summaryrefslogtreecommitdiffstats
path: root/sys/contrib
Commit message (Collapse)AuthorAgeFilesLines
* MFC r323715:cy2017-09-211-1/+1
| | | | Don't use an apostrophe in a possesive pronoun.
* MFC r323478:cy2017-09-181-4/+4
| | | | Improve the wording of a comment describing why EAGAIN is the error code.
* MFC r322073:cy2017-09-061-13/+6
| | | | | | Fix matchcing of NATed ICMP queries (resolving NATed MTU discovery). Approved by: re (kib)
* MFC r318998:cy2017-06-061-2/+2
| | | | | | | Fix return value of ip_sync_nat. Previously, regardless of error it always returned a return code of 0. Obtained from: NetBSD ip_sync.c r1.5
* MFC r318606:cy2017-05-301-14/+2
| | | | | Refactor & compact struct i6addr_t #ifdef: remove redundant structure definintion when USE_INET6 is false.
* MFC r318745:cy2017-05-301-4/+0
| | | | Remove redundant variable declaration.
* MFC r316810, r316814, r316816, r316991:cy2017-04-262-2/+3
| | | | | | | | | | | | | | | | | | Keep state incorrectly assumes keep frags. This is counter to the ipfilter man pages. This also currently restricts keep frags to only when keep state is used, which is redundant because keep state currently assumes keep frags. This commit fixes this. To the user this change means that to maintain the current behaviour one must add keep frags to any ipfilter keep state rule (as documented in the man pages). This patch also allows the flexability to specify and use keep frags separate from keep state, as documented in an example in ipf.conf.5, instead of the currently broken behaviour. MFC suggested by: rgrimes Relnotes: yes
* MFC r317139 for real.cy2017-04-211-1/+1
| | | | | | | | Restore prototype accidently removed by r316811. Also remove $NetBSD$ accidentally added. Reported by: hps, lwhsu Pointy hat to: cy
* MFC r316811, r317139:cy2017-04-211-1/+5
| | | | | | | Add missing free()'s after calls to randomize(). PR: NetBSD PR/50559 Obtained from: Netbsd radix_ipf.c r1.6
* MFC r316809:cy2017-04-211-1/+1
| | | | | | | | | | | | Fix a use after free panic in ipfilter's fragment processing. Memory is malloc'd, then a search for a match in the fragment table is made and if the fragment matches, the wrong fragment table is freed, causing a use after free panic. This commit fixes this. A symptom of the problem is a kernel page fault in bcopy() called by ipf_frag_lookup() at line 715 in ip_frag.c. Another symptom is a kernel page fault in ipf_frag_delete() when called by ipf_frag_expire() via ipf_slowtimer().
* MFC r312886:cy2017-03-112-4/+4
| | | | | | | Fix lookup of original destination address when using a redirect rule. Transparent proxying, e.g. to squid, is an example of this. Obtained from: NetBSD ip_nat.c r1.17, ip_nat6.c r1.10
* MFC r283291: don't use CALLOUT_MPSAFE with callout_init()avg2017-03-041-2/+2
| | | | | The main purpose of this MFC is to reduce conflicts for other merges. Parts of the original change have already "trickled down" via individual MFCs.
* MFC r312787:cy2017-02-252-1/+6
| | | | | | | | | | | | | | | | | | Currently the fragment info is placed at the top of the linked list under a shared read lock. This patch attempts to upgrade the lock to an exclusive write lock. If the exclusive write lock fails to be obtained, the current fragment is not placed at the head of the list. This portion of the patch was inspired by NetBSD ip_frag.c r1.4 (which effectively removed the section of code that performed the reordering). The patch to sys/contrib/ipfilter/netinet/ip_compat.h adds the MUTEX_TRY_UPGRADE macro to support the patch to ip_frag.c. The patch to contrib/ipfilter/lib/rwlock_emul.c supports this patch by emulating the mutex in userspace when exercised by ipftest(1). Inspired by: NetBSD ip_frag.c r1.4
* MFC r311950 (by bz):cy2017-02-111-4/+4
| | | | | | | | Get rid of a compiler warning which I saw too often. Include netinet/in.h before ip_compat.t which will then check if IPPROTO_IPIP is defined or not. Doing it the other way round, ip_compat.h would not find it defined and netinet/in.h then redefine it.
* MFC: r284583, r285797, r285799, r287168, r298714, r298720, r298838,jkim2016-09-30334-14535/+23516
| | | | | | | | r300879 Merge ACPICA up to 20160527. Requested by: mav
* MFC r304953:dim2016-08-315-7/+29
| | | | | | | | | | | | | | | | | | | | | Define ipfilter's SOLARIS macro in a defined and portable way. Reviewed by: cy Differential Revision: https://reviews.freebsd.org/D7671 MFC r304959 (by kib): Complete r304953. Sponsored by: The FreeBSD Foundation MFC r304964: Follow-up to r304953, in which I broke the build: apparently the SOLARIS macro is defined in lots of different places in ipfilter, so replace all of the nonportable definitions with portable ones. Pointy hat to: dim
* MFC r300259:cy2016-06-192-1/+20
| | | | | | | | | | | Enable the two ip_frag tuneables. The code is there but the two ip_frag tuneables aren't registered in the ipf_tuners linked list. This commmit enables the two existing ip_frag tuneables by registering them. MFC r300260: Remove extraneous blank line.
