756 Commits

Author SHA1 Message Date
darrenr
2a062b2e41 Update ipfilter from 3.4.31 -> 3.4.35. Some important changes:
* block packets that fail to create state table entries
* only allow non-fragmented packets to influence whether or not a logged
  packet is the same as the one logged before.
* correct the ICMP packet checksum fixing up when processing ICMP errors for NAT
* implement a maximum for the number of entries in the NAT table (NAT_TABLE_MAX
  and ipf_nattable_max)
* frsynclist() wasn't paying attention to all the places where interface
  names are, like it should.
* fix comparing ICMP packets with established TCP state where only 8 bytes
  of header are returned in the ICMP error.

MFC after:	1 week
2004-06-21 22:46:36 +00:00
darrenr
88e219ce9d Import ipfilter 3.4.35 (destinated for RELENG_4) to vendor branch 2004-06-21 22:26:10 +00:00
phk
fd4160c6e9 Add missing <sys/module.h> include.
Approved by:	sam
2004-06-18 08:53:55 +00:00
mlaier
9acfe1e733 Import two fixes from the OpenBSD stable branch:
- prevent an endless loop with route-to lo0, fixes PR 3736 (dhartmei@)
 - The rule_number parameter for pf_get_pool() needs to be 32 bits, not 8 -
   this fixes corruption of the address pools with large rulesets.
   (mcbride@, pb@)

Reviewed-by:	dhartmei
2004-06-17 16:59:47 +00:00
mlaier
5eba798674 Commit pf version 3.5 and link additional files to the kernel build.
Version 3.5 brings:
 - Atomic commits of ruleset changes (reduce the chance of ending up in an
   inconsistent state).
 - A 30% reduction in the size of state table entries.
 - Source-tracking (limit number of clients and states per client).
 - Sticky-address (the flexibility of round-robin with the benefits of
   source-hash).
 - Significant improvements to interface handling.
 - and many more ...
2004-06-16 23:24:02 +00:00
mlaier
27ecf76342 This commit was generated by cvs2svn to compensate for changes in r130610,
which included commits to RCS files with non-trunk default branches.
2004-06-16 23:03:14 +00:00
mlaier
e31d6b9346 Import pf from OpenBSD 3.5 (OPENBSD_3_5_BASE) 2004-06-16 23:03:14 +00:00
phk
dfd1f7fd50 Do the dreaded s/dev_t/struct cdev */
Bump __FreeBSD_version accordingly.
2004-06-16 09:47:26 +00:00
mlaier
eedef68f32 Disable "bulk dequeue" when enabling ALTQ so it does not irritate the
timing.
2004-06-15 23:59:37 +00:00
mlaier
de92edb6b4 Transform tbr_dequeue into a function pointer in order to build drivers with
ALTQ enabled versions of IFQ_* macros by default, as requested by serveral
others. This is a follow-up to the quick fix I committed yesterday which
turned off the ALTQ checks for non-ALTQ kernels.
2004-06-15 01:45:19 +00:00
mlaier
0633de661d Remove some more leftover from the old pfaltq_module hack to allow for
kernels w/ pf, but w/o altq.

Reported-by:	 Xin LI
2004-06-14 16:13:05 +00:00
mlaier
8b6bc5b3c0 #if out an old leftover in the KAME code. opt_cpu.h is no longer useful here
and breaks build on some arch.

Found-by:	tinderbox
2004-06-13 22:52:38 +00:00
mlaier
b173c880aa Prepare pf for building with ALTQ:
- remove old pfaltq module linkage
 - move pfaltq_running to pf_ioctl.c It is protected by PF_LOCK()
2004-06-13 01:36:31 +00:00
mlaier
8a4d60fb93 Add an additional queue which will be "owned by the driver". This allows to
rig a PREPEND macro for ALTQ as the POLL/DEQUEUE semantic is very bad in
terms of locking. We make this a full functional queue to allow "bulk
dequeue" which will further reduce the locking overhead (for non-altq
enabled devices). Drivers will access this via the following macros, which
will show up in <net/if_var.h> once we expose ALTQ to the build:

IFQ_DRV_DEQUEUE(ifq, m)	- takes a mbuf off the queue (driver queue first)
IFQ_DRV_PREPEND(ifq, m)	- pushes a mbuf back to the driver queue
IFQ_DRV_PURGE(ifq)	- drops all packets in both queues
IFQ_DRV_IS_EMPTY(ifq)	- checks for pending mbufs in either queue

One has to make sure that the first three are protected by a driver mutex.
At the moment most network drivers still require Giant, so this is not an
issue. Even those that have thier own mutex usually hold it in if_start and
the like, so this requirement is almost always satisfied.

