| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
| |
Update the ng_iface documentation and hooks to reflect the fact that the
node currently only supports IPv4 and v6 packets.
Reviewed by: Lutz Donnerhacke
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D25862
Notes:
svn path=/head/; revision=363736
|
|
|
|
|
|
|
|
|
|
|
| |
Reviewed by: phk (earlier version)
Reviewed by: emaste (earlier version)
Reviewed by: bcr (earlier version)
Reviewed by: zeising (earlier version)
Differential Revision: https://reviews.freebsd.org/D25874
Notes:
svn path=/head/; revision=363683
|
|
|
|
| |
Notes:
svn path=/head/; revision=363674
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Allow TLS records to be decrypted in the kernel after being received
by a NIC. At a high level this is somewhat similar to software KTLS
for the transmit path except in reverse. Protocols enqueue mbufs
containing encrypted TLS records (or portions of records) into the
tail of a socket buffer and the KTLS layer decrypts those records
before returning them to userland applications. However, there is an
important difference:
- In the transmit case, the socket buffer is always a single "record"
holding a chain of mbufs. Not-yet-encrypted mbufs are marked not
ready (M_NOTREADY) and released to protocols for transmit by marking
mbufs ready once their data is encrypted.
- In the receive case, incoming (encrypted) data appended to the
socket buffer is still a single stream of data from the protocol,
but decrypted TLS records are stored as separate records in the
socket buffer and read individually via recvmsg().
Initially I tried to make this work by marking incoming mbufs as
M_NOTREADY, but there didn't seemed to be a non-gross way to deal with
picking a portion of the mbuf chain and turning it into a new record
in the socket buffer after decrypting the TLS record it contained
(along with prepending a control message). Also, such mbufs would
also need to be "pinned" in some way while they are being decrypted
such that a concurrent sbcut() wouldn't free them out from under the
thread performing decryption.
As such, I settled on the following solution:
- Socket buffers now contain an additional chain of mbufs (sb_mtls,
sb_mtlstail, and sb_tlscc) containing encrypted mbufs appended by
the protocol layer. These mbufs are still marked M_NOTREADY, but
soreceive*() generally don't know about them (except that they will
block waiting for data to be decrypted for a blocking read).
- Each time a new mbuf is appended to this TLS mbuf chain, the socket
buffer peeks at the TLS record header at the head of the chain to
determine the encrypted record's length. If enough data is queued
for the TLS record, the socket is placed on a per-CPU TLS workqueue
(reusing the existing KTLS workqueues and worker threads).
- The worker thread loops over the TLS mbuf chain decrypting records
until it runs out of data. Each record is detached from the TLS
mbuf chain while it is being decrypted to keep the mbufs "pinned".
However, a new sb_dtlscc field tracks the character count of the
detached record and sbcut()/sbdrop() is updated to account for the
detached record. After the record is decrypted, the worker thread
first checks to see if sbcut() dropped the record. If so, it is
freed (can happen when a socket is closed with pending data).
Otherwise, the header and trailer are stripped from the original
mbufs, a control message is created holding the decrypted TLS
header, and the decrypted TLS record is appended to the "normal"
socket buffer chain.
(Side note: the SBCHECK() infrastucture was very useful as I was
able to add assertions there about the TLS chain that caught several
bugs during development.)
Tested by: rmacklem (various versions)
Relnotes: yes
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D24628
Notes:
svn path=/head/; revision=363464
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Document that iwm(4) currently doesn't support 802.11n and 802.11ac.
PR: 247874
Submitted by: Charles Ross <cwr at sdf dot org>
Reviewed by: brueffer, markj
Approved by: brueffer
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D25666
Notes:
svn path=/head/; revision=363287
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Note: date not bumped because "content" was not changed, just inserted some
missing words.
PR: 248001
Submitted by: Jose Luis Duran <jlduran@gmail.com>
MFC after: 2 weeks
Sponsored by: Klara Inc.
Notes:
svn path=/head/; revision=363223
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The EIP-97 is a packet processing module found on the ESPRESSObin. This
commit adds a crypto(9) driver for the crypto and hash engine in this
device. An initial skeleton driver that could attach and submit
requests was written by loos and others at Netgate, and the driver was
finished by me.
Support for separate AAD and output buffers will be added in a separate
commit, to simplify merging to stable/12 (where those features don't
exist).
Reviewed by: gnn, jhb
Feedback from: andrew, cem, manu
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC (Netgate)
Differential Revision: https://reviews.freebsd.org/D25417
Notes:
svn path=/head/; revision=363180
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
nmdm(4), ucom(4), and uart(4)
PR: 247638
Submitted by: Pau Amma <pauamma@gundo.com>
Reported by: 0mp
MFC after: 4 weeks
Sponsored by: Klara Inc.
