Commit Graph

29 Commits

Author SHA1 Message Date
rmind 2e6f2099c6 Import NPF - a packet filter. Some features:
- Designed to be fully MP-safe and highly efficient.

- Tables/IP sets (hash or red-black tree) for high performance lookups.

- Stateful filtering and Network Address Port Translation (NAPT).
  Framework for application level gateways (ALGs).

- Packet inspection engine called n-code processor - inspired by BPF -
  supporting generic RISC-like and specific CISC-like instructions for
  common patterns (e.g. IPv4 address matching).  See npf_ncode(9) manual.

- Convenient userland utility npfctl(8) with npf.conf(8).

NOTE: This is not yet a fully capable alternative to PF or IPFilter.
Further work (support for binat/rdr, return-rst/return-icmp, common ALGs,
state saving/restoring, logging, etc) is in progress.

Thanks a lot to Matt Thomas for various useful comments and code review.
Aye by: board@
2010-08-22 18:56:18 +00:00
kefren 826653c190 Add MPLS support, proposed on tech-net@ a couple of days ago
Welcome to 5.99.33
2010-06-26 14:24:27 +00:00
hannken ae5722dac0 No need to include bsd.subdir.mk as bsd.kinc.mk already includes it. 2009-05-30 09:04:35 +00:00
pooka 355dcf3a3b Install agr ioctl header and stop putting our hand under the sys skirt
in ifconfig.
2009-05-26 21:58:31 +00:00
ad 2bbb14eaa4 Back out previous. It broke the build. 2008-05-05 13:41:29 +00:00
ad 9f4cef7b1f Don't install sys/net/zlib.h. 2008-05-04 22:58:52 +00:00
thorpej 34908fe541 Add subroutines to support collating per-cpu-gathered network statistics. 2008-04-23 05:21:17 +00:00
isaki 7525ed1e40 Install <net/if_pflog.h>. 2007-01-13 14:13:53 +00:00
mouse 8fb29141e0 Hook srt into the rest of the kernel build machinery, so it works to
just uncomment the pseudo-device line (which arguably should go into
other ports' GENERICs too, and at some point may).

OKed by perry.
2007-01-11 05:36:29 +00:00
rpaulo 5423539f94 New EtherIP driver based on tap(4) and gif(4) by Hans Rosenfeld.
Notable changes:
	* Fixes PR 34268.
	* Separates the code from gif(4) (which is more cleaner).
	* Allows the usage of STP (Spanning Tree Protocol).
	* Removed EtherIP implementation from gif(4)/tap(4).

Some input from Christos.
2006-11-23 04:07:07 +00:00
uwe 59d7f20391 Do not instal net/if_pppvar.h, net/if_slvar.h and net/if_stripvar.h.
The former two are no longer necessary as slstats is no more
and pppstats now uses an ioctl instead of rummaging through kmem.
The latter has nothign interesting for the userland, but uses
struct bintime that I'm about to hide under #ifdef _KERNEL.

A bunch of remaining <net/if_*.h> headers is pretty useless to the
userland too, but ... someone else's yag to shave...
2006-06-18 21:02:16 +00:00
christos 95e1ffb156 merge ktrace-lwp. 2005-12-11 12:16:03 +00:00
cube da24800d8c Install net/if_tap.h. 2005-01-08 22:28:51 +00:00
itojun ffe2ca6827 fix "includes" for pfvar.h 2004-06-22 14:29:45 +00:00
itojun a225f02f05 foundation for PF 2004-06-22 14:04:04 +00:00
dyoung 5cea02e6fe Complete replacement of the old 802.11 layer with the new. 2003-10-13 08:34:15 +00:00
lukem 0635de35a3 Remove KDIR=, since SYS_INCLUDE=symlinks and KDIR are not supported any more. 2002-11-26 23:30:07 +00:00
bjh21 25d06cf184 Install net/ieee1394.h the same way we install all the other
link-layer-specific headers.
2001-10-05 12:37:39 +00:00
augustss 317073f06f Install if_bridgevar.h. 2001-08-17 23:16:14 +00:00
martin b5b75a7d19 Add an in-kernel PPPoE (ppp over ethernet, RFC 2516) implementation,
based on the existing net/if_spppsubr.c stuff.

While there are completely userland (bpf based) implementations available,
those have a vastly larger per packet overhead thus causing major CPU
overhead and higher latency. On an i386 base router, running a 486DX at 50MHz
my line (768kBit/s downstream) was limited to something (varying) between 10
and 20 kByte/s effective download rate. With this implementation I get full
bandwidth (~85kByte/s).

This is client side only. Arguably the right way to add full PPPoE support
(including server side) would be a variation of the ppp line discipline and
appropriate modifications to pppd. I promise every help I can give to anyone
doing that - but I needed this realy fast. Besids, on low memory NAT boxes
with typically a single PPPoE connection, this implementation is more
lightweight than a pppd based one, which nicely fits my needs.
2001-04-29 09:50:36 +00:00
thorpej 00052cdc53 Put the BPF DLT_* constants into their own header file so that things
that reference them don't have to slurp in all of the BPF headers.

Define a new generic RAWAF type that is like DLT_RAW, but isn't specific
to IP (the macro takes an AF_* constant as an argument to generate the
actual type).
2000-12-12 17:53:00 +00:00
enami b531012315 Install if_vlanvar.h. 2000-09-28 06:06:50 +00:00
itojun d300ce3942 add net/if_stf.h and netinet/ip_encap.h (almost noone will include them though) 2000-04-19 06:39:15 +00:00
chopps 93d5e38d57 Add beginnings of ieee 802.11 generic stuff 2000-01-23 23:50:13 +00:00
itojun 118d2b1d4f IPv6 kernel code, based on KAME/NetBSD 1.4, SNAP kit 19990628.
(Sorry for a big commit, I can't separate this into several pieces...)
Pls check sys/netinet6/TODO and sys/netinet6/IMPLEMENTATION for details.

- sys/kern: do not assume single mbuf, accept chained mbuf on passing
  data from userland to kernel (or other way round).
- "midway" ATM card: ATM PVC pseudo device support, like those done in ALTQ
  package (ftp://ftp.csl.sony.co.jp/pub/kjc/).
- sys/netinet/tcp*: IPv4/v6 dual stack tcp support.
- sys/netinet/{ip6,icmp6}.h, sys/net/pfkeyv2.h: IETF document assumes those
  file to be there so we patch it up.
- sys/netinet: IPsec additions are here and there.
- sys/netinet6/*: most of IPv6 code sits here.
- sys/netkey: IPsec key management code
- dev/pci/pcidevs: regen

In my understanding no code here is subject to export control so it
should be safe.
1999-07-01 08:12:45 +00:00
explorer 6249482be9 Install if_sppp.h in include/net/ 1999-04-04 06:08:40 +00:00
bad 76c3e33738 Add if_token.h to INCS. 1999-03-22 22:27:41 +00:00
hwr 0959469679 Also install if_gre.h in /usr/include/net/ 1998-10-02 19:23:55 +00:00
cgd 651b44e211 Rework the way kernel include files are installed. In the new method,
as with user-land programs, include files are installed by each directory
in the tree that has includes to install.  (This allows more flexibility
as to what gets installed, makes 'partial installs' easier, and gives us
more options as to which machines' includes get installed at any given
time.)  The old SYS_INCLUDES={symlinks,copies} behaviours are _both_
still supported, though at least one bug in the 'symlinks' case is
fixed by this change.  Include files can't be build before installation,
so directories that have includes as targets (e.g. dev/pci) have to move
those targets into a different Makefile.
1998-06-12 23:22:30 +00:00