Olivier Certner [Tue, 30 May 2023 16:35:08 +0000 (18:35 +0200)]
setusercontext(): Apply personal settings only on matching effective UID
Commit 35305a8dc114 (r211393) added a check on whether 'uid' was equal
to getuid() before calling setlogincontext(). Doing so still allows
a setuid program to apply resource limits and priorities specified in
a user-controlled configuration file ('~/.login_conf') where
a non-setuid program could not. Plug the hole by checking instead that
the process' effective UID is the target one (which is likely what was
meant in the initial commit).
PR: 271750
Reviewed by: kib, des
Sponsored by: Kumacom SAS
Differential Revision: https://reviews.freebsd.org/D40351
They all call cgetstr(), which returns -2 on such conditions and already
sets errno to ENOMEM, arguably the appropriate value for these functions
as well.
No in-tree consumer currently checks for errno on error reported by
these functions, so this change has no other code impact.
Reviewed by: kib
Sponsored by: Kumacom SAS
Differential Revision: https://reviews.freebsd.org/D40342
Olivier Certner [Thu, 25 May 2023 07:10:27 +0000 (09:10 +0200)]
setusercontext(): Fix gap when setting a realtime-class priority
The login.conf's "priority" capability allows to set priorities in the
idle or realtime classes in addition to the classical nice values (-20
to 20), through a natural extension where values greater than 20 put the
processes in the idle class (with priority adjusted within RTP_PRIO_MIN
and RTP_PRIO_MAX, 21 being converted to 0, 22 to 1, etc.) and values
lower than -20 put the process in the realtime class (with priority
adjusted within RTP_PRIO_MIN and RTP_PRIO_MAX, -21 being converted to
RTP_PRIO_MAX (31), -22 to 30, etc.).
Before this fix, in the latter case (realtime class), -21 was converted
to 30, and RTP_PRIO_MAX (31) could never be specified.
While here, change the priority computation for the idle-class case to
be symmetrical and use RTP_PRIO_MIN (in practice, this changes nothing
at all, since RTP_PRIO_MIN is 0; but this is the correct theoretical
formula, which would work as well with other values of RTP_PRIO_MIN).
See previous commit that made cr_canseeothergids() use the new
realgroupmember() function, taking into account real group IDs instead
of effective ones.
Olivier Certner [Thu, 17 Aug 2023 23:54:45 +0000 (01:54 +0200)]
cr_canseeothergids(): Use real instead of effective group membership
Using the effective group and not the real one when testing membership
has the consequence that unprivileged processes cannot see setuid
commands they launch until these have relinquished their privileges.
This is also in contradiction with how the similar cr_canseeotheruids()
works, i.e., by taking into account real user IDs.
Fix this by substituting groupmember() with realgroupmember(). While
here, simplify the code.
Olivier Certner [Thu, 17 Aug 2023 23:54:44 +0000 (01:54 +0200)]
groupmember(): Extract the supplementary group search in a separate function
This is in preparation for the introduction of the new realgroupmember()
function, which does the same search into supplementary groups as
groupmember().
Reviewed by: mhorne
Sponsored by: Kumacom SAS
Differential Revision: https://reviews.freebsd.org/D40640
Mention cr_bsd_visible(9). Remove references to cr_canseeothergids(9)
and cr_canseeotheruids(9), as well as indirect references not
immediately useful.
Fix description of credentials checks to match reality.
Olivier Certner [Thu, 17 Aug 2023 23:54:39 +0000 (01:54 +0200)]
cr_canseeotheruids(), cr_canseeothergids(): Man pages: Impacts of rename
When these functions were renamed 7 years ago, their man pages were not.
Rename the latter in accordance and fix the names inside them. Fix
references to them as well. Add the old man pages to the list of
obsolete files.
Reviewed by: mhorne
Sponsored by: Kumacom SAS
Differential Revision: https://reviews.freebsd.org/D40630
Olivier Certner [Thu, 17 Aug 2023 23:54:38 +0000 (01:54 +0200)]
Fix 'security.bsd.see_jail_proc' by using cr_bsd_visible()
As implemented, this security policy would only prevent seeing processes
in sub-jails, but would not prevent sending signals to, changing
priority of or debugging processes in these, enabling attacks where
unprivileged users could tamper with random processes in sub-jails in
particular circumstances (conflated UIDs) despite the policy being
enforced.
