| Age | Commit message (Collapse) | Author |
|---|
|
fixes nat with sticky address and ip address change on pppoe(4) for example;
ok henning@, zinke@; mikeb@
|
|
from the pool (e.g. ifconfig em0 1.2.3.4 -alias)
ok henning@, mikeb@
|
|
ok henning@, zinke@, mikeb@
|
|
|
|
reconfiguration with /etc/netstart silent again. (noticed by deraadt)
And do the same for 'addspan'.
ok deraadt
|
|
on a packet, make bpf_catchpacket take a timeval indicating when the
packet was captured. Move microtime to the calling functions and grab
the timestamp as soon as we know that we're going to call catchpacket
at least once.
From NetBSD, ok deraadt, claudio, sthen
|
|
waiting for memory to become available
obtained from netbsd with tweaks, with input from deraadt and
blambert, ok deraadt, claudio
|
|
spotted by krw@, poked by jmatthew@
|
|
it), so return early if the work has already been done.
ok yasuoka@ jmatthew@
|
|
uninitialized variable. Found by Owain G. Ainsworth, ok guenther
|
|
bridge(4) members that are not configured with stp.
Lots of debug help (and actual find) sthen@
OK sthen@, mpf@
|
|
ok guenther millert kettenis
|
|
no binary changes on i386.
|
|
and make raw_usrreq do an splsoftnet on its own;
joint work with david hill, ok claudio
|
|
readonly mbufs) but use M_PROTO1 and M_LINK0 instead; ok mikeb@
|
|
looks fine reyk@ ok mikeb@
|
|
the pf_map_addr. doing otherwise leads to the stack corruption.
bug was reported and fix tested by arjan schrijver, thanks!
ok jsing, henning, florian who has also found the same bug in
pf_route and pf_route6 functions.
|
|
in sys/mbuf.h
ok claudio
|
|
a gruesome union, to block the compiler from placing the struct
incorrectly aligned on stack frames
ok guenther
|
|
fix kernel builds without bpfilter.
OK sthen@ mikeb@ deraadt@ henning@
|
|
|
|
-assume we have hardware checksum offloading. stop mucking with the
checksum in most of the stack
-stop checksum mucking in pf, just set a "needs checksumming" flag if needed
-in all output pathes, very late, if we figure out the outbound interface
doesn't have hw cksum offloading, do the cksum in software. this especially
makes the bridge path behave like a regular output path
-little special casing for bridge still required until the broadcast path
loses its disgusting shortcut hacks, but at least it's in one place now
and not all over the stack
in6_proto_cksum_out mostly written by krw@
started at k2k11 in iceland more than 1.5 years ago - yes it took that
long, this stuff is everything but easy.
this happens to fix the infamous pf rdr bug that made us turn off proto
cksum offloading on almost all interface drivers.
ok camield sthen claudio, testing by many, thanks!
|
|
runtime while time_uptime is monotonic. Prevent underflows in
pfsync(4) and pflow(4) by using signed variables. pfsync(4) problem
pointed out by camield.
Diff originally by dlg, frag and pflow bits by me.
feedback dlg
man page tweak jmc
Various versions of the pflow bits tested by Hrvoje Popovski
(hrvoje AT srce DOT hr), thanks!
ok benno, henning, dlg
|
|
Since the ifp is not detached in the SIOCSIFRDOMAIN case remove the
clear there. With and OK deraadt@
|
|
which packets (as in direction) of the traffic will be diverted
through the divert socket.
ok claudio@, henning@
|
|
Resurrect the rather silly "unplug my network device while I am
doing nfs diskless revarp" safety code which was disabled due to
a missing "ether.h" include, found by jsg
ok jsg
|
|
return anything but 0 anyways
From: "Michael W. Bombardieri" <mb at ii dot net>, ok camield
|
|
the syncdev gets set. this also makes sure we no longer leak hooks on
repeatet 'ifconfig syncdev' invocations.
ok mikeb@
|
|
is really needed, instead of an ethernet header and selector.
ok mikeb henning mpf
|
|
followed by ifconfig destroy; ok mikeb
|
|
include sys/mbuf.h in net/pfvar.h.
Flagged by and ok guenther@
|
|
|
|
routecache is full and the admin is making it smaller. It then does a
lame attempt at shrinking the routecache, something that a flush or flushall
can do better.
ok henning beck
|
|
of to the bridge itself. This is ok, since an interface can only be part
of one bridge, and the parent bridge is easy to find from the bridgeport.
This way we can get rid of a lot of list walks, improving performance
and shortening the code.
ok henning stsp sthen reyk
|
|
|
|
that can be filled. OK dlg@, mikeb@
|
|
|
|
are cleared as well; from hshoexer@, feedback and ok bluhm@, ok claudio@
|
|
ok claudio@
|
|
it's cancelling the bulk update and can leave the machine in a
demoted state.
bug was noticed by benno, who was kind enough to verify that the
fix is working fine. ok mpf, benno
|
|
Even though this violates IEEE 802.1D, we'd rather avoid bridging loops
by not getting in the way of STP.
OK henning, camield, reyk
|
|
with the latter
no change in md5 checksum of generated files
ok claudio@ henning@
|
|
when dealing with lots of IP fragments.
This sets the default to 25% of the mbuf cluster maximum (hint
from beck). And the example in the manpage is sane now.
ok mikeb henning beck deraadt
|
|
ok deraadt@ miod@
|
|
no functional changes.
|
|
to a radix_node struct.
The radix tree pushdown continues.
ok claudio@
|
|
to replace the list of them.
this actually makes vlan inherit the IPv6 CSUM flags from it's parent, that
had been commented out since this code was committed back in 2001.
ok benno mpf
|
|
ok camield mpf
|
|
returns radix_node pointers, inside a new rt_mpath_next, which accepts
and returns rtentry pointers, and start using that instead.
ok claudio@
|
|
"not set" and used a PF_PRIO_NOTSET define for it. now that means that
everything that creates a struct pf_rule doesn't get away with bzero'ing it,
which turned out to be not so nice. so get rid of PF_PRIO_NOTSET, instead,
make a rule+state flag PFSTATE_SETPRIO which indicates wether the prio
should be set. ok benno claudio mikeb
|
