support for the Marvell Orion TS-7800.
P
P Submitted by:Kristof Provost kristof -at- freebsd.org
P
P Added:
P head/sys/arm/mv/orion/files.ts7800 (contents, props changed)
P head/sys/arm/mv/orion/std.ts7800 (contents, props changed)
P head/sys/boot/fdt/dts/ts7800.dts (contents
Hi,
I'm seeing a panic when I start natd, which I suspect is related to this
commit:
panic: Lock pcbinfohash not exclusively locked @
/usr/src/sys/netinet/in_pcb.c:323
Backtrace:
panic() ...
_rw_assert() at _rw_assert+0x18d
in_pcbbind() at in_pcbbind+0xf5
div_bind() at div_bind+0xb9
sobind() at
On 2011-06-04 17:27:56 (+0100), Robert Watson rwat...@freebsd.org wrote:
On Sat, 4 Jun 2011, Kristof Provost wrote:
I'm seeing a panic when I start natd, which I suspect is related
to this commit:
And, I believe now fixed in the just-committed r222690. My
suggestion is that people
Hi Kirk,
On 2013-10-20 21:11:41 (+), Kirk McKusick mckus...@freebsd.org wrote:
Modified: head/sys/ufs/ffs/ffs_softdep.c
==
--- head/sys/ufs/ffs/ffs_softdep.cSun Oct 20 21:11:36 2013
(r256807)
+++
Author: kp
Date: Wed Apr 1 12:15:01 2015
New Revision: 280955
URL: https://svnweb.freebsd.org/changeset/base/280955
Log:
Preserve IPv6 fragment IDs accross reassembly and refragmentation
When forwarding fragmented IPv6 packets and filtering with PF we
reassemble and refragment. That
Author: kp
Date: Wed Apr 1 12:16:56 2015
New Revision: 280956
URL: https://svnweb.freebsd.org/changeset/base/280956
Log:
pf: Deal with runt packets
On Ethernet packets have a minimal length, so very short packets get padding
appended to them. This padding is not stripped off in
Author: kp
Date: Thu Mar 26 17:13:11 2015
New Revision: 280701
URL: https://svnweb.freebsd.org/changeset/base/280701
Log:
Clarify the ministat default width
The man page states that:
'-w widthWidth of ASCII-art plot in characters, default is 74.'
This is not entirely correct.
kevlo [label=Kevin Lo\nke...@freebsd.org\n2006/07/23]
kib [label=Konstantin Belousov\n...@freebsd.org\n2006/06/03]
kmacy [label=Kip Macy\nkm...@freebsd.org\n2005/06/01]
+kp [label=Kristof Provost\n...@freebsd.org\n2015/03/22]
le [label=Lukas Ertl\n...@freebsd.org\n2004/02/02]
loos [label=Luiz
On 2015-04-15 15:53:02 (+0300), Gleb Smirnoff gleb...@freebsd.org wrote:
On Tue, Apr 14, 2015 at 07:07:37PM +, Kristof Provost wrote:
K Author: kp
K Date: Tue Apr 14 19:07:37 2015
K New Revision: 281536
K URL: https://svnweb.freebsd.org/changeset/base/281536
K
K Log:
K pf: Fix
Author: kp
Date: Tue Apr 14 19:07:37 2015
New Revision: 281536
URL: https://svnweb.freebsd.org/changeset/base/281536
Log:
pf: Fix forwarding detection
If the direction is not PF_OUT we can never be forwarding. Some input packets
have rcvif != ifp (looped back packets), which lead us to
Author: kp
Date: Mon Apr 6 19:05:00 2015
New Revision: 281164
URL: https://svnweb.freebsd.org/changeset/base/281164
Log:
pf: Skip firewall for refragmented ip6 packets
In cases where we scrub (fragment reassemble) on both input and output
we risk ending up in infinite loops when
Author: kp
Date: Mon Apr 6 19:08:44 2015
New Revision: 281165
URL: https://svnweb.freebsd.org/changeset/base/281165
Log:
Remove duplicate code
We'll just fall into the same local delivery block under the
'if (m-m_flags M_FASTFWD_OURS)'.
