Revision tags: vendor/file/3.40, vendor/ipfilter/3.4.31, vendor/ipfilter-sys/3-4-31, vendor/sendmail/8.12.7-protofix, vendor/gcc/3.2.2-20030205, vendor/sendmail/8.12.7, vendor/NetBSD/lukemftpd/20030122, vendor/openssl/0.9.7-stable-1, vendor/openssl/0.9.7, vendor/bind/8.3.4, vendor/misc-GNU/cvs/1.11.5, vendor/heimdal/0.5.1-patch |
|
#
44956c98 |
| 21-Jan-2003 |
Alfred Perlstein <alfred@FreeBSD.org> |
Remove M_TRYWAIT/M_WAITOK/M_WAIT. Callers should use 0. Merge M_NOWAIT/M_DONTWAIT into a single flag M_NOWAIT.
|
Revision tags: release/5.0.0_cvs, release/5.0.0, vendor/isc-dhcp/3.0.1rc11, vendor/isc-dhcp/3.0.1rc10, vendor/openpam/DAFFODIL, vendor/NetBSD/lukemftpd/20030105 |
|
#
9967cafc |
| 30-Dec-2002 |
Sam Leffler <sam@FreeBSD.org> |
Correct mbuf packet header propagation. Previously, packet headers were sometimes propagated using M_COPY_PKTHDR which actually did something between a "move" and a "copy" operation. This is repla
Correct mbuf packet header propagation. Previously, packet headers were sometimes propagated using M_COPY_PKTHDR which actually did something between a "move" and a "copy" operation. This is replaced by M_MOVE_PKTHDR (which copies the pkthdr contents and "removes" it from the source mbuf) and m_dup_pkthdr which copies the packet header contents including any m_tag chain. This corrects numerous problems whereby mbuf tags could be lost during packet manipulations.
These changes also introduce arguments to m_tag_copy and m_tag_copy_chain to specify if the tag copy work should potentially block. This introduces an incompatibility with openbsd which we may want to revisit.
Note that move/dup of packet headers does not handle target mbufs that have a cluster bound to them. We may want to support this; for now we watch for it with an assert.
Finally, M_COPYFLAGS was updated to include M_FIRSTFRAG|M_LASTFRAG.
Supported by: Vernier Networks Reviewed by: Robert Watson <rwatson@FreeBSD.org>
show more ...
|
Revision tags: vendor/one-true-awk/20021213, vendor/openpam/CYCLAMEN, vendor/one-true-awk/20021129, vendor/gcc/3.2.1, vendor/binutils/2.13.2_20021127, vendor/misc-GNU/cvs/1.11.2.1-20021201, vendor/acpica/20021118, vendor/heimdal/0.5.1, vendor/bind/8.3.3.patched, vendor/NetBSD/lukemftpd/1.2-beta2, vendor/ntp/4.1.1b, vendor/ntp/4.1.1a, vendor/openssh/3.5p1 |
|
#
88768458 |
| 16-Oct-2002 |
Sam Leffler <sam@FreeBSD.org> |
"Fast IPsec": this is an experimental IPsec implementation that is derived from the KAME IPsec implementation, but with heavy borrowing and influence of openbsd. A key feature of this implementation
"Fast IPsec": this is an experimental IPsec implementation that is derived from the KAME IPsec implementation, but with heavy borrowing and influence of openbsd. A key feature of this implementation is that it uses the kernel crypto framework to do all crypto work so when h/w crypto support is present IPsec operation is automatically accelerated. Otherwise the protocol implementations are rather differet while the SADB and policy management code is very similar to KAME (for the moment).
Note that this implementation is enabled with a FAST_IPSEC option. With this you get all protocols; i.e. there is no FAST_IPSEC_ESP option.
FAST_IPSEC and IPSEC are mutually exclusive; you cannot build both into a single system.
This software is well tested with IPv4 but should be considered very experimental (i.e. do not deploy in production environments). This software does NOT currently support IPv6. In fact do not configure FAST_IPSEC and INET6 in the same system.
Obtained from: KAME + openbsd Supported by: Vernier Networks
show more ...
|
Revision tags: vendor/less/v643, vendor/NetBSD/libc-vis/20230813, vendor/openssh/9.4p1, vendor/device-tree/6.4, vendor/device-tree/6.3, vendor/device-tree/6.2, vendor/device-tree/6.1, vendor/krb5/1.21.1, vendor/xz/5.4.4, vendor/openssl/3.0.10, vendor/openssl/1.1.1v, vendor/llvm-project/llvmorg-17-init-19311-gbc849e525f80, vendor/llvm-project/llvmorg-17-init-19304-gd0b54bb50e51, vendor/openssh/9.3p2, vendor/lua/5.4.6, vendor/NetBSD/bmake/20230622, vendor/openpam/XIMENIA, vendor/heimdal/7.8.0-2023-06-10-f62e2f278, vendor/openssl/3.0.9, vendor/llvm-project/llvmorg-16.0.6-0-g7cbf1a259152, vendor/ntp/4.2.8p17, vendor/llvm-project/llvmorg-16.0.5-0-g185b81e034ba, vendor/spleen/2.0.0, vendor/ntp/4.2.8p16, vendor/openssl/1.1.1u, vendor/sqlite3/sqlite-3420000, vendor/bc/6.6.0, vendor/llvm-project/llvmorg-16.0.4-0-gae42196bc493, vendor/NetBSD/bmake/20230510, vendor/xz/5.4.3 |
|
#
4d846d26 |
| 10-May-2023 |
Warner Losh <imp@FreeBSD.org> |
spdx: The BSD-2-Clause-FreeBSD identifier is obsolete, drop -FreeBSD
The SPDX folks have obsoleted the BSD-2-Clause-FreeBSD identifier. Catch up to that fact and revert to their recommended match of
spdx: The BSD-2-Clause-FreeBSD identifier is obsolete, drop -FreeBSD
The SPDX folks have obsoleted the BSD-2-Clause-FreeBSD identifier. Catch up to that fact and revert to their recommended match of BSD-2-Clause.
Discussed with: pfg MFC After: 3 days Sponsored by: Netflix
show more ...
|
Revision tags: vendor/tcpdump/4.99.4, vendor/llvm-project/llvmorg-16.0.3-0-gda3cd333bea5, vendor/ldns/1.8.3, vendor/spleen/1.9.3, vendor/libpcap/1.10.4, vendor/spleen/1.6.0, vendor/less/v632, vendor/bc/6.5.0, vendor/libfido2/1.13.0, vendor/libfido2/1.12.0, vendor/libfido2/1.11.0, vendor/libfido2/1.10.0, vendor/libfido2/1.9.0, vendor/NetBSD/bmake/20230414, vendor/llvm-project/llvmorg-16.0.2-0-g18ddebe1a1a9, vendor/libcbor/0.10.2, vendor/tzcode/tzcode2023c, vendor/tzcode/tzcode2023b, vendor/tzcode/tzcode2023a, vendor/sqlite3/sqlite-3410200, vendor/llvm-project/llvmorg-16.0.1-0-gcd89023f7979, release/13.2.0, vendor/llvm-project/llvmorg-16.0.0-45-g42d1b276f779, vendor/llvm-project/llvmorg-16.0.0-0-g08d094a0e457, vendor/tzdata/tzdata2023c, vendor/libpcap/1.10.3, vendor/opencsd/v1.4.0, vendor/arm-optimized-routines/v23.01, vendor/tzdata/tzdata2023b, vendor/tzdata/tzdata2023a, vendor/xz/5.4.2, vendor/openssh/9.3p1, vendor/openssl/3.0.8, vendor/bc/6.4.0, vendor/sqlite3/sqlite-3410000, vendor/bc/6.3.1, vendor/bearssl/20230220, vendor/zlib/1.2.13, vendor/llvm-project/llvmorg-16.0.0-rc2-10-g073506d8c15c, vendor/llvm-project/llvmorg-16-init-18548-gb0daacf58f41, vendor/NetBSD/bmake/20230208, vendor/byacc/20230201, vendor/openssl/1.1.1t, vendor/NetBSD/libedit/2023-01-06, vendor/openssh/9.2p1, vendor/tcsh/6.24.07, vendor/bc/6.2.2, vendor/bc/6.2.1, vendor/bc/6.2.0, vendor/bc/6.1.0, vendor/bc/6.0.4, vendor/NetBSD/bmake/20230126, vendor/Juniper/libxo/1.6.0, vendor/zstd/1.5.2, vendor/xz/5.4.1, vendor/sendmail/8.17.1, vendor/llvm-project/llvmorg-15.0.7-0-g8dfdcc7b7bf6, vendor/heimdal/7.8.0, vendor/sqlite3/sqlite-3400100, vendor/xz/5.4.0, vendor/tzcode/tzcode2022g, vendor/tzcode/tzcode2022f, vendor/tzcode/tzcode2022e, vendor/tzcode/tzcode2022d, vendor/xz/5.2.9 |
|
#
e68b3792 |
| 07-Dec-2022 |
Gleb Smirnoff <glebius@FreeBSD.org> |
tcp: embed inpcb into tcpcb
For the TCP protocol inpcb storage specify allocation size that would provide space to most of the data a TCP connection needs, embedding into struct tcpcb several struct
tcp: embed inpcb into tcpcb
For the TCP protocol inpcb storage specify allocation size that would provide space to most of the data a TCP connection needs, embedding into struct tcpcb several structures, that previously were allocated separately.
