kp [Wed, 26 Dec 2018 12:54:27 +0000 (12:54 +0000)]
MFC r341998:
pf: Fix endless loop on NAT exhaustion with sticky-address
When we try to find a source port in pf_get_sport() it's possible that
all available source ports will be in use. In that case we call
pf_map_addr() to try to find a new source IP to try from. If there are
no more available source IPs pf_map_addr() will return 1 and we stop
trying.
However, if sticky-address is set we'll always return the same IP
address, even if we've already tried that one.
We need to check the supplied address, because if that's the one we'd
set it means pf_get_sport() has already tried it, and we should error
out rather than keep trying.
kp [Tue, 25 Dec 2018 12:45:49 +0000 (12:45 +0000)]
MFC r341833:
pf: Prevent integer overflow in PF when calculating the adaptive timeout.
Mainly states of established TCP connections would be affected resulting
in immediate state removal once the number of states is bigger than
adaptive.start. Disabling adaptive timeouts is a workaround to avoid this bug.
Issue found and initial diff by Mathieu Blanc (mathieu.blanc at cea dot fr)
Reported by: Andreas Longwitz <longwitz AT incore.de>
Obtained from: OpenBSD
arybchik [Tue, 25 Dec 2018 07:39:34 +0000 (07:39 +0000)]
MFC r341785
sfxge(4): use n Tx queues instead of n + 2 on EF10 HW
On EF10 HW we can avoid sending packets without checksum offload
or with IP-only checksum offload to dedicated queues. Instead, we
can use option descriptors to change offload policy on any queue
during runtime. Thus, we don't need to create two dedicated queues.
Submitted by: Ivan Malov <Ivan.Malov at oktetlabs.ru>
Sponsored by: Solarflare Communications, Inc.
Differential Revision: https://reviews.freebsd.org/D18390
arybchik [Tue, 25 Dec 2018 07:38:46 +0000 (07:38 +0000)]
MFC r341784
sfxge(4): prepare the number of Tx queues on event queue 0 to become
variable
The number of Tx queues on event queue 0 can depend on the NIC family
type, and this property will be leveraged by future patches.
This patch prepares the code for this change.
Submitted by: Ivan Malov <Ivan.Malov at oktetlabs.ru>
Sponsored by: Solarflare Communications, Inc.
Differential Revision: https://reviews.freebsd.org/D18389
arybchik [Tue, 25 Dec 2018 07:37:42 +0000 (07:37 +0000)]
MFC r341783
sfxge(4): report support for Tx checksum op descriptors
FreeBSD driver needs a patch to provide a means for packets
which do not need checksum offload but have flow ID set
to avoid hitting only the first Tx queue (which has been used
for packets not needing checksum offload).
This should be possible on Huntington, Medford or Medford2 chips
since these support toggling checksum offload on any given queue
dynamically by means of pushing option descriptors.
The patch for FreeBSD driver will then need a means to figure out
whether the feature can be used, and testing adapter family might
not be a good solution.
This patch adds a feature bit specifically to indicate support
for checksum option descriptors. The new feature bits may have
more users in future, apart from the mentioned FreeBSD patch.
Submitted by: Ivan Malov <Ivan.Malov at oktetlabs.ru>
Sponsored by: Solarflare Communications, Inc.
Differential Revision: https://reviews.freebsd.org/D18388
arybchik [Tue, 25 Dec 2018 07:34:44 +0000 (07:34 +0000)]
MFC r341782
sfxge(4): populate per-event queue stats in sysctl
In order to find out why the first event queue and corresponding
interrupt is triggered more frequent, it is useful to know which
events go to each event queue.
Sponsored by: Solarflare Communications, Inc.
Differential Revision: https://reviews.freebsd.org/D18418
arybchik [Tue, 25 Dec 2018 07:33:45 +0000 (07:33 +0000)]
MFC r341327
sfxge(4): rollback last seen VLAN TCI if Tx packet is dropped
Early processing of a packet on transmit may change last seen
VLAN TCI in the queue context. If such a packet is eventually
dropped, last seen VLAN TCI must be set to its previous value.
