Author: ae
Date: Mon Mar 18 12:59:08 2019
New Revision: 345274
URL: https://svnweb.freebsd.org/changeset/base/345274
Log:
Update NAT64LSN implementation:
o most of data structures and relations were modified to be able support
large number of translation states. Now each supported proto
ewly added)
+++ head/sbin/ipfw/nat64clat.c Mon Mar 18 11:44:53 2019(r345264)
@@ -0,0 +1,535 @@
+/*-
+ * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
+ *
+ * Copyright (c) 2019 Yandex LLC
+ * Copyright (c) 2019 Andrey V. Elsukov
+ * Copyright (c) 2019 Boris N. Lytochkin
+ *
+ * Redistribution a
-2016 Alexander V. Chernikov
- * Copyright (c) 2015-2016 Andrey V. Elsukov
- * All rights reserved.
+ * Copyright (c) 2015-2019 Andrey V. Elsukov
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
Author: ae
Date: Mon Mar 18 10:39:14 2019
New Revision: 345262
URL: https://svnweb.freebsd.org/changeset/base/345262
Log:
Modify struct nat64_config.
Add second IPv6 prefix to generic config structure and rename another
fields to conform to RFC6877. Now it contains two prefixes and length
Author: ae
Date: Mon Mar 11 10:42:09 2019
New Revision: 345004
URL: https://svnweb.freebsd.org/changeset/base/345004
Log:
Add IP_FW_NAT64 to codes that ipfw_chk() can return.
It will be used by upcoming NAT64 changes. We use separate code
to avoid propogating EACCES error code to user lev
Author: ae
Date: Mon Mar 11 10:33:32 2019
New Revision: 345003
URL: https://svnweb.freebsd.org/changeset/base/345003
Log:
Add NULL pointer check to nat64_output().
It is possible, that a processed packet was originated by local host,
in this case m->m_pkthdr.rcvif is NULL. Check and set i
Author: ae
Date: Thu Mar 7 10:01:32 2019
New Revision: 344873
URL: https://svnweb.freebsd.org/changeset/base/344873
Log:
Fix typo.
MFC after:1 week
Modified:
head/sys/amd64/amd64/vm_machdep.c
head/sys/i386/i386/vm_machdep.c
Modified: head/sys/amd64/amd64/vm_machdep.c
Author: ae
Date: Thu Mar 7 04:40:44 2019
New Revision: 344870
URL: https://svnweb.freebsd.org/changeset/base/344870
Log:
Fix the problem with O_LIMIT states introduced in r344018.
dyn_install_state() uses `rule` pointer when it creates state.
For O_LIMIT states this pointer actually is n
s0a:
>
> But anyhow, it would be good to understand the actual reasoning behind that
> decision.
--
WBR, Andrey V. Elsukov
___
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
Author: ae
Date: Wed Feb 13 15:46:05 2019
New Revision: 344103
URL: https://svnweb.freebsd.org/changeset/base/344103
Log:
In r335015 PCB destroing was made deferred using epoch_call().
But ipsec_delete_pcbpolicy() uses some VNET-virtualized variables,
and thus it needs VNET context, that
Author: ae
Date: Mon Feb 11 18:10:55 2019
New Revision: 344018
URL: https://svnweb.freebsd.org/changeset/base/344018
Log:
Remove `set' field from state structure and use set from parent rule.
Initially it was introduced because parent rule pointer could be freed,
and rule's information co
Author: ae
Date: Tue Jan 29 11:18:41 2019
New Revision: 343551
URL: https://svnweb.freebsd.org/changeset/base/343551
Log:
Fix the bug introduced in r342908, that causes problems with dynamic
handling for protocols without ports numbers.
Since port numbers were uninitialized for protocols
Author: ae
Date: Fri Jan 11 01:54:15 2019
New Revision: 342925
URL: https://svnweb.freebsd.org/changeset/base/342925
Log:
Relax requirement to packet size of CARP protocol and remove version check.
