| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
| |
This would be more accurately expressed as COMPAT_LINUXKPI implying or
requiring backlight, but config(8) doesn't really have a way to express
that. This fixes the build with COMPAT_LINUXKPI specified in one's kernel
config.
Notes:
svn path=/head/; revision=367004
|
| |
|
|
|
|
|
|
|
|
| |
Differential Revision: https://reviews.freebsd.org/D26254
Reviewed by: melifaro@
MFC after: 1 week
Sponsored by: Mellanox Technologies // NVIDIA Networking
Notes:
svn path=/head/; revision=366934
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
into net/if_infiniband.c and net/infiniband.h . No functional change
intended.
Differential Revision: https://reviews.freebsd.org/D26254
Reviewed by: melifaro@
MFC after: 1 week
Sponsored by: Mellanox Technologies // NVIDIA Networking
Notes:
svn path=/head/; revision=366930
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, this supports SHA1 and SHA2-{224,256,384,512} both as plain
hashes and in HMAC mode on both amd64 and i386. It uses the SHA
intrinsics when present similar to aesni(4), but uses SSE/AVX
instructions when they are not.
Note that some files from OpenSSL that normally wrap the assembly
routines have been adapted to export methods usable by 'struct
auth_xform' as is used by existing software crypto routines.
Reviewed by: gallatin, jkim, delphij, gnn
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D26821
Notes:
svn path=/head/; revision=366901
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This uses the .incbin directive to pull in the MFS image contents.
Using assembly directly ensures that symbols can be defined with the
name and properties (such as .size) desired without having to rename
symbols, etc. via a second objcopy invocation. Since it is compiled
by the C compiler driver, it also avoids the need for all of the
EMBEDFS* make variables.
Suggested by: jrtc27
Reviewed by: kib, markj
Obtained from: CheriBSD
MFC after: 2 weeks
Sponsored by: DARPA
Differential Revision: https://reviews.freebsd.org/D26781
Notes:
svn path=/head/; revision=366897
|
| |
|
|
|
|
|
|
|
|
|
| |
This directory doesn't exist and causes gcc-6.4 to complain about
a non-existent include directory
Approved by: kevans, imp
Differential Revision: https://reviews.freebsd.org/D26846
Notes:
svn path=/head/; revision=366818
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
connections over multiple paths.
Multipath routing relies on mbuf flowid data for both transit
and outbound traffic. Current code fills mbuf flowid from inp_flowid
for connection-oriented sockets. However, inp_flowid is currently
not calculated for outbound connections.
This change creates simple hashing functions and starts calculating hashes
for TCP,UDP/UDP-Lite and raw IP if multipath routes are present in the
system.
Reviewed by: glebius (previous version),ae
Differential Revision: https://reviews.freebsd.org/D26523
Notes:
svn path=/head/; revision=366813
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
VMware now has arm64 support; move these to MI files in advance of
building them on arm64.
PR: 250308
Reported by: Vincent Milum Jr
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Notes:
svn path=/head/; revision=366726
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch has the driver for 10Gigabit Ethernet controller in AMD
SoC. This driver is written compatible to the Iflib framework. The
existing driver is for the old version of hardware. The submitted
driver here is for the recent versions of the hardware where the Ethernet
controller is PCI-E based.
Submitted by: Rajesh Kumar <rajesh1.kumar@amd.com>
MFC after: 1 month
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D25793
Notes:
svn path=/head/; revision=366628
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fortuna remains the default; no functional change to GENERIC.
Big picture:
- Scalable entropy generation with per-CPU, buffered local generators.
- "Push" system for reseeding child generators when root PRNG is
reseeded. (Design can be extended to arc4random(9) and userspace
generators.)
- Similar entropy pooling system to Fortuna, but starts with a single
pool to quickly bootstrap as much entropy as possible early on.
- Reseeding from pooled entropy based on time schedule. The time
interval starts small and grows exponentially until reaching a cap.
