![[BACK]](/icons/back.gif){kind=icon}
Up to [cvs.NetBSD.org] / src / sys / net / npf
Request diff between arbitrary revisions
Default branch: MAIN
Current tag: MAIN
Revision 1.30 / (download) - annotate - [select for diffs], Mon Mar 11 17:20:02 2013 UTC (3 months, 1 week ago) by christos
Branch: MAIN
CVS Tags: khorben-n900,
agc-symver-base,
agc-symver,
HEAD
Changes since 1.29: +2 -2
lines
Diff to previous 1.29 (colored)
use sizeof(req) to find if it was empty or not (from uwe)
Revision 1.29 / (download) - annotate - [select for diffs], Mon Mar 11 17:03:55 2013 UTC (3 months, 1 week ago) by christos
Branch: MAIN
Changes since 1.28: +2 -2
lines
Diff to previous 1.28 (colored)
*"" is not constant according to gcc. So we move the responsibility for adding a , to the users of the macro.
Revision 1.28 / (download) - annotate - [select for diffs], Mon Mar 11 16:37:43 2013 UTC (3 months, 1 week ago) by christos
Branch: MAIN
Changes since 1.27: +2 -2
lines
Diff to previous 1.27 (colored)
- avoid trailing , in dependencies when there are none other the npf module itself. - remove if_npflog dependency from npf_ext_log.
Revision 1.27 / (download) - annotate - [select for diffs], Sun Feb 10 23:47:37 2013 UTC (4 months, 1 week ago) by rmind
Branch: MAIN
CVS Tags: tls-maxphys-nbase,
tls-maxphys-base
Changes since 1.26: +3 -2
lines
Diff to previous 1.26 (colored)
- Fix NPF config reload with dynamic rules present. - Implement list and flush commands on a dynamic ruleset.
Revision 1.26 / (download) - annotate - [select for diffs], Sat Feb 9 03:35:31 2013 UTC (4 months, 1 week ago) by rmind
Branch: MAIN
Changes since 1.25: +54 -39
lines
Diff to previous 1.25 (colored)
NPF: - Implement dynamic NPF rules. Controlled through npf(3) library of via npfctl rule command. A rule can be removed using a unique identifier, returned on addition, or using a key which is SHA1 hash of the rule. Adjust npftest and add a regression test. - Improvements to rule inspection mechanism. - Initial BPF support as an alternative to n-code. - Minor fixes; bump the version.
Revision 1.25 / (download) - annotate - [select for diffs], Mon Dec 24 19:05:42 2012 UTC (5 months, 3 weeks ago) by rmind
Branch: MAIN
CVS Tags: yamt-pagecache-base8
Changes since 1.24: +41 -19
lines
Diff to previous 1.24 (colored)
- Rework NPF's nbuf interface: use advancing and ensuring as a main method. Eliminate unnecessary copy and simplify. Adapt regression tests. - Simplify ICMP ALG a little. While here, handle ICMP ECHO for traceroute. - Minor fixes, misc cleanup.
Revision 1.24 / (download) - annotate - [select for diffs], Sun Dec 23 21:01:03 2012 UTC (5 months, 3 weeks ago) by rmind
Branch: MAIN
Changes since 1.23: +2 -2
lines
Diff to previous 1.23 (colored)
- Add NPF version check in proplist as well, not only ioctl. Bump the version. - Fix a bug in table entry lookup. - Updates/fixes to the man pages. Misc.
Revision 1.23 / (download) - annotate - [select for diffs], Mon Dec 10 01:11:13 2012 UTC (6 months, 1 week ago) by rmind
Branch: MAIN
CVS Tags: yamt-pagecache-base7
Changes since 1.22: +2 -1
lines
Diff to previous 1.22 (colored)
npf_rwrcksum: handle delayed checksums in the network stack; also fix non-NPF_NAT_PORTS case and add some comments. PR/47235.
