![[BACK]](/icons/back.gif){kind=icon}
Up to [cvs.NetBSD.org] / src / sys / net / npf
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.35 / (download) - annotate - [select for diffs], Sun Jan 22 18:39:35 2023 UTC (7 days, 1 hour ago) by riastradh
Branch: MAIN
CVS Tags: HEAD
Changes since 1.34: +2 -2
lines
Diff to previous 1.34 (colored)
npf(9): Update comment to reduce diff from upstream. No functional change.
Revision 1.34 / (download) - annotate - [select for diffs], Sun Feb 13 19:20:23 2022 UTC (11 months, 2 weeks ago) by riastradh
Branch: MAIN
CVS Tags: netbsd-10-base,
netbsd-10,
bouyer-sunxi-drm-base,
bouyer-sunxi-drm
Changes since 1.33: +5 -6
lines
Diff to previous 1.33 (colored)
npf(4): Use atomic_store_release and atomic_load_consume for conn_db. ...or atomic_load_relaxed, when npf->conn_lock is held, for the sake of C11. No need for store-before-load implied by membar_sync.
Revision 1.32.2.1 / (download) - annotate - [select for diffs], Sat Apr 3 22:29:01 2021 UTC (21 months, 3 weeks ago) by thorpej
Branch: thorpej-futex
Changes since 1.32: +2 -2
lines
Diff to previous 1.32 (colored) next main 1.33 (colored)
Sync with HEAD.
Revision 1.33 / (download) - annotate - [select for diffs], Mon Jan 25 17:18:55 2021 UTC (2 years ago) by christos
Branch: MAIN
CVS Tags: thorpej-i2c-spi-conf2-base,
thorpej-i2c-spi-conf2,
thorpej-i2c-spi-conf-base,
thorpej-i2c-spi-conf,
thorpej-futex2-base,
thorpej-futex2,
thorpej-futex-base,
thorpej-cfargs2-base,
thorpej-cfargs2,
thorpej-cfargs-base,
thorpej-cfargs,
cjep_sun2x-base1,
cjep_sun2x-base,
cjep_sun2x,
cjep_staticlib_x-base1,
cjep_staticlib_x-base,
cjep_staticlib_x
Changes since 1.32: +2 -2
lines
Diff to previous 1.32 (colored)
s/npf_config_lock/npf->config_lock/ in the comments
Revision 1.27.2.4 / (download) - annotate - [select for diffs], Sat Jun 20 15:46:48 2020 UTC (2 years, 7 months ago) by martin
Branch: netbsd-9
CVS Tags: netbsd-9-3-RELEASE,
netbsd-9-2-RELEASE,
netbsd-9-1-RELEASE
Changes since 1.27.2.3: +191 -146
lines
Diff to previous 1.27.2.3 (colored) to branchpoint 1.27 (colored) next main 1.28 (colored)
Pull up following revision(s) (requested by rmind in ticket #956):
usr.sbin/npf/npf-params.7: revision 1.4
sys/net/npf/npf_worker.c: revision 1.9
usr.sbin/npf/npftest/npftest.h: revision 1.17
usr.sbin/npf/npfctl/npf_bpf_comp.c: revision 1.16
usr.sbin/npf/npf-params.7: revision 1.5
sys/net/npf/npf_state_tcp.c: revision 1.21
usr.sbin/npf/npfctl/npf_build.c: revision 1.55
usr.sbin/npf/npf-params.7: revision 1.6
sys/net/npf/npfkern.h: revision 1.5
lib/libnpf/npf.c: revision 1.49
usr.sbin/npf/npf-params.7: revision 1.7
sys/net/npf/npf_impl.h: revision 1.81
sys/net/npf/npf_ext_log.c: revision 1.17
usr.sbin/npf/npfctl/npfctl.h: revision 1.53
usr.sbin/npf/npftest/libnpftest/npf_mbuf_subr.c: revision 1.11
sys/net/npf/npf_nat.c: revision 1.50
sys/net/npf/npf_mbuf.c: revision 1.24
sys/net/npf/npf_alg.c: revision 1.22
usr.sbin/npf/npftest/libnpftest/npf_nat_test.c: revision 1.14
usr.sbin/npf/npftest/libnpftest/npf_conn_test.c: file removal
usr.sbin/npf/npftest/libnpftest/npf_state_test.c: revision 1.10
sys/net/npf/npf.h: revision 1.63
usr.sbin/npf/npftest/libnpftest/npf_test.h: revision 1.21
usr.sbin/npf/npfctl/npf_var.c: revision 1.13
sys/net/npf/files.npf: revision 1.23
usr.sbin/npf/npfctl/npf_show.c: revision 1.32
usr.sbin/npf/npfctl/npf.conf.5: revision 1.91
sys/net/npf/npf_os.c: revision 1.18
sys/net/npf/npf_connkey.c: revision 1.2
sys/net/npf/npf_conf.c: revision 1.17
lib/libnpf/libnpf.3: revision 1.12
usr.sbin/npf/npftest/npftest.c: revision 1.25
usr.sbin/npf/npftest/libnpftest/npf_gc_test.c: revision 1.1
usr.sbin/npf/npfctl/npf_parse.y: revision 1.51
sys/net/npf/npf_tableset.c: revision 1.35
usr.sbin/npf/npftest/npftest.conf: revision 1.9
sys/net/npf/npf_sendpkt.c: revision 1.22
usr.sbin/npf/npfctl/npf_var.h: revision 1.10
sys/net/npf/npf_state.c: revision 1.23
sys/net/npf/npf_conn.h: revision 1.20
usr.sbin/npf/npfctl/npfctl.c: revision 1.64
usr.sbin/npf/npfctl/npf_cmd.c: revision 1.1
sys/net/npf/npf_portmap.c: revision 1.5
sys/net/npf/npf_params.c: revision 1.3
usr.sbin/npf/npfctl/npf_scan.l: revision 1.32