CARP shares protocol number 112 with VRRP (RFC 5798). And the size of
VRRP packet may be sm
Author: ae
Date: Thu Jan 10 02:01:20 2019
New Revision: 342909
URL: https://svnweb.freebsd.org/changeset/base/342909
Log:
Fix the build with INVARIANTS.
MFC after:1 month
Modified:
head/sys/netpfil/ipfw/ip_fw_pfil.c
Modified: head/sys/netpfil/ipfw/ip_fw_pfil.c
==
Author: ae
Date: Thu Jan 10 01:47:57 2019
New Revision: 342908
URL: https://svnweb.freebsd.org/changeset/base/342908
Log:
Reduce the size of struct ip_fw_args from 240 to 128 bytes on amd64.
And refactor the code to avoid unneeded initialization to reduce overhead
of per-packet processing.
Author: ae
Date: Fri Dec 21 10:41:45 2018
New Revision: 342298
URL: https://svnweb.freebsd.org/changeset/base/342298
Log:
Allow use underscores and dots in service names without escaping.
PR: 234237
MFC after:1 week
Modified:
head/sbin/ipfw/ipfw2.c
Modified: head/sbin/ip
Author: ae
Date: Thu Dec 13 08:59:51 2018
New Revision: 342030
URL: https://svnweb.freebsd.org/changeset/base/342030
Log:
Plug memory leak for AES_*_NIST_GMAC algorithms.
swcr_newsession() allocates sw_ictx for these algorithms, thus we need
to free() it in swcr_freesession().
PR:
Author: ae
Date: Mon Dec 10 16:23:11 2018
New Revision: 341799
URL: https://svnweb.freebsd.org/changeset/base/341799
Log:
Rework how protocol number is tracked in rule. Save it when O_PROTO
opcode will be printed. This should solve the problem, when protocol
name is not printed in `ipfw -N s
Author: ae
Date: Mon Dec 10 15:42:13 2018
New Revision: 341798
URL: https://svnweb.freebsd.org/changeset/base/341798
Log:
Use correct size for IPv4 address in gethostbyaddr().
When u_long is 8 bytes, it returns EINVAL and 'ipfw -N show' doesn't work.
Reported by: Claudio Eichenberger
Author: ae
Date: Tue Dec 4 16:12:43 2018
New Revision: 341472
URL: https://svnweb.freebsd.org/changeset/base/341472
Log:
Add ability to request listing and deleting only for dynamic states.
This can be useful, when net.inet.ip.fw.dyn_keep_states is enabled, but
after rules reloading some
Author: ae
Date: Tue Dec 4 16:01:25 2018
New Revision: 341471
URL: https://svnweb.freebsd.org/changeset/base/341471
Log:
Reimplement how net.inet.ip.fw.dyn_keep_states works.
Turning on of this feature allows to keep dynamic states when parent
rule is deleted. But it works only when the
Author: ae
Date: Tue Dec 4 15:12:28 2018
New Revision: 341469
URL: https://svnweb.freebsd.org/changeset/base/341469
Log:
Add assertion to check that named object has correct type.
Obtained from:Yandex LLC
MFC after:1 week
Modified:
head/sys/netpfil/ipfw/ip_fw_dynamic.c
Mo
Author: ae
Date: Fri Nov 30 10:36:14 2018
New Revision: 341334
URL: https://svnweb.freebsd.org/changeset/base/341334
Log:
Adapt the fix in r341008 to correctly work with EBR.
IFNET_RLOCK_NOSLEEP() is epoch_enter_preempt() in FreeBSD 12+. Holding
it in sysctl_rtsock() doesn't protect us fr
Author: ae
Date: Tue Nov 27 16:51:01 2018
New Revision: 341073
URL: https://svnweb.freebsd.org/changeset/base/341073
Log:
Do not limit the mbuf queue length for keepalive packets.
It was unlimited before overhaul, and one user reported that this limit
can be reached easily.
PR:
Author: ae
Date: Tue Nov 27 09:04:06 2018
New Revision: 341008
URL: https://svnweb.freebsd.org/changeset/base/341008
Log:
Fix possible panic during ifnet detach in rtsock.
