Change the default for net.link.bridge.pfil_member and
net.link.bridge.pfil_bridge to zero.
That is, default to not calling layer 3 firewalls on the bridge or its
member interfaces.
With either of these enabled the bridge will, during L2 processing,
remove the Ethernet header from packets, feed them to L3 firewalls,
re-add the Ethernet header and send them out.
Not only does this interact very poorly with firewalls which defer
packets, or reassemble and refragment IPv6, it also causes considerable
confusion for users, because the firewall gets called in unexpected
ways.
For example, a bridge which contains a bhyve tap and the host's LAN
interface. We'd expect traffic between the LAN and bhyve VM to pass, no
matter what (layer 3) firewall rules are set on the host. That's not the
case as long as pfil_bridge or pfil_member are set.
Reviewed by: Zhenlei Huang
MFC: never
Differential Revision: https://reviews.freebsd.org/D37009
Allow the choice between asynchronous and synchronous netisr and crypto
calls. These have performance implications, but depend on the specific
setup and OCF back-end.
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D37017
Add a macro to each implemented mac80211 operation. This currently
turns into a printf if LINUXKPI_80211_DEBUG is defined but in the
future could become a different probe as well.
This is helpful for quick analysis and boot-time problem debugging
when DTrace and other frameworks may be harder to use.
Sponsored by: The FreeBSD Foundation
MFC after: 3 days
In case of device reset or not configured - features_negotiated is not
set, calling calling pci_vtnet_neg_features is wrong and resume gets
"Segmentation fault".
Reviewed by: markj
Sponsored by: vStack
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D36244
- Qualify unexported symbols with "static".
- Drop some unnecessary and incorrect casts.
- Avoid arithmetic on void pointers.
- Avoid signed/unsigned comparisons in loops which use nitems() as a
bound.
No functional change intended.
MFC after: 1 week
- Include headers containing prototypes for exported functions.
- Initialize all fields of the extended translation table.
- Qualify an unexported translation table as static.
- Fix error handling for a read(2).
- Fix some style bugs.
No functional change intended.
MFC after: 1 week
List of changes:
- Use integer multiplication instead of long multiplication, because the result is an integer.
- Remove multiple if-statements and predict new if-statements.
- Rename local variable name, "ticks" into "retval" to avoid shadowing
the system "ticks" global variable.
Reviewed by: kib@ and imp@
MFC after: 1 week
Sponsored by: NVIDIA Networking
Differential Revision: https://reviews.freebsd.org/D36859
When I refactored everything, I neglected to pass in the proper is64
value on 32-bit platforms. This corrects that. This prevented armv7 and
armv6 platforms from booting due to misaligned data in the kernel. The
only platform we support 32-bit booting in armv[67], which I apparently
neglected to test before commiting my refactoring.
Tested by: skibo
Fixes: 5d1531d9d4
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D37095
We assume in all the code that a DEVT_DISK uses common/disk.c and/or
common/part.c and we can access a struct disk_devdesc. hostdisk.c
opens raw devices directly, so has no such structures. Define a
kboot-specific DEVT_HOSTDISK and use that instead.
In addition, disk_fmtdev assumes it is working with a struct
disk_devdesc, so write hostdisk_fmtdev as well.
Sponsored by: Netflix
Add new fields (also have to move a struct up, no changes there)
in order to make iwlwifi debugfs support compile.
Sposnored by: The FreeBSD Foundation
MFC after: 3 days
Import two files left out initially from the driver needed for debugfs
support [1]. Adjust the driver further to make it compile on FreeBSD.
This is currently turned off and needs more LinuxKPI/lindebugfs work.
Being in the tree will allow us to collaboratively work on it and
then we can enable it for good.
Obtained from: Linux wireless-testing (tag: wt-2022-10-19) [1]
2c9078b9abcb884e27360340aaa7dfd4c0de29b3
Sponsored by: The FreeBSD Foundation
MFC after: 3 days
When bus_dmamap_create is called, if bouncing might be required we
reserve enough pages for a maximum-length request, subject to the
MAX_BPAGES constraint (32 MB on amd64; 32 MB or 2 MB on i386
depending on the amount of RAM).
