Cross Reference: /src/sys/dist/pf/net

History log of /src/sys/dist/pf/net
Revision	Date	Author	Comments
1.3	19-Jun-2008	yamt	remove pf42 branch's todo.
1.2	18-Jun-2008	yamt	merge yamt-pf42 branch. (import newer pf from OpenBSD 4.2) ok'ed by peter@. requested by core@
1.1	19-Apr-2008	yamt	branches: 1.1.2; 1.1.6; file TODO was initially added on branch yamt-pf42.
1.1.6.2	27-Jun-2008	simonb	Sync with head.
1.1.6.1	18-Jun-2008	simonb	Sync with head.
1.1.2.6	06-Jun-2008	christos	sync TODO with reality.
1.1.2.5	05-Jun-2008	joerg	Fix up pf_modulate_sack as discussed with christos@.
1.1.2.4	16-May-2008	peter	Move the items about ALTQ, LKM load/unload and pf groups to DONE.
1.1.2.3	23-Apr-2008	peter	Remove "XXXPF incomplete".
1.1.2.2	23-Apr-2008	peter	Add a few to do items.
1.1.2.1	19-Apr-2008	yamt	Peter Postma's work-in-progress pf import from OpenBSD 4.2. updated to -current by me.
1.2	18-Jun-2008	yamt	branches: 1.2.2; 1.2.4; merge yamt-pf42 branch. (import newer pf from OpenBSD 4.2) ok'ed by peter@. requested by core@
1.1	19-Apr-2008	yamt	branches: 1.1.1; 1.1.2; 1.1.4; 1.1.6; file if_compat.c was initially added on branch yamt-pf42.
1.1.6.1	18-Jun-2008	simonb	Sync with head.
1.1.4.1	04-May-2009	yamt	sync with head.
1.1.2.3	23-Apr-2008	peter	Remove "XXXPF incomplete".
1.1.2.2	23-Apr-2008	peter	Putting bpfilter.h/pf.h/pflog.h under _KERNEL_OPT was a mistake, revert this.
1.1.2.1	19-Apr-2008	yamt	Peter Postma's work-in-progress pf import from OpenBSD 4.2. updated to -current by me.
1.1.1.1	01-Dec-2009	martti	Import PF from OpenBSD 4.2
1.2.4.2	29-Jun-2008	mjf	Sync with HEAD.
1.2.4.1	18-Jun-2008	mjf	file if_compat.c was added on branch mjf-devfs2 on 2008-06-29 09:33:12 +0000
1.2.2.2	23-Jun-2008	wrstuden	Add files to branch that were added on -current. After this, all that's left of update is to merge some changes that had conflicts.
1.2.2.1	18-Jun-2008	wrstuden	file if_compat.c was added on branch wrstuden-revivesa on 2008-06-23 05:02:13 +0000
1.2	18-Jun-2008	yamt	branches: 1.2.2; 1.2.4; merge yamt-pf42 branch. (import newer pf from OpenBSD 4.2) ok'ed by peter@. requested by core@
1.1	19-Apr-2008	yamt	branches: 1.1.1; 1.1.2; 1.1.4; 1.1.6; file if_compat.h was initially added on branch yamt-pf42.
1.1.6.1	18-Jun-2008	simonb	Sync with head.
1.1.4.1	04-May-2009	yamt	sync with head.
1.1.2.1	19-Apr-2008	yamt	Peter Postma's work-in-progress pf import from OpenBSD 4.2. updated to -current by me.
1.1.1.1	01-Dec-2009	martti	Import PF from OpenBSD 4.2
1.2.4.2	29-Jun-2008	mjf	Sync with HEAD.
1.2.4.1	18-Jun-2008	mjf	file if_compat.h was added on branch mjf-devfs2 on 2008-06-29 09:33:12 +0000
1.2.2.2	23-Jun-2008	wrstuden	Add files to branch that were added on -current. After this, all that's left of update is to merge some changes that had conflicts.
1.2.2.1	18-Jun-2008	wrstuden	file if_compat.h was added on branch wrstuden-revivesa on 2008-06-23 05:02:13 +0000
1.22	29-Jan-2020	thorpej	Adopt <net/if_stats.h>.
1.21	26-Jun-2018	msaitoh	branches: 1.21.2; 1.21.8; Implement the BPF direction filter (BIOC[GS]DIRECTION). It provides backward compatibility with BIOC[GS]SEESENT ioctl. The userland interface is the same as FreeBSD. This change also fixes a bug that the direction is misunderstand on some environment by passing the direction to bpf_mtap*() instead of checking m->m_pkthdr.rcvif.
1.20	28-Apr-2016	ozaki-r	branches: 1.20.16; Constify rtentry of if_output We no longer need to change rtentry below if_output. The change makes it clear where rtentries are changed (or not) and helps forthcoming locking (os psrefing) rtentries.
1.19	20-Aug-2015	christos	include "ioconf.h" to get the 'void <driver>attach(int count);' prototype.
1.18	12-Apr-2010	ahoka	branches: 1.18.18; 1.18.36; - Make the pf and pflog driver able to detach. - Add code for module support. Original patch from Jared McNeill
1.17	05-Apr-2010	joerg	Push the bpf_ops usage back into bpf.h. Push the common ifp->if_bpf check into the inline functions as well the fourth argument for bpf_attach.
1.16	19-Jan-2010	pooka	branches: 1.16.2; 1.16.4; Redefine bpf linkage through an always present op vector, i.e. #if NBPFILTER is no longer required in the client. This change doesn't yet add support for loading bpf as a module, since drivers can register before bpf is attached. However, callers of bpf can now be modularized. Dynamically loadable bpf could probably be done fairly easily with coordination from the stub driver and the real driver by registering attachments in the stub before the real driver is loaded and doing a handoff. ... and I'm not going to ponder the depths of unload here. Tested with i386/MONOLITHIC, modified MONOLITHIC without bpf and rump.
1.15	28-Jul-2009	minskim	Remove LKM code from pf.
1.14	19-Dec-2008	cegger	use M_ZERO on malloc() and remove subsequent bzero().
1.13	07-Nov-2008	dyoung	* Summary * When a link-layer address changes (e.g., ifconfig ex0 link 02:de:ad:be:ef:02 active), send a gratuitous ARP and/or a Neighbor Advertisement to update the network-/link-layer address bindings on our LAN peers. Refuse a change of ethernet address to the address 00:00:00:00:00:00 or to any multicast/broadcast address. (Thanks matt@.) Reorder ifnet ioctl operations so that driver ioctls may inherit the functions of their "class"---ether_ioctl(), fddi_ioctl(), et cetera---and the class ioctls may inherit from the generic ioctl, ifioctl_common(), but both driver- and class-ioctls may override the generic behavior. Make network drivers share more code. Distinguish a "factory" link-layer address from others for the purposes of both protecting that address from deletion and computing EUI64. Return consistent, appropriate error codes from network drivers. Improve readability. KNF. * Details * In if_attach(), always initialize the interface ioctl routine, ifnet->if_ioctl, if the driver has not already initialized it. Delete if_ioctl == NULL tests everywhere else, because it cannot happen. In the ioctl routines of network interfaces, inherit common ioctl behaviors by calling either ifioctl_common() or whichever ioctl routine is appropriate for the class of interface---e.g., ether_ioctl() for ethernets. Stop (ab)using SIOCSIFADDR and start to use SIOCINITIFADDR. In the user->kernel interface, SIOCSIFADDR's argument was an ifreq, but on the protocol->ifnet interface, SIOCSIFADDR's argument was an ifaddr. That was confusing, and it would work against me as I make it possible for a network interface to overload most ioctls. On the protocol->ifnet interface, replace SIOCSIFADDR with SIOCINITIFADDR. In ifioctl(), return EPERM if userland tries to invoke SIOCINITIFADDR. In ifioctl(), give the interface the first shot at handling most interface ioctls, and give the protocol the second shot, instead of the other way around. Finally, let compatibility code (COMPAT_OSOCK) take a shot. Pull device initialization out of switch statements under SIOCINITIFADDR. For example, pull ..._init() out of any switch statement that looks like this: switch (...->sa_family) { case ...: ..._init(); ... break; ... default: ..._init(); ... break; } Rewrite many if-else clauses that handle all permutations of IFF_UP and IFF_RUNNING to use a switch statement, switch (x & (IFF_UP\|IFF_RUNNING)) { case 0: ... break; case IFF_RUNNING: ... break; case IFF_UP: ... break; case IFF_UP\|IFF_RUNNING: ... break; } unifdef lots of code containing #ifdef FreeBSD, #ifdef NetBSD, and #ifdef SIOCSIFMTU, especially in fwip(4) and in ndis(4). In ipw(4), remove an if_set_sadl() call that is out of place. In nfe(4), reuse the jumbo MTU logic in ether_ioctl(). Let ethernets register a callback for setting h/w state such as promiscuous mode and the multicast filter in accord with a change in the if_flags: ether_set_ifflags_cb() registers a callback that returns ENETRESET if the caller should reset the ethernet by calling if_init(), 0 on success, != 0 on failure. Pull common code from ex(4), gem(4), nfe(4), sip(4), tlp(4), vge(4) into ether_ioctl(), and register if_flags callbacks for those drivers. Return ENOTTY instead of EINVAL for inappropriate ioctls. In zyd(4), use ENXIO instead of ENOTTY to indicate that the device is not any longer attached. Add to if_set_sadl() a boolean 'factory' argument that indicates whether a link-layer address was assigned by the factory or some other source. In a comment, recommend using the factory address for generating an EUI64, and update in6_get_hw_ifid() to prefer a factory address to any other link-layer address. Add a routing message, RTM_LLINFO_UPD, that tells protocols to update the binding of network-layer addresses to link-layer addresses. Implement this message in IPv4 and IPv6 by sending a gratuitous ARP or a neighbor advertisement, respectively. Generate RTM_LLINFO_UPD messages on a change of an interface's link-layer address. In ether_ioctl(), do not let SIOCALIFADDR set a link-layer address that is broadcast/multicast or equal to 00:00:00:00:00:00. Make ether_ioctl() call ifioctl_common() to handle ioctls that it does not understand. In gif(4), initialize if_softc and use it, instead of assuming that the gif_softc and ifp overlap. Let ifioctl_common() handle SIOCGIFADDR. Sprinkle rtcache_invariants(), which checks on DIAGNOSTIC kernels that certain invariants on a struct route are satisfied. In agr(4), rewrite agr_ioctl_filter() to be a bit more explicit about the ioctls that we do not allow on an agr(4) member interface. bzero -> memset. Delete unnecessary casts to void . Use sockaddr_in_init() and sockaddr_in6_init(). Compare pointers with NULL instead of "testing truth". Replace some instances of (type )0 with NULL. Change some K&R prototypes to ANSI C, and join lines.
1.12	18-Jun-2008	yamt	branches: 1.12.2; 1.12.4; merge yamt-pf42 branch. (import newer pf from OpenBSD 4.2) ok'ed by peter@. requested by core@
1.11	11-Dec-2007	lukem	branches: 1.11.8; 1.11.10; 1.11.12; 1.11.14; 1.11.16; use __KERNEL_RCSID()
1.10	04-Mar-2007	christos	branches: 1.10.16; 1.10.24; 1.10.26; 1.10.28; Kill caddr_t; there will be some MI fallout, but it will be fixed shortly.
1.9	17-Feb-2007	dyoung	KNF: de-__P, bzero -> memset, bcmp -> memcmp. Remove extraneous parentheses in return statements. Cosmetic: don't open-code TAILQ_FOREACH(). Cosmetic: change types of variables to avoid oodles of casts: in in6_src.c, avoid casts by changing several route_in6 pointers to struct route pointers. Remove unnecessary casts to caddr_t elsewhere. Pave the way for eliminating address family-specific route caches: soon, struct route will not embed a sockaddr, but it will hold a reference to an external sockaddr, instead. We will set the destination sockaddr using rtcache_setdst(). (I created a stub for it, but it isn't used anywhere, yet.) rtcache_free() will free the sockaddr. I have extracted from rtcache_free() a helper subroutine, rtcache_clear(). rtcache_clear() will "forget" a cached route, but it will not forget the destination by releasing the sockaddr. I use rtcache_clear() instead of rtcache_free() in rtcache_update(), because rtcache_update() is not supposed to forget the destination. Constify: 1 Introduce const accessor for route->ro_dst, rtcache_getdst(). 2 Constify the 'dst' argument to ifnet->if_output(). This led me to constify a lot of code called by output routines. 3 Constify the sockaddr argument to protosw->pr_ctlinput. This led me to constify a lot of code called by ctlinput routines. 4 Introduce const macros for converting from a generic sockaddr to family-specific sockaddrs, e.g., sockaddr_in: satocsin6, satocsin, et cetera.
1.8	16-Nov-2006	christos	branches: 1.8.4; __unused removal on arguments; approved by core.
1.7	12-Oct-2006	christos	- sprinkle __unused on function decls. - fix a couple of unused bugs - no more -Wno-unused for i386
1.6	11-Dec-2005	christos	branches: 1.6.20; 1.6.22; merge ktrace-lwp.
1.5	14-Nov-2004	yamt	branches: 1.5.12; resolve conflicts. (pf from OpenBSD 3.6, kernel part)
1.4	10-Sep-2004	yamt	pflog_packet: use bpf_mtap2(). (our bpf_mtap() is more "strict" about mbufs than openbsd's one is. eg. M_PKTHDR should be set properly.)
1.3	29-Jun-2004	itojun	branches: 1.3.2; make PF lkm working. from Peter Postma and Joel Wilsson. remove pf_ioctl_head/pf_newif_head, which was never used.
1.2	22-Jun-2004	itojun	PF from openbsd 3.5. missing features: - pfsync (due to protocol # assignment issues) - carp (not really a PF portion, but thought important to mention) - PF and ALTQ are mutually-exclusive. this will be sorted out when kjc@csl.sony.co.jp updates ALTQ and PF (and API inbetween) reviewed by matt, christos, perry torture-test is very welcomed.
1.1	22-Jun-2004	itojun	branches: 1.1.1; Initial revision
1.1.1.3	01-Dec-2009	martti	Import PF from OpenBSD 4.2
1.1.1.2	14-Nov-2004	yamt	import pf from OpenBSD 3.6. (kernel part)
1.1.1.1	22-Jun-2004	itojun	PF from OpenBSD 3.5
1.3.2.5	29-Nov-2004	skrll	Sync with HEAD.
1.3.2.4	21-Sep-2004	skrll	Fix the sync with head I botched.
1.3.2.3	18-Sep-2004	skrll	Sync with HEAD.
1.3.2.2	03-Aug-2004	skrll	Sync with HEAD
1.3.2.1	29-Jun-2004	skrll	file if_pflog.c was added on branch ktrace-lwp on 2004-08-03 10:52:23 +0000
1.5.12.4	21-Jan-2008	yamt	sync with head
1.5.12.3	03-Sep-2007	yamt	sync with head.
1.5.12.2	26-Feb-2007	yamt	sync with head.
1.5.12.1	30-Dec-2006	yamt	sync with head.
1.6.22.2	10-Dec-2006	yamt	sync with head.
1.6.22.1	22-Oct-2006	yamt	sync with head
1.6.20.1	18-Nov-2006	ad	Sync with head.
1.8.4.2	12-Mar-2007	rmind	Sync with HEAD.
1.8.4.1	27-Feb-2007	yamt	- sync with head. - move sched_changepri back to kern_synch.c as it doesn't know PPQ anymore.
1.10.28.1	13-Dec-2007	bouyer	Sync with HEAD
1.10.26.1	11-Dec-2007	yamt	sync with head.
1.10.24.1	26-Dec-2007	ad	Sync with head.
1.10.16.1	09-Jan-2008	matt	sync with HEAD
1.11.16.1	18-Jun-2008	simonb	Sync with head.
1.11.14.1	23-Jun-2008	wrstuden	Sync w/ -current. 34 merge conflicts to follow.
1.11.12.4	11-Aug-2010	yamt	sync with head.
1.11.12.3	11-Mar-2010	yamt	sync with head
1.11.12.2	19-Aug-2009	yamt	sync with head.
1.11.12.1	04-May-2009	yamt	sync with head.
1.11.10.2	23-Apr-2008	peter	Putting bpfilter.h/pf.h/pflog.h under _KERNEL_OPT was a mistake, revert this.
1.11.10.1	19-Apr-2008	yamt	Peter Postma's work-in-progress pf import from OpenBSD 4.2. updated to -current by me.
1.11.8.2	17-Jan-2009	mjf	Sync with HEAD.
1.11.8.1	29-Jun-2008	mjf	Sync with HEAD.
1.12.4.1	19-Jan-2009	skrll	Sync with HEAD.
1.12.2.1	13-Dec-2008	haad	Update haad-dm branch to haad-dm-base2.
1.16.4.1	30-May-2010	rmind	sync with head
1.16.2.1	30-Apr-2010	uebayasi	Sync with HEAD.
1.18.36.2	29-May-2016	skrll	Sync with HEAD
1.18.36.1	22-Sep-2015	skrll	Sync with HEAD
1.18.18.1	03-Dec-2017	jdolecek	update from HEAD
1.20.16.1	28-Jul-2018	pgoyette	Sync with HEAD
1.21.8.1	29-Feb-2020	ad	Sync with head.
