| #
502d982c |
| 28-Dec-2018 |
Sascha Wildner <saw@online.de> |
kernel: Remove more duplicate includes.
|
| #
bff82488 |
| 20-Mar-2018 |
Aaron LI <aly@aaronly.me> |
<net/if.h>: Do not include <net/if_var.h> for _KERNEL
* Clean up an ancient leftover: do not include <net/if_var.h> from <net/if.h>
for kernel stuffs.
* Adjust various files to include the necess
<net/if.h>: Do not include <net/if_var.h> for _KERNEL
* Clean up an ancient leftover: do not include <net/if_var.h> from <net/if.h>
for kernel stuffs.
* Adjust various files to include the necessary <net/if_var.h> header.
NOTE:
I have also tested removing the inclusion of <net/if.h> from <net/if_var.h>,
therefore add <net/if.h> inclusion for those files that need it but only
included <net/if_var.h>. For some files, the header inclusion orderings are
also adjusted.
show more ...
|
| #
4408d548 |
| 12-May-2018 |
Bill Yuan <bycn82@dragonflybsd.org> |
ipfw3_nat: highspeed lockless in-kernel NAT
RB-Tree to stored the state for the outgoing packets, and multidimentional
array of pointers to keep the state for the incoming packets.
|
| #
9187b359 |
| 21-Jun-2016 |
Bill Yuan <bycn82@dragonflybsd.org> |
ipfw3: lockless in-kernel NAT
The libalias is used in kernel space for in-kernel NAT, and its alias_link
entries are stored with LIST. so all the packets which need to be NAT will scan
against the L
ipfw3: lockless in-kernel NAT
The libalias is used in kernel space for in-kernel NAT, and its alias_link
entries are stored with LIST. so all the packets which need to be NAT will scan
against the LIST and trying to find the matched alias_link. by seperating the
libalias into context of different CPUs, the lock can be removed. and due to the
nature of NAT, the outgoing and incoming packets are possible to be handled by
different CPUs, to ensure the returning packet can be translated properly, the
newly created alias_link is required to be duplicated and inserted into contexts
of both CPUs.
e.g.
ipfw3 nat 1 config if em0
ipfw3 nat 1 all via em0
ipfw3 nat 1 show state
show more ...
|
| #
e895e94d |
| 17-Jun-2015 |
Bill Yuan <bycn82@leaf.dragonflybsd.org> |
ipfw3: support bpf filter in layer4 module
syntax:
bpf "<bpf string>"
e.g.
ipfw3 add allow all bpf "icmp and src 8.8.8.8"
bpf can be used to filter the packet payload.
pcap_compile_nocap was used
ipfw3: support bpf filter in layer4 module
syntax:
bpf "<bpf string>"
e.g.
ipfw3 add allow all bpf "icmp and src 8.8.8.8"
bpf can be used to filter the packet payload.
pcap_compile_nocap was used to compile the bpf string
and bpf_filter for the filtering.
show more ...
|
| #
dee12dda |
| 16-Jun-2015 |
Bill Yuan <bycn82@leaf.dragonflybsd.org> |
ipfw3: filter 'established' in layer4 module
matches TCP packets that has the RST or ACK bits set.
|
| #
6a03354e |
| 12-Mar-2015 |
Matthew Dillon <dillon@apollo.backplane.com> |
ipfw2 - Rename FreeBSD ipfw port to ipfw3
* Rename all elements of the port to ipfw3 to reduce confusion.
|