import of new ipfilter vendor sources by flattening them.
To keep the tags consistent with dist, the tags are also flattened.
Approved by: glebius (Mentor)
don't declare a variable. The size before/after this change of the structs
doesn't change with gcc/clang.
Noticed by: several
Suggested by: Gary Jennejohn <gljennjohn@googlemail.com>
apply diff to compat/linux versions).
- The cp implies an update of videodev2.h to the linux kernel 2.6.34.14 one.
The update makes video in skype v4 work on FreeBSD.
Tested by: Artyom Mirgorodskiy <artyom.mirgorodsky@gmail.com>
(update of header only)
When building AR933x test images, I'd like to only build only the ar9300
HAL. To do this, it needs to supply an RF linker entry or it won't compile.
Tested:
* AR933x test builds
NICs which have bluetooth coexistence enabled.
The WB225 NIC has the common antenna switch configuration set to 0x0 which
disables all external switch bit setting. This obviously won't work when
doing coexistence.
This value is a magic value from the windows .inf files. It _looks_ right
but I haven't yet verified it - unfortunately my AR9285+AR3012 BT combo
has an earlier BT device which doesn't actually _have_ firmware on it.
So I have to fix ath3kfw to handle loading in firmware into the newer
NICs before I can finish testing this.
This may not hold true for CUS198, which is another custom AR9485 board.
The bluetooth setup code actually does a channel lookup during setup,
even though we haven't yet programmed in a channel. Sigh.
Tested:
* WB225 (AR9485) + bluetooth
options OCTEON_VENDOR_GEFES to enable support for these boards, to
match changes that GE publishes to the Octeon Simple Executive. Since
board types overlap with other boards, it is unlikely that we will
properly boot on other Octeon boards with OCTEON_VENDOR_GEFES enabled.
Tested extensively on the WANIC 6354, but I retained support for all
the other models. Some features need changes in the base kernel, and
those are in progress.
the Linux tree that they always include this chip in their FDT, so
make support for the ds1337 opt-out rather than opt-in. Now my boards
boot with the correct time.
The QCA9565 is a 1x1 2.4GHz 11n chip with integrated on-chip bluetooth.
The AR9300 HAL already has support for this chip; it just wasn't
included in the probe/attach path.
Tested:
* This commit brought to you over a QCA9565 wifi connection from
FreeBSD.
* .. ie, basic STA, pings, no iperf or antenna diversity checking just yet.
work in FreeBSD.
This is still heavily a work in progress but I'd rather it start
shipping in -HEAD sooner rather than later.
This doesn't (yet) link it into the build system either for a static
kernel or as a module; that will come later (after many, many make universe
tests.)
Executive code where similar invariant knobs exist.
o) Make the Simple Executive's warning function print "WARNING: " on the same
line as the warning it is displaying, rather than on a separate line.
reducing the number of runtime checks done by the SDK code.
o) Group board/CPU information at early startup by subject matter, so that e.g.
CPU information is adjacent to CPU information and board information is
adjacent to board information.
versions of clang 3.2, about comparing enum uni_cause values against
integer constants which fall outside the enum range. No functional
change.
MFC after: 3 days
port connected to the Broadcom switch does not seem operable, but it's unclear
if that's simply due to a lack of configuration information for the switch.
The switch does not seem to present any identifying information via MDIO,
and is a BCM56512.
address passed from the bootloader, rather than using a hard-coded value.
Make FreeBSD announce itself on the LED display similar to other kernels.
Remove uses of the previous LED routines, which were under-used and only used
in drivers for what seem like debugging purposes, despite those drivers being
widely-tested.
Remove several inlines for accessing memory that duplicate other functions
which are now used instead, as they are now entirely unused.
- All packets in NETISR_IP queue are in net byte order.
- ip_input() is entered in net byte order and converts packet
to host byte order right _after_ processing pfil(9) hooks.
- ip_output() is entered in host byte order and converts packet
to net byte order right _before_ processing pfil(9) hooks.
- ip_fragment() accepts and emits packet in net byte order.
- ip_forward(), ip_mloopback() use host byte order (untouched actually).
- ip_fastforward() no longer modifies packet at all (except ip_ttl).
- Swapping of byte order there and back removed from the following modules:
pf(4), ipfw(4), enc(4), if_bridge(4).
