All of the do_cmd() calls are in dummynet.c and specify the socket
option at compile time; none of these removed cases are used in ipfw
after the v3 work.
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D53378
(cherry picked from commit 0e2e0fb955adf15a217949bc4cc337d53d2c7259)
(cherry picked from commit 6b1e5d4d20a94b5bebd726eb6d1df8dca2738f8e)
IP_DUMMYNET_GET is no longer used in ipfw(1).
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D53348
(cherry picked from commit 28e52dea96809c7904e498759ee1f79bda929a82)
(cherry picked from commit 73c105268cc6138015241b080bc7945c6cde0fa6)
The failed allocation in the error pertains to IP_FW_XADD, not
IP_FW_ADD.
Reviewed by: ae
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D53359
(cherry picked from commit 498e56142660c8dd864c878e820252358c9a15cf)
(cherry picked from commit c22437c8b574878241a3c897a095ae6939e66743)
Dummynet v3 switched to IP_DUMMYNET3 but did not update these
warnings/errors.
Fixes: cc4d3c30ea ("Bring in the most recent version of ipfw and dummynet, developed")
Sponsored by: The FreeBSD Foundation
Differential Revision: sbin/ipfw/ipfw2.c
(cherry picked from commit 1f95a517880bae5fc0a9fe4463a8f2ec36ed734a)
(cherry picked from commit a5dd21c7dd1f3c8103c2fc6a1caa5635d70671aa)
This follows the commit 4cdc1f5421, which introduces the IFCAP_HWSTATS
capability.
Fixes: 4cdc1f5421 There are some high performance NICs that count statistics in hardware
MFC after: 3 days
(cherry picked from commit 595acb29a35f36a4fc08b89d3a476f16c1d108b4)
(cherry picked from commit 6bcce275a5a9e10f8e5b990f8cfa2166aa49875a)
Historically this capability is IFCAP_NOMAP but it was renamed to
IFCAP_MEXTPG. Catch up with the change 3f43ada98c.
PR: 289545
Fixes: 3f43ada98c Catch up with 6edfd179c8: mechanically rename IFCAP_NOMAP to IFCAP_MEXTPG
MFC after: 3 days
(cherry picked from commit 5017fdb728811fd3e15d7151524378f49a49aee1)
(cherry picked from commit 5f472754ba6f9cc95607956c6e2ad6483c9dd157)
Some options (in particular, -g) are processed immediately upon being
parsed. This will produce the wrong result in combination with -j since
we only attach to the jail after we're done parsing arguments. Solve
this by attaching to the jail immediately when -j is encountered. The
downside is that e.g. `ifconfig -j foo -j bar` would previously attach
to jail “bar”, whereas now it will attempt to attach to jail “foo”, and
if successful, attempt to attach to jail “bar” within jail “foo”. This
may be considered a feature.
PR: 289134
MFC after: 1 week
Reviewed by: zlei
Differential Revision: https://reviews.freebsd.org/D52501
(cherry picked from commit 18fd1443d205aed6be22966125a4820f77571948)
When sending UDP packets:
* compute the checksum in the correct order. This only has an impact
if the length of the payload is odd.
* don't send packet with a checksum of zero, use 0xffff instead as
required.
When receiving UDP packets:
* don't do any computations when the checksum is zero.
* compute the checksum in the correct order. This only has an impact
if the length of the payload is odd.
* when computing the checksum, store the pseudo header checksum
* if the checksum is computed as zero, use 0xffff instead.
* also accept packets, when the checksum in the packet is the pseudo
header checksum.
The last point fixes a problem when the DHCP client runs in a VM,
the DHCP server runs on the host serving the VM and the network
interface supports transmit checksum offloading. Since dhclient
doesn't use UDP sockets but bpf devices to read the packets, the
checksum will be incorrect and only contain the checksum of the
pseudo header.
PR: 263229
Reviewed by: markj, Timo Völker
Tested by: danilo
Differential Revision: https://reviews.freebsd.org/D52394
(cherry picked from commit 187ee62c71f2be62870f26ae98de865e330121be)
If the user specified a prefix length with either the internal or
external prefix, we'd jump to check_prefix where we'd dereference p
which was most likely uninitialized.
Instead, store the various prefix lengths separately and check them
all after the loop.
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D50597
(cherry picked from commit 64bc9ac8cd9a42259aeb1715d4e14902aa83fcac)
Add an optional "vlan <n>" argument to the bridge static and deladdr
commands to allow addresses to be added to / removed from a particular
vlan. No changes to if_bridge are required as the kernel API already
supports this, it just wasn't exposed in ifconfig.
