FreeBSD Network Status Week 03 2025

Happy New Year and welcome back to FreeBSD Network Status Reports. I hope you had a great time over the Winter Pause (if you did pause) and are ready for another great year of improvements to FreeBSD.

I have opted to do a mega report, there have been 705 commits to FreeBSD main since my last update so we should get going before any more sneak in.

Goings on

BSD Devroom at FOSDEM 2024

The Devroom program is available here . I am speaking about writing these reports and staffing the Project/Foundation table the rest of the time. I could do with help covering the table (which must always be staffed) for the weekend. If you want to help send me an email (thj@freebsd.org)

Transport

In RACK and BBR there have been a bunch of tidy up changes simplifying code.

• e7fbf52a3e38 TCP BBR: remove dead code
• 4c89d59e0cda TCP RACK: don't log an uninitialized value
• e8ec28047df5 TCP RACK: fix TCP_RACK_PACING_BETA socket option
• 061727efe1e3 TCP BBR: remove dead code
• c28fefe1dc44 TCP BBR: remove dead code
• bb9525f30214 TCP RACK: fix TCP fast open
• 84e894ce1309 TCP RACK: remove variable with is only initialized and not changed
• 4bce1a19fcfa TCP BBR: remove code which is not needed
• 305c40dc552f TCP BBR: simplify expression
• 41af5eeefc2c TCP RACK: remove code that cannot be reached
• 88766e7af52b TCP BBR: fix integer overflow
• 4173a3a009a4 TCP BBR: simplify expression
• deb4252e9e7c TCP RACK: remove un-needed assignment
• 8471791eb6ee TCP RACK: simplify condition
• c7e81cc04369 TCP BBR: do not log an uninitialized value
• 3b9da3dcd11f TCP RACK: avoid using uninitialized tot_idle variable
• 1781324db2bc TCP BBR: remove code which is never executed
• 5ec914e06c96 TCP BBR: fix condition when sending a tail loss probe
• 0ce13b1d580f TCP RACK: add comment
• b47dcb4b1ff1 TCP BBR: fix getsockopt() for TCP_BBR_USEDEL_RATE
• 4f3a0c719780 TCP RACK: don't use an uninitialized variable
• 4940584bbf0b TCP RACK, BBR: cleanup of ctf_process_inbound_raw()
• b5739c8b1222 TCP RACK, BBR: ensure return value is always ininitialized
• 16e8e99f1d41 TCP RACK: remove redundant check
• 895347fc10c5 TCP BBR: remove assignments without effect

I think the other TCP changes fall under maintenance and general code quality. The "don't send beyond advertised window" change is an indicator of how complex TCP is to work on.

• 2cadbe468a8e tcp_wrappers: Use default C standard version
• 3604a050eedb tcp_hpts: refactor the per tcpcb call to either input/output method
• 1043b36b2054 tcp: don't send beyond receivers advertised window
• b84f41b4e82d tcp: properly reset sackhint values when SACK recovery is done
• 72c11c40ab5b tcp: make sack_rxmit in tcp_output() a bool
• 31034044ff27 tcp: cleanup of nits after use of accessor tcp_get_flags
• c91dd7a054b3 tcp: remove unused variable from tcp_usr_disconnect()

Network Stack

Better MTU selection when using ipsec.

• f87074000873 ip6_output(): if mtu is not yet computed for ipsec hook, use ifp mtu

Changes in VNET, more socket sysctl parameters are virtualised and there have been some fixes.

• 38d947b53cbc netisr: fix compilation without VIMAGE
• 4c0e435bfbad unix: avoid VNET recursion in unp_connectat()
• a1be7978f187 netisr: avoid VNET recursion warning in netisr_register()
• 1e9bca400b9c sockets: assert VNET set in sopeeraddr()
• 59498e099cc0 sockets: virtualize kern.ipc.numopensockets
• 4155be454c46 sockets: virtualize kern.ipc.soacceptqueue

Several commits to netlink.

