dpaa2: add support for several interface counters
Add support for IFCOUNTER_IPACKETS, IFCOUNTER_OPACKETS,
IFCOUNTER_OBYTES, IFCOUNTER_OMCASTS, IFCOUNTER_OERRORS, and
IFCOUNTER_OQDROPS.
This allows tools like systat to report the incoming and outgoing
bandwidth.
Reviewed by: dsl, Timo Völker
Differential Revision: https://reviews.freebsd.org/D54893
(cherry picked from commit 33596d92555e5b1632fca14eb9af295e4b8f751c)
dpnaa2: announce transmit checksum support
Let the network stack know that the NIC supports checksum offloading
for the IPv4 header checksum and the TCP and UDP transport checksum.
This avoids the computation in software and therefore provides the
expected performance gain.
PR: 292006
Reviewed by: dsl, Timo Völker
Differential Revision: https://reviews.freebsd.org/D54809
(cherry picked from commit f31336b3e3146fed9cc517fef8e877c17496f9e0)
dpaa2: add support for several interface counters
Add support for IFCOUNTER_IPACKETS, IFCOUNTER_OPACKETS,
IFCOUNTER_OBYTES, IFCOUNTER_OMCASTS, IFCOUNTER_OERRORS, and
IFCOUNTER_OQDROPS.
This allows tools like systat to report the incoming and outgoing
bandwidth.
Reviewed by: dsl, Timo Völker
Differential Revision: https://reviews.freebsd.org/D54893
(cherry picked from commit 33596d92555e5b1632fca14eb9af295e4b8f751c)
dpnaa2: announce transmit checksum support
Let the network stack know that the NIC supports checksum offloading
for the IPv4 header checksum and the TCP and UDP transport checksum.
This avoids the computation in software and therefore provides the
expected performance gain.
PR: 292006
Reviewed by: dsl, Timo Völker
Differential Revision: https://reviews.freebsd.org/D54809
(cherry picked from commit f31336b3e3146fed9cc517fef8e877c17496f9e0)
ippool(5): Correct example in man page
The example provided puts the semicolon in the wrong place. It must
come after the file:// specification, not in it.
(cherry picked from commit f5d0b30e4af1163bdc18a893b17236517b67790a)
ippool(5): Correct example in man page
The example provided puts the semicolon in the wrong place. It must
come after the file:// specification, not in it.
(cherry picked from commit f5d0b30e4af1163bdc18a893b17236517b67790a)
ippool(5): Correct example in man page
The example provided puts the semicolon in the wrong place. It must
come after the file:// specification, not in it.
(cherry picked from commit f5d0b30e4af1163bdc18a893b17236517b67790a)
pseries/llan: call init when ioctl sets interface UP
This should fix dhcp on an unitialized interface. This solution was
found while comparing against another driver, SIOCSIFFLAGS is used by
dhclient to force the interface up before it has an IP address.
However, all setup work is done in llan_init(), so the interface would
not be enabled if configured via only the SIOCSIFFLAGS ioctl. By
running llan_init() when the interface is forced up via SIOCSIFFLAGS,
the interface is initialized properly.
PR: 292164
packages: Register pkgconf
This should fix the creation of the new packages introduced by the
import of pkgconf into the base system.
Fixes: b8352da33f34 ("pkgconf: import into the base system")
PR: 294724
Reviewed by: ivy, ngie
Approved by: ngie
Sponsored by: The FreeBSD Foundation
Differential revision: https://reviews.freebsd.org/D56589
ping6: treat setsockopt failures as fatal
ping6 needs IPV6_RECVPKTINFO and IPV6_RECVHOPLIMIT to process
incoming replies. When these options fail, replies are silently
dropped and ping6 appears to hang. Use err(3) instead of warn(3)
so the user gets a clear error and immediate exit.
Signed-off-by: Christos Longros <chris.longros at gmail.com>
Reviewed by: pouria, jlduran, glebius
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D56237
(cherry picked from commit 9a4a9f623bbaf991b3ba580593d47f2ee9f7b03b)
ping6: treat setsockopt failures as fatal
ping6 needs IPV6_RECVPKTINFO and IPV6_RECVHOPLIMIT to process
incoming replies. When these options fail, replies are silently
dropped and ping6 appears to hang. Use err(3) instead of warn(3)
so the user gets a clear error and immediate exit.
Signed-off-by: Christos Longros <chris.longros at gmail.com>
Reviewed by: pouria, jlduran, glebius
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D56237
(cherry picked from commit 9a4a9f623bbaf991b3ba580593d47f2ee9f7b03b)
ping6: treat setsockopt failures as fatal
ping6 needs IPV6_RECVPKTINFO and IPV6_RECVHOPLIMIT to process
incoming replies. When these options fail, replies are silently
dropped and ping6 appears to hang. Use err(3) instead of warn(3)
so the user gets a clear error and immediate exit.
