This means INET and DEBUGNET in addition to NETDUMP.
Reviewed by: pauamma, markj
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D37331
The man page claims that netgdb will be enabled automatically with the
presence of the DDB, GDB, and INET options. Based on the logic in
conf/files, this is not the case. Update the manpage to list all
of the options required to include netgdb.
Reviewed by: pauamma, markj
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D37330
mta_start_script is used by /etc/rc.d/othermta which only execute
something if this variable is set to something else than
/etc/rc.sendmail
MFC after: 1 week
This adds the capability for a modular congestion control
to select which variant of ECN-capable-transport it wants to use
when sending out elegible segments. As an initial CC to utilize
this, DCTCP was selected.
Event: IETF 115 Hackathon
Reviewed By: tuexen, #transport
Sponsored by: NetApp, Inc.
Differential Revision: https://reviews.freebsd.org/D24869
If this if_re(4) is causing problems then an updated driver from
the vendor can be found in the ports tree under net/realtek-re-kmod.
Reviewed by: debdrup, koobs, emaste
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D33677
- add a manual page for tcp_rack(4)
- link it in the tcp(4) and tcp_bbr(4) man pages
- hook it up to build in the Makefile
Reviewed by: pauamma
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D37209
In case local-unbound(8) fails for some reason, it could be useful
to have a basic resolv.conf(5) example in the manual page.
Reviewed by: karels, pauamma
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D37183
It's still relatively uncommon to see C11 '<threads.h>' being used,
but it's worth documenting, especially since FreeBSD requires a
different library for C11 threads compared to glibc (part of '-lpthread')
or musl libc (included by default).
PR: 267551
Submitted by: Alois Klink <alois plus freebsd at aloisklink dot com>
Reviewed by: pauamma
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D37284
If a zpool is created by makefs(8), its version is 5000, i.e., all
feature flags are off. Introduce an rc script to run `zpool upgrade`
over the assigned zpools on the first boot. This is useful to the
ZFS based VM images built from release(7).
Reviewed by: imp, markj, mav
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D37282
Allow pf (l2) to be used to redirect ethernet packets to a different
interface.
The intended use case is to send 802.1x challenges out to a side
interface, to enable AT&T links to function with pfSense as a gateway,
rather than the AT&T provided hardware.
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D37193
The layout of the source tree is now only described in README.md. Retain
the cross-reference to hier(7) in SEE ALSO; it is still useful to
readers.
Reviewed by: imp, emaste
MFC after: 1 month
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D37136
It poses a maintenance burden, since much of the information is
duplicated in the src tree's README.md file. Readers who are interested
enough in learning about the structure of the src tree can download it,
or browse the README online. Have hier(7) just point them there instead.
PR: 261349
Discussed with: freebsd-arch@, freebsd-doc@ lists
Reviewed by: imp, emaste
MFC after: 1 month
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D37135
The suppresion was added in 5f311da2cc with no explanation in the
commit message of the exact problem that was fixed. In the BSDCan
2006 talk [1], slides 12 to 14, we can find that it seems that there
was some problem with the TIME_WAIT state not properly being handled
on the remote side (also FreeBSD!), and this switching off the
suppression had hidden the problem. The rationale of the change was
that other stacks may also be buggy wrt the TIME_WAIT.
I did not find the actual problem in TIME_WAIT that the suppression
has hidden, neither a commit that would fix it. However, since that
time we started to handle SYNs with RFC5961 instead of RFC793, see
3220a2121c. We also now have the tcp-testsuite [2], that has full
coverage of all possible scenarios of receiving SYN in TIME_WAIT.
This effectively reverts 5f311da2cc
and 6ee79c59d2.
[1] https://www.bsdcan.org/2006/papers/ImprovingTCPIP.pdf
[2] https://github.com/freebsd-net/tcp-testsuite
Reviewed by: rscheff
Discussed with: rscheff, rrs, tuexen
Differential revision: https://reviews.freebsd.org/D37042
- add a SPDX-License-Identifier
- rename the title of the man page
- use better grammar in some places
- reword 'IPs' to 'IP addresses'
- add a missing word in the AUTHORS section
- use '.An -nosplit' in the AUTHORS section
- Xr ipsec and ovpn
Reviewed by: pauamma, mhorne
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D37205
Since metamode just announces what it's doing, the extra -- xxx -- lines
aren't needed for recursive descent, nor are the ==> lines needed. This
speeds up rebuilding kernels a lot...
