Commit Graph

826 Commits

Author SHA1 Message Date
jkim
873349d1ad Resolve conflicts of unchanged files that are off the vendor branch. 2007-03-22 17:58:27 +00:00
jkim
6d629e4673 Remove files that removed on the vendor branch. 2007-03-22 17:47:41 +00:00
jkim
74c0308962 Remove files that are no longer needed or removed by vendor. 2007-03-22 17:43:38 +00:00
jkim
b668574e8e This commit was generated by cvs2svn to compensate for changes in r167807,
which included commits to RCS files with non-trunk default branches.
2007-03-22 17:43:38 +00:00
jkim
93ad141212 Add fixes for FreeBSD build that were submitted upstream. 2007-03-22 17:36:29 +00:00
jkim
a717f01e50 This commit was generated by cvs2svn to compensate for changes in r167805,
which included commits to RCS files with non-trunk default branches.
2007-03-22 17:36:29 +00:00
jkim
e031ab5da4 Vendor import of Intel ACPI-CA 20070320 2007-03-22 17:24:05 +00:00
jkim
c728c90f9b This commit was generated by cvs2svn to compensate for changes in r167802,
which included commits to RCS files with non-trunk default branches.
2007-03-22 17:24:05 +00:00
bms
21bccff9b0 Teach pfsync(4) that its member interfaces may go away.
This change partially resolves the issue in the PR. Further architectural
fixes, in the form of reference counting, are needed.

PR:		86848
Reviewed by:	yar
MFC after:	1 month
2007-03-19 17:52:15 +00:00
flz
c0775f8688 - Add Intel firmwares for Intel PRO/Wireless LAN 2100/2200/2915 cards in a
uuencoded format along with their respective LICENSE files.
- Add new share/doc/legal directory to BSD.usr.dist mtree file. This is the
place we install LICENSE files for restricted firmwares.
- Teach firmware(9) and kmod.mk about licensed firmwares. Restricted firmwares
won't load properly unless legal.<name>.license_ack is set to 1, either
via kenv(1) or /boot/loader.conf.

Reviewed by:	mlaier, sam
Permitted by:	Intel (via Andrew Wilson)
MFC after:	1 month
2007-03-02 11:42:56 +00:00
piso
6a2ffa86e5 o break newbus api: add a new argument of type driver_filter_t to
bus_setup_intr()

o add an int return code to all fast handlers

o retire INTR_FAST/IH_FAST

For more info: http://docs.freebsd.org/cgi/getmsg.cgi?fetch=465712+0+current/freebsd-current

Reviewed by: many
Approved by: re@
2007-02-23 12:19:07 +00:00
mlaier
64068416e2 Clean up pfr_kentry_pl2 as well. This fixes a kernel panic in the vm.zone
sysctl after unloading pf.

Submitted by:	Earl Lapus
MFC after:	3 days
2007-01-01 16:51:11 +00:00
jhb
67155fb0b2 Various bpf(4) related fixes to catch places up to the new bpf(4)
semantics.
- Stop testing bpf pointers for NULL.  In some cases use
  bpf_peers_present() and then call the function directly inside the
  conditional block instead of the macro.
- For places where the entire conditional block is the macro, remove the
  test and make the macro unconditional.
- Use BPF_MTAP() in if_pfsync on FreeBSD instead of an expanded version of
  the old semantics.

Reviewed by:	csjp (older version)
2006-12-29 13:59:50 +00:00
mlaier
89e0ae76db Work around a long standing LOR with user/group rules by doing the socket
lookup early.  This has some performance implications and should not be
enabled by default, but might help greatly in certain setups.  After some
more testing this could be turned into a sysctl.

Tested by:	avatar
LOR ids:	17, 24, 32, 46, 191 (conceptual)
MFC after:	6 weeks
2006-12-29 13:59:03 +00:00
darrenr
c636cf4e71 TCP Window scaling was being recognised but the recorded settings were being
clobbered and thus effectively disabled.

