#
259065 |
|
07-Dec-2013 |
gjb |
- Copy stable/10 (r259064) to releng/10.0 as part of the 10.0-RELEASE cycle. - Update __FreeBSD_version [1] - Set branch name to -RC1
[1] 10.0-CURRENT __FreeBSD_version value ended at '55', so start releng/10.0 at '100' so the branch is started with a value ending in zero.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation |
#
256281 |
|
10-Oct-2013 |
gjb |
Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
|
#
255332 |
|
06-Sep-2013 |
cy |
Update ipfilter 4.1.28 --> 5.1.2.
Approved by: glebius (mentor) BSD Licensed by: Darren Reed <darrenr@reed.wattle.id.au> (author)
|
#
249266 |
|
08-Apr-2013 |
glebius |
Forcibly defining _KERNEL is bad idea. Toss some code so that ip_var.h isn't included with forced _KERNEL define.
|
#
240725 |
|
20-Sep-2012 |
kevlo |
Fix typo: s/pakcet/packet
|
#
207369 |
|
29-Apr-2010 |
bz |
MFP4: @176978-176982, 176984, 176990-176994, 177441
"Whitspace" churn after the VIMAGE/VNET whirls.
Remove the need for some "init" functions within the network stack, like pim6_init(), icmp_init() or significantly shorten others like ip6_init() and nd6_init(), using static initialization again where possible and formerly missed.
Move (most) variables back to the place they used to be before the container structs and VIMAGE_GLOABLS (before r185088) and try to reduce the diff to stable/7 and earlier as good as possible, to help out-of-tree consumers to update from 6.x or 7.x to 8 or 9.
This also removes some header file pollution for putatively static global variables.
Revert VIMAGE specific changes in ipfilter::ip_auth.c, that are no longer needed.
Reviewed by: jhb Discussed with: rwatson Sponsored by: The FreeBSD Foundation Sponsored by: CK Software GmbH MFC after: 6 days
|
#
183550 |
|
02-Oct-2008 |
zec |
Step 1.5 of importing the network stack virtualization infrastructure from the vimage project, as per plan established at devsummit 08/08: http://wiki.freebsd.org/Image/Notes200808DevSummit
Introduce INIT_VNET_*() initializer macros, VNET_FOREACH() iterator macros, and CURVNET_SET() context setting macros, all currently resolving to NOPs.
Prepare for virtualization of selected SYSCTL objects by introducing a family of SYSCTL_V_*() macros, currently resolving to their global counterparts, i.e. SYSCTL_V_INT() == SYSCTL_INT().
Move selected #defines from sys/sys/vimage.h to newly introduced header files specific to virtualized subsystems (sys/net/vnet.h, sys/netinet/vinet.h etc.).
All the changes are verified to have zero functional impact at this point in time by doing MD5 comparision between pre- and post-change object files(*).
(*) netipsec/keysock.c did not validate depending on compile time options.
Implemented by: julian, bz, brooks, zec Reviewed by: julian, bz, brooks, kris, rwatson, ... Approved by: julian (mentor) Obtained from: //depot/projects/vimage-commit2/... X-MFC after: never Sponsored by: NLnet Foundation, The FreeBSD Foundation
|
#
173931 |
|
26-Nov-2007 |
darrenr |
Fix 3 issues relating to the use of "auth" rules in IPFilter, from sourceforge: 1837014 Kernel panics after authentication of an outgoing packet 1836992 Potential bugs in packet auth code (w/patches) 1836967 Kernel panic when using auth rule with keep state and another reported only to FreeBSD by Andiry (see PR)
PR: kern/118251 Submitted by: Andriy Syrovenko <andriys@gmail.com> Reviewed by: darrenr MFC after: 5 days
|
#
173181 |
|
30-Oct-2007 |
darrenr |
Apply a few changes from ipfilter-current: * Do not hold any locks over calls to copyin/copyout. * Clean up some #ifdefs * fix a possible mbuf leak when NAT fails on policy routed packets
PR: 117216
|
#
172776 |
|
18-Oct-2007 |
darrenr |
Pullup IPFilter 4.1.28 from the vendor branch into HEAD.
