![[BACK]](/icons/back.gif){kind=icon}
Up to [cvs.NetBSD.org] / src / sys / net / npf
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.16.2.4 / (download) - annotate - [select for diffs], Sat Jun 20 15:46:48 2020 UTC (2 years, 11 months ago) by martin
Branch: netbsd-9
CVS Tags: netbsd-9-3-RELEASE,
netbsd-9-2-RELEASE,
netbsd-9-1-RELEASE
Changes since 1.16.2.3: +23 -14
lines
Diff to previous 1.16.2.3 (colored) to branchpoint 1.16 (colored) next main 1.17 (colored)
Pull up following revision(s) (requested by rmind in ticket #956):
usr.sbin/npf/npf-params.7: revision 1.4
sys/net/npf/npf_worker.c: revision 1.9
usr.sbin/npf/npftest/npftest.h: revision 1.17
usr.sbin/npf/npfctl/npf_bpf_comp.c: revision 1.16
usr.sbin/npf/npf-params.7: revision 1.5
sys/net/npf/npf_state_tcp.c: revision 1.21
usr.sbin/npf/npfctl/npf_build.c: revision 1.55
usr.sbin/npf/npf-params.7: revision 1.6
sys/net/npf/npfkern.h: revision 1.5
lib/libnpf/npf.c: revision 1.49
usr.sbin/npf/npf-params.7: revision 1.7
sys/net/npf/npf_impl.h: revision 1.81
sys/net/npf/npf_ext_log.c: revision 1.17
usr.sbin/npf/npfctl/npfctl.h: revision 1.53
usr.sbin/npf/npftest/libnpftest/npf_mbuf_subr.c: revision 1.11
sys/net/npf/npf_nat.c: revision 1.50
sys/net/npf/npf_mbuf.c: revision 1.24
sys/net/npf/npf_alg.c: revision 1.22
usr.sbin/npf/npftest/libnpftest/npf_nat_test.c: revision 1.14
usr.sbin/npf/npftest/libnpftest/npf_conn_test.c: file removal
usr.sbin/npf/npftest/libnpftest/npf_state_test.c: revision 1.10
sys/net/npf/npf.h: revision 1.63
usr.sbin/npf/npftest/libnpftest/npf_test.h: revision 1.21
usr.sbin/npf/npfctl/npf_var.c: revision 1.13
sys/net/npf/files.npf: revision 1.23
usr.sbin/npf/npfctl/npf_show.c: revision 1.32
usr.sbin/npf/npfctl/npf.conf.5: revision 1.91
sys/net/npf/npf_os.c: revision 1.18
sys/net/npf/npf_connkey.c: revision 1.2
sys/net/npf/npf_conf.c: revision 1.17
lib/libnpf/libnpf.3: revision 1.12
usr.sbin/npf/npftest/npftest.c: revision 1.25
usr.sbin/npf/npftest/libnpftest/npf_gc_test.c: revision 1.1
usr.sbin/npf/npfctl/npf_parse.y: revision 1.51
sys/net/npf/npf_tableset.c: revision 1.35
usr.sbin/npf/npftest/npftest.conf: revision 1.9
sys/net/npf/npf_sendpkt.c: revision 1.22
usr.sbin/npf/npfctl/npf_var.h: revision 1.10
sys/net/npf/npf_state.c: revision 1.23
sys/net/npf/npf_conn.h: revision 1.20
usr.sbin/npf/npfctl/npfctl.c: revision 1.64
usr.sbin/npf/npfctl/npf_cmd.c: revision 1.1
sys/net/npf/npf_portmap.c: revision 1.5
sys/net/npf/npf_params.c: revision 1.3
usr.sbin/npf/npfctl/npf_scan.l: revision 1.32
tests/net/npf/t_npf.sh: revision 1.4
sys/net/npf/npf_ext_rndblock.c: revision 1.9
lib/libnpf/npf.h: revision 1.39
sys/net/npf/npf_ruleset.c: revision 1.51
sys/net/npf/npf_alg_icmp.c: revision 1.33
sys/net/npf/npf.c: revision 1.43
usr.sbin/npf/npftest/libnpftest/npf_test_subr.c: revision 1.17
usr.sbin/npf/npfctl/npfctl.8: revision 1.25
sys/net/npf/npf_ctl.c: revision 1.60
usr.sbin/npf/npftest/libnpftest/npf_test_subr.c: revision 1.18
usr.sbin/npf/npftest/libnpftest/Makefile: revision 1.11
sys/net/npf/npf_handler.c: revision 1.49
sys/net/npf/npf_inet.c: revision 1.57
sys/net/npf/npf_ifaddr.c: revision 1.7
sys/net/npf/npf_conndb.c: revision 1.9
sys/net/npf/npf_if.c: revision 1.13
usr.sbin/npf/npfctl/Makefile: revision 1.15
sys/net/npf/npf_conn.c: revision 1.32
sys/net/npf/npf_ext_normalize.c: revision 1.10
sys/net/npf/npf_rproc.c: revision 1.20
sys/net/npf/npf_worker.c: revision 1.8
Major NPF improvements (merge from upstream):
- Switch to the C11-style atomic primitives using atomic_loadstore(9).
