Home | History | Annotate | Download | only in libnpftest
History log of /src/usr.sbin/npf/npftest/libnpftest/npf_test_subr.c
RevisionDateAuthorComments
 1.19  27-Aug-2020  riastradh npf: Make sure to initialize portmap_lock only once.

PR kern/55586
 1.18  30-May-2020  rmind npftest -- npf_test_init(): add a workaround for NetBSD.
 1.17  30-May-2020  rmind Major NPF improvements (merge from upstream):

- Switch to the C11-style atomic primitives using atomic_loadstore(9).

- npfkern: introduce the 'state.key.interface' and 'state.key.direction'
settings. Users can now choose whether the connection state should be
strictly per-interface or global at the configuration level. Keep NAT
logic to be always per-interface, though.

- npfkern: rewrite the G/C worker logic and make it self-tuning.

- npfkern and libnpf: multiple bug fixes; add param exporting; introduce
more parameters. Remove npf_nvlist_{copyin,copyout}() functions and
refactor npfctl_load_nvlist() with others; add npfctl_run_op() to have
a single entry point for operations. Introduce npf_flow_t and clean up
some code.

- npfctl: lots of fixes for the 'npfctl show' logic; make 'npfctl list'
more informative; misc usability improvements and more user-friendly
error messages.

- Amend and improve the manual pages.
 1.16  11-Aug-2019  rmind Adjust some internal NPF APIs:
* npfkern: use the npfk_ prefix.
* NPF portmap: amend the API so it could be used elsewhere.
* Make npf_connkey_t public.
 1.15  23-Jul-2019  rmind branches: 1.15.2;
NPF improvements:
- Add support for dynamic NETMAP algorithm (stateful net-to-net).
- Add most of the support for the dynamic NAT rules; a little bit more
userland work is needed to finish this up and enable.
- Replace 'stateful-ends' with more permissive 'stateful-all'.
- Add various tunable parameters and document them, see npf-params(7).
- Reduce the memory usage of the connection state table (conndb).
- Portmap rewrite: use memory more efficiently, handle addresses dynamically.
- Bug fix: add splsoftnet()/splx() around the thmap writers and comment.
- npftest: clean up and simplify; fix some memleaks to make ASAN happy.
 1.14  19-Jan-2019  rmind Major NPF improvements:
- Convert NPF connection table to thmap. State lookup is now lock-free.
- Improve connection state G/C: it is now incremental and tunable.
- Add support for dynamic NAT address. Translation addresses can now be
selected from a pool of addresses. There are two selection algorithms,
"ip-hash" and "round-robin" (see the man page).
- Translation address can be specified as e.g. ifaddrs(wm0) in npf.conf
to dynamically choose an IP from the interface address(es).
- Add support for the NETMAP algorithm with static NAT for net-to-net
translation (it is equivalent to iptables NETMAP logic).
- Convert 'ipset' tables to use thmap; the table lookup is now lock-free.
- Misc improvements, bug fixes and more unit tests.
- Bump NPF_VERSION (will also bump libnpf).
 1.13  29-Sep-2018  rmind NPF: Major rework -- migrate NPF to the libnv library.
- This conversion significantly simplifies the code and moves NPF to
a binary serialisation format (replacing the XML-like format).
- Fix some memory/reference leaks and possibly use-after-free bugs.
- Bump NPF_VERSION as this change makes libnpf incompatible with the
previous versions. Also, different serialisation format means NPF
connection/config saving and loading is not compatible with the
previous versions either.

Thanks to christos@ for extra testing.
 1.12  26-Dec-2016  christos branches: 1.12.12; 1.12.14;
Sync NPF with the version on github: backport standalone NPF changes,
which allow us to create and run separate NPF instances. Minor fixes.
(from rmind@)
 1.11  10-Aug-2014  tls branches: 1.11.6;
Merge tls-earlyentropy branch into HEAD.
 1.10  23-Jul-2014  rmind NPF: rework of the connection saving and restoring:
- Add support for saving a snapshot of the current connections together
with a full configuration. Support a reverse load operation. Eliminate
the old 'sess-save' and 'sess-load' in favour of the new mechanism.
- Share code between load and reload operations: the latter performs
load from npf.conf without affecting the connections.
- Simplify and fix races with connection loading.
- Bump NPF_VERSION.
 1.9  13-Feb-2014  rmind branches: 1.9.2;
NPF: add support for IPv6-to-IPv6 Network Prefix Translation (NPTv6),
as per RFC 6296. Add a unit test. Also, bump NPF_VERSION.

