Re: svn commit: r220653 - in head/sys: . arm/mv/orion boot/fdt/dts

support for the Marvell Orion TS-7800. P P Submitted by:Kristof Provost kristof -at- freebsd.org P P Added: P head/sys/arm/mv/orion/files.ts7800 (contents, props changed) P head/sys/arm/mv/orion/std.ts7800 (contents, props changed) P head/sys/boot/fdt/dts/ts7800.dts (contents

Re: svn commit: r222488 - in head/sys: contrib/pf/net netinet netinet/ipfw netinet6

Hi, I'm seeing a panic when I start natd, which I suspect is related to this commit: panic: Lock pcbinfohash not exclusively locked @ /usr/src/sys/netinet/in_pcb.c:323 Backtrace: panic() ... _rw_assert() at _rw_assert+0x18d in_pcbbind() at in_pcbbind+0xf5 div_bind() at div_bind+0xb9 sobind() at

Re: svn commit: r222488 - in head/sys: contrib/pf/net netinet netinet/ipfw netinet6

On 2011-06-04 17:27:56 (+0100), Robert Watson rwat...@freebsd.org wrote: On Sat, 4 Jun 2011, Kristof Provost wrote: I'm seeing a panic when I start natd, which I suspect is related to this commit: And, I believe now fixed in the just-committed r222690. My suggestion is that people

Re: svn commit: r256808 - head/sys/ufs/ffs

Hi Kirk, On 2013-10-20 21:11:41 (+), Kirk McKusick mckus...@freebsd.org wrote: Modified: head/sys/ufs/ffs/ffs_softdep.c == --- head/sys/ufs/ffs/ffs_softdep.cSun Oct 20 21:11:36 2013 (r256807) +++

svn commit: r280955 - in head/sys: netinet6 netpfil/pf

Author: kp Date: Wed Apr 1 12:15:01 2015 New Revision: 280955 URL: https://svnweb.freebsd.org/changeset/base/280955 Log: Preserve IPv6 fragment IDs accross reassembly and refragmentation When forwarding fragmented IPv6 packets and filtering with PF we reassemble and refragment. That

svn commit: r280956 - head/sys/netpfil/pf

Author: kp Date: Wed Apr 1 12:16:56 2015 New Revision: 280956 URL: https://svnweb.freebsd.org/changeset/base/280956 Log: pf: Deal with runt packets On Ethernet packets have a minimal length, so very short packets get padding appended to them. This padding is not stripped off in

svn commit: r280701 - head/usr.bin/ministat

Author: kp Date: Thu Mar 26 17:13:11 2015 New Revision: 280701 URL: https://svnweb.freebsd.org/changeset/base/280701 Log: Clarify the ministat default width The man page states that: '-w widthWidth of ASCII-art plot in characters, default is 74.' This is not entirely correct.

svn commit: r280696 - head/share/misc

kevlo [label=Kevin Lo\nke...@freebsd.org\n2006/07/23] kib [label=Konstantin Belousov\n...@freebsd.org\n2006/06/03] kmacy [label=Kip Macy\nkm...@freebsd.org\n2005/06/01] +kp [label=Kristof Provost\n...@freebsd.org\n2015/03/22] le [label=Lukas Ertl\n...@freebsd.org\n2004/02/02] loos [label=Luiz

Re: svn commit: r281536 - head/sys/netpfil/pf

On 2015-04-15 15:53:02 (+0300), Gleb Smirnoff gleb...@freebsd.org wrote: On Tue, Apr 14, 2015 at 07:07:37PM +, Kristof Provost wrote: K Author: kp K Date: Tue Apr 14 19:07:37 2015 K New Revision: 281536 K URL: https://svnweb.freebsd.org/changeset/base/281536 K K Log: K pf: Fix

svn commit: r281536 - head/sys/netpfil/pf

Author: kp Date: Tue Apr 14 19:07:37 2015 New Revision: 281536 URL: https://svnweb.freebsd.org/changeset/base/281536 Log: pf: Fix forwarding detection If the direction is not PF_OUT we can never be forwarding. Some input packets have rcvif != ifp (looped back packets), which lead us to

svn commit: r281164 - head/sys/netpfil/pf

Author: kp Date: Mon Apr 6 19:05:00 2015 New Revision: 281164 URL: https://svnweb.freebsd.org/changeset/base/281164 Log: pf: Skip firewall for refragmented ip6 packets In cases where we scrub (fragment reassemble) on both input and output we risk ending up in infinite loops when

svn commit: r281165 - head/sys/netinet6

Author: kp Date: Mon Apr 6 19:08:44 2015 New Revision: 281165 URL: https://svnweb.freebsd.org/changeset/base/281165 Log: Remove duplicate code We'll just fall into the same local delivery block under the 'if (m-m_flags M_FASTFWD_OURS)'. Suggested by: ae Differential Revision:

