Commit Graph

652 Commits

Author SHA1 Message Date
Max Laier
5bba2114d0 Make pflog a seperate module. As a result pflog_packet() becomes a function
pointer that is declared in pf_ioctl.c

Requested by:	yar (as part of the module build reorg)
MFC after:	1 week
X-MFC with:	yar's module reorg
2006-02-05 17:17:32 +00:00
Daniel Hartmeier
31f9d10a77 fix a bug in the fragment cache (used for 'scrub fragment crop/drop-ovl',
but not 'fragment reassemble'), which can cause some fragments to get
inserted into the cache twice, thereby violating an invariant, and panic-
ing the system subsequently.

Reviewed by:	mlaier
MFC after:	1 day
2006-01-19 11:46:45 +00:00
Max Laier
4cd9957a80 Move m_adj after checking that m_dup succeeded.
Found with:	Coverity Prevent(tm)
MFC after:	3 days
2006-01-14 22:19:17 +00:00
Guido van Rooij
ecdad7e688 Add mcopywrap prototype to ip_compat.h
Remove h323 proxy from ip_proxy (copyright issue)
2005-12-30 11:55:37 +00:00
Guido van Rooij
9088f4e67b Resolve conflicts 2005-12-30 11:32:23 +00:00
Guido van Rooij
a311d8fc4c This commit was generated by cvs2svn to compensate for changes in r153872,
which included commits to RCS files with non-trunk default branches.
2005-12-30 11:22:11 +00:00
Guido van Rooij
fc79eaf127 Import IP Filter version 4.1.10 2005-12-30 11:22:11 +00:00
Max Laier
6ae8d74a9e Only decrement the max-src-conn counter for tcp connections that reached
"established" state.

Similar to OpenBSD's rev. 1.499 by joel but not breaking ABI.

Obtained from:	OpenBSD (with changes)
Reported by:	Bruno Afonso
MFC after:	3 days
X-MFC:		together with local_flags
2005-12-25 23:52:00 +00:00
Max Laier
8d13037cda Fix build after timeval.tv_sec changed from long to time_t. 2005-12-25 22:57:08 +00:00
Max Laier
602d8f4030 Move PFSTATE_EXPIRING from sync_flags to a new local_flags. sync_flags has
special handling when zero.  This caused no PFSYNC_ACT_DEL message and thus
disfunction of pfflowd and state synchronisation in general.

Discovered by:	thompsa
Good catch by:	thompsa
MFC after:	7 days
2005-12-20 00:33:33 +00:00
David E. O'Brien
d5d59bade9 This commit was generated by cvs2svn to compensate for changes in r153200,
which included commits to RCS files with non-trunk default branches.
2005-12-07 17:32:13 +00:00
David E. O'Brien
b734606dff Update the nForce MCP NIC bits. This is version 1.0-0310 23-Nov-2005. 2005-12-07 17:32:13 +00:00
Ruslan Ermilov
342ed5d948 Fix -Wundef warnings found when compiling i386 LINT, GENERIC and
custom kernels.
2005-12-05 11:58:35 +00:00
Ruslan Ermilov
3238c6bd33 Fix -Wundef from compiling the amd64 LINT. 2005-12-04 10:06:06 +00:00
Ruslan Ermilov
4a0d6638b3 - Store pointer to the link-level address right in "struct ifnet"
rather than in ifindex_table[]; all (except one) accesses are
  through ifp anyway.  IF_LLADDR() works faster, and all (except
  one) ifaddr_byindex() users were converted to use ifp->if_addr.

- Stop storing a (pointer to) Ethernet address in "struct arpcom",
  and drop the IFP2ENADDR() macro; all users have been converted
  to use IF_LLADDR() instead.
2005-11-11 16:04:59 +00:00
Ruslan Ermilov
d09ed26fd8 - Make IFP2ENADDR() a pointer to IF_LLADDR() rather than another
copy of Ethernet address.

- Change iso88025_ifattach() and fddi_ifattach() to accept MAC
  address as an argument, similar to ether_ifattach(), to make
  this work.
2005-11-11 07:36:14 +00:00
Andrew Thompson
4e7e0183e1 Move the cloned interface list management in to if_clone. For some drivers the
softc lists and associated mutex are now unused so these have been removed.

Calling if_clone_detach() will now destroy all the cloned interfaces for the
driver and in most cases is all thats needed to unload.

