Aren/NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
218,028 Commits 606 Branches 0 Tags 3.1 GiB
ea4869ad3c
Commit Graph

2296 Commits

Author SHA1 Message Date
kardel
f4c260b7f0 recover DLT_HIPPY and DLT_HDLC from before for if_hippisubr.c and hd64570.c 2013-04-07 14:12:05 +00:00
christos
cefc406697 update from libpcap 2013-04-06 23:20:27 +00:00
christos
bc0f55de88 Make ALG's autoloadable by providing in the config file: 
alg "algname"
 2013-03-20 00:29:46 +00:00
rmind
4183ea5f53 Always use BPF JIT for NPF rules (using BPF code) if it is available. 2013-03-18 02:24:45 +00:00
rmind
9ef92dc6c0 npf_session_establish: fix previous. 2013-03-18 00:17:20 +00:00
rmind
3b8a2fcf9c Add npf_session_trackable_p() and npf_session_fillent() for the common code. 
Simplify.  No functional change.
 2013-03-18 00:14:57 +00:00
christos
ff7550039b add missing argument 2013-03-13 13:15:47 +00:00
christos
fbfb5d3d8e don't auto-unload 2013-03-13 02:34:37 +00:00
christos
2c132b3129 normali{s,z}e 2013-03-12 20:47:48 +00:00
christos
12e775eb94 use sizeof(req) to find if it was empty or not (from uwe) 2013-03-11 17:20:02 +00:00
christos
d89c031d8b *"" is not constant according to gcc. So we move the responsibility for adding 
a , to the users of the macro.
 2013-03-11 17:03:55 +00:00
christos
02ab91fbba - avoid trailing , in dependencies when there are none other the npf module 
itself.
- remove if_npflog dependency from npf_ext_log.
 2013-03-11 16:37:43 +00:00
christos
fea1d0b382 prevent the lookup function from autoloading recursively. 2013-03-11 01:56:37 +00:00
christos
7e25e6910f move the module loading in the correct place. 2013-03-11 01:43:50 +00:00
christos
1066afcd4f remove the detach that does not belong here anymore. 2013-03-11 01:42:12 +00:00
christos
45d28ff77c Split the npflog cloner and auto-load the extensions. 2013-03-10 20:51:44 +00:00
christos
a6e021428d allow cloners as modules. 2013-03-10 19:46:12 +00:00
joerg
e240adbd0b Retire OSI network stack. OK core@ 2013-03-01 18:25:13 +00:00
rmind
3ae8914252 nbuf_ensure_contig: fix assert (can be equal if there is zero-length mbuf). 
Found by npftest on sparc64.
 2013-02-19 23:57:37 +00:00
rmind
56910be779 - Convert NPF dynamic rule ID to just incremented 64-bit counter. 
- Fix multiple bugs.  Also, update the man page.
 2013-02-16 21:11:12 +00:00
rmind
50c5afcad4 - Fix NPF config reload with dynamic rules present. 
- Implement list and flush commands on a dynamic ruleset.
 2013-02-10 23:47:37 +00:00
rmind
0e21825481 NPF: 
- Implement dynamic NPF rules.  Controlled through npf(3) library of via
  npfctl rule command.  A rule can be removed using a unique identifier,
  returned on addition, or using a key which is SHA1 hash of the rule.
  Adjust npftest and add a regression test.
- Improvements to rule inspection mechanism.
- Initial BPF support as an alternative to n-code.
- Minor fixes; bump the version.
 2013-02-09 03:35:31 +00:00
joerg
6c3b61dddd Remove remnants of AF_IMPLINK. 2013-02-05 17:30:01 +00:00
yamt
aad8ef3224 use cprng_fast instead of getmicrouptime to generate "random" mac address 
because the latter often produces the same addresses for subsequent tap
instances.
 2013-01-28 15:05:03 +00:00
yamt
cc345863dc whitespace 2013-01-28 15:01:13 +00:00
rmind
3107fd1eb5 - nbuf_ensure_contig: rework to use m_ensure_contig(9), which will not free 
the mbuf chain on failure.  Fixes some corner cases.  Improve regression
  test and sprinkle some asserts.
- npf_reassembly: clear nbuf on IPv6 reassembly failure path (partial fix).
  The problem was found and fix provided by Anthony Mallet.
 2013-01-20 18:45:56 +00:00
degroote
2b85e5b800 PR kern/47419: Antony Mallet: ifconfig doesn't diplay MTU on gif(4) 
There is no special treatment for SIOCGITMTU in gif(4), so just pass it to
ifioctl_common().
 2013-01-19 16:18:32 +00:00
rmind
2be35e5206 Silence gcc in npf_recache(). 2012-12-24 23:11:25 +00:00
rmind
352f160615 - Rework NPF's nbuf interface: use advancing and ensuring as a main method. 
Eliminate unnecessary copy and simplify.  Adapt regression tests.
- Simplify ICMP ALG a little.  While here, handle ICMP ECHO for traceroute.
- Minor fixes, misc cleanup.
 2012-12-24 19:05:42 +00:00
rmind
57ff5416fd - Add NPF version check in proplist as well, not only ioctl. Bump the version. 
- Fix a bug in table entry lookup.
- Updates/fixes to the man pages.  Misc.
 2012-12-23 21:01:03 +00:00
rmind
f9e6e88c89 npf_rwrcksum: handle delayed checksums in the network stack; also fix 
non-NPF_NAT_PORTS case and add some comments.  PR/47235.
 2012-12-10 01:11:13 +00:00
rmind
333cdb0c5a Add NPF "rndblock" extension to randomly drop packets (using a random function 
with a percentage or modulo operation).  This is a demo module, although it can
be used for packet loss simulation.  Example of a procedure in npf.conf:

