| created | 2021-02-06T19:52:25Z |
|---|---|
| begin | 2021-02-01T00:00:00Z |
| end | 2021-02-02T00:00:00Z |
| path | src/sys |
| commits | 9 |
| date | 2021-02-01T00:31:05Z | |||
|---|---|---|---|---|
| author | dlg | |||
| files | src/sys/net/if_pfsync.c | log | diff | annotate |
| src/sys/net/pf.c | log | diff | annotate | |
| src/sys/net/pfvar.h | log | diff | annotate | |
| message |
change route-to so it sends packets to IPs instead of interfaces. this is a significant (and breaking) reworking of the policy based routing that pf can do. the intention is to make it as easy as nat/rdr to use, and more robust when it's operating. the main reasons for this change are: - route-to, reply-to, and dup-to do not work with pfsync this is because the information about where to route-to is stored in rules, and it is hard to have a ruleset synced between firewalls, and impossible to have them synced 100% of the time. - i can make my boxes panic in certain situations using route-to yeah... - the configuration and syntax for route-to rules are confusing. the argument to route-to and co is an interace name with an optional ip address. there are several problems with this. one is that people tend to think about routing as sending packets to peers by their address, not by the interface they're reachable on. another is that we currently have no way to synchronise interface topology information between firewalls, so using an interface to say where packets go means we can't do failover of these states with pfsync. another is that a change in routing topology means a host may become reachable over a different interface. tying routing policy to interfaces gets in the way of failover and load balancing. this change does the following: - stores the route info in the state instead of the pf rule this allows route-to to keep working when the ruleset changes, and allows route-to info to be sent over pfsync. there's enough spare bits in pfsync messages that the protocol doesnt break. the caveat is that route-to becomes tied to pass rules that create state, like rdr-to and nat-to. - the argument to route-to etc is a destination ip address it's not limited to a next-hop address (thought a next-hop can be a destination address). this allows for the failover and load balancing referred to above. - deprecates the address@interface host syntax in pfctl because routing is done entirely by IPs, the interface is derived from the route lookup, not pf. any attempt to use the @interface syntax will fail now in all contexts. there's enthusiasm from proctor@ jmatthew@ and others ok sashan@ bluhm@ |
|||
| date | 2021-02-01T07:43:33Z | |||
|---|---|---|---|---|
| author | mvs | |||
| files | src/sys/net/if.c | log | diff | annotate |
| src/sys/net/if.h | log | diff | annotate | |
| message |
ifunit() was fully replaced by if_unit(9) and should go away. ok bluhm@ dlg@ |
|||
| date | 2021-02-01T07:44:58Z | |||
|---|---|---|---|---|
| author | mvs | |||
| files | src/sys/net/if_pppx.c | log | diff | annotate |
| message |
Remove dummy TUNSIFMODE ioctl(2) call from pppac(4) and npppd(8). Since OpenBSD 6.7 npppd(8) can't work over tun(4). ok yasuoka@ |
|||
| date | 2021-02-01T07:46:55Z | |||
|---|---|---|---|---|
| author | mvs | |||
| files | src/sys/net/if_pppx.c | log | diff | annotate |
| message |
Netlock should be grabbed before pppx_if_find() call in pppxwrite(). Otherwise this `pxi' can be killed by concurrent thread after context switch caused by following netlock. ok yasuoka@ |
|||
| date | 2021-02-01T09:21:51Z | |||
|---|---|---|---|---|
| author | mglocker | |||
| files | src/sys/dev/usb/ugen.c | log | diff | annotate |
| src/sys/dev/usb/usb_subr.c | log | diff | annotate | |
| src/sys/dev/usb/usbdi.c | log | diff | annotate | |
| src/sys/dev/usb/usbdi.h | log | diff | annotate | |
| message |
Align the mixed naming for the variables used to reference to bInterfaceNumber and bAlternateSetting as following: ifaceidx -> ifaceno altidx -> altno Suggested and ok mpi@ |
|||
| date | 2021-02-01T12:08:50Z | |||
|---|---|---|---|---|
| author | bluhm | |||
| files | src/sys/netinet6/ip6_output.c | log | diff | annotate |
| message | Fix white spaces and wrap long lines. | |||
| date | 2021-02-01T13:25:04Z | |||
|---|---|---|---|---|
| author | bluhm | |||
| files | src/sys/netinet/ip_output.c | log | diff | annotate |
| src/sys/netinet6/ip6_output.c | log | diff | annotate | |
| message |
Fix path MTU discovery for ESP tunneled in IPv6. We always want short TCP segments or fragments encapsulated in ESP instead of fragmented ESP packets. Pass the don't fragment flag down along the stack so that dynamic routes with MTU are created eventually. with and OK markus@; OK tobhe@ |
|||
| date | 2021-02-01T14:30:01Z | |||
|---|---|---|---|---|
| author | jsg | |||
| files | src/sys/dev/fdt/pinctrl.c | log | diff | annotate |
| message |
handle #pinctrl-cells 2 needed for >= linux 5.9 dtbs on bbb ok kettenis@ |
|||
| date | 2021-02-01T15:55:07Z | |||
|---|---|---|---|---|
| author | visa | |||
| files | src/sys/sys/systm.h | log | diff | annotate |
| message |
Remove obsolete vnode operation vector declarations. OK bluhm@, claudio@, mpi@, semarie@ |
|||