Suggested by: ae
Differential Revision:
On 06 Apr 2015, at 22:50, Richard Tector richardtec...@thekeelecentre.com
wrote:
I was just wondering how this affects the case where we might have if-bound
rules?
Really basic example:
pass quick on $outside_if inet6 proto udp from any to $myhost
block drop quick on $inside_if
On 2015-04-07 08:33:17 (+0200), Hans Ottevanger h...@beastielabs.net wrote:
On 04/06/15 21:05, Kristof Provost wrote:
Author: kp
Date: Mon Apr 6 19:05:00 2015
New Revision: 281164
URL: https://svnweb.freebsd.org/changeset/base/281164
Log:
pf: Skip firewall for refragmented ip6
Author: kp
Date: Tue Apr 7 20:29:03 2015
New Revision: 281234
URL: https://svnweb.freebsd.org/changeset/base/281234
Log:
Evaluate packet size after the firewall had its chance
Defer the packet size check until after the firewall has had a look at it.
This
means that the firewall now
Author: kp
Date: Wed Jun 10 13:44:04 2015
New Revision: 284222
URL: https://svnweb.freebsd.org/changeset/base/284222
Log:
pf: address family must be set when creating a pf_fragment
Fix a panic when handling fragmented ip4 packets with 'drop-ovl' set.
In that scenario we take a different
On 2015-06-10 16:53:33 (+0200), Oliver Pinter oliver.pin...@hardenedbsd.org
wrote:
On 6/10/15, Kristof Provost k...@freebsd.org wrote:
Author: kp
Date: Wed Jun 10 13:44:04 2015
New Revision: 284222
URL: https://svnweb.freebsd.org/changeset/base/284222
Log:
pf: address family must
Author: kp
Date: Thu Jun 11 13:26:16 2015
New Revision: 284260
URL: https://svnweb.freebsd.org/changeset/base/284260
Log:
pf: Save the protocol number in the pf_fragment
When we try to look up a pf_fragment with pf_find_fragment() we compare (see
pf_frag_compare()) addresses (and
Author: kp
Date: Sat Jun 13 19:39:21 2015
New Revision: 284348
URL: https://svnweb.freebsd.org/changeset/base/284348
Log:
Fix panic when adding vtnet interfaces to a bridge
vtnet interfaces are always in promiscuous mode (at least if the
VIRTIO_NET_F_CTRL_RX feature is not negotiated
On 2015-06-11 02:29:40 (+), Sean Bruno sbr...@freebsd.org wrote:
Author: sbruno
Date: Thu Jun 11 02:29:39 2015
New Revision: 284252
URL: https://svnweb.freebsd.org/changeset/base/284252
Log:
r284198 seems to have left a null format string printf that gcc does *not*
like breaking
Author: kp
Date: Thu Jun 11 17:57:47 2015
New Revision: 284280
URL: https://svnweb.freebsd.org/changeset/base/284280
Log:
pf: Remove frc_direction
We don't use the direction of the fragments for anything. The frc_direction
field is assigned, but never read.
Just remove it.
Author: kp
Date: Wed Jul 29 06:35:36 2015
New Revision: 285999
URL: https://svnweb.freebsd.org/changeset/base/285999
Log:
pf: Always initialise pf_fragment.fr_flags
When we allocate the struct pf_fragment in pf_fillup_fragment() we forgot to
initialise the fr_flags field. As a result we
Author: kp
Date: Sun Aug 9 19:07:24 2015
New Revision: 286537
URL: https://svnweb.freebsd.org/changeset/base/286537
Log:
tcp_reass_zone is not a VNET variable.
This fixes a panic during 'sysctl -a' on VIMAGE kernels.
The tcp_reass_zone variable is not VNET_DEFINE() so we can not mark
Author: kp
Date: Sat Jul 25 14:06:32 2015
New Revision: 285871
URL: https://svnweb.freebsd.org/changeset/base/285871
Log:
Pf can reassemble IPv6 fragments now.
Obtained from: bluhm (OpenBSD)
Sponsored by: Essen FreeBSD Hackathon
Modified:
head/share/man/man5/pf.conf.5
Modified:
Author: kp
Date: Sat Jul 25 16:14:55 2015
New Revision: 285874
URL: https://svnweb.freebsd.org/changeset/base/285874
Log:
Remove stale comment.