Thanks to S.P.Zeidler for the help with NPTv6 work!
 1.8  05-Feb-2014  rmind npftest: fix previous harder - pass and use libc's random(3).
 1.7  05-Feb-2014  rmind npftest: fix the failure of NAT test -- adjust for RUMP's conversion to
the in-kernel CPRNG (hi pooka!).
 1.6  08-Nov-2013  rmind NPF: add support for specifying the interfaces before they are attached.
If an interface is or gets detached, all associated rules and connections
will be deactivated (it might be useful to have an option to invalidate
the associated connections). Once the interface is reattached they will
become active.

Bump NPF_VERSION.
 1.5  24-Sep-2013  rmind npftest: add some concurrency testing code.
 1.4  15-Aug-2012  rmind branches: 1.4.2; 1.4.4;
Add npf_state_setsampler() for _NPF_TESTING case. This also fixes the build.
 1.3  12-Aug-2012  rmind - Extend npftest: add ruleset inspection testing from the config generated
by npfctl debug functionality. Auto-create npftest interfaces for this.
- NPF sessions: combine protocol and interface into a separate substructure,
share between the entries and thus fix the handling of them. Constify.
- npftest: add regression tests for NAT policies.
- npf_build_nat: simplify and fix bi-NAT regression.
- Bump yacc stack size for npfctl.
 1.2  21-Jul-2012  rmind - npf_fetch_tcpopts: fix off-by-one when validating TCP option length
against the maximum allowed.
- npf_tcp_inwindow: be more liberal with npf_fetch_tcpopts().
- Few minor improvements to npftest.
 1.1  30-May-2012  rmind branches: 1.1.2;
npftest: add a stream processor, which prints out the TCP state information.
A tool for debugging connection tracking from tcpdump -w captured data.
 1.1.2.5  18-Nov-2012  riz Pull up following revision(s) (requested by rmind in ticket #678):
sys/rump/librump/rumpkern/rump.c: revision 1.243
sys/rump/librump/rumpkern/rump.c: revision 1.244
sys/rump/librump/rumpkern/rump.c: revision 1.245
sys/rump/librump/rumpkern/rump.c: revision 1.246
usr.sbin/npf/npftest/npftest.c: revision 1.5
usr.sbin/npf/npftest/README: revision 1.2
usr.sbin/npf/npftest/npftest.h: revision 1.5
sys/rump/net/Makefile.rumpnetcomp: revision 1.5
sys/rump/net/lib/libnpf/shlib_version: revision 1.1
sys/net/npf/npf_impl.h: revision 1.22
sys/rump/dev/lib/libnpf/Makefile: file removal
usr.sbin/npf/npftest/Makefile: revision 1.3
sys/rump/dev/lib/libnpf/component.c: file removal
sys/rump/dev/lib/libnpf/shlib_version: file removal
sys/net/npf/npf_state.c: revision 1.12
sys/rump/net/lib/libnpf/component.c: revision 1.1
usr.sbin/npf/npftest/libnpftest/npf_test_subr.c: revision 1.4
usr.sbin/npf/npftest/libnpftest/npf_test.h: revision 1.6
sys/rump/net/lib/libnpf/Makefile: revision 1.1
Move and rename librumpdev_npf to librumpnet_npf.
Enable the build of librumpnet_npf.
Add npf_state_setsampler() for _NPF_TESTING case. This also fixes the build.
Call pserialize_init() during rump start-up, since librump/net/npf
