Allow users to choose to allow permitted SCTP connections to set up additional
multihomed connections regardless of the ruleset. That is, allow an already
established connection to set up flows that would otherwise be disallowed.
In case of if-bound connections we initially set the extra associations to
be floating, because we don't know what path they'll be taking when they're
created. Once we see the first traffic we can bind them.
MFC after: 2 weeks
Sponsored by: Orange Business Services
Differential Revision: https://reviews.freebsd.org/D48453
(cherry picked from commit e4f2733df8c9d2fd0c5e8fdc8bec002bf39811f3)
This version is based on
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
98f7e32f20d28ec452afb208f9cffc08448a2652 ( tag: v6.11 ).
Sponsored by: The FreeBSD Foundation
(cherry picked from commit a4128aad8503277614f2d214011ef60a19447b83)
These were reported by `mandoc -T lint ...` as errors.
The rendered output (in ascii and html) is not affected by this commit.
Additional clarification: there was a non-breaking space in
lib/libcasper/services/cap_grp/cap_grp.3.
Signed-off-by: Graham Percival <gperciva@tarsnap.com>
Reviewed by: mhorne
MFC after: 3 days
Sponsored by: Tarsnap Backup Inc.
Pull Request: https://github.com/freebsd/freebsd-src/pull/1449
(cherry picked from commit c8b31033c3971b2b7349804ffda0cea5e4835b40)
7f7ef494f1 introduced a compile time option PF_DEFAULT_TO_DROP to make
the pf(4) default rule to drop. While this change exposes a vnet loader
tunable 'net.pf.default_to_drop' so that users can change the default
rule without re-compiling the pf(4) module.
This change is similiar to that for IPFW [1].
1. 5f17ebf94d Convert IPFW_DEFAULT_TO_ACCEPT into a loader tunable 'net.inet.ip.fw.default_to_accept'
Reviewed by: #network, kp
MFC after: 2 weeks
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D39866
(cherry picked from commit c531c1d1462c45f7ce5de4f9913226801f3073bd)
This is derived from swills@ fork of the Juniper virtfs with many
changes by me including bug fixes, style improvements, clearer layering
and more consistent logging. The filesystem is renamed to p9fs to better
reflect its function and to prevent possible future confusion with
virtio-fs.
Several updates and fixes from Juniper have been integrated into this
version by Val Packett and these contributions along with the original
Juniper authors are credited below.
To use this with bhyve, add 'virtio_p9fs_load=YES' to loader.conf. The
bhyve virtio-9p device allows access from the guest to files on the host
by mapping a 'sharename' to a host path. It is possible to use p9fs as a
root filesystem by adding this to /boot/loader.conf:
vfs.root.mountfrom="p9fs:sharename"
for non-root filesystems add something like this to /etc/fstab:
sharename /mnt p9fs rw 0 0
In both examples, substitute the share name used on the bhyve command
line.
The 9P filesystem protocol relies on stateful file opens which map
protocol-level FIDs to host file descriptors. The FreeBSD vnode
interface doesn't really support this and we use heuristics to guess the
right FID to use for file operations. This can be confused by privilege
lowering and does not guarantee that the FID created for a given file
open is always used for file operations, even if the calling process is
using the file descriptor from the original open call. Improving this
would involve changes to the vnode interface which is out-of-scope for
this import.
Differential Revision: https://reviews.freebsd.org/D41844
Reviewed by: kib, emaste, dch
MFC after: 3 months
Co-authored-by: Val Packett <val@packett.cool>
Co-authored-by: Ka Ho Ng <kahon@juniper.net>
Co-authored-by: joyu <joyul@juniper.net>
Co-authored-by: Kumara Babu Narayanaswamy <bkumara@juniper.net>
It was pointed out that the current approach of exhaustively searching
for a free source port might be very time consuming. Limit the amount
of work that we might do before giving up.
Reviewed by: kp
Reported by: Eirik Øverby <ltning-freebsd@anduin.net>
MFC after: 3 months
Sponsored by: Klara, Inc.
