svn commit: r345256 - stable/12/sys/netpfil/ipfw/nat64
Author: ae Date: Mon Mar 18 09:21:30 2019 New Revision: 345256 URL: https://svnweb.freebsd.org/changeset/base/345256 Log: MFC r345003: Add NULL pointer check to nat64_output(). It is possible that a processed packet was originated by local host, in this case m->m_pkthdr.rcvif is NULL. Check and set it to V_loif to avoid NULL pointer dereference in IP input code, since it is expected that packet has valid receiving interface when netisr processes it. Obtained from: Yandex LLC Sponsored by: Yandex LLC Modified: stable/12/sys/netpfil/ipfw/nat64/nat64_translate.c Directory Properties: stable/12/ (props changed) Modified: stable/12/sys/netpfil/ipfw/nat64/nat64_translate.c == --- stable/12/sys/netpfil/ipfw/nat64/nat64_translate.c Mon Mar 18 05:03:55 2019(r345255) +++ stable/12/sys/netpfil/ipfw/nat64/nat64_translate.c Mon Mar 18 09:21:30 2019(r345256) @@ -219,6 +219,8 @@ nat64_output(struct ifnet *ifp, struct mbuf *m, struct } if (logdata != NULL) nat64_log(logdata, m, af); + if (m->m_pkthdr.rcvif == NULL) + m->m_pkthdr.rcvif = V_loif; ret = netisr_queue(ret, m); if (ret != 0) NAT64STAT_INC(stats, oerrors); ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r345257 - stable/11/sys/netpfil/ipfw/nat64
Author: ae Date: Mon Mar 18 09:23:15 2019 New Revision: 345257 URL: https://svnweb.freebsd.org/changeset/base/345257 Log: MFC r345003: Add NULL pointer check to nat64_output(). It is possible that a processed packet was originated by local host, in this case m->m_pkthdr.rcvif is NULL. Check and set it to V_loif to avoid NULL pointer dereference in IP input code, since it is expected that packet has valid receiving interface when netisr processes it. Obtained from:Yandex LLC Sponsored by: Yandex LLC Modified: stable/11/sys/netpfil/ipfw/nat64/nat64_translate.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/netpfil/ipfw/nat64/nat64_translate.c == --- stable/11/sys/netpfil/ipfw/nat64/nat64_translate.c Mon Mar 18 09:21:30 2019(r345256) +++ stable/11/sys/netpfil/ipfw/nat64/nat64_translate.c Mon Mar 18 09:23:15 2019(r345257) @@ -179,6 +179,8 @@ nat64_output(struct ifnet *ifp, struct mbuf *m, struct } if (logdata != NULL) nat64_log(logdata, m, af); + if (m->m_pkthdr.rcvif == NULL) + m->m_pkthdr.rcvif = V_loif; ret = netisr_queue(ret, m); if (ret != 0) NAT64STAT_INC(stats, oerrors); ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r345258 - stable/12/sys/netpfil/ipfw
Author: ae
Date: Mon Mar 18 09:28:53 2019
New Revision: 345258
URL: https://svnweb.freebsd.org/changeset/base/345258
Log:
MFC r345004 (with modification):
Add IP_FW_NAT64 to codes that ipfw_chk() can return.
It will be used by upcoming NAT64 changes. We use separate code
to avoid propagating EACCES error code to user level applications
when NAT64 consumes a packet.
Obtained from: Yandex LLC
Sponsored by: Yandex LLC
Modified:
stable/12/sys/netpfil/ipfw/ip_fw_pfil.c
stable/12/sys/netpfil/ipfw/ip_fw_private.h
Directory Properties:
stable/12/ (props changed)
Modified: stable/12/sys/netpfil/ipfw/ip_fw_pfil.c
==
--- stable/12/sys/netpfil/ipfw/ip_fw_pfil.c Mon Mar 18 09:23:15 2019
(r345257)
+++ stable/12/sys/netpfil/ipfw/ip_fw_pfil.c Mon Mar 18 09:28:53 2019
(r345258)
@@ -313,6 +313,10 @@ again:
case IP_FW_REASS:
goto again; /* continue with packet */
+ case IP_FW_NAT64:
+ ret = 0;
+ break;
+
default:
KASSERT(0, ("%s: unknown retval", __func__));
}
Modified: stable/12/sys/netpfil/ipfw/ip_fw_private.h
==
--- stable/12/sys/netpfil/ipfw/ip_fw_private.h Mon Mar 18 09:23:15 2019
(r345257)
+++ stable/12/sys/netpfil/ipfw/ip_fw_private.h Mon Mar 18 09:28:53 2019
(r345258)
@@ -61,6 +61,7 @@ enum {
IP_FW_NGTEE,
IP_FW_NAT,
IP_FW_REASS,
+ IP_FW_NAT64,
};
/*
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r345259 - stable/11/sys/netpfil/ipfw
Author: ae
Date: Mon Mar 18 09:31:23 2019
New Revision: 345259
URL: https://svnweb.freebsd.org/changeset/base/345259
Log:
MFC r345004 (with modification):
Add IP_FW_NAT64 to codes that ipfw_chk() can return.
It will be used by upcoming NAT64 changes. We use separate code
to avoid propogating EACCES error code to user level applications
when NAT64 consumes a packet.
Obtained from: Yandex LLC
Sponsored by: Yandex LLC
Modified:
stable/11/sys/netpfil/ipfw/ip_fw_pfil.c
stable/11/sys/netpfil/ipfw/ip_fw_private.h
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/sys/netpfil/ipfw/ip_fw_pfil.c
==
--- stable/11/sys/netpfil/ipfw/ip_fw_pfil.c Mon Mar 18 09:28:53 2019
(r345258)
+++ stable/11/sys/netpfil/ipfw/ip_fw_pfil.c Mon Mar 18 09:31:23 2019
(r345259)
@@ -288,6 +288,10 @@ again:
case IP_FW_REASS:
goto again; /* continue with packet */
+ case IP_FW_NAT64:
+ ret = 0;
+ break;
+
default:
KASSERT(0, ("%s: unknown retval", __func__));
}
Modified: stable/11/sys/netpfil/ipfw/ip_fw_private.h
==
--- stable/11/sys/netpfil/ipfw/ip_fw_private.h Mon Mar 18 09:28:53 2019
(r345258)
+++ stable/11/sys/netpfil/ipfw/ip_fw_private.h Mon Mar 18 09:31:23 2019
(r345259)
@@ -59,6 +59,7 @@ enum {
IP_FW_NGTEE,
IP_FW_NAT,
IP_FW_REASS,
+ IP_FW_NAT64,
};
/*
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r345260 - stable/12/sys/x86/include
Author: kib Date: Mon Mar 18 10:25:36 2019 New Revision: 345260 URL: https://svnweb.freebsd.org/changeset/base/345260 Log: MFC r345189: Add symbolic name for TSC_AUX MSR address. Modified: stable/12/sys/x86/include/specialreg.h Directory Properties: stable/12/ (props changed) Modified: stable/12/sys/x86/include/specialreg.h == --- stable/12/sys/x86/include/specialreg.h Mon Mar 18 09:31:23 2019 (r345259) +++ stable/12/sys/x86/include/specialreg.h Mon Mar 18 10:25:36 2019 (r345260) @@ -997,6 +997,7 @@ #defineMSR_FSBASE 0xc100 /* base address of the %fs "segment" */ #defineMSR_GSBASE 0xc101 /* base address of the %gs "segment" */ #defineMSR_KGSBASE 0xc102 /* base address of the kernel %gs */ +#defineMSR_TSC_AUX 0xc103 #defineMSR_PERFEVSEL0 0xc001 #defineMSR_PERFEVSEL1 0xc0010001 #defineMSR_PERFEVSEL2 0xc0010002 ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r345261 - stable/11/sys/x86/include
Author: kib Date: Mon Mar 18 10:28:40 2019 New Revision: 345261 URL: https://svnweb.freebsd.org/changeset/base/345261 Log: MFC r345189: Add symbolic name for TSC_AUX MSR address. Modified: stable/11/sys/x86/include/specialreg.h Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/x86/include/specialreg.h == --- stable/11/sys/x86/include/specialreg.h Mon Mar 18 10:25:36 2019 (r345260) +++ stable/11/sys/x86/include/specialreg.h Mon Mar 18 10:28:40 2019 (r345261) @@ -876,6 +876,7 @@ #defineMSR_FSBASE 0xc100 /* base address of the %fs "segment" */ #defineMSR_GSBASE 0xc101 /* base address of the %gs "segment" */ #defineMSR_KGSBASE 0xc102 /* base address of the kernel %gs */ +#defineMSR_TSC_AUX 0xc103 #defineMSR_PERFEVSEL0 0xc001 #defineMSR_PERFEVSEL1 0xc0010001 #defineMSR_PERFEVSEL2 0xc0010002 ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r345262 - in head: sbin/ipfw sys/netinet6 sys/netpfil/ipfw sys/netpfil/ipfw/nat64
Author: ae
Date: Mon Mar 18 10:39:14 2019
New Revision: 345262
URL: https://svnweb.freebsd.org/changeset/base/345262
Log:
Modify struct nat64_config.
Add second IPv6 prefix to generic config structure and rename another
fields to conform to RFC6877. Now it contains two prefixes and length:
PLAT is provider-side translator that translates N:1 global IPv6 addresses
to global IPv4 addresses. CLAT is customer-side translator (XLAT) that
algorithmically translates 1:1 IPv4 addresses to global IPv6 addresses.
Use PLAT prefix in stateless (nat64stl) and stateful (nat64lsn)
translators.
Modify nat64_extract_ip4() and nat64_embed_ip4() functions to accept
prefix length and use plat_plen to specify prefix length.
Retire net.inet.ip.fw.nat64_allow_private sysctl variable.
Add NAT64_ALLOW_PRIVATE flag and use "allow_private" config option to
configure this ability separately for each NAT64 instance.
Obtained from:Yandex LLC
MFC after:1 month
Sponsored by: Yandex LLC
Modified:
head/sbin/ipfw/ipfw.8
head/sbin/ipfw/ipfw2.h
head/sbin/ipfw/nat64lsn.c
head/sbin/ipfw/nat64stl.c
head/sys/netinet6/ip_fw_nat64.h
head/sys/netpfil/ipfw/ip_fw_pfil.c
head/sys/netpfil/ipfw/nat64/ip_fw_nat64.c
head/sys/netpfil/ipfw/nat64/ip_fw_nat64.h
head/sys/netpfil/ipfw/nat64/nat64_translate.c
head/sys/netpfil/ipfw/nat64/nat64_translate.h
head/sys/netpfil/ipfw/nat64/nat64lsn.c
head/sys/netpfil/ipfw/nat64/nat64lsn.h
head/sys/netpfil/ipfw/nat64/nat64lsn_control.c
head/sys/netpfil/ipfw/nat64/nat64stl.c
head/sys/netpfil/ipfw/nat64/nat64stl.h
head/sys/netpfil/ipfw/nat64/nat64stl_control.c
Modified: head/sbin/ipfw/ipfw.8
==
--- head/sbin/ipfw/ipfw.8 Mon Mar 18 10:28:40 2019(r345261)
+++ head/sbin/ipfw/ipfw.8 Mon Mar 18 10:39:14 2019(r345262)
@@ -1,7 +1,7 @@
.\"
.\" $FreeBSD$
.\"
-.Dd March 1, 2019
+.Dd March 18, 2019
.Dt IPFW 8
.Os
.Sh NAME
@@ -3413,6 +3413,14 @@ With
you are able to see each handled packet before and after translation.
.It Cm -log
Turn off logging of all handled packets via BPF.
+.It Cm allow_private
+Turn on processing private IPv4 addresses. By default IPv6 packets with
+destinations mapped to private address ranges defined by RFC1918 are not
+processed.
+.It Cm -allow_private
+Turn off private address handling in
+.Nm nat64
+instance.
.El
.Pp
To inspect a states table of stateful NAT64 the following command can be used:
@@ -3460,6 +3468,14 @@ Turn on logging of all handled packets via BPF through
interface.
.It Cm -log
Turn off logging of all handled packets via BPF.
+.It Cm allow_private
+Turn on processing private IPv4 addresses. By default IPv6 packets with
+destinations mapped to private address ranges defined by RFC1918 are not
+processed.
+.It Cm -allow_private
+Turn off private address handling in
+.Nm nat64
+instance.
.El
.Pp
Note that the behavior of stateless translator with respect to not matched
@@ -3948,16 +3964,6 @@ Default is no.
Controls whether bridged packets are passed to
.Nm .
Default is no.
-.It Va net.inet.ip.fw.nat64_allow_private : No 0
-Defines how
-.Nm nat64
-handles private IPv4 addresses:
-.Bl -tag -width indent
-.It Cm 0
-Packets with private IPv4 will not be handled by translator
-.It Cm 1
-Translator will accept and process packets with private IPv4 addresses.
