The NetBSD Project

CVS log for src/sys/net/npf/npf_rproc.c

[BACK] Up to [cvs.NetBSD.org] / src / sys / net / npf

Request diff between arbitrary revisions


Default branch: MAIN


Revision 1.22 / (download) - annotate - [select for diffs], Sat Apr 9 23:38:33 2022 UTC (9 months, 3 weeks ago) by riastradh
Branch: MAIN
CVS Tags: netbsd-10-base, netbsd-10, bouyer-sunxi-drm-base, bouyer-sunxi-drm, HEAD
Changes since 1.21: +3 -3 lines
Diff to previous 1.21 (colored)

sys: Use membar_release/acquire around reference drop.

This just goes through my recent reference count membar audit and
changes membar_exit to membar_release and membar_enter to
membar_acquire -- this should make everything cheaper on most CPUs
without hurting correctness, because membar_acquire is generally
cheaper than membar_enter.

Revision 1.21 / (download) - annotate - [select for diffs], Sat Mar 12 15:32:32 2022 UTC (10 months, 3 weeks ago) by riastradh
Branch: MAIN
Changes since 1.20: +7 -1 lines
Diff to previous 1.20 (colored)

sys: Membar audit around reference count releases.

If two threads are using an object that is freed when the reference
count goes to zero, we need to ensure that all memory operations
related to the object happen before freeing the object.

Using an atomic_dec_uint_nv(&refcnt) == 0 ensures that only one
thread takes responsibility for freeing, but it's not enough to
ensure that the other thread's memory operations happen before the
freeing.

Consider:

	  Thread A			  Thread B
	obj->foo = 42;			obj->baz = 73;
	mumble(&obj->bar);		grumble(&obj->quux);
	/* membar_exit(); */		/* membar_exit(); */
	atomic_dec -- not last		atomic_dec -- last
					/* membar_enter(); */
					KASSERT(invariant(obj->foo,
					    obj->bar));
					free_stuff(obj);

The memory barriers ensure that

	obj->foo = 42;
	mumble(&obj->bar);

in thread A happens before

	KASSERT(invariant(obj->foo, obj->bar));
	free_stuff(obj);

in thread B.  Without them, this ordering is not guaranteed.

So in general it is necessary to do

	membar_exit();
	if (atomic_dec_uint_nv(&obj->refcnt) != 0)
		return;
	membar_enter();

to release a reference, for the `last one out hit the lights' style
of reference counting.  (This is in contrast to the style where one
thread blocks new references and then waits under a lock for existing
ones to drain with a condvar -- no membar needed thanks to mutex(9).)

I searched for atomic_dec to find all these.  Obviously we ought to
have a better abstraction for this because there's so much copypasta.
This is a stop-gap measure to fix actual bugs until we have that.  It
would be nice if an abstraction could gracefully handle the different
styles of reference counting in use -- some years ago I drafted an
API for this, but making it cover everything got a little out of hand
(particularly with struct vnode::v_usecount) and I ended up setting
it aside to work on psref/localcount instead for better scalability.

I got bored of adding #ifdef __HAVE_ATOMIC_AS_MEMBAR everywhere, so I
only put it on things that look performance-critical on 5sec review.
We should really adopt membar_enter_preatomic/membar_exit_postatomic
or something (except they are applicable only to atomic r/m/w, not to
atomic_load/store_*, making the naming annoying) and get rid of all
the ifdefs.

Revision 1.19.2.1 / (download) - annotate - [select for diffs], Sat Jun 20 15:46:48 2020 UTC (2 years, 7 months ago) by martin
Branch: netbsd-9
CVS Tags: netbsd-9-3-RELEASE, netbsd-9-2-RELEASE, netbsd-9-1-RELEASE
Changes since 1.19: +10 -9 lines
Diff to previous 1.19 (colored) next main 1.20 (colored)

Pull up following revision(s) (requested by rmind in ticket #956):

