| #
d8449084 |
| 15-Nov-2023 |
Aaron LI <aly@aaronly.me> |
Remove no longer needed casts for radix routines
|
| #
de23f38f |
| 14-Nov-2023 |
Bill Yuan <bycn82@dragonflybsd.org> |
ipfw3_table: invoke the init in ipfw3_basic module
ipfw3 table 1 type ip
ipfw3 table 1 append ip <ip>
ipfw3 table list
ipfw3 table 1 show
|
|
Revision tags: v6.4.0, v6.4.0rc1, v6.5.0, v6.2.2, v6.2.1, v6.3.0, v6.0.1, v6.0.0, v6.0.0rc1, v6.1.0, v5.8.3, v5.8.2, v5.8.1 |
|
| #
eca1e48f |
| 28-Mar-2020 |
Sascha Wildner <saw@online.de> |
kernel: Remove <sys/mplock2.h> from all files that do not need it.
|
|
Revision tags: v5.8.0, v5.9.0, v5.8.0rc1, v5.6.3, v5.6.2, v5.6.1, v5.6.0, v5.6.0rc1, v5.7.0, v5.4.3, v5.4.2 |
|
| #
fcf6efef |
| 02-Mar-2019 |
Sascha Wildner <saw@online.de> |
kernel: Remove numerous #include <sys/thread2.h>.
Most of them were added when we converted spl*() calls to
crit_enter()/crit_exit(), almost 14 years ago. We can now
remove a good chunk of them agai
kernel: Remove numerous #include <sys/thread2.h>.
Most of them were added when we converted spl*() calls to
crit_enter()/crit_exit(), almost 14 years ago. We can now
remove a good chunk of them again for where crit_*() are
no longer used.
I had to adjust some files that were relying on thread2.h
or headers that it includes coming in via other headers
that it was removed from.
show more ...
|
|
Revision tags: v5.4.1, v5.4.0, v5.5.0, v5.4.0rc1, v5.2.2 |
|
| #
599c55a4 |
| 15-May-2018 |
Sascha Wildner <saw@online.de> |
kernel/ipfw3: Remove unused malloc type.
|
|
Revision tags: v5.2.1 |
|
| #
4408d548 |
| 12-May-2018 |
Bill Yuan <bycn82@dragonflybsd.org> |
ipfw3_nat: highspeed lockless in-kernel NAT
RB-Tree to stored the state for the outgoing packets, and multidimentional
array of pointers to keep the state for the incoming packets.
|
| #
dff1aee3 |
| 13-Apr-2018 |
Bill Yuan <bycn82@dragonflybsd.org> |
ipfw3: remove legacy macros
|
| #
e600b76a |
| 13-Apr-2018 |
Bill Yuan <bycn82@dragonflybsd.org> |
ipfw3basic: misc
|
| #
5945821c |
| 13-Apr-2018 |
Bill Yuan <bycn82@dragonflybsd.org> |
ipfw3basic: fix `to me`
|
|
Revision tags: v5.2.0, v5.3.0, v5.2.0rc, v5.0.2, v5.0.1, v5.0.0, v5.0.0rc2, v5.1.0, v5.0.0rc1 |
|
| #
aa612e18 |
| 16-Sep-2017 |
Sepherosa Ziehau <sephe@dragonflybsd.org> |
ipfw/ipfw3: Use INTWAIT|NULLOK for mtag allocation.
|
|
Revision tags: v4.8.1 |
|
| #
c3b4f1bf |
| 18-Jul-2017 |
Sepherosa Ziehau <sephe@dragonflybsd.org> |
netisr: netisr_forwardmsg -> netisr_forwardmsg_all
This function actually forwards netmsg to all available netisrs,
instead of netisr_ncpus netisrs.
For some modules, this is obviously not necessar
netisr: netisr_forwardmsg -> netisr_forwardmsg_all
This function actually forwards netmsg to all available netisrs,
instead of netisr_ncpus netisrs.
For some modules, this is obviously not necessary; they will be
fixed one-by-one later.
show more ...
|
| #
1536582d |
| 10-Jun-2017 |
Bill Yuan <bycn82@dragonflybsd.org> |
ipfw3_basic: keep-state is a pseudo filter
|
| #
6750e631 |
| 08-Jun-2017 |
Bill Yuan <bycn82@dragonflybsd.org> |
ipfw3sync: dont call the sync func when centre not running
|
| #
159da2eb |
| 07-Jun-2017 |
Bill Yuan <bycn82@dragonflybsd.org> |
ipfw3_basic: move netisr_domsg out of callout func
|
| #
e97b1989 |
| 03-Apr-2017 |
Sepherosa Ziehau <sephe@dragonflybsd.org> |
ipfw3: Reduce dependency on ifnet threads.
