pf: Fix timestamps and connection rate in source node export
When copying struct pf_ksrc_node into a netlink message some fields
change their meaning. In kernel creation and expire fields are storing
number of seconds since boot.
Add conversion to number of seconds relative to moment of exporting the
source node via netlink, as this is what pfctl expects. Add conversion
of connection rate count.
Reviewed by: kp
Approved by: kp (mentor)
Sponsored by: InnoGames GmbH
Differential Revision: https://reviews.freebsd.org/D47321
pf: Fix missing connection rate for DIOCGETSRCNODES
The function pf_src_node_copy() copies struct pf_ksrc_node to its ioctl
counterpart. It was missing copying of the conn_rate field, even though
the code for adjusting the output for pfctl was in place.
Add copying of conn_rate.
Reviewed by: kp
Approved by: kp (mentor)
MFC after: 2 weeks
Sponsored by: InnoGames GmbH
Differential Revision: https://reviews.freebsd.org/D47679
git-arc: Document how a reviewer group can be referenced
Reviewed by: concussious.bugzilla_runbox.com, markj
Approved by: markj (mentor)
Differential Revision: https://reviews.freebsd.org/D47669
release: Don't break if firmware install fails
On some platforms (e.g. powerpc) we don't have packages, so we can't
install them onto the ISOs. Proceed with building the images anyway.
Reported by: Weekly snapshot builds
Fixes: 7e2996c1f5b4 ("release: install wireless firmware onto disc1 and dvd")
MFC after: 1 minute
(cherry picked from commit e8263ace39c8ecf11233c0a10d0b1839e6813046)
release: Don't break if firmware install fails
On some platforms (e.g. powerpc) we don't have packages, so we can't
install them onto the ISOs. Proceed with building the images anyway.
Reported by: Weekly snapshot builds
Fixes: 7e2996c1f5b4 ("release: install wireless firmware onto disc1 and dvd")
MFC after: 1 minute
release: Remove empty suffix from file names
For "release" builds (as opposed to "snapshot" builds -- in this
context BETAs and RCs are "releases") ${SNAP_SUFFIX} is empty; but it
stuck into some ociimages filenames via a copy-and-paste error.
The final filenames on the download mirrors were not affected, so
this does not need to be merged to releng/14.2.
MFC after: 3 days
Sponsored by: Amazon
(cherry picked from commit d54fdd16636bbe6a38a5b0a636dd83cf64aa6e06)
ixgbe: Add support for 1Gbit DAC links
This is a relatively well known trick for the X520 (82599), can be
useful for testing and lab settings. It's not an official standard or
particularly common but ubiquitous Broadcom switch ASICs deal with it.
We'll call it 1000Base-KX because it's SerDes on the passive cable and
I don't think it's worth adding another media type for this.
Reviewed by: emaste
Sponsored by: BBOX.io
Differential Revision: https://reviews.freebsd.org/D47352
(cherry picked from commit 48ddd1b9f88753c6875566fbb67bc622453e4993)
ixgbe: Add support for 1Gbit DAC links
This is a relatively well known trick for the X520 (82599), can be
useful for testing and lab settings. It's not an official standard or
particularly common but ubiquitous Broadcom switch ASICs deal with it.
We'll call it 1000Base-KX because it's SerDes on the passive cable and
I don't think it's worth adding another media type for this.
Reviewed by: emaste
Sponsored by: BBOX.io
Differential Revision: https://reviews.freebsd.org/D47352
(cherry picked from commit 48ddd1b9f88753c6875566fbb67bc622453e4993)
e1000: Improve igb(4) SFP support
* Adds support for SFPs that are not correctly coded as an SFP
transceiver. i.e. Coherent-Finisar FCLF8522P2BTL.
* Configures multi-rate SFPs i.e. Coherent-Finisar FCLF8522P2BTL as
SGMII so they can do 10/100/1000 auto-negotiation.
* Adds support for 100BaseLX SGMII transceivers.
* Some code cleanup and additional debugging.
Reviewed by: emaste, markj, Franco Fichtner <franco at opnsense.org>
Tested by: Natalino Picone <natalino.picone at nozominetworks.com>
Sponsored by: Nozomi Networks
Sponsored by: BBOX.io
Differential Revision: https://reviews.freebsd.org/D47337
(cherry picked from commit 15853a5fc9548d9805a2ef22f24e2eb580198341)
e1000: Improve igb(4) SFP support
* Adds support for SFPs that are not correctly coded as an SFP
transceiver. i.e. Coherent-Finisar FCLF8522P2BTL.
* Configures multi-rate SFPs i.e. Coherent-Finisar FCLF8522P2BTL as
SGMII so they can do 10/100/1000 auto-negotiation.
* Adds support for 100BaseLX SGMII transceivers.
* Some code cleanup and additional debugging.
Reviewed by: emaste, markj, Franco Fichtner <franco at opnsense.org>
Tested by: Natalino Picone <natalino.picone at nozominetworks.com>
Sponsored by: Nozomi Networks
Sponsored by: BBOX.io
Differential Revision: https://reviews.freebsd.org/D47337
(cherry picked from commit 15853a5fc9548d9805a2ef22f24e2eb580198341)
igc: sysctl for TCP flag handling during TSO
Add tso_tcp_flags_mask_first_segment, tso_tcp_flags_mask_middle_segment,
and tso_tcp_flags_mask_last_segment sysctl-variables to control the
handling of TCP flags during TSO.
This allows to change the masks appropriate for classical ECN and to
configure appropriate masks for accurate ECN.
