| Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
`-t table -T add|replace ...' would only check for duplicate tables in case
addresses where actually to the table.
Instead of using a positive number of added addresses as prove for
successful table operations, rely on the fact that CREATE_TABLE() is
guaranteed to be called only if pf(4) can be accessed, that is
warn_duplicate_tables() will return.
This improves duplicate detection rate as warnings are now also emitted
even when table commands eventually leave tables unchanged.
OK benno sashan
|
|
revision 1.689 introduced warn_duplicate_tables() unconditionally, breaking
the parser on tables withs insufficient permissions to open pf(4):
$ echo 'table <t>' | pfctl -nf-
pfctl: pfr_get_tables: Bad file descriptor
So simply check whether pfctl is able to get the table list first. If not,
instead of silently avoiding namespace collision checks, print a brief
notice iff `-v' is given to help finding duplicate definitions by hand:
$ echo 'table <t>' | ./obj/pfctl -vnf-
table <t>
stdin:1: skipping duplicate table checks for <t>
Reported by Rivo Nurges, thanks!
OK benno sashan
|
|
|
|
which allows it to work when sshd_config contains a Match directive with or
without -C. bz#2858, ok djm@
|
|
|
|
|
|
work. Reported by Thomas Sattler.
|
|
|
|
Patch from yumkam at gmail.com, ok deraadt.
|
|
|
|
Reported by Gary Zibrat
|
|
|
|
and the Bk/Ek invocation here is no longer neccessary;
|
|
since clang doesn't seem to support secure-plt for small pic.
ok deraadt@, millert@
|
|
|
|
with a pane status line.
|
|
and to handle the case where the panes won't fit into the existing
window size.
|
|
layouts.
|
|
|
|
check for % in the target as well as ":.".
|
|
window.c into a separate file spawn.c.
|
|
disable it in upcoming 6.5 release.
(phessler and mortimer have the details)
|
|
ok espie@
|
|
|
|
|
|
by default txprio is set to 0, so the exp field will be 0. howerver,
txprio on mpe/mpw/mpip can be configured with other values or
settings like our other tunnel or encapsulation interfaces.
intermediate LSPs can use the exp field to manage their prioritisation
of encapsulated traffic.
|
|
lack of documentation and original diff provided by alfred morgan;
benno helped me track down the applicable options;
ok benno
|
|
X509V3_add_value() helpfully allocates a STACK_OF(CONF_VALUE) if it
receives a pointer to a NULL pointer. If anything fails along the way,
it is however the caller's responsibility to free it. This can easily
be fixed by freeing *extlist in the error path and zeroing it to avoid
a double free if there happens to be a caller out there that avoids
the leak.
Polish a few things so the function conforms a bit better to our usual
style.
tweak & ok jsing
|
|
|
|
|
|
|
|
of bus numbers from the parent's bus extent. On detach, which can
happen with hotplug-able devices, we should free those busses.
ok kettenis@
|
|
caches. If the physical page was previously used by userland it is
likely that this page is still in the cache and writing to the newly
mapped page could result in unexpected behaviour.
ok kettenis@
|
|
ok deraadt
|
|
ok patrick@, dlg@, visa@
|
|
condition in sb_compress(). Currently the actual cluster size might
be 9KB even if the mtu is 1500, in this case a lot of memory space had
been wasted, since sbcompress() doesn't compress because of previous
condition.
ok dlg claudio
|
|
ok patrick@, dlg@, visa@
|
|
reading all 256 at a time was a nice idea, but meant page 0xa2 wasnt
appearing like it should. this follows what freebsd does more
closely too.
|
|
some modules seem to need more time when waiting for bytes while here.
hrvoje popovski hit the endian issue
|
|
|
|
Lots of help with build/tests on sparc64 from jsg@, thank you.
ok deraadt
|
|
the idea is to call the hardware transmit routine less since in a
lot of cases posting a producer ring update to the chip is (very)
expensive. it's better to do it for several packets instead of each
packet, hence calling this tx mitigation.
this diff defers the call to the transmit routine to a network
taskq, or until a backlog of packets has built up. dragonflybsd
uses 16 as the size of it's backlog, so i'm copying them for now.
i've tried this before, but previous versions caused deadlocks. i
discovered that the deadlocks in the previous version was from
ifq_barrier calling taskq_barrier against the nettq. interfaces
generally hold NET_LOCK while calling ifq_barrier, but the tq might
already be waiting for the lock we hold.
this version just doesnt have ifq_barrier call taskq_barrier. it
instead relies on the IFF_RUNNING flag and normal ifq serialiser
barrier to guarantee the start routine wont be called when an
interface is going down. the taskq_barrier is only used during
interface destruction to make sure the task struct wont get used
in the future, which is already done without the NET_LOCK being
held.
tx mitigation provides a nice performanace bump in some setups. up
to 25% in some cases.
tested by tb@ and hrvoje popovski (who's running this in production).
ok visa@
|
|
OK visa@
|
|
(discussed with many at tech@)
OK deraadt@, kn@, sthen@, tedu@
|
|
Fixes oss-fuzz issue #13843.
ok tb@
|
|
These were deprecated with 6.3, but instead of removing them all together,
keep [-]vlan and [-]vlandev as aliases for [-]vnetid and [-]parent.
Alias idea from sthen
OK dlg sthen benno
|
|
|
|
qsfp was originally defined in SFF-8436, but the management interface
now seems to be managed in SFF-8636, so this uses sff8636 as a
prefix for qsfp things. the same spec applies to qsfp+ and probably
qsfp28.
XFP and QSFP share a bunch of offsets for where strings are located,
so this factors out the printing of those strings from the xfp code
and uses it from both the xfp and qsfp handling.
i have a qsfp+ to 4x sfp+ cable that looks like this with the new
code:
transceiver: QSFP+
model: Amphenol 601110005 rev A
serial: CN0HVVVFxxxxxxx date: 2013-04-18
if i ever get a pair of optics i can work on the diags
|
|
OK deraadt@ millert@ kettenis@
|
tedu
kn
dtucker
mlarkin
nicm
sf
jmc
kettenis
deraadt
stsp
dlg
tb
patrick
sunil
yasuoka
sashan
jsing
visa