Re: svn commit: r281164 - head/sys/netpfil/pf

On 06 Apr 2015, at 22:50, Richard Tector richardtec...@thekeelecentre.com wrote: I was just wondering how this affects the case where we might have if-bound rules? Really basic example: pass quick on $outside_if inet6 proto udp from any to $myhost block drop quick on $inside_if

Re: svn commit: r281164 - head/sys/netpfil/pf

On 2015-04-07 08:33:17 (+0200), Hans Ottevanger h...@beastielabs.net wrote: On 04/06/15 21:05, Kristof Provost wrote: Author: kp Date: Mon Apr 6 19:05:00 2015 New Revision: 281164 URL: https://svnweb.freebsd.org/changeset/base/281164 Log: pf: Skip firewall for refragmented ip6

svn commit: r281234 - head/sys/netinet6

Author: kp Date: Tue Apr 7 20:29:03 2015 New Revision: 281234 URL: https://svnweb.freebsd.org/changeset/base/281234 Log: Evaluate packet size after the firewall had its chance Defer the packet size check until after the firewall has had a look at it. This means that the firewall now

svn commit: r284222 - head/sys/netpfil/pf

Author: kp Date: Wed Jun 10 13:44:04 2015 New Revision: 284222 URL: https://svnweb.freebsd.org/changeset/base/284222 Log: pf: address family must be set when creating a pf_fragment Fix a panic when handling fragmented ip4 packets with 'drop-ovl' set. In that scenario we take a different

Re: svn commit: r284222 - head/sys/netpfil/pf

On 2015-06-10 16:53:33 (+0200), Oliver Pinter oliver.pin...@hardenedbsd.org wrote: On 6/10/15, Kristof Provost k...@freebsd.org wrote: Author: kp Date: Wed Jun 10 13:44:04 2015 New Revision: 284222 URL: https://svnweb.freebsd.org/changeset/base/284222 Log: pf: address family must

svn commit: r284260 - head/sys/netpfil/pf

Author: kp Date: Thu Jun 11 13:26:16 2015 New Revision: 284260 URL: https://svnweb.freebsd.org/changeset/base/284260 Log: pf: Save the protocol number in the pf_fragment When we try to look up a pf_fragment with pf_find_fragment() we compare (see pf_frag_compare()) addresses (and

svn commit: r284348 - in head/sys: dev/virtio/network net

Author: kp Date: Sat Jun 13 19:39:21 2015 New Revision: 284348 URL: https://svnweb.freebsd.org/changeset/base/284348 Log: Fix panic when adding vtnet interfaces to a bridge vtnet interfaces are always in promiscuous mode (at least if the VIRTIO_NET_F_CTRL_RX feature is not negotiated

Re: svn commit: r284252 - head/bin/ls

On 2015-06-11 02:29:40 (+), Sean Bruno sbr...@freebsd.org wrote: Author: sbruno Date: Thu Jun 11 02:29:39 2015 New Revision: 284252 URL: https://svnweb.freebsd.org/changeset/base/284252 Log: r284198 seems to have left a null format string printf that gcc does *not* like breaking

svn commit: r284280 - head/sys/netpfil/pf

Author: kp Date: Thu Jun 11 17:57:47 2015 New Revision: 284280 URL: https://svnweb.freebsd.org/changeset/base/284280 Log: pf: Remove frc_direction We don't use the direction of the fragments for anything. The frc_direction field is assigned, but never read. Just remove it.

svn commit: r285999 - head/sys/netpfil/pf

Author: kp Date: Wed Jul 29 06:35:36 2015 New Revision: 285999 URL: https://svnweb.freebsd.org/changeset/base/285999 Log: pf: Always initialise pf_fragment.fr_flags When we allocate the struct pf_fragment in pf_fillup_fragment() we forgot to initialise the fr_flags field. As a result we

svn commit: r286537 - head/sys/netinet

Author: kp Date: Sun Aug 9 19:07:24 2015 New Revision: 286537 URL: https://svnweb.freebsd.org/changeset/base/286537 Log: tcp_reass_zone is not a VNET variable. This fixes a panic during 'sysctl -a' on VIMAGE kernels. The tcp_reass_zone variable is not VNET_DEFINE() so we can not mark

svn commit: r285871 - head/share/man/man5

Author: kp Date: Sat Jul 25 14:06:32 2015 New Revision: 285871 URL: https://svnweb.freebsd.org/changeset/base/285871 Log: Pf can reassemble IPv6 fragments now. Obtained from: bluhm (OpenBSD) Sponsored by: Essen FreeBSD Hackathon Modified: head/share/man/man5/pf.conf.5 Modified:

svn commit: r285874 - head/sys/netinet

Author: kp Date: Sat Jul 25 16:14:55 2015 New Revision: 285874 URL: https://svnweb.freebsd.org/changeset/base/285874 Log: Remove stale comment. The IPv6 pseudo header checksum was added by bz in r235961. Sponsored by: Essen FreeBSD Hackathon Modified: head/sys/netinet/tcp_output.c

