From owner-cvs-all Fri Nov 2 16:36:17 2001 Delivered-To: cvs-all@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 1D94F37B40A; Fri, 2 Nov 2001 16:36:12 -0800 (PST) Received: (from luigi@localhost) by freefall.freebsd.org (8.11.4/8.11.4) id fA30aBl80446; Fri, 2 Nov 2001 16:36:11 -0800 (PST) (envelope-from luigi) Message-Id: <200111030036.fA30aBl80446@freefall.freebsd.org> From: Luigi Rizzo Date: Fri, 2 Nov 2001 16:36:11 -0800 (PST) To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sys/dev/ed if_ed.c src/sys/net bridge.c bridge.h if_ethersubr.c src/sys/netinet ip_dummynet.c ip_dummynet.h ip_fw.c ip_fw.h ip_input.c ip_output.c raw_ip.c src/sbin/ipfw ipfw.8 ipfw.c X-FreeBSD-CVS-Branch: RELENG_4 Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG luigi 2001/11/02 16:36:11 PST Modified files: (Branch: RELENG_4) sys/dev/ed if_ed.c sys/net bridge.c bridge.h if_ethersubr.c sys/netinet ip_dummynet.c ip_dummynet.h ip_fw.c ip_fw.h ip_input.c ip_output.c raw_ip.c sbin/ipfw ipfw.8 ipfw.c Log: Mega-MFC for ipfw/bridge/dummynet features and fixes added over the past couple of months: * merge of ipfw rule descriptor and chain pointer. No functional change, but the internal data structures and code are way more readable; * BillF code to make ipfw/dummynet/bridge KLD'able. NOTA BENE: this still has some rough edges, which are mostly due to bugs in kldload() rather than in this code. * add a new type of dynamic rule that lets you limit the number of simultaneous connections matching certain criteria (with the usual aggregation based on port/address masks) * fix spl*() protection in same parts of the code; This code also includes some minor bugfixes and code cleanup that I will port to CURRENT as soon as i have a chance. I have tested the code as much as i could, but there is really a million combinations so I might have missed some corner case. Please report if you have problem building things. The only thing known not to work is bridge.ko -- it does forward correctly, but packets directed to the bridge itself are only received from one interface (i suspect some missing initialization), and there are some other issues at unloading time. Please use the statically compiled code for the time being. NOTE ON KLD: It appears that kldload/unload is unable to handle the case of (erroneously) loading/unloading a module which is already compiled in. What happens is that load fails, but the module is listed as loaded, and then the system panics if you attempt an unloading of the module. This problem need fixing in the module loading/unloading code, which is not in my area of competence. Revision Changes Path 1.63.2.17 +41 -18 src/sbin/ipfw/ipfw.8 1.80.2.20 +75 -20 src/sbin/ipfw/ipfw.c 1.173.2.13 +6 -11 src/sys/dev/ed/if_ed.c 1.16.2.15 +223 -102 src/sys/net/bridge.c 1.4.2.3 +18 -45 src/sys/net/bridge.h 1.70.2.18 +29 -22 src/sys/net/if_ethersubr.c 1.24.2.12 +119 -94 src/sys/netinet/ip_dummynet.c 1.10.2.4 +10 -12 src/sys/netinet/ip_dummynet.h 1.131.2.27 +561 -457 src/sys/netinet/ip_fw.c 1.47.2.10 +87 -34 src/sys/netinet/ip_fw.h 1.130.2.28 +9 -20 src/sys/netinet/ip_input.c 1.99.2.19 +6 -13 src/sys/netinet/ip_output.c 1.64.2.9 +19 -24 src/sys/netinet/raw_ip.c To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message