aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Fix TCP reassembly vulnerability.releng/8.3Xin LI2014-04-303-4/+9
| | | | | | | | | Security: FreeBSD-SA-14:08.tcp Security: CVE-2014-3000 Approved by: so Notes: svn path=/releng/8.3/; revision=265125
* Fix NFS deadlock vulnerability. [SA-14:05]Xin LI2014-04-086-17/+105
| | | | | | | | | Fix ECDSA Cache Side-channel Attack in OpenSSL. [SA-14:06] Approved by: so Notes: svn path=/releng/8.3/; revision=264284
* Fix bsnmpd remote denial of service vulnerability. [SA-14:01]Xin LI2014-01-147-10/+45
| | | | | | | | | | | | | | | | Fix ntpd distributed reflection Denial of Service vulnerability. [SA-14:02] Fix BIND remote denial of service vulnerability. [SA-14:04] Disable hardware RNGs by default. [EN-14:01] Fix incorrect coalescing of stack entry with mmap. [EN-14:02] Approved by: so Notes: svn path=/releng/8.3/; revision=260647
* MFC r257879:Xin LI2013-11-283-3/+6
| | | | | | | | | | | | | | Fix typo in r256646: We want to generate lists of directories in INDEX-OLD and INDEX-NEW and compare them, not generate the same list of directories from INDEX-OLD twice... Pointy hats to: cperciva & everybody who didn't proofread EN-13:04 enough Errata Notice: FreeBSD-EN-13:05.freebsd-update Approved by: so Notes: svn path=/releng/8.3/; revision=258725
* MFC r256646, r256767, r257038:Xin LI2013-10-263-9/+30
| | | | | | | | | | | | | | | | | | | When installing updates, install new directories first and remove old directories last. Allow ~ in file names so libtool droppings in contrib don't break updates. It has happened twice now, and is likely to happen again. Be more selective when filtering for lib*.so.N files. These are deleted at the end of the upgrade process, after warning users to upgrade any 3rd party software (e.g., from the ports tree) which might link to the libraries being removed. Errata Notice: FreeBSD-EN-13:04.freebsd-update Approved by: so Notes: svn path=/releng/8.3/; revision=257194
* In IPv6 and NetATM, stop SIOCSIFADDR, SIOCSIFBRDADDR, SIOCSIFDSTADDRDag-Erling Smørgrav2013-09-106-3/+65
| | | | | | | | | | | | | | | | | and SIOCSIFNETMASK at the socket layer rather than pass them on to the link layer without validation or credential checks. [SA-13:12] Prevent cross-mount hardlinks between different nullfs mounts of the same underlying filesystem. [SA-13:13] Security: CVE-2013-5691 Security: FreeBSD-SA-13:12.ifioctl Security: CVE-2013-5710 Security: FreeBSD-SA-13:13.nullfs Approved by: so Notes: svn path=/releng/8.3/; revision=255446
* Fix an integer overflow in computing the size of a temporary bufferXin LI2013-08-225-1/+22
| | | | | | | | | | | | | | | | | can result in a buffer which is too small for the requested operation. [13:09] Fix a bug that could lead to kernel memory disclosure with SCTP state cookie. [13:10] Security: CVE-2013-3077 Security: FreeBSD-SA-13:09.ip_multicast Security: CVE-2013-5209 Security: FreeBSD-SA-13:10.sctp Approved by: so Notes: svn path=/releng/8.3/; revision=254632
* Bump patchlevel which was not bumped in r253694.Xin LI2013-07-291-1/+1
| | | | | | | | Pointy hat to: delphij Approved by: so Notes: svn path=/releng/8.3/; revision=253778
* Fix a bug that allows remote client bypass the normalXin LI2013-07-262-1/+6
| | | | | | | | | | | | access checks when when -network or -host restrictions are used at the same time with -mapall. [13:08] Security: CVE-2013-4851 Security: FreeBSD-SA-13:08.nfsserver Approved by: so Notes: svn path=/releng/8.3/; revision=253694
* Fix a bug that allows NFS clients to issue READDIR on files.Dag-Erling Smørgrav2013-04-292-1/+4
| | | | | | | | | | | | (files missing from previous commit) PR: kern/178016 Security: CVE-2013-3266 Security: FreeBSD-SA-13:05.nfsserver Approved by: so Notes: svn path=/releng/8.3/; revision=250069
