Optionally, alert you if the contents change from the previous backup
PR: 86388
Submitted by: Rob Fairbanks <rob.fx907@gmail.com>, Miroslav Lachman <000.fbsd@quip.cz> (Original Version)
MFC after: 4 weeks
Relnotes: yes
Sponsored by: Klara Inc.
Event: July 2020 Bugathon
Differential Revision: https://reviews.freebsd.org/D25628
With this change, a kernel compiled with "options SCTP_SUPPORT" and
without "options SCTP" supports dynamic loading of the SCTP stack.
Currently sctp.ko cannot be unloaded since some prerequisite teardown
logic is not yet implemented. Attempts to unload the module will return
EOPNOTSUPP.
Discussed with: tuexen
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D21997
This implementation doesn't have any major deviations from the other EFI
ports. I've copied the boilerplate from arm and arm64.
I've tested this with the following boot flows:
OpenSBI (M-mode) -> u-boot (S-mode) -> loader.efi -> FreeBSD
OpenSBI (M-mode) -> u-boot (S-mode) -> boot1.efi -> loader.efi -> FreeBSD
Due to the way that u-boot handles secondary CPUs, OpenSBI >= v0.7 is required,
as the HSM extension is needed to bring them up explicitly. Because of this,
using BBL as the SBI implementation will not be possible. Additionally, there
are a few recent u-boot changes that are required as well, all of which will be
present in the upcoming v2020.07 release.
Looks good: emaste
Differential Revision: https://reviews.freebsd.org/D25135
This fixes Linux gettyname(3), with caveats (see PR).
PR: kern/240767
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D25558
- Update the core-secretary role.
- Update the comment to mention that the sorting is done based on FreeBSD
login name
Reported by: bofh (with core-secretary@ hat on)
Reviewed by: bcr
Approved by: bcr
Differential Revision: https://reviews.freebsd.org/D25526
dumpon has accepted device names without the prefix ever since r291207.
Since dumpon and savecore are always paired, they ought to accept the same
arguments. Prior to this change, specifying 'dumpdev="da3"' in
/etc/rc.conf, for example, would result in dumpon working just fine but
savecore complaining that "Dump device does not exist".
PR: 247618
Reviewed by: cem, bcr
MFC after: 2 weeks
Sponsored by: Axcient
Differential Revision: https://reviews.freebsd.org/D25500
Expand the mentioned RFC in the SEE ALSO section
and reference RFC1701 and RFC1702.
PR: 240250
Reviewed by: bcr (mentor)
Approved by: bcr (mentor)
Obtained from: OpenBSD
MFC after: 7 days
Differential Revision: https://reviews.freebsd.org/D25504
These implementations of the bc and dc programs offer a number of advantages
compared to the current implementations in the FreeBSD base system:
- They do not depend on external large number functions (i.e. no dependency
on OpenSSL or any other large number library)
- They implements all features found in GNU bc/dc (with the exception of
the forking of sub-processes, which the author of this version considers
as a security issue).
- They are significantly faster than the current code in base (more than
2 orders of magnitude in some of my tests, e.g. for 12345^100000).
- They should be fully compatible with all features and the behavior of the
current implementations in FreeBSD (not formally verified).
- They support POSIX message catalogs and come with localized messages in
Chinese, Dutch, English, French, German, Japanese, Polish, Portugueze,
and Russian.
- They offer very detailed man-pages that provide far more information than
the current ones.
The upstream sources contain a large number of tests, which are not
imported with this commit. They could be integrated into our test
framework at a latter time.
Installation of this version is controlled by the option "MK_GH_BC=yes".
This option will be set to yes by default in 13-CURRENT, but will be off
by default in 12-STABLE.
Approved by: imp
Obtained from: https://git.yzena.com/gavin/bc
MFC after: 4 weeks
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D19982
This mode was added in r362496. Rename it to make the meaning more
clear.
PR: 247306
Suggested by: rpokala
Submitted by: Ali Abdallah <ali.abdallah@suse.com>
MFC with: r362496
clang-format is enabled conditional on either WITH_CLANG_EXTRAS or
WITH_CLANG_FORMAT. Some sources in libclang are build conditional on
either rule, and obviously the clang-format binary itself depends on the
rule.
clang-format could still use a manual page.
Reviewed by: emaste
Differential Revision: https://reviews.freebsd.org/D25427
Document that RISC-V supports multiple page sizes: 4K, 2M, and 1G.
