![[BACK]](/icons/back.gif){kind=icon}
Up to [cvs.NetBSD.org] / src / sys / net / npf
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.14.2.2, Wed Aug 20 00:04:35 2014 UTC (9 years, 8 months ago) by tls
Branch: tls-maxphys
Changes since 1.14.2.1: +2 -2
lines
FILE REMOVED
Rebase to HEAD as of a few days ago.
Revision 1.5.8.5, Thu May 22 11:41:09 2014 UTC (9 years, 11 months ago) by yamt
Branch: yamt-pagecache
Changes since 1.5.8.4: +2 -2
lines
FILE REMOVED
sync with head.
for a reference, the tree before this commit was tagged
as yamt-pagecache-tag8.
this commit was splitted into small chunks to avoid
a limitation of cvs. ("Protocol error: too many arguments")
Revision 1.16.2.1, Sun May 18 17:46:13 2014 UTC (9 years, 11 months ago) by rmind
Branch: rmind-smpnet
Changes since 1.16: +2 -2
lines
FILE REMOVED
sync with head
Revision 1.9.2.5.4.1 / (download) - annotate - [select for diffs], Sun Nov 17 19:21:21 2013 UTC (10 years, 5 months ago) by bouyer
Branch: netbsd-6-0
CVS Tags: netbsd-6-0-6-RELEASE,
netbsd-6-0-5-RELEASE,
netbsd-6-0-4-RELEASE
Changes since 1.9.2.5: +4 -4
lines
Diff to previous 1.9.2.5 (colored) next main 1.9.2.6 (colored)
Apply patch, requested by rmind in ticket 986: usr.sbin/npf/npfctl/npf_ncgen.c patch sys/net/npf/npf_instr.c patch fix the byteorder for port range comparison
Revision 1.9.2.7.2.1 / (download) - annotate - [select for diffs], Sun Nov 17 19:21:14 2013 UTC (10 years, 5 months ago) by bouyer
Branch: netbsd-6-1
CVS Tags: netbsd-6-1-5-RELEASE,
netbsd-6-1-4-RELEASE,
netbsd-6-1-3-RELEASE
Changes since 1.9.2.7: +4 -4
lines
Diff to previous 1.9.2.7 (colored) next main 1.9.2.8 (colored)
Apply patch, requested by rmind in ticket 986: usr.sbin/npf/npfctl/npf_ncgen.c patch sys/net/npf/npf_instr.c patch fix the byteorder for port range comparison
Revision 1.9.2.8 / (download) - annotate - [select for diffs], Sun Nov 17 19:21:07 2013 UTC (10 years, 5 months ago) by bouyer
Branch: netbsd-6
Changes since 1.9.2.7: +4 -4
lines
Diff to previous 1.9.2.7 (colored) to branchpoint 1.9 (colored) next main 1.10 (colored)
Apply patch, requested by rmind in ticket 986: usr.sbin/npf/npfctl/npf_ncgen.c patch sys/net/npf/npf_instr.c patch fix the byteorder for port range comparison
Revision 1.17, Thu Sep 19 01:49:07 2013 UTC (10 years, 7 months ago) by rmind
Branch: MAIN
CVS Tags: yamt-pagecache-base9,
tls-maxphys-base,
tls-earlyentropy-base,
tls-earlyentropy,
thorpej-futex-base,
rmind-smpnet-nbase,
rmind-smpnet-base,
riastradh-xf86-video-intel-2-7-1-pre-2-21-15,
riastradh-drm2-base3,
prg-localcount2-base3,
prg-localcount2-base2,
prg-localcount2-base1,
prg-localcount2-base,
prg-localcount2,
phil-wifi-20200421,
phil-wifi-20200411,
phil-wifi-20200406,
pgoyette-localcount-base,
pgoyette-localcount-20170426,
pgoyette-localcount-20170320,
pgoyette-localcount-20170107,
pgoyette-localcount-20161104,
pgoyette-localcount-20160806,
pgoyette-localcount-20160726,
pgoyette-localcount,
pgoyette-compat-merge-20190127,
pgoyette-compat-base,
pgoyette-compat-20190127,
pgoyette-compat-20190118,
pgoyette-compat-1226,
pgoyette-compat-1126,
pgoyette-compat-1020,
pgoyette-compat-0930,
pgoyette-compat-0906,
pgoyette-compat-0728,
pgoyette-compat-0625,
pgoyette-compat-0521,
pgoyette-compat-0502,
pgoyette-compat-0422,
pgoyette-compat-0415,
pgoyette-compat-0407,
pgoyette-compat-0330,
pgoyette-compat-0322,
pgoyette-compat-0315,
pgoyette-compat,
perseant-stdc-iso10646-base,
perseant-stdc-iso10646,
localcount-20160914,
isaki-audio2-base,
isaki-audio2,
cjep_sun2x-base,
cjep_sun2x,
cjep_staticlib_x-base1,
cjep_staticlib_x-base,
cjep_staticlib_x,
bouyer-xenpvh-base2,
bouyer-xenpvh-base1,
bouyer-xenpvh-base,
bouyer-xenpvh,
bouyer-sunxi-drm-base,
bouyer-sunxi-drm,
bouyer-socketcan-base1,
bouyer-socketcan-base,
bouyer-socketcan,
ad-namecache-base3,
ad-namecache-base2,
ad-namecache-base1,
ad-namecache-base,
ad-namecache,
HEAD
Changes since 1.16: +2 -2
lines
FILE REMOVED
NPF: G/C n-code in favour of BPF byte-code. Delete lots of code, mmm!