Sponsored by: Netflix
Reviewed by: sjg, bdrewery
Differential Revision: https://reviews.freebsd.org/D37071
The change extends vmimage.subr to handle a new parameter, VMFS, which
should be equal to either "ufs" or "zfs". When it is set to ZFS, we use
makefs to create a bootable pool populated using the same dataset layout
as bsdinstall and "poudriere image" use. The pool can be grown using
the growfs rc.d script, just as in UFS images.
This will make it easy to provide VM and cloud images with ZFS as the
root filesystem. So far I did not do extensive testing of cloud images;
I merely verified that creation of ZFS-based AWS AMIs works and allows
me to create amd64 and arm64 EC2 instances with ZFS as the root
filesystem.
Reviewed by: emaste, gjb
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D34426
This commit brings back the driver from FreeBSD commit
f187d6dfbf plus subsequent fixes from
upstream.
Relative to upstream this commit includes a few other small fixes such
as additional INET and INET6 #ifdef's, #include cleanups, and updates
for recent API changes in main.
Reviewed by: pauamma, gbe, kevans, emaste
Obtained from: git@git.zx2c4.com:wireguard-freebsd @ 3cc22b2
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D36909
This is the last part for ARM64 Hyper-V enablement. This includes
commone files and make file changes to enable the ARM64 FreeBSD
guest on Hyper-V. With this patch, it should be able to build
the ARM64 image and install it on Hyper-V.
Reviewed by: emaste, andrew, whu
Tested by: Souradeep Chakrabarti <schakrabarti@microsoft.com>
Sponsored by: Microsoft
Differential Revision: https://reviews.freebsd.org/D36744
New driver to ACPI generic event device, defined in ACPI spec.
Some ACPI power button may not work without this.
In qemu arm64 with "virt" machine, with ACPI firmware,
enable devd check devd message by
and invoke following command in qemu monitor
(qemu) system_powerdown
and make sure some power button input event appear.
(setting sysctl hw.acpi.power_button_state=S5 is not work,
because ACPI tree does not have \_S5 object.)
Reviewed by: andrew, hrs
Differential Revision: https://reviews.freebsd.org/D37032
In kern_sched_setparam(), before setting any parameters, p_cansched() is
called to check that the thread has appropriate privileges.
PR: 175687
Reviewed by: markj
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D37020
This was most likely a copy-paste error.
PR: 262433
MFC after: 3 days
Reported by: Boris Ivanovsky <bivanovsky@gmail.com>
Sponsored by: The FreeBSD Foundation
To reflect my work on the rewrite, which is in-part sponsored by
the FreeBSD Foundation.
I have also included a copyright entry for trhodes@, who wrote the patch
beginning this rewrite in PR 100803.
Reviewed by: imp, jhb, emaste
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D36935
Document new arguments and behaviours for these functions as compared to
the old ithread_* versions.
Reviewed by: pauamma
Input from: jhb
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D33478
The ithread has been subsumed by the 'interrupt event' object, so
update the description to reflect this by describing an interrupt event
and its contents. We've also moved on from having a single handler
function to the split filter-and-handler model. Explain the purpose and
constraints of these two types of handlers.
Reviewed by: jhb, pauamma
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D33477
The public KPI is now intr_event_**,
- Convert existing documented functions to their equivalents.
- Fix up the function arguments
- Fix up the possible error return values for each
- Remove ithread_schedule() completely
- Rename man page to intr_event(9)
- Update cross-references
Future changes will update the descriptive text for these functions.
PR: 100803
Based on work by: trhodes
Reviewed by: jhb
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D33475
Give all documented functions a .Nm entry in the man page, following the
order they are listed in the synopsis. Create MLINKs for each of the
functions as well.
While here, add a missing include directive to the synopsis, and appease
mandoc by wrapping a long line.
Reviewed by: markj, imp (previous version), jhb (previous version)
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D36940
Most of these globals have been removed, save for clk_intr_event. This
one is appropriate to keep in sys/interrupt.h, despite the fact that it
has only one consumer.
Bump .Dd for this and previous changes.
Reviewed by: markj
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D36939
It can be static within uart_tty.c. It is an open question whether there
remains any real benefit to having uart instances share a swi thread.
Reviewed by: imp, markj, jhb
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D36938
From what I can tell, setdelayed() was removed so long ago that its
mention is more likely to be confusing than helpful. We now have a
manpage for hardclock(9), so reference that.
Reviewed by: markj
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D36937
The only remaining user was busdma, and so it was simplified.
Reviewed by: markj, jhb
MFC after: 1 week
Fixes: 254e4e5b77 ("Simplify swi for bus_dma")
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D36936
Otherwise, the man page is not installed. Add appropriate MLINKS.