tests/net/npf/t_npf.sh: revision 1.4
sys/net/npf/npf_ext_rndblock.c: revision 1.9
lib/libnpf/npf.h: revision 1.39
sys/net/npf/npf_ruleset.c: revision 1.51
sys/net/npf/npf_alg_icmp.c: revision 1.33
sys/net/npf/npf.c: revision 1.43
usr.sbin/npf/npftest/libnpftest/npf_test_subr.c: revision 1.17
usr.sbin/npf/npfctl/npfctl.8: revision 1.25
sys/net/npf/npf_ctl.c: revision 1.60
usr.sbin/npf/npftest/libnpftest/npf_test_subr.c: revision 1.18
usr.sbin/npf/npftest/libnpftest/Makefile: revision 1.11
sys/net/npf/npf_handler.c: revision 1.49
sys/net/npf/npf_inet.c: revision 1.57
sys/net/npf/npf_ifaddr.c: revision 1.7
sys/net/npf/npf_conndb.c: revision 1.9
sys/net/npf/npf_if.c: revision 1.13
usr.sbin/npf/npfctl/Makefile: revision 1.15
sys/net/npf/npf_conn.c: revision 1.32
sys/net/npf/npf_ext_normalize.c: revision 1.10
sys/net/npf/npf_rproc.c: revision 1.20
sys/net/npf/npf_worker.c: revision 1.8
Major NPF improvements (merge from upstream):
- Switch to the C11-style atomic primitives using atomic_loadstore(9).
- npfkern: introduce the 'state.key.interface' and 'state.key.direction'
settings. Users can now choose whether the connection state should be
strictly per-interface or global at the configuration level. Keep NAT
logic to be always per-interface, though.
- npfkern: rewrite the G/C worker logic and make it self-tuning.
- npfkern and libnpf: multiple bug fixes; add param exporting; introduce
more parameters. Remove npf_nvlist_{copyin,copyout}() functions and
refactor npfctl_load_nvlist() with others; add npfctl_run_op() to have
a single entry point for operations. Introduce npf_flow_t and clean up
some code.
- npfctl: lots of fixes for the 'npfctl show' logic; make 'npfctl list'
more informative; misc usability improvements and more user-friendly
error messages.
- Amend and improve the manual pages.
npf_worker_sys{init,fini}: initialize/destroy the exit_cv condvar.
npftest -- npf_test_init(): add a workaround for NetBSD.
npf-params(7): fix the state.key defaults.
npf-params.7: s/filer/filter/
Adjust to "npfctl debug" command line changes, from rmind@.
Use more markup.
Revision 1.32 / (download) - annotate - [select for diffs], Sat May 30 14:16:56 2020 UTC (2 years, 8 months ago) by rmind
Branch: MAIN
Branch point for: thorpej-futex
Changes since 1.31: +191 -146
lines
Diff to previous 1.31 (colored)
Major NPF improvements (merge from upstream):
- Switch to the C11-style atomic primitives using atomic_loadstore(9).
- npfkern: introduce the 'state.key.interface' and 'state.key.direction'
settings. Users can now choose whether the connection state should be
strictly per-interface or global at the configuration level. Keep NAT
logic to be always per-interface, though.
- npfkern: rewrite the G/C worker logic and make it self-tuning.
- npfkern and libnpf: multiple bug fixes; add param exporting; introduce
more parameters. Remove npf_nvlist_{copyin,copyout}() functions and
refactor npfctl_load_nvlist() with others; add npfctl_run_op() to have
a single entry point for operations. Introduce npf_flow_t and clean up
some code.
- npfctl: lots of fixes for the 'npfctl show' logic; make 'npfctl list'
more informative; misc usability improvements and more user-friendly
error messages.
- Amend and improve the manual pages.
Revision 1.27.2.3 / (download) - annotate - [select for diffs], Mon May 25 17:25:28 2020 UTC (2 years, 8 months ago) by martin
Branch: netbsd-9
Changes since 1.27.2.2: +3 -3
lines
Diff to previous 1.27.2.2 (colored) to branchpoint 1.27 (colored)
Pull up following revision(s) (requested by rmind in ticket #930):
usr.sbin/npf/npfctl/npf_build.c: revision 1.54
sys/net/npf/npf_conn.h: revision 1.19
usr.sbin/npf/npfctl/npfctl.h: revision 1.52
usr.sbin/npf/npfctl/npf_show.c: revision 1.31
sys/net/npf/npf_conf.c: revision 1.16
sys/net/npf/npf_nat.c: revision 1.49
sys/net/npf/npf_inet.c: revision 1.56
sys/net/npf/npf_conndb.c: revision 1.8
sys/net/npf/npf_conn.c: revision 1.31
Backport selected NPF fixes from the upstream (to be pulled up):
- npf_conndb_lookup: protect the connection lookup with pserialize(9),
instead of incorrectly assuming that the handler always runs at IPL_SOFNET.
