Warner Losh [Tue, 31 Oct 2023 20:55:58 +0000 (14:55 -0600)]
ino64: Remove 'forward compat' code for this
Forward compatibility code was added for running newer ino64 binaries on
older kernels as a transition aide. Now that ino64 has been in the tree
6 years, this code is no longer useful and should have been removed long
ago. Remove it now. Should be no user-visible changes at this point as
all the 'upgrade' scenarios it was intended for are long since past.
Also need to remove this stuff from rtld since the _foo versions
no longer exist.
Warner Losh [Tue, 31 Oct 2023 20:03:32 +0000 (14:03 -0600)]
bhyve: ps2 implement command 0xf6
Implement PS2 Keyboard command 0xf6, which is "SET DEFAULTS". This is
the same as 0xf5 (DISABLE KEYBOARD), but without disabling the keyboard
(since that resets all the defaults as a side effect). Normally, we
clear the fifo when we re-enable the keyboard. However, since this
leaves the keyboard enabled, clear the fifo as part of this command and
send an ack.
Linux's keyboard driver sends this command on reboot. Other commands
enable / reset the kebyoard, so it doesn't matter too much this isn't
implemented for booting, eg ubuntu.
Kenneth D. Merry [Tue, 31 Oct 2023 19:20:36 +0000 (15:20 -0400)]
Add IBM TS1170 density codes and specs.
These were obtained from a drive, but they agree with the IBM
documentation.
The bpi/bpmm values are the same as TS1160, but the number of
tracks is much larger (18944 tracks vs 8704 for TS1160). The tapes
are also longer, 1337m total. (According to the MAM on a sample JF
tape. I don't have a JE tape handy to compare.) The end result
is a 50TB raw capacity (150TB compressed) for TS1170 with a JF
cartridge vs 20TB raw capacity (60TB compressed) for TS1160 with
a JE cartridge.
lib/libmt/mtlib.c:
Add the TS1170 density codes to the denstiy table in libmt.
usr.bin/mt/mt.1:
Add the TS1170 density codes and specs to the density table
in the mt(1) man page. As usual for TS drives, there is an
encrypted and non-encrypted density code (0x79 and 0x59
respectively).
Kristof Provost [Fri, 27 Oct 2023 12:13:57 +0000 (14:13 +0200)]
libpfctl: be more tolerant of kernel extensions
Allow the kernel to supply more array elements than expected, but cut
off when we hit what we think the maximum is. This will improve forward
compatibility (i.e. old userspace with newer kernel).
Kristof Provost [Tue, 10 Oct 2023 09:56:15 +0000 (11:56 +0200)]
pf tests: ensure that we generate all permutations for SCTP multihome
The initial multihome implementation was a little simplistic, and failed
to create all of the required states. Given a client with IP 1 and 2 and
a server with IP 3 and 4 we end up creating states for 1 - 3 and 2 - 3,
as well as 3 - 1 and 4 - 1, but not for 2 - 4.
Kristof Provost [Tue, 17 Oct 2023 16:10:39 +0000 (18:10 +0200)]
pf: fix missing SCTP multihomed states
The existing code to create extra states when SCTP endpoints supplied
extra addresses missed a case. As a result we failed to generate all of
the required states.
Briefly, if host A has address 1 and 2 and host B has addres 3 and 4 we
generated 1 - 3 and 2 - 3, as well as 1 - 4, but not 2 - 4.
Store the list of endpoints supplied by each host and use those to
generate all of the connection permutations.
Brooks Davis [Mon, 30 Oct 2023 23:33:14 +0000 (23:33 +0000)]
tzsetup: make UTC the first (default) region
Many sysadmins prefer to configure their systems to UTC and it's a
reasonable default when installing, making it easier to get a usable
system by just hitting <return> repeatidly.
Renumber UTC to 0 to preserve the finger memory of those selecting a
region by shortcut.
Andrew Turner [Mon, 16 Oct 2023 14:34:19 +0000 (15:34 +0100)]
arm64: Add a BTI landing pad to .mcount
The .mcount function needs a BTI branch target. As we can't rely on
asm.h being included use the hint version of a "bti c" instruction.
This is a nop when BTI is not supported or not used.
Reviewed by: markj
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D42230
Andrew Turner [Thu, 12 Oct 2023 16:29:46 +0000 (17:29 +0100)]
rtld: Teach rtld about the BTI elf note
Add the Branch Target Identification (BTI) note to libc assembly
sources. As all obect files need the note for rtld to have it we need
to insert it in all asm files.
