Move off and hdrlen into pdesc
and change their type from int to u_int32_t. Do not pass struct
tcphdr *th and sa_family_t af, it is in pd anyway. Do not use af
and pd->af intermixed, the latter makes clear where it comes from.
Do not calculate the packet length again if pd already has it. Use
pd2.off instead of off2.
go go go go don't stop henning@ mpf@
Obtained from: OpenBSD, bluhm <bluhm@openbsd.org>, 110e53770d
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D46937
Move the call to pf_test_rule() for fragments that have not been
reassembled by normalization from pf_setup_pdesc() to pf_test().
This simplifies the paramter list of pf_setup_pdesc() as it can
concentrate on its job filling the pf_pdesc struct.
ok henning mpf
Obtained from: OpenBSD, bluhm <bluhm@openbsd.org>, fb9fe53b92
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D46935
Deduplicate IPv4 and IPv6 code that handles fragments that have not
been reassembled by normalization.
ok henning claudio
Obtained from: OpenBSD, bluhm <bluhm@openbsd.org>, ddd2494207
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D46934
When one of the state limits is reached, further packets that would
create state are dropped, until existing states time out. Discussed
with mcbride, ok henning, jmc
Obtained from: OpenBSD, mikeb <mikeb@openbsd.org>, 677ed08ce1
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D46932
Replace the IPv6 header walking loop in pf_test_state_icmp() with
the common function pf_walk_header6(). For that, pf_walk_header6()
can now extract both the information wether it is a fragment and
the final protocol if it is the first fragment. This allows to
match the icmp6 too big packet of a first fragment to the reassembled
packet's state. This is neccesary if a refragmented fragment is
to big for the Path-MTU.
Note that pd.proto contains the real protocol number for the first
fragment and IPPROTO_FRAGMENT for later fragments. pd.virtual_protocol
is set to PF_VPROTO_FRAGMENT for all fragments.
ok mcbride@
Obtained from: OpenBSD, bluhm <bluhm@openbsd.org>, 90b3c57e94
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D46931
If ipv4+icmp6 or ipv6+icmp packets were embedded into an icmp
payload, we missed to drop them. While there, also add a reason
to the corresponding check in pf_test().
ok mcbride@ claudio@
Obtained from: OpenBSD, bluhm <bluhm@openbsd.org>, 7ce93f3346
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D46929
This simplifies the code a little, because we can now avoid looking at the
IP(v6) header at all in pf_test() itself.
We do have to move the Jumbogram check into pf_setup_pdesc as well.
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D46928
ensure that we won't enter an endless loop while iterating over
an address pool. problem found and solution tested by claudio.
ok claudio, henning, "reads fine" to zinke
Obtained from: OpenBSD, mikeb <mikeb@openbsd.org>, e4fc4bddb9
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D46927
There were two loops in pf_setup_pdesc() and pf_normalize_ip6()
walking over the IPv6 header chain. Merge them into one loop,
adjust some length checks and fix IPv6 jumbo option handling. Also
allow strange but legal IPv6 packets with plen=0 passing through
pf. IPv6 jumbo packets still get dropped.
testing dhill@; ok mcbride@ henning@
Obtained from: OpenBSD, bluhm <bluhm@openbsd.org>, d68283bbf0
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D46925
The sendmail service script needs to be stopped during shutdown
to ensure a clean shutdown of active SMTP connections (and writing
any in memory queue files).
rcorder(8) requires the rcorder block to be an uninterrupted sequence of
REQUIRE, PROVIDE, BEFORE, and KEYWORD lines. Having a comment in between
REQUIRE and KEYWORD makes rcorder stop parsing the block when it reaches
the comment.
Fix that by moving the comment out from the rcorder block.
Reviewed by: bnovkov, christos, gshapiro, markj
Approved by: bnovkov (mentor), christos (mentor), markj (mentor)
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D46924
@pho has reported that this change leads to a failure of the mmap28.sh
stress test, and I have confirmed it, so I withdraw it for further
study.
This reverts commit af4cd5e7b5.
