eadler [Mon, 5 Mar 2018 09:05:37 +0000 (09:05 +0000)]
MFC r326473:
diag/httpd-error: remove
This is a script for a web server in a specific
configuration. Current web servers don't produce
similar log files and it isn't FreeBSD's
goal to produce a log file analyzer.
This adds HardenedBSD which is a pseudo-fork of FreeBSD. It hasn't had a
release yet, but does does have active users and a community. As such
document it as a branch off of FreeBSD-stable. Ideally this adds enough
space so that future releases are easy enough to add.
eadler [Mon, 5 Mar 2018 08:32:15 +0000 (08:32 +0000)]
MFC r313880:
[asmc] Add support for MacBook Pro 11,2
This patch will add support for MacBookPro 11.2.
For the macros, the MBP11_* macros (for the existing MacBookPro11.3) did not
match so they have been renamed to MBP113_* and a new MBP112_* has been
added (modified copy of MBP11_*).
Some trailing whitespaces may have been removed automatically.
eadler [Mon, 5 Mar 2018 08:24:58 +0000 (08:24 +0000)]
MFC r308663:
[net80211] announce 11n capabilities in probe requests in IBSS mode.
The 802.11-2012 specification notes that a subset of IEs should be present
in IBSS probe requests. This is what (initially) allows nodes to discover
that other nodes are 11n capable. Notably - HTCAP, but not HTINFO.
This isn't everything required to reliably enable 11n between net80211
peers; there's more work to come.
eadler [Mon, 5 Mar 2018 08:18:13 +0000 (08:18 +0000)]
MFC r306139:
[net80211] don't add IBSS node table entries for neighbors from other SSIDs.
The adhoc probe/beacon input path was creating nodes for all SSIDs.
This wasn't a problem when the NICs were configured to only process
frames for the current BSSID, but that didn't allow IBSS merges.
Once avos and I flipped on "beacons from all BSSIDs" to allow for
correct IBSS merging, we found this interesting behaviour.
This adds a check against the current SSID.
* If there's no VAP SSID, allow anything
* If there's a VAP SSID, check if the incoming frame has a suitable
SSID and if so, allow it.
This prevents nodes being created for other SSIDs in probe and beacon
frames - ie, beacons overlapping IBSSes with different SSIDs, and
probe requests from arbitrary devices.
eadler [Mon, 5 Mar 2018 08:17:02 +0000 (08:17 +0000)]
MFC r305895:
[net80211] add a HT method to populate HTCAP based on IBSS requirements.
IBSS negotiation is a subset of the STA/AP negotiation. We always have a
current channel, so base the HT capabilities on the current channel.
This is then put into IBSS probe requests to inform peers of our
11n capabilities.
eadler [Mon, 5 Mar 2018 07:54:57 +0000 (07:54 +0000)]
MFC r306837:
[net80211] extend the ieee80211_rx_stats struct to include more information.
There are a variety of more interesting RX statistics that we should
keep track of but we don't. This is a starting point for adding more
information.
Specifically:
* now the RX rate information and some of the packet status is
passed up;
* The 32 bit or 64 bit TSF is passed up;
* the PHY mode is passed up;
* the "I'm decap'ed AMSDU!" state is passed up;
* number of RX chains is bumped to 4.
This is all mostly a placeholder for getting the data into the RX status
before we pass it up to net80211 - unfortunately we don't yet enforce
that drivers provide it, nor do we pass the provided info back up the
stack so anyone can use the data.
We're going to need to use some of this data moving forward.
Notably, now that some hardware can do AMSDU decap for us (the intel iwm
driver can do it when we flip it on; the ath10k port I'm doing does
it for us) then we need to pass it up through the stack so the duplicate
RX sequence numbers and crypto/IV details don't cause the packet to
be dropped and/or counted against a replay counter.
It's also the beginning of being able to do more interesting node
accounting in net80211. Specifically, once drivers start populating
per-packet rate information, AMPDU information, timestamps, etc,
we can start providing histograms of rate-versus-RSSI, account
for receive time spent per node and other such interesting things.
