Author: ae
Date: Wed Nov 11 15:53:36 2020
New Revision: 367594
URL: https://svnweb.freebsd.org/changeset/base/367594
Log:
Fix possible NULL pointer dereference.
lagg(4) replaces if_output method of its child interfaces and expects
that this method can be called only by child interfaces. B
) 2020 Andrey V. Elsukov
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *notice, this list of conditions and the
Author: ae
Date: Wed Oct 14 09:22:54 2020
New Revision: 366695
URL: https://svnweb.freebsd.org/changeset/base/366695
Log:
Implement SIOCGIFALIAS.
It is lightweight way to check if an IPv4 address exists.
Submitted by: Roy Marples
Reviewed by: gnn, melifaro
MFC after:2 weeks
Author: ae
Date: Tue Oct 13 19:34:36 2020
New Revision: 366682
URL: https://svnweb.freebsd.org/changeset/base/366682
Log:
Join to AllHosts multicast group again when adding an existing IPv4 address.
When SIOCAIFADDR ioctl configures an IPv4 address that is already exist,
it removes old if
Author: ae
Date: Tue Oct 13 18:57:42 2020
New Revision: 366681
URL: https://svnweb.freebsd.org/changeset/base/366681
Log:
Add IPv4 fragments reassembling to NAT64LSN.
NAT64LSN requires the presence of upper level protocol header
in a IPv4 datagram to find corresponding state to make trans
Author: ae
Date: Fri Oct 9 11:24:19 2020
New Revision: 366568
URL: https://svnweb.freebsd.org/changeset/base/366568
Log:
Fix EINVAL message when CPU binding information is requested for IRQ.
`cpuset -g -x N` along with requested information always prints
message `cpuset: getdomain: Inval
Author: ae
Date: Fri Sep 11 10:07:09 2020
New Revision: 365628
URL: https://svnweb.freebsd.org/changeset/base/365628
Log:
Fix compatibility regression after r364117.
Properly handle the case, when some opcode keywords follow after
the `frag` opcode without additional options.
Reporte
Author: ae
Date: Tue Sep 8 10:36:11 2020
New Revision: 365449
URL: https://svnweb.freebsd.org/changeset/base/365449
Log:
Add a few features to rcorder:
o Enhance dependency loop logging: print full chain instead of the
last link competing the loop;
o Add -g option to generate depende
Author: ae
Date: Wed Aug 5 11:54:02 2020
New Revision: 363908
URL: https://svnweb.freebsd.org/changeset/base/363908
Log:
Synchronize definitions in mbuf.d with values from mbuf.h
Obtained from:Yandex LLC
Sponsored by: Yandex LLC
Modified:
head/share/dtrace/mbuf.d
Modified: he
Author: ae
Date: Wed Aug 5 11:39:09 2020
New Revision: 363906
URL: https://svnweb.freebsd.org/changeset/base/363906
Log:
Add m__getjcl SDT probe.
Obtained from:Yandex LLC
MFC after:1 week
Sponsored by: Yandex LLC
Modified:
head/sys/kern/kern_mbuf.c
head/sys/kern/uipc_m
Author: ae
Date: Wed Aug 5 11:26:49 2020
New Revision: 363904
URL: https://svnweb.freebsd.org/changeset/base/363904
Log:
Fix SIGSEGV in ipfw(8) when NAT64 prefix length is omitted.
Submitted by: Evgeniy Khramtsov
MFC after:1 week
Differential Revision:https://reviews.freeb
Author: ae
Date: Wed Aug 5 10:27:11 2020
New Revision: 363900
URL: https://svnweb.freebsd.org/changeset/base/363900
Log:
Fix typo.
Submitted by: Evgeniy Khramtsov
MFC after:1 week
Differential Revision:https://reviews.freebsd.org/D25932
Modified:
head/sys/netinet6/in6_p
Author: ae
Date: Wed Aug 5 09:16:35 2020
New Revision: 363888
URL: https://svnweb.freebsd.org/changeset/base/363888
Log:
Handle delayed checksums if needed in NAT64.
