Author: ae
Date: Fri Apr 14 11:58:41 2017
New Revision: 316826
URL: https://svnweb.freebsd.org/changeset/base/316826
Log:
Avoid undefined behavior.
The 'pktid' variable is modified while being used twice between
sequence points, probably due to htonl() is macro.
Reported by: PVS-Stu
On 14.04.2017 14:52, Ed Schouten wrote:
> Hi there,
>
> 2017-04-14 13:41 GMT+02:00 Andrey V. Elsukov :
>> - memcpy(&tent->k, &xn->addr6.sin6_addr, sizeof(struct
>> in6_addr));
>> + memcpy(&tent->k.addr6, &xn-&g
Author: ae
Date: Fri Apr 14 11:41:09 2017
New Revision: 316825
URL: https://svnweb.freebsd.org/changeset/base/316825
Log:
Use address of specific union member instead of whole union address to
fix PVS-Studio warnings.
MFC after:1 week
Modified:
head/sys/netpfil/ipfw/ip_fw_table_alg
Author: ae
Date: Fri Apr 14 11:19:09 2017
New Revision: 316824
URL: https://svnweb.freebsd.org/changeset/base/316824
Log:
The rule field in the ipfw_dyn_rule structure is used as storage
to pass rule number and rule set to userland. In r272840 the kernel
internal rule representation was chan
Author: ae
Date: Fri Apr 14 10:21:38 2017
New Revision: 316823
URL: https://svnweb.freebsd.org/changeset/base/316823
Log:
Fix the build.
Reported by: lwhsu
Modified:
head/sys/kern/uipc_sockbuf.c
Modified: head/sys/kern/uipc_sockbuf.c
Author: ae
Date: Fri Apr 14 09:00:48 2017
New Revision: 316822
URL: https://svnweb.freebsd.org/changeset/base/316822
Log:
Rework r316770 to make it protocol independent and general, like we
do for streaming sockets.
And do more cleanup in the sbappendaddr_locked_internal() to prevent
le
Author: ae
Date: Thu Apr 13 17:03:57 2017
New Revision: 316770
URL: https://svnweb.freebsd.org/changeset/base/316770
Log:
Clear h/w csum flags on mbuf handled by UDP.
When checksums of received IP and UDP header already checked, UDP uses
sbappendaddr_locked() to pass received data to the
Author: ae
Date: Thu Apr 13 14:44:17 2017
New Revision: 316759
URL: https://svnweb.freebsd.org/changeset/base/316759
Log:
Add large replay widow support to setkey(8) and libipsec.
When the replay window size is large than UINT8_MAX, add to the request
the SADB_X_EXT_SA_REPLAY extension he
Author: ae
Date: Tue Apr 11 19:23:25 2017
New Revision: 316716
URL: https://svnweb.freebsd.org/changeset/base/316716
Log:
Inherit IPv6 checksum offloading flags to vlan interfaces.
if_vlan(4) interfaces inherit IPv4 checksum offloading flags from the
parent when VLAN_HWCSUM and VLAN_HWTAG
Author: ae
Date: Tue Apr 11 19:20:20 2017
New Revision: 316715
URL: https://svnweb.freebsd.org/changeset/base/316715
Log:
Make sysctl identifiers for direct netisr queue unique.
Introduce IPCTL_INTRDQMAXLEN and IPCTL_INTRDQDROPS macros for this purpose.
Reviewed by: gnn
MFC after:1
art of ipv6 documentation,
> and iirc part of some BCP's. You really dont want to be running on the
> internet with MTU < 576. It use to be 296 in the days when we had SLIP.
Why not? We have many things that allow foot shooting.
==
>>>> --- head/sys/net/if_me.c Tue Apr 11 08:29:12 2017(r316698)
>>>> +++ head/sys/net/if_me.c Tue Apr 11 08:56:18 2017(r316699)
>>>> @@ -66,7 +66,7 @@ __FBSDID("$FreeBSD$");
>>>> #include
>>>> #include
>>>>
>>>> -#define MEMTU 1500
>>>> +#define MEMTU (1500 - sizeof(struct mobhdr))
>>>
>>> 1500 -> ETHERMTU?
>>
>> Feel free to fix this. Many pseudo interfaces has similar MTU limitations.
