![[BACK]](/icons/back.gif){kind=icon}
Up to [cvs.NetBSD.org] / src / sys / net / npf
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.6.2.2 / (download) - annotate - [select for diffs], Sat Jun 20 15:46:48 2020 UTC (2 years, 11 months ago) by martin
Branch: netbsd-9
CVS Tags: netbsd-9-3-RELEASE,
netbsd-9-2-RELEASE,
netbsd-9-1-RELEASE
Changes since 1.6.2.1: +69 -27
lines
Diff to previous 1.6.2.1 (colored) to branchpoint 1.6 (colored) next main 1.7 (colored)
Pull up following revision(s) (requested by rmind in ticket #956):
usr.sbin/npf/npf-params.7: revision 1.4
sys/net/npf/npf_worker.c: revision 1.9
usr.sbin/npf/npftest/npftest.h: revision 1.17
usr.sbin/npf/npfctl/npf_bpf_comp.c: revision 1.16
usr.sbin/npf/npf-params.7: revision 1.5
sys/net/npf/npf_state_tcp.c: revision 1.21
usr.sbin/npf/npfctl/npf_build.c: revision 1.55
usr.sbin/npf/npf-params.7: revision 1.6
sys/net/npf/npfkern.h: revision 1.5
lib/libnpf/npf.c: revision 1.49
usr.sbin/npf/npf-params.7: revision 1.7
sys/net/npf/npf_impl.h: revision 1.81
sys/net/npf/npf_ext_log.c: revision 1.17
usr.sbin/npf/npfctl/npfctl.h: revision 1.53
usr.sbin/npf/npftest/libnpftest/npf_mbuf_subr.c: revision 1.11
sys/net/npf/npf_nat.c: revision 1.50
sys/net/npf/npf_mbuf.c: revision 1.24
sys/net/npf/npf_alg.c: revision 1.22
usr.sbin/npf/npftest/libnpftest/npf_nat_test.c: revision 1.14
usr.sbin/npf/npftest/libnpftest/npf_conn_test.c: file removal
usr.sbin/npf/npftest/libnpftest/npf_state_test.c: revision 1.10
sys/net/npf/npf.h: revision 1.63
usr.sbin/npf/npftest/libnpftest/npf_test.h: revision 1.21
usr.sbin/npf/npfctl/npf_var.c: revision 1.13
sys/net/npf/files.npf: revision 1.23
usr.sbin/npf/npfctl/npf_show.c: revision 1.32
usr.sbin/npf/npfctl/npf.conf.5: revision 1.91
sys/net/npf/npf_os.c: revision 1.18
sys/net/npf/npf_connkey.c: revision 1.2
sys/net/npf/npf_conf.c: revision 1.17
lib/libnpf/libnpf.3: revision 1.12
usr.sbin/npf/npftest/npftest.c: revision 1.25
usr.sbin/npf/npftest/libnpftest/npf_gc_test.c: revision 1.1
usr.sbin/npf/npfctl/npf_parse.y: revision 1.51
sys/net/npf/npf_tableset.c: revision 1.35
usr.sbin/npf/npftest/npftest.conf: revision 1.9
sys/net/npf/npf_sendpkt.c: revision 1.22
usr.sbin/npf/npfctl/npf_var.h: revision 1.10
sys/net/npf/npf_state.c: revision 1.23
sys/net/npf/npf_conn.h: revision 1.20
usr.sbin/npf/npfctl/npfctl.c: revision 1.64
usr.sbin/npf/npfctl/npf_cmd.c: revision 1.1
sys/net/npf/npf_portmap.c: revision 1.5
sys/net/npf/npf_params.c: revision 1.3
usr.sbin/npf/npfctl/npf_scan.l: revision 1.32
tests/net/npf/t_npf.sh: revision 1.4
sys/net/npf/npf_ext_rndblock.c: revision 1.9
lib/libnpf/npf.h: revision 1.39
sys/net/npf/npf_ruleset.c: revision 1.51
sys/net/npf/npf_alg_icmp.c: revision 1.33
sys/net/npf/npf.c: revision 1.43
usr.sbin/npf/npftest/libnpftest/npf_test_subr.c: revision 1.17
usr.sbin/npf/npfctl/npfctl.8: revision 1.25
