Commit Graph

20385 Commits

Author SHA1 Message Date
John Baldwin
63823cac92 Remove MD5 HMAC from OCF.
There are no in-kernel consumers.

Reviewed by:	cem
Relnotes:	yes
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D24775
2020-05-11 22:08:08 +00:00
John Baldwin
0e00c709d7 Remove support for DES and Triple DES from OCF.
It no longer has any in-kernel consumers via OCF.  smbfs still uses
single DES directly, so sys/crypto/des remains for that use case.

Reviewed by:	cem
Relnotes:	yes
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D24773
2020-05-11 21:34:29 +00:00
John Baldwin
32075647ef Remove support for the Blowfish algorithm from OCF.
It no longer has any in-kernel consumers.

Reviewed by:	cem
Relnotes:	yes
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D24772
2020-05-11 21:24:05 +00:00
John Baldwin
33fb013e16 Remove support for the ARC4 algorithm from OCF.
There are no longer any in-kernel consumers.  The software
implementation was also a non-functional stub.

Reviewed by:	cem
Relnotes:	yes
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D24771
2020-05-11 21:17:08 +00:00
John Baldwin
3a0b6a93a7 Remove support for keyed MD5 and SHA1 authentication hashes.
They no longer have any in-tree consumers.  Note that these are a
different from MD5-HMAC and SHA1-HMAC and were only used with IPsec.

Reviewed by:	cem
Relnotes:	yes
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D24770
2020-05-11 21:04:59 +00:00
John Baldwin
5e46d47f93 Remove support for the skipjack encryption algorithm.
This was removed from IPsec in r286100 and no longer has any in-tree
consumers.

Reviewed by:	cem
Relnotes:	yes
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D24769
2020-05-11 20:54:59 +00:00
John Baldwin
7971a6f911 Remove support for the cast128 encryption algorithm.
It no longer has any in-tree consumers.

Reviewed by:	cem
Relnotes:	yes
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D24768
2020-05-11 20:52:18 +00:00
John Baldwin
9b5631807e Remove incomplete support for plain MD5 from OCF.
Although a few drivers supported this algorithm, there were never any
in-kernel consumers.  cryptosoft and cryptodev never supported it,
and there was not a software xform auth_hash for it.

Reviewed by:	cem
Relnotes:	yes
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D24767
2020-05-11 20:40:30 +00:00
John Baldwin
97e251327f Remove ubsec(4).
This driver was previously marked for deprecation in r360710.

Approved by:	csprng (cem, gordon, delphij)
Relnotes:	yes
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D24766
2020-05-11 20:30:28 +00:00
Mark Johnston
21121f9bbe pf: Don't allocate per-table entry counters unless required.
pf by default does not do per-table address accounting unless the
"counters" keyword is specified in the corresponding pf.conf table
definition.  Yet, we always allocate 12 per-CPU counters per table.  For
large tables this carries a lot of overhead, so only allocate counters
when they will actually be used.

A further enhancement might be to use a dedicated UMA zone to allocate
counter arrays for table entries, since close to half of the structure
size comes from counter pointers.  A related issue is the cost of
zeroing counters, since counter_u64_zero() calls smp_rendezvous() on
some architectures.

Reported by:	loos, Jim Pingle <jimp@netgate.com>
Reviewed by:	kp
MFC after:	2 weeks
Sponsored by:	Rubicon Communications, LLC (Netgate)
Differential Revision:	https://reviews.freebsd.org/D24803
2020-05-11 18:47:38 +00:00
Ed Maste
937b352e23 remove %n support from printf(9)
It can be dangerous and there is no need for it in the kernel.
Inspired by Kees Cook's change in Linux, and later OpenBSD.

Reviewed by:	cem, gordon, philip
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D24760
2020-05-09 15:56:02 +00:00
Mark Johnston
75c600d287 rtwn: Add a new USB ID.
PR:		246315
Submitted by:	Idwer Vollering <vidwer+fbsdbugs@gmail.com>
MFC after:	1 week
2020-05-09 14:49:56 +00:00
Edward Tomasz Napierala
502ce04c18 Add ARM loader path to uefi(8) man page.
MFC after:	2 weeks
Sponsored by:	DARPA
2020-05-09 14:19:29 +00:00
Konstantin Belousov
0298cf17b2 Document BUS_OOMERR.
Sponsored by:	The FreeBSD Foundation
MFC after:	3 days
Differential revision:	https://reviews.freebsd.org/D24761
2020-05-09 12:58:27 +00:00
Benedict Reuschling
8fe3c39364 Mention the existence of /etc/defaults/vendor.conf
for custom vendor-specific changes to FreeBSD's
default settings.

