----- Forwarded message from Ryan Thomas McBride <[EMAIL PROTECTED]> -----
Date: Mon, 15 Dec 2003 00:11:31 -0700 (MST)
From: Ryan Thomas McBride <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: CVS: cvs.openbsd.org: src
X-Loop: [EMAIL PROTECTED]
Precedence: bulk
X-Spam-Status: No, hits=0.000000 required=0.900000
CVSROOT: /cvs
Module name: src
Changes by: [EMAIL PROTECTED] 2003/12/15 00:11:31
Modified files:
sbin/ifconfig : ifconfig.c
sbin/pfctl : parse.y pf_print_state.c pfctl.c pfctl_parser.c
pfctl_parser.h
sys/net : if_pfsync.c if_pfsync.h pf.c pf_ioctl.c pfvar.h
sys/netinet : in.h in_proto.c
usr.bin/netstat: inet.c main.c netstat.h
usr.sbin/authpf: authpf.c
usr.sbin/tcpdump: interface.h print-ip.c print-pfsync.c
Log message:
Add initial support for pf state synchronization over the network.
Implemented as an in-kernel multicast IP protocol.
Turn it on like this:
# ifconfig pfsync0 up syncif fxp0
There is not yet any authentication on this protocol, so the syncif
must be on a trusted network. ie, a crossover cable between the two
firewalls.
NOTABLE CHANGES:
- A new index based on a unique (creatorid, stateid) tuple has been
added to the state tree.
- Updates now appear on the pfsync(4) interface; multiple updates may
be compressed into a single update.
- Applications which use bpf on pfsync(4) will need modification;
packets on pfsync no longer contains regular pf_state structs,
but pfsync_state structs which contain no pointers.
Much more to come.
ok deraadt@
----- End forwarded message -----
--
<[EMAIL PROTECTED]>
_______________________________________________
EuG-LUG mailing list
[EMAIL PROTECTED]
http://mailman.efn.org/cgi-bin/listinfo/eug-lug