MFC after:	7 days
2006-12-24 02:18:36 +00:00
sam
9e61df7b2c This commit was generated by cvs2svn to compensate for changes in r165182,
which included commits to RCS files with non-trunk default branches.
2006-12-13 19:26:37 +00:00
sam
3d6fed440f Version 0.9.20.3:
o remove os-specific glue code; it's now the responsibility of
  the driver
o add wackelf utility for patching the ELF magic number on arm
  builds since noone can agree on how to mark a .o file as not
  having any floating point instructions
o remove radar/dfs-related entry points; folks have finally
  decided how to support dfs w/o polluting the hal
o properly recognize AR2424 chips (they were being rejected on
  attach despite being fully supported)
o add HAL_CAP_RXORN_FATAL capability to control how RXORN errors
  are handled; previously RXORN was always treated as fatal because
  older chips required a reset; now we do not treat it as fatal
  for "newer chips" (noone seems to know what the cutoff is so
  this capability can be used to override the current guestimate)
o HAL_CAP_RXTSTAMP_PREC capability to export the number of bits
  of precision for timestamp data returned in the rx descriptor
o remove public exposure of the compression buffer; it is chip
  specific and never belonged in the public view
o change definition of HAL_INT_GLOBAL from an enum member to a
  #define to workaround compilers that bitch about enum values
  that appear overflow 31 bits
o add support for newer chips that can store the tkip mic key
  together with the cipher key in a single key cache entry
o split tx/rx descriptor into a h/w section and a s/w portion;
  this permits storing the s/w area in cached memory when the
  h/w area is stored in uncached memory; this also shrinks
  memory use since only one status block is needed while multiple
  tx/rx descriptors may be required per frame
o add final transmit series index to the transmit descriptor status
  so rate control algorithms don't need to grovel through h/w state
  to find it
o remove ds_vdata field from the descriptor state as part of the
  radar changes
o fix excessive stack usage for some 5212 rf backends
o correct rfkill handling when the pin polarity is 0 true
o correct handling of tsf wrap when reading 64-bit values

MFC after:	1 month
2006-12-13 19:26:37 +00:00
rwatson
10d0d9cf47 Sweep kernel replacing suser(9) calls with priv(9) calls, assigning
specific privilege names to a broad range of privileges.  These may
require some future tweaking.

Sponsored by:           nCircle Network Security, Inc.
Obtained from:          TrustedBSD Project
Discussed on:           arch@
Reviewed (at least in part) by: mlaier, jmg, pjd, bde, ceri,
                        Alex Lyashkov <umka at sevcity dot net>,
                        Skip Ford <skip dot ford at verizon dot net>,
                        Antoine Brodin <antoine dot brodin at laposte dot net>
2006-11-06 13:42:10 +00:00
rwatson
7beaaf5cd2 Complete break-out of sys/sys/mac.h into sys/security/mac/mac_framework.h
begun with a repo-copy of mac.h to mac_framework.h.  sys/mac.h now
contains the userspace and user<->kernel API and definitions, with all
in-kernel interfaces moved to mac_framework.h, which is now included
across most of the kernel instead.

This change is the first step in a larger cleanup and sweep of MAC
Framework interfaces in the kernel, and will not be MFC'd.

Obtained from:	TrustedBSD Project
Sponsored by:	SPARTA
2006-10-22 11:52:19 +00:00
oleg
60fe2e7137 Workaround bad locking design:
do not try to lock/unlock destroyed/non-existsing mutex.

PR:		kern/103569
Reviewed by:	guido
Approved by:	glebius (mentor)
Silence from:	darrenr
MFC:		2 week
2006-10-05 09:48:25 +00:00
sam
74c0c2e104 remove this from HEAD too since it got taken off the vendor branch 2006-09-18 17:01:35 +00:00
sam
8d37c2f9ad o move ath hal os glue code from the hal to the driver: this code was
part of the hal distribution early on when the hal was built for
  each os but it's been portable for a long time so move the os-specific
  code out (and off the vendor branch)
o correct the copyright on ah_osdep.?; it was mistakenly given a
  restricted license and not a dual-bsd/gpl license
o remove the module api definition as it was never used
o fixup include paths for move of ah_osdep.h

MFC after:	2 weeks
2006-09-18 16:49:15 +00:00
sam
d1ff147ac5 This commit was generated by cvs2svn to compensate for changes in r162413,
which included commits to RCS files with non-trunk default branches.
2006-09-18 16:49:15 +00:00
csjp
63e89c05d2 Introduce a new entry point, mac_create_mbuf_from_firewall. This entry point
exists to allow the mandatory access control policy to properly initialize
mbufs generated by the firewall. An example where this might happen is keep
alive packets, or ICMP error packets in response to other packets.

