4cf9f5d8 kib Feb. 2, 2022, 9:39 a.m.
instead of only OBJ_ANON objects that are backing, as it is now.
This is required for e.g. vm_meter is_object_active() detection, and
should be useful in some more cases.

Use refcount KPI for all objects, regardless of owning the object lock,
and the fact that currently OBJ_ANON cannot change for the live object.

Noted and reviewed by:	markj
Tested by:	pho
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D33549
77223d98 wma Feb. 2, 2022, 5:48 a.m.
Remove duplicated epoch_enter and epoch_exit in IP inp/outp routines.
Remove unnecessary macros as well.

Obtained from:		Semihalf
Spponsored by:		Stormshield
Reviewed by:		glebius
Differential revision:	https://reviews.freebsd.org/D34030
445ecc48 cy Feb. 2, 2022, 3:55 a.m.
MFC after:	3 days
978c7e22 jhb Feb. 1, 2022, 9:25 p.m.
This fixes -Wstrict-prototypes and -Wold-style-definition warnings
from GCC 9.
aa720825 jhb Feb. 1, 2022, 6:38 p.m.
Also add comment to the public header to avoid
making another conflict in future.

Reviewed by:	jkim
Obtained from:	OpenSSL commit 5d4975ecd88ac17d0749513a8fac9a7c7befd900
MFC after:	1 week
Sponsored by:	Netflix
Differential Revision:	https://reviews.freebsd.org/D34135
4e1bc961 mhorne Feb. 1, 2022, 5:59 p.m.
This allows entering the debugger at the earliest possible time, if
the '-d' argument is passed to the kernel.

Reviewed by:	jhb
Sponsored by:	The FreeBSD Foundation
MFC after:	3 days
Differential Revision:	https://reviews.freebsd.org/D34120
e6ee2b65 mhorne Feb. 1, 2022, 5:59 p.m.
It allows quickly entering ddb(4) over a serial line.

Reviewed by:	jhb
MFC after:	3 days
Differential Revision:	https://reviews.freebsd.org/D34119
93e28d6e rscheff Feb. 1, 2022, 5:41 p.m.
TCP per RFC793 has 4 reserved flag bits for future use. One
of those bits may be used for Accurate ECN.
This patch is to include these bits in the LRO code to ease
the extensibility if/when these bits are used.

Reviewed By: hselasky, rrs, #transport
Sponsored by:        NetApp, Inc.
Differential Revision: https://reviews.freebsd.org/D34127
8a67a1a9 jhb Feb. 1, 2022, 5:45 p.m.
This fixes a -Wsign-compare error reported by GCC due to the two
results of the ternary operator having differing signedness.

Reviewed by:	dougm, rlibby
Differential Revision:	https://reviews.freebsd.org/D34122
792df7ce wosch Feb. 1, 2022, 5:26 p.m.
4daa31c1 kp Feb. 1, 2022, 5:17 p.m.
6d4baa0d01 incorrectly rounded the lenght of the pflog header up to 8
bytes, rather than 4.

PR:		261566
Reported by:	Guy Harris <gharris@sonic.net>
MFC after:	1 week
Sponsored by:	Rubicon Communications, LLC ("Netgate")
84d7b8e7 hselasky Feb. 1, 2022, 3:21 p.m.
TLS RX support is modeled after TLS TX support. The basic structures and layouts
are almost identical, except that the send tag created filters RX traffic and
not TX traffic.

The TLS RX tag keeps track of past TLS records up to a certain limit,
approximately 1 Gbyte of TCP data. TLS records of same length are joined
into a single database record.

Regularly the HW is queried for TLS RX progress information. The TCP sequence
number gotten from the HW is then matches against the database of TLS TCP
sequence number records and lengths. If a match is found a static params WQE
is queued on the IQ and the hardware should immediately resume decrypting TLS
data until the next non-sequential TCP packet arrives.

Offloading TLS RX data is supported for untagged, prio-tagged, and
regular VLAN traffic.

MFC after:	1 week
Sponsored by:	NVIDIA Networking
e6d7ac1d hselasky Feb. 1, 2022, 3:21 p.m.
If the driver_version capability bit is enabled, send the driver
version to firmware after the init HCA command, for display purposes.

Example of driver version: "FreeBSD,mlx5_core,14.0.0,3.x-xxx"

Linux commits:

MFC after:	1 week
Sponsored by:	NVIDIA Networking
8e332232 hselasky Feb. 1, 2022, 3:21 p.m.
These objects will eventually be used to switch TLS RX traffic.

MFC after:	1 week
Sponsored by:	NVIDIA Networking
ea00d7e8 hselasky Feb. 1, 2022, 3:21 p.m.
Currently, unicast/multicast loopback raw ethernet (non-RDMA) packets
are sent back to the vport.  A unicast loopback packet is the packet
with destination MAC address the same as the source MAC address.  For
multicast, the destination MAC address is in the vport's multicast
filter list.

Moreover, the local loopback is not needed if there is one or none
user space context.

After this patch, the raw ethernet unicast and multicast local
loopback are disabled by default. When there is more than one user
space context, the local loopback is enabled.

Note that when local loopback is disabled, raw ethernet packets are
not looped back to the vport and are forwarded to the next routing
level (eswitch, or multihost switch, or out to the wire depending on
the configuration).

Linux commits:

MFC after:	1 week
Sponsored by:	NVIDIA Networking