-.El
.It Va net.inet.ip.fw.nat64_debug : No 0
Controls debugging messages produced by
.Nm ipfw_nat64
Modified: head/sbin/ipfw/ipfw2.h
==
--- head/sbin/ipfw/ipfw2.h Mon Mar 18 10:28:40 2019(r345261)
+++ head/sbin/ipfw/ipfw2.h Mon Mar 18 10:39:14 2019(r345262)
@@ -288,6 +288,8 @@ enum tokens {
TOK_UDP_AGE,
TOK_ICMP_AGE,
TOK_LOGOFF,
+ TOK_PRIVATE,
+ TOK_PRIVATEOFF,
/* NPTv6 tokens */
TOK_NPTV6,
Modified: head/sbin/ipfw/nat64lsn.c
==
--- head/sbin/ipfw/nat64lsn.c Mon Mar 18 10:28:40 2019(r345261)
+++ head/sbin/ipfw/nat64lsn.c Mon Mar 18 10:39:14 2019(r345262)
@@ -377,6 +377,8 @@ static struct _s_x nat64newcmds[] = {
{ "icmp_age",TOK_ICMP_AGE },
{ "log", TOK_LOG },
{ "-log",TOK_LOGOFF },
+ { "allow_private", TOK_PRIVATE },
+ { "-allow_private", TOK_PRIVATEOFF },
{ NULL, 0 }
};
@@ -522,6 +524,12 @@ nat64lsn_create(const char *name, uint8_t set, int ac,
case TOK_LOGOFF:
cfg->flags &= ~NAT64_LOG;
break;
+ case TOK_PRIVATE:
+ cfg->flags |= NAT64_ALLOW_PRIVATE;
+ break;
+ case TOK_PRIVATEOFF:
+ cfg->flags &= ~NAT64_ALLOW_PRIVATE;
+ break;
svn commit: r345263 - in head: sbin/ipfw sys/netinet6 sys/netpfil/ipfw/nat64
Author: ae Date: Mon Mar 18 10:50:32 2019 New Revision: 345263 URL: https://svnweb.freebsd.org/changeset/base/345263 Log: Add SPDX-License-Identifier and update year in copyright. MFC after:1 month Modified: head/sbin/ipfw/nat64lsn.c head/sbin/ipfw/nat64stl.c head/sys/netinet6/ip_fw_nat64.h head/sys/netpfil/ipfw/nat64/ip_fw_nat64.c head/sys/netpfil/ipfw/nat64/ip_fw_nat64.h head/sys/netpfil/ipfw/nat64/nat64_translate.c head/sys/netpfil/ipfw/nat64/nat64_translate.h head/sys/netpfil/ipfw/nat64/nat64lsn.c head/sys/netpfil/ipfw/nat64/nat64lsn.h head/sys/netpfil/ipfw/nat64/nat64lsn_control.c head/sys/netpfil/ipfw/nat64/nat64stl.c head/sys/netpfil/ipfw/nat64/nat64stl.h head/sys/netpfil/ipfw/nat64/nat64stl_control.c Modified: head/sbin/ipfw/nat64lsn.c == --- head/sbin/ipfw/nat64lsn.c Mon Mar 18 10:39:14 2019(r345262) +++ head/sbin/ipfw/nat64lsn.c Mon Mar 18 10:50:32 2019(r345263) @@ -1,8 +1,9 @@ /*- - * Copyright (c) 2015-2016 Yandex LLC + * SPDX-License-Identifier: BSD-2-Clause-FreeBSD + * + * Copyright (c) 2015-2019 Yandex LLC * Copyright (c) 2015-2016 Alexander V. Chernikov - * Copyright (c) 2015-2016 Andrey V. Elsukov - * All rights reserved. + * Copyright (c) 2015-2019 Andrey V. Elsukov * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions Modified: head/sbin/ipfw/nat64stl.c == --- head/sbin/ipfw/nat64stl.c Mon Mar 18 10:39:14 2019(r345262) +++ head/sbin/ipfw/nat64stl.c Mon Mar 18 10:50:32 2019(r345263) @@ -1,7 +1,8 @@ /*- - * Copyright (c) 2015-2016 Yandex LLC - * Copyright (c) 2015-2016 Andrey V. Elsukov - * All rights reserved. + * SPDX-License-Identifier: BSD-2-Clause-FreeBSD + * + * Copyright (c) 2015-2019 Yandex LLC + * Copyright (c) 2015-2019 Andrey V. Elsukov * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions Modified: head/sys/netinet6/ip_fw_nat64.h == --- head/sys/netinet6/ip_fw_nat64.h Mon Mar 18 10:39:14 2019 (r345262) +++ head/sys/netinet6/ip_fw_nat64.h Mon Mar 18 10:50:32 2019 (r345263) @@ -1,8 +1,9 @@ /*- - * Copyright (c) 2015 Yandex LLC + * SPDX-License-Identifier: BSD-2-Clause-FreeBSD + * + * Copyright (c) 2015-2019 Yandex LLC * Copyright (c) 2015 Alexander V. Chernikov - * Copyright (c) 2016 Andrey V. Elsukov - * All rights reserved. + * Copyright (c) 2015-2019 Andrey V. Elsukov * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions Modified: head/sys/netpfil/ipfw/nat64/ip_fw_nat64.c == --- head/sys/netpfil/ipfw/nat64/ip_fw_nat64.c Mon Mar 18 10:39:14 2019 (r345262) +++ head/sys/netpfil/ipfw/nat64/ip_fw_nat64.c Mon Mar 18 10:50:32 2019 (r345263) @@ -1,7 +1,8 @@ /*- - * Copyright (c) 2015-2018 Yandex LLC - * Copyright (c) 2015-2018 Andrey V. Elsukov - * All rights reserved. + * SPDX-License-Identifier: BSD-2-Clause-FreeBSD + * + * Copyright (c) 2015-2019 Yandex LLC + * Copyright (c) 2015-2019 Andrey V. Elsukov * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions Modified: head/sys/netpfil/ipfw/nat64/ip_fw_nat64.h == --- head/sys/netpfil/ipfw/nat64/ip_fw_nat64.h Mon Mar 18 10:39:14 2019 (r345262) +++ head/sys/netpfil/ipfw/nat64/ip_fw_nat64.h Mon Mar 18 10:50:32 2019 (r345263) @@ -1,7 +1,8 @@ /*- - * Copyright (c) 2015-2018 Yandex LLC - * Copyright (c) 2015-2018 Andrey V. Elsukov - * All rights reserved. + * SPDX-License-Identifier: BSD-2-Clause-FreeBSD + * + * Copyright (c) 2015-2019 Yandex LLC + * Copyright (c) 2015-2019 Andrey V. Elsukov * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions Modified: head/sys/netpfil/ipfw/nat64/nat64_translate.c == --- head/sys/netpfil/ipfw/nat64/nat64_translate.c Mon Mar 18 10:39:14 2019(r345262) +++ head/sys/netpfil/ipfw/nat64/nat64_translate.c Mon Mar 18 10:50:32 2019(r345263) @@ -1,7 +1,8 @@ /*- - * Copyright (c) 2015-2018 Yandex LLC - * Copyright (c) 2015-2018 Andrey V. Elsukov - * All rights reserved. + * SPDX-License-Identifier: BSD-2-Clause-FreeBSD + * + * Copyright (c) 2015-2019 Yandex LLC + * Copyright (c) 2015-2019 Andrey V. Elsukov * * Redis
svn commit: r345264 - in head: sbin/ipfw sys/conf sys/modules/ipfw_nat64 sys/netinet sys/netinet6 sys/netpfil/ipfw/nat64
Author: ae
Date: Mon Mar 18 11:44:53 2019
New Revision: 345264
URL: https://svnweb.freebsd.org/changeset/base/345264
Log:
Add NAT64 CLAT implementation as defined in RFC6877.
CLAT is customer-side translator that algorithmically translates 1:1
private IPv4 addresses to global IPv6 addresses, and vice versa.
It is implemented as part of ipfw_nat64 kernel module. When module
is loaded or compiled into the kernel, it registers "nat64clat" external
action. External action named instance can be created using `create`
command and then used in ipfw rules. The create command accepts two
IPv6 prefixes `plat_prefix` and `clat_prefix`. If plat_prefix is ommitted,
IPv6 NAT64 Well-Known prefix 64:ff9b::/96 will be used.
# ipfw nat64clat CLAT create clat_prefix SRC_PFX plat_prefix DST_PFX
# ipfw add nat64clat CLAT ip4 from IPv4_PFX to any out
# ipfw add nat64clat CLAT ip6 from DST_PFX to SRC_PFX in
Obtained from:Yandex LLC
Submitted by: Boris N. Lytochkin
MFC after:1 month
Relnotes: yes
Sponsored by: Yandex LLC
Added:
head/sbin/ipfw/nat64clat.c (contents, props changed)
head/sys/netpfil/ipfw/nat64/nat64clat.c (contents, props changed)
head/sys/netpfil/ipfw/nat64/nat64clat.h (contents, props changed)
head/sys/netpfil/ipfw/nat64/nat64clat_control.c (contents, props changed)
Modified:
head/sbin/ipfw/Makefile
head/sbin/ipfw/ipfw.8
head/sbin/ipfw/ipfw2.c
head/sbin/ipfw/ipfw2.h
head/sbin/ipfw/main.c
head/sys/conf/files
head/sys/modules/ipfw_nat64/Makefile
head/sys/netinet/ip_fw.h
head/sys/netinet6/ip_fw_nat64.h
head/sys/netpfil/ipfw/nat64/ip_fw_nat64.c
head/sys/netpfil/ipfw/nat64/ip_fw_nat64.h
Modified: head/sbin/ipfw/Makefile
==
--- head/sbin/ipfw/Makefile Mon Mar 18 10:50:32 2019(r345263)
+++ head/sbin/ipfw/Makefile Mon Mar 18 11:44:53 2019(r345264)
@@ -5,7 +5,7 @@
PACKAGE=ipfw
PROG= ipfw
SRCS= ipfw2.c dummynet.c ipv6.c main.c nat.c tables.c
-SRCS+= nat64lsn.c nat64stl.c nptv6.c
+SRCS+= nat64clat.c nat64lsn.c nat64stl.c nptv6.c
WARNS?=2
.if ${MK_PF} != "no"
Modified: head/sbin/ipfw/ipfw.8
==
--- head/sbin/ipfw/ipfw.8 Mon Mar 18 10:50:32 2019(r345263)
+++ head/sbin/ipfw/ipfw.8 Mon Mar 18 11:44:53 2019(r345264)
@@ -136,6 +136,21 @@ in-kernel NAT.
.Cm destroy
.Nm
.Oo Cm set Ar N Oc Cm nat64stl Ar name Cm stats Op Cm reset
+.Ss XLAT464 CLAT IPv6/IPv4 NETWORK ADDRESS AND PROTOCOL TRANSLATION
+.Nm
+.Oo Cm set Ar N Oc Cm nat64clat Ar name Cm create Ar create-options
+.Nm
+.Oo Cm set Ar N Oc Cm nat64clat Ar name Cm config Ar config-options
+.Nm
+.Oo Cm set Ar N Oc Cm nat64clat
+.Brq Ar name | all
+.Brq Cm list | show
+.Nm
+.Oo Cm set Ar N Oc Cm nat64clat
+.Brq Ar name | all
+.Cm destroy
+.Nm
+.Oo Cm set Ar N Oc Cm nat64clat Ar name Cm stats Op Cm reset
.Ss IPv6-to-IPv6 NETWORK PREFIX TRANSLATION
.Nm
.Oo Cm set Ar N Oc Cm nptv6 Ar name Cm create Ar create-options
@@ -924,6 +939,11 @@ Pass packet to a stateless NAT64 instance (for IPv6/IP
protocol translation): see the
.Sx IPv6/IPv4 NETWORK ADDRESS AND PROTOCOL TRANSLATION
Section for further information.
+.It Cm nat64clat Ar name
+Pass packet to a CLAT NAT64 instance (for client-side IPv6/IPv4 network
address and
+protocol translation): see the
+.Sx IPv6/IPv4 NETWORK ADDRESS AND PROTOCOL TRANSLATION
+Section for further information.
.It Cm nptv6 Ar name
Pass packet to a NPTv6 instance (for IPv6-to-IPv6 network prefix translation):
see the
@@ -3482,6 +3502,57 @@ Note that the behavior of stateless translator with re
packets differs from stateful translator.
If corresponding addresses was not found in the lookup tables, the packet
will not be dropped and the search continues.
+.Pp
+.Pp
+.Ss XLAT464 CLAT translation
+XLAT464 CLAT NAT64 translator implements client-side stateless translation as
+defined in RFC6877 and is very similar to statless NAT64 translator
+explained above. Instead of lookup tables it uses one-to-one mapping
+between IPv4 and IPv6 addresses using configured prefixes.
+This mode can be used as a replacement of DNS64 service for applications
+that are not using it (e.g. VoIP) allowing them to access IPv4-only Internet
+over IPv6-only networks with help of remote NAT64 translator.
+.Pp
+The CLAT NAT64 configuration command is the following:
+.Bd -ragged -offset indent
+.Bk -words
+.Cm nat64clat
+.Ar name
+.Cm create
+.Ar create-options
+.Ek
+.Ed
+.Pp
+The following parameters can be configured:
+.Bl -tag -width indent
+.It Cm clat_prefix Ar ipv6_prefix/length
+The IPv6 prefix defines IPv4-embedded IPv6 addresses used by translator
+to represent source IPv4 addresses.
+.It Cm plat_prefix Ar ipv6_prefix/length
+The IPv6 prefix defines IPv4-embedded IPv6 addresses used by translator
+to represent destination IPv4 addresses. This IPv
svn commit: r345265 - stable/12/sys/fs/ext2fs
Author: fsu
Date: Mon Mar 18 12:04:43 2019
New Revision: 345265
URL: https://svnweb.freebsd.org/changeset/base/345265
Log:
MFC r344751:
Make superblock reading logic more strict.
Add more on-disk superblock consistency checks to ext2_compute_sb_data()
function.
It should decrease the probability of mounting filesystems with corrupted
superblock data.