Andrew Turner [Thu, 12 Oct 2023 10:03:37 +0000 (11:03 +0100)]
csu: Teach csu about PAC and BTI
Add the Branch Target Identification (BTI) note to libc assembly
sources and Pointer Authentication Code (PAC) instructions to _init and
_fini.
_init and _fini may be called indirectly so need a BTI landing pad. As
they are non-leaf functions use the appropriate PAC instruction that
also guards against changing the link register.
As all object files need the note for any binary using these object files
we need to insert it in all asm files.
Reviewed by: markj
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D42227
The new STATIC_TLS_EXTRA variable provides a means for applications
to increases the size of the extra static TLS space allocated by
rtld beyond the default of '128'. This extra static TLS space is used
for objects loaded with dlopen.
The value specified in the variable must be no less than the default
value and no greater than the maximum allowed value for size_t type.
If an invalid value is specified, rtld will ignore it and just use
the default value.
The rtld(1) man page is updated to document this new option.
Obtained from: Juniper Networks, Inc.
Differential Revision: https://reviews.freebsd.org/D42025
Yishai Hadas [Sat, 28 Oct 2023 20:55:47 +0000 (16:55 -0400)]
mlx5ib: Fix RSS Toeplitz setup to be aligned with the HW specification
The specification for the Toeplitz function doesn't require to set the key
explicitly to be symmetric. In case a symmetric functionality is required
a symmetric key can be simply used.
Wrongly forcing the algorithm to symmetric causes the wrong packet
distribution and a performance degradation.
Warner Losh [Fri, 27 Oct 2023 21:23:47 +0000 (15:23 -0600)]
devd: Improve devmatch support
We know that calling devmatch will be futile if there's no plug and play
information for it to match on. Avoid this generically when we see
"? at +on"
which happens only when the location and pnpinfo aren't provided. Don't
call "service devmatch quietstart" here.
We also ignore ACPI devices with a _HID of none. These also will never
load a new driver, so avoid calling "service devmatch quietstart" here too.
Use the more compatct "$*" instead of "'?'$_" when calling "service
devmatch quietstart" since it will evaluate to the same thing.
On my laptop, this eliminates 45% of the calls to devmatch. While it
would be even better to integrate devmatch into devd (so we only parse
linker.hints once), that will have to wait for another day as it's a bit
more complex to arrange that avoiding easy to avoid calls.
Warner Losh [Fri, 27 Oct 2023 20:03:51 +0000 (14:03 -0600)]
otus: splnet isn't a thing, remove place holders
Even though it's if 0'd code, remove splnet/splx. This code can't
possibly run on FreeBSD, but having it here as a marker isn't especially
helpful. It causes a false positive on grepping otherwise.
Warner Losh [Fri, 27 Oct 2023 16:11:29 +0000 (10:11 -0600)]
strlcpy/strlcat: Remove references to snprintf
While strlcpy and snprintf are somewhat similar, there's big differences
between strlcat and snprintf which leads to confusion. Remove the
comparison, since it's ultimately not that useful: the snprintf man page
has similar language to strlcpy, so it doesn't provide a better
reference. The two implementations are otherwise unrelated.
Warner Losh [Fri, 27 Oct 2023 14:39:31 +0000 (08:39 -0600)]
netinet: The tailq_hash code doesn't reference tcpoutflags
Don't define TCPOUTFLAGS to get the static definition from tcp_fsm.h.
tailq_hash.c doesn't refernce tcpoutflag. Only files that reference this
should define TCPOUTFLAGS. clang is fine with it, but gcc12 complained.
Warner Losh [Fri, 27 Oct 2023 04:14:23 +0000 (22:14 -0600)]
UPDATING: Document branch creation
Document when stable/12, stable/13 and stable/14 were created. Once we
release 14.0, I'll trim the stable/11 branchpoint through stable/12
brnachpoint. Documenting all of these will make it easier in the future.
Warner Losh [Tue, 17 May 2022 16:47:50 +0000 (10:47 -0600)]
efibootmgr: -C isn't implemented
-C isn't implemented, so just errx out until it is. It's not listed in
the man page, but is parsed for compatibility with the Linux
efibootmgr(8) command.