RISC-V's long double is always 128-bits wide, therefore quad precision.
Mention __riscv_float_abi_soft, which can be used to differentiate between
riscv64 and riscv64sf in userland code.
MFC after: 3 days
This permits requests to provide the AAD in a separate side buffer
instead of as a region in the crypto request input buffer. This is
useful when the main data buffer might not contain the full AAD
(e.g. for TLS or IPsec with ESN).
Unlike separate IVs which are constrained in size and stored in an
array in struct cryptop, separate AAD is provided by the caller
setting a new crp_aad pointer to the buffer. The caller must ensure
the pointer remains valid and the buffer contents static until the
request is completed (e.g. when the callback routine is invoked).
As with separate output buffers, not all drivers support this feature.
Consumers must request use of this feature via a new session flag.
To aid in driver testing, kern.crypto.cryptodev_separate_aad can be
set to force /dev/crypto requests to use a separate AAD buffer.
Discussed with: cem
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D25288
There are cases when gif_interfaces cannot be replaced
with cloned_interfaces, such as tunnels with external IPv6 addresses
and internal IPv4 or vice versa. Such configuration requires
extra invocation of ifconfig(8) and supported with gif_interfaces only.
Fix manual page and provide some examples.
MFC after: 1 week
X-MFC-With: 362502
The Quarter Century of Unix book said that 1BSD was released March 1979.
However, the 1BSD tape image that's on Kirk's historical unix collection has an
earlier date.
It was common practice, at the time, to create a new copy of the tape from the
master system when a new tape was to go out, so several different versions of
1BSD, etc were shipped from Berkerely. The date on the 1BSD tape in the Berkeley
archives on Kirk's DVD is dated in January 16 1979 on the label, and has dates
as late as Jan 29 (there's an UPDATE file that says this includes updates
through this date). Note this date as well.
This is in preparation for enabling a loadable SCTP stack. Analogous to
IPSEC/IPSEC_SUPPORT, the SCTP_SUPPORT kernel option must be configured
in order to support a loadable SCTP implementation.
Discussed with: tuexen
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
The arguments for VFS_CHECKEXP() were changed by r362158.
Also, the numsecflavors and secflavors arguments were not documented,
so add these as well.
This is a content change.
Prepare support to be able to handle font data in loader, consolidate
data structures to sys/font.h and update vtfontcvt.
vtfontcvt update is about to output set of glyphs in form of C source,
the implementation does allow to output compressed or uncompressed font
bitmaps.
Reviewed by: bcr
Differential Revision: https://reviews.freebsd.org/D24189
the debug messages. While here, clean up some variable naming.
Reviewed by: bcr (manpages), emaste
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D25230
pthread_get_name_np() and pthread_set_name_np().
This re-applies r361770 after compatibility fixes.
Reviewed by: antoine, jkim, markj
Tested by: antoine (exp-run)
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D25117
applications, which often depend on this being the case. There's a new
sysctl, compat.linux.default_openfiles, to control this behaviour.
Reviewed by: kevans, emaste, bcr (manpages)
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D25177
Use this in GELI to print out a different message when accelerated
software such as AESNI is used vs plain software crypto.
While here, simplify the logic in GELI a bit for determing which type
of crypto driver was chosen the first time by examining the
capabilities of the matched driver after a single call to
crypto_newsession rather than making separate calls with different
flags.
Reviewed by: delphij
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D25126
As timeout(9) was removed and all consumers were converted to
callout(9), reference it instead for the description of sbt, pr,
and flags arguments.
Reviewed by: trasz
Differential Revision: https://reviews.freebsd.org/D25165
As of r361857 all BINUTILS options are disabled by default - ports
have been changed to depend on binutils if they require GNU as, and
all base system assembly files have been switched to use Clang's
integrated assembler.
Relnotes: Yes
Sponsored by: The FreeBSD Foundation
Add xref to all SIM devices we currently have (including a rough indication
which ones are likely to fail).
Update to include all the CAM options.
Fix a few igor nits while I'm here.
for pthread_get_name_np() and pthread_set_name_np(), to be
compatible with Linux.
PR: 238404
Proposed and reviewed by: markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D25117
which happens on some laptops after returning to legacy multiplexing mode
at initialization stage.