Revision 1.14.2.1 / (download) - annotate - [select for diffs], Mon Feb 25 00:30:03 2013 UTC (11 years, 1 month ago) by tls
Branch: tls-maxphys
Changes since 1.14: +44 -92
lines
Diff to previous 1.14 (colored)
resync with head
Revision 1.9.2.7 / (download) - annotate - [select for diffs], Mon Feb 11 21:49:48 2013 UTC (11 years, 2 months ago) by riz
Branch: netbsd-6
CVS Tags: netbsd-6-1-RELEASE,
netbsd-6-1-RC4,
netbsd-6-1-RC3,
netbsd-6-1-RC2,
netbsd-6-1-RC1,
netbsd-6-1-2-RELEASE,
netbsd-6-1-1-RELEASE
Branch point for: netbsd-6-1
Changes since 1.9.2.6: +4 -5
lines
Diff to previous 1.9.2.6 (colored) to branchpoint 1.9 (colored)
Pull up following revision(s) (requested by rmind in ticket #817): usr.sbin/npf/npfctl/npfctl.8: revision 1.12 usr.sbin/npf/npfctl/npf.conf.5: revision 1.27 usr.sbin/npf/npfctl/npf_parse.y: revision 1.18 usr.sbin/npf/npfctl/npf_build.c: revision 1.20 usr.sbin/npf/npfctl/npfctl.c: revision 1.28 lib/libnpf/npf.c: revision 1.16 usr.sbin/npf/npfctl/npfctl.c: revision 1.29 lib/libnpf/npf.c: revision 1.17 sys/modules/npf/Makefile: revision 1.12 sys/net/npf/npf_rproc.c: revision 1.6 usr.sbin/npf/npftest/README: revision 1.4 sys/net/npf/npf_tableset.c: revision 1.17 sys/net/npf/npf_ctl.c: revision 1.21 sys/net/npf/npf_ctl.c: revision 1.22 usr.sbin/npf/npfctl/npfctl.h: revision 1.25 lib/libnpf/npf.h: revision 1.13 usr.sbin/npf/npftest/npftest.conf: revision 1.2 usr.sbin/npf/npfctl/npfctl.h: revision 1.26 sys/net/npf/npf_ruleset.c: revision 1.17 lib/libnpf/npf.h: revision 1.14 sys/net/npf/npf_ruleset.c: revision 1.18 sys/net/npf/npf_conf.c: revision 1.1 usr.sbin/npf/npfctl/npf_scan.l: revision 1.10 sys/net/npf/npf_conf.c: revision 1.2 sys/net/npf/npf_instr.c: revision 1.16 sys/net/npf/npf_handler.c: revision 1.26 sys/net/npf/npf_impl.h: revision 1.26 usr.sbin/npf/npfctl/npf_disassemble.c: revision 1.14 sys/net/npf/npf_processor.c: revision 1.15 sys/net/npf/npf_impl.h: revision 1.27 sys/net/npf/npf_alg_icmp.c: revision 1.15 usr.sbin/npf/npfctl/npf_disassemble.c: revision 1.15 usr.sbin/npf/npfctl/npf_disassemble.c: revision 1.16 sys/net/npf/npf_ncode.h: revision 1.11 sys/net/npf/files.npf: revision 1.10 usr.sbin/npf/npftest/Makefile: revision 1.4 usr.sbin/npf/npfctl/npfctl.c: revision 1.30 lib/libnpf/npf.3: revision 1.8 usr.sbin/npf/npftest/libnpftest/npf_rule_test.c: revision 1.4 sys/net/npf/npf_session.c: revision 1.21 usr.sbin/npf/npftest/libnpftest/npf_rule_test.c: revision 1.5 usr.sbin/npf/npfctl/npf_build.c: revision 1.18 usr.sbin/npf/npfctl/npf_build.c: revision 1.19 sys/net/npf/npf_alg.c: revision 1.7 usr.sbin/npf/npfctl/Makefile: revision 1.10 sys/net/npf/npf_inet.c: revision 1.21 sys/net/npf/npf.h: revision 1.26 sys/net/npf/npf.h: revision 1.27 usr.sbin/pf/ftp-proxy/Makefile: revision 1.8 sys/net/npf/npf_nat.c: revision 1.19 sys/net/npf/npf.c: revision 1.15 sys/net/npf/npf_state.c: revision 1.14 sys/net/npf/npf_sendpkt.c: revision 1.14 sys/rump/net/lib/libnpf/Makefile: revision 1.4 IPv6 linklocal address printing cosmetics NPF: - Implement dynamic NPF rules. Controlled through npf(3) library of via npfctl rule command. A rule can be removed using a unique identifier, returned on addition, or using a key which is SHA1 hash of the rule. Adjust npftest and add a regression test. - Improvements to rule inspection mechanism. - Initial BPF support as an alternative to n-code. - Minor fixes; bump the version. Disable -DWITH_NPF for now; will be converted to BPF mechanism. - Fix NPF config reload with dynamic rules present. - Implement list and flush commands on a dynamic ruleset. Allow filtering on IP addresses even if the L4 protocol is unknown. Patch from spz@. npftest: adjust for recent change.
