Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
223,876 Commits 606 Branches 0 Tags 3.1 GiB
Commit Graph

2355 Commits

Author SHA1 Message Date
pooka 9d79315b3a missed one inet6 check 2014-01-03 12:49:59 +00:00
pooka acb676442c Allow kernels compiled with INET+INET6 to be booted as IPv4-only or IPv6-only. 2014-01-02 18:29:01 +00:00
pgoyette 1b0023ef9a Modularize net/zlib so it can be used by the vnd module (and, eventually, 
by an opencrypto module).
 2013-12-29 08:09:44 +00:00
pooka c4a2c1fa88 XXXgcc Wuninitialized kludge 2013-12-15 21:18:01 +00:00
rmind 8a8347bd05 NPF: 
- Adjust NAT to not assume flow direction in some cases and thus support
  less usual setups which are possible when using 'map' with a custom
  filter criteria.
- Introduce NPF_SRC/NPF_DST and replace npc_src/npc_dst with npc_ips[2]
  for more convenient handling.
- ICMP ALG: restrict matching only to the outgoing traffic, but be more
  direction-agnostic elsewhere.
 2013-12-06 01:33:37 +00:00
christos c16aecd187 It is silly to kill the system when an interface failed to clear promiscuous 
mode. Some return EINVAL when they are dying, but others like USB return EIO.
Downgrade to a DIAGNOSTIC printf. Same should be done for the malloc/NOWAIT,
but this is rarely hit.
 2013-12-05 15:55:35 +00:00
rmind 65c0517694 - npf_do_nat: fix a race condition and simplify the logic. 
- npf_session_setnat: clear the NAT association on failure.
 2013-12-04 01:38:49 +00:00
rmind c4d05d4533 Move initialisation of bpf_args_t into the npf_ruleset_inspect(). 
This allows us to reuse the BPF memory store as a cache.
 2013-11-23 19:32:20 +00:00
rmind 85c1b3a579 Optimise checksum fixup routines: 
- npf_fixup16_cksum: 1's complement sum is endian-independent.
- npf_fixup32_cksum: the first 32->16 bit reduction is not needed.

Pointed out by Valery Ushakov.
 2013-11-22 01:48:36 +00:00
rmind 1c6c349315 npf_addr_mix: use xor rather than sum. 2013-11-22 01:24:21 +00:00
rmind 805a41fbfe Add npf_tableset_syncdict() to sync the table IDs in the proplib dictionary, 
as they can change on reload now.  Also, fix table name checking in npfctl.
 2013-11-22 00:25:51 +00:00
rmind c782c88894 NPF: convert to bpf_jit_generate()/bpf_jit_freecode(). 2013-11-16 01:18:58 +00:00
rmind 5bd8916144 bpf_deliver: convert to bpf_filter_ext(). 2013-11-16 01:13:52 +00:00
rmind df5750d833 Fix the bpfjit build. 2013-11-15 13:56:21 +00:00
rmind d0748eb941 - Add bpf_args_t and convert bpf_filter_ext() to use it. This allows the 
caller to initialise (and re-use) the memory store.
- Add bpf_jit_generate() and bpf_jit_freecode() wrappers.
 2013-11-15 00:12:44 +00:00
rmind 1e7342c150 NPF: add support for table naming and remove NPF_TABLE_SLOTS (there is 
just an arbitrary sanity limit of NPF_MAX_TABLES currently set to 128).

Few misc fixes.  Bump NPF_VERSION.
 2013-11-12 00:46:34 +00:00
martin d78727ed1e Add missing [0] (check for unused entries) when matching interface 
names.
 2013-11-11 15:28:37 +00:00
rmind a79812ea10 NPF: add support for specifying the interfaces before they are attached. 
If an interface is or gets detached, all associated rules and connections
will be deactivated (it might be useful to have an option to invalidate
the associated connections).  Once the interface is reattached they will
become active.