uses it.
It helps to include the declaration of the routine being called.
We also need kcpuset_init() now.
Use correct routine name - kcpuset_sysinit() vs kcpuset_init()
 1.1.2.4  13-Aug-2012  riz Pull up following revision(s) (requested by rmind in ticket #485):
lib/libnpf/npf.c: revision 1.11
sys/net/npf/npf_session.c: revision 1.17
sys/modules/npf/Makefile: revision 1.10
usr.sbin/npf/npftest/npftest.c: revision 1.4
usr.sbin/npf/npftest/README: revision 1.1
sys/net/npf/npf_tableset.c: revision 1.14
usr.sbin/npf/npftest/npftest.h: revision 1.4
lib/libnpf/npf.h: revision 1.10
sys/net/npf/npf_ruleset.c: revision 1.14
usr.sbin/npf/npfctl/npf_data.c: revision 1.18
usr.sbin/npf/npftest/npftest.conf: revision 1.1
sys/net/npf/npf_handler.c: revision 1.21
sys/net/npf/npf_impl.h: revision 1.21
usr.sbin/npf/npfctl/npfctl.c: revision 1.18
usr.sbin/npf/npftest/libnpftest/npf_nat_test.c: revision 1.1
usr.sbin/npf/npfctl/npf_build.c: revision 1.13
usr.sbin/npf/npftest/libnpftest/npf_rule_test.c: revision 1.1
usr.sbin/npf/npftest/npfstream.c: revision 1.3
usr.sbin/npf/npftest/libnpftest/Makefile: revision 1.4
usr.sbin/npf/npfctl/npfctl.h: revision 1.19
sys/net/npf/npf_nat.c: revision 1.16
sys/net/npf/npf_state.c: revision 1.11
usr.sbin/npf/npftest/libnpftest/npf_test_subr.c: revision 1.3
usr.sbin/npf/npftest/libnpftest/npf_test.h: revision 1.5
usr.sbin/npf/npfctl/npf_parse.y: revision 1.12
- Extend npftest: add ruleset inspection testing from the config generated
by npfctl debug functionality. Auto-create npftest interfaces for this.
- NPF sessions: combine protocol and interface into a separate substructure,
share between the entries and thus fix the handling of them. Constify.
- npftest: add regression tests for NAT policies.
- npf_build_nat: simplify and fix bi-NAT regression.
- Bump yacc stack size for npfctl.
 1.1.2.3  25-Jul-2012  jdc Pull up revisions:
src/usr.sbin/npf/npfctl/npfctl.c revisions 1.16,1.17
src/sys/net/npf/npf.h revision 1.20
src/sys/net/npf/npf_alg_icmp.c revision 1.11
src/sys/net/npf/npf_impl.h revision 1.19
src/sys/net/npf/npf_inet.c revisions 1.15,1.16
src/sys/net/npf/npf_instr.c revision 1.14
src/sys/net/npf/npf_ncode.h revision 1.10
src/sys/net/npf/npf_processor.c revision 1.12
src/sys/net/npf/npf_session.c revision 1.16
src/usr.sbin/npf/npfctl/npf_build.c revision 1.12
src/usr.sbin/npf/npfctl/npf_data.c revisions 1.16,1.17
src/usr.sbin/npf/npfctl/npf_disassemble.c revision 1.8
src/usr.sbin/npf/npfctl/npf_ncgen.c revision 1.13
src/usr.sbin/npf/npfctl/npf_parse.y revision 1.11
src/usr.sbin/npf/npfctl/npf_scan.l revision 1.5
src/usr.sbin/npf/npfctl/npf_var.h revision 1.3
src/usr.sbin/npf/npfctl/npfctl.h revision 1.18
src/sys/net/npf/npf_state.c revision 1.10
src/sys/net/npf/npf_state_tcp.c revision 1.10
src/usr.sbin/npf/npftest/npfstream.c revision 1.2
src/usr.sbin/npf/npftest/libnpftest/npf_test_subr.c revision 1.2
(requested by rmind in ticket #435).

