CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: henn...@cvs.openbsd.org 2014/04/18 04:48:23 Modified files: regress/sbin/pfctl: Makefile pf35.in pf35.ok pfail53.in pfail53.ok Removed files: regress/sbin/pfctl: pf33.in pf33.loaded pf33.ok pf37.in pf37.ok pf42.in pf42.ok pf45.in pf45.ok pf58.in pf58.ok pf59.in pf59.ok pf62.in pf62.ok pf63.in pf63.ok pf64.in pf64.ok pfail18.in pfail18.ok pfail29.in pfail29.ok pfail31.in pfail31.ok pfail32.in pfail32.ok pfail33.in pfail33.ok pfail34.in pfail34.ok pfail35.in pfail35.ok pfail36.in pfail36.ok pfail44.in pfail44.ok pfail45.in pfail45.ok pfail46.in pfail46.ok pfaltq1.in pfaltq1.ok pfaltq10.in pfaltq10.ok pfaltq11.in pfaltq11.ok pfaltq12.in pfaltq12.ok pfaltq13.in pfaltq13.ok pfaltq14.in pfaltq14.ok pfaltq2.in pfaltq2.ok pfaltq3.in pfaltq3.ok pfaltq4.in pfaltq4.ok pfaltq5.in pfaltq5.ok pfaltq6.in pfaltq6.ok pfaltq7.in pfaltq7.ok pfaltq8.in pfaltq8.ok pfaltq9.in pfaltq9.ok pfopt3.in pfopt3.ok pfopt3.opts pfsetup2.in pfsetup2.ok pfsetup3.in pfsetup3.ok Log message: stop testing altq stuffz how many tests I wrote back then... (of which the majority is pointless)
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: henn...@cvs.openbsd.org 2014/04/18 05:15:21 Removed files: regress/sbin/pfctl: pf43.in pf43.loaded pf43.ok Log message: missed these
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: henn...@cvs.openbsd.org 2014/04/18 05:18:40 Modified files: share/man/man4 : pf.4 Log message: stop talking about altq this manpage needs a bigger sync with reality...
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: henn...@cvs.openbsd.org 2014/04/18 05:19:45 Modified files: share/man/man4 : options.4 Log message: stop mentioning altq
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: henn...@cvs.openbsd.org 2014/04/18 05:36:06 Modified files: usr.bin/systat : pftop.c Log message: no more altq
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: henn...@cvs.openbsd.org 2014/04/18 05:41:10 Modified files: share/man/man7 : hier.7 Log message: no more altq hier^Where either
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: henn...@cvs.openbsd.org 2014/04/18 08:34:24 Modified files: regress/etc/MAKEDEV: Makefile Log message: cut altq here
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: henn...@cvs.openbsd.org 2014/04/18 08:56:59 Modified files: sys/dev/ic : dc.c Log message: reaching into altq unconditionally (and w/o ifdef ALTQ) is bad, mmkay?
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: henn...@cvs.openbsd.org 2014/04/18 09:13:01 Modified files: sys/net: pf.c Log message: pf_send_tcp: ask the stack to do the cksum instead of doing it manually ok benno lteo naddy (back in january)
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: henn...@cvs.openbsd.org 2014/04/18 09:14:25 Modified files: sys/netinet: tcp_subr.c Log message: tcp_respond: let the stack worry about the cksum instead of doing it manually, ok naddy (in january)
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: henn...@cvs.openbsd.org 2014/04/18 09:20:00 Modified files: sys/net: if_tun.c Log message: reaching into altq outside #ifdef ALTQ is bad, mmkay? ok claudio
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: henn...@cvs.openbsd.org 2014/03/28 10:47:06 Modified files: usr.bin/mg : theo.c Log message: let's talk about shit
CVS: cvs.openbsd.org: www
CVSROOT:/cvs Module name:www Changes by: henn...@cvs.openbsd.org 2014/03/15 21:23:06 Modified files: papers : index.html Log message: link my asiabsdcon slides
CVS: cvs.openbsd.org: www
CVSROOT:/cvs Module name:www Changes by: henn...@cvs.openbsd.org 2014/03/15 21:22:46 Modified files: . : events.html Log message: move asiabsdcon to the past and link my slides
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: henn...@cvs.openbsd.org 2014/02/12 06:01:50 Modified files: sys/net: rtsock.c Log message: Add rtlabel to rt_newaddrmsg, From: Florian Riehm mail at friehm dot de ok bluhm claudio
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: henn...@cvs.openbsd.org 2014/01/24 02:48:37 Modified files: sys/net: if_pflow.c Log message: computing the ip csum just before the bpf mtap and only if there is a consumer just to please tcpdump is stupid and not done anywhere else. kill with fire. ok benno
