#
1.37 |
|
24-Jun-2023 |
msaitoh |
Fix typo in comment.
|
#
1.36 |
|
03-Feb-2023 |
christos |
Fix use after free on packet with broken lengths
Under the scenario with a packet with length of 67 bytes, a header length using the default of 20 bytes and a TCP data offset (th_off) of 48 will cause m_pullup() to fail to make sure bytes are arranged contiguously. m_pullup() will free the mbuf chain and return a null. ipfilter stores the resultant mbuf address (or the resulting NULL) in its fr_info_t structure. Unfortunately the erroneous packet is not flagged for drop. From FreeBSD via CY Schubert; originally reported by: Robert Morris <rtm at lcs.mit.edu>
|
Revision tags: netbsd-10-base bouyer-sunxi-drm-base
|
#
1.35 |
|
05-Dec-2021 |
msaitoh |
s/recusive/recursive/ in comment.
|
#
1.34 |
|
05-Dec-2021 |
msaitoh |
s/imples/implies/ in comment.
|
Revision tags: thorpej-i2c-spi-conf2-base thorpej-futex2-base thorpej-cfargs2-base cjep_sun2x-base1 cjep_sun2x-base cjep_staticlib_x-base1 cjep_staticlib_x-base thorpej-i2c-spi-conf-base thorpej-cfargs-base thorpej-futex-base bouyer-xenpvh-base2 phil-wifi-20200421 bouyer-xenpvh-base1 phil-wifi-20200411
|
#
1.33 |
|
09-Apr-2020 |
christos |
PR/55149: Kouichi Hashikawa: Get morefrag before we strip it out from off
|
Revision tags: bouyer-xenpvh-base phil-wifi-20200406
|
#
1.32 |
|
05-Apr-2020 |
christos |
branches: 1.32.2; PR/55137: Kouichi Hashikawa: ipfstat -f incorrect output Fix incorrect byte order.
|
Revision tags: is-mlppp-base ad-namecache-base3 ad-namecache-base2 ad-namecache-base1 ad-namecache-base phil-wifi-20191119
|
#
1.31 |
|
30-Sep-2019 |
bouyer |
Fix 2 bugs, reported by Edgar Fu� on tech-net@ - pfil_run_hooks() can be called recursively, so we have to #define FASTROUTE_RECURSION in fil.c - ip6_if_output()/nd6_output() will free the mbuf on error, to make sure to set *mpp to NULL so the caller won't try to free it again.
|
#
1.30 |
|
08-Aug-2019 |
christos |
PR/54443: Edgar Fu�: ip mistakenly regards UDP packet with checksum field 0xffff as bad
|
Revision tags: netbsd-9-base
|
#
1.29 |
|
28-Jun-2019 |
christos |
branches: 1.29.2; Revert previous and do the off == 1 case after we've taken the mask.
|
#
1.28 |
|
26-Jun-2019 |
christos |
Conform to RFC 3128 by dropping TCP fragments with offset = 1. In addition to dropping these fragments, add a DTrace probe to allow for more detailed monitoring and diagnosis if required. From FreeBSD r349399, reported vy Cy Schubert
|
#
1.27 |
|
26-Jun-2019 |
christos |
Remove fd_local, it is not used, from FreeBSD r349401, reported by Cy Schubert
|
#
1.26 |
|
26-Jun-2019 |
christos |
Remove redundant off != 0 check, from FreeBSD r349400, reported by Cy Schubert
|
Revision tags: phil-wifi-20190609 isaki-audio2-base
|
#
1.25 |
|
04-Feb-2019 |
mrg |
add fallthru comments.
|
Revision tags: pgoyette-compat-20190127 pgoyette-compat-20190118 pgoyette-compat-1226 pgoyette-compat-1126 pgoyette-compat-1020 pgoyette-compat-0930 pgoyette-compat-0906 pgoyette-compat-0728
|
#
1.24 |
|
11-Jul-2018 |
maxv |
Rename
ip_undefer_csum -> in_undefer_cksum in_delayed_cksum -> in_undefer_cksum_tcpudp
The two previous names were inconsistent and misleading.
Put the two functions into in_offload.c. Add comments to explain what we're doing.
The same could be done for IPv6.
|
Revision tags: phil-wifi-base pgoyette-compat-0625
|
#
1.23 |
|
03-Jun-2018 |
maxv |
branches: 1.23.2; Constify a bunch of global varialbes under ipf/ so that they land in .rodata (3472 bytes).
Also, remove ipf_tuneables[], unused.
|
Revision tags: pgoyette-compat-0521 pgoyette-compat-0502 pgoyette-compat-0422 pgoyette-compat-0415 pgoyette-compat-0407 pgoyette-compat-0330 pgoyette-compat-0322 pgoyette-compat-0315 pgoyette-compat-base
|
#
1.22 |
|
04-Feb-2018 |
mrg |
branches: 1.22.2; apply __attribute__((__used__)) for rcsid, etc.
|
Revision tags: tls-maxphys-base-20171202
|
#
1.21 |
|
05-Sep-2017 |
christos |
Revert changing the byte order of fi->fi_addr. It is already correct. From Timo Buhrmester XXX: pullup 8.
|
Revision tags: nick-nhusb-base-20170825 perseant-stdc-iso10646-base netbsd-8-base prg-localcount2-base3 prg-localcount2-base2 prg-localcount2-base1 prg-localcount2-base pgoyette-localcount-20170426
|
#
1.20 |
|
23-Apr-2017 |
christos |
branches: 1.20.4; Disconnect maintaining fragment state from keeping session state. The user now must specify keep frags along with keep state to have ipfilter do what it did before, as documented in ipf.conf.5. (Cy Schubert @ FreeBSD)
|
Revision tags: bouyer-socketcan-base1 jdolecek-ncq-base pgoyette-localcount-20170320 nick-nhusb-base-20170204 bouyer-socketcan-base pgoyette-localcount-20170107 nick-nhusb-base-20161204 pgoyette-localcount-20161104 nick-nhusb-base-20161004 localcount-20160914 pgoyette-localcount-20160806
|
#
1.19 |
|
05-Aug-2016 |
christos |
partial sync with FreeBSD
|
Revision tags: pgoyette-localcount-20160726 pgoyette-localcount-base nick-nhusb-base-20160907 nick-nhusb-base-20160529 nick-nhusb-base-20160422
|
#
1.18 |
|
04-Apr-2016 |
christos |
branches: 1.18.2; We don't need this in /current because packet processing does not happen in an interrupt anymore (pointed out by ozaki@)
|
#
1.17 |
|
03-Apr-2016 |
christos |
Comment out the mutex calls that protect against concurrent configuration changes and processing. This needs to be done differently since you can't sleep during interrupt processing.
|
Revision tags: nick-nhusb-base-20160319 nick-nhusb-base-20151226 nick-nhusb-base-20150921 nick-nhusb-base-20150606 nick-nhusb-base-20150406
|
#
1.16 |
|
02-Apr-2015 |
khorben |
Fix for PR kern/48109 (and its duplicate kern/49807)
As provided by Takahiro HAYASHI in PR kern/48109. Additional error registration in ipf(8) by myself. Changes tested with GENERIC and XEN3_DOM0. Thanks!
XXX pull-up netbsd-7
|
Revision tags: nick-nhusb-base netbsd-7-base tls-earlyentropy-base tls-maxphys-base
|
#
1.15 |
|
16-Jun-2014 |
christos |
branches: 1.15.2; 1.15.4; Darren Reed: #550 filter rule list corrupted with inserted rules
|
Revision tags: yamt-pagecache-base9 riastradh-xf86-video-intel-2-7-1-pre-2-21-15 rmind-smpnet-nbase rmind-smpnet-base
|
#
1.14 |
|
20-Mar-2014 |
christos |
branches: 1.14.2; kill sprintf
|
Revision tags: riastradh-drm2-base3
|
#
1.13 |
|
27-Nov-2013 |
christos |
CID 976267: NULL deref check
|
#
1.12 |
|
18-Sep-2013 |
rmind |
Add bpf_filter_ext() to use with BPF COP, restore bpf_filter() as it was originally to preserve compatibility. Similarly, add bpf_validate_ext() which takes bpf_ctx_t.
|
#
1.11 |
|
12-Sep-2013 |
martin |
Remove unused variable
|
#
1.10 |
|
30-Aug-2013 |
rmind |
bpf_filter: add a custom argument which can be passed to coprocessor routine.
|
#
1.9 |
|
29-Aug-2013 |
rmind |
Implement BPF_COP/BPF_COPX instructions in the misc category (BPF_MISC) which add a capability to call external functions in a predetermined way.
It can be thought as a BPF "coprocessor" -- a generic mechanism to offload more complex packet inspection operations. There is no default coprocessor and this functionality is not targeted to the /dev/bpf. This is primarily targeted to the kernel subsystems, therefore there is no way to set a custom coprocessor at the userlevel.
Discussed on: tech-net@ OK: core@
|
Revision tags: riastradh-drm2-base2 riastradh-drm2-base1 riastradh-drm2-base agc-symver-base yamt-pagecache-base8
|
#
1.8 |
|
09-Jan-2013 |
christos |
branches: 1.8.2; Back out my last change, which was a partial fix for hash code computation problems. Apply Darren's more complete reworking of hash code computation. Ensure that the struct containing the red-black tree head is properly initialized. From Geoff Adams
|
#
1.7 |
|
20-Dec-2012 |
christos |
- Replace the seemingly broken built-in ipf rbtree implementation with ours. - Fix typos in comments - Fix 2 mutex errors From Geoff Adams
|
Revision tags: yamt-pagecache-base7 yamt-pagecache-base6
|
#
1.6 |
|
09-Oct-2012 |
christos |
remove wrong ntohl (from Aran Clauson)
|
#
1.5 |
|
22-Jul-2012 |
darrenr |
branches: 1.5.2; ansify new function definition
|
#
1.4 |
|
22-Jul-2012 |
darrenr |
ansify new functio definitions
|
#
1.3 |
|
22-Jul-2012 |
darrenr |
Merge IPFilter 5.1.2 into HEAD
|
Revision tags: jmcneill-usbmp-base10 yamt-pagecache-base5 jmcneill-usbmp-base9 yamt-pagecache-base4 jmcneill-usbmp-base8
|
#
1.2 |
|
23-Mar-2012 |
christos |
branches: 1.2.2; 1.2.4; apply our changes. - prototypes - ip_h323_pxy.c is missing from the distribution - original tar distribution is missing <$>Id values in most files
|
#
1.1 |
|
23-Mar-2012 |
christos |
branches: 1.1.1; Initial revision
|
#
1.36 |
|
03-Feb-2023 |
christos |
Fix use after free on packet with broken lengths
Under the scenario with a packet with length of 67 bytes, a header length using the default of 20 bytes and a TCP data offset (th_off) of 48 will cause m_pullup() to fail to make sure bytes are arranged contiguously. m_pullup() will free the mbuf chain and return a null. ipfilter stores the resultant mbuf address (or the resulting NULL) in its fr_info_t structure. Unfortunately the erroneous packet is not flagged for drop. From FreeBSD via CY Schubert; originally reported by: Robert Morris <rtm at lcs.mit.edu>
|
Revision tags: netbsd-10-base bouyer-sunxi-drm-base
|
#
1.35 |
|
05-Dec-2021 |
msaitoh |
s/recusive/recursive/ in comment.
|
#
1.34 |
|
05-Dec-2021 |
msaitoh |
s/imples/implies/ in comment.
|
Revision tags: thorpej-i2c-spi-conf2-base thorpej-futex2-base thorpej-cfargs2-base cjep_sun2x-base1 cjep_sun2x-base cjep_staticlib_x-base1 cjep_staticlib_x-base thorpej-i2c-spi-conf-base thorpej-cfargs-base thorpej-futex-base bouyer-xenpvh-base2 phil-wifi-20200421 bouyer-xenpvh-base1 phil-wifi-20200411
|
#
1.33 |
|
09-Apr-2020 |
christos |
PR/55149: Kouichi Hashikawa: Get morefrag before we strip it out from off
|
Revision tags: bouyer-xenpvh-base phil-wifi-20200406
|
#
1.32 |
|
05-Apr-2020 |
christos |
branches: 1.32.2; PR/55137: Kouichi Hashikawa: ipfstat -f incorrect output Fix incorrect byte order.
|
Revision tags: is-mlppp-base ad-namecache-base3 ad-namecache-base2 ad-namecache-base1 ad-namecache-base phil-wifi-20191119
|
#
1.31 |
|
30-Sep-2019 |
bouyer |
Fix 2 bugs, reported by Edgar Fu� on tech-net@ - pfil_run_hooks() can be called recursively, so we have to #define FASTROUTE_RECURSION in fil.c - ip6_if_output()/nd6_output() will free the mbuf on error, to make sure to set *mpp to NULL so the caller won't try to free it again.
|
#
1.30 |
|
08-Aug-2019 |
christos |
PR/54443: Edgar Fu�: ip mistakenly regards UDP packet with checksum field 0xffff as bad
|
Revision tags: netbsd-9-base
|
#
1.29 |
|
28-Jun-2019 |
christos |
branches: 1.29.2; Revert previous and do the off == 1 case after we've taken the mask.
|
#
1.28 |
|
26-Jun-2019 |
christos |
Conform to RFC 3128 by dropping TCP fragments with offset = 1. In addition to dropping these fragments, add a DTrace probe to allow for more detailed monitoring and diagnosis if required. From FreeBSD r349399, reported vy Cy Schubert
|
#
1.27 |
|
26-Jun-2019 |
christos |
Remove fd_local, it is not used, from FreeBSD r349401, reported by Cy Schubert
|
#
1.26 |
|
26-Jun-2019 |
christos |
Remove redundant off != 0 check, from FreeBSD r349400, reported by Cy Schubert
|
Revision tags: phil-wifi-20190609 isaki-audio2-base
|
#
1.25 |
|
04-Feb-2019 |
mrg |
add fallthru comments.
|
Revision tags: pgoyette-compat-20190127 pgoyette-compat-20190118 pgoyette-compat-1226 pgoyette-compat-1126 pgoyette-compat-1020 pgoyette-compat-0930 pgoyette-compat-0906 pgoyette-compat-0728
|
#
1.24 |
|
11-Jul-2018 |
maxv |
Rename
ip_undefer_csum -> in_undefer_cksum in_delayed_cksum -> in_undefer_cksum_tcpudp
The two previous names were inconsistent and misleading.
