| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
jhb pointed out that (struct ifnet) is part of the network driver KBI, and
thus the offsets of internal fields must not change. Therefore, move the new
"if_hw_addr" field to the end, and consume one of the "if_pspare"s; that's
what they're there for. Because netmap on stable/10 uses "if_pspare[0]", the
new field replaces the *last* element of that array; that way,
offsetof(if_pspare) is unchanged compared to before r318430.
PR: 194386
Reviewed by: jhb
Pointyhat to: rpokala
Sponsored by: Panasas
(cherry picked from commit 2f103d239c07e4f88b9852f3b8689f100d7a31d0)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
a way to retrive it
NOTE: Due to restructuring, the merges didn't apply cleanly; the resulting
change is almost identical to what went into stable/11, but in some cases in
different locations.
The MAC address reported by `ifconfig ${nic} ether' does not always match
the address in the hardware, as reported by the driver during attach. In
particular, NICs which are components of a lagg(4) interface all report the
same MAC.
When attaching, the NIC driver passes the MAC address it read from the
hardware as an argument to ether_ifattach(). Keep a second copy of it, and
create ioctl(SIOCGHWADDR) to return it. Teach `ifconfig' to report it along
with the active MAC address.
PR: 194386
(cherry picked from commit 2ce46e31d62424593e08c3853efe8c1e9283aba2)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fragmented UDP and ICMP packets were corrupted if a firewall with reassembling
feature (like pf'scrub) is enabled on the bridge. This patch fixes corrupted
packet problem and the panic (triggered easly with low RAM) as explain in PR
185633.
bridge_pfil and bridge_fragment relationship:
bridge_pfil() receive (IN direction) packets and sent it to the firewall The
firewall can be configured for reassembling fragmented packet (like pf'scrubing)
in one mbuf chain when bridge_pfil() need to send this reassembled packet to the
outgoing interface, it needs to re-fragment it by using bridge_fragment()
bridge_fragment() had to split this mbuf (using ip_fragment) first then
had to M_PREPEND each packet in the mbuf chain for adding Ethernet
header.
But M_PREPEND can sometime create a new mbuf on the begining of the mbuf chain,
then the "main" pointer of this mbuf chain should be updated and this case is
tottaly forgotten. The original bridge_fragment code (Revision 158140,
2006 April 29) came from OpenBSD, and the call to bridge_enqueue was
embedded. But on FreeBSD, bridge_enqueue() is done after bridge_fragment(),
then the original OpenBSD code can't work as-it of FreeBSD.
PR: 185633
Submitted by: Olivier Cochard-Labbé
Differential Revision: https://reviews.freebsd.org/D7780
(cherry picked from commit a8a1202774e288fb88de8422397f7ff398f7e3fb)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Implement the sadb_x_policy_priority field as it is done in Linux:
lower priority policies are inserted first.
Submitted by: Emeric Poupon <emeric.poupon@stormshield.eu>
Reviewed by: ae
Sponsored by: Stormshield
TAG: IPSEC-HEAD
(cherry picked from commit 25996276a907484d8fc26a6a9a79827367bfcfc0)
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fix regression introduced on 272446r. lagg(4) supports the protocol none,
where it disables any traffic without disabling the lagg(4) interface itself.
PR: 206478
Submitted by: Erin Clark <erin.clark.ix@gmail.com>
Reviewed by: rpokala, bapt
Approved by: re (glebius)
Differential Revision: https://reviews.freebsd.org/D5188
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
(r290383,295282,295283)"
We are keeping tryforward enabled on pfSense since we do not use IPFW +
NAT
This reverts commit b899cad3faf3673f41a3fcf021164dcd7ee19a7e.
|
| |\ \
| |/ |
|
| | |
| |
| |
| |
| |
| |
| | |
In the IPFW+NAT+divergent MTU case there is a bug in sening ICMP MTU updates.
Approved by: re (marius, gjb)
Sponsored by: Rubicon Communications (Netgate)
|
| |\ \
| |/ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Replace the fastforward path with tryforward which does not require a
sysctl and will always be on. The former split between default and
fast forwarding is removed by this commit while preserving the ability
to use all network stack features.
