pf: fix 'natpass'
If an rdr (or nat) rule specifies 'pass' we don't run the filter rules, we just
pass the traffic. Or at least, we did until that got unintentionally broken.
Restore that behaviour and add a test case.
While here also fix nat:dummynet_mask, which relied on the broken behaviour.
MFC after: 3 days
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D52838
tcp: close two minor races with debug messages
The syncache entry is locked by the hash bucket lock. After running
SCH_UNLOCK(), we have no guarantee that the syncache entry still
exists.
Resolve the race by moving SCH_UNLOCK() after the log() call which
reads variables from the syncache entry.
Reviewed by: rrs, tuexen, Nick Banks
Sponsored by: Netflix
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D52868
pf: fix possibe SCTP panic
While processing SCTP packets we can enqueue work for later, in the
sctp_multihome_jobs queue. This deferred job includes a copy of the current
struct pf_pdesc, which must contain a valid pcksum pointer (in case of NAT).
However, jobs could be enqueued before we'd actually set this pointer in
pf_setup_pdesc(). Set this pointer before we scan the SCTP chunk headers (and
could enqueue deferred jobs.)
While here sprinkle in a few more assertions to ensure we got this right.
Reported-by: syzbot+974d0fb7e53c9aa31b90 at syzkaller.appspotmail.com
MFC after: 3 days
Sponsored by: Rubicon Communications, LLC ("Netgate")
pf: return PF_PASS/PF_DROP from pf_setup_pdesc()
We returned 'PF_DROP' instead of '-1' in one case, which would lead to us
continuing the processing for an invalid packet.
This also aligns us closer to OpenBSD, and reduces the odds of future similar
mixups.
MFC after: 3 days
Sponsored by: Rubicon Communications, LLC ("Netgate")
ipfilter ippool: Flag deleted entries with "#"
List deleted entries prefixed by "#". This is consistent with other
ippool list functions.
Fixes: 7531c434a593
MFC after: 1 week
ipfilter ippool: Prefix deleted entries with "#"
To maintain consistency with ippool list functions, prefix deleted
entries with "#".
MFC after: 1 week
ipfilter/ippool: Dump a copy of ippool dstlist data in "new" format
As with 7531c434a593, which dumped ippool table data in the "new"
format, print dstlist data in the "new" format.
MFC after: 1 week
ipfilter/ippool: Dump a copy of ippool hash data in "new" format
As with 7531c434a593, which dumped ippool table data in the "new"
format, print hash data in the "new" format.
MFC after: 1 week
umass.4: Remove some extra lines which snuck in
Fixes: 70993c2fbe1ac (umass.4: Add HISTORY, HARDWARE, and SPDX)
MFC with: 70993c2fbe1ac (umass.4: Add HISTORY, HARDWARE, and SPDX)
umass.4: Add HISTORY, HARDWARE, and SPDX
While here, break a long line that agitates the linter.
Fixes: cc16f1b9d9261f18 (Add umass.c)
MFC after: 1 hour
Discussed with: imp, ivy
diff --git a/sys/dev/usb/FILES b/sys/dev/usb/FILES
thunderbolt.4: Remove
emaste reported that this driver did not make it into FreeBSD 15.
Fixes: 3ae6c9735014f8c6f8 (thunderbolt.4: Initial manual)
Fixes: 5ba4a93f9180699d6e (thunderbolt.4: Mention Thunderbolt 3)
umass.4: Remove some extra lines which snuck in
Fixes: 70993c2fbe1ac (umass.4: Add HISTORY, HARDWARE, and SPDX)
MFC with: 70993c2fbe1ac (umass.4: Add HISTORY, HARDWARE, and SPDX)
umass.4: Add HISTORY, HARDWARE, and SPDX
While here, break a long line that agitates the linter.
Fixes: cc16f1b9d9261f18 (Add umass.c)
MFC after: 1 hour
Discussed with: imp, ivy
diff --git a/sys/dev/usb/FILES b/sys/dev/usb/FILES
ixgbe: Remove unused function ixgbe_is_media_cage_present
Remove the unused function ixgbe_is_media_cage_present that
generates a compiler warning.
Signed-off-by: Yogesh Bhosale yogesh.bhosale at intel.com
Reported by: markj
Differential Revision: https://reviews.freebsd.org/D52467
(cherry picked from commit 275f7d72ff6a71bbe46b4282a88f0ea9a24be22a)
vn_fullpath.9: Add missing links for described functions
To reflect all the functions that are now described in the manual page.