1.21.2.1	08-Apr-2020	martin	Merge changes from current as of 20200406
1.5	18-Jun-2008	yamt	merge yamt-pf42 branch. (import newer pf from OpenBSD 4.2) ok'ed by peter@. requested by core@
1.4	11-Dec-2005	christos	branches: 1.4.70; 1.4.72; 1.4.74; 1.4.76; 1.4.78; merge ktrace-lwp.
1.3	14-Nov-2004	yamt	resolve conflicts. (pf from OpenBSD 3.6, kernel part)
1.2	22-Jun-2004	itojun	branches: 1.2.2; PF from openbsd 3.5. missing features: - pfsync (due to protocol # assignment issues) - carp (not really a PF portion, but thought important to mention) - PF and ALTQ are mutually-exclusive. this will be sorted out when kjc@csl.sony.co.jp updates ALTQ and PF (and API inbetween) reviewed by matt, christos, perry torture-test is very welcomed.
1.1	22-Jun-2004	itojun	branches: 1.1.1; Initial revision
1.1.1.3	01-Dec-2009	martti	Import PF from OpenBSD 4.2
1.1.1.2	14-Nov-2004	yamt	import pf from OpenBSD 3.6. (kernel part)
1.1.1.1	22-Jun-2004	itojun	PF from OpenBSD 3.5
1.2.2.5	29-Nov-2004	skrll	Sync with HEAD.
1.2.2.4	21-Sep-2004	skrll	Fix the sync with head I botched.
1.2.2.3	18-Sep-2004	skrll	Sync with HEAD.
1.2.2.2	03-Aug-2004	skrll	Sync with HEAD
1.2.2.1	22-Jun-2004	skrll	file if_pflog.h was added on branch ktrace-lwp on 2004-08-03 10:52:23 +0000
1.4.78.1	18-Jun-2008	simonb	Sync with head.
1.4.76.1	23-Jun-2008	wrstuden	Sync w/ -current. 34 merge conflicts to follow.
1.4.74.1	04-May-2009	yamt	sync with head.
1.4.72.1	19-Apr-2008	yamt	Peter Postma's work-in-progress pf import from OpenBSD 4.2. updated to -current by me.
1.4.70.1	29-Jun-2008	mjf	Sync with HEAD.
1.23	05-Jul-2024	rin	sys: Drop redundant NULL check before m_freem(9) m_freem(9) safely has accepted NULL argument at least since 4.2BSD: https://www.tuhs.org/cgi-bin/utree.pl?file=4.2BSD/usr/src/sys/sys/uipc_mbuf.c Compile-tested on amd64/ALL. Suggested by knakahara@
1.22	10-Mar-2021	christos	branches: 1.22.24; remove htons, it is pointless (thanks joerg@)
1.21	10-Mar-2021	christos	remove args from ip_randomid() (John D. Baker). When does this file get built?
1.20	29-Jan-2020	thorpej	branches: 1.20.6; Adopt <net/if_stats.h>.
1.19	22-Dec-2018	maxv	branches: 1.19.6; Replace M_ALIGN and MH_ALIGN by m_align.
1.18	14-Sep-2018	maxv	Use non-variadic function pointer in protosw::pr_input.
1.17	27-Jun-2018	msaitoh	branches: 1.17.2; Add missing BPF_D_OUT. Reported by John D. Baker.
1.16	26-Jun-2018	msaitoh	Implement the BPF direction filter (BIOC[GS]DIRECTION). It provides backward compatibility with BIOC[GS]SEESENT ioctl. The userland interface is the same as FreeBSD. This change also fixes a bug that the direction is misunderstand on some environment by passing the direction to bpf_mtap*() instead of checking m->m_pkthdr.rcvif.
1.15	21-Jun-2016	ozaki-r	branches: 1.15.16; Replace ifp of ip_moptions and ip6_moptions with if_index The motivation is the same as the mbuf's rcvif case; avoid having a pointer of an ifnet object in ip_moptions and ip6_moptions, which is not MP-safe. ip_moptions and ip6_moptions can be stored in a PCB for inet or inet6 that's life time is different from ifnet one and so an ifnet object can be disappeared anytime we get it via them. Thus we need to look up an ifnet object by if_index every time for safe.
1.14	10-Jun-2016	ozaki-r	Avoid storing a pointer of an interface in a mbuf Having a pointer of an interface in a mbuf isn't safe if we remove big kernel locks; an interface object (ifnet) can be destroyed anytime in any packet processing and accessing such object via a pointer is racy. Instead we have to get an object from the interface collection (ifindex2ifnet) via an interface index (if_index) that is stored to a mbuf instead of an pointer. The change provides two APIs: m_{get,put}_rcvif_psref that use psref(9) for sleep-able critical sections and m_{get,put}_rcvif that use pserialize(9) for other critical sections. The change also adds another API called m_get_rcvif_NOMPSAFE, that is NOT MP-safe and for transition moratorium, i.e., it is intended to be used for places where are not planned to be MP-ified soon. The change adds some overhead due to psref to performance sensitive paths, however the overhead is not serious, 2% down at worst. Proposed on tech-kern and tech-net.
1.13	10-Jun-2016	ozaki-r	Introduce m_set_rcvif and m_reset_rcvif The API is used to set (or reset) a received interface of a mbuf. They are counterpart of m_get_rcvif, which will come in another commit, hide internal of rcvif operation, and reduce the diff of the upcoming change. No functional change.
1.12	28-Apr-2016	ozaki-r	Constify rtentry of if_output We no longer need to change rtentry below if_output. The change makes it clear where rtentries are changed (or not) and helps forthcoming locking (os psrefing) rtentries.
1.11	20-Aug-2015	christos	include "ioconf.h" to get the 'void <driver>attach(int count);' prototype.
1.10	06-Mar-2014	nonaka	branches: 1.10.6; remove unused variable to avoid warning from gcc 4.8.
1.9	22-Mar-2012	drochner	branches: 1.9.2; 1.9.4; remove KAME IPSEC, replaced by FAST_IPSEC
1.8	19-Dec-2011	drochner	do missing ipsec->kame_ipsec renames
1.7	05-Nov-2010	rmind	branches: 1.7.8; 1.7.12; ip_randomid: make mechanism MP-safe and more modular. OK matt@
1.6	05-Apr-2010	joerg	Push the bpf_ops usage back into bpf.h. Push the common ifp->if_bpf check into the inline functions as well the fourth argument for bpf_attach.
1.5	23-Jan-2010	minskim	branches: 1.5.2; 1.5.4; Fix a typo introduced by the bpf linkage change.
1.4	19-Jan-2010	pooka	Redefine bpf linkage through an always present op vector, i.e. #if NBPFILTER is no longer required in the client. This change doesn't yet add support for loading bpf as a module, since drivers can register before bpf is attached. However, callers of bpf can now be modularized. Dynamically loadable bpf could probably be done fairly easily with coordination from the stub driver and the real driver by registering attachments in the stub before the real driver is loaded and doing a handoff. ... and I'm not going to ponder the depths of unload here. Tested with i386/MONOLITHIC, modified MONOLITHIC without bpf and rump.
1.3	14-Sep-2009	degroote	Import pfsync support from OpenBSD 4.2 Pfsync interface exposes change in the pf(4) over a pseudo-interface, and can be used to synchronise different pf. This work was part of my 2009 GSoC No objection on tech-net@
1.2	22-Jun-2004	itojun	branches: 1.2.58; PF from openbsd 3.5. missing features: - pfsync (due to protocol # assignment issues) - carp (not really a PF portion, but thought important to mention) - PF and ALTQ are mutually-exclusive. this will be sorted out when kjc@csl.sony.co.jp updates ALTQ and PF (and API inbetween) reviewed by matt, christos, perry torture-test is very welcomed.
1.1	22-Jun-2004	itojun	branches: 1.1.1; Initial revision
1.1.1.4	01-Dec-2009	martti	Import PF from OpenBSD 4.2
1.1.1.3	01-Jul-2005	peter	Import pf from OpenBSD 3.7 (kernel part).
1.1.1.2	14-Nov-2004	yamt	import pf from OpenBSD 3.6. (kernel part)
1.1.1.1	22-Jun-2004	itojun	PF from OpenBSD 3.5
1.2.58.3	11-Aug-2010	yamt	sync with head.
1.2.58.2	11-Mar-2010	yamt	sync with head
1.2.58.1	16-Sep-2009	yamt	sync with head
1.5.4.2	05-Mar-2011	rmind	sync with head
1.5.4.1	30-May-2010	rmind	sync with head
1.5.2.2	06-Nov-2010	uebayasi	Sync with HEAD.
1.5.2.1	30-Apr-2010	uebayasi	Sync with HEAD.
1.7.12.2	05-Apr-2012	mrg	sync to latest -current.
1.7.12.1	18-Feb-2012	mrg	merge to -current.
1.7.8.2	22-May-2014	yamt	sync with head. for a reference, the tree before this commit was tagged as yamt-pagecache-tag8. this commit was splitted into small chunks to avoid a limitation of cvs. ("Protocol error: too many arguments")
1.7.8.1	17-Apr-2012	yamt	sync with head
1.9.4.1	18-May-2014	rmind	sync with head
1.9.2.2	03-Dec-2017	jdolecek	update from HEAD
1.9.2.1	20-Aug-2014	tls	Rebase to HEAD as of a few days ago.
1.10.6.3	09-Jul-2016	skrll	Sync with HEAD
1.10.6.2	29-May-2016	skrll	Sync with HEAD
1.10.6.1	22-Sep-2015	skrll	Sync with HEAD
1.15.16.3	26-Dec-2018	pgoyette	Sync with HEAD, resolve a few conflicts
1.15.16.2	30-Sep-2018	pgoyette	Ssync with HEAD
1.15.16.1	28-Jul-2018	pgoyette	Sync with HEAD
1.17.2.2	08-Apr-2020	martin	Merge changes from current as of 20200406
1.17.2.1	10-Jun-2019	christos	Sync with HEAD
1.19.6.1	29-Feb-2020	ad	Sync with head.
1.20.6.1	03-Apr-2021	thorpej	Sync with HEAD.
1.22.24.1	02-Aug-2025	perseant	Sync with HEAD
1.4	14-Sep-2018	maxv	Use non-variadic function pointer in protosw::pr_input.
1.3	14-Sep-2009	degroote	branches: 1.3.62; 1.3.64; Import pfsync support from OpenBSD 4.2 Pfsync interface exposes change in the pf(4) over a pseudo-interface, and can be used to synchronise different pf. This work was part of my 2009 GSoC No objection on tech-net@
1.2	22-Jun-2004	itojun	branches: 1.2.58; PF from openbsd 3.5. missing features: - pfsync (due to protocol # assignment issues) - carp (not really a PF portion, but thought important to mention) - PF and ALTQ are mutually-exclusive. this will be sorted out when kjc@csl.sony.co.jp updates ALTQ and PF (and API inbetween) reviewed by matt, christos, perry torture-test is very welcomed.
1.1	22-Jun-2004	itojun	branches: 1.1.1; Initial revision
1.1.1.4	01-Dec-2009	martti	Import PF from OpenBSD 4.2
1.1.1.3	01-Jul-2005	peter	Import pf from OpenBSD 3.7 (kernel part).
1.1.1.2	14-Nov-2004	yamt	import pf from OpenBSD 3.6. (kernel part)
1.1.1.1	22-Jun-2004	itojun	PF from OpenBSD 3.5
1.2.58.1	16-Sep-2009	yamt	sync with head
1.3.64.1	10-Jun-2019	christos	Sync with HEAD
1.3.62.1	30-Sep-2018	pgoyette	Ssync with HEAD
1.87	04-Nov-2022	ozaki-r	inpcb: rename functions to in6pcb_*
1.86	04-Nov-2022	ozaki-r	inpcb: rename functions to inpcb_* Inspired by rmind-smpnet patches.
1.85	28-Oct-2022	ozaki-r	Adjust pf, wg, dccp and sctp for struct inpcb integration
1.84	10-Aug-2020	rin	Clean up _LKM --> _MODULE leftovers. Note that _KERNEL is always defined for modules.
1.83	03-Sep-2018	riastradh	Rename min/max -> uimin/uimax for better honesty. These functions are defined on unsigned int. The generic name min/max should not silently truncate to 32 bits on 64-bit systems. This is purely a name change -- no functional change intended. HOWEVER! Some subsystems have #define min(a, b) ((a) < (b) ? (a) : (b)) #define max(a, b) ((a) > (b) ? (a) : (b)) even though our standard name for that is MIN/MAX. Although these may invite multiple evaluation bugs, these do _not_ cause integer truncation. To avoid `fixing' these cases, I first changed the name in libkern, and then compile-tested every file where min/max occurred in order to confirm that it failed -- and thus confirm that nothing shadowed min/max -- before changing it. I have left a handful of bootloaders that are too annoying to compile-test, and some dead code: cobalt ews4800mips hp300 hppa ia64 luna68k vax acorn32/if_ie.c (not included in any kernels) macppc/if_gm.c (superseded by gem(4)) It should be easy to fix the fallout once identified -- this way of doing things fails safe, and the goal here, after all, is to _avoid_ silent integer truncations, not introduce them. Maybe one day we can reintroduce min/max as type-generic things that never silently truncate. But we should avoid doing that for a while, so that existing code has a chance to be detected by the compiler for conversion to uimin/uimax without changing the semantics until we can properly audit it all. (Who knows, maybe in some cases integer truncation is actually intended!)
1.82	11-Jul-2018	maxv	Rename ip_undefer_csum -> in_undefer_cksum in_delayed_cksum -> in_undefer_cksum_tcpudp The two previous names were inconsistent and misleading. Put the two functions into in_offload.c. Add comments to explain what we're doing. The same could be done for IPv6.
1.81	03-May-2018	maxv	branches: 1.81.2; Remove m_copy completely.
1.80	19-Feb-2018	christos	branches: 1.80.2; It is normal for socket credentials to be missing for incoming sockets, so don't warn.
1.79	18-Feb-2018	christos	PR/53036: Alexander Nasonov: 'block user' in pf's ruleset panics 8.0_BETA Check for NULL.
1.78	09-Feb-2018	maxv	Oh, what is this. Fix a remotely-triggerable integer overflow: the way we define TCPOLEN_SACK makes it unsigned, and the comparison in the while() is unsigned too. That's not the expected behavior, the original code wanted a signed comparison. It's pretty easy to make 'hlen' go negative and trigger a buffer overflow. This bug was reported 8 years ago by Lucio Albornoz in PR/44059.
1.77	31-Oct-2017	christos	PR/52682: David Binderman: Fix wrong assignment (in the !__NetBSD__ code)
1.76	14-Feb-2017	ozaki-r	branches: 1.76.6; Do ND in L2_output in the same manner as arpresolve The benefits of this change are: - The flow is consistent with IPv4 (and FreeBSD and OpenBSD) - old: ip6_output => nd6_output (do ND if needed) => L2_output (lookup a stored cache) - new: ip6_output => L2_output (lookup a cache. Do ND if cache not found) - We can remove some workarounds in nd6_output - We can move L2 specific operations to their own place - The performance slightly improves because one cache lookup is reduced
1.75	08-Dec-2016	ozaki-r	branches: 1.75.2; Add rtcache_unref to release points of rtentry stemming from rtcache In the MP-safe world, a rtentry stemming from a rtcache can be freed at any points. So we need to protect rtentries somehow say by reference couting or passive references. Regardless of the method, we need to call some release function of a rtentry after using it. The change adds a new function rtcache_unref to release a rtentry. At this point, this function does nothing because for now we don't add a reference to a rtentry when we get one from a rtcache. We will add something useful in a further commit. This change is a part of changes for MP-safe routing table. It is separated to avoid one big change that makes difficult to debug by bisecting.
1.74	20-Jun-2016	knakahara	branches: 1.74.2; apply if_output_lock() to L3 callers which call ifp->if_output() of L2(or L3 tunneling).
1.73	10-Jun-2016	ozaki-r	Introduce m_set_rcvif and m_reset_rcvif The API is used to set (or reset) a received interface of a mbuf. They are counterpart of m_get_rcvif, which will come in another commit, hide internal of rcvif operation, and reduce the diff of the upcoming change. No functional change.
1.72	25-Jul-2014	ozaki-r	branches: 1.72.2; 1.72.4; 1.72.6; 1.72.10; Unbreak the build of pf
1.71	05-Jun-2014	rmind	- Implement pktqueue interface for lockless IP input queue. - Replace ipintrq and ip6intrq with the pktqueue mechanism. - Eliminate kernel-lock from ipintr() and ip6intr(). - Some preparation work to push softnet_lock out of ipintr(). Discussed on tech-net.