Reviewed by: manu
MFC after: 3 days
Fixes: 9a4eed0be2 ("ofw_graph: Add functions for graph bindings")
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D36932
This will resolve a reference and return the appropriate handle, a node
on the simplebus or an ACPI_HANDLE for ACPI. For now we do not try to
further abstract the return type.
MFC after: 2 weeks
Reviewed by: mw
Differential Revision: https://reviews.freebsd.org/D36793
Maintaining a comprehensive list of event handlers in this man page is a
futile endeavor. It is entirely detached from the source code, and
therefore requires that anyone adding/removing an event handler have
prior knowledge of the list. Many do not, so it will naturally become
stale (and is).
This is demonstrated by the fact that there are currently 88 instances
of EVENTHANDLER_DECLARE() in the source tree, but the list contains 66
items.
Many of the descriptions do not offer much detail that could not be
gleaned from the handler name alone. It is a more effective strategy to
document the purpose/details of the event handler in a comment alongside
its declaration.
Reviewed by: markj
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D36895
On passive sessions, honor the local settings disabling or
enabling window scaling and timestamp options.
Reviewed By: tuexen, #transport
Sponsored by: NetApp, Inc.
Differential Revision: https://reviews.freebsd.org/D36874
By default all VMD devices remap children MSI/MSI-X interrupts into their
own. It creates additional isolation, but also complicates things due to
sharing, etc. Fortunately some VMD devices can bypass the remapping.
Add tunable to control it for remap testing or if something go wrong.
MFC after: 2 weeks
MACHINE_ABI is a list of properties of the ABI used for MACHINE_ARCH.
It should be used in place of long conditionals on MACHINE_ARCH where
practical.
The following properties are indicated with one of the follow values:
Byte order: big-endian, little-endian
Floating point ABI: soft-float, hard-float
Size of long (size_t, etc): long32, long64
Pointer type: ptr32, ptr64
Size of time_t: time32, time64
For example, i386 targets will be:
MACHINE_ABI= big-endian hard-float long32 ptr32 time32
Reviewed by: imp
Obtained from: CheriBSD
Sponsored by: DARPA, AFRL
Differential Revision: https://reviews.freebsd.org/D36421
Add sysctl/tunable to control Electromechanical Interlock support.
Disable it by default since Linux does not do it either and it seems
the number of systems having it broken is higher than having working.
This fixes NVMe backplane operation on ASUS RS500A-E11-RS12U server
with AMD EPYC 7402 CPU, where attempts to control reported interlock
for some reason end up in PCIe link loss, while interlock status does
not change (it is not really there).
MFC after: 2 weeks
Simple change to allow for the individual toggling of
RFC7323 window scaling and timestamp option.
Reviewed By: rrs, tuexen, glebius, guest-ccui, #transport
Sponsored by: NetApp, Inc.
Differential Revision: https://reviews.freebsd.org/D36863
When the node to insert in the rb_tree is known to precede or follow a
particular node, new methods RB_INSERT_PREV and RB_INSERT_NEXT,
defined here, allow the search for where to insert the new node begin
with that particular node, rather than at the root, to save a bit of
time.
Using those methods, instead of RB_INSERT, in managing a tree in
iommu_gas.c, saves a little time.
Reviewed by: kib
MFC after: 3 weeks
Differential Revision: https://reviews.freebsd.org/D35516
Mostly remove from the SEE ALSO section, adding a mention of the port
where not removed. Elsewhere, remove as appropriate and change from .Xr
to .Nm where a mention of telnetd continues to make sense (or removing
it would require significant reworking of the surrounding text).
Reviewed by: imp, delphij, emaste
Differential Revision: https://reviews.freebsd.org/D36785
Rack has had the ability to timeout connections that just sit idle automatically. This
feature of course is off by default and requires the user set it on (though the socket option
has been missing in tcp_usrreq.c). Lets get the progress timeout fully supported in
the base stack as well as rack.
Reviewed by: tuexen
Sponsored by: Netflix Inc
Differential Revision: https://reviews.freebsd.org/D36716
The /usr/share/zoneinfo/SystemV directory has been empty on FreeBSD
since 2006. The upstream source file was removed in 2020. Also stop
passing yearisdate to zic(8). This has not been necessary for years.
The script has been removed upstream since 2020.
MFC after: 3 days
The maximum CPU number of a cpuset_t is determined by CPU_SETSIZE. In
the kernel this is MAXCPU, but in userspace it is CPU_MAXSIZE unless
CPU_SETSIZE is defined before including sys/_cpuset.h. CPU_MAXSIZE is
256 and in userspace MAXCPU is generally 1 because it being set to a
larger MD value is gated on SMP being defined (not generally the case in
userspace).
