Add support of "/{udp,tcp,proto}" suffix into $firewall_myservices, which
interpreted the listed items as port numbers of TCP services.
A service with no suffix still works and recognized as a TCP service for
backward compatibility. It should be updated with /tcp suffix.
Approved by: re (gjb)
* Add -x waittime and -X timeout options for feature parity. These are
equivalent to -W and -t options of ping(8). Different letters are used
because both have already been used for another purposes in ping6(8).
* Fix a problem that reply packets are not received when -i T option is set
and (T < RTT).
- Use select(2) for timeout instead of interval timer. Remove poll(2) support.
- Use sigaction(2) instead of signal(3).
- Exit in SIGINT handler when two signals are received and doing reverse DNS
lookup as ping(8) does.
- Remove redundant variables used for getaddrinfo(3).
Approved by: re (gjb)
r285722 (brd):
Add support for building VirtualBox Vagrant images.
Abstract the build, package and upload to handle building
either type.
r285733
Fix an out-of-order execution issue regarding pkg(8):
- pkg(8) cannot be removed before subsequent reinvocations
- The PKG_CACHEDIR cannot be cleaned after the repo*.sqlite
has been removed
- pkg(8) cannot be removed as a precursor to any of the other
steps involved here
Approved by: re (kib)
Sponsored by: The FreeBSD Foundation
sfxge: added fallbacks for pre 4.2.1 firmware support
Driver must be able to start against older firmware that is missing
recently added MCDI calls, otherwise firmware upgrade will not be
possible.
Submitted by: Richard Houldsworth <rhouldsworth at solarflare.com>
Sponsored by: Solarflare Communications, Inc.
Approved by: re (gjb)
Avoid a situation where we do not set persist timer after a zero window
condition.
If you send a 0-length packet, but there is data is the socket buffer, and
neither the rexmt or persist timer is already set, then activate the persist
timer.
PR: 192599
Approved by: re (delphij)
Expose full 32bit RSS hash from card regardless of whether RSS is defined or
not. When doing multiqueue, we are all setup to have full 32bit RSS hash from
the card. We do not need to hide that under "ifdef RSS" and should expose that
by default so others like lagg(4) can use that and avoid hashing the traffic by
themselves.
Approved by: re (gjb)
Sponsored by: Limelight Networks
Check TCP timestamp option flag so that the automatic receive buffer
scaling code does not use an uninitialized timestamp echo reply value
from the stack when timestamps are not enabled.
Approved by: re (gjb)
Ensure that locstat_nsecs() has no effect when lockstat probes are not
enabled or when the profiled lock carries the LO_NOPROFILE flag.
PR: 201642, 201517
Approved by: re (gjb)
Tested by: Jason Unovitch
New partition flag for gpart, writes the 0xee partition in the pmbr in the second slot, rather than the first.
Works around Lenovo legacy GPT boot issue
PR: 184910
Approved by: re (gjb), marcel
Relnotes: yes
Sponsored by: ScaleEngine Inc.
Differential Revision: https://reviews.freebsd.org/D3140
ssh: canonicize the host name before looking it up in the host file
Re-apply r99054 by des in 2002. This was accidentally dropped
by the update to OpenSSH 6.5p1 (r261320).
This change is actually taken from r387082 of
ports/security/openssh-portable/files/patch-ssh.c
Differential Revision: https://reviews.freebsd.org/D3103
PR: 198043
Approved by: re (gjb), kib (mentor)
Sponsored by: Dell Inc.
Relnotes: yes
If ggated's exports_find() fails, the connection is removed before
(trying to) report the problem to the client.
sendfail() is called with an already closed socket and thus it
fails to inform the client about the problem.
Fix this by calling sendfail() before connection_remove().
PR: 195944
Submitted by: Fabian Keil
Reviewed by: pjd
Approved by: re (gjb)
Unbreak ggatec and ggatel on i386 after r238119, which added two more
'struct g_gate_ctl_create' fields.
While the behaviour was technically undefined on other architectures
as well, on the reporter's amd64 systems the uninitialized bytes the
kernel cares about were always zero so everything worked as expected.