Add missing __dead.

teach npf ipv6-icmp
reviewed by rmind@

- npfctl_print_stats: beautification a la French style.
- npfctl_icmpcode: fix the build break.

- npf_fetch_tcpopts: fix off-by-one when validating TCP option length
against the maximum allowed.
- npf_tcp_inwindow: be more liberal with npf_fetch_tcpopts().
- Few minor improvements to npftest.
 1.1.2.2  26-Jun-2012  riz Pull up following revision(s) (requested by rmind in ticket #354):
sys/net/npf/npf_state_tcp.c: revision 1.4
sys/net/npf/npf_state_tcp.c: revision 1.5
sys/net/npf/npf_state_tcp.c: revision 1.6
usr.sbin/npf/npftest/npftest.c: revision 1.1
usr.sbin/npf/npftest/libnpftest/npf_mbuf_subr.c: revision 1.1
usr.sbin/npf/npftest/npftest.c: revision 1.2
usr.sbin/npf/npftest/libnpftest/npf_mbuf_subr.c: revision 1.2
usr.sbin/npf/npfctl/npf_data.c: revision 1.11
usr.sbin/npf/npftest/npftest.c: revision 1.3
usr.sbin/npf/npfctl/npf_data.c: revision 1.12
usr.sbin/npf/npftest/npftest.h: revision 1.1
usr.sbin/npf/npfctl/npf_parse.y: revision 1.5
usr.sbin/npf/npfctl/npf_data.c: revision 1.13
sys/net/npf/npf.h: revision 1.16
usr.sbin/npf/npftest/npftest.h: revision 1.2
usr.sbin/npf/npfctl/npf_parse.y: revision 1.6
usr.sbin/npf/npftest/npftest.h: revision 1.3
usr.sbin/npf/npfctl/npf_parse.y: revision 1.7
usr.sbin/npf/npfctl/npf_ncgen.c: revision 1.10
usr.sbin/npf/npfctl/npf_build.c: revision 1.6
usr.sbin/npf/npfctl/npf_parse.y: revision 1.8
usr.sbin/npf/npfctl/npf_build.c: revision 1.7
usr.sbin/npf/npftest/libnpftest/npf_state_test.c: revision 1.1
usr.sbin/npf/npftest/libnpftest/npf_nbuf_test.c: revision 1.1
usr.sbin/npf/npfctl/npf_build.c: revision 1.8
usr.sbin/npf/npftest/libnpftest/npf_table_test.c: revision 1.1
usr.sbin/npf/npfctl/npf_build.c: revision 1.9
usr.sbin/npf/npfctl/npf.conf.5: revision 1.10
usr.sbin/npf/npfctl/npf.conf.5: revision 1.11
usr.sbin/npf/npfctl/npf.conf.5: revision 1.12
sys/net/npf/npf_state.c: revision 1.7
usr.sbin/npf/npfctl/npfctl.c: revision 1.11
usr.sbin/npf/npfctl/npfctl.c: revision 1.12
usr.sbin/npf/npfctl/Makefile: revision 1.7
sys/rump/net/lib/libnet/Makefile: revision 1.14
sys/net/npf/npf_mbuf.c: revision 1.7
usr.sbin/npf/npftest/Makefile: revision 1.1
usr.sbin/npf/npftest/Makefile: revision 1.2
usr.sbin/npf/npftest/libnpftest/Makefile: revision 1.1
usr.sbin/npf/npfctl/npf_scan.l: revision 1.2
usr.sbin/npf/npftest/npfstream.c: revision 1.1
usr.sbin/npf/npftest/libnpftest/Makefile: revision 1.2
usr.sbin/npf/npfctl/npf_scan.l: revision 1.3
usr.sbin/npf/npftest/libnpftest/Makefile: revision 1.3
usr.sbin/npf/npfctl/npfctl.h: revision 1.12
sys/rump/dev/lib/libnpf/Makefile: revision 1.2
usr.sbin/npf/npfctl/npfctl.h: revision 1.14
sys/rump/dev/lib/libnpf/Makefile: revision 1.3
usr.sbin/npf/npfctl/npfctl.h: revision 1.15
usr.sbin/npf/npfctl/npf_ncgen.c: revision 1.9
sys/net/npf/npf_ctl.c: revision 1.15
usr.sbin/npf/npfctl/npf_var.c: revision 1.4
usr.sbin/npf/npfctl/npf_var.h: revision 1.2
usr.sbin/npf/npfctl/npf_var.c: revision 1.5
sys/net/npf/npf_impl.h: revision 1.13
sys/net/npf/npf_sendpkt.c: revision 1.10
sys/net/npf/npf_impl.h: revision 1.14
usr.sbin/npf/npfctl/npf_disassemble.c: revision 1.4
sys/net/npf/npf_impl.h: revision 1.15
sys/net/npf/npf_handler.c: revision 1.16
usr.sbin/npf/npftest/libnpftest/npf_test.h: revision 1.1
usr.sbin/npf/npftest/libnpftest/npf_processor_test.c: revision 1.1
usr.sbin/npf/npfctl/npf_disassemble.c: revision 1.5
sys/net/npf/npf_handler.c: revision 1.17
usr.sbin/npf/npftest/libnpftest/npf_test.h: revision 1.2
sys/net/npf/npf_ncode.h: revision 1.7
usr.sbin/npf/npftest/libnpftest/npf_test_subr.c: revision 1.1
usr.sbin/npf/npftest/libnpftest/npf_test.h: revision 1.3
sys/net/npf/npf_ncode.h: revision 1.8
npf_tcp_inwindow: in a case of negative skew, bump the maximum seen value of
SEQ+LEN in the receiver's side correctly (using ACK from the sender's side).
PR/46265 from Changli Gao.
rumpnet_net: add pfil.c
Update rumpdev_npf; use WARNS=4.
Add initial NPF regression tests integrated with RUMP framework (running the
kernel part of NPF in userland). Other tests will be added once converted to
RUMP framework. All tests are in the public domain.
Some Makefile fixes from christos@.
- Fix double-free case on ICMP return case.
- npf_pfil_register: handle kernels without INET6 option correctly.
- Reduce some #ifdefs.
npfctl(8): add show-config command. Also, update syntax.
npftest: add a stream processor, which prints out the TCP state information.
A tool for debugging connection tracking from tcpdump -w captured data.
npftest: add a module for TCP state tracking and add few test cases.
npf_state_tcp: add an assert; fix some comments while here.
- Rework NPF NAT syntax to be more structured and support future additions
of different types and configurations of NAT.
- npfctl: improve disassemble and show-config command functionality.
- Fix custom ICMP code and type filtering.
make this compile again.
remove error(1) output
Remove superfluous Pp
- make each element of a variable hold a type
- change get_type to take an index, so we can get the individual types of
each element (since primitive elements can be in lists)
- make port_range primitive
- add a routine to convert a variable of primitives to a variable containing
- only port ranges.
remove extra rule that got merged...
 1.1.2.1  30-May-2012  riz file npf_test_subr.c was added on branch netbsd-6 on 2012-06-26 00:07:19 +0000
 1.4.4.3  22-May-2014  yamt sync with head.