svn commit: r289932 - head/sys/net

Author: kp Date: Sun Oct 25 13:14:53 2015 New Revision: 289932 URL: https://svnweb.freebsd.org/changeset/base/289932 Log: PF_ANEQ() macro will in most situations returns TRUE comparing two identical IPv4 packets (when it should return FALSE). It happens because PF_ANEQ() doesn't stop if

svn commit: r290161 - head/sys/netpfil/pf

Author: kp Date: Thu Oct 29 20:45:53 2015 New Revision: 290161 URL: https://svnweb.freebsd.org/changeset/base/290161 Log: pf: Fix IPv6 checksums with route-to. When using route-to (or reply-to) pf sends the packet directly to the output interface. If that interface doesn't support

Re: svn commit: r289932 - head/sys/net

> On 25 Oct 2015, at 17:48, Ian Lepore <i...@freebsd.org> wrote: > > On Sun, 2015-10-25 at 13:14 +, Kristof Provost wrote: >> Author: kp >> Date: Sun Oct 25 13:14:53 2015 >> New Revision: 289932 >> URL: https://svnweb.freebsd.org/changeset/base

svn commit: r289940 - head/sys/net

Author: kp Date: Sun Oct 25 18:09:03 2015 New Revision: 289940 URL: https://svnweb.freebsd.org/changeset/base/289940 Log: pf: Fix compliation warning with gcc While fixing the PF_ANEQ() macro I messed up the parentheses, leading to compliation warnings with gcc. Spotted by: ian

svn commit: r290236 - head/sbin/pfctl

Author: kp Date: Sun Nov 1 17:20:17 2015 New Revision: 290236 URL: https://svnweb.freebsd.org/changeset/base/290236 Log: pfctl: Fix uninitialised veriable In pfctl_set_debug() we used 'level' without ever initialising it. We correctly parsed the option, but them failed to actually

svn commit: r290521 - head/sys/netpfil/pf

Author: kp Date: Sat Nov 7 23:51:42 2015 New Revision: 290521 URL: https://svnweb.freebsd.org/changeset/base/290521 Log: pf: Fix broken rule skip calculation r289932 accidentally broke the rule skip calculation. The address family argument to PF_ANEQ() is now important, and because it

Re: svn commit: r289316 - in head/sys: net netpfil/pf

> On 14 Oct 2015, at 18:30, Baptiste Daroussin <b...@freebsd.org> wrote: > > On Wed, Oct 14, 2015 at 04:21:41PM +, Kristof Provost wrote: >> Author: kp >> Date: Wed Oct 14 16:21:41 2015 >> New Revision: 289316 >> URL: https://svnweb.freebsd.org/change

svn commit: r289316 - in head/sys: net netpfil/pf

Author: kp Date: Wed Oct 14 16:21:41 2015 New Revision: 289316 URL: https://svnweb.freebsd.org/changeset/base/289316 Log: pf: Fix TSO issues In certain configurations (mostly but not exclusively as a VM on Xen) pf produced packets with an invalid TCP checksum. The problem was that

svn commit: r287222 - in head: . sbin/pfctl share/man/man5 sys/net sys/netpfil/pf

Author: kp Date: Thu Aug 27 21:27:47 2015 New Revision: 287222 URL: https://svnweb.freebsd.org/changeset/base/287222 Log: pf: Remove support for 'scrub fragment crop|drop-ovl' The crop/drop-ovl fragment scrub modes are not very useful and likely to confuse users into making poor

svn commit: r287376 - head/sys/netpfil/pf

Author: kp Date: Tue Sep 1 19:04:04 2015 New Revision: 287376 URL: https://svnweb.freebsd.org/changeset/base/287376 Log: pf: Fix misdetection of forwarding when net.link.bridge.pfil_bridge is set If net.link.bridge.pfil_bridge is set we can end up thinking we're forwarding in

Re: svn commit: r292275 - in head/sys: net netinet netinet6

> On 16 Dec 2015, at 13:09, Steven Hartland wrote: > > I've attached a patch which should fix if you could test that would be great, > but I'd still like to understand if there is something wrong elsewhere before > I do. The board boots & works with this patch.

Re: svn commit: r292275 - in head/sys: net netinet netinet6

> On 15 Dec 2015, at 23:15, Kristof Provost <k...@freebsd.org> wrote: > Based on the arp_announce() in the backtrace this commit looks like a > possible cause. I see this in arp_announce(): KP: arp_announce() ifp->if_addr = 0 So that explains why we panic in 'lladdr = IF_LL

Re: svn commit: r292275 - in head/sys: net netinet netinet6

> On 16 Dec 2015, at 00:08, Adrian Chadd wrote: > > oops, file a bug at github.com/freebsd/freebsd-wifi-build and I'll fix it > asap. > No worries, it happens: https://github.com/freebsd/freebsd-wifi-build/issues/68 This fixed the problem for me: diff --git

svn commit: r292219 - head/sys/netinet6

Author: kp Date: Mon Dec 14 19:44:49 2015 New Revision: 292219 URL: https://svnweb.freebsd.org/changeset/base/292219 Log: inet6: Do not assume every interface has ip6 enabled. Certain interfaces (e.g. pfsync0) do not have ip6 addresses (in other words, ifp->if_afdata[AF_INET6] is NULL).