The IPv6 pseudo header checksum was added by bz in r235961.
Sponsored by: Essen FreeBSD Hackathon
Modified:
head/sys/netinet/tcp_output.c
Author: kp
Date: Sun Oct 25 13:14:53 2015
New Revision: 289932
URL: https://svnweb.freebsd.org/changeset/base/289932
Log:
PF_ANEQ() macro will in most situations returns TRUE comparing two identical
IPv4 packets (when it should return FALSE). It happens because PF_ANEQ()
doesn't
stop if
Author: kp
Date: Thu Oct 29 20:45:53 2015
New Revision: 290161
URL: https://svnweb.freebsd.org/changeset/base/290161
Log:
pf: Fix IPv6 checksums with route-to.
When using route-to (or reply-to) pf sends the packet directly to the output
interface. If that interface doesn't support
> On 25 Oct 2015, at 17:48, Ian Lepore <i...@freebsd.org> wrote:
>
> On Sun, 2015-10-25 at 13:14 +, Kristof Provost wrote:
>> Author: kp
>> Date: Sun Oct 25 13:14:53 2015
>> New Revision: 289932
>> URL: https://svnweb.freebsd.org/changeset/base
Author: kp
Date: Sun Oct 25 18:09:03 2015
New Revision: 289940
URL: https://svnweb.freebsd.org/changeset/base/289940
Log:
pf: Fix compliation warning with gcc
While fixing the PF_ANEQ() macro I messed up the parentheses, leading to
compliation warnings with gcc.
Spotted by: ian
Author: kp
Date: Sun Nov 1 17:20:17 2015
New Revision: 290236
URL: https://svnweb.freebsd.org/changeset/base/290236
Log:
pfctl: Fix uninitialised veriable
In pfctl_set_debug() we used 'level' without ever initialising it.
We correctly parsed the option, but them failed to actually
Author: kp
Date: Sat Nov 7 23:51:42 2015
New Revision: 290521
URL: https://svnweb.freebsd.org/changeset/base/290521
Log:
pf: Fix broken rule skip calculation
r289932 accidentally broke the rule skip calculation. The address family
argument to PF_ANEQ() is now important, and because it
> On 14 Oct 2015, at 18:30, Baptiste Daroussin <b...@freebsd.org> wrote:
>
> On Wed, Oct 14, 2015 at 04:21:41PM +, Kristof Provost wrote:
>> Author: kp
>> Date: Wed Oct 14 16:21:41 2015
>> New Revision: 289316
>> URL: https://svnweb.freebsd.org/change
Author: kp
Date: Wed Oct 14 16:21:41 2015
New Revision: 289316
URL: https://svnweb.freebsd.org/changeset/base/289316
Log:
pf: Fix TSO issues
In certain configurations (mostly but not exclusively as a VM on Xen) pf
produced packets with an invalid TCP checksum.
The problem was that
Author: kp
Date: Thu Aug 27 21:27:47 2015
New Revision: 287222
URL: https://svnweb.freebsd.org/changeset/base/287222
Log:
pf: Remove support for 'scrub fragment crop|drop-ovl'
The crop/drop-ovl fragment scrub modes are not very useful and likely to
confuse
users into making poor
Author: kp
Date: Tue Sep 1 19:04:04 2015
New Revision: 287376
URL: https://svnweb.freebsd.org/changeset/base/287376
Log:
pf: Fix misdetection of forwarding when net.link.bridge.pfil_bridge is set
If net.link.bridge.pfil_bridge is set we can end up thinking we're forwarding
in
> On 16 Dec 2015, at 13:09, Steven Hartland wrote:
>
> I've attached a patch which should fix if you could test that would be great,
> but I'd still like to understand if there is something wrong elsewhere before
> I do.
The board boots & works with this patch.
> On 15 Dec 2015, at 23:15, Kristof Provost <k...@freebsd.org> wrote:
> Based on the arp_announce() in the backtrace this commit looks like a
> possible cause.
I see this in arp_announce():
KP: arp_announce() ifp->if_addr = 0
So that explains why we panic in 'lladdr = IF_LL
> On 16 Dec 2015, at 00:08, Adrian Chadd wrote:
>
> oops, file a bug at github.com/freebsd/freebsd-wifi-build and I'll fix it
> asap.
