Extend pflow(4) to send NAT44 Session Create and Delete events.
This applies only to IPFIX (i.e. proto version 10), and requires no
user configuration.
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D43114
Only generate ipfix/netflow reports (through pflow) for the rules where
this is enabled. Reports can also be enabled globally through 'set
state-default pflow'.
Obtained from: OpenBSD
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D43108
pflow is a pseudo device to export flow accounting data over UDP.
It's compatible with netflow version 5 and IPFIX (10).
The data is extracted from the pf state table. States are exported once
they are removed.
Reviewed by: melifaro
Obtained from: OpenBSD
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D43106
The quota options are pseudo options and not passed to the mount system
call when a filesystem is mounted. They are not part of the info
returned from getmntinfo(3), so can't be printed. Add a note to this
effect.
Route destinations like 10/8 are most likely intended as a shorthand
for 10.0.0.0/8, but instead it means 0.0.0.10/8, which includes
only bits in the host part of the mask, and hence adds a route to
0.0.0.0/8. In 12.x, there was code to "do what I mean", which was
removed as part of a cleanup of old network class remnants. Given
that we have gone this long without that code, do not restore that
behavior. Instead, detect the issue and produce an error.
Specifically, if there are no dots in a numeric IPv4 address, the
mask is specified with CIDR notation (using a slash), and there are
bits set in the host part, produce an error like this for 10/8:
route: malformed address, bits set after mask; 10 means 0.0.0.10
PR: 258874
MFC after: 1 week
Reviewed by: melifaro, emaste
Differential Revision: https://reviews.freebsd.org/D43384
Consumers of libpfctl can (and in future, should) open a handle. This
handle is an opaque object which contains the /dev/pf file descriptor
and a netlink handle. This means that libpfctl users can open the handle
as root, then drop privileges and still access pf.
Already add the handle to pfctl_startstop() and pfctl_get_creatorids()
as these are new in main, and not present on stable branches. Other
calls will have handle-enabled alternatives implemented in subsequent
commits.
Sponsored by: Rubicon Communications, LLC ("Netgate")
Thanks to Toshiba for providing the SCSI spec for their latest
generation drives so I could confirm how they operate.
The firmware download works in a pretty standard way, so this
is a straightforward table addition.
sbin/camcontrol/camcontrol.8:
Document that Toshiba drives are supported for fwdownload,
and that it was tested on TOSHIBA MG10SFA22TE 22TB drives.
sbin/camcontrol/fwdownload.c:
Add TOSHIBA to the known SCSI vendors list for fwdownload.
Sponsored by: Spectra Logic
MFC after: 3 days
As the name suggests, this sends a SCSI REQUEST SENSE to a device,
and prints out decoded sense information. It can also print out a
hexdump of the sense data.
sbin/camcontrol/camcontrol.c:
Add the new sense subcommand.
sbin/camcontrol/camcontrol.8:
Document camcontrol sense.
Sponsored by: Spectra Logic
Reviewed by: mav
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D43225
On line 354, "go up from" is mistyped as "go up form".
Event: Advanced UNIX Programming Course (Fall’23) at NTHU.
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/951
On line 748, "bigger than" is mistyped as "bigger then", and on line
765, "more than" is mistyped as "more then".
Event: Advanced UNIX Programming Course (Fall’23) at NTHU.
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/949
Replace ieee80211_ie_vhtcap with ieee80211_vht_cap and
ieee80211_ie_vht_operation with ieee80211_vht_operation.
The "ie" version has the two bytes type/length at the beginning which
we did not actually use as such (the one place doing did just as unused
extra work).
Using the non-"ie" versions allows us to re-use them on shared code.
Using an enum helps us to not accidentally get unsuppored or unhandled
values tough we cannot use it in the struct as we need to ensure the
field width.
ieee80211_vht_operation is guarded by _KERNEL/WANT_NET80211. While the
header is supposed to be exported to user land historically, software
such as wpa bring their own structure definitions. For in-tree usage
it is only ifconfig which really cares (at least for now).