While here, fix a typo: perfomance -> performance

PR:		245404
Submitted by:	Jose Luis Duran
2020-05-09 10:22:00 +00:00
Ed Maste
2fce4e8614 src.conf.5: regen after BINUTILS changes 2020-05-08 15:03:28 +00:00
Ed Maste
0e7fa9f96c src.opts.mk: update BINUTILS options and add comments
BINUTILS is needed only for ports, and will be disabled once the failing
ports are addressed (likely by growing a binutils dependency).

BINUTILS_BOOTSTRAP is needed only on amd64, for skein_block_asm.s. There
is no need to enable it on i386.

This will all be removed before FreeBSD 13.0.
2020-05-08 14:54:40 +00:00
Baptiste Daroussin
e47f1857b2 Update the screen termcap entries
Those updates have been obtained form converting the terminfo information
provided by the screen sources to termcap.

MFC after:	3 days
2020-05-07 12:43:28 +00:00
Baptiste Daroussin
99c986470b Fix indentation of the Kitty entry
MFC after:	2 days
2020-05-07 08:58:08 +00:00
John Baldwin
883a2dc672 Deprecate ubsec(4) for FreeBSD 13.0.
With the removal of in-tree consumers of DES, Triple DES, and
MD5-HMAC, the only algorithm this driver still supports is SHA1-HMAC.
This is not very useful as a standalone algorithm (IPsec AH-only with
SHA1 would be the only user).

This driver has also not been kept up to date with the original driver
in OpenBSD which supports a few more cards and AES-CBC on newer cards.
The newest card currently supported by this driver was released in
2005.

Reviewed by:	cem
MFC after:	1 week
Relnotes:	yes
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D24691
2020-05-06 22:15:09 +00:00
Ed Maste
e3d954e7bb src.conf.5: regen after objdump removal 2020-05-06 18:43:27 +00:00
Ed Maste
fe808290f0 src.opts.mk: with BINUTILS limited to as it is used on i386 and amd64 only 2020-05-06 18:40:52 +00:00
Benedict Reuschling
ac39a5d5ea Fix broken links in the man page by pointing to a
source that works or is the new location on the
same page.

Submitted by:	    alfix86_gmail.com
Approved by:	    bcr
Differential Revision:	https://reviews.freebsd.org/D23769
2020-05-05 19:00:26 +00:00
John Baldwin
483d953a86 Initial support for bhyve save and restore.
Save and restore (also known as suspend and resume) permits a snapshot
to be taken of a guest's state that can later be resumed.  In the
current implementation, bhyve(8) creates a UNIX domain socket that is
used by bhyvectl(8) to send a request to save a snapshot (and
optionally exit after the snapshot has been taken).  A snapshot
currently consists of two files: the first holds a copy of guest RAM,
and the second file holds other guest state such as vCPU register
values and device model state.

To resume a guest, bhyve(8) must be started with a matching pair of
command line arguments to instantiate the same set of device models as
well as a pointer to the saved snapshot.

While the current implementation is useful for several uses cases, it
has a few limitations.  The file format for saving the guest state is
tied to the ABI of internal bhyve structures and is not
self-describing (in that it does not communicate the set of device
models present in the system).  In addition, the state saved for some
device models closely matches the internal data structures which might
prove a challenge for compatibility of snapshot files across a range
of bhyve versions.  The file format also does not currently support
versioning of individual chunks of state.  As a result, the current
file format is not a fixed binary format and future revisions to save
and restore will break binary compatiblity of snapshot files.  The
goal is to move to a more flexible format that adds versioning,
etc. and at that point to commit to providing a reasonable level of
compatibility.  As a result, the current implementation is not enabled
by default.  It can be enabled via the WITH_BHYVE_SNAPSHOT=yes option
for userland builds, and the kernel option BHYVE_SHAPSHOT.

Submitted by:	Mihai Tiganus, Flavius Anton, Darius Mihai
Submitted by:	Elena Mihailescu, Mihai Carabas, Sergiu Weisz
Relnotes:	yes
Sponsored by:	University Politehnica of Bucharest
Sponsored by:	Matthew Grooms (student scholarships)
Sponsored by:	iXsystems
Differential Revision:	https://reviews.freebsd.org/D19495
2020-05-05 00:02:04 +00:00
Benedict Reuschling
95baab0dac Add references for the most important man7
pages worth reading to intro(7).

