NetBSD

Author	SHA1	Message	Date
rmind	1e9541dade	npftest: adjust for the npf_bpf_filter() change.	2013-11-23 19:40:11 +00:00
rmind	e636c1e87f	npfctl: need to rewind the list after calling print_table(). XXX libnpf.	2013-11-22 18:42:02 +00:00
rmind	805a41fbfe	Add npf_tableset_syncdict() to sync the table IDs in the proplib dictionary, as they can change on reload now. Also, fix table name checking in npfctl.	2013-11-22 00:25:51 +00:00
christos	8216c37c22	CID 1129614: dereference after null	2013-11-19 17:01:45 +00:00
rmind	d116583e69	Simplify parsing of npf.conf elements, create the npfvar_t when a value is parsed (to be used as a general structured for variables and inlined values), few misc improvements.	2013-11-19 00:28:41 +00:00
rmind	3fb1890bf5	Rename some tokens, use more accurate names (the current ones are incorrect or missleading) and add few comments in the parser code.	2013-11-18 21:39:03 +00:00
rmind	2566fe9fff	Add bsd.own.mk for MKSLJIT, reorder some vars.	2013-11-16 17:12:35 +00:00
alnsn	a36c412b37	Link to -lrumpnet_bpfjit and -lrumpkern_sljit iff MKSLJIT != "no".	2013-11-16 15:58:30 +00:00
rmind	467de1619d	Enable bpfjit for npftest.	2013-11-16 01:41:43 +00:00
wiz	d8099589ae	Remove trailing whitespace.	2013-11-12 06:07:30 +00:00
rmind	1e7342c150	NPF: add support for table naming and remove NPF_TABLE_SLOTS (there is just an arbitrary sanity limit of NPF_MAX_TABLES currently set to 128). Few misc fixes. Bump NPF_VERSION.	2013-11-12 00:46:34 +00:00
rmind	a79812ea10	NPF: add support for specifying the interfaces before they are attached. If an interface is or gets detached, all associated rules and connections will be deactivated (it might be useful to have an option to invalidate the associated connections). Once the interface is reattached they will become active. Bump NPF_VERSION.	2013-11-08 00:38:26 +00:00
kefren	915c0cd28e	sync an example with the latest group syntax change	2013-11-05 13:09:12 +00:00
rmind	05a7a9a52e	npfctl: optimise fetch_l3() to avoid unnecessary call to NPF_COP_L3.	2013-11-05 01:50:30 +00:00
joerg	d41a00c8da	Add missing dead.	2013-09-24 22:52:14 +00:00
rmind	a99ac6280c	npftest: add a choice of "rule" or "state" for -b option.	2013-09-24 02:44:20 +00:00
rmind	a484105289	npftest: add some concurrency testing code.	2013-09-24 02:04:21 +00:00
rmind	5f3b7e2652	Update npftest.conf for the recent syntax adjustments.	2013-09-23 15:30:32 +00:00
wiz	4fe1cb8b61	Remove trailing whitespace.	2013-09-20 21:30:49 +00:00
rmind	f797733a7e	- NPF: change the group/ruleset syntax - simplify. Update npf.conf(5) manual. - Add support for the inline pcap-filter(7) syntax in the rule, e.g.: block out final pcap-filter "tcp and dst 10.1.1.252"	2013-09-20 03:03:52 +00:00
rmind	f5730e945b	npfctl: remove some n-code leftovers, fix the build, update the man pages.	2013-09-19 12:05:11 +00:00
rmind	7b5edfdc0d	NPF: G/C n-code in favour of BPF byte-code. Delete lots of code, mmm!	2013-09-19 01:49:07 +00:00
rmind	4e592132ab	- Convert NPF to use BPF byte-code by default. Compile BPF byte-code in npfctl(8) and generate separate marks to describe the filter criteria. - Rewrite 'npfctl show' functionality and fix some of the bugs. - npftest: add a test for BPF COP. - Bump NPF_VERSION.	2013-09-19 01:04:45 +00:00
rmind	ce38978248	- Add NPF table flushing functionality. - Fix line numbering for npfctl debug command.	2013-05-19 20:45:34 +00:00
christos	464306f9db	always allow hex where decimal is allowed.	2013-05-09 19:12:03 +00:00
christos	bc0f55de88	Make ALG's autoloadable by providing in the config file: alg "algname"	2013-03-20 00:29:46 +00:00
rmind	543d2971ab	- Extend npf.conf syntax to support dynamic NAT policies. - Imply dynamic group when using "ruleset" keyword.	2013-03-18 02:17:49 +00:00
christos	29e670c87b	more explicit syntax	2013-03-13 02:44:28 +00:00
christos	5f0daf8289	more todo's	2013-03-13 02:41:23 +00:00
christos	b46215b9d2	add another	2013-03-13 02:36:51 +00:00
christos	668937be38	one more fixed	2013-03-11 16:38:31 +00:00
christos	08ba3be1b4	more breakage.	2013-03-11 02:12:15 +00:00
christos	fce0192186	explain further.	2013-03-11 02:02:28 +00:00
christos	8493e8dcfc	separate sess commands.	2013-03-11 00:39:32 +00:00
christos	feb589a817	remove dup usage.	2013-03-11 00:34:43 +00:00
christos	c85651a383	fix usage	2013-03-11 00:16:59 +00:00
christos	58bc4d4e58	handle port "ftp-data"	2013-03-11 00:09:07 +00:00
christos	cd72feefe1	more	2013-03-11 00:05:36 +00:00
christos	b58e208695	my laundry list	2013-03-11 00:04:46 +00:00
christos	2acab3345b	centralize error handling and print what went wrong instead of "ioctl"	2013-03-10 23:59:00 +00:00
christos	8c8be406dd	modules moved to /lib	2013-03-10 23:57:07 +00:00
christos	e0620b41b3	deal with strings as interfaces	2013-03-10 23:11:26 +00:00
christos	9f5f8a86c5	normalise -> normalize	2013-03-10 21:55:40 +00:00
rmind	e1515f844d	Fix the example (deja vu?).	2013-03-10 21:17:30 +00:00
rmind	e9a253f3c1	npftest/npf_blockall_rule: set NPF_RULE_DYNAMIC flag for the test rule.	2013-02-18 23:09:20 +00:00
rmind	56910be779	- Convert NPF dynamic rule ID to just incremented 64-bit counter. - Fix multiple bugs. Also, update the man page.	2013-02-16 21:11:12 +00:00
rmind	90957242c6	npftest: adjust for recent change.	2013-02-11 02:52:32 +00:00
rmind	82975ead3b	Allow filtering on IP addresses even if the L4 protocol is unknown. Patch from spz@.	2013-02-11 00:00:20 +00:00
rmind	50c5afcad4	- Fix NPF config reload with dynamic rules present. - Implement list and flush commands on a dynamic ruleset.	2013-02-10 23:47:37 +00:00
rmind	0e21825481	NPF: - Implement dynamic NPF rules. Controlled through npf(3) library of via npfctl rule command. A rule can be removed using a unique identifier, returned on addition, or using a key which is SHA1 hash of the rule. Adjust npftest and add a regression test. - Improvements to rule inspection mechanism. - Initial BPF support as an alternative to n-code. - Minor fixes; bump the version.	2013-02-09 03:35:31 +00:00

1 2 3

135 Commits