Jun 5 21:24:59 2018(r334673)
@@ -2,6 +2,7 @@
* SPDX-License-Identifier: BSD-3-Clause
*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
+ * Copyright (c) 2018 Andrey V. Elsukov
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
unc(AF_INET, -1, gif_encapcheck,
- &in_gif_protosw, sc);
- if (sc->gif_ecookie == NULL)
- return (EEXIST);
+ sc->gif_ecookie = ip_encap_attach(&ipv4_encap_cfg, sc, M_WAITOK);
return (0);
}
Modified: head/sys/netinet/ip_encap.c
===
Author: ae
Date: Tue Jun 5 20:54:29 2018
New Revision: 334672
URL: https://svnweb.freebsd.org/changeset/base/334672
Log:
Constify argument of in6_getscope().
Modified:
head/sys/netinet6/scope6.c
head/sys/netinet6/scope6_var.h
Modified: head/sys/netinet6/scope6.c
==
Author: ae
Date: Tue Jun 5 19:23:23 2018
New Revision: 334667
URL: https://svnweb.freebsd.org/changeset/base/334667
Log:
tcp_lro.h requires , include it directly instead of
indirect inclusion trough if_gif.h
Modified:
head/sys/dev/liquidio/lio_bsd.h
Modified: head/sys/dev/liquidio/lio_bsd
Author: ae
Date: Tue May 29 12:32:08 2018
New Revision: 334324
URL: https://svnweb.freebsd.org/changeset/base/334324
Log:
Remove empty encap_init() function.
MFC after:2 weeks
Modified:
head/sys/netinet/in_proto.c
head/sys/netinet/ip_encap.c
head/sys/netinet/ip_encap.h
head/sys
Author: ae
Date: Mon May 28 09:23:28 2018
New Revision: 334278
URL: https://svnweb.freebsd.org/changeset/base/334278
Log:
Temporary disable SPDCACHE statistic accounting until proper fix will be
committed. This fixes the kernel build without option IPSEC.
Modified:
head/sys/netipsec/key.c
Author: ae
Date: Tue May 22 13:28:05 2018
New Revision: 334039
URL: https://svnweb.freebsd.org/changeset/base/334039
Log:
Restore the ability to keep states after parent rule deletion.
This feature is disabled by default and was removed when dynamic states
implementation changed to be loc
Author: ae
Date: Mon May 21 16:19:00 2018
New Revision: 333986
URL: https://svnweb.freebsd.org/changeset/base/333986
Log:
Remove check for matching the rulenum, ruleid and rule pointer from
dyn_lookup_ipv[46]_state_locked(). These checks are remnants of not
ready to be committed code, and th
Author: ae
Date: Fri May 18 12:12:24 2018
New Revision: 333787
URL: https://svnweb.freebsd.org/changeset/base/333787
Log:
Make the name of option that toggles IFCAP_HWRXTSTMP capability to
match the name of this capability. It was added recently and is not merged
to stable branch, so I hope
Author: ae
Date: Fri May 11 16:50:25 2018
New Revision: 333497
URL: https://svnweb.freebsd.org/changeset/base/333497
Log:
Apply the change from r272770 to if_ipsec(4) interface.
It is guaranteed that if_ipsec(4) interface is used only for tunnel
mode IPsec, i.e. decrypted and decapsultaed
Author: ae
Date: Thu May 10 12:25:01 2018
New Revision: 333458
URL: https://svnweb.freebsd.org/changeset/base/333458
Log:
Fix the printing of rule comments.
Change uint8_t type of opcode argument to int in the print_opcode()
function. Use negative value to print the rest of opcodes, becau
Author: ae
Date: Wed May 9 12:25:23 2018
New Revision: 333406
URL: https://svnweb.freebsd.org/changeset/base/333406
Log:
Update NAT64 documentation, now we support any IPv6 prefixes.