The panic can happen, when some application does dump of routing table
using sysctl interface. To prevent this, set I
Author: ae
Date: Tue Nov 20 18:38:28 2018
New Revision: 340689
URL: https://svnweb.freebsd.org/changeset/base/340689
Log:
Make multiline APPLY_MASK() macro to be function-like.
Reported by: cem
MFC after:1 week
Modified:
head/sbin/ipfw/ipv6.c
head/sys/netinet/ip_fw.h
Modified:
Author: ae
Date: Fri Nov 16 14:21:57 2018
New Revision: 340477
URL: https://svnweb.freebsd.org/changeset/base/340477
Log:
Allow configuration of several ipsec interfaces with the same tunnel
endpoints.
This can be used to configure several IPsec tunnels between two hosts
with different
Author: ae
Date: Mon Nov 12 11:20:59 2018
New Revision: 340360
URL: https://svnweb.freebsd.org/changeset/base/340360
Log:
Add ability to use dynamic external prefix in ipfw_nptv6 module.
Now an interface name can be specified for nptv6 instance instead of
ext_prefix. The module will track
Author: ae
Date: Tue Nov 6 07:41:32 2018
New Revision: 340175
URL: https://svnweb.freebsd.org/changeset/base/340175
Log:
Do not print "ip6" keyword in print_icmp6types() for O_ICMP6TYPE opcode.
It produces incompatibility when rules listing is used again to
restore saved ruleset, because
Author: ae
Date: Sat Nov 3 20:05:50 2018
New Revision: 340100
URL: https://svnweb.freebsd.org/changeset/base/340100
Log:
Do not use bzero() for the O_ICMP6TYPE opcode.
The buffer is already zeroed in compile_rule() function, and also it
may contain configured F_NOT flag in o.len field. T
Author: ae
Date: Thu Oct 25 18:06:23 2018
New Revision: 339740
URL: https://svnweb.freebsd.org/changeset/base/339740
Log:
Use correct format specificator to print setdscp action.
PR: 232642
MFC after:3 days
Modified:
head/sbin/ipfw/ipfw2.c
Modified: head/sbin/ipfw/ipfw2.
s some PR that asks for adding CRC32 support to tha
loader commands. Maybe it is time to add something that can be used by
all consumers.
https://bugs.freebsd.org/bugzilla/buglist.cgi?list_id=256921&query_format=advanced&short_desc=crc32&short_desc_type=allwordssubstr
--
WBR, Andrey V. Elsukov
signature.asc
Description: OpenPGP digital signature
Author: ae
Date: Tue Oct 23 13:11:45 2018
New Revision: 339649
URL: https://svnweb.freebsd.org/changeset/base/339649
Log:
Add the check that current VNET is ready and access to srchash is allowed.
This change is similar to r339646. The callback that checks for appearing
and disappearing o
Author: ae
Date: Tue Oct 23 13:03:03 2018
New Revision: 339646
URL: https://svnweb.freebsd.org/changeset/base/339646
Log:
Add the check that current VNET is ready and access to srchash is
allowed.
ipsec_srcaddr() callback can be called during VNET teardown, since
ingress address checkin
Author: ae
Date: Tue Oct 23 12:50:28 2018
New Revision: 339642
URL: https://svnweb.freebsd.org/changeset/base/339642
Log:
Remove softc from idhash when interface is destroyed.
MFC after:20 days
Modified:
head/sys/net/if_ipsec.c
Modified: head/sys/net/if_ipsec.c
=
hdep.c:433
#25 0x811e0187 in cpu_idle (busy=0)
at /home/devel/freebsd/base/head/sys/x86/x86/cpu_machdep.c:581
#26 0x80bce5c7 in sched_idletd (dummy=)
at /home/devel/freebsd/base/head/sys/kern/sched_ule.c:2829
#27 0x80b5e574 in fork_exit (
callout=0xffffffff80bce0
t; and then free it so we don’t add a race condition) and then check for
> NULL in ipsec_srcaddr().
> It feels like the srcaddr_change_event needs to be per-vnet, so we can
> unregister before we free V_ipsec4_srchtbl.
