rmind
670c10ba87
- Add and use npf_alg_export().
...
- npf_conn_import: handle NAT metadata correctly.
- npf_nat_newpolicy: restore the policy ID.
- npfctl_load: fix error code handling for the limit cases.
- npf_config_import: fix the inverted logic.
- npfctl_load: improve error handling.
2014-08-11 23:48:01 +00:00
rmind
d0850273a2
- Add npf_ruleset_export(), npf_rule_export() and npf_nat_policyexport().
...
- Split off npf_conn_export(). Add npf_ifmap_getname() and use it to save
the interface name; pick it up on npf_conn_import().
- Misc fixes. Bump NPF_VERSION.
2014-08-10 19:09:43 +00:00
tls
ea6af427bd
Merge tls-earlyentropy branch into HEAD.
2014-08-10 16:44:32 +00:00
rmind
c2b1c6cc23
Cross-link npf(7).
2014-08-03 00:02:56 +00:00
rmind
b8d1dbad64
NPF: add a general npf(7) manual page. Improved by wiz@.
2014-08-02 23:57:40 +00:00
htodd
c1a007a161
Build fix (use error when defined).
2014-07-23 05:00:38 +00:00
rmind
a02b7176fb
NPF: rework of the connection saving and restoring:
...
- Add support for saving a snapshot of the current connections together
with a full configuration. Support a reverse load operation. Eliminate
the old 'sess-save' and 'sess-load' in favour of the new mechanism.
- Share code between load and reload operations: the latter performs
load from npf.conf without affecting the connections.
- Simplify and fix races with connection loading.
- Bump NPF_VERSION.
2014-07-23 01:25:34 +00:00
rmind
903939e342
formatting
2014-07-20 00:48:51 +00:00
rmind
a7d2a60827
NPF: add nbuf_t * into npf_cache_t and remove unnecessary carrying by argument.
2014-07-20 00:37:41 +00:00
rmind
9c7a886e44
NPF:
...
- Populate the BPF external memory store with L3 information.
- Eliminate NPF_COP_L3 call and just use the data in the memstore.
- Bump NPF_VERSION.
2014-06-29 00:05:24 +00:00
rmind
c3d5721647
npftest: add an example in the README, fix the total in npf_test_conc().
2014-06-25 00:21:42 +00:00
rmind
263d30c43e
Adjust NPF to the recent BPF / BPF JIT changes and make it work again.
...
All regression tests are happy now (hi alnsn!).
2014-06-25 00:20:06 +00:00
alnsn
19fed70d36
Implement copfuncs and external memory in bpfjit.
2014-06-24 10:53:30 +00:00
rmind
410bae3ffd
npfctl_build_code: generate TCP/UDP check for ports case when other blocks
...
do not imply L4 check; add an assert in npfctl_bpf_proto() and elsewhere.
2014-05-31 22:41:37 +00:00
rmind
5866b12dae
npfctl: allow group of zeroes in IPv6 address; noted by spz@.
2014-05-31 22:37:05 +00:00
wiz
8f7d248eb8
Wording, typo fixes.
2014-05-15 23:52:32 +00:00
rmind
e05005e0b3
NPF: imply SYN-only check for the stateful rules by default (when inspecting
...
TCP packets). Many users trip here. This behaviour can be overriden with the
explicit "flags" keyword, but other configuration does not really make sense.
2014-05-15 02:34:29 +00:00
rmind
7da3b338d7
npftest: fix the example in the README file.
2014-05-14 21:46:50 +00:00
riastradh
4ec7cf26b7
Convert right-recursive rules to left-recursive ones.
...
This should obviate the need for the workaround of a large stack in
order to handle many rules.
No change in the resulting plists.
ok rmind
2014-03-15 15:22:37 +00:00
rmind
f1567f86d3
npfctl_bpf_cidr: another buf fix in handling IPv6 masks (bug found on ARM).
2014-03-15 08:46:01 +00:00
rmind
167f6f25d6
NPF: add support for "stateful-ends".
2014-03-14 11:29:44 +00:00
rmind
27b83b3d9e
npfctl_print_nat: fix the byte-order of the port.
2014-02-19 01:43:16 +00:00
rmind
247d861365
npfctl: take into account all addresses when multiple interfaces are
...
specified in a set of elements.
2014-02-17 00:45:24 +00:00
rmind
a732dba5fc
G/C some todo items
2014-02-14 02:01:12 +00:00
rmind
d199f930bb
Document NAT algorithm option in the grammar of "map".