MFC after:1 month
Modified:
head/sbin/ipfw/ipfw.8
Modified: head/sbin/ipfw/ipfw.8
=
,6 @@ SRCS+= nat64lsn.c nat64lsn_control.c
SRCS+= nat64stl.c nat64stl_control.c
SRCS+= opt_ipfw.h
+#CFLAGS+= -DIPFIREWALL_NAT64_DIRECT_OUTPUT
+
.include
Modified: head/sys/netpfil/ipfw/nat64/ip_fw_nat64.c
==========
--
Author: ae
Date: Wed May 9 10:50:51 2018
New Revision: 333400
URL: https://svnweb.freebsd.org/changeset/base/333400
Log:
Add IFCAP_LINKSTATE support to if_loop(4).
Reviewed by: wollman
Obtained from:Yandex LLC
MFC after:3 weeks
Differential Revision:https://revie
Author: ae
Date: Fri May 4 09:28:12 2018
New Revision: 333244
URL: https://svnweb.freebsd.org/changeset/base/333244
Log:
Immediately propagate EACCES error code to application from tcp_output.
In r309610 and r315514 the behavior of handling EACCES was changed, and
tcp_output() now return
Author: ae
Date: Thu Apr 26 12:23:31 2018
New Revision: 333016
URL: https://svnweb.freebsd.org/changeset/base/333016
Log:
Merge r1.22-1.23 from NetBSD:
Don't assume M_PKTHDR is set only on the first mbuf of the chain.
The check is replaced by (m1 != m), which is equivalent to the previou
Author: ae
Date: Mon Apr 23 12:20:07 2018
New Revision: 332886
URL: https://svnweb.freebsd.org/changeset/base/332886
Log:
icmp6_reflect() sends ICMPv6 message with new IPv6 header. So, it is
considered as originated by our host packet. And thus rcvif should be
NULL, since it is used by ipfw(
Author: ae
Date: Fri Apr 20 09:57:31 2018
New Revision: 332812
URL: https://svnweb.freebsd.org/changeset/base/332812
Log:
Add dead_bpf_if structure, that should be used as fake bpf_if
during ifnet detach.
Since destroying interface is not atomic operation and due to the
lack of synhroni
Author: ae
Date: Fri Apr 13 16:13:59 2018
New Revision: 332475
URL: https://svnweb.freebsd.org/changeset/base/332475
Log:
Add check that mbuf had not multicast layer2 address.
Such packets should be handled by ip6_mforward().
Obtained from:Yandex LLC
MFC after:1 week
Spons
Author: ae
Date: Fri Apr 13 10:03:30 2018
New Revision: 332467
URL: https://svnweb.freebsd.org/changeset/base/332467
Log:
To avoid possible deadlock do not acquire JQUEUE_LOCK before callout_drain.
Obtained from:Yandex LLC
MFC after:1 week
Sponsored by: Yandex LLC
Modified:
Author: ae
Date: Thu Apr 12 21:29:40 2018
New Revision: 332459
URL: https://svnweb.freebsd.org/changeset/base/332459
Log:
Fix integer types mismatch for flags field in nat64stl_cfg structure.
Also preserve internal flags on NAT64STL reconfiguration.
Obtained from:Yandex LLC
M
Author: ae
Date: Thu Apr 12 21:13:30 2018
New Revision: 332457
URL: https://svnweb.freebsd.org/changeset/base/332457
Log:
Use cfg->nomatch_verdict as return value from NAT64LSN handler when
given mbuf is considered as not matched.
If mbuf was consumed or freed during handling, we must ret
Author: ae
Date: Thu Apr 12 21:05:20 2018
New Revision: 332456
URL: https://svnweb.freebsd.org/changeset/base/332456
Log:
Migrate NAT64 to FIB KPI.
Obtained from:Yandex LLC
MFC after:1 week
Modified:
head/sys/netpfil/ipfw/nat64/nat64_translate.c
head/sys/netpfil/ipfw/nat6
Author: ae
Date: Thu Apr 12 20:05:26 2018
New Revision: 332451
URL: https://svnweb.freebsd.org/changeset/base/332451
Log:
Fix indenting in ipv6.c file, use tabs instead of mixing tabs and spaces.
MFC after:1 week
Modified:
head/sbin/ipfw/ipv6.c
Modified: head/sbin/ipfw/ipv6.c
==
Author: ae
Date: Thu Apr 12 19:44:04 2018
New Revision: 332449
URL: https://svnweb.freebsd.org/changeset/base/332449
Log:
Remove printing of "not" keyword from print_ip6() function.