Add tests for the new functionality, and improve the test for the
existing "static" command.
Reviewed by: kevans
Differential Revision: https://reviews.freebsd.org/D51243
(cherry picked from commit 3650722abf2922893540361a1369b54abc5ff8d2)
This is like get_val() but takes an ether_vlanid_t* and ensures the
value is a valid VLAN ID. This avoids redundant comparisons and
casting when parsing VLAN IDs.
Reviewed by: des
Differential Revision: https://reviews.freebsd.org/D51548
(cherry picked from commit 287a5fdcd3c941ce73705c664b5df4932ba3bad4)
Add a new type of command, DEF_CMD_VARG, which takes an (argc, argv)
pair instead of a fixed number of arguments. This allows commands
to do their own argument parsing and accept a variable number of
arguments.
Reviewed by: kevans
Differential Revision: https://reviews.freebsd.org/D51243
(cherry picked from commit 7d4a177efc653bc60a496ba0adf5cb4e0560fa07)
and the macro EN_SWABIPS.
The macro EN_SWABIPS is identical to IFF_LINK0 (also historically
IFF_LLC0) and we already have the parameter link0 to toggle IFF_LINK0.
These were inherited from 386BSD 0.1 and have never been used since
the very first FreeBSD release.
Reviewed by: adrian, #network
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D51368
(cherry picked from commit 8632e4e73a6934f3f9996a18932e36b04e6a3faf)
This is a small oversight in the transition to netlink; the non-netlink
implementation would explicitly flush its stdout as necessary to avoid
apparent long stalls in output when we end up fully-buffered. Adjust
the netlink implementation to do the same. This was noticed while
trying to triage failures in the wg-quick script.
Commit message by kevans, patch by author.
PR: 278265
Fixes: 091fec1188 ("route: switch transport protocol [...]")
Approved by: so
Security: FreeBSD-EN-25:14.route
(cherry picked from commit 97b61b22edba74c62adba1d022fb73541aa5ff93)
(cherry picked from commit dd695839efd80fe81143cd6c7a552c30df8448f6)
This change produced by melifaro and the commit is concerted with him
as he is pretty busy IRL these days.
The change restores performance of /sbin/ifconfig utility
for non-listing case after it switched from rtsock to netlink(4) API
in FreeBSD 14+.
PR: 287872
(cherry picked from commit b1b17432aa1be670564161232d110461a5dde4ce)
Start dealing with Element ID Extension present (IE T=255) and start
parsing elemants from the Element ID Extension set.
Namely (partially) decode HE_CAPA, HE_OPER, MU_EDCA_PARAM_SET,
and as well as SUP_OP_CLASS.
For length reasons also rename UNKNOWN_ELEMID_%d to ELEMID_%d.
Sponsored by: The FreeBSD Foundation
Reviewed by: adrian
Differential Revision: https://reviews.freebsd.org/D50678
(cherry picked from commit a2a15732eb1db4616aa628ae8bfd4047c40dbaee)
Sponsored by: The FreeBSD Foundation
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D50675
(cherry picked from commit 1313f1c2a35f7dbaba1b2948d2f0c4a1f4113f67)
instead of accepting any character as a delimiter, only accept ':', '.'
and '-', and only permit a single delimiter in an address.
this prevents accepting bizarre addresses like:
ifconfig epair2a link 10.1.2.200/28
... which is particularly problematic on an INET6-only system, in which
case ifconfig defaults to the 'link' family, meaning that:
ifconfig epair2a 10.1.2.200/28
... changes the Ethernet address of the interface.
bump __FreeBSD_version so link_addr() consumers can detect the change.
Reviewed by: kp, des
Approved by: des (mentor)
Differential Revision: https://reviews.freebsd.org/D49936
(cherry picked from commit a1215090416b8afb346fb2ff5b38f25ba0134a3a)
Note-from-OPNsense: not bumping the FreeBSD version for stable/25.7
The node unicast key (PTK) uses a key index of (-1) and printing
a 64k number does not look great. Factor out printing the key
number into a buffer and use 'ucast' for the node unicast key.
Hope is that this will be useful for the future as well when we
will have more/different keys possibly.