- npfkern: introduce the 'state.key.interface' and 'state.key.direction'
settings. Users can now choose whether the connection state should be
strictly per-interface or global at the configuration level. Keep NAT
logic to be always per-interface, though.
- npfkern: rewrite the G/C worker logic and make it self-tuning.
- npfkern and libnpf: multiple bug fixes; add param exporting; introduce
more parameters. Remove npf_nvlist_{copyin,copyout}() functions and
refactor npfctl_load_nvlist() with others; add npfctl_run_op() to have
a single entry point for operations. Introduce npf_flow_t and clean up
some code.
- npfctl: lots of fixes for the 'npfctl show' logic; make 'npfctl list'
more informative; misc usability improvements and more user-friendly
error messages.
- Amend and improve the manual pages.
npf_worker_sys{init,fini}: initialize/destroy the exit_cv condvar.
npftest -- npf_test_init(): add a workaround for NetBSD.
npf-params(7): fix the state.key defaults.
npf-params.7: s/filer/filter/
Adjust to "npfctl debug" command line changes, from rmind@.
Use more markup.
Revision 1.20 / (download) - annotate - [select for diffs], Sat May 30 14:16:56 2020 UTC (2 years, 11 months ago) by rmind
Branch: MAIN
CVS Tags: thorpej-i2c-spi-conf2-base,
thorpej-i2c-spi-conf2,
thorpej-i2c-spi-conf-base,
thorpej-i2c-spi-conf,
thorpej-futex2-base,
thorpej-futex2,
thorpej-futex-base,
thorpej-futex,
thorpej-cfargs2-base,
thorpej-cfargs2,
thorpej-cfargs-base,
thorpej-cfargs,
netbsd-10-base,
netbsd-10,
cjep_sun2x-base1,
cjep_sun2x-base,
cjep_sun2x,
cjep_staticlib_x-base1,
cjep_staticlib_x-base,
cjep_staticlib_x,
bouyer-sunxi-drm-base,
bouyer-sunxi-drm,
HEAD
Changes since 1.19: +23 -14
lines
Diff to previous 1.19 (colored)
Major NPF improvements (merge from upstream):
- Switch to the C11-style atomic primitives using atomic_loadstore(9).
- npfkern: introduce the 'state.key.interface' and 'state.key.direction'
settings. Users can now choose whether the connection state should be
strictly per-interface or global at the configuration level. Keep NAT
logic to be always per-interface, though.
- npfkern: rewrite the G/C worker logic and make it self-tuning.
- npfkern and libnpf: multiple bug fixes; add param exporting; introduce
more parameters. Remove npf_nvlist_{copyin,copyout}() functions and
refactor npfctl_load_nvlist() with others; add npfctl_run_op() to have
a single entry point for operations. Introduce npf_flow_t and clean up
some code.
- npfctl: lots of fixes for the 'npfctl show' logic; make 'npfctl list'
more informative; misc usability improvements and more user-friendly
error messages.
- Amend and improve the manual pages.
