| Age | Commit message (Collapse) | Author |
|---|
|
OK derradt@ tedu@
|
|
ok deraadt, ok markus some time ago
|
|
|
|
Kyunghwan KIM (prs 2117 and 2118) and Fredrik Widlund. ok deraadt
|
|
|
|
Use getmicrouptime() instead. Found by grange@ and henning@.
OK henning@
|
|
1. better timeout and keepalive handling
2. fix some memory leaks on error paths.
3. use arc4random instead of random
4. always send keepalives in cHDLC mode, from claudio@
Tested by Greg Mortensen (san) and jmc@ (pppoe), ok claudio@
|
|
is called. Makes two sppp instances to handshake against each other.
Tested by Greg Mortensen, ok claudio@
|
|
|
|
|
|
(not just to the initial packet). note: kernel/userland abi change
(rebuild pfctl). ok henning@
|
|
ok henning@, deraadt@
|
|
ok henning@ dhartmei@ claudio@
|
|
some problem setting the media to the requested value (usually IFM_AUTO),
we now force the media selection to IFM_NONE.
From NetBSD
|
|
Avoid DoS attack by setting ifm->ifm_media to a high number and running the
kernel out of memory.
From NetBSD
Fixes panic mentioned in PR 4088.
ok krw@ mcbride@ dhartmei@
|
|
purged errneously. mpf@ ok
|
|
on the routing socket and notifying carp() of link changes.
ok brad@ mpf@
|
|
'memory' one, which helps debugging. Alters the kernel/userland ABI,
rebuild pfctl and tcpdump. ok henning@
|
|
replacement address for an rdr rule. Some rdr rules have no address family
(when the replacement is a table and no other criterion implies one AF).
In this case, pf would fail to select a replacement address and drop the
packet due to translation failure. Found by Gustavo A. Baratto.
ok mcbride@, henning@, markus@
|
|
ok mpf@
|
|
in kernel code to match. Brings pfsync in line with carp, vlan and pppoe
devices. Old syncif and -syncif options still work, will be removed later.
ok markus@
|
|
Advertisements run through the carp interface first.
So we just take the address from ifp0.
While we're there,
also remove carp_macmatch6, which isn't used anymore.
Proposed by mcbride@
ok mcbride@, pascoe@
|
|
interface address -- and not the last one -- some alias. Also handle point to
point networks a bit more special.
With some input from markus@ OK markus@ henning@ fgsch@
|
|
The code is adopted from the FreeBSD netgraph-based Bluetooth
implementation by Maksim Yevmenkin <m_evmenkin@yahoo.com> but
all netgraph glue was replaced with usual BSD network stack
hooks. This is a work in progress. Only HCI layer works for now,
L2CAP and RFCOMM are on the way.
Help in testing from many, ok markus@.
|
|
the old ifgroups haven't been in use ever really, and the new
implementation is 3 months old today. theo ok (3 months ago)
|
|
ok ho@ markus@
|
|
Reported long time ago by Marc Huber and more recently by Steffen Schutz.
|
|
from pf's perspective.
ok pascoe@ dhartmei@ henning@
|
|
ok canacar@, fgsch@, tested by some other people
|
|
- instead of erroring on an attempt to set hostid to 0, just set it
with arc4random()
ok henning@ dhartmei@
|
|
and userland.
ok henning@ dhartmei@
|
|
ok deraadt@, henning@, krw@
|
|
ok mickey@ henning@, "looks good" markus@ jason@
|
|
packet filtering should occur (like loopback, for instance).
Code from Max Laier, with minor improvements based on feedback from
deraadt@. ok mcbride@, henning@
|
|
list than physical interfaces. This makes ifa_ifwith* prefer a physical
interface over a CARP one.
This addresses the problem where a CARP interface in BACKUP state is
selected after a route change, resulting in a loss of communications
despite there being another interface available which is perfectly usable.
ok mcbride@ mpf@
|
|
ok pascoe@ mpf@
|
|
checking for a usable key, construct the key in the same way. Otherwise,
a colliding key might be missed or a state insertion might be refused even
though it could be inserted. The second case triggers the endless loop
fixed by 1.474, possibly allowing a NATed LAN client to lock up the kernel.
Report and test data by Srebrenko Sehic.
|
|
consistent style in sys/net/bpf.c.
ok henning@, "looks fine" canacar@
|
|
matching in the bridge receive path to make CARP operate correctly
on physical interfaces that are participating in a bridge.
ok mcbride@ henning@ dlg@
|
|
ok pascoe@
|
|
|
|
prevents a possible endless loop in pf_get_sport() with 'static-port'
Reported by adm at celeritystorm dot com in FreeBSD PR74930, debugging
by dhartmei@
ok dhartmei@
|
|
from Max Laier.
|
|
more than a second old.
ok mcbride@ henning@
|
|
|
|
|
|
|
|
Proposed by mcbride.
ok henning@, mcbride@
|
|
|
|
pass in from route dtag keep state queue reallyslow
tested by Gabriel Kihlman <gk@stacken.kth.se> and
Michael Knudsen <e@molioner.dk> and ryan
ok ryan
|