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: henn...@cvs.openbsd.org 2014/01/24 05:07:50 Modified files: sys/net: pf.c Log message: in pf_check_proto_cksum, updtae the swcksum counters if we cksummed in software. ok naddy (this is pbly the ultimate commit'n'run)
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: henn...@cvs.openbsd.org 2014/01/24 11:54:58 Modified files: sys/net: if_bridge.c sys/netinet: ip_input.c tcp_input.c udp_usrreq.c Log message: clearing the _CSUM_IN_OK flags is now utterly pointless, was only done for statistics sideeffects before. ok lteo naddy
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: henn...@cvs.openbsd.org 2014/01/23 16:51:29 Modified files: sys/net: if_bridge.c pf.c sys/netinet: ip_input.c ip_output.c ip_var.h tcp_input.c tcp_var.h udp_usrreq.c udp_var.h sys/netinet6 : ip6_output.c Log message: since the cksum rewrite the counters for hardware checksummed packets are are lie, since the software engine emulates hardware offloading and that is later indistinguishable. so kill the hw cksummed counters. introduce software checksummed packet counters instead. tcp/udp handles ip ipvshit, ip cksum covered, 6 has no ip layer cksum. as before we still have a miscounting bug for inbound with pf on, to be fixed in the next step. found by, prodding ok naddy
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: henn...@cvs.openbsd.org 2014/01/23 16:51:53 Modified files: usr.bin/netstat: inet.c Log message: hardware cecksummed counters - software checksummed counters
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: henn...@cvs.openbsd.org 2014/01/23 23:18:33 Modified files: sys/netinet: udp_var.h Log message: make the udpstat counters u_int32_t, for consistency with tcpstat ok krw phessler
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: henn...@cvs.openbsd.org 2014/01/21 15:25:56 Modified files: usr.bin/mg : theo.c Log message: fulfilling theo's wishes
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: henn...@cvs.openbsd.org 2014/01/21 17:21:17 Modified files: sbin/iked : parse.y sbin/ipsecctl : parse.y sbin/pfctl : parse.y usr.sbin/bgpd : parse.y usr.sbin/dvmrpd: parse.y usr.sbin/hostapd: parse.y usr.sbin/ifstated: parse.y usr.sbin/ldapd : parse.y usr.sbin/ldpd : parse.y usr.sbin/ospf6d: parse.y usr.sbin/ospfd : parse.y usr.sbin/relayd: parse.y usr.sbin/ripd : parse.y usr.sbin/smtpd : parse.y usr.sbin/snmpd : parse.y usr.sbin/ypldap: parse.y Log message: relax the cfg file secrecy check slightly to allow group readability default permissions and mtree NOT changed. prodded by benno, ok phessler benno jmatthew theo pelikan florian
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: henn...@cvs.openbsd.org 2014/01/21 21:33:34 Modified files: sys/net: pf.c pf_if.c Log message: 7x bcopy - memcpy, impossibility of overlaps verified. ok benno dlg
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: henn...@cvs.openbsd.org 2014/01/21 21:34:25 Modified files: sys/net: pf_norm.c Log message: one more absolutely obvious bcopy - memcpy
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: henn...@cvs.openbsd.org 2014/01/20 18:50:07 Modified files: sys/net: pf_if.c pfvar.h Log message: introduce a way to match any interface, excluding loopback ones. pfi_kif_get annotates the kif with a flag indicating it is the any match pfi_kif_match obeys that flag ok benno
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: henn...@cvs.openbsd.org 2014/01/20 18:52:18 Modified files: share/man/man5 : pf.conf.5 Log message: document how any matches any non-loopback interface, ok benno
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: henn...@cvs.openbsd.org 2014/01/20 18:51:55 Modified files: sbin/pfctl : parse.y Log message: if_item can be any now. allows things like block out on $someif received-on any to prevent packets to get forwarded to $someif
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: henn...@cvs.openbsd.org 2014/01/19 16:45:34 Modified files: usr.bin/systat : pftop.c Log message: newqueue support for the queue view, code mostly from pfctl. lifting done by Arto Jonsson ajonsson at kapsi dot fi, many thanks!