Submitted by:	Gordon Bergling gbergling_gmail.com
Approved by:	bcr
Differential Revision:	https://reviews.freebsd.org/D24649
2020-05-03 10:35:36 +00:00
Benedict Reuschling
55ed6718c2 Fix various, mostly minor errors in man pages like:
- Abbreviated month name in .Dd
- position of HISTORY section
- alphabetical ordering within SEE ALSO section
- adding .Ed before .Sh DESCRIPTION
- remove trailing whitespaces
- Line break after a sentence stop
- Use BSD OS macros instead of hardcoded strings

No .Dd bumps as there was no actual content change made
in any of these pages.

Submitted by:	Gordon Bergling gbergling_gmail.com
Approved by:	bcr
Differential Revision:	https://reviews.freebsd.org/D24591
2020-05-03 10:15:58 +00:00
Benedict Reuschling
59e11f398e Add HISTORY sections to build(7), crypto(7),
ffs(7), growfs(7), and diskless(8).

Submitted by:	Gordon Bergling gbergling_gmail.com
Approved by:	bcr
Differential Revision:	https://reviews.freebsd.org/D24271
2020-05-03 09:54:19 +00:00
Gleb Smirnoff
49b6b60e22 Step 2.2:
o Shrink sglist(9) functions to work with multipage mbufs down from
  four functions to two.
o Don't use 'struct mbuf_ext_pgs *' as argument, use struct mbuf.
o Rename to something matching _epg.

Reviewed by:	gallatin
Differential Revision:	https://reviews.freebsd.org/D24598
2020-05-02 23:46:29 +00:00
Benedict Reuschling
2b02de2c94 Fix typo in r360492:
appeard -> appeared

Reported by:	trasz (via IRC)
2020-05-01 11:36:39 +00:00
Benedict Reuschling
1cc60ae8d8 Fix a number of the following issues in man4:
- Inconsistencies in .Dd like abbreviated month names,
"th" after numbers, or leading zeros
- No line breaks after a sentence stop
- Whitespace at the end of the line
- Use macros for BSD OS names instead of hardcoded names
- CAVEATS instead of CAVEAT in section name

No actual content change in terms of additions were made, so
no bump of the .Dd for these man pages.
All of these issues were found and fixed by Gordon Bergling.

Submitted by:	    gbergling_gmail.com
Approved by:	    bcr
Differential Revision:	https://reviews.freebsd.org/D24648
2020-05-01 10:02:38 +00:00
John Baldwin
371f3da616 Remove the SYMVER build option.
This option was added as a transition aide when symbol versioning was
first added.  It was enabled by default in 2007 and is supported even
by the old GPLv2 binutils.  Trying to disable it currently fails to
build in libc and at this point it isn't worth fixing the build.

Reported by:	Michael Dexter
Reviewed by:	imp
Differential Revision:	https://reviews.freebsd.org/D24637
2020-04-30 22:08:40 +00:00
Ed Maste
116f7fccc0 src.conf.5: regen after WITHOUT_OPENSSL dep changes 2020-04-30 21:08:22 +00:00
Ed Maste
5ffef74b16 src.opts.mk: add WITHOUT_OPENSSL dependencies
A number of components require OpenSSL and fail to build if it is not
enabled.  As a first phase force these off under WITHOUT_OPENSSL.  A
second phase should make these more fine-grained, allowing the component
to build but without OpenSSL.

PR:		245931
Sponsored by:	The FreeBSD Foundation
2020-04-30 18:11:56 +00:00
Benedict Reuschling
dad92002df Add a new manual page for unionfs(5), written by
Gordon Bergling. Hook it up to the build by adding
it to the Makefile.

Submitted by:	    gbergling_gmail.com
Approved by:	    bcr
Differential Revision:	https://reviews.freebsd.org/D24589
2020-04-30 12:02:13 +00:00
Benedict Reuschling
8c63b2db53 Add HISTORY sections to disk(9), driver(9), and
epoch(9).

In one instance, remove a trailing whitespace while here.

Submitted by:	gbergling_gmail.com
Approved by:	bcr
Differential Revision:	https://reviews.freebsd.org/D24243
2020-04-30 11:17:29 +00:00
Ed Maste
c8c297d9a3 src.conf.5: regen after 359736, ZONEINFO_OLD_TIMEZONES_SUPPORT removal 2020-04-30 00:14:14 +00:00
Benedict Reuschling
0fbd60ebee Add HISTORY section to domain(9).
Submitted by:	gbergling_gmail.com
Approved by:	bcr
Differential Revision:	https://reviews.freebsd.org/D24150
2020-04-29 11:46:01 +00:00
Benedict Reuschling
b4e0f40c85 When copying and pasting the code in the EXAMPLE
section, it would result in the following error:

"ngctl: send msg: Invalid argument"

The reason for this is the missing whitespace to
separate the arguments. When adding the whitespace,
the example works as intended.

