History log of /freebsd/sys/netpfil/ipfw/ip_fw_nat.c (Results 26 – 50 of 77)
Revision (<<< Hide revision tags) (Show revision tags >>>) Date Author Comments
# 7757a1b4 03-May-2015 Baptiste Daroussin <bapt@FreeBSD.org>

Merge from head


# de7df74b 01-May-2015 Glen Barber <gjb@FreeBSD.org>

MFH: r281855-r282312

Sponsored by: The FreeBSD Foundation


# 1a458088 27-Apr-2015 Alexander V. Chernikov <melifaro@FreeBSD.org>

Use free_nat_instance() for nat instance deletion.

Sponsored by: Yandex LLC


# fdf6290e 27-Apr-2015 Gleb Smirnoff <glebius@FreeBSD.org>

Fix memory leak.

PR: 199670
Reviewed by: ae


# 53f2fbca 11-Feb-2015 Glen Barber <gjb@FreeBSD.org>

MFH: r278202,r278205-r278590

Sponsored by: The FreeBSD Foundation


# 9f3d45b6 08-Feb-2015 Baptiste Daroussin <bapt@FreeBSD.org>

Merge from HEAD


# bd9cc051 05-Feb-2015 Dimitry Andric <dim@FreeBSD.org>

Merging ^/head r278224 through r278297.


# 9f925e8a 05-Feb-2015 Alexander V. Chernikov <melifaro@FreeBSD.org>

Fix IP_FW_NAT44_LIST_NAT size calculation.

Found by: lev
Sponsored by: Yandex LLC


# 51dd214c 19-Jan-2015 Enji Cooper <ngie@FreeBSD.org>

MFhead @ r277403


# d899be7d 19-Jan-2015 Glen Barber <gjb@FreeBSD.org>

Reintegrate head: r274132-r277384

Sponsored by: The FreeBSD Foundation


# 0b47e42b 16-Jan-2015 Alexander V. Chernikov <melifaro@FreeBSD.org>

Use ipfw runtime lock only when real modification is required.


# 9268022b 19-Nov-2014 Simon J. Gerraty <sjg@FreeBSD.org>

Merge from head@274682


Revision tags: release/10.1.0
# 2a382033 14-Oct-2014 Glen Barber <gjb@FreeBSD.org>

Reintegrate head@r273095

Sponsored by: The FreeBSD Foundation


# c81ab40b 11-Oct-2014 Alexander V. Chernikov <melifaro@FreeBSD.org>

Merge HEAD@r272944.


# ed6aacb5 11-Oct-2014 Neel Natu <neel@FreeBSD.org>

IFC @r272887


# a13a8216 09-Oct-2014 Alexander V. Chernikov <melifaro@FreeBSD.org>

Merge projects/ipfw to HEAD.

Main user-visible changes are related to tables:

* Tables are now identified by names, not numbers.
There can be up to 65k tables with up to 63-byte long names.
* Tabl

Merge projects/ipfw to HEAD.

Main user-visible changes are related to tables:

* Tables are now identified by names, not numbers.
There can be up to 65k tables with up to 63-byte long names.
* Tables are now set-aware (default off), so you can switch/move
them atomically with rules.
* More functionality is supported (swap, lock, limits, user-level lookup,
batched add/del) by generic table code.
* New table types are added (flow) so you can match multiple packet fields at once.
* Ability to add different type of lookup algorithms for particular
table type has been added.
* New table algorithms are added (cidr:hash, iface:array, number:array and
flow:hash) to make certain types of lookup more effective.
* Table value are now capable of holding multiple data fields for
different tablearg users

Performance changes:
* Main ipfw lock was converted to rmlock
* Rule counters were separated from rule itself and made per-cpu.
* Radix table entries fits into 128 bytes
* struct ip_fw is now more compact so more rules will fit into 64 bytes
* interface tables uses array of existing ifindexes for faster match