PR: 197309, 199559
Submitted by: ota@j.email.ne.jp, Fabian Keil
Reviewed by: pjd
Approved by: re (gjb)
New function smbios_match to detect BIOS versions during boot
MFC: r277957:
Fix order of functions in smbios.c (corrects r277949)
MFC: r281138:
SMBIOS support for EFI
r281138 makes changes to the new unified EFI loader (r280950), which has not been merged to stable/10 (and likely won't be).
These changes were manually applied to the amd64 EFI loader (sys/boot/amd64/efi).
The changes to sys/boot/amd64/efi are a direct commit.
Reviewed by: stas
Approved by: re (gjb), marcel
Sponsored by: ScaleEngine Inc.
Differential Revision: https://reviews.freebsd.org/D3129
- Add IPv6 support in quota(1). While rpc.rquotad has supported
PF_INET6 for a long time, quota(1) utility supported only PF_INET.
- Clean up confusing changes in f_mntfromname.
- Add an entry for rquotad with rpc/udp6 to inetd.conf.
PR: 194084
Approved by: re (kib)
Sponsored by: The FreeBSD Foundation
A variable was misspelled resulting in chmod executing on the installer instead of on the target chroot
PR: 191402
MFC: r285553
make /var/audit its own dataset so it is not part of the OS boot environment
PR: 199864
MFC: r285554
Set a mountpoint on the root of the pool so user-created datasets have a mountpoint to inherit
MFC: r285557
Make bsdinstall's zfsboot script align partitions to 4k/1m when the user requests it
PR: 195174
Approved by: re (gjb), brueffer
Relnotes: yes
Sponsored by: ScaleEngine Inc.
Prevent inlining txg_quiesce
This allows dtrace to monitor the calls to txg_quiesce which can be
really helpful.
Also standardize __noinline order for arc_kmem_reap_now.
Sponsored by: Multiplay
Approved by: re
introduced by r280182. FreeBSD-head doesn't need TUNABLE_INT() now with
SYSCTL_INT() but stable/10 still does.
Note: This is a direct commit to stable/10.
PR: 201644
Reviewed by: erj
Approved by: re (gjb)
Sponsored by: Limelight Networks
Obtain proper capsicum rights for dump files so rotation of such files works when requested. This is equivalent to cherry picking the following upstream commits:
commit c6d472bf63488b0c2ab7ab9f4b32c68dd2c8ea2b
commit f08eb851eedf9775e6485ab75c0d8cf8d1306be6
commit d83a284abc80d3d09f6bddd087760bb1b01d9cc7
PR: 199568
Approved by: re
Make the creation of the free lists dynamic, i.e., it is based on the
available physical memory at boot time. For amd64 systems with 64 GB
or more of physical memory, create free lists for managing pages with
physical addresses below 4 GB.
PR: 185727
Requested by: alc
Approved by: re (gjb)
Fill the port and protocol information in the SADB_ACQUIRE message
in case when security policy has it as required by RFC 2367.
PR: 192774
Approved by: re (delphij)
Use the monotonic (uptime) counter rather than time-of-day to measure
elapsed time between ntp_adjtime() clock offset adjustments. This
eliminates spurious frequency steering after a large clock step (such
as a 1970->2015 step on a system with no battery-backed clock hardware).
This problem was discovered after the import of ntpd 4.2.8, which does
things in a slightly different (but still correct) order than the 4.2.4
we had previously. In particular, 4.2.4 would step the clock then
immediately after use ntp_adjtime() to set the frequency and offset to
zero, which captured the post-step time-of-day as a side effect. In
4.2.8, ntpd sets frequency and offset to zero before any initial clock
step, capturing the time as 1970-ish, then when it next calls
ntp_adjtime() it's with a non-zero offset measurement. This non-zero
value gets multiplied by the apparent 45-year interval, which blows up
into a completely bogus frequency steer. That gets clamped to 500ppm,
but that's still enough to make the clock drift so fast that ntpd has
to keep stepping it every few minutes to compensate.
Approved by: re (gjb)
Fix if_loop so bpfwrite() can use it regardless of the state of
bd_hdrcmplt. As if_loop does not use link-level headers, its behavior
when used by bpfwrite() should be the same regardless of the state of
bd_hdrcmplt. Without this change, libpcap (and other BPF users that
work like it) fail when writing to loopback interfaces.
Approved by: re
Fix sysctl(3) so it returns the intended values for all mib names in
the 'user' sysctl tree, which have all been coming back 0 or empty
since r240176.
Approved by: re
