Home | History | Annotate | Download | only in npf
History log of /src/sys/net/npf/npf_ext_log.c
RevisionDateAuthorComments
 1.17  30-May-2020  rmind Major NPF improvements (merge from upstream):

- Switch to the C11-style atomic primitives using atomic_loadstore(9).

- npfkern: introduce the 'state.key.interface' and 'state.key.direction'
settings. Users can now choose whether the connection state should be
strictly per-interface or global at the configuration level. Keep NAT
logic to be always per-interface, though.

- npfkern: rewrite the G/C worker logic and make it self-tuning.

- npfkern and libnpf: multiple bug fixes; add param exporting; introduce
more parameters. Remove npf_nvlist_{copyin,copyout}() functions and
refactor npfctl_load_nvlist() with others; add npfctl_run_op() to have
a single entry point for operations. Introduce npf_flow_t and clean up
some code.

- npfctl: lots of fixes for the 'npfctl show' logic; make 'npfctl list'
more informative; misc usability improvements and more user-friendly
error messages.

- Amend and improve the manual pages.
 1.16  29-Jan-2020  thorpej Adopt <net/if_stats.h>.
 1.15  29-Sep-2018  rmind branches: 1.15.4; 1.15.6;
NPF: Major rework -- migrate NPF to the libnv library.
- This conversion significantly simplifies the code and moves NPF to
a binary serialisation format (replacing the XML-like format).
- Fix some memory/reference leaks and possibly use-after-free bugs.
- Bump NPF_VERSION as this change makes libnpf incompatible with the
previous versions. Also, different serialisation format means NPF
connection/config saving and loading is not compatible with the
previous versions either.

Thanks to christos@ for extra testing.
 1.14  26-Jun-2018  msaitoh branches: 1.14.2;
Implement the BPF direction filter (BIOC[GS]DIRECTION). It provides backward
compatibility with BIOC[GS]SEESENT ioctl. The userland interface is the same
as FreeBSD.

This change also fixes a bug that the direction is misunderstand on some
environment by passing the direction to bpf_mtap*() instead of checking
m->m_pkthdr.rcvif.
 1.13  18-Feb-2017  christos branches: 1.13.12;
provide a copy function used for logging that does not lock, but can return
trash.
 1.12  18-Feb-2017  mlelstv npf_ifmap_getname requires the config to be locked. For now, just prevent the
crash.
 1.11  29-Jan-2017  christos - Increase copyin buffer size to 4M
- Change log output format to be like the OpenBSD's pf including in
the header the matching rule etc, and fill in the matching info.
 1.10  26-Dec-2016  christos branches: 1.10.2;
Sync NPF with the version on github: backport standalone NPF changes,
which allow us to create and run separate NPF instances. Minor fixes.
(from rmind@)
 1.9  16-Jun-2016  ozaki-r branches: 1.9.2;
Use if_get_byindex instead of if_byindex for MP-safe
 1.8  20-Jul-2014  rmind branches: 1.8.4;
NPF: add nbuf_t * into npf_cache_t and remove unnecessary carrying by argument.
 1.7  19-May-2014  jakllsch Add ability to have mbufs disappear (to another interface) during
npf_rproc_run(). For upcoming npf_ext_route extension.

