Commit Graph

497 Commits

Author SHA1 Message Date
Max Laier
c550f2206d Define semantic of M_SKIP_FIREWALL more precisely, i.e. also pass associated
icmp_error() packets. While here retire PACKET_TAG_PF_GENERATED (which
served the same purpose) and use M_SKIP_FIREWALL in pf as well. This should
speed up things a bit as we get rid of the tag allocations.

Discussed with:	juli
2004-07-17 05:10:06 +00:00
Poul-Henning Kamp
3f4324df4d Send the fla driver in the Attic 2004-07-13 17:44:17 +00:00
Darren Reed
781950a42f Clean up a bunch of white-space difference with IPFilter source as well as
remove some superfluous assignments for .d_version/.d_flags in a cdevsw
structure initialisation that never sees the light of day in FreeBSD.
2004-07-11 10:13:05 +00:00
Hartmut Brandt
72767e9575 This commit was generated by cvs2svn to compensate for changes in r131826,
which included commits to RCS files with non-trunk default branches.
2004-07-08 16:39:03 +00:00
Hartmut Brandt
8339b15086 Virgin import of NgATM share kernel/user part 1.0 2004-07-08 16:39:03 +00:00
Mark Santcroos
bde5ba82c2 Local change: Allow access to the field if it is within the region
size rounded up to a multiple of the access byte width.  This overcomes
"off-by-one" programming errors in the AML often found in Toshiba
laptops.
2004-07-02 08:38:55 +00:00
Mark Santcroos
2e8f631a0d Local diff: allow use of the disassembler. 2004-07-02 08:37:56 +00:00
Mark Santcroos
727fde6f33 Unchanged files that are off the vendor branch. 2004-07-02 08:34:19 +00:00
Mark Santcroos
648474d5f4 This commit was generated by cvs2svn to compensate for changes in r131440,
which included commits to RCS files with non-trunk default branches.
2004-07-02 08:14:36 +00:00
Mark Santcroos
671d52d8aa Vendor import of Intel ACPI-CA 20040527 2004-07-02 08:14:36 +00:00
Darren Reed
be134cb640 Mess from update & merge - don't release the ifnet lock twice, just once
and after we're finished with it.
2004-06-29 03:39:06 +00:00
Brooks Davis
f889d2ef8d Major overhaul of pseudo-interface cloning. Highlights include:
- Split the code out into if_clone.[ch].
 - Locked struct if_clone. [1]
 - Add a per-cloner match function rather then simply matching names of
   the form <name><unit> and <name>.
 - Use the match function to allow creation of <interface>.<tag>
   vlan interfaces.  The old way is preserved unchanged!
 - Also the match function to allow creation of stf(4) interfaces named
   stf0, stf, or 6to4.  This is the only major user visible change in
   that "ifconfig stf" creates the interface stf rather then stf0 and
   does not print "stf0" to stdout.
 - Allow destroy functions to fail so they can refuse to delete
   interfaces.  Currently, we forbid the deletion of interfaces which
   were created in the init function, particularly lo0, pflog0, and
   pfsync0.  In the case of lo0 this was a panic implementation so it
   does not count as a user visiable change. :-)
 - Since most interfaces do not need the new functionality, an family of
   wrapper functions, ifc_simple_*(), were created to wrap old style
   cloner functions.
 - The IF_CLONE_INITIALIZER macro is replaced with a new incompatible
   IFC_CLONE_INITIALIZER and ifc_simple consumers use IFC_SIMPLE_DECLARE
   instead.

Submitted by:   Maurycy Pawlowski-Wieronski <maurycy at fouk.org> [1]
Reviewed by:    andre, mlaier
Discussed on:	net
2004-06-22 20:13:25 +00:00
Darren Reed
01dbed783b revert section of code that calls netisr_queue() to match v1.33 of this file 2004-06-22 05:20:30 +00:00
Darren Reed
5e9c7ec5dc #ifdef's for FreeBSD are wrong, causing too many variable declaractions to
disappear.
2004-06-22 05:16:29 +00:00
Darren Reed
27944d9422 one too many #endif's from the update broke the build 2004-06-22 02:44:06 +00:00
Darren Reed
7b807523f4 Update ipfilter from 3.4.31 -> 3.4.35. Some important changes:
* block packets that fail to create state table entries
* only allow non-fragmented packets to influence whether or not a logged
  packet is the same as the one logged before.
* correct the ICMP packet checksum fixing up when processing ICMP errors for NAT
* implement a maximum for the number of entries in the NAT table (NAT_TABLE_MAX
  and ipf_nattable_max)
* frsynclist() wasn't paying attention to all the places where interface
  names are, like it should.
* fix comparing ICMP packets with established TCP state where only 8 bytes
  of header are returned in the ICMP error.

