| History log of /src/sys/net/npf/npf_rproc.c |
| Revision | | Date | Author | Comments |
| 1.23 |
| 24-Feb-2023 |
riastradh | npf: Eliminate __HAVE_ATOMIC_AS_MEMBAR conditionals.
Discussed on tech-kern:
https://mail-index.netbsd.org/tech-kern/2023/02/23/msg028729.html
Requested by rmind@:
https://github.com/rmind/npf/pull/127#issuecomment-1399573125
|
| 1.22 |
| 09-Apr-2022 |
riastradh | sys: Use membar_release/acquire around reference drop.
This just goes through my recent reference count membar audit and
changes membar_exit to membar_release and membar_enter to
membar_acquire -- this should make everything cheaper on most CPUs
without hurting correctness, because membar_acquire is generally
cheaper than membar_enter.
|
| 1.21 |
| 12-Mar-2022 |
riastradh | sys: Membar audit around reference count releases.
If two threads are using an object that is freed when the reference
count goes to zero, we need to ensure that all memory operations
related to the object happen before freeing the object.
Using an atomic_dec_uint_nv(&refcnt) == 0 ensures that only one
thread takes responsibility for freeing, but it's not enough to
ensure that the other thread's memory operations happen before the
freeing.
Consider:
Thread A Thread B
obj->foo = 42; obj->baz = 73;
mumble(&obj->bar); grumble(&obj->quux);
/* membar_exit(); */ /* membar_exit(); */
atomic_dec -- not last atomic_dec -- last
/* membar_enter(); */
KASSERT(invariant(obj->foo,
obj->bar));
free_stuff(obj);
The memory barriers ensure that
obj->foo = 42;
mumble(&obj->bar);
in thread A happens before
KASSERT(invariant(obj->foo, obj->bar));
free_stuff(obj);
in thread B. Without them, this ordering is not guaranteed.
So in general it is necessary to do
membar_exit();
if (atomic_dec_uint_nv(&obj->refcnt) != 0)
return;
membar_enter();
to release a reference, for the `last one out hit the lights' style
of reference counting. (This is in contrast to the style where one
thread blocks new references and then waits under a lock for existing
ones to drain with a condvar -- no membar needed thanks to mutex(9).)
I searched for atomic_dec to find all these. Obviously we ought to
have a better abstraction for this because there's so much copypasta.
This is a stop-gap measure to fix actual bugs until we have that. It
would be nice if an abstraction could gracefully handle the different
styles of reference counting in use -- some years ago I drafted an
API for this, but making it cover everything got a little out of hand
(particularly with struct vnode::v_usecount) and I ended up setting
it aside to work on psref/localcount instead for better scalability.
I got bored of adding #ifdef __HAVE_ATOMIC_AS_MEMBAR everywhere, so I
only put it on things that look performance-critical on 5sec review.
We should really adopt membar_enter_preatomic/membar_exit_postatomic
or something (except they are applicable only to atomic r/m/w, not to
atomic_load/store_*, making the naming annoying) and get rid of all
the ifdefs.
|
| 1.20 |
| 30-May-2020 |
rmind | Major NPF improvements (merge from upstream):
- Switch to the C11-style atomic primitives using atomic_loadstore(9).
- npfkern: introduce the 'state.key.interface' and 'state.key.direction'
settings. Users can now choose whether the connection state should be
strictly per-interface or global at the configuration level. Keep NAT
logic to be always per-interface, though.
- npfkern: rewrite the G/C worker logic and make it self-tuning.
- npfkern and libnpf: multiple bug fixes; add param exporting; introduce
more parameters. Remove npf_nvlist_{copyin,copyout}() functions and
refactor npfctl_load_nvlist() with others; add npfctl_run_op() to have
a single entry point for operations. Introduce npf_flow_t and clean up
some code.
- npfctl: lots of fixes for the 'npfctl show' logic; make 'npfctl list'
more informative; misc usability improvements and more user-friendly
error messages.