Guidance and ok by rmind@.
 1.6  11-Mar-2013  christos branches: 1.6.10;
*"" is not constant according to gcc. So we move the responsibility for adding
a , to the users of the macro.
 1.5  11-Mar-2013  christos - avoid trailing , in dependencies when there are none other the npf module
itself.
- remove if_npflog dependency from npf_ext_log.
 1.4  11-Mar-2013  christos remove the detach that does not belong here anymore.
 1.3  10-Mar-2013  christos Split the npflog cloner and auto-load the extensions.
 1.2  24-Dec-2012  rmind - Rework NPF's nbuf interface: use advancing and ensuring as a main method.
Eliminate unnecessary copy and simplify. Adapt regression tests.
- Simplify ICMP ALG a little. While here, handle ICMP ECHO for traceroute.
- Minor fixes, misc cleanup.
 1.1  16-Sep-2012  rmind branches: 1.1.2; 1.1.4; 1.1.6;
Implement dynamic NPF extensions interface. An extension consists of
dynamically loaded module (.so) supplementing npfctl(8) and a kernel
module. Move normalisation and logging functionality into their own
extensions. More improvements to come.
 1.1.6.6  03-Dec-2017  jdolecek update from HEAD
 1.1.6.5  20-Aug-2014  tls Rebase to HEAD as of a few days ago.
 1.1.6.4  23-Jun-2013  tls resync from head
 1.1.6.3  25-Feb-2013  tls resync with head
 1.1.6.2  20-Nov-2012  tls Resync to 2012-11-19 00:00:00 UTC
 1.1.6.1  16-Sep-2012  tls file npf_ext_log.c was added on branch tls-maxphys on 2012-11-20 03:02:47 +0000
 1.1.4.3  08-Feb-2013  riz Pull up following revision(s) (requested by rmind in ticket #777):
usr.sbin/npf/npfctl/npfctl.c: revision 1.27
sys/net/npf/npf_session.c: revision 1.19
usr.sbin/npf/npftest/libnpftest/npf_mbuf_subr.c: revision 1.4
sys/net/npf/npf_rproc.c: revision 1.5
usr.sbin/npf/npftest/README: revision 1.3
sys/sys/mbuf.h: revision 1.151
sys/net/npf/npf_ruleset.c: revision 1.15
usr.sbin/npf/npftest/libnpftest/npf_nbuf_test.c: revision 1.3
sys/net/npf/npf_ruleset.c: revision 1.16
usr.sbin/npf/npftest/libnpftest/npf_state_test.c: revision 1.4
usr.sbin/npf/npftest/libnpftest/npf_nbuf_test.c: revision 1.4
sys/net/npf/npf_inet.c: revision 1.19
sys/net/npf/npf_instr.c: revision 1.15
sys/net/npf/npf_handler.c: revision 1.24
sys/net/npf/npf_handler.c: revision 1.25
sys/net/npf/npf_state_tcp.c: revision 1.12
sys/net/npf/npf_processor.c: revision 1.13
sys/net/npf/npf_impl.h: revision 1.25
sys/net/npf/npf_processor.c: revision 1.14
sys/net/npf/npf_mbuf.c: revision 1.10
sys/net/npf/npf_alg_icmp.c: revision 1.14
sys/net/npf/npf_mbuf.c: revision 1.9
usr.sbin/npf/npftest/libnpftest/npf_nat_test.c: revision 1.2
usr.sbin/npf/npftest/libnpftest/npf_rule_test.c: revision 1.3
sys/net/npf/npf_session.c: revision 1.20
sys/net/npf/npf_alg.c: revision 1.6
sys/kern/uipc_mbuf.c: revision 1.148
sys/net/npf/npf_inet.c: revision 1.20
sys/net/npf/npf.h: revision 1.25
sys/net/npf/npf_nat.c: revision 1.18
sys/net/npf/npf_state.c: revision 1.13
sys/net/npf/npf_sendpkt.c: revision 1.13
sys/net/npf/npf_ext_log.c: revision 1.2
usr.sbin/npf/npftest/libnpftest/npf_processor_test.c: revision 1.4
sys/net/npf/npf_ext_normalise.c: revision 1.2
- Rework NPF's nbuf interface: use advancing and ensuring as a main method.
Eliminate unnecessary copy and simplify. Adapt regression tests.
- Simplify ICMP ALG a little. While here, handle ICMP ECHO for traceroute.
- Minor fixes, misc cleanup.
Silence gcc in npf_recache().
Add m_ensure_contig() routine, which is equivalent to m_pullup, but does not
destroy the mbuf chain on failure (it is kept valid).
- nbuf_ensure_contig: rework to use m_ensure_contig(9), which will not free
the mbuf chain on failure. Fixes some corner cases. Improve regression
test and sprinkle some asserts.
- npf_reassembly: clear nbuf on IPv6 reassembly failure path (partial fix).
The problem was found and fix provided by Anthony Mallet.
 1.1.4.2  18-Nov-2012  riz Pull up following revision(s) (requested by rmind in ticket #693):
lib/npf/ext_normalise/shlib_version: revision 1.1
lib/libnpf/npf.c: revision 1.13
distrib/sets/lists/modules/mi: revision 1.48
sys/net/npf/npf_rproc.c: revision 1.3
sys/net/npf/npf_rproc.c: revision 1.4
sys/modules/npf/Makefile: revision 1.11
usr.sbin/npf/npfctl/npfctl.h: revision 1.20
lib/npf/ext_log/npfext_log.c: revision 1.1
lib/libnpf/npf.h: revision 1.11
sys/net/npf/npf_inet.c: revision 1.17
sys/net/npf/npf_log.c: file removal
sys/net/npf/npf_handler.c: revision 1.22
distrib/sets/lists/base/shl.mi: revision 1.636
sys/net/npf/npf_impl.h: revision 1.23
usr.sbin/npf/npfctl/Makefile: revision 1.8
lib/npf/Makefile: revision 1.1
lib/npf/ext_log/shlib_version: revision 1.1
lib/Makefile: revision 1.189
distrib/sets/lists/comp/shl.mi: revision 1.236
usr.sbin/npf/npfctl/npf_build.c: revision 1.14
distrib/sets/lists/base/mi: revision 1.1007
usr.sbin/npf/npfctl/npf_scan.l: revision 1.6
distrib/sets/lists/base/mi: revision 1.1009
sys/net/npf/npf.h: revision 1.21
lib/npf/ext_normalise/npfext_normalise.c: revision 1.1
etc/mtree/NetBSD.dist.base: revision 1.105
lib/libnpf/Makefile: revision 1.3
etc/mtree/NetBSD.dist.base: revision 1.106
usr.sbin/npf/npfctl/npf_extmod.c: revision 1.1
sys/net/npf/npf_ctl.c: revision 1.18
lib/npf/ext_log/Makefile: revision 1.1
distrib/sets/lists/comp/mi: revision 1.1781
usr.sbin/npf/npfctl/npf_var.h: revision 1.4
sys/net/npf/npf.c: revision 1.13
sys/modules/Makefile: revision 1.111
sys/net/npf/npf_ext_log.c: revision 1.1
lib/npf/Makefile.inc: revision 1.1
sys/net/npf/npf_ext_normalise.c: revision 1.1
sys/net/npf/files.npf: revision 1.8
sys/rump/net/lib/libnpf/Makefile: revision 1.2
sys/modules/npf_ext_log/Makefile: revision 1.1
lib/npf/ext_normalise/Makefile: revision 1.1
usr.sbin/npf/npfctl/npfctl.c: revision 1.20
usr.sbin/npf/npfctl/npf_parse.y: revision 1.13
sys/modules/npf_ext_normalise/Makefile: revision 1.1
Implement dynamic NPF extensions interface. An extension consists of
dynamically loaded module (.so) supplementing npfctl(8) and a kernel
module. Move normalisation and logging functionality into their own
extensions. More improvements to come.
Add /usr/lib/npf.
Add ./usr/libdata/debug/usr/lib/npf for rmind
Fix MKDEBUG set lists
ext_ops does not change during the life cycle and can be fetched without
the mutex held. This avoids confusion in the compiler about an uninitialized
variable ext_ops.
ok rmind@
 1.1.4.1  16-Sep-2012  riz file npf_ext_log.c was added on branch netbsd-6 on 2012-11-18 22:38:26 +0000
 1.1.2.4  22-May-2014  yamt sync with head.

