This patch provides UDP encapsulation of ESP packets over IPv6.
Ports the IPv4 code to IPv6 and adds support for IPv6 in udpencap.c
As required by the RFC and unlike in IPv4 encapsulation,
UDP checksums are calculated.
Co-authored-by: Aurelien Cazuc <aurelien.cazuc.external@stormshield.eu>
Sponsored-by: Stormshield
Sponsored-by: Wiktel
Sponsored-by: Klara, Inc.
Fix KASSERT in 80044c78 causing build failures
Move the KASSERT to where struct ip6_hdr is populated
Fixes: 80044c785c
Reported-by: bapt
Reviewed-by: markj
Sponsored-by: Klara, Inc.
- Bump BRANCH to RELEASE
- Add the anticipated RELEASE announcement date
- Set a static __FreeBSD_version
Approved by: re (implicit)
Sponsored by: https://www.patreon.com/cperciva
When the stable/13 branch was created the userland knob (in
share/mk/src.opts.mk) was changed to default to yes, but the kernel
default was not changed. These two should always have the same default.
Regenerate src.conf.5, as the differing defaults previously confused
`makeman`.
Fixes: bfd1570515 ("Create the stable/13 branch")
Sponsored by: The FreeBSD Foundation
Approved by: re (cperciva)
(cherry picked from commit d8644a5d2458588dd7d8e44bd23c6cacaead19b7)
(cherry picked from commit 3a8e15354e)
Update from PRERELEASE to BETA1
Switch pkg(8) configuration to use the quarterly repository
Bump __FreeBSD_version
Approved by: re (implicit)
Sponsored by: https://www.patreon.com/cperciva
This is intended to be used with the upcoming ice 1.39.13-k
driver update, but is still backwards compatible with
previous versions of the driver.
Signed-off-by: Eric Joyner <erj@FreeBSD.org>
Sponsored by: Intel Corporation
(cherry picked from commit 768329961d)
Instead of compiling the whole sys/arm64/arm64/vfp.c file without
-mgeneral-regs-only, which might have unwanted side effects, add
".arch_extension fp" / ".arch_extension nofp" pairs to the inline
assembly.
PR: 276104
Suggested by: andrew
MFC after: 1 month
(cherry picked from commit 61e482f2fc)
Apparently clang 18 has become more strict about using floating point
registers in inline assembly when -mgeneral-regs-only is used. This
causes sys/arm64/arm64/vfp.c to fail to compile, with "error:
instruction requires: fp-armv8", and "error: expected readable system
register".
To fix it, similar to other files compiled for arm64, disable
-mgeneral-regs-only for this particular file.
PR: 276104
MFC after: 1 month
(cherry picked from commit f4d93b6761)
This marks the start of the FreeBSD 14.1 release cycle; the stable/14
tree is now in "code slush".
Developers are encouraged to prioritize fixing bugs (and/or merging bug
fixes from HEAD) over new features at this time. Commit approval from
re@ is not required but if new features introduce problems they may be
removed from the release.
Approved by: re (implicit)
This patch introduces support for the RISC-V APLIC interrupt controller
[1]. Currently, it is only supports direct mode, i.e. without an IMSIC
and functionally replacing the legacy RISC-V PLIC. Work on IMSIC support
is in progress.
[1] https://github.com/riscv/riscv-aia/releases/tag/1.0
Reviewed by: mhorne
Discussed with: jrtc27
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D43293
(cherry picked from commit ee91dae43d)
Currently the snd_clone framework creates device nodes on-demand for
every channel, through the dsp_clone() callback, and is responsible for
routing audio to the appropriate channel(s). This patch gets rid of the
whole snd_clone framework (including any related sysctls) and instead
uses DEVFS_CDEVPRIV(9) to handle device opening, channel allocation and
audio routing. This results in a significant reduction in code size as
well as complexity.
Behavior that is preserved:
- hw.snd.basename_clone.
- Exclusive access of an audio device (i.e VCHANs disabled).
- Multiple processes can read from/write to the device.
- A device can only be opened as many times as the maximum allowed
channel number (see SND_MAXHWCHAN in pcm/sound.h).
