CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mi...@cvs.openbsd.org 2015/06/15 07:26:48 Modified files: sys/netinet: ip_ipcomp.c Log message: Use proper argument type for crp_callback functions; no functional change.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mi...@cvs.openbsd.org 2015/06/12 10:10:43 Modified files: sbin/pfctl : pfctl.c Log message: Allow rule ID filter to be specified for show states output Tweak pfctl to respect the rule ID parameter (-R) specified along with the show states (-s states) option to filter out states that are not associated with a given rule from the output. ok sthen, benno
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mi...@cvs.openbsd.org 2015/06/12 08:18:25 Modified files: usr.sbin/pppd : pppd.h lcp.c Log message: Perform a copy with a memmove for potentially overlapping regions. Reported and fixed by Sergey Ryazanov ryazanov ! s ! a at gmail ! com, thanks!
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mi...@cvs.openbsd.org 2015/06/11 09:59:17 Modified files: sys/net: if_bridge.c pfkeyv2_convert.c sys/netinet: ipsec_input.c ipsec_output.c Log message: Move away from using hzto(9); OK dlg
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mi...@cvs.openbsd.org 2015/06/11 10:00:36 Modified files: sys/nfs: nfs_socket.c Log message: Convert from hzto(9) to tvtohz(9); OK dlg
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mi...@cvs.openbsd.org 2015/06/11 10:03:04 Modified files: sys/kern : kern_clock.c sys/sys: systm.h Log message: Move hzto(9) to the attic; OK dlg
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mi...@cvs.openbsd.org 2015/06/11 10:04:55 Modified files: share/man/man9 : Makefile hzto.9 timeout.9 tvtohz.9 Log message: Remove hzto(9) manual pages and references; OK dlg
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mi...@cvs.openbsd.org 2015/06/11 13:57:38 Removed files: share/man/man9 : hzto.9 Log message: Remove hzto(9) manual pages and references; OK dlg
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mi...@cvs.openbsd.org 2015/06/10 04:03:59 Modified files: share/snmp : OPENBSD-PF-MIB.txt usr.sbin/snmpd : mib.c mib.h Log message: Export new pf no-route error counter OK sthen, blambert for the SNMP part
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mi...@cvs.openbsd.org 2015/06/05 07:22:34 Modified files: sys/net: pf.c pfvar.h Log message: Improve error handling and recovery during state insertion Reshuffle the code around a bit and greatly improve error handling fixing a few bugs along the way. Problem reported by and fix was written with Alexandr Nedvedicky. OK henning
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mi...@cvs.openbsd.org 2015/06/04 11:10:33 Modified files: sys/dev/pci: if_vmx.c Log message: Check if interface was stopped before calling rx/tx interrupt routines. Report tests by m...@alumni.chalmers.se, thanks! OK deraadt, chris
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mi...@cvs.openbsd.org 2015/06/03 16:01:07 Modified files: sys/net: if.c Log message: Adjust yielding condition slightly in the if_input_process thread. ok mpi, kettenis
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mi...@cvs.openbsd.org 2015/05/27 05:13:34 Modified files: sys/dev/usb: xhci.c Log message: Improve the controller state check in xhci_reset From FreeBSD, OK mpi
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mi...@cvs.openbsd.org 2015/05/26 10:17:51 Modified files: sys/net: pf.c Log message: Don't create ICMP states on reply packets unless tracking states sloppy Since we've strengthened the ICMP state matching procedure during lookup to only match packets against states set up in a particular direction, we need to make sure we don't create states on packets that would otherwise be flowing in the direction opposite to the direction of the state and prevent further packets from matching the created state due to strict rules imposed by the ICMP direction check. Problem reported by Alexandr Nedvedicky, alexandr.nedvedicky-at-oracle.com. Discussed with reyk@; OK henning
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mi...@cvs.openbsd.org 2015/05/22 08:16:09 Modified files: sys/net: pf.c Log message: Cleanup leftover PF_ICMP_MULTI_* code that is not needed anymore. ok henning
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mi...@cvs.openbsd.org 2015/05/22 08:18:55 Modified files: sys/net: pf.c Log message: Cut down on if statements around pf_icmp_state_lookup Checked with blambert@, OK millert, henning
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mi...@cvs.openbsd.org 2015/05/20 08:34:27 Modified files: sys/dev/pci: ixgbe_x540.c Log message: scrap unused ixgbe_get_link_capabilities_X540
