summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Don't create ICMP states on reply packets unless tracking states sloppymikeb2015-05-261-2/+7
| | | | | | | | | | | | Since we've strengthened the ICMP state matching procedure during lookup to only match packets against states set up in a particular direction, we need to make sure we don't create states on packets that would otherwise be flowing in the direction opposite to the direction of the state and prevent further packets from matching the created state due to strict rules imposed by the ICMP direction check. Problem reported by Alexandr Nedvedicky, alexandr.nedvedicky-at-oracle.com. Discussed with reyk@; OK henning
* Use if_output() instead of rerolling it.mpi2015-05-262-39/+6
| | | | ok stsp@
* Create aliases.db from the installed aliases file, so we get the correctnaddy2015-05-261-2/+2
| | | | owner and group. Reported by Mark Patruck. ok deraadt@ miod@
* bump the number of tx and rx descriptors from 128 up to 512.dlg2015-05-261-3/+3
|
* Store the IP address of the corresponding ifa in the rt_gateway fieldmpi2015-05-264-18/+21
| | | | | | | | | | | | | | | of RTF_CLONING and RTF_BROASCAST routes to not create MPATH conflicts when IP address aliases are used. This change makes it possible to have multiple RTF_CLONING routes with the same priority. Note that any of the existing RTF_CLONING route might be used by the kernel to create a RTF_CLONED route which should not be a problem with aliases since they are attached to the same ifp. This unbreak address aliases since the kernel supports multiple connected routes for a subnet. Found the hardway by djm@, ok claudio@
* Normalize route destination before checking for MPATH conflicts.mpi2015-05-261-14/+18
| | | | | | | This makes rt_mpath_conflict() work as expected when adding routes with the same destination and the same netmask. With and ok claudio@
* Do not create ARP entries for RTF_BROADCAST routes.mpi2015-05-261-15/+3
| | | | | | | | | | | | | | | | | This has been done because historically routes to broadcast addresses were cloned like any ARP entry. But for obvious reasons, no matching Ethernet address could ever be resolved. That's why we played tricks with the expire timer. Now that a RTF_BROADCAST route is created per configured IPv4 address, we need to differenciate duplicated one. And by not creating an ARP entry we are allowed to write the IP address in the rt_gateway field, which prevents MPATH conflicts. This change is part of a fix to unbreak aliases since the kernel support multiple connected routes for a subnet. Found the hardway by djm@, ok claudio@
* Now that the Ethernet header is always passed as part of the mbuf, killmpi2015-05-266-29/+21
| | | | | | the second (unused) argument of the input packet handlers. ok dlg@
* move add_net_randomness from ether_input to the if_input task.dlg2015-05-264-15/+8
| | | | | | | | change it from feeding the ethertype of the packet (which is almost certainly an ip packet or vlan packet, so not that variable) to the number of packets about to be processed. ok deraadt@ mpi@
* More than 100+ drivers converted to if_input(), this is the last "real" one.mpi2015-05-261-106/+11
| | | | ok dlg@
* syncjsg2015-05-261-0/+25
|
* include the firmware for usb devices on the armv7 ramdiskjsg2015-05-261-1/+23
|
* Add OPENSSL_NO_EGD to opensslfeatures.h.bcook2015-05-262-0/+2
| | | | | | | Since RAND_egd has been removed from LibreSSL, simplify porting software that relies on it. See https://github.com/libressl-portable/openbsd/pull/34 from Bernard Spil, ok deraadt@
* make vlans inherit their parents hardmtu as well as mtu.dlg2015-05-261-10/+10
| | | | from brad@ and tested locally.
* Build all the firmware for usb devices on armv7.jsg2015-05-265-11/+15
|
* Sync usb devices with amd64.jsg2015-05-262-86/+117
| | | | Prompted by djm noticing uslcom(4) was not included.
