| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This also "reverts" some FreeBSD local changes so we should now
be back to using entirely stock OpenSSL. The local changes were
simple $FreeBSD$ lines additions, which were required in the CVS
days, and the patch for FreeBSD-SA-09:15.ssl which has been
superseded with OpenSSL 0.9.8m's RFC5746 'TLS renegotiation
extension' support.
MFC after: 3 weeks
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fix DTLS fragment bug - out-of-sequence message handling which could
result in NULL pointer dereference in
dtls1_process_out_of_seq_message().
Note that this will not get FreeBSD Security Advisory as DTLS is
experimental in OpenSSL.
Security: CVE-2009-1387
Obtained from: OpenSSL CVS
http://cvs.openssl.org/chngview?cn=17958
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Do not access freed data structure.
Note that this will not get FreeBSD Security Advisory as DTLS is
experimental in OpenSSL.
Security: CVE-2009-1379
Obtained from: OpenSSL CVS
http://cvs.openssl.org/chngview?cn=18156
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fix fragment handling memory leak.
Note that this will not get FreeBSD Security Advisory as DTLS is
experimental in OpenSSL.
Security: CVE-2009-1378
Obtained from: OpenSSL CVS
http://cvs.openssl.org/filediff?f=openssl/ssl/d1_both.c&v1=1.4.2.13&v2=1.4.2.15
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fix memory consumption bug with "future epoch" DTLS records.
Note that this will not get FreeBSD Security Advisory as DTLS is
experimental in OpenSSL.
Security: CVE-2009-1377
Obtained from: OpenSSL CVS
http://cvs.openssl.org/chngview?cn=18187
|
| | |
| |
| |
| |
| | |
Reported by: Sergey V. Dyatko <sergey.dyatko@gmail.com>
MFC after: 3 days
|
| | | |
|
| | |
| |
| |
| | |
Submitted by: Rahul Saxena <rahul dot k dot saxena at gmail dot com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
A malicious user could create a file named /tmp/.diskless and cause
the script to misbehave.
PR: conf/141258
Reported by: Jon Passki
MFC after: 1 week
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Slightly modified version of the submitted patch.
PR: 143427
Submitted by: Mamoru Sumida <msumida@mvc.biglobe.ne.jp>
MFC after: 3 days
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
to match the values passed in and prevent the SIZE field being corrupted
when more than 2TB is allocated.
PR: bin/129706
Approved by: rrs (mentor)
MFC after: 1 week
|
| | |
| |
| |
| |
| |
| |
| | |
PR: bin/113881
Submitted by: Alexander Drozdov dzal_mail mtu-net.ru
Approved by: rrs (mentor)
MFC after: 1 week
|
| | |
| |
| |
| |
| |
| |
| |
| | |
COMPAT_43TTY enables the sgtty interface. Even though its exposure has
only been removed in FreeBSD 8.0, it wasn't used by anything in the base
system in FreeBSD 5.x (possibly even 4.x?). On those releases, if your
ports/packages are less than two years old, they will prefer termios
over sgtty.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
pointer, rather than octeon_fpa_alloc.
o) Report half duplex status properly.
o) Do not unconditionally update the last known link status in the softc. If
report_link isn't set, when octeon_rgmx_config_speed is called the first
time it will tell the driver (essentially) that we have already marked the
interface up. Likewise, don't change media speed and duplex if only the
link status is at issue. [1]
o) Remove manual changing of link state and let octeon_rgmx_config_speed do the
heavy lifting. [1]
Reviewed by: [1] imp
Sponsored by: Packet Forensics
|
| | |
| |
| |
| |
| |
| | |
one file per line.
Suggested by: bde
|
| | | |
|
| | |
| |
| |
| |
| | |
Pointy hat to: delphij
MFC after: 1 month
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
have the delayed function take an argument as to the offset
to the SCTP header. This allows it to work for V4 and V6.
This of course means changing all callers of the function
to either pass the header len, if they have it, or create
it (ip_hl << 2 or sizeof(ip6_hdr)).
PR: 144529
MFC after: 2 weeks
|
| | | |
|
| | |
| |
| |
| | |
MFC after: 3 days
|
| | |
| |
| |
| | |
MFC after: 1 month
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
blog posting [1].
- Use word-sized test for unaligned pointer before working
the hard way.
Memory page boundary is always integral multiple of a word
alignment boundary. Therefore, if we can access memory
referenced by pointer p, then (p & ~word mask) must be also
accessible.
- Better utilization of multi-issue processor's ability of
concurrency.
The previous implementation utilized a formular that must be
executed sequentially. However, the ~, & and - operations can
actually be caculated at the same time when the operand were
different and unrelated.
The original Hacker's Delight formular also offered consistent
performance regardless whether the input would contain
characters with their highest-bit set, as it catches real
nul characters only.
These two optimizations has shown further improvements over the
previous implementation on microbenchmarks on i386 and amd64 CPU
including Pentium 4, Core Duo 2 and i7.
[1] http://vger.kernel.org/~davem/cgi-bin/blog.cgi/2010/03/08#strlen_1
MFC after: 1 month
|
| | |
| |
| |
| | |
pointed out by jkim@
|
| | |
| |
| |
| |
| |
| |
| |
| | |
These behave just like g45 for agp.