Reviewed by:pfg
Differential Revision:https://reviews.freebsd.org/D19322
Modified:
stable/12/sys/fs/ext2fs/ext2_alloc.c
stable/12/sys/fs/ext2fs/ext2_extern.h
stable/12/sys/fs/ext2fs/ext2_vfsops.c
stable/12/sys/fs/ext2fs/ext2fs.h
Modified: stable/12/sys/fs/ext2fs/ext2_alloc.c
==
--- stable/12/sys/fs/ext2fs/ext2_alloc.cMon Mar 18 11:44:53 2019
(r345264)
+++ stable/12/sys/fs/ext2fs/ext2_alloc.cMon Mar 18 12:04:43 2019
(r345265)
@@ -457,7 +457,7 @@ noinodes:
/*
* 64-bit compatible getters and setters for struct ext2_gd from ext2fs.h
*/
-static uint64_t
+uint64_t
e2fs_gd_get_b_bitmap(struct ext2_gd *gd)
{
@@ -465,7 +465,7 @@ e2fs_gd_get_b_bitmap(struct ext2_gd *gd)
gd->ext2bgd_b_bitmap);
}
-static uint64_t
+uint64_t
e2fs_gd_get_i_bitmap(struct ext2_gd *gd)
{
@@ -754,7 +754,7 @@ ext2_hashalloc(struct inode *ip, int cg, long pref, in
return (0);
}
-static unsigned long
+static uint64_t
ext2_cg_number_gdb_nometa(struct m_ext2fs *fs, int cg)
{
@@ -768,7 +768,7 @@ ext2_cg_number_gdb_nometa(struct m_ext2fs *fs, int cg)
EXT2_DESCS_PER_BLOCK(fs));
}
-static unsigned long
+static uint64_t
ext2_cg_number_gdb_meta(struct m_ext2fs *fs, int cg)
{
unsigned long metagroup;
@@ -784,7 +784,7 @@ ext2_cg_number_gdb_meta(struct m_ext2fs *fs, int cg)
return (0);
}
-static unsigned long
+uint64_t
ext2_cg_number_gdb(struct m_ext2fs *fs, int cg)
{
unsigned long first_meta_bg, metagroup;
Modified: stable/12/sys/fs/ext2fs/ext2_extern.h
==
--- stable/12/sys/fs/ext2fs/ext2_extern.h Mon Mar 18 11:44:53 2019
(r345264)
+++ stable/12/sys/fs/ext2fs/ext2_extern.h Mon Mar 18 12:04:43 2019
(r345265)
@@ -91,6 +91,7 @@ int ext2_dirrewrite(struct inode *,
intext2_dirempty(struct inode *, ino_t, struct ucred *);
intext2_checkpath(struct inode *, struct inode *, struct ucred *);
intext2_cg_has_sb(struct m_ext2fs *fs, int cg);
+uint64_t ext2_cg_number_gdb(struct m_ext2fs *fs, int cg);
intext2_inactive(struct vop_inactive_args *);
intext2_htree_add_entry(struct vnode *, struct ext2fs_direct_2 *,
struct componentname *);
@@ -104,6 +105,8 @@ int ext2_htree_lookup(struct inode *, const char *, in
intext2_search_dirblock(struct inode *, void *, int *, const char *, int,
int *, doff_t *, doff_t *, doff_t *, struct ext2fs_searchslot *);
uint32_t e2fs_gd_get_ndirs(struct ext2_gd *gd);
+uint64_t e2fs_gd_get_b_bitmap(struct ext2_gd *);
+uint64_t e2fs_gd_get_i_bitmap(struct ext2_gd *);
uint64_t e2fs_gd_get_i_tables(struct ext2_gd *);
void ext2_sb_csum_set_seed(struct m_ext2fs *);
intext2_sb_csum_verify(struct m_ext2fs *);
Modified: stable/12/sys/fs/ext2fs/ext2_vfsops.c
==
--- stable/12/sys/fs/ext2fs/ext2_vfsops.c Mon Mar 18 11:44:53 2019
(r345264)
+++ stable/12/sys/fs/ext2fs/ext2_vfsops.c Mon Mar 18 12:04:43 2019
(r345265)
@@ -98,7 +98,7 @@ VFS_SET(ext2fs_vfsops, ext2fs, 0);
static int ext2_check_sb_compat(struct ext2fs *es, struct cdev *dev,
int ronly);
-static int compute_sb_data(struct vnode * devvp,
+static int ext2_compute_sb_data(struct vnode * devvp,
struct ext2fs * es, struct m_ext2fs * fs);
static const char *ext2_opts[] = { "acls", "async", "noatime", "noclusterr",
@@ -321,7 +321,7 @@ ext2_check_sb_compat(struct ext2fs *es, struct cdev *d
}
static e4fs_daddr_t
-cg_location(struct m_ext2fs *fs, int number)
+ext2_cg_location(struct m_ext2fs *fs, int number)
{
int cg, descpb, logical_sb, has_super = 0;
@@ -350,82 +350,196 @@ cg_location(struct m_ext2fs *fs, int number)
fs->e2fs->e2fs_first_dblock);
}
+static int
+ext2_cg_validate(struct m_ext2fs *fs)
+{
+ uint64_t b_bitmap;
+ uint64_t i_bitmap;
+ uint64_t i_tables;
+ uint64_t first_block, last_block, last_cg_block;
+ struct ext2_gd *gd;
+ unsigned int i, cg_count;
+
+ first_block = fs->e2fs->e2fs_first_dblock;
+ last_cg_block = ext2_cg_number_gdb(fs, 0);
+ cg_count = fs->e2fs_gcount;
+
+ for (i = 0; i < fs->e2fs_gcount; i++) {
+ gd = &fs->e2fs_gd[i];
+
+ if (EXT2_HAS_INCOMPAT_FEATURE(fs, EXT2F_INCOMPAT_FLEX_BG) ||
+ i == fs->e2fs_gcou
svn commit: r345266 - stable/12/sys/fs/ext2fs
Author: fsu
Date: Mon Mar 18 12:09:10 2019
New Revision: 345266
URL: https://svnweb.freebsd.org/changeset/base/345266
Log:
MFC: r344753:
Validate block bitmaps.
Reviewed by:pfg
Differential Revision:https://reviews.freebsd.org/D19324
Modified:
stable/12/sys/fs/ext2fs/ext2_alloc.c
Modified: stable/12/sys/fs/ext2fs/ext2_alloc.c
==
--- stable/12/sys/fs/ext2fs/ext2_alloc.cMon Mar 18 12:04:43 2019
(r345265)
+++ stable/12/sys/fs/ext2fs/ext2_alloc.cMon Mar 18 12:09:10 2019
(r345266)
@@ -902,6 +902,52 @@ ext2_cg_block_bitmap_init(struct m_ext2fs *fs, int cg,
return (0);
}
+static int
+ext2_b_bitmap_validate(struct m_ext2fs *fs, struct buf *bp, int cg)
+{
+ struct ext2_gd *gd;
+ uint64_t group_first_block;
+ unsigned int offset, max_bit;
+
+ if (EXT2_HAS_INCOMPAT_FEATURE(fs, EXT2F_INCOMPAT_FLEX_BG)) {
+ /*
+* It is not possible to check block bitmap in case of this
feature,
+* because the inode and block bitmaps and inode table
+* blocks may not be in the group at all.
+* So, skip check in this case.
+*/
+ return (0);
+ }
+
+ gd = &fs->e2fs_gd[cg];
+ max_bit = fs->e2fs_fpg;
+ group_first_block = ((uint64_t)cg) * fs->e2fs->e2fs_fpg +
+ fs->e2fs->e2fs_first_dblock;
+
+ /* Check block bitmap block number */
+ offset = e2fs_gd_get_b_bitmap(gd) - group_first_block;
+ if (offset >= max_bit || !isset(bp->b_data, offset)) {
+ printf("ext2fs: bad block bitmap, group %d\n", cg);
+ return (EINVAL);
+ }
+
+ /* Check inode bitmap block number */
+ offset = e2fs_gd_get_i_bitmap(gd) - group_first_block;
+ if (offset >= max_bit || !isset(bp->b_data, offset)) {
+ printf("ext2fs: bad inode bitmap, group %d\n", cg);
+ return (EINVAL);
+ }
+
+ /* Check inode table */
+ offset = e2fs_gd_get_i_tables(gd) - group_first_block;
+ if (offset >= max_bit || offset + fs->e2fs_itpg >= max_bit) {
+ printf("ext2fs: bad inode table, group %d\n", cg);
+ return (EINVAL);
+ }
+
+ return (0);
+}
+
/*
* Determine whether a block can be allocated.
*
@@ -922,40 +968,37 @@ ext2_alloccg(struct inode *ip, int cg, daddr_t bpref,
ump = ip->i_ump;
if (e2fs_gd_get_nbfree(&fs->e2fs_gd[cg]) == 0)
return (0);
+
EXT2_UNLOCK(ump);
error = bread(ip->i_devvp, fsbtodb(fs,
e2fs_gd_get_b_bitmap(&fs->e2fs_gd[cg])),
(int)fs->e2fs_bsize, NOCRED, &bp);
- if (error) {
- brelse(bp);
- EXT2_LOCK(ump);
- return (0);
- }
+ if (error)
+ goto fail;
+
if (EXT2_HAS_RO_COMPAT_FEATURE(fs, EXT2F_ROCOMPAT_GDT_CSUM) ||
EXT2_HAS_RO_COMPAT_FEATURE(fs, EXT2F_ROCOMPAT_METADATA_CKSUM)) {
error = ext2_cg_block_bitmap_init(fs, cg, bp);
- if (error) {
- brelse(bp);
- EXT2_LOCK(ump);
- return (0);
- }
+ if (error)
+ goto fail;
+
ext2_gd_b_bitmap_csum_set(fs, cg, bp);
}
error = ext2_gd_b_bitmap_csum_verify(fs, cg, bp);
- if (error) {
- brelse(bp);
- EXT2_LOCK(ump);
- return (0);
- }
- if (e2fs_gd_get_nbfree(&fs->e2fs_gd[cg]) == 0) {
- /*
-* Another thread allocated the last block in this
-* group while we were waiting for the buffer.
-*/
- brelse(bp);
- EXT2_LOCK(ump);
- return (0);
- }
+ if (error)
+ goto fail;
+
+ error = ext2_b_bitmap_validate(fs,bp, cg);
+ if (error)
+ goto fail;
+
+ /*
+* Check, that another thread did not not allocate the last block in
this
+* group while we were waiting for the buffer.
+*/
+ if (e2fs_gd_get_nbfree(&fs->e2fs_gd[cg]) == 0)
+ goto fail;
+
bbp = (char *)bp->b_data;
if (dtog(fs, bpref) != cg)
@@ -1028,11 +1071,9 @@ retry:
goto retry;
}
bno = ext2_mapsearch(fs, bbp, bpref);
- if (bno < 0) {
- brelse(bp);
- EXT2_LOCK(ump);
- return (0);
- }
+ if (bno < 0)
+ goto fail;
+
gotit:
#ifdef INVARIANTS
if (isset(bbp, bno)) {
@@ -1052,6 +1093,11 @@ gotit:
ext2_gd_b_bitmap_csum_set(fs, cg, bp);
bdwrite(bp);
return (((uint64_t)cg) * fs->e2fs->e2fs_fpg +
fs->e2fs->e2fs_first_dblock + bno);
+
+fail:
+ brelse(bp);
+ EXT2_LOCK(ump);
+
svn commit: r345267 - stable/12/sys/fs/ext2fs
Author: fsu Date: Mon Mar 18 12:15:58 2019 New Revision: 345267 URL: https://svnweb.freebsd.org/changeset/base/345267 Log: MFC: r344755: Fix integer overflow possibility. Reported by:Christopher Krah, Thomas Barabosch, and Jan-Niclas Hilgert of Fraunhofer FKIE Reported as:FS-2-EXT2-1: Out-of-Bounds Write in nmount (ext2_vget) Reviewed by:pfg Differential Revision:https://reviews.freebsd.org/D19326 Modified: stable/12/sys/fs/ext2fs/ext2_vfsops.c Modified: stable/12/sys/fs/ext2fs/ext2_vfsops.c == --- stable/12/sys/fs/ext2fs/ext2_vfsops.c Mon Mar 18 12:09:10 2019 (r345266) +++ stable/12/sys/fs/ext2fs/ext2_vfsops.c Mon Mar 18 12:15:58 2019 (r345267) @@ -1156,8 +1156,8 @@ ext2_vget(struct mount *mp, ino_t ino, int flags, stru struct buf *bp; struct vnode *vp; struct thread *td; - int i, error; - int used_blocks; + unsigned int i, used_blocks; + int error; td = curthread; error = vfs_hash_get(mp, ino, flags, td, vpp, NULL, NULL); ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r345268 - stable/12/sys/fs/ext2fs
Author: fsu
Date: Mon Mar 18 12:22:04 2019
New Revision: 345268
URL: https://svnweb.freebsd.org/changeset/base/345268
Log:
MFC: r344756, r345179:
Do not read the on-disk inode in case of vnode allocation.