Should fix crashes reported on high load (PR/55182).
- npf_config_destroy: handle partially initialized config; fixes crashes
with some invalid configurations.
- NAT policy creation / destruction: set the initial reference and do not
wait for reference draining on destruction; destroy the policy on the
last reference drop instead. Fixes a lockup with the dynamic NAT rules.
- npf_nat_{export,import}: fix a regression since dynamic NAT rules.
- npfctl: fix a regression and restore the default group behaviour.
- Add npf_cache_tcp() and validate the TCP data offset (from maxv@).
Revision 1.31 / (download) - annotate - [select for diffs], Sat May 23 19:56:00 2020 UTC (2 years, 8 months ago) by rmind
Branch: MAIN
Changes since 1.30: +3 -3
lines
Diff to previous 1.30 (colored)
Backport selected NPF fixes from the upstream (to be pulled up):
- npf_conndb_lookup: protect the connection lookup with pserialize(9),
instead of incorrectly assuming that the handler always runs at IPL_SOFNET.
Should fix crashes reported on high load (PR/55182).
- npf_config_destroy: handle partially initialized config; fixes crashes
with some invalid configurations.
- NAT policy creation / destruction: set the initial reference and do not
wait for reference draining on destruction; destroy the policy on the
last reference drop instead. Fixes a lockup with the dynamic NAT rules.
- npf_nat_{export,import}: fix a regression since dynamic NAT rules.
- npfctl: fix a regression and restore the default group behaviour.
- Add npf_cache_tcp() and validate the TCP data offset (from maxv@).
Revision 1.24.4.2 / (download) - annotate - [select for diffs], Mon Apr 13 08:05:15 2020 UTC (2 years, 9 months ago) by martin
Branch: phil-wifi
Changes since 1.24.4.1: +132 -266
lines
Diff to previous 1.24.4.1 (colored) to branchpoint 1.24 (colored) next main 1.25 (colored)
Mostly merge changes from HEAD upto 20200411
Revision 1.27.2.2 / (download) - annotate - [select for diffs], Fri Oct 4 08:06:35 2019 UTC (3 years, 3 months ago) by martin
Branch: netbsd-9
CVS Tags: netbsd-9-0-RELEASE,
netbsd-9-0-RC2,
netbsd-9-0-RC1
Changes since 1.27.2.1: +3 -2
lines
Diff to previous 1.27.2.1 (colored) to branchpoint 1.27 (colored)
Pull up following revision(s) (requested by rmind in ticket #282): usr.sbin/npf/npfctl/npf_build.c: revision 1.53 lib/libnpf/npf.c: revision 1.48 usr.sbin/npf/npfctl/npfctl.h: revision 1.50 sys/net/npf/npf_impl.h: revision 1.80 usr.sbin/npf/npfctl/npfctl.h: revision 1.51 sys/net/npf/npf_ruleset.c: revision 1.49 usr.sbin/npf/npfctl/npf.conf.5: revision 1.90 sys/net/npf/npf_ctl.c: revision 1.59 lib/libnpf/libnpf.3: revision 1.11 usr.sbin/npf/npfctl/npf_parse.y: revision 1.50 usr.sbin/npf/npftest/npftest.conf: revision 1.8 usr.sbin/npf/npfctl/npfctl.c: revision 1.62 usr.sbin/npf/npfctl/npfctl.c: revision 1.63 usr.sbin/npf/npfctl/npf_scan.l: revision 1.30 usr.sbin/npf/npfctl/npfctl.8: revision 1.22 lib/libnpf/npf.h: revision 1.38 usr.sbin/npf/npfctl/npfctl.8: revision 1.23 usr.sbin/npf/npfctl/npfctl.8: revision 1.24 sys/net/npf/npf_if.c: revision 1.11 sys/net/npf/npf_if.c: revision 1.12 usr.sbin/npf/npfctl/npf.conf.5: revision 1.89 sys/net/npf/npf_conn.c: revision 1.30 usr.sbin/npf/npfctl/npf_build.c: revision 1.52 npfctl: implement table replace subcommand. Contributed by Timshel Knoll-Miller. NPF ifmap: rework and fix a few small bugs. npfctl: implement table replace subcommand. Contributed by Timshel Knoll-Miller. (missed a file in previous commit; cvs is so helpful..) libnpf/npfctl: support dynamic NAT rulesets using a name prefix. Use -width Pa for FILES. Fix pasto in table replace -t type Use -width Pa for FILES. npf_ifmap_copylogname: be more defensive.
Revision 1.30 / (download) - annotate - [select for diffs], Sun Sep 29 17:00:29 2019 UTC (3 years, 4 months ago) by rmind
Branch: MAIN
CVS Tags: phil-wifi-20200421,
phil-wifi-20200411,
phil-wifi-20200406,
phil-wifi-20191119,
is-mlppp-base,
is-mlppp,
bouyer-xenpvh-base2,
bouyer-xenpvh-base1,
bouyer-xenpvh-base,
bouyer-xenpvh,
ad-namecache-base3,
ad-namecache-base2,
ad-namecache-base1,
ad-namecache-base,
ad-namecache
Changes since 1.29: +3 -2
lines
Diff to previous 1.29 (colored)
NPF ifmap: rework and fix a few small bugs.