MFC after: 7 days
|
#
170268 |
|
04-Jun-2007 |
darrenr |
Merge IPFilter 4.1.23 back to HEAD See src/contrib/ipfilter/HISTORY for details of changes since 4.1.13
|
#
161356 |
|
16-Aug-2006 |
guido |
Resolve conflicts
MFC after: 2 weeks
|
#
153876 |
|
30-Dec-2005 |
guido |
Resolve conflicts
|
#
153084 |
|
04-Dec-2005 |
ru |
Fix -Wundef from compiling the amd64 LINT.
|
#
145579 |
|
27-Apr-2005 |
darrenr |
- Comment out duplicate rcsid strings in *.c files - Move SIOCPROXY from ip_nat.h to ip_proxy.h and fix ip_proxy.h so that it can be easily compiled into kdump, et al.
|
#
145522 |
|
25-Apr-2005 |
darrenr |
Merge the changes from 3.4.35 to 4.1.8 into the kernel source tree
|
#
139327 |
|
26-Dec-2004 |
darrenr |
* Remove some code that's in a #ifndef FreeBSD that's no longer used.
|
#
139255 |
|
24-Dec-2004 |
darrenr |
Enable fine grained locking within IPFilter, using mtx(9) and sx(9) allowing the the "needs giant" flag to be removed from the driver.
|
#
130911 |
|
22-Jun-2004 |
darrenr |
revert section of code that calls netisr_queue() to match v1.33 of this file
|
#
130910 |
|
22-Jun-2004 |
darrenr |
#ifdef's for FreeBSD are wrong, causing too many variable declaractions to disappear.
|
#
130886 |
|
21-Jun-2004 |
darrenr |
Update ipfilter from 3.4.31 -> 3.4.35. Some important changes: * block packets that fail to create state table entries * only allow non-fragmented packets to influence whether or not a logged packet is the same as the one logged before. * correct the ICMP packet checksum fixing up when processing ICMP errors for NAT * implement a maximum for the number of entries in the NAT table (NAT_TABLE_MAX and ipf_nattable_max) * frsynclist() wasn't paying attention to all the places where interface names are, like it should. * fix comparing ICMP packets with established TCP state where only 8 bytes of header are returned in the ICMP error.
MFC after: 1 week
|
#
111888 |
|
04-Mar-2003 |
jlemon |
Update netisr handling; Each SWI now registers its queue, and all queue drain routines are done by swi_net, which allows for better queue control at some future point. Packets may also be directly dispatched to a netisr instead of queued, this may be of interest at some installations, but currently defaults to off.
Reviewed by: hsu, silby, jayanth, sam Sponsored by: DARPA, NAI Labs
|
#
110916 |
|
15-Feb-2003 |
darrenr |
Commit import changed from vendor branch of ipfilter to -current head
|
#
110915 |
|
15-Feb-2003 |
darrenr |
Commit import changed from vendor branch of ipfilter to -current head
|
#
105194 |
|
15-Oct-2002 |
sam |
Replace aux mbufs with packet tags:
o instead of a list of mbufs use a list of m_tag structures a la openbsd o for netgraph et. al. extend the stock openbsd m_tag to include a 32-bit ABI/module number cookie o for openbsd compatibility define a well-known cookie MTAG_ABI_COMPAT and use this in defining openbsd-compatible m_tag_find and m_tag_get routines o rewrite KAME use of aux mbufs in terms of packet tags o eliminate the most heavily used aux mbufs by adding an additional struct inpcb parameter to ip_output and ip6_output to allow the IPsec code to locate the security policy to apply to outbound packets o bump __FreeBSD_version so code can be conditionalized o fixup ipfilter's call to ip_output based on __FreeBSD_version
Reviewed by: julian, luigi (silent), -arch, -net, darren Approved by: julian, silence from everyone else Obtained from: openbsd (mostly) MFC after: 1 month
|
#
98004 |
|
07-Jun-2002 |
darrenr |
Commit changes that happened in IPFilter versions 3.4.27 - 3.4.28
|
#
95418 |
|
25-Apr-2002 |
darrenr |
bring in changes from 3.4.26.