Revision 1.16 / (download) - annotate - [select for diffs], Sat Feb 9 03:35:32 2013 UTC (11 years, 2 months ago) by rmind
Branch: MAIN
CVS Tags: riastradh-drm2-base2,
riastradh-drm2-base1,
riastradh-drm2-base,
riastradh-drm2,
khorben-n900,
agc-symver-base,
agc-symver
Branch point for: rmind-smpnet
Changes since 1.15: +4 -5
lines
Diff to previous 1.15 (colored)
NPF: - Implement dynamic NPF rules. Controlled through npf(3) library of via npfctl rule command. A rule can be removed using a unique identifier, returned on addition, or using a key which is SHA1 hash of the rule. Adjust npftest and add a regression test. - Improvements to rule inspection mechanism. - Initial BPF support as an alternative to n-code. - Minor fixes; bump the version.
Revision 1.9.2.6 / (download) - annotate - [select for diffs], Fri Feb 8 19:18:09 2013 UTC (11 years, 2 months ago) by riz
Branch: netbsd-6
Changes since 1.9.2.5: +43 -90
lines
Diff to previous 1.9.2.5 (colored) to branchpoint 1.9 (colored)
Pull up following revision(s) (requested by rmind in ticket #777): usr.sbin/npf/npfctl/npfctl.c: revision 1.27 sys/net/npf/npf_session.c: revision 1.19 usr.sbin/npf/npftest/libnpftest/npf_mbuf_subr.c: revision 1.4 sys/net/npf/npf_rproc.c: revision 1.5 usr.sbin/npf/npftest/README: revision 1.3 sys/sys/mbuf.h: revision 1.151 sys/net/npf/npf_ruleset.c: revision 1.15 usr.sbin/npf/npftest/libnpftest/npf_nbuf_test.c: revision 1.3 sys/net/npf/npf_ruleset.c: revision 1.16 usr.sbin/npf/npftest/libnpftest/npf_state_test.c: revision 1.4 usr.sbin/npf/npftest/libnpftest/npf_nbuf_test.c: revision 1.4 sys/net/npf/npf_inet.c: revision 1.19 sys/net/npf/npf_instr.c: revision 1.15 sys/net/npf/npf_handler.c: revision 1.24 sys/net/npf/npf_handler.c: revision 1.25 sys/net/npf/npf_state_tcp.c: revision 1.12 sys/net/npf/npf_processor.c: revision 1.13 sys/net/npf/npf_impl.h: revision 1.25 sys/net/npf/npf_processor.c: revision 1.14 sys/net/npf/npf_mbuf.c: revision 1.10 sys/net/npf/npf_alg_icmp.c: revision 1.14 sys/net/npf/npf_mbuf.c: revision 1.9 usr.sbin/npf/npftest/libnpftest/npf_nat_test.c: revision 1.2 usr.sbin/npf/npftest/libnpftest/npf_rule_test.c: revision 1.3 sys/net/npf/npf_session.c: revision 1.20 sys/net/npf/npf_alg.c: revision 1.6 sys/kern/uipc_mbuf.c: revision 1.148 sys/net/npf/npf_inet.c: revision 1.20 sys/net/npf/npf.h: revision 1.25 sys/net/npf/npf_nat.c: revision 1.18 sys/net/npf/npf_state.c: revision 1.13 sys/net/npf/npf_sendpkt.c: revision 1.13 sys/net/npf/npf_ext_log.c: revision 1.2 usr.sbin/npf/npftest/libnpftest/npf_processor_test.c: revision 1.4 sys/net/npf/npf_ext_normalise.c: revision 1.2 - Rework NPF's nbuf interface: use advancing and ensuring as a main method. Eliminate unnecessary copy and simplify. Adapt regression tests. - Simplify ICMP ALG a little. While here, handle ICMP ECHO for traceroute. - Minor fixes, misc cleanup. Silence gcc in npf_recache(). Add m_ensure_contig() routine, which is equivalent to m_pullup, but does not destroy the mbuf chain on failure (it is kept valid). - nbuf_ensure_contig: rework to use m_ensure_contig(9), which will not free the mbuf chain on failure. Fixes some corner cases. Improve regression test and sprinkle some asserts. - npf_reassembly: clear nbuf on IPv6 reassembly failure path (partial fix). The problem was found and fix provided by Anthony Mallet.
Revision 1.5.8.4 / (download) - annotate - [select for diffs], Wed Jan 23 00:06:25 2013 UTC (11 years, 2 months ago) by yamt
Branch: yamt-pagecache
CVS Tags: yamt-pagecache-tag8
Changes since 1.5.8.3: +43 -90
lines
Diff to previous 1.5.8.3 (colored) to branchpoint 1.5 (colored)
sync with head
Revision 1.15 / (download) - annotate - [select for diffs], Mon Dec 24 19:05:43 2012 UTC (11 years, 3 months ago) by rmind
Branch: MAIN
CVS Tags: yamt-pagecache-base8
Changes since 1.14: +43 -90
lines
Diff to previous 1.14 (colored)
- Rework NPF's nbuf interface: use advancing and ensuring as a main method. Eliminate unnecessary copy and simplify. Adapt regression tests. - Simplify ICMP ALG a little. While here, handle ICMP ECHO for traceroute. - Minor fixes, misc cleanup.