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: henn...@cvs.openbsd.org 2014/01/19 19:57:50 Modified files: sys/net: pf.c pf_ioctl.c pfvar.h Log message: support negated matches on the rcvif, ok dlg benno
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: henn...@cvs.openbsd.org 2014/01/19 19:59:13 Modified files: sbin/pfctl : parse.y pfctl_parser.c Log message: support !received-on interface, ok dlg benno
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: henn...@cvs.openbsd.org 2014/01/19 19:59:56 Modified files: share/man/man5 : pf.conf.5 Log message: document !received-on, ok dlg benno
CVS: cvs.openbsd.org: www
CVSROOT:/cvs Module name:www Changes by: henn...@cvs.openbsd.org 2013/12/16 06:52:12 Modified files: papers : index.html Log message: link my slides
CVS: cvs.openbsd.org: www
CVSROOT:/cvs Module name:www Changes by: henn...@cvs.openbsd.org 2013/12/16 07:32:02 Modified files: papers : index.html Log message: add a coment reminding idiots like me to update events.html too
CVS: cvs.openbsd.org: www
CVSROOT:/cvs Module name:www Changes by: henn...@cvs.openbsd.org 2013/12/16 07:33:52 Modified files: . : events.html Log message: slides link here as well, reminded by theo
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: henn...@cvs.openbsd.org 2013/11/26 04:27:41 Modified files: sys/netinet: ip_icmp.c Log message: instead of calculating the icmp checksum here, just set the flag that it is needed and the lower parts of the stack will take care of it. fixes a cksum bug in a rather constructed case and is just the right thing to do now. ok mpi naddy
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: henn...@cvs.openbsd.org 2013/11/26 04:33:34 Modified files: usr.sbin/ldapd : imsgev.c Log message: deal with msgbuf_write EAGAIN, ok gilles benno
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: henn...@cvs.openbsd.org 2013/11/26 04:59:38 Modified files: usr.sbin/ldpd : control.c lde.c ldpd.c ldpe.c packet.c Log message: deal with msgbuf_write EAGAIN, ok gilles benno
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: henn...@cvs.openbsd.org 2013/11/26 05:00:19 Modified files: usr.sbin/ripd : ripe.c Log message: msgbuf_write EAGAIN, ok gilles benno
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: henn...@cvs.openbsd.org 2013/11/26 05:01:40 Modified files: usr.sbin/smtpd : enqueue.c Log message: deal with msgbuf_write EAGAIN, ok gilles benno
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: henn...@cvs.openbsd.org 2013/11/26 05:02:23 Modified files: usr.sbin/snmpd : control.c Log message: remove clever shortcut that might bite later, ok gilles benno
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: henn...@cvs.openbsd.org 2013/11/26 05:02:59 Modified files: usr.sbin/ypldap: ldapclient.c Log message: msgbuf_write EAGAIN, ok gilles benno all of these from a long train ride
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: henn...@cvs.openbsd.org 2013/11/01 04:40:15 Modified files: usr.bin/systat : systat.1 Log message: not just altq queues, queues From: Arto Jonsson ajonsson at kapsi.fi
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: henn...@cvs.openbsd.org 2013/11/01 04:42:38 Modified files: sbin/ipsecctl : ipsec.conf.5 sbin/iked : iked.conf.5 Log message: altq - new queue in examples From: Arto Jonsson ajonsson at kapsi.fi
CVS: cvs.openbsd.org: www
CVSROOT:/cvs Module name:www Changes by: henn...@cvs.openbsd.org 2013/10/30 05:22:37 Modified files: . : events.html Log message: fix vbsdcon slide link. thx jturner for fixing my omission
CVS: cvs.openbsd.org: www
CVSROOT:/cvs Module name:www Changes by: henn...@cvs.openbsd.org 2013/10/27 13:01:22 Modified files: papers : index.html Log message: link to our vbsdcon slides
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: henn...@cvs.openbsd.org 2013/10/21 03:39:24 Modified files: sys/net: pf.c Log message: pf_translate: missing conditonal pf_check_proto_cksum calls before mucking with the icmpid. impact of the bug is quite limited, only affect icmp echo requests reply through nat when the natting does not actually change any address. ok bluhm, found while hunting something else sthen is seeing