- Swapping of byte order added to ipfilter(4), based on __FreeBSD_version
- __FreeBSD_version bumped.
- pfil(9) manual page updated.
Reviewed by: ray, luigi, eri, melifaro
Tested by: glebius (LE), ray (BE)
altq_add() and its descendants. Currently altq(4) in FreeBSD is configured
via pf(4) ioctls, which can't configure altq(4) w/o holding locks.
Fortunately, altq(4) code in spife of using M_WAITOK is ready to receive
NULL from malloc(9), so change is mostly mechanical. While here, utilize
M_ZERO instead of bzero().
A large redesign needed to achieve M_WAITOK usage when configuring altq(4).
Or an alternative (not pf(4)) configuration interface should be implemented.
Reported by: pluknet
reside, and move there ipfw(4) and pf(4).
o Move most modified parts of pf out of contrib.
Actual movements:
sys/contrib/pf/net/*.c -> sys/netpfil/pf/
sys/contrib/pf/net/*.h -> sys/net/
contrib/pf/pfctl/*.c -> sbin/pfctl
contrib/pf/pfctl/*.h -> sbin/pfctl
contrib/pf/pfctl/pfctl.8 -> sbin/pfctl
contrib/pf/pfctl/*.4 -> share/man/man4
contrib/pf/pfctl/*.5 -> share/man/man5
sys/netinet/ipfw -> sys/netpfil/ipfw
The arguable movement is pf/net/*.h -> sys/net. There are
future plans to refactor pf includes, so I decided not to
break things twice.
Not modified bits of pf left in contrib: authpf, ftp-proxy,
tftp-proxy, pflogd.
The ipfw(4) movement is planned to be merged to stable/9,
to make head and stable match.
Discussed with: bz, luigi
including the include directive.
Fix minor build issue corrected by converting yypush_buffer_state and
yypop_buffer_state to yy_set_buffer_state and a hard-coded 100-deep
stack. It was easier to fix it here than to import that support into
our flex.
The new tools and test hardness remain unsupported at the moment.
- Stateful TCP offload drivers for Terminator 3 and 4 (T3 and T4) ASICs.
These are available as t3_tom and t4_tom modules that augment cxgb(4)
and cxgbe(4) respectively. The cxgb/cxgbe drivers continue to work as
usual with or without these extra features.
- iWARP driver for Terminator 3 ASIC (kernel verbs). T4 iWARP in the
works and will follow soon.
Build-tested with make universe.
30s overview
============
What interfaces support TCP offload? Look for TOE4 and/or TOE6 in the
capabilities of an interface:
# ifconfig -m | grep TOE
Enable/disable TCP offload on an interface (just like any other ifnet
capability):
# ifconfig cxgbe0 toe
# ifconfig cxgbe0 -toe
Which connections are offloaded? Look for toe4 and/or toe6 in the
output of netstat and sockstat:
# netstat -np tcp | grep toe
# sockstat -46c | grep toe
Reviewed by: bz, gnn
Sponsored by: Chelsio communications.
MFC after: ~3 months (after 9.1, and after ensuring MFC is feasible)
date: 2010/12/24 20:12:56; author: henning; state: Exp; lines: +3 -3
in pf_src_connlimit, the indices to sk->addr were swapped.
tracked down and diff sent by Robert B Mills <rbmills at sdf.lonestar.org>
thanks, very good work! ok claudio
Impact is that the "flush" keyword didn't work.
Obtained from: OpenBSD
MFC after: 1 week
Cleaner solution (e.g. adding another header) should be done here.
Original log:
Move several enums and structures required for L2 filtering from ip_fw_private.h to ip_fw.h.
Remove ipfw/ip_fw_private.h header from non-ipfw code.
Requested by: luigi
Approved by: kib(mentor)
sys/contrib/rdma/rdma_cma.c:1259:8: error: case value not in enumerated type 'enum iw_cm_event_status' [-Werror,-Wswitch]
case ECONNRESET:
^
@/sys/errno.h:118:20: note: expanded from macro 'ECONNRESET'
#define ECONNRESET 54 /* Connection reset by peer */
^
sys/contrib/rdma/rdma_cma.c:1263:8: error: case value not in enumerated type 'enum iw_cm_event_status' [-Werror,-Wswitch]
case ETIMEDOUT:
^
@/sys/errno.h:124:19: note: expanded from macro 'ETIMEDOUT'
#define ETIMEDOUT 60 /* Operation timed out */
^
sys/contrib/rdma/rdma_cma.c:1260:8: error: case value not in enumerated type 'enum iw_cm_event_status' [-Werror,-Wswitch]
case ECONNREFUSED:
^
@/sys/errno.h:125:22: note: expanded from macro 'ECONNREFUSED'
#define ECONNREFUSED 61 /* Connection refused */
^
This is because the switch uses iw_cm_event::status, which is an enum
iw_cm_event_status, while ECONNRESET, ETIMEDOUT and ECONNREFUSED are
just plain defines from errno.h.