After r331668 handling of F_NOT flag done in one place by
print_instruction() function. Also remove unused
Author: ae
Date: Thu Apr 12 19:34:35 2018
New Revision: 332448
URL: https://svnweb.freebsd.org/changeset/base/332448
Log:
Remove printing of "not" keyword from print_ip() function.
After r331668 handling of F_NOT flag done in one place by
print_instruction() function.
MFC after:1
Author: ae
Date: Wed Mar 28 12:44:28 2018
New Revision: 331668
URL: https://svnweb.freebsd.org/changeset/base/331668
Log:
Rework ipfw rules parsing and printing code.
Introduce show_state structure to keep information about printed opcodes.
Split show_static_rule() function into several s
Author: ae
Date: Mon Mar 19 10:50:27 2018
New Revision: 331203
URL: https://svnweb.freebsd.org/changeset/base/331203
Log:
Remove note that `fwd tablearg` is supported only by IPv4. IPv6 is
supported too.
MFC after:1 week
Modified:
head/sbin/ipfw/ipfw.8
Modified: head/sbin/ipfw/ipf
Author: ae
Date: Mon Mar 12 09:40:46 2018
New Revision: 330792
URL: https://svnweb.freebsd.org/changeset/base/330792
Log:
Do not try to reassemble IPv6 fragments in "reass" rule.
ip_reass() expects IPv4 packet and will just corrupt any IPv6 packets
that it gets. Until proper IPv6 fragment
Author: ae
Date: Sun Mar 11 19:26:34 2018
New Revision: 330781
URL: https://svnweb.freebsd.org/changeset/base/330781
Log:
Update pfkey_open() function to set socket's write buffer size to
128k and receive buffer size to 2MB. In case if system has bigger
default values, do not lower them.
Author: ae
Date: Sun Mar 11 19:14:01 2018
New Revision: 330779
URL: https://svnweb.freebsd.org/changeset/base/330779
Log:
Rework key_sendup_mbuf() a bit:
o count in_nomem counter when we have failed to allocate mbuf for
promisc socket;
o count in_msgtarget counter when we have secussf
Author: ae
Date: Sun Mar 11 18:46:40 2018
New Revision: 330777
URL: https://svnweb.freebsd.org/changeset/base/330777
Log:
Add KASSERT to check that proper targed was used.
MFC after:2 weeks
Modified:
head/sys/netipsec/keysock.c
Modified: head/sys/netipsec/keysock.c
=
Author: ae
Date: Sun Mar 11 18:37:55 2018
New Revision: 330775
URL: https://svnweb.freebsd.org/changeset/base/330775
Log:
Replace panic() with KASSERTs.
MFC after:2 weeks
Modified:
head/sys/netipsec/keysock.c
Modified: head/sys/netipsec/keysock.c
Author: ae
Date: Sun Mar 11 18:10:59 2018
New Revision: 330772
URL: https://svnweb.freebsd.org/changeset/base/330772
Log:
Check that we have PF_KEY sockets before iterating over all RAW sockets.
MFC after:2 weeks
Modified:
head/sys/netipsec/keysock.c
Modified: head/sys/netipsec/keys
Author: ae
Date: Sun Mar 11 18:03:55 2018
New Revision: 330771
URL: https://svnweb.freebsd.org/changeset/base/330771
Log:
Remove obsoleted and unused key_sendup() function.
Also remove declaration for nonexistend key_usrreq() function.
MFC after:2 weeks
Modified:
head/sys/netipsec/
Author: ae
Date: Tue Mar 6 12:58:00 2018
New Revision: 330537
URL: https://svnweb.freebsd.org/changeset/base/330537
Log:
Add mapping for several ethernet types used by Linux to FreeBSD
ethernet types.
Reviewed by: hselasky
MFC after:1 week
Differential Revision:https://r
Author: ae
Date: Tue Mar 6 12:01:31 2018
New Revision: 330536
URL: https://svnweb.freebsd.org/changeset/base/330536
Log:
Define ethernet type 0x88A8 as ETHERTYPE_QINQ.
