summaryrefslogtreecommitdiffstats
path: root/sys/contrib
Commit message (Collapse)AuthorAgeFilesLines
* avoid sneaky double freesam2005-02-251-1/+5
| | | | | Noticed by: Coverity Prevent analysis tool Reviewed by: scottl
* Do not fail to initialize callouts (on SMP only) -- it leads to crashing.green2005-02-221-3/+4
|
* Fix a terrible braino in pfi_maybe_destroy() and unbreak "$pfctl -Fall" withmlaier2005-02-211-2/+5
| | | | | | | | | renamed interfaces. PR: kern/77645 Reported by: Harald Schmalzbauer <harryNOschmalzbauerSPAMde> Reviewed by: yongari MFC after: 3 days
* Don't use the static CALLOUT_INITIALIZER for __FreeBSD_version >= 600000. Itmlaier2005-02-212-1/+9
| | | | | | | | | | | was a bad idea, but since it is done like this in the vendor source we keep it around for older versions. As a safe guard against future misuse we don't even define CALLOUT_INITIALIZER anymore. This fixes ALTQ after callout_init_mtx() and takes altq_var.h off the vendor branch. Submitted by: Divacky Roman <xdivac02NOstud.fit.vutbrSPAMcz> (w/ changes)
* Fix inteface clear time. pf printed "Thu Jan 1 09:00:01 1970"yongari2005-02-171-1/+8
| | | | | | in "pfctl -vvsI" output when pf was statically linked to kernel. Discussed with: mlaier
* Access softc embedded struct ifnet via function macro to make it easier tomlaier2005-02-093-26/+54
| | | | | | untangle struct ifnet and softc/arpcom in the future. Requested by: brooks
* - Split out PCI support.mdodd2005-02-034-306/+744
| | | | | | - Add previously removed ISA support. Submitted by: David S. Madole <david AT madole.net>
* Use the packet's address family instead of the rule's when selecting adhartmei2005-01-201-1/+1
| | | | | | | | | replacement address for an rdr rule. Some rdr rules have no address family (when the replacement is a table and no other criterion implies one AF). In this case, pf would fail to select a replacement address and drop the packet due to translation failure. Found by: Gustavo A. Baratto
* Prohibit ruleset changes at securelevel > 2, not > 1. It's documenteddhartmei2005-01-191-1/+1
| | | | | | | like this in init(8), but the code didn't match the documentation. Submitted by: Juraj Lutter <otis at sk dot FreeBSD dot org> Agrees: mlaier
* This commit was generated by cvs2svn to compensate for changes in r140216,njl2005-01-141-0/+7
|\ | | | | | | which included commits to RCS files with non-trunk default branches.
| * Clean up a small memory leak introduced with the previous commit tonjl2005-01-141-0/+7
| | | | | | | | | | | | | | dsutils.c. We need to GC the implicitly-returned object. Submitted by: Robert.Moore at Intel MFC after: 1 day
* | This commit was generated by cvs2svn to compensate for changes in r140094,njl2005-01-121-1/+2
|\ \ | |/ | | | | which included commits to RCS files with non-trunk default branches.
| * Fix handling of the implicit return case for methods called from annjl2005-01-121-1/+2
| | | | | | | | | | | | | | | | external source (i.e., _STA). The previous case only handled calls occurring within AML. This should fix Toshibas, among others. Thanks to Robert Moore of Intel for the fix. MFC after: 2 days
* | Elminate 1 LOR (actually a recursive mutex grab) involving ipfilter wheredarrenr2005-01-081-25/+2
| | | | | | | | | | we loop through all the list of NICs (struct ifnet), holding the lock on it and then do a name lookup with ifunit() whilst holding it.
* | * Remove some code that's in a #ifndef FreeBSD that's no longer used.darrenr2004-12-261-5/+0
| |
* | * The #ifdef's to cause mutex's for freebsd to be declared were meant to pickdarrenr2004-12-262-19/+4
| | | | | | | | | | up on USE_MUTEX being defined, but this patch * Remove some code that's in a #ifndef FreeBSD that's no longer used.
* | Darnit, through a maze of twisty passages, ipfilter needs to have PFIL_HOOKSscottl2004-12-251-1/+1
| | | | | | | | defined. Revert part of the previous commit to fix this.