Sponsored by: Modirum
Differential Revision: https://reviews.freebsd.org/D46495
(cherry picked from commit 339a1977c32414f3d23733504955245ca6f3802d)
If NAT rules cause inbound connections to different external IPs to be
mapped to the same internal IP, and some application uses the same
source port for multiple such connections, rdr translation may result in
conflicts that cause some of the connections to be dropped.
Address this by letting rdr rules detect state conflicts and modulate
the source port to avoid them.
Reviewed by: kp, allanjude
MFC after: 3 months
Sponsored by: Klara, Inc.
Sponsored by: Modirum
Differential Revision: https://reviews.freebsd.org/D44488
(cherry picked from commit 9897a66923a3e79c22fcbd4bc80afae9eb9f277c)
Reload is used for service reconfiguration as well
and lacks a NAME_prepend-like mechanism so it makes
sense to extend the NAME_reload hook into this
action.
precmd may use configuration checks and blocks setup
from doing its designated work (e.g. nginx). In moving
the invoke of the setup script in front allows us to
provide custom scripts for config file generation and
fixing prior to precmd checking configuration integrity.
Also introduce _run_rc_setup to separate the launcher
from the main one. Let it run correctly in the case
of restart_precmd and block further execution as
would be the case in start due to the internal plumbing
of restart being split into calling stop and start
afterwards.
PR: https://reviews.freebsd.org/D36259
The Release Hardware Notes are generated from hardware sections in the
manual pages. Create or organize these sections in Wi-Fi driver manuals
for information flow, and perform minor maintenance on them while here.
After some testing, we have determined that a compact column list is
the best for a single column listing in the hardware release notes.
This makes very clean subsections and is for some reason denser than
using a tagged list.
This adds the long requested conversion from netmask to cidr examples.
These examples probably shouldn't even be here, but that is a discussion
for another day.
Reported by: bz (relnotes generation, cidr, test-net-1 ip4addr)
Reported by: grahamperrin (HARDWARE order mentioned in fdp-primer)
Reported by: Graham Percival <gperciva@tarsnap.com> (don't prompt)
Reviewed by: bz (anything wrong likely is my polishing fault; incl. iwm.4)
Approved by: re (cperciva)
Differential Revision: https://reviews.freebsd.org/D47508
(cherry picked from commit 8f1a2d507e25e77d20a5d7675dc8eee9b83d3570)
(cherry picked from commit 93b30f1b6caec5083efacf3fb5049b72e75cc09e)
(cherry picked from commit 6c140ba126)
Not all of the tree is happy for realinstall to be done in parallel. In
particular, Makefile.inc1 uses .WAIT to force etc to be installed after
earlier subdirectories, since etc calls into share/man's makedb to run
makewhatis on the tree and needs all manpages to have been installed.
Also, libexec/Makefile doesn't set SUBDIR_PARALLEL, and the link from
ld-elf32.1 to ld-elf.1 relies on rtld-elf having been installed before
rtld-elf32, otherwise creating the link will fail.
In general, core behavioural differences like this between NO_ROOT and
"normal" builds are also dangerous and confusing.
If this optimisation is deemed important, it should be reintroduced in a
more limited and robust manner that doesn't break the above situations.
Until then value correctness over slight efficiency gains on high core
count machines, the same machines where you're more likely to encounter
issues from this optimisation.
This reverts commits cd19ecdbdc ("Similar to r296013 for NO_ROOT,
force SUBDIR_PARALLEL for buildworld WORLDTMP staging.") and
b9c6f31681 ("Add more STANDALONE_SUBDIR_TARGETS.").
Approved by: re (cperciva)
Found by: CheriBSD Jenkins
Reviewed by: bdrewery, brooks
Fixes: cd19ecdbdc ("Similar to r296013 for NO_ROOT, force SUBDIR_PARALLEL for buildworld WORLDTMP staging.")
Fixes: b9c6f31681 ("Add more STANDALONE_SUBDIR_TARGETS.")