- Amend and improve the manual pages.
|
| 1.19 |
| 23-Jul-2019 |
rmind | branches: 1.19.2;
NPF improvements:
- Add support for dynamic NETMAP algorithm (stateful net-to-net).
- Add most of the support for the dynamic NAT rules; a little bit more
userland work is needed to finish this up and enable.
- Replace 'stateful-ends' with more permissive 'stateful-all'.
- Add various tunable parameters and document them, see npf-params(7).
- Reduce the memory usage of the connection state table (conndb).
- Portmap rewrite: use memory more efficiently, handle addresses dynamically.
- Bug fix: add splsoftnet()/splx() around the thmap writers and comment.
- npftest: clean up and simplify; fix some memleaks to make ASAN happy.
|
| 1.18 |
| 11-Apr-2019 |
kamil | Fix CVS Id usage
|
| 1.17 |
| 29-Sep-2018 |
rmind | NPF: Major rework -- migrate NPF to the libnv library.
- This conversion significantly simplifies the code and moves NPF to
a binary serialisation format (replacing the XML-like format).
- Fix some memory/reference leaks and possibly use-after-free bugs.
- Bump NPF_VERSION as this change makes libnpf incompatible with the
previous versions. Also, different serialisation format means NPF
connection/config saving and loading is not compatible with the
previous versions either.
Thanks to christos@ for extra testing.
|
| 1.16 |
| 29-Jan-2017 |
christos | branches: 1.16.12; 1.16.14;
- Increase copyin buffer size to 4M
- Change log output format to be like the OpenBSD's pf including in
the header the matching rule etc, and fill in the matching info.
|
| 1.15 |
| 28-Dec-2016 |
christos | branches: 1.15.2;
export rprocs too so we don't lose them.
|
| 1.14 |
| 26-Dec-2016 |
christos | Sync NPF with the version on github: backport standalone NPF changes,
which allow us to create and run separate NPF instances. Minor fixes.
(from rmind@)
|
| 1.13 |
| 10-Dec-2016 |
christos | Add missing extcalls array. This is currently a no-op, but this is what
userland does too. Allows npfctl save; npfctl load to work again.
|
| 1.12 |
| 11-Aug-2014 |
rmind | branches: 1.12.4; 1.12.8;
NPF: finish up the rework of npfctl_save() mechanism.
|
| 1.11 |
| 20-Jul-2014 |
rmind | NPF: add nbuf_t * into npf_cache_t and remove unnecessary carrying by argument.
|
| 1.10 |
| 19-May-2014 |
jakllsch | Add ability to have mbufs disappear (to another interface) during
npf_rproc_run(). For upcoming npf_ext_route extension.
Guidance and ok by rmind@.
|
| 1.9 |
| 11-Mar-2013 |
christos | branches: 1.9.10;
prevent the lookup function from autoloading recursively.
|
| 1.8 |
| 11-Mar-2013 |
christos | move the module loading in the correct place.
|
| 1.7 |
| 10-Mar-2013 |
christos | Split the npflog cloner and auto-load the extensions.
|
| 1.6 |
| 09-Feb-2013 |
rmind | NPF:
- Implement dynamic NPF rules. Controlled through npf(3) library of via
npfctl rule command. A rule can be removed using a unique identifier,
returned on addition, or using a key which is SHA1 hash of the rule.
Adjust npftest and add a regression test.
- Improvements to rule inspection mechanism.
- Initial BPF support as an alternative to n-code.
- Minor fixes; bump the version.
|
| 1.5 |
| 20-Jan-2013 |
rmind | - nbuf_ensure_contig: rework to use m_ensure_contig(9), which will not free
the mbuf chain on failure. Fixes some corner cases. Improve regression
test and sprinkle some asserts.
- npf_reassembly: clear nbuf on IPv6 reassembly failure path (partial fix).