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mi...@cvs.openbsd.org 2015/05/19 06:50:53 Modified files: sys/dev/pci: if_bge.c Log message: Increase a maximum firmware handshake timeout to 10s BCM5718 Programmers Guide in chapter 7 Device Control, section Device Reset Procedure states that SEEPROM chips need a larger timeout than Flash ones. ok reyk
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mi...@cvs.openbsd.org 2015/05/19 11:16:20 Modified files: regress/sbin/pfctl: Makefile Added files: regress/sbin/pfctl: pf104.in pf104.ok pfail55.in pfail55.ok pfail56.in pfail56.ok Log message: Test divert-to rules' address handling (pfctl/parse.y -r1.648)
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mi...@cvs.openbsd.org 2015/05/18 06:21:04 Modified files: sys/dev/ic : mfi.c Log message: Prevent splassert from firing during sd_flush which runs cold While mfi(4) should pass SCSI transfer flags (e.g. SCSI_POLL and SCSI_NOSLEEP) down to the management function, make it at least use cold consistently for now. ok dlg
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mi...@cvs.openbsd.org 2015/05/12 03:30:35 Modified files: sys/kern : kern_synch.c vfs_subr.c Log message: Drop and reacquire the kernel lock in the vfs_shutdown and cold portions of msleep and tsleep to give interrupts a chance to run on other CPUs. Tweak and OK kettenis
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mi...@cvs.openbsd.org 2015/05/12 06:56:47 Modified files: sys/dev/pci: hifn7751.c Log message: Fixup potential use after free and a memory leak. Found by Maxime Villard max at m00nbsd ! net with the Brainy Code Scanner, thanks!
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mi...@cvs.openbsd.org 2015/05/07 03:19:31 Modified files: sys/netinet: tcp_subr.c Log message: Include the timestamp TCP option in keep alive packets as well. According to RFC 7323 once TSopt has been successfully negotiated, ... [it] MUST be sent in every non-RST segment for the duration of the connection. Which means that keep alives which are just ACK packets must include that too. Pointed out and tested by Lauri Tirkkonen lotheac at iki ! fi, thanks! ok mpi
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mi...@cvs.openbsd.org 2015/05/07 12:30:27 Modified files: sys/kern : kern_synch.c Log message: msleep(9) must prevent kernel from attempting a context switch during autoconf and after panics. Tweak and OK guenther, OK miod
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mi...@cvs.openbsd.org 2015/05/07 09:14:02 Modified files: share/man/man4 : mpii.4 Log message: Correct the note about RAID support
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mi...@cvs.openbsd.org 2015/05/05 10:38:20 Modified files: share/man/man9 : Makefile Log message: Remove man page links for crypto(9) key operations; reminded by jmc@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mi...@cvs.openbsd.org 2015/05/05 05:17:34 Modified files: share/man/man9 : crypto.9 Log message: Remove references to APIs that don't exist anymore. Based on a diff from Vincent Gross dermi...@kilob.yt, thanks!
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mi...@cvs.openbsd.org 2015/04/21 10:34:59 Modified files: sbin/pfctl : parse.y Log message: Improve divert-to specification parsing w.r.t. rule address family. ok henning
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mi...@cvs.openbsd.org 2015/04/20 11:22:18 Modified files: sbin/isakmpd : exchange.c Log message: Log if we refuse to continue the exchange when another one that corresponds to the same policy is already active. OK markus, hshoexer
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mi...@cvs.openbsd.org 2015/04/17 04:04:37 Modified files: sbin/ipsecctl : pfkdump.c sbin/isakmpd : pf_key_v2.c sys/net: pfkeyv2.h pfkeyv2_convert.c sys/netinet: ip_ipsp.h Log message: Remove unsupported SADB_X_IDENTTYPE_CONNECTION; OK markus, hshoexer
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mi...@cvs.openbsd.org 2015/04/17 04:08:07 Modified files: sys/netinet: ip_ipsp.c Log message: Remove unused ipsp_parse_headers that was supposed to parse packets returned by IPsec-enabled NICs; OK markus, hshoexer
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mi...@cvs.openbsd.org 2015/04/17 05:06:39 Modified files: share/man/man9 : mbuf_tags.9 Log message: IPSEC_IN_CRYPTO_DONE and OUT_CRYPTO_NEEDED are gone
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mi...@cvs.openbsd.org 2015/04/17 05:04:02 Modified files: sys/net: if_bridge.c pf.c sys/netinet: ip_ah.c ip_esp.c ip_ipcomp.c ip_ipsp.c ip_ipsp.h ip_output.c ipsec_input.c ipsec_output.c sys/netinet6 : ip6_forward.c ip6_output.c nd6.c sys/sys: mbuf.h Log message: Stubs and support code for NIC-enabled IPsec bite the dust. No objection from reyk@, OK markus, hshoexer
