As provided by Takahiro HAYASHI in PR kern/48109. Additional error
registration in ipf(8) by myself. Changes tested with GENERIC and
XEN3_DOM0. Thanks!
XXX pull-up netbsd-7
Still don't understand why the fstrans_done must happen after the
vput, and that will cause trouble once we move responsibility for the
vrele and unlock outside the vop as it seems obvious we ought to do
-- it's the caller's reference, not the vop's.
* allow OpenSSL cipher configuration to be set for internal EAP server
(openssl_ciphers parameter)
* fixed number of small issues based on hwsim test case failures and
static analyzer reports
* P2P:
- add new=<0/1> flag to P2P-DEVICE-FOUND events
- add passive channels in invitation response from P2P Client
- enable nl80211 P2P_DEVICE support by default
- fix regresssion in disallow_freq preventing search on social
channels
- fix regressions in P2P SD query processing
- try to re-invite with social operating channel if no common channels
in invitation
- allow cross connection on parent interface (this fixes number of
use cases with nl80211)
- add support for P2P services (P2PS)
- add p2p_go_ctwindow configuration parameter to allow GO CTWindow to
be configured
* increase postponing of EAPOL-Start by one second with AP/GO that
supports WPS 2.0 (this makes it less likely to trigger extra roundtrip
of identity frames)
* add support for PMKSA caching with SAE
* add support for control mesh BSS (IEEE 802.11s) operations
* fixed number of issues with D-Bus P2P commands
* fixed regression in ap_scan=2 special case for WPS
* fixed macsec_validate configuration
* add a workaround for incorrectly behaving APs that try to use
EAPOL-Key descriptor version 3 when the station supports PMF even if
PMF is not enabled on the AP
* allow TLS v1.1 and v1.2 to be negotiated by default; previous behavior
of disabling these can be configured to work around issues with broken
servers with phase1="tls_disable_tlsv1_1=1 tls_disable_tlsv1_2=1"
* add support for Suite B (128-bit and 192-bit level) key management and
cipher suites
* add WMM-AC support (WMM_AC_ADDTS/WMM_AC_DELTS)
* improved BSS Transition Management processing
* add support for neighbor report
* add support for link measurement
* fixed expiration of BSS entry with all-zeros BSSID
* add optional LAST_ID=x argument to LIST_NETWORK to allow all
configured networks to be listed even with huge number of network
profiles
* add support for EAP Re-Authentication Protocol (ERP)
* fixed EAP-IKEv2 fragmentation reassembly
* improved PKCS#11 configuration for OpenSSL
* set stdout to be line-buffered
* add TDLS channel switch configuration
* add support for MAC address randomization in scans with nl80211
* enable HT for IBSS if supported by the driver
* add BSSID black and white lists (bssid_blacklist, bssid_whitelist)
* add support for domain_suffix_match with GnuTLS
* add OCSP stapling client support with GnuTLS
* include peer certificate in EAP events even without a separate probe
operation; old behavior can be restored with cert_in_cb=0
* add peer ceritficate alt subject name to EAP events
(CTRL-EVENT-EAP-PEER-ALT)
* add domain_match network profile parameter (similar to
domain_suffix_match, but full match is required)
* enable AP/GO mode HT Tx STBC automatically based on driver support
* add ANQP-QUERY-DONE event to provide information on ANQP parsing
status
* allow passive scanning to be forced with passive_scan=1
* add a workaround for Linux packet socket behavior when interface is in
bridge
* increase 5 GHz band preference in BSS selection (estimate SNR, if info
not available from driver; estimate maximum throughput based on common
HT/VHT/specific TX rate support)
* add INTERWORKING_ADD_NETWORK ctrl_iface command; this can be used to
implement Interworking network selection behavior in upper layers
software components
* add optional reassoc_same_bss_optim=1 (disabled by default)
optimization to avoid unnecessary Authentication frame exchange
* extend TDLS frame padding workaround to cover all packets
* allow wpa_supplicant to recover nl80211 functionality if the cfg80211
module gets removed and reloaded without restarting wpa_supplicant
* allow hostapd DFS implementation to be used in wpa_supplicant AP mode
Summary for 4.7.3 tcpdump release
Capsicum fixes for FreeBSD 10
Monday March. 10, 2015 guy@alum.mit.edu
Summary for 4.7.2 tcpdump release
DCCP: update Packet Types with RFC4340/IANA names
fixes for CVE-2015-0261: IPv6 mobility header check issue
fixes for CVE-2015-2153, 2154, 2155: kday packets
Friday Nov. 12, 2014 guy@alum.mit.edu
Summary for 4.7.0 tcpdump release
changes to hex printing of CDP packets
Fix PPI printing
Radius: update Packet Type Codes and Attribute Types with RFC/IANA names
Add a routine to print "text protocols", and add FTP/HTTP/SMTP/RTSP support.
improvements to telnet printer, even if not -v
omit length for bcp, print-tcp uses it
formatting fixes for a bunch of protocols
new bounds checks for a number of protocols
split netflow 1,6, and 6 dissector up.
added geneve dissector
CVE-2014-9140 PPP dissector fixed.
Thursday Feb. 12, 2015 guy@alum.mit.edu/mcr@sandelman.ca
Summary for 1.8.0 libpcap release
Support for filtering Geneve encapsulated packets.
Wednesday Nov. 12, 2014 guy@alum.mit.edu/mcr@sandelman.ca
Summary for 1.7.0 libpcap release
Fix handling of zones for BPF on Solaris
new DLT for ZWAVE
clarifications for read timeouts.
added bpf_filter1() with extensions
some fixes to compilation without stdint.h
EBUSY can now be returned by SNFv3 code.
- Fix example: fstrans_start never fails and returns void.
- Add fstrans_mount/fstrans_unmount.
- Explain intent, not just mechanism.
- Add internal cross-references and redundant information from
different callers' perspectives.
