#
6659296c |
| 20-Jun-2013 |
Andrey V. Elsukov <ae@FreeBSD.org> |
Use IPSECSTAT_INC() and IPSEC6STAT_INC() macros for ipsec statistics accounting.
MFC after: 2 weeks
|
Revision tags: vendor/subversion/subversion-1.8.0, vendor/sqlite3/sqlite-3071700, vendor/subversion/subversion-1.8.0-rc3, vendor/serf/serf-1.2.1, vendor/apr-util/apr-util-1.4.1, vendor/apr/apr-1.4.6, vendor/dialog/1.2-20130523, vendor/clang/clang-release_33-r183502, vendor/llvm/llvm-release_33-r183502, vendor/NetBSD/bmake/20130604, release/8.4.0, vendor/byacc/20130304, vendor/tcpdump/4.4.0, vendor/libpcap/1.4.0, vendor/compiler-rt/compiler-rt-r182741, vendor/NetBSD/bmake/20130520, vendor/acpica/20130517, vendor/openssh/6.2p2, vendor/libregex/glibc-2.17, vendor/less/v458, vendor/tnftp/20130505, vendor/zlib/1.2.8, vendor/hyperv/20130502, vendor/flex/2.5.37, vendor/qcamain_open_hal/60390a9f9ac6a20db168fbbc01a4ad4e01c395ce, vendor/libc++/r180598, vendor/libcxxrt/2013-04-22-c812a07cd2f95c1403baf0bbe0366e7618d1d6d3, vendor/sendmail/8.14.7, vendor/tzdata/tzdata2013c, vendor/acpica/20130418, vendor/netcat/5.3 |
|
#
9cb8d207 |
| 09-Apr-2013 |
Andrey V. Elsukov <ae@FreeBSD.org> |
Use IP6STAT_INC/IP6STAT_DEC macros to update ip6 stats.
MFC after: 1 week
|
Revision tags: vendor/NetBSD/mtree/20130408, vendor/clang/clang-trunk-r178860, vendor/llvm/llvm-trunk-r178860, vendor/unbound/1.4.20, vendor/acpica/20130328, vendor/NetBSD/bmake/20130330, vendor/bind9/9.8.4-P2, zfs-0.6.1, vendor/openssh/6.2p1, vendor/libarchive/3.1.2, vendor/tzdata/tzdata2013b, vendor/openssl/0.9.8y, vendor/libyaml/0.1.4, vendor/expat/2.1.0, vendor/NetBSD/unvis/20130221, vendor/NetBSD/vis/20130221, vendor/NetBSD/libc-vis/20130221, vendor/acpica/20130214, vendor/ldns/1.6.16, vendor/openssl/1.0.1e, vendor/libc++/r174563, zfs-0.6.0-rc14, vendor/NetBSD/bmake/20130123, vendor/libcxxrt/2013-01-21-c4b68a5c1836b9027fe8784fec25b7a2e6e6aa60, vendor/compiler-rt/compiler-rt-r172839, vendor/acpica/20130117, vendor/libcxxrt/2013-01-11-b9db3a010143160624f123763025ab544b69bd9a, vendor/one-true-awk/20121220, vendor/acpica/20121220, vendor/sendmail/8.14.6, vendor/clang/clang-release_32-r170710, vendor/llvm/llvm-release_32-r170710, vendor/xz/5.0.4, vendor/NetBSD/mknod/20122112, vendor/NetBSD/mtree/20122112, zfs-0.6.0-rc13, vendor/bind9/9.6-ESV-R8, vendor/openbsm/1.2-ALPHA-3, vendor/NetBSD/libc-vis/20121214a, vendor/NetBSD/libc-vis/20121214, vendor/bind9/9.8.4-P1, vendor/bind9/9.8.4 |
|
#
eb1b1807 |
| 05-Dec-2012 |
Gleb Smirnoff <glebius@FreeBSD.org> |
Mechanically substitute flags from historic mbuf allocator with malloc(9) flags within sys.
Exceptions:
- sys/contrib not touched - sys/mbuf.h edited manually
|
Revision tags: vendor/less/v456, vendor/clang/clang-release_32-r168974, vendor/llvm/llvm-release_32-r168974, vendor/openbsm/1.2-ALPHA-2, release/9.1.0, vendor/libc++/r168853, vendor/NetBSD/bmake/20121111, vendor/acpica/20121114, zfs-0.6.0-rc12, vendor/tzdata/tzdata2012j, vendor/libc++/r167493, vendor/tzdata/tzdata2012i, vendor/less/v453, vendor/pciids/pciids-20121024, vendor/tzdata/tzdata2012h, vendor/NetBSD/bmake/20121010 |
|
#
20472bce |
| 22-Oct-2012 |
Gleb Smirnoff <glebius@FreeBSD.org> |
Couple of changes missed from r241913, which converted IPv4 stack to network byte order.