The problem was found and fix provided by Anthony Mallet.
|
| 1.4 |
| 03-Oct-2012 |
mlelstv | ext_ops does not change during the life cycle and can be fetched without
the mutex held. This avoids confusion in the compiler about an uninitialized
variable ext_ops.
ok rmind@
|
| 1.3 |
| 16-Sep-2012 |
rmind | Implement dynamic NPF extensions interface. An extension consists of
dynamically loaded module (.so) supplementing npfctl(8) and a kernel
module. Move normalisation and logging functionality into their own
extensions. More improvements to come.
|
| 1.2 |
| 20-Feb-2012 |
rmind | branches: 1.2.2; 1.2.4;
- Add NPF_DECISION_BLOCK and NPF_DECISION_PASS. Be more defensive in the
packet handler. Change the default policy to block when the config is
loaded and set it to pass when flush operation is performed.
- Use kmem_zalloc(9) instead of kmem_alloc(9) in few places.
- npf_rproc_{create,release}: use kmem_intr_{alloc,free} as the destruction
of rule procedure might happen in the interrupt handler (under a very rare
condition, if config reload races with the handler).
- npf_session_establish: check whether layer 3 and 4 are cached.
- npfctl_build_group: do not make groups as passing rules.
- Remove some unecessary header inclusion.
|
| 1.1 |
| 06-Feb-2012 |
rmind | branches: 1.1.2; 1.1.4;
- Split NPF rule procedure code into a separate module (no functional changes).
- Simplify some code, add more comments, some asserts.
- G/C unused rule hook code.
|
| 1.1.4.3 |
| 24-Feb-2012 |
mrg | sync to -current.
|
| 1.1.4.2 |
| 18-Feb-2012 |
mrg | merge to -current.
|
| 1.1.4.1 |
| 06-Feb-2012 |
mrg | file npf_rproc.c was added on branch jmcneill-usbmp on 2012-02-18 07:35:38 +0000
|
| 1.1.2.4 |
| 11-Feb-2013 |
riz | Pull up following revision(s) (requested by rmind in ticket #817):
usr.sbin/npf/npfctl/npfctl.8: revision 1.12
usr.sbin/npf/npfctl/npf.conf.5: revision 1.27
usr.sbin/npf/npfctl/npf_parse.y: revision 1.18
usr.sbin/npf/npfctl/npf_build.c: revision 1.20
usr.sbin/npf/npfctl/npfctl.c: revision 1.28
lib/libnpf/npf.c: revision 1.16
usr.sbin/npf/npfctl/npfctl.c: revision 1.29
lib/libnpf/npf.c: revision 1.17
sys/modules/npf/Makefile: revision 1.12
sys/net/npf/npf_rproc.c: revision 1.6
usr.sbin/npf/npftest/README: revision 1.4
sys/net/npf/npf_tableset.c: revision 1.17
sys/net/npf/npf_ctl.c: revision 1.21
sys/net/npf/npf_ctl.c: revision 1.22
usr.sbin/npf/npfctl/npfctl.h: revision 1.25
lib/libnpf/npf.h: revision 1.13
usr.sbin/npf/npftest/npftest.conf: revision 1.2
usr.sbin/npf/npfctl/npfctl.h: revision 1.26
sys/net/npf/npf_ruleset.c: revision 1.17
lib/libnpf/npf.h: revision 1.14
sys/net/npf/npf_ruleset.c: revision 1.18
sys/net/npf/npf_conf.c: revision 1.1
usr.sbin/npf/npfctl/npf_scan.l: revision 1.10
sys/net/npf/npf_conf.c: revision 1.2
sys/net/npf/npf_instr.c: revision 1.16
sys/net/npf/npf_handler.c: revision 1.26
sys/net/npf/npf_impl.h: revision 1.26
usr.sbin/npf/npfctl/npf_disassemble.c: revision 1.14
sys/net/npf/npf_processor.c: revision 1.15
sys/net/npf/npf_impl.h: revision 1.27
sys/net/npf/npf_alg_icmp.c: revision 1.15
usr.sbin/npf/npfctl/npf_disassemble.c: revision 1.15
usr.sbin/npf/npfctl/npf_disassemble.c: revision 1.16
sys/net/npf/npf_ncode.h: revision 1.11
sys/net/npf/files.npf: revision 1.10