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mi...@cvs.openbsd.org 2015/04/14 06:22:15 Modified files: sbin/ipsecctl : pfkdump.c sbin/isakmpd : pf_key_v2.c sys/net: pfkeyv2.c pfkeyv2.h pfkeyv2_convert.c pfkeyv2_parsemessage.c sys/netinet: in.h in_pcb.c in_pcb.h ip_ipsp.c ip_ipsp.h ip_output.c ip_spd.c tcp_input.c udp_usrreq.c Log message: Remove support for storing credentials and auth information in the kernel. This code is largely unfinished and is not used for anything. The change leaves identities as only objects referenced by ipsec_ref structure and their handling requires some changes to support more advanced matching of IPsec connections. No objections from reyk and hshoexer, with and OK markus.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mi...@cvs.openbsd.org 2015/04/14 11:53:13 Modified files: usr.bin/netstat: inet.c Log message: IPsec auth and credentials are not stored in the kernel anymore; noticed by deraadt@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mi...@cvs.openbsd.org 2015/04/14 08:20:01 Modified files: sys/netinet: ip_ah.c ip_esp.c ip_ipcomp.c ip_ipip.c ip_ipsp.c ip_ipsp.h ipsec_input.c ipsec_output.c Log message: make ipsp_address thread safe; ok mpi
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mi...@cvs.openbsd.org 2015/04/14 08:18:37 Modified files: sys/netinet6 : in6.h Log message: ip6_sprintf is long gone; noticed by blambert
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mi...@cvs.openbsd.org 2015/04/13 10:45:52 Modified files: sys/netinet: ip_ipsp.c ip_ipsp.h ip_spd.c Log message: Remove unused arguments from gettdb* functions; OK markus, hshoexer, mpi
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mi...@cvs.openbsd.org 2015/04/13 10:48:01 Modified files: sys/netinet: ip_ipsp.c ip_ipsp.h ip_spd.c Log message: Rename gettdbbyaddr to gettdbbydst; OK markus, hshoexer, mpi
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mi...@cvs.openbsd.org 2015/04/13 10:50:43 Modified files: sys/netinet: ip_spd.c Log message: Perform IPsec bypass check on a socket before performing TDB lookups. OK markus, hshoexer
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mi...@cvs.openbsd.org 2015/04/09 06:04:14 Modified files: sys/net: pf_table.c Log message: Plug a memory leak in pfr_destroy_kentry pfi_kif objects allocated for table entries created by route-to or by specifying weight weren't garbage collected when the table entry was destroyed. Spotted by Alexandr Nedvedicky alexandr ! nedvedicky at oracle ! com, thanks! Ok henning, florian
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mi...@cvs.openbsd.org 2015/04/08 08:19:28 Modified files: sys/net: pf_table.c Log message: Table flags are not looked at when a table entry is created. Spotted by Alexandr Nedvedicky alexandr ! nedvedicky at oracle ! com, thanks!
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mi...@cvs.openbsd.org 2015/04/08 06:50:21 Modified files: sys/net: pf.c Log message: Destination table needs it's own negation flag passed to the pfr_update_stats. Spotted by Alexandr Nedvedicky alexandr ! nedvedicky at oracle ! com, thanks a lot! Ok florian
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mi...@cvs.openbsd.org 2015/03/26 06:21:37 Modified files: sbin/isakmpd : pf_key_v2.c sa.h sys/net: pfkeyv2.c pfkeyv2_parsemessage.c sys/netinet: ip_ipsp.h ipsec_input.c Log message: Remove bits of unfinished IPsec proxy support. DNS' KX records, anyone? ok markus, hshoexer
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mi...@cvs.openbsd.org 2015/03/20 04:41:15 Modified files: sys/dev/pci: if_ix.c Log message: Re-apply -r1.115 that got accidentally reverted and brought to my attention and fix re-tested by Kapetanakis Giannis. Thanks a lot! Original commit message: When setting up advanced TX descriptor use m_getptr to locate the IP or IPv6 header instead of assuming contiguousness of the target buffer across Ethernet and IP/IPv6 headers. Tested by Kapetanakis Giannis bilias at edu ! physics ! uoc ! gr, thanks! Problem analysis and initial diff by dlg@.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mi...@cvs.openbsd.org 2015/03/18 06:23:25 Modified files: sys/dev/pci: mpii.c Log message: Prevent sign extension due to pointer arithmetics This should make mpii(4) work on i386 again, apparently. Problem identified and a slightly different fix proposed by Christiano F. Haesbaert and Pedro Martelletto of Bitrig. Huge thanks for tracking this down, guys!
