| History log of /src/sys/dist/pf/net/pf_ioctl.c |
| Revision | | Date | Author | Comments |
| 1.58 |
| 28-Mar-2022 |
riastradh | driver(9): devsw_detach never fails. Make it return void.
Prune a whole lotta dead branches as a result of this. (Some logic
calling this is also wrong for other reasons; devsw_detach is final
-- you should never have any reason to decide to roll it back. To be
cleaned up in subsequent commits...)
XXX kernel ABI change to devsw_detach signature requires bump
|
| 1.57 |
| 21-Feb-2020 |
joerg | Explicitly cast pointers to uintptr_t before casting to enums. They are
not necessarily the same size. Don't cast pointers to bool, check for
NULL instead.
|
| 1.56 |
| 10-Aug-2018 |
maxv | branches: 1.56.6;
Fix compilation of PF/IPF...
|
| 1.55 |
| 10-Aug-2018 |
maxv | Rename
ip6_undefer_csum -> in6_undefer_cksum
in6_delayed_cksum -> in6_undefer_cksum_tcpudp
The two previous names were inconsistent and misleading.
Put the two functions into in6_offload.c. Add comments to explain what
we're doing.
Same as IPv4.
|
| 1.54 |
| 11-Jul-2018 |
kre | Fix build. pf_ioctl.c needs netinet/in_offload.h (after previous change).
Because this is in a module, apparently, that means that netinet_in_offload.h
needs to get installed in /usr/include, so do that as well.
Feel free to fix this in a better way...
|
| 1.53 |
| 11-Jul-2018 |
maxv | Rename
ip_undefer_csum -> in_undefer_cksum
in_delayed_cksum -> in_undefer_cksum_tcpudp
The two previous names were inconsistent and misleading.
Put the two functions into in_offload.c. Add comments to explain what
we're doing.
The same could be done for IPv6.
|
| 1.52 |
| 15-Oct-2017 |
pgoyette | branches: 1.52.2; 1.52.4;
Defer initialization of pf_status.host_id
The call to cprng_fast32() requires that per-cpu data has been initialized
by corng_fast_init(), which doesn't get called until after the first part
of auto-configuration is done, long after pfattach() calls cprng_fast32().
Fixed PR kern/52620
XXX This needs pull-up to the -8 branch.
|
| 1.51 |
| 20-Aug-2015 |
christos | branches: 1.51.8; 1.51.10;
include "ioconf.h" to get the 'void <driver>attach(int count);' prototype.
|
| 1.50 |
| 25-Jul-2014 |
dholland | branches: 1.50.4;
Add d_discard to all struct cdevsw instances I could find.
All have been set to "nodiscard"; some should get a real implementation.
|
| 1.49 |
| 16-Mar-2014 |
dholland | branches: 1.49.2;
Change (mostly mechanically) every cdevsw/bdevsw I can find to use
designated initializers.
I have not built every extant kernel so I have probably broken at
least one build; however I've also found and fixed some wrong
cdevsw/bdevsw entries so even if so I think we come out ahead.
|
| 1.48 |
| 01-Jul-2013 |
skrll | PFIL_HOOKS is dead.
|
| 1.47 |
| 30-Jun-2013 |
rmind | Update pf to pfil(9) changes. Missed in previous commit.
|
| 1.46 |
| 28-Nov-2011 |
tls | branches: 1.46.8; 1.46.12;
Remove arc4random() and arc4randbytes() from the kernel API. Replace
arc4random() hacks in rump with stubs that call the host arc4random() to
get numbers that are hopefully actually random (arc4random() keyed with
stack junk is not). This should fix some of the currently failing anita
tests -- we should no longer generate duplicate "random" MAC addresses in
the test environment.
