Allow pf to limit packets to a specified maximum size. This applies to all
packets, and if reassembly is enabled, looks at the reassembled size, not the
size of individual fragments.
Sponsored by: Rubicon Communications, LLC ("Netgate")
Currently, if `readdir()` fails, `scandir()` simply returns a partial
result (or a null result if it fails before any entries were selected).
There is no way within the current API design to return both a partial
result and an error indicator, so err on the side of caution: if an
error occurs, discard any partial result and return the error instead.
MFC after: 1 week
Reported by: Maxim Suhanov <dfirblog@gmail.com>
Sponsored by: Klara, Inc.
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D51046
allows things like
pass in proto icmp max-pkt-rate 100/10
all packets matching the rule in the direction the state was created are
taken into consideration (typically: requests, but not replies).
Just like with the other max-*, the rule stops matching if the maximum is
reached, so in typical scenarios the default block rule would kick in then.
with input from Holger Mikolon
ok mikeb
Obtained from: OpenBSD, henning <henning@openbsd.org>, 5a4ae9a9cb
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D50798
Application can use libusb_get_pollfds to get pollfds from libusb then
close the fd themselves. This cause the hotplug thread unable to leave
because it will be consider as a invalid event then loop forever instead
of a broken event that should be quit immediately.
Reviewed by: bapt
Sponsored by: FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D50959
The flag was added in b75a1171d8 for the sake of Varnish. However, that
idea didn't work. Quoting email from Poul-Henning:
"We had to give up sendfile(), the overhead of keeping track of everything
between the network stack and VM system made ate any gain we saw. ... I
dont think we ever shipped a version where sendfile was enabled by
default."
PR: 287348
The O_RESOLVE_BENEATH openat(2) flag restricts name lookups such that
they remain under the directory referenced by the dirfd. This commit
introduces an implicit version of the flag, FD_RESOLVE_BENEATH, stored
in the file descriptor entry. When the flag is set, any lookup relative
to that fd automatically has O_RESOLVE_BENEATH semantics. Furthermore,
the flag is sticky, meaning that it cannot be cleared, and it is copied
by dup() and openat().
File descriptors with FD_RESOLVE_BENEATH set may not be passed to
fchdir(2) or fchroot(2). Various fd lookup routines are modified to
return fd flags to the caller.
This flag will be used to address a case where jails with different root
directories and the ability to pass SCM_RIGHTS messages across the jail
boundary can transfer directory fds in such as way as to allow a
filesystem escape.
PR: 262180
Reviewed by: kib
MFC after: 3 weeks
Differential Revision: https://reviews.freebsd.org/D50371
This seems to fit the pattern better (e.g. fdopendir()).
I've added weak references to ease the transition, but since it's only
been a few days, we can remove them (and the ObsoleteFiles entries for
the manual pages) before we branch stable/15.
Fixes: deeebfdeca
Sponsored by: Klara, Inc.
Reviewed by: kevans
Differential Revision: https://reviews.freebsd.org/D50980
Most importantly, they need to run without privileges, since root is
allowed to read a directory regardless of its permission bits.
PR: 287694
Fixes: 4d7c31bca2
Sponsored by: Klara, Inc.
Reviewed by: bnovkov
Differential Revision: https://reviews.freebsd.org/D50965
It is up to the code that organizes the runtime to properly set the
signal handler, and to set %fsbase if libthr signal handler is to be
called. The change should leave the CPU state on the signal handler
entry identical to what it was before introduction of TLSBASE, for code
that provides its own startup and thread pointer, but still calls into
libthr as a hack.
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
amd64 kernels don't have to be loaded at 2M physical anymore, they can
be anywhere in the lower 4G of the physical address space. The kernel
now provides its physical address in an ELF section in the dump, so
account for it.
Reviewed by: markj
Approved by: imp (mentor)
Pull Request: https://github.com/freebsd/freebsd-src/pull/1706
In the previous commit, I removed the initial initialization of the
`names` array, not realizing that `scandir()` is expected to return
a non-null (but empty) array of entries if no entries matched.
Restore the historical behavior, document it, and add a test.
Fixes: deeebfdeca
Sponsored by: Klara, Inc.
Reviewed by: kevans, allanjude, markj
Differential Revision: https://reviews.freebsd.org/D50949
While here, clean up scandir() a bit and improve the documentation.
MFC after: never
Sponsored by: Klara, Inc.
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D50935
The practical scenario that leads to this is porch(1) spawning some
utility and sending it a SIGSTOP as a debugging aide. The user then
attaches a debugger and walks through how some specific input is
processed, then detaches to allow the script to continue. When ptrace
is detached, the process resumes execution but the parent is never
notified and may be stuck in wait(2) for it to continue or terminate.
Other platforms seem to re-suspend the process after the debugger is
detached, but neither behavior seems unreasonable. Just notifying the
parent that the child has resumed is a relatively low-risk departure
from our current behavior and had apparently been considered in the
past, based on pre-existing comments.
Move p_flag and p_xsig handling into childproc_continued(), as just
sending the SIGCHLD here isn't really useful without P_CONTINUED set
and the other caller already sets these up as well.
Reviewed by: kib, markj
Differential Revision: https://reviews.freebsd.org/D50917
Now that we have a _WANT_ZNODE we can use that instead of defining
_KERNEL, and we're able to move the code back into zfs.c using a real
znode_t pointer.