1.70	20-Oct-2013	christos	branches: 1.70.2; fix compiler warnings
1.69	22-Mar-2012	drochner	branches: 1.69.2; 1.69.4; remove KAME IPSEC, replaced by FAST_IPSEC
1.68	19-Dec-2011	drochner	branches: 1.68.2; 1.68.6; 1.68.8; do missing ipsec->kame_ipsec renames
1.67	19-Nov-2011	tls	branches: 1.67.2; First step of random number subsystem rework described in <20111022023242.BA26F14A158@mail.netbsd.org>. This change includes the following: An initial cleanup and minor reorganization of the entropy pool code in sys/dev/rnd.c and sys/dev/rndpool.c. Several bugs are fixed. Some effort is made to accumulate entropy more quickly at boot time. A generic interface, "rndsink", is added, for stream generators to request that they be re-keyed with good quality entropy from the pool as soon as it is available. The arc4random()/arc4randbytes() implementation in libkern is adjusted to use the rndsink interface for rekeying, which helps address the problem of low-quality keys at boot time. An implementation of the FIPS 140-2 statistical tests for random number generator quality is provided (libkern/rngtest.c). This is based on Greg Rose's implementation from Qualcomm. A new random stream generator, nist_ctr_drbg, is provided. It is based on an implementation of the NIST SP800-90 CTR_DRBG by Henric Jungheim. This generator users AES in a modified counter mode to generate a backtracking-resistant random stream. An abstraction layer, "cprng", is provided for in-kernel consumers of randomness. The arc4random/arc4randbytes API is deprecated for in-kernel use. It is replaced by "cprng_strong". The current cprng_fast implementation wraps the existing arc4random implementation. The current cprng_strong implementation wraps the new CTR_DRBG implementation. Both interfaces are rekeyed from the entropy pool automatically at intervals justifiable from best current cryptographic practice. In some quick tests, cprng_fast() is about the same speed as the old arc4randbytes(), and cprng_strong() is about 20% faster than rnd_extract_data(). Performance is expected to improve. The AES code in src/crypto/rijndael is no longer an optional kernel component, as it is required by cprng_strong, which is not an optional kernel component. The entropy pool output is subjected to the rngtest tests at startup time; if it fails, the system will reboot. There is approximately a 3/10000 chance of a false positive from these tests. Entropy pool _input_ from hardware random numbers is subjected to the rngtest tests at attach time, as well as the FIPS continuous-output test, to detect bad or stuck hardware RNGs; if any are detected, they are detached, but the system continues to run. A problem with rndctl(8) is fixed -- datastructures with pointers in arrays are no longer passed to userspace (this was not a security problem, but rather a major issue for compat32). A new kernel will require a new rndctl. The sysctl kern.arandom() and kern.urandom() nodes are hooked up to the new generators, but the /dev/*random pseudodevices are not, yet. Manual pages for the new kernel interfaces are forthcoming.
1.66	29-Aug-2011	jmcneill	branches: 1.66.2; build pf module with WARNS=3, and remove the need for -Wno-shadow
1.65	03-May-2011	dyoung	Reduces the resources demanded by TCP sessions in TIME_WAIT-state using methods called Vestigial Time-Wait (VTW) and Maximum Segment Lifetime Truncation (MSLT). MSLT and VTW were contributed by Coyote Point Systems, Inc. Even after a TCP session enters the TIME_WAIT state, its corresponding socket and protocol control blocks (PCBs) stick around until the TCP Maximum Segment Lifetime (MSL) expires. On a host whose workload necessarily creates and closes down many TCP sockets, the sockets & PCBs for TCP sessions in TIME_WAIT state amount to many megabytes of dead weight in RAM. Maximum Segment Lifetimes Truncation (MSLT) assigns each TCP session to a class based on the nearness of the peer. Corresponding to each class is an MSL, and a session uses the MSL of its class. The classes are loopback (local host equals remote host), local (local host and remote host are on the same link/subnet), and remote (local host and remote host communicate via one or more gateways). Classes corresponding to nearer peers have lower MSLs by default: 2 seconds for loopback, 10 seconds for local, 60 seconds for remote. Loopback and local sessions expire more quickly when MSLT is used. Vestigial Time-Wait (VTW) replaces a TIME_WAIT session's PCB/socket dead weight with a compact representation of the session, called a "vestigial PCB". VTW data structures are designed to be very fast and memory-efficient: for fast insertion and lookup of vestigial PCBs, the PCBs are stored in a hash table that is designed to minimize the number of cacheline visits per lookup/insertion. The memory both for vestigial PCBs and for elements of the PCB hashtable come from fixed-size pools, and linked data structures exploit this to conserve memory by representing references with a narrow index/offset from the start of a pool instead of a pointer. When space for new vestigial PCBs runs out, VTW makes room by discarding old vestigial PCBs, oldest first. VTW cooperates with MSLT. It may help to think of VTW as a "FIN cache" by analogy to the SYN cache. A 2.8-GHz Pentium 4 running a test workload that creates TIME_WAIT sessions as fast as it can is approximately 17% idle when VTW is active versus 0% idle when VTW is inactive. It has 103 megabytes more free RAM when VTW is active (approximately 64k vestigial PCBs are created) than when it is inactive.
1.64	07-May-2010	degroote	branches: 1.64.2; Add support for pfs(8) pfs(8) is a tool similar to ipfs(8) but for pf(4). It allows the admin to dump internal configuration of pf, and restore at a latter point, after a maintenance reboot for example, in a transparent way for user. This work has been done mostly during my GSoC 2009 No objections on tech-net@
1.63	12-Apr-2010	ahoka	- Make the pf and pflog driver able to detach. - Add code for module support. Original patch from Jared McNeill
1.62	12-Apr-2010	skrll	Spello in comment.
1.61	19-Jan-2010	pooka	branches: 1.61.2; 1.61.4; Redefine bpf linkage through an always present op vector, i.e. #if NBPFILTER is no longer required in the client. This change doesn't yet add support for loading bpf as a module, since drivers can register before bpf is attached. However, callers of bpf can now be modularized. Dynamically loadable bpf could probably be done fairly easily with coordination from the stub driver and the real driver by registering attachments in the stub before the real driver is loaded and doing a handoff. ... and I'm not going to ponder the depths of unload here. Tested with i386/MONOLITHIC, modified MONOLITHIC without bpf and rump.
1.60	30-Dec-2009	elad	Replace uidinfo.h with kauth.h, should fix problems observed by tron@.
1.59	30-Dec-2009	elad	Use the right member to store gid in the non-NetBSD case. Pointed out by uebayasi@ and cegger@, thanks!
1.58	30-Dec-2009	elad	Get uid/gid from the socket's credentials.
1.57	14-Sep-2009	degroote	Import pfsync support from OpenBSD 4.2 Pfsync interface exposes change in the pf(4) over a pseudo-interface, and can be used to synchronise different pf. This work was part of my 2009 GSoC No objection on tech-net@
1.56	28-Jul-2009	minskim	Remove LKM code from pf.
1.55	16-Jun-2009	minskim	Reduce diff with OpenBSD. No functional change.
1.54	13-Apr-2009	christos	Fix http://www.securityfocus.com/archive/1/502634, from OpenBSD. XXX: should be pulled up to 5.x
1.53	11-Oct-2008	pooka	branches: 1.53.2; 1.53.4; 1.53.8; Move uidinfo to its own module in kern_uidinfo.c and include in rump. No functional change to uidinfo.
1.52	18-Jun-2008	yamt	branches: 1.52.2; merge yamt-pf42 branch. (import newer pf from OpenBSD 4.2) ok'ed by peter@. requested by core@
1.51	15-Apr-2008	thorpej	branches: 1.51.2; 1.51.4; 1.51.6; 1.51.8; Make ip6 and icmp6 stats per-cpu.
1.50	12-Apr-2008	thorpej	Make IP, TCP, UDP, and ICMP statistics per-CPU. The stats are collated when the user requests them via sysctl.
1.49	08-Apr-2008	thorpej	Change ICMP6 stats from a structure to an array of uint64_t's. Note: This is ABI-compatible with the old icmp6stat structure; old netstat binaries will continue to work properly.
1.48	08-Apr-2008	thorpej	Change TCP stats from a structure to an array of uint64_t's. Note: This is ABI-compatible with the old tcpstat structure; old netstat binaries will continue to work properly.
1.47	07-Apr-2008	thorpej	Change IP stats from a structure to an array of uint64_t's. Note: This is ABI-compatible with the old ipstat structure; old netstat binaries will continue to work properly.
1.46	06-Apr-2008	thorpej	Change UDP stats from a structure to an array of uint64_t's. Note: This is ABI-compatible with the old icmpstat structure; old netstat binaries will continue to work properly.
1.45	06-Apr-2008	thorpej	Change ICMP stats from a structure to an array of uint64_t's. Note: This is ABI-compatible with the old icmpstat structure; old netstat binaries will continue to work properly.
1.44	14-Jan-2008	dyoung	branches: 1.44.6; Change rtcache_init()+rtcache_getrt() and rtcache_init_noclone()+rtcache_getrt() to single rtcache_init() and rtcache_init_clone() calls.
1.43	20-Dec-2007	dyoung	Poison struct route->ro_rt uses in the kernel by changing the name to _ro_rt. Use rtcache_getrt() to access a route cache's struct rtentry *. Introduce struct ifnet->if_dl that always points at the interface identifier/link-layer address. Make code that treated the first ifaddr on struct ifnet->if_addrlist as the interface address use if_dl, instead. Remove stale debugging code from net/route.c. Move the rtflush() code into rtcache_clear() and delete rtflush(). Delete rtalloc(), because nothing uses it any more. Make ND6_HINT an inline, lowercase subroutine, nd6_hint. I've done my best to convert IP Filter, the ISO stack, and the AppleTalk stack to rtcache_getrt(). They compile, but I have not tested them. I have given the changes to PF, GRE, IPv4 and IPv6 stacks a lot of exercise.
1.42	11-Dec-2007	lukem	use __KERNEL_RCSID()
1.41	28-Nov-2007	dyoung	branches: 1.41.2; 1.41.4; 1.41.6; Bug fix: make pf_route() set M_CSUM_IPV4 before calling ip_fragment(). If you use a route-to rule such as 'pass out quick on ath0 route-to gre2 all', and the MTU on gre2 is smaller than the MTU on ath0, then pf_route() will fragment your packet by calling ip_fragment(). Because pf_route() did not set M_CSUM_IPv4, ip_fragment() would not compute the checksum on the fragments, and PF would send IP fragments with bad checksums out of gre2.
1.40	07-Aug-2007	yamt	branches: 1.40.2; 1.40.8; reduce diff.
1.39	17-May-2007	christos	branches: 1.39.2; 1.39.6; Coverity CID 3157: remove bogus break.
1.38	10-May-2007	dyoung	pfctl: extend pf.conf(5) syntax. Let the operator supply an optional "state lock" flag (if-bound, gr-bound, floating) at the end of a NAT rule. The new syntax is backwards-compatbile with the old syntax. PF (kernel): change the macro BOUND_IFACE() to the inline function bound_iface(), and add a new argument, the applicable NAT rule. Use both the flags on the applicable filter rule and on the applicable NAT rule to decide whether or not to bind a state to the interface or the group where it is created.
1.37	02-May-2007	dyoung	Eliminate address family-specific route caches (struct route, struct route_in6, struct route_iso), replacing all caches with a struct route. The principle benefit of this change is that all of the protocol families can benefit from route cache-invalidation, which is necessary for correct routing. Route-cache invalidation fixes an ancient PR, kern/3508, at long last; it fixes various other PRs, also. Discussions with and ideas from Joerg Sonnenberger influenced this work tremendously. Of course, all design oversights and bugs are mine. DETAILS 1 I added to each address family a pool of sockaddrs. I have introduced routines for allocating, copying, and duplicating, and freeing sockaddrs: struct sockaddr sockaddr_alloc(sa_family_t af, int flags); struct sockaddr sockaddr_copy(struct sockaddr dst, const struct sockaddr src); struct sockaddr sockaddr_dup(const struct sockaddr src, int flags); void sockaddr_free(struct sockaddr sa); sockaddr_alloc() returns either a sockaddr from the pool belonging to the specified family, or NULL if the pool is exhausted. The returned sockaddr has the right size for that family; sa_family and sa_len fields are initialized to the family and sockaddr length---e.g., sa_family = AF_INET and sa_len = sizeof(struct sockaddr_in). sockaddr_free() puts the given sockaddr back into its family's pool. sockaddr_dup() and sockaddr_copy() work analogously to strdup() and strcpy(), respectively. sockaddr_copy() KASSERTs that the family of the destination and source sockaddrs are alike. The 'flags' argumet for sockaddr_alloc() and sockaddr_dup() is passed directly to pool_get(9). 2 I added routines for initializing sockaddrs in each address family, sockaddr_in_init(), sockaddr_in6_init(), sockaddr_iso_init(), etc. They are fairly self-explanatory. 3 structs route_in6 and route_iso are no more. All protocol families use struct route. I have changed the route cache, 'struct route', so that it does not contain storage space for a sockaddr. Instead, struct route points to a sockaddr coming from the pool the sockaddr belongs to. I added a new method to struct route, rtcache_setdst(), for setting the cache destination: int rtcache_setdst(struct route , const struct sockaddr *); rtcache_setdst() returns 0 on success, or ENOMEM if no memory is available to create the sockaddr storage. It is now possible for rtcache_getdst() to return NULL if, say, rtcache_setdst() failed. I check the return value for NULL everywhere in the kernel. 4 Each routing domain (struct domain) has a list of live route caches, dom_rtcache. rtflushall(sa_family_t af) looks up the domain indicated by 'af', walks the domain's list of route caches and invalidates each one.
1.36	04-Mar-2007	christos	branches: 1.36.2; 1.36.4; Kill caddr_t; there will be some MI fallout, but it will be fixed shortly.
1.35	17-Feb-2007	dyoung	In pf_rtlabel_match, use rtcache_free()/rtcache_init(). This is just cosmetic, since the whole routine is presently #if 0'd.
1.34	15-Dec-2006	joerg	branches: 1.34.2; Introduce new helper functions to abstract the route caching. rtcache_init and rtcache_init_noclone lookup ro_dst and store the result in ro_rt, taking care of the reference counting and calling the domain specific route cache. rtcache_free checks if a route was cashed and frees the reference. rtcache_copy copies ro_dst of the given struct route, checking that enough space is available and incrementing the reference count of the cached rtentry if necessary. rtcache_check validates that the cached route is still up. If it isn't, it tries to look it up again. Afterwards ro_rt is either a valid again or NULL. rtcache_copy is used internally. Adjust to callers of rtalloc/rtflush in the tree to check the sanity of ro_dst first (if necessary). If it doesn't fit the expectations, free the cache, otherwise check if the cached route is still valid. After that combination, a single check for ro_rt == NULL is enough to decide whether a new lookup needs to be done with a different ro_dst. Make the route checking in gre stricter by repeating the loop check after revalidation. Remove some unused RADIX_MPATH code in in6_src.c. The logic is slightly changed here to first validate the route and check RTF_GATEWAY afterwards. This is sementically equivalent though. etherip doesn't need sc_route_expire similiar to the gif changes from dyoung@ earlier. Based on the earlier patch from dyoung@, reviewed and discussed with him.
1.33	13-Dec-2006	matt	Don't apply a window scale to the window size in a SYN packet.
1.32	09-Dec-2006	dyoung	Here are various changes designed to protect against bad IPv4 routing caused by stale route caches (struct route). Route caches are sprinkled throughout PCBs, the IP fast-forwarding table, and IP tunnel interfaces (gre, gif, stf). Stale IPv6 and ISO route caches will be treated by separate patches. Thank you to Christoph Badura for suggesting the general approach to invalidating route caches that I take here. Here are the details: Add hooks to struct domain for tracking and for invalidating each domain's route caches: dom_rtcache, dom_rtflush, and dom_rtflushall. Introduce helper subroutines, rtflush(ro) for invalidating a route cache, rtflushall(family) for invalidating all route caches in a routing domain, and rtcache(ro) for notifying the domain of a new cached route. Chain together all IPv4 route caches where ro_rt != NULL. Provide in_rtcache() for adding a route to the chain. Provide in_rtflush() and in_rtflushall() for invalidating IPv4 route caches. In in_rtflush(), set ro_rt to NULL, and remove the route from the chain. In in_rtflushall(), walk the chain and remove every route cache. In rtrequest1(), call rtflushall() to invalidate route caches when a route is added. In gif(4), discard the workaround for stale caches that involves expiring them every so often. Replace the pattern 'RTFREE(ro->ro_rt); ro->ro_rt = NULL;' with a call to rtflush(ro). Update ipflow_fastforward() and all other users of route caches so that they expect a cached route, ro->ro_rt, to turn to NULL. Take care when moving a 'struct route' to rtflush() the source and to rtcache() the destination. In domain initializers, use .dom_xxx tags. KNF here and there.
1.31	04-Dec-2006	dyoung	Indent these macros for readability. People have to read this code, too.
1.30	04-Dec-2006	dyoung	Lightly constify. Helps compile-time checking that we are not scribbling over shared or read-only memory---e.g., in mbufs.
1.29	04-Dec-2006	dyoung	No need for a struct route_in6 in pf_route6(). Replace it with a sockaddr_in6. In pf_calc_mss(), factor common code out of PF_INET and PF_INET6 switch cases.
1.28	16-Nov-2006	christos	branches: 1.28.2; 1.28.8; __unused removal on arguments; approved by core.
1.27	12-Oct-2006	peter	Merge the peter-altq branch. (sync with KAME & add support for using ALTQ with pf(4)).