This takes care of kernel panics associated with un-initialize mbuf labels
when the firewall generates packets.

[1] I modified this patch from it's original version, the initial patch
    introduced a number of entry points which were programmatically
    equivalent. So I introduced only one. Instead, we should leverage
    mac_create_mbuf_netlayer() which is used for similar situations,
    an example being icmp_error()

    This will minimize the impact associated with the MFC

Submitted by:	mlaier [1]
MFC after:	1 week

This is a RELENG_6 candidate
2006-09-12 04:25:13 +00:00
mlaier
9e3a82aacc Fix stateful filtering of loopback IPv6 traffic to an address not configured
on lo0.  While here fix a comment.

PR:		kern/102647
Reported by:	Frank Steinborn
Submitted by:	suz (earlier version)
MFC after:	3 days
2006-09-06 17:19:45 +00:00
guido
fcfb8e5749 Resolve conflicts
MFC after:	2 weeks
2006-08-16 12:06:35 +00:00
guido
3a39cf5435 This commit was generated by cvs2svn to compensate for changes in r161351,
which included commits to RCS files with non-trunk default branches.
2006-08-16 11:51:32 +00:00
guido
83043906d8 Import IP Filter 4.1.13 2006-08-16 11:51:32 +00:00
pjd
b3fb61af6f The strstr() function is in the libkern now. 2006-08-12 15:29:12 +00:00
mlaier
c5a85a2c6d Import from OpenBSD 1.168, dhartmei:
fix a bug in the input sanity check of DIOCCHANGERULE (not used by pfctl,
  but third-party tools). a rule must have a non-empty replacement address
  list when it's a translation rule but not an anchor call (i.e. "nat ...
  ->" needs a replacement address, but "nat-anchor ..." doesn't). the check
  confused "rule is an anchor call" with "rule is defined within an anchor".
  report from Michal Mertl, Max Laier.

Obtained from:	OpenBSD
MFC after:	2 weeks
2006-07-21 09:48:13 +00:00
sam
2350e92037 Revise network interface cloning to take an optional opaque
parameter that can specify configuration parameters:
o rev cloner api's to add optional parameter block
o add SIOCCREATE2 that accepts parameter data
o rev vlan support to use new api (maintain old code)

Reviewed by:	arch@
2006-07-09 06:04:01 +00:00
mlaier
f7e47bf374 Make in-kernel multicast protocols for pfsync and carp work after enabling
dynamic resizing of multicast membership array.