Submitted by:	    lutz_donnerhacke.de
Approved by:	    bcr
Differential Revision:	https://reviews.freebsd.org/D23773
2020-04-29 11:25:04 +00:00
John Baldwin
f1f9347546 Initial support for kernel offload of TLS receive.
- Add a new TCP_RXTLS_ENABLE socket option to set the encryption and
  authentication algorithms and keys as well as the initial sequence
  number.

- When reading from a socket using KTLS receive, applications must use
  recvmsg().  Each successful call to recvmsg() will return a single
  TLS record.  A new TCP control message, TLS_GET_RECORD, will contain
  the TLS record header of the decrypted record.  The regular message
  buffer passed to recvmsg() will receive the decrypted payload.  This
  is similar to the interface used by Linux's KTLS RX except that
  Linux does not return the full TLS header in the control message.

- Add plumbing to the TOE KTLS interface to request either transmit
  or receive KTLS sessions.

- When a socket is using receive KTLS, redirect reads from
  soreceive_stream() into soreceive_generic().

- Note that this interface is currently only defined for TLS 1.1 and
  1.2, though I believe we will be able to reuse the same interface
  and structures for 1.3.
2020-04-27 23:17:19 +00:00
Christian Brueffer
8f6c0a08d8 Correct efi(8) reference.
Submitted by:	Gordon Bergling
Differential Revision:	https://reviews.freebsd.org/D24441
2020-04-22 07:47:04 +00:00
Li-Wen Hsu
9157ca0fb4 Also update est(4) as r360162 and r360164
MFC after:	3 days
2020-04-21 17:17:32 +00:00
Li-Wen Hsu
62d12eab90 Update .Dd 2020-04-21 17:14:08 +00:00
Li-Wen Hsu
8e3442b724 hwpstate_intel(4): small text tweaks
The sysctl output looks like this:

dev.hwpstate_intel.0.epp: 50
dev.hwpstate_intel.0.%parent: cpu0
dev.hwpstate_intel.0.%pnpinfo:
dev.hwpstate_intel.0.%location:
dev.hwpstate_intel.0.%driver: hwpstate_intel
dev.hwpstate_intel.0.%desc: Intel Speed Shift

but all the '%' got escaped in the manual page, un-escape them.

While here:
- Move the example of dev.hwpstate_intel.%d.%parent after the description to
  align with others.
- Capitalize "CPU" (*)

Submitted by:	danfe (*)
Reviewed by:	cem
Differential Revision:	https://reviews.freebsd.org/D24520
2020-04-21 17:07:02 +00:00
John Baldwin
29fe41ddd7 Retire the CRYPTO_F_IV_GENERATE flag.
The sole in-tree user of this flag has been retired, so remove this
complexity from all drivers.  While here, add a helper routine drivers
can use to read the current request's IV into a local buffer.  Use
this routine to replace duplicated code in nearly all drivers.

Reviewed by:	cem
Sponsored by:	Netflix
Differential Revision:	https://reviews.freebsd.org/D24450
2020-04-20 22:24:49 +00:00
Cy Schubert
12de77b3db Due to popular demand, revert r360102.
Reported by:	many
2020-04-19 21:38:03 +00:00
Cy Schubert
4574585e8f Conditionally install Kerberos rc files based on MK_KERBEROS_SCRIPTS
instead of MK_KERBEROS. The reason for this change is some users
prefer to build FreeBSD WITHOUT_KERBEROS, wanting to retain the
Kerberos rc scripts to start/stop MIT Kerberos or Heimdal from ports.

PR:		197337
Reported by:	Adam McDougall <ebay at looksharp.net>
Reviewed by:	imp
Differential Revision:	https://reviews.freebsd.org/D24252
2020-04-19 17:01:21 +00:00
Alan Somers
72a600a7a1 libauditd: make it a PRIVATELIB
According to the upstream man page (which we don't install), none of
libauditd's symbols are intended to be public. Also, I can't find any
evidence for a port that uses libauditd. Therefore, we should treat it like
other such libraries and use PRIVATELIB.

Reported by:	phk
Reviewed by:	cem, emaste
MFC after:	2 weeks
2020-04-19 02:20:39 +00:00
Alan Somers
27586155ac bectl.8, beinstall.sh.8: fix man page section of beinstall.sh
Reported by:	phk
MFC after:	2 weeks
2020-04-18 19:53:47 +00:00
Warner Losh
5c68be59c8 Add deprecation notice to amr(4) 2020-04-18 02:53:19 +00:00
Warner Losh
a32311eccd twa(4) deprecation notice 2020-04-18 02:53:14 +00:00