sys/modules: normalize .CURDIR-relative paths to SRCTOPThis simplifies make output/logicTested with: `cd sys/modules; make ALL_MODULES=` on amd64MFC after: 1 monthSponsored by: Dell EMC Isilon
Move most of the 15 variations on generating opt_inet.h andopt_inet6.h into kmod.mk by forcing almost everybody to eat the samedogfood. While at it, consolidate the opt_bpf.h and opt_mroute.htarge
Move most of the 15 variations on generating opt_inet.h andopt_inet6.h into kmod.mk by forcing almost everybody to eat the samedogfood. While at it, consolidate the opt_bpf.h and opt_mroute.htargets here too.
show more ...
Use src.opts.mk in preference to bsd.own.mk except where we need stufffrom the latter.
o Create directory sys/netpfil, where all packet filters should reside, and move there ipfw(4) and pf(4).o Move most modified parts of pf out of contrib.Actual movements:sys/contrib/pf/net/*.
o Create directory sys/netpfil, where all packet filters should reside, and move there ipfw(4) and pf(4).o Move most modified parts of pf out of contrib.Actual movements:sys/contrib/pf/net/*.c -> sys/netpfil/pf/sys/contrib/pf/net/*.h -> sys/net/contrib/pf/pfctl/*.c -> sbin/pfctlcontrib/pf/pfctl/*.h -> sbin/pfctlcontrib/pf/pfctl/pfctl.8 -> sbin/pfctlcontrib/pf/pfctl/*.4 -> share/man/man4contrib/pf/pfctl/*.5 -> share/man/man5sys/netinet/ipfw -> sys/netpfil/ipfwThe arguable movement is pf/net/*.h -> sys/net. There arefuture plans to refactor pf includes, so I decided not tobreak things twice.Not modified bits of pf left in contrib: authpf, ftp-proxy,tftp-proxy, pflogd.The ipfw(4) movement is planned to be merged to stable/9,to make head and stable match.Discussed with: bz, luigi
Merge the projects/pf/head branch, that was worked on for last six months,into head. The most significant achievements in the new code: o Fine grained locking, thus much better performance. o Fix
Merge the projects/pf/head branch, that was worked on for last six months,into head. The most significant achievements in the new code: o Fine grained locking, thus much better performance. o Fixes to many problems in pf, that were specific to FreeBSD port.New code doesn't have that many ifdefs and much less OpenBSDisms, thusis more attractive to our developers. Those interested in details, can browse through SVN log of theprojects/pf/head branch. And for reference, here is exact list ofrevisions merged:r232043, r232044, r232062, r232148, r232149, r232150, r232298, r232330,r232332, r232340, r232386, r232390, r232391, r232605, r232655, r232656,r232661, r232662, r232663, r232664, r232673, r232691, r233309, r233782,r233829, r233830, r233834, r233835, r233836, r233865, r233866, r233868,r233873, r234056, r234096, r234100, r234108, r234175, r234187, r234223,r234271, r234272, r234282, r234307, r234309, r234382, r234384, r234456,r234486, r234606, r234640, r234641, r234642, r234644, r234651, r235505,r235506, r235535, r235605, r235606, r235826, r235991, r235993, r236168,r236173, r236179, r236180, r236181, r236186, r236223, r236227, r236230,r236252, r236254, r236298, r236299, r236300, r236301, r236397, r236398,r236399, r236499, r236512, r236513, r236525, r236526, r236545, r236548,r236553, r236554, r236556, r236557, r236561, r236570, r236630, r236672,r236673, r236679, r236706, r236710, r236718, r237154, r237155, r237169,r237314, r237363, r237364, r237368, r237369, r237376, r237440, r237442,r237751, r237783, r237784, r237785, r237788, r237791, r238421, r238522,r238523, r238524, r238525, r239173, r239186, r239644, r239652, r239661,r239773, r240125, r240130, r240131, r240136, r240186, r240196, r240212.I'd like to thank people who participated in early testing:Tested by: Florian Smeets <flo freebsd.org>Tested by: Chekaluk Vitaly <artemrts ukr.net>Tested by: Ben Wilber <ben desync.com>Tested by: Ian FREISLICH <ianf cloudseed.co.za>
Update packet filter (pf) code to OpenBSD 4.5.You need to update userland (world and ports) toolsto be in sync with the kernel.Submitted by: mlaierSubmitted by: eri
Fix typo which has survived amazingly long!Approved by: mlaier(mentor)MFC after: 3 days
After r193232 rt_tables in vnet.h are no longer indirectly dependent onthe ROUTETABLES kernel option thus there is no need to include opt_route.hanymore in all consumers of vnet.h and no longer dep
After r193232 rt_tables in vnet.h are no longer indirectly dependent onthe ROUTETABLES kernel option thus there is no need to include opt_route.hanymore in all consumers of vnet.h and no longer depend on it for modulebuilds.Remove the hidden include in flowtable.h as well and leave the twoexplicit #includes in ip_input.c and ip_output.c.
Remove opt_mac.h generation for various kernel modules that no longerrequire it.Submitted by: pjd
Rather than using hidden includes (with cicular dependencies),directly include only the header files needed. This reduces theunneeded spamming of various headers into lots of files.For now, this
Rather than using hidden includes (with cicular dependencies),directly include only the header files needed. This reduces theunneeded spamming of various headers into lots of files.For now, this leaves us with very few modules including vnet.hand thus needing to depend on opt_route.h.Reviewed by: brooks, gnn, des, zec, impSponsored by: The FreeBSD Foundation
Per email to arch@ a little while ago (that was greeted with silence),prefer the more common > ${.TARGET} over > opt_foo.h in modulesmakefiles.
