| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | o Create directory sys/netpfil, where all packet filters should | glebius | 2012-09-14 | 1 | -2191/+0 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | reside, and move there ipfw(4) and pf(4). o Move most modified parts of pf out of contrib. Actual movements: sys/contrib/pf/net/*.c -> sys/netpfil/pf/ sys/contrib/pf/net/*.h -> sys/net/ contrib/pf/pfctl/*.c -> sbin/pfctl contrib/pf/pfctl/*.h -> sbin/pfctl contrib/pf/pfctl/pfctl.8 -> sbin/pfctl contrib/pf/pfctl/*.4 -> share/man/man4 contrib/pf/pfctl/*.5 -> share/man/man5 sys/netinet/ipfw -> sys/netpfil/ipfw The arguable movement is pf/net/*.h -> sys/net. There are future plans to refactor pf includes, so I decided not to break things twice. Not modified bits of pf left in contrib: authpf, ftp-proxy, tftp-proxy, pflogd. The ipfw(4) movement is planned to be merged to stable/9, to make head and stable match. Discussed with: bz, luigi | ||||
| * | Merge the projects/pf/head branch, that was worked on for last six months, | glebius | 2012-09-08 | 1 | -692/+367 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | into head. The most significant achievements in the new code: o Fine grained locking, thus much better performance. o Fixes to many problems in pf, that were specific to FreeBSD port. New code doesn't have that many ifdefs and much less OpenBSDisms, thus is more attractive to our developers. Those interested in details, can browse through SVN log of the projects/pf/head branch. And for reference, here is exact list of revisions merged: r232043, r232044, r232062, r232148, r232149, r232150, r232298, r232330, r232332, r232340, r232386, r232390, r232391, r232605, r232655, r232656, r232661, r232662, r232663, r232664, r232673, r232691, r233309, r233782, r233829, r233830, r233834, r233835, r233836, r233865, r233866, r233868, r233873, r234056, r234096, r234100, r234108, r234175, r234187, r234223, r234271, r234272, r234282, r234307, r234309, r234382, r234384, r234456, r234486, r234606, r234640, r234641, r234642, r234644, r234651, r235505, r235506, r235535, r235605, r235606, r235826, r235991, r235993, r236168, r236173, r236179, r236180, r236181, r236186, r236223, r236227, r236230, r236252, r236254, r236298, r236299, r236300, r236301, r236397, r236398, r236399, r236499, r236512, r236513, r236525, r236526, r236545, r236548, r236553, r236554, r236556, r236557, r236561, r236570, r236630, r236672, r236673, r236679, r236706, r236710, r236718, r237154, r237155, r237169, r237314, r237363, r237364, r237368, r237369, r237376, r237440, r237442, r237751, r237783, r237784, r237785, r237788, r237791, r238421, r238522, r238523, r238524, r238525, r239173, r239186, r239644, r239652, r239661, r239773, r240125, r240130, r240131, r240136, r240186, r240196, r240212. I'd like to thank people who participated in early testing: Tested by: Florian Smeets <flo freebsd.org> Tested by: Chekaluk Vitaly <artemrts ukr.net> Tested by: Ben Wilber <ben desync.com> Tested by: Ian FREISLICH <ianf cloudseed.co.za> | ||||
| * | Correct table counter functionality to not panic. | eri | 2012-05-31 | 1 | -1/+0 |
| | | | | | | | | | This was caused by not proper initialization of necessary parameters. PR: 168200 Reviewed by: bz@, glebius@ MFC after: 1 week | ||||
| * | Revert to the old behavior of allocating table/table entries using | csjp | 2012-01-14 | 1 | -12/+4 |
| | | | | | | | | | | | M_NOWAIT. Currently, the code allows for sleeping in the ioctl path to guarantee allocation. However code also handles ENOMEM gracefully, so propagate this error back to user-space, rather than sleeping while holding the global pf mutex. Reviewed by: glebius Discussed with: bz | ||||