Re: svn commit: r292275 - in head/sys: net netinet netinet6

> On 15 Dec 2015, at 17:02, Steven Hartland wrote: > > Author: smh > Date: Tue Dec 15 16:02:11 2015 > New Revision: 292275 > URL: https://svnweb.freebsd.org/changeset/base/292275 > > Log: > Fix lagg failover due to missing notifications > I’ve just built a new image

svn commit: r292992 - in head/sys/dev/usb: . net

Author: kp Date: Thu Dec 31 18:12:35 2015 New Revision: 292992 URL: https://svnweb.freebsd.org/changeset/base/292992 Log: Add suppoort for the Sitecom LN-031 This is an AX88178 chip, which we already support so all we have to do is add the USB product and vendor ID. Modified:

Re: svn commit: r292309 - in head/sys: modules modules/tcp modules/tcp/fastpath netinet netinet/tcp_stacks

> On 16 Dec 2015, at 01:56, Randall Stewart wrote: > > Author: rrs > Date: Wed Dec 16 00:56:45 2015 > New Revision: 292309 > URL: https://svnweb.freebsd.org/changeset/base/292309 > > Log: > First cut of the modularization of our TCP stack. Still > to do is to clean up the

Re: svn commit: r292309 - in head/sys: modules modules/tcp modules/tcp/fastpath netinet netinet/tcp_stacks

> On 19 Dec 2015, at 19:53, Jonathan T. Looney <j...@freebsd.org> wrote: > > On 12/18/15, 3:54 PM, "owner-src-committ...@freebsd.org on behalf of > Kristof Provost" <owner-src-committ...@freebsd.org on behalf of > kris...@sigsegv.be> wrote: > >> &g

Re: svn commit: r292599 - head/sys/netinet

Thanks! Kristof > On 22 Dec 2015, at 14:41, Jonathan T. Looney wrote: > > Author: jtl > Date: Tue Dec 22 13:41:50 2015 > New Revision: 292599 > URL: https://svnweb.freebsd.org/changeset/base/292599 > > Log: > Fix a panic when launching VNETs after the commit of r292309. >

svn commit: r301998 - in head: sbin/pfctl share/man/man5 sys/net sys/netpfil/pf

Author: kp Date: Fri Jun 17 18:21:55 2016 New Revision: 301998 URL: https://svnweb.freebsd.org/changeset/base/301998 Log: pf: Filter on and set vlan PCP values Adopt the OpenBSD syntax for setting and filtering on VLAN PCP values. This introduces two new keywords: 'set prio' to set the

Re: svn commit: r300881 - in head/sys: cddl/contrib/opensolaris/uts/common/fs/zfs geom

On 20 Jun 2016, at 17:34, Allan Jude wrote: > Looking at the backtrace, do you have one or more ZVOLs? > No, there are no zvols: % zfs list -t volume no datasets available Regards, Kristof ___ svn-src-head@freebsd.org mailing list

Re: svn commit: r300881 - in head/sys: cddl/contrib/opensolaris/uts/common/fs/zfs geom

? Any SAS expanders? Please open a bug for this and assign to me so we can be sure to get this fixed in time for 11.0. -Alan On Mon, Jun 20, 2016 at 8:59 AM, Kristof Provost <k...@freebsd.org> wrote: Hi, It looks like this change breaks boot on my machine. I’m running a root-on-ZFS

Re: svn commit: r300881 - in head/sys: cddl/contrib/opensolaris/uts/common/fs/zfs geom

Hi, It looks like this change breaks boot on my machine. I’m running a root-on-ZFS system and reliably see this panic during boot. It’s a 4 disk raidz-1. It’s now running r302028 with r300881 backed out, and booting fine. The panic: panic: solaris assert: refcount(count(>spa_refcount) >=