1.26	12-Oct-2006	christos	- sprinkle __unused on function decls. - fix a couple of unused bugs - no more -Wno-unused for i386
1.25	07-Oct-2006	peter	PR/34746: Nino Dehne: pf(4)'s synproxy state breaks when used with tags Apply OpenBSD src/sys/net/pf.c rev 1.486 and 1.487: 1.486: When synproxy sends packets to the destination host, make sure to copy the 'tag' from the original state entry into the outgoing mbuf. 1.487: When synproxy completes the replayed handshake and modifies the state into a normal one, it sets both peers' sequence windows. Fix a bug where the previously advertised windows are applied to the wrong side (i.e. peer A's seqhi is peer A's seqlo plus peer B's, not A's, window). This went undetected because mostly the windows are similar and/or re- advertised soon. But there are (rare) cases where a synproxy'd connection would stall right after handshake. Found by Gleb Smirnoff.
1.24	01-Oct-2006	pavel	In pf, there are lots of #ifdef ALTQ, but our ALTQ is not what pf expects, and if ALTQ and pf are both enabled, it leads to compile errors. So, change all tests for ALTQ to ALTQ_NEW, which won't be defined. This allows simultaneous compilation of pf and ALTQ and is a temporary measure before the peter-altq brach is merged. Tested and approved by Peter Postma.
1.23	14-May-2006	christos	branches: 1.23.8; 1.23.10; XXX: GCC uninitialized
1.22	11-May-2006	mrg	quell GCC 4.1 uninitialised variable warnings. XXX: we should audit the tree for which old ones are no longer needed after getting the older compilers out of the tree..
1.21	19-Feb-2006	peter	branches: 1.21.2; 1.21.4; 1.21.6; Fix TCP/UDP checksum handling as pointed out by Daniel Hartmeier in: http://mail-index.netbsd.org/tech-net/2006/01/21/0000.html. Problem reported and patch tested by der Mouse & Nino Dehne (PR/32874).
1.20	07-Feb-2006	rpaulo	In pf_socket_lookup() fix copy & paste problem when in6_pcblookup_bind() returns NULL.
1.19	11-Dec-2005	christos	branches: 1.19.2; 1.19.4; 1.19.6; merge ktrace-lwp.
1.18	23-Oct-2005	christos	Adjust for icmp_error signature.
1.17	01-Jul-2005	peter	branches: 1.17.2; 1.17.4; Resolve conflicts (pf from OpenBSD 3.7, kernel part).
1.16	15-Jun-2005	lukem	Use an "XXXGCC -Wuninitalized" style that is consistent with that used elsewhere in the tree.
1.15	14-Jun-2005	jmc	Cleanup XXGCC in a few places to make it easier to see.
1.14	13-Jun-2005	jmc	Fix unitialized warnings that only crop up on m68k. XXGCC taggedd
1.13	07-May-2005	christos	more fallout from so_uid -> so_uidinfo.
1.12	14-Feb-2005	peter	branches: 1.12.4; Merge in a fix from OPENBSD_3_6. ok yamt@ > MFC: > Fix by dhartmei@ > > ICMP state entries use the ICMP ID as port for the unique state key. When > checking for a usable key, construct the key in the same way. Otherwise, > a colliding key might be missed or a state insertion might be refused even > though it could be inserted. The second case triggers the endless loop > fixed by 1.474, possibly allowing a NATed LAN client to lock up the kernel. > Report and test data by Srebrenko Sehic.
1.11	21-Dec-2004	peter	branches: 1.11.2; 1.11.4; Apply a patch from OPENBSD_3_6 branch (ok yamt). MFC: Fix by dhartmei@ IPv6 packets can contain headers (like options) before the TCP/UDP/ICMP6 header. pf finds the first TCP/UDP/ICMP6 header to filter by traversing the header chain. In the case where headers are skipped, the protocol checksum verification used the wrong length (included the skipped headers), leading to incorrectly mismatching checksums. Such IPv6 packets with headers were silently dropped. Reported by Bernhard Schmidt. ok deraadt@ dhartmei@ mcbride@
1.10	21-Dec-2004	peter	Apply a patch from OPENBSD_3_6 branch (ok yamt). MFC: Fix by mcbride@ Initialise init_addr in pf_map_addr() in the PF_POOL_ROUNDROBIN, prevents a possible endless loop in pf_get_sport() with 'static-port' Reported by adm at celeritystorm dot com in FreeBSD PR74930, debugging by dhartmei@ ok mcbride@ dhartmei@ deraadt@ henning@
1.9	21-Dec-2004	yamt	pf_check_proto_cksum: use {tcp,udp}_input_checksum so that we can: - handle loopback checksum omission properly. - profit from h/w checksum offloading.
1.8	05-Dec-2004	peter	Apply a patch from OpenBSD 3.6 branch (ok yamt@). MFC: Fix by dhartmei@ fix a bug that leads to a crash when binat rules of the form 'binat from ... to ... -> (if)' are used, where the interface is dynamic. reported by kos(at)bastard(dot)net, analyzed by Pyun YongHyeon.
1.7	21-Nov-2004	peter	Apply a patch from the OPENBSD_3_6 branch, ok itojun. MFC: Fix by dhartmei@ The flag to re-filter pf-generated packets was set wrong by synproxy for ACKs. It should filter the ACK replayed to the server, instead of of the one to the client.
1.6	21-Nov-2004	peter	Apply a patch from the OPENBSD_3_6 branch, ok itojun. MFC: Fix by dhartmei@ For RST generated due to state mismatch during handshake, don't set th_flags TH_ACK and leave th_ack 0, just like the RST generated by the stack in this case. Fixes the Raptor workaround.
1.5	14-Nov-2004	yamt	resolve conflicts. (pf from OpenBSD 3.6, kernel part)
1.4	08-Sep-2004	yamt	remove no longer needed caddr_t casts to reduce diffs from openbsd.
1.3	22-Jun-2004	martin	branches: 1.3.2; Fix formatting for 64 bit archs. This fixes PR port-sparc64/26010. While there, make it compile for non-INET6 aware kernels.
1.2	22-Jun-2004	itojun	PF from openbsd 3.5. missing features: - pfsync (due to protocol # assignment issues) - carp (not really a PF portion, but thought important to mention) - PF and ALTQ are mutually-exclusive. this will be sorted out when kjc@csl.sony.co.jp updates ALTQ and PF (and API inbetween) reviewed by matt, christos, perry torture-test is very welcomed.
1.1	22-Jun-2004	itojun	branches: 1.1.1; Initial revision
1.1.1.4	01-Dec-2009	martti	Import PF from OpenBSD 4.2
1.1.1.3	01-Jul-2005	peter	Import pf from OpenBSD 3.7 (kernel part).
1.1.1.2	14-Nov-2004	yamt	import pf from OpenBSD 3.6. (kernel part)
1.1.1.1	22-Jun-2004	itojun	PF from OpenBSD 3.5
1.3.2.9	10-Nov-2005	skrll	Sync with HEAD. Here we go again...
1.3.2.8	15-Feb-2005	skrll	Sync with HEAD.
1.3.2.7	17-Jan-2005	skrll	Sync with HEAD.
1.3.2.6	18-Dec-2004	skrll	Sync with HEAD.
1.3.2.5	29-Nov-2004	skrll	Sync with HEAD.
1.3.2.4	21-Sep-2004	skrll	Fix the sync with head I botched.
1.3.2.3	18-Sep-2004	skrll	Sync with HEAD.
1.3.2.2	03-Aug-2004	skrll	Sync with HEAD
1.3.2.1	22-Jun-2004	skrll	file pf.c was added on branch ktrace-lwp on 2004-08-03 10:52:23 +0000
1.11.4.1	19-Mar-2005	yamt	sync with head. xen and whitespace. xen part is not finished.
1.11.2.1	29-Apr-2005	kent	sync with -current
1.12.4.4	20-Feb-2006	tron	Pull up following revision(s) (requested by peter in ticket #1177): sys/dist/pf/net/pf.c: revision 1.21 Fix TCP/UDP checksum handling as pointed out by Daniel Hartmeier in: http://mail-index.netbsd.org/tech-net/2006/01/21/0000.html. Problem reported and patch tested by der Mouse & Nino Dehne (PR/32874).
1.12.4.3	15-Aug-2005	tron	Pull up revision 1.16 (requested by peter in ticket #658): Use an "XXXGCC -Wuninitalized" style that is consistent with that used elsewhere in the tree.
1.12.4.2	15-Aug-2005	tron	Pull up revision 1.15 (requested by peter in ticket #658): Cleanup XXGCC in a few places to make it easier to see.
1.12.4.1	15-Aug-2005	tron	Pull up revision 1.14 (requested by peter in ticket #658): Fix unitialized warnings that only crop up on m68k. XXGCC taggedd
1.17.4.1	26-Oct-2005	yamt	sync with head
1.17.2.6	21-Jan-2008	yamt	sync with head
1.17.2.5	07-Dec-2007	yamt	sync with head
1.17.2.4	03-Sep-2007	yamt	sync with head.
1.17.2.3	26-Feb-2007	yamt	sync with head.
1.17.2.2	30-Dec-2006	yamt	sync with head.
1.17.2.1	21-Jun-2006	yamt	sync with head.
1.19.6.2	01-Jun-2006	kardel	Sync with head.
1.19.6.1	22-Apr-2006	simonb	Sync with head.
1.19.4.1	09-Sep-2006	rpaulo	sync with head
1.19.2.2	01-Mar-2006	yamt	sync with head.
1.19.2.1	18-Feb-2006	yamt	sync with head.
1.21.6.2	24-May-2006	tron	Merge 2006-05-24 NetBSD-current into the "peter-altq" branch.
1.21.6.1	18-Mar-2006	peter	Fix a GCC warning.
1.21.4.1	11-May-2006	elad	sync with head
1.21.2.1	24-May-2006	yamt	sync with head.
1.23.10.3	18-Dec-2006	yamt	sync with head.
1.23.10.2	10-Dec-2006	yamt	sync with head.
1.23.10.1	22-Oct-2006	yamt	sync with head
1.23.8.2	12-Jan-2007	ad	Sync with head.
1.23.8.1	18-Nov-2006	ad	Sync with head.
1.28.8.1	15-Apr-2009	snj	Pull up following revision(s) (requested by christos in ticket #1305): sys/dist/pf/net/pf.c: revision 1.54 via patch Fix http://www.securityfocus.com/archive/1/502634, from OpenBSD.
1.28.2.1	15-Apr-2009	snj	Pull up following revision(s) (requested by christos in ticket #1305): sys/dist/pf/net/pf.c: revision 1.54 via patch Fix http://www.securityfocus.com/archive/1/502634, from OpenBSD.
1.34.2.4	17-May-2007	yamt	sync with head.
1.34.2.3	07-May-2007	yamt	sync with head.
1.34.2.2	12-Mar-2007	rmind	Sync with HEAD.
1.34.2.1	27-Feb-2007	yamt	- sync with head. - move sched_changepri back to kern_synch.c as it doesn't know PPQ anymore.
1.36.4.1	11-Jul-2007	mjf	Sync with head.
1.36.2.2	20-Aug-2007	ad	Sync with HEAD.
1.36.2.1	08-Jun-2007	ad	Sync with head.
1.39.6.2	03-Dec-2007	joerg	Sync with HEAD.
1.39.6.1	09-Aug-2007	jmcneill	Sync with HEAD.
1.39.2.1	15-Aug-2007	skrll	Sync with HEAD.
1.40.8.3	18-Feb-2008	mjf	Sync with HEAD.
1.40.8.2	27-Dec-2007	mjf	Sync with HEAD.
1.40.8.1	08-Dec-2007	mjf	Sync with HEAD.
1.40.2.2	23-Mar-2008	matt	sync with HEAD
1.40.2.1	09-Jan-2008	matt	sync with HEAD
1.41.6.3	19-Jan-2008	bouyer	Sync with HEAD
1.41.6.2	02-Jan-2008	bouyer	Sync with HEAD
1.41.6.1	13-Dec-2007	bouyer	Sync with HEAD
1.41.4.1	11-Dec-2007	yamt	sync with head.
1.41.2.1	26-Dec-2007	ad	Sync with head.
1.44.6.3	17-Jan-2009	mjf	Sync with HEAD.
1.44.6.2	29-Jun-2008	mjf	Sync with HEAD.
1.44.6.1	02-Jun-2008	mjf	Sync with HEAD.
1.51.8.1	18-Jun-2008	simonb	Sync with head.
1.51.6.1	23-Jun-2008	wrstuden	Sync w/ -current. 34 merge conflicts to follow.
1.51.4.6	11-Aug-2010	yamt	sync with head.
1.51.4.5	11-Mar-2010	yamt	sync with head
1.51.4.4	16-Sep-2009	yamt	sync with head
1.51.4.3	19-Aug-2009	yamt	sync with head.
1.51.4.2	20-Jun-2009	yamt	sync with head
1.51.4.1	04-May-2009	yamt	sync with head.
1.51.2.9	06-Jun-2008	christos	Use macros to make ifdefs smaller; enable pid, gid for NetBSD
1.51.2.8	05-Jun-2008	joerg	Fix up pf_modulate_sack as discussed with christos@.
1.51.2.7	04-Jun-2008	joerg	Add some explicit casts to make it build on AMD64.
1.51.2.6	29-Apr-2008	peter	Pass the direction (PF_IN/PF_OUT) to pf_check_proto_cksum and skip input checksumming when direction != PF_IN, as suggested by yamt@.
1.51.2.5	24-Apr-2008	peter	Add PACKET_TAG_ALTQ_QID and use it for pf/ALTQ. The ALTQ code compiles now. ok yamt@
1.51.2.4	23-Apr-2008	peter	pfdetach: stop the purge thread.
1.51.2.3	23-Apr-2008	peter	Putting bpfilter.h/pf.h/pflog.h under _KERNEL_OPT was a mistake, revert this.
1.51.2.2	19-Apr-2008	yamt	pf_routable: use the return value of rtcache_init instead of ro.ro_rt.
1.51.2.1	19-Apr-2008	yamt	Peter Postma's work-in-progress pf import from OpenBSD 4.2. updated to -current by me.
1.52.2.1	19-Oct-2008	haad	Sync with HEAD.
1.53.8.2	23-Jul-2009	jym	Sync with HEAD.
1.53.8.1	13-May-2009	jym	Sync with HEAD. Commit is split, to avoid a "too many arguments" protocol error.
1.53.4.1	14-Apr-2009	jdc	Pull up revision 1.54 (requested by christos in ticket #702). Fix http://www.securityfocus.com/archive/1/502634, from OpenBSD.
1.53.2.1	28-Apr-2009	skrll	Sync with HEAD.
1.61.4.2	31-May-2011	rmind	sync with head
1.61.4.1	30-May-2010	rmind	sync with head
1.61.2.2	17-Aug-2010	uebayasi	Sync with HEAD.
1.61.2.1	30-Apr-2010	uebayasi	Sync with HEAD.
1.64.2.1	06-Jun-2011	jruoho	Sync with HEAD.
1.66.2.2	22-May-2014	yamt	sync with head. for a reference, the tree before this commit was tagged as yamt-pagecache-tag8. this commit was splitted into small chunks to avoid a limitation of cvs. ("Protocol error: too many arguments")
1.66.2.1	17-Apr-2012	yamt	sync with head
1.67.2.2	05-Apr-2012	mrg	sync to latest -current.
1.67.2.1	18-Feb-2012	mrg	merge to -current.
1.68.8.1	10-Feb-2018	snj	Pull up following revision(s) (requested by maxv in ticket #1527): sys/dist/pf/net/pf.c: revision 1.78 via patch Oh, what is this. Fix a remotely-triggerable integer overflow: the way we define TCPOLEN_SACK makes it unsigned, and the comparison in the while() is unsigned too. That's not the expected behavior, the original code wanted a signed comparison. It's pretty easy to make 'hlen' go negative and trigger a buffer overflow. This bug was reported 8 years ago by Lucio Albornoz in PR/44059.
1.68.6.1	10-Feb-2018	snj	Pull up following revision(s) (requested by maxv in ticket #1527): sys/dist/pf/net/pf.c: revision 1.78 via patch Oh, what is this. Fix a remotely-triggerable integer overflow: the way we define TCPOLEN_SACK makes it unsigned, and the comparison in the while() is unsigned too. That's not the expected behavior, the original code wanted a signed comparison. It's pretty easy to make 'hlen' go negative and trigger a buffer overflow. This bug was reported 8 years ago by Lucio Albornoz in PR/44059.
1.68.2.1	10-Feb-2018	snj	Pull up following revision(s) (requested by maxv in ticket #1527): sys/dist/pf/net/pf.c: revision 1.78 via patch Oh, what is this. Fix a remotely-triggerable integer overflow: the way we define TCPOLEN_SACK makes it unsigned, and the comparison in the while() is unsigned too. That's not the expected behavior, the original code wanted a signed comparison. It's pretty easy to make 'hlen' go negative and trigger a buffer overflow. This bug was reported 8 years ago by Lucio Albornoz in PR/44059.
1.69.4.3	18-May-2014	rmind	sync with head
1.69.4.2	23-Sep-2013	rmind	- Add some initial locking to the IPv4 PCB. - Rename inpcb_lookup_*() routines to be more accurate and add comments. - Add some comments about connection life-cycle WRT socket layer.