Revision 1.5.8.3 / (download) - annotate - [select for diffs], Tue Oct 30 17:22:44 2012 UTC (11 years, 5 months ago) by yamt
Branch: yamt-pagecache
Changes since 1.5.8.2: +69 -12
lines
Diff to previous 1.5.8.2 (colored) to branchpoint 1.5 (colored)
sync with head
Revision 1.9.2.5 / (download) - annotate - [select for diffs], Wed Jul 25 20:45:23 2012 UTC (11 years, 8 months ago) by jdc
Branch: netbsd-6
CVS Tags: netbsd-6-0-RELEASE,
netbsd-6-0-RC2,
netbsd-6-0-RC1,
netbsd-6-0-3-RELEASE,
netbsd-6-0-2-RELEASE,
netbsd-6-0-1-RELEASE,
matt-nb6-plus-nbase,
matt-nb6-plus-base,
matt-nb6-plus
Branch point for: netbsd-6-0
Changes since 1.9.2.4: +33 -2
lines
Diff to previous 1.9.2.4 (colored) to branchpoint 1.9 (colored)
Pull up revisions: src/usr.sbin/npf/npfctl/npfctl.c revisions 1.16,1.17 src/sys/net/npf/npf.h revision 1.20 src/sys/net/npf/npf_alg_icmp.c revision 1.11 src/sys/net/npf/npf_impl.h revision 1.19 src/sys/net/npf/npf_inet.c revisions 1.15,1.16 src/sys/net/npf/npf_instr.c revision 1.14 src/sys/net/npf/npf_ncode.h revision 1.10 src/sys/net/npf/npf_processor.c revision 1.12 src/sys/net/npf/npf_session.c revision 1.16 src/usr.sbin/npf/npfctl/npf_build.c revision 1.12 src/usr.sbin/npf/npfctl/npf_data.c revisions 1.16,1.17 src/usr.sbin/npf/npfctl/npf_disassemble.c revision 1.8 src/usr.sbin/npf/npfctl/npf_ncgen.c revision 1.13 src/usr.sbin/npf/npfctl/npf_parse.y revision 1.11 src/usr.sbin/npf/npfctl/npf_scan.l revision 1.5 src/usr.sbin/npf/npfctl/npf_var.h revision 1.3 src/usr.sbin/npf/npfctl/npfctl.h revision 1.18 src/sys/net/npf/npf_state.c revision 1.10 src/sys/net/npf/npf_state_tcp.c revision 1.10 src/usr.sbin/npf/npftest/npfstream.c revision 1.2 src/usr.sbin/npf/npftest/libnpftest/npf_test_subr.c revision 1.2 (requested by rmind in ticket #435). Add missing __dead. teach npf ipv6-icmp reviewed by rmind@ - npfctl_print_stats: beautification a la French style. - npfctl_icmpcode: fix the build break. - npf_fetch_tcpopts: fix off-by-one when validating TCP option length against the maximum allowed. - npf_tcp_inwindow: be more liberal with npf_fetch_tcpopts(). - Few minor improvements to npftest.
Revision 1.14 / (download) - annotate - [select for diffs], Thu Jul 19 21:52:29 2012 UTC (11 years, 9 months ago) by spz
Branch: MAIN
CVS Tags: yamt-pagecache-base7,
yamt-pagecache-base6
Branch point for: tls-maxphys
Changes since 1.13: +33 -2
lines
Diff to previous 1.13 (colored)
teach npf ipv6-icmp reviewed by rmind@
Revision 1.9.2.4 / (download) - annotate - [select for diffs], Mon Jul 16 22:13:26 2012 UTC (11 years, 9 months ago) by riz
Branch: netbsd-6
Changes since 1.9.2.3: +10 -6
lines
Diff to previous 1.9.2.3 (colored) to branchpoint 1.9 (colored)
Pull up following revision(s) (requested by rmind in ticket #421): lib/libnpf/npf.c: revision 1.10 sys/net/npf/npf_session.c: revision 1.15 sys/net/npf/npf_tableset.c: revision 1.13 sys/net/npf/npf_state_tcp.c: revision 1.9 usr.sbin/npf/npfctl/npf_data.c: revision 1.15 sys/net/npf/npf_inet.c: revision 1.14 sys/net/npf/npf_ruleset.c: revision 1.13 sys/net/npf/npf.h: revision 1.19 usr.sbin/npf/npfctl/npf_ncgen.c: revision 1.12 sys/net/npf/npf_instr.c: revision 1.13 sys/net/npf/npf_handler.c: revision 1.20 usr.sbin/npf/npftest/libnpftest/npf_table_test.c: revision 1.4 sys/net/npf/npf_alg_icmp.c: revision 1.10 usr.sbin/npf/npfctl/npfctl.c: revision 1.15 usr.sbin/npf/npfctl/npf_build.c: revision 1.11 lib/libnpf/npf.h: revision 1.9 sys/net/npf/npf_alg.c: revision 1.5 sys/rump/dev/lib/libnpf/Makefile: revision 1.4 usr.sbin/npf/npfctl/npfctl.h: revision 1.17 sys/net/npf/npf_ctl.c: revision 1.16 sys/net/npf/npf_nat.c: revision 1.15 sys/net/npf/npf_tableset_ptree.c: revision 1.1 sys/net/npf/npf.c: revision 1.12 sys/net/npf/npf_sendpkt.c: revision 1.12 usr.sbin/npf/npfctl/npf_disassemble.c: revision 1.7 sys/net/npf/npf_impl.h: revision 1.18 sys/net/npf/files.npf: revision 1.7 usr.sbin/npf/npfctl/npf_parse.y: revision 1.10 - Rework NPF tables and fix support for IPv6. Implement tree table type using radix / Patricia tree. Universal IPv4/IPv6 comparator for ptree(3) was contributed by Matt Thomas. - NPF tables: update regression tests, improve npfctl(8) error messages. - Fix few bugs when using kernel modules and handle module autounloader. - Few other fixes and misc cleanups. - Bump the version.