Put the two functions into in_offload.c. Add comments to explain what we're doing.
The same could be done for IPv6.
|
Revision tags: phil-wifi-base pgoyette-compat-0625
|
#
1.23 |
|
03-Jun-2018 |
maxv |
branches: 1.23.2; Constify a bunch of global varialbes under ipf/ so that they land in .rodata (3472 bytes).
Also, remove ipf_tuneables[], unused.
|
Revision tags: pgoyette-compat-0521 pgoyette-compat-0502 pgoyette-compat-0422 pgoyette-compat-0415 pgoyette-compat-0407 pgoyette-compat-0330 pgoyette-compat-0322 pgoyette-compat-0315 pgoyette-compat-base
|
#
1.22 |
|
04-Feb-2018 |
mrg |
branches: 1.22.2; apply __attribute__((__used__)) for rcsid, etc.
|
Revision tags: tls-maxphys-base-20171202
|
#
1.21 |
|
05-Sep-2017 |
christos |
Revert changing the byte order of fi->fi_addr. It is already correct. From Timo Buhrmester XXX: pullup 8.
|
Revision tags: nick-nhusb-base-20170825 perseant-stdc-iso10646-base netbsd-8-base prg-localcount2-base3 prg-localcount2-base2 prg-localcount2-base1 prg-localcount2-base pgoyette-localcount-20170426
|
#
1.20 |
|
23-Apr-2017 |
christos |
branches: 1.20.4; Disconnect maintaining fragment state from keeping session state. The user now must specify keep frags along with keep state to have ipfilter do what it did before, as documented in ipf.conf.5. (Cy Schubert @ FreeBSD)
|
Revision tags: bouyer-socketcan-base1 jdolecek-ncq-base pgoyette-localcount-20170320 nick-nhusb-base-20170204 bouyer-socketcan-base pgoyette-localcount-20170107 nick-nhusb-base-20161204 pgoyette-localcount-20161104 nick-nhusb-base-20161004 localcount-20160914 pgoyette-localcount-20160806
|
#
1.19 |
|
05-Aug-2016 |
christos |
partial sync with FreeBSD
|
Revision tags: pgoyette-localcount-20160726 pgoyette-localcount-base nick-nhusb-base-20160907 nick-nhusb-base-20160529 nick-nhusb-base-20160422
|
#
1.18 |
|
04-Apr-2016 |
christos |
branches: 1.18.2; We don't need this in /current because packet processing does not happen in an interrupt anymore (pointed out by ozaki@)
|
#
1.17 |
|
03-Apr-2016 |
christos |
Comment out the mutex calls that protect against concurrent configuration changes and processing. This needs to be done differently since you can't sleep during interrupt processing.
|
Revision tags: nick-nhusb-base-20160319 nick-nhusb-base-20151226 nick-nhusb-base-20150921 nick-nhusb-base-20150606 nick-nhusb-base-20150406
|
#
1.16 |
|
02-Apr-2015 |
khorben |
Fix for PR kern/48109 (and its duplicate kern/49807)
As provided by Takahiro HAYASHI in PR kern/48109. Additional error registration in ipf(8) by myself. Changes tested with GENERIC and XEN3_DOM0. Thanks!
XXX pull-up netbsd-7
|
Revision tags: nick-nhusb-base netbsd-7-base tls-earlyentropy-base tls-maxphys-base
|
#
1.15 |
|
16-Jun-2014 |
christos |
branches: 1.15.2; 1.15.4; Darren Reed: #550 filter rule list corrupted with inserted rules
|
Revision tags: yamt-pagecache-base9 riastradh-xf86-video-intel-2-7-1-pre-2-21-15 rmind-smpnet-nbase rmind-smpnet-base
|
#
1.14 |
|
20-Mar-2014 |
christos |
branches: 1.14.2; kill sprintf
|
Revision tags: riastradh-drm2-base3
|
#
1.13 |
|
27-Nov-2013 |
christos |
CID 976267: NULL deref check
|
#
1.12 |
|
18-Sep-2013 |
rmind |
Add bpf_filter_ext() to use with BPF COP, restore bpf_filter() as it was originally to preserve compatibility. Similarly, add bpf_validate_ext() which takes bpf_ctx_t.
|
#
1.11 |
|
12-Sep-2013 |
martin |
Remove unused variable
|
#
1.10 |
|
30-Aug-2013 |
rmind |
bpf_filter: add a custom argument which can be passed to coprocessor routine.
|
#
1.9 |
|
29-Aug-2013 |
rmind |
Implement BPF_COP/BPF_COPX instructions in the misc category (BPF_MISC) which add a capability to call external functions in a predetermined way.
It can be thought as a BPF "coprocessor" -- a generic mechanism to offload more complex packet inspection operations. There is no default coprocessor and this functionality is not targeted to the /dev/bpf. This is primarily targeted to the kernel subsystems, therefore there is no way to set a custom coprocessor at the userlevel.
Discussed on: tech-net@ OK: core@
|
Revision tags: riastradh-drm2-base2 riastradh-drm2-base1 riastradh-drm2-base agc-symver-base yamt-pagecache-base8
|
#
1.8 |
|
09-Jan-2013 |
christos |
branches: 1.8.2; Back out my last change, which was a partial fix for hash code computation problems. Apply Darren's more complete reworking of hash code computation. Ensure that the struct containing the red-black tree head is properly initialized. From Geoff Adams
|
#
1.7 |
|
20-Dec-2012 |
christos |
- Replace the seemingly broken built-in ipf rbtree implementation with ours. - Fix typos in comments - Fix 2 mutex errors From Geoff Adams
|
Revision tags: yamt-pagecache-base7 yamt-pagecache-base6
|
#
1.6 |
|
09-Oct-2012 |
christos |
remove wrong ntohl (from Aran Clauson)
|
#
1.5 |
|
22-Jul-2012 |
darrenr |
branches: 1.5.2; ansify new function definition
|
#
1.4 |
|
22-Jul-2012 |
darrenr |
ansify new functio definitions
|
#
1.3 |
|
22-Jul-2012 |
darrenr |
Merge IPFilter 5.1.2 into HEAD
|
Revision tags: jmcneill-usbmp-base10 yamt-pagecache-base5 jmcneill-usbmp-base9 yamt-pagecache-base4 jmcneill-usbmp-base8
|
#
1.2 |
|
23-Mar-2012 |
christos |
branches: 1.2.2; 1.2.4; apply our changes. - prototypes - ip_h323_pxy.c is missing from the distribution - original tar distribution is missing <$>Id values in most files
|
#
1.1 |
|
23-Mar-2012 |
christos |
branches: 1.1.1; Initial revision
|
#
1.35 |
|
05-Dec-2021 |
msaitoh |
s/recusive/recursive/ in comment.
|
#
1.34 |
|
05-Dec-2021 |
msaitoh |
s/imples/implies/ in comment.
|
Revision tags: thorpej-i2c-spi-conf2-base thorpej-futex2-base thorpej-cfargs2-base cjep_sun2x-base1 cjep_sun2x-base cjep_staticlib_x-base1 cjep_staticlib_x-base thorpej-i2c-spi-conf-base thorpej-cfargs-base thorpej-futex-base bouyer-xenpvh-base2 phil-wifi-20200421 bouyer-xenpvh-base1 phil-wifi-20200411
|
#
1.33 |
|
09-Apr-2020 |
christos |
PR/55149: Kouichi Hashikawa: Get morefrag before we strip it out from off
|
Revision tags: bouyer-xenpvh-base phil-wifi-20200406
|
#
1.32 |
|
05-Apr-2020 |
christos |
branches: 1.32.2; PR/55137: Kouichi Hashikawa: ipfstat -f incorrect output Fix incorrect byte order.
|
Revision tags: is-mlppp-base ad-namecache-base3 ad-namecache-base2 ad-namecache-base1 ad-namecache-base phil-wifi-20191119
|
#
1.31 |
|
30-Sep-2019 |
bouyer |
Fix 2 bugs, reported by Edgar Fu� on tech-net@ - pfil_run_hooks() can be called recursively, so we have to #define FASTROUTE_RECURSION in fil.c - ip6_if_output()/nd6_output() will free the mbuf on error, to make sure to set *mpp to NULL so the caller won't try to free it again.
|
#
1.30 |
|
08-Aug-2019 |
christos |
PR/54443: Edgar Fu�: ip mistakenly regards UDP packet with checksum field 0xffff as bad
|
Revision tags: netbsd-9-base
|
#
1.29 |
|
28-Jun-2019 |
christos |
branches: 1.29.2; Revert previous and do the off == 1 case after we've taken the mask.
|
#
1.28 |
|
26-Jun-2019 |
christos |
Conform to RFC 3128 by dropping TCP fragments with offset = 1. In addition to dropping these fragments, add a DTrace probe to allow for more detailed monitoring and diagnosis if required. From FreeBSD r349399, reported vy Cy Schubert
|
#
1.27 |
|
26-Jun-2019 |
christos |
Remove fd_local, it is not used, from FreeBSD r349401, reported by Cy Schubert
|
#
1.26 |
|
26-Jun-2019 |
christos |
Remove redundant off != 0 check, from FreeBSD r349400, reported by Cy Schubert
|
Revision tags: phil-wifi-20190609 isaki-audio2-base
|
#
1.25 |
|
04-Feb-2019 |
mrg |
add fallthru comments.
|
Revision tags: pgoyette-compat-20190127 pgoyette-compat-20190118 pgoyette-compat-1226 pgoyette-compat-1126 pgoyette-compat-1020 pgoyette-compat-0930 pgoyette-compat-0906 pgoyette-compat-0728
|
#
1.24 |
|
11-Jul-2018 |
maxv |
Rename
ip_undefer_csum -> in_undefer_cksum in_delayed_cksum -> in_undefer_cksum_tcpudp
The two previous names were inconsistent and misleading.
Put the two functions into in_offload.c. Add comments to explain what we're doing.
The same could be done for IPv6.
|
Revision tags: phil-wifi-base pgoyette-compat-0625
|
#
1.23 |
|
03-Jun-2018 |
maxv |
branches: 1.23.2; Constify a bunch of global varialbes under ipf/ so that they land in .rodata (3472 bytes).
Also, remove ipf_tuneables[], unused.
|
Revision tags: pgoyette-compat-0521 pgoyette-compat-0502 pgoyette-compat-0422 pgoyette-compat-0415 pgoyette-compat-0407 pgoyette-compat-0330 pgoyette-compat-0322 pgoyette-compat-0315 pgoyette-compat-base
|
#
1.22 |
|
04-Feb-2018 |
mrg |
branches: 1.22.2; apply __attribute__((__used__)) for rcsid, etc.
|
Revision tags: tls-maxphys-base-20171202
|
#
1.21 |
|
05-Sep-2017 |
christos |
Revert changing the byte order of fi->fi_addr. It is already correct. From Timo Buhrmester XXX: pullup 8.
|
Revision tags: nick-nhusb-base-20170825 perseant-stdc-iso10646-base netbsd-8-base prg-localcount2-base3 prg-localcount2-base2 prg-localcount2-base1 prg-localcount2-base pgoyette-localcount-20170426
|
#
1.20 |
|
23-Apr-2017 |
christos |
branches: 1.20.4; Disconnect maintaining fragment state from keeping session state. The user now must specify keep frags along with keep state to have ipfilter do what it did before, as documented in ipf.conf.5. (Cy Schubert @ FreeBSD)
|
Revision tags: bouyer-socketcan-base1 jdolecek-ncq-base pgoyette-localcount-20170320 nick-nhusb-base-20170204 bouyer-socketcan-base pgoyette-localcount-20170107 nick-nhusb-base-20161204 pgoyette-localcount-20161104 nick-nhusb-base-20161004 localcount-20160914 pgoyette-localcount-20160806
|
#
1.19 |
|
05-Aug-2016 |
christos |
partial sync with FreeBSD
|
Revision tags: pgoyette-localcount-20160726 pgoyette-localcount-base nick-nhusb-base-20160907 nick-nhusb-base-20160529 nick-nhusb-base-20160422
|
#
1.18 |
|
04-Apr-2016 |
christos |
branches: 1.18.2; We don't need this in /current because packet processing does not happen in an interrupt anymore (pointed out by ozaki@)
|
#
1.17 |
|
03-Apr-2016 |
christos |
Comment out the mutex calls that protect against concurrent configuration changes and processing. This needs to be done differently since you can't sleep during interrupt processing.
|
Revision tags: nick-nhusb-base-20160319 nick-nhusb-base-20151226 nick-nhusb-base-20150921 nick-nhusb-base-20150606 nick-nhusb-base-20150406
|
#
1.16 |
|
02-Apr-2015 |
khorben |
Fix for PR kern/48109 (and its duplicate kern/49807)
As provided by Takahiro HAYASHI in PR kern/48109. Additional error registration in ipf(8) by myself. Changes tested with GENERIC and XEN3_DOM0. Thanks!