Upper level protocols defer checksums calculation in hope we have
checksums offloading in a network card. CSUM_DELAY_DATA
7;m sorry, I missed these changes, but in the past there weren't any
problems in building ipsec.ko module with/without any possible options.
I'll try to look what happened and what can be do to fix this at the
weekend.
--
WBR, Andrey V. Elsukov
Author: ae
Date: Wed Jun 3 13:02:31 2020
New Revision: 361749
URL: https://svnweb.freebsd.org/changeset/base/361749
Log:
Add if_reassing method to all tunneling interfaces.
After r339550 tunneling interfaces have started handle appearing and
disappearing of ingress IP address on the host
Author: ae
Date: Fri May 29 10:37:42 2020
New Revision: 361624
URL: https://svnweb.freebsd.org/changeset/base/361624
Log:
Fix O_IP_FLOW_LOOKUP opcode handling.
Do not check table value matching when table lookup has failed.
Reported by: Sergey Lobanov
MFC after:1 week
Modified:
Author: ae
Date: Wed Apr 1 02:13:01 2020
New Revision: 359498
URL: https://svnweb.freebsd.org/changeset/base/359498
Log:
Ignore ND6 neighbor advertisement received for static link-layer entries.
Previously such NA could override manually created LLE.
Reported by: Martin Beran
Revi
Author: ae
Date: Thu Mar 26 12:00:26 2020
New Revision: 359328
URL: https://svnweb.freebsd.org/changeset/base/359328
Log:
Fix typo.
MFC after:2 weeks
Modified:
head/usr.sbin/syslogd/syslog.conf.5
Modified: head/usr.sbin/syslogd/syslog.conf.5
=
Author: ae
Date: Thu Mar 26 11:54:25 2020
New Revision: 359327
URL: https://svnweb.freebsd.org/changeset/base/359327
Log:
Add property-based filters for syslogd.
Property-based filters allow substring and regular expressions
(see re_format(7)) matching against various message attributes.
Author: ae
Date: Tue Mar 24 12:27:02 2020
New Revision: 359271
URL: https://svnweb.freebsd.org/changeset/base/359271
Log:
Use IP_FW_NAT44_DESTROY opcode for IP_FW3 socket option to destroy
NAT instance.
The NAT44 group of opcodes for IP_FW3 socket option is modern way
to control NAT ins
entional?
>
> I don't think that was intentional. Can you please review this patch?
LGTM, thanks!
--
WBR, Andrey V. Elsukov
signature.asc
Description: OpenPGP digital signature
been received by a NIC and no mbuf was yet allocated.
It seems that this commit has changed the error code returned from
ip[6]_output() when a packet is blocked. Previously it was EACCES, but
now it became EPERM. Was it intentional?
--
WBR, Andrey V. Elsukov
signature.asc
Description: OpenPGP digital signature
On 13.12.2019 17:27, Hans Petter Selasky wrote:
> On 2019-12-13 14:40, Andrey V. Elsukov wrote:
>> On 05.12.2018 17:20, Slava Shwartsman wrote:
>>> Author: slavash
>>> Date: Wed Dec 5 14:20:57 2018
>>> New Revision: 341578
>>> URL: https://svnweb.
e host
with this change and before, and I can say, that without DRBR on TX now
we constantly have several percents of packets drops due to ENOBUFS
error from mlx5e_xmit().
--
WBR, Andrey V. Elsukov
signature.asc
Description: OpenPGP digital signature
Author: ae
Date: Fri Dec 13 11:47:58 2019
New Revision: 355712
URL: https://svnweb.freebsd.org/changeset/base/355712
Log:
Make TCP options parsing stricter.
Rework tcpopts_parse() to be more strict. Use const pointer. Add length
checks for specific TCP options. The main purpose of the cha
Author: ae
Date: Thu Dec 12 13:28:46 2019
New Revision: 355650
URL: https://svnweb.freebsd.org/changeset/base/355650
Log:
Follow RFC 4443 p2.2 and always use own addresses for reflected ICMPv6
datagrams.
Previously destination address from original datagram was used. That
looked confusi
Author: ae
Date: Tue Dec 10 10:35:32 2019
New Revision: 355581
URL: https://svnweb.freebsd.org/changeset/base/355581
Log:
Avoid access to stale ip pointer and call UPDATE_POINTERS() after
PULLUP_LEN_LOCKED().