The most import one is the inpcb itself. With embedding we can provide strong guarantee that with a valid TCP inpcb the tcpcb is always valid and vice versa. Also we reduce number of allocs/frees per connection. The embedded inpcb is placed in the beginning of the struct tcpcb, since in_pcballoc() requires that. However, later we may want to move it around for cache line efficiency, and this can be done with a little effort. The new intotcpcb() macro is ready for such move.
The congestion algorithm data, the TCP timers and osd(9) data are also embedded into tcpcb, and temprorary struct tcpcb_mem goes away. There was no extra allocation here, but we went through extra pointer every time we accessed this data.
One interesting side effect is that now TCP data is allocated from SMR-protected zone. Potentially this allows the TCP stacks or other TCP related modules to utilize that for their own synchronization.
Large part of the change was done with sed script:
s/tp->ccv->/tp->t_ccv./g s/tp->ccv/\&tp->t_ccv/g s/tp->cc_algo/tp->t_cc/g s/tp->t_timers->tt_/tp->tt_/g s/CCV\(ccv, osd\)/\&CCV(ccv, t_osd)/g
Dependency side effect is that code that needs to know struct tcpcb should also know struct inpcb, that added several <netinet/in_pcb.h>.
Differential revision: https://reviews.freebsd.org/D37127
show more ...
|
Revision tags: vendor/llvm-project/llvmorg-15.0.6-0-g088f33605d8a, vendor/tzdata/tzdata2022g, release/12.4.0, vendor/sqlite3/sqlite-3400000, vendor/expat/2.5.0, vendor/xz/5.2.8, vendor/device-tree/6.0, vendor/device-tree/5.19, vendor/openssl/1.1.1s, vendor/wireguard-tools/v1.0.20210914, vendor/tzdata/tzdata2022f, vendor/acpica/20221020, vendor/unbound/1.17.0, vendor/llvm-project/llvmorg-15.0.2-10-gf3c5289e7846, vendor/llvm-project/llvmorg-15.0.2-0-g4bd3f3759259, vendor/llvm-project/llvmorg-15.0.1-0-gb73d2c8c720a, vendor/tzdata/tzdata2022e, vendor/openssh/9.1p1 |
|
#
809fef29 |
| 04-Oct-2022 |
Gleb Smirnoff <glebius@FreeBSD.org> |
netipsec: move specific ipsecmethods declarations to ipsec_support.h
where struct ipsec_methods is defined. Not a functional change. Allows further modification of method prototypes without breakin
netipsec: move specific ipsecmethods declarations to ipsec_support.h
where struct ipsec_methods is defined. Not a functional change. Allows further modification of method prototypes without breaking compilation of other ipsec compilation units.
Differential revision: https://reviews.freebsd.org/D36730
show more ...
|
Revision tags: vendor/unbound/1.16.3, vendor/bsddialog/0.4, vendor/tzdata/tzdata2022d, vendor/file/5.43, vendor/expat/2.4.9, vendor/sqlite3/sqlite-3390300, vendor/llvm-project/llvmorg-15.0.0-9-g1c73596d3454, vendor/llvm-project/llvmorg-15.0.0-0-g4ba6a9c9f65b, vendor/less/v608, vendor/bsddialog/0.3, vendor/lua/5.4.4, vendor/lua/5.4.3, vendor/sqlite3/sqlite-3390200, vendor/bc/6.0.2, verndor/bc/6.0.2, vendor/dhcpcd/9.4.1, vendor/tzcode/tzcode2022c, vendor/tzcode/unsplit, vendor/tzdata/tzdata2022c, vendor/llvm-project/llvmorg-15.0.0-rc2-40-gfbd2950d8d0d, vendor/tzdata/tzdata2022b, vendor/arm-optimized-routines/20220210-89ca9c3, vendor/device-tree/5.18, vendor/device-tree/5.17, vendor/device-tree/5.16, vendor/device-tree/5.15, vendor/device-tree/5.14, vendor/unbound/1.16.2, vendor/llvm-project/llvmorg-15-init-17826-g1f8ae9d7e7e4, vendor/llvm-project/llvmorg-15-init-17827-gd77882e66779, vendor/NetBSD/bmake/20220726, vendor/NetBSD/bmake/20220724, vendor/llvm-project/llvmorg-15-init-17485-ga3e38b4a206b, vendor/llvm-project/llvmorg-15-init-16436-g18a6ab5b8d1f, vendor/unbound/1.16.1, vendor/sqlite3/sqlite-3390000, vendor/openssl/1.1.1q, vendor/file/5.42, vendor/llvm-project/llvmorg-15-init-15358-g53dc0f107877, vendor/openssl/1.1.1p, vendor/bc/5.3.3, vendor/bc/5.3.2, vendor/llvm-project/llvmorg-14.0.5-0-gc12386ae247c, vendor/bc/5.3.1, vendor/bc/5.3.0, vendor/unbound/1.16.0, vendor/llvm-project/llvmorg-14.0.4-0-g29f1039a7285, vendor/sqlite3/sqlite-3380500, release/13.1.0, upstream/13.1.0, vendor/bc/5.2.5, vendor/openssl/1.1.1o, vendor/llvm-project/llvmorg-14.0.2-0-g0e27d08cdeb3, vendor/llvm-project/llvmorg-14.0.3-0-g1f9140064dfb, vendor/NetBSD/bmake/20220418, vendor/bearssl/20220418, vendor/bc/5.2.4, vendor/NetBSD/libedit/2022-04-11 |
|
#
40461785 |
| 13-Apr-2022 |
John Baldwin <jhb@FreeBSD.org> |
ipsec_encap: setdf is only used for INET.
|
Revision tags: vendor/openssh/9.0p1, vendor/NetBSD/bmake/20220330, vendor/acpica/20220331, vendor/zlib/1.2.12, vendor/llvm-project/llvmorg-14.0.0-2-g3f43d803382d, vendor/heimdal/7.7.0, vendor/expat/2.4.7, vendor/llvm-project/llvmorg-14.0.0-rc4-2-gadd3ab7f4c8a, vendor/tzdata/tzdata2022a, vendor/openssl/1.1.1n, vendor/bsddialog/0.2, vendor/libcxxrt/2022-03-09-fd484be8d1e94a1fcf6bc5c67e5c07b65ada19b6, vendor/bc/5.2.3, vendor/llvm-project/llvmorg-14.0.0-rc2-12-g09546e1b5103, vendor/expat/2.4.6, vendor/openssh/8.9p1, vendor/llvm-project/llvmorg-13.0.1-0-g75e33f71c2da, vendor/llvm-project/llvmorg-14.0.0-rc1-74-g4dc3cb8e3255, vendor/unbound/1.15.0, vendor/NetBSD/bmake/20220208, vendor/bc/5.2.2, vendor/NetBSD/bmake/20220204, vendor/llvm-project/llvmorg-14-init-18315-g190be5457c90, vendor/llvm-project/llvmorg-14-init-18294-gdb01b123d012, vendor/terminus/terminus-font-4.49.1, vendor/bsddialog/0.1, vendor/llvm-project/llvmorg-14-init-17616-g024a1fab5c35, vendor/dma/2022-01-27, vendor/ena-com/2.5.0, vendor/wpa/2.10, vendor/expat/2.4.3, vendor/sqlite3/sqlite-3370200, vendor/wpa/gb26f5c0fe, vendor/sqlite3/sqlite-3370100, vendor/file/5.41, vendor/llvm-project/llvmorg-14-init-13186-g0c553cc1af2e, vendor/bsddialog/0.0.2, vendor/NetBSD/bmake/20211212, vendor/openssl/1.1.1m, vendor/unbound/1.14.0, vendor/bsddialog/0.0.1, vendor/unbound/1.14.0rc1, vendor/llvm-project/llvmorg-14-init-11187-g222442ec2d71, release/12.3.0, upstream/12.3.0, vendor/wpa/g14ab4a816, vendor/bc/5.2.1, vendor/bc/5.2.0 |
|
#
44775b16 |
| 24-Nov-2021 |
Mark Johnston <markj@FreeBSD.org> |
netinet: Remove unneeded mb_unmapped_to_ext() calls
in_cksum_skip() now handles unmapped mbufs on platforms where they're permitted.