2014-02-14 01:52:58 +00:00
rmind
068cee2998
NPF: add support for IPv6-to-IPv6 Network Prefix Translation (NPTv6),
...
as per RFC 6296. Add a unit test. Also, bump NPF_VERSION.
Thanks to S.P.Zeidler for the help with NPTv6 work!
2014-02-13 03:34:40 +00:00
rmind
82f6ff32b1
npfctl_bpf_cidr: fix a bug in handling of smaller IPv6 masks.
2014-02-13 00:42:01 +00:00
rmind
1e2389ed0b
npfctl_print_table: add a "cdb" type.
2014-02-12 01:42:50 +00:00
rmind
8b83480d27
NPF:
...
- Adjust the syntax - remove "inet" keyword in favour of more explicit
"inet4" for the address family. Consistent with "inet6" for IPv6.
- Adjust and improve the man page a little bit.
2014-02-08 01:20:09 +00:00
rmind
8274d601f9
NPF: add support for static (stateless) NAT.
2014-02-07 23:45:22 +00:00
christos
61a4b10e07
fix vax build.
2014-02-06 18:48:09 +00:00
wiz
83d796ca12
Update count. Add serial comma.
2014-02-06 07:36:36 +00:00
rmind
ffcdc4af8d
Add support for CDB based NPF tables.
2014-02-06 02:51:28 +00:00
rmind
e43f79569a
npftest: fix previous harder - pass and use libc's random(3).
2014-02-05 03:49:48 +00:00
rmind
bb1fedd189
npftest: fix the failure of NAT test -- adjust for RUMP's conversion to
...
the in-kernel CPRNG (hi pooka!).
2014-02-05 03:30:13 +00:00
rmind
55b0c96054
- npfctl: fix table IDs (breakage since the table naming was added).
...
- libnpf: remove npf_table_exists_p() from public API.
2014-02-03 02:21:52 +00:00
rmind
1e9541dade
npftest: adjust for the npf_bpf_filter() change.
2013-11-23 19:40:11 +00:00
rmind
e636c1e87f
npfctl: need to rewind the list after calling print_table(). XXX libnpf.
2013-11-22 18:42:02 +00:00
rmind
805a41fbfe
Add npf_tableset_syncdict() to sync the table IDs in the proplib dictionary,
...
as they can change on reload now. Also, fix table name checking in npfctl.
2013-11-22 00:25:51 +00:00
christos
8216c37c22
CID 1129614: dereference after null
2013-11-19 17:01:45 +00:00
rmind
d116583e69
Simplify parsing of npf.conf elements, create the npfvar_t when a value is
...
parsed (to be used as a general structured for variables and inlined values),
few misc improvements.
2013-11-19 00:28:41 +00:00
rmind
3fb1890bf5
Rename some tokens, use more accurate names (the current ones are incorrect
...
or missleading) and add few comments in the parser code.
2013-11-18 21:39:03 +00:00
rmind
2566fe9fff
Add bsd.own.mk for MKSLJIT, reorder some vars.
2013-11-16 17:12:35 +00:00
alnsn
a36c412b37
Link to -lrumpnet_bpfjit and -lrumpkern_sljit iff MKSLJIT != "no".
2013-11-16 15:58:30 +00:00
rmind
467de1619d
Enable bpfjit for npftest.
2013-11-16 01:41:43 +00:00
wiz
d8099589ae
Remove trailing whitespace.
2013-11-12 06:07:30 +00:00
rmind
1e7342c150
NPF: add support for table naming and remove NPF_TABLE_SLOTS (there is
...
just an arbitrary sanity limit of NPF_MAX_TABLES currently set to 128).
Few misc fixes. Bump NPF_VERSION.
2013-11-12 00:46:34 +00:00
rmind
a79812ea10
NPF: add support for specifying the interfaces before they are attached.
...
If an interface is or gets detached, all associated rules and connections
will be deactivated (it might be useful to have an option to invalidate
the associated connections). Once the interface is reattached they will
become active.
Bump NPF_VERSION.
2013-11-08 00:38:26 +00:00
kefren
915c0cd28e
sync an example with the latest group syntax change
2013-11-05 13:09:12 +00:00
rmind
05a7a9a52e
npfctl: optimise fetch_l3() to avoid unnecessary call to NPF_COP_L3.
2013-11-05 01:50:30 +00:00