Olivier Certner [Thu, 17 Aug 2023 23:54:38 +0000 (01:54 +0200)]
New cr_bsd_visible(): Whether BSD policies deny seeing subjects/objects
This is a new helper function that leverages existing code: It calls
successively cr_canseeotheruids(), cr_canseeothergids() and
cr_canseejailproc() (as long as the previous didn't deny access). Will
be used in a subsequent commit.
Reviewed by: mhorne
Sponsored by: Kumacom SAS
Differential Revision: https://reviews.freebsd.org/D40627
Olivier Certner [Thu, 17 Aug 2023 23:54:37 +0000 (01:54 +0200)]
cr_canseejailproc(): New privilege, no direct check for UID 0
Use priv_check_cred() with a new privilege (PRIV_SEEJAILPROC) instead of
explicitly testing for UID 0 (the former has been the rule for almost 20
years).
As a consequence, cr_canseejailproc() now abides by the
'security.bsd.suser_enabled' sysctl and MAC policies.
Update the MAC policies Biba and LOMAC, and prison_priv_check() so that
they don't deny this privilege. This preserves the existing behavior
(the 'root' user is not restricted, even when jailed, unless
'security.bsd.suser_enabled' is not 0) and is consistent with what is
done for the related policies/privileges (PRIV_SEEOTHERGIDS,
PRIV_SEEOTHERUIDS).
Applies only to bare-metal Zen2 processors. The system currently
automatically applies it to all of them.
Tunable/sysctl 'machdep.mitigations.zenbleed.enable' can be used to
forcibly enable or disable the mitigation at boot or run-time. Possible
values are:
0: Mitigation disabled
1: Mitigation enabled
2: Run the automatic determination.
Currently, value 2 is the default and has identical effect as value 1.
This might change in the future if we choose to take into account
microcode revisions in the automatic determination process.
The tunable/sysctl value is simply ignored on non-applicable CPU models,
which is useful to apply the same configuration on a set of machines
that do not all have Zen2 processors. Trying to set it to any integer
value not listed above is silently equivalent to setting it to value 2
(automatic determination).
The current mitigation state can be queried through sysctl
'machdep.mitigations.zenbleed.state', which returns "Not applicable",
"Mitigation enabled" or "Mitigation disabled". Note that this state is
not guaranteed to be accurate in case of intervening modifications of
the corresponding chicken bit directly via cpuctl(4) (this includes the
cpucontrol(8) utility). Resetting the desired policy through
'machdep.mitigations.zenbleed.enable' (possibly to its current value)
will reset the hardware state and ensure that the reported state is
again coherent with it.
Reviewed by: kib
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D41817
Kenneth D. Merry [Thu, 14 Dec 2023 20:05:17 +0000 (15:05 -0500)]
mpr, mps: Establish busdma boundaries for memory pools
Most all of the memory used by the cards in the mpr(4) and mps(4)
drivers is required, according to the specs and Broadcom developers,
to be within a 4GB segment of memory.
This includes:
System Request Message Frames pool
Reply Free Queues pool
ReplyDescriptorPost Queues pool
Chain Segments pool
Sense Buffers pool
SystemReply message pool
We got a bug report from Dwight Engen, who ran into data corruption
in the BAE port of FreeBSD:
> We have a port of the FreeBSD mpr driver to our kernel and recently
> I found an issue under heavy load where a DMA may go to the wrong
> address. The test system is a Supermicro X10SRH-CLN4F with the
> onboard SAS3008 controller setup with 2 enterprise Micron SSDs in
> RAID 0 (striped). I have debugged the issue and narrowed down that
> the errant DMA is one that has a segment that crosses a 4GB
> physical boundary. There are more details I can provide if you'd
> like, but with the attached patch in place I can no longer
> re-create the issue.
> I'm not sure if this is a known limit of the card (have not found a
> datasheet/programming docs for the chip) or our system is just
> doing something a bit different. Any helpful info or insight would
> be welcome.
> Anyway, just thought this might be helpful info if you want to
> apply a similar fix to FreeBSD. You can ignore/discard the commit
> message as it is my internal commit (blkio is our own tool we use
> to write/read every block of a device with CRC verification which
> is how I found the problem).