PR: 242542
Reported by: Felix Palmen <felix@palmen-it.de>
MFC after: 1 week
2.11BSD was announced on March 14, 1991 in comp.bugs.2bsd by
Steven M. Schultz. The document has a 'revised January 1991'
date at the top.
Patch/1 in the official repo is dated March 31, 1991, and an identical copy of
it was posted to comp.bugs.2bsd on May 5, 1991. Patch 2 in 22 parts was likewise
posted May 18, 1991. This makes the Feb 1992 date too late. It's possible it's a
typo for Feb 1991 since that lines up with the announcement being 2 weeks
later. Without an extant copy of the 2.11 tape, however, it's hard to say for
sure. Go with the date we have the most independent, direct evidence for, which
is the announcement date.
The retirement of obsolete binutils 2.17.50 has been in progress for
quite some time. All tools other than GNU as were removed prior to this
commit, and it was built only on amd64 - installed as /usr/bin/as, and
used as a bootstrap tool.
The amd64 exp-run has completed and failures have now been addressed in
the individual ports, so disable it by default.
PR: 233611, 205250 [exp-run]
Sponsored by: The FreeBSD Foundation
The retirement of obsolete binutils 2.17.50 has been in progress for
quite some time. All tools other than GNU as were removed prior to this
commit, and it was built only on two archs:
i386, installed as /usr/bin/as
amd64, installed as /usr/bin/as and as a bootstrap tool
The i386 exp-run has completed and failures have been addressed in the
individual ports, so disable it there.
PR: 233611, 205250 [exp-run]
Sponsored by: The FreeBSD Foundation
r316063 installed pf's embedded libevent as a private lib, with headers
in /usr/include/private/event. Unfortunately we also have a copy of
libevent v2 included in ntp, which needed to be updated for compatibility
with OpenSSL 1.1.
As unadorned 'libevent' generally refers to libevent v2, be explicit that
this one is libevent v1.
Reviewed by: vangyzen (earlier)
Differential Revision: https://reviews.freebsd.org/D17275
ports/devel/linux_libusb builds FreeBSD libusb with GCC 4.8.5
from devel/linux-c7-devtools. Restore the tests for older GCC
in bsd.sys.mk to accomodate such ports.
Reported by: tijl
Sponsored by: Dell EMC Isilon
Some crypto consumers such as GELI and KTLS for file-backed sendfile
need to store their output in a separate buffer from the input.
Currently these consumers copy the contents of the input buffer into
the output buffer and queue an in-place crypto operation on the output
buffer. Using a separate output buffer avoids this copy.
- Create a new 'struct crypto_buffer' describing a crypto buffer
containing a type and type-specific fields. crp_ilen is gone,
instead buffers that use a flat kernel buffer have a cb_buf_len
field for their length. The length of other buffer types is
inferred from the backing store (e.g. uio_resid for a uio).
Requests now have two such structures: crp_buf for the input buffer,
and crp_obuf for the output buffer.
- Consumers now use helper functions (crypto_use_*,
e.g. crypto_use_mbuf()) to configure the input buffer. If an output
buffer is not configured, the request still modifies the input
buffer in-place. A consumer uses a second set of helper functions
(crypto_use_output_*) to configure an output buffer.
- Consumers must request support for separate output buffers when
creating a crypto session via the CSP_F_SEPARATE_OUTPUT flag and are
only permitted to queue a request with a separate output buffer on
sessions with this flag set. Existing drivers already reject
sessions with unknown flags, so this permits drivers to be modified
to support this extension without requiring all drivers to change.
- Several data-related functions now have matching versions that
operate on an explicit buffer (e.g. crypto_apply_buf,
crypto_contiguous_subsegment_buf, bus_dma_load_crp_buf).
- Most of the existing data-related functions operate on the input
buffer. However crypto_copyback always writes to the output buffer
if a request uses a separate output buffer.
- For the regions in input/output buffers, the following conventions
are followed:
- AAD and IV are always present in input only and their
fields are offsets into the input buffer.
- payload is always present in both buffers. If a request uses a
separate output buffer, it must set a new crp_payload_start_output
field to the offset of the payload in the output buffer.
- digest is in the input buffer for verify operations, and in the
output buffer for compute operations. crp_digest_start is relative
to the appropriate buffer.
- Add a crypto buffer cursor abstraction. This is a more general form
of some bits in the cryptosoft driver that tried to always use uio's.
However, compared to the original code, this avoids rewalking the uio
iovec array for requests with multiple vectors. It also avoids
allocate an iovec array for mbufs and populating it by instead walking
the mbuf chain directly.