for a reference, the tree before this commit was tagged
as yamt-pagecache-tag8.

this commit was splitted into small chunks to avoid
a limitation of cvs. ("Protocol error: too many arguments")
 1.4.4.2  30-Oct-2012  yamt sync with head
 1.4.4.1  15-Aug-2012  yamt file npf_test_subr.c was added on branch yamt-pagecache on 2012-10-30 19:00:49 +0000
 1.4.2.1  20-Aug-2014  tls Rebase to HEAD as of a few days ago.
 1.9.2.2  10-Aug-2014  tls Rebase.
 1.9.2.1  09-Aug-2014  tls Replace "ccrand" ChaCha implementation of cprng_fast with Taylor's smaller
and somewhat simpler one. Fix rump builds so we can build a distribution.
 1.11.6.1  07-Jan-2017  pgoyette Sync with HEAD. (Note that most of these changes are simply $NetBSD$
tag issues.)
 1.12.14.2  13-Apr-2020  martin Mostly merge changes from HEAD upto 20200411
 1.12.14.1  10-Jun-2019  christos Sync with HEAD
 1.12.12.2  26-Jan-2019  pgoyette Sync with HEAD
 1.12.12.1  30-Sep-2018  pgoyette Ssync with HEAD
 1.15.2.2  20-Jun-2020  martin Pull up following revision(s) (requested by rmind in ticket #956):