sys/net/npf/npf_ctl.c: revision 1.60
usr.sbin/npf/npftest/libnpftest/npf_test_subr.c: revision 1.18
usr.sbin/npf/npftest/libnpftest/Makefile: revision 1.11
sys/net/npf/npf_handler.c: revision 1.49
sys/net/npf/npf_inet.c: revision 1.57
sys/net/npf/npf_ifaddr.c: revision 1.7
sys/net/npf/npf_conndb.c: revision 1.9
sys/net/npf/npf_if.c: revision 1.13
usr.sbin/npf/npfctl/Makefile: revision 1.15
sys/net/npf/npf_conn.c: revision 1.32
sys/net/npf/npf_ext_normalize.c: revision 1.10
sys/net/npf/npf_rproc.c: revision 1.20
sys/net/npf/npf_worker.c: revision 1.8
Major NPF improvements (merge from upstream):
- Switch to the C11-style atomic primitives using atomic_loadstore(9).
- npfkern: introduce the 'state.key.interface' and 'state.key.direction'
settings. Users can now choose whether the connection state should be
strictly per-interface or global at the configuration level. Keep NAT
logic to be always per-interface, though.
- npfkern: rewrite the G/C worker logic and make it self-tuning.
- npfkern and libnpf: multiple bug fixes; add param exporting; introduce
more parameters. Remove npf_nvlist_{copyin,copyout}() functions and
refactor npfctl_load_nvlist() with others; add npfctl_run_op() to have
a single entry point for operations. Introduce npf_flow_t and clean up
some code.
- npfctl: lots of fixes for the 'npfctl show' logic; make 'npfctl list'
more informative; misc usability improvements and more user-friendly
error messages.
- Amend and improve the manual pages.
npf_worker_sys{init,fini}: initialize/destroy the exit_cv condvar.
npftest -- npf_test_init(): add a workaround for NetBSD.
npf-params(7): fix the state.key defaults.
npf-params.7: s/filer/filter/
Adjust to "npfctl debug" command line changes, from rmind@.
Use more markup.
Revision 1.9 / (download) - annotate - [select for diffs], Sat May 30 14:16:56 2020 UTC (3 years ago) by rmind
Branch: MAIN
CVS Tags: thorpej-i2c-spi-conf2-base,
thorpej-i2c-spi-conf2,
thorpej-i2c-spi-conf-base,
thorpej-i2c-spi-conf,
thorpej-futex2-base,
thorpej-futex2,
thorpej-futex-base,
thorpej-futex,
thorpej-cfargs2-base,
thorpej-cfargs2,
thorpej-cfargs-base,
thorpej-cfargs,
netbsd-10-base,
netbsd-10,
cjep_sun2x-base1,
cjep_sun2x-base,
cjep_sun2x,
cjep_staticlib_x-base1,
cjep_staticlib_x-base,
cjep_staticlib_x,
bouyer-sunxi-drm-base,
bouyer-sunxi-drm,
HEAD
Changes since 1.8: +69 -27
lines
Diff to previous 1.8 (colored)
Major NPF improvements (merge from upstream):
- Switch to the C11-style atomic primitives using atomic_loadstore(9).
- npfkern: introduce the 'state.key.interface' and 'state.key.direction'
settings. Users can now choose whether the connection state should be
strictly per-interface or global at the configuration level. Keep NAT
logic to be always per-interface, though.
- npfkern: rewrite the G/C worker logic and make it self-tuning.
