| #
4b49587c |
| 06-Jan-2018 |
Dimitry Andric <dim@FreeBSD.org> |
Merge ^/head r327341 through r327623.
|
| #
5d0020d6 |
| 31-Dec-2017 |
Kristof Provost <kp@FreeBSD.org> |
pf: Clean all fragments on shutdown
When pf is unloaded, or a vnet jail using pf is stopped we need to
ensure we clean up all fragments, not just the expired ones.
|
| #
fe267a55 |
| 27-Nov-2017 |
Pedro F. Giffuni <pfg@FreeBSD.org> |
sys: general adoption of SPDX licensing ID tags.
Mainly focus on files that use BSD 2-Clause license, however the tool I
was using misidentified many licenses so this was mostly a manual - error
pro
sys: general adoption of SPDX licensing ID tags.
Mainly focus on files that use BSD 2-Clause license, however the tool I
was using misidentified many licenses so this was mostly a manual - error
prone - task.
The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.
No functional change intended.
show more ...
|
|
Revision tags: release/10.4.0, release/11.1.0 |
|
| #
2f8fb3a8 |
| 22-Mar-2017 |
Kristof Provost <kp@FreeBSD.org> |
pf: Fix possible shutdown race
Prevent possible races in the pf_unload() / pf_purge_thread() shutdown
code. Lock the pf_purge_thread() with the new pf_end_lock to prevent
these races.
Use a shared/
pf: Fix possible shutdown race
Prevent possible races in the pf_unload() / pf_purge_thread() shutdown
code. Lock the pf_purge_thread() with the new pf_end_lock to prevent
these races.
Use a shared/exclusive lock, as we need to also acquire another sx lock
(VNET_LIST_RLOCK). It's fine for both pf_purge_thread() and pf_unload()
to sleep,
Pointed out by: eri, glebius, jhb
Differential Revision: https://reviews.freebsd.org/D10026
show more ...
|
|
Revision tags: release/11.0.1, release/11.0.0 |
|
| #
a0429b54 |
| 23-Jun-2016 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
Update pf(4) and pflog(4) to survive basic VNET testing, which includes
proper virtualisation, teardown, avoiding use-after-free, race conditions,
no longer creating a thread per VNET (which could ea
Update pf(4) and pflog(4) to survive basic VNET testing, which includes
proper virtualisation, teardown, avoiding use-after-free, race conditions,
no longer creating a thread per VNET (which could easily be a couple of
thousand threads), gracefully ignoring global events (e.g., eventhandlers)
on teardown, clearing various globally cached pointers and checking
them before use.
Reviewed by: kp
Approved by: re (gjb)
Sponsored by: The FreeBSD Foundation
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D6924
show more ...
|
| #
3e248e0f |
| 17-Jun-2016 |
Kristof Provost <kp@FreeBSD.org> |
pf: Filter on and set vlan PCP values
Adopt the OpenBSD syntax for setting and filtering on VLAN PCP values. This
introduces two new keywords: 'set prio' to set the PCP value, and 'prio' to
filter o
pf: Filter on and set vlan PCP values
Adopt the OpenBSD syntax for setting and filtering on VLAN PCP values. This
introduces two new keywords: 'set prio' to set the PCP value, and 'prio' to
filter on it.
Reviewed by: allanjude, araujo
Approved by: re (gjb)
Obtained from: OpenBSD (mostly)
Differential Revision: https://reviews.freebsd.org/D6786
show more ...
|
|
Revision tags: release/10.3.0 |
|
| #
a49d8b6e |
| 06-Feb-2016 |
Dimitry Andric <dim@FreeBSD.org> |
Merge ^/head r294961 through r295350.
|
| #
2414e864 |
| 03-Feb-2016 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
MfH @r295202
Expect to see panics in routing code at least now.
|
| #
221b3499 |
| 02-Feb-2016 |
Glen Barber <gjb@FreeBSD.org> |
MFH
Sponsored by: The FreeBSD Foundation
|
| #
8ec07310 |
| 01-Feb-2016 |
Gleb Smirnoff <glebius@FreeBSD.org> |
These files were getting sys/malloc.h and vm/uma.h with header pollution
via sys/mbuf.h
|
| #
b626f5a7 |
| 04-Jan-2016 |
Glen Barber <gjb@FreeBSD.org> |
MFH r289384-r293170
Sponsored by: The FreeBSD Foundation
|
| #
a5d8944a |
| 19-Nov-2015 |
Navdeep Parhar <np@FreeBSD.org> |
Catch up with head (r291075).
|
| #
3c3feed4 |
| 01-Nov-2015 |
Baptiste Daroussin <bapt@FreeBSD.org> |
Merge from head
|
| #
11d38a57 |
| 28-Oct-2015 |
Baptiste Daroussin <bapt@FreeBSD.org> |
Merge from head
Sponsored by: Gandi.net
|
| #
26022843 |
| 25-Oct-2015 |
Kristof Provost <kp@FreeBSD.org> |
pf: Fix compliation warning with gcc
While fixing the PF_ANEQ() macro I messed up the parentheses, leading to
compliation warnings with gcc.