Reported by: Nathaniel Wesley Filardo <nwfilardo@gmail.com>
Reviewed by: cem, jhb
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D36679
RB-tree augmentation maintains data in each node of the tree that
represents the product of some associative operator applied to all the
nodes of the subtree rooted at that node. If a node in the tree
changes, augmentation data for the node is updated for that node and
all nodes on the path from that node to the tree root. However,
sometimes, augmenting a node changes no data in that node,
particularly if the associated operation is something involving 'max'
or 'min'. If augmentation changes nothing in a node, then the work of
walking to the tree root from that point is pointless, because
augmentation will change nothing in those nodes either. This change
makes it possible to avoid that wasted work.
Define RB_AUGMENT_CHECK as a macro much like RB_AUGMENT, but which
returns a value 'true' when augmentation changes the augmentation data
of a node, and false otherwise. Change code that unconditionally walks
and augments to the top of tree to code that stops once an
augmentation has no effect. In the case of rebalancing the tree after
insertion or deletion, where previously a node rotated into the path
was inevitably augmented on the march to the tree root, now check to
see if it needs augmentation because the march to the tree root
stopped before reaching it.
Change the augmentation function in iommu_gas.c so that it returns
true/false to indicate whether the augmentation had any effect.
Reviewed by: alc, kib
MFC after: 3 weeks
Differential Revision: https://reviews.freebsd.org/D36509
This diff extends LinuxKPI to support simple attribute files in debugfs.
These simple attributes are an essential component for compiling drm-kmod
with CONFIG_DEBUG_FS enabled.
This will allow for easier graphics driver debugging using
Intel's igt-gpu-tools.
Reviewed by: hselasky
Differential Revision: https://reviews.freebsd.org/D35883
Sponsored by: Google, Inc. (GSoC 2022)
1865ebfb12 changed if_bridge to have it change the MTU on newly added
interfaces to match the if_bridge MTU, rather than rejecting them for
having an incorrect MTU.
Update the man page to reflect this, as pointed out by woodsb02.
Reviewed by: woodsb02
Differential Revision: https://reviews.freebsd.org/D36481
FreeBSD used to support both armv4 and armv5 binaries. All of that
support has been removed from the tree. We have only ever supported
armv6 and armv7 binaries in that mode. Note armv4 here too for
completeness since it flowed better than 'armv5 and earlier' and means
the same thing (FreeBSD never ran on an armv3 or earlier CPU).
Sponsored by: Netflix
The mentioned document "Name Server Operations Guide for BIND" is
outdated, so remove it from the SEE ALSO section of hosts.5
and resolver.{3,5}.
PR: 266360
Reported by: Graham Perrin <grahamperrin at FreeBSD dot org>
Reviewed by: karels
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D36557
Split out termcap.small generation into its own Makefile under
etc/termcap, so it's properly executed by the underlying command:
make 'SUBDIR_OVERRIDE=etc' everything
Reported by: gbe
MFC after: 1 month
This changes the default TCP Congestion Control (CC) to CUBIC.
For small, transactional exchanges (e.g. web objects <15kB), this
will not have a material effect. However, for long duration data
transfers, CUBIC allocates a slightly higher fraction of the
available bandwidth, when competing against NewReno CC.
Reviewed By: tuexen, mav, #transport, guest-ccui, emaste
Relnotes: Yes
Sponsored by: NetApp, Inc.
Differential Revision: https://reviews.freebsd.org/D36537
hw.cxgbe.cong_drop=2 will generate backpressure *and* drop frames for
queues that are congested.
MFC after: 2 weeks
Sponsored by: Chelsio Communications
kern.cam.da.default_softtimeout currently does nothing. It sets a value
in the CCB that SIMs could look at, only none do. Leave it undocumented
until it actually does something. It was introduced to allow a 'soft
recovery' to be started when things were taking too long in the SIM by
not scheduling new I/O, or other measures the SIM knew would help when
it seemed like things were getting 'backed up'. No SIM in the FreeBSD
tree implements this and scsi_da doesn't use it other than to pass it
down, so best remove it from the documentation until it does something.
Sponsored by: Netflix
Fixes: 53af9c235f
Reviewed by: gbe
Differential Review: https://reviews.freebsd.org/D36518
Summary:
This knob can be used to make buildsystem prefer generic C implentations of
various functions, instead of machine-specific assembler ones.