Revision 1.27.2.1 / (download) - annotate - [select for diffs], Wed Aug 7 08:28:37 2019 UTC (3 years, 5 months ago) by martin
Branch: netbsd-9
Changes since 1.27: +5 -9
lines
Diff to previous 1.27 (colored)
Pull up following revision(s) (requested by rmind in ticket #25): sys/net/npf/npf_conn.h: revision 1.17 sys/net/npf/npf.c: revision 1.39 sys/net/npf/npf_conn.c: revision 1.28 sys/net/npf/npf_conn.c: revision 1.29 Introduce an npf_conn_destroy_idx() that can handle partially constructed conn structures. - npf_conn_init(): fix a race when initialising the G/C thread. - Fix a bug when partially initialised connection is destroyed on error. (from rmind@)
Revision 1.29 / (download) - annotate - [select for diffs], Tue Aug 6 11:40:15 2019 UTC (3 years, 5 months ago) by christos
Branch: MAIN
Changes since 1.28: +7 -16
lines
Diff to previous 1.28 (colored)
- npf_conn_init(): fix a race when initialising the G/C thread. - Fix a bug when partially initialised connection is destroyed on error. (from rmind@)
Revision 1.28 / (download) - annotate - [select for diffs], Tue Aug 6 10:25:13 2019 UTC (3 years, 5 months ago) by christos
Branch: MAIN
Changes since 1.27: +10 -5
lines
Diff to previous 1.27 (colored)
Introduce an npf_conn_destroy_idx() that can handle partially constructed conn structures.
Revision 1.27 / (download) - annotate - [select for diffs], Tue Jul 23 00:52:01 2019 UTC (3 years, 6 months ago) by rmind
Branch: MAIN
CVS Tags: netbsd-9-base
Branch point for: netbsd-9
Changes since 1.26: +129 -260
lines
Diff to previous 1.26 (colored)
NPF improvements: - Add support for dynamic NETMAP algorithm (stateful net-to-net). - Add most of the support for the dynamic NAT rules; a little bit more userland work is needed to finish this up and enable. - Replace 'stateful-ends' with more permissive 'stateful-all'. - Add various tunable parameters and document them, see npf-params(7). - Reduce the memory usage of the connection state table (conndb). - Portmap rewrite: use memory more efficiently, handle addresses dynamically. - Bug fix: add splsoftnet()/splx() around the thmap writers and comment. - npftest: clean up and simplify; fix some memleaks to make ASAN happy.
Revision 1.24.4.1 / (download) - annotate - [select for diffs], Mon Jun 10 22:09:46 2019 UTC (3 years, 7 months ago) by christos
Branch: phil-wifi
Changes since 1.24: +97 -202
lines
Diff to previous 1.24 (colored)
Sync with HEAD
Revision 1.24.2.2 / (download) - annotate - [select for diffs], Sat Jan 26 22:00:37 2019 UTC (4 years ago) by pgoyette
Branch: pgoyette-compat
CVS Tags: pgoyette-compat-merge-20190127
Changes since 1.24.2.1: +39 -106
lines
Diff to previous 1.24.2.1 (colored) to branchpoint 1.24 (colored) next main 1.25 (colored)
Sync with HEAD
Revision 1.26 / (download) - annotate - [select for diffs], Sat Jan 19 21:19:31 2019 UTC (4 years ago) by rmind
Branch: MAIN
CVS Tags: phil-wifi-20190609,
pgoyette-compat-20190127,
isaki-audio2-base,
isaki-audio2
Changes since 1.25: +39 -106
lines
Diff to previous 1.25 (colored)
Major NPF improvements: - Convert NPF connection table to thmap. State lookup is now lock-free. - Improve connection state G/C: it is now incremental and tunable. - Add support for dynamic NAT address. Translation addresses can now be selected from a pool of addresses. There are two selection algorithms, "ip-hash" and "round-robin" (see the man page). - Translation address can be specified as e.g. ifaddrs(wm0) in npf.conf to dynamically choose an IP from the interface address(es). - Add support for the NETMAP algorithm with static NAT for net-to-net translation (it is equivalent to iptables NETMAP logic). - Convert 'ipset' tables to use thmap; the table lookup is now lock-free. - Misc improvements, bug fixes and more unit tests. - Bump NPF_VERSION (will also bump libnpf).
Revision 1.24.2.1 / (download) - annotate - [select for diffs], Sun Sep 30 01:45:56 2018 UTC (4 years, 4 months ago) by pgoyette
Branch: pgoyette-compat
Changes since 1.24: +59 -97
lines
Diff to previous 1.24 (colored)
Ssync with HEAD
Revision 1.25 / (download) - annotate - [select for diffs], Sat Sep 29 14:41:36 2018 UTC (4 years, 4 months ago) by rmind
Branch: MAIN
CVS Tags: pgoyette-compat-20190118,
pgoyette-compat-1226,
pgoyette-compat-1126,
pgoyette-compat-1020,
pgoyette-compat-0930
Changes since 1.24: +59 -97
lines
Diff to previous 1.24 (colored)
NPF: Major rework -- migrate NPF to the libnv library. - This conversion significantly simplifies the code and moves NPF to a binary serialisation format (replacing the XML-like format). - Fix some memory/reference leaks and possibly use-after-free bugs. - Bump NPF_VERSION as this change makes libnpf incompatible with the previous versions. Also, different serialisation format means NPF connection/config saving and loading is not compatible with the previous versions either. Thanks to christos@ for extra testing.
