d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
freebsd kernel with SKQ
257,787 Commits 4 Branches 49 Tags 2 GiB
C 63.3%
C++ 23.3%
Roff 5.1%
Shell 2.9%
Makefile 1.5%
Other 3.4%
9978a7d924
Go to file
glebius 9978a7d924 New pfil(9) KPI together with newborn pfil API and control utility. 
The KPI have been reviewed and cleansed of features that were planned
back 20 years ago and never implemented.  The pfil(9) internals have
been made opaque to protocols with only returned types and function
declarations exposed. The KPI is made more strict, but at the same time
more extensible, as kernel uses same command structures that userland
ioctl uses.

In nutshell [KA]PI is about declaring filtering points, declaring
filters and linking and unlinking them together.

New [KA]PI makes it possible to reconfigure pfil(9) configuration:
change order of hooks, rehook filter from one filtering point to a
different one, disconnect a hook on output leaving it on input only,
prepend/append a filter to existing list of filters.

Now it possible for a single packet filter to provide multiple rulesets
that may be linked to different points. Think of per-interface ACLs in
Cisco or Juniper. None of existing packet filters yet support that,
however limited usage is already possible, e.g. default ruleset can
be moved to single interface, as soon as interface would pride their
filtering points.

Another future feature is possiblity to create pfil heads, that provide
not an mbuf pointer but just a memory pointer with length. That would
allow filtering at very early stages of a packet lifecycle, e.g. when
packet has just been received by a NIC and no mbuf was yet allocated.

Differential Revision:	https://reviews.freebsd.org/D18951
2019-01-31 23:01:03 +00:00
bin Comment out the default sh(1) aliases for root, introduced in r343416. 2019-01-25 17:09:26 +00:00
cddl Create new EINTEGRITY error with message "Integrity check failed". 2019-01-17 06:35:45 +00:00
contrib readelf: dump elf note data 2019-01-31 17:04:55 +00:00
crypto scp: disallow empty or current directory 2019-01-15 15:35:14 +00:00
etc netmap: add suite of unit tests 2018-12-31 11:17:58 +00:00
gnu Create crtsavres.o for powerpc builds 2019-01-12 21:29:54 +00:00
include Use a private definition of osockaddr rather then relying on type 2019-01-18 21:30:06 +00:00
kerberos5 Use ${SRCTOP}/contrib/com_err/com_err.h instead of the installed com_err.h. 2019-01-14 06:34:54 +00:00
lib libc/tests: Add test case for jemalloc/libthr bug fixed in r343566 2019-01-31 02:49:24 +00:00
libexec Rename rtld-elf/malloc.c to rtld-elf/rtld_malloc.c. 2019-01-30 16:28:27 +00:00
release Turn off ec2_ephemeralswap for now 2019-01-09 03:55:25 +00:00
rescue rescue: set NO_SHARED in Makefile 2018-11-19 22:18:18 +00:00
sbin New pfil(9) KPI together with newborn pfil API and control utility. 2019-01-31 23:01:03 +00:00
secure Enable devcryptoeng for OpenSSL. 2018-12-12 21:56:47 +00:00
share New pfil(9) KPI together with newborn pfil API and control utility. 2019-01-31 23:01:03 +00:00
stand Unbreak mip64 build after r328437 2019-01-20 21:09:44 +00:00
sys New pfil(9) KPI together with newborn pfil API and control utility. 2019-01-31 23:01:03 +00:00
targets retire LINKER_FEATURES filter flag 2018-11-12 20:44:22 +00:00
tests pf tests: Check size validation in DIOCGETSRCNODES 2019-01-22 02:56:36 +00:00
tools Remove RADIUS-related files when WITHOUT_RADIUS_SUPPORT=true is set 2019-01-27 18:53:36 +00:00
usr.bin elfdump: use designated array initialization for note types 2019-01-31 16:49:06 +00:00
usr.sbin freebsd-update: regenerate man page database after update 2019-01-30 19:19:14 +00:00
.arcconfig callsign isn't required anymore 2016-09-29 06:19:45 +00:00
.arclint arc lint: ignore /tests/ in chmod 2017-12-19 03:38:06 +00:00
.gitattributes MK_ZFS -> {MK_ZFS|MK_LOADER_ZFS}, this is so we can diable userland / kernel 2019-01-05 22:45:20 +00:00
.gitignore Ignore _.universe-toolchain file. 2018-07-01 13:50:37 +00:00
COPYRIGHT Happy New Year 2019! 2019-01-01 00:25:25 +00:00
LOCKS LOCKS: update current locks 2018-06-09 03:08:04 +00:00
MAINTAINERS Register a pre-commit review for ipfilter. 2018-12-24 01:12:22 +00:00
Makefile Update comment about 'universe' disk usage 2018-11-10 19:09:48 +00:00
Makefile.inc1 Remove iBCS2: plug a wart missed in r342242 2018-12-19 22:08:51 +00:00
Makefile.libcompat Use ...-freebsd13.0 in -target strings. 2018-11-12 16:55:20 +00:00
Makefile.sys.inc AUTO_OBJ: For all top-level targets enforce using an OBJDIR. 2017-12-05 21:29:47 +00:00
ObsoleteFiles.inc New pfil(9) KPI together with newborn pfil API and control utility. 2019-01-31 23:01:03 +00:00
README README: add generic notes about GENERIC and NOTES 2018-06-17 19:44:24 +00:00
README.md README: add generic notes about GENERIC and NOTES 2018-06-17 19:44:24 +00:00
UPDATING Make iflib a loadable module. 2019-01-31 19:05:56 +00:00

README.md

FreeBSD Source:

This is the top level of the FreeBSD source directory. This file was last revised on: FreeBSD

FreeBSD is an operating system used to power modern servers, desktops, and embedded platforms. A large community has continually developed it for more than thirty years. Its advanced networking, security, and storage features have made FreeBSD the platform of choice for many of the busiest web sites and most pervasive embedded networking and storage devices.

For copyright information, please see the file COPYRIGHT in this directory. Additional copyright information also exists for some sources in this tree - please see the specific source directories for more information.

The Makefile in this directory supports a number of targets for building components (or all) of the FreeBSD source tree. See build(7), config(8), https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html, and https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig.html for more information, including setting make(1) variables.

Source Roadmap:

bin		System/user commands.

cddl		Various commands and libraries under the Common Development
		and Distribution License.

contrib		Packages contributed by 3rd parties.

crypto		Cryptography stuff (see crypto/README).

etc		Template files for /etc.

gnu		Various commands and libraries under the GNU Public License.
		Please see gnu/COPYING* for more information.

include		System include files.

kerberos5	Kerberos5 (Heimdal) package.

lib		System libraries.

libexec		System daemons.

release		Release building Makefile & associated tools.

rescue		Build system for statically linked /rescue utilities.

sbin		System commands.

secure		Cryptographic libraries and commands.

share		Shared resources.

stand		Boot loader sources.

sys		Kernel sources.

sys/<arch>/conf Kernel configuration files. GENERIC is the configuration
		used in release builds. NOTES contains documentation of
		all possible entries.

tests		Regression tests which can be run by Kyua.  See tests/README
		for additional information.

tools		Utilities for regression testing and miscellaneous tasks.

usr.bin		User commands.

usr.sbin	System administration commands.

For information on synchronizing your source tree with one or more of the FreeBSD Project's development branches, please see:

https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/current-stable.html