--
WBR, Andrey V. Elsukov
signature.asc
Description: OpenPGP digital signature
uint32_tgre_mtu;
>> u_int gre_fibnum;
>> u_int gre_hlen; /* header size */
>> union {
>>
>> Modified: head/sys/net/if_me.c
>> ==
>> --- head/sys/net/if_me.c Tue Apr 11 08:29:12 2017(r316698)
>> +++ head/sys/net/if_me.c Tue Apr 11 08:56:18 2017(r316699)
>> @@ -66,7 +66,7 @@ __FBSDID("$FreeBSD$");
>> #include
>> #include
>>
>> -#define MEMTU 1500
>> +#define MEMTU (1500 - sizeof(struct mobhdr))
>
> 1500 -> ETHERMTU?
Feel free to fix this. Many pseudo interfaces has similar MTU limitations.
--
WBR, Andrey V. Elsukov
signature.asc
Description: OpenPGP digital signature
Author: ae
Date: Tue Apr 11 08:56:18 2017
New Revision: 316699
URL: https://svnweb.freebsd.org/changeset/base/316699
Log:
Do not adjust interface MTU automatically. Leave this task to the system
administrator.
This restores the behavior that was prior to r274246.
No objection from:
Author: ae
Date: Tue Apr 4 23:30:05 2017
New Revision: 316508
URL: https://svnweb.freebsd.org/changeset/base/316508
Log:
Use unique SPI.
MFC after:1 week
Modified:
head/sbin/setkey/setkey.8
Modified: head/sbin/setkey/setkey.8
Author: ae
Date: Tue Apr 4 23:28:22 2017
New Revision: 316507
URL: https://svnweb.freebsd.org/changeset/base/316507
Log:
In the example section show that TCP-MD5 connection needs SA for both
directions.
Submitted by: Mike Tancsa
MFC after:1 week
Modified:
head/sbin/setkey/setke
Author: ae
Date: Tue Apr 4 13:41:50 2017
New Revision: 316490
URL: https://svnweb.freebsd.org/changeset/base/316490
Log:
When we are doing SA lookup for TCP-MD5, check both source and
destination addresses. Previous code has used only destination address
for lookup. But for inbound packets
Author: ae
Date: Mon Apr 3 13:35:04 2017
New Revision: 316461
URL: https://svnweb.freebsd.org/changeset/base/316461
Log:
Remove "IPFW static rules" rmlock.
Make PFIL's lock global and use it for this purpose.
This reduces the number of locks needed to acquire for each packet.
Obtain
Author: ae
Date: Mon Apr 3 04:44:56 2017
New Revision: 316438
URL: https://svnweb.freebsd.org/changeset/base/316438
Log:
GC some unused declarations.
MFC after:1 week
Modified:
head/sys/netipsec/keydb.h
Modified: head/sys/netipsec/keydb.h
===
l/ipfw/pmod/ip_fw_pmod.c
==
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/sys/netpfil/ipfw/pmod/ip_fw_pmod.c Mon Apr 3 03:07:48 2017
(r316435)
@@ -0,0 +1,101 @@
+/*-
+ * Copyri
Copyright (c) 2016 Yandex LLC
- * Copyright (c) 2016 Andrey V. Elsukov
+ * Copyright (c) 2016-2017 Yandex LLC
+ * Copyright (c) 2016-2017 Andrey V. Elsukov
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditio
Author: ae
Date: Mon Apr 3 02:26:30 2017
New Revision: 316433
URL: https://svnweb.freebsd.org/changeset/base/316433
Log:
Add the log formatting for an external action opcode.
Obtained from:Yandex LLC
MFC after:2 weeks
Sponsored by: Yandex LLC
Modified:
head/sys/netpfil/i
Author: ae
Date: Fri Mar 31 09:26:08 2017
New Revision: 316329
URL: https://svnweb.freebsd.org/changeset/base/316329
Log:
Reset the cached state of last lookup in the dynamic states when an
external action is completed, but the rule search is continued.
External action handler can change
Author: ae
Date: Wed Mar 29 10:24:48 2017
New Revision: 316133
URL: https://svnweb.freebsd.org/changeset/base/316133
Log:
Fix bug in r308972 that leads to panic when non-compressed IPComp
packet is received.