for a reference, the tree before this commit was tagged
as yamt-pagecache-tag8.

this commit was splitted into small chunks to avoid
a limitation of cvs. ("Protocol error: too many arguments")
 1.1.2.3  23-Jan-2013  yamt sync with head
 1.1.2.2  30-Oct-2012  yamt sync with head
 1.1.2.1  16-Sep-2012  yamt file npf_ext_log.c was added on branch yamt-pagecache on 2012-10-30 17:22:44 +0000
 1.6.10.1  10-Aug-2014  tls Rebase.
 1.8.4.3  28-Aug-2017  skrll Sync with HEAD
 1.8.4.2  05-Feb-2017  skrll Sync with HEAD
 1.8.4.1  09-Jul-2016  skrll Sync with HEAD
 1.9.2.2  20-Mar-2017  pgoyette Sync with HEAD
 1.9.2.1  07-Jan-2017  pgoyette Sync with HEAD. (Note that most of these changes are simply $NetBSD$
tag issues.)
 1.10.2.1  21-Apr-2017  bouyer Sync with HEAD
 1.13.12.2  30-Sep-2018  pgoyette Ssync with HEAD
 1.13.12.1  28-Jul-2018  pgoyette Sync with HEAD
 1.14.2.2  08-Apr-2020  martin Merge changes from current as of 20200406
 1.14.2.1  10-Jun-2019  christos Sync with HEAD
 1.15.6.1  29-Feb-2020  ad Sync with head.
 1.15.4.1  20-Jun-2020  martin Pull up following revision(s) (requested by rmind in ticket #956):