Bump NPF_VERSION.
 2013-11-08 00:38:26 +00:00
christos a6b92c971d eliminate unused variable 2013-11-07 21:44:48 +00:00
rmind 576b42c4d7 npf_generic_fsm and npf_tcp_fsm: use uint8_t and make the arrays more dense. 2013-11-04 22:17:21 +00:00
mrg 4cf2909a7b used __diagused where appropriate. 2013-10-30 08:41:38 +00:00
rmind ace4567cf1 npf_session_setnat: fix the race condition when the old connection is still 
being expired while a new/duplicate is being created.
 2013-10-29 16:39:10 +00:00
christos 0fca9a6115 add an alias for the linux name for the interface index 2013-10-28 21:38:01 +00:00
rmind e5a13e2c75 Add NPF_MAX_RULES, an artificial limit (set it to 1M). 2013-10-27 16:22:08 +00:00
martin 6a2419fedf Turn a few __unused into __diagused 2013-10-25 11:35:55 +00:00
kefren 829b00a60a RFC3032 conformance for Router Alert Label 2013-10-25 09:25:32 +00:00
mrg 7c99f5d74d adjust previous; old_link_state is also used in INET6. 2013-10-19 21:39:12 +00:00
martin 2610fadf05 Ifdef a variable like its use 2013-10-19 18:39:30 +00:00
christos 891807de18 remove unrelated diff. 2013-10-06 01:21:24 +00:00
christos d67ce930dc fix the source too, not just the doc. 2013-10-05 23:22:34 +00:00
christos cef26ebe03 Add SIOCGIFINDEX from Ty Sarna and Matthew Sporleder. 2013-10-05 23:16:54 +00:00
rmind 4da50fc205 bpf_filter: re-use some code. No functional change intended. 2013-10-05 22:38:52 +00:00
rmind fb41d25668 sess_hash_bucket: convert to murmurhash2, include ports, use random seed. 2013-09-26 00:24:36 +00:00
rmind 24e8f8767c bpfjit: replace malloc with kmem, KNF a little, add RCS ID. 2013-09-20 23:19:52 +00:00
rmind 7b5edfdc0d NPF: G/C n-code in favour of BPF byte-code. Delete lots of code, mmm! 2013-09-19 01:49:07 +00:00
rmind 4e592132ab - Convert NPF to use BPF byte-code by default. Compile BPF byte-code in 
npfctl(8) and generate separate marks to describe the filter criteria.
- Rewrite 'npfctl show' functionality and fix some of the bugs.
- npftest: add a test for BPF COP.
- Bump NPF_VERSION.
 2013-09-19 01:04:45 +00:00
rmind 60d47add10 npfctl_rule: fixes for the dynamic rules. 2013-09-19 00:50:56 +00:00
rmind 514e2368ee bpf_validate_ext: allow COP to modify the memstore. 2013-09-19 00:48:48 +00:00
rmind cb633e2d0c Add bpf_filter_ext() to use with BPF COP, restore bpf_filter() as it was 
originally to preserve compatibility.  Similarly, add bpf_validate_ext()
which takes bpf_ctx_t.
 2013-09-18 23:34:55 +00:00
martin 0d2f30103a Remove unused variable 2013-09-13 21:09:40 +00:00
martin 5b8d9098ad Remove unused variable 2013-09-13 21:05:02 +00:00
martin a37ce7da33 Remove unused variable 2013-09-12 20:47:59 +00:00
christos 4a5538bfa8 PR/48198: Peter Bex: Avoid kernel panic caused by setting a very small bpf 
buffer size.
XXX: Pullup -6
 2013-09-09 20:53:51 +00:00
rmind 4c45c55542 bpf_filter: add a custom argument which can be passed to coprocessor routine. 2013-08-30 15:00:08 +00:00
rmind 8088e72932 Remove SS_ISCONFIRMING, it is unused and TP4 will not come back. 2013-08-29 17:49:20 +00:00
rmind 1962fa8781 Implement BPF_COP/BPF_COPX instructions in the misc category (BPF_MISC) 
which add a capability to call external functions in a predetermined way.

It can be thought as a BPF "coprocessor" -- a generic mechanism to offload
more complex packet inspection operations.  There is no default coprocessor
and this functionality is not targeted to the /dev/bpf.  This is primarily
targeted to the kernel subsystems, therefore there is no way to set a custom
coprocessor at the userlevel.

Discussed on: tech-net@
OK: core@
 2013-08-29 14:25:40 +00:00
rmind 878c5e5866 - npf_cache_ip: re-fetch IPv6 header since nbufs might have been reallocated. 
- npf_cache_all: clear NBUF_DATAREF_RESET since npf_cache_ip() handles it.
 2013-08-23 10:37:03 +00:00
yamt 44ef5a4f25 - deal with softint_establish failure 
- establish softint only when necessary
 2013-08-20 12:28:12 +00:00
kiyohara 1ac3829df7 Fix build failed, if undef INET. 2013-08-04 07:05:15 +00:00
kefren 6da4e2e622 report about route tag in sysctl route walker 2013-07-24 15:31:04 +00:00