Reviewed by: kp
Obtained from:OpenBSD
MFC after:1 week
Differential Revision:https://reviews.fr
Author: ae
Date: Mon Feb 19 12:20:51 2018
New Revision: 329563
URL: https://svnweb.freebsd.org/changeset/base/329563
Log:
Remove unused variables and sysctl declaration.
MFC after:1 week
Modified:
head/sys/netipsec/ipsec.c
head/sys/netipsec/ipsec.h
Modified: head/sys/netipsec/ipse
Author: ae
Date: Mon Feb 19 11:14:38 2018
New Revision: 329561
URL: https://svnweb.freebsd.org/changeset/base/329561
Log:
Check packet length to do not make out of bounds access. Also save ah_nxt
value to use it later, since ah pointer can become invalid.
Reported by: Maxime Villard
M
Author: ae
Date: Sat Feb 10 10:13:17 2018
New Revision: 329101
URL: https://svnweb.freebsd.org/changeset/base/329101
Log:
Reinitialize IP header length after checksum calculation. It is used
later by TCP-MD5 code.
This fixes the problem with broken TCP-MD5 over IPv4 when NIC has
disable
Author: ae
Date: Wed Feb 7 19:12:05 2018
New Revision: 328989
URL: https://svnweb.freebsd.org/changeset/base/328989
Log:
Remove duplicate #include .
Modified:
head/sys/netpfil/ipfw/ip_fw_dynamic.c
Modified: head/sys/netpfil/ipfw/ip_fw_dynamic.c
==
break;
Modified: head/sys/netpfil/ipfw/ip_fw_dynamic.c
==
--- head/sys/netpfil/ipfw/ip_fw_dynamic.c Wed Feb 7 18:50:36 2018
(r328987)
+++ head/sys/netpfil/ipfw/ip_fw_dynamic.c W
Author: ae
Date: Mon Feb 5 09:22:07 2018
New Revision: 328876
URL: https://svnweb.freebsd.org/changeset/base/328876
Log:
Modify ip6_get_prevhdr() to be able use it safely.
Instead of returning pointer to the previous header, return its offset.
In frag6_input() use m_copyback() and determ
Author: ae
Date: Fri Feb 2 07:39:34 2018
New Revision: 328770
URL: https://svnweb.freebsd.org/changeset/base/328770
Log:
Merge r1.120 from NetBSD:
Fix a pretty simple, yet pretty tragic typo: we should return IPPROTO_DONE,
not IPPROTO_NONE. With IPPROTO_NONE we will keep parsing the hea
On 29.01.2018 14:03, Andrey V. Elsukov wrote:
> Log:
> Do not skip scope zone violation check, when mbuf has M_FASTFWD_OURS flag.
>
> When mbuf has M_FASTFWD_OURS flag, this means that a destination address
> is our local, but we still need to pass scope zone violation che
Author: ae
Date: Mon Jan 29 11:03:29 2018
New Revision: 328541
URL: https://svnweb.freebsd.org/changeset/base/328541
Log:
Do not skip scope zone violation check, when mbuf has M_FASTFWD_OURS flag.
When mbuf has M_FASTFWD_OURS flag, this means that a destination address
is our local, but w
Author: ae
Date: Mon Jan 29 10:33:55 2018
New Revision: 328540
URL: https://svnweb.freebsd.org/changeset/base/328540
Log:
Assign IPv6 link-local address to loopback interfaces whith unit > 0.
When an interface has IFF_LOOPBACK flag in6_ifattach() tries to assing
IPv6 loopback address to t
Author: ae
Date: Wed Jan 24 19:48:25 2018
New Revision: 328352
URL: https://svnweb.freebsd.org/changeset/base/328352
Log:
Adopt revision 1.76 and 1.77 from NetBSD:
Fix a vulnerability in IPsec-IPv6-AH, that allows an attacker to remotely
crash the kernel with a single packet.
In t
Author: ae
Date: Wed Jan 24 19:06:44 2018
New Revision: 328350
URL: https://svnweb.freebsd.org/changeset/base/328350
Log:
Merge revision 1.35 from NetBSD:
fix pointer/offset mistakes in handling of IPv4 options
Reported by: Maxime Villard
MFC after:1 week
Modified:
head/sys/n
Author: ae
Date: Wed Jan 24 12:40:28 2018
New Revision: 328326
URL: https://svnweb.freebsd.org/changeset/base/328326
Log:
When IPv6 packet is handled by O_REJECT opcode, convert ICMP code
specified in the arg1 into ICMPv6 destination unreachable code according
to RFC7915.
