src-test2/sys/modules/pf, branch release/6.3.0

src-test2/sys/modules/pf, branch release/6.3.0_cvs FreeBSD source tree https://cgit-dev.freebsd.org/src-test2/atom?h=release%2F6.3.0_cvs 2008-01-15T15:46:22Z This commit was manufactured by cvs2svn to create tag 2008-01-15T15:46:22Z cvs2svn cvs2svn@FreeBSD.org 2008-01-15T15:46:22Z urn:sha1:5cd221028ba5e7ada35a0dd196fb642b44f197d1 'RELENG_6_3_0_RELEASE'. This commit was manufactured to restore the state of the 6.3-RELEASE image. MFC the firewall labeling changes. 2006-09-19T15:45:22Z Christian S.J. Peron csjp@FreeBSD.org 2006-09-19T15:45:22Z urn:sha1:5e26e428cf4e45807167ca05a29d6b45ad9b1f62 This fixes kernel panics which occur when the firewall sends out a packet. This can happen for keep alives, or instances when the firewall is configured to return RST or ICMP unreach packets. These panics occured only if MLS, BIBA or LOMAC security policies were loaded. Approved by: re@ (kensmith) Submitted by: mlaier (with changes) MFC in the pf and pflog modules: 2006-03-22T15:56:32Z Yaroslav Tykhiy ytykhiy@gmail.com 2006-03-22T15:56:32Z urn:sha1:97bd3c767532dc638274ff8885af5d9b8d63d9ca pf: Respect KERNBUILDDIR. both: Don't depend on DEV_*. Approved by: re (scottl) MFC: 2006-03-06T16:10:19Z Max Laier mlaier@FreeBSD.org 2006-03-06T16:10:19Z urn:sha1:c6563059d36c4fc2e3a1d2ce7f0a851ec70eecb6 Make pflog a seperate module. As a result pflog_packet() becomes a function pointer that is declared in pf_ioctl.c Requested by: yar (as part of the module build reorg) Approved by: re (scottl) Let kmod.mk create an empty .h file. 2005-06-05T05:30:37Z Ruslan Ermilov ru@FreeBSD.org 2005-06-05T05:30:37Z urn:sha1:50fc7005c20823fdf77128bdf75390a3450192d0 NOINET6 -> NO_INET6 2004-12-21T10:49:29Z Ruslan Ermilov ru@FreeBSD.org 2004-12-21T10:49:29Z urn:sha1:731db6a428d2389caf3795ff50f1895f04b80899 Removed -Wall from CFLAGS. 2004-09-01T07:39:12Z Ruslan Ermilov ru@FreeBSD.org 2004-09-01T07:39:12Z urn:sha1:5eadd7403e8fb0def69f6baae24594ca2e5e9bb7 Get rid of the RANDOM_IP_ID option and make it a sysctl. NetBSD 2004-08-14T15:32:40Z David Malone dwmalone@FreeBSD.org 2004-08-14T15:32:40Z urn:sha1:1f44b0a1b539198ce55bf97e73d51ded20a55ab4 have already done this, so I have styled the patch on their work: 1) introduce a ip_newid() static inline function that checks the sysctl and then decides if it should return a sequential or random IP ID. 2) named the sysctl net.inet.ip.random_id 3) IPv6 flow IDs and fragment IDs are now always random. Flow IDs and frag IDs are significantly less common in the IPv6 world (ie. rarely generated per-packet), so there should be smaller performance concerns. The sysctl defaults to 0 (sequential IP IDs). Reviewed by: andre, silby, mlaier, ume Based on: NetBSD MFC after: 2 months Commit pf version 3.5 and link additional files to the kernel build. 2004-06-16T23:24:02Z Max Laier mlaier@FreeBSD.org 2004-06-16T23:24:02Z urn:sha1:7c1fe9533390e3a906df00201ee6c66cbac7a031 Version 3.5 brings: - Atomic commits of ruleset changes (reduce the chance of ending up in an inconsistent state). - A 30% reduction in the size of state table entries. - Source-tracking (limit number of clients and states per client). - Sticky-address (the flexibility of round-robin with the benefits of source-hash). - Significant improvements to interface handling. - and many more ... Make pf* modules respect NOINET6 from make.conf(5) in order to build them 2004-04-06T15:12:50Z Max Laier mlaier@FreeBSD.org 2004-04-06T15:12:50Z urn:sha1:1ffe5d762b1dba2d7bf54e412484286ccd02d1d4 for INET6-less kernel. Requested by: many Approved by: bms(mentor)