if the \fBembedded_data\fR feature is -disabled. The receiving system must have the \fBembedded_data\fR feature -enabled. If the \fBlz4_compress\fR feature is active on the sending system, -then the receiving system must have that feature enabled as well. See -\fBzpool-features\fR(5) for details on ZFS feature flags and the -\fBembedded_data\fR feature. -.RE -.RE - -.sp -.ne 2 -.na -\fB\fBzfs receive\fR [\fB-vnFu\fR] -\fIfilesystem\fR|\fIvolume\fR|\fIsnapshot\fR\fR -.ad +on future versions of ZFS . +.El +.It Xo +.Nm +.Cm send +.Op Fl Le +.Op Fl i Ar snapshot Ns | Ns Ar bookmark +.Ar filesystem Ns | Ns Ar volume Ns | Ns Ar snapshot +.Xc +Generate a send stream, which may be of a filesystem, and may be incremental +from a bookmark. If the destination is a filesystem or volume, the pool must be +read-only, or the filesystem must not be mounted. When the stream generated from +a filesystem or volume is received, the default snapshot name will be +.Qq --head-- . +.Bl -tag -width "-L" +.It Fl L +Generate a stream which may contain blocks larger than 128KB. This flag has no +effect if the +.Sy large_blocks +pool feature is disabled, or if the +.Sy recordsize +property of this filesystem has never been set above 128KB. The receiving system +must have the +.Sy large_blocks +pool feature enabled as well. See +.Xr zpool-features 5 +for details on ZFS feature flags and the +.Sy large_blocks +feature. +.It Fl e +Generate a more compact stream by using +.Sy WRITE_EMBEDDED +records for blocks which are stored more compactly on disk by the +.Sy embedded_data +pool feature. This flag has no effect if the +.Sy embedded_data +feature is disabled. The receiving system must have the +.Sy embedded_data +feature enabled. If the +.Sy lz4_compress +feature is active on the sending system, then the receiving system must have +that feature enabled as well. See +.Xr zpool-features 5 +for details on ZFS feature flags and the +.Sy embedded_data +feature. +.It Fl i Ar snapshot Ns | Ns Ar bookmark +Generate an incremental send stream. The incremental source must be an earlier +snapshot in the destination's history. It will commonly be an earlier snapshot +in the destination's file system, in which case it can be specified as the last +component of the name +.Po the +.Sy # +or +.Sy @ +character and following +.Pc . +.Pp +If the incremental target is a clone, the incremental source can be the origin +snapshot, or an earlier snapshot in the origin's filesystem, or the origin's +origin, etc. +.El +.It Xo +.Nm +.Cm receive +.Op Fl Fnuv +.Ar filesystem Ns | Ns Ar volume Ns | Ns Ar snapshot .br -.na -\fB\fBzfs receive\fR [\fB-vnFu\fR] [\fB-d\fR|\fB-e\fR] \fIfilesystem\fR\fR -.ad -.sp .6 -.RS 4n +.Nm +.Cm receive +.Op Fl Fnuv +.Op Fl d Ns | Ns Fl e +.Ar filesystem +.Xc Creates a snapshot whose contents are as specified in the stream provided on standard input. If a full stream is received, then a new file system is created -as well. Streams are created using the \fBzfs send\fR subcommand, which by -default creates a full stream. \fBzfs recv\fR can be used as an alias for -\fBzfs receive\fR. -.sp +as well. Streams are created using the +.Nm zfs Cm send +subcommand, which by default creates a full stream. +.Nm zfs Cm recv +can be used as an alias for +.Nm zfs Cm receive. +.Pp If an incremental stream is received, then the destination file system must already exist, and its most recent snapshot must match the incremental stream's -source. For \fBzvols\fR, the destination device link is destroyed and -recreated, which means the \fBzvol\fR cannot be accessed during the -\fBreceive\fR operation. -.sp +source. For +.Sy zvols , +the destination device link is destroyed and recreated, which means the +.Sy zvol +cannot be accessed during the +.Cm receive +operation. +.Pp When a snapshot replication package stream that is generated by using the -\fBzfs send\fR \fB-R\fR command is received, any snapshots that do not exist -on the sending location are destroyed by using the \fBzfs destroy\fR \fB-d\fR +.Nm zfs Cm send Fl R +command is received, any snapshots that do not exist on the sending location are +destroyed by using the +.Nm zfs Cm destroy Fl d command. -.sp -The name of the snapshot (and file system, if a full stream is received) that -this subcommand creates depends on the argument type and the use of the -\fB-d\fR or \fB-e\fR options. -.sp -If the argument is a snapshot name, the specified \fIsnapshot\fR is created. If -the argument is a file system or volume name, a snapshot with the same name as -the sent snapshot is created within the specified \fIfilesystem\fR or -\fIvolume\fR. If neither of the \fB-d\fR or \fB-e\fR options are specified, -the provided target snapshot name is used exactly as provided. -.sp -The \fB-d\fR and \fB-e\fR options cause the file system name of the target -snapshot to be determined by appending a portion of the sent snapshot's name to -the specified target \fIfilesystem\fR. If the \fB-d\fR option is specified, all -but the first element of the sent snapshot's file system path (usually the -pool name) is used and any required intermediate file systems within the -specified one are created. If the \fB-e\fR option is specified, then only the -last element of the sent snapshot's file system name (i.e. the name of the -source file system itself) is used as the target file system name. -.sp -The process requires the \fBPRIV_SYS_FS_IMPORT\fR privilege to receive. -.sp -.ne 2 -.na -\fB\fB-d\fR\fR -.ad -.sp .6 -.RS 4n -Discard the first element of the sent snapshot's file system name, using -the remaining elements to determine the name of the target file system for -the new snapshot as described in the paragraph above. -.RE - -.sp -.ne 2 -.na -\fB\fB-e\fR\fR -.ad -.sp .6 -.RS 4n -Discard all but the last element of the sent snapshot's file system name, -using that element to determine the name of the target file system for -the new snapshot as described in the paragraph above. -.RE - -.sp -.ne 2 -.na -\fB\fB-u\fR\fR -.ad -.sp .6 -.RS 4n +.Pp +The name of the snapshot +.Pq and file system, if a full stream is received +that this subcommand creates depends on the argument type and the use of the +.Fl d +or +.Fl e +options. +.Pp +If the argument is a snapshot name, the specified +.Ar snapshot +is created. If the argument is a file system or volume name, a snapshot with the +same name as the sent snapshot is created within the specified +.Ar filesystem +or +.Ar volume . +If neither of the +.Fl d +or +.Fl e +options are specified, the provided target snapshot name is used exactly as +provided. +.Pp +The +.Fl d +and +.Fl e +options cause the file system name of the target snapshot to be determined by +appending a portion of the sent snapshot's name to the specified target +.Ar filesystem . +If the +.Fl d +option is specified, all but the first element of the sent snapshot's file +system path +.Pq usually the pool name +is used and any required intermediate file systems within the specified one are +created. If the +.Fl e +option is specified, then only the last element of the sent snapshot's file +system name +.Pq i.e. the name of the source file system itself +is used as the target file system name. +.Bl -tag -width "-F" +.It Fl F +Force a rollback of the file system to the most recent snapshot before +performing the receive operation. If receiving an incremental replication stream +.Po for example, one generated by +.Nm zfs Cm send Fl R Op Fl i Ns | Ns Fl I +.Pc , +destroy snapshots and file systems that do not exist on the sending side. +.It Fl d +Discard the first element of the sent snapshot's file system name, using the +remaining elements to determine the name of the target file system for the new +snapshot as described in the paragraph above. +.It Fl e +Discard all but the last element of the sent snapshot's file system name, using +that element to determine the name of the target file system for the new +snapshot as described in the paragraph above. +.It Fl n +Do not actually receive the stream. This can be useful in conjunction with the +.Fl v +option to verify the name the receive operation would use. +.It Fl u File system that is associated with the received stream is not mounted. -.RE - -.sp -.ne 2 -.na -\fB\fB-v\fR\fR -.ad -.sp .6 -.RS 4n +.It Fl v Print verbose information about the stream and the time required to perform the receive operation. -.RE - -.sp -.ne 2 -.na -\fB\fB-n\fR\fR -.ad -.sp .6 -.RS 4n -Do not actually receive the stream. This can be useful in conjunction with the -\fB-v\fR option to verify the name the receive operation would use. -.RE - -.sp -.ne 2 -.na -\fB\fB-F\fR\fR -.ad -.sp .6 -.RS 4n -Force a rollback of the file system to the most recent snapshot before -performing the receive operation. If receiving an incremental replication -stream (for example, one generated by \fBzfs send -R -[iI]\fR), destroy -snapshots and file systems that do not exist on the sending side. -.RE - -.RE - -.sp -.ne 2 -.na -\fB\fBzfs allow\fR \fIfilesystem\fR | \fIvolume\fR\fR -.ad -.sp .6 -.RS 4n +.El +.It Xo +.Nm +.Cm allow +.Ar filesystem Ns | Ns Ar volume +.Xc Displays permissions that have been delegated on the specified filesystem or -volume. See the other forms of \fBzfs allow\fR for more information. -.RE - -.sp -.ne 2 -.na -\fB\fBzfs allow\fR [\fB-ldug\fR] \fIuser\fR|\fIgroup\fR[,\fIuser\fR|\fIgroup\fR]... -\fIperm\fR|@\fIsetname\fR[,\fIperm\fR|@\fIsetname\fR]... \fIfilesystem\fR|\fIvolume\fR\fR -.ad +volume. See the other forms of +.Nm zfs Cm allow +for more information. +.It Xo +.Nm +.Cm allow +.Op Fl dglu +.Ar user Ns | Ns Ar group Ns Oo , Ns Ar user Ns | Ns Ar group Oc Ns ... +.Ar perm Ns | Ns @ Ns Ar setname Ns Oo , Ns Ar perm Ns | Ns @ Ns +.Ar setname Oc Ns ... +.Ar filesystem Ns | Ns Ar volume .br -.na -\fB\fBzfs allow\fR [\fB-ld\fR] \fB-e\fR|\fBeveryone\fR \fIperm\fR|@\fIsetname\fR[,\fIperm\fR|@\fIsetname\fR]... -\fIfilesystem\fR|\fIvolume\fR\fR -.ad -.sp .6 -.RS 4n -Delegates \fBZFS\fR administration permission for the file systems to -non-privileged users. -.sp -.ne 2 -.na -[\fB-ug\fR] \fIuser\fR|\fIgroup\fR[,\fIuser\fR|\fIgroup\fR]... -.ad -.sp .6 -.RS 4n -Specifies to whom the permissions are delegated. Multiple entities can be -specified as a comma-separated list. If neither of the \fB-ug\fR options are -specified, then the argument is interpreted preferentially as the keyword -\fBeveryone,\fR then as a user name, and lastly as a group name. To specify a user -or group named "everyone", use the \fB-u\fR or \fB-g\fR options. To specify a -group with the same name as a user, use the \fB-g\fR options. -.RE - -.sp -.ne 2 -.na -\fB-e\fR|\fBeveryone\fR -.ad -.sp .6 -.RS 4n +.Nm +.Cm allow +.Op Fl dl +.Fl e Ns | Ns Sy everyone +.Ar perm Ns | Ns @ Ns Ar setname Ns Oo , Ns Ar perm Ns | Ns @ Ns +.Ar setname Oc Ns ... +.Ar filesystem Ns | Ns Ar volume +.Xc +Delegates ZFS administration permission for the file systems to non-privileged +users. +.Bl -tag -width "-d" +.It Fl d +Allow only for the descendent file systems. +.It Fl e Ns | Ns Sy everyone Specifies that the permissions be delegated to everyone. -.RE - -.sp -.ne 2 -.na -\fIperm\fR|@\fIsetname\fR[,\fIperm\fR|@\fIsetname\fR]... -.ad -.sp .6 -.RS 4n -The permissions to delegate. Multiple permissions -may be specified as a comma-separated list. Permission names are the same as -\fBZFS\fR subcommand and property names. See the property list below. Property -set names, which begin with an at sign (\fB@\fR) , may be specified. See the -\fB-s\fR form below for details. -.RE - -.sp -.ne 2 -.na -[\fB-ld\fR] \fIfilesystem\fR|\fIvolume\fR -.ad -.sp .6 -.RS 4n -Specifies where the permissions are delegated. If neither of the \fB-ld\fR +.It Fl g Ar group Ns Oo , Ns Ar group Oc Ns ... +Explicitly specify that permissions are delegated to the group. +.It Fl l +Allow +.Qq locally +only for the specified file system. +.It Fl u Ar user Ns Oo , Ns Ar user Oc Ns ... +Explicitly specify that permissions are delegated to the user. +.It Ar user Ns | Ns Ar group Ns Oo , Ns Ar user Ns | Ns Ar group Oc Ns ... +Specifies to whom the permissions are delegated. Multiple entities can be +specified as a comma-separated list. If neither of the +.Fl gu +options are specified, then the argument is interpreted preferentially as the +keyword +.Sy everyone , +then as a user name, and lastly as a group name. To specify a user or group +named +.Qq everyone , +use the +.Fl g +or +.Fl u +options. To specify a group with the same name as a user, use the +.Fl g +options. +.It Xo +.Ar perm Ns | Ns @ Ns Ar setname Ns Oo , Ns Ar perm Ns | Ns @ Ns +.Ar setname Oc Ns ... +.Xc +The permissions to delegate. Multiple permissions may be specified as a +comma-separated list. Permission names are the same as ZFS subcommand and +property names. See the property list below. Property set names, +which begin with +.Sy @ , +may be specified. See the +.Fl s +form below for details. +.El +.Pp +If neither of the +.Fl dl options are specified, or both are, then the permissions are allowed for the -file system or volume, and all of its descendents. If only the \fB-l\fR option -is used, then is allowed "locally" only for the specified file system. If only -the \fB-d\fR option is used, then is allowed only for the descendent file -systems. -.RE - -.RE - -.sp -.LP -Permissions are generally the ability to use a \fBZFS\fR subcommand or change a -\fBZFS\fR property. The following permissions are available: -.sp -.in +2 -.nf +file system or volume, and