It looks like there is only one use of any of the enumeration values of
iw_cm_event_status, in:
sys/contrib/rdma/rdma_iwcm.c: if (iw_event->status == IW_CM_EVENT_STATUS_ACCEPTED) {
So messing around with the enum definitions to fix the warning seems too
disruptive; the simplest fix is to cast the argument of the switch to
int.
Reviewed by: kmacy
MFC after: 1 week
revision 1.173
date: 2011/11/09 12:36:03; author: camield; state: Exp; lines: +11 -12
State expire time is a baseline time ("last active") for expiry
calculations, and does _not_ denote the time when to expire. So
it should never be added to (set into the future).
Try to reconstruct it with an educated guess on state import and
just set it to the current time on state updates.
This fixes a problem on pfsync listeners where the expiry time
could be double the expected value and cause a lot more states
to linger.
forwarding a packet, that creates state, until
pfsync(4) peer acks state addition (or 10 msec
timeout passes).
This is needed for active-active CARP configurations,
which are poorly supported in FreeBSD and arguably
a good idea at all.
Unfortunately by the time of import this feature in
OpenBSD was turned on, and did not have a switch to
turn it off. This leaked to FreeBSD.
This change make it possible to turn this feature
off via ioctl() and turns it off by default.
Obtained from: OpenBSD
Revert r233555 and apply a fix for the reference counting regressions.
Tested by: andreast, lme, nwhitehorn,
Sevan / Venture37 (venture37 at gmail dot com)
Submitted by: Robert Moore (robert dot moore at intel dot com)
Temporarily revert an upstream commit. This change caused regressions for
too many laptop users. Especially, automatic repair for broken _BIF caused
strange reference counting issues and kernal panics. This reverts:
c995fed15a
make use of it where possible.
This primarily brings in support for newer hardware, and FreeBSD is not yet
able to support the abundance of IRQs on new hardware and many features in the
Ethernet driver.
Because of the changes to IRQs in the Simple Executive, we have to maintain our
own list of Octeon IRQs now, which probably can be pared-down and be specific
to the CIU interrupt unit soon, and when other interrupt mechanisms are added
they can maintain their own definitions.
Remove unmasking of interrupts from within the UART device now that the
function used is no longer present in the Simple Executive. The unmasking
seems to have been gratuitous as this is more properly handled by the buses
above the UART device, and seems to work on that basis.
revision 1.146
date: 2010/05/12 08:11:11; author: claudio; state: Exp; lines: +2 -3
bzero() the full compressed update struct before setting the values.
This is needed because pf_state_peer_hton() skips some fields in certain
situations which could result in garbage beeing sent to the other peer.
This seems to fix the pfsync storms seen by stephan@ and so dlg owes me
a whiskey.
I didn't see any storms, but this definitely fixes a useless memory
allocation on the receiving side, due to non zero scrub_flags field
in a pfsync_state_peer structure.
Try to make the "rtable" handling work but the current version of
pf(4) does not fully support it yet as especially callers of
PF_MISMATCHAW() are not fully FIB-aware. OpenBSD seems to have
fixed this in a later version. Prepare as much as possible.
Sponsored by: Cisco Systems, Inc.
M_NOWAIT. Currently, the code allows for sleeping in the ioctl path
to guarantee allocation. However code also handles ENOMEM gracefully, so
propagate this error back to user-space, rather than sleeping while
holding the global pf mutex.
Reviewed by: glebius
Discussed with: bz
- Define schednetisr() to swi_sched.
- In the swi handler check if there is some data prepared,
and if true, then call pfsync_sendout(), however tell it
not to schedule swi again.