Obtained from:
Author: ae
Date: Fri Jan 19 20:33:47 2018
New Revision: 328171
URL: https://svnweb.freebsd.org/changeset/base/328171
Log:
Rename "index" variable to "idx" since gcc complains that it shadows
index(3) function declaration.
Reported by: lwhsu
MFC after:2 weeks
Modified:
head/contr
Author: ae
Date: Fri Jan 19 12:50:03 2018
New Revision: 328161
URL: https://svnweb.freebsd.org/changeset/base/328161
Log:
Add UDPLite support to ipfw(4).
Now it is possible to use UDPLite's port numbers in rules,
create dynamic states for UDPLite packets and see "UDPLite" for matched
pa
Author: ae
Date: Fri Jan 19 08:48:14 2018
New Revision: 328160
URL: https://svnweb.freebsd.org/changeset/base/328160
Log:
Add to bsnmpd(1) ability to specify multiple community strings with
different access rights.
By default there are two community strings with index 1 and 2, one for
r
y such option:
> head:src> grep -ri rss sys/amd64/conf/
> head:src>
>
> Any other ideas on where it might be or is it just the default on HEAD?
"options RSS" is not in the GENERIC kernel and it is defined in sys/conf/*
--
WBR, Andrey V. Elsukov
signature.asc
Description: OpenPGP digital signature
se 2 lines show up as null changes in the diff
> I can not see any change, not even white space.
They are sorted by size according to style(9).
--
WBR, Andrey V. Elsukov
signature.asc
Description: OpenPGP digital signature
Author: ae
Date: Sun Dec 24 01:55:12 2017
New Revision: 327140
URL: https://svnweb.freebsd.org/changeset/base/327140
Log:
Fix rule number truncation, use uint16_t type to specify rulenum.
PR: 224555
MFC after:1 week
Modified:
head/sbin/ipfw/ipfw2.c
Modified: head/sbin/ip
Author: ae
Date: Sat Dec 16 14:36:21 2017
New Revision: 326898
URL: https://svnweb.freebsd.org/changeset/base/326898
Log:
Fix possible memory leak.
vxlan_ftable entries are sorted in ascending order, due to wrong arguments
order it is possible to stop search before existing element will b
Author: ae
Date: Fri Dec 15 12:37:32 2017
New Revision: 326876
URL: https://svnweb.freebsd.org/changeset/base/326876
Log:
Follow the RFC6980 and silently ignore following IPv6 NDP messages
that had the IPv6 fragmentation header:
o Neighbor Solicitation
o Neighbor Advertisement
o Ro
Author: ae
Date: Thu Dec 14 12:54:20 2017
New Revision: 326847
URL: https://svnweb.freebsd.org/changeset/base/326847
Log:
Fix mbuf leak when TCPMD5_OUTPUT() method returns error.
PR: 223817
MFC after:1 week
Modified:
head/sys/netinet/tcp_output.c
Modified: head/sys/netin
Author: ae
Date: Mon Dec 4 09:17:28 2017
New Revision: 326510
URL: https://svnweb.freebsd.org/changeset/base/326510
Log:
Fix format string warning with enabled DEBUGGING.
MFC after:1 week
Modified:
head/contrib/bsnmp/snmpd/config.c
Modified: head/contrib/bsnmp/snmpd/config.c
==
Author: ae
Date: Fri Dec 1 09:59:42 2017
New Revision: 326422
URL: https://svnweb.freebsd.org/changeset/base/326422
Log:
Do better cleaning in key_destroy() for VIMAGE case.
SPDB was cleaned using TAILQ_CONCAT() instead of calling key_unlink()
for each SP, thus we need to properly clean
Author: ae
Date: Thu Nov 23 08:02:02 2017
New Revision: 326118
URL: https://svnweb.freebsd.org/changeset/base/326118
Log:
Modify ipfw's dynamic states KPI.