Submitted by: Ivan Malov <Ivan.Malov at oktetlabs.ru>
Sponsored by: Solarflare Communications, Inc.
Differential Revision: https://reviews.freebsd.org/D18288
arybchik [Tue, 25 Dec 2018 07:33:02 +0000 (07:33 +0000)]
MFC r341326
sfxge(4): ensure EvQ poll stops when abort is requested
If an event handler requested an abort, only the inner loop was
guarenteed to be broken out of - the outer loop could continue
if total == batch.
Fix this by poisoning batch to ensure it is different to total.
Submitted by: Mark Spender <mspender at solarflare.com>
Sponsored by: Solarflare Communications, Inc.
Differential Revision: https://reviews.freebsd.org/D18287
arybchik [Tue, 25 Dec 2018 07:32:18 +0000 (07:32 +0000)]
MFC r341311
sfxge(4): make last byte of module information available
Adjust bounds so the interface supports reading
the last available byte of data.
Submitted by: Richard Houldsworth <rhouldsworth at solarflare.com>
Sponsored by: Solarflare Communications, Inc.
Differential Revision: https://reviews.freebsd.org/D18273
arybchik [Tue, 25 Dec 2018 07:31:45 +0000 (07:31 +0000)]
MFC r341309
sfxge(4): fix MAC Tx stats for less or equal to 64 bytes
This statistic should include 64byte and smaller frames.
Fix EF10 calculation to match Siena code.
Submitted by: Andy Moreton <amoreton at solarflare.com>
Sponsored by: Solarflare Communications, Inc.
Differential Revision: https://reviews.freebsd.org/D18271
arybchik [Tue, 25 Dec 2018 07:30:53 +0000 (07:30 +0000)]
MFC r341302
sfxge(4): fix a typo in unicast filter insertion comment
Submitted by: Ivan Malov <ivan.malov at oktetlabs.ru>
Sponsored by: Solarflare Communications, Inc.
Differential Revision: https://reviews.freebsd.org/D18264
arybchik [Tue, 25 Dec 2018 07:30:17 +0000 (07:30 +0000)]
MFC r341301
sfxge(4): prevent access to the NIC config before probe
NIC config is initialized during NIC probe.
Submitted by: Mark Spender <mspender at solarflare.com>
Sponsored by: Solarflare Communications, Inc.
Differential Revision: https://reviews.freebsd.org/D18263
arybchik [Tue, 25 Dec 2018 07:23:33 +0000 (07:23 +0000)]
MFC r341295
sfxge(4): avoid usage of too big arrays on stack
Found by PreFAST static analysis.
Submitted by: Martin Harvey <mharvey at solarflare.com>
Sponsored by: Solarflare Communications, Inc.
Differential Revision: https://reviews.freebsd.org/D18257
arybchik [Tue, 25 Dec 2018 07:23:04 +0000 (07:23 +0000)]
MFC r341290
sfxge(4): check size of memory to read sensors data to
Size of provided memory should be consistent with specified size.
Submitted by: Martin Harvey <mharvey at solarflare.com>
Sponsored by: Solarflare Communications, Inc.
Differential Revision: https://reviews.freebsd.org/D18252
arybchik [Tue, 25 Dec 2018 07:21:35 +0000 (07:21 +0000)]
MFC r341214
sfxge(4): fix SAL annotation for input buffers
Submitted by: Martin Harvey <mharvey at solarflare.com>
Sponsored by: Solarflare Communications, Inc.
Differential Revision: https://reviews.freebsd.org/D18245
arybchik [Tue, 25 Dec 2018 07:20:41 +0000 (07:20 +0000)]
MFC r341213
sfxge(4): fix PreFAST warnings because of unused return
Submitted by: Martin Harvey <mharvey at solarflare.com>
Sponsored by: Solarflare Communications, Inc.