PULLUP_LEN_LOCKED() could update mbuf and thus we need to update related
point
Author: ae
Date: Wed Nov 27 10:24:46 2019
New Revision: 355129
URL: https://svnweb.freebsd.org/changeset/base/355129
Log:
Add support for dummy ESP packets with next header field equal to
IPPROTO_NONE.
According to RFC4303 2.6 they should be silently dropped.
Submitted by: aurelien.c
Author: ae
Date: Tue Nov 19 16:29:47 2019
New Revision: 354858
URL: https://svnweb.freebsd.org/changeset/base/354858
Log:
Fix the byte order of IPv4 address parsed from begemotSnmpdTransInetStatus
config option.
An address is already in network byte order, there is no need to do
htonl()
Author: ae
Date: Thu Nov 7 15:00:37 2019
New Revision: 354443
URL: https://svnweb.freebsd.org/changeset/base/354443
Log:
Enqueue lladdr_task to update link level address of vlan, when its parent
interface has changed.
During vlan reconfiguration without destroying interface, it is possib
undefined
linker_load_file: /boot/kernel/dtrace.ko - unsupported file type
KLD dtraceall.ko: depends on dtrace - not available or version mismatch
linker_load_file: /boot/kernel/dtraceall.ko - unsupported file type
Does it works for you and this is my local problem?
--
WBR, Andrey V. Elsukov
signature.asc
Description: OpenPGP digital signature
RE(rt_addrmsg, rt_addrmsg_fn);
> +
> #endif /* _SYS_EVENTHANDLER_H_ */
Hi,
it looks like duplicate functional of ifaddr_event_ext event handler.
--
WBR, Andrey V. Elsukov
signature.asc
Description: OpenPGP digital signature
Author: ae
Date: Tue Oct 15 09:50:02 2019
New Revision: 353545
URL: https://svnweb.freebsd.org/changeset/base/353545
Log:
Explicitly initialize the memory buffer to store O_ICMP6TYPE opcode.
By default next_cmd() initializes only first u32 of opcode. O_ICMP6TYPE
opcode has array of bit ma
Author: ae
Date: Wed Apr 24 09:05:45 2019
New Revision: 346630
URL: https://svnweb.freebsd.org/changeset/base/346630
Log:
Add GRE-in-UDP encapsulation support as defined in RFC8086.
This GRE-in-UDP encapsulation allows the UDP source port field to be
used as an entropy field for load-bala
terface is the
same - mce0.
--
WBR, Andrey V. Elsukov
signature.asc
Description: OpenPGP digital signature
x27; matched 1 probe
CPU IDFUNCTION:NAME
16 69030mlx5e_xmit:return 35
23 69030mlx5e_xmit:return 35
26 69030mlx5e_xmit:return 35
25 69030 mlx5e_xmit:return 35
24 69030mlx5e_xmit:return 35
21 69030mlx5e_xmit:return 35
26 69030mlx5e_xmit:return 35
^C
The kernel config is GENERIC.
13.0-CURRENT #9 r345758+82f3d57(svn_head)-dirty
--
WBR, Andrey V. Elsukov
signature.asc
Description: OpenPGP digital signature
/* unicast */
> + sc->sc_ue.ue_eaddr[0] |= 0x02; /* locally administered */
> + }
> }
Hi,
there is ether_fakeaddr() function that is used for such purpose.
Maybe is it better to use it? Look at this commit:
https://svnweb.freebsd.org/base?view=revision&revision=345139
--
WBR, Andrey V. Elsukov
signature.asc
Description: OpenPGP digital signature
Author: ae
Date: Sat Apr 6 17:21:05 2019
New Revision: 345985
URL: https://svnweb.freebsd.org/changeset/base/345985
Log:
Add firewall_[nat64|nptv6|pmod]_enable variables to /etc/defaults/rc.conf
Reported by: Andrey Fesenko
X-MFC after: r345450
Modified:
head/libexec/rc/rc.conf
Modi
Author: ae
Date: Wed Apr 3 12:47:49 2019
New Revision: 345843
URL: https://svnweb.freebsd.org/changeset/base/345843
Log:
Follow the declared behaviour that specifies server string format in
bsnmpclient(3).
