|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Daniel Hartmeier (dhartmei
cvs.openbsd.org)Date: Wed Apr 24 2002 - 13:10:26 CDT
CVSROOT: /cvs
Module name: src
Changes by: dhartmeicvs.openbsd.org 2002/04/24 12:10:25
Modified files:
sys/net : pfvar.h pf.c pf_norm.c
sbin/pfctl : parse.y pfctl_parser.c pfctl.c
share/man/man5 : pf.conf.5 nat.conf.5
regress/sbin/pfctl: binat1.ok pf1.ok pf12.ok pf13.ok pf2.ok
pf4.ok pf5.ok pf7.ok pf8.ok
Log message:
Add dynamic (in-kernel) interface name -> address translation. Instead of
using just the interface name instead of an address and reloading the rule
set whenever the interface changes its address, the interface name can be
put in parentheses, and the kernel will keep track of changes and update
rules. There is no additional cost for evaluating rules (per packet),
the cost occurs when an interface changes address (and the rules are
traversed and updated where necessary).
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]