Differential Revision: https://reviews.freebsd.org/D18244
arybchik [Tue, 25 Dec 2018 07:19:39 +0000 (07:19 +0000)]
MFC r341197
sfxge(4): fix comparison always true warning
Loopback type used as bit index has efx_loopback_type_t type
which is enum. clang complains that it is always true when it
is compared with qword (64 bit) bits number boundary.
Sponsored by: Solarflare Communications, Inc.
Differential Revision: https://reviews.freebsd.org/D18228
arybchik [Tue, 25 Dec 2018 07:18:40 +0000 (07:18 +0000)]
MFC r341038
sfxge(4): add method to make checksum option descriptors
Submitted by: Mark Spender <mspender at solarflare.com>
Sponsored by: Solarflare Communications, Inc.
Differential Revision: https://reviews.freebsd.org/D18160
Falcon support has been withdrawn from libefx, however, there is still
an obsolete Falcon-specific assertion that efx_mac_stats_upload()
and efx_port_poll() aren't concurrent. To be consistent with an overall
Falcon support revocation it's desirable to remove it.
Fix debug build invalid assertion failure.
Submitted by: Ivan Malov <ivan.malov at oktetlabs.ru>
Sponsored by: Solarflare Communications, Inc.
Differential Revision: https://reviews.freebsd.org/D1813
arybchik [Tue, 25 Dec 2018 07:15:03 +0000 (07:15 +0000)]
MFC r340895
sfxge(4): move BIU test code into Siena-specific file
Submitted by: Mark Spender <mspender at solarflare.com>
Sponsored by: Solarflare Communications, Inc.
Differential Revision: https://reviews.freebsd.org/D18129
Fix warning
"C6001: Using uninitialized memory '*sensor_maskp'"
which could occur when the npages argument to efx_mcdi_sensor_info()
is less than or equal to zero.
Submitted by: Andrew Lee <alee at solarflare.com>
Sponsored by: Solarflare Communications, Inc.
Differential Revision: https://reviews.freebsd.org/D18128
arybchik [Tue, 25 Dec 2018 07:13:30 +0000 (07:13 +0000)]
MFC r340892
sfxge(4): remove obsolete check for pre-Siena hardware
The fail4 label was used twice, so it doesn't need removing.
Submitted by: Mark Spender <mspender at solarflare.com>
Sponsored by: Solarflare Communications, Inc.
Differential Revision: https://reviews.freebsd.org/D18126
arybchik [Tue, 25 Dec 2018 07:12:49 +0000 (07:12 +0000)]
MFC r340891
sfxge(4): fix warnings from VS2015 C compiler (C4214)
Fix multiple level 4 warnings
"C4214: nonstandard extension used: bit field types other than int";
no functional changes.
Submitted by: Andrew Lee <alee at solarflare.com>
Sponsored by: Solarflare Communications, Inc.
Differential Revision: https://reviews.freebsd.org/D18125
arybchik [Tue, 25 Dec 2018 07:12:08 +0000 (07:12 +0000)]
MFC r340890
sfxge(4): fix warnings from VS2015 C compiler (C4057)
Fix two level 4 warnings
"C4057: 'function': 'const uint8_t *' differs in indirection to
slightly different base types from 'caddr_t'"; no functional changes.
Submitted by: Andrew Lee <alee at solarflare.com>
Sponsored by: Solarflare Communications, Inc.
Differential Revision: https://reviews.freebsd.org/D18124
arybchik [Tue, 25 Dec 2018 07:11:08 +0000 (07:11 +0000)]
MFC r340889
sfxge(4): fix warnings from VS2015 C compiler (C4189)
Fix multiple level 4 warnings
"C4189: 'xxx': local variable is initialized but not referenced";
no functional changes.
Submitted by: Andrew Lee <alee at solarflare.com>
Sponsored by: Solarflare Communications, Inc.
Differential Revision: https://reviews.freebsd.org/D18123
Submitted by: Andrew Lee <alee at solarflare.com>
Sponsored by: Solarflare Communications, Inc.
