| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
| |
up on USE_MUTEX being defined, but this patch
* Remove some code that's in a #ifndef FreeBSD that's no longer used.
|
| |
|
|
| |
defined. Revert part of the previous commit to fix this.
|
| |
|
|
|
|
| |
define PFIL_HOOKS anymore.
Submitted by: keramida
|
| |
|
|
| |
the the "needs giant" flag to be removed from the driver.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
prevents a possible endless loop in pf_get_sport() with 'static-port'
ICMP state entries use the ICMP ID as port for the unique state key. When
checking for a usable key, construct the key in the same way. Otherwise,
a colliding key might be missed or a state insertion might be refused even
though it could be inserted. The second case triggers the endless loop,
possibly allowing a NATed LAN client to lock up the kernel.
PR: kern/74930
Reported and tested by: Hugo Silva, Srebrenko Sehic
MFC after: 3 days
|
| | |
|
| |
|
|
|
|
| |
to keep them out of harms way when compiling.
PR: 72783
|
| |
|
|
|
|
|
| |
PR: 70038
Submitted by: fming@borderware.com
Reviewed by: darrenr
Obtained from: fming@borderware.com
|
| |
|
|
|
|
|
| |
buffer doesn't work for ipv6 packets, so use m_defrag() here instead as an
easy drop-in replacement.
PR: 70399
|
| |
|
|
| |
Noticed by: "Jayel Villamin" <jarthel operamail com>
|
| | |
|
| | |
|
| |\
| |
| |
| | |
which included commits to RCS files with non-trunk default branches.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
[Changes listed only since last public release 0.9.12.14; for changes
prior to that consult the CVS logs at http://madwifi.sourceforge.net]
o reorg directory structure to have a single set of public binary builds
shared by all systems
o support for new parts (all shipping pci/cardbus parts to this date work)
o new capabilities for identifying various chip features
o set/get tx power cap for supporting 802.11h information element
o revised api for set/get tx queue properties
o support for updating CTS in frames when doing packet bursting
o support for querying which tx queues have pending interrupts
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
header. pf finds the first TCP/UDP/ICMP6 header to filter by traversing
the header chain. In the case where headers are skipped, the protocol
checksum verification used the wrong length (included the skipped headers),
leading to incorrectly mismatching checksums. Such IPv6 packets with
headers were silently dropped.
Discovered by: Bernhard Schmidt
MFC after: 1 week
|
| |\ \
| | |
| | |
| | | |
which included commits to RCS files with non-trunk default branches.
|
| | | |
| | |
| | |
| | |
| | |
| | | |
This was a debug leftover.
MFC after: 1 week
|
| |\ \ \
| |/ /
| | |
| | | |
which included commits to RCS files with non-trunk default branches.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
instead for the time being. Intel should fix this.
Note that if this commit is correct, it is made on the vendor branch.
We expect the Intel folks to fix it, and we don't want to unnecessarily
take files off the vendor branch.
Approved by: njl
MFC after: 1 week
|
| | | |
| | |
| | |
| | |
| | | |
Approved by: njl
MFC after: 1 week
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
for WAK_STS to be set. Some BIOSs never set it.
Approved by: njl
MFC after: 1 week
|
| | | |
| | |
| | |
| | |
| | | |
Approved by: njl
MFC after: 1 week
|
| | | |
| | |
| | |
| | |
| | | |
Approved by: njl
MFC after: 1 week
|
| |\ \ \
| |/ /
| | |
| | | |
which included commits to RCS files with non-trunk default branches.
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
'binat from ... to ... -> (if)' are used, where the interface
is dynamic.
Discovered by: kos(at)bastard(dot)net
Analyzed by: Pyun YongHyeon
Approved by: mlaier (mentor)
MFC after: 1 week
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
(ifconfig xl0 name foo) as well as some special interfaces such as the 6to4
tunnel.
Reported by: Ed Schouten <ed (at) il ! fontys , nl>
Tested by: freebsd-pf
PR: kern/72444
MFC after: 3 weeks
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
trigger a socket creation race some some kind). Checking for non-NULL socket
and credential is not a bad idea anyway. Unfortunatly too late for the
release.
