- Add proper TCP state tracking as described in Guido van Rooij paper,
plus handle TCP Window Scaling option.
- Completely rework npf_cache_t, reduce granularity, simplify code.
- Add npf_addr_t as an abstraction, amend session handling code, as well
as NAT code et al, to use it. Now design is prepared for IPv6 support.
- Handle IPv4 fragments i.e. perform packet reassembly.
- Add support for IPv4 ID randomization and minimum TTL enforcement.
- Add support for TCP MSS "clamping".
- Random bits for IPv6. Various fixes and clean-up.
This works around read(2) system callsfailing with ENOBUFS.
This is a hack bedause there is no way to know that 4 * FUSE_BUFSIZE
will be enough to hold queued FUSE frames. It seems good enough at
mine.
- use PUFFS_KFLAG_WTCACHE to puffs_init so that all writes are
immediatly send to the filesystem, and we do not have anymore write
after inactive. As a consequence, we can close files at inactive
stage, and there is not any concern left with files opened at
create time. We also do not have anymore to open ourselves in readdir and
fsync.
- Fsync on close (inactive stage). That makes sure we will not need to
do these operations once the file is closed (FUSE want an open file).
short sircuit the request that come after the close, bu not fsinc'ing
closed files,
- Use PUFFS_KFLAG_IAONDEMAND to get less inactive calls
== Removed nodes ==
- more ENOENT retunred for operations on removed node (but there
are probably some still missing): getattr, ooen, setattr, fsync
- set PND_REMOVE before sending the UNLINK/RMDIR operations so that we avoid
races during UNLINK completion. Also set PND_REMOVED on node we overwirte
in rename
== Filehandle fixes ==
- queue open operation to avoid getting two fh for one file
- set FH in getattr, if the file is open
- Just requires a read FH for fsyncdir, as we always opendir in read
mode. Ok, this is misleading :-)
== Misc ==
- do not set FUSE_FATTR_ATIME_NOW in setattr, as we provide the time
- short circuit nilpotent operations in setattr
- add a filename diagnostic flag to dump file names
- Add support for bi-directional NAT and redirection / port forwarding.
- Finish filtering on ICMP type/code and add filtering on TCP flags.
- Add support for TCP reset (RST) or ICMP destination unreachable on block.
- Fix a bunch of bugs; misc cleanup.
assume datagram semantics: when using SOCK_STREAM, if perfused sends
frames faster than the filesystem consumes them, it will grab multiple
frames at once and discard anything beyond the first one. For now the
code can work both with SOCK_DGRAM and SOCK_STREAM, but SOCK_STREAM
support will probably have to be removed for the sake of readability.
- Remeber to sync parent directories when moving a node
- In debug output, display the requeue type (readdir, write, etc...)
therefore runs with filesystem privileges
- shut up warnings and debug messages when perfused is autostarted
- make perfused patch modifiable with CFLAGS for easier pkgsrc integration
- Fix build warnings
comparison function being given to db was comparing 4 extra bytes of
rubbish.
This may or may not be the *only* source of the corrupted
/var/account/usracct files I've been seeing occasionally on amd64, but
it's clearly *a* source.
FUSE filesystems will attempt to start it on their own, and will
communicate using a socketpair
- do not advertise NULL file handle as being valid when sending themback to the FUSE filesystem.
- unmount if we cannot talk to the FUSE process anymore
- set calling process gid properly
- debug message cleanup
- Automatically call fsync on close for files. If we just close, fsync
will come later and we will have to reopen
- Add a PND_DIRTY flag to keep track of files that really need a sync.
perfuse_node_fsync only calls the FUSE fsync method if there are data
to push.
- Add a PND_OPEN flag to keep track of open files. Checking non NULL
fh is not enough, as some filesystems will always set fh to 0.
- Add a sync diagnostic flag, to watch fsync and dirty flag activity.
Make the fh diagnostic flag more verbose
- Send the fh in setattr (it was hardcoded to 0)
I am now able to build libperfuse in a glusterfs mounted filesystem. Yeah!
- Designed to be fully MP-safe and highly efficient.
- Tables/IP sets (hash or red-black tree) for high performance lookups.
- Stateful filtering and Network Address Port Translation (NAPT).
Framework for application level gateways (ALGs).
- Packet inspection engine called n-code processor - inspired by BPF -
supporting generic RISC-like and specific CISC-like instructions for
common patterns (e.g. IPv4 address matching). See npf_ncode(9) manual.
- Convenient userland utility npfctl(8) with npf.conf(8).
NOTE: This is not yet a fully capable alternative to PF or IPFilter.
Further work (support for binat/rdr, return-rst/return-icmp, common ALGs,
state saving/restoring, logging, etc) is in progress.
Thanks a lot to Matt Thomas for various useful comments and code review.
Aye by: board@
and remove renameing _Rune* -> _NBRune* namespace protection.