1.69.4.1	17-Jul-2013	rmind	Checkpoint work in progress: - Move PCB structures under __INPCB_PRIVATE, adjust most of the callers and thus make IPv4 PCB structures mostly opaque. Any volunteers for merging in6pcb with inpcb (see rpaulo-netinet-merge-pcb branch)? - Move various global vars to the modules where they belong, make them static. - Some preliminary work for IPv4 PCB locking scheme. - Make raw IP code mostly MP-safe. Simplify some of it. - Rework "fast" IP forwarding (ipflow) code to be mostly MP-safe. It should run from a software interrupt, rather than hard. - Rework tun(4) pseudo interface to be MP-safe. - Work towards making some other interfaces more strict.
1.69.2.2	03-Dec-2017	jdolecek	update from HEAD
1.69.2.1	20-Aug-2014	tls	Rebase to HEAD as of a few days ago.
1.70.2.1	10-Aug-2014	tls	Rebase.
1.72.10.1	10-Feb-2018	snj	Pull up following revision(s) (requested by maxv in ticket #1565): sys/dist/pf/net/pf.c: revision 1.78 via patch Oh, what is this. Fix a remotely-triggerable integer overflow: the way we define TCPOLEN_SACK makes it unsigned, and the comparison in the while() is unsigned too. That's not the expected behavior, the original code wanted a signed comparison. It's pretty easy to make 'hlen' go negative and trigger a buffer overflow. This bug was reported 8 years ago by Lucio Albornoz in PR/44059.
1.72.6.1	10-Feb-2018	snj	Pull up following revision(s) (requested by maxv in ticket #1565): sys/dist/pf/net/pf.c: revision 1.78 via patch Oh, what is this. Fix a remotely-triggerable integer overflow: the way we define TCPOLEN_SACK makes it unsigned, and the comparison in the while() is unsigned too. That's not the expected behavior, the original code wanted a signed comparison. It's pretty easy to make 'hlen' go negative and trigger a buffer overflow. This bug was reported 8 years ago by Lucio Albornoz in PR/44059.
1.72.4.3	28-Aug-2017	skrll	Sync with HEAD
1.72.4.2	05-Feb-2017	skrll	Sync with HEAD
1.72.4.1	09-Jul-2016	skrll	Sync with HEAD
1.72.2.1	10-Feb-2018	snj	Pull up following revision(s) (requested by maxv in ticket #1565): sys/dist/pf/net/pf.c: revision 1.78 via patch Oh, what is this. Fix a remotely-triggerable integer overflow: the way we define TCPOLEN_SACK makes it unsigned, and the comparison in the while() is unsigned too. That's not the expected behavior, the original code wanted a signed comparison. It's pretty easy to make 'hlen' go negative and trigger a buffer overflow. This bug was reported 8 years ago by Lucio Albornoz in PR/44059.
1.74.2.2	20-Mar-2017	pgoyette	Sync with HEAD
1.74.2.1	07-Jan-2017	pgoyette	Sync with HEAD. (Note that most of these changes are simply $NetBSD$ tag issues.)
1.75.2.1	21-Apr-2017	bouyer	Sync with HEAD
1.76.6.2	26-Feb-2018	snj	Pull up following revision(s) (requested by alnsn in ticket #570): sys/dist/pf/net/pf.c: 1.79-1.80 PR/53036: Alexander Nasonov: 'block user' in pf's ruleset panics 8.0_BETA Check for NULL. -- It is normal for socket credentials to be missing for incoming sockets, so don't warn.
1.76.6.1	10-Feb-2018	snj	Pull up following revision(s) (requested by maxv in ticket #540): sys/dist/pf/net/pf.c: 1.77-1.78 PR/52682: David Binderman: Fix wrong assignment (in the !__NetBSD__ code) Oh, what is this. Fix a remotely-triggerable integer overflow: the way we define TCPOLEN_SACK makes it unsigned, and the comparison in the while() is unsigned too. That's not the expected behavior, the original code wanted a signed comparison. It's pretty easy to make 'hlen' go negative and trigger a buffer overflow. This bug was reported 8 years ago by Lucio Albornoz in PR/44059.
1.80.2.3	06-Sep-2018	pgoyette	Sync with HEAD Resolve a couple of conflicts (result of the uimin/uimax changes)
1.80.2.2	28-Jul-2018	pgoyette	Sync with HEAD
1.80.2.1	21-May-2018	pgoyette	Sync with HEAD
1.81.2.1	10-Jun-2019	christos	Sync with HEAD
1.33	14-Mar-2017	ozaki-r	Use if_acquire and if_release instead of using psref API directly - Provide if_release for consistency to if_acquire - Use if_acquire and if_release for ifp iterations - Make ifnet_psref_class static
1.32	26-Dec-2016	christos	branches: 1.32.2; pfil(9) improvements to handle address changes: Add: PFIL_IFADDR call on interface reconfig (mbuf is ioctl #) PFIL_IFNET call on interface attach/detach (mbuf is PFIL_IFNET_*) from rmind@
1.31	20-Jul-2016	ozaki-r	Apply pserialize to some iterations of IP address lists
1.30	07-Jul-2016	ozaki-r	branches: 1.30.2; Switch the address list of intefaces to pslist(9) As usual, we leave the old list to avoid breaking kvm(3) users.
1.29	22-Jun-2016	ozaki-r	Remove unnecessary NULL checks of ifa->ifa_addr If it's NULL, it should be a bug. There many IFADDR_FOREACH that don't do NULL check. If it can be NULL, they should fire already.
1.28	16-Jun-2016	ozaki-r	Use curlwp_bind and curlwp_bindx instead of open-coding LP_BOUND
1.27	12-May-2016	ozaki-r	Protect ifnet list with psz and psref The change ensures that ifnet objects in the ifnet list aren't freed during list iterations by using pserialize(9) and psref(9). Note that the change adds a pslist(9) for ifnet but doesn't remove the original ifnet list (ifnet_list) to avoid breaking kvm(3) users. We shouldn't use the original list in the kernel anymore.
1.26	17-May-2014	rmind	branches: 1.26.4; Fix previous.
1.25	17-May-2014	rmind	- Move IFNET_*() macros under #ifdef _KERNEL. - Replace TAILQ_FOREACH on ifnet with IFNET_FOREACH().
1.24	01-Jul-2013	skrll	branches: 1.24.4; PFIL_HOOKS is dead.
1.23	30-Jun-2013	njoly	Fix pf module build. Adjust pfil_remove_hook 3rd arguments.
1.22	30-Jun-2013	rmind	Update pf to pfil(9) changes. Missed in previous commit.
1.21	12-Apr-2010	ahoka	branches: 1.21.8; 1.21.18; 1.21.22; - Make the pf and pflog driver able to detach. - Add code for module support. Original patch from Jared McNeill
1.20	06-Dec-2009	dsl	branches: 1.20.2; 1.20.4; If pfi_address_add() has to extend the buffer, copy the data in the right direction! Fixes PR/41939.
1.19	28-Jul-2009	minskim	Remove LKM code from pf.
1.18	19-Dec-2008	cegger	use M_ZERO on malloc() and remove subsequent bzero().
1.17	19-Dec-2008	cegger	pass M_NOWAIT instead of M_DONTWAIT to malloc.
1.16	18-Jun-2008	yamt	branches: 1.16.4; merge yamt-pf42 branch. (import newer pf from OpenBSD 4.2) ok'ed by peter@. requested by core@
1.15	11-Feb-2008	dyoung	branches: 1.15.6; 1.15.8; 1.15.10; 1.15.12; 1.15.14; Use TAILQ_FOREACH().
1.14	11-Dec-2007	lukem	use __KERNEL_RCSID()
1.13	05-Dec-2007	dyoung	branches: 1.13.2; 1.13.4; Use IFADDR_FOREACH().
1.12	12-Mar-2007	ad	branches: 1.12.12; 1.12.14; 1.12.20; 1.12.22; Pass an ipl argument to pool_init/POOL_INIT to be used when initializing the pool's lock.
1.11	04-Mar-2007	christos	branches: 1.11.2; Kill caddr_t; there will be some MI fallout, but it will be fixed shortly.
1.10	11-Dec-2005	christos	branches: 1.10.26; merge ktrace-lwp.
1.9	01-Jul-2005	peter	branches: 1.9.2; Resolve conflicts (pf from OpenBSD 3.7, kernel part).
1.8	04-Dec-2004	peter	Improve the cleanup routines for detachment. Fixes PR 28132. Reviewed by yamt.
1.7	04-Dec-2004	yamt	plug pfik_ifaddrhooks leaks by embedding it to pfi_kif.
1.6	14-Nov-2004	yamt	resolve conflicts. (pf from OpenBSD 3.6, kernel part)
1.5	26-Jul-2004	yamt	branches: 1.5.2; fix dynaddr tracking. from Peter Postma, PR/26369. ok'ed by itojun.
1.4	26-Jul-2004	yamt	ANSIfy. (inside #ifdef __NetBSD__) from Peter Postma. ok'ed by itojun.
1.3	29-Jun-2004	itojun	make PF lkm working. from Peter Postma and Joel Wilsson. remove pf_ioctl_head/pf_newif_head, which was never used.
1.2	22-Jun-2004	itojun	PF from openbsd 3.5. missing features: - pfsync (due to protocol # assignment issues) - carp (not really a PF portion, but thought important to mention) - PF and ALTQ are mutually-exclusive. this will be sorted out when kjc@csl.sony.co.jp updates ALTQ and PF (and API inbetween) reviewed by matt, christos, perry torture-test is very welcomed.
1.1	22-Jun-2004	itojun	branches: 1.1.1; Initial revision
1.1.1.4	01-Dec-2009	martti	Import PF from OpenBSD 4.2
1.1.1.3	01-Jul-2005	peter	Import pf from OpenBSD 3.7 (kernel part).
1.1.1.2	14-Nov-2004	yamt	import pf from OpenBSD 3.6. (kernel part)
1.1.1.1	22-Jun-2004	itojun	PF from OpenBSD 3.5
1.5.2.7	10-Nov-2005	skrll	Sync with HEAD. Here we go again...
1.5.2.6	18-Dec-2004	skrll	Sync with HEAD.
1.5.2.5	29-Nov-2004	skrll	Sync with HEAD.
1.5.2.4	21-Sep-2004	skrll	Fix the sync with head I botched.
1.5.2.3	18-Sep-2004	skrll	Sync with HEAD.
1.5.2.2	03-Aug-2004	skrll	Sync with HEAD
1.5.2.1	26-Jul-2004	skrll	file pf_if.c was added on branch ktrace-lwp on 2004-08-03 10:52:23 +0000
1.9.2.4	27-Feb-2008	yamt	sync with head.
1.9.2.3	21-Jan-2008	yamt	sync with head
1.9.2.2	07-Dec-2007	yamt	sync with head
1.9.2.1	03-Sep-2007	yamt	sync with head.
1.10.26.2	24-Mar-2007	yamt	sync with head.
1.10.26.1	12-Mar-2007	rmind	Sync with HEAD.
1.11.2.1	13-Mar-2007	ad	Sync with head.
1.12.22.2	26-Dec-2007	ad	Sync with head.
1.12.22.1	08-Dec-2007	ad	Sync with head.
1.12.20.3	18-Feb-2008	mjf	Sync with HEAD.
1.12.20.2	27-Dec-2007	mjf	Sync with HEAD.
1.12.20.1	08-Dec-2007	mjf	Sync with HEAD.
1.12.14.2	23-Mar-2008	matt	sync with HEAD
1.12.14.1	09-Jan-2008	matt	sync with HEAD
1.12.12.1	09-Dec-2007	jmcneill	Sync with HEAD.
1.13.4.1	13-Dec-2007	bouyer	Sync with HEAD
1.13.2.1	11-Dec-2007	yamt	sync with head.
1.15.14.1	18-Jun-2008	simonb	Sync with head.
1.15.12.1	23-Jun-2008	wrstuden	Sync w/ -current. 34 merge conflicts to follow.
1.15.10.4	11-Aug-2010	yamt	sync with head.
1.15.10.3	11-Mar-2010	yamt	sync with head
1.15.10.2	19-Aug-2009	yamt	sync with head.
1.15.10.1	04-May-2009	yamt	sync with head.
1.15.8.4	23-Apr-2008	peter	Clean up 'pfi_kif' instances.
1.15.8.3	21-Apr-2008	peter	Make this compile when #ifdef _LKM.
1.15.8.2	20-Apr-2008	peter	Create/destroy groups for the interface on attachment/detachment. Filtering on groups now works.
1.15.8.1	19-Apr-2008	yamt	Peter Postma's work-in-progress pf import from OpenBSD 4.2. updated to -current by me.
1.15.6.2	17-Jan-2009	mjf	Sync with HEAD.
1.15.6.1	29-Jun-2008	mjf	Sync with HEAD.
1.16.4.1	19-Jan-2009	skrll	Sync with HEAD.
1.20.4.1	30-May-2010	rmind	sync with head
1.20.2.1	30-Apr-2010	uebayasi	Sync with HEAD.
1.21.22.3	18-May-2014	rmind	sync with head
1.21.22.2	28-Aug-2013	rmind	sync with head
1.21.22.1	17-Jul-2013	rmind	Checkpoint work in progress: - Move PCB structures under __INPCB_PRIVATE, adjust most of the callers and thus make IPv4 PCB structures mostly opaque. Any volunteers for merging in6pcb with inpcb (see rpaulo-netinet-merge-pcb branch)? - Move various global vars to the modules where they belong, make them static. - Some preliminary work for IPv4 PCB locking scheme. - Make raw IP code mostly MP-safe. Simplify some of it. - Rework "fast" IP forwarding (ipflow) code to be mostly MP-safe. It should run from a software interrupt, rather than hard. - Rework tun(4) pseudo interface to be MP-safe. - Work towards making some other interfaces more strict.
1.21.18.2	03-Dec-2017	jdolecek	update from HEAD
1.21.18.1	20-Aug-2014	tls	Rebase to HEAD as of a few days ago.
1.21.8.1	22-May-2014	yamt	sync with head. for a reference, the tree before this commit was tagged as yamt-pagecache-tag8. this commit was splitted into small chunks to avoid a limitation of cvs. ("Protocol error: too many arguments")
1.24.4.1	10-Aug-2014	tls	Rebase.
1.26.4.5	28-Aug-2017	skrll	Sync with HEAD
1.26.4.4	05-Feb-2017	skrll	Sync with HEAD
1.26.4.3	05-Oct-2016	skrll	Sync with HEAD
1.26.4.2	09-Jul-2016	skrll	Sync with HEAD
1.26.4.1	29-May-2016	skrll	Sync with HEAD
1.30.2.3	20-Mar-2017	pgoyette	Sync with HEAD
1.30.2.2	07-Jan-2017	pgoyette	Sync with HEAD. (Note that most of these changes are simply $NetBSD$ tag issues.)
1.30.2.1	26-Jul-2016	pgoyette	Sync with HEAD
1.32.2.1	21-Apr-2017	bouyer	Sync with HEAD
1.58	28-Mar-2022	riastradh	driver(9): devsw_detach never fails. Make it return void. Prune a whole lotta dead branches as a result of this. (Some logic calling this is also wrong for other reasons; devsw_detach is final -- you should never have any reason to decide to roll it back. To be cleaned up in subsequent commits...) XXX kernel ABI change to devsw_detach signature requires bump
1.57	21-Feb-2020	joerg	Explicitly cast pointers to uintptr_t before casting to enums. They are not necessarily the same size. Don't cast pointers to bool, check for NULL instead.
1.56	10-Aug-2018	maxv	branches: 1.56.6; Fix compilation of PF/IPF...
1.55	10-Aug-2018	maxv	Rename ip6_undefer_csum -> in6_undefer_cksum in6_delayed_cksum -> in6_undefer_cksum_tcpudp The two previous names were inconsistent and misleading. Put the two functions into in6_offload.c. Add comments to explain what we're doing. Same as IPv4.
1.54	11-Jul-2018	kre	Fix build. pf_ioctl.c needs netinet/in_offload.h (after previous change). Because this is in a module, apparently, that means that netinet_in_offload.h needs to get installed in /usr/include, so do that as well. Feel free to fix this in a better way...
1.53	11-Jul-2018	maxv	Rename ip_undefer_csum -> in_undefer_cksum in_delayed_cksum -> in_undefer_cksum_tcpudp The two previous names were inconsistent and misleading. Put the two functions into in_offload.c. Add comments to explain what we're doing. The same could be done for IPv6.
1.52	15-Oct-2017	pgoyette	branches: 1.52.2; 1.52.4; Defer initialization of pf_status.host_id The call to cprng_fast32() requires that per-cpu data has been initialized by corng_fast_init(), which doesn't get called until after the first part of auto-configuration is done, long after pfattach() calls cprng_fast32(). Fixed PR kern/52620 XXX This needs pull-up to the -8 branch.
1.51	20-Aug-2015	christos	branches: 1.51.8; 1.51.10; include "ioconf.h" to get the 'void <driver>attach(int count);' prototype.
1.50	25-Jul-2014	dholland	branches: 1.50.4; Add d_discard to all struct cdevsw instances I could find. All have been set to "nodiscard"; some should get a real implementation.
