| Age | Commit message (Collapse) | Author |
|---|
|
set up pfkey promiscuous mode.
Diff from Nathanael <list-openbsd-tech at polymorpheus dot com>
|
|
only bar under foo, not /bar as well.
secondly, when using "load anchor from" from a sub-anchor, the loading
point should be relative to the sub-anchor doing the load (unless absolute
paths are used, of course).
from Boris Polevoy. probably a -stable candidate.
|
|
pointer and a panic later on. Be more careful Claudio! OK henning@
|
|
cases harmless it is used by the IPv6 code. The result is that bgpd is unable
to assigning link local addresses to the correct interface. OK henning@
Fix for PR 5063.
|
|
altered chain. The cached tag may have already been freed via m_cat.
|
|
device. previously this was only done at config time, so vlan if's baudrate
could easily get out of sync with parent's. ok camield brad
|
|
instead of kvm access. OK henning@
|
|
This new rmx_refcnt can be used by route(8) to produce the same output
as netstat(1). OK henning@
|
|
|
|
outbound), using a new BIOCSDIRFILT ioctl;
guidance, feedback and ok canacar@
|
|
fbsd PR 93849 from Max Laier, ok claudio@
|
|
directly. rather provide a rt_lookup function for regular lookups,
and a rt_gettable for those that need access to the head for some reason.
the latter cases should be revisted later probably so that nothing outside
the routing core code accesses the heads at all...
tested claudio jolan me, ok claudio markus
|
|
interface that is removed. use that from if.c and if_tun.c instead of
re-implementing in the latter case. ok claudio
|
|
mbuf clusters if the packet is big enough. This should speed up tun(4) and
may help in other cases where long mbuf chains hurt.
Additionally switch the default tun(4) MTU to a more sane 1500 bytes.
TUNMTU is kept because it is used in userland.
Input and OK from brad@ and djm@
|
|
which optionally verifies that a packet is received on the interface
that holds the route back to the packet's source address. This makes
it an automatic ingress filter, but only when routing is fully
symmetric.
bugfix feedback claudio@; ok claudio@ and dhartmei@
|
|
|
|
ok miod@
|
|
|
|
|
|
From: Onno Molenkamp via Andrew Thompson <thompsa at freebsd dot org>
ok jason@
|
|
a 200+ lines diff, but no binary change.
|
|
code. no binary change.
|
|
as the previous changes from a train ride to frankfurt a bit over a week ago
|
|
change every time a line is added or removed. no functional change.
|
|
|
|
type of IFF_TUNNEL (Encapsulation interface).
ok djm@
|
|
the remainder of the network stack from splimp to splnet.
ok miod@
|
|
validation; from NetBSD; ok deraadt@
|
|
a packet format causes some troubles on 64bit archs. This fixes a sppp(4)
panic I got on alpha and makes cisco HDLC mode actually work. More cleanup
needs to be done post 3.9. OK brad@ looks good canacar@
|
|
request. Extend the "hack" to include more flags (RTF_PROTO[123] flags,
RTF_BLACKHOLE, RTF_REJECT and RTF_STATIC). Because rtm_use is "abused" --
rtm_use was replaced long time ago with rtm_rmx->rmx_pksent -- it is now
forced to 0 in RTM_GET requests and sysctl_dumpentry(). This is done to
prevent false changes because of a reused RTM_GET message.
OK henning@, mcbride@, makes sense markus@
|
|
"Please commit this diff ASAP" brad@
|
|
|
|
fixes a possible crash if the parent interface has been destroyed
(like vlan on trunk) before destroying the vlan interface.
ok brad@
|
|
ok frantzen@
|
|
|
|
bgpd and ospfd use this information to track the availability of a route.
Discussed with dlg@, OK henning@
|
|
show a correct expire time in route(8). OK and idea mpf@ looks good henning@
|
|
ok dhartmei@ and beck@. help + testing from kpfaff AT palloys.com.pl
|
|
pass to (ifgroup)
style notation.
instead of walking the list of associated dynaddrs with a pf-abstracted
interface which might not be present when there is no reference
to them in the rulset, and checking their pointer back to the interface
for group memberships, walk the groups an interface is member of
directly. even makes the code easier.
tests & ok bob ryan markus + tested moritz
|
|
|
|
but not 'fragment reassemble'), which can cause some fragments to get
inserted into the cache twice, thereby violating an invariant, and panic-
ing the system subsequently. ok deraadt@
|
|
m->m_data directly. This fixes the tun(4) / bridge(4) crash reported in
PR4963. OK djm@ mpf@ markus@
|
|
read-only operation (looking up one state entry), so allow it when /dev/pf
is opened read-only (allows squid to work read-only). from Andrey Matveev.
|
|
computations of change rates. unfortunately, I don't remember who suggested
this.
|
|
ok claudio@ brad@
|
|
into them, if you are gonna copy it out to userland
some ok dhartmei, some ok tedu
|
|
|
|
copy of the packet with bpf.
From mcbride@
some testing by todd@, ok reyk@
|
|
ok brad@
|
|
to the driver that there is a listener. Somehow I assumed that it was
a handle, and was trying to figure out why it was becoming zero.
Corrected by and ok claudio@
|