Differential Revision: https://reviews.freebsd.org/D4042
Reviewed by: ae, melifaro, olivier, rwatson
Approved by: re (glebius)
Sponsored by: Rubicon Communications (Netgate)
|
| | |
| |
| |
| | |
This reverts commit 5e6268df600406a1570e822ac652576059d820e3.
|
| | |
| |
| |
| | |
This version fixes the issue with 'State Creations' in pfctl -vvsr.
|
| | |
| |
| |
| | |
This reverts commit 9068fb423dfecae0f8b611d4bc558dd6cb2e2bd7.
|
| |\ \
| |/ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
If vnets are torn down while ifconfig runs an ioctl to say, destroy an
epair(4), we may hit if_detach_internal() without holding a lock and by
the time we aquire it the interface might be gone.
We should not panic() in this case as it is our fault for not holding
the lock all the way. It is not ideal to return silently without error
to user space, but other callers will all ignore the return values so
do not change the entire KPI for little benefit for now.
The ifp will be dealt with one way or another still.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
If bootverbose is enabled every vnet startup and virtual interface
creation will print extra lines on the console. We are generally not
interested in this (repeated) information for each VNET. Thus only
print it for the default VNET. Virtual interfaces on the base system
will remain printing information, but e.g. each loopback in each vnet
will no longer cause a "bpf attached" line.
|
| | |
| |
| |
| |
| |
| |
| | |
Simplify bringup order by removing a SYSINIT making it a static list
initialization.
Obtained from: p4 @180384,180385
|
| | |
| |
| |
| |
| | |
Submitted by: markb_mellanox.com
Differential Revision: https://reviews.freebsd.org/D4666
|
| | | |
|
| |\ \
| |/ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
r287723 removed some cleanup from lagg(4), which leads to panics when
changing configuration. Restore the spirit of the code which was removed.
This issue has been refactored out of existence in -HEAD, so this patch is
directly against stable/10.
PR: 206219
Submitted by: Fred Lewis < flewis @ panasas.com >
Reviewed by: hiren, Daniel O'Connor < darius @ dons.net.au >
Approved by: jhb
Sponsored by: Panasas, Inc.
Differential Revision: https://reviews.freebsd.org/D4929
|
| |\ \
| |/ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Clean up unused-but-set-variable spotted by gcc4.9.
Reviewed by: ngie
Approved by: rodrigc (mentor)
Sponsored by: gandi.net
Differential Revision: https://reviews.freebsd.org/D4774
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Wrap using #ifdef 'notyet' those variables and statements not yet
implemented to lower the compiler warnings.
It fix the case of unused-but-set-variable spotted by gcc4.9.
Reviewed by: ngie
Approved by: rodrigc (mentor)
Sponsored by: gandi.net
Differential Revision: https://reviews.freebsd.org/D4775
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
VLAN ID setting. Pull Request #1757. Ticket #4133
VLAN PCP should be fully functional now.
Obtained from: https://reviews.freebsd.org/D801
Revert with: pf_802.1p.diff
|
| |\ \
| |/ |
|
| | |
| |
| |
| |
| |
| | |
Add sysctl to control LACP strict compliance default
Sponsored by: Multiplay
|
| | | |
|
| |\ \
| |/ |
|
| | |
| |
| |
| |
| |
| | |
Check the size of data available in mbuf before using it.
PR: 202667
|
| | |
| |
| |
| | |
Add IFCAP_LINKSTATE support.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Replace the fastforward path with tryforward which does not require a
sysctl and will always be on. The former split between default and
fast forwarding is removed by this commit while preserving the ability
to use all network stack features.
Differential Revision: https://reviews.freebsd.org/D4042
Reviewed by: ae, melifaro, olivier, rwatson
MFC after: 1 month
Sponsored by: Rubicon Communications (Netgate)
TAG: tryforward
|
| | |
| |
| |
| |
| |
| |
| |
| | |
a sysctl and will always be on."
