Commit Graph

269055 Commits

Author SHA1 Message Date
jhb
7533cc7304 Refer to AES-CBC as "aes-cbc" rather than "rijndael-cbc" for IPsec.
At this point, AES is the more common name for Rijndael128.  setkey(8)
will still accept the old name, and old constants remain for
compatiblity.

Reviewed by:	cem, bcr (manpages)
MFC after:	2 weeks
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D24964
2020-06-04 22:58:37 +00:00
jhb
9d16dd1a2d Update crypto(7) to list current ciphers.
Add descriptions of AES-CCM, Camellia-CBC, and Chacha20.

Reviewed by:	cem (previous version)
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D24963
2020-06-04 22:16:19 +00:00
mhorne
3ba5840a26 Document upgrade procedure in FREEBSD-upgrade
It was pointed out to me that this is the convention for documenting upgrade
instructions, rather than just leaving the instructions in the commit message.
It's possible these commands won't be used again before we transition to git,
but then at least they'll give a path forward for whoever touches this next.

Suggested by:	lwhsu
2020-06-04 20:48:57 +00:00
rscheff
a71bce46fb Add O_DIRECT flag to DD for cache bypass
FreeBSD DD utility has not had support for the O_DIRECT flag, which
is useful to bypass local caching, e.g. for unconditionally issuing
NFS IO requests during testing.

Reviewed by:	rgrimes (mentor)
Approved by:	rgrimes (mentor, blanket)
MFC after:	3 weeks
Sponsored by:	NetApp, Inc.
Differential Revision:	https://reviews.freebsd.org/D25066
2020-06-04 20:47:11 +00:00
erj
933837ffb5 em(4): Add support for Comet Lake Mobile Platform, update shared code
This change introduces Comet Lake Mobile Platform support in the e1000
driver along with shared code patches described below.

- Cast return value of e1000_ltr2ns() to higher type to avoid overflow
- Remove useless statement of assigning act_offset
- Add initialization of identification LED
- Fix flow control setup after connected standby:
  After connected standby the driver blocks resets during
  "AdapterStart" and skips flow control setup. This change adds
  condition in e1000_setup_link_ich8lan() to always setup flow control
  and to setup physical interface only when there is no need to block
  resets.

Signed-off-by: Piotr Pietruszewski <piotr.pietruszewski@intel.com>

Submitted by:	Piotr Pietruszewski <piotr.pietruszewski@intel.com>
Reviewed by:	erj@
Tested by:	Jeffrey Pieper <jeffrey.e.pieper@intel.com>
MFC after:	1 week
Relnotes:	yes
Sponsored by:	Intel Corporation
Differential Revision:	https://reviews.freebsd.org/D25035
2020-06-04 20:39:28 +00:00
jhb
dcd3781f84 Use separate output buffers for OCF requests in KTLS.
KTLS encryption requests for file-backed data such as from sendfile(2)
require the encrypted data to be stored in a separate buffer from the
unencrypted file input data.  Previously the OCF backend for KTLS
manually copied the data from the input buffer to the output buffer
before queueing the crypto request.  Now the OCF backend will use a
separate output buffer for such requests and avoid the copy.  This
mostly helps when an async co-processor is used by saving CPU cycles
used on the copy.

Reviewed by:	gallatin (earlier version)
Sponsored by:	Netflix
Differential Revision:	https://reviews.freebsd.org/D24545
2020-06-04 20:12:34 +00:00
se
933cb9a57b Fix obvious typo: IN_BLKDATA should be IN_IBLKDATA 2020-06-04 19:54:25 +00:00
mhorne
d61d4d690a Update edk2 headers to stable202005
We use these to compile libefivar. The particular motivation for this update is
the inclusion of the RISC-V machine definitions that allow us to build the
library on the platform. This support could easily have been submitted as a
small local diff, but the timing of the release coincided with this work, and
it has been over 3 years since these sources were initially imported.

Note that this comes with a license change from regular BSD 2-clause to the
BSD+Patent license. This has been approved by core@ for this particular
project [1].

