29d6827a49
Add casts to unsigned char for arguments to ctype functions.
...
Note to be sent to Darren Reed for possible inclusion in master sources.
2004-11-13 14:36:29 +00:00
541f8060fe
In going from 3.4.x to 4.1.x, "state-age" became "age" but the input grammar
...
did not allow for backwards compatibility.
PR: kern/27590
2004-10-30 13:33:58 +00:00
346ea4671b
Fix bin/25972 and actually add a token to generate the value IPNY_TCPUDP
...
as expected by the grammar.
2004-10-03 20:37:17 +00:00
857c5d7740
kern/27086 (should be bin/27086) - the "keep options" only allow one order,
...
not both as they should for proper backwards compatibility.
2004-10-03 20:18:49 +00:00
dd39bdf1e1
Allow \ at the end of line so long lines can be splitted and made more
...
readable. Without this modification old IPF 3.x and 4.1.1 rules will not
work with IPF 4.1.3. Patch from Darren Reed.
2004-09-27 08:23:15 +00:00
87c4b6357b
Sync with official IPF
2004-07-23 07:18:14 +00:00
a17d8fa0a5
Not needed in NetBSD
2004-07-23 05:42:27 +00:00
7ff15b917f
Upgraded IPFilter to 4.1.3
2004-07-23 05:39:03 +00:00
9e82a8bf0d
Import IPFilter 4.1.3
2004-07-23 05:33:55 +00:00
fe028e1238
PR/26882: Matthew Mondor: ipfstat -t fails to restore termios tty state
...
if it fails for ipf disabled. Fix from Peter Postma.
2004-07-14 18:22:10 +00:00
22b751b93d
Play more games with yyvarnext to make numeric protocols work again.
...
Parsing an ambiguous language with an LR(1) parser is not the best
road to sanity.
2004-07-12 21:52:01 +00:00
a998d914f3
make the code identical to 4.1.2
2004-07-12 18:09:39 +00:00
065a08dedc
Sprinkle yyvarnext assignment until the port and proto rules work again.
...
XXX: this is not nice.
2004-07-12 18:09:24 +00:00
5e63f46756
PR/25991: Martin Husemann: ipnat.conf rules don't allow port/protocol names
...
Patch applied, but new we have a never reduced rule (dport)
2004-07-10 16:11:00 +00:00
981c88b630
PR/25992: Grant Beattie: some protocol names in ipf.conf don't work
...
patch applied.
2004-07-10 15:38:28 +00:00
b074ee3b58
Attempt to fix PR/25992 [protocol parsing] by bringing these files in from
...
4.1.2
2004-07-08 02:51:24 +00:00
aa17268ea7
PR/25993: Grant Beattie: Ipf parser accepts invalid flags in rules
2004-06-29 22:33:25 +00:00
09b9f88e19
Do no add NetBSD tags for IPv6 regression tests
2004-06-07 11:52:46 +00:00
c06c3a3172
PR/24989: Arto Selonen: ipfilter 4.1.1 does not behave according to rules
...
in ipf.conf
2004-06-03 20:32:40 +00:00
fa159ed2be
PR/25594: Arto Huusko: LP64 sign extension bug in ipnat.
...
Fix: change to ioctlcmd_t as suggested by darren.
2004-05-26 20:32:48 +00:00
596171adc5
PR/24961: Arto Selonen: ipfilter 4.1.1 has problems parsing ipf.conf
2004-05-22 17:59:37 +00:00
02a532d111
PR/25532: Geoff C. Wing: a bad icmp-type rule in /etc/ipf.conf can cause ipf
...
to segv upon parsing.
2004-05-22 17:19:25 +00:00
4c2512fd51
Fix formatting of some options and a typo.
2004-05-21 22:31:52 +00:00
4c00db0b81
PR/24969: Arto Selonen: ipfs does not work at all with 4.1.1. Applied portion
...
of the patch that did not conflict with the previous commit. Darren should
take a look at it, and keep what it apropriate.