snmp_parse_server() function accepts string where some fields can be
omitted: [t
gt;>
>> Submitted by: harti
>> MFC after: 1 month
>> Relnotes: yes
>> Differential Revision: https://reviews.freebsd.org/D16654
>>
> Jumping in this commit, maybe it is time to move bsnmpd out of contrib, given
> that all the dev appears to
Author: ae
Date: Tue Apr 2 13:38:00 2019
New Revision: 345798
URL: https://svnweb.freebsd.org/changeset/base/345798
Log:
Create 64bit mibII counters for all interfaces.
PR: 157015
Obtained from:Yandex LLC
MFC after:1 month
Modified:
head/contrib/bsnmp/snmp_mibI
Author: ae
Date: Tue Apr 2 12:50:01 2019
New Revision: 345797
URL: https://svnweb.freebsd.org/changeset/base/345797
Log:
Add IPv6 transport for bsnmp.
This patch adds a new table begemotSnmpdTransInetTable that uses the
InetAddressType textual convention and can be used to create listeni
Author: ae
Date: Mon Apr 1 12:14:45 2019
New Revision: 345763
URL: https://svnweb.freebsd.org/changeset/base/345763
Log:
Correct a port number assignment.
PR: 236930
MFC after:1 week
Modified:
head/contrib/bsnmp/snmpd/trap.c
Modified: head/contrib/bsnmp/snmpd/trap.c
===
Author: ae
Date: Mon Aug 19 12:42:03 2019
New Revision: 351214
URL: https://svnweb.freebsd.org/changeset/base/351214
Log:
Use TAILQ_FOREACH_SAFE() macro to avoid use after free in soclose().
PR: 239893
MFC after:1 week
Modified:
head/sys/kern/uipc_socket.c
Modified: head
Author: ae
Date: Thu Aug 15 13:44:33 2019
New Revision: 351071
URL: https://svnweb.freebsd.org/changeset/base/351071
Log:
Fix rule truncation on external action module unloading.
Obtained from:Yandex LLC
MFC after:1 week
Sponsored by: Yandex LLC
Modified:
head/sys/netpfil
Author: ae
Date: Tue Aug 13 12:47:53 2019
New Revision: 350974
URL: https://svnweb.freebsd.org/changeset/base/350974
Log:
Save ip_ttl value and restore it after checksum calculation.
Since ipvoly is used for checksum calculation, part of original IP
header is zeroed. This part includes ip
Author: ae
Date: Fri Aug 9 08:58:09 2019
New Revision: 350816
URL: https://svnweb.freebsd.org/changeset/base/350816
Log:
Add missing new line in several log messages.
PR: 239694
MFC after:1 week
Modified:
head/sys/netipsec/key.c
Modified: head/sys/netipsec/key.c
===
Author: ae
Date: Mon Jul 29 15:09:12 2019
New Revision: 350417
URL: https://svnweb.freebsd.org/changeset/base/350417
Log:
dd ipfw_get_action() function to get the pointer to action opcode.
ACTION_PTR() returns pointer to the start of rule action section,
but rule can keep several rule mod
Author: ae
Date: Mon Jul 29 12:55:48 2019
New Revision: 350413
URL: https://svnweb.freebsd.org/changeset/base/350413
Log:
Avoid possible lock leaking.
After r343619 ipfw uses own locking for packets flow. PULLUP_LEN() macro
is used in ipfw_chk() to make m_pullup(). When m_pullup() fails,
Author: ae
Date: Tue Jul 23 12:52:36 2019
New Revision: 350240
URL: https://svnweb.freebsd.org/changeset/base/350240
Log:
Eliminate rmlock from ipfw's BPF code.
After r343631 pfil hooks are invoked in net_epoch_preempt section,
this allows to avoid extra locking. Add NET_EPOCH_ASSER() ass
Author: ae
Date: Fri Jul 12 09:59:21 2019
New Revision: 349941
URL: https://svnweb.freebsd.org/changeset/base/349941
Log:
Do not modify cmd pointer if it is already last opcode in the rule.