Revision 1.22 / (download) - annotate - [select for diffs], Mon Oct 29 02:27:11 2012 UTC (7 months, 2 weeks ago) by rmind
Branch: MAIN
CVS Tags: yamt-pagecache-base6
Changes since 1.21: +19 -5
lines
Diff to previous 1.21 (colored)
Implement NPF table listing and preservation of entries on reload. Bump the version.
Revision 1.21 / (download) - annotate - [select for diffs], Sun Sep 16 13:47:41 2012 UTC (9 months ago) by rmind
Branch: MAIN
Changes since 1.20: +38 -14
lines
Diff to previous 1.20 (colored)
Implement dynamic NPF extensions interface. An extension consists of dynamically loaded module (.so) supplementing npfctl(8) and a kernel module. Move normalisation and logging functionality into their own extensions. More improvements to come.
Revision 1.20 / (download) - annotate - [select for diffs], Thu Jul 19 21:52:29 2012 UTC (11 months ago) by spz
Branch: MAIN
Branch point for: tls-maxphys
Changes since 1.19: +6 -4
lines
Diff to previous 1.19 (colored)
teach npf ipv6-icmp reviewed by rmind@
Revision 1.19 / (download) - annotate - [select for diffs], Sun Jul 15 00:23:00 2012 UTC (11 months ago) by rmind
Branch: MAIN
Changes since 1.18: +8 -3
lines
Diff to previous 1.18 (colored)
- Rework NPF tables and fix support for IPv6. Implement tree table type using radix / Patricia tree. Universal IPv4/IPv6 comparator for ptree(3) was contributed by Matt Thomas. - NPF tables: update regression tests, improve npfctl(8) error messages. - Fix few bugs when using kernel modules and handle module autounloader. - Few other fixes and misc cleanups. - Bump the version.
Revision 1.18 / (download) - annotate - [select for diffs], Sun Jul 1 23:21:06 2012 UTC (11 months, 2 weeks ago) by rmind
Branch: MAIN
Changes since 1.17: +2 -2
lines
Diff to previous 1.17 (colored)
NPF improvements: - Add NPF_OPCODE_PROTO to match the address and/or protocol only. - Update parser to support arbitrary "pass proto <name/number>". - Fix IPv6 address and protocol handling (add a regression test). - Fix few theorethical races in session handling module. - Misc fixes, simplifications and some clean up.
Revision 1.17 / (download) - annotate - [select for diffs], Fri Jun 22 13:43:17 2012 UTC (11 months, 3 weeks ago) by rmind
Branch: MAIN
Changes since 1.16: +2 -68
lines
Diff to previous 1.16 (colored)
NPF: - Rename some functions for consistency and de-inline them. - Fix few invalid asserts (add regressoin test). - Use pserialize(9) for ALG interface. - Minor fixes, sprinkle many comments.
Revision 1.16 / (download) - annotate - [select for diffs], Sat Apr 14 19:01:21 2012 UTC (14 months ago) by rmind
Branch: MAIN
CVS Tags: yamt-pagecache-base5,
yamt-pagecache-base4,
jmcneill-usbmp-base9,
jmcneill-usbmp-base10
Changes since 1.15: +2 -6
lines
Diff to previous 1.15 (colored)
Update rumpdev_npf; use WARNS=4.
Revision 1.15 / (download) - annotate - [select for diffs], Sun Mar 11 18:27:59 2012 UTC (15 months, 1 week ago) by rmind
Branch: MAIN
CVS Tags: jmcneill-usbmp-base8
Changes since 1.14: +2 -1
lines
Diff to previous 1.14 (colored)
- Save active config in proplib dictionary; add GETCONF ioctl to retrieve. - Few fixes. Improve some comments.
Revision 1.14 / (download) - annotate - [select for diffs], Mon Feb 6 23:30:14 2012 UTC (16 months, 1 week ago) by rmind
Branch: MAIN
CVS Tags: netbsd-6-base,
jmcneill-usbmp-base7,
jmcneill-usbmp-base6,
jmcneill-usbmp-base5,
jmcneill-usbmp-base4,
jmcneill-usbmp-base3,
jmcneill-usbmp-base2
Branch point for: netbsd-6
Changes since 1.13: +1 -10
lines
Diff to previous 1.13 (colored)
- Split NPF rule procedure code into a separate module (no functional changes). - Simplify some code, add more comments, some asserts. - G/C unused rule hook code.
