the range checks are not needed because both members
(statelim and sourcelim) are uint8_t, they implicitly
fit desired range <0, 255>. Unbreaks gcc build.
Pointed out by deraadt@
OK deraadt@
Obtained from: OpenBSD, sashan <sashan@openbsd.org>, 3a7be1e428
Sponsored by: Rubicon Communications, LLC ("Netgate")
Deviate a little from the OpenBSD code, to avoid unexpected output
changes.
Don't print limiter information when we show the rules (or labels).
Do include the source and state limiters in the 'all' (pfctl -sa) output
and give them their own titles.
Sponsored by: Rubicon Communications, LLC ("Netgate")
The 'introduce source and state limiters' commit added source and state
limiters, and used Stlimiters and Srclimiters as show options. However,
FreeBSD had 'Sources' as a show option already. This means that
'pfctl -sS' would now be ambiguous. Avoid this by renaming the new
options.
Sponsored by: Rubicon Communications, LLC ("Netgate")
both source and state limiters can provide constraints on the number
of states that a set of rules can create, and optionally the rate
at which they are created. state limiters have a single limit, but
source limiters apply limits against a source address (or network).
the source address entries are dynamically created and destroyed,
and are also limited.
this started out because i was struggling to understand the source and
state tracking options in pf.conf, and looking at the code made it
worse. it looked like some functionality was missing, and the code also
did some things that surprised me. taking a step back from it, even it
if did work, what is described doesn't work well outside very simple
environments.
the functionality i'm talking about is most of the stuff in the
Stateful Tracking Options section of pf.conf(4).
some of the problems are illustrated one of the simplest options:
the "max number" option that limits the number of states that a
rule is allowed to create:
- wiring limits up to rules is a problem because when you load a
new ruleset the limit is reset, allowing more states to be created
than you intended.
- a single "rule" in pf.conf can expand to multiple rules in the
kernel thanks to things like macro expansion for multiple ports.
"max 1000" on a line in pf.conf could end up being many times
that in effect.
- when a state limit on a rule is reached, the packet is dropped.
this makes it difficult to do other things with the packet, such a
redirect it to a tarpit or another server that replies with an
outage notices or such.
a state limiter solves these problems. the example from the pf.conf.5
change demonstrates this:
An example use case for a state limiter is to restrict the number of
connections allowed to a service that is accessible via multiple
protocols, e.g. a DNS server that can be accessed by both TCP and UDP on
port 53, DNS-over-TLS on TCP port 853, and DNS-over-HTTPS on TCP port 443
can be limited to 1000 concurrent connections:
state limiter "dns-server" id 1 limit 1000
pass in proto { tcp udp } to port domain state limiter "dns-server"
pass in proto tcp to port { 853 443 } state limiter "dns-server"
a single limit across all these protocols can't be implemented with
per rule state limits, and any limits that were applied are reset
if the ruleset is reloaded.
the existing source-track implementation appears to be incomplete,
i could only see code for "source-track global", but not "source-track
rule". source-track global is too heavy and unweildy a hammer, and
source-track rule would suffer the same issues around rule lifetimes
and expansions that the "max number" state tracking config above has.
a slightly expanded example from the pf.conf.5 change for source limiters:
An example use for a source limiter is the mitigation of denial of
service caused by the exhaustion of firewall resources by network or port
scans from outside the network. The states created by any one scanner
from any one source address can be limited to avoid impacting other
sources. Below, up to 10000 IPv4 hosts and IPv6 /64 networks from the
external network are each limited to a maximum of 1000 connections, and
are rate limited to creating 100 states over a 10 second interval:
source limiter "internet" id 1 entries 10000 \
limit 1000 rate 100/10 \
inet6 mask 64
block in on egress
pass in quick on egress source limiter "internet"
pass in on egress proto tcp probability 20% rdr-to $tarpit
the extra bit is if the source limiter doesn't have "space" for the
state, the rule doesn't match and you can fall through to tarpitting
20% of the tcp connections for fun.
i've been using this in anger in production for over 3 years now.
sashan@ has been poking me along (slowly) to get it in a good enough
shape for the tree for a long time. it's been one of those years.
bluhm@ says this doesnt break the regress tests.
ok sashan@
Obtained from: OpenBSD, dlg <dlg@openbsd.org>, 8463cae72e
Sponsored by: Rubicon Communications, LLC ("Netgate")
Add support for the MacBookPro11,5 (Mid 2015, 15-inch with AMD Radeon R9 M370X GPU)
to the Apple SMC driver.
