Micron and Samsung also use this standard, though Micron is known to use
a few different keys. Add the ones that public information say are the
same among those the drives that have them.
There's others, but either they aren't publicly documented in datasheets
or nvme-cli code, or they vary betwen models and our code needs a fair
amount of rework needed.
Also print hex value for unknown keys. This allows scripts to more
easily pick bytes out for those keys who have values that are encoded by
packing multiple values into the 48-bit field.
Sponsored by: Netflix
This finally allows to use source-hash for dynamic loadbalancing, eg.
"rdr-to <hosts> source-hash", instead of just round-robin and least-states.
An older pre-siphash version of this diff was tested by many people.
OK tedu@ benno@
Obtained from: OpenBSD, reyk <reyk@openbsd.org>, 252a05523f
Sponsored by: Rubicon Communications, LLC ("Netgate")
If pfctl cannot set a limit in the kernel, print the name of the
limit and the requested value.
OK henning@
Obtained from: OpenBSD, bluhm <bluhm@openbsd.org>, beb5ed50a7
Sponsored by: Rubicon Communications, LLC ("Netgate")
Fixes a pfctl crash with an anchor name containing
an embedded nul found with the afl fuzzer.
pfctl parse.y patch from and ok deraadt@
Obtained from: OpenBSD, jsg <jsg@openbsd.org>, 41eef22fad
Sponsored by: Rubicon Communications, LLC ("Netgate")
ieee80211_setupcurchan() compares the flags in a greater than manner.
In this case VHT160 should be > VHT80P80 as it is preferable.
Swap the two flags and add a comment to note this.
Sponsored by: The FreeBSD Foundation
MFC after: 3 days
Reviewed by: adrian
Differential Revision: https://reviews.freebsd.org/D48976
Allows things like:
block out on $someif received-on any
to prevent packets to get forwarded to $someif.
Obtained from: OpenBSD, henning <henning@openbsd.org>, 5984d04852
Sponsored by: Rubicon Communications, LLC ("Netgate")
For every state pf creates up to two source nodes: a limiting one
struct pf_kstate -> src_node and a NAT one struct pf_kstate -> nat_src_node.
The limiting source node is tracking information needed for limits using
max-src-states and max-src-nodes and the NAT source node is tracking NAT
rules only.
On closer inspection some issues emerge:
- For route-to rules the redirection decision is stored in the limiting source
node. Thus sticky-address and source limiting can't be used separately.
- Global source tracking, as promised in the man page, is totally absent from
the code. Pfctl is capable of setting flags PFRULE_SRCTRACK (enable source
tracking) and PFRULE_RULESRCTRACK (make source tracking per rule). The kernel
code checks PFRULE_SRCTRACK but ignores PFRULE_RULESRCTRACK. That makes
source tracking work per-rule only.
This patch is based on OpenBSD approach where source nodes have a type and each
state has an array of source node pointers indexed by source node type
instead of just two pointers. The conditions for limiting are applied
only to source nodes of PF_SN_LIMIT type. For global limit tracking
source nodes are attached to the default rule.
Reviewed by: kp
Approved by: kp (mentor)
Sponsored by: InnoGames GmbH
Differential Revision: https://reviews.freebsd.org/D39880
Provide local implementations of if_nametoindex(3) and if_indextoname(3)
that make use of the cache of addresses populated by the ifa_load on
startup to save the trouble of calling expensive getaddrinfo(3) up to
four times per rule. Performance wise this change provides a speed up
factor of 20 with a 11k line ruleset on a machine with 150 VLANs and 250
IP addresses (20 seconds down to 1 in this case).
"wow!" henning, ok benno, florian
Obtained from: OpenBSD, mikeb <mikeb@openbsd.org>, 918dda8655
Sponsored by: Rubicon Communications, LLC ("Netgate")
zap one redundant line, replacing it with a note that although
SYNOPSIS suggests no options are neccessary, in fact a minimum of one
is required;
ok henning
Obtained from: OpenBSD, jmc <jmc@openbsd.org>, 123a76b4bf
Sponsored by: Rubicon Communications, LLC ("Netgate")
Tracking newer versions of C (and C++) permits assuming newer language
features in the base system. Some C11 extensions are already used in
the base system but implemented on top of GNU C extensions such as
_Alignas and _Static_assert. In some cases the fallback versions in
cdefs.h are more limited than the native C11 extensions.
Even though C11 is the next major version of C, C17 is chosen instead
since C17 does not add new features to C but merely fixes defects in
C11. It is also well supported by a wide range of clang (7.0.0+) and
GCC (8.1+) versions.
Along with changing the default, this change also removes explicit
requests for c11 via the CSTD variable in various Makefiles.
Libraries and binaries for ZFS continue to use c99.
PR: 284039 (exp-run)
Reviewed by: imp, arichardson, emaste
Differential Revision: https://reviews.freebsd.org/D43237
If rule was added in compact form and rule body is empty, print
'proto ip' opcode to be compatible with ipfw(8) syntax parser.
Before:
$ ipfw add allow proto ip
000700 allow
After:
$ ipfw add allow proto ip
000700 allow proto ip
MFC after: 1 week
We only ever delete a single table at a time, so remove the size argument.
This will make subsequent conversion to netlink easier.
Sponsored by: Rubicon Communications, LLC ("Netgate")
We only ever add a single table at a time, so remove the size argument.
This will make subsequent conversion to netlink easier.
Sponsored by: Rubicon Communications, LLC ("Netgate")
Added ht20 mode, based on if_run from FreeBSD, and if_mtw.c
from OpenBSD.
PR: 247545
Approved by: adrian, wireless
Differential Revision: https://reviews.freebsd.org/D45179
If a Fabrics host is connected, use the discovery log entry from the
reconnect parameters to output the transport type and address.
