| Age | Commit message (Collapse) | Author |
|---|
|
EVL_PRIOFTAG macro.
ok naddy@
|
|
OK claudio@ laurent@
|
|
before the protocol start routine is called so as to cover all protocols
with the same check.
ok mpf@
|
|
MPLS TTL is mapped into network layer one as the packet exits the LSP.
Just IPv4 support for now.
Added the relevant sysctls to enable this behaviour.
Input and OK claudio@
|
|
|
|
We could re-embed the scope-id before we do the route lookup,
but then we would just find the very interface we've received
the packet on anyway.
OK markus@, claudio@, henning@
|
|
OK: claudio@ henning@
|
|
|
|
active rather than just the primary being UP.
From FreeBSD
Ok mpf@
|
|
TRUNK_MAX_PORTS so nuke the test.
From FreeBSD
Ok mpf@
|
|
From FreeBSD
Ok mpf@
|
|
actually active in failover mode rather than all interfaces with a
link. This makes it clear if the master interface is in use or one
of the backup links.
From FreeBSD
Tested by jmc@
Ok mpf@
|
|
Strictly similar to mpls_input().
Input and OK claudio@, OK laurent@
|
|
pointer to get at the interface name by pointing to the correct struct.
|
|
ok dlg
|
|
#if INET6 => #ifdef INET6
|
|
ok canacar@ henning@
|
|
OK claudio@
|
|
tag in the header. Convert TX tagging in the drivers.
Help and ok brad@
|
|
where the tag is stored in the mbuf header.
* Make bridge(4) handle interfaces with and without hardware tag
support and forward packets inbetween.
Help and ok claudio@
|
|
promiscuous mode itself. Closes PR 5012. With claudio@.
ok claudio@, henning@
|
|
interfaces attached to different networks can use the same session id.
reported by gm_sjo <saqmaster at gmail dot com>
|
|
This should take care of the simpler ones (i.e., timeout values of
integer multiples of hz).
ok krw@, art@
|
|
Added mpe_input6 to manage also ipv6 packets insted of just ipv4 ones.
OK claudio@ laurent@
|
|
OK reyk@
|
|
there, fix some typos, and pass M_CANFAIL to all malloc() calls which use
M_WAITOK but are tested for failure.
test&ok brad@
|
|
|
|
using the default interrupt handler for both, so there's no need to keep
table entries created in interrupt context separate.
ok henning art
|
|
Move calling ether_ioctl() from the top of the ioctl function, which
at the moment does absolutely nothing, to the default switch case.
Thus allowing drivers to define their own ioctl handlers and then
falling back on ether_ioctl(). The only functional change this results
in at the moment is having all Ethernet drivers returning the proper
errno of ENOTTY instead of EINVAL/ENXIO when encountering unknown
ioctl's.
Shrinks the i386 kernels by..
RAMDISK - 1024 bytes
RAMDISKB - 1120 bytes
RAMDISKC - 832 bytes
Tested by martin@/jsing@/todd@/brad@
Build tested on almost all archs by todd@/brad@
ok jsing@
|
|
reply-to, the sticky-address in the source tracking pool is overwritten
with the reply-to address, resulting in new connections being incorrectly
redirected to the reply-to host (instead of the sticky-address host).
Prevent this by passing a NULL source node reference to pf_map_addr() when
looking up the reply-to host, thus preventing the NAT source node from
being overwritten.
ok mcbride@ henning@
|
|
ok claudio
|
|
ok claudio@
|
|
encapsulation. Decapitalise the 'v' in ICMPv6 whilst here.
ok henning@
|
|
It applies to state_flags, not to sync_flags.
OK henning@, gollo@
|
|
leading to a kernel crash reported in PR5930
OK claudio@ henning@
|
|
ok henning@
|
|
fix potential use of uninitialized value in trunk_port_ioctl() function.
Found by LLVM/Clang Static Analyzer.
ok mpf@ henning@
|
|
ok cluadio@ henning@
|
|
ok henning@ claudio@
|
|
|
|
Really just the low-hanging fruit of (hopefully) forthcoming timeout
conversions.
ok art@, krw@
|
|
before release are fixed, and the extra check i added prevents incorrect
linking if there are still cases with tunnels, tho none of the testers
saw these yet, except for an icmp case that will be fixed shortly. the
extra check prevents misbehavior there.
if you see 'pf: state key linking mismatch' messages please report them to
me along with ifconfig -A and mention if you do any routing or nat tricks.
ok deraadt
|
|
flows export data gathered from pf states.
initial implementation by Joerg Goltermann <jg@osn.de>, guidance and many
changes by me. 'put it in' theo
|
|
exact reverse of each other. if there is a mismatch don't erstablish the
link and print enough so that we should be able to find the culprit.
|
|
Found by LLVM/Clang Static Analyzer.
ok henning@ mpf@
|
|
|
|
ok canacar@
|
|
ok brad@
|
|
Malicious PPPoE discovery packets could cause the kernel to
crash.
From canacar@ and inspired by the original fix from NetBSD.
ok canacar@
|
|
pf_pkt_addr_changed. atm just clears the state key pointer.
calling this is cleaner than having other parts of the stack clearing
pointers in the pf part of the mbuf packet header directly.
|
