pf: Update packetfilter to OpenBSD 4.4 * As correct pf function depends directly on pfsync now compile if_pfsyn.c into pf.ko. pflog is already part of pf.ko. * Activate pfsync function by default. It's not a kernel option anymore, but pfsync is very unlikley to work. Anyway our ifconfig is missing all pfsync related options. I will try to make pfsync working again after upgrading to pf from OpenBSD 4.5 as pfsync changes completley then and is not compatible anymore with prior versions. * Also make the module unloading sane in if_pflog.c Thanks to Alex Hornung and Aggelos Economopoulos for debugging.
pf: Update to OpenBSD 4.2 All sorts of informations is now stored directly in the mbuf header instead of a seperate mbuf tag. This brings in a 100% performance increase in comparison to OpenBSD 4.1. For DragonFly this basically means this is the same performance as in 2.6, but we are equal again with OpenBSD's pf data structures. Necesary additions: sys/net: add more interface groups related functions if_creategroup() if_addgroup() if_delgroup() if_getgroup() if_getgroupmembers() Imported from OpenBSD carp: add carp_group_demote_adj() altq: re-add check of packet tagging fairq & red support, UDP nat'ing, reassembly fixed by Matthew Dillon
pf: Update packet filter to the version that comes with OpenBSD 4.1 The original OpenBSD 4.1 defaults to "keep state flags S/SA" for all pass rules. In contrast to that we default to "no state". As in earlier verions of pf in DragonFly the default keep-state policy can still be set with the keep-policy option (e.g. "set keep-policy keep state (pickups)"). DragonFly additions to pf have been kept: fairq support, pickups. Detailed Info on changes/additions: * ALTQ: Fix altq to work with pf_mtag Patch by Matthew Dillon * libkern: Revert commit e104539 strchr was added to libkern.h together with strrch * net/if.h: add interface groups Imported from FreeBSD. * netinet6/in6.h: add macros IN6_IS_ADDR_MC_INTFACELOCAL IN6_IS_SCOPE_EMBED PV6_ADDR_SCOPE_INTFACELOCAL * sys/libkern.h: Add strchr and strrchr as inline functions Brought in from FreeBSD * sys/net/if_var.h: Import interface groups Import interface groups and event handlers from FreeBSD * sys/net/if_var.h: add if_pf_kif, if_groups to struct ifnet obtained from: Open/FreeBSD * net/if_types.h: add IFT_ENC to non-IATA-assignments obtained from Open/FreeBSD * net/bpf.c: add bpf_mtap_hdr from OpenBSD Con up a minimal dummy header to pacify bpf. Allocate (only) a struct m_hdr on the stack.
Uesrland part of PF Obtained-from: OpenBSD Ported-by: Devon O'Dell and Simon 'corecode' Schubert Additioncally, do a pass over the code to get it WARNS=6 clean. This means mostly fixing const'ness of strings and cleanup sign/unsigned comparisions. The warnings in authpf about unused arguments have been removed by use of __unused.