usr.sbin/npf/npftest/Makefile: revision 1.4
usr.sbin/npf/npfctl/npfctl.c: revision 1.30
lib/libnpf/npf.3: revision 1.8
usr.sbin/npf/npftest/libnpftest/npf_rule_test.c: revision 1.4
sys/net/npf/npf_session.c: revision 1.21
usr.sbin/npf/npftest/libnpftest/npf_rule_test.c: revision 1.5
usr.sbin/npf/npfctl/npf_build.c: revision 1.18
usr.sbin/npf/npfctl/npf_build.c: revision 1.19
sys/net/npf/npf_alg.c: revision 1.7
usr.sbin/npf/npfctl/Makefile: revision 1.10
sys/net/npf/npf_inet.c: revision 1.21
sys/net/npf/npf.h: revision 1.26
sys/net/npf/npf.h: revision 1.27
usr.sbin/pf/ftp-proxy/Makefile: revision 1.8
sys/net/npf/npf_nat.c: revision 1.19
sys/net/npf/npf.c: revision 1.15
sys/net/npf/npf_state.c: revision 1.14
sys/net/npf/npf_sendpkt.c: revision 1.14
sys/rump/net/lib/libnpf/Makefile: revision 1.4
IPv6 linklocal address printing cosmetics
NPF:
- Implement dynamic NPF rules. Controlled through npf(3) library of via
npfctl rule command. A rule can be removed using a unique identifier,
returned on addition, or using a key which is SHA1 hash of the rule.
Adjust npftest and add a regression test.
- Improvements to rule inspection mechanism.
- Initial BPF support as an alternative to n-code.
- Minor fixes; bump the version.
Disable -DWITH_NPF for now; will be converted to BPF mechanism.
- Fix NPF config reload with dynamic rules present.
- Implement list and flush commands on a dynamic ruleset.
Allow filtering on IP addresses even if the L4 protocol is unknown.
Patch from spz@.
npftest: adjust for recent change.
|
| 1.1.2.3 |
| 08-Feb-2013 |
riz | Pull up following revision(s) (requested by rmind in ticket #777):
usr.sbin/npf/npfctl/npfctl.c: revision 1.27
sys/net/npf/npf_session.c: revision 1.19
usr.sbin/npf/npftest/libnpftest/npf_mbuf_subr.c: revision 1.4
sys/net/npf/npf_rproc.c: revision 1.5
usr.sbin/npf/npftest/README: revision 1.3
sys/sys/mbuf.h: revision 1.151
sys/net/npf/npf_ruleset.c: revision 1.15
usr.sbin/npf/npftest/libnpftest/npf_nbuf_test.c: revision 1.3
sys/net/npf/npf_ruleset.c: revision 1.16
usr.sbin/npf/npftest/libnpftest/npf_state_test.c: revision 1.4
usr.sbin/npf/npftest/libnpftest/npf_nbuf_test.c: revision 1.4
sys/net/npf/npf_inet.c: revision 1.19
sys/net/npf/npf_instr.c: revision 1.15
sys/net/npf/npf_handler.c: revision 1.24
sys/net/npf/npf_handler.c: revision 1.25
sys/net/npf/npf_state_tcp.c: revision 1.12
sys/net/npf/npf_processor.c: revision 1.13
sys/net/npf/npf_impl.h: revision 1.25
sys/net/npf/npf_processor.c: revision 1.14
sys/net/npf/npf_mbuf.c: revision 1.10
sys/net/npf/npf_alg_icmp.c: revision 1.14
sys/net/npf/npf_mbuf.c: revision 1.9
usr.sbin/npf/npftest/libnpftest/npf_nat_test.c: revision 1.2
usr.sbin/npf/npftest/libnpftest/npf_rule_test.c: revision 1.3
sys/net/npf/npf_session.c: revision 1.20
sys/net/npf/npf_alg.c: revision 1.6
sys/kern/uipc_mbuf.c: revision 1.148
sys/net/npf/npf_inet.c: revision 1.20
sys/net/npf/npf.h: revision 1.25
sys/net/npf/npf_nat.c: revision 1.18
sys/net/npf/npf_state.c: revision 1.13
sys/net/npf/npf_sendpkt.c: revision 1.13
sys/net/npf/npf_ext_log.c: revision 1.2
usr.sbin/npf/npftest/libnpftest/npf_processor_test.c: revision 1.4
sys/net/npf/npf_ext_normalise.c: revision 1.2
- Rework NPF's nbuf interface: use advancing and ensuring as a main method.
