Introduce the OpenBSD syntax of "scrub" option for "match" and "pass"
rules and the "set reassemble" flag. The patch is backward-compatible,
pf.conf can be still written in FreeBSD-style.
Obtained from: OpenBSD
MFC after: never
Sponsored by: InnoGames GmbH
Differential Revision: https://reviews.freebsd.org/D38025
if_bridge receives packets via a special interface, if_bridge_input,
rather than by if_input. Thus, netmap's usual hooking of ifnet routines
does not work as expected. Instead, modify bridge_input() to pass
packets directly to netmap when it is enabled. This applies to both
locally delivered packets and forwarded packets.
When a netmap application transmits a packet by writing it to the host
TX ring, the mbuf chain is passed to if_input, which ordinarily points
to ether_input(). However, when transmitting via if_bridge,
bridge_input() needs to see the packet again in order to decide whether
to deliver or forward. Thus, introduce a new protocol flag,
M_BRIDGE_INJECT, which 1) causes the packet to be passed to
bridge_input() again after Ethernet processing, and 2) avoids passing
the packet back to netmap. The source MAC address of the packet is used
to determine the original "receiving" interface.
Reviewed by: vmaffione
MFC after: 2 months
Sponsored by: Zenarmor
Sponsored by: OPNsense
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D38066
It was introduced in 2d3614fb13 (bridge: Log MAC address port flapping).
Reviewed by: gbe (manpages)
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D39465
List the specific tools that are controlled by WITH_LLVM_BINUTILS, and
mention the tools that are always or never taken from LLVM. Tools come
from one of three sources (LLVM, ELF Tool Chain, bespoke base system)
and it is useful to be explicit.
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D39428
Use the date of the last commit from gj@ (d276a4dfa6f5f3711808eff44ff20a92114b4d6e)
Note that for other developers the date is that when the commit bit was taken
in.
Currently, sysctls which enable KDB in some way are flagged with
CTLFLAG_SECURE, meaning that you can't modify them if securelevel > 0.
This is so that KDB cannot be used to lower a running system's
securelevel, see commit 3d7618d8bf. However, the newer mac_ddb(4)
restricts DDB operations which could be abused to lower securelevel
while retaining some ability to gather useful debugging information.
To enable the use of KDB (specifically, DDB) on systems with a raised
securelevel, change the KDB sysctl policy: rather than relying on
CTLFLAG_SECURE, add a check of the current securelevel to kdb_trap().
If the securelevel is raised, only pass control to the backend if MAC
specifically grants access; otherwise simply check to see if mac_ddb
vetoes the request, as before.
Add a new secure sysctl, debug.kdb.enter_securelevel, to override this
behaviour. That is, the sysctl lets one enter a KDB backend even with a
raised securelevel, so long as it is set before the securelevel is
raised.
Reviewed by: mhorne, stevek
MFC after: 1 month
Sponsored by: Juniper Networks
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D37122
This does not remove LLVM_TARGET_MIPS. Note that the only
MACHINE_ARCH values ending in 'hf' were all MIPS architectures, hence
removing the pattern matches for 'hf'.
Reviewed by: emaste
Differential Revision: https://reviews.freebsd.org/D39331
Make userland tools such as netstat, route, arp and ndp use
either netlink or rtsock interfaces based on the NETLINK_SUPPORT
options.
Both NETLINK and NETLINK_SUPPORT options are turned on by default.
Reviewed By: eugen
Differential Revision: https://reviews.freebsd.org/D39148
Add myself as a doc committer, mentored by carlavilla and dbaio.
Approved by: carlavilla (mentor)
Differential Revision: https://reviews.freebsd.org/D39254
- Improve the wording that describes cnt and hz (avoid "the long haul")
- Use .Fa for function arguments
- Fix formatting of parenthesis around swi(9) xref
- removed xref to non-existent options(4)
- xref polling(4)
- consistently list xrefs in SEE ALSO
- xref eventtimers(9) in SEE ALSO
Reviewed by: mav, rpokala
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D39137
timeout(9) was removed a couple of years ago; all consumers now use the
callout(9) interface.
