From owner-freebsd-ipfw Fri Nov 2 16:43:11 2001 Delivered-To: freebsd-ipfw@freebsd.org Received: from iguana.aciri.org (iguana.aciri.org [192.150.187.36]) by hub.freebsd.org (Postfix) with ESMTP id 4C8CA37B408; Fri, 2 Nov 2001 16:42:58 -0800 (PST) Received: (from rizzo@localhost) by iguana.aciri.org (8.11.3/8.11.1) id fA30dO046366; Fri, 2 Nov 2001 16:39:24 -0800 (PST) (envelope-from rizzo) Date: Fri, 2 Nov 2001 16:39:24 -0800 From: Luigi Rizzo To: undisclosed-recipients: ; Subject: HEADS UP [luigi@FreeBSD.org: cvs commit: src/sys/dev/ed if_ed.c src/sys/net bridge.c bridge.h if_ethersubr.c src/sys/netinet ip_dummynet.c ip_dummynet.h ip_fw.c ip_fw.h ip_input.c ip_output.c raw_ip.c src/sbin/ipfw ipfw.8 ipfw.c] Message-ID: <20011102163924.A46186@iguana.aciri.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.3.23i Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG [Bcc to net@freebsd.org ipfw@freebsd.org stable@freebsd.org] As announced... please give a try to this code and report any bugs. cheers luigi ----- Forwarded message from Luigi Rizzo ----- Date: Fri, 2 Nov 2001 16:36:11 -0800 (PST) From: Luigi Rizzo Subject: cvs commit: src/sys/dev/ed if_ed.c src/sys/net bridge.c bridge.h if_ethersubr.c src/sys/netinet ip_dummynet.c ip_dummynet.h ip_fw.c ip_fw.h ip_input.c ip_output.c raw_ip.c src/sbin/ipfw ipfw.8 ipfw.c To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org luigi 2001/11/02 16:36:11 PST Modified files: (Branch: RELENG_4) sys/dev/ed if_ed.c sys/net bridge.c bridge.h if_ethersubr.c sys/netinet ip_dummynet.c ip_dummynet.h ip_fw.c ip_fw.h ip_input.c ip_output.c raw_ip.c sbin/ipfw ipfw.8 ipfw.c Log: Mega-MFC for ipfw/bridge/dummynet features and fixes added over the past couple of months: * merge of ipfw rule descriptor and chain pointer. No functional change, but the internal data structures and code are way more readable; * BillF code to make ipfw/dummynet/bridge KLD'able. NOTA BENE: this still has some rough edges, which are mostly due to bugs in kldload() rather than in this code. * add a new type of dynamic rule that lets you limit the number of simultaneous connections matching certain criteria (with the usual aggregation based on port/address masks) * fix spl*() protection in same parts of the code; This code also includes some minor bugfixes and code cleanup that I will port to CURRENT as soon as i have a chance. I have tested the code as much as i could, but there is really a million combinations so I might have missed some corner case. Please report if you have problem building things. The only thing known not to work is bridge.ko -- it does forward correctly, but packets directed to the bridge itself are only received from one interface (i suspect some missing initialization), and there are some other issues at unloading time. Please use the statically compiled code for the time being. NOTE ON KLD: It appears that kldload/unload is unable to handle the case of (erroneously) loading/unloading a module which is already compiled in. What happens is that load fails, but the module is listed as loaded, and then the system panics if you attempt an unloading of the module. This problem need fixing in the module loading/unloading code, which is not in my area of competence. Revision Changes Path 1.63.2.17 +41 -18 src/sbin/ipfw/ipfw.8 1.80.2.20 +75 -20 src/sbin/ipfw/ipfw.c 1.173.2.13 +6 -11 src/sys/dev/ed/if_ed.c 1.16.2.15 +223 -102 src/sys/net/bridge.c 1.4.2.3 +18 -45 src/sys/net/bridge.h 1.70.2.18 +29 -22 src/sys/net/if_ethersubr.c 1.24.2.12 +119 -94 src/sys/netinet/ip_dummynet.c 1.10.2.4 +10 -12 src/sys/netinet/ip_dummynet.h 1.131.2.27 +561 -457 src/sys/netinet/ip_fw.c 1.47.2.10 +87 -34 src/sys/netinet/ip_fw.h 1.130.2.28 +9 -20 src/sys/netinet/ip_input.c 1.99.2.19 +6 -13 src/sys/netinet/ip_output.c 1.64.2.9 +19 -24 src/sys/netinet/raw_ip.c ----- End forwarded message ----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message