Revision 1.24 / (download) - annotate - [select for diffs], Sun Dec 10 00:07:36 2017 UTC (5 years, 1 month ago) by rmind
Branch: MAIN
CVS Tags: phil-wifi-base,
pgoyette-compat-base,
pgoyette-compat-0906,
pgoyette-compat-0728,
pgoyette-compat-0625,
pgoyette-compat-0521,
pgoyette-compat-0502,
pgoyette-compat-0422,
pgoyette-compat-0415,
pgoyette-compat-0407,
pgoyette-compat-0330,
pgoyette-compat-0322,
pgoyette-compat-0315
Branch point for: phil-wifi,
pgoyette-compat
Changes since 1.23: +8 -5
lines
Diff to previous 1.23 (colored)
- npf_cop_table: handle non-IP packets in the ether (fixes PR/52290). - npfa_icmp_nat: do not recompute the checksum if no port translation. - npf_normalize (MSS clamping): fix the checksum handling on PFIL_OUT. - npflog: report the packet direction correctly.
Revision 1.11.2.3 / (download) - annotate - [select for diffs], Sun Dec 3 11:39:03 2017 UTC (5 years, 1 month ago) by jdolecek
Branch: tls-maxphys
Changes since 1.11.2.2: +371 -181
lines
Diff to previous 1.11.2.2 (colored) next main 1.12 (colored)
update from HEAD
Revision 1.22.2.1 / (download) - annotate - [select for diffs], Fri Apr 21 16:54:05 2017 UTC (5 years, 9 months ago) by bouyer
Branch: bouyer-socketcan
Changes since 1.22: +7 -4
lines
Diff to previous 1.22 (colored) next main 1.23 (colored)
Sync with HEAD
Revision 1.16.2.2 / (download) - annotate - [select for diffs], Mon Mar 20 06:57:50 2017 UTC (5 years, 10 months ago) by pgoyette
Branch: pgoyette-localcount
Changes since 1.16.2.1: +7 -4
lines
Diff to previous 1.16.2.1 (colored) to branchpoint 1.16 (colored) next main 1.17 (colored)
Sync with HEAD
Revision 1.12.2.2 / (download) - annotate - [select for diffs], Sun Feb 5 13:40:58 2017 UTC (5 years, 11 months ago) by skrll
Branch: nick-nhusb
Changes since 1.12.2.1: +320 -162
lines
Diff to previous 1.12.2.1 (colored) to branchpoint 1.12 (colored) next main 1.13 (colored)
Sync with HEAD
Revision 1.23 / (download) - annotate - [select for diffs], Sun Jan 29 00:15:54 2017 UTC (6 years ago) by christos
Branch: MAIN
CVS Tags: tls-maxphys-base-20171202,
prg-localcount2-base3,
prg-localcount2-base2,
prg-localcount2-base1,
prg-localcount2-base,
prg-localcount2,
pgoyette-localcount-20170426,
pgoyette-localcount-20170320,
perseant-stdc-iso10646-base,
perseant-stdc-iso10646,
nick-nhusb-base-20170825,
nick-nhusb-base-20170204,
netbsd-8-base,
netbsd-8-2-RELEASE,
netbsd-8-1-RELEASE,
netbsd-8-1-RC1,
netbsd-8-0-RELEASE,
netbsd-8-0-RC2,
netbsd-8-0-RC1,
netbsd-8,
matt-nb8-mediatek-base,
matt-nb8-mediatek,
jdolecek-ncq-base,
jdolecek-ncq,
bouyer-socketcan-base1
Changes since 1.22: +7 -4
lines
Diff to previous 1.22 (colored)
- Increase copyin buffer size to 4M - Change log output format to be like the OpenBSD's pf including in the header the matching rule etc, and fill in the matching info.
Revision 1.16.2.1 / (download) - annotate - [select for diffs], Sat Jan 7 08:56:50 2017 UTC (6 years ago) by pgoyette
Branch: pgoyette-localcount
Changes since 1.16: +315 -160
lines
Diff to previous 1.16 (colored)
Sync with HEAD. (Note that most of these changes are simply $NetBSD$ tag issues.)
Revision 1.22 / (download) - annotate - [select for diffs], Mon Dec 26 23:05:06 2016 UTC (6 years, 1 month ago) by christos
Branch: MAIN
CVS Tags: pgoyette-localcount-20170107,
bouyer-socketcan-base
Branch point for: bouyer-socketcan
Changes since 1.21: +130 -117
lines
Diff to previous 1.21 (colored)
Sync NPF with the version on github: backport standalone NPF changes, which allow us to create and run separate NPF instances. Minor fixes. (from rmind@)
Revision 1.21 / (download) - annotate - [select for diffs], Sat Dec 10 22:09:49 2016 UTC (6 years, 1 month ago) by christos
Branch: MAIN
Changes since 1.20: +2 -3
lines
Diff to previous 1.20 (colored)
revert dir hack.
Revision 1.20 / (download) - annotate - [select for diffs], Sat Dec 10 19:05:45 2016 UTC (6 years, 1 month ago) by christos
Branch: MAIN
Changes since 1.19: +117 -68
lines
Diff to previous 1.19 (colored)
Welcome to version 18: - Connection state keys are not stored and loaded using the logical key contents. - connection finder key is stored in a map that contains the key and the direction.