> Test case was two SSD's in RAID 0 (stripe). The logical disk was
> then partitioned into two partitions. One partition had lots of
> filesystem I/O and the other was initially filled using blkio with
> CRCable data and then read back with blkio CRC verify in a loop.
> Eventually blkio would report a bad CRC block because the physical
> page being read-ahead into didn't contain the right data. If the
> physical address in the arq/segs was for example 0x500003000 the
> data would actually be DMAed to 0x400003000.
The original patch was against mpr(4) before busdma templates were
introduced, and only affected the buffer pool (sc->buffer_dmat) in
the mpr(4) driver. After some discussion with Dwight and the
LSI/Broadcom developers and looking through the driver, it looks
like most of the queues in the driver are ok, because they limit
the memory used to memory below 4GB. The buffer queue and the chain
frames seem to be the exceptions.
This is pretty much the same between the mpr(4) and mps(4) drivers.
So, apply a 4GB boundary limitation for the buffer and chain frame pools
in the mpr(4) and mps(4) drivers.
This is a compromise between POLA and practical reasoning. We don't
want to block the main server loop in an attempt to resolve. But we
need to keep the format of the logged message as is, for sake of
sshguard and other scripts. So let's print just the IP address twice,
this is what libwrap's refuse() would do if it failed to resolve.
Reviewed by: philip
PR: 269456
Differential revision: https://reviews.freebsd.org/D40069
sshd: remove unneeded initialization of libwrap logging severities
This part of ca573c9a177 proved to be unnecessary. As the removed
comment says, we set them merely for logging syntax errors, as we log
refusals ourselves. However, inside the libwrap the parser logs any
syntax errors with tcpd_warn() which has hardcoded LOG_WARNING inside.
Rick Macklem [Sun, 3 Dec 2023 23:31:01 +0000 (15:31 -0800)]
nfscl: Fix processing of a rare Rename reply case
When delegations are enabled (they are not by default in
the FreeBSD NFSv4 server), rename will check for and return
delegations. If the second of these DelegReturn operations
were to fail (they rarely do), then the code would not retry
the rename with returning delegations, as it is intended to do.
The patch fixes the problem, since the DelegReturn reply status
is the second iteration of the loop and not the first iteration.
As noted, this bug would have rarely manifested a problem, since
DelegReturn operations do not normally fail.
Kyle Evans [Sun, 26 Nov 2023 04:27:11 +0000 (22:27 -0600)]
lockf: switch to strtonum() for parsing timeout
Convert waitsec to a long long to be able to hold the full domain of
alarm(3) timeout on all platforms, and let strtonum(3) handle the input
validation. strtonum(3) also happens to provide a neater interface for
error handling, and it already includes our pre-existing empty input
check.
Alexander Melkov [Wed, 22 Nov 2023 04:46:28 +0000 (22:46 -0600)]
lockf: don't hold stdin/stdout/stderr open
None of these are essential in the lockf monitor (parent post-fork), so
close them to maintain the illusion that lockf hasn't been inserted into
the pipeline. This ensures that the correct effects happen on other
programs in the pipeline if the locked command closes or redirects these
elsewhere.
The original patch used -s to close stdout/stderr rather than closing
them unconditionally, but it's not clear that we really care that much.
kevans dropped that part when taking the patch, patch is otherwise by
listed author.
PR: 112379
Reviewed by: 0mp, allanjude (both earlier version), kevans
Feedback from: des
Sponsored by: Klara, Inc.
Kyle Evans [Wed, 22 Nov 2023 04:41:36 +0000 (22:41 -0600)]
lockf: hide unavailable error with -n -s
The error message is expected, allow -s to suppress just that one since
it would loosely fall under the definition of "failure to acquire the
lock" described in the manpage for the -s option.
Reviewed by: 0mp, allanjude
Feedback from: des
Sponsored by: Klara, Inc.
Kyle Evans [Thu, 23 Nov 2023 16:21:33 +0000 (10:21 -0600)]
arm64: lop off another 24MB of KVA for early device mappings
This grows the block enough to fit a 4K 32-bit depth framebuffer; some
firmware would present smaller GOP modes to be able to boot with a
smaller framebuffer on these devices, but the Windows Devkit firmware
is simply not that nice. Instead, it offers exactly one GOP mode that
matches the current resolution of the attached display, so with limited
control over resolution on most of my displays it'd be nice if we could
Just Work(TM) at 4K.
andrew notes that he has some ideas for removing PMAP_MAPDEV_EARLY_SIZE
entirely, so this limitation could end up removed altogether in the
future.