Eliminate unnecessary copy and simplify. Adapt regression tests.
- Simplify ICMP ALG a little. While here, handle ICMP ECHO for traceroute.
- Minor fixes, misc cleanup.
Silence gcc in npf_recache().
Add m_ensure_contig() routine, which is equivalent to m_pullup, but does not
destroy the mbuf chain on failure (it is kept valid).
- nbuf_ensure_contig: rework to use m_ensure_contig(9), which will not free
the mbuf chain on failure. Fixes some corner cases. Improve regression
test and sprinkle some asserts.
- npf_reassembly: clear nbuf on IPv6 reassembly failure path (partial fix).
The problem was found and fix provided by Anthony Mallet.
|
| 1.1.2.2 |
| 18-Nov-2012 |
riz | Pull up following revision(s) (requested by rmind in ticket #693):
lib/npf/ext_normalise/shlib_version: revision 1.1
lib/libnpf/npf.c: revision 1.13
distrib/sets/lists/modules/mi: revision 1.48
sys/net/npf/npf_rproc.c: revision 1.3
sys/net/npf/npf_rproc.c: revision 1.4
sys/modules/npf/Makefile: revision 1.11
usr.sbin/npf/npfctl/npfctl.h: revision 1.20
lib/npf/ext_log/npfext_log.c: revision 1.1
lib/libnpf/npf.h: revision 1.11
sys/net/npf/npf_inet.c: revision 1.17
sys/net/npf/npf_log.c: file removal
sys/net/npf/npf_handler.c: revision 1.22
distrib/sets/lists/base/shl.mi: revision 1.636
sys/net/npf/npf_impl.h: revision 1.23
usr.sbin/npf/npfctl/Makefile: revision 1.8
lib/npf/Makefile: revision 1.1
lib/npf/ext_log/shlib_version: revision 1.1
lib/Makefile: revision 1.189
distrib/sets/lists/comp/shl.mi: revision 1.236
usr.sbin/npf/npfctl/npf_build.c: revision 1.14
distrib/sets/lists/base/mi: revision 1.1007
usr.sbin/npf/npfctl/npf_scan.l: revision 1.6
distrib/sets/lists/base/mi: revision 1.1009
sys/net/npf/npf.h: revision 1.21
lib/npf/ext_normalise/npfext_normalise.c: revision 1.1
etc/mtree/NetBSD.dist.base: revision 1.105
lib/libnpf/Makefile: revision 1.3
etc/mtree/NetBSD.dist.base: revision 1.106
usr.sbin/npf/npfctl/npf_extmod.c: revision 1.1
sys/net/npf/npf_ctl.c: revision 1.18
lib/npf/ext_log/Makefile: revision 1.1
distrib/sets/lists/comp/mi: revision 1.1781
usr.sbin/npf/npfctl/npf_var.h: revision 1.4
sys/net/npf/npf.c: revision 1.13
sys/modules/Makefile: revision 1.111
sys/net/npf/npf_ext_log.c: revision 1.1
lib/npf/Makefile.inc: revision 1.1
sys/net/npf/npf_ext_normalise.c: revision 1.1
sys/net/npf/files.npf: revision 1.8
sys/rump/net/lib/libnpf/Makefile: revision 1.2
sys/modules/npf_ext_log/Makefile: revision 1.1
lib/npf/ext_normalise/Makefile: revision 1.1
usr.sbin/npf/npfctl/npfctl.c: revision 1.20
usr.sbin/npf/npfctl/npf_parse.y: revision 1.13
sys/modules/npf_ext_normalise/Makefile: revision 1.1
Implement dynamic NPF extensions interface. An extension consists of
dynamically loaded module (.so) supplementing npfctl(8) and a kernel
module. Move normalisation and logging functionality into their own
extensions. More improvements to come.