Idea by:	brooks
Reviewed by:	brooks
2005-11-08 20:08:34 +00:00
Jung-uk Kim
45e7d2e745 This commit was generated by cvs2svn to compensate for changes in r152069,
which included commits to RCS files with non-trunk default branches.
2005-11-04 21:29:41 +00:00
Jung-uk Kim
e9bfb92a8e - Fix more resource parsing problems. The previous commit was imcomplete.
- Fix a typo in rsmisc.c and a style change for consistency.

This patch will also appear in future ACPI-CA release.

Submitted by:	Robert Moore <robert dot moore at intel dot com>
Tested by:	ru
2005-11-04 21:29:41 +00:00
Nate Lawson
ce60eb2a14 Account for the minimum resource size when parsing the end tag resource
descriptor.  This should fix the "memory modified after free" panics.  This
patch will appear in a future acpi-ca distribution.

Submitted by:	Robert Moore <robert.moore / intel.com>
Tested by:	Peter Holm
2005-11-04 20:15:09 +00:00
Nate Lawson
d4d37d2fc9 This commit was generated by cvs2svn to compensate for changes in r152058,
which included commits to RCS files with non-trunk default branches.
2005-11-04 20:15:09 +00:00
Jung-uk Kim
2a74e7368d Fix build breakage on tinderbox. 2005-11-03 20:27:38 +00:00
Jung-uk Kim
6eb081af76 Update to reflect import of ACPI-CA 20051021 with includes fixups 2005-11-01 22:38:50 +00:00
Jung-uk Kim
5475ddb73a Local change: remove unnecessary __cdecl 2005-11-01 22:33:32 +00:00
Jung-uk Kim
0dd793f645 Local change: remove compilation warnings 2005-11-01 22:30:52 +00:00
Jung-uk Kim
b56f6e1fd7 Fix conflicts from import of Intel ACPI-CA 20051021 2005-11-01 22:28:49 +00:00
Jung-uk Kim
775a51a92f Unchanged files that are off the vendor branch 2005-11-01 22:23:25 +00:00
Jung-uk Kim
5e41bc61d8 Fix few compilation problems on vendor branch.
These fixes will be submitted vendor.
2005-11-01 22:18:47 +00:00
Jung-uk Kim
43ea53ef1f This commit was generated by cvs2svn to compensate for changes in r151940,
which included commits to RCS files with non-trunk default branches.
2005-11-01 22:18:47 +00:00
Jung-uk Kim
fba7fc7e34 Vendor import of Intel ACPI-CA 20051021 2005-11-01 22:11:18 +00:00
Jung-uk Kim
ff4eaaff6b This commit was generated by cvs2svn to compensate for changes in r151937,
which included commits to RCS files with non-trunk default branches.
2005-11-01 22:11:18 +00:00
Robert Watson
5bb84bc84b Normalize a significant number of kernel malloc type names:
- Prefer '_' to ' ', as it results in more easily parsed results in
  memory monitoring tools such as vmstat.

- Remove punctuation that is incompatible with using memory type names
  as file names, such as '/' characters.

- Disambiguate some collisions by adding subsystem prefixes to some
  memory types.

- Generally prefer lower case to upper case.

- If the same type is defined in multiple architecture directories,
  attempt to use the same name in additional cases.

Not all instances were caught in this change, so more work is required to
finish this conversion.  Similar changes are required for UMA zone names.
2005-10-31 15:41:29 +00:00
John Baldwin
28f22a242b Remove old ACPICA files from the INTEL vendor branch. They were removed
from HEAD about 4 years ago when we started flattening out the ACPICA
distribution.
2005-10-27 20:48:05 +00:00
David E. O'Brien
c33a1f33c8 Add a commented out version of what was done for the r20041119sysinc import. 2005-10-24 04:36:14 +00:00
David E. O'Brien
3e50df5a3e Fix conflicts of import of Intel ACPI-CA 20041119 with system includes fixups. 2005-10-24 04:35:20 +00:00
David E. O'Brien
27f081c52f Vendor import of Intel ACPI-CA 20041119 with system includes fixups. 2005-10-24 04:31:06 +00:00
David E. O'Brien
763384f7cd This commit was generated by cvs2svn to compensate for changes in r151600,
which included commits to RCS files with non-trunk default branches.
2005-10-24 04:31:06 +00:00
Ruslan Ermilov
e019908ee7 In detach method, move if_free() after bus_teardown_intr(). 2005-10-13 21:11:20 +00:00
Andrew Thompson
febd0759f3 Change the reference counting to count the number of cloned interfaces for each
cloner. This ensures that ifc->ifc_units is not prematurely freed in
if_clone_detach() before the clones are destroyed, resulting in memory modified
after free. This could be triggered with if_vlan.

