Commit Graph

107 Commits

Author SHA1 Message Date
dholland
2c888f6181 PR 50709 David Binderman: memory leak 2016-05-30 17:21:07 +00:00
joerg
b573c5e0d5 Fix obviously broken condition. 2015-08-28 12:17:41 +00:00
riastradh
6cb10275d0 Merge riastradh-drm2 to HEAD. 2014-03-18 18:20:35 +00:00
wiz
a5684d07dd Use Mt for email addresses. 2013-07-20 21:39:55 +00:00
rmind
63f8748ee9 ftp-proxy: disable NPF bits for now; it will be re-done. 2012-12-24 01:14:40 +00:00
plunky
72f78fcb94 reinstate "Update ftp-proxy for changes to ipnat_t" from Darren Reed 2012-09-15 17:42:43 +00:00
joerg
efa013cb75 Fix format string usage. 2012-02-29 23:42:28 +00:00
riz
f8a1d7977c Back out the recent import of IPFilter 5.1.1 for the upcoming branch,
which will now have IPFilter 4.1.34.  IPFilter 5.1.1 will be restored
post-branch.

ok: core, releng.
2012-02-15 17:55:03 +00:00
darrenr
9598df00fd Update ftp-proxy for changes to ipnat_t 2012-01-30 16:14:27 +00:00
mbalmer
24e4901256 There is no doubt whether whether should have a 'h' after the 'w'. 2011-10-17 16:35:21 +00:00
rmind
7d1dd86a47 - Fix man pages list for MKNPF=no case. Based on a patch from Scott Ellis.
- Fix build with MKNPF=yes and MKIPFILTER=no as well; close PR/44512.
2011-02-10 14:04:29 +00:00
rmind
07ac07d35f NPF checkpoint:
- Add libnpf(3) - a library to control NPF (configuration, ruleset, etc).
- Add NPF support for ftp-proxy(8).
- Add rc.d script for NPF.
- Convert npfctl(8) to use libnpf(3) and thus make it less depressive.
  Note: next clean-up step should be a parser, once dholland@ will finish it.
- Add more documentation.
- Various fixes.
2011-02-02 02:20:24 +00:00
christos
f4dfcf5469 warns=4 2010-12-13 01:45:38 +00:00
wiz
19e1a3b574 Bump date for new CAVEATS. 2010-04-12 21:28:23 +00:00
ahoka
0bb59a3f04 mention pfsync not working as a kernel module 2010-04-12 14:26:11 +00:00
joerg
bfbe4c3572 Use HUGE_VAL instead of INFINITY as positive infinity (or maximum value)
is good enough and the side effects of ISO C99 7.12 (4) are not desired.
2010-03-01 00:13:47 +00:00
ahoka
67bcc5b200 Remove the notice about pfsync not being supported, as we have it now. 2009-12-19 14:05:53 +00:00
martti
1a30996c87 Removed obsolete files. 2009-12-02 15:21:37 +00:00
martti
495b1f79b1 Initial version. 2009-12-02 15:07:09 +00:00
martti
77ad51d8d2 Initial version. 2009-12-01 06:27:57 +00:00
joerg
98ae2d6073 Do not use .Xo/.Xc to workaround ancient groff limits. 2009-10-14 17:44:25 +00:00
joerg
3c1f1e4f21 .Xr takes two arguments only. 2009-10-04 18:07:26 +00:00
degroote
33e10c238e Improve the pfsync(4) man page
hostname.if(5) is ifconfig.if(5) on NetBSD
Don't speak about enc, as we don't support it at the moment
Make clear that we don't support ipsec protection of pfsync traffic (as long we
doesn't support enc, or similar thing)

Catched by wiz@
2009-09-14 11:45:01 +00:00
wiz
f41e8ac844 <>& -> \*[Lt]\*[Gt]\*[Am]
Bump date for pfsync(4) link.
2009-09-14 11:17:49 +00:00
wiz
f8b0915e76 Fix Dd argument. 2009-09-14 11:17:42 +00:00
degroote
2d48ac808c Import pfsync support from OpenBSD 4.2
Pfsync interface exposes change in the pf(4) over a pseudo-interface, and can
be used to synchronise different pf.

