The ino_blkatoff() and indir_blkatoff() functions failed to release
the buffers holding second and third level indirect blocks. This
commit ensures that these buffers are now properly released.
MFC after: 1 week
Sponsored by: Netflix
Allow pf to use dummynet pipes and queues.
We re-use the currently unused IPFW_IS_DUMMYNET flag to allow dummynet
to tell us that a packet is being re-injected after being delayed. This
is needed to avoid endlessly looping the packet between pf and dummynet.
MFC after: 2 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D31904
Calling veriexec -i locked return the state of loaded and vice-versa.
Differential revision: https://reviews.freebsd.org/D30952
Reviewed by: sjg,imp
Obtained from: Stromshield
When fsck_ffs is running in preen mode and finds a zero-length directory,
it deletes that directory. In doing this operation, it unnecessary set
its internal flag saying that fsck_ffs needed to be rerun. This patch
deletes the rerun request for this case.
Reported by: Mark Johnson
PR: 246962
MFC after: 1 week
Sponsored by: Netflix
Determine if a device supports "Extended" or "Separate" metadata, and
what the current metadata setting is (None, Extended, Separate)
Also determine if the device supports:
- Sanitize Crypto Erase
- Sanitize Block Erase
- Sanitize Overwrite
Reviewed by: chuck
Sponsored by: NetApp, Inc.
Sponsored by: Klara, Inc.
X-NetApp-PR: #49
Differential Revision: https://reviews.freebsd.org/D31067
Implement and document the new depop command. This command manages drive elements
for drives that support it. Storage elements are typically heads. Element status
can be discovered. Elements may be removed or restored. And the status of any
current depop operation can be assessed.
depop -d elm will remove element elm and truncate available capacity.
depop -l will list the current drive elements and their current status.
depop -r elm will try to restore all retired elements and rebuild capacity.
Changing storage elements may reinitialize the drive. This operation will lose
data and may take hours to complete. Use the drive provided timeout for
operations by default.
Reviewed by: gbe (manpages)
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D29018
This adds an option to detect if hole-punching is implemented by the
underlying file system. If this flag is set, and if the underlying file
system does not support hole-punching, md(4) fails BIO_DELETE requests
with EOPNOTSUPP.
Sponsored by: The FreeBSD Foundation
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D31883
Introduce a link to the ipfw command, dnctl, for dummynet configuration.
dnctl only handles dummynet configuration, and is part of the effort to
support dummynet in pf.
/sbin/ipfw continues to accept pipe, queue and sched commands, but these can
now also be issued via the new dnctl command.
Reviewed by: donner
MFC after: 2 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D30465
795d78a467 pfctl: Don't use PRIu64 mistakenly changed these to be
printed as hexadecimal numbers.
Reported by: Florian Smeets
MFC after: 4 days
Sponsored by: Rubicon Communications, LLC ("Netgate")
Rather than PRIu64 we can just treat the data as uintmax_t, and use %jx
instead.
MFC after: 1 week
Suggested by: kib
Sponsored by: Rubicon Communications, LLC ("Netgate")
Use PRIu64 to printf(3) uint64_t quantities, otherwise this will result
in "error: format specifies type 'unsigned long' but the argument has
type 'uint64_t' (aka 'unsigned long long') [-Werror,-Wformat]" on 32-bit
architectures.
Fixes: 80078d9d38
MFC after: 1 week
Rather than call DIOCGETSTATUS ourselves use the new libpfctl functions.
MFC after: 1 week
Sponsored by: Modirum MDPay
Differential Revision: https://reviews.freebsd.org/D31697
Since the conversion to the new DIOCKILLSTATESNV the kernel no longer
exists the id and creatorid to be big-endian.
As a result killing states by id (i.e. `pfctl -k id -k 12345`) no longer
worked.
Reported by: Özkan KIRIK
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")
When invalid statement is found the next statement is skipped even if it
is valid.
