Revision tags: vendor/llvm-project/llvmorg-18.1.5-0-g617a15a9eac9, vendor/NetBSD/bmake/20240430, vendor/libcbor/0.11.0, vendor/llvm-project/llvmorg-18.1.4-0-ge6c3289804a6, vendor/device-tree/6.8, vendor/device-tree/6.7, vendor/llvm-project/llvmorg-18.1.3-0-gc13b7485b879, vendor/device-tree/6.5, vendor/openssh/9.7p1, vendor/unbound/1.19.3, vendor/NetBSD/bmake/20240309, vendor/sqlite3/sqlite-3450100, vendor/llvm-project/llvmorg-18.1.1-0-gdba2a75e9c7e, vendor/got/diff/2023-09-15, release/13.3.0, vendor/libucl/20240206, vendor/xz/5.6.0, vendor/llvm-project/llvmorg-18.1.0-rc3-0-g6c90f8dd5463, vendor/llvm-project/llvmorg-18.1.0-rc2-53-gc7b0a6ecd442, vendor/arm-optimized-routines/v24.01, vendor/zlib/1.3.1, vendor/expat/2.6.0, vendor/unbound/1.19.1, vendor/tzcode/tzcode2024a, vendor/llvm-project/llvmorg-18.1.0-rc2-0-gc6c86965d967, vendor/tzdata/tzdata2024a, vendor/sendmail/8.18.1, vendor/acpica/20230628, vendor/acpica/20230331, vendor/llvm-project/llvmorg-18-init-18361-g22683463740e, vendor/libcxxrt/2024-01-25-fd484be8d1e94a1fcf6bc5c67e5c07b65ada19b6, vendor/llvm-project/llvmorg-18-init-18359-g93248729cfae, vendor/sqlite3/sqlite-3450000 |
|
#
80044c78 |
| 16-Jan-2024 |
Xavier Beaudouin <xavier.beaudouin@klarasystems.com> |
Add UDP encapsulation of ESP in IPv6
This patch provides UDP encapsulation of ESP packets over IPv6. Ports the IPv4 code to IPv6 and adds support for IPv6 in udpencap.c As required by the RFC and un
Add UDP encapsulation of ESP in IPv6
This patch provides UDP encapsulation of ESP packets over IPv6. Ports the IPv4 code to IPv6 and adds support for IPv6 in udpencap.c As required by the RFC and unlike in IPv4 encapsulation, UDP checksums are calculated.
Co-authored-by: Aurelien Cazuc <aurelien.cazuc.external@stormshield.eu> Sponsored-by: Stormshield Sponsored-by: Wiktel Sponsored-by: Klara, Inc.
show more ...
|
Revision tags: vendor/NetBSD/bmake/20240108, vendor/llvm-project/llvmorg-18-init-16864-g3b3ee1f53424, vendor/llvm-project/llvmorg-18-init-16595-g7c00a5be5cde, vendor/llvm-project/llvmorg-18-init-16003-gfc5f51cf5af4, vendor/bc/6.7.4, vendor/ena-com/2.7.0, vendor/llvm-project/llvmorg-18-init-15692-g007ed0dccd6a, vendor/tzdata/tzdata2023d, vendor/openssh/9.6p1, vendor/llvm-project/llvmorg-18-init-15088-gd14ee76181fb, vendor/llvm-project/llvmorg-18-init-14265-ga17671084db1, vendor/llvm-project/llvmorg-17.0.6-0-g6009708b4367, vendor/xz/5.4.5, vendor/llvm-project/llvmorg-17.0.5-0-g98bfdac5ce82, vendor/unbound/1.19.0, vendor/sqlite3/sqlite-3440000, release/14.0.0, vendor/bc/6.7.2, vendor/llvm-project/llvmorg-17.0.3-0-g888437e1b600, vendor/bsddialog/1.0, vendor/llvm-project/llvmorg-17.0.2-0-gb2417f51dbbd, vendor/openssh/9.5p1, vendor/llvm-project/llvmorg-17.0.1-25-g098e653a5bed, vendor/nvi/2.2.1, vendor/openssl/3.0.11, vendor/sqlite3/sqlite-3430100, vendor/unbound/1.18.0, vendor/NetBSD/bmake/20230909, vendor/openssl/1.1.1w, vendor/llvm-project/llvmorg-17.0.0-rc4-10-g0176e8729ea4, vendor/file/5.45, vendor/llvm-project/llvmorg-17.0.0-rc3-79-ga612cb0b81d8, vendor/krb5/1.21.2, vendor/unifdef/2.12, vendor/unifdef/2.11, 2023.08.19-b34f66deb02e188104, vendor/zlib/1.3 |
|
#
95ee2897 |
| 16-Aug-2023 |
Warner Losh <imp@FreeBSD.org> |
sys: Remove $FreeBSD$: two-line .h pattern
Remove /^\s*\*\n \*\s+\$FreeBSD\$$\n/
|
Revision tags: vendor/less/v643, vendor/NetBSD/libc-vis/20230813, vendor/openssh/9.4p1, vendor/device-tree/6.4, vendor/device-tree/6.3, vendor/device-tree/6.2, vendor/device-tree/6.1, vendor/krb5/1.21.1, vendor/xz/5.4.4, vendor/openssl/3.0.10, vendor/openssl/1.1.1v, vendor/llvm-project/llvmorg-17-init-19311-gbc849e525f80, vendor/llvm-project/llvmorg-17-init-19304-gd0b54bb50e51, vendor/openssh/9.3p2, vendor/lua/5.4.6, vendor/NetBSD/bmake/20230622, vendor/openpam/XIMENIA, vendor/heimdal/7.8.0-2023-06-10-f62e2f278, vendor/openssl/3.0.9, vendor/llvm-project/llvmorg-16.0.6-0-g7cbf1a259152, vendor/ntp/4.2.8p17, vendor/llvm-project/llvmorg-16.0.5-0-g185b81e034ba, vendor/spleen/2.0.0, vendor/ntp/4.2.8p16, vendor/openssl/1.1.1u, vendor/sqlite3/sqlite-3420000, vendor/bc/6.6.0, vendor/llvm-project/llvmorg-16.0.4-0-gae42196bc493, vendor/NetBSD/bmake/20230510, vendor/xz/5.4.3 |
|
#
4d846d26 |
| 10-May-2023 |
Warner Losh <imp@FreeBSD.org> |
spdx: The BSD-2-Clause-FreeBSD identifier is obsolete, drop -FreeBSD
The SPDX folks have obsoleted the BSD-2-Clause-FreeBSD identifier. Catch up to that fact and revert to their recommended match of
spdx: The BSD-2-Clause-FreeBSD identifier is obsolete, drop -FreeBSD
The SPDX folks have obsoleted the BSD-2-Clause-FreeBSD identifier. Catch up to that fact and revert to their recommended match of BSD-2-Clause.
Discussed with: pfg MFC After: 3 days Sponsored by: Netflix
show more ...
|
Revision tags: vendor/tcpdump/4.99.4, vendor/llvm-project/llvmorg-16.0.3-0-gda3cd333bea5, vendor/ldns/1.8.3, vendor/spleen/1.9.3, vendor/libpcap/1.10.4, vendor/spleen/1.6.0, vendor/less/v632, vendor/bc/6.5.0, vendor/libfido2/1.13.0, vendor/libfido2/1.12.0, vendor/libfido2/1.11.0, vendor/libfido2/1.10.0, vendor/libfido2/1.9.0, vendor/NetBSD/bmake/20230414, vendor/llvm-project/llvmorg-16.0.2-0-g18ddebe1a1a9, vendor/libcbor/0.10.2, vendor/tzcode/tzcode2023c, vendor/tzcode/tzcode2023b, vendor/tzcode/tzcode2023a, vendor/sqlite3/sqlite-3410200, vendor/llvm-project/llvmorg-16.0.1-0-gcd89023f7979, release/13.2.0, vendor/llvm-project/llvmorg-16.0.0-45-g42d1b276f779, vendor/llvm-project/llvmorg-16.0.0-0-g08d094a0e457, vendor/tzdata/tzdata2023c, vendor/libpcap/1.10.3, vendor/opencsd/v1.4.0, vendor/arm-optimized-routines/v23.01, vendor/tzdata/tzdata2023b, vendor/tzdata/tzdata2023a, vendor/xz/5.4.2, vendor/openssh/9.3p1, vendor/openssl/3.0.8, vendor/bc/6.4.0, vendor/sqlite3/sqlite-3410000, vendor/bc/6.3.1, vendor/bearssl/20230220, vendor/zlib/1.2.13, vendor/llvm-project/llvmorg-16.0.0-rc2-10-g073506d8c15c, vendor/llvm-project/llvmorg-16-init-18548-gb0daacf58f41, vendor/NetBSD/bmake/20230208, vendor/byacc/20230201, vendor/openssl/1.1.1t, vendor/NetBSD/libedit/2023-01-06, vendor/openssh/9.2p1, vendor/tcsh/6.24.07, vendor/bc/6.2.2, vendor/bc/6.2.1, vendor/bc/6.2.0, vendor/bc/6.1.0, vendor/bc/6.0.4, vendor/NetBSD/bmake/20230126, vendor/Juniper/libxo/1.6.0, vendor/zstd/1.5.2, vendor/xz/5.4.1, vendor/sendmail/8.17.1, vendor/llvm-project/llvmorg-15.0.7-0-g8dfdcc7b7bf6, vendor/heimdal/7.8.0, vendor/sqlite3/sqlite-3400100, vendor/xz/5.4.0, vendor/tzcode/tzcode2022g, vendor/tzcode/tzcode2022f, vendor/tzcode/tzcode2022e, vendor/tzcode/tzcode2022d, vendor/xz/5.2.9 |
|
#
e68b3792 |
| 07-Dec-2022 |
Gleb Smirnoff <glebius@FreeBSD.org> |
tcp: embed inpcb into tcpcb
For the TCP protocol inpcb storage specify allocation size that would provide space to most of the data a TCP connection needs, embedding into struct tcpcb several struct
tcp: embed inpcb into tcpcb
For the TCP protocol inpcb storage specify allocation size that would provide space to most of the data a TCP connection needs, embedding into struct tcpcb several structures, that previously were allocated separately.