CVS: cvs.openbsd.org: www
CVSROOT:/cvs Module name:www Changes by: mi...@cvs.openbsd.org 2015/03/10 07:45:53 Modified files: . : users.html Log message: Elvis has left the building.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mi...@cvs.openbsd.org 2015/03/09 12:09:50 Modified files: sys/netinet6 : nd6_rtr.c Log message: Avoid doing IPv6 SLAAC for prefixes with preferred lifetime of zero RFC 4941 says in 3.3.5: In particular, an implementation MUST NOT create a temporary address with a zero Preferred Lifetime. OK sthen, henning, benno
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mi...@cvs.openbsd.org 2015/01/20 10:25:35 Modified files: sys/net: pf_table.c Log message: Prevent tables referenced by rules in anchors from getting disabled. Analysis and patch by Richard Kojedzinszky, thanks! ok henning
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mi...@cvs.openbsd.org 2015/01/19 07:42:42 Modified files: sbin/iked : eap.c ikev2_msg.c ikev2_pld.c parse.y Log message: Remove unnecessary netinet/ip_ipsp.h includes
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mi...@cvs.openbsd.org 2015/01/12 04:24:58 Modified files: sbin/iked : parse.y Log message: Don't forget about protocol specification when configuring flows. Tested by and OK claudio.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mi...@cvs.openbsd.org 2015/01/12 03:40:51 Modified files: sys/dev/pci: if_ix.c Log message: When setting up advanced TX descriptor use m_getptr to locate the IP or IPv6 header instead of assuming contiguousness of the target buffer across Ethernet and IP/IPv6 headers. Tested by Kapetanakis Giannis bilias at edu ! physics ! uoc ! gr, thanks! Problem analysis and initial diff by dlg@.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mi...@cvs.openbsd.org 2014/12/10 05:27:57 Modified files: sys/arch/armv7/omap: omdog.c sys/arch/armv7/sunxi: sxidog.c sys/arch/i386/i386: esm.c sys/arch/i386/pci: elan520.c geodesc.c sys/arch/sgi/localbus: imc.c sys/arch/sparc64/dev: lom.c pmc.c sys/dev: ipmi.c sys/dev/isa: fins.c it.c sch311x.c viasio.c sys/dev/pci: berkwdt.c glxpcib.c ichwdt.c pwdog.c tcpcib.c wdt.c sys/kern : kern_watchdog.c sys/sys: systm.h Log message: Convert watchdog(4) devices to use autoconf(9) framework. ok deraadt, tests on glxpcib and ok mpi
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mi...@cvs.openbsd.org 2014/12/10 08:29:53 Modified files: share/man/man9 : Makefile boot.9 dohooks.9 domountroothooks.9 dostartuphooks.9 hook_establish.9 startuphook_establish.9 sys/arch/alpha/alpha: machdep.c sys/arch/amd64/amd64: machdep.c sys/arch/armish/armish: armish_machdep.c sys/arch/armv7/armv7: armv7_machdep.c sys/arch/aviion/aviion: machdep.c sys/arch/hppa/hppa: machdep.c sys/arch/hppa64/hppa64: machdep.c sys/arch/i386/i386: machdep.c sys/arch/landisk/landisk: machdep.c sys/arch/loongson/loongson: machdep.c sys/arch/luna88k/luna88k: machdep.c sys/arch/macppc/macppc: machdep.c sys/arch/octeon/octeon: machdep.c sys/arch/sgi/sgi: machdep.c sys/arch/socppc/socppc: machdep.c sys/arch/solbourne/solbourne: machdep.c sys/arch/sparc/sparc: machdep.c sys/arch/sparc64/sparc64: machdep.c sys/arch/vax/vax: machdep.c sys/arch/zaurus/zaurus: zaurus_machdep.c sys/kern : kern_subr.c sys/sys: systm.h Removed files: share/man/man9 : doshutdownhooks.9 shutdownhook_establish.9 Log message: retire shutdown hooks; ok deraadt, krw
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mi...@cvs.openbsd.org 2014/12/09 10:03:19 Modified files: usr.sbin/tcpdump: print-ip.c print-ip6.c Log message: Catch up with the BPF_ALIGNMENT switch to the uint32_t. bpf aligns data following the datalink header (e.g. ethernet) on the BPF_ALIGNMENT boundary. Since rev1.41 of bpf.h it's uint32_t instead of a long. And also since then almost all packets become unaligned from the tcpdump perspective and require costly copies into the internal buffer. Neither IP header (struct ip) nor IPv6 (struct ip6_hdr) have fields larger than 32 bits and therefore alignment requirements for them are at most 32 bit. ok millert, jsg, deraadt
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mi...@cvs.openbsd.org 2014/12/05 06:40:44 Modified files: sbin/iked : ikev2.c Log message: Store return value of i2d_X509_NAME in a signed integer to make sure the negative error gets treated correctly and doesn't get accidentally promoted to a huge unsigned value. From Pedro Martelletto, thanks! OK reyk