• 90b1df4f4df9 netlink: small cleanup of generic snl(3)
• c3df2fa9a755 netlink: snl_create_msg_request() may fail due to ENOMEM
• 3ce003c8b615 netlink: restore the ability to delete PINNED routes
• 6ed3486980c9 netlink: avoid underflow of groups bitset index
• 926d2eadcb67 netlink: some refactoring of NETLINK_GENERIC layer
• 26d1ad5a44e1 netlink: snl_create_genl_msg_request() may fail due to ENOMEM
• bbe6559cf958 netlink: fix size comparison
• 8a8d095718cb netlink: add snl(3) primitive to obtain group ID
• 0fda4ffd6905 netlink: augment group writer with priv(9) argument

Netdev

Some fixes to mlx5 in SRIOV.

• b762b199afc6 mlx5: Eliminate the use of mlx5_rule_fwd_action
• 2fb2c0351237 mlx5_core: fix "no space" error on sriov enablement
• 29a9d7c6ce78 mlx5_core: fix panic on sriov enablement

An update for the Cisco Virtual Interface Card driver to better handle MTU changes.

• 0acab8b3d133 enic(4): fix down/up, MTU changes and more

Wireless

adrian@ has been working on rtwn and it is growing into the WiFi device with the best support. IF you have supported USB hardware and want to try higher rates then testing CURRENT now would be appreciated.

• 8896f36587f4 rtwn: allow firmware rate control to be enabled for rtl8192cu
• ce7fca19287c rtwn: refactor out the r92c path protection decision / configuration
• ea347b7fda20 rtwn: refactor out datarate and short preamble setup
• f45f66fadacc rtwn: explicitly configure RTS based on basic rates
• f167ba73574a rtwn: fix RTWN_RIDX_VHT_MCS() macro
• ec07af2a3d49 rtwn: announce VHT support for RTL8812AU/RTL8821AU.
• 82182587bcc3 rtwn: add VHT20/VHT40/VHT80 bandwidth configuration for transmit.
• dd58d03a2a46 rtwn: set the maximum A-MPDU size correctly for RTL8812AU/RTL8821AU
• d82bfe73a3f4 rtwn: don't set the RTS/CTS primary channel field for RTL8812AU/RTL8821AU
• 93411b39fff2 rtwn: calculate control rate for VHT rate frames
• 64ecfc27dbd4 rtwn: add forcerate flag to TX descriptor setup
• 2be951a526cb rtwn: enable VHT if it's configured in the device
• cbc331d153cf rtwn: fix builds on non-x86 platforms
• aa178783710f rtwn: print out the firmware file being loaded
• 06b7335701fa rtwn: add rtwn_ctl_vhtrate(), some cleanups
• 307f9c351588 rtwn: only set INIRATE if we're not doing firmware rate control.
• af2e102c4065 rtwn: enable periodic TX reporting support on RTL8188EU NICs.
• 7ddf19492cd9 rtwn: add support for register IO debugging
• 4fad98b5c8d7 rtwn: remove SEQ_SEL, replace with a QOS bit
• 791170aaf7ef rtwn: make sure RCR_APPFCS stays set in monitor mode / mode changes.
• 9efd215411bb rtwn: create a new HAL routine for enabling STA mode beacon processing
• 300c843b075c rtwn: bring the r92c rate control setup selection in line with tx descriptors
• eb6314510c88 rtwn: disable a workaround introduced earlier for RTL8192CU TX performance
• aaaca5f288fa rtwn: add a default OFDM / CCK rate for self-generated frames
• 4e2bd8cf08f4 rtwn: set the shortgi flag in the RTL8192C rate control setup message
• 371a4ee9a384 rtwn: add SGI flag for the rate control message
• 745a85824748 rtwn: update rtwn_get_rates() to separate out the CCK/OFDM and HT rates
• 638fcd53db7d rtwn: bump up the RX USB buffers
• 0ea7f8ca66f3 rtwn: try enforcing net80211 regulatory / txpower limits for 11n chips
• 6858c6b1e1a9 rtwn: refactor out the TX power register power dump, condense output
• b71805e991fb rtwn: add APIs for setting transmit power
• cf6b389f7c48 rtwn: add tx power training for RTL8812/RTL8821
• 35e63136a8c2 rtwn: add a register value for R92C_FPGA0_POWER_SAVE, and other bits
• 7b71689c9ccd rtwn: update RTL8812AU/RTL8821AU receive path to include VHT info
• 7722d5e21477 rtwn: add RTL8812/RTL8821 VHT80 channel programming, spur management

Changes in net80211 and LinuxKPI to support HT and VHT rates. We are getting closer to the Linux KPI drivers having reasonably modern throughputs.