Add /usr/lib/npf.
Add ./usr/libdata/debug/usr/lib/npf for rmind
Fix MKDEBUG set lists
ext_ops does not change during the life cycle and can be fetched without
the mutex held. This avoids confusion in the compiler about an uninitialized
variable ext_ops.
ok rmind@
|
| 1.1.2.1 |
| 03-Apr-2012 |
riz | Pull up following revision(s) (requested by rmind in ticket #158):
sys/net/npf/npf_session.c: revision 1.12
sys/net/npf/npf_tableset.c: revision 1.10
sys/net/npf/npf_rproc.c: revision 1.2
usr.sbin/npf/npfctl/npf_parse.y: revision 1.4
sys/net/npf/npf_inet.c: revision 1.11
sys/net/npf/npf.h: revision 1.15
usr.sbin/npf/npfctl/npf_build.c: revision 1.5
sys/net/npf/npf_ruleset.c: revision 1.11
sys/net/npf/npf_instr.c: revision 1.10
usr.sbin/npf/npfctl/Makefile: revision 1.6
sys/net/npf/npf_processor.c: revision 1.10
sys/net/npf/npf_log.c: revision 1.3
lib/libnpf/npf.h: revision 1.7
sys/net/npf/npf_alg.c: revision 1.3
sys/net/npf/npf_sendpkt.c: revision 1.9
lib/libnpf/npf.c: revision 1.8
usr.sbin/npf/npfctl/npfctl.h: revision 1.13
sys/net/npf/npf_ctl.c: revision 1.13
usr.sbin/npf/npfctl/npf_ncgen.c: revision 1.8
sys/net/npf/npf_ctl.c: revision 1.14
sys/net/npf/npf_nat.c: revision 1.11
sys/net/npf/npf_nat.c: revision 1.12
sys/net/npf/npf_impl.h: revision 1.11
usr.sbin/npf/npfctl/npf_disassemble.c: revision 1.1
sys/net/npf/npf_impl.h: revision 1.12
usr.sbin/npf/npfctl/npf_disassemble.c: revision 1.2
sys/net/npf/npf_handler.c: revision 1.14
usr.sbin/npf/npfctl/npf_disassemble.c: revision 1.3
sys/net/npf/npf_handler.c: revision 1.15
sys/net/npf/npf_ncode.h: revision 1.6
sys/net/npf/npf.c: revision 1.8
sys/net/npf/npf.c: revision 1.9
sys/net/npf/npf_alg_icmp.c: revision 1.9
sys/net/npf/npf_session.c: revision 1.11
- Add NPF_DECISION_BLOCK and NPF_DECISION_PASS. Be more defensive in the
packet handler. Change the default policy to block when the config is
loaded and set it to pass when flush operation is performed.
- Use kmem_zalloc(9) instead of kmem_alloc(9) in few places.
- npf_rproc_{create,release}: use kmem_intr_{alloc,free} as the destruction
of rule procedure might happen in the interrupt handler (under a very rare
condition, if config reload races with the handler).
- npf_session_establish: check whether layer 3 and 4 are cached.
- npfctl_build_group: do not make groups as passing rules.
- Remove some unecessary header inclusion.
Simplify slightly: merge iface into addr_or_iface, use it in filt_addr.
Add a small disassembler.
definitions used by the disassembler.
- better printing of type/code flags/mask
- pass the instruction start pointer, instead of subtracting 1 to account for it
- Save active config in proplib dictionary; add GETCONF ioctl to retrieve.