This evolved from a discussion with Andrew Gallatin.
2004-06-12 18:47:24 +00:00
mlaier
688a18235f FreeBSD-ify ALTQ:
- add locking
 - disable ALTQ3_COMPAT by default (do not remove the code to keep the diff
   towards KAME small)
 - put some more code under ALTQ3 conditional compilation as it should be
 - account for if_xname
 - some more minor compile fixes

As people started wondering:
The strange path layout "altq/altq" is there to avoid "-Isys/contrib" and
make it "-Isys/contrib/altq" instead, as we will need at least <altq/altq.h>
and <altq/if_altq.h> for kernel compilation.

The "freebsd4_..." in the privious commit is just the best tag name in the
KAME tree I could find to classify this in order to track its history. It
does *not* mean that this will go to 4-STABLE or anything of that kind.
2004-06-12 00:57:20 +00:00
mlaier
f63b9ad6be This commit was generated by cvs2svn to compensate for changes in r130365,
which included commits to RCS files with non-trunk default branches.
2004-06-12 00:10:21 +00:00
mlaier
095b2e5fcf Import parts of the ALTQ framework from latest KAME snapshot (which is up to
HEAD at this point). This will not exactly live in a vendor branch, but have
the vendor backing to make it easier to exchange diffs.

This will be followed by a diff which takes most of the .c files off the
vendor branch in order to:
 - add locking
 - disable ALTQ3_COMPAT code (which is outdated and "un-lockable")

There is work in progress to refine the configuration API. Import this "as
is" now to have more exposure time before 5-STABLE.

This is only the import, it will be some more days until you will actually
be able to compile ALTQ support into your kernel so don't hold your breath.
HEADUPs will be posted on current@ and net@ before this is actually enabled.

No-objection:	re(scottl), core(rwatson)
2004-06-12 00:10:21 +00:00
darrenr
10c0032386 Recognise NOINET6 as an indication to not build IPv6 enabled source even
if FreeBSD header files, etc, support it.

Submitted by:	Sergey Mokryshev <mokr@mokr.net>
2004-06-08 23:52:22 +00:00
mlaier
03517ac71a "Get rid of the nested include of <sys/module.h> from <sys/kernel.h>" or
better do no longer depend on it.

Requested-by:	phk
Approved-by:	bms(mentor)
2004-05-31 22:48:19 +00:00
phk
30a7ac8468 Add missing #include <sys/module.h> 2004-05-30 20:34:58 +00:00
njl
0d6049326d Remove a warning of a constant that is too large. Change submitted to
vendor.
2004-05-25 03:06:37 +00:00
njl
2c647855a3 This commit was generated by cvs2svn to compensate for changes in r129694,
which included commits to RCS files with non-trunk default branches.
2004-05-25 03:06:37 +00:00
njl
a714b78fea Local change: allow usermode to compile this header. Submitted to vendor. 2004-05-25 02:41:49 +00:00
njl
43f044bb8c Local change: don't hang forever if WAK_STS is never set. 2004-05-25 02:41:19 +00:00
njl
f5f00ea0ad Local change: remove warnings. 2004-05-25 02:40:48 +00:00
njl
d68881dc5f Local diff: allow use of the disassembler. 2004-05-25 02:39:46 +00:00
njl
437cac5b15 Unchanged files that are off the vendor branch. 2004-05-25 02:39:01 +00:00
njl
7dda61e34c Vendor import of Intel ACPI-CA 20040514. 2004-05-25 02:34:44 +00:00
njl
8264817ec5 This commit was generated by cvs2svn to compensate for changes in r129684,
which included commits to RCS files with non-trunk default branches.
2004-05-25 02:34:44 +00:00
marcel
19196476e4 Update to BETA 7. Besides C++ support, which is irrelevant to us,
this version mostly has bugs fixes.
2004-05-09 03:06:25 +00:00
marcel
7cd85074fc This commit was generated by cvs2svn to compensate for changes in r129059,
which included commits to RCS files with non-trunk default branches.
2004-05-09 03:06:25 +00:00
njl
394d08093f Add sys/types.h for both kernel and user compiles. 2004-05-05 20:02:02 +00:00
dhartmei
56d46e84bd Commit three imported bugfixes from OpenBSD 3.4-stable:
- change pf_get_pool() argument rule_number type from u_int32_t
    to u_int8_t, fixes corruption of address pools with large
    rulesets (mcbride@)
  - prevent endless loops with route-to (dhartmei@)
  - limit option length to 2 octets max (frantzen@)