Test Plan: `make buildworld` on amd64
Reviewed by: imp, emaste
Differential Revision: https://reviews.freebsd.org/D36076
MFC after: 3 days
o Retire global always running ipreass_slowtimo().
o Instead use one callout entry per hash slot. The per-slot callout
would be scheduled only if a slot has entries, and would be driven
by TTL of the very last entry.
o Make net.inet.ip.fragttl read/write and document it.
o Retire IPFRAGTTL, which used to be meaningful only with PR_SLOWTIMO.
Differential revision: https://reviews.freebsd.org/D36275
need to do synchronization by hand when termcap is updated.
Reviewed by: uqs, bapt, imp
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D36333
Users with a tmpfs /var/run will lose the directory tree state of
/var/run at reboot. This rc script will optionally (by default)
capture the state of the directory structure in /var/run prior to
shutdown and recreate it at system boot.
Alternatively a user can save the state of the /var/run directories
manually using service var_run save and disable the autosaving of
/var/run state using the var_run_autosave variable, for those
paranoid SSD users.
PR: 259585, 259699
Reported by: freebsd@walstatt-de.de,
Reviewed by: philip, gbe (previous version)
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D36386
The AccECN handshake and TCP header flags are supported,
no support yet for the AccECN option. This minimalistic
implementation is sufficient to support DCTCP while
dramatically cutting the number of ACKs, and provide ECN
response from the receiver to the CC modules.
Reviewed By: #transport, #manpages, rrs, pauamma
Sponsored by: NetApp, Inc.
Differential Revision: https://reviews.freebsd.org/D21011
Here go cons of using inpcb for divert:
- divert(4) uses only 16 bits (local port) out of struct inpcb,
which is 424 bytes today.
- The inpcb KPI isn't able to provide hashing for divert(4),
thus it uses global inpcb list for lookups.
- divert(4) uses INET-specific part of the KPI, making INET
a requirement for IPDIVERT.
Maintain our own very simple hash lookup database instead. It
has mutex protection for write and epoch protection for lookups.
Since now so->so_pcb no longer points to struct inpcb, don't
initialize protosw methods to methods that belong to PF_INET.
Also, drop support for setting options on a divert socket. My
review of software in base and ports confirms that this has no
use and unlikely worked before.
Differential revision: https://reviews.freebsd.org/D36382
The divert(4) is not a protocol of IPv4. It is a socket to
intercept packets from ipfw(4) to userland and re-inject them
back. It can divert and re-inject IPv4 and IPv6 packets today,
but potentially it is not limited to these two protocols. The
IPPROTO_DIVERT does not belong to known IP protocols, it
doesn't even fit into u_char. I guess, the implementation of
divert(4) was done the way it is done basically because it was
easier to do it this way, back when protocols for sockets were
intertwined with IP protocols and domains were statically
compiled in.
Moving divert(4) out of inetsw accomplished two important things:
1) IPDIVERT is getting much closer to be not dependent on INET.
This will be finalized in following changes.
2) Now divert socket no longer aliases with raw IPv4 socket.
Domain/proto selection code won't need a hack for SOCK_RAW and
multiple entries in inetsw implementing different flavors of
raw socket can merge into one without requirement of raw IPv4
being the last member of dom_protosw.
Differential revision: https://reviews.freebsd.org/D36379
None of tools working with login classes change umask(1)
and we had no ways to specify non-default umask for a service
not touching its startup script. This change makes in possible.
Some file-sharing services that create new files may benefit from it.
Differential: https://reviews.freebsd.org/D36309
MFC-after: 3 days
The default ones are install them to /usr/libdata/pkgconfig, and we can't
use this path for compat libraries, so we use /usr/lib<suffix>/pkgconfigi here.
Test Plan: grep -rn libdir= ./usr/lib32/pkgconfig/*.pc
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D34939
In collaboration with: dougm
Reviewed by: alc
Sponsored by: The FreeBSD Foundation (kib)
MFC after: 3 days
Differential revision: https://reviews.freebsd.org/D36001
For an augmented rb_tree, allow a faster alternative to removing an
element from the tree, tweaking it slightly, and inserting it back
into the tree, knowing that its relative position in the tree is
unchanged. Instead, just change the element and invoke
RB_UPDATE_AUGMENT to fix the augmentation data for all the nodes in
the tree.
Reviewed by: kib
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D36010
Add some of the missing sysctls to tcp.4, using references to other
man pages where they exist. Added sysctls include recvbuf and sendbuf
controls for automatic buffer sizing. Updated recvspace and sendspace.
Add sysctl.8 to "see also" and intro to variable section. Rename
"MIB Variables" section to "MIB (sysctl) Variables", as most people
will associate with sysctl.
