specific privilege names to a broad range of privileges. These may
require some future tweaking.
Sponsored by: nCircle Network Security, Inc.
Obtained from: TrustedBSD Project
Discussed on: arch@
Reviewed (at least in part) by: mlaier, jmg, pjd, bde, ceri,
Alex Lyashkov <umka at sevcity dot net>,
Skip Ford <skip dot ford at verizon dot net>,
Antoine Brodin <antoine dot brodin at laposte dot net>
begun with a repo-copy of mac.h to mac_framework.h. sys/mac.h now
contains the userspace and user<->kernel API and definitions, with all
in-kernel interfaces moved to mac_framework.h, which is now included
across most of the kernel instead.
This change is the first step in a larger cleanup and sweep of MAC
Framework interfaces in the kernel, and will not be MFC'd.
Obtained from: TrustedBSD Project
Sponsored by: SPARTA
exists to allow the mandatory access control policy to properly initialize
mbufs generated by the firewall. An example where this might happen is keep
alive packets, or ICMP error packets in response to other packets.
This takes care of kernel panics associated with un-initialize mbuf labels
when the firewall generates packets.
[1] I modified this patch from it's original version, the initial patch
introduced a number of entry points which were programmatically
equivalent. So I introduced only one. Instead, we should leverage
mac_create_mbuf_netlayer() which is used for similar situations,
an example being icmp_error()
This will minimize the impact associated with the MFC
Submitted by: mlaier [1]
MFC after: 1 week
This is a RELENG_6 candidate
fix a bug in the input sanity check of DIOCCHANGERULE (not used by pfctl,
but third-party tools). a rule must have a non-empty replacement address
list when it's a translation rule but not an anchor call (i.e. "nat ...
->" needs a replacement address, but "nat-anchor ..." doesn't). the check
confused "rule is an anchor call" with "rule is defined within an anchor".
report from Michal Mertl, Max Laier.
Obtained from: OpenBSD
MFC after: 2 weeks
parameter that can specify configuration parameters:
o rev cloner api's to add optional parameter block
o add SIOCCREATE2 that accepts parameter data
o rev vlan support to use new api (maintain old code)
Reviewed by: arch@
any modifications to make it build as part of the FreeBSD kernel.
Now that the source appears to have stabilized, local changes will
happen on HEAD and will therefore cause affected files to be pulled
from the vendor branch.
o define HAL_SOFTC, HAL_BUS_TAG, and HAL_BUS_HANDLE to be machine
independent; this fixes portability issues with bsd systems
o add ah_disable api for turning off operation of both MAC and PHY
o add ah_getAntennaSwitch and ah_setAntennaSwitch api's for better control
of antenna usage and diversity
o add ah_setAckCTSRate and ah_setAckCTSRate for controlling tx rate of
h/w generated frames
o add ah_setBeaconTimers api for simpler setting of the beacon timer registers
o remove ah_waitForBeaconDone api
o add HAL_TXDESC_DURENA flag to enable h/w duration setting in tx descriptor
o correct documentation of min/max tx power units (.5 dBm)
o switch arm, mips, and powerpc builds to use functions for register
read/write operations
o fix sparc builds to not reference %g2 and %g3 registers
o add public builds for SoC's
MFC after: 1 month
speeds to perform below the desired bitrate and throughput will be erratic.
This makes queueing work on the Geode SC1100, K5 model 0 and IDT WinChip C6
processors.
MFC after: 3 days
o new chip support
o new platforms: powerpc-be-elf, sparc64-be-elf, and alpha-elf
(alpha is untested, others are known to work)
o many fixes and improvements
MFC after: 2 weeks
but not 'fragment reassemble'), which can cause some fragments to get
inserted into the cache twice, thereby violating an invariant, and panic-
ing the system subsequently.
Reviewed by: mlaier
MFC after: 1 day
"established" state.
Similar to OpenBSD's rev. 1.499 by joel but not breaking ABI.
Obtained from: OpenBSD (with changes)
Reported by: Bruno Afonso
MFC after: 3 days
X-MFC: together with local_flags
special handling when zero. This caused no PFSYNC_ACT_DEL message and thus
disfunction of pfflowd and state synchronisation in general.
Discovered by: thompsa
Good catch by: thompsa
MFC after: 7 days
rather than in ifindex_table[]; all (except one) accesses are
through ifp anyway. IF_LLADDR() works faster, and all (except
one) ifaddr_byindex() users were converted to use ifp->if_addr.
- Stop storing a (pointer to) Ethernet address in "struct arpcom",
and drop the IFP2ENADDR() macro; all users have been converted
to use IF_LLADDR() instead.
copy of Ethernet address.
- Change iso88025_ifattach() and fddi_ifattach() to accept MAC
address as an argument, similar to ether_ifattach(), to make
this work.
softc lists and associated mutex are now unused so these have been removed.
Calling if_clone_detach() will now destroy all the cloned interfaces for the
driver and in most cases is all thats needed to unload.
Idea by: brooks
Reviewed by: brooks