Again, the goal is to have the RNG state depend on as much entropy as
possible quickly, but still periodically incorporate new entropy for
the same reasons as Fortuna.
Notable design choices in this implementation that differ from those
specified in the whitepaper:
- Blake2B instead of SHA-2 512 for entropy pooling
- Chacha20 instead of AES-CTR DRBG
- Initial seeding. We support more platforms and not all of them use
loader(8). So we have to grab the initial entropy sources in kernel
mode instead, as much as possible. Fortuna didn't have any mechanism
for this aside from the special case of loader-provided previous-boot
entropy, so most of these sources remain TODO after this commit.
Reviewed by: markm
Approved by: csprng (markm)
Differential Revision: https://reviews.freebsd.org/D22837
Notes:
svn path=/head/; revision=366620
|
| |
|
|
|
|
|
|
|
|
|
|
| |
DTS must be synced with the kernel, add a freebsd,dts-version string in
the root node of each DTS that we compile so we can later in the kernel
check that it contain a correct value.
Reviewed by: imp, mmel
Differential Revision: https://reviews.freebsd.org/D26724
Notes:
svn path=/head/; revision=366599
|
| |
|
|
|
|
|
|
|
|
|
| |
makeLINT.mk isn't needed or used anymore, remove it and all the files
it uses.
Reviewed by: kevans
Differential Revision: https://reviews.freebsd.org/D26540
Notes:
svn path=/head/; revision=366560
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
APM BIOS was relevant only to early laptops (approximately P166 or
P200 and slower). These have not been relevant for a long time, and
this code has been untested for a long time (as far as I can
tell). The APM compat code in ACPI and the apm(8) command is not being
retired. Both of these items are still in use (apm(8) is more
scriptable than the replacement acpiconf, for the most part). This has
been commented out of i386 GENERIC since 2002. This code is not
relevant to any other port.
Discussed on: arch@
Notes:
svn path=/head/; revision=366546
|
| |
|
|
|
|
|
|
| |
APM BIOS support is about to be removed. Remove the apm screen saver
and its module. They are about to be irrelevant.
Notes:
svn path=/head/; revision=366545
|
| |
|
|
|
|
|
| |
This driver cannot work without it.
Notes:
svn path=/head/; revision=366396
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change is based on the nexthop objects landed in D24232.
The change introduces the concept of nexthop groups.
Each group contains the collection of nexthops with their
relative weights and a dataplane-optimized structure to enable
efficient nexthop selection.
Simular to the nexthops, nexthop groups are immutable. Dataplane part
gets compiled during group creation and is basically an array of
nexthop pointers, compiled w.r.t their weights.
With this change, `rt_nhop` field of `struct rtentry` contains either
nexthop or nexthop group. They are distinguished by the presense of
NHF_MULTIPATH flag.
All dataplane lookup functions returns pointer to the nexthop object,
leaving nexhop groups details inside routing subsystem.
User-visible changes:
The change is intended to be backward-compatible: all non-mpath operations
should work as before with ROUTE_MPATH and net.route.multipath=1.
All routes now comes with weight, default weight is 1, maximum is 2^24-1.
Current maximum multipath group width is statically set to 64.
This will become sysctl-tunable in the followup changes.
Using functionality:
* Recompile kernel with ROUTE_MPATH
* set net.route.multipath to 1
route add -6 2001:db8::/32 2001:db8::2 -weight 10
route add -6 2001:db8::/32 2001:db8::3 -weight 20
netstat -6On
Nexthop groups data
Internet6:
GrpIdx NhIdx Weight Slots Gateway Netif Refcnt
1 ------- ------- ------- --------------------------------------- --------- 1
13 10 1 2001:db8::2 vlan2
14 20 2 2001:db8::3 vlan2
Next steps:
* Land outbound hashing for locally-originated routes ( D26523 ).