* Fix a bug that allows NFS clients to issue READDIR on files.Dag-Erling Smørgrav2013-04-291-0/+2
| | | | | | | | | | PR: kern/178016 Security: CVE-2013-3266 Security: FreeBSD-SA-13:05.nfsserver Approved by: so Notes: svn path=/releng/8.3/; revision=250059
* Fix OpenSSL multiple vulnerabilities. [13:03]Xin LI2013-04-02106-627/+2342
| | | | | | | | | | | | | Fix BIND remote denial of service. [13:04] Security: CVE-2013-0166, CVE-2013-0169 Security: FreeBSD-SA-13:03.openssl Security: CVE-2013-2266 Security: FreeBSD-SA-13:04.bind Approved by: so Notes: svn path=/releng/8.3/; revision=249029
* Fix Denial of Service vulnerability in named(8) with DNS64. [13:01]Bjoern A. Zeeb2013-02-193-23/+83
| | | | | | | | | | | | | | Fix Denial of Service vulnerability in libc's glob(3) functionality. [13:02] Security: CVE-2012-5688 Security: FreeBSD-SA-13:01.bind Security: CVE-2010-2632 Security: FreeBSD-SA-13:02.libc Approved by: so (simon, bz) Notes: svn path=/releng/8.3/; revision=246989
* Fix multiple Denial of Service vulnerabilities with named(8).Simon L. B. Nielsen2012-11-228-17/+60
| | | | | | | | | | | | | | | | Fix insufficient message length validation for EAP-TLS messages. Fix Linux compatibility layer input validation error. Security: FreeBSD-SA-12:06.bind Security: FreeBSD-SA-12:07.hostapd Security: FreeBSD-SA-12:08.linux Security: CVE-2012-4244, CVE-2012-5166, CVE-2012-4445, CVE-2012-4576 Approved by: re Approved by: security-officer Notes: svn path=/releng/8.3/; revision=243417
* Fix named(8) DNSSEC validation Denial of Service.Simon L. B. Nielsen2012-08-063-3/+7
| | | | | | | | | | Security: FreeBSD-SA-12:05.bind Security: CVE-2012-3817 Obtained from: ISC Approved by: so (simon) Notes: svn path=/releng/8.3/; revision=239108
* Fix a problem where zero-length RDATA fields can cause named(8) to crash.Bjoern A. Zeeb2012-06-128-21/+72
| | | | | | | | | | | | | | | | | | | [12:03] Correct a privilege escalation when returning from kernel if running FreeBSD/amd64 on non-AMD processors. [12:04] Fix reference count errors in IPv6 code. [EN-12:02] Security: CVE-2012-1667 Security: FreeBSD-SA-12:03.bind Security: CVE-2012-0217 Security: FreeBSD-SA-12:04.sysret Security: FreeBSD-EN-12:02.ipv6refcount Approved by: so (simon, bz) Notes: svn path=/releng/8.3/; revision=236953
* Update the previous openssl fix. [12:01]Bjoern A. Zeeb2012-05-305-11/+16
| | | | | | | | | | | Fix a bug in crypt(3) ignoring characters of a passphrase. [12:02] Security: FreeBSD-SA-12:01.openssl (revised) Security: FreeBSD-SA-12:02.crypt Approved by: so (bz, simon) Notes: svn path=/releng/8.3/; revision=236304
* Fix multiple OpenSSL vulnerabilities.Bjoern A. Zeeb2012-05-0313-40/+166
| | | | | | | | | | Security: CVE-2011-4576, CVE-2011-4619, CVE-2011-4109 Security: CVE-2012-0884, CVE-2012-2110 Security: FreeBSD-SA-12:01.openssl Approved by: so (bz,simon) Notes: svn path=/releng/8.3/; revision=234954
* - Fix revision numbers to ones in RELENG_8*.release/8.3.0Hiroki Sato2012-04-091-103/+78
| | | | | | | | | | | | - Document posix_fadvise(2)[*] - xz 5.0.1. Spotted by: jhb [*] Approved by: re (implicit) Notes: svn path=/releng/8.3/; revision=234052 svn path=/release/8.3.0/; revision=234063; tag=release/8.3.0
* Ready for 8.3-RELEASE builds to start.Ken Smith2012-04-081-1/+1
| | | | | | | Approved by: re (implicit) Notes: svn path=/releng/8.3/; revision=234022
* MFS r234020:Ken Smith2012-04-081-0/+3
| | | | | | | | | > Guess at when we will be able to announce 8.3-RELEASE. Approved by: re (implicit) Notes: svn path=/releng/8.3/; revision=234021
* MFS r233658:Ken Smith2012-04-061-7/+19
| | | | | | | | | | Update with the package set that will ship with 8.3-RELEASE. Reviewed by: portmgr, re Approved by: re (bz) Notes: svn path=/releng/8.3/; revision=233956