- OSSv4 compatibility aliases are preserved.
Behavior changes:
Only one /dev/dspX device node is created (on attach) for each audio
device, as opposed to the current /dev/dspX.Y devices created by
snd_clone. According to the sound(4) man page, devices are not meant to
be opened through /dev/dspX.Y anyway, so it is best if we do not create
device nodes for them in the first place. As a result of this, modify
dsp_oss_audioinfo() to print /dev/dspX in the "ai->devnode", instead of
/dev/dspX.Y.
Sponsored by: The FreeBSD Foundation
MFC after: 2 months
Reviewed by: dev_submerge.ch, bapt, markj
Differential Revision: https://reviews.freebsd.org/D44411
(cherry picked from commit e8c0d15a64)
In the absence of -fsanitize=kernel-memory, the presence of this flag
results in a -Wunused-command-line-argument warning.
MFC after: 1 week
(cherry picked from commit 2ae32f1f8f)
Move the code from the arm specific to the iicbus controller directory.
Split up between general logic and bus attachment code.
Add support for ACPI attachment in addition to FDT.
Tested by: bz (LS1088a FDT), Pierre-Luc Drouin (Honeycomb, ACPI)
Based on: D24917 by Val Packett (initial early version)
(cherry picked from commit 5ca8e32633)
Enabling 11n for ath(4) so far was handled by a kernel option, which
was only enabled for certain kernel configurations.
In order to allow loading ath(4) as a module with 11n support on
all platforms, remove the kernel option and unconditionally enable
11n in ath(4).
Reported by: pkubaj
Reviewed by: adrian, imp
(cherry picked from commit 89c1e54a71)
OpenSSL itself keeps only a single copy of this header. Do the same in
sys/crypto/openssl to avoid the extra maintenance burden. This requires
adjusting the include paths for generated asm files.
No functional change intended.
Reported by: jrtc27
Reviewed by: jhb
MFC after: 3 months
Differential Revision: https://reviews.freebsd.org/D42866
(cherry picked from commit e655cc70df)
OpenSSL provides implementations of several AES modes which use
bitslicing and can be accelerated on CPUs which support the NEON
extension. This patch adds arm platform support to ossl(4) and provides
an AES-CBC implementation, though bsaes_cbc_encrypt() only implements
decryption. The real goal is to provide an accelerated AES-GCM
implementation; this will be added in a subsequent patch.
Initially derived from https://reviews.freebsd.org/D37420.
Reviewed by: jhb
Sponsored by: Klara, Inc.
Sponsored by: Stormshield
MFC after: 3 months
Differential Revision: https://reviews.freebsd.org/D41304
(cherry picked from commit 44f8e1e853)
Just skip compiling this file if RACCT isn't defined. This allows to
skip including headers that no code uses at all, and also to remove the
whole file's #ifdef/#endif bracketing.
Reviewed by: markj
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
(cherry picked from commit 7fa08d4152)
Approved by: emaste (mentor)
[Why]
`linux_compat.c` is already too long. I will need to add `struct kset`
in a follow-up commit, so let's move the existing `struct kobject` code
to its own file.
Reviewed by: manu
Approved by: manu
Differential Revision: https://reviews.freebsd.org/D43019
(cherry picked from commit 80446fc7b5)
Now that kldxref is a generic cross tool and can be built on non-FreeBSD
we can bootstrap it during the build and thus remove the condition for
whether it exists. We also need to make sure to add it to the METALOG
for -DNO_ROOT builds.
Reviewed by: brooks, imp
Differential Revision: https://reviews.freebsd.org/D43051
(cherry picked from commit ff7c12c1f1)
The option was introduced in LLVM 16.
Fixes: b6c653c974 ("kmsan: Set -fno-sanitize-memory-param-retval for now")
MFC after: 1 week
Sponsored by: Klara, Inc.
Sponsored by: Juniper Networks, Inc.
(cherry picked from commit d682a91726)
Compiling the BBR or RACK stack into the kernel requires HPTS to be
compiled into the kernel.
Reviewed by: glebius, rscheff
Sponsored by: Netflix, Inc.