Tested by: Torfinn Ingolfsen
MFC after: 3 days
|
| | | |
|
| | |
| |
| |
| | |
pointed out by danfe@
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
- Add a missing callout_drain(9) before the descriptor deallocation.[1]
- Prefer callout_init_mtx(9) over callout_init(9) and let the callout
subsystem handle the mutex for callout function.
PR: kern/144453
Submitted by: Alexander Sack (asack at niksun dot com)[1]
MFC after: 1 week
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Yukon FE and Yukon Ultra2. These controllers provide very simple
checksum computation mechanism and it requires additional pseudo
header checksum computation in upper stack. Even though I couldn't
see much performance difference with/without Rx checksum offloading
it may help notebook based controllers.
Actually controller can compute two checksum value by giving
different starting position of checksum computation on received
frame. However, for long time, Marvell's checksum offloading engine
have been known to have several silicon bugs so don't blindly trust
computed partial checksum value. Instead, compute partial checksum
twice by giving the same checksum computation position and compare
the result. If the value is different it's clear indication of
hardware bug. This configuration lose IP checksum offloading
capability but I think it's better to take safe route.
Note, Rx checksum offloading for Yukon XL was still disabled due to
known silicon bug.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
index of status block is read first before acknowledging the
interrupts. Otherwise bge(4) may get stale status block as
acknowledging an interrupt may yield another status block update.
Reviewed by: marius
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Add -V (display version) and -S (list controlling symbols per #if
with nesting information) options, and improve unifdefall debug output.
Done committing 0 revisions to SVN
Obtained from: http://dotat.at/prog/unifdef
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
starting from netgraph import in 1999.
netstat(8) used pointer to node as node address, oops. That didn't
work, we need the node ID in brackets to successfully address a node.
We can't look into ng_node, due to inability to include netgraph/netgraph.h
in userland code. So let the node make a hint for a userland, storing
the node ID in its private data.
MFC after: 2 weeks
|
| | |
| |
| |
| |
| |
| |
| | |
ago in 2006. This linked list is actually needed for userland.
PR: kern/140446
Submitted by: Adrian Steinmann <ast marabu.ch>
|
| | |
| |
| |
| | |
Obtained from: OpenSolaris, Bug ID 6920880
|
| | |
| |
| |
| |
| |
| | |
Reported by: Johan Ström <johan@stromnet.se>
Obtained from: OpenSolaris, Bug ID 6827260
MFC after: 1 week
|
| | |
| |
| |
| |
| |
| | |
Found by: make manlint
Reviewed by: ru
Approved by: harti, philip (mentor)
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
address as well as the transport protocol port information
from the outbound packets. The routing code is generic and
compares every byte in the given sockaddr object. Therefore
the temporary sockaddr objects must be cleared due to padding
bytes. In addition, the port information must be stripped
or the route search will either fail or return the incorrect
route entry.
Unit testing is done using OpenVPN over the if_tun interface.
MFC after: 7 days
|
| | |
| |
| |
| |
| |
| | |
Found by: make manlint
Reviewed by: ru
Approved by: philip (mentor)
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
no delayed checksum was added to the ip6 output code. This
causes cards that do not support SCTP checksum offload to
have SCTP packets that are IPv6 NOT have the sctp checksum
performed. Thus you could not communicate with a peer. This
adds the missing bits to make the checksum happen for these cards.
PR: 144529
MFC after: 2 weeks
|
| | |
| |
| |
| |
| | |
PR: kern/102211
Submitted by: yoichi
|
| | |
| |
| |
| |
| |
| |
| |
| | |
* Hart: rev 671 of pcidevs.txt; 22-01-2008 (D-M-Y).
* Boemler: vendors.txt (2010-03126)
PR: kern/133733
MFC after: 1 week
|
| | |
| |
| |
| |
| | |
- Unmap the unused kernel stack page that we cannot use because it is
not aligned on a (PAGE_SIZE * 2) boundary.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
arguments makes sense anymore. For example, what would a combination
of -3 (show three months) and -y (show the whole year) do?
We will abort on these cases.
- Move the debug option -d to -H (from highlight), while -d is now
used for setting the day of "today" so that -y and friends can
be tested.
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
- add a name argument to flowtable_alloc for printing with ddb commands
- extend ddb commands to print destination address or 4-tuples
- don't parse ports in ulp header if FL_HASH_ALL is not passed
- add kern_flowtable_insert to enable more generic use of flowtable
(e.g. system calls for adding entries)
- don't hash loopback addresses
- cleanup whitespace
- keep statistics per-cpu for per-cpu flowtables to avoid cache line contention
- add sysctls to accumulate stats and report aggregate
MFC after: 7 days
|
| | |
| |
| |
| | |
It now accepts an argument to dump out the tlb of a particular cpu.
|
| | |
| |
| |
| |
| | |
__gnu_inline__ attribute for PMAP_INLINE when using the 7.x compiler to
match what 7.x uses for PMAP_INLINE.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
o) Properly configure the CAM to handle IFF_PROMISC and note where IFF_ALLMULTI
handling would go if we didn't already force the NIC to receive all
multicast traffic.
Reviewed by: imp
Sponsored by: Packet Forensics
|
| | |
| |
| |
| |
| | |
The filtering of the output is done in the kernel instead of userland
to reduce the amount of data transfered.
|