Reviewed by: chuck
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D48731
If a Fabrics host is disconnected, use the cached controller data
instead of reading the cdata via a pass-through command. In addition,
annotate disconnected hosts including the amount of time since the
connection was lost.
Reviewed by: chuck
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D48220
Run sysctl -a during the test suite so that KASAN/KMSAN have a chance to
catch something.
Inspired by https://jprx.io/cve-2024-54507/
Reviewed by: jhb, emaste
MFC after: 2 weeks
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D48659
UFS1 uses a signed 32-bit value for its times. Zero is
January 1, 1970 UTC. Negative values of 32-bit time predate
January 1, 1970 back to December 13, 1901. The maximum positive
value for 32-bit time is on January 19, 2038 (my 84th birthday).
On that date, time will go negative and start registering from
December 13, 1901. Note that this issue only affects UFS1 filesystems
since UFS2 has 64-bit times. This fix changes UFS1 times from
signed to unsigned 32-bit values. With this change it will no longer
be possible to represent time from before January 1, 1970, but it
will accurately track time until February 7, 2106. Hopefully there
will not be any FreeBSD systems using UFS1 still in existence by
that time (and by then I will have been dead long enough that no-one
will know at whom to yell :-).
It is possible that some existing UFS1 systems will have set times
predating January 1, 1970. With this commit they will appear as
later than the current time. This commit checks inode times when
they are read into memory and if they are greater than the current
time resets them to the current time. By default this reset happens
silently, but setting the sysctl vfs.ffs.prttimechgs=1 will cause
console messages to be printed whenever a future time is changed.
Reviewed-by: kib
Tested-by: Peter Holm
MFC-after: 1 week
Differential Revision: https://reviews.freebsd.org/D48472
This allows the parent jail to retrieve or set kernel state when child
does not have sysctl(8) installed (e.g. light weighted OCI containers
or slim jails).
This is especially useful when manipulating jail prison or vnet sysctls.
For example, `sysctl -j foo -Ja` or `sysctl -j foo net.fibs=2`.
Reviewed by: dfr (previous version), markj
MFC after: 1 week
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D48618
Let the caller open the file and pass in the file handler. This can
benefit an upcoming change so that we will have cleaner logic.
No functional change intended.
Suggested by: markj
MFC after: 1 week
Reuse the addrinfo structure from the admin queue to establish
connections to I/O queues for the TCP transport.
Reviewed by: dab, imp
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D48456
Zero the I/O queue array earlier so that disconnect_nvm_queues() can
be safely used for earlier failures.
Suggested by: dab
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D48654
Each program that operates on UFS on-disk inodes defines its own
version of a dinode. They all (of necessity) define the same
layout but use different names. This change adds a definition of
a dinode (a union of a UFS1 on-disk inode and a UFS2 on-disk inode)
as well as a dinodep (a union of a pointer to a UFS1 on-disk inode
and a pointer to a UFS2 on-disk inode) in sys/ufs/ufs/dinode.h.
It then deletes the definitions of dinode and dinodep in all the
programs that operate on them and instead uses these standard
definitions.
No functional change intended.
MFC-after: 1 week
Save more data associated with a new association including the network
address of the remote controller. This permits reconnecting an
association without providing the address or other details. To use
this new mode, provide only an existing device ID to nvmecontrol's
reconnect command. An address can still be provided to request a
different address or other different settings for the new association.
The saved data includes an entire Discovery Log page entry to aim to
be compatible with other transports in the future. When a remote
controller is connected to via a Discovery Log page entry (nvmecontrol
connect-all), the raw entry is used. When a remote controller is
connected to via an explicit address, an entry is synthesized from the
parameters.
Note that this is a pseudo-ABI break for the ioctls used by nvmf(4) in
that the nvlists for handoff and reconnect now use a slightly
different set of elements. Since this is only present in main I did
not bother implementing compatability shims.
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D48214
Just like route-to reply-to is problematic when used in combination with nat64.
In the normal (i.e. without nat64) flow we return immediately from pf_route().
However, with nat64 we need to continue and do a route lookup. In that case
we should not make the extra pf_test(PF_OUT) call to remain similar to the
non-nat64 flow.
We also have to fix the interface binding. We can only bind to the interface
after we've done the route lookup, not before.
Add a funcional test case, and a test for pfctl's rule printing.
Sponsored by: Rubicon Communications, LLC ("Netgate")
af-to uses pf_route() and pf_route6(), which caused issues when af-to and
route-to were combined in a single rule.
Extend the relevant functions to cope with this and add test cases.
Sponsored by: Rubicon Communications, LLC ("Netgate")
As suggested by henning.
Which unbreaks ie route-to after the recent pf changes.
With much help debugging and pointing out of missing bits from claudio@
ok claudio@ "looks good" henning@
Obtained from: OpenBSD, jsg <jsg@openbsd.org>, 7fa5c09028
Sponsored by: Rubicon Communications, LLC ("Netgate")
If the address family can be determined by the "from" or "to" parameter in the
matching part, it is no longer necessary to specify "inet" or "inet6" there.
OK henning@ mikeb@
Obtained from: OpenBSD, bluhm <bluhm@openbsd.org>, ff33038bc1
Sponsored by: Rubicon Communications, LLC ("Netgate")
Ensure we always free the NAT pool (as well as the rdr pool) and actually handle
it in the optimiser.
Sponsored by: Rubicon Communications, LLC ("Netgate")
In e11dacbf84 the redirect pool was renamed from
rpool to rdr. It included backwards compatibility support for libpfctl users,
but didn't fully implement the rename in our own code.
Do so now. No functional change.
Sponsored by: Rubicon Communications, LLC ("Netgate")