Re: svn commit: r296025 - head/sys/netpfil/pf

On 2016-02-24 23:47:55 (-0800), Conrad Meyer wrote: > On Wed, Feb 24, 2016 at 11:41 PM, Adrian Chadd wrote: > > .. what's capping totlen so one doesn't run out of memory? > > There was a DoS vector before (user controlled io->pfrio_size) and > basically

svn commit: r296025 - head/sys/netpfil/pf

Author: kp Date: Thu Feb 25 07:33:59 2016 New Revision: 296025 URL: https://svnweb.freebsd.org/changeset/base/296025 Log: pf: Fix possible out-of-bounds write In the DIOCRSETADDRS ioctl() handler we allocate a table for struct pfr_addrs, which is processed in pfr_set_addrs(). At the

svn commit: r295836 - head/sbin/ifconfig

Author: kp Date: Sat Feb 20 11:36:35 2016 New Revision: 295836 URL: https://svnweb.freebsd.org/changeset/base/295836 Log: ifconfig(8): can't use 'name' or 'description' when creating interface with auto numbering If one does 'ifconfig tap create name blah', it will return error because

svn commit: r295838 - head/sys/netpfil/pf

Author: kp Date: Sat Feb 20 12:53:53 2016 New Revision: 295838 URL: https://svnweb.freebsd.org/changeset/base/295838 Log: in pf_print_state_parts, do not use skw->proto to print the protocol but our local copy proto that we very carefully set beforehands. skw being NULL is perfectly valid

svn commit: r296932 - head/sys/netpfil/pf

Author: kp Date: Wed Mar 16 06:42:15 2016 New Revision: 296932 URL: https://svnweb.freebsd.org/changeset/base/296932 Log: pf: Improve forwarding detection When we guess the nature of the outbound packet (output vs. forwarding) we need to take bridges into account. When bridging the

Re: svn commit: r296986 - head/sys/netinet6

> On 17 Mar 2016, at 12:10, Andrey V. Elsukov wrote: > > Author: ae > Date: Thu Mar 17 11:10:44 2016 > New Revision: 296986 > URL: https://svnweb.freebsd.org/changeset/base/296986 > > Log: > Reduce the number of local variables. Remove redundant check that inp > pointer

svn commit: r297315 - head/etc/rc.d

Author: kp Date: Sun Mar 27 17:22:27 2016 New Revision: 297315 URL: https://svnweb.freebsd.org/changeset/base/297315 Log: pf: Friendly error message for status if pf.ko is not loaded Check if pf.ko is loaded (i.e. /dev/pf exists) before trying to use it. This means that '/etc/rc.d/pf

Re: svn commit: r298664 - head/sys/fs/msdosfs

> On 26 Apr 2016, at 23:37, Shawn Webb <shawn.w...@hardenedbsd.org> wrote: > > On Tue, Apr 26, 2016 at 11:05:38PM +0200, Kristof Provost wrote: >> >>> On 26 Apr 2016, at 23:01, Shawn Webb <shawn.w...@hardenedbsd.org> wrote: >>> >>> On

Re: svn commit: r298664 - head/sys/fs/msdosfs

> On 26 Apr 2016, at 23:01, Shawn Webb <shawn.w...@hardenedbsd.org> wrote: > > On Tue, Apr 26, 2016 at 08:36:32PM +, Kristof Provost wrote: >> Author: kp >> Date: Tue Apr 26 20:36:32 2016 >> New Revision: 298664 >> URL: https://svnweb.freebsd.org/change

Re: svn commit: r298664 - head/sys/fs/msdosfs

> On 26 Apr 2016, at 23:18, Shawn Webb wrote: > Was secteam@ even involved, then? Seems like a user-facing kernel buffer > overflow ought to have involved secteam@. > No, it wasn’t. This bug had been open for quite a while, and I just happend to see the report and

svn commit: r298664 - head/sys/fs/msdosfs

Author: kp Date: Tue Apr 26 20:36:32 2016 New Revision: 298664 URL: https://svnweb.freebsd.org/changeset/base/298664 Log: msdosfs: Prevent buffer overflow when expanding win95 names In win2unixfn() we expand Windows 95 style long names. In some cases that requires moving the data in the

svn commit: r300508 - head/sys/netpfil/pf

Author: kp Date: Mon May 23 13:59:48 2016 New Revision: 300508 URL: https://svnweb.freebsd.org/changeset/base/300508 Log: pf: Fix more ICMP mistranslation In the default case fix the substitution of the destination address. PR: 201519 Submitted by: Max

Re: svn commit: r300113 - in head/sys: conf kern net sys

On 18 May 2016, at 10:05, Scott Long wrote: Author: scottl Date: Wed May 18 04:35:58 2016 New Revision: 300113 URL: https://svnweb.freebsd.org/changeset/base/300113 Log: Import the 'iflib' API library for network drivers. From the author: For reasons I don’t understand right now this

Re: svn commit: r300113 - in head/sys: conf kern net sys

On 19 May 2016, at 17:36, Andriy Gapon wrote: On 19/05/2016 14:37, Kristof Provost wrote: On 18 May 2016, at 10:05, Scott Long wrote: Author: scottl Date: Wed May 18 04:35:58 2016 New Revision: 300113 URL: https://svnweb.freebsd.org/changeset/base/300113 Log: Import the 'iflib' API

svn commit: r300501 - head/sys/netpfil/pf

Author: kp Date: Mon May 23 12:41:29 2016 New Revision: 300501 URL: https://svnweb.freebsd.org/changeset/base/300501 Log: pf: Fix ICMP translation Fix ICMP source address rewriting in rdr scenarios. PR: 201519 Submitted by: Max MFC after:1 week

svn commit: r300307 - head/sys/netpfil/pf

Author: kp Date: Fri May 20 15:41:05 2016 New Revision: 300307 URL: https://svnweb.freebsd.org/changeset/base/300307 Log: pf: Fix fragment timeout We were inconsistent about the use of time_second vs. time_uptime. Always use time_uptime so the value can be meaningfully compared.

