2 and a bit ethernet packets. Check and increase SO_RCVBUF on startup
so that we have buffers for 10 complete packets, should solve a
reported problem with overruns at higher connection speeds (our L2CAP
does not have any flow control).
(the default can still be adjusted upwards using sysctl)
copyright. Confirmed by Mike Hibler, mike at cs.utah.edu - thanks!
Also, merge UCB and Utah copyright texts back into one, as they
originally were.
Extra verification by snj@.
- Add libnpf(3) - a library to control NPF (configuration, ruleset, etc).
- Add NPF support for ftp-proxy(8).
- Add rc.d script for NPF.
- Convert npfctl(8) to use libnpf(3) and thus make it less depressive.
Note: next clean-up step should be a parser, once dholland@ will finish it.
- Add more documentation.
- Various fixes.
NetBSD/emips port runs on Xilinx and Beecube FPGA systems and the
Giano system simulator.
eMIPS is a platform developed at Microsoft Research for researching
reconfigurable computing. eMIPS allows dynamic loading and scheduling
of application-specific circuits for the purpose of accelerating
computations based on the current workload.
NetBSD eMIPS support for NetBSD 4.x was written at Microsoft Research
by Alessandro Forin and Neil Pittman. Microsoft Corporation has
donated full copyright to The NetBSD Foundation.
Platform support for eMIPS is the first part of Microsoft's
contribution. The second part includes the hardware accelerator
framework and will be proposed on tech-kern soon.
- Add the concept of rule procedure: separate normalization, logging and
potentially other functions from the rule structure. Rule procedure can be
shared amongst the rules. Separation is both at kernel level (npf_rproc_t)
and configuration ("procedure" + "apply").
- Fix portmap sharing for NAT policy.
- Update TCP state tracking logic. Use TCP FSM definitions.
- Add if_byindex(), OK by matt@. Use in logging for the lookup.
- Fix traceroute ALG and many other bugs; misc clean-up.
use neighbour specific options - XXX: needs documentation
* add peer authentication using TCP_MD5SIG. Interoperability tested with
Cisco IOS
* use SLIST_FOREACH_SAFE when deleting labels instead of re-looping.
- Add support for session saving/restoring.
- Add packet logging support (can tcpdump a pseudo-interface).
- Support reload without flushing of sessions; rework some locking.
- Revisit session mangement, replace linking with npf_sentry_t entries.
- Add some counters for statistics, using percpu(9).
- Add IP_DF flag cleansing.
- Fix various bugs; misc clean-up.
skip past the display columns that the value would otherwise occupy.
Fixes display issue when swsensor(4) is used and it has a value of 0K,
as reported by njoly@
new upstream version of traceroute to import.
AS# lookup is still done using host networking. Rationale: the
relevance to where that data comes from with respect to network
tracing is zero (be it socket, local file, db, whatever).
- Add proper TCP state tracking as described in Guido van Rooij paper,
plus handle TCP Window Scaling option.
- Completely rework npf_cache_t, reduce granularity, simplify code.
- Add npf_addr_t as an abstraction, amend session handling code, as well
as NAT code et al, to use it. Now design is prepared for IPv6 support.
- Handle IPv4 fragments i.e. perform packet reassembly.
- Add support for IPv4 ID randomization and minimum TTL enforcement.
- Add support for TCP MSS "clamping".
- Random bits for IPv6. Various fixes and clean-up.
This works around read(2) system callsfailing with ENOBUFS.
This is a hack bedause there is no way to know that 4 * FUSE_BUFSIZE
will be enough to hold queued FUSE frames. It seems good enough at
mine.
- use PUFFS_KFLAG_WTCACHE to puffs_init so that all writes are
immediatly send to the filesystem, and we do not have anymore write
after inactive. As a consequence, we can close files at inactive
stage, and there is not any concern left with files opened at
create time. We also do not have anymore to open ourselves in readdir and
fsync.
- Fsync on close (inactive stage). That makes sure we will not need to
do these operations once the file is closed (FUSE want an open file).
short sircuit the request that come after the close, bu not fsinc'ing
closed files,
- Use PUFFS_KFLAG_IAONDEMAND to get less inactive calls
== Removed nodes ==
- more ENOENT retunred for operations on removed node (but there
are probably some still missing): getattr, ooen, setattr, fsync
- set PND_REMOVE before sending the UNLINK/RMDIR operations so that we avoid
races during UNLINK completion. Also set PND_REMOVED on node we overwirte
in rename
== Filehandle fixes ==
- queue open operation to avoid getting two fh for one file
- set FH in getattr, if the file is open
- Just requires a read FH for fsyncdir, as we always opendir in read
mode. Ok, this is misleading :-)
== Misc ==
- do not set FUSE_FATTR_ATIME_NOW in setattr, as we provide the time
- short circuit nilpotent operations in setattr
- add a filename diagnostic flag to dump file names
- Add support for bi-directional NAT and redirection / port forwarding.
