CVSROOT: /cvs
Module name: src
Changes by: d...@cvs.openbsd.org 2009/02/15 17:31:25
Modified files:
sys/net : if_pfsync.c if_pfsync.h netisr.h
netisr_dispatch.h pf.c pf_ioctl.c pfvar.h
sys/netinet : ip_ipsp.c ip_ipsp.h
usr.sbin/tcpdump: pf_print_state.c print-pfsync.c
Log message:
pfsync v5, mostly written at n2k9, but based on work done at n2k8.
WARNING: THIS BREAKS COMPATIBILITY WITH THE PREVIOUS VERSION OF PFSYNC
this is a new variant of the protocol and a large reworking of the
pfsync code to address some performance issues. the single largest
benefit comes from having multiple pfsync messages of different
types handled in a single packet. pfsyncs handling of pf states is
highly optimised now, along with packet parsing and construction.
huggz for beck@ for testing.
huge thanks to mcbride@ for his help during development and for
finding all the bugs during the initial tests.
thanks to peter sutton for letting me get credit for this work.
ok beck@ mcbride@ "good." deraadt@