svn commit: r299725 - head/sys/dev/virtio/network

Author: kp Date: Sat May 14 06:07:15 2016 New Revision: 299725 URL: https://svnweb.freebsd.org/changeset/base/299725 Log: vtnet: fix panic on unload Since r276367 added the virtio_mmio support vtnet_modevent() gets called twice. This resulted in a memory leak during load and a panic on

svn commit: r303663 - head/sbin/pfctl

Author: kp Date: Tue Aug 2 15:41:42 2016 New Revision: 303663 URL: https://svnweb.freebsd.org/changeset/base/303663 Log: pfctl: Allow TOS bits to be cleared TOS value 0 is valid, so use 256 as an invalid value rather than zero. This allows users to enforce TOS == 0 with pf.

svn commit: r304152 - head/sys/netpfil/pf

Author: kp Date: Mon Aug 15 12:13:14 2016 New Revision: 304152 URL: https://svnweb.freebsd.org/changeset/base/304152 Log: pf: Add missing byte-order swap to pf_match_addr_range Without this, rules using address ranges (e.g. "10.1.1.1 - 10.1.1.5") did not match addresses correctly on

svn commit: r302497 - head/sys/netpfil/pf

Author: kp Date: Sat Jul 9 12:17:01 2016 New Revision: 302497 URL: https://svnweb.freebsd.org/changeset/base/302497 Log: pf: Map hook returns onto the correct error values pf returns PF_PASS, PF_DROP, ... in the netpfil hooks, but the hook callers expect to get E error codes. Map the

Re: svn commit: r302420 - head

On 8 Jul 2016, at 11:38, Slawa Olhovchenkov wrote: On Fri, Jul 08, 2016 at 02:19:09AM +, Glen Barber wrote: Author: gjb Date: Fri Jul 8 02:19:09 2016 New Revision: 302420 URL: https://svnweb.freebsd.org/changeset/base/302420 Log: Spell '12.x' correctly in UPDATING. Submitted by:

svn commit: r303757 - head/sbin/pfctl

Author: kp Date: Thu Aug 4 19:24:05 2016 New Revision: 303757 URL: https://svnweb.freebsd.org/changeset/base/303757 Log: pfctl: Add missing __FBSDID to pfctl_osfp.c Modified: head/sbin/pfctl/pfctl_osfp.c Modified: head/sbin/pfctl/pfctl_osfp.c

svn commit: r303758 - head/sbin/pfctl

Author: kp Date: Thu Aug 4 19:24:44 2016 New Revision: 303758 URL: https://svnweb.freebsd.org/changeset/base/303758 Log: pfctl: Make most global variables static. This will make it easier to link as a library. Submitted by: Christian Mauderer

svn commit: r303673 - head/sbin/pfctl

Author: kp Date: Tue Aug 2 19:54:40 2016 New Revision: 303673 URL: https://svnweb.freebsd.org/changeset/base/303673 Log: pfctl: Match prototype of pfctl_load_hostid. The prototype and the implementation of the pfctl_load_hostid used a different data type for one of the parameters.

svn commit: r303678 - head/sbin/pfctl

Author: kp Date: Tue Aug 2 20:32:02 2016 New Revision: 303678 URL: https://svnweb.freebsd.org/changeset/base/303678 Log: pfctl: Use const where possible. This adds const qualifiers where it is possible. Submitted by: Christian Mauderer

svn commit: r312782 - head/sys/net

Author: kp Date: Wed Jan 25 21:25:26 2017 New Revision: 312782 URL: https://svnweb.freebsd.org/changeset/base/312782 Log: bridge: Release the bridge lock when calling bridge_set_ifcap() This calls ioctl() handlers for the different interfaces in the bridge. These handlers expect to get

svn commit: r305290 - in head: lib lib/libifc lib/libifconfig share/examples/libifc share/examples/libifconfig share/mk