|
| 1.45 |
| 30-Aug-2011 |
jmcneill | branches: 1.45.2;
fix -Wshadow warnings when ALTQ is enabled
|
| 1.44 |
| 29-Aug-2011 |
jmcneill | build pf module with WARNS=3, and remove the need for -Wno-shadow
|
| 1.43 |
| 19-Jan-2011 |
drochner | make sure the "overload_tbl" member of "struct pf_rule" copied in
from userland is initialized (it is used by the kernel only)
fixes crash or data injection (CVE-2010-3830), usually by root user only
OpenBSD has rewritten the code to start with a zero'd struct and fills
in needed parts only - to be considered in case a newer pf version
is imported.
|
| 1.42 |
| 07-May-2010 |
degroote | branches: 1.42.2;
Add support for pfs(8)
pfs(8) is a tool similar to ipfs(8) but for pf(4). It allows the admin to
dump internal configuration of pf, and restore at a latter point, after a
maintenance reboot for example, in a transparent way for user.
This work has been done mostly during my GSoC 2009
No objections on tech-net@
|
| 1.41 |
| 13-Apr-2010 |
ahoka | Do not unload pf when enabled, not even manually.
|
| 1.40 |
| 13-Apr-2010 |
ahoka | change module class to driver.
|
| 1.39 |
| 13-Apr-2010 |
ahoka | Do not auto unload pf if it's enabled.
|
| 1.38 |
| 12-Apr-2010 |
ahoka | - Make the pf and pflog driver able to detach.
- Add code for module support.
Original patch from Jared McNeill
|
| 1.37 |
| 03-Oct-2009 |
elad | branches: 1.37.2; 1.37.4;
Move firewall/NAT policy back to respective subsystems (pf, ipf).
Note: the ipf code contains a lot of ifdefs, some of them for NetBSD
versions that are no longer maintained. It won't make the code more
readable, but we should consider removing them.
|
| 1.36 |
| 14-Sep-2009 |
degroote | Import pfsync support from OpenBSD 4.2
Pfsync interface exposes change in the pf(4) over a pseudo-interface, and can
be used to synchronise different pf.
This work was part of my 2009 GSoC
No objection on tech-net@
|
| 1.35 |
| 28-Jul-2009 |
minskim | Remove LKM code from pf.
|
| 1.34 |
| 22-Jun-2008 |
peter | Wrap definition of pfil6_wrapper in #ifdef INET6.
From Scott Ellis in PR/39007.
|
| 1.33 |
| 18-Jun-2008 |
yamt | merge yamt-pf42 branch.
(import newer pf from OpenBSD 4.2)
ok'ed by peter@. requested by core@
|
| 1.32 |
| 11-Dec-2007 |
lukem | branches: 1.32.8; 1.32.10; 1.32.12; 1.32.14; 1.32.16;
use __KERNEL_RCSID()
|
| 1.31 |
| 09-Jul-2007 |
ad | branches: 1.31.8; 1.31.16; 1.31.18; 1.31.20;
Merge some of the less invasive changes from the vmlocking branch:
- kthread, callout, devsw API changes
- select()/poll() improvements
- miscellaneous MT safety improvements
|
| 1.30 |
| 12-Mar-2007 |
ad | branches: 1.30.2;
Pass an ipl argument to pool_init/POOL_INIT to be used when initializing
the pool's lock.
|
| 1.29 |
| 04-Mar-2007 |
christos | branches: 1.29.2;
Kill caddr_t; there will be some MI fallout, but it will be fixed shortly.
|
| 1.28 |
| 16-Nov-2006 |
christos | branches: 1.28.4;
__unused removal on arguments; approved by core.
|
| 1.27 |
| 12-Oct-2006 |
peter | Merge the peter-altq branch.
(sync with KAME & add support for using ALTQ with pf(4)).
|
| 1.26 |
| 12-Oct-2006 |
christos | - sprinkle __unused on function decls.
- fix a couple of unused bugs
- no more -Wno-unused for i386
|
| 1.25 |
| 01-Oct-2006 |
pavel | In pf, there are lots of #ifdef ALTQ, but our ALTQ is not what pf expects,
and if ALTQ and pf are both enabled, it leads to compile errors. So,
change all tests for ALTQ to ALTQ_NEW, which won't be defined.