MFC after: 3 days
Sponsored by: Netflix
e1000: sysctl for TCP flag handling during TSO
Add tso_tcp_flags_mask_first_segment, tso_tcp_flags_mask_middle_segment,
and tso_tcp_flags_mask_last_segment sysctl-variables to control the
handling of TCP flags during TSO.
This allows to change the masks appropriate for classical ECN and to
configure appropriate masks for accurate ECN.
Reviewed by: rrs
MFC after: 3 days
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D44259
rtwn: change the USB TX transfers to only do one pending transfer per endpoint
I found I was getting constant device timeouts when doing anything
more complicated than a single SSH on laptop with RTL8811AU.
After digging into it, i found a variety of fun situations, including
traffic stalls that would recover w/ a shorter (1 second) USB transfer
timeout. However, the big one is a straight up hang of any TX endpoint
until the NIC was reset. The RX side kept going just fine; only the
TX endpoints would hang.
Reproducing it was easy - just start up a couple of traffic streams
on different WME AC's - eg a best effort + bulk transfer, like
browsing the web and doing an ssh clone - throw in a ping -i 0.1
to your gateway, and it would very quickly hit device timeouts every
couple of seconds.
I put everything into a single TX EP and the hangs went away.
Well, mostly.
[38 lines not shown]
ixgbe: sysctl for TCP flag handling during TSO
Add tso_tcp_flags_mask_first_segment, tso_tcp_flags_mask_middle_segment,
and tso_tcp_flags_mask_last_segment sysctl-variables to control the
handling of TCP flags during TSO.
This allows to fix the masks appropriate for classical ECN and to
configure appropriate masks for accurate ECN.
Michael notes emperically 82599 has an unexpected middle mask:
Chip First Middle Last
82599 0xFF6 0xFF6 0xF7F
which should be fixed up to 0xF76 (RFC 3168) in a future commit.
Reviewed by: rrs, rscheff
MFC after: 3 days
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D44258
fork: Document _Fork (and fork) as POSIX 2024
Also remove some information from HISTORY that is no longer needed (and
could be confusing), now that _Fork is part of a standard.
Reported by: kib
Reviewed by: imp, kib
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D47588
(cherry picked from commit 566c039d1e7555343fcf6439a10e56f5a632c0fe)
tcp: mechanically rename hostcache metrics structure fields
Use hc_ prefix instead of rmx_. The latter stands for "route metrix" and
is an artifact from the 90-ies, when TCP caching was embedded into the
routing table. The rename should have happened back in 97d8d152c28bb.
No functional change. Done with sed(1) command:
s/rmx_(mtu|ssthresh|rtt|rttvar|cwnd|sendpipe|recvpipe|granularity|expire|q|hits|updates)/hc_\1/g
bsdinstall: wlanconfig: fix interface UP on (re-)starting wpa_supplicant
Make sure an interface is back up before (re-)starting wpa_supplicant
in wlanconfig not relying on wpa to UP the interface (though we fixed
that).
Sponsored by: The FreeBSD Foundation
Reviewed by: emaste (in D47491)
Differential Revision: https://reviews.freebsd.org/D47491
(cherry picked from commit 5399052c63a7a3d2f54615d31bfd092ab887a600)
bsdinstall: add menu to install firmware
Add a menu to the installer to run fwget(8) inside the newly installed
system to install firmware known to be needed.
This requires working netowrking.
This is needed at least for wireless currently for when we entirely
stop shipping new firmware in src.git to have working networking on
the installed system (we already do need this for at least rtw89).
Sponsored by: The FreeBSD Foundation
Tested with: 4 different iwlwifi chipsets in a system (earlier version)
Suggested improvments by: jrtc27
Differential Revision: https://reviews.freebsd.org/D47491
(cherry picked from commit bbe2a1da2df639c616869aa838244c8094779bd4)
release: install wireless firmware onto disc1 and dvd
Wireless driver firmware is no longer added to the src tree.
In order to have wireless support in the installer for the new drivers
we install the firmware packages onto disc1 (and memstick) and dvd
if built on FreeBSD and NOPKG is not defined (to not break cross-builds
from Linux or OSX and to allow people to opt-out).
Sponsored by: The FreeBSD Foundation
Submitted by: cperciva (the orig. commands and where to place them)
Reviewed by: jrtc27
Differential Revision: https://reviews.freebsd.org/D47407
(cherry picked from commit 7e2996c1f5b4e684cae40c2418b68061df9997d9)
igc.4: Remove non-existent timer tunables
These were removed in a40ecb6f7405 because they do not apply to igc
hardware which uses EITR for interval timing.
MFC after: 3 days
Sponsored by: BBOX.io
nanobsd: Remove dependency on bsdlabel
The bsdlabel utility is deprecated, gpart should be used instead:
- Offset the first 16 sectors, just like bsdlabel did (used for
metadata)
- Use a freebsd-ufs partition type (regardless bsdlabel creating a
'!0')
Reviewed by: emaste, imp
Approved by: emaste (mentor)
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D47653
pf: Let rdr rules modify the src port if doing so would avoid a conflict
If NAT rules cause inbound connections to different external IPs to be
mapped to the same internal IP, and some application uses the same
source port for multiple such connections, rdr translation may result in
conflicts that cause some of the connections to be dropped.
Address this by letting rdr rules detect state conflicts and modulate
the source port to avoid them.
Reviewed by: kp, allanjude
MFC after: 3 months
Sponsored by: Klara, Inc.
Sponsored by: Modirum
Differential Revision: https://reviews.freebsd.org/D44488
(cherry picked from commit 9897a66923a3e79c22fcbd4bc80afae9eb9f277c)