- Few fixes. Improve some comments.
don't leak the branch target array.
Add NPF config retrieval routines.
|
| 1.2.4.5 |
| 03-Dec-2017 |
jdolecek | update from HEAD
|
| 1.2.4.4 |
| 20-Aug-2014 |
tls | Rebase to HEAD as of a few days ago.
|
| 1.2.4.3 |
| 23-Jun-2013 |
tls | resync from head
|
| 1.2.4.2 |
| 25-Feb-2013 |
tls | resync with head
|
| 1.2.4.1 |
| 20-Nov-2012 |
tls | Resync to 2012-11-19 00:00:00 UTC
|
| 1.2.2.5 |
| 22-May-2014 |
yamt | sync with head.
for a reference, the tree before this commit was tagged
as yamt-pagecache-tag8.
this commit was splitted into small chunks to avoid
a limitation of cvs. ("Protocol error: too many arguments")
|
| 1.2.2.4 |
| 23-Jan-2013 |
yamt | sync with head
|
| 1.2.2.3 |
| 30-Oct-2012 |
yamt | sync with head
|
| 1.2.2.2 |
| 17-Apr-2012 |
yamt | sync with head
|
| 1.2.2.1 |
| 20-Feb-2012 |
yamt | file npf_rproc.c was added on branch yamt-pagecache on 2012-04-17 00:08:39 +0000
|
| 1.9.10.1 |
| 10-Aug-2014 |
tls | Rebase.
|
| 1.12.8.2 |
| 20-Mar-2017 |
pgoyette | Sync with HEAD
|
| 1.12.8.1 |
| 07-Jan-2017 |
pgoyette | Sync with HEAD. (Note that most of these changes are simply $NetBSD$
tag issues.)
|
| 1.12.4.1 |
| 05-Feb-2017 |
skrll | Sync with HEAD
|
| 1.15.2.1 |
| 21-Apr-2017 |
bouyer | Sync with HEAD
|
| 1.16.14.1 |
| 10-Jun-2019 |
christos | Sync with HEAD
|
| 1.16.12.1 |
| 30-Sep-2018 |
pgoyette | Ssync with HEAD
|
| 1.19.2.1 |
| 20-Jun-2020 |
martin | Pull up following revision(s) (requested by rmind in ticket #956):
usr.sbin/npf/npf-params.7: revision 1.4
sys/net/npf/npf_worker.c: revision 1.9
usr.sbin/npf/npftest/npftest.h: revision 1.17
usr.sbin/npf/npfctl/npf_bpf_comp.c: revision 1.16
usr.sbin/npf/npf-params.7: revision 1.5
sys/net/npf/npf_state_tcp.c: revision 1.21
usr.sbin/npf/npfctl/npf_build.c: revision 1.55
usr.sbin/npf/npf-params.7: revision 1.6
sys/net/npf/npfkern.h: revision 1.5
lib/libnpf/npf.c: revision 1.49
usr.sbin/npf/npf-params.7: revision 1.7
sys/net/npf/npf_impl.h: revision 1.81
sys/net/npf/npf_ext_log.c: revision 1.17
usr.sbin/npf/npfctl/npfctl.h: revision 1.53
usr.sbin/npf/npftest/libnpftest/npf_mbuf_subr.c: revision 1.11
sys/net/npf/npf_nat.c: revision 1.50
sys/net/npf/npf_mbuf.c: revision 1.24
sys/net/npf/npf_alg.c: revision 1.22
usr.sbin/npf/npftest/libnpftest/npf_nat_test.c: revision 1.14
usr.sbin/npf/npftest/libnpftest/npf_conn_test.c: file removal
usr.sbin/npf/npftest/libnpftest/npf_state_test.c: revision 1.10
sys/net/npf/npf.h: revision 1.63
usr.sbin/npf/npftest/libnpftest/npf_test.h: revision 1.21
usr.sbin/npf/npfctl/npf_var.c: revision 1.13
sys/net/npf/files.npf: revision 1.23
usr.sbin/npf/npfctl/npf_show.c: revision 1.32
usr.sbin/npf/npfctl/npf.conf.5: revision 1.91
sys/net/npf/npf_os.c: revision 1.18
sys/net/npf/npf_connkey.c: revision 1.2