Obtained from:	OpenBSD
Approved by:	mlaier(mentor), bms(mentor)
2004-05-02 20:47:24 +00:00
dhartmei
f3b4bd55ea Import OpenBSD 3.4-stable fixes 2004-05-02 19:43:28 +00:00
njl
7cac239792 Remove warnings from vendor files. This takes some files off the vendor
branch but they have indicated they will not fix these warnings.
2004-04-14 18:12:29 +00:00
njl
e3d67bca30 Even though the patch has been submitted to the vendor, this file is off
the vendor branch.  Once more, with feeling!
2004-04-14 16:52:19 +00:00
njl
dddb7af88f Only avoid disabling bus mastering on the sleep path. This should fix
power off for some users.  The patch has been submitted to Intel.

Bug:	http://bugme.osdl.org/show_bug.cgi?id=2109
2004-04-14 16:50:32 +00:00
njl
fcb88d0194 Check in files with local changes:
* In the resume path, give up after waiting for a while
for WAK_STS to be set.  Some BIOSs never set it.

* Allow access to the field if it is within the region size rounded
up to a multiple of the access byte width.  This overcomes "off-by-one"
programming errors in the AML often found in Toshiba laptops.
2004-04-14 02:17:00 +00:00
njl
fbcf6e9700 Check in unmodified files off the vendor branch. 2004-04-14 02:14:51 +00:00
njl
3c67c2e8d5 Import ACPI-CA 20040402 distribution. 2004-04-14 02:10:27 +00:00
njl
565e13e588 This commit was generated by cvs2svn to compensate for changes in r128212,
which included commits to RCS files with non-trunk default branches.
2004-04-14 02:10:27 +00:00
njl
ac3f2a8703 Add another cleanfile for future imports. 2004-04-14 02:03:33 +00:00
brooks
6a86b01672 Staticize <if>_clone_{create,destroy} functions.
Reviewed by:	mlaier
2004-04-14 00:57:49 +00:00
mlaier
d2fa2c987e Commit import of OpenBSD-stable fix:
Fix by dhartmei@ and mcbride@
 1.433
 Properly m_copyback() modified TCP sequence number after demodulation
 1.432
 Fix icmp checksum when sequence number modlation is being used.
 Also fix a daddr vs saddr cut-n-paste error in ICMP error handling.

 Fixes PR 3724

Obtained from:	OpenBSD
Reviewed by:	dhartmei
Approved by:	rwatson
2004-04-11 17:35:40 +00:00
mlaier
3ec847e868 Import another fix from the OpenBSD-Stable branch:
Fix by dhartmei@ and mcbride@
 1.433
 Properly m_copyback() modified TCP sequence number after demodulation
 1.432
 Fix icmp checksum when sequence number modlation is being used.
 Also fix a daddr vs saddr cut-n-paste error in ICMP error handling.

 Fixes PR 3724
2004-04-11 17:28:22 +00:00
imp
b49b7fe799 Remove advertising clause from University of California Regent's
license, per letter dated July 22, 1999 and email from Peter Wemm,
Alan Cox and Robert Watson.

Approved by: core, peter, alc, rwatson
2004-04-07 20:46:16 +00:00
njl
8b7744ab53 Unbreak the bootloader build by excluding ctype.h.
Submitted by:	Stefan Farfeleder <stefan@fafoe.narf.at>
2004-04-05 17:30:15 +00:00
njl
90325c0beb Add #include for ctype.h to cover strupr() in the !_KERNEL case.
Submitted by:	Stefan Farfeleder <stefan@fafoe.narf.at>
2004-04-05 04:03:09 +00:00
mlaier
640f7d2a9b Shut up a couple of annoying gcc warnings. Do not enclose the fixes with
#ifdefs in order to loop it back to OpenBSD after the next import. There are
a some implicit asserts involved which might be better spelled out
explicitly (af == AF_INET ...)

Approved by:	bms(mentor)
2004-03-30 18:28:30 +00:00
imp
314f26c8ec Eliminate support for FreeBSD 3.x and earlier now that we're in the
glide path for the 5.x branch.
2004-03-29 21:10:05 +00:00