Kyle Evans [Fri, 27 Oct 2023 03:55:17 +0000 (22:55 -0500)]
arm: prune imx5 support from the tree
The IMX5 configs were removed in advance of FreeBSD 14.0 in cdb0c2a73df ("arm: Remove IMX5 specific kernel configs"). This code
isn't built with GENERIC and doesn't actually build today as-is, so
let's remove it to avoid needless maintenance work to it that won't be
tested. As usual, revival is welcome with a committed user and work to
maintain it with upstream DTS and, ideally, in GENERIC.
I note that vt_early_fb is now effectively orphaned as nothing else will
use it, but I haven't yet removed it since I have not done anything to
ascertain if it could be integrated easily enough for other SoC. It is
among the files that doesn't actually build with today's clang, though.
Reviewed by: imp, manu
Differential Revision: https://reviews.freebsd.org/D41836
Warner Losh [Fri, 27 Oct 2023 03:10:36 +0000 (21:10 -0600)]
arm: Introduce MK_KERNEL_BIN to control generation of kernel.bin
It's sometimes desirable to generate kernel.bin and install it. While
the mainstream has moved on to UEFI booting on arm, some specialized
gear can't support it. For that gear, we unconditionally generate
kernel.bin. Add a knob so that WITH_KERNEL_BIN or WITHOUT_KERNEL_BIN
control its generation and installation. config files should add
'makeoptions WITH_KERNEL_BIN=t' to enable it. Since its use is
specialized, it is off by default now since the arm world has largely
moved on to UEFI.
It only affects arm and arm64 (since those are the only two that support
it).
shodanshok [Thu, 26 Oct 2023 16:40:21 +0000 (18:40 +0200)]
Read prefetched buffers from L2ARC
Prefetched buffers are currently read from L2ARC if, and only if,
l2arc_noprefetch is set to non-default value of 0. This means that
a streaming read which can be served from L2ARC will instead engage
the main pool.
For example, consider what happens when a file is sequentially read:
- application requests contiguous data, engaging the prefetcher;
- ARC buffers are initially marked as prefetched but, as the calling
application consumes data, the prefetch tag is cleared;
- these "normal" buffers become eligible for L2ARC and are copied to it;
- re-reading the same file will *not* engage L2ARC even if it contains
the required buffers;
- main pool has to suffer another sequential read load, which (due to
most NCQ-enabled HDDs preferring sequential loads) can dramatically
increase latency for uncached random reads.
In other words, current behavior is to write data to L2ARC (wearing it)
without using the very same cache when reading back the same data. This
was probably useful many years ago to preserve L2ARC read bandwidth but,
with current SSD speed/size/price, it is vastly sub-optimal.
Setting l2arc_noprefetch=1, while enabling L2ARC to serve these reads,
means that even prefetched but unused buffers will be copied into L2ARC,
further increasing wear and load for potentially not-useful data.
This patch enable prefetched buffer to be read from L2ARC even when
l2arc_noprefetch=1 (default), increasing sequential read speed and
reducing load on the main pool without polluting L2ARC with not-useful
(ie: unused) prefetched data. Moreover, it clear users confusion about
L2ARC size increasing but not serving any IO when doing sequential
reads.
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Reviewed-by: Alexander Motin <mav@FreeBSD.org> Signed-off-by: Gionatan Danti <g.danti@assyoma.it>
Closes #15451
Add mutex_enter_interruptible() for interruptible sleeping IOCTLs
Many long-running ZFS ioctls lock the spa_namespace_lock, forcing
concurrent ioctls to sleep for the mutex. Previously, the only
option is to call mutex_enter() which sleeps uninterruptibly. This
is a usability issue for sysadmins, for example, if the admin runs
`zpool status` while a slow `zpool import` is ongoing, the admin's
shell will be locked in uninterruptible sleep for a long time.
This patch resolves this admin usability issue by introducing
mutex_enter_interruptible() which sleeps interruptibly while waiting
to acquire a lock. It is implemented for both Linux and FreeBSD.
The ZFS_IOC_POOL_CONFIGS ioctl, used by `zpool status`, is changed to
use this new macro so that the command can be interrupted if it is
issued during a concurrent `zpool import` (or other long-running
operation).
Reviewed-by: Tony Hutter <hutter2@llnl.gov> Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Signed-off-by: Thomas Bertschinger <bertschinger@lanl.gov>
Closes #15360
Warner Losh [Thu, 26 Oct 2023 16:14:54 +0000 (10:14 -0600)]
gpart: Be less picky about GPT Tables in some cases
When we're recoverying a damangae GPT, or when we're restoring a backed
up partition tables, don't enforce the 4k alignment for start/end LBAs.