Reviewed by: glebius, jhb MFC after: 1 week Sponsored by: The Fr
netinet: Remove unneeded mb_unmapped_to_ext() calls
in_cksum_skip() now handles unmapped mbufs on platforms where they're permitted.
Reviewed by: glebius, jhb MFC after: 1 week Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D33097
show more ...
|
Revision tags: vendor/bsddialog/2021-11-24, vendor/llvm-project/llvmorg-14-init-10223-g401b76fdf2b3, vendor/llvm-project/llvmorg-14-init-10186-gff7f2cfa959b |
|
#
756bb50b |
| 16-Nov-2021 |
Mark Johnston <markj@FreeBSD.org> |
sctp: Remove now-unneeded mb_unmapped_to_ext() calls
sctp_delayed_checksum() now handles unmapped mbufs, thanks to m_apply().
No functional change intended.
Reviewed by: tuexen MFC after: 2 weeks
sctp: Remove now-unneeded mb_unmapped_to_ext() calls
sctp_delayed_checksum() now handles unmapped mbufs, thanks to m_apply().
No functional change intended.
Reviewed by: tuexen MFC after: 2 weeks Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D32942
show more ...
|
Revision tags: vendor/mandoc/1.14.6, vendor/openssh/8.8p1, vendor/ck/2021029, vendor/tzdata/tzdata2021e, vendor/tzdata/tzdata2021d, vendor/bc/5.1.1, vendor/bc/5.1.0, vendor/tzdata/tzdata2021c, vendor/libfido2/1.8.0, vendor/libcbor/0.8.0, vendor/acpica/20210930 |
|
#
8deba29c |
| 27-Sep-2021 |
Wojciech Macek <wma@FreeBSD.org> |
ipsec: fix typo part2
|
#
c27214f0 |
| 27-Sep-2021 |
Wojciech Macek <wma@FreeBSD.org> |
ipsec: fix typo in comment
|
Revision tags: vendor/llvm-project/llvmorg-13.0.0-0-gd7b669b3a303, vendor/llvm-project/llvmorg-13.0.0-rc4-0-gd7b669b3a303, vendor/tzdata/tzdata2021b |
|
#
9dfc8606 |
| 24-Sep-2021 |
Bartlomiej Grzesik <bag@semihalf.com> |
ipsec: Add support for PMTUD for IPv6 tunnels
Discard and send ICMPv6 Packet Too Big to sender when we try to encapsulate and forward a packet which total length exceeds the PMTU. Logic is based on
ipsec: Add support for PMTUD for IPv6 tunnels
Discard and send ICMPv6 Packet Too Big to sender when we try to encapsulate and forward a packet which total length exceeds the PMTU. Logic is based on the IPv4 implementation. Common code was moved to a separate function.
Differential revision: https://reviews.freebsd.org/D31771 Obtained from: Semihalf Sponsored by: Stormshield
show more ...
|
#
b4220bf3 |
| 24-Sep-2021 |
Bartlomiej Grzesik <bag@semihalf.com> |
ipsec: If no PMTU in hostcache assume it's equal to link's MTU
If we fail to find to PMTU in hostcache, we assume it's equal to link's MTU.
This patch prevents packets larger then link's MTU to be
ipsec: If no PMTU in hostcache assume it's equal to link's MTU
If we fail to find to PMTU in hostcache, we assume it's equal to link's MTU.
This patch prevents packets larger then link's MTU to be dropped silently if there is no PMTU in hostcache.
Differential revision: https://reviews.freebsd.org/D31770 Obtained from: Semihalf Sponsored by: Stormshield
show more ...
|
#
4f337695 |
| 24-Sep-2021 |
Bartlomiej Grzesik <bag@semihalf.com> |
ipsec: Add PMTUD support for IPsec IPv4 over IPv6 tunnel
Add support for checking PMTU for IPv4 packets encapsulated in IPv6 tunnels.
Differential revision: https://reviews.freebsd.org/D31769 Spons
ipsec: Add PMTUD support for IPsec IPv4 over IPv6 tunnel
Add support for checking PMTU for IPv4 packets encapsulated in IPv6 tunnels.
Differential revision: https://reviews.freebsd.org/D31769 Sponsored by: Stormshield Obtained from: Semihalf
show more ...
|
Revision tags: vendor/dma/2021-07-10, vendor/NetBSD/libedit/2021-09-10, vendor/bc/5.0.2, vendor/llvm-project/llvmorg-13.0.0-rc3-8-g08642a395f23, vendor/llvm-project/llvmorg-13.0.0-rc2-43-gf56129fe78d5, vendor/openssl/1.1.1l, vendor/openssh/8.7p1, vendor/llvm-project/llvmorg-13.0.0-rc1-97-g23ba3732246a, vendor/llvm-project/llvmorg-13.0.0-rc1-0-gd6974c010878, vendor/unbound/1.13.2 |
|
#
a16771de |
| 13-Aug-2021 |
Kornel Duleba <mindal@semihalf.com> |
ipsec: Return error code if no matching SA was found
If we matched SP to a packet, but no associated SA was found ipsec4_allocsa will return NULL while setting error=0. This resulted in use after fr
ipsec: Return error code if no matching SA was found
If we matched SP to a packet, but no associated SA was found ipsec4_allocsa will return NULL while setting error=0. This resulted in use after free and potential kernel panic. Return EINPROGRESS if the case described above instead.
Obtained from: Semihalf Sponsored by: Stormshield Differential revision: https://reviews.freebsd.org/D30994
show more ...
|
#
6b66194b |
| 13-Aug-2021 |
Kornel Duleba <mindal@semihalf.com> |
ipsec: Check PMTU before sending a frame.
If an encapsulated frame is going to have DF bit set check its desitnitions' PMTU and if it won't fit drop it and:
Generate ICMP 3/4 message if the packet
ipsec: Check PMTU before sending a frame.
If an encapsulated frame is going to have DF bit set check its desitnitions' PMTU and if it won't fit drop it and:
Generate ICMP 3/4 message if the packet was to be forwarded. Return EMSGSIZE error otherwise.
Obtained from: Semihalf Sponsored by: Stormshield Differential revision: https://reviews.freebsd.org/D30993
show more ...
|
Revision tags: vendor/one-true-awk/0592de4a, vendor/acpica/20210730, vendor/llvm-project/llvmorg-13-init-16854-g6b2e4c5a58d7, vendor/llvm-project/llvmorg-12.0.1-0-gfed41342a82f, vendor/llvm-project/llvmorg-12.0.1-rc2-0-ge7dac564cd0e, vendor/llvm-project/llvmorg-13-init-16847-g88e66fa60ae5, vendor/less/v590, llvmorg-12.0.1-0-gfed41342a82f, vendor/one-true-awk/1e4bc42c53a1, vendor/device-tree/5.13, vendor/device-tree/5.12, vendor/NetBSD/bmake/20210621, vendor/ena-com/2.4.0, vendor/NetBSD/vis/20210621, llvmorg-12.0.1-rc2-0-ge7dac564cd0e, vendor/acpica/20210604, vendor/nvi/2.2.0-3bbdfe4, vendor/tcsh/6.22.04, vendor/bc/4.0.2, vendor/sqlite3/sqlite-3350500, vendor/less/v581.2, vendor/bc/4.0.1, vendor/openssh/8.6p1, vendor/openssh/8.5p1, vendor/llvm-project/llvmorg-12.0.0-0-gd28af7c654d8, vendor/less/v581, vendor/google/capsicum-test/ea66424d921bb393539b298c108a46edee5c3051, release/13.0.0, upstream/13.0.0, vendor/bc/4.0.0, vendor/acpica/20210331, vendor/NetBSD/libedit/2021-03-28, vendor/openssl/1.1.1k, vendor/device-tree/5.11, vendor/NetBSD/libedit/2020-07-10, vendor/libucl/20210314, vendor/bc/3.3.4, vendor/wpa/g9d9b42306541, vendor/tcsh/6.22.03-ceccc7f, bc/3.3.3, vendor/google/capsicum-test/20210302, vendor/dialog/1.3-20210117, vendor/ncurses/6.2-20210220, vendor/arm-optimized-routines/v21.02, vendor/libcxxrt/2021-02-18-8049924686b8414d8e652cbd2a52c763b48e8456, vendor/bc/bc-3.3.0, vendor/llvm-project/llvmorg-12.0.0-rc1-109-gd5d089bf08c9, vendor/llvm-project/llvmorg-12-init-17869-g8e464dd76bef, vendor/openssl/1.1.1j, vendor/google/capsicum-test/7707222b46abe52d18fd4fbb76115ffdb3e6f74b, vendor/openssh/8.4p1, vendor/openssh/8.3p1, vendor/openssh/8.2p1, vendor/openssh/8.1p1, vendor/openzfs/20210210, vendor/subversion/subversion-1.14.1, vendor/NetBSD/bmake/20210206, vendor/unbound/1.13.1, vendor/bc/3.2.6, vendor/atf/20210128, vendor/sqlite3/sqlite-3340100, vendor/tzdata/tzdata2021a |
|
#
8e9313ca |
| 19-Jan-2021 |
John Baldwin <jhb@FreeBSD.org> |
Convert unmapped mbufs before computing checksums in IPsec.