Revision 1.16.2.3 / (download) - annotate - [select for diffs], Mon May 25 17:25:28 2020 UTC (3 years ago) by martin
Branch: netbsd-9
Changes since 1.16.2.2: +1 -1
lines
Diff to previous 1.16.2.2 (colored) to branchpoint 1.16 (colored)
Pull up following revision(s) (requested by rmind in ticket #930):
usr.sbin/npf/npfctl/npf_build.c: revision 1.54
sys/net/npf/npf_conn.h: revision 1.19
usr.sbin/npf/npfctl/npfctl.h: revision 1.52
usr.sbin/npf/npfctl/npf_show.c: revision 1.31
sys/net/npf/npf_conf.c: revision 1.16
sys/net/npf/npf_nat.c: revision 1.49
sys/net/npf/npf_inet.c: revision 1.56
sys/net/npf/npf_conndb.c: revision 1.8
sys/net/npf/npf_conn.c: revision 1.31
Backport selected NPF fixes from the upstream (to be pulled up):
- npf_conndb_lookup: protect the connection lookup with pserialize(9),
instead of incorrectly assuming that the handler always runs at IPL_SOFNET.
Should fix crashes reported on high load (PR/55182).
- npf_config_destroy: handle partially initialized config; fixes crashes
with some invalid configurations.
- NAT policy creation / destruction: set the initial reference and do not
wait for reference draining on destruction; destroy the policy on the
last reference drop instead. Fixes a lockup with the dynamic NAT rules.
- npf_nat_{export,import}: fix a regression since dynamic NAT rules.
- npfctl: fix a regression and restore the default group behaviour.
- Add npf_cache_tcp() and validate the TCP data offset (from maxv@).
Revision 1.19 / (download) - annotate - [select for diffs], Sat May 23 19:56:00 2020 UTC (3 years ago) by rmind
Branch: MAIN
Changes since 1.18: +1 -1
lines
Diff to previous 1.18 (colored)
Backport selected NPF fixes from the upstream (to be pulled up):
- npf_conndb_lookup: protect the connection lookup with pserialize(9),
instead of incorrectly assuming that the handler always runs at IPL_SOFNET.
Should fix crashes reported on high load (PR/55182).
- npf_config_destroy: handle partially initialized config; fixes crashes
with some invalid configurations.
- NAT policy creation / destruction: set the initial reference and do not
wait for reference draining on destruction; destroy the policy on the
last reference drop instead. Fixes a lockup with the dynamic NAT rules.
- npf_nat_{export,import}: fix a regression since dynamic NAT rules.
- npfctl: fix a regression and restore the default group behaviour.
- Add npf_cache_tcp() and validate the TCP data offset (from maxv@).
Revision 1.13.4.2 / (download) - annotate - [select for diffs], Mon Apr 13 08:05:15 2020 UTC (3 years, 1 month ago) by martin
Branch: phil-wifi
Changes since 1.13.4.1: +58 -39
lines
Diff to previous 1.13.4.1 (colored) to branchpoint 1.13 (colored) next main 1.14 (colored)
Mostly merge changes from HEAD upto 20200411
Revision 1.16.2.2 / (download) - annotate - [select for diffs], Tue Aug 13 14:35:55 2019 UTC (3 years, 9 months ago) by martin
Branch: netbsd-9
CVS Tags: netbsd-9-0-RELEASE,
netbsd-9-0-RC2,
netbsd-9-0-RC1
Changes since 1.16.2.1: +5 -7
lines
Diff to previous 1.16.2.1 (colored) to branchpoint 1.16 (colored)
Pull up following revision(s) (requested by rmind in ticket #49): usr.sbin/npf/npf.7: revision 1.7 sys/net/npf/npfkern.h: revision 1.4 sys/net/npf/npf_conn.h: revision 1.18 usr.sbin/npf/npftest/libnpftest/npf_nat_test.c: revision 1.13 sys/net/npf/npf_ctl.c: revision 1.55 sys/net/npf/npf_os.c: revision 1.14 sys/net/npf/npf_conf.c: revision 1.14 usr.sbin/npf/npftest/libnpftest/npf_conn_test.c: revision 1.3 usr.sbin/npf/npftest/libnpftest/npf_perf_test.c: revision 1.9 sys/net/npf/npf_impl.h: revision 1.76 sys/net/npf/npf_portmap.c: revision 1.4 sys/net/npf/npf_params.c: revision 1.2 sys/net/npf/npf.c: revision 1.40 usr.sbin/npf/npftest/libnpftest/npf_test_subr.c: revision 1.16 usr.sbin/npf/npftest/libnpftest/npf_rule_test.c: revision 1.18 sys/net/npf/npf_nat.c: revision 1.47 sys/net/npf/npf_handler.c: revision 1.47 sys/net/npf/npf_inet.c: revision 1.55 sys/net/npf/npf_if.c: revision 1.10 sys/net/npf/npf_worker.c: revision 1.7 usr.sbin/npf/npf-params.7: revision 1.3 npf-params(7): add more bpf.jit details. From David H. Gutteridge. Adjust some internal NPF APIs: * npfkern: use the npfk_ prefix. * NPF portmap: amend the API so it could be used elsewhere. * Make npf_connkey_t public. npf.7: add xref to npf-params.7 (Adding directly here since this particular file isn't included in rmind@'s upstream GitHub repo at present.)