This is useful for 512e/4kn drives when we're creating a new partition
table or partition. However, when we're trying to fix / restore an old
partition, we shouldn't force this alignment, since in that case it's
more important to use the partition table as is than to optimize
performance by rounding (which isn't required by the standard).
ednadolski-ix [Thu, 26 Oct 2023 16:13:01 +0000 (10:13 -0600)]
arc_default_max on Linux should match FreeBSD
Commits 518b487 and 23bdb07 changed the default ARC size limit on
Linux systems to 1/2 of physical memory, which has become too
strict for modern systems with large amounts of RAM. This patch
changes the default limit to match that of FreeBSD, so ZFS may
have a unified value on both platforms.
Reviewed-by: George Melikov <mail@gmelikov.ru> Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Signed-off-by: Edmund Nadolski <edmund.nadolski@ixsystems.com>
Closes #15437
Warner Losh [Thu, 26 Oct 2023 16:09:16 +0000 (10:09 -0600)]
ttys: Document insecure flag
Both the secure and insecure flag is documented in init(8). the secure
flag is documented here; however, the insecure flag is not. Nor is the
nuance that a line missing the 'secure' flag is also considered
insecure. Document both here.
Warner Losh [Thu, 26 Oct 2023 04:35:45 +0000 (22:35 -0600)]
devd: Restore WARNS=6
We compile correctly on all platforms with clang and WARNS=6. We build
on amd64 with gcc12 and WARNS.6. Restore WARNS=6. This reverts 3741a56c310d, since that's no longer relevant.
Don't drop fragmented packets when reassembly is disabled, they can be
matched by rules with "fragment" keyword. Ensure that presence of scrub
rules forces old behaviour.
Gleb Smirnoff [Thu, 26 Oct 2023 09:59:21 +0000 (02:59 -0700)]
bhyve: fix arguments to ioctl(VMIO_SIOCSIFFLAGS)
ioctl(2)'s with integer argument shall pass command argument by value,
not by pointer. The ioctl(2) manual page is not very clear about that.
See sys/kern/sys_generic.c:sys_ioctl() near IOC_VOID.
Kirk McKusick [Wed, 25 Oct 2023 22:36:45 +0000 (15:36 -0700)]
Delete snapshot after opening it when running fsck_ffs(9) in background.
When fsck_ffs(8) runs in background, it creates a snapshot named
fsck_snapshot in the filesystem's .snap directory. The fsck_snapshot
file was removed when the background fsck finished. If the system
crashed or the fsck exited unexpectedly, the fsck_snapshot file
would remain. The snapshot would consume ever more space as the
filesystem changed over time until it was removed by a system
administrator or a future run of background fsck removed it to
create a new snapshot file.
This commit unlinks the .snap/fsck_snapshot file immediately after
opening it so that it will be reclaimed when fsck closes it at the
conclusion of its run. After a system crash, it will be removed as
part of the filesystem cleanup because of its zero reference count.
As only a few milliseconds pass between its creation and unlinking,
there is far less opportunity for it to be accidentally left behind.
Alexander Motin [Wed, 25 Oct 2023 22:22:25 +0000 (18:22 -0400)]
ZIO: Remove READY pipeline stage from root ZIOs
zio_root() has no arguments for ready callback or parent ZIO. Except
one recent case in ZIL code if root ZIOs ever have a parent it is
also a root ZIO. It means we do not need READY pipeline stage for
them, which takes some time to process, but even more time to wait
for the children and be woken by them, and both for no good reason.
The most visible effect of this change is that it avoids one taskq
wakeup per ZIL block written, previously used to run zio_ready()
for lwb_root_zio and skipped now.
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Alexander Motin <mav@FreeBSD.org>
Sponsored by: iXsystems, Inc.
Closes #15398
Ed Maste [Tue, 24 Oct 2023 22:06:59 +0000 (18:06 -0400)]
Update ASLR stack sysctl description in security.7 and mitigations.7
In an earlier implementation the stack (gap) was randomized when the
enable sysctl was set and ASLR was also enabled (in general) for the
binary. In the current implementation the sysctl operates
independently.