- npfkern and libnpf: multiple bug fixes; add param exporting; introduce
more parameters. Remove npf_nvlist_{copyin,copyout}() functions and
refactor npfctl_load_nvlist() with others; add npfctl_run_op() to have
a single entry point for operations. Introduce npf_flow_t and clean up
some code.
- npfctl: lots of fixes for the 'npfctl show' logic; make 'npfctl list'
more informative; misc usability improvements and more user-friendly
error messages.
- Amend and improve the manual pages.
Revision 1.6.2.1 / (download) - annotate - [select for diffs], Mon May 25 17:25:28 2020 UTC (3 years ago) by martin
Branch: netbsd-9
Changes since 1.6: +6 -2
lines
Diff to previous 1.6 (colored)
Pull up following revision(s) (requested by rmind in ticket #930):
usr.sbin/npf/npfctl/npf_build.c: revision 1.54
sys/net/npf/npf_conn.h: revision 1.19
usr.sbin/npf/npfctl/npfctl.h: revision 1.52
usr.sbin/npf/npfctl/npf_show.c: revision 1.31
sys/net/npf/npf_conf.c: revision 1.16
sys/net/npf/npf_nat.c: revision 1.49
sys/net/npf/npf_inet.c: revision 1.56
sys/net/npf/npf_conndb.c: revision 1.8
sys/net/npf/npf_conn.c: revision 1.31
Backport selected NPF fixes from the upstream (to be pulled up):
- npf_conndb_lookup: protect the connection lookup with pserialize(9),
instead of incorrectly assuming that the handler always runs at IPL_SOFNET.
Should fix crashes reported on high load (PR/55182).
- npf_config_destroy: handle partially initialized config; fixes crashes
with some invalid configurations.
- NAT policy creation / destruction: set the initial reference and do not
wait for reference draining on destruction; destroy the policy on the
last reference drop instead. Fixes a lockup with the dynamic NAT rules.
- npf_nat_{export,import}: fix a regression since dynamic NAT rules.
- npfctl: fix a regression and restore the default group behaviour.
- Add npf_cache_tcp() and validate the TCP data offset (from maxv@).
Revision 1.8 / (download) - annotate - [select for diffs], Sat May 23 19:56:00 2020 UTC (3 years ago) by rmind
Branch: MAIN
Changes since 1.7: +6 -2
lines
Diff to previous 1.7 (colored)
Backport selected NPF fixes from the upstream (to be pulled up):
- npf_conndb_lookup: protect the connection lookup with pserialize(9),
instead of incorrectly assuming that the handler always runs at IPL_SOFNET.
Should fix crashes reported on high load (PR/55182).
- npf_config_destroy: handle partially initialized config; fixes crashes
with some invalid configurations.
- NAT policy creation / destruction: set the initial reference and do not
wait for reference draining on destruction; destroy the policy on the
last reference drop instead. Fixes a lockup with the dynamic NAT rules.
- npf_nat_{export,import}: fix a regression since dynamic NAT rules.
- npfctl: fix a regression and restore the default group behaviour.
- Add npf_cache_tcp() and validate the TCP data offset (from maxv@).
Revision 1.3.16.3 / (download) - annotate - [select for diffs], Mon Apr 13 08:05:15 2020 UTC (3 years, 1 month ago) by martin
Branch: phil-wifi
Changes since 1.3.16.2: +90 -26
lines
Diff to previous 1.3.16.2 (colored) to branchpoint 1.3 (colored) next main 1.4 (colored)
Mostly merge changes from HEAD upto 20200411
Revision 1.3.16.2 / (download) - annotate - [select for diffs], Wed Apr 8 14:08:57 2020 UTC (3 years, 1 month ago) by martin
Branch: phil-wifi
Changes since 1.3.16.1: +2 -2
lines
Diff to previous 1.3.16.1 (colored) to branchpoint 1.3 (colored)
Merge changes from current as of 20200406
Revision 1.7 / (download) - annotate - [select for diffs], Sat Dec 14 15:21:51 2019 UTC (3 years, 5 months ago) by riastradh
Branch: MAIN
CVS Tags: phil-wifi-20200421,
phil-wifi-20200411,
phil-wifi-20200406,
is-mlppp-base,
is-mlppp,
bouyer-xenpvh-base2,
bouyer-xenpvh-base1,
bouyer-xenpvh-base,
bouyer-xenpvh,
ad-namecache-base3,
ad-namecache-base2,
ad-namecache-base1,
ad-namecache-base,
ad-namecache
Changes since 1.6: +2 -2
lines
Diff to previous 1.6 (colored)
Skip npf_config_sync if nothing to do. Saves an unnecessary pserialize_perform every second.