Revision 1.13 / (download) - annotate - [select for diffs], Sun Feb 5 00:37:13 2012 UTC (16 months, 2 weeks ago) by rmind
Branch: MAIN
Changes since 1.12: +4 -4
lines
Diff to previous 1.12 (colored)
Multiple NPF fixes, add better error reporting from kernel side, add some asserts, bump the version.
Revision 1.12 / (download) - annotate - [select for diffs], Sun Jan 15 00:49:48 2012 UTC (17 months ago) by rmind
Branch: MAIN
Changes since 1.11: +2 -2
lines
Diff to previous 1.11 (colored)
- Expire all sessions on flush.
- Enable checking for zero mask in IP{4,6}MATCH after npfctl changes.
- Make locking symmetric for npf_ruleset_inspect().
- Sync function prototypes in npf(3) man page with reality.
- Rename NPF_TABLE_RBTREE to NPF_TABLE_TREE.
Revision 1.11 / (download) - annotate - [select for diffs], Tue Nov 29 20:05:30 2011 UTC (18 months, 2 weeks ago) by rmind
Branch: MAIN
CVS Tags: jmcneill-usbmp-pre-base2,
jmcneill-usbmp-base
Branch point for: jmcneill-usbmp
Changes since 1.10: +6 -5
lines
Diff to previous 1.10 (colored)
- Rework and improve TCP state tracking. - Fix regressions after IPv6 patch merge. Note: npfctl(8) rework will come soon.
Revision 1.10 / (download) - annotate - [select for diffs], Sun Nov 6 02:49:03 2011 UTC (19 months, 1 week ago) by rmind
Branch: MAIN
CVS Tags: yamt-pagecache-base3,
yamt-pagecache-base2,
jmcneill-audiomp3-base,
jmcneill-audiomp3
Changes since 1.9: +18 -18
lines
Diff to previous 1.9 (colored)
Few fixes, KNF/style, bump the NPF version.
Revision 1.9 / (download) - annotate - [select for diffs], Fri Nov 4 01:00:27 2011 UTC (19 months, 2 weeks ago) by zoltan
Branch: MAIN
Changes since 1.8: +82 -7
lines
Diff to previous 1.8 (colored)
Add IPv6 support for NPF.
Revision 1.8 / (download) - annotate - [select for diffs], Wed Feb 2 23:01:34 2011 UTC (2 years, 4 months ago) by rmind
Branch: MAIN
CVS Tags: yamt-pagecache-base,
rmind-uvmplock-nbase,
rmind-uvmplock-base,
cherry-xenmp-base,
cherry-xenmp,
bouyer-quota2-nbase,
bouyer-quota2-base
Branch point for: yamt-pagecache,
rmind-uvmplock
Changes since 1.7: +2 -2
lines
Diff to previous 1.7 (colored)
Bump NPF_VERSION.
Revision 1.7 / (download) - annotate - [select for diffs], Wed Feb 2 02:20:25 2011 UTC (2 years, 4 months ago) by rmind
Branch: MAIN
Changes since 1.6: +21 -32
lines
Diff to previous 1.6 (colored)
NPF checkpoint: - Add libnpf(3) - a library to control NPF (configuration, ruleset, etc). - Add NPF support for ftp-proxy(8). - Add rc.d script for NPF. - Convert npfctl(8) to use libnpf(3) and thus make it less depressive. Note: next clean-up step should be a parser, once dholland@ will finish it. - Add more documentation. - Various fixes.
Revision 1.6 / (download) - annotate - [select for diffs], Tue Jan 18 20:33:45 2011 UTC (2 years, 5 months ago) by rmind
Branch: MAIN
Branch point for: bouyer-quota2
Changes since 1.5: +15 -8
lines
Diff to previous 1.5 (colored)
NPF checkpoint:
- Add the concept of rule procedure: separate normalization, logging and
potentially other functions from the rule structure. Rule procedure can be
shared amongst the rules. Separation is both at kernel level (npf_rproc_t)
and configuration ("procedure" + "apply").
