These were all incorrectly labeled as 2-clause BSD licenses by a
semi-automated process, when in fact they are 3-clause.
Discussed with: pfg, imp
Sponsored by: Axcient
(cherry picked from commit 3874c0abb0)
- new sentence, new line
- tab in filled text
- unusual Xr order
- skipping paragraph macro: Pp before Ss
Reviewed by: bcr
Differential Revision: https://reviews.freebsd.org/D31143
(cherry picked from commit 0b12932525)
- inserting missing end of block: Sh breaks Bl
- moving content out of list: Pp
- missing comma before name: Nm cap_*
- comma in function argument: cap_*
- skipping paragraph macro: Pp after Sh
- sections out of conventional order: Sh AUTHORS
Reviewed by: bcr
Differential Revision: https://reviews.freebsd.org/D31144
(cherry picked from commit 3251ad29f4)
This change currently (partially) duplicates AC1 freqbands as AC2
as they are not fully overlapping.
It then adds the 11ac netband to the "etsi" domain including
"indoor" and "dfs" flags, which we can deal with, as well as
appropriate (round down) maxpower values.
Comments are left for the actual frequency bands as we do use the
centerfreq for the first/last (chansep sized) channel in the
freqband and their "id" name, which can be confusing.
Reviewed by: philip, adrian
Differential Revision: https://reviews.freebsd.org/D25999
(cherry picked from commit 2ad93dade7)
Stop using the *NV version to retrieve states, as its performance is
unacceptably bad.
For 1,000,000 states the nvlist version needed ~100 seconds to retrieve
the states, the new version needs ~3 seconds.
Reviewed by: mjg
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D31098
(cherry picked from commit be70c7a50d)
.Fa is the suitable macro for functions in comparsion to the
.Ar macro, which should be used for commandline arguments.
While here, fix some mandoc warnings.
Reviewed by: imp (earlier version)
Obtained from: OpenBSD (in partial)
Differential Revision: https://reviews.freebsd.org/D31090
(cherry picked from commit c5cbef2f85)
Make sure the "device_is_gone" flag is cleared after every successful open,
so that the "device_is_gone" flag doesn't persist forever.
Found by: sergii.dmytruk@3mdeb.com
PR: 256296
Sponsored by: Mellanox Technologies // NVIDIA Networking
(cherry picked from commit 6847ea5019)
We must remember to free the nvlist we create from the kernel's response
to DIOCGETSTATESNV, on every iteration.
Reviewed by: donner
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D30957
(cherry picked from commit 0e9f1892ec)
This call is particularly slow due to the large amount of data it
returns. Remove all fields pfctl does not use. There is no functional
impact to pfctl, but it somewhat speeds up the call.
It might affect other (i.e. non-FreeBSD) code that uses the new
interface, but this call is very new, so there's unlikely to be any. No
releases contained the previous version, so we choose to live with the
ABI modification.
Reviewed by: donner
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D30944
(cherry picked from commit 34285eefdd)
libvmm: explicitly save and restore errno in vm_open()
Use errno to print a more descriptive error message when vm_open() fails
PR: 250671
Reviewed by: grehan
Differential Revision: https://reviews.freebsd.org/D29109
(cherry picked from commit 6bb140e3ca)
(cherry picked from commit a7f81b488d)
librt implement the POSIX realtime extension library.
Move it to clibs instead of utilities as a number of ports uses it
so avoid a dependancy on FreeBSD-utilities.
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D30088
Now the .pc ends up in the correct package (-dev)
Reviewed by: bapt, emaste
Differential Revision: https://reviews.freebsd.org/D29172
MFC after: 2 weeks
After df3b437c1e, older gcc's such as
4.2.1 (still used on earlier branches for e.g. mips and powerpc) and
6.3.0 (still used for some cross-builds) started throwing bogus errors
like:
In file included from /workspace/src/lib/msun/src/s_llround.c:11:0:
/workspace/src/lib/msun/src/s_lround.c:54:31: error: initializer element is not constant
static const type dtype_min = type_min - 0.5;
^~~~~~~~
/workspace/src/lib/msun/src/s_lround.c:55:31: error: initializer element is not constant
static const type dtype_max = type_max + 0.5;
^~~~~~~~
Since 'type_min' and 'type_max' are constants declared just above these
lines this error is nonsensical, but older gcc's are not smart enough.
