![[BACK]](/icons/back.gif){kind=icon}
Up to [cvs.NetBSD.org] / src / sys / net / npf
Request diff between arbitrary revisions
Default branch: MAIN
Current tag: MAIN
Revision 1.12 / (download) - annotate - [select for diffs], Mon Dec 24 19:05:45 2012 UTC (5 months, 3 weeks ago) by rmind
Branch: MAIN
CVS Tags: yamt-pagecache-base8,
tls-maxphys-nbase,
tls-maxphys-base,
khorben-n900,
agc-symver-base,
agc-symver,
HEAD
Changes since 1.11: +6 -7
lines
Diff to previous 1.11 (colored)
- Rework NPF's nbuf interface: use advancing and ensuring as a main method. Eliminate unnecessary copy and simplify. Adapt regression tests. - Simplify ICMP ALG a little. While here, handle ICMP ECHO for traceroute. - Minor fixes, misc cleanup.
Revision 1.11 / (download) - annotate - [select for diffs], Sat Oct 6 23:50:17 2012 UTC (8 months, 1 week ago) by rmind
Branch: MAIN
CVS Tags: yamt-pagecache-base7,
yamt-pagecache-base6
Changes since 1.10: +17 -12
lines
Diff to previous 1.10 (colored)
npf_tcp_inwindow: inspect the sequence numbers even if the packet contains no data, fixing up only the RST to the initial SYN. This makes off-path attacks more difficult. For the reference, see "Reflection Scan: an Off-Path Attack on TCP" by Jan Wrobel.
Revision 1.10 / (download) - annotate - [select for diffs], Sat Jul 21 17:11:02 2012 UTC (10 months, 3 weeks ago) by rmind
Branch: MAIN
Branch point for: tls-maxphys
Changes since 1.9: +9 -11
lines
Diff to previous 1.9 (colored)
- npf_fetch_tcpopts: fix off-by-one when validating TCP option length against the maximum allowed. - npf_tcp_inwindow: be more liberal with npf_fetch_tcpopts(). - Few minor improvements to npftest.
Revision 1.9 / (download) - annotate - [select for diffs], Sun Jul 15 00:23:00 2012 UTC (11 months ago) by rmind
Branch: MAIN
Changes since 1.8: +4 -4
lines
Diff to previous 1.8 (colored)
- Rework NPF tables and fix support for IPv6. Implement tree table type using radix / Patricia tree. Universal IPv4/IPv6 comparator for ptree(3) was contributed by Matt Thomas. - NPF tables: update regression tests, improve npfctl(8) error messages. - Fix few bugs when using kernel modules and handle module autounloader. - Few other fixes and misc cleanups. - Bump the version.
Revision 1.8 / (download) - annotate - [select for diffs], Sun Jul 1 18:13:51 2012 UTC (11 months, 2 weeks ago) by rmind
Branch: MAIN
Changes since 1.7: +40 -26
lines
Diff to previous 1.7 (colored)
npf_state_tcp: fix for FIN retransmission and out-of-order ACK case.
Revision 1.7 / (download) - annotate - [select for diffs], Fri Jun 22 13:43:17 2012 UTC (11 months, 3 weeks ago) by rmind
Branch: MAIN
Changes since 1.6: +8 -4
lines
Diff to previous 1.6 (colored)
NPF: - Rename some functions for consistency and de-inline them. - Fix few invalid asserts (add regressoin test). - Use pserialize(9) for ALG interface. - Minor fixes, sprinkle many comments.
Revision 1.6 / (download) - annotate - [select for diffs], Tue Jun 5 22:46:54 2012 UTC (12 months, 1 week ago) by rmind
Branch: MAIN
Changes since 1.5: +12 -7
lines
Diff to previous 1.5 (colored)
npf_state_tcp: add an assert; fix some comments while here.
Revision 1.5 / (download) - annotate - [select for diffs], Wed May 30 21:38:03 2012 UTC (12 months, 2 weeks ago) by rmind
Branch: MAIN
CVS Tags: jmcneill-usbmp-base10
Changes since 1.4: +4 -11
lines
Diff to previous 1.4 (colored)
npftest: add a stream processor, which prints out the TCP state information. A tool for debugging connection tracking from tcpdump -w captured data.
Revision 1.4 / (download) - annotate - [select for diffs], Tue Apr 3 22:14:12 2012 UTC (14 months, 2 weeks ago) by rmind
Branch: MAIN
CVS Tags: yamt-pagecache-base5,
yamt-pagecache-base4,
jmcneill-usbmp-base9,
jmcneill-usbmp-base8
Branch point for: yamt-pagecache
Changes since 1.3: +4 -4
lines
Diff to previous 1.3 (colored)
npf_tcp_inwindow: in a case of negative skew, bump the maximum seen value of SEQ+LEN in the receiver's side correctly (using ACK from the sender's side). PR/46265 from Changli Gao.
Revision 1.3 / (download) - annotate - [select for diffs], Thu Dec 8 23:36:57 2011 UTC (18 months, 1 week ago) by rmind
Branch: MAIN
CVS Tags: netbsd-6-base,
jmcneill-usbmp-base7,
jmcneill-usbmp-base6,
jmcneill-usbmp-base5,
jmcneill-usbmp-base4,
jmcneill-usbmp-base3,
jmcneill-usbmp-base2
Branch point for: netbsd-6
Changes since 1.2: +20 -5
lines
Diff to previous 1.2 (colored)
- Explain the magic in npf_tcpfl2case(). - Use __unused instead of (void)cast; fix comment.
Revision 1.2 / (download) - annotate - [select for diffs], Mon Dec 5 00:34:25 2011 UTC (18 months, 2 weeks ago) by rmind
Branch: MAIN
Changes since 1.1: +72 -58
lines
Diff to previous 1.1 (colored)
- Add npf_tcpfl2case() and make TCP state table more compact. - Adjust the state for FIN case on sim-SYN and SYN-RECEIVED.
Revision 1.1 / (download) - annotate - [select for diffs], Tue Nov 29 20:05:30 2011 UTC (18 months, 2 weeks ago) by rmind
Branch: MAIN
CVS Tags: jmcneill-usbmp-pre-base2,
jmcneill-usbmp-base
Branch point for: jmcneill-usbmp
- Rework and improve TCP state tracking. - Fix regressions after IPv6 patch merge. Note: npfctl(8) rework will come soon.