FreeBSD source tree https://cgit-dev.freebsd.org/src/atom?h=releng%2F10.2 2012-09-14T11:51:49Z 2012-09-14T11:51:49Z Gleb Smirnoff glebius@FreeBSD.org 2012-09-14T11:51:49Z urn:sha1:3b3a8eb937bf8045231e8364bfd1b94cd4a95979 reside, and move there ipfw(4) and pf(4). o Move most modified parts of pf out of contrib. Actual movements: sys/contrib/pf/net/*.c -> sys/netpfil/pf/ sys/contrib/pf/net/*.h -> sys/net/ contrib/pf/pfctl/*.c -> sbin/pfctl contrib/pf/pfctl/*.h -> sbin/pfctl contrib/pf/pfctl/pfctl.8 -> sbin/pfctl contrib/pf/pfctl/*.4 -> share/man/man4 contrib/pf/pfctl/*.5 -> share/man/man5 sys/netinet/ipfw -> sys/netpfil/ipfw The arguable movement is pf/net/*.h -> sys/net. There are future plans to refactor pf includes, so I decided not to break things twice. Not modified bits of pf left in contrib: authpf, ftp-proxy, tftp-proxy, pflogd. The ipfw(4) movement is planned to be merged to stable/9, to make head and stable match. Discussed with: bz, luigi 2012-09-08T06:41:54Z Gleb Smirnoff glebius@FreeBSD.org 2012-09-08T06:41:54Z urn:sha1:d6d3f01e0a3395c1fae34a3c4be7b051cb2d7581 into head. The most significant achievements in the new code: o Fine grained locking, thus much better performance. o Fixes to many problems in pf, that were specific to FreeBSD port. New code doesn't have that many ifdefs and much less OpenBSDisms, thus is more attractive to our developers. Those interested in details, can browse through SVN log of the projects/pf/head branch. And for reference, here is exact list of revisions merged: r232043, r232044, r232062, r232148, r232149, r232150, r232298, r232330, r232332, r232340, r232386, r232390, r232391, r232605, r232655, r232656, r232661, r232662, r232663, r232664, r232673, r232691, r233309, r233782, r233829, r233830, r233834, r233835, r233836, r233865, r233866, r233868, r233873, r234056, r234096, r234100, r234108, r234175, r234187, r234223, r234271, r234272, r234282, r234307, r234309, r234382, r234384, r234456, r234486, r234606, r234640, r234641, r234642, r234644, r234651, r235505, r235506, r235535, r235605, r235606, r235826, r235991, r235993, r236168, r236173, r236179, r236180, r236181, r236186, r236223, r236227, r236230, r236252, r236254, r236298, r236299, r236300, r236301, r236397, r236398, r236399, r236499, r236512, r236513, r236525, r236526, r236545, r236548, r236553, r236554, r236556, r236557, r236561, r236570, r236630, r236672, r236673, r236679, r236706, r236710, r236718, r237154, r237155, r237169, r237314, r237363, r237364, r237368, r237369, r237376, r237440, r237442, r237751, r237783, r237784, r237785, r237788, r237791, r238421, r238522, r238523, r238524, r238525, r239173, r239186, r239644, r239652, r239661, r239773, r240125, r240130, r240131, r240136, r240186, r240196, r240212. I'd like to thank people who participated in early testing: Tested by: Florian Smeets <flo freebsd.org> Tested by: Chekaluk Vitaly <artemrts ukr.net> Tested by: Ben Wilber <ben desync.com> Tested by: Ian FREISLICH <ianf cloudseed.co.za> 2011-06-28T11:57:25Z Bjoern A. Zeeb bz@FreeBSD.org 2011-06-28T11:57:25Z urn:sha1:e0bfbfce7922dd3c28eb072b599c6bb8f65f039e You need to update userland (world and ports) tools to be in sync with the kernel. Submitted by: mlaier Submitted by: eri 2009-10-10T03:32:46Z Ermal Luçi eri@FreeBSD.org 2009-10-10T03:32:46Z urn:sha1:200b56607f48198d80f60019a07c486e70d318df Approved by: mlaier(mentor) MFC after: 3 days 2009-06-08T19:57:35Z Bjoern A. Zeeb bz@FreeBSD.org 2009-06-08T19:57:35Z urn:sha1:8d8bc0182ea6f8f85409e76e53053487c7d23a84 the ROUTETABLES kernel option thus there is no need to include opt_route.h anymore in all consumers of vnet.h and no longer depend on it for module builds. Remove the hidden include in flowtable.h as well and leave the two explicit #includes in ip_input.c and ip_output.c. 2009-06-06T17:01:44Z Robert Watson rwatson@FreeBSD.org 2009-06-06T17:01:44Z urn:sha1:d5fc25e5d6c52b306312784663ccad85923a9c76 require it. Submitted by: pjd 2008-12-02T21:37:28Z Bjoern A. Zeeb bz@FreeBSD.org 2008-12-02T21:37:28Z urn:sha1:4b79449e2fb67cb37c4c9f46d31791893a39ddd8 directly include only the header files needed. This reduces the unneeded spamming of various headers into lots of files. For now, this leaves us with very few modules including vnet.h and thus needing to depend on opt_route.h. Reviewed by: brooks, gnn, des, zec, imp Sponsored by: The FreeBSD Foundation 2008-09-01T23:59:00Z Warner Losh imp@FreeBSD.org 2008-09-01T23:59:00Z urn:sha1:9e51595ce660d915899019d03075d8c17f3732d3 prefer the more common > ${.TARGET} over > opt_foo.h in modules makefiles. 2007-07-03T12:46:08Z Max Laier mlaier@FreeBSD.org 2007-07-03T12:46:08Z urn:sha1:60ee384760646565a24320d92c5219bc052ce947 - move ftp-proxy from libexec to usr.sbin - add tftp-proxy - new altq mtag link Approved by: re (kensmith) 2006-09-12T04:25:13Z Christian S.J. Peron csjp@FreeBSD.org 2006-09-12T04:25:13Z urn:sha1:d94f2a68f8c39a5abc9ba9c58e959f31bc90194d exists to allow the mandatory access control policy to properly initialize mbufs generated by the firewall. An example where this might happen is keep alive packets, or ICMP error packets in response to other packets. This takes care of kernel panics associated with un-initialize mbuf labels when the firewall generates packets. [1] I modified this patch from it's original version, the initial patch introduced a number of entry points which were programmatically equivalent. So I introduced only one. Instead, we should leverage mac_create_mbuf_netlayer() which is used for similar situations, an example being icmp_error() This will minimize the impact associated with the MFC Submitted by: mlaier [1] MFC after: 1 week This is a RELENG_6 candidate