Revision 1.18 / (download) - annotate - [select for diffs], Sun Aug 11 20:26:33 2019 UTC (3 years, 9 months ago) by rmind
Branch: MAIN
CVS Tags: phil-wifi-20200421,
phil-wifi-20200411,
phil-wifi-20200406,
phil-wifi-20191119,
is-mlppp-base,
is-mlppp,
bouyer-xenpvh-base2,
bouyer-xenpvh-base1,
bouyer-xenpvh-base,
bouyer-xenpvh,
ad-namecache-base3,
ad-namecache-base2,
ad-namecache-base1,
ad-namecache-base,
ad-namecache
Changes since 1.17: +5 -7
lines
Diff to previous 1.17 (colored)
Adjust some internal NPF APIs: * npfkern: use the npfk_ prefix. * NPF portmap: amend the API so it could be used elsewhere. * Make npf_connkey_t public.
Revision 1.16.2.1 / (download) - annotate - [select for diffs], Wed Aug 7 08:28:37 2019 UTC (3 years, 9 months ago) by martin
Branch: netbsd-9
Changes since 1.16: +3 -2
lines
Diff to previous 1.16 (colored)
Pull up following revision(s) (requested by rmind in ticket #25): sys/net/npf/npf_conn.h: revision 1.17 sys/net/npf/npf.c: revision 1.39 sys/net/npf/npf_conn.c: revision 1.28 sys/net/npf/npf_conn.c: revision 1.29 Introduce an npf_conn_destroy_idx() that can handle partially constructed conn structures. - npf_conn_init(): fix a race when initialising the G/C thread. - Fix a bug when partially initialised connection is destroyed on error. (from rmind@)
Revision 1.17 / (download) - annotate - [select for diffs], Tue Aug 6 11:40:15 2019 UTC (3 years, 9 months ago) by christos
Branch: MAIN
Changes since 1.16: +3 -2
lines
Diff to previous 1.16 (colored)
- npf_conn_init(): fix a race when initialising the G/C thread. - Fix a bug when partially initialised connection is destroyed on error. (from rmind@)
Revision 1.16 / (download) - annotate - [select for diffs], Tue Jul 23 00:52:01 2019 UTC (3 years, 10 months ago) by rmind
Branch: MAIN
CVS Tags: netbsd-9-base
Branch point for: netbsd-9
Changes since 1.15: +55 -35
lines
Diff to previous 1.15 (colored)
NPF improvements: - Add support for dynamic NETMAP algorithm (stateful net-to-net). - Add most of the support for the dynamic NAT rules; a little bit more userland work is needed to finish this up and enable. - Replace 'stateful-ends' with more permissive 'stateful-all'. - Add various tunable parameters and document them, see npf-params(7). - Reduce the memory usage of the connection state table (conndb). - Portmap rewrite: use memory more efficiently, handle addresses dynamically. - Bug fix: add splsoftnet()/splx() around the thmap writers and comment. - npftest: clean up and simplify; fix some memleaks to make ASAN happy.