XXX pull-up netbsd-7
|
Revision tags: nick-nhusb-base netbsd-7-base tls-earlyentropy-base tls-maxphys-base
|
#
1.15 |
|
16-Jun-2014 |
christos |
branches: 1.15.2; 1.15.4; Darren Reed: #550 filter rule list corrupted with inserted rules
|
Revision tags: yamt-pagecache-base9 riastradh-xf86-video-intel-2-7-1-pre-2-21-15 rmind-smpnet-nbase rmind-smpnet-base
|
#
1.14 |
|
20-Mar-2014 |
christos |
branches: 1.14.2; kill sprintf
|
Revision tags: riastradh-drm2-base3
|
#
1.13 |
|
27-Nov-2013 |
christos |
CID 976267: NULL deref check
|
#
1.12 |
|
18-Sep-2013 |
rmind |
Add bpf_filter_ext() to use with BPF COP, restore bpf_filter() as it was originally to preserve compatibility. Similarly, add bpf_validate_ext() which takes bpf_ctx_t.
|
#
1.11 |
|
12-Sep-2013 |
martin |
Remove unused variable
|
#
1.10 |
|
30-Aug-2013 |
rmind |
bpf_filter: add a custom argument which can be passed to coprocessor routine.
|
#
1.9 |
|
29-Aug-2013 |
rmind |
Implement BPF_COP/BPF_COPX instructions in the misc category (BPF_MISC) which add a capability to call external functions in a predetermined way.
It can be thought as a BPF "coprocessor" -- a generic mechanism to offload more complex packet inspection operations. There is no default coprocessor and this functionality is not targeted to the /dev/bpf. This is primarily targeted to the kernel subsystems, therefore there is no way to set a custom coprocessor at the userlevel.
Discussed on: tech-net@ OK: core@
|
Revision tags: riastradh-drm2-base2 riastradh-drm2-base1 riastradh-drm2-base agc-symver-base yamt-pagecache-base8
|
#
1.8 |
|
09-Jan-2013 |
christos |
branches: 1.8.2; Back out my last change, which was a partial fix for hash code computation problems. Apply Darren's more complete reworking of hash code computation. Ensure that the struct containing the red-black tree head is properly initialized. From Geoff Adams
|
#
1.7 |
|
20-Dec-2012 |
christos |
- Replace the seemingly broken built-in ipf rbtree implementation with ours. - Fix typos in comments - Fix 2 mutex errors From Geoff Adams
|
Revision tags: yamt-pagecache-base7 yamt-pagecache-base6
|
#
1.6 |
|
09-Oct-2012 |
christos |
remove wrong ntohl (from Aran Clauson)
|
#
1.5 |
|
22-Jul-2012 |
darrenr |
branches: 1.5.2; ansify new function definition
|
#
1.4 |
|
22-Jul-2012 |
darrenr |
ansify new functio definitions
|
#
1.3 |
|
22-Jul-2012 |
darrenr |
Merge IPFilter 5.1.2 into HEAD
|
Revision tags: jmcneill-usbmp-base10 yamt-pagecache-base5 jmcneill-usbmp-base9 yamt-pagecache-base4 jmcneill-usbmp-base8
|
#
1.2 |
|
23-Mar-2012 |
christos |
branches: 1.2.2; 1.2.4; apply our changes. - prototypes - ip_h323_pxy.c is missing from the distribution - original tar distribution is missing <$>Id values in most files
|
#
1.1 |
|
23-Mar-2012 |
christos |
branches: 1.1.1; Initial revision
|
#
1.33 |
|
09-Apr-2020 |
christos |
PR/55149: Kouichi Hashikawa: Get morefrag before we strip it out from off
|
Revision tags: bouyer-xenpvh-base phil-wifi-20200406
|
#
1.32 |
|
05-Apr-2020 |
christos |
PR/55137: Kouichi Hashikawa: ipfstat -f incorrect output Fix incorrect byte order.
|
Revision tags: is-mlppp-base ad-namecache-base3 ad-namecache-base2 ad-namecache-base1 ad-namecache-base phil-wifi-20191119
|
#
1.31 |
|
30-Sep-2019 |
bouyer |
Fix 2 bugs, reported by Edgar Fu� on tech-net@ - pfil_run_hooks() can be called recursively, so we have to #define FASTROUTE_RECURSION in fil.c - ip6_if_output()/nd6_output() will free the mbuf on error, to make sure to set *mpp to NULL so the caller won't try to free it again.
|
#
1.30 |
|
08-Aug-2019 |
christos |
PR/54443: Edgar Fu�: ip mistakenly regards UDP packet with checksum field 0xffff as bad
|
Revision tags: netbsd-9-base
|
#
1.29 |
|
28-Jun-2019 |
christos |
branches: 1.29.2; Revert previous and do the off == 1 case after we've taken the mask.
|
#
1.28 |
|
26-Jun-2019 |
christos |
Conform to RFC 3128 by dropping TCP fragments with offset = 1. In addition to dropping these fragments, add a DTrace probe to allow for more detailed monitoring and diagnosis if required. From FreeBSD r349399, reported vy Cy Schubert
|
#
1.27 |
|
26-Jun-2019 |
christos |
Remove fd_local, it is not used, from FreeBSD r349401, reported by Cy Schubert
|
#
1.26 |
|
26-Jun-2019 |
christos |
Remove redundant off != 0 check, from FreeBSD r349400, reported by Cy Schubert
|
Revision tags: phil-wifi-20190609 isaki-audio2-base
|
#
1.25 |
|
04-Feb-2019 |
mrg |
add fallthru comments.
|
Revision tags: pgoyette-compat-20190127 pgoyette-compat-20190118 pgoyette-compat-1226 pgoyette-compat-1126 pgoyette-compat-1020 pgoyette-compat-0930 pgoyette-compat-0906 pgoyette-compat-0728
|
#
1.24 |
|
11-Jul-2018 |
maxv |
Rename
ip_undefer_csum -> in_undefer_cksum in_delayed_cksum -> in_undefer_cksum_tcpudp
The two previous names were inconsistent and misleading.
Put the two functions into in_offload.c. Add comments to explain what we're doing.
The same could be done for IPv6.
|
Revision tags: phil-wifi-base pgoyette-compat-0625
|
#
1.23 |
|
03-Jun-2018 |
maxv |
branches: 1.23.2; Constify a bunch of global varialbes under ipf/ so that they land in .rodata (3472 bytes).
Also, remove ipf_tuneables[], unused.
|
Revision tags: pgoyette-compat-0521 pgoyette-compat-0502 pgoyette-compat-0422 pgoyette-compat-0415 pgoyette-compat-0407 pgoyette-compat-0330 pgoyette-compat-0322 pgoyette-compat-0315 pgoyette-compat-base
|
#
1.22 |
|
04-Feb-2018 |
mrg |
branches: 1.22.2; apply __attribute__((__used__)) for rcsid, etc.
|
Revision tags: tls-maxphys-base-20171202
|
#
1.21 |
|
05-Sep-2017 |
christos |
Revert changing the byte order of fi->fi_addr. It is already correct. From Timo Buhrmester XXX: pullup 8.
|
Revision tags: nick-nhusb-base-20170825 perseant-stdc-iso10646-base netbsd-8-base prg-localcount2-base3 prg-localcount2-base2 prg-localcount2-base1 prg-localcount2-base pgoyette-localcount-20170426
|
#
1.20 |
|
23-Apr-2017 |
christos |
branches: 1.20.4; Disconnect maintaining fragment state from keeping session state. The user now must specify keep frags along with keep state to have ipfilter do what it did before, as documented in ipf.conf.5. (Cy Schubert @ FreeBSD)
|
Revision tags: bouyer-socketcan-base1 jdolecek-ncq-base pgoyette-localcount-20170320 nick-nhusb-base-20170204 bouyer-socketcan-base pgoyette-localcount-20170107 nick-nhusb-base-20161204 pgoyette-localcount-20161104 nick-nhusb-base-20161004 localcount-20160914 pgoyette-localcount-20160806
|
#
1.19 |
|
05-Aug-2016 |
christos |
partial sync with FreeBSD
|
Revision tags: pgoyette-localcount-20160726 pgoyette-localcount-base nick-nhusb-base-20160907 nick-nhusb-base-20160529 nick-nhusb-base-20160422
|
#
1.18 |
|
04-Apr-2016 |
christos |
branches: 1.18.2; We don't need this in /current because packet processing does not happen in an interrupt anymore (pointed out by ozaki@)
|
#
1.17 |
|
03-Apr-2016 |
christos |
Comment out the mutex calls that protect against concurrent configuration changes and processing. This needs to be done differently since you can't sleep during interrupt processing.
|
Revision tags: nick-nhusb-base-20160319 nick-nhusb-base-20151226 nick-nhusb-base-20150921 nick-nhusb-base-20150606 nick-nhusb-base-20150406
|
#
1.16 |
|
02-Apr-2015 |
khorben |
Fix for PR kern/48109 (and its duplicate kern/49807)
As provided by Takahiro HAYASHI in PR kern/48109. Additional error registration in ipf(8) by myself. Changes tested with GENERIC and XEN3_DOM0. Thanks!
XXX pull-up netbsd-7
|
Revision tags: nick-nhusb-base netbsd-7-base tls-earlyentropy-base tls-maxphys-base
|
#
1.15 |
|
16-Jun-2014 |
christos |
branches: 1.15.2; 1.15.4; Darren Reed: #550 filter rule list corrupted with inserted rules
|
Revision tags: yamt-pagecache-base9 riastradh-xf86-video-intel-2-7-1-pre-2-21-15 rmind-smpnet-nbase rmind-smpnet-base
|
#
1.14 |
|
20-Mar-2014 |
christos |
branches: 1.14.2; kill sprintf
|
Revision tags: riastradh-drm2-base3
|
#
1.13 |
|
27-Nov-2013 |
christos |
CID 976267: NULL deref check
|
#
1.12 |
|
18-Sep-2013 |
rmind |
Add bpf_filter_ext() to use with BPF COP, restore bpf_filter() as it was originally to preserve compatibility. Similarly, add bpf_validate_ext() which takes bpf_ctx_t.
|
#
1.11 |
|
12-Sep-2013 |
martin |
Remove unused variable
|
#
1.10 |
|
30-Aug-2013 |
rmind |
bpf_filter: add a custom argument which can be passed to coprocessor routine.
|
#
1.9 |
|
29-Aug-2013 |
rmind |
Implement BPF_COP/BPF_COPX instructions in the misc category (BPF_MISC) which add a capability to call external functions in a predetermined way.
It can be thought as a BPF "coprocessor" -- a generic mechanism to offload more complex packet inspection operations. There is no default coprocessor and this functionality is not targeted to the /dev/bpf. This is primarily targeted to the kernel subsystems, therefore there is no way to set a custom coprocessor at the userlevel.
Discussed on: tech-net@ OK: core@
|
Revision tags: riastradh-drm2-base2 riastradh-drm2-base1 riastradh-drm2-base agc-symver-base yamt-pagecache-base8
|
#
1.8 |
|
09-Jan-2013 |
christos |
branches: 1.8.2; Back out my last change, which was a partial fix for hash code computation problems. Apply Darren's more complete reworking of hash code computation. Ensure that the struct containing the red-black tree head is properly initialized. From Geoff Adams
|
#
1.7 |
|
20-Dec-2012 |
christos |
- Replace the seemingly broken built-in ipf rbtree implementation with ours. - Fix typos in comments - Fix 2 mutex errors From Geoff Adams
|
Revision tags: yamt-pagecache-base7 yamt-pagecache-base6
|
#
1.6 |
|
09-Oct-2012 |
christos |
remove wrong ntohl (from Aran Clauson)
|
#
1.5 |
|
22-Jul-2012 |
darrenr |
branches: 1.5.2; ansify new function definition
|
#
1.4 |
|
22-Jul-2012 |
darrenr |
ansify new functio definitions
|
#
1.3 |
|
22-Jul-2012 |
darrenr |
Merge IPFilter 5.1.2 into HEAD
|
Revision tags: jmcneill-usbmp-base10 yamt-pagecache-base5 jmcneill-usbmp-base9 yamt-pagecache-base4 jmcneill-usbmp-base8
|
#
1.2 |
|
23-Mar-2012 |
christos |
branches: 1.2.2; 1.2.4; apply our changes. - prototypes - ip_h323_pxy.c is missing from the distribution - original tar distribution is missing <$>Id values in most files
|
#
1.1 |
|
23-Mar-2012 |
christos |
branches: 1.1.1; Initial revision
|
#
1.32 |
|
05-Apr-2020 |
christos |
PR/55137: Kouichi Hashikawa: ipfstat -f incorrect output Fix incorrect byte order.
|
Revision tags: ad-namecache-base3 ad-namecache-base2 ad-namecache-base1 ad-namecache-base phil-wifi-20191119
|
#
1.31 |
|
30-Sep-2019 |
bouyer |
Fix 2 bugs, reported by Edgar Fu� on tech-net@ - pfil_run_hooks() can be called recursively, so we have to #define FASTROUTE_RECURSION in fil.c - ip6_if_output()/nd6_output() will free the mbuf on error, to make sure to set *mpp to NULL so the caller won't try to free it again.
|
#
1.30 |
|
08-Aug-2019 |
christos |
PR/54443: Edgar Fu�: ip mistakenly regards UDP packet with checksum field 0xffff as bad
|
Revision tags: netbsd-9-base
|
#
1.29 |
|
28-Jun-2019 |
christos |
branches: 1.29.2; Revert previous and do the off == 1 case after we've taken the mask.
|
#
1.28 |
|
26-Jun-2019 |
christos |
Conform to RFC 3128 by dropping TCP fragments with offset = 1. In addition to dropping these fragments, add a DTrace probe to allow for more detailed monitoring and diagnosis if required. From FreeBSD r349399, reported vy Cy Schubert
|
#
1.27 |
|
26-Jun-2019 |
christos |
Remove fd_local, it is not used, from FreeBSD r349401, reported by Cy Schubert
|
#
1.26 |
|
26-Jun-2019 |
christos |
Remove redundant off != 0 check, from FreeBSD r349400, reported by Cy Schubert
|
Revision tags: phil-wifi-20190609 isaki-audio2-base
|
#
1.25 |
|
04-Feb-2019 |
mrg |
add fallthru comments.
|
Revision tags: pgoyette-compat-20190127 pgoyette-compat-20190118 pgoyette-compat-1226 pgoyette-compat-1126 pgoyette-compat-1020 pgoyette-compat-0930 pgoyette-compat-0906 pgoyette-compat-0728
|
#
1.24 |
|
11-Jul-2018 |
maxv |
Rename
ip_undefer_csum -> in_undefer_cksum in_delayed_cksum -> in_undefer_cksum_tcpudp
The two previous names were inconsistent and misleading.
