FreeBSD Network Status Week 41 2024

Hey folks, here we are rounding out another week of development. This Network Status Report is an experiment I am making on documenting what has been happening in the FreeBSD network stack by generating reports with the help of some simple tooling. This is the third such report, but the first one I've really told anyone about.

The previous reports are available here , some context and goals are available in the first weeks report .

A big change for this week is streaming of the report writing process. I'm hoping that by being more open about this there will be a weekly chance for community engagement - at least for people that like the network stack.

Goings on

Since last week I have integrated collating notes into my tooling (and if you consumed the stream broke the script a little). This means I can capture things going by on the mailing lists more easily for discussion later.

The bugzilla storm continues, when it starts to slow down I'll review pulling in interesting bugs.

What I want from reviews and bugs is a list of interesting things in the last week. That might be new items, but it is also likely to be items that have had a change in the last week, lots of comments, or have finally closed. Landing commits aren't so interesting. I think I have the bugzilla query sorted out, but I cannot for the life of me get sense from the phabricator API.

If you can generate queries that sort of match what I want AND they will give me plain text summaries as helpful as a git --oneline I'd love to see them.

Fall 2024 FreeBSD Summit

On the 7th and 8th of November 2024 there will be a FreeBSD Summit kindly hosted by NetApp in their San Jose campus.

So far the program includes:

• Pawel Dawidek, Fudo Security on "FreeBSD Security Improvements"
• Dorr Clark, NetScaler on “Using FreeBSD in Products"
• George Neville-Neil on "OSDB: Turning the Tables on Kernel Data"
• Dr. Marshall Kirk McKusick on “History of the BSD Daemon”
• And more!

The summit is open to the public, with a registration fee of US $150.

Registration and event information is available here:

axgbe CFT

zlei@ has an open call for testing for come changes to the axgbe driver. This changes how the axgbe driver handles the promisc flag, zlei@ doesn't have hardware available to test. If you use axgbe then you should test and report results on the phabricator review.

https://reviews.freebsd.org/D46794

Transport

Oddly not TCP caught in my filter this week, but there have been some improvements around the SCTP API.

• 4466a97e83fd sctp: check locking requirements
• e1a09d1e9df3 sctp: make sctp_free_ifn() static
• 2e9761eb80f3 sctp: cleanup sctp_delete_ifn
• 91a9e4e01dab sctp: propagate cap rights on sctp_peeloff
• e4550c9aa06a capsicum-test: include SCTP tests
• 1d83090d850f capsicum-test: skip SCTP tests if SCTP not available

tuexen@ has been doing some review of locking and socket options. Generally the socket layer is quite complex, getting this right is difficult.

• 3326ab87cc22 getsockopt: improve locking for SOL_SOCKET level socket options

Netdev

kbowling@ MFC'd a lot of stuff from the Intel driver changes we covered the past two weeks. That is great news if you are on a stable branch of FreeBSD.

A big change is the re-addition of Adaptive Interrupt Mode for the e1000 series NICS (including lem , em and igb ). AIM gives a balance between latency when there are relatively low packet rates and performance when the link is very busy.

In most cases kbowling@ says:

this might be worth a few sys% on common CPUs, but may be meaningful when
multiplied such as if_lagg, if_bridge and forwarding setups.

• 3e501ef89667 e1000: Re-add AIM

In WiFi land bz@ landed a nice rtw89 panic fix:

• 41b746e05231 LinuxKPI: 802.11: fix ieee80211_schedule_txq() to avoid rtw89 panic

And we see some other bits of tidying up in cxgbe , mlx5 and iflib .

• 8e5b07dd0885 mlx5_ipsec: add enough #ifdef IPSEC_OFFLOAD to make LINT_NOIP compilable
• 2851aafe96c1 mlx5 ipsec_offload: ensure that driver does not dereference dead sahindex
• 52e5a66eac22 cxgbe(4): Use correct synchronization when marking the adapter offline.
• 816100089283 iflib: Make iflib_stop() static

Firewalls

A mixture of tidy ups with several changes coming through from OpenBSD. If I were to guess (and I am!) many of these are from presentations and conversations at EuroBSDCon. If I were to ask kp@ he would tell me this was part of an ongoing continuous maintenance project sponsored by Netgate.

• 8978a080cfa7 pf: remove redundant arguments to pf_state_key_addr_setup()
• 9a405864e0cf pf: move the mbuf into struct pf_pdesc too
• 08b53c6efcae pf: remove switch (af) default cases
• b4a42589116b pf: put kif into struct pf_pdesc
• 739731b8ca80 pf: consolidate pf function parameters
• 9414b8dbf1e4 pf: unify some IPv4/IPv6 code in pf_setup_pdesc()
• 05896f1ef8be pf: move pf_test_rule() out of pf_setup_pdesc()
• abc8996e7fa6 pf: deduplicate IPv4 and IPv6 code that handles fragments
• 5de77e952a2f pf: remove the last hand-rolled IPv6 extension header loop
• 7b033960e15a pf: stricter address family checks in icmp-in-icmp
• 5c3d74eca642 pf: add ttl to pf_pdesc
• 7d0f8cd93bce pf: ensure that we won't enter an endless loop
• 8de7f8ed5eef pf: reduce IPv6 header parsing code duplication
• 6562157dfad0 pfctl: avoid possible SIGSEGV when wrong tos option
• ee9f418c8041 pfctl: correctly print skip steps in -vv mode
• d01949e8a210 pf.conf.5: sync documentation with code on the matter of max state limit behavior
• 34aa6f2c2db5 pflogd: Move struct definitions out of header file

And the continued netlinkification of pf .

• 48f5bf8be6fa pf: convert DIOCGETRULESET to netlink
• 25e0f8f99f54 pf: convert DIOCGETRULESETS to netlink

igoro@ made some tidy up commits to dummymbuf. While I have seen commits go by I hadn't looked into dummymbuf(4) yet. This is test kernel module for unusual mbuf layouts which hooks into the pfil (firewall) layer.

• dfcb8de5ef80 dummymbuf: Log the entire rule set if no delimiters are present
• 6bd8d85579a1 dummymbuf: Fix code style
• 9f146a81d2b3 dummymbuf: Validate syntax upon write to net.dummymbuf.rules sysctl

For continued compatibility with libpcap some struct definitions for pflogd were moved out of the header file, preventing others from using them.

User Tooling

Fix stopping sendmail during shutdown.

• 8751fbe36ff0 rc.d/sendmail: Fix stopping service during shutdown

And finally a big change to kyua, skipped tests no longer report as passing.

• 99689201a1eb kyua: Do not count skipped as passed in test cmd

Please Send Feedback

As with last week are are at ~50 minutes as I get to this part of the report.

I am going to disseminate this one much further, probably to the freebsd-net and current mailing lists.

I would love to know if this summary was any help, if it was, or if you think I should cover other thing please let me know (thj@freebsd.org).

If you find a typo or have a correct let me know and I'll thank you at the end here.

• Boris asked for there to be an rss feed, so there is now one here
• Graham Perrin hight lighted a typo in the tags ( tags->tag ) link.
• Jim Thompson told me off for guessing.

You can see all prior posts here. ( rss )

My work on FreeBSD is supported by the FreeBSD Foundation , you can contribute to improving FreeBSD with code, documentation or financially by donating to the FreeBSD Foundation .