• 2c8b0d6205f6 net80211 / LinuxKPI 802.11: correct enum ieee80211_sta_rx_bw
• 5fdc4824a5e2 net80211: (v)ht: use macros at hand
• a3a308f0f29b lib80211: regdomain: add the two other 160MHz bands
• 1832eb102e10 net80211: add missing 80Mhz and 160Mhz channel ranges
• 054c5ddf587a net80211: add IEEE80211_IS_LOCKED()
• 912a05670ed9 net80211: add helper functions for VHT transmit
• 42410c6d682c ifconfig: make -vht work
• 07f6575585bf LinuxKPI: 802.11: turn on debugfs for iwlwifi and rtw88
• e6d40f90110a net80211: correct typo s/Insure/Ensure/
• cf71349a23f0 ifconfig: 802.11: fix indentation of a line
• f1aeb5d850cf LinuxKPI: 802.11: add a print mask for ieee80211_rx_status_flags bits
• 91a4107d6d30 ifconfig: remove debug printfs from set80211vhtconf()
• 2372f8cc640c LinuxKPI 802.11 / rtw88: make packets flow again
• 95a7aa800987 LinuxKPI: 802.11: implement wiphy_{,un}lock()
• 5d09d1070737 iwlwifi: add missing blank, unwrap line

I think from the rtwn stuff some longer standing issues in ath were fixed.

• cc3b7b7e715d ath_hal_ar9300: implement the TX/RX chainmask override for AR9300 HAL
• 18fabd338ce7 ath_hal_ar9300: quick refactor of tx/rx chain handling

gavin@ has started poking on the Broadcom NICs you might see in old MacBooks.

• 6ea1ce222c7c bhnd: Fix a few use after frees when releasing resources

Firewalls

Much has happened in PF in the last month. OpenBSD's NAT rewrite support has been partially imported, with accommodation for FreeBSD's existing rule syntax. SCTP support has been expanded and is growing towards TCP support in PF.

There have been test, documentation support and bug fixes to help the NAT write and SCTP handling.