- Update the cryptosoft(4) driver to support separate output buffers
making use of the cursor abstraction.
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D24545
Add a 'native_blocksize' member to 'struct enc_xform' that ciphers can
use if they support a partial final block. This is particular useful
for stream ciphers, but can also apply to other ciphers. cryptosoft
will only pass in native blocks to the encrypt and decrypt hooks. For
the final partial block, 'struct enc_xform' now has new
encrypt_last/decrypt_last hooks which accept the length of the final
block. The multi_block methods are also retired.
Mark AES-ICM (AES-CTR) as a stream cipher. This has some interesting
effects on IPsec in that FreeBSD can now properly receive all packets
sent by Linux when using AES-CTR, but FreeBSD can no longer
interoperate with OpenBSD and older verisons of FreeBSD which assume
AES-CTR packets have a payload padded to a 16-byte boundary. Kornel
has offered to work on a patch to add a compatiblity sysctl to enforce
additional padding for AES-CTR in esp_output to permit compatibility
with OpenBSD and older versions of FreeBSD.
AES-XTS continues to use a block size of a single AES block length.
It is possible to adjust it to support partial final blocks by
implementing cipher text stealing via encrypt_last/decrypt_last hooks,
but I have not done so.
Reviewed by: cem (earlier version)
Tested by: Kornel Dulęba <mindal@semihalf.com> (AES-CTR with IPsec)
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D24906
The flush is needed to prevent cross-process ret2spec, which is not handled
on kernel entry if IBPB is enabled but SMEP is present.
While there, add i386 RSB flush.
Reported by: Anthony Steinhauser <asteinhauser@google.com>
Reviewed by: markj, Anthony Steinhauser
Discussed with: philip
admbugs: 961
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
-development is long and awkward, and is also inconsistent with prior art
from the Linux world, which uses -dev (Debian) or -devel (Red Hat). Follow
the Debian convention, and similarly for debug info packages.
Also remove redundant pkgbase development tag from includes. We already tag
include files with package=runtime,dev; there is no need to separately tag
them as dev.
Discussed with: bapt
Reviewed by: manu
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D24139
This man page contains stat utilities that are available in
the base system. This is a better approach than looking them
up via "apropos stat" or similar commands.
Thanks to Daniel Ebdrup Jensen for writing the original page
and incorporating the feedback given.
Submitted by: Daniel Ebdrup Jensen
Reviewed by: 0mp, allanjude, brueffer, bcr
Approved by: bcr
MFC after: 3 days
Relnotes: yes (new stats(7) man page)
Differential Revision: https://reviews.freebsd.org/D24417
Assume gcc is at least 6.4, the oldest xtoolchain in the ports tree.
Assume clang is at least 6, which was in 11.2-RELEASE. Drop conditions
for older compilers.
Reviewed by: imp (earlier version), emaste, jhb
MFC after: 2 weeks
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D24802
Unlike the other copy*() functions, it does not serve to copy from one
address space to another or protect against potential faults. It's just
an older incarnation of the now-more-common strlcpy().
Reviewed by: jhb
MFC after: i² days
Differential Revision: yes (see 2/2)
There are no in-kernel consumers.
Reviewed by: cem
Relnotes: yes
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D24775
It no longer has any in-kernel consumers via OCF. smbfs still uses
single DES directly, so sys/crypto/des remains for that use case.
Reviewed by: cem
Relnotes: yes
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D24773
It no longer has any in-kernel consumers.
Reviewed by: cem
Relnotes: yes
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D24772
There are no longer any in-kernel consumers. The software
implementation was also a non-functional stub.
Reviewed by: cem
Relnotes: yes
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D24771
They no longer have any in-tree consumers. Note that these are a
different from MD5-HMAC and SHA1-HMAC and were only used with IPsec.
Reviewed by: cem
Relnotes: yes
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D24770
This was removed from IPsec in r286100 and no longer has any in-tree
consumers.
Reviewed by: cem
Relnotes: yes
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D24769
It no longer has any in-tree consumers.
Reviewed by: cem
Relnotes: yes
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D24768
Although a few drivers supported this algorithm, there were never any
in-kernel consumers. cryptosoft and cryptodev never supported it,
and there was not a software xform auth_hash for it.
