| Age | Commit message (Collapse) | Author |
|---|
|
From FreeBSD
ok claudio@ dlg@
|
|
Using a group sums up the statistics of all members.
Modify pfctl(1) slightly to allow a groupname "all",
which gives us an overall pf(4) statistic.
OK henning@, markus@
|
|
more than one protocol. From FreeBSD, reported and tested by jmc@
|
|
ok claudio@ dlg@
|
|
field.
ok claudio@ dlg@
|
|
one entry for each multicast group and interface combination). this allows
you to run OSPF with more than 10 interfaces.
adapted from freebsd; ok claudio, henning, mpf
|
|
arrives; ok dhartmei, henning, feedback aaron
|
|
return a 64-bit int for ifmedia_baudrate().
- Fix consumers of ifmedia_baudrate() to deal with the change.
ok claudio@ dlg@
|
|
net/if_enc.h instead.
ok todd@ and probably claudio who's in the train.
|
|
|
|
-remove useless casts
-MALLOC/FREE -> malloc/free
-use M_ZERO where appropriate instead of seperate bzero
feedback & ok krw, hshoexer
|
|
ok krw@
|
|
unbreaks RTM_GET. Problem reported by fkr@
|
|
By doing so we ensure that all the memory is initialised and we no longer
have to ensure that none of the structure elements is forgotten in
sysctl_iflist() and sysctl_dumpentry().
This solves the route flush issues seen by aanriot@
OK henning@
|
|
if.c.
|
|
been cached in pd->p_len.
ok henning@ markus@
|
|
to access uninitialised memory.
Set dst to 0 on error, the error path tries to access dst but dst is inited
later down the code. This fixes a kernel panic seen by aanriot@
OK henning@
|
|
|
|
|
|
will show input errors for packets received from any of the ports that
are part of a fail over interface but are not the "master" port at the
time. This fixes the problem by checking the error condition
correctly.
From brad at comstyle dot com
|
|
ok claudio@
|
|
Changes include 64bit counters instead of u_long, routing table id in the header
of most messages, reserved routing priority field, added a hdrlen field to skip
over the header so that binary compatibility becomes easier.
A minimal backward support for old binaries is included to ease upgrades but
don't expect anything more than ifconfig, route and dhclient to correctly work.
OK henning@ mglocker@
|
|
'badstate' everywhere.
ok henning@
|
|
MGET* macros were changed to function calls, there wasn't any
need for the pool declarations and the inclusion of pool.h
From: tbert <bret.lambert@gmail.com>
|
|
version for i386
more architectures and ctob() replacement is being worked on
prodded by and ok miod
|
|
ok henning@
|
|
there is a 1:1 mapping between direction and the tree the states get
attached to. there is no need to have anything outside the state insertion/
deletion/lookup routinbes know about these internals. so just pass the
direction to the lookup functions and let them pick the right tree.
ok dhartmei markus
|
|
|
|
criteria. ok mcbride@
|
|
if (r != NULL && r->rtableid >= 0)
- m->m_pkthdr.pf.rtableid = m->m_pkthdr.pf.rtableid;
+ m->m_pkthdr.pf.rtableid = r->rtableid;
fortunately it is in pf_send_tcp and thus the effect is very limited, RSTs
sent due to "block return(-rst)" could be routed using the main routing
table instead of an alternate one specified on the block rule.
spotted by Janjaap van Velthooven <janjaap@stack.nl>
|
|
revert back to m_pullup2. Reported and tested by Enache Adrian
additional testing by naddy@ and claudio@
ok claudio@, deraadt@
|
|
messages, add 'dir=' part to 'loose state' message, ok henning@, markus@
|
|
header are required in the ICMP error). ok deraadt@, henning@
|
|
The earlier change was broken in sparc due to alignment problems.
reported and tested by nady@, ok deraadt@ claudio@
|
|
This is a bandaid solution, a better solution will go
in post 4.2. Reported and tested by Joerg Zinke.
ok claudio@, deraadt@
|
|
When sending a protocol reject. Prevents reading
past the mbuf in case the mbuf does not cover the
whole packet. ok claudio@, henning@
|
|
ok miod@ jmc@
|
|
needs to be allowed to export that information too. Thus, adjust
sadb_exts_allowed_out[] accordingly.
This fixes isakmpd not being able to get the in-kernel last-used-counters
of SAs, which are needed for DPD.
ok ho@
|
|
bug in the code, but as soon as I try to fix it, it seems to trigger
some other bugs. Instead of trying to figure out what's going on
while everyone suffers, it's better to back out and figure out
the bugs outside the tree.
|
|
replace a dead link while i'm here.
ok canacar@ reyk@
|
|
OK markus@, mcbride@, "sounds reasonable" henning@
|
|
|
|
table/state tail queue design. corrects ftp-proxy errors "server lookup
failed (no rdr?)" okay henning@
|
|
Makes bluetooth build again. ok uwe@
|
|
before it is removed from the multicast group in_delmulti() will try to
access the no longer available ifp.
We invalidate the ifa_ifp back pointer in the ifa in if_detach() now and use
the ifa_ifp in in_delmulti() instead of the internal inm_ifp. By doing it
this way we know if the interface was removed.
This fixes a kernel panic triggered by ospfd and gif(4) tunnels.
looks good henning@ reyk@
|
|
Fixes ICMP packet payload corruption on rdr.
OK henning@, markus@
|
|
the end of the array of rule pointers when attaching a pfsync'd state
to a rule. Reported in PR5508 by mayer@netlab.nec.de.
ok henning@
|
|
rx rings any more. forwarding boxes with many fast interfaces can still use
some more, but this is a saner default.
ok deraadt markus henric
|
|
keys that can map to multiple states (last not least for ifbound) we don't
need state tables hanging off each struct kif representing an interface
any more. use two globals for the two tables. ok markus ryan
|
|
unused ifname (this information is in struct pf_state_sync now).
Also a bit of KNF on the pf_state struct.
ok mpf@ henning@
|
