| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The new ifconfig options 'tagged', '+tagged' and '-tagged' allow the
vlan access list of a bridge interface to be configured:
- Incoming tagged frames will be dropped if the vlan tag isn't in the
interface's access list.
- Outgoing frames will be dropped if the vlan tag isn't in the
interface's access list (e.g., for BUM traffic).
This has no effect if vlan filtering is not enabled on the interface.
Since we now add a tag to untagged frames at ingress, remove the
vlan argument from bridge_vfilter_out() and use VLANTAGOF instead.
Reviewed by: des, kp, adrian
Approved by: des (mentor)
Differential Revision: https://reviews.freebsd.org/D50503
|
| |
|
|
|
| |
MFC after: 3 months
Sponsored by: Klara, Inc.
|
| |
|
|
|
|
|
| |
Reviewed by: kib
MFC after: 3 months
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D50315
|
| |
|
|
|
| |
MFC after: 3 months
Sponsored by: Klara, Inc.
|
| |
|
|
|
|
|
|
|
| |
Include the two new syscalls in the symbol map.
Reviewed by: kib
MFC after: 3 months
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D50315
|
| |
|
|
|
|
|
|
|
|
| |
inotify_init() and inotify_init1() are implemented using __specialfd(2).
inotify_add_watch() is implemented in terms of inotify_add_watch_at(2).
Reviewed by: kib
MFC after: 3 months
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D50315
|
| |
|
|
| |
Sponsored by: Klara, Inc.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since phk rewrote the block layer ~2 decades ago, write(2) can return
EINVAL when the target is a block device and nbytes, the write size, is
not a multiple of the sector's block size.
From the original PR:
When coming from Linux, people are surprised by the fact
that write(2) to a device must be aligned to block size.
Writing a non-aligned block onto a raw device is a case
where EINVAL is also returned but the manpage does not mention this.
MFC after: 3 days
PR: 227185
Reported by: riggs
Reviewed by: imp, Pau Amma <pauamma@gundo.com>
Differential Revision: https://reviews.freebsd.org/D51138
|
| |
|
|
|
|
| |
Sponsored by: Klara, Inc.
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D51118
|
| |
|
|
|
|
| |
Sponsored by: Klara, Inc.
Reviewed by: kevans
Differential Revision: https://reviews.freebsd.org/D51098
|
| |
|
|
|
|
| |
Sponsored by: Klara, Inc.
Reviewed by: kevans
Differential Revision: https://reviews.freebsd.org/D51097
|
| |
|
|
|
|
|
|
| |
Allow pf to limit packets to a specified maximum size. This applies to all
packets, and if reassembly is enabled, looks at the reassembled size, not the
size of individual fragments.
Sponsored by: Rubicon Communications, LLC ("Netgate")
|
| |
|
|
|
|
| |
Sponsored by: Klara, Inc.
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D51050
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, if `readdir()` fails, `scandir()` simply returns a partial
result (or a null result if it fails before any entries were selected).
There is no way within the current API design to return both a partial
result and an error indicator, so err on the side of caution: if an
error occurs, discard any partial result and return the error instead.
MFC after: 1 week
Reported by: Maxim Suhanov <dfirblog@gmail.com>
Sponsored by: Klara, Inc.
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D51046
|
| |
|
|
|
| |
The yaml parser used in nuageinit is too incomplete, import libyaml
in order to be able to use as a complete parser for nuageinit.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
allows things like
pass in proto icmp max-pkt-rate 100/10
all packets matching the rule in the direction the state was created are
taken into consideration (typically: requests, but not replies).
Just like with the other max-*, the rule stops matching if the maximum is
reached, so in typical scenarios the default block rule would kick in then.
with input from Holger Mikolon
ok mikeb
Obtained from: OpenBSD, henning <henning@openbsd.org>, 5a4ae9a9cb
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D50798
|
| |
|
|
|
|
|
|
|
|
|
| |
Application can use libusb_get_pollfds to get pollfds from libusb then
close the fd themselves. This cause the hotplug thread unable to leave
because it will be consider as a invalid event then loop forever instead
of a broken event that should be quit immediately.
Reviewed by: bapt
Sponsored by: FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D50959
|
| |
|
|
|
|
|
|
| |
This is needed to read these values.
Reviewed by: brooks, imp, kib
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D51006
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The flag was added in b75a1171d8ba4 for the sake of Varnish. However, that
idea didn't work. Quoting email from Poul-Henning:
"We had to give up sendfile(), the overhead of keeping track of everything
between the network stack and VM system made ate any gain we saw. ... I
dont think we ever shipped a version where sendfile was enabled by
default."
PR: 287348
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The O_RESOLVE_BENEATH openat(2) flag restricts name lookups such that
they remain under the directory referenced by the dirfd. This commit
introduces an implicit version of the flag, FD_RESOLVE_BENEATH, stored
in the file descriptor entry. When the flag is set, any lookup relative
to that fd automatically has O_RESOLVE_BENEATH semantics. Furthermore,
the flag is sticky, meaning that it cannot be cleared, and it is copied
by dup() and openat().