The most import one is the inpcb itself. With embedding we can provide strong guarantee that with a valid TCP inpcb the tcpcb is always valid and vice versa. Also we reduce number of allocs/frees per connection. The embedded inpcb is placed in the beginning of the struct tcpcb, since in_pcballoc() requires that. However, later we may want to move it around for cache line efficiency, and this can be done with a little effort. The new intotcpcb() macro is ready for such move.
The congestion algorithm data, the TCP timers and osd(9) data are also embedded into tcpcb, and temprorary struct tcpcb_mem goes away. There was no extra allocation here, but we went through extra pointer every time we accessed this data.
One interesting side effect is that now TCP data is allocated from SMR-protected zone. Potentially this allows the TCP stacks or other TCP related modules to utilize that for their own synchronization.
Large part of the change was done with sed script:
s/tp->ccv->/tp->t_ccv./g s/tp->ccv/\&tp->t_ccv/g s/tp->cc_algo/tp->t_cc/g s/tp->t_timers->tt_/tp->tt_/g s/CCV\(ccv, osd\)/\&CCV(ccv, t_osd)/g
Dependency side effect is that code that needs to know struct tcpcb should also know struct inpcb, that added several <netinet/in_pcb.h>.
Differential revision: https://reviews.freebsd.org/D37127
show more ...
|
Revision tags: vendor/llvm-project/llvmorg-15.0.6-0-g088f33605d8a, vendor/tzdata/tzdata2022g, release/12.4.0, vendor/sqlite3/sqlite-3400000, vendor/expat/2.5.0, vendor/xz/5.2.8, vendor/device-tree/6.0, vendor/device-tree/5.19, vendor/openssl/1.1.1s, vendor/wireguard-tools/v1.0.20210914, vendor/tzdata/tzdata2022f, vendor/acpica/20221020, vendor/unbound/1.17.0, vendor/llvm-project/llvmorg-15.0.2-10-gf3c5289e7846, vendor/llvm-project/llvmorg-15.0.2-0-g4bd3f3759259, vendor/llvm-project/llvmorg-15.0.1-0-gb73d2c8c720a, vendor/tzdata/tzdata2022e, vendor/openssh/9.1p1 |
|
#
809fef29 |
| 04-Oct-2022 |
Gleb Smirnoff <glebius@FreeBSD.org> |
netipsec: move specific ipsecmethods declarations to ipsec_support.h
where struct ipsec_methods is defined. Not a functional change. Allows further modification of method prototypes without breakin
netipsec: move specific ipsecmethods declarations to ipsec_support.h
where struct ipsec_methods is defined. Not a functional change. Allows further modification of method prototypes without breaking compilation of other ipsec compilation units.
Differential revision: https://reviews.freebsd.org/D36730
show more ...
|
Revision tags: vendor/unbound/1.16.3, vendor/bsddialog/0.4, vendor/tzdata/tzdata2022d, vendor/file/5.43, vendor/expat/2.4.9, vendor/sqlite3/sqlite-3390300, vendor/llvm-project/llvmorg-15.0.0-9-g1c73596d3454, vendor/llvm-project/llvmorg-15.0.0-0-g4ba6a9c9f65b, vendor/less/v608, vendor/bsddialog/0.3, vendor/lua/5.4.4, vendor/lua/5.4.3, vendor/sqlite3/sqlite-3390200, vendor/bc/6.0.2, verndor/bc/6.0.2, vendor/dhcpcd/9.4.1, vendor/tzcode/tzcode2022c, vendor/tzcode/unsplit, vendor/tzdata/tzdata2022c, vendor/llvm-project/llvmorg-15.0.0-rc2-40-gfbd2950d8d0d, vendor/tzdata/tzdata2022b, vendor/arm-optimized-routines/20220210-89ca9c3, vendor/device-tree/5.18, vendor/device-tree/5.17, vendor/device-tree/5.16, vendor/device-tree/5.15, vendor/device-tree/5.14, vendor/unbound/1.16.2, vendor/llvm-project/llvmorg-15-init-17826-g1f8ae9d7e7e4, vendor/llvm-project/llvmorg-15-init-17827-gd77882e66779, vendor/NetBSD/bmake/20220726, vendor/NetBSD/bmake/20220724, vendor/llvm-project/llvmorg-15-init-17485-ga3e38b4a206b, vendor/llvm-project/llvmorg-15-init-16436-g18a6ab5b8d1f, vendor/unbound/1.16.1, vendor/sqlite3/sqlite-3390000, vendor/openssl/1.1.1q, vendor/file/5.42, vendor/llvm-project/llvmorg-15-init-15358-g53dc0f107877, vendor/openssl/1.1.1p, vendor/bc/5.3.3, vendor/bc/5.3.2, vendor/llvm-project/llvmorg-14.0.5-0-gc12386ae247c, vendor/bc/5.3.1, vendor/bc/5.3.0, vendor/unbound/1.16.0, vendor/llvm-project/llvmorg-14.0.4-0-g29f1039a7285, vendor/sqlite3/sqlite-3380500, release/13.1.0, upstream/13.1.0, vendor/bc/5.2.5, vendor/openssl/1.1.1o, vendor/llvm-project/llvmorg-14.0.2-0-g0e27d08cdeb3, vendor/llvm-project/llvmorg-14.0.3-0-g1f9140064dfb, vendor/NetBSD/bmake/20220418, vendor/bearssl/20220418, vendor/bc/5.2.4, vendor/NetBSD/libedit/2022-04-11 |
|
#
40461785 |
| 13-Apr-2022 |
John Baldwin <jhb@FreeBSD.org> |
ipsec_encap: setdf is only used for INET.
|
Revision tags: vendor/openssh/9.0p1, vendor/NetBSD/bmake/20220330, vendor/acpica/20220331, vendor/zlib/1.2.12, vendor/llvm-project/llvmorg-14.0.0-2-g3f43d803382d, vendor/heimdal/7.7.0, vendor/expat/2.4.7, vendor/llvm-project/llvmorg-14.0.0-rc4-2-gadd3ab7f4c8a, vendor/tzdata/tzdata2022a, vendor/openssl/1.1.1n, vendor/bsddialog/0.2, vendor/libcxxrt/2022-03-09-fd484be8d1e94a1fcf6bc5c67e5c07b65ada19b6, vendor/bc/5.2.3, vendor/llvm-project/llvmorg-14.0.0-rc2-12-g09546e1b5103, vendor/expat/2.4.6, vendor/openssh/8.9p1, vendor/llvm-project/llvmorg-13.0.1-0-g75e33f71c2da, vendor/llvm-project/llvmorg-14.0.0-rc1-74-g4dc3cb8e3255, vendor/unbound/1.15.0, vendor/NetBSD/bmake/20220208, vendor/bc/5.2.2, vendor/NetBSD/bmake/20220204, vendor/llvm-project/llvmorg-14-init-18315-g190be5457c90, vendor/llvm-project/llvmorg-14-init-18294-gdb01b123d012, vendor/terminus/terminus-font-4.49.1, vendor/bsddialog/0.1, vendor/llvm-project/llvmorg-14-init-17616-g024a1fab5c35, vendor/dma/2022-01-27, vendor/ena-com/2.5.0, vendor/wpa/2.10, vendor/expat/2.4.3, vendor/sqlite3/sqlite-3370200, vendor/wpa/gb26f5c0fe, vendor/sqlite3/sqlite-3370100, vendor/file/5.41, vendor/llvm-project/llvmorg-14-init-13186-g0c553cc1af2e, vendor/bsddialog/0.0.2, vendor/NetBSD/bmake/20211212, vendor/openssl/1.1.1m, vendor/unbound/1.14.0, vendor/bsddialog/0.0.1, vendor/unbound/1.14.0rc1, vendor/llvm-project/llvmorg-14-init-11187-g222442ec2d71, release/12.3.0, upstream/12.3.0, vendor/wpa/g14ab4a816, vendor/bc/5.2.1, vendor/bc/5.2.0 |
|
#
44775b16 |
| 24-Nov-2021 |
Mark Johnston <markj@FreeBSD.org> |
netinet: Remove unneeded mb_unmapped_to_ext() calls
in_cksum_skip() now handles unmapped mbufs on platforms where they're permitted.
Reviewed by: glebius, jhb MFC after: 1 week Sponsored by: The Fr
netinet: Remove unneeded mb_unmapped_to_ext() calls
in_cksum_skip() now handles unmapped mbufs on platforms where they're permitted.
Reviewed by: glebius, jhb MFC after: 1 week Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D33097
show more ...
|
Revision tags: vendor/bsddialog/2021-11-24, vendor/llvm-project/llvmorg-14-init-10223-g401b76fdf2b3, vendor/llvm-project/llvmorg-14-init-10186-gff7f2cfa959b |
|
#
756bb50b |
| 16-Nov-2021 |
Mark Johnston <markj@FreeBSD.org> |
sctp: Remove now-unneeded mb_unmapped_to_ext() calls
sctp_delayed_checksum() now handles unmapped mbufs, thanks to m_apply().
No functional change intended.
Reviewed by: tuexen MFC after: 2 weeks
sctp: Remove now-unneeded mb_unmapped_to_ext() calls
sctp_delayed_checksum() now handles unmapped mbufs, thanks to m_apply().
No functional change intended.