* | Sprinkle in some __FreeBSD_version checks so that this compiles again. Don'tscottl2004-12-253-3/+6
| | | | | | | | | | | | define PFIL_HOOKS anymore. Submitted by: keramida
* | Enable fine grained locking within IPFilter, using mtx(9) and sx(9) allowingdarrenr2004-12-249-27/+81
| | | | | | | | the the "needs giant" flag to be removed from the driver.
* | Initialise init_addr in pf_map_addr() in the PF_POOL_ROUNDROBIN,dhartmei2004-12-191-3/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | prevents a possible endless loop in pf_get_sport() with 'static-port' ICMP state entries use the ICMP ID as port for the unique state key. When checking for a usable key, construct the key in the same way. Otherwise, a colliding key might be missed or a state insertion might be refused even though it could be inserted. The second case triggers the endless loop, possibly allowing a NATed LAN client to lock up the kernel. PR: kern/74930 Reported and tested by: Hugo Silva, Srebrenko Sehic MFC after: 3 days
* | Make ip_nat compile again. Should read #if->n<-def LARGE_NAT as in ipf 4.xmlaier2004-12-181-1/+1
| |
* | Move two variables that are unused if LARGE_NAT is defined inside an #ifdefdarrenr2004-12-171-1/+4
| | | | | | | | | | | | to keep them out of harms way when compiling. PR: 72783
* | Allow ipnat redirect rules to work for non-TCP/UDP packets.darrenr2004-12-171-3/+5
| | | | | | | | | | | | | | PR: 70038 Submitted by: fming@borderware.com Reviewed by: darrenr Obtained from: fming@borderware.com
* | Using just m_pullup to get all of the interesting bits in packet into onedarrenr2004-12-161-1/+6
| | | | | | | | | | | | | | buffer doesn't work for ipv6 packets, so use m_defrag() here instead as an easy drop-in replacement. PR: 70399
* | Compile pfsync w/o bpf.mlaier2004-12-101-0/+2
| | | | | | | | Noticed by: "Jayel Villamin" <jarthel operamail com>
* | clear old files now in publicsam2004-12-082-3562/+0
| |
* | resolve merge conflictsam2004-12-081-6/+26
| |
* | This commit was generated by cvs2svn to compensate for changes in r138583,sam2004-12-0856-132/+74779
|\ \ | | | | | | | | | which included commits to RCS files with non-trunk default branches.
| * | Version 0.9.14.12:sam2004-12-0857-138/+74806
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | [Changes listed only since last public release 0.9.12.14; for changes prior to that consult the CVS logs at http://madwifi.sourceforge.net] o reorg directory structure to have a single set of public binary builds shared by all systems o support for new parts (all shipping pci/cardbus parts to this date work) o new capabilities for identifying various chip features o set/get tx power cap for supporting 802.11h information element o revised api for set/get tx queue properties o support for updating CTS in frames when doing packet bursting o support for querying which tx queues have pending interrupts
* | | IPv6 packets can contain headers (like options) before the TCP/UDP/ICMP6dhartmei2004-12-051-3/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | header. pf finds the first TCP/UDP/ICMP6 header to filter by traversing the header chain. In the case where headers are skipped, the protocol checksum verification used the wrong length (included the skipped headers), leading to incorrectly mismatching checksums. Such IPv6 packets with headers were silently dropped. Discovered by: Bernhard Schmidt MFC after: 1 week
* | | This commit was generated by cvs2svn to compensate for changes in r138298,marks2004-12-021-1/+1
|\ \ \ | | |/ | |/| | | | which included commits to RCS files with non-trunk default branches.
| * | Oops, remove unnecessary cast in original, out-commented code.marks2004-12-021-1/+1
| | | | | | | | | | | | | | | | | | This was a debug leftover. MFC after: 1 week
* | | This commit was generated by cvs2svn to compensate for changes in r138296,marks2004-12-021-1/+9
|\ \ \ | |/ / | | | | | | which included commits to RCS files with non-trunk default branches.