Reported by: Denis Ahrens
MFC after:3 days
Modified:
head/sys/netipsec
Author: ae
Date: Mon Mar 27 08:18:13 2017
New Revision: 316013
URL: https://svnweb.freebsd.org/changeset/base/316013
Log:
ake pfil's locking macros private.
Obtained from:Yandex LLC
MFC after:1 week
Modified:
head/sys/net/pfil.c
head/sys/net/pfil.h
Modified: head/sys/net
Author: ae
Date: Mon Mar 27 07:56:41 2017
New Revision: 316012
URL: https://svnweb.freebsd.org/changeset/base/316012
Log:
Declare module version.
MFC after:1 week
Modified:
head/sys/net/if_enc.c
Modified: head/sys/net/if_enc.c
On 16.03.2017 13:12, Andrey V. Elsukov wrote:
> On 16.03.2017 13:02, Hans Petter Selasky wrote:
>> Author: hselasky
>> Date: Thu Mar 16 10:02:45 2017
>> New Revision: 315405
>> URL: https://svnweb.freebsd.org/changeset/base/315405
>>
>> Log:
>> Add he
p;sin6, 0, sizeof(sin6));
> + sin6.sin6_addr = addr;
> + sin6.sin6_len = sizeof(sin6);
> + sin6.sin6_family = AF_INET6;
> + CURVNET_SET_QUIET(vnet);
> + ifa = ifa_ifwithaddr((struct sockaddr *)&sin6);
Hi Hans,
There are at least two IPv6-specific functions to th
On 15.03.2017 18:29, Matteo Riondato wrote:
>
>> On Mar 15, 2017, at 9:36 AM, Andrey V. Elsukov wrote:
>>
>> Author: ae
>> Date: Wed Mar 15 13:36:35 2017
>> New Revision: 315305
>> URL: https://svnweb.freebsd.org/changeset/base/315305
>>
>>
Author: ae
Date: Wed Mar 15 13:36:35 2017
New Revision: 315305
URL: https://svnweb.freebsd.org/changeset/base/315305
Log:
Change the syntax of ipfw's named states.
Since the state name is an optional argument, it often can conflict
with other options. To avoid ambiguity now the state name
Author: ae
Date: Tue Mar 14 07:57:33 2017
New Revision: 315233
URL: https://svnweb.freebsd.org/changeset/base/315233
Log:
Use memset with structure size.
Modified:
head/sys/netpfil/ipfw/nat64/nat64stl.c
Modified: head/sys/netpfil/ipfw/nat64/nat64stl.c
ged() should be called with M_NOWAIT flag instead
of zero.
--
WBR, Andrey V. Elsukov
signature.asc
Description: OpenPGP digital signature
Author: ae
Date: Mon Mar 13 09:04:10 2017
New Revision: 315192
URL: https://svnweb.freebsd.org/changeset/base/315192
Log:
Ignore ifnet renaming in the bpf ifnet departure handler.
PR: 213015
MFC after:1 week
Modified:
head/sys/net/bpf.c
Modified: head/sys/net/bpf.c
=
Author: ae
Date: Sat Mar 11 04:57:52 2017
New Revision: 315050
URL: https://svnweb.freebsd.org/changeset/base/315050
Log:
Fix the L2 address printed in the "arp: %s moved from %*D" message.
In the r292978 struct llentry was changed and the ll_addr field become
the pointer.
PR:
Author: ae
Date: Wed Mar 8 08:09:41 2017
New Revision: 314900
URL: https://svnweb.freebsd.org/changeset/base/314900
Log:
Remove now unneded cast.
Modified:
head/sys/net/if_stf.c
Modified: head/sys/net/if_stf.c
==
--
Author: ae
Date: Tue Mar 7 00:13:53 2017
New Revision: 314812
URL: https://svnweb.freebsd.org/changeset/base/314812
Log:
Introduce the concept of IPsec security policies scope.
Currently are defined three scopes: global, ifnet, and pcb.
Generic security policies that IKE daemon can add v
Author: ae
Date: Mon Mar 6 00:41:59 2017
New Revision: 314718
URL: https://svnweb.freebsd.org/changeset/base/314718
Log:
Fix the build. Use new ipfw_lookup_table() in the nat64 too.
