Revision tags: v6.2.1, v6.2.0, v6.3.0, v6.0.1, v6.0.0, v6.0.0rc1, v6.1.0, v5.8.3, v5.8.2, v5.8.1, v5.8.0, v5.9.0, v5.8.0rc1, v5.6.3, v5.6.2, v5.6.1, v5.6.0, v5.6.0rc1, v5.7.0, v5.4.3, v5.4.2, v5.4.1, v5.4.0, v5.5.0, v5.4.0rc1, v5.2.2, v5.2.1, v5.2.0, v5.3.0, v5.2.0rc, v5.0.2, v5.0.1, v5.0.0, v5.0.0rc2, v5.1.0, v5.0.0rc1, v4.8.1, v4.8.0, v4.6.2, v4.9.0, v4.8.0rc, v4.6.1, v4.6.0, v4.6.0rc2, v4.6.0rc, v4.7.0, v4.4.3, v4.4.2, v4.4.1, v4.4.0, v4.5.0, v4.4.0rc, v4.2.4, v4.3.1, v4.2.3, v4.2.1, v4.2.0, v4.0.6, v4.3.0, v4.2.0rc, v4.0.5, v4.0.4, v4.0.3, v4.0.2, v4.0.1, v4.0.0, v4.0.0rc3, v4.0.0rc2, v4.0.0rc, v4.1.0, v3.8.2 |
|
#
32772c96 |
| 29-Jun-2014 |
Matthew Dillon <dillon@apollo.backplane.com> |
kernel - Fix pf-based NAT
* NAT may not always be able to select a translated addr/port that is compatible with the source addr/port. In this situation return packets from the translated target
kernel - Fix pf-based NAT
* NAT may not always be able to select a translated addr/port that is compatible with the source addr/port. In this situation return packets from the translated target won't be able to find the state structure.
This occurs if static-port is used or if the port range is insufficent for PF to be able to find a hash-compatible addr/port.
This also occurs for UDP because the toeplitz hash does not appear to include a port (so there's nothing PF NAT can do to make it hash-compatible).
* In situations where PF believes a translation is not hash-compatible, the pf_state_key will be placed on a global RBTREE instead of the cpu-localized RBTREE. This tree is checked and modified with a separate lock (shared when doing lookups, exclusive when doing adjustments).
The nominal pf_find_state*() code will now check the global RBTREE if the state cannot be found in the localized tree.
* Modifications to the pf_state structure are now exclusively locked to handle the case where a state structure might be used by multiple cpu's at the same time. This can only occur for translations such as NAT.
* The TCP code is not allowed to destroy state on connection reuse unless the state is cpu-local. If it is not cpu-local the TCP code will mark the state for an immediate purge (within the next second).
* Add a TSO flag check to pf_route(), which is called via NAT. Locally originated packets may have been built with TSO. For PF NAT, we can only assume that the target interface will be compatible and allow the packet through (not try to fragment it, which won't work well anyway for TCP packets).
show more ...
|
#
3a0038bf |
| 27-Jun-2014 |
Matthew Dillon <dillon@apollo.backplane.com> |
pf - make the bulk of PF concurrent under normal operation
* state and ip fragment tables are now per-cpu.
* packet paths acquire pf_token shared instead of exclusive. Packet processing runs con
pf - make the bulk of PF concurrent under normal operation
* state and ip fragment tables are now per-cpu.
* packet paths acquire pf_token shared instead of exclusive. Packet processing runs concurrently.
* Any dynamic rules updates will run synchronously for now.
* State expiration from the pfpurge thread runs synchronously for now. More work can be done here.
* ioctl (and also pfsync) paths acquire pf_token exclusively. That is, primarily pfctl commands. This includes rules updates and state scans. More work can be done here.
show more ...
|
Revision tags: v3.8.1, v3.6.3, v3.8.0, v3.8.0rc2, v3.9.0, v3.8.0rc, v3.6.2, v3.6.1, v3.6.0, v3.7.1, v3.6.0rc, v3.7.0, v3.4.3, v3.4.2, v3.4.0, v3.4.1, v3.4.0rc, v3.5.0, v3.2.2, v3.2.1, v3.2.0, v3.3.0, v3.0.3, v3.0.2, v3.0.1, v3.1.0, v3.0.0 |
|
#
86d7f5d3 |
| 26-Nov-2011 |
John Marino <draco@marino.st> |
Initial import of binutils 2.22 on the new vendor branch
Future versions of binutils will also reside on this branch rather than continuing to create new binutils branches for each new version.
|
Revision tags: v2.12.0, v2.13.0, v2.10.1, v2.11.0, v2.10.0, v2.9.1, v2.8.2, v2.8.1, v2.8.0, v2.9.0, v2.6.3, v2.7.3, v2.6.2, v2.7.2, v2.7.1, v2.6.1, v2.7.0, v2.6.0, v2.5.1, v2.4.1, v2.5.0, v2.4.0, v2.3.2, v2.3.1, v2.2.1 |
|
#
99dd49c5 |
| 15-Apr-2009 |
Sascha Wildner <saw@online.de> |
Fix the way <sys/ioccom.h> is included throughout our tree.
The original intention was to include it only in header files which define ioctl codes and not in .c or .h files which include headers tha
Fix the way <sys/ioccom.h> is included throughout our tree.
The original intention was to include it only in header files which define ioctl codes and not in .c or .h files which include headers that define ioctl codes.
Adjust the tree to follow this idea.
