A _NEW flag passed to _init_flags() to avoid check for double-init.
Differential Revision: https://reviews.freebsd.org/D1208
Reviewed by: jhb, wblock
MFC after: 1 Month
for counter mode), and AES-GCM. Both of these modes have been added to
the aesni module.
Included is a set of tests to validate that the software and aesni
module calculate the correct values. These use the NIST KAT test
vectors. To run the test, you will need to install a soon to be
committed port, nist-kat that will install the vectors. Using a port
is necessary as the test vectors are around 25MB.
All the man pages were updated. I have added a new man page, crypto.7,
which includes a description of how to use each mode. All the new modes
and some other AES modes are present. It would be good for someone
else to go through and document the other modes.
A new ioctl was added to support AEAD modes which AES-GCM is one of them.
Without this ioctl, it is not possible to test AEAD modes from userland.
Add a timing safe bcmp for use to compare MACs. Previously we were using
bcmp which could leak timing info and result in the ability to forge
messages.
Add a minor optimization to the aesni module so that single segment
mbufs don't get copied and instead are updated in place. The aesni
module needs to be updated to support blocked IO so segmented mbufs
don't have to be copied.
We require that the IV be specified for all calls for both GCM and ICM.
This is to ensure proper use of these functions.
Obtained from: p4: //depot/projects/opencrypto
Relnotes: yes
Sponsored by: FreeBSD Foundation
Sponsored by: NetGate
to how they differ. This will assist users in selecting which interface
is more appropriate for their purposes.
Approved by: grog (co-mentor)
MFC after: 2 week
- bootparamd
- bootpd
- finger/fingerd
- ftp/ftpd
- hastctl/hastd
- iscsid, et al
- rbootd
- talk/talkd
- tcpd, et al
- tftp/tftpd
Add src.conf entries for the various components and do a best effort
at adding components to tools/build/mk/OptionalObsoleteFiles.inc
supported hardware list. Judging by the PCI driver attachment, dpt_pci.c
only supports a single adapter rather than the various PCI adapters listed.
The list of EISA adapters listed somewhat overlaps with the device IDs in
dpt_eisa.c. It's not clear which devices are ISA-only devices.
Initially in_matrote() in_clsroute() in their current state was introduced by
r4105 20 years ago. Instead of deleting inactive routes immediately, we kept them
in route table, setting RTPRF_OURS flag and some expire time. After that, either
GC came or RTPRF_OURS got removed on first-packet. It was a good solution
in that days (and probably another decade after that) to keep TCP metrics.
However, after moving metrics to TCP hostcache in r122922, most of in_rmx
functionality became unused. It might had been used for flushing icmp-originated
routes before rte mutexes/refcounting, but I'm not sure about that.
So it looks like this is nearly impossible to make GC do its work nowadays:
in_rtkill() ignores non-RTPRF_OURS routes.
route can only become RTPRF_OURS after dropping last reference via rtfree()
which calls in_clsroute(), which, it turn, ignores UP and non-RTF_DYNAMIC routes.
Dynamic routes can still be installed via received redirect, but they
have default lifetime (no specific rt_expire) and no one has another trie walker
to call RTFREE() on them.
So, the changelist:
* remove custom rnh_match / rnh_close matching function.
* remove all GC functions
* partially revert r256695 (proto3 is no more used inside kernel,
it is not possible to use rt_expire from user point of view, proto3 support
is not complete)
* Finish r241884 (similar to this commit) and remove remaining IPv6 parts
MFC after: 1 month
The canonical standalone debug directory established by the GNU
toolchain is /usr/lib/debug, and we use it when WITH_DEBUG_FILES is set.
Mention it in the file system hierarchy page.
Reviewed by: bcr
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D1134
have chosen different (and more traditional) stateless/statuful
NAT64 as translation mechanism. Last non-trivial commits to both
faith(4) and faithd(8) happened more than 12 years ago, so I assume
it is time to drop RFC3142 in FreeBSD.
No objections from: net@
Split it into two modules: if_gre(4) for GRE encapsulation and
if_me(4) for minimal encapsulation within IP.
gre(4) changes:
* convert to if_transmit;
* rework locking: protect access to softc with rmlock,
protect from concurrent ioctls with sx lock;
* correct interface accounting for outgoing datagramms (count only payload size);
* implement generic support for using IPv6 as delivery header;
* make implementation conform to the RFC 2784 and partially to RFC 2890;
* add support for GRE checksums - calculate for outgoing datagramms and check
for inconming datagramms;
* add support for sending sequence number in GRE header;
* remove support of cached routes. This fixes problem, when gre(4) doesn't
work at system startup. But this also removes support for having tunnels with
the same addresses for inner and outer header.