This allows simultaneous compilation of pf and ALTQ and is a temporary
measure before the peter-altq brach is merged.
Tested and approved by Peter Postma.
|
| 1.24 |
| 19-Sep-2006 |
elad | Remove ugly (void *) casts from network scope authorization wrapper and
calls to it.
While here, adapt code for system scope listeners to avoid some more
casts (forgotten in previous run).
Update documentation.
|
| 1.23 |
| 08-Sep-2006 |
elad | branches: 1.23.2;
First take at security model abstraction.
- Add a few scopes to the kernel: system, network, and machdep.
- Add a few more actions/sub-actions (requests), and start using them as
opposed to the KAUTH_GENERIC_ISSUSER place-holders.
- Introduce a basic set of listeners that implement our "traditional"
security model, called "bsd44". This is the default (and only) model we
have at the moment.
- Update all relevant documentation.
- Add some code and docs to help folks who want to actually use this stuff:
* There's a sample overlay model, sitting on-top of "bsd44", for
fast experimenting with tweaking just a subset of an existing model.
This is pretty cool because it's *really* straightforward to do stuff
you had to use ugly hacks for until now...
* And of course, documentation describing how to do the above for quick
reference, including code samples.
All of these changes were tested for regressions using a Python-based
testsuite that will be (I hope) available soon via pkgsrc. Information
about the tests, and how to write new ones, can be found on:
http://kauth.linbsd.org/kauthwiki
NOTE FOR DEVELOPERS: *PLEASE* don't add any code that does any of the
following:
- Uses a KAUTH_GENERIC_ISSUSER kauth(9) request,
- Checks 'securelevel' directly,
- Checks a uid/gid directly.
(or if you feel you have to, contact me first)
This is still work in progress; It's far from being done, but now it'll
be a lot easier.
Relevant mailing list threads:
http://mail-index.netbsd.org/tech-security/2006/01/25/0011.html
http://mail-index.netbsd.org/tech-security/2006/03/24/0001.html
http://mail-index.netbsd.org/tech-security/2006/04/18/0000.html
http://mail-index.netbsd.org/tech-security/2006/05/15/0000.html
http://mail-index.netbsd.org/tech-security/2006/08/01/0000.html
http://mail-index.netbsd.org/tech-security/2006/08/25/0000.html
Many thanks to YAMAMOTO Takashi, Matt Thomas, and Christos Zoulas for help
stablizing kauth(9).
Full credit for the regression tests, making sure these changes didn't break
anything, goes to Matt Fleming and Jaime Fournier.
Happy birthday Randi! :)
|
| 1.22 |
| 03-Sep-2006 |
christos | branches: 1.22.2;
add missing initializer
|
| 1.21 |
| 11-Dec-2005 |
christos | branches: 1.21.4; 1.21.8; 1.21.12;
merge ktrace-lwp.
|
| 1.20 |
| 11-Aug-2005 |
yamt | pfil6_wrapper: handle M_CSUM_TCPv6|M_CSUM_UDPv6.
|
| 1.19 |
| 06-Aug-2005 |
yamt | wrap INET only code by #if defined(INET). (in __NetBSD__ part)
|
| 1.18 |
| 26-Jul-2005 |
peter | pf_test() can set *mp to NULL, check for this before de-referencing it.
From Akihiro Sagawa in PR/30835.
|
| 1.17 |
| 01-Jul-2005 |
peter | branches: 1.17.2;
Resolve conflicts (pf from OpenBSD 3.7, kernel part).
|
| 1.16 |
| 15-Mar-2005 |
peter | branches: 1.16.2;
Fix a GCC warning when compiling on evbppc.