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mi...@cvs.openbsd.org 2014/12/04 09:16:21 Modified files: sys/net: if_bridge.c Log message: Repair VLAN tagging in the bridge output path Since bridge_output/bridge_ifenqueue replace ether_output that does VLAN tagging and call into if_start directly we need to make sure that tag has been set by the bridge. XXX This abuses if_output == vlan_output check, but hopefully XXX vlan(4) will use a distinct if_type someday and this code XXX will be improved. Discussed with henning and Rafael Zalamena, ok henning
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mi...@cvs.openbsd.org 2014/12/05 00:24:45 Modified files: sbin/iked : ca.c Log message: Specify correct number of iovecs when sending replies to the ikev2 proc Crash reported and fix tested by Vincent Gross dermiste at kilob ! yt; patch from Pedro Martelletto, thanks!
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mi...@cvs.openbsd.org 2014/12/03 06:19:03 Modified files: usr.sbin/tcpdump: print-ip.c print-ip6.c Log message: Fixup a crash found by jsg using the AFL fuzzer. IP and IPv6 printing routines should check that there's at least a complete IP/IPv6 header available in the buffer before trying to do anything else. ok jsg
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mi...@cvs.openbsd.org 2014/12/03 06:22:19 Modified files: usr.sbin/tcpdump: print-ip.c print-ip6.c Log message: Restore packetp and snapend pointers once we're done with an incorrectly aligned IP/IPv6 packet so that tcpdump can print hexdump of the whole packet including the Ethernet header (if requested) and not only the IP/IPv6 part of it. ok jsg
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mi...@cvs.openbsd.org 2014/12/01 08:06:54 Modified files: sys/net: if.c if_trunk.c if_var.h Log message: Make every interface with a watchdog register it's own slow timeout This removes the system wide if_slowtimo timeout and lets every interface with a valid if_watchdog method register it's own in order to get rid of the ifnet loop in the softclock context and avoid further complications with concurrent access to the ifnet list. ok deraadt, input and ok mpi, looked at by claudio
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mi...@cvs.openbsd.org 2014/11/21 10:49:00 Modified files: usr.bin/netstat: if.c mroute6.c net80211.c Log message: remove pointless if_var.h and socketvar.h includes; ok deraadt
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mi...@cvs.openbsd.org 2014/11/18 08:16:35 Modified files: sys/sys: file.h Log message: DTYPE_CRYPTO is not used anymore; ok guenther (a while ago)
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mi...@cvs.openbsd.org 2014/11/18 08:18:01 Modified files: sys/arch/amd64/amd64: aesni.c Log message: drop pl from the pool name and use pool_setlowat
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mi...@cvs.openbsd.org 2014/11/18 15:38:48 Modified files: usr.bin/ssh: rijndael.c Log message: Sync AES code to the one shipped in OpenSSL/LibreSSL. This includes a commit made by Andy Polyakov appro at openssl ! org to the OpenSSL source tree on Wed, 28 Jun 2006 with the following message: Mitigate cache-collision timing attack on last round. OK naddy, miod, djm
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mi...@cvs.openbsd.org 2014/11/17 05:27:47 Modified files: sys/crypto : rijndael.c Log message: Sync our kernel AES code to the one shipped in OpenSSL/LibreSSL. This includes a commit made by Andy Polyakov appro at openssl ! org to the OpenSSL source tree on Wed, 28 Jun 2006 with the following message: Mitigate cache-collision timing attack on last round. OK naddy, miod
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mi...@cvs.openbsd.org 2014/11/12 09:06:47 Modified files: sys/dev/pci: if_ix.c if_ix.h Log message: Remove SIOCSIFMTU handling and misuse of if_mtu values for MRU Since there's now no way to select maximum receive unit size the hardware is programmed to accept frame sizes up to 9216 which is now the maximum (down from 15.5K since this is supposed to work in all advanced configurations and gives slightly better flow control watermark ranges) and split all frames larger 2K into multiple fragments (code was already there but wasn't enabled). Tested on 82599 (SFP+) and X540 (10GBaseT). With input from dlg@.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mi...@cvs.openbsd.org 2014/11/12 10:52:02 Modified files: sys/crypto : gmac.c Log message: Improve performance of an internal loop by saving up on branching Pointed out by John-Mark Gurney jmg at funkthat ! com, thanks!