Put the two functions into in_offload.c. Add comments to explain what we're doing.
The same could be done for IPv6.
|
Revision tags: phil-wifi-base pgoyette-compat-0625
|
#
1.23 |
|
03-Jun-2018 |
maxv |
branches: 1.23.2; Constify a bunch of global varialbes under ipf/ so that they land in .rodata (3472 bytes).
Also, remove ipf_tuneables[], unused.
|
Revision tags: pgoyette-compat-0521 pgoyette-compat-0502 pgoyette-compat-0422 pgoyette-compat-0415 pgoyette-compat-0407 pgoyette-compat-0330 pgoyette-compat-0322 pgoyette-compat-0315 pgoyette-compat-base
|
#
1.22 |
|
04-Feb-2018 |
mrg |
branches: 1.22.2; apply __attribute__((__used__)) for rcsid, etc.
|
Revision tags: tls-maxphys-base-20171202
|
#
1.21 |
|
05-Sep-2017 |
christos |
Revert changing the byte order of fi->fi_addr. It is already correct. From Timo Buhrmester XXX: pullup 8.
|
Revision tags: nick-nhusb-base-20170825 perseant-stdc-iso10646-base netbsd-8-base prg-localcount2-base3 prg-localcount2-base2 prg-localcount2-base1 prg-localcount2-base pgoyette-localcount-20170426
|
#
1.20 |
|
23-Apr-2017 |
christos |
branches: 1.20.4; Disconnect maintaining fragment state from keeping session state. The user now must specify keep frags along with keep state to have ipfilter do what it did before, as documented in ipf.conf.5. (Cy Schubert @ FreeBSD)
|
Revision tags: bouyer-socketcan-base1 jdolecek-ncq-base pgoyette-localcount-20170320 nick-nhusb-base-20170204 bouyer-socketcan-base pgoyette-localcount-20170107 nick-nhusb-base-20161204 pgoyette-localcount-20161104 nick-nhusb-base-20161004 localcount-20160914 pgoyette-localcount-20160806
|
#
1.19 |
|
05-Aug-2016 |
christos |
partial sync with FreeBSD
|
Revision tags: pgoyette-localcount-20160726 pgoyette-localcount-base nick-nhusb-base-20160907 nick-nhusb-base-20160529 nick-nhusb-base-20160422
|
#
1.18 |
|
04-Apr-2016 |
christos |
branches: 1.18.2; We don't need this in /current because packet processing does not happen in an interrupt anymore (pointed out by ozaki@)
|
#
1.17 |
|
03-Apr-2016 |
christos |
Comment out the mutex calls that protect against concurrent configuration changes and processing. This needs to be done differently since you can't sleep during interrupt processing.
|
Revision tags: nick-nhusb-base-20160319 nick-nhusb-base-20151226 nick-nhusb-base-20150921 nick-nhusb-base-20150606 nick-nhusb-base-20150406
|
#
1.16 |
|
02-Apr-2015 |
khorben |
Fix for PR kern/48109 (and its duplicate kern/49807)
As provided by Takahiro HAYASHI in PR kern/48109. Additional error registration in ipf(8) by myself. Changes tested with GENERIC and XEN3_DOM0. Thanks!
XXX pull-up netbsd-7
|
Revision tags: nick-nhusb-base netbsd-7-base tls-earlyentropy-base tls-maxphys-base
|
#
1.15 |
|
16-Jun-2014 |
christos |
branches: 1.15.2; 1.15.4; Darren Reed: #550 filter rule list corrupted with inserted rules
|
Revision tags: yamt-pagecache-base9 riastradh-xf86-video-intel-2-7-1-pre-2-21-15 rmind-smpnet-nbase rmind-smpnet-base
|
#
1.14 |
|
20-Mar-2014 |
christos |
branches: 1.14.2; kill sprintf
|
Revision tags: riastradh-drm2-base3
|
#
1.13 |
|
27-Nov-2013 |
christos |
CID 976267: NULL deref check
|
#
1.12 |
|
18-Sep-2013 |
rmind |
Add bpf_filter_ext() to use with BPF COP, restore bpf_filter() as it was originally to preserve compatibility. Similarly, add bpf_validate_ext() which takes bpf_ctx_t.
|
#
1.11 |
|
12-Sep-2013 |
martin |
Remove unused variable
|
#
1.10 |
|
30-Aug-2013 |
rmind |
bpf_filter: add a custom argument which can be passed to coprocessor routine.
|
#
1.9 |
|
29-Aug-2013 |
rmind |
Implement BPF_COP/BPF_COPX instructions in the misc category (BPF_MISC) which add a capability to call external functions in a predetermined way.
It can be thought as a BPF "coprocessor" -- a generic mechanism to offload more complex packet inspection operations. There is no default coprocessor and this functionality is not targeted to the /dev/bpf. This is primarily targeted to the kernel subsystems, therefore there is no way to set a custom coprocessor at the userlevel.
Discussed on: tech-net@ OK: core@
|
Revision tags: riastradh-drm2-base2 riastradh-drm2-base1 riastradh-drm2-base agc-symver-base yamt-pagecache-base8
|
#
1.8 |
|
09-Jan-2013 |
christos |
branches: 1.8.2; Back out my last change, which was a partial fix for hash code computation problems. Apply Darren's more complete reworking of hash code computation. Ensure that the struct containing the red-black tree head is properly initialized. From Geoff Adams
|
#
1.7 |
|
20-Dec-2012 |
christos |
- Replace the seemingly broken built-in ipf rbtree implementation with ours. - Fix typos in comments - Fix 2 mutex errors From Geoff Adams
|
Revision tags: yamt-pagecache-base7 yamt-pagecache-base6
|
#
1.6 |
|
09-Oct-2012 |
christos |
remove wrong ntohl (from Aran Clauson)
|
#
1.5 |
|
22-Jul-2012 |
darrenr |
branches: 1.5.2; ansify new function definition
|
#
1.4 |
|
22-Jul-2012 |
darrenr |
ansify new functio definitions
|
#
1.3 |
|
22-Jul-2012 |
darrenr |
Merge IPFilter 5.1.2 into HEAD
|
Revision tags: jmcneill-usbmp-base10 yamt-pagecache-base5 jmcneill-usbmp-base9 yamt-pagecache-base4 jmcneill-usbmp-base8
|
#
1.2 |
|
23-Mar-2012 |
christos |
branches: 1.2.2; 1.2.4; apply our changes. - prototypes - ip_h323_pxy.c is missing from the distribution - original tar distribution is missing <$>Id values in most files
|
#
1.1 |
|
23-Mar-2012 |
christos |
branches: 1.1.1; Initial revision
|
#
1.31 |
|
30-Sep-2019 |
bouyer |
Fix 2 bugs, reported by Edgar Fu� on tech-net@ - pfil_run_hooks() can be called recursively, so we have to #define FASTROUTE_RECURSION in fil.c - ip6_if_output()/nd6_output() will free the mbuf on error, to make sure to set *mpp to NULL so the caller won't try to free it again.
|
#
1.30 |
|
08-Aug-2019 |
christos |
PR/54443: Edgar Fu�: ip mistakenly regards UDP packet with checksum field 0xffff as bad
|
Revision tags: netbsd-9-base
|
#
1.29 |
|
28-Jun-2019 |
christos |
branches: 1.29.2; Revert previous and do the off == 1 case after we've taken the mask.
|
#
1.28 |
|
26-Jun-2019 |
christos |
Conform to RFC 3128 by dropping TCP fragments with offset = 1. In addition to dropping these fragments, add a DTrace probe to allow for more detailed monitoring and diagnosis if required. From FreeBSD r349399, reported vy Cy Schubert
|
#
1.27 |
|
26-Jun-2019 |
christos |
Remove fd_local, it is not used, from FreeBSD r349401, reported by Cy Schubert
|
#
1.26 |
|
26-Jun-2019 |
christos |
Remove redundant off != 0 check, from FreeBSD r349400, reported by Cy Schubert
|
Revision tags: phil-wifi-20190609 isaki-audio2-base
|
#
1.25 |
|
04-Feb-2019 |
mrg |
add fallthru comments.
|
Revision tags: pgoyette-compat-20190127 pgoyette-compat-20190118 pgoyette-compat-1226 pgoyette-compat-1126 pgoyette-compat-1020 pgoyette-compat-0930 pgoyette-compat-0906 pgoyette-compat-0728
|
#
1.24 |
|
11-Jul-2018 |
maxv |
Rename
ip_undefer_csum -> in_undefer_cksum in_delayed_cksum -> in_undefer_cksum_tcpudp
The two previous names were inconsistent and misleading.
Put the two functions into in_offload.c. Add comments to explain what we're doing.
The same could be done for IPv6.
|
Revision tags: phil-wifi-base pgoyette-compat-0625
|
#
1.23 |
|
03-Jun-2018 |
maxv |
branches: 1.23.2; Constify a bunch of global varialbes under ipf/ so that they land in .rodata (3472 bytes).
Also, remove ipf_tuneables[], unused.
|
Revision tags: pgoyette-compat-0521 pgoyette-compat-0502 pgoyette-compat-0422 pgoyette-compat-0415 pgoyette-compat-0407 pgoyette-compat-0330 pgoyette-compat-0322 pgoyette-compat-0315 pgoyette-compat-base
|
#
1.22 |
|
04-Feb-2018 |
mrg |
branches: 1.22.2; apply __attribute__((__used__)) for rcsid, etc.
|
Revision tags: tls-maxphys-base-20171202
|
#
1.21 |
|
05-Sep-2017 |
christos |
Revert changing the byte order of fi->fi_addr. It is already correct. From Timo Buhrmester XXX: pullup 8.
|
Revision tags: nick-nhusb-base-20170825 perseant-stdc-iso10646-base netbsd-8-base prg-localcount2-base3 prg-localcount2-base2 prg-localcount2-base1 prg-localcount2-base pgoyette-localcount-20170426
|
#
1.20 |
|
23-Apr-2017 |
christos |
branches: 1.20.4; Disconnect maintaining fragment state from keeping session state. The user now must specify keep frags along with keep state to have ipfilter do what it did before, as documented in ipf.conf.5. (Cy Schubert @ FreeBSD)
|
Revision tags: bouyer-socketcan-base1 jdolecek-ncq-base pgoyette-localcount-20170320 nick-nhusb-base-20170204 bouyer-socketcan-base pgoyette-localcount-20170107 nick-nhusb-base-20161204 pgoyette-localcount-20161104 nick-nhusb-base-20161004 localcount-20160914 pgoyette-localcount-20160806
|
#
1.19 |
|
05-Aug-2016 |
christos |
partial sync with FreeBSD
|
Revision tags: pgoyette-localcount-20160726 pgoyette-localcount-base nick-nhusb-base-20160907 nick-nhusb-base-20160529 nick-nhusb-base-20160422
|
#
1.18 |
|
04-Apr-2016 |
christos |
branches: 1.18.2; We don't need this in /current because packet processing does not happen in an interrupt anymore (pointed out by ozaki@)
|
#
1.17 |
|
03-Apr-2016 |
christos |
Comment out the mutex calls that protect against concurrent configuration changes and processing. This needs to be done differently since you can't sleep during interrupt processing.
|
Revision tags: nick-nhusb-base-20160319 nick-nhusb-base-20151226 nick-nhusb-base-20150921 nick-nhusb-base-20150606 nick-nhusb-base-20150406
|
#
1.16 |
|
02-Apr-2015 |
khorben |
Fix for PR kern/48109 (and its duplicate kern/49807)
As provided by Takahiro HAYASHI in PR kern/48109. Additional error registration in ipf(8) by myself. Changes tested with GENERIC and XEN3_DOM0. Thanks!
XXX pull-up netbsd-7
|
Revision tags: nick-nhusb-base netbsd-7-base tls-earlyentropy-base tls-maxphys-base
|
#
1.15 |
|
16-Jun-2014 |
christos |
branches: 1.15.2; 1.15.4; Darren Reed: #550 filter rule list corrupted with inserted rules
|
Revision tags: yamt-pagecache-base9 riastradh-xf86-video-intel-2-7-1-pre-2-21-15 rmind-smpnet-nbase rmind-smpnet-base
|
#
1.14 |
|
20-Mar-2014 |
christos |
branches: 1.14.2; kill sprintf
|
Revision tags: riastradh-drm2-base3
|
#
1.13 |
|
27-Nov-2013 |
christos |
CID 976267: NULL deref check
|
#
1.12 |
|
18-Sep-2013 |
rmind |
Add bpf_filter_ext() to use with BPF COP, restore bpf_filter() as it was originally to preserve compatibility. Similarly, add bpf_validate_ext() which takes bpf_ctx_t.
|
#
1.11 |
|
12-Sep-2013 |
martin |
Remove unused variable
|
#
1.10 |
|
30-Aug-2013 |
rmind |
bpf_filter: add a custom argument which can be passed to coprocessor routine.
|
#
1.9 |
|
29-Aug-2013 |
rmind |
Implement BPF_COP/BPF_COPX instructions in the misc category (BPF_MISC) which add a capability to call external functions in a predetermined way.
