|
Revision tags: vendor/llvm-project/llvmorg-18.1.5-0-g617a15a9eac9, vendor/NetBSD/bmake/20240430, vendor/libcbor/0.11.0, vendor/llvm-project/llvmorg-18.1.4-0-ge6c3289804a6, vendor/device-tree/6.8, vendor/device-tree/6.7, vendor/llvm-project/llvmorg-18.1.3-0-gc13b7485b879, vendor/device-tree/6.5, vendor/openssh/9.7p1, vendor/unbound/1.19.3, vendor/NetBSD/bmake/20240309, vendor/sqlite3/sqlite-3450100, vendor/llvm-project/llvmorg-18.1.1-0-gdba2a75e9c7e, vendor/got/diff/2023-09-15, release/13.3.0, vendor/libucl/20240206, vendor/xz/5.6.0, vendor/llvm-project/llvmorg-18.1.0-rc3-0-g6c90f8dd5463, vendor/llvm-project/llvmorg-18.1.0-rc2-53-gc7b0a6ecd442, vendor/arm-optimized-routines/v24.01, vendor/zlib/1.3.1, vendor/expat/2.6.0, vendor/unbound/1.19.1, vendor/tzcode/tzcode2024a, vendor/llvm-project/llvmorg-18.1.0-rc2-0-gc6c86965d967, vendor/tzdata/tzdata2024a, vendor/sendmail/8.18.1, vendor/acpica/20230628, vendor/acpica/20230331, vendor/llvm-project/llvmorg-18-init-18361-g22683463740e, vendor/libcxxrt/2024-01-25-fd484be8d1e94a1fcf6bc5c67e5c07b65ada19b6, vendor/llvm-project/llvmorg-18-init-18359-g93248729cfae, vendor/sqlite3/sqlite-3450000 |
|
| #
80044c78 |
| 16-Jan-2024 |
Xavier Beaudouin <xavier.beaudouin@klarasystems.com> |
Add UDP encapsulation of ESP in IPv6
This patch provides UDP encapsulation of ESP packets over IPv6.
Ports the IPv4 code to IPv6 and adds support for IPv6 in udpencap.c
As required by the RFC and un
Add UDP encapsulation of ESP in IPv6
This patch provides UDP encapsulation of ESP packets over IPv6.
Ports the IPv4 code to IPv6 and adds support for IPv6 in udpencap.c
As required by the RFC and unlike in IPv4 encapsulation,
UDP checksums are calculated.
Co-authored-by: Aurelien Cazuc <aurelien.cazuc.external@stormshield.eu>
Sponsored-by: Stormshield
Sponsored-by: Wiktel
Sponsored-by: Klara, Inc.
show more ...
|
|
Revision tags: vendor/NetBSD/bmake/20240108, vendor/llvm-project/llvmorg-18-init-16864-g3b3ee1f53424, vendor/llvm-project/llvmorg-18-init-16595-g7c00a5be5cde, vendor/llvm-project/llvmorg-18-init-16003-gfc5f51cf5af4, vendor/bc/6.7.4, vendor/ena-com/2.7.0, vendor/llvm-project/llvmorg-18-init-15692-g007ed0dccd6a, vendor/tzdata/tzdata2023d, vendor/openssh/9.6p1, vendor/llvm-project/llvmorg-18-init-15088-gd14ee76181fb, vendor/llvm-project/llvmorg-18-init-14265-ga17671084db1, vendor/llvm-project/llvmorg-17.0.6-0-g6009708b4367, vendor/xz/5.4.5, vendor/llvm-project/llvmorg-17.0.5-0-g98bfdac5ce82, vendor/unbound/1.19.0, vendor/sqlite3/sqlite-3440000, release/14.0.0, vendor/bc/6.7.2, vendor/llvm-project/llvmorg-17.0.3-0-g888437e1b600, vendor/bsddialog/1.0, vendor/llvm-project/llvmorg-17.0.2-0-gb2417f51dbbd, vendor/openssh/9.5p1, vendor/llvm-project/llvmorg-17.0.1-25-g098e653a5bed, vendor/nvi/2.2.1, vendor/openssl/3.0.11, vendor/sqlite3/sqlite-3430100, vendor/unbound/1.18.0, vendor/NetBSD/bmake/20230909, vendor/openssl/1.1.1w, vendor/llvm-project/llvmorg-17.0.0-rc4-10-g0176e8729ea4, vendor/file/5.45, vendor/llvm-project/llvmorg-17.0.0-rc3-79-ga612cb0b81d8, vendor/krb5/1.21.2, vendor/unifdef/2.12, vendor/unifdef/2.11, 2023.08.19-b34f66deb02e188104, vendor/zlib/1.3 |
|
| #
95ee2897 |
| 16-Aug-2023 |
Warner Losh <imp@FreeBSD.org> |
sys: Remove $FreeBSD$: two-line .h pattern
Remove /^\s*\*\n \*\s+\$FreeBSD\$$\n/
|
|
Revision tags: vendor/less/v643, vendor/NetBSD/libc-vis/20230813, vendor/openssh/9.4p1, vendor/device-tree/6.4, vendor/device-tree/6.3, vendor/device-tree/6.2, vendor/device-tree/6.1, vendor/krb5/1.21.1, vendor/xz/5.4.4, vendor/openssl/3.0.10, vendor/openssl/1.1.1v, vendor/llvm-project/llvmorg-17-init-19311-gbc849e525f80, vendor/llvm-project/llvmorg-17-init-19304-gd0b54bb50e51, vendor/openssh/9.3p2, vendor/lua/5.4.6, vendor/NetBSD/bmake/20230622, vendor/openpam/XIMENIA, vendor/heimdal/7.8.0-2023-06-10-f62e2f278, vendor/openssl/3.0.9, vendor/llvm-project/llvmorg-16.0.6-0-g7cbf1a259152, vendor/ntp/4.2.8p17, vendor/llvm-project/llvmorg-16.0.5-0-g185b81e034ba, vendor/spleen/2.0.0, vendor/ntp/4.2.8p16, vendor/openssl/1.1.1u, vendor/sqlite3/sqlite-3420000, vendor/bc/6.6.0, vendor/llvm-project/llvmorg-16.0.4-0-gae42196bc493, vendor/NetBSD/bmake/20230510, vendor/xz/5.4.3 |
|
| #
4d846d26 |
| 10-May-2023 |
Warner Losh <imp@FreeBSD.org> |
spdx: The BSD-2-Clause-FreeBSD identifier is obsolete, drop -FreeBSD
The SPDX folks have obsoleted the BSD-2-Clause-FreeBSD identifier. Catch
up to that fact and revert to their recommended match of
spdx: The BSD-2-Clause-FreeBSD identifier is obsolete, drop -FreeBSD
The SPDX folks have obsoleted the BSD-2-Clause-FreeBSD identifier. Catch
up to that fact and revert to their recommended match of BSD-2-Clause.
Discussed with: pfg
MFC After: 3 days
Sponsored by: Netflix
show more ...
|
|
Revision tags: vendor/tcpdump/4.99.4, vendor/llvm-project/llvmorg-16.0.3-0-gda3cd333bea5, vendor/ldns/1.8.3, vendor/spleen/1.9.3, vendor/libpcap/1.10.4, vendor/spleen/1.6.0, vendor/less/v632, vendor/bc/6.5.0, vendor/libfido2/1.13.0, vendor/libfido2/1.12.0, vendor/libfido2/1.11.0, vendor/libfido2/1.10.0, vendor/libfido2/1.9.0, vendor/NetBSD/bmake/20230414, vendor/llvm-project/llvmorg-16.0.2-0-g18ddebe1a1a9, vendor/libcbor/0.10.2, vendor/tzcode/tzcode2023c, vendor/tzcode/tzcode2023b, vendor/tzcode/tzcode2023a, vendor/sqlite3/sqlite-3410200, vendor/llvm-project/llvmorg-16.0.1-0-gcd89023f7979, release/13.2.0, vendor/llvm-project/llvmorg-16.0.0-45-g42d1b276f779, vendor/llvm-project/llvmorg-16.0.0-0-g08d094a0e457, vendor/tzdata/tzdata2023c, vendor/libpcap/1.10.3, vendor/opencsd/v1.4.0, vendor/arm-optimized-routines/v23.01, vendor/tzdata/tzdata2023b, vendor/tzdata/tzdata2023a, vendor/xz/5.4.2, vendor/openssh/9.3p1, vendor/openssl/3.0.8, vendor/bc/6.4.0, vendor/sqlite3/sqlite-3410000, vendor/bc/6.3.1, vendor/bearssl/20230220, vendor/zlib/1.2.13, vendor/llvm-project/llvmorg-16.0.0-rc2-10-g073506d8c15c, vendor/llvm-project/llvmorg-16-init-18548-gb0daacf58f41, vendor/NetBSD/bmake/20230208, vendor/byacc/20230201, vendor/openssl/1.1.1t, vendor/NetBSD/libedit/2023-01-06, vendor/openssh/9.2p1, vendor/tcsh/6.24.07, vendor/bc/6.2.2, vendor/bc/6.2.1, vendor/bc/6.2.0, vendor/bc/6.1.0, vendor/bc/6.0.4, vendor/NetBSD/bmake/20230126, vendor/Juniper/libxo/1.6.0, vendor/zstd/1.5.2, vendor/xz/5.4.1, vendor/sendmail/8.17.1, vendor/llvm-project/llvmorg-15.0.7-0-g8dfdcc7b7bf6, vendor/heimdal/7.8.0, vendor/sqlite3/sqlite-3400100, vendor/xz/5.4.0, vendor/tzcode/tzcode2022g, vendor/tzcode/tzcode2022f, vendor/tzcode/tzcode2022e, vendor/tzcode/tzcode2022d, vendor/xz/5.2.9 |
|
| #
e68b3792 |
| 07-Dec-2022 |
Gleb Smirnoff <glebius@FreeBSD.org> |
tcp: embed inpcb into tcpcb
For the TCP protocol inpcb storage specify allocation size that would
provide space to most of the data a TCP connection needs, embedding
into struct tcpcb several struct
tcp: embed inpcb into tcpcb
For the TCP protocol inpcb storage specify allocation size that would
provide space to most of the data a TCP connection needs, embedding
into struct tcpcb several structures, that previously were allocated
separately.