I think the better fix would be adding IPSEC_WAIT() to
vnet_ipsec_uninit() before doing
Author: ae
Date: Sun Oct 21 18:39:34 2018
New Revision: 339556
URL: https://svnweb.freebsd.org/changeset/base/339556
Log:
Include to fix the build.
MFC after:1 month
Modified:
head/sys/netinet/ip_encap.c
Modified: head/sys/netinet/ip_encap.c
Author: ae
Date: Sun Oct 21 18:30:27 2018
New Revision: 339555
URL: https://svnweb.freebsd.org/changeset/base/339555
Log:
Follow the fix in r339532 (by glebius):
Fix exiting an epoch(9) we never entered. May happen only with MAC.
MFC after:1 month
Modified:
head/sys/net/if_ipsec.
Sun Oct 21 18:18:37 2018(r339553)
+++ head/sys/net/if_ipsec.c Sun Oct 21 18:24:20 2018(r339554)
@@ -1,6 +1,6 @@
/*-
- * Copyright (c) 2016 Yandex LLC
- * Copyright (c) 2016 Andrey V. Elsukov
+ * Copyright (c) 2016-2018 Yandex LLC
+ * Copyright (c) 2016-2018 Andrey V
Author: ae
Date: Sun Oct 21 18:18:37 2018
New Revision: 339553
URL: https://svnweb.freebsd.org/changeset/base/339553
Log:
Add handling for appearing/disappearing of ingress addresses to if_me(4).
* register handler for ingress address appearing/disappearing;
* add new srcaddr hash table f
Author: ae
Date: Sun Oct 21 18:13:45 2018
New Revision: 339552
URL: https://svnweb.freebsd.org/changeset/base/339552
Log:
Add handling for appearing/disappearing of ingress addresses to if_gre(4).
* register handler for ingress address appearing/disappearing;
* add new srcaddr hash table
Author: ae
Date: Sun Oct 21 18:06:15 2018
New Revision: 339551
URL: https://svnweb.freebsd.org/changeset/base/339551
Log:
Add handling for appearing/disappearing of ingress addresses to if_gif(4).
* register handler for ingress address appearing/disappearing;
* add new srcaddr hash table
Author: ae
Date: Sun Oct 21 17:55:26 2018
New Revision: 339550
URL: https://svnweb.freebsd.org/changeset/base/339550
Log:
Add KPI that can be used by tunneling interfaces to handle IP addresses
appearing and disappearing on the host system.
Such handling is need, because tunneling interfa
Author: ae
Date: Sun Oct 21 16:44:57 2018
New Revision: 339545
URL: https://svnweb.freebsd.org/changeset/base/339545
Log:
Do not decrement RST life time if keep_alive is not turned on.
This allows use differen values configured by user for sysctl variable
net.inet.ip.fw.dyn_rst_lifetime.
Author: ae
Date: Sun Oct 21 16:37:53 2018
New Revision: 339544
URL: https://svnweb.freebsd.org/changeset/base/339544
Log:
Call inet_ntop() only when its result is needed.
Obtained from:Yandex LLC
MFC after:3 weeks
Sponsored by: Yandex LLC
Modified:
head/sys/netpfil/ipfw/n
,
&cfg->stats, logdata) == 0)
NAT64STAT_INC(&cfg->stats, opcnt64);
return (NAT64RETURN);
Modified: head/sys/netpfil/ipfw/nat64/nat64_translate.h
==========
--- head/sys/netpfil/ipfw/nat64/n
Author: ae
Date: Sun Oct 21 15:02:06 2018
New Revision: 339537
URL: https://svnweb.freebsd.org/changeset/base/339537
Log:
Add ifaddr_event_ext event. It is similar to ifaddr_event, but the
handler receives the type of event IFADDR_EVENT_ADD/IFADDR_EVENT_DEL,
and the pointer to ifaddr. Also i
Author: ae
Date: Sun Oct 21 15:10:59 2018
New Revision: 339539
URL: https://svnweb.freebsd.org/changeset/base/339539
Log:
Add IPFW_RULE_JUSTOPTS flag, that is used by ipfw(8) to mark rule,
that was added using "new rule format". And then, when the kernel
returns rule with this flag, ipfw(8)
Author: ae
Date: Sun Oct 21 14:48:40 2018
New Revision: 339536
URL: https://svnweb.freebsd.org/changeset/base/339536
Log:
Fix grammar.