This work was part of my 2009 GSoC

No objection on tech-net@
2009-09-14 10:36:48 +00:00
wiz
177b015b5d Remove references to securelevel(7) and ssl(8), which don't exist.
From Jukka Ruohonen.
2009-09-10 13:17:39 +00:00
minskim
0997da05f2 Correct the #ifdef test for struct ifdatareq. 2009-08-07 16:37:12 +00:00
christos
6c781e23d6 use the proper structure to get interface data. We depend on having the
NetBSD-specific ZIFDATA call to do the selection of the ioctl style.
From Patrick Welche.
2009-07-15 18:05:17 +00:00
roy
7027866a09 Rename internal getline() function to get_line() so it does
conflict with the soon to be added getline(3) libc function.
2009-07-13 19:05:39 +00:00
minskim
bea661fe98 Reduce diff with OpenBSD. No functional change. 2009-06-16 05:16:52 +00:00
minskim
da9817918e Reduce diff with OpenBSD by deleting whitespace. 2009-06-16 02:18:07 +00:00
reed
9fc4d3902e Fix roff formatting for ->
by adding an \ such as document in mdoc.7

This was reported in 41276
2009-04-24 16:48:58 +00:00
perry
4bfc10355c add missing commas to .Dd fix, pointed out by wiz 2009-03-22 14:29:34 +00:00
perry
c8a35b6227 OpenBSD uses a custom CVS hack to handle Dd fields ($Mdocdate$) which
we don't have. Replace ".Dd $Mdocdate" with ".Dd Month Day Year" so
that the date comes out right when man pages get built. This will
doubtless need hand conflict resolution whenever these pages are
re-imported.

Note that it would be interesting to have some similar facility for
NetBSD, but I don't think a custom rcs keyword is the right thing --
maybe we can teach groff to parse $Date$
2009-03-21 00:15:52 +00:00
christos
5dd7ea59ad fix time_t format. 2008-12-29 04:13:28 +00:00
yamt
fff57c5525 merge yamt-pf42 branch.
(import newer pf from OpenBSD 4.2)

ok'ed by peter@.  requested by core@
2008-06-18 09:06:25 +00:00
dyoung
f72063f0c8 Note NSF support. 2008-05-15 04:16:00 +00:00
martin
ce099b4099 Remove clause 3 and 4 from TNF licenses 2008-04-28 20:22:51 +00:00
matt
e0eafe6e38 infile is const char *, not char * 2008-02-20 18:20:21 +00:00
matt
ccfd1d4480 errbuf is [], not *. 2008-02-20 18:19:18 +00:00
wiz
6ffc795bbf New sentence, new line. Add comma in enumeration. 2007-12-03 18:19:08 +00:00
pavel
cac90c847b Mention the ipf mode in more places, xref pf.conf(5) or ipnat.conf(5)
when speaking about the configuration file commands. Bump date.
2007-11-12 17:14:28 +00:00
pavel
7fa608457b Do not use ntohs() on TCP ports passed to the NAT lookup ioctl, apparently
they are expected in network order. Makes the proxy in ipf mode actually
work (but tested only on NetBSD 3.0).
2007-11-12 17:05:13 +00:00
tls
67fcd29261 Do not include internal header files from libpcap without setting the
feature-test macros they use.  Really, of course, this code should not
include such header files at all.
2007-05-28 11:55:19 +00:00
dyoung
e096ddfc8a Document state policy flags for 'nat' and 'rdr' rules. 2007-05-10 23:03:22 +00:00
dyoung
f7748bc6aa pfctl: extend pf.conf(5) syntax. Let the operator supply an optional
"state lock" flag (if-bound, gr-bound, floating) at the end of a
NAT rule.  The new syntax is backwards-compatbile with the old
syntax.

PF (kernel): change the macro BOUND_IFACE() to the inline function
bound_iface(), and add a new argument, the applicable NAT rule.
Use both the flags on the applicable filter rule and on the applicable
NAT rule to decide whether or not to bind a state to the interface
or the group where it is created.
2007-05-10 22:30:54 +00:00
christos
5b239d0be1 PR/35039: jklowden: Fix example to include -i or -p for ipf or pf. 2006-11-12 06:24:08 +00:00
peter
dd191f37f3 Merge the peter-altq branch.
(sync with KAME & add support for using ALTQ with pf(4)).
2006-10-12 19:59:07 +00:00
rpaulo
1921cb5602 PR 30870: Add user ``_proxy'' and make pf's ftp-proxy use it.
Initial patch by rivo nurges, thanks!
2006-10-07 15:10:17 +00:00