rc: virtual_oss: Create a loopback device in the default configuration
The loopback device allows us to record desktop sound by reading from
it, or even use it as an input device, for example during a call.
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Reviewed by: emaste
Pull-Request: https://ron-dev.freebsd.org/FreeBSD/src/pulls/16
virtual_oss(8): Create loopback devices with GID_AUDIO
Make sure the user is part of the audio group to avoid unintended
snooping of loopback audio by unprivileged users.
While here, retire voss_dsp_perm, since we don't use the same value
everywhere now.
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Reviewed by: emaste
Pull-Request: https://ron-dev.freebsd.org/FreeBSD/src/pulls/26
p9fs.4: MLINK to virtio_p9fs.4
Technically, virtio_p9fs is an emulated device that masquerades
as a p9fs mount, but it does not make sense to have two separate manual
pages.
Reviewed by: bnovkov, dfr
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D57013
(cherry picked from commit 30f500e97b57d36ebb8483cb8b8921507350cd0f)
tests/ndp: fix ndp_routeinfo_option testcase flakiness
Since we are sleeping for an indefinite period of time waiting
for the default route to appear, the expire times may be gone
past 1+ seconds, causing the Expire column to show <1800 or <600.
Fixes: f6bcc0925f0ea838da5183dc503f847e56d15cc8
Reviewed by: pouria
Approved by: lwhsu (mentor)
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D56712
universe: emit warning instead of error for bad/missing KERNCONF
When doing a large `make universe` build with multiple KERNCONFS,
it should not be an error when a particular target has a missing
KERNCONF.
In this example,
```
$ make universe TARGETS='arm64 riscv' KERNCONFS='QEMU VIRT'
```
Currently, arm64 does not have a QEMU conf, and riscv
does not have a VIRT conf. However, this command should still
succeed instead of failing with the following message:
```
make[2]: /usr/src/Makefile:767: Target architecture for riscv/conf/VIRT unknown. config(8) likely too old.
in .for loop from /usr/src/Makefile:761 with kernel = VIRT
[13 lines not shown]
Revert "loopback: Clear hash unconditionally."
This reverts commit 2fe37927d41990abe8d1c336e75fd75873285e90.
This turns out to have been misguided. First, clearing the
hash results in all loopback ip/ip6 traffic being hashed
to the netisr queue associated with the if_index of the loopback
interface. Eg, it bottlenecks loopback traffic. When the
hash is kept, traffic is spread evenly among netisrs.
Also, it is safe to keep the hash here. The clearing was only
needed when RSS core selection is enabled; we only enabled the
consistent hashing parts of RSS globally, not the cpuid mapping
stuff. So there is no need to clear it.
Reviewed by: glebius
Sponsored by: Netflix
ipfw: fix checksum after NAT
When checksum offloading is used, IPFW needs to fix the checksum
after libalias has done NAT. The ipfw_nat() function does so, but
only for mbufs without a receiving interface. However, if, for example,
the packet was sent inside a jail that used checksum offloading over
an epair, ipfw still needs to fix the checksum even though the mbuf
has set a receiving interface (epair).
This patch just removes the check whether a receiving interface is set.
PR: 295057
Reviewed by: tuexen
Differential Revision: https://reviews.freebsd.org/D57091
(cherry picked from commit 81b47a7c604f1d563283759572fa7a1f9d4dc56f)
ipfw: fix checksum after NAT
When checksum offloading is used, IPFW needs to fix the checksum
after libalias has done NAT. The ipfw_nat() function does so, but
only for mbufs without a receiving interface. However, if, for example,
the packet was sent inside a jail that used checksum offloading over
an epair, ipfw still needs to fix the checksum even though the mbuf
has set a receiving interface (epair).
This patch just removes the check whether a receiving interface is set.
PR: 295057
Reviewed by: tuexen
MFC after: immediately
Differential Revision: https://reviews.freebsd.org/D57091
ipfw: fix checksum after NAT
When checksum offloading is used, IPFW needs to fix the checksum
after libalias has done NAT. The ipfw_nat() function does so, but
only for mbufs without a receiving interface. However, if, for example,
the packet was sent inside a jail that used checksum offloading over
an epair, ipfw still needs to fix the checksum even though the mbuf
has set a receiving interface (epair).
This patch just removes the check whether a receiving interface is set.
PR: 295057
Reviewed by: tuexen
Differential Revision: https://reviews.freebsd.org/D57091
(cherry picked from commit 81b47a7c604f1d563283759572fa7a1f9d4dc56f)
ping6: convert receive loop from pselect(2) to ppoll(2)pselect(2) might overflow if the desciptor number is above
FD_SETSIZE and silently corrupt the stack. Switch to ppoll(2) so
the receive socket fd is no longer constrained by FD_SETSIZE.
Reported by: Joshua Rogers of AISLE Research Team
Reviewed by: markj
MFC after: 7 days
Differential Revision: https://reviews.freebsd.org/D56721
15.1: Bump version to BETA3-p1
Since we had a conveniently timed batch of security issues, I'm going
to use this opportunity to test pkgbase update tooling.
Approved by: re (cperciva)
netstat(1): Show metric value for routes
Add metric support and show its value in wide flag and
libxo output.
Also, add metric to the description of wide flag (`-w`) in
routing display (`-r`) section of manual page.
Reviewed by: markj (manpage)
Discussed with: markj
Differential Revision: https://reviews.freebsd.org/D57011
netlink: Add RTA_PRIORITY support (metric)
* Use our new 32-bit metric for RTA_PRIORITY support.
* Update snl library for new RTA_PRIORITY support.
* return RTA_PRIORITY for both MPATH and non-MPATH routes.
Reviewed by: glebius (previous version)
Discussed with: markj
Differential Revision: https://reviews.freebsd.org/D56323
routing: Add support for metric
In our routing stack implementation, metric is an attribute
of the nexthop, not the route itself.
Store metric in nhop_priv which is control-plane data of
nexthop, filter the nexthops by metric and populate the mpath
slots in nexthop group with only the lowest metric nexthops
for use in the forwarding path.
`cmp_priv()` compares nhops based on priv hash.
Add metric compare logic to it and only return nexthops
with different metrics if the input nexthop's metric is
zero (wildcard).
Also, add support for metric via rtsock by introducing rmx_metric.
Finally, remove the upper 8-bit reservation of weight for
administrative distance.
Reviewed by: adrian
[3 lines not shown]
bsdconfig: Make sure that SSID names are properly escaped
The f_menu_wpa_scan_results() function returns a list of networks
discovered by a scan. The untrusted network names are evaluated in
f_dialog_menu_wireless_edit. The quoting applied in
f_menu_wpa_scan_results() protects against evaluation of something like
"$(whoami)" but one can add single quotes to defeat that.
Pass the SSID names through f_shell_escape to work around this. Escape
single quotes in f_dialog_wireless_edit() and f_menu_wireless_configs()
too for consistency.
I note that this module doesn't seem to actually work, see e.g.,
bugzilla PR 229883.
Approved by: so
Security: FreeBSD-SA-26:23.bsdinstall
Security: CVE-2026-45255
Reported by: Austin Ralls
[2 lines not shown]