* Fix net/bird multipath (net/frr seems to work fine)
* Add ROUTE_MPATH to GENERIC
* Set net.route.multipath=1 by default
Tested by: olivier
Reviewed by: glebius
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D26449
Notes:
svn path=/head/; revision=366390
|
| |
|
|
|
|
|
|
|
|
|
|
| |
dmi function are used to get smbios values.
The DRM subsystem and drivers use it to enabled (or not) quirks.
Reviewed by: hselasky
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D26046
Notes:
svn path=/head/; revision=366373
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Add backlight function to linuxkpi.
Graphics drivers expose the backlight of the panel directly so allow them to use the backlight subsystem so
user can use backlight(8) to configure them.
Reviewed by: hselasky
Relnotes: yes
Differential Revision: The FreeBSD Foundation
Notes:
svn path=/head/; revision=366372
|
| |
|
|
|
|
|
|
|
|
|
| |
Driver for pwm-backlight compatible device.
Relnotes: yes
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D26252
Notes:
svn path=/head/; revision=366371
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This is a simple subsystem that allow drivers to register as a backlight.
Each backlight creates a device node under /dev/backlight/backlightX and
an alias based on the name provided.
Relnotes: yes
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D26250
Notes:
svn path=/head/; revision=366369
|
| |
|
|
|
|
|
|
|
|
|
| |
This is mostly needed for a common arm64/amd64 iommu code.
Reviewed by: kib
Sponsored by: DARPA, AFRL
Differential Revision: https://reviews.freebsd.org/D26587
Notes:
svn path=/head/; revision=366267
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
LLVM 11 changed the meaning of '-O' from '-O2' to '-O1', which resulted
in debug kernels (with 'makeoptions DEBUG=-g') being built with inlining
disabled, causing severe performance hit.
The -O2 was already being used for building amd64, powerpc, and powerpcspe.
Discussed with: jrtc27, arichardson, bdragon, jhibbits
Sponsored by: DARPA
Differential Revision: https://reviews.freebsd.org/D26471
Notes:
svn path=/head/; revision=366251
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The NOTES files have a bunch of hint lines that are removed when
generating LINT. However, we can achieve the same effect by prepending
each of the lines with 'envvar' so the NOTES files become standard
config(8) files. No functional changes as the sed script to generate
the LINT files filters these either way.
Suggested by: kevans
Notes:
svn path=/head/; revision=366088
|
| |
|
|
|
|
|
|
|
|
|
| |
We left these in the clean rule to avoid having stale files remain in
working trees, but enough time has now passed that it's no longer
relevant.
Discussed with: imp
Notes:
svn path=/head/; revision=366077
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The TCG implementation of mtmsrd in qemu blindly copies the entire register
to the MSR, instead of the specific bit positions listed in the ISA.
This means that qemu will prematurely switch endian out from under the
running code instead of waiting for the rfid, causing an immediate trap
as it attempts to interpret the next instruction in the wrong endianness.
To work around this, ensure PSL_LE is still set before doing the mtmsrd.
In the future, we may wish to just turn off translation and unconditionally
use rfid to switch to the ofmsr instead of quasi-switching to the ofmsr.
Add a new platform option so this can be disabled. (And so that we can
conditonalize additional QEMU-specific hacks in the platform code.)
Sponsored by: Tag1 Consulting, Inc.
Notes:
svn path=/head/; revision=366037
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is the initial set up for PowerPC64LE.
The current plan is for this arch to remain experimental for FreeBSD 13.
This started as a weekend learning project for me and kinda snowballed from
there.
(More to follow momentarily.)
Reviewed by: imp (earlier version), emaste
Sponsored by: Tag1 Consulting, Inc.
Differential Revision: https://reviews.freebsd.org/D26399
Notes:
svn path=/head/; revision=366032
|
| |
|
|
|
|
|
|
|
| |
Obtained from: Chelsio Communications
MFC after: 3 days
Sponsored by: Chelsio Communications
Notes:
svn path=/head/; revision=365861
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
As with .text, the aim is to ensure that executable sections are
segregated from the rest, to avoid creation of writeable and executable
mappings. Recent versions of LLVM emit a PLT in firmware modules.