Spotted by: ian
Pointy Hat: kp
|
| #
7d762423 |
| 25-Oct-2015 |
Kristof Provost <kp@FreeBSD.org> |
PF_ANEQ() macro will in most situations returns TRUE comparing two identical
IPv4 packets (when it should return FALSE). It happens because PF_ANEQ() doesn't
stop if first 32 bits of IPv4 packets are
PF_ANEQ() macro will in most situations returns TRUE comparing two identical
IPv4 packets (when it should return FALSE). It happens because PF_ANEQ() doesn't
stop if first 32 bits of IPv4 packets are equal and starts to check next 3*32
bits (like for IPv6 packet). Those bits containt some garbage and in result
PF_ANEQ() wrongly returns TRUE.
Fix: Check if packet is of AF_INET type and if it is then compare only first 32
bits of data.
PR: 204005
Submitted by: Miłosz Kaniewski
show more ...
|
| #
031c294c |
| 19-Oct-2015 |
Baptiste Daroussin <bapt@FreeBSD.org> |
Merge from head
|
| #
324fd1ce |
| 15-Oct-2015 |
Glen Barber <gjb@FreeBSD.org> |
MFH to r289370
Sponsored by: The FreeBSD Foundation
|
| #
c110fc49 |
| 14-Oct-2015 |
Kristof Provost <kp@FreeBSD.org> |
pf: Fix TSO issues
In certain configurations (mostly but not exclusively as a VM on Xen) pf
produced packets with an invalid TCP checksum.
The problem was that pf could only handle packets with a f
pf: Fix TSO issues
In certain configurations (mostly but not exclusively as a VM on Xen) pf
produced packets with an invalid TCP checksum.
The problem was that pf could only handle packets with a full checksum. The
FreeBSD IP stack produces TCP packets with a pseudo-header checksum (only
addresses, length and protocol).
Certain network interfaces expect to see the pseudo-header checksum, so they
end up producing packets with invalid checksums.
To fix this stop calculating the full checksum and teach pf to only update TCP
checksums if TSO is disabled or the change affects the pseudo-header checksum.
PR: 154428, 193579, 198868
Reviewed by: sbruno
MFC after: 1 week
Relnotes: yes
Sponsored by: RootBSD
Differential Revision: https://reviews.freebsd.org/D3779
show more ...
|
| #
becbad1f |
| 13-Oct-2015 |
Baptiste Daroussin <bapt@FreeBSD.org> |
Merge from head
|
| #
f94594b3 |
| 12-Sep-2015 |
Baptiste Daroussin <bapt@FreeBSD.org> |
Finish merging from head, messed up in previous attempt
|
| #
00176600 |
| 09-Sep-2015 |
Navdeep Parhar <np@FreeBSD.org> |
Merge r286744-r287584 from head.
|
| #
d9442b10 |
| 05-Sep-2015 |
Dimitry Andric <dim@FreeBSD.org> |
Merge ^/head r286858 through r287489.
|
| #
64b3b4d6 |
| 27-Aug-2015 |
Kristof Provost <kp@FreeBSD.org> |
pf: Remove support for 'scrub fragment crop|drop-ovl'
The crop/drop-ovl fragment scrub modes are not very useful and likely to confuse
users into making poor choices.
It's also a fairly large amount
pf: Remove support for 'scrub fragment crop|drop-ovl'
The crop/drop-ovl fragment scrub modes are not very useful and likely to confuse
users into making poor choices.
It's also a fairly large amount of complex code, so just remove the support
altogether.
Users who have 'scrub fragment crop|drop-ovl' in their pf configuration will be
implicitly converted to 'scrub fragment reassemble'.
Reviewed by: gnn, eri
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D3466
show more ...
|
|
Revision tags: release/10.2.0 |
|
| #
416ba5c7 |
| 22-Jun-2015 |
Navdeep Parhar <np@FreeBSD.org> |
Catch up with HEAD (r280229-r284686).
|