Reported & tested by: Gilbert Cao
MFC after: 2 weeks
|
| | | | |
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | | |
providing the original driver, and thanks to IronSystems for providing
hardware for testing.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
passing along socket information. This is required to work around a LOR with
the socket code which results in an easy reproducible hard lockup with
debug.mpsafenet=1. This commit does *not* fix the LOR, but enables us to do
so later. The missing piece is to turn the filter locking into a leaf lock
and will follow in a seperate (later) commit.
This will hopefully be MT5'ed in order to fix the problem for RELENG_5 in
forseeable future.
Suggested by: rwatson
A lot of work by: csjp (he'd be even more helpful w/o mentor-reviews ;)
Reviewed by: rwatson, csjp
Tested by: -pf, -ipfw, LINT, csjp and myself
MFC after: 3 days
LOR IDs: 14 - 17 (not fixed yet)
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
build kernels with FAST_IPSEC and PF. This is the least disruptive fix.
PR: kern/71836
Reviewed by: bms, various mailing lists
MFC after: 3 days
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
functions that can be called from enable/disable pf as well. This improves
switching from non-altq ruleset to altq ruleset (and the other way 'round)
by a great deal and makes pfctl act like the user would except it to.
PR: kern/71746
Tested by: Aurilien "beorn" Rougemont (PR submitter)
MFC after: 3 days
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
careful with the skip condition this time. Addresses are only not taken into
account if:
- The interface is POINTTOPOINT
- There is no route installed for the address
- The user specified noalias (:0)
and - We are looking at an IPv4 address.
This should be enough paranoia to not cause any false positives.
PR: misc/69954
Discussed with: yongari
MFC after: 4 days
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
save to call if_attachdomain from if_attach() (as done for if_loop.c). We
will now end up with a properly initialized if_afdata array and the nd6
callout will no longer try to deref a NULL pointer.
Still this is a temp workaround and the locking for if_afdata should be
revisited at a later point.
Requested by: rwatson
Discussed with and tested by: yongari (a while ago)
PR: kern/70393
MFC after: 5 days
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
the pseudo header. We really need the TCP packet length here. This happens
to end up in ip->ip_len in tcp_input.c, but here we should get it from the
len function variable instead.
Submitted by: yongari
Tested by: Nicolas Linard, yongari (sparc64 + hme)
MFC after: 5 days
|
| | | |
| | |
| | |
| | | |
doesn't require to include opt_pfil_hooks.h.
|
| | | |
| | |
| | |
| | |
| | | |
Submitted by: yongari
MFC after: 3 days
|
| |\ \ \
| |/ /
| | |
| | | |
which included commits to RCS files with non-trunk default branches.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
ACPI_DEBUG case. Without this, use of allocated memory is unaligned and
causes a trap on ia64. Intel may fix this differently in a subsequent
release but this is adequate for now.
Submitted by: marcel
MFC after: 2 days
|
| | | |
| | |
| | |
| | | |
found.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
have already done this, so I have styled the patch on their work:
1) introduce a ip_newid() static inline function that checks
the sysctl and then decides if it should return a sequential
or random IP ID.
2) named the sysctl net.inet.ip.random_id
3) IPv6 flow IDs and fragment IDs are now always random.
Flow IDs and frag IDs are significantly less common in the
IPv6 world (ie. rarely generated per-packet), so there should
be smaller performance concerns.
The sysctl defaults to 0 (sequential IP IDs).
Reviewed by: andre, silby, mlaier, ume
Based on: NetBSD
MFC after: 2 months
|
| | | |
| | |
| | |
| | | |
the interface as IFF_NEEDSGIANT so if_start is run holding Giant.
|
| | | |
| | |
| | |
| | |
| | | |
Add missing check for NULL in DIOCCHANGERULE. This prevents a crash
in certain rare cases.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
pf_cksum_fixup() was called without last argument from
normalization, also fixup checksum when random-id modifies ip_id.
This would previously lead to incorrect checksums for packets
modified by scrub random-id.
(Originally) Submitted by: yongari
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
skip over interface addresses without IFA_ROUTE, fixes some issue
with pppd
PR: misc/69954
|
| | | | |
|