Sponsored by: The FreeBSD Foundation
MFC after: 3 days
Reviewed by: adrian (earlier), cc
Differential Revision: https://reviews.freebsd.org/D42901
Have a simple Gilbert-Elliott channel model in
dummynet to mimick correlated loss behavior of
realistic environments. This allows simpler testing
of burst-loss environments.
Reviewed By: tuexen, kp, pauamma_gundo.com, #manpages
Sponsored by: NetApp, Inc.
Differential Revision: https://reviews.freebsd.org/D42980
As a followup to D41330 and D41436, this patch introduces two new tests
for sbin/route: interface_route_v[46].
These tests fail without D41330.
Reviewed by: kp
Approved by: kp (mentor)
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")
Add -D option to add the drivername and unit number to ifconfig output
for normal display, including -a. Use ifconfig_get_orig_name() from
libifconfig to fetch the name. Note that this is the original name
for many drivers, but not for some exceptions like epair (which appends
'a' or 'b' to the unit number). epair interface pairs both display
as "epair0", etc. Make -v imply -D; might as well be fully verbose.
MFC after: 1 week
Reviewed by: zlei, kp
Differential Revision: https://reviews.freebsd.org/D42721
We recently noticed that the recursive printing of labels wasn't working
like the recursive printing of rules.
When running pfctl -sr -a* we get a listing of all rules, including the
ones inside anchors. On the other hand, when running pfctl -sl -a*, it
would only print the labels in the root level, just like without the
-a* argument.
As in our use-case we are interested on labels only and our labels are
unique even between anchors, we didn't add indentation or hierarchy to
the printing.
Sponsored by: InnoGames GmbH
Differential Revision: https://reviews.freebsd.org/D42728
Apply the following automated changes to try to eliminate
no-longer-needed sys/cdefs.h includes as well as now-empty
blank lines in a row.
Remove /^#if.*\n#endif.*\n#include\s+<sys/cdefs.h>.*\n/
Remove /\n+#include\s+<sys/cdefs.h>.*\n+#if.*\n#endif.*\n+/
Remove /\n+#if.*\n#endif.*\n+/
Remove /^#if.*\n#endif.*\n/
Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/types.h>/
Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/param.h>/
Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/capsicum.h>/
Sponsored by: Netflix
We've ifdef'd out the copyright strings for some time now. Go ahead and
remove the ifdefs. Plus whatever other detritis was left over from other
recent removals. These copyright strings are present in the comments and
are largely from CSRG's attempt at adding their copyright to every
binary file (which modern interpretations of the license doesn't
require).
Sponsored by: Netflix
For the uncommon items: Go through the tree and remove sccs tags that
didn't fit any nice pattern. If in the neighborhood, other SCM tags were
removed when they were detritis of long-ago CVS somehow in the early
mists of the project. Some adjacent copyrights stringswere removed (they
duplicated the copyright notices in the file). This also removed
non-standard formations of omission of SCCS tags (usually by adding an
extra #if 0 somewhere.
After this commit, a number of strings tagged with the 'what' @(#)
prefix remain, but they are primarily copyright notices.
Sponsored by: Netflix
Remove ancient SCCS tags from the tree, automated scripting, with two
minor fixup to keep things compiling. All the common forms in the tree
were removed with a perl script.
Sponsored by: Netflix
If a user don't have FreeBSD-autofs installed there is no need to try calling
automount on every GEOM event.
It's also easier to add/delete autofs related event in a separate file.
Sponsored by: Beckhoff Automation GmbH & Co. KG
Differential Revision: https://reviews.freebsd.org/D42495
Reviewed by: imp
Various disk controllers require their buffers to be aligned to a
cache-line size (128 bytes). For buffers allocated in structures,
ensure that they are 128-byte aligned. Use aligned_malloc to allocate
memory to ensure that the returned memory is 128-byte aligned.