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: henn...@cvs.openbsd.org 2013/10/20 07:42:36 Modified files: sys/net: pf.c Log message: in pf_cksum, set the icmp/icmp6 cksums to 0, for comsistency with tcp/udp with ok bluhm
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: henn...@cvs.openbsd.org 2013/10/20 07:44:24 Modified files: sys/netinet: ip_output.c sys/netinet6 : ip6_output.c Log message: no need to make the icmp cksum offloading case special insofar that the cksum needs to be 0'd before, pf does that now (just like in the tcp/udp case) and nothing else uses the icmp offloading yet. with ok bluhm
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: henn...@cvs.openbsd.org 2013/10/19 04:38:55 Modified files: sys/netinet: ip_output.c tcp_output.c tcp_subr.c udp_usrreq.c Log message: make in_proto_cksum_out not rely on the pseudo header checksum to be already there, just compute it - it's dirt cheap. since that happens very late in ip_output, the rest of the stack doesn't have to care about checksums at all any more, if something needs to be checksummed, just set the flag on the pkthdr mbuf to indicate so. stop pre-computing the pseudo header checksum and incrementally updating it in the tcp and udp stacks. ok lteo florian
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: henn...@cvs.openbsd.org 2013/10/19 04:47:53 Modified files: sys/net: pf.c Log message: pf_cksum doesn't need to compute the pseudo hdr cksum any more. ok lteo florian
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: henn...@cvs.openbsd.org 2013/10/19 04:49:31 Modified files: sys/net: if_pflow.c Log message: simplify: no need to muck with the pseudo hdr cksum any more ok lteo florian
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: henn...@cvs.openbsd.org 2013/10/19 04:51:41 Modified files: sys/net: pipex.c Log message: simplify checksum handling. no need to compute the pseudo hdr cksum in the v4 case any more, and computing the cksum in the v6 case isn't needed either. ok florian lteo
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: henn...@cvs.openbsd.org 2013/10/17 13:59:54 Modified files: sbin/pfctl : parse.y pfctl.c Log message: cannot have queue definitions inside anchors. don't attempt to load them and err out if we run into one ran into by Gregor Best gbe@@ring0.de, analysis fix your's truly
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: henn...@cvs.openbsd.org 2013/10/12 06:17:32 Modified files: usr.bin/systat : pftop.c Log message: adopt to queueing changes
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: henn...@cvs.openbsd.org 2013/10/12 06:02:03 Modified files: sys/conf : files Log message: hook in hfsc.c/h looked over tested by many, ok phessler sthen
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: henn...@cvs.openbsd.org 2013/10/12 06:31:37 Modified files: share/man/man5 : pf.conf.5 Log message: document new queueing. with lots of help from jmc. glanced over by many, ok phessler sthen
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: henn...@cvs.openbsd.org 2013/10/12 05:55:46 Modified files: sys/net: if_bridge.c pf_ioctl.c pfkeyv2_convert.c pfvar.h Log message: give tagname2tag and its siblings an extra create parameter. if 1, it behaves like before and creates the mapping if needed. if 0, lookup only. looked over by many, ok phessler sthen
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: henn...@cvs.openbsd.org 2013/10/12 05:39:18 Added files: sys/net: hfsc.c hfsc.h Log message: standalone hfsc implementation with new interface to the consumers, for the new bandwidth shaping subsystem. looked over tested by many, ok phessler sthen
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: henn...@cvs.openbsd.org 2013/10/12 06:16:13 Modified files: sbin/pfctl : Makefile parse.y pfctl.c pfctl.h pfctl_altq.c pfctl_parser.c pfctl_parser.h pfctl_qstats.c Added files: sbin/pfctl : pfctl_queue.c Log message: config bits for the bandwidth shaping part of the new queueing subsystem syntax worked out with many in ljubljana using a whiteboard, testing looking over by many, ok phessler sthen