Explicitly do not bump .Dd anywhere, as this is not a content or
semantic change.
Reviewed by: markj, jhb, Pau Amma <pauamma@gundo.com>
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D39136
Add more details about the execution and purpose of these shutdown
handlers. Make a point to mention the requirement that they can be run
in a normal or panic context. Add some simple examples.
Add a brief comment to the declaration in sys/eventhandler.h.
Reviewed by: markj
Discussed with: rpokala, Pau Amma <pauamma@gundo.com>
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D39135
- This function no longer disables interrupts
- MLINK to reboot.9
- The mentions of autoconfiguration is more about shutdown_nice(),
coming in the next commit.
- Describe the RB_* flags relevant to this function
- Describe behaviour when shutdown hooks fail the reset
- Describe expected execution contexts
- Add FF copyright
- xref panic(9)
- xref this page in reboot(2)
Reviewed by: markj
Discussed with: rpokala, Pau Amma <pauamma@gundo.com>
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D39133
- Better description of what the panic() function does
- Document KERNEL_PANICKED()
- Add a section describing panic execution context
- Add SEE ALSO
Reviewed by: kib, markj, rpokala
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D39132
- Add a little bit of introductory text
- Improve the existing example: ANSI C, use a better assertion than a
NULL check (which is discouraged)
- Document the widely used MPASS macro in this page
- Drop the cross-reference to config(8)
Reviewed by: kib, markj, rpokala, Pau Amma <pauamma@gundo.com>
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D39131
- Document CRITICAL_ASSERT() in this man page.
- Clarify that a thread may also handle interrupts in a critical
section, not only faults/exceptions.
- Note the negative effects of critical section abuse
- Some other minor clarifications
- Add short SEE ALSO
Reviewed by: kib, markj, rpokala, Pau Amma <pauamma@gundo.com>
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D39130
These functions, vcount() and count_dev(), no longer exist in the source
tree.
Reviewed by: rpokala
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D39128
Use .An -nosplit for the AUTHORS section, so that
it renders without an unnecessary newline.
No .Dd bump since it isn't a content change.
MFC after: 3 days
This will build etdump, makefs and mkimg as bootstrap tools to allow
easily creating disk images. Note that etdump is bootstrapped due to its
use in the release scripts for building ISO images.
Reviewed by: emaste, arichardson
Differential Revision: https://reviews.freebsd.org/D39072
Since 9503d2704c LOADER_ZFS gets turned off when ZFS is, and since
63715498ac ZFS is no longer disabled on powerpc and powerpcspe.
Reviewed by: emaste
Fixes: 9503d2704c ("opts: Minor cleanup of ZFS options")
Fixes: 63715498ac ("powerpc: enable ZFS on 32 bit powerpc/powerpcspe")
Differential Revision: https://reviews.freebsd.org/D39071
RFC 4443 specifies cases where certain packets, like those originating from
local-scope addresses destined outside of the scope shouldn't be forwarded.
The current practice is to drop them, send ICMPv6 message where appropriate,
and log the message:
cannot forward src fe80:10::426:82ff:fe36:1d8, dst 2001:db8:db8::10, nxt
58, rcvif vlan5, outif vlan2
At times the volume of such messages cat get very high. Let's allow local
admins to disable such messages on per vnet basis, keeping the current
default (log).
Reported by: zarychtam@plan-b.pwste.edu.pl
Reviewed by: zlei (previous version), pauamma (docs)
Differential Revision: https://reviews.freebsd.org/D38644
Mark ZFS broken here too, add comment about why. Add comments about
OFED being disabled on 32-bit arm, add comment about why too.
Sponsored by: Netflix
Remove redundant CPUARCH test: we really just want a plain MACHINE_ARCH
here.
Second, always turn off LOADER_ZFS when we turn off ZFS. Not 100%
required, but we did it some places and not others. There's no current
mechanism to say that if X is disabled then X_Y must be too.