Reviewed by: manpages(pauamma), tuexen
Differential Revision: https://reviews.freebsd.org/D36004
Add missing sysctls to inet.4 and icmp.4, using references to ip.4
for variables and groups documented there. Add sysctl.8 to "see also"
and intro to variable section. Rename "MIB Variables" section to
"MIB (sysctl) Variables", as most people will associate with sysctl.
Revise history: the ICMP implementation was in 4.2BSD.
Reviewed by: manpages(pauamma)
Differential Revision: https://reviews.freebsd.org/D36003
The option was originally added in r313524, but with incomplete
documentation.
MFC after: 1 week
Reviewed by: karels, gbe (manpages)
Differential Revision: https://reviews.freebsd.org/D35890
Look in _LIB_OBJTOP for all static libraries not just INTERNALLIBs. In
normal operation this is a no-op, but improves the consistency of this
file.
Reviewed by: imp, jhb
Obtained from: CheriBSD
Differential Revision: https://reviews.freebsd.org/D35822
Declarations of variables must be placed before the statements of a
block, by convention. Use 'must' instead of 'may' here and clarify
langauge.
Sponsored by: Netflix
Reviewed by: pstef, rpokala, hselasky
Differential Revision: https://reviews.freebsd.org/D35959
K&R function definitions will soon be obsolete. Work has been underway
to remove all K&R function definitions from the tree for a while now. A
future C version will remove this construct from the language. So
strengthen existing statements about K&R function definitions and
declarations.
While here, remove __P macro reference. It's not been in active use for
almost two decades apart from legacy contrib code.
Sponsored by: Netflix
Reviewed by: pauamma, rpokala, hselasky, kp, brooks, markm, emaste
Differential Revision: https://reviews.freebsd.org/D35945
QAT in-tree driver ported from out-of-tree release available
from 01.org.
The driver exposes complete cryptography and data compression
API in the kernel and integrates with Open Crypto Framework.
Details of supported operations, devices and usage can be found
in man and on 01.org.
Patch co-authored by: Krzysztof Zdziarski <krzysztofx.zdziarski@intel.com>
Patch co-authored by: Michal Jaraczewski <michalx.jaraczewski@intel.com>
Patch co-authored by: Michal Gulbicki <michalx.gulbicki@intel.com>
Patch co-authored by: Julian Grajkowski <julianx.grajkowski@intel.com>
Patch co-authored by: Piotr Kasierski <piotrx.kasierski@intel.com>
Patch co-authored by: Adam Czupryna <adamx.czupryna@intel.com>
Patch co-authored by: Konrad Zelazny <konradx.zelazny@intel.com>
Patch co-authored by: Katarzyna Rucinska <katarzynax.kargol@intel.com>
Patch co-authored by: Lukasz Kolodzinski <lukaszx.kolodzinski@intel.com>
Patch co-authored by: Zbigniew Jedlinski <zbigniewx.jedlinski@intel.com>
Reviewed by: markj, jhb (OCF integration)
Reviewed by: debdrup, pauamma (docs)
Sponsored by: Intel Corporation
Differential Revision: https://reviews.freebsd.org/D34632
A replacement QAT driver will be imported, but this replacement does not
support Atom C2xxx hardware. So, the existing driver will be kept
around to provide opencrypto offload support for those chipsets.
Reviewed by: pauamma, emaste
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D35817
ELFCOMPRESS_ZSTD indicates that an ELF section is compressed with zstd.
It is the second compression type, after the existing ELFCOMPRESS_ZLIB.
Zstd generally provides a compelling tradeoff of speed and compression
(other algorithms may compress slightly better but take a lot longer,
or run faster but do not compress nearly as well).
See https://groups.google.com/g/generic-abi/c/satyPkuMisk for details.
ELFCOMPRESS_ZSTD will be supported in a future Clang/LLVM update. ELF
Tool Chain tools also need updating.
Reviewed by: Fangrui Song
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
EMDEDDEDPORTS does not contain devel/subversion anymore.
Fixes: a03128832c In extra_chroot_setup(), use 'uname -U' to determine OSVERSION.
MFC after: 1 week
In preparation for updates including missing variables, sort the
sysctl variables in the MIB variables section alphabetically.
Add a new "hostcache" entry for the hostcache node, containing the
intro text that was previously in hostcache.enable. Also cleanups
per review comments.
Reviewed by: transport(tuexen), manpages(bcr)
Differential Revision: https://reviews.freebsd.org/D35844
MFC after: 1 week
(cherry picked from commit 5cf709ce72c0b6eb4b4d57db015a65f8a84166d5)
Sort the sysctl(3)/sysctl(8) variables in the MIB Variables section
alphabetically. This is in preparation for adding missing variables
(at least in inet.4 and icmp.4). A few other touchups suggested in
review.