|
#
92685 |
|
19-Mar-2002 |
darrenr |
fix conflicts (mostly damn rcs id's) generated by import
|
#
91478 |
|
28-Feb-2002 |
mike |
Change two occurrences of HTONS() to use htons().
|
#
91441 |
|
27-Feb-2002 |
peter |
Fix warning (unused variable)
Submitted by: LINT, -Werror
|
#
89336 |
|
14-Jan-2002 |
alfred |
Backout inclusion of queue.h since rev 1.38 sys/file.h now has it included in the right order.
|
#
89316 |
|
13-Jan-2002 |
alfred |
Include sys/_lock.h and sys/_mutex.h to reduce namespace pollution.
Requested by: jhb
|
#
80482 |
|
28-Jul-2001 |
darrenr |
fix conflicts created by import
|
#
72006 |
|
04-Feb-2001 |
darrenr |
fix conflicts
|
#
69152 |
|
25-Nov-2000 |
jlemon |
Lock down the network interface queues. The queue mutex must be obtained before adding/removing packets from the queue. Also, the if_obytes and if_omcasts fields should only be manipulated under protection of the mutex.
IF_ENQUEUE, IF_PREPEND, and IF_DEQUEUE perform all necessary locking on the queue. An IF_LOCK macro is provided, as well as the old (mutex-less) versions of the macros in the form _IF_ENQUEUE, _IF_QFULL, for code which needs them, but their use is discouraged.
Two new macros are introduced: IF_DRAIN() to drain a queue, and IF_HANDOFF, which takes care of locking/enqueue, and also statistics updating/start if necessary.
|
#
65837 |
|
14-Sep-2000 |
ru |
Follow BSD/OS and NetBSD, keep the ip_id field in network order all the time.
Requested by: wollman
|
#
64105 |
|
01-Aug-2000 |
roberto |
Change __FreeBSD_Version into the proper __FreeBSD_version.
Submitted by: Alain.Thivillon@hsc.fr (Alain Thivillon) (for ip_fil.c)
|
#
63523 |
|
19-Jul-2000 |
darrenr |
fix conflicts
|
#
60857 |
|
24-May-2000 |
darrenr |
fix up conflicts
|
#
60850 |
|
24-May-2000 |
darrenr |
fix conflicts
|
#
57126 |
|
10-Feb-2000 |
guido |
Re add rev 1.11 diffs to ip_fil.h Also discover that I did not undefine CVS_FUBAR (which no longer exists) and thus forgot to add $FreeBSD's. Add them.
Approved by: jkh (is part of ipfilter upgrade)
|
#
57096 |
|
09-Feb-2000 |
guido |
Bring over ipfilter v3_3_8 kernel sources, including merging the local modifications. Also fix initializing fr_running in KLD case. Rename ipl_inited to fr_runninhg in mlfk_ipl
Approved by: jkh
|
#
55929 |
|
13-Jan-2000 |
guido |
Bring over ipfilter kernel sources, including merging the local modifications.
|
#
55460 |
|
05-Jan-2000 |
eivind |
KERNEL -> _KERNEL
|
#
54221 |
|
06-Dec-1999 |
guido |
Revive mlfk_ipl here. This version is slightly changed from the old one: an unnecessary define (KLD_MODULE) has been deleted and the initialisation of the module is done after domaininit was called to be sure inet is running.
Some slight changed were made to ip_auth.c and ip_state.c in order to assure including of sys/systm.h in case we make a kld
Make sure ip_fil does nmot include osreldate in kernel mode
Remove mlfk_ipl.c from here: no sources allowed in these directories!
|
#
53642 |
|
23-Nov-1999 |
guido |
Add kernel parts of revived ipfilter (3.3.3.)
|