>
No worries, it happens:
https://github.com/freebsd/freebsd-wifi-build/issues/68
This fixed the problem for me:
diff --git
Author: kp
Date: Mon Dec 14 19:44:49 2015
New Revision: 292219
URL: https://svnweb.freebsd.org/changeset/base/292219
Log:
inet6: Do not assume every interface has ip6 enabled.
Certain interfaces (e.g. pfsync0) do not have ip6 addresses (in other words,
ifp->if_afdata[AF_INET6] is NULL).
> On 15 Dec 2015, at 17:02, Steven Hartland wrote:
>
> Author: smh
> Date: Tue Dec 15 16:02:11 2015
> New Revision: 292275
> URL: https://svnweb.freebsd.org/changeset/base/292275
>
> Log:
> Fix lagg failover due to missing notifications
>
I’ve just built a new image
Author: kp
Date: Thu Dec 31 18:12:35 2015
New Revision: 292992
URL: https://svnweb.freebsd.org/changeset/base/292992
Log:
Add suppoort for the Sitecom LN-031
This is an AX88178 chip, which we already support so all we have to do is add
the USB product and vendor ID.
Modified:
> On 16 Dec 2015, at 01:56, Randall Stewart wrote:
>
> Author: rrs
> Date: Wed Dec 16 00:56:45 2015
> New Revision: 292309
> URL: https://svnweb.freebsd.org/changeset/base/292309
>
> Log:
> First cut of the modularization of our TCP stack. Still
> to do is to clean up the
> On 19 Dec 2015, at 19:53, Jonathan T. Looney <j...@freebsd.org> wrote:
>
> On 12/18/15, 3:54 PM, "owner-src-committ...@freebsd.org on behalf of
> Kristof Provost" <owner-src-committ...@freebsd.org on behalf of
> kris...@sigsegv.be> wrote:
>
>>
&g
Thanks!
Kristof
> On 22 Dec 2015, at 14:41, Jonathan T. Looney wrote:
>
> Author: jtl
> Date: Tue Dec 22 13:41:50 2015
> New Revision: 292599
> URL: https://svnweb.freebsd.org/changeset/base/292599
>
> Log:
> Fix a panic when launching VNETs after the commit of r292309.
>
Author: kp
Date: Fri Jun 17 18:21:55 2016
New Revision: 301998
URL: https://svnweb.freebsd.org/changeset/base/301998
Log:
pf: Filter on and set vlan PCP values
Adopt the OpenBSD syntax for setting and filtering on VLAN PCP values. This
introduces two new keywords: 'set prio' to set the
On 20 Jun 2016, at 17:34, Allan Jude wrote:
> Looking at the backtrace, do you have one or more ZVOLs?
>
No, there are no zvols:
% zfs list -t volume
no datasets available
Regards,
Kristof
___
svn-src-head@freebsd.org mailing list
? Any SAS expanders? Please
open a bug for this and assign to me so we can be sure to get this
fixed in time for 11.0.
-Alan
On Mon, Jun 20, 2016 at 8:59 AM, Kristof Provost <k...@freebsd.org>
wrote:
Hi,
It looks like this change breaks boot on my machine.
I’m running a root-on-ZFS
Hi,
It looks like this change breaks boot on my machine.
I’m running a root-on-ZFS system and reliably see this panic during
boot. It’s a 4 disk raidz-1.
It’s now running r302028 with r300881 backed out, and booting fine.
The panic:
panic: solaris assert: refcount(count(>spa_refcount) >=
On 2016-02-24 23:47:55 (-0800), Conrad Meyer wrote:
> On Wed, Feb 24, 2016 at 11:41 PM, Adrian Chadd wrote:
> > .. what's capping totlen so one doesn't run out of memory?