|
Revision tags: vendor/netcat/5.2, vendor/libc++/r165949, vendor/tzdata/tzdata2012g, vendor/dialog/1.1-20120706, vendor/acpica/20121018, vendor/mandoc/1.12.1, vendor/bind9/9.6-ESV-R7-P4, vendor/bind9/9.8.3-P4, vendor/NetBSD/libc-vis/20121005, vendor/NetBSD/libc-pwcache/20121005, vendor/tcpdump/4.3.0, vendor/libpcap/1.3.0, vendor/NetBSD/libedit/2012-09-25, vendor/bind9/9.6-ESV-R7-P3, vendor/bind9/9.8.3-P3, zfs-0.6.0-rc11, vendor/acpica/20120913, vendor/tzdata/tzdata2012f, vendor/NetBSD/bmake/20120831 |
|
#
d6d3f01e |
| 08-Sep-2012 |
Gleb Smirnoff <glebius@FreeBSD.org> |
Merge the projects/pf/head branch, that was worked on for last six months, into head. The most significant achievements in the new code:
o Fine grained locking, thus much better performance. o Fix
Merge the projects/pf/head branch, that was worked on for last six months, into head. The most significant achievements in the new code:
o Fine grained locking, thus much better performance. o Fixes to many problems in pf, that were specific to FreeBSD port.
New code doesn't have that many ifdefs and much less OpenBSDisms, thus is more attractive to our developers.
Those interested in details, can browse through SVN log of the projects/pf/head branch. And for reference, here is exact list of revisions merged:
r232043, r232044, r232062, r232148, r232149, r232150, r232298, r232330, r232332, r232340, r232386, r232390, r232391, r232605, r232655, r232656, r232661, r232662, r232663, r232664, r232673, r232691, r233309, r233782, r233829, r233830, r233834, r233835, r233836, r233865, r233866, r233868, r233873, r234056, r234096, r234100, r234108, r234175, r234187, r234223, r234271, r234272, r234282, r234307, r234309, r234382, r234384, r234456, r234486, r234606, r234640, r234641, r234642, r234644, r234651, r235505, r235506, r235535, r235605, r235606, r235826, r235991, r235993, r236168, r236173, r236179, r236180, r236181, r236186, r236223, r236227, r236230, r236252, r236254, r236298, r236299, r236300, r236301, r236397, r236398, r236399, r236499, r236512, r236513, r236525, r236526, r236545, r236548, r236553, r236554, r236556, r236557, r236561, r236570, r236630, r236672, r236673, r236679, r236706, r236710, r236718, r237154, r237155, r237169, r237314, r237363, r237364, r237368, r237369, r237376, r237440, r237442, r237751, r237783, r237784, r237785, r237788, r237791, r238421, r238522, r238523, r238524, r238525, r239173, r239186, r239644, r239652, r239661, r239773, r240125, r240130, r240131, r240136, r240186, r240196, r240212.
I'd like to thank people who participated in early testing:
Tested by: Florian Smeets <flo freebsd.org> Tested by: Chekaluk Vitaly <artemrts ukr.net> Tested by: Ben Wilber <ben desync.com> Tested by: Ian FREISLICH <ianf cloudseed.co.za>
show more ...
|
Revision tags: vendor/atf/atf-0.16, vendor/openssh/6.1p1, vendor/openssh/6.0p1, vendor/clang/clang-trunk-r162107, vendor/llvm/llvm-trunk-r162107, vendor/acpica/20120816, vendor/clang/clang-trunk-r161861, vendor/llvm/llvm-trunk-r161861, zfs-0.6.0-rc10, vendor/compiler-rt/compiler-rt-r160957, vendor/libarchive/3.0.4, vendor/bind9/9.6-ESV-R7-P2, vendor/bind9/9.8.3-P2, vendor/dtc/dtc-f807af19, vendor/less/v451 |
|
#
174b0d41 |
| 22-Jul-2012 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
Fix a bug introduced in r221129 that leads to a panic wen using bundled SAs. For now allow same address family bundles. While discovered with ESP and AH, which does not make a lot of sense, IPcomp
Fix a bug introduced in r221129 that leads to a panic wen using bundled SAs. For now allow same address family bundles. While discovered with ESP and AH, which does not make a lot of sense, IPcomp could be a possible problematic candidate.
PR: kern/164400 MFC after: 3 days
show more ...
|
Revision tags: vendor/illumos/20120614, vendor/illumos/20100818, vendor/opensolaris/20100818, vendor/openssl/1.0.1c, vendor/acpica/20120711, vendor/NetBSD/bmake/20120704, vendor/unbound/1.4.17, vendor/ldns/1.6.13, vendor/gcc/4.2.4-20080519-SVN135556-libstdc++, vendor/openssl/0.9.8x, vendor/less/v449, vendor/NetBSD/bmake/20120620, vendor/acpica/20120620, vendor/zlib/1.2.7, zfs-0.6.0-rc9, vendor/NetBSD/bmake/20120606, vendor/bind9/9.6-ESV-R7-P1, vendor/bind9/9.8.3-P1 |
|
#
7f63ba51 |
| 04-Jun-2012 |
Gleb Smirnoff <glebius@FreeBSD.org> |
Remove completely the m_addr_changed() hack, and support of reverse pointer in pf_state_ket, that ware 'if 0' since beginning of SMP-friendly pf project. In the new locking scheme we can't reference
Remove completely the m_addr_changed() hack, and support of reverse pointer in pf_state_ket, that ware 'if 0' since beginning of SMP-friendly pf project. In the new locking scheme we can't reference state keys from mbuf tags, nor a key can reference another key.