These won't be added elsewhere, so add a little bit of room to make
these messages a little easier to read. The existing set is a mixed
bag, there are somewhere in the ballpark of 45, 46 printfs to stderr and
19 of those had newlines.
POSIX defines a number of other control characters as well as
alternative aliases for some that should be provided in the default set,
so let's go ahead and add those.
Reviewed by: bapt, yuripv
Sponsored by: Klara, Inc.
Warner Losh [Thu, 7 Dec 2023 20:27:07 +0000 (13:27 -0700)]
sort: Only build FreeBSD-specific ALTMON_x stuff when ATLMON_1 is defined
On MacOS, we bootstrap sort. Since ALTMON_* are not defined there, the
build blows up. Since we don't need this feature for the FreeBSD build
process, and since we won't use it unless we actually install the NL
files that have this data in it, just #ifdef it out for now. In the
extremely unlikely event that the FreeBSD bootstrap/build process grows
this dependency, we can evaluate the best solution then (which most
likely is going to be not depend on the local's month names).
Many languages use different case endings depending on whether the month
is referenced as a standalone word (nominative case), or in date context
(genitive, partitive, etc.). sort(1)'s -M option currently sorts months
by testing input against only the abbrevation format, which is
essentially a substring of the full format. While this works fine for
languages like English, where there are no cases, for languages where
there is a different case ending between the abbreviation/full and
standalone formats, it is not sufficient.
For example, in Greek, "May" can take the following forms:
Kenneth D. Merry [Tue, 31 Oct 2023 19:20:36 +0000 (15:20 -0400)]
Add IBM TS1170 density codes and specs.
These were obtained from a drive, but they agree with the IBM
documentation.
The bpi/bpmm values are the same as TS1160, but the number of
tracks is much larger (18944 tracks vs 8704 for TS1160). The tapes
are also longer, 1337m total. (According to the MAM on a sample JF
tape. I don't have a JE tape handy to compare.) The end result
is a 50TB raw capacity (150TB compressed) for TS1170 with a JF
cartridge vs 20TB raw capacity (60TB compressed) for TS1160 with
a JE cartridge.
lib/libmt/mtlib.c:
Add the TS1170 density codes to the denstiy table in libmt.
usr.bin/mt/mt.1:
Add the TS1170 density codes and specs to the density table
in the mt(1) man page. As usual for TS drives, there is an
encrypted and non-encrypted density code (0x79 and 0x59
respectively).
Brooks Davis [Fri, 1 Dec 2023 20:48:29 +0000 (20:48 +0000)]
sysvipc: Fix 32-bit compat on !i386
The various time fields are time_t's which are only 32-bit on i386.
Fixing the old versions is probably of little use, but it's more correct
and in theory there could be powerpc binaries from 6.x.
PR: 240035
Fixes: fbb273bc05bef Properly support for FreeBSD 4 32bit System V shared memory.
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D42870
Mark Johnston [Mon, 11 Dec 2023 14:19:09 +0000 (09:19 -0500)]
tty: Avoid a kernel memory discloure via kern.ttys
Four pad bytes at the end of each xtty structure were not being cleared
before being copied out. Fix this by clearing the whole structure
before populating fields.
Jessica Clarke [Wed, 6 Dec 2023 21:37:32 +0000 (21:37 +0000)]
bsdinstall: Encode dists to valid variable names in checksum script
Currently we just strip the .txz of the dist name (and add a status_
prefix) to get the shell variable name for its status, but this doesn't
give a valid result for dists like base-dbg, kernel-dbg and lib32-dbg,
or even kernel.KERNCONF (or, combining the two, kernel.KERNCONF-dbg). As
a result, four things go wrong for such dists:
1. If there is a dot and/or a dash in the name, writing to the variable
fails and spits an error out on stderr to the log
3. If there is a dot in the name before any dash, the syntax is always
invalid, reading the variable fails, spits an error out on stderr to
the log, the result is the empty string and that is interpreted as
being 0%
2. If there is a dash in the name before any dot, and there is a dist
whose name is the substring up to that first dash, and it has already
had its status written to, reading the variable instead reads that
dist's variable and so the status of that dist is displayed instead
3. If there is a dash in the name before any dot, and either there is
not a dist whose name is the substring up to that first dash or there
is such a dist but it has not already had its status written to,
reading the varaible instead results in the substring after the first
dash, including any additional string expansion syntax that follows
(i.e. ${status_kernel-dbg:--11}, the expression used to read the
variable, is interpreted as reading status_kernel with a default
value of "dbg:--11")
For example, in a default install with base, kernel, kernel-dbg and
lib32, the following sequence of displays happens:
1. base is In Progress, kernel is Pending, kernel-dbg is 0% (what shows
for the garbage input "dbg:--11") and lib32 is Pending
2. base is Passed, kernel is In Progress, kernel-dbg is In Progress
(since kernel has now had its status written to) and lib32 is
Pending
3. base is Passed, kernel is Passed, kernel-dbg is Passed (again, since
that is the status of kernel, despite that kernel-dbg is being
verified at this point) and lib32 is Pending
4. base is Passed, kernel is Passed, kernel-dbg is Passed and lib32 is
In Progress
Fix this with a crude encoding scheme. More special characters can
easily be added if needed in future.