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: henn...@cvs.openbsd.org 2013/10/12 06:13:12 Modified files: sys/altq : if_altq.h sys/net: if.h pf.c pf_ioctl.c pfvar.h Log message: new bandwidth shaping subsystem, kernel side uses hfsc behind the scenes; altq stays in parallel for a migration phase. if.h even more messy for the transition, but eventuelly it should become readable... looked over tested by many, ok phessler sthen
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: henn...@cvs.openbsd.org 2013/10/12 06:18:55 Modified files: regress/sbin/pfctl: pf33.in pf33.ok pf35.in pf35.ok pf37.in pf37.ok pf42.in pf42.ok pf43.in pf43.ok pf45.in pf45.ok pf58.in pf58.ok pf59.in pf59.ok pf62.in pf62.ok pf63.in pf63.ok pf64.in pf64.ok pfail18.in pfail18.ok pfail31.in pfail31.ok pfail32.in pfail32.ok pfail35.in pfail36.in pfail44.in pfail44.ok pfail45.in pfail45.ok pfail46.in pfail46.ok pfail53.in pfaltq1.in pfaltq1.ok pfaltq10.in pfaltq10.ok pfaltq11.in pfaltq11.ok pfaltq2.in pfaltq2.ok pfaltq3.in pfaltq3.ok pfaltq4.in pfaltq4.ok pfaltq5.in pfaltq5.ok pfaltq6.in pfaltq6.ok pfaltq7.in pfaltq7.ok pfaltq8.in pfaltq8.ok pfaltq9.in pfaltq9.ok pfopt3.in pfopt3.ok pfsetup2.in pfsetup2.ok pfsetup3.in pfsetup3.ok Log message: adopt existing altq regress to queueing changes; queuespecs for altq use oldqueue as keyword for the transition phase
CVS: cvs.openbsd.org: www
CVSROOT:/cvs Module name:www Changes by: henn...@cvs.openbsd.org 2013/10/07 10:32:26 Modified files: papers : index.html Log message: link my eurobsdcon slides
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: henn...@cvs.openbsd.org 2013/08/19 03:16:25 Modified files: sys/net: pf.c Log message: in pf_test_rule, when dealing with a match rule, obey the match rule's quick flag to decide wether to abort ruleset eval instead of the last matching rule's one. makes match quick abort ruleset evaluation with the current block/pass state. from Maxim Khitrov max at mxcrypt.com, ok bluhm mikeb
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: henn...@cvs.openbsd.org 2013/06/26 03:12:40 Modified files: sys/net: if_bridge.c if_pflog.c pf.c pf_norm.c pfvar.h sys/netinet: ip_input.c ip_output.c sys/netinet6 : in6.h ip6_divert.c ip6_forward.c ip6_input.c ip6_output.c Log message: put the cksum diff back, of course with the bug fixed where we could under some circumstances repair broken checksums on the way. ok ryan naddy mikeb
Re: CVS: cvs.openbsd.org: src
* Mike Belopuhov m...@belopuhov.com [2013-06-26 11:14]: On 26 June 2013 11:12, Henning Brauer henn...@cvs.openbsd.org wrote: CVSROOT:/cvs Module name:src Changes by: henn...@cvs.openbsd.org 2013/06/26 03:12:40 Modified files: sys/net: if_bridge.c if_pflog.c pf.c pf_norm.c pfvar.h sys/netinet: ip_input.c ip_output.c sys/netinet6 : in6.h ip6_divert.c ip6_forward.c ip6_input.c ip6_output.c Log message: put the cksum diff back, of course with the bug fixed where we could under some circumstances repair broken checksums on the way. ok ryan naddy mikeb I did not OK this diff. sorry, miscommunication or misremembered, not intended.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: henn...@cvs.openbsd.org 2013/06/04 12:58:29 Modified files: sys/net: pf.c Log message: make pf_change_ap() usable without a port. if the port pointer is NULL, just return after being done with the address. ok bluhm ryan mikeb
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: henn...@cvs.openbsd.org 2013/06/04 13:03:12 Modified files: sys/net: pf.c pfvar.h Log message: add a pointer to the protocol checksum header field to pf_pdesc and set it up in pf_setup_pdesc(). ok ryan benno mikeb bluhm
CVS: cvs.openbsd.org: src
CVSROOT:/cvs
Module name:src
Changes by: henn...@cvs.openbsd.org 2013/06/04 13:07:59
Modified files:
sys/net: pf.c
Log message:
fold pf_test_state_{tcp,udp,other} into one pf_test_state.
