| Age | Commit message (Collapse) | Author |
|---|
|
ok dlg@ yasuoka@
|
|
me a chance to kill these glowing red trailing whitespace characters.
|
|
offset of the address in the sockaddr to initialize the stride lengths.
|
|
entry.
This pointer hasn't been used for some time and without it no external
reference count is needed to turn art_lookup() mpsafe.
|
|
|
|
Use 115200 the default speed for buffer sizing in ttymalloc(). A lot
of devices call ttymalloc(0) so this affects quite a few of them.
Increases the buffer size for 9600 < baud <= 115200 from 1k to 4k.
Make ppp use the lo/hi watermarks from the tty layer which are
adjusted according to speed + buffer size. The previous fixed values
of 100 and 400 were way too small
Make pty call ttymalloc() with baud == 1000000, which is the common
value used in the tree for "fast".
ok deraadt@
|
|
From David Hill, ok dlg@
|
|
this avoids confusion about checksum offload if you configure ips
on svlan interfaces on top of interfaces that do offload, like bge
or em.
the problem was reported by and this fix was tested by denis fondras
analyzed by naddy@
thanks guys
|
|
which only worked with ath(4) devices from a decade ago.
Diff tested on ath(4) hardware by me to verify that 11a/b modes still work.
ok reyk deraadt chris sthen kettenis
|
|
netmasks are non-NULL for RTM_CHANGE and RTM_LOCK.
Fix route(8) regressions tests 14 and 16 with ART kernels. These tests
were failing because with ART, RTF_HOST routes always have a mask.
ok claudio@, bluhm@
|
|
Packets of types ARP and REVARP are now processed in the softnet task,
directly from ether_input() and without holding the KERNEL_LOCK.
Tested by many, ok dlg@
|
|
- yet another tiny step towards MP PF. This time we need to make sure
statekey attached to packet stays around, while accepted packet is
routed through IP stack.
this time I'm also bringing fix contributed by Stefan Kempf. Stefan's fix
makes sure we grab reference in m_dup_pkthdr()
OK bluhm@
|
|
problem noted by yasuoka@
ok yasuoka@ millert@
|
|
when removing a port from a lacp trunk. Part of a larger diff from mpi,
as suggested by mikeb. ok mpi@
|
|
this in turn gives us ifq_is_serialized() and an IFQ_ASSERT_SERIALIZED()
macro.
ok mpi@
|
|
----------------------------------------------------------------------
revision 1.961
date: 2015/12/22 13:33:26; author: sashan; state: Exp; lines: +153 -44;
commitid: oBRhtWcDV0ThviVT;
- yet another tiny step towards MP PF. This time we need to make sure
statekey attached to packet stays around, while accepted packet is
routed through IP stack.
OK mpi@, henning@
----------------------------------------------------------------------
there have been multiple reports of KASSERT(!pf_state_key_isvalid(sk)) being
triggered without much effort, so back this out for now.
|
|
statekey attached to packet stays around, while accepted packet is
routed through IP stack.
OK mpi@, henning@
|
|
Fix inconsistent arguments for pppopen/pppclose/pppstart.
Use passed in argument p in pppopen instead of curproc.
"Looks good to me" deraadt@
|
|
use ``rt_node'' with ART.
|
|
ok mpi@
|
|
This allow us to get rid of one more "rt_node" usage with ART.
ok jmatthew@
|
|
Reported by bluhm@, ok jmatthew@
|
|
ok visa@
|
|
|
|
DES is insecure since brute force attacks are practical due to its
short key length.
This removes support for DES-CBC encryption in ESP and in IKE main
and quick mode from the kernel, isakmpd(8), ipsecctl(8), and iked(8).
ok mikeb@
|
|
|
|
now both the list of work and the flag saying if something is
running the list are protected by a single mutex. it cuts the
number of interlocked ops for an uncontended run of the queue from
5 down to 2.
jmatthew likes it.
|
|
exist and we get another matching one instead.
This bug has been here since the KAME area and recently exposed by a
refactoring at n2k15. The problem is that rtrequest(9) does not check
on which interface the route entry is attached when issuing a RTM_DELETE.