Hide the locking logic used in the dynamic states implementation from
generic code. Rename ipfw_install_state() and ipfw_lookup_dyn_r
Author: ae
Date: Thu Nov 23 07:05:25 2017
New Revision: 326117
URL: https://svnweb.freebsd.org/changeset/base/326117
Log:
Check that address family of state matches address family of packet.
If it is not matched avoid comparing other state fields.
Obtained from:Yandex LLC
MFC
Author: ae
Date: Thu Nov 23 06:04:57 2017
New Revision: 326116
URL: https://svnweb.freebsd.org/changeset/base/326116
Log:
Move ipfw_send_pkt() from ip_fw_dynamic.c into ip_fw2.c.
It is not specific for dynamic states function and called also from
generic code.
Obtained from:Yand
Author: ae
Date: Thu Nov 23 05:55:53 2017
New Revision: 326115
URL: https://svnweb.freebsd.org/changeset/base/326115
Log:
Rework rule ranges matching. Use comparison rule id with UINT32_MAX to
match all rules with the same rule number.
Obtained from:Yandex LLC
MFC after:1 we
Author: ae
Date: Wed Nov 22 05:49:21 2017
New Revision: 326086
URL: https://svnweb.freebsd.org/changeset/base/326086
Log:
Add ipfw_add_protected_rule() function that creates rule with 65535
number in the reserved set 31. Use this function to create default rule.
Obtained from:Yand
Author: ae
Date: Fri Nov 17 23:25:06 2017
New Revision: 325962
URL: https://svnweb.freebsd.org/changeset/base/325962
Log:
Add comment for accidentally committed unrelated change in r325960.
Do not invoke IPv4 NAT handler for non IPv4 packets. Libalias expects
a packet is IPv4. And in case
Author: ae
Date: Fri Nov 17 22:40:02 2017
New Revision: 325960
URL: https://svnweb.freebsd.org/changeset/base/325960
Log:
Unconditionally enable support for O_IPSEC opcode.
IPsec support can be loaded as kernel module, thus do not depend from
kernel option IPSEC and always build O_IPSEC o
Author: ae
Date: Fri Nov 3 11:33:13 2017
New Revision: 325355
URL: https://svnweb.freebsd.org/changeset/base/325355
Log:
Use correct pointer in key_updateaddresses() when updating NAT-T config.
key_updateaddresses() is used to update SA addresses and NAT-T
configuration in SADB_UPDATE me
Author: ae
Date: Tue Oct 24 08:39:05 2017
New Revision: 324947
URL: https://svnweb.freebsd.org/changeset/base/324947
Log:
Add IPv6 support for O_TCPDATALEN opcode.
PR: 222746
MFC after:1 week
Modified:
head/sys/netpfil/ipfw/ip_fw2.c
Modified: head/sys/netpfil/ipfw/ip_fw2
Author: ae
Date: Fri Oct 13 11:11:53 2017
New Revision: 324593
URL: https://svnweb.freebsd.org/changeset/base/324593
Log:
Fix regression in handling O_FORWARD_IP opcode after r279948.
To properly handle 'fwd tablearg,port' opcode, copy sin_port value from
sockaddr_in structure stored in t
Author: ae
Date: Fri Oct 13 11:01:33 2017
New Revision: 324592
URL: https://svnweb.freebsd.org/changeset/base/324592
Log:
Return 'errno' value from the table_do_modify_record(), it is expected
by table_modify_record().
This makes quiet operations with tables really quiet.
PR:
Author: ae
Date: Fri Sep 29 06:24:45 2017
New Revision: 324098
URL: https://svnweb.freebsd.org/changeset/base/324098
Log:
Some mbuf related fixes in icmp_error()
* check mbuf length before doing mtod() and accessing to IP header;
* update oip pointer and all depending pointers after m_pul
Author: ae
Date: Wed Sep 20 22:35:28 2017
New Revision: 323839
URL: https://svnweb.freebsd.org/changeset/base/323839
Log:
Use in_localip() function instead of unlocked access to addresses hash
to determine that an address is our local.
PR: 220078
MFC after:1 week
Modified
Author: ae
Date: Wed Sep 20 22:00:06 2017
New Revision: 323836
URL: https://svnweb.freebsd.org/changeset/base/323836
Log:
Do not acquire IPFW_WLOCK when a named object is created and destroyed.