• 886396f1b1a7 pf: Force logging if pf_create_state() fails
• 2d2481c35f5a pf: add extra SCTP multihoming probe points
• d90854a60a91 pf: reset index if it's outside the table
• 3b79f6d2d394 pf: do not keep state when dropping overlapping IPv6 fragments
• 1941d370bf89 pf: pass struct pf_pdesc to pf_walk_option6() and pf_walk_header6()
• 0300b49ac821 pf.conf.5: fix description for tcp.opening timeout
• a8136ab47c97 pfctl: convert an snprintf to strlcpy
• 6a3266f72e43 pf: drop IPv6 packets built from overlapping fragments in pf reassembly
• b6a5e2213938 pf.conf.5: make "self" a bit more visible
• 481374d5f7b0 pf: remove pf_remove_fragment()
• f2a1e40bb19b pf: simplify state key setup
• 37101926c920 pf improve the icmp direction check
• 0d68985b0170 pfctl: unbreak rule optimizer
• f88019e8a35c pf: fixup af-to regression with match rules
• 4aafc73d1255 pfctl: pfctl_set_hostid always returns 0
• 441d489493e8 pf: convert DIOCRCLRTABLES to netlink
• 7d5e02b01577 pf: allow ICMP messages related to an SCTP state to pass
• e9255dafa1ef pf: netlink KPI use cleanup
• 4be8e29e776b pf: initialise addresses in pf_get_transaddr_af()
• 07579e2110b3 pf: sprinkle const over function arguments
• 54ead732cf08 pf: deduplicate IPPROTO_ICMPV6 and IPPROTO_ICMP handling
• ec30ca2e13ae pf: remove impossible condition
• f25d7ff3037e pf: SCTP abort messages fully close the connection
• 01eb1261443d pf: fix double free in pf_state_key_attach()
• 5d1219378dd5 pf: teach nat64 to handle 0 UDP checksums
• 32cac604487b pf tests: test dummynet on nat64 rules
• 706b42cc4bd9 pf: give the correct address family to dummynet after nat64
• 08a512019ccb pf: fix dummynet + route-to for IPv6
• 7f3d159b9ff2 pf tests: test using an address range inside a table for nat64
• bdb583afa198 pf tests: test address range as nat64 from address
• e0dcc51ddb43 pfctl: do not allow af-to tables without round-robin
• b0e3fb7e65c3 pf: fix nat64 round-robin addresses from a table
• 9e039875cb40 pf tests: verify pool use for nat64
• 125e395278cf pf tests: test not having an IPv4 address to nat64 to
• 27fca15016a9 pf tests: validate ToS translation with nat64
• 1df79d81343d pf: preserve TOS with nat64
• e128e988a26a pf tests: check packet reassembly with nat64
• 7cae58a44955 pf: handle fragmentation for nat64
• 6c5c91a039c7 pf: update pd->tot_len after reassembly
• b717c67686c0 pf tests: verify that we preserve the hop limit/TTL for ICMP errors
• c6210cfd58f6 pf: fix if-bound with nat64
• d7e9df4fc67f pfctl: print_rule: rename opts -> ropts
• f1ddd7f1dae6 pf: add forgotten fixup for icmp6 id's when translating
• 373d6dbf34a8 pf tests: verify that ICMP destination unreachable makes it through NAT64
• bc66cb3bfa9b pf tests: verify that ICMP port unreachable makes it through NAT64
• a4e040329525 pf tests: verify that TCP RST makes it through NAT64
• 86bcaedd35f4 pfctl: basic nat64 parser test
• a43589dcbf8b pf tests: add an SCTP test case for nat64
• 7e309356b009 pf tests: add a UDP test case for nat64
• 22c634905bd4 pf tests: add a TCP test case for nat64
• 0656a680567a pf tests: basic nat64 test case
• 0749d8134300 pf tests: check cleared time when zeroing stats for table addresses
• eaf484fdb70d pf.conf.5: document af-to (aka nat64)
• aa69fdf1542d pfctl: change for af-to / NAT64 support.
• b8e538443882 pf: drop packets if they fail nat64 translation
• d89a5d853e2b pf: support nat64 for SCTP
• ea9113be3f19 pf: extra route lookup in pf_route(6)()
• ebe11b46988e pf: fix state export in the face of NAT64
• fcdb520c1b4e pf: nat64
• e4e0f497429c in: add in_mask2len()
• 2d7e68d5cd76 pf: add post-NAT src/dst address/port to pf_pdesc
• e11dacbf8484 pf: partially import OpenBSD's NAT rewrite
• 85570785b9ce pf: remove unused variable from pf_pdesc
• 67b655980885 pf: fix address range handling in pfr_pool_get()
• 358c5f5c0899 pf: fix cleanup deadlock
• 725003da5302 pf.conf.5: Fix endpoint-independent description

User Tooling

A fix in ping for minimum packet for ping sweeps and better error messages.

• 8408510c7769 ping: adjust error messages and comments for -gGh flags
• 39d3c81c43c7 ping: correct minimal payload size for the sweep ping

Other stuff

This is kind of a WiFi change, but it is important for how FreeBSD deals with firmware. Historically firmware was loaded as a kernel module and then requested by a driver, getting a opaque blob to send to the device. For CVS(?) it has to be uuencoded, which wasn't a real problem for a long time. From 15 firmware can just be loaded from disk as a blob, this frees up drivers a bit certainly making development easier, but it makes it more difficult for things like loader to load kernel modules and know that firmware will be there. Expect some churn. while thinks improve.

• af0a81b6470a iwm: Stop shipping firmware as kernel module
• 11f3da565519 pkgbase: Remove /boot/firmware from bootloader package

Please Send Feedback

There was a lot of stuff in the last month, but I decided to trim out most of the picked commits rather than make a lot of "small improvement" comments on huge series of changes. It is good to see the number of changes that pf gets every week and occasional bursts in other areas.

I would love to know if this summary was any help, if it was, or if you think I should cover other thing please let me know (thj@freebsd.org).

If you find a typo or have a correct let me know and I'll thank you at the end here.

You can see all prior posts here. ( rss )

My work on FreeBSD is supported by the FreeBSD Foundation , you can contribute to improving FreeBSD with code, documentation or financially by donating to the FreeBSD Foundation .