The most import one is the inpcb itself. With embedding we can provide
strong guarantee that with a valid TCP inpcb the tcpcb is always valid
and vice versa. Also we reduce number of allocs/frees per connection.
The embedded inpcb is placed in the beginning of the struct tcpcb,
since in_pcballoc() requires that. However, later we may want to move
it around for cache line efficiency, and this can be done with a little
effort. The new intotcpcb() macro is ready for such move.
The congestion algorithm data, the TCP timers and osd(9) data are
also embedded into tcpcb, and temprorary struct tcpcb_mem goes away.
There was no extra allocation here, but we went through extra pointer
every time we accessed this data.
One interesting side effect is that now TCP data is allocated from
SMR-protected zone. Potentially this allows the TCP stacks or other
TCP related modules to utilize that for their own synchronization.
Large part of the change was done with sed script:
s/tp->ccv->/tp->t_ccv./g
s/tp->ccv/\&tp->t_ccv/g
s/tp->cc_algo/tp->t_cc/g
s/tp->t_timers->tt_/tp->tt_/g
s/CCV\(ccv, osd\)/\&CCV(ccv, t_osd)/g
Dependency side effect is that code that needs to know struct tcpcb
should also know struct inpcb, that added several <netinet/in_pcb.h>.
Differential revision: https://reviews.freebsd.org/D37127
show more ...
|
|
Revision tags: vendor/llvm-project/llvmorg-15.0.6-0-g088f33605d8a, vendor/tzdata/tzdata2022g, release/12.4.0, vendor/sqlite3/sqlite-3400000, vendor/expat/2.5.0, vendor/xz/5.2.8, vendor/device-tree/6.0, vendor/device-tree/5.19, vendor/openssl/1.1.1s, vendor/wireguard-tools/v1.0.20210914, vendor/tzdata/tzdata2022f, vendor/acpica/20221020, vendor/unbound/1.17.0, vendor/llvm-project/llvmorg-15.0.2-10-gf3c5289e7846, vendor/llvm-project/llvmorg-15.0.2-0-g4bd3f3759259, vendor/llvm-project/llvmorg-15.0.1-0-gb73d2c8c720a, vendor/tzdata/tzdata2022e, vendor/openssh/9.1p1 |
|
| #
809fef29 |
| 04-Oct-2022 |
Gleb Smirnoff <glebius@FreeBSD.org> |
netipsec: move specific ipsecmethods declarations to ipsec_support.h
where struct ipsec_methods is defined. Not a functional change.
Allows further modification of method prototypes without breakin
netipsec: move specific ipsecmethods declarations to ipsec_support.h
where struct ipsec_methods is defined. Not a functional change.
Allows further modification of method prototypes without breaking
compilation of other ipsec compilation units.
Differential revision: https://reviews.freebsd.org/D36730
show more ...
|
|
Revision tags: vendor/unbound/1.16.3, vendor/bsddialog/0.4, vendor/tzdata/tzdata2022d, vendor/file/5.43, vendor/expat/2.4.9, vendor/sqlite3/sqlite-3390300, vendor/llvm-project/llvmorg-15.0.0-9-g1c73596d3454, vendor/llvm-project/llvmorg-15.0.0-0-g4ba6a9c9f65b, vendor/less/v608, vendor/bsddialog/0.3, vendor/lua/5.4.4, vendor/lua/5.4.3, vendor/sqlite3/sqlite-3390200, vendor/bc/6.0.2, verndor/bc/6.0.2, vendor/dhcpcd/9.4.1, vendor/tzcode/tzcode2022c, vendor/tzcode/unsplit, vendor/tzdata/tzdata2022c, vendor/llvm-project/llvmorg-15.0.0-rc2-40-gfbd2950d8d0d, vendor/tzdata/tzdata2022b, vendor/arm-optimized-routines/20220210-89ca9c3, vendor/device-tree/5.18, vendor/device-tree/5.17, vendor/device-tree/5.16, vendor/device-tree/5.15, vendor/device-tree/5.14, vendor/unbound/1.16.2, vendor/llvm-project/llvmorg-15-init-17826-g1f8ae9d7e7e4, vendor/llvm-project/llvmorg-15-init-17827-gd77882e66779, vendor/NetBSD/bmake/20220726, vendor/NetBSD/bmake/20220724, vendor/llvm-project/llvmorg-15-init-17485-ga3e38b4a206b, vendor/llvm-project/llvmorg-15-init-16436-g18a6ab5b8d1f, vendor/unbound/1.16.1, vendor/sqlite3/sqlite-3390000, vendor/openssl/1.1.1q, vendor/file/5.42, vendor/llvm-project/llvmorg-15-init-15358-g53dc0f107877, vendor/openssl/1.1.1p, vendor/bc/5.3.3, vendor/bc/5.3.2, vendor/llvm-project/llvmorg-14.0.5-0-gc12386ae247c, vendor/bc/5.3.1, vendor/bc/5.3.0, vendor/unbound/1.16.0, vendor/llvm-project/llvmorg-14.0.4-0-g29f1039a7285, vendor/sqlite3/sqlite-3380500, release/13.1.0, upstream/13.1.0, vendor/bc/5.2.5, vendor/openssl/1.1.1o, vendor/llvm-project/llvmorg-14.0.2-0-g0e27d08cdeb3, vendor/llvm-project/llvmorg-14.0.3-0-g1f9140064dfb, vendor/NetBSD/bmake/20220418, vendor/bearssl/20220418, vendor/bc/5.2.4, vendor/NetBSD/libedit/2022-04-11 |
|
| #
40461785 |
| 13-Apr-2022 |
John Baldwin <jhb@FreeBSD.org> |
ipsec_encap: setdf is only used for INET.
|
|
Revision tags: vendor/openssh/9.0p1, vendor/NetBSD/bmake/20220330, vendor/acpica/20220331, vendor/zlib/1.2.12, vendor/llvm-project/llvmorg-14.0.0-2-g3f43d803382d, vendor/heimdal/7.7.0, vendor/expat/2.4.7, vendor/llvm-project/llvmorg-14.0.0-rc4-2-gadd3ab7f4c8a, vendor/tzdata/tzdata2022a, vendor/openssl/1.1.1n, vendor/bsddialog/0.2, vendor/libcxxrt/2022-03-09-fd484be8d1e94a1fcf6bc5c67e5c07b65ada19b6, vendor/bc/5.2.3, vendor/llvm-project/llvmorg-14.0.0-rc2-12-g09546e1b5103, vendor/expat/2.4.6, vendor/openssh/8.9p1, vendor/llvm-project/llvmorg-13.0.1-0-g75e33f71c2da, vendor/llvm-project/llvmorg-14.0.0-rc1-74-g4dc3cb8e3255, vendor/unbound/1.15.0, vendor/NetBSD/bmake/20220208, vendor/bc/5.2.2, vendor/NetBSD/bmake/20220204, vendor/llvm-project/llvmorg-14-init-18315-g190be5457c90, vendor/llvm-project/llvmorg-14-init-18294-gdb01b123d012, vendor/terminus/terminus-font-4.49.1, vendor/bsddialog/0.1, vendor/llvm-project/llvmorg-14-init-17616-g024a1fab5c35, vendor/dma/2022-01-27, vendor/ena-com/2.5.0, vendor/wpa/2.10, vendor/expat/2.4.3, vendor/sqlite3/sqlite-3370200, vendor/wpa/gb26f5c0fe, vendor/sqlite3/sqlite-3370100, vendor/file/5.41, vendor/llvm-project/llvmorg-14-init-13186-g0c553cc1af2e, vendor/bsddialog/0.0.2, vendor/NetBSD/bmake/20211212, vendor/openssl/1.1.1m, vendor/unbound/1.14.0, vendor/bsddialog/0.0.1, vendor/unbound/1.14.0rc1, vendor/llvm-project/llvmorg-14-init-11187-g222442ec2d71, release/12.3.0, upstream/12.3.0, vendor/wpa/g14ab4a816, vendor/bc/5.2.1, vendor/bc/5.2.0 |
|
| #
44775b16 |
| 24-Nov-2021 |
Mark Johnston <markj@FreeBSD.org> |
netinet: Remove unneeded mb_unmapped_to_ext() calls
in_cksum_skip() now handles unmapped mbufs on platforms where they're
permitted.
Reviewed by: glebius, jhb
MFC after: 1 week
Sponsored by: The Fr
netinet: Remove unneeded mb_unmapped_to_ext() calls
in_cksum_skip() now handles unmapped mbufs on platforms where they're
permitted.
Reviewed by: glebius, jhb
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D33097
show more ...
|
|
Revision tags: vendor/bsddialog/2021-11-24, vendor/llvm-project/llvmorg-14-init-10223-g401b76fdf2b3, vendor/llvm-project/llvmorg-14-init-10186-gff7f2cfa959b |
|
| #
756bb50b |
| 16-Nov-2021 |
Mark Johnston <markj@FreeBSD.org> |
sctp: Remove now-unneeded mb_unmapped_to_ext() calls
sctp_delayed_checksum() now handles unmapped mbufs, thanks to m_apply().
No functional change intended.
Reviewed by: tuexen
MFC after: 2 weeks
sctp: Remove now-unneeded mb_unmapped_to_ext() calls
sctp_delayed_checksum() now handles unmapped mbufs, thanks to m_apply().
No functional change intended.
