Aren/NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
225,068 Commits 606 Branches 0 Tags 3.1 GiB
6eb573f048
Commit Graph

2365 Commits

Author SHA1 Message Date
pooka
ed107912d9 If the in6 domain was not attached, do not attempt to process IPv6 packets. 2014-02-25 22:42:06 +00:00
pooka
4f6fb3bf35 Ensure that the top level sysctl nodes (kern, vfs, net, ...) exist before 
the sysctl link sets are processed, and remove redundancy.

Shaves >13kB off of an amd64 GENERIC, not to mention >1k duplicate
lines of code.
 2014-02-25 18:30:08 +00:00
rmind
022864892f NPF: fix the recent breakage of the traceroute ALG. Also, simplify and 
refactor a little bit.
 2014-02-19 03:51:31 +00:00
rmind
bab1756a9a npf_alg_session: fix inverted logic in the previous commit. 2014-02-17 02:38:46 +00:00
rmind
ef728b81cb NPF: pass ALG functions via npfa_funcs_t structure. 2014-02-16 22:10:40 +00:00
rmind
068cee2998 NPF: add support for IPv6-to-IPv6 Network Prefix Translation (NPTv6), 
as per RFC 6296.  Add a unit test.  Also, bump NPF_VERSION.

Thanks to S.P.Zeidler for the help with NPTv6 work!
 2014-02-13 03:34:40 +00:00
rmind
8274d601f9 NPF: add support for static (stateless) NAT. 2014-02-07 23:45:22 +00:00
rmind
ffcdc4af8d Add support for CDB based NPF tables. 2014-02-06 02:51:28 +00:00
christos
89c35f61ad add __USE 2014-01-25 21:10:41 +00:00
christos
68cffabfc3 add a lint comment 2014-01-25 21:10:29 +00:00
pooka
9d79315b3a missed one inet6 check 2014-01-03 12:49:59 +00:00
pooka
acb676442c Allow kernels compiled with INET+INET6 to be booted as IPv4-only or IPv6-only. 2014-01-02 18:29:01 +00:00
pgoyette
1b0023ef9a Modularize net/zlib so it can be used by the vnd module (and, eventually, 
by an opencrypto module).
 2013-12-29 08:09:44 +00:00
pooka
c4a2c1fa88 XXXgcc Wuninitialized kludge 2013-12-15 21:18:01 +00:00
rmind
8a8347bd05 NPF: 
- Adjust NAT to not assume flow direction in some cases and thus support
  less usual setups which are possible when using 'map' with a custom
  filter criteria.
- Introduce NPF_SRC/NPF_DST and replace npc_src/npc_dst with npc_ips[2]
  for more convenient handling.
- ICMP ALG: restrict matching only to the outgoing traffic, but be more
  direction-agnostic elsewhere.
 2013-12-06 01:33:37 +00:00
christos
c16aecd187 It is silly to kill the system when an interface failed to clear promiscuous 
mode. Some return EINVAL when they are dying, but others like USB return EIO.
Downgrade to a DIAGNOSTIC printf. Same should be done for the malloc/NOWAIT,
but this is rarely hit.
 2013-12-05 15:55:35 +00:00
rmind
65c0517694 - npf_do_nat: fix a race condition and simplify the logic. 
- npf_session_setnat: clear the NAT association on failure.
 2013-12-04 01:38:49 +00:00
rmind
c4d05d4533 Move initialisation of bpf_args_t into the npf_ruleset_inspect(). 
This allows us to reuse the BPF memory store as a cache.
 2013-11-23 19:32:20 +00:00
rmind
85c1b3a579 Optimise checksum fixup routines: 
- npf_fixup16_cksum: 1's complement sum is endian-independent.
- npf_fixup32_cksum: the first 32->16 bit reduction is not needed.