>
> There was a DoS vector before (user controlled io->pfrio_size) and
> basically
Author: kp
Date: Thu Feb 25 07:33:59 2016
New Revision: 296025
URL: https://svnweb.freebsd.org/changeset/base/296025
Log:
pf: Fix possible out-of-bounds write
In the DIOCRSETADDRS ioctl() handler we allocate a table for struct pfr_addrs,
which is processed in pfr_set_addrs(). At the
Author: kp
Date: Sat Feb 20 11:36:35 2016
New Revision: 295836
URL: https://svnweb.freebsd.org/changeset/base/295836
Log:
ifconfig(8): can't use 'name' or 'description' when creating interface with
auto numbering
If one does 'ifconfig tap create name blah', it will return error because
Author: kp
Date: Sat Feb 20 12:53:53 2016
New Revision: 295838
URL: https://svnweb.freebsd.org/changeset/base/295838
Log:
in pf_print_state_parts, do not use skw->proto to print the protocol but our
local copy proto that we very carefully set beforehands. skw being NULL is
perfectly valid
Author: kp
Date: Wed Mar 16 06:42:15 2016
New Revision: 296932
URL: https://svnweb.freebsd.org/changeset/base/296932
Log:
pf: Improve forwarding detection
When we guess the nature of the outbound packet (output vs. forwarding) we
need
to take bridges into account. When bridging the
> On 17 Mar 2016, at 12:10, Andrey V. Elsukov wrote:
>
> Author: ae
> Date: Thu Mar 17 11:10:44 2016
> New Revision: 296986
> URL: https://svnweb.freebsd.org/changeset/base/296986
>
> Log:
> Reduce the number of local variables. Remove redundant check that inp
> pointer
Author: kp
Date: Sun Mar 27 17:22:27 2016
New Revision: 297315
URL: https://svnweb.freebsd.org/changeset/base/297315
Log:
pf: Friendly error message for status if pf.ko is not loaded
Check if pf.ko is loaded (i.e. /dev/pf exists) before trying to use it. This
means that '/etc/rc.d/pf
> On 26 Apr 2016, at 23:37, Shawn Webb <shawn.w...@hardenedbsd.org> wrote:
>
> On Tue, Apr 26, 2016 at 11:05:38PM +0200, Kristof Provost wrote:
>>
>>> On 26 Apr 2016, at 23:01, Shawn Webb <shawn.w...@hardenedbsd.org> wrote:
>>>
>>> On
> On 26 Apr 2016, at 23:01, Shawn Webb <shawn.w...@hardenedbsd.org> wrote:
>
> On Tue, Apr 26, 2016 at 08:36:32PM +, Kristof Provost wrote:
>> Author: kp
>> Date: Tue Apr 26 20:36:32 2016
>> New Revision: 298664
>> URL: https://svnweb.freebsd.org/change
> On 26 Apr 2016, at 23:18, Shawn Webb wrote:
> Was secteam@ even involved, then? Seems like a user-facing kernel buffer
> overflow ought to have involved secteam@.
>
No, it wasn’t. This bug had been open for quite a while, and I just happend to
see the report and
Author: kp
Date: Tue Apr 26 20:36:32 2016
New Revision: 298664
URL: https://svnweb.freebsd.org/changeset/base/298664
Log:
msdosfs: Prevent buffer overflow when expanding win95 names
In win2unixfn() we expand Windows 95 style long names. In some cases that
requires moving the data in the
Author: kp
Date: Mon May 23 13:59:48 2016
New Revision: 300508
URL: https://svnweb.freebsd.org/changeset/base/300508
Log:
pf: Fix more ICMP mistranslation
In the default case fix the substitution of the destination address.
PR: 201519
Submitted by: Max
On 18 May 2016, at 10:05, Scott Long wrote:
Author: scottl
Date: Wed May 18 04:35:58 2016
New Revision: 300113
URL: https://svnweb.freebsd.org/changeset/base/300113
Log:
Import the 'iflib' API library for network drivers. From the
author:
For reasons I don’t understand right now this
On 19 May 2016, at 17:36, Andriy Gapon wrote:
On 19/05/2016 14:37, Kristof Provost wrote:
On 18 May 2016, at 10:05, Scott Long wrote:
Author: scottl
Date: Wed May 18 04:35:58 2016
New Revision: 300113
URL: https://svnweb.freebsd.org/changeset/base/300113
Log:
Import the 'iflib' API
Author: kp
Date: Mon May 23 12:41:29 2016
New Revision: 300501
URL: https://svnweb.freebsd.org/changeset/base/300501
Log:
pf: Fix ICMP translation
Fix ICMP source address rewriting in rdr scenarios.