Revision 1.13 / (download) - annotate - [select for diffs], Sun Jul 15 00:23:00 2012 UTC (11 years, 9 months ago) by rmind
Branch: MAIN
Changes since 1.12: +10 -6
lines
Diff to previous 1.12 (colored)
- Rework NPF tables and fix support for IPv6. Implement tree table type using radix / Patricia tree. Universal IPv4/IPv6 comparator for ptree(3) was contributed by Matt Thomas. - NPF tables: update regression tests, improve npfctl(8) error messages. - Fix few bugs when using kernel modules and handle module autounloader. - Few other fixes and misc cleanups. - Bump the version.
Revision 1.9.2.3 / (download) - annotate - [select for diffs], Thu Jul 5 17:48:42 2012 UTC (11 years, 9 months ago) by riz
Branch: netbsd-6
Changes since 1.9.2.2: +33 -11
lines
Diff to previous 1.9.2.2 (colored) to branchpoint 1.9 (colored)
Pull up following revision(s) (requested by rmind in ticket #399): sys/net/npf/npf_session.c: revision 1.14 sys/net/npf/npf_tableset.c: revision 1.12 sys/net/npf/npf_state_tcp.c: revision 1.8 usr.sbin/npf/npftest/libnpftest/npf_mbuf_subr.c: revision 1.3 usr.sbin/npf/npfctl/npf_data.c: revision 1.14 sys/net/npf/npf_inet.c: revision 1.13 sys/net/npf/npf_ruleset.c: revision 1.12 sys/net/npf/npf.h: revision 1.18 usr.sbin/npf/npfctl/npf_ncgen.c: revision 1.11 usr.sbin/npf/npfctl/npfctl.8: revision 1.7 usr.sbin/npf/npfctl/npf_parse.y: revision 1.9 usr.sbin/npf/npftest/libnpftest/npf_state_test.c: revision 1.2 usr.sbin/npf/npfctl/npfctl.8: revision 1.8 sys/net/npf/npf_instr.c: revision 1.12 usr.sbin/npf/npftest/libnpftest/npf_table_test.c: revision 1.3 usr.sbin/npf/npfctl/npf.conf.5: revision 1.13 usr.sbin/npf/npfctl/npf.conf.5: revision 1.14 sys/net/npf/npf_state.c: revision 1.9 sys/net/npf/npf_processor.c: revision 1.11 usr.sbin/npf/npfctl/npfctl.c: revision 1.13 usr.sbin/npf/npfctl/npfctl.c: revision 1.14 usr.sbin/npf/npfctl/npf_build.c: revision 1.10 lib/libnpf/npf.3: revision 1.5 lib/libnpf/npf.h: revision 1.8 share/man/man9/npf_ncode.9: revision 1.9 usr.sbin/npf/npfctl/npf_scan.l: revision 1.4 lib/libnpf/npf.c: revision 1.9 usr.sbin/npf/npfctl/npfctl.h: revision 1.16 sys/net/npf/npf_nat.c: revision 1.14 usr.sbin/npf/npftest/libnpftest/npf_processor_test.c: revision 1.2 usr.sbin/npf/npfctl/npf_disassemble.c: revision 1.6 sys/net/npf/npf_impl.h: revision 1.17 sys/net/npf/npf_handler.c: revision 1.18 sys/net/npf/npf_handler.c: revision 1.19 usr.sbin/npf/npftest/libnpftest/npf_test.h: revision 1.4 sys/net/npf/npf_ncode.h: revision 1.9 Fix and update npf.conf(5), npfctl(8) and its usage message. npf_state_tcp: fix for FIN retransmission and out-of-order ACK case. NPF improvements: - Add NPF_OPCODE_PROTO to match the address and/or protocol only. - Update parser to support arbitrary "pass proto <name/number>". - Fix IPv6 address and protocol handling (add a regression test). - Fix few theorethical races in session handling module. - Misc fixes, simplifications and some clean up. npf_packet_handler: fix gcc unused warning.
Revision 1.12 / (download) - annotate - [select for diffs], Sun Jul 1 23:21:06 2012 UTC (11 years, 9 months ago) by rmind
Branch: MAIN
Changes since 1.11: +33 -11
lines
Diff to previous 1.11 (colored)
NPF improvements: - Add NPF_OPCODE_PROTO to match the address and/or protocol only. - Update parser to support arbitrary "pass proto <name/number>". - Fix IPv6 address and protocol handling (add a regression test). - Fix few theorethical races in session handling module. - Misc fixes, simplifications and some clean up.