This is similar to the logic used in ip_output() to convert mbufs prior to computing checksums. Unmapped mbufs can be sent when using sen
Convert unmapped mbufs before computing checksums in IPsec.
This is similar to the logic used in ip_output() to convert mbufs prior to computing checksums. Unmapped mbufs can be sent when using sendfile() over IPsec or using KTLS over IPsec.
Reported by: Sony Arpita Das @ Chelsio QA Reviewed by: np Sponsored by: Chelsio Differential Revision: https://reviews.freebsd.org/D28187
show more ...
|
Revision tags: vendor/device-tree/5.10, vendor/device-tree/5.9, vendor/NetBSD/bmake/20210110, vendor/openzfs/20210107, vendor/acpica/20210105, vendor/acpica/20201217, vendor/llvm-project/llvmorg-11.0.1-0-g43ff75f2c3fe, vendor/llvm-project/llvmorg-11.0.1-rc2-0-g43ff75f2c3f, vendor/pnglite/20130820, vendor/terminus/terminus-font-4.48, vendor/tzdata/tzdata2020f, vendor/libarchive/3.5.1, vendor/bc/3.2.4, vendor/lua/5.4.2, vendor/zstd/1.4.8, vendor/tzdata/tzdata2020e, vendor/unbound/1.13.0, vendor/openssl/1.1.1i, vendor/bc/3.2.3, vendor/libarchive/3.5.0, vendor/bc/3.2.0, vendor/NetBSD/bmake/20201117, vendor/ena-com/2.3.0, vendor/ena-com/2.2.1, vendor/acpica/20201113, vendor/NetBSD/bmake/20201101, vendor/unbound/1.12.0, vendor/less/v563, release/12.2.0, upstream/12.2.0, vendor/tzdata/tzdata2020d, vendor/tzdata/tzdata2020c, vendor/openzfs/2.0.0-rc3-gfc5966, vendor/lua/5.3.6, vendor/llvm-project/llvmorg-11.0.0-0-g176249bd673, vendor/acpica/20200925, vendor/tzdata/tzdata2020b, vendor/openzfs/2.0-rc3-gfc5966, vendor/llvm-project/llvmorg-11.0.0-rc5-0-g60a25202a7d, vendor/bc/3.1.6, vendor/nvi/2.2.0-05ed8b9, vendor/openssl/1.1.1h, vendor/openzfs/2.0-rc2-g4ce06f, vendor/llvm-project/llvmorg-11.0.0-rc2-91-g6e042866c30, vendor/lib9p/9d5aee77bcc1bf0e79b0a3bfefff5fdf2146283c, vendor/nvi/2.2.0, vendor/NetBSD/bmake/20200902, vendor/openzfs/2.0-rc1-gfd20a8 |
|
#
662c1305 |
| 01-Sep-2020 |
Mateusz Guzik <mjg@FreeBSD.org> |
net: clean up empty lines in .c and .h files
|
Revision tags: vendor/openzfs/2.0-rc1-ga00c61, vendor/openzfs/2.0-rc0-g184df27, vendor/llvm-project/llvmorg-11.0.0-rc2-0-g414f32a9e86, vendor/unbound/1.11.0, vendor/sqlite3/sqlite-3330000, vendor/llvm-project/llvmorg-11.0.0-rc1-47-gff47911ddfc, vendor/bc/3.1.5, vendor/device-tree/5.8, vendor/bc/3.1.4, vendor/llvm-project/llvmorg-11.0.0-rc1-25-g903c872b169, vendor/pcg-c/20190718-83252d9, vendor/llvm-project/llvmorg-11-init-20933-g3c1fca803bc, vendor/llvm-project/llvmorg-11-init-20887-g2e10b7a39b9, vendor/acpica/20200717, vendor/sendmail/8.16.1, vendor/NetBSD/bmake/20200710, vendor/bc/3.1.3, vendor/NetBSD/bmake/20200704, vendor/sqlite3/sqlite-3320300, vendor/bc/3.1.1, vendor/NetBSD/bmake/20200629, vendor/llvm-project/llvmorg-10.0.1-0-gef32c611aa2, vendor/llvm-project/llvmorg-10.0.1-rc2-0-g77d76b71d7d, vendor/bc/3.0.2 |
|
#
f82eb2a6 |
| 25-Jun-2020 |
John Baldwin <jhb@FreeBSD.org> |
Enter and exit the network epoch for async IPsec callbacks.
When an IPsec packet has been encrypted or decrypted, the next step in the packet's traversal through the network stack is invoked from a
Enter and exit the network epoch for async IPsec callbacks.
When an IPsec packet has been encrypted or decrypted, the next step in the packet's traversal through the network stack is invoked from a crypto worker thread, not from the original calling thread. These threads need to enter the network epoch before passing packets down to IP output routines or up to transport protocols.
Reviewed by: ae Sponsored by: Chelsio Communications Differential Revision: https://reviews.freebsd.org/D25444
show more ...
|
Revision tags: vendor/llvm-project/llvmorg-10.0.0-129-gd24d5c8e308, vendor/ntp/4.2.8p15, vendor/byacc/20200330, vendor/llvm-project/llvmorg-10.0.0-97-g6f71678ecd2 |
|
#
95033af9 |
| 18-Jun-2020 |
Mark Johnston <markj@FreeBSD.org> |
Add the SCTP_SUPPORT kernel option.
This is in preparation for enabling a loadable SCTP stack. Analogous to IPSEC/IPSEC_SUPPORT, the SCTP_SUPPORT kernel option must be configured in order to suppor
Add the SCTP_SUPPORT kernel option.
This is in preparation for enabling a loadable SCTP stack. Analogous to IPSEC/IPSEC_SUPPORT, the SCTP_SUPPORT kernel option must be configured in order to support a loadable SCTP implementation.
Discussed with: tuexen MFC after: 2 weeks Sponsored by: The FreeBSD Foundation
show more ...