MFC after:1 week
Modified:
head/sys/netpfil/ipfw/ip_fw_eaction.c
Modified: head/sys/netpfil/i
Author: ae
Date: Fri Jul 12 09:48:42 2019
New Revision: 349940
URL: https://svnweb.freebsd.org/changeset/base/349940
Log:
Correctly truncate the rule in case when it has several action opcodes.
It is possible, that opcode at the ACTION_PTR() location is not real
action, but action modific
= 1.
>>
>> Reported by: emaste
>> MFC after: 1 week
>
> Can we get a counter or something so that the dropping of these
> is not totally silent and invisible?
They are logged as all short packets with "Pullup failed" message when
net.inet.ip.fw.verbos
Author: ae
Date: Tue Jun 25 11:40:37 2019
New Revision: 349366
URL: https://svnweb.freebsd.org/changeset/base/349366
Log:
Follow the RFC 3128 and drop short TCP fragments with offset = 1.
Reported by: emaste
MFC after:1 week
Modified:
head/sys/netpfil/ipfw/ip_fw2.c
Modified: head
Author: ae
Date: Tue Jun 25 09:11:22 2019
New Revision: 349365
URL: https://svnweb.freebsd.org/changeset/base/349365
Log:
Mark default rule with IPFW_RULE_NOOPT flag, so it can be showed in
compact form.
MFC after:1 week
Modified:
head/sys/netpfil/ipfw/ip_fw2.c
Modified: head/sys/
Author: ae
Date: Tue Jun 25 09:08:24 2019
New Revision: 349364
URL: https://svnweb.freebsd.org/changeset/base/349364
Log:
Restore ipfw(8)'s compact output support broken after r331668.
Also modify it a bit. Now -c option omits only 'from any to any' part
and works for different protocols
Author: ae
Date: Fri Jun 21 10:54:51 2019
New Revision: 349267
URL: https://svnweb.freebsd.org/changeset/base/349267
Log:
Add "tcpmss" opcode to match the TCP MSS value.
With this opcode it is possible to match TCP packets with specified
MSS option, whose value corresponds to configured i
Author: ae
Date: Fri Jun 7 08:30:35 2019
New Revision: 348774
URL: https://svnweb.freebsd.org/changeset/base/348774
Log:
Use underscores for internal variable name to avoid conflicts.
MFC after:1 week
Modified:
head/sys/sys/counter.h
Modified: head/sys/sys/counter.h
===
Author: ae
Date: Wed Jun 5 09:25:40 2019
New Revision: 348682
URL: https://svnweb.freebsd.org/changeset/base/348682
Log:
Initialize V_nat64out methods explicitly.
It looks like initialization of static variable doesn't work for
VIMAGE and this leads to panic.
Reported by: olivier
ce? :)
I prefer to wait some time after MFC to get a bit wide testing, before
doing another performance optimizations.
--
WBR, Andrey V. Elsukov
signature.asc
Description: OpenPGP digital signature
pf.c
>
> Of course your patch also is going to work, but what do you think:
> are there any landmines with fully async approach?
Hi,
bpf_mtap() is not the only consumer of bd_bif, some of them expect it
becomes NULL when descriptor is detached.
--
WBR, Andrey V. Elsukov
Author: ae
Date: Tue May 28 11:45:00 2019
New Revision: 348324
URL: https://svnweb.freebsd.org/changeset/base/348324
Log:
Rework r348303 to reduce the time of holding global BPF lock.
It appeared that using NET_EPOCH_WAIT() while holding global BPF lock
can lead to another panic:
spi
Author: ae
Date: Mon May 27 12:41:41 2019
New Revision: 348303
URL: https://svnweb.freebsd.org/changeset/base/348303
Log:
Fix possible NULL pointer dereference.
bpf_mtap() can invoke catchpacket() for already detached descriptor.
And this can lead to NULL pointer dereference, since bd_bif
Author: ae
Date: Mon May 27 06:34:36 2019
New Revision: 348301
URL: https://svnweb.freebsd.org/changeset/base/348301
Log:
Remove unused token that was added in r348235.