MFC after:	1 week
2004-06-21 22:46:36 +00:00
Poul-Henning Kamp
cb5cb48675 Add missing <sys/module.h> include.
Approved by:	sam
2004-06-18 08:53:55 +00:00
Max Laier
c0d431fe31 Import two fixes from the OpenBSD stable branch:
- prevent an endless loop with route-to lo0, fixes PR 3736 (dhartmei@)
 - The rule_number parameter for pf_get_pool() needs to be 32 bits, not 8 -
   this fixes corruption of the address pools with large rulesets.
   (mcbride@, pb@)

Reviewed-by:	dhartmei
2004-06-17 16:59:47 +00:00
Max Laier
7c1fe95333 Commit pf version 3.5 and link additional files to the kernel build.
Version 3.5 brings:
 - Atomic commits of ruleset changes (reduce the chance of ending up in an
   inconsistent state).
 - A 30% reduction in the size of state table entries.
 - Source-tracking (limit number of clients and states per client).
 - Sticky-address (the flexibility of round-robin with the benefits of
   source-hash).
 - Significant improvements to interface handling.
 - and many more ...
2004-06-16 23:24:02 +00:00
Max Laier
779616355a This commit was generated by cvs2svn to compensate for changes in r130610,
which included commits to RCS files with non-trunk default branches.
2004-06-16 23:03:14 +00:00
Max Laier
32b3098356 Import pf from OpenBSD 3.5 (OPENBSD_3_5_BASE) 2004-06-16 23:03:14 +00:00
Poul-Henning Kamp
89c9c53da0 Do the dreaded s/dev_t/struct cdev */
Bump __FreeBSD_version accordingly.
2004-06-16 09:47:26 +00:00
Max Laier
7421be0528 Disable "bulk dequeue" when enabling ALTQ so it does not irritate the
timing.
2004-06-15 23:59:37 +00:00
Max Laier
4cb655c020 Transform tbr_dequeue into a function pointer in order to build drivers with
ALTQ enabled versions of IFQ_* macros by default, as requested by serveral
others. This is a follow-up to the quick fix I committed yesterday which
turned off the ALTQ checks for non-ALTQ kernels.
2004-06-15 01:45:19 +00:00
Max Laier
4e6d06effe Remove some more leftover from the old pfaltq_module hack to allow for
kernels w/ pf, but w/o altq.

Reported-by:	 Xin LI
2004-06-14 16:13:05 +00:00
Max Laier
eb8fefbe04 #if out an old leftover in the KAME code. opt_cpu.h is no longer useful here
and breaks build on some arch.

Found-by:	tinderbox
2004-06-13 22:52:38 +00:00
Max Laier
cc4dbc7c7d Prepare pf for building with ALTQ:
- remove old pfaltq module linkage
 - move pfaltq_running to pf_ioctl.c It is protected by PF_LOCK()
2004-06-13 01:36:31 +00:00
Max Laier
6ef5ab3cb5 Add an additional queue which will be "owned by the driver". This allows to
rig a PREPEND macro for ALTQ as the POLL/DEQUEUE semantic is very bad in
terms of locking. We make this a full functional queue to allow "bulk
dequeue" which will further reduce the locking overhead (for non-altq
enabled devices). Drivers will access this via the following macros, which
will show up in <net/if_var.h> once we expose ALTQ to the build:

IFQ_DRV_DEQUEUE(ifq, m)	- takes a mbuf off the queue (driver queue first)
IFQ_DRV_PREPEND(ifq, m)	- pushes a mbuf back to the driver queue
IFQ_DRV_PURGE(ifq)	- drops all packets in both queues
IFQ_DRV_IS_EMPTY(ifq)	- checks for pending mbufs in either queue

One has to make sure that the first three are protected by a driver mutex.
At the moment most network drivers still require Giant, so this is not an
issue. Even those that have thier own mutex usually hold it in if_start and
the like, so this requirement is almost always satisfied.

This evolved from a discussion with Andrew Gallatin.
2004-06-12 18:47:24 +00:00
Max Laier
6d43605d86 FreeBSD-ify ALTQ:
- add locking
 - disable ALTQ3_COMPAT by default (do not remove the code to keep the diff
   towards KAME small)
 - put some more code under ALTQ3 conditional compilation as it should be
 - account for if_xname
 - some more minor compile fixes

As people started wondering:
The strange path layout "altq/altq" is there to avoid "-Isys/contrib" and
make it "-Isys/contrib/altq" instead, as we will need at least <altq/altq.h>
and <altq/if_altq.h> for kernel compilation.