PR: 201519
Submitted by: Max
MFC after:1 week
Author: kp
Date: Fri May 20 15:41:05 2016
New Revision: 300307
URL: https://svnweb.freebsd.org/changeset/base/300307
Log:
pf: Fix fragment timeout
We were inconsistent about the use of time_second vs. time_uptime.
Always use time_uptime so the value can be meaningfully compared.
Author: kp
Date: Sat May 14 06:07:15 2016
New Revision: 299725
URL: https://svnweb.freebsd.org/changeset/base/299725
Log:
vtnet: fix panic on unload
Since r276367 added the virtio_mmio support vtnet_modevent() gets called
twice.
This resulted in a memory leak during load and a panic on
Author: kp
Date: Tue Aug 2 15:41:42 2016
New Revision: 303663
URL: https://svnweb.freebsd.org/changeset/base/303663
Log:
pfctl: Allow TOS bits to be cleared
TOS value 0 is valid, so use 256 as an invalid value rather than zero.
This allows users to enforce TOS == 0 with pf.
Author: kp
Date: Mon Aug 15 12:13:14 2016
New Revision: 304152
URL: https://svnweb.freebsd.org/changeset/base/304152
Log:
pf: Add missing byte-order swap to pf_match_addr_range
Without this, rules using address ranges (e.g. "10.1.1.1 - 10.1.1.5") did not
match addresses correctly on
Author: kp
Date: Sat Jul 9 12:17:01 2016
New Revision: 302497
URL: https://svnweb.freebsd.org/changeset/base/302497
Log:
pf: Map hook returns onto the correct error values
pf returns PF_PASS, PF_DROP, ... in the netpfil hooks, but the hook callers
expect to get E error codes.
Map the
On 8 Jul 2016, at 11:38, Slawa Olhovchenkov wrote:
On Fri, Jul 08, 2016 at 02:19:09AM +, Glen Barber wrote:
Author: gjb
Date: Fri Jul 8 02:19:09 2016
New Revision: 302420
URL: https://svnweb.freebsd.org/changeset/base/302420
Log:
Spell '12.x' correctly in UPDATING.
Submitted by:
Author: kp
Date: Thu Aug 4 19:24:05 2016
New Revision: 303757
URL: https://svnweb.freebsd.org/changeset/base/303757
Log:
pfctl: Add missing __FBSDID to pfctl_osfp.c
Modified:
head/sbin/pfctl/pfctl_osfp.c
Modified: head/sbin/pfctl/pfctl_osfp.c
Author: kp
Date: Thu Aug 4 19:24:44 2016
New Revision: 303758
URL: https://svnweb.freebsd.org/changeset/base/303758
Log:
pfctl: Make most global variables static.
This will make it easier to link as a library.
Submitted by: Christian Mauderer
Author: kp
Date: Tue Aug 2 19:54:40 2016
New Revision: 303673
URL: https://svnweb.freebsd.org/changeset/base/303673
Log:
pfctl: Match prototype of pfctl_load_hostid.
The prototype and the implementation of the pfctl_load_hostid used a
different data type for one of the parameters.
Author: kp
Date: Tue Aug 2 20:32:02 2016
New Revision: 303678
URL: https://svnweb.freebsd.org/changeset/base/303678
Log:
pfctl: Use const where possible.
This adds const qualifiers where it is possible.
Submitted by: Christian Mauderer
Author: kp
Date: Wed Jan 25 21:25:26 2017
New Revision: 312782
URL: https://svnweb.freebsd.org/changeset/base/312782
Log:
bridge: Release the bridge lock when calling bridge_set_ifcap()
This calls ioctl() handlers for the different interfaces in the bridge.
These handlers expect to get
Author: kp
Date: Fri Sep 2 18:33:08 2016
New Revision: 305290
URL: https://svnweb.freebsd.org/changeset/base/305290
Log:
Renaming libifc to libifconfig in response to feedback on initial commit of
this library. Sticking to 'libifconfig' (and 'ifconfig_' as function prefix)
should reduce
Author: kp
Date: Sun Sep 4 20:55:27 2016
New Revision: 305395
URL: https://svnweb.freebsd.org/changeset/base/305395
Log:
libifconfig: style(9) fixes
Also switch from BSD 3-clause to 2-clause license where possible, and
consolidate duplicate 3-clause license into one.