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D43705
(cherry picked from commit fbae308319b7678cd9d879f60b1efd8d4c99b5eb)
(cherry picked from commit 125ce840bc)
This adds three OCI archive format files to the release containing
FreeBSD base images suitable for static linked, dynamic linked and shell
workloads. The shell image also contains pkg-bootstrap and can be easily
extended by installing packages (including pkgbase packages).
Approved by: re (cperciva)
Reviewed by: dch, cpersiva, jlduran, zlei
Differential Revision: https://reviews.freebsd.org/D46759
MFC after: 2 days
(cherry picked from commit d03c82c28da86e0812b98b051d24ae5980804ad7)
(cherry picked from commit 6686056ca3)
MFC after: 3 days
Signed-off-by: Paula Breton <git@breton.xyz>
(cherry picked from commit e7f0f4f9206e8b0f411847b293c7b79eb84f0e51)
(cherry picked from commit 3e3e2c6328)
Approved by: re (cperciva)
syscons(4) is not compatible with UEFI, does not support UTF-8, and is
Giant-locked. There is no specific timeline yet for removing it, but
support for the Giant lock is expected to go away in one or two major
release cycles. Add a deprecation notice to avoid surprises, and help
ensure that any material deficiencies in vt(4) become known.
Reviewed by: manu, markj, imp
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D47396
(cherry picked from commit fc2a3ec6fe6aa00d9be0c293c38e0ef9ac7e2b64)
(cherry picked from commit 8c922db4f3)
Approved by: re (cperciva)
This commit adds support for receiving LLQ entry size recommendation
from the device. The driver will use the recommended entry size, unless
the user specifically chooses to use regular or large LLQ entry.
Also added enum ena_llq_header_size_policy_t and llq_plociy field in
order to support the new feature.
Approved by: cperciva (mentor)
Sponsored by: Amazon, Inc.
(cherry picked from commit b1c38df05d79c81ee1e9fd0942774820a4ffcb63)
This commit updates all the license signatures to 2024.
Approved by: cperciva (mentor)
Sponsored by: Amazon, Inc.
(cherry picked from commit 8d6806cd08c093fc001db1f94cf122368b8d1549)
Add devices supported by this driver to a HARDWARE section
for generation in the Hardware Compatibility Notes.
While here:
- describe more consistently with product doc and rest of manual
- consolidate basics in first paragraph of description
- mention boot time configuration
- cross-ref networking(7) quick start guide
- zap deprecated Tn, macro in list width, and "Dq Li" => "Ql"
- markup some unmarked elements
- add SPDX tag
Differential Revision: https://reviews.freebsd.org/D47170
(cherry picked from commit fa573868f187956b384722a90392866769f4965a)
Add devices supported by this driver to a HARDWARE section
for inclusion in the release Hardware Compatibility Notes.
While here:
- add SPDX tag
- add networking(7) cross-ref quick start guide
- tweak examples for consistency
Differential Revision: https://reviews.freebsd.org/D47168
(cherry picked from commit 545dbf9d5fadfab591350c7c504b8e4bd113ba7b)
WITH_LOADER_BIOS_TEXTONLY is now the default so document
WITHOUT_LOADER_BIOS_TEXTONLY.
Fixes: 23dee252daf2 loader: Change this BIOS tradeoff...
(cherry picked from commit 50b5a37a12d032085276b1f0ebb5f92c0cabed32)
After talking with a number of people about the removal of some things
to make the loader fit, readjust things a little.
Add back GZIP and BZIP2 compression support. Many of the downstream MFC
packaging systems depend on this. This adds back 20k to the size of the
loader.
Make the boot loader text-only by default. This saves 40k in size. Net,
we're 20k smaller. The graphics loader for BIOS is less useful than the
zip functionality: You can still boot w/a text only one it and you can
build a custom one if you really want it. It's also the default we use
for dual console.
This should be merged back into stable/14 and stable/13 so it's in the
next release for each of these. That way we have only one release (13.4)
with the other defaults.