* MFC r298030: Use NULL instead of 0 for pointer comparison.cy2016-05-141-2/+2
|
* MFC r287009, r287120 and r298131:loos2016-04-1616-11/+825
| | | | | | | | | | | | | Add ALTQ(9) support for the CoDel algorithm. CoDel is a parameterless queue discipline that handles variable bandwidth and RTT. It can be used as the single queue discipline on an interface or as a sub discipline of existing queue disciplines such as PRIQ, CBQ, HFSC, FAIRQ. Obtained from: pfSense Sponsored by: Rubicon Communications (Netgate)
* MFC r284777, r284814, r284863 and r298088:loos2016-04-165-1/+1050
| | | | | | | | ALTQ FAIRQ discipline import from DragonFLY. Differential Revision: https://reviews.freebsd.org/D2847 Obtained from: pfSense Sponsored by: Rubicon Communications (Netgate)
* MFC r296934:hselasky2016-04-071-0/+1
| | | | | | | | Fix crash in krping when run as a client due to NULL pointer access. Initialize pointer in question which is used only when fast registers mode is selected. Sponsored by: Mellanox Technologies
* MFC r296299 - Remove redundant NULL pointer comparison.cy2016-03-161-4/+0
| | | | Reported by: PVS-Studio (V595) in Differential Revision D5245
* MFC r292813.cy2015-12-311-1/+1
| | | | Correct __FreeBSD__ check.
* MFC r292518.cy2015-12-271-2/+2
| | | | | | | Don't assume checksums will be calculated later when fastfoward is enabled (by default in r290383). PR: 72210
* MFC r289480. Really fix ipfilter bug 3600459.cy2015-10-201-2/+1
| | | | Obtained from: ipfilter cvs repo r1.48.2.25, r1.72 and NetBSD repo r1.4
* MFC r288910: On some interfaces, ipfilter drops UDP packets with zerocy2015-10-131-0/+16
| | | | | | | | checkum. This commit fixes that. PR: 166372 Submitted by: mk@neon1.net Reviewed by: Darren Reed <darrenr@reed.wattle.id.au>
* MFC r287674, r287675. Fix ipfilter bug 3600459 NAT bucket count wrong.cy2015-09-261-1/+2
| | | | Obtained from: ipfilter cvs repo r1.48.2.25
* MFC r287651, r287652, r287653.cy2015-09-191-6/+10
| | | | | | | | | | | | | | | | | | | | | | | Fix mutex errors, fixup typos in comments. Obtained from: NetBSD r1.4. -This lie, anr those below, will be ignored-- > Description of fields to fill in above: 76 columns --| > PR: If a GNATS PR is affected by the change. > Submitted by: If someone else sent in the change. > Reviewed by: If someone else reviewed your modification. > Approved by: If you needed approval for this commit. > Obtained from: If the change is from a third party. > MFC after: N [day[s]|week[s]|month[s]]. Request a reminder email. > MFH: Ports tree branch name. Request approval for merge. > Relnotes: Set to 'yes' for mention in release notes. > Security: Vulnerability reference (one per line) or description. > Sponsored by: If the change was sponsored by an organization. > Differential Revision: https://reviews.freebsd.org/D### (*full* phabric URL needed). > Empty fields above will be automatically removed. _M . M sys/contrib/ipfilter/netinet/ip_state.c
* MFC: r283092, r283966jkim2015-06-1655-429/+3823
| | | | | | Merge ACPICA 20150515. Relnotes: yes
* MFC r281502:delphij2015-04-271-2/+2
| | | | Sync with OpenBSD: Use volatile instead of __volatile__.
* MFC: r281396, r281475jkim2015-04-1878-1118/+1488
| | | | | | Merge ACPICA 20150410. Relnotes: yes
* MFC r272444 (by jkim):dim2015-04-04316-7520/+22338
| | | | | | | | | | | Merge ACPICA 20140926. MFC r278970 (by jkim): Merge ACPICA 20141107 and 20150204. Approved by: jkim Relnotes: yes
* MFC r278551:kevlo2015-02-222-443/+443
| | | | | Add preliminary support for the Ralink RT5390 and RT5392 chipsets. Committed over the D-Link DWA-525 rev A2 on amd64 with WPA.