show more ...
|
Revision tags: vendor/byacc/20120526, vendor/bind9/9.6-ESV-R7, vendor/bind9/9.8.3, vendor/openpam/MICRAMPELIS, vendor/clang/clang-release_31-r156863, vendor/llvm/llvm-release_31-r156863, vendor/clang/clang-release_31-r156748, vendor/llvm/llvm-release_31-r156748, vendor/acpica/20120518, vendor/tcpdump/4.2.1, vendor/pciids/pciids-20120507, vendor/dtracetoolkit/dtracetoolkit-20120512, vendor/netcat/5.1, vendor/clang/clang-release_31-r155985, vendor/llvm/llvm-release_31-r155985, vendor/libc++/r156067, vendor/byacc/20120115, vendor/acpica/20120420, vendor/clang/clang-trunk-r154661, vendor/llvm/llvm-trunk-r154661, vendor/file/5.11, release/8.3.0_cvs, release/8.3.0, vendor/heimdal/1.5.2, vendor/bind9/9.6-ESV-R6, vendor/bind9/9.8.2, zfs-0.6.0-rc8, vendor/tzdata/tzdata2012a, vendor/acpica/20120320, vendor/libcxxrt/2012-03-20-cddcf8734ed06ada9384a461bc21d58b44f6eba1, zfs-0.6.0-rc7, vendor/libc++/r152718, vendor/libc++/r152501, vendor/libcxxrt/2011-11-22-a35d8de85ffd4df32e2dc47fa539d61fd3024a54, vendor/octeon-sdk/2.3.0, vendor/tcsh/6.18.01, vendor/acpica/20120215 |
|
#
81d5d46b |
| 03-Feb-2012 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
Add multi-FIB IPv6 support to the core network stack supplementing the original IPv4 implementation from r178888:
- Use RT_DEFAULT_FIB in the IPv4 implementation where noticed. - Use rt*fib() KPI wi
Add multi-FIB IPv6 support to the core network stack supplementing the original IPv4 implementation from r178888:
- Use RT_DEFAULT_FIB in the IPv4 implementation where noticed. - Use rt*fib() KPI with explicit RT_DEFAULT_FIB where applicable in the NFS code. - Use the new in6_rt* KPI in TCP, gif(4), and the IPv6 network stack where applicable. - Split in6_rtqtimo() and in6_mtutimo() as done in IPv4 and equally prevent multiple initializations of callouts in in6_inithead(). - Use wrapper functions where needed to preserve the current KPI to ease MFCs. Use BURN_BRIDGES to indicate expected future cleanup. - Fix (related) comments (both technical or style). - Convert to rtinit() where applicable and only use custom loops where currently not possible otherwise. - Multicast group, most neighbor discovery address actions and faith(4) are locked to the default FIB. Individual IPv6 addresses will only appear in the default FIB, however redirect information and prefixes of connected subnets are automatically propagated to all FIBs by default (mimicking IPv4 behavior as closely as possible).
Sponsored by: Cisco Systems, Inc.
show more ...
|
Revision tags: vendor/zlib/1.2.6, vendor/libpcap/1.2.1, vendor/libarchive/2.8, vendor/NetBSD/softfloat/20120117, vendor/acpica/20120111, vendor/compiler-rt/compiler-rt-r147467, release/9.0.0, vendor/xz-embedded/48f4588342f4a4e0182a6740e25675fd8e6c6295, vendor/compiler-rt/compiler-rt-r147390, vendor/netcat/5.0, vendor/openpam/LYCOPSIDA, vendor/clang/clang-r145349, vendor/llvm/llvm-r145349, vendor/gperf/3.0.3, vendor/flex/2.5.35, vendor/libcxxrt/8931d9e5180830a5433d16ae6b3ad8dd9e629512, vendor/libcxxrt/1be67aa8295314fb794c4e933d9bb7c7c33e0ca4, vendor/acpica/20111123, vendor/libcxxrt/9802a7e430e08b90bf0e92d24abff095fa72ec21, vendor/bind9/9.4-ESV-R5-P1, vendor/bind9/9.6-ESV-R5-P1, vendor/bind9/9.8.1-P1, vendor/tzdata/tzdata2011n, vendor/tzdata/tzdata2011m, vendor/clang/clang-r142614, vendor/llvm/llvm-r142614, vendor/tzdata/tzdata2011l, zfs-0.6.0-rc6, vendor/heimdal/1.5.1, vendor/com_err/1.5.1, vendor/file/5.09, vendor/heimdal/1.5, vendor/openssh/5.9p1, vendor/acpica/20110922, vendor/openresolv/3.4.4, vendor/bind9/9.8.1, vendor/one-true-awk/20110810, vendor/one-true-awk/20110807, vendor/bind9/9.4-ESV-R5, vendor/bind9/9.6-ESV-R5, vendor/clang/clang-r135360, vendor/llvm/llvm-r135360, vendor/pciids/pciids-20110716, vendor/bind9/9.8.0-P4, vendor/dialog/1.1-20110707, zfs-0.6.0-rc5, vendor/bind9/9.6-ESV-R4-P3, vendor/tzdata/tzdata2011h, vendor/acpica/20110623, vendor/tnftp/20100108, vendor/sendmail/8.14.5, vendor/clang/clang-r132879, vendor/llvm/llvm-r132879, vendor/less/v444, vendor/compiler-rt/compiler-rt-r132478, vendor/acpica/20110527, vendor/bind9/9.4-ESV-R4-P1, vendor/bind9/9.6-ESV-R4-P1, vendor/netcat/4.9, vendor/less/v443, vendor/one-true-awk/20110506, zfs-0.6.0-rc4, vendor/openssh/5.8p2, vendor/v4l/2.6.17, vendor/tre/0.8.0, vendor/one-true-awk/20110501, vendor/clang/clang-r130700, vendor/llvm/llvm-r130700, vendor/ncurses/5.9-20110405, vendor/ncurses/5.8-20110226 |
|
#
db178eb8 |
| 27-Apr-2011 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
Make IPsec compile without INET adding appropriate #ifdef checks.