Reviewed by: tuexen MFC after: 2 weeks Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D32942
show more ...
|
Revision tags: vendor/mandoc/1.14.6, vendor/openssh/8.8p1, vendor/ck/2021029, vendor/tzdata/tzdata2021e, vendor/tzdata/tzdata2021d, vendor/bc/5.1.1, vendor/bc/5.1.0, vendor/tzdata/tzdata2021c, vendor/libfido2/1.8.0, vendor/libcbor/0.8.0, vendor/acpica/20210930 |
|
#
8deba29c |
| 27-Sep-2021 |
Wojciech Macek <wma@FreeBSD.org> |
ipsec: fix typo part2
|
#
c27214f0 |
| 27-Sep-2021 |
Wojciech Macek <wma@FreeBSD.org> |
ipsec: fix typo in comment
|
Revision tags: vendor/llvm-project/llvmorg-13.0.0-0-gd7b669b3a303, vendor/llvm-project/llvmorg-13.0.0-rc4-0-gd7b669b3a303, vendor/tzdata/tzdata2021b |
|
#
9dfc8606 |
| 24-Sep-2021 |
Bartlomiej Grzesik <bag@semihalf.com> |
ipsec: Add support for PMTUD for IPv6 tunnels
Discard and send ICMPv6 Packet Too Big to sender when we try to encapsulate and forward a packet which total length exceeds the PMTU. Logic is based on
ipsec: Add support for PMTUD for IPv6 tunnels
Discard and send ICMPv6 Packet Too Big to sender when we try to encapsulate and forward a packet which total length exceeds the PMTU. Logic is based on the IPv4 implementation. Common code was moved to a separate function.
Differential revision: https://reviews.freebsd.org/D31771 Obtained from: Semihalf Sponsored by: Stormshield
show more ...
|
#
b4220bf3 |
| 24-Sep-2021 |
Bartlomiej Grzesik <bag@semihalf.com> |
ipsec: If no PMTU in hostcache assume it's equal to link's MTU
If we fail to find to PMTU in hostcache, we assume it's equal to link's MTU.
This patch prevents packets larger then link's MTU to be
ipsec: If no PMTU in hostcache assume it's equal to link's MTU
If we fail to find to PMTU in hostcache, we assume it's equal to link's MTU.
This patch prevents packets larger then link's MTU to be dropped silently if there is no PMTU in hostcache.
Differential revision: https://reviews.freebsd.org/D31770 Obtained from: Semihalf Sponsored by: Stormshield
show more ...
|
#
4f337695 |
| 24-Sep-2021 |
Bartlomiej Grzesik <bag@semihalf.com> |
ipsec: Add PMTUD support for IPsec IPv4 over IPv6 tunnel
Add support for checking PMTU for IPv4 packets encapsulated in IPv6 tunnels.
Differential revision: https://reviews.freebsd.org/D31769 Spons
ipsec: Add PMTUD support for IPsec IPv4 over IPv6 tunnel
Add support for checking PMTU for IPv4 packets encapsulated in IPv6 tunnels.
Differential revision: https://reviews.freebsd.org/D31769 Sponsored by: Stormshield Obtained from: Semihalf
show more ...
|
Revision tags: vendor/dma/2021-07-10, vendor/NetBSD/libedit/2021-09-10, vendor/bc/5.0.2, vendor/llvm-project/llvmorg-13.0.0-rc3-8-g08642a395f23, vendor/llvm-project/llvmorg-13.0.0-rc2-43-gf56129fe78d5, vendor/openssl/1.1.1l, vendor/openssh/8.7p1, vendor/llvm-project/llvmorg-13.0.0-rc1-97-g23ba3732246a, vendor/llvm-project/llvmorg-13.0.0-rc1-0-gd6974c010878, vendor/unbound/1.13.2 |
|
#
a16771de |
| 13-Aug-2021 |
Kornel Duleba <mindal@semihalf.com> |
ipsec: Return error code if no matching SA was found
If we matched SP to a packet, but no associated SA was found ipsec4_allocsa will return NULL while setting error=0. This resulted in use after fr
ipsec: Return error code if no matching SA was found
If we matched SP to a packet, but no associated SA was found ipsec4_allocsa will return NULL while setting error=0. This resulted in use after free and potential kernel panic. Return EINPROGRESS if the case described above instead.
Obtained from: Semihalf Sponsored by: Stormshield Differential revision: https://reviews.freebsd.org/D30994
show more ...
|
#
6b66194b |
| 13-Aug-2021 |
Kornel Duleba <mindal@semihalf.com> |
ipsec: Check PMTU before sending a frame.
If an encapsulated frame is going to have DF bit set check its desitnitions' PMTU and if it won't fit drop it and:
Generate ICMP 3/4 message if the packet
ipsec: Check PMTU before sending a frame.
If an encapsulated frame is going to have DF bit set check its desitnitions' PMTU and if it won't fit drop it and:
Generate ICMP 3/4 message if the packet was to be forwarded. Return EMSGSIZE error otherwise.
Obtained from: Semihalf Sponsored by: Stormshield Differential revision: https://reviews.freebsd.org/D30993
show more ...
|
Revision tags: vendor/one-true-awk/0592de4a, vendor/acpica/20210730, vendor/llvm-project/llvmorg-13-init-16854-g6b2e4c5a58d7, vendor/llvm-project/llvmorg-12.0.1-0-gfed41342a82f, vendor/llvm-project/llvmorg-12.0.1-rc2-0-ge7dac564cd0e, vendor/llvm-project/llvmorg-13-init-16847-g88e66fa60ae5, vendor/less/v590, llvmorg-12.0.1-0-gfed41342a82f, vendor/one-true-awk/1e4bc42c53a1, vendor/device-tree/5.13, vendor/device-tree/5.12, vendor/NetBSD/bmake/20210621, vendor/ena-com/2.4.0, vendor/NetBSD/vis/20210621, llvmorg-12.0.1-rc2-0-ge7dac564cd0e, vendor/acpica/20210604, vendor/nvi/2.2.0-3bbdfe4, vendor/tcsh/6.22.04, vendor/bc/4.0.2, vendor/sqlite3/sqlite-3350500, vendor/less/v581.2, vendor/bc/4.0.1, vendor/openssh/8.6p1, vendor/openssh/8.5p1, vendor/llvm-project/llvmorg-12.0.0-0-gd28af7c654d8, vendor/less/v581, vendor/google/capsicum-test/ea66424d921bb393539b298c108a46edee5c3051, release/13.0.0, upstream/13.0.0, vendor/bc/4.0.0, vendor/acpica/20210331, vendor/NetBSD/libedit/2021-03-28, vendor/openssl/1.1.1k, vendor/device-tree/5.11, vendor/NetBSD/libedit/2020-07-10, vendor/libucl/20210314, vendor/bc/3.3.4, vendor/wpa/g9d9b42306541, vendor/tcsh/6.22.03-ceccc7f, bc/3.3.3, vendor/google/capsicum-test/20210302, vendor/dialog/1.3-20210117, vendor/ncurses/6.2-20210220, vendor/arm-optimized-routines/v21.02, vendor/libcxxrt/2021-02-18-8049924686b8414d8e652cbd2a52c763b48e8456, vendor/bc/bc-3.3.0, vendor/llvm-project/llvmorg-12.0.0-rc1-109-gd5d089bf08c9, vendor/llvm-project/llvmorg-12-init-17869-g8e464dd76bef, vendor/openssl/1.1.1j, vendor/google/capsicum-test/7707222b46abe52d18fd4fbb76115ffdb3e6f74b, vendor/openssh/8.4p1, vendor/openssh/8.3p1, vendor/openssh/8.2p1, vendor/openssh/8.1p1, vendor/openzfs/20210210, vendor/subversion/subversion-1.14.1, vendor/NetBSD/bmake/20210206, vendor/unbound/1.13.1, vendor/bc/3.2.6, vendor/atf/20210128, vendor/sqlite3/sqlite-3340100, vendor/tzdata/tzdata2021a |
|
#
8e9313ca |
| 19-Jan-2021 |
John Baldwin <jhb@FreeBSD.org> |
Convert unmapped mbufs before computing checksums in IPsec.
This is similar to the logic used in ip_output() to convert mbufs prior to computing checksums. Unmapped mbufs can be sent when using sen
Convert unmapped mbufs before computing checksums in IPsec.
This is similar to the logic used in ip_output() to convert mbufs prior to computing checksums. Unmapped mbufs can be sent when using sendfile() over IPsec or using KTLS over IPsec.
Reported by: Sony Arpita Das @ Chelsio QA Reviewed by: np Sponsored by: Chelsio Differential Revision: https://reviews.freebsd.org/D28187
show more ...
