Make sure to check for NULL pointers and also check all search criterias,
not only the first one!
Bump the FreeBSD version.
Reviewed by: manu@
Differential Revision: https://reviews.freebsd.org/D35403
MFC after: 1 week
Sponsored by: NVIDIA Networking
In lkpi_sta_assoc_to_run() we are going through some code segments
twice (auth->assoc, assoc->authorized). The 2nd time we shall not
re-gain a reference on the net80211 node as otherwise it'll leak.
Likewise we do not have to re-set lsta and sta.
Sponsored by: The FreeBSD Foundation
MFC after: 3 days
Based on manual inspection the skbs are not freed in those unlikely
cases, though all would give an error message so would have gone noticed
if happened.
While here fix a typo in one of these error messages.
MFC after: 3 days
Manually free the mbuf in certain error cases from net80211 to not
leak it.
Note that the differences between ieee80211_input_mimo() and
ieee80211_input_mimo_all(), the former not consuming the mbuf while
the later does, is confusing.
Sponsored by: The FreeBSD Foundation
MFC after: 3 days
I completely forgot about updating the generated llvm-project config
files, which also contain version numbers, etc. Sorry for the churn.
PR: 261742
Fixes: ab9d54731f
MFC after: 3 days
It is unclear why this hasn't bothered anyone in months; I can only assume
optimization levels but it seems there were unresolved symbols in
iwlwifi after d9836fb4b9:
link_elf_obj: symbol iwl_mvm_send_roaming_forbidden_event undefined
Hide more of the currently unsupported (GPL-only) MEI (Management Engine)
code behind #ifdef to avoid this.
Reported by: dchagin
Tested by: dchagin
Sponsored by: The FreeBSD Foundation
MFC after: 3 days
By analogy with IP address matching, add a way to use ipfw radix
tables for MAC matching. This is implemented using new ipfw table
with mac:radix type. Also there are src-mac and dst-mac lookup
commands added.
Usage example:
ipfw table 1 create type mac
ipfw table 1 add 11:22:33:44:55:66/48
ipfw add skipto tablearg src-mac 'table(1)'
ipfw add deny src-mac 'table(1, 100)'
ipfw add deny lookup dst-mac 1
Note: sysctl net.link.ether.ipfw=1 should be set to enable ipfw
filtering on L2.
Reviewed by: melifaro
Obtained from: Yandex LLC
MFC after: 1 month
Relnotes: yes
Sponsored by: Yandex LLC
Differential Revision: https://reviews.freebsd.org/D35103
Test pfsync in a more realistic scenario with carp and route_to rules.
Build this topology and initiate a single ping session from client to
server:
┌──────┐
│client│
└───┬──┘
│
┌───┴───┐
│bridge0│
└┬─────┬┘
│ │
┌────────────────┴─┐ ┌─┴────────────────┐
│gw_route_to_master├─┤gw_route_to_backup│
└────────────────┬─┘ └─┬────────────────┘
│ │
┌┴─────┴┐
│bridge1│
└┬─────┬┘
│ │
┌────────────────┴─┐ ┌─┴────────────────┐
│gw_reply_to_master├─┤gw_reply_to_backup│
└────────────────┬─┘ └─┬────────────────┘
│ │
┌┴─────┴┐
│bridge2│
└───┬───┘
│
┌───┴──┐
│server│
└──────┘
gw* jails forward traffic through pf route-to rules, not fib lookups.
If backup_promotion arg is given (as in the pfsync_pbr test case), a
carp failover event occurs during the ping session on both gateways.
Verify that ping messages still go where we expect them to go.
MFC after: 2 weeks
Sponsored by: Orange Business Services
When a state if pfsync’d to a different host it doesn’t get all of the
expected pointers, including the pointer to the struct pfi_kif / struct
ifnet rt_kif pointer. (I.e. the interface to route out on).
That in turn means that pf_route() ends up dropping the packet.
Use the rule's struct pfi_kif pointer so we can still route out of the
expected interface.
MFC after: 2 weeks
Sponsored by: Orange Business Services