Reported by:Christopher Krah, Thomas Barabosch, and Jan-Niclas Hilgert of
Fraunhofer FKIE
Reported as:FS-6-EXT2-4: Denial Of Service in mkdir-0 (ext2_mkdir/vn_rdwr)
Reviewed by:pfg
Differential Revision:https://reviews.freebsd.org/D19327
Modified:
stable/12/sys/fs/ext2fs/ext2_alloc.c
Modified: stable/12/sys/fs/ext2fs/ext2_alloc.c
==
--- stable/12/sys/fs/ext2fs/ext2_alloc.cMon Mar 18 12:15:58 2019
(r345267)
+++ stable/12/sys/fs/ext2fs/ext2_alloc.cMon Mar 18 12:22:04 2019
(r345268)
@@ -373,10 +373,12 @@ int
ext2_valloc(struct vnode *pvp, int mode, struct ucred *cred, struct vnode
**vpp)
{
struct timespec ts;
- struct inode *pip;
struct m_ext2fs *fs;
- struct inode *ip;
struct ext2mount *ump;
+ struct inode *pip;
+ struct inode *ip;
+ struct vnode *vp;
+ struct thread *td;
ino_t ino, ipref;
int error, cg;
@@ -404,33 +406,63 @@ ext2_valloc(struct vnode *pvp, int mode, struct ucred
}
ipref = cg * fs->e2fs->e2fs_ipg + 1;
ino = (ino_t)ext2_hashalloc(pip, cg, (long)ipref, mode,
ext2_nodealloccg);
-
if (ino == 0)
goto noinodes;
- error = VFS_VGET(pvp->v_mount, ino, LK_EXCLUSIVE, vpp);
+
+ td = curthread;
+ error = vfs_hash_get(ump->um_mountp, ino, LK_EXCLUSIVE, td, vpp, NULL,
NULL);
+ if (error || *vpp != NULL) {
+ return (error);
+ }
+
+ ip = malloc(sizeof(struct inode), M_EXT2NODE, M_WAITOK | M_ZERO);
+ if (ip == NULL) {
+ return (ENOMEM);
+ }
+
+ /* Allocate a new vnode/inode. */
+ if ((error = getnewvnode("ext2fs", ump->um_mountp, &ext2_vnodeops,
&vp)) != 0) {
+ free(ip, M_EXT2NODE);
+ return (error);
+ }
+
+ lockmgr(vp->v_vnlock, LK_EXCLUSIVE, NULL);
+ vp->v_data = ip;
+ ip->i_vnode = vp;
+ ip->i_e2fs = fs = ump->um_e2fs;
+ ip->i_ump = ump;
+ ip->i_number = ino;
+ ip->i_block_group = ino_to_cg(fs, ino);
+ ip->i_next_alloc_block = 0;
+ ip->i_next_alloc_goal = 0;
+
+ error = insmntque(vp, ump->um_mountp);
if (error) {
- ext2_vfree(pvp, ino, mode);
+ free(ip, M_EXT2NODE);
return (error);
}
- ip = VTOI(*vpp);
- /*
-* The question is whether using VGET was such good idea at all:
-* Linux doesn't read the old inode in when it is allocating a
-* new one. I will set at least i_size and i_blocks to zero.
-*/
- ip->i_flag = 0;
- ip->i_size = 0;
- ip->i_blocks = 0;
- ip->i_mode = 0;
- ip->i_flags = 0;
+ error = vfs_hash_insert(vp, ino, LK_EXCLUSIVE, td, vpp, NULL, NULL);
+ if (error || *vpp != NULL) {
+ *vpp = NULL;
+ free(ip, M_EXT2NODE);
+ return (error);
+ }
+
+ if ((error = ext2_vinit(ump->um_mountp, &ext2_fifoops, &vp)) != 0) {
+ vput(vp);
+ *vpp = NULL;
+ free(ip, M_EXT2NODE);
+ return (error);
+ }
+
if (EXT2_HAS_INCOMPAT_FEATURE(fs, EXT2F_INCOMPAT_EXTENTS)
&& (S_ISREG(mode) || S_ISDIR(mode)))
ext4_ext_tree_init(ip);
else
memset(ip->i_data, 0, sizeof(ip->i_data));
-
+
/*
* Set up a new generation number for this inode.
* Avoid zero values.
@@ -443,10 +475,10 @@ ext2_valloc(struct vnode *pvp, int mode, struct ucred
ip->i_birthtime = ts.tv_sec;
ip->i_birthnsec = ts.tv_nsec;
-/*
-printf("ext2_valloc: allocated inode %d\n", ino);
-*/
+ *vpp = vp;
+
return (0);
+
noinodes:
EXT2_UNLOCK(ump);
ext2_fserr(fs, cred->cr_uid, "out of inodes");
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r345269 - in head/sys: dev/netmap net
Author: vmaffione
Date: Mon Mar 18 12:22:23 2019
New Revision: 345269
URL: https://svnweb.freebsd.org/changeset/base/345269
Log:
netmap: add support for multiple host rings
Some applications forward from/to host rings most or all the
traffic received or sent on a physical interface. In this
cases it is desirable to have more than a pair of RX/TX host
rings, and use multiple threads to speed up forwarding.
This change adds support for multiple host rings. On registering
a netmap port, the user can specify the number of desired receive
and transmit host rings in the nr_host_tx_rings and nr_host_rx_rings
fields of the nmreq_register structure.
MFC after:2 weeks
Modified:
head/sys/dev/netmap/netmap.c
head/sys/dev/netmap/netmap_legacy.c
head/sys/dev/netmap/netmap_mem2.c
head/sys/net/netmap.h
head/sys/net/netmap_legacy.h
head/sys/net/netmap_user.h
Modified: head/sys/dev/netmap/netmap.c
==
--- head/sys/dev/netmap/netmap.cMon Mar 18 12:22:04 2019
(r345268)
+++ head/sys/dev/netmap/netmap.cMon Mar 18 12:22:23 2019
(r345269)
@@ -1035,6 +1035,10 @@ netmap_do_unregif(struct netmap_priv_d *priv)
}
na->nm_krings_delete(na);
+
+ /* restore the default number of host tx and rx rings */
+ na->num_host_tx_rings = 1;
+ na->num_host_rx_rings = 1;
}
/* possibily decrement counter of tx_si/rx_si users */
@@ -1575,6 +1579,19 @@ netmap_get_na(struct nmreq_header *hdr,
*na = ret;
netmap_adapter_get(ret);
+ /*
+* if the adapter supports the host rings and it is not alread open,
+* try to set the number of host rings as requested by the user
+*/
+ if (((*na)->na_flags & NAF_HOST_RINGS) && (*na)->active_fds == 0) {
+ if (req->nr_host_tx_rings)
+ (*na)->num_host_tx_rings = req->nr_host_tx_rings;
+ if (req->nr_host_rx_rings)
+ (*na)->num_host_rx_rings = req->nr_host_rx_rings;
+ }
+ nm_prdis("%s: host tx %d rx %u", (*na)->name, (*na)->num_host_tx_rings,
+ (*na)->num_host_rx_rings);
+
out:
if (error) {
if (ret)
@@ -1856,6 +1873,25 @@ netmap_interp_ringid(struct netmap_priv_d *priv, uint3
nm_prdis("ONE_NIC: %s %d %d", nm_txrx2str(t),
priv->np_qfirst[t], priv->np_qlast[t]);
break;
+ case NR_REG_ONE_SW:
+ if (!(na->na_flags & NAF_HOST_RINGS)) {
+ nm_prerr("host rings not supported");
+ return EINVAL;
+ }
+ if (nr_ringid >= na->num_host_tx_rings &&
+ nr_ringid >= na->num_host_rx_rings) {
+ nm_prerr("invalid ring id %d", nr_ringid);
+ return EINVAL;
+ }
+ /* if not enough rings, use the first one */
+ j = nr_ringid;
+ if (j >= nma_get_host_nrings(na, t))
+ j = 0;
+ priv->np_qfirst[t] = nma_get_nrings(na, t) + j;
+ priv->np_qlast[t] = nma_get_nrings(na, t) + j + 1;
+ nm_prdis("ONE_SW: %s %d %d", nm_txrx2str(t),
+ priv->np_qfirst[t], priv->np_qlast[t]);
+ break;
default:
nm_prerr("invalid regif type %d", nr_mode);
return EINVAL;
@@ -2546,6 +2582,8 @@ netmap_ioctl(struct netmap_priv_d *priv, u_long cmd, c
req->nr_tx_rings = na->num_tx_rings;
req->nr_rx_slots = na->num_rx_desc;
req->nr_tx_slots = na->num_tx_desc;
+ req->nr_host_tx_rings = na->num_host_tx_rings;
+ req->nr_host_rx_rings = na->num_host_rx_rings;
error = netmap_mem_get_info(na->nm_mem,
&req->nr_memsize, &memflags,
&req->nr_mem_id);
if (error) {
@@ -2610,6 +2648,8 @@ netmap_ioctl(struct netmap_priv_d *priv, u_long cmd, c
regreq.nr_rx_slots = req->nr_rx_slots;
regreq.nr_tx_rings = req->nr_tx_rings;
regreq.nr_rx_rings = req->nr_rx_rings;
+ regreq.nr_host_tx_rings =
req->nr_host_tx_rings;
+ regreq.nr_host_rx_rings =
req->nr_host_rx_rings;
regreq.nr_mem_id = req->nr_mem_
svn commit: r345270 - stable/12/sys/fs/ext2fs
Author: fsu
Date: Mon Mar 18 12:26:25 2019
New Revision: 345270
URL: https://svnweb.freebsd.org/changeset/base/345270
Log:
MFC: r344754:
Do not panic if inode bitmap is corrupted.
admbug: 804
Reported by:Ilja Van Sprundel
Reviewed by:pfg
Differential Revision:https://reviews.freebsd.org/D19325
Modified:
stable/12/sys/fs/ext2fs/ext2_alloc.c
Modified: stable/12/sys/fs/ext2fs/ext2_alloc.c
==
--- stable/12/sys/fs/ext2fs/ext2_alloc.cMon Mar 18 12:22:23 2019
(r345269)
+++ stable/12/sys/fs/ext2fs/ext2_alloc.cMon Mar 18 12:26:25 2019
(r345270)
@@ -1350,10 +1350,12 @@ ext2_nodealloccg(struct inode *ip, int cg, daddr_t ipr
start = 0;
loc = memcchr(&ibp[start], 0xff, len);
if (loc == NULL) {
- printf("cg = %d, ipref = %lld, fs = %s\n",
+ printf("ext2fs: inode bitmap corrupted: "
+ "cg = %d, ipref = %lld, fs = %s - run fsck\n",
cg, (long long)ipref, fs->e2fs_fsmnt);
- panic("ext2fs_nodealloccg: map corrupted");
- /* NOTREACHED */
+ brelse(bp);
+ EXT2_LOCK(ump);
+ return (0);
}
}
ipref = (loc - ibp) * NBBY + ffs(~*loc) - 1;
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r345271 - stable/12/sys/fs/ext2fs
Author: fsu
Date: Mon Mar 18 12:31:07 2019
New Revision: 345271
URL: https://svnweb.freebsd.org/changeset/base/345271
Log:
MFC: r344752:
Add additional on-disk inode checks.
Reviewed by:pfg
Differential Revision:https://reviews.freebsd.org/D19323
Modified:
stable/12/sys/fs/ext2fs/ext2_csum.c
stable/12/sys/fs/ext2fs/ext2_inode_cnv.c
stable/12/sys/fs/ext2fs/ext2_vfsops.c
stable/12/sys/fs/ext2fs/ext2fs.h
Modified: stable/12/sys/fs/ext2fs/ext2_csum.c
==
--- stable/12/sys/fs/ext2fs/ext2_csum.c Mon Mar 18 12:26:25 2019
(r345270)
+++ stable/12/sys/fs/ext2fs/ext2_csum.c Mon Mar 18 12:31:07 2019
(r345271)
@@ -629,6 +629,8 @@ ext2_ei_csum_verify(struct inode *ip, struct ext2fs_di
if (!memcmp(ei, &ei_zero, sizeof(struct ext2fs_dinode)))
return (0);
+ printf("WARNING: Bad inode %ju csum - run fsck\n",
ip->i_number);
+
return (EIO);
}
Modified: stable/12/sys/fs/ext2fs/ext2_inode_cnv.c
==
--- stable/12/sys/fs/ext2fs/ext2_inode_cnv.cMon Mar 18 12:26:25 2019
(r345270)
+++ stable/12/sys/fs/ext2fs/ext2_inode_cnv.cMon Mar 18 12:31:07 2019
(r345271)
@@ -34,7 +34,6 @@
#include
#include
-#include
#include
#include
#include
@@ -92,8 +91,31 @@ ext2_print_inode(struct inode *in)
int
ext2_ei2i(struct ext2fs_dinode *ei, struct inode *ip)
{
+ struct m_ext2fs *fs = ip->i_e2fs;
+ if ((ip->i_number < EXT2_FIRST_INO(fs) && ip->i_number != EXT2_ROOTINO)
||
+ (ip->i_number < EXT2_ROOTINO) ||
+ (ip->i_number > fs->e2fs->e2fs_icount)) {
+ printf("ext2fs: bad inode number %ju\n", ip->i_number);
+ return (EINVAL);
+ }
+
+ if (ip->i_number == EXT2_ROOTINO && ei->e2di_nlink == 0) {
+ printf("ext2fs: root inode unallocated\n");
+ return (EINVAL);
+ }
ip->i_nlink = ei->e2di_nlink;
+
+ /* Check extra inode size */
+ if (EXT2_INODE_SIZE(fs) > E2FS_REV0_INODE_SIZE) {
+ if (E2FS_REV0_INODE_SIZE + ei->e2di_extra_isize >
+ EXT2_INODE_SIZE(fs) || (ei->e2di_extra_isize & 3)) {
+ printf("ext2fs: bad extra inode size %u, inode
size=%u\n",
+ ei->e2di_extra_isize, EXT2_INODE_SIZE(fs));
+ return (EINVAL);
+ }
+ }
+
/*
* Godmar thinks - if the link count is zero, then the inode is
* unused - according to ext2 standards. Ufs marks this fact by
Modified: stable/12/sys/fs/ext2fs/ext2_vfsops.c
==
--- stable/12/sys/fs/ext2fs/ext2_vfsops.c Mon Mar 18 12:26:25 2019
(r345270)
+++ stable/12/sys/fs/ext2fs/ext2_vfsops.c Mon Mar 18 12:31:07 2019
(r345271)
@@ -773,11 +773,18 @@ loop:
MNT_VNODE_FOREACH_ALL_ABORT(mp, mvp);
return (error);
}
- ext2_ei2i((struct ext2fs_dinode *)((char *)bp->b_data +
+
+ error = ext2_ei2i((struct ext2fs_dinode *)((char *)bp->b_data +
EXT2_INODE_SIZE(fs) * ino_to_fsbo(fs, ip->i_number)), ip);
+
brelse(bp);
VOP_UNLOCK(vp, 0);
vrele(vp);
+
+ if (error) {
+ MNT_VNODE_FOREACH_ALL_ABORT(mp, mvp);
+ return (error);
+ }
}
return (0);
}
@@ -1208,8 +1215,6 @@ ext2_vget(struct mount *mp, ino_t ino, int flags, stru
error = ext2_ei2i((struct ext2fs_dinode *)((char *)bp->b_data +
EXT2_INODE_SIZE(fs) * ino_to_fsbo(fs, ino)), ip);
if (error) {
- printf("ext2fs: Bad inode %lu csum - run fsck\n",
- (unsigned long)ino);
brelse(bp);
vput(vp);
*vpp = NULL;
Modified: stable/12/sys/fs/ext2fs/ext2fs.h
==
--- stable/12/sys/fs/ext2fs/ext2fs.hMon Mar 18 12:26:25 2019
(r345270)
+++ stable/12/sys/fs/ext2fs/ext2fs.hMon Mar 18 12:31:07 2019
(r345271)
@@ -422,4 +422,11 @@ struct ext2_gd {
EXT2F_INCOMPAT_64BIT) ? ((s)->e2fs_bsize / sizeof(struct ext2_gd)) : \
((s)->e2fs_bsize / E2FS_REV0_GD_SIZE))
+/*
+ * Macro-instructions used to manage inodes
+ */
+#defineEXT2_FIRST_INO(s) ((EXT2_SB(s)->e2fs->e2fs_rev ==
E2FS_REV0) ? \
+EXT2_FIRSTINO : \
+EXT2_SB(s)->e2fs->e2fs_first_ino)
+
#endif /* !_FS_EXT2FS_EXT2FS_H_ */
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/s
svn commit: r345272 - stable/12/sys/fs/ext2fs
Author: fsu
Date: Mon Mar 18 12:34:13 2019
New Revision: 345272
URL: https://svnweb.freebsd.org/changeset/base/345272
Log:
MFC: r344757:
Fix double free in case of mount error.