FreeBSD traditionaly exposes struct _Rune* in runetype.h
which included by ctype.h. it may cause conflicting type error
in our cross build process, former we use renaming namespace
to avoid this problem, now i reworked more resonable way.
2. merge rune_local.h to runetype_local.h, and remove it.
3. split bsdctype.h -> bsdctype_{file,local}.h
2. do not use _CTYPE_NUM_CHARS macro to read data from LC_CTYPE(old BSDCTYPE style) database.
because 1<<CHAR_BIT is MD, so i added MI macro _CTYPE_CACHE_SIZE(1<<8).
3. remove _NB_CACHED_RUNE macro, use _CTYPE_CACHE_SIZE instead.
pfs(8) is a tool similar to ipfs(8) but for pf(4). It allows the admin to
dump internal configuration of pf, and restore at a latter point, after a
maintenance reboot for example, in a transparent way for user.
This work has been done mostly during my GSoC 2009
No objections on tech-net@
the rump kernel just attaches to / in said rump kernel instance.
This is mostly useful in case wanting to see what nodes components
create (see Makefile).
not built without manual intervention
They implement a space efficent write-once database with fast access
path. Switch the services(5) database to use cdb. The size of the
database file decreases from 2.1MB disk space to 307KB. Access
performance is about the same if setservent(0) is used and about an
order of magnitude faster otherwise. services_mkdb defaults to the new
format, but can optionally create the old db(3) format as well for
statically linked legacy applications.
that assembles /etc/mtree/NetBSD.dist. Instead, use the Makefile's
new target, emit_dist_file, to assemble the correct NetBSD.dist.
Previously, 'postinstall -m amd64 -s $SRC_TOP' would install a
NetBSD.dist that was missing /usr/lib/i386/ et cetera.
without the directory timeout expiring, we get vattr_null as the
attributes for that file. Ensure that we always report sane
attributes by getting them from the server if this is the case.
(also, sprinkle some const)
Fixes problem reported by dyoung. But wait! The bug's medallion
begins to glow! The bug looks much better! I crumble to dust.
There's probably another similar bug related to "lazy open". It
will trigger if we reclaim a node before the response to the open
arrives. Even the comments (typoless) know about this bug ...
But verifying it exists and fixing it will have to wait for another
day.
may not apply to this particular server.
TODO: have three different texts, one for device backed file systems
(e.g. ffs), another for network backed (e.g. nfs), and a third for
fictional (e.g. kernfs)
Don't build & install it by default, since it represents the state
of the rump virtual kernel and not the host kernel. However, it's
useful for debugging kernfs.
Instead of copulating with newfs to produce a new FFS image into
memory, mmap() a given existing image and pass that as the backing
store. If -s is given, mmap is done with MAP_SHARED and changes
are kept across mounts, else MAP_COPY (i.e. MAP_PRIVATE for us) is
done and changes are lost when the server exits.
Note: -s does not guarantee any kind of file system safety whatsoever
and in case of kill, crash, exit or other form of elusion,
everything will be, according to our theme, quite screwed.
after readdir is called for the root dir the first time (yes,
there's still a window of wrong link count after the fs is mounted.
it's currently quite difficult to call sftp_readdir() from outside
the main loop).
Should fix "find /mnt" problem for a mountpoint with more than the
"guessed" amount of subdirectories, as reported by dyoung.
Since bresvd is not available from the server, calculate:
bresvd = bfree - bavail.
Then df calculates:
bavail = bfree - bresvd;
And we now get a much more accurate report from df on how much one
can write to the fs.
remove the Capacity column.
Reduce inter-column spacing, and display all four limits on one page,
rather than using the -W command line option to switch between critical
and warning limits. (The -W option is still permitted, but has no
effect.)
%capacity limits are displayed in the WarnMin and CritMin columns, but
have a trailing % sign.
* Apparently there is only a single location for the scripts. Thus, remove
the references to "/etc/powerd/scripts/apm" and "/etc/powerd/scripts/acpi".
* Correct confusion: instead of "the device with which the device is
associated", write "the device with which the event is associated".
Correct also an example related to this.
* Improve wording, grammar, and markup in few places.
LOADMODULES->NOMODULES and READBOOTCONF->NOBOOTCONF.
This way, the default value (0) wired into old bootxx_* and installed
to file systems remains valid and we avoid problems on partial updates.
whether modules are loaded and whether boot.cfg is evaluated, and
set both to "off" per default in the PXE bootloader.
Extend "installboot" to toggle the bits.
This way, pxeboot works with existing dhcp server setups (and as
described in the manpage) out of the box. Also, boot.cfg reading
involves a stat() call which is horribly inefficient with the
TFTP pseudo file system.
where sector size (disk block size) is required, instead of
DEV_BSIZE constant which means device I/O block size.
"Looks reasonable" from dholland@, and fixes tools installboot(8)
on Cygwin where DEV_BSIZE != 512 as mentioned in PR toolchain/42555.
pooka