| Age | Commit message (Collapse) | Author |
|---|
|
with the same prefix, neighbor discovery did not work. When comparing
two carp interfaces in in6_ifpprefix(), assume they share the prefix
if they have the same parent.
sure deraadt@
|
|
adding a descriptor pointing at zeroed bytes onto the end of transmit
chains. i was accounting for this extra descriptor when i was
completing the chain, but not when i was setting this up. this
meant the number of free descriptors kept growing until it overflowed.
at this point the check for space in the ring failed and packets
no longer flowed.
this counts the pad descriptor in the tx chain setup too.
ok deraadt@
|
|
|
|
|
|
|
|
|
|
Verify that the address in the in6_pktinfo structure included
in the control message is unicast and configured on the local
host. Additional checks prevent from using non-routable
addresses and inactive interfaces.
Embed the scope identifier into the link local addresses as
required by the stack. Do not force users to provide valid
interface index in the ipi6_ifindex but look it up in place
if needed.
ok bluhm, waived by deraadt for the release.
|
|
|
|
The old code left an interrupt enabled at that level, making spl-protection
non functional.
Remove __packed from struct hppa_iv. Instead re-order the members to pack
things efficient on a 64-bit host. Remove explicit padding.
|
|
the route to be at the corresponding carp or physical interface or
at an interface belonging to a common bridge. This fixes IPv6
neighbor discovery with carp.
bug report and tested by Florian Fuessl
put it in deraadt@
|
|
Otherwise pf could reroute or redirect such a packet. KAME moved
it in rev 1.189 of their ip6_input.c. This also allows rdr or nat
to ::1 in pf.
bug report and test camield@
ok mikeb@; go for it deraadt@
|
|
|
|
`ESC \', as supported by xterm; some third-party software such as
ncmpcpp rely upon this.
Noticed by dcoppa@, based on a draft diff by nicm@; ok deraadt@
|
|
The basic analysys is correct, however, the problem in this case is that by forcing
softdept to synchornously flush everything across *all* softdep filesystems we cause a
huge performance problem when we take a 3 second pause and slam everything synchronously.
the right way to fix this is to fix the speedup_softdep code, not make the filesystem
go synchronous when we hit a limit - if we are doing that we may as well not run softdep
it will be faster.
ok deraadt@
|
|
|
|
not the same as it was in 4.9 or earlier. In either case you can turn
it on again using sysctl kern.pool_debug=1 -- but if POOL_DEBUG is not
enabled you only get a subset of the strict checks.
ok kettenis miod beck
|
|
move that out of i386_set_threadbase(), and have clone() pass NULL
to fork1() for the child func argument so that it gets the child
proc pointer.
Report and verification by pirofti@, heavy lifting by matthew@
|
|
It's already in pfvar.h
OK mcbride@
|
|
unmap handling.
|
|
without growing it in pfsync_state too.
to keep the wire format compat this uses some of the pad bytes to send
all the state flags on the wire as well as maintaining the old state_flags
field. after 5.0 we'll deprecate the original field and only use the new
one.
discussed with mcbride and deraadt and based on a diff from deraadt.
tested against an "old" pfsync locally.
ok mcbride@ henning@ deraadt@
|
|
Reject states with pfsync_state->af == 0 in pfsync_state_import(), in
preparation for states which specify an address family in each state key
instead (change will take place post-5.0).
ok dlg henning mikeb
|
|
Tested on my thecus. ok miod@, todd@, deraadt@.
|
|
oga has disappeared
|
|
|
|
ok deraadt@, phessler@
|
|
|
|
ok deraadt@
|
|
ok kettenis
|
|
actually exit. This means that the main thread will exit and free the
process group, which results in the thread dereferencing a null pointer
when it is woken back up. Avoid this by checking that the ps_pgrp is not
null before deferefencing it. Also expand the ps_session macro to avoid
hiding the dereference.
ok tedu@
|
|
improved debugging for error cases inside the weighted round-robin loop.
original diff from claudio, ok henning
|
|
ok kettenis
|
|
lo' must not match a group 'local'. diff from sthen who is not around for a
few days, ok me and mpf. I can't find the mail of the guy who initially
ran into this problem, sorry for that, thanks for reporting!
|
|
Diff from zinke@ with a some minor cleanup.
ok henning claudio deraadt
|
|
which we have a cloning or cloned route. The old check was based
on configured interface addresses, now we use a route lookup. This
allows us to use prefixes for the local network that ospf6d has
added.
ok claudio@
|
|
see a recent subr_autoconf.c commit). To resolve this problem, mark the
other attachment dead, and clean it up when the first servicing timeout
gets run.
ok kettenis
|
|
|
|
ok matthew@
|
|
former anymore. OK miod@.
|
|
systems.
|
|
|
|
ok krw@ matthew@
|
|
|
|
now, put it in the IPPROTO_TCP case of the pf_test_rule() inner loop.
ok henning sthen
|
|
the common function pf_walk_header6(). For that, pf_walk_header6()
can now extract both the information wether it is a fragment and
the final protocol if it is the first fragment. This allows to
match the icmp6 too big packet of a first fragment to the reassembled
packet's state. This is neccesary if a refragmented fragment is
to big for the Path-MTU.
Note that pd.proto contains the real protocol number for the first
fragment and IPPROTO_FRAGMENT for later fragments. pd.virtual_protocol
is set to PF_VPROTO_FRAGMENT for all fragments.
ok mcbride@
|
|
|
|
from Martin Pelikan
|
|
Rather than silently dropping ALL icmp packets, return icmp/icmp6 error
for 'informational' message types (but continue dropping ICMP errors
unconditionally).
ok markus sthen henning
|
|
|
|
From Chris Turner <c.turner(at)199technologies(dot)com>
OK sthen@
|
|
From Chris Turner <c.turner(at)199technologies(dot)com>
OK sthen@
|