File descriptors with FD_RESOLVE_BENEATH set may not be passed to
fchdir(2) or fchroot(2). Various fd lookup routines are modified to
return fd flags to the caller.
This flag will be used to address a case where jails with different root
directories and the ability to pass SCM_RIGHTS messages across the jail
boundary can transfer directory fds in such as way as to allow a
filesystem escape.
PR: 262180
Reviewed by: kib
MFC after: 3 weeks
Differential Revision: https://reviews.freebsd.org/D50371
|
| |
|
|
|
| |
Reviewed by: kib, kevans
Differential Revision: https://reviews.freebsd.org/D50998
|
| |
|
|
|
|
|
|
|
| |
Reported by: Greg Becker <greg.becker@klarasystems.com>
Reviewed by: emaste, kevans, markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Also see: https://reviews.freebsd.org/D50998
Differential revision: https://reviews.freebsd.org/D50997
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This seems to fit the pattern better (e.g. fdopendir()).
I've added weak references to ease the transition, but since it's only
been a few days, we can remove them (and the ObsoleteFiles entries for
the manual pages) before we branch stable/15.
Fixes: deeebfdecab5
Sponsored by: Klara, Inc.
Reviewed by: kevans
Differential Revision: https://reviews.freebsd.org/D50980
|
| |
|
|
| |
Sponsored by: Klara, Inc.
|
| |
|
|
|
| |
Fixes: 1e0743f54d2d
Sponsored by: Klara, Inc.
|
| |
|
|
|
|
|
|
|
|
|
| |
Most importantly, they need to run without privileges, since root is
allowed to read a directory regardless of its permission bits.
PR: 287694
Fixes: 4d7c31bca252
Sponsored by: Klara, Inc.
Reviewed by: bnovkov
Differential Revision: https://reviews.freebsd.org/D50965
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
used AMD64_SET_TLSBASE
It is up to the code that organizes the runtime to properly set the
signal handler, and to set %fsbase if libthr signal handler is to be
called. The change should leave the CPU state on the signal handler
entry identical to what it was before introduction of TLSBASE, for code
that provides its own startup and thread pointer, but still calls into
libthr as a hack.
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
|
| |
|
|
|
|
|
|
|
|
|
| |
Starting 13.1 the amd64 kernel was made relocatable, but the kernel
didn't provide enough information for libkvm to figure out where it was
loaded.
Reviewed by: markj
Approved by: imp (mentor)
Pull Request: https://github.com/freebsd/freebsd-src/pull/1706
Closes: https://github.com/freebsd/freebsd-src/pull/1706
|
| |
|
|
|
|
|
|
|
|
|
| |
amd64 kernels don't have to be loaded at 2M physical anymore, they can
be anywhere in the lower 4G of the physical address space. The kernel
now provides its physical address in an ELF section in the dump, so
account for it.
Reviewed by: markj
Approved by: imp (mentor)
Pull Request: https://github.com/freebsd/freebsd-src/pull/1706
|
| |
|
|
| |
CID: 1591126
|
| |
|
|
|
|
|
|
|
|
|
|
| |
In the previous commit, I removed the initial initialization of the
`names` array, not realizing that `scandir()` is expected to return
a non-null (but empty) array of entries if no entries matched.
Restore the historical behavior, document it, and add a test.
Fixes: deeebfdecab5
Sponsored by: Klara, Inc.
Reviewed by: kevans, allanjude, markj
Differential Revision: https://reviews.freebsd.org/D50949
|
| |
|
|
|
|
|
|
|
| |
While here, clean up scandir() a bit and improve the documentation.
MFC after: never
Sponsored by: Klara, Inc.
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D50935
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The practical scenario that leads to this is porch(1) spawning some
utility and sending it a SIGSTOP as a debugging aide. The user then
attaches a debugger and walks through how some specific input is
processed, then detaches to allow the script to continue. When ptrace
is detached, the process resumes execution but the parent is never
notified and may be stuck in wait(2) for it to continue or terminate.
Other platforms seem to re-suspend the process after the debugger is
detached, but neither behavior seems unreasonable. Just notifying the
parent that the child has resumed is a relatively low-risk departure
from our current behavior and had apparently been considered in the
past, based on pre-existing comments.
Move p_flag and p_xsig handling into childproc_continued(), as just
sending the SIGCHLD here isn't really useful without P_CONTINUED set
and the other caller already sets these up as well.
Reviewed by: kib, markj
Differential Revision: https://reviews.freebsd.org/D50917
|
| |
|
|
| |
Reviewed by: glebius
|
| |
|
|
|
| |
To build the man page one must run pod2man on
contrib/pam-krb5/docs/pam_krb5.pod and copy it to ${.CURDIR}.
|
| |
|
|
| |
Fixes: 98f18cd98824
|
| |
|
|
|
|
|
|
|
|
|
| |
Now that we have a _WANT_ZNODE we can use that instead of defining
_KERNEL, and we're able to move the code back into zfs.c using a real
znode_t pointer.