MFC after:2 weeks
Modified:
head/sbin/ipfw/ipfw2.h
Modified: head/sbin/ipfw/ipfw2.h
==
Author: ae
Date: Fri May 24 11:45:32 2019
New Revision: 348236
URL: https://svnweb.freebsd.org/changeset/base/348236
Log:
Restore IPV6_NEXTHOP option support that seem was partially broken
since r286195.
Do not forget results of route lookup and initialize rt and ifp pointers.
PR:
Author: ae
Date: Fri May 24 11:06:24 2019
New Revision: 348235
URL: https://svnweb.freebsd.org/changeset/base/348235
Log:
Add `missing` and `or-flush` options to "ipfw table create"
command to simplify firewall reloading.
The `missing` option suppresses EEXIST error code, but does check
Author: ae
Date: Tue May 14 10:21:28 2019
New Revision: 347563
URL: https://svnweb.freebsd.org/changeset/base/347563
Log:
Remove bpf interface lock, it is no longer exist.
Modified:
head/sys/kern/subr_witness.c
Modified: head/sys/kern/subr_witness.c
==
Author: ae
Date: Mon May 13 20:17:55 2019
New Revision: 347549
URL: https://svnweb.freebsd.org/changeset/base/347549
Log:
Avoid possible recursion on BPF_LOCK() in bpfwrite().
Release BPF_LOCK() before invoking if_output() and if_input().
Also enter epoch section before releasing lock, th
Author: ae
Date: Mon May 13 14:07:02 2019
New Revision: 347527
URL: https://svnweb.freebsd.org/changeset/base/347527
Log:
Do not leak memory used for binary filter.
Modified:
head/sys/net/bpf.c
Modified: head/sys/net/bpf.c
=
ay 13 13:30:34 2019(r347525)
+++ head/sys/net/bpf.c Mon May 13 13:45:28 2019(r347526)
@@ -3,6 +3,7 @@
*
* Copyright (c) 1990, 1991, 1993
* The Regents of the University of California. All rights reserved.
+ * Copyright (c) 2019 Andrey V. Elsukov
*
* This code is de
Author: ae
Date: Mon May 13 08:34:13 2019
New Revision: 347519
URL: https://svnweb.freebsd.org/changeset/base/347519
Log:
Revert r347402. After r347429 symlink is no longer needed.
Modified:
head/sys/modules/ipsec/Makefile
Modified: head/sys/modules/ipsec/Makefile
===
nce boost?
Yes, currently each call to IPsec has check like
`if (ipsec_enabled) {...}`, when you build the kernel without
IPSEC/IPSEC_SUPPORT, this check will be removed too, this can add some
performance boost :-)
--
WBR, Andrey V. Elsukov
signature.asc
Description: OpenPGP digital signature
work
> for this. I've made a patch, and it compiles and the pf module loads.
> However, I have no knowledge of how to test it. Is this something
> that you use, and which you can test?
>
I think you need to include opt_ipsec.h to have chance compile it. But
as Kri
protocol, that is
required by IPsec implementation to interact with userlevel. Currently
the kernel does not support unregistering of protocol domains. This is
mostly why option IPSEC_SUPPORT was introduced. The second cause -
reduce overhead that IPSEC produces even when it is not used.
--
WBR, Andrey V. Elsukov
signature.asc
Description: OpenPGP digital signature
ading if_enc because 'enc' is
> loaded. This is safe at least for the set of modules currently mapped.
>
> Thanks,
>
> Kyle Evans
>
> [0] https://people.freebsd.org/~kevans/ipsec.diff
It looks good to me.
--
WBR, Andrey V. Elsukov
signature.asc
Description: OpenPGP digital signature
st,
this will be useful. CAM enc driver has conflicting name and prevents to
automatic loading of if_enc(4). It is probably always build in the
kernel, but renaming it into "ses" may break some third-party device
drivers.
--
WBR, Andrey V. Elsukov
signature.asc
Description: OpenPGP digital signature
Author: ae
Date: Thu May 9 18:06:11 2019
New Revision: 347402
URL: https://svnweb.freebsd.org/changeset/base/347402
Log:
Add if_ipsec.ko symlink to ipsec.ko kernel module.