MFC After: 3 days
Sponsored by: Netflix
Reviewed by: olce, rgrimes, emaste
Differential Revision: https://reviews.freebsd.org/D47203
(cherry picked from commit 23dee252daf2ff60e521c9c019e64134b63ce90f)
+ add controller name to title for search keywords
- remove "for the freebsd operating system" from title/search keywords
- remove `(R)` from the page title for consistency with other drivers
- increase specificity of HARDWARE for inclusion in Release HW Notes
- order HARDWARE in reverse chronological so non-eol appear first
- s/PCI/PCIe/
Reported by: kbowling (additional hardware supported)
Pull Request: https://github.com/freebsd/freebsd-src/pull/1494
(cherry picked from commit 2d28fd51e5b9d8ef184445dfa204f6ba22d460a5)
FALLTHROUGH is intended for a block of code that cascades to the next
case block. Multiple case statements sharing a single block of code do
not need a FALLTHROUGH comment.
Reviewed by: imp, markj, jhb
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D47242
(cherry picked from commit d55d5dd9f7adcffa6a1f2a49956d7fd7d549aba1)
Flow-director support is not fully implemented and will cause
errors if enabled. Mention this in the ixgbe(4) manual.
PR: 202663
Co-authored-by: Alexander Ziaee <concussious@runbox.com>
Pull Request: https://github.com/freebsd/freebsd-src/pull/1493
(cherry picked from commit 20b823a59bc7419a6f93ec5097bd5ee524c20981)
Each netmap adapter associated with a physical adapter is attached to a
netmap memory pool. contigmalloc() is used to allocate physically
contiguous memory for the pool, but ideally we would ensure that all
such memory is allocated from the NUMA domain local to the adapter.
Augment netmap's memory pools with a NUMA domain ID, similar to how
IOMMU groups are handled in the Linux port. That is, when attaching to
a physical adapter, ensure that the associated memory pools are local to
the adapter's associated memory domain, creating new pools as needed.
Some types of ifnets do not have any defined NUMA affinity; in this case
the domain ID in question is the sentinel value -1.
Add a sysctl, dev.netmap.port_numa_affinity, which can be used to enable
the new behaviour. Keep it disabled by now to avoid surprises in case
netmap applications are relying on zero-copy optimizations to forward
packets between ports belonging to different NUMA domains.
Reviewed by: vmaffione
MFC after: 2 weeks
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D46666
(cherry picked from commit 1bae9dc584272dd75dc4e04cb5d73be0e9fb562a)
It turns out the new libc++ 19 headers result in a -Werror warning from
gcc 13:
In file included from /usr/obj/usr/src/freebsd/src/amd64.amd64/tmp/usr/include/c++/v1/__memory/shared_ptr.h:31:
/usr/obj/usr/src/freebsd/src/amd64.amd64/tmp/usr/include/c++/v1/__memory/uninitialized_algorithms.h: In instantiation of 'constexpr void std::__1::__uninitialized_allocator_relocate(_Alloc&, _Tp*, _Tp*, _Tp*) [with _Alloc = allocator<basic_string<char> >; _Tp = basic_string<char>]':
/usr/obj/usr/src/freebsd/src/amd64.amd64/tmp/usr/include/c++/v1/vector:1052:42: required from 'void std::__1::vector<_Tp, _Alloc>::__swap_out_circular_buffer(std::__1::__split_buffer<_Tp, _Allocator&>&) [with _Tp = std::__1::basic_string<char>; _Allocator = std::__1::allocator<std::__1::basic_string<char> >]'
/usr/obj/usr/src/freebsd/src/amd64.amd64/tmp/usr/include/c++/v1/vector:1469:31: required from 'void std::__1::vector<_Tp, _Alloc>::reserve(size_type) [with _Tp = std::__1::basic_string<char>; _Allocator = std::__1::allocator<std::__1::basic_string<char> >; size_type = long unsigned int]'
/usr/src/freebsd/src/contrib/googletest/googletest/src/gtest.cc:795:27: required from here
/usr/obj/usr/src/freebsd/src/amd64.amd64/tmp/usr/include/c++/v1/__memory/uninitialized_algorithms.h:645:21: error: 'void* __builtin_memcpy(void*, const void*, long unsigned int)' writing to an object of type 'std::__1::__remove_const_t<std::__1::basic_string<char> >' {aka 'class std::__1::basic_string<char>'} with no trivial copy-assignment; use copy-assignment or copy-initialization instead o[-Werror=class-memaccess]
645 | __builtin_memcpy(const_cast<__remove_const_t<_Tp>*>(__result), __first, sizeof(_Tp) * (__last - __first));
| ~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from /usr/obj/usr/src/freebsd/src/amd64.amd64/tmp/usr/include/c++/v1/__system_error/error_category.h:15,
from /usr/obj/usr/src/freebsd/src/amd64.amd64/tmp/usr/include/c++/v1/__system_error/error_code.h:18,
from /usr/obj/usr/src/freebsd/src/amd64.amd64/tmp/usr/include/c++/v1/__ostream/basic_ostream.h:16:
/usr/obj/usr/src/freebsd/src/amd64.amd64/tmp/usr/include/c++/v1/string:752:7: note: 'std::__1::__remove_const_t<std::__1::basic_string<char> >' {aka 'class std::__1::basic_string<char>'} declared here
752 | class basic_string {
| ^~~~~~~~~~~~
Since this is all benign, turn off errors for -Wclass-memaccess.