Pointed-out-by: Guy Harris <guy@alum.mit.edu> Dragonfly-bug: <http://bugs.dragonflybsd.org/issue1334>
show more ...
|
Revision tags: v2.2.0, v2.3.0, v2.1.1, v2.0.1 |
|
#
f46342b6 |
| 20-Sep-2004 |
Matthew Dillon <dillon@dragonflybsd.org> |
if_pfsync.h needs pfvar.h for struct pf_addr. The ioctl header collection code for kdump collects the two header files in the wrong order. The easiest solution for now is to hack if_pfsync.h to inc
if_pfsync.h needs pfvar.h for struct pf_addr. The ioctl header collection code for kdump collects the two header files in the wrong order. The easiest solution for now is to hack if_pfsync.h to include pfvar.h.
show more ...
|
#
02742ec6 |
| 19-Sep-2004 |
Joerg Sonnenberger <joerg@dragonflybsd.org> |
Kernel part of PF
Ported-by: - Max Layer (original patch set, FreeBSD PF maintainer) - Devon O'Dell, Simon 'corecode' Schubert (integration and DragonFly specific changes)
In contrast to FreeBSD
Kernel part of PF
Ported-by: - Max Layer (original patch set, FreeBSD PF maintainer) - Devon O'Dell, Simon 'corecode' Schubert (integration and DragonFly specific changes)
In contrast to FreeBSD and OpenBSD, use direct flags in pkthdr instead of m_tags. This reduces allocation and processing overhead.
Keep the IP header in Host Byte Order like the rest of the tree assumes.
Module support has a memory leak for vm_zones when unloading pf.ko.
show more ...
|
#
ed1f0be2 |
| 11-Oct-2010 |
Jan Lentfer <Jan.Lentfer@web.de> |
pf: Update packetfilter to OpenBSD 4.4
* As correct pf function depends directly on pfsync now compile if_pfsyn.c into pf.ko. pflog is already part of pf.ko.
* A
pf: Update packetfilter to OpenBSD 4.4
* As correct pf function depends directly on pfsync now compile if_pfsyn.c into pf.ko. pflog is already part of pf.ko.
* Activate pfsync function by default. It's not a kernel option anymore, but pfsync is very unlikley to work. Anyway our ifconfig is missing all pfsync related options. I will try to make pfsync working again after upgrading to pf from OpenBSD 4.5 as pfsync changes completley then and is not compatible anymore with prior versions.
* Also make the module unloading sane in if_pflog.c
Thanks to Alex Hornung and Aggelos Economopoulos for debugging.
show more ...
|
#
315a7da3 |
| 27-Aug-2010 |
Jan Lentfer <Jan.Lentfer@web.de> |
pf: Update to OpenBSD 4.2
All sorts of informations is now stored directly in the mbuf header instead of a seperate mbuf tag. This brings in a 100% performance increase in comparison to OpenBSD
pf: Update to OpenBSD 4.2
All sorts of informations is now stored directly in the mbuf header instead of a seperate mbuf tag. This brings in a 100% performance increase in comparison to OpenBSD 4.1. For DragonFly this basically means this is the same performance as in 2.6, but we are equal again with OpenBSD's pf data structures.
Necesary additions:
sys/net: add more interface groups related functions
if_creategroup() if_addgroup() if_delgroup() if_getgroup() if_getgroupmembers()
Imported from OpenBSD
carp: add carp_group_demote_adj()
altq: re-add check of packet tagging
fairq & red support, UDP nat'ing, reassembly fixed by Matthew Dillon
show more ...
|
#
c3c8c553 |
| 09-Aug-2010 |
Jan Lentfer <Jan.Lentfer@web.de> |
pf: Fix if_pfsync to compile
if_pfsync has to be enabled in the kernel config file. It passed the last update unattended. This patch let's it compile, but function is untested, also tdb functio
pf: Fix if_pfsync to compile
if_pfsync has to be enabled in the kernel config file. It passed the last update unattended. This patch let's it compile, but function is untested, also tdb functioniality has been removed.
show more ...
|
#
70224baa |
| 08-Aug-2010 |
Jan Lentfer <Jan.Lentfer@web.de> |
pf: Update packet filter to the version that comes with OpenBSD 4.1
The original OpenBSD 4.1 defaults to "keep state flags S/SA" for all pass rules. In contrast to that we default to "no sta
pf: Update packet filter to the version that comes with OpenBSD 4.1
The original OpenBSD 4.1 defaults to "keep state flags S/SA" for all pass rules. In contrast to that we default to "no state". As in earlier verions of pf in DragonFly the default keep-state policy can still be set with the keep-policy option (e.g. "set keep-policy keep state (pickups)").
DragonFly additions to pf have been kept: fairq support, pickups.
Detailed Info on changes/additions: * ALTQ: Fix altq to work with pf_mtag Patch by Matthew Dillon * libkern: Revert commit e104539 strchr was added to libkern.h together with strrch * net/if.h: add interface groups Imported from FreeBSD. * netinet6/in6.h: add macros IN6_IS_ADDR_MC_INTFACELOCAL IN6_IS_SCOPE_EMBED PV6_ADDR_SCOPE_INTFACELOCAL * sys/libkern.h: Add strchr and strrchr as inline functions Brought in from FreeBSD * sys/net/if_var.h: Import interface groups Import interface groups and event handlers from FreeBSD * sys/net/if_var.h: add if_pf_kif, if_groups to struct ifnet obtained from: Open/FreeBSD * net/if_types.h: add IFT_ENC to non-IATA-assignments obtained from Open/FreeBSD * net/bpf.c: add bpf_mtap_hdr from OpenBSD Con up a minimal dummy header to pacify bpf. Allocate (only) a struct m_hdr on the stack.
show more ...
|