Sponsored by: Netflix
With the removal of NgATM it no longer controls anything.
Reviewed by: manu, emaste
Sponsored by: DARPA
Differential Revision: https://reviews.freebsd.org/D38882
This standalone module is the last vestage of ATM support in the tree so
send it on its way.
Reviewed by: manu, emaste
Relnotes: yes
Sponsored by: DARPA
Differential Revision: https://reviews.freebsd.org/D38880
Most ATM support was removed prior to FreeBSD 12. The netgraph support
was kept as it was less intrusive, but it is presumed to be unused.
Reviewed by: manu
Relnotes: yes
Sponsored by: DARPA
Differential Revision: https://reviews.freebsd.org/D38879
This code was used only on MIPS platforms, and has not built in some
time.
Reviewed by: ray
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D38986
NDIS was removed a couple of years ago, but the src.conf knob was left
behind.
Fixes: bfc99943b0 ("ndis(4): remove as previous announced")
Sponsored by: The FreeBSD Foundation
Where options exist in both src.opts.mk and kern.opts.mk they should be
kept in sync.
It may be that the option should be flipped the other way (e.g.,
enabling OFED in the kernel on arm64); if so that will be done as a
subsequent commit after further testing.
PR: 269994
Reviewed by: imp
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D38952
libcasper(3) is not used in bhyve. So move dependency to the appropriate
place.
Reviewed by: markj
MFC after: 1 week
Sponsored by: vStack
Differential Revision: https://reviews.freebsd.org/D38905
Where options exist in both src.opts.mk and kern.opts.mk they should be
kept in sync.
PR: 269994
Reviewed by: imp
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D38935
netlink(4) and associated features will exist in FreeBSD 14.0 but they
will also exist in 13.2, an older version, from commits such as 02b958b1
and b309249b.
This commit needs merging to stable/13 and releng/13.2.
MFC after: 2days (needs to be in RC2)
Reviewed by: imp,melifaro
Pull Request: https://github.com/freebsd/freebsd-src/pull/651
With the deprecation of NgATM, ng_atmllc is the last vestage of ATM
support so deprecate it too.
MFC after: 3 days
Relnotes: yes
Reviewed by: manu, emaste
Differential Revision: https://reviews.freebsd.org/D38878
Support for ATM NICs was removed prior to FreeBSD 12. At the time it
was unclear if this code was still useful without it. Now the time has
come to finish removing support.
Add DREPRECATION NOTICEs to the manpages and gone_in(14, ...) warnings
in the constructors (or module init for ngatmbase).
MFC after: 3 days
Relnotes: yes
Reviewed by: manu, emaste
Differential Revision: https://reviews.freebsd.org/D38877
ATM is an old technology, remove build of related programs by default
Sponsored by: Beckhoff Automation GmbH & Co. KG
Differential Revision: https://reviews.freebsd.org/D38844
Reviewed by: brooks, imp, emaste
Also add the EM160R to the man page, noting the work-around
required to make it function properly in PPP mode.
MFC-After: 1 week
Sponsored by: Metify Inc.
Sponsored by: Klara Inc.
The top-level charset.pivot.src may be empty, but the top-level
mapper.dir.src is not -- it contains some definitions for supplementary
UCS planes. The SMP/SSP definitions aren't actually used at the moment,
but the inclusion of the SIP definitions fixes conversions involving
JISX0213-1/JISX0213-2 to be possible.
Sponsored by: Klara, Inc.
Fix mandoc -Tlint style issues
* Use Pa instead of Va for .conf element (mdoc warned the Va was unused, and its the
wrong markup anyway)
* Drop useless Va and use Va instead of Ar when referring to variables in the jail file
* One sentence, one line
* drop xr to info(1). That makes no sense, and intro(1) seems unhelpful.
This leaves two warnings: gdb(1) xref not found (but we add a
parenthetical about the package) and a false positive about
a trailing period that is being mistaken for a 'full stop'
when it is really just a character in a filename.
Sponsored by: Netflix
