Module Name: src
Committed By: rmind
Date: Sun Aug 22 18:56:24 UTC 2010
Modified Files:
src/distrib/sets/lists/base: mi
src/distrib/sets/lists/comp: mi
src/distrib/sets/lists/man: mi
src/etc: MAKEDEV.tmpl Makefile
src/share/man/man9: Makefile
src/share/mk: bsd.README bsd.own.mk
src/sys/arch/amd64/conf: GENERIC
src/sys/arch/i386/conf: ALL GENERIC MONOLITHIC
src/sys/conf: files majors
src/sys/net: Makefile
src/usr.sbin: Makefile
Added Files:
src/share/man/man9: npf_ncode.9
src/sys/modules/npf: Makefile
src/sys/net/npf: Makefile files.npf npf.c npf.h npf_alg.c
npf_alg_icmp.c npf_ctl.c npf_handler.c npf_impl.h npf_inet.c
npf_instr.c npf_mbuf.c npf_nat.c npf_ncode.h npf_processor.c
npf_ruleset.c npf_session.c npf_tableset.c
src/usr.sbin/npf: Makefile Makefile.inc
src/usr.sbin/npf/npfctl: Makefile npf.conf.8 npf_data.c npf_ncgen.c
npf_parser.c npfctl.8 npfctl.c npfctl.h
Log Message:
Import NPF - a packet filter. Some features:
- Designed to be fully MP-safe and highly efficient.
- Tables/IP sets (hash or red-black tree) for high performance lookups.
- Stateful filtering and Network Address Port Translation (NAPT).
Framework for application level gateways (ALGs).
- Packet inspection engine called n-code processor - inspired by BPF -
supporting generic RISC-like and specific CISC-like instructions for
common patterns (e.g. IPv4 address matching). See npf_ncode(9) manual.
- Convenient userland utility npfctl(8) with npf.conf(8).
NOTE: This is not yet a fully capable alternative to PF or IPFilter.
Further work (support for binat/rdr, return-rst/return-icmp, common ALGs,
state saving/restoring, logging, etc) is in progress.
Thanks a lot to Matt Thomas for various useful comments and code review.
Aye by: board@
To generate a diff of this commit:
cvs rdiff -u -r1.879 -r1.880 src/distrib/sets/lists/base/mi
cvs rdiff -u -r1.1498 -r1.1499 src/distrib/sets/lists/comp/mi
cvs rdiff -u -r1.1233 -r1.1234 src/distrib/sets/lists/man/mi
cvs rdiff -u -r1.134 -r1.135 src/etc/MAKEDEV.tmpl
cvs rdiff -u -r1.380 -r1.381 src/etc/Makefile
cvs rdiff -u -r1.341 -r1.342 src/share/man/man9/Makefile
cvs rdiff -u -r0 -r1.1 src/share/man/man9/npf_ncode.9
cvs rdiff -u -r1.274 -r1.275 src/share/mk/bsd.README
cvs rdiff -u -r1.639 -r1.640 src/share/mk/bsd.own.mk
cvs rdiff -u -r1.284 -r1.285 src/sys/arch/amd64/conf/GENERIC
cvs rdiff -u -r1.266 -r1.267 src/sys/arch/i386/conf/ALL
cvs rdiff -u -r1.992 -r1.993 src/sys/arch/i386/conf/GENERIC
cvs rdiff -u -r1.11 -r1.12 src/sys/arch/i386/conf/MONOLITHIC
cvs rdiff -u -r1.993 -r1.994 src/sys/conf/files
cvs rdiff -u -r1.51 -r1.52 src/sys/conf/majors
cvs rdiff -u -r0 -r1.1 src/sys/modules/npf/Makefile
cvs rdiff -u -r1.28 -r1.29 src/sys/net/Makefile
cvs rdiff -u -r0 -r1.1 src/sys/net/npf/Makefile src/sys/net/npf/files.npf \
src/sys/net/npf/npf.c src/sys/net/npf/npf.h src/sys/net/npf/npf_alg.c \
src/sys/net/npf/npf_alg_icmp.c src/sys/net/npf/npf_ctl.c \
src/sys/net/npf/npf_handler.c src/sys/net/npf/npf_impl.h \
src/sys/net/npf/npf_inet.c src/sys/net/npf/npf_instr.c \
src/sys/net/npf/npf_mbuf.c src/sys/net/npf/npf_nat.c \
src/sys/net/npf/npf_ncode.h src/sys/net/npf/npf_processor.c \
src/sys/net/npf/npf_ruleset.c src/sys/net/npf/npf_session.c \
src/sys/net/npf/npf_tableset.c
cvs rdiff -u -r1.245 -r1.246 src/usr.sbin/Makefile
cvs rdiff -u -r0 -r1.1 src/usr.sbin/npf/Makefile \
src/usr.sbin/npf/Makefile.inc
cvs rdiff -u -r0 -r1.1 src/usr.sbin/npf/npfctl/Makefile \
src/usr.sbin/npf/npfctl/npf.conf.8 src/usr.sbin/npf/npfctl/npf_data.c \
src/usr.sbin/npf/npfctl/npf_ncgen.c src/usr.sbin/npf/npfctl/npf_parser.c \
src/usr.sbin/npf/npfctl/npfctl.8 src/usr.sbin/npf/npfctl/npfctl.c \
src/usr.sbin/npf/npfctl/npfctl.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