Acquiring of IPFW_WLOCK is requried for cases when we are going to
change some data that can be
into network byte order. It is
quite usual to have more that 255 interfaces.
And what is more important, you must not use this code for global IPv6
addresses.
--
WBR, Andrey V. Elsukov
signature.asc
Description: OpenPGP digital signature
Author: ae
Date: Fri Sep 1 11:51:07 2017
New Revision: 323086
URL: https://svnweb.freebsd.org/changeset/base/323086
Log:
Fix possible double releasing for SA reference.
This is missing part of r318734. When crypto subsystem returns error
the xform code handles an error independently.
ied:
> head/sys/amd64/conf/GENERIC
> head/sys/arm64/conf/GENERIC
> head/sys/i386/conf/GENERIC
> head/sys/powerpc/conf/GENERIC
> head/sys/riscv/conf/GENERIC
> head/sys/sparc64/conf/GENERIC
JFYI, there is related review: https://reviews.freebsd.org/D11806
--
WBR, A
Author: ae
Date: Fri Aug 25 11:24:45 2017
New Revision: 322886
URL: https://svnweb.freebsd.org/changeset/base/322886
Log:
Add melifaro@ to the calendar.freebsd
Submitted by: melifaro
Modified:
head/usr.bin/calendar/calendars/calendar.freebsd
Modified: head/usr.bin/calendar/calendars/cal
Author: ae
Date: Mon Aug 21 13:54:29 2017
New Revision: 322751
URL: https://svnweb.freebsd.org/changeset/base/322751
Log:
Remove stale comments.
MFC after:1 week
Modified:
head/sys/netipsec/ipsec.c
Modified: head/sys/netipsec/ipsec.c
=
Author: ae
Date: Mon Aug 21 13:52:21 2017
New Revision: 322750
URL: https://svnweb.freebsd.org/changeset/base/322750
Log:
Fix the regression introduced in r275710.
When a security policy should match TCP connection with specific ports,
the SYN+ACK segment send by syncache_respond() is con
Author: ae
Date: Wed Aug 9 19:58:38 2017
New Revision: 322328
URL: https://svnweb.freebsd.org/changeset/base/322328
Log:
Make user supplied data checks a bit stricter.
key_msg2sp() is used for parsing data from setsockopt(IP[V6]_IPSEC_POLICY)
call. This socket option is usually used to c
Author: ae
Date: Wed Aug 9 12:24:07 2017
New Revision: 322310
URL: https://svnweb.freebsd.org/changeset/base/322310
Log:
Add to if_enc(4) ability to capture packets via BPF after pfil processing.
New flag 0x4 can be configured in net.enc.[in|out].ipsec_bpf_mask.
When it is set, if_enc(4)
Author: ae
Date: Mon Jul 31 11:04:35 2017
New Revision: 321779
URL: https://svnweb.freebsd.org/changeset/base/321779
Log:
Add inpcb pointer to struct ipsec_ctx_data and pass it to the pfil hook
from enc_hhook().
This should solve the problem when pf is used with if_enc(4) interface,
and
Author: ae
Date: Wed Jul 19 14:21:29 2017
New Revision: 321203
URL: https://svnweb.freebsd.org/changeset/base/321203
Log:
Add HPE FlexFabric 10Gb 4-port 536FLR-T device id to the bxe(4) driver.
Tested by:David Miguel Almas
MFC after:1 week
Differential Revision:https://
Author: ae
Date: Thu Jun 29 19:06:43 2017
New Revision: 320479
URL: https://svnweb.freebsd.org/changeset/base/320479
Log:
Fix IPv6 extension header parsing. The length field doesn't include the
first 8 octets.
Obtained from:Yandex LLC
MFC after:3 days
Modified:
head/sys/n
Author: ae
Date: Tue Jun 13 10:52:31 2017
New Revision: 319895
URL: https://svnweb.freebsd.org/changeset/base/319895
Log:
Resurrect RTF_RNH_LOCKED flag and restore ability to call rtalloc1_fib()
with acquired RIB lock.
This fixes a possible panic due to trying to acquire RIB rlock when it
Author: ae
Date: Thu Jun 1 10:04:12 2017
New Revision: 319412
URL: https://svnweb.freebsd.org/changeset/base/319412
Log:
Build kdebug_secreplay() function only when IPSEC_DEBUG is defined.
