| Age | Commit message (Collapse) | Author |
|---|
|
ok benno@ mpi@
|
|
ok denis@
|
|
|
|
ok phessler@
|
|
where it belongs. Problem spotted by by remi@
ok sthen@ claudio@ krw@
|
|
ok tb@, sthen@
|
|
OK jca@ mpi@
|
|
While here document which field of the PCB is protected by which lock.
ok visa@
|
|
ok claudio@
|
|
ok tb@, visa@
|
|
Prevent a panic now that some syscall are running unlocked.
Found the hardway by Gregor Best.
|
|
inputs & ok visa@
|
|
Routing domain must always have an existing lo(4).
Problem reported and fix tested by multiplexd at gmx.com.
|
|
- MSS and WSCALE option candidates must now meet their min type length.
- 'max-mss' is now more tolerant of malformed option lists.
These changes were immaterial to the live traffic I've examined.
OK sashan@ mpi@
|
|
pppx_ifs earlier not to overlap the protected section for ifnet. Also
introduce pxi_ready flag to protect pxi not to be used before
initialization.
ok bluhm
|
|
ok claudio@
|
|
ok visa@, tb@
|
|
ok tb@
|
|
ok visa@, tb@
|
|
locking.
ok visa@, bluhm@
|
|
of calling sofree(), when its PCB is detached.
This is different from TCP which does not always detach `inpcb's from
sockets. In the pfkey & routing case caling sofree() there is a noop
whereas for TCP it's needed to free closed connections.
Having fewer sofree() makes it easier to understand the code and move
the locks down.
ok visa@
|
|
pf_state_insert(), so the state key has not been set. When inlining,
the compiler recognized the NULL pointer dereference in
s->key[PF_SK_STACK]->proto and optimized it away. But if pf.c was
compiled with -fno-inline, the system crashed during boot. Add a
NULL check in pf_set_protostate() to handle the situation when the
function is called.
OK sashan@ henning@
|
|
goto unlock when leaving this block.
OK sashan@ henning@
|
|
previously the ioctl code checked that prio was an int less than
UCHAR_MAX, but the rest of the kernel (and priq code in particular)
expects it to be between 0 and 7 inclusive.
ok krw@ tb@
|
|
From Jan Klemkow, ok mpi@ tb@, ok/bugfix bluhm@
|
|
it is sort of like egre(4), but different enough to warrant separate
handling. more specifically, eoip sits under gre 1, not 0, and has
it's own protocol id (0x6400). the gre key field is mandantory (the
rest cannot be set) which is split into a 16 bit length field and
a 16 bit tunnel id. lastly, it has a keepalive mechanism where peers
send 0 length packets as hellos to each other periodically, which
has no equivalent in egre(4) and is different to the gre(4) keepalives.
ok sthen@
|
|
or kernel lock when accessing a socket. For pf key sockets it is
kernel lock, so add its protection in pfkey_sendup(). Fixes a
kernel lock assertion panic reported by Peter J. Philipp.
OK mpi@ visa@
|
|
&if_clone list and the if_cloners_count are currently protected by the
KERNEL_LOCK(). Introduce the ifclonerslk rwlock to serialize access to
these two globals as a small step towards removing the KERNEL_LOCK() from
the ioctl path. While there, separate the two codepaths in if_clone_list()
more clearly and replace a ternary operator with MIN().
guidance & ok mpi, ok visa
|
|
OK mikeb@
|
|
ok mpi
|
|
The tty layer still relies on it to serialize access to its data.
Fixes crashes reported & tested by form@ via mikeb@.
ok mikeb@
|
|
grab the KERNEL_LOCK() when delivering messages.
This is the same solution already used by routing sockets.
ok claudio@, visa@
|
|
Update ifconfig to display LACP State (Actor and Partner) on
each trunk port
Ok benno@, phessler@, and tb@
|
|
to the network. This is necessary for locally generated icmp packets
that would be dropped otherwise. Refine this check to modify only
the source address of packets that go to the external network. This
allows route-to tricks on loopback interface.
OK sashan@
|
|
socket receive buffer.
It is modelled after pfkey_sendup() as both will need the same MP
treatment.
ok tb@, bluhm@, visa@
|
|
this gets rid of the source annotation which doesn't really add
anything other than adding complexitiy. randomess is generally
good enough that the few extra bits that the source type would
add are not worth it.
ok mikeb@ deraadt@
|
|
|
|
might be shutting the session down
|
|
|
|
noticed by clang
|
|
|
|
Puts us in line with Free/NetBSD and Linux and will get us rid of
pointless patches in the ports tree. ok guenther@ deraadt@
|
|
the rule created in pf_rule_copyin(). Plugs a potential kif memory
leak in pf(4) ioctl.
OK sashan@
|
|
|
|
For the PRU_CONTROL bit the NET_LOCK surrounds in[6]_control() and
on the ENOTSUPP case we guard the driver if_ioctl functions.
OK mpi@
|
|
Input bluhm
OK benno, kn, claudio
|
|
this is the same check that's done when adding normal members to
the bridge. it prevents things like gif(4) being added to the bridge,
which in turn prevents panics when shoving ethernet packets down a
layer 3 interface.
reported and tested by jasper@
|
|
pointer in the IP protocol loop. Reset the loop's mbuf when the
mbuf is freed. The latter is not necessary, but clearing a pointer
to freed data is safer.
OK dlg@
|
|
No objections from henning, OK visa
|
|
found by and diff from peter j philip
ok jca@
|
