When we introduced libpfctl in bnsmpd this was done incorrectly, and a
GETRULE call was replaced by pfctl_add_rule().
Change it to pfctl_get_rule().
Reviewed by: donner
MFC after: 3 days
Sponsored by: Rubicon Communications, LLC ("Netgate")
Do not assume that the kernel boot time is invariant. It is not. FreeBSD
uses the formula:
wall_time = boot_time + uptime
where uptime is monotinically increasing and boot_time is adjusted to
get the proper time of day. FreeBSD offers a way to retrieve the uptime
directly, so use that instead of trying to compute it by subtracting
boot_time from wall_time.
Sponsored by: Netflix
Reviewed by: cy@
Differential Revision: https://reviews.freebsd.org/D30114
Allow up to 5 labels to be set on each rule.
This offers more flexibility in using labels. For example, it replaces
the customer 'schedule' keyword used by pfSense to terminate states
according to a schedule.
Reviewed by: glebius
MFC after: 2 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D29936
Stop using the kernel's struct pf_rule, switch to libpfctl's pfctl_rule.
Now that we use nvlists to communicate with the kernel these structures
can be fully decoupled.
Reviewed by: glebius
MFC after: 4 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D29644
usr.sbin/bsnmpd/modules/snmp_pf/pf_snmp.c:1661:4: error: misleading indentation; statement is not part of the previous 'else' [-Werror,-Wmisleading-indentation]
return (-1);
^
usr.sbin/bsnmpd/modules/snmp_pf/pf_snmp.c:1658:5: note: previous statement is here
} else
^
The intent was to group the return statement with the previous syslog()
call.
MFC after: 3 days
usr.sbin/bsnmpd/modules/snmp_bridge/bridge_port.c:1235:43: error: overlapping comparisons always evaluate to true [-Werror,-Wtautological-overlap-compare]
begemotBridgeStpPortEnable_enabled ||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~
Work around it by casting the enum values to the type of val->v.integer.
MFC after: 3 days
Update a bunch of Makefile.depend files as
a result of adding Makefile.depend.options files
Reviewed by: bdrewery
MFC after: 1 week
Sponsored by: Juniper Networks
Differential Revision: https://reviews.freebsd.org/D22494
bsnmpd(1) main does that early on init and the connection is available
to all loaded modules
Event: Vienna Hackathon 2019
PR: 233431 , 221487
MFC after: 2 weeks
2^32 bps or greater to be used. Prior to this, bandwidth parameters
would simply wrap at the 2^32 boundary. The computations in the HFSC
scheduler and token bucket regulator have been modified to operate
correctly up to at least 100 Gbps. No other algorithms have been
examined or modified for correct operation above 2^32 bps (some may
have existing computation resolution or overflow issues at rates below
that threshold). pfctl(8) will now limit non-HFSC bandwidth
parameters to 2^32 - 1 before passing them to the kernel.
The extensions to the pf(4) ioctl interface have been made in a
backwards-compatible way by versioning affected data structures,
supporting all versions in the kernel, and implementing macros that
will cause existing code that consumes that interface to use version 0
without source modifications. If version 0 consumers of the interface
are used against a new kernel that has had bandwidth parameters of
2^32 or greater configured by updated tools, such bandwidth parameters
will be reported as 2^32 - 1 bps by those old consumers.
All in-tree consumers of the pf(4) interface have been updated. To
update out-of-tree consumers to the latest version of the interface,
define PFIOC_USE_LATEST ahead of any includes and use the code of
pfctl(8) as a guide for the ioctls of interest.
PR: 211730
Reviewed by: jmallett, kp, loos
MFC after: 2 weeks
Relnotes: yes
Sponsored by: RG Nets
Differential Revision: https://reviews.freebsd.org/D16782
For developers gensnmptree can now generate functions for enums to convert
between enums and strings and to check the validity of a value.
The sources in FreeBSD are now in sync with the upstream which allows to
bring in IPv6 modifications.
Mainly focus on files that use BSD 2-Clause license, however the tool I
was using misidentified many licenses so this was mostly a manual - error
prone - task.
The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.
No functional change intended.
patm(4) devices.
Maintaining an address family and framework has real costs when we make
infrastructure improvements. In the case of NATM we support no devices
manufactured in the last 20 years and some will not even work in modern
motherboards (some newer devices that patm(4) could be updated to
support apparently exist, but we do not currently have support).
With this change, support remains for some netgraph modules that don't
require NATM support code. It is unclear if all these should remain,
though ng_atmllc certainly stands alone.
Note well: FreeBSD 11 supports NATM and will continue to do so until at
least September 30, 2021. Improvements to the code in FreeBSD 11 are
certainly welcome.
Reviewed by: philip
Approved by: harti
This change also documents the modification harti made to a handful of
objects in r122758 (the max OCTET STRING width was increased from 15 to
31 octets)
MFC after: 1 week
- Mark the smilint target .PHONY so it's always executed when requested
- Leverage .PATH for BMIBS instead of spelling the path out longhand
for them
MFC after: 1 week
This is being done to reduce wasted space, simplify complexity in
the code, and to quell a Coverity warning about buffer overruns.
warning about buffer overruns.
MFC after: 1 week
Reported by: Coverity
CID: 1006736
build can break when different source files create the same target
files (case-insensitivity speaking). This is the case for object
files compiled with -fpic and shared libraries. The former uses
an extension of ".So", and the latter an extension ".so". Rename
shared object files from *.So to *.pico to match what NetBSD does.
See also r305855
MFC after: 1 month
Sponsored by: Bracket Computing
Differential Revision: https://reviews.freebsd.org/D7906
These are no longer needed after the recent 'beforebuild: depend' changes
and hooking DIRDEPS_BUILD into a subset of FAST_DEPEND which supports
skipping 'make depend'.
Sponsored by: EMC / Isilon Storage Division
