Aren/NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
217,735 Commits 606 Branches 0 Tags 3.1 GiB
5c7e576842
Commit Graph

110 Commits

Author SHA1 Message Date
christos
bc0f55de88 Make ALG's autoloadable by providing in the config file: 
alg "algname"
 2013-03-20 00:29:46 +00:00
rmind
543d2971ab - Extend npf.conf syntax to support dynamic NAT policies. 
- Imply dynamic group when using "ruleset" keyword.
 2013-03-18 02:17:49 +00:00
christos
29e670c87b more explicit syntax 2013-03-13 02:44:28 +00:00
christos
5f0daf8289 more todo's 2013-03-13 02:41:23 +00:00
christos
b46215b9d2 add another 2013-03-13 02:36:51 +00:00
christos
668937be38 one more fixed 2013-03-11 16:38:31 +00:00
christos
08ba3be1b4 more breakage. 2013-03-11 02:12:15 +00:00
christos
fce0192186 explain further. 2013-03-11 02:02:28 +00:00
christos
8493e8dcfc separate sess commands. 2013-03-11 00:39:32 +00:00
christos
feb589a817 remove dup usage. 2013-03-11 00:34:43 +00:00
christos
c85651a383 fix usage 2013-03-11 00:16:59 +00:00
christos
58bc4d4e58 handle port "ftp-data" 2013-03-11 00:09:07 +00:00
christos
cd72feefe1 more 2013-03-11 00:05:36 +00:00
christos
b58e208695 my laundry list 2013-03-11 00:04:46 +00:00
christos
2acab3345b centralize error handling and print what went wrong instead of "ioctl" 2013-03-10 23:59:00 +00:00
christos
8c8be406dd modules moved to /lib 2013-03-10 23:57:07 +00:00
christos
e0620b41b3 deal with strings as interfaces 2013-03-10 23:11:26 +00:00
christos
9f5f8a86c5 normalise -> normalize 2013-03-10 21:55:40 +00:00
rmind
e1515f844d Fix the example (deja vu?). 2013-03-10 21:17:30 +00:00
rmind
e9a253f3c1 npftest/npf_blockall_rule: set NPF_RULE_DYNAMIC flag for the test rule. 2013-02-18 23:09:20 +00:00
rmind
56910be779 - Convert NPF dynamic rule ID to just incremented 64-bit counter. 
- Fix multiple bugs.  Also, update the man page.
 2013-02-16 21:11:12 +00:00
rmind
90957242c6 npftest: adjust for recent change. 2013-02-11 02:52:32 +00:00
rmind
82975ead3b Allow filtering on IP addresses even if the L4 protocol is unknown. 
Patch from spz@.
 2013-02-11 00:00:20 +00:00
rmind
50c5afcad4 - Fix NPF config reload with dynamic rules present. 
- Implement list and flush commands on a dynamic ruleset.
 2013-02-10 23:47:37 +00:00
rmind
0e21825481 NPF: 
- Implement dynamic NPF rules.  Controlled through npf(3) library of via
  npfctl rule command.  A rule can be removed using a unique identifier,
  returned on addition, or using a key which is SHA1 hash of the rule.
  Adjust npftest and add a regression test.
- Improvements to rule inspection mechanism.
- Initial BPF support as an alternative to n-code.
- Minor fixes; bump the version.
 2013-02-09 03:35:31 +00:00
spz
a3b287e514 IPv6 linklocal address printing cosmetics 2013-02-01 05:40:07 +00:00
rmind
3107fd1eb5 - nbuf_ensure_contig: rework to use m_ensure_contig(9), which will not free 
the mbuf chain on failure.  Fixes some corner cases.  Improve regression
  test and sprinkle some asserts.
- npf_reassembly: clear nbuf on IPv6 reassembly failure path (partial fix).
  The problem was found and fix provided by Anthony Mallet.
 2013-01-20 18:45:56 +00:00
rmind
352f160615 - Rework NPF's nbuf interface: use advancing and ensuring as a main method. 
Eliminate unnecessary copy and simplify.  Adapt regression tests.
- Simplify ICMP ALG a little.  While here, handle ICMP ECHO for traceroute.
- Minor fixes, misc cleanup.
 2012-12-24 19:05:42 +00:00
rmind
57ff5416fd - Add NPF version check in proplist as well, not only ioctl. Bump the version. 
- Fix a bug in table entry lookup.
- Updates/fixes to the man pages.  Misc.
 2012-12-23 21:01:03 +00:00
rmind
f960ba1c63 npfctl: add 'validate' command to check the config, but not load it. Update 
the man page.  Also add a small note about 'debug' command, PR/47298.
 2012-12-10 02:26:04 +00:00
rmind
7d7f70e66e - npf.conf(5): fix of the example config. 
- Mention npf_ext_log in a comment.
 2012-12-06 22:36:51 +00:00
rmind
5111d7eafd npfctl: extend syntax for extracting interface IP address(es) by the family. 2012-11-26 20:34:28 +00:00
rmind
4a1b0d45b2 npfctl(8): mention table listing. 2012-11-15 22:22:53 +00:00
rmind
b4a9940e50 npfctl: switch to ecalloc(3). 2012-11-15 22:20:27 +00:00
rmind
7b016567c0 npfctl: switch to efun(3) routines. 2012-11-05 23:47:12 +00:00
christos
599362a983 put in /sbin 2012-11-01 03:21:49 +00:00
martin
73809d4025 gcc 4.1 is not smart enough to notice "arg" is only used when initialized 
correctly and produces a "might be used unintialized" warning.
 2012-10-31 08:54:39 +00:00
rmind
64647e51e4 Implement NPF table listing and preservation of entries on reload. 
Bump the version.
 2012-10-29 02:27:11 +00:00
rmind
3ed953299c Fix for npfctl show case. Improve some description while here. 2012-10-28 16:27:20 +00:00
rmind
e7cdd21f2e npfctl/yyerror(): print the right line number if we already parsed the line. 2012-10-02 23:38:52 +00:00
wiz
df3325de63 Wording, more macros. 2012-09-30 21:15:08 +00:00
rmind
395bd44a04 Add some content to the Procedures section. 2012-09-30 21:09:30 +00:00
wiz
cda4ed683f Use more markup. New sentence, new line. 2012-09-30 13:15:03 +00:00
spz
34865a25d0 Add some content to the "Rules" section. 2012-09-30 12:59:31 +00:00
wiz
c92c93101c Whitespace fixes, remove unnecessary Pp 
XXX: Subsections Rules and Procedures seem empty?
 2012-09-30 07:43:03 +00:00
rmind
703f289235 npf.conf(5): add syntax section and a first cut describing the structural 
elements.  Some improvements and fixes from spz@.
 2012-09-29 19:50:03 +00:00
spz
6d80dd36ba re-work the description part of the man page, as discussed with rmind@ 2012-09-28 18:36:02 +00:00
rmind
aed1e968f7 npf.conf(5): improve and explain grammar definition. 2012-09-26 21:58:27 +00:00
rmind
8c6e21bf5e Implement dynamic NPF extensions interface. An extension consists of 
dynamically loaded module (.so) supplementing npfctl(8) and a kernel
module.  Move normalisation and logging functionality into their own
extensions.  More improvements to come.
 2012-09-16 13:47:41 +00:00
joerg
c4eabd7bd6 More __dead 2012-09-14 15:37:03 +00:00