Reviewed by: bcr
Differential Revision: https://reviews.freebsd.org/D35843
MFC after: 1 week
(cherry picked from commit 3b656d465127de066511b6ffd02fb9fef85c7a53)
Generally, access to the kernel debugger is considered to be unsafe from
a security perspective since it presents an unrestricted interface to
inspect or modify the system state, including sensitive data such as
signing keys.
However, having some access to debugger functionality on production
systems may be useful in determining the cause of a panic or hang.
Therefore, it is desirable to have an optional policy which allows
limited use of ddb(4) while disabling the functionality which could
reveal system secrets.
This loadable MAC module allows for the use of some ddb(4) commands
while preventing the execution of others. The commands have been broadly
grouped into three categories:
- Those which are 'safe' and will not emit sensitive data (e.g. trace).
Generally, these commands are deterministic and don't accept
arguments.
- Those which are definitively unsafe (e.g. examine <addr>, search
<addr> <value>)
- Commands which may be safe to execute depending on the arguments
provided (e.g. show thread <addr>).
Safe commands have been flagged as such with the DB_CMD_MEMSAFE flag.
Commands requiring extra validation can provide a function to do so.
For example, 'show thread <addr>' can be used as long as addr can be
checked against the system's list of process structures.
The policy also prevents debugger backends other than ddb(4) from
executing, for example gdb(4).
Reviewed by: markj, pauamma_gundo.com (manpages)
Sponsored by: Juniper Networks, Inc.
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D35371
Our uses of tar rely on BSDisms, and so do not work in environments
where GNU tar is the default tar. Providing a TAR_CMD variable like
some other commands allows it to be overridden to use bsdtar in such
cases.
Reviewed by: brooks, delphij, gjb
Obtained from: CheriBSD
Differential Revision: https://reviews.freebsd.org/D35813
Older sysctls with constant OID macros were identified with those
in inet.4, tcp.4, and udp.4; newer sysctls with automatic numbering
were identified by sysctl names. No one remembers the OID macros,
or knows what they are; sysctls are always done by name now, usually
via sysctl(8).
Replace the OID macro names with sysctl names so that there is one
uniform identifier type; sysctl names were previously in parens.
Make the formatting a little more consistent in this area. In inet.4
and udp.4, move the "ip." or "udp." prefix from each entry into the
top-level name at the start of the section, as they are all the same.
Reviewed by: rpokala
Differential Revision: https://reviews.freebsd.org/D35806
Combined changes to allow experimentation with net 0/8 (network 0),
240/4 (Experimental/"Class E"), and part of the loopback net 127/8
(all but 127.0/16). All changes are disabled by default, and can be
enabled by the following sysctls:
net.inet.ip.allow_net0=1
net.inet.ip.allow_net240=1
net.inet.ip.loopback_prefixlen=16
When enabled, the corresponding addresses can be used as normal
unicast IP addresses, both as endpoints and when forwarding.
Add descriptions of the new sysctls to inet.4.
Add <machine/param.h> to vnet.h, as CACHE_LINE_SIZE is undefined in
various C files when in.h includes vnet.h.
The proposals motivating this experimentation can be found in
https://datatracker.ietf.org/doc/draft-schoen-intarea-unicast-0https://datatracker.ietf.org/doc/draft-schoen-intarea-unicast-240https://datatracker.ietf.org/doc/draft-schoen-intarea-unicast-127
Reviewed by: rgrimes, pauamma_gundo.com; previous versions melifaro, glebius
Differential Revision: https://reviews.freebsd.org/D35741
Apart from improving readability, this commit mentions that
<name>_oomprotect is ignored in a jail environment. Also, replace
${name}_cmd with the correct ${argument}_cmd and point the reader to
rc.subr(8).
MFC after: 1 week
Add an option to enable/disable DTrace without disabling ZFS. New
architectures such as CHERI may support ZFS before they support DTrace
and the old model of WITHOUT_CDDL disabling both wasn't helpful.
For compatiblity, the CDDL option remains and WITHOUT_CDDL implies
WITHOUT_DTRACE. WITHOUT_DTRACE also implies WITHOUT_CTF.
As part of this change, largely convert cddl/*/Makefile to using the
more compact SUBDIR.${MK_<FOO>}+= form rather than using intermediate
variables.