- Since now we don't obtain the pfsync lock in the swi handler,
don't use ifqueue mutex to synchronize queue access.
revision 1.128
date: 2009/08/16 13:01:57; author: jsg; state: Exp; lines: +1 -5
remove prototypes of a bunch of functions that had their implementations
removed in pfsync v5.
o Make the pfsync.ko actually usable. Before this change loading it
didn't register protosw, so was a nop. However, a module /boot/kernel
did confused users.
o Rewrite the way we are joining multicast group:
- Move multicast initialization/destruction to separate functions.
- Don't allocate memory if we aren't going to join a multicast group.
- Use modern API for joining/leaving multicast group.
- Now the utterly wrong pfsync_ifdetach() isn't needed.
o Move module initialization from SYSINIT(9) to moduledata_t method.
o Refuse to unload module, unless asked forcibly.
o Improve a bit some FreeBSD porting code:
- Use separate malloc type.
- Simplify swi sheduling.
This change is probably wrong from VIMAGE viewpoint, however pfsync
wasn't VIMAGE-correct before this change, too.
Glanced at by: bz
destroyed prior to pfsync_uninit(). To do this, move all the
initialization to the module_t method, instead of SYSINIT(9).
o Fix another panic after module unload, due to not clearing the
m_addr_chg_pf_p pointer.
o Refuse to unload module, unless being unloaded forcibly.
o Revert the sub argument to MODULE_DECLARE, to the stable/8 value.
This change probably isn't correct from viewpoint of VIMAGE, but
the module wasn't VIMAGE-correct before the change, as well.
Glanced at by: bz
revision 1.170
date: 2011/10/30 23:04:38; author: mikeb; state: Exp; lines: +6 -7
Allow setting big MTU values on the pfsync interface but not larger
than the syncdev MTU. Prompted by the discussion with and tested
by Maxim Bourmistrov; ok dlg, mpf
Consistently use sc_ifp->if_mtu in the MTU check throughout the
module. This backs out r228813.
value used in sys/ofed/include/linux/netdevice.h), so there will be no
buffer overruns in the rest of the inline functions in this file.
Reviewed by: kmacy
MFC after: 1 week
revision 1.122
date: 2009/05/13 01:01:34; author: dlg; state: Exp; lines: +6 -4
only keep track of the number of updates on tcp connections. state sync on
all the other protocols is simply pushing the timeouts along which has a
resolution of 1 second, so it isnt going to be hurt by pfsync taking up
to a second to send it over.
keep track of updates on tcp still though, their windows need constant
attention.
revision 1.120
date: 2009/04/04 13:09:29; author: dlg; state: Exp; lines: +5 -5
use time_uptime instead of time_second internally. time_uptime isnt
affected by adjusting the clock.
revision 1.175
date: 2011/11/25 12:52:10; author: dlg; state: Exp; lines: +3 -3
use time_uptime to set state creation values as time_second can be
skewed at runtime by things like date(1) and ntpd. time_uptime is
monotonic and therefore more useful to compare against.
revision 1.118
date: 2009/03/23 06:19:59; author: dlg; state: Exp; lines: +8 -6
wait an appropriate amount of time before giving up on a bulk update,
rather than giving up after a hardcoded 5 seconds (which is generally much
too short an interval for a bulk update).
pointed out by david@, eyeballed by mcbride@
revision 1.171
date: 2011/10/31 22:02:52; author: mikeb; state: Exp; lines: +2 -1
Don't forget to cancel bulk update failure timeout when destroying an
interface. Problem report and fix from Erik Lax, thanks!
Start a brief note of revisions merged from OpenBSD.
7.x, 8.x and 9.x with pf(4) imports: pfsync(4) should suppress CARP
preemption, while it is running its bulk update.
However, reimplement the feature in more elegant manner, that is
partially inspired by newer OpenBSD:
- Rename term "suppression" to "demotion", to match with OpenBSD.
- Keep a global demotion factor, that can be raised by several
conditions, for now these are:
- interface goes down
- carp(4) has problems with ip_output() or ip6_output()
- pfsync performs bulk update
- Unlike in OpenBSD the demotion factor isn't a counter, but
is actual value added to advskew. The adjustment values for
particular error conditions are also configurable, and their
defaults are maximum advskew value, so a single failure bumps
demotion to maximum. This is for POLA compatibility, and should
satisfy most users.
- Demotion factor is a writable sysctl, so user can do
foot shooting, if he desires to.