Reviewed by: tuexen
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D32942
show more ...
|
|
Revision tags: vendor/mandoc/1.14.6, vendor/openssh/8.8p1, vendor/ck/2021029, vendor/tzdata/tzdata2021e, vendor/tzdata/tzdata2021d, vendor/bc/5.1.1, vendor/bc/5.1.0, vendor/tzdata/tzdata2021c, vendor/libfido2/1.8.0, vendor/libcbor/0.8.0, vendor/acpica/20210930 |
|
| #
8deba29c |
| 27-Sep-2021 |
Wojciech Macek <wma@FreeBSD.org> |
ipsec: fix typo part2
|
| #
c27214f0 |
| 27-Sep-2021 |
Wojciech Macek <wma@FreeBSD.org> |
ipsec: fix typo in comment
|
|
Revision tags: vendor/llvm-project/llvmorg-13.0.0-0-gd7b669b3a303, vendor/llvm-project/llvmorg-13.0.0-rc4-0-gd7b669b3a303, vendor/tzdata/tzdata2021b |
|
| #
9dfc8606 |
| 24-Sep-2021 |
Bartlomiej Grzesik <bag@semihalf.com> |
ipsec: Add support for PMTUD for IPv6 tunnels
Discard and send ICMPv6 Packet Too Big to sender when we try to encapsulate
and forward a packet which total length exceeds the PMTU.
Logic is based on
ipsec: Add support for PMTUD for IPv6 tunnels
Discard and send ICMPv6 Packet Too Big to sender when we try to encapsulate
and forward a packet which total length exceeds the PMTU.
Logic is based on the IPv4 implementation.
Common code was moved to a separate function.
Differential revision: https://reviews.freebsd.org/D31771
Obtained from: Semihalf
Sponsored by: Stormshield
show more ...
|
| #
b4220bf3 |
| 24-Sep-2021 |
Bartlomiej Grzesik <bag@semihalf.com> |
ipsec: If no PMTU in hostcache assume it's equal to link's MTU
If we fail to find to PMTU in hostcache, we assume it's equal
to link's MTU.
This patch prevents packets larger then link's MTU to be
ipsec: If no PMTU in hostcache assume it's equal to link's MTU
If we fail to find to PMTU in hostcache, we assume it's equal
to link's MTU.
This patch prevents packets larger then link's MTU to be dropped
silently if there is no PMTU in hostcache.
Differential revision: https://reviews.freebsd.org/D31770
Obtained from: Semihalf
Sponsored by: Stormshield
show more ...
|
| #
4f337695 |
| 24-Sep-2021 |
Bartlomiej Grzesik <bag@semihalf.com> |
ipsec: Add PMTUD support for IPsec IPv4 over IPv6 tunnel
Add support for checking PMTU for IPv4 packets encapsulated in IPv6 tunnels.
Differential revision: https://reviews.freebsd.org/D31769
Spons
ipsec: Add PMTUD support for IPsec IPv4 over IPv6 tunnel
Add support for checking PMTU for IPv4 packets encapsulated in IPv6 tunnels.
Differential revision: https://reviews.freebsd.org/D31769
Sponsored by: Stormshield
Obtained from: Semihalf
show more ...
|
|
Revision tags: vendor/dma/2021-07-10, vendor/NetBSD/libedit/2021-09-10, vendor/bc/5.0.2, vendor/llvm-project/llvmorg-13.0.0-rc3-8-g08642a395f23, vendor/llvm-project/llvmorg-13.0.0-rc2-43-gf56129fe78d5, vendor/openssl/1.1.1l, vendor/openssh/8.7p1, vendor/llvm-project/llvmorg-13.0.0-rc1-97-g23ba3732246a, vendor/llvm-project/llvmorg-13.0.0-rc1-0-gd6974c010878, vendor/unbound/1.13.2 |
|
| #
a16771de |
| 13-Aug-2021 |
Kornel Duleba <mindal@semihalf.com> |
ipsec: Return error code if no matching SA was found
If we matched SP to a packet, but no associated SA was found
ipsec4_allocsa will return NULL while setting error=0.
This resulted in use after fr
ipsec: Return error code if no matching SA was found
If we matched SP to a packet, but no associated SA was found
ipsec4_allocsa will return NULL while setting error=0.
This resulted in use after free and potential kernel panic.
Return EINPROGRESS if the case described above instead.
Obtained from: Semihalf
Sponsored by: Stormshield
Differential revision: https://reviews.freebsd.org/D30994
show more ...
|
| #
6b66194b |
| 13-Aug-2021 |
Kornel Duleba <mindal@semihalf.com> |
ipsec: Check PMTU before sending a frame.
If an encapsulated frame is going to have DF bit set check its desitnitions'
PMTU and if it won't fit drop it and:
Generate ICMP 3/4 message if the packet
ipsec: Check PMTU before sending a frame.
If an encapsulated frame is going to have DF bit set check its desitnitions'
PMTU and if it won't fit drop it and:
Generate ICMP 3/4 message if the packet was to be forwarded.
Return EMSGSIZE error otherwise.
Obtained from: Semihalf
Sponsored by: Stormshield
Differential revision: https://reviews.freebsd.org/D30993
show more ...
|
|
Revision tags: vendor/one-true-awk/0592de4a, vendor/acpica/20210730, vendor/llvm-project/llvmorg-13-init-16854-g6b2e4c5a58d7, vendor/llvm-project/llvmorg-12.0.1-0-gfed41342a82f, vendor/llvm-project/llvmorg-12.0.1-rc2-0-ge7dac564cd0e, vendor/llvm-project/llvmorg-13-init-16847-g88e66fa60ae5, vendor/less/v590, llvmorg-12.0.1-0-gfed41342a82f, vendor/one-true-awk/1e4bc42c53a1, vendor/device-tree/5.13, vendor/device-tree/5.12, vendor/NetBSD/bmake/20210621, vendor/ena-com/2.4.0, vendor/NetBSD/vis/20210621, llvmorg-12.0.1-rc2-0-ge7dac564cd0e, vendor/acpica/20210604, vendor/nvi/2.2.0-3bbdfe4, vendor/tcsh/6.22.04, vendor/bc/4.0.2, vendor/sqlite3/sqlite-3350500, vendor/less/v581.2, vendor/bc/4.0.1, vendor/openssh/8.6p1, vendor/openssh/8.5p1, vendor/llvm-project/llvmorg-12.0.0-0-gd28af7c654d8, vendor/less/v581, vendor/google/capsicum-test/ea66424d921bb393539b298c108a46edee5c3051, release/13.0.0, upstream/13.0.0, vendor/bc/4.0.0, vendor/acpica/20210331, vendor/NetBSD/libedit/2021-03-28, vendor/openssl/1.1.1k, vendor/device-tree/5.11, vendor/NetBSD/libedit/2020-07-10, vendor/libucl/20210314, vendor/bc/3.3.4, vendor/wpa/g9d9b42306541, vendor/tcsh/6.22.03-ceccc7f, bc/3.3.3, vendor/google/capsicum-test/20210302, vendor/dialog/1.3-20210117, vendor/ncurses/6.2-20210220, vendor/arm-optimized-routines/v21.02, vendor/libcxxrt/2021-02-18-8049924686b8414d8e652cbd2a52c763b48e8456, vendor/bc/bc-3.3.0, vendor/llvm-project/llvmorg-12.0.0-rc1-109-gd5d089bf08c9, vendor/llvm-project/llvmorg-12-init-17869-g8e464dd76bef, vendor/openssl/1.1.1j, vendor/google/capsicum-test/7707222b46abe52d18fd4fbb76115ffdb3e6f74b, vendor/openssh/8.4p1, vendor/openssh/8.3p1, vendor/openssh/8.2p1, vendor/openssh/8.1p1, vendor/openzfs/20210210, vendor/subversion/subversion-1.14.1, vendor/NetBSD/bmake/20210206, vendor/unbound/1.13.1, vendor/bc/3.2.6, vendor/atf/20210128, vendor/sqlite3/sqlite-3340100, vendor/tzdata/tzdata2021a |
|
| #
8e9313ca |
| 19-Jan-2021 |
John Baldwin <jhb@FreeBSD.org> |
Convert unmapped mbufs before computing checksums in IPsec.
This is similar to the logic used in ip_output() to convert mbufs
prior to computing checksums. Unmapped mbufs can be sent when using
sen
Convert unmapped mbufs before computing checksums in IPsec.
This is similar to the logic used in ip_output() to convert mbufs
prior to computing checksums. Unmapped mbufs can be sent when using
sendfile() over IPsec or using KTLS over IPsec.