Reported and testing by:	Maxim Konovalov, Scott Ullrich
Reminded by:			thompsa
MFC after:			2 weeks
2006-07-08 00:01:01 +00:00
marcel
cf1af76565 Apply local modifications to make Unwind Express BETA 10 buildable and
usable in the FreeBSD kernel.
2006-07-07 23:56:34 +00:00
marcel
a446d8ad8b This commit was generated by cvs2svn to compensate for changes in r160160,
which included commits to RCS files with non-trunk default branches.
2006-07-07 23:04:49 +00:00
marcel
5078ab8b1f This commit was generated by cvs2svn to compensate for changes in r160157,
which included commits to RCS files with non-trunk default branches.
2006-07-07 22:59:01 +00:00
marcel
f76eeb002a Import BETA 10 of HP's Unwind Express. This import does not contain
any modifications to make it build as part of the FreeBSD kernel.
Now that the source appears to have stabilized, local changes will
happen on HEAD and will therefore cause affected files to be pulled
from the vendor branch.
2006-07-07 22:59:01 +00:00
mlaier
335fc3bd44 Fix pfsync w/o carp compilation.
Submitted by:	yar
2006-06-16 10:25:06 +00:00
mlaier
1092903e05 Fix byteorder of syncpeer and make it actually work.
Submitted by:	glebius
MFC after:	1 week
2006-06-14 11:11:54 +00:00
sam
02261790e0 reposition defines so things build on architectures where AH_REGOPS_FUNC
is defined
2006-06-07 18:09:33 +00:00
sam
b3286909e2 resolve merge conflicts
MFC after:	1 month
2006-06-05 17:46:41 +00:00
sam
6fb6b7ee36 Version 0.9.17.2:
o define HAL_SOFTC, HAL_BUS_TAG, and HAL_BUS_HANDLE to be machine
  independent; this fixes portability issues with bsd systems
o add ah_disable api for turning off operation of both MAC and PHY
o add ah_getAntennaSwitch and ah_setAntennaSwitch api's for better control
  of antenna usage and diversity
o add ah_setAckCTSRate and ah_setAckCTSRate for controlling tx rate of
  h/w generated frames
o add ah_setBeaconTimers api for simpler setting of the beacon timer registers
o remove ah_waitForBeaconDone api
o add HAL_TXDESC_DURENA flag to enable h/w duration setting in tx descriptor
o correct documentation of min/max tx power units (.5 dBm)
o switch arm, mips, and powerpc builds to use functions for register
  read/write operations
o fix sparc builds to not reference %g2 and %g3 registers
o add public builds for SoC's

MFC after:	1 month
2006-06-05 17:43:51 +00:00
sam
ac90950ea1 This commit was generated by cvs2svn to compensate for changes in r159285,
which included commits to RCS files with non-trunk default branches.
2006-06-05 17:43:51 +00:00
phk
ef310efff8 Since DELAY() was moved, most <machine/clock.h> #includes have been
unnecessary.
2006-05-16 14:37:58 +00:00
mlaier
ab4970422a Put debugging messages related to inconsistent ticket numbers under misc and
wrap it __FreeBSD__ specific as I couldn't figure out which version of
OpenBSD I got it from.

Reported by:	Scott Ullrich
2006-05-12 16:15:34 +00:00
darrenr
a3ec5442cc fix "ipf -Z" reporting rubbish and possibly panic'ing box
MFC after:	4 days
2006-04-18 13:24:14 +00:00
mlaier
9a7f7e25ad Loopback pf_norm.c rev. 1.106 from OpenBSD:
fixup IP checksum when modifying IP header fields

PR:		kern/93849
Obtained from:	OpenBSD
MFC after:	3 days
2006-03-25 21:15:25 +00:00
yar
4a02e1707a Avoid pulling in the whole <net/pfvar.h> by opaquely declaring
the structs pflog_packet() takes pointers to.

Approved by:	mlaier
MFC after:	3 days
2006-03-09 15:54:01 +00:00
thompsa
02a394bf85 Do not use the TSC where its known to be broken, this will cause the queue
speeds to perform below the desired bitrate and throughput will be erratic.

This makes queueing work on the Geode SC1100, K5 model 0 and IDT WinChip C6
processors.

MFC after:	3 days
2006-03-02 00:51:39 +00:00
sam
eae8448069 resolve merge conflicts
MFC after:	2 weeks
2006-02-10 19:01:02 +00:00
sam
551acb9ac8 Version 0.9.16.16:
o new chip support
o new platforms: powerpc-be-elf, sparc64-be-elf, and alpha-elf
  (alpha is untested, others are known to work)
o many fixes and improvements

MFC after:	2 weeks
2006-02-10 18:57:38 +00:00
sam
066a4db4b4 This commit was generated by cvs2svn to compensate for changes in r155511,
which included commits to RCS files with non-trunk default branches.
2006-02-10 18:57:38 +00:00
mlaier
0c9bbeed73 Make pflog a seperate module. As a result pflog_packet() becomes a function
pointer that is declared in pf_ioctl.c

Requested by:	yar (as part of the module build reorg)
MFC after:	1 week
X-MFC with:	yar's module reorg
2006-02-05 17:17:32 +00:00
dhartmei
dcc542fe97 fix a bug in the fragment cache (used for 'scrub fragment crop/drop-ovl',
but not 'fragment reassemble'), which can cause some fragments to get
inserted into the cache twice, thereby violating an invariant, and panic-
ing the system subsequently.