This should fix the build on sparc.
Reported by: emaste
X-MFC with: r319118
Modified:
he
Author: ae
Date: Mon May 29 09:30:38 2017
New Revision: 319118
URL: https://svnweb.freebsd.org/changeset/base/319118
Log:
Disable IPsec debugging code by default when IPSEC_DEBUG kernel option
is not specified.
Due to the long call chain IPsec code can produce the kernel stack
exhaustio
Author: ae
Date: Tue May 23 09:32:26 2017
New Revision: 318738
URL: https://svnweb.freebsd.org/changeset/base/318738
Log:
Fix possible double releasing for SA and SP references.
There are two possible ways how crypto callback are called: directly from
caller and deffered from crypto threa
Author: ae
Date: Tue May 23 09:01:48 2017
New Revision: 318734
URL: https://svnweb.freebsd.org/changeset/base/318734
Log:
Fix possible double releasing for SA reference.
There are two possible ways how crypto callback are called: directly from
caller and deffered from crypto thread.
^^^
> Can this be converted to a sizeof(foo) somehow?
> Constants like this are typically bad style and lead to bugs.
This means that decimal number is expected in the string.
Not sure what bugs this can lead to.
--
WBR, Andrey V. Elsukov
signature.asc
Description: OpenPGP digital signature
Author: ae
Date: Wed May 17 10:56:22 2017
New Revision: 318400
URL: https://svnweb.freebsd.org/changeset/base/318400
Log:
Allow zero port specification in table entries with type flow.
PR: 217620
MFC after:1 week
Modified:
head/sbin/ipfw/tables.c
Modified: head/sbin/ipfw
Author: ae
Date: Wed May 17 09:04:09 2017
New Revision: 318399
URL: https://svnweb.freebsd.org/changeset/base/318399
Log:
Set M_BCAST and M_MCAST flags on mbuf sent via divert socket.
r290383 has changed how mbufs sent by divert socket are handled.
Previously they are always handled by sl
; module. So I'll take Ryan's suggestion and revert that part for now.
I want to note, that there is if_enc(4) kernel module, that is failed to
be loaded by ifconfig(8) due to presence in the kernel enc(4) driver
(from sys/cam).
--
WBR, Andrey V. Elsukov
signature.asc
Description: OpenPGP digital signature
Author: ae
Date: Tue May 2 17:16:24 2017
New Revision: 317682
URL: https://svnweb.freebsd.org/changeset/base/317682
Log:
Add `ipfw table all destroy` support.
PR: 212669
MFC after:1 week
Modified:
head/sbin/ipfw/ipfw.8
head/sbin/ipfw/tables.c
Modified: head/sbin/ipfw/
Author: ae
Date: Tue May 2 05:20:54 2017
New Revision: 317667
URL: https://svnweb.freebsd.org/changeset/base/317667
Log:
In parse_range() validate both range values instead of checking
the top value twice.
PR: 202295
MFC after:1 week
Modified:
head/sbin/ipfw/dummynet.
Author: ae
Date: Tue May 2 05:02:12 2017
New Revision: 317666
URL: https://svnweb.freebsd.org/changeset/base/317666
Log:
Add sets support for ipfw table info/list/flush commands.
PR: 212668
MFC after:1 week
Modified:
head/sbin/ipfw/tables.c
Modified: head/sbin/ipfw/tabl
Author: ae
Date: Tue May 2 01:03:59 2017
New Revision: 317663
URL: https://svnweb.freebsd.org/changeset/base/317663
Log:
Properly initialize ipfw_range_tlv variable to fix possible EINVAL
in case when ipfw delete/zero/resetlog command issued for several rules
in the loop. Also reorder some
Author: ae
Date: Wed Apr 26 00:34:05 2017
New Revision: 317431
URL: https://svnweb.freebsd.org/changeset/base/317431
Log:
Fix SP refcount leak.
PCB SP cache acquires extra reference, when SP is stored in the cache.
Release this reference when PCB is destroyed in ipsec_delete_pcbpolicy().
201 - 300 of 1048 matches
Mail list logo