Differential Revision: https://reviews.freebsd.org/D18122
arybchik [Tue, 25 Dec 2018 07:03:52 +0000 (07:03 +0000)]
MFC r340887
sfxge(4): fix warnings from VS2015 C compiler (C4245)
Fix level 4 warning
"C4245: 'initializing': conversion from 'int' to 'uint32_t',
signed/unsigned mismatch" warning; no functional changes.
Submitted by: Andrew Lee <alee at solarflare.com>
Sponsored by: Solarflare Communications, Inc.
Differential Revision: https://reviews.freebsd.org/D18121
arybchik [Tue, 25 Dec 2018 07:03:01 +0000 (07:03 +0000)]
MFC r340886
sfxge(4): fix warnings from VS2015 C compiler (C4244)
Fix level 4 warning
"C4244: '+=': conversion from 'unsigned int' to 'uint16_t', possible
loss
of data"; no functional changes.
Submitted by: Andrew Lee <alee at solarflare.com>
Sponsored by: Solarflare Communications, Inc.
Differential Revision: https://reviews.freebsd.org/D18120
Submitted by: Andrew Lee <alee at solarflare.com>
Sponsored by: Solarflare Communications, Inc.
Differential Revision: https://reviews.freebsd.org/D18119
arybchik [Tue, 25 Dec 2018 07:02:08 +0000 (07:02 +0000)]
MFC r340884
sfxge(4): fix probes in licensing support
EFSYS_PROBE1 takes one typed value (in addition to the probe name),
whereas EFSYS_PROBE has just the probe name.
Which to use is determined by the probe name - "fail1" probes are
expected to include the function result.
Submitted by: Mark Spender <mspender at solarflare.com>
Sponsored by: Solarflare Communications, Inc.
Differential Revision: https://reviews.freebsd.org/D18118
arybchik [Tue, 25 Dec 2018 07:01:25 +0000 (07:01 +0000)]
MFC r340883
sfxge(4): fix diagnostics support build without Siena
The compilation failed because __efx_sram_pattern_fns was used in
efx_nic.c, but defined in efx_sram.c which is only needed when
supporting Siena.
To fix it move all the code using __efx_sram_pattern_fns into
Siena-specific files (except for the definition in efx_sram.c itself,
as that file only needs to be included in Siena-supporting builds
anyway).
The functions to test registers and tables are unlikely to apply to any
new hardware and so can be moved into Siena files. Since Huntington
such tests have been implemented in firmware.
Submitted by: Mark Spender <mspender at solarflare.com>
Sponsored by: Solarflare Communications, Inc.
Differential Revision: https://reviews.freebsd.org/D18117
arybchik [Tue, 25 Dec 2018 06:58:47 +0000 (06:58 +0000)]
MFC r340831
sfxge(4): make MAC naming consistent with other modules
Submitted by: Andy Moreton <amoreton at solarflare.com>
Sponsored by: Solarflare Communications, Inc.
Differential Revision: https://reviews.freebsd.org/D18101
arybchik [Tue, 25 Dec 2018 06:57:41 +0000 (06:57 +0000)]
MFC r340826
sfxge(4): fix ignoring function return value
fix PreFAST issue, add missing annotation that function return value
should not be ignored. Fix alignment.
Submitted by: Andy Moreton <amoreton at solarflare.com>
Sponsored by: Solarflare Communications, Inc.
Differential Revision: https://reviews.freebsd.org/D18096
arybchik [Tue, 25 Dec 2018 06:56:48 +0000 (06:56 +0000)]
MFC r340822
sfxge(4): fix check in NVRAM validate
Submitted by: Andy Moreton <amoreton at solarflare.com>
Sponsored by: Solarflare Communications, Inc.
Differential Revision: https://reviews.freebsd.org/D18092
arybchik [Tue, 25 Dec 2018 06:56:04 +0000 (06:56 +0000)]
MFC r340814
sfxge(4): fix result code in MCDI NVRAM update finish
Submitted by: Andy Moreton <amoreton at solarflare.com>
Sponsored by: Solarflare Communications, Inc.
