The AccECN handshake and TCP header flags are supported,
no support yet for the AccECN option. This minimalistic
implementation is sufficient to support DCTCP while
dramatically cutting the number of ACKs, and provide ECN
response from the receiver to the CC modules.
Reviewed By: #transport, #manpages, rrs, pauamma
Sponsored by: NetApp, Inc.
Differential Revision: https://reviews.freebsd.org/D21011
Here go cons of using inpcb for divert:
- divert(4) uses only 16 bits (local port) out of struct inpcb,
which is 424 bytes today.
- The inpcb KPI isn't able to provide hashing for divert(4),
thus it uses global inpcb list for lookups.
- divert(4) uses INET-specific part of the KPI, making INET
a requirement for IPDIVERT.
Maintain our own very simple hash lookup database instead. It
has mutex protection for write and epoch protection for lookups.
Since now so->so_pcb no longer points to struct inpcb, don't
initialize protosw methods to methods that belong to PF_INET.
Also, drop support for setting options on a divert socket. My
review of software in base and ports confirms that this has no
use and unlikely worked before.
Differential revision: https://reviews.freebsd.org/D36382
The divert(4) is not a protocol of IPv4. It is a socket to
intercept packets from ipfw(4) to userland and re-inject them
back. It can divert and re-inject IPv4 and IPv6 packets today,
but potentially it is not limited to these two protocols. The
IPPROTO_DIVERT does not belong to known IP protocols, it
doesn't even fit into u_char. I guess, the implementation of
divert(4) was done the way it is done basically because it was
easier to do it this way, back when protocols for sockets were
intertwined with IP protocols and domains were statically
compiled in.
Moving divert(4) out of inetsw accomplished two important things:
1) IPDIVERT is getting much closer to be not dependent on INET.
This will be finalized in following changes.
2) Now divert socket no longer aliases with raw IPv4 socket.
Domain/proto selection code won't need a hack for SOCK_RAW and
multiple entries in inetsw implementing different flavors of
raw socket can merge into one without requirement of raw IPv4
being the last member of dom_protosw.
Differential revision: https://reviews.freebsd.org/D36379
None of tools working with login classes change umask(1)
and we had no ways to specify non-default umask for a service
not touching its startup script. This change makes in possible.
Some file-sharing services that create new files may benefit from it.
Differential: https://reviews.freebsd.org/D36309
MFC-after: 3 days
The default ones are install them to /usr/libdata/pkgconfig, and we can't
use this path for compat libraries, so we use /usr/lib<suffix>/pkgconfigi here.
Test Plan: grep -rn libdir= ./usr/lib32/pkgconfig/*.pc
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D34939
In collaboration with: dougm
Reviewed by: alc
Sponsored by: The FreeBSD Foundation (kib)
MFC after: 3 days
Differential revision: https://reviews.freebsd.org/D36001
For an augmented rb_tree, allow a faster alternative to removing an
element from the tree, tweaking it slightly, and inserting it back
into the tree, knowing that its relative position in the tree is
unchanged. Instead, just change the element and invoke
RB_UPDATE_AUGMENT to fix the augmentation data for all the nodes in
the tree.
Reviewed by: kib
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D36010
Add some of the missing sysctls to tcp.4, using references to other
man pages where they exist. Added sysctls include recvbuf and sendbuf
controls for automatic buffer sizing. Updated recvspace and sendspace.
Add sysctl.8 to "see also" and intro to variable section. Rename
"MIB Variables" section to "MIB (sysctl) Variables", as most people
will associate with sysctl.
Reviewed by: manpages(pauamma), tuexen
Differential Revision: https://reviews.freebsd.org/D36004
Add missing sysctls to inet.4 and icmp.4, using references to ip.4
for variables and groups documented there. Add sysctl.8 to "see also"
and intro to variable section. Rename "MIB Variables" section to
"MIB (sysctl) Variables", as most people will associate with sysctl.
Revise history: the ICMP implementation was in 4.2BSD.
Reviewed by: manpages(pauamma)
Differential Revision: https://reviews.freebsd.org/D36003
The option was originally added in r313524, but with incomplete
documentation.
MFC after: 1 week
Reviewed by: karels, gbe (manpages)
Differential Revision: https://reviews.freebsd.org/D35890
Look in _LIB_OBJTOP for all static libraries not just INTERNALLIBs. In
normal operation this is a no-op, but improves the consistency of this
file.
Reviewed by: imp, jhb
Obtained from: CheriBSD
Differential Revision: https://reviews.freebsd.org/D35822
Declarations of variables must be placed before the statements of a
block, by convention. Use 'must' instead of 'may' here and clarify
langauge.
Sponsored by: Netflix
Reviewed by: pstef, rpokala, hselasky
Differential Revision: https://reviews.freebsd.org/D35959
K&R function definitions will soon be obsolete. Work has been underway
to remove all K&R function definitions from the tree for a while now. A
future C version will remove this construct from the language. So
strengthen existing statements about K&R function definitions and
declarations.
