Commit Graph

827 Commits

Author SHA1 Message Date
glebius
9978a7d924 New pfil(9) KPI together with newborn pfil API and control utility.
The KPI have been reviewed and cleansed of features that were planned
back 20 years ago and never implemented.  The pfil(9) internals have
been made opaque to protocols with only returned types and function
declarations exposed. The KPI is made more strict, but at the same time
more extensible, as kernel uses same command structures that userland
ioctl uses.

In nutshell [KA]PI is about declaring filtering points, declaring
filters and linking and unlinking them together.

New [KA]PI makes it possible to reconfigure pfil(9) configuration:
change order of hooks, rehook filter from one filtering point to a
different one, disconnect a hook on output leaving it on input only,
prepend/append a filter to existing list of filters.

Now it possible for a single packet filter to provide multiple rulesets
that may be linked to different points. Think of per-interface ACLs in
Cisco or Juniper. None of existing packet filters yet support that,
however limited usage is already possible, e.g. default ruleset can
be moved to single interface, as soon as interface would pride their
filtering points.

Another future feature is possiblity to create pfil heads, that provide
not an mbuf pointer but just a memory pointer with length. That would
allow filtering at very early stages of a packet lifecycle, e.g. when
packet has just been received by a NIC and no mbuf was yet allocated.

Differential Revision:	https://reviews.freebsd.org/D18951
2019-01-31 23:01:03 +00:00
avos
cf65f96793 ObsoleteFiles.inc: remove adv(4) / adw(4) man pages after r339567 2019-01-26 17:27:12 +00:00
dim
54461c1dd5 Remove leading slash from OLD_DIRS assignment in ObsoleteFiles.inc. The
"make delete-old" mechanism will already take care of such prefixes, and
this prevents a double leading slash from being displayed.
2019-01-18 20:35:24 +00:00
glebius
6727f724ad Remove pbuf(9) manual page that is now nearly 100% outdated. 2019-01-15 01:19:29 +00:00
mjg
d340729f53 Remove iBCS2, part1: userspace
iBCS2 was disconnected from the build in 2015 (see r291419)

bsdconfig parts submitted by dteske.

Reviewed by:	kib (previous version)
Sponsored by:	The FreeBSD Foundation
2018-12-19 21:56:54 +00:00
se
0d25e053d1 Add removed CTM files to ObsoleteFiles.inc as a follow-up to r342126. 2018-12-17 10:17:56 +00:00
gnn
222efc509d Remove, the now very outdated, timed.
Submitted by:	Kyle Spiers ksspiers at gmail
Reviewed by:	bcr,brooks,bz,sbruno
Relnotes:	yes
Differential Revision:	https://reviews.freebsd.org/D18505
2018-12-15 21:34:40 +00:00
dim
c44acdff64 Fix dates that I set into the future incorrectly.
Noticed by:		ler
2018-12-13 06:59:55 +00:00
dim
71206590d4 Set tentative merge date, and add UPDATING note. 2018-12-11 17:39:49 +00:00
dim
07b9c9ba27 Merge ^/head r340918 through r341763. 2018-12-09 11:39:45 +00:00
marius
8ddb26ca0a - Add a belated UPDATING entry for the ixlv(4) -> iavf(4) rename in r339338.
- Likewise, add ixlv.4.gz to OLD_FILES,
- and link if_ixlv.ko to if_iavf.ko in order to aid a bit in the transition.
2018-11-27 12:11:16 +00:00
dim
3aa6bcc5fe Merge ^/head r340427 through r340868. 2018-11-24 14:46:06 +00:00
jkim
cb3eaa5e8f Revert r340706. Some files became symlinks and vice versa.
Pointy hat to:	jkim
2018-11-21 00:00:00 +00:00
jkim
56172424fa Remove stale manual pages after OpenSSL 1.1.1a merge. 2018-11-20 22:12:10 +00:00
markj
aefb48b872 Rename the SO_REUSEPORT_LB test file to be consistent with other tests.
MFC after:	1 week
2018-11-16 18:59:58 +00:00
markj
0c3e626b3c Fix the path to malloc_domain.9.
Reported by:	yuripv
MFC after:	3 days
Sponsored by:	The FreeBSD Foundation
2018-11-14 16:15:36 +00:00
dim
0838f433ff Merge ^/head r340235 through r340367. 2018-11-12 16:41:41 +00:00
oshogbo
cb78f985ad libcasper: ange the name of limits in cap_dns so the intentions are obvious.
Reported by:	pjd
MFC after:	3 weeks
2018-11-12 15:52:45 +00:00
emaste
98d83a59fb revert r340156, restoring sys/sys/capability.h
More time is still needed for ports to accommodate the migration to
capsicum.h.