Revision 1.6 / (download) - annotate - [select for diffs], Tue Jul 23 00:52:01 2019 UTC (3 years, 10 months ago) by rmind
Branch: MAIN
CVS Tags: phil-wifi-20191119,
netbsd-9-base,
netbsd-9-0-RELEASE,
netbsd-9-0-RC2,
netbsd-9-0-RC1
Branch point for: netbsd-9
Changes since 1.5: +91 -27
lines
Diff to previous 1.5 (colored)
NPF improvements: - Add support for dynamic NETMAP algorithm (stateful net-to-net). - Add most of the support for the dynamic NAT rules; a little bit more userland work is needed to finish this up and enable. - Replace 'stateful-ends' with more permissive 'stateful-all'. - Add various tunable parameters and document them, see npf-params(7). - Reduce the memory usage of the connection state table (conndb). - Portmap rewrite: use memory more efficiently, handle addresses dynamically. - Bug fix: add splsoftnet()/splx() around the thmap writers and comment. - npftest: clean up and simplify; fix some memleaks to make ASAN happy.
Revision 1.3.16.1 / (download) - annotate - [select for diffs], Mon Jun 10 22:09:46 2019 UTC (3 years, 11 months ago) by christos
Branch: phil-wifi
Changes since 1.3: +213 -166
lines
Diff to previous 1.3 (colored)
Sync with HEAD
Revision 1.3.14.2 / (download) - annotate - [select for diffs], Sat Jan 26 22:00:37 2019 UTC (4 years, 4 months ago) by pgoyette
Branch: pgoyette-compat
CVS Tags: pgoyette-compat-merge-20190127
Changes since 1.3.14.1: +213 -143
lines
Diff to previous 1.3.14.1 (colored) to branchpoint 1.3 (colored) next main 1.4 (colored)
Sync with HEAD
Revision 1.5 / (download) - annotate - [select for diffs], Sat Jan 19 21:19:31 2019 UTC (4 years, 4 months ago) by rmind
Branch: MAIN
CVS Tags: phil-wifi-20190609,
pgoyette-compat-20190127,
isaki-audio2-base,
isaki-audio2
Changes since 1.4: +213 -143
lines
Diff to previous 1.4 (colored)
Major NPF improvements: - Convert NPF connection table to thmap. State lookup is now lock-free. - Improve connection state G/C: it is now incremental and tunable. - Add support for dynamic NAT address. Translation addresses can now be selected from a pool of addresses. There are two selection algorithms, "ip-hash" and "round-robin" (see the man page). - Translation address can be specified as e.g. ifaddrs(wm0) in npf.conf to dynamically choose an IP from the interface address(es). - Add support for the NETMAP algorithm with static NAT for net-to-net translation (it is equivalent to iptables NETMAP logic). - Convert 'ipset' tables to use thmap; the table lookup is now lock-free. - Misc improvements, bug fixes and more unit tests. - Bump NPF_VERSION (will also bump libnpf).