Reviewed by:	mlaier
MFC after:	1 day
2006-01-19 11:46:45 +00:00
mlaier
b96a262dce Move m_adj after checking that m_dup succeeded.
Found with:	Coverity Prevent(tm)
MFC after:	3 days
2006-01-14 22:19:17 +00:00
guido
074a2ed0e4 Add mcopywrap prototype to ip_compat.h
Remove h323 proxy from ip_proxy (copyright issue)
2005-12-30 11:55:37 +00:00
guido
61382ac33f Resolve conflicts 2005-12-30 11:32:23 +00:00
guido
74f74123f3 Import IP Filter version 4.1.10 2005-12-30 11:22:11 +00:00
guido
784dda0030 This commit was generated by cvs2svn to compensate for changes in r153872,
which included commits to RCS files with non-trunk default branches.
2005-12-30 11:22:11 +00:00
mlaier
88140ea8c3 Only decrement the max-src-conn counter for tcp connections that reached
"established" state.

Similar to OpenBSD's rev. 1.499 by joel but not breaking ABI.

Obtained from:	OpenBSD (with changes)
Reported by:	Bruno Afonso
MFC after:	3 days
X-MFC:		together with local_flags
2005-12-25 23:52:00 +00:00
mlaier
74c57f2ec0 Fix build after timeval.tv_sec changed from long to time_t. 2005-12-25 22:57:08 +00:00
mlaier
db7366efc1 Move PFSTATE_EXPIRING from sync_flags to a new local_flags. sync_flags has
special handling when zero.  This caused no PFSYNC_ACT_DEL message and thus
disfunction of pfflowd and state synchronisation in general.

Discovered by:	thompsa
Good catch by:	thompsa
MFC after:	7 days
2005-12-20 00:33:33 +00:00
obrien
0136d3f8f0 This commit was generated by cvs2svn to compensate for changes in r153200,
which included commits to RCS files with non-trunk default branches.
2005-12-07 17:32:13 +00:00
obrien
206d8c0da5 Update the nForce MCP NIC bits. This is version 1.0-0310 23-Nov-2005. 2005-12-07 17:32:13 +00:00
ru
9b19d72862 Fix -Wundef warnings found when compiling i386 LINT, GENERIC and
custom kernels.
2005-12-05 11:58:35 +00:00
ru
798500dfd8 Fix -Wundef from compiling the amd64 LINT. 2005-12-04 10:06:06 +00:00
ru
f70f525b49 - Store pointer to the link-level address right in "struct ifnet"
rather than in ifindex_table[]; all (except one) accesses are
  through ifp anyway.  IF_LLADDR() works faster, and all (except
  one) ifaddr_byindex() users were converted to use ifp->if_addr.

- Stop storing a (pointer to) Ethernet address in "struct arpcom",
  and drop the IFP2ENADDR() macro; all users have been converted
  to use IF_LLADDR() instead.
2005-11-11 16:04:59 +00:00
ru
ed1132ceab - Make IFP2ENADDR() a pointer to IF_LLADDR() rather than another
copy of Ethernet address.

- Change iso88025_ifattach() and fddi_ifattach() to accept MAC
  address as an argument, similar to ether_ifattach(), to make
  this work.
2005-11-11 07:36:14 +00:00
thompsa
48c0bcb5c2 Move the cloned interface list management in to if_clone. For some drivers the
softc lists and associated mutex are now unused so these have been removed.

Calling if_clone_detach() will now destroy all the cloned interfaces for the
driver and in most cases is all thats needed to unload.

Idea by:	brooks
Reviewed by:	brooks
2005-11-08 20:08:34 +00:00
jkim
dbc8115981 - Fix more resource parsing problems. The previous commit was imcomplete.
- Fix a typo in rsmisc.c and a style change for consistency.