- Fix portmap sharing for NAT policy.
- Update TCP state tracking logic. Use TCP FSM definitions.
- Add if_byindex(), OK by matt@. Use in logging for the lookup.
- Fix traceroute ALG and many other bugs; misc clean-up.
Revision 1.5 / (download) - annotate - [select for diffs], Sat Dec 18 01:07:25 2010 UTC (2 years, 6 months ago) by rmind
Branch: MAIN
CVS Tags: matt-mips64-premerge-20101231,
jruoho-x86intr-base
Branch point for: jruoho-x86intr
Changes since 1.4: +33 -4
lines
Diff to previous 1.4 (colored)
NPF checkpoint: - Add support for session saving/restoring. - Add packet logging support (can tcpdump a pseudo-interface). - Support reload without flushing of sessions; rework some locking. - Revisit session mangement, replace linking with npf_sentry_t entries. - Add some counters for statistics, using percpu(9). - Add IP_DF flag cleansing. - Fix various bugs; misc clean-up.
Revision 1.4 / (download) - annotate - [select for diffs], Thu Nov 11 06:30:39 2010 UTC (2 years, 7 months ago) by rmind
Branch: MAIN
Changes since 1.3: +64 -34
lines
Diff to previous 1.3 (colored)
NPF checkpoint: - Add proper TCP state tracking as described in Guido van Rooij paper, plus handle TCP Window Scaling option. - Completely rework npf_cache_t, reduce granularity, simplify code. - Add npf_addr_t as an abstraction, amend session handling code, as well as NAT code et al, to use it. Now design is prepared for IPv6 support. - Handle IPv4 fragments i.e. perform packet reassembly. - Add support for IPv4 ID randomization and minimum TTL enforcement. - Add support for TCP MSS "clamping". - Random bits for IPv6. Various fixes and clean-up.
Revision 1.3 / (download) - annotate - [select for diffs], Sat Sep 25 00:25:31 2010 UTC (2 years, 8 months ago) by rmind
Branch: MAIN
CVS Tags: yamt-nfs-mp-base11,
uebayasi-xip-base4,
uebayasi-xip-base3
Branch point for: yamt-nfs-mp,
uebayasi-xip
Changes since 1.2: +2 -1
lines
Diff to previous 1.2 (colored)
Add nbuf_advfetch() and simplify some code slightly.
Revision 1.2 / (download) - annotate - [select for diffs], Thu Sep 16 04:53:27 2010 UTC (2 years, 9 months ago) by rmind
Branch: MAIN
Changes since 1.1: +12 -4
lines
Diff to previous 1.1 (colored)
NPF checkpoint: - Add support for bi-directional NAT and redirection / port forwarding. - Finish filtering on ICMP type/code and add filtering on TCP flags. - Add support for TCP reset (RST) or ICMP destination unreachable on block. - Fix a bunch of bugs; misc cleanup.
Revision 1.1 / (download) - annotate - [select for diffs], Sun Aug 22 18:56:22 2010 UTC (2 years, 9 months ago) by rmind
Branch: MAIN
Import NPF - a packet filter. Some features: - Designed to be fully MP-safe and highly efficient. - Tables/IP sets (hash or red-black tree) for high performance lookups. - Stateful filtering and Network Address Port Translation (NAPT). Framework for application level gateways (ALGs). - Packet inspection engine called n-code processor - inspired by BPF - supporting generic RISC-like and specific CISC-like instructions for common patterns (e.g. IPv4 address matching). See npf_ncode(9) manual. - Convenient userland utility npfctl(8) with npf.conf(8). NOTE: This is not yet a fully capable alternative to PF or IPFilter. Further work (support for binat/rdr, return-rst/return-icmp, common ALGs, state saving/restoring, logging, etc) is in progress. Thanks a lot to Matt Thomas for various useful comments and code review. Aye by: board@