| Age | Commit message (Collapse) | Author |
|---|
|
chdir(2) before unveil(2). Use absolute config path after chdir,
also necessary for SIGHUP. /etc/sensorsd.conf.db must be unveiled,
cgetent(3) tries to open it.
OK beck@
|
|
|
|
|
|
will find them, and devname() in various programs won't return "??"
ok kettenis
|
|
ok jasper@
|
|
|
|
ok patrick@
|
|
Choosing ! (replace rest) never advances beyond the current line
and keeps inserting the replacement test, and mg eventually runs
out of memory.
Patch from Mark Willson with minor stylistic tweaks.
Looks good to Hiltjo Posthuma who would have preferred making forward
replacing on empty lines work. Mark argued that this makes it behave
consistently with the current behaviour when searching for ^ and the
point at the beginning of a non-empty line in which case the cursor does
not move either.
Also tested by krw
|
|
Patch from Mark Willson with a minor tweak
|
|
driver successfully compiles on one or more of amd64, i386, hppa.
|
|
the hash lock on MULTIPROCESSOR kernels.
|
|
|
|
|
|
|
|
|
|
licence mere mortals can understand the terms of); will be connected to the
build on an arch-by-arch basis.
Testsuites and generated files have been intentionnaly omitted from this import.
Peer pressure and ok from at least drahn@ pirofti@ deraadt@
|
|
|
|
no functional change.
|
|
|
|
OK visa@
|
|
|
|
later.
ok kettenis gkoehler
|
|
|
|
Unlike aggr(4) and trunk(4) for link aggregation, tpmr(4) bridges links
similar to bridge(4) and switch(4), yet its ioctl(2) interface is that of an
an aggregating interface.
Change SIOCSTRUNKPORT and SIOCSTRUNKDELPORT to SIOCBRDGADD and SIOCBRDGDEL
respectively and speak about members rather than ports in the manual to make
ifconfig(8) accept "add" and "del" commands as expected.
Status ioctls will follow such that "ifconfig tpmr" gets fixed accordingly.
Discussed with dlg after mentioning the lack of aggr(4) and tpmr(4)
documentation in ifconfig(8) which will follow as well after code cleanup.
Feedback OK dlg
|
|
the interface input handler lists were originally set up to help
us during the intial mpsafe network stack work. at the time not all
the virtual ethernet interfaces (vlan, svlan, bridge, trunk, etc)
were mpsafe, so we wanted a way to avoid them by default, and only
take the kernel lock hit when they were specifically enabled on the
interface. since then, they have been fixed up to be mpsafe.
i could leave the list in place, but it has some semantic problems.
because virtual interfaces filter packets based on the order they
were attached to the parent interface, you can get packets taken
away in surprising ways, especially when you reboot and netstart
does something different to what you did by hand. by hardcoding the
order that things like vlan and bridge get to look at packets, we
can document the behaviour and get consistency.
it also means we can get rid of a use of SRPs which were difficult
to replace with SMRs. the interface input handler list is an SRPL,
which we would like to deprecate. it turns out that you can sleep
during stack processing, which you're not supposed to do with SRPs
or SMRs, but SRPs are a lot more forgiving and it worked.
lastly, it turns out that this code is faster than the input list
handling, so lots of winning all around.
special thanks to hrvoje popovski and aaron bieber for testing.
this has been in snaps as part of a larger diff for over a week.
|
|
carp_input is only tried after vlan and bridge handling is done,
and after the ethernet packet doesnt match the parent interfaces
mac address.
this has been in snaps as part of a larger diff for over a week.
|
|
this means there's a consistent order of processing of service
delimited (vlan and svlan) packets and bridging of packets. vlan
and svlan get to look at a packet first. it's only if they decline
a packet that a bridge can handle it. this allows operators to slice
vlans out for processing separate to the "native" vlan handling if
they want.
while here, this fixes up a bug in vlan_input if m_pullup needed
to prepend an mbuf.
this has been in snaps as part of a larger diff for over a week.
|
|
this is a step toward making all types of bridges coordinate their
use of port interfaces, and is a step toward deprecating the interface
input handler lists.
bridge(4), switch(4), and tpmr(4) now coordinate their access so
only one of them can own a port at a time.
this has been in snaps as part of a larger diff for over a week.
|
|
this is a step toward making all types of bridges coordinate their
use of port interfaces, and is a step toward deprecating the interface
input handler lists.
this has been in snaps as part of a larger diff for over a week.
|
|
this is a step toward making all types of bridges coordinate their
use of port interfaces, and is a step toward deprecating the interface
input handler lists. it also moves tpmr away from the trunk ioctls
it's currently (ab)using.
this has been in snaps as part of a larger diff for over a week.
|
|
Tested for on a TP-LINK TL-NG421.
ok jmatthew@
|
|
if the bridge declines the packet, it just returns it to ether_input
to allow local deliver to proceed.
this has been in snaps as part of a larger diff for over a week.
|
|
this is the first step in refactoring how ethernet frames are demuxed
by virtual interfaces, and also in deprecating interface input list
handling.
we now have drivers for three types of virtual bridges, bridge(4),
switch(4), and tpmr(4), and it doesn't make sense for any of them
to be enabled on the same "port" interfaces at the same time.
currently you can add a port interface to multiple types of bridge,
but which one gets to steal the packets depends on the order in
which they were attached.
this creates an ether_brport structure that holds an input function
for the bridge, and optionally some per port state that the bridge
can use. arpcom has a single pointer to one of these structs that
will be used during normal ether_input processing to see if a packet
should be passed to a bridge, and will be used instead of an if
input handler. because it is a single pointer, it will make sure
only one bridge of any type is attached to a port at any one time.
this has been in snaps as part of a larger diff for over a week.
|
|
MD versions of these headers were unhooked. As nothing has hit those
checks we can drop them at this point.
ok visa@ and "makes sense" to millert@
|
|
matthieu@ reported that asking tcpdump to look at ip or ip6 traffic
on a wg(4) interface caused all packets to be captured. this is
because pcap assumes that if your link type doesn't have a link
header then it is always ip or ip6 (which is weird anyway) and
captures everything.
there was already code to generate a filter for the DLT_LOOP link
header, it was just bypassed cos earlier code said that there wasn't
one.
debugged with and ok kn@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
after getting rid of the "copyless" crutch
|
|
|
|
to support regression testing without a tty;
no user visible change intended
|
|
the checksum is exclusively used for pfsync to verify rulesets are identical
on all nodes. the automatic table names are random and have a near zero
chance to match. found at a customer in zurich
ok sashan kn
|
|
OPT is misleading and usually refers to command line arguments to pfctl
ok sashan kn
|
|
|
|
|
