I completely forgot about updating the generated llvm-project config
files, which also contain version numbers, etc. Sorry for the churn.
PR: 261742
Fixes: ab9d54731f
MFC after: 3 days
It is unclear why this hasn't bothered anyone in months; I can only assume
optimization levels but it seems there were unresolved symbols in
iwlwifi after d9836fb4b9:
link_elf_obj: symbol iwl_mvm_send_roaming_forbidden_event undefined
Hide more of the currently unsupported (GPL-only) MEI (Management Engine)
code behind #ifdef to avoid this.
Reported by: dchagin
Tested by: dchagin
Sponsored by: The FreeBSD Foundation
MFC after: 3 days
By analogy with IP address matching, add a way to use ipfw radix
tables for MAC matching. This is implemented using new ipfw table
with mac:radix type. Also there are src-mac and dst-mac lookup
commands added.
Usage example:
ipfw table 1 create type mac
ipfw table 1 add 11:22:33:44:55:66/48
ipfw add skipto tablearg src-mac 'table(1)'
ipfw add deny src-mac 'table(1, 100)'
ipfw add deny lookup dst-mac 1
Note: sysctl net.link.ether.ipfw=1 should be set to enable ipfw
filtering on L2.
Reviewed by: melifaro
Obtained from: Yandex LLC
MFC after: 1 month
Relnotes: yes
Sponsored by: Yandex LLC
Differential Revision: https://reviews.freebsd.org/D35103
Test pfsync in a more realistic scenario with carp and route_to rules.
Build this topology and initiate a single ping session from client to
server:
┌──────┐
│client│
└───┬──┘
│
┌───┴───┐
│bridge0│
└┬─────┬┘
│ │
┌────────────────┴─┐ ┌─┴────────────────┐
│gw_route_to_master├─┤gw_route_to_backup│
└────────────────┬─┘ └─┬────────────────┘
│ │
┌┴─────┴┐
│bridge1│
└┬─────┬┘
│ │
┌────────────────┴─┐ ┌─┴────────────────┐
│gw_reply_to_master├─┤gw_reply_to_backup│
└────────────────┬─┘ └─┬────────────────┘
│ │
┌┴─────┴┐
│bridge2│
└───┬───┘
│
┌───┴──┐
│server│
└──────┘
gw* jails forward traffic through pf route-to rules, not fib lookups.
If backup_promotion arg is given (as in the pfsync_pbr test case), a
carp failover event occurs during the ping session on both gateways.
Verify that ping messages still go where we expect them to go.
MFC after: 2 weeks
Sponsored by: Orange Business Services
When a state if pfsync’d to a different host it doesn’t get all of the
expected pointers, including the pointer to the struct pfi_kif / struct
ifnet rt_kif pointer. (I.e. the interface to route out on).
That in turn means that pf_route() ends up dropping the packet.
Use the rule's struct pfi_kif pointer so we can still route out of the
expected interface.
MFC after: 2 weeks
Sponsored by: Orange Business Services