Work around the error by reusing the (type)DTYPE_MIN and (type)DTYPE_MAX
macros, so I can MFC this right away, unbreaking a few stable builds.
(cherry picked from commit 0bcd49c13a)
It turned out that the (type)DTYPE_MAX conversions at the top of
s_lround.c are now emitted as cvtsi2sd instructions, at least on SSE
capable CPUs. This caused the FE_INEXACT flag to always be set, at least
for the double and float variants. Under clang 11, the whole INRANGE()
comparisons were still optimized away, but this has "improved" in clang
12, due to stricter adherence to the -ffp-exception-behavior=maytrap
compiler flag.
To avoid run-time integer to float conversions, use static constants
instead, so they are computed at compile time, and the INRANGE()
statements are optimized away again, if applicable.
While here, use an integer instead of a floating type to store the test
results in lround_test.c, as this is more appropriate, and we can also
drop the volatile hack.
Reported by: arichardson
(cherry picked from commit df3b437c1e)
These were already compiled for some time on aarch64 and riscv, by
including lib/libcompiler_rt/Makefile.inc, but never exported in the
shared library. Since gcc exports these under version GCC_4.6.0, we do
the same.
This review should replace D11482 for now. For e.g. amd64 more work is
still to be done, as compiler-rt does not seem to support 128 bit long
double math for that architecture.
Reviewed by: cem
Differential Revision: https://reviews.freebsd.org/D28690
(cherry picked from commit 790a6be5a1)
We can use the buffer passed to fread(3) directly in the FILE *.
The buffer needs to be reset before each call to __srefill().
This preserves the expected behavior in all cases.
The change was found originally in OpenBSD and later adopted by NetBSD.
MFC after: 2 weeks
Obtained from: OpenBSD (CVS 1.18)
Differential Revision: https://reviews.freebsd.org/D30548
Casper services expect that the first 3 descriptors (stdin/stdout/stderr)
will point to /dev/null. Which Casper will ensure later. The Casper
services are forked from the original process. If the initial process
closes one of those descriptors, Casper may reuse one of them for it on
purpose. If this is the case, then renumarate the descriptors used by
Casper to higher numbers. This is done already after the fork, so it
doesn't break the parent process.
PR: 255339
Reported by: Borja Marcos <borjam (at) sarenet.es>
Tested by: jkim@
(cherry picked from commit aa310ebfba)
I missed adding these to the libc++ Makefile, when importing
llvm-project 11.0.0-rc1, even though they were supplied by upstream.
While here, update OptionalObsoleteFiles.inc to add these new headers,
and cleanup old cruft.
Reported by: yuri
Submitted by: jkim (Makefile diff)
PR: 255374
MFC after: 3 days
(cherry picked from commit 95aa617e4b)
When we create an nvlist and insert it into another nvlist we must
remember to destroy it. The nvlist_add_nvlist() function makes a copy,
just like nvlist_add_string() makes a copy of the string.
See also 4483fb4773
Reviewed by: scottl
MFC after: 3 days
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D30492
(cherry picked from commit 6dbb729d35)
The length of the attribute header needs to be excluded when comparing
the attribute length against the length of the packet. Otherwise,
validation may incorrectly fail when fetching the final attribute in a
message.
Fixes: 8d5c78130 ("libradius: Fix input validation bugs")
Reported by: Peter Eriksson
Tested by: Peter Eriksson
Sponsored by: The FreeBSD Foundation
(cherry picked from commit 6bb5699d2b)
Track (and display) the interface that created a state, even if it's a
floating state (and thus uses virtual interface 'all').
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D30245
(cherry picked from commit d0fdf2b28f)
Migrate to using the new nvlist-based DIOCGETSTATESNV call to obtain the
states list.
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D30244
(cherry picked from commit bc94129147)
Approved by: so
Security: FreeBSD-SA-21:12.libradius
Security: CVE-2021-29629
Sponsored by: The FreeBSD Foundation
(cherry picked from commit e73975dc321a9ccbbbd65b609aa386b187dad2c1)
- Defined MAXLINE constant (8192 octets by default instead 2048) for
centralized limit setting up. It sets maximum number of characters of
the syslog message. RFC5424 doesn't limit maximum size of the message.
Named after MAXLINE in syslogd(8).
