| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
The driver currently only supports AES-CBC mode but can easily
be extended to other algorithms and modes.
The aesv8-armx.S file was generated from the CRYPTOGAMS project.
Asked to commit by and ok patrick@
|
| |
|
|
|
|
|
|
|
| |
tracked in tick_msg() and explicitly calling tick_msg(TICK_SLEEP).
One fewer use of each of time(), ifi->startup_time and
config->link_timeout. Makes code easier to follow.
No intentional functional change.
|
| |
|
|
|
|
| |
process parses af from the sockaddrs.
ok patrick@
|
| |
|
|
|
|
| |
running the kernel in EL2.
ok patrick@
|
| |
|
|
|
|
|
|
|
|
| |
network devices that shows one character per echo request (! for normal
response, . for timed out, D for duplicate, T for truncated) making
it easier to identify patterns of loss over periods of time.
ok remi@ kn@, feedback from deraadt@ chris@
!!!!!...!!!!!!!!!!!!!!!!!!!!!!!!!!!...!!!!!!!!!!!!!!!!!!!!!!!!!!!.........!!!!!!!!!!!!!!!!!!!!!...!!!!!!!!!!!!!!!!!!!!!!!!!!!....!!!!!!!!!!!!!!!!!!!!!!!!!!.........!!!!!!!!!!!!!!!!!!!!!...!!!!!!!!!!!!!!!!!!!!!!!!!!!....!!!!!!!!!!!!!!!!!!!!!!!!!!.........!!!!!!!!!!!!!!!!!!!!!...!!!!!!!!!!!!!!!!!!!!!!!!!!!....!!!!!!!!!!!!!!!!!!!!!!!!!!..........!!!!!!!!!!!!!!!!!!!!....!!!!!!!!!!!!!!!!!!!!!!!!!!....!!!!!!!!!!!!!!!!!!!!!!!!!!..........!!!!!!!!!!!!!!!!!!!!....!!!!!!!!!!!!!!!!!!!!!!!!!!....!!!!!!!!!!!!!!!!!!!!!!!!!!..........!!!!!!!!!!!!!!!!!!!!....!!!!!!!!!!!!!!!!!!!!!!!!!!.....!!!!!!!!!!!!!!
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
the "ports" that nvgre provides to etherbridge are ip addresses
used in the underlay network.
ok patrick@ jmatthew@
|
| |
|
|
|
|
|
|
|
| |
it's pretty straightforward since etherbridge was mostly based on
this code in the first place. the etherbridge_ops that bpe provides
to etherbridge set entries up to point at mac addresses in the
underlay network.
ok patrick@ jmatthew@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
this allows for the factoring out of the learning bridge code i
wrote in bpe and nvme, and should be reusable for other drivers
needing a mac learning bridge.
the core data structures are an etherbridge struct to represent the
learning bridge, eb_entry structs for each mac address entry that
the bridge knows about, and an etherbridge_ops struct that drivers
fill in so that they can use this code.
eb_entry structs are stored in a hash table made up of SMR_TAILQs
to support lookups of entries quickly and concurrently in the
forwarding path. they are also stored in a locked red-black tree
to help manage the uniqueness of the mac address in the table.
the etherbridge_ops handlers mostly deal with comparing and testing
the "ports" associated with mac address table entries. the "port"
that a mac address entry is associated with is opaque to the
etherbridge code, which allows for this code to be used by nvgre
and bpe which map mac addresses inside the bridge to addresses in
their underlay networks. it also supports traditional bridges where
"ports" are actual interfaces.
ok patrick@ jmatthew@
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
matches radeon and i915
reported by Benjamin Baier
|
| | |
|
| | |
|
| |
|
|
| |
segfaults seen on exception handling. ok kettenis@
|
| |
|
|
| |
invoked when log_getverbose() returns 0.
|
| | |
|
| | |
|
| |
|
|
| |
discussed with jsing
|
| |
|
|
|
|
|
| |
better and doesn't look odd if there's trailing data for exapmle.