Differential Revision: https://reviews.freebsd.org/D18084
arybchik [Tue, 25 Dec 2018 06:55:13 +0000 (06:55 +0000)]
MFC r340806
sfxge(4): fix default RSS context check on Siena
Default RSS context check is carried out during filter
insertion on Siena and it needs to be fixed
Submitted by: Mark Spender <mspender at solarflare.com>
Sponsored by: Solarflare Communications, Inc.
Differential Revision: https://reviews.freebsd.org/D18076
arybchik [Tue, 25 Dec 2018 06:54:25 +0000 (06:54 +0000)]
MFC r340805
sfxge(4): define a handle to denote default RSS context
Make the existing filter-specific define more general.
This is the same as MC_CMD_RSS_CONTEXT_ALLOC_OUT_RSS_CONTEXT_ID_INVALID.
Submitted by: Mark Spender <mspender at solarflare.com>
Sponsored by: Solarflare Communications, Inc.
Differential Revision: https://reviews.freebsd.org/D18075
arybchik [Tue, 25 Dec 2018 06:53:25 +0000 (06:53 +0000)]
MFC r340804
sfxge(4): insert filters for encapsulated packets
On Medford, with full-featured firmware running, encapsulated
packets may not be delivered unless filters are inserted for
them, as ordinary filters are not applied to encapsulated
packets. So filters for encapsulated packets need to be
inserted for each class of encapsulated packet. For simplicity,
catch-all filters are always inserted. These may match more
packets than the OS has asked for, but trying to insert more
precise filters increases complexity for little gain.
Submitted by: Mark Spender <mspender at solarflare.com>
Sponsored by: Solarflare Communications, Inc.
Differential Revision: https://reviews.freebsd.org/D18074
arybchik [Tue, 25 Dec 2018 06:52:37 +0000 (06:52 +0000)]
MFC r340803
sfxge(4): support filters for encapsulated packets
This supports filters which match all unicast or multicast
inner frames in VXLAN, GENEVE, or NVGRE packets.
(Additional fields to match on can be added easily.)
Submitted by: Mark Spender <mspender at solarflare.com>
Sponsored by: Solarflare Communications, Inc.
Differential Revision: https://reviews.freebsd.org/D18073
arybchik [Tue, 25 Dec 2018 06:51:58 +0000 (06:51 +0000)]
MFC r340802
sfxge(4): use proper MCDI command for encap filters
MC_CMD_FILTER_OP_IN_EXT is needed to set filters for encapsulated
packets.
Submitted by: Mark Spender <mspender at solarflare.com>
Sponsored by: Solarflare Communications, Inc.
Differential Revision: https://reviews.freebsd.org/D18072
arybchik [Tue, 25 Dec 2018 06:50:13 +0000 (06:50 +0000)]
MFC r340800
sfxge(4): let caller know that queue is already flushed
Tx/Rx queue may be already flushed due to Tx/Rx error on the queue or
MC reboot. Caller needs to know that the queue is already flushed to
avoid waiting for flush done event.
Submitted by: Andy Moreton <amoreton at solarflare.com>
Sponsored by: Solarflare Communications, Inc.
Differential Revision: https://reviews.freebsd.org/D18070
arybchik [Tue, 25 Dec 2018 06:49:10 +0000 (06:49 +0000)]
MFC r340796
sfxge(4): fix failure path in EF10 Tx queue PIO enable
Submitted by: Andy Moreton <amoreton at solarflare.com>
Sponsored by: Solarflare Communications, Inc.
Differential Revision: https://reviews.freebsd.org/D18066
arybchik [Tue, 25 Dec 2018 06:48:04 +0000 (06:48 +0000)]
MFC r340800
sfxge(4): let caller know that queue is already flushed
Tx/Rx queue may be already flushed due to Tx/Rx error on the queue or
MC reboot. Caller needs to know that the queue is already flushed to
avoid waiting for flush done event.
Submitted by: Andy Moreton <amoreton at solarflare.com>
Sponsored by: Solarflare Communications, Inc.