This add ability to automatically load ipsec kernel module, when
if_ipsec(4) virtual interface is created using ifco
Author: ae
Date: Thu May 9 07:57:33 2019
New Revision: 347383
URL: https://svnweb.freebsd.org/changeset/base/347383
Log:
In mld_v2_cancel_link_timers() check number of references and disconnect
inm before releasing the last reference. This fixes possible panics and
assertion.
PR:
Author: ae
Date: Mon May 6 08:30:53 2019
New Revision: 347178
URL: https://svnweb.freebsd.org/changeset/base/347178
Log:
Add ipsec.ko to required_modules for rc.d/ipsec script.
Thus it can be automatically loaded if ipsec_enable="YES" and option IPSEC
is not in the kernel config.
MF
;rcvif'
> pointer somewhere, but I want to see what the stack trace looks like so I can
> think about the "right" place to clear it.
Hi,
please note, that rcvif is used by firewall to track inbound interface
and clearing it can be u
Author: ae
Date: Mon Apr 29 09:52:53 2019
New Revision: 346885
URL: https://svnweb.freebsd.org/changeset/base/346885
Log:
Handle HAVE_PROTO flag and print "proto" keyword for O_IP4 and O_IP6
opcodes when it is needed.
This should fix the problem, when printed by `ipfw show` rule could not
Author: ae
Date: Mon Apr 29 09:33:16 2019
New Revision: 346884
URL: https://svnweb.freebsd.org/changeset/base/346884
Log:
Add IPv6 support for O_IPLEN opcode.
Obtained from:Yandex LLC
MFC after:1 week
Sponsored by: Yandex LLC
Modified:
head/sys/netpfil/ipfw/ip_fw2.c
Modi
Author: ae
Date: Wed Apr 24 09:05:45 2019
New Revision: 346630
URL: https://svnweb.freebsd.org/changeset/base/346630
Log:
Add GRE-in-UDP encapsulation support as defined in RFC8086.
This GRE-in-UDP encapsulation allows the UDP source port field to be
used as an entropy field for load-bala
terface is the
same - mce0.
--
WBR, Andrey V. Elsukov
signature.asc
Description: OpenPGP digital signature
x27; matched 1 probe
CPU IDFUNCTION:NAME
16 69030mlx5e_xmit:return 35
23 69030mlx5e_xmit:return 35
26 69030mlx5e_xmit:return 35
25 69030 mlx5e_xmit:return 35
24 69030mlx5e_xmit:return 35
21 69030mlx5e_xmit:return 35
26 69030mlx5e_xmit:return 35
^C
The kernel config is GENERIC.
13.0-CURRENT #9 r345758+82f3d57(svn_head)-dirty
--
WBR, Andrey V. Elsukov
signature.asc
Description: OpenPGP digital signature
/* unicast */
> + sc->sc_ue.ue_eaddr[0] |= 0x02; /* locally administered */
> + }
> }
Hi,
there is ether_fakeaddr() function that is used for such purpose.
Maybe is it better to use it? Look at this commit:
https://svnweb.freebsd.org/base?view=revision&revision=345139
--
WBR, Andrey V. Elsukov
signature.asc
Description: OpenPGP digital signature
Author: ae
Date: Sat Apr 6 17:21:05 2019
New Revision: 345985
URL: https://svnweb.freebsd.org/changeset/base/345985
Log:
Add firewall_[nat64|nptv6|pmod]_enable variables to /etc/defaults/rc.conf
Reported by: Andrey Fesenko
X-MFC after: r345450
Modified:
head/libexec/rc/rc.conf
Modi
Author: ae
Date: Wed Apr 3 12:47:49 2019
New Revision: 345843
URL: https://svnweb.freebsd.org/changeset/base/345843
Log:
Follow the declared behaviour that specifies server string format in
bsnmpclient(3).
snmp_parse_server() function accepts string where some fields can be
omitted: [t
gt;>
>> Submitted by: harti
>> MFC after: 1 month
>> Relnotes: yes
>> Differential Revision: https://reviews.freebsd.org/D16654
>>
> Jumping in this commit, maybe it is time to move bsnmpd out of contrib, given
> that all the dev appears to
Author: ae
Date: Tue Apr 2 13:38:00 2019
New Revision: 345798
URL: https://svnweb.freebsd.org/changeset/base/345798
Log:
Create 64bit mibII counters for all interfaces.
