| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
| |
See src/contrib/ipfilter/HISTORY for details of changes since 4.1.13
|
| |\
| |
| |
| | |
which included commits to RCS files with non-trunk default branches.
|
| | |
| |
| |
| | |
See src/contrib/ipfilter/HISTORY for details of changes since 4.1.13
|
| | |
| |
| |
| |
| |
| | |
clobbered and thus effectively disabled.
MFC after: 7 days
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
do not try to lock/unlock destroyed/non-existsing mutex.
PR: kern/103569
Reviewed by: guido
Approved by: glebius (mentor)
Silence from: darrenr
MFC: 2 week
|
| | |
| |
| |
| | |
MFC after: 2 weeks
|
| |\ \
| |/
| |
| | |
which included commits to RCS files with non-trunk default branches.
|
| | | |
|
| | |
| |
| |
| | |
MFC after: 4 days
|
| | |
| |
| |
| | |
Remove h323 proxy from ip_proxy (copyright issue)
|
| | | |
|
| |\ \
| |/
| |
| | |
which included commits to RCS files with non-trunk default branches.
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
- Prefer '_' to ' ', as it results in more easily parsed results in
memory monitoring tools such as vmstat.
- Remove punctuation that is incompatible with using memory type names
as file names, such as '/' characters.
- Disambiguate some collisions by adding subsystem prefixes to some
memory types.
- Generally prefer lower case to upper case.
- If the same type is defined in multiple architecture directories,
attempt to use the same name in additional cases.
Not all instances were caught in this change, so more work is required to
finish this conversion. Similar changes are required for UMA zone names.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
(1) "ipf -T" is broken for fetching single entries and
(2) loading rules with numbered collections does not order insertion right.
(3) stats aren't accumulated for hash table memory failures
Approved by: re (dwhite)
|
| | |
| |
| |
| | |
Approved by: re (dwhite)
|
| | |
| |
| |
| | |
parse bpf strings for filter rules in ipf.conf
|
| | |
| |
| |
| |
| | |
kernel it is being compiled against and subsequently enable using BPF for
packet matching in ipf rules.
|
| | |
| |
| |
| |
| |
| |
| | |
/usr/src/sbin/ipf/ipftest/../../../sys/contrib/ipfilter/netinet/ip_frag.c: In function `fr_ipid_newfrag':
/usr/src/sbin/ipf/ipftest/../../../sys/contrib/ipfilter/netinet/ip_frag.c:397: warning: cast to pointer from integer of different size
/usr/src/sbin/ipf/ipftest/../../../sys/contrib/ipfilter/netinet/ip_frag.c: In function `fr_ipid_knownfrag':
/usr/src/sbin/ipf/ipftest/../../../sys/contrib/ipfilter/netinet/ip_frag.c:582: warning: cast from pointer to integer of different size
|
| | |
| |
| |
| |
| | |
Someday this should be converted to uint64_t and printstate.c changed to
use those horrid PRiud64 things.
|
| | |
| |
| |
| | |
with FreeBSD so we shouldn't be trying to include it here.
|
| | |
| |
| |
| |
| | |
- Move SIOCPROXY from ip_nat.h to ip_proxy.h and fix ip_proxy.h so that it
can be easily compiled into kdump, et al.
|
| | |
| |
| |
| | |
add another special file in the creation of ioctls.c for kdump.
|
| | | |
|
| |\ \
| |/
| |
| | |
which included commits to RCS files with non-trunk default branches.
|
| | | |
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| | |
we loop through all the list of NICs (struct ifnet), holding the lock on
it and then do a name lookup with ifunit() whilst holding it.
|
| | | |
|
| | |
| |
| |
| |
| | |
up on USE_MUTEX being defined, but this patch
* Remove some code that's in a #ifndef FreeBSD that's no longer used.
|
| | |
| |
| |
| | |
defined. Revert part of the previous commit to fix this.
|
| | |
| |
| |
| |
| |
| | |
define PFIL_HOOKS anymore.
Submitted by: keramida
|
| | |
| |
| |
| | |
the the "needs giant" flag to be removed from the driver.
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
to keep them out of harms way when compiling.
PR: 72783
|
| | |
| |
| |
| |
| |
| |
| | |
PR: 70038
Submitted by: fming@borderware.com
Reviewed by: darrenr
Obtained from: fming@borderware.com
|
| | |
| |
| |
| |
| |
| |
| | |
buffer doesn't work for ipv6 packets, so use m_defrag() here instead as an
easy drop-in replacement.
PR: 70399
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
passing along socket information. This is required to work around a LOR with
the socket code which results in an easy reproducible hard lockup with
debug.mpsafenet=1. This commit does *not* fix the LOR, but enables us to do
so later. The missing piece is to turn the filter locking into a leaf lock
and will follow in a seperate (later) commit.
This will hopefully be MT5'ed in order to fix the problem for RELENG_5 in
forseeable future.
Suggested by: rwatson
A lot of work by: csjp (he'd be even more helpful w/o mentor-reviews ;)
Reviewed by: rwatson, csjp
Tested by: -pf, -ipfw, LINT, csjp and myself
MFC after: 3 days
LOR IDs: 14 - 17 (not fixed yet)
|
| | |
| |
| |
| | |
doesn't require to include opt_pfil_hooks.h.
|
| | |
| |
| |
| |
| | |
remove some superfluous assignments for .d_version/.d_flags in a cdevsw
structure initialisation that never sees the light of day in FreeBSD.
|
| | |
| |
| |
| | |
and after we're finished with it.
|
| | | |
|
| | |
| |
| |
| | |
disappear.
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* block packets that fail to create state table entries
* only allow non-fragmented packets to influence whether or not a logged
packet is the same as the one logged before.
* correct the ICMP packet checksum fixing up when processing ICMP errors for NAT
* implement a maximum for the number of entries in the NAT table (NAT_TABLE_MAX
and ipf_nattable_max)
* frsynclist() wasn't paying attention to all the places where interface
names are, like it should.
* fix comparing ICMP packets with established TCP state where only 8 bytes
of header are returned in the ICMP error.
MFC after: 1 week
|
| | |
| |
| |
| | |
Bump __FreeBSD_version accordingly.
|
| | |
| |
| |
| |
| |
| | |
if FreeBSD header files, etc, support it.
Submitted by: Sergey Mokryshev <mokr@mokr.net>
|