This reverts commit c58873dc9abc56028cc3435f692fd3583bd143af.
TAG: tryforward
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
and will always be on.
The former split between default and fast forwarding is removed by this commit while preserving the ability to use all network stack features.
TAG: tryforward
Differential Revision: https://reviews.freebsd.org/D3737
|
| |\ \
| |/ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
pf: Fix TSO issues
In certain configurations (mostly but not exclusively as a VM on Xen) pf
produced packets with an invalid TCP checksum.
The problem was that pf could only handle packets with a full checksum. The
FreeBSD IP stack produces TCP packets with a pseudo-header checksum (only
addresses, length and protocol).
Certain network interfaces expect to see the pseudo-header checksum, so they
end up producing packets with invalid checksums.
To fix this stop calculating the full checksum and teach pf to only update TCP
checksums if TSO is disabled or the change affects the pseudo-header checksum.
PR: 154428, 193579, 198868
Relnotes: yes
Sponsored by: RootBSD
|
| | |
| |
| |
| |
| | |
Submitted by: eric
Sponsored by: Norse Corp, Inc.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
looks like all archs either have clang or cdefs included before..
drop this include as unnecessary..
Requested by: bde
TAG: IPSEC-HEAD
Issue: #4841
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
convert to C11's _Static_assert, and pull in sys/cdefs.h for
compatibility w/ older non-C11 compilers...
passed make tinerdbox..
Suggested by: imp
TAG: IPSEC-HEAD
Issue: #4841
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
temporarily fix build.. This isn't the final fix, and testing is
still on going, but it has passed world for mips and powerpc...
I know this has an extra semicolon, but this is the patch that is
tested...
Looks like better fix is to use _Static_assert...
TAG: IPSEC-HEAD
Issue: #4841
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Clean up this header file...
use CTASSERTs now that we have them...
Replace a draft w/ RFC that's over 10 years old.
Note that _AALG and _EALG do not need to match what the IKE daemons
think they should be.. This is part of the KABI... I decided to
renumber AESCTR, but since we've never had working AESCTR mode, I'm
not really breaking anything.. and it shortens a loop by quite
a bit..
remove SKIPJACK IPsec support... SKIPJACK never made it out of draft
(in 1999), only has 80bit key, NIST recommended it stop being used
after 2010, and setkey nor any of the IKE daemons I checked supported
it...
jmgurney/ipsecgcm: a357a33, c75808b, e008669, b27b6d6
Reviewed by: gnn (earlier version)
TAG: IPSEC-HEAD
Issue: #4841
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
New AES modes for IPSec, user space components.
Update setkey and libipsec to understand aes-gcm-16 as an
encryption method.
A partial commit of the work in review D2936.
Submitted by: eri
Reviewed by: jmg
MFC after: 2 weeks
Sponsored by: Rubicon Communications (Netgate)
TAG: IPSEC-HEAD
Issue: #4841
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Revert "Importing pfSense patch ipsec_altq.RELENG_10.diff"
This reverts commit 5b128f054452e56b96564210c998510e0dd45130.
TAG: IPSEC-HEAD
Issue: #4841
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Revert "Importing pfSense patch aesgcm.soft.1.patch"
This reverts commit 46e99a8858f1c843c1774e472c11d422ca2163ae.
TAG: IPSEC-HEAD
Issue: #4841
|
| |\ \
| |/ |
|
| | |
| |
| |
| | |
Always detach encap handler when reconfiguring tunnel.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Update TSO limits to include all headers.
To make driver programming easier the TSO limits are changed to
reflect the values used in the BUSDMA tag a network adapter driver is
using. The TCP/IP network stack will subtract space for all linklevel
and protocol level headers and ensure that the full mbuf chain passed
to the network adapter fits within the given limits. See r287775
for a more detailed description.
Differential Revision: https://reviews.freebsd.org/D3477
Reviewed by: rmacklem
|
| |\ \
| |/ |
|
| | |
| |
| |
| |
| |
| | |
wrongly-MFC'd patch in r287723.
Pointy hat to: hrs
|