Author: kp Date: Fri Sep 2 18:33:08 2016 New Revision: 305290 URL: https://svnweb.freebsd.org/changeset/base/305290 Log: Renaming libifc to libifconfig in response to feedback on initial commit of this library. Sticking to 'libifconfig' (and 'ifconfig_' as function prefix) should reduce

svn commit: r305395 - in head: lib/libifconfig share/examples/libifconfig

Author: kp Date: Sun Sep 4 20:55:27 2016 New Revision: 305395 URL: https://svnweb.freebsd.org/changeset/base/305395 Log: libifconfig: style(9) fixes Also switch from BSD 3-clause to 2-clause license where possible, and consolidate duplicate 3-clause license into one. Submitted by:

svn commit: r306289 - head/sys/net

Author: kp Date: Sat Sep 24 07:09:43 2016 New Revision: 306289 URL: https://svnweb.freebsd.org/changeset/base/306289 Log: bridge: Fix fragment handling and memory leak Fragmented UDP and ICMP packets were corrupted if a firewall with reassembling feature (like pf'scrub) is enabled on the

svn commit: r306684 - in head: sbin/pfctl share/man/man5 sys/netpfil/pf

Author: kp Date: Tue Oct 4 19:35:14 2016 New Revision: 306684 URL: https://svnweb.freebsd.org/changeset/base/306684 Log: pf: remove fastroute tag The tag fastroute came from ipf and was removed in OpenBSD in 2011. The code allows to skip the in pfil hooks and completely removes the out

svn commit: r304815 - in head: lib lib/libifc share/examples/libifc share/mk

Author: kp Date: Thu Aug 25 19:40:25 2016 New Revision: 304815 URL: https://svnweb.freebsd.org/changeset/base/304815 Log: Add libifc, a library implementing core functionality that exists in ifconfig(8) today. libifc (pronounced lib-ifconfig) aims to be a light abstraction layer between

Re: svn commit: r304815 - in head: lib lib/libifc share/examples/libifc share/mk

On 25 Aug 2016, at 22:14, John Baldwin wrote: On Thursday, August 25, 2016 07:40:25 PM Kristof Provost wrote: Author: kp Date: Thu Aug 25 19:40:25 2016 New Revision: 304815 URL: https://svnweb.freebsd.org/changeset/base/304815 Log: Add libifc, a library implementing core functionality

Re: svn commit: r306289 - head/sys/net

On 26 Sep 2016, at 15:28, Renato Botelho wrote: > > On 24 Sep 2016, at 04:09, Kristof Provost <k...@freebsd.org> wrote: >> Author: kp >> Date: Sat Sep 24 07:09:43 2016 >> New Revision: 306289 >> URL: https://svnweb.freebsd.org/changeset/base/306289 >>

svn commit: r308486 - head/sbin/pfctl

Author: kp Date: Thu Nov 10 18:41:43 2016 New Revision: 308486 URL: https://svnweb.freebsd.org/changeset/base/308486 Log: pfctl: fix nested inline anchors Import the OpenBSD fix for nested inline anchors. PR: 196314 Submitted by: kri...@cflinux.hu Obtained from:

Re: svn commit: r307235 - in head: sbin/pfctl share/man/man5 sys/netpfil/pf

This work was done by franco_opnsense.org I forgot to credit him in the commit message. Sorry Franco. Regards, Kristof On 13 Oct 2016, at 22:34, Kristof Provost wrote: Author: kp Date: Thu Oct 13 20:34:44 2016 New Revision: 307235 URL: https://svnweb.freebsd.org/changeset/base/307235 Log

svn commit: r307235 - in head: sbin/pfctl share/man/man5 sys/netpfil/pf

Author: kp Date: Thu Oct 13 20:34:44 2016 New Revision: 307235 URL: https://svnweb.freebsd.org/changeset/base/307235 Log: pf: port extended DSCP support from OpenBSD Ignore the ECN bits on 'tos' and 'set-tos' and allow to use DCSP names instead of having to embed their TOS equivalents

svn commit: r312224 - head/sys/dev/etherswitch/arswitch

Author: kp Date: Sun Jan 15 10:21:25 2017 New Revision: 312224 URL: https://svnweb.freebsd.org/changeset/base/312224 Log: arswitch: Ensure the lock is always held when calling arswitch_modifyreg() arswitch_setled() and a number of _global_setup functions did not acquire the lock before

svn commit: r309563 - head/sys/netpfil/pf

Author: kp Date: Mon Dec 5 21:52:10 2016 New Revision: 309563 URL: https://svnweb.freebsd.org/changeset/base/309563 Log: pflog: Correctly initialise subrulenr subrulenr is considered unset if it's set to -1, not if it's set to 1. See contrib/tcpdump/print-pflog.c pflog_print() for a

svn commit: r315741 - in head/sys: net netpfil/pf

Author: kp Date: Wed Mar 22 21:18:18 2017 New Revision: 315741 URL: https://svnweb.freebsd.org/changeset/base/315741 Log: pf: Fix possible shutdown race Prevent possible races in the pf_unload() / pf_purge_thread() shutdown code. Lock the pf_purge_thread() with the new pf_end_lock to

svn commit: r315529 - head/sys/netpfil/pf

Author: kp Date: Sun Mar 19 03:06:09 2017 New Revision: 315529 URL: https://svnweb.freebsd.org/changeset/base/315529 Log: pf: Fix rule evaluation after inet6 route-to In pf_route6() we re-run the ruleset with PF_FWD if the packet goes out of a different interface. pf_test6() needs to

svn commit: r315469 - head/sys/netpfil/pf

Author: kp Date: Sat Mar 18 01:37:20 2017 New Revision: 315469 URL: https://svnweb.freebsd.org/changeset/base/315469 Log: pf: Fix memory leak on vnet shutdown or unload Rules are unlinked in shutdown_pf(), so we must call pf_unload_vnet_purge(), which frees unlinked rules, after that,

