netlink/route: Fix the argument list for rtnl_handle_iflink()
This function is registered as a ifnet_link_event and so should have the
corresponding argument list.
PR: 282870
Reported by: nakayamakenjiro at gmail.com
MFC after: 1 week
(cherry picked from commit 0289db3259532d51ebe58bc0b2647a0d9e6cae66)
netlink/route: provide pre-2.6.19 Linux compat shim
The old Linux used 8-bit rtm_table field of the RTM_NEWROUTE message to
specify routing table id. Modern netlink uses RTA_TABLE 32-bit attribute.
Unfortunately, there is modern software (namely bird) that would prefer
the old API as long as the routing table id fits into 8-bit.
PR: 279662
(cherry picked from commit f34aca55adef1e28cd68b2e6705a0cac03f0238e)
route: avoid overlapping strcpy
Passing overlapping buffers to strcpy yields an undefined result, so
let's avoid it. The copy doesn't really need to happen anyways, we can
just point to the domain part of the hostname.
This was discovered with _FORTIFY_SOURCE.
Sponsored by: Klara, Inc.
Sponsored by: Stormshield
Reviewed by: allanjude, emaste, imp, melifaro (all previous version)
(cherry picked from commit 158f319428c10143ce2ffe766416207c75578931)
ipfw: fix order of memcpy arguments.
This fixes `ipfw table N lookup addr` command for MAC tables.
(cherry picked from commit e012d79c9c732a6aef21066feba2e5e48833cca4)
Fix failure to add an interface prefix route when route with the same
prefix is already presented in the routing table.
PR: 277125
Reported by: Oleksandr Ignatyev <alex at i.org.ua>
Reviewed by: ae, jlduran
Tested by: jlduran
Differential Revision: https://reviews.freebsd.org/D47534
MFC after: 2 weeks
ixgbe: Style pass on FreeBSD part of driver
Fix up some indentation and reflow long lines
Sponsored by: BBOX.io
(cherry picked from commit c58d34dd67a419866ee50f152044e49cecbae261)
pf: fix potential state key leak
If we fail to attach the new state keys in pf_state_key_attach() we are
expected to free both keys. Do so.
Note that in some scenarios both key are the same, so check for that
before freeing.
MFC after: 2 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D47495
(cherry picked from commit 371bd29d4b22257a7e92e1e711cca3d94cfbd00d)
ixgbe: sysctl for TCP flag handling during TSO
Add tso_tcp_flags_mask_first_segment, tso_tcp_flags_mask_middle_segment,
and tso_tcp_flags_mask_last_segment sysctl-variables to control the
handling of TCP flags during TSO.
This allows to fix the masks appropriate for classical ECN and to
configure appropriate masks for accurate ECN.
Michael notes emperically 82599 has an unexpected middle mask:
Chip First Middle Last
82599 0xFF6 0xFF6 0xF7F
which should be fixed up to 0xF76 (RFC 3168) in a future commit.
Reviewed by: rrs, rscheff
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D44258
(cherry picked from commit eea2e089f8dadf850a30ed837edd7a386427a9ed)
ixgbe: Add support for 1Gbit Active DAC links
1Gbit also emperically works on Active DACs.
Sponsored by: BBOX.io
(cherry picked from commit e38f9257c3fac5cb5a62f62c424a976446ae1220)
ixgbe: Add support for 1Gbit DAC links
This is a relatively well known trick for the X520 (82599), can be
useful for testing and lab settings. It's not an official standard or
particularly common but ubiquitous Broadcom switch ASICs deal with it.
We'll call it 1000Base-KX because it's SerDes on the passive cable and
I don't think it's worth adding another media type for this.
Reviewed by: emaste
Sponsored by: BBOX.io
Differential Revision: https://reviews.freebsd.org/D47352
(cherry picked from commit 48ddd1b9f88753c6875566fbb67bc622453e4993)
ipsec: fix IPv6 over IPv4 tunneling.