The "freebsd4_..." in the privious commit is just the best tag name in the
KAME tree I could find to classify this in order to track its history. It
does *not* mean that this will go to 4-STABLE or anything of that kind.
2004-06-12 00:57:20 +00:00
Max Laier
4fd250c713 This commit was generated by cvs2svn to compensate for changes in r130365,
which included commits to RCS files with non-trunk default branches.
2004-06-12 00:10:21 +00:00
Max Laier
a2f5f9a397 Import parts of the ALTQ framework from latest KAME snapshot (which is up to
HEAD at this point). This will not exactly live in a vendor branch, but have
the vendor backing to make it easier to exchange diffs.

This will be followed by a diff which takes most of the .c files off the
vendor branch in order to:
 - add locking
 - disable ALTQ3_COMPAT code (which is outdated and "un-lockable")

There is work in progress to refine the configuration API. Import this "as
is" now to have more exposure time before 5-STABLE.

This is only the import, it will be some more days until you will actually
be able to compile ALTQ support into your kernel so don't hold your breath.
HEADUPs will be posted on current@ and net@ before this is actually enabled.

No-objection:	re(scottl), core(rwatson)
2004-06-12 00:10:21 +00:00
Darren Reed
578a650271 Recognise NOINET6 as an indication to not build IPv6 enabled source even
if FreeBSD header files, etc, support it.

Submitted by:	Sergey Mokryshev <mokr@mokr.net>
2004-06-08 23:52:22 +00:00
Max Laier
1fb675e712 "Get rid of the nested include of <sys/module.h> from <sys/kernel.h>" or
better do no longer depend on it.

Requested-by:	phk
Approved-by:	bms(mentor)
2004-05-31 22:48:19 +00:00
Poul-Henning Kamp
77409fe148 Add missing #include <sys/module.h> 2004-05-30 20:34:58 +00:00
Nate Lawson
0d224e7f88 Remove a warning of a constant that is too large. Change submitted to
vendor.
2004-05-25 03:06:37 +00:00
Nate Lawson
a86c577a6d This commit was generated by cvs2svn to compensate for changes in r129694,
which included commits to RCS files with non-trunk default branches.
2004-05-25 03:06:37 +00:00
Nate Lawson
275c8028ab Local change: allow usermode to compile this header. Submitted to vendor. 2004-05-25 02:41:49 +00:00
Nate Lawson
0c3e6e7452 Local change: don't hang forever if WAK_STS is never set. 2004-05-25 02:41:19 +00:00
Nate Lawson
c2c6addc68 Local change: remove warnings. 2004-05-25 02:40:48 +00:00
Nate Lawson
4ace1857d7 Local diff: allow use of the disassembler. 2004-05-25 02:39:46 +00:00
Nate Lawson
6c57d4e8fb Unchanged files that are off the vendor branch. 2004-05-25 02:39:01 +00:00
Nate Lawson
a5a81f7c89 Vendor import of Intel ACPI-CA 20040514. 2004-05-25 02:34:44 +00:00
Nate Lawson
d57f8354ca This commit was generated by cvs2svn to compensate for changes in r129684,
which included commits to RCS files with non-trunk default branches.
2004-05-25 02:34:44 +00:00
Marcel Moolenaar
203bd0c3e7 This commit was generated by cvs2svn to compensate for changes in r129059,
which included commits to RCS files with non-trunk default branches.
2004-05-09 03:06:25 +00:00
Marcel Moolenaar
9cc6463a07 Update to BETA 7. Besides C++ support, which is irrelevant to us,
this version mostly has bugs fixes.
2004-05-09 03:06:25 +00:00
Nate Lawson
c3bac8b5d5 Add sys/types.h for both kernel and user compiles. 2004-05-05 20:02:02 +00:00
Daniel Hartmeier
01044eaadc Commit three imported bugfixes from OpenBSD 3.4-stable:
- change pf_get_pool() argument rule_number type from u_int32_t
    to u_int8_t, fixes corruption of address pools with large
    rulesets (mcbride@)
  - prevent endless loops with route-to (dhartmei@)
  - limit option length to 2 octets max (frantzen@)

Obtained from:	OpenBSD
Approved by:	mlaier(mentor), bms(mentor)
2004-05-02 20:47:24 +00:00
Daniel Hartmeier
ac529e0479 Import OpenBSD 3.4-stable fixes 2004-05-02 19:43:28 +00:00
Nate Lawson
eccb3e0e14 Remove warnings from vendor files. This takes some files off the vendor
branch but they have indicated they will not fix these warnings.
2004-04-14 18:12:29 +00:00
Nate Lawson
95ee367419 Even though the patch has been submitted to the vendor, this file is off
the vendor branch.  Once more, with feeling!
2004-04-14 16:52:19 +00:00