The header was renamed in 2014 due to concerns about conflicts with with
a draft POSIX.1e capability.h header on other systems and there is (now)
no need for complex autoconf tests for both capability.h and capsicum.h.
Any supported Capsicum-capable system has capsicum.h.

Reported by:	antoine
Sponsored by:	The FreeBSD Foundation
2018-11-05 22:36:45 +00:00
emaste
dfd06214d9 Remove backwards-compatibility sys/capability.h
In r263232 sys/capability.h was renamed to sys/capsicum.h, to avoid
conflicts with a capability.h header found on other operating systems.

Sufficient time has now passed, so remove the old header at the
beginning of FreeBSD 13.

Discussed with:	oshogbo
Sponsored by:	The FreeBSD Foundation
2018-11-05 19:25:57 +00:00
dim
4b4bc3c457 Merge ^/head r339813 through r340125. 2018-11-04 15:49:06 +00:00
dim
3d9ebb9be0 Merge llvm, clang, lld, lldb, compiler-rt and libc++ release_70 branch
r346007 (effectively 7.0.1 rc2), resolve conflicts, and bump version
numbers.

PR:		230240, 230355
2018-11-04 15:46:30 +00:00
markj
f931b753dd Add malloc_domainset(9) and _domainset variants to other allocator KPIs.
Remove malloc_domain(9) and most other _domain KPIs added in r327900.
The new functions allow the caller to specify a general NUMA domain
selection policy, rather than specifically requesting an allocation from
a specific domain.  The latter policy tends to interact poorly with
M_WAITOK, resulting in situations where a caller is blocked indefinitely
because the specified domain is depleted.  Most existing consumers of
the _domain KPIs are converted to instead use a DOMAINSET_PREF() policy,
in which we fall back to other domains to satisfy the allocation
request.

This change also defines a set of DOMAINSET_FIXED() policies, which
only permit allocations from the specified domain.

Discussed with:	gallatin, jeff
Reported and tested by:	pho (previous version)
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D17418
2018-10-30 18:26:34 +00:00
dim
10311b69d6 Merge ^/head r339670 through r339812. 2018-10-27 14:44:39 +00:00
imp
4f1c28c8e1 Redo r339563: Remove joy(4) driver.
This driver was marked as gone in 12. We're at 13 now. Remove it.
Data from nycbug's dmesg cache shows only one potential user,
suggesting it never was used much. However, even though this device
has been obsolete for 15 years at least, sys/joystick.h is included in
a number of graphics packages still, so that remains. A full exprun
is needed before that can be removed.

RelNotes: yes
Differential Revision: https://reviews.freebsd.org/D17629
2018-10-26 16:03:30 +00:00
imp
83bf1fdc83 Revert r339563.
I held the mistaken belief this was completely unused. While the
driver is unused and likely not relevant for a long time,
sys/joystick.h lives on in maybe half a dozen ports, even though
hardware to use it hasn't been widely used in maybe 15 years.
2018-10-26 04:10:32 +00:00
kib
f37256a01f Bump base OpenSSL libraries versions to avoid conflict with port's libraries.
Reported by:	many
Reviewed by:	gjb
Sponsored by:	The FreeBSD Foundation
MFC after:	3 hours
2018-10-25 13:37:57 +00:00
dim
6c8ec16fbe Merge ^/head r339015 through r339669. 2018-10-23 21:09:37 +00:00
imp
e4026c4f30 Remove mse(4) from tree
Remove mse and all support for bus and inport devices from the tree.
Data from nycbug's dmesg database shows the last sighting of this
driver was in 4.10 on only one machine.

Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D17628
2018-10-22 02:34:10 +00:00
imp
ba47cdd36c Remove joy(4) driver.
This driver was marked as gone in 12. We're at 13 now. Remove it.
Data from nycbug's dmesg cache shows only one potential user,
suggesting it never was used much.

RelNotes: yes
Differential Revision: https://reviews.freebsd.org/D17629
2018-10-22 02:34:00 +00:00
gjb
7aa137c557 Correct the comment for the 20181015 entry in ObsoleteFiles.inc.
Reported by:	rpokala
Approved by:	re (kib)
Sponsored by:	The FreeBSD Foundation
2018-10-18 19:07:15 +00:00
gjb
c74f5d0396 Remove stale libcasper(3) shared libraries following the
OpenSSL 1.1.1 update.

Reported by:	des
Approved by:	re (kib)
Sponsored by:	The FreeBSD Foundation
2018-10-15 17:16:47 +00:00
jkim
ea78317b1d Remove re-added header files from ObsoleteFiles.inc.
Approved by:	re (delphij)
2018-10-11 18:24:11 +00:00
gjb
05d1d50555 Merge the remainder of the projects/openssl111 branch to head.
- Update OpenSSL to version 1.1.1.
- Update Kerberos/Heimdal API for OpenSSL 1.1.1 compatibility.
- Bump __FreeBSD_version.

Approved by:	re (kib)
Sponsored by:	The FreeBSD Foundation
2018-10-09 21:28:26 +00:00
jhb
3b1a96ee16 Update obsolete files list for OpenSSL 1.1.1.
This will need a real date once this is merged to head.

One weird thing to note: the 32-bit engines get dumped into /usr/lib32
rather than /usr/lib32/engines, and I bet the 32-bit libcrypto.so i
looking for the .so files in the wrong place.  We should probably fix
both of those at some point.

Reviewed by:	emaste, jkim
Differential Revision:	https://reviews.freebsd.org/D17384
2018-10-02 21:40:57 +00:00
dim
05bc8dc0eb Merge ^/head r338298 through r338391. 2018-08-29 20:54:56 +00:00
kevans
51650c5969 libbe(3)/bectl(8): Make consistent with beadm
vermaden (maintainer of beadm) points out the following inconsistencies:
- "missing command" is not printed prior to usage if the error is simply a
   missing command; this should be obvious from the context
- "bectl rename" isn't using the "don't unmount" flag (zfs rename -u), so
   the active BE can't be renamed. It doesn't make sense in our context to
   *not* use -u, so use it.

Documentation updates reflect the above and note an inconsistency with the
'destroy' command that is consistent with other parts of the base system.

A fix for libbe(3) not properly being installed to /lib is included.
SHLIBDIR should have been added when it was moved in r337995.

Approved by:	re (kib)
2018-08-24 20:44:58 +00:00
dim
317f4cf38a Merge ^/head r338026 through r338297, and resolve conflicts. 2018-08-24 18:09:23 +00:00
delphij
cc30da3fe1 Update userland arc4random() with OpenBSD's Chacha20 based arc4random().
ObsoleteFiles.inc:

    Remove manual pages for arc4random_addrandom(3) and
    arc4random_stir(3).

  contrib/ntp/lib/isc/random.c:
  contrib/ntp/sntp/libevent/evutil_rand.c:

    Eliminate in-tree usage of arc4random_addrandom().

  crypto/heimdal/lib/roken/rand.c:
  crypto/openssh/config.h:

    Eliminate in-tree usage of arc4random_stir().

  include/stdlib.h:

    Remove arc4random_stir() and arc4random_addrandom() prototypes,
    provide temporary shims for transistion period.

  lib/libc/gen/Makefile.inc:

    Hook arc4random-compat.c to build, add hint for Chacha20 source for
    kernel, and remove arc4random_addrandom(3) and arc4random_stir(3)
    links.

  lib/libc/gen/arc4random.c:

    Adopt OpenBSD arc4random.c,v 1.54 with bare minimum changes, use the
    sys/crypto/chacha20 implementation of keystream.