1.49	16-Mar-2014	dholland	branches: 1.49.2; Change (mostly mechanically) every cdevsw/bdevsw I can find to use designated initializers. I have not built every extant kernel so I have probably broken at least one build; however I've also found and fixed some wrong cdevsw/bdevsw entries so even if so I think we come out ahead.
1.48	01-Jul-2013	skrll	PFIL_HOOKS is dead.
1.47	30-Jun-2013	rmind	Update pf to pfil(9) changes. Missed in previous commit.
1.46	28-Nov-2011	tls	branches: 1.46.8; 1.46.12; Remove arc4random() and arc4randbytes() from the kernel API. Replace arc4random() hacks in rump with stubs that call the host arc4random() to get numbers that are hopefully actually random (arc4random() keyed with stack junk is not). This should fix some of the currently failing anita tests -- we should no longer generate duplicate "random" MAC addresses in the test environment.
1.45	30-Aug-2011	jmcneill	branches: 1.45.2; fix -Wshadow warnings when ALTQ is enabled
1.44	29-Aug-2011	jmcneill	build pf module with WARNS=3, and remove the need for -Wno-shadow
1.43	19-Jan-2011	drochner	make sure the "overload_tbl" member of "struct pf_rule" copied in from userland is initialized (it is used by the kernel only) fixes crash or data injection (CVE-2010-3830), usually by root user only OpenBSD has rewritten the code to start with a zero'd struct and fills in needed parts only - to be considered in case a newer pf version is imported.
1.42	07-May-2010	degroote	branches: 1.42.2; Add support for pfs(8) pfs(8) is a tool similar to ipfs(8) but for pf(4). It allows the admin to dump internal configuration of pf, and restore at a latter point, after a maintenance reboot for example, in a transparent way for user. This work has been done mostly during my GSoC 2009 No objections on tech-net@
1.41	13-Apr-2010	ahoka	Do not unload pf when enabled, not even manually.
1.40	13-Apr-2010	ahoka	change module class to driver.
1.39	13-Apr-2010	ahoka	Do not auto unload pf if it's enabled.
1.38	12-Apr-2010	ahoka	- Make the pf and pflog driver able to detach. - Add code for module support. Original patch from Jared McNeill
1.37	03-Oct-2009	elad	branches: 1.37.2; 1.37.4; Move firewall/NAT policy back to respective subsystems (pf, ipf). Note: the ipf code contains a lot of ifdefs, some of them for NetBSD versions that are no longer maintained. It won't make the code more readable, but we should consider removing them.
1.36	14-Sep-2009	degroote	Import pfsync support from OpenBSD 4.2 Pfsync interface exposes change in the pf(4) over a pseudo-interface, and can be used to synchronise different pf. This work was part of my 2009 GSoC No objection on tech-net@
1.35	28-Jul-2009	minskim	Remove LKM code from pf.
1.34	22-Jun-2008	peter	Wrap definition of pfil6_wrapper in #ifdef INET6. From Scott Ellis in PR/39007.
1.33	18-Jun-2008	yamt	merge yamt-pf42 branch. (import newer pf from OpenBSD 4.2) ok'ed by peter@. requested by core@
1.32	11-Dec-2007	lukem	branches: 1.32.8; 1.32.10; 1.32.12; 1.32.14; 1.32.16; use __KERNEL_RCSID()
1.31	09-Jul-2007	ad	branches: 1.31.8; 1.31.16; 1.31.18; 1.31.20; Merge some of the less invasive changes from the vmlocking branch: - kthread, callout, devsw API changes - select()/poll() improvements - miscellaneous MT safety improvements
1.30	12-Mar-2007	ad	branches: 1.30.2; Pass an ipl argument to pool_init/POOL_INIT to be used when initializing the pool's lock.
1.29	04-Mar-2007	christos	branches: 1.29.2; Kill caddr_t; there will be some MI fallout, but it will be fixed shortly.
1.28	16-Nov-2006	christos	branches: 1.28.4; __unused removal on arguments; approved by core.
1.27	12-Oct-2006	peter	Merge the peter-altq branch. (sync with KAME & add support for using ALTQ with pf(4)).
1.26	12-Oct-2006	christos	- sprinkle __unused on function decls. - fix a couple of unused bugs - no more -Wno-unused for i386
1.25	01-Oct-2006	pavel	In pf, there are lots of #ifdef ALTQ, but our ALTQ is not what pf expects, and if ALTQ and pf are both enabled, it leads to compile errors. So, change all tests for ALTQ to ALTQ_NEW, which won't be defined. This allows simultaneous compilation of pf and ALTQ and is a temporary measure before the peter-altq brach is merged. Tested and approved by Peter Postma.
1.24	19-Sep-2006	elad	Remove ugly (void *) casts from network scope authorization wrapper and calls to it. While here, adapt code for system scope listeners to avoid some more casts (forgotten in previous run). Update documentation.
1.23	08-Sep-2006	elad	branches: 1.23.2; First take at security model abstraction. - Add a few scopes to the kernel: system, network, and machdep. - Add a few more actions/sub-actions (requests), and start using them as opposed to the KAUTH_GENERIC_ISSUSER place-holders. - Introduce a basic set of listeners that implement our "traditional" security model, called "bsd44". This is the default (and only) model we have at the moment. - Update all relevant documentation. - Add some code and docs to help folks who want to actually use this stuff: * There's a sample overlay model, sitting on-top of "bsd44", for fast experimenting with tweaking just a subset of an existing model. This is pretty cool because it's really straightforward to do stuff you had to use ugly hacks for until now... * And of course, documentation describing how to do the above for quick reference, including code samples. All of these changes were tested for regressions using a Python-based testsuite that will be (I hope) available soon via pkgsrc. Information about the tests, and how to write new ones, can be found on: http://kauth.linbsd.org/kauthwiki NOTE FOR DEVELOPERS: PLEASE don't add any code that does any of the following: - Uses a KAUTH_GENERIC_ISSUSER kauth(9) request, - Checks 'securelevel' directly, - Checks a uid/gid directly. (or if you feel you have to, contact me first) This is still work in progress; It's far from being done, but now it'll be a lot easier. Relevant mailing list threads: http://mail-index.netbsd.org/tech-security/2006/01/25/0011.html http://mail-index.netbsd.org/tech-security/2006/03/24/0001.html http://mail-index.netbsd.org/tech-security/2006/04/18/0000.html http://mail-index.netbsd.org/tech-security/2006/05/15/0000.html http://mail-index.netbsd.org/tech-security/2006/08/01/0000.html http://mail-index.netbsd.org/tech-security/2006/08/25/0000.html Many thanks to YAMAMOTO Takashi, Matt Thomas, and Christos Zoulas for help stablizing kauth(9). Full credit for the regression tests, making sure these changes didn't break anything, goes to Matt Fleming and Jaime Fournier. Happy birthday Randi! :)
1.22	03-Sep-2006	christos	branches: 1.22.2; add missing initializer
1.21	11-Dec-2005	christos	branches: 1.21.4; 1.21.8; 1.21.12; merge ktrace-lwp.
1.20	11-Aug-2005	yamt	pfil6_wrapper: handle M_CSUM_TCPv6\|M_CSUM_UDPv6.
1.19	06-Aug-2005	yamt	wrap INET only code by #if defined(INET). (in __NetBSD__ part)
1.18	26-Jul-2005	peter	pf_test() can set *mp to NULL, check for this before de-referencing it. From Akihiro Sagawa in PR/30835.
1.17	01-Jul-2005	peter	branches: 1.17.2; Resolve conflicts (pf from OpenBSD 3.7, kernel part).
1.16	15-Mar-2005	peter	branches: 1.16.2; Fix a GCC warning when compiling on evbppc. From FUKAUMI Naoki in PR #29669.
1.15	14-Feb-2005	peter	Merge in a fix from OPENBSD_3_6. ok yamt@ > MFC: > Fix by dhartmei@ > > replace finer-grained spl locking in pfioctl() with a single broad lock > around the entire body. this resolves the (misleading) panics in > pf_tag_packet() during heavy ioctl operations (like when using authpf) > that occur because softclock can interrupt ioctl on i386 since SMP. > patch from camield@.
1.14	01-Jan-2005	yamt	branches: 1.14.2; 1.14.4; pfil4_wrapper: clear M_CANFASTFWD which is not compatible with pf.
1.13	04-Dec-2004	peter	Improve the cleanup routines for detachment. Fixes PR 28132. Reviewed by yamt.
1.12	14-Nov-2004	yamt	resolve conflicts. (pf from OpenBSD 3.6, kernel part)
1.11	13-Nov-2004	yamt	backout whitespace changes to make further import easier.
1.10	06-Sep-2004	yamt	pfil4_wrapper, pfil6_wrapper: ensure that mbufs are writable beforehand as pf assumes it. PR/26433.
1.9	27-Jul-2004	yamt	branches: 1.9.2; - rename PFIL_NEWIF to PFIL_IFNET, and handle interface detach events as well. - use it for pf(4). mostly from Peter Postma. PR/26403.
1.8	26-Jul-2004	yamt	fix dynaddr tracking. from Peter Postma, PR/26369. ok'ed by itojun.
1.7	26-Jul-2004	yamt	call PFIL_NEWIF hooks at a correct place. (on SIOCAIFADDR rather than SIOCGIFALIAS.) from Peter Postma, PR/26402. ok'ed by itojun.
1.6	29-Jun-2004	itojun	make PF lkm working. from Peter Postma and Joel Wilsson. remove pf_ioctl_head/pf_newif_head, which was never used.
1.5	25-Jun-2004	itojun	PR kern/26011: pf leaks mbufs on disallowed packets. Peter Postma
1.4	22-Jun-2004	martin	Make it compile on non-IPv6 kernels.
1.3	22-Jun-2004	christos	add a pfdetach() method to be used by lkm's
1.2	22-Jun-2004	itojun	PF from openbsd 3.5. missing features: - pfsync (due to protocol # assignment issues) - carp (not really a PF portion, but thought important to mention) - PF and ALTQ are mutually-exclusive. this will be sorted out when kjc@csl.sony.co.jp updates ALTQ and PF (and API inbetween) reviewed by matt, christos, perry torture-test is very welcomed.
1.1	22-Jun-2004	itojun	branches: 1.1.1; Initial revision
1.1.1.4	01-Dec-2009	martti	Import PF from OpenBSD 4.2
1.1.1.3	01-Jul-2005	peter	Import pf from OpenBSD 3.7 (kernel part).
1.1.1.2	14-Nov-2004	yamt	import pf from OpenBSD 3.6. (kernel part)
1.1.1.1	22-Jun-2004	itojun	PF from OpenBSD 3.5
1.9.2.11	10-Nov-2005	skrll	Sync with HEAD. Here we go again...
1.9.2.10	01-Apr-2005	skrll	Sync with HEAD.
1.9.2.9	15-Feb-2005	skrll	Sync with HEAD.
1.9.2.8	17-Jan-2005	skrll	Sync with HEAD.
1.9.2.7	18-Dec-2004	skrll	Sync with HEAD.
1.9.2.6	29-Nov-2004	skrll	Sync with HEAD.
1.9.2.5	21-Sep-2004	skrll	Fix the sync with head I botched.
1.9.2.4	18-Sep-2004	skrll	Sync with HEAD.
1.9.2.3	24-Aug-2004	skrll	Adapt to branch.
1.9.2.2	03-Aug-2004	skrll	Sync with HEAD
1.9.2.1	27-Jul-2004	skrll	file pf_ioctl.c was added on branch ktrace-lwp on 2004-08-03 10:52:23 +0000
1.14.4.1	19-Mar-2005	yamt	sync with head. xen and whitespace. xen part is not finished.
1.14.2.1	29-Apr-2005	kent	sync with -current
1.16.2.1	01-Aug-2005	tron	Pull up revision 1.18 (requested by peter in ticket #641): pf_test() can set *mp to NULL, check for this before de-referencing it. From Akihiro Sagawa in PR/30835.
1.17.2.4	21-Jan-2008	yamt	sync with head
1.17.2.3	03-Sep-2007	yamt	sync with head.
1.17.2.2	30-Dec-2006	yamt	sync with head.
1.17.2.1	21-Jun-2006	yamt	sync with head.
1.21.12.2	25-Sep-2006	peter	sync with head.
1.21.12.1	18-Mar-2006	peter	Use splnet() on NetBSD instead of splimp().
1.21.8.2	14-Sep-2006	yamt	sync with head.
1.21.8.1	03-Sep-2006	yamt	sync with head.
1.21.4.1	09-Sep-2006	rpaulo	sync with head
1.22.2.1	18-Nov-2006	ad	Sync with head.
1.23.2.2	10-Dec-2006	yamt	sync with head.
1.23.2.1	22-Oct-2006	yamt	sync with head
1.28.4.2	24-Mar-2007	yamt	sync with head.
1.28.4.1	12-Mar-2007	rmind	Sync with HEAD.
1.29.2.2	01-Jul-2007	ad	Adapt to callout API change.
1.29.2.1	13-Mar-2007	ad	Sync with head.
1.30.2.1	11-Jul-2007	mjf	Sync with head.
1.31.20.1	13-Dec-2007	bouyer	Sync with HEAD
1.31.18.1	11-Dec-2007	yamt	sync with head.
1.31.16.1	26-Dec-2007	ad	Sync with head.
1.31.8.1	09-Jan-2008	matt	sync with HEAD
1.32.16.2	27-Jun-2008	simonb	Sync with head.
1.32.16.1	18-Jun-2008	simonb	Sync with head.
1.32.14.1	23-Jun-2008	wrstuden	Sync w/ -current. 34 merge conflicts to follow.
1.32.12.5	11-Aug-2010	yamt	sync with head.
1.32.12.4	11-Mar-2010	yamt	sync with head
1.32.12.3	16-Sep-2009	yamt	sync with head
1.32.12.2	19-Aug-2009	yamt	sync with head.
1.32.12.1	04-May-2009	yamt	sync with head.
1.32.10.4	23-Apr-2008	peter	pfdetach: don't purge just one state, but purge them all.
1.32.10.3	23-Apr-2008	peter	pfdetach: stop the purge thread.
1.32.10.2	21-Apr-2008	peter	Make this compile when #ifdef _LKM.
1.32.10.1	19-Apr-2008	yamt	Peter Postma's work-in-progress pf import from OpenBSD 4.2. updated to -current by me.
1.32.8.1	29-Jun-2008	mjf	Sync with HEAD.
1.37.4.2	05-Mar-2011	rmind	sync with head
1.37.4.1	30-May-2010	rmind	sync with head
1.37.2.2	17-Aug-2010	uebayasi	Sync with HEAD.
1.37.2.1	30-Apr-2010	uebayasi	Sync with HEAD.
1.42.2.1	06-Jun-2011	jruoho	Sync with HEAD.
1.45.2.2	22-May-2014	yamt	sync with head. for a reference, the tree before this commit was tagged as yamt-pagecache-tag8. this commit was splitted into small chunks to avoid a limitation of cvs. ("Protocol error: too many arguments")
1.45.2.1	17-Apr-2012	yamt	sync with head
1.46.12.2	18-May-2014	rmind	sync with head
1.46.12.1	28-Aug-2013	rmind	sync with head
1.46.8.2	03-Dec-2017	jdolecek	update from HEAD
1.46.8.1	20-Aug-2014	tls	Rebase to HEAD as of a few days ago.
1.49.2.1	10-Aug-2014	tls	Rebase.
1.50.4.1	22-Sep-2015	skrll	Sync with HEAD
1.51.10.1	25-Oct-2017	snj	Pull up following revision(s) (requested by pgoyette in ticket #322): sys/dist/pf/net/pf_ioctl.c: revision 1.52 Defer initialization of pf_status.host_id The call to cprng_fast32() requires that per-cpu data has been initialized by corng_fast_init(), which doesn't get called until after the first part of auto-configuration is done, long after pfattach() calls cprng_fast32(). Fixed PR kern/52620
1.51.8.2	29-Apr-2017	pgoyette	Revise previous. Rather than explicitly including <sys/localcount.h> in all the places where {b,c}devsw is initialized, just include it from <sys/conf.h>. This avoids an include-sequence dependancy.
1.51.8.1	29-Apr-2017	pgoyette	Add DEVSW_MODULE_INIT to existing device-driver modules, so that they willl have a localcount defined and thus be permitted to load. Without a localcount, loading the module will return EINVAL. XXX the dtrace and drm stuff might need to be fed back upstream?
1.52.4.2	08-Apr-2020	martin	Merge changes from current as of 20200406
1.52.4.1	10-Jun-2019	christos	Sync with HEAD
1.52.2.2	06-Sep-2018	pgoyette	Sync with HEAD Resolve a couple of conflicts (result of the uimin/uimax changes)
1.52.2.1	28-Jul-2018	pgoyette	Sync with HEAD
1.56.6.1	29-Feb-2020	ad	Sync with head.
1.3	15-Nov-2018	maxv	Remove the 't' argument from m_tag_find().
1.2	18-Jun-2008	yamt	branches: 1.2.2; 1.2.4; 1.2.86; 1.2.88; merge yamt-pf42 branch. (import newer pf from OpenBSD 4.2) ok'ed by peter@. requested by core@
1.1	19-Apr-2008	yamt	branches: 1.1.1; 1.1.2; 1.1.4; 1.1.6; file pf_mtag.c was initially added on branch yamt-pf42.