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mi...@cvs.openbsd.org 2014/11/11 04:37:05 Modified files: sys/net: pf.c Log message: Ask networking stack to recalculate the ICMPv6 checksum in pf_route6 since we might have tweaked the addresses. Problem reported and fix test by Bastien Durel bastien at geekwu ! org, thanks! OK henning
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mi...@cvs.openbsd.org 2014/11/10 05:59:21 Modified files: sbin/iked : iked.8 Log message: copy pubkey section from isakmpd(8); ok reyk
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mi...@cvs.openbsd.org 2014/11/10 08:58:32 Modified files: sys/dev/pci: if_ix.c if_ix.h Log message: remove ixgbe_sfp_probe since it's not called anyways
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mi...@cvs.openbsd.org 2014/11/10 09:01:18 Modified files: sys/dev/pci: if_ix.c Log message: don't try to update the link status every second
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mi...@cvs.openbsd.org 2014/11/10 09:35:06 Modified files: sys/dev/pci: if_ix.c Log message: Gather full statistics only when IX_DEBUG is defined since most of them can't be retrieved otherwise. This comes with a slight but measurable performance increase as well. Also since the hardware has a single counter for missed packets including those caused by the insufficient DMA buffers available, this makes it hard to decipher actual errors when used with Rx ring length limiting mechanisms like if_rxr or mclgeti.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mi...@cvs.openbsd.org 2014/11/10 10:07:52 Modified files: sys/dev/pci: if_ix.c Log message: Inadvertent ampersand has made the check to always yield truth This change fixes up SFP+ module detection during ifconfig up after the machine has been booted without the modules plugged in.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mi...@cvs.openbsd.org 2014/11/10 10:53:10 Modified files: sys/dev/pci: if_ix.c Log message: remove pointless timeout_del/add dance in the interrupt handler
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mi...@cvs.openbsd.org 2014/11/10 10:53:43 Modified files: sys/dev/pci: if_ix.c Log message: add an additional error check into the ixgbe_handle_msf
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mi...@cvs.openbsd.org 2014/11/07 07:02:32 Modified files: sbin/iked : ikev2.c ikev2.h ikev2_msg.c Log message: Repair initiator with PSK auth Attempt state transition to VALID (or EAP_VALID) in the ikev2_ike_auth after we have completed authentication synchronously (PSK) or asynchronously (X.509 and RSA) eliminating the need to do so in multiple places and restoring the correct order for PSK. ok markus
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mi...@cvs.openbsd.org 2014/11/07 07:05:58 Modified files: sbin/iked : ikev2_pld.c Log message: Run eap_parse on the actual message and only when the length is right
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mi...@cvs.openbsd.org 2014/11/07 07:12:57 Modified files: sbin/iked : ikev2.c policy.c Log message: Fixup a few problems with EAP state transition First of all we don't need to satisfy valid EAP state flags for IKEV2_STATE_EAP as it's an initial EAP exchange state. Then when waiting for the ca process to construct our AUTH payload we need to bail while sa_localauth is not available. With this change Win7 is able to establish the the tunnel again. ok markus
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mi...@cvs.openbsd.org 2014/08/26 05:01:22 Modified files: sys/dev/pci: if_bge.c if_em.c if_ix.c Log message: Revert part of the if_rxr diff that incorrectly moves RX ring tail index update code from the buf_get success path to the do it all the time code path. Tested by millert; ok dlg, deraadt
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mi...@cvs.openbsd.org 2014/08/25 08:26:25 Modified files: sys/dev/pci: if_ix.c ixgbe_phy.c ixgbe_type.h ixgbe_x540.c Log message: We have never limited the definition of supported SPF modules to the vendor/make whitelist maintained by Intel so there's no reason to start doing it now. When syncing the driver to the FreeBSD codebase I have decided to take this chunk as is but it appears that it breaks cheap chinese SFP+ fiber optics modules that we all love. And while there's still a lot of places where we check for the vendor OUI, most of these checks are not necessary. Issue reported and fix tested by Tony Sarendal. Thanks!