all of its descendents. +.Pp +Permissions are generally the ability to use a ZFS subcommand or change a ZFS +property. The following permissions are available: +.Bd -literal NAME TYPE NOTES allow subcommand Must also have the permission that is being allowed @@ -3432,6 +2837,7 @@ send subcommand share subcommand Allows sharing file systems over NFS or SMB protocols snapshot subcommand Must also have the 'mount' ability + groupquota other Allows accessing any groupquota@... property groupused other Allows reading any groupused@... property userprop other Allows changing any user property @@ -3461,7 +2867,6 @@ refreservation property reservation property secondarycache property setuid property -shareiscsi property sharenfs property sharesmb property snapdir property @@ -3473,198 +2878,174 @@ volsize property vscan property xattr property zoned property -.fi -.in -2 -.sp - -.sp -.ne 2 -.na -\fB\fBzfs allow\fR \fB-c\fR \fIperm\fR|@\fIsetname\fR[,\fIperm\fR|@\fIsetname\fR]... -\fIfilesystem\fR|\fIvolume\fR\fR -.ad -.sp .6 -.RS 4n -Sets "create time" permissions. These permissions are granted (locally) to the -creator of any newly-created descendent file system. -.RE - -.sp -.ne 2 -.na -\fB\fBzfs allow\fR \fB-s\fR @\fIsetname\fR \fIperm\fR|@\fIsetname\fR[,\fIperm\fR|@\fIsetname\fR]... -\fIfilesystem\fR|\fIvolume\fR\fR -.ad -.sp .6 -.RS 4n +.Ed +.It Xo +.Nm +.Cm allow +.Fl c +.Ar perm Ns | Ns @ Ns Ar setname Ns Oo , Ns Ar perm Ns | Ns @ Ns +.Ar setname Oc Ns ... +.Ar filesystem Ns | Ns Ar volume +.Xc +Sets +.Qq create time +permissions. These permissions are granted +.Pq locally +to the creator of any newly-created descendent file system. +.It Xo +.Nm +.Cm allow +.Fl s No @ Ns Ar setname +.Ar perm Ns | Ns @ Ns Ar setname Ns Oo , Ns Ar perm Ns | Ns @ Ns +.Ar setname Oc Ns ... +.Ar filesystem Ns | Ns Ar volume +.Xc Defines or adds permissions to a permission set. The set can be used by other -\fBzfs allow\fR commands for the specified file system and its descendents. -Sets are evaluated dynamically, so changes to a set are immediately reflected. -Permission sets follow the same naming restrictions as ZFS file systems, but -the name must begin with an "at sign" (\fB@\fR), and can be no more than 64 -characters long. -.RE - -.sp -.ne 2 -.na -\fB\fBzfs unallow\fR [\fB-rldug\fR] \fIuser\fR|\fIgroup\fR[,\fIuser\fR|\fIgroup\fR]... -[\fIperm\fR|@\fIsetname\fR[,\fIperm\fR|@\fIsetname\fR]...] \fIfilesystem\fR|\fIvolume\fR\fR -.ad -.br -.na -\fB\fBzfs unallow\fR [\fB-rld\fR] \fB-e\fR|\fBeveryone\fR [\fIperm\fR|@\fIsetname\fR[,\fIperm\fR|@\fIsetname\fR]...] -\fIfilesystem\fR|\fIvolume\fR\fR -.ad +.Nm zfs Cm allow +commands for the specified file system and its descendents. Sets are evaluated +dynamically, so changes to a set are immediately reflected. Permission sets +follow the same naming restrictions as ZFS file systems, but the name must begin +with +.Sy @ , +and can be no more than 64 characters long. +.It Xo +.Nm +.Cm unallow +.Op Fl dglru +.Ar user Ns | Ns Ar group Ns Oo , Ns Ar user Ns | Ns Ar group Oc Ns ... +.Oo Ar perm Ns | Ns @ Ns Ar setname Ns Oo , Ns Ar perm Ns | Ns @ Ns +.Ar setname Oc Ns ... Oc +.Ar filesystem Ns | Ns Ar volume .br -.na -\fB\fBzfs unallow\fR [\fB-r\fR] \fB-c\fR [\fIperm\fR|@\fIsetname\fR[,\fIperm\fR|@\fIsetname\fR]...]\fR -.ad +.Nm +.Cm unallow +.Op Fl dlr +.Fl e Ns | Ns Sy everyone +.Oo Ar perm Ns | Ns @ Ns Ar setname Ns Oo , Ns Ar perm Ns | Ns @ Ns +.Ar setname Oc Ns ... Oc +.Ar filesystem Ns | Ns Ar volume .br -.na -\fB\fIfilesystem\fR|\fIvolume\fR\fR -.ad -.sp .6 -.RS 4n -Removes permissions that were granted with the \fBzfs allow\fR command. No -permissions are explicitly denied, so other permissions granted are still in -effect. For example, if the permission is granted by an ancestor. If no -permissions are specified, then all permissions for the specified \fIuser\fR, -\fIgroup\fR, or everyone are removed. Specifying \fBeveryone\fR (or using the -\fB-e\fR option) only removes the permissions that were granted to everyone, -not all permissions for every user and group. See the \fBzfs allow\fR command -for a description of the \fB-ldugec\fR options. -.sp -.ne 2 -.na -\fB\fB-r\fR\fR -.ad -.sp .6 -.RS 4n +.Nm +.Cm unallow +.Op Fl r +.Fl c +.Oo Ar perm Ns | Ns @ Ns Ar setname Ns Oo , Ns Ar perm Ns | Ns @ Ns +.Ar setname Oc Ns ... Oc +.Ar filesystem Ns | Ns Ar volume +.Xc +Removes permissions that were granted with the +.Nm zfs Cm allow +command. No permissions are explicitly denied, so other permissions granted are +still in effect. For example, if the permission is granted by an ancestor. If no +permissions are specified, then all permissions for the specified +.Ar user , +.Ar group , +or +.Sy everyone +are removed. Specifying +.Sy everyone +.Po or using the +.Fl e +option +.Pc +only removes the permissions that were granted to everyone, not all permissions +for every user and group. See the +.Nm zfs Cm allow +command for a description of the +.Fl ldugec +options. +.Bl -tag -width "-r" +.It Fl r Recursively remove the permissions from this file system and all descendents. -.RE - -.RE - -.sp -.ne 2 -.na -\fB\fBzfs unallow\fR [\fB-r\fR] \fB-s\fR @\fIsetname\fR -[\fIperm\fR|@\fIsetname\fR[,\fIperm\fR|@\fIsetname\fR]...]\fR -.ad -.br -.na -\fB\fIfilesystem\fR|\fIvolume\fR\fR -.ad -.sp .6 -.RS 4n -Removes permissions from a permission set. If no permissions are specified, -then all permissions are removed, thus removing the set entirely. -.RE - -.sp -.ne 2 -.na -\fB\fBzfs hold\fR [\fB-r\fR] \fItag\fR \fIsnapshot\fR...\fR -.ad -.sp .6 -.RS 4n -Adds a single reference, named with the \fItag\fR argument, to the specified -snapshot or snapshots. Each snapshot has its own tag namespace, and tags must -be unique within that space. -.sp +.El +.It Xo +.Nm +.Cm unallow +.Op Fl r +.Fl s @ Ns Ar setname +.Oo Ar perm Ns | Ns @ Ns Ar setname Ns Oo , Ns Ar perm Ns | Ns @ Ns +.Ar setname Oc Ns ... Oc +.Ar filesystem Ns | Ns Ar volume +.Xc +Removes permissions from a permission set. If no permissions are specified, then +all permissions are removed, thus removing the set entirely. +.It Xo +.Nm +.Cm hold +.Op Fl r +.Ar tag Ar snapshot Ns ... +.Xc +Adds a single reference, named with the +.Ar tag +argument, to the specified snapshot or snapshots. Each snapshot has its own tag +namespace, and tags must be unique within that space. +.Pp If a hold exists on a snapshot, attempts to destroy that snapshot by using the -\fBzfs destroy\fR command return \fBEBUSY\fR. -.sp -.ne 2 -.na -\fB\fB-r\fR\fR -.ad -.sp .6 -.RS 4n -Specifies that a hold with the given tag is applied recursively to the -snapshots of all descendent file systems. -.RE - -.RE - -.sp -.ne 2 -.na -\fB\fBzfs holds\fR [\fB-r\fR] \fIsnapshot\fR...\fR -.ad -.sp .6 -.RS 4n +.Nm zfs Cm destroy +command return +.Er EBUSY . +.Bl -tag -width "-r" +.It Fl r +Specifies that a hold with the given tag is applied recursively to the snapshots +of all descendent file systems. +.El +.It Xo +.Nm +.Cm holds +.Op Fl r +.Ar snapshot Ns ... +.Xc Lists all existing user references for the given snapshot or snapshots. -.sp -.ne 2 -.na -\fB\fB-r\fR\fR -.ad -.sp .6 -.RS 4n +.Bl -tag -width "-r" +.It Fl r Lists the holds that are set on the named descendent snapshots, in addition to listing the holds on the named snapshot. -.RE - -.RE - -.sp -.ne 2 -.na -\fB\fBzfs release\fR [\fB-r\fR] \fItag\fR \fIsnapshot\fR...\fR -.ad -.sp .6 -.RS 4n -Removes a single reference, named with the \fItag\fR argument, from the -specified snapshot or snapshots. The tag must already exist for each snapshot. -.sp -If a hold exists on a snapshot, attempts to destroy that snapshot by using the -\fBzfs destroy\fR command return \fBEBUSY\fR. -.sp -.ne 2 -.na -\fB\fB-r\fR\fR -.ad -.sp .6 -.RS 4n +.El +.It Xo +.Nm +.Cm release +.Op Fl r +.Ar tag Ar snapshot Ns ... +.Xc +Removes a single reference, named with the +.Ar tag +argument, from the specified snapshot or snapshots. The tag must already exist +for each snapshot. If a hold exists on a snapshot, attempts to destroy that +snapshot by using the +.Nm zfs Cm destroy +command return +.Er EBUSY . +.Bl -tag -width "-r" +.It Fl r Recursively releases a hold with the given tag on the snapshots of all descendent file systems. -.RE - -.sp -.ne 2 -.na -\fBzfs diff\fR [\fB-FHt\fR] \fIsnapshot\fR \fIsnapshot|filesystem\fR -.ad -.sp .6 -.RS 4n +.El +.It Xo +.Nm +.Cm diff +.Op Fl FHt +.Ar snapshot Ar snapshot Ns | Ns Ar filesystem +.Xc Display the difference between a snapshot of a given filesystem and another snapshot of that filesystem from a later time or the current contents of the -filesystem. The first column is a character indicating the type of change, -the other columns indicate pathname, new pathname (in case of rename), change -in link count, and optionally file type and/or change time. - -The types of change are: -.in +2 -.nf +filesystem. The first column is a character indicating the type of change, the +other columns indicate pathname, new pathname +.Pq in case of rename , +change in link count, and optionally file type and/or change time. The types of +change are: +.Bd -literal - The path has been removed + The path has been created M The path has been modified R The path has been renamed -.fi -.in -2 -.sp -.ne 2 -.na -\fB-F\fR -.ad -.sp .6 -.RS 4n -Display an indication of the type of file, in a manner similar to the \fB-F\fR -option of \fBls\fR(1). -.in +2 -.nf +.Ed +.Bl -tag -width "-F" +.It Fl F +Display an indication of the type of file, in a manner similar to the +.Fl +option of +.Xr ls 1 . +.Bd -literal B Block device C Character device / Directory @@ -3674,145 +3055,103 @@ C Character device P Event port = Socket F Regular file -.fi -.in -2 -.RE -.sp -.ne 2 -.na -\fB-H\fR -.ad -.sp .6 -.RS 4n -Give more parsable tab-separated output, without header lines and without arrows. -.RE -.sp -.ne 2 -.na -\fB-t\fR -.ad -.sp .6 -.RS 4n +.Ed +.It Fl H +Give more parsable tab-separated output, without header lines and without +arrows. +.It Fl t Display the path's inode change time as the first column of output. -.RE - -.SH EXAMPLES -.LP -\fBExample 1 \fRCreating a ZFS File System Hierarchy -.sp -.LP -The following commands create a file system named \fBpool/home\fR and a file -system named \fBpool/home/bob\fR. The mount point \fB/export/home\fR is set for -the parent file system, and is automatically inherited by the child file -system. - -.sp -.in +2 -.nf -# \fBzfs create pool/home\fR -# \fBzfs set mountpoint=/export/home pool/home\fR -# \fBzfs create pool/home/bob\fR -.fi -.in -2 -.sp - -.LP -\fBExample 2 \fRCreating a ZFS Snapshot -.sp -.LP -The following command creates a snapshot named \fByesterday\fR. This snapshot -is mounted on demand in the \fB\&.zfs/snapshot\fR directory at the root of the -\fBpool/home/bob\fR file system. - -.sp -.in +2 -.nf -# \fBzfs snapshot pool/home/bob@yesterday\fR -.fi -.in -2 -.sp - -.LP -\fBExample 3 \fRCreating and Destroying Multiple Snapshots -.sp -.LP -The following command creates snapshots named \fByesterday\fR of -\fBpool/home\fR and all of its descendent file systems. Each snapshot is -mounted on demand in the \fB\&.zfs/snapshot\fR directory at the root of its -file system. The second command destroys the newly created snapshots. - -.sp -.in +2 -.nf -# \fBzfs snapshot -r pool/home@yesterday\fR -# \fBzfs destroy -r pool/home@yesterday\fR -.fi -.in -2 -.sp - -.LP -\fBExample 4 \fRDisabling and Enabling File System Compression -.sp -.LP -The following command disables the \fBcompression\fR property for all file -systems under \fBpool/home\fR. The next command explicitly enables -\fBcompression\fR for \fBpool/home/anne\fR. - -.sp -.in +2 -.nf -# \fBzfs set compression=off pool/home\fR -# \fBzfs set compression=on pool/home/anne\fR -.fi -.in -2 -.sp - -.LP -\fBExample 5 \fRListing ZFS Datasets -.sp -.LP +.El +.El +.Sh EXIT STATUS +The +.Nm +utility exits 0 on success, 1 if an error occurs, and 2 if invalid command line +options were specified. +.Sh EXAMPLES +.Bl -tag -width "" +.It Sy Example 1 No Creating a ZFS File System Hierarchy +The following commands create a file system named +.Em pool/home +and a file system named +.Em pool/home/bob . +The mount point +.Pa /export/home +is set for the parent file system, and is automatically inherited by the child +file system. +.Bd -literal +# zfs create pool/home +# zfs set mountpoint=/export/home pool/home +# zfs create pool/home/bob +.Ed +.It Sy Example 2 No Creating a ZFS Snapshot +The following command creates a snapshot named +.Sy yesterday . +This snapshot is mounted on demand in the +.Pa .zfs/snapshot +directory at the root of the +.Em pool/home/bob +file system. +.Bd -literal +# zfs snapshot pool/home/bob@yesterday +.Ed +.It Sy Example 3 No Creating and Destroying Multiple Snapshots +The following command creates snapshots named +.Sy yesterday +of +.Em pool/home +and all of its descendent file systems. Each snapshot is mounted on demand in +the +.Pa .zfs/snapshot +directory at the root of its file system. The second command destroys the newly +created snapshots. +.Bd -literal +# zfs snapshot -r pool/home@yesterday +# zfs destroy -r pool/home@yesterday +.Ed +.It Sy Example 4 No Disabling and Enabling File System Compression +The following command disables the +.Sy compression +property for all file systems under +.Em pool/home . +The next command explicitly enables +.Sy compression +for +.Em pool/home/anne . +.Bd -literal +# zfs set compression=off pool/home +# zfs set compression=on pool/home/anne +.Ed +.It Sy Example 5 No Listing ZFS Datasets The following command lists all active file systems and volumes in the system. -Snapshots are displayed if the \fBlistsnaps\fR property is \fBon\fR. The -default is \fBoff\fR. See \fBzpool\fR(1M) for more information on pool -properties. - -.sp -.in +2 -.nf -# \fBzfs list\fR - NAME USED AVAIL REFER MOUNTPOINT - pool 450K 457G 18K /pool - pool/home 315K 457G 21K /export/home - pool/home/anne 18K 457G 18K /export/home/anne - pool/home/bob 276K 457G 276K /export/home/bob -.fi -.in -2 -.sp - -.LP -\fBExample 6 \fRSetting a Quota on a ZFS File System -.sp -.LP -The following command sets a quota of 50 Gbytes for \fBpool/home/bob\fR. - -.sp -.in +2 -.nf -# \fBzfs set quota=50G pool/home/bob\fR -.fi -.in -2 -.sp - -.LP -\fBExample 7 \fRListing ZFS Properties -.sp -.LP -The following command lists all properties for \fBpool/home/bob\fR. - -.sp -.in +2 -.nf -# \fBzfs get all pool/home/bob\fR +Snapshots are displayed if the +.Sy listsnaps +property is +.Sy on . +The default is +.Sy off . +See +.Xr zpool 1M +for more information on pool properties. +.Bd -literal +# zfs list +NAME USED AVAIL REFER MOUNTPOINT +pool 450K 457G 18K /pool +pool/home 315K 457G 21K /export/home +pool/home/anne 18K 457G 18K /export/home/anne +pool/home/bob 276K 457G 276K /export/home/bob +.Ed +.It Sy Example 6 No Setting a Quota on a ZFS File System +The following command sets a quota of 50 Gbytes for +.Em pool/home/bob . +.Bd -literal +# zfs set quota=50G pool/home/bob +.Ed +.It Sy Example 7 No Listing ZFS Properties +The following command lists all properties for +.Em pool/home/bob . +.Bd -literal +# zfs get all pool/home/bob NAME PROPERTY VALUE SOURCE pool/home/bob type filesystem - pool/home/bob creation Tue Jul 21 15:53 2009 - @@ -3838,7 +3177,6 @@ pool/home/bob snapdir hidden default pool/home/bob aclmode discard default pool/home/bob aclinherit restricted default pool/home/bob canmount on default -pool/home/bob shareiscsi off default pool/home/bob xattr on default pool/home/bob copies 1 default pool/home/bob version 4 - @@ -3856,385 +3194,247 @@ pool/home/bob usedbysnapshots 0 - pool/home/bob usedbydataset 21K - pool/home/bob usedbychildren 0 - pool/home/bob usedbyrefreservation 0 - -.fi -.in -2 -.sp - -.sp -.LP +.Ed +.Pp The following command gets a single property value. - -.sp -.in +2 -.nf -# \fBzfs get -H -o value compression pool/home/bob\fR +.Bd -literal +# zfs get -H -o value compression pool/home/bob on -.fi -.in -2 -.sp - -.sp -.LP +.Ed The following command lists all properties with local settings for -\fBpool/home/bob\fR. - -.sp -.in +2 -.nf -# \fBzfs get -r -s local -o name,property,value all pool/home/bob\fR +.Em pool/home/bob . +.Bd -literal +# zfs get -r -s local -o name,property,value all pool/home/bob NAME PROPERTY VALUE pool/home/bob quota 20G pool/home/bob compression on -.fi -.in -2 -.sp - -.LP -\fBExample 8 \fRRolling Back a ZFS File System -.sp -.LP -The following command reverts the contents of \fBpool/home/anne\fR to the -snapshot named \fByesterday\fR, deleting all intermediate snapshots. - -.sp -.in +2 -.nf -# \fBzfs rollback -r pool/home/anne@yesterday\fR -.fi -.in -2 -.sp - -.LP -\fBExample 9 \fRCreating a ZFS Clone -.sp -.LP +.Ed +.It Sy Example 8 No Rolling Back a ZFS File System +The following command reverts the contents of +.Em pool/home/anne +to the snapshot named +.Sy yesterday , +deleting all intermediate snapshots. +.Bd -literal +# zfs rollback -r pool/home/anne@yesterday +.Ed +.It Sy Example 9 No Creating a ZFS Clone The following command creates a writable file system whose initial contents are -the same as \fBpool/home/bob@yesterday\fR. - -.sp -.in +2 -.nf -# \fBzfs clone pool/home/bob@yesterday pool/clone\fR -.fi -.in -2 -.sp - -.LP -\fBExample 10 \fRPromoting a ZFS Clone -.sp -.LP +the same as +.Em pool/home/bob@yesterday . +.Bd -literal +# zfs clone pool/home/bob@yesterday pool/clone +.Ed +.It Sy Example 10 No Promoting a ZFS Clone The following commands illustrate how to test out changes to a file system, and then replace the original file system with the changed one, using clones, clone promotion, and renaming: - -.sp -.in +2 -.nf -# \fBzfs create pool/project/production\fR +.Bd -literal +# zfs create pool/project/production populate /pool/project/production with data -# \fBzfs snapshot pool/project/production@today\fR -# \fBzfs clone pool/project/production@today pool/project/beta\fR -make changes to /pool/project/beta and test them -# \fBzfs promote pool/project/beta\fR -# \fBzfs rename pool/project/production pool/project/legacy\fR -# \fBzfs rename pool/project/beta pool/project/production\fR -once the legacy version is no longer needed, it can be destroyed -# \fBzfs destroy pool/project/legacy\fR -.fi -.in -2 -.sp - -.LP -\fBExample 11 \fRInheriting ZFS Properties -.sp -.LP -The following command causes \fBpool/home/bob\fR and \fBpool/home/anne\fR to -inherit the \fBchecksum\fR property from their parent. - -.sp -.in +2 -.nf -# \fBzfs inherit checksum pool/home/bob pool/home/anne\fR -.fi -.in -2 -.sp -.LP -The following command causes \fBpool/home/bob\fR to revert to the received -value for the \fBquota\fR property if it exists. - -.sp -.in +2 -.nf -# \fBzfs inherit -S quota pool/home/bob -.fi -.in -2 -.sp - -.LP -\fBExample 12 \fRRemotely Replicating ZFS Data -.sp -.LP +# zfs snapshot pool/project/production@today +# zfs clone pool/project/production@today pool/project/beta + make changes to /pool/project/beta and test them +# zfs promote pool/project/beta +# zfs rename pool/project/production pool/project/legacy +# zfs rename pool/project/beta pool/project/production + once the legacy version is no longer needed, it can be destroyed +# zfs destroy pool/project/legacy +.Ed +.It Sy Example 11 No Inheriting ZFS Properties +The following command causes +.Em pool/home/bob +and +.Em pool/home/anne +to inherit the +.Sy checksum +property from their parent. +.Bd -literal +# zfs inherit checksum pool/home/bob pool/home/anne +.Ed +.It Sy Example 12 No Remotely Replicating ZFS Data The following commands send a full stream and then an incremental stream to a -remote machine, restoring them into \fBpoolB/received/fs@a\fRand -\fBpoolB/received/fs@b\fR, respectively. \fBpoolB\fR must contain the file -system \fBpoolB/received\fR, and must not initially contain -\fBpoolB/received/fs\fR. - -.sp -.in +2 -.nf -# \fBzfs send pool/fs@a | \e\fR - \fBssh host zfs receive poolB/received/fs@a\fR -# \fBzfs send -i a pool/fs@b | ssh host \e\fR - \fBzfs receive poolB/received/fs\fR -.fi -.in -2 -.sp - -.LP -\fBExample 13 \fRUsing the \fBzfs receive\fR \fB-d\fR Option -.sp -.LP -The following command sends a full stream of \fBpoolA/fsA/fsB@snap\fR to a -remote machine, receiving it into \fBpoolB/received/fsA/fsB@snap\fR. The -\fBfsA/fsB@snap\fR portion of the received snapshot's name is determined from -the name of the sent snapshot. \fBpoolB\fR must contain the file system -\fBpoolB/received\fR. If \fBpoolB/received/fsA\fR does not exist, it is created -as an empty file system. - -.sp -.in +2 -.nf -# \fBzfs send poolA/fsA/fsB@snap | \e - ssh host zfs receive -d poolB/received\fR -.fi -.in -2 -.sp - -.LP -\fBExample 14 \fRSetting User Properties -.sp -.LP -The following example sets the user-defined \fBcom.example:department\fR +remote machine, restoring them into +.Em poolB/received/fs@a +and +.Em poolB/received/fs@b , +respectively. +.Em poolB +must contain the file system +.Em poolB/received , +and must not initially contain +.Em poolB/received/fs . +.Bd -literal +# zfs send pool/fs@a | \e + ssh host zfs receive poolB/received/fs@a +# zfs send -i a pool/fs@b | \e + ssh host zfs receive poolB/received/fs +.Ed +.It Sy Example 13 No Using the zfs receive -d Option +The following command sends a full stream of +.Em poolA/fsA/fsB@snap +to a remote machine, receiving it into +.Em poolB/received/fsA/fsB@snap . +The +.Em fsA/fsB@snap +portion of the received snapshot's name is determined from the name of the sent +snapshot. +.Em poolB +must contain the file system +.Em poolB/received . +If +.Em poolB/received/fsA +does not exist, it is created as an empty file system. +.Bd -literal +# zfs send poolA/fsA/fsB@snap | \e + ssh host zfs receive -d poolB/received +.Ed +.It Sy Example 14 No Setting User Properties +The following example sets the user-defined +.Sy com.example:department property for a dataset. - -.sp -.in +2 -.nf -# \fBzfs set com.example:department=12345 tank/accounting\fR -.fi -.in -2 -.sp - -.LP -\fBExample 15 \fRCreating a ZFS Volume as an iSCSI Target Device -.sp -.LP -The following example shows how to create a \fBZFS\fR volume as an \fBiSCSI\fR -target. - -.sp -.in +2 -.nf -# \fBzfs create -V 2g pool/volumes/vol1\fR -# \fBzfs set shareiscsi=on pool/volumes/vol1\fR -# \fBiscsitadm list target\fR -Target: pool/volumes/vol1 - iSCSI Name: - iqn.1986-03.com.sun:02:7b4b02a6-3277-eb1b-e686-a24762c52a8c - Connections: 0 -.fi -.in -2 -.sp - -.sp -.LP -After the \fBiSCSI\fR target is created, set up the \fBiSCSI\fR initiator. For -more information about the Solaris \fBiSCSI\fR initiator, see -\fBiscsitadm\fR(1M). -.LP -\fBExample 16 \fRPerforming a Rolling Snapshot -.sp -.LP +.Bd -literal +# zfs set com.example:department=12345 tank/accounting +.Ed +.It Sy Example 15 No Performing a Rolling Snapshot The following example shows how to maintain a history of snapshots with a consistent naming scheme. To keep a week's worth of snapshots, the user destroys the oldest snapshot, renames the remaining snapshots, and then creates a new snapshot, as follows: - -.sp -.in +2 -.nf -# \fBzfs destroy -r pool/users@7daysago\fR -# \fBzfs rename -r pool/users@6daysago @7daysago\fR -# \fBzfs rename -r pool/users@5daysago @6daysago\fR -# \fBzfs rename -r pool/users@yesterday @5daysago\fR -# \fBzfs rename -r pool/users@yesterday @4daysago\fR -# \fBzfs rename -r pool/users@yesterday @3daysago\fR -# \fBzfs rename -r pool/users@yesterday @2daysago\fR -# \fBzfs rename -r pool/users@today @yesterday\fR -# \fBzfs snapshot -r pool/users@today\fR -.fi -.in -2 -.sp - -.LP -\fBExample 17 \fRSetting \fBsharenfs\fR Property Options on a ZFS File System -.sp -.LP -The following commands show how to set \fBsharenfs\fR property options to -enable \fBrw\fR access for a set of \fBIP\fR addresses and to enable root -access for system \fBneo\fR on the \fBtank/home\fR file system. - -.sp -.in +2 -.nf -# \fBzfs set sharenfs='rw=@123.123.0.0/16,root=neo' tank/home\fR -.fi -.in -2 -.sp - -.sp -.LP -If you are using \fBDNS\fR for host name resolution, specify the fully -qualified hostname. - -.LP -\fBExample 18 \fRDelegating ZFS Administration Permissions on a ZFS Dataset -.sp -.LP -The following example shows how to set permissions so that user \fBcindys\fR -can create, destroy, mount, and take snapshots on \fBtank/cindys\fR. The -permissions on \fBtank/cindys\fR are also displayed. - -.sp -.in +2 -.nf -# \fBzfs allow cindys create,destroy,mount,snapshot tank/cindys\fR -# \fBzfs allow tank/cindys\fR +.Bd -literal +# zfs destroy -r pool/users@7daysago +# zfs rename -r pool/users@6daysago @7daysago +# zfs rename -r pool/users@5daysago @6daysago +# zfs rename -r pool/users@yesterday @5daysago +# zfs rename -r pool/users@yesterday @4daysago +# zfs rename -r pool/users@yesterday @3daysago +# zfs rename -r pool/users@yesterday @2daysago +# zfs rename -r pool/users@today @yesterday +# zfs snapshot -r pool/users@today +.Ed +.It Sy Example 16 No Setting sharenfs Property Options on a ZFS File System +The following commands show how to set +.Sy sharenfs +property options to enable +.Sy rw +access for a set of +.Sy IP +addresses and to enable root access for system +.Sy neo +on the +.Em tank/home +file system. +.Bd -literal +# zfs set sharenfs='rw=@123.123.0.0/16,root=neo' tank/home +.Ed +.Pp +If you are using +.Sy DNS +for host name resolution, specify the fully qualified hostname. +.It Sy Example 17 No Delegating ZFS Administration Permissions on a ZFS Dataset +The following example shows how to set permissions so that user +.Sy cindys +can create, destroy, mount, and take snapshots on +.Em tank/cindys . +The permissions on +.Em tank/cindys +are also displayed. +.Bd -literal +# zfs allow cindys create,destroy,mount,snapshot tank/cindys +# zfs allow tank/cindys ---- Permissions on tank/cindys -------------------------------------- Local+Descendent permissions: user cindys create,destroy,mount,snapshot -.fi -.in -2 -.sp - -.sp -.LP -Because the \fBtank/cindys\fR mount point permission is set to 755 by default, -user \fBcindys\fR will be unable to mount file systems under \fBtank/cindys\fR. -Set an \fBACL\fR similar to the following syntax to provide mount point access: -.sp -.in +2 -.nf -# \fBchmod A+user:cindys:add_subdirectory:allow /tank/cindys\fR -.fi -.in -2 -.sp - -.LP -\fBExample 19 \fRDelegating Create Time Permissions on a ZFS Dataset -.sp -.LP -The following example shows how to grant anyone in the group \fBstaff\fR to -create file systems in \fBtank/users\fR. This syntax also allows staff members -to destroy their own file systems, but not destroy anyone else's file system. -The permissions on \fBtank/users\fR are also displayed. - -.sp -.in +2 -.nf -# \fBzfs allow staff create,mount tank/users\fR -# \fBzfs allow -c destroy tank/users\fR -# \fBzfs allow tank/users\fR +.Ed +.Pp +Because the +.Em tank/cindys +mount point permission is set to 755 by default, user +.Sy cindys +will be unable to mount file systems under +.Em tank/cindys . +Add an +.Sy