Revision 1.9.2.2 / (download) - annotate - [select for diffs], Tue Jun 26 14:49:10 2012 UTC (11 years, 9 months ago) by riz
Branch: netbsd-6
Changes since 1.9.2.1: +3 -3
lines
Diff to previous 1.9.2.1 (colored) to branchpoint 1.9 (colored)
Pull up following revision(s) (requested by rmind in ticket #365):
sys/rump/librump/rumpkern/rumpcpu_generic.c: revision 1.4
sys/net/npf/npf_session.c: revision 1.13
sys/net/npf/npf_tableset.c: revision 1.11
sys/net/npf/npf_state_tcp.c: revision 1.7
sys/net/npf/npf_inet.c: revision 1.12
sys/net/npf/npf.h: revision 1.17
sys/net/npf/npf_instr.c: revision 1.11
usr.sbin/npf/npftest/libnpftest/npf_table_test.c: revision 1.2
sys/net/npf/npf_state.c: revision 1.8
sys/net/npf/npf_log.c: revision 1.4
sys/net/npf/npf_alg.c: revision 1.4
sys/rump/librump/rumpkern/Makefile.rumpkern: revision 1.118
sys/net/npf/npf_nat.c: revision 1.13
sys/net/npf/npf.c: revision 1.11
sys/net/npf/npf_sendpkt.c: revision 1.11
sys/net/npf/npf_impl.h: revision 1.16
sys/rump/librump/rumpkern/scheduler.c: revision 1.28
rumpkern:
- Add subr_kcpuset.c and subr_pserialize.c modules.
- Add kcpuset_{running,attached} for RUMP env.
NPF:
- Rename some functions for consistency and de-inline them.
- Fix few invalid asserts (add regressoin test).
- Use pserialize(9) for ALG interface.
- Minor fixes, sprinkle many comments.
Revision 1.11 / (download) - annotate - [select for diffs], Fri Jun 22 13:43:17 2012 UTC (11 years, 10 months ago) by rmind
Branch: MAIN
Changes since 1.10: +3 -3
lines
Diff to previous 1.10 (colored)
NPF: - Rename some functions for consistency and de-inline them. - Fix few invalid asserts (add regressoin test). - Use pserialize(9) for ALG interface. - Minor fixes, sprinkle many comments.
Revision 1.5.8.2 / (download) - annotate - [select for diffs], Tue Apr 17 00:08:39 2012 UTC (12 years ago) by yamt
Branch: yamt-pagecache
Changes since 1.5.8.1: +15 -14
lines
Diff to previous 1.5.8.1 (colored) to branchpoint 1.5 (colored)
sync with head
Revision 1.9.2.1 / (download) - annotate - [select for diffs], Tue Apr 3 17:22:53 2012 UTC (12 years ago) by riz
Branch: netbsd-6
Changes since 1.9: +3 -3
lines
Diff to previous 1.9 (colored)
Pull up following revision(s) (requested by rmind in ticket #158):
sys/net/npf/npf_session.c: revision 1.12
sys/net/npf/npf_tableset.c: revision 1.10
sys/net/npf/npf_rproc.c: revision 1.2
usr.sbin/npf/npfctl/npf_parse.y: revision 1.4
sys/net/npf/npf_inet.c: revision 1.11
sys/net/npf/npf.h: revision 1.15
usr.sbin/npf/npfctl/npf_build.c: revision 1.5
sys/net/npf/npf_ruleset.c: revision 1.11
sys/net/npf/npf_instr.c: revision 1.10
usr.sbin/npf/npfctl/Makefile: revision 1.6
sys/net/npf/npf_processor.c: revision 1.10
sys/net/npf/npf_log.c: revision 1.3
lib/libnpf/npf.h: revision 1.7
sys/net/npf/npf_alg.c: revision 1.3
sys/net/npf/npf_sendpkt.c: revision 1.9
lib/libnpf/npf.c: revision 1.8
usr.sbin/npf/npfctl/npfctl.h: revision 1.13
sys/net/npf/npf_ctl.c: revision 1.13
usr.sbin/npf/npfctl/npf_ncgen.c: revision 1.8
sys/net/npf/npf_ctl.c: revision 1.14
sys/net/npf/npf_nat.c: revision 1.11
sys/net/npf/npf_nat.c: revision 1.12
sys/net/npf/npf_impl.h: revision 1.11
usr.sbin/npf/npfctl/npf_disassemble.c: revision 1.1
sys/net/npf/npf_impl.h: revision 1.12
usr.sbin/npf/npfctl/npf_disassemble.c: revision 1.2
sys/net/npf/npf_handler.c: revision 1.14
usr.sbin/npf/npfctl/npf_disassemble.c: revision 1.3
sys/net/npf/npf_handler.c: revision 1.15
sys/net/npf/npf_ncode.h: revision 1.6
sys/net/npf/npf.c: revision 1.8
sys/net/npf/npf.c: revision 1.9
sys/net/npf/npf_alg_icmp.c: revision 1.9
sys/net/npf/npf_session.c: revision 1.11
- Add NPF_DECISION_BLOCK and NPF_DECISION_PASS. Be more defensive in the
packet handler. Change the default policy to block when the config is
loaded and set it to pass when flush operation is performed.
- Use kmem_zalloc(9) instead of kmem_alloc(9) in few places.
- npf_rproc_{create,release}: use kmem_intr_{alloc,free} as the destruction
of rule procedure might happen in the interrupt handler (under a very rare
condition, if config reload races with the handler).
- npf_session_establish: check whether layer 3 and 4 are cached.
- npfctl_build_group: do not make groups as passing rules.
- Remove some unecessary header inclusion.
Simplify slightly: merge iface into addr_or_iface, use it in filt_addr.
Add a small disassembler.
definitions used by the disassembler.
- better printing of type/code flags/mask
- pass the instruction start pointer, instead of subtracting 1 to account for it
- Save active config in proplib dictionary; add GETCONF ioctl to retrieve.
- Few fixes. Improve some comments.
don't leak the branch target array.