	usr.sbin/npf/npf-params.7: revision 1.4
	sys/net/npf/npf_worker.c: revision 1.9
	usr.sbin/npf/npftest/npftest.h: revision 1.17
	usr.sbin/npf/npfctl/npf_bpf_comp.c: revision 1.16
	usr.sbin/npf/npf-params.7: revision 1.5
	sys/net/npf/npf_state_tcp.c: revision 1.21
	usr.sbin/npf/npfctl/npf_build.c: revision 1.55
	usr.sbin/npf/npf-params.7: revision 1.6
	sys/net/npf/npfkern.h: revision 1.5
	lib/libnpf/npf.c: revision 1.49
	usr.sbin/npf/npf-params.7: revision 1.7
	sys/net/npf/npf_impl.h: revision 1.81
	sys/net/npf/npf_ext_log.c: revision 1.17
	usr.sbin/npf/npfctl/npfctl.h: revision 1.53
	usr.sbin/npf/npftest/libnpftest/npf_mbuf_subr.c: revision 1.11
	sys/net/npf/npf_nat.c: revision 1.50
	sys/net/npf/npf_mbuf.c: revision 1.24
	sys/net/npf/npf_alg.c: revision 1.22
	usr.sbin/npf/npftest/libnpftest/npf_nat_test.c: revision 1.14
	usr.sbin/npf/npftest/libnpftest/npf_conn_test.c: file removal
	usr.sbin/npf/npftest/libnpftest/npf_state_test.c: revision 1.10
	sys/net/npf/npf.h: revision 1.63
	usr.sbin/npf/npftest/libnpftest/npf_test.h: revision 1.21
	usr.sbin/npf/npfctl/npf_var.c: revision 1.13
	sys/net/npf/files.npf: revision 1.23
	usr.sbin/npf/npfctl/npf_show.c: revision 1.32
	usr.sbin/npf/npfctl/npf.conf.5: revision 1.91
	sys/net/npf/npf_os.c: revision 1.18
	sys/net/npf/npf_connkey.c: revision 1.2
	sys/net/npf/npf_conf.c: revision 1.17
	lib/libnpf/libnpf.3: revision 1.12
	usr.sbin/npf/npftest/npftest.c: revision 1.25
	usr.sbin/npf/npftest/libnpftest/npf_gc_test.c: revision 1.1
	usr.sbin/npf/npfctl/npf_parse.y: revision 1.51
	sys/net/npf/npf_tableset.c: revision 1.35
	usr.sbin/npf/npftest/npftest.conf: revision 1.9
	sys/net/npf/npf_sendpkt.c: revision 1.22
	usr.sbin/npf/npfctl/npf_var.h: revision 1.10
	sys/net/npf/npf_state.c: revision 1.23
	sys/net/npf/npf_conn.h: revision 1.20
	usr.sbin/npf/npfctl/npfctl.c: revision 1.64
	usr.sbin/npf/npfctl/npf_cmd.c: revision 1.1
	sys/net/npf/npf_portmap.c: revision 1.5
	sys/net/npf/npf_params.c: revision 1.3
	usr.sbin/npf/npfctl/npf_scan.l: revision 1.32
	tests/net/npf/t_npf.sh: revision 1.4
	sys/net/npf/npf_ext_rndblock.c: revision 1.9
	lib/libnpf/npf.h: revision 1.39
	sys/net/npf/npf_ruleset.c: revision 1.51
	sys/net/npf/npf_alg_icmp.c: revision 1.33
	sys/net/npf/npf.c: revision 1.43
	usr.sbin/npf/npftest/libnpftest/npf_test_subr.c: revision 1.17
	usr.sbin/npf/npfctl/npfctl.8: revision 1.25
	sys/net/npf/npf_ctl.c: revision 1.60
	usr.sbin/npf/npftest/libnpftest/npf_test_subr.c: revision 1.18
	usr.sbin/npf/npftest/libnpftest/Makefile: revision 1.11
	sys/net/npf/npf_handler.c: revision 1.49
	sys/net/npf/npf_inet.c: revision 1.57
	sys/net/npf/npf_ifaddr.c: revision 1.7
	sys/net/npf/npf_conndb.c: revision 1.9
	sys/net/npf/npf_if.c: revision 1.13
	usr.sbin/npf/npfctl/Makefile: revision 1.15
	sys/net/npf/npf_conn.c: revision 1.32
	sys/net/npf/npf_ext_normalize.c: revision 1.10
	sys/net/npf/npf_rproc.c: revision 1.20
	sys/net/npf/npf_worker.c: revision 1.8

Major NPF improvements (merge from upstream):
- Switch to the C11-style atomic primitives using atomic_loadstore(9).
- npfkern: introduce the 'state.key.interface' and 'state.key.direction'
  settings.  Users can now choose whether the connection state should be
  strictly per-interface or global at the configuration level.  Keep NAT
  logic to be always per-interface, though.
- npfkern: rewrite the G/C worker logic and make it self-tuning.
- npfkern and libnpf: multiple bug fixes; add param exporting; introduce
  more parameters.  Remove npf_nvlist_{copyin,copyout}() functions and
  refactor npfctl_load_nvlist() with others; add npfctl_run_op() to have
  a single entry point for operations.  Introduce npf_flow_t and clean up
  some code.
- npfctl: lots of fixes for the 'npfctl show' logic; make 'npfctl list'
  more informative; misc usability improvements and more user-friendly
  error messages.
- Amend and improve the manual pages.

npf_worker_sys{init,fini}: initialize/destroy the exit_cv condvar.

npftest -- npf_test_init(): add a workaround for NetBSD.

npf-params(7): fix the state.key defaults.

npf-params.7: s/filer/filter/

Adjust to "npfctl debug" command line changes, from rmind@.

Use more markup.

Revision 1.20 / (download) - annotate - [select for diffs], Sat May 30 14:16:56 2020 UTC (2 years, 8 months ago) by rmind
Branch: MAIN
CVS Tags: thorpej-i2c-spi-conf2-base, thorpej-i2c-spi-conf2, thorpej-i2c-spi-conf-base, thorpej-i2c-spi-conf, thorpej-futex2-base, thorpej-futex2, thorpej-futex-base, thorpej-futex, thorpej-cfargs2-base, thorpej-cfargs2, thorpej-cfargs-base, thorpej-cfargs, cjep_sun2x-base1, cjep_sun2x-base, cjep_sun2x, cjep_staticlib_x-base1, cjep_staticlib_x-base, cjep_staticlib_x
Changes since 1.19: +9 -8 lines
Diff to previous 1.19 (colored)

Major NPF improvements (merge from upstream):

- Switch to the C11-style atomic primitives using atomic_loadstore(9).

- npfkern: introduce the 'state.key.interface' and 'state.key.direction'
  settings.  Users can now choose whether the connection state should be
  strictly per-interface or global at the configuration level.  Keep NAT
  logic to be always per-interface, though.

- npfkern: rewrite the G/C worker logic and make it self-tuning.

- npfkern and libnpf: multiple bug fixes; add param exporting; introduce
  more parameters.  Remove npf_nvlist_{copyin,copyout}() functions and
  refactor npfctl_load_nvlist() with others; add npfctl_run_op() to have
  a single entry point for operations.  Introduce npf_flow_t and clean up
  some code.

- npfctl: lots of fixes for the 'npfctl show' logic; make 'npfctl list'
  more informative; misc usability improvements and more user-friendly
  error messages.

- Amend and improve the manual pages.

Revision 1.19 / (download) - annotate - [select for diffs], Tue Jul 23 00:52:01 2019 UTC (3 years, 6 months ago) by rmind
Branch: MAIN
CVS Tags: phil-wifi-20200421, phil-wifi-20200411, phil-wifi-20200406, phil-wifi-20191119, netbsd-9-base, netbsd-9-0-RELEASE, netbsd-9-0-RC2, netbsd-9-0-RC1, is-mlppp-base, is-mlppp, bouyer-xenpvh-base2, bouyer-xenpvh-base1, bouyer-xenpvh-base, bouyer-xenpvh, ad-namecache-base3, ad-namecache-base2, ad-namecache-base1, ad-namecache-base, ad-namecache
Branch point for: netbsd-9
Changes since 1.18: +0 -0 lines
Diff to previous 1.18 (colored)

NPF improvements:
- Add support for dynamic NETMAP algorithm (stateful net-to-net).
- Add most of the support for the dynamic NAT rules; a little bit more
  userland work is needed to finish this up and enable.
- Replace 'stateful-ends' with more permissive 'stateful-all'.
- Add various tunable parameters and document them, see npf-params(7).
- Reduce the memory usage of the connection state table (conndb).
- Portmap rewrite: use memory more efficiently, handle addresses dynamically.
- Bug fix: add splsoftnet()/splx() around the thmap writers and comment.
- npftest: clean up and simplify; fix some memleaks to make ASAN happy.