Event: July 2020 Bugathon
Notes:
svn path=/head/; revision=363111
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With this change, a kernel compiled with "options SCTP_SUPPORT" and
without "options SCTP" supports dynamic loading of the SCTP stack.
Currently sctp.ko cannot be unloaded since some prerequisite teardown
logic is not yet implemented. Attempts to unload the module will return
EOPNOTSUPP.
Discussed with: tuexen
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D21997
Notes:
svn path=/head/; revision=363079
|
|
|
|
|
|
|
|
| |
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Notes:
svn path=/head/; revision=362943
|
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes Linux gettyname(3), with caveats (see PR).
PR: kern/240767
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D25558
Notes:
svn path=/head/; revision=362935
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Expand the mentioned RFC in the SEE ALSO section
and reference RFC1701 and RFC1702.
PR: 240250
Reviewed by: bcr (mentor)
Approved by: bcr (mentor)
Obtained from: OpenBSD
MFC after: 7 days
Differential Revision: https://reviews.freebsd.org/D25504
Notes:
svn path=/head/; revision=362779
|
|
|
|
|
|
|
| |
MFC after: 2 weeks
Notes:
svn path=/head/; revision=362741
|
|
|
|
|
|
|
|
|
|
|
| |
s/stack/kernel stack/, as this feature only shows kernel stacks.
Reported by: jhb
Reviewed by: jhb
Differential Revision: https://reviews.freebsd.org/D25488
Notes:
svn path=/head/; revision=362727
|
|
|
|
|
|
|
|
| |
Reviewed by: manpages (imp), 0mp
Differential Revision: https://reviews.freebsd.org/D25488
Notes:
svn path=/head/; revision=362700
|
|
|
|
|
|
|
|
|
|
| |
Now the list looks like a list. Using -item only makes sense if the list is
meant to be a list of terms and definitions.
MFC after: 3 days
Notes:
svn path=/head/; revision=362684
|
|
|
|
|
|
|
| |
MFC after: 3 days
Notes:
svn path=/head/; revision=362675
|
|
|
|
|
|
|
|
|
| |
PR: 247573
Submitted by: HATANO Tomomi <hatanou@infolab.ne.jp>
MFC after: 1 week
Notes:
svn path=/head/; revision=362672
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This mode was added in r362496. Rename it to make the meaning more
clear.
PR: 247306
Suggested by: rpokala
Submitted by: Ali Abdallah <ali.abdallah@suse.com>
MFC with: r362496
Notes:
svn path=/head/; revision=362592
|
|
|
|
|
|
|
|
|
| |
PR: 247306
Submitted by: Ali Abdallah <ali.abdallah@suse.com>
MFC after: 2 weeks
Notes:
svn path=/head/; revision=362496
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Remove the giant lock requirement from powermac_nvram.
* Update manual pages to reflect current state.
Reviewed by: bcr (manpages), jhibbits
Sponsored by: Tag1 Consulting, Inc.
Differential Revision: https://reviews.freebsd.org/D24812
Notes:
svn path=/head/; revision=362406
|
|
|
|
|
|
|
|
|
|
| |
Reviewed by: bcr (manpages)
Approved by: jtl (co-mentor)
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D25357
Notes:
svn path=/head/; revision=362379
|
|
|
|
|
|
|
| |
Pointed out by: kibab@
Notes:
svn path=/head/; revision=362362
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is in preparation for enabling a loadable SCTP stack. Analogous to
IPSEC/IPSEC_SUPPORT, the SCTP_SUPPORT kernel option must be configured
in order to support a loadable SCTP implementation.
Discussed with: tuexen
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Notes:
svn path=/head/; revision=362338
|
|
|
|
|
|
|
| |
I use all of these..
Notes:
svn path=/head/; revision=362257
|
|
|
|
|
|
|
|
| |
A-MPDU, short-gi and 40MHz mode is currently not supported, but hey,
it supports enough 11n to be useful.
Notes:
svn path=/head/; revision=362256
|
|
|
|
|
|
|
|
|
|
|
|
| |
the debug messages. While here, clean up some variable naming.
Reviewed by: bcr (manpages), emaste
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D25230
Notes:
svn path=/head/; revision=362104
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
applications, which often depend on this being the case. There's a new
sysctl, compat.linux.default_openfiles, to control this behaviour.
Reviewed by: kevans, emaste, bcr (manpages)
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D25177
Notes:
svn path=/head/; revision=362015
|
|
|
|
| |
Notes:
svn path=/head/; revision=361882
|
|
|
|
|
|
|
|
|
|
| |
Add xref to all SIM devices we currently have (including a rough indication
which ones are likely to fail).
Update to include all the CAM options.
Fix a few igor nits while I'm here.