* MFC: r233827 (backported)Marius Strobl2012-04-061-0/+6
| | | | | | | | | | | | | | Fix probing of SAS1068E with a device ID of 0x0059 after r232411 (MFC'ed to releng/8.3 in r232632). Reported by: infofarmer This is a minimal direct commit to releng/8.3 in order to restore pre-r232632 behavior for the above devices. Approved by: re (kensmith) Notes: svn path=/releng/8.3/; revision=233955
* MFS r233211 (problem not believed to effect head or stable/9):Ken Smith2012-03-231-1/+1
| | | | | | | | | | | | Implement a workaround for a bug in the linker's estimate for the program header size that can cause it to fail linking the kernel. Reviewed by: kib Approved by: re (bz) Notes: svn path=/releng/8.3/; revision=233366
* MFC r233004:Michael Tuexen2012-03-212-5/+21
| | | | | | | | | | Fix bugs which can result in a panic when an non-SCTP socket it used with an sctp_ system-call which expects an SCTP socket. Approved by: re@ Notes: svn path=/releng/8.3/; revision=233270
* Ready for 8.3-RC2 builds.Ken Smith2012-03-191-1/+1
| | | | | | | Approved by: re (implicit) Notes: svn path=/releng/8.3/; revision=233183
* MFS (files not present in head) r233180:Ken Smith2012-03-192-2/+2
| | | | | | | | | | | | > Bump the version of perl used as part of the release build from 5.10 > to 5.12. Insta-MFS done so we can start 8.3-RC2 builds. Approved by: re (implicit) Notes: svn path=/releng/8.3/; revision=233182
* Trim old news items.Hiroki Sato2012-03-181-8/+1
| | | | | | | Approved by: re (implicit) Notes: svn path=/releng/8.3/; revision=233115
* Add relnote items for 8.3R (revision numbers are fixed yet):Hiroki Sato2012-03-181-30/+487
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | SA-11:01 to SA-11:10, dtrace systrace_linux32 on amd64 support, hhook(9) and khelp(9~ added, hw.mwmtest.tests loader tunable, O_CLOEXEC for open(2) and fhopen(2) added, posix_fallocate(2) added, usbdump(8) added, cxgbe(4) 7.11.0 added, dc(4) PAE support, em(4) 7.3.2, igb(4) 2.3.1, igb(4) I350 support, ixgbe(4) 2.4.5, iwn(4) firmware image updated, msk(4) RXCSUM fixed, nge(4) MTU handling fixed, rdcphy(4) added, re(4) RTL8168E/8111E-VL and RTL8401E support added, re(4) TX interrupt moderation on RTL810xE added, re(4) RX interrupt moderation performance improvement, re(4) TSO support on RTL8168/8111 added, re(4) TXCSUM/RXCSUM offloading can be enabled independently now, re(4) RTL8105E support added, vte(4) added, ipfw(8) call and return actions added, IPsec HMAC-SHA-{256,384,512} in RFC 4868 supported, IPV6_PKTINFO bug in sendmsg(2) fixed, mod_cc(9) pluggable congestion control framework added, h_ertt(4) khelp module added, TCP_CONGESTION sockopt added, nf_ipfw(4) now supports IPv6, ng_one2many(4) XMIT_FAILOVER algorithm support added, ada(4) kern.cam.ada.write_cache, arcmsr(4) 1.20.00.22, graid(8) added, mxge(4) updated, tws(4) added, FFS TRIM support added, NFS nocto mount option added, vfs.typenumhash loader tunable added, ZFS SPA version 28, bsdtar 2.8.5, cpuset(1) -C, fetch(1) STAT FTP command bug fixed, gpart(8) show -p added, hastd(8) drops root privilege, hastd(8) checksum keyword support added, hastd(8) compression keyword support added, readline(3) API imported to libedit, makefs(8) ISO 9660 format support, libmd/libcrypt SHA-{256,512} support added, netstat(1) not expose scope addr representation derived from KAME stack, newsyslog(8) xz compression support, poweroff(8) added, ppp(8) iface name xxx and iface description xxx subcommands added, ps(1) -o usertime and -o systime, rtadvd(8) noifprefix, RFC 6106 support, rtadvctl(8) added, tftpd(8) large file bugfix, zpool labelclear subcommand added, awk 2011/8/7 snapshot, BIND 9.6-ESV-R5-P1, netcat 4.9, GCC r127959, the last GPLv2-licensed version, less v444, OpenSSH 5.4p1+HPN, sendmail 8.14.5, tzdata2011n, unifdef 2.5.6, xz 2011/7/11 snapshot, and x11/kde4 4.7.4. Approved by: re (implicit) Notes: svn path=/releng/8.3/; revision=233114