Unfold the IPSEC_COMMON_INPUT_CB() macro in xform_{ah,esp,ipcomp}.c to not need three different versions depending on INET, INET6 or
Make IPsec compile without INET adding appropriate #ifdef checks.
Unfold the IPSEC_COMMON_INPUT_CB() macro in xform_{ah,esp,ipcomp}.c to not need three different versions depending on INET, INET6 or both.
Mark two places preparing for not yet supported functionality with IPv6.
Reviewed by: gnn Sponsored by: The FreeBSD Foundation Sponsored by: iXsystems MFC after: 4 days
show more ...
|
Revision tags: vendor/tzdata/tzdata2011g, vendor/dialog/1.1-20110302, vendor/acpica/20110413, vendor/tzdata/tzdata2011f, zfs-0.6.0-rc3, vendor/pciids/pciids-20110407, vendor/NetBSD/libedit/2010-08-04, vendor/tzdata/tzdata2011e, vendor/NetBSD/libedit/2010-06-01, vendor/NetBSD/libedit/2007-01-12, vendor/NetBSD/libedit/2006-03-23, vendor/NetBSD/libedit/2005-11-09 |
|
#
11d2f4df |
| 31-Mar-2011 |
Fabien Thomas <fabient@FreeBSD.org> |
Fix two SA refcount: - AH does not release the SA like in ESP/IPCOMP when handling EAGAIN - ipsec_process_done incorrectly release the SA.
Reviewed by: vanhu MFC after: 1 week
|
Revision tags: vendor/NetBSD/libedit/2005-08-02, vendor/NetBSD/libedit/2001-09-29, vendor/NetBSD/libedit/1997-06-25, vendor/openresolv/3.4.1, vendor/compiler-rt/compiler-rt-r127823, vendor/acpica/20110316, vendor/tzdata/tzdata2011d, zfs-0.6.0-rc2, vendor/gdtoa/20110304, vendor/tzdata/tzdata2011c, vendor/tzdata/tzdata2011b, vendor/clang/clang-r126547, vendor/llvm/llvm-r126547, vendor/xz/5.0.1, vendor/clang/clang-r126079, vendor/llvm/llvm-r126079, zfs-0.6.0-rc1, vendor/openssh/5.8p1, vendor/openssh/5.7p1, release/7.4.0_cvs, release/8.2.0_cvs, release/7.4.0, release/8.2.0, vendor/acpica/20110211, vendor/bind9/9.6.3, vendor/tzdata/tzdata2011a, vendor/acpica/20110112, vendor/dialog/1.1-20100428, vendor/acpica/20101209, vendor/bind9/9.4-ESV-R4, vendor/bind9/9.6-ESV-R3, vendor/openssl/0.9.8q, vendor/octeon-sdk/2.0.0, vendor/openssl/0.9.8p, zfs-0.5.2, vendor/xz/5.0.0, vendor/openssh/5.6p1, vendor/bind9/9.4-ESV-R3, vendor/tzdata/tzdata2010o, vendor/binutils/binutils-master-20070703-075419, vendor/bind9/9.6-ESV-R2, vendor/wpa/0.7.3, vendor/tcpdump/4.1.1, vendor/libpcap/1.1.1, vendor/tzcode/tzcode2010n |
|
#
4a85b5e2 |
| 23-Oct-2010 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
Make the IPsec SADB embedded route cache a union to be able to hold both the legacy and IPv6 route destination address. Previously in case of IPv6, there was a memory overwrite due to not enough spac
Make the IPsec SADB embedded route cache a union to be able to hold both the legacy and IPv6 route destination address. Previously in case of IPv6, there was a memory overwrite due to not enough space for the IPv6 address.
