93abcf17 kp May 7, 2021, 8:13 p.m.
Optionally also kill states that match (i.e. are the NATed state or
opposite direction state entry for) the state we're killing.

See also https://redmine.pfsense.org/issues/8555

Submitted by:	Steven Brown
Reviewed by:	bcr (man page)
Obtained from:	https://github.com/pfsense/FreeBSD-src/pull/11/
MFC after:	1 week
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D30092
cgit
c2e11d81 kp May 7, 2021, 8:13 p.m.
MFC after:	1 week
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D30059
cgit
abbcba9c kp May 7, 2021, 8:13 p.m.
This allows us to kill states created from a rule with route-to/reply-to
set.  This is particularly useful in multi-wan setups, where one of the
WAN links goes down.

Submitted by:	Steven Brown
Obtained from:	https://github.com/pfsense/FreeBSD-src/pull/11/
MFC after:	1 week
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D30058
cgit
2b2ed4a6 kp May 7, 2021, 8:13 p.m.
Use pfctl_kill_states() rather than the DIOCKILLSTATES ioctl directly.

MFC after:	1 week
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D30057
cgit
2a00c4db kp May 7, 2021, 8:13 p.m.
MFC after:	1 week
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D30055
cgit
e989530a kp May 7, 2021, 8:13 p.m.
Introduce an nvlist based alternative to DIOCKILLSTATES.

MFC after:	1 week
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D30054
cgit
53714a58 kp May 7, 2021, 8:13 p.m.
MFC after:	1 week
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D30053
cgit
7606a45d kp May 7, 2021, 8:13 p.m.
Introduce an nvlist variant of DIOCCLRSTATES.

MFC after:	1 week
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D30052
cgit
cc948296 kp May 7, 2021, 8:13 p.m.
When showing the states, in very verbose mode, also display the gateway
(i.e. the target for route-to/reply-to).

Submitted by:	Steven Brown
Reviewed by:	donner
MFC after:	1 week
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D30051
cgit
f0c914ba maxim May 7, 2021, 7:50 p.m.
Add DragonFly 5.8.1, OpenBSD 6.7, FreeBSD 11.4, DragonFly 5.8.2,
DragonFly 5.8.3, OpenBSD 6.8, NetBSD 9.1, FreeBSD 13.0, OpenBSD 6.9.
cgit
a1fadf7d markj May 7, 2021, 6:31 p.m.
div_output_outbound() and div_output_inbound() relied on the caller to
free the mbuf if an error occurred.  However, this is contrary to the
semantics of their callees, ip_output(), ip6_output() and
netisr_queue_src(), which always consume the mbuf.  So, if one of these
functions returned an error, that would get propagated up to
div_output(), resulting in a double free.

Fix the problem by making div_output_outbound() and div_output_inbound()
responsible for freeing the mbuf in all cases.

Reported by:	Michael Schmiedgen <schmiedgen@gmx.net>
Tested by:	Michael Schmiedgen
Reviewed by:	donner
MFC after:	3 days
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D30129
cgit
831850d8 markj May 7, 2021, 6:31 p.m.
When unwinding the stack, we may encounter a stack frame in a poisoned
region of the stack, triggering a false positive.

Reviewed by:	andrew, kib
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D30126
cgit
cfad8bd2 markj May 7, 2021, 6:31 p.m.
Add __nosanitizememory while I'm here.

Reviewed by:	andrew, kib
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D30126
cgit
2d499d50 markj May 7, 2021, 6:31 p.m.
KASAN does not insert redzones around global variables and so is not
susceptible to the problem that led to us disabling ASAN for linker set
elements in the first place (see commit fe3d8086fb6f).

Reviewed by:	andrew, kib
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D30126
cgit
1a212abd markj May 7, 2021, 6:31 p.m.
The coldsync port was removed in 2012.  The last stable release of
coldsync was issued in 2002.  Let's get rid of it.

PR:		255051
Reviewed by:	imp
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D30100
cgit