Signed-off-by: Christos Longros <chris.longros at gmail.com>
Reviewed by: pouria, jlduran, glebius
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D56237
(cherry picked from commit 9a4a9f623bbaf991b3ba580593d47f2ee9f7b03b)
mac_seeotheruids: allow specificgid to be a list of groups
The specificgid functionality has historically allowed only a single
group to be exempt, but in practice one might want a few services to
be exempt for reasons. From a security perspective, we probably don't
want to encourage unrelated users to be grouped together solely for
this purpose, as that creates one point of shared access that could be
used for nefarious purposes.
Normalize the group list as we do cr_groups to allow for linear matching
rather than quadratic, we just need to account for the differences in
FreeBSD 15.0+ where cr_groups is entirely supplementary groups vs.
earlier versions, where cr_groups[0] is the egid and the rest is
sorted.
Reviewed by: csjp, des (earlier version)
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D56592
geom manuals: Clarify units
The gpart manual says that sizes are specified in blocks, unless an SI
unit suffix is provided. This confuses new operators because GEOM uses
binary bytes, a large difference at modern storage pool sizes. Rewrite
suffixes in all GEOM manuals to consistently clarify this, matching what
we and the rest of the industry have been doing in other documentation.
While here, use non-breaking spaces between numbers and units, unless
they are already written with a hyphen.
MFC after: 3 days
Reviewed by: fuz
Reported by: bbaovanc <bbaovanc at bbaovanc.com>
Differential Revision: https://reviews.freebsd.org/D56534
(cherry picked from commit 975e3605ebb15cbaf5a25c1c9d1f51aed41291d0)
Fix memory corruption bugs in BSM record parsing
fetch_newgroups_tok(3): clamp group count to AUDIT_MAX_GROUPS before the
loop to prevent a stack buffer overflow when a crafted record specifies
more than 16 groups.
fetch_execarg_tok(3), fetch_execenv_tok(3): add a bounds check at the
top of the string-walking loop to prevent an out-of-bounds read when the
previous string's nul byte is the last byte of the record buffer.
fetch_sock_unix_tok(3): clamp the memchr search length to the number of
bytes remaining in the buffer to prevent an out-of-bounds read on short
tokens. Also clamp slen to sizeof(path) to prevent a one-byte overflow
when no nul byte is found within the path data.
fetch_socket_tok: fix copy-paste error where the remote address was
written into l_addr instead of r_addr.
Previously reported by: @haginara
[12 lines not shown]
pf: Document broadcast/multicast forwarding through route-to
pf_route() and pf_route6() forward broadcast and multicast traffic
when a route-to rule matches, without any check against the output
interface's broadcast domain. This is a deliberate property of the
route option code path, but it is not documented and the workaround
is non-obvious.
Document the behavior in pf.conf(5) with example block-out rules on
the target interface, scoped with the received-on qualifier so that
only forwarded traffic is dropped while the router's own broadcast
and multicast traffic continues to pass.
Add regression tests covering the full broadcast/multicast and
forwarded/local matrix on both IPv4 and IPv6.
Reviewed by: glebius, kp
Approved by: kp (mentor)
MFC after: 1 week
[2 lines not shown]
ctld: Move the pidfile handle out to a global variable
This ensures it will be destroyed (removing the associated pidfile)
anytime the process exits, including from exit(3) calls. This fixes
a few places that would "leak" the pidfile on certain errors.
This also removes the need for some convoluted logic where
configuration objects would hand-off ownership of the pidfile handle
from the old configuration to the new configuration.
Reviewed by: asomers
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D56527
ctld: Ports without a portal group are not dummy ports
The default implementation of is_dummy should return false. Only
portal group ports should possibly return true.
PR: 293076
Reported by: Ken J. Thomson <thomsonk at yandex.com>
Fixes: 6acc7afa34aa ("ctld: Convert struct port to a hierarchy of C++ classes")
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D56524
kern: mac: sprinkle a bit of const correctness
mpc_name and mpc_fullname are string literals in correct usage, so they
should really be const instead.
mpc_ops aren't typically const, but the framework shouldn't be doing
anything to clobber it; thus, good to constify it as a reminder.
Switch to using a slightly more semantically correct `void **` in the
fastpath bits while we're here, since we only do arithmetic on the outer
layer of pointer and compare the inner to a pointer-typed (NULL).
Reviewed by: bapt
Differential Revision: https://reviews.freebsd.org/D55702
kern: vfs: add MAC checks for mount/unmount/update
The unmount check is straightforward and only really needs the
struct mount and flags used, in case a MAC policy wants to reject
force-unmounts or do special handling for FSID-based unmounts.
The mount check offers as much information as I think might be of
interest to a MAC policy: the vnode to be mounted on, vfsconf, and
applicable mount options. XNU also has a later version that just takes
a struct mount for everything that VFS_MOUNT() has to offer, but my
draft policy doesn't need any of that. It also doesn't really need the
unmount check, but it seems reasonable to add it while I'm here.
The update check similarly passes the flags/options for the operation,
along with the struct mount and label.
Reviewed by: kib, olce
Differential Revision: https://reviews.freebsd.org/D55601