Revision 1.16.14.1 / (download) - annotate - [select for diffs], Mon Jun 10 22:09:46 2019 UTC (3 years, 7 months ago) by christos
Branch: phil-wifi
Changes since 1.16: +18 -16 lines
Diff to previous 1.16 (colored) next main 1.17 (colored)

Sync with HEAD

Revision 1.18 / (download) - annotate - [select for diffs], Thu Apr 11 14:38:06 2019 UTC (3 years, 9 months ago) by kamil
Branch: MAIN
CVS Tags: phil-wifi-20190609, isaki-audio2-base, isaki-audio2
Changes since 1.17: +1 -1 lines
Diff to previous 1.17 (colored)

Fix CVS Id usage

Revision 1.16.12.1 / (download) - annotate - [select for diffs], Sun Sep 30 01:45:56 2018 UTC (4 years, 4 months ago) by pgoyette
Branch: pgoyette-compat
CVS Tags: pgoyette-compat-merge-20190127
Changes since 1.16: +17 -15 lines
Diff to previous 1.16 (colored) next main 1.17 (colored)

Ssync with HEAD

Revision 1.17 / (download) - annotate - [select for diffs], Sat Sep 29 14:41:36 2018 UTC (4 years, 4 months ago) by rmind
Branch: MAIN
CVS Tags: pgoyette-compat-20190127, pgoyette-compat-20190118, pgoyette-compat-1226, pgoyette-compat-1126, pgoyette-compat-1020, pgoyette-compat-0930
Changes since 1.16: +17 -15 lines
Diff to previous 1.16 (colored)

NPF: Major rework -- migrate NPF to the libnv library.
- This conversion significantly simplifies the code and moves NPF to
  a binary serialisation format (replacing the XML-like format).
- Fix some memory/reference leaks and possibly use-after-free bugs.
- Bump NPF_VERSION as this change makes libnpf incompatible with the
  previous versions.  Also, different serialisation format means NPF
  connection/config saving and loading is not compatible with the
  previous versions either.

Thanks to christos@ for extra testing.

Revision 1.2.4.5 / (download) - annotate - [select for diffs], Sun Dec 3 11:39:03 2017 UTC (5 years, 1 month ago) by jdolecek
Branch: tls-maxphys
Changes since 1.2.4.4: +43 -31 lines
Diff to previous 1.2.4.4 (colored) to branchpoint 1.2 (colored) next main 1.3 (colored)

update from HEAD

Revision 1.15.2.1 / (download) - annotate - [select for diffs], Fri Apr 21 16:54:05 2017 UTC (5 years, 9 months ago) by bouyer
Branch: bouyer-socketcan
Changes since 1.15: +4 -3 lines
Diff to previous 1.15 (colored) next main 1.16 (colored)

Sync with HEAD

Revision 1.12.8.2 / (download) - annotate - [select for diffs], Mon Mar 20 06:57:50 2017 UTC (5 years, 10 months ago) by pgoyette
Branch: pgoyette-localcount
Changes since 1.12.8.1: +4 -3 lines
Diff to previous 1.12.8.1 (colored) to branchpoint 1.12 (colored) next main 1.13 (colored)

Sync with HEAD

Revision 1.12.4.1 / (download) - annotate - [select for diffs], Sun Feb 5 13:40:58 2017 UTC (5 years, 11 months ago) by skrll
Branch: nick-nhusb
Changes since 1.12: +44 -32 lines
Diff to previous 1.12 (colored) next main 1.13 (colored)

Sync with HEAD

Revision 1.16 / (download) - annotate - [select for diffs], Sun Jan 29 00:15:54 2017 UTC (6 years ago) by christos
Branch: MAIN
CVS Tags: tls-maxphys-base-20171202, prg-localcount2-base3, prg-localcount2-base2, prg-localcount2-base1, prg-localcount2-base, prg-localcount2, phil-wifi-base, pgoyette-localcount-20170426, pgoyette-localcount-20170320, pgoyette-compat-base, pgoyette-compat-0906, pgoyette-compat-0728, pgoyette-compat-0625, pgoyette-compat-0521, pgoyette-compat-0502, pgoyette-compat-0422, pgoyette-compat-0415, pgoyette-compat-0407, pgoyette-compat-0330, pgoyette-compat-0322, pgoyette-compat-0315, perseant-stdc-iso10646-base, perseant-stdc-iso10646, nick-nhusb-base-20170825, nick-nhusb-base-20170204, netbsd-8-base, netbsd-8-2-RELEASE, netbsd-8-1-RELEASE, netbsd-8-1-RC1, netbsd-8-0-RELEASE, netbsd-8-0-RC2, netbsd-8-0-RC1, netbsd-8, matt-nb8-mediatek-base, matt-nb8-mediatek, jdolecek-ncq-base, jdolecek-ncq, bouyer-socketcan-base1
Branch point for: phil-wifi, pgoyette-compat
Changes since 1.15: +4 -3 lines
Diff to previous 1.15 (colored)

- Increase copyin buffer size to 4M
- Change log output format to be like the OpenBSD's pf including in
  the header the matching rule etc, and fill in the matching info.

Revision 1.12.8.1 / (download) - annotate - [select for diffs], Sat Jan 7 08:56:50 2017 UTC (6 years ago) by pgoyette
Branch: pgoyette-localcount
Changes since 1.12: +41 -30 lines
Diff to previous 1.12 (colored)

Sync with HEAD.  (Note that most of these changes are simply $NetBSD$
tag issues.)