* Merge r232675 from head, via r232989 in stable/8:Kenneth D. Merry2012-03-151-0/+1
| | | | | | | | | | | Make the mps(4) module depend on the cam module. Submitted by: Mykola Dzham <i@levsha.me> Approved by: re (kib) Notes: svn path=/releng/8.3/; revision=233006
* MFC: r232822Marius Strobl2012-03-141-0/+15
| | | | | | | | | | | | | | | | | | Fix a bug introduced in r223938 (MFC'ed to stable/8 in r224411); on big-endian machines coping a 32-bit quantum bytewise to the address of a 64-bit variable results in writing to the "wrong" 32-bit half so adjust the address accordingly. This fix is implemented in a hackish way for two reasons: o in order to be able to get it into 8.3 with zero impact on the little- endian architectures where this bug has no effect and o to avoid blowing the x86 boot2 out of the water again when compiling it with clang, which all sane versions of this fix tested do. This change fixes booting from UFS1 file systems on big-endian machines. Approved by: re (kib) Notes: svn path=/releng/8.3/; revision=232965
* MFC r232723, r232726:Michael Tuexen2012-03-131-1/+10
| | | | | | | | | | | Fix a bug reported by Peter Holm which results in a crash: Verify in sctp_peeloff() that the socket is a one-to-many style SCTP socket. Approved by: re@ Notes: svn path=/releng/8.3/; revision=232928
* MFS r232550:Xin LI2012-03-081-1/+1
| | | | | | | | | | Backout r223115 and restore the historic behavior (create the default base directory in pw.conf). Approved by: re (kib) Notes: svn path=/releng/8.3/; revision=232696
* Trim old entries and update version numbers.Hiroki Sato2012-03-074-1041/+29
| | | | | | | Approved by: re (implicit) Notes: svn path=/releng/8.3/; revision=232672
* MFS r232560:Hiroki Sato2012-03-071-0/+2
| | | | | | | | | | | | Copy ip6po_minmtu and ip6po_prefer_tempaddr in ip6_copypktopts(). This fixes inconsistency when options are specified by both setsockopt() and ancillary data types. PR: kern/158307 Approved by: re (kib) Notes: svn path=/releng/8.3/; revision=232634
* Merge r232563 from stable/8 (r232411 from head):Kenneth D. Merry2012-03-071-6/+56
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix a problem that was causing the mpt(4) driver to attach to MegaRAID cards that should be handled by the mfi(4) driver. The root of the problem is that the mpt(4) driver was masking off the bottom bit of the PCI device ID when deciding which cards to attach to. It appears that a number of the mpt(4) Fibre Channel cards had a LAN variant whose PCI device ID was just one bit off from the FC card's device ID. The FC cards were even and the LAN cards were odd. The problem was that this pattern wasn't carried over on the SAS and parallel SCSI mpt(4) cards. Luckily the SAS and parallel SCSI PCI device IDs were either even numbers, or they would get masked to a supported adjacent PCI device ID, and everything worked well. Now LSI is using some of the odd-numbered PCI device IDs between the 3Gb SAS device IDs for their new MegaRAID cards. This is causing the mpt(4) driver to attach to the RAID cards instead of the mfi(4) driver. The solution is to stop masking off the bottom bit of the device ID, and explicitly list the PCI device IDs of all supported cards. This change should be a no-op for mpt(4) hardware. The only intended functional change is that for the 929X, the is_fc variable gets set. It wasn't being set previously, but needs to be because the 929X is a Fibre Channel card. Reported by: Kashyap Desai <Kashyap.Desai@lsi.com> Approved by: re (jpaetzel) Notes: svn path=/releng/8.3/; revision=232632
* Merge r232554 from stable/8 (r232225 from head):Jim Harris2012-03-051-2/+6
