Previously we expected the DIOCSKERNELDUMP ioctl to return ENXIO if the
interface was down, but it does not actually do this. Grab the link
status using getifaddrs(3) instead, and downgrade this case from an
error to a warning; the user might bring the link back up at a later
time.
Reviewed by: cem
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D35196
I pushed the last changes before I'd noticed the better wording
suggestions in the review. Also include a note that not all lines will
have a timestampe. Some multi-line messages are generated with sbuf, and
when those are pushed, only the first line will have the
timestamp. Document this quirky behavior as well since fixing it likely
won't happen soon. CAM periph drivers generate all the lines in their
announce message together so they aren't intermingled with other things,
for example.
Suggested by: allanjude, emaste, rpokala
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D35139
Differential Revision: https://reviews.freebsd.org/D35141
Today, kern.msgbuf_show_timestamp=1 will give 1 second granularity
timestamps on dmesg lines. When kern.msgbuf_show_timestamp=2, we'll
produce microsecond level graunlarity.
For example:
old (== 1):
[13] Dual Console: Video Primary, Serial Secondary
[14] lo0: link state changed to UP
[15] bxe0: NIC Link is Up, 10000 Mbps full duplex, Flow control: ON - receive & transmit
[15] bxe0: link state changed to UP
new (== 2):
[13.807015] Dual Console: Video Primary, Serial Secondary
[14.544150] lo0: link state changed to UP
[15.272044] bxe0: NIC Link is Up, 10000 Mbps full duplex, Flow control: ON - receive & transmit
[15.272052] bxe0: link state changed to UP
Sponsored by: Netflix
its attempt to install SA/SPD into the kernel results in cryptic
EINVAL error code.
Let it be a bit more user-friendly and try to load ipsec.ko
automatically if it is not loaded, just like ifconfig(8) does it
for modules it needs.
PR: 263379
MFC after: 2 weeks
The daemon can specify fsname=XXX in its mount options. If so, the file
system should report f_mntfromname as XXX during statfs. This will show
up in the output of commands like mount and df.
Submitted by: Ali Abdallah <ali.abdallah@suse.com>
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D35090
AEAD ciphers for IPsec combine both encryption and authentication. As
such, ESP configurations using an AEAD cipher should not use a
seperate authentication algorithm via -A. However, this was not
apparent from the setkey manpage and 12.x and earlier did not perform
sufficient argument validation permitting users to pair an explicit -A
such as SHA256-HMAC with AES-GCM. (The result was a non-standard
combination of AES-CTR with the specified MAC, but with the wrong
initial block counter (and thus different keystream) compared to using
AES-CTR as the cipher.)
Attempt to clarify this in the manpage by explicitly calling out AEAD
ciphers (currently only AES-GCM) and noting that AEAD ciphers should
not use -A.
While here, explicitly note which authentication algorithms can be
used with esp vs esp-old. Also add subsection headings for the
different algorithm lists and tidy some language.
I did not convert the tables to column lists (Bl -column) though that
would probably be more correct than using literal blocks (Bd
-literal).
PR: 263379
Reviewed by: Pau Amma <pauamma@gundo.com>, markj
Differential Revision: https://reviews.freebsd.org/D34947
Similar to ipfw rule timestamps, these timestamps internally are
uint32_t snaps of the system time in seconds. The timestamp is CPU local
and updated each time a rule or a state associated with a rule or state
is matched.
Reviewed by: kp
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D34970
Since a16732d670 we always print the l3 src/destination for Ethernet
rules. Update the tests to account for this.
Sponsored by: Rubicon Communications, LLC ("Netgate")
While the kernel only performs the L3 check for
ETHERTYPE_IP/ETHERTYPE_IP6 we should always print the source and
destination addresses.
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D34918
Allow tables to be used for the l3 source/destination matching.
This requires taking the PF_RULES read lock.
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D34917
After this, we'll be able to ping a host and not spam the terminal, and
no flooding will have to be involved. I've been doing this under Linux
as ping -fi1 host.
Reviewed by: rpokala, Pau Amma
Differential Revision: https://reviews.freebsd.org/D34882
The new '-L' flag will cause savecore to invoke the new mem(4) kernel
dump ioctl, taking a dump of the running system and writing the result
to a temporary file. Validation of the dump header is performed, similar
to regular crash dumps, and the final result is written to
livecore.X[.zst|.gz].
Also added is the '-Z' flag, which instructs the kernel to compress the
livedump compressed with zstd, akin to the existing -z flag. This option
has no effect in normal savecore(8) operation, but in theory could be
extended to perform such compression while reading the dump from the
dump device.
Encryption is unsupported for live dumps.
For example: 'savecore -Lz /var/crash' would create:
/var/crash/livecore.0.gz
Reviewed by: markj
MFC after: 2 weeks
Sponsored by: Juniper Networks, Inc.
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D34347
Move it to a separate function, allowing its reuse.
Reviewed by: markj
MFC after: 3 days
Sponsored by: Juniper Networks, Inc.
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D34822
All files are now created relative to savedirfd, e.g. with openat(2).
Therefore, we do not need character buffers to be PATH_MAX bytes long,
just long enough to hold the complete filename. 32 bytes is long enough
in all cases. These can be allocated on the stack.
While here, fix an error message that attempts to use an uninitialized
infoname.
Reviewed by: markj
MFC after: 3 days
Sponsored by: Juniper Networks, Inc.
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D34821
So that new callers of getbounds() don't need to duplicate it.
Reviewed by: markj
MFC after: 3 days
Sponsored by: Juniper Networks, Inc.
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D34783
When asked to print rules recursively, correctly recurse for anchors
included in pf.conf with "anchorname/*".
PR: 262590
Reviewed by: kp
MFC after: 3 weeks
This fixes a performance problem where poudriere -j 104 keeps remounting
filesystems, which induce wanting to signal mountd, if running. The
current code tries to do it by creating the pidfile in /var/run and
unlinking it if the operation succeeds, inducing contention against
anything doing an exec as it tries to look up /var/run/ld-elf.so.hints
Differential Revision: https://reviews.freebsd.org/D34681
This check was previously in `create` only, not applying to renames. It
should really be applied at the libbe level, so that we can avoid
writing about this restriction over and over again.
While we're here: `bectl rename` always succeeds, even when it doesn't.
Start returning the error.
Reported By: Christian McDonald <cmcdonald netgate com>
Reviewed by: rew, jwmaag_gmail.com (earlier version)
Differential Revision: https://reviews.freebsd.org/D34605
Discuss the standard type of layout, as well as the "deep" BE layout,
and some of the properties of both. Point the various -r flags at this
new section, to help users understand which they're working with and
what the -r flag is actually doing. Note that we may just deprecate the
-r flag in future versions, but the flag will be recognized as a NOP at
that point.
Reviewed by: pauamma_gundo.com, rew
Differential Revision: https://reviews.freebsd.org/D34538
"ifconfig -g groupname" prints a list of interface names,
which could be confusing, because it differs from
the behavior of "ifconfig -a -g groupname".
While here, add two examples showing the difference between
"ifconfig -a -g groupname" and "ifconfig -g groupname".
Fixes: 0dad3f0e15 Import interface groups from OpenBSD.
MFC after: 2 weeks
This reference has been present in the manual page since the initial
import of BSD 4.4 Lite sbin Sources. It's time for it to be removed.
MFC after: 2 weeks