Revision 1.19 / (download) - annotate - [select for diffs], Sat Dec 10 09:26:16 2016 UTC (6 years, 1 month ago) by kre
Branch: MAIN
Changes since 1.18: +3 -5
lines
Diff to previous 1.18 (colored)
Remove what looks like remnant (partly removed already) debug code, which could not possibly compile as it was.
Revision 1.18 / (download) - annotate - [select for diffs], Sat Dec 10 05:41:10 2016 UTC (6 years, 1 month ago) by christos
Branch: MAIN
Changes since 1.17: +131 -45
lines
Diff to previous 1.17 (colored)
add functionality to lookup a nat entry from the connection list.
Revision 1.17 / (download) - annotate - [select for diffs], Thu Dec 8 23:07:11 2016 UTC (6 years, 1 month ago) by rmind
Branch: MAIN
Changes since 1.16: +14 -4
lines
Diff to previous 1.16 (colored)
NPF: adjust the 'stateful-ends' mechanism to tag the packets and thus pass-through them on other interfaces. Per discussion with christos@.
Revision 1.12.2.1 / (download) - annotate - [select for diffs], Mon Apr 6 15:18:22 2015 UTC (7 years, 9 months ago) by skrll
Branch: nick-nhusb
Changes since 1.12: +55 -29
lines
Diff to previous 1.12 (colored)
Sync with HEAD
Revision 1.10.2.5 / (download) - annotate - [select for diffs], Sun Mar 15 22:41:24 2015 UTC (7 years, 10 months ago) by snj
Branch: netbsd-7
CVS Tags: netbsd-7-nhusb-base-20170116,
netbsd-7-nhusb-base,
netbsd-7-nhusb,
netbsd-7-2-RELEASE,
netbsd-7-1-RELEASE,
netbsd-7-1-RC2,
netbsd-7-1-RC1,
netbsd-7-1-2-RELEASE,
netbsd-7-1-1-RELEASE,
netbsd-7-1,
netbsd-7-0-RELEASE,
netbsd-7-0-RC3,
netbsd-7-0-RC2,
netbsd-7-0-RC1,
netbsd-7-0-2-RELEASE,
netbsd-7-0-1-RELEASE,
netbsd-7-0
Changes since 1.10.2.4: +6 -4
lines
Diff to previous 1.10.2.4 (colored) to branchpoint 1.10 (colored) next main 1.11 (colored)
Pull up following revision(s) (requested by rmind in ticket #586): sys/net/npf/npf_conn.c: revision 1.16 npf_conn_establish: fix the previous change - drop the reference on error.
Revision 1.16 / (download) - annotate - [select for diffs], Thu Feb 5 22:04:03 2015 UTC (7 years, 11 months ago) by rmind
Branch: MAIN
CVS Tags: pgoyette-localcount-base,
pgoyette-localcount-20161104,
pgoyette-localcount-20160806,
pgoyette-localcount-20160726,
nick-nhusb-base-20161204,
nick-nhusb-base-20161004,
nick-nhusb-base-20160907,
nick-nhusb-base-20160529,
nick-nhusb-base-20160422,
nick-nhusb-base-20160319,
nick-nhusb-base-20151226,
nick-nhusb-base-20150921,
nick-nhusb-base-20150606,
nick-nhusb-base-20150406,
localcount-20160914
Branch point for: pgoyette-localcount
Changes since 1.15: +6 -4
lines
Diff to previous 1.15 (colored)
npf_conn_establish: fix the previous change - drop the reference on error.
Revision 1.10.2.4 / (download) - annotate - [select for diffs], Wed Feb 4 07:13:04 2015 UTC (7 years, 11 months ago) by snj
Branch: netbsd-7
Changes since 1.10.2.3: +49 -25
lines
Diff to previous 1.10.2.3 (colored) to branchpoint 1.10 (colored)
Pull up following revision(s) (requested by rmind in ticket #479): lib/libnpf/npf.c: revision 1.35 lib/libnpf/npf.h: revision 1.28 sys/net/npf/npf_conn.c: revision 1.15 sys/net/npf/npf_impl.h: revision 1.61 sys/net/npf/npf_ruleset.c: revision 1.41 usr.sbin/npf/npfctl/npf.conf.5: revision 1.44 usr.sbin/npf/npfctl/npf_parse.y: revision 1.37 usr.sbin/npf/npfctl/npf_show.c: revisions 1.16, 1.17 usr.sbin/npf/npfctl/npfctl.c: revision 1.46 load the config file before bpfjit so that we can disable the warning. -- Don't depend on yacc to include stdlib.h or string.h. -- - npf_conn_establish: remove a rare race condition when we might destroy a connection when it is still referenced by another thread. - npf_conn_destroy: remove the backwards entry using the saved key, PR/49488. - Sprinkle some asserts. -- npf.conf(5): mention alg, include in the example, minor fix. -- npfctl(8): report dynamic rule ID in a comment, print the case when libpcap is used correctly. Also, add npf_ruleset_dump() helper in the kernel. -- libnpf: add npf_rule_getid() and npf_rule_getcode(). Missed in the previous commit. -- npfctl_print_rule: print the ID in hex, not decimal.