|
Revision tags: vendor/device-tree/5.10, vendor/device-tree/5.9, vendor/NetBSD/bmake/20210110, vendor/openzfs/20210107, vendor/acpica/20210105, vendor/acpica/20201217, vendor/llvm-project/llvmorg-11.0.1-0-g43ff75f2c3fe, vendor/llvm-project/llvmorg-11.0.1-rc2-0-g43ff75f2c3f, vendor/pnglite/20130820, vendor/terminus/terminus-font-4.48, vendor/tzdata/tzdata2020f, vendor/libarchive/3.5.1, vendor/bc/3.2.4, vendor/lua/5.4.2, vendor/zstd/1.4.8, vendor/tzdata/tzdata2020e, vendor/unbound/1.13.0, vendor/openssl/1.1.1i, vendor/bc/3.2.3, vendor/libarchive/3.5.0, vendor/bc/3.2.0, vendor/NetBSD/bmake/20201117, vendor/ena-com/2.3.0, vendor/ena-com/2.2.1, vendor/acpica/20201113, vendor/NetBSD/bmake/20201101, vendor/unbound/1.12.0, vendor/less/v563, release/12.2.0, upstream/12.2.0, vendor/tzdata/tzdata2020d, vendor/tzdata/tzdata2020c, vendor/openzfs/2.0.0-rc3-gfc5966, vendor/lua/5.3.6, vendor/llvm-project/llvmorg-11.0.0-0-g176249bd673, vendor/acpica/20200925, vendor/tzdata/tzdata2020b, vendor/openzfs/2.0-rc3-gfc5966, vendor/llvm-project/llvmorg-11.0.0-rc5-0-g60a25202a7d, vendor/bc/3.1.6, vendor/nvi/2.2.0-05ed8b9, vendor/openssl/1.1.1h, vendor/openzfs/2.0-rc2-g4ce06f, vendor/llvm-project/llvmorg-11.0.0-rc2-91-g6e042866c30, vendor/lib9p/9d5aee77bcc1bf0e79b0a3bfefff5fdf2146283c, vendor/nvi/2.2.0, vendor/NetBSD/bmake/20200902, vendor/openzfs/2.0-rc1-gfd20a8 |
|
#
662c1305 |
| 01-Sep-2020 |
Mateusz Guzik <mjg@FreeBSD.org> |
net: clean up empty lines in .c and .h files
|
Revision tags: vendor/openzfs/2.0-rc1-ga00c61, vendor/openzfs/2.0-rc0-g184df27, vendor/llvm-project/llvmorg-11.0.0-rc2-0-g414f32a9e86, vendor/unbound/1.11.0, vendor/sqlite3/sqlite-3330000, vendor/llvm-project/llvmorg-11.0.0-rc1-47-gff47911ddfc, vendor/bc/3.1.5, vendor/device-tree/5.8, vendor/bc/3.1.4, vendor/llvm-project/llvmorg-11.0.0-rc1-25-g903c872b169, vendor/pcg-c/20190718-83252d9, vendor/llvm-project/llvmorg-11-init-20933-g3c1fca803bc, vendor/llvm-project/llvmorg-11-init-20887-g2e10b7a39b9, vendor/acpica/20200717, vendor/sendmail/8.16.1, vendor/NetBSD/bmake/20200710, vendor/bc/3.1.3, vendor/NetBSD/bmake/20200704, vendor/sqlite3/sqlite-3320300, vendor/bc/3.1.1, vendor/NetBSD/bmake/20200629, vendor/llvm-project/llvmorg-10.0.1-0-gef32c611aa2, vendor/llvm-project/llvmorg-10.0.1-rc2-0-g77d76b71d7d, vendor/bc/3.0.2 |
|
#
f82eb2a6 |
| 25-Jun-2020 |
John Baldwin <jhb@FreeBSD.org> |
Enter and exit the network epoch for async IPsec callbacks.
When an IPsec packet has been encrypted or decrypted, the next step in the packet's traversal through the network stack is invoked from a
Enter and exit the network epoch for async IPsec callbacks.
When an IPsec packet has been encrypted or decrypted, the next step in the packet's traversal through the network stack is invoked from a crypto worker thread, not from the original calling thread. These threads need to enter the network epoch before passing packets down to IP output routines or up to transport protocols.
Reviewed by: ae Sponsored by: Chelsio Communications Differential Revision: https://reviews.freebsd.org/D25444
show more ...
|
Revision tags: vendor/llvm-project/llvmorg-10.0.0-129-gd24d5c8e308, vendor/ntp/4.2.8p15, vendor/byacc/20200330, vendor/llvm-project/llvmorg-10.0.0-97-g6f71678ecd2 |
|
#
95033af9 |
| 18-Jun-2020 |
Mark Johnston <markj@FreeBSD.org> |
Add the SCTP_SUPPORT kernel option.
This is in preparation for enabling a loadable SCTP stack. Analogous to IPSEC/IPSEC_SUPPORT, the SCTP_SUPPORT kernel option must be configured in order to suppor
Add the SCTP_SUPPORT kernel option.
This is in preparation for enabling a loadable SCTP stack. Analogous to IPSEC/IPSEC_SUPPORT, the SCTP_SUPPORT kernel option must be configured in order to support a loadable SCTP implementation.
Discussed with: tuexen MFC after: 2 weeks Sponsored by: The FreeBSD Foundation
show more ...
|
Revision tags: vendor/flex/2.6.4, vendor/file/5.39, vendor/blocklist/20200615, vendor/opencsd/v0.14.2, vendor/sqlite3/sqlite-3320200, release/11.4.0, upstream/11.4.0, vendor/sqlite3/sqlite-3320000, vendor/NetBSD/bmake/20200606, vendor/device-tree/5.7, vendor/edk2/ca407c7246bf405da6d9b1b9d93e5e7f17b4b1f9, vendor/subversion/subversion-1.14.0, vendor/apr/apr-1.7.0, vendor/acpica/20200528, vendor/ena-com/2.2.0, vendor/zstd/1.4.5, vendor/llvm-project/llvmorg-10.0.1-rc1-0-gf79cd71e145, vendor/unbound/1.10.1, vendor/NetBSD/bmake/20200517, vendor/libarchive/3.4.3, vendor/acpica/20200430, vendor/lib9p/7ddb1164407da19b9b1afb83df83ae65a71a9a66, vendor/tzdata/tzdata2020a, vendor/openssl/1.1.1g, vendor/sqlite3/sqlite-3310100, vendor/device-tree/5.6, vendor/google/googletest/1.10.0, vendor/llvm-project/llvmorg-10.0.0-0-gd32170dbd5b, vendor/bsnmp/1.14, vendor/openssl/1.1.1f, vendor/acpica/20200326, vendor/xz/5.2.5, vendor/llvm-project/llvmorg-10.0.0-rc4-5-g52c365aa9ca, vendor/openssl/1.1.1e, vendor/kyua/0.13-a685f91, vendor/lutok/0.4-8f8eaef, vendor/llvm-project/llvmorg-10.0.0-rc3-1-gc290cb61fdc, vendor/ntp/4.2.8p14, vendor/device-tree/5.5, vendor/llvm-project/llvmorg-10.0.0-rc2-70-ge5cb70267e7, vendor/ncurses/6.2-20200215, vendor/llvm-project/llvmorg-10.0.0-rc2-0-g90c78073f73, vendor/openssh/8.0p1, vendor/acpica/20200214, vendor/libarchive/3.4.2, vendor/file/5.38, vendor/ncurses/6.1-20200118, vendor/sqlite3/sqlite-3310000, vendor/Juniper/libxo/1.4.0, vendor/llvm-project/llvmorg-10-init-17538-gd11abddb32f, vendor/llvm-project/llvmorg-10-init-17468-gc4a134a5107, vendor/llvm-project/llvmorg-10-init-17466-ge26a78e7085, vendor/acpica/20200110, vendor/openssl/1.0.2u, vendor/libarchive/3.4.1, vendor/unbound/1.9.6, vendor/llvm-project/llvmorg-9.0.1, vendor/llvm-project/llvmorg-10-init-8157-g186155b89c2, vendor/llvm-project/trunk-r375505, vendor/acpica/20191213, vendor/device-tree/5.4, vendor/openresolv/3.9.2, vendor/file/5.37, vendor/Juniper/libxo/1.3.1, vendor/Juniper/libxo/1.3.0, vendor/NetBSD/blacklist/20191106, vendor/zstd/1.4.4, vendor/sqlite3/sqlite-3300100, release/12.1.0, upstream/12.1.0, vendor/llvm-openmp/openmp-trunk-r375505, vendor/lldb/lldb-trunk-r375505, vendor/lld/lld-trunk-r375505, vendor/llvm-libunwind/libunwind-trunk-r375505, vendor/libc++/libc++-trunk-r375505, vendor/compiler-rt/compiler-rt-trunk-r375505, vendor/clang/clang-trunk-r375505, vendor/llvm/llvm-trunk-r375505, vendor/tcsh/6.21.00-83c5be0, vendor/acpica/20191018, vendor/opencsd/a1961c91b02a92f3c6ed8b145c636ac4c5565aca, vendor/processor-trace/892e12c5a27bda5806d1e63269986bb4171b5a8b, vendor/tcsh/6.21.00, vendor/tcpdump/4.9.3, vendor/libpcap/1.9.1, vendor/device-tree/5.3, vendor/device-tree/5.2, vendor/lldb/lldb-release_900-r372316, vendor/clang/clang-release_900-r372316, vendor/llvm/llvm-release_900-r372316, vendor/tzdata/tzdata2019c, vendor/openssl/1.0.2t, vendor/openssl/1.1.1d, vendor/NetBSD/libedit/2019-09-10, vendor/lld/lld-release_90-r371301, vendor/lld/lld-release_900-r372316, vendor/clang/clang-release_90-r371301, vendor/llvm/llvm-release_90-r371301, vendor/lld/lld-release_90-r370514, vendor/libc++/libc++-release_90-r370514, vendor/libc++/libc++-release_90-r371301, vendor/libc++/libc++-release_900-r372316, vendor/compiler-rt/compiler-rt-release_90-r370514, vendor/compiler-rt/compiler-rt-release_90-r371301, vendor/compiler-rt/compiler-rt-release_900-r372316, vendor/clang/clang-release_90-r370514, vendor/llvm/llvm-release_90-r370514, vendor/lldb/lldb-trunk-r366426, vendor/wpa/2.9, vendor/lldb/lldb-release_90-r369369, vendor/lldb/lldb-release_90-r370514, vendor/lldb/lldb-release_90-r371301, vendor/lld/lld-release_90-r369369, vendor/libc++/libc++-release_90-r369369, vendor/compiler-rt/compiler-rt-release_90-r369369, vendor/clang/clang-release_90-r369369, vendor/llvm/llvm-release_90-r369369, vendor/llvm-openmp/openmp-release_90-r369369, vendor/llvm-openmp/openmp-release_90-r370514, vendor/llvm-openmp/openmp-release_90-r371301, vendor/llvm-openmp/openmp-release_900-r372316, vendor/llvm-openmp/openmp-trunk-r366426, vendor/lld/lld-trunk-r366426, vendor/llvm-libunwind/libunwind-release_90-r369369, vendor/llvm-libunwind/libunwind-release_90-r370514, vendor/llvm-libunwind/libunwind-release_90-r371301, vendor/llvm-libunwind/libunwind-release_900-r372316, vendor/llvm-libunwind/libunwind-trunk-r366426, vendor/libc++/libc++-trunk-r366426, vendor/compiler-rt/compiler-rt-trunk-r366426, vendor/clang/clang-trunk-r366426, vendor/llvm/llvm-trunk-r366426, vendor/acpica/20190816, vendor/bzip2/1.0.8, vendor/zstd/1.4.2, vendor/zstd/1.4.1, vendor/mandoc/20190723, vendor/libcxxrt/2019-07-26-f96846efbfd508f66d91fcbbef5dd808947c7f6d, vendor/llvm-libunwind/libunwind-release_801-r366581, vendor/clang/clang-release_801-r366581, vendor/sqlite3/sqlite-3290000, vendor/acpica/20190703, vendor/llvm-openmp/openmp-release_80-r364487, vendor/llvm-openmp/openmp-release_801-r366581, vendor/lldb/lldb-release_80-r364487, vendor/lldb/lldb-release_801-r366581, vendor/lld/lld-release_80-r364487, vendor/lld/lld-release_801-r366581, vendor/llvm-libunwind/libunwind-release_80-r364487, vendor/clang/clang-release_80-r364487, release/11.3.0, upstream/11.3.0, vendor/tzdata/tzdata2019b, vendor/unbound/1.9.2, vendor/unbound/1.9.1, vendor/elftoolchain/elftoolchain-r3769, vendor/less/v551, vendor/bzip2/1.0.7, vendor/libarchive/3.4.0, vendor/lldb/lldb-release_80-r363030, vendor/lld/lld-release_80-r363030, vendor/llvm-libunwind/libunwind-release_80-r363030, vendor/libc++/libc++-release_80-r363030, vendor/libc++/libc++-release_80-r364487, vendor/libc++/libc++-release_801-r366581, vendor/compiler-rt/compiler-rt-release_80-r363030, vendor/compiler-rt/compiler-rt-release_80-r364487, vendor/compiler-rt/compiler-rt-release_801-r366581, vendor/clang/clang-release_80-r363030, vendor/llvm/llvm-release_80-r363030, vendor/llvm/llvm-release_80-r364487, vendor/llvm/llvm-release_801-r366581, vendor/one-true-awk/4189ef5d, vendor/ena-com/2.0.0, vendor/openssl/1.0.2s, vendor/openssl/1.1.1c, vendor/libfdt/1.5.0, zfs-0.8.0, vendor/netcat/6.5, vendor/netcat/6.4, vendor/netcat/6.3, vendor/netcat/6.2, vendor/netcat/6.1, vendor/netcat/6.0, vendor/acpica/20190509, zfs-0.8.0-rc5, vendor/device-tree/5.1, vendor/Juniper/libxo/1.0.4, vendor/sqlite3/sqlite-3280000, vendor/wpa/2.8, vendor/sqlite3/sqlite-3270200, vendor/zstd/1.4.0, zfs-0.8.0-rc4, vendor/device-tree/5.0, vendor/sqlite3/sqlite-3270100, vendor/acpica/20190405, vendor/Juniper/libxo/1.0.2, vendor/acpica/20190329, vendor/mandoc/1.14.5, vendor/tzdata/tzdata2019a, vendor/clang/clang-release_800-r356365, vendor/llvm-openmp/openmp-release_80-r356034, vendor/llvm-openmp/openmp-release_80-r363030, vendor/llvm-openmp/openmp-release_800-r356365, vendor/llvm-openmp/openmp-trunk-r351319, vendor/clang/clang-release_80-r356034, vendor/llvm/llvm-release_80-r356034, vendor/llvm/llvm-release_800-r356365, vendor/llvm-libunwind/libunwind-release_80-r355677, vendor/llvm-libunwind/libunwind-release_80-r356034, vendor/llvm-libunwind/libunwind-release_800-r356365, vendor/clang/clang-release_80-r355677, vendor/llvm/llvm-release_80-r355677, vendor/llvm-libunwind/libunwind-trunk-r351319, vendor/ntp/4.2.8p13, vendor/libc++/libc++-release_80-r355313, vendor/libc++/libc++-release_80-r355677, vendor/libc++/libc++-release_80-r356034, vendor/libc++/libc++-release_800-r356365, vendor/clang/clang-release_80-r355313, vendor/llvm/llvm-release_80-r355313, vendor/openssl/1.0.2r, vendor/openssl/1.1.1b, vendor/lldb/lldb-release_80-r354799, vendor/lldb/lldb-release_80-r355313, vendor/lldb/lldb-release_80-r355677, vendor/lldb/lldb-release_80-r356034, vendor/lldb/lldb-release_800-r356365, vendor/lld/lld-release_80-r354799, vendor/lld/lld-release_80-r355313, vendor/lld/lld-release_80-r355677, vendor/lld/lld-release_80-r356034, vendor/lld/lld-release_800-r356365, vendor/libc++/libc++-release_80-r354799, vendor/compiler-rt/compiler-rt-release_80-r354799, vendor/compiler-rt/compiler-rt-release_80-r355313, vendor/compiler-rt/compiler-rt-release_80-r355677, vendor/compiler-rt/compiler-rt-release_80-r356034, vendor/compiler-rt/compiler-rt-release_800-r356365, vendor/clang/clang-release_80-r354799, vendor/llvm/llvm-release_80-r354799, vendor/openpam/TABEBUIA, vendor/acpica/20190215, vendor/lld/lld-release_80-r354130, vendor/compiler-rt/compiler-rt-release_80-r354130, vendor/clang/clang-release_80-r354130, vendor/llvm/llvm-release_80-r354130, vendor/google/googletest/1.8.1, vendor/unbound/1.9.0, vendor/lldb/lldb-release_80-r353167, vendor/lldb/lldb-release_80-r354130, vendor/lld/lld-release_80-r353167, vendor/libc++/libc++-release_80-r353167, vendor/libc++/libc++-release_80-r354130, vendor/compiler-rt/compiler-rt-release_80-r353167, vendor/clang/clang-release_80-r353167, vendor/llvm/llvm-release_80-r353167, vendor/openssh/7.9p1, vendor/bearssl/6433cc2, vendor/lldb/lldb-release_80-r351543, vendor/lld/lld-release_80-r351543, vendor/libc++/libc++-release_80-r351543, vendor/clang/clang-release_80-r351543, vendor/llvm/llvm-release_80-r351543, vendor/lldb/lldb-trunk-r351319, vendor/lld/lld-trunk-r351319, vendor/libc++/libc++-trunk-r351319, vendor/compiler-rt/compiler-rt-release_80-r351543, vendor/compiler-rt/compiler-rt-trunk-r351319, vendor/clang/clang-trunk-r351319, vendor/llvm/llvm-trunk-r351319, vendor/ena-com/1.1.4.6, zfs-0.8.0-rc3, vendor/device-tree/4.20, vendor/elftoolchain/elftoolchain-r3668, vendor/acpica/20190108, vendor/tzdata/tzdata2018i, vendor/tzdata/tzdata2018h, vendor/zstd/1.3.8, vendor/NetBSD/bmake/20181221, vendor/sqlite3/sqlite-3260000, vendor/clang/clang-release_701-r349250, vendor/acpica/20181213, vendor/libc++/libc++-release_70-r348686, vendor/libc++/libc++-release_701-r349250, vendor/clang/clang-release_70-r348686, vendor/llvm/llvm-release_70-r348686, vendor/llvm/llvm-release_701-r349250, release/12.0.0, upstream/12.0.0, vendor/wpa/2.7, vendor/NetBSD/bmake/20180919, vendor/lldb/lldb-release_70-r348011, vendor/lldb/lldb-release_70-r348686, vendor/lldb/lldb-release_701-r349250, vendor/clang/clang-release_70-r348011, vendor/llvm/llvm-release_70-r348011, vendor/ck/20181120, vendor/openssl/1.0.2q, vendor/openssl/1.1.1a, zfs-0.8.0-rc2, vendor/device-tree/4.19, vendor/lld/lld-release_70-r346007, vendor/lld/lld-release_70-r348011, vendor/lld/lld-release_70-r348686, vendor/lld/lld-release_701-r349250, vendor/clang/clang-release_70-r346007, vendor/llvm/llvm-release_70-r346007, vendor/expat/2.2.6, vendor/acpica/20181031, vendor/tzdata/tzdata2018g, vendor/zstd/1.3.7, vendor/zstd/1.3.4, vendor/zstd/1.3.3, vendor/dialog/1.3-20180621, vendor/tzdata/tzdata2018f, vendor/ck/20181014, vendor/unbound/1.8.1, vendor/subversion/subversion-1.10.2, vendor/apr-util/apr-util-1.6.1, vendor/apr/apr-1.6.5, vendor/serf/serf-1.3.9, vendor/acpica/20181003, vendor/acpica/20180927, vendor/libevent/2.1.18, vendor/libevent/2.1.8, vendor/mandoc/1.14.4, vendor/lld/lld-release_700-r342383, vendor/clang/clang-release_700-r342383, vendor/openssl/1.1.1, vendor/lld/lld-release_70-r341916, vendor/libc++/libc++-release_70-r341916, vendor/libc++/libc++-release_70-r346007, vendor/libc++/libc++-release_70-r348011, vendor/libc++/libc++-release_700-r342383, vendor/compiler-rt/compiler-rt-release_70-r341916, vendor/compiler-rt/compiler-rt-release_70-r346007, vendor/compiler-rt/compiler-rt-release_70-r348011, vendor/compiler-rt/compiler-rt-release_70