TCP sequence number differences should be computed using SEQ_SUB().
Differential Revision: https://reviews.freebsd.org/D35505
Reviewed by: rscheff@
Sponsored by: NVIDIA Networking
(cherry picked from commit f5766992c0)
The physical address argument is essentially ignored by every dumper
method. In addition, the dump routines don't actually pass a real
address; every call to dump_append() passes a value of zero for
physical.
Reviewed by: markj
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D35173
(cherry picked from commit 489ba22236)
Previously, if an encrypted netdump failed, such as due to a timeout or
network failure, the key was not saved, so a partial dump was
completely useless.
Send the key first, so the partial dump can be decrypted, because even a
partial dump can be useful.
Reviewed by: bdrewery, markj
MFC after: 1 week
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D31453
(cherry picked from commit 13a58148de)
When the TCP sequence number subtracted is greater than 2**32 minus
the window size, or 2**31 minus the window size, the use of unsigned
long as an intermediate variable, may result in an incorrect retransmit
length computation on all 64-bit platforms.
While at it create a helper macro to facilitate the computation of
the difference between two TCP sequence numbers.
Differential Revision: https://reviews.freebsd.org/D35388
Reviewed by: rscheff
Sponsored by: NVIDIA Networking
(cherry picked from commit 28173d49dc)
If the interface does not support debugnet(4) we should bail early,
rather than having the user find this out at the time of the panic.
dumpon(8) already expects this return value and will print a helpful
error message.
Reviewed by: cem, markj
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D35180
(cherry picked from commit 38a36057ae)
When exporting sysctls to Prometheus, the exporter replaces "." with
"_". This caused several metrics to alias, confusing the Prometheus
server. Fix it by:
* Renaming the "tcp_log_bucket" UMA zone to "tcp_log_id_bucket". Also,
rename "tcp_log_node" to "tcp_log_id_node" for consistency.
* Not exporting sysctls with "(LEGACY)" in the description. That is
used by ZFS sysctls that have been replaced by others, many of which
alias to the same Prometheus metric name (like "vfs.zfs.arc_max" and
"vfs.zfs.arc.max").
PR: 259607
Reported by: delphij
Sponsored by: Axcient
Reviewed by: delphij,rew,thj
Differential Revision: https://reviews.freebsd.org/D34952
(cherry picked from commit 8c47d8f538)
This code was marked gone_in(13), so its time has passed.
The only consumer of this interface is dumpon(8). We do not maintain
strict backwards compatibility for this utility because a) it
can't/shouldn't be used from a jail or chroot and b) it is highly
specific interface unique to FreeBSD. The host's (presumably more
up-to-date) copy of dumpon(8) should be used to configure kernel dump
devices.
Reviewed by: markj, emaste
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D34913
(cherry picked from commit 9c90bfcd31)
For IPv4 use dst pointer as destination address in fib4_lookup().
It keeps destination address from IPv4 header and can be changed
when PACKET_TAG_IPFORWARD tag was set by packet filter.
For IPv6 override destination address with address from dst_sa.sin6_addr,
that was set from PACKET_TAG_IPFORWARD tag.
Reviewed by: eugen
PR: 256828, 261697, 255705
Differential Revision: https://reviews.freebsd.org/D34732
(cherry picked from commit 7d98cc096b)
Also convert raw epoch_call() calls to lltable_free_entry() calls, no
functional change intended. There's no need to asynchronously free the
LLEs in that case to begin with, but we might as well use the lltable
interfaces consistently.
Noticed by code inspection; I believe lltable_calc_llheader() failures
do not generally happen in practice.
Reviewed by: bz
Sponsored by: The FreeBSD Foundation
(cherry picked from commit 990a6d18b0)
Historically, lltable_try_set_entry_addr() would release the LLE lock
upon failure. After some refactoring, it no longer does so, but
consumers were not adjusted accordingly.
Also fix a leak that can occur if lltable_calc_llheader() fails in the
ARP code, but I suspect that such a failure can only occur due to a code
bug.
Reviewed by: bz, melifaro
Reported by: pho
Fixes: 0b79b007eb ("[lltable] Restructure nd6 code.")
Sponsored by: The FreeBSD Foundation
(cherry picked from commit dd91d84486)
Introduce a new function, lltable_get(), to retrieve lltable pointer
for the specified interface and family.
Use it to avoid all-iftable list traversal when adding or deleting
ARP/ND records.
Differential Revision: https://reviews.freebsd.org/D33660
MFC after: 2 weeks
(cherry picked from commit ff3a85d324)
VNET teardown waits 2*MSL (60 seconds by default) before expiring
tcp PCBs. These PCBs holds references to nexthops, which, in turn,
reference ifnets. This chain results in VNET interfaces being destroyed
and moved to default VNET only after 60 seconds.
Allow tcp_msl to be set in jail by virtualising net.inet.tcp.msl sysctl,
permitting more predictable VNET tests outcomes.
MFC after: 1 week
Reviewed by: glebius
Differential Revision: https://reviews.freebsd.org/D33270
(cherry picked from commit c2c8e360d8)
udp_set_kernel_tunneling() rejects new callbacks if one is already set.
Allow callbacks to be cleared. The use case for this is OpenVPN DCO,
where the socket is opened by userspace and then adopted by the kernel
to run the tunnel. If the DCO interface is removed but userspace does
not close the socket (something the kernel cannot prevent) the installed
callbacks could be called with an invalidated context.
Allow new functions to be set, but only if they're NULL (i.e. allow the
callback functions to be cleared).
Reviewed by: tuexen
MFC after: 3 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D34288
(cherry picked from commit 995cba5a0c)
When a connection is established to use TCP-MD5, tcp_twrespond() doesn't
respond with a signed segment. This results in the host performing the
active close to remain in a TIME_WAIT state and the other host in the
LAST_ACK state. Fix this by sending a signed segment when the connection
is established to use TCP-MD5.
Reviewed by: glebius
Differential Revision: https://reviews.freebsd.org/D33490
(cherry picked from commit 2a28b045ca)
The tcp:::debug-input probe is passed an mbuf pointer, use the correct
translator for ipinfo_t when defining tcp:::debug-input.
Fixes: 82988b50a1 ("Add an mbuf to ipinfo_t translator to finish ...")
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D33066
(cherry picked from commit 08d157a832)
Thanks to Timo Voelker for making me aware that sctp_mtu_size_reset()
is very similar to sctp_pathmtu_adjustment().
(cherry picked from commit 1adb91e521)
Allow the resending of DATA chunks to be controlled by the caller,
which allows retiring sctp_mtu_size_reset() in a separate commit.
Also improve the computaion of the overhead and use 32-bit integers
consistently.
Thanks to Timo Voelker for pointing me to the code.
(cherry picked from commit 2de2ae331b)
