Commit Graph

297 Commits

Author SHA1 Message Date
martti
1286035f0a Import regression tests into basesrc/regress/sys/kern/ipf 2002-05-13 06:23:30 +00:00
wiz
d30d25dc1a Spelling fixes, from Sergey Svishchev in kern/16650. 2002-05-12 15:48:36 +00:00
simonb
1706b9a6ec There's no use assigning the output of strtoul() to a 32-bit variable
then checking that against ULONG_MAX.  Instead use a "unsigned long"
as the temporary variable.  Then check against UINT32_MAX before
assigning back to the original variable.
2002-05-09 03:14:14 +00:00
simonb
707fc2ec62 Use INADDR_NONE instead of "(u_long) - 1". 2002-05-09 02:09:52 +00:00
martti
0486c7bccc Show active rules correctly if "portmap auto" is used (PR#16615 by Sergey
Svishchev)
2002-05-03 08:27:10 +00:00
jdolecek
fb5ea935fe remove stuff not relevant for NetBSD 2002-05-02 21:45:06 +00:00
martti
dc57912eac This is in /sys/netinet 2002-05-02 17:27:25 +00:00
martti
e74092de02 Upgraded IPFilter to 3.4.27 2002-05-02 17:11:37 +00:00
martti
0071d2a114 Import IPFilter 3.4.27 2002-05-02 16:51:52 +00:00
martti
d02c43db4c Import IPFilter 3.4.27 2002-05-02 16:48:42 +00:00
martti
48e5349fdc Import IPFilter 3.4.27 2002-05-02 16:47:12 +00:00
drochner
1fba973e56 make it build without REFCLOCK but with -Wall 2002-04-19 20:45:54 +00:00
christos
590eabc9c6 Set the stack limit to something smaller than the default, like it is
done in the aix case so that we don't end up mlockall() unused memory.
From: witek@wnuk.eu.org (Witold J. Wnuk)
2002-04-18 23:18:42 +00:00
kleink
ac4fd59f8c `Normalize' the pid file contents to "<pid><newline>", just like
pidfile(3) does; patch sent to Darren a while ago.
2002-04-17 12:06:23 +00:00
wiz
7cb50ab7ee Spelling fixes and grammar improvements. 2002-04-14 14:35:05 +00:00
martin
a3f3f844dc Document the mssclamp option. 2002-04-14 07:53:46 +00:00
thorpej
a5e83730f6 Use __RCSID(). 2002-04-09 02:53:20 +00:00
thorpej
64b4b1c3c3 Don't use static const u_char ... for register bits. Use #define. 2002-04-09 02:42:50 +00:00
thorpej
082e0b796d Add the __unused__ attribute to rcsid[]/sccsid[]. Need to talk
to Darren about this more, but this gets it to compile with gcc 3.2.
2002-04-09 02:32:51 +00:00
bjh21
c701db92ac Remove .cvsignore file.
<URL:http://www.netbsd.org/developers/cvs-repos/notes.html#cvsignore>
2002-04-04 17:08:24 +00:00
martti
3c53e00e43 Don't remove ip_h323_pxy.c 2002-04-03 09:32:06 +00:00
christos
abf0491189 fix the error message to print the correct value. Pointed out by Richard Rauch 2002-04-03 03:32:50 +00:00
jdolecek
1414ac04e0 remove stuff not related to NetBSD 2002-04-01 15:58:08 +00:00
jdolecek
aa2f829ddf remove the 'mv ipnat.1 ipnat.8', the distribution comes with ipnat.8 nowadays
add back ip_h323_pxy.c - upon closer examination, the licence seems to be okay
2002-04-01 15:56:51 +00:00
jdolecek
04b7839d81 g/c, these are not used on NetBSD 2002-04-01 09:10:38 +00:00
bjh21
913037a61e When checking that a potentially-unsigned enum is >= 0, assign it to an int
first.  This is necessary to avoid warnings with -fshort-enums.  Casting
to an int really should be enough, but turns out not to be.

This change will be documented in doc/HACKS.
2002-03-18 20:26:50 +00:00
bjh21
ad4b72abb9 Check isc_result_t values with != ISC_R_SUCCESS, rather than < 0.
Suggested by Ted Lemon, but not yet in an ISC DHCP release.
This is necessary to avoid warning with -fshort-enums.
2002-03-18 20:25:58 +00:00
bjh21
76b77c2c35 When checking that a potentially-unsigned enum is >= 0, assign it to an int
first.  This is necessary to avoid warnings with -fshort-enums.  Casting
to an int really should be enough, but turns out not to be.

This change will be documented in doc/HACKS.
2002-03-18 20:16:49 +00:00
bjh21
6047cf765e Another change from 3.0.1rc7:
- Fix a bug in ns_parserr(), where it was returning the wrong sort
  of result code in some cases.

This is required to allow some -fshort-enums warnings to be fixed.
2002-03-18 20:13:53 +00:00
bjh21
a4f14f6e11 Pull down change from 3.0.1rc7:
- Fix a bug in is_identifier(), where it was checking against EOF
  instead of the END_OF_FILE token.