Reported by: yuripv
MFC after:3 weeks
Modified:
head/sbin/ifconfig/ifconfig.c
Modified: head/sbin/ifconfig/ifconfig.c
===
Author: ae
Date: Sun Oct 21 14:40:45 2018
New Revision: 339535
URL: https://svnweb.freebsd.org/changeset/base/339535
Log:
Do not allow use `create` keyword as hostname when ifconfig(8) is invoked
for already existing interface.
It appeared, that ifconfig(8) assumes `create` keyword as hos
Author: ae
Date: Sun Oct 21 14:19:16 2018
New Revision: 339533
URL: https://svnweb.freebsd.org/changeset/base/339533
Log:
Add sadb_x_sa2 extension to SADB_ACQUIRE requests.
SADB_ACQUIRE requests are send by kernel, when security policy doesn't
have corresponding security association for o
Author: ae
Date: Mon Oct 15 10:25:34 2018
New Revision: 339357
URL: https://svnweb.freebsd.org/changeset/base/339357
Log:
Add extra parentheses to fix "versrcreach" opcode, (oif != NULL) should
not be used as condition for ternary operator.
Submitted by: Tatsuki Makino
Approved by: re
was first formatted on 10, so it's not academic.
As a workaround you can try to copy first 34 sectors from old disk to
new using dd(1). And then use `gpart recover`. I think this should work.
--
WBR, Andrey V. Elsukov
signature.asc
Description: OpenPGP digital signature
Author: ae
Date: Mon Oct 1 10:46:00 2018
New Revision: 339039
URL: https://svnweb.freebsd.org/changeset/base/339039
Log:
Add INP_INFO_WUNLOCK_ASSERT() macro and use it instead of
INP_INFO_UNLOCK_ASSERT() in TCP-related code. For encapsulated traffic
it is possible, that the code is running
Author: ae
Date: Wed Sep 26 15:37:48 2018
New Revision: 338947
URL: https://svnweb.freebsd.org/changeset/base/338947
Log:
Add "src-ip" or "dst-ip" keyword to the output, when we are printing the
rest of rule options.
Reported by: lev
Approved by: re (gjb)
MFC after:1 week
Modif
Author: ae
Date: Wed Sep 26 14:47:51 2018
New Revision: 338945
URL: https://svnweb.freebsd.org/changeset/base/338945
Log:
Fix witness warning in xform_init().
Do not call crypto_newsession() while holding xforms_lock mutex.
Release mutex before invoking crypto_newsession(), and use
ipse
Author: ae
Date: Sat Sep 22 16:30:48 2018
New Revision: 338890
URL: https://svnweb.freebsd.org/changeset/base/338890
Log:
Update ifr_name before invoking IPSECSREQID ioctl, this fixes the case,
when `ifconfig ipsec create reqid N` command invoked without interface
unit number. The "name" glo
Author: ae
Date: Fri Sep 21 13:44:05 2018
New Revision: 338857
URL: https://svnweb.freebsd.org/changeset/base/338857
Log:
Fix possible NULL pointer dereference in ffec_alloc_mbufcl().
PR: 231514
Approved by: re (kib)
MFC after:1 week
Modified:
head/sys/dev/ffec/if_ffec
Author: ae
Date: Thu Sep 20 19:45:27 2018
New Revision: 338839
URL: https://svnweb.freebsd.org/changeset/base/338839
Log:
Add new field max_hdrsize to struct encap_config.
It is currently unused and reserved for future use to keep KBI/KPI.
Also add several spare pointers to be able extend
potential problem can occur when
xform that is going to be detached placed is some kld. I.e. some
application invokes SA creation and another thread does kldunload
ipsec_esp.ko (currently we don't have such module, but...)
So, when we drop XFORMS_LOCK after check "entry->xf_type == xftype",
xf_init can become unavailable due to kldunload happened.
