summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* | Use the modern spelling of ofw_bus_node_is_compatible in sys/arm.andrew2017-09-0613-22/+27
| | | | | | | | | | | | Sponsored by: ABT Systems Ltd (cherry picked from commit 7168ae84d82220caac0bb5f5f5d68ccc4e20915b)
* | bcm2835_cpufreq: Only attach driver if we correcly match on the machinemanu2017-09-061-0/+22
| | | | | | | | | | | | compatible string. (cherry picked from commit 00c4defc2969be2094c365ef1a83f0449da76aa1)
* | Introduce armada_thermal driver for Armada family platformswma2017-09-062-0/+316
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Currently supports only Armada38X family but other Marvell SoC's can be added if needed. * Provides temperature is C deg. * To print the temperature one can use: sysctl dev.armada_thermal.0.temperature Submitted by: Zbigniew Bodek <zbb@semihalf.com> Obtained from: Semihalf Sponsored by: Stormshield Differential revision: https://reviews.freebsd.org/D9217 (cherry picked from commit 600bb57f9bdeaed529586c08753e2518e5746959)
* | MFC r322750:ae2017-08-284-16/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix the regression introduced in r275710. When a security policy should match TCP connection with specific ports, the SYN+ACK segment send by syncache_respond() is considered as forwarded packet, because at this moment TCP connection does not have PCB structure, and ip_output() is called without inpcb pointer. In this case SPIDX filled for SP lookup will not contain TCP ports and security policy will not be found. This can lead to unencrypted SYN+ACK on the wire. This patch restores the old behavior, when ports will not be filled only for forwarded packets. Reported by: Dewayne Geraghty <dewayne.geraghty at heuristicsystems.com.au> MFC r322751: Remove stale comments. (cherry picked from commit 4e0ff7d0a944d10581e904bc3057524ce7071e30)
* | Merge remote-tracking branch 'origin/releng/11.1' into RELENG_2_4_1Renato Botelho2017-08-235-1/+24
|\ \ | |/
| * Fix OpenSSH Denial of Service vulnerability. [SA-17:06]releng/11.1delphij2017-08-105-1/+26
| | | | | | | | | | | | | | | | Fix VNET kernel panic with asynchronous I/O. [EN-17:07] Fix pf(4) housekeeping thread causes kernel panic. [EN-17:08] Approved by: so
* | Improve debug, remove some unnecessary messages.Luiz Souza2017-08-231-19/+10
| | | | | | | | (cherry picked from commit 316530deb8bcf9c3f9dafdb814c73f1c7ec6b9e9)
* | Fix the address encoding algorithm when the v4 prefixlen is not 0 or 32.Luiz Souza2017-08-231-11/+8
| | | | | | | | (cherry picked from commit 4ca30a279eec9a6d08825ec4deba707c8a9d359c)
* | Set the IFF_DRV_RUNNING on if_stf, otherwise the DAD timer will force the ↵Luiz Souza2017-08-221-0/+8
| | | | | | | | | | | | tentative flag on interface address. (cherry picked from commit cc11287496510575f2f0e07e93e28cb81316d70f)
* | Fix the counter values for VLAN interfaces. The packet bytes are already ↵Luiz Souza2017-08-171-6/+2
| | | | | | | | | | | | | | | | counted in IFQ_HANDOFF(). Ticket #7751 (cherry picked from commit 327d0a443586caf89a7d663c081f536cb4bba770)
* | Fix the import of 6rd to accept inet6 addresses other than 2002::.Luiz Souza2017-08-111-9/+4
| | | | | | | | (cherry picked from commit c7cb7c5dd18db88217dd3fc69cbd48beceac7ae3)
* | dhclient(8): Enable numbered user class ID optioncem2017-08-111-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | By adding it to the option priorities table. PR: 184117 Submitted by: Lowell Gilbert <freebsd-bugs-local at be-well.ilk.org> Reported by: Tomek CEDRO <cederom at tlen.pl> Reviewed by: jhb Differential Revision: https://reviews.freebsd.org/D7911 (cherry picked from commit df343ad2c22ac5702463b6f9f13e95808381e2b7)
* | Fix the build. Set the variables before use.Luiz Souza2017-08-101-4/+5
| | | | | | | | (cherry picked from commit a49dcfe92933091515b9df7272f9f2d37d7137b6)
* | Fix a mismerge/infinite recursion in the recent import of the 6rd.patch.Luiz Souza2017-08-101-2/+0
| | | | | | | | (cherry picked from commit 2e8d3ef621d72c1673969bec47744def87033b15)
* | Add to if_enc(4) ability to capture packets via BPF after pfil processing.ae2017-08-092-17/+46