Reported by: cy
MFC after:2 weeks
Modified:
head/sys/netpfil/ipfw/nat64/nat64stl.c
Modified: head
Author: ae
Date: Sun Mar 5 23:48:24 2017
New Revision: 314716
URL: https://svnweb.freebsd.org/changeset/base/314716
Log:
Add IPv6 support to O_IP_DST_LOOKUP opcode.
o check the size of O_IP_SRC_LOOKUP opcode, it can not exceed the size of
ipfw_insn_u32;
o rename ipfw_lookup_table_ext
Author: ae
Date: Sun Mar 5 22:19:43 2017
New Revision: 314715
URL: https://svnweb.freebsd.org/changeset/base/314715
Log:
Reject invalid object types that can not be used with specific opcodes.
When we doing reference counting of named objects in the new rule,
for existing objects check t
Author: ae
Date: Fri Mar 3 20:22:42 2017
New Revision: 314614
URL: https://svnweb.freebsd.org/changeset/base/314614
Log:
Fix matching table entry value. Use real table value instead of its index
in valuestate array.
When opcode has size equal to ipfw_insn_u32, this means that it should
Author: ae
Date: Wed Mar 1 20:00:19 2017
New Revision: 314507
URL: https://svnweb.freebsd.org/changeset/base/314507
Log:
Fix NPTv6 rule counters when one_pass is not enabled.
Consider the rule matching when both @done and @retval values
returned from ipfw_run_eaction() are zero. And modi
Author: ae
Date: Wed Mar 1 18:03:32 2017
New Revision: 314497
URL: https://svnweb.freebsd.org/changeset/base/314497
Log:
Do not invoke the resize event when previous provider's size was zero.
This is similar to r303637 fix for geom_disk.
Reported by: avg
Tested by:avg
MFC after:
Author: ae
Date: Tue Feb 28 22:58:19 2017
New Revision: 314430
URL: https://svnweb.freebsd.org/changeset/base/314430
Log:
When IPv6 fragments reassembly is complete, update mbuf's csum_data
and csum_flags using information from all fragments. This fixes
dropping of reassembled packets due to
Author: ae
Date: Mon Feb 27 15:30:27 2017
New Revision: 314339
URL: https://svnweb.freebsd.org/changeset/base/314339
Log:
Document that the size of AH ICV for HMAC-SHA2-NNN should be half of
NNN bits as described in RFC4868.
PR: 215978
Modified:
head/sbin/setkey/setkey.8
Mod
Author: ae
Date: Sat Feb 18 19:53:37 2017
New Revision: 313922
URL: https://svnweb.freebsd.org/changeset/base/313922
Log:
For translated packets do not adjust UDP checksum if it is zero.
In case when decrypted and decapsulated packet is an UDP datagram,
check that its checksum is not zero
Author: ae
Date: Thu Feb 16 11:38:50 2017
New Revision: 313805
URL: https://svnweb.freebsd.org/changeset/base/313805
Log:
Fix LINT build for powerpc.
Build kernel modules support only when both IPSEC and TCP_SIGNATURE
are not defined.
Reported by: emaste
Modified:
head/sys/netips
Author: ae
Date: Tue Feb 14 21:33:10 2017
New Revision: 313746
URL: https://svnweb.freebsd.org/changeset/base/313746
Log:
Add missing check to fix the build with IPSEC_SUPPORT and without MAC.
Submitted by: netchild
Modified:
head/sys/netinet/in_pcb.c
Modified: head/sys/netinet/in_pcb.c
Author: ae
Date: Mon Feb 13 11:37:52 2017
New Revision: 313697
URL: https://svnweb.freebsd.org/changeset/base/313697
Log:
Remove IPsec related PCB code from SCTP.
The inpcb structure has inp_sp pointer that is initialized by
ipsec_init_pcbpolicy() function. This pointer keeps strorage for
, and if user had manually
configured SAs with the same SPI, the MFC will break this.
--
WBR, Andrey V. Elsukov
___
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "sv
Author: ae
Date: Mon Feb 6 08:56:04 2017
New Revision: 313331
URL: https://svnweb.freebsd.org/changeset/base/313331
Log:
Add removed headers into the ObsoleteFiles.inc.