Assert that all cloners have been destroyed when freeing the memory.

Change all simple cloners to destroy their clones with ifc_simple_destroy() on
module unload so the reference count is properly updated. This also cleans up
the interface destroy routines and allows future optimisation.

Discussed with:	brooks, pjd, -current
Reviewed by:	brooks
2005-10-12 19:52:16 +00:00
Ruslan Ermilov
fead0681ed Fix "struct ifnet" leak if attach() fails in the middle. 2005-09-16 12:49:06 +00:00
David E. O'Brien
1aa7b020d7 Per a request from Nick Triantos of nVidia, nVidia's legal department asked
that we provide their license document beside their nForce MCP object code.
2005-09-11 17:50:20 +00:00
Max Laier
922e338183 Stop leaking a lock. This used to cause a propagate_priority() page fault
when setting syncdev and syncpeer.

Reported by:	Dominic Marks
2005-09-11 11:55:39 +00:00
Max Laier
82f0cb7f33 Unbreak the build. Committed from the wrong directory. 2005-09-08 17:42:42 +00:00
Max Laier
5e11e6c096 Commit imported changes to HEAD:
pf_ioctl.c Revision 1.153 Sun Aug 7 11:37:33 2005 UTC by dhartmei
 | verify ticket in DIOCADDADDR, from Boris Polevoy, ok deraadt@

 pf_ioctl.c Revision 1.158 Mon Sep 5 14:51:08 2005 UTC by dhartmei
 | in DIOCCHANGERULE, properly initialize table, if used in NAT rule.
 | from Boris Polevoy <vapcom at mail dot ru>, ok mcbride@

 pf.c Revision 1.502 Mon Aug 22 11:54:25 2005 UTC by dhartmei
 | when nat'ing icmp 'connections', replace icmp id with proxy values
 | (similar to proxy ports for tcp/udp). not all clients use
 | per-invokation random ids, this allows multiple concurrent
 | connections from such clients.
 | thanks for testing to Rod Whitworth, "looks ok" markus@

 pf.c Revision 1.501 Mon Aug 22 09:48:05 2005 UTC by dhartmei
 | fix rdr to bitmask replacement address pool. patch from Max Laier,
 | reported by Boris Polevoy, tested by Jean Debogue, ok henning@

Obtained from:	OpenBSD
MFC after:	3 days
2005-09-08 15:06:52 +00:00
Max Laier
ef2e5f06f2 Wrap the new world order in __FreeBSD__ to ease future imports. 2005-08-09 11:59:02 +00:00
Robert Watson
13f4c340ae Propagate rename of IFF_OACTIVE and IFF_RUNNING to IFF_DRV_OACTIVE and
IFF_DRV_RUNNING, as well as the move from ifnet.if_flags to
ifnet.if_drv_flags.  Device drivers are now responsible for
synchronizing access to these flags, as they are in if_drv_flags.  This
helps prevent races between the network stack and device driver in
maintaining the interface flags field.

Many __FreeBSD__ and __FreeBSD_version checks maintained and continued;
some less so.

Reviewed by:	pjd, bz
MFC after:	7 days
2005-08-09 10:20:02 +00:00
Max Laier
ffe93c0d25 Prevent a race condition. As pf_send_tcp() - called for expired synproxy
states - has to drop the lock when calling back to ip_output(), the state
purge timeout might run and gc the state. This results in a rb-tree
inconsistency.  With this change we flag expiring states while holding the
lock and back off if the flag is already set.

Reported by:	glebius
MFC after:	2 weeks
2005-07-20 18:58:27 +00:00
Hajimu UMEMOTO
6c4eaa873f move RFC3542 related definitions into ip6.h.
Submitted by:	Keiichi SHIMA <keiichi__at__iijlab.net>
Reviewed by:	mlaier
Obtained from:	KAME
2005-07-20 10:30:52 +00:00
Max Laier
6de8d9dc52 Export pfsyncstats via sysctl "net.inet.pfsync" in order to print them with
netstat (seperate commit).

Requested by:	glebius
MFC after:	1 week
2005-07-14 22:22:51 +00:00
Max Laier
889ad0384e Properly initialize ifq_maxlen for the defered send queue and make it
actually work.  Also use the right semantics for IF_HANDOFF to get correct
stats.

Reported and tested by:	Sascha Luck <sascha at c4inet dot net>
Approved by:		re (blanket)
2005-06-26 21:00:52 +00:00