Reviewed by: kib
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D42357
user stack randomization: only enable by default for 64bit processes
All aslr knobs are disabled by default for 32bit processes, except
stack. This results in weird stack location, typically making around 1G
of user address space hard to use.
Reviewed by: emaste
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D42356
Tony Hutter [Mon, 23 Oct 2023 21:45:06 +0000 (14:45 -0700)]
zvol: Remove broken blk-mq optimization
This fix removes a dubious optimization in zfs_uiomove_bvec_rq()
that saved the iterator contents of a rq_for_each_segment(). This
optimization allowed restoring the "saved state" from a previous
rq_for_each_segment() call on the same uio so that you wouldn't
need to iterate though each bvec on every zfs_uiomove_bvec_rq() call.
However, if the kernel is manipulating the requests/bios/bvecs under
the covers between zfs_uiomove_bvec_rq() calls, then it could result
in corruption from using the "saved state". This optimization
results in an unbootable system after installing an OS on a zvol
with blk-mq enabled.
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Signed-off-by: Tony Hutter <hutter2@llnl.gov>
Closes #15351
Alexander Motin [Tue, 24 Oct 2023 21:35:25 +0000 (17:35 -0400)]
ZIL: Detect single-threaded workloads
... by checking that previous block is fully written and flushed.
It allows to skip commit delays since we can give up on aggregation
in that case. This removes zil_min_commit_timeout parameter, since
for single-threaded workloads it is not needed at all, while on very
fast devices even some multi-threaded workloads may get detected as
single-threaded and still bypass the wait. To give multi-threaded
workloads more aggregation chances increase zfs_commit_timeout_pct
from 5 to 10%, as they should suffer less from additional latency.
Also single-threaded workloads detection allows in perspective better
prediction of the next block size.
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Reviewed-by: Prakash Surya <prakash.surya@delphix.com>
Signed-off-by: Alexander Motin <mav@FreeBSD.org>
Sponsored by: iXsystems, Inc.
Closes #15381
Alexander Motin [Tue, 24 Oct 2023 21:33:58 +0000 (17:33 -0400)]
ABD: Be more assertive in iterators
Once we verified the ABDs and asserted the sizes we should never
see premature ABDs ends. Assert that and remove extra branches
from production builds.
Reviewed-by: Brian Atkinson <batkinson@lanl.gov> Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Alexander Motin <mav@FreeBSD.org>
Sponsored by: iXsystems, Inc.
Closes #15428
Ed Maste [Tue, 24 Oct 2023 18:55:56 +0000 (14:55 -0400)]
OpenSSL: update to 3.0.12
OpenSSL 3.0.12 addresses:
* Fix incorrect key and IV resizing issues when calling
EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or EVP_CipherInit_ex2()
with OSSL_PARAM parameters that alter the key or IV length
([CVE-2023-5363]).
Relnotes: Yes
Sponsored by: The FreeBSD Foundation
Brian Behlendorf [Tue, 24 Oct 2023 18:00:07 +0000 (11:00 -0700)]
Add prefetch property
ZFS prefetch is currently governed by the zfs_prefetch_disable
tunable. However, this is a module-wide settings - if a specific
dataset benefits from prefetch, while others have issue with it,
an optimal solution does not exists.
This commit introduce the "prefetch" tri-state property, which enable
granular control (at dataset/volume level) for prefetching.
This patch does not remove the zfs_prefetch_disable, which remains
a system-wide switch for enable/disable prefetch. However, to avoid
duplication, it would be preferable to deprecate and then remove
the module tunable.
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Reviewed-by: Alexander Motin <mav@FreeBSD.org> Reviewed-by: Ameer Hamza <ahamza@ixsystems.com> Signed-off-by: Gionatan Danti <g.danti@assyoma.it> Co-authored-by: Gionatan Danti <g.danti@assyoma.it>
Closes #15237
Closes #15436
Ed Maste [Tue, 24 Oct 2023 17:45:46 +0000 (13:45 -0400)]
OpenSSL: Vendor import of OpenSSL 3.0.12
* Fix incorrect key and IV resizing issues when calling
EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or EVP_CipherInit_ex2()
with OSSL_PARAM parameters that alter the key or IV length
([CVE-2023-5363]).