Revision 1.13.4.1 / (download) - annotate - [select for diffs], Mon Jun 10 22:09:46 2019 UTC (3 years, 11 months ago) by christos
Branch: phil-wifi
Changes since 1.13: +25 -22
lines
Diff to previous 1.13 (colored)
Sync with HEAD
Revision 1.13.2.2 / (download) - annotate - [select for diffs], Sat Jan 26 22:00:37 2019 UTC (4 years, 4 months ago) by pgoyette
Branch: pgoyette-compat
CVS Tags: pgoyette-compat-merge-20190127
Changes since 1.13.2.1: +22 -16
lines
Diff to previous 1.13.2.1 (colored) to branchpoint 1.13 (colored) next main 1.14 (colored)
Sync with HEAD
Revision 1.15 / (download) - annotate - [select for diffs], Sat Jan 19 21:19:31 2019 UTC (4 years, 4 months ago) by rmind
Branch: MAIN
CVS Tags: phil-wifi-20190609,
pgoyette-compat-20190127,
isaki-audio2-base,
isaki-audio2
Changes since 1.14: +22 -16
lines
Diff to previous 1.14 (colored)
Major NPF improvements: - Convert NPF connection table to thmap. State lookup is now lock-free. - Improve connection state G/C: it is now incremental and tunable. - Add support for dynamic NAT address. Translation addresses can now be selected from a pool of addresses. There are two selection algorithms, "ip-hash" and "round-robin" (see the man page). - Translation address can be specified as e.g. ifaddrs(wm0) in npf.conf to dynamically choose an IP from the interface address(es). - Add support for the NETMAP algorithm with static NAT for net-to-net translation (it is equivalent to iptables NETMAP logic). - Convert 'ipset' tables to use thmap; the table lookup is now lock-free. - Misc improvements, bug fixes and more unit tests. - Bump NPF_VERSION (will also bump libnpf).
Revision 1.13.2.1 / (download) - annotate - [select for diffs], Sun Sep 30 01:45:56 2018 UTC (4 years, 7 months ago) by pgoyette
Branch: pgoyette-compat
Changes since 1.13: +3 -6
lines
Diff to previous 1.13 (colored)
Ssync with HEAD
Revision 1.14 / (download) - annotate - [select for diffs], Sat Sep 29 14:41:36 2018 UTC (4 years, 7 months ago) by rmind
Branch: MAIN
CVS Tags: pgoyette-compat-20190118,
pgoyette-compat-1226,
pgoyette-compat-1126,
pgoyette-compat-1020,
pgoyette-compat-0930
Changes since 1.13: +3 -6
lines
Diff to previous 1.13 (colored)
NPF: Major rework -- migrate NPF to the libnv library. - This conversion significantly simplifies the code and moves NPF to a binary serialisation format (replacing the XML-like format). - Fix some memory/reference leaks and possibly use-after-free bugs. - Bump NPF_VERSION as this change makes libnpf incompatible with the previous versions. Also, different serialisation format means NPF connection/config saving and loading is not compatible with the previous versions either. Thanks to christos@ for extra testing.
Revision 1.13 / (download) - annotate - [select for diffs], Sun Dec 10 00:07:36 2017 UTC (5 years, 5 months ago) by rmind
Branch: MAIN
CVS Tags: phil-wifi-base,
pgoyette-compat-base,
pgoyette-compat-0906,
pgoyette-compat-0728,
pgoyette-compat-0625,
pgoyette-compat-0521,
pgoyette-compat-0502,
pgoyette-compat-0422,
pgoyette-compat-0415,
pgoyette-compat-0407,
pgoyette-compat-0330,
pgoyette-compat-0322,
pgoyette-compat-0315
Branch point for: phil-wifi,
pgoyette-compat
Changes since 1.12: +7 -2
lines
Diff to previous 1.12 (colored)
- npf_cop_table: handle non-IP packets in the ether (fixes PR/52290). - npfa_icmp_nat: do not recompute the checksum if no port translation. - npf_normalize (MSS clamping): fix the checksum handling on PFIL_OUT. - npflog: report the packet direction correctly.