PR: kern/122565 MFC After: 2 weeks
show more ...
|
Revision tags: vendor/compiler-rt/compiler-rt-r117047, vendor/binutils/binutils-2_17-branch-20070807-000013, vendor/binutils/binutils-2_15-branch-20050608-153448, vendor/netcat/4.8, vendor/binutils/binutils-2_15-branch-20040523-044032 |
|
#
acf456a0 |
| 14-Oct-2010 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
Remove dead code: assignment to a local variable not used anywhere after that.
MFC after: 3 days
|
#
e046b77e |
| 14-Oct-2010 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
Style: make the asterisk go with the variable name, not the type.
MFC after: 3 days
|
Revision tags: vendor/acpica/20101013, vendor/xz/20101010, vendor/ee/1.5.2, vendor/ee/1.5.1, vendor/clang/clang-2.8, vendor/llvm/llvm-2.8, vendor/bzip2/1.0.6, vendor/tzcode/tzcode2010m, vendor/tzdata/tzdata2010m, vendor/clang/clang-r114020, vendor/llvm/llvm-r114020, vendor/clang/clang-r108428, vendor/llvm/llvm-r108428, vendor/acpica/20100915, zfs-0.5.1, vendor/tzcode/tzcode2010l, vendor/tzdata/tzdata2010l, vendor/acpica/20100806, vendor/opensolaris/20100802, vendor/tzdata/tzdata2010k, vendor/octeon-sdk/1.9.0, release/8.1.0_cvs, release/8.1.0, vendor/clang/clang-r108243, vendor/llvm/llvm-r108243, vendor/acpica/20100702, vendor/wpa/0.6.10, vendor/acpica/20100528, vendor/clang/clang-r104832, vendor/llvm/llvm-r104832, vendor/bind9/9.4-ESV-R2, vendor/bind9/9.6.2-P2, vendor/tzdata/tzdata2010j, vendor/xz/20100412, vendor/acpica/20100428, vendor/openssh/5.5p1, vendor/testfloat/2a, vendor/zlib/1.2.5, vendor/tzdata/tzdata2010i, vendor/zlib/1.2.4.3, vendor/tzdata/tzdata2010h, vendor/acpica/20100331, vendor/openssl/0.9.8n, vendor/zlib/1.2.4.1, vendor/bind9/9.4-ESV-R1, vendor/netcat/4.7, vendor/tzcode/tzcode2010f, vendor/tzdata/tzdata2010f, release/7.3.0_cvs, release/7.3.0, vendor/bind9/9.6.2-P1, vendor/zlib/1.2.4, vendor/tzdata/tzdata2010e, vendor/openssh/5.4p1, vendor/acpica/20100304, vendor/bind9/9.6.2, vendor/tzcode/tzcode2010c, vendor/tzdata/tzdata2010c, vendor/openssl/0.9.8m, vendor/dtc/dtc-d75b33af, vendor/dtc/1.2.0, vendor/tzcode/tzcode2010a, vendor/bind9/9.4-ESV, vendor/tzdata/tzdata2010b, vendor/sendmail/8.14.4, vendor/bind9/9.6.1-P3, vendor/acpica/20100121, vendor/netcat/4.6, vendor/tzdata/tzdata2010a, vendor/one-true-awk/20091126, vendor/tzdata/tzdata2009u, vendor/tzdata/tzdata2009t, vendor/tzcode/tzcode2009t, vendor/acpica/20091214, vendor/ntp/4.2.4p8, vendor/bind9/9.4.3-P4, vendor/bind9/9.6.1-P2, release/8.0.0_cvs, release/8.0.0, vendor/tzdata/tzdata2009s, vendor/acpica/20091112, vendor/tzcode/tzcode2009r, vendor/tzdata/tzdata2009r, vendor/clang/clang-r86025, vendor/llvm/llvm-r86025, vendor/tzcode/tzcode2009q, vendor/tzdata/tzdata2009q, vendor/tzdata/tzdata2009p, vendor/clang/clang-r84949, vendor/llvm/llvm-r84949, vendor/tzdata/tzdata2009o, vendor/llvm/llvm-r84176, vendor/clang/clang-r84175, vendor/clang/clang-r84119, vendor/llvm/llvm-r84119, vendor/acpica/20091013, vendor/openssh/5.3p1, vendor/tzdata/tzdata2009n, vendor/x86emu/4.6, vendor/tzdata/tzdata2009m, vendor/acpica/20090903, vendor/openssl/0.9.8k-dtls-fixes, vendor/pf-sys/4.5.002, vendor/pf/4.5, vendor/tzdata/tzdata2009l, vendor/openbsm/1.1-P-2 |
|
#
530c0060 |
| 01-Aug-2009 |
Robert Watson <rwatson@FreeBSD.org> |
Merge the remainder of kern_vimage.c and vimage.h into vnet.c and vnet.h, we now use jails (rather than vimages) as the abstraction for virtualization management, and what remained was specific to vi
Merge the remainder of kern_vimage.c and vimage.h into vnet.c and vnet.h, we now use jails (rather than vimages) as the abstraction for virtualization management, and what remained was specific to virtual network stacks. Minor cleanups are done in the process, and comments updated to reflect these changes.