| | | | | | | | | | | | | | | | | | | | | | | | New flag 0x4 can be configured in net.enc.[in|out].ipsec_bpf_mask. When it is set, if_enc(4) additionally captures a packet via BPF after invoking pfil hook. This may be useful for debugging. MFC after: 2 weeks Sponsored by: Yandex LLC Differential Revision: https://reviews.freebsd.org/D11804 (cherry picked from commit 6dd69d60f664b5687f5b7eb3a77f079dac3df6c2)
* | Fix the import of the pf_match patch.Luiz Souza2017-08-091-3/+3
| | | | | | | | | | | | Ticket #7116 (cherry picked from commit 713562395203d4c40981e0a56121ffd611329bce)
* | Fix the match of the "any any" entry in MAC address tables.Luiz Souza2017-08-061-4/+59
| | | | | | | | (cherry picked from commit 7e2bac9957c7c8da5275b6eb186cabbb36f4584f)
* | Fix the interface table code to not overwrite the existent table pointers ↵Luiz Souza2017-08-051-6/+22
| | | | | | | | | | | | when there is no match. (cherry picked from commit 73a63890285a675bcddbbadc343f7f134af0ef23)
* | Fix the match of source MAC addresses.Luiz Souza2017-08-051-1/+1
| | | | | | | | | | | | Ticket #6606 (cherry picked from commit a9a1aa674f93e8a266555fe82809bd8e9d864d1a)
* | Import the pfSense patch stf_6rd.diffLuiz Souza2017-08-034-121/+735
| | | | | | | | | | | | | | | | Update the patch to -head and stable/11. Ticket #7272 (cherry picked from commit 9b4f61fbff06039b57566ba7332b763188d6d301)
* | Add inpcb pointer to struct ipsec_ctx_data and pass it to the pfil hookae2017-08-015-16/+22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | from enc_hhook(). This should solve the problem when pf is used with if_enc(4) interface, and outbound packet with existing PCB checked by pf, and this leads to deadlock due to pf does its own PCB lookup and tries to take rlock when wlock is already held. Now we pass PCB pointer if it is known to the pfil hook, this helps to avoid extra PCB lookup and thus rlock acquiring is not needed. For inbound packets it is safe to pass NULL, because we do not held any PCB locks yet. PR: 220217 MFC after: 3 weeks Sponsored by: Yandex LLC (cherry picked from commit 4c7d86cbec231dc1fe6814f0e5e2db63394a2bcb)
* | Fix the build, define the boottime variable before use it.Luiz Souza2017-07-241-2/+5
| | | | | | | | (cherry picked from commit 4ff0e4a77646d70078e5be332359df4967d187f2)
* | Fix the match timestamp when the table lookup command is used.Luiz Souza2017-07-221-0/+2
| | | | | | | | | | | | Reported by: garga (cherry picked from commit 4fbc95c7ac1751266543e1c17e547fc8daec2981)
* | Merge remote-tracking branch 'origin/releng/11.1' into RELENG_2_4_1Luiz Souza2017-07-213-2/+5
|\ \ | |/
| * - Switch releng/11.1 to -RELEASE.gjb2017-07-203-2/+5
| | | | | | | | | | | | | | | | - Add the anticipated 11.1-RELEASE date to UPDATING. - Set a static __FreeBSD_version. Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
* | Replace the hardcoded NULL. No functional changes.Luiz Souza2017-07-201-3/+3
| | | | | | | | (cherry picked from commit cc274278302a81add472ccf3344e8ec09a44f737)
* | Remove a duplicate definition.Luiz Souza2017-07-201-1/+1
| | | | | | | | (cherry picked from commit dc59fff1188c9c81632773b3ddf0ba6e0ee843e3)
* | Add the missing change from the last commit.Luiz Souza2017-07-201-0/+1
| | | | | | | | (cherry picked from commit f12a05b2e54dc5fd9af1b44316516af0a1e2a1c8)
* | Add support for the classic pfSense 'mixed' tables.Luiz Souza2017-07-207-36/+76
| | | | | | | | | | | | The mixed tables are used to match against the IP[4|6] and the MAC address of the peer. (cherry picked from commit edfbe4e11e3f835451d36dfb533e0785f4437497)
* | style(9) fixes.Luiz Otavio O Souza2017-07-201-50/+50
| | | | | | | | | | | | No functional changes. (cherry picked from commit 149c98cc6bcd55e12dab57b7ea5f7a27aceadba0)
* | Fix the variable name, use an existing variable.Luiz Otavio O Souza2017-07-201-3/+3
| | | | | | | | (cherry picked from commit 2ede8a241662d3c07773cb25ece6be513e741b60)
* | While we always store the interface in the every state, we do not do strict ↵Luiz Otavio O Souza2017-07-201-1/+2