Reviewed by: kib
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D26444
Notes:
svn path=/head/; revision=365796
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use MACHINE_CPUARCH with arm64 (aarch64) when we build code that could run
on any 64-bit Arm instruction set. This will simplify checks in downstream
consumers targeting prototype instruction sets.
The only place we check for MACHINE_ARCH == aarch64 is when building the
device tree blobs. As these are targeting current generation ISAs.
Sponsored by: Innovate UK
Differential Revision: https://reviews.freebsd.org/D26370
Notes:
svn path=/head/; revision=365726
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There are a couple of places in the tree that directly parse the newvers.sh
script looking for the BRANCH variable. I found two locations, one in
release/Makefile and the other in bin/freebsd-version/Makefile.
While there is a good argument that BRANCH_OVERRIDE should properly
propagate in those circumstances and the new behavior is thus better, the
reality is this change broke freebsd-update's ability to find timestamps in
binaries and resulted in a large number of gratuitous changes.
Reported by: freebsd-update
Discussed with: cperciva
MFC after: 1 day
Notes:
svn path=/head/; revision=365720
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
freebsd-update(8) builds, where BRANCH is suffixed with -p0 for
builds.
Noticed by: gordon
With help from: cperciva
MFC after: 3 days
MFC note: before 12.2-BETA2
Sponsored by: Rubicon Communications, LLC (netgate.com)
Notes:
svn path=/head/; revision=365646
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This option was marked as broken because our riscv64-xtoolchain-gcc
package lacked support. Since we are moving away from xtoolchain gcc in
favor of freebsd-gcc9, there should be no issue in enabling this option
by default.
Notably, this enables -Wformat errors.
Reviewed by: kp, jhb
Differential Revision: https://reviews.freebsd.org/D26320
Notes:
svn path=/head/; revision=365456
|
| |
|
|
|
|
|
| |
Sponsored by: Innovate UK
Notes:
svn path=/head/; revision=365451
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
A PL061 is a simple 8 pin GPIO controller. This GPIO device is used to
signal an internal request for shutdown on some virtual machines including
Arm-based Amazon EC2 instances.
Submitted by: Ali Saidi <alisaidi_amazon.com> (previouss version)
Reviewed by: Ali Saidi, manu
Differential Revision: https://reviews.freebsd.org/D24065
Notes:
svn path=/head/; revision=365450
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Work around llvm 11 miscompile in 32 bit powerpc that appears to cause ifuncs
to branch to the wrong address by forcing -O2. This worked in previous
versions because -O was mapped to -O2 previously (but is now -O1.)
While here, remove the old temporary workaround from r224882 that does the
opposite thing for powerpc non-DEBUG kernels, bringing it in line with other
platforms that compile at -O2.
This fixes kernel boot on powerpc and powerpcspe after the llvm11 transition.
Sponsored by: Tag1 Consulting, Inc.
Notes:
svn path=/head/; revision=365441
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Allwinner USB DRD is based on the Mentor USB OTG controller, with a
different register layout and a few missing registers.
The code is by Andrew Turner (andrew).
Reviewed by: hselasky, manu
Obtained from: andrew
MFC after: 5 weeks
Differential Revision: https://reviews.freebsd.org/D5881
Notes:
svn path=/head/; revision=365398
|
| |
|
|
|
|
|
|
|
|
| |
- fixes jail delegation
- fixes raw kstat unsupported complaints
- exposes dbgmsg, dbuf, and checksum benchmark stats
- restore rename -u support
Notes:
svn path=/head/; revision=365347
|
| |
|
|
|
|
|
|
|
|
|
| |
This package is intended to be used with ice(4) version 0.26.16. That
update will happen in a forthcoming commit.
MFC after: 3 days
Sponsored by: Intel Corporation
Notes:
svn path=/head/; revision=365332
|
| |
|
|
|
|
|
|
|
|
| |
Make sure that building dev/sdhci/sdhci_fsl_fdt.c has all the right
dependencies until a proper fix can be made.