Reported by: Sony Arpita Das @ Chelsio QA
Reviewed by: np
Sponsored by: Chelsio
Differential Revision: https://reviews.freebsd.org/D28187
show more ...
|
|
Revision tags: vendor/device-tree/5.10, vendor/device-tree/5.9, vendor/NetBSD/bmake/20210110, vendor/openzfs/20210107, vendor/acpica/20210105, vendor/acpica/20201217, vendor/llvm-project/llvmorg-11.0.1-0-g43ff75f2c3fe, vendor/llvm-project/llvmorg-11.0.1-rc2-0-g43ff75f2c3f, vendor/pnglite/20130820, vendor/terminus/terminus-font-4.48, vendor/tzdata/tzdata2020f, vendor/libarchive/3.5.1, vendor/bc/3.2.4, vendor/lua/5.4.2, vendor/zstd/1.4.8, vendor/tzdata/tzdata2020e, vendor/unbound/1.13.0, vendor/openssl/1.1.1i, vendor/bc/3.2.3, vendor/libarchive/3.5.0, vendor/bc/3.2.0, vendor/NetBSD/bmake/20201117, vendor/ena-com/2.3.0, vendor/ena-com/2.2.1, vendor/acpica/20201113, vendor/NetBSD/bmake/20201101, vendor/unbound/1.12.0, vendor/less/v563, release/12.2.0, upstream/12.2.0, vendor/tzdata/tzdata2020d, vendor/tzdata/tzdata2020c, vendor/openzfs/2.0.0-rc3-gfc5966, vendor/lua/5.3.6, vendor/llvm-project/llvmorg-11.0.0-0-g176249bd673, vendor/acpica/20200925, vendor/tzdata/tzdata2020b, vendor/openzfs/2.0-rc3-gfc5966, vendor/llvm-project/llvmorg-11.0.0-rc5-0-g60a25202a7d, vendor/bc/3.1.6, vendor/nvi/2.2.0-05ed8b9, vendor/openssl/1.1.1h, vendor/openzfs/2.0-rc2-g4ce06f, vendor/llvm-project/llvmorg-11.0.0-rc2-91-g6e042866c30, vendor/lib9p/9d5aee77bcc1bf0e79b0a3bfefff5fdf2146283c, vendor/nvi/2.2.0, vendor/NetBSD/bmake/20200902, vendor/openzfs/2.0-rc1-gfd20a8 |
|
| #
662c1305 |
| 01-Sep-2020 |
Mateusz Guzik <mjg@FreeBSD.org> |
net: clean up empty lines in .c and .h files
|
|
Revision tags: vendor/openzfs/2.0-rc1-ga00c61, vendor/openzfs/2.0-rc0-g184df27, vendor/llvm-project/llvmorg-11.0.0-rc2-0-g414f32a9e86, vendor/unbound/1.11.0, vendor/sqlite3/sqlite-3330000, vendor/llvm-project/llvmorg-11.0.0-rc1-47-gff47911ddfc, vendor/bc/3.1.5, vendor/device-tree/5.8, vendor/bc/3.1.4, vendor/llvm-project/llvmorg-11.0.0-rc1-25-g903c872b169, vendor/pcg-c/20190718-83252d9, vendor/llvm-project/llvmorg-11-init-20933-g3c1fca803bc, vendor/llvm-project/llvmorg-11-init-20887-g2e10b7a39b9, vendor/acpica/20200717, vendor/sendmail/8.16.1, vendor/NetBSD/bmake/20200710, vendor/bc/3.1.3, vendor/NetBSD/bmake/20200704, vendor/sqlite3/sqlite-3320300, vendor/bc/3.1.1, vendor/NetBSD/bmake/20200629, vendor/llvm-project/llvmorg-10.0.1-0-gef32c611aa2, vendor/llvm-project/llvmorg-10.0.1-rc2-0-g77d76b71d7d, vendor/bc/3.0.2 |
|
| #
f82eb2a6 |
| 25-Jun-2020 |
John Baldwin <jhb@FreeBSD.org> |
Enter and exit the network epoch for async IPsec callbacks.
When an IPsec packet has been encrypted or decrypted, the next step in
the packet's traversal through the network stack is invoked from a
Enter and exit the network epoch for async IPsec callbacks.
When an IPsec packet has been encrypted or decrypted, the next step in
the packet's traversal through the network stack is invoked from a
crypto worker thread, not from the original calling thread. These
threads need to enter the network epoch before passing packets down to
IP output routines or up to transport protocols.
Reviewed by: ae
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D25444
show more ...
|
|
Revision tags: vendor/llvm-project/llvmorg-10.0.0-129-gd24d5c8e308, vendor/ntp/4.2.8p15, vendor/byacc/20200330, vendor/llvm-project/llvmorg-10.0.0-97-g6f71678ecd2 |
|
| #
95033af9 |
| 18-Jun-2020 |
Mark Johnston <markj@FreeBSD.org> |
Add the SCTP_SUPPORT kernel option.
This is in preparation for enabling a loadable SCTP stack. Analogous to
IPSEC/IPSEC_SUPPORT, the SCTP_SUPPORT kernel option must be configured
in order to suppor
Add the SCTP_SUPPORT kernel option.
This is in preparation for enabling a loadable SCTP stack. Analogous to
IPSEC/IPSEC_SUPPORT, the SCTP_SUPPORT kernel option must be configured
in order to support a loadable SCTP implementation.
Discussed with: tuexen
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
show more ...
|
|
Revision tags: vendor/flex/2.6.4, vendor/file/5.39, vendor/blocklist/20200615, vendor/opencsd/v0.14.2, vendor/sqlite3/sqlite-3320200, release/11.4.0, upstream/11.4.0, vendor/sqlite3/sqlite-3320000, vendor/NetBSD/bmake/20200606, vendor/device-tree/5.7, vendor/edk2/ca407c7246bf405da6d9b1b9d93e5e7f17b4b1f9, vendor/subversion/subversion-1.14.0, vendor/apr/apr-1.7.0, vendor/acpica/20200528, vendor/ena-com/2.2.0, vendor/zstd/1.4.5, vendor/llvm-project/llvmorg-10.0.1-rc1-0-gf79cd71e145, vendor/unbound/1.10.1, vendor/NetBSD/bmake/20200517, vendor/libarchive/3.4.3, vendor/acpica/20200430, vendor/lib9p/7ddb1164407da19b9b1afb83df83ae65a71a9a66, vendor/tzdata/tzdata2020a, vendor/openssl/1.1.1g, vendor/sqlite3/sqlite-3310100, vendor/device-tree/5.6, vendor/google/googletest/1.10.0, vendor/llvm-project/llvmorg-10.0.0-0-gd32170dbd5b, vendor/bsnmp/1.14, vendor/openssl/1.1.1f, vendor/acpica/20200326, vendor/xz/5.2.5, vendor/llvm-project/llvmorg-10.0.0-rc4-5-g52c365aa9ca, vendor/openssl/1.1.1e, vendor/kyua/0.13-a685f91, vendor/lutok/0.4-8f8eaef, vendor/llvm-project/llvmorg-10.0.0-rc3-1-gc290cb61fdc, vendor/ntp/4.2.8p14, vendor/device-tree/5.5, vendor/llvm-project/llvmorg-10.0.0-rc2-70-ge5cb70267e7, vendor/ncurses/6.2-20200215, vendor/llvm-project/llvmorg-10.0.0-rc2-0-g90c78073f73, vendor/openssh/8.0p1, vendor/acpica/20200214, vendor/libarchive/3.4.2, vendor/file/5.38, vendor/ncurses/6.1-20200118, vendor/sqlite3/sqlite-3310000, vendor/Juniper/libxo/1.4.0, vendor/llvm-project/llvmorg-10-init-17538-gd11abddb32f, vendor/llvm-project/llvmorg-10-init-17468-gc4a134a5107, vendor/llvm-project/llvmorg-10-init-17466-ge26a78e7085, vendor/acpica/20200110, vendor/openssl/1.0.2u, vendor/libarchive/3.4.1, vendor/unbound/1.9.6, vendor/llvm-project/llvmorg-9.0.1, vendor/llvm-project/llvmorg-10-init-8157-g186155b89c2, vendor/llvm-project/trunk-r375505, vendor/acpica/20191213, vendor/device-tree/5.4, vendor/openresolv/3.9.2, vendor/file/5.37, vendor/Juniper/libxo/1.3.1, vendor/Juniper/libxo/1.3.0, vendor/NetBSD/blacklist/20191106, vendor/zstd/1.4.4, vendor/sqlite3/sqlite-3300100, release/12.1.0, upstream/12.1.0, vendor/llvm-openmp/openmp-trunk-r375505, vendor/lldb/lldb-trunk-r375505, vendor/lld/lld-trunk-r375505, vendor/llvm-libunwind/libunwind-trunk-r375505, vendor/libc++/libc++-trunk-r375505, vendor/compiler-rt/compiler-rt-trunk-r375505, vendor/clang/clang-trunk-r375505, vendor/llvm/llvm-trunk-r375505, vendor/tcsh/6.21.00-83c5be0, vendor/acpica/20191018, vendor/opencsd/a1961c91b02a92f3c6ed8b145c636ac4c5565aca, vendor/processor-trace/892e12c5a27bda5806d1e63269986bb4171b5a8b, vendor/tcsh/6.21.00, vendor/tcpdump/4.9.3, vendor/libpcap/1.9.1, vendor/device-tree/5.3, vendor/device-tree/5.2, vendor/lldb/lldb-release_900-r372316, vendor/clang/clang-release_900-r372316, vendor/llvm/llvm-release_900-r372316, vendor/tzdata/tzdata2019c, vendor/openssl/1.0.2t, vendor/openssl/1.1.1d, vendor/NetBSD/libedit/2019-09-10, vendor/lld/lld-release_90-r371301, vendor/lld/lld-release_900-r372316, vendor/clang/clang-release_90-r371301, vendor/llvm/llvm-release_90-r371301, vendor/lld/lld-release_90-r370514, vendor/libc++/libc++-release_90-r370514, vendor/libc++/libc++-release_90-r371301, vendor/libc++/libc++-release_900-r372316, vendor/compiler-rt/compiler-rt-release_90-r370514, vendor/compiler-rt/compiler-rt-release_90-r371301, vendor/compiler-rt/compiler-rt-release_900-r372316, vendor/clang/clang-release_90-r370514, vendor/llvm/llvm-release_90-r370514, vendor/lldb/lldb-trunk-r366426, vendor/wpa/2.9, vendor/lldb/lldb-release_90-r369369, vendor/lldb/lldb-release_90