first. This is necessary to avoid warnings with -fshort-enums. Casting
to an int really should be enough, but turns out not to be.
This change will be documented in doc/HACKS.
first. This is necessary to avoid warnings with -fshort-enums. Casting
to an int really should be enough, but turns out not to be.
This change will be documented in doc/HACKS.
- Fix a bug in ns_parserr(), where it was returning the wrong sort
of result code in some cases.
This is required to allow some -fshort-enums warnings to be fixed.
- Fix a bug in is_identifier(), where it was checking against EOF
instead of the END_OF_FILE token.
This is required to eliminate a warning with -fshort-enums.
Configured by a new option "mssclamp" in NAT rules, like:
map pppoe0 192.168.1.0/24 -> 0/32 mssclamp 1452
This is based on work by Xiaodan Tang <xtang@qnx.com>.
first. This is necessary to avoid warnings with -fshort-enums. Casting
to an int really should be enough, but turns out not to be.
This change will be documented in doc/HACKS.
* There is no -indent option to .Bd or .Bl, although you would
never know that from its frequent use in this tree. There is a
"-offset indent" combination that makes sense, and you can certainly
say "-width indent".
* Also, you can't markup the -width option argument, tho you CAN
use a callable macro. So "-width Ar filename" doesn't make sense,
but either "-width Ar" or "-width filename" does, as might something
like "-width xxfilename" for a little extra space.
* There are a lot of needlessly complex hanging tag macros in man4 used
to create simple item lists. Those should be simplified one of these
days before someone copies and edits yet another man4 page.
better error messages if the user tries to use symbolic names such
as "echo" and "echorep" in "ipv6-icmp ... icmp-type ..." rules.
Consider the following rules:
# cat /etc/ipf6.conf
pass in quick proto ipv6-icmp from any to any icmp-type 128
pass in quick proto ipv6-icmp from any to any icmp-type echo
Use of symbolic names give now the following error:
# ipf -Fa -6f /etc/ipf6.conf
2: Unknown ICMPv6 type (echo) specified (use numeric value instead)
The first rule with numeric value will work as expected:
# ipfstat -6hi
0 pass in quick proto ipv6-icmp from any to any icmp-type 128
NOTE: You MUST use numerical values for ICMPv6 types. See
/sys/netinet/icmp6.h for available codes!
ROOT localhost:~> /etc/rc.d/ipfilter reload
Reloading ipfilter rules.
22: Invalid icmp-type (echo) specified
With version 1.7 everything works just fine:
ROOT localhost:~> /etc/rc.d/ipfilter reload
Reloading ipfilter rules.
Set 1 now inactive
this fix ipfstat reported:
0 pass in quick proto ipv6-icmp from any to any
while after this fix:
0 pass in quick proto ipv6-icmp from any to any icmp-type 8
This was just a display bug, the rule worked as expected.
martti