Note that, prior to bsddialog being used (and thus for branches this is
MFC'ed to where dialog is still used), the same problem existed but
displayed slightly differently due to a combination of different default
values and different behaviour for unintended inputs.
Fixes: b70047d41362 ("Add generation of an installation manifest containing SHA256 checksums as ...")
MFC after: 1 week
The number of events we track can vary over time, but we only allocate
enough space for the exact number of events we are tracking when we
first begin, resulting in a trivially reproducable heap overflow. Fix
this by allocating enough space for the greatest possible number of
events (two per file) and clean up the code a bit.
Also add a test case which triggers the aforementioned heap overflow,
although we don't currently have a way to detect it.
Warner Losh [Sun, 19 Feb 2023 03:04:29 +0000 (20:04 -0700)]
tail: Retry kevent if the system call was interrupted
kevent returns EINTR when I suspend / resume. This causes tail -f
and tail -F to exit with interrupt system call. Ignore this error
and try kevent again.
Xin LI [Wed, 13 Jul 2022 04:14:25 +0000 (21:14 -0700)]
Improve usability of head(1) and tail(1):
- Consistently support -q (quiet) and -v (verbose)
- Allow specifying numbers with SI prefixes supported by expand_number(3)
- Remove 2^31 limit on lines for head(1)
Replace int with either size_t or ssize_t (depending on context) in
order to support bit strings up to SSIZE_MAX bits in length. Since
some of the arguments that need to change type are pointers, we must
resort to light preprocessor trickery to avoid breaking existing code.
* Interrupt the option loop as soon as we have an indication of which
protocol is intended.
* If we end up having to perform a DNS lookup, loop over the entire
result looking for either IPv4 or IPv6 addresses.
Sponsored by: NetApp, Inc.
Sponsored by: Klara, Inc.
Reviewed by: rscheff, kevans, allanjude
Differential Revision: https://reviews.freebsd.org/D42137
ping: Consistently use EX_NOHOST for DNS failures.
Traditionally, ping returned exit code EX_NOHOST if a DNS lookup failed.
That is still the case for the legacy code in the new merged ping, but
not for IPv6 targets, nor when a DNS lookup is performed in order to
determine which version of the tool to invoke.
While here, also make sure that the error message is consistent.
Sponsored by: NetApp, Inc.
Sponsored by: Klara, Inc.
Reviewed by: kevans
Differential Revision: https://reviews.freebsd.org/D42159
The daemon utility already does its own buffering and retransmits its
child's output line by line. There's no need for stdio to add its own
buffering on top of this.
Kyle Evans [Fri, 5 May 2023 15:12:13 +0000 (10:12 -0500)]
daemon: EINTR from kevent(2) is not a fatal error
Simply resume waiting for events rather than exiting if we took a signal
here.
This at least fixes running programs under daemon(8) in the face of
suspend/resume, which I suspect hits us with a spurious EINTR rather
than a signal anyways.
Reported and tested by: manu
Fixes: 8935a3993219b ("daemon: use kqueue for all events")
Refactor daemon to use kqueue/kevent instead of signals.
This changes allows to simplify the code in several ways:
- the execution flow is now linear, no async events.
- several variables became redundant and got removed.
- all event handling is now concentrated inside of the event loop, which
makes code reading and comprehension easier.