-r370514, vendor/lldb/lldb-release_90-r371301, vendor/lld/lld-release_90-r369369, vendor/libc++/libc++-release_90-r369369, vendor/compiler-rt/compiler-rt-release_90-r369369, vendor/clang/clang-release_90-r369369, vendor/llvm/llvm-release_90-r369369, vendor/llvm-openmp/openmp-release_90-r369369, vendor/llvm-openmp/openmp-release_90-r370514, vendor/llvm-openmp/openmp-release_90-r371301, vendor/llvm-openmp/openmp-release_900-r372316, vendor/llvm-openmp/openmp-trunk-r366426, vendor/lld/lld-trunk-r366426, vendor/llvm-libunwind/libunwind-release_90-r369369, vendor/llvm-libunwind/libunwind-release_90-r370514, vendor/llvm-libunwind/libunwind-release_90-r371301, vendor/llvm-libunwind/libunwind-release_900-r372316, vendor/llvm-libunwind/libunwind-trunk-r366426, vendor/libc++/libc++-trunk-r366426, vendor/compiler-rt/compiler-rt-trunk-r366426, vendor/clang/clang-trunk-r366426, vendor/llvm/llvm-trunk-r366426, vendor/acpica/20190816, vendor/bzip2/1.0.8, vendor/zstd/1.4.2, vendor/zstd/1.4.1, vendor/mandoc/20190723, vendor/libcxxrt/2019-07-26-f96846efbfd508f66d91fcbbef5dd808947c7f6d, vendor/llvm-libunwind/libunwind-release_801-r366581, vendor/clang/clang-release_801-r366581, vendor/sqlite3/sqlite-3290000, vendor/acpica/20190703, vendor/llvm-openmp/openmp-release_80-r364487, vendor/llvm-openmp/openmp-release_801-r366581, vendor/lldb/lldb-release_80-r364487, vendor/lldb/lldb-release_801-r366581, vendor/lld/lld-release_80-r364487, vendor/lld/lld-release_801-r366581, vendor/llvm-libunwind/libunwind-release_80-r364487, vendor/clang/clang-release_80-r364487, release/11.3.0, upstream/11.3.0, vendor/tzdata/tzdata2019b, vendor/unbound/1.9.2, vendor/unbound/1.9.1, vendor/elftoolchain/elftoolchain-r3769, vendor/less/v551, vendor/bzip2/1.0.7, vendor/libarchive/3.4.0, vendor/lldb/lldb-release_80-r363030, vendor/lld/lld-release_80-r363030, vendor/llvm-libunwind/libunwind-release_80-r363030, vendor/libc++/libc++-release_80-r363030, vendor/libc++/libc++-release_80-r364487, vendor/libc++/libc++-release_801-r366581, vendor/compiler-rt/compiler-rt-release_80-r363030, vendor/compiler-rt/compiler-rt-release_80-r364487, vendor/compiler-rt/compiler-rt-release_801-r366581, vendor/clang/clang-release_80-r363030, vendor/llvm/llvm-release_80-r363030, vendor/llvm/llvm-release_80-r364487, vendor/llvm/llvm-release_801-r366581, vendor/one-true-awk/4189ef5d, vendor/ena-com/2.0.0, vendor/openssl/1.0.2s, vendor/openssl/1.1.1c, vendor/libfdt/1.5.0, zfs-0.8.0, vendor/netcat/6.5, vendor/netcat/6.4, vendor/netcat/6.3, vendor/netcat/6.2, vendor/netcat/6.1, vendor/netcat/6.0, vendor/acpica/20190509, zfs-0.8.0-rc5, vendor/device-tree/5.1, vendor/Juniper/libxo/1.0.4, vendor/sqlite3/sqlite-3280000, vendor/wpa/2.8, vendor/sqlite3/sqlite-3270200, vendor/zstd/1.4.0, zfs-0.8.0-rc4, vendor/device-tree/5.0, vendor/sqlite3/sqlite-3270100, vendor/acpica/20190405, vendor/Juniper/libxo/1.0.2, vendor/acpica/20190329, vendor/mandoc/1.14.5, vendor/tzdata/tzdata2019a, vendor/clang/clang-release_800-r356365, vendor/llvm-openmp/openmp-release_80-r356034, vendor/llvm-openmp/openmp-release_80-r363030, vendor/llvm-openmp/openmp-release_800-r356365, vendor/llvm-openmp/openmp-trunk-r351319, vendor/clang/clang-release_80-r356034, vendor/llvm/llvm-release_80-r356034, vendor/llvm/llvm-release_800-r356365, vendor/llvm-libunwind/libunwind-release_80-r355677, vendor/llvm-libunwind/libunwind-release_80-r356034, vendor/llvm-libunwind/libunwind-release_800-r356365, vendor/clang/clang-release_80-r355677, vendor/llvm/llvm-release_80-r355677, vendor/llvm-libunwind/libunwind-trunk-r351319, vendor/ntp/4.2.8p13, vendor/libc++/libc++-release_80-r355313, vendor/libc++/libc++-release_80-r355677, vendor/libc++/libc++-release_80-r356034, vendor/libc++/libc++-release_800-r356365, vendor/clang/clang-release_80-r355313, vendor/llvm/llvm-release_80-r355313, vendor/openssl/1.0.2r, vendor/openssl/1.1.1b, vendor/lldb/lldb-release_80-r354799, vendor/lldb/lldb-release_80-r355313, vendor/lldb/lldb-release_80-r355677, vendor/lldb/lldb-release_80-r356034, vendor/lldb/lldb-release_800-r356365, vendor/lld/lld-release_80-r354799, vendor/lld/lld-release_80-r355313, vendor/lld/lld-release_80-r355677, vendor/lld/lld-release_80-r356034, vendor/lld/lld-release_800-r356365, vendor/libc++/libc++-release_80-r354799, vendor/compiler-rt/compiler-rt-release_80-r354799, vendor/compiler-rt/compiler-rt-release_80-r355313, vendor/compiler-rt/compiler-rt-release_80-r355677, vendor/compiler-rt/compiler-rt-release_80-r356034, vendor/compiler-rt/compiler-rt-release_800-r356365, vendor/clang/clang-release_80-r354799, vendor/llvm/llvm-release_80-r354799, vendor/openpam/TABEBUIA, vendor/acpica/20190215, vendor/lld/lld-release_80-r354130, vendor/compiler-rt/compiler-rt-release_80-r354130, vendor/clang/clang-release_80-r354130, vendor/llvm/llvm-release_80-r354130, vendor/google/googletest/1.8.1, vendor/unbound/1.9.0, vendor/lldb/lldb-release_80-r353167, vendor/lldb/lldb-release_80-r354130, vendor/lld/lld-release_80-r353167, vendor/libc++/libc++-release_80-r353167, vendor/libc++/libc++-release_80-r354130, vendor/compiler-rt/compiler-rt-release_80-r353167, vendor/clang/clang-release_80-r353167, vendor/llvm/llvm-release_80-r353167, vendor/openssh/7.9p1, vendor/bearssl/6433cc2, vendor/lldb/lldb-release_80-r351543, vendor/lld/lld-release_80-r351543, vendor/libc++/libc++-release_80-r351543, vendor/clang/clang-release_80-r351543, vendor/llvm/llvm-release_80-r351543, vendor/lldb/lldb-trunk-r351319, vendor/lld/lld-trunk-r351319, vendor/libc++/libc++-trunk-r351319, vendor/compiler-rt/compiler-rt-release_80-r351543, vendor/compiler-rt/compiler-rt-trunk-r351319, vendor/clang/clang-trunk-r351319, vendor/llvm/llvm-trunk-r351319, vendor/ena-com/1.1.4.6, zfs-0.8.0-rc3, vendor/device-tree/4.20, vendor/elftoolchain/elftoolchain-r3668, vendor/acpica/20190108, vendor/tzdata/tzdata2018i, vendor/tzdata/tzdata2018h, vendor/zstd/1.3.8, vendor/NetBSD/bmake/20181221, vendor/sqlite3/sqlite-3260000, vendor/clang/clang-release_701-r349250, vendor/acpica/20181213, vendor/libc++/libc++-release_70-r348686, vendor/libc++/libc++-release_701-r349250, vendor/clang/clang-release_70-r348686, vendor/llvm/llvm-release_70-r348686, vendor/llvm/llvm-release_701-r349250, release/12.0.0, upstream/12.0.0, vendor/wpa/2.7, vendor/NetBSD/bmake/20180919, vendor/lldb/lldb-release_70-r348011, vendor/lldb/lldb-release_70-r348686, vendor/lldb/lldb-release_701-r349250, vendor/clang/clang-release_70-r348011, vendor/llvm/llvm-release_70-r348011, vendor/ck/20181120, vendor/openssl/1.0.2q, vendor/openssl/1.1.1a, zfs-0.8.0-rc2, vendor/device-tree/4.19, vendor/lld/lld-release_70-r346007, vendor/lld/lld-release_70-r348011, vendor/lld/lld-release_70-r348686, vendor/lld/lld-release_701-r349250, vendor/clang/clang-release_70-r346007, vendor/llvm/llvm-release_70-r346007, vendor/expat/2.2.6, vendor/acpica/20181031, vendor/tzdata/tzdata2018g, vendor/zstd/1.3.7, vendor/zstd/1.3.4, vendor/zstd/1.3.3, vendor/dialog/1.3-20180621, vendor/tzdata/tzdata2018f, vendor/ck/20181014, vendor/unbound/1.8.1, vendor/subversion/subversion-1.10.2, vendor/apr-util/apr-util-1.6.1, vendor/apr/apr-1.6.5, vendor/serf/serf-1.3.9, vendor/acpica/20181003, vendor/acpica/20180927, vendor/libevent/2.1.18, vendor/libevent/2.1.8, vendor/mandoc/1.14.4, vendor/lld/lld-release_700-r342383, vendor/clang/clang-release_700-r342383, vendor/openssl/1.1.1, vendor/lld/lld-release_70-r341916, vendor/libc++/libc++-release_70-r341916, vendor/libc++/libc++-release_70-r346007, vendor/libc++/libc++-release_70-r348011, vendor/libc++/libc++-release_700-r342383, vendor/compiler-rt/compiler-rt-release_70-r341916, vendor/compiler-rt/compiler-rt-release_70-r346007, vendor/compiler-rt/compiler-rt-release_70-r348011, vendor/compiler-rt/compiler-rt-release_70-r348686, vendor/compiler-rt/compiler-rt-release_700-r342383, vendor/compiler-rt/compiler-rt-release_701-r349250, vendor/clang/clang-release_70-r341916, vendor/llvm/llvm-release_70-r341916, vendor/llvm/llvm-release_700-r342383, vendor/unbound/1.8.0, vendor/unbound/1.7.3, vendor/unbound/1.7.2, zfs-0.8.0-rc1, vendor/libarchive/3.3.3, vendor/lld/lld-release_70-r340910, vendor/libc++/libc++-release_70-r340910, vendor/compiler-rt/compiler-rt-release_70-r340910, vendor/clang/clang-release_70-r340910, vendor/llvm/llvm-release_70-r340910, vendor/openssh/7.8p1, vendor/ntp/4.2.8p12, vendor/lldb/lldb-release_70-r339999, vendor/lldb/lldb-release_70-r340910, vendor/lldb/lldb-release_70-r341916, vendor/lldb/lldb-release_70-r346007, vendor/lldb/lldb-release_700-r342383, vendor/lld/lld-release_70-r339999, vendor/libc++/libc++-release_70-r339999, vendor/clang/clang-release_70-r339999, vendor/llvm/llvm-release_70-r339999, vendor/openssl/1.0.2p, vendor/device-tree/4.18, vendor/tzdb/tzcode2018e, vendor/lldb/lldb-release_70-r339355, vendor/lld/lld-release_70-r339355, vendor/compiler-rt/compiler-rt-release_70-r339355, vendor/compiler-rt/compiler-rt-release_70-r339999, vendor/clang/clang-release_70-r339355, vendor/llvm/llvm-release_70-r339355, vendor/lua/5.3.5, vendor/acpica/20180810, vendor/ck/20180809, vendor/libc++/libc++-release_70-r338892, vendor/libc++/libc++-release_70-r339355, vendor/compiler-rt/compiler-rt-release_70-r338892, vendor/clang/clang-release_70-r338892, vendor/llvm/llvm-release_70-r338892, vendor/lldb/lldb-release_70-r338892, vendor/lldb/lldb-trunk-r338536, vendor/lld/lld-release_70-r338892, vendor/lld/lld-trunk-r338536, vendor/libc++/libc++-trunk-r338536, vendor/compiler-rt/compiler-rt-trunk-r338536, vendor/clang/clang-trunk-r338536, vendor/llvm/llvm-trunk-r338536, vendor/file/5.34, vendor/lldb/lldb-trunk-r338150, vendor/lld/lld-trunk-r338150, vendor/libc++/libc++-trunk-r338150, vendor/compiler-rt/compiler-rt-trunk-r338150, vendor/clang/clang-trunk-r338150, vendor/llvm/llvm-trunk-r338150, vendor/bsnmp/1.13, vendor/libfdt/1.4.7, vendor/ck/20180711, vendor/acpica/20180629, vendor/lldb/lldb-release_601-r335540, vendor/lld/lld-release_601-r335540, vendor/libc++/libc++-release_601-r335540, vendor/compiler-rt/compiler-rt-release_601-r335540, vendor/clang/clang-release_601-r335540, vendor/llvm/llvm-release_601-r335540, release/11.2.0, upstream/11.2.0, vendor/device-tree/4.17, vendor/acpica/20180531, vendor/ck/20180524, vendor/Juniper/libxo/0.9.0, vendor/file/5.33, vendor/NetBSD/bmake/20180512, vendor/xz/5.2.4, vendor/ck/20180517, vendor/unbound/1.7.1, vendor/unbound/1.7.0, vendor/unbound/1.6.8, vendor/unbound/1.6.7, vendor/unbound/1.6.6, vendor/unbound/1.6.5, vendor/unbound/1.6.4, vendor/unbound/1.6.3, vendor/unbound/1.6.2, vendor/unbound/1.6.1, vendor/ena-com/1.1.4.5, vendor/acpica/20180508, vendor/sqlite3/sqlite-3230100, vendor/subversion/subversion-1.10.0, vendor/openssh/7.7p1, vendor/openssh/7.6p1, vendor/tzdata/tzdata2018e, vendor/acpica/20180427, vendor/elftoolchain/elftoolchain-r3614, vendor/device-tree/4.16, vendor/opencsd/900407e9d6400f6541138d6c2e483a9fc2d699a4, vendor/heimdal/7.5.0, vendor/krb5/1.16, vendor/ck/20180304, vendor/openssl/1.0.2o, vendor/tzdata/tzdata2018d, vendor/processor-trace/24982c1a6fce48f1e416461d42899805f74fbb26, vendor/acpica/20180313, vendor/lld/lld-release_600-r326565, vendor/clang/clang-release_600-r326565, vendor/llvm/llvm-release_600-r326565, vendor/NetBSD/bmake/20180222, vendor/ntp/4.2.8p11, vendor/lldb/lldb-release_60-r325932, vendor/lldb/lldb-release_600-r326565, vendor/lld/lld-release_60-r325932, vendor/clang/clang-release_60-r325932, vendor/llvm/llvm-release_60-r325932, vendor/less/v530, vendor/lldb/lldb-release_60-r325330, vendor/lld/lld-release_60-r325330, vendor/libc++/libc++-release_60-r325330, vendor/libc++/libc++-release_60-r325932, vendor/libc++/libc++-release_600-r326565, vendor/compiler-rt/compiler-rt-release_60-r325330, vendor/compiler-rt/compiler-rt-release_60-r325932, vendor/compiler-rt/compiler-rt-release_600-r326565, vendor/clang/clang-release_60-r325330, vendor/llvm/llvm-release_60-r325330, vendor/device-tree/4.15, vendor/acpica/20180209, vendor/lld/lld-release_60-r324090, vendor/clang/clang-release_60-r324090, vendor/llvm/llvm-release_60-r324090, vendor/lld/lld-release_60-r323948, vendor/compiler-rt/compiler-rt-release_60-r323948, vendor/compiler-rt/compiler-rt-release_60-r324090, vendor/clang/clang-release_60-r323948, vendor/llvm/llvm-release_60-r323948, vendor/lldb/lldb-release_60-r323338, vendor/lldb/lldb-release_60-r323948, vendor/lldb/lldb-release_60-r324090, vendor/lld/lld-release_60-r323338, vendor/libc++/libc++-release_60-r323338, vendor/libc++/libc++-release_60-r323948, vendor/libc++/libc++-release_60-r324090, vendor/compiler-rt/compiler-rt-release_60-r323338, vendor/clang/clang-release_60-r323338, vendor/llvm/llvm-release_60-r323338, vendor/tzdata/tzdata2018c, vendor/libfdt/1.4.6, vendor/tzdata/tzdata2018a, vendor/dtc/1.4.6, vendor/lldb/lldb-release_60-r321788, vendor/lld/lld-release_60-r321788, vendor/libc++/libc++-release_60-r321788, vendor/compiler-rt/compiler-rt-release_60-r321788, vendor/clang/clang-release_60-r321788, vendor/llvm/llvm-release_60-r321788, vendor/acpica/20180105, vendor/compiler-rt/compiler-rt-trunk-r321545, vendor/llvm/llvm-trunk-r321545, vendor/lldb/lldb-trunk-r321530, vendor/lldb/lldb-trunk-r321545, vendor/lld/lld-trunk-r321530, vendor/lld/lld-trunk-r321545, vendor/libc++/libc++-trunk-r321530, vendor/libc++/libc++-trunk-r321545, vendor/compiler-rt/compiler-rt-trunk-r321530, vendor/clang/clang-trunk-r321530, vendor/clang/clang-trunk-r321545, vendor/llvm/llvm-trunk-r321530, vendor/lld/lld-trunk-r321426, vendor/clang/clang-trunk-r321426, vendor/llvm/llvm-trunk-r321426, vendor/lldb/lldb-trunk-r321414, vendor/lldb/lldb-trunk-r321426, vendor/lld/lld-trunk-r321414, vendor/libc++/libc++-trunk-r321414, vendor/libc++/libc++-trunk-r321426, vendor/compiler-rt/compiler-rt-trunk-r321414, vendor/compiler-rt/compiler-rt-trunk-r321426, vendor/clang/clang-trunk-r321414, vendor/llvm/llvm-trunk-r321414, vendor/lldb/lldb-trunk-r321017, vendor/lld/lld-trunk-r321017, vendor/libc++/libc++-trunk-r321017, vendor/compiler-rt/compiler-rt-trunk-r321017, vendor/clang/clang-trunk-r321017, vendor/llvm/llvm-trunk-r321017, vendor/lld/lld-release_501-r320880, vendor/clang/clang-release_501-r320880, vendor/llvm/llvm-release_501-r320880, vendor/acpica/20171214, vendor/openssl/1.0.2n, vendor/lldb/lldb-release_50-r319231, vendor/lldb/lldb-release_501-r320880, vendor/lld/lld-release_50-r319231, vendor/libc++/libc++-release_50-r319231, vendor/libc++/libc++-release_501-r320880, vendor/clang/clang-release_50-r319231, vendor/llvm/llvm-release_50-r319231, vendor/lua/5.3.4, vendor/NetBSD/libc-vis/20171127 |
|
| #
fe267a55 |
| 27-Nov-2017 |
Pedro F. Giffuni <pfg@FreeBSD.org> |
sys: general adoption of SPDX licensing ID tags.
Mainly focus on files that use BSD 2-Clause license, however the tool I
was using misidentified many licenses so this was mostly a manual - error
pro
sys: general adoption of SPDX licensing ID tags.
Mainly focus on files that use BSD 2-Clause license, however the tool I
was using misidentified many licenses so this was mostly a manual - error
prone - task.
The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.