1.1.6.1	18-Jun-2008	simonb	Sync with head.
1.1.4.1	04-May-2009	yamt	sync with head.
1.1.2.1	19-Apr-2008	yamt	Peter Postma's work-in-progress pf import from OpenBSD 4.2. updated to -current by me.
1.1.1.1	01-Dec-2009	martti	Import PF from OpenBSD 4.2
1.2.88.1	10-Jun-2019	christos	Sync with HEAD
1.2.86.1	26-Nov-2018	pgoyette	Sync with HEAD, resolve a couple of conflicts
1.2.4.2	29-Jun-2008	mjf	Sync with HEAD.
1.2.4.1	18-Jun-2008	mjf	file pf_mtag.c was added on branch mjf-devfs2 on 2008-06-29 09:33:12 +0000
1.2.2.2	23-Jun-2008	wrstuden	Add files to branch that were added on -current. After this, all that's left of update is to merge some changes that had conflicts.
1.2.2.1	18-Jun-2008	wrstuden	file pf_mtag.c was added on branch wrstuden-revivesa on 2008-06-23 05:02:13 +0000
1.2	18-Jun-2008	yamt	branches: 1.2.2; 1.2.4; merge yamt-pf42 branch. (import newer pf from OpenBSD 4.2) ok'ed by peter@. requested by core@
1.1	19-Apr-2008	yamt	branches: 1.1.1; 1.1.2; 1.1.4; 1.1.6; file pf_mtag.h was initially added on branch yamt-pf42.
1.1.6.1	18-Jun-2008	simonb	Sync with head.
1.1.4.1	04-May-2009	yamt	sync with head.
1.1.2.1	19-Apr-2008	yamt	Peter Postma's work-in-progress pf import from OpenBSD 4.2. updated to -current by me.
1.1.1.1	01-Dec-2009	martti	Import PF from OpenBSD 4.2
1.2.4.2	29-Jun-2008	mjf	Sync with HEAD.
1.2.4.1	18-Jun-2008	mjf	file pf_mtag.h was added on branch mjf-devfs2 on 2008-06-29 09:33:12 +0000
1.2.2.2	23-Jun-2008	wrstuden	Add files to branch that were added on -current. After this, all that's left of update is to merge some changes that had conflicts.
1.2.2.1	18-Jun-2008	wrstuden	file pf_mtag.h was added on branch wrstuden-revivesa on 2008-06-23 05:02:13 +0000
1.30	07-Aug-2023	mrg	fix indentation issues. found by GCC 12.
1.29	08-Mar-2021	christos	Adjust for fewer args in calling functions
1.28	13-Apr-2015	riastradh	branches: 1.28.30; <sys/rnd.h> not needed for pf_norm.c.
1.27	20-Oct-2013	christos	branches: 1.27.6; fix compiler warnings
1.26	28-Nov-2011	tls	branches: 1.26.8; 1.26.12; Remove arc4random() and arc4randbytes() from the kernel API. Replace arc4random() hacks in rump with stubs that call the host arc4random() to get numbers that are hopefully actually random (arc4random() keyed with stack junk is not). This should fix some of the currently failing anita tests -- we should no longer generate duplicate "random" MAC addresses in the test environment.
1.25	29-Aug-2011	jmcneill	branches: 1.25.2; build pf module with WARNS=3, and remove the need for -Wno-shadow
1.24	01-Jul-2011	mrg	fix an uninitialised variable problem. large-ish function, but i couldn't see how GCC 4.5 isn't wrong about this one.
1.23	05-Nov-2010	rmind	ip_randomid: make mechanism MP-safe and more modular. OK matt@
1.22	12-Apr-2010	ahoka	- Make the pf and pflog driver able to detach. - Add code for module support. Original patch from Jared McNeill
1.21	28-Jul-2009	minskim	branches: 1.21.2; 1.21.4; Remove LKM code from pf.
1.20	11-Jan-2009	cegger	make this compile
1.19	18-Jun-2008	yamt	branches: 1.19.4; merge yamt-pf42 branch. (import newer pf from OpenBSD 4.2) ok'ed by peter@. requested by core@
1.18	07-Feb-2008	matt	branches: 1.18.6; 1.18.8; 1.18.10; 1.18.12; 1.18.14; Pass 0 to ip_randomid since we don't know the salt.
1.17	11-Dec-2007	lukem	use __KERNEL_RCSID()
1.16	12-Mar-2007	ad	branches: 1.16.14; 1.16.20; 1.16.22; 1.16.24; 1.16.26; Pass an ipl argument to pool_init/POOL_INIT to be used when initializing the pool's lock.
1.15	16-Nov-2006	christos	branches: 1.15.4; 1.15.8; __unused removal on arguments; approved by core.
1.14	12-Oct-2006	christos	- sprinkle __unused on function decls. - fix a couple of unused bugs - no more -Wno-unused for i386
1.13	11-May-2006	mrg	branches: 1.13.8; 1.13.10; caddr_t -> u_char *, to match the variable type
1.12	08-Mar-2006	lukem	branches: 1.12.2; Use the SI capitalization for "Hz", "kHz", and "MHz" in comments and strings. Add a space between numbers and Hz unit.
1.11	25-Jan-2006	peter	branches: 1.11.2; 1.11.4; 1.11.6; 1.11.8; apply a fix from OpenBSD: > revision 1.104 > date: 2006/01/18 22:03:21; author: dhartmei; state: Exp; lines: +2 -2 > fix a bug in the fragment cache (used for 'scrub fragment crop/drop-ovl', > but not 'fragment reassemble'), which can cause some fragments to get > inserted into the cache twice, thereby violating an invariant, and panic- > ing the system subsequently. ok deraadt@
1.10	11-Dec-2005	christos	branches: 1.10.2; merge ktrace-lwp.
1.9	01-Jul-2005	peter	branches: 1.9.2; Resolve conflicts (pf from OpenBSD 3.7, kernel part).
1.8	08-Jun-2005	yamt	pf_reassemble: clear stale csum_flags.
1.7	04-Dec-2004	peter	branches: 1.7.10; Improve the cleanup routines for detachment. Fixes PR 28132. Reviewed by yamt.
1.6	14-Nov-2004	yamt	resolve conflicts. (pf from OpenBSD 3.6, kernel part)
1.5	13-Nov-2004	yamt	backout whitespace changes to make further import easier.
1.4	08-Sep-2004	yamt	remove no longer needed caddr_t casts to reduce diffs from openbsd.
1.3	29-Jun-2004	itojun	branches: 1.3.2; make PF lkm working. from Peter Postma and Joel Wilsson. remove pf_ioctl_head/pf_newif_head, which was never used.
1.2	22-Jun-2004	itojun	PF from openbsd 3.5. missing features: - pfsync (due to protocol # assignment issues) - carp (not really a PF portion, but thought important to mention) - PF and ALTQ are mutually-exclusive. this will be sorted out when kjc@csl.sony.co.jp updates ALTQ and PF (and API inbetween) reviewed by matt, christos, perry torture-test is very welcomed.
1.1	22-Jun-2004	itojun	branches: 1.1.1; Initial revision
1.1.1.4	01-Dec-2009	martti	Import PF from OpenBSD 4.2
1.1.1.3	01-Jul-2005	peter	Import pf from OpenBSD 3.7 (kernel part).
1.1.1.2	14-Nov-2004	yamt	import pf from OpenBSD 3.6. (kernel part)
1.1.1.1	22-Jun-2004	itojun	PF from OpenBSD 3.5
1.3.2.7	10-Nov-2005	skrll	Sync with HEAD. Here we go again...
1.3.2.6	18-Dec-2004	skrll	Sync with HEAD.
1.3.2.5	29-Nov-2004	skrll	Sync with HEAD.
1.3.2.4	21-Sep-2004	skrll	Fix the sync with head I botched.
1.3.2.3	18-Sep-2004	skrll	Sync with HEAD.
1.3.2.2	03-Aug-2004	skrll	Sync with HEAD
1.3.2.1	29-Jun-2004	skrll	file pf_norm.c was added on branch ktrace-lwp on 2004-08-03 10:52:23 +0000
1.7.10.2	28-Jan-2006	tron	Pull up following revision(s) (requested by peter in ticket #1139): sys/dist/pf/net/pf_norm.c: revision 1.11 apply a fix from OpenBSD: revision 1.104 date: 2006/01/18 22:03:21; author: dhartmei; state: Exp; lines: +2 -2 fix a bug in the fragment cache (used for 'scrub fragment crop/drop-ovl', but not 'fragment reassemble'), which can cause some fragments to get inserted into the cache twice, thereby violating an invariant, and panic- ing the system subsequently. ok deraadt@
1.7.10.1	17-Jun-2005	tron	branches: 1.7.10.1.2; Pull up revision 1.8 (requested by yamt in ticket #469): pf_reassemble: clear stale csum_flags.
1.7.10.1.2.1	28-Jan-2006	tron	Pull up following revision(s) (requested by peter in ticket #1139): sys/dist/pf/net/pf_norm.c: revision 1.11 apply a fix from OpenBSD: revision 1.104 date: 2006/01/18 22:03:21; author: dhartmei; state: Exp; lines: +2 -2 fix a bug in the fragment cache (used for 'scrub fragment crop/drop-ovl', but not 'fragment reassemble'), which can cause some fragments to get inserted into the cache twice, thereby violating an invariant, and panic- ing the system subsequently. ok deraadt@
1.9.2.5	11-Feb-2008	yamt	sync with head.
1.9.2.4	21-Jan-2008	yamt	sync with head
1.9.2.3	03-Sep-2007	yamt	sync with head.
1.9.2.2	30-Dec-2006	yamt	sync with head.
1.9.2.1	21-Jun-2006	yamt	sync with head.
1.10.2.1	01-Feb-2006	yamt	sync with head.
1.11.8.2	11-May-2006	elad	sync with head
1.11.8.1	19-Apr-2006	elad	sync with head.
1.11.6.2	24-May-2006	yamt	sync with head.
1.11.6.1	13-Mar-2006	yamt	sync with head.
1.11.4.2	01-Jun-2006	kardel	Sync with head.
1.11.4.1	22-Apr-2006	simonb	Sync with head.
1.11.2.1	09-Sep-2006	rpaulo	sync with head
1.12.2.1	24-May-2006	tron	Merge 2006-05-24 NetBSD-current into the "peter-altq" branch.
1.13.10.2	10-Dec-2006	yamt	sync with head.
1.13.10.1	22-Oct-2006	yamt	sync with head
1.13.8.1	18-Nov-2006	ad	Sync with head.
1.15.8.1	13-Mar-2007	ad	Sync with head.
1.15.4.1	24-Mar-2007	yamt	sync with head.
1.16.26.1	13-Dec-2007	bouyer	Sync with HEAD
1.16.24.1	11-Dec-2007	yamt	sync with head.
1.16.22.1	26-Dec-2007	ad	Sync with head.
1.16.20.1	18-Feb-2008	mjf	Sync with HEAD.
1.16.14.2	23-Mar-2008	matt	sync with HEAD
1.16.14.1	09-Jan-2008	matt	sync with HEAD
1.18.14.1	18-Jun-2008	simonb	Sync with head.
1.18.12.1	23-Jun-2008	wrstuden	Sync w/ -current. 34 merge conflicts to follow.
1.18.10.3	11-Aug-2010	yamt	sync with head.
1.18.10.2	19-Aug-2009	yamt	sync with head.
1.18.10.1	04-May-2009	yamt	sync with head.
1.18.8.2	23-Apr-2008	peter	Putting bpfilter.h/pf.h/pflog.h under _KERNEL_OPT was a mistake, revert this.
1.18.8.1	19-Apr-2008	yamt	Peter Postma's work-in-progress pf import from OpenBSD 4.2. updated to -current by me.
1.18.6.2	17-Jan-2009	mjf	Sync with HEAD.
1.18.6.1	29-Jun-2008	mjf	Sync with HEAD.
1.19.4.1	19-Jan-2009	skrll	Sync with HEAD.
1.21.4.2	05-Mar-2011	rmind	sync with head
1.21.4.1	30-May-2010	rmind	sync with head
1.21.2.2	06-Nov-2010	uebayasi	Sync with HEAD.
1.21.2.1	30-Apr-2010	uebayasi	Sync with HEAD.
1.25.2.2	22-May-2014	yamt	sync with head. for a reference, the tree before this commit was tagged as yamt-pagecache-tag8. this commit was splitted into small chunks to avoid a limitation of cvs. ("Protocol error: too many arguments")
1.25.2.1	17-Apr-2012	yamt	sync with head
1.26.12.1	18-May-2014	rmind	sync with head
1.26.8.2	03-Dec-2017	jdolecek	update from HEAD
1.26.8.1	20-Aug-2014	tls	Rebase to HEAD as of a few days ago.
1.27.6.1	06-Jun-2015	skrll	Sync with HEAD
1.28.30.1	03-Apr-2021	thorpej	Sync with HEAD.
1.13	16-Jan-2017	christos	use in6_print
1.12	16-Jan-2017	ryo	Make ip6_sprintf(), in_fmtaddr(), lla_snprintf() and icmp6_redirect_diag() mpsafe. Reviewed by ozaki-r@
1.11	18-May-2011	drochner	branches: 1.11.14; 1.11.32; 1.11.36; 1.11.40; remove unused expression
1.10	12-Apr-2010	ahoka	branches: 1.10.2; - Make the pf and pflog driver able to detach. - Add code for module support. Original patch from Jared McNeill
1.9	28-Jul-2009	minskim	branches: 1.9.2; 1.9.4; Remove LKM code from pf.
1.8	18-Jun-2008	yamt	merge yamt-pf42 branch. (import newer pf from OpenBSD 4.2) ok'ed by peter@. requested by core@
1.7	11-Dec-2007	lukem	branches: 1.7.8; 1.7.10; 1.7.12; 1.7.14; 1.7.16; use __KERNEL_RCSID()
1.6	12-Mar-2007	ad	branches: 1.6.14; 1.6.22; 1.6.24; 1.6.26; Pass an ipl argument to pool_init/POOL_INIT to be used when initializing the pool's lock.
1.5	11-Dec-2005	christos	branches: 1.5.26; 1.5.30; merge ktrace-lwp.
1.4	14-Nov-2004	yamt	branches: 1.4.12; resolve conflicts. (pf from OpenBSD 3.6, kernel part)
1.3	29-Jun-2004	itojun	branches: 1.3.2; make PF lkm working. from Peter Postma and Joel Wilsson. remove pf_ioctl_head/pf_newif_head, which was never used.
1.2	22-Jun-2004	itojun	PF from openbsd 3.5. missing features: - pfsync (due to protocol # assignment issues) - carp (not really a PF portion, but thought important to mention) - PF and ALTQ are mutually-exclusive. this will be sorted out when kjc@csl.sony.co.jp updates ALTQ and PF (and API inbetween) reviewed by matt, christos, perry torture-test is very welcomed.
1.1	22-Jun-2004	itojun	branches: 1.1.1; Initial revision
1.1.1.3	01-Dec-2009	martti	Import PF from OpenBSD 4.2
1.1.1.2	14-Nov-2004	yamt	import pf from OpenBSD 3.6. (kernel part)
1.1.1.1	22-Jun-2004	itojun	PF from OpenBSD 3.5
1.3.2.5	29-Nov-2004	skrll	Sync with HEAD.
1.3.2.4	21-Sep-2004	skrll	Fix the sync with head I botched.
1.3.2.3	18-Sep-2004	skrll	Sync with HEAD.
1.3.2.2	03-Aug-2004	skrll	Sync with HEAD
1.3.2.1	29-Jun-2004	skrll	file pf_osfp.c was added on branch ktrace-lwp on 2004-08-03 10:52:23 +0000
1.4.12.2	21-Jan-2008	yamt	sync with head
1.4.12.1	03-Sep-2007	yamt	sync with head.
1.5.30.1	13-Mar-2007	ad	Sync with head.
1.5.26.1	24-Mar-2007	yamt	sync with head.
1.6.26.1	13-Dec-2007	bouyer	Sync with HEAD
1.6.24.1	11-Dec-2007	yamt	sync with head.
1.6.22.1	26-Dec-2007	ad	Sync with head.
1.6.14.1	09-Jan-2008	matt	sync with HEAD
1.7.16.1	18-Jun-2008	simonb	Sync with head.
1.7.14.1	23-Jun-2008	wrstuden	Sync w/ -current. 34 merge conflicts to follow.
1.7.12.3	11-Aug-2010	yamt	sync with head.
1.7.12.2	19-Aug-2009	yamt	sync with head.
1.7.12.1	04-May-2009	yamt	sync with head.
1.7.10.1	19-Apr-2008	yamt	Peter Postma's work-in-progress pf import from OpenBSD 4.2. updated to -current by me.
1.7.8.1	29-Jun-2008	mjf	Sync with HEAD.
1.9.4.2	31-May-2011	rmind	sync with head
1.9.4.1	30-May-2010	rmind	sync with head
1.9.2.1	30-Apr-2010	uebayasi	Sync with HEAD.
1.10.2.1	06-Jun-2011	jruoho	Sync with HEAD.