Since pages used for bouncing are typically non-consecutive, each
bounced page will typically constitute a busdma segment; as such, we
are unlikely to ever successfully use more pages than the nsegments
limit. Limit the number of pages reserved to nsegments.
On FreeBSD/Firecracker, this reduces bounce page memory consumption
from 32 MB to 512 kB, making VMs with 128 MB of RAM usable.
Reviewed by: imp, mav
Sponsored by: https://www.patreon.com/cperciva
Differential Revision: https://reviews.freebsd.org/D37082
If the admin creates more CTL ports than kern.cam.ctl.max_ports, then
adding some will fail. If he then removes some ports and does
"service ctld reload", he would expect that the new ports would get
added in the newly-freed port space. But they don't, because ctld
assigned them port numbers during their first creation attempts.
Fix this bug by removing newly created ports from ctld's internal list
if the kernel rejects them for any reason. That way, a subsequent
config reload will attempt to add them again, possibly with new port
numbers.
MFC after: 2 weeks
Sponsored by: Axcient
Reviewed by: jhb, mav
Differential Revision: https://reviews.freebsd.org/D36974
If the DIOCGMEDIASIZE ioctl fails, assume the disk doesn't have geli
encryption. While all disks should implement this, fail safe for disks /
partitions that do not.
Sponsored by: Netflix
The size of the journaled soft-updates journal should be big enough
to hold two minutes of filesystem metadata-update activity. The
maximum size of the soft updates journal was set in the 1990s. At
the time it was assummed that disk arrays would top out at 16 drives
and disk writes per drive would top out at 500 per second. Today's
I/O subsystems are considerably bigger and faster than those limits.
Thus this delta removes the hard upper limit and lets tunefs(8) and
newfs(8) set the upper bound based on the size of the filesystem and
its cylinder groups.
Sponsored by: The FreeBSD Foundation
Add a descrition to the newfs(8) -j (journal enablement) flag
that explains what soft updates journaling does, the tradeoffs
to using it, and the limitations that it imposes. Copied from
the description in tunefs(8).
PR: 261944
Sponsored by: The FreeBSD Foundation
This is the second part of the ARM64 Hyper-V enablement.
These changes here are mostly with Make, release changes and also
changes required in vmbus.c hyperv.c and common files in hyperv.
Reviewed by: whu
Tested by: Souradeep Chakrabarti <schakrabarti@microsoft.com>
Sponsored by: Microsoft
Differential Revision: https://reviews.freebsd.org/D36467
In ARM64 gen2 Hyper-V, use IRQ resource from vmbus_res, which is owning
the IRQ for current device tree. It allows the MMIO resource to be
successfully allocated for vmbus from parent acpi_syscontainer.
Reviewed by: whu
Tested by: Souradeep Chakrabarti <schakrabarti@microsoft.com>
Sponsored by: Microsoft
Differential Revision: https://reviews.freebsd.org/D37064
tcp_respond is another function to build a tcp control packet
quickly. With ECN++ and AccECN, both the IP ECN header, and
the TCP ECN flags are supposed to reflect the correct state.
Also ensure that on receiving multiple ECN SYN-ACKs, the
responses triggered will reflect the latest state.
Reviewed By: tuexen, #transport
Sponsored by: NetApp, Inc.
Differential Revision: https://reviews.freebsd.org/D36973
These are needed for the 'cpu ARM64' and 'cpu RISCV' options in these
architecture's config files. cpu lines are non-optional in config(8), so
we must define them here. There's no other use for them in the tree.
Sponsored by: Netflix
Cleanup another remnant of the armv4/armv5 support. Now that we always
define armv6 or armv7, these lines can be deleted (execpt hwpmc_armv7.c
which now needs just one line). Since we don't do anything different
between armv6 and armv7 from a config file selection point of view,
delete them from options.arm. We are extremely unlikely to grow anything
new here during the remaining lifetime of 32-bit arm in FreeBSD.
Sponsored by: Netflix
Reviewed by: kevans, andrew
Differential Revision: https://reviews.freebsd.org/D37069
It requires the addend. In practice this doesn't seem to be a problem,
since relocations of this type are all with an addend of zero.
Obviously, we still want to handle this correctly if that ever changes.
Reviewed by: markj
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D37039