Notes:
svn path=/head/; revision=361873
|
|
|
|
| |
Notes:
svn path=/head/; revision=361869
|
|
|
|
|
|
|
| |
Submitted by: Yuri Pankov
Notes:
svn path=/head/; revision=361868
|
|
|
|
|
|
|
|
| |
documentation on namespace support for nda devices. Fix a few typos
and formatting nits to apease igor.
Notes:
svn path=/head/; revision=361867
|
|
|
|
|
|
|
|
|
| |
PR: 246080
Submitted by: David Marec <david@lapinbilly.eu>
MFC after: 1 week
Notes:
svn path=/head/; revision=361792
|
|
|
|
|
|
|
|
|
|
|
|
| |
which happens on some laptops after returning to legacy multiplexing mode
at initialization stage.
PR: 242542
Reported by: Felix Palmen <felix@palmen-it.de>
MFC after: 1 week
Notes:
svn path=/head/; revision=361718
|
|
|
|
|
|
|
| |
MFC after: 2 weeks
Notes:
svn path=/head/; revision=361439
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Also fix igor complaint about manpage/s/man page
Reported by: rgrimes@freebsd.org
PR: 219075
Submitted by: Dries Michiels driesm.michiels_gmail.com
Reported by: rgrimes
Reviewed by: bcr (manpages), 0mp
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D24541
Notes:
svn path=/head/; revision=361355
|
|
|
|
|
|
|
|
| |
Reported by: Jose Luis Duran
MFC after: 1 week
Notes:
svn path=/head/; revision=361094
|
|
|
|
|
|
|
| |
MFC after: 1 week
Notes:
svn path=/head/; revision=361090
|
|
|
|
|
|
|
|
|
|
| |
and its presence just creates confusion.
Discussed with: cem
MFC after: 1 week
Notes:
svn path=/head/; revision=361089
|
|
|
|
|
|
|
|
|
| |
PR: 246417
Submitted by: Viktor G. <viktor@netgate.com>
MFC after: 1 week
Notes:
svn path=/head/; revision=360966
|
|
|
|
|
|
|
|
|
|
|
|
| |
There are no in-kernel consumers.
Reviewed by: cem
Relnotes: yes
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D24775
Notes:
svn path=/head/; revision=360936
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It no longer has any in-kernel consumers via OCF. smbfs still uses
single DES directly, so sys/crypto/des remains for that use case.
Reviewed by: cem
Relnotes: yes
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D24773
Notes:
svn path=/head/; revision=360933
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There are no longer any in-kernel consumers. The software
implementation was also a non-functional stub.
Reviewed by: cem
Relnotes: yes
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D24771
Notes:
svn path=/head/; revision=360928
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Although a few drivers supported this algorithm, there were never any
in-kernel consumers. cryptosoft and cryptodev never supported it,
and there was not a software xform auth_hash for it.
Reviewed by: cem
Relnotes: yes
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D24767
Notes:
svn path=/head/; revision=360920
|
|
|
|
|
|
|
|
|
|
|
|
| |
This driver was previously marked for deprecation in r360710.
Approved by: csprng (cem, gordon, delphij)
Relnotes: yes
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D24766
Notes:
svn path=/head/; revision=360918
|
|
|
|
|
|
|
|
|
| |
PR: 246315
Submitted by: Idwer Vollering <vidwer+fbsdbugs@gmail.com>
MFC after: 1 week
Notes:
svn path=/head/; revision=360848
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With the removal of in-tree consumers of DES, Triple DES, and
MD5-HMAC, the only algorithm this driver still supports is SHA1-HMAC.
This is not very useful as a standalone algorithm (IPsec AH-only with
SHA1 would be the only user).
This driver has also not been kept up to date with the original driver
in OpenBSD which supports a few more cards and AES-CBC on newer cards.
The newest card currently supported by this driver was released in
2005.
Reviewed by: cem
MFC after: 1 week
Relnotes: yes
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D24691
Notes:
svn path=/head/; revision=360710
|
|
|
|
|
|
|
|
|
|
|
|
| |
source that works or is the new location on the
same page.
Submitted by: alfix86_gmail.com
Approved by: bcr
Differential Revision: https://reviews.freebsd.org/D23769
Notes:
svn path=/head/; revision=360669
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Inconsistencies in .Dd like abbreviated month names,
"th" after numbers, or leading zeros
- No line breaks after a sentence stop
- Whitespace at the end of the line
- Use macros for BSD OS names instead of hardcoded names
- CAVEATS instead of CAVEAT in section name
No actual content change in terms of additions were made, so
no bump of the .Dd for these man pages.
All of these issues were found and fixed by Gordon Bergling.
Submitted by: gbergling_gmail.com
Approved by: bcr
Differential Revision: https://reviews.freebsd.org/D24648
Notes:
svn path=/head/; revision=360527
|