Sponsored by: Mellanox Technologies // NVIDIA Networking
Notes:
svn path=/head/; revision=365244
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Implement support for an eSDHC controller found in NXP QorIQ Layerscape SoCs.
This driver has been tested with NXP LS1046A and LX2160A (Honeycomb board),
which is incompatible with the existing sdhci_fsl driver (aiming at older
chips from this family). As such, it is not intended as replacement for
the old driver, but rather serves as an improved alternative for SoCs that
support it.
It comes with support for both PIO and Single DMA modes and samples the
clock from the extres clk API.
Submitted by: Artur Rojek <ar@semihalf.com>
Reviewed by: manu, mmel, kibab
Obtained from: Semihalf
Sponsored by: Alstom Group
Differential Revision: https://reviews.freebsd.org/D26153
Notes:
svn path=/head/; revision=365054
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
development board.
Submitted by: Denis Salopek <denis.salopek AT fer.hr>
Reported by: zec, bz (src); rgrimes, bcr (manpages)
MFC after: 7 days
Sponsored by: Google Summer of Code 2020
Differential Revision: https://reviews.freebsd.org/D26074
Notes:
svn path=/head/; revision=364973
|
| |
|
|
| |
Notes:
svn path=/head/; revision=364923
|
| |
|
|
|
|
|
|
|
|
|
|
| |
in the LinuxKPI.
Differential Revision: https://reviews.freebsd.org/D25101
Reviewed by: kib @
MFC after: 1 week
Sponsored by: Mellanox Technologies
Notes:
svn path=/head/; revision=364860
|
| |
|
|
|
|
|
|
|
| |
When using relative paths for the linker we have to transform the name
since clang does not like -fuse-ld=ld.lld and instead requires -fuse-ld=lld
(the same also applies for ld.bfd).
Notes:
svn path=/head/; revision=364807
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
I went through the merge and found the rest of the instances where
${MACHINE_ARCH} == "powerpc" was being used to detect 32-bit and adjusted
the rest of the instances to also check for powerpcspe.
mips32* will probably want to do the same.
Sponsored by: Tag1 Consulting, Inc.
Notes:
svn path=/head/; revision=364781
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is needed so that setting LD/XLD is not ignored when linking with $CC
instead of directly using $LD. Currently only clang accepts an absolute
path for -fuse-ld= (Clang 12+ will add a new --ld-path flag), so we now
warn when building with GCC and $LD != "ld" since that might result in the
wrong linker being used.
We have been setting XLD=/path/to/cheri/ld.lld in CheriBSD for a long time and
used a similar version of this patch to avoid linking with /usr/bin/ld.
This change is also required when building FreeBSD on an Ubuntu with Clang:
In that case we set XCC=/usr/lib/llvm-10/bin/clang and since
/usr/lib/llvm-10/bin/ does not contain a "ld" binary the build fails with
`clang: error: unable to execute command: Executable "ld" doesn't exist!`
unless we pass -fuse-ld=/usr/lib/llvm-10/bin/ld.lld.
This change passes -fuse-ld instead of copying ${XLD} to WOLRDTMP/bin/ld
since then we would have to ensure that this file does not exist while
building the bootstrap tools. The cross-linker might not be compatible with
the host linker (e.g. when building on macos: host-linker= Mach-O /usr/bin/ld,
cross-linker=LLVM ld.lld).
Reviewed By: brooks, emaste
Differential Revision: https://reviews.freebsd.org/D26055
Notes:
svn path=/head/; revision=364761
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The most awkward bit in this patch is the bootstrapping of m4:
We can't simply use the host version of m4 since that is not compatible
with the flags passed by lex (at least on macOS, possibly also on Linux).
Therefore we need to bootstrap m4, but lex needs m4 to build and m4 also
depends on lex (which needs m4 to generate any files). To work around this
cyclic dependency we can build a bootstrap version of m4 (with pre-generated
files) then use that to build the real m4.