* build wsconsctl and wsconscfg on armv7jsg2015-05-262-4/+4
|
* fix panic for real and revert previous rev 1.52benno2015-05-251-6/+6
| | | | | from markus@ sorry for the mixup
* Kill outdated comment.jca2015-05-251-2/+2
| | | | ok eric@
* Make SSL_CIPHER_get_bits() report ChaCha20-Poly1305 ciphers as usingguenther2015-05-252-8/+8
| | | | | | | 256bit keys problem noted by Tim Kuijsten (info (at) netsend.nl) ok deraadt@ miod@ bcook@
* Skip search domains iteration if RES_DNSRCH and/or RES_DEFNAMES is unset.eric2015-05-252-4/+13
| | | | | prodded by Brad ok jca@
* bump up the default Diffie-Hellman group to modp3072; ok mikeb@ djm@naddy2015-05-252-6/+6
|
* getnameinfo(3) doesn't need to initialize the resolver when it's only usederic2015-05-251-1/+150
| | | | | | for address/port formatting (e.g. NI_NUMERICHOST). ok deraadt@ jca@
* fix a panic in import_identities() in case the ID isnt loadedbenno2015-05-251-3/+5
| | | | | (triggered by bgpd). ok marku@s, mikeb@
* Initialize ipa_ndrq in isascan() too...miod2015-05-251-1/+2
|
* Match newer elantech v4 touchpads, logic taken from Linux.mpi2015-05-251-2/+2
| | | | Based on a submission from and ok jcs@.
* only scan sensors if they are configuredderaadt2015-05-251-16/+18
| | | | ok bcook
* Port the ELF m88k work to binutils 2.17. Good enough to build a bootingmiod2015-05-2518-29/+4696
| | | | kernel, and hopefully userland as well.
* sortderaadt2015-05-251-3/+4
|
* Make this build when using the __STRICT_ALIGNMENT version of USETW.jsg2015-05-251-2/+2
|
* vax ELF bits for binutils 2.17.miod2015-05-258-3/+17
|
* Convert from ether_input() with separate mbuf data and Ethernet header, tomiod2015-05-251-148/+54
| | | | | | if_input(). Based upon an initial diff from mpi@, and then painfully made STRICT_ALIGNMENT-compliant. Tested on 4/260. ok mpi@
* Change ENTRY to __start to match binutils 2.15, needed for static PIEmiod2015-05-252-1/+2
|
* Prevent a use after free in by closing all open endpoints upon detach.mpi2015-05-251-14/+30
| | | | | | Fix a panic reported by landry@ with Android's ADB. Tested and ok ajacoutot@
* allow pkg_add as nonroot to soft-fail when outside of local base.espie2015-05-252-9/+42
|
* a dreaded whitespace; Kyle Milzderaadt2015-05-251-2/+2
|
* missing word in comment; Kyle Milzderaadt2015-05-251-2/+2
|
* Teach binutils the {rd,wr}{fs,gs}base instructions.guenther2015-05-253-18/+28
| | | | | Flag bits worked out with kettenis@ ok mlarkin@
* add missing 'c' option to getopt(), case statement was alreadydjm2015-05-241-2/+3
| | | | there; from Felix Bolte
* Maximilian dot Fillinger at uni-duesseldorf dot deschwarze2015-05-243-74/+109
| | | | | | starts helping with the pod2mdoc(1)-based conversion of LibreSSL crypto manuals from perlpod(1) to mdoc(7). Here comes the first file, slightly tweaked by me.
* Initialize ipa_nirq in isascan(). Gets rid of spurious irq locators beingmiod2015-05-241-1/+2
| | | | printed for isadma(4).
* add the chromebook board id the exynos code usesjsg2015-05-241-1/+2
|
* imx_board_devs -> exynos_board_devsjsg2015-05-241-2/+2
|
* Follow the recent pckbc@isa changes and always establish all the necessarymiod2015-05-246-79/+21
| | | | | | | | | interrupts at pckbc attach time, and get rid of the `intr_establish' pckbc callback. Tested on hppa (gsckbc) and sgi (pckbc@hpc); not tested on sparc64 (pckbc@ebus) but this attachment was already behaving this way and its intr_establish callback was an empty function.
* Add udl(4) and uvideo(4) to armv7 GENERIC. Tested on my sabre lite (imx).matthieu2015-05-242-3/+11
| | | | | enable udl firmware and COMPAT_RAW_KBD to make udl useable with X. ok jsg@
* pass subst to the installer state, so that -Dunsigned would workespie2015-05-241-1/+2
|
* Treat primary cpu like others and put pointer to its GDT in cpu_info.ci_gdtguenther2015-05-243-14/+12
| | | | requested by and ok mlarkin@
* bump to version 2.2bcook2015-05-232-4/+4
| | | | ok deraadt@
* fix a memory leak in an error pathjsg2015-05-231-1/+2
| | | | ok markus@ dtucker@
* fix a memory leak in an error pathjsg2015-05-231-1/+2
|
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.