Commit Graph

9 Commits

Author SHA1 Message Date
Max Laier
c9a03d91ad Commit resolved import of OpenBSD 4.1 pf from perforce.
Approved by:	re (kensmith)
2007-07-03 12:16:07 +00:00
Bruce M Simpson
6b47cca2a7 Teach pfsync(4) that its member interfaces may go away.
This change partially resolves the issue in the PR. Further architectural
fixes, in the form of reference counting, are needed.

PR:		86848
Reviewed by:	yar
MFC after:	1 month
2007-03-19 17:52:15 +00:00
Max Laier
fe2f7b3b0d Defer ip_output of pfsync updates to an independent callout thread instead
of just dropping the lock around the ip_output call.  This used to cause
corrupted state tree walks for some call-paths.

In a second stage all callouts will be marked MPSAFE according to the
setting of mpsafenet.

Reported and tested by:	Matthew Grooms <mgrooms at seton dot org>
MFC after:		3 days
X-MFC after:		Marking callouts MPSAFE + 1 week
2005-06-10 17:23:49 +00:00
Brooks Davis
fc74a9f93a Stop embedding struct ifnet at the top of driver softcs. Instead the
struct ifnet or the layer 2 common structure it was embedded in have
been replaced with a struct ifnet pointer to be filled by a call to the
new function, if_alloc(). The layer 2 common structure is also allocated
via if_alloc() based on the interface type. It is hung off the new
struct ifnet member, if_l2com.

This change removes the size of these structures from the kernel ABI and
will allow us to better manage them as interfaces come and go.

Other changes of note:
 - Struct arpcom is no longer referenced in normal interface code.
   Instead the Ethernet address is accessed via the IFP2ENADDR() macro.
   To enforce this ac_enaddr has been renamed to _ac_enaddr.
 - The second argument to ether_ifattach is now always the mac address
   from driver private storage rather than sometimes being ac_enaddr.

Reviewed by:	sobomax, sam
2005-06-10 16:49:24 +00:00
Max Laier
b01933e6bf Resolve conflicts created during the import of pf 3.7 Some features are
missing and will be implemented in a second step.  This is functional as is.

Tested by:	freebsd-pf, pfsense.org
Obtained from:	OpenBSD
X-MFC after:	never (breaks API/ABI)
2005-05-03 16:43:32 +00:00
Max Laier
7c1fe95333 Commit pf version 3.5 and link additional files to the kernel build.
Version 3.5 brings:
 - Atomic commits of ruleset changes (reduce the chance of ending up in an
   inconsistent state).
 - A 30% reduction in the size of state table entries.
 - Source-tracking (limit number of clients and states per client).
 - Sticky-address (the flexibility of round-robin with the benefits of
   source-hash).
 - Significant improvements to interface handling.
 - and many more ...
2004-06-16 23:24:02 +00:00
Max Laier
cc7e902276 Style(9) round for the pf kernel parts. Mostly #if defined() -> #ifdef
Also set HOOK_HACK to true (remove the related #ifdef's) as we have the
hooks in the kernel this was missed during the merge from the port.

Noticed by:	Amir S.	(for the HOOK_HACK part)
Approved by:	bms(mentor)
2004-03-17 21:11:02 +00:00
Max Laier
2bbe8ffc9d Bring diff from the security/pf port. This has code been tested as a port
for a long time and is run in production use. This is the code present in
portversion 2.03 with some additional tweaks.

The rather extensive diff accounts for:
 - locking (to enable pf to work with a giant-free netstack)
 - byte order difference between OpenBSD and FreeBSD for ip_len/ip_off
 - conversion from pool(9) to zone(9)
 - api differences etc.

Approved by: bms(mentor) (in general)
2004-02-26 02:34:12 +00:00
Max Laier
5c45a928b9 Vendor import of OpenBSD's packet filter (pf) as of OpenBSD 3.4
Approved by: bms(mentor), core (in general)
2004-02-26 02:04:28 +00:00