iflib: Set the NUMA domain in receive packet headers
Reading PR 273559 made me realize that commit 767723ddebe9 is
incomplete. iflib should set the NUMA domain of received packets before
passing them to protocol layers.
PR: 273559
Reviewed by: zlei, kbowling, erj
Fixes: 767723ddebe9 ("iflib: Use if_alloc_dev() to allocate the ifnet")
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D47841
(cherry picked from commit 3d642b0f71c501dd9ee7aa0487788f619900d297)
pfkey: Fix some checks in kdebug_sadb()
Besides not doing any sufficient check that the length of a parsed
message is not bigger than the actual allocated buffer, kdebug_sadb()
incorrectly compares ext->sadb_ext_len, the extension payload size in 8
byte chunks, with tlen, which is the full message payload size in bytes.
This should compare PFKEY_UNUNIT64(ext->sadb_ext_len) with tlen instead.
PR: 277456
MFC after: 2 weeks
(cherry picked from commit 0dab21248bc9fab09e92b0c037303c921ebb1b8d)
sed: The change ("c") command should start a new cycle.
The "c" command should start the next cycle as clarified in POSIX 2024.
This is also consistent with historical and gnu sed behavior.
This patch is from OpenBSD by way of NetBSD with a tweak to the man page
date by me.
Confirmed the test case in the bug now works.
PR: 271817
Obtained from: NetBSD (1.39 uwe), OpenBSD (1.39 millert)
Sponsored by: Netflix
lagg: do not advertize support for ipsec offload
It is not implemented, and most likely cannot be, in a robust manner.
Reviewed by: Ariel Ehrenberg <aehrenberg at nvidia.com>, slavash
Sponsored by: NVidia networking
ofw: Fix inverted bcmp in ofw_bus_node_status_okay
Otherwise this matches any two-character status except for ok.
Fixes: e5e94d2de987 ("Expand OpenFirmware API with ofw_bus_node_status_okay method")
MFC after: 1 week
pf: fix double free in pf_state_key_attach()
In 371bd29d4b we fixed a state key leak, but unintentionally introduced a double free.
We pass through the relevant code twice, first for PF_SK_WIRE, then for
PF_SK_STACK. If we fail to attach on the second pass we have a more complex
cleanup job, handled by pf_detach_state(). We must only free the state keys
manually on the first pass, on the second one pf_detach_state() takes care of
everything.
Tested by: yds <yds at Necessitu.de>
Fixes: 371bd29d4b22257a7e92e1e711cca3d94cfbd00d
MFC after: 2 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")
pf: SCTP abort messages fully close the connection
As per RFC (RFC4960 section 3.3.7) an ABORT terminates the connection fully. We
should mode the state to CLOSED rather than CLOSING.
Suggested by: Oliver Thomas
See also: https://redmine.pfsense.org/issues/15924
Sponsored by: Rubicon Communications, LLC ("Netgate")
riscv: connect eswin to the build.
Connect Eswin IP drivers to the build.
Reviewed by: mhorne
Differential Revision: https://reviews.freebsd.org/D48119
arm64: apple: re-align to recent standards
In the time these have lingered in my tree, we've started to drop the
__FBSDID tags. Make sure we're using SPDX tags (and the correct one)
as well.
Reported by: mhorne
x86 atomics: Remove unused WANT_FUNCTIONS
This macro has not been in use since commit "inline atomics and allow tied
modules to inline locks" (r335873, f4b3640475cec929).
Reviewed by: markj, kib, emaste, imp
MFC after: 5 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D48061
MAC/do: Fix a compilation warning about an unused function
grant_supplementary_group_from_flags() had been used in previous
versions of the recent changes, but recently has not been needed
anymore. It has been kept around just in case deliberately, by analogy
with grant_primary_group_from_flags() (this one still being used).
arm64: add a driver for the Apple watchdog
Ensure it's disarmed upon attach, provide basic reset functionality.
Register definitions/usage obtained from OpenBSD.
Reviewed by: ray
Differential Revision: https://reviews.freebsd.org/D39824
arm64: add a driver for the Apple Interrupt Controller
Some limited support for later multi-die SoC is included, but not at all
tested and not expected to be functional yet. kevans needs to finish
getting his serial boards constructed, as the beefiest AS machine that
actually has multiple die to support in his fleet is currently a
dedicated serial console.
Reviewed by: andrew
Co-authored-by: Andrew Turner <andrew at FreeBSD.org>
Co-authored-by: Mike Karels <karels at FreeBSD.org>
Differential Revision: https://reviews.freebsd.org/D48079
riscv: Eswin hwreset support added.
Add reset controller driver for Eswin EIC7700.
This one has two reset cells in FDT, which is unusual, so provide a
custom hwreset_map method.
Tested on SiFive Premier P550.
Reviewed by: mhorne, jrtc27
Differential Revision: https://reviews.freebsd.org/D47853
riscv: Add SiFive CCache driver.
Eswin EIC7700 has non-coherent DMAs but predate the standard RISC-V Zicbom
extension, so we need to use the SiFive CCache controller for non-standard
cache management operations.
Tested on SiFive Premier P550.
Reviewed by: mhorne, jrtc27
Differential Revision: https://reviews.freebsd.org/D47831
riscv vmm: add SSTC extension check.
Check if RISC-V SSTC is available and advertise to the guest.
This is needed for Eswin EIC7700 that does not include SSTC.
As we don't have a mechanism for reporting extension presence
from the kernel to userspace, then use vm_cap_type for now.
Reviewed by: mhorne, markj
Differential Revision: https://reviews.freebsd.org/D48058
pf: teach nat64 to handle 0 UDP checksums
For IPv4 it's valid for a UDP checksum to be 0 (i.e. no checksum). This isn't
the case for IPv6, so if we translate a UDP packet from IPv4 to IPv6 we need to
ensure that the checksum is calculated.
Add a test case to verify this. Rework the server jail so it can listen for TCP
and UDP packets at the same time.
Sponsored by: Rubicon Communications, LLC ("Netgate")
pf: give the correct address family to dummynet after nat64
Pass the new address family rather than the incoming one. In most (i.e. all but
nat64) that's the same, but for nat64 we want the new address family instead.
Sponsored by: Rubicon Communications, LLC ("Netgate")
pf: fix dummynet + route-to for IPv6
Apply the fixes from c6f1116357904 and b8ef285f6cc6a to IPv6 as well.
Ensure that when dummynet re-injects it does so in the correct direction, and
uses the correct dummynet pipes.
Sponsored by: Rubicon Communications, LLC ("Netgate")
pf: fix nat64 round-robin addresses from a table
We do multiple lookups during the nat64 process, some of which will fail due
to address family mismatches. Do not reset the lookup offset so we actually use
different addresses from the table.
Sponsored by: Rubicon Communications, LLC ("Netgate")