| | | | | | | | | | | | | | | | | Include missing device IDs for isci(4) driver. The C600 chipset will surface one of device IDs 0x1D6C-0x1D6F for the integrated SAS controller on systems that are shipped with a 3rd party (i.e. non-Intel) device driver. These changes add the 0x1D6C-0x1D6F device IDs, as well as change isci_probe() to return a value that would allow a 3rd-party FreeBSD driver to load against this device, should such a driver ever come to fruition. Approved by: re (kib), sbruno Notes: svn path=/releng/8.3/; revision=232559
* Merge r232556 from stable/8 (r231761 from head):Gleb Smirnoff2012-03-051-0/+4
| | | | | | | | | | In ng_bypass() add more protection against potential race with ng_rmnode() and its followers. Approved by: re (kib) Notes: svn path=/releng/8.3/; revision=232558
* We should be ready for 8.3-RC1.Ken Smith2012-03-031-1/+1
| | | | | | | Approved by: re (implicit) Notes: svn path=/releng/8.3/; revision=232447
* Update __FreeBSD_version to 803000 to reflect releng/8.3 has been branched.Ken Smith2012-03-031-1/+1
| | | | | | | Approved by: re (implicit) Notes: svn path=/releng/8.3/; revision=232446
* Update the CVS branch tag.Ken Smith2012-03-031-1/+1
| | | | | | | Approved by: re (implicit) Notes: svn path=/releng/8.3/; revision=232445
* Update RELEASETAG and SVNBRANCH.Ken Smith2012-03-031-2/+2
| | | | | | | Approved by: re (implicit) Notes: svn path=/releng/8.3/; revision=232444
* Update to have "make update" pull from RELENG_8_3.Ken Smith2012-03-031-1/+1
| | | | | | | Approved by: re (implicit) Notes: svn path=/releng/8.3/; revision=232443
* Merge r229304,r229748,r229751,r232436Ken Smith2012-03-031-1/+4
| | | | | | | | | | Catch up to head and stable/9 for what combination of __FreeBSD_version values map to package directories. Approved by: re (implicit) Notes: svn path=/stable/8/; revision=232437
* MFC r231713Remko Lodder2012-03-022-0/+2
| | | | | | | | | | | | | | | | Add additional Sierra 3G device. Original commit message: Add new USB device ID. MFC after: 3 days PR: usb/165154 PR: usb/165154 Approved by: re(kib), hselasky Notes: svn path=/stable/8/; revision=232381
* MFC r230989: Fix a possible infinite loop in "route flush" on 64-bit archs.Hiroki Sato2012-03-021-2/+2
| | | | | | | Approved by: re (bz) Notes: svn path=/stable/8/; revision=232371
* MFC r230981: Fix input validation in SO_SETFIB socket option.Hiroki Sato2012-03-021-1/+1
| | | | | | | Approved by: re (bz) Notes: svn path=/stable/8/; revision=232370
* MFC r232267:Ed Maste2012-03-012-0/+10
| | | | | | | | | | | | | | | | | | | | Workaround for PCIe 4GB boundary issue Enforce a boundary of no more than 4GB - transfers crossing a 4GB boundary can lead to data corruption due to PCIe limitations. This change is a less-intrusive workaround that can be quickly merged back to older branches; a cleaner implementation will arrive in HEAD later but may require KPI changes. This change is based on a suggestion by jhb@. Approved by: re Reviewed by: jhb (MFC) Reviewed by: jhb, scottl (original) Sponsored by: Sandvine Incorporated Notes: svn path=/stable/8/; revision=232354
* MFC r231743,231836-231837,231839,231883,232308Justin T. Gibbs2012-03-015-139/+787