No functional change intended.
show more ...
|
|
Revision tags: vendor/less/v529, vendor/device-tree/4.14, vendor/acpica/20171110, vendor/zstd/1.3.2, vendor/ena-com/1.1.4.4, vendor/openssl/1.0.2m, vendor/NetBSD/bmake/20171028, vendor/ena-com/1.1.4.3, vendor/tzdata/tzdata2017c, vendor/device-tree/4.13, vendor/wpa/2.6, vendor/mandoc/1.14.3, vendor/acpica/20170929, release/10.4.0, upstream/10.4.0, vendor/tcpdump/4.9.2, vendor/file/5.32, vendor/NetBSD/libedit/2017-09-05, vendor/clang/clang-release_500-r312559, vendor/llvm/llvm-release_500-r312559, vendor/lldb/lldb-release_50-r312293, vendor/lldb/lldb-release_500-r312559, vendor/lld/lld-release_50-r312293, vendor/lld/lld-release_500-r312559, vendor/libc++/libc++-release_50-r312293, vendor/libc++/libc++-release_500-r312559, vendor/compiler-rt/compiler-rt-release_50-r312293, vendor/compiler-rt/compiler-rt-release_50-r319231, vendor/compiler-rt/compiler-rt-release_500-r312559, vendor/compiler-rt/compiler-rt-release_501-r320880, vendor/clang/clang-release_50-r312293, vendor/llvm/llvm-release_50-r312293, vendor/ctfdump/20170831, vendor/acpica/20170831, vendor/lldb/lldb-release_50-r311606, vendor/compiler-rt/compiler-rt-release_50-r311606, vendor/clang/clang-release_50-r311606, vendor/llvm/llvm-release_50-r311606, vendor/zstd/1.3.1 |
|
| #
22bbefb2 |
| 21-Aug-2017 |
Andrey V. Elsukov <ae@FreeBSD.org> |
Fix the regression introduced in r275710.
When a security policy should match TCP connection with specific ports,
the SYN+ACK segment send by syncache_respond() is considered as forwarded
packet, be
Fix the regression introduced in r275710.
When a security policy should match TCP connection with specific ports,
the SYN+ACK segment send by syncache_respond() is considered as forwarded
packet, because at this moment TCP connection does not have PCB structure,
and ip_output() is called without inpcb pointer. In this case SPIDX filled
for SP lookup will not contain TCP ports and security policy will not
be found. This can lead to unencrypted SYN+ACK on the wire.
This patch restores the old behavior, when ports will not be filled only
for forwarded packets.
Reported by: Dewayne Geraghty <dewayne.geraghty at heuristicsystems.com.au>
MFC after: 1 week
show more ...
|
|
Revision tags: vendor/lld/lld-release_50-r311219, vendor/lld/lld-release_50-r311606, vendor/libc++/libc++-release_50-r311219, vendor/libc++/libc++-release_50-r311606, vendor/clang/clang-release_50-r311219, vendor/llvm/llvm-release_50-r311219, vendor/sqlite3/sqlite-3200000, vendor/subversion/subversion-1.9.7, vendor/libc++/libc++-release_50-r310316, vendor/clang/clang-release_50-r310316, vendor/llvm/llvm-release_50-r310316, vendor/Juniper/libxo/0.8.4, vendor/openssh/7.5p1, vendor/ena-com/1.1.4.2, vendor/mandoc/1.14.2 |
|
| #
1a01e0e7 |
| 31-Jul-2017 |
Andrey V. Elsukov <ae@FreeBSD.org> |
Add inpcb pointer to struct ipsec_ctx_data and pass it to the pfil hook
from enc_hhook().
This should solve the problem when pf is used with if_enc(4) interface,
and outbound packet with existing PC
Add inpcb pointer to struct ipsec_ctx_data and pass it to the pfil hook
from enc_hhook().
This should solve the problem when pf is used with if_enc(4) interface,
and outbound packet with existing PCB checked by pf, and this leads to
deadlock due to pf does its own PCB lookup and tries to take rlock when
wlock is already held.
Now we pass PCB pointer if it is known to the pfil hook, this helps to
avoid extra PCB lookup and thus rlock acquiring is not needed.
For inbound packets it is safe to pass NULL, because we do not held any
PCB locks yet.
PR: 220217
MFC after: 3 weeks
Sponsored by: Yandex LLC
show more ...
|
|
Revision tags: vendor/lldb/lldb-release_50-r309439, vendor/lldb/lldb-release_50-r310316, vendor/lldb/lldb-release_50-r311219, vendor/lld/lld-release_50-r309439, vendor/lld/lld-release_50-r310316, vendor/libc++/libc++-release_50-r309439, vendor/clang/clang-release_50-r309439, vendor/llvm/llvm-release_50-r309439, vendor/acpica/20170728, zfs-0.7.0, vendor/NetBSD/bmake/20170720, release/11.1.0, upstream/11.1.0, vendor/lldb/lldb-trunk-r308421, vendor/lld/lld-trunk-r308421, vendor/libc++/libc++-trunk-r308421, vendor/compiler-rt/compiler-rt-release_50-r309439, vendor/compiler-rt/compiler-rt-release_50-r310316, vendor/compiler-rt/compiler-rt-release_50-r311219, vendor/compiler-rt/compiler-rt-trunk-r308421, vendor/clang/clang-trunk-r308421, vendor/llvm/llvm-trunk-r308421, vendor/NetBSD/bmake/20170711, vendor/zstd/1.3.0, vendor/lldb/lldb-trunk-r307894, vendor/lld/lld-trunk-r307894, vendor/libc++/libc++-trunk-r307894, vendor/compiler-rt/compiler-rt-trunk-r307894, vendor/clang/clang-trunk-r307894, vendor/llvm/llvm-trunk-r307894, zfs-0.7.0-rc5, vendor/libarchive/3.3.2, vendor/device-tree/4.12, vendor/krb5/1.15.1, vendor/lldb/lldb-trunk-r306956, vendor/lld/lld-trunk-r306956, vendor/libc++/libc++-trunk-r306956, vendor/compiler-rt/compiler-rt-trunk-r306956, vendor/clang/clang-trunk-r306956, vendor/llvm/llvm-trunk-r306956, vendor/acpica/20170629, vendor/pjdfstest/0.1, vendor/lldb/lldb-trunk-r306325, vendor/lld/lld-trunk-r306325, vendor/libc++/libc++-trunk-r306325, vendor/compiler-rt/compiler-rt-trunk-r306325, vendor/clang/clang-trunk-r306325, vendor/llvm/llvm-trunk-r306325, vendor/elftoolchain/elftoolchain-r3561, vendor/device-tree/4.11, vendor/lldb/lldb-trunk-r305575, vendor/lld/lld-trunk-r305575, vendor/libc++/libc++-trunk-r305575, vendor/compiler-rt/compiler-rt-trunk-r305575, vendor/clang/clang-trunk-r305575, vendor/llvm/llvm-trunk-r305575, vendor/Juniper/libxo/0.8.2, vendor/lldb/lldb-trunk-r305145, vendor/lld/lld-trunk-r305145, vendor/libc++/libc++-trunk-r305145, vendor/compiler-rt/compiler-rt-trunk-r305145, vendor/clang/clang-trunk-r305145, vendor/llvm/llvm-trunk-r305145, vendor/Juniper/libxo/0.8.1, vendor/mandoc/20170608, vendor/Juniper/libxo/0.8.0, vendor/lldb/lldb-trunk-r304659, vendor/lld/lld-trunk-r304659, vendor/libc++/libc++-trunk-r304659, vendor/compiler-rt/compiler-rt-trunk-r304659, vendor/clang/clang-trunk-r304659, vendor/llvm/llvm-trunk-r304659, vendor/lldb/lldb-trunk-r304460, vendor/lld/lld-trunk-r304460, vendor/libc++/libc++-trunk-r304460, vendor/compiler-rt/compiler-rt-trunk-r304460, vendor/clang/clang-trunk-r304460, vendor/llvm/llvm-trunk-r304460, vendor/acpica/20170531, vendor/byacc/20170430, vendor/lldb/lldb-trunk-r304222, vendor/lld/lld-trunk-r304222, vendor/libc++/libc++-trunk-r304222, vendor/clang/clang-trunk-r304222, vendor/llvm/llvm-trunk-r304222, vendor/lldb/lldb-trunk-r304149, vendor/lld/lld-trunk-r304149, vendor/libc++/libc++-trunk-r304149, vendor/compiler-rt/compiler-rt-trunk-r304149, vendor/compiler-rt/compiler-rt-trunk-r304222, vendor/clang/clang-trunk-r304149, vendor/llvm/llvm-trunk-r304149 |
|
| #
7f1f6591 |
| 29-May-2017 |
Andrey V. Elsukov <ae@FreeBSD.org> |
Disable IPsec debugging code by default when IPSEC_DEBUG kernel option
is not specified.
Due to the long call chain IPsec code can produce the kernel stack
exhaustion on the i386 architecture. The d
Disable IPsec debugging code by default when IPSEC_DEBUG kernel option
is not specified.
Due to the long call chain IPsec code can produce the kernel stack
exhaustion on the i386 architecture. The debugging code usually is not
used, but it requires a lot of stack space to keep buffers for strings
formatting. This patch conditionally defines macros to disable building
of IPsec debugging code.
IPsec currently has two sysctl variables to configure debug output:
* net.key.debug variable is used to enable debug output for PF_KEY
protocol. Such debug messages are produced by KEYDBG() macro and
usually they can be interesting for developers.
* net.inet.ipsec.debug variable is used to enable debug output for
DPRINTF() macro and ipseclog() function. DPRINTF() macro usually
is used for development debugging. ipseclog() function is used for
debugging by administrator.
The patch disables KEYDBG() and DPRINTF() macros, and formatting buffers
declarations when IPSEC_DEBUG is not present in kernel config. This reduces
stack requirement for up to several hundreds of bytes.
The net.inet.ipsec.debug variable still can be used to enable ipseclog()
messages by administrator.