Modified:
head/ObsoleteFiles.inc
Modified: head/ObsoleteFiles.inc
# GRE keys etc
SRCS+= ifgif.c # GIF reversed header workaround
+SRCS+= ifipsec.c # IPsec VTI
SRCS+= sfp.c # SFP/SFP+ information
LIBADD+= m
Added: head/sbin/ifconfig/ifipsec.c
=
Author: ae
Date: Sat Feb 4 05:09:47 2017
New Revision: 313185
URL: https://svnweb.freebsd.org/changeset/base/313185
Log:
Check that primary GPT header is valid before wiping partitioning.
This allows safely destroy corrupted GPT when primary header was
rewritten by some data, that do not
Author: ae
Date: Tue Jan 17 10:50:28 2017
New Revision: 312341
URL: https://svnweb.freebsd.org/changeset/base/312341
Log:
Initialize IPFW static rules rmlock with RM_RECURSE flag.
This lock was replaced from rwlock in r272840. But unlike rwlock, rmlock
doesn't allow recursion on rm_rlock(
these masks using macros from sys/mbuf.h?
It seems it would be more readable.
--
WBR, Andrey V. Elsukov
___
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-uns
Author: ae
Date: Sun Jan 8 12:40:07 2017
New Revision: 311679
URL: https://svnweb.freebsd.org/changeset/base/311679
Log:
Add direction argument to ipsec_setspidx_inpcb() function.
This function is used only by ipsec_getpolicybysock() to fill security
policy index selector for locally gen
Author: ae
Date: Thu Dec 29 20:27:54 2016
New Revision: 310785
URL: https://svnweb.freebsd.org/changeset/base/310785
Log:
Convert ipv4_flags and ipv4_offset fields into host byte order.
Also save only high bits in the ipv4_flags, because it is defined
as uint8_t. So now it will show DF and M
Author: ae
Date: Thu Dec 29 19:57:46 2016
New Revision: 310783
URL: https://svnweb.freebsd.org/changeset/base/310783
Log:
When we are sending IP fragments, update ip pointers in IP_PROBE() for
each fragment.
MFC after:1 week
Modified:
head/sys/netinet/ip_fastfwd.c
head/sys/netine
Author: ae
Date: Mon Dec 19 11:02:49 2016
New Revision: 310258
URL: https://svnweb.freebsd.org/changeset/base/310258
Log:
ip[6]_tryforward does inbound and outbound packet firewall processing.
This can lead to change of mbuf pointer (packet filter could do m_pullup(),
NAT, etc). Also in case
Author: ae
Date: Mon Dec 12 11:26:59 2016
New Revision: 309888
URL: https://svnweb.freebsd.org/changeset/base/309888
Log:
Modify IPv6 statistic accounting in ip6_input().
Add rcvif local variable to keep inbound interface pointer. Count
ifs6_in_discard errors in all "goto bad" cases. Now
57:32 2016
(r309883)
@@ -0,0 +1,295 @@
+/*-
+ * Copyright (c) 2014-2016 Andrey V. Elsukov
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redis
Author: ae
Date: Tue Dec 6 23:52:56 2016
New Revision: 309660
URL: https://svnweb.freebsd.org/changeset/base/309660
Log:
Convert result of hash_packet6() into host byte order.
For IPv4 similar function uses addresses and ports in host byte order,
but for IPv6 it used network byte order.
Author: ae
Date: Mon Nov 28 17:55:32 2016
New Revision: 309257
URL: https://svnweb.freebsd.org/changeset/base/309257
Log:
Rework ip_tryforward() to use FIB4 KPI.
Tested by:olivier
Obtained from:Yandex LLC
MFC after:1 month
Sponsored by: Yandex LLC
Differential Revisi
Author: ae
Date: Sat Nov 26 10:04:05 2016
New Revision: 309187
URL: https://svnweb.freebsd.org/changeset/base/309187
Log:
Fix ICMPv6 Time Exceeded error message translation.
Obtained from:Yandex LLC
Sponsored by: Yandex LLC
Modified:
head/sys/netpfil/ipfw/nat64/nat64_translate.