Reviewed by: markj
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D31527
This allows the maximum value of 4294967295 (~4Gb/s) instead of previous
value of 2147483647 (~2Gb/s).
Reviewed by: np, scottl
Obtained from: pfSense
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D31582
That commit moved key generation into a child process, including
a memory allocation referenced by a structure. The child wrote
the structure to the parent over a pipe, but did not write the
referenced allocation. The parent read the structure from the
child and used its pointer, which was bogus in the parent.
In the child, send both chunks of data to the parent. In the
parent, make a corresponding allocation and read both chunks.
Fixes: 372557d8c3
Reviewed by: bdrewery, markj
MFC after: 1 week
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D31452
When matching entries, we should ignore those with a name of '#'. It's
the standard way to skip elements and need to be present to have the
proper offsets to the fields that are observed. No bus has a pnp
attribute of '#' and that is now disallowed for future buses that are
written.
Sponsored by: Netflix
Reviewed by: kbowling
Differential Revision: https://reviews.freebsd.org/D31482
Felix switch found in LS1028A supports stripping VLAN tag on
ingress, instead of egress. The striptag flag excepts the latter
behaviour.
Add a new flag to support the feature.
Obtained from: Semihalf
Sponsored by: Alstom Group
Differential Revision: https://reviews.freebsd.org/D30922
SO_RERROR indicates that receive buffer overflows should be handled as
errors. Historically receive buffer overflows have been ignored and
programs could not tell if they missed messages or messages had been
truncated because of overflows. Since programs historically do not
expect to get receive overflow errors, this behavior is not the
default.
This is really really important for programs that use route(4) to keep
in sync with the system. If we loose a message then we need to reload
the full system state, otherwise the behaviour from that point is
undefined and can lead to chasing bogus bug reports.
Reviewed by: philip (network), kbowling (transport), gbe (manpages)
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D26652
This allows the use of VLAN PCP in dhclient, which is required for
certain ISPs (such as Orange.fr).
Reviewed by: bcr (man page)
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D31263
Netdump has its own configuration tracking such that
ioctl(/dev/null, DIOCSKERNELDUMP) does a dumper_remove() but does not
notify netdump about the removal. Simply sending the same ioctl to
/dev/netdump handles the situation.
Reviewed by: markj, cem
Sponsored by: Dell EMC
Differential Revision: https://reviews.freebsd.org/D31300
If -v is specified when adding a new device then a full listing of
configured devices is displayed. This requires sysctl access which
genkey()'s use of capability mode was blocking permission to access.
This leads to both confusing console spam but also incorrectly returning
an error status even if no other had been encountered.
dumpon: Sysctl get 'kern.shutdown.dumpdevname': Operation not permitted
Fix this by generating the key in a child process.
Reviewed by: markj
Sponsored by: Dell EMC
Differential Revision: https://reviews.freebsd.org/D31266
This can be useful for, e.g., unmounting filesystems that were needed
for shutdown.
Reviewed by: kib
Sponsored by: NetApp, Inc.
Sponsored by: Klara, Inc.
X-NetApp-PR: #63
Differential Revision: https://reviews.freebsd.org/D31230
Support the 'match' keyword.
Note that support is limited to adding queuing information, so without
ALTQ support in the kernel setting match rules is pointless.
For the avoidance of doubt: this is NOT full support for the match
keyword as found in OpenBSD's pf. That could potentially be built on top
of this, but this commit is NOT that.
MFC after: 2 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D31115
Since bsd.prog.mk includes bsd.obj.mk, and thus bsd.subdir.mk, we must
ensure all our bsd.subdir.mk-affecting variables are set before
including bsd.prog.mk. Since sbin's various Makefile.arch files add to
SUBDIR this results in those not taking effect, and presumably we also
end up not having buildworld as parallel as it should be due to the fact
that SUBDIR_PARALLEL was not being set before including bsd.prog.mk.
MFC with: 0a0f748641
Reviewed by: olivier
Differential Revision: https://reviews.freebsd.org/D31125