Reviewed by: cem
Relnotes: yes
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D24767
pf by default does not do per-table address accounting unless the
"counters" keyword is specified in the corresponding pf.conf table
definition. Yet, we always allocate 12 per-CPU counters per table. For
large tables this carries a lot of overhead, so only allocate counters
when they will actually be used.
A further enhancement might be to use a dedicated UMA zone to allocate
counter arrays for table entries, since close to half of the structure
size comes from counter pointers. A related issue is the cost of
zeroing counters, since counter_u64_zero() calls smp_rendezvous() on
some architectures.
Reported by: loos, Jim Pingle <jimp@netgate.com>
Reviewed by: kp
MFC after: 2 weeks
Sponsored by: Rubicon Communications, LLC (Netgate)
Differential Revision: https://reviews.freebsd.org/D24803
It can be dangerous and there is no need for it in the kernel.
Inspired by Kees Cook's change in Linux, and later OpenBSD.
Reviewed by: cem, gordon, philip
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D24760
for custom vendor-specific changes to FreeBSD's
default settings.
While here, fix a typo: perfomance -> performance
PR: 245404
Submitted by: Jose Luis Duran
BINUTILS is needed only for ports, and will be disabled once the failing
ports are addressed (likely by growing a binutils dependency).
BINUTILS_BOOTSTRAP is needed only on amd64, for skein_block_asm.s. There
is no need to enable it on i386.
This will all be removed before FreeBSD 13.0.
With the removal of in-tree consumers of DES, Triple DES, and
MD5-HMAC, the only algorithm this driver still supports is SHA1-HMAC.
This is not very useful as a standalone algorithm (IPsec AH-only with
SHA1 would be the only user).
This driver has also not been kept up to date with the original driver
in OpenBSD which supports a few more cards and AES-CBC on newer cards.
The newest card currently supported by this driver was released in
2005.
Reviewed by: cem
MFC after: 1 week
Relnotes: yes
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D24691
source that works or is the new location on the
same page.
Submitted by: alfix86_gmail.com
Approved by: bcr
Differential Revision: https://reviews.freebsd.org/D23769
Save and restore (also known as suspend and resume) permits a snapshot
to be taken of a guest's state that can later be resumed. In the
current implementation, bhyve(8) creates a UNIX domain socket that is
used by bhyvectl(8) to send a request to save a snapshot (and
optionally exit after the snapshot has been taken). A snapshot
currently consists of two files: the first holds a copy of guest RAM,
and the second file holds other guest state such as vCPU register
values and device model state.
To resume a guest, bhyve(8) must be started with a matching pair of
command line arguments to instantiate the same set of device models as
well as a pointer to the saved snapshot.
While the current implementation is useful for several uses cases, it
has a few limitations. The file format for saving the guest state is
tied to the ABI of internal bhyve structures and is not
self-describing (in that it does not communicate the set of device
models present in the system). In addition, the state saved for some
device models closely matches the internal data structures which might
prove a challenge for compatibility of snapshot files across a range
of bhyve versions. The file format also does not currently support
versioning of individual chunks of state. As a result, the current
file format is not a fixed binary format and future revisions to save
and restore will break binary compatiblity of snapshot files. The
goal is to move to a more flexible format that adds versioning,
etc. and at that point to commit to providing a reasonable level of
compatibility. As a result, the current implementation is not enabled
by default. It can be enabled via the WITH_BHYVE_SNAPSHOT=yes option
for userland builds, and the kernel option BHYVE_SHAPSHOT.
Submitted by: Mihai Tiganus, Flavius Anton, Darius Mihai
Submitted by: Elena Mihailescu, Mihai Carabas, Sergiu Weisz
Relnotes: yes
Sponsored by: University Politehnica of Bucharest
Sponsored by: Matthew Grooms (student scholarships)
Sponsored by: iXsystems
Differential Revision: https://reviews.freebsd.org/D19495
- Abbreviated month name in .Dd
- position of HISTORY section
- alphabetical ordering within SEE ALSO section
- adding .Ed before .Sh DESCRIPTION
- remove trailing whitespaces
- Line break after a sentence stop
- Use BSD OS macros instead of hardcoded strings
No .Dd bumps as there was no actual content change made
in any of these pages.
Submitted by: Gordon Bergling gbergling_gmail.com
Approved by: bcr
Differential Revision: https://reviews.freebsd.org/D24591
o Shrink sglist(9) functions to work with multipage mbufs down from
four functions to two.
o Don't use 'struct mbuf_ext_pgs *' as argument, use struct mbuf.
o Rename to something matching _epg.