Add NPF config retrieval routines.
Revision 1.8.2.2 / (download) - annotate - [select for diffs], Fri Feb 24 09:11:49 2012 UTC (12 years, 1 month ago) by mrg
Branch: jmcneill-usbmp
Changes since 1.8.2.1: +3 -3
lines
Diff to previous 1.8.2.1 (colored) to branchpoint 1.8 (colored) next main 1.9 (colored)
sync to -current.
Revision 1.10 / (download) - annotate - [select for diffs], Mon Feb 20 00:18:20 2012 UTC (12 years, 2 months ago) by rmind
Branch: MAIN
CVS Tags: yamt-pagecache-base5,
yamt-pagecache-base4,
jmcneill-usbmp-base9,
jmcneill-usbmp-base8,
jmcneill-usbmp-base7,
jmcneill-usbmp-base6,
jmcneill-usbmp-base5,
jmcneill-usbmp-base4,
jmcneill-usbmp-base3,
jmcneill-usbmp-base10
Changes since 1.9: +3 -3
lines
Diff to previous 1.9 (colored)
- Add NPF_DECISION_BLOCK and NPF_DECISION_PASS. Be more defensive in the
packet handler. Change the default policy to block when the config is
loaded and set it to pass when flush operation is performed.
- Use kmem_zalloc(9) instead of kmem_alloc(9) in few places.
- npf_rproc_{create,release}: use kmem_intr_{alloc,free} as the destruction
of rule procedure might happen in the interrupt handler (under a very rare
condition, if config reload races with the handler).
- npf_session_establish: check whether layer 3 and 4 are cached.
- npfctl_build_group: do not make groups as passing rules.
- Remove some unecessary header inclusion.
Revision 1.8.2.1 / (download) - annotate - [select for diffs], Sat Feb 18 07:35:38 2012 UTC (12 years, 2 months ago) by mrg
Branch: jmcneill-usbmp
Changes since 1.8: +4 -9
lines
Diff to previous 1.8 (colored)
merge to -current.
Revision 1.9 / (download) - annotate - [select for diffs], Sun Jan 15 00:49:48 2012 UTC (12 years, 3 months ago) by rmind
Branch: MAIN
CVS Tags: netbsd-6-base,
jmcneill-usbmp-base2
Branch point for: netbsd-6
Changes since 1.8: +4 -9
lines
Diff to previous 1.8 (colored)
- Expire all sessions on flush.
- Enable checking for zero mask in IP{4,6}MATCH after npfctl changes.
- Make locking symmetric for npf_ruleset_inspect().
- Sync function prototypes in npf(3) man page with reality.
- Rename NPF_TABLE_RBTREE to NPF_TABLE_TREE.
Revision 1.8 / (download) - annotate - [select for diffs], Tue Nov 29 20:05:30 2011 UTC (12 years, 4 months ago) by rmind
Branch: MAIN
CVS Tags: jmcneill-usbmp-pre-base2,
jmcneill-usbmp-base
Branch point for: jmcneill-usbmp
Changes since 1.7: +16 -10
lines
Diff to previous 1.7 (colored)
- Rework and improve TCP state tracking. - Fix regressions after IPv6 patch merge. Note: npfctl(8) rework will come soon.
Revision 1.5.8.1 / (download) - annotate - [select for diffs], Thu Nov 10 14:31:50 2011 UTC (12 years, 5 months ago) by yamt
Branch: yamt-pagecache
Changes since 1.5: +16 -14
lines
Diff to previous 1.5 (colored)
sync with head
Revision 1.7 / (download) - annotate - [select for diffs], Sun Nov 6 02:49:03 2011 UTC (12 years, 5 months ago) by rmind
Branch: MAIN
CVS Tags: yamt-pagecache-base3,
yamt-pagecache-base2,
jmcneill-audiomp3-base,
jmcneill-audiomp3
Changes since 1.6: +5 -7
lines
Diff to previous 1.6 (colored)
Few fixes, KNF/style, bump the NPF version.
Revision 1.6 / (download) - annotate - [select for diffs], Fri Nov 4 01:00:27 2011 UTC (12 years, 5 months ago) by zoltan
Branch: MAIN
Changes since 1.5: +18 -14
lines
Diff to previous 1.5 (colored)
Add IPv6 support for NPF.
Revision 1.4.2.1 / (download) - annotate - [select for diffs], Mon Jun 6 09:09:53 2011 UTC (12 years, 10 months ago) by jruoho
Branch: jruoho-x86intr
Changes since 1.4: +2 -4
lines
Diff to previous 1.4 (colored) next main 1.5 (colored)
Sync with HEAD.
Revision 1.5.4.2 / (download) - annotate - [select for diffs], Sat Mar 5 20:55:55 2011 UTC (13 years, 1 month ago) by rmind
Branch: rmind-uvmplock
Changes since 1.5.4.1: +226 -0
lines
Diff to previous 1.5.4.1 (colored) to branchpoint 1.5 (colored) next main 1.6 (colored)
sync with head
Revision 1.5.4.1, Tue Jan 18 20:33:45 2011 UTC (13 years, 3 months ago) by rmind
Branch: rmind-uvmplock
Changes since 1.5: +0 -226
lines
FILE REMOVED
file npf_instr.c was added on branch rmind-uvmplock on 2011-03-05 20:55:55 +0000
Revision 1.5 / (download) - annotate - [select for diffs], Tue Jan 18 20:33:45 2011 UTC (13 years, 3 months ago) by rmind
Branch: MAIN
CVS Tags: yamt-pagecache-base,
rmind-uvmplock-nbase,
rmind-uvmplock-base,
cherry-xenmp-base,
cherry-xenmp,
bouyer-quota2-nbase,
bouyer-quota2-base,
bouyer-quota2
Branch point for: yamt-pagecache,
rmind-uvmplock
Changes since 1.4: +2 -4
lines
Diff to previous 1.4 (colored)
NPF checkpoint:
- Add the concept of rule procedure: separate normalization, logging and
potentially other functions from the rule structure. Rule procedure can be
shared amongst the rules. Separation is both at kernel level (npf_rproc_t)
and configuration ("procedure" + "apply").