Revision 1.15 / (download) - annotate - [select for diffs], Wed Dec 28 21:55:04 2016 UTC (6 years, 1 month ago) by christos
Branch: MAIN
CVS Tags: pgoyette-localcount-20170107, bouyer-socketcan-base
Branch point for: bouyer-socketcan
Changes since 1.14: +10 -1 lines
Diff to previous 1.14 (colored)

export rprocs too so we don't lose them.

Revision 1.14 / (download) - annotate - [select for diffs], Mon Dec 26 23:05:06 2016 UTC (6 years, 1 month ago) by christos
Branch: MAIN
Changes since 1.13: +29 -29 lines
Diff to previous 1.13 (colored)

Sync NPF with the version on github: backport standalone NPF changes,
which allow us to create and run separate NPF instances. Minor fixes.
(from rmind@)

Revision 1.13 / (download) - annotate - [select for diffs], Sat Dec 10 19:02:18 2016 UTC (6 years, 1 month ago) by christos
Branch: MAIN
Changes since 1.12: +3 -1 lines
Diff to previous 1.12 (colored)

Add missing extcalls array. This is currently a no-op, but this is what
userland does too. Allows npfctl save; npfctl load to work again.

Revision 1.2.4.4 / (download) - annotate - [select for diffs], Wed Aug 20 00:04:35 2014 UTC (8 years, 5 months ago) by tls
Branch: tls-maxphys
Changes since 1.2.4.3: +26 -6 lines
Diff to previous 1.2.4.3 (colored) to branchpoint 1.2 (colored)

Rebase to HEAD as of a few days ago.

Revision 1.12 / (download) - annotate - [select for diffs], Mon Aug 11 01:54:12 2014 UTC (8 years, 5 months ago) by rmind
Branch: MAIN
CVS Tags: tls-maxphys-base, pgoyette-localcount-base, pgoyette-localcount-20161104, pgoyette-localcount-20160806, pgoyette-localcount-20160726, nick-nhusb-base-20161204, nick-nhusb-base-20161004, nick-nhusb-base-20160907, nick-nhusb-base-20160529, nick-nhusb-base-20160422, nick-nhusb-base-20160319, nick-nhusb-base-20151226, nick-nhusb-base-20150921, nick-nhusb-base-20150606, nick-nhusb-base-20150406, nick-nhusb-base, netbsd-7-nhusb-base-20170116, netbsd-7-nhusb-base, netbsd-7-nhusb, netbsd-7-base, netbsd-7-2-RELEASE, netbsd-7-1-RELEASE, netbsd-7-1-RC2, netbsd-7-1-RC1, netbsd-7-1-2-RELEASE, netbsd-7-1-1-RELEASE, netbsd-7-1, netbsd-7-0-RELEASE, netbsd-7-0-RC3, netbsd-7-0-RC2, netbsd-7-0-RC1, netbsd-7-0-2-RELEASE, netbsd-7-0-1-RELEASE, netbsd-7-0, netbsd-7, localcount-20160914
Branch point for: pgoyette-localcount, nick-nhusb
Changes since 1.11: +17 -1 lines
Diff to previous 1.11 (colored)

NPF: finish up the rework of npfctl_save() mechanism.

Revision 1.9.10.1 / (download) - annotate - [select for diffs], Sun Aug 10 06:56:16 2014 UTC (8 years, 5 months ago) by tls
Branch: tls-earlyentropy
Changes since 1.9: +11 -7 lines
Diff to previous 1.9 (colored) next main 1.10 (colored)

Rebase.

Revision 1.11 / (download) - annotate - [select for diffs], Sun Jul 20 00:37:41 2014 UTC (8 years, 6 months ago) by rmind
Branch: MAIN
CVS Tags: tls-earlyentropy-base
Changes since 1.10: +6 -6 lines
Diff to previous 1.10 (colored)

NPF: add nbuf_t * into npf_cache_t and remove unnecessary carrying by argument.

Revision 1.2.2.5 / (download) - annotate - [select for diffs], Thu May 22 11:41:09 2014 UTC (8 years, 8 months ago) by yamt
Branch: yamt-pagecache
Changes since 1.2.2.4: +84 -12 lines
Diff to previous 1.2.2.4 (colored) to branchpoint 1.2 (colored) next main 1.3 (colored)

sync with head.

for a reference, the tree before this commit was tagged
as yamt-pagecache-tag8.

this commit was splitted into small chunks to avoid
a limitation of cvs.  ("Protocol error: too many arguments")

Revision 1.10 / (download) - annotate - [select for diffs], Mon May 19 18:45:51 2014 UTC (8 years, 8 months ago) by jakllsch
Branch: MAIN
Changes since 1.9: +7 -3 lines
Diff to previous 1.9 (colored)

Add ability to have mbufs disappear (to another interface) during
npf_rproc_run().  For upcoming npf_ext_route extension.

Guidance and ok by rmind@.

Revision 1.2.4.3 / (download) - annotate - [select for diffs], Sun Jun 23 06:20:25 2013 UTC (9 years, 7 months ago) by tls
Branch: tls-maxphys
Changes since 1.2.4.2: +26 -7 lines
Diff to previous 1.2.4.2 (colored) to branchpoint 1.2 (colored)

resync from head

Revision 1.9 / (download) - annotate - [select for diffs], Mon Mar 11 01:56:37 2013 UTC (9 years, 10 months ago) by christos
Branch: MAIN
CVS Tags: yamt-pagecache-base9, rmind-smpnet-nbase, rmind-smpnet-base, rmind-smpnet, riastradh-xf86-video-intel-2-7-1-pre-2-21-15, riastradh-drm2-base3, riastradh-drm2-base2, riastradh-drm2-base1, riastradh-drm2-base, riastradh-drm2, khorben-n900, agc-symver-base, agc-symver
Branch point for: tls-earlyentropy
Changes since 1.8: +8 -8 lines
Diff to previous 1.8 (colored)

prevent the lookup function from autoloading recursively.