This patch also changes the xz/unxz/dd tools to always use the host version
since the version in the source tree cannot easily be bootstrapped on macOS
or Linux.
Reviewed By: brooks, imp (earlier version)
Differential Revision: https://reviews.freebsd.org/D25992
Notes:
svn path=/head/; revision=364760
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The primary benefit is maintaining a completely shared
code base with the community allowing FreeBSD to receive
new features sooner and with less effort.
I would advise against doing 'zpool upgrade'
or creating indispensable pools using new
features until this change has had a month+
to soak.
Work on merging FreeBSD support in to what was
at the time "ZFS on Linux" began in August 2018.
I first publicly proposed transitioning FreeBSD
to (new) OpenZFS on December 18th, 2018. FreeBSD
support in OpenZFS was finally completed in December
2019. A CFT for downstreaming OpenZFS support in
to FreeBSD was first issued on July 8th. All issues
that were reported have been addressed or, for
a couple of less critical matters there are
pull requests in progress with OpenZFS. iXsystems
has tested and dogfooded extensively internally.
The TrueNAS 12 release is based on OpenZFS with
some additional features that have not yet made
it upstream.
Improvements include:
project quotas, encrypted datasets,
allocation classes, vectorized raidz,
vectorized checksums, various command line
improvements, zstd compression.
Thanks to those who have helped along the way:
Ryan Moeller, Allan Jude, Zack Welch, and many
others.
Sponsored by: iXsystems, Inc.
Differential Revision: https://reviews.freebsd.org/D25872
Notes:
svn path=/head/; revision=364746
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
An internet draft titled "Towards Remote Procedure Call Encryption By Default"
describes how TLS is to be used for Sun RPC, with NFS as an intended use case.
This patch adds client and server support for this to the kernel RPC,
using KERN_TLS and upcalls to daemons for the handshake, peer reset and
other non-application data record cases.
The upcalls to the daemons use three fields to uniquely identify the
TCP connection. They are the time.tv_sec, time.tv_usec of the connection
establshment, plus a 64bit sequence number. The time fields avoid problems
with re-use of the sequence number after a daemon restart.
For the server side, once a Null RPC with AUTH_TLS is received, kernel
reception on the socket is blocked and an upcall to the rpctlssd(8) daemon
is done to perform the TLS handshake. Upon completion, the completion
status of the handshake is stored in xp_tls as flag bits and the reply to
the Null RPC is sent.
For the client, if CLSET_TLS has been set, a new TCP connection will
send the Null RPC with AUTH_TLS to initiate the handshake. The client
kernel RPC code will then block kernel I/O on the socket and do an upcall
to the rpctlscd(8) daemon to perform the handshake.
If the upcall is successful, ct_rcvstate will be maintained to indicate
if/when an upcall is being done.
If non-application data records are received, the code does an upcall to
the appropriate daemon, which will do a SSL_read() of 0 length to handle
the record(s).
When the socket is being shut down, upcalls are done to the daemons, so
that they can perform SSL_shutdown() calls to perform the "peer reset".
The rpctlssd(8) and rpctlscd(8) daemons require a patched version of the
openssl library and, as such, will not be committed to head at this time.
Although the changes done by this patch are fairly numerous, there should
be no semantics change to the kernel RPC at this time.
A future commit to the NFS code will optionally enable use of TLS for NFS.
Notes:
svn path=/head/; revision=364475
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Allow to dynamically grow the amount of fibs in each vnet.
This change alters current behavior. Currently, if one defines
ROUTETABLES > 1 in the kernel config, each vnet will be created
with the number of fibs defined in the kernel config.
After this commit vnets will be created with fibs=1.
Dynamic net.fibs is not compatible with net.add_addr_allfibs.
The plan is to deprecate the latter and make
net.add_addr_allfibs=0 default behaviour.
Reviewed by: glebius
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D26062
Notes:
svn path=/head/; revision=364465
|
