| #
9f3d45b6 |
| 08-Feb-2015 |
Baptiste Daroussin <bapt@FreeBSD.org> |
Merge from HEAD
|
| #
47712954 |
| 26-Jan-2015 |
Dimitry Andric <dim@FreeBSD.org> |
Merge ^/head r277327 through r277718.
|
| #
2aa533b9 |
| 25-Jan-2015 |
John Baldwin <jhb@FreeBSD.org> |
natd(8) will work with an unconfigured interface and effectively not do
anything until the interface is assigned an address. This fixes
ipfw_nat to do the same by using an IP of INADDR_ANY instead o
natd(8) will work with an unconfigured interface and effectively not do
anything until the interface is assigned an address. This fixes
ipfw_nat to do the same by using an IP of INADDR_ANY instead of
aborting the nat setup if the requested interface is not yet configured.
Differential Revision: https://reviews.freebsd.org/D1539
Reviewed by: melifaro, glebius, gnn
MFC after: 1 week
show more ...
|
| #
9268022b |
| 19-Nov-2014 |
Simon J. Gerraty <sjg@FreeBSD.org> |
Merge from head@274682
|
|
Revision tags: release/10.1.0 |
|
| #
2a382033 |
| 14-Oct-2014 |
Glen Barber <gjb@FreeBSD.org> |
Reintegrate head@r273095
Sponsored by: The FreeBSD Foundation
|
| #
c81ab40b |
| 11-Oct-2014 |
Alexander V. Chernikov <melifaro@FreeBSD.org> |
Merge HEAD@r272944.
|
| #
ed6aacb5 |
| 11-Oct-2014 |
Neel Natu <neel@FreeBSD.org> |
IFC @r272887
|
| #
a13a8216 |
| 09-Oct-2014 |
Alexander V. Chernikov <melifaro@FreeBSD.org> |
Merge projects/ipfw to HEAD.
Main user-visible changes are related to tables:
* Tables are now identified by names, not numbers.
There can be up to 65k tables with up to 63-byte long names.
* Tabl
Merge projects/ipfw to HEAD.
Main user-visible changes are related to tables:
* Tables are now identified by names, not numbers.
There can be up to 65k tables with up to 63-byte long names.
* Tables are now set-aware (default off), so you can switch/move
them atomically with rules.
* More functionality is supported (swap, lock, limits, user-level lookup,
batched add/del) by generic table code.
* New table types are added (flow) so you can match multiple packet fields at once.
* Ability to add different type of lookup algorithms for particular
table type has been added.
* New table algorithms are added (cidr:hash, iface:array, number:array and
flow:hash) to make certain types of lookup more effective.
* Table value are now capable of holding multiple data fields for
different tablearg users
Performance changes:
* Main ipfw lock was converted to rmlock
* Rule counters were separated from rule itself and made per-cpu.
* Radix table entries fits into 128 bytes
* struct ip_fw is now more compact so more rules will fit into 64 bytes
* interface tables uses array of existing ifindexes for faster match
ABI changes:
All functionality supported by old ipfw(8) remains functional.
Old & new binaries can work together with the following restrictions:
* Tables named other than ^\d+$ are shown as table(65535) in
ruleset in old binaries
Internal changes:.
Changing table ids to numbers resulted in format modification for
most sockopt codes. Old sopt format was compact, but very hard to
extend (no versioning, inability to add more opcodes), so
* All relevant opcodes were converted to TLV-based versioned IP_FW3-based codes.
* The remaining opcodes were also converted to be able to eliminate
all older opcodes at once
* All IP_FW3 handlers uses special API instead of calling sooptcopy*
directly to ease adding another communication methods
* struct ip_fw is now different for kernel and userland
* tablearg value has been changed to 0 to ease future extensions
* table "values" are now indexes in special value array which
holds extended data for given index
* Batched add/delete has been added to tables code
* Most changes has been done to permit batched rule addition.
* interface tracking API has been added (started on demand)
to permit effective interface tables operations
* O(1) skipto cache, currently turned off by default at
compile-time (eats 512K).
* Several steps has been made towards making libipfw:
* most of new functions were separated into "parse/prepare/show
and actuall-do-stuff" pieces (already merged).
* there are separate functions for parsing text string into "struct ip_fw"
and printing "struct ip_fw" to supplied buffer (already merged).