Revision 1.15 / (download) - annotate - [select for diffs], Sun Feb 1 22:41:22 2015 UTC (7 years, 11 months ago) by rmind
Branch: MAIN
Changes since 1.14: +49 -25
lines
Diff to previous 1.14 (colored)
- npf_conn_establish: remove a rare race condition when we might destroy a connection when it is still referenced by another thread. - npf_conn_destroy: remove the backwards entry using the saved key, PR/49488. - Sprinkle some asserts.
Revision 1.10.2.3 / (download) - annotate - [select for diffs], Mon Dec 22 02:10:30 2014 UTC (8 years, 1 month ago) by msaitoh
Branch: netbsd-7
Changes since 1.10.2.2: +4 -4
lines
Diff to previous 1.10.2.2 (colored) to branchpoint 1.10 (colored)
Pull up following revision(s) (requested by rmind in ticket #347): sys/net/npf/npf_nat.c: revision 1.38 sys/net/npf/npf_conn.h: revision 1.8 sys/net/npf/npf_conn.c: revision 1.14 NPF: set the connection flags atomically in the post-creation logic and fix a tiny race condition window. Might fix PR/49488.
Revision 1.14 / (download) - annotate - [select for diffs], Sat Dec 20 16:19:43 2014 UTC (8 years, 1 month ago) by rmind
Branch: MAIN
Changes since 1.13: +4 -4
lines
Diff to previous 1.13 (colored)
NPF: set the connection flags atomically in the post-creation logic and fix a tiny race condition window. Might fix PR/49488.
Revision 1.10.2.2 / (download) - annotate - [select for diffs], Mon Dec 1 13:05:26 2014 UTC (8 years, 2 months ago) by martin
Branch: netbsd-7
Changes since 1.10.2.1: +4 -4
lines
Diff to previous 1.10.2.1 (colored) to branchpoint 1.10 (colored)
Pull up following revision(s) (requested by rmind in ticket #280): sys/net/npf/npf_ruleset.c: revision 1.40 sys/net/npf/npf_nat.c: revision 1.36 sys/net/npf/npf_nat.c: revision 1.37 sys/net/npf/npf_conn.h: revision 1.7 sys/net/npf/npf_conf.c: revision 1.9 sys/net/npf/npf_ruleset.c: revision 1.39 sys/net/npf/npf_conn.c: revision 1.13 sys/net/npf/npf_impl.h: revision 1.60 NPF: - npf_nat_import: take the port only if using the portmap. - Sprinkle some comments and asserts. - npf_config_load: if loading the connections, do not perform any actice NAT policy take over or or portmap sharing - just replace them all. - npf_config_fini: flush with the empty connection database. - npf_nat_import: fix the stat counter.
Revision 1.13 / (download) - annotate - [select for diffs], Sun Nov 30 00:40:55 2014 UTC (8 years, 2 months ago) by rmind
Branch: MAIN
Changes since 1.12: +4 -4
lines
Diff to previous 1.12 (colored)
NPF: - npf_nat_import: take the port only if using the portmap. - Sprinkle some comments and asserts.
Revision 1.10.2.1 / (download) - annotate - [select for diffs], Fri Aug 29 11:14:14 2014 UTC (8 years, 5 months ago) by martin
Branch: netbsd-7
Changes since 1.10: +10 -4
lines
Diff to previous 1.10 (colored)
Pull up following revision(s) (requested by rmind in ticket #56): sys/net/npf/npf_ctl.c: revision 1.39 usr.sbin/npf/npfctl/npfctl.c: revision 1.43 lib/libnpf/npf.c: revision 1.33 lib/libnpf/npf.c: revision 1.34 sys/net/npf/npf_impl.h: revision 1.59 sys/net/npf/npf_ctl.c: revision 1.40 sys/net/npf/npf_conn.c: revision 1.11 sys/net/npf/npf_alg.c: revision 1.15 sys/net/npf/npf_conn.c: revision 1.12 sys/net/npf/npf_nat.c: revision 1.33 sys/net/npf/npf_nat.c: revision 1.34 Add and use npf_alg_export(). npf_conn_import: handle NAT metadata correctly. npf_nat_newpolicy: restore the policy ID. npfctl_load: fix error code handling for the limit cases. npf_config_import: fix the inverted logic. npfctl_load: improve error handling. npf_conn_import: add a missing stat counter increment. npf_nat_import: add a missing reference and make a comment. npf_config_submit: finally, include the saved connections.
Revision 1.12 / (download) - annotate - [select for diffs], Sun Aug 24 20:36:30 2014 UTC (8 years, 5 months ago) by rmind
Branch: MAIN
CVS Tags: nick-nhusb-base
Branch point for: nick-nhusb
Changes since 1.11: +5 -2
lines
Diff to previous 1.11 (colored)
- npf_conn_import: add a missing stat counter increment. - npf_nat_import: add a missing reference and make a comment.
Revision 1.11.2.2 / (download) - annotate - [select for diffs], Wed Aug 20 00:04:35 2014 UTC (8 years, 5 months ago) by tls
Branch: tls-maxphys
Changes since 1.11.2.1: +993 -0
lines
Diff to previous 1.11.2.1 (colored)
Rebase to HEAD as of a few days ago.