--
WBR, Andrey V. Elsukov
signature.asc
Description: OpenPGP digital signature
Author: ae
Date: Mon Sep 17 10:10:14 2018
New Revision: 338708
URL: https://svnweb.freebsd.org/changeset/base/338708
Log:
Restore outbound packets capturing for if_gre(4). It was missed in r335048.
Also clear M_MCAST and M_BCAST flags for encapsulated datagram, since it
will have new IP head
On 16.08.2018 21:34, Alan Somers wrote:
> On Tue, Aug 14, 2018 at 1:54 AM, Andrey V. Elsukov <mailto:a...@freebsd.org>> wrote:
>
> Author: ae
> Date: Tue Aug 14 07:54:14 2018
> New Revision: 337736
> URL: https://svnweb.freebsd.org/changes
c4be at sendit+0x19e
#13 0x80c3c30d at sys_sendto+0x4d
#14 0x8107e9c1 at amd64_syscall+0x281
#15 0x8105846d at fast_syscall_common+0x101
--
WBR, Andrey V. Elsukov
signature.asc
Description: OpenPGP digital signature
m0 flags=1
laggport: re0 flags=4
groups: lagg
media: Ethernet autoselect
status: active
nd6 options=21
--
WBR, Andrey V. Elsukov
GNU gdb (GDB) 8.1 [GDB v8.1 for FreeBSD]
Copyright (C) 2018 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <
Author: ae
Date: Thu Aug 16 09:19:06 2018
New Revision: 337900
URL: https://svnweb.freebsd.org/changeset/base/337900
Log:
Properly initialize IP version in IPv6 header. This was missed in r334673.
Reported by: Lars Schotte
Modified:
head/sys/netinet6/in6_gif.c
Modified: head/sys/netin
Author: ae
Date: Tue Aug 14 07:54:14 2018
New Revision: 337736
URL: https://svnweb.freebsd.org/changeset/base/337736
Log:
Restore ability to send ICMP and ICMPv6 redirects.
It was lost when tryforward appeared. Now ip[6]_tryforward will be enabled
only when sending redirects for correspon
Author: ae
Date: Fri Aug 10 14:10:22 2018
New Revision: 337574
URL: https://svnweb.freebsd.org/changeset/base/337574
Log:
Restore the behaviour changed in r337536, when bad `ipfw delete` command
returns error.
Now -q option only makes it quiet. And when -f flag is specified, the
command
Author: ae
Date: Fri Aug 10 07:24:01 2018
New Revision: 337568
URL: https://svnweb.freebsd.org/changeset/base/337568
Log:
Remove unneeded ipsec-related includes.
Reviewed by: rrs
Differential Revision:https://reviews.freebsd.org/D16637
Modified:
head/sys/netinet/tcp_hpts.c
Mo
forcibly execute the command. The description in man page can be
modified to correctly describe the case with "delete" command.
--
WBR, Andrey V. Elsukov
signature.asc
Description: OpenPGP digital signature
___
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
?
ipfw: no rules rules in 1-11000 range
0
# ipfw -qf delete 1-11000 ; echo $?
0
# ipfw -q delete 1-11000 ; echo $?
69
Are you fine with this?
--
WBR, Andrey V. Elsukov
signature.asc
Description: OpenPGP digital signature
on of the -q flag
> is already 2x as long as it should be in a good design.
I have a feeling you are watching each my commit and comment it :)
I did not designed this behavior, at work we use another tool to work
with rules and tables. I'm fine with reverting this change. Do you want
to restore previous behavior?
AFAIR, julian@ complains that ipfw(8) has some error states that should
be removed.
--
WBR, Andrey V. Elsukov
signature.asc
Description: OpenPGP digital signature
s a remote login session. It also stops a table add
or delete from failing if the entry already exists or is not
present.
table add/delete commands had the same behavior, "nat" already noted in
this list. What is the usage scenario do you use, where you need to fail
on ba
batched `delete` commands and do not fail when
>> found nonexistent rule.
>
> So now I can not code a quiet ipfw command that does fail when
> I give it a bad delete command :-(.