PR: 157015
Obtained from:Yandex LLC
MFC after:1 month
Modified:
head/contrib/bsnmp/snmp_mibI
Author: ae
Date: Tue Apr 2 12:50:01 2019
New Revision: 345797
URL: https://svnweb.freebsd.org/changeset/base/345797
Log:
Add IPv6 transport for bsnmp.
This patch adds a new table begemotSnmpdTransInetTable that uses the
InetAddressType textual convention and can be used to create listeni
Author: ae
Date: Mon Apr 1 12:14:45 2019
New Revision: 345763
URL: https://svnweb.freebsd.org/changeset/base/345763
Log:
Correct a port number assignment.
PR: 236930
MFC after:1 week
Modified:
head/contrib/bsnmp/snmpd/trap.c
Modified: head/contrib/bsnmp/snmpd/trap.c
===
Author: ae
Date: Sat Mar 23 15:41:32 2019
New Revision: 345450
URL: https://svnweb.freebsd.org/changeset/base/345450
Log:
Add ability to automatically load ipfw_nat64, ipfw_nptv6 and ipfw_pmod
modules by declaring corresponding variables in rc.conf. Also document
them in rc.conf(5).
Sub
Author: ae
Date: Wed Mar 20 10:11:21 2019
New Revision: 345321
URL: https://svnweb.freebsd.org/changeset/base/345321
Log:
Do not enter epoch section recursively.
A pfil hook is already invoked in NET_EPOCH section.
Modified:
head/sys/netpfil/ipfw/nat64/nat64lsn.c
Modified: head/sys/netp
Author: ae
Date: Wed Mar 20 10:06:44 2019
New Revision: 345319
URL: https://svnweb.freebsd.org/changeset/base/345319
Log:
Use NET_EPOCH instead of allocating separate one.
MFC after:1 month
Modified:
head/sys/netpfil/ipfw/nat64/nat64lsn.c
Modified: head/sys/netpfil/ipfw/nat64/nat64l
Author: ae
Date: Tue Mar 19 11:16:42 2019
New Revision: 345294
URL: https://svnweb.freebsd.org/changeset/base/345294
Log:
Remove extra spaces.
MFC after:1 month
Modified:
head/sbin/ipfw/nat64lsn.c
Modified: head/sbin/ipfw/nat64lsn.c
==
Author: ae
Date: Tue Mar 19 10:57:03 2019
New Revision: 345293
URL: https://svnweb.freebsd.org/changeset/base/345293
Log:
Reapply r345274 with build fixes for 32-bit architectures.
Update NAT64LSN implementation:
o most of data structures and relations were modified to be able supp
Author: ae
Date: Tue Mar 19 10:29:32 2019
New Revision: 345292
URL: https://svnweb.freebsd.org/changeset/base/345292
Log:
Convert allocation of bpf_if in bpfattach2 from M_NOWAIT to M_WAITOK
and remove possible panic condition.
It is already allowed to sleep in bpfattach[2], since BPF_LOC
On 19.03.2019 02:09, Gleb Smirnoff wrote:
> Hi,
>
> On Mon, Mar 18, 2019 at 12:59:09PM +0000, Andrey V. Elsukov wrote:
> A> Author: ae
> A> Date: Mon Mar 18 12:59:08 2019
> A> New Revision: 345274
> A> URL: https://svnweb.freebsd.org/changeset/base/345274
>
Author: ae
Date: Mon Mar 18 14:00:19 2019
New Revision: 345275
URL: https://svnweb.freebsd.org/changeset/base/345275
Log:
Revert r345274. It appears that not all 32-bit architectures have
necessary CK primitives.
Modified:
head/sbin/ipfw/ipfw.8
head/sbin/ipfw/ipfw2.h
head/sbin/ipfw/nat6
1 - 100 of 1048 matches
Mail list logo