Looks like (with -vk):
AES-CCM 2:128-bit <xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> rsc 0 tsc 0 rx
AES-CCM 3:128-bit <xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> rsc 0 tsc 0 rx
AES-GCM ucast:128-bit <xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> rsc 0 tsc 0 tx+rx
Sponsored by: The FreeBSD Foundation
Reviewed by: adrian
Differential Revision: https://reviews.freebsd.org/D50555
(cherry picked from commit 164bf9ffbe1a9fc8768b2f597fd4b32b3e406ac1)
Add a variable when querying the BSSID so we can later use it rather
than losing the "data" buffer.
When printing key information also query the node unicast key if in
STA mode (the key for the BSSID). Do not error in case we fail.
This is helpful for debugging mostly; was also useful when testing
GCMP support.
Sponsored by: The FreeBSD Foundation
Reviewed by: adrian
Differential Revision: https://reviews.freebsd.org/D50554
(cherry picked from commit e277735ce05911aaee336cd61ec3a12435f46d8d)
While we currently do not print the STA unicast key (PTK) we will not
see this but it is for fullness and in preparations for follow-up
hanges.
Sponsored by: The FreeBSD Foundation
Reviewed by: adrian
Differential Revision: https://reviews.freebsd.org/D50553
(cherry picked from commit 54ad06cad10c3822784389b0956f92a1c7041abd)
We don't support setting netmask or broadcast address for INET6
addresses, and trying to do crashes ifconfig. Handle this the
same way as af_link, by rejecting attempts to configure these
parameters.
PR: 286910
Reported by: Hayzam Sherif <hayzam@alchemilla.io>
MFC after: 3 days
Reviewed by: zlei, kevans, des, cy
Approved by: kevans (mentor)
Differential Revision: https://reviews.freebsd.org/D50413
(cherry picked from commit 59ee9260e6bbcc3b5654126eed6e9490315c81f1)
ifconfig tests: remove incorrect #!
Fixes: 59ee9260e6bb ("ifconfig: reject netmask and broadcast for inet6")
Reviewed by: des
Differential Revision: https://reviews.freebsd.org/D50566
(cherry picked from commit 6ab70fbec4236a940275a42e301f76ade7faacbf)
The zfs command to do this is a bit longer and harder to remember. In
the last few releases mount(8) learned how to do this, so lets show it
in the manual.
MFC after: 3 days
Reported by: Jan Bramkamp <crest+freebsd@rlwinm.de>
Discussed with: cperciva, emaste
Reviewed by: mhorne
Approved by: mhorne (mentor)
Differential Revision: https://reviews.freebsd.org/D49988
(cherry picked from commit c3e06b23b4174c726d7d0ba131869e4aeee8067d)
Until July 2024, dhclient kept track of time as seconds-since-epoch as
a time_t. This was a problem because (a) we wanted sub-second timeouts
and (b) timeouts didn't always do the right thing if the system clock
changed.
Switching to using CLOCK_MONOTONIC and struct timespec fixed those
issues but introduced a new problem: CLOCK_MONOTONIC values were being
intepreted as seconds-since-epoch and written to the dhclient.leases
file, causing confusion with DHCP leases expiring in early 1970.
Attempt to compromise between these by keeping track of both times;
any type within dhclient which is a time_t now refers to seconds past
the epoch, while any struct timespec value is a CLOCK_MONOTONIC time.
PR: 283256
Reviewed by: dch
Fixes: f0a38976b01e ("dhclient: Use clock_gettime() instead of time()")
Sponsored by: Amazon
Differential Revision: https://reviews.freebsd.org/D49720
(cherry picked from commit 43d19e6a4c42ade0f276ceca18a09e2e3829fce4)
Just as for nat anchors we can't print counters for rule anchors. Remove the
incorrect print call.
MFC after: 2 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")
(cherry picked from commit 0fc3c29fb3dd6ab6436a78c502544ebf2cf63ee2)
When printing a nat anchor we don't have rule information, or rule
counters. Do not attempt to print them. The information is nonsensical
anyway, and this can cause a crash converting the timestamp to a string,
as years in the very distant future use more digits, and we exceed the
30 byte buffer allocated for this.
MFC after: 2 weeks
Sponsored by: Orange Business Services
(cherry picked from commit 168d873ae41fd8bd40555322a79c9f215cb4cb9c)
+ add `(FAT)` to all descriptions to enable `apropos fat`
+ xref all msdosfs(4) utilities in base to msdosfs(4)
+ xref msdosfs(4) to all msdosfs(4) utilities
+ remove unrelated fsck_ffs(8) from fsck_msdos(8)
MFC after: 3 days
Reviewed by: mhorne
Approved by: mhorne (mentor)
Pull Request: https://github.com/freebsd/freebsd-src/pull/1557
(cherry picked from commit 93f4377caba08e4a47fb9f1878bf609bd4181564)
pfctl_show_nat() is called recursively to print nat anchors. This passes the
anchor path, but this path was modified by pfctl_show_nat(), leading to issues
printing the anchors.