|
Revision tags: vendor/flex/2.6.4, vendor/file/5.39, vendor/blocklist/20200615, vendor/opencsd/v0.14.2, vendor/sqlite3/sqlite-3320200, release/11.4.0, upstream/11.4.0, vendor/sqlite3/sqlite-3320000, vendor/NetBSD/bmake/20200606, vendor/device-tree/5.7, vendor/edk2/ca407c7246bf405da6d9b1b9d93e5e7f17b4b1f9, vendor/subversion/subversion-1.14.0, vendor/apr/apr-1.7.0, vendor/acpica/20200528, vendor/ena-com/2.2.0, vendor/zstd/1.4.5, vendor/llvm-project/llvmorg-10.0.1-rc1-0-gf79cd71e145, vendor/unbound/1.10.1, vendor/NetBSD/bmake/20200517, vendor/libarchive/3.4.3, vendor/acpica/20200430, vendor/lib9p/7ddb1164407da19b9b1afb83df83ae65a71a9a66, vendor/tzdata/tzdata2020a, vendor/openssl/1.1.1g, vendor/sqlite3/sqlite-3310100, vendor/device-tree/5.6, vendor/google/googletest/1.10.0, vendor/llvm-project/llvmorg-10.0.0-0-gd32170dbd5b, vendor/bsnmp/1.14, vendor/openssl/1.1.1f, vendor/acpica/20200326, vendor/xz/5.2.5, vendor/llvm-project/llvmorg-10.0.0-rc4-5-g52c365aa9ca, vendor/openssl/1.1.1e, vendor/kyua/0.13-a685f91, vendor/lutok/0.4-8f8eaef, vendor/llvm-project/llvmorg-10.0.0-rc3-1-gc290cb61fdc, vendor/ntp/4.2.8p14, vendor/device-tree/5.5, vendor/llvm-project/llvmorg-10.0.0-rc2-70-ge5cb70267e7, vendor/ncurses/6.2-20200215, vendor/llvm-project/llvmorg-10.0.0-rc2-0-g90c78073f73, vendor/openssh/8.0p1, vendor/acpica/20200214, vendor/libarchive/3.4.2, vendor/file/5.38, vendor/ncurses/6.1-20200118, vendor/sqlite3/sqlite-3310000, vendor/Juniper/libxo/1.4.0, vendor/llvm-project/llvmorg-10-init-17538-gd11abddb32f, vendor/llvm-project/llvmorg-10-init-17468-gc4a134a5107, vendor/llvm-project/llvmorg-10-init-17466-ge26a78e7085, vendor/acpica/20200110, vendor/openssl/1.0.2u, vendor/libarchive/3.4.1, vendor/unbound/1.9.6, vendor/llvm-project/llvmorg-9.0.1, vendor/llvm-project/llvmorg-10-init-8157-g186155b89c2, vendor/llvm-project/trunk-r375505, vendor/acpica/20191213, vendor/device-tree/5.4, vendor/openresolv/3.9.2, vendor/file/5.37, vendor/Juniper/libxo/1.3.1, vendor/Juniper/libxo/1.3.0, vendor/NetBSD/blacklist/20191106, vendor/zstd/1.4.4, vendor/sqlite3/sqlite-3300100, release/12.1.0, upstream/12.1.0, vendor/llvm-openmp/openmp-trunk-r375505, vendor/lldb/lldb-trunk-r375505, vendor/lld/lld-trunk-r375505, vendor/llvm-libunwind/libunwind-trunk-r375505, vendor/libc++/libc++-trunk-r375505, vendor/compiler-rt/compiler-rt-trunk-r375505, vendor/clang/clang-trunk-r375505, vendor/llvm/llvm-trunk-r375505, vendor/tcsh/6.21.00-83c5be0, vendor/acpica/20191018, vendor/opencsd/a1961c91b02a92f3c6ed8b145c636ac4c5565aca, vendor/processor-trace/892e12c5a27bda5806d1e63269986bb4171b5a8b, vendor/tcsh/6.21.00, vendor/tcpdump/4.9.3, vendor/libpcap/1.9.1, vendor/device-tree/5.3, vendor/device-tree/5.2, vendor/lldb/lldb-release_900-r372316, vendor/clang/clang-release_900-r372316, vendor/llvm/llvm-release_900-r372316, vendor/tzdata/tzdata2019c, vendor/openssl/1.0.2t, vendor/openssl/1.1.1d, vendor/NetBSD/libedit/2019-09-10, vendor/lld/lld-release_90-r371301, vendor/lld/lld-release_900-r372316, vendor/clang/clang-release_90-r371301, vendor/llvm/llvm-release_90-r371301, vendor/lld/lld-release_90-r370514, vendor/libc++/libc++-release_90-r370514, vendor/libc++/libc++-release_90-r371301, vendor/libc++/libc++-release_900-r372316, vendor/compiler-rt/compiler-rt-release_90-r370514, vendor/compiler-rt/compiler-rt-release_90-r371301, vendor/compiler-rt/compiler-rt-release_900-r372316, vendor/clang/clang-release_90-r370514, vendor/llvm/llvm-release_90-r370514, vendor/lldb/lldb-trunk-r366426, vendor/wpa/2.9, vendor/lldb/lldb-release_90-r369369, vendor/lldb/lldb-release_90-r370514, vendor/lldb/lldb-release_90-r371301, vendor/lld/lld-release_90-r369369, vendor/libc++/libc++-release_90-r369369, vendor/compiler-rt/compiler-rt-release_90-r369369, vendor/clang/clang-release_90-r369369, vendor/llvm/llvm-release_90-r369369, vendor/llvm-openmp/openmp-release_90-r369369, vendor/llvm-openmp/openmp-release_90-r370514, vendor/llvm-openmp/openmp-release_90-r371301, vendor/llvm-openmp/openmp-release_900-r372316, vendor/llvm-openmp/openmp-trunk-r366426, vendor/lld/lld-trunk-r366426, vendor/llvm-libunwind/libunwind-release_90-r369369, vendor/llvm-libunwind/libunwind-release_90-r370514, vendor/llvm-libunwind/libunwind-release_90-r371301, vendor/llvm-libunwind/libunwind-release_900-r372316, vendor/llvm-libunwind/libunwind-trunk-r366426, vendor/libc++/libc++-trunk-r366426, vendor/compiler-rt/compiler-rt-trunk-r366426, vendor/clang/clang-trunk-r366426, vendor/llvm/llvm-trunk-r366426, vendor/acpica/20190816, vendor/bzip2/1.0.8, vendor/zstd/1.4.2, vendor/zstd/1.4.1, vendor/mandoc/20190723, vendor/libcxxrt/2019-07-26-f96846efbfd508f66d91fcbbef5dd808947c7f6d, vendor/llvm-libunwind/libunwind-release_801-r366581, vendor/clang/clang-release_801-r366581, vendor/sqlite3/sqlite-3290000, vendor/acpica/20190703, vendor/llvm-openmp/openmp-release_80-r364487, vendor/llvm-openmp/openmp-release_801-r366581, vendor/lldb/lldb-release_80-r364487, vendor/lldb/lldb-release_801-r366581, vendor/lld/lld-release_80-r364487, vendor/lld/lld-release_801-r366581, vendor/llvm-libunwind/libunwind-release_80-r364487, vendor/clang/clang-release_80-r364487, release/11.3.0, upstream/11.3.0, vendor/tzdata/tzdata2019b, vendor/unbound/1.9.2, vendor/unbound/1.9.1, vendor/elftoolchain/elftoolchain-r3769, vendor/less/v551, vendor/bzip2/1.0.7, vendor/libarchive/3.4.0, vendor/lldb/lldb-release_80-r363030, vendor/lld/lld-release_80-r363030, vendor/llvm-libunwind/libunwind-release_80-r363030, vendor/libc++/libc++-release_80-r363030, vendor/libc++/libc++-release_80-r364487, vendor/libc++/libc++-release_801-r366581, vendor/compiler-rt/compiler-rt-release_80-r363030, vendor/compiler-rt/compiler-rt-release_80-r364487, vendor/compiler-rt/compiler-rt-release_801-r366581, vendor/clang/clang-release_80-r363030, vendor/llvm/llvm-release_80-r363030, vendor/llvm/llvm-release_80-r364487, vendor/llvm/llvm-release_801-r366581, vendor/one-true-awk/4189ef5d, vendor/ena-com/2.0.0, vendor/openssl/1.0.2s, vendor/openssl/1.1.1c, vendor/libfdt/1.5.0, zfs-0.8.0, vendor/netcat/6.5, vendor/netcat/6.4, vendor/netcat/6.3, vendor/netcat/6.2, vendor/netcat/6.1, vendor/netcat/6.0, vendor/acpica/20190509, zfs-0.8.0-rc5, vendor/device-tree/5.1, vendor/Juniper/libxo/1.0.4, vendor/sqlite3/sqlite-3280000, vendor/wpa/2.8, vendor/sqlite3/sqlite-3270200, vendor/zstd/1.4.0, zfs-0.8.0-rc4, vendor/device-tree/5.0, vendor/sqlite3/sqlite-3270100, vendor/acpica/20190405, vendor/Juniper/libxo/1.0.2, vendor/acpica/20190329, vendor/mandoc/1.14.5, vendor/tzdata/tzdata2019a, vendor/clang/clang-release_800-r356365, vendor/llvm-openmp/openmp-release_80-r356034, vendor/llvm-openmp/openmp-release_80-r363030, vendor/llvm-openmp/openmp-release_800-r356365, vendor/llvm-openmp/openmp-trunk-r351319, vendor/clang/clang-release_80-r356034, vendor/llvm/llvm-release_80-r356034, vendor/llvm/llvm-release_800-r356365, vendor/llvm-libunwind/libunwind-release_80-r355677, vendor/llvm-libunwind/libunwind-release_80-r356034, vendor/llvm-libunwind/libunwind-release_800-r356