IPv6: fix off-by-one in pltime and vltime expiration checks
Previously, the macros used '>' instead of '>=' when comparing elapsed
time against the preferred and valid lifetimes. This caused any deprecated
address to become usable again for one extra second after receiving each
Router Advertisement. In that short window, the address could be
selected as a source for outgoing connections.
Update the checks to use '>=' so that addresses are deprecated or
invalid when their lifetime expires.
PR: 289177
Reported by: Dmitry Nexus <fbsd.4f6a at nexus tel>
Reviewed by: zlei
Submitted by: Marek Zarychta
Differential Revision: https://reviews.freebsd.org/D52323
(cherry picked from commit 588a5fad3e8b98955b60707e3e92b8b43566e3f7)
ipv6: don't complain when deleting an address with prefix length of 128
Save prefix length in unused field in6_ifaddr->ia_plen, then on remove
check if an address has 128 prefix length, and if so, we don't need to
complain that there is none of related prefixes.
Reviewed by: kp
Obtained from: Yandex LLC
Sponsored by: Yandex LLC
Differential Revision: https://reviews.freebsd.org/D52952
(cherry picked from commit c4cce0a3e94e3b22f874508d1a9cd81442648238)
Avoid coredump when calculated output array exceeds input data size.
Fixes PR 59903
While here, resist attempt to understand or fix traditional behaviour.
ifconfig: Fix the -L flag when using netlink
By default, when ifconfig shows a v6 address derived from a
router-advertised prefix, it shows the initial preferred and valid
lifetimes. When -L is specified, it is supposed to show the remaining
lifetimes, but this was broken in the conversion to netlink.
Fix that, and add a regression test which validates ifconfig output
before and after a short-lived address expires.
Reported by: Franco Fichtner <franco at opnsense.org>
Reviewed by: melifaro, allanjude, Seyed Pouria Mousavizadeh Tehrani
Fixes: 4c91a5dfe483 ("ifconfig: make interface and address listing use Netlink as transport")
MFC after: 2 weeks
Sponsored by: OPNsense
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D54294
(cherry picked from commit df6861d755c8f72380ae7fb8df535b27eba8c0be)
netlink: Don't directly access ifnet members
Summary:
Remove the final direct access of struct ifnet members from netlink.
Since only the first address is used, create the iterator and then free,
without fully iterating.
Reviewed By: kp
Sponsored by: Juniper Networks, Inc.
Differential Revision: https://reviews.freebsd.org/D42972
(cherry picked from commit b224af946a17b8e7a7b4942157556b5bc86dd6fb)
netlink: Don't overwrite existing data in a linear buffer in snl_writer
First, a bit of background on some of the data structures netlink uses
to manage data associated with a netlink connection.
- struct linear_buffer contains a single virtually-contiguous buffer
of bytes. Regions of this buffer are suballocated via lb_allocz()
which uses a simple "bump" where the buffer is split into an
allocated region at the start and a free region at the end. Each
allocation "bumps" the boundary (lb->offset) forward by the
allocation size.
Individual allocations are not freed. Instead, the entire buffer is
freed once all of the allocations are no longer in use.
Linear buffers also contain an embedded link to permit chaining
buffers together.
- snl_state contains various state for a netlink connection including
[52 lines not shown]
bsdinstall: Mount /dev and /packages after using the shell to partition disks
Normally after partitions are created by the installer, the 'mount'
script is used to mount the target disk partitions under /mnt. The
tail end of this script also mounts a couple of additional filesystems
under /mnt so that chrooted programs can work such as devfs and
/packages.
When the "Shell" option is used to permit the user to manually mount
the destination filesystem, the "mount" script is not used as the user
is instructed to mount the target filesystems and construct
/mnt/etc/fstab, etc. However, this means that the user is responsible
for mounting devfs (which is not included in /etc/fstab) and /packages
as well. The help message for the "Shell" option doesn't mention
these requirements, so users may not know to do so. This can lead to
confusing errors as chrooted commands can fail to find needed /dev
entries. For example, running fwget to fetch wireless firmware fails
because /dev/pci doesn't exist.