Submitted by:
Author: kp
Date: Sat Sep 24 07:09:43 2016
New Revision: 306289
URL: https://svnweb.freebsd.org/changeset/base/306289
Log:
bridge: Fix fragment handling and memory leak
Fragmented UDP and ICMP packets were corrupted if a firewall with reassembling
feature (like pf'scrub) is enabled on the
Author: kp
Date: Tue Oct 4 19:35:14 2016
New Revision: 306684
URL: https://svnweb.freebsd.org/changeset/base/306684
Log:
pf: remove fastroute tag
The tag fastroute came from ipf and was removed in OpenBSD in 2011. The code
allows to skip the in pfil hooks and completely removes the out
Author: kp
Date: Thu Aug 25 19:40:25 2016
New Revision: 304815
URL: https://svnweb.freebsd.org/changeset/base/304815
Log:
Add libifc, a library implementing core functionality that exists in
ifconfig(8) today.
libifc (pronounced lib-ifconfig) aims to be a light abstraction layer between
On 25 Aug 2016, at 22:14, John Baldwin wrote:
On Thursday, August 25, 2016 07:40:25 PM Kristof Provost wrote:
Author: kp
Date: Thu Aug 25 19:40:25 2016
New Revision: 304815
URL: https://svnweb.freebsd.org/changeset/base/304815
Log:
Add libifc, a library implementing core functionality
On 26 Sep 2016, at 15:28, Renato Botelho wrote:
> > On 24 Sep 2016, at 04:09, Kristof Provost <k...@freebsd.org> wrote:
>> Author: kp
>> Date: Sat Sep 24 07:09:43 2016
>> New Revision: 306289
>> URL: https://svnweb.freebsd.org/changeset/base/306289
>>
Author: kp
Date: Thu Nov 10 18:41:43 2016
New Revision: 308486
URL: https://svnweb.freebsd.org/changeset/base/308486
Log:
pfctl: fix nested inline anchors
Import the OpenBSD fix for nested inline anchors.
PR: 196314
Submitted by: kri...@cflinux.hu
Obtained from:
This work was done by franco_opnsense.org
I forgot to credit him in the commit message. Sorry Franco.
Regards,
Kristof
On 13 Oct 2016, at 22:34, Kristof Provost wrote:
Author: kp
Date: Thu Oct 13 20:34:44 2016
New Revision: 307235
URL: https://svnweb.freebsd.org/changeset/base/307235
Log
Author: kp
Date: Thu Oct 13 20:34:44 2016
New Revision: 307235
URL: https://svnweb.freebsd.org/changeset/base/307235
Log:
pf: port extended DSCP support from OpenBSD
Ignore the ECN bits on 'tos' and 'set-tos' and allow to use
DCSP names instead of having to embed their TOS equivalents
Author: kp
Date: Sun Jan 15 10:21:25 2017
New Revision: 312224
URL: https://svnweb.freebsd.org/changeset/base/312224
Log:
arswitch: Ensure the lock is always held when calling arswitch_modifyreg()
arswitch_setled() and a number of _global_setup functions did not acquire the
lock before
Author: kp
Date: Mon Dec 5 21:52:10 2016
New Revision: 309563
URL: https://svnweb.freebsd.org/changeset/base/309563
Log:
pflog: Correctly initialise subrulenr
subrulenr is considered unset if it's set to -1, not if it's set to 1.