365, vendor/clang/clang-release_80-r355677, vendor/llvm/llvm-release_80-r355677, vendor/llvm-libunwind/libunwind-trunk-r351319, vendor/ntp/4.2.8p13, vendor/libc++/libc++-release_80-r355313, vendor/libc++/libc++-release_80-r355677, vendor/libc++/libc++-release_80-r356034, vendor/libc++/libc++-release_800-r356365, vendor/clang/clang-release_80-r355313, vendor/llvm/llvm-release_80-r355313, vendor/openssl/1.0.2r, vendor/openssl/1.1.1b, vendor/lldb/lldb-release_80-r354799, vendor/lldb/lldb-release_80-r355313, vendor/lldb/lldb-release_80-r355677, vendor/lldb/lldb-release_80-r356034, vendor/lldb/lldb-release_800-r356365, vendor/lld/lld-release_80-r354799, vendor/lld/lld-release_80-r355313, vendor/lld/lld-release_80-r355677, vendor/lld/lld-release_80-r356034, vendor/lld/lld-release_800-r356365, vendor/libc++/libc++-release_80-r354799, vendor/compiler-rt/compiler-rt-release_80-r354799, vendor/compiler-rt/compiler-rt-release_80-r355313, vendor/compiler-rt/compiler-rt-release_80-r355677, vendor/compiler-rt/compiler-rt-release_80-r356034, vendor/compiler-rt/compiler-rt-release_800-r356365, vendor/clang/clang-release_80-r354799, vendor/llvm/llvm-release_80-r354799, vendor/openpam/TABEBUIA, vendor/acpica/20190215, vendor/lld/lld-release_80-r354130, vendor/compiler-rt/compiler-rt-release_80-r354130, vendor/clang/clang-release_80-r354130, vendor/llvm/llvm-release_80-r354130, vendor/google/googletest/1.8.1, vendor/unbound/1.9.0, vendor/lldb/lldb-release_80-r353167, vendor/lldb/lldb-release_80-r354130, vendor/lld/lld-release_80-r353167, vendor/libc++/libc++-release_80-r353167, vendor/libc++/libc++-release_80-r354130, vendor/compiler-rt/compiler-rt-release_80-r353167, vendor/clang/clang-release_80-r353167, vendor/llvm/llvm-release_80-r353167, vendor/openssh/7.9p1, vendor/bearssl/6433cc2, vendor/lldb/lldb-release_80-r351543, vendor/lld/lld-release_80-r351543, vendor/libc++/libc++-release_80-r351543, vendor/clang/clang-release_80-r351543, vendor/llvm/llvm-release_80-r351543, vendor/lldb/lldb-trunk-r351319, vendor/lld/lld-trunk-r351319, vendor/libc++/libc++-trunk-r351319, vendor/compiler-rt/compiler-rt-release_80-r351543, vendor/compiler-rt/compiler-rt-trunk-r351319, vendor/clang/clang-trunk-r351319, vendor/llvm/llvm-trunk-r351319, vendor/ena-com/1.1.4.6, zfs-0.8.0-rc3, vendor/device-tree/4.20, vendor/elftoolchain/elftoolchain-r3668, vendor/acpica/20190108, vendor/tzdata/tzdata2018i, vendor/tzdata/tzdata2018h, vendor/zstd/1.3.8, vendor/NetBSD/bmake/20181221, vendor/sqlite3/sqlite-3260000, vendor/clang/clang-release_701-r349250, vendor/acpica/20181213, vendor/libc++/libc++-release_70-r348686, vendor/libc++/libc++-release_701-r349250, vendor/clang/clang-release_70-r348686, vendor/llvm/llvm-release_70-r348686, vendor/llvm/llvm-release_701-r349250, release/12.0.0, upstream/12.0.0, vendor/wpa/2.7, vendor/NetBSD/bmake/20180919, vendor/lldb/lldb-release_70-r348011, vendor/lldb/lldb-release_70-r348686, vendor/lldb/lldb-release_701-r349250, vendor/clang/clang-release_70-r348011, vendor/llvm/llvm-release_70-r348011, vendor/ck/20181120, vendor/openssl/1.0.2q, vendor/openssl/1.1.1a, zfs-0.8.0-rc2, vendor/device-tree/4.19, vendor/lld/lld-release_70-r346007, vendor/lld/lld-release_70-r348011, vendor/lld/lld-release_70-r348686, vendor/lld/lld-release_701-r349250, vendor/clang/clang-release_70-r346007, vendor/llvm/llvm-release_70-r346007, vendor/expat/2.2.6, vendor/acpica/20181031, vendor/tzdata/tzdata2018g, vendor/zstd/1.3.7, vendor/zstd/1.3.4, vendor/zstd/1.3.3, vendor/dialog/1.3-20180621, vendor/tzdata/tzdata2018f, vendor/ck/20181014, vendor/unbound/1.8.1, vendor/subversion/subversion-1.10.2, vendor/apr-util/apr-util-1.6.1, vendor/apr/apr-1.6.5, vendor/serf/serf-1.3.9, vendor/acpica/20181003, vendor/acpica/20180927, vendor/libevent/2.1.18, vendor/libevent/2.1.8, vendor/mandoc/1.14.4, vendor/lld/lld-release_700-r342383, vendor/clang/clang-release_700-r342383, vendor/openssl/1.1.1, vendor/lld/lld-release_70-r341916, vendor/libc++/libc++-release_70-r341916, vendor/libc++/libc++-release_70-r346007, vendor/libc++/libc++-release_70-r348011, vendor/libc++/libc++-release_700-r342383, vendor/compiler-rt/compiler-rt-release_70-r341916, vendor/compiler-rt/compiler-rt-release_70-r346007, vendor/compiler-rt/compiler-rt-release_70-r348011, vendor/compiler-rt/compiler-rt-release_70-r348686, vendor/compiler-rt/compiler-rt-release_700-r342383, vendor/compiler-rt/compiler-rt-release_701-r349250, vendor/clang/clang-release_70-r341916, vendor/llvm/llvm-release_70-r341916, vendor/llvm/llvm-release_700-r342383, vendor/unbound/1.8.0, vendor/unbound/1.7.3, vendor/unbound/1.7.2, zfs-0.8.0-rc1, vendor/libarchive/3.3.3, vendor/lld/lld-release_70-r340910, vendor/libc++/libc++-release_70-r340910, vendor/compiler-rt/compiler-rt-release_70-r340910, vendor/clang/clang-release_70-r340910, vendor/llvm/llvm-release_70-r340910, vendor/openssh/7.8p1, vendor/ntp/4.2.8p12, vendor/lldb/lldb-release_70-r339999, vendor/lldb/lldb-release_70-r340910, vendor/lldb/lldb-release_70-r341916, vendor/lldb/lldb-release_70-r346007, vendor/lldb/lldb-release_700-r342383, vendor/lld/lld-release_70-r339999, vendor/libc++/libc++-release_70-r339999, vendor/clang/clang-release_70-r339999, vendor/llvm/llvm-release_70-r339999, vendor/openssl/1.0.2p, vendor/device-tree/4.18, vendor/tzdb/tzcode2018e, vendor/lldb/lldb-release_70-r339355, vendor/lld/lld-release_70-r339355, vendor/compiler-rt/compiler-rt-release_70-r339355, vendor/compiler-rt/compiler-rt-release_70-r339999, vendor/clang/clang-release_70-r339355, vendor/llvm/llvm-release_70-r339355, vendor/lua/5.3.5, vendor/acpica/20180810, vendor/ck/20180809, vendor/libc++/libc++-release_70-r338892, vendor/libc++/libc++-release_70-r339355, vendor/compiler-rt/compiler-rt-release_70-r338892, vendor/clang/clang-release_70-r338892, vendor/llvm/llvm-release_70-r338892, vendor/lldb/lldb-release_70-r338892, vendor/lldb/lldb-trunk-r338536, vendor/lld/lld-release_70-r338892, vendor/lld/lld-trunk-r338536, vendor/libc++/libc++-trunk-r338536, vendor/compiler-rt/compiler-rt-trunk-r338536, vendor/clang/clang-trunk-r338536, vendor/llvm/llvm-trunk-r338536, vendor/file/5.34, vendor/lldb/lldb-trunk-r338150, vendor/lld/lld-trunk-r338150, vendor/libc++/libc++-trunk-r338150, vendor/compiler-rt/compiler-rt-trunk-r338150, vendor/clang/clang-trunk-r338150, vendor/llvm/llvm-trunk-r338150, vendor/bsnmp/1.13, vendor/libfdt/1.4.7, vendor/ck/20180711, vendor/acpica/20180629, vendor/lldb/lldb-release_601-r335540, vendor/lld/lld-release_601-r335540, vendor/libc++/libc++-release_601-r335540, vendor/compiler-rt/compiler-rt-release_601-r335540, vendor/clang/clang-release_601-r335540, vendor/llvm/llvm-release_601-r335540, release/11.2.0, upstream/11.2.0, vendor/device-tree/4.17, vendor/acpica/20180531, vendor/ck/20180524, vendor/Juniper/libxo/0.9.0, vendor/file/5.33, vendor/NetBSD/bmake/20180512, vendor/xz/5.2.4, vendor/ck/20180517, vendor/unbound/1.7.1, vendor/unbound/1.7.0, vendor/unbound/1.6.8, vendor/unbound/1.6.7, vendor/unbound/1.6.6, vendor/unbound/