usr.sbin/npf/npf-params.7: revision 1.4
sys/net/npf/npf_worker.c: revision 1.9
usr.sbin/npf/npftest/npftest.h: revision 1.17
usr.sbin/npf/npfctl/npf_bpf_comp.c: revision 1.16
usr.sbin/npf/npf-params.7: revision 1.5
sys/net/npf/npf_state_tcp.c: revision 1.21
usr.sbin/npf/npfctl/npf_build.c: revision 1.55
usr.sbin/npf/npf-params.7: revision 1.6
sys/net/npf/npfkern.h: revision 1.5
lib/libnpf/npf.c: revision 1.49
usr.sbin/npf/npf-params.7: revision 1.7
sys/net/npf/npf_impl.h: revision 1.81
sys/net/npf/npf_ext_log.c: revision 1.17
usr.sbin/npf/npfctl/npfctl.h: revision 1.53
usr.sbin/npf/npftest/libnpftest/npf_mbuf_subr.c: revision 1.11
sys/net/npf/npf_nat.c: revision 1.50
sys/net/npf/npf_mbuf.c: revision 1.24
sys/net/npf/npf_alg.c: revision 1.22
usr.sbin/npf/npftest/libnpftest/npf_nat_test.c: revision 1.14
usr.sbin/npf/npftest/libnpftest/npf_conn_test.c: file removal
usr.sbin/npf/npftest/libnpftest/npf_state_test.c: revision 1.10
sys/net/npf/npf.h: revision 1.63
usr.sbin/npf/npftest/libnpftest/npf_test.h: revision 1.21
usr.sbin/npf/npfctl/npf_var.c: revision 1.13
sys/net/npf/files.npf: revision 1.23
usr.sbin/npf/npfctl/npf_show.c: revision 1.32
usr.sbin/npf/npfctl/npf.conf.5: revision 1.91
sys/net/npf/npf_os.c: revision 1.18
sys/net/npf/npf_connkey.c: revision 1.2
sys/net/npf/npf_conf.c: revision 1.17
lib/libnpf/libnpf.3: revision 1.12
usr.sbin/npf/npftest/npftest.c: revision 1.25
usr.sbin/npf/npftest/libnpftest/npf_gc_test.c: revision 1.1
usr.sbin/npf/npfctl/npf_parse.y: revision 1.51
sys/net/npf/npf_tableset.c: revision 1.35
usr.sbin/npf/npftest/npftest.conf: revision 1.9
sys/net/npf/npf_sendpkt.c: revision 1.22
usr.sbin/npf/npfctl/npf_var.h: revision 1.10
sys/net/npf/npf_state.c: revision 1.23
sys/net/npf/npf_conn.h: revision 1.20
usr.sbin/npf/npfctl/npfctl.c: revision 1.64
usr.sbin/npf/npfctl/npf_cmd.c: revision 1.1
sys/net/npf/npf_portmap.c: revision 1.5
sys/net/npf/npf_params.c: revision 1.3
usr.sbin/npf/npfctl/npf_scan.l: revision 1.32
tests/net/npf/t_npf.sh: revision 1.4
sys/net/npf/npf_ext_rndblock.c: revision 1.9
lib/libnpf/npf.h: revision 1.39
sys/net/npf/npf_ruleset.c: revision 1.51
sys/net/npf/npf_alg_icmp.c: revision 1.33
sys/net/npf/npf.c: revision 1.43
usr.sbin/npf/npftest/libnpftest/npf_test_subr.c: revision 1.17
usr.sbin/npf/npfctl/npfctl.8: revision 1.25
sys/net/npf/npf_ctl.c: revision 1.60
usr.sbin/npf/npftest/libnpftest/npf_test_subr.c: revision 1.18
usr.sbin/npf/npftest/libnpftest/Makefile: revision 1.11
sys/net/npf/npf_handler.c: revision 1.49
sys/net/npf/npf_inet.c: revision 1.57
sys/net/npf/npf_ifaddr.c: revision 1.7
sys/net/npf/npf_conndb.c: revision 1.9
sys/net/npf/npf_if.c: revision 1.13
usr.sbin/npf/npfctl/Makefile: revision 1.15
sys/net/npf/npf_conn.c: revision 1.32
sys/net/npf/npf_ext_normalize.c: revision 1.10
sys/net/npf/npf_rproc.c: revision 1.20
sys/net/npf/npf_worker.c: revision 1.8