Differential Revision: https://reviews.freebsd.org/D42998
(cherry picked from commit 793e4aca9e)
Put same copyright header as tcp_hpts.c has, since all this code
was developed by Randall Stewart <rrs@FreeBSD.org> as a part of
the HPTS work. Also copy Mellanox copyright from tcp_lro.c as
Hans Petter Selasky also participated in restructuring the code.
Reviewed by: imp, tuexen, rrs
Differential Revision: https://reviews.freebsd.org/D42854
(cherry picked from commit 4f9c93f16c)
While here, drop the EXTRA_TCP_STACKS option, which serves no purpose and
should never have been added. Instead, build bbr and rack as long as
either or both of INET and INET6 is enabled. There is no risk to anyone
who doesn't load one or both and then twiddle the relevant sysctls.
Differential Revision: https://reviews.freebsd.org/D42088
(cherry picked from commit 3a338c5341)
Version : 1.27.5.0
Date : 10/10/2023
=====================
Fixes
-----
BASE:
- Fixed handling the Remote Fault with AN, causing the link failure.
=====================
Obtained from: Chelsio Communications
Sponsored by: Chelsio Communications
(cherry picked from commit b1e82d3319)
By default this warns about sizes larger than PTRDIFF_MAX passed to
malloc (rather than SIZE_MAX). This doesn't trigger
deterministically, but it does trigger for kmalloc() of struct_size()
in iwlwifi's iwl_configure_rxq even when struct_size() is changed to
use PTRDIFF_MAX. NB: struct_size() in Linux caps the size at
SIZE_MAX, not PTRDIFF_MAX via size_mul().
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D42587
(cherry picked from commit ede077bf2a)
During recent testing related to the IETF NFSv4 Bakeathon, it was
discovered that Kerberized NFSv4.1/4.2 mounts to pNFS servers
(sec=krb5[ip],pnfs mount options) was broken.
The FreeBSD client was using the "service principal" for
the MDS to try and establish a rpcsec_gss credential for a DS,
which is incorrect. (A "service principal" looks like
"nfs@<fqdn-of-server>" and the <fqdn-of-server> for the DS is not
the same as the MDS for most pNFS servers.)
To fix this, the rpcsec_gss code needs to be able to do a
reverse DNS lookup of the DS's IP address. A new kgssapi upcall
to the gssd(8) daemon is added by this patch to do the reverse DNS
along with a new rpcsec_gss function to generate the "service
principal".
A separate patch to the gssd(8) will be committed, so that this
patch will fix the problem. Without the gssd(8) patch, the new
upcall fails and current/incorrect behaviour remains.
This bug only affects the rare case of a Kerberized (sec=krb5[ip],pnfs)
mount using pNFS.
This patch changes the internal KAPI between the kgssapi and
nfscl modules, but since I did a version bump a few days ago,
I will not do one this time.
(cherry picked from commit dd7d42a1fa)
As of LLVM 16, -fsanitize-memory-param-retval is the default. It yields
significantly smaller code, but the KMSAN runtime interceptors need to
be updated to stop checking shadow state of parameters. Apply a minimal
workaround for now.
MFC after: 3 days
Sponsored by: Klara, Inc.
Sponsored by: Juniper Networks, Inc.
(cherry picked from commit b6c653c974)
This is a simple RTC driver for the rv3032 from Microcrystal.
Just the basic functionality is implemented (no timer, alarm etc ..).
Sponsored by: Beckhoff Automation GmbH & Co. KG
Differential Revision: https://reviews.freebsd.org/D41995
(cherry picked from commit 1d6a6a5244)
This IP is found in Xilinx SoC, it only been tested on ZynqMP (arm64)
so only enable it there for now.
Differential Revision: https://reviews.freebsd.org/D41994
(cherry picked from commit 137b58e4d2)
No reason that they should live directly under iicbus
Sponsored by: Beckhoff Automation GmbH & Co. KG
Differential Revision: https://reviews.freebsd.org/D41913
(cherry picked from commit 7c569caa0a)
It lives in the gpio subdirectory
Sponsored by: Beckhoff Automation GmbH & Co. KG
Differential Revision: https://reviews.freebsd.org/D41912
(cherry picked from commit 918a10c9f7)