See contrib/tcpdump/print-pflog.c pflog_print() for a
Author: kp
Date: Wed Mar 22 21:18:18 2017
New Revision: 315741
URL: https://svnweb.freebsd.org/changeset/base/315741
Log:
pf: Fix possible shutdown race
Prevent possible races in the pf_unload() / pf_purge_thread() shutdown
code. Lock the pf_purge_thread() with the new pf_end_lock to
Author: kp
Date: Sun Mar 19 03:06:09 2017
New Revision: 315529
URL: https://svnweb.freebsd.org/changeset/base/315529
Log:
pf: Fix rule evaluation after inet6 route-to
In pf_route6() we re-run the ruleset with PF_FWD if the packet goes out
of a different interface. pf_test6() needs to
Author: kp
Date: Sat Mar 18 01:37:20 2017
New Revision: 315469
URL: https://svnweb.freebsd.org/changeset/base/315469
Log:
pf: Fix memory leak on vnet shutdown or unload
Rules are unlinked in shutdown_pf(), so we must call
pf_unload_vnet_purge(), which frees unlinked rules, after that,
On 15 Mar 2017, at 15:45, John Baldwin wrote:
You are ignoring interrupts and preemption. Suppose you get an
interrupt
after 'wakeup_one(pf_purge_thread)' and before 'tsleep(..., 0)' in
pf_unload(). If the interrupt preempts and results in the purge
thread
running and issuing its wakeup
On 15 Mar 2017, at 6:57, Gleb Smirnoff wrote:
On Sun, Mar 12, 2017 at 05:42:57AM +, Kristof Provost wrote:
K> Log:
K> pf: Fix incorrect rw_sleep() in pf_unload()
K>
K> When we unload we don't hold the pf_rules_lock, so we cannot call
rw_sleep()
K> with it, because i
Author: kp
Date: Sat Apr 1 12:22:34 2017
New Revision: 316355
URL: https://svnweb.freebsd.org/changeset/base/316355
Log:
pf: Fix leak of pf_state_keys
If we hit the state limit we returned from pf_create_state() without cleaning
up.
PR: 217997
Submitted by: Max
Author: kp
Date: Thu Apr 20 09:05:53 2017
New Revision: 317186
URL: https://svnweb.freebsd.org/changeset/base/317186
Log:
pf: Fix possible incorrect IPv6 fragmentation
When forwarding pf tracks the size of the largest fragment in a fragmented
packet, and refragments based on this size.
Author: kp
Date: Sat Apr 22 13:04:36 2017
New Revision: 317282
URL: https://svnweb.freebsd.org/changeset/base/317282
Log:
Rename variable for clarity
Rename the mtu variable in ip6_fragment(), because mtu is misleading. The
variable actually holds the fragment length.
No functional
Author: kp
Date: Sun Mar 12 05:00:04 2017
New Revision: 315131
URL: https://svnweb.freebsd.org/changeset/base/315131
Log:
pf: Do not lose the VNET lock when ending the purge thread
When the pf_purge_thread() exits it must make sure to release the
VNET_LIST_RLOCK it still holds.
Author: kp
Date: Sun Mar 12 05:42:57 2017
New Revision: 315136
URL: https://svnweb.freebsd.org/changeset/base/315136
Log:
pf: Fix incorrect rw_sleep() in pf_unload()
When we unload we don't hold the pf_rules_lock, so we cannot call rw_sleep()
with it, because it would release a lock we
Author: kp
Date: Mon Mar 6 23:41:23 2017
New Revision: 314810
URL: https://svnweb.freebsd.org/changeset/base/314810
Log:
pf: Fix a crash in low-memory situations
If the call to pf_state_key_clone() in pf_get_translation() fails (i.e.
there's
no more memory for it) it frees skp. This is
Author: kp
Date: Tue Apr 18 20:07:21 2017
New Revision: 317102
URL: https://svnweb.freebsd.org/changeset/base/317102
Log:
pf: Also clear limit counters
The "pfctl -F info" command didn't clear the limit counters ( as shown in the
"pfctl -vsi" output).
Submitted by: Max
/10 Jean-Yves Lefort <jylef...@freebsd.org> born in Charleroi, Belgium, 1980
01/12 Yen-Ming Lee <le...@freebsd.org> born in Taipei, Taiwan, Republic of
China, 1977
01/12 Ying-Chieh Liao <ijl...@freebsd.org> born in Taipei, Taiwan, Republic
of China, 1979
+01/12
On 29 Jul 2017, at 17:20, Harry Schmalzbauer wrote:
Bezüglich Kristof Provost's Nachricht vom 08.07.2017 11:28
(localtime):
Author: kp
Date: Sat Jul 8 09:28:31 2017
New Revision: 320802
URL: https://svnweb.freebsd.org/changeset/base/320802
Log:
Allow more services to run in vnet jails
Do
1 - 100 of 433 matches
Mail list logo