* deprecate support for various GREXXX ioctls, that doesn't used in FreeBSD.
Use our standard ioctls for tunnels.
me(4):
* implementation conform to RFC 2004;
* use if_transmit;
* use the same locking model as gre(4);
PR: 164475
Differential Revision: D1023
No objections from: net@
Relnotes: yes
Sponsored by: Yandex LLC
Those tunables are used to set a specific mode in vt(4) instead of using
the default mode.
Differential Revision: https://reviews.freebsd.org/D1098
Reviewed by: ak@, emaste@, kwm@
MFC after: 1 week
whether the shared request for already shared-locked lock could be
granted. Both problems result in the exclusive locker starvation.
The concurrent exclusive request is indicated by either
LK_EXCLUSIVE_WAITERS or LK_EXCLUSIVE_SPINNERS flags. The reverse
condition, i.e. no exclusive waiters, must check that both flags are
cleared.
Add a flag LK_NODDLKTREAT for shared lock request to indicate that
current thread guarantees that it does not own the lock in shared
mode. This turns back the exclusive lock starvation avoidance code;
see man page update for detailed description.
Use LK_NODDLKTREAT when doing lookup(9).
Reported and tested by: pho
No objections from: attilio
Sponsored by: The FreeBSD Foundation
MFC after: 2 weeks
of fuword(9) and suword(9). This makes the functions type-compatible
with volatile objects and does not require devolatile force, e.g. in
kern_umtx.c.
Requested by: bde
Reviewed by: jhb
Sponsored by: The FreeBSD Foundation
MFC after: 3 weeks
and casuword(9), but do not mix value read and indication of fault.
I know (or remember) enough assembly to handle x86 and powerpc. For
arm, mips and sparc64, implement fueword() and casueword() as wrappers
around fuword() and casuword(), which means that the functions cannot
distinguish between -1 and fault.
On architectures where fueword() and casueword() are native, implement
fuword() and casuword() using fueword() and casuword(), to reduce
assembly code duplication.
Sponsored by: The FreeBSD Foundation
Tested by: pho
MFC after: 2 weeks (ia64 needs treating)
While I'm there also correct typos in OptionalObsoleteFiles and add
information of the command line options for hv_kvp_daemon(8).
Reported by: jmg [1]
Reviewed by: jmg
MFC after: 2 weeks
create a new code block and thus must be balanced at the same lexical
scope. (This is also a requirement in POSIX.)
PR: 194280
Submitted by: dr2867.business@pacbell.net
MFC after: 1 week
Support for the multiport feature is mostly implemented, but currently
disabled due to some potential races in the hot plug code paths.
Requested by: marcel
MFC after: 1 month
Relnotes: yes
- Wrong integer type was specified.
- Wrong or missing "access" specifier. The "access" specifier
sometimes included the SYSCTL type, which it should not, except for
procedural SYSCTL nodes.
- Logical OR where binary OR was expected.
- Properly assert the "access" argument passed to all SYSCTL macros,
using the CTASSERT macro. This applies to both static- and dynamically
created SYSCTLs.
- Properly assert the the data type for both static and dynamic
SYSCTLs. In the case of static SYSCTLs we only assert that the data
pointed to by the SYSCTL data pointer has the correct size, hence
there is no easy way to assert types in the C language outside a
C-function.
- Rewrote some code which doesn't pass a constant "access" specifier
when creating dynamic SYSCTL nodes, which is now a requirement.
- Updated "EXAMPLES" section in SYSCTL manual page.
MFC after: 3 days
Sponsored by: Mellanox Technologies
vxlan creates a virtual LAN by encapsulating the inner Ethernet frame in
a UDP packet. This implementation is based on RFC7348.
Currently, the IPv6 support is not fully compliant with the specification:
we should be able to receive UPDv6 packets with a zero checksum, but we
need to support RFC6935 first. Patches for this should come soon.
Encapsulation protocols such as vxlan emphasize the need for the FreeBSD
network stack to support batching, GRO, and GSO. Each frame has to make
two trips through the network stack, and each frame will be at most MTU
sized. Performance suffers accordingly.