Reviewed by: bz Approved by: re (vimage blanket)
show more ...
|
Revision tags: vendor/acpica/20090730, vendor/bind9/9.4.3-P3, vendor/bind9/9.6.1-P1, vendor/less/v436, vendor/tzcode/tzcode2009k, vendor/tzdata/tzdata2009k, vendor/openbsm/1.1-P-1 |
|
#
eddfbb76 |
| 14-Jul-2009 |
Robert Watson <rwatson@FreeBSD.org> |
Build on Jeff Roberson's linker-set based dynamic per-CPU allocator (DPCPU), as suggested by Peter Wemm, and implement a new per-virtual network stack memory allocator. Modify vnet to use the alloca
Build on Jeff Roberson's linker-set based dynamic per-CPU allocator (DPCPU), as suggested by Peter Wemm, and implement a new per-virtual network stack memory allocator. Modify vnet to use the allocator instead of monolithic global container structures (vinet, ...). This change solves many binary compatibility problems associated with VIMAGE, and restores ELF symbols for virtualized global variables.
Each virtualized global variable exists as a "reference copy", and also once per virtual network stack. Virtualized global variables are tagged at compile-time, placing the in a special linker set, which is loaded into a contiguous region of kernel memory. Virtualized global variables in the base kernel are linked as normal, but those in modules are copied and relocated to a reserved portion of the kernel's vnet region with the help of a the kernel linker.
Virtualized global variables exist in per-vnet memory set up when the network stack instance is created, and are initialized statically from the reference copy. Run-time access occurs via an accessor macro, which converts from the current vnet and requested symbol to a per-vnet address. When "options VIMAGE" is not compiled into the kernel, normal global ELF symbols will be used instead and indirection is avoided.
This change restores static initialization for network stack global variables, restores support for non-global symbols and types, eliminates the need for many subsystem constructors, eliminates large per-subsystem structures that caused many binary compatibility issues both for monitoring applications (netstat) and kernel modules, removes the per-function INIT_VNET_*() macros throughout the stack, eliminates the need for vnet_symmap ksym(2) munging, and eliminates duplicate definitions of virtualized globals under VIMAGE_GLOBALS.
Bump __FreeBSD_version and update UPDATING.
Portions submitted by: bz Reviewed by: bz, zec Discussed with: gnn, jamie, jeff, jhb, julian, sam Suggested by: peter Approved by: re (kensmith)
show more ...
|
Revision tags: vendor/tcsh/6.17.00, vendor/clang/clang-r74788, vendor/llvm/llvm-r74788, vendor/clang/clang-r74383, vendor/llvm/llvm-r74383, vendor/acpica/20090625, vendor/bind9/9.6.1, vendor/clang/clang-r73984, vendor/llvm/llvm-r73984, vendor/clang/clang-r73954, vendor/llvm/llvm-r73954, vendor/clang/clang-r73879, vendor/llvm/llvm-r73879, vendor/tzdata/tzdata2009j, vendor/opensolaris/20080410b, vendor/clang/clang-r73340, vendor/llvm/llvm-r73340 |
|
#
7b495c44 |
| 12-Jun-2009 |
VANHULLEBUS Yvan <vanhu@FreeBSD.org> |
Added support for NAT-Traversal (RFC 3948) in IPsec stack.
Thanks to (no special order) Emmanuel Dreyfus (manu@netbsd.org), Larry Baird (lab@gta.com), gnn, bz, and other FreeBSD devs, Julien Vanherz
Added support for NAT-Traversal (RFC 3948) in IPsec stack.
Thanks to (no special order) Emmanuel Dreyfus (manu@netbsd.org), Larry Baird (lab@gta.com), gnn, bz, and other FreeBSD devs, Julien Vanherzeele (julien.vanherzeele@netasq.com, for years of bug reporting), the PFSense team, and all people who used / tried the NAT-T patch for years and reported bugs, patches, etc...
X-MFC: never
Reviewed by: bz Approved by: gnn(mentor) Obtained from: NETASQ
show more ...
|
Revision tags: vendor/tzcode/tzcode2009i, vendor/tzdata/tzdata2009i, vendor/clang/clang-r73070, vendor/llvm/llvm-r73070, vendor/openssl/0.9.8k, vendor/clang/clang-r73021, vendor/llvm/llvm-r73021, vendor/clang/clang-r72995, vendor/llvm/llvm-r72995, vendor/clang/clang-r72805, vendor/llvm/llvm-r72805, vendor/clang/clang-r72770, vendor/llvm/llvm-r72770, vendor/clang/clang-r72732, vendor/llvm/llvm-r72732, vendor/acpica/20090521, vendor/acpica/20070320resync, vendor/bind9/9.6.1rc1, vendor/netcat/4.5, vendor/tzcode/tzcode2009h, vendor/tzdata/tzdata2009h, vendor/ee/1.5.0, vendor/ee/1.4.7, vendor/ee/1.4.6, vendor/ee/1.4.5a, vendor/ee/1.4.4, vendor/ee/1.4.3, vendor/ee/1.4.2, vendor/top/3.8b1, vendor/tzcode/tzcode2009e, vendor/file/5.03, vendor/less/v429, vendor/binutils/2.15-r191844-obrien, vendor/file/5.00, release/7.2.0_cvs, release/7.2.0, vendor/tzdata/tzdata2009g, vendor/openbsm/1.1, vendor/tzdata/tzdata2009f, vendor/tzdata/tzdata2009e, vendor/tzdata/tzdata2009d, vendor/bind9/9.4.3-P2, vendor/libpcap/1.0.0, vendor/tcpdump/4.0.0, vendor/tzdata/tzdata2009c, vendor/openbsm/1.1-BETA-1, vendor/wpa/0.6.8, vendor/openssh/5.2p1, vendor/tzdata/tzdata2009b |
|
#
89d18518 |
| 30-Jan-2009 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
Use NULL rather than 0 when comparing pointers.