While we are here, we replace the dynamically allocated inode buffer
with a buffer allocated in the uufsd structure just as the superblock
and cylinder group buffers do.
This can be removed if/when the kernel is fixed. Because this problem
has existed on one I/O subsystem or another since the 1990's, we
are probably stuck with dealing with it forever.
The problem most recent showed up in Azure, see:
https://reviews.freebsd.org/D41728https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=267654
Before these fixes were applied, it was confirmed that the changes
in this commit also fixed the issue in Azure.
Reviewed-by: Warner Losh, kib
Tested-by: Souradeep Chakrabarti of Microsoft (earlier version)
PR: 267654
Differential Revision: https://reviews.freebsd.org/D41724
On D40102 we implemented support for transport over IPv6 but the
documentation was not updated to reflect the new feature.
Clarify what is available and how it can be used.
MFC after: 1 week
Sponsored by: InnoGames GmbH
Differential Revision: https://reviews.freebsd.org/D42505
Allow SCTP state timeouts to be configured independently from TCP state
timeouts.
Reviewed by: tuexen
MFC after: 1 week
Sponsored by: Orange Business Services
Differential Revision: https://reviews.freebsd.org/D42393
We know that calling devmatch will be futile if there's no plug and play
information for it to match on. Avoid this generically when we see
"? at +on"
which happens only when the location and pnpinfo aren't provided. Don't
call "service devmatch quietstart" here.
We also ignore ACPI devices with a _HID of none. These also will never
load a new driver, so avoid calling "service devmatch quietstart" here too.
Use the more compatct "$*" instead of "'?'$_" when calling "service
devmatch quietstart" since it will evaluate to the same thing.
On my laptop, this eliminates 45% of the calls to devmatch. While it
would be even better to integrate devmatch into devd (so we only parse
linker.hints once), that will have to wait for another day as it's a bit
more complex to arrange that avoiding easy to avoid calls.
Sponsored by: Netflix
Reviewed by: emaste
Differential Revision: https://reviews.freebsd.org/D42326
These examples are wrong, and with devmatch, nobody would ever see them
(since it's a higher priority).
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D42325
We compile correctly on all platforms with clang and WARNS=6. We build
on amd64 with gcc12 and WARNS.6. Restore WARNS=6. This reverts
3741a56c31, since that's no longer relevant.
Sponsored by: Netflix
When fsck_ffs(8) runs in background, it creates a snapshot named
fsck_snapshot in the filesystem's .snap directory. The fsck_snapshot
file was removed when the background fsck finished. If the system
crashed or the fsck exited unexpectedly, the fsck_snapshot file
would remain. The snapshot would consume ever more space as the
filesystem changed over time until it was removed by a system
administrator or a future run of background fsck removed it to
create a new snapshot file.
This commit unlinks the .snap/fsck_snapshot file immediately after
opening it so that it will be reclaimed when fsck closes it at the
conclusion of its run. After a system crash, it will be removed as
part of the filesystem cleanup because of its zero reference count.
As only a few milliseconds pass between its creation and unlinking,
there is far less opportunity for it to be accidentally left behind.
PR: 106107
MFC-after: 1 week
This file does not exist, remove it from the list of files to avoid
confusion. The example file is just /etc/devfs.conf.
Reviewed by: mhorne
Pull Request: https://github.com/freebsd/freebsd-src/pull/871
If a connection is NAT-ed we could previously only terminate it by its
ID or the post-NAT IP address. Allow users to specify they want look for
the state by its pre-NAT address. Usage: `pfctl -k nat -k <address>`.
See also: https://redmine.pfsense.org/issues/11556
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D42312
Allow users(pace) to specify a protocol, interface, address family and/
or address and mask, allowing the state listing to be pre-filtered in
the kernel.
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D42280