Link pf 4.1 to the build: - move ftp-proxy from libexec to usr.sbin - add tftp-proxy - new altq mtag linkApproved by: re (kensmith)
Introduce a new entry point, mac_create_mbuf_from_firewall. This entry pointexists to allow the mandatory access control policy to properly initializembufs generated by the firewall. An example whe
Introduce a new entry point, mac_create_mbuf_from_firewall. This entry pointexists to allow the mandatory access control policy to properly initializembufs generated by the firewall. An example where this might happen is keepalive packets, or ICMP error packets in response to other packets.This takes care of kernel panics associated with un-initialize mbuf labelswhen the firewall generates packets.[1] I modified this patch from it's original version, the initial patch introduced a number of entry points which were programmatically equivalent. So I introduced only one. Instead, we should leverage mac_create_mbuf_netlayer() which is used for similar situations, an example being icmp_error() This will minimize the impact associated with the MFCSubmitted by: mlaier [1]MFC after: 1 weekThis is a RELENG_6 candidate
Reimplementation of world/kernel build options. For details, see:http://lists.freebsd.org/pipermail/freebsd-current/2006-March/061725.htmlThe src.conf(5) manpage is to follow in a few days.Bro
Reimplementation of world/kernel build options. For details, see:http://lists.freebsd.org/pipermail/freebsd-current/2006-March/061725.htmlThe src.conf(5) manpage is to follow in a few days.Brought to you by: imp, jhb, kris, phk, ru (all bugs are mine)
The `pf' and `pflog' sources do not depend on DEV_PF or DEV_PFLOG,which is normal for own files of a device driver.DEV_FOO should be used if an unrelated kernel file needs to know ofthe `foo' dri
The `pf' and `pflog' sources do not depend on DEV_PF or DEV_PFLOG,which is normal for own files of a device driver.DEV_FOO should be used if an unrelated kernel file needs to know ofthe `foo' driver's static presence. Obviously, module source filesshould never use DEV_*.
Make pflog a seperate module. As a result pflog_packet() becomes a functionpointer that is declared in pf_ioctl.cRequested by: yar (as part of the module build reorg)MFC after: 1 weekX-MFC with
Make pflog a seperate module. As a result pflog_packet() becomes a functionpointer that is declared in pf_ioctl.cRequested by: yar (as part of the module build reorg)MFC after: 1 weekX-MFC with: yar's module reorg
Let modules use the kernel's opt_*.h files if built along withthe kernel by wrapping all targets for fake opt_*.h files in.if defined(KERNBUILDDIR). Thus, such fake files won't becreated at all i
Let modules use the kernel's opt_*.h files if built along withthe kernel by wrapping all targets for fake opt_*.h files in.if defined(KERNBUILDDIR). Thus, such fake files won't becreated at all if modules are built with the kernel.Some modules undergo cleanup like removing unused or unneededoptions or .h files, without which they wouldn't build this wayor the other.Reviewed by: ruTested by: no binary changes in modules built aloneTested on: i386 sparc64 amd64
Let kmod.mk create an empty .h file.
NOINET6 -> NO_INET6
Removed -Wall from CFLAGS.
Get rid of the RANDOM_IP_ID option and make it a sysctl. NetBSDhave already done this, so I have styled the patch on their work: 1) introduce a ip_newid() static inline function that check
Get rid of the RANDOM_IP_ID option and make it a sysctl. NetBSDhave already done this, so I have styled the patch on their work: 1) introduce a ip_newid() static inline function that checks the sysctl and then decides if it should return a sequential or random IP ID. 2) named the sysctl net.inet.ip.random_id 3) IPv6 flow IDs and fragment IDs are now always random. Flow IDs and frag IDs are significantly less common in the IPv6 world (ie. rarely generated per-packet), so there should be smaller performance concerns.The sysctl defaults to 0 (sequential IP IDs).Reviewed by: andre, silby, mlaier, umeBased on: NetBSDMFC after: 2 months
Commit pf version 3.5 and link additional files to the kernel build.Version 3.5 brings: - Atomic commits of ruleset changes (reduce the chance of ending up in an inconsistent state). - A 30% r
Commit pf version 3.5 and link additional files to the kernel build.Version 3.5 brings: - Atomic commits of ruleset changes (reduce the chance of ending up in an inconsistent state). - A 30% reduction in the size of state table entries. - Source-tracking (limit number of clients and states per client). - Sticky-address (the flexibility of round-robin with the benefits of source-hash). - Significant improvements to interface handling. - and many more ...
Make pf* modules respect NOINET6 from make.conf(5) in order to build themfor INET6-less kernel.Requested by: manyApproved by: bms(mentor)
Tweak existing header and other build infrastructure to be able to buildpf/pflog/pfsync as modules. Do not list them in NOTES or modules/Makefile(i.e. do not connect it to any (automatic) builds -
Tweak existing header and other build infrastructure to be able to buildpf/pflog/pfsync as modules. Do not list them in NOTES or modules/Makefile(i.e. do not connect it to any (automatic) builds - yet).Approved by: bms(mentor)