the _icmp variant stays because it is completely different.
factor out the synproxy code into a new pf_synproxy() for readability.
pf_setup_pdesc sets us up with access to ports, cksum etc in a protocol
independent matter, so we don't need many protocol switches here.
tcp and udp were almost identical, the _other case changes significantly -
not too unlikely this fixes a subtle bug or two in that case.
ok ryan benno bluhm mikeb
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: henn...@cvs.openbsd.org 2013/06/04 18:56:35 Modified files: sys/net: pf.c Log message: after the pf_test_state folding, in pf_test in the proto switch, the udp and the default case are 100% identical, tcp does a little more, but that is easier to add w/ two if tcp blocks in the default case, so the udp and tcp cases die. ok bluhm
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: henn...@cvs.openbsd.org 2013/06/03 09:00:00 Modified files: sys/net: pfvar.h Log message: put back the match member to the anchor stack struct - userland (pfctl) uses it. that is so incedibly wrong... sorry for the breakage, folks. found by tedu, SMSing me out of my breakfast bob
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: henn...@cvs.openbsd.org 2013/06/02 17:06:36 Modified files: sys/net: pf.c Log message: set up osport and odport (original src/dst port) in pf_setup_pdesc instead of late in pf_test_rule - need that for upcoming changes. ok ryan
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: henn...@cvs.openbsd.org 2013/06/02 17:12:23 Modified files: sys/netinet: tcp.h Log message: increase heat in the hackathon room by making sure everybody has to recompile even more of the kernel fix formatting ugliness, whitespace only, obviously a copy pasto ok ryan
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: henn...@cvs.openbsd.org 2013/06/02 19:41:04 Modified files: sys/net: pfvar.h pf.c Log message: fix anchor quick with nested anchors. we lost the quick flag as soon as we stepped into a child anchor. simplify the logic, get rid of the match flag in the anchor stack, just use the match variable we already had (and used in a boolean style) to track the nest level we had a match at. when a child anchor had a match we also have a match in the current anchor, so update the match level accordingly, and thus correctly honour the quick flag. reported by, along with the right idea on how to fix this, by Sean Gallagher \sean at teletech.com.au/, who also helped testing the fix. ok ryan benno
CVS: cvs.openbsd.org: src
CVSROOT:/cvs
Module name:src
Changes by: henn...@cvs.openbsd.org 2013/06/01 15:18:02
Modified files:
sys/net: pf.c pfvar.h
Log message:
pf_step_{into,out_of}_anchor() are only ever called from pf_test_rule()
these days, so:
-move the prototypes from pfvar.h to pf.c
-remove the now useless null point checks for *match, it is always provided
ok ryan
CVS: cvs.openbsd.org: src
CVSROOT:/cvs
Module name:src
Changes by: henn...@cvs.openbsd.org 2013/06/01 15:51:54
Modified files:
sbin/pfctl : parse.y
Log message:
remove set-tos backwards compat, moved into the set {} block a year ago
ok ryan
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: henn...@cvs.openbsd.org 2013/05/30 13:22:48 Modified files: usr.sbin/ifstated: ifstated.c Log message: setsockopt to see messages for interfaces in all routing domains again instead of just the primary one. problem reported along with the right idea on how to fix it by Sean Gallagher (sean at teletech.com.au), actual fix by yours truly. Thanks Sean! ok ryan claudio
CVS: cvs.openbsd.org: www
CVSROOT:/cvs Module name:www Changes by: henn...@cvs.openbsd.org 2013/03/23 11:56:07 Modified files: papers : index.html Log message: link my asiabsdcon stuffz