Reported by:Christopher Krah, Thomas Barabosch, and Jan-Niclas Hilgert of
Fraunhofer FKIE
Reported as:FS-9-EXT3-2: Denial Of Service in nmount-5 (vm_fault_hold)
Reviewed by:pfg
Differential Revision:https://reviews.freebsd.org/D19385
Modified:
stable/12/sys/fs/ext2fs/ext2_vfsops.c
Modified: stable/12/sys/fs/ext2fs/ext2_vfsops.c
==
--- stable/12/sys/fs/ext2fs/ext2_vfsops.c Mon Mar 18 12:31:07 2019
(r345271)
+++ stable/12/sys/fs/ext2fs/ext2_vfsops.c Mon Mar 18 12:34:13 2019
(r345272)
@@ -614,8 +614,12 @@ ext2_compute_sb_data(struct vnode *devvp, struct ext2f
fsbtodb(fs, ext2_cg_location(fs, i)),
fs->e2fs_bsize, NOCRED, &bp);
if (error) {
- free(fs->e2fs_contigdirs, M_EXT2MNT);
- free(fs->e2fs_gd, M_EXT2MNT);
+ /*
+* fs->e2fs_gd and fs->e2fs_contigdirs
+* will be freed later by the caller,
+* because this function could be called from
+* MNT_UPDATE path.
+*/
brelse(bp);
return (error);
}
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r345273 - head/sys/kern
Author: gallatin
Date: Mon Mar 18 12:41:42 2019
New Revision: 345273
URL: https://svnweb.freebsd.org/changeset/base/345273
Log:
Fix a typo introduced in r344133
The line was misedited to change tt to st instead of
changing ut to st.
The use of st as the denominator in mul64_by_fraction() will lead
to an integer divide fault in the intr proc (the process holding
ithreads) where st will be 0. This divide by 0 happens after
the total runtime for all ithreads exceeds 76 hours.
Submitted by: bde
Modified:
head/sys/kern/kern_resource.c
Modified: head/sys/kern/kern_resource.c
==
--- head/sys/kern/kern_resource.c Mon Mar 18 12:34:13 2019
(r345272)
+++ head/sys/kern/kern_resource.c Mon Mar 18 12:41:42 2019
(r345273)
@@ -978,7 +978,7 @@ calcru1(struct proc *p, struct rusage_ext *ruxp, struc
su = (tu * st) / tt;
} else {
uu = mul64_by_fraction(tu, ut, tt);
- su = mul64_by_fraction(tu, ut, st);
+ su = mul64_by_fraction(tu, st, tt);
}
if (tu >= ruxp->rux_tu) {
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r345274 - in head: sbin/ipfw sys/conf sys/modules/ipfw_nat64 sys/netinet6 sys/netpfil/ipfw/nat64
Author: ae
Date: Mon Mar 18 12:59:08 2019
New Revision: 345274
URL: https://svnweb.freebsd.org/changeset/base/345274
Log:
Update NAT64LSN implementation:
o most of data structures and relations were modified to be able support
large number of translation states. Now each supported protocol can
use full ports range. Ports groups now are belongs to IPv4 alias
addresses, not hosts. Each ports group can keep several states chunks.
This is controlled with new `states_chunks` config option. States
chunks allow to have several translation states for single alias address
and port, but for different destination addresses.
o by default all hash tables now use jenkins hash.
o ConcurrencyKit and epoch(9) is used to make NAT64LSN lockless on fast path.
o one NAT64LSN instance now can be used to handle several IPv6 prefixes,
special prefix "::" value should be used for this purpose when instance
is created.
o due to modified internal data structures relations, the socket opcode
that does states listing was changed.
Obtained from:Yandex LLC
MFC after:1 month
Sponsored by: Yandex LLC
Modified:
head/sbin/ipfw/ipfw.8
head/sbin/ipfw/ipfw2.h
head/sbin/ipfw/nat64lsn.c
head/sys/conf/files
head/sys/modules/ipfw_nat64/Makefile
head/sys/netinet6/ip_fw_nat64.h
head/sys/netpfil/ipfw/nat64/nat64lsn.c
head/sys/netpfil/ipfw/nat64/nat64lsn.h
head/sys/netpfil/ipfw/nat64/nat64lsn_control.c
Modified: head/sbin/ipfw/ipfw.8
==
--- head/sbin/ipfw/ipfw.8 Mon Mar 18 12:41:42 2019(r345273)
+++ head/sbin/ipfw/ipfw.8 Mon Mar 18 12:59:08 2019(r345274)
@@ -3300,6 +3300,7 @@ See
.Sx SYSCTL VARIABLES
for more info.
.Sh IPv6/IPv4 NETWORK ADDRESS AND PROTOCOL TRANSLATION
+.Ss Stateful translation
.Nm
supports in-kernel IPv6/IPv4 network address and protocol translation.
Stateful NAT64 translation allows IPv6-only clients to contact IPv4 servers
@@ -3317,7 +3318,8 @@ to be able use stateful NAT64 translator.
Stateful NAT64 uses a bunch of memory for several types of objects.
When IPv6 client initiates connection, NAT64 translator creates a host entry
in the states table.
-Each host entry has a number of ports group entries allocated on demand.
+Each host entry uses preallocated IPv4 alias entry.
+Each alias entry has a number of ports group entries allocated on demand.
Ports group entries contains connection state entries.
There are several options to control limits and lifetime for these objects.
.Pp
@@ -3337,6 +3339,11 @@ First time an original packet is handled and consumed
and then it is handled again as translated packet.
This behavior can be changed by sysctl variable
.Va net.inet.ip.fw.nat64_direct_output .
+Also translated packet can be tagged using
+.Cm tag
+rule action, and then matched by
+.Cm tagged
+opcode to avoid loops and extra overhead.
.Pp
The stateful NAT64 configuration command is the following:
.Bd -ragged -offset indent
@@ -3364,15 +3371,16 @@ to represent IPv4 addresses. This IPv6 prefix should b
The translator implementation follows RFC6052, that restricts the length of
prefixes to one of following: 32, 40, 48, 56, 64, or 96.
The Well-Known IPv6 Prefix 64:ff9b:: must be 96 bits long.
-.It Cm max_ports Ar number
-Maximum number of ports reserved for upper level protocols to one IPv6 client.
-All reserved ports are divided into chunks between supported protocols.
-The number of connections from one IPv6 client is limited by this option.
-Note that closed TCP connections still remain in the list of connections until
-.Cm tcp_close_age
-interval will not expire.
-Default value is
-.Ar 2048 .
+The special
+.Ar ::/length
+prefix can be used to handle several IPv6 prefixes with one NAT64 instance.
+The NAT64 instance will determine a destination IPv4 address from prefix
+.Ar length .
+.It Cm states_chunks Ar number
+The number of states chunks in single ports group.
+Each ports group by default can keep 64 state entries in single chunk.
+The above value affects the maximum number of states that can be associated
with single IPv4 alias address and port.
+The value must be power of 2, and up to 128.
.It Cm host_del_age Ar seconds
The number of seconds until the host entry for a IPv6 client will be deleted
and all its resources will be released due to inactivity.
Modified: head/sbin/ipfw/ipfw2.h
==
--- head/sbin/ipfw/ipfw2.h Mon Mar 18 12:41:42 2019(r345273)
+++ head/sbin/ipfw/ipfw2.h Mon Mar 18 12:59:08 2019(r345274)
@@ -278,6 +278,7 @@ enum tokens {
TOK_AGG_LEN,
TOK_AGG_COUNT,
TOK_MAX_PORTS,
+ TOK_STATES_CHUNKS,
TOK_JMAXLEN,
TOK_PORT_RANGE,
TOK_HOST_DEL_AGE,
Modified: head/sbin/ipfw/nat64lsn.c
===
svn commit: r345275 - in head: sbin/ipfw sys/conf sys/modules/ipfw_nat64 sys/netinet6 sys/netpfil/ipfw/nat64
Author: ae
Date: Mon Mar 18 14:00:19 2019
New Revision: 345275
URL: https://svnweb.freebsd.org/changeset/base/345275
Log:
Revert r345274. It appears that not all 32-bit architectures have
necessary CK primitives.
Modified:
head/sbin/ipfw/ipfw.8
head/sbin/ipfw/ipfw2.h
head/sbin/ipfw/nat64lsn.c
head/sys/conf/files
head/sys/modules/ipfw_nat64/Makefile
head/sys/netinet6/ip_fw_nat64.h
head/sys/netpfil/ipfw/nat64/nat64lsn.c
head/sys/netpfil/ipfw/nat64/nat64lsn.h
head/sys/netpfil/ipfw/nat64/nat64lsn_control.c
Modified: head/sbin/ipfw/ipfw.8
==
--- head/sbin/ipfw/ipfw.8 Mon Mar 18 12:59:08 2019(r345274)
+++ head/sbin/ipfw/ipfw.8 Mon Mar 18 14:00:19 2019(r345275)
@@ -3300,7 +3300,6 @@ See
.Sx SYSCTL VARIABLES
for more info.
.Sh IPv6/IPv4 NETWORK ADDRESS AND PROTOCOL TRANSLATION
-.Ss Stateful translation
.Nm
supports in-kernel IPv6/IPv4 network address and protocol translation.
Stateful NAT64 translation allows IPv6-only clients to contact IPv4 servers
@@ -3318,8 +3317,7 @@ to be able use stateful NAT64 translator.
Stateful NAT64 uses a bunch of memory for several types of objects.
When IPv6 client initiates connection, NAT64 translator creates a host entry
in the states table.
-Each host entry uses preallocated IPv4 alias entry.
-Each alias entry has a number of ports group entries allocated on demand.
+Each host entry has a number of ports group entries allocated on demand.
Ports group entries contains connection state entries.
There are several options to control limits and lifetime for these objects.
.Pp
@@ -3339,11 +3337,6 @@ First time an original packet is handled and consumed
and then it is handled again as translated packet.
This behavior can be changed by sysctl variable
.Va net.inet.ip.fw.nat64_direct_output .
-Also translated packet can be tagged using
-.Cm tag
-rule action, and then matched by
-.Cm tagged
-opcode to avoid loops and extra overhead.
.Pp
The stateful NAT64 configuration command is the following:
.Bd -ragged -offset indent
@@ -3371,16 +3364,15 @@ to represent IPv4 addresses. This IPv6 prefix should b
The translator implementation follows RFC6052, that restricts the length of
prefixes to one of following: 32, 40, 48, 56, 64, or 96.
The Well-Known IPv6 Prefix 64:ff9b:: must be 96 bits long.
-The special
-.Ar ::/length
-prefix can be used to handle several IPv6 prefixes with one NAT64 instance.
-The NAT64 instance will determine a destination IPv4 address from prefix
-.Ar length .
-.It Cm states_chunks Ar number
-The number of states chunks in single ports group.
-Each ports group by default can keep 64 state entries in single chunk.
-The above value affects the maximum number of states that can be associated
with single IPv4 alias address and port.
-The value must be power of 2, and up to 128.
+.It Cm max_ports Ar number
+Maximum number of ports reserved for upper level protocols to one IPv6 client.
+All reserved ports are divided into chunks between supported protocols.
+The number of connections from one IPv6 client is limited by this option.
+Note that closed TCP connections still remain in the list of connections until
+.Cm tcp_close_age
+interval will not expire.
+Default value is
+.Ar 2048 .
.It Cm host_del_age Ar seconds
The number of seconds until the host entry for a IPv6 client will be deleted
and all its resources will be released due to inactivity.
Modified: head/sbin/ipfw/ipfw2.h
==
--- head/sbin/ipfw/ipfw2.h Mon Mar 18 12:59:08 2019(r345274)
+++ head/sbin/ipfw/ipfw2.h Mon Mar 18 14:00:19 2019(r345275)
@@ -278,7 +278,6 @@ enum tokens {
TOK_AGG_LEN,
TOK_AGG_COUNT,
TOK_MAX_PORTS,
- TOK_STATES_CHUNKS,
TOK_JMAXLEN,
TOK_PORT_RANGE,
TOK_HOST_DEL_AGE,
Modified: head/sbin/ipfw/nat64lsn.c
==
--- head/sbin/ipfw/nat64lsn.c Mon Mar 18 12:59:08 2019(r345274)
+++ head/sbin/ipfw/nat64lsn.c Mon Mar 18 14:00:19 2019(r345275)
@@ -87,70 +87,68 @@ nat64lsn_print_states(void *buf)
char sflags[4], *sf, *proto;
ipfw_obj_header *oh;
ipfw_obj_data *od;
- ipfw_nat64lsn_stg_v1 *stg;
- ipfw_nat64lsn_state_v1 *ste;
+ ipfw_nat64lsn_stg *stg;
+ ipfw_nat64lsn_state *ste;
uint64_t next_idx;
int i, sz;
oh = (ipfw_obj_header *)buf;
od = (ipfw_obj_data *)(oh + 1);
- stg = (ipfw_nat64lsn_stg_v1 *)(od + 1);
+ stg = (ipfw_nat64lsn_stg *)(od + 1);
sz = od->head.length - sizeof(*od);
next_idx = 0;
while (sz > 0 && next_idx != 0xFF) {
- next_idx = stg->next.index;
+ next_idx = stg->next_idx;
sz -= sizeof(*stg);
if (stg->count == 0) {
svn commit: r345276 - head/contrib/blacklist/bin
Author: lidl
Date: Mon Mar 18 15:45:06 2019
New Revision: 345276
URL: https://svnweb.freebsd.org/changeset/base/345276
Log:
Fixup syslog() call that should have used logging function pointer
PR: 236614
Submitted by: Helge Oldach
Modified:
head/contrib/blacklist/bin/blacklistd.c
Modified: head/contrib/blacklist/bin/blacklistd.c
==
--- head/contrib/blacklist/bin/blacklistd.c Mon Mar 18 14:00:19 2019
(r345275)
+++ head/contrib/blacklist/bin/blacklistd.c Mon Mar 18 15:45:06 2019
(r345276)
@@ -328,7 +328,7 @@ again:
if (dbi.id[0]) {
run_change("rem", &c, dbi.id, 0);
sockaddr_snprintf(buf, sizeof(buf), "%a", ss);
- syslog(LOG_INFO, "released %s/%d:%d after %d seconds",
+ (*lfun)(LOG_INFO, "released %s/%d:%d after %d seconds",
buf, c.c_lmask, c.c_port, c.c_duration);
}
state_del(state, &c);
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
Re: svn commit: r345238 - head
On 3/16/19 1:02 PM, Wolfram Schneider wrote:
> Author: wosch
> Date: Sat Mar 16 20:02:57 2019
> New Revision: 345238
> URL: https://svnweb.freebsd.org/changeset/base/345238
>
> Log:
> `make buildkernel' should display the build time in seconds
>
> PR: 224433
> Approved by:cem
> Differential Revision: https://reviews.freebsd.org/D13910
>
> Modified:
> head/Makefile.inc1
>
> Modified: head/Makefile.inc1
> ==
> --- head/Makefile.inc1Sat Mar 16 17:55:22 2019(r345237)
> +++ head/Makefile.inc1Sat Mar 16 20:02:57 2019(r345238)
> @@ -1584,6 +1584,11 @@ _cleankernobj_fast_depend_hack: .PHONY
>
> ${WMAKE_TGTS:N_worldtmp:Nbuild${libcompat}} ${.ALLTARGETS:M_*:N_worldtmp}:
> .MAKE .PHONY
>
> +# record kernel(s) build time in seconds
> +.if make(buildkernel)
> +_BUILDKERNEL_START!= date '+%s'
> +.endif
> +
> #
> # buildkernel
> #
> @@ -1640,7 +1645,12 @@ buildkernel: .MAKE .PHONY
> @echo "--"
> @echo ">>> Kernel build for ${_kernel} completed on `LC_ALL=C date`"
> @echo "--"
> +
> .endfor
> + @seconds=$$(($$(date '+%s') - ${_BUILDKERNEL_START})); \
> + echo -n ">>> Kernel(s) build for${BUILDKERNELS} in $$seconds seconds,
> "; \
> + echo "ncpu: $$(sysctl -n hw.ncpu)${.MAKE.JOBS:S/^/, make -j/}"
> + @echo "--"
Both this and the previous message for buildworld should use 'built' instead
of 'build' so that the message is something like "World built in 47 seconds"
rather than "World build in 47 seconds".
This sentence is also somewhat odd:
"Kernel(s) build for FOO BAR BAZ in 47 seconds"
Even with 'built' fixed, I feel like it should be more like:
"FOO BAR BAZ kernel(s) built in 47 seconds" by moving ${BUILDKERNELS} to the
start of the message?
--
John Baldwin
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r345278 - head/lib/libomp
Author: dim
Date: Mon Mar 18 19:11:11 2019
New Revision: 345278
URL: https://svnweb.freebsd.org/changeset/base/345278
Log:
Also explicitly link libomp.so against -lm, as it transitively depends
on scalbn and a few other math functions, via libcompiler-rt. This
should allow OpenMP programs to link with BFD linkers too.
Reported by: jbeich
PR: 236062, 236581
MFC after:1 month
X-MFC-With: r344779
Modified:
head/lib/libomp/Makefile
Modified: head/lib/libomp/Makefile
==
--- head/lib/libomp/MakefileMon Mar 18 18:05:19 2019(r345277)
+++ head/lib/libomp/MakefileMon Mar 18 19:11:11 2019(r345278)
@@ -67,5 +67,6 @@ LDFLAGS+= -Wl,-soname,libomp.so
VERSION_MAP= ${OMPSRC}/exports_so.txt
LIBADD+= pthread
+LIBADD+= m
.include
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r345280 - head/sys/sys
Author: emaste
Date: Mon Mar 18 19:23:19 2019
New Revision: 345280
URL: https://svnweb.freebsd.org/changeset/base/345280
Log:
sys/stat.h: Improve timespec compatibility with other BSDs
OpenBSD and NetBSD provide macros to directly reference the underlying
struct timespec's tv_nsec member. While FreeBSD has such macros for
tv_sec, the others are missing. Add the following macros:
st->st_atimensec
st->st_mtimensec
st->st_ctimensec
st->st_birthtimensec
Adding these fields will provide programs which reference them better
portability to FreeBSD. An example of such a program is makefs(8),
which has unused support for subseconds that it has inherited from
NetBSD.
Submitted by: Mitchell Horne
Reviewed by: kib
Differential Revision:https://reviews.freebsd.org/D19626
Modified:
head/sys/sys/stat.h
Modified: head/sys/sys/stat.h
==
--- head/sys/sys/stat.h Mon Mar 18 19:21:53 2019(r345279)
+++ head/sys/sys/stat.h Mon Mar 18 19:23:19 2019(r345280)
@@ -224,6 +224,10 @@ struct nstat {
#definest_ctimest_ctim.tv_sec
#if __BSD_VISIBLE
#definest_birthtimest_birthtim.tv_sec
+#definest_atimensecst_atim.tv_nsec
+#definest_mtimensecst_mtim.tv_nsec
+#definest_ctimensecst_ctim.tv_nsec
+#definest_birthtimensecst_birthtim.tv_nsec
#endif
/* For compatibility. */
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r345281 - in head/usr.sbin/makefs: . tests
Author: emaste
Date: Mon Mar 18 19:26:36 2019
New Revision: 345281
URL: https://svnweb.freebsd.org/changeset/base/345281
Log:
makefs: Fix "time" mtree attribute handling
When processing mtree(5) MANIFEST files, makefs(8) previously threw an
error if it encountered an entry whose "time" attribute contained a
non-zero subsecond component (e.g. time=1551620152.98722).
Update the handling logic to properly assign the subsecond component if
built with nanosecond support, or silently discard it otherwise.
Also, re-enable the time attribute for the kyua tests.
PR: 194703
Submitted by: Mitchell Horne
Differential Revision:https://reviews.freebsd.org/D19627
Modified:
head/usr.sbin/makefs/mtree.c
head/usr.sbin/makefs/tests/makefs_tests_common.sh
Modified: head/usr.sbin/makefs/mtree.c
==
--- head/usr.sbin/makefs/mtree.cMon Mar 18 19:23:19 2019
(r345280)
+++ head/usr.sbin/makefs/mtree.cMon Mar 18 19:26:36 2019
(r345281)
@@ -644,14 +644,17 @@ read_mtree_keywords(FILE *fp, fsnode *node)
st->st_atime = num;
st->st_ctime = num;
st->st_mtime = num;
+#if HAVE_STRUCT_STAT_ST_MTIMENSEC
if (p == NULL)
break;
error = read_number(p, 10, &num, 0,
INTMAX_MAX);
if (error)
break;
- if (num != 0)
- error = EINVAL;
+ st->st_atimensec = num;
+ st->st_ctimensec = num;
+ st->st_mtimensec = num;
+#endif
} else if (strcmp(keyword, "type") == 0) {
if (value == NULL) {
error = ENOATTR;
Modified: head/usr.sbin/makefs/tests/makefs_tests_common.sh
==
--- head/usr.sbin/makefs/tests/makefs_tests_common.sh Mon Mar 18 19:23:19
2019(r345280)
+++ head/usr.sbin/makefs/tests/makefs_tests_common.sh Mon Mar 18 19:26:36
2019(r345281)
@@ -29,13 +29,7 @@
KB=1024
: ${TMPDIR=/tmp}
-# TODO: add mtree `time` support; get a lot of errors like this right now when
-# passing generating disk images with keyword mtree support, like:
-#
-# `[...]/mtree.spec:8: error: time: invalid value '1446458503'`
-#
-#DEFAULT_MTREE_KEYWORDS="type,mode,gid,uid,size,link,time"
-DEFAULT_MTREE_KEYWORDS="type,mode,gid,uid,size,link"
+DEFAULT_MTREE_KEYWORDS="type,mode,gid,uid,size,link,time"
TEST_IMAGE="$TMPDIR/test.img"
TEST_INPUTS_DIR="$TMPDIR/inputs"
TEST_MD_DEVICE_FILE="$TMPDIR/md.output"
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r345282 - head/lib/libomp
Author: dim Date: Mon Mar 18 19:56:00 2019 New Revision: 345282 URL: https://svnweb.freebsd.org/changeset/base/345282 Log: Remove --as-needed from the linker flags for libomp.so, as these actually prevent the transitive dependency on libm. Reported by: jbeich PR: 236062, 236581 MFC after:1 month X-MFC-With: r344779 Modified: head/lib/libomp/Makefile Modified: head/lib/libomp/Makefile == --- head/lib/libomp/MakefileMon Mar 18 19:26:36 2019(r345281) +++ head/lib/libomp/MakefileMon Mar 18 19:56:00 2019(r345282) @@ -58,7 +58,6 @@ CXXFLAGS+=-fno-exceptions CXXFLAGS+= -fno-rtti LDFLAGS+= -Wl,--warn-shared-textrel -LDFLAGS+= -Wl,--as-needed LDFLAGS+= -Wl,--gc-sections LDFLAGS+= -Wl,-z,noexecstack LDFLAGS+= -Wl,-fini=__kmp_internal_end_fini ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r345283 - in head: contrib/openmp/runtime/src lib
Author: dim
Date: Mon Mar 18 21:04:28 2019
New Revision: 345283
URL: https://svnweb.freebsd.org/changeset/base/345283
Log:
Enable building libomp.so for 32-bit x86. This is done by selectively
enabling the functions that save and restore MXCSR, since access to this
register requires SSE support.
Note that you may run into other issues with OpenMP on i386, since this
*not* yet supported upstream, and certainly not extensively tested.