Revision 1.8 / (download) - annotate - [select for diffs], Mon Mar 11 01:43:50 2013 UTC (9 years, 10 months ago) by christos
Branch: MAIN
Changes since 1.7: +22 -16 lines
Diff to previous 1.7 (colored)

move the module loading in the correct place.

Revision 1.7 / (download) - annotate - [select for diffs], Sun Mar 10 20:51:44 2013 UTC (9 years, 10 months ago) by christos
Branch: MAIN
Changes since 1.6: +15 -2 lines
Diff to previous 1.6 (colored)

Split the npflog cloner and auto-load the extensions.

Revision 1.2.4.2 / (download) - annotate - [select for diffs], Mon Feb 25 00:30:03 2013 UTC (9 years, 11 months ago) by tls
Branch: tls-maxphys
Changes since 1.2.4.1: +64 -6 lines
Diff to previous 1.2.4.1 (colored) to branchpoint 1.2 (colored)

resync with head

Revision 1.1.2.4 / (download) - annotate - [select for diffs], Mon Feb 11 21:49:48 2013 UTC (9 years, 11 months ago) by riz
Branch: netbsd-6
CVS Tags: netbsd-6-1-RELEASE, netbsd-6-1-RC4, netbsd-6-1-RC3, netbsd-6-1-RC2, netbsd-6-1-RC1, netbsd-6-1-5-RELEASE, netbsd-6-1-4-RELEASE, netbsd-6-1-3-RELEASE, netbsd-6-1-2-RELEASE, netbsd-6-1-1-RELEASE, netbsd-6-1
Changes since 1.1.2.3: +59 -6 lines
Diff to previous 1.1.2.3 (colored) to branchpoint 1.1 (colored) next main 1.2 (colored)

Pull up following revision(s) (requested by rmind in ticket #817):
	usr.sbin/npf/npfctl/npfctl.8: revision 1.12
	usr.sbin/npf/npfctl/npf.conf.5: revision 1.27
	usr.sbin/npf/npfctl/npf_parse.y: revision 1.18
	usr.sbin/npf/npfctl/npf_build.c: revision 1.20
	usr.sbin/npf/npfctl/npfctl.c: revision 1.28
	lib/libnpf/npf.c: revision 1.16
	usr.sbin/npf/npfctl/npfctl.c: revision 1.29
	lib/libnpf/npf.c: revision 1.17
	sys/modules/npf/Makefile: revision 1.12
	sys/net/npf/npf_rproc.c: revision 1.6
	usr.sbin/npf/npftest/README: revision 1.4
	sys/net/npf/npf_tableset.c: revision 1.17
	sys/net/npf/npf_ctl.c: revision 1.21
	sys/net/npf/npf_ctl.c: revision 1.22
	usr.sbin/npf/npfctl/npfctl.h: revision 1.25
	lib/libnpf/npf.h: revision 1.13
	usr.sbin/npf/npftest/npftest.conf: revision 1.2
	usr.sbin/npf/npfctl/npfctl.h: revision 1.26
	sys/net/npf/npf_ruleset.c: revision 1.17
	lib/libnpf/npf.h: revision 1.14
	sys/net/npf/npf_ruleset.c: revision 1.18
	sys/net/npf/npf_conf.c: revision 1.1
	usr.sbin/npf/npfctl/npf_scan.l: revision 1.10
	sys/net/npf/npf_conf.c: revision 1.2
	sys/net/npf/npf_instr.c: revision 1.16
	sys/net/npf/npf_handler.c: revision 1.26
	sys/net/npf/npf_impl.h: revision 1.26
	usr.sbin/npf/npfctl/npf_disassemble.c: revision 1.14
	sys/net/npf/npf_processor.c: revision 1.15
	sys/net/npf/npf_impl.h: revision 1.27
	sys/net/npf/npf_alg_icmp.c: revision 1.15
	usr.sbin/npf/npfctl/npf_disassemble.c: revision 1.15
	usr.sbin/npf/npfctl/npf_disassemble.c: revision 1.16
	sys/net/npf/npf_ncode.h: revision 1.11
	sys/net/npf/files.npf: revision 1.10
	usr.sbin/npf/npftest/Makefile: revision 1.4
	usr.sbin/npf/npfctl/npfctl.c: revision 1.30
	lib/libnpf/npf.3: revision 1.8
	usr.sbin/npf/npftest/libnpftest/npf_rule_test.c: revision 1.4
	sys/net/npf/npf_session.c: revision 1.21
	usr.sbin/npf/npftest/libnpftest/npf_rule_test.c: revision 1.5
	usr.sbin/npf/npfctl/npf_build.c: revision 1.18
	usr.sbin/npf/npfctl/npf_build.c: revision 1.19
	sys/net/npf/npf_alg.c: revision 1.7
	usr.sbin/npf/npfctl/Makefile: revision 1.10
	sys/net/npf/npf_inet.c: revision 1.21
	sys/net/npf/npf.h: revision 1.26
	sys/net/npf/npf.h: revision 1.27
	usr.sbin/pf/ftp-proxy/Makefile: revision 1.8
	sys/net/npf/npf_nat.c: revision 1.19
	sys/net/npf/npf.c: revision 1.15
	sys/net/npf/npf_state.c: revision 1.14
	sys/net/npf/npf_sendpkt.c: revision 1.14
	sys/rump/net/lib/libnpf/Makefile: revision 1.4
IPv6 linklocal address printing cosmetics
NPF:
- Implement dynamic NPF rules.  Controlled through npf(3) library of via
  npfctl rule command.  A rule can be removed using a unique identifier,
  returned on addition, or using a key which is SHA1 hash of the rule.
  Adjust npftest and add a regression test.
- Improvements to rule inspection mechanism.
- Initial BPF support as an alternative to n-code.
- Minor fixes; bump the version.
Disable -DWITH_NPF for now; will be converted to BPF mechanism.
- Fix NPF config reload with dynamic rules present.
- Implement list and flush commands on a dynamic ruleset.
Allow filtering on IP addresses even if the L4 protocol is unknown.
Patch from spz@.
npftest: adjust for recent change.