Properly initialize setdf variable in ipsec_encap().
It is used for AF_INET6 case when IPv6 datagram is going to be
encapsulated into IPv4 datagram.
PR: 282535
Fixes: 4046178557e1
MFC after: 1 week
pf: remove "any" test since 0.0.0.0 is discarded below, see 713264f6b8
This may be against common critera specification, but it makes no sense
to test this at pf level at the moment.
pf: add a test case of how pflog should handle max directive
The second state also has "pass" which is wrong. The test case aimes
for the right behaviour which also fails on our end because we reverted
a commit partially which allows us to see the block but the pass is
there as a third log line still.
bsdinstall: add menu to install firmware
Add a menu to the installer to run fwget(8) inside the newly installed
system to install firmware known to be needed.
This requires working netowrking.
This is needed at least for wireless currently for when we entirely
stop shipping new firmware in src.git to have working networking on
the installed system (we already do need this for at least rtw89).
Sponsored by: The FreeBSD Foundation
Tested with: 4 different iwlwifi chipsets in a system (earlier version)
Suggested improvments by: jrtc27
Differential Revision: https://reviews.freebsd.org/D47491
(cherry picked from commit bbe2a1da2df639c616869aa838244c8094779bd4)
bsdinstall: wlanconfig: fix interface UP on (re-)starting wpa_supplicant
Make sure an interface is back up before (re-)starting wpa_supplicant
in wlanconfig not relying on wpa to UP the interface (though we fixed
that).
Sponsored by: The FreeBSD Foundation
Reviewed by: emaste (in D47491)
Differential Revision: https://reviews.freebsd.org/D47491
(cherry picked from commit 5399052c63a7a3d2f54615d31bfd092ab887a600)
pf: Let pf_state_insert() handle redirect state conflicts
When handling a redirect state conflict, pf_get_translation() tries
modifying the source port to avoid it. If it fails to find a free port,
the translation is aborted.
Instead, if we fail to find a free source port, simply press on with the
original source port and let pf_state_insert() handle the conflict as it
pleases, rather than second-guessing what it will do. In particular,
pf_state_insert() has special handling for TCP connections in a terminal
state, and might succeed despite a state conflict.
Reviewed by: kp
MFC after: 3 months
Sponsored by: Klara, Inc.
Sponsored by: Modirum
Differential Revision: https://reviews.freebsd.org/D46612
(cherry picked from commit 9569fddd8d0e48211e67fdc63dd72eba83883525)
pf: Make pf_get_translation() more expressive
Currently pf_get_translation() returns a pointer to a matching
nat/rdr/binat rule, or NULL if no rule was matched or an error occurred
while applying the translation. That is, we don't distinguish between
errors and the lack of a matching rule. This, if an error (e.g., a
memory allocation failure or a state conflict) occurs, we simply handle
the packet as if no translation rule was present. This is not
desireable.
Make pf_get_translation() return the matching rule as an out-param and
instead return a reason code which indicates whether there was no
translation rule, or there was a translation rule and we failed to apply
it, or there was a translation rule and we applied it successfully.
Reviewed by: kp, allanjude
MFC after: 3 months
Sponsored by: Klara, Inc.
Sponsored by: Modirum
[3 lines not shown]
pf: Let rdr rules modify the src port if doing so would avoid a conflict
If NAT rules cause inbound connections to different external IPs to be
mapped to the same internal IP, and some application uses the same
source port for multiple such connections, rdr translation may result in
conflicts that cause some of the connections to be dropped.
Address this by letting rdr rules detect state conflicts and modulate
the source port to avoid them.
Reviewed by: kp, allanjude
MFC after: 3 months
Sponsored by: Klara, Inc.
Sponsored by: Modirum
Differential Revision: https://reviews.freebsd.org/D44488
(cherry picked from commit 9897a66923a3e79c22fcbd4bc80afae9eb9f277c)