Major NPF improvements (merge from upstream):
- Switch to the C11-style atomic primitives using atomic_loadstore(9).
- npfkern: introduce the 'state.key.interface' and 'state.key.direction'
settings. Users can now choose whether the connection state should be
strictly per-interface or global at the configuration level. Keep NAT
logic to be always per-interface, though.
- npfkern: rewrite the G/C worker logic and make it self-tuning.
- npfkern and libnpf: multiple bug fixes; add param exporting; introduce
more parameters. Remove npf_nvlist_{copyin,copyout}() functions and
refactor npfctl_load_nvlist() with others; add npfctl_run_op() to have
a single entry point for operations. Introduce npf_flow_t and clean up
some code.
- npfctl: lots of fixes for the 'npfctl show' logic; make 'npfctl list'
more informative; misc usability improvements and more user-friendly
error messages.
- Amend and improve the manual pages.

npf_worker_sys{init,fini}: initialize/destroy the exit_cv condvar.

npftest -- npf_test_init(): add a workaround for NetBSD.

npf-params(7): fix the state.key defaults.

npf-params.7: s/filer/filter/

Adjust to "npfctl debug" command line changes, from rmind@.

Use more markup.
 1.15.2.1  13-Aug-2019  martin Pull up following revision(s) (requested by rmind in ticket #49):

usr.sbin/npf/npf.7: revision 1.7
sys/net/npf/npfkern.h: revision 1.4
sys/net/npf/npf_conn.h: revision 1.18
usr.sbin/npf/npftest/libnpftest/npf_nat_test.c: revision 1.13
sys/net/npf/npf_ctl.c: revision 1.55
sys/net/npf/npf_os.c: revision 1.14
sys/net/npf/npf_conf.c: revision 1.14
usr.sbin/npf/npftest/libnpftest/npf_conn_test.c: revision 1.3
usr.sbin/npf/npftest/libnpftest/npf_perf_test.c: revision 1.9
sys/net/npf/npf_impl.h: revision 1.76
sys/net/npf/npf_portmap.c: revision 1.4
sys/net/npf/npf_params.c: revision 1.2
sys/net/npf/npf.c: revision 1.40
usr.sbin/npf/npftest/libnpftest/npf_test_subr.c: revision 1.16
usr.sbin/npf/npftest/libnpftest/npf_rule_test.c: revision 1.18
sys/net/npf/npf_nat.c: revision 1.47
sys/net/npf/npf_handler.c: revision 1.47
sys/net/npf/npf_inet.c: revision 1.55
sys/net/npf/npf_if.c: revision 1.10
sys/net/npf/npf_worker.c: revision 1.7
usr.sbin/npf/npf-params.7: revision 1.3

npf-params(7): add more bpf.jit details.
From David H. Gutteridge.

Adjust some internal NPF APIs:
* npfkern: use the npfk_ prefix.
* NPF portmap: amend the API so it could be used elsewhere.
* Make npf_connkey_t public.

npf.7: add xref to npf-params.7
(Adding directly here since this particular file isn't included in
rmind@'s upstream GitHub repo at present.)

RSS XML Feed