| Age | Commit message (Collapse) | Author |
|---|
|
rtfree(rt). Without this the sp_protocol on RTM_DELETE is garbage
and rtsocket user that restrict the AF of the socket (like ospfd)
will not see a single one of the RTM_DELETE.
OK henning@, dlg@
|
|
|
|
consistent with the network stack.
ok mcbride@ henning@
|
|
Fix for rev 1.37 commit which would crash when slip(4) is used.
Problem found the hard way by Henri Kemppainen.
|
|
misleading comment that did nothing.
ok henning@ jsing@
|
|
size_t to int truncation
ok claudio
|
|
runtime instead of forcing the user to-recreate the interface with the
changed options. The code now re-configures the interface instead of
returning EBUSY. For example, it is now possible to run "ifconfig
vlan1 vlandev em0; ifconfig vlan1 vlandev em1" in a sequence.
ok claudio@ deraadt@
|
|
from fragment crop. PFFRAG_NOBUFFER and PFFRAG_DROP are never set.
pf_cache_pl and pf_cent_pl have no pool_get.
ok henning@
|
|
common function pf_addr_compare().
ok henning@
|
|
tracked down and diff sent by Robert B Mills <rbmills at sdf.lonestar.org>
thanks, very good work! ok claudio
|
|
for it. This makes the netisr a real C function which will help further
development. No noticable performance change on i386 and amd64.
With input from kettenis@ and miod@ additional OKs mikeb@ and henning@
|
|
All pointers in the struct need to be cleared and reset. So instead of
bcopy the struct and clear some fields start with a clean struct and
assign the values that need to be copied.
Fixes a local vulnerability but only root can issue the problematic ioctl().
Reported by Jean Sigwald, has been in snaps for a while and OK deraadt@
|
|
ok henning@
|
|
platforms.
|
|
m_pullup.
not really a significant change since most rx bufs (which we read pfsync
packets from) are a single contig cluster coming off the network, so we
rarely hit the case m_pullup was called in.
|
|
pass to all the submessage handlers, but only the flags part of it was
ever used. just pass the flags directly instead.
|
|
since theyre only ever called from pfsync_input, which is only called
from ipintr, which is only called by softnet.
|
|
only called from pppx_del_session); lets an amd64 pppx kernel build
(otherwise we hit excessive stack use warnings with -Werror).
if this ends up being called more frequently in future, then dlg
suggests making it static instead. ok claudio@
|
|
ok deraadt henning
|
|
uncommenting it is intentional.
ok deraadt@
|
|
ok from the m guild: mikeb@ miod@ mpf@
|
|
walking. make the function shorter, easier and faster with many addresses
while still being at least as fast as the old one with a common "on real IP"
setup. tested by many, ok claudio sthen dlg krw
|
|
ddb>, ok claudio dlg krw sthen
|
|
the latter is also the dest addr on P2P interfaces) for faster lookups in
the future. walking the linked list of all interfaces in the system to walk
the linked list of addresses on each of them isn't particularily fast,
especially with many interfaces and addresses.
written at n2k10 in australia in january, but had to be backed
out. the offenders have been fixed:
-ipvshit rtsol code calling these functions in interrupt context
(surprised this hasn't caused more havoc)
-various places in the stack added empty ifaddr structs, filling them in later
-sloppy recycling of ifaddrs in some places
finished at j2k10 in japan in september
tested by many, ok sthen krw dlg claudio
|
|
is new or an already existing one. for existing ones, call ifa_del first
tested by many as part of a larger diff, ok claudio dlg krw sthen
|
|
trivial for the moment, more needed soon
tested by many as part of a larger diff, ok sthen claudio dlg krw
|
|
to an interface any more, the kernel crashed with a null pointer
dereference. This situation could be created by a strange sequence
of route and ifconfig commands.
Now when a cloning route references a stale interface address and
rtrequest1(RTM_RESOLVE) has to create a cloned route, it does a
lookup for a valid interface address with the same ip address. The
new interface address and its interface are used for the new cloned
route and they replace the old ones at the cloning route.
ok claudio@, henning@
|
|
no change in .o
ok claudio
|
|
per the 802.1D-2004 spec. With lots of help and guidance (and some
nagging) from claudio. Tested with net/ladvd port on i386 and amd64.
'be a man' claudio@, ok mpf@
|
|
OK blambert, claudio.
|
|
practical value of aligning things to 64-bit and waste more space then
necessary on some architectures. ok deraadt@
|
|
interface is destroyed while in the bridge. Fixed by using
bridge_delete() which includes the missing bstp_delete() call: Less
code and more consistency. Also fix SIOCBRDGDEL to return an error
if an interface can not be found.
OK claudio, markus.
|
|
rejects because of bad encoding. Userland processes trust that the
messages on the rtsock are correctly encoded. Moved some checks up
to do the suser() check as soon as possible.
After discussion with deraadt@, OK deraadt@ and sthen@ (earlier version)
|
|
bstp_input() always consumes the packet so remove the mbuf handling
dance around it.
|
|
fixes a race-based kernel crash under rare circumstances
reported and fix tested by chefren att pi daht net
ok claudio@ henning@
|
|
ok henning
|
|
who decided to just do it on their own. henning, mcbride, jsing -- shame
on you -- if you had shown this diff to just 1 other network developer,
the astounding mistake in it would have been noticed. Start practicing
inclusionary development instead of going alone.
ok claudio
|
|
by mcbride@.
ok mcbride@ henning@
|
|
only get messages that are for the rtable the process is bound to.
Depending on the rtm_type the rdomain or rtable id are used for
comparison. It is possible to change the filter with a setsockopt(s,
AF_ROUTE, ROUTE_TABLEFILTER,...) and if set to RTABLE_ANY the filter
is deactivated. Additionally set the tableid in struct if_msghdr
to the rdomain id and use the process rtableid in the sysctl if no
table was specified.
OK henning@
|
|
|
|
There's not much use for the declassified cipher from the 80's
with a questionable license these days. According to the FIPS
drafts, Skipjack reaches its EOL in December 2010.
The libc portion will be removed after the ports hackathon.
djm and thib agree, no objections from deraadt
Thanks to jsg for digging up FIPS drafts.
|
|
fingerprinting on little endian systems work. People using the osfp
feature need to update /etc/pf.os or -current will be blocked.
OK deraadt@, jsg@, jsing@, millert@, sthen@
|
|
ok dlg
|
|
GRE message. But when npppd send a ack-only GRE message, the message
will be only 12 bytes, so the m_pullup() will fail. call m_pullup()
with proper length.
|
|
sure if all protocols work.
|
|
OK djm@ claudio@ dlg@
|
|
ok claudio@ guenther@
|
|
|
|
|
|
|