Revision 1.6 / (download) - annotate - [select for diffs], Sat Feb 9 03:35:32 2013 UTC (9 years, 11 months ago) by rmind
Branch: MAIN
Changes since 1.5: +59 -6 lines
Diff to previous 1.5 (colored)

NPF:
- Implement dynamic NPF rules.  Controlled through npf(3) library of via
  npfctl rule command.  A rule can be removed using a unique identifier,
  returned on addition, or using a key which is SHA1 hash of the rule.
  Adjust npftest and add a regression test.
- Improvements to rule inspection mechanism.
- Initial BPF support as an alternative to n-code.
- Minor fixes; bump the version.

Revision 1.1.2.3 / (download) - annotate - [select for diffs], Fri Feb 8 19:18:09 2013 UTC (9 years, 11 months ago) by riz
Branch: netbsd-6
Changes since 1.1.2.2: +6 -1 lines
Diff to previous 1.1.2.2 (colored) to branchpoint 1.1 (colored)

Pull up following revision(s) (requested by rmind in ticket #777):
	usr.sbin/npf/npfctl/npfctl.c: revision 1.27
	sys/net/npf/npf_session.c: revision 1.19
	usr.sbin/npf/npftest/libnpftest/npf_mbuf_subr.c: revision 1.4
	sys/net/npf/npf_rproc.c: revision 1.5
	usr.sbin/npf/npftest/README: revision 1.3
	sys/sys/mbuf.h: revision 1.151
	sys/net/npf/npf_ruleset.c: revision 1.15
	usr.sbin/npf/npftest/libnpftest/npf_nbuf_test.c: revision 1.3
	sys/net/npf/npf_ruleset.c: revision 1.16
	usr.sbin/npf/npftest/libnpftest/npf_state_test.c: revision 1.4
	usr.sbin/npf/npftest/libnpftest/npf_nbuf_test.c: revision 1.4
	sys/net/npf/npf_inet.c: revision 1.19
	sys/net/npf/npf_instr.c: revision 1.15
	sys/net/npf/npf_handler.c: revision 1.24
	sys/net/npf/npf_handler.c: revision 1.25
	sys/net/npf/npf_state_tcp.c: revision 1.12
	sys/net/npf/npf_processor.c: revision 1.13
	sys/net/npf/npf_impl.h: revision 1.25
	sys/net/npf/npf_processor.c: revision 1.14
	sys/net/npf/npf_mbuf.c: revision 1.10
	sys/net/npf/npf_alg_icmp.c: revision 1.14
	sys/net/npf/npf_mbuf.c: revision 1.9
	usr.sbin/npf/npftest/libnpftest/npf_nat_test.c: revision 1.2
	usr.sbin/npf/npftest/libnpftest/npf_rule_test.c: revision 1.3
	sys/net/npf/npf_session.c: revision 1.20
	sys/net/npf/npf_alg.c: revision 1.6
	sys/kern/uipc_mbuf.c: revision 1.148
	sys/net/npf/npf_inet.c: revision 1.20
	sys/net/npf/npf.h: revision 1.25
	sys/net/npf/npf_nat.c: revision 1.18
	sys/net/npf/npf_state.c: revision 1.13
	sys/net/npf/npf_sendpkt.c: revision 1.13
	sys/net/npf/npf_ext_log.c: revision 1.2
	usr.sbin/npf/npftest/libnpftest/npf_processor_test.c: revision 1.4
	sys/net/npf/npf_ext_normalise.c: revision 1.2
- Rework NPF's nbuf interface: use advancing and ensuring as a main method.
  Eliminate unnecessary copy and simplify.  Adapt regression tests.
- Simplify ICMP ALG a little.  While here, handle ICMP ECHO for traceroute.
- Minor fixes, misc cleanup.
Silence gcc in npf_recache().
Add m_ensure_contig() routine, which is equivalent to m_pullup, but does not
destroy the mbuf chain on failure (it is kept valid).
- nbuf_ensure_contig: rework to use m_ensure_contig(9), which will not free
  the mbuf chain on failure.  Fixes some corner cases.  Improve regression
  test and sprinkle some asserts.
- npf_reassembly: clear nbuf on IPv6 reassembly failure path (partial fix).
  The problem was found and fix provided by Anthony Mallet.

Revision 1.2.2.4 / (download) - annotate - [select for diffs], Wed Jan 23 00:06:25 2013 UTC (10 years ago) by yamt
Branch: yamt-pagecache
CVS Tags: yamt-pagecache-tag8
Changes since 1.2.2.3: +6 -1 lines
Diff to previous 1.2.2.3 (colored) to branchpoint 1.2 (colored)

sync with head

Revision 1.5 / (download) - annotate - [select for diffs], Sun Jan 20 18:45:56 2013 UTC (10 years ago) by rmind
Branch: MAIN
CVS Tags: yamt-pagecache-base8
Changes since 1.4: +6 -1 lines
Diff to previous 1.4 (colored)

- nbuf_ensure_contig: rework to use m_ensure_contig(9), which will not free
  the mbuf chain on failure.  Fixes some corner cases.  Improve regression
  test and sprinkle some asserts.
- npf_reassembly: clear nbuf on IPv6 reassembly failure path (partial fix).
  The problem was found and fix provided by Anthony Mallet.