- Finish filtering on ICMP type/code and add filtering on TCP flags.
- Add support for TCP reset (RST) or ICMP destination unreachable on block.
- Fix a bunch of bugs; misc cleanup.
assume datagram semantics: when using SOCK_STREAM, if perfused sends
frames faster than the filesystem consumes them, it will grab multiple
frames at once and discard anything beyond the first one. For now the
code can work both with SOCK_DGRAM and SOCK_STREAM, but SOCK_STREAM
support will probably have to be removed for the sake of readability.
- Remeber to sync parent directories when moving a node
- In debug output, display the requeue type (readdir, write, etc...)
therefore runs with filesystem privileges
- shut up warnings and debug messages when perfused is autostarted
- make perfused patch modifiable with CFLAGS for easier pkgsrc integration
- Fix build warnings
comparison function being given to db was comparing 4 extra bytes of
rubbish.
This may or may not be the *only* source of the corrupted
/var/account/usracct files I've been seeing occasionally on amd64, but
it's clearly *a* source.
FUSE filesystems will attempt to start it on their own, and will
communicate using a socketpair
- do not advertise NULL file handle as being valid when sending themback to the FUSE filesystem.
- unmount if we cannot talk to the FUSE process anymore
- set calling process gid properly
- debug message cleanup
- Automatically call fsync on close for files. If we just close, fsync
will come later and we will have to reopen
- Add a PND_DIRTY flag to keep track of files that really need a sync.
perfuse_node_fsync only calls the FUSE fsync method if there are data
to push.
- Add a PND_OPEN flag to keep track of open files. Checking non NULL
fh is not enough, as some filesystems will always set fh to 0.
- Add a sync diagnostic flag, to watch fsync and dirty flag activity.
Make the fh diagnostic flag more verbose
- Send the fh in setattr (it was hardcoded to 0)
I am now able to build libperfuse in a glusterfs mounted filesystem. Yeah!
- Designed to be fully MP-safe and highly efficient.
- Tables/IP sets (hash or red-black tree) for high performance lookups.
- Stateful filtering and Network Address Port Translation (NAPT).
Framework for application level gateways (ALGs).
- Packet inspection engine called n-code processor - inspired by BPF -
supporting generic RISC-like and specific CISC-like instructions for
common patterns (e.g. IPv4 address matching). See npf_ncode(9) manual.
- Convenient userland utility npfctl(8) with npf.conf(8).
NOTE: This is not yet a fully capable alternative to PF or IPFilter.
Further work (support for binat/rdr, return-rst/return-icmp, common ALGs,
state saving/restoring, logging, etc) is in progress.
Thanks a lot to Matt Thomas for various useful comments and code review.
Aye by: board@
and remove renameing _Rune* -> _NBRune* namespace protection.
FreeBSD traditionaly exposes struct _Rune* in runetype.h
which included by ctype.h. it may cause conflicting type error
in our cross build process, former we use renaming namespace
to avoid this problem, now i reworked more resonable way.
2. merge rune_local.h to runetype_local.h, and remove it.
3. split bsdctype.h -> bsdctype_{file,local}.h
2. do not use _CTYPE_NUM_CHARS macro to read data from LC_CTYPE(old BSDCTYPE style) database.
because 1<<CHAR_BIT is MD, so i added MI macro _CTYPE_CACHE_SIZE(1<<8).
3. remove _NB_CACHED_RUNE macro, use _CTYPE_CACHE_SIZE instead.
pfs(8) is a tool similar to ipfs(8) but for pf(4). It allows the admin to
dump internal configuration of pf, and restore at a latter point, after a
maintenance reboot for example, in a transparent way for user.
This work has been done mostly during my GSoC 2009
No objections on tech-net@
the rump kernel just attaches to / in said rump kernel instance.
This is mostly useful in case wanting to see what nodes components
create (see Makefile).
not built without manual intervention
They implement a space efficent write-once database with fast access
path. Switch the services(5) database to use cdb. The size of the
database file decreases from 2.1MB disk space to 307KB. Access
performance is about the same if setservent(0) is used and about an
order of magnitude faster otherwise. services_mkdb defaults to the new
format, but can optionally create the old db(3) format as well for
statically linked legacy applications.
that assembles /etc/mtree/NetBSD.dist. Instead, use the Makefile's
new target, emit_dist_file, to assemble the correct NetBSD.dist.
Previously, 'postinstall -m amd64 -s $SRC_TOP' would install a
NetBSD.dist that was missing /usr/lib/i386/ et cetera.
rmind