| Age | Commit message (Collapse) | Author |
|---|
|
|
|
then ifnet_addrs[ifp->if_index] leaks; if it's called after if_detach()
then if_free_sadl() does nothing; ok itojun
|
|
1) PF should do the right thing when unplugging/replugging or cloning/
destroying NICs.
2) Rules can be loaded in the kernel for not-yet-existing devices
(USB, PCMCIA, Cardbus). For example, it is valid to write:
"pass in on kue0" before kue USB is plugged in.
3) It is possible to write rules that apply to group of interfaces
(drivers), like "pass in on ppp all"
4) There is a new ":peer" modifier that completes the ":broadcast"
and ":network" modifiers.
5) There is a new ":0" modifier that will filter out interface aliases.
Can also be applied to DNS names to restore original PF behaviour.
6) The dynamic interface syntax (foo) has been vastly improved, and
now support multiple addresses, v4 and v6 addresses, and all userland
modifiers, like "pass in from (fxp0:network)"
7) Scrub rules now support the !if syntax.
8) States can be bound to the specific interface that created them or
to a group of interfaces for example:
- pass all keep state (if-bound)
- pass all keep state (group-bound)
- pass all keep state (floating)
9) The default value when only keep state is given can be selected by
using the "set state-policy" statement.
10) "pfctl -ss" will now print the interface scope of the state.
This diff change the pf_state structure slighltly, so you should
recompile your userland tools (pfctl, authpf, pflogd, tcpdump...)
Tested on i386, sparc, sparc64 by Ryan
Tested on macppc, sparc64 by Daniel
ok deraadt@ mcbride@
|
|
|
|
|
|
to check if interface exists, as (1) if_index will have different meaning
(2) ifindex2ifnet could become NULL when interface gets destroyed,
when we introduce dynamically-created interfaces. markus ok
|
|
|
|
|
|
|
|
allocation; tested on most archs
|
|
Allows multiple hosts to share an IP address, providing high availability
and load balancing.
Based on code by mickey@, with additional help from markus@
and Marco_Pfatschbacher@genua.de
ok deraadt@
|
|
|
|
makes routing lookups slightly more expensive, and serves no useful
purpose.
ok itojun@ tedu@
|
|
deraadt@ ok.
|
|
argument. old cred only calls user suser_ucred. this will allow future
work to more flexibly implement the idea of a root process. looks like
something i saw in freebsd, but a little different.
use of suser_ucred vs suser in file system code should be looked at again,
for the moment semantics remain unchanged.
review and input from art@ testing and further review miod@
|
|
to detached if. deraadt ok
|
|
rescinded 22 July 1999. Proofed by myself and Theo.
|
|
|
|
|
|
declarations (extern int foo), and compensate in the appropriate locations.
|
|
the size of sockaddr_dl on if_attach() - for instance, see ether_ifattach().
from netbsd. fgs ok
|
|
|
|
|
|
|
|
|
|
|
|
|
|
initialization after domaininit().
|
|
as discussed at bsd-api-discuss. sync w/kame
|
|
one may be called.
|
|
notified of interface address changes. ok provos@, angelos@
|
|
|
|
convert several of the loops to TAILQ_FOREACH.
|
|
and has been wrong since PnP devices (pcmcia, carbus, etc) shown up.
If you forgot to set ifq_maxlen somewhere in the driver, you're gonna
see baaaad things; jason@ ok, angelos@ "should be ok" , theo
"don't understand why".
|
|
- ALTQ introduces a set of new queue macros that coexist with the
traditional IF_XXX macros.
- "struct ifaltq" replaces "struct ifqueue" in "struct ifnet".
- assign cdev major 74 for i386 and 54 for alpha as ALTQ control interface.
|
|
|
|
follows BSD/OS practice and ucd-snmp code (FreeBSD does it for specific
interfaces only).
was: if_lastchange get updated on every packet transmission/receipt.
now: if_lastchange get updated when IFF_UP is changed.
|
|
|
|
licence in a way that makes ipf not free according to the rules we
established over 5 years ago, at www.openbsd.org/goals.html (and those
same basic rules govern the other *BSD projects too). Specifically,
Darren says that modified versions are not permitted. But software
which OpenBSD uses and redistributes must be free to all (be they
people or companies), for any purpose they wish to use it, including
modification, use, peeing on, or even integration into baby mulching
machines or atomic bombs to be dropped on Australia. Furthermore, we
know of a number of companies using ipf with modification like us, who
are now in the same situation, and we hope that some of them will work
with us to fill this gap that now exists in OpenBSD (temporarily, we
hope).
|
|
sync with kame. old ioctls are kept but not really recommended.
|
|
functions to 'nops'.
Some protocols might want to output some packets while detaching and
that could be a bad idea when the interface has gone away.
Do we need to change more functions?
|
|
|
|
have sys/net/route.c:rtrequest1(), which takes rt_addrinfo * as the argument.
pass rt_addrinfo all the way down to rtrequest, and ifa->ifa_rtrequest.
3rd arg of ifa->ifa_rtrequest is now rt_addrinfo * instead of sockaddr *
(almost noone is using it anyways).
benefit: the follwoing command now works. previously we need two route(8)
invocations, "add" then "change".
# route add -inet6 default ::1 -ifp gif0
remove unsafe typecast in rtrequest(), from rtentry * to sockaddr *. it was
introduced by 4.3BSD-reno and never corrected.
XXX is eon_rtrequest() change correct regarding to 3rd arg?
eon_rtrequest() and rtrequest() were incorrect since 4.3BSD-reno,
so i do not have correct answer in the source code.
someone with more clue about netiso-over-ip, please help.
|
|
Note: before building the userland part you need to do make includes.
|
|
|
|
|
|
|
|
|
|
he has an indentation flaw, he has not fixed it, so i get a commit, thanks niels
|
|
|