Fixes: 9f269a0a771a ("MAC/do: Check executable path ...")
MFC after: 3 days
Event: EuroBSDCon 2025
Sponsored by: The FreeBSD Foundation
(cherry picked from commit 05e5de00b9ea048f868522ff0bdae4e388685ddf)
(cherry picked from commit c87a9f51a0debf707cb4fc9a5e3b4425b08d154d)
(Compilation fix MFCed in the same commit.)
mdo(1): Add support and shortcuts for fully specifying users and groups
While preserving compatibility ('root' implied if no user is specified,
option '-i' not setting groups), introduce options to control finely
which user and group IDs are set in the launched process.
To minimize the risks of user error, mdo(1) by default enforces that all
user and group IDs are specified, either with explicit values from the
command-line or, if a known user name is passed with '-u', from the
corresponding content of the password and group databases. The other
main type of use cases is to start from the current process'
credentials, only amending part of them. It is now also possible to
blend both approaches, where some parts must be specified and the others
can just be amended or left as is.
Options:
* As before:
-u: Specifies a user name or ID to change all user IDs to. If a known
[56 lines not shown]
vfs cache: Add vn_fullpath_jail(), factor out common code
Introduce vn_fullpath_jail(), which returns a path to the passed vnode
relative to the current jail's root. It will be used by mac_do(4) in
a subsequent commit.
Factor out common code between the new variant and vn_fullpath(). While
here, rework the comments a bit.
Add vn_fullpath_jail() to the vn_fullpath.9 manual page. While here,
document all the existing public vn_fullpath*() functions.
Reviewed by: kib (except latest manual page changes)
MFC after: 3 days
Event: EuroBSDCon 2025
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D52757
(cherry picked from commit c5a813c9f486da49551c3be2e7700ca0cb0a489a)
MAC/do: Check executable path from the current jail's root
Contrary to my initial belief, vn_fullpath() does return a vnode's path
from the current chroot, and not from the global root (which would have
been a bug also, but without security consequences). This enables
a "confused deputy"-like scenario where a chroot(2) can change which
executable can be authorized by MAC/do, which is even more problematic
for unprivileged chroot(2).
This was found by re-examining the code following two close events:
1. Shawn Webb sent a mail to freebsd-hackers@ on 08/05 saying that in
HardenedBSD they had added a check on P2_NO_NEW_PRIVS (in
mac_do_priv_grant()), which I responded to on 08/20 saying that
P2_NO_NEW_PRIVS was not necessary for mac_do(4), with a correct
reasoning but based on the wrong above-mentioned assumption about
vn_fullpath().
2. I reviewed some code by Kushagra Srivastava (GSoC 2025 student
working on mac_do(4)/mdo(1)) adding the ability to specify which
executables can spawn processes that mac_do(4) may decide to
[9 lines not shown]
mac_do.4: Mention "from" part's GID can also match supplementary groups
MFC after: 3 days
Event: EuroBSDCon 2025
Sponsored by: The FreeBSD Foundation
(cherry picked from commit c1d5fc4e0cfc63d23379457ac0b51c59c60b27c7)
mfc-candidates: Improve branch detection and repository handling
- Use git to detect the latest stable branch rather than hardcoding it.
- Handle the case where the script is run outside a src or ports repository.
- Fix a pattern to match .git instead of *git.
Reviewed by: andrew, releng (emaste)
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D52681
hkbd: remove error detection in KDSKBSTATE ioctl
The KDSKBSTATE ioctl brings the LED up. However, some keyboards (like qemu
keyboard) may not have LED or failed to set the LED due to unexpected reason.
Therefore, removing the error check as ukbd(4) does allow the keyboard works
correctly with kbdcontrol(4).
Also move hw.hid.hkbd.no_leds sysctl out of HID_BUG thus users can
disable setting LEDs
PR: 288968
Reviewed by: wulf
Tested by: trashcan at ellael.org, marklmi26-fbsd at yahoo.com, trkellers at gmail.coom
Approved by: lwsu (mentor), markj (mentor)
MFC after 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D52101
(cherry picked from commit 1685192ea1faac28f2d4feede53e70b6a380500f)
(cherry picked from commit 6ea7e1f92882706cc8818a13e8bd55b7d2f48e27)
bitstring_test: fix bit_nclear/bit_nset tests for last iteration
Also convert nearby ATF_REQUIRE_MSG to ATF_REQUIRE_INTEQ_MSG.
Reported by: GCC -Wint-in-bool-context
Reviewed by: asomers, des
Differential Revision: https://reviews.freebsd.org/D45893