It can be thought as a BPF "coprocessor" -- a generic mechanism to offload more complex packet inspection operations. There is no default coprocessor and this functionality is not targeted to the /dev/bpf. This is primarily targeted to the kernel subsystems, therefore there is no way to set a custom coprocessor at the userlevel.
Discussed on: tech-net@ OK: core@
|
Revision tags: riastradh-drm2-base2 riastradh-drm2-base1 riastradh-drm2-base agc-symver-base yamt-pagecache-base8
|
#
1.8 |
|
09-Jan-2013 |
christos |
branches: 1.8.2; Back out my last change, which was a partial fix for hash code computation problems. Apply Darren's more complete reworking of hash code computation. Ensure that the struct containing the red-black tree head is properly initialized. From Geoff Adams
|
#
1.7 |
|
20-Dec-2012 |
christos |
- Replace the seemingly broken built-in ipf rbtree implementation with ours. - Fix typos in comments - Fix 2 mutex errors From Geoff Adams
|
Revision tags: yamt-pagecache-base7 yamt-pagecache-base6
|
#
1.6 |
|
09-Oct-2012 |
christos |
remove wrong ntohl (from Aran Clauson)
|
#
1.5 |
|
22-Jul-2012 |
darrenr |
branches: 1.5.2; ansify new function definition
|
#
1.4 |
|
22-Jul-2012 |
darrenr |
ansify new functio definitions
|
#
1.3 |
|
22-Jul-2012 |
darrenr |
Merge IPFilter 5.1.2 into HEAD
|
Revision tags: jmcneill-usbmp-base10 yamt-pagecache-base5 jmcneill-usbmp-base9 yamt-pagecache-base4 jmcneill-usbmp-base8
|
#
1.2 |
|
23-Mar-2012 |
christos |
branches: 1.2.2; 1.2.4; apply our changes. - prototypes - ip_h323_pxy.c is missing from the distribution - original tar distribution is missing <$>Id values in most files
|
#
1.1 |
|
23-Mar-2012 |
christos |
branches: 1.1.1; Initial revision
|
#
1.30 |
|
08-Aug-2019 |
christos |
PR/54443: Edgar Fu�: ip mistakenly regards UDP packet with checksum field 0xffff as bad
|
Revision tags: netbsd-9-base
|
#
1.29 |
|
28-Jun-2019 |
christos |
branches: 1.29.2; Revert previous and do the off == 1 case after we've taken the mask.
|
#
1.28 |
|
26-Jun-2019 |
christos |
Conform to RFC 3128 by dropping TCP fragments with offset = 1. In addition to dropping these fragments, add a DTrace probe to allow for more detailed monitoring and diagnosis if required. From FreeBSD r349399, reported vy Cy Schubert
|
#
1.27 |
|
26-Jun-2019 |
christos |
Remove fd_local, it is not used, from FreeBSD r349401, reported by Cy Schubert
|
#
1.26 |
|
26-Jun-2019 |
christos |
Remove redundant off != 0 check, from FreeBSD r349400, reported by Cy Schubert
|
Revision tags: phil-wifi-20190609 isaki-audio2-base
|
#
1.25 |
|
04-Feb-2019 |
mrg |
add fallthru comments.
|
Revision tags: pgoyette-compat-20190127 pgoyette-compat-20190118 pgoyette-compat-1226 pgoyette-compat-1126 pgoyette-compat-1020 pgoyette-compat-0930 pgoyette-compat-0906 pgoyette-compat-0728
|
#
1.24 |
|
11-Jul-2018 |
maxv |
Rename
ip_undefer_csum -> in_undefer_cksum in_delayed_cksum -> in_undefer_cksum_tcpudp
The two previous names were inconsistent and misleading.
Put the two functions into in_offload.c. Add comments to explain what we're doing.
The same could be done for IPv6.
|
Revision tags: phil-wifi-base pgoyette-compat-0625
|
#
1.23 |
|
03-Jun-2018 |
maxv |
branches: 1.23.2; Constify a bunch of global varialbes under ipf/ so that they land in .rodata (3472 bytes).
Also, remove ipf_tuneables[], unused.
|
Revision tags: pgoyette-compat-0521 pgoyette-compat-0502 pgoyette-compat-0422 pgoyette-compat-0415 pgoyette-compat-0407 pgoyette-compat-0330 pgoyette-compat-0322 pgoyette-compat-0315 pgoyette-compat-base
|
#
1.22 |
|
04-Feb-2018 |
mrg |
branches: 1.22.2; apply __attribute__((__used__)) for rcsid, etc.
|
Revision tags: tls-maxphys-base-20171202
|
#
1.21 |
|
05-Sep-2017 |
christos |
Revert changing the byte order of fi->fi_addr. It is already correct. From Timo Buhrmester XXX: pullup 8.
|
Revision tags: nick-nhusb-base-20170825 perseant-stdc-iso10646-base netbsd-8-base prg-localcount2-base3 prg-localcount2-base2 prg-localcount2-base1 prg-localcount2-base pgoyette-localcount-20170426
|
#
1.20 |
|
23-Apr-2017 |
christos |
branches: 1.20.4; Disconnect maintaining fragment state from keeping session state. The user now must specify keep frags along with keep state to have ipfilter do what it did before, as documented in ipf.conf.5. (Cy Schubert @ FreeBSD)
|
Revision tags: bouyer-socketcan-base1 jdolecek-ncq-base pgoyette-localcount-20170320 nick-nhusb-base-20170204 bouyer-socketcan-base pgoyette-localcount-20170107 nick-nhusb-base-20161204 pgoyette-localcount-20161104 nick-nhusb-base-20161004 localcount-20160914 pgoyette-localcount-20160806
|
#
1.19 |
|
05-Aug-2016 |
christos |
partial sync with FreeBSD
|
Revision tags: pgoyette-localcount-20160726 pgoyette-localcount-base nick-nhusb-base-20160907 nick-nhusb-base-20160529 nick-nhusb-base-20160422
|
#
1.18 |
|
04-Apr-2016 |
christos |
branches: 1.18.2; We don't need this in /current because packet processing does not happen in an interrupt anymore (pointed out by ozaki@)
|
#
1.17 |
|
03-Apr-2016 |
christos |
Comment out the mutex calls that protect against concurrent configuration changes and processing. This needs to be done differently since you can't sleep during interrupt processing.
|
Revision tags: nick-nhusb-base-20160319 nick-nhusb-base-20151226 nick-nhusb-base-20150921 nick-nhusb-base-20150606 nick-nhusb-base-20150406
|
#
1.16 |
|
02-Apr-2015 |
khorben |
Fix for PR kern/48109 (and its duplicate kern/49807)
As provided by Takahiro HAYASHI in PR kern/48109. Additional error registration in ipf(8) by myself. Changes tested with GENERIC and XEN3_DOM0. Thanks!
XXX pull-up netbsd-7
|
Revision tags: nick-nhusb-base netbsd-7-base tls-earlyentropy-base tls-maxphys-base
|
#
1.15 |
|
16-Jun-2014 |
christos |
branches: 1.15.2; 1.15.4; Darren Reed: #550 filter rule list corrupted with inserted rules
|
Revision tags: yamt-pagecache-base9 riastradh-xf86-video-intel-2-7-1-pre-2-21-15 rmind-smpnet-nbase rmind-smpnet-base
|
#
1.14 |
|
20-Mar-2014 |
christos |
branches: 1.14.2; kill sprintf
|
Revision tags: riastradh-drm2-base3
|
#
1.13 |
|
27-Nov-2013 |
christos |
CID 976267: NULL deref check
|
#
1.12 |
|
18-Sep-2013 |
rmind |
Add bpf_filter_ext() to use with BPF COP, restore bpf_filter() as it was originally to preserve compatibility. Similarly, add bpf_validate_ext() which takes bpf_ctx_t.
|
#
1.11 |
|
12-Sep-2013 |
martin |
Remove unused variable
|
#
1.10 |
|
30-Aug-2013 |
rmind |
bpf_filter: add a custom argument which can be passed to coprocessor routine.
|
#
1.9 |
|
29-Aug-2013 |
rmind |
Implement BPF_COP/BPF_COPX instructions in the misc category (BPF_MISC) which add a capability to call external functions in a predetermined way.
It can be thought as a BPF "coprocessor" -- a generic mechanism to offload more complex packet inspection operations. There is no default coprocessor and this functionality is not targeted to the /dev/bpf. This is primarily targeted to the kernel subsystems, therefore there is no way to set a custom coprocessor at the userlevel.
Discussed on: tech-net@ OK: core@
|
Revision tags: riastradh-drm2-base2 riastradh-drm2-base1 riastradh-drm2-base agc-symver-base yamt-pagecache-base8
|
#
1.8 |
|
09-Jan-2013 |
christos |
branches: 1.8.2; Back out my last change, which was a partial fix for hash code computation problems. Apply Darren's more complete reworking of hash code computation. Ensure that the struct containing the red-black tree head is properly initialized. From Geoff Adams
|
#
1.7 |
|
20-Dec-2012 |
christos |
- Replace the seemingly broken built-in ipf rbtree implementation with ours. - Fix typos in comments - Fix 2 mutex errors From Geoff Adams
|
Revision tags: yamt-pagecache-base7 yamt-pagecache-base6
|
#
1.6 |
|
09-Oct-2012 |
christos |
remove wrong ntohl (from Aran Clauson)
|
#
1.5 |
|
22-Jul-2012 |
darrenr |
branches: 1.5.2; ansify new function definition
|
#
1.4 |
|
22-Jul-2012 |
darrenr |
ansify new functio definitions
|
#
1.3 |
|
22-Jul-2012 |
darrenr |
Merge IPFilter 5.1.2 into HEAD
|
Revision tags: jmcneill-usbmp-base10 yamt-pagecache-base5 jmcneill-usbmp-base9 yamt-pagecache-base4 jmcneill-usbmp-base8
|
#
1.2 |
|
23-Mar-2012 |
christos |
branches: 1.2.2; 1.2.4; apply our changes. - prototypes - ip_h323_pxy.c is missing from the distribution - original tar distribution is missing <$>Id values in most files
|
#
1.1 |
|
23-Mar-2012 |
christos |
branches: 1.1.1; Initial revision
|
#
1.29 |
|
28-Jun-2019 |
christos |
Revert previous and do the off == 1 case after we've taken the mask.
|
#
1.28 |
|
26-Jun-2019 |
christos |
Conform to RFC 3128 by dropping TCP fragments with offset = 1. In addition to dropping these fragments, add a DTrace probe to allow for more detailed monitoring and diagnosis if required. From FreeBSD r349399, reported vy Cy Schubert
|
#
1.27 |
|
26-Jun-2019 |
christos |
Remove fd_local, it is not used, from FreeBSD r349401, reported by Cy Schubert
|
#
1.26 |
|
26-Jun-2019 |
christos |
Remove redundant off != 0 check, from FreeBSD r349400, reported by Cy Schubert
|
Revision tags: phil-wifi-20190609 isaki-audio2-base
|
#
1.25 |
|
04-Feb-2019 |
mrg |
add fallthru comments.
|
Revision tags: pgoyette-compat-20190127 pgoyette-compat-20190118 pgoyette-compat-1226 pgoyette-compat-1126 pgoyette-compat-1020 pgoyette-compat-0930 pgoyette-compat-0906 pgoyette-compat-0728
|
#
1.24 |
|
11-Jul-2018 |
maxv |
Rename
ip_undefer_csum -> in_undefer_cksum in_delayed_cksum -> in_undefer_cksum_tcpudp
The two previous names were inconsistent and misleading.
Put the two functions into in_offload.c. Add comments to explain what we're doing.
The same could be done for IPv6.
|
Revision tags: phil-wifi-base pgoyette-compat-0625
|
#
1.23 |
|
03-Jun-2018 |
maxv |
branches: 1.23.2; Constify a bunch of global varialbes under ipf/ so that they land in .rodata (3472 bytes).
Also, remove ipf_tuneables[], unused.
|
Revision tags: pgoyette-compat-0521 pgoyette-compat-0502 pgoyette-compat-0422 pgoyette-compat-0415 pgoyette-compat-0407 pgoyette-compat-0330 pgoyette-compat-0322 pgoyette-compat-0315 pgoyette-compat-base
|
#
1.22 |
|
04-Feb-2018 |
mrg |
branches: 1.22.2; apply __attribute__((__used__)) for rcsid, etc.
|
Revision tags: tls-maxphys-base-20171202
|
#
1.21 |
|
05-Sep-2017 |
christos |
Revert changing the byte order of fi->fi_addr. It is already correct. From Timo Buhrmester XXX: pullup 8.
|
Revision tags: nick-nhusb-base-20170825 perseant-stdc-iso10646-base netbsd-8-base prg-localcount2-base3 prg-localcount2-base2 prg-localcount2-base1 prg-localcount2-base pgoyette-localcount-20170426
|
#
1.20 |
|
23-Apr-2017 |
christos |
branches: 1.20.4; Disconnect maintaining fragment state from keeping session state. The user now must specify keep frags along with keep state to have ipfilter do what it did before, as documented in ipf.conf.5. (Cy Schubert @ FreeBSD)
|
Revision tags: bouyer-socketcan-base1 jdolecek-ncq-base pgoyette-localcount-20170320 nick-nhusb-base-20170204 bouyer-socketcan-base pgoyette-localcount-20170107 nick-nhusb-base-20161204 pgoyette-localcount-20161104 nick-nhusb-base-20161004 localcount-20160914 pgoyette-localcount-20160806
|
#
1.19 |
|
05-Aug-2016 |
christos |
partial sync with FreeBSD
|
Revision tags: pgoyette-localcount-20160726 pgoyette-localcount-base nick-nhusb-base-20160907 nick-nhusb-base-20160529 nick-nhusb-base-20160422
|
#
1.18 |
|
04-Apr-2016 |
christos |
branches: 1.18.2; We don't need this in /current because packet processing does not happen in an interrupt anymore (pointed out by ozaki@)
|
#
1.17 |
|
03-Apr-2016 |
christos |
Comment out the mutex calls that protect against concurrent configuration changes and processing. This needs to be done differently since you can't sleep during interrupt processing.
|
Revision tags: nick-nhusb-base-20160319 nick-nhusb-base-20151226 nick-nhusb-base-20150921 nick-nhusb-base-20150606 nick-nhusb-base-20150406
|
#
1.16 |
|
02-Apr-2015 |
khorben |
Fix for PR kern/48109 (and its duplicate kern/49807)
As provided by Takahiro HAYASHI in PR kern/48109. Additional error registration in ipf(8) by myself. Changes tested with GENERIC and XEN3_DOM0. Thanks!