Debug testing revealed this model lacks several SMC keys present on MacBookPro11,4
(IBLC, ICMC, IC2C), that model-specific sensor definitions.
Differential Revision: https://reviews.freebsd.org/D54665
Reviewed by: adrian
The mtw(4) driver works correctly on initial boot, but fails to initialize
the MT7601U WiFi adapter after a warm reboot.
Users must either physically unplug and replug the USB adapter, or perform a
full power cycle to restore functionality, if usb power is always powered
(only a replug works)
The root cause is that warm reboot does not power-cycle USB devices,
leaving the MT7601U in a stale state from the previous session.
The MCU retains its ready flag and the device ignores initialization
commands, resulting in timeout waiting for MCU to initialize errors.
At the OS Level, pinging 1.1.1.1 will work, but the speed will be very
slow. In addition in debug mode, we see thousand of error logs.
This patch addresses the issue by:
* Performing USB re-enumeration on attach to reset the device state
* Detecting when the MCU is already marked ready (stale from previous
session) and forcing a reset of the MCU before loading firmware
* Increasing the firmware load timeout from 3s to 10s to accommodate
slower initialization after reset
* Increasing MCU ready poll attempts from 100 to 300 with longer delays
to handle devices that take longer to become ready after reset
Note: The increase was random, lower value might work.
Test Plan:
Tested on MacBook Pro (late-2015) and a MacMini with MediaTek MT7601U
USB adapter across multiple warm reboot cycles.
With the mac-mini and a another desktop, the issue happens only if
connected via an always powered usb hub port in the monitor.
The laptop don't power cycle it power.
Differential Revision: https://reviews.freebsd.org/D54659
Reviewed by: adrian
VT_SETMODE ioctl currently checks the provided signal numbers with its
own ISSIGVALID macro that uses NSIG (32) as a maximum, although the code
that will actually send the signal in sys/kern/kern_sig.c uses
_SIG_VALID which allows up to _SIG_MAXSIG (128).
This change aligns the vt code with the kernel internals and enables the
use of higher signal numbers so that applications are not limited to
SIGUSR1 and SIGUSR2 for vt release and acquire signals.
Signed-off-by: Quentin Thébault <quentin.thebault@defenso.fr>
Reviewed by: emaste, imp, kevans
Differential Revision: https://reviews.freebsd.org/D53615
Implement STYPE_SUSPEND_TO_IDLE sleep type added in c43473dc9b
("sys/power: Generic sleep types").
This is a prerequisite for the firmware to enter the S0ix states. When
suspending to idle, the system stays in an ACPI S0 state, but the CPUs
are idled and devices are suspended/resumed before and after this as
they would be when entering any other sleep type (except for AWAKE and
POWEROFF).
Factor out do_standby, do_sleep, and add a new do_idle function for
idling the CPU (a future patch will make this an idle loop and not just
a simple cpu_idle() call). In do_idle, SCIs (interrupt 9) are enabled to
allow wake events to break the CPU out of idle.
Record all the steps made instead of just the last one in slp_state,
which allows for more flexible unwinding (will be useful to not have to
goto breakout if the SPMC entry call fails when that is committed).
A lot of this borrows from Ben Widawsky's patch: D17675. The main
functional difference with that patch is that suspend-to-idle is a
wholly separate sleep type in this one as opposed to being an
alternative implementation for s2mem (S3).
Reviewed by: emaste, olce
Approved by: olce
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D48734
Function to enable specific IRQ source.
This will be used by the s2idle code to enable just SCIs on x86 to break
the CPU out of idle.
Reviewed by: olce
Approved by: olce
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D48734
Creation of enc0 before SI_SUB_PROTO_MC mangles the MLD list as well as
encounters IGMP mutex not initialized yet.