From FUKAUMI Naoki in PR #29669.
|
| 1.15 |
| 14-Feb-2005 |
peter | Merge in a fix from OPENBSD_3_6.
ok yamt@
> MFC:
> Fix by dhartmei@
>
> replace finer-grained spl locking in pfioctl() with a single broad lock
> around the entire body. this resolves the (misleading) panics in
> pf_tag_packet() during heavy ioctl operations (like when using authpf)
> that occur because softclock can interrupt ioctl on i386 since SMP.
> patch from camield@.
|
| 1.14 |
| 01-Jan-2005 |
yamt | branches: 1.14.2; 1.14.4;
pfil4_wrapper: clear M_CANFASTFWD which is not compatible with pf.
|
| 1.13 |
| 04-Dec-2004 |
peter | Improve the cleanup routines for detachment. Fixes PR 28132.
Reviewed by yamt.
|
| 1.12 |
| 14-Nov-2004 |
yamt | resolve conflicts. (pf from OpenBSD 3.6, kernel part)
|
| 1.11 |
| 13-Nov-2004 |
yamt | backout whitespace changes to make further import easier.
|
| 1.10 |
| 06-Sep-2004 |
yamt | pfil4_wrapper, pfil6_wrapper:
ensure that mbufs are writable beforehand as pf assumes it.
PR/26433.
|
| 1.9 |
| 27-Jul-2004 |
yamt | branches: 1.9.2;
- rename PFIL_NEWIF to PFIL_IFNET, and handle interface detach events
as well.
- use it for pf(4).
mostly from Peter Postma. PR/26403.
|
| 1.8 |
| 26-Jul-2004 |
yamt | fix dynaddr tracking.
from Peter Postma, PR/26369.
ok'ed by itojun.
|
| 1.7 |
| 26-Jul-2004 |
yamt | call PFIL_NEWIF hooks at a correct place.
(on SIOCAIFADDR rather than SIOCGIFALIAS.)
from Peter Postma, PR/26402.
ok'ed by itojun.
|
| 1.6 |
| 29-Jun-2004 |
itojun | make PF lkm working. from Peter Postma and Joel Wilsson.
remove pf_ioctl_head/pf_newif_head, which was never used.
|
| 1.5 |
| 25-Jun-2004 |
itojun | PR kern/26011: pf leaks mbufs on disallowed packets. Peter Postma
|
| 1.4 |
| 22-Jun-2004 |
martin | Make it compile on non-IPv6 kernels.
|
| 1.3 |
| 22-Jun-2004 |
christos | add a pfdetach() method to be used by lkm's
|
| 1.2 |
| 22-Jun-2004 |
itojun | PF from openbsd 3.5. missing features:
- pfsync (due to protocol # assignment issues)
- carp (not really a PF portion, but thought important to mention)
- PF and ALTQ are mutually-exclusive. this will be sorted out when
kjc@csl.sony.co.jp updates ALTQ and PF (and API inbetween)
reviewed by matt, christos, perry
torture-test is very welcomed.
|
| 1.1 |
| 22-Jun-2004 |
itojun | branches: 1.1.1;
Initial revision
|
| 1.1.1.4 |
| 01-Dec-2009 |
martti | Import PF from OpenBSD 4.2
|
| 1.1.1.3 |
| 01-Jul-2005 |
peter | Import pf from OpenBSD 3.7 (kernel part).
|
| 1.1.1.2 |
| 14-Nov-2004 |
yamt | import pf from OpenBSD 3.6. (kernel part)
|
| 1.1.1.1 |
| 22-Jun-2004 |
itojun | PF from OpenBSD 3.5
|
| 1.9.2.11 |
| 10-Nov-2005 |
skrll | Sync with HEAD. Here we go again...
|
| 1.9.2.10 |
| 01-Apr-2005 |
skrll | Sync with HEAD.
|
| 1.9.2.9 |
| 15-Feb-2005 |
skrll | Sync with HEAD.
|
| 1.9.2.8 |
| 17-Jan-2005 |
skrll | Sync with HEAD.