1.6.5, vendor/unbound/1.6.4, vendor/unbound/1.6.3, vendor/unbound/1.6.2, vendor/unbound/1.6.1, vendor/ena-com/1.1.4.5, vendor/acpica/20180508, vendor/sqlite3/sqlite-3230100, vendor/subversion/subversion-1.10.0, vendor/openssh/7.7p1, vendor/openssh/7.6p1, vendor/tzdata/tzdata2018e, vendor/acpica/20180427, vendor/elftoolchain/elftoolchain-r3614, vendor/device-tree/4.16, vendor/opencsd/900407e9d6400f6541138d6c2e483a9fc2d699a4, vendor/heimdal/7.5.0, vendor/krb5/1.16, vendor/ck/20180304, vendor/openssl/1.0.2o, vendor/tzdata/tzdata2018d, vendor/processor-trace/24982c1a6fce48f1e416461d42899805f74fbb26, vendor/acpica/20180313, vendor/lld/lld-release_600-r326565, vendor/clang/clang-release_600-r326565, vendor/llvm/llvm-release_600-r326565, vendor/NetBSD/bmake/20180222, vendor/ntp/4.2.8p11, vendor/lldb/lldb-release_60-r325932, vendor/lldb/lldb-release_600-r326565, vendor/lld/lld-release_60-r325932, vendor/clang/clang-release_60-r325932, vendor/llvm/llvm-release_60-r325932, vendor/less/v530, vendor/lldb/lldb-release_60-r325330, vendor/lld/lld-release_60-r325330, vendor/libc++/libc++-release_60-r325330, vendor/libc++/libc++-release_60-r325932, vendor/libc++/libc++-release_600-r326565, vendor/compiler-rt/compiler-rt-release_60-r325330, vendor/compiler-rt/compiler-rt-release_60-r325932, vendor/compiler-rt/compiler-rt-release_600-r326565, vendor/clang/clang-release_60-r325330, vendor/llvm/llvm-release_60-r325330, vendor/device-tree/4.15, vendor/acpica/20180209, vendor/lld/lld-release_60-r324090, vendor/clang/clang-release_60-r324090, vendor/llvm/llvm-release_60-r324090, vendor/lld/lld-release_60-r323948, vendor/compiler-rt/compiler-rt-release_60-r323948, vendor/compiler-rt/compiler-rt-release_60-r324090, vendor/clang/clang-release_60-r323948, vendor/llvm/llvm-release_60-r323948, vendor/lldb/lldb-release_60-r323338, vendor/lldb/lldb-release_60-r323948, vendor/lldb/lldb-release_60-r324090, vendor/lld/lld-release_60-r323338, vendor/libc++/libc++-release_60-r323338, vendor/libc++/libc++-release_60-r323948, vendor/libc++/libc++-release_60-r324090, vendor/compiler-rt/compiler-rt-release_60-r323338, vendor/clang/clang-release_60-r323338, vendor/llvm/llvm-release_60-r323338, vendor/tzdata/tzdata2018c, vendor/libfdt/1.4.6, vendor/tzdata/tzdata2018a, vendor/dtc/1.4.6, vendor/lldb/lldb-release_60-r321788, vendor/lld/lld-release_60-r321788, vendor/libc++/libc++-release_60-r321788, vendor/compiler-rt/compiler-rt-release_60-r321788, vendor/clang/clang-release_60-r321788, vendor/llvm/llvm-release_60-r321788, vendor/acpica/20180105, vendor/compiler-rt/compiler-rt-trunk-r321545, vendor/llvm/llvm-trunk-r321545, vendor/lldb/lldb-trunk-r321530, vendor/lldb/lldb-trunk-r321545, vendor/lld/lld-trunk-r321530, vendor/lld/lld-trunk-r321545, vendor/libc++/libc++-trunk-r321530, vendor/libc++/libc++-trunk-r321545, vendor/compiler-rt/compiler-rt-trunk-r321530, vendor/clang/clang-trunk-r321530, vendor/clang/clang-trunk-r321545, vendor/llvm/llvm-trunk-r321530, vendor/lld/lld-trunk-r321426, vendor/clang/clang-trunk-r321426, vendor/llvm/llvm-trunk-r321426, vendor/lldb/lldb-trunk-r321414, vendor/lldb/lldb-trunk-r321426, vendor/lld/lld-trunk-r321414, vendor/libc++/libc++-trunk-r321414, vendor/libc++/libc++-trunk-r321426, vendor/compiler-rt/compiler-rt-trunk-r321414, vendor/compiler-rt/compiler-rt-trunk-r321426, vendor/clang/clang-trunk-r321414, vendor/llvm/llvm-trunk-r321414, vendor/lldb/lldb-trunk-r321017, vendor/lld/lld-trunk-r321017, vendor/libc++/libc++-trunk-r321017, vendor/compiler-rt/compiler-rt-trunk-r321017, vendor/clang/clang-trunk-r321017, vendor/llvm/llvm-trunk-r321017, vendor/lld/lld-release_501-r320880, vendor/clang/clang-release_501-r320880, vendor/llvm/llvm-release_501-r320880, vendor/acpica/20171214, vendor/openssl/1.0.2n, vendor/lldb/lldb-release_50-r319231, vendor/lldb/lldb-release_501-r320880, vendor/lld/lld-release_50-r319231, vendor/libc++/libc++-release_50-r319231, vendor/libc++/libc++-release_501-r320880, vendor/clang/clang-release_50-r319231, vendor/llvm/llvm-release_50-r319231, vendor/lua/5.3.4, vendor/NetBSD/libc-vis/20171127 |
|
#
fe267a55 |
| 27-Nov-2017 |
Pedro F. Giffuni <pfg@FreeBSD.org> |
sys: general adoption of SPDX licensing ID tags.
Mainly focus on files that use BSD 2-Clause license, however the tool I was using misidentified many licenses so this was mostly a manual - error pro
sys: general adoption of SPDX licensing ID tags.
Mainly focus on files that use BSD 2-Clause license, however the tool I was using misidentified many licenses so this was mostly a manual - error prone - task.
The Software Package Data Exchange (SPDX) group provides a specification to make it easier for automated tools to detect and summarize well known opensource licenses. We are gradually adopting the specification, noting that the tags are considered only advisory and do not, in any way, superceed or replace the license texts.
No functional change intended.
show more ...
|
Revision tags: vendor/less/v529, vendor/device-tree/4.14, vendor/acpica/20171110, vendor/zstd/1.3.2, vendor/ena-com/1.1.4.4, vendor/openssl/1.0.2m, vendor/NetBSD/bmake/20171028, vendor/ena-com/1.1.4.3, vendor/tzdata/tzdata2017c, vendor/device-tree/4.13, vendor/wpa/2.6, vendor/mandoc/1.14.3, vendor/acpica/20170929, release/10.4.0, upstream/10.4.0, vendor/tcpdump/4.9.2, vendor/file/5.32, vendor/NetBSD/libedit/2017-09-05, vendor/clang/clang-release_500-r312559, vendor/llvm/llvm-release_500-r312559, vendor/lldb/lldb-release_50-r312293, vendor/lldb/lldb-release_500-r312559, vendor/lld/lld-release_50-r312293, vendor/lld/lld-release_500-r312559, vendor/libc++/libc++-release_50-r312293, vendor/libc++/libc++-release_500-r312559, vendor/compiler-rt/compiler-rt-release_50-r312293, vendor/compiler-rt/compiler-rt-release_50-r319231, vendor/compiler-rt/compiler-rt-release_500-r312559, vendor/compiler-rt/compiler-rt-release_501-r320880, vendor/clang/clang-release_50-r312293, vendor/llvm/llvm-release_50-r312293, vendor/ctfdump/20170831, vendor/acpica/20170831, vendor/lldb/lldb-release_50-r311606, vendor/compiler-rt/compiler-rt-release_50-r311606, vendor/clang/clang-release_50-r311606, vendor/llvm/llvm-release_50-r311606, vendor/zstd/1.3.1 |
|
#
22bbefb2 |
| 21-Aug-2017 |
Andrey V. Elsukov <ae@FreeBSD.org> |
Fix the regression introduced in r275710.
When a security policy should match TCP connection with specific ports, the SYN+ACK segment send by syncache_respond() is considered as forwarded packet, be
Fix the regression introduced in r275710.
When a security policy should match TCP connection with specific ports, the SYN+ACK segment send by syncache_respond() is considered as forwarded packet, because at this moment TCP connection does not have PCB structure, and ip_output() is called without inpcb pointer. In this case SPIDX filled for SP lookup will not contain TCP ports and security policy will not be found. This can lead to unencrypted SYN+ACK on the wire.
This patch restores the old behavior, when ports will not be filled only for forwarded packets.