Some latest generation NICs have begun to support vxlan HW offloads that
we should also take advantage of. VIMAGE support should also be added soon.
Differential Revision: https://reviews.freebsd.org/D384
Reviewed by: gnn
Relnotes: yes
vt(4) is the default console for UEFI boot [1], and the bitmapped
kern.vt.spclkeys sysctl has been replaced with individual kern.vt.kbd_*
enable sysctls.
PR: 193710
Submitted by: wblock [1]
Reviewed by: wblock
MFC after: 3 days
Relnotes: Yes
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D953
r273170:
MK_ARB_EABI was removed in r272350 so remove the documentation.
r273171:
Per r273155, HYPERV is built by default on platforms where it makes
sense and ignored on others.
r273172:
Document that WITHOUT_TOOLCHAIN causes headers to not be installed, not
just programs.
o convert to if_transmit;
o use rmlock to protect access to gif_softc;
o use sx lock to protect from concurrent ioctls;
o remove a lot of unneeded and duplicated code;
o remove cached route support (it won't work with concurrent io);
o style fixes.
Reviewed by: melifaro
Obtained from: Yandex LLC
MFC after: 1 month
Sponsored by: Yandex LLC
of timeout(9) to the end and mark it prominently as deprecated. Document
somewhat how times are specified for the 'sbt' variants. Better explain
how using callout_init_*() to associate a lock with a callout resolves
common races.
Differential Revision: https://reviews.freebsd.org/D847
Reviewed by: wblock, bjk
MFC after: 1 week
r272234, r272236, r272262, r272264, r272269, r272271, r272272,
r272277, r272279, r272376, r272380, r272381, r272392, r272234,
r272412:
r272234:
Initial commit to include virtual machine images as part
of the FreeBSD release builds.
This adds a make(1) environment variable requirement,
WITH_VMIMAGES, which triggers the virtual machine image
targets when not defined to an empty value.
Relevant user-driven variables include:
o VMFORMATS: The virtual machine image formats to create.
Valid formats are provided by running 'mkimg --formats'
o VMSIZE: The size of the resulting virtual machine
image. Typical compression is roughly 140Mb, regardless
of the target size (10GB, 15GB, 20GB, 40GB sizes have been
tested with the same result).
o VMBASE: The prefix of the virtual machine disk images.
The VMBASE make(1) environment variable is suffixed with
each format in VMFORMATS for each individual disk image, as
well as '.img' for the source UFS filesystem passed to
mkimg(1).
This also includes a new script, mk-vmimage.sh, based on how
the VM images for 10.0-RELEASE, 9.3-RELEASE, and 10.1-RELEASE
were created (mk-vmimage.sh in ^/user/gjb/thermite/).
With the order in which the stages need to occur, as well as
sanity-checking error cases, it makes much more sense to
execute a shell script called from make(1), using env(1) to
set specific parameters for the target image than it does to
do this in make(1) directly.
r272236:
Use VMBASE in place of a hard-coded filename in the CLEANFILES
list.
r272262:
Remove a 'set -x' that snuck in during testing.
r272264:
release/Makefile:
Connect the virtual machine image build to the release
target if WITH_VMIMAGES is set to a non-empty value.
release/release.sh:
Add WITH_VMIMAGES to RELEASE_RMAKEFLAGS.
release/release.conf.sample:
Add commented entries for tuning the release build if the
WITH_VMIMAGES make(1) environment variable is set to
a non-empty value.
r272269:
release/Makefile:
Include .OBJDIR in DESTDIR in the vm-base target.
release/release.sh:
Provide the full path to mddev.
r272271:
Fix UFS label for the root filesystem.
r272272:
Remove comments left in accidentally while testing, so the
VM /etc/fstab is actually created.
r272277:
Remove the UFS label from the root filesystem since it is added
by mkimg(1) as a gpt label, consistent with the fstab(5) entry.
r272279:
Comment cleanup in panic() message when mkimg(1) does not support
the requested disk image format.
r272376:
Separate release/scripts/mk-vmimage.sh to machine-specific
scripts, making it possible to mimic the functionality for
non-x86 targets.
Move echo output if MAKEFLAGS is empty outside of usage().