|
| 1.9.2.7 |
| 18-Dec-2004 |
skrll | Sync with HEAD.
|
| 1.9.2.6 |
| 29-Nov-2004 |
skrll | Sync with HEAD.
|
| 1.9.2.5 |
| 21-Sep-2004 |
skrll | Fix the sync with head I botched.
|
| 1.9.2.4 |
| 18-Sep-2004 |
skrll | Sync with HEAD.
|
| 1.9.2.3 |
| 24-Aug-2004 |
skrll | Adapt to branch.
|
| 1.9.2.2 |
| 03-Aug-2004 |
skrll | Sync with HEAD
|
| 1.9.2.1 |
| 27-Jul-2004 |
skrll | file pf_ioctl.c was added on branch ktrace-lwp on 2004-08-03 10:52:23 +0000
|
| 1.14.4.1 |
| 19-Mar-2005 |
yamt | sync with head. xen and whitespace. xen part is not finished.
|
| 1.14.2.1 |
| 29-Apr-2005 |
kent | sync with -current
|
| 1.16.2.1 |
| 01-Aug-2005 |
tron | Pull up revision 1.18 (requested by peter in ticket #641):
pf_test() can set *mp to NULL, check for this before de-referencing it.
From Akihiro Sagawa in PR/30835.
|
| 1.17.2.4 |
| 21-Jan-2008 |
yamt | sync with head
|
| 1.17.2.3 |
| 03-Sep-2007 |
yamt | sync with head.
|
| 1.17.2.2 |
| 30-Dec-2006 |
yamt | sync with head.
|
| 1.17.2.1 |
| 21-Jun-2006 |
yamt | sync with head.
|
| 1.21.12.2 |
| 25-Sep-2006 |
peter | sync with head.
|
| 1.21.12.1 |
| 18-Mar-2006 |
peter | Use splnet() on NetBSD instead of splimp().
|
| 1.21.8.2 |
| 14-Sep-2006 |
yamt | sync with head.
|
| 1.21.8.1 |
| 03-Sep-2006 |
yamt | sync with head.
|
| 1.21.4.1 |
| 09-Sep-2006 |
rpaulo | sync with head
|
| 1.22.2.1 |
| 18-Nov-2006 |
ad | Sync with head.
|
| 1.23.2.2 |
| 10-Dec-2006 |
yamt | sync with head.
|
| 1.23.2.1 |
| 22-Oct-2006 |
yamt | sync with head
|
| 1.28.4.2 |
| 24-Mar-2007 |
yamt | sync with head.
|
| 1.28.4.1 |
| 12-Mar-2007 |
rmind | Sync with HEAD.
|
| 1.29.2.2 |
| 01-Jul-2007 |
ad | Adapt to callout API change.
|
| 1.29.2.1 |
| 13-Mar-2007 |
ad | Sync with head.
|
| 1.30.2.1 |
| 11-Jul-2007 |
mjf | Sync with head.
|
| 1.31.20.1 |
| 13-Dec-2007 |
bouyer | Sync with HEAD
|
| 1.31.18.1 |
| 11-Dec-2007 |
yamt | sync with head.
|
| 1.31.16.1 |
| 26-Dec-2007 |
ad | Sync with head.
|
| 1.31.8.1 |
| 09-Jan-2008 |
matt | sync with HEAD
|
| 1.32.16.2 |
| 27-Jun-2008 |
simonb | Sync with head.
|
| 1.32.16.1 |
| 18-Jun-2008 |
simonb | Sync with head.
|
| 1.32.14.1 |
| 23-Jun-2008 |
wrstuden | Sync w/ -current. 34 merge conflicts to follow.
|
| 1.32.12.5 |
| 11-Aug-2010 |
yamt | sync with head.
|
| 1.32.12.4 |
| 11-Mar-2010 |
yamt | sync with head
|
| 1.32.12.3 |
| 16-Sep-2009 |
yamt | sync with head
|
| 1.32.12.2 |
| 19-Aug-2009 |
yamt | sync with head.