XXX pull-up netbsd-7
|
Revision tags: nick-nhusb-base netbsd-7-base tls-earlyentropy-base tls-maxphys-base
|
#
1.15 |
|
16-Jun-2014 |
christos |
branches: 1.15.2; 1.15.4; Darren Reed: #550 filter rule list corrupted with inserted rules
|
Revision tags: yamt-pagecache-base9 riastradh-xf86-video-intel-2-7-1-pre-2-21-15 rmind-smpnet-nbase rmind-smpnet-base
|
#
1.14 |
|
20-Mar-2014 |
christos |
branches: 1.14.2; kill sprintf
|
Revision tags: riastradh-drm2-base3
|
#
1.13 |
|
27-Nov-2013 |
christos |
CID 976267: NULL deref check
|
#
1.12 |
|
18-Sep-2013 |
rmind |
Add bpf_filter_ext() to use with BPF COP, restore bpf_filter() as it was originally to preserve compatibility. Similarly, add bpf_validate_ext() which takes bpf_ctx_t.
|
#
1.11 |
|
12-Sep-2013 |
martin |
Remove unused variable
|
#
1.10 |
|
30-Aug-2013 |
rmind |
bpf_filter: add a custom argument which can be passed to coprocessor routine.
|
#
1.9 |
|
29-Aug-2013 |
rmind |
Implement BPF_COP/BPF_COPX instructions in the misc category (BPF_MISC) which add a capability to call external functions in a predetermined way.
It can be thought as a BPF "coprocessor" -- a generic mechanism to offload more complex packet inspection operations. There is no default coprocessor and this functionality is not targeted to the /dev/bpf. This is primarily targeted to the kernel subsystems, therefore there is no way to set a custom coprocessor at the userlevel.
Discussed on: tech-net@ OK: core@
|
Revision tags: riastradh-drm2-base2 riastradh-drm2-base1 riastradh-drm2-base agc-symver-base yamt-pagecache-base8
|
#
1.8 |
|
09-Jan-2013 |
christos |
branches: 1.8.2; Back out my last change, which was a partial fix for hash code computation problems. Apply Darren's more complete reworking of hash code computation. Ensure that the struct containing the red-black tree head is properly initialized. From Geoff Adams
|
#
1.7 |
|
20-Dec-2012 |
christos |
- Replace the seemingly broken built-in ipf rbtree implementation with ours. - Fix typos in comments - Fix 2 mutex errors From Geoff Adams
|
Revision tags: yamt-pagecache-base7 yamt-pagecache-base6
|
#
1.6 |
|
09-Oct-2012 |
christos |
remove wrong ntohl (from Aran Clauson)
|
#
1.5 |
|
22-Jul-2012 |
darrenr |
branches: 1.5.2; ansify new function definition
|
#
1.4 |
|
22-Jul-2012 |
darrenr |
ansify new functio definitions
|
#
1.3 |
|
22-Jul-2012 |
darrenr |
Merge IPFilter 5.1.2 into HEAD
|
Revision tags: jmcneill-usbmp-base10 yamt-pagecache-base5 jmcneill-usbmp-base9 yamt-pagecache-base4 jmcneill-usbmp-base8
|
#
1.2 |
|
23-Mar-2012 |
christos |
branches: 1.2.2; 1.2.4; apply our changes. - prototypes - ip_h323_pxy.c is missing from the distribution - original tar distribution is missing <$>Id values in most files
|
#
1.1 |
|
23-Mar-2012 |
christos |
branches: 1.1.1; Initial revision
|
#
1.28 |
|
26-Jun-2019 |
christos |
Conform to RFC 3128 by dropping TCP fragments with offset = 1. In addition to dropping these fragments, add a DTrace probe to allow for more detailed monitoring and diagnosis if required. From FreeBSD r349399, reported vy Cy Schubert
|
#
1.27 |
|
26-Jun-2019 |
christos |
Remove fd_local, it is not used, from FreeBSD r349401, reported by Cy Schubert
|
#
1.26 |
|
26-Jun-2019 |
christos |
Remove redundant off != 0 check, from FreeBSD r349400, reported by Cy Schubert
|
Revision tags: phil-wifi-20190609 isaki-audio2-base
|
#
1.25 |
|
04-Feb-2019 |
mrg |
add fallthru comments.
|
Revision tags: pgoyette-compat-20190127 pgoyette-compat-20190118 pgoyette-compat-1226 pgoyette-compat-1126 pgoyette-compat-1020 pgoyette-compat-0930 pgoyette-compat-0906 pgoyette-compat-0728
|
#
1.24 |
|
11-Jul-2018 |
maxv |
Rename
ip_undefer_csum -> in_undefer_cksum in_delayed_cksum -> in_undefer_cksum_tcpudp
The two previous names were inconsistent and misleading.
Put the two functions into in_offload.c. Add comments to explain what we're doing.
The same could be done for IPv6.
|
Revision tags: phil-wifi-base pgoyette-compat-0625
|
#
1.23 |
|
03-Jun-2018 |
maxv |
branches: 1.23.2; Constify a bunch of global varialbes under ipf/ so that they land in .rodata (3472 bytes).
Also, remove ipf_tuneables[], unused.
|
Revision tags: pgoyette-compat-0521 pgoyette-compat-0502 pgoyette-compat-0422 pgoyette-compat-0415 pgoyette-compat-0407 pgoyette-compat-0330 pgoyette-compat-0322 pgoyette-compat-0315 pgoyette-compat-base
|
#
1.22 |
|
04-Feb-2018 |
mrg |
branches: 1.22.2; apply __attribute__((__used__)) for rcsid, etc.
|
Revision tags: tls-maxphys-base-20171202
|
#
1.21 |
|
05-Sep-2017 |
christos |
Revert changing the byte order of fi->fi_addr. It is already correct. From Timo Buhrmester XXX: pullup 8.
|
Revision tags: nick-nhusb-base-20170825 perseant-stdc-iso10646-base netbsd-8-base prg-localcount2-base3 prg-localcount2-base2 prg-localcount2-base1 prg-localcount2-base pgoyette-localcount-20170426
|
#
1.20 |
|
23-Apr-2017 |
christos |
branches: 1.20.4; Disconnect maintaining fragment state from keeping session state. The user now must specify keep frags along with keep state to have ipfilter do what it did before, as documented in ipf.conf.5. (Cy Schubert @ FreeBSD)
|
Revision tags: bouyer-socketcan-base1 jdolecek-ncq-base pgoyette-localcount-20170320 nick-nhusb-base-20170204 bouyer-socketcan-base pgoyette-localcount-20170107 nick-nhusb-base-20161204 pgoyette-localcount-20161104 nick-nhusb-base-20161004 localcount-20160914 pgoyette-localcount-20160806
|
#
1.19 |
|
05-Aug-2016 |
christos |
partial sync with FreeBSD
|
Revision tags: pgoyette-localcount-20160726 pgoyette-localcount-base nick-nhusb-base-20160907 nick-nhusb-base-20160529 nick-nhusb-base-20160422
|
#
1.18 |
|
04-Apr-2016 |
christos |
branches: 1.18.2; We don't need this in /current because packet processing does not happen in an interrupt anymore (pointed out by ozaki@)
|
#
1.17 |
|
03-Apr-2016 |
christos |
Comment out the mutex calls that protect against concurrent configuration changes and processing. This needs to be done differently since you can't sleep during interrupt processing.
|
Revision tags: nick-nhusb-base-20160319 nick-nhusb-base-20151226 nick-nhusb-base-20150921 nick-nhusb-base-20150606 nick-nhusb-base-20150406
|
#
1.16 |
|
02-Apr-2015 |
khorben |
Fix for PR kern/48109 (and its duplicate kern/49807)
As provided by Takahiro HAYASHI in PR kern/48109. Additional error registration in ipf(8) by myself. Changes tested with GENERIC and XEN3_DOM0. Thanks!
XXX pull-up netbsd-7
|
Revision tags: nick-nhusb-base netbsd-7-base tls-earlyentropy-base tls-maxphys-base
|
#
1.15 |
|
16-Jun-2014 |
christos |
branches: 1.15.2; 1.15.4; Darren Reed: #550 filter rule list corrupted with inserted rules
|
Revision tags: yamt-pagecache-base9 riastradh-xf86-video-intel-2-7-1-pre-2-21-15 rmind-smpnet-nbase rmind-smpnet-base
|
#
1.14 |
|
20-Mar-2014 |
christos |
branches: 1.14.2; kill sprintf
|
Revision tags: riastradh-drm2-base3
|
#
1.13 |
|
27-Nov-2013 |
christos |
CID 976267: NULL deref check
|
#
1.12 |
|
18-Sep-2013 |
rmind |
Add bpf_filter_ext() to use with BPF COP, restore bpf_filter() as it was originally to preserve compatibility. Similarly, add bpf_validate_ext() which takes bpf_ctx_t.
|
#
1.11 |
|
12-Sep-2013 |
martin |
Remove unused variable
|
#
1.10 |
|
30-Aug-2013 |
rmind |
bpf_filter: add a custom argument which can be passed to coprocessor routine.
|
#
1.9 |
|
29-Aug-2013 |
rmind |
Implement BPF_COP/BPF_COPX instructions in the misc category (BPF_MISC) which add a capability to call external functions in a predetermined way.
It can be thought as a BPF "coprocessor" -- a generic mechanism to offload more complex packet inspection operations. There is no default coprocessor and this functionality is not targeted to the /dev/bpf. This is primarily targeted to the kernel subsystems, therefore there is no way to set a custom coprocessor at the userlevel.
Discussed on: tech-net@ OK: core@
|
Revision tags: riastradh-drm2-base2 riastradh-drm2-base1 riastradh-drm2-base agc-symver-base yamt-pagecache-base8
|
#
1.8 |
|
09-Jan-2013 |
christos |
branches: 1.8.2; Back out my last change, which was a partial fix for hash code computation problems. Apply Darren's more complete reworking of hash code computation. Ensure that the struct containing the red-black tree head is properly initialized. From Geoff Adams
|
#
1.7 |
|
20-Dec-2012 |
christos |
- Replace the seemingly broken built-in ipf rbtree implementation with ours. - Fix typos in comments - Fix 2 mutex errors From Geoff Adams
|
Revision tags: yamt-pagecache-base7 yamt-pagecache-base6
|
#
1.6 |
|
09-Oct-2012 |
christos |
remove wrong ntohl (from Aran Clauson)
|
#
1.5 |
|
22-Jul-2012 |
darrenr |
branches: 1.5.2; ansify new function definition
|
#
1.4 |
|
22-Jul-2012 |
darrenr |
ansify new functio definitions
|
#
1.3 |
|
22-Jul-2012 |
darrenr |
Merge IPFilter 5.1.2 into HEAD
|
Revision tags: jmcneill-usbmp-base10 yamt-pagecache-base5 jmcneill-usbmp-base9 yamt-pagecache-base4 jmcneill-usbmp-base8
|
#
1.2 |
|
23-Mar-2012 |
christos |
branches: 1.2.2; 1.2.4; apply our changes. - prototypes - ip_h323_pxy.c is missing from the distribution - original tar distribution is missing <$>Id values in most files
|
#
1.1 |
|
23-Mar-2012 |
christos |
branches: 1.1.1; Initial revision
|
Revision tags: isaki-audio2-base
|
#
1.25 |
|
04-Feb-2019 |
mrg |
add fallthru comments.
|
Revision tags: pgoyette-compat-20190127 pgoyette-compat-20190118 pgoyette-compat-1226 pgoyette-compat-1126 pgoyette-compat-1020 pgoyette-compat-0930 pgoyette-compat-0906 pgoyette-compat-0728
|
#
1.24 |
|
11-Jul-2018 |
maxv |
Rename
ip_undefer_csum -> in_undefer_cksum in_delayed_cksum -> in_undefer_cksum_tcpudp
The two previous names were inconsistent and misleading.
Put the two functions into in_offload.c. Add comments to explain what we're doing.
The same could be done for IPv6.
|
Revision tags: phil-wifi-base pgoyette-compat-0625
|
#
1.23 |
|
03-Jun-2018 |
maxv |
Constify a bunch of global varialbes under ipf/ so that they land in .rodata (3472 bytes).