Revision 1.11.2.1, Mon Aug 11 23:48:01 2014 UTC (8 years, 5 months ago) by tls
Branch: tls-maxphys
Changes since 1.11: +0 -996
lines
FILE REMOVED
file npf_conn.c was added on branch tls-maxphys on 2014-08-20 00:04:35 +0000
Revision 1.11 / (download) - annotate - [select for diffs], Mon Aug 11 23:48:01 2014 UTC (8 years, 5 months ago) by rmind
Branch: MAIN
Branch point for: tls-maxphys
Changes since 1.10: +7 -4
lines
Diff to previous 1.10 (colored)
- Add and use npf_alg_export(). - npf_conn_import: handle NAT metadata correctly. - npf_nat_newpolicy: restore the policy ID. - npfctl_load: fix error code handling for the limit cases. - npf_config_import: fix the inverted logic. - npfctl_load: improve error handling.
Revision 1.10 / (download) - annotate - [select for diffs], Sun Aug 10 19:09:43 2014 UTC (8 years, 5 months ago) by rmind
Branch: MAIN
CVS Tags: tls-maxphys-base,
netbsd-7-base
Branch point for: netbsd-7
Changes since 1.9: +51 -29
lines
Diff to previous 1.9 (colored)
- Add npf_ruleset_export(), npf_rule_export() and npf_nat_policyexport(). - Split off npf_conn_export(). Add npf_ifmap_getname() and use it to save the interface name; pick it up on npf_conn_import(). - Misc fixes. Bump NPF_VERSION.
Revision 1.9.2.2 / (download) - annotate - [select for diffs], Sun Aug 10 06:56:16 2014 UTC (8 years, 5 months ago) by tls
Branch: tls-earlyentropy
Changes since 1.9.2.1: +971 -0
lines
Diff to previous 1.9.2.1 (colored) to branchpoint 1.9 (colored) next main 1.10 (colored)
Rebase.
Revision 1.9.2.1, Sat Jul 26 16:42:03 2014 UTC (8 years, 6 months ago) by tls
Branch: tls-earlyentropy
Changes since 1.9: +0 -971
lines
FILE REMOVED
file npf_conn.c was added on branch tls-earlyentropy on 2014-08-10 06:56:16 +0000
Revision 1.9 / (download) - annotate - [select for diffs], Sat Jul 26 16:42:03 2014 UTC (8 years, 6 months ago) by rmind
Branch: MAIN
CVS Tags: tls-earlyentropy-base
Branch point for: tls-earlyentropy
Changes since 1.8: +5 -5
lines
Diff to previous 1.8 (colored)
npf_conn_conkey: fix a comment.
Revision 1.8 / (download) - annotate - [select for diffs], Fri Jul 25 23:21:46 2014 UTC (8 years, 6 months ago) by rmind
Branch: MAIN
Changes since 1.7: +21 -11
lines
Diff to previous 1.7 (colored)
npf_conn_conkey: adjust to return the key length and add a comment describing the key layout.
Revision 1.7 / (download) - annotate - [select for diffs], Fri Jul 25 23:07:21 2014 UTC (8 years, 6 months ago) by rmind
Branch: MAIN
Changes since 1.6: +3 -4
lines
Diff to previous 1.6 (colored)
npf_mk_connlist: destroy the connections on error path.
Revision 1.6 / (download) - annotate - [select for diffs], Wed Jul 23 01:25:34 2014 UTC (8 years, 6 months ago) by rmind
Branch: MAIN
Changes since 1.5: +81 -103
lines
Diff to previous 1.5 (colored)
NPF: rework of the connection saving and restoring: - Add support for saving a snapshot of the current connections together with a full configuration. Support a reverse load operation. Eliminate the old 'sess-save' and 'sess-load' in favour of the new mechanism. - Share code between load and reload operations: the latter performs load from npf.conf without affecting the connections. - Simplify and fix races with connection loading. - Bump NPF_VERSION.
Revision 1.5 / (download) - annotate - [select for diffs], Sun Jul 20 14:16:00 2014 UTC (8 years, 6 months ago) by joerg
Branch: MAIN
Changes since 1.4: +3 -4
lines
Diff to previous 1.4 (colored)
Drop variable only used in return.
Revision 1.4 / (download) - annotate - [select for diffs], Sun Jul 20 00:37:41 2014 UTC (8 years, 6 months ago) by rmind
Branch: MAIN
Changes since 1.3: +12 -10
lines
Diff to previous 1.3 (colored)
NPF: add nbuf_t * into npf_cache_t and remove unnecessary carrying by argument.
Revision 1.3 / (download) - annotate - [select for diffs], Sat Jul 19 21:22:58 2014 UTC (8 years, 6 months ago) by christos
Branch: MAIN
Changes since 1.2: +4 -4
lines
Diff to previous 1.2 (colored)
gcc-4.8 complains about not being able to inline
Revision 1.2 / (download) - annotate - [select for diffs], Sat Jul 19 20:59:01 2014 UTC (8 years, 6 months ago) by rmind
Branch: MAIN
Changes since 1.1: +4 -3
lines
Diff to previous 1.1 (colored)
Fix gcc warnings.
Revision 1.1 / (download) - annotate - [select for diffs], Sat Jul 19 18:24:16 2014 UTC (8 years, 6 months ago) by rmind
Branch: MAIN
NPF: partially rewrite the connection tracking mechanism: - Separate the tracking interface from the storage (state table) and thus prepare to use a new data structure for the storage. - Fix some race conditions in NAT association logic.