Indent a few labels in the neighborhood while there.
ok jsing
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
OpenSSL's SSL{_CTX,}_get_{min,max}_proto_version() return a version of zero
if the minimum or maximum has been set to zero (which means the minimum or
maximum version supported by the method). Previously we returned the
minimum or maximum version supported by the method, instead of zero. Match
OpenSSL's behaviour by using shadow variables.
Discussed with tb@
|
| |
|
|
|
|
| |
These are currently guarded by LIBRESSL_HAS_DTLS1_2 and LIBRESSL_INTERNAL.
ok tb@
|
| |
|
|
| |
ok tb@
|
| |
|
|
|
|
|
|
| |
Per RFC 6347 section 4.2.1, the HelloVerifyRequest should always contain
DTLSv1.0 - ensure this is the case on the server side, allow both DTLSv1.0
and DTLSv1.2 on the client.
ok tb@
|
| |
|
|
| |
ok tb@
|
| |
|
|
|
|
| |
These are currently guarded by LIBRESSL_HAS_DTLS1_2 and LIBRESSL_INTERNAL.
ok tb@
|
| |
|
|
| |
ok tb@
|
| |
|
|
|
|
| |
if_vinput requires mpsafe interface counters, so add those in. this
factors out some more code between drivers. monitor mode will work
on these interfaces now too.
|
| |
|
|
|
|
|
|
| |
using if_vinput factors out a lot of repeated code between tunnel
drivers, and it means monitor mode works on gre and mgre now too.
make the l2 gre interfaces do some things in the same order while
here.
|
| |
|
|
|
|
| |
if_vinput requires mpsafe interface counters, so gif is a bit more
mpsafe now than it was before. using if_vinput means monitor mode
works on gif now too.
|
| |
|
|
|
|
|
|
| |
the l3 protocol input to push the packet is based on a value in
m->m_pkthdr.ph_family, which tunnel drivers should set before calling
if_vinput.
add p2p_bpf_mtap to call bpf_mtap_af also using m->m_pkthdr.ph_family.
|
| |
|
|
|
|
|
| |
tun (not tap) input packets are written from userland in the same
format that it's bpf dlt is expecting, so we can push the packet
straight into bpf with bpf_mtap. this is more correct that using
bpf_mtap_ether for tun.
|
| |
|
|
|
| |
call (*ifp->if_bpf_mtap) instead of bpf_mtap_ether in ifiq_input
and if_vinput.
|
| |
|
|
|
|
|
|
| |
the network stack is now responsible for calling bpf for packets
that the interface receives, and we so far got away with using
bpf_mtap_ether for everything. this doesn't work if layer 3 input
goes through the same functions, so letting drivers specify the
appropriate bpf mtap function means they will be able to cope.
|
| | |
|
| |
|
|
|
|
|
| |
This reapplies commit e0lLUzj1XNW7pJMh and moves libperl to 21.0
The ABI change appears to be fine after XS modules are rebuilt.
OK sthen@
|
| |
|
|
| |
reminded by benno@
|
| |
|
|
| |
ok benno@
|
| |
|
|
|
|
|
|
|
|
|
| |
an example use of this is when you have a span port on a switch and
you want to be able to see the packets coming out of it with tcpdump,
but do not want these packets to enter the network stack for
processing. this is particularly important if the span port is
pushing a copy of any packets related to the machine doing the
monitoring as it will confuse pf states and the stack.
ok benno@
|
| |
|
|
| |
ok patrick@
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Occasionally one might read a manual page in a webbrowser, e.g.
"MANPAGER=firefox man -T html jq", however temporary files created for
pagers lack file extensions and most web browsers are unable to detect a
file's content without it.
Special case mandoc(1)'s HTML output format by appending the ".html" suffix
to file names such that browsers will actually render HTML as such instead
of showing it as plain text.
Input schwarze
|
| |
|
|
|
|
|
| |
into new set_interval()/set_secs() functions. send_request() and
send_discover() become much easier to understand.
No intentional functional change.
|
| | |
|
| |
|
|
| |
ok claudio
|
tobhe
krw
kettenis
sthen
jmc
deraadt
dlg
jsg
otto
visa
tb
jsing
afresh1
lum
kn