This patch will also appear in future ACPI-CA release.

Submitted by:	Robert Moore <robert dot moore at intel dot com>
Tested by:	ru
2005-11-04 21:29:41 +00:00
jkim
5ec246af06 This commit was generated by cvs2svn to compensate for changes in r152069,
which included commits to RCS files with non-trunk default branches.
2005-11-04 21:29:41 +00:00
njl
0032330289 Account for the minimum resource size when parsing the end tag resource
descriptor.  This should fix the "memory modified after free" panics.  This
patch will appear in a future acpi-ca distribution.

Submitted by:	Robert Moore <robert.moore / intel.com>
Tested by:	Peter Holm
2005-11-04 20:15:09 +00:00
njl
082067a133 This commit was generated by cvs2svn to compensate for changes in r152058,
which included commits to RCS files with non-trunk default branches.
2005-11-04 20:15:09 +00:00
jkim
a5b17cb66c Fix build breakage on tinderbox. 2005-11-03 20:27:38 +00:00
jkim
2e9142f013 Update to reflect import of ACPI-CA 20051021 with includes fixups 2005-11-01 22:38:50 +00:00
jkim
e93792c0d1 Local change: remove unnecessary __cdecl 2005-11-01 22:33:32 +00:00
jkim
727bb7982d Local change: remove compilation warnings 2005-11-01 22:30:52 +00:00
jkim
3f99461a39 Fix conflicts from import of Intel ACPI-CA 20051021 2005-11-01 22:28:49 +00:00
jkim
dd36e4d5eb Unchanged files that are off the vendor branch 2005-11-01 22:23:25 +00:00
jkim
7bc04cb5a9 Fix few compilation problems on vendor branch.
These fixes will be submitted vendor.
2005-11-01 22:18:47 +00:00
jkim
275739933b This commit was generated by cvs2svn to compensate for changes in r151940,
which included commits to RCS files with non-trunk default branches.
2005-11-01 22:18:47 +00:00
jkim
5f6a2493dd Vendor import of Intel ACPI-CA 20051021 2005-11-01 22:11:18 +00:00
jkim
011860e7b5 This commit was generated by cvs2svn to compensate for changes in r151937,
which included commits to RCS files with non-trunk default branches.
2005-11-01 22:11:18 +00:00
rwatson
be4f357149 Normalize a significant number of kernel malloc type names:
- Prefer '_' to ' ', as it results in more easily parsed results in
  memory monitoring tools such as vmstat.

- Remove punctuation that is incompatible with using memory type names
  as file names, such as '/' characters.

- Disambiguate some collisions by adding subsystem prefixes to some
  memory types.

- Generally prefer lower case to upper case.

- If the same type is defined in multiple architecture directories,
  attempt to use the same name in additional cases.

Not all instances were caught in this change, so more work is required to
finish this conversion.  Similar changes are required for UMA zone names.
2005-10-31 15:41:29 +00:00
jhb
50133a977c Remove old ACPICA files from the INTEL vendor branch. They were removed
from HEAD about 4 years ago when we started flattening out the ACPICA
distribution.
2005-10-27 20:48:05 +00:00
obrien
39c9d5812d Add a commented out version of what was done for the r20041119sysinc import. 2005-10-24 04:36:14 +00:00
obrien
a7339d083b Fix conflicts of import of Intel ACPI-CA 20041119 with system includes fixups. 2005-10-24 04:35:20 +00:00
obrien
0a657a32e3 Vendor import of Intel ACPI-CA 20041119 with system includes fixups. 2005-10-24 04:31:06 +00:00
obrien
a0a258e60b This commit was generated by cvs2svn to compensate for changes in r151600,
which included commits to RCS files with non-trunk default branches.
2005-10-24 04:31:06 +00:00
ru
b9c7add838 In detach method, move if_free() after bus_teardown_intr(). 2005-10-13 21:11:20 +00:00
thompsa
d6130a4703 Change the reference counting to count the number of cloned interfaces for each
cloner. This ensures that ifc->ifc_units is not prematurely freed in
if_clone_detach() before the clones are destroyed, resulting in memory modified
after free. This could be triggered with if_vlan.