ACE +similar to the following syntax to provide mount point access: +.Bd -literal +# chmod A+user:cindys:add_subdirectory:allow /tank/cindys +.Ed +.It Sy Example 18 No Delegating Create Time Permissions on a ZFS Dataset +The following example shows how to grant anyone in the group +.Sy staff +to create file systems in +.Em tank/users . +This syntax also allows staff members to destroy their own file systems, but not +destroy anyone else's file system. The permissions on +.Em tank/users +are also displayed. +.Bd -literal +# zfs allow staff create,mount tank/users +# zfs allow -c destroy tank/users +# zfs allow tank/users ---- Permissions on tank/users --------------------------------------- Permission sets: destroy Local+Descendent permissions: group staff create,mount -.fi -.in -2 -.sp - -.LP -\fBExample 20 \fRDefining and Granting a Permission Set on a ZFS Dataset -.sp -.LP +.Ed +.It Sy Example 19 No Defining and Granting a Permission Set on a ZFS Dataset The following example shows how to define and grant a permission set on the -\fBtank/users\fR file system. The permissions on \fBtank/users\fR are also -displayed. - -.sp -.in +2 -.nf -# \fBzfs allow -s @pset create,destroy,snapshot,mount tank/users\fR -# \fBzfs allow staff @pset tank/users\fR -# \fBzfs allow tank/users\fR +.Em tank/users +file system. The permissions on +.Em tank/users +are also displayed. +.Bd -literal +# zfs allow -s @pset create,destroy,snapshot,mount tank/users +# zfs allow staff @pset tank/users +# zfs allow tank/users ---- Permissions on tank/users --------------------------------------- Permission sets: @pset create,destroy,mount,snapshot Local+Descendent permissions: group staff @pset -.fi -.in -2 -.sp - -.LP -\fBExample 21 \fRDelegating Property Permissions on a ZFS Dataset -.sp -.LP +.Ed +.It Sy Example 20 No Delegating Property Permissions on a ZFS Dataset The following example shows to grant the ability to set quotas and reservations -on the \fBusers/home\fR file system. The permissions on \fBusers/home\fR are -also displayed. - -.sp -.in +2 -.nf -# \fBzfs allow cindys quota,reservation users/home\fR -# \fBzfs allow users/home\fR +on the +.Em users/home +file system. The permissions on +.Em users/home +are also displayed. +.Bd -literal +# zfs allow cindys quota,reservation users/home +# zfs allow users/home ---- Permissions on users/home --------------------------------------- Local+Descendent permissions: user cindys quota,reservation -cindys% \fBzfs set quota=10G users/home/marks\fR -cindys% \fBzfs get quota users/home/marks\fR +cindys% zfs set quota=10G users/home/marks +cindys% zfs get quota users/home/marks NAME PROPERTY VALUE SOURCE users/home/marks quota 10G local -.fi -.in -2 -.sp - -.LP -\fBExample 22 \fRRemoving ZFS Delegated Permissions on a ZFS Dataset -.sp -.LP +.Ed +.It Sy Example 21 No Removing ZFS Delegated Permissions on a ZFS Dataset The following example shows how to remove the snapshot permission from the -\fBstaff\fR group on the \fBtank/users\fR file system. The permissions on -\fBtank/users\fR are also displayed. - -.sp -.in +2 -.nf -# \fBzfs unallow staff snapshot tank/users\fR -# \fBzfs allow tank/users\fR +.Sy staff +group on the +.Em tank/users +file system. The permissions on +.Em tank/users +are also displayed. +.Bd -literal +# zfs unallow staff snapshot tank/users +# zfs allow tank/users ---- Permissions on tank/users --------------------------------------- Permission sets: @pset create,destroy,mount,snapshot Local+Descendent permissions: group staff @pset -.fi -.in -2 -.sp - -.LP -\fBExample 23\fR Showing the differences between a snapshot and a ZFS Dataset -.sp -.LP +.Ed +.It Sy Example 22 No Showing the differences between a snapshot and a ZFS Dataset The following example shows how to see what has changed between a prior -snapshot of a ZFS Dataset and its current state. The \fB-F\fR option is used -to indicate type information for the files affected. - -.sp -.in +2 -.nf +snapshot of a ZFS dataset and its current state. The +.Fl F +option is used to indicate type information for the files affected. +.Bd -literal # zfs diff -F tank/test@before tank/test M / /tank/test/ M F /tank/test/linked (+1) @@ -4242,69 +3442,23 @@ R F /tank/test/oldname -> /tank/test/newname - F /tank/test/deleted + F /tank/test/created M F /tank/test/modified -.fi -.in -2 -.sp - -.SH EXIT STATUS -.LP -The following exit values are returned: -.sp -.ne 2 -.na -\fB\fB0\fR\fR -.ad -.sp .6 -.RS 4n -Successful completion. -.RE - -.sp -.ne 2 -.na -\fB\fB1\fR\fR -.ad -.sp .6 -.RS 4n -An error occurred. -.RE - -.sp -.ne 2 -.na -\fB\fB2\fR\fR -.ad -.sp .6 -.RS 4n -Invalid command line options were specified. -.RE - -.SH ATTRIBUTES -.LP -See \fBattributes\fR(5) for descriptions of the following attributes: -.sp - -.sp -.TS -box; -c | c -l | l . -ATTRIBUTE TYPE ATTRIBUTE VALUE -_ -Interface Stability Committed -.TE - -.SH SEE ALSO -.LP -\fBssh\fR(1), \fBiscsitadm\fR(1M), \fBmount\fR(1M), \fBshare\fR(1M), -\fBsharemgr\fR(1M), \fBunshare\fR(1M), \fBzonecfg\fR(1M), \fBzpool\fR(1M), -\fBchmod\fR(2), \fBstat\fR(2), \fBwrite\fR(2), \fBfsync\fR(3C), -\fBdfstab\fR(4), \fBacl\fR(5), \fBattributes\fR(5) -.sp -.LP -See the \fBgzip\fR(1) man page, which is not part of the SunOS man page -collection. -.sp -.LP -For information about using the \fBZFS\fR web-based management tool and other -\fBZFS\fR features, see the \fISolaris ZFS Administration Guide\fR. +.Ed +.El +.Sh INTERFACE STABILITY +.Sy Commited . +.Sh SEE ALSO +.Xr gzip 1, +.Xr ssh 1 , +.Xr mount 1M , +.Xr share 1M , +.Xr sharemgr 1M , +.Xr unshare 1M , +.Xr zonecfg 1M , +.Xr zpool 1M , +.Xr chmod 2 , +.Xr stat 2 , +.Xr write 2 , +.Xr fsync 3C , +.Xr dfstab 4 , +.Xr acl 5 , +.Xr attributes 5 diff --git a/usr/src/man/man3c/fnmatch.3c b/usr/src/man/man3c/fnmatch.3c index 06c032069b..8b93c593b4 100644 --- a/usr/src/man/man3c/fnmatch.3c +++ b/usr/src/man/man3c/fnmatch.3c @@ -7,7 +7,7 @@ .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH FNMATCH 3C "Jul 24, 2002" +.TH FNMATCH 3C "Jun 11, 2015" .SH NAME fnmatch \- match filename or path name .SH SYNOPSIS @@ -19,7 +19,6 @@ fnmatch \- match filename or path name .fi .SH DESCRIPTION -.sp .LP The \fBfnmatch()\fR function matches patterns as described on the \fBfnmatch\fR(5) manual page. It checks the \fIstring\fR argument to see if it @@ -46,6 +45,21 @@ If not set, the slash character is treated as an ordinary character. .sp .ne 2 .na +\fB\fBFNM_IGNORECASE\fR\fR +.ad +.RS 18n +If set, the \fIstring\fR will be transliterated to lower case before doing the +actual match. This transliteration is done using \fBtowlower_l\fR(3C), using +the locale of the current thread. If no locale is set, then the global locale +is used instead. +.sp +If not set, the match will use \fIstring\fR with no changes, making the match +case-sensitive. +.RE + +.sp +.ne 2 +.na \fB\fBFNM_NOESCAPE\fR\fR .ad .RS 18n @@ -82,17 +96,15 @@ character of \fIstring\fR. .RE .sp -.LP +.RS 18n If not set, no special restrictions are placed on matching a period. .SH RETURN VALUES -.sp .LP If \fIstring\fR matches the pattern specified by \fIpattern\fR, then \fBfnmatch()\fR returns \fB0\fR. If there is no match, \fBfnmatch()\fR returns \fBFNM_NOMATCH\fR, which is defined in the header <\fBfnmatch.h\fR>. If an error occurs, \fBfnmatch()\fR returns another non-zero value. .SH USAGE -.sp .LP The \fBfnmatch()\fR function has two major uses. It could be used by an application or utility that needs to read a directory and apply a pattern @@ -112,7 +124,6 @@ treatment for period at the beginning of a filename. The \fBfnmatch()\fR function can be used safely in multithreaded applications, as long as \fBsetlocale\fR(3C) is not being called to change the locale. .SH ATTRIBUTES -.sp .LP See \fBattributes\fR(5) for descriptions of the following attributes: .sp @@ -132,7 +143,6 @@ MT-Level MT-Safe with exceptions .TE .SH SEE ALSO -.sp .LP \fBfind\fR(1), \fBpax\fR(1), \fBglob\fR(3C), \fBsetlocale\fR(3C), \fBwordexp\fR(3C), \fBattributes\fR(5), \fBfnmatch\fR(5), \fBstandards\fR(5) diff --git a/usr/src/tools/scripts/webrev.sh b/usr/src/tools/scripts/webrev.sh index 8a122f7358..45e00fe844 100644 --- a/usr/src/tools/scripts/webrev.sh +++ b/usr/src/tools/scripts/webrev.sh @@ -25,7 +25,7 @@ # Copyright 2008, 2010, Richard Lowe # Copyright 2012 Marcel Telka <marcel@telka.sk> # Copyright 2014 Bart Coddens <bart.coddens@gmail.com> -# Copyright 2014 Nexenta Systems, Inc. All rights reserved. +# Copyright 2015 Nexenta Systems, Inc. All rights reserved. # # @@ -3175,7 +3175,7 @@ do # if [[ -f "$nfile" && "$nfile" = *.+([0-9])*([a-zA-Z]) && \ -x $MANDOC && -x $COL ]]; then - $MANDOC -Tutf8 $nfile | $COL -b > $nfile.man.txt + $MANDOC -Tascii $nfile | $COL -b > $nfile.man.txt source_to_html txt < $nfile.man.txt > $nfile.man.txt.html print " man-txt\c" print "$MANCSS" > $WDIR/raw_files/new/$DIR/man.css @@ -3184,7 +3184,7 @@ do $MANDOC -Tascii $nfile > $nfile.man.raw print " man-raw\c" if [[ -f "$ofile" && -z $mv_but_nodiff ]]; then - $MANDOC -Tutf8 $ofile | $COL -b > $ofile.man.txt + $MANDOC -Tascii $ofile | $COL -b > $ofile.man.txt ${CDIFFCMD:-diff -bt -C 5} $ofile.man.txt \ $nfile.man.txt > $WDIR/$DIR/$F.man.cdiff diff_to_html $F $DIR/$F "C" "$COMM" < \ diff --git a/usr/src/uts/common/Makefile.files b/usr/src/uts/common/Makefile.files index 45066375e7..d7a58d0529 100644 --- a/usr/src/uts/common/Makefile.files +++ b/usr/src/uts/common/Makefile.files @@ -1256,7 +1256,6 @@ SMBSRV_OBJS += $(SMBSRV_SHARED_OBJS) \ smb_ofile.o \ smb_open_andx.o \ smb_opipe.o \ - smb_opipe_door.o \ smb_oplock.o \ smb_pathname.o \ smb_print.o \ diff --git a/usr/src/uts/common/fs/smbsrv/smb_common_open.c b/usr/src/uts/common/fs/smbsrv/smb_common_open.c index 6e217c51ed..91f9a51bab 100644 --- a/usr/src/uts/common/fs/smbsrv/smb_common_open.c +++ b/usr/src/uts/common/fs/smbsrv/smb_common_open.c @@ -38,7 +38,7 @@ #include <smbsrv/smb_fsops.h> #include <smbsrv/smbinfo.h> -volatile uint32_t smb_fids = 0; +static volatile uint32_t smb_fids = 0; #define SMB_UNIQ_FID() atomic_inc_32_nv(&smb_fids) static uint32_t smb_open_subr(smb_request_t *); @@ -378,7 +378,9 @@ smb_open_subr(smb_request_t *sr) * No further processing for IPC, we need to either * raise an exception or return success here. */ - if ((status = smb_opipe_open(sr)) != NT_STATUS_SUCCESS) + uniq_fid = SMB_UNIQ_FID(); + status = smb_opipe_open(sr, uniq_fid); + if (status != NT_STATUS_SUCCESS) smbsr_error(sr, status, 0, 0); smb_threshold_exit(&sv->sv_opipe_ct); @@ -825,18 +827,24 @@ smb_open_subr(smb_request_t *sr) status = NT_STATUS_SUCCESS; - of = smb_ofile_open(sr, node, sr->smb_pid, op, SMB_FTYPE_DISK, uniq_fid, + of = smb_ofile_open(sr, node, op, SMB_FTYPE_DISK, uniq_fid, &err); if (of == NULL) { smbsr_error(sr, err.status, err.errcls, err.errcode); status = err.status; } - if (status == NT_STATUS_SUCCESS) { - if (!smb_tree_is_connected(sr->tid_tree)) { - smbsr_error(sr, 0, ERRSRV, ERRinvnid); - status = NT_STATUS_UNSUCCESSFUL; - } + /* + * We might have blocked in smb_ofile_open long enough so a + * tree disconnect might have happened. In that case, we've + * just added an ofile to a tree that's disconnecting, and + * need to undo that to avoid interfering with tear-down of + * the tree connection. + */ + if (status == NT_STATUS_SUCCESS && + !smb_tree_is_connected(sr->tid_tree)) { + smbsr_error(sr, 0, ERRSRV, ERRinvnid); + status = NT_STATUS_INVALID_PARAMETER; } /* diff --git a/usr/src/uts/common/fs/smbsrv/smb_common_transact.c b/usr/src/uts/common/fs/smbsrv/smb_common_transact.c index 47607b4bb9..6fe650735e 100644 --- a/usr/src/uts/common/fs/smbsrv/smb_common_transact.c +++ b/usr/src/uts/common/fs/smbsrv/smb_common_transact.c @@ -21,7 +21,7 @@ /* * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved. - * Copyright 2012 Nexenta Systems, Inc. All rights reserved. + * Copyright 2014 Nexenta Systems, Inc. All rights reserved. */ #include <smbsrv/smb_kproto.h> @@ -1383,16 +1383,74 @@ is_supported_mailslot(const char *mailslot) } /* - * Currently, just return false if the pipe is \\PIPE\repl. - * Otherwise, return true. + * smb_trans_nmpipe + * + * This is used for RPC bind and request transactions. + * + * If the data available from the pipe is larger than the maximum + * data size requested by the client, return as much as requested. + * The residual data remains in the pipe until the client comes back + * with a read request or closes the pipe. + * + * When we read less than what's available, we MUST return the + * status NT_STATUS_BUFFER_OVERFLOW (or ERRDOS/ERROR_MORE_DATA) */ -static boolean_t -is_supported_pipe(const char *pname) +static smb_sdrc_t +smb_trans_nmpipe(smb_request_t *sr, smb_xa_t *xa) { - if (smb_strcasecmp(pname, PIPE_REPL, 0) == 0) - return (B_FALSE); + smb_vdb_t vdb; + struct mbuf *mb; + int rc; + + smbsr_lookup_file(sr); + if (sr->fid_ofile == NULL) { + smbsr_error(sr, NT_STATUS_INVALID_HANDLE, + ERRDOS, ERRbadfid); + return (SDRC_ERROR); + } + + rc = smb_mbc_decodef(&xa->req_data_mb, "#B", + xa->smb_tdscnt, &vdb); + if (rc != 0) { + /* Not enough data sent. */ + smbsr_error(sr, 0, ERRSRV, ERRerror); + return (SDRC_ERROR); + } + + rc = smb_opipe_write(sr, &vdb.vdb_uio); + if (rc != 0) { + smbsr_errno(sr, rc); + return (SDRC_ERROR); + } + + vdb.vdb_tag = 0; + vdb.vdb_uio.uio_iov = &vdb.vdb_iovec[0]; + vdb.vdb_uio.uio_iovcnt = MAX_IOVEC; + vdb.vdb_uio.uio_segflg = UIO_SYSSPACE; + vdb.vdb_uio.uio_extflg = UIO_COPY_DEFAULT; + vdb.vdb_uio.uio_loffset = (offset_t)0; + vdb.vdb_uio.uio_resid = xa->smb_mdrcnt; + mb = smb_mbuf_allocate(&vdb.vdb_uio); + + rc = smb_opipe_read(sr, &vdb.vdb_uio); + if (rc == E2BIG) { + /* + * Note: E2BIG is not a real error. It just + * tells us there's more data to be read. + */ + smbsr_status(sr, NT_STATUS_BUFFER_OVERFLOW, + ERRDOS, ERROR_MORE_DATA); + rc = 0; + } + if (rc != 0) { + smbsr_errno(sr, rc); + return (SDRC_ERROR); + } + + smb_mbuf_trim(mb, xa->smb_mdrcnt - vdb.vdb_uio.uio_resid); + MBC_ATTACH_MBUF(&xa->rep_data_mb, mb); - return (B_TRUE); + return (SDRC_SUCCESS); } static smb_sdrc_t @@ -1405,7 +1463,6 @@ smb_trans_dispatch(smb_request_t *sr, smb_xa_t *xa) uint16_t devstate; char *req_fmt; char *rep_fmt; - smb_vdb_t vdb; if (xa->smb_suwcnt > 0 && STYPE_ISIPC(sr->tid_tree->t_res_type)) { rc = smb_mbc_decodef(&xa->req_setup_mb, "ww", &opcode, @@ -1422,26 +1479,11 @@ smb_trans_dispatch(smb_request_t *sr, smb_xa_t *xa) break; case TRANS_TRANSACT_NMPIPE: - smbsr_lookup_file(sr); - if (sr->fid_ofile == NULL) { - smbsr_error(sr, NT_STATUS_INVALID_HANDLE, - ERRDOS, ERRbadfid); - return (SDRC_ERROR); - } - - rc = smb_mbc_decodef(&xa->req_data_mb, "#B", - xa->smb_tdscnt, &vdb); - if (rc != 0) - goto trans_err_not_supported; - - rc = smb_opipe_transact(sr, &vdb.vdb_uio); + rc = smb_trans_nmpipe(sr, xa); break; case TRANS_WAIT_NMPIPE: - if (!is_supported_pipe(xa->xa_pipe_name)) { - smbsr_error(sr, 0, ERRDOS, ERRbadfile); - return (SDRC_ERROR); - } + delay(SEC_TO_TICK(1)); rc = SDRC_SUCCESS; break; diff --git a/usr/src/uts/common/fs/smbsrv/smb_dispatch.c b/usr/src/uts/common/fs/smbsrv/smb_dispatch.c index e2488c244f..da874155ff 100644 --- a/usr/src/uts/common/fs/smbsrv/smb_dispatch.c +++ b/usr/src/uts/common/fs/smbsrv/smb_dispatch.c @@ -970,6 +970,8 @@ static const struct { { EROFS, ERRHRD, ERRnowrite, NT_STATUS_ACCESS_DENIED }, { ESTALE, ERRDOS, ERRbadfid, NT_STATUS_INVALID_HANDLE }, { EBADF, ERRDOS, ERRbadfid, NT_STATUS_INVALID_HANDLE }, + { ENOTSOCK, ERRDOS, ERRbadfid, NT_STATUS_INVALID_HANDLE }, + { EPIPE, ERRDOS, ERROR_BROKEN_PIPE, NT_STATUS_PIPE_BROKEN }, { EEXIST, ERRDOS, ERRfilexists, NT_STATUS_OBJECT_NAME_COLLISION }, { ENXIO, ERRSRV, ERRinvdevice, NT_STATUS_BAD_DEVICE_TYPE }, { ESRCH, ERRDOS, ERROR_FILE_NOT_FOUND, diff --git a/usr/src/uts/common/fs/smbsrv/smb_kutil.c b/usr/src/uts/common/fs/smbsrv/smb_kutil.c index a31865f298..2f0d327fe8 100644 --- a/usr/src/uts/common/fs/smbsrv/smb_kutil.c +++ b/usr/src/uts/common/fs/smbsrv/smb_kutil.c @@ -920,6 +920,18 @@ smb_time_nt_to_unix(uint64_t nt_time, timestruc_t *unix_time) return; } + /* + * Can't represent times less than or equal NT_TIME_BIAS, + * so convert them to the oldest date we can store. + * Note that time zero is "special" being converted + * both directions as 0:0 (unix-to-nt, nt-to-unix). + */ + if (nt_time <= NT_TIME_BIAS) { + unix_time->tv_sec = 0; + unix_time->tv_nsec = 100; + return; + } + nt_time -= NT_TIME_BIAS; seconds = nt_time / 10000000; unix_time->tv_sec = seconds; diff --git a/usr/src/uts/common/fs/smbsrv/smb_odir.c b/usr/src/uts/common/fs/smbsrv/smb_odir.c index 8d246ae3c6..279a2cc7ef 100644 --- a/usr/src/uts/common/fs/smbsrv/smb_odir.c +++ b/usr/src/uts/common/fs/smbsrv/smb_odir.c @@ -20,7 +20,7 @@ */ /* * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved. - * Copyright 2013 Nexenta Systems, Inc. All rights reserved. + * Copyright 2015 Nexenta Systems, Inc. All rights reserved. */ /* @@ -1216,6 +1216,7 @@ smb_odir_wildcard_fileinfo(smb_request_t *sr, smb_odir_t *od, smb_odirent_t *odirent, smb_fileinfo_t *fileinfo) { int rc; + cred_t *cr; smb_node_t *fnode, *tgt_node; smb_attr_t attr; char *name; @@ -1247,9 +1248,24 @@ smb_odir_wildcard_fileinfo(smb_request_t *sr, smb_odir_t *od, return (ENOENT); } + /* + * Windows directory listings return not only names, but + * also some attributes. In Unix, you need some access to + * get those attributes. Which credential should we use to + * get those? If we're doing Access Based Enumeration (ABE) + * we want this getattr to fail, which will cause the caller + * to skip this entry. If we're NOT doing ABE, we normally + * want to show all the directory entries (including their + * attributes) so we want this getattr to succeed! + */ + if (smb_tree_has_feature(od->d_tree, SMB_TREE_ABE)) + cr = od->d_cred; + else + cr = zone_kcred(); + bzero(&attr, sizeof (attr)); attr.sa_mask = SMB_AT_ALL; - rc = smb_node_getattr(sr, fnode, zone_kcred(), NULL, &attr); + rc = smb_node_getattr(NULL, fnode, cr, NULL, &attr); if (rc != 0) { smb_node_release(fnode); return (rc); diff --git a/usr/src/uts/common/fs/smbsrv/smb_ofile.c b/usr/src/uts/common/fs/smbsrv/smb_ofile.c index 41515ee392..a21461efe3 100644 --- a/usr/src/uts/common/fs/smbsrv/smb_ofile.c +++ b/usr/src/uts/common/fs/smbsrv/smb_ofile.c @@ -177,7 +177,6 @@ smb_ofile_t * smb_ofile_open( smb_request_t *sr, smb_node_t *node, - uint16_t pid, struct open_param *op, uint16_t ftype, uint32_t uniqid, @@ -205,7 +204,7 @@ smb_ofile_open( of->f_refcnt = 1; of->f_fid = fid; of->f_uniqid = uniqid; - of->f_opened_by_pid = pid; + of->f_opened_by_pid = sr->smb_pid; of->f_granted_access = op->desired_access; of->f_share_access = op->share_access; of->f_create_options = op->create_options; @@ -230,7 +229,8 @@ smb_ofile_open( of->f_state = SMB_OFILE_STATE_OPEN; if (ftype == SMB_FTYPE_MESG_PIPE) { - of->f_pipe = smb_opipe_alloc(tree->t_server); + /* See smb_opipe_open. */ + of->f_pipe = op->pipe; smb_server_inc_pipes(of->f_server); } else { ASSERT(ftype == SMB_FTYPE_DISK); /* Regular file, not a pipe */ @@ -324,113 +324,104 @@ smb_ofile_close(smb_ofile_t *of, int32_t mtime_sec) mutex_enter(&of->f_mutex); ASSERT(of->f_refcnt); - switch (of->f_state) { - case SMB_OFILE_STATE_OPEN: { - - of->f_state = SMB_OFILE_STATE_CLOSING; + if (of->f_state != SMB_OFILE_STATE_OPEN) { mutex_exit(&of->f_mutex); + return; + } + of->f_state = SMB_OFILE_STATE_CLOSING; + mutex_exit(&of->f_mutex); - if (of->f_ftype == SMB_FTYPE_MESG_PIPE) { - smb_opipe_close(of); - smb_server_dec_pipes(of->f_server); - } else { - smb_attr_t *pa = &of->f_pending_attr; - - /* - * In here we make changes to of->f_pending_attr - * while not holding of->f_mutex. This is OK - * because we've changed f_state to CLOSING, - * so no more threads will take this path. - */ - if (mtime_sec != 0) { - pa->sa_vattr.va_mtime.tv_sec = mtime_sec; - pa->sa_mask |= SMB_AT_MTIME; - } + if (of->f_ftype == SMB_FTYPE_MESG_PIPE) { + smb_opipe_close(of); + smb_server_dec_pipes(of->f_server); + } else { + smb_attr_t *pa = &of->f_pending_attr; - /* - * If we have ever modified data via this handle - * (write or truncate) and if the mtime was not - * set via this handle, update the mtime again - * during the close. Windows expects this. - * [ MS-FSA 2.1.5.4 "Update Timestamps" ] - */ - if (of->f_written && - (pa->sa_mask & SMB_AT_MTIME) == 0) { - pa->sa_mask |= SMB_AT_MTIME; - gethrestime(&now); - pa->sa_vattr.va_mtime = now; - } + /* + * In here we make changes to of->f_pending_attr + * while not holding of->f_mutex. This is OK + * because we've changed f_state to CLOSING, + * so no more threads will take this path. + */ + if (mtime_sec != 0) { + pa->sa_vattr.va_mtime.tv_sec = mtime_sec; + pa->sa_mask |= SMB_AT_MTIME; + } - if (of->f_flags & SMB_OFLAGS_SET_DELETE_ON_CLOSE) { - if (smb_tree_has_feature(of->f_tree, - SMB_TREE_CATIA)) { - flags |= SMB_CATIA; - } - (void) smb_node_set_delete_on_close(of->f_node, - of->f_cr, flags); - } - smb_fsop_unshrlock(of->f_cr, of->f_node, of->f_uniqid); - smb_node_destroy_lock_by_ofile(of->f_node, of); + /* + * If we have ever modified data via this handle + * (write or truncate) and if the mtime was not + * set via this handle, update the mtime again + * during the close. Windows expects this. + * [ MS-FSA 2.1.5.4 "Update Timestamps" ] + */ + if (of->f_written && + (pa->sa_mask & SMB_AT_MTIME) == 0) { + pa->sa_mask |= SMB_AT_MTIME; + gethrestime(&now); + pa->sa_vattr.va_mtime = now; + } - if (smb_node_is_file(of->f_node)) { - (void) smb_fsop_close(of->f_node, of->f_mode, - of->f_cr); - smb_oplock_release(of->f_node, of); - } - if (smb_node_dec_open_ofiles(of->f_node) == 0) { - /* - * Last close. The f_pending_attr has - * only times (atime,ctime,mtime) so - * we can borrow it to commit the - * n_pending_dosattr from the node. - */ - pa->sa_dosattr = - of->f_node->n_pending_dosattr; - if (pa->sa_dosattr != 0) - pa->sa_mask |= SMB_AT_DOSATTR; - /* Let's leave this zero when not in use. */ - of->f_node->n_allocsz = 0; - } - if (pa->sa_mask != 0) { - /* - * Commit any pending attributes from - * the ofile we're closing. Note that - * we pass NULL as the ofile to setattr - * so it will write to the file system - * and not keep anything on the ofile. - * This clears n_pending_dosattr if - * there are no opens, otherwise the - * dosattr will be pending again. - */ - (void) smb_node_setattr(NULL, of->f_node, - of->f_cr, NULL, pa); + if (of->f_flags & SMB_OFLAGS_SET_DELETE_ON_CLOSE) { + if (smb_tree_has_feature(of->f_tree, + SMB_TREE_CATIA)) { + flags |= SMB_CATIA; } + (void) smb_node_set_delete_on_close(of->f_node, + of->f_cr, flags); + } + smb_fsop_unshrlock(of->f_cr, of->f_node, of->f_uniqid); + smb_node_destroy_lock_by_ofile(of->f_node, of); + if (smb_node_is_file(of->f_node)) { + (void) smb_fsop_close(of->f_node, of->f_mode, + of->f_cr); + smb_oplock_release(of->f_node, of); + } + if (smb_node_dec_open_ofiles(of->f_node) == 0) { /* - * Cancel any notify change requests that - * may be using this open instance. + * Last close. The f_pending_attr has + * only times (atime,ctime,mtime) so + * we can borrow it to commit the + * n_pending_dosattr from the node. */ - if (of->f_node->n_fcn.fcn_count) - smb_notify_file_closed(of); - - smb_server_dec_files(of->f_server); + pa->sa_dosattr = + of->f_node->n_pending_dosattr; + if (pa->sa_dosattr != 0) + pa->sa_mask |= SMB_AT_DOSATTR; + /* Let's leave this zero when not in use. */ + of->f_node->n_allocsz = 0; + } + if (pa->sa_mask != 0) { + /* + * Commit any pending attributes from + * the ofile we're closing. Note that + * we pass NULL as the ofile to setattr + * so it will write to the file system + * and not keep anything on the ofile. + * This clears n_pending_dosattr if + * there are no opens, otherwise the + * dosattr will be pending again. + */ + (void) smb_node_setattr(NULL, of->f_node, + of->f_cr, NULL, pa); } - atomic_dec_32(&of->f_tree->t_open_files); - mutex_enter(&of->f_mutex); - ASSERT(of->f_refcnt); - ASSERT(of->f_state == SMB_OFILE_STATE_CLOSING); - of->f_state = SMB_OFILE_STATE_CLOSED; - break; - } - case SMB_OFILE_STATE_CLOSED: - case SMB_OFILE_STATE_CLOSING: - break; + /* + * Cancel any notify change requests that + * may be using this open instance. + */ + if (of->f_node->n_fcn.fcn_count) + smb_notify_file_closed(of); - default: - ASSERT(0); - break; + smb_server_dec_files(of->f_server); } + atomic_dec_32(&of->f_tree->t_open_files); + + mutex_enter(&of->f_mutex); + ASSERT(of->f_refcnt); + ASSERT(of->f_state == SMB_OFILE_STATE_CLOSING); + of->f_state = SMB_OFILE_STATE_CLOSED; mutex_exit(&of->f_mutex); } @@ -541,14 +532,14 @@ smb_ofile_hold(smb_ofile_t *of) mutex_enter(&of->f_mutex); - if (smb_ofile_is_open_locked(of)) { - of->f_refcnt++; + if (of->f_state != SMB_OFILE_STATE_OPEN) { mutex_exit(&of->f_mutex); - return (B_TRUE); + return (B_FALSE); } + of->f_refcnt++; mutex_exit(&of->f_mutex); - return (B_FALSE); + return (B_TRUE); } /* diff --git a/usr/src/uts/common/fs/smbsrv/smb_opipe.c b/usr/src/uts/common/fs/smbsrv/smb_opipe.c index 116cdc6e3b..5eacc82a60 100644 --- a/usr/src/uts/common/fs/smbsrv/smb_opipe.c +++ b/usr/src/uts/common/fs/smbsrv/smb_opipe.c @@ -19,8 +19,8 @@ * CDDL HEADER END */ /* - * Copyright 2011 Nexenta Systems, Inc. All rights reserved. * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright 2015 Nexenta Systems, Inc. All rights reserved. */ /* @@ -28,32 +28,28 @@ */ #include <sys/stat.h> -#include <sys/door.h> -#include <sys/door_data.h> #include <sys/uio.h> #include <sys/ksynch.h> +#include <sys/stropts.h> +#include <sys/socket.h> +#include <sys/filio.h> #include <smbsrv/smb_kproto.h> #include <smbsrv/smb_xdr.h> -#define SMB_OPIPE_ISOPEN(OPIPE) \ - (((OPIPE)->p_hdr.dh_magic == SMB_OPIPE_HDR_MAGIC) && \ - ((OPIPE)->p_hdr.dh_fid)) - -extern volatile uint32_t smb_fids; -#define SMB_UNIQ_FID() atomic_inc_32_nv(&smb_fids) - -static int smb_opipe_do_open(smb_request_t *, smb_opipe_t *); -static char *smb_opipe_lookup(const char *); -static int smb_opipe_sethdr(smb_opipe_t *, uint32_t, uint32_t); -static int smb_opipe_exec(smb_opipe_t *); -static void smb_opipe_enter(smb_opipe_t *); -static void smb_opipe_exit(smb_opipe_t *); - - -smb_opipe_t * -smb_opipe_alloc(smb_server_t *sv) +/* + * Allocate a new opipe and return it, or NULL, in which case + * the caller will report "internal error". + */ +static smb_opipe_t * +smb_opipe_alloc(smb_request_t *sr) { + smb_server_t *sv = sr->sr_server; smb_opipe_t *opipe; + ksocket_t sock; + + if (ksocket_socket(&sock, AF_UNIX, SOCK_STREAM, 0, + KSOCKET_SLEEP, sr->user_cr) != 0) + return (NULL); opipe = kmem_cache_alloc(smb_cache_opipe, KM_SLEEP); @@ -62,14 +58,18 @@ smb_opipe_alloc(smb_server_t *sv) cv_init(&opipe->p_cv, NULL, CV_DEFAULT, NULL); opipe->p_magic = SMB_OPIPE_MAGIC; opipe->p_server = sv; - - smb_llist_enter(&sv->sv_opipe_list, RW_WRITER); - smb_llist_insert_tail(&sv->sv_opipe_list, opipe); - smb_llist_exit(&sv->sv_opipe_list); + opipe->p_refcnt = 1; + opipe->p_socket = sock; return (opipe); } +/* + * Destroy an opipe. This is normally called from smb_ofile_delete + * when