procedure "somedrop" {
	# Drop 1.9% of the traffic
	rndblock: percentage 1.9
}
 2012-12-10 00:32:23 +00:00
rmind
af7272417a npf_table_list: avoid triggering assert on diagnostic. 2012-12-04 19:28:16 +00:00
mbalmer
9d9e15ed7b Don't check mp for NULL twice. From Michael W. Bomardieri <mb@il.net> 
via tech-net@NetBSD.org.  Thanks!
 2012-11-25 09:06:43 +00:00
alnsn
85151d38ab Add RCSID and fix -Wsign-compare warnings. 2012-11-10 22:12:31 +00:00
msaitoh
c9d920062c Fix a bug that SIOCZIFDATA clears if_lastchage by zero. 
Update if_lastchange with getnanotime().
 2012-11-01 06:36:30 +00:00
msaitoh
bbc956a9be Add SIOCGETHERCAP ioctl. 
There was no way to know the setting of ec_capabilities and ec_capenable
other than grepping the source.

See http://mail-index.netbsd.org/tech-kern/2010/07/28/msg008613.html
 2012-10-31 10:17:34 +00:00
rmind
64647e51e4 Implement NPF table listing and preservation of entries on reload. 
Bump the version.
 2012-10-29 02:27:11 +00:00
alnsn
87a1a6c0f7 Comment bd_jitcode member. 2012-10-28 21:12:44 +00:00
alnsn
e8c0d6c662 Add bpfjit and enable it for amd64. 2012-10-27 22:36:11 +00:00
chs
cbab9cadce split device_t/softc for all remaining drivers. 
replace "struct device *" with "device_t".
use device_xname(), device_unit(), etc.
 2012-10-27 17:17:22 +00:00
msaitoh
a9ceb4700c Move the prototype definition of ether_input() from if.h to if_ether.h. 2012-10-25 11:53:14 +00:00
msaitoh
11dd166429 Add 1000baseT-FDX. 2012-10-25 10:59:43 +00:00
christos
202952fb98 PR/47058: Antti Kantee: If the ipv6 flow code modifies the mbuf, pass the 
change up to the caller.
 2012-10-11 20:05:50 +00:00
rmind
f5f72a013e npf_tcp_inwindow: inspect the sequence numbers even if the packet contains no 
data, fixing up only the RST to the initial SYN.  This makes off-path attacks
more difficult.  For the reference, see "Reflection Scan: an Off-Path Attack
on TCP" by Jan Wrobel.
 2012-10-06 23:50:17 +00:00
rmind
1fb2724b4f npf_packet_handler: drop the packet if IPv6 reassembly did not work. 2012-10-06 23:38:20 +00:00
matt
d4732165f0 When setting a link address, don't bring up the interface automatically. 2012-10-05 04:26:06 +00:00
mlelstv
b7abe5ff3b ext_ops does not change during the life cycle and can be fetched without 
the mutex held. This avoids confusion in the compiler about an uninitialized
variable ext_ops.
ok rmind@
 2012-10-03 12:24:56 +00:00
dholland
7bb3c82fdb Requires <net/if.h> to be compilable by itself. 2012-09-30 05:08:08 +00:00
dholland
42222eb321 u_long -> unsigned long, so this header compiles on its own like it 
should. (and without adding <sys/types.h>)
 2012-09-30 05:02:08 +00:00