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mi...@cvs.openbsd.org 2014/08/21 09:09:27 Modified files: sbin/pfctl : parse.y Log message: deny once flags for match rules; ok henning
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mi...@cvs.openbsd.org 2014/08/20 00:14:43 Modified files: sys/arch/alpha/alpha: conf.c sys/arch/alpha/conf: GENERIC sys/arch/amd64/amd64: conf.c sys/arch/amd64/conf: GENERIC sys/arch/arm/arm: conf.c sys/arch/armish/conf: GENERIC sys/arch/hppa/hppa: conf.c sys/arch/hppa64/hppa64: conf.c sys/arch/i386/conf: GENERIC sys/arch/i386/i386: conf.c sys/arch/landisk/landisk: conf.c sys/arch/loongson/loongson: conf.c sys/arch/macppc/macppc: conf.c sys/arch/octeon/octeon: conf.c sys/arch/sgi/sgi: conf.c sys/arch/socppc/conf: GENERIC sys/arch/socppc/socppc: conf.c sys/arch/sparc64/sparc64: conf.c Log message: unlink crypto(4) pseudo device from the architecture dependant character device tables and kernel config files. ok deraadt
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mi...@cvs.openbsd.org 2014/08/20 00:23:03 Modified files: sys/conf : files sys/crypto : crypto.c cryptodev.c cryptodev.h sys/kern : kern_sysctl.c sys/sys: conf.h sysctl.h Log message: Bye bye /dev/crypto The interface has been disabled by default for about 4 years and currently there's not much value in having it around at all. ok deraadt
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mi...@cvs.openbsd.org 2014/08/20 00:31:22 Removed files: sys/crypto : cryptodev.c Log message: Bye bye /dev/crypto The interface has been disabled by default for about 4 years and currently there's not much value in having it around at all. ok deraadt
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mi...@cvs.openbsd.org 2014/08/20 04:06:31 Modified files: sys/dev/pci: if_ix.c Log message: Implement rxrinfo ioctl for cluster usage statistics
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mi...@cvs.openbsd.org 2014/08/20 05:23:42 Modified files: etc: MAKEDEV.common etc/etc.alpha : MAKEDEV etc/etc.amd64 : MAKEDEV etc/etc.armish : MAKEDEV etc/etc.armv7 : MAKEDEV etc/etc.hppa : MAKEDEV etc/etc.hppa64 : MAKEDEV etc/etc.i386 : MAKEDEV etc/etc.landisk: MAKEDEV etc/etc.loongson: MAKEDEV etc/etc.macppc : MAKEDEV etc/etc.octeon : MAKEDEV etc/etc.sgi: MAKEDEV etc/etc.sparc64: MAKEDEV etc/etc.zaurus : MAKEDEV etc/examples : sysctl.conf lib/libc/gen : sysctl.3 sbin/sysctl: sysctl.8 share/man/man4 : Makefile hifn.4 safe.4 ubsec.4 share/man/man4/man4.i386: glxsb.4 share/man/man8/man8.alpha: MAKEDEV.8 share/man/man8/man8.amd64: MAKEDEV.8 share/man/man8/man8.armish: MAKEDEV.8 share/man/man8/man8.armv7: MAKEDEV.8 share/man/man8/man8.hppa: MAKEDEV.8 share/man/man8/man8.hppa64: MAKEDEV.8 share/man/man8/man8.i386: MAKEDEV.8 share/man/man8/man8.landisk: MAKEDEV.8 share/man/man8/man8.loongson: MAKEDEV.8 share/man/man8/man8.macppc: MAKEDEV.8 share/man/man8/man8.octeon: MAKEDEV.8 share/man/man8/man8.sgi: MAKEDEV.8 share/man/man8/man8.sparc64: MAKEDEV.8 share/man/man8/man8.zaurus: MAKEDEV.8 share/man/man9 : crypto.9 malloc.9 usr.bin/fstat : fstat.1 fstat.c usr.bin/kdump : Makefile mkioctls usr.sbin/pstat : pstat.c Removed files: share/man/man4 : crypto.4 Log message: Remove userland bits related to the crypto(4) interface; ok deraadt