(Note: I'm also hoping to include ranging and RTT information for
future chipset support; and it's likely going to include it in
this kind of fashion.)
eadler [Mon, 5 Mar 2018 07:26:05 +0000 (07:26 +0000)]
MFC r326276:
various: general adoption of SPDX licensing ID tags.
Mainly focus on files that use BSD 2-Clause license, however the tool I
was using misidentified many licenses so this was mostly a manual - error
prone - task.
The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.
eadler [Mon, 5 Mar 2018 07:14:56 +0000 (07:14 +0000)]
MFC r314181:
[ifconfig] handle illegal WPS frames
Some APs broadcast WPS IE frames with totally broken data. Ifconfig's printwpsie()
loops through WPS frames printing the attributes out; if the frame's data is bad,
printwpsie() can end up looking at out-of-bounds addresses causing ifconfig to
bus error.
Thanks to Takashi Inoue at Nihon U for his efforts in debugging this.
eadler [Mon, 5 Mar 2018 06:52:26 +0000 (06:52 +0000)]
MFC r307901,r308180:
FreeBSD tcp stack used to inform respective congestion control module about the
loss event but not use or obay the recommendations i.e. values set by it in some
cases.
Here is an attempt to solve that confusion by following relevant RFCs/drafts.
Stack only sets congestion window/slow start threshold values when there is no
CC module availalbe to take that action. All CC modules are inspected and
updated when needed to take appropriate action on loss.
tcp_stacks/fastpath module has been updated to adapt these changes.
Note: Probably, the most significant change would be to not bring congestion
window down to 1MSS on a loss signaled by 3-duplicate acks and letting
respective CC decide that value.
eadler [Mon, 5 Mar 2018 06:47:28 +0000 (06:47 +0000)]
MFC r308065:
Remove a PCI ID for a raid controller from Adaptec that was planned,
but never released. Since no real hardware was released with this ID,
just drop it from the aacraid driver. This paves the path for future
drivers for hardware that actually has this ID.
Submitted by: Scott Benesh from Microsemi.
Differential Revision: https://reviews.freebsd.org/D8377
MFC After: 3 days
eadler [Mon, 5 Mar 2018 06:37:02 +0000 (06:37 +0000)]
MFC r306896:
Fix spurious white space introduced in r301059
r301059 accidently introduced a subtle change for point to point interfaces
where an extra space is inserted before the netmask. This can cause issues
for scripts that parse ifconfig output.
hselasky [Sun, 4 Mar 2018 19:15:24 +0000 (19:15 +0000)]
MFC r330236:
Correct the return value from flush_work() and flush_delayed_work() in the
LinuxKPI to comply more with Linux. This fixes an issue when these functions
are used in waiting loops.
eadler [Sat, 3 Mar 2018 21:05:28 +0000 (21:05 +0000)]
MFC r305137:
Eliminate unnecessary loop in _cap_check()
Calling cap_rights_contains() several times with the same inputs is not
going to produce a different output. The variable being iterated, i, is
never used inside the for loop.
The loop is actually done in cap_rights_contains()
eadler [Sat, 3 Mar 2018 18:11:02 +0000 (18:11 +0000)]
MFC r302519:
Audit the file-descriptor number argument for openat(2). Remove a comment
about the desirability of auditing the number, as it was in fact in the
wrong place (in the common path for open(2) and openat(2), and only the
latter accepts a file-descriptor argument). Where other ABIs support
openat(2), it may be necessary to do additional argument auditing as it is
not performed in kern_openat(9).
eadler [Sat, 3 Mar 2018 10:43:41 +0000 (10:43 +0000)]
MFC r322210,r322613,r322831:
pgrep naively appends the delimiter to all PIDs including the last
e.g. "pgrep -d, getty" outputs "1399,1386,1309,1308,1307,1306,1305,1302,"
Ensure the list is correctly delimited by suppressing the emission of the
delimiter after the final PID.