Remove TARGET/TARGET_ARCH evaluation.
r272380:
Avoid using env(1) to set values passed to mk-vmimage.sh,
and instead pass the values as arguments to the script,
making it easier to run this by hand, without 'make release'.
Add usage_vm_base() and usage_vm_image() usage helpers.
r272381:
After evaluating WITH_VMIMAGES is non-empty, ensure
the mk-vmimage.sh script exists before running it.
r272392:
Add WITH_COMPRESSED_VMIMAGES variable, which when set enables
xz(1) compression of the virtual machine images.
This is intentionally separate to allow more fine-grained
tuning over which images are compressed, especially in cases
where compressing 20GB sparse images can take hours.
r272412:
Document the new 'vm-image' target, and associated release.conf
variables.
r272413:
Remove two stray comments added during the initial iterations
of testing, no longer needed.
MFC after: 5 days
X-MFC-10.1: yes
Tested on: r272269, r272272, r272279, r272380, r272392
Sponsored by: The FreeBSD Foundation
if_lagg(4) interfaces which were cloned in a vnet jail.
Sysctl nodes which are dynamically generated for each cloned interface
(net.link.lagg.N.*) have been removed, and use_flowid and flowid_shift
ifconfig(8) parameters have been added instead. Flags and per-interface
statistics counters are displayed in "ifconfig -v".
CR: D842
Use standard mdoc macros instead of pure roff, fix some other mdoc usage,
make the style consistent, and fix some grammar issues.
Approved by: hrs (mentor)
that this means full checksum coverage for received packets.
If an application is willing to accept packets with partial
coverage, it is expected to use the socekt option and provice
the minimum coverage it accepts.
Reviewed by: kevlo
MFC after: 3 days
tethering functionality only. Add a "bugs" section to give a pointer
to usbconfig set_config if the device isn't automatically detected.
MFC after: 3 days
- Priority argument is introduced to sleepq_*wait* in r177085
- sleepq_calc_signal_retval is removed from implementation
- sleepq_catch_signals is internal now
Differential Revision: https://reviews.freebsd.org/D794
Reviewed by: jhb
Approved by: jhb
struct ifnet if_oqdrops.
Some netgraph modules used ifqueue w/o ifnet. Accounting of queue drops
is simply removed from them. There were no API to read this statistic.
Sponsored by: Netflix
Sponsored by: Nginx, Inc.
The FreeBSD is the only system that has the FEC protocol, that is a simple alias
to loadbalance protocol and does not implement the ancient Cisco FEC standard.
From now on, we remove the fec protocol from the documentation and keep the FEC
code only for compatibility.
Phabric: D539
Reviewed by: glebius, thompsa
Approved by: glebius
Sponsored by: QNAP Systems Inc.
and receives frames on any port of the lagg(4).
Phabric: D549
Reviewed by: glebius, thompsa
Approved by: glebius
Obtained from: OpenBSD
Sponsored by: QNAP Systems Inc.
ifa_ifwithdstaddr. For the sake of backwards compatibility, the new
arguments were added to new functions named ifa_ifwithnet_fib and
ifa_ifwithdstaddr_fib, while the old functions became wrappers around the
new ones that passed RT_ALL_FIBS for the fib argument. However, the
backwards compatibility is not desired for FreeBSD 11, because there are
numerous other incompatible changes to the ifnet(9) API. We therefore
decided to remove it from head but leave it in place for stable/9 and
stable/10. In addition, this commit adds the fib argument to
ifa_ifwithbroadaddr for consistency's sake.
sys/sys/param.h
Increment __FreeBSD_version
sys/net/if.c
sys/net/if_var.h
sys/net/route.c
Add fibnum argument to ifa_ifwithbroadaddr, and remove the _fib
versions of ifa_ifwithdstaddr, ifa_ifwithnet, and ifa_ifwithroute.
sys/net/route.c
sys/net/rtsock.c
sys/netinet/in_pcb.c
sys/netinet/ip_options.c
sys/netinet/ip_output.c
sys/netinet6/nd6.c
Fixup calls of modified functions.
share/man/man9/ifnet.9
Document changed API.
CR: https://reviews.freebsd.org/D458
MFC after: Never
Sponsored by: Spectra Logic
addresses generated by an address range specification. The default
value is 2048. This can be increased by setting $netif_ipexpand_max
in rc.conf.
- Fix warning messages when an address range spec exceeds the upper limit.