MFC after: 2 weeks
|
Revision tags: vendor/gdtoa/20081205, vendor/tzdata/tzdata2009a, vendor/wpa_supplicant/0.5.11, vendor/wpa_supplicant/0.5.10, vendor/openbsm/1.1-ALPHA-5, vendor/bind9/9.3.6-P1, vendor/bind9/9.4.3-P1, vendor/file/4.26, release/7.1.0_cvs, release/7.1.0, vendor/openbsm/1.1-ALPHA-4, vendor/bind9/9.4.3, vendor/resolver/9.4.3, vendor/pf-sys/4.4, vendor/pf-sys/4.3, vendor/pf-sys/4.2, vendor/pf/4.4, vendor/pf/4.3, vendor/pf/4.2 |
|
#
4b79449e |
| 02-Dec-2008 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
Rather than using hidden includes (with cicular dependencies), directly include only the header files needed. This reduces the unneeded spamming of various headers into lots of files.
For now, this
Rather than using hidden includes (with cicular dependencies), directly include only the header files needed. This reduces the unneeded spamming of various headers into lots of files.
For now, this leaves us with very few modules including vnet.h and thus needing to depend on opt_route.h.
Reviewed by: brooks, gnn, des, zec, imp Sponsored by: The FreeBSD Foundation
show more ...
|
Revision tags: release/6.4.0_cvs, release/6.4.0, vendor/openbsm/1.1-ALPHA-2, vendor/ncurses/5.7-20081102, vendor/tzdata/tzdata2008i, vendor/tzdata/tzdata2008h, vendor/tzdata/tzdata2008g |
|
#
8b615593 |
| 02-Oct-2008 |
Marko Zec <zec@FreeBSD.org> |
Step 1.5 of importing the network stack virtualization infrastructure from the vimage project, as per plan established at devsummit 08/08: http://wiki.freebsd.org/Image/Notes200808DevSummit
Introduc
Step 1.5 of importing the network stack virtualization infrastructure from the vimage project, as per plan established at devsummit 08/08: http://wiki.freebsd.org/Image/Notes200808DevSummit
Introduce INIT_VNET_*() initializer macros, VNET_FOREACH() iterator macros, and CURVNET_SET() context setting macros, all currently resolving to NOPs.
Prepare for virtualization of selected SYSCTL objects by introducing a family of SYSCTL_V_*() macros, currently resolving to their global counterparts, i.e. SYSCTL_V_INT() == SYSCTL_INT().
Move selected #defines from sys/sys/vimage.h to newly introduced header files specific to virtualized subsystems (sys/net/vnet.h, sys/netinet/vinet.h etc.).
All the changes are verified to have zero functional impact at this point in time by doing MD5 comparision between pre- and post-change object files(*).
(*) netipsec/keysock.c did not validate depending on compile time options.
Implemented by: julian, bz, brooks, zec Reviewed by: julian, bz, brooks, kris, rwatson, ... Approved by: julian (mentor) Obtained from: //depot/projects/vimage-commit2/... X-MFC after: never Sponsored by: NLnet Foundation, The FreeBSD Foundation
show more ...
|
Revision tags: vendor/netcat/4.4, vendor/openssl/0.9.8i, vendor/tzdata/tzdata2008f, vendor/gdtoa/20080831, vendor/bind9/9.3.5-P2, vendor/bind9/9.4.2-P2, vendor/sendmail/8.14.3, vendor/ath/0.10.5.10, vendor/ntp/4.2.4p5 |
|
#
603724d3 |
| 17-Aug-2008 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
Commit step 1 of the vimage project, (network stack) virtualization work done by Marko Zec (zec@).
This is the first in a series of commits over the course of the next few weeks.
Mark all uses of g
Commit step 1 of the vimage project, (network stack) virtualization work done by Marko Zec (zec@).
This is the first in a series of commits over the course of the next few weeks.
Mark all uses of global variables to be virtualized with a V_ prefix. Use macros to map them back to their global names for now, so this is a NOP change only.
We hope to have caught at least 85-90% of what is needed so we do not invalidate a lot of outstanding patches again.