Revision 1.6.4.3 / (download) - annotate - [select for diffs], Sun Dec 3 11:39:03 2017 UTC (5 years, 5 months ago) by jdolecek
Branch: tls-maxphys
Changes since 1.6.4.2: +20 -18
lines
Diff to previous 1.6.4.2 (colored) to branchpoint 1.6 (colored) next main 1.7 (colored)
update from HEAD
Revision 1.11.2.1 / (download) - annotate - [select for diffs], Fri Apr 21 16:54:05 2017 UTC (6 years, 1 month ago) by bouyer
Branch: bouyer-socketcan
Changes since 1.11: +6 -3
lines
Diff to previous 1.11 (colored) next main 1.12 (colored)
Sync with HEAD
Revision 1.8.2.2 / (download) - annotate - [select for diffs], Mon Mar 20 06:57:50 2017 UTC (6 years, 2 months ago) by pgoyette
Branch: pgoyette-localcount
Changes since 1.8.2.1: +6 -3
lines
Diff to previous 1.8.2.1 (colored) to branchpoint 1.8 (colored) next main 1.9 (colored)
Sync with HEAD
Revision 1.6.6.2 / (download) - annotate - [select for diffs], Sun Feb 5 13:40:58 2017 UTC (6 years, 3 months ago) by skrll
Branch: nick-nhusb
Changes since 1.6.6.1: +19 -17
lines
Diff to previous 1.6.6.1 (colored) to branchpoint 1.6 (colored) next main 1.7 (colored)
Sync with HEAD
Revision 1.12 / (download) - annotate - [select for diffs], Sun Jan 29 00:15:54 2017 UTC (6 years, 3 months ago) by christos
Branch: MAIN
CVS Tags: tls-maxphys-base-20171202,
prg-localcount2-base3,
prg-localcount2-base2,
prg-localcount2-base1,
prg-localcount2-base,
prg-localcount2,
pgoyette-localcount-20170426,
pgoyette-localcount-20170320,
perseant-stdc-iso10646-base,
perseant-stdc-iso10646,
nick-nhusb-base-20170825,
nick-nhusb-base-20170204,
netbsd-8-base,
netbsd-8-2-RELEASE,
netbsd-8-1-RELEASE,
netbsd-8-1-RC1,
netbsd-8-0-RELEASE,
netbsd-8-0-RC2,
netbsd-8-0-RC1,
netbsd-8,
matt-nb8-mediatek-base,
matt-nb8-mediatek,
jdolecek-ncq-base,
jdolecek-ncq,
bouyer-socketcan-base1
Changes since 1.11: +6 -3
lines
Diff to previous 1.11 (colored)
- Increase copyin buffer size to 4M - Change log output format to be like the OpenBSD's pf including in the header the matching rule etc, and fill in the matching info.
Revision 1.8.2.1 / (download) - annotate - [select for diffs], Sat Jan 7 08:56:50 2017 UTC (6 years, 4 months ago) by pgoyette
Branch: pgoyette-localcount
Changes since 1.8: +14 -15
lines
Diff to previous 1.8 (colored)
Sync with HEAD. (Note that most of these changes are simply $NetBSD$ tag issues.)
Revision 1.11 / (download) - annotate - [select for diffs], Mon Dec 26 23:05:06 2016 UTC (6 years, 5 months ago) by christos
Branch: MAIN
CVS Tags: pgoyette-localcount-20170107,
bouyer-socketcan-base
Branch point for: bouyer-socketcan
Changes since 1.10: +14 -15
lines
Diff to previous 1.10 (colored)
Sync NPF with the version on github: backport standalone NPF changes, which allow us to create and run separate NPF instances. Minor fixes. (from rmind@)
Revision 1.10 / (download) - annotate - [select for diffs], Sat Dec 10 19:05:45 2016 UTC (6 years, 5 months ago) by christos
Branch: MAIN
Changes since 1.9: +1 -2
lines
Diff to previous 1.9 (colored)
Welcome to version 18: - Connection state keys are not stored and loaded using the logical key contents. - connection finder key is stored in a map that contains the key and the direction.
Revision 1.9 / (download) - annotate - [select for diffs], Sat Dec 10 05:41:10 2016 UTC (6 years, 5 months ago) by christos
Branch: MAIN
Changes since 1.8: +2 -1
lines
Diff to previous 1.8 (colored)
add functionality to lookup a nat entry from the connection list.
