FreeBSD source tree https://cgit-dev.freebsd.org/src/atom?h=main 2025-08-26T04:34:45Z 2025-08-26T04:34:45Z Maxim Sobolev sobomax@FreeBSD.org 2025-08-25T22:08:12Z urn:sha1:f74c0dc583d69400b9cea41e2f009d8c4757ce26 Fix potential crash in the ng_nat module when attaching directly to the layer 2 (ethernet) while calculating TCP checksum. The issue is due to in_delayed_cksum() expecting to access IP header at the offset 0 from the mbuf start, while if we are attached to the L2 directly, the IP header at going to be at the certain offset. Reviewed by: markj, tuexen Approved by: tuexen Sponsored by: Sippy Software, Inc. Differential Revision: https://reviews.freebsd.org/D49677 MFC After: 2 weeks 2024-12-06T09:31:58Z Damjan Jovanovic damjan.jov@gmail.com 2024-12-06T09:31:58Z urn:sha1:f132be9bac5f29e844e8dde4f3a70f4c3c158221 Enable support for endpoint-independent mapping ("full cone NAT") via Libalias's UDP NAT. Reviewed by: igoro, thj Differential Revision: https://reviews.freebsd.org/D46689 2024-05-31T16:19:54Z Dmitry Lukhtionov dmitryluhtionov@gmail.com 2024-05-31T16:19:54Z urn:sha1:9b8db66402e94919ab47fc2d69863968e49e305a The kernel option NG_SEPARATE_MALLOC helps to debug memory leaks in netgraph(4). Several nodes were missing the support. 2023-12-25T12:18:01Z Richard Scheffenegger rscheff@FreeBSD.org 2023-12-25T11:26:25Z urn:sha1:a8b70cf26030d68631200619bd1b0ad35b34b6b8 Update all remaining references to the struct tcphdr th_x2 field. This completes the compatibilty of various aspects with AccECN (TH_AE), after the internal ipfw "re-checksum required" was moved to use the TH_RES1 flag. No functional change. Reviewed By: tuexen, #transport, glebius Sponsored by: NetApp, Inc. Differential Revision: https://reviews.freebsd.org/D43172 2023-08-16T17:54:11Z Warner Losh imp@FreeBSD.org 2023-08-16T17:54:11Z urn:sha1:95ee2897e98f5d444f26ed2334cc7c439f9c16c6 Remove /^\s*\*\n \*\s+\$FreeBSD\$$\n/ 2023-05-12T16:44:03Z Warner Losh imp@FreeBSD.org 2023-05-10T15:40:58Z urn:sha1:4d846d260e2b9a3d4d0a701462568268cbfe7a5b The SPDX folks have obsoleted the BSD-2-Clause-FreeBSD identifier. Catch up to that fact and revert to their recommended match of BSD-2-Clause. Discussed with: pfg MFC After: 3 days Sponsored by: Netflix 2021-01-24T19:38:35Z Neel Chauhan nc@FreeBSD.org 2021-01-24T19:23:39Z urn:sha1:5fe433a6e4d8cab6b64284698301afc0c55a9db2 This extends upon the RFC 6598 support to libalias/ipfw in r357092. Reviewed By: manpages (bcr), donner, adrian, kp Approved by: kp (mentor) MFC after: 1 month Differential Revision: https://reviews.freebsd.org/D23461 2020-09-01T21:19:14Z Mateusz Guzik mjg@FreeBSD.org 2020-09-01T21:19:14Z urn:sha1:662c13053f4bf2d6245ba7e2b66c10d1cd5c1fb9 2020-02-12T00:31:00Z Eugene Grosbein eugen@FreeBSD.org 2020-02-12T00:31:00Z urn:sha1:49f384cb477bd32a4d1e85f0bf9fe7499f6b3e72 From the beginning, ng_nat safely assumed cleansed traffic because of limited ways it could be attached to NETGRAPH: ng_ipfw or ng_ppp only. Now as it may be attached with ng_ether too, the assumption proven wrong. Add needed check to the ng_nat. Thanks for markj for debugging this. PR: 243096 Submitted by: Lutz Donnerhacke <lutz@donnerhacke.de> Reported by: Robert James Hernandez <rob@sarcasticadmin.com> Reviewed by: markj and others MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D23091 2020-01-23T16:45:48Z Mark Johnston markj@FreeBSD.org 2020-01-23T16:45:48Z urn:sha1:66351f5126ac27d55d0014568ee9b5319e46c01b ng_nat implements NAT for IPv4 traffic only. When connected to an ng_ether node it erroneously handled IPv6 packets as well. This change is not sufficient: ng_nat does not do any validation of IP packets in this mode, even though they have not yet passed through ip_input(). PR: 243096 Reported by: Robert James Hernandez <rob@sarcasticadmin.com> Reviewed by: julian Differential Revision: https://reviews.freebsd.org/D23080