As with the original import, we retain only the subset of headers that we
actually need to build libefivar. I adapted imp@'s process slightly for this
update:

    # Generate list of the headers needed to build
    cp -r ../vendor/edk2/dist/MdePkg/Include sys/contrib/edk2
    cd lib/libefivar
    make
    pushd `make -V .OBJDIR`
    cat .depend*.o | grep sys/contrib | cut -d' ' -f 3 |
        sort -u | sed -e 's=/full/path/sys/contrib/edk2/==' > /tmp/xxx
    popd

    # Merge the needed files
    cd ../../sys/contrib/edk2
    svn revert -R .
    for i in `cat /tmp/xxx`; do
        svn merge -c VendorRevision svn+ssh://repo.freebsd.org/base/vendor/edk2/dist/MdePkg/$i $i
    done
    svn merge -c VendorRevision svn+ssh://repo.freebsd.org/base/vendor/edk2/dist/MdePkg/MdePkg.dec MdePkg.dec

[1] https://www.freebsd.org/internal/software-license.html
2020-06-04 19:21:41 +00:00
mckusick
799f84a973 Two additional places that need to identify IN_IBLKDATA.
Reviewed by: kib
MFC with: -r361785
Differential Revision:  https://reviews.freebsd.org/D25072
2020-06-04 18:35:21 +00:00
kevans
7c445669e1 RELNOTES and UPDATING: Document the new policy on read(2) of dirfd
These changes have been completely flushed as of r361799; note it.
2020-06-04 18:19:16 +00:00
kevans
2109148b1c vfs: add restrictions to read(2) of a directory [2/2]
This commit adds the priv(9) that waters down the sysctl to make it only
allow read(2) of a dirfd by the system root. Jailed root is not allowed, but
jail policy and superuser policy will abstain from allowing/denying it so
that a MAC module can fully control the policy.

Such a MAC module has been written, and can be found at:
https://people.freebsd.org/~kevans/mac_read_dir-0.1.0.tar.gz

It is expected that the MAC module won't be needed by many, as most only
need to do such diagnostics that require this behavior as system root
anyways. Interested parties are welcome to grab the MAC module above and
create a port or locally integrate it, and with enough support it could see
introduction to base. As noted in mac_read_dir.c, it is released under the
BSD 2 clause license and allows the restrictions to be lifted for only
jailed root or for all unprivileged users.

PR:		246412
Reviewed by:	mckusick, kib, emaste, jilles, cy, phk, imp (all previous)
Reviewed by:	rgrimes (latest version)
Differential Revision:	https://reviews.freebsd.org/D24596
2020-06-04 18:17:25 +00:00
kevans
deeb56f911 vfs: add restrictions to read(2) of a directory [1/2]
Historically, we've allowed read() of a directory and some filesystems will
accommodate (e.g. ufs/ffs, msdosfs). From the history department staffed by
Warner: <<EOF

pdp-7 unix seemed to allow reading directories, but they were weird, special
things there so I'm unsure (my pdp-7 assembler sucks).

1st Edition's sources are lost, mostly. The kernel allows it. The
reconstructed sources from 2nd or 3rd edition read it though.

V6 to V7 changed the filesystem format, and should have been a warning, but
reading directories weren't materially changed.

4.1b BSD introduced readdir because of UFS. UFS broke all directory reading
programs in 1983. ls, du, find, etc all had to be rewritten. readdir() and
friends were introduced here.

SysVr3 picked up readdir() in 1987 for the AT&T fork of Unix. SysVr4 updated
all the directory reading programs in 1988 because different filesystem
types were introduced.

In the 90s, these interfaces became completely ubiquitous as PDP-11s running
V7 faded from view and all the folks that initially started on V7 upgraded
to SysV. Linux never supported this (though I've not done the software
archeology to check) because it has always had a pathological diversity of
filesystems.
EOF

Disallowing read(2) on a directory has the side-effect of masking
application bugs from relying on other implementation's behavior
(e.g. Linux) of rejecting these with EISDIR across the board, but allowing
it has been a vector for at least one stack disclosure bug in the past[0].

By POSIX, this is implementation-defined whether read() handles directories
or not. Popular implementations have chosen to reject them, and this seems
sensible: the data you're reading from a directory is not structured in some
unified way across filesystem implementations like with readdir(2), so it is
impossible for applications to portably rely on this.

With this patch, we will reject most read(2) of a dirfd with EISDIR. Users
that know what they're doing can conscientiously set
bsd.security.allow_read_dir=1 to allow read(2) of directories, as it has
proven useful for debugging or recovery. A future commit will further limit
the sysctl to allow only the system root to read(2) directories, to make it
at least relatively safe to leave on for longer periods of time.