Also, remove ipf_tuneables[], unused.
|
Revision tags: pgoyette-compat-0521 pgoyette-compat-0502 pgoyette-compat-0422 pgoyette-compat-0415 pgoyette-compat-0407 pgoyette-compat-0330 pgoyette-compat-0322 pgoyette-compat-0315 pgoyette-compat-base
|
#
1.22 |
|
04-Feb-2018 |
mrg |
branches: 1.22.2; apply __attribute__((__used__)) for rcsid, etc.
|
Revision tags: tls-maxphys-base-20171202
|
#
1.21 |
|
05-Sep-2017 |
christos |
Revert changing the byte order of fi->fi_addr. It is already correct. From Timo Buhrmester XXX: pullup 8.
|
Revision tags: nick-nhusb-base-20170825 perseant-stdc-iso10646-base netbsd-8-base prg-localcount2-base3 prg-localcount2-base2 prg-localcount2-base1 prg-localcount2-base pgoyette-localcount-20170426
|
#
1.20 |
|
23-Apr-2017 |
christos |
branches: 1.20.4; Disconnect maintaining fragment state from keeping session state. The user now must specify keep frags along with keep state to have ipfilter do what it did before, as documented in ipf.conf.5. (Cy Schubert @ FreeBSD)
|
Revision tags: bouyer-socketcan-base1 jdolecek-ncq-base pgoyette-localcount-20170320 nick-nhusb-base-20170204 bouyer-socketcan-base pgoyette-localcount-20170107 nick-nhusb-base-20161204 pgoyette-localcount-20161104 nick-nhusb-base-20161004 localcount-20160914 pgoyette-localcount-20160806
|
#
1.19 |
|
05-Aug-2016 |
christos |
partial sync with FreeBSD
|
Revision tags: pgoyette-localcount-20160726 pgoyette-localcount-base nick-nhusb-base-20160907 nick-nhusb-base-20160529 nick-nhusb-base-20160422
|
#
1.18 |
|
04-Apr-2016 |
christos |
branches: 1.18.2; We don't need this in /current because packet processing does not happen in an interrupt anymore (pointed out by ozaki@)
|
#
1.17 |
|
03-Apr-2016 |
christos |
Comment out the mutex calls that protect against concurrent configuration changes and processing. This needs to be done differently since you can't sleep during interrupt processing.
|
Revision tags: nick-nhusb-base-20160319 nick-nhusb-base-20151226 nick-nhusb-base-20150921 nick-nhusb-base-20150606 nick-nhusb-base-20150406
|
#
1.16 |
|
02-Apr-2015 |
khorben |
Fix for PR kern/48109 (and its duplicate kern/49807)
As provided by Takahiro HAYASHI in PR kern/48109. Additional error registration in ipf(8) by myself. Changes tested with GENERIC and XEN3_DOM0. Thanks!
XXX pull-up netbsd-7
|
Revision tags: nick-nhusb-base netbsd-7-base tls-earlyentropy-base tls-maxphys-base
|
#
1.15 |
|
16-Jun-2014 |
christos |
branches: 1.15.2; 1.15.4; Darren Reed: #550 filter rule list corrupted with inserted rules
|
Revision tags: yamt-pagecache-base9 riastradh-xf86-video-intel-2-7-1-pre-2-21-15 rmind-smpnet-nbase rmind-smpnet-base
|
#
1.14 |
|
20-Mar-2014 |
christos |
branches: 1.14.2; kill sprintf
|
Revision tags: riastradh-drm2-base3
|
#
1.13 |
|
27-Nov-2013 |
christos |
CID 976267: NULL deref check
|
#
1.12 |
|
18-Sep-2013 |
rmind |
Add bpf_filter_ext() to use with BPF COP, restore bpf_filter() as it was originally to preserve compatibility. Similarly, add bpf_validate_ext() which takes bpf_ctx_t.
|
#
1.11 |
|
12-Sep-2013 |
martin |
Remove unused variable
|
#
1.10 |
|
30-Aug-2013 |
rmind |
bpf_filter: add a custom argument which can be passed to coprocessor routine.
|
#
1.9 |
|
29-Aug-2013 |
rmind |
Implement BPF_COP/BPF_COPX instructions in the misc category (BPF_MISC) which add a capability to call external functions in a predetermined way.
It can be thought as a BPF "coprocessor" -- a generic mechanism to offload more complex packet inspection operations. There is no default coprocessor and this functionality is not targeted to the /dev/bpf. This is primarily targeted to the kernel subsystems, therefore there is no way to set a custom coprocessor at the userlevel.
Discussed on: tech-net@ OK: core@
|
Revision tags: riastradh-drm2-base2 riastradh-drm2-base1 riastradh-drm2-base agc-symver-base yamt-pagecache-base8
|
#
1.8 |
|
09-Jan-2013 |
christos |
branches: 1.8.2; Back out my last change, which was a partial fix for hash code computation problems. Apply Darren's more complete reworking of hash code computation. Ensure that the struct containing the red-black tree head is properly initialized. From Geoff Adams
|
#
1.7 |
|
20-Dec-2012 |
christos |
- Replace the seemingly broken built-in ipf rbtree implementation with ours. - Fix typos in comments - Fix 2 mutex errors From Geoff Adams
|
Revision tags: yamt-pagecache-base7 yamt-pagecache-base6
|
#
1.6 |
|
09-Oct-2012 |
christos |
remove wrong ntohl (from Aran Clauson)
|
#
1.5 |
|
22-Jul-2012 |
darrenr |
branches: 1.5.2; ansify new function definition
|
#
1.4 |
|
22-Jul-2012 |
darrenr |
ansify new functio definitions
|
#
1.3 |
|
22-Jul-2012 |
darrenr |
Merge IPFilter 5.1.2 into HEAD
|
Revision tags: jmcneill-usbmp-base10 yamt-pagecache-base5 jmcneill-usbmp-base9 yamt-pagecache-base4 jmcneill-usbmp-base8
|
#
1.2 |
|
23-Mar-2012 |
christos |
branches: 1.2.2; 1.2.4; apply our changes. - prototypes - ip_h323_pxy.c is missing from the distribution - original tar distribution is missing <$>Id values in most files
|
#
1.1 |
|
23-Mar-2012 |
christos |
branches: 1.1.1; Initial revision
|
#
1.22 |
|
04-Feb-2018 |
mrg |
apply __attribute__((__used__)) for rcsid, etc.
|
Revision tags: tls-maxphys-base-20171202
|
#
1.21 |
|
05-Sep-2017 |
christos |
Revert changing the byte order of fi->fi_addr. It is already correct. From Timo Buhrmester XXX: pullup 8.
|
Revision tags: nick-nhusb-base-20170825 perseant-stdc-iso10646-base netbsd-8-base prg-localcount2-base3 prg-localcount2-base2 prg-localcount2-base1 prg-localcount2-base pgoyette-localcount-20170426
|
#
1.20 |
|
23-Apr-2017 |
christos |
branches: 1.20.4; Disconnect maintaining fragment state from keeping session state. The user now must specify keep frags along with keep state to have ipfilter do what it did before, as documented in ipf.conf.5. (Cy Schubert @ FreeBSD)
|
Revision tags: bouyer-socketcan-base1 jdolecek-ncq-base pgoyette-localcount-20170320 nick-nhusb-base-20170204 bouyer-socketcan-base pgoyette-localcount-20170107 nick-nhusb-base-20161204 pgoyette-localcount-20161104 nick-nhusb-base-20161004 localcount-20160914 pgoyette-localcount-20160806
|
#
1.19 |
|
05-Aug-2016 |
christos |
partial sync with FreeBSD
|
Revision tags: pgoyette-localcount-20160726 pgoyette-localcount-base nick-nhusb-base-20160907 nick-nhusb-base-20160529 nick-nhusb-base-20160422
|
#
1.18 |
|
04-Apr-2016 |
christos |
branches: 1.18.2; We don't need this in /current because packet processing does not happen in an interrupt anymore (pointed out by ozaki@)
|
#
1.17 |
|
03-Apr-2016 |
christos |
Comment out the mutex calls that protect against concurrent configuration changes and processing. This needs to be done differently since you can't sleep during interrupt processing.
|
Revision tags: nick-nhusb-base-20160319 nick-nhusb-base-20151226 nick-nhusb-base-20150921 nick-nhusb-base-20150606 nick-nhusb-base-20150406
|
#
1.16 |
|
02-Apr-2015 |
khorben |
Fix for PR kern/48109 (and its duplicate kern/49807)
As provided by Takahiro HAYASHI in PR kern/48109. Additional error registration in ipf(8) by myself. Changes tested with GENERIC and XEN3_DOM0. Thanks!
XXX pull-up netbsd-7
|
Revision tags: nick-nhusb-base netbsd-7-base tls-earlyentropy-base tls-maxphys-base
|
#
1.15 |
|
16-Jun-2014 |
christos |
branches: 1.15.2; 1.15.4; Darren Reed: #550 filter rule list corrupted with inserted rules
|
Revision tags: yamt-pagecache-base9 riastradh-xf86-video-intel-2-7-1-pre-2-21-15 rmind-smpnet-nbase rmind-smpnet-base
|
#
1.14 |
|
20-Mar-2014 |
christos |
branches: 1.14.2; kill sprintf
|
Revision tags: riastradh-drm2-base3
|
#
1.13 |
|
27-Nov-2013 |
christos |
CID 976267: NULL deref check
|
#
1.12 |
|
18-Sep-2013 |
rmind |
Add bpf_filter_ext() to use with BPF COP, restore bpf_filter() as it was originally to preserve compatibility. Similarly, add bpf_validate_ext() which takes bpf_ctx_t.
|
#
1.11 |
|
12-Sep-2013 |
martin |
Remove unused variable
|
#
1.10 |
|
30-Aug-2013 |
rmind |
bpf_filter: add a custom argument which can be passed to coprocessor routine.
|
#
1.9 |
|
29-Aug-2013 |
rmind |
Implement BPF_COP/BPF_COPX instructions in the misc category (BPF_MISC) which add a capability to call external functions in a predetermined way.
It can be thought as a BPF "coprocessor" -- a generic mechanism to offload more complex packet inspection operations. There is no default coprocessor and this functionality is not targeted to the /dev/bpf. This is primarily targeted to the kernel subsystems, therefore there is no way to set a custom coprocessor at the userlevel.
Discussed on: tech-net@ OK: core@
|
Revision tags: riastradh-drm2-base2 riastradh-drm2-base1 riastradh-drm2-base agc-symver-base yamt-pagecache-base8
|
#
1.8 |
|
09-Jan-2013 |
christos |
branches: 1.8.2; Back out my last change, which was a partial fix for hash code computation problems. Apply Darren's more complete reworking of hash code computation. Ensure that the struct containing the red-black tree head is properly initialized. From Geoff Adams
|
#
1.7 |
|
20-Dec-2012 |
christos |
- Replace the seemingly broken built-in ipf rbtree implementation with ours. - Fix typos in comments - Fix 2 mutex errors From Geoff Adams
|
Revision tags: yamt-pagecache-base7 yamt-pagecache-base6
|
#
1.6 |
|
09-Oct-2012 |
christos |
remove wrong ntohl (from Aran Clauson)
|
#
1.5 |
|
22-Jul-2012 |
darrenr |
branches: 1.5.2; ansify new function definition
|
#
1.4 |
|
22-Jul-2012 |
darrenr |
ansify new functio definitions
|
#
1.3 |
|
22-Jul-2012 |
darrenr |
Merge IPFilter 5.1.2 into HEAD
|
Revision tags: jmcneill-usbmp-base10 yamt-pagecache-base5 jmcneill-usbmp-base9 yamt-pagecache-base4 jmcneill-usbmp-base8
|
#
1.2 |
|
23-Mar-2012 |
christos |
branches: 1.2.2; 1.2.4; apply our changes. - prototypes - ip_h323_pxy.c is missing from the distribution - original tar distribution is missing <$>Id values in most files
|
#
1.1 |
|
23-Mar-2012 |
christos |
branches: 1.1.1; Initial revision
|
#
1.21 |
|
05-Sep-2017 |
christos |
Revert changing the byte order of fi->fi_addr. It is already correct. From Timo Buhrmester XXX: pullup 8.
|
Revision tags: nick-nhusb-base-20170825 perseant-stdc-iso10646-base netbsd-8-base prg-localcount2-base3 prg-localcount2-base2 prg-localcount2-base1 prg-localcount2-base pgoyette-localcount-20170426
|
#
1.20 |
|
23-Apr-2017 |
christos |
Disconnect maintaining fragment state from keeping session state. The user now must specify keep frags along with keep state to have ipfilter do what it did before, as documented in ipf.conf.5. (Cy Schubert @ FreeBSD)
|
Revision tags: bouyer-socketcan-base1 jdolecek-ncq-base pgoyette-localcount-20170320 nick-nhusb-base-20170204 bouyer-socketcan-base pgoyette-localcount-20170107 nick-nhusb-base-20161204 pgoyette-localcount-20161104 nick-nhusb-base-20161004 localcount-20160914 pgoyette-localcount-20160806
|
#
1.19 |
|
05-Aug-2016 |
christos |
partial sync with FreeBSD
|
Revision tags: pgoyette-localcount-20160726 pgoyette-localcount-base nick-nhusb-base-20160907 nick-nhusb-base-20160529 nick-nhusb-base-20160422
|
#
1.18 |
|
04-Apr-2016 |
christos |
branches: 1.18.2; We don't need this in /current because packet processing does not happen in an interrupt anymore (pointed out by ozaki@)
|
#
1.17 |
|
03-Apr-2016 |
christos |
Comment out the mutex calls that protect against concurrent configuration changes and processing. This needs to be done differently since you can't sleep during interrupt processing.
|
Revision tags: nick-nhusb-base-20160319 nick-nhusb-base-20151226 nick-nhusb-base-20150921 nick-nhusb-base-20150606 nick-nhusb-base-20150406
|
#
1.16 |
|
02-Apr-2015 |
khorben |
Fix for PR kern/48109 (and its duplicate kern/49807)
As provided by Takahiro HAYASHI in PR kern/48109. Additional error registration in ipf(8) by myself. Changes tested with GENERIC and XEN3_DOM0. Thanks!
