Aren/NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
264,407 Commits 606 Branches 0 Tags 3.1 GiB
65808c7ffa
Commit Graph

209 Commits

Author SHA1 Message Date
wiz
65808c7ffa New sentence, new line. Punctuation fixes. Remove macros without effect. 2019-01-08 10:25:26 +00:00
gutteridge
a7a743c1a4 npf.conf(5): add a minor clarification about table types that can't 
accept masks on IP addresses. Prompted by Rob Hunter in PR bin/51900.
 2019-01-08 01:19:16 +00:00
rmind
39013e66c1 NPF: Major rework -- migrate NPF to the libnv library. 
- This conversion significantly simplifies the code and moves NPF to
  a binary serialisation format (replacing the XML-like format).
- Fix some memory/reference leaks and possibly use-after-free bugs.
- Bump NPF_VERSION as this change makes libnpf incompatible with the
  previous versions.  Also, different serialisation format means NPF
  connection/config saving and loading is not compatible with the
  previous versions either.

Thanks to christos@ for extra testing.
 2018-09-29 14:41:35 +00:00
uwe
97e384e7bd According to the grammar and examples the static table is defined with 
"file" keyword, not "static".
 2018-09-21 10:59:11 +00:00
uwe
6da1ab24a9 Improve markup. 2018-09-21 09:42:18 +00:00
maxv
62994698cf Wrap long lines, so that nothing overflows. 2018-09-21 07:22:26 +00:00
maxv
657923ce43 Switch back to tabs, it was nicer this way. 2018-09-19 15:36:12 +00:00
maxv
bc58a324f2 Fix the "Interfaces" section, I understood wrong. Talk about inference, 
because it was not mentioned before, and it plays an important role.
Discussed with rmind. Probably not the last pass.
 2018-09-04 15:36:01 +00:00
wiz
0394df431b New sentence, new line. Use Fn for functions. 2018-09-02 18:03:23 +00:00
maxv
c09ea90fc6 Be clearer about the difference between static vs dynamic interface list, 
and slightly improve wording.

My understanding is that when none of inet4/inet6/ifaddrs is passed, NPF
assumes ifaddrs.
 2018-09-02 17:45:18 +00:00
wiz
25be4c69af Remove superfluous Pp. 2018-09-01 19:26:46 +00:00
rmind
b5635267ab npf.conf(5): fix some of the previous incorrect or inaccurate changes. 
The TCP flags option is not only for the stateful tracking.  Dynamic NAT
implies NAPT; algorithms, at least for now, are for static NAT mappings.
Mention that ALG ICMP is also for traceroute behind NAT; also mention
"MSS clamping" (some users might search for this term, so keeping the
terminology is helpful).
 2018-09-01 16:28:57 +00:00
maxv
e3e075e240 rename net-seg -> map-seg, and document it 2018-08-31 11:18:35 +00:00
maxv
e6e69c66e8 "interface" already contains "var-name", so don't mention it in "filt-addr", 
that's redundant
 2018-08-31 11:11:21 +00:00
maxv
7af2b2f68b should be port-opts 2018-08-31 11:01:09 +00:00
maxv
20048da297 Clarify the "Groups" section. 2018-08-31 10:52:30 +00:00
wiz
367a79e6ff Add missing -width; remove unnecessary .Pp. 2018-08-27 13:20:47 +00:00
maxv
6cf056e7fd Improve the "Map" section. 2018-08-27 13:09:16 +00:00
maxv
c4abcc5a94 Document ALGs. 2018-08-27 12:46:03 +00:00
maxv
5458b5faf0 Add the values of "algo" in the grammar, and use # as comment marker for 
man-k.org (and others) not to highlight things in an incorrect way.
 2018-08-17 12:20:49 +00:00
maxv
143312eb5c Add missing quote in static-rule, it causes man-k.org (and other tools) 
to wrongly highlight the grammar.
 2018-08-17 12:04:20 +00:00
maxv
1dbf263b8b Replace "rproc"->"proc" in the grammar (spotted by he@), and slightly 
reword.
 2018-08-17 10:24:19 +00:00
maxv
f8cd5f425f Replace () by [] in tcp-flags. 
Fix proc-opts, the value is optional, noted by he@.
 2018-08-17 10:16:24 +00:00
maxv
29f7e3440d Improve wording. 2018-08-16 09:58:00 +00:00
maxv
ded4e9d920 Improve the "Map" section a little. 2018-08-16 09:50:37 +00:00
maxv
16b11b4076 Document the "flags" keyword. 2018-08-16 09:46:18 +00:00
maxv
b8e06d89f6 Improve the "Rules" section: better explain the "final" keyword (it is 
the same as PF's "quick", so use the same wording), and document the
"return" options.