Kristof Provost [Mon, 23 Oct 2023 11:46:11 +0000 (13:46 +0200)]
libpfctl: fix Coverity issues
- handle snl_finalize_msg() returning NULL
- insert the correct data into the states list
- add missing nvlist_destroy()
- incorrect order for array bounds
Kristof Provost [Mon, 23 Oct 2023 11:43:52 +0000 (13:43 +0200)]
libpfctl: fix pfctl_do_ioctl()
pfctl_do_ioctl() copies the packed request data into the request buffer
and then frees it. However, it's possible for the buffer to be too small
for the reply, causing us to allocate a new buffer. We then copied from
the freed request, and freed it again.
Do not free the request buffer until we're all the way done.
Mariusz Zaborski [Mon, 23 Oct 2023 21:03:51 +0000 (23:03 +0200)]
cap_net: correct capability name from addr2name to name2addr
Previously, while checking name2addr capabilities, we mistakenly used
the addr2name set. This error could cause a process to inadvertently
reset its limitations.
This patch restores/fixes some of the behavior present in pre-netlink ndp(8).
1. Deleting a local address now correctly returns EPERM (instead of
ENOENT)
2. ndp -c no longer dumps the entire table while complaining about
local addresses
3. Return exit code when deleting entry (e.g. trying ndp -d on a local
address is an error)
Rick Macklem [Mon, 23 Oct 2023 20:21:14 +0000 (13:21 -0700)]
nfscl/kgssapi: Fix Kerberized NFS mounts to pNFS servers
During recent testing related to the IETF NFSv4 Bakeathon, it was
discovered that Kerberized NFSv4.1/4.2 mounts to pNFS servers
(sec=krb5[ip],pnfs mount options) was broken.
The FreeBSD client was using the "service principal" for
the MDS to try and establish a rpcsec_gss credential for a DS,
which is incorrect. (A "service principal" looks like
"nfs@<fqdn-of-server>" and the <fqdn-of-server> for the DS is not
the same as the MDS for most pNFS servers.)
To fix this, the rpcsec_gss code needs to be able to do a
reverse DNS lookup of the DS's IP address. A new kgssapi upcall
to the gssd(8) daemon is added by this patch to do the reverse DNS
along with a new rpcsec_gss function to generate the "service
principal".
A separate patch to the gssd(8) will be committed, so that this
patch will fix the problem. Without the gssd(8) patch, the new
upcall fails and current/incorrect behaviour remains.
This bug only affects the rare case of a Kerberized (sec=krb5[ip],pnfs)
mount using pNFS.
This patch changes the internal KAPI between the kgssapi and
nfscl modules, but since I did a version bump a few days ago,
I will not do one this time.
Rob N [Mon, 23 Oct 2023 15:50:55 +0000 (02:50 +1100)]
spa: document spa_thread() and SDC feature gates
spa_thread() and the "System Duty Cycle" scheduling class are from
Illumos and have not yet been adapted to Linux or FreeBSD.
HAVE_SPA_THREAD has long been explicitly undefined and used to mark
spa_thread(), but there's some related taskq code that can never be
invoked without it, which makes some already-tricky code harder to read.
HAVE_SYSDC is introduced in this commit to mark the SDC parts. SDC
requires spa_thread(), but the inverse is not true, so they are
separate.
I don't want to make the call to just remove it because I still harbour
hopes that OpenZFS could become a first-class citizen on Illumos
someday. But hopefully this will at least make the reason it exists a
bit clearer for people without long memories and/or an interest in
history.
For those that are interested in the history, the original FreeBSD port
of ZFS (before ZFS-on-Linux was adopted there) did have a spa_thread(),
but not SDC. The last version of that before it was removed can be read
here:
Sponsored-by: Klara, Inc. Sponsored-by: Wasabi Technology, Inc. Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Reviewed-by: Alexander Motin <mav@FreeBSD.org> Signed-off-by: Rob Norris <rob.norris@klarasystems.com>
Closes #15406
Kristof Provost [Fri, 20 Oct 2023 05:37:46 +0000 (07:37 +0200)]
pf: allow states to be killed by their pre-NAT address
If a connection is NAT-ed we could previously only terminate it by its
ID or the post-NAT IP address. Allow users to specify they want look for
the state by its pre-NAT address. Usage: `pfctl -k nat -k <address>`.
Kristof Provost [Mon, 16 Oct 2023 14:47:22 +0000 (16:47 +0200)]
pf: support basic filters for state listing
Allow users(pace) to specify a protocol, interface, address family and/
or address and mask, allowing the state listing to be pre-filtered in
the kernel.