FreeBSD Network Status 2025 Week 05

Here we are 8% of the way through the year and the end of January. Perfect time to check in with what is going on in FreeBSD.

Goings on

BSD Devroom at FOSDEM 2024

I'm writing today above the North Sea on my flight to AMS on the way to Brussels for FOSDEM. The BSD Devroom is running tomorrow (Saturday the 1st of Feb) and there is a great line up of talks. If you are within a reasonable travel distance head over, its a free event and there is a ton of stuff going on.

Beyond the talks there will be a FreeBSD table for the project and the foundation. We have stickers and I'll be there if you want to chat about goings on in the project or to complain about some of the bugs I've written recently.

Stab week

This was the first stab week of the year and two regressions were picked up through repeatided stabbings:

• Compilation failure on 32-bit platforms. Fix [5289625dfecb] (https://cgit.freebsd.org/src/commit/?id=5289625dfecb)
• Instant panic with SO_REUSEPORT_LB and nginx. Fix 06bf119f265c

glebius@ is adding scripts to make it easier to know when it is time to stab. I'm hoping more tooling involves and we start getting more testing in the stab weeks. The work Netflix is doing here is incredibly helpful for the quality of FreeBSD, but other workloads should also be represented.

Network Stack

Caught in stab week was a regression in the TCP listen operation when it is called multiple times on a socket. This was harmless generating multiple TCP state changes until last week after a clean up fixing races where started to call LIST_REMOVE() twice on the same entry.

• 63efd7f5ac66 socket tests: Add a test which calls listen() twice on an lb socket
• 06bf119f265c sockets/tcp: quick fix for regression with SO_REUSEPORT_LB

Style and small fixes for netlink and netlink/route support.

• cdacb12065e4 netlink/route: validate family attribute
• 031fbf8dc962 netlink/route: fix fib number validation in old Linux compat mode
• 49a6e213416b netlink/route: fix nlattr_get_multipath() to check length
• 876b88a44829 netlink: consistently use unsigned types in the parser
• 810c122695d7 netlink: use u_int as argument for ifnet_byindex()
• 8b094a9801ed netlink: style(9) pass over message parsing code

ip6addrctl manages address selection policy for outgoing packets. With some improvements teach it how to run in a jail.

• 6dcdd79a251b ip6addrctl(8): Teach ip6addrctl to attach and run itself in a jail
• 13ce55b66fad ip6addrctl(8): Strictly check the number of arguments
• 7bb9ba61d357 ip6addrctl(8): Use static initializer

Netdev

Replace the single global admin taskqueue with a per interface admin taskqueue. This should resolve timeouts when long operations are performed without using too much more in resources.

• 3ad01642fe9e iflib(4): Replace admin taskqueue group with per-interface taskqueues

Add a device id to ure, otherwise it will use the CDC mode driver. If you have issues with USB Ethernet you might want to look to see if moving from the CDC driver will help.

• dc273058cb0b ure(4): Add support for ELECOM EDC-QUA3C

Wireless

Some further fixes around firmware loading for iwm and its integrated bluetooth controller.

• 0feaf865ce8e iwmbtfw(8): fix getopt flags, unify usage()/manual page contents
• ff4116313eb4 iwmbtfw(8): don't program hardware without existing firmware image
• 06969db31202 Refactor iwmbtfw: modularize and de-constify
• f466ba4ca479 Refactor iwmbtfw: set default firmware_dir after argument parsing

Add support for Blueooth Secure Simple Pairing - which I didn't manage to look up before getting on a plane.

• 4ae0fa8a2f8b ng_hci: add support for Bluetooth Secure Simple Pairing

Firewalls

This is the third week of changes adding support for NAT64 with some more changes coming in via OpenBSD.

• 3bf6554017b7 pf: remove PFLOGIFS_MAX
• 06a6ec55fbd0 pf: ignore/preserve ECN bits on ToS matching and scrubbing
• 7a372bded812 pf: make reply-to work with nat64
• ca0e69345320 pf: cope with route-to on af-to rules
• 0972294ef034 pf: add a dedicated pf pool for route options
• 899e79760dcc pfctl: allow an implicit address family for af-to rules
• 3331975ab18f pf: check rather than assert pool type
• 5cb08fddef99 pfctl: improve NAT pool handling

• 096efeb658b5 pfctl: follow rpool -> rdr rename

• af33f86e6aef carp: don't unintentionally revert to multicast mode

User Tooling

Netcat is the network swiss army knife, an incredibly useful and flexible tool for doing stuff that requires you to put packets onto the network. It is great exemplar of how to use networking options and used more and more by network tests. There was an issue in this stab period around SO_REUSEPORT_LB , making testing more practical helps catch issues closer to their introduction.

• 04a3ca71ead6 netcat: Add a flag to enable the use of SO_REUSEPORT_LB

Other stuff

Nice fix from mckusick@ to UFS1 file system helping with the inevitable passage of time.

• 1111a44301da Defer the January 19, 2038 date limit in UFS1 filesystems to February 7, 2106

  Defer the January 19, 2038 date limit in UFS1 filesystems to February 7, 2106

  UFS1 uses a signed 32-bit value for its times. Zero is January 1, 1970 UTC. Negative values of 32-bit time predate January 1, 1970 back to December 13, 1901. The maximum positive value for 32-bit time is on January 19, 2038 (my 84th birthday). On that date, time will go negative and start registering from December 13, 1901. Note that this issue only affects UFS1 filesystems since UFS2 has 64-bit times. This fix changes UFS1 times from signed to unsigned 32-bit values. With this change it will no longer be possible to represent time from before January 1, 1970, but it will accurately track time until February 7, 2106. Hopefully there will not be any FreeBSD systems using UFS1 still in existence by that time (and by then I will have been dead long enough that no-one will know at whom to yell :-).

  It is possible that some existing UFS1 systems will have set times predating January 1, 1970. With this commit they will appear as later than the current time. This commit checks inode times when they are read into memory and if they are greater than the current time resets them to the current time. By default this reset happens silently, but setting the sysctl vfs.ffs.prttimechgs=1 will cause console messages to be printed whenever a future time is changed.

Please Send Feedback

Smaller report this week. I'm trimming out more "small fixes" style comments. I'm going to play with the format of these posts more over the next few months. I am trying to add value beyond just rewriting commit messages, sometimes it is good to show the continuous on going work, but it will get a bit tedious if that is 60% of the report each week.

I'm giving a FOSDEM talk tomorrow on the writing of these reports.

I would love to know if this summary was any help, if it was, or if you think I should cover other thing please let me know (thj@freebsd.org).

If you find a typo or have a correct let me know and I'll thank you at the end here.

You can see all prior posts here. ( rss )

My work on FreeBSD is supported by the FreeBSD Foundation , you can contribute to improving FreeBSD with code, documentation or financially by donating to the FreeBSD Foundation .