Differential Revision: https://reviews.freebsd.org/D18070
arybchik [Tue, 25 Dec 2018 06:47:20 +0000 (06:47 +0000)]
MFC r340798
sfxge(4): fix out of bounds read in VIs allocation
Submitted by: Andy Moreton <amoreton at solarflare.com>
Sponsored by: Solarflare Communications, Inc.
Differential Revision: https://reviews.freebsd.org/D18068
arybchik [Tue, 25 Dec 2018 06:46:26 +0000 (06:46 +0000)]
MFC r340797
sfxge(4): fix potential buffer overflow in Tx queue init
Improve error checking to avoid a caller overflowing the MCDI
request buffer if the requested TXQ size was excessively large.
Submitted by: Andy Moreton <amoreton at solarflare.com>
Sponsored by: Solarflare Communications, Inc.
Differential Revision: https://reviews.freebsd.org/D18067
arybchik [Tue, 25 Dec 2018 06:45:39 +0000 (06:45 +0000)]
MFC r340767
sfxge(4): limit max TXQ size on Medford to 2048
Queues with 4096 descriptors are not supported as the top bit is used
for vfifo stuffing.
Submitted by: Mark Spender <mspender at solarflare.com>
Sponsored by: Solarflare Communications, Inc.
Differential Revision: https://reviews.freebsd.org/D8948
arybchik [Tue, 25 Dec 2018 06:37:22 +0000 (06:37 +0000)]
MFC r312884
sfxge(4): fix RxQ structure layout vs usage on datapath
Recent changes in the pseudo header accessor prototypes start to
use common code RxQ handle on datapath. The handle was located
at the end of the structure with members not used on datapath.
Sponsored by: Solarflare Communications, Inc.
Differential Revision: https://reviews.freebsd.org/D9359
vmaffione [Mon, 24 Dec 2018 15:08:19 +0000 (15:08 +0000)]
MFC r342300
netmap: move buf_size validation code to its own function
This code validates the netmap buf_size against the interface MTU
and maximum descriptor size, to make sure the values are consistent.
Moving this functionality to its own function is needed because this
function is also called by Linux-specific code.
eugen [Sat, 22 Dec 2018 10:57:52 +0000 (10:57 +0000)]
MFC r342141: periodic/weekly/340.noid: do not use sysrc(8) that depends
on bsdinstall(8) and may be non-functional
for system built WITHOUT_BSDINSTALL. (*)
Also, add a check for jails sharing whole tree with host (path=/)
and do not skip it.
mm [Fri, 21 Dec 2018 23:33:05 +0000 (23:33 +0000)]
MFC r339746,339751,339794,340866,340939,342042:
Sync libarchive with vendor.
Relevant vendor changes:
PR #1013: Add missing h_base offset when performing absolute seeks in
xar decompression
PR #1023: Support extracting extattrs as non-root on non-user-writeable
files
PR #1061: Add support for extraction of RAR v5 archives
PR #1066: Fix out of bounds read on empty string filename for gnutar, pax
and v7tar
PR #1067: Fix temporary file path buffer overflow in tests
IS #1068: Correctly process and verify integer arguments passed to
bsdcpio and bsdtar
PR #1070: Don't default XAR entry atime/mtime to the current time
PR #1080: Spelling fixes
PR #1084: RAR5 reader bugfixes
PR #1091: fix use-after-free in delayed newc link processing
PR #1092: Fix a few obvious resource leaks and strcpy() misuses
IS #1096: Support extracting ACLs with in-entry comments (GNU tar)
PR #1102: RAR5 reader - fix big-endian problems
PR #1105: Fix various crash, memory corruption and infinite loop conditions
RAR5 reader: FreeBSD build platform fixes for powerpc(64), mips(64),
sparc64 and riscv64
RAR5 reader: more maybe-uninitialized size_t fixes for riscv64
FreeBSD build
dim [Thu, 20 Dec 2018 18:28:53 +0000 (18:28 +0000)]
Pull in r329671 from upstream clang trunk (by Akira Hatanaka):
[ExprConstant] Use an AST node and a version number as a key to
create an APValue and retrieve it from map Temporaries.