Revision 1.3.14.1 / (download) - annotate - [select for diffs], Sun Sep 30 01:45:56 2018 UTC (4 years, 8 months ago) by pgoyette
Branch: pgoyette-compat
Changes since 1.3: +1 -24
lines
Diff to previous 1.3 (colored)
Ssync with HEAD
Revision 1.4 / (download) - annotate - [select for diffs], Sat Sep 29 14:41:36 2018 UTC (4 years, 8 months ago) by rmind
Branch: MAIN
CVS Tags: pgoyette-compat-20190118,
pgoyette-compat-1226,
pgoyette-compat-1126,
pgoyette-compat-1020,
pgoyette-compat-0930
Changes since 1.3: +1 -24
lines
Diff to previous 1.3 (colored)
NPF: Major rework -- migrate NPF to the libnv library. - This conversion significantly simplifies the code and moves NPF to a binary serialisation format (replacing the XML-like format). - Fix some memory/reference leaks and possibly use-after-free bugs. - Bump NPF_VERSION as this change makes libnpf incompatible with the previous versions. Also, different serialisation format means NPF connection/config saving and loading is not compatible with the previous versions either. Thanks to christos@ for extra testing.
Revision 1.2.6.3 / (download) - annotate - [select for diffs], Sun Dec 3 11:39:03 2017 UTC (5 years, 5 months ago) by jdolecek
Branch: tls-maxphys
Changes since 1.2.6.2: +25 -1
lines
Diff to previous 1.2.6.2 (colored) to branchpoint 1.2 (colored) next main 1.3 (colored)
update from HEAD
Revision 1.2.8.1 / (download) - annotate - [select for diffs], Sun Feb 5 13:40:58 2017 UTC (6 years, 3 months ago) by skrll
Branch: nick-nhusb
Changes since 1.2: +27 -3
lines
Diff to previous 1.2 (colored) next main 1.3 (colored)
Sync with HEAD
Revision 1.2.12.1 / (download) - annotate - [select for diffs], Sat Jan 7 08:56:50 2017 UTC (6 years, 4 months ago) by pgoyette
Branch: pgoyette-localcount
Changes since 1.2: +27 -3
lines
Diff to previous 1.2 (colored) next main 1.3 (colored)
Sync with HEAD. (Note that most of these changes are simply $NetBSD$ tag issues.)
Revision 1.3 / (download) - annotate - [select for diffs], Mon Dec 26 23:05:06 2016 UTC (6 years, 5 months ago) by christos
Branch: MAIN
CVS Tags: tls-maxphys-base-20171202,
prg-localcount2-base3,
prg-localcount2-base2,
prg-localcount2-base1,
prg-localcount2-base,
prg-localcount2,
phil-wifi-base,
pgoyette-localcount-20170426,
pgoyette-localcount-20170320,
pgoyette-localcount-20170107,
pgoyette-compat-base,
pgoyette-compat-0906,
pgoyette-compat-0728,
pgoyette-compat-0625,
pgoyette-compat-0521,
pgoyette-compat-0502,
pgoyette-compat-0422,
pgoyette-compat-0415,
pgoyette-compat-0407,
pgoyette-compat-0330,
pgoyette-compat-0322,
pgoyette-compat-0315,
perseant-stdc-iso10646-base,
perseant-stdc-iso10646,
nick-nhusb-base-20170825,
nick-nhusb-base-20170204,
netbsd-8-base,
netbsd-8-2-RELEASE,
netbsd-8-1-RELEASE,
netbsd-8-1-RC1,
netbsd-8-0-RELEASE,
netbsd-8-0-RC2,
netbsd-8-0-RC1,
netbsd-8,
matt-nb8-mediatek-base,
matt-nb8-mediatek,
jdolecek-ncq-base,
jdolecek-ncq,
bouyer-socketcan-base1,
bouyer-socketcan-base,
bouyer-socketcan
Branch point for: phil-wifi,
pgoyette-compat
Changes since 1.2: +27 -3
lines
Diff to previous 1.2 (colored)
Sync NPF with the version on github: backport standalone NPF changes, which allow us to create and run separate NPF instances. Minor fixes. (from rmind@)
Revision 1.2.6.2 / (download) - annotate - [select for diffs], Wed Aug 20 00:04:35 2014 UTC (8 years, 9 months ago) by tls
Branch: tls-maxphys
Changes since 1.2.6.1: +274 -0
lines
Diff to previous 1.2.6.1 (colored) to branchpoint 1.2 (colored)
Rebase to HEAD as of a few days ago.