| | | | | | | | | | | | | | | | searches based on interface as this will cause issues with multi-wan setups. Ticket #6986 (cherry picked from commit 114dc4a89011a560c32421ca842ca73f5b29d449)
* | Apply the previous dummynet fixes on v6 version of the code.Luiz Otavio O Souza2017-07-201-7/+8
| | | | | | | | (cherry picked from commit c5118da571b9ef9e22fd40b1cab8dec097e9fd7d)
* | Always return PF_PASS for packets processed by dummynet, even if dummynet ↵Luiz Otavio O Souza2017-07-201-4/+3
| | | | | | | | | | | | | | | | drop the packet. While it even works for forwarded packets it will close the connection for a local bound sockets. Ticket #7050 (cherry picked from commit 4c908ee9021b280805f8f240274e7cb06bba80db)
* | Packets redirected to ourselves should be flagged with M_FASTFWD_OURS and ↵Luiz Otavio O Souza2017-07-201-2/+2
| | | | | | | | | | | | | | | | not M_SKIP_FIREWALL. Ticket #7050 (cherry picked from commit 994e779f035e9ed49909936d5773f930adfc4075)
* | Always remove the correct tag, find it by its cookie instead of relying on ↵Luiz Otavio O Souza2017-07-201-1/+3
| | | | | | | | | | | | | | | | m_tag_first() to do the right thing. Ticket #7050 (cherry picked from commit 3eb3c59dd40ec6da4e6c3f46946fdc89ddfb5a11)
* | Revert this change from the previous commit, it actually breaks the nat ↵Luiz Otavio O Souza2017-07-201-4/+2
| | | | | | | | | | | | undo/redo. (cherry picked from commit 3af193c1cec01f6188c35021a07e3f43201f105f)
* | Better support for dummynet (limiters) with binat and rdr rules.Luiz Otavio O Souza2017-07-201-3/+39
| | | | | | | | | | | | Ticket #7050 (cherry picked from commit bf80603857ea4d11cb666429c1ec7917bbac9bf0)
* | Revert this unnecessary change.Luiz Otavio O Souza2017-07-201-1/+1
| | | | | | | | (cherry picked from commit e32688857d7d7435fa62dd2bc0079f51cabefeca)
* | Remove duplicate code and fix undo NAT and redo NAT.Luiz Otavio O Souza2017-07-201-112/+42
| | | | | | | | | | | | Tested with dummynet rules (limiters). (cherry picked from commit 1d722dd06892ee05b1117ba6b3454baeec5f2690)
* | Set the dnflow fields after parse the protocol headers.Luiz Otavio O Souza2017-07-201-14/+10
| | | | | | | | (cherry picked from commit 4a13836be57e438f8e088ecd478441dc132db3f9)
* | Rererefix the build...Luiz Otavio O Souza2017-07-201-1/+1
| | | | | | | | (cherry picked from commit 3109c027bc0d10653af18b6463929abbbea8afaf)
* | Fix the build.Luiz Otavio O Souza2017-07-201-5/+1
| | | | | | | | (cherry picked from commit da345171c852e8ab229591c46daef6bf3c0c676e)
* | Fix the build, remove the extra brackets.Luiz Otavio O Souza2017-07-201-1/+1
| | | | | | | | (cherry picked from commit 201ab78f020c884be5c1e5b69e5f40e4a57eef89)
* | Clean the code, fix some mistakes we did when the code was ported from ↵Luiz Otavio O Souza2017-07-201-40/+40
| | | | | | | | | | | | | | | | FreeBSD 8. Fix IPv6 code too. (cherry picked from commit 4e68aed43a934b9b166c017fb6fbd2dc9f45b193)
* | Fix a typo, check the return code from ipfw_dn_io() and simplify the code.Luiz Otavio O Souza2017-07-201-12/+10
| | | | | | | | (cherry picked from commit 53775034bf00702f6c0a512bc44c72bff049060f)
* | Import pfSense patch if_vlan_altq.diffLuiz Otavio O Souza2017-07-201-87/+92
| | | | | | | | | | | | Ticket #7219 (cherry picked from commit 5c1daa5ea1098b67d4c331d5e21b39178d616031)
* | Fix the structure padding to work on 32bits platforms.Luiz Otavio O Souza2017-07-201-2/+4
| | | | | | | | | | | | Ticket #7026 (cherry picked from commit aa25003286b43c3710fe1a98b09b15385b736944)
* | Round up the struct pfloghdr size to the next byte boundary.Luiz Otavio O Souza2017-07-201-1/+1
| | | | | | | | | | | | | | | | Fixes the tcpdump decoding on pflog interface. Reported as a secondary bug in Ticket #4723 (cherry picked from commit 58df8b93be71a46ae8829e57ca1bfd94c4179e59)
* | MFC 305177sephe2017-07-201-1/+1
| | | | | | | | | | | | | | | | | | | | net/vlan: Shift for pri is 13 (pri mask 0xe000) not 1. Reviewed by: araujo, hps Sponsored by: Microsoft Differential Revision: https://reviews.freebsd.org/D7710 (cherry picked from commit 860932ee33fe82330891c9acc939827c05f20999)
OpenPOWER on IntegriCloud