The version number is needed when a single AST node is visited
multiple times and is used to create APValues that are required to be
distinct from each other (for example, MaterializeTemporaryExprs in
default arguments and VarDecls in loops).
This should fix 'Assertion failed: (Result.isUninit() && "temporary
created multiple times"), function createTemporary' errors (if
assertions are enabled, otherwise the compiler internal state might go
bad), when building the graphics/rawtherapee port.
Direct commit to stable/11 and stable/12, since head already has clang
7.0.1, which includes this change.
dab [Thu, 20 Dec 2018 00:58:16 +0000 (00:58 +0000)]
MFC r341988
asmc: Add Support for Macbook Pro 8,1
PR: 217505
Submitted by: John O. Brickley <obryan.brickley@gmail.com>, updated by Maciej Pasternacki <maciej@pasternacki.net>
Reported by: John O. Brickley <obryan.brickley@gmail.com>
emaste [Wed, 19 Dec 2018 18:19:15 +0000 (18:19 +0000)]
MFC r342227: bootpd: validate hardware type
Due to insufficient validation of network-provided data it may have been
possible for a malicious actor to craft a bootp packet which could cause
a stack buffer overflow.
admbugs: 850
Reported by: Reno Robert
Reviewed by: markj
Approved by: so
Security: FreeBSD-SA-18:15.bootpd
Sponsored by: The FreeBSD Foundation
mav [Tue, 18 Dec 2018 23:22:37 +0000 (23:22 +0000)]
MFC r339909: Allow changing lagg(4) MTU.
Previously, changing the MTU would require destroying the lagg and
creating a new one. Now it is allowed to change the MTU of
the lagg interface and the MTU of the ports will be set to match.
If any port cannot set the new MTU, all ports are reverted to the original
MTU of the lagg. Additionally, when adding ports, the MTU of a port will be
automatically set to the MTU of the lagg. As always, the MTU of the lagg is
initially determined by the MTU of the first port added. If adding an
interface as a port for some reason fails, that interface is reverted to its
original MTU.
Submitted by: Ryan Moeller <ryan@freqlabs.com>
Relnotes: Yes
Sponsored by: iXsystems Inc.
brooks [Tue, 18 Dec 2018 09:16:04 +0000 (09:16 +0000)]
Partial MFC of r342125:
Fix bugs in plugable CC algorithm and siftr sysctls.
Use the sysctl_handle_int() handler to write out the old value and read
the new value into a temporary variable. Use the temporary variable
for any checks of values rather than using the CAST_PTR_INT() macro on
req->newptr. The prior usage read directly from userspace memory if the
sysctl() was called correctly. This is unsafe and doesn't work at all on
some architectures (at least i386.)
In some cases, the code could also be tricked into reading from kernel
memory and leaking limited information about the contents or crashing
the system. This was true for CDG, newreno, and siftr on all platforms
and true for i386 in all cases. The impact of this bug is largest in
VIMAGE jails which have been configured to allow writing to these
sysctls.
Per discussion with the security officer, we will not be issuing an
advisory for this issue as root access and a non-default config are
required to be impacted.
Changes to sys/netinet/cc/cc_newreno.c are not merged as the sysctl's
had not previously been merged.
Reviewed by: markj, bz
Discussed with: gordon (security officer)
Security: kernel information leak, local DoS (both require root)
Differential Revision: https://reviews.freebsd.org/D18443
ae [Mon, 17 Dec 2018 10:43:23 +0000 (10:43 +0000)]
MFC r341798:
Use correct size for IPv4 address in gethostbyaddr().
When u_long is 8 bytes, it returns EINVAL and 'ipfw -N show' doesn't work.
Reported by: Claudio Eichenberger <cei at yourshop.com>
MFC r341799:
Rework how protocol number is tracked in rule. Save it when O_PROTO
opcode will be printed. This should solve the problem, when protocol
name is not printed in `ipfw -N show`.