| * | Adjust the PF_ASSERT() macro to what we usually use in the network stack: | bz | 2011-10-19 | 1 | -3/+3 |
| | | | | | | | PF_LOCK_ASSERT() and PF_UNLOCK_ASSERT(). MFC after: 3 days | ||||
| * | Update packet filter (pf) code to OpenBSD 4.5. | bz | 2011-06-28 | 1 | -133/+297 |
| | | | | | | | | | You need to update userland (world and ports) tools to be in sync with the kernel. Submitted by: mlaier Submitted by: eri | ||||
| * | - convert radix node head lock from mutex to rwlock | kmacy | 2008-12-07 | 1 | -0/+2 |
| | | | | | | | | | - make radix node head lock not recursive - fix LOR in rtexpunge - fix LOR in rtredirect Reviewed by: sam | ||||
| * | Properly drop the pf mutex around all copyout (consistency still protected | mlaier | 2007-10-24 | 1 | -1/+1 |
| | | | | | | | | by the sx) and avoid a WITNESS panic. Overlooked during last import. Reported and tested by: Max N. Boyarov MFC after: 3 days | ||||
| * | Commit resolved import of OpenBSD 4.1 pf from perforce. | mlaier | 2007-07-03 | 1 | -20/+15 |
| | | | | | Approved by: re (kensmith) | ||||
| * | Make LINT happy. | mlaier | 2005-05-04 | 1 | -8/+8 |
| | | |||||
| * | Resolve conflicts created during the import of pf 3.7 Some features are | mlaier | 2005-05-03 | 1 | -141/+194 |
| | | | | | | | | | missing and will be implemented in a second step. This is functional as is. Tested by: freebsd-pf, pfsense.org Obtained from: OpenBSD X-MFC after: never (breaks API/ABI) | ||||
| * | Initialize s variable early to shut up GCC warnings. | kan | 2004-07-28 | 1 | -13/+15 |
| | | | | | | | | Do not declare inline functions without body as this is useless in general and generates a warning with GCC 3.4.x. Glanced over by: dhartmei | ||||
| * | Commit pf version 3.5 and link additional files to the kernel build. | mlaier | 2004-06-16 | 1 | -239/+210 |
| | | | | | | | | | | | | | Version 3.5 brings: - Atomic commits of ruleset changes (reduce the chance of ending up in an inconsistent state). - A 30% reduction in the size of state table entries. - Source-tracking (limit number of clients and states per client). - Sticky-address (the flexibility of round-robin with the benefits of source-hash). - Significant improvements to interface handling. - and many more ... | ||||
| * | Style(9) round for the pf kernel parts. Mostly #if defined() -> #ifdef | mlaier | 2004-03-17 | 1 | -58/+54 |
| | | | | | | | | | Also set HOOK_HACK to true (remove the related #ifdef's) as we have the hooks in the kernel this was missed during the merge from the port. Noticed by: Amir S. (for the HOOK_HACK part) Approved by: bms(mentor) | ||||
| * | Bring diff from the security/pf port. This has code been tested as a port | mlaier | 2004-02-26 | 1 | -2/+326 |
| | | | | | | | | | | | | | | for a long time and is run in production use. This is the code present in portversion 2.03 with some additional tweaks. The rather extensive diff accounts for: - locking (to enable pf to work with a giant-free netstack) - byte order difference between OpenBSD and FreeBSD for ip_len/ip_off - conversion from pool(9) to zone(9) - api differences etc. Approved by: bms(mentor) (in general) | ||||
| * | Vendor import of OpenBSD's packet filter (pf) as of OpenBSD 3.4 | mlaier | 2004-02-26 | 1 | -0/+2018 |
| Approved by: bms(mentor), core (in general) | |||||
 |
index : FreeBSD-src | |
| Raptor Engineering's fork of pfsense FreeBSD src with pfSense changes | Raptor Engineering, LLC |
| summaryrefslogtreecommitdiffstats |
|