While we're adding logic pertaining to directory vnodes to vn_io_fault, an
additional assertion has also been added to ensure that we're not reaching
vn_io_fault with any write request on a directory vnode. Such request would
be a logical error in the kernel, and must be debugged rather than allowing
it to potentially silently error out.

Commented out shell aliases have been placed in root's chsrc/shrc to promote
awareness that grep may become noisy after this change, depending on your
usage.

A tentative MFC plan has been put together to try and make it as trivial as
possible to identify issues and collect reports; note that this will be
strongly re-evaluated. Tentatively, I will MFC this knob with the default as
it is in HEAD to improve our odds of actually getting reports. The future
priv(9) to further restrict the sysctl WILL NOT BE MERGED BACK, so the knob
will be a faithful reversion on stable/12. We will go into the merge
acknowledging that the sysctl default may be flipped back to restore
historical behavior at *any* point if it's warranted.

[0] https://www.freebsd.org/security/advisories/FreeBSD-SA-19:10.ufs.asc

PR:		246412
Reviewed by:	mckusick, kib, emaste, jilles, cy, phk, imp (all previous)
Reviewed by:	rgrimes (latest version)
MFC after:	1 month (note the MFC plan mentioned above)
Relnotes:	absolutely, but will amend previous RELNOTES entry
Differential Revision:	https://reviews.freebsd.org/D24596
2020-06-04 18:09:55 +00:00
gonzo
3266c5f8f2 Remove licenses
I haven't requested explicit permission from authors and shouldn't have
added BSDL headers without it.

Requestes by:	imp
2020-06-04 17:20:58 +00:00
markj
f3888f1ccb dhclient: Fix a logic bug remove_protocol().
A logic bug in remove_protocol() meant that it would remove (leak) all
structures in the list preceding the one intended for removal.

PR:		245971
Submitted by:	joost@jodocus.org (original version)
MFC after:	1 week
2020-06-04 16:24:13 +00:00
markj
a8022aa609 Update vt(4) config option names to chase r303043.
PR:		246080
Submitted by:	David Marec <david@lapinbilly.eu>
MFC after:	1 week
2020-06-04 16:05:24 +00:00
cem
425e52218c Restrict default /root permissions
Remove world-readability from the root directory.  Sensitive information may be
stored in /root and we diverge here from normative administrative practice, as
well as installation defaults of other Unix-alikes.  The wheel group is still
permitted to read the directory.

750 is no more restrictive than defaults for the rest of the open source
Unix-alike world.  In particular, Ben Woods surveyed DragonFly, NetBSD,
OpenBSD, ArchLinux, CentOS, Debian, Fedora, Slackware, and Ubuntu.  None have a
world-readable /root by default.

Submitted by:	Gordon Bergling <gbergling AT gmail.com>
Reviewed by:	ian, myself
Discussed with:	emaste (informal approval)
Relnotes:	sure?
Differential Revision:	https://reviews.freebsd.org/D23392
2020-06-04 16:04:19 +00:00
eugen
dd5a75d386 ifconfig(8): make it possible to filter output by interface group.
Now options -g/-G allow to select/unselect interfaces by groups
in the "ifconfig -a" output just like already existing -d/-u.

Examples:

to exclude loopback from the list: ifconfig -a -G lo
to show vlan interfaces only: ifconfig -a -g vlan
to show tap interfaces that are up: ifconfig -aug tap

Arguments to -g/-G may be shell patterns and both may be specified.
Later options -g/-G override previous ones.

MFC after:		2 weeks
Relnotes:		yes
Differential Revision:	https://reviews.freebsd.org/D25029
2020-06-04 14:44:44 +00:00
eugen
ad5077cb33 ipfw: unbreak matching with big table type flow.
Test case:

# n=32769
# ipfw -q table 1 create type flow:proto,dst-ip,dst-port
# jot -w 'table 1 add tcp,127.0.0.1,' $n 1 | ipfw -q /dev/stdin
# ipfw -q add 5 unreach filter-prohib flow 'table(1)'

The rule 5 matches nothing without the fix if n>=32769.