ABI changes:
All functionality supported by old ipfw(8) remains functional.
Old & new binaries can work together with the following restrictions:
* Tables named other than ^\d+$ are shown as table(65535) in
ruleset in old binaries

Internal changes:.
Changing table ids to numbers resulted in format modification for
most sockopt codes. Old sopt format was compact, but very hard to
extend (no versioning, inability to add more opcodes), so
* All relevant opcodes were converted to TLV-based versioned IP_FW3-based codes.
* The remaining opcodes were also converted to be able to eliminate
all older opcodes at once
* All IP_FW3 handlers uses special API instead of calling sooptcopy*
directly to ease adding another communication methods
* struct ip_fw is now different for kernel and userland
* tablearg value has been changed to 0 to ease future extensions
* table "values" are now indexes in special value array which
holds extended data for given index
* Batched add/delete has been added to tables code
* Most changes has been done to permit batched rule addition.
* interface tracking API has been added (started on demand)
to permit effective interface tables operations
* O(1) skipto cache, currently turned off by default at
compile-time (eats 512K).

* Several steps has been made towards making libipfw:
* most of new functions were separated into "parse/prepare/show
and actuall-do-stuff" pieces (already merged).
* there are separate functions for parsing text string into "struct ip_fw"
and printing "struct ip_fw" to supplied buffer (already merged).
* Probably some more less significant/forgotten features

MFC after: 1 month
Sponsored by: Yandex LLC

show more ...


# f9ab623b 09-Oct-2014 Alexander V. Chernikov <melifaro@FreeBSD.org>

Bump ipfw module version.


# ccba94b8 04-Oct-2014 Alexander V. Chernikov <melifaro@FreeBSD.org>

Switch ipfw to use rmlock for runtime locking.


# d6164b77 07-Sep-2014 Alexander V. Chernikov <melifaro@FreeBSD.org>

Make ipfw_nat module use IP_FW3 codes.

Kernel changes:
* Split kernel/userland nat structures eliminating IPFW_INTERNAL hack.
* Add IP_FW_NAT44_* codes resemblin old ones.
* Assume that instances ca

Make ipfw_nat module use IP_FW3 codes.

Kernel changes:
* Split kernel/userland nat structures eliminating IPFW_INTERNAL hack.
* Add IP_FW_NAT44_* codes resemblin old ones.
* Assume that instances can be named (no kernel support currently).
* Use both UH+WLOCK locks for all configuration changes.
* Provide full ABI support for old sockopts.

Userland changes:
* Use IP_FW_NAT44_* codes for nat operations.
* Remove undocumented ability to show ranges of nat "log" entries.

show more ...


# ee7b0571 19-Aug-2014 Simon J. Gerraty <sjg@FreeBSD.org>

Merge head from 7/28


Revision tags: release/9.3.0
# 6cec9cad 03-Jun-2014 Peter Grehan <grehan@FreeBSD.org>

MFC @ r266724

An SVM update will follow this.


# 414fdaf0 21-May-2014 Alan Somers <asomers@FreeBSD.org>

IFC @266473


# 3a5db2d4 18-May-2014 Andrey V. Elsukov <ae@FreeBSD.org>

Since ipfw nat configures all options in one step, we should set all bits
in the mask when calling LibAliasSetMode() to properly clear unneeded
options.

PR: 189655
MFC after: 1 week
Sponsored by: Y

Since ipfw nat configures all options in one step, we should set all bits
in the mask when calling LibAliasSetMode() to properly clear unneeded
options.

PR: 189655
MFC after: 1 week
Sponsored by: Yandex LLC

show more ...


# 3b8f0845 28-Apr-2014 Simon J. Gerraty <sjg@FreeBSD.org>

Merge head


# 8a477d48 26-Apr-2014 Mikolaj Golub <trociny@FreeBSD.org>

Define startup order the same way as it is in dummynet.


1234