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: henn...@cvs.openbsd.org 2013/01/16 17:48:04 Modified files: sys/dev/pci: if_oce.c sys/net: if_gif.c if_llc.h pfvar.h sys/netinet: tcp_input.c Log message: first or second coming, commie or not commie, one m in coming is sufficient ok claudio
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: henn...@cvs.openbsd.org 2013/01/15 18:49:20 Modified files: share/man/man5 : pf.conf.5 sbin/pfctl : parse.y pfctl_parser.c Log message: for consistency with prio etc, the queue assignment really belongs into the set block. so make pfctl accept, print and the manpage document . match set queue foo instead of . match queue foo but keep accepting the old way without the explicit set. ok bob, man jmc
CVS: cvs.openbsd.org: www
CVSROOT:/cvs Module name:www Changes by: henn...@cvs.openbsd.org 2013/01/15 19:10:13 Modified files: faq: current.html Log message: bonjour miod, c'est 2013
CVS: cvs.openbsd.org: www
CVSROOT:/cvs Module name:www Changes by: henn...@cvs.openbsd.org 2013/01/15 19:15:06 Modified files: faq: current.html Log message: queue - set queue
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: henn...@cvs.openbsd.org 2013/01/15 19:43:24 Modified files: share/man/man5 : pf.conf.5 Log message: move the set queue block a bit down so that a) things are in alphabetical order again b) the described below in the set prio section actually refers to a block of text below and not above it... ok jsing
CVS: cvs.openbsd.org: www
CVSROOT:/cvs Module name:www Changes by: henn...@cvs.openbsd.org 2013/01/13 16:40:26 Modified files: papers : index.html Log message: link to my eurobsdcon presentation was missing, pointed out by chl@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: henn...@cvs.openbsd.org 2012/11/06 05:32:42 Modified files: sys/net: if_bridge.c if_pflog.c pf.c pf_norm.c pfvar.h sys/netinet: ip_input.c ip_output.c sys/netinet6 : in6.h ip6_divert.c ip6_forward.c ip6_input.c ip6_output.c Log message: backout csum diff for the moment, requested by theo
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: henn...@cvs.openbsd.org 2012/11/02 07:14:05 Modified files: sys/netinet6 : ip6_output.c Log message: unbreak ramdisks, we need to include tcp/udp.h unconditionally now and not dependent on ipsec. puzzled how this went by since I did run full mkrs... pbly lost in my forest of trees :( report Amit Kulkarni amitkulz at gmail.com, fix me, ok kettenis beck krw
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: henn...@cvs.openbsd.org 2012/11/01 01:55:56 Modified files: sys/net: if_bridge.c if_pflog.c pf.c pf_norm.c pfvar.h sys/netinet: ip_input.c ip_output.c sys/netinet6 : in6.h ip6_divert.c ip6_forward.c ip6_input.c ip6_output.c Log message: redo most of the protocol (tcp/udp/...) checksum handling -assume we have hardware checksum offloading. stop mucking with the checksum in most of the stack -stop checksum mucking in pf, just set a needs checksumming flag if needed -in all output pathes, very late, if we figure out the outbound interface doesn't have hw cksum offloading, do the cksum in software. this especially makes the bridge path behave like a regular output path -little special casing for bridge still required until the broadcast path loses its disgusting shortcut hacks, but at least it's in one place now and not all over the stack in6_proto_cksum_out mostly written by krw@ started at k2k11 in iceland more than 1.5 years ago - yes it took that long, this stuff is everything but easy. this happens to fix the infamous pf rdr bug that made us turn off proto cksum offloading on almost all interface drivers. ok camield sthen claudio, testing by many, thanks!