This is required to eliminate a warning with -fshort-enums.
2002-03-18 19:54:11 +00:00
hannken
5a142891ab Make it compile on sparc (size_t != int). 2002-03-15 08:54:40 +00:00
mjl
8a74697e3d Make it compile w/ our standard warning level by adding prototypes. 2002-03-15 01:54:19 +00:00
mjl
3cc43a5f0b Resolve conflict 2002-03-15 01:44:24 +00:00
mjl
3849fd5579 Import bzip2 1.0.2 2002-03-15 01:35:17 +00:00
martin
58d564bc8c Add MSS clamping to the IP Filter NAT subsystem.
Configured by a new option "mssclamp" in NAT rules, like:

 map pppoe0 192.168.1.0/24 -> 0/32 mssclamp 1452

This is based on work by Xiaodan Tang <xtang@qnx.com>.
2002-03-14 21:46:54 +00:00
martti
83b3487b70 Upgraded IPFilter to 3.4.25 2002-03-14 12:32:36 +00:00
martti
a79df224af Import IPFilter 3.4.25 2002-03-14 12:30:07 +00:00
martti
27df1070c7 Don't import ip_h323_pxy.c (license issues) 2002-03-14 08:07:06 +00:00
simonb
6b078ef993 Fix gcc 3.x "operation on `foo' may be undefined" warnings when using
constructs like "tptr+=*tptr++;".

Itojun will forward these changes to tcpdump.org.
2002-03-11 10:43:33 +00:00
bjh21
dca4ae94d6 When checking that a potentially-unsigned enum is >= 0, assign it to an int
first.  This is necessary to avoid warnings with -fshort-enums.  Casting
to an int really should be enough, but turns out not to be.

This change will be documented in doc/HACKS.
2002-03-09 13:22:52 +00:00
wiz
53036766b1 Drop trailing spaces after section names. 2002-03-06 14:20:34 +00:00
sommerfeld
3e18fc136f More ipip references 2002-03-04 15:15:39 +00:00
mason
be7a76e49f document -i and -u in the man page 2002-02-21 17:10:14 +00:00
itojun
d52aa152c7 sync with 3.7.1 2002-02-18 09:37:05 +00:00
itojun
1ad208fce4 tcpdump 3.7.1 from tcpdump.org 2002-02-18 09:06:51 +00:00
martin
3a47d27d5d Fix two LP64/be bugs, patch from ura@hiru.aoba.yokohama.jp in PR 15641. 2002-02-17 20:18:52 +00:00
ross
8bd7cb6a69 Edit -mdoc usage.
* There is no -indent option to .Bd or .Bl, although you would
  never know that from its frequent use in this tree. There is a
  "-offset indent" combination that makes sense, and you can certainly
  say "-width indent".

* Also, you can't markup the -width option argument, tho you CAN
  use a callable macro. So "-width Ar filename" doesn't make sense,
  but either "-width Ar" or "-width filename" does, as might something
  like "-width xxfilename" for a little extra space.

* There are a lot of needlessly complex hanging tag macros in man4 used
  to create simple item lists. Those should be simplified one of these
  days before someone copies and edits yet another man4 page.
2002-02-07 03:15:06 +00:00
martti
c6a4a9d33a Fixed Darren's original IPv6 icmp-type patch (rev 1.8) to display
better error messages if the user tries to use symbolic names such
as "echo" and "echorep" in "ipv6-icmp ... icmp-type ..." rules.

Consider the following rules:

  # cat /etc/ipf6.conf
  pass in quick proto ipv6-icmp from any to any icmp-type 128
  pass in quick proto ipv6-icmp from any to any icmp-type echo

Use of symbolic names give now the following error:

  # ipf -Fa -6f /etc/ipf6.conf
  2: Unknown ICMPv6 type (echo) specified (use numeric value instead)

The first rule with numeric value will work as expected:

  # ipfstat -6hi
  0 pass in quick proto ipv6-icmp from any to any icmp-type 128

NOTE: You MUST use numerical values for ICMPv6 types. See
      /sys/netinet/icmp6.h for available codes!
2002-02-04 19:07:47 +00:00
martti
6ffd37ccd1 Back out version 1.8 as it fixes the display BUT breaks the icmp-type rules:
ROOT localhost:~> /etc/rc.d/ipfilter reload
  Reloading ipfilter rules.
  22: Invalid icmp-type (echo) specified

With version 1.7 everything works just fine:

  ROOT localhost:~> /etc/rc.d/ipfilter reload
  Reloading ipfilter rules.
  Set 1 now inactive
2002-02-04 12:00:52 +00:00
martti
bfc0fa18e9 Fixed display of "proto ipv6-icmp ... icmp-type ..." rule. Before
this fix ipfstat reported:

  0 pass in quick proto ipv6-icmp from any to any

while after this fix:

  0 pass in quick proto ipv6-icmp from any to any icmp-type 8

This was just a display bug, the rule worked as expected.
2002-02-01 11:31:56 +00:00