2e6f2099c6
- Designed to be fully MP-safe and highly efficient. - Tables/IP sets (hash or red-black tree) for high performance lookups. - Stateful filtering and Network Address Port Translation (NAPT). Framework for application level gateways (ALGs). - Packet inspection engine called n-code processor - inspired by BPF - supporting generic RISC-like and specific CISC-like instructions for common patterns (e.g. IPv4 address matching). See npf_ncode(9) manual. - Convenient userland utility npfctl(8) with npf.conf(8). NOTE: This is not yet a fully capable alternative to PF or IPFilter. Further work (support for binat/rdr, return-rst/return-icmp, common ALGs, state saving/restoring, logging, etc) is in progress. Thanks a lot to Matt Thomas for various useful comments and code review. Aye by: board@ |
||
|---|---|---|
| .. | ||
| copyright | ||
| debugsyms.c | ||
| files | ||
| majors | ||
| Makefile.kern.inc | ||
| mkldscript.sh | ||
| newvers_stand.sh | ||
| newvers.sh | ||
| osrelease.sh | ||
| param.c | ||
| std | ||