Prepare to get rid of them.
|
|
Revision tags: v4.8.0, v4.6.2, v4.9.0, v4.8.0rc, v4.6.1, v4.6.0, v4.6.0rc2, v4.6.0rc, v4.7.0 |
|
| #
9187b359 |
| 21-Jun-2016 |
Bill Yuan <bycn82@dragonflybsd.org> |
ipfw3: lockless in-kernel NAT
The libalias is used in kernel space for in-kernel NAT, and its alias_link
entries are stored with LIST. so all the packets which need to be NAT will scan
against the L
ipfw3: lockless in-kernel NAT
The libalias is used in kernel space for in-kernel NAT, and its alias_link
entries are stored with LIST. so all the packets which need to be NAT will scan
against the LIST and trying to find the matched alias_link. by seperating the
libalias into context of different CPUs, the lock can be removed. and due to the
nature of NAT, the outgoing and incoming packets are possible to be handled by
different CPUs, to ensure the returning packet can be translated properly, the
newly created alias_link is required to be duplicated and inserted into contexts
of both CPUs.
e.g.
ipfw3 nat 1 config if em0
ipfw3 nat 1 all via em0
ipfw3 nat 1 show state
show more ...
|
|
Revision tags: v4.4.3 |
|
| #
f92842b0 |
| 26-Feb-2016 |
Bill Yuan <bycn82@dragonflybsd.org> |
ipfw3: update rule in func skipto
|
| #
e2124e7d |
| 26-Feb-2016 |
Bill Yuan <bycn82@dragonflybsd.org> |
ipfw3: new feature 'ipfwsync'
ipfwsync is a new feature to synchronize firewall states between machines
which is running ipfw3 firewall for high availability. ipfw3 can be configured
in centre or ed
ipfw3: new feature 'ipfwsync'
ipfwsync is a new feature to synchronize firewall states between machines
which is running ipfw3 firewall for high availability. ipfw3 can be configured
in centre or edge mode. the centre will automatically sync the states from
centre to the edge.
e.g.
ipfw3 sync edge 5000
ipfw3 sync start edge
ipfw3 sync centre 192.168.1.1:5000,192.168.1.2:5000
ipfw3 sync start centre
ipfw3 sync show config
ipfw3 sync show status
ipfw3 sync test centre 123
show more ...
|
|
Revision tags: v4.4.2, v4.4.1, v4.4.0, v4.5.0, v4.4.0rc |
|
| #
26a55228 |
| 02-Oct-2015 |
Bill Yuan <bycn82@leaf.dragonflybsd.org> |
ipfw3: lookup_state for keep-state and check-state
|
| #
c1bde762 |
| 01-Oct-2015 |
Bill Yuan <bycn82@leaf.dragonflybsd.org> |
ipfw3: support ip:port in filter from and new filter src-port
1. support ip:port in both filters 'from' and 'to'
2. new filters 'src-port' and 'dst-port'
e.g. block UDP packets to 192.168.1.1:1813
i
ipfw3: support ip:port in filter from and new filter src-port
1. support ip:port in both filters 'from' and 'to'
2. new filters 'src-port' and 'dst-port'
e.g. block UDP packets to 192.168.1.1:1813
ipfw3 add deny udp to 192.168.1.1:1813
ipfw3 add deny udp to 192.168.1.1 dst-port 1813
show more ...
|
| #
5284582f |
| 01-Oct-2015 |
Bill Yuan <bycn82@leaf.dragonflybsd.org> |
ipfw3: filtering with lookup table
|
|
Revision tags: v4.2.4, v4.3.1, v4.2.3, v4.2.1 |
|
| #
63317b93 |
| 27-Jun-2015 |
Bill Yuan <bycn82@leaf.dragonflybsd.org> |
ipfw3: filter from/to supports me/any/subnet
usage:
ipfw3 add allow udp to any
ipfw3 add allow icmp from me
ipfw3 add allow icmp from 192.168.1.0/24
|
|
Revision tags: v4.2.0, v4.0.6, v4.3.0, v4.2.0rc, v4.0.5 |
|
| #
6a03354e |
| 12-Mar-2015 |
Matthew Dillon <dillon@apollo.backplane.com> |
ipfw2 - Rename FreeBSD ipfw port to ipfw3
* Rename all elements of the port to ipfw3 to reduce confusion.
|