XXX pull-up netbsd-7
|
Revision tags: nick-nhusb-base netbsd-7-base tls-earlyentropy-base tls-maxphys-base
|
#
1.15 |
|
16-Jun-2014 |
christos |
branches: 1.15.2; 1.15.4; Darren Reed: #550 filter rule list corrupted with inserted rules
|
Revision tags: yamt-pagecache-base9 riastradh-xf86-video-intel-2-7-1-pre-2-21-15 rmind-smpnet-nbase rmind-smpnet-base
|
#
1.14 |
|
20-Mar-2014 |
christos |
branches: 1.14.2; kill sprintf
|
Revision tags: riastradh-drm2-base3
|
#
1.13 |
|
27-Nov-2013 |
christos |
CID 976267: NULL deref check
|
#
1.12 |
|
18-Sep-2013 |
rmind |
Add bpf_filter_ext() to use with BPF COP, restore bpf_filter() as it was originally to preserve compatibility. Similarly, add bpf_validate_ext() which takes bpf_ctx_t.
|
#
1.11 |
|
12-Sep-2013 |
martin |
Remove unused variable
|
#
1.10 |
|
30-Aug-2013 |
rmind |
bpf_filter: add a custom argument which can be passed to coprocessor routine.
|
#
1.9 |
|
29-Aug-2013 |
rmind |
Implement BPF_COP/BPF_COPX instructions in the misc category (BPF_MISC) which add a capability to call external functions in a predetermined way.
It can be thought as a BPF "coprocessor" -- a generic mechanism to offload more complex packet inspection operations. There is no default coprocessor and this functionality is not targeted to the /dev/bpf. This is primarily targeted to the kernel subsystems, therefore there is no way to set a custom coprocessor at the userlevel.
Discussed on: tech-net@ OK: core@
|
Revision tags: riastradh-drm2-base2 riastradh-drm2-base1 riastradh-drm2-base agc-symver-base yamt-pagecache-base8
|
#
1.8 |
|
09-Jan-2013 |
christos |
branches: 1.8.2; Back out my last change, which was a partial fix for hash code computation problems. Apply Darren's more complete reworking of hash code computation. Ensure that the struct containing the red-black tree head is properly initialized. From Geoff Adams
|
#
1.7 |
|
20-Dec-2012 |
christos |
- Replace the seemingly broken built-in ipf rbtree implementation with ours. - Fix typos in comments - Fix 2 mutex errors From Geoff Adams
|
Revision tags: yamt-pagecache-base7 yamt-pagecache-base6
|
#
1.6 |
|
09-Oct-2012 |
christos |
remove wrong ntohl (from Aran Clauson)
|
#
1.5 |
|
22-Jul-2012 |
darrenr |
branches: 1.5.2; ansify new function definition
|
#
1.4 |
|
22-Jul-2012 |
darrenr |
ansify new functio definitions
|
#
1.3 |
|
22-Jul-2012 |
darrenr |
Merge IPFilter 5.1.2 into HEAD
|
Revision tags: jmcneill-usbmp-base10 yamt-pagecache-base5 jmcneill-usbmp-base9 yamt-pagecache-base4 jmcneill-usbmp-base8
|
#
1.2 |
|
23-Mar-2012 |
christos |
branches: 1.2.2; 1.2.4; apply our changes. - prototypes - ip_h323_pxy.c is missing from the distribution - original tar distribution is missing <$>Id values in most files
|
#
1.1 |
|
23-Mar-2012 |
christos |
branches: 1.1.1; Initial revision
|
Revision tags: prg-localcount2-base pgoyette-localcount-20170426
|
#
1.20 |
|
23-Apr-2017 |
christos |
Disconnect maintaining fragment state from keeping session state. The user now must specify keep frags along with keep state to have ipfilter do what it did before, as documented in ipf.conf.5. (Cy Schubert @ FreeBSD)
|
Revision tags: bouyer-socketcan-base1 jdolecek-ncq-base pgoyette-localcount-20170320 nick-nhusb-base-20170204 bouyer-socketcan-base pgoyette-localcount-20170107 nick-nhusb-base-20161204 pgoyette-localcount-20161104 nick-nhusb-base-20161004 localcount-20160914 pgoyette-localcount-20160806
|
#
1.19 |
|
05-Aug-2016 |
christos |
partial sync with FreeBSD
|
Revision tags: pgoyette-localcount-20160726 pgoyette-localcount-base nick-nhusb-base-20160907 nick-nhusb-base-20160529 nick-nhusb-base-20160422
|
#
1.18 |
|
04-Apr-2016 |
christos |
branches: 1.18.2; We don't need this in /current because packet processing does not happen in an interrupt anymore (pointed out by ozaki@)
|
#
1.17 |
|
03-Apr-2016 |
christos |
Comment out the mutex calls that protect against concurrent configuration changes and processing. This needs to be done differently since you can't sleep during interrupt processing.
|
Revision tags: nick-nhusb-base-20160319 nick-nhusb-base-20151226 nick-nhusb-base-20150921 nick-nhusb-base-20150606 nick-nhusb-base-20150406
|
#
1.16 |
|
02-Apr-2015 |
khorben |
Fix for PR kern/48109 (and its duplicate kern/49807)
As provided by Takahiro HAYASHI in PR kern/48109. Additional error registration in ipf(8) by myself. Changes tested with GENERIC and XEN3_DOM0. Thanks!
XXX pull-up netbsd-7
|
Revision tags: nick-nhusb-base netbsd-7-base tls-earlyentropy-base tls-maxphys-base
|
#
1.15 |
|
16-Jun-2014 |
christos |
branches: 1.15.2; 1.15.4; Darren Reed: #550 filter rule list corrupted with inserted rules
|
Revision tags: yamt-pagecache-base9 riastradh-xf86-video-intel-2-7-1-pre-2-21-15 rmind-smpnet-nbase rmind-smpnet-base
|
#
1.14 |
|
20-Mar-2014 |
christos |
branches: 1.14.2; kill sprintf
|
Revision tags: riastradh-drm2-base3
|
#
1.13 |
|
27-Nov-2013 |
christos |
CID 976267: NULL deref check
|
#
1.12 |
|
18-Sep-2013 |
rmind |
Add bpf_filter_ext() to use with BPF COP, restore bpf_filter() as it was originally to preserve compatibility. Similarly, add bpf_validate_ext() which takes bpf_ctx_t.
|
#
1.11 |
|
12-Sep-2013 |
martin |
Remove unused variable
|
#
1.10 |
|
30-Aug-2013 |
rmind |
bpf_filter: add a custom argument which can be passed to coprocessor routine.
|
#
1.9 |
|
29-Aug-2013 |
rmind |
Implement BPF_COP/BPF_COPX instructions in the misc category (BPF_MISC) which add a capability to call external functions in a predetermined way.
It can be thought as a BPF "coprocessor" -- a generic mechanism to offload more complex packet inspection operations. There is no default coprocessor and this functionality is not targeted to the /dev/bpf. This is primarily targeted to the kernel subsystems, therefore there is no way to set a custom coprocessor at the userlevel.
Discussed on: tech-net@ OK: core@
|
Revision tags: riastradh-drm2-base2 riastradh-drm2-base1 riastradh-drm2-base agc-symver-base yamt-pagecache-base8
|
#
1.8 |
|
09-Jan-2013 |
christos |
branches: 1.8.2; Back out my last change, which was a partial fix for hash code computation problems. Apply Darren's more complete reworking of hash code computation. Ensure that the struct containing the red-black tree head is properly initialized. From Geoff Adams
|
#
1.7 |
|
20-Dec-2012 |
christos |
- Replace the seemingly broken built-in ipf rbtree implementation with ours. - Fix typos in comments - Fix 2 mutex errors From Geoff Adams
|
Revision tags: yamt-pagecache-base7 yamt-pagecache-base6
|
#
1.6 |
|
09-Oct-2012 |
christos |
remove wrong ntohl (from Aran Clauson)
|
#
1.5 |
|
22-Jul-2012 |
darrenr |
branches: 1.5.2; ansify new function definition
|
#
1.4 |
|
22-Jul-2012 |
darrenr |
ansify new functio definitions
|
#
1.3 |
|
22-Jul-2012 |
darrenr |
Merge IPFilter 5.1.2 into HEAD
|
Revision tags: jmcneill-usbmp-base10 yamt-pagecache-base5 jmcneill-usbmp-base9 yamt-pagecache-base4 jmcneill-usbmp-base8
|
#
1.2 |
|
23-Mar-2012 |
christos |
branches: 1.2.2; 1.2.4; apply our changes. - prototypes - ip_h323_pxy.c is missing from the distribution - original tar distribution is missing <$>Id values in most files
|
#
1.1 |
|
23-Mar-2012 |
christos |
branches: 1.1.1; Initial revision
|
Revision tags: nick-nhusb-base-20161204 pgoyette-localcount-20161104 nick-nhusb-base-20161004 localcount-20160914 pgoyette-localcount-20160806
|
#
1.19 |
|
05-Aug-2016 |
christos |
partial sync with FreeBSD
|
Revision tags: pgoyette-localcount-20160726 pgoyette-localcount-base nick-nhusb-base-20160907 nick-nhusb-base-20160529 nick-nhusb-base-20160422
|
#
1.18 |
|
04-Apr-2016 |
christos |
branches: 1.18.2; We don't need this in /current because packet processing does not happen in an interrupt anymore (pointed out by ozaki@)
|
#
1.17 |
|
03-Apr-2016 |
christos |
Comment out the mutex calls that protect against concurrent configuration changes and processing. This needs to be done differently since you can't sleep during interrupt processing.
|
Revision tags: nick-nhusb-base-20160319 nick-nhusb-base-20151226 nick-nhusb-base-20150921 nick-nhusb-base-20150606 nick-nhusb-base-20150406
|
#
1.16 |
|
02-Apr-2015 |
khorben |
Fix for PR kern/48109 (and its duplicate kern/49807)
As provided by Takahiro HAYASHI in PR kern/48109. Additional error registration in ipf(8) by myself. Changes tested with GENERIC and XEN3_DOM0. Thanks!
XXX pull-up netbsd-7
|
Revision tags: nick-nhusb-base netbsd-7-base tls-earlyentropy-base tls-maxphys-base
|
#
1.15 |
|
16-Jun-2014 |
christos |
branches: 1.15.2; 1.15.4; Darren Reed: #550 filter rule list corrupted with inserted rules
|
Revision tags: yamt-pagecache-base9 riastradh-xf86-video-intel-2-7-1-pre-2-21-15 rmind-smpnet-nbase rmind-smpnet-base
|
#
1.14 |
|
20-Mar-2014 |
christos |
branches: 1.14.2; kill sprintf
|
Revision tags: riastradh-drm2-base3
|
#
1.13 |
|
27-Nov-2013 |
christos |
CID 976267: NULL deref check
|
#
1.12 |
|
18-Sep-2013 |
rmind |
Add bpf_filter_ext() to use with BPF COP, restore bpf_filter() as it was originally to preserve compatibility. Similarly, add bpf_validate_ext() which takes bpf_ctx_t.
|
#
1.11 |
|
12-Sep-2013 |
martin |
Remove unused variable
|
#
1.10 |
|
30-Aug-2013 |
rmind |
bpf_filter: add a custom argument which can be passed to coprocessor routine.
|
#
1.9 |
|
29-Aug-2013 |
rmind |
Implement BPF_COP/BPF_COPX instructions in the misc category (BPF_MISC) which add a capability to call external functions in a predetermined way.
It can be thought as a BPF "coprocessor" -- a generic mechanism to offload more complex packet inspection operations. There is no default coprocessor and this functionality is not targeted to the /dev/bpf. This is primarily targeted to the kernel subsystems, therefore there is no way to set a custom coprocessor at the userlevel.
Discussed on: tech-net@ OK: core@
|
Revision tags: riastradh-drm2-base2 riastradh-drm2-base1 riastradh-drm2-base agc-symver-base yamt-pagecache-base8
|
#
1.8 |
|
09-Jan-2013 |
christos |
branches: 1.8.2; Back out my last change, which was a partial fix for hash code computation problems. Apply Darren's more complete reworking of hash code computation. Ensure that the struct containing the red-black tree head is properly initialized. From Geoff Adams
|
#
1.7 |
|
20-Dec-2012 |
christos |
- Replace the seemingly broken built-in ipf rbtree implementation with ours. - Fix typos in comments - Fix 2 mutex errors From Geoff Adams
|
Revision tags: yamt-pagecache-base7 yamt-pagecache-base6
|
#
1.6 |
|
09-Oct-2012 |
christos |
remove wrong ntohl (from Aran Clauson)
|
#
1.5 |
|
22-Jul-2012 |
darrenr |
branches: 1.5.2; ansify new function definition
|
#
1.4 |
|
22-Jul-2012 |
darrenr |
ansify new functio definitions
|
#
1.3 |
|
22-Jul-2012 |
darrenr |
Merge IPFilter 5.1.2 into HEAD
|
Revision tags: jmcneill-usbmp-base10 yamt-pagecache-base5 jmcneill-usbmp-base9 yamt-pagecache-base4 jmcneill-usbmp-base8
|
#
1.2 |
|
23-Mar-2012 |
christos |
branches: 1.2.2; 1.2.4; apply our changes. - prototypes - ip_h323_pxy.c is missing from the distribution - original tar distribution is missing <$>Id values in most files
|
#
1.1 |
|
23-Mar-2012 |
christos |
branches: 1.1.1; Initial revision
|