the ofile has no more references and is about to be free'd. + * This is also called here in error handling code paths, before + * the opipe is installed under an ofile. + */ void smb_opipe_dealloc(smb_opipe_t *opipe) { @@ -79,12 +79,14 @@ smb_opipe_dealloc(smb_opipe_t *opipe) sv = opipe->p_server; SMB_SERVER_VALID(sv); - smb_llist_enter(&sv->sv_opipe_list, RW_WRITER); - smb_llist_remove(&sv->sv_opipe_list, opipe); - smb_llist_exit(&sv->sv_opipe_list); + /* + * This is called in the error path when opening, + * in which case we close the socket here. + */ + if (opipe->p_socket != NULL) + (void) ksocket_close(opipe->p_socket, zone_kcred()); opipe->p_magic = (uint32_t)~SMB_OPIPE_MAGIC; - smb_event_destroy(opipe->p_event); cv_destroy(&opipe->p_cv); mutex_destroy(&opipe->p_mutex); @@ -92,299 +94,198 @@ smb_opipe_dealloc(smb_opipe_t *opipe) } /* - * smb_opipe_open - * - * Open a well-known RPC named pipe. This routine should be called if - * a file open is requested on a share of type STYPE_IPC. - * If we recognize the pipe, we setup a new ofile. - * - * Returns 0 on success, Otherwise an NT status is returned to indicate - * an error. + * Helper for open: build pipe name and connect. */ -int -smb_opipe_open(smb_request_t *sr) +static int +smb_opipe_connect(smb_request_t *sr, smb_opipe_t *opipe) { + struct sockaddr_un saddr; smb_arg_open_t *op = &sr->sr_open; - smb_ofile_t *of; - smb_opipe_t *opipe; - smb_doorhdr_t hdr; - smb_error_t err; - char *pipe_name; + const char *name; + int rc; - if ((pipe_name = smb_opipe_lookup(op->fqi.fq_path.pn_path)) == NULL) - return (NT_STATUS_OBJECT_NAME_NOT_FOUND); + name = op->fqi.fq_path.pn_path; + name += strspn(name, "\\"); + if (smb_strcasecmp(name, "PIPE", 4) == 0) { + name += 4; + name += strspn(name, "\\"); + } + (void) strlcpy(opipe->p_name, name, SMB_OPIPE_MAXNAME); + (void) smb_strlwr(opipe->p_name); - /* - * If printing is disabled, pretend spoolss does not exist. - */ - if (sr->sr_server->sv_cfg.skc_print_enable == 0 && - strcmp(pipe_name, "SPOOLSS") == 0) - return (NT_STATUS_OBJECT_NAME_NOT_FOUND); + bzero(&saddr, sizeof (saddr)); + saddr.sun_family = AF_UNIX; + (void) snprintf(saddr.sun_path, sizeof (saddr.sun_path), + "%s/%s", SMB_PIPE_DIR, opipe->p_name); + rc = ksocket_connect(opipe->p_socket, (struct sockaddr *)&saddr, + sizeof (saddr), sr->user_cr); - op->create_options = 0; + return (rc); +} - of = smb_ofile_open(sr, NULL, sr->smb_pid, op, SMB_FTYPE_MESG_PIPE, - SMB_UNIQ_FID(), &err); +/* + * Helper for open: encode and send the user info. + * + * We send information about this client + user to the + * pipe service so it can use it for access checks. + * The service MAY deny the open based on this info, + * (i.e. anonymous session trying to open a pipe that + * requires authentication) in which case we will read + * an error status from the service and return that. + */ +static void +smb_opipe_send_userinfo(smb_request_t *sr, smb_opipe_t *opipe, + smb_error_t *errp) +{ + XDR xdrs; + smb_netuserinfo_t nui; + smb_pipehdr_t phdr; + char *buf; + uint32_t buflen; + uint32_t status; + size_t iocnt = 0; + int rc; - if (of == NULL) - return (err.status); + /* + * Any errors building the XDR message etc. + */ + errp->status = NT_STATUS_INTERNAL_ERROR; - if (!smb_tree_is_connected(sr->tid_tree)) { - smb_ofile_close(of, 0); - smb_ofile_release(of); - return (NT_STATUS_OBJECT_NAME_NOT_FOUND); - } + smb_user_netinfo_init(sr->uid_user, &nui); + phdr.ph_magic = SMB_PIPE_HDR_MAGIC; + phdr.ph_uilen = xdr_sizeof(smb_netuserinfo_xdr, &nui); - op->dsize = 0x01000; - op->dattr = FILE_ATTRIBUTE_NORMAL; - op->ftype = SMB_FTYPE_MESG_PIPE; - op->action_taken = SMB_OACT_LOCK | SMB_OACT_OPENED; /* 0x8001 */ - op->devstate = SMB_PIPE_READMODE_MESSAGE - | SMB_PIPE_TYPE_MESSAGE - | SMB_PIPE_UNLIMITED_INSTANCES; /* 0x05ff */ - op->fileid = of->f_fid; + buflen = sizeof (phdr) + phdr.ph_uilen; + buf = kmem_alloc(buflen, KM_SLEEP); - sr->smb_fid = of->f_fid; - sr->fid_ofile = of; + bcopy(&phdr, buf, sizeof (phdr)); + xdrmem_create(&xdrs, buf + sizeof (phdr), + buflen - (sizeof (phdr)), XDR_ENCODE); + if (!smb_netuserinfo_xdr(&xdrs, &nui)) + goto out; - opipe = of->f_pipe; - smb_opipe_enter(opipe); + /* + * If we fail sending the netuserinfo or recv'ing the + * status reponse, we have probably run into the limit + * on the number of open pipes. That's this status: + */ + errp->status = NT_STATUS_PIPE_NOT_AVAILABLE; + + rc = ksocket_send(opipe->p_socket, buf, buflen, 0, + &iocnt, sr->user_cr); + if (rc == 0 && iocnt != buflen) + rc = EIO; + if (rc != 0) + goto out; - opipe->p_server = of->f_server; - opipe->p_name = pipe_name; - opipe->p_doorbuf = kmem_zalloc(SMB_OPIPE_DOOR_BUFSIZE, KM_SLEEP); + rc = ksocket_recv(opipe->p_socket, &status, sizeof (status), 0, + &iocnt, sr->user_cr); + if (rc != 0 || iocnt != sizeof (status)) + goto out; /* - * p_data points to the offset within p_doorbuf at which - * data will be written or read. + * Return the status we read from the pipe service, + * normally NT_STATUS_SUCCESS, but could be something + * else like NT_STATUS_ACCESS_DENIED. */ - opipe->p_data = opipe->p_doorbuf + xdr_sizeof(smb_doorhdr_xdr, &hdr); - - if (smb_opipe_do_open(sr, opipe) != 0) { - /* - * On error, reset the header to clear the fid, - * which avoids confusion when smb_opipe_close() is - * called by smb_ofile_close(). - */ - bzero(&opipe->p_hdr, sizeof (smb_doorhdr_t)); - kmem_free(opipe->p_doorbuf, SMB_OPIPE_DOOR_BUFSIZE); - smb_opipe_exit(opipe); - smb_ofile_close(of, 0); - return (NT_STATUS_NO_MEMORY); - } - smb_opipe_exit(opipe); - return (NT_STATUS_SUCCESS); + errp->status = status; + +out: + xdr_destroy(&xdrs); + kmem_free(buf, buflen); + smb_user_netinfo_fini(&nui); } /* - * smb_opipe_lookup + * smb_opipe_open * - * Lookup a path to see if it's a well-known RPC named pipe that we support. - * The full pipe path will be in the form \\PIPE\\SERVICE. The first part - * can be assumed, so all we need here are the service names. + * Open an RPC named pipe. This routine should be called if + * a file open is requested on a share of type STYPE_IPC. + * If we recognize the pipe, we setup a new ofile. * - * Returns a pointer to the pipe name (without any leading \'s) on success. - * Otherwise returns a null pointer. + * Returns 0 on success, Otherwise an NT status code. */ -static char * -smb_opipe_lookup(const char *path) +int +smb_opipe_open(smb_request_t *sr, uint32_t uniqid) { - static char *named_pipes[] = { - "lsass", - "LSARPC", - "NETLOGON", - "SAMR", - "SPOOLSS", - "SRVSVC", - "SVCCTL", - "WINREG", - "WKSSVC", - "EVENTLOG", - "NETDFS" - }; - - const char *name; - int i; + smb_arg_open_t *op = &sr->sr_open; + smb_ofile_t *ofile; + smb_opipe_t *opipe; + smb_error_t err; - if (path == NULL) - return (NULL); + opipe = smb_opipe_alloc(sr); + if (opipe == NULL) + return (NT_STATUS_INTERNAL_ERROR); - name = path; - name += strspn(name, "\\"); - if (smb_strcasecmp(name, "PIPE", 4) == 0) { - path += 4; - name += strspn(name, "\\"); + if (smb_opipe_connect(sr, opipe) != 0) { + smb_opipe_dealloc(opipe); + return (NT_STATUS_OBJECT_NAME_NOT_FOUND); } - for (i = 0; i < sizeof (named_pipes) / sizeof (named_pipes[0]); ++i) { - if (smb_strcasecmp(name, named_pipes[i], 0) == 0) - return (named_pipes[i]); + smb_opipe_send_userinfo(sr, opipe, &err); + if (err.status != 0) { + smb_opipe_dealloc(opipe); + return (err.status); } - return (NULL); -} - -/* - * Initialize the opipe header and context, and make the door call. - */ -static int -smb_opipe_do_open(smb_request_t *sr, smb_opipe_t *opipe) -{ - smb_netuserinfo_t *userinfo = &opipe->p_user; - smb_user_t *user = sr->uid_user; - smb_server_t *sv = sr->sr_server; - uint8_t *buf = opipe->p_doorbuf; - uint32_t buflen = SMB_OPIPE_DOOR_BUFSIZE; - uint32_t len; - - if ((opipe->p_event = smb_event_create(sv, SMB_EVENT_TIMEOUT)) == NULL) - return (-1); - - smb_user_netinfo_init(user, userinfo); - len = xdr_sizeof(smb_netuserinfo_xdr, userinfo); - - bzero(&opipe->p_hdr, sizeof (smb_doorhdr_t)); - opipe->p_hdr.dh_magic = SMB_OPIPE_HDR_MAGIC; - opipe->p_hdr.dh_flags = SMB_DF_SYSSPACE; - opipe->p_hdr.dh_fid = smb_event_txid(opipe->p_event); + /* + * Note: If smb_ofile_open succeeds, the new ofile is + * in the FID lists can can be used by I/O requests. + */ + op->create_options = 0; + op->pipe = opipe; + ofile = smb_ofile_open(sr, NULL, op, + SMB_FTYPE_MESG_PIPE, uniqid, &err); + op->pipe = NULL; + if (ofile == NULL) { + smb_opipe_dealloc(opipe); + return (err.status); + } - if (smb_opipe_sethdr(opipe, SMB_OPIPE_OPEN, len) == -1) - return (-1); + /* An "up" pointer, for debug. */ + opipe->p_ofile = ofile; - len = xdr_sizeof(smb_doorhdr_xdr, &opipe->p_hdr); - buf += len; - buflen -= len; + op->dsize = 0x01000; + op->dattr = FILE_ATTRIBUTE_NORMAL; + op->ftype = SMB_FTYPE_MESG_PIPE; + op->action_taken = SMB_OACT_LOCK | SMB_OACT_OPENED; /* 0x8001 */ + op->devstate = SMB_PIPE_READMODE_MESSAGE + | SMB_PIPE_TYPE_MESSAGE + | SMB_PIPE_UNLIMITED_INSTANCES; /* 0x05ff */ + op->fileid = ofile->f_fid; - if (smb_netuserinfo_encode(userinfo, buf, buflen, NULL) == -1) - return (-1); + sr->smb_fid = ofile->f_fid; + sr->fid_ofile = ofile; - return (smb_opipe_door_call(opipe)); + return (NT_STATUS_SUCCESS); } /* * smb_opipe_close * - * Called whenever an IPC file/pipe is closed. + * Called by smb_ofile_close for pipes. + * + * Note: ksocket_close may block while waiting for + * any I/O threads with a hold to get out. */ void smb_opipe_close(smb_ofile_t *of) { smb_opipe_t *opipe; + ksocket_t sock; - ASSERT(of); + ASSERT(of->f_state == SMB_OFILE_STATE_CLOSING); ASSERT(of->f_ftype == SMB_FTYPE_MESG_PIPE); - opipe = of->f_pipe; SMB_OPIPE_VALID(opipe); - (void) smb_server_cancel_event(of->f_server, opipe->p_hdr.dh_fid); - smb_opipe_enter(opipe); - - if (SMB_OPIPE_ISOPEN(opipe)) { - (void) smb_opipe_sethdr(opipe, SMB_OPIPE_CLOSE, 0); - (void) smb_opipe_door_call(opipe); - bzero(&opipe->p_hdr, sizeof (smb_doorhdr_t)); - kmem_free(opipe->p_doorbuf, SMB_OPIPE_DOOR_BUFSIZE); - } - - smb_user_netinfo_fini(&opipe->p_user); - smb_opipe_exit(opipe); -} - -static int -smb_opipe_sethdr(smb_opipe_t *opipe, uint32_t cmd, uint32_t datalen) -{ - opipe->p_hdr.dh_op = cmd; - opipe->p_hdr.dh_txid = opipe->p_hdr.dh_fid; - opipe->p_hdr.dh_datalen = datalen; - opipe->p_hdr.dh_resid = 0; - opipe->p_hdr.dh_door_rc = EINVAL; - - return (smb_doorhdr_encode(&opipe->p_hdr, opipe->p_doorbuf, - SMB_OPIPE_DOOR_BUFSIZE)); -} - -/* - * smb_opipe_transact - * - * This is the entry point for RPC bind and request transactions. - * The fid is an arbitrary id used to associate RPC requests with a - * particular binding handle. - * - * If the data to be returned is larger than the client expects, we - * return as much as the client can handle and report a buffer overflow - * warning, which informs the client that we have more data to return. - * The residual data remains in the pipe until the client claims it or - * closes the pipe. - */ -smb_sdrc_t -smb_opipe_transact(smb_request_t *sr, struct uio *uio) -{ - smb_xa_t *xa; - smb_opipe_t *opipe; - struct mbuf *mhead; - int mdrcnt; - int nbytes; - int rc; - - if ((rc = smb_opipe_write(sr, uio)) != 0) { - if (rc == EBADF) - smbsr_error(sr, NT_STATUS_INVALID_HANDLE, - ERRDOS, ERROR_INVALID_HANDLE); - else - smbsr_error(sr, NT_STATUS_INTERNAL_ERROR, - ERRDOS, ERROR_INTERNAL_ERROR); - return (SDRC_ERROR); - } - - opipe = sr->fid_ofile->f_pipe; - - if ((rc = smb_opipe_exec(opipe)) != 0) { - smbsr_error(sr, NT_STATUS_INTERNAL_ERROR, - ERRDOS, ERROR_INTERNAL_ERROR); - return (SDRC_ERROR); - } - - xa = sr->r_xa; - mdrcnt = xa->smb_mdrcnt; - smb_opipe_enter(opipe); - - if (smb_opipe_sethdr(opipe, SMB_OPIPE_READ, mdrcnt) == -1) { - smb_opipe_exit(opipe); - smbsr_error(sr, NT_STATUS_INTERNAL_ERROR, - ERRDOS, ERROR_INTERNAL_ERROR); - return (SDRC_ERROR); - } - - rc = smb_opipe_door_call(opipe); - nbytes = opipe->p_hdr.dh_datalen; - - if (rc != 0) { - smb_opipe_exit(opipe); - smbsr_error(sr, NT_STATUS_INTERNAL_ERROR, - ERRDOS, ERROR_INTERNAL_ERROR); - return (SDRC_ERROR); - } - - if (nbytes) { - mhead = smb_mbuf_get(opipe->p_data, nbytes); - xa->rep_data_mb.max_bytes = nbytes; - MBC_ATTACH_MBUF(&xa->rep_data_mb, mhead); - } - - if (opipe->p_hdr.dh_resid) { - /* - * The pipe contains more data than mdrcnt, warn the - * client that there is more data in the pipe. - * Typically, the client will call SmbReadX, which - * will call smb_opipe_read, to get the data. - */ - smbsr_warn(sr, NT_STATUS_BUFFER_OVERFLOW, - ERRDOS, ERROR_MORE_DATA); - } + mutex_enter(&opipe->p_mutex); + sock = opipe->p_socket; + opipe->p_socket = NULL; + mutex_exit(&opipe->p_mutex); - smb_opipe_exit(opipe); - return (SDRC_SUCCESS); + (void) ksocket_shutdown(sock, SHUT_RDWR, of->f_cr); + (void) ksocket_close(sock, of->f_cr); } /* @@ -398,145 +299,111 @@ smb_opipe_transact(smb_request_t *sr, struct uio *uio) int smb_opipe_write(smb_request_t *sr, struct uio *uio) { + struct nmsghdr msghdr; + smb_ofile_t *ofile; smb_opipe_t *opipe; - uint32_t buflen; - uint32_t len; - int rc; - - ASSERT(sr->fid_ofile); - ASSERT(sr->fid_ofile->f_ftype == SMB_FTYPE_MESG_PIPE); + ksocket_t sock; + size_t sent = 0; + int rc = 0; - opipe = sr->fid_ofile->f_pipe; + ofile = sr->fid_ofile; + ASSERT(ofile->f_ftype == SMB_FTYPE_MESG_PIPE); + opipe = ofile->f_pipe; SMB_OPIPE_VALID(opipe); - smb_opipe_enter(opipe); - if (!SMB_OPIPE_ISOPEN(opipe)) { - smb_opipe_exit(opipe); + mutex_enter(&opipe->p_mutex); + sock = opipe->p_socket; + if (sock != NULL) + ksocket_hold(sock); + mutex_exit(&opipe->p_mutex); + if (sock == NULL) return (EBADF); - } - rc = smb_opipe_sethdr(opipe, SMB_OPIPE_WRITE, uio->uio_resid); - len = xdr_sizeof(smb_doorhdr_xdr, &opipe->p_hdr); - if (rc == -1 || len == 0) { - smb_opipe_exit(opipe); - return (ENOMEM); - } + bzero(&msghdr, sizeof (msghdr)); + msghdr.msg_iov = uio->uio_iov; + msghdr.msg_iovlen = uio->uio_iovcnt; - buflen = SMB_OPIPE_DOOR_BUFSIZE - len; - (void) uiomove((caddr_t)opipe->p_data, buflen, UIO_WRITE, uio); + /* + * This should block until we've sent it all, + * or given up due to errors (pipe closed). + */ + while (uio->uio_resid > 0) { + rc = ksocket_sendmsg(sock, &msghdr, 0, &sent, ofile->f_cr); + if (rc != 0) + break; + uio->uio_resid -= sent; + } - rc = smb_opipe_door_call(opipe); + ksocket_rele(sock); - smb_opipe_exit(opipe); - return ((rc == 0) ? 