Author: ae
Date: Tue Nov 15 07:13:16 2016
New Revision: 308673
URL: https://svnweb.freebsd.org/changeset/base/308673
Log:
Add missing support of named lookup tables to the IPv6 code.
PR: 214419
MFC after:1 week
Sponsored by: Yandex LLC
Modified:
head/sbin/ipfw/ipfw2.c
Author: ae
Date: Sun Nov 6 02:33:04 2016
New Revision: 308358
URL: https://svnweb.freebsd.org/changeset/base/308358
Log:
Initialize ip6 pointer before use.
PR: 214169
MFC after:1 week
Modified:
head/sys/netinet/tcp_subr.c
Modified: head/sys/netinet/tcp_subr.c
==
Author: ae
Date: Wed Oct 19 11:51:17 2016
New Revision: 307628
URL: https://svnweb.freebsd.org/changeset/base/307628
Log:
Fix `ipfw table lookup` handler to return entry value, but not its index.
Submitted by: loos
MFC after:1 week
Modified:
head/sys/netpfil/ipfw/ip_fw_table.c
Mod
Author: ae
Date: Tue Oct 18 15:14:46 2016
New Revision: 307570
URL: https://svnweb.freebsd.org/changeset/base/307570
Log:
Add support for non-contiguous IPv6 masks in ipfw(8) rules.
For example fe::640:0:0/::::0:0 will match
addresses fe:*:*:*:0:640:*:*
Submitted by: Euge
Author: ae
Date: Tue Oct 11 17:41:13 2016
New Revision: 307062
URL: https://svnweb.freebsd.org/changeset/base/307062
Log:
Make LLTABLE list lock private for if_llatbl.c
Rename lock and macros to reflect that it protects V_lltables list.
Modified:
head/sys/net/if_llatbl.c
head/sys/net/i
Author: ae
Date: Thu Oct 6 14:42:06 2016
New Revision: 306760
URL: https://svnweb.freebsd.org/changeset/base/306760
Log:
Replace rw_init/rw_destroy with corresponding macros.
Obtained from:Yandex LLC
Modified:
head/sys/net/route.c
head/sys/net/route_var.h
Modified: head/sys/n
Author: ae
Date: Thu Sep 29 19:57:37 2016
New Revision: 306459
URL: https://svnweb.freebsd.org/changeset/base/306459
Log:
Fix bug introduced in r274300.
In icmp6_reflect() use original source address of erroneous packet as
destination address for source selection algorithm when original
nsitive file
> + systems. On those file systems, foo.So is the same file as foo.so.
Hi,
probably old *.So files now should be removed using `make delete-old` or
something like this.
--
WBR, Andrey V. Elsukov
signature.asc
Description: OpenPGP digital signature
Author: ae
Date: Sun Sep 18 17:35:17 2016
New Revision: 305940
URL: https://svnweb.freebsd.org/changeset/base/305940
Log:
Move opcode rewriter init and destroy handlers into non-VENT code.
PR: 212576,212649,212077
Submitted by: John Zielinski
MFC after:1 week
Modified:
Author: ae
Date: Tue Sep 13 18:16:15 2016
New Revision: 305778
URL: https://svnweb.freebsd.org/changeset/base/305778
Log:
Fix swap tables between sets when this functional is enabled.
We have 6 opcode rewriters for table opcodes. When `set swap' command
invoked, it is called for each rewr
Author: ae
Date: Wed Aug 31 11:51:52 2016
New Revision: 305122
URL: https://svnweb.freebsd.org/changeset/base/305122
Log:
Remove redundant sanity checks from ipsec[46]_common_input_cb().
This check already has been done in the each protocol callback.
Modified:
head/sys/netipsec/ipsec_inp
Author: ae
Date: Wed Aug 17 20:21:33 2016
New Revision: 304313
URL: https://svnweb.freebsd.org/changeset/base/304313
Log:
Teach netisr_get_cpuid() to limit a given value to supported by netisr.
Use netisr_get_cpuid() in netisr_select_cpuid() to limit cpuid value
returned by protocol to be su
Author: ae
Date: Sun Aug 14 18:34:16 2016
New Revision: 304089
URL: https://svnweb.freebsd.org/changeset/base/304089
Log:
Add an ability to attach comment to check-state rules.