The r322210 change to pgrep's PID delimiting behaviour causes pgrep's default
output to not include a trailing new line, which is a potential POLA violation
for existing consumers. Change pgrep to always emit a trailing new line on
completion of its output, regardless of the delimeter in use (which technically
is also a potential POLA violation for existing consumers that rely on the
pre-r322210 buggy behaviour, but a line has to be drawn somewhere).
Only emit the trailing new line added in r322613 when not operating in quiet
mode.
eadler [Sat, 3 Mar 2018 10:27:33 +0000 (10:27 +0000)]
MFC r318891:
Fix long standing issue in bsdconfig's keymap selection
Since the translation to vt as terminal emulator, the keymaps files
path has changed and this change does not get followed in bsdconfig.
This implicates boot time warnings about a wrong keymap file, what
is very confusing for the new users and for me too, so initialize
the default keymaps search path depending on terminal type.
r319506:
cxgbe(4): Update the statistics for compound tx work requests once per
work request, not once per frame.
r319872:
cxgbe(4): Do not request an FEC setting that the port does not support.
r321063:
cxgbe(4): Various link/media related improvements.
- Deal with changes to port_type, and not just port_mod when a
transceiver is changed. This fixes hot swapping of transceivers of
different types (QSFP+ or QSA or QSFP28 in a QSFP28 port, SFP+ or
SFP28 in a SFP28 port, etc.).
- Always refresh media information for ifconfig if the port is down.
The firmware does not generate tranceiver-change interrupts unless at
least one VI is enabled on the physical port. Before this change
ifconfig diplayed potentially stale information for ports that were
administratively down.
- Always recalculate and reapply L1 config on a transceiver change.
- Display PAUSE settings in ifconfig. The driver sysctls for this
continue to work as well.
r321103:
cxgbe(4): New ioctls to flash bootrom and boot config to the card.
r321179:
cxgbe/t4_tom: Log more details about the newly ESTABLISHED tid to the
trace buffer.
r321390:
cxgbe(4): Install the firmware bundled with the driver to the card if it
doesn't seem to have one. This lets the driver recover automatically
from incomplete firmware upgrades (panic, reboot, power loss, etc. in
the middle of an upgrade).
r321435:
cxgbe(4): Display some more TOE parameters related to retransmission
and keepalive in the sysctl MIB. Provide tunables to change some of
these parameters. These are supposed to be setup by the firmware so
these tunables are for experimentation only.
r321582:
cxgbe(4): Some updates to the common code.
- Updated register ranges.
- Helper routines for access to TP registers.
- Updated routine to read flash parameters.
r321671:
cxgbe/iw_cxgbe: Log the end point's history and flags to the trace
buffer just before it's freed.
r322014:
cxgbe(4): Initial import of the "collect" component of Chelsio unified
debug (cudbg) code, hooked up to the main driver via an ioctl.
The ioctl can be used to collect the chip's internal state in a
compressed dump file. These dumps can be decoded with the "view"
component of cudbg.
r322034:
cxgbe(4): Always use the first and not the last virtual interface
associated with a port in begin_synchronized_op.
r322055:
cxgbe(4): Allow the TOE timer tunables to be set with microsecond
precision. These timers are already displayed in microseconds in the
sysctl MIB. Add variables to track these tunables while here.
r322123:
cxgbe(4): Avoid a NULL dereference that would occur during module unload
if there were problems earlier during attach.
r322167:
cxgbe(4): Add the T6 and T5 Unified Wire configuration files to the
kernel, just like for T4, when the driver is compiled into the kernel.
r322425:
cxgbe(4): Save the last reported link parameters and compare them with
the current state to determine whether to generate a link-state change
notification. This fixes a bug introduced in r321063 that caused the
driver to sometimes skip these notifications.
r322549:
cxgbe/t4_tom: Use correct name for the ISS-valid bit in options2.
r322914:
cxgbe(4): Dump the mailbox contents in the same format as CH_DUMP_MBOX.
r322960:
cxgbe(4): Verify that the driver accesses the firmware mailbox in a
thread-safe manner.
r322962:
cxgbe(4): Remove write only variable from t4_port_init.
r322964:
cxgbe(4): vi_mac_funcs should include the base Ethernet function. It is
already used in the driver as if it does.
r322985:
cxgbe(4): Maintain one ifmedia per physical port instead of one per
Virtual Interface (VI). All autonomous VIs that share a port share the
same media.
r322990:
cxgbe(4): Do not access the mailbox without appropriate locks while
creating hardware VIs.
