Module Name: src Committed By: rmind Date: Sat Jan 19 21:19:32 UTC 2019
Modified Files: src/lib/libnpf: libnpf.3 npf.c npf.h src/sys/net/npf: npf.c npf.h npf_alg.c npf_conn.c npf_conn.h npf_conndb.c npf_ctl.c npf_ifaddr.c npf_impl.h npf_inet.c npf_nat.c npf_tableset.c npf_worker.c src/usr.sbin/npf: npf.7 src/usr.sbin/npf/npfctl: npf.conf.5 npf_build.c npf_data.c npf_parse.y npf_scan.l npf_show.c npf_var.c npfctl.8 npfctl.c npfctl.h src/usr.sbin/npf/npftest: npfstream.c npftest.c npftest.conf npftest.h src/usr.sbin/npf/npftest/libnpftest: Makefile npf_bpf_test.c npf_mbuf_subr.c npf_nat_test.c npf_nbuf_test.c npf_perf_test.c npf_rule_test.c npf_state_test.c npf_table_test.c npf_test.h npf_test_subr.c Added Files: src/usr.sbin/npf/npftest/libnpftest: npf_conn_test.c Log Message: Major NPF improvements: - Convert NPF connection table to thmap. State lookup is now lock-free. - Improve connection state G/C: it is now incremental and tunable. - Add support for dynamic NAT address. Translation addresses can now be selected from a pool of addresses. There are two selection algorithms, "ip-hash" and "round-robin" (see the man page). - Translation address can be specified as e.g. ifaddrs(wm0) in npf.conf to dynamically choose an IP from the interface address(es). - Add support for the NETMAP algorithm with static NAT for net-to-net translation (it is equivalent to iptables NETMAP logic). - Convert 'ipset' tables to use thmap; the table lookup is now lock-free. - Misc improvements, bug fixes and more unit tests. - Bump NPF_VERSION (will also bump libnpf). To generate a diff of this commit: cvs rdiff -u -r1.6 -r1.7 src/lib/libnpf/libnpf.3 cvs rdiff -u -r1.44 -r1.45 src/lib/libnpf/npf.c cvs rdiff -u -r1.34 -r1.35 src/lib/libnpf/npf.h cvs rdiff -u -r1.36 -r1.37 src/sys/net/npf/npf.c cvs rdiff -u -r1.58 -r1.59 src/sys/net/npf/npf.h cvs rdiff -u -r1.18 -r1.19 src/sys/net/npf/npf_alg.c cvs rdiff -u -r1.25 -r1.26 src/sys/net/npf/npf_conn.c cvs rdiff -u -r1.14 -r1.15 src/sys/net/npf/npf_conn.h cvs rdiff -u -r1.4 -r1.5 src/sys/net/npf/npf_conndb.c \ src/sys/net/npf/npf_ifaddr.c cvs rdiff -u -r1.52 -r1.53 src/sys/net/npf/npf_ctl.c \ src/sys/net/npf/npf_inet.c cvs rdiff -u -r1.73 -r1.74 src/sys/net/npf/npf_impl.h cvs rdiff -u -r1.44 -r1.45 src/sys/net/npf/npf_nat.c cvs rdiff -u -r1.28 -r1.29 src/sys/net/npf/npf_tableset.c cvs rdiff -u -r1.5 -r1.6 src/sys/net/npf/npf_worker.c cvs rdiff -u -r1.5 -r1.6 src/usr.sbin/npf/npf.7 cvs rdiff -u -r1.83 -r1.84 src/usr.sbin/npf/npfctl/npf.conf.5 cvs rdiff -u -r1.46 -r1.47 src/usr.sbin/npf/npfctl/npf_build.c \ src/usr.sbin/npf/npfctl/npfctl.h cvs rdiff -u -r1.29 -r1.30 src/usr.sbin/npf/npfctl/npf_data.c cvs rdiff -u -r1.47 -r1.48 src/usr.sbin/npf/npfctl/npf_parse.y cvs rdiff -u -r1.27 -r1.28 src/usr.sbin/npf/npfctl/npf_scan.l cvs rdiff -u -r1.26 -r1.27 src/usr.sbin/npf/npfctl/npf_show.c cvs rdiff -u -r1.11 -r1.12 src/usr.sbin/npf/npfctl/npf_var.c cvs rdiff -u -r1.20 -r1.21 src/usr.sbin/npf/npfctl/npfctl.8 cvs rdiff -u -r1.56 -r1.57 src/usr.sbin/npf/npfctl/npfctl.c cvs rdiff -u -r1.7 -r1.8 src/usr.sbin/npf/npftest/npfstream.c cvs rdiff -u -r1.22 -r1.23 src/usr.sbin/npf/npftest/npftest.c cvs rdiff -u -r1.5 -r1.6 src/usr.sbin/npf/npftest/npftest.conf cvs rdiff -u -r1.15 -r1.16 src/usr.sbin/npf/npftest/npftest.h cvs rdiff -u -r1.9 -r1.10 src/usr.sbin/npf/npftest/libnpftest/Makefile \ src/usr.sbin/npf/npftest/libnpftest/npf_bpf_test.c cvs rdiff -u -r0 -r1.1 src/usr.sbin/npf/npftest/libnpftest/npf_conn_test.c cvs rdiff -u -r1.7 -r1.8 src/usr.sbin/npf/npftest/libnpftest/npf_mbuf_subr.c \ src/usr.sbin/npf/npftest/libnpftest/npf_state_test.c cvs rdiff -u -r1.10 -r1.11 src/usr.sbin/npf/npftest/libnpftest/npf_nat_test.c \ src/usr.sbin/npf/npftest/libnpftest/npf_table_test.c cvs rdiff -u -r1.6 -r1.7 src/usr.sbin/npf/npftest/libnpftest/npf_nbuf_test.c \ src/usr.sbin/npf/npftest/libnpftest/npf_perf_test.c cvs rdiff -u -r1.15 -r1.16 \ src/usr.sbin/npf/npftest/libnpftest/npf_rule_test.c cvs rdiff -u -r1.17 -r1.18 src/usr.sbin/npf/npftest/libnpftest/npf_test.h cvs rdiff -u -r1.13 -r1.14 \ src/usr.sbin/npf/npftest/libnpftest/npf_test_subr.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.