[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

CVS: cvs.openbsd.org: src



CVSROOT:	/cvs
Module name:	src
Changes by:	dlg_(_at_)_cvs_(_dot_)_openbsd_(_dot_)_org	2009/02/15 17:31:25

Modified files:
	sys/net        : if_pfsync.c if_pfsync.h netisr.h 
	                 netisr_dispatch.h pf.c pf_ioctl.c pfvar.h 
	sys/netinet    : ip_ipsp.c ip_ipsp.h 
	usr.sbin/tcpdump: pf_print_state.c print-pfsync.c 

Log message:
pfsync v5, mostly written at n2k9, but based on work done at n2k8.

WARNING: THIS BREAKS COMPATIBILITY WITH THE PREVIOUS VERSION OF PFSYNC

this is a new variant of the protocol and a large reworking of the
pfsync code to address some performance issues. the single largest
benefit comes from having multiple pfsync messages of different
types handled in a single packet. pfsyncs handling of pf states is
highly optimised now, along with packet parsing and construction.

huggz for beck@ for testing.
huge thanks to mcbride@ for his help during development and for
finding all the bugs during the initial tests.
thanks to peter sutton for letting me get credit for this work.

ok beck@ mcbride@ "good." deraadt@