  lib/libc/gen/Symbol.map:

    Remove arc4random_stir and arc4random_addrandom interfaces.

  lib/libc/gen/arc4random.h:

    Adopt OpenBSD arc4random.h,v 1.4 but provide _ARC4_LOCK of our own.

  lib/libc/gen/arc4random.3:

    Adopt OpenBSD arc4random.3,v 1.35 but keep FreeBSD r114444 and
    r118247.

  lib/libc/gen/arc4random-compat.c:

    Compatibility shims for arc4random_stir and arc4random_addrandom
    functions to preserve ABI.  Log once when called but do nothing
    otherwise.

  lib/libc/gen/getentropy.c:
  lib/libc/include/libc_private.h:

    Fold __arc4_sysctl into getentropy.c (renamed to arnd_sysctl).
    Remove from libc_private.h as a result.

  sys/crypto/chacha20/chacha.c:
  sys/crypto/chacha20/chacha.h:

    Make it possible to use the kernel implementation in libc.

PR:		182610
Reviewed by:	cem, markm
Obtained from:	OpenBSD
Relnotes:	yes
Differential Revision:	https://reviews.freebsd.org/D16760
2018-08-19 17:40:50 +00:00
eadler
fd9b0c98f8 send-pr: wave goodbye
Entering into the world of 12.x we no longer need even the placeholder
for send-pr. It has not done anything for some time.

With Hat: bugmeister
2018-08-19 07:12:35 +00:00
dim
0bd29cc205 Update ObsoleteFiles.inc for 6.0.1 -> 7.0.0 upgrade. 2018-08-11 09:32:20 +00:00
dim
c7c826817c Add a few forgotten files to ObsoleteFiles.inc:
* libcasper.so.0, which started in /usr/lib, then moved to /lib, but
  was later replaced by libcasper.so.1
* 32-bit versions of static casper libraries
* 32-bit versions of static stand libraries
* 32-bit versions of static ifc(onfig) libraries
2018-07-25 17:14:05 +00:00
pstef
1cf4f60aca Remove old Kyua test files for indent(1) after a rename.
This continues work in r334944.

Reported by:	asomers
2018-07-22 12:45:02 +00:00
brd
adc2e8d736 Revert r336572 and wrap them in machine checks so they are only installed on
i386.

Approved by:	allanjude (mentor), imp
Differential Revision:	https://reviews.freebsd.org/D16380
2018-07-21 17:13:39 +00:00
brd
716328d66f Purge some old apmd files
Approved by:	allanjude
Differential Revision:	https://reviews.freebsd.org/D16373
2018-07-21 00:12:41 +00:00
kib
5b6ba7e3f2 Move OFED libraries libmlx5.so.1 and libibverbs.so.1 to /lib.
The is required because libpcap.so depends on the libraries when OFED
is enabled.

Reviewed by:	bdrewery, hselasky
Sponsored by:	Mellanox Technologies
MFC after:	2 weeks
Differential revision:	https://reviews.freebsd.org/D16230
2018-07-20 23:49:57 +00:00
kib
a77cb36882 Remove bits of the old NUMA.
Remove numactl(1), edit numa(4) to bring it some closer to reality,
provide libc ABI shims for old NUMA syscalls.

Noted and reviewed by:	brooks (previous version)
Sponsored by:	The FreeBSD Foundation
Differential revision:	https://reviews.freebsd.org/D16142
2018-07-10 22:00:20 +00:00
dim
9c9640b12e More follow-up to r335799 (llvm/clang 6.0.1 update), where I forgot to
update mtree files, ObsoleteFiles and a number of other paths.  Sorry
about all the breakage.

Pointy hat to:	me
MFC after:	2 weeks
X-MFC-With:	r335799
2018-06-30 15:03:22 +00:00
jhb
872ab4c7af Correct path to removed asf(8) binary. 2018-06-20 19:22:33 +00:00
emaste
f4adbc25a7 Remove obsolete asf(8)
kgdb now handles kernel module state internally, so the asf tool serves
no purpose.

PR:		229046
Reviewed by:	brooks
Relnotes:	yes
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D15827
2018-06-15 17:44:21 +00:00