2004-05-10 00:50:07 +00:00
191890ee3f
PR/21334: Mike M. Volokhov: NAT halts on ipfs(8) restore in case of ftp
...
proxy used. Apply userland patch from this PR, since the kernel patch does
not match at all anymore, and seems to have been applied differently.
2004-05-10 00:36:19 +00:00
a218a37d8f
PR/25122: Peter Postma: ipfstat state top broken with IPv6 addresses
...
patch applied.
2004-05-09 04:12:03 +00:00
e786da0edd
PR/25365: HIROSE yuuji: ipf 4.1.1 fails to parse ipv6 address in fastroute
...
destination. Patch from darren applied.
2004-05-09 03:53:23 +00:00
7a452cae15
Commit fix, from Darren Reed (darrenr@netbsd.org), for a functional regression
...
in the new ipf -- return_icmp_as_dest with an argument was no longer accepted
by the parser.
2004-04-09 20:39:22 +00:00
dfa47cfea0
PR/25097: Kouichirou Hiratsuka: incorrect conditional -- misplaced ]
2004-04-07 20:27:54 +00:00
33e4f3be32
Check refresh() error code and bail out if we lost the terminal.
...
From Julian Coleman
2004-04-07 17:28:54 +00:00
d1af91eb0c
ioctl(2) "request" arguments should be ioctlcmd_t, not u_int.
2004-04-01 09:26:12 +00:00
91305f93d4
don't create unnecessary ifdefs that are due to character signness in
...
different platforms.
2004-03-29 03:15:47 +00:00
edd34d027d
For portable printing of a size_t, use the 'z' format modifier.
...
Fixes compile problem on alpha.
2004-03-28 14:34:45 +00:00
521d2418ef
For portable printing of u_quad_t, use PRId64 instead of %lld if PRId64
...
is available. Fixes compile problem on alpha.
2004-03-28 14:33:35 +00:00
8cbdcc6bc6
Since the return value from openkmem() is not used as a token for
...
subsequent operations, just as a success/failure indicator, return
(kvm_f != NULL) instead of the non-portable cast (int)kvm_f.
2004-03-28 14:15:38 +00:00
afa0e7c2a8
Reapply fixes that got lost during 4.1.1 import.
2004-03-28 12:56:41 +00:00
9fc8265a5a
This is needed with /sys/netinet/ip_h323_pxy.c
2004-03-28 10:06:42 +00:00
0df809a138
FILE REMOVED
2004-03-28 09:04:40 +00:00
ad2b97f78f
Added the original version
2004-03-28 09:03:12 +00:00
621e9bac7f
Sync with official IPFilter
2004-03-28 09:01:26 +00:00
24d567d60d
Upgraded IPFilter to 4.1.1
2004-03-28 09:00:53 +00:00
ad9b29ed97
Import IPFilter 4.1.1
2004-03-28 08:55:20 +00:00
a6eef7f88b
Install ip_fil_netbsd.c instead of ip_fil.c into /sys/netinet
2004-03-28 08:45:02 +00:00
7103cae5ac
Do not install ip_fil_netbsd.c as dist/ipf/ip_fil.c
2004-03-23 21:07:47 +00:00
695f848b03
Added ip_pptp_pxy.c
2004-03-23 12:23:54 +00:00
bbf6758e00
Added IPFilter 4.1 support
2004-03-18 16:51:39 +00:00
44b11fda7a
Stare-o; back out previous.
2004-01-28 20:15:52 +00:00
1622fd1b1d
Rearrange the description of the @rule:group field to match the latter's
...
format.
2004-01-28 20:13:35 +00:00
c2634d5895
Fix IPv6 accounting (PR#18839 by FUKAUMI Naoki).
2003-08-15 08:10:09 +00:00
865595bdf3
Move UCB-licensed code from 4-clause to 3-clause licence.
...
Patches provided by Joel Baker in PR 22253, verified by myself.
2003-08-07 09:20:39 +00:00
aab62ed1ca
Don't attempt to unput(EOF).
...
According to lex(1) (the manual page for flex, which is what we use for lex):
Finally, note that you cannot put back EOF to attempt to mark the
input stream with an end-of-file.
Fixes PR bin/8707, which had been reclassified as a toolchