| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
Add -v / --verbose to report status report since these things can take
minutes to retrieve.
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D55019
|
| |
|
|
|
|
|
|
|
| |
Don't sanity check the host initiated generation number. It's not
necessarily constant between the two log page fetches. nvme-cli doesn't
do this stanity check and it generates a lot of false positives.
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D55018
|
| |
|
|
|
|
|
|
|
|
|
| |
nvme-cli, as well as some vendor scripts, always set the RAE bit of the
GET LOG PAGE request when retrieving telemetry logs to avoid the log
getting reset to something new. Adopt that praactice here (nvme-cli
telemetry-log does have a --rae option, but that just turns on the rae
bit which defaults to being on: there's no way to turn it off).
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D55017
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously, setting an interface FIB to some invalid value would result
in a warning being printed, but the ifconfig command would exit with
status 0, but this is wrong.
Add a little regression test.
Reviewed by: pouria, zlei, melifaro
MFC after: 2 weeks
Sponsored by: Stormshield
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D54918
|
| |
|
|
|
| |
Sponsored by: NVidia networking
MFC after: 1 week
|
| |
|
|
|
|
|
|
|
|
| |
Revert the argument change that broke libcam in 8c35de49 and move
power_condition support to scsi_start_stop_pc().
Reported by: imp
Reviewed By: #cam, imp (mentor)
Sponsored by: Samsung Electronics
Differential Revision: https://reviews.freebsd.org/D54822
|
| |
|
|
|
|
|
|
|
| |
libfuse clients may pass the "-o auto_unmount" flag to ensure that the mountpoint
will get unmounted even if the server terminate abnormally. Without this flag
sending KILL to a FUSE daemon leaves its mountpoint mounted.
Approved by: asomers
Differential Revision: https://reviews.freebsd.org/D53086
|
| |
|
|
|
|
|
|
|
|
|
| |
Now that newfs(8) has a command-line argument to disable soft updates,
use that instead of running tunefs(8) after the fact to turn them off.
MFC after: 1 week
Sponsored by: Klara, Inc.
Sponsored by: NetApp, Inc.
Reviewed by: mckusick, imp
Differential Revision: https://reviews.freebsd.org/D54783
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
pf(4) users who use limiters in current should update the rules
accordingly to reflect the change in default behavior. The existing
rule which reads as follows:
pass in from any to any state limiter test
needs to be changed to:
pass in from any to any state limiter test (no-match)
OK dlg@
Obtained from: OpenBSD, sashan <sashan@openbsd.org>, c600931321
Sponsored by: Rubicon Communications, LLC ("Netgate")
|
| |
|
|
|
|
|
|
| |
No functional change intended.
Reviewed by: pouria, delphij, imp
Approved by: glebius (mentor)
Differential Revision: https://reviews.freebsd.org/D54752
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
PF configuration files can contains many things.
Using the new page characters (i.e. ^L, \014) to mark the beginning
of parts is useful because many editors such as emacs and vim has
facilities to jump next/previous ones.
PR: 86635
MFC after: 2 weeks
Submitted by: MOROHOSHI Akihiko <moro@remus.dti.ne.jp>
Submitted by: Simon Wollwage <rootnode+freebsd@wollwage.com>
Sponsored by: Rubicon Communications, LLC ("Netgate")
|
| |
|
|
|
|
|
|
|
|
| |
When printing source limiters use the same keywords as we accept on
input, that is use 'entries' for the entries value (not 'limit') and
'limit' for the limit value (and not 'states').
Update the test case to match.
Sponsored by: Rubicon Communications, LLC ("Netgate")
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change extends pf(4) limiters so administrator
can specify action the rule executes when limit is
reached. By default when limit is reached the limiter
overrides action specified by rule to no-match.
If administrator wants to block packet instead then
rule with limiter should be changed to:
pass in from any to any state limiter test (block)
OK dlg@
Obtained from: OpenBSD, sashan <sashan@openbsd.org>, 04394254d9
Sponsored by: Rubicon Communications, LLC ("Netgate")
|
| |
|
|
|
|
|
|
|
|
|
| |
pfctl_parser.c, ifa_load() should distinguish between broadcast
and PPP peer address when it populates interface table for rule
parser.
OK @claudio, OK @dlg
Obtained from: OpenBSD, sashan <sashan@openbsd.org>, 2e871bec67
Sponsored by: Rubicon Communications, LLC ("Netgate")
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The current ifa_load() is not paranoid enough when it deals with
information which comes from kernel. The function just ignores
sa_len member in socket address returned getifaddrs().
The issue has been reported by anton@. The idea for fix here comes
fromy claudio@.
OK @claudio, @deraadt
Obtained from: OpenBSD, sashan <sashan@openbsd.org>, a48d060175
Sponsored by: Rubicon Communications, LLC ("Netgate")
|
| |
|
|
| |
Sponsored by: Rubicon Communications, LLC ("Netgate")
|
| |
|
|
| |
Sponsored by: Rubicon Communications, LLC ("Netgate")
|
| |
|
|
|
|
|
|
|
|
|
| |
Deviate a little from the OpenBSD code, to avoid unexpected output
changes.
Don't print limiter information when we show the rules (or labels).
Do include the source and state limiters in the 'all' (pfctl -sa) output
and give them their own titles.
Sponsored by: Rubicon Communications, LLC ("Netgate")
|
| |
|
|
|
|
|
|
|
|
| |
The 'introduce source and state limiters' commit added source and state
limiters, and used Stlimiters and Srclimiters as show options. However,
FreeBSD had 'Sources' as a show option already. This means that
'pfctl -sS' would now be ambiguous. Avoid this by renaming the new
options.
Sponsored by: Rubicon Communications, LLC ("Netgate")
|
| |
|
|
|
|
|
| |
This is a new feature with new ioctl calls, so we can safely remove them
right now.
Sponsored by: Rubicon Communications, LLC ("Netgate")
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
both source and state limiters can provide constraints on the number
of states that a set of rules can create, and optionally the rate
at which they are created. state limiters have a single limit, but
source limiters apply limits against a source address (or network).
the source address entries are dynamically created and destroyed,
and are also limited.
this started out because i was struggling to understand the source and
state tracking options in pf.conf, and looking at the code made it
worse. it looked like some functionality was missing, and the code also
did some things that surprised me. taking a step back from it, even it
if did work, what is described doesn't work well outside very simple
environments.
the functionality i'm talking about is most of the stuff in the
Stateful Tracking Options section of pf.conf(4).
some of the problems are illustrated one of the simplest options:
the "max number" option that limits the number of states that a
rule is allowed to create:
- wiring limits up to rules is a problem because when you load a
new ruleset the limit is reset, allowing more states to be created
than you intended.
- a single "rule" in pf.conf can expand to multiple rules in the
kernel thanks to things like macro expansion for multiple ports.
"max 1000" on a line in pf.conf could end up being many times
that in effect.
- when a state limit on a rule is reached, the packet is dropped.
this makes it difficult to do other things with the packet, such a
redirect it to a tarpit or another server that replies with an
outage notices or such.
a state limiter solves these problems. the example from the pf.conf.5
change demonstrates this:
An example use case for a state limiter is to restrict the number of
connections allowed to a service that is accessible via multiple
protocols, e.g. a DNS server that can be accessed by both TCP and UDP on
port 53, DNS-over-TLS on TCP port 853, and DNS-over-HTTPS on TCP port 443
can be limited to 1000 concurrent connections:
state limiter "dns-server" id 1 limit 1000
pass in proto { tcp udp } to port domain state limiter "dns-server"
pass in proto tcp to port { 853 443 } state limiter "dns-server"
a single limit across all these protocols can't be implemented with
per rule state limits, and any limits that were applied are reset
if the ruleset is reloaded.
the existing source-track implementation appears to be incomplete,
i could only see code for "source-track global", but not "source-track
rule". source-track global is too heavy and unweildy a hammer, and
source-track rule would suffer the same issues around rule lifetimes
and expansions that the "max number" state tracking config above has.
a slightly expanded example from the pf.conf.5 change for source limiters:
An example use for a source limiter is the mitigation of denial of
service caused by the exhaustion of firewall resources by network or port
scans from outside the network. The states created by any one scanner
from any one source address can be limited to avoid impacting other
sources. Below, up to 10000 IPv4 hosts and IPv6 /64 networks from the
external network are each limited to a maximum of 1000 connections, and
are rate limited to creating 100 states over a 10 second interval:
source limiter "internet" id 1 entries 10000 \
limit 1000 rate 100/10 \
inet6 mask 64
block in on egress
pass in quick on egress source limiter "internet"
pass in on egress proto tcp probability 20% rdr-to $tarpit
the extra bit is if the source limiter doesn't have "space" for the
state, the rule doesn't match and you can fall through to tarpitting
20% of the tcp connections for fun.
i've been using this in anger in production for over 3 years now.
sashan@ has been poking me along (slowly) to get it in a good enough
shape for the tree for a long time. it's been one of those years.
bluhm@ says this doesnt break the regress tests.
ok sashan@
Obtained from: OpenBSD, dlg <dlg@openbsd.org>, 8463cae72e
Sponsored by: Rubicon Communications, LLC ("Netgate")
|
| |
|
|
|
|
|
|
| |
PR: 291853
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Reviewed by: zarychtam_plan-b.pwste.edu.pl, markj
Differential Revision: https://reviews.freebsd.org/D54456
|
| |
|
|
| |
Fixes: 68562f8145e8 ("newfs: Add an option to disable soft updates")
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
A previous commit turned soft updates on by default for UFS2 without
providing a way to turn them off. This corrects that by adding a new -u
flag which forces soft updates (and soft updates journaling) off.
MFC after: 1 week
Sponsored by: Klara, Inc.
Sponsored by: NetApp, Inc.
Fixes: 61dece6d27fb ("Enable soft updates by default for UFS2 filesystems.")
Reviewed by: mckusick
Differential Revision: https://reviews.freebsd.org/D54576
|
| |
|
|
|
|
|
|
|
| |
It turns out we'd already added this a few years ago, so didn't need to
add it again.
Fixes: 190c1f3d9326
Reported by: Seth Hoffert <seth.hoffert@gmail.com>
Sponsored by: Rubicon Communications, LLC ("Netgate")
|
| |
|
|
| |
Sponsored by: Rubicon Communications, LLC ("Netgate")
|
| |
|
|
| |
Sponsored by: Rubicon Communications, LLC ("Netgate")
|
| |
|
|
|
|
|
| |
OK stsp@
Obtained from: OpenBSD, phessler <phessler@openbsd.org>, f8a2f73b65
Sponsored by: Rubicon Communications, LLC ("Netgate")
|
| |
|
|
| |
MFC after: 3 days
|
| |
|
|
|
|
|
| |
rulese -> ruleset
MFC after: 3 days
X-MFC-with: a7b8a5d37bcb0009297962137bfb6c6570e5af12
|
| |
|
|
|
|
|
|
|
|
|
|
| |
A mark set with "setmark" keyword is intended to be "sticky"
and documented as such but in fact it is not yet,
as current implementation lacks "sticky" feature
and its implementation will be not MFC'd, most probably.
Correct the manual page until the implementation improved.
MFC after: 3 days
Discussed with: Boris Lytochkin <lytboris@gmail.com> (author)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Mark `dot_name` and `dotdot_name` as as `__non_string`, to avoid
warnings from clang 21 similar to:
sbin/fsck_msdosfs/dir.c:466:39: error: initializer-string for character array is too long, array size is 11 but initializer has size 12 (including the null terminating character); did you mean to use the 'nonstring' attribute? [-Werror,-Wunterminated-string-initialization]
466 | static const u_char dot_name[11] = ". ";
| ^~~~~~~~~~~~~
sbin/fsck_msdosfs/dir.c:467:39: error: initializer-string for character array is too long, array size is 11 but initializer has size 12 (including the null terminating character); did you mean to use the 'nonstring' attribute? [-Werror,-Wunterminated-string-initialization]
467 | static const u_char dotdot_name[11] = ".. ";
| ^~~~~~~~~~~~~
MFC after: 3 days
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This page has a lot of examples, so having them in the previous order
can be confusing. Rewrite to the normal order where the descriptions
come before the command, followed by a colon, which is still clear even
jumping to the middle of the section.
PR: 291759
MFC after: 3 days
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D54285
|
| |
|
|
| |
Sponsored by: Rubicon Communications, LLC ("Netgate")
|
| |
|
|
|
|
|
|
|
|
|
| |
The RB_HALT bit is always set when invoked as `halt`, so to maintain a
distinction between `halt` and `halt -p`, we must check the RB_POWEROFF
bit first.
PR: 291814
Fixes: 4453ec5b8716 ("reboot: Default to a clean shutdown")
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D54320
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
These functions take the source or destintation address indirectly from
a potentially missaligned buffer. Rename them to refect this and to
free up the copy{in,out}ptr names.
Some of the code in question is dead code and doesn't or won't compile,
but I've changed it all for consistency.
NB: If the pointers are actually stored under aligned then this code is
broken with CHERI.
Reviewed by: cy
Effort: CHERI upstreaming
Sponsored by: Innovate UK
Differential Revision: https://reviews.freebsd.org/D54232
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
By default, when ifconfig shows a v6 address derived from a
router-advertised prefix, it shows the initial preferred and valid
lifetimes. When -L is specified, it is supposed to show the remaining
lifetimes, but this was broken in the conversion to netlink.
Fix that, and add a regression test which validates ifconfig output
before and after a short-lived address expires.
Reported by: Franco Fichtner <franco@opnsense.org>
Reviewed by: melifaro, allanjude, Seyed Pouria Mousavizadeh Tehrani
Fixes: 4c91a5dfe483 ("ifconfig: make interface and address listing use Netlink as transport")
MFC after: 2 weeks
Sponsored by: OPNsense
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D54294
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Added libxo support to `gpart show`, also updated the man
pages for geom and gpart to show where you can expect
libxo formatted output.