This fixes a bad race on systems with hw.cxgbe.num_vis > 1.
r323006:
cxgbe(4): Update T6/T5/T4 firmwares to 1.16.59.0.
r323026:
cxgbe(4): Zero out the memory allocated for the debug dump.
cudbg_collect seems to expect it this way.
r323041:
cxgbe(4): Add two new debug flags -- one to allow manual firmware
install after full initialization, and another to disable the TCB
cache (T6+). The latter works as a tunable only.
Note that debug_flags are for debugging only and should not be set
normally.
r323069:
cxgbe/t4_tom: Add a knob to select the congestion control algorigthm
used by the TOE hardware for fully offloaded connections. The knob
affects new connections only.
r323078:
cxgbe/t4_tom: There may not be a tid to update if the connection isn't
established.
r323343:
cxgbe(4): Fix a couple of problems in the sge_wrq data path.
- start_wrq_wr must not drain the wr_list if there are incomplete_wrs
pending. This can happen when a t4_wrq_tx runs between two
start_wrq_wr.
- commit_wrq_wr must examine the cookie's pidx and ndesc with the
queue's lock held. Otherwise there is a bad race when incomplete WRs
are being completed and commit_wrq_wr for the WR that is ahead in the
queue updates the next incomplete WR's cookie's pidx/ndesc but the
commit_wrq_wr for the second one is using stale values that it read
without the lock.
r323514:
cxgbetool(8): mode must be specified when creating the dump file.
r323520:
cxgbe(4): Ignore capabilities that depend on TOE when the firmware
reports TOE is not available.
r324296:
cxgbe(4): Provide knobs to set the holdoff parameters of TOE rx queues
separately from NIC rx queues instead of using the same parameters for
both types of queues.
r324379:
cxgbetool(8): Do not create a large file devoid of useful content when
the dumpstate ioctl fails. Make the file world-readable while here.
r324386:
cxgbe(4): Update T6, T5, and T4 firmwares to 1.16.63.0.
r324443:
cxgbetool(8): Do not close uninitialized fd on malloc failure.
r324945:
cxgbe(4): Read the MPS buffer group map from the firmware as it could be
different from hardware defaults. The congestion channel map, which is
still fixed, needs to be tracked separately now. Change the congestion
setting for TOE rx queues to match the drivers on other OSes while here.
r325596:
cxgbe(4): Do not request settings not supported by the port.
r325680:
cxgbe(4): Excluce mdi from the check against port capabilities.
r325880:
cxgbe(4): Combine all _10g and _1g tunables and drop the suffix from
their names. The finer-grained knobs weren't practically useful.
r325883:
cxgbe(4): Sanitize t4_num_vis during MOD_LOAD like all other t4_*
tunables. Add num_vis to the intrs_and_queues structure as it affects
the number of interrupts requested and queues created. In future
cfg_itype_and_nqueues might lower it incrementally instead of going
straight to 1 when enough interrupts aren't available.
r325884:
cxgbe(4): Remove rsrv_noflowq from intrs_and_queues structure as it does
not influence or get affected by the number of interrupts or queues.
r325961:
cxgbe(4): Add core Vdd to the sysctl MIB.
r326026:
cxgbe(4): Add a custom board to the device id list.
r326042:
cxgbe(4): Fix unsafe mailbox access in cudbg.
r327062:
cxgbe(4): Read the MFG diags version from the VPD and make it available
in the sysctl MIB.
r327093:
cxgbe(4): Do not forward interrupts to queues with freelists. This
leaves the firmware event queue (fwq) as the only queue that can take
interrupts for others.