PR: 219476
Reported by: eugen
No objection from: #network
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D10869
show more ...
|
|
Revision tags: vendor/openssl/1.0.2l |
|
| #
3aee7099 |
| 23-May-2017 |
Andrey V. Elsukov <ae@FreeBSD.org> |
Fix possible double releasing for SA and SP references.
There are two possible ways how crypto callback are called: directly from
caller and deffered from crypto thread.
For outbound packets the di
Fix possible double releasing for SA and SP references.
There are two possible ways how crypto callback are called: directly from
caller and deffered from crypto thread.
For outbound packets the direct call chain is the following:
IPSEC_OUTPUT() method -> ipsec[46]_common_output() ->
-> ipsec[46]_perform_request() -> xform_output() ->
-> crypto_dispatch() -> crypto_invoke() -> crypto_done() ->
-> xform_output_cb() -> ipsec_process_done() -> ip[6]_output().
The SA and SP references are held while crypto processing is not finished.
The error handling code wrongly expected that crypto callback always called
from the crypto thread context, and it did references releasing in
xform_output_cb(). But when the crypto callback called directly, in case of
error the error handling code in ipsec[46]_perform_request() also did
references releasing.
To fix this, remove error handling from ipsec[46]_perform_request() and do it
in xform_output() before crypto_dispatch().
MFC after: 10 days
show more ...
|
|
Revision tags: vendor/lldb/lldb-trunk-r303571, vendor/lld/lld-trunk-r303571, vendor/libc++/libc++-trunk-r303571, vendor/compiler-rt/compiler-rt-trunk-r303571, vendor/clang/clang-trunk-r303571, vendor/llvm/llvm-trunk-r303571, vendor/lldb/lldb-trunk-r303291, vendor/lld/lld-trunk-r303291, vendor/libc++/libc++-trunk-r303291, vendor/compiler-rt/compiler-rt-trunk-r303291, vendor/clang/clang-trunk-r303291, vendor/llvm/llvm-trunk-r303291, vendor/lldb/lldb-trunk-r303197, vendor/lld/lld-trunk-r303197, vendor/libc++/libc++-trunk-r303197, vendor/compiler-rt/compiler-rt-trunk-r303197, vendor/clang/clang-trunk-r303197, vendor/llvm/llvm-trunk-r303197, vendor/Juniper/libxo/0.7.2, vendor/lldb/lldb-trunk-r302418, vendor/lld/lld-trunk-r302418, vendor/libc++/libc++-trunk-r302418, vendor/compiler-rt/compiler-rt-trunk-r302418, vendor/clang/clang-trunk-r302418, vendor/llvm/llvm-trunk-r302418, vendor/zstd/1.2.0, zfs-0.7.0-rc4, vendor/lldb/lldb-trunk-r302069, vendor/lld/lld-trunk-r302069, vendor/compiler-rt/compiler-rt-trunk-r302069, vendor/clang/clang-trunk-r302069, vendor/llvm/llvm-trunk-r302069, vendor/NetBSD/blacklist/20170503, vendor/lldb/lldb-trunk-r301939, vendor/lld/lld-trunk-r301939, vendor/compiler-rt/compiler-rt-trunk-r301939, vendor/clang/clang-trunk-r301939, vendor/llvm/llvm-trunk-r301939, vendor/openpam/RESEDACEA, vendor/less/v491, vendor/ena-com/1.1.4.1, vendor/llvm/llvm-trunk-r301441, vendor/lldb/lldb-trunk-r301441, vendor/lld/lld-trunk-r301441, vendor/libc++/libc++-trunk-r301441, vendor/libc++/libc++-trunk-r301939, vendor/libc++/libc++-trunk-r302069, vendor/compiler-rt/compiler-rt-trunk-r301441, vendor/clang/clang-trunk-r301441, vendor/less/v487, vendor/NetBSD/bmake/20170420, vendor/lldb/lldb-trunk-r300890, vendor/lld/lld-trunk-r300890, vendor/libc++/libc++-trunk-r300890, vendor/compiler-rt/compiler-rt-trunk-r300890, vendor/clang/clang-trunk-r300890, vendor/llvm/llvm-trunk-r300890, vendor/elftoolchain/elftoolchain-r3520, vendor/lldb/lldb-trunk-r300422, vendor/lld/lld-trunk-r300422, vendor/libc++/libc++-trunk-r300422, vendor/compiler-rt/compiler-rt-trunk-r300422, vendor/clang/clang-trunk-r300422, vendor/llvm/llvm-trunk-r300422, vendor/zstd/1.1.4, vendor/NetBSD/bmake/20170413, vendor/ck/20170407, vendor/tzdata/tzdata2017b, vendor/libcxxrt/2017-03-22-8a853717e61d5d55cbdf74d9d0a7545da5d5ff92, vendor/ntp/4.2.8p10, vendor/tcsh/6.20.00, vendor/dtc/1.4.3, vendor/lld/lld-release_400-r297347, vendor/libc++/libc++-release_400-r297347, vendor/clang/clang-release_400-r297347, vendor/llvm/llvm-release_400-r297347, vendor/edk2/7babb4372e6a34cbbc54249b25056272a5a9924c, vendor/device-tree/4.10, vendor/NetBSD/bmake/20170301, vendor/acpica/20170303, vendor/libarchive/3.3.1, vendor/dma/20170210, vendor/ck/20170228, vendor/llvm/llvm-release_40-r296509, vendor/acpica/20170224, vendor/lld/lld-release_40-r296202, vendor/lld/lld-release_40-r296509, vendor/clang/clang-release_40-r296202, vendor/clang/clang-release_40-r296509, vendor/llvm/llvm-release_40-r296202, vendor/clang/clang-release_40-r296002, vendor/llvm/llvm-release_40-r296002, vendor/clang/clang-release_40-r295910, vendor/llvm/llvm-release_40-r295910, vendor/mandoc/1.4.1, vendor/openpam/RADULA, vendor/mandoc/1.4.1rc2, vendor/libucl/20170219, vendor/libc++/libc++-release_40-r295380, vendor/libc++/libc++-release_40-r295910, vendor/libc++/libc++-release_40-r296002, vendor/libc++/libc++-release_40-r296202, vendor/libc++/libc++-release_40-r296509, vendor/compiler-rt/compiler-rt-release_40-r295380, vendor/compiler-rt/compiler-rt-release_40-r295910, vendor/compiler-rt/compiler-rt-release_40-r296002, vendor/compiler-rt/compiler-rt-release_40-r296202, vendor/compiler-rt/compiler-rt-release_40-r296509, vendor/compiler-rt/compiler-rt-release_400-r297347, vendor/clang/clang-release_40-r295380, vendor/llvm/llvm-release_40-r295380, vendor/libpcap/1.8.1, vendor/lld/lld-release_40-r294803, vendor/lld/lld-release_40-r295380, vendor/lld/lld-release_40-r295910, vendor/lld/lld-release_40-r296002, vendor/libc++/libc++-release_40-r294803, vendor/clang/clang-release_40-r294803, vendor/llvm/llvm-release_40-r294803 |
|
| #
fcf59617 |
| 06-Feb-2017 |
Andrey V. Elsukov <ae@FreeBSD.org> |
Merge projects/ipsec into head/.
Small summary
-------------
o Almost all IPsec releated code was moved into sys/netipsec.
o New kernel modules added: ipsec.ko and tcpmd5.ko. New kernel
option
Merge projects/ipsec into head/.
Small summary
-------------
o Almost all IPsec releated code was moved into sys/netipsec.
o New kernel modules added: ipsec.ko and tcpmd5.ko. New kernel
option IPSEC_SUPPORT added. It enables support for loading
and unloading of ipsec.ko and tcpmd5.ko kernel modules.
o IPSEC_NAT_T option was removed. Now NAT-T support is enabled by
default. The UDP_ENCAP_ESPINUDP_NON_IKE encapsulation type
support was removed. Added TCP/UDP checksum handling for
inbound packets that were decapsulated by transport mode SAs.
setkey(8) modified to show run-time NAT-T configuration of SA.
o New network pseudo interface if_ipsec(4) added. For now it is
build as part of ipsec.ko module (or with IPSEC kernel).
It implements IPsec virtual tunnels to create route-based VPNs.
o The network stack now invokes IPsec functions using special
methods. The only one header file <netipsec/ipsec_support.h>
should be included to declare all the needed things to work
with IPsec.
o All IPsec protocols handlers (ESP/AH/IPCOMP protosw) were removed.
Now these protocols are handled directly via IPsec methods.
o TCP_SIGNATURE support was reworked to be more close to RFC.
o PF_KEY SADB was reworked:
- now all security associations stored in the single SPI namespace,
and all SAs MUST have unique SPI.
- several hash tables added to speed up lookups in SADB.
- SADB now uses rmlock to protect access, and concurrent threads
can do SA lookups in the same time.
- many PF_KEY message handlers were reworked to reflect changes
in SADB.
- SADB_UPDATE message was extended to support new PF_KEY headers:
SADB_X_EXT_NEW_ADDRESS_SRC and SADB_X_EXT_NEW_ADDRESS_DST. They
can be used by IKE daemon to change SA addresses.
o ipsecrequest and secpolicy structures were cardinally changed to
avoid locking protection for ipsecrequest. Now we support
only limited number (4) of bundled SAs, but they are supported
for both INET and INET6.
o INPCB security policy cache was introduced. Each PCB now caches
used security policies to avoid SP lookup for each packet.
o For inbound security policies added the mode, when the kernel does
check for full history of applied IPsec transforms.
o References counting rules for security policies and security
associations were changed. The proper SA locking added into xform
code.
o xform code was also changed. Now it is possible to unregister xforms.
tdb_xxx structures were changed and renamed to reflect changes in
SADB/SPDB, and changed rules for locking and refcounting.
Reviewed by: gnn, wblock
Obtained from: Yandex LLC
Relnotes: yes
Sponsored by: Yandex LLC
Differential Revision: https://reviews.freebsd.org/D9352
show more ...
|