| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |
|
| |
|
|
|
|
|
|
|
|
| |
descriptor (usually doesn't happen), that we continue to use an outdated
cdesc pointer which still refers to the previous cdesc. Instead update
the cdesc pointer to the new configuration descriptor.
Reported by Thomas Jeunet <cleptho AT gmail DOT com>
ok phessler@
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
&armv7_bs_tag with fdt_cons_bs_tag, which is our early console bus tag
for both arm64 and armv7. On armv7, it points to &armv7_bs_tag. With
this we can get rid of the armv7var.h include. Reduce a bit of diff to
imxuart(4).
ok kettenis@
|
| |
|
|
| |
ok kettenis@
|
| |
|
|
| |
provide a function for the I2C clock frequency, used by exiic(4).
|
| |
|
|
| |
way" of attaching the console.
|
| | |
|
| |
|
|
| |
ok kettenis@
|
| |
|
|
|
|
|
|
|
| |
exposing battery sensors for HID++ 2.0 devices. Most of the code is
derived from the hid-logitech-hidpp Linux driver.
Thanks to Ville Valkonen <weezeldinga at gmail dot com> for testing.
ok mglocker@
|
| |
|
|
|
|
|
| |
handler for a specific report id. Needed by an upcoming driver in order
to communicate with the device already in the attach routine.
ok mglocker@ as part of a larger diff
|
| |
|
|
|
|
|
|
|
|
|
| |
This makes the system recognize and configure Netgear ProSecure UTM25.
Of the network ports, LAN1-4 and WAN1 are functional. WAN2 does not work
for some reason. Even though WAN1 has a separate link to the SoC, the
connection appears to go through the same switch that the LAN ports use.
At the moment, the system relies on U-Boot to set up the switch so that
the LAN and WAN segments stay separate.
Initial diff and input from Thaison Nguyen, thank you!
|
| |
|
|
|
|
|
| |
can not simply be vrele()-ed on error. The code currently depends on
closef() to do the cleanup.
Reported-by: syzbot+b0e18235e96adf81883d@syzkaller.appspotmail.com
|
| |
|
|
|
|
| |
the file descriptors early do it late. This way the fdplock is not held
during the VFS operations.
OK mvs@
|
| |
|
|
| |
OK deraadt@, bluhm@
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The code delivered in this change is currently disabled. Brave souls
may enable the code by adding -DWITH_PF_LOCK when building customized
kernel. Big thanks goes to Hrvoje@ for providing test equipment and
testing.
As soon as we enter the next release cycle, the WITH_PF_LOCK will be
defined as default option for MP kernels.
OK dlg@
|
| |
|
|
|
|
|
|
| |
to allow setting and removing IPv4 addresses.
Needed for future iked(8) improvements.
Discussed with sthen@ and florian@
ok bluhm@ deraadt@
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The kernel uses a huge amount of processing time for sending ACKs to the sender
on the receiving interface. After receiving a data segment, we send out two
ACKs. The first one in tcp_input() direct after receiving. The second ACK is
send out, after the userland or the sosplice task read some data out of the
socket buffer. Thus, we save some processing time and improve network
performance.
Longer tested by sthen@
OK claudio@
|
| |
|
|
|
|
|
|
|
|
| |
which finally makes umb(4) fail, since ugen(4) attaches to one of the
umb(4) interfaces, fails, and marks the whole device dying. Therefore
make usbd_device2interface_handle() backwards compatible again.
Problem reported by Mikolaj Kucharski.
ok edd@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
before this change pf_route operated on the semantic that pf runs
when packets go over an interface, so when pf_route changed which
interface the packet was on it would run pf_test again. this change
changes (restores) the semantic that pf is only supposed to run
when packets go in or out of the network stack, even if route-to
is responsibly for short circuiting past the network stack.
just to be clear, for normal packets (ie, those not touched by
route-to/reply-to/dup-to), there isn't a difference between running
pf when packets enter or leave the stack, or having pf run when a
packet goes over an interface.
the main reason for this change is that running the same packet
through pf multiple times creates confusion for the state table.
by default, pf states are floating, meaning that packets are matched
to states regardless of which interface they're going over. if a
packet leaving on em0 is rerouted out em1, both traversals will end
up using the same state, which at best will make the accounting
look weird, or at worst fail some checks in the state and get
dropped.
another reason for this commit is is to make handling of the changes
that route-to makes consistent with other changes that are made to
packet. eg, when nat is applied to a packet, we don't run pf_test
again with the new addresses.
the main caveat with this diff is you can't have one rule that
pushes a packet out a different interface, and then have a rule on
that second interface that NATs the packet. i'm not convinced this
ever worked reliably or was used much anyway, so we don't think
it's a big concern.
discussed with many, with special thanks to bluhm@, sashan@ and
sthen@ for weathering most of that pain.
ok claudio@ sashan@ jmatthew@
|
| |
|
|
|
| |
via index is actually in the right rdomain for the socket.