Reviewed by: gallatin
Differential Revision: https://reviews.freebsd.org/D24598
- Inconsistencies in .Dd like abbreviated month names,
"th" after numbers, or leading zeros
- No line breaks after a sentence stop
- Whitespace at the end of the line
- Use macros for BSD OS names instead of hardcoded names
- CAVEATS instead of CAVEAT in section name
No actual content change in terms of additions were made, so
no bump of the .Dd for these man pages.
All of these issues were found and fixed by Gordon Bergling.
Submitted by: gbergling_gmail.com
Approved by: bcr
Differential Revision: https://reviews.freebsd.org/D24648
This option was added as a transition aide when symbol versioning was
first added. It was enabled by default in 2007 and is supported even
by the old GPLv2 binutils. Trying to disable it currently fails to
build in libc and at this point it isn't worth fixing the build.
Reported by: Michael Dexter
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D24637
A number of components require OpenSSL and fail to build if it is not
enabled. As a first phase force these off under WITHOUT_OPENSSL. A
second phase should make these more fine-grained, allowing the component
to build but without OpenSSL.
PR: 245931
Sponsored by: The FreeBSD Foundation
Gordon Bergling. Hook it up to the build by adding
it to the Makefile.
Submitted by: gbergling_gmail.com
Approved by: bcr
Differential Revision: https://reviews.freebsd.org/D24589
epoch(9).
In one instance, remove a trailing whitespace while here.
Submitted by: gbergling_gmail.com
Approved by: bcr
Differential Revision: https://reviews.freebsd.org/D24243
section, it would result in the following error:
"ngctl: send msg: Invalid argument"
The reason for this is the missing whitespace to
separate the arguments. When adding the whitespace,
the example works as intended.
Submitted by: lutz_donnerhacke.de
Approved by: bcr
Differential Revision: https://reviews.freebsd.org/D23773
- Add a new TCP_RXTLS_ENABLE socket option to set the encryption and
authentication algorithms and keys as well as the initial sequence
number.
- When reading from a socket using KTLS receive, applications must use
recvmsg(). Each successful call to recvmsg() will return a single
TLS record. A new TCP control message, TLS_GET_RECORD, will contain
the TLS record header of the decrypted record. The regular message
buffer passed to recvmsg() will receive the decrypted payload. This
is similar to the interface used by Linux's KTLS RX except that
Linux does not return the full TLS header in the control message.
- Add plumbing to the TOE KTLS interface to request either transmit
or receive KTLS sessions.
- When a socket is using receive KTLS, redirect reads from
soreceive_stream() into soreceive_generic().
- Note that this interface is currently only defined for TLS 1.1 and
1.2, though I believe we will be able to reuse the same interface
and structures for 1.3.
The sysctl output looks like this:
dev.hwpstate_intel.0.epp: 50
dev.hwpstate_intel.0.%parent: cpu0
dev.hwpstate_intel.0.%pnpinfo:
dev.hwpstate_intel.0.%location:
dev.hwpstate_intel.0.%driver: hwpstate_intel
dev.hwpstate_intel.0.%desc: Intel Speed Shift
but all the '%' got escaped in the manual page, un-escape them.
While here:
- Move the example of dev.hwpstate_intel.%d.%parent after the description to
align with others.
- Capitalize "CPU" (*)
Submitted by: danfe (*)
Reviewed by: cem
Differential Revision: https://reviews.freebsd.org/D24520
The sole in-tree user of this flag has been retired, so remove this
complexity from all drivers. While here, add a helper routine drivers
can use to read the current request's IV into a local buffer. Use
this routine to replace duplicated code in nearly all drivers.
Reviewed by: cem
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D24450
instead of MK_KERBEROS. The reason for this change is some users
prefer to build FreeBSD WITHOUT_KERBEROS, wanting to retain the
Kerberos rc scripts to start/stop MIT Kerberos or Heimdal from ports.
PR: 197337
Reported by: Adam McDougall <ebay at looksharp.net>
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D24252
According to the upstream man page (which we don't install), none of
libauditd's symbols are intended to be public. Also, I can't find any
evidence for a port that uses libauditd. Therefore, we should treat it like
other such libraries and use PRIVATELIB.
Reported by: phk
Reviewed by: cem, emaste
MFC after: 2 weeks