-r348686, vendor/compiler-rt/compiler-rt-release_700-r342383, vendor/compiler-rt/compiler-rt-release_701-r349250, vendor/clang/clang-release_70-r341916, vendor/llvm/llvm-release_70-r341916, vendor/llvm/llvm-release_700-r342383, vendor/unbound/1.8.0, vendor/unbound/1.7.3, vendor/unbound/1.7.2, zfs-0.8.0-rc1, vendor/libarchive/3.3.3, vendor/lld/lld-release_70-r340910, vendor/libc++/libc++-release_70-r340910, vendor/compiler-rt/compiler-rt-release_70-r340910, vendor/clang/clang-release_70-r340910, vendor/llvm/llvm-release_70-r340910, vendor/openssh/7.8p1, vendor/ntp/4.2.8p12, vendor/lldb/lldb-release_70-r339999, vendor/lldb/lldb-release_70-r340910, vendor/lldb/lldb-release_70-r341916, vendor/lldb/lldb-release_70-r346007, vendor/lldb/lldb-release_700-r342383, vendor/lld/lld-release_70-r339999, vendor/libc++/libc++-release_70-r339999, vendor/clang/clang-release_70-r339999, vendor/llvm/llvm-release_70-r339999, vendor/openssl/1.0.2p, vendor/device-tree/4.18, vendor/tzdb/tzcode2018e, vendor/lldb/lldb-release_70-r339355, vendor/lld/lld-release_70-r339355, vendor/compiler-rt/compiler-rt-release_70-r339355, vendor/compiler-rt/compiler-rt-release_70-r339999, vendor/clang/clang-release_70-r339355, vendor/llvm/llvm-release_70-r339355, vendor/lua/5.3.5, vendor/acpica/20180810, vendor/ck/20180809, vendor/libc++/libc++-release_70-r338892, vendor/libc++/libc++-release_70-r339355, vendor/compiler-rt/compiler-rt-release_70-r338892, vendor/clang/clang-release_70-r338892, vendor/llvm/llvm-release_70-r338892, vendor/lldb/lldb-release_70-r338892, vendor/lldb/lldb-trunk-r338536, vendor/lld/lld-release_70-r338892, vendor/lld/lld-trunk-r338536, vendor/libc++/libc++-trunk-r338536, vendor/compiler-rt/compiler-rt-trunk-r338536, vendor/clang/clang-trunk-r338536, vendor/llvm/llvm-trunk-r338536, vendor/file/5.34, vendor/lldb/lldb-trunk-r338150, vendor/lld/lld-trunk-r338150, vendor/libc++/libc++-trunk-r338150, vendor/compiler-rt/compiler-rt-trunk-r338150, vendor/clang/clang-trunk-r338150, vendor/llvm/llvm-trunk-r338150, vendor/bsnmp/1.13, vendor/libfdt/1.4.7, vendor/ck/20180711, vendor/acpica/20180629, vendor/lldb/lldb-release_601-r335540, vendor/lld/lld-release_601-r335540, vendor/libc++/libc++-release_601-r335540, vendor/compiler-rt/compiler-rt-release_601-r335540, vendor/clang/clang-release_601-r335540, vendor/llvm/llvm-release_601-r335540, release/11.2.0, upstream/11.2.0, vendor/device-tree/4.17, vendor/acpica/20180531, vendor/ck/20180524, vendor/Juniper/libxo/0.9.0, vendor/file/5.33, vendor/NetBSD/bmake/20180512, vendor/xz/5.2.4, vendor/ck/20180517, vendor/unbound/1.7.1, vendor/unbound/1.7.0, vendor/unbound/1.6.8, vendor/unbound/1.6.7, vendor/unbound/1.6.6, vendor/unbound/1.6.5, vendor/unbound/1.6.4, vendor/unbound/1.6.3, vendor/unbound/1.6.2, vendor/unbound/1.6.1, vendor/ena-com/1.1.4.5, vendor/acpica/20180508, vendor/sqlite3/sqlite-3230100, vendor/subversion/subversion-1.10.0, vendor/openssh/7.7p1, vendor/openssh/7.6p1, vendor/tzdata/tzdata2018e, vendor/acpica/20180427, vendor/elftoolchain/elftoolchain-r3614, vendor/device-tree/4.16, vendor/opencsd/900407e9d6400f6541138d6c2e483a9fc2d699a4, vendor/heimdal/7.5.0, vendor/krb5/1.16, vendor/ck/20180304, vendor/openssl/1.0.2o, vendor/tzdata/tzdata2018d, vendor/processor-trace/24982c1a6fce48f1e416461d42899805f74fbb26, vendor/acpica/20180313, vendor/lld/lld-release_600-r326565, vendor/clang/clang-release_600-r326565, vendor/llvm/llvm-release_600-r326565, vendor/NetBSD/bmake/20180222, vendor/ntp/4.2.8p11, vendor/lldb/lldb-release_60-r325932, vendor/lldb/lldb-release_600-r326565, vendor/lld/lld-release_60-r325932, vendor/clang/clang-release_60-r325932, vendor/llvm/llvm-release_60-r325932, vendor/less/v530, vendor/lldb/lldb-release_60-r325330, vendor/lld/lld-release_60-r325330, vendor/libc++/libc++-release_60-r325330, vendor/libc++/libc++-release_60-r325932, vendor/libc++/libc++-release_600-r326565, vendor/compiler-rt/compiler-rt-release_60-r325330, vendor/compiler-rt/compiler-rt-release_60-r325932, vendor/compiler-rt/compiler-rt-release_600-r326565, vendor/clang/clang-release_60-r325330, vendor/llvm/llvm-release_60-r325330, vendor/device-tree/4.15, vendor/acpica/20180209, vendor/lld/lld-release_60-r324090, vendor/clang/clang-release_60-r324090, vendor/llvm/llvm-release_60-r324090, vendor/lld/lld-release_60-r323948, vendor/compiler-rt/compiler-rt-release_60-r323948, vendor/compiler-rt/compiler-rt-release_60-r324090, vendor/clang/clang-release_60-r323948, vendor/llvm/llvm-release_60-r323948, vendor/lldb/lldb-release_60-r323338, vendor/lldb/lldb-release_60-r323948, vendor/lldb/lldb-release_60-r324090, vendor/lld/lld-release_60-r323338, vendor/libc++/libc++-release_60-r323338, vendor/libc++/libc++-release_60-r323948, vendor/libc++/libc++-release_60-r324090, vendor/compiler-rt/compiler-rt-release_60-r323338, vendor/clang/clang-release_60-r323338, vendor/llvm/llvm-release_60-r323338, vendor/tzdata/tzdata2018c, vendor/libfdt/1.4.6, vendor/tzdata/tzdata2018a, vendor/dtc/1.4.6, vendor/lldb/lldb-release_60-r321788, vendor/lld/lld-release_60-r321788, vendor/libc++/libc++-release_60-r321788, vendor/compiler-rt/compiler-rt-release_60-r321788, vendor/clang/clang-release_60-r321788, vendor/llvm/llvm-release_60-r321788, vendor/acpica/20180105, vendor/compiler-rt/compiler-rt-trunk-r321545, vendor/llvm/llvm-trunk-r321545, vendor/lldb/lldb-trunk-r321530, vendor/lldb/lldb-trunk-r321545, vendor/lld/lld-trunk-r321530, vendor/lld/lld-trunk-r321545, vendor/libc++/libc++-trunk-r321530, vendor/libc++/libc++-trunk-r321545, vendor/compiler-rt/compiler-rt-trunk-r321530, vendor/clang/clang-trunk-r321530, vendor/clang/clang-trunk-r321545, vendor/llvm/llvm-trunk-r321530, vendor/lld/lld-trunk-r321426, vendor/clang/clang-trunk-r321426, vendor/llvm/llvm-trunk-r321426, vendor/lldb/lldb-trunk-r321414, vendor/lldb/lldb-trunk-r321426, vendor/lld/lld-trunk-r321414, vendor/libc++/libc++-trunk-r321414, vendor/libc++/libc++-trunk-r321426, vendor/compiler-rt/compiler-rt-trunk-r321414, vendor/compiler-rt/compiler-rt-trunk-r321426, vendor/clang/clang-trunk-r321414, vendor/llvm/llvm-trunk-r321414, vendor/lldb/lldb-trunk-r321017, vendor/lld/lld-trunk-r321017, vendor/libc++/libc++-trunk-r321017, vendor/compiler-rt/compiler-rt-trunk-r321017, vendor/clang/clang-trunk-r321017, vendor/llvm/llvm-trunk-r321017, vendor/lld/lld-release_501-r320880, vendor/clang/clang-release_501-r320880, vendor/llvm/llvm-release_501-r320880, vendor/acpica/20171214, vendor/openssl/1.0.2n, vendor/lldb/lldb-release_50-r319231, vendor/lldb/lldb-release_501-r320880, vendor/lld/lld-release_50-r319231, vendor/libc++/libc++-release_50-r319231, vendor/libc++/libc++-release_501-r320880, vendor/clang/clang-release_50-r319231, vendor/llvm/llvm-release_50-r319231, vendor/lua/5.3.4, vendor/NetBSD/libc-vis/20171127 |
|
#
fe267a55 |
| 27-Nov-2017 |
Pedro F. Giffuni <pfg@FreeBSD.org> |
sys: general adoption of SPDX licensing ID tags.
Mainly focus on files that use BSD 2-Clause license, however the tool I was using misidentified many licenses so this was mostly a manual - error pro
sys: general adoption of SPDX licensing ID tags.
Mainly focus on files that use BSD 2-Clause license, however the tool I was using misidentified many licenses so this was mostly a manual - error prone - task.
The Software Package Data Exchange (SPDX) group provides a specification to make it easier for automated tools to detect and summarize well known opensource licenses. We are gradually adopting the specification, noting that the tags are considered only advisory and do not, in any way, superceed or replace the license texts.
