[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
CVS: cvs.openbsd.org: src
- To: source-changes_(_at_)_cvs_(_dot_)_openbsd_(_dot_)_org
- Subject: CVS: cvs.openbsd.org: src
- From: David Gwynne <dlg_(_at_)_cvs_(_dot_)_openbsd_(_dot_)_org>
- Date: Sun, 15 Feb 2009 17:31:25 -0700 (MST)
Module name: src
Changes by: dlg_(_at_)_cvs_(_dot_)_openbsd_(_dot_)_org 2009/02/15 17:31:25
sys/net : if_pfsync.c if_pfsync.h netisr.h
netisr_dispatch.h pf.c pf_ioctl.c pfvar.h
sys/netinet : ip_ipsp.c ip_ipsp.h
usr.sbin/tcpdump: pf_print_state.c print-pfsync.c
pfsync v5, mostly written at n2k9, but based on work done at n2k8.
WARNING: THIS BREAKS COMPATIBILITY WITH THE PREVIOUS VERSION OF PFSYNC
this is a new variant of the protocol and a large reworking of the
pfsync code to address some performance issues. the single largest
benefit comes from having multiple pfsync messages of different
types handled in a single packet. pfsyncs handling of pf states is
highly optimised now, along with packet parsing and construction.
huggz for beck@ for testing.
huge thanks to mcbride@ for his help during development and for
finding all the bugs during the initial tests.
thanks to peter sutton for letting me get credit for this work.
ok beck@ mcbride@ "good." deraadt@