Previously -q did not handled by delete command, so you can just use bad
"ipfw delete" without -q :)
--
WBR, Andrey V. Elsukov
signature.asc
Description: OpenPGP digital signature
Author: ae
Date: Thu Aug 9 12:46:30 2018
New Revision: 337536
URL: https://svnweb.freebsd.org/changeset/base/337536
Log:
If -q flag is specified, do not complain when we are trying to delete
nonexistent NAT instance or nonexistent rule.
This allows execute batched `delete` commands and d
Author: ae
Date: Wed Aug 8 17:32:02 2018
New Revision: 337469
URL: https://svnweb.freebsd.org/changeset/base/337469
Log:
Use host byte order when comparing mss values.
This fixes tcp-setmss action on little endian machines.
PR: 225536
Submitted by: John Zielinski
Modified
be about? My wpa_supplicant.conf is fairly
> minimal with exactly one network specified.
Hi,
Yesterday I updated my notebook (with iwm(4)) and also noticed that
wi-fi connection periodically breaks. /etc/rc.d/wpa_supplicant restart
wlan0 helps. After your message I reinstalled wpa_suppli
Author: ae
Date: Tue Jul 17 11:33:23 2018
New Revision: 336405
URL: https://svnweb.freebsd.org/changeset/base/336405
Log:
Move invoking of callout_stop(&lle->lle_timer) into llentry_free().
This deduplicates the code a bit, and also implicitly adds missing
callout_stop() to in[6]_lltable_
Author: ae
Date: Thu Jul 12 11:38:18 2018
New Revision: 336219
URL: https://svnweb.freebsd.org/changeset/base/336219
Log:
Use correct size when we are allocating array for skipto index.
Also, there is no need to use M_ZERO for idxmap_back. It will be
re-filled just after allocation in upd
Author: ae
Date: Mon Jul 9 11:35:18 2018
New Revision: 336132
URL: https://svnweb.freebsd.org/changeset/base/336132
Log:
Add "record-state", "set-limit" and "defer-action" rule options to ipfw.
"record-state" is similar to "keep-state", but it doesn't produce implicit
O_PROBE_STATE opcod
Author: ae
Date: Mon Jul 9 11:03:28 2018
New Revision: 336131
URL: https://svnweb.freebsd.org/changeset/base/336131
Log:
Deduplicate the code.
Add generic function if_tunnel_check_nesting() that does check for
allowed nesting level for tunneling interfaces and also does loop
detection.
, last, uh);
if (udp6_append(last, m, off, fromsa) == 0)
INP_RUNLOCK(last);
--
WBR, Andrey V. Elsukov
signature.asc
Description: OpenPGP digital signature
Author: ae
Date: Fri Jun 29 13:59:33 2018
New Revision: 335795
URL: https://svnweb.freebsd.org/changeset/base/335795
Log:
Make debug output produced by `setkey -x` command a more human readable.
Add text names of SADB message types and extension headers to the output.
Obtained from:
Author: ae
Date: Thu Jun 28 11:39:27 2018
New Revision: 335760
URL: https://svnweb.freebsd.org/changeset/base/335760
Log:
Add NULL pointer check.
encap_lookup_t method can be invoked by IP encap subsytem even if none
of gif/gre/me interfaces are exist. Hash tables are allocated on demand,
Author: ae
Date: Thu Jun 28 09:42:30 2018
New Revision: 335759
URL: https://svnweb.freebsd.org/changeset/base/335759
Log:
Remove extra "ipfw" from example.
MFC after:1 week
Modified:
head/sbin/ipfw/ipfw.8
Modified: head/sbin/ipfw/ipfw.8
==
Author: ae
Date: Tue Jun 19 10:34:45 2018
New Revision: 335362
URL: https://svnweb.freebsd.org/changeset/base/335362
Log:
Move BPFIF_* macro definitions into .c file, where struct bpf_if is
declared.
They are only used in this file and there is no need to export them via
bpfdesc.h.
Mod
Author: ae
Date: Sat Jun 16 19:21:09 2018
New Revision: 335262
URL: https://svnweb.freebsd.org/changeset/base/335262
Log:
Fix typo.