* Probably some more less significant/forgotten features
MFC after: 1 month
Sponsored by: Yandex LLC
show more ...
|
| #
d6164b77 |
| 07-Sep-2014 |
Alexander V. Chernikov <melifaro@FreeBSD.org> |
Make ipfw_nat module use IP_FW3 codes.
Kernel changes:
* Split kernel/userland nat structures eliminating IPFW_INTERNAL hack.
* Add IP_FW_NAT44_* codes resemblin old ones.
* Assume that instances ca
Make ipfw_nat module use IP_FW3 codes.
Kernel changes:
* Split kernel/userland nat structures eliminating IPFW_INTERNAL hack.
* Add IP_FW_NAT44_* codes resemblin old ones.
* Assume that instances can be named (no kernel support currently).
* Use both UH+WLOCK locks for all configuration changes.
* Provide full ABI support for old sockopts.
Userland changes:
* Use IP_FW_NAT44_* codes for nat operations.
* Remove undocumented ability to show ranges of nat "log" entries.
show more ...
|
|
Revision tags: release/9.3.0, release/10.0.0, release/9.2.0 |
|
| #
cfe30d02 |
| 19-Jun-2013 |
Gleb Smirnoff <glebius@FreeBSD.org> |
Merge fresh head.
|
|
Revision tags: release/8.4.0, release/9.1.0 |
|
| #
e477abf7 |
| 27-Nov-2012 |
Alexander Motin <mav@FreeBSD.org> |
MFC @ r241285
|
| #
a10c6f55 |
| 11-Nov-2012 |
Neel Natu <neel@FreeBSD.org> |
IFC @ r242684
|
| #
23090366 |
| 04-Nov-2012 |
Simon J. Gerraty <sjg@FreeBSD.org> |
Sync from head
|
| #
3dedcef7 |
| 11-Sep-2012 |
Kevin Lo <kevlo@FreeBSD.org> |
Remove unused values
|
| #
e11b6fa3 |
| 03-Aug-2012 |
Gleb Smirnoff <glebius@FreeBSD.org> |
Merge head r233826 through r239010.
|
| #
6a7bb02d |
| 30-Jul-2012 |
Luigi Rizzo <luigi@FreeBSD.org> |
Fix some compile errors at high WARNS, including one
for an uninitialized variable.
unused parameters and variables are annotated with
(void)foo; /* UNUSED */
instead of __unused, because this code
Fix some compile errors at high WARNS, including one
for an uninitialized variable.
unused parameters and variables are annotated with
(void)foo; /* UNUSED */
instead of __unused, because this code needs to build
also on linux and windows.
show more ...
|
|
Revision tags: release/8.3.0_cvs, release/8.3.0 |
|
| #
8fa0b743 |
| 23-Jan-2012 |
Xin LI <delphij@FreeBSD.org> |
IFC @230489 (pending review).
|
| #
80dbff4e |
| 04-Jan-2012 |
Sean Bruno <sbruno@FreeBSD.org> |
IFC to head to catch up the bhyve branch
Approved by: grehan@
|
|
Revision tags: release/9.0.0 |
|
| #
8d913bf8 |
| 23-Nov-2011 |
Gleb Smirnoff <glebius@FreeBSD.org> |
Fix parsing of redirect_addr argument.
PR: kern/162739
MFC after: 3 days
|
| #
935205e2 |
| 17-Jul-2011 |
Justin T. Gibbs <gibbs@FreeBSD.org> |
Integrate from Head into ZFSD feature branch as of revision r224141.
|
| #
23300944 |
| 30-Jun-2011 |
Peter Grehan <grehan@FreeBSD.org> |
IFC @ r223696 to pick up dfr's userboot
|
| #
a5615c90 |
| 28-Jun-2011 |
Peter Grehan <grehan@FreeBSD.org> |
IFC @ r222830
|
| #
de138ec7 |
| 24-Jun-2011 |
Attilio Rao <attilio@FreeBSD.org> |
MFC
|
| #
6ca60beb |
| 24-Jun-2011 |
Gleb Smirnoff <glebius@FreeBSD.org> |
Actually, if code had followed style(9), there would be less stupid errors
like the one fixed in r223416.
Noticed by: julian
|
| #
9b571ec6 |
| 22-Jun-2011 |
Attilio Rao <attilio@FreeBSD.org> |
MFC
|