Pointed out by Valery Ushakov.
 2013-11-22 01:48:36 +00:00
rmind
1c6c349315 npf_addr_mix: use xor rather than sum. 2013-11-22 01:24:21 +00:00
rmind
805a41fbfe Add npf_tableset_syncdict() to sync the table IDs in the proplib dictionary, 
as they can change on reload now.  Also, fix table name checking in npfctl.
 2013-11-22 00:25:51 +00:00
rmind
c782c88894 NPF: convert to bpf_jit_generate()/bpf_jit_freecode(). 2013-11-16 01:18:58 +00:00
rmind
5bd8916144 bpf_deliver: convert to bpf_filter_ext(). 2013-11-16 01:13:52 +00:00
rmind
df5750d833 Fix the bpfjit build. 2013-11-15 13:56:21 +00:00
rmind
d0748eb941 - Add bpf_args_t and convert bpf_filter_ext() to use it. This allows the 
caller to initialise (and re-use) the memory store.
- Add bpf_jit_generate() and bpf_jit_freecode() wrappers.
 2013-11-15 00:12:44 +00:00
rmind
1e7342c150 NPF: add support for table naming and remove NPF_TABLE_SLOTS (there is 
just an arbitrary sanity limit of NPF_MAX_TABLES currently set to 128).

Few misc fixes.  Bump NPF_VERSION.
 2013-11-12 00:46:34 +00:00
martin
d78727ed1e Add missing [0] (check for unused entries) when matching interface 
names.
 2013-11-11 15:28:37 +00:00
rmind
a79812ea10 NPF: add support for specifying the interfaces before they are attached. 
If an interface is or gets detached, all associated rules and connections
will be deactivated (it might be useful to have an option to invalidate
the associated connections).  Once the interface is reattached they will
become active.

Bump NPF_VERSION.
 2013-11-08 00:38:26 +00:00
christos
a6b92c971d eliminate unused variable 2013-11-07 21:44:48 +00:00
rmind
576b42c4d7 npf_generic_fsm and npf_tcp_fsm: use uint8_t and make the arrays more dense. 2013-11-04 22:17:21 +00:00
mrg
4cf2909a7b used __diagused where appropriate. 2013-10-30 08:41:38 +00:00
rmind
ace4567cf1 npf_session_setnat: fix the race condition when the old connection is still 
being expired while a new/duplicate is being created.
 2013-10-29 16:39:10 +00:00
christos
0fca9a6115 add an alias for the linux name for the interface index 2013-10-28 21:38:01 +00:00
rmind
e5a13e2c75 Add NPF_MAX_RULES, an artificial limit (set it to 1M). 2013-10-27 16:22:08 +00:00
martin
6a2419fedf Turn a few __unused into __diagused 2013-10-25 11:35:55 +00:00
kefren
829b00a60a RFC3032 conformance for Router Alert Label 2013-10-25 09:25:32 +00:00
mrg
7c99f5d74d adjust previous; old_link_state is also used in INET6. 2013-10-19 21:39:12 +00:00
martin
2610fadf05 Ifdef a variable like its use 2013-10-19 18:39:30 +00:00
christos
891807de18 remove unrelated diff. 2013-10-06 01:21:24 +00:00
christos
d67ce930dc fix the source too, not just the doc. 2013-10-05 23:22:34 +00:00
christos
cef26ebe03 Add SIOCGIFINDEX from Ty Sarna and Matthew Sporleder. 2013-10-05 23:16:54 +00:00
rmind
4da50fc205 bpf_filter: re-use some code. No functional change intended. 2013-10-05 22:38:52 +00:00
rmind
fb41d25668 sess_hash_bucket: convert to murmurhash2, include ports, use random seed. 2013-09-26 00:24:36 +00:00
rmind
24e8f8767c bpfjit: replace malloc with kmem, KNF a little, add RCS ID. 2013-09-20 23:19:52 +00:00
rmind
7b5edfdc0d NPF: G/C n-code in favour of BPF byte-code. Delete lots of code, mmm! 2013-09-19 01:49:07 +00:00
rmind
4e592132ab - Convert NPF to use BPF byte-code by default. Compile BPF byte-code in 
npfctl(8) and generate separate marks to describe the filter criteria.
- Rewrite 'npfctl show' functionality and fix some of the bugs.
- npftest: add a test for BPF COP.
- Bump NPF_VERSION.
 2013-09-19 01:04:45 +00:00
rmind
60d47add10 npfctl_rule: fixes for the dynamic rules. 2013-09-19 00:50:56 +00:00
rmind
514e2368ee bpf_validate_ext: allow COP to modify the memstore. 2013-09-19 00:48:48 +00:00
rmind
cb633e2d0c Add bpf_filter_ext() to use with BPF COP, restore bpf_filter() as it was 
originally to preserve compatibility.  Similarly, add bpf_validate_ext()
which takes bpf_ctx_t.
 2013-09-18 23:34:55 +00:00
martin
0d2f30103a Remove unused variable 2013-09-13 21:09:40 +00:00