When syncookies are in adaptive mode they may be active or inactive.
Expose this status to users.
Suggested by: Guido van Rooij
Sponsored by: Rubicon Communications, LLC ("Netgate")
It is called only from tcp_input() and always has valid parameter.
Reviewed by: rscheff, tuexen
Differential revision: https://reviews.freebsd.org/D37115
The suppresion was added in 5f311da2cc with no explanation in the
commit message of the exact problem that was fixed. In the BSDCan
2006 talk [1], slides 12 to 14, we can find that it seems that there
was some problem with the TIME_WAIT state not properly being handled
on the remote side (also FreeBSD!), and this switching off the
suppression had hidden the problem. The rationale of the change was
that other stacks may also be buggy wrt the TIME_WAIT.
I did not find the actual problem in TIME_WAIT that the suppression
has hidden, neither a commit that would fix it. However, since that
time we started to handle SYNs with RFC5961 instead of RFC793, see
3220a2121c. We also now have the tcp-testsuite [2], that has full
coverage of all possible scenarios of receiving SYN in TIME_WAIT.
This effectively reverts 5f311da2cc
and 6ee79c59d2.
[1] https://www.bsdcan.org/2006/papers/ImprovingTCPIP.pdf
[2] https://github.com/freebsd-net/tcp-testsuite
Reviewed by: rscheff
Discussed with: rscheff, rrs, tuexen
Differential revision: https://reviews.freebsd.org/D37042
The assertion was incorrectly removed in 0d7445193a. The leak of
a TIME-WAIT state into tfb_do_segment_nounlock method was fixed in
31bc602ff8. The TIME-WAIT connections are processed by the main
tcp_input() always.
This matches other mktemp implementations, including OpenBSD and GNU.
The -p option can be used to provide a tmpdir prefix for specified
templates. Precedence works out like so:
-t flag:
- $TMPDIR
- -p directory
- /tmp
Implied -t flag (no arguments or only -d flag):
- -p directory
- $TMPDIR
- /tmp
Some tests have been added for mktemp(1) in the process.
Reviewed by: imp (earlier version), wosch
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D37121
GNU maketemp has long options for -d, -q, and -u, so let's add these
now for compatibility.
Reviewed by: emaste, imp, wosch
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D37120
Add a -v flag for ls which sorts entries following a natural ordering
using strverscmp(3) (e.g. "bloem1 bloem9 bloem10" as opposed to
"bloem1 bloem10 bloem9").
Update the manual page and add a test case.
Reviewed by: pauamma, bcr
Tested by: pstef
Differential Revision: https://reviews.freebsd.org/D36407
The fasttrap pid provider has been in place for a long time, but stopped
getting built by efe88d92da in preparation for 64-bit atomics. 32-bit
emulation of 64-bit atomics was added in 9aafc7c05.
MFC after: 3 weeks
'newpc' needs set in the "common" case. With this, the trivial test
$ dtrace -n 'pid$target:libc:strlen:entry { trace(timestamp); }' -p
<pid>
now works.
MFC after: 3 weeks
Summary:
The current OFED code allows binding server to IPv6 address. It was added back in 91fc39561d
Sponsored by: Intel Corporation
MFC after: 3 days
Reviewers: hselasky
Subscribers: imp
Differential Revision: https://reviews.freebsd.org/D37196
- add a SPDX-License-Identifier
- rename the title of the man page
- use better grammar in some places
- reword 'IPs' to 'IP addresses'
- add a missing word in the AUTHORS section
- use '.An -nosplit' in the AUTHORS section
- Xr ipsec and ovpn
Reviewed by: pauamma, mhorne
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D37205
The most accurate information I have found is that
tee(1) first appeared in Version 7 AT&T UNIX.
Reviewed by: pauamma
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D37206
phantom@'s HDD crashed with the final version of strfmon.c, as explained
in 9d430a5991.
Now there are tests in place that cover these code paths.
Reviewed by: kib
PR: 267410
Github PR: #620
MFC after: 1 week
strfmon_l does not take fully into consideration the explicitly passed
locale to perform the formatting.
Parallel universe bug report: https://sourceware.org/bugzilla/show_bug.cgi?id=19633
Obtained from: Darwin
Reviewed by: kib
PR: 267410
Github PR: #620
MFC after: 1 week
Attempt to test the correctness of strfmon_l(3).