PR: 290629
MFC after: 1 week
Sponsored by: ConnectWise
Reviewed by: asomers, mckusick, phil
Approved by: asomers (mentor)
Differential Revision: https://reviews.freebsd.org/D53950
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Modeled directly after the method used by the zfs/zpool commands: flag
commands with a "please log me" flag, and when there, reconstruct the
command line. On success, call the library function to add it to the
log.
(Majority of the change by Rob; minor edits by kevans@)
Signed-off-by: Rob Norris <rob.norris@klarasystems.com>
Co-authored-by: Kyle Evans <kevans@FreeBSD.org>
Sponsored by: Modirum MDPay
Sponsored by: Klara, Inc.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When copying ipfs data from user space, don't just check that the payload
length is nonzero, but also that it does not exceed the size of the stack
buffer we're copying it into.
While we're at it, use a union to create a buffer of the exact size we
need instead of guessing that 2048 will be enough (and not too much).
Finally, check the size of the payload once it gets to where it's used.
MFC after: 3 days
Reported by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Reviewed by: cy
Differential Revision: https://reviews.freebsd.org/D54194
|
| |
|
|
|
|
|
|
|
|
|
| |
Dynamically allocate bpf tap points for every rule that has "log".
The name is "ipfw%u", where %u is substituted to the rule number.
The default catch all "ipfw0" tap still exists for compatibility
and it will catch packets in case if there are no bpf listeners
on a per-rule tap.
Reviewed by: ae
Differential Revision: https://reviews.freebsd.org/D53877
|
| |
|
|
|
|
|
| |
This should provide people a chance to remove ipfw0 and ipfwlog0 from
cloned_interfaces in their rc.conf during FreeBSD 16.x lifetime.
Differential Revision: https://reviews.freebsd.org/D53876
|
| |
|
|
|
|
|
| |
As a free bonus the tapping points are now able to match packet direction.
Reviewed by: ae
Differential Revision: https://reviews.freebsd.org/D53875
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Remove the '#ifndef INET6', which never actually mattered because this
define is never set. This makes us report ICMP states for IPv4 and IPv6
the same way (and also aligns us with OpenBSD).
This means we will now always report state 0:0 rather than
NO_TRAFFIC:NO_TRAFFIC for icmp6 (like we already did for icmp).
Reported by: Lev Prokofev <lev@netgate.com>
Sponsored by: Rubicon Communications, LLC ("Netgate")
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add leaf-list modifier to attrib as it's possible to have multiple
attributes on a gpart provider.
I purposely made it so that the normal output still says "attrib:" just
so we don't break any scripts people may be using to parse the output,
but the libxo output now says "attribute" just like `gpart show` will do
once https://reviews.freebsd.org/D53950 is merged.
PR: 291377
MFC after: 1 week
Reviewed by: asomers
Sponsored by: ConnectWise
Differential Revision: https://reviews.freebsd.org/D54080
|
| |
|
|
|
|
|
|
|
| |
Now that halt and reboot actually signal init, shutdown needs to run
fasthalt or fastboot instead when given the -o option.
MFC after: 1 month
Reviewed by: imp, allanjude
Differential Revision: https://reviews.freebsd.org/D54122
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* If invoked as fasthalt or fastboot, behavior is unchanged.
* If not invoked as fasthalt or fastboot, we simply signal init(8),
just like shutdown(8) does, instead of taking the system down
ourselves.
* Since only init can handle the RB_REROOT case, the -r flag is not
supported in fast mode.
* Update the usage string to correctly reflect the program being run
(fast or normal; halt, boot, or nextboot) and the options available
in each case.
* Update the manual page to make the distinction between normal and
fast mode clear, better explain what shutdown(8) still does that
reboot(8) does not, and add a historical note explaining what the
difference between the two used to be.
MFC after: 1 month
Relnotes: yes
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D54117
|
| |
|
|
| |
MFC after: 1 week
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
At the moment ipfs(8) is a tool that can be easily abused. Though the
concept is sound the implementation needs some work.
ipfs(8) should be considered experimental at the moment.
This commit also makes ipfs support in the kernel optional.
Reviewed by: emaste, glebius
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D53787
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a sysctl/tunable (net.inet.ipf.jail_allowed) to control whether a
jail can manage its own ipfilter rules, pools, and settings. A jail's
control over its own ipfilter rules and settings may not be desireable.
The default is jail access to ipfilter is denied.
The host system can stil manage a jail's rules by attaching the rules,
using the on keyword, limiting the rule to the jail's interface. Or
the sysctl/tunable can be enabled to allow a jail control over its own
ipfilter rules and settings.
Implementation note: Rather than store the jail_allowed variable,
referenced by sysctl(9), in a global area, storing the variable in the
ipfilter softc is consistent with ipfilter's use of its softc.
Discussed with: emaste, jrm
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D53623
|