Reported by: Claudio Eichenberger <cei at yourshop.com>
mmel [Sat, 15 Dec 2018 06:34:13 +0000 (06:34 +0000)]
MFC r341738:
Implement R_AARCH64_TLS_DTPMOD64 and A_AARCH64_TLS_DTPREL64 relocations.
Although these are slightly obsolete in favor of R_AARCH64_TLSDESC, gcc
-mtls-dialect=trad still use them.
mmel [Fri, 14 Dec 2018 10:25:22 +0000 (10:25 +0000)]
MFC r341511,r341512,r341513:
r341511:
Fix style(9). Not a functional change.
r341512:
Implement arm64 version of __tls_get_addr().
r341513:
Tidy up arm64 reloc_jmpslots() implementation.
- don't relocate jump slots multiple times (if LD_BIND_NOW is defined).
- process only R_AARCH64_JUMP_SLOT here, other relocation types are
handled by reloc_plt().
kp [Thu, 13 Dec 2018 20:00:16 +0000 (20:00 +0000)]
pfsync: Performance improvement
pfsync code is called for every new state, state update and state
deletion in pf. While pf itself can operate on multiple states at the
same time (on different cores, assuming the states hash to a different
hashrow), pfsync only had a single lock.
This greatly reduced throughput on multicore systems.
Address this by splitting the pfsync queues into buckets, based on the
state id. This ensures that updates for a given connection always end up
in the same bucket, which allows pfsync to still collapse multiple
updates into one, while allowing multiple cores to proceed at the same
time.
The number of buckets is tunable, but defaults to 2 x number of cpus.
Benchmarking has shown improvement, depending on hardware and setup, from ~30%
to ~100%.
eugen [Thu, 13 Dec 2018 10:55:48 +0000 (10:55 +0000)]
MFC r340394: ipfw.8: Fix part of the SYNOPSIS documenting
LIST OF RULES AND PREPROCESSING that is still referred
as last section of the SYNOPSIS later but was erroneously situated
in the section IN-KERNEL NAT.
vmaffione [Thu, 13 Dec 2018 10:18:31 +0000 (10:18 +0000)]
MFC r341726
tools: netmap: pkt-gen: check packet length against interface MTU
Validate the value of the -l argument (packet length) against the MTU of the netmap port.
In case the netmap port does not refer to a physical interface (e.g. VALE port or pipe), then
the netmap buffer size is used as MTU.
This change also sets a better default value for the -M option, so that pkt-gen uses
the largest possible fragments in case of multi-slot packets.
Changelist:
- Replace netmap passthrough host support with a more general
mechanism to call TXSYNC/RXSYNC from an in-kernel event-loop.
No kernel threads are used to use this feature: the application
is required to spawn a thread (or a process) and issue a
SYNC_KLOOP_START (NIOCCTRL) command in the thread body. The
kernel loop is executed by the ioctl implementation, which returns
to userspace only when a different thread calls SYNC_KLOOP_STOP
or the netmap file descriptor is closed.
- Update the if_ptnet driver to cope with the new data structures,
and prune all the obsolete ptnetmap code.
- Add support for "null" netmap ports, useful to allocate netmap_if,
netmap_ring and netmap buffers to be used by specialized applications
(e.g. hypervisors). TXSYNC/RXSYNC on these ports have no effect.
- Various fixes and code refactoring.
Sponsored by: Sunny Valley Networks
Differential Revision: https://reviews.freebsd.org/D18015
gjb [Wed, 12 Dec 2018 18:18:34 +0000 (18:18 +0000)]
MFC r339873:
Set OPTIONS_UNSET in the argument list to env(1), and add
AVAHI to the list. This fixes the textproc/docproj build
seemingly following FLAVORS being added.
Specifically, the problem with the dependency chain here is:
- textproc/docproj depends on print/cups, which sets AVAHI=on
by default;
- net/avahi-app depends on devel/gobject-introspection, which
requires python3+;
- graphics/netpbm depends on graphics/mesa-libs, which can
only be built with python2.7;
- textproc/docproj depends on a number of graphics ports for
font rendering, etc.