So the kernel would end up deleting the route attached on a different ifp
when in_ifinit() fails.
This fix is currently a workaround, a better fix is in the pipeline.
Reported by Laurence Tratt <laurie AT tratt DOT net>, thanks!
|
|
RTF_CLONED routes attached.
In thise case if_get(9) can return NULL inside rtflushclone1() because
ifdetach() starts by clearing the interface pointer in the index map.
So it is perfectly correct to bail and we're not going to leak any route
entry because we're garbage collecting all of them.
Reported by daniel@ and Aaron Miller <aaron DOT miller04 AT gmail DOT com>
|
|
work is represented by struct task.
the start routine is now wrapped by a task which is serialised by the
infrastructure. if_start_barrier has been renamed to ifq_barrier and
is now implemented as a task that gets serialised with the start
routine.
this also adds an ifq_restart() function. it serialises a call to
ifq_clr_oactive and calls the start routine again. it exists to
avoid a race that kettenis@ identified in between when a start
routine discovers theres no space left on a ring, and when it calls
ifq_set_oactive. if the txeof side of the driver empties the ring
and calls ifq_clr_oactive in between the above calls in start, the
queue will be marked oactive and the stack will never call the start
routine again.
by serialising the ifq_set_oactive call in the start routine and
ifq_clr_oactive calls we avoid that race.
tested on various nics
ok mpi@
|
|
ok mpi@
|
|
ok dlg@
|
|
ok mpi@
|
|
the intention is to make it more clear what belongs to a transmit
queue and what belongs to an interface.
suggested by and ok mpi@
|
|
NULL. inspired by Richard Procter <richard.n.procter@gmail.com>'s mail on
tech from Aug 17, but redone. ok sashan vgross
|
|
ok goda@, yasuoka@
|
|
both af and naf (af-to case) are in the pf_pdesc
some code shuffling to actually set these before calling pf_change_ap/_icmp
inspired by Richard Procter <richard.n.procter@gmail.com>'s mail on tech
from Aug 17, but redone
ok bluhm vgross
|
|
|
|
<net/if_var.h> because some other operating systems have defines in
there.
ok jasper@
|
|
without pipex.enable=1. Also fix tun(4) not to pass the packets to pipex
when pipex.enable=0.
"go for it" dlg
|
|
local one. While we always intended to keep the logging in pf_test_rule
and pf_test so seperate that we don't end up with a wrong reason, this
is just too fragile and I can't even convince myself that it still is
right. pointed out by markus, ok bluhm benno
|
|
|
|
allocator for the 4K heap.
In this configuration a fullfeed BGP server for v4 and v6 consumes
10M more than with the radix tree.
This double the depth of the tree and makes the lookup slower. But
the ratio speed/memory can be adjusted in the future, for now we are
interested in a lock-free route lookup.
Tested by and ok benno@
|
|
ok claudio@
|
|
not when the version is wrong and the pad is non-zero.
OK goda@
|
|
It is now safe to call if_enqueue() without holding the KERNEL_LOCK()
even on an interface part of a bridge(4).
ok dlg@, henning@, kettenis@
|
|
bridge_output() is used by the stack to duplicate a packet coming from a
bridge member to its other ports.
Confusion pointed by Momtchil Momtchev on misc@
ok reyk@
|
|
route entry in ART.
rt_plen() now represents the prefix length of a route entry and should
be used instead.
For now use a "struct sockaddr_in6" to represent the mask when needed,
this should be then replaced by the prefix length and RTA_NETMASK only
used for compatibility with userland.
ok claudio@
|
|
this avoids current recursion to pf_test() function. the change also
switches icmp_error()/icmp6_error() to use ip_send()/ip6_send() so
they are safe for PF.
The idea comes from Markus Friedl. bluhm, mikeb and mpi helped me
a lot to get it into shape.
OK bluhm@, mpi@
|
|
element. Otherwise the kernel paniced with "ipintr no HDR" if the
data passed to pppxwrite() had a certain length.
Bug reported and fix tested by Sevan / Venture37.
Debugged with and OK mikeb@
|