Reported by: Dewayne Geraghty <dewayne.geraghty at heuristicsystems.com.au> MFC after: 1 week
show more ...
|
Revision tags: vendor/lld/lld-release_50-r311219, vendor/lld/lld-release_50-r311606, vendor/libc++/libc++-release_50-r311219, vendor/libc++/libc++-release_50-r311606, vendor/clang/clang-release_50-r311219, vendor/llvm/llvm-release_50-r311219, vendor/sqlite3/sqlite-3200000, vendor/subversion/subversion-1.9.7, vendor/libc++/libc++-release_50-r310316, vendor/clang/clang-release_50-r310316, vendor/llvm/llvm-release_50-r310316, vendor/Juniper/libxo/0.8.4, vendor/openssh/7.5p1, vendor/ena-com/1.1.4.2, vendor/mandoc/1.14.2 |
|
#
1a01e0e7 |
| 31-Jul-2017 |
Andrey V. Elsukov <ae@FreeBSD.org> |
Add inpcb pointer to struct ipsec_ctx_data and pass it to the pfil hook from enc_hhook().
This should solve the problem when pf is used with if_enc(4) interface, and outbound packet with existing PC
Add inpcb pointer to struct ipsec_ctx_data and pass it to the pfil hook from enc_hhook().
This should solve the problem when pf is used with if_enc(4) interface, and outbound packet with existing PCB checked by pf, and this leads to deadlock due to pf does its own PCB lookup and tries to take rlock when wlock is already held.
Now we pass PCB pointer if it is known to the pfil hook, this helps to avoid extra PCB lookup and thus rlock acquiring is not needed. For inbound packets it is safe to pass NULL, because we do not held any PCB locks yet.
PR: 220217 MFC after: 3 weeks Sponsored by: Yandex LLC
show more ...
|
Revision tags: vendor/lldb/lldb-release_50-r309439, vendor/lldb/lldb-release_50-r310316, vendor/lldb/lldb-release_50-r311219, vendor/lld/lld-release_50-r309439, vendor/lld/lld-release_50-r310316, vendor/libc++/libc++-release_50-r309439, vendor/clang/clang-release_50-r309439, vendor/llvm/llvm-release_50-r309439, vendor/acpica/20170728, zfs-0.7.0, vendor/NetBSD/bmake/20170720, release/11.1.0, upstream/11.1.0, vendor/lldb/lldb-trunk-r308421, vendor/lld/lld-trunk-r308421, vendor/libc++/libc++-trunk-r308421, vendor/compiler-rt/compiler-rt-release_50-r309439, vendor/compiler-rt/compiler-rt-release_50-r310316, vendor/compiler-rt/compiler-rt-release_50-r311219, vendor/compiler-rt/compiler-rt-trunk-r308421, vendor/clang/clang-trunk-r308421, vendor/llvm/llvm-trunk-r308421, vendor/NetBSD/bmake/20170711, vendor/zstd/1.3.0, vendor/lldb/lldb-trunk-r307894, vendor/lld/lld-trunk-r307894, vendor/libc++/libc++-trunk-r307894, vendor/compiler-rt/compiler-rt-trunk-r307894, vendor/clang/clang-trunk-r307894, vendor/llvm/llvm-trunk-r307894, zfs-0.7.0-rc5, vendor/libarchive/3.3.2, vendor/device-tree/4.12, vendor/krb5/1.15.1, vendor/lldb/lldb-trunk-r306956, vendor/lld/lld-trunk-r306956, vendor/libc++/libc++-trunk-r306956, vendor/compiler-rt/compiler-rt-trunk-r306956, vendor/clang/clang-trunk-r306956, vendor/llvm/llvm-trunk-r306956, vendor/acpica/20170629, vendor/pjdfstest/0.1, vendor/lldb/lldb-trunk-r306325, vendor/lld/lld-trunk-r306325, vendor/libc++/libc++-trunk-r306325, vendor/compiler-rt/compiler-rt-trunk-r306325, vendor/clang/clang-trunk-r306325, vendor/llvm/llvm-trunk-r306325, vendor/elftoolchain/elftoolchain-r3561, vendor/device-tree/4.11, vendor/lldb/lldb-trunk-r305575, vendor/lld/lld-trunk-r305575, vendor/libc++/libc++-trunk-r305575, vendor/compiler-rt/compiler-rt-trunk-r305575, vendor/clang/clang-trunk-r305575, vendor/llvm/llvm-trunk-r305575, vendor/Juniper/libxo/0.8.2, vendor/lldb/lldb-trunk-r305145, vendor/lld/lld-trunk-r305145, vendor/libc++/libc++-trunk-r305145, vendor/compiler-rt/compiler-rt-trunk-r305145, vendor/clang/clang-trunk-r305145, vendor/llvm/llvm-trunk-r305145, vendor/Juniper/libxo/0.8.1, vendor/mandoc/20170608, vendor/Juniper/libxo/0.8.0, vendor/lldb/lldb-trunk-r304659, vendor/lld/lld-trunk-r304659, vendor/libc++/libc++-trunk-r304659, vendor/compiler-rt/compiler-rt-trunk-r304659, vendor/clang/clang-trunk-r304659, vendor/llvm/llvm-trunk-r304659, vendor/lldb/lldb-trunk-r304460, vendor/lld/lld-trunk-r304460, vendor/libc++/libc++-trunk-r304460, vendor/compiler-rt/compiler-rt-trunk-r304460, vendor/clang/clang-trunk-r304460, vendor/llvm/llvm-trunk-r304460, vendor/acpica/20170531, vendor/byacc/20170430, vendor/lldb/lldb-trunk-r304222, vendor/lld/lld-trunk-r304222, vendor/libc++/libc++-trunk-r304222, vendor/clang/clang-trunk-r304222, vendor/llvm/llvm-trunk-r304222, vendor/lldb/lldb-trunk-r304149, vendor/lld/lld-trunk-r304149, vendor/libc++/libc++-trunk-r304149, vendor/compiler-rt/compiler-rt-trunk-r304149, vendor/compiler-rt/compiler-rt-trunk-r304222, vendor/clang/clang-trunk-r304149, vendor/llvm/llvm-trunk-r304149 |
|
#
7f1f6591 |
| 29-May-2017 |
Andrey V. Elsukov <ae@FreeBSD.org> |
Disable IPsec debugging code by default when IPSEC_DEBUG kernel option is not specified.
Due to the long call chain IPsec code can produce the kernel stack exhaustion on the i386 architecture. The d
Disable IPsec debugging code by default when IPSEC_DEBUG kernel option is not specified.
Due to the long call chain IPsec code can produce the kernel stack exhaustion on the i386 architecture. The debugging code usually is not used, but it requires a lot of stack space to keep buffers for strings formatting. This patch conditionally defines macros to disable building of IPsec debugging code.
IPsec currently has two sysctl variables to configure debug output: * net.key.debug variable is used to enable debug output for PF_KEY protocol. Such debug messages are produced by KEYDBG() macro and usually they can be interesting for developers. * net.inet.ipsec.debug variable is used to enable debug output for DPRINTF() macro and ipseclog() function. DPRINTF() macro usually is used for development debugging. ipseclog() function is used for debugging by administrator.
The patch disables KEYDBG() and DPRINTF() macros, and formatting buffers declarations when IPSEC_DEBUG is not present in kernel config. This reduces stack requirement for up to several hundreds of bytes. The net.inet.ipsec.debug variable still can be used to enable ipseclog() messages by administrator.
PR: 219476 Reported by: eugen No objection from: #network MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D10869
show more ...
|
Revision tags: vendor/openssl/1.0.2l |
|
#
3aee7099 |
| 23-May-2017 |
Andrey V. Elsukov <ae@FreeBSD.org> |
Fix possible double releasing for SA and SP references.
There are two possible ways how crypto callback are called: directly from caller and deffered from crypto thread.
For outbound packets the di
Fix possible double releasing for SA and SP references.
There are two possible ways how crypto callback are called: directly from caller and deffered from crypto thread.
For outbound packets the direct call chain is the following: IPSEC_OUTPUT() method -> ipsec[46]_common_output() -> -> ipsec[46]_perform_request() -> xform_output() -> -> crypto_dispatch() -> crypto_invoke() -> crypto_done() -> -> xform_output_cb() -> ipsec_process_done() -> ip[6]_output().
The SA and SP references are held while crypto processing is not finished. The error handling code wrongly expected that crypto callback always called from the crypto thread context, and it did references releasing in xform_output_cb(). But when the crypto callback called directly, in case of error the error handling code in ipsec[46]_perform_request() also did references releasing.
To fix this, remove error handling from ipsec[46]_perform_request() and do it in xform_output() before crypto_dispatch().
MFC after: 10 days
show more ...
|