0 : EIO); + return (rc); } /* * smb_opipe_read * - * This interface may be called because smb_opipe_transact could not return - * all of the data in the original transaction or to form the second half - * of a transaction set up using smb_opipe_write. Either way, we just need - * to read data from the pipe and return it. - * - * The response data is encoded into raw_data as required by the smb_read - * functions. The uio_resid value indicates the number of bytes read. + * This interface may be called from smb_opipe_transact (write, read) + * or from smb_read / smb2_read to get the rest of an RPC response. + * The response data (and length) are returned via the uio. */ int smb_opipe_read(smb_request_t *sr, struct uio *uio) { + struct nmsghdr msghdr; + smb_ofile_t *ofile; smb_opipe_t *opipe; - struct mbuf *mhead; - uint32_t nbytes; + ksocket_t sock; + size_t recvcnt = 0; int rc; - ASSERT(sr->fid_ofile); - ASSERT(sr->fid_ofile->f_ftype == SMB_FTYPE_MESG_PIPE); - - opipe = sr->fid_ofile->f_pipe; + ofile = sr->fid_ofile; + ASSERT(ofile->f_ftype == SMB_FTYPE_MESG_PIPE); + opipe = ofile->f_pipe; SMB_OPIPE_VALID(opipe); - if ((rc = smb_opipe_exec(opipe)) != 0) - return (EIO); - - smb_opipe_enter(opipe); - - if (!SMB_OPIPE_ISOPEN(opipe)) { - smb_opipe_exit(opipe); + mutex_enter(&opipe->p_mutex); + sock = opipe->p_socket; + if (sock != NULL) + ksocket_hold(sock); + mutex_exit(&opipe->p_mutex); + if (sock == NULL) return (EBADF); - } - - if (smb_opipe_sethdr(opipe, SMB_OPIPE_READ, uio->uio_resid) == -1) { - smb_opipe_exit(opipe); - return (ENOMEM); - } - rc = smb_opipe_door_call(opipe); - nbytes = opipe->p_hdr.dh_datalen; + bzero(&msghdr, sizeof (msghdr)); + msghdr.msg_iov = uio->uio_iov; + msghdr.msg_iovlen = uio->uio_iovcnt; - if (rc != 0 || nbytes > uio->uio_resid) { - smb_opipe_exit(opipe); - return (EIO); - } - - if (nbytes) { - mhead = smb_mbuf_get(opipe->p_data, nbytes); - MBC_SETUP(&sr->raw_data, nbytes); - MBC_ATTACH_MBUF(&sr->raw_data, mhead); - uio->uio_resid -= nbytes; + /* + * This should block only if there's no data. + * A single call to recvmsg does just that. + * (Intentionaly no recv loop here.) + */ + rc = ksocket_recvmsg(sock, &msghdr, 0, + &recvcnt, ofile->f_cr); + if (rc != 0) + goto out; + + if (recvcnt == 0) { + /* Other side closed. */ + rc = EPIPE; + goto out; } + uio->uio_resid -= recvcnt; - smb_opipe_exit(opipe); - return (rc); -} - -static int -smb_opipe_exec(smb_opipe_t *opipe) -{ - uint32_t len; - int rc; - - smb_opipe_enter(opipe); - - rc = smb_opipe_sethdr(opipe, SMB_OPIPE_EXEC, 0); - len = xdr_sizeof(smb_doorhdr_xdr, &opipe->p_hdr); - if (rc == -1 || len == 0) { - smb_opipe_exit(opipe); - return (ENOMEM); + /* + * If we filled the user's buffer, + * find out if there's more data. + */ + if (uio->uio_resid == 0) { + int rc2, nread, trval; + rc2 = ksocket_ioctl(sock, FIONREAD, (intptr_t)&nread, + &trval, ofile->f_cr); + if (rc2 == 0 && nread != 0) + rc = E2BIG; /* more data */ } - if ((rc = smb_opipe_door_call(opipe)) == 0) - rc = smb_event_wait(opipe->p_event); +out: + ksocket_rele(sock); - smb_opipe_exit(opipe); return (rc); } - -/* - * Named pipe I/O is serialized per fid to ensure that each request - * has exclusive opipe access for the duration of the request. - */ -static void -smb_opipe_enter(smb_opipe_t *opipe) -{ - mutex_enter(&opipe->p_mutex); - - while (opipe->p_busy) - cv_wait(&opipe->p_cv, &opipe->p_mutex); - - opipe->p_busy = 1; - mutex_exit(&opipe->p_mutex); -} - -/* - * Exit busy state. If we have exec'd an RPC, we may have - * to wait for notification that processing has completed. - */ -static void -smb_opipe_exit(smb_opipe_t *opipe) -{ - mutex_enter(&opipe->p_mutex); - opipe->p_busy = 0; - cv_signal(&opipe->p_cv); - mutex_exit(&opipe->p_mutex); -} diff --git a/usr/src/uts/common/fs/smbsrv/smb_opipe_door.c b/usr/src/uts/common/fs/smbsrv/smb_opipe_door.c deleted file mode 100644 index 6dc1b8c007..0000000000 --- a/usr/src/uts/common/fs/smbsrv/smb_opipe_door.c +++ /dev/null @@ -1,188 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License (the "License"). - * You may not use this file except in compliance with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ -/* - * Copyright 2011 Nexenta Systems, Inc. All rights reserved. - * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved. - */ - -/* - * This module provides the interface to the opipe door. - * (used by the NDR RPC services). - */ - -#include <sys/stat.h> -#include <sys/door.h> -#include <sys/door_data.h> -#include <sys/uio.h> -#include <sys/ksynch.h> -#include <smbsrv/smb_kproto.h> -#include <smbsrv/smb_xdr.h> - -#ifdef _FAKE_KERNEL -#error "See libfksmbsrv" -#endif /* _FAKE_KERNEL */ - -static int smb_opipe_door_upcall(smb_opipe_t *); - -/* - * opipe door client (to user space door server). - */ -void -smb_opipe_door_init(smb_server_t *sv) -{ - sv->sv_opipe_door_id = -1; - mutex_init(&sv->sv_opipe_door_mutex, NULL, MUTEX_DEFAULT, NULL); - cv_init(&sv->sv_opipe_door_cv, NULL, CV_DEFAULT, NULL); -} - -void -smb_opipe_door_fini(smb_server_t *sv) -{ - smb_opipe_door_close(sv); - cv_destroy(&sv->sv_opipe_door_cv); - mutex_destroy(&sv->sv_opipe_door_mutex); -} - -/* - * Open the (user space) door. If the door is already open, - * close it first because the door-id has probably changed. - */ -int -smb_opipe_door_open(smb_server_t *sv, int door_id) -{ - smb_opipe_door_close(sv); - - mutex_enter(&sv->sv_opipe_door_mutex); - sv->sv_opipe_door_ncall = 0; - - if (sv->sv_opipe_door_hd == NULL) { - sv->sv_opipe_door_id = door_id; - sv->sv_opipe_door_hd = door_ki_lookup(door_id); - } - - mutex_exit(&sv->sv_opipe_door_mutex); - return ((sv->sv_opipe_door_hd == NULL) ? -1 : 0); -} - -/* - * Close the (user space) door. - */ -void -smb_opipe_door_close(smb_server_t *sv) -{ - mutex_enter(&sv->sv_opipe_door_mutex); - - if (sv->sv_opipe_door_hd != NULL) { - while (sv->sv_opipe_door_ncall > 0) - cv_wait(&sv->sv_opipe_door_cv, - &sv->sv_opipe_door_mutex); - - door_ki_rele(sv->sv_opipe_door_hd); - sv->sv_opipe_door_hd = NULL; - } - - mutex_exit(&sv->sv_opipe_door_mutex); -} - -/* - * opipe door call interface. - * Door serialization and call reference accounting is handled here. - */ -int -smb_opipe_door_call(smb_opipe_t *opipe) -{ - int rc; - smb_server_t *sv = opipe->p_server; - - mutex_enter(&sv->sv_opipe_door_mutex); - - if (sv->sv_opipe_door_hd == NULL) { - mutex_exit(&sv->sv_opipe_door_mutex); - - if (smb_opipe_door_open(sv, sv->sv_opipe_door_id) != 0) - return (-1); - - mutex_enter(&sv->sv_opipe_door_mutex); - } - - sv->sv_opipe_door_ncall++; - mutex_exit(&sv->sv_opipe_door_mutex); - - rc = smb_opipe_door_upcall(opipe); - - mutex_enter(&sv->sv_opipe_door_mutex); - if ((--sv->sv_opipe_door_ncall) == 0) - cv_signal(&sv->sv_opipe_door_cv); - mutex_exit(&sv->sv_opipe_door_mutex); - return (rc); -} - -/* - * Door upcall wrapper - handles data marshalling. - * This function should only be called by smb_opipe_door_call. - */ -static int -smb_opipe_door_upcall(smb_opipe_t *opipe) -{ - smb_server_t *sv = opipe->p_server; - door_arg_t da; - smb_doorhdr_t hdr; - int i; - int rc; - - da.data_ptr = (char *)opipe->p_doorbuf; - da.data_size = SMB_OPIPE_DOOR_BUFSIZE; - da.desc_ptr = NULL; - da.desc_num = 0; - da.rbuf = (char *)opipe->p_doorbuf; - da.rsize = SMB_OPIPE_DOOR_BUFSIZE; - - for (i = 0; i < 3; ++i) { - if (smb_server_is_stopping(sv)) - return (-1); - - if ((rc = door_ki_upcall_limited(sv->sv_opipe_door_hd, - &da, NULL, SIZE_MAX, 0)) == 0) - break; - - if (rc != EAGAIN && rc != EINTR) - return (-1); - } - - /* Check for door_return(NULL, 0, NULL, 0) */ - if (rc != 0 || da.data_size == 0 || da.rsize == 0) - return (-1); - - if (smb_doorhdr_decode(&hdr, (uint8_t *)da.data_ptr, da.rsize) == -1) - return (-1); - - if ((hdr.dh_magic != SMB_OPIPE_HDR_MAGIC) || - (hdr.dh_fid != opipe->p_hdr.dh_fid) || - (hdr.dh_op != opipe->p_hdr.dh_op) || - (hdr.dh_door_rc != 0) || - (hdr.dh_datalen > SMB_OPIPE_DOOR_BUFSIZE)) { - return (-1); - } - - opipe->p_hdr.dh_datalen = hdr.dh_datalen; - opipe->p_hdr.dh_resid = hdr.dh_resid; - return (0); -} diff --git a/usr/src/uts/common/fs/smbsrv/smb_read.c b/usr/src/uts/common/fs/smbsrv/smb_read.c index c5db79c227..2ac137ca10 100644 --- a/usr/src/uts/common/fs/smbsrv/smb_read.c +++ b/usr/src/uts/common/fs/smbsrv/smb_read.c @@ -20,6 +20,7 @@ */ /* * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright 2015 Nexenta Systems, Inc. All rights reserved. */ #include <smbsrv/smb_kproto.h> @@ -420,7 +421,14 @@ smb_common_read(smb_request_t *sr, smb_rw_param_t *param) break; case STYPE_IPC: + sr->raw_data.max_bytes = vdb->vdb_uio.uio_resid; + top = smb_mbuf_allocate(&vdb->vdb_uio); + rc = smb_opipe_read(sr, &vdb->vdb_uio); + + sr->raw_data.max_bytes -= vdb->vdb_uio.uio_resid; + smb_mbuf_trim(top, sr->raw_data.max_bytes); + MBC_ATTACH_MBUF(&sr->raw_data, top); break; default: diff --git a/usr/src/uts/common/fs/smbsrv/smb_server.c b/usr/src/uts/common/fs/smbsrv/smb_server.c index 2ac120c137..94eeb396dd 100644 --- a/usr/src/uts/common/fs/smbsrv/smb_server.c +++ b/usr/src/uts/common/fs/smbsrv/smb_server.c @@ -404,9 +404,6 @@ smb_server_create(void) cv_init(&sv->sv_cv, NULL, CV_DEFAULT, NULL); cv_init(&sv->sp_info.sp_cv, NULL, CV_DEFAULT, NULL); - smb_llist_constructor(&sv->sv_opipe_list, sizeof (smb_opipe_t), - offsetof(smb_opipe_t, p_lnd)); - smb_llist_constructor(&sv->sv_event_list, sizeof (smb_event_t), offsetof(smb_event_t, se_lnd)); @@ -426,7 +423,6 @@ smb_server_create(void) smb_kdoor_init(sv); smb_kshare_init(sv); - smb_opipe_door_init(sv); smb_server_kstat_init(sv); smb_threshold_init(&sv->sv_ssetup_ct, SMB_SSETUP_CMD, @@ -502,10 +498,8 @@ smb_server_delete(void) smb_server_listener_destroy(&sv->sv_tcp_daemon); rw_destroy(&sv->sv_cfg_lock); smb_server_kstat_fini(sv); - smb_opipe_door_fini(sv); smb_kshare_fini(sv); smb_kdoor_fini(sv); - smb_llist_destructor(&sv->sv_opipe_list); smb_llist_destructor(&sv->sv_event_list); kmem_free(sv->sv_disp_stats, @@ -619,14 +613,9 @@ smb_server_start(smb_ioc_start_t *ioc) cmn_err(CE_WARN, "Cannot open smbd door"); break; } - if (rc = smb_opipe_door_open(sv, ioc->opipe)) { - cmn_err(CE_WARN, "Cannot open opipe door"); - break; - } #else /* _KERNEL */ /* Fake kernel does not use the kshare_door */ fksmb_kdoor_open(sv, ioc->udoor_func); - fksmb_opipe_door_open(sv, ioc->opipe_func); #endif /* _KERNEL */ if (rc = smb_thread_start(&sv->si_thread_timers)) @@ -1413,7 +1402,6 @@ smb_server_shutdown(smb_server_t *sv) smb_threshold_wake_all(&sv->sv_tcon_ct); smb_threshold_wake_all(&sv->sv_opipe_ct); - smb_opipe_door_close(sv); smb_kdoor_close(sv); #ifdef _KERNEL smb_kshare_door_fini(sv->sv_lmshrd); diff --git a/usr/src/uts/common/fs/zfs/dbuf.c b/usr/src/uts/common/fs/zfs/dbuf.c index 4b644f7479..f1874f7eba 100644 --- a/usr/src/uts/common/fs/zfs/dbuf.c +++ b/usr/src/uts/common/fs/zfs/dbuf.c @@ -21,7 +21,7 @@ /* * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved. * Copyright 2011 Nexenta Systems, Inc. All rights reserved. - * Copyright (c) 2012, 2014 by Delphix. All rights reserved. + * Copyright (c) 2012, 2015 by Delphix. All rights reserved. * Copyright (c) 2013 by Saso Kiselkov. All rights reserved. * Copyright (c) 2013, Joyent, Inc. All rights reserved. * Copyright (c) 2014 Spectra Logic Corporation, All rights reserved. @@ -1401,6 +1401,16 @@ dbuf_undirty(dmu_buf_impl_t *db, dmu_tx_t *tx) dbuf_dirty_record_t *dr, **drp; ASSERT(txg != 0); + + /* + * Due to our use of dn_nlevels below, this can only be called + * in open context, unless we are operating on the MOS. + * From syncing context, dn_nlevels may be different from the + * dn_nlevels used when dbuf was dirtied. + */ + ASSERT(db->db_objset == + dmu_objset_pool(db->db_objset)->dp_meta_objset || + txg != spa_syncing_txg(dmu_objset_spa(db->db_objset))); ASSERT(db->db_blkid != DMU_BONUS_BLKID); ASSERT0(db->db_level); ASSERT(MUTEX_HELD(&db->db_mtx)); @@ -1423,11 +1433,8 @@ dbuf_undirty(dmu_buf_impl_t *db, dmu_tx_t *tx) ASSERT(db->db.db_size != 0); - /* - * Any space we accounted for in dp_dirty_* will be cleaned up by - * dsl_pool_sync(). This is relatively rare so the discrepancy - * is not a big deal. - */ + dsl_pool_undirty_space(dmu_objset_pool(dn->dn_objset), + dr->dr_accounted, txg); *drp = dr->dr_next; @@ -1442,7 +1449,7 @@ dbuf_undirty(dmu_buf_impl_t *db, dmu_tx_t *tx) list_remove(&dr->dr_parent->dt.di.dr_children, dr); mutex_exit(&dr->dr_parent->dt.di.dr_mtx); } else if (db->db_blkid == DMU_SPILL_BLKID || - db->db_level+1 == dn->dn_nlevels) { + db->db_level + 1 == dn->dn_nlevels) { ASSERT(db->db_blkptr == NULL || db->db_parent == dn->dn_dbuf); mutex_enter(&dn->dn_mtx); list_remove(&dn->dn_dirty_records[txg & TXG_MASK], dr); @@ -1459,11 +1466,6 @@ dbuf_undirty(dmu_buf_impl_t *db, dmu_tx_t *tx) VERIFY(arc_buf_remove_ref(dr->dt.dl.dr_data, db)); } - if (db->db_level != 0) { - mutex_destroy(&dr->dt.di.dr_mtx); - list_destroy(&dr->dt.di.dr_children); - } - kmem_free(dr, sizeof (dbuf_dirty_record_t)); ASSERT(db->db_dirtycnt > 0); @@ -2490,7 +2492,7 @@ dbuf_sync_indirect(dbuf_dirty_record_t *dr, dmu_tx_t *tx) zio = dr->dr_zio; mutex_enter(&dr->dt.di.dr_mtx); - dbuf_sync_list(&dr->dt.di.dr_children, tx); + dbuf_sync_list(&dr->dt.di.dr_children, db->db_level - 1, tx); ASSERT(list_head(&dr->dt.di.dr_children) == NULL); mutex_exit(&dr->dt.di.dr_mtx); zio_nowait(zio); @@ -2632,7 +2634,7 @@ dbuf_sync_leaf(dbuf_dirty_record_t *dr, dmu_tx_t *tx) } void -dbuf_sync_list(list_t *list, dmu_tx_t *tx) +dbuf_sync_list(list_t *list, int level, dmu_tx_t *tx) { dbuf_dirty_record_t *dr; @@ -2649,6 +2651,10 @@ dbuf_sync_list(list_t *list, dmu_tx_t *tx) DMU_META_DNODE_OBJECT); break; } + if (dr->dr_dbuf->db_blkid != DMU_BONUS_BLKID && + dr->dr_dbuf->db_blkid != DMU_SPILL_BLKID) { + VERIFY3U(dr->dr_dbuf->db_level, ==, level); + } list_remove(list, dr); if (dr->dr_dbuf->db_level > 0) dbuf_sync_indirect(dr, tx); diff --git a/usr/src/uts/common/fs/zfs/dmu_tx.c b/usr/src/uts/common/fs/zfs/dmu_tx.c index c2b1dca1c0..6ece084d69 100644 --- a/usr/src/uts/common/fs/zfs/dmu_tx.c +++ b/usr/src/uts/common/fs/zfs/dmu_tx.c @@ -21,7 +21,7 @@ /* * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved. * Copyright 2011 Nexenta Systems, Inc. All rights reserved. - * Copyright (c) 2012, 2014 by Delphix. All rights reserved. + * Copyright (c) 2012, 2015 by Delphix. All rights reserved. */ #include <sys/dmu.h> @@ -687,7 +687,7 @@ dmu_tx_hold_free(dmu_tx_t *tx, uint64_t object, uint64_t off, uint64_t len) uint64_t ibyte = i << shift; err = dnode_next_offset(dn, 0, &ibyte, 2, 1, 0); i = ibyte >> shift; - if (err == ESRCH) + if (err == ESRCH || i > end) break; if (err) { tx->tx_err = err; diff --git a/usr/src/uts/common/fs/zfs/dnode.c b/usr/src/uts/common/fs/zfs/dnode.c index 12d8db76fa..397cc5c0ed 100644 --- a/usr/src/uts/common/fs/zfs/dnode.c +++ b/usr/src/uts/common/fs/zfs/dnode.c @@ -20,7 +20,7 @@ */ /* * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved. - * Copyright (c) 2012, 2014 by Delphix. All rights reserved. + * Copyright (c) 2012, 2015 by Delphix. All rights reserved. * Copyright (c) 2014 Spectra Logic Corporation, All rights reserved. */ @@ -1516,6 +1516,16 @@ out: rw_downgrade(&dn->dn_struct_rwlock); } +static void +dnode_dirty_l1(dnode_t *dn, uint64_t l1blkid, dmu_tx_t *tx) +{ + dmu_buf_impl_t *db = dbuf_hold_level(dn, 1, l1blkid, FTAG); + if (db != NULL) { + dmu_buf_will_dirty(&db->db, tx); + dbuf_rele(db, FTAG); + } +} + void dnode_free_range(dnode_t *dn, uint64_t off, uint64_t len, dmu_tx_t *tx) { @@ -1636,27 +1646,67 @@ dnode_free_range(dnode_t *dn, uint64_t off, uint64_t len, dmu_tx_t *tx) nblks += 1; /* - * Dirty the first and last indirect blocks, as they (and/or their - * parents) will need to be written out if they were only - * partially freed. Interior indirect blocks will be themselves freed, - * by free_children(), so they need not be dirtied. Note that these - * interior blocks have already been prefetched by dmu_tx_hold_free(). + * Dirty all the indirect blocks in this range. Note that only + * the first and last indirect blocks can actually be written + * (if they were partially freed) -- they must be dirtied, even if + * they do not exist on disk yet. The interior blocks will + * be freed by free_children(), so they will not actually be written. + * Even though these interior blocks will not be written, we + * dirty them for two reasons: + * + * - It ensures that the indirect blocks remain in memory until + * syncing context. (They have already been prefetched by + * dmu_tx_hold_free(), so we don't have to worry about reading + * them serially here.) + * + * - The dirty space accounting will put pressure on the txg sync + * mechanism to begin syncing, and to delay transactions if there + * is a large amount of freeing. Even though these indirect + * blocks will not be written, we could need to write the same + * amount of space if we copy the freed BPs into deadlists. */ if (dn->dn_nlevels > 1) { uint64_t first, last; first = blkid >> epbs; - if (db = dbuf_hold_level(dn, 1, first, FTAG)) { - dmu_buf_will_dirty(&db->db, tx); - dbuf_rele(db, FTAG); - } + dnode_dirty_l1(dn, first, tx); if (trunc) last = dn->dn_maxblkid >> epbs; else last = (blkid + nblks - 1) >> epbs; - if (last > first && (db = dbuf_hold_level(dn, 1, last, FTAG))) { - dmu_buf_will_dirty(&db->db, tx); - dbuf_rele(db, FTAG); + if (last != first) + dnode_dirty_l1(dn, last, tx); + + int shift = dn->dn_datablkshift + dn->dn_indblkshift - + SPA_BLKPTRSHIFT; + for (uint64_t i = first + 1; i < last; i++) { + /* + * Set i to the blockid of the next non-hole + * level-1 indirect block at or after i. Note + * that dnode_next_offset() operates in terms of + * level-0-equivalent bytes. + */ + uint64_t ibyte = i << shift; + int err = dnode_next_offset(dn, DNODE_FIND_HAVELOCK, + &ibyte, 2, 1, 0); + i = ibyte >> shift; + if (i >= last) + break; + + /* + * Normally we should not see an error, either + * from dnode_next_offset() or dbuf_hold_level() + * (except for ESRCH from dnode_next_offset). + * If there is an i/o error, then when we read + * this block in syncing context, it will use + * ZIO_FLAG_MUSTSUCCEED, and thus hang/panic according + * to the "failmode" property. dnode_next_offset() + * doesn't have a flag to indicate MUSTSUCCEED. + */ + if (err != 0) + break; + + dnode_dirty_l1(dn, i, tx); } } diff --git a/usr/src/uts/common/fs/zfs/dnode_sync.c b/usr/src/uts/common/fs/zfs/dnode_sync.c index bb18718bed..06336045fc 100644 --- a/usr/src/uts/common/fs/zfs/dnode_sync.c +++ b/usr/src/uts/common/fs/zfs/dnode_sync.c @@ -21,7 +21,7 @@ /* * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved. - * Copyright (c) 2012, 2014 by Delphix. All rights reserved. + * Copyright (c) 2012, 2015 by Delphix. All rights reserved. * Copyright (c) 2014 Spectra Logic Corporation, All rights reserved. */ @@ -707,7 +707,7 @@ dnode_sync(dnode_t *dn, dmu_tx_t *tx) mutex_exit(&dn->dn_mtx); } - dbuf_sync_list(list, tx); + dbuf_sync_list(list, dn->dn_phys->dn_nlevels - 1, tx); if (!DMU_OBJECT_IS_SPECIAL(dn->dn_object)) { ASSERT3P(list_head(list), ==, NULL); diff --git a/usr/src/uts/common/fs/zfs/sys/dbuf.h b/usr/src/uts/common/fs/zfs/sys/dbuf.h index c542c8aec8..2e07185f4c 100644 --- a/usr/src/uts/common/fs/zfs/sys/dbuf.h +++ b/usr/src/uts/common/fs/zfs/sys/dbuf.h @@ -20,7 +20,7 @@ */ /* * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved. - * Copyright (c) 2012, 2014 by Delphix. All rights reserved. + * Copyright (c) 2012, 2015 by Delphix. All rights reserved. * Copyright (c) 2013 by Saso Kiselkov. All rights reserved. * Copyright (c) 2014 Spectra Logic Corporation, All rights reserved. */ @@ -290,7 +290,7 @@ void dbuf_evict(dmu_buf_impl_t *db); void dbuf_setdirty(dmu_buf_impl_t *db, dmu_tx_t *tx); void dbuf_unoverride(dbuf_dirty_record_t *dr); -void dbuf_sync_list(list_t *list, dmu_tx_t *tx); +void dbuf_sync_list(list_t *list, int level, dmu_tx_t *tx); void dbuf_release_bp(dmu_buf_impl_t *db); void dbuf_free_range(struct dnode *dn, uint64_t start, uint64_t end, diff --git a/usr/src/uts/common/smbsrv/ndr.h b/usr/src/uts/common/smbsrv/ndr.h index 3652c2e0b7..584c0798e4 100644 --- a/usr/src/uts/common/smbsrv/ndr.h +++ b/usr/src/uts/common/smbsrv/ndr.h @@ -234,20 +234,6 @@ typedef struct ndr_stream_ops { #define NDS_RESET(NDS) (*(NDS)->ndo->ndo_reset)(NDS) #define NDS_DESTRUCT(NDS) (*(NDS)->ndo->ndo_destruct)(NDS) -typedef struct ndr_frag { - struct ndr_frag *next; - uint8_t *buf; - uint32_t len; -} ndr_frag_t; - -typedef struct ndr_fraglist { - struct uio uio; - iovec_t *iov; - ndr_frag_t *head; - ndr_frag_t *tail; - uint32_t nfrag; -} ndr_fraglist_t; - typedef struct ndr_stream { unsigned long pdu_size; unsigned long pdu_max_size; @@ -255,7 +241,6 @@ typedef struct ndr_stream { unsigned long pdu_scan_offset; unsigned char *pdu_base_addr; - ndr_fraglist_t frags; ndr_stream_ops_t *ndo; unsigned char m_op; diff --git a/usr/src/uts/common/smbsrv/smb_kproto.h b/usr/src/uts/common/smbsrv/smb_kproto.h index 879b21cdba..122f841a5e 100644 --- a/usr/src/uts/common/smbsrv/smb_kproto.h +++ b/usr/src/uts/common/smbsrv/smb_kproto.h @@ -375,11 +375,9 @@ int smb_net_txr_send(ksocket_t, smb_txlst_t *, smb_txreq_t *); /* * SMB RPC interface */ -smb_opipe_t *smb_opipe_alloc(smb_server_t *); void smb_opipe_dealloc(smb_opipe_t *); -int smb_opipe_open(smb_request_t *); +int smb_opipe_open(smb_request_t *, uint32_t); void smb_opipe_close(smb_ofile_t *); -smb_sdrc_t smb_opipe_transact(smb_request_t *, struct uio *); int smb_opipe_read(smb_request_t *, struct uio *); int smb_opipe_write(smb_request_t *, struct uio *); @@ -598,7 +596,7 @@ void smb_request_free(smb_request_t *); smb_ofile_t *smb_ofile_lookup_by_fid(smb_request_t *, uint16_t); smb_ofile_t *smb_ofile_lookup_by_uniqid(smb_tree_t *, uint32_t); boolean_t smb_ofile_disallow_fclose(smb_ofile_t *); -smb_ofile_t *smb_ofile_open(smb_request_t *, smb_node_t *, uint16_t, +smb_ofile_t *smb_ofile_open(smb_request_t *, smb_node_t *, smb_arg_open_t *, uint16_t, uint32_t, smb_error_t *); void smb_ofile_close(smb_ofile_t *, int32_t); void smb_ofile_delete(void *); diff --git a/usr/src/uts/common/smbsrv/smb_ktypes.h b/usr/src/uts/common/smbsrv/smb_ktypes.h index 74e2b9f437..64f96db9bd 100644 --- a/usr/src/uts/common/smbsrv/smb_ktypes.h +++ b/usr/src/uts/common/smbsrv/smb_ktypes.h @@ -1132,6 +1132,7 @@ typedef struct smb_tree { #define SMB_OPIPE_MAGIC 0x50495045 /* 'PIPE' */ #define SMB_OPIPE_VALID(p) \ ASSERT(((p) != NULL) && (p)->p_magic == SMB_OPIPE_MAGIC) +#define SMB_OPIPE_MAXNAME 32 /* * Data structure for SMB_FTYPE_MESG_PIPE ofiles, which is used @@ -1139,17 +1140,14 @@ typedef struct smb_tree { */ typedef struct smb_opipe { uint32_t p_magic; - list_node_t p_lnd; kmutex_t p_mutex; kcondvar_t p_cv; + struct smb_ofile *p_ofile; struct smb_server *p_server; - struct smb_event *p_event; - char *p_name; - uint32_t p_busy; - smb_doorhdr_t p_hdr; - smb_netuserinfo_t p_user; - uint8_t *p_doorbuf; - uint8_t *p_data; + uint32_t p_refcnt; + ksocket_t p_socket; + /* This is the "flat" name, without path prefix */ + char p_name[SMB_OPIPE_MAXNAME]; } smb_opipe_t; /* @@ -1439,8 +1437,8 @@ typedef struct open_param { uint64_t fileid; uint32_t rootdirfid; smb_ofile_t *dir; - /* This is only set by NTTransactCreate */ - struct smb_sd *sd; + smb_opipe_t *pipe; /* for smb_opipe_open */ + struct smb_sd *sd; /* for NTTransactCreate */ uint8_t op_oplock_level; /* requested/granted level */ boolean_t op_oplock_levelII; /* TRUE if levelII supported */ } smb_arg_open_t; @@ -1642,6 +1640,14 @@ typedef struct smb_request { struct smb_ofile *fid_ofile; smb_user_t *uid_user; + cred_t *user_cr; + kthread_t *sr_worker; + hrtime_t sr_time_submitted; + hrtime_t sr_time_active; + hrtime_t sr_time_start; + int32_t sr_txb; + uint32_t sr_seqnum; + union { smb_arg_negotiate_t *negprot; smb_arg_sessionsetup_t *ssetup; @@ -1651,14 +1657,6 @@ typedef struct smb_request { smb_rw_param_t *rw; int32_t timestamp; } arg; - - cred_t *user_cr; - kthread_t *sr_worker; - hrtime_t sr_time_submitted; - hrtime_t sr_time_active; - hrtime_t sr_time_start; - int32_t sr_txb; - uint32_t sr_seqnum; } smb_request_t; #define sr_ssetup arg.ssetup @@ -1859,13 +1857,6 @@ typedef struct smb_server { kmutex_t sv_kdoor_mutex; kcondvar_t sv_kdoor_cv; - /* RPC pipes (client side) */ - struct __door_handle *sv_opipe_door_hd; - int sv_opipe_door_id; - uint64_t sv_opipe_door_ncall; - kmutex_t sv_opipe_door_mutex; - kcondvar_t sv_opipe_door_cv; - int32_t si_gmtoff; smb_thread_t si_thread_timers; diff --git a/usr/src/uts/common/smbsrv/smb_share.h b/usr/src/uts/common/smbsrv/smb_share.h index 2ca97856c0..319be08801 100644 --- a/usr/src/uts/common/smbsrv/smb_share.h +++ b/usr/src/uts/common/smbsrv/smb_share.h @@ -47,6 +47,9 @@ extern "C" { #define SMB_SYSTEM32 SMB_SYSROOT "/system32" #define SMB_VSS SMB_SYSTEM32 "/vss" +/* Exported named pipes are in... */ +#define SMB_PIPE_DIR "/var/smb/pipe" + /* * Share Properties: * diff --git a/usr/src/uts/common/smbsrv/smb_xdr.h b/usr/src/uts/common/smbsrv/smb_xdr.h index 8990884b19..e4df610969 100644 --- a/usr/src/uts/common/smbsrv/smb_xdr.h +++ b/usr/src/uts/common/smbsrv/smb_xdr.h @@ -20,7 +20,7 @@ */ /* * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved. - * Copyright 2013 Nexenta Systems, Inc. All rights reserved. + * Copyright 2015 Nexenta Systems, Inc. All rights reserved. */ #ifndef _SMBSRV_SMB_XDR_H @@ -60,21 +60,27 @@ typedef struct smb_string { struct smb_buf32; -#define SMB_OPIPE_HDR_MAGIC 0x4F484452 /* OHDR */ -#define SMB_OPIPE_DOOR_BUFSIZE (30 * 1024) +/* + * Initial message on server named pipes. + * Followed by smb_netuserinfo + */ +typedef struct smb_pipehdr { + uint32_t ph_magic; + uint32_t ph_uilen; +} smb_pipehdr_t; + +#define SMB_PIPE_HDR_MAGIC 0x50495045 /* PIPE */ /* - * Door operations for opipes. + * Maximum message size for SMB named pipes. + * Should be less than PIPE_BUF (5120). + * Use the same value Windows does. + */ +#define SMB_PIPE_MAX_MSGSIZE 4280 + +/* + * Door up-call stuff shared with smbd */ -typedef enum { - SMB_OPIPE_NULL = 0, - SMB_OPIPE_LOOKUP, - SMB_OPIPE_OPEN, - SMB_OPIPE_CLOSE, - SMB_OPIPE_READ, - SMB_OPIPE_WRITE, - SMB_OPIPE_EXEC -} smb_opipe_op_t; #define SMB_DOOR_HDR_MAGIC 0x444F4F52 /* DOOR */ |