Yet another problem created by VIMAGE/if_vmove/epair design that
relocates ifnet between vnets and changes if_index. Since if_index
changes, nhop hash values also changes, unlink_nhop() isn't able to
find entry in hash and leaks the nhop. Since nhop references ifnet,
the latter is also leaked. As result running network tests leaks
memory on every single test that creates vnet jail.
While here, rewrite whole hash_priv() to use static initializer,
per Alexander's suggestion.
Reviewed by: melifaro
In addition to filtering by stack and state, allow filtering
by the congestion control module used. Choose the command line
options to be consistent with the ones of sockstat.
MFC after: 1 week
Sponsored by: Netflix, Inc.
As in 73db3b64f1, when WITHOUT_INET6 is selected, null if-then-else
blocks are generated because #if statements are incorrectly placed.
Moving the #if statements reduces unnecessary runtime comparisons or
compiler optimizations.
MFC after: 3 days
Add an SDT probe, using the newly created DT5 macro, in similar vein
to DEBUG_PARSE printf for when FTP junk is anticipated and ok. This
will assist in debugging port (active) FTP proxy issues.
MFC after: 3 days
Rather than save the return code into an intermediate variable, which BTW
is optimized out anyway, explicitly remove the return code from the stack.
MFC after: 3 days
There were two issues with the new pflog packet length.
The first is that the length is expected to be a multiple of
sizeof(long), but we'd assumed it had to be a multiple of
sizeof(uint32_t).
The second is that there's some broken software out there (such as
Wireshark) that makes incorrect assumptions about the amount of padding.
That is, Wireshark assumes there's always three bytes of padding, rather
than however much is needed to get to a multiple of sizeof(long).
Fix this by adding extra padding, and a fake field to maintain
Wireshark's assumption.
Reported by: Ozkan KIRIK <ozkan.kirik@gmail.com>
Tested by: Ozkan KIRIK <ozkan.kirik@gmail.com>
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D33236
When adding an SPD entry that already exists, a refcount wraparound
panic is encountered. This was caused from dropping a reference on the
wrong security policy.
Fixes: 4920e38fec ("ipsec: fix race condition in key.c")
Reviewed by: wma
Sponsored by: Klara Inc.
Differential Revision: https://reviews.freebsd.org/D33100
The check to see if TCP port allocation should change from random to
sequential port allocation mode may incorrectly cause a false positive
due to negative wraparound.
Example:
V_ipport_tcpallocs = 2147483585 (0x7fffffc1)
V_ipport_tcplastcount = 2147483553 (0x7fffffa1)
V_ipport_randomcps = 100
The original code would compare (2147483585 <= -2147483643) and thus
incorrectly move to sequential allocation mode.
Compute the delta first before comparing against the desired limit to
limit the wraparound effect (since tcplastcount is always a snapshot
of a previous tcpallocs).
When sending packets the stcb was used to access the inp and then
access the endpoint specific IPv6 level options. This fails when
there exists an inp, but no stcb yet. This is the case for sending
an INIT-ACK in response to an INIT when no association already
exists. Fix this by just providing the inp instead of the stcb.
PR: 260120
MFC after: 1 week
Fix logic error causing UDP(-Lite) local ephemeral port bindings
to count against the TCP allocation counter, potentially causing
TCP to go from random to sequential port allocation mode prematurely.
This should unbreak the kernel build when "options RSS" is
defined in the kernel configuration, and make the feature work.
Signed-off-by: Eric Joyner <erj@FreeBSD.org>
Reported by: adrian@
Sponsored by: Intel Corporation
Some shared libraries specify mappings that leave a gap (actually a
MAP_GUARD mapping) in between the file mappings (libcrypto.so was
the one I found), and this would cause rd_loadobj_iter() to report
the mapping info incorrectly, leaving out rdl_path and misreporting
rdl_offset for file mappings after the gap. Fix rd_loadobj_iter()
to handle this situation.
Reviewed by: markj
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D32950
The previous commit to this node falsely stated that locked callouts
are compatible with netgraph ng_callout KPI. They are not. An item
can be queued instead of being applied to the node, which results in
a mutex leak to the callout thread and later unlocked call into function
that expects to be called locked.
Potentially netgraph can be taught to handle locked callouts, but that
would bring a lot of complexity in it. Instead lets question necessity
of ng_callout() instead of callout_reset(). It protects against node
going away while callout is scheduled. But a node that drains all
callouts in the shutdown method (ng_l2tp does) is already protected.
Fixes: 89042ff776
Use OLD_FILES for a few symbolic links and static libraries previously
included in OLD_LIBS.
Add a missing shared library major number to an old libroken entry.
The Li macros has been deprecated by mdoc some time ago. Recommend the
use of Ql instead.
Reviewed by: debdrup
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D33232