While here, remove __P macro reference. It's not been in active use for
almost two decades apart from legacy contrib code.
Sponsored by: Netflix
Reviewed by: pauamma, rpokala, hselasky, kp, brooks, markm, emaste
Differential Revision: https://reviews.freebsd.org/D35945
QAT in-tree driver ported from out-of-tree release available
from 01.org.
The driver exposes complete cryptography and data compression
API in the kernel and integrates with Open Crypto Framework.
Details of supported operations, devices and usage can be found
in man and on 01.org.
Patch co-authored by: Krzysztof Zdziarski <krzysztofx.zdziarski@intel.com>
Patch co-authored by: Michal Jaraczewski <michalx.jaraczewski@intel.com>
Patch co-authored by: Michal Gulbicki <michalx.gulbicki@intel.com>
Patch co-authored by: Julian Grajkowski <julianx.grajkowski@intel.com>
Patch co-authored by: Piotr Kasierski <piotrx.kasierski@intel.com>
Patch co-authored by: Adam Czupryna <adamx.czupryna@intel.com>
Patch co-authored by: Konrad Zelazny <konradx.zelazny@intel.com>
Patch co-authored by: Katarzyna Rucinska <katarzynax.kargol@intel.com>
Patch co-authored by: Lukasz Kolodzinski <lukaszx.kolodzinski@intel.com>
Patch co-authored by: Zbigniew Jedlinski <zbigniewx.jedlinski@intel.com>
Reviewed by: markj, jhb (OCF integration)
Reviewed by: debdrup, pauamma (docs)
Sponsored by: Intel Corporation
Differential Revision: https://reviews.freebsd.org/D34632
A replacement QAT driver will be imported, but this replacement does not
support Atom C2xxx hardware. So, the existing driver will be kept
around to provide opencrypto offload support for those chipsets.
Reviewed by: pauamma, emaste
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D35817
ELFCOMPRESS_ZSTD indicates that an ELF section is compressed with zstd.
It is the second compression type, after the existing ELFCOMPRESS_ZLIB.
Zstd generally provides a compelling tradeoff of speed and compression
(other algorithms may compress slightly better but take a lot longer,
or run faster but do not compress nearly as well).
See https://groups.google.com/g/generic-abi/c/satyPkuMisk for details.
ELFCOMPRESS_ZSTD will be supported in a future Clang/LLVM update. ELF
Tool Chain tools also need updating.
Reviewed by: Fangrui Song
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
EMDEDDEDPORTS does not contain devel/subversion anymore.
Fixes: a03128832c In extra_chroot_setup(), use 'uname -U' to determine OSVERSION.
MFC after: 1 week
In preparation for updates including missing variables, sort the
sysctl variables in the MIB variables section alphabetically.
Add a new "hostcache" entry for the hostcache node, containing the
intro text that was previously in hostcache.enable. Also cleanups
per review comments.
Reviewed by: transport(tuexen), manpages(bcr)
Differential Revision: https://reviews.freebsd.org/D35844
MFC after: 1 week
(cherry picked from commit 5cf709ce72c0b6eb4b4d57db015a65f8a84166d5)
Sort the sysctl(3)/sysctl(8) variables in the MIB Variables section
alphabetically. This is in preparation for adding missing variables
(at least in inet.4 and icmp.4). A few other touchups suggested in
review.
Reviewed by: bcr
Differential Revision: https://reviews.freebsd.org/D35843
MFC after: 1 week
(cherry picked from commit 3b656d465127de066511b6ffd02fb9fef85c7a53)
Generally, access to the kernel debugger is considered to be unsafe from
a security perspective since it presents an unrestricted interface to
inspect or modify the system state, including sensitive data such as
signing keys.
However, having some access to debugger functionality on production
systems may be useful in determining the cause of a panic or hang.
Therefore, it is desirable to have an optional policy which allows
limited use of ddb(4) while disabling the functionality which could
reveal system secrets.
This loadable MAC module allows for the use of some ddb(4) commands
while preventing the execution of others. The commands have been broadly
grouped into three categories:
- Those which are 'safe' and will not emit sensitive data (e.g. trace).
Generally, these commands are deterministic and don't accept
arguments.
- Those which are definitively unsafe (e.g. examine <addr>, search
<addr> <value>)
- Commands which may be safe to execute depending on the arguments
provided (e.g. show thread <addr>).
Safe commands have been flagged as such with the DB_CMD_MEMSAFE flag.
Commands requiring extra validation can provide a function to do so.
For example, 'show thread <addr>' can be used as long as addr can be
checked against the system's list of process structures.
The policy also prevents debugger backends other than ddb(4) from
executing, for example gdb(4).
Reviewed by: markj, pauamma_gundo.com (manpages)
Sponsored by: Juniper Networks, Inc.
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D35371