sys/net/npf/npf_conf.c: revision 1.17
lib/libnpf/libnpf.3: revision 1.12
usr.sbin/npf/npftest/npftest.c: revision 1.25
usr.sbin/npf/npftest/libnpftest/npf_gc_test.c: revision 1.1
usr.sbin/npf/npfctl/npf_parse.y: revision 1.51
sys/net/npf/npf_tableset.c: revision 1.35
usr.sbin/npf/npftest/npftest.conf: revision 1.9
sys/net/npf/npf_sendpkt.c: revision 1.22
usr.sbin/npf/npfctl/npf_var.h: revision 1.10
sys/net/npf/npf_state.c: revision 1.23
sys/net/npf/npf_conn.h: revision 1.20
usr.sbin/npf/npfctl/npfctl.c: revision 1.64
usr.sbin/npf/npfctl/npf_cmd.c: revision 1.1
sys/net/npf/npf_portmap.c: revision 1.5
sys/net/npf/npf_params.c: revision 1.3
usr.sbin/npf/npfctl/npf_scan.l: revision 1.32
tests/net/npf/t_npf.sh: revision 1.4
sys/net/npf/npf_ext_rndblock.c: revision 1.9
lib/libnpf/npf.h: revision 1.39
sys/net/npf/npf_ruleset.c: revision 1.51
sys/net/npf/npf_alg_icmp.c: revision 1.33
sys/net/npf/npf.c: revision 1.43
usr.sbin/npf/npftest/libnpftest/npf_test_subr.c: revision 1.17
usr.sbin/npf/npfctl/npfctl.8: revision 1.25
sys/net/npf/npf_ctl.c: revision 1.60
usr.sbin/npf/npftest/libnpftest/npf_test_subr.c: revision 1.18
usr.sbin/npf/npftest/libnpftest/Makefile: revision 1.11
sys/net/npf/npf_handler.c: revision 1.49
sys/net/npf/npf_inet.c: revision 1.57
sys/net/npf/npf_ifaddr.c: revision 1.7
sys/net/npf/npf_conndb.c: revision 1.9
sys/net/npf/npf_if.c: revision 1.13
usr.sbin/npf/npfctl/Makefile: revision 1.15
sys/net/npf/npf_conn.c: revision 1.32
sys/net/npf/npf_ext_normalize.c: revision 1.10
sys/net/npf/npf_rproc.c: revision 1.20
sys/net/npf/npf_worker.c: revision 1.8
Major NPF improvements (merge from upstream):
- Switch to the C11-style atomic primitives using atomic_loadstore(9).
- npfkern: introduce the 'state.key.interface' and 'state.key.direction'
settings. Users can now choose whether the connection state should be
strictly per-interface or global at the configuration level. Keep NAT
logic to be always per-interface, though.
- npfkern: rewrite the G/C worker logic and make it self-tuning.
- npfkern and libnpf: multiple bug fixes; add param exporting; introduce
more parameters. Remove npf_nvlist_{copyin,copyout}() functions and
refactor npfctl_load_nvlist() with others; add npfctl_run_op() to have
a single entry point for operations. Introduce npf_flow_t and clean up
some code.
- npfctl: lots of fixes for the 'npfctl show' logic; make 'npfctl list'
more informative; misc usability improvements and more user-friendly
error messages.
- Amend and improve the manual pages.
npf_worker_sys{init,fini}: initialize/destroy the exit_cv condvar.
npftest -- npf_test_init(): add a workaround for NetBSD.
npf-params(7): fix the state.key defaults.
npf-params.7: s/filer/filter/
Adjust to "npfctl debug" command line changes, from rmind@.
Use more markup.
|