Items marked with XXX represent an invalid output.
Obtained from: e7eba0044f
Reviewed by: kib
PR: 267410
Github PR: #620
MFC after: 1 week
Otherwise strfmon(3) could overflow the buffer.
Here is mostly done for correctness and illustrative purposes, as there
is no chance it could actually happen.
Reviewed by: kib
PR: 267410
Github PR: #620
MFC after: 1 week
Assertions suggest that the loop in iommu_gas_fini_domain is executed
zero times, so remove it.
Reviewed by: alc, kib
MFC after: 3 weeks
Differential Revision: https://reviews.freebsd.org/D37204
MODULES_OVERRIDE has traditionally taken precedence over EXTRA_MODULES
and WITHOUT_MODULES as the exact list of modules to build. Over time,
things have been added that has broken this. Move the .endif that makes
this the case to the right place. The so called 'ALL_MODULES' option is
the only thing with higher precedence, but it's not quite all the
options anymore (though it is much more of them, and doesn't quite
work on !x86).
Sponsored by: Netflix
Make the dtb/dtbo files with less noise. Remove echo statements, but add
back the call for the non-meta builds to replace the removed noise.
Suggetions by: jrtc27
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D37073
Since metamode just announces what it's doing, the extra -- xxx -- lines
aren't needed for recursive descent, nor are the ==> lines needed. This
speeds up rebuilding kernels a lot...
Sponsored by: Netflix
Reviewed by: sjg, bdrewery
Differential Revision: https://reviews.freebsd.org/D37071
The previous commit added references to to the syscallnames arrays, but
failed to add the relevant source files to the module build. Thus, the
modules failed to load due to missing symbols.
Reported by: cy
Fixes: 1da65dcb1c ("linux: populate sv_syscallnames in each sysentvec")
Sponsored by: The FreeBSD Foundation
Sort the entries alphabetically, and list them with one entry per line.
This makes the diffs much cleaner when adding or removing a new entry,
as I will do in the next commit.
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Wake On LAN packets sent by wake(8) via BPF are lost if txcsum is
enabled. These fall into the "other protocol" case where gen_parse_tx
did nothing. Add code to shift up to gen_tx_hdr_min bytes of the
packet along with the Ethernet header in this case.
Maintain a pointer to an element in the domain map that is left of any
sufficiently large free gap in the tree and start the search for free
space there, rather than at the root of the tree. On find_space, move
that pointer to the leftmost leaf in the subtree of nodes with
free_down greater than or equal to the minimum allocation size before
starting the search for space from that pointer. On removal of a node
with address less than that pointer, update that pointer to point to
the predecessor or successor of the removed node.
In experiments with netperf streaming, this reduces by about 40% the
number of map entries examined in first-fit allocation.
Reviewed by: alc, kib
MFC after: 3 weeks
Differential Revision: https://reviews.freebsd.org/D36624
744bfb2131 ("Import the WireGuard driver from zx2c4.com") re-imported
the WireGuard driver with the intention that wg(8) will be used to
manage WireGuard interfaces, as on other platforms, now that wg(8) has
been dual-licensed MIT specifically to allow our use in base (thanks!).
This is a copy of wireguard-tools/src, with files that we don't need
.gitignore'd out to make it more clear that we're only building files
that are either MIT or dual-licensed MIT. We may go with a different
structure later (e.g., if we end up needing to include outside of src/),
but an upstream restructure seems unlikely in the foreseeable future.
Some architectures will pretty-print a system call trap in the
backtrace. Rather than printing the symbol, use the syscallname()
function to pull the string from the sv_syscallnames array corresponding
to the process. This simplifies the function somewhat.
Mostly, this will result in dropping the "sys" prefix, e.g. "sys_exit"
will now be printed simply as "exit".
Make two minor tweaks to the function signature: use a u_int for the
syscall number since this is a more correct type (see the 'code' member
of struct syscall_args), and make the thread pointer the first argument.
The latter is more natural and conventional.
Suggested by: jrtc27
Reviewed by: jrtc27, markj, jhb
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D37200
This allows the syscallname() function to give a usable result for Linux
ABIs.
Reported by: jrtc27
Reviewed by: jrtc27, markj, jhb
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D37199