No functional change intended.
show more ...
|
Revision tags: vendor/less/v529, vendor/device-tree/4.14, vendor/acpica/20171110, vendor/zstd/1.3.2, vendor/ena-com/1.1.4.4, vendor/openssl/1.0.2m, vendor/NetBSD/bmake/20171028, vendor/ena-com/1.1.4.3, vendor/tzdata/tzdata2017c, vendor/device-tree/4.13, vendor/wpa/2.6, vendor/mandoc/1.14.3, vendor/acpica/20170929, release/10.4.0, upstream/10.4.0, vendor/tcpdump/4.9.2, vendor/file/5.32, vendor/NetBSD/libedit/2017-09-05, vendor/clang/clang-release_500-r312559, vendor/llvm/llvm-release_500-r312559, vendor/lldb/lldb-release_50-r312293, vendor/lldb/lldb-release_500-r312559, vendor/lld/lld-release_50-r312293, vendor/lld/lld-release_500-r312559, vendor/libc++/libc++-release_50-r312293, vendor/libc++/libc++-release_500-r312559, vendor/compiler-rt/compiler-rt-release_50-r312293, vendor/compiler-rt/compiler-rt-release_50-r319231, vendor/compiler-rt/compiler-rt-release_500-r312559, vendor/compiler-rt/compiler-rt-release_501-r320880, vendor/clang/clang-release_50-r312293, vendor/llvm/llvm-release_50-r312293, vendor/ctfdump/20170831, vendor/acpica/20170831, vendor/lldb/lldb-release_50-r311606, vendor/compiler-rt/compiler-rt-release_50-r311606, vendor/clang/clang-release_50-r311606, vendor/llvm/llvm-release_50-r311606, vendor/zstd/1.3.1 |
|
#
22bbefb2 |
| 21-Aug-2017 |
Andrey V. Elsukov <ae@FreeBSD.org> |
Fix the regression introduced in r275710.
When a security policy should match TCP connection with specific ports, the SYN+ACK segment send by syncache_respond() is considered as forwarded packet, be
Fix the regression introduced in r275710.
When a security policy should match TCP connection with specific ports, the SYN+ACK segment send by syncache_respond() is considered as forwarded packet, because at this moment TCP connection does not have PCB structure, and ip_output() is called without inpcb pointer. In this case SPIDX filled for SP lookup will not contain TCP ports and security policy will not be found. This can lead to unencrypted SYN+ACK on the wire.
This patch restores the old behavior, when ports will not be filled only for forwarded packets.
Reported by: Dewayne Geraghty <dewayne.geraghty at heuristicsystems.com.au> MFC after: 1 week
show more ...
|
Revision tags: vendor/lld/lld-release_50-r311219, vendor/lld/lld-release_50-r311606, vendor/libc++/libc++-release_50-r311219, vendor/libc++/libc++-release_50-r311606, vendor/clang/clang-release_50-r311219, vendor/llvm/llvm-release_50-r311219, vendor/sqlite3/sqlite-3200000, vendor/subversion/subversion-1.9.7, vendor/libc++/libc++-release_50-r310316, vendor/clang/clang-release_50-r310316, vendor/llvm/llvm-release_50-r310316, vendor/Juniper/libxo/0.8.4, vendor/openssh/7.5p1, vendor/ena-com/1.1.4.2, vendor/mandoc/1.14.2 |
|
#
1a01e0e7 |
| 31-Jul-2017 |
Andrey V. Elsukov <ae@FreeBSD.org> |
Add inpcb pointer to struct ipsec_ctx_data and pass it to the pfil hook from enc_hhook().
This should solve the problem when pf is used with if_enc(4) interface, and outbound packet with existing PC
Add inpcb pointer to struct ipsec_ctx_data and pass it to the pfil hook from enc_hhook().
This should solve the problem when pf is used with if_enc(4) interface, and outbound packet with existing PCB checked by pf, and this leads to deadlock due to pf does its own PCB lookup and tries to take rlock when wlock is already held.
Now we pass PCB pointer if it is known to the pfil hook, this helps to avoid extra PCB lookup and thus rlock acquiring is not needed. For inbound packets it is safe to pass NULL, because we do not held any PCB locks yet.
PR: 220217 MFC after: 3 weeks Sponsored by: Yandex LLC
show more ...
|
Revision tags: vendor/lldb/lldb-release_50-r309439, vendor/lldb/lldb-release_50-r310316, vendor/lldb/lldb-release_50-r311219, vendor/lld/lld-release_50-r309439, vendor/lld/lld-release_50-r310316, vendor/libc++/libc++-release_50-r309439, vendor/clang/clang-release_50-r309439, vendor/llvm/llvm-release_50-r309439, vendor/acpica/20170728, zfs-0.7.0, vendor/NetBSD/bmake/20170720, release/11.1.0, upstream/11.1.0, vendor/lldb/lldb-trunk-r308421, vendor/lld/lld-trunk-r308421, vendor/libc++/libc++-trunk-r308421, vendor/compiler-rt/compiler-rt-release_50-r309439, vendor/compiler-rt/compiler-rt-release_50-r310316, vendor/compiler-rt/compiler-rt-release_50-r311219, vendor/compiler-rt/compiler-rt-trunk-r308421, vendor/clang/clang-trunk-r308421, vendor/llvm/llvm-trunk-r308421, vendor/NetBSD/bmake/20170711, vendor/zstd/1.3.0, vendor/lldb/lldb-trunk-r307894, vendor/lld/lld-trunk-r307894, vendor/libc++/libc++-trunk-r307894, vendor/compiler-rt/compiler-rt-trunk-r307894, vendor/clang/clang-trunk-r307894, vendor/llvm/llvm-trunk-r307894, zfs-0.7.0-rc5, vendor/libarchive/3.3.2, vendor/device-tree/4.12, vendor/krb5/1.15.1, vendor/lldb/lldb-trunk-r306956, vendor/lld/lld-trunk-r306956, vendor/libc++/libc++-trunk-r306956, vendor/compiler-rt/compiler-rt-trunk-r306956, vendor/clang/clang-trunk-r306956, vendor/llvm/llvm-trunk-r306956, vendor/acpica/20170629, vendor/pjdfstest/0.1, vendor/lldb/lldb-trunk-r306325, vendor/lld/lld-trunk-r306325, vendor/libc++/libc++-trunk-r306325, vendor/compiler-rt/compiler-rt-trunk-r306325, vendor/clang/clang-trunk-r306325, vendor/llvm/llvm-trunk-r306325, vendor/elftoolchain/elftoolchain-r3561, vendor/device-tree/4.11, vendor/lldb/lldb-trunk-r305575, vendor/lld/lld-trunk-r305575, vendor/libc++/libc++-trunk-r305575, vendor/compiler-rt/compiler-rt-trunk-r305575, vendor/clang/clang-trunk-r305575, vendor/llvm/llvm-trunk-r305575, vendor/Juniper/libxo/0.8.2, vendor/lldb/lldb-trunk-r305145, vendor/lld/lld-trunk-r305145, vendor/libc++/libc++-trunk-r305145, vendor/compiler-rt/compiler-rt-trunk-r305145, vendor/clang/clang-trunk-r305145, vendor/llvm/llvm-trunk-r305145, vendor/Juniper/libxo/0.8.1, vendor/mandoc/20170608, vendor/Juniper/libxo/0.8.0, vendor/lldb/lldb-trunk-r304659, vendor/lld/lld-trunk-r304659, vendor/libc++/libc++-trunk-r304659, vendor/compiler-rt/compiler-rt-trunk-r304659, vendor/clang/clang-trunk-r304659, vendor/llvm/llvm-trunk-r304659, vendor/lldb/lldb-trunk-r304460, vendor/lld/lld-trunk-r304460, vendor/libc++/libc++-trunk-r304460, vendor/compiler-rt/compiler-rt-trunk-r304460, vendor/clang/clang-trunk-r304460, vendor/llvm/llvm-trunk-r304460, vendor/acpica/20170531, vendor/byacc/20170430, vendor/lldb/lldb-trunk-r304222, vendor/lld/lld-trunk-r304222, vendor/libc++/libc++-trunk-r304222, vendor/clang/clang-trunk-r304222, vendor/llvm/llvm-trunk-r304222, vendor/lldb/lldb-trunk-r304149, vendor/lld/lld-trunk-r304149, vendor/libc++/libc++-trunk-r304149, vendor/compiler-rt/compiler-rt-trunk-r304149, vendor/compiler-rt/compiler-rt-trunk-r304222, vendor/clang/clang-trunk-r304149, vendor/llvm/llvm-trunk-r304149 |
|
#
7f1f6591 |
| 29-May-2017 |
Andrey V. Elsukov <ae@FreeBSD.org> |
Disable IPsec debugging code by default when IPSEC_DEBUG kernel option is not specified.
Due to the long call chain IPsec code can produce the kernel stack exhaustion on the i386 architecture. The d
Disable IPsec debugging code by default when IPSEC_DEBUG kernel option is not specified.
Due to the long call chain IPsec code can produce the kernel stack exhaustion on the i386 architecture. The debugging code usually is not used, but it requires a lot of stack space to keep buffers for strings formatting. This patch conditionally defines macros to disable building of IPsec debugging code.
IPsec currently has two sysctl variables to configure debug output: * net.key.debug variable is used to enable debug output for PF_KEY protocol. Such debug messages are produced by KEYDBG() macro and usually they can be interesting for developers. * net.inet.ipsec.debug variable is used to enable debug output for DPRINTF() macro and ipseclog() function. DPRINTF() macro usually is used for development debugging. ipseclog() function is used for debugging by administrator.
The patch disables KEYDBG() and DPRINTF() macros, and formatting buffers declarations when IPSEC_DEBUG is not present in kernel config. This reduces stack requirement for up to several hundreds of bytes. The net.inet.ipsec.debug variable still can be used to enable ipseclog() messages by administrator.
