On D40102 we implemented support for transport over IPv6 but the
documentation was not updated to reflect the new feature.
Clarify what is available and how it can be used.
MFC after: 1 week
Sponsored by: InnoGames GmbH
Differential Revision: https://reviews.freebsd.org/D42505
Allow SCTP state timeouts to be configured independently from TCP state
timeouts.
Reviewed by: tuexen
MFC after: 1 week
Sponsored by: Orange Business Services
Differential Revision: https://reviews.freebsd.org/D42393
We know that calling devmatch will be futile if there's no plug and play
information for it to match on. Avoid this generically when we see
"? at +on"
which happens only when the location and pnpinfo aren't provided. Don't
call "service devmatch quietstart" here.
We also ignore ACPI devices with a _HID of none. These also will never
load a new driver, so avoid calling "service devmatch quietstart" here too.
Use the more compatct "$*" instead of "'?'$_" when calling "service
devmatch quietstart" since it will evaluate to the same thing.
On my laptop, this eliminates 45% of the calls to devmatch. While it
would be even better to integrate devmatch into devd (so we only parse
linker.hints once), that will have to wait for another day as it's a bit
more complex to arrange that avoiding easy to avoid calls.
Sponsored by: Netflix
Reviewed by: emaste
Differential Revision: https://reviews.freebsd.org/D42326
These examples are wrong, and with devmatch, nobody would ever see them
(since it's a higher priority).
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D42325
We compile correctly on all platforms with clang and WARNS=6. We build
on amd64 with gcc12 and WARNS.6. Restore WARNS=6. This reverts
3741a56c31, since that's no longer relevant.
Sponsored by: Netflix
When fsck_ffs(8) runs in background, it creates a snapshot named
fsck_snapshot in the filesystem's .snap directory. The fsck_snapshot
file was removed when the background fsck finished. If the system
crashed or the fsck exited unexpectedly, the fsck_snapshot file
would remain. The snapshot would consume ever more space as the
filesystem changed over time until it was removed by a system
administrator or a future run of background fsck removed it to
create a new snapshot file.
This commit unlinks the .snap/fsck_snapshot file immediately after
opening it so that it will be reclaimed when fsck closes it at the
conclusion of its run. After a system crash, it will be removed as
part of the filesystem cleanup because of its zero reference count.
As only a few milliseconds pass between its creation and unlinking,
there is far less opportunity for it to be accidentally left behind.
PR: 106107
MFC-after: 1 week
This file does not exist, remove it from the list of files to avoid
confusion. The example file is just /etc/devfs.conf.
Reviewed by: mhorne
Pull Request: https://github.com/freebsd/freebsd-src/pull/871
If a connection is NAT-ed we could previously only terminate it by its
ID or the post-NAT IP address. Allow users to specify they want look for
the state by its pre-NAT address. Usage: `pfctl -k nat -k <address>`.
See also: https://redmine.pfsense.org/issues/11556
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D42312
Allow users(pace) to specify a protocol, interface, address family and/
or address and mask, allowing the state listing to be pre-filtered in
the kernel.
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D42280
If a request ends up growing beyong the initially allocated space the
netlink functions (such as snl_add_msg_attr_u32()) will allocate a
new buffer. This invalidates the header pointer we can have received
from snl_create_msg_request(). Always use the hdr returned by
snl_finalize_msg().
Reviewed by: melifaro
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D42223
Since fd7edfcdc3 ("bridge: fix lookup for untagged packets in
bridge_transmit()") and b0e38a1373 ("bridge: distinguish no vlan and
vlan 1") we do a better job of distinguishing between untagged and VLAN
1 traffic.
However, ifconfig still defaulted to adding addresses for VLAN 1, rather
than for untagged traffic. Change this to be the most common (i.e.
untagged) option.
Reviewed by: zlei, philip
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D42188
Implement equivalents to DIOCSTART and DIOCSTOP in netlink. Provide a
libpfctl implementation and add a basic test case, mostly to verify that
we still return the same errors as before the conversion
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D42145
Traditionally, ping returned exit code EX_NOHOST if a DNS lookup failed.
That is still the case for the legacy code in the new merged ping, but
not for IPv6 targets, nor when a DNS lookup is performed in order to
determine which version of the tool to invoke.
While here, also make sure that the error message is consistent.
Sponsored by: NetApp, Inc.
Sponsored by: Klara, Inc.
Reviewed by: kevans
Differential Revision: https://reviews.freebsd.org/D42159
atf_python may use vnet jails for creating an isolated test environment.
Mark these tests that require root user privileges.