With the fix, it works:
# telnet localhost 10001
Trying 127.0.0.1...
telnet: connect to address 127.0.0.1: Permission denied
telnet: Unable to connect to remote host

MFC after:	2 weeks
Discussed with: ae, melifaro
2020-06-04 14:15:39 +00:00
avg
1e61ad11f7 superio: do not assume that current LDN cannot change after config exit
That assumption should be true when superio(4) uses the hardware
exlusively.  But it turns out to not hold on some real systems.
So, err on the side of correctness rather than performance.
Clear current_ldn in sio_conf_exit.

Reported by:	bz
Tested by:	bz
MFC after:	1 week
2020-06-04 13:18:21 +00:00
avg
86cb658dd5 ifconfig.8: fix cpability and flag descriptions for list scan / sta
Some capability descriptions under list scan actually described flags.
Some capability descriptions were missing.
Some flag descriptions under list sta actually described capabilites.

Reviewed by:	adrian
MFC after:	1 week
Differential Revision: https://reviews.freebsd.org/D25014
2020-06-04 13:06:49 +00:00
kib
cef48ebea8 UFS: write inode block for fdatasync(2) if pointers in inode where allocated
The fdatasync() description in POSIX specifies that
    all I/O operations shall be completed as defined for synchronized I/O
    data integrity completion.
and then the explanation of Synchronized I/O Data Integrity Completion says
    The write is complete only when the data specified in the write
    request is successfully transferred and all file system
    information required to retrieve the data is successfully
    transferred.

For UFS this means that all pointers must be on disk. Indirect
pointers already contribute to the list of dirty data blocks, so only
direct blocks and root pointers to indirect blocks, both of which
reside in the inode block, should be taken care of. In ffs_balloc(),
mark the inode with the new flag IN_IBLKDATA that specifies that
ffs_syncvnode(DATA_ONLY) needs a call to ffs_update() to flush the
inode block.

Reviewed by:	mckusick
Discussed with:	tmunro
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D25072
2020-06-04 12:23:15 +00:00
kib
96608a7596 Revert r361770 "Add pthread_getname_np() and pthread_setname_np() aliases" for now.
It is not compatible enough with Linux.

Requested by:	antoine, jkim
Sponsored by:	The FreeBSD Foundation
2020-06-04 09:06:03 +00:00
bjk
41e8780dca Add EXAMPLES to killall(1)
Submitted by:	fernape
Differential Revision:	https://reviews.freebsd.org/D25002
2020-06-04 04:29:43 +00:00
gonzo
3ce9c18162 Add copyright headers to spigen overlays for rpi3 and rpi4
Reported by:	Rodney W. Grimes <freebsd@gndrsh.dnsmgr.net> (for rpi4)
2020-06-04 02:36:41 +00:00
emaste
04e4964d98 Correct terminology in vm.imply_prot_max sysctl description
As with r361769 (man page), PROT_* are properly called protections, not
permissions.

MFC after:	1 week
MFC with:	r361769
Sponsored by:	The FreeBSD Foundation
2020-06-04 01:49:29 +00:00
rmacklem
0b31143acc Fix mountd to handle getgrouplist() not returning groups[0] == groups[1].
Prior to r174547, getgrouplist(3) always returned a groups list with
element 0 and 1 set to the basegid argument, so long as ngroups was > 1.
Post-r174547 this is not the case. r328304 disabled the deduplication that
removed the duplicate, but the duplicate still does not occur unless the
group for a user in the password database is also entered in the group
database.
This patch fixes mountd so that it handles the case where a user specified
with the -maproot or -mapall exports option has a getgrouplist(3) groups
list where groups[0] != groups[1].
Found while testing another mountd patch.

MFC after:	2 weeks
2020-06-04 00:28:20 +00:00
jhb
97373f1e7a Add opt_compat.h needed by r359374.
Reported by:	kevans
2020-06-03 23:21:44 +00:00
adrian
afb761eda4 [run] Fix up tx/rx frame size.
This specifically fixes that TX frames are large enough now to hold a 3900 odd
byte AMSDU (the little ones); me flipping it on earlier messed up transmit!

