udp: Prefer memcpy() over bcopy()
The variable b[] is on the stack, thus cannot overlap with ipov, which
points to the heap area, so prefer memcpy() over memmove(), aka bcopy().
No functional change intended.
Reviewed by: cc, rrs, cy, #transport, #network
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D47713
Install pvscsi man page
This was lost during the initial introduction of the pvscsi driver [1].
Later the driver was enabled on arm64 [2], so also install the man page
on arm64.
1. 052e12a5084f Add the pvscsi driver to the tree
2. 375d797b8191 Enable pvscsi and vmx in arm64 GENERIC
Reviewed by: emaste, Alexander Ziaee <concussious.bugzilla_runbox.com> (manpages)
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D47712
pf: Use a single pointer to state in pf_src_connlimit()
There's no need for a double pointer, the function pf_src_connlimit()
does not modify the state.
Reviewed by: kp
Approved by: kp (mentor)
Sponsored by: InnoGames GmbH
Differential Revision: https://reviews.freebsd.org/D47758
Speed up syncer shutdown
When shutting down, the syncer kernel deamon needs to iterate over all
32 of its queues, pausing for 1/4 of second each time waiting for essentially
nothing. Bump the SYNCER_SHUTDOWN_SPEEDUP so that it takes just a second to
iterate. It will still wait for another second afterwards; that bit is left
unchanged.
Reviewed By: kib
Differential Revision: https://reviews.freebsd.org/D47647
powerpc: Get rid of interrupt subterfuge for IPIs
Instead of playing games with the interrupt event structure after the
fact when setting up IPIs, do the work in the interrupt initializer.
syslogd: Split up basic test case
The basic case previously tested if messages are correctly logged over
UNIX, INET, and INET6 transport. This single case can be split up into
three separate cases to decrease code complexity and offer more granular
results.
Both INET and INET6 cases will be skipped if the kernel does not
support the corresponding transport.
Reviewed by: zlei, markj
Differential Revision: https://reviews.freebsd.org/D47650
syslogd: Add host forwarding test
Test communication between hosts by setting up two syslogd instances,
each binded to their own addresses, and sending a message from one to
the other. The tests passes if the message was delivered and logged
successfully.
This required some tweaking to the syslogd start and stop routines so
they could handle launching multiple syslogd instances with different
runtime files.
Run the tests in jails with an isolated VNET so they don't fail due to
an address bind collision in the host's VNET.
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D47649
syslogd: Open forwarding socket descriptors
Previously, when forwarding a message to a remote address, the target's
addrinfo was saved at config-parse-time. When message-deliver-time came,
the message's addrinfo was passed into sendmsg(2) and delivered by the
first available inet socket.
Passing an addrinfo into sendmsg(2) is prohibited in Capsicum capability
mode, so sockets are now opened and connected to their remote peers at
config-parse-time when executing outside of the capability sandbox.
These connected socket descriptors are saved and passed into sendmsg(2),
allowing forwarding to be performed inside of the capability sandbox.
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D47104
syslogd: Watch for dead pipe processes
For each new pipe process, add its process descriptor into the kqueue
with the EVFILT_PROCDESC filter and NOTE_EXIT event. When the pipe
process exits, the main kqueue loop will catch this, logging exit errors
and cleaning up the pipe process' filed node.
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D41477
syslogd: Enter capability mode
Create syslogd_cap_enter() function, which puts syslogd in capability
mode and opens necessary libcasper channels for resource acquisition.
The `syslogd.casper` and `system.net` services are used.
Substitute capability-mode-unfriendly functions with their libcasper
`cap_` equivalents.
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D41467
syslogd: Block timezone updating in capability mode
Do not update local timezone data upon reload when syslogd is compiled
with libcasper support. Timezone files are pre-fetched using the
caph_cache_tzdata() function before entering capability mode. Attempts
to re-fetch these files will result in a capability violation.
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D41466
syslogd: Log messages using libcasper
Some logging operations require access to external resources to
complete. Logging to F_WALL requires on-demand access to the user
accounting database. Logging to F_CONSOLE requires access to the
console. Logging to F_PIPE prompts execution of a command outside
of capability mode.
These operations cannot be performed in capability mode, so the
"p_open", "ttymsg", and "wallmsg" commands may be sent to libcasper to
circumvent these limitations.
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D41465
syslogd: Refresh configuration using libcasper
When a SIGHUP signal is sent to syslogd, the configuration is reparsed,
leading to new resource acquisition.
If syslogd is running in capability mode and a SIGHUP is received, new
resources cannot be acquired. To mitigate this issue, libcasper is used
to parse the configuration.
The libcasper process runs outside of capability mode and is capable of
parsing syslogd's configuration and obtaining new resources. These
resources are then sent to the syslogd process via nvlist.
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D41464
syslogd: Use anonymous union in struct filed
Do not use macros to access unioned struct members. Use an anonymous
union and access union member names directly.
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D41703
syslogd: Create syslogd libcasper service
Once in capability mode, resource acquisition is not possible. To
mitigate this, introduce a libcasper service that is responsible for
fetching and returning new, requested resources to syslogd.
Some resources must be packed into an nvlist to be properly transferred
between syslogd and the libcasper process. The filed_to_nvlist() and
nvlist_to_filed() functions are included to ease the packing process for
filed structures.
Two additional syslogd.h and syslogd_cap.h header files are included
with shared declarations.
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D41463
nvi: use memmove to realign buffers
Replace a rather convoluted realignment algorithm with memmove(). In
addition to being hard to understand, the code would read beyond the end
of the input buffer in certain conditions (found on CheriBSD).
Sponsored by: DARPA
Pull Request: https://github.com/lichray/nvi2/pull/122
intro(3): remove profiling libs
We no longer have libc_p.a or libm_p.a.
Fixes: 3750ccefb862 ("Retire MK_PROFILE infrastructure")
Sponsored by: The FreeBSD Foundation
