![[BACK]](/icons/back.gif){kind=icon}
Up to [cvs.NetBSD.org] / src / sys / net / npf
Request diff between arbitrary revisions
Default branch: MAIN
Current tag: MAIN
Revision 1.11 / (download) - annotate - [select for diffs], Sat Feb 9 03:35:32 2013 UTC (3 months, 1 week ago) by rmind
Branch: MAIN
CVS Tags: tls-maxphys-nbase,
tls-maxphys-base,
khorben-n900,
agc-symver-base,
agc-symver,
HEAD
Changes since 1.10: +1 -5
lines
Diff to previous 1.10 (colored)
NPF: - Implement dynamic NPF rules. Controlled through npf(3) library of via npfctl rule command. A rule can be removed using a unique identifier, returned on addition, or using a key which is SHA1 hash of the rule. Adjust npftest and add a regression test. - Improvements to rule inspection mechanism. - Initial BPF support as an alternative to n-code. - Minor fixes; bump the version.
Revision 1.10 / (download) - annotate - [select for diffs], Thu Jul 19 21:52:29 2012 UTC (9 months, 4 weeks ago) by spz
Branch: MAIN
CVS Tags: yamt-pagecache-base8,
yamt-pagecache-base7,
yamt-pagecache-base6
Branch point for: tls-maxphys
Changes since 1.9: +10 -3
lines
Diff to previous 1.9 (colored)
teach npf ipv6-icmp reviewed by rmind@
Revision 1.9 / (download) - annotate - [select for diffs], Sun Jul 1 23:21:06 2012 UTC (10 months, 2 weeks ago) by rmind
Branch: MAIN
Changes since 1.8: +10 -2
lines
Diff to previous 1.8 (colored)
NPF improvements: - Add NPF_OPCODE_PROTO to match the address and/or protocol only. - Update parser to support arbitrary "pass proto <name/number>". - Fix IPv6 address and protocol handling (add a regression test). - Fix few theorethical races in session handling module. - Misc fixes, simplifications and some clean up.
Revision 1.8 / (download) - annotate - [select for diffs], Fri Jun 15 23:24:08 2012 UTC (11 months ago) by rmind
Branch: MAIN
Changes since 1.7: +6 -5
lines
Diff to previous 1.7 (colored)
- Rework NPF NAT syntax to be more structured and support future additions of different types and configurations of NAT. - npfctl: improve disassemble and show-config command functionality. - Fix custom ICMP code and type filtering.
Revision 1.7 / (download) - annotate - [select for diffs], Sat Apr 14 19:01:21 2012 UTC (13 months ago) by rmind
Branch: MAIN
CVS Tags: yamt-pagecache-base5,
yamt-pagecache-base4,
jmcneill-usbmp-base9,
jmcneill-usbmp-base10
Changes since 1.6: +2 -2
lines
Diff to previous 1.6 (colored)
Update rumpdev_npf; use WARNS=4.
Revision 1.6 / (download) - annotate - [select for diffs], Sat Mar 10 22:22:38 2012 UTC (14 months, 1 week ago) by christos
Branch: MAIN
CVS Tags: jmcneill-usbmp-base8,
jmcneill-usbmp-base7
Changes since 1.5: +235 -2
lines
Diff to previous 1.5 (colored)
definitions used by the disassembler.
Revision 1.5 / (download) - annotate - [select for diffs], Fri Nov 4 01:00:27 2011 UTC (18 months, 2 weeks ago) by zoltan
Branch: MAIN
CVS Tags: yamt-pagecache-base3,
yamt-pagecache-base2,
netbsd-6-base,
jmcneill-usbmp-pre-base2,
jmcneill-usbmp-base6,
jmcneill-usbmp-base5,
jmcneill-usbmp-base4,
jmcneill-usbmp-base3,
jmcneill-usbmp-base2,
jmcneill-usbmp-base,
jmcneill-audiomp3-base,
jmcneill-audiomp3
Branch point for: netbsd-6,
jmcneill-usbmp
Changes since 1.4: +3 -2
lines
Diff to previous 1.4 (colored)
Add IPv6 support for NPF.
Revision 1.4 / (download) - annotate - [select for diffs], Sat Dec 18 01:07:25 2010 UTC (2 years, 5 months ago) by rmind
Branch: MAIN
CVS Tags: yamt-pagecache-base,
rmind-uvmplock-nbase,
rmind-uvmplock-base,
matt-mips64-premerge-20101231,
jruoho-x86intr-base,
jruoho-x86intr,
cherry-xenmp-base,
cherry-xenmp,
bouyer-quota2-nbase,
bouyer-quota2-base,
bouyer-quota2
Branch point for: yamt-pagecache,
rmind-uvmplock
Changes since 1.3: +15 -4
lines
Diff to previous 1.3 (colored)
NPF checkpoint: - Add support for session saving/restoring. - Add packet logging support (can tcpdump a pseudo-interface). - Support reload without flushing of sessions; rework some locking. - Revisit session mangement, replace linking with npf_sentry_t entries. - Add some counters for statistics, using percpu(9). - Add IP_DF flag cleansing. - Fix various bugs; misc clean-up.
Revision 1.3 / (download) - annotate - [select for diffs], Thu Nov 11 06:30:39 2010 UTC (2 years, 6 months ago) by rmind
Branch: MAIN
Changes since 1.2: +9 -4
lines
Diff to previous 1.2 (colored)
NPF checkpoint: - Add proper TCP state tracking as described in Guido van Rooij paper, plus handle TCP Window Scaling option. - Completely rework npf_cache_t, reduce granularity, simplify code. - Add npf_addr_t as an abstraction, amend session handling code, as well as NAT code et al, to use it. Now design is prepared for IPv6 support. - Handle IPv4 fragments i.e. perform packet reassembly. - Add support for IPv4 ID randomization and minimum TTL enforcement. - Add support for TCP MSS "clamping". - Random bits for IPv6. Various fixes and clean-up.
Revision 1.2 / (download) - annotate - [select for diffs], Thu Sep 16 04:53:27 2010 UTC (2 years, 8 months ago) by rmind
Branch: MAIN
CVS Tags: yamt-nfs-mp-base11,
uebayasi-xip-base4,
uebayasi-xip-base3
Branch point for: yamt-nfs-mp,
uebayasi-xip
Changes since 1.1: +2 -1
lines
Diff to previous 1.1 (colored)
NPF checkpoint: - Add support for bi-directional NAT and redirection / port forwarding. - Finish filtering on ICMP type/code and add filtering on TCP flags. - Add support for TCP reset (RST) or ICMP destination unreachable on block. - Fix a bunch of bugs; misc cleanup.
Revision 1.1 / (download) - annotate - [select for diffs], Sun Aug 22 18:56:22 2010 UTC (2 years, 8 months ago) by rmind
Branch: MAIN
Import NPF - a packet filter. Some features: - Designed to be fully MP-safe and highly efficient. - Tables/IP sets (hash or red-black tree) for high performance lookups. - Stateful filtering and Network Address Port Translation (NAPT). Framework for application level gateways (ALGs). - Packet inspection engine called n-code processor - inspired by BPF - supporting generic RISC-like and specific CISC-like instructions for common patterns (e.g. IPv4 address matching). See npf_ncode(9) manual. - Convenient userland utility npfctl(8) with npf.conf(8). NOTE: This is not yet a fully capable alternative to PF or IPFilter. Further work (support for binat/rdr, return-rst/return-icmp, common ALGs, state saving/restoring, logging, etc) is in progress. Thanks a lot to Matt Thomas for various useful comments and code review. Aye by: board@