Reviewed by: markj
MFC after: 1 week
Pull Request: https://github.com/freebsd/freebsd-src/pull/863
Very early on, the Src/Dst IP addresses were printed in hex notation
(%08x), which will always be 8-characters wide. It was later changed to
use a dot-decimal notation. Depending on the IP address length, the Src
and Dst headers may require a different padding. Use the source and
destination IP lengths as padding for the headers.
Also, print an Opts (options) header, if there are options present. It
has been abbreviated to Opts to match the length of the previous Data
header, removed in ef9e6dc7ee.
Print the header info such that no trailing spaces are produced. As
some git workflows may automatically trim them, and make the tests fail
(see 25b86f8559).
Before
Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
4 f 00 007c 0001 0 0000 40 01 d868 192.0.2.1 192.0.2.2␣
After
Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
4 f 00 007c 0001 0 0000 40 01 d868 192.0.2.1 192.0.2.2
And with options:
Before
Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
4 f 00 007c 0001 0 0000 40 01 d868 192.0.2.1 192.0.2.2 01...
After
Vr HL TOS Len ID Flg off TTL Pro cks Src Dst Opts
4 f 00 007c 0001 0 0000 40 01 d868 192.0.2.1 192.0.2.2 01...
Reviewed by: markj
MFC after: 1 week
Pull Request: https://github.com/freebsd/freebsd-src/pull/863
Differential Revision: https://reviews.freebsd.org/D39561
When an echo reply packet is received, the data is compared with the
sent data. When a wrong byte is detected the command displays a report
with the differences.
The first row (the first 8-bytes of data after the ICMP header) should
include the time stamp (if data is at least 8-bytes), this value is not
taken into consideration for the comparison. The remaining rows
represent the data (padded pattern) received/sent, with each byte being
compared for differences.
Print the space before (not after), to add an extra space after cp:/dp:
for better readability when the first time stamp octet is not
zero-padded, and to remove trailing spaces in the output.
Before:
cp:99 0 0 c 1 5 c 0␣
ab cd ab cd ab cd ab cd ab cd ab cd ab cd ab cd␣
...
After:
cp: 99 0 0 c 1 5 c 0
ab cd ab cd ab cd ab cd ab cd ab cd ab cd ab cd
...
Reviewed by: markj
MFC after: 1 week
Pull Request: https://github.com/freebsd/freebsd-src/pull/863
Differential Revision: https://reviews.freebsd.org/D39492
This is a first step towards a unification/simplification of ping/ping6
(internally). The end goal is to produce a standardized user-facing
output.
Before (ping6):
PING6(56=40+8+8 bytes) 2001:db8::1 --> 2001:db8::2
16 bytes from ::1, icmp_seq=0 hlim=64 time=0.168 ms
16 bytes from ::1, icmp_seq=1 hlim=64 time=0.068 ms
--- 2001:db8::2 ping6 statistics ---
round-trip min/avg/max/std-dev = 0.068/0.118/0.168/0.050 ms
After (ping6):
PING(56=40+8+8 bytes) 2001:db8::1 --> 2001:db8::2
16 bytes from ::1, icmp_seq=0 hlim=64 time=0.168 ms
16 bytes from ::1, icmp_seq=1 hlim=64 time=0.068 ms
--- 2001:db8::2 ping statistics ---
round-trip min/avg/max/stddev = 0.068/0.118/0.168/0.050 ms
This has the nice side-effect of adding units to SIGINFO's statistics,
as printing numbers without units may not be of much help. Also
mentions the fact that these times are round-trip.
Before (ping/ping6 SIGINFO):
2/2 packets received (100.0%) 0.068 min / 0.118 avg / 0.168 max
After (ping/ping6 SIGINFO):
--- <ipv4/ipv6 address> ping statistics ---
2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.068/0.118/0.168/0.050 ms
In the case of a SIGINFO, the output will be printed to stderr, for both
ping and ping6.
Reviewed by: markj
MFC after: 1 week
Pull Request: https://github.com/freebsd/freebsd-src/pull/863
Differential Revision: https://reviews.freebsd.org/D39126
Commit 46d7b45a26 introduced these code
paths. Test and document them.
- Add inner packet too short test
- Add inner IHL too short test
- Add quoted data too short test
- Add IHL too short test
- Add max inner packet IHL without payload test
Reviewed by: markj
MFC after: 1 week
Pull Request: https://github.com/freebsd/freebsd-src/pull/863
Differential Revision: https://reviews.freebsd.org/D38528
Avoid calculating the square root of negative zero, which can easily
happen on certain architectures when calculating the population standard
deviation with a sample size of one, e.g., 0.01 - (0.1 * 0.1) =
-0.000000.
Avoid returning a NaN by capping the minimum possible variance value to
zero (positive).