PR: 280562
MFC after: 3 days
(cherry picked from commit a3a88aa132605c5d42153a419c0e129296dec467)
Currently the lib32 crt files (/usr/lib32/Scrt1.o etc.) are placed in
the clibs-dev package rather than the clibs-dev-lib32 package.
The /usr/lib32/dtrace/drti.o file is similarly placed in the dtrace
package rather than the dtrace-lib32 package.
Splitting shared libraries in /usr/lib32 into a -lib32 package is
handled in bsd.lib.mk by adding "lib32" to TAGS. However bsd.files.mk
ignores TAGS and only honors ${group}TAGS since 144c442.
This patch changes the behavior of bsd.files.mk to honor TAGS if the
default FILES group is used. This matches the handling of PACKAGE, which
is also ignored unless the default FILES group is used.
With this patch, both the clibs and dtrace package are split correctly.
PR: 249145
Reviewed by: bapt
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D46991
(cherry picked from commit d5e9faf1f3291d0af9dcdd53ccdaf0971e5d8f63)
Reviewed by: bapt
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D47111
(cherry picked from commit 6abd77142153cc0f5ce49f3ffb38bc91f3444fae)
Showcase how to detach ppt from a PCI device and attach a host driver,
and vice-versa.
MFC after: 2 days
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D46811
(cherry picked from commit 9ad2891558729b1c1ad4ba02377b157e404a3da2)
iwlwifi.4 and rtw88.4 did not show up in the hardware list in the
release notes for 13.4.
The doc/website/tools/hardware-notes-processor.rb script parses
the .Sh HARDWARE section to automagically create a note once the
manual page is listed in the website/archetypes/release/hardware.adoc
file.
While here update the other committed man pages not yet connected
to the build.
Reported by: re (cperciva), grahamperrin
Sponsored by: The FreeBSD Foundation
Reviewed by: concussious.bugzilla_runbox.com (Alexander Ziaee)
Differential Revision: https://reviews.freebsd.org/D46851
(cherry picked from commit 5dbb0b7c19cf40ab6562c03396d245cf3a7374fe)
After two years, add the initial man page and hook Realteks rtw89
driver up to the build for more people to test given successful
reports.
devd.conf is already providing support based on the rtw<n+> regex.
The driver uses the LinuxKPI compat layer.
Firmware is provided by ports: net/wifi-firmware-rtw89-kmod or
one of the flavours. People are advised to used fwget(8) to
automatically install the correct firmware for their chipset.
Please note that for the moment the driver requires a tunable to
be set in loader.conf: compat.linuxkpi.skb.mem_limit=1
Many thanks to everyone who in the last two years helped testing,
debugged, submitted patches to get the driver to this stage where
initial functionality seems working.
Sponsored by: The FreeBSD Foundation
(cherry picked from commit 310c31d3f04ef9d3ebe598fd076d017a48d0ca0d)