Make a copy of the path ('npath') before we modify it. Ensure we do this
correctly by sprinking in 'const', and add a test case to verify that we do now
print things correctly.
Reported by: Thomas Pasqualini <thomas.pasqualini@orange.com>
MFC after: 2 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")
(cherry picked from commit 58164dcb55d62ca73b5e550b8344bf61e2d8a47a)
since the creation of libudev-devd, but also with powerd, recent libusb
changes etc. 10 client is not enough anymore to cover the desktop needs
and end users often ends up with:
sonewconn: pcb 0xfffff8004dd43780 (local:/var/run/devd.seqpacket.pipe)...
raise the maximum allowed client to 50, which should be enough to cover
user requirements.
MFC After: 1 week
(cherry picked from commit 5682eee1efd35fb65751641181ae2a50d86efaab)
ieee80211_setupcurchan() compares the flags in a greater than manner.
In this case VHT160 should be > VHT80P80 as it is preferable.
Swap the two flags and add a comment to note this.
Sponsored by: The FreeBSD Foundation
Reviewed by: adrian
Differential Revision: https://reviews.freebsd.org/D48976
(cherry picked from commit 8f2e5b6ef32304ce340b91057b1eb4b191dbeac1)
If rule was added in compact form and rule body is empty, print
'proto ip' opcode to be compatible with ipfw(8) syntax parser.
Before:
$ ipfw add allow proto ip
000700 allow
After:
$ ipfw add allow proto ip
000700 allow proto ip
(cherry picked from commit 706a03f61bbb6e0cf10e6c3727966495b30d763e)
Also hide the other vht options on -vht and only show vht40/80/160/80p80
when vht is enabled.
While here fix some whitespace and comments.
Sponsored by: The FreeBSD Foundation
Reviewed by: adrian, emaste
Differential Revision: https://reviews.freebsd.org/D48326
(cherry picked from commit 42410c6d682c4e00ce6147f99b51a55f6f3fe075)
Anyone testing VHT options would wonder about these extra two printfs
by now. Remove them from the tree before I have to do so locally again
in another branch.
Sponsored by: The FreeBSD Foundation
Fixes: e9bb7f9aa1
Reviewed by: adrian, emaste
Differential Revision: https://reviews.freebsd.org/D48319
(cherry picked from commit 91a4107d6d3028acd96df96de33b8a7665d3eb03)
Add IEEE80211_FVHT_STBC_(TX|RX) flags to allow userspace to manage
if STBC will be allowed for VHT RX/TX.
For RX this will only allow us to turn it off but no fine grained
control of the number of supported spatial streams.
Introduce IEEE80211_FVHT_CHANWIDTH_MASK as a helper to make the
spelling out of the IEEE80211_FVHT_MASK more readable.
Update ifconfig to allow setting of these flags.
Sponsored by: The FreeBSD Foundation
Reviewed by: adrian
Differential Revision: https://reviews.freebsd.org/D47838
(cherry picked from commit 243f6925bf818a64f3c996c6a89fec6c8a6ff058)
Standardize the definition of a UFS dinode
Differential Revision: https://reviews.freebsd.org/D48472
(cherry picked from commit 1111a44301da39d7b7459c784230e1405e8980f8)
(cherry picked from commit aa90fbed151de512ab6e59f75df009533a15751f)
(cherry picked from commit 256389eaf158acaf67f0530764be8af68edee78c)
(cherry picked from commit 6cd973d903c8f214d84daf91eb75047631bf1618)
(cherry picked from commit e1ebda4458bbaf7d85fb803e20f3afc5441f24d9)
This allows the parent jail to retrieve or set kernel state when child
does not have sysctl(8) installed (e.g. light weighted OCI containers
or slim jails).
This is especially useful when manipulating jail prison or vnet sysctls.
For example, `sysctl -j foo -Ja` or `sysctl -j foo net.fibs=2`.
Reviewed by: dfr (previous version), markj
MFC after: 1 week
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D48618
(cherry picked from commit 08aa7128dea4d14811ae4a0225d7c678869cfe62)