MFC after:1 week
Modified:
head/sbin/ipfw/ipfw2.c
Modified: head/sbin/ipfw/ipfw2.c
===
Author: ae
Date: Sun Aug 14 18:05:41 2016
New Revision: 304087
URL: https://svnweb.freebsd.org/changeset/base/304087
Log:
Do not warn about ambiguous state name when we inspect a comment token.
Reported by: lev
Modified:
head/sbin/ipfw/ipfw2.c
Modified: head/sbin/ipfw/ipfw2.c
=
Author: ae
Date: Sun Aug 14 13:17:55 2016
New Revision: 304076
URL: https://svnweb.freebsd.org/changeset/base/304076
Log:
Make statistics nat64lsn, nat64stl an nptv6 output netstat-like:
"@value @description" and fix build due to -Wformat errors.
Modified:
head/sbin/ipfw/nat64lsn.c
head/
Author: ae
Date: Sat Aug 13 22:14:16 2016
New Revision: 304061
URL: https://svnweb.freebsd.org/changeset/base/304061
Log:
Use %ju to print unsigned 64-bit value.
Reported by: kib
Modified:
head/sys/netpfil/ipfw/nat64/nat64lsn_control.c
Modified: head/sys/netpfil/ipfw/nat64/nat64lsn_con
Author: ae
Date: Sat Aug 13 16:45:14 2016
New Revision: 304049
URL: https://svnweb.freebsd.org/changeset/base/304049
Log:
Add `stats reset` command implementation to NPTv6 module
to be able reset statistics counters.
Obtained from:Yandex LLC
Sponsored by: Yandex LLC
Modified:
Author: ae
Date: Sat Aug 13 16:26:15 2016
New Revision: 304048
URL: https://svnweb.freebsd.org/changeset/base/304048
Log:
Replace __noinline with special debug macro NAT64NOINLINE.
Modified:
head/sys/netpfil/ipfw/nat64/nat64_translate.c
head/sys/netpfil/ipfw/nat64/nat64lsn_control.c
Modifi
9 2016(r304046)
@@ -0,0 +1,854 @@
+/*-
+ * Copyright (c) 2015-2016 Yandex LLC
+ * Copyright (c) 2015-2016 Alexander V. Chernikov
+ * Copyright (c) 2015-2016 Andrey V. Elsukov
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are
Author: ae
Date: Sat Aug 13 15:48:56 2016
New Revision: 304043
URL: https://svnweb.freebsd.org/changeset/base/304043
Log:
Add three helper function to manage tables from external modules.
ipfw_objhash_lookup_table_kidx does lookup kernel index of table;
ipfw_ref_table/ipfw_unref_table tak
==
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/sys/netpfil/ipfw/ip_fw_bpf.c Sat Aug 13 15:41:04 2016
(r304041)
@@ -0,0 +1,209 @@
+/*-
+ * Copyright (c) 2016 Yandex LLC
+ * Copyright (c) 2016 Andrey V. Elsukov
20:
>
> Stack: --
> kernel:kassert_panic+0x166
> kernel:g_resize_provider_event+0x181
> kernel:g_run_events+0x186^M^M
> kernel:fork_exit+0x83^M^M
> --
>
> No further information available unfortunately.
This on
Author: ae
Date: Thu Aug 11 10:10:10 2016
New Revision: 303955
URL: https://svnweb.freebsd.org/changeset/base/303955
Log:
Restore "nat global" support.
Now zero value of arg1 used to specify "tablearg", use the old "tablearg"
value for "nat global". Introduce new macro IP_FW_NAT44_GLOBAL
Author: ae
Date: Mon Aug 8 18:30:50 2016
New Revision: 303845
URL: https://svnweb.freebsd.org/changeset/base/303845
Log:
Fix formatting of setfib opcode.
Zero fib is correct value and it conflicts with IP_FW_TARG.
Use bprint_uint_arg() only when opcode contains IP_FW_TARG,
otherwise ju
Author: ae
Date: Mon Aug 8 18:10:30 2016
New Revision: 303842
URL: https://svnweb.freebsd.org/changeset/base/303842
Log:
Fix constructing of setdscp opcode with tablearg keyword.
setdscp's argument can have zero value that conflicts with IP_FW_TARG value.
