| Age | Commit message (Collapse) | Author |
|---|
|
jumbo/baby-jumbo frames. To avoid problems with mismatches between trunkports,
any additional ports must have the same MTU as already set on the trunk(4).
Based on changes made in FreeBSD. Tested by myself and jj@, ok reyk@
|
|
key we need to sync our state key pointers with whatever values
the function will pick. Not doing so will produce wrong results
if address translation must be applied afterwards and we happen
to have a state key collision. Then pf_translate will follow an
old pointer and punch in garbage addresses into the packet.
Noticed, initial patch and tests by Vitaly Sinilin <vs @ kp4 ! ru>
ok tedu, henning
|
|
Report that this is needed for some netflow collector and tests by
Chris Ivancic & Colin Ligertwood.
OK mikeb@, benno@
|
|
diff from Michael W. Bombardieri.
|
|
|
|
the session is removed from the pipex_closed_wait_list twice, fixed it.
It always causes panic because QUEUE_MACRO_DEBUG is enabled by default.
Also remove some needless (struct pipex_session *) casts.
|
|
move them to the corresponding header with an appropriate comment if
necessary.
ok guenther@
|
|
ok millert@
|
|
array indexed by interface numbers, add a new field to the interface
descriptor pointing to it.
claudio@ and todd@ like it, ok mikeb@
|
|
avoid ugly casts.
OK krw@ tedu@
|
|
OK tedu@ claudio@
|
|
slipped by on i386, but the zaurus doesn't automagically pick it up.
spotted by patrick
|
|
.h files to pull it in, if needed
ok tedu
|
|
|
|
ok millert@, haesbaert@, bluhm@
|
|
ifatoia6 macros do not check the source type. They just cast
anything. Remove needless casts and do not use those macros if the
source type does not match. Remove duplicate defines.
No binary change. OK kettenis@ krw@
|
|
wrong in each direction).
Report and fix from UMEZAWA Takeshi <umezawa@iij.ad.jp>
|
|
ok beck@, mikeb@
|
|
an interface index and replace all the redondant checks and accesses
to a global array by a call to this function.
With imputs from and ok bluhm@, mikeb@
|
|
ok claudio mpi
|
|
dhill.
ok krw@, mikeb@, tedu@ (implicit)
|
|
when address translation fails due to no free ports in the configured range.
ok mikeb@
|
|
No binary change.
|
|
is clearer; ok sthen
|
|
|
|
ok mikeb@, miod@
|
|
check for the reference counter.
ok mikeb@, miod@, pelikan@, kettenis@, krw@
|
|
Reported by Wesley M.A. on misc@, ok deraadt
|
|
than checking if they're zero - export_address() is always called for these.
Fixes memory corruption when doing ipsecctl -ssa with md5sig. Debugging
hints from deraadt@, ok kettenis@ deraadt@
|
|
the mbuf it just sent on the previous interface. this is bad because the
previous interface could have modified the mbuf chain, which can make the
subsequent m_copym()s panic.
this copies the dance that rtsock.c does for broadcasting mbufs which
copies the mbuf before transmit, except for the last interface which it
handles outside the loop.
tested by halex@ who verified it fixes his panic.
ok claudio@ deraadt@
|
|
table statistics so it appeared later on as the Epoch. Noticed
by [the] Shining on bugs@. Thanks!
ok sthen, waver from deraadt
|
|
EINVAL instead of panic. Also npppd called ioctl with the invalid
argument because of the bugs introduced by the config parser change
commit. Fixed those bugs and make sure not to use 0 length keys for
MPPE.
reported by csszep at gmail and giovanni
ok giovanni
|
|
other interface types. suggested/tested Mattieu Baptiste, ok dlg@ yasuoka@
giovanni@, ifconfig(8) reminder jmc@
|
|
v9. Without it it's not possible to find out at what time a flow
started/ended with only flowStartSysUpTime/flowEndSysUpTime. Fix this
by using flowStartSeconds/flowEndSeconds for v10.
Problem reported by Chris Ivancic and Colin Ligertwood, analyzed by
benno@
Tested by benno@ against nprobe (which doesn't care that much one way
or the other)
Tested by Chris Ivancic against solarwinds collector.
OK benno@
|
|
This way the configuration order is preserved. Order matters
because MAC address are not unique: vlan interfaces can have
the same MAC as their parent.
Frames destined for the bridge itself are now delivered to
the first-configured interface that matches the MAC instead
of the last-configured. This means that the bridge behavior
does not suddenly change anymore when adding a vlan interface.
ok henning reyk (a while ago)
|
|
FIN packets. The data of a TCP packet must fit into the announced
window, but this is not required for the sequence number of the
FIN. A packet with the FIN bit set and containing data that fits
exactly into the announced window was blocked. Our stack generates
such packets when the receive buffer size is set to 1024. Now pf
uses only the data lenght for window comparison.
OK henning@
|
|
Method (checking for PACKET_TAG_DLT) suggested by claudio, ok mpf
|
|
using tty ring buffers instead of clists
ok kettenis
|
|
ok claudio
|
|
wire for v5 packets.
ok (and lots of gentle prodding from) florian@
|
|
negating existing entries on re-load does not work (e.g. changing
192.168.6.0/24 to !192.168.6.0/24 in table was ignoed).
ok mikeb@, henning@ mpf@, bluhm@,
|
|
fixes nat with sticky address and ip address change on pppoe(4) for example;
ok henning@, zinke@; mikeb@
|
|
from the pool (e.g. ifconfig em0 1.2.3.4 -alias)
ok henning@, mikeb@
|
|
ok henning@, zinke@, mikeb@
|
|
|
|
reconfiguration with /etc/netstart silent again. (noticed by deraadt)
And do the same for 'addspan'.
ok deraadt
|
|
on a packet, make bpf_catchpacket take a timeval indicating when the
packet was captured. Move microtime to the calling functions and grab
the timestamp as soon as we know that we're going to call catchpacket
at least once.
From NetBSD, ok deraadt, claudio, sthen
|
|
waiting for memory to become available
obtained from netbsd with tweaks, with input from deraadt and
blambert, ok deraadt, claudio
|
|
spotted by krw@, poked by jmatthew@
|
|
it), so return early if the work has already been done.
ok yasuoka@ jmatthew@
|