Obtained from: //depot/projects/vimage-commit2/... Reviewed by: brooks, des, ed, mav, julian, jamie, kris, rwatson, zec, ... (various people I forgot, different versions) md5 (with a bit of help) Sponsored by: NLnet Foundation, The FreeBSD Foundation X-MFC after: never V_Commit_Message_Reviewed_By: more people than the patch
show more ...
|
#
97c2a697 |
| 12-Aug-2008 |
VANHULLEBUS Yvan <vanhu@FreeBSD.org> |
Increase statistic counters for enc0 interface when enabled and processing IPSec traffic.
Approved by: gnn (mentor) MFC after: 1 week
|
Revision tags: vendor/tzdata/tzdata2008e, vendor/tzdata/tzdata2008d, vendor/tzdata/tzdata2008c, vendor/pf-sys/4.1.001, vendor/openssh/5.1p1, vendor/openssh/5.0p1, vendor/openssh/4.9p1, vendor/openssh/4.7p1, vendor/openssh/4.6p1, vendor/bind9/9.3.5-P1, vendor/bind9/9.3.5, vendor/bind9/9.4.2-P1, vendor/misc-GNU/cpio/2.8, vendor/binutils/2.15.20040523 |
|
#
eaa9325f |
| 24-May-2008 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
In addition to the ipsec_osdep.h removal a week ago, now also eliminate IPSEC_SPLASSERT_SOFTNET which has been 'unused' since FreeBSD 5.0.
|
Revision tags: vendor/opensolaris/20080410, vendor/ncurses/5.6-20080503, vendor/expat/2.0.1, vendor/com_err/1.1.0, vendor/heimdal/1.1.0, vendor/opensolaris/20080410a, vendor/gcc/trunk_20080418-SVN134423, vendor/netcat/4.3, vendor/tzdata/tzdata2008b, vendor/bzip2/1.0.5, vendor/misc-GNU/cvs/1.11-20080310 |
|
#
9e3bdede |
| 14-Mar-2008 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
Correct IPsec behaviour with a 'use' level in SP but no SA available. In that case return an continue processing the packet without IPsec.
PR: 121384 MFC after: 5 days Reported by: Cyrus Rahman (cr
Correct IPsec behaviour with a 'use' level in SP but no SA available. In that case return an continue processing the packet without IPsec.
PR: 121384 MFC after: 5 days Reported by: Cyrus Rahman (crahman gmail.com) Tested by: Cyrus Rahman (crahman gmail.com) [slightly older version]
show more ...
|
Revision tags: vendor/tcsh/6.15b, vendor/tzdata/tzdata2008a, vendor/bsnmp/syrinx_20080307_bugfix, release/7.0.0_cvs, release/7.0.0, vendor/ncurses/5.6-20080209, vendor/file/4.23-r1.46, vendor/binutils/2.15.cvsrev_1_51, release/6.3.0_cvs, release/6.3.0, vendor/file/4.23, vendor/misc-GNU/cvs/1.11.22, vendor/tzdata/tzdata2007k, vendor/ncurses/5.6-20071222, vendor/openpam/HYDRANGEA, vendor/amd/6.1.5, vendor/tzdata/tzdata2007j, vendor/resolver/9.4.2, vendor/bind9/9.4.2 |
|
#
19ad9831 |
| 28-Nov-2007 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
Add sysctls to if_enc(4) to control whether the firewalls or bpf will see inner and outer headers or just inner or outer headers for incoming and outgoing IPsec packets.
This is useful in bpf to not
Add sysctls to if_enc(4) to control whether the firewalls or bpf will see inner and outer headers or just inner or outer headers for incoming and outgoing IPsec packets.
This is useful in bpf to not have over long lines for debugging or selcting packets based on the inner headers. It also properly defines the behavior of what the firewalls see.
Last but not least it gives you if_enc(4) for IPv6 as well.
[ As some auxiliary state was not available in the later input path we save it in the tdbi. That way tcpdump can give a consistent view of either of (authentic,confidential) for both before and after states. ]
Discussed with: thompsa (2007-04-25, basic idea of unifying paths) Reviewed by: thompsa, gnn
show more ...
|
Revision tags: vendor/less/v416, vendor/less/v415, vendor/libreadline/5.2p3_p7, vendor/sendmail/8.14.2, vendor/tzdata/tzdata2007i, vendor/openbsm/1.0, vendor/one-true-awk/20071023, vendor/ipfilter/4.1.28, vendor/ipfilter-sys/4-1-28, vendor/openssl/0.9.8-20071018, vendor/tcpdump/3.9.8, vendor/libpcap/0.9.8, vendor/tcsh/6.15a, vendor/less/v409, vendor/tzdata/tzdata2007h, vendor/less/v408, vendor/tzdata/tzdata2007g, vendor/gcc/4.2.1-20070718-SVN126787, vendor/bind9/9.4.1p1, vendor/openbsm/1.0-ALPHA-15 |
|
#
b28cd334 |
| 19-Jul-2007 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
Replace hard coded options by their defined PFIL_{IN,OUT} names.
Approved by: re (hrs)
|