|
| 1.32.12.1 |
| 04-May-2009 |
yamt | sync with head.
|
| 1.32.10.4 |
| 23-Apr-2008 |
peter | pfdetach: don't purge just one state, but purge them all.
|
| 1.32.10.3 |
| 23-Apr-2008 |
peter | pfdetach: stop the purge thread.
|
| 1.32.10.2 |
| 21-Apr-2008 |
peter | Make this compile when #ifdef _LKM.
|
| 1.32.10.1 |
| 19-Apr-2008 |
yamt | Peter Postma's work-in-progress pf import from OpenBSD 4.2.
updated to -current by me.
|
| 1.32.8.1 |
| 29-Jun-2008 |
mjf | Sync with HEAD.
|
| 1.37.4.2 |
| 05-Mar-2011 |
rmind | sync with head
|
| 1.37.4.1 |
| 30-May-2010 |
rmind | sync with head
|
| 1.37.2.2 |
| 17-Aug-2010 |
uebayasi | Sync with HEAD.
|
| 1.37.2.1 |
| 30-Apr-2010 |
uebayasi | Sync with HEAD.
|
| 1.42.2.1 |
| 06-Jun-2011 |
jruoho | Sync with HEAD.
|
| 1.45.2.2 |
| 22-May-2014 |
yamt | sync with head.
for a reference, the tree before this commit was tagged
as yamt-pagecache-tag8.
this commit was splitted into small chunks to avoid
a limitation of cvs. ("Protocol error: too many arguments")
|
| 1.45.2.1 |
| 17-Apr-2012 |
yamt | sync with head
|
| 1.46.12.2 |
| 18-May-2014 |
rmind | sync with head
|
| 1.46.12.1 |
| 28-Aug-2013 |
rmind | sync with head
|
| 1.46.8.2 |
| 03-Dec-2017 |
jdolecek | update from HEAD
|
| 1.46.8.1 |
| 20-Aug-2014 |
tls | Rebase to HEAD as of a few days ago.
|
| 1.49.2.1 |
| 10-Aug-2014 |
tls | Rebase.
|
| 1.50.4.1 |
| 22-Sep-2015 |
skrll | Sync with HEAD
|
| 1.51.10.1 |
| 25-Oct-2017 |
snj | Pull up following revision(s) (requested by pgoyette in ticket #322):
sys/dist/pf/net/pf_ioctl.c: revision 1.52
Defer initialization of pf_status.host_id
The call to cprng_fast32() requires that per-cpu data has been initialized
by corng_fast_init(), which doesn't get called until after the first part
of auto-configuration is done, long after pfattach() calls cprng_fast32().
Fixed PR kern/52620
|
| 1.51.8.2 |
| 29-Apr-2017 |
pgoyette | Revise previous. Rather than explicitly including <sys/localcount.h>
in all the places where {b,c}devsw is initialized, just include it
from <sys/conf.h>. This avoids an include-sequence dependancy.
|
| 1.51.8.1 |
| 29-Apr-2017 |
pgoyette | Add DEVSW_MODULE_INIT to existing device-driver modules, so that they
willl have a localcount defined and thus be permitted to load. Without
a localcount, loading the module will return EINVAL.
XXX the dtrace and drm stuff might need to be fed back upstream?
|
| 1.52.4.2 |
| 08-Apr-2020 |
martin | Merge changes from current as of 20200406
|
| 1.52.4.1 |
| 10-Jun-2019 |
christos | Sync with HEAD
|
| 1.52.2.2 |
| 06-Sep-2018 |
pgoyette | Sync with HEAD
Resolve a couple of conflicts (result of the uimin/uimax changes)
|
| 1.52.2.1 |
| 28-Jul-2018 |
pgoyette | Sync with HEAD
|
| 1.56.6.1 |
| 29-Feb-2020 |
ad | Sync with head.
|
