| created | 2019-05-08T06:04:06Z |
|---|---|
| begin | 2018-02-08T00:00:00Z |
| end | 2018-02-09T00:00:00Z |
| path | src/sys |
| commits | 19 |
| date | 2018-02-08T02:25:44Z | |||
|---|---|---|---|---|
| author | henning | |||
| files | src/sys/net/pf_ioctl.c | log | diff | annotate |
| src/sys/net/pf_syncookies.c | log | diff | annotate | |
| src/sys/net/pfvar.h | log | diff | annotate | |
| message |
add DIOCGETSYNFLWATS to get current synflood detection watermarks, ok claudio benno procter |
|||
| date | 2018-02-08T04:58:55Z | |||
|---|---|---|---|---|
| author | dlg | |||
| files | src/sys/net/if_gre.c | log | diff | annotate |
| message |
reintroduce support for keepalives. there's a couple of bug fixes in here too. this properly initializes the ttl on the tunnel, and it clears the ip_off header. requested by claudio@ |
|||
| date | 2018-02-08T05:00:37Z | |||
|---|---|---|---|---|
| author | dlg | |||
| files | src/sys/net/if_gre.c | log | diff | annotate |
| message | gre doesnt need ifmedia | |||
| date | 2018-02-08T05:00:38Z | |||
|---|---|---|---|---|
| author | patrick | |||
| files | src/sys/dev/ic/bwfm.c | log | diff | annotate |
| src/sys/dev/ic/bwfmvar.h | log | diff | annotate | |
| src/sys/dev/pci/if_bwfm_pci.c | log | diff | annotate | |
| src/sys/dev/usb/if_bwfm_usb.c | log | diff | annotate | |
| message |
Move bwfm(4) from ifq begin/commit/rollback semantics to the newer ifq dequeue semantics. This basically means we need to check for available space before dequeuing a packet. As soon as we dequeue a packet we commit to it. On the PCIe backend this check can not be done easily since the flowring depends on the packet contents and we cannot take a peek. When there is no flowring we cache the mbuf and send it out as soon as the flowring opened up. Then the ifq can be restarted and traffic can flow. Typically we usually run out of packet ids, which can be checked without consulting the packet. The flowring probably never becomes full as the bwfm(4) firmware takes the packets off the ring without actually sending them out. Discussed with dlg@ |
|||
| date | 2018-02-08T06:02:09Z | |||
|---|---|---|---|---|
| author | deraadt | |||
| files | src/sys/dev/softraid.c | log | diff | annotate |
| src/sys/dev/acpi/acpi.c | log | diff | annotate | |
| message |
sr_quiesce() is a new approach for ensuring that softraid drains output to the disks. This is part of a larger suspend/resume filesystem-safety diff, which has been worked on for a couple of months already. Tests by job, krw, beck, benno, and others. Sometimes even by snapshot users... |
|||
| date | 2018-02-08T09:15:46Z | |||
|---|---|---|---|---|
| author | henning | |||
| files | src/sys/net/pf_syncookies.c | log | diff | annotate |
| src/sys/net/pfvar.h | log | diff | annotate | |
| message |
make the watermarks/thresholds for entering and leaving syncookie mode when syncookies are set to adaptive tunable, ok claudio benno |
|||
| date | 2018-02-08T09:27:44Z | |||
|---|---|---|---|---|
| author | mortimer | |||
| files | src/sys/dev/rnd.c | log | diff | annotate |
| src/sys/kern/exec_subr.c | log | diff | annotate | |
| src/sys/sys/systm.h | log | diff | annotate | |
| message |
Use a temporary chacha instance to fill large randomdata sections. Avoids grabbing the rnglock repeatedly. ok deraadt@ djm@ |
|||
| date | 2018-02-08T09:37:17Z | |||
|---|---|---|---|---|
| author | deraadt | |||
| files | src/sys/dev/acpi/acpi.c | log | diff | annotate |
| message |
Toss all releaseable memory, because fragmentation can get in the way of allocating the hibernate playpen. |
|||
| date | 2018-02-08T09:42:48Z | |||
|---|---|---|---|---|
| author | deraadt | |||
| files | src/sys/dev/acpi/acpi.c | log | diff | annotate |
| message |
After flushing disks, try again to release all memory. We don't need to save dirty memory to the hibernate space. |
|||
| date | 2018-02-08T10:01:12Z | |||
|---|---|---|---|---|
| author | mortimer | |||
| files | src/sys/dev/rnd.c | log | diff | annotate |