PR: 186841
tree support includes a device tree source compiler dtc(8) which
converts .dts files into .dtb files. /boot/loader will load dtb files
from this directory by default, allowing for fewer differences between
images for different SoCs. Compiled dts files will wind up here
eventually as an alternative to embedding them into the kernel.
Document this in hier(7), as well as add missing entries for
/boot/firmware and /boot/zfs, though the latter two should only be
considered place holders if someone wants to make them better.
packets at all. Swapping byte order on SOCK_RAW was actually a bug, an
artifact from the BSD network stack, that used to convert a packet to
native byte order once it is received by kernel.
Other operating systems didn't follow this, and later other BSD
descendants fixed this, leaving us alone with the bug. Now it is
clear that we should fix the bug.
In collaboration with: Olivier Cochard-Labbé <olivier cochard.me>
See also: https://wiki.freebsd.org/SOCK_RAW
Sponsored by: Nginx, Inc.
appropriate (i.e. where syscons was already mentioned and vt supports the
feature). Comments in defaults/rc.conf are updated to match the contents
of the modified man-page rc.conf(5).
Reviewed by: pluknet, emaste
MFC after: 3 days
UNIX systems, eg. MacOS X and Solaris. It uses Sun-compatible map format,
has proper kernel support, and LDAP integration.
There are still a few outstanding problems; they will be fixed shortly.
Reviewed by: allanjude@, emaste@, kib@, wblock@ (earlier versions)
Phabric: D523
MFC after: 2 weeks
Relnotes: yes
Sponsored by: The FreeBSD Foundation
We continue to use pmap_enter() for that. For unwiring virtual pages, we
now use pmap_unwire(), which unwires a range of virtual addresses instead
of a single virtual page.
Sponsored by: EMC / Isilon Storage Division
SYSCTL code. Added description of new macros and functions.
- Merged dynamic and static SYSCTL related content into a single
manual page, hence parameters and functionality is very much the same.
- Uppercased all occurrences of "OID".
- Updated all SYSCTL examples.
PR: 192101
code. The consensus on arch@ is that this feature might have been useful
in the distant past, but is now just unnecessary bloat.
The int_rman_activate_resource() and int_rman_deactivate_resource()
functions become trivial, so manually inline them.
The special deferred handling of RF_ACTIVE is no longer needed in
reserve_resource_bound(), so eliminate the associated code at the
end of the function.
These changes reduce the object file size by more than 500 bytes on i386.
Update the rman.9 man page to reflect the removal of the RF_TIMESHARE
feature.
MFC after: 2 weeks
While here also reword 'show buffer' to have an 'addr' argument and to
match other struct documentation.
MFC after: 1 week
Sponsored by: EMC / Isilon Storage Division
This includes:
o All directories named *ia64*
o All files named *ia64*
o All ia64-specific code guarded by __ia64__
o All ia64-specific makefile logic
o Mention of ia64 in comments and documentation
This excludes:
o Everything under contrib/
o Everything under crypto/
o sys/xen/interface
o sys/sys/elf_common.h
Discussed at: BSDcan
implement options TERMINAL_{KERN,NORM}_ATTR. These are aliased to
SC_{KERNEL_CONS,NORM}_ATTR and like these latter, allow to change the
default colors of normal and kernel text respectively.
Note on the naming: Although affecting the output of vt(4), technically
kern/subr_terminal.c is primarily concerned with changing default colors
so it would be inconsistent to term these options VT_{KERN,NORM}_ATTR.
Actually, if the architecture and abstraction of terminal+teken+vt would
be perfect, dev/vt/* wouldn't be touched by this commit at all.
Reviewed by: emaste
MFC after: 3 days
Sponsored by: Bally Wulff Games & Entertainment GmbH
- vt_vga(4) is a driver rather than a function so reference it accordingly.
- Uncomment HISTORY section given that vt(4) will first appear in 9.3.
Reviewed by: emaste (modulo last part)
MFC after: 3 days
Sponsored by: Bally Wulff Games & Entertainment GmbH
With this change and previous work from ray@ it will be possible to put
both in GENERIC, and have one enabled by default, but allow the other to
be selected via the loader.
(The previous implementation had separate kern.vt.disable and
hw.syscons.disable tunables, and would panic if both drivers were
compiled in and neither was explicitly disabled.)
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Many thanks to jmg for reviewing the (previous version) of the text
and providing grammar and content fixes.
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