PR: 236062, 236582
MFC after:1 month
X-MFC-With: r344779
Modified:
head/contrib/openmp/runtime/src/kmp.h
head/contrib/openmp/runtime/src/kmp_runtime.cpp
head/lib/Makefile
Modified: head/contrib/openmp/runtime/src/kmp.h
==
--- head/contrib/openmp/runtime/src/kmp.h Mon Mar 18 19:56:00 2019
(r345282)
+++ head/contrib/openmp/runtime/src/kmp.h Mon Mar 18 21:04:28 2019
(r345283)
@@ -3666,8 +3666,13 @@ extern int __kmp_read_from_file(char const *path, char
extern void __kmp_query_cpuid(kmp_cpuinfo_t *p);
-#define __kmp_load_mxcsr(p) _mm_setcsr(*(p))
+#if __SSE__
+static inline void __kmp_load_mxcsr(const kmp_uint32 *p) { _mm_setcsr(*(p)); }
static inline void __kmp_store_mxcsr(kmp_uint32 *p) { *p = _mm_getcsr(); }
+#else
+static inline void __kmp_load_mxcsr(const kmp_uint32 *) {}
+static inline void __kmp_store_mxcsr(kmp_uint32 *) {}
+#endif
extern void __kmp_load_x87_fpu_control_word(kmp_int16 *p);
extern void __kmp_store_x87_fpu_control_word(kmp_int16 *p);
Modified: head/contrib/openmp/runtime/src/kmp_runtime.cpp
==
--- head/contrib/openmp/runtime/src/kmp_runtime.cpp Mon Mar 18 19:56:00
2019(r345282)
+++ head/contrib/openmp/runtime/src/kmp_runtime.cpp Mon Mar 18 21:04:28
2019(r345283)
@@ -8104,7 +8104,7 @@ __kmp_determine_reduction_method(
#elif KMP_ARCH_X86 || KMP_ARCH_ARM || KMP_ARCH_AARCH || KMP_ARCH_MIPS
-#if KMP_OS_LINUX || KMP_OS_WINDOWS || KMP_OS_HURD
+#if KMP_OS_LINUX || KMP_OS_FREEBSD || KMP_OS_WINDOWS || KMP_OS_HURD
// basic tuning
Modified: head/lib/Makefile
==
--- head/lib/Makefile Mon Mar 18 19:56:00 2019(r345282)
+++ head/lib/Makefile Mon Mar 18 21:04:28 2019(r345283)
@@ -196,9 +196,7 @@ _libproc= libproc
_librtld_db= librtld_db
.endif
-.if !defined(COMPAT_32BIT)
SUBDIR.${MK_OPENMP}+= libomp
-.endif
SUBDIR.${MK_OPENSSL}+= libmp
SUBDIR.${MK_PMC}+= libpmc libpmcstat
SUBDIR.${MK_RADIUS_SUPPORT}+= libradius
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
Re: svn commit: r345238 - head
[ Charset UTF-8 unsupported, converting... ]
> On 3/16/19 1:02 PM, Wolfram Schneider wrote:
> > Author: wosch
> > Date: Sat Mar 16 20:02:57 2019
> > New Revision: 345238
> > URL: https://svnweb.freebsd.org/changeset/base/345238
> >
> > Log:
> > `make buildkernel' should display the build time in seconds
> >
> > PR: 224433
> > Approved by: cem
> > Differential Revision:https://reviews.freebsd.org/D13910
> >
> > Modified:
> > head/Makefile.inc1
> >
> > Modified: head/Makefile.inc1
> > ==
> > --- head/Makefile.inc1 Sat Mar 16 17:55:22 2019(r345237)
> > +++ head/Makefile.inc1 Sat Mar 16 20:02:57 2019(r345238)
> > @@ -1584,6 +1584,11 @@ _cleankernobj_fast_depend_hack: .PHONY
> >
> > ${WMAKE_TGTS:N_worldtmp:Nbuild${libcompat}} ${.ALLTARGETS:M_*:N_worldtmp}:
> > .MAKE .PHONY
> >
> > +# record kernel(s) build time in seconds
> > +.if make(buildkernel)
> > +_BUILDKERNEL_START!= date '+%s'
> > +.endif
> > +
> > #
> > # buildkernel
> > #
> > @@ -1640,7 +1645,12 @@ buildkernel: .MAKE .PHONY
> > @echo "--"
> > @echo ">>> Kernel build for ${_kernel} completed on `LC_ALL=C date`"
> > @echo "--"
> > +
> > .endfor
> > + @seconds=$$(($$(date '+%s') - ${_BUILDKERNEL_START})); \
> > + echo -n ">>> Kernel(s) build for${BUILDKERNELS} in $$seconds seconds,
> > "; \
> > + echo "ncpu: $$(sysctl -n hw.ncpu)${.MAKE.JOBS:S/^/, make -j/}"
> > + @echo "--"
>
> Both this and the previous message for buildworld should use 'built' instead
> of 'build' so that the message is something like "World built in 47 seconds"
> rather than "World build in 47 seconds".
>
> This sentence is also somewhat odd:
>
> "Kernel(s) build for FOO BAR BAZ in 47 seconds"
>
> Even with 'built' fixed, I feel like it should be more like:
>
> "FOO BAR BAZ kernel(s) built in 47 seconds" by moving ${BUILDKERNELS} to the
> start of the message?
"Kernel(s) ${BUILDKERNELS} built in 47 seconds"
reads better for me.
> John Baldwin
--
Rod Grimes rgri...@freebsd.org
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
Re: svn commit: r345274 - in head: sbin/ipfw sys/conf sys/modules/ipfw_nat64 sys/netinet6 sys/netpfil/ipfw/nat64
Hi, On Mon, Mar 18, 2019 at 12:59:09PM +, Andrey V. Elsukov wrote: A> Author: ae A> Date: Mon Mar 18 12:59:08 2019 A> New Revision: 345274 A> URL: https://svnweb.freebsd.org/changeset/base/345274 A> A> Log: A> Update NAT64LSN implementation: ... A> o ConcurrencyKit and epoch(9) is used to make NAT64LSN lockless on fast path. Why did you create a separate epoch? All the pfil hooks already run at network epoch. -- Gleb Smirnoff ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r345284 - head/sys/contrib/dev/ath/ath_hal/ar9300
Author: adrian
Date: Tue Mar 19 00:07:12 2019
New Revision: 345284
URL: https://svnweb.freebsd.org/changeset/base/345284
Log:
[ath_hal_ar9300] Add some comments around the AR9300 ANI code.
I'm refamiliarising myself with the behaviour of the ANI code and I thought
I'd drop some comments to remind myself.
Modified:
head/sys/contrib/dev/ath/ath_hal/ar9300/ar9300_ani.c
Modified: head/sys/contrib/dev/ath/ath_hal/ar9300/ar9300_ani.c
==
--- head/sys/contrib/dev/ath/ath_hal/ar9300/ar9300_ani.cMon Mar 18
21:04:28 2019(r345283)
+++ head/sys/contrib/dev/ath/ath_hal/ar9300/ar9300_ani.cTue Mar 19
00:07:12 2019(r345284)
@@ -1217,6 +1217,7 @@ ar9300_ani_ar_poll(struct ath_hal *ah, const HAL_NODE_
cck_phy_err_cnt = OS_REG_READ(ah, AR_PHY_ERR_2);
/* Populate HAL_ANISTATS */
+/* XXX TODO: are these correct? */
if (ani_stats) {
ani_stats->cckphyerr_cnt =
cck_phy_err_cnt - ani_state->cck_phy_err_count;
@@ -1257,18 +1258,32 @@ ar9300_ani_ar_poll(struct ath_hal *ah, const HAL_NODE_
return;
}
+/*
+ * Calculate the OFDM/CCK phy error rate over the listen time interval.
+ * This is used in subsequent math to see if the OFDM/CCK phy error rate
+ * is above or below the threshold checks.
+ */
+
ofdm_phy_err_rate =
ani_state->ofdm_phy_err_count * 1000 / ani_state->listen_time;
cck_phy_err_rate =
ani_state->cck_phy_err_count * 1000 / ani_state->listen_time;
HALDEBUG(ah, HAL_DEBUG_ANI,
-"%s: listen_time=%d OFDM:%d errs=%d/s CCK:%d errs=%d/s ofdm_turn=%d\n",
+"%s: listen_time=%d (total: %d) OFDM:%d errs=%d/s CCK:%d errs=%d/s
ofdm_turn=%d\n",
__func__, listen_time,
+ani_state->listen_time,
ani_state->ofdm_noise_immunity_level, ofdm_phy_err_rate,
ani_state->cck_noise_immunity_level, cck_phy_err_rate,
ani_state->ofdms_turn);
+/*
+ * Check for temporary noise spurs. This is intended to be used by
+ * rate control to check if we should try higher packet rates or not.
+ * If the noise period is short enough then we shouldn't avoid trying
+ * higher rates but if the noise is high/sustained then it's likely
+ * not a great idea to try the higher MCS rates.
+ */
if (ani_state->listen_time >= HAL_NOISE_DETECT_PERIOD) {
old_phy_noise_spur = ani_state->phy_noise_spur;
if (ofdm_phy_err_rate <= ani_state->ofdm_trig_low &&
@@ -1281,7 +1296,7 @@ ar9300_ani_ar_poll(struct ath_hal *ah, const HAL_NODE_
}
if (old_phy_noise_spur != ani_state->phy_noise_spur) {
HALDEBUG(ah, HAL_DEBUG_ANI,
- "%s: enviroment change from %d to %d\n",
+ "%s: environment change from %d to %d\n",
__func__, old_phy_noise_spur, ani_state->phy_noise_spur);
}
}
@@ -1304,6 +1319,10 @@ ar9300_ani_ar_poll(struct ath_hal *ah, const HAL_NODE_
ar9300_ani_lower_immunity(ah);
ani_state->ofdms_turn = !ani_state->ofdms_turn;
}
+/*
+ * Force an ANI restart regardless of whether the lower immunity
+ * level was met.
+ */
HALDEBUG(ah, HAL_DEBUG_ANI,
"%s: 1 listen_time=%d ofdm=%d/s cck=%d/s - "
"calling ar9300_ani_restart\n",
@@ -1337,6 +1356,13 @@ ar9300_ani_ar_poll(struct ath_hal *ah, const HAL_NODE_
ani_state->ofdms_turn = AH_TRUE;
}
}
+
+/*
+ * Note that currently this poll function doesn't reset the listen
+ * time after it accumulates a second worth of error samples.
+ * It will continue to accumulate samples until a counter overflows,
+ * or a raise threshold is met, or 5 seconds passes.
+ */
}
/*
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r345285 - stable/12/sys/net
Author: kp
Date: Tue Mar 19 00:27:45 2019
New Revision: 345285
URL: https://svnweb.freebsd.org/changeset/base/345285
Log:
MFC r344794:
tun: VIMAGE fix for if_tun cloner
The if_tun cloner is not virtualised, but if_clone_attach() does use a
virtualised list of cloners.
The result is that we can't find the if_tun cloner when we try to remove
a renamed tun interface. Virtualise the cloner, and move the final
cleanup into a sysuninit so that we're sure this happens after all of
the vnet_sysuninits
Note that we need unit numbers to be system-unique (rather than unique
per vnet, as is done by if_clone_simple()). The unit number is used to
create the corresponding /dev/tunX device node, and this node must match
with the interface.
Switch to if_clone_advanced() so that we have control over the unit
numbers.
Reproduction scenario:
jail -c -n foo persist vnet
jexec test ifconfig tun create
jexec test ifconfig tun0 name wg0
jexec test ifconfig wg0 destroy
PR: 235704
Reviewed by: bz, hrs, hselasky
Differential Revision:https://reviews.freebsd.org/D19248
Modified:
stable/12/sys/net/if_tun.c
Directory Properties:
stable/12/ (props changed)
Modified: stable/12/sys/net/if_tun.c
==
--- stable/12/sys/net/if_tun.c Tue Mar 19 00:07:12 2019(r345284)
+++ stable/12/sys/net/if_tun.c Tue Mar 19 00:27:45 2019(r345285)
@@ -41,6 +41,7 @@
#include
#include
#include
+#include
#include
#include
@@ -105,6 +106,7 @@ struct tun_softc {
* which is static after setup.