Revision 1.6.6.1 / (download) - annotate - [select for diffs], Mon Apr 6 15:18:22 2015 UTC (8 years, 1 month ago) by skrll
Branch: nick-nhusb
Changes since 1.6: +3 -3
lines
Diff to previous 1.6 (colored)
Sync with HEAD
Revision 1.6.2.2 / (download) - annotate - [select for diffs], Mon Dec 22 02:10:30 2014 UTC (8 years, 5 months ago) by msaitoh
Branch: netbsd-7
CVS Tags: netbsd-7-nhusb-base-20170116,
netbsd-7-nhusb-base,
netbsd-7-nhusb,
netbsd-7-2-RELEASE,
netbsd-7-1-RELEASE,
netbsd-7-1-RC2,
netbsd-7-1-RC1,
netbsd-7-1-2-RELEASE,
netbsd-7-1-1-RELEASE,
netbsd-7-1,
netbsd-7-0-RELEASE,
netbsd-7-0-RC3,
netbsd-7-0-RC2,
netbsd-7-0-RC1,
netbsd-7-0-2-RELEASE,
netbsd-7-0-1-RELEASE,
netbsd-7-0
Changes since 1.6.2.1: +2 -2
lines
Diff to previous 1.6.2.1 (colored) to branchpoint 1.6 (colored) next main 1.7 (colored)
Pull up following revision(s) (requested by rmind in ticket #347): sys/net/npf/npf_nat.c: revision 1.38 sys/net/npf/npf_conn.h: revision 1.8 sys/net/npf/npf_conn.c: revision 1.14 NPF: set the connection flags atomically in the post-creation logic and fix a tiny race condition window. Might fix PR/49488.
Revision 1.8 / (download) - annotate - [select for diffs], Sat Dec 20 16:19:43 2014 UTC (8 years, 5 months ago) by rmind
Branch: MAIN
CVS Tags: pgoyette-localcount-base,
pgoyette-localcount-20161104,
pgoyette-localcount-20160806,
pgoyette-localcount-20160726,
nick-nhusb-base-20161204,
nick-nhusb-base-20161004,
nick-nhusb-base-20160907,
nick-nhusb-base-20160529,
nick-nhusb-base-20160422,
nick-nhusb-base-20160319,
nick-nhusb-base-20151226,
nick-nhusb-base-20150921,
nick-nhusb-base-20150606,
nick-nhusb-base-20150406,
localcount-20160914
Branch point for: pgoyette-localcount
Changes since 1.7: +2 -2
lines
Diff to previous 1.7 (colored)
NPF: set the connection flags atomically in the post-creation logic and fix a tiny race condition window. Might fix PR/49488.
Revision 1.6.2.1 / (download) - annotate - [select for diffs], Mon Dec 1 13:05:26 2014 UTC (8 years, 5 months ago) by martin
Branch: netbsd-7
Changes since 1.6: +2 -2
lines
Diff to previous 1.6 (colored)
Pull up following revision(s) (requested by rmind in ticket #280): sys/net/npf/npf_ruleset.c: revision 1.40 sys/net/npf/npf_nat.c: revision 1.36 sys/net/npf/npf_nat.c: revision 1.37 sys/net/npf/npf_conn.h: revision 1.7 sys/net/npf/npf_conf.c: revision 1.9 sys/net/npf/npf_ruleset.c: revision 1.39 sys/net/npf/npf_conn.c: revision 1.13 sys/net/npf/npf_impl.h: revision 1.60 NPF: - npf_nat_import: take the port only if using the portmap. - Sprinkle some comments and asserts. - npf_config_load: if loading the connections, do not perform any actice NAT policy take over or or portmap sharing - just replace them all. - npf_config_fini: flush with the empty connection database. - npf_nat_import: fix the stat counter.
Revision 1.7 / (download) - annotate - [select for diffs], Sun Nov 30 00:40:55 2014 UTC (8 years, 5 months ago) by rmind
Branch: MAIN
Changes since 1.6: +2 -2
lines
Diff to previous 1.6 (colored)
NPF: - npf_nat_import: take the port only if using the portmap. - Sprinkle some comments and asserts.