| * | Local change: Supporting code not yet available, use previous behaviormarks2004-12-021-1/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | instead for the time being. Intel should fix this. Note that if this commit is correct, it is made on the vendor branch. We expect the Intel folks to fix it, and we don't want to unnecessarily take files off the vendor branch. Approved by: njl MFC after: 1 week
* | | Local change: Remove warnings from vendor files.marks2004-12-013-62/+54
| | | | | | | | | | | | | | | Approved by: njl MFC after: 1 week
* | | Local change: In the resume path, give up after waiting for a whilemarks2004-12-011-7/+8
| | | | | | | | | | | | | | | | | | | | | for WAK_STS to be set. Some BIOSs never set it. Approved by: njl MFC after: 1 week
* | | Local change: Put various debugging options under ACPI_DISASSEMBLER.marks2004-12-011-1/+83
| | | | | | | | | | | | | | | Approved by: njl MFC after: 1 week
* | | Unchanged files that are off the vendor branch.marks2004-12-019-177/+182
| | | | | | | | | | | | | | | Approved by: njl MFC after: 1 week
* | | This commit was generated by cvs2svn to compensate for changes in r138287,marks2004-12-0185-1658/+3570
|\ \ \ | |/ / | | | | | | which included commits to RCS files with non-trunk default branches.
| * | Vendor import of Intel ACPI-CA 20041119marks2004-12-0198-1854/+3896
| | |
* | | fix a bug that leads to a crash when binat rules of the formdhartmei2004-11-241-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 'binat from ... to ... -> (if)' are used, where the interface is dynamic. Discovered by: kos(at)bastard(dot)net Analyzed by: Pyun YongHyeon Approved by: mlaier (mentor) MFC after: 1 week
* | | Removed the remnants of gx(4).ru2004-11-081-1/+1
| | |
* | | Improved interface handling. This should fix the use of renamed interfacesmlaier2004-11-031-17/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | (ifconfig xl0 name foo) as well as some special interfaces such as the 6to4 tunnel. Reported by: Ed Schouten <ed (at) il ! fontys , nl> Tested by: freebsd-pf PR: kern/72444 MFC after: 3 weeks
* | | Fix a panic discovered with some apache2 configure test (that seemed tomlaier2004-10-241-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | trigger a socket creation race some some kind). Checking for non-NULL socket and credential is not a bad idea anyway. Unfortunatly too late for the release. Reported & tested by: Gilbert Cao MFC after: 2 weeks
* | | Fix some warnings that only triggered in LINT.scottl2004-10-241-1/+1
| | |
* | | Embed the correct name.scottl2004-10-241-1/+1
| | |
* | | Import the HighPoint RocketRAID 182x driver. Thanks to HighPoint forscottl2004-10-2413-0/+6514
| | | | | | | | | | | | | | | providing the original driver, and thanks to IronSystems for providing hardware for testing.
* | | Add an additional struct inpcb * argument to pfil(9) in order to enablemlaier2004-09-294-16/+137
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | passing along socket information. This is required to work around a LOR with the socket code which results in an easy reproducible hard lockup with debug.mpsafenet=1. This commit does *not* fix the LOR, but enables us to do so later. The missing piece is to turn the filter locking into a leaf lock and will follow in a seperate (later) commit. This will hopefully be MT5'ed in order to fix the problem for RELENG_5 in forseeable future. Suggested by: rwatson A lot of work by: csjp (he'd be even more helpful w/o mentor-reviews ;) Reviewed by: rwatson, csjp Tested by: -pf, -ipfw, LINT, csjp and myself MFC after: 3 days LOR IDs: 14 - 17 (not fixed yet)
* | | Protect sockaddr_union definitions with a protecting define. This allows tomlaier2004-09-231-10/+9
| | | | | | | | | | | | | | | | | | | | | | | | build kernels with FAST_IPSEC and PF. This is the least disruptive fix. PR: kern/71836 Reviewed by: bms, various mailing lists MFC after: 3 days
* | | Break out altq_enable/disable from DIOC{START,STOP}ALTQ into sepratemlaier2004-09-171-41/+83
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | functions that can be called from enable/disable pf as well. This improves switching from non-altq ruleset to altq ruleset (and the other way 'round) by a great deal and makes pfctl act like the user would except it to. PR: kern/71746 Tested by: Aurilien "beorn" Rougemont (PR submitter) MFC after: 3 days
OpenPOWER on IntegriCloud