| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
- u_short -> u_int16_t
- Change default MTU to 1476 (same value that Cisco and other *BSD's use).
- Mark gre(4) interfaces as IFT_TUNNEL (Encapsulation interface).
From NetBSD
- Support setting the MTU
Be very careful when upgrading, the change in default MTU might cause
problems with an existing OpenBSD <-> OpenBSD setup.
Thanks to Stephen Marley <stephen dot marley at catwoman dot cl-is dot com>
for some testing.
|
|
system.
From: i4b project via FreeBSD via Jason Ackley
Fixes PR 4190 & 4196
ok canacar@
|
|
|
|
matching source and destination addresses/ports.
ok henning@ dhartmei@ mpf@
|
|
OK henning, krw, brad, moritz
|
|
|
|
|
|
ok dlg@ henning@
|
|
ok krw@ canacar@
|
|
|
|
|
|
From FreeBSD/NetBSD
Tested by camield@ and Alexey E. Suslikov <cruel at texnika dot com dot ua>
ok camield@
|
|
into a normal one, it sets both peers' sequence windows. Fix a bug where
the previously advertised windows are applied to the wrong side (i.e.
peer A's seqhi is peer A's seqlo plus peer B's, not A's, window). This
went undetected because mostly the windows are similar and/or re-
advertised soon. But there are (rare) cases where a synproxy'd connection
would stall right after handshake. Found by Gleb Smirnoff.
|
|
panicing at detach time.
ok dhartmei@ henning@
|
|
Changes are reported to userland and to other
interfaces sitting on top of us.
OK henning@, camield@
Tested by camield@ and Alexey E. Suslikov
|
|
This converts if_link_state_change() to a generic usable
callback with dohooks().
OK henning@, camield@
Tested by camield@ and Alexey E. Suslikov
|
|
IEEE802_11_RADIO data link types.
ok canacar@ damien@
|
|
fine deraadt@
|
|
This prevent a variety of fun panics.
From NetBSD
|
|
being..
- Set the interface speed back to zero after ether_ifattach(). RFC 2863
says: "For a sub-layer which has no concept of bandwidth, [ifSpeed]
should be zero."
|
|
bits from tags extracted from received frames. (Some drivers may
already do this masking internally, but doing it here doesn't hurt
and insures consistency.)
- In vlan_ioctl(), don't let the user set a VLAN ID value with anything
besides the VLID bits set, otherwise we will have trouble matching
an interface in vlan_input() later.
- Set the interface speed back to zero after ether_ifattach(). RFC 2863
says: "For a sub-layer which has no concept of bandwidth, [ifSpeed]
should be zero."
- Do not call if_down() on a parent interface if it's already down.
From FreeBSD
Tested by camield@ and Alexey E. Suslikov <cruel at texnika dot com dot ua>
ok camield@
|
|
When synproxy sends packets to the destination host, make sure to copy
the 'tag' from the original state entry into the outgoing mbuf.
ok dhartmei@ deraadt@
|
|
|
|
the 'tag' from the original state entry into the outgoing mbuf.
ok henning@ dhartmei@
|
|
|
|
OK derradt@ tedu@
|
|
ok deraadt, ok markus some time ago
|
|
|
|
Kyunghwan KIM (prs 2117 and 2118) and Fredrik Widlund. ok deraadt
|
|
|
|
Use getmicrouptime() instead. Found by grange@ and henning@.
OK henning@
|
|
1. better timeout and keepalive handling
2. fix some memory leaks on error paths.
3. use arc4random instead of random
4. always send keepalives in cHDLC mode, from claudio@
Tested by Greg Mortensen (san) and jmc@ (pppoe), ok claudio@
|
|
is called. Makes two sppp instances to handshake against each other.
Tested by Greg Mortensen, ok claudio@
|
|
|
|
|
|
(not just to the initial packet). note: kernel/userland abi change
(rebuild pfctl). ok henning@
|
|
ok henning@, deraadt@
|
|
ok henning@ dhartmei@ claudio@
|
|
some problem setting the media to the requested value (usually IFM_AUTO),
we now force the media selection to IFM_NONE.
From NetBSD
|
|
Avoid DoS attack by setting ifm->ifm_media to a high number and running the
kernel out of memory.
From NetBSD
Fixes panic mentioned in PR 4088.
ok krw@ mcbride@ dhartmei@
|
|
purged errneously. mpf@ ok
|
|
on the routing socket and notifying carp() of link changes.
ok brad@ mpf@
|
|
'memory' one, which helps debugging. Alters the kernel/userland ABI,
rebuild pfctl and tcpdump. ok henning@
|
|
replacement address for an rdr rule. Some rdr rules have no address family
(when the replacement is a table and no other criterion implies one AF).
In this case, pf would fail to select a replacement address and drop the
packet due to translation failure. Found by Gustavo A. Baratto.
ok mcbride@, henning@, markus@
|
|
ok mpf@
|
|
in kernel code to match. Brings pfsync in line with carp, vlan and pppoe
devices. Old syncif and -syncif options still work, will be removed later.
ok markus@
|
|
Advertisements run through the carp interface first.
So we just take the address from ifp0.
While we're there,
also remove carp_macmatch6, which isn't used anymore.
Proposed by mcbride@
ok mcbride@, pascoe@
|
|
interface address -- and not the last one -- some alias. Also handle point to
point networks a bit more special.
With some input from markus@ OK markus@ henning@ fgsch@
|