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mi...@cvs.openbsd.org 2014/08/15 08:06:48 Modified files: sys/arch/alpha/conf: GENERIC sys/arch/amd64/conf: GENERIC sys/arch/i386/conf: GENERIC sys/arch/macppc/conf: GENERIC sys/arch/sgi/conf: GENERIC-IP27 GENERIC-IP30 GENERIC-IP32 sys/arch/sparc64/conf: GENERIC Log message: lofn(4) and nofn(4) are going away
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mi...@cvs.openbsd.org 2014/08/15 08:07:39 Modified files: sys/dev/pci: files.pci Log message: unlink lofn(4) and nofn(4)
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mi...@cvs.openbsd.org 2014/08/15 08:12:07 Removed files: sys/dev/pci: nofn.c nofnreg.h nofnvar.h lofn.c lofnreg.h lofnvar.h Log message: With deprecation of crypto(4) interface lofn(4) and nofn(4) become obsolete. No objections from the usual suspects.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mi...@cvs.openbsd.org 2014/08/15 08:16:01 Modified files: share/man/man4 : Makefile crypto.4 pci.4 Removed files: share/man/man4 : lofn.4 nofn.4 Log message: lofn(4) and nofn(4) are gone
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mi...@cvs.openbsd.org 2014/08/15 08:36:20 Modified files: regress/sys/crypto/aes: Makefile aestest.c Log message: Convert AES regress test from /dev/crypto to using kernel source code directly. This test case uses ECB vectors, therefore no chaining is required.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mi...@cvs.openbsd.org 2014/08/15 08:39:04 Modified files: regress/sys/crypto/aesctr: Makefile aesctr.c Log message: Convert AES-CTR regress test from /dev/crypto to using kernel source code directly. This test is converted the same way jsing@ has recently converted an XTS test by pulling in xform.c code.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mi...@cvs.openbsd.org 2014/08/15 09:13:38 Modified files: regress/sys/crypto/enc: Makefile des3.c Log message: Convert 3DES regress test from /dev/crypto to using kernel source code directly with a simplified CBC implementation.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mi...@cvs.openbsd.org 2014/08/15 09:37:51 Modified files: sys/dev/pci: ubsec.c ubsecvar.h Log message: Remove support for public key operations
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mi...@cvs.openbsd.org 2014/08/15 09:43:27 Modified files: sys/dev/pci: safe.c safevar.h Log message: Remove support for public key operations
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mi...@cvs.openbsd.org 2014/08/15 09:46:24 Modified files: share/man/man4 : ubsec.4 safe.4 Log message: Public key operations are no longer supported
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mi...@cvs.openbsd.org 2014/08/14 03:52:03 Modified files: sys/dev/pci: if_oce.c Log message: Implement rxrinfo ioctl for cluster usage statistics
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mi...@cvs.openbsd.org 2014/08/14 05:38:14 Modified files: sys/net: if.c Log message: Compare number of allocated clusters with a low watermark, not a magic number 4 since sometimes we can't fit a single packet (jumbo frame) into 4 clusters. OK dlg
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: mi...@cvs.openbsd.org 2014/08/12 08:38:28 Modified files: sys/net: pf.c pf_ioctl.c Log message: Apart from some minor code reshuffling the big change is that we start with a ruleset pointer assigned to pf_main_ruleset so that pf_purge_rule doesn't get called with a NULL. Prompted by the discussion with Alexandr Nedvedicky alexandr ! nedvedicky at oracle ! com. OK henning
