goal of shipping 8.0 with MAC support in the default kernel. No policies
will be compiled in or enabled by default, but it will now be possible to
load them at boot or runtime without a kernel recompile.
While the framework is not believed to impose measurable overhead when no
policies are loaded (a result of optimization over the past few months in
HEAD), we'll continue to benchmark and optimize as the release approaches.
Please keep an eye out for performance or functionality regressions that
could be a result of this change.
Approved by: re (kensmith)
Obtained from: TrustedBSD Project
count of the number of registered policies.
Rather than unconditionally locking sockets before passing them into MAC,
lock them in the MAC entry points only if mac_policy_count is non-zero.
This avoids locking overhead for a number of socket system calls when no
policies are registered, eliminating measurable overhead for the MAC
Framework for the socket subsystem when there are no active policies.
Possibly socket locks should be acquired by policies if they are required
for socket labels, which would further avoid locking overhead when there
are policies but they don't require labeling of sockets, or possibly
don't even implement socket controls.
Obtained from: TrustedBSD Project
bridge do a better job.
o move ether_ifdetach to the top of ieee80211_detach
o do not clear if_softc at the top of ieee80211_detach; we no longer need
this because we are safeguarded against calls coming back through if_ioctl
o simplify the bpf tracker now that we don't null if_softc
This also fixes an issue where having a bpf consumer active when a vap
is destroyed would cause a crash because bpf referenced free'd memory.
Reviewed by: imp
- always maintain byte/mcast/drop stats via drbr
- move #define of IFNET_BUF_RING so that its picked
up by all files in the driver
- conditionalize IFNET_BUF_RING on the FreeBSD_version
bump just after it appeared in the tree.
Sponsored by: Myricom Inc.
Some time ago Tom Rhodes sent me an email that he was willing to perform
various cleanups to the window(1) source code. After some discussion, we
both decided the best thing to do, was to move window(1) to the ports
tree. The application isn't used a lot nowadays, mainly because it has
been superseeded by screen, tmux, etc.
A couple of hours ago Tom committed window(1) to ports (misc/window), so
I'm removing it from the tree. I don't think people will really miss it,
but I'm describing the change in UPDATING anyway.
Discussed with: trhodes, pav, kib
Approved by: re
shm_dotruncate() and vnode_pager_setsize(). Specifically, if the length of
a shared memory object or a file is truncated such that the length modulo
the page size is between 1 and 511, then all of the page's dirty bits were
cleared. Now, a dirty bit is cleared only if the corresponding block is
truncated in its entirety.
and -delete (which implies depth-first traversal), avoid using -delete in
favour of -execdir.
This has a side-effect of not removing directories that contain files,
even if we delete all of those files, but IMHO that's a better option
than specifying all possible local filesystem types in this script.
PR: 122811
MFC after: 3 weeks
These controllers use newer descriptor format and the new descriptor
format uses status LE to indicate the status of checksum. Rx
checksummed value used in previous controllers were very cryptic
and I failed to understand how to use them. In addition most
controllers in previous generations had Rx checksum offloading bug.
While I'm here introduce a MSK_FLAG_NORX_CSUM flag to bypass
checking Rx checksum offloading as Yukon FE+ A0 has status LE bug.
this feature hardware automatically computes TCP/UDP payload
offset. Introduce MSK_FLAG_AUTOTX_CSUM to mark the capability.
Yukon Extreme B0 revision is known to have a silicon for the
feature so disable it. Yukon Extreme B0 still can do Tx checksum
offloading but CPU have to compute TCP/UDP payload offset. To
enable traditional checksum offloading, disable automatic Tx
checksum calculation capability.
Yukon Extreme A0 revision could not use store-and-forward mode for
jumbo frames(silicon bug) so disable Tx checksum offloading for
jumbo frames.
I believe controllers that have MSK_FLAG_AUTOTX_CSUM capability or
new descriptor format do not have Tx checksum offload bug so
disable checksum offloading workaround for for short frames.
Tested by: jhb, Warren Block ( wblock <> wonkity dot com )
Yukon Extreme uses new descriptor format for TSO and has Tx frame
parser which greatly reduces CPU cycles spent in computing TCP/UDP
payload offset calculation in Tx checksum offloading path. The new
descriptor format also removed TCP/UDP payload computation for TSO
which in turn results in better TSO performance. It seems Yukon
Extreme has a lot of new (unknown) features but only basic
offloading is supported at this time. So far there are two known
issues.
o Sometimes Rx overrun errors happen when pulling data over
gigabit link. Running over 100Mbps seem to ok.
o Ethernet hardware address shows all-zeroed value on 88E8070.
Assigning ethernet address with ifconfig is necessary to make it
work.
Support for Yukon Extreme is not perfect but it would be better
than having a non-working device. Special thanks to jbh who fixed
several bugs of initial patch.
Tested by: jhb, Warren Block ( wblock <> wonkity dot com )
o track # bpf taps on monitor mode vaps instead of # monitor mode vaps
o spam monitor mode taps on tx/rx
o fix ieee80211_radiotap_rx_all to dispatch frames only if the vap is up
o while here print radiotap (and superg) state in show com
device drivers to use arbitrary VM objects to satisfy individual mmap()
requests.
- A new d_mmap_single(cdev, &foff, objsize, &object, prot) callback is
added to cdevsw. This function is called for each mmap() request.
If it returns ENODEV, then the mmap() request will fall back to using
the device's device pager object and d_mmap(). Otherwise, the method
can return a VM object to satisfy this entire mmap() request via
*object. It can also modify the starting offset into this object via
*foff. This allows device drivers to use the file offset as a cookie
to identify specific VM objects.
- vm_mmap_vnode() has been changed to call vm_mmap_cdev() directly when
mapping V_CHR vnodes. This avoids duplicating all the cdev mmap
handling code and simplifies some of vm_mmap_vnode().
- D_VERSION has been bumped to D_VERSION_02. Older device drivers
using D_VERSION_01 are still supported.
MFC after: 1 month