Always set high-order bit if par
Author: ae
Date: Tue Aug 2 12:18:06 2016
New Revision: 303657
URL: https://svnweb.freebsd.org/changeset/base/303657
Log:
Fix NULL pointer dereference.
ro pointer can be NULL when IPSec consumes mbuf.
PR: 211486
MFC after:3 days
Modified:
head/sys/netinet6/ip6_output.c
Author: ae
Date: Mon Aug 1 20:54:54 2016
New Revision: 303637
URL: https://svnweb.freebsd.org/changeset/base/303637
Log:
Do not invoke resize event if initial disk size is zero. Some disks
report the size only after first opening. And due to the events are
asynchronous, some consumers can
Author: ae
Date: Mon Aug 1 13:38:48 2016
New Revision: 303615
URL: https://svnweb.freebsd.org/changeset/base/303615
Log:
An old tables implementation had all tables preallocated,
so when user did `ipfw table N flush` it always worked, but now
when table N doesn't exist the kernel returns ES
Author: ae
Date: Wed Jul 27 08:26:34 2016
New Revision: 303374
URL: https://svnweb.freebsd.org/changeset/base/303374
Log:
Due to dropped mbuf in netisr queue route(8) can fall into infinity
loop of reading the rtsock's feed. When it used by some scripts,
this leads to growing number of not f
Author: ae
Date: Mon Jul 25 09:12:08 2016
New Revision: 303288
URL: https://svnweb.freebsd.org/changeset/base/303288
Log:
Do not invoke resize method if geom is being withered.
PR: 211028
MFC after:2 weeks
Modified:
head/sys/geom/geom_subr.c
Modified: head/sys/geom/geom_
Author: ae
Date: Tue Jul 19 05:36:21 2016
New Revision: 303019
URL: https://svnweb.freebsd.org/changeset/base/303019
Log:
Use g_resize_provider() to change the size of GEOM_DISK provider,
when it is being opened. This should fix the possible loss of a resize
event when disk capacity changed.
Author: ae
Date: Tue Jul 19 04:56:59 2016
New Revision: 303018
URL: https://svnweb.freebsd.org/changeset/base/303018
Log:
Add named dynamic states support to ipfw(4).
The keep-state, limit and check-state now will have additional argument
flowname. This flowname will be assigned to dynami
rue.
1. You use abs() in the macro - it can be less or bigger.
2. fs_fsize is size of frag blocks, so use it as divider looks incorrect.
--
WBR, Andrey V. Elsukov
signature.asc
Description: OpenPGP digital signature
/ipfw/nptv6.c Mon Jul 18 19:46:31 2016(r303012)
@@ -0,0 +1,399 @@
+/*-
+ * Copyright (c) 2016 Yandex LLC
+ * Copyright (c) 2016 Andrey V. Elsukov
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the follo
several complains.
UFS label is a special label. It always had the same size that provider.
Now it will attach to first provider that will be tasted. It can be
gmirror, generic glabel, geli, gpart, mbr, whole disk.
https://lists.freebsd.org/pipermail/freebsd-geom/2009-April/003473.html
--
WBR, Andrey V. Elsukov
signature.asc
Description: OpenPGP digital signature
UFS itself does not have any issues
> mounting such padded file systems, so it's what GEOM_LABEL should
> do.
While you are thinking this is good fix, I expect that this change will
break many installations. This is not first time when this check was
changed.
--
WBR, Andrey V. Elsuko
Author: ae
Date: Fri Jul 15 17:09:30 2016
New Revision: 302906
URL: https://svnweb.freebsd.org/changeset/base/302906
Log:
Add net.inet6.ip6.intr_queue_maxlen sysctl. It can be used to
change netisr queue limit for IPv6 at runtime.
Obtained from:Yandex LLC
MFC after:2 weeks
ped from the IP input queue");
>
> +SYSCTL_PROC(_net_inet_ip, IPCTL_INTRQMAXLEN, intr_direct_queue_maxlen,
^^^ - and there.
> +CTLTYPE_INT|CTLFLAG_RW, 0, 0, sysctl_netinet_intr_direct_queue_maxlen,
> "I",
> +"Maximum size of the IP direct input queue
301 - 400 of 1048 matches
Mail list logo