Re: svn commit: r315136 - head/sys/netpfil/pf

On 15 Mar 2017, at 15:45, John Baldwin wrote: You are ignoring interrupts and preemption. Suppose you get an interrupt after 'wakeup_one(pf_purge_thread)' and before 'tsleep(..., 0)' in pf_unload(). If the interrupt preempts and results in the purge thread running and issuing its wakeup

Re: svn commit: r315136 - head/sys/netpfil/pf

On 15 Mar 2017, at 6:57, Gleb Smirnoff wrote: On Sun, Mar 12, 2017 at 05:42:57AM +, Kristof Provost wrote: K> Log: K> pf: Fix incorrect rw_sleep() in pf_unload() K> K> When we unload we don't hold the pf_rules_lock, so we cannot call rw_sleep() K> with it, because i

svn commit: r316355 - head/sys/netpfil/pf

Author: kp Date: Sat Apr 1 12:22:34 2017 New Revision: 316355 URL: https://svnweb.freebsd.org/changeset/base/316355 Log: pf: Fix leak of pf_state_keys If we hit the state limit we returned from pf_create_state() without cleaning up. PR: 217997 Submitted by: Max

svn commit: r317186 - in head/sys: netinet6 netpfil/pf

Author: kp Date: Thu Apr 20 09:05:53 2017 New Revision: 317186 URL: https://svnweb.freebsd.org/changeset/base/317186 Log: pf: Fix possible incorrect IPv6 fragmentation When forwarding pf tracks the size of the largest fragment in a fragmented packet, and refragments based on this size.

svn commit: r317282 - head/sys/netinet6

Author: kp Date: Sat Apr 22 13:04:36 2017 New Revision: 317282 URL: https://svnweb.freebsd.org/changeset/base/317282 Log: Rename variable for clarity Rename the mtu variable in ip6_fragment(), because mtu is misleading. The variable actually holds the fragment length. No functional

svn commit: r315131 - head/sys/netpfil/pf

Author: kp Date: Sun Mar 12 05:00:04 2017 New Revision: 315131 URL: https://svnweb.freebsd.org/changeset/base/315131 Log: pf: Do not lose the VNET lock when ending the purge thread When the pf_purge_thread() exits it must make sure to release the VNET_LIST_RLOCK it still holds.

svn commit: r315136 - head/sys/netpfil/pf

Author: kp Date: Sun Mar 12 05:42:57 2017 New Revision: 315136 URL: https://svnweb.freebsd.org/changeset/base/315136 Log: pf: Fix incorrect rw_sleep() in pf_unload() When we unload we don't hold the pf_rules_lock, so we cannot call rw_sleep() with it, because it would release a lock we

svn commit: r314810 - head/sys/netpfil/pf

Author: kp Date: Mon Mar 6 23:41:23 2017 New Revision: 314810 URL: https://svnweb.freebsd.org/changeset/base/314810 Log: pf: Fix a crash in low-memory situations If the call to pf_state_key_clone() in pf_get_translation() fails (i.e. there's no more memory for it) it frees skp. This is

svn commit: r317102 - head/sys/netpfil/pf

Author: kp Date: Tue Apr 18 20:07:21 2017 New Revision: 317102 URL: https://svnweb.freebsd.org/changeset/base/317102 Log: pf: Also clear limit counters The "pfctl -F info" command didn't clear the limit counters ( as shown in the "pfctl -vsi" output). Submitted by: Max

svn commit: r321771 - head/usr.bin/calendar/calendars

/10 Jean-Yves Lefort <jylef...@freebsd.org> born in Charleroi, Belgium, 1980 01/12 Yen-Ming Lee <le...@freebsd.org> born in Taipei, Taiwan, Republic of China, 1977 01/12 Ying-Chieh Liao <ijl...@freebsd.org> born in Taipei, Taiwan, Republic of China, 1979 +01/12

Re: svn commit: r320802 - head/etc/rc.d

On 29 Jul 2017, at 17:20, Harry Schmalzbauer wrote: Bezüglich Kristof Provost's Nachricht vom 08.07.2017 11:28 (localtime): Author: kp Date: Sat Jul 8 09:28:31 2017 New Revision: 320802 URL: https://svnweb.freebsd.org/changeset/base/320802 Log: Allow more services to run in vnet jails Do

  1   2   3   4   5   >