Whilst here, tidy the includes.
Reviewed by: imp, kib, markj
Differential Revision: https://reviews.freebsd.org/D50721
|
| |
|
|
|
|
|
|
|
|
| |
Defining _KERNEL is a historical hack that can often break due to the
environment not actually being that of a kernel build. Now that we have
other targeted macros we can define instead that don't have far-reaching
implications like _KERNEL we can drop this.
Reviewed by: imp, kib, markj
Differential Revision: https://reviews.freebsd.org/D50719
|
| |
|
|
|
|
| |
This avoids a use after free.
Noted by: jhb
|
| |
|
|
|
|
|
|
|
|
|
| |
MIT KRB5 does not support telnet. This is because telnet uses 3DES
encryption, which requires 3DES encrypted keys in the KDC database.
As MIT had deprecated and removed 3DES support about a decade ago,
telnet is not supported.
Sponsored by: The FreeBSD Foundation
Reviewed by: markj
Differential revision: https://reviews.freebsd.org/D50785
|
| |
|
|
|
|
|
|
| |
MIT KRB5 provides its own libcom_err.
Sponsored by: The FreeBSD Foundation
Reviewed by: markj, emaste
Differential revision: https://reviews.freebsd.org/D50809
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
MIT KRB5 does not provide a krb5_make_principal() function. We need to
provide this ourselves for now. We provide the function for now while
MIT and Heimdal are both in the tree. When Heimdal is removed we can
inline the calls to krb5_get_default_realm() and
krb5_build_principal_va(). krb5_build_principal_va() is
deprecated in MIT KRB5. Its replacement, krb5_build_principal_alloc_va()
will be used instead at that time.
Sponsored by: The FreeBSD Foundation
Differential revision: https://reviews.freebsd.org/D50808
|
| |
|
|
|
|
|
|
|
|
| |
The eyeire.org pam-krb5 supports MIT KRB5 and Heimdal. FreeBSD will use
it to implement pam_krb5 for MIT KRB5. The existing libpam pam_krb5
only supports Heimdal and therefore cannot be used with the MIT KRB5
import.
Sponsored by: The FreeBSD Foundation
Differential revision: https://reviews.freebsd.org/D50696
|
| |
|
|
|
|
|
|
|
|
|
| |
bectl.8 had a truncated license without the required disclaimer.
Correct it consistently by converting all bectl licenses to SPDX form.
Approved by: kevans
Approved by: Kyle Kneitinger <kyle@kneit.in>
Approved by: Wes Maag <wes@jwmaag.org>
Approved by: mhorne (mentor, implicit)
Differential Revision: https://reviews.freebsd.org/D49066
|
| |
|
|
|
|
|
|
| |
Markup CLOCK_REALTIME better.
Noticed by: kib
Fixes: 7b7ba7857ce8
Sponsored by: Netflix
|
| |
|
|
|
|
|
|
|
| |
Typically we spell error values 'error' not 'err'. And fix EINVAL markup
nit.
Suggested by: kib
Fixes: 7b7ba7857ce8
Sponsored by: Netflix
|
| |
|
|
|
|
|
| |
Switch all instances of the -isoC-2024 macro to -isoC-2023 selected by
upstream. Keep -isoC-2024 defined, but deprecated, for backwards compat.
MFC after: 3 days (I will resolve merge conflicts with cdefs)
|
| |
|
|
|
| |
Reviewed by: hrs
Differential Revision: https://reviews.freebsd.org/D50739
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Provide a clock through clock_gettime() that returns the current TAI
time (UTC without leap seconds) as a complement to CLOCK_REALTIME. This
provides compatibility with Linux, which also provides a CLOCK_TAI since
kernel 2.6.26, and this seems to be becoming the standard way to acquire
TAI time. Unlike Linux, this code will return EINVAL if the TAI offset
(set by ntpd, ptpd, etc.) is not known since it seems pathological for
CLOCK_TAI to silently give the wrong (UTC) time if the offset is not
known as it does on Linux.
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D46268
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The get{addr,name}info(3) API is designed to return an API-specific error
code that is independent of errno. The cap_get{addr,name}info() functions
returned either an errno or API-specific error code inconsistently.
This change fixes this mismatch.
When the API returns an errno, the return value itself is set to
EAI_SYSTEM and errno is set depending on the actual error. So, usually
this API is called in the following form:
error = getnameinfo(...);
if (error == EAI_SYSTEM)
perror("getnameinfo");
else if (error)
errx(1, "getnameinfo: %s", gai_strerror(error);
If the above getnameinfo() call is replaced with cap_getnameinfo(),
it breaks the error handling. For example, the cap_get{addr,name}info()
functions can return ENOTCAPABLE.
This change simply adds "errno", in addition to "error", to the nvlout and
cap_get{addr,name}info() restores the errno if the error code is EAI_SYSTEM.
Reviewed by: oshogbo
Differential Revision: https://reviews.freebsd.org/D45859
|