Reviewed by: markj
Obtained from: CheriBSD
Sponsored by: DARPA, AFRL
Differential Revision: https://reviews.freebsd.org/D35718
Document the existing alias definitions, and augment the example with
one of these. Also, describe the purpose of the newly added _FLAGS
variations of these command definitions.
Make some small style improvements to appease mandoc -Tlint.
Reviewed by: markj
MFC after: 3 days
Sponsored by: Juniper Networks, Inc.
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D35664
After some discussion, for now, simply revert the change to split
the driver up into if_rtw88_core.ko and if_rtw88_pci.ko as we do
not have an if_rtw88.ko anymore. We do have code trying to
auto-load modules, e.g. ifconfig, based on if_xxx.ko.
We could, based on Makefile magic or further code, generate a
if_rtw88.ko module with proper dependencies and keep this but for
simplicity stay with the one slightly larger module for now.
Should code appear to do this "properly" we can revisit this once
USB support has landed.
Slightly update the module Makefile to keep the separation of files
between core and pci bits visible and maintainable for the future.
This reverts commit 0f7b9777f8.
Based on an email mhorne@ sent to arch@.
Reviewed by: debdrup, pauamma_gundo.com
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D34565
Now that -m32 is fixed, just install libs in ${WORLDTMP}/lib/lib32
and use the installed headers.
Reviewed by: imp, jhb
Obtained from: CheriBSD
Differential Revision: https://reviews.freebsd.org/D34697
The Hardware currently doesn't support TSO feature and it can be
misleading to mention that in the docs.
All references to the docs were removed from the man pages.
Obtained from: Semihalf
MFC after: 2 weeks
Sponsored by: Amazon, Inc.
Also, update the BUGS section. The example describes an issue, which is
not true anymore thanks to sysctl_lastload. Point readers to rcorder(8)
instead.
MFC after: 2 weeks
OpenVPN Data Channel Offload (DCO) moves OpenVPN data plane processing
(i.e. tunneling and cryptography) into the kernel, rather than using tap
devices.
This avoids significant copying and context switching overhead between
kernel and user space and improves OpenVPN throughput.
In my test setup throughput improved from around 660Mbit/s to around
2Gbit/s.
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D34340
The macOS linker does not support -zrelro/-znorelro. Since it is only
used to for build tools that run on the host, and WITH_RELRO or
WITHOUT_RELRO does not matter there, just skip the option.
Reviewed by: markj
Fixes: 2f3a961487 ("Add RELRO build knob, default to enabled")
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D35589
Move pytest wrapper to the collection of the other atf wrappers
in libexec. It solves the problem of combining bits & pieces from
bsd.test.mk and bgs.prog.mk to address "test binary, but not the
suite binary".
Reviewed by: kp
Differential Revision: https://reviews.freebsd.org/D35604
MFC after: 2 weeks
Implementation consists of the pytest plugin implementing ATF format and
a simple C++ wrapper, which reorders the provided arguments from ATF format
to the format understandable by pytest. Each test has this wrapper specified
after the shebang. When kyua executes the test, wrapper calls pytest, which
loads atf plugin, does the work and returns the result. Additionally, a
separate python "package", `/usr/tests/atf_python` has been added to collect
code that may be useful across different tests.
Current limitations:
* Opaque metadata passing via X-Name properties. Require some fixtures to write
* `-s srcdir` parameter passed by the runner is ignored.
* No `atf-c-api(3)` or similar - relying on pytest framework & existing python libraries
* No support for `atf_tc_<get|has>_config_var()` & `atf_tc_set_md_var()`.
Can be probably implemented with env variables & autoload fixtures
Differential Revision: https://reviews.freebsd.org/D31084
Reviewed by: kp, ngie
A one-to-many unix/dgram socket is a socket that has been bound
with bind(2) and can get multiple connections. A typical example
is /var/run/log bound by syslogd(8) and receiving multiple
connections from libc syslog(3) API. Until now all of these
connections shared the same receive socket buffer of the bound
socket. This made the socket vulnerable to overflow attack.
See 240d5a9b1c for a historical attempt to workaround the problem.
This commit creates a per-connection socket buffer for every single
connected socket and eliminates the problem. The new behavior will
optimize seldom writers over frequent writers. See added test case
scenarios and code comments for more detailed description of the
new behavior.
Reviewed by: markj
Differential revision: https://reviews.freebsd.org/D35303
Note that lld enables relro by default, so that we already had either
partial or full RELRO, depending on the state of the BIND_NOW knob.
Add a RELRO knob so that the option can be disabled if desired, and so
that builds using the GNU toolchain are equivalent to those using the
standard Clang/LLVM toolchain.
Reviewed by: markj
MFC after: 3 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D35545