Revision 1.2.4.1 / (download) - annotate - [select for diffs], Tue Nov 20 03:02:47 2012 UTC (10 years, 2 months ago) by tls
Branch: tls-maxphys
Changes since 1.2: +187 -44 lines
Diff to previous 1.2 (colored)

Resync to 2012-11-19 00:00:00 UTC

Revision 1.1.2.2 / (download) - annotate - [select for diffs], Sun Nov 18 22:38:25 2012 UTC (10 years, 2 months ago) by riz
Branch: netbsd-6
Changes since 1.1.2.1: +187 -44 lines
Diff to previous 1.1.2.1 (colored) to branchpoint 1.1 (colored)

Pull up following revision(s) (requested by rmind in ticket #693):
	lib/npf/ext_normalise/shlib_version: revision 1.1
	lib/libnpf/npf.c: revision 1.13
	distrib/sets/lists/modules/mi: revision 1.48
	sys/net/npf/npf_rproc.c: revision 1.3
	sys/net/npf/npf_rproc.c: revision 1.4
	sys/modules/npf/Makefile: revision 1.11
	usr.sbin/npf/npfctl/npfctl.h: revision 1.20
	lib/npf/ext_log/npfext_log.c: revision 1.1
	lib/libnpf/npf.h: revision 1.11
	sys/net/npf/npf_inet.c: revision 1.17
	sys/net/npf/npf_log.c: file removal
	sys/net/npf/npf_handler.c: revision 1.22
	distrib/sets/lists/base/shl.mi: revision 1.636
	sys/net/npf/npf_impl.h: revision 1.23
	usr.sbin/npf/npfctl/Makefile: revision 1.8
	lib/npf/Makefile: revision 1.1
	lib/npf/ext_log/shlib_version: revision 1.1
	lib/Makefile: revision 1.189
	distrib/sets/lists/comp/shl.mi: revision 1.236
	usr.sbin/npf/npfctl/npf_build.c: revision 1.14
	distrib/sets/lists/base/mi: revision 1.1007
	usr.sbin/npf/npfctl/npf_scan.l: revision 1.6
	distrib/sets/lists/base/mi: revision 1.1009
	sys/net/npf/npf.h: revision 1.21
	lib/npf/ext_normalise/npfext_normalise.c: revision 1.1
	etc/mtree/NetBSD.dist.base: revision 1.105
	lib/libnpf/Makefile: revision 1.3
	etc/mtree/NetBSD.dist.base: revision 1.106
	usr.sbin/npf/npfctl/npf_extmod.c: revision 1.1
	sys/net/npf/npf_ctl.c: revision 1.18
	lib/npf/ext_log/Makefile: revision 1.1
	distrib/sets/lists/comp/mi: revision 1.1781
	usr.sbin/npf/npfctl/npf_var.h: revision 1.4
	sys/net/npf/npf.c: revision 1.13
	sys/modules/Makefile: revision 1.111
	sys/net/npf/npf_ext_log.c: revision 1.1
	lib/npf/Makefile.inc: revision 1.1
	sys/net/npf/npf_ext_normalise.c: revision 1.1
	sys/net/npf/files.npf: revision 1.8
	sys/rump/net/lib/libnpf/Makefile: revision 1.2
	sys/modules/npf_ext_log/Makefile: revision 1.1
	lib/npf/ext_normalise/Makefile: revision 1.1
	usr.sbin/npf/npfctl/npfctl.c: revision 1.20
	usr.sbin/npf/npfctl/npf_parse.y: revision 1.13
	sys/modules/npf_ext_normalise/Makefile: revision 1.1
Implement dynamic NPF extensions interface.  An extension consists of
dynamically loaded module (.so) supplementing npfctl(8) and a kernel
module.  Move normalisation and logging functionality into their own
extensions.  More improvements to come.
Add /usr/lib/npf.
Add ./usr/libdata/debug/usr/lib/npf for rmind
Fix MKDEBUG set lists
ext_ops does not change during the life cycle and can be fetched without
the mutex held. This avoids confusion in the compiler about an uninitialized
variable ext_ops.
ok rmind@

Revision 1.2.2.3 / (download) - annotate - [select for diffs], Tue Oct 30 17:22:44 2012 UTC (10 years, 3 months ago) by yamt
Branch: yamt-pagecache
Changes since 1.2.2.2: +187 -44 lines
Diff to previous 1.2.2.2 (colored) to branchpoint 1.2 (colored)

sync with head

Revision 1.4 / (download) - annotate - [select for diffs], Wed Oct 3 12:24:56 2012 UTC (10 years, 4 months ago) by mlelstv
Branch: MAIN
CVS Tags: yamt-pagecache-base7, yamt-pagecache-base6
Changes since 1.3: +5 -3 lines
Diff to previous 1.3 (colored)

ext_ops does not change during the life cycle and can be fetched without
the mutex held. This avoids confusion in the compiler about an uninitialized
variable ext_ops.
ok rmind@

Revision 1.3 / (download) - annotate - [select for diffs], Sun Sep 16 13:47:41 2012 UTC (10 years, 4 months ago) by rmind
Branch: MAIN
Changes since 1.2: +185 -44 lines
Diff to previous 1.2 (colored)

Implement dynamic NPF extensions interface.  An extension consists of
dynamically loaded module (.so) supplementing npfctl(8) and a kernel
module.  Move normalisation and logging functionality into their own
extensions.  More improvements to come.

Revision 1.2.2.2 / (download) - annotate - [select for diffs], Tue Apr 17 00:08:39 2012 UTC (10 years, 9 months ago) by yamt
Branch: yamt-pagecache
Changes since 1.2.2.1: +132 -0 lines
Diff to previous 1.2.2.1 (colored) to branchpoint 1.2 (colored)

sync with head

Revision 1.1.2.1 / (download) - annotate - [select for diffs], Tue Apr 3 17:22:52 2012 UTC (10 years, 10 months ago) by riz
Branch: netbsd-6
CVS Tags: netbsd-6-0-RELEASE, netbsd-6-0-RC2, netbsd-6-0-RC1, netbsd-6-0-6-RELEASE, netbsd-6-0-5-RELEASE, netbsd-6-0-4-RELEASE, netbsd-6-0-3-RELEASE, netbsd-6-0-2-RELEASE, netbsd-6-0-1-RELEASE, netbsd-6-0, matt-nb6-plus-nbase, matt-nb6-plus-base, matt-nb6-plus
Changes since 1.1: +3 -4 lines
Diff to previous 1.1 (colored)