OK bluhm@ mvs@
|
| | |
|
| |
|
|
|
|
|
| |
kernel make sure that the rdomain of that interface is the same as
the rdomain of the inpcb.
Problem spotted and fix tested by semarie@
OK bluhm@ mvs@
|
| |
|
|
| |
OK bluhm@, claudio@, mpi@, semarie@
|
| |
|
|
|
| |
needed for >= linux 5.9 dtbs on bbb
ok kettenis@
|
| |
|
|
|
|
|
| |
short TCP segments or fragments encapsulated in ESP instead of
fragmented ESP packets. Pass the don't fragment flag down along
the stack so that dynamic routes with MTU are created eventually.
with and OK markus@; OK tobhe@
|
| | |
|
| |
|
|
|
|
|
|
|
| |
bInterfaceNumber and bAlternateSetting as following:
ifaceidx -> ifaceno
altidx -> altno
Suggested and ok mpi@
|
| |
|
|
|
|
|
| |
Otherwise this `pxi' can be killed by concurrent thread after context
switch caused by following netlock.
ok yasuoka@
|
| |
|
|
|
|
| |
OpenBSD 6.7 npppd(8) can't work over tun(4).
ok yasuoka@
|
| |
|
|
| |
ok bluhm@ dlg@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
this is a significant (and breaking) reworking of the policy based
routing that pf can do. the intention is to make it as easy as
nat/rdr to use, and more robust when it's operating.
the main reasons for this change are:
- route-to, reply-to, and dup-to do not work with pfsync
this is because the information about where to route-to is stored in
rules, and it is hard to have a ruleset synced between firewalls,
and impossible to have them synced 100% of the time.
- i can make my boxes panic in certain situations using route-to
yeah...
- the configuration and syntax for route-to rules are confusing.
the argument to route-to and co is an interace name with an optional
ip address. there are several problems with this. one is that people
tend to think about routing as sending packets to peers by their
address, not by the interface they're reachable on. another is that
we currently have no way to synchronise interface topology information
between firewalls, so using an interface to say where packets go
means we can't do failover of these states with pfsync. another
is that a change in routing topology means a host may become
reachable over a different interface. tying routing policy to
interfaces gets in the way of failover and load balancing.
this change does the following:
- stores the route info in the state instead of the pf rule
this allows route-to to keep working when the ruleset changes, and
allows route-to info to be sent over pfsync. there's enough spare bits
in pfsync messages that the protocol doesnt break.
the caveat is that route-to becomes tied to pass rules that create
state, like rdr-to and nat-to.
- the argument to route-to etc is a destination ip address
it's not limited to a next-hop address (thought a next-hop can be a
destination address). this allows for the failover and load balancing
referred to above.
- deprecates the address@interface host syntax in pfctl
because routing is done entirely by IPs, the interface is derived from
the route lookup, not pf. any attempt to use the @interface syntax
will fail now in all contexts.
there's enthusiasm from proctor@ jmatthew@ and others
ok sashan@ bluhm@
|
| | |
|
| |
|
|
| |
little bit more to do though before it can be enabled.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
Detect octeon board model in one place, and replace firmware-supplied
board_type with an abstract model identifier in driver code. This makes
it easier to manage with different products, and board flavours, that
happen to use the same model information, such as board_type.
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
partly from Alessandro Ricci
|
| |
|
|
| |
ok kettenis
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When obtaining an interface handle, we currently rely on the device being
properly USB compliant, and thus the interface being at the correct index in
the interfaces array.
However, some devices present their indices incorrectly. For example, the
following audio device exposes interfaces 0, 1 and 3, in that order (skipping
interface 2 entirely):
uaudio2 at uhub4 port 4 configuration 1 interface 3 "E+ Corp. DAC Audio" rev 1.10/0.01 addr 2
uaudio2: class v1, full-speed, async, channels: 2 play, 0 rec, 3 ctls
This means that that the audio stream interface (number 3) is not found at the
expected index of 2, and this causes looking up the handle to fail.
This change makes usbd_device2interface_handle() search for the right
interface, instead of assuming it will be at the right index. Although this is
a little slower, note that this routine not very frequently called and there
are typically not hundreds of interfaces on a typical USB device.
This fixes the above E+ Corp device, and one other uaudio device reported
broken by a user.
With input from, tested by, and OK ratchov@, mglocker@ and kettenis@.
Many thanks!
|
| |
|
|
|
| |
of the v_un pointers).
OK jsg@ mvs@
|
| | |
|
| | |
|
| |
|
|
| |
ok bluhm@ sashan@
|
bluhm
mglocker
patrick
anton
visa
claudio
rob
sashan
tobhe
jan
dlg
jsg
mvs
deraadt
sthen
edd