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: henn...@cvs.openbsd.org 2012/10/10 05:14:08 Modified files: sys/net: if_bridge.c Log message: make bridge_rtflush and bridge_flushrule void functions, as they never return anything but 0 anyways From: Michael W. Bombardieri mb at ii dot net, ok camield
Re: CVS: cvs.openbsd.org: src
* Claudio Jeker cje...@diehard.n-r-g.com [2012-09-20 12:48]: On Thu, Sep 20, 2012 at 12:26:54PM +0200, Henning Brauer wrote: * Alexander Bluhm bl...@cvs.openbsd.org [2012-09-19 21:21]: CVSROOT: /cvs Module name: src Changes by: bl...@cvs.openbsd.org 2012/09/19 13:20:34 Modified files: usr.sbin/ospf6d: kroute.c ospf6d.h Log message: Instead of fiddling about the kame hack here and there, implement the functions embedscope(), recoverscope(), clearscope(). ok claudio@ IMHO this belongs somewhere reachable for everything, as every user of the routing socket dealing with link-local crap has to reimplement that. No. The goal would be that the routing socket is not embedding scope. The routing socket is using sockaddrs so there is no need to embed. that'd be even better of course. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: henn...@cvs.openbsd.org 2012/09/19 09:29:53 Modified files: sys/net: if.h if_vlan.c Log message: defina an IFCAP_CSUM_MASK, covering IFCAP_CSUM_*, and use it in if_vlan.c to replace the list of them. this actually makes vlan inherit the IPv6 CSUM flags from it's parent, that had been commented out since this code was committed back in 2001. ok benno mpf
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: henn...@cvs.openbsd.org 2012/09/19 09:31:24 Modified files: sys/netinet: ip_carp.c Log message: inherit IFCAP_CSUM_* from the parent interface in my tree for a while and I forgot what exactly triggered it, but in one way or another this comes from the netbsd camp ok benno mpf
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: henn...@cvs.openbsd.org 2012/09/19 10:30:39 Modified files: usr.sbin/ntpd : ntpd.8 Log message: clarify which process writes out stats upong SIGINFO reception. pointed out by Frank Brodbeck fab at guug.de, actual change with ok jmc
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: henn...@cvs.openbsd.org 2012/09/18 04:11:53 Modified files: sbin/pfctl : parse.y pfctl_parser.c sys/net: pf.c pf_ioctl.c pfvar.h usr.sbin/ftp-proxy: filter.c usr.sbin/relayd: pfe_filter.c Log message: prio 0 is valid, therefore, I chose an impossible value for prio meaning not set and used a PF_PRIO_NOTSET define for it. now that means that everything that creates a struct pf_rule doesn't get away with bzero'ing it, which turned out to be not so nice. so get rid of PF_PRIO_NOTSET, instead, make a rule+state flag PFSTATE_SETPRIO which indicates wether the prio should be set. ok benno claudio mikeb
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: henn...@cvs.openbsd.org 2012/07/28 06:35:14 Modified files: share/man/man4 : pflog.4 Log message: sync struct pfloghdr with reality, pt out Johan Ryberg johan at securit.se
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: henn...@cvs.openbsd.org 2012/07/13 05:14:04 Modified files: sys/net: pfvar.h Log message: remove confuzzling comment :dlg: the xxx can go ..and this time commit to the real repo and not the one on my laptop
Re: CVS: cvs.openbsd.org: src
* Christiano F. Haesbaert haesba...@haesbaert.org [2012-07-10 10:17]: On 10 July 2012 10:13, Joerg Zinke m...@umaxx.net wrote: I'm sorry about the typo. May I suggest implementing a spellchecker which inspects each packet payload in PF to avoid such typos in future? I guess this would make PF webscale and ready for thE clouD 3.1 (virtual enterprise edition). Otherwise it would provide awesome new filtering options think of: block in on $ext_if proto tcp from any spellcheck henning@ http://xkcd.com/908/ No dude ! You need to support SAP, and store the rules in Oracle, it's not usable until then. nice try, but as long as it has joins it isn't webscale. need NoSQL monGoDB PoWerpoInT LiEm Arket Ing. Inc Bros enteRprice edition I'm off to that pig farm in idaho now. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/
CVS: cvs.openbsd.org: src
CVSROOT:/cvs
Module name:src
Changes by: henn...@cvs.openbsd.org 2012/07/10 03:13:41
Modified files:
sbin/pfctl : parse.y pfctl_parser.c
Log message:
set { ... } - set ( ... )
brought up by ryan, discussed with him and theo and they convinced me
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: henn...@cvs.openbsd.org 2012/07/10 03:23:56 Modified files: sbin/pfctl : pfctl_parser.c Log message: intermediate hack^Wugly fix to prevent spurious scrub () prints + XXX comment as reminder to clean this up for good
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: henn...@cvs.openbsd.org 2012/07/10 03:38:22 Modified files: sys/net: pfvar.h Log message: define a PFSTATE_SCRUBMASK. relying on numeric order of flags is stupid and bound to break sooner or later.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: henn...@cvs.openbsd.org 2012/07/10 03:39:26 Modified files: sbin/pfctl : pfctl_parser.c Log message: use PFSTATE_SCRUBMASK whenever you see (flags = ONE_OF_THE_FLAGS), run. that must break sooner or later.