Pull up following revision(s) (requested by rmind in ticket #158):
	sys/net/npf/npf_session.c: revision 1.12
	sys/net/npf/npf_tableset.c: revision 1.10
	sys/net/npf/npf_rproc.c: revision 1.2
	usr.sbin/npf/npfctl/npf_parse.y: revision 1.4
	sys/net/npf/npf_inet.c: revision 1.11
	sys/net/npf/npf.h: revision 1.15
	usr.sbin/npf/npfctl/npf_build.c: revision 1.5
	sys/net/npf/npf_ruleset.c: revision 1.11
	sys/net/npf/npf_instr.c: revision 1.10
	usr.sbin/npf/npfctl/Makefile: revision 1.6
	sys/net/npf/npf_processor.c: revision 1.10
	sys/net/npf/npf_log.c: revision 1.3
	lib/libnpf/npf.h: revision 1.7
	sys/net/npf/npf_alg.c: revision 1.3
	sys/net/npf/npf_sendpkt.c: revision 1.9
	lib/libnpf/npf.c: revision 1.8
	usr.sbin/npf/npfctl/npfctl.h: revision 1.13
	sys/net/npf/npf_ctl.c: revision 1.13
	usr.sbin/npf/npfctl/npf_ncgen.c: revision 1.8
	sys/net/npf/npf_ctl.c: revision 1.14
	sys/net/npf/npf_nat.c: revision 1.11
	sys/net/npf/npf_nat.c: revision 1.12
	sys/net/npf/npf_impl.h: revision 1.11
	usr.sbin/npf/npfctl/npf_disassemble.c: revision 1.1
	sys/net/npf/npf_impl.h: revision 1.12
	usr.sbin/npf/npfctl/npf_disassemble.c: revision 1.2
	sys/net/npf/npf_handler.c: revision 1.14
	usr.sbin/npf/npfctl/npf_disassemble.c: revision 1.3
	sys/net/npf/npf_handler.c: revision 1.15
	sys/net/npf/npf_ncode.h: revision 1.6
	sys/net/npf/npf.c: revision 1.8
	sys/net/npf/npf.c: revision 1.9
	sys/net/npf/npf_alg_icmp.c: revision 1.9
	sys/net/npf/npf_session.c: revision 1.11
- Add NPF_DECISION_BLOCK and NPF_DECISION_PASS.  Be more defensive in the
  packet handler.  Change the default policy to block when the config is
  loaded and set it to pass when flush operation is performed.
- Use kmem_zalloc(9) instead of kmem_alloc(9) in few places.
- npf_rproc_{create,release}: use kmem_intr_{alloc,free} as the destruction
  of rule procedure might happen in the interrupt handler (under a very rare
  condition, if config reload races with the handler).
- npf_session_establish: check whether layer 3 and 4 are cached.
- npfctl_build_group: do not make groups as passing rules.
- Remove some unecessary header inclusion.
Simplify slightly: merge iface into addr_or_iface, use it in filt_addr.
Add a small disassembler.
definitions used by the disassembler.
- better printing of type/code flags/mask
- pass the instruction start pointer, instead of subtracting 1 to account for it
- Save active config in proplib dictionary; add GETCONF ioctl to retrieve.
- Few fixes.  Improve some comments.
don't leak the branch target array.
Add NPF config retrieval routines.

Revision 1.1.4.3 / (download) - annotate - [select for diffs], Fri Feb 24 09:11:49 2012 UTC (10 years, 11 months ago) by mrg
Branch: jmcneill-usbmp
Changes since 1.1.4.2: +4 -5 lines
Diff to previous 1.1.4.2 (colored) to branchpoint 1.1 (colored) next main 1.2 (colored)

sync to -current.

Revision 1.2.2.1, Mon Feb 20 00:18:20 2012 UTC (10 years, 11 months ago) by yamt
Branch: yamt-pagecache
Changes since 1.2: +0 -132 lines
FILE REMOVED

file npf_rproc.c was added on branch yamt-pagecache on 2012-04-17 00:08:39 +0000

Revision 1.2 / (download) - annotate - [select for diffs], Mon Feb 20 00:18:20 2012 UTC (10 years, 11 months ago) by rmind
Branch: MAIN
CVS Tags: yamt-pagecache-base5, yamt-pagecache-base4, jmcneill-usbmp-base9, jmcneill-usbmp-base8, jmcneill-usbmp-base7, jmcneill-usbmp-base6, jmcneill-usbmp-base5, jmcneill-usbmp-base4, jmcneill-usbmp-base3, jmcneill-usbmp-base10
Branch point for: yamt-pagecache, tls-maxphys
Changes since 1.1: +4 -5 lines
Diff to previous 1.1 (colored)

- Add NPF_DECISION_BLOCK and NPF_DECISION_PASS.  Be more defensive in the
  packet handler.  Change the default policy to block when the config is
  loaded and set it to pass when flush operation is performed.
- Use kmem_zalloc(9) instead of kmem_alloc(9) in few places.
- npf_rproc_{create,release}: use kmem_intr_{alloc,free} as the destruction
  of rule procedure might happen in the interrupt handler (under a very rare
  condition, if config reload races with the handler).
- npf_session_establish: check whether layer 3 and 4 are cached.
- npfctl_build_group: do not make groups as passing rules.
- Remove some unecessary header inclusion.

Revision 1.1.4.2 / (download) - annotate - [select for diffs], Sat Feb 18 07:35:38 2012 UTC (10 years, 11 months ago) by mrg
Branch: jmcneill-usbmp
Changes since 1.1.4.1: +133 -0 lines
Diff to previous 1.1.4.1 (colored) to branchpoint 1.1 (colored)

merge to -current.

Revision 1.1.4.1, Mon Feb 6 23:30:14 2012 UTC (10 years, 11 months ago) by mrg
Branch: jmcneill-usbmp
Changes since 1.1: +0 -133 lines
FILE REMOVED

file npf_rproc.c was added on branch jmcneill-usbmp on 2012-02-18 07:35:38 +0000

Revision 1.1 / (download) - annotate - [select for diffs], Mon Feb 6 23:30:14 2012 UTC (10 years, 11 months ago) by rmind
Branch: MAIN
CVS Tags: netbsd-6-base, jmcneill-usbmp-base2
Branch point for: netbsd-6, jmcneill-usbmp

- Split NPF rule procedure code into a separate module (no functional changes).
- Simplify some code, add more comments, some asserts.
- G/C unused rule hook code.

This form allows you to request diff's between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.




CVSweb <webmaster@jp.NetBSD.org>