Revision 1.2.2.2 / (download) - annotate - [select for diffs], Sun Aug 10 06:56:16 2014 UTC (8 years, 9 months ago) by tls
Branch: tls-earlyentropy
Changes since 1.2.2.1: +274 -0
lines
Diff to previous 1.2.2.1 (colored) to branchpoint 1.2 (colored) next main 1.3 (colored)
Rebase.
Revision 1.2.6.1, Wed Jul 23 01:25:34 2014 UTC (8 years, 10 months ago) by tls
Branch: tls-maxphys
Changes since 1.2: +0 -274
lines
FILE REMOVED
file npf_conndb.c was added on branch tls-maxphys on 2014-08-20 00:04:35 +0000
Revision 1.2.2.1, Wed Jul 23 01:25:34 2014 UTC (8 years, 10 months ago) by tls
Branch: tls-earlyentropy
Changes since 1.2: +0 -274
lines
FILE REMOVED
file npf_conndb.c was added on branch tls-earlyentropy on 2014-08-10 06:56:16 +0000
Revision 1.2 / (download) - annotate - [select for diffs], Wed Jul 23 01:25:34 2014 UTC (8 years, 10 months ago) by rmind
Branch: MAIN
CVS Tags: tls-maxphys-base,
tls-earlyentropy-base,
pgoyette-localcount-base,
pgoyette-localcount-20161104,
pgoyette-localcount-20160806,
pgoyette-localcount-20160726,
nick-nhusb-base-20161204,
nick-nhusb-base-20161004,
nick-nhusb-base-20160907,
nick-nhusb-base-20160529,
nick-nhusb-base-20160422,
nick-nhusb-base-20160319,
nick-nhusb-base-20151226,
nick-nhusb-base-20150921,
nick-nhusb-base-20150606,
nick-nhusb-base-20150406,
nick-nhusb-base,
netbsd-7-nhusb-base-20170116,
netbsd-7-nhusb-base,
netbsd-7-nhusb,
netbsd-7-base,
netbsd-7-2-RELEASE,
netbsd-7-1-RELEASE,
netbsd-7-1-RC2,
netbsd-7-1-RC1,
netbsd-7-1-2-RELEASE,
netbsd-7-1-1-RELEASE,
netbsd-7-1,
netbsd-7-0-RELEASE,
netbsd-7-0-RC3,
netbsd-7-0-RC2,
netbsd-7-0-RC1,
netbsd-7-0-2-RELEASE,
netbsd-7-0-1-RELEASE,
netbsd-7-0,
netbsd-7,
localcount-20160914
Branch point for: tls-maxphys,
tls-earlyentropy,
pgoyette-localcount,
nick-nhusb
Changes since 1.1: +8 -2
lines
Diff to previous 1.1 (colored)
NPF: rework of the connection saving and restoring: - Add support for saving a snapshot of the current connections together with a full configuration. Support a reverse load operation. Eliminate the old 'sess-save' and 'sess-load' in favour of the new mechanism. - Share code between load and reload operations: the latter performs load from npf.conf without affecting the connections. - Simplify and fix races with connection loading. - Bump NPF_VERSION.
Revision 1.1 / (download) - annotate - [select for diffs], Sat Jul 19 18:24:16 2014 UTC (8 years, 10 months ago) by rmind
Branch: MAIN
NPF: partially rewrite the connection tracking mechanism: - Separate the tracking interface from the storage (state table) and thus prepare to use a new data structure for the storage. - Fix some race conditions in NAT association logic.