*/
static struct mtx tunmtx;
+static eventhandler_tag tag;
static const char tunname[] = "tun";
static MALLOC_DEFINE(M_TUN, tunname, "Tunnel Interface");
static int tundebug = 0;
@@ -129,9 +131,12 @@ static int tunoutput(struct ifnet *, struct mbuf *,
const struct sockaddr *, struct route *ro);
static voidtunstart(struct ifnet *);
-static int tun_clone_create(struct if_clone *, int, caddr_t);
-static voidtun_clone_destroy(struct ifnet *);
-static struct if_clone *tun_cloner;
+static int tun_clone_match(struct if_clone *ifc, const char *name);
+static int tun_clone_create(struct if_clone *, char *, size_t, caddr_t);
+static int tun_clone_destroy(struct if_clone *, struct ifnet *);
+static struct unrhdr *tun_unrhdr;
+VNET_DEFINE_STATIC(struct if_clone *, tun_cloner);
+#define V_tun_cloner VNET(tun_cloner)
static d_open_ttunopen;
static d_close_t tunclose;
@@ -173,11 +178,35 @@ static struct cdevsw tun_cdevsw = {
};
static int
-tun_clone_create(struct if_clone *ifc, int unit, caddr_t params)
+tun_clone_match(struct if_clone *ifc, const char *name)
{
+ if (strncmp(tunname, name, 3) == 0 &&
+ (name[3] == '\0' || isdigit(name[3])))
+ return (1);
+
+ return (0);
+}
+
+static int
+tun_clone_create(struct if_clone *ifc, char *name, size_t len, caddr_t params)
+{
struct cdev *dev;
- int i;
+ int err, unit, i;
+ err = ifc_name2unit(name, &unit);
+ if (err != 0)
+ return (err);
+
+ if (unit != -1) {
+ /* If this unit number is still available that/s okay. */
+ if (alloc_unr_specific(tun_unrhdr, unit) == -1)
+ return (EEXIST);
+ } else {
+ unit = alloc_unr(tun_unrhdr);
+ }
+
+ snprintf(name, IFNAMSIZ, "%s%d", tunname, unit);
+
/* find any existing device, or allocate new unit number */
i = clone_create(&tunclones, &tun_cdevsw, &unit, &dev, 0);
if (i) {
@@ -252,6 +281,7 @@ tun_destroy(struct tun_softc *tp)
dev = tp->tun_dev;
bpfdetach(TUN2IFP(tp));
if_detach(TUN2IFP(tp));
+ free_unr(tun_unrhdr, TUN2IFP(tp)->if_dunit);
if_free(TUN2IFP(tp));
destroy_dev(dev);
seldrain(&tp->tun_rsel);
@@ -263,8 +293,8 @@ tun_destroy(struct tun_softc *tp)
CURVNET_RESTORE();
}
-static void
-tun_clone_destroy(struct ifnet *ifp)
+static int
+tun_clone_destroy(struct if_clone *ifc, struct ifnet *ifp)
{
struct tun_softc *tp = ifp->if_softc;
@@ -272,39 +302,64 @@ tun_clone_destroy(struct ifnet *ifp)
TAILQ_REMOVE(&tunhead, tp, tun_list);
mtx_unlock(&tunmtx);
tun_destroy(tp);
+
+ return (0);
}
+static void
+vnet_tun_init(const void *unused __unused)
+{
+ V_tun_cloner = if_clone_advanced(tunname, 0, tun_clone_match,
+ tun_clone_create, tun_clone_destroy);
+}
+VNET_SYSINIT(vnet_tun_init, SI_SUB_PROTO_IF, SI_ORDER_ANY,
+ vnet_tun_init, NULL);
+
+static void
+vnet_tun_uninit(const void *unused __unused)
+{
+ if_clone_detach(V_tun_cloner);
+}
+VNET_SYSUNINIT(vnet_tun_uninit, SI_SUB_PROTO_IF, SI_ORDER_ANY,
+vnet_tun_uninit, NULL);
+
+static void
+tun_uninit(const void *unused
svn commit: r345286 - stable/11/sys/net
Author: kp
Date: Tue Mar 19 00:27:48 2019
New Revision: 345286
URL: https://svnweb.freebsd.org/changeset/base/345286
Log:
MFC r344794:
tun: VIMAGE fix for if_tun cloner
The if_tun cloner is not virtualised, but if_clone_attach() does use a
virtualised list of cloners.
The result is that we can't find the if_tun cloner when we try to remove
a renamed tun interface. Virtualise the cloner, and move the final
cleanup into a sysuninit so that we're sure this happens after all of
the vnet_sysuninits
Note that we need unit numbers to be system-unique (rather than unique
per vnet, as is done by if_clone_simple()). The unit number is used to
create the corresponding /dev/tunX device node, and this node must match
with the interface.
Switch to if_clone_advanced() so that we have control over the unit
numbers.
Reproduction scenario:
jail -c -n foo persist vnet
jexec test ifconfig tun create
jexec test ifconfig tun0 name wg0
jexec test ifconfig wg0 destroy
PR: 235704
Reviewed by: bz, hrs, hselasky
Differential Revision:https://reviews.freebsd.org/D19248
Modified:
stable/11/sys/net/if_tun.c
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/sys/net/if_tun.c
==
--- stable/11/sys/net/if_tun.c Tue Mar 19 00:27:45 2019(r345285)
+++ stable/11/sys/net/if_tun.c Tue Mar 19 00:27:48 2019(r345286)
@@ -41,6 +41,7 @@
#include
#include
#include
+#include
#include
#include
@@ -105,6 +106,7 @@ struct tun_softc {
* which is static after setup.
*/
static struct mtx tunmtx;
+static eventhandler_tag tag;
static const char tunname[] = "tun";
static MALLOC_DEFINE(M_TUN, tunname, "Tunnel Interface");
static int tundebug = 0;
@@ -129,9 +131,12 @@ static int tunoutput(struct ifnet *, struct mbuf *,
const struct sockaddr *, struct route *ro);
static voidtunstart(struct ifnet *);
-static int tun_clone_create(struct if_clone *, int, caddr_t);
-static voidtun_clone_destroy(struct ifnet *);
-static struct if_clone *tun_cloner;
+static int tun_clone_match(struct if_clone *ifc, const char *name);
+static int tun_clone_create(struct if_clone *, char *, size_t, caddr_t);
+static int tun_clone_destroy(struct if_clone *, struct ifnet *);
+static struct unrhdr *tun_unrhdr;
+VNET_DEFINE_STATIC(struct if_clone *, tun_cloner);
+#define V_tun_cloner VNET(tun_cloner)
static d_open_ttunopen;
static d_close_t tunclose;
@@ -173,11 +178,35 @@ static struct cdevsw tun_cdevsw = {
};
static int
-tun_clone_create(struct if_clone *ifc, int unit, caddr_t params)
+tun_clone_match(struct if_clone *ifc, const char *name)
{
+ if (strncmp(tunname, name, 3) == 0 &&
+ (name[3] == '\0' || isdigit(name[3])))
+ return (1);
+
+ return (0);
+}
+
+static int
+tun_clone_create(struct if_clone *ifc, char *name, size_t len, caddr_t params)
+{
struct cdev *dev;
- int i;
+ int err, unit, i;
+ err = ifc_name2unit(name, &unit);
+ if (err != 0)
+ return (err);
+
+ if (unit != -1) {
+ /* If this unit number is still available that/s okay. */
+ if (alloc_unr_specific(tun_unrhdr, unit) == -1)
+ return (EEXIST);
+ } else {
+ unit = alloc_unr(tun_unrhdr);
+ }
+
+ snprintf(name, IFNAMSIZ, "%s%d", tunname, unit);
+
/* find any existing device, or allocate new unit number */
i = clone_create(&tunclones, &tun_cdevsw, &unit, &dev, 0);
if (i) {
@@ -252,6 +281,7 @@ tun_destroy(struct tun_softc *tp)
dev = tp->tun_dev;
bpfdetach(TUN2IFP(tp));
if_detach(TUN2IFP(tp));
+ free_unr(tun_unrhdr, TUN2IFP(tp)->if_dunit);
if_free(TUN2IFP(tp));
destroy_dev(dev);
seldrain(&tp->tun_rsel);
@@ -263,8 +293,8 @@ tun_destroy(struct tun_softc *tp)
CURVNET_RESTORE();
}
-static void
-tun_clone_destroy(struct ifnet *ifp)
+static int
+tun_clone_destroy(struct if_clone *ifc, struct ifnet *ifp)
{
struct tun_softc *tp = ifp->if_softc;
@@ -272,39 +302,64 @@ tun_clone_destroy(struct ifnet *ifp)
TAILQ_REMOVE(&tunhead, tp, tun_list);
mtx_unlock(&tunmtx);
tun_destroy(tp);
+
+ return (0);
}
+static void
+vnet_tun_init(const void *unused __unused)
+{
+ V_tun_cloner = if_clone_advanced(tunname, 0, tun_clone_match,
+ tun_clone_create, tun_clone_destroy);
+}
+VNET_SYSINIT(vnet_tun_init, SI_SUB_PROTO_IF, SI_ORDER_ANY,
+ vnet_tun_init, NULL);
+
+static void
+vnet_tun_uninit(const void *unused __unused)
+{
+ if_clone_detach(V_tun_cloner);
+}
+VNET_SYSUNINIT(vnet_tun_uninit, SI_SUB_PROTO_IF, SI_ORDER_ANY,
+vnet_tun_uninit, NULL);
+
+static void
+tun_uninit(const void *unused
svn commit: r345287 - stable/12/tests/sys/net
Author: kp
Date: Tue Mar 19 00:29:18 2019
New Revision: 345287
URL: https://svnweb.freebsd.org/changeset/base/345287
Log:
MFC r344797:
tun tests: Test renaming and destroying a tun interface in a vnet jail
There was a problem destroying renamed tun interfaces in vnet jails. This was
fixed in r344794. Test the previously failing scenario.
PR: 235704
Added:
stable/12/tests/sys/net/if_tun_test.sh
- copied unchanged from r344797, head/tests/sys/net/if_tun_test.sh
Modified:
stable/12/tests/sys/net/Makefile
Directory Properties:
stable/12/ (props changed)
Modified: stable/12/tests/sys/net/Makefile
==
--- stable/12/tests/sys/net/MakefileTue Mar 19 00:27:48 2019
(r345286)
+++ stable/12/tests/sys/net/MakefileTue Mar 19 00:29:18 2019
(r345287)
@@ -7,6 +7,7 @@ BINDIR= ${TESTSDIR}
ATF_TESTS_SH+= if_lagg_test
ATF_TESTS_SH+= if_clone_test
+ATF_TESTS_SH+= if_tun_test
# The tests are written to be run in parallel, but doing so leads to random
# panics. I think it's because the kernel's list of interfaces isn't properly
Copied: stable/12/tests/sys/net/if_tun_test.sh (from r344797,
head/tests/sys/net/if_tun_test.sh)
==
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ stable/12/tests/sys/net/if_tun_test.sh Tue Mar 19 00:29:18 2019
(r345287, copy of r344797, head/tests/sys/net/if_tun_test.sh)
@@ -0,0 +1,30 @@
+# $FreeBSD$
+
+. $(atf_get_srcdir)/../common/vnet.subr
+
+atf_test_case "235704" "cleanup"
+235704_head()
+{
+ atf_set descr "Test PR #235704"
+ atf_set require.user root
+}
+
+235704_body()
+{
+ vnet_init
+ vnet_mkjail one
+
+ tun=$(jexec one ifconfig tun create)
+ jexec one ifconfig ${tun} name foo
+ atf_check -s exit:0 jexec one ifconfig foo destroy
+}
+
+235704_cleanup()
+{
+ vnet_cleanup
+}
+
+atf_init_test_cases()
+{
+ atf_add_test_case "235704"
+}
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r345288 - head/sys/amd64/sgx
Author: mw
Date: Tue Mar 19 02:33:58 2019
New Revision: 345288
URL: https://svnweb.freebsd.org/changeset/base/345288
Log:
Prevent loading SGX with incorrect EPC data
It may happen on some machines, that even if SGX is disabled
in firmware, the driver would still attach despite EPC base and
size equal zero. Such behaviour causes a kernel panic when the
module is unloaded. Add a simple check to make sure we
only attach when these values are correctly set.
Submitted by: Kornel Duleba
Reviewed by: br
Obtained from: Semihalf
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D19595
Modified:
head/sys/amd64/sgx/sgx.c
Modified: head/sys/amd64/sgx/sgx.c
==
--- head/sys/amd64/sgx/sgx.cTue Mar 19 00:29:18 2019(r345287)
+++ head/sys/amd64/sgx/sgx.cTue Mar 19 02:33:58 2019(r345288)
@@ -1075,6 +1075,12 @@ sgx_get_epc_area(struct sgx_softc *sc)
(cp[2] & 0xf000);
sc->npages = sc->epc_size / SGX_PAGE_SIZE;
+ if (sc->epc_size == 0 || sc->epc_base == 0) {
+ printf("%s: Incorrect EPC data: EPC base %lx, size %lu\n",
+ __func__, sc->epc_base, sc->epc_size);
+ return (EINVAL);
+ }
+
if (cp[3] & 0x)
sc->enclave_size_max = (1 << ((cp[3] >> 8) & 0xff));
else
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r345289 - head/stand/common
Author: mw
Date: Tue Mar 19 02:45:32 2019
New Revision: 345289
URL: https://svnweb.freebsd.org/changeset/base/345289
Log:
Add missing boot.4th verification
During initialization of the forth interpreter
the loader looks for "/boot/boot.4th"
and executes any code found there.
That file was loaded bypassing verification.
Add a call to verify_file to change that.
Submitted by: Kornel Duleba
Reviewed by: sjg
Obtained from: Semihalf
Sponsored by: Stormshield
Modified:
head/stand/common/interp_forth.c
Modified: head/stand/common/interp_forth.c
==
--- head/stand/common/interp_forth.cTue Mar 19 02:33:58 2019
(r345288)
+++ head/stand/common/interp_forth.cTue Mar 19 02:45:32 2019
(r345289)
@@ -283,6 +283,12 @@ bf_init(void)
/* try to load and run init file if present */
if ((fd = open("/boot/boot.4th", O_RDONLY)) != -1) {
+#ifdef LOADER_VERIEXEC
+ if (verify_file(fd, "/boot/boot.4th", 0, VE_GUESS) < 0) {
+ close(fd);
+ return;
+ }
+#endif
(void)ficlExecFD(bf_vm, fd);
close(fd);
}
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
svn commit: r345291 - head/share/mk
Author: dim
Date: Tue Mar 19 06:58:28 2019
New Revision: 345291
URL: https://svnweb.freebsd.org/changeset/base/345291
Log:
Turn on MK_OPENMP for i386 by default, now that it can build.
Noticed by: jbeich
PR: 236062, 236582
MFC after:1 month
X-MFC-With: r344779
Modified:
head/share/mk/src.opts.mk
Modified: head/share/mk/src.opts.mk
==
--- head/share/mk/src.opts.mk Tue Mar 19 03:10:13 2019(r345290)
+++ head/share/mk/src.opts.mk Tue Mar 19 06:58:28 2019(r345291)
@@ -399,7 +399,7 @@ BROKEN_OPTIONS+=NVME
BROKEN_OPTIONS+=BSD_CRTBEGIN
.endif
-.if ${COMPILER_FEATURES:Mc++11} && ${__T} == "amd64"
+.if ${COMPILER_FEATURES:Mc++11} && (${__T} == "amd64" || ${__T} == "i386")
__DEFAULT_YES_OPTIONS+=OPENMP
.else
__DEFAULT_NO_OPTIONS+=OPENMP
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