Whilst here, tidy the includes.
Reviewed by: imp, kib, markj
Differential Revision: https://reviews.freebsd.org/D50721
Defining _KERNEL is a historical hack that can often break due to the
environment not actually being that of a kernel build. Now that we have
other targeted macros we can define instead that don't have far-reaching
implications like _KERNEL we can drop this.
Reviewed by: imp, kib, markj
Differential Revision: https://reviews.freebsd.org/D50719
MIT KRB5 does not support telnet. This is because telnet uses 3DES
encryption, which requires 3DES encrypted keys in the KDC database.
As MIT had deprecated and removed 3DES support about a decade ago,
telnet is not supported.
Sponsored by: The FreeBSD Foundation
Reviewed by: markj
Differential revision: https://reviews.freebsd.org/D50785
MIT KRB5 provides its own libcom_err.
Sponsored by: The FreeBSD Foundation
Reviewed by: markj, emaste
Differential revision: https://reviews.freebsd.org/D50809
MIT KRB5 does not provide a krb5_make_principal() function. We need to
provide this ourselves for now. We provide the function for now while
MIT and Heimdal are both in the tree. When Heimdal is removed we can
inline the calls to krb5_get_default_realm() and
krb5_build_principal_va(). krb5_build_principal_va() is
deprecated in MIT KRB5. Its replacement, krb5_build_principal_alloc_va()
will be used instead at that time.
Sponsored by: The FreeBSD Foundation
Differential revision: https://reviews.freebsd.org/D50808
The eyeire.org pam-krb5 supports MIT KRB5 and Heimdal. FreeBSD will use
it to implement pam_krb5 for MIT KRB5. The existing libpam pam_krb5
only supports Heimdal and therefore cannot be used with the MIT KRB5
import.
Sponsored by: The FreeBSD Foundation
Differential revision: https://reviews.freebsd.org/D50696
Switch all instances of the -isoC-2024 macro to -isoC-2023 selected by
upstream. Keep -isoC-2024 defined, but deprecated, for backwards compat.
MFC after: 3 days (I will resolve merge conflicts with cdefs)
Provide a clock through clock_gettime() that returns the current TAI
time (UTC without leap seconds) as a complement to CLOCK_REALTIME. This
provides compatibility with Linux, which also provides a CLOCK_TAI since
kernel 2.6.26, and this seems to be becoming the standard way to acquire
TAI time. Unlike Linux, this code will return EINVAL if the TAI offset
(set by ntpd, ptpd, etc.) is not known since it seems pathological for
CLOCK_TAI to silently give the wrong (UTC) time if the offset is not
known as it does on Linux.
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D46268
The get{addr,name}info(3) API is designed to return an API-specific error
code that is independent of errno. The cap_get{addr,name}info() functions
returned either an errno or API-specific error code inconsistently.
This change fixes this mismatch.
When the API returns an errno, the return value itself is set to
EAI_SYSTEM and errno is set depending on the actual error. So, usually
this API is called in the following form:
error = getnameinfo(...);
if (error == EAI_SYSTEM)
perror("getnameinfo");
else if (error)
errx(1, "getnameinfo: %s", gai_strerror(error);
If the above getnameinfo() call is replaced with cap_getnameinfo(),
it breaks the error handling. For example, the cap_get{addr,name}info()
functions can return ENOTCAPABLE.
This change simply adds "errno", in addition to "error", to the nvlout and
cap_get{addr,name}info() restores the errno if the error code is EAI_SYSTEM.
Reviewed by: oshogbo
Differential Revision: https://reviews.freebsd.org/D45859
cap_net.h uses "#define cap_f(chan, a) f(a)" to call the conventional
service function with the first argument of cap_f() dropped for
compatibility with the environment where the casper service is
unavailable. However, this function-like macro does not work when the
arguments contains C99 compound literals, such as f(chan, (int[]){1,2,3}).
The following is a typical example:
error = cap_getaddrinfo(capnet, "192.168.0.1", "100",
&(struct addrinfo){
.ai_family = AF_INET,
.ai_flags = AI_NUMERICHOST
}, &res);
Using cap_f(chan, ...) and __VA_ARGS__ in C99 seems a reasonable solution
for this problem. While there is a workaround using parenthesis around
the compound literal like f(chan, ((int[]){1,2,3})), it is not intuitive
and the above example works when the cap_net is available and f() is
defined as a function.
A possible moot point is that __VA_ARGS__ cannot control how many
arguments are passed at the macro level, and "chan" is not protected.
However, "chan" is less likely to be written in compound literal, and
the function prototype should check the remaining arguments.
Reviewed by: oshogbo
Differential Revision: https://reviews.freebsd.org/D45858
Newer versions of drivers such as libwacom (graphics tablets) or
libfprint (fingerprint scanners) call g_usb_device_get_parent. This in
turn calls libusb_get_parent on platforms which implement it, and
returns NULL on platforms that don't. This patch implements this
function on FreeBSD.
Reviewed by: bapt, kevans
Differential Revision: https://reviews.freebsd.org/D46992
These headers relied in __BEGIN_DECS/__END_DECLS being defined when
sys/_types.h was included, but there's not a requirement that this be
the case.
Reviewed by: imp
Exp-run by: antoine (PR 286274)
Pull Request: https://github.com/freebsd/freebsd-src/pull/1595