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Xen PV block interface enhancements Approved by: re (kib) Reviewed by: cperciva Tested by: cperciva Sponsored by: Spectra Logic Corporation r231743 ======= Enhance documentation, improve interoperability, and fix defects in FreeBSD's front and back Xen blkif interface drivers. sys/dev/xen/blkfront/block.h: sys/dev/xen/blkfront/blkfront.c: sys/dev/xen/blkback/blkback.c: Replace FreeBSD specific multi-page ring impelementation with support for both the Citrix and Amazon/RedHat versions of this extension. sys/dev/xen/blkfront/blkfront.c: o Add a per-instance sysctl tree that exposes all negotiated transport parameters (ring pages, max number of requests, max request size, max number of segments). o In blkfront_vdevice_to_unit() add a missing return statement so that we properly identify the unit number for high numbered xvd devices. sys/dev/xen/blkback/blkback.c: o Add static dtrace probes for several events in this driver. o Defer connection shutdown processing until the front-end enters the closed state. This avoids prematurely tearing down the connection when buggy front-ends transition to the closing state, even though the device is open and they veto the close request from the tool stack. o Add nodes for maximum request size and the number of active ring pages to the exising, per-instance, sysctl tree. o Miscelaneous style cleanup. sys/xen/interface/io/blkif.h: o Add extensive documentation of the XenStore nodes used to implement the blkif interface. o Document the startup sequence between a front and back driver. o Add structures and documenatation for the "discard" feature (AKA Trim). o Cleanup some definitions related to FreeBSD's request number/size/segment-limit extension. sys/dev/xen/blkfront/blkfront.c: sys/dev/xen/blkback/blkback.c: sys/xen/xenbus/xenbusvar.h: Add the convenience function xenbus_get_otherend_state() and use it to simplify some logic in both block-front and block-back. r231836 ======= Fix "_" vs. "-" typo in a comment. No functional changes. r231837 ======= Fix typo in a printf string: "specificed" -> "specified". r231839 ======= Fix a bug in the calculation of the maximum I/O request size. The previous code did not limit the I/O request size based on the maximum number of segments supported by the back-end. In current practice, since the only back-end supporting chained requests is the FreeBSD implementation, this limit was never exceeded. sys/dev/xen/blkfront/block.h: Add two macros, XBF_SEGS_TO_SIZE() and XBF_SIZE_TO_SEGS(), to centralize the logic of reserving a segment to deal with non-page-aligned I/Os. sys/dev/xen/blkfront/blkfront.c: o When negotiating transfer parameters, limit the max_request_size we use and publish, if it is greater than the maximum, unaligned, I/O we can support with the number of segments advertised by the backend. o Don't unilaterally reduce the I/O size published to the disk layer by a single page. max_request_size is already properly limited in the transfer parameter negotiation code. o Fix typos in printf strings: "max_requests_segments" -> "max_request_segments" "specificed" -> "specified" r231883 ======= Fix regression in the handling of blkback close events for devices that are unplugged via QEMU. sys/dev/xen/blkback/blkback.c: Toolstack initiated closures change the frontend's state to Closing. The backend must change to Closing as well, even if we can't actually close yet, in order for the frontend to notice and start the closing process. r232308 ======= blkif interface comment cleanups. No functional changes sys/xen/interface/io/blkif.h: o Insert space in "Red Hat". o Fix typo "discard-aligment" -> "discard-alignment" o Fix typo "unamp" -> "unmap" o Fix typo "formated" -> "formatted" o Clarify the text for "params". o Clarify the text for "sector-size". o Clarify the text for "max-requests" in the backend section. Notes: svn path=/stable/8/; revision=232352
* MFC r232008,232010,232080,232089Andrew Thompson2012-02-294-3/+39
| | | | | | | | | | | | Using the flowid in the mbuf assumes the network card is giving a good hash for the traffic flow, this may not be the case giving poor traffic distribution. Add a sysctl which allows us to fall back to our own flow hash code. PR: kern/164901 Approved by: re (bz) Notes: svn path=/stable/8/; revision=232314