Assert that all cloners have been destroyed when freeing the memory.

Change all simple cloners to destroy their clones with ifc_simple_destroy() on
module unload so the reference count is properly updated. This also cleans up
the interface destroy routines and allows future optimisation.

Discussed with:	brooks, pjd, -current
Reviewed by:	brooks
2005-10-12 19:52:16 +00:00
ru
2bc1b3a583 Fix "struct ifnet" leak if attach() fails in the middle. 2005-09-16 12:49:06 +00:00
obrien
2f74466b58 Per a request from Nick Triantos of nVidia, nVidia's legal department asked
that we provide their license document beside their nForce MCP object code.
2005-09-11 17:50:20 +00:00
mlaier
ae191726d9 Stop leaking a lock. This used to cause a propagate_priority() page fault
when setting syncdev and syncpeer.

Reported by:	Dominic Marks
2005-09-11 11:55:39 +00:00
mlaier
df3bd6cde3 Unbreak the build. Committed from the wrong directory. 2005-09-08 17:42:42 +00:00
mlaier
aa70783c83 Commit imported changes to HEAD:
pf_ioctl.c Revision 1.153 Sun Aug 7 11:37:33 2005 UTC by dhartmei
 | verify ticket in DIOCADDADDR, from Boris Polevoy, ok deraadt@

 pf_ioctl.c Revision 1.158 Mon Sep 5 14:51:08 2005 UTC by dhartmei
 | in DIOCCHANGERULE, properly initialize table, if used in NAT rule.
 | from Boris Polevoy <vapcom at mail dot ru>, ok mcbride@

 pf.c Revision 1.502 Mon Aug 22 11:54:25 2005 UTC by dhartmei
 | when nat'ing icmp 'connections', replace icmp id with proxy values
 | (similar to proxy ports for tcp/udp). not all clients use
 | per-invokation random ids, this allows multiple concurrent
 | connections from such clients.
 | thanks for testing to Rod Whitworth, "looks ok" markus@

 pf.c Revision 1.501 Mon Aug 22 09:48:05 2005 UTC by dhartmei
 | fix rdr to bitmask replacement address pool. patch from Max Laier,
 | reported by Boris Polevoy, tested by Jean Debogue, ok henning@

Obtained from:	OpenBSD
MFC after:	3 days
2005-09-08 15:06:52 +00:00
mlaier
022c2a093b Wrap the new world order in __FreeBSD__ to ease future imports. 2005-08-09 11:59:02 +00:00
rwatson
5d770a09e8 Propagate rename of IFF_OACTIVE and IFF_RUNNING to IFF_DRV_OACTIVE and
IFF_DRV_RUNNING, as well as the move from ifnet.if_flags to
ifnet.if_drv_flags.  Device drivers are now responsible for
synchronizing access to these flags, as they are in if_drv_flags.  This
helps prevent races between the network stack and device driver in
maintaining the interface flags field.

Many __FreeBSD__ and __FreeBSD_version checks maintained and continued;
some less so.

Reviewed by:	pjd, bz
MFC after:	7 days
2005-08-09 10:20:02 +00:00
mlaier
e0e4afff1d Prevent a race condition. As pf_send_tcp() - called for expired synproxy
states - has to drop the lock when calling back to ip_output(), the state
purge timeout might run and gc the state. This results in a rb-tree
inconsistency.  With this change we flag expiring states while holding the
lock and back off if the flag is already set.

Reported by:	glebius
MFC after:	2 weeks
2005-07-20 18:58:27 +00:00
ume
c8f443708b move RFC3542 related definitions into ip6.h.
Submitted by:	Keiichi SHIMA <keiichi__at__iijlab.net>
Reviewed by:	mlaier
Obtained from:	KAME
2005-07-20 10:30:52 +00:00
mlaier
a390027dcd Export pfsyncstats via sysctl "net.inet.pfsync" in order to print them with
netstat (seperate commit).

Requested by:	glebius
MFC after:	1 week
2005-07-14 22:22:51 +00:00