Age | Commit message (Collapse) | Author |
|
ok deraadt@
|
|
__STRICT_ALIGNMENT instead.
Help pedro@ deraadt@, ok deraadt@
|
|
- Introduces a rw_lock in pfioctl so that we can have concurrent readers
but only one process performing updates at a time;
- Separates state expiry into "unlink" and "free" parts; anyone can unlink
a state/src node from the RB trees at any time, but a state can only be
freed whilst the write lock is held;
- Converts state_updates into list state_list containing all states,
regardless of whether they are "linked" or "unlinked";
- Introduces a new PFTM_UNLINKED state that is used on the "unlinked" states
to signal that they can be freed;
- Converts pf_purge_expired_state to an "unlink" state routine, which only
unlinks the state from the RB trees. Freeing the state/src nodes is left
to the purge thread, which runs whilst holding a write lock, such that all
"next" references remain valid;
- Converts pfsync_bulk_update and DIOCGETSTATES to walk state_list rather
than the RB trees;
- Converts the purge thread to use the new state_list and perform a partial
purge every second, with the target rate a full state table walk every
PFTM_INTERVAL seconds.
seen by mcbride, henning, dhartmei pre-3.8, but too intrusive for then
|
|
ok brad@
|
|
ok reyk@
|
|
- add multicast support by passing multicast addresses to the ports.
this is a requirement for carp(4) over trunk(4).
- support the smallest common interface capabilities. ie., this adds
support for VLAN MTUs if all attached ports have this capability.
- add a port_destroy callback to the trunk protocol. this fixes a
potential crash if the master port has been detached while running.
discussed with deraadt@, brad@ and some others.
|
|
from Boris Polevoy <vapcom at mail dot ru>, ok mcbride@
|
|
(similar to proxy ports for tcp/udp). not all clients use per-invokation
random ids, this allows multiple concurrent connections from such clients.
thanks for testing to Rod Whitworth, "looks ok" markus@
|
|
reported by Boris Polevoy, tested by Jean Debogue, ok henning@
|
|
pf_state buffers on the stack.
ok henning mcbride
|
|
to search for a particular entry in the RB trees are at the start of the
structure.
This permits us to place a much smaller structure on the stack in the
interrupt paths that match packets against state entries.
ok mcbride
|
|
want to map the remaining bits to something else later on.
|
|
ok henning mcbride, looks good frantzen
|
|
from Stephen Marley; ok deraadt@
|
|
a kill message for a state that was generated on another firewall.
|
|
Different fix tested by the submitter, xiangbo3 at gmail com.
ok claudio@
|
|
DIOCGETSTATE.
ok dhartmei mcbride
|
|
ok ho@
|
|
"established" state. Requires recompiling pfctl, etc.
ok dhartmei@
|
|
|
|
This makes it possible to distinguish between E1 G.704 mode with and without
CRC4 checksum. Also add an operating mode IFM_TDM_MASTER to specify that
the card has to provide the clock source for the line.
OK deraadt@ canacar@
|
|
have purged all states in the case when an interface name was specified.
pf_purge_expired_states should decrease the count as appropriate.
ok dhartmei
|
|
|
|
to that in rev 1.40 for interface groups.
ok henning
|
|
|
|
inlined), ok art@
|
|
but statics are dangerous in case of concurrency. ok deraadt@
|
|
making pppoe(4) work on sparc64. Fixes PR-4311
Reported and fix tested by David Coppa < dcoppa at gmail com >
|
|
they timeout. Any other hosts that have also learnt these states will already
know that they are due to time out.
ok henning
|
|
Instead of purging immediately, let the state be purged at the purge interval.
ok henning
|
|
|
|
|
|
"validating" it, pass the bits to be ignored down to the validating
function in its allowedflags argument. Saves a 1kB+ stack allocation.
ok henning@
|
|
|
|
Use a static buffer for another large variable, pending further analysis.
prodded deraadt
|
|
it out of a timeout handler.
This means we will have process context, required when using the oldnointr
pool allocator.
Addresses pr4186, pr4273.
ok dhartmei@ henning@ tedu@
|
|
|
|
to bpf with either an address family or other header added.
These helpers only allocate a much smaller struct m_hdr on the stack when
needed, rather than leaving 256 byte struct mbufs on the stack in deep
call paths. Also removes a fair bit of duplicated code.
commit now, tune after deraadt@
|
|
than a pointer to struct ifnet containing it.
Saves a 448 byte stack allocation in ip_forward which previously faked up
a struct ifnet just for this purpose.
idea ok deraadt millert
|
|
instead of allocating it as a temp var in six mutually exclusive code paths.
Saves 784 bytes of kernel stack (on i386).
|
|
when there are multiple matches for the requested media, select the
first matching instance rather than the last one.
From chs NetBSD
|
|
|
|
packets with invalid uh_len; ok dhartmei
|
|
notice that this kif is not referenced and not attached to an interface
or a group and actually deletes it. plugs a memleak, PR 4267 is caused by
this.
|
|
reworked to not strip vlan tags in hardware anymore.
ok brad henning jason
|
|
ok markus jason henning brad
|
|
|
|
|
|
|
|
From itojun NetBSD
- Fix signed/unsigned comparison warnings.
- Make ifm_data unsigned.
- Make media and mask unsigned.
From thorpej NetBSD
ok deraadt@
|