PR: 219476 Reported by: eugen No objection from: #network MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D10869
show more ...
|
Revision tags: vendor/openssl/1.0.2l |
|
#
3aee7099 |
| 23-May-2017 |
Andrey V. Elsukov <ae@FreeBSD.org> |
Fix possible double releasing for SA and SP references.
There are two possible ways how crypto callback are called: directly from caller and deffered from crypto thread.
For outbound packets the di
Fix possible double releasing for SA and SP references.
There are two possible ways how crypto callback are called: directly from caller and deffered from crypto thread.
For outbound packets the direct call chain is the following: IPSEC_OUTPUT() method -> ipsec[46]_common_output() -> -> ipsec[46]_perform_request() -> xform_output() -> -> crypto_dispatch() -> crypto_invoke() -> crypto_done() -> -> xform_output_cb() -> ipsec_process_done() -> ip[6]_output().
The SA and SP references are held while crypto processing is not finished. The error handling code wrongly expected that crypto callback always called from the crypto thread context, and it did references releasing in xform_output_cb(). But when the crypto callback called directly, in case of error the error handling code in ipsec[46]_perform_request() also did references releasing.
To fix this, remove error handling from ipsec[46]_perform_request() and do it in xform_output() before crypto_dispatch().
MFC after: 10 days
show more ...
|
Revision tags: vendor/lldb/lldb-trunk-r303571, vendor/lld/lld-trunk-r303571, vendor/libc++/libc++-trunk-r303571, vendor/compiler-rt/compiler-rt-trunk-r303571, vendor/clang/clang-trunk-r303571, vendor/llvm/llvm-trunk-r303571, vendor/lldb/lldb-trunk-r303291, vendor/lld/lld-trunk-r303291, vendor/libc++/libc++-trunk-r303291, vendor/compiler-rt/compiler-rt-trunk-r303291, vendor/clang/clang-trunk-r303291, vendor/llvm/llvm-trunk-r303291, vendor/lldb/lldb-trunk-r303197, vendor/lld/lld-trunk-r303197, vendor/libc++/libc++-trunk-r303197, vendor/compiler-rt/compiler-rt-trunk-r303197, vendor/clang/clang-trunk-r303197, vendor/llvm/llvm-trunk-r303197, vendor/Juniper/libxo/0.7.2, vendor/lldb/lldb-trunk-r302418, vendor/lld/lld-trunk-r302418, vendor/libc++/libc++-trunk-r302418, vendor/compiler-rt/compiler-rt-trunk-r302418, vendor/clang/clang-trunk-r302418, vendor/llvm/llvm-trunk-r302418, vendor/zstd/1.2.0, zfs-0.7.0-rc4, vendor/lldb/lldb-trunk-r302069, vendor/lld/lld-trunk-r302069, vendor/compiler-rt/compiler-rt-trunk-r302069, vendor/clang/clang-trunk-r302069, vendor/llvm/llvm-trunk-r302069, vendor/NetBSD/blacklist/20170503, vendor/lldb/lldb-trunk-r301939, vendor/lld/lld-trunk-r301939, vendor/compiler-rt/compiler-rt-trunk-r301939, vendor/clang/clang-trunk-r301939, vendor/llvm/llvm-trunk-r301939, vendor/openpam/RESEDACEA, vendor/less/v491, vendor/ena-com/1.1.4.1, vendor/llvm/llvm-trunk-r301441, vendor/lldb/lldb-trunk-r301441, vendor/lld/lld-trunk-r301441, vendor/libc++/libc++-trunk-r301441, vendor/libc++/libc++-trunk-r301939, vendor/libc++/libc++-trunk-r302069, vendor/compiler-rt/compiler-rt-trunk-r301441, vendor/clang/clang-trunk-r301441, vendor/less/v487, vendor/NetBSD/bmake/20170420, vendor/lldb/lldb-trunk-r300890, vendor/lld/lld-trunk-r300890, vendor/libc++/libc++-trunk-r300890, vendor/compiler-rt/compiler-rt-trunk-r300890, vendor/clang/clang-trunk-r300890, vendor/llvm/llvm-trunk-r300890, vendor/elftoolchain/elftoolchain-r3520, vendor/lldb/lldb-trunk-r300422, vendor/lld/lld-trunk-r300422, vendor/libc++/libc++-trunk-r300422, vendor/compiler-rt/compiler-rt-trunk-r300422, vendor/clang/clang-trunk-r300422, vendor/llvm/llvm-trunk-r300422, vendor/zstd/1.1.4, vendor/NetBSD/bmake/20170413, vendor/ck/20170407, vendor/tzdata/tzdata2017b, vendor/libcxxrt/2017-03-22-8a853717e61d5d55cbdf74d9d0a7545da5d5ff92, vendor/ntp/4.2.8p10, vendor/tcsh/6.20.00, vendor/dtc/1.4.3, vendor/lld/lld-release_400-r297347, vendor/libc++/libc++-release_400-r297347, vendor/clang/clang-release_400-r297347, vendor/llvm/llvm-release_400-r297347, vendor/edk2/7babb4372e6a34cbbc54249b25056272a5a9924c, vendor/device-tree/4.10, vendor/NetBSD/bmake/20170301, vendor/acpica/20170303, vendor/libarchive/3.3.1, vendor/dma/20170210, vendor/ck/20170228, vendor/llvm/llvm-release_40-r296509, vendor/acpica/20170224, vendor/lld/lld-release_40-r296202, vendor/lld/lld-release_40-r296509, vendor/clang/clang-release_40-r296202, vendor/clang/clang-release_40-r296509, vendor/llvm/llvm-release_40-r296202, vendor/clang/clang-release_40-r296002, vendor/llvm/llvm-release_40-r296002, vendor/clang/clang-release_40-r295910, vendor/llvm/llvm-release_40-r295910, vendor/mandoc/1.4.1, vendor/openpam/RADULA, vendor/mandoc/1.4.1rc2, vendor/libucl/20170219, vendor/libc++/libc++-release_40-r295380, vendor/libc++/libc++-release_40-r295910, vendor/libc++/libc++-release_40-r296002, vendor/libc++/libc++-release_40-r296202, vendor/libc++/libc++-release_40-r296509, vendor/compiler-rt/compiler-rt-release_40-r295380, vendor/compiler-rt/compiler-rt-release_40-r295910, vendor/compiler-rt/compiler-rt-release_40-r296002, vendor/compiler-rt/compiler-rt-release_40-r296202, vendor/compiler-rt/compiler-rt-release_40-r296509, vendor/compiler-rt/compiler-rt-release_400-r297347, vendor/clang/clang-release_40-r295380, vendor/llvm/llvm-release_40-r295380, vendor/libpcap/1.8.1, vendor/lld/lld-release_40-r294803, vendor/lld/lld-release_40-r295380, vendor/lld/lld-release_40-r295910, vendor/lld/lld-release_40-r296002, vendor/libc++/libc++-release_40-r294803, vendor/clang/clang-release_40-r294803, vendor/llvm/llvm-release_40-r294803 |
|
#
fcf59617 |
| 06-Feb-2017 |
Andrey V. Elsukov <ae@FreeBSD.org> |
Merge projects/ipsec into head/.
Small summary -------------
o Almost all IPsec releated code was moved into sys/netipsec. o New kernel modules added: ipsec.ko and tcpmd5.ko. New kernel option
Merge projects/ipsec into head/.
Small summary -------------
o Almost all IPsec releated code was moved into sys/netipsec. o New kernel modules added: ipsec.ko and tcpmd5.ko. New kernel option IPSEC_SUPPORT added. It enables support for loading and unloading of ipsec.ko and tcpmd5.ko kernel modules. o IPSEC_NAT_T option was removed. Now NAT-T support is enabled by default. The UDP_ENCAP_ESPINUDP_NON_IKE encapsulation type support was removed. Added TCP/UDP checksum handling for inbound packets that were decapsulated by transport mode SAs. setkey(8) modified to show run-time NAT-T configuration of SA. o New network pseudo interface if_ipsec(4) added. For now it is build as part of ipsec.ko module (or with IPSEC kernel). It implements IPsec virtual tunnels to create route-based VPNs. o The network stack now invokes IPsec functions using special methods. The only one header file <netipsec/ipsec_support.h> should be included to declare all the needed things to work with IPsec. o All IPsec protocols handlers (ESP/AH/IPCOMP protosw) were removed. Now these protocols are handled directly via IPsec methods. o TCP_SIGNATURE support was reworked to be more close to RFC. o PF_KEY SADB was reworked: - now all security associations stored in the single SPI namespace, and all SAs MUST have unique SPI. - several hash tables added to speed up lookups in SADB. - SADB now uses rmlock to protect access, and concurrent threads can do SA lookups in the same time. - many PF_KEY message handlers were reworked to reflect changes in SADB. - SADB_UPDATE message was extended to support new PF_KEY headers: SADB_X_EXT_NEW_ADDRESS_SRC and SADB_X_EXT_NEW_ADDRESS_DST. They can be used by IKE daemon to change SA addresses. o ipsecrequest and secpolicy structures were cardinally changed to avoid locking protection for ipsecrequest. Now we support only limited number (4) of bundled SAs, but they are supported for both INET and INET6. o INPCB security policy cache was introduced. Each PCB now caches used security policies to avoid SP lookup for each packet. o For inbound security policies added the mode, when the kernel does check for full history of applied IPsec transforms. o References counting rules for security policies and security associations were changed. The proper SA locking added into xform code. o xform code was also changed. Now it is possible to unregister xforms. tdb_xxx structures were changed and renamed to reflect changes in SADB/SPDB, and changed rules for locking and refcounting.
Reviewed by: gnn, wblock Obtained from: Yandex LLC Relnotes: yes Sponsored by: Yandex LLC Differential Revision: https://reviews.freebsd.org/D9352
show more ...
|