[12 lines not shown]
ixgbe: Remove unused function ixgbe_is_media_cage_present
Remove the unused function ixgbe_is_media_cage_present that
generates a compiler warning.
Signed-off-by: Yogesh Bhosale yogesh.bhosale at intel.com
Reported by: markj
Differential Revision: https://reviews.freebsd.org/D52467
(cherry picked from commit 275f7d72ff6a71bbe46b4282a88f0ea9a24be22a)
cdefs: Add __deprecated
Add __deprecated decorator. This is for a deprecated interface. copystr
is tagged with this today in copy(9), but don't actually provide it or
use it. copystr is a #define so adding it will have to wait.
LinuxKPI was defining this away completely in compiler.h. Since this is
shared between Linux KPI consumers and OpenZFS, if it's already defined,
use the FreeBSD sys/cdefs.h version, otherwise define it away. For
OpenZFS this will retain it, while for Linux KPI it will tend to drop it
(I think always, but I didn't look at everything).
Sponsored by: Netflix
Reviewed by: jhb, emaste
Differential Revision: https://reviews.freebsd.org/D46137
(cherry picked from commit 16672453f12586703f1c51d909bd1900691bf884)
ipfw.8: fix documentation bug for setmark
A mark set with "setmark" keyword is intended to be "sticky"
and documented as such but in fact it is not yet,
as current implementation lacks "sticky" feature
and its implementation will be not MFC'd, most probably.
Correct the manual page until the implementation improved.
Discussed with: Boris Lytochkin <lytboris at gmail.com> (author)
(cherry picked from commit a7b8a5d37bcb0009297962137bfb6c6570e5af12)
(cherry picked from commit 9fdf49e8a501047b61a615ab1b4b133159ad76e1)
crypto: avoid warnings about too-long initializer strings
Mark `sigma` and `tau` as `__non_string`, to avoid warnings from clang
21 similar to:
sys/crypto/chacha20/chacha.c:53:31: error: initializer-string for character array is too long, array size is 16 but initializer has size 17 (including the null terminating character); did you mean to use the 'nonstring' attribute? [-Werror,-Wunterminated-string-initialization]
53 | static const char sigma[16] = "expand 32-byte k";
| ^~~~~~~~~~~~~~~~~~
sys/crypto/chacha20/chacha.c:54:29: error: initializer-string for character array is too long, array size is 16 but initializer has size 17 (including the null terminating character); did you mean to use the 'nonstring' attribute? [-Werror,-Wunterminated-string-initialization]
54 | static const char tau[16] = "expand 16-byte k";
| ^~~~~~~~~~~~~~~~~~
MFC after: 3 days
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D54364
(cherry picked from commit 710ec409dffed3306ced253bba85dbdc7758510b)
netmap: Let memory allocator parameters be settable via loader.conf
This is useful when dev.netmap.port_numa_affinity is set to 1. When
interfaces attach, they get a memory allocator that is copied from
nm_mem. Parameters in nm_mem can be set using sysctls, but this happens
after their values are copied.
To work around this, we can make it possible to set these memory
parameters as tunables.
Reviewed by: vmaffione
MFC after: 1 week
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D54178
(cherry picked from commit c694122f3cfb7d52b882fa79086d49f45a2c7fd2)
pfsync: Avoid zeroing the state export union
pfsync_state_export() takes a pointer to a union that is in reality a
pointer to one of the three state formats (1301, 1400, 1500), and zeros
the union. The three formats do not have the same size, so zeroing is
wrong when the format isn't that which has the largest size.
Refactor a bit so that the zeroing happens at the layer where we know
which format we're dealing with.
Reported by: CHERI
Reviewed by: kp
MFC after: 1 week
Sponsored by: CHERI Research Centre (EPSRC grant UKRI3001)
Differential Revision: https://reviews.freebsd.org/D54163
(cherry picked from commit 796abca7e281f0d4b7f72f48da4f941e1c8b139c)