usr.sbin/npf/npf-params.7: revision 1.4
sys/net/npf/npf_worker.c: revision 1.9
usr.sbin/npf/npftest/npftest.h: revision 1.17
usr.sbin/npf/npfctl/npf_bpf_comp.c: revision 1.16
usr.sbin/npf/npf-params.7: revision 1.5
sys/net/npf/npf_state_tcp.c: revision 1.21
usr.sbin/npf/npfctl/npf_build.c: revision 1.55
usr.sbin/npf/npf-params.7: revision 1.6
sys/net/npf/npfkern.h: revision 1.5
lib/libnpf/npf.c: revision 1.49
usr.sbin/npf/npf-params.7: revision 1.7
sys/net/npf/npf_impl.h: revision 1.81
sys/net/npf/npf_ext_log.c: revision 1.17
usr.sbin/npf/npfctl/npfctl.h: revision 1.53
usr.sbin/npf/npftest/libnpftest/npf_mbuf_subr.c: revision 1.11
sys/net/npf/npf_nat.c: revision 1.50
sys/net/npf/npf_mbuf.c: revision 1.24
sys/net/npf/npf_alg.c: revision 1.22
usr.sbin/npf/npftest/libnpftest/npf_nat_test.c: revision 1.14
usr.sbin/npf/npftest/libnpftest/npf_conn_test.c: file removal
usr.sbin/npf/npftest/libnpftest/npf_state_test.c: revision 1.10
sys/net/npf/npf.h: revision 1.63
usr.sbin/npf/npftest/libnpftest/npf_test.h: revision 1.21
usr.sbin/npf/npfctl/npf_var.c: revision 1.13
sys/net/npf/files.npf: revision 1.23
usr.sbin/npf/npfctl/npf_show.c: revision 1.32
usr.sbin/npf/npfctl/npf.conf.5: revision 1.91
sys/net/npf/npf_os.c: revision 1.18
sys/net/npf/npf_connkey.c: revision 1.2
sys/net/npf/npf_conf.c: revision 1.17
lib/libnpf/libnpf.3: revision 1.12
usr.sbin/npf/npftest/npftest.c: revision 1.25
usr.sbin/npf/npftest/libnpftest/npf_gc_test.c: revision 1.1
usr.sbin/npf/npfctl/npf_parse.y: revision 1.51
sys/net/npf/npf_tableset.c: revision 1.35
usr.sbin/npf/npftest/npftest.conf: revision 1.9
sys/net/npf/npf_sendpkt.c: revision 1.22
usr.sbin/npf/npfctl/npf_var.h: revision 1.10
sys/net/npf/npf_state.c: revision 1.23
sys/net/npf/npf_conn.h: revision 1.20
usr.sbin/npf/npfctl/npfctl.c: revision 1.64
usr.sbin/npf/npfctl/npf_cmd.c: revision 1.1
sys/net/npf/npf_portmap.c: revision 1.5
sys/net/npf/npf_params.c: revision 1.3
usr.sbin/npf/npfctl/npf_scan.l: revision 1.32
tests/net/npf/t_npf.sh: revision 1.4
sys/net/npf/npf_ext_rndblock.c: revision 1.9
lib/libnpf/npf.h: revision 1.39
sys/net/npf/npf_ruleset.c: revision 1.51
sys/net/npf/npf_alg_icmp.c: revision 1.33
sys/net/npf/npf.c: revision 1.43
usr.sbin/npf/npftest/libnpftest/npf_test_subr.c: revision 1.17
usr.sbin/npf/npfctl/npfctl.8: revision 1.25
sys/net/npf/npf_ctl.c: revision 1.60
usr.sbin/npf/npftest/libnpftest/npf_test_subr.c: revision 1.18
usr.sbin/npf/npftest/libnpftest/Makefile: revision 1.11
sys/net/npf/npf_handler.c: revision 1.49
sys/net/npf/npf_inet.c: revision 1.57
sys/net/npf/npf_ifaddr.c: revision 1.7
sys/net/npf/npf_conndb.c: revision 1.9
sys/net/npf/npf_if.c: revision 1.13
usr.sbin/npf/npfctl/Makefile: revision 1.15
sys/net/npf/npf_conn.c: revision 1.32
sys/net/npf/npf_ext_normalize.c: revision 1.10
sys/net/npf/npf_rproc.c: revision 1.20
sys/net/npf/npf_worker.c: revision 1.8

Major NPF improvements (merge from upstream):
- Switch to the C11-style atomic primitives using atomic_loadstore(9).
- npfkern: introduce the 'state.key.interface' and 'state.key.direction'
settings. Users can now choose whether the connection state should be
strictly per-interface or global at the configuration level. Keep NAT
logic to be always per-interface, though.
- npfkern: rewrite the G/C worker logic and make it self-tuning.
- npfkern and libnpf: multiple bug fixes; add param exporting; introduce
more parameters. Remove npf_nvlist_{copyin,copyout}() functions and
refactor npfctl_load_nvlist() with others; add npfctl_run_op() to have
a single entry point for operations. Introduce npf_flow_t and clean up
some code.
- npfctl: lots of fixes for the 'npfctl show' logic; make 'npfctl list'
more informative; misc usability improvements and more user-friendly
error messages.
- Amend and improve the manual pages.

npf_worker_sys{init,fini}: initialize/destroy the exit_cv condvar.

npftest -- npf_test_init(): add a workaround for NetBSD.

npf-params(7): fix the state.key defaults.

npf-params.7: s/filer/filter/

Adjust to "npfctl debug" command line changes, from rmind@.

Use more markup.

RSS XML Feed