| Commit message (Collapse) | Author | Files | Lines |
|---|
|
This does not change the current behaviour, but filterops should be
invoked through filter_*() for consistency.
|
|
This avoids the need to match specific DTLS version numbers.
|
|
No functional change intended.
|
|
in route_input() we drop solock() after we checked socket state. We
pass mbuf(9) to this socket at next loops, while it referenced as
`last'. Socket's state could be changed by concurrent thread while
it's not locked.
Since we perform socket's checks and output in same iteration, the
logic which prevents mbuf(9) chain copy for the last socket in list
was removed.
ok bluhm@ claudio@
|
|
Pointed out by deraadt
|
|
Pointed out by deraadt
|
|
pointed out by deraadt
|
|
pointed out by deraadt
|
|
the engine process for parsing instead of passing an fd.
Let's us tighten the engine's pledge back down to "stdio".
|
|
the go ecosystem).
Properly handle failing daemon startup now that we have pipefail.
To take advantage of this new feature, just add foo_logger=facility to the
daemon rc.d(8) script or in rc.conf.local(8) or use rcctl:
rcctl set foo logger daemon.info
tweak for checking flags in rcctl(8) from martijn@
"this looks pretty good" deraadt@
ok sthen@
|
|
|
|
|
|
actually make things a bit faster.
OK deraadt@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Used by at least Skylake-SP (SKX) and Cascade Lake-SP (CLX).
Covers Xeon Scalable, Xeon D, Xeon W, Core Extreme/Core X product
families. The Scalable parts are marketed as Xeon Bronze, Silver, Gold
and Platinum.
As most of these ids are not described in public documents from Intel
use Skylake-ESystem.inf and KabyLakePCH-HSystem.inf from Intel's Windows
drivers to get an idea of what the names should be. With the name for
0x2088 found in a Intel authored Linux driver.
Initial patch and much discussion from Karel Gardas.
|
|
also do the ethertype comparison before the conversion above.
|
|
|
|
|
|
ok patrick@
|
|
Starting right after unwind.
OK deraadt
|
|
It should always run and there is no reload semantic.
OK deraadt
|
|
|
|
OK deraadt@
|
|
OK deraadt
|
|
OK deraadt
|
|
|
|
from servers.
dhcpleased(8) follows the well known three process design of all our
privsep daemons. It uses pledge(2) and unveil(2) to restrict access
further. In particular the "engine" process, responsible for parsing
of untrusted data, is pledge'd "stdio". It cannot access the outside
world nor the filesystem at all.
Like slaacd(8) for IPv6 it will be always running and acquire addresses
for all interface with the autoconf4 flag set.
The flag can be set by "ifconfig $if inet autoconf" or by adding
"inet autoconf" to /etc/hostname.if. An existing "dhcp" line should
be removed.
Various iterations tested by deraadt@
The hardest part, finding a name, was handled by jmatthew@ & otto@
"get to it :)" deraadt@
|
|
If we're about to add a chain we have a trust path, so we have at least
one trusted certificate. This fixes a thinko from r1.31 and fixes the
openssl(1) cms verify test.
ok jsing (who had the same diff)
|
|
|
|
nvram files used for the different Apple devices. The device tree and
the OTP hold the information which of those we will have to use. For
now this information will simply be printed, but depending on how we
choose to do the firmare distribution we could use it for loadfirmware().
|
|
|
|
to use a different set of PCIE2REG registers. Accessing the "old" ones
even leads to faults. There are two surprises though. One is that it
seems that the interrupt status register always returns 0, and the other
one is that we receive the interrupts way too early, but both can be
worked around for now.
|
|
advince from sthen@
|
|
is passed to the IOMMU device driver.
ok patrick@
|
|
this already on previous chips, which only started giving us packets when
handing over at least 128 of them. Apparently some now require 256, which
seems to get the Apple M1's WiFi going.
|
|
ok patrick@
|
|
OK phessler
|
|
this avoids unecessary writes to memory. it helps a little bit with
a single nettq, but we get a lot more of a boost in pps when running
concurrently.
thanks to hrvoje for testing.
|
|
|
|
check before using variable in list
remove unnecessary variable declaration
check value of adjustname()
add a '< 0' return value of snprintf
|
|
|
|
with popular fuzzing drivers like libfuzzer. AFAIK nobody has used
it but me.
|
|
ok florian@
|
|
|
|
if the bridge is supposed to carry vlan packets, assuming it's an
s-vlan component and should allow certain group addresses to cross
between "customer" bridges.
i should probably let some of these groups fall back through to the
calling ether_input rather than drop them.
|
visa
jsing
lum
mvs
florian
ajacoutot
dlg
claudio
nicm
jsg
tobhe
kn
tb
patrick
jan
kettenis
deraadt
djm