f449384c cem Oct. 22, 2018, 1:27 a.m.
Reported by:	rgrimes
cgit ViewVC
24dd643d jhibbits Oct. 22, 2018, 12:27 a.m.
si_addr is the address of the instruction executing at the time the
signal was sent.  Populate this field with srr0, which, though not
always the case, is most often the instruction that triggered the fault.
cgit ViewVC
6f4827ac jhibbits Oct. 22, 2018, 12:21 a.m.
debugf() is unnecessary for the TLB printing functions, as they're only
intended to be used from ddb.  Instead, make them full DDB 'show'
commands, so now it can be written as 'show tlb1' and 'show tlb0'
instead of calling the function, hoping DEBUG has been defined.
cgit ViewVC
410634ef eugen Oct. 21, 2018, 9:29 p.m.
Currently, icmp_error() function copies FIB number from original packet
into generated ICMP response but not mbuf_tags(9) chain.
This prevents us from easily matching ICMP responses corresponding
to tagged original packets by means of packet filter such as ipfw(8).
For example, ICMP "time-exceeded in-transit" packets usually generated
in response to traceroute probes lose tags attached to original packets.

This change adds new sysctl net.inet.icmp.error_keeptags
that defaults to 0 to avoid extra overhead when this feature not needed.

Set net.inet.icmp.error_keeptags=1 to make icmp_error() copy mbuf_tags
from original packet to generated ICMP response.

PR:		215874
MFC after:	1 month
cgit ViewVC
a00d5618 kp Oct. 21, 2018, 9:17 p.m.
If pf logs the user id ('pass out log (user)') have tcpdump also print
this.

Example output:
 00:00:00.000000 rule 0/0(match) [uid 1001]: pass out on vtnet0: (tos 0x0, ttl 64, id 57539, offset 0, flags [none], proto UDP (17), length 55)
    172.16.2.2.18337 > 172.16.2.1.53: [bad udp cksum 0x5c58 -> 0x16e4!] 40222+ A? google.be. (27)

PR:		122773
Differential Revision:	https://reviews.freebsd.org/D17625
cgit ViewVC
f252e3f2 ae Oct. 21, 2018, 6:39 p.m.
MFC after:	1 month
cgit ViewVC
cc958ed2 ae Oct. 21, 2018, 6:30 p.m.
Fix exiting an epoch(9) we never entered. May happen only with MAC.

MFC after:	1 month
cgit ViewVC
2c87fdf0 ae Oct. 21, 2018, 6:24 p.m.
* use CK_LIST and FNV hash to keep chains of softc;
* read access to softc is protected by epoch();
* write access is protected by ipsec_ioctl_sx. Changing of softc fields
  is allowed only when softc is unlinked from CK_LIST chains.
* linking/unlinking of softc is allowed only when ipsec_ioctl_sx is
  exclusive locked.
* the plain LIST of all softc is replaced by hash table that uses ingress
  address of tunnels as a key.
* added support for appearing/disappearing of ingress address handling.
  Now it is allowed configure non-local ingress IP address, and thus the
  problem with if_ipsec(4) configuration that happens on boot, when
  ingress address is not yet configured, is solved.

MFC after:	1 month
Sponsored by:	Yandex LLC
Differential Revision:	https://reviews.freebsd.org/D17190
cgit ViewVC
df49ca9f ae Oct. 21, 2018, 6:18 p.m.
* register handler for ingress address appearing/disappearing;
* add new srcaddr hash table for fast softc lookup by srcaddr;
* when srcaddr disappears, clear IFF_DRV_RUNNING flag from interface,
  and set it otherwise;

MFC after:	1 month
Sponsored by:	Yandex LLC
cgit ViewVC
19873f47 ae Oct. 21, 2018, 6:13 p.m.
* register handler for ingress address appearing/disappearing;
* add new srcaddr hash table for fast softc lookup by srcaddr;
* when srcaddr disappears, clear IFF_DRV_RUNNING flag from interface,
  and set it otherwise;

MFC after:	1 month
Sponsored by:	Yandex LLC
Differential Revision:	https://reviews.freebsd.org/D17214
cgit ViewVC
009d82ee ae Oct. 21, 2018, 6:06 p.m.
* register handler for ingress address appearing/disappearing;
* add new srcaddr hash table for fast softc lookup by srcaddr;
* when srcaddr disappears, clear IFF_DRV_RUNNING flag from interface,
  and set it otherwise;
* remove the note about ingress address from BUGS section.

MFC after:	1 month
Sponsored by:	Yandex LLC
Differential Revision:	https://reviews.freebsd.org/D17134
cgit ViewVC
8251c68d ae Oct. 21, 2018, 5:55 p.m.
appearing and disappearing on the host system.

Such handling is need, because tunneling interfaces must use addresses,
that are configured on the host as ingress addresses for tunnels.
Otherwise the system can send spoofed packets with source address, that
belongs to foreign host.

The KPI uses ifaddr_event_ext event to implement addresses tracking.
Tunneling interfaces register event handlers and then they are
notified by the kernel, when an address disappears or appears.

ifaddr_event_compat() handler from if.c replaced by srcaddr_change_event()
in the ip_encap.c

MFC after:	1 month
Sponsored by:	Yandex LLC
Differential Revision:	https://reviews.freebsd.org/D17134
cgit ViewVC
6ab6e9d3 vmaffione Oct. 21, 2018, 5:15 p.m.
The current documentation describing the syntax of a VALE port is wrong.
This patch fixes it to make it consistent.

Approved by:	bcr, gnn (mentor)
Differential Revision:	https://reviews.freebsd.org/D17411
cgit ViewVC
5191a3ae kp Oct. 21, 2018, 4:51 p.m.
vlan_lladdr_fn() is called from taskqueue, which means there's no vnet context
set. We can end up trying to send ARP messages (through the iflladdr_event
event), which requires a vnet context.

PR:		227654
MFC after:	3 days
cgit ViewVC
c4b23051 imp Oct. 21, 2018, 4:49 p.m.
Sebastian Bach's twenty children, it hasn't been seen in many years.
cgit ViewVC