- new kqueuex(2) call is used for CLOEXEC, but maintained closing the
kq fd prior to execve() to ease later MFC
nss_tacplus: Provide dummy setpwent(), getpwent_r(), endpwent().
These aren't really needed, since TACACS+ does not support enumeration, but providing placeholders keeps nsdispatch() from complaining that they're missing.
libtacplus: Allow additional AV pairs to be configured.
* Replace hand-rolled input tokenizer with openpam_readlinev() which supports line continuations and has better quoting and escaping.
* Simplify string handling by merging struct clnt_str and struct srvr_str into just struct tac_str.
* Each server entry in the configuration file can now have up to 255 AV pairs which will be appended to the ones returned by the server in response to a successful authorization request.
This allows nss_tacplus(8) to be used with servers which do not provide identity information beyond confirming the existence of the user.
This adds a dependency on libpam, however libtacplus is currently only used by pam_tacplus(8) (which is already always used with libpam) and the very recently added nss_tacplus(8) (which is extremely niche). In the longer term it might be a good idea to split this out into a separate library.
Mark Johnston [Thu, 7 Dec 2023 16:20:11 +0000 (11:20 -0500)]
OpenZFS: Ensure that zfs_getattr() initializes the va_rdev field
Otherwise the field is left uninitialized, leading to a possible kernel
memory disclosure to userspace or to the network. Use the same
initialization value we use in zfsctl_common_getattr().
Reported-by: KMSAN Sponsored-by: The FreeBSD Foundation Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Reviewed-by: Ed Maste <emaste@FreeBSD.org> Signed-off-by: Mark Johnston <markj@FreeBSD.org>
(cherry picked from commit 11656234b560c401dec6a16e1bf048b20fd31aac)
Alexander Motin [Thu, 9 Nov 2023 18:07:46 +0000 (13:07 -0500)]
uma: Micro-optimize memory trashing
Use u_long for memory accesses instead of uint32_t. On my tests on
amd64 this by ~30% reduces time spent in those functions thanks to
bigger 64bit accesses. i386 still uses 32bit accesses.
Mitchell Horne [Mon, 4 Dec 2023 15:46:48 +0000 (11:46 -0400)]
busdma: emit a warning for use of filters
Filter functions are deprecated, and unused in the tree. If either of
the filter or filterarg arguments to bus_dma_tag_create() are non-NULL,
print a warning.
This is a direct commit to stable/13.
Reviewed by: jhb
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D42897
Igor Ostapenko [Wed, 29 Nov 2023 12:35:41 +0000 (13:35 +0100)]
pf: fix mem leaks upon vnet destroy
Add missing cleanup actions:
- remove user defined anchor rulesets
- remove user defined ether anchor rulesets
- remove tables linked to user defined anchors
- deal with wildcard anchor peculiarities to get them removed correctly
Colin Percival [Sun, 3 Dec 2023 21:39:30 +0000 (13:39 -0800)]
release/Makefile.vm: Rework emulator-portinstall
The emulator-portinstall target now unconditionally ensures that qemu
is installed; but is only invoked if needed (aka. when cross building
VM images).
Colin Percival [Mon, 27 Nov 2023 21:29:05 +0000 (13:29 -0800)]
Makefile.vm: Fix duplicate rc.conf files
Two bugs in Makefile.vm resulted in disk images being "built" multiple
times, resulting in lines added to /etc/rc.conf being duplicated:
1. The vm-image target reused the same "staging tree" directory for all
of its builds (multiple disk image types and multiple filesystem types).
2. The cw-type-flavour-fs target depends on emulator-portinstall, which
did not have a 'touch ${.TARGET}' and thus re-ran every time -- and
caused the cw-type-flavour-fs target to be re-run. This was triggered
by release builds running `make cloudware-release` (creating the disk
images) followed by `make ec2amis` (which re-created the disk images
prior to uploading them).
Kristof Provost [Wed, 29 Nov 2023 18:06:31 +0000 (19:06 +0100)]
pf: remove incorrect fragmentation check
We do not need to check PFDESC_IP_REAS while tracking TCP state.
Moreover, this check incorrectly considers no-data packets (e.g. RST) to
be in-window when this flag is not set.
Loss of the trailing space in the multi-line format string has
resulted in column name being emitted as "FAILSLEEP", instead of
two columns "FAIL" and "SLEEP".