This simplifies cfg_itype_and_nqueues and queue allocation in the driver
at the cost of a little (never?) used configuration. It also allows
service_iq to be split into two specialized variants in the future.
r327332:
cxgbe(4): Reduce duplication by consolidating minor variations of the
same code into a single routine.
r327528:
cxgbe(4): Add a knob to enable/disable PCIe relaxed ordering. Disable it by
default when running on Intel CPUs.
r328420:
cxgbe(4): Do not display harmless warning in non-debug builds.
r328423:
cxgbe(4): Accept old names of a couple of tunables.
jhb [Sat, 3 Mar 2018 00:54:12 +0000 (00:54 +0000)]
MFC 328608: Export tcp_always_keepalive for use by the Chelsio TOM module.
This used to work by accident with ld.bfd even though always_keepalive
was marked as static. LLD honors static more correctly, so export this
variable properly (including moving it into the tcp_* namespace).
Relative to HEAD the MFC includes two additional changes:
- The t3_tom module used for cxgb(4) is also patched.
- A strong reference from the new name (tcp_always_keepalive) to the old
name (always_keepalive) has been added to preserve the KBI for existing
modules.
manu [Fri, 2 Mar 2018 15:17:42 +0000 (15:17 +0000)]
MFC r320943-r320944, r321008, r321072, r321128
r320943:
Add ipfw_status command to etc/rc.d/ipfw
This is helpful when using service/conf management tools.
Sonsored-By: Gandi.net
r320944:
Add an rc.d script to setup a netflow export via ng_netflow
The default is to export netflow data on localhost on the netflow port.
ngtee is used to have the lowest overhead possible.
The ipfw ng hook is the netflow port (it can only be numeric)
Default is netflow version 5.
gjb [Thu, 1 Mar 2018 16:41:37 +0000 (16:41 +0000)]
MFC r330033:
Bump the size of virtual machine disk images from 20G to 30G,
providing more space for a local buildworld to succeed without
attaching separate disks for /usr/src and /usr/obj.
eadler [Thu, 1 Mar 2018 08:05:52 +0000 (08:05 +0000)]
MFC r324570,r324580:
[net80211] begin handling multiple hardware decap'ed A-MSDU in the RX path.
The duplicate detection code currently expects A-MSDU frames to be encaped -
they're decap'ed /after/ duplicate detection.
However for ath10k (and iwm hardware later on) the firmware supports
doing A-MSDU decap in hardware - which shows up as multiple frames with
the same sequence number and IV.
This is the first part of decap handling - if we see a stretch of A-MSDU
frames from the driver with the MORE bit set, then don't treat them
as duplicates.
This isn't 100% complete as crypto sequence number handling and "A-MSDU in
A-MPDU" needs handling, but it's a start.
This should be a glorified no-op for everyone. Please tell me if it isn't.
eadler [Thu, 1 Mar 2018 07:59:14 +0000 (07:59 +0000)]
MFC r307602:
[net80211] Initial full-offload scan support.
This is a very simple addition to the net80211 scan support.
It doesn't implement a replacement scan interface - it just disables
the pieces that we should disable to make this lifecycle a bit
more managable.
There's more work to come before full scan offload support is available
but it should be good enough for driver work.
* add a flag to say "full offload"
* don't do probe requests when scanning full-offload - firmware can do that
* don't do powersave transitions and buffering - firmware can do that
tested:
* iwm(4) - STA mode
* ath10k port (local, not in freebsd-head yet)
[iwmfw] add version 17 firmware.
[iwmfw] add version 17 firmware.
[iwmfw] add version 17 firmware.
[iwmfw] add this 3 megabyte firmware image.
[iwmfw] bump firmware to version 17.
[iwmfw] back this out to version 16 for now.
[iwmfw] add 7265D firmware.
[iwmfw] add 7265D firmware.
[iwmfw] add 7265D-22 firmware
[iwmfw] 8000C ver 22 firmware.
[iwmfw] bump built firmware now to version 22 for 7265D and 8000C.
[iwmfw] Add missing SUBDIR needed for iwmfw to load after ^/head@r324434
[iwmfw] Add the firmware for the Intel 8265 WiFi device.