Revision 1.6.4.2 / (download) - annotate - [select for diffs], Wed Aug 20 00:04:35 2014 UTC (8 years, 9 months ago) by tls
Branch: tls-maxphys
Changes since 1.6.4.1: +142 -0
lines
Diff to previous 1.6.4.1 (colored) to branchpoint 1.6 (colored)
Rebase to HEAD as of a few days ago.
Revision 1.6.4.1, Sun Aug 10 19:09:43 2014 UTC (8 years, 9 months ago) by tls
Branch: tls-maxphys
Changes since 1.6: +0 -142
lines
FILE REMOVED
file npf_conn.h was added on branch tls-maxphys on 2014-08-20 00:04:35 +0000
Revision 1.6 / (download) - annotate - [select for diffs], Sun Aug 10 19:09:43 2014 UTC (8 years, 9 months ago) by rmind
Branch: MAIN
CVS Tags: tls-maxphys-base,
nick-nhusb-base,
netbsd-7-base
Branch point for: tls-maxphys,
nick-nhusb,
netbsd-7
Changes since 1.5: +3 -2
lines
Diff to previous 1.5 (colored)
- Add npf_ruleset_export(), npf_rule_export() and npf_nat_policyexport(). - Split off npf_conn_export(). Add npf_ifmap_getname() and use it to save the interface name; pick it up on npf_conn_import(). - Misc fixes. Bump NPF_VERSION.
Revision 1.5.2.2 / (download) - annotate - [select for diffs], Sun Aug 10 06:56:16 2014 UTC (8 years, 9 months ago) by tls
Branch: tls-earlyentropy
Changes since 1.5.2.1: +141 -0
lines
Diff to previous 1.5.2.1 (colored) to branchpoint 1.5 (colored) next main 1.6 (colored)
Rebase.
Revision 1.5.2.1, Fri Jul 25 23:21:46 2014 UTC (8 years, 10 months ago) by tls
Branch: tls-earlyentropy
Changes since 1.5: +0 -141
lines
FILE REMOVED
file npf_conn.h was added on branch tls-earlyentropy on 2014-08-10 06:56:16 +0000
Revision 1.5 / (download) - annotate - [select for diffs], Fri Jul 25 23:21:46 2014 UTC (8 years, 10 months ago) by rmind
Branch: MAIN
CVS Tags: tls-earlyentropy-base
Branch point for: tls-earlyentropy
Changes since 1.4: +2 -2
lines
Diff to previous 1.4 (colored)
npf_conn_conkey: adjust to return the key length and add a comment describing the key layout.
Revision 1.4 / (download) - annotate - [select for diffs], Fri Jul 25 23:07:21 2014 UTC (8 years, 10 months ago) by rmind
Branch: MAIN
Changes since 1.3: +2 -1
lines
Diff to previous 1.3 (colored)
npf_mk_connlist: destroy the connections on error path.
Revision 1.3 / (download) - annotate - [select for diffs], Wed Jul 23 01:25:34 2014 UTC (8 years, 10 months ago) by rmind
Branch: MAIN
Changes since 1.2: +8 -6
lines
Diff to previous 1.2 (colored)
NPF: rework of the connection saving and restoring: - Add support for saving a snapshot of the current connections together with a full configuration. Support a reverse load operation. Eliminate the old 'sess-save' and 'sess-load' in favour of the new mechanism. - Share code between load and reload operations: the latter performs load from npf.conf without affecting the connections. - Simplify and fix races with connection loading. - Bump NPF_VERSION.
Revision 1.2 / (download) - annotate - [select for diffs], Sun Jul 20 00:37:41 2014 UTC (8 years, 10 months ago) by rmind
Branch: MAIN
Changes since 1.1: +4 -5
lines
Diff to previous 1.1 (colored)
NPF: add nbuf_t * into npf_cache_t and remove unnecessary carrying by argument.
Revision 1.1 / (download) - annotate - [select for diffs], Sat Jul 19 19:14:21 2014 UTC (8 years, 10 months ago) by rmind
Branch: MAIN
Add npf_conn.h missed in the previous commit.