Add an SDT probe, using the newly created DT5 macro, in similar vein
to DEBUG_PARSE printf for when FTP junk is anticipated and ok. This
will assist in debugging port (active) FTP proxy issues.
MFC after: 3 days
Rather than save the return code into an intermediate variable, which BTW
is optimized out anyway, explicitly remove the return code from the stack.
MFC after: 3 days
There were two issues with the new pflog packet length.
The first is that the length is expected to be a multiple of
sizeof(long), but we'd assumed it had to be a multiple of
sizeof(uint32_t).
The second is that there's some broken software out there (such as
Wireshark) that makes incorrect assumptions about the amount of padding.
That is, Wireshark assumes there's always three bytes of padding, rather
than however much is needed to get to a multiple of sizeof(long).
Fix this by adding extra padding, and a fake field to maintain
Wireshark's assumption.
Reported by: Ozkan KIRIK <ozkan.kirik@gmail.com>
Tested by: Ozkan KIRIK <ozkan.kirik@gmail.com>
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D33236
When adding an SPD entry that already exists, a refcount wraparound
panic is encountered. This was caused from dropping a reference on the
wrong security policy.
Fixes: 4920e38fecc3 ("ipsec: fix race condition in key.c")
Reviewed by: wma
Sponsored by: Klara Inc.
Differential Revision: https://reviews.freebsd.org/D33100
The check to see if TCP port allocation should change from random to
sequential port allocation mode may incorrectly cause a false positive
due to negative wraparound.
Example:
V_ipport_tcpallocs = 2147483585 (0x7fffffc1)
V_ipport_tcplastcount = 2147483553 (0x7fffffa1)
V_ipport_randomcps = 100
The original code would compare (2147483585 <= -2147483643) and thus
incorrectly move to sequential allocation mode.
Compute the delta first before comparing against the desired limit to
limit the wraparound effect (since tcplastcount is always a snapshot
of a previous tcpallocs).
When sending packets the stcb was used to access the inp and then
access the endpoint specific IPv6 level options. This fails when
there exists an inp, but no stcb yet. This is the case for sending
an INIT-ACK in response to an INIT when no association already
exists. Fix this by just providing the inp instead of the stcb.
PR: 260120
MFC after: 1 week
Fix logic error causing UDP(-Lite) local ephemeral port bindings
to count against the TCP allocation counter, potentially causing
TCP to go from random to sequential port allocation mode prematurely.
This should unbreak the kernel build when "options RSS" is
defined in the kernel configuration, and make the feature work.
Signed-off-by: Eric Joyner <erj@FreeBSD.org>
Reported by: adrian@
Sponsored by: Intel Corporation
Some shared libraries specify mappings that leave a gap (actually a
MAP_GUARD mapping) in between the file mappings (libcrypto.so was
the one I found), and this would cause rd_loadobj_iter() to report
the mapping info incorrectly, leaving out rdl_path and misreporting
rdl_offset for file mappings after the gap. Fix rd_loadobj_iter()
to handle this situation.
Reviewed by: markj
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D32950
The previous commit to this node falsely stated that locked callouts
are compatible with netgraph ng_callout KPI. They are not. An item
can be queued instead of being applied to the node, which results in
a mutex leak to the callout thread and later unlocked call into function
that expects to be called locked.
Potentially netgraph can be taught to handle locked callouts, but that
would bring a lot of complexity in it. Instead lets question necessity
of ng_callout() instead of callout_reset(). It protects against node
going away while callout is scheduled. But a node that drains all
callouts in the shutdown method (ng_l2tp does) is already protected.
Fixes: 89042ff77668
Use OLD_FILES for a few symbolic links and static libraries previously
included in OLD_LIBS.
Add a missing shared library major number to an old libroken entry.
The Li macros has been deprecated by mdoc some time ago. Recommend the
use of Ql instead.
Reviewed by: debdrup
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D33232
Some AMD systems I have report 8 NMI and 3591 polled error sources.
Previous code could handle only one NMI source and used separate
callout for each polled source. New code can handle multiple NMIs
and groups polled sources by power of 2 of the polling period.
MFC after: 2 weeks
ki_fd is legitimately NULL when 32bit process requests process data
from 64bit host kernel. The field is not used by the code for sysctl
case; procstat_getfiles_kvm() checks ki_fd.
PR: 260174
Reported by: Damjan Jovanovic <damjan.jov@gmail.com>
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
This reverts commit 266f97b5e9a7958e365e78288616a459b40d924a, reversing
changes made to a10253cffea84c0c980a36ba6776b00ed96c3e3b.
A mismerge of a merge to catch up to main resulted in files being
committed which should not have been.
