tcp: filter small SACK blocks
While the SACK Scoreboard in the base stack limits
the number of holes by default to only 128 per connection
in order to prevent CPU load attacks by splitting SACKs,
filtering out SACK blocks of unusually small size can
further improve the actual processing of SACK loss recovery.
Reviewed By: tuexen, #transport
Sponsored by: NetApp, Inc.
Differential Revision: https://reviews.freebsd.org/D45075
pf: always mark states as unlinked before detaching them
Users have reported crashes in pf_test_state_udp() where at least one state key
is NULL.
That suggests that pf_detach_state() ran concurrently with pf_test_state_udp().
pf_test_state_udp() holds the state lock (aka the id lock), but
pf_detach_state() does not.
The intent is that detached states are not returned by STATE_LOOKUP/
pf_find_state(), as the state's timeout is set to PFTM_UNLINKED and thus
pf_find_state() does not find the state.
There are other paths to pf_detach_state() (outside of pf_unlink_state())
though, where we did not set the timeout to PFTM_UNLINKED. Fix those, and assert
that the timeout is set correctly when we enter pf_detach_state().
MFC after: 1 week
See also: https://redmine.pfsense.org/issues/15413
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D45101
carp: refactor packet tagging for ether_output()
- Separate HMAC preparation (CARP specific) from tagging.
- In unicast mode (CARP specific) don't put tag at all.
- Don't put pointer to software context into the tag. Putting just vhid,
an integer value, is a safer design.
Reviewed by: kp
Differential Revision: https://reviews.freebsd.org/D45038
carp: isolate VRRP from CARP
There is only one functional change here - we don't allow SIOCSVH (or
netlink request) to change sc->sc_version. I'm convinced that allowing
such a change doesn't brings any practical value, but creates enless
minefields in front of both developers and end users (sysadmins). If
you want to switch from VRRP to CARP or vice versa, you'd need to recreate
the VHID.
Oh, one tiny funtional change: carp_ioctl_set() won't modify any fields
if it returns EINVAL. Previously you could provide valid advbase with
invalid advskew - that used to modify advbase and return EINVAL.
All other changes is a sweep around not ever using CARP fields when
we are in VRRP mode and vice versa. Also adding assertions on sc_version
where necessary.
Do not send VRRP vars in CARP mode via NetLink and vice versa. However
in compat ioctl SIOCGVH for VRRP mode the CARP fields would be zeroes.
[6 lines not shown]
carp: don't chain call vrrp_send_ad via carp_send_ad
Provide inline send_ad_locked() that switches between protocol
specific sending function.
Rename carp_send_ad() to carp_callout() to avoid getting lost in
all these multiple foo_send_ad.
No functional change intended.
Reviewed by: kp
Differential Revision: https://reviews.freebsd.org/D45036
carp: support VRRPv3
Allow carp(4) to use the VRRPv3 protocol (RFC 5798). We can distinguish carp and
VRRP based on the protocol version number (carp is 2, VRRPv3 is 3), and support
both from the carp(4) code.
Reviewed by: glebius
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D44774
dtb: rockchip: Add Radxa ROCK 4C Plus to the build.
The ROCK 4C Plus is a cost-reduced variant of the ROCK Pi 4 based on
the RockChip RK3399-T.
Reviewed by: manu
MFC after: 1 week
Differential Revision: <https://reviews.freebsd.org/D45110
release: Stage non-UFS images in vm-images-stage
When the VM image building code was updated to support building
non-UFS images, the vm-images-stage target was not updated to
install those newly built images to the FTP site. As a result, we
have been sending weekly snapshot announcements since August claiming
that ZFS VM images are available when they are not in fact present
anywhere publicly accessible.
Fixes: 32ae9a6b3937 "release: Build UFS and ZFS VM images"
Reported by: Michael Dexter
MFC after: 5 days
(cherry picked from commit f4b08097d8e274e1a8526d864c31462ea42d9e9f)
ObsoleteFiles.inc: Remove /var/db/portsnap
This is a followup to commit "Remove remnants of portsnap(8)"
(9b30b96c1fa4). I wasn't aware of OLD_DIRS.
Approved by: markj (mentor)
MFC after: 1 day
MFC with: 9b30b96c1fa4
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D45023
arm64 pmap: Add ATTR_CONTIGUOUS support [Part 3]
Introduce L3C promotion of base page mappings. When the base page size
is 4KB, use ATTR_CONTIGUOUS to promote 16 aligned, contiguous base page
mappings to a 64KB mapping. Alternatively, when the base page size is
16KB, use ATTR_CONTIGUOUS to promote 128 aligned, contiguous base page
mappings to a 2MB mapping.
Given the frequency of L3C counter updates, switch to per-CPU counters
to avoid cache line ping ponging.
Revise the L3C counter descriptions to reflect the fact that the size
of an L3C mapping varies depending on the base page size.
Co-authored-by: Eliot Solomon <ehs3 at rice.edu>
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D44983
sockets: garbage collect PRCOREQUESTS and stale comment
The code deleted predates FreeBSD history. The comment deleted is 99%
outdated. Why KAME decided to use these constants instead of normal ones
also lost in centuries.
nvmecontrol: Fix a sign compare mismatch
Even though mqes (uint16_t) and queue_size (u_int) are both unsigned,
the expression 'mqes + 1' gets promoted to int which is signed. Keep
the value unsigned by explicitly promoting mqes to u_int before
incrementing the value.
Reported by: GCC
nvme: Bump the alignment of struct nvme_health_information_page to 8
This ensures that embedded uint64_t values used for statistics
counters are aligned when allocating a structure on the stack or as
part of a containing structure. In particular this quiets
-Waddress-of-packed-member warnings from GCC when compiling the code
in nvmfd to update the stats.
Reported by: GCC
lib/clang: clean out old llvm/clang Sparc target remnants
The WITH_LLVM_TARGET_ENABLE_SPARC option was removed a long time ago,
but some ifdefs were still laying around, so clean them up.
PR: 276104
Approved by: re (cperciva)
MFC after: 3 days
(cherry picked from commit 6f444019009a55aac18d18054d154155fbf606c9)
(cherry picked from commit 0b8cdac883f5028c8716aa7442c07c68ac1f780b)
lib/clang: clean out old llvm/clang Sparc target remnants
The WITH_LLVM_TARGET_ENABLE_SPARC option was removed a long time ago,
but some ifdefs were still laying around, so clean them up.
PR: 276104
MFC after: 3 days
(cherry picked from commit 6f444019009a55aac18d18054d154155fbf606c9)
Fixup: Merge llvm-project release/18.x llvmorg-18.1.5-0-g617a15a9eac9
Update version numbers, config headers, etc. Git tricked me into losing
these before pushing.
PR: 276104
Fixes: d67fc74b9249
MFC after: 3 days
(cherry picked from commit 894cb08f0d3656fdb81f4d89085bedc4235f3cb6)
lib/clang: clean out old llvm/clang Sparc target remnants
The WITH_LLVM_TARGET_ENABLE_SPARC option was removed a long time ago,
but some ifdefs were still laying around, so clean them up.
PR: 276104
MFC after: 3 days
(cherry picked from commit 6f444019009a55aac18d18054d154155fbf606c9)
Fixup: Merge llvm-project release/18.x llvmorg-18.1.5-0-g617a15a9eac9
Update version numbers, config headers, etc. Git tricked me into losing
these before pushing.
PR: 276104
Fixes: d67fc74b9249
MFC after: 3 days
(cherry picked from commit 894cb08f0d3656fdb81f4d89085bedc4235f3cb6)