- Fixed size of fmt_cpy buffer up to MAXLINE for rendering formatted
(%m) messages.
- Introduced autoexpansion of sending socket buffer up to MAXLINE.
Differential Revision: https://reviews.freebsd.org/D27205
(cherry picked from commit 9bd7345212)
This allows us to kill states created from a rule with route-to/reply-to
set. This is particularly useful in multi-wan setups, where one of the
WAN links goes down.
Submitted by: Steven Brown
Obtained from: https://github.com/pfsense/FreeBSD-src/pull/11/
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D30058
(cherry picked from commit abbcba9cf5)
Usually rule counters are reset to zero on every update of the ruleset.
With keepcounters set pf will attempt to find matching rules between old
and new rulesets and preserve the rule counters.
MFC after: 4 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D29780
(cherry picked from commit 42ec75f83a)
MAP-E (RFC 7597) requires special care for selecting source ports
in NAT operation on the Customer Edge because a part of bits of the port
numbers are used by the Border Relay to distinguish another side of the
IPv4-over-IPv6 tunnel.
PR: 254577
Reviewed by: kp
Differential Revision: https://reviews.freebsd.org/D29468
(cherry picked from commit 2aa21096c7)
While most 64-bit architectures have an assembly implementation of this
file, RISC-V does not. As we now store 8 bytes instead of 4 it should speed
up RISC-V.
Reviewed By: kib
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D29536
(cherry picked from commit ab147542b7)
While most 64-bit architectures have an assembly implementation of this
file RISC-V does not. As we now copy 8 bytes instead of 4 it should speed
up RISC-V. Using intptr_t instead of int also allows using this file for
CHERI pure-capability code since trying to copy pointers using integer
loads/stores will invalidate pointers.
Reviewed By: kib
Obtained from: CheriBSD (partially)
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D29535
(cherry picked from commit 0b4ad01d91)
Allow up to 5 labels to be set on each rule.
This offers more flexibility in using labels. For example, it replaces
the customer 'schedule' keyword used by pfSense to terminate states
according to a schedule.
Reviewed by: glebius
MFC after: 2 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D29936
(cherry picked from commit 6fcc8e042a)
When parsing the nvlist for a struct pf_addr_wrap we unconditionally
tried to parse "ifname". This broke for PF_ADDR_TABLE when the table
name was longer than IFNAMSIZ. PF_TABLE_NAME_SIZE is longer than
IFNAMSIZ, so this is a valid configuration.
Only parse (or return) ifname or tblname for the corresponding
pf_addr_wrap type.
This manifested as a failure to set rules such as these, where the pfctl
optimiser generated an automatic table:
pass in proto tcp to 192.168.0.1 port ssh
pass in proto tcp to 192.168.0.2 port ssh
pass in proto tcp to 192.168.0.3 port ssh
pass in proto tcp to 192.168.0.4 port ssh
pass in proto tcp to 192.168.0.5 port ssh
pass in proto tcp to 192.168.0.6 port ssh
pass in proto tcp to 192.168.0.7 port ssh
Reported by: Florian Smeets
Tested by: Florian Smeets
Reviewed by: donner
X-MFC-With: 5c11c5a365
MFC after: 2 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D29962
(cherry picked from commit 402dfb0a8d)
Use ${PICFLAG} rather than hard-adding -fPIC, which removes the
requirement for libnv to be built PIC.
MFC after: 4 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")
(cherry picked from commit 8403170b3d)
After the migration to libpfctl for rule retrieval we accidentally lost
support for clearing the rules counters.
Introduce a get_clear variant of pfctl_get_rule() which allows rules
counters to be cleared.
MFC after: 4 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D29727
(cherry picked from commit 4eabfe468b)
Introduce pfctl_pool to be able to extend the pool part of the pf rule
without breaking the ABI.
Reviewed by: kp
MFC after: 4 weeks
Differential Revision: https://reviews.freebsd.org/D29721
(cherry picked from commit 600bd6ce06)
struct pf_rule had a few counter_u64_t counters. Those couldn't be
usefully comminicated with userspace, so the fields were doubled up in
uint64_t u_* versions.
Now that we use struct pfctl_rule (i.e. a fully userspace version) we
can safely change the structure and remove this wart.
Reviewed by: glebius
MFC after: 4 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D29645
(cherry picked from commit ab5707a5cf)