Reported & tested by: mjg
NB: the enc(4) is not a true interface indeed. In a perfect world the
module shall not create a cloner, shall not enter if_attach(), shall not
trigger ifnet_arrival_event, neither shall have any protocol attached to
it. The enc0 exists for two purposes: 1) create a bpf(9) tap; 2) to allow
injection packets in the middle of ipsec(4) processing temporarily
rewriting m_pkthdr.rcvif to point at enc0. While the problem 1 is already
solved with a recent divorce between bpf(9) and ifnet(9), the problem 2 is
harder to solve without breaking packet filter rules that use "via enc0".
This is supposed to be a dtrace_id_t, which is a uint32_t, while id_t is
a uint64_t. sdt.h avoids depending on dtrace.h so we can't use
dtrace_id_t directly.
Bump __FreeBSD_version since the layout of structures in the SDT probe
linker set has changed.
Sponsored by: NetApp, Inc.
Sponsored by: Klara, Inc.
Detect presence of FEAT_MOPS, and enable instruction set and set HWCAP2 flag
if present.
Add handler for MOE exceptions.
Reviewed by: andrew
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D54558
This is no longer used after commit
99282790b7 moved ELF notes from C to
assembly.
Reviewed by: kib
Fixes: 99282790b7 ("Remove the sed hack for ABI tag notes.")
Sponsored by: AFRL, DARPA
Differential Revision: https://reviews.freebsd.org/D54506
State that the object charge is zero if object->cred == NULL, or equal
to the ptoa(object->size) otherwise.
Besides being much simpler, the transition to use object->size corrects
the architectural issue with the use of object->charge. The split
operations effectively carve the holes in the charged regions, but
single counter cannot properly express it. As result, coalescing
anonymous mappings cannot calculate correctly if the extended mapping
already backed by the existing object is already accounted or not [1].
To properly solve the issue, either we need to start tracking exact
charged regions in the anonymous objects, which has the significant
overhead and complications. Or give up on the slight over-accounting
and charge the whole object unconditionally, as it is done in the patch.
Reported by: mmel, pho [1]
Reviewed by: markj
Tested by: pho
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D54572
When an attempt to increase the swap charge for the ucred failed, we
must forcibly increase the charge to allow the vmspace_destroy()
operation to correctly un-charge the accumulated objects.
Add a swap_reserve_force_by_cred() helper and use it in
vmspace_unshare(), same as it is done in normal fork operations.
Reviewed by: markj
Tested by: pho
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D54572
The -c and -m flags are mututally exclusive. Also minor manual fixes:
+ Angle quotes do not work in prose, use double quote matching extant
+ Align manual page options list
+ Tag SPDX license identifier for manual
PR: 292408
MFC after: 3 days
Add rc.conf defaults for the os-release URL settings introduced in the
os-release rc.d script. This makes it easier for downstream integrators
and appliances to override the URLs via rc.conf instead of patching the
script.
The following variables are added to libexec/rc/rc.conf:
- osrelease_home_url
- osrelease_documentation_url
- osrelease_support_url
- osrelease_bug_report_url
These correspond to HOME_URL, DOCUMENTATION_URL, SUPPORT_URL, and
BUG_REPORT_URL in the generated os-release file.
Signed-off-by: NVSRahul <nvsrahul@hotmail.com>
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1961
Add DOCUMENTATION_URL and SUPPORT_URL to the generated /var/run/os-release
file, and route the existing URLs through rc.conf-configurable variables:
- osrelease_home_url
- osrelease_documentation_url
- osrelease_support_url
- osrelease_bug_report_url
This allows downstreams and appliance vendors to customize these URLs
without patching the base script, while providing useful defaults for
stock FreeBSD installations.
Tested:
- sh -n libexec/rc/rc.d/os-release
- (No FreeBSD host available; not runtime-tested yet)
Signed-off-by: NVSRahul <nvsrahul@hotmail.com>
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1961
And refer to dist sets as "legacy." This matches our expectation for
FreeBSD 16.0.
Reviewed by: cperciva
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D54156
Bump the timeout value (a little more), to avoid cutoff on emulated
architectures on ci.freebsd.org.
Reported by: Jenkins
Fixes: 47015e4546 ("tests: Increase timeout")
MFC after: 3 days