Use a pctrie_lookup to avoid walking over low out-of-range buf list
entries, and an early break to avoid the high out-of-range
entries. Avoid writing almost identical loops for the dirty and clean
lists.
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D46963
With 8GB disk image and FAT32, our read offset calculation wraps over
32-bit integer and we end up reading garbage. The problem appears when
disk image is filled with data and the block to bytes translations do
not fit into 32-bit integers.
illumos issue: https://www.illumos.org/issues/16666
Sponsored by: MNX Cloud, Inc.
MFC after: 1 week
Replace the regex trying to catch the branch name of the existing
repository which was too naive with simpler glob matching.
As a result the only case when we only use the new packages are:
moving from alpha to beta
moving from beta to rc
moving from rc to release
changing the major version number for the main git branch
PR: 281393
Differential Revision: D46874
Currently the lib32 crt files (/usr/lib32/Scrt1.o etc.) are placed in
the clibs-dev package rather than the clibs-dev-lib32 package.
The /usr/lib32/dtrace/drti.o file is similarly placed in the dtrace
package rather than the dtrace-lib32 package.
Splitting shared libraries in /usr/lib32 into a -lib32 package is
handled in bsd.lib.mk by adding "lib32" to TAGS. However bsd.files.mk
ignores TAGS and only honors ${group}TAGS since 144c442.
This patch changes the behavior of bsd.files.mk to honor TAGS if the
default FILES group is used. This matches the handling of PACKAGE, which
is also ignored unless the default FILES group is used.
With this patch, both the clibs and dtrace package are split correctly.
PR: 249145
Reviewed by: bapt
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D46991
The ldd32 binary is currently in the utilities package but belongs in
utilities-lib32. This patch corrects the situation.
PR: 249145
Reviewed by: emaste
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D47023
POSIX requires us to print an error message and exit non-zero if
writing to stdout fails. This can only happen if sflag is unset.
MFC after: 3 days
Sponsored by: Klara, Inc.
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D47020
Consistently use the shorter name 'obj' for the new object.
Set OBJ_POSIXSHM flag outside if, it is set on both pathes.
Suggested by: alc
Reviewed by: alc, markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D47018
As of commit 91a9e4e01d ("capsicum: propagate rights on sctp_peeloff")
a capability is generated from sctp_peeloff(cap_fd,...). Enable the
corresponding test code.
PR: 201052
Reviewed by: oshogbo, tuexen
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D47000
HAVE_SCTP is #defined in syscalls.h, so move the #ifdef after the
inclusion of the header that #defines it.
Issue https://github.com/google/capsicum-test/issues/60 is open upstream
in case a slightly different version is needed for Linux.
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D46995
These were reported by `mandoc -T lint ...` as errors.
The rendered output (in ascii and html) is not affected by this commit.
Signed-off-by: Graham Percival <gperciva@tarsnap.com>
Reviewed by: mhorne, Alexander Ziaee <concussious.bugzilla@runbox.com>
MFC after: 3 days
Sponsored by: Tarsnap Backup Inc.
Pull Request: https://github.com/freebsd/freebsd-src/pull/1454
These were reported by `mandoc -T lint ...` as errors.
Signed-off-by: Graham Percival <gperciva@tarsnap.com>
Reviewed by: mhorne
MFC after: 3 days
Sponsored by: Tarsnap Backup Inc.
Pull Request: https://github.com/freebsd/freebsd-src/pull/1453
This mirrors the equivalent option in GNU coreutils env, but does not
add support for long options.
MFC after: 3 days
Relnotes: yes
Sponsored by: Klara, Inc.
Reviewed by: 0mp, bcr
Differential Revision: https://reviews.freebsd.org/D47008
Add the KVMO_FLAG_POSIXSHM flag. Fill the path.
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D46970
Add flag KVME_FLAG_POSIXSHM. Fill kve_path with the path of the
segment.
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D46970
to calculate the posix shm path from the vm_object backing shm segment.
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D46970
and consistently store the pointer to shmfd into pager priv data space.
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D46970