- Fix portmap sharing for NAT policy.
- Update TCP state tracking logic. Use TCP FSM definitions.
- Add if_byindex(), OK by matt@. Use in logging for the lookup.
- Fix traceroute ALG and many other bugs; misc clean-up.
Revision 1.4 / (download) - annotate - [select for diffs], Thu Nov 11 06:30:39 2010 UTC (13 years, 5 months ago) by rmind
Branch: MAIN
CVS Tags: matt-mips64-premerge-20101231,
jruoho-x86intr-base
Branch point for: jruoho-x86intr
Changes since 1.3: +35 -37
lines
Diff to previous 1.3 (colored)
NPF checkpoint: - Add proper TCP state tracking as described in Guido van Rooij paper, plus handle TCP Window Scaling option. - Completely rework npf_cache_t, reduce granularity, simplify code. - Add npf_addr_t as an abstraction, amend session handling code, as well as NAT code et al, to use it. Now design is prepared for IPv6 support. - Handle IPv4 fragments i.e. perform packet reassembly. - Add support for IPv4 ID randomization and minimum TTL enforcement. - Add support for TCP MSS "clamping". - Random bits for IPv6. Various fixes and clean-up.
Revision 1.3.4.2 / (download) - annotate - [select for diffs], Fri Oct 22 09:23:15 2010 UTC (13 years, 6 months ago) by uebayasi
Branch: uebayasi-xip
Changes since 1.3.4.1: +230 -0
lines
Diff to previous 1.3.4.1 (colored) to branchpoint 1.3 (colored) next main 1.4 (colored)
Sync with HEAD (-D20101022).
Revision 1.3.2.2 / (download) - annotate - [select for diffs], Sat Oct 9 03:32:37 2010 UTC (13 years, 6 months ago) by yamt
Branch: yamt-nfs-mp
Changes since 1.3.2.1: +230 -0
lines
Diff to previous 1.3.2.1 (colored) to branchpoint 1.3 (colored) next main 1.4 (colored)
sync with head
Revision 1.3.4.1, Sat Sep 25 00:25:31 2010 UTC (13 years, 6 months ago) by uebayasi
Branch: uebayasi-xip
Changes since 1.3: +0 -230
lines
FILE REMOVED
file npf_instr.c was added on branch uebayasi-xip on 2010-10-22 09:23:15 +0000
Revision 1.3.2.1, Sat Sep 25 00:25:31 2010 UTC (13 years, 6 months ago) by yamt
Branch: yamt-nfs-mp
Changes since 1.3: +0 -230
lines
FILE REMOVED
file npf_instr.c was added on branch yamt-nfs-mp on 2010-10-09 03:32:37 +0000
Revision 1.3 / (download) - annotate - [select for diffs], Sat Sep 25 00:25:31 2010 UTC (13 years, 6 months ago) by rmind
Branch: MAIN
CVS Tags: yamt-nfs-mp-base11,
uebayasi-xip-base4,
uebayasi-xip-base3
Branch point for: yamt-nfs-mp,
uebayasi-xip
Changes since 1.2: +3 -6
lines
Diff to previous 1.2 (colored)
Add nbuf_advfetch() and simplify some code slightly.
Revision 1.2 / (download) - annotate - [select for diffs], Thu Sep 16 04:53:27 2010 UTC (13 years, 7 months ago) by rmind
Branch: MAIN
Changes since 1.1: +32 -8
lines
Diff to previous 1.1 (colored)
NPF checkpoint: - Add support for bi-directional NAT and redirection / port forwarding. - Finish filtering on ICMP type/code and add filtering on TCP flags. - Add support for TCP reset (RST) or ICMP destination unreachable on block. - Fix a bunch of bugs; misc cleanup.
Revision 1.1 / (download) - annotate - [select for diffs], Sun Aug 22 18:56:22 2010 UTC (13 years, 8 months ago) by rmind
Branch: MAIN
Import NPF - a packet filter. Some features: - Designed to be fully MP-safe and highly efficient. - Tables/IP sets (hash or red-black tree) for high performance lookups. - Stateful filtering and Network Address Port Translation (NAPT). Framework for application level gateways (ALGs). - Packet inspection engine called n-code processor - inspired by BPF - supporting generic RISC-like and specific CISC-like instructions for common patterns (e.g. IPv4 address matching). See npf_ncode(9) manual. - Convenient userland utility npfctl(8) with npf.conf(8). NOTE: This is not yet a fully capable alternative to PF or IPFilter. Further work (support for binat/rdr, return-rst/return-icmp, common ALGs, state saving/restoring, logging, etc) is in progress. Thanks a lot to Matt Thomas for various useful comments and code review. Aye by: board@