Tested:

* if_run, STA mode, TX/RX TCP/UDP iperf.  TCP is now back to normal and
  correctly does ~ 3200 byte AMSDU/fast frames (2x1600ish byte MSDUs).
2020-06-03 22:30:44 +00:00
jhb
8a557cb63a Explicitly zero IVs on the stack.
Reviewed by:	delphij
Sponsored by:	Netflix
Differential Revision:	https://reviews.freebsd.org/D25057
2020-06-03 22:19:52 +00:00
jhb
276f494a35 Explicitly zero AES key schedules on the stack.
Reviewed by:	delphij
MFC after:	1 week
Sponsored by:	Netflix
Differential Revision:	https://reviews.freebsd.org/D25057
2020-06-03 22:18:21 +00:00
gonzo
7f7a1aaf5e Add spigen overlay for Raspberry Pi 4
Submitted by:	gergely.czuczy@harmless.hu
2020-06-03 22:18:15 +00:00
jhb
979f086e6f Explicitly zero on-stack IVs, tags, and HMAC keys.
Reviewed by:	delphij
Sponsored by:	Netflix
Differential Revision:	https://reviews.freebsd.org/D25057
2020-06-03 22:15:11 +00:00
jhb
b79e423f0d Add explicit bzero's of sensitive data in software crypto consumers.
Explicitly zero IVs, block buffers, and hashes/digests.

Reviewed by:	delphij
Sponsored by:	Netflix
Differential Revision:	https://reviews.freebsd.org/D25057
2020-06-03 22:11:05 +00:00
gonzo
e43f6ba03d Add dtb for Firefly RK3399 to the list of Rockchip dtbs 2020-06-03 21:19:57 +00:00
kib
02a4d1994d Add pthread_getname_np() and pthread_setname_np() aliases
for pthread_get_name_np() and pthread_set_name_np(), to be
compatible with Linux.

PR:	238404
Proposed and reviewed by:	markj
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D25117
2020-06-03 20:54:36 +00:00
emaste
acf1fa2b55 mmap.2: correct prot argument terminology
One of the error descriptions referred to permissions; in context the
meaning was probably clear, but the prot values are properly called
protections.

MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
2020-06-03 20:42:52 +00:00
adrian
56bdf0bc09 [otus] enable 802.11n for 2GHz and 5GHz.
This flips on basic 11n for 2GHz/5GHz station operation.

* It flips on HT20 and MCS rates;
* It enables A-MPDU decap - the payload format is a bit different;
* It does do some basic checks for HT40 but I haven't yet flipped on
  HT40 support;
* It enables software A-MSDU transmit; I honestly don't want to make
  A-MPDU TX work and there are apparently issues with QoS and A-MPDU TX.
  So I totally am ignoring A-MPDU TX;
* MCS rate transmit is fine.

I haven't:

* A-MPDU TX, as I said above;
* made radiotap work fully;
* HT40;
* short-GI support;
* lots of other stuff that honestly no-one is likely to use.

But! Hey, this is another ye olde 11n USB NIC that now works pretty OK
in 11n rates. A-MPDU receive seems fine enough given it's a draft-n
device from before 2010.

Tested:

* Ye olde UB82 Test NIC (AR9170 + AR9104) - 2GHz/5GHz
2020-06-03 20:25:02 +00:00
jhb
2ce27e3dd3 Document SO_NO_OFFLOADS and SO_NO_DDP.
Reviewed by:	bcr, np
MFC after:	1 week
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D25043
2020-06-03 18:59:31 +00:00
jhb
692c6fabbb Revise r361712 to disable tcpmd5.ko for 'options TCP_SIGNATURE' 2020-06-03 18:42:28 +00:00
kevans
83f4464bb7 lualoader: drop the filename and word "LUA" from errors
The filename is nearly always wrong since it's /boot/lua/loader.lua, which
is not useful for diagnostics. The actual errmsg will include a lua filename
if this is relevant.

Dropping "LUA" while we're here because that's almost universally
irrelevant to whatever error follows, unless the error states that it's
actually a lua problem.

Both of these are minor nits that just detract from identifying the
pertinent information.

MFC after:	3 days
2020-06-03 18:29:32 +00:00
vmaffione
c52734174e netmap: vtnet: clean up rxsync disabled logs
MFC after:	1 week
2020-06-03 17:47:32 +00:00
vmaffione
ed8ca220e9 netmap: vtnet: fix race condition in rxsync
This change prevents a race that happens when rxsync dequeues
N-1 rx packets (with N being the size of the netmap rx ring).
In this situation, the loop exits without re-enabling the
rx interrupts, thus causing the VQ to stall.