Reported by: rpokala
Modified:
head/sys/net/radix.h
Modified: head/sys/net/radix.h
===
Author: ae
Date: Sat Jun 16 08:26:23 2018
New Revision: 335250
URL: https://svnweb.freebsd.org/changeset/base/335250
Log:
Switch RIB and RADIX_NODE_HEAD lock from rwlock(9) to rmlock(9).
Using of rwlock with multiqueue NICs for IP forwarding on high pps
produces high lock contention and i
Author: ae
Date: Thu Jun 14 15:04:30 2018
New Revision: 335144
URL: https://svnweb.freebsd.org/changeset/base/335144
Log:
Add missing BPF_MTAP2() for outbound packets.
Modified:
head/sys/net/if_me.c
Modified: head/sys/net/if_me.c
==
==
--- head/sys/net/if_me.cThu Jun 14 14:53:01 2018(r335140)
+++ head/sys/net/if_me.cThu Jun 14 14:53:24 2018(r335141)
@@ -1,5 +1,5 @@
/*-
- * Copyright (c) 2014 Andrey V. Elsukov
+ * Copyright (c) 2014, 2018
Author: ae
Date: Thu Jun 14 11:15:39 2018
New Revision: 335133
URL: https://svnweb.freebsd.org/changeset/base/335133
Log:
In m_megapullup() use m_getjcl() to allocate 9k or 16k mbuf when requested.
It is better to try allocate a big mbuf, than just silently drop a big
packet. A better sol
Author: ae
Date: Thu Jun 14 09:36:25 2018
New Revision: 335129
URL: https://svnweb.freebsd.org/changeset/base/335129
Log:
Add NULL check like the rest of code has.
It is possible that ifma_protospec becomes NULL in this function for
some entry, but it is still referenced and thus it will
Author: ae
Date: Thu Jun 14 09:29:39 2018
New Revision: 335128
URL: https://svnweb.freebsd.org/changeset/base/335128
Log:
Remove stale comment. in6_ifdetach() can be called from places
where addresses are not removed yet.
Modified:
head/sys/netinet6/in6_ifattach.c
Modified: head/sys/netin
NetBSD Foundation, Inc.
- * Copyright (c) 2014 Andrey V. Elsukov
+ * Copyright (c) 2014, 2018 Andrey V. Elsukov
* All rights reserved.
*
* This code is derived from software contributed to The NetBSD Foundation
@@ -41,17 +41,13 @@ __FBSDID("$FreeBSD$");
#include "opt_inet6
> How does Cisco, Juniper, etc at handle this?
> Do any of them or all of them allow you to "down" loopback?
AFAIK, they allow this.
--
WBR, Andrey V. Elsukov
signature.asc
Description: OpenPGP digital signature
Author: ae
Date: Sat Jun 9 09:57:14 2018
New Revision: 334875
URL: https://svnweb.freebsd.org/changeset/base/334875
Log:
Explicitly change the link state when we assingn an address.
Since we are setting IFF_UP flag on SIOCSIFADDR, it is possible, that
after this link state information st
Author: ae
Date: Wed Jun 6 13:01:53 2018
New Revision: 334709
URL: https://svnweb.freebsd.org/changeset/base/334709
Log:
Make in_delayed_cksum() be similar to IPv6 implementation.
Use m_copyback() function to write checksum when it isn't located
in the first mbuf of the chain. Handmade a
Author: ae
Date: Wed Jun 6 10:46:24 2018
New Revision: 334707
URL: https://svnweb.freebsd.org/changeset/base/334707
Log:
Use m_copyback() function to write delayed checksum when it isn't located
in the first mbuf of the chain.
MFC after:1 week
Modified:
head/sys/netinet6/ip6_outpu
Author: ae
Date: Wed Jun 6 05:17:21 2018
New Revision: 334703
URL: https://svnweb.freebsd.org/changeset/base/334703
Log:
Fix LINT-NOINET build.
Use known at build time size for min_length value. Also remove the
check from in6_gre_encapcheck(), now it is done in generic code.
Modified:
101 - 200 of 1048 matches
Mail list logo