In the future, maybe skip reporting statistics at all for a single
sample.
Reported by: Jenkins
Reviewed by: asomers
MFC after: 1 week
Pull Request: https://github.com/freebsd/freebsd-src/pull/863
Differential Revision: https://reviews.freebsd.org/D42114
* Interrupt the option loop as soon as we have an indication of which
protocol is intended.
* If we end up having to perform a DNS lookup, loop over the entire
result looking for either IPv4 or IPv6 addresses.
Sponsored by: NetApp, Inc.
Sponsored by: Klara, Inc.
Reviewed by: rscheff, kevans, allanjude
Differential Revision: https://reviews.freebsd.org/D42137
Allow userspace to retrieve a list of distinct creator ids for the
current states.
This is used by pfSense, and used to require dumping all states to
userspace. It's rather inefficient to export a (potentially extremely
large) state table to obtain a handful (typically 2) of 32-bit integers.
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D42092
Allow consumers to start processing states as the kernel supplies them,
rather than having to build a full list and only then start processing.
Especially for very large state tables this can significantly reduce
memory use.
Without this change when retrieving 1M states time -l reports:
real 3.55
user 1.95
sys 1.05
318832 maximum resident set size
194 average shared memory size
15 average unshared data size
127 average unshared stack size
79041 page reclaims
0 page faults
0 swaps
0 block input operations
0 block output operations
15096 messages sent
250001 messages received
0 signals received
22 voluntary context switches
34 involuntary context switches
With it it reported:
real 3.32
user 1.88
sys 0.86
3220 maximum resident set size
195 average shared memory size
11 average unshared data size
128 average unshared stack size
260 page reclaims
0 page faults
0 swaps
0 block input operations
0 block output operations
15096 messages sent
250001 messages received
0 signals received
21 voluntary context switches
31 involuntary context switches
Reviewed by: mjg
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D42091
Previously when printing the sysctl description (via the -d flag) we
omitted the newline if the node provided no description (i.e., NULL).
This could be observed via e.g. `sysctl -d dev`.
PR: 44034
Reviewed by: zlei
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D42112
In mount_nfs.c the -t option is deprecated and advises to use
timeout=<N> instead. However, since that refers to NFS over UDP, which
is not used nowadays, mark this option as deprecated in the man page.
PR: 260611
Suggested by: rmacklem
A PF rule using an IPv4 address followed by an IPv6 address and then a
dynamic address, e.g. "pass from {192.0.2.1 2001:db8::1} to (pppoe0)",
will have an incorrect /32 mask applied to the dynamic address.
MFC after: 3 weeks
Obtained from: OpenBSD
See also: https://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/007_pfctl.patch.sig
Sponsored by: Rubicon Communications, LLC ("Netgate")
Event: Oslo Hackathon at Modirum
We have overused err(1), so it's hard to distinguish when an error is
very, very serious, and when it's just a user-error, or even harmless.
This patch changes the current behaviour to distinguish between the
following three:
1 for usage errors
2 for recoverable errors
3 or higher for unrecoverable errors
Reviewed by: jilles, pauamma_gundo.com, des
Differential Revision: https://reviews.freebsd.org/D27161
The EXAMPLES mis-comments caused an obnoxious amount of blank space
above SEE ALSO when rendered by mandoc to a terminal. The missing
termination of .Xo meant the description of -h ran together with the
subcommand synopsis. The other changes were generally ignored tags due
to context that simply don't need to be there.
Provoked by: grahamperrin
Move the descriptions of loader tunables from section 'SYSCTL VARIABLES'
to section 'LOADER TUNABLES'.
See also 49197c391b (ipfw: Add sysctl flag CTLFLAG_TUN to loader tunables).
MFC after: 2 days
Differential Revision: https://reviews.freebsd.org/D41981
Fix route(8) incorrectly returning a zero exit code even when unable to
find the specified route with route -n get <route>.
Reviewed by: kp
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D41882
The rtnetlink(4) RTM_GETADDR does not list link level addresses, thus
the correct match for interfaces that have a link level address should
be based on what was returned by RTM_GETLINK.
Reviewed by: melifaro
Differential Revision: https://reviews.freebsd.org/D41586
When matching interfaces for being Ethernet, use same trick that
the link module does - pass if_type through convert_iftype().
That restores historicaly behaviour of listing lagg(4) ports.
Reviewed by: melifaro
Differential Revision: https://reviews.freebsd.org/D41585
This affects only ifconfig(8) compiled WITHOUT_NETLINK_SUPPORT, which
is not the default.
Reviewed by: melifaro
Differential Revision: https://reviews.freebsd.org/D41584
Fixes: d1cd0344f7