MFC after:	1 week
2020-06-03 17:46:21 +00:00
vmaffione
07f67f4be2 netmap: vtnet: add vtnrx_nm_refill index to receive queues
The new index tracks the next netmap slot that is going
to be enqueued into the virtqueue. The index is necessary
to prevent the receive VQ and the netmap rx ring from going
out of sync, considering that we never enqueue N slots, but
at most N-1. This change fixes a bug that causes the VQ
and the netmap ring to go out of sync after N-1 packets
have been received.

MFC after:	1 week
2020-06-03 17:42:17 +00:00
freqlabs
e9a39e0c3c Fix typo in previous commit
Applied the wrong patch

Reported by:	Michael Butler <imb@protected-networks.net>
Approved by:	mav (mentor)
Sponsored by:	iXsystems.com
2020-06-03 17:26:00 +00:00
freqlabs
7d0c038fa7 scope6: Check for NULL afdata before dereferencing
Narrows the race window with if_detach.

Approved by:	mav (mentor)
MFC after:	3 days
Sponsored by:	iXsystems, Inc.
Differential Revision:	https://reviews.freebsd.org/D25017
2020-06-03 16:57:30 +00:00
mhorne
08583f2575 gptboot.efi: align secbuf to 4K
The u-boot EFI implementation of the ReadBlocks and WriteBlocks methods
requires that the provided buffer meet the IO alignment requirements of
the underlying disk. Unlike loader.efi, gptboot.efi doesn't check this
requirement, and therefore fails to perform a successful read. Adjust
secbuf's alignment to 4K in hopes that we will always meet this
requirement.

Reviewed by:	imp
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D25111
2020-06-03 16:38:16 +00:00
rrs
f747b279f1 We should never allow either the broadcast or IN_ADDR_ANY to be
connected to or sent to. This was fond when working with Michael
Tuexen and Skyzaller. Skyzaller seems to want to use either of
these two addresses to connect to at times. And it really is
an error to do so, so lets not allow that behavior.

Sponsored by:	Netflix Inc.
Differential Revision:	https://reviews.freebsd.org/D24852
2020-06-03 14:16:40 +00:00
rrs
452e9158b0 This fixes a couple of skyzaller crashes. Most
of them have to do with TFO. Even the default stack
had one of the issues:

1) We need to make sure for rack that we don't advance
   snd_nxt beyond iss when we are not doing fast open. We
   otherwise can get a bunch of SYN's sent out incorrectly
   with the seq number advancing.
2) When we complete the 3-way handshake we should not ever
   append to reassembly if the tlen is 0, if TFO is enabled
   prior to this fix we could still call the reasemmbly. Note
   this effects all three stacks.
3) Rack like its cousin BBR should track if a SYN is on a
   send map entry.
4) Both bbr and rack need to only consider len incremented on a SYN
   if the starting seq is iss, otherwise we don't increment len which
   may mean we return without adding a sendmap entry.

This work was done in collaberation with Michael Tuexen, thanks for
all the testing!
Sponsored by:	Netflix Inc
Differential Revision:	https://reviews.freebsd.org/D25000
2020-06-03 14:07:31 +00:00
tuexen
831d2ffcb9 Restrict enabling TCP-FASTOPEN to end-points in CLOSED or LISTEN state
Enabling TCP-FASTOPEN on an end-point which is in a state other than
CLOSED or LISTEN, is a bug in the application. So it should not work.
Also the TCP code does not (and needs not to) handle this.
While there, also simplify the setting of the TF_FASTOPEN flag.

This issue was found by running syzkaller.

Reviewed by:		rrs
MFC after:		1 week
Sponsored by:		Netflix, Inc.
Differential Revision:	https://reviews.freebsd.org/D25115
2020-06-03 13:51:53 +00:00
ae
ba20cd0161 Add if_reassing method to all tunneling interfaces.
After r339550 tunneling interfaces have started handle appearing and
disappearing of ingress IP address on the host system.
When such interfaces are moving into VNET jail, they lose ability to
properly handle ifaddr_event_ext event. And this leads to need to
reconfigure tunnel to make it working again.

Since moving an interface into VNET jail leads to removing of all IP
addresses, it looks consistent, that tunnel configuration should also
be cleared. This is what will do if_reassing method.

Reported by:	John W. O'Brien <john saltant com>
MFC after:	1 week
2020-06-03 13:02:31 +00:00