1.11.40.1	21-Apr-2017	bouyer	Sync with HEAD
1.11.36.1	20-Mar-2017	pgoyette	Sync with HEAD
1.11.32.1	05-Feb-2017	skrll	Sync with HEAD
1.11.14.1	03-Dec-2017	jdolecek	update from HEAD
1.2	18-Jun-2008	yamt	branches: 1.2.2; 1.2.4; merge yamt-pf42 branch. (import newer pf from OpenBSD 4.2) ok'ed by peter@. requested by core@
1.1	19-Apr-2008	yamt	branches: 1.1.1; 1.1.2; 1.1.4; 1.1.6; file pf_ruleset.c was initially added on branch yamt-pf42.
1.1.6.1	18-Jun-2008	simonb	Sync with head.
1.1.4.1	04-May-2009	yamt	sync with head.
1.1.2.1	19-Apr-2008	yamt	Peter Postma's work-in-progress pf import from OpenBSD 4.2. updated to -current by me.
1.1.1.1	01-Dec-2009	martti	Import PF from OpenBSD 4.2
1.2.4.2	29-Jun-2008	mjf	Sync with HEAD.
1.2.4.1	18-Jun-2008	mjf	file pf_ruleset.c was added on branch mjf-devfs2 on 2008-06-29 09:33:12 +0000
1.2.2.2	23-Jun-2008	wrstuden	Add files to branch that were added on -current. After this, all that's left of update is to merge some changes that had conflicts.
1.2.2.1	18-Jun-2008	wrstuden	file pf_ruleset.c was added on branch wrstuden-revivesa on 2008-06-23 05:02:13 +0000
1.19	04-Dec-2020	thorpej	In pfr_fix_anchor(), change an overlapping bcopy() call to a memmove() call.
1.18	14-Feb-2018	maya	branches: 1.18.16; Don't invoke UB. Heads up by John D. Baker.
1.17	11-May-2011	hauke	Commit the patch from <http://mail-index.netbsd.org/current-users/2010/09/12/msg014289.html>, fixing a "panic: pool 'pfrktable' is IPL_NONE, but called from interrupt context" that occurred on NetBSD/sparc.
1.16	12-Apr-2010	ahoka	branches: 1.16.2; - Make the pf and pflog driver able to detach. - Add code for module support. Original patch from Jared McNeill
1.15	28-Jul-2009	minskim	branches: 1.15.2; 1.15.4; Remove LKM code from pf.
1.14	18-Jun-2008	yamt	merge yamt-pf42 branch. (import newer pf from OpenBSD 4.2) ok'ed by peter@. requested by core@
1.13	11-Dec-2007	lukem	branches: 1.13.8; 1.13.10; 1.13.12; 1.13.14; 1.13.16; use __KERNEL_RCSID()
1.12	12-Mar-2007	ad	branches: 1.12.14; 1.12.22; 1.12.24; 1.12.26; Pass an ipl argument to pool_init/POOL_INIT to be used when initializing the pool's lock.
1.11	04-Mar-2007	christos	branches: 1.11.2; Kill caddr_t; there will be some MI fallout, but it will be fixed shortly.
1.10	04-Dec-2006	dyoung	branches: 1.10.2; Make code concise by removing uninformative #ifdef's.
1.9	23-May-2006	peter	branches: 1.9.6; 1.9.8; Initialize h4 and h6 to NULL. Fixes a panic reported by Mipam on -current-users.
1.8	21-May-2006	christos	Fix strict aliasing issues and while I am here fix a memory leak on error
1.7	11-Dec-2005	christos	branches: 1.7.4; 1.7.6; 1.7.8; 1.7.12; 1.7.14; merge ktrace-lwp.
1.6	01-Jul-2005	peter	branches: 1.6.2; Resolve conflicts (pf from OpenBSD 3.7, kernel part).
1.5	14-Nov-2004	yamt	resolve conflicts. (pf from OpenBSD 3.6, kernel part)
1.4	09-Sep-2004	yamt	pull following fixes from openbsd. ok'ed by itojun. > ---------------------------- > revision 1.58 > date: 2004/06/23 04:34:17; author: mcbride; state: Exp; lines: +5 -3 > pfr_commit_ktable calls functions that can result in the current > ktable being destroyed, which makes it unsafe in a SLIST_FOREACH. > > Fix from Chris Pascoe > ---------------------------- > revision 1.56 > date: 2004/06/11 05:21:20; author: mcbride; state: Exp; lines: +5 -3 > Eliminate a dereference after pool_put when an inactive/no-longer referenced > table is destroyed in pfr_setflags_ktable. > > Fix from Chris Pascoe > ----------------------------
1.3	29-Jun-2004	itojun	branches: 1.3.2; make PF lkm working. from Peter Postma and Joel Wilsson. remove pf_ioctl_head/pf_newif_head, which was never used.
1.2	22-Jun-2004	itojun	PF from openbsd 3.5. missing features: - pfsync (due to protocol # assignment issues) - carp (not really a PF portion, but thought important to mention) - PF and ALTQ are mutually-exclusive. this will be sorted out when kjc@csl.sony.co.jp updates ALTQ and PF (and API inbetween) reviewed by matt, christos, perry torture-test is very welcomed.
1.1	22-Jun-2004	itojun	branches: 1.1.1; Initial revision
1.1.1.4	01-Dec-2009	martti	Import PF from OpenBSD 4.2
1.1.1.3	01-Jul-2005	peter	Import pf from OpenBSD 3.7 (kernel part).
1.1.1.2	14-Nov-2004	yamt	import pf from OpenBSD 3.6. (kernel part)
1.1.1.1	22-Jun-2004	itojun	PF from OpenBSD 3.5
1.3.2.6	10-Nov-2005	skrll	Sync with HEAD. Here we go again...
1.3.2.5	29-Nov-2004	skrll	Sync with HEAD.
1.3.2.4	21-Sep-2004	skrll	Fix the sync with head I botched.
1.3.2.3	18-Sep-2004	skrll	Sync with HEAD.
1.3.2.2	03-Aug-2004	skrll	Sync with HEAD
1.3.2.1	29-Jun-2004	skrll	file pf_table.c was added on branch ktrace-lwp on 2004-08-03 10:52:23 +0000
1.6.2.4	21-Jan-2008	yamt	sync with head
1.6.2.3	03-Sep-2007	yamt	sync with head.
1.6.2.2	30-Dec-2006	yamt	sync with head.
1.6.2.1	21-Jun-2006	yamt	sync with head.
1.7.14.1	19-Jun-2006	chap	Sync with head.
1.7.12.1	24-May-2006	tron	Merge 2006-05-24 NetBSD-current into the "peter-altq" branch.
1.7.8.1	24-May-2006	yamt	sync with head.
1.7.6.1	01-Jun-2006	kardel	Sync with head.
1.7.4.1	09-Sep-2006	rpaulo	sync with head
1.9.8.1	10-Dec-2006	yamt	sync with head.
1.9.6.1	12-Jan-2007	ad	Sync with head.
1.10.2.2	24-Mar-2007	yamt	sync with head.
1.10.2.1	12-Mar-2007	rmind	Sync with HEAD.
1.11.2.1	13-Mar-2007	ad	Sync with head.
1.12.26.1	13-Dec-2007	bouyer	Sync with HEAD
1.12.24.1	11-Dec-2007	yamt	sync with head.
1.12.22.1	26-Dec-2007	ad	Sync with head.
1.12.14.1	09-Jan-2008	matt	sync with HEAD
1.13.16.1	18-Jun-2008	simonb	Sync with head.
1.13.14.1	23-Jun-2008	wrstuden	Sync w/ -current. 34 merge conflicts to follow.
1.13.12.3	11-Aug-2010	yamt	sync with head.
1.13.12.2	19-Aug-2009	yamt	sync with head.
1.13.12.1	04-May-2009	yamt	sync with head.
1.13.10.1	19-Apr-2008	yamt	Peter Postma's work-in-progress pf import from OpenBSD 4.2. updated to -current by me.
1.13.8.1	29-Jun-2008	mjf	Sync with HEAD.
1.15.4.2	31-May-2011	rmind	sync with head
1.15.4.1	30-May-2010	rmind	sync with head
1.15.2.1	30-Apr-2010	uebayasi	Sync with HEAD.
1.16.2.1	06-Jun-2011	jruoho	Sync with HEAD.
1.18.16.1	14-Dec-2020	thorpej	Sync w/ HEAD.
1.23	05-Mar-2020	riastradh	Need opt_inet.h for #ifdef INET, INET6.
1.22	05-Jun-2014	rmind	branches: 1.22.28; 1.22.32; - Implement pktqueue interface for lockless IP input queue. - Replace ipintrq and ip6intrq with the pktqueue mechanism. - Eliminate kernel-lock from ipintr() and ip6intr(). - Some preparation work to push softnet_lock out of ipintr(). Discussed on tech-net.
1.21	20-Oct-2013	christos	branches: 1.21.2; fix compiler warnings
1.20	11-Jan-2012	drochner	branches: 1.20.6; 1.20.10; protect "union sockaddr_union" from being defined twice by a CPP symbol (copied from FreeBSD), allows coexistence of (FAST_)IPSEC and pf
1.19	07-May-2010	degroote	branches: 1.19.8; 1.19.12; Add support for pfs(8) pfs(8) is a tool similar to ipfs(8) but for pf(4). It allows the admin to dump internal configuration of pf, and restore at a latter point, after a maintenance reboot for example, in a transparent way for user. This work has been done mostly during my GSoC 2009 No objections on tech-net@
1.18	12-Apr-2010	ahoka	- Make the pf and pflog driver able to detach. - Add code for module support. Original patch from Jared McNeill
1.17	28-Jul-2009	minskim	branches: 1.17.2; 1.17.4; Remove LKM code from pf.
1.16	18-Jun-2008	yamt	merge yamt-pf42 branch. (import newer pf from OpenBSD 4.2) ok'ed by peter@. requested by core@
1.15	07-Aug-2007	yamt	branches: 1.15.22; 1.15.24; 1.15.26; 1.15.28; 1.15.30; reduce diff.
1.14	04-Mar-2007	christos	branches: 1.14.2; 1.14.10; 1.14.14; Kill caddr_t; there will be some MI fallout, but it will be fixed shortly.
1.13	04-Dec-2006	dyoung	branches: 1.13.2; Lightly constify. Helps compile-time checking that we are not scribbling over shared or read-only memory---e.g., in mbufs.
1.12	07-Jun-2006	kardel	branches: 1.12.6; 1.12.8; merge FreeBSD timecounters from branch simonb-timecounters - struct timeval time is gone time.tv_sec -> time_second - struct timeval mono_time is gone mono_time.tv_sec -> time_uptime - access to time via {get,}{micro,nano,bin}time() get* versions are fast but less precise - support NTP nanokernel implementation (NTP API 4) - further reading: Timecounter Paper: http://phk.freebsd.dk/pubs/timecounter.pdf NTP Nanokernel: http://www.eecis.udel.edu/~mills/ntp/html/kern.html
1.11	17-Jan-2006	peter	branches: 1.11.2; 1.11.4; 1.11.6; 1.11.10; 1.11.12; Include netinet/in.h, for compatibility with OpenBSD (we #ifdef'ed out a header which includes netinet/in.h on OpenBSD). Pointed out by Thomas E. Spanjaard. No objection from yamt@.
1.10	11-Dec-2005	christos	branches: 1.10.2; merge ktrace-lwp.
1.9	01-Jul-2005	peter	branches: 1.9.2; Resolve conflicts (pf from OpenBSD 3.7, kernel part).
1.8	04-Dec-2004	peter	Don't put the hook definitions into #ifdef _KERNEL. (needed to compile pf programs because of the previous change)
1.7	04-Dec-2004	yamt	plug pfik_ifaddrhooks leaks by embedding it to pfi_kif.
1.6	14-Nov-2004	yamt	resolve conflicts. (pf from OpenBSD 3.6, kernel part)
1.5	28-Sep-2004	dyoung	"RB_PROTOTYPE();" does not lint because you end up with two consecutive semicolons, so let's use RB_PROTOTYPE() alone.
1.4	27-Jul-2004	yamt	branches: 1.4.2; - rename PFIL_NEWIF to PFIL_IFNET, and handle interface detach events as well. - use it for pf(4). mostly from Peter Postma. PR/26403.
1.3	29-Jun-2004	itojun	make PF lkm working. from Peter Postma and Joel Wilsson. remove pf_ioctl_head/pf_newif_head, which was never used.
1.2	22-Jun-2004	itojun	PF from openbsd 3.5. missing features: - pfsync (due to protocol # assignment issues) - carp (not really a PF portion, but thought important to mention) - PF and ALTQ are mutually-exclusive. this will be sorted out when kjc@csl.sony.co.jp updates ALTQ and PF (and API inbetween) reviewed by matt, christos, perry torture-test is very welcomed.
1.1	22-Jun-2004	itojun	branches: 1.1.1; Initial revision
1.1.1.4	01-Dec-2009	martti	Import PF from OpenBSD 4.2
1.1.1.3	01-Jul-2005	peter	Import pf from OpenBSD 3.7 (kernel part).
1.1.1.2	14-Nov-2004	yamt	import pf from OpenBSD 3.6. (kernel part)
1.1.1.1	22-Jun-2004	itojun	PF from OpenBSD 3.5
1.4.2.8	10-Nov-2005	skrll	Sync with HEAD. Here we go again...
1.4.2.7	18-Dec-2004	skrll	Sync with HEAD.
1.4.2.6	29-Nov-2004	skrll	Sync with HEAD.
1.4.2.5	19-Oct-2004	skrll	Sync with HEAD
1.4.2.4	21-Sep-2004	skrll	Fix the sync with head I botched.
1.4.2.3	18-Sep-2004	skrll	Sync with HEAD.
1.4.2.2	03-Aug-2004	skrll	Sync with HEAD
1.4.2.1	27-Jul-2004	skrll	file pfvar.h was added on branch ktrace-lwp on 2004-08-03 10:52:23 +0000
1.9.2.3	03-Sep-2007	yamt	sync with head.
1.9.2.2	30-Dec-2006	yamt	sync with head.
1.9.2.1	21-Jun-2006	yamt	sync with head.
1.10.2.1	01-Feb-2006	yamt	sync with head.
1.11.12.1	19-Jun-2006	chap	Sync with head.
1.11.10.1	25-Sep-2006	peter	sync with head.
1.11.6.1	26-Jun-2006	yamt	sync with head.
1.11.4.1	04-Feb-2006	simonb	NetBSD has getmicrouptime() now.
1.11.2.1	09-Sep-2006	rpaulo	sync with head
1.12.8.1	10-Dec-2006	yamt	sync with head.
1.12.6.1	12-Jan-2007	ad	Sync with head.
1.13.2.1	12-Mar-2007	rmind	Sync with HEAD.
1.14.14.1	09-Aug-2007	jmcneill	Sync with HEAD.
1.14.10.1	15-Aug-2007	skrll	Sync with HEAD.
1.14.2.1	20-Aug-2007	ad	Sync with HEAD.
1.15.30.1	18-Jun-2008	simonb	Sync with head.
1.15.28.1	23-Jun-2008	wrstuden	Sync w/ -current. 34 merge conflicts to follow.
1.15.26.3	11-Aug-2010	yamt	sync with head.
1.15.26.2	19-Aug-2009	yamt	sync with head.
1.15.26.1	04-May-2009	yamt	sync with head.
1.15.24.1	19-Apr-2008	yamt	Peter Postma's work-in-progress pf import from OpenBSD 4.2. updated to -current by me.
1.15.22.1	29-Jun-2008	mjf	Sync with HEAD.
1.17.4.1	30-May-2010	rmind	sync with head
1.17.2.2	17-Aug-2010	uebayasi	Sync with HEAD.
1.17.2.1	30-Apr-2010	uebayasi	Sync with HEAD.
1.19.12.1	18-Feb-2012	mrg	merge to -current.
1.19.8.2	22-May-2014	yamt	sync with head. for a reference, the tree before this commit was tagged as yamt-pagecache-tag8. this commit was splitted into small chunks to avoid a limitation of cvs. ("Protocol error: too many arguments")
1.19.8.1	17-Apr-2012	yamt	sync with head
1.20.10.1	18-May-2014	rmind	sync with head
1.20.6.1	20-Aug-2014	tls	Rebase to HEAD as of a few days ago.
1.21.2.1	10-Aug-2014	tls	Rebase.
1.22.32.1	19-Mar-2020	martin	Pull up following revision(s) (requested by riastradh in ticket #787): sys/altq/altq_flowvalve.h: revision 1.4 sys/net/zlib.h: revision 1.15 sys/dist/pf/net/pfvar.h: revision 1.23 sys/external/bsd/drm2/dist/include/drm/drmP.h: revision 1.38 sys/external/bsd/drm2/dist/drm/drm_drv.c: revision 1.13 sys/net/slcompress.h: revision 1.20 Need opt_inet.h for #ifdef INET, INET6. Avoid duplicate definition of internal_state struct. Avoid struct inode. This is an fs-independent structure in Linux. We don't actually use it as such; it's just a dummy struct tag. But we do have an actual struct inode in ufs and in lfs, and using the same struct tag here confuses ctf leading to four copies of pretty much every drm data structure.
1.22.28.1	08-Apr-2020	martin	Merge changes from current as of 20200406

OpenGrok