* MFC r278348:dim2015-02-101-2/+2
| | | | | | | | | Fix a number of -Wcast-qual warnings in ath's ar9300_attach.c, by making the ia_array field of struct ar9300_ini_array const, and removing the const-dropping casts. No functional change. Reviewed by: adrian Differential Revision: https://reviews.freebsd.org/D1725
* MFC r275199.cy2014-12-102-2/+2
| | | | Correctly define constants.
* MFC r275003:kevlo2014-12-011-4/+8
| | | | Add missing headers needed by write().
* MFC r274744.cy2014-11-281-0/+11
| | | | | | | | | | | | | | | | Set the current vnet inside the ioctl handler for ipfilter. Without this fix, the vnet was NULL and would crash. This fix is similar to what was done inside the ioctl handler for PF. Tested by: (1) Boot a kernel with "options VIMAGE" enabled (2) Type: echo "map lo0 from 10.0.0.0/24 to ! 10.0.0.0/24 -> 127.0.0.1/32" > /etc/ipnat.rules ; service ipnat onerestart PR: 176992 Differential Revision: https://reviews.freebsd.org/D1191
* MFC r262606, r262607, r262608, r262609, r262610, r269528, r269609, r271133:ian2014-10-2676-10883/+0
| | | | | | | | - Move imported dts source from sys/contrib/dts/ to sys/gnu/dts. - Fix some missing properties. - Import dts-related header files. - Update everything to latest vendor branch representing 3.17-rc2 level of Linux DTS API.
* MFC r273135:hselasky2014-10-181-1/+0
| | | | | | | | | | | | | | | | | Update the OFED Linux compatibility layer and Mellanox hardware driver(s): - Properly name an inclusion guard - Fix compile warnings regarding unsigned enums - Add two new sysctl nodes - Remove all empty linux header files - Make an error printout more verbose - Use "mod_delayed_work()" instead of cancelling and starting a timeout. - Implement more Linux scatterlist functions. Sponsored by: Mellanox Technologies
* MFC r272555cy2014-10-121-2/+4
| | | | | | | | ipfilter bug #537 NAT rules with sticky have incorrect hostmap IP address. This fixes when an IP address mapping is put in the hostmap table for sticky NAT rules, it ends up having the wrong byte order. Obtained from: ipfilter CVS repo (r1.102), NetBSD CVS repo (r1.12)
* MFC r272554cy2014-10-121-3/+3
| | | | | | ipfilter bug #534 destination list hashing not endian neutral Obtained from: ipfilter CVS repo (r1.26), NetBSD CVS repo (r1.8)
* MFC r272553cy2014-10-121-3/+2
| | | | | | ipfilter bug #538 ipf_p_dns_del should return void Obtained from: ipfilter cvs repo (r1.8)
* MFC r272552cy2014-10-121-11/+34
| | | | | | | ipfilter bug #554 Determining why a ipf rule matches is hard -- replace ipfilter rule compare with new ipf_rule_compare() function. Obtained from: ipfilter CVS rep (r1.129)
* MFC r272551cy2014-10-121-0/+12
| | | | | | ipfiler bug #550 filter rule list corrupted with inserted rules Obtained from: ipfilter CVS repo (r1.128); NetBSD CVS repo (r1.15)
* MFC r272052cy2014-10-121-5/+33
| | | | | | ipfilter bug #558 add in some missing frag table function comments. Obtained from: ipfilter CVS repo (r1.36)
* MFC r271980cy2014-10-121-2/+2
| | | | | | | Check for NULL before de-refencing; in particular sel is assigned to NULL, in the default case, and then couple of lines down we do sel-> Obtained from: NetBSD CVS repo (r1.5)
* MFC r270710 and r270821:hselasky2014-09-041-2/+0
| | | | | | | | | | | | | | | - Update the OFED Linux Emulation layer as a preparation for a hardware driver update from Mellanox Technologies. - Remove empty files from the OFED Linux Emulation layer. - Fix compile warnings related to printf() and the "%lld" and "%llx" format specifiers. - Add some missing 2-clause BSD copyrights. - Add "Mellanox Technologies, Ltd." to list of copyright holders. - Add some new compatibility files. - Fix order of uninit in the mlx4ib module to avoid crash at unload using the new module_exit_order() function. Sponsored by: Mellanox Technologies
* MFC r269585 - Honour WITH and WITHOUT_INET6_SUPPORT.cy2014-08-081-0/+4
| | | | Approved by: glebius (mentor - implicit)
* MFC r268532 and r268585. When world and kernel are built without INET6cy2014-07-211-4/+0
| | | | | | | support, the userland was still built with INET6 turned on. PR: 190964 Approved by: glebius (mentor, implicit)
* MFC r267372-267374: fix various misimplementation of instructions.delphij2014-07-011-14/+25
| | | | Submitted by: Wolf Ramovsky <wolf.ramovsky gmail.com>
OpenPOWER on IntegriCloud