While here simplify the man code, suggested by wiz.
 2018-08-16 09:21:00 +00:00
maxv
65ac579f46 Add quotes around the option names, to match the actual npf conf. 2018-08-16 08:51:53 +00:00
maxv
0a9ee16931 Enlighten the "Procedures" section. In particular document the "no-df" 
option. Also replace "normalisation" -> "normalization", to match the
name of the rule.
 2018-08-16 08:37:51 +00:00
wiz
444a305543 Add missing El. Remove trailing whitespace. 2018-08-13 06:06:13 +00:00
sevan
eaf2f5a246 First pass at editing this manual. 
Add a link to the NPF documentation website and refer to it.
Switch the multiple structural elements to a list to make it easier to read and
extend.
Clarify tables, re-order so all terms are before the example.
Clarify obtaining addresses per family
Move the minimum requirement for a default group to the group section.
 2018-08-07 00:22:13 +00:00
maxv
82288565a0 Document "debug" in usage(). 2018-04-13 17:43:37 +00:00
maxv
64f4aca696 Move NPF's todo list into src/doc/TODO.npf, and add some entries. After a 
conversation (two months ago) with rmind and sborrill.
 2018-04-08 08:57:37 +00:00
wiz
4b01aa4e24 Remove superfluous Pp. 2017-12-11 23:07:49 +00:00
rmind
bd05c4c470 npfctl: add support for the 'no-ports' flag in the 'map' statements. 
This allows us to create a NAT policy without the port translation.
 2017-12-10 22:04:41 +00:00
leot
add6cc459e Fix a typo 2017-12-10 20:45:26 +00:00
christos
9e9f13a4e0 Add things implemented 2017-12-10 20:30:45 +00:00
mlelstv
808b264de6 allow PASS opt_proto ALL syntax in map statement. 2017-12-03 23:48:03 +00:00
ozaki-r
2acd285552 Fix showing translated port (ntohs-ed twice wrongly) 2017-10-30 04:53:43 +00:00
wiz
01869ca4d2 Remove workaround for ancient HTML generation code. 2017-07-03 21:28:48 +00:00
christos
01920ad36e don't print decimal and parse hex! 2017-05-14 21:38:23 +00:00
christos
f8006a404c Always print the rule id associated with a rule. 2017-01-29 00:18:15 +00:00
rmind
82fad0d6ea npfctl: fix shift/reduce conflicts, thanks to riastradh@. 2017-01-20 23:00:30 +00:00
wiz
857253ed15 Bump date for previous. 2017-01-20 08:48:14 +00:00
kre
786e74973e Add missing ; - hopefully unbreak build. 2017-01-20 03:16:40 +00:00
rmind
60a0ec10c4 npfctl: 
- Add protocol filter option for "map".
- Print user-friendly error if table contains an entry with invalid netmask.
- Add support for inline ports.
 2017-01-19 20:18:17 +00:00
christos
103b31ec3d more todo 2017-01-11 02:13:54 +00:00
christos
f07757667e Don't silently take the first element of multiple element variables. 2017-01-11 02:11:21 +00:00
christos
5da201fb8b fix hint. 2017-01-11 02:10:44 +00:00
rmind
f095afd741 npfctl: dynamic interface address handling; update npf.conf(8). 2017-01-03 01:29:49 +00:00