| message |
Do not hardcode key length. Pointed out by jsing@ ok deraadt@ |
|||
| date | 2018-02-08T12:57:24Z | |||
|---|---|---|---|---|
| author | mpi | |||
| files | src/sys/kern/kern_lock.c | log | diff | annotate |
| message |
Remove CSRG copyright, there isn't any code left from Berkeley here. In 2016 natano@ removed the last two functions remaining from the CSRG time: lockinit() and lockstatus(). At that time they were already wrappers around recursive rwlocks functions from thib@ that tedu@ committed in 2013. ok deraadt@ |
|||
| date | 2018-02-08T13:15:31Z | |||
|---|---|---|---|---|
| author | mpi | |||
| files | src/sys/net/if_bridge.c | log | diff | annotate |
| message |
Add a new '-protected' option for bridge members. Bridge members that are part of the same protected domain, refered by a number between 1 and 31, cannot talk to each others. This is useful to isolate VMs or untrusted networks at layer 2. Members can be part of multiple protected domain making it possible to create complex protected setups. ok ccardenas@, claudio@, dlg@, henning@ |
|||
| date | 2018-02-08T13:15:32Z | |||
|---|---|---|---|---|
| author | mpi | |||
| files | src/sys/net/if_bridge.h | log | diff | annotate |
| src/sys/sys/sockio.h | log | diff | annotate | |
| message |
Add a new '-protected' option for bridge members. Bridge members that are part of the same protected domain, refered by a number between 1 and 31, cannot talk to each others. This is useful to isolate VMs or untrusted networks at layer 2. Members can be part of multiple protected domain making it possible to create complex protected setups. ok ccardenas@, claudio@, dlg@, henning@ |
|||
| date | 2018-02-08T13:50:48Z | |||
|---|---|---|---|---|
| author | mpi | |||
| files | src/sys/net/route.c | log | diff | annotate |
| message |
When multiple RTF_CLONING routes for the same subnet are present, use the correct one to clone the gateway. Fix wired vs wireless on the same subnet issue as well as a more complicated setup reported by dlg@. ok jmatthew@, claudio@, dlg@ |
|||
| date | 2018-02-08T21:55:34Z | |||
|---|---|---|---|---|
| author | dlg | |||
| files | src/sys/net/if_mobileip.c | log | diff | annotate |
| message | handle SIOCGLIFPHYTTL and say that the ttl is always "copied" | |||
| date | 2018-02-08T22:08:18Z | |||
|---|---|---|---|---|
| author | dlg | |||
| files | src/sys/net/if_gre.c | log | diff | annotate |
| message |
implement ethernet over gre encapsulation with a thing egre(4) driver. there's three main chunks in this: transmit, receive, and factoring out common gre code. ethernet over gre unfortunately doesnt pad ethernet frames, so their payload on rx and their headers on tx will be misaligned. egre copes with this in the rx path by copying the payload with m_dup_pkt if it detects misalignment. in the tx path, it unconditionally allocates a new mbuf for the headers, that can be aligned separately to the existing payload. most of the common gre code is in the ioctl paths, so this diff adds gre_tunnel_ioctl, which is in the spirit of ether_ioctl. ok claudio@ |
|||
| date | 2018-02-08T22:11:06Z | |||
|---|---|---|---|---|
| author | dlg | |||
| files | src/sys/net/if_gre.c | log | diff | annotate |
| message | ttl 0 is not valid on the wire, so dont accept it. | |||
| date | 2018-02-08T22:24:41Z | |||
|---|---|---|---|---|
| author | claudio | |||
| files | src/sys/net/rtsock.c | log | diff | annotate |
| message |
Make the routing socket more MP save by using a SRPL list for the pcb list. Still needs the big kernel lock but this is another step in the right direction. With and OK mpi@ |
|||
| date | 2018-02-08T23:53:20Z | |||
|---|---|---|---|---|
| author | dlg | |||
| files | src/sys/net/if_gre.c | log | diff | annotate |
| message |
implement support for tunnelttl copy. if the ttl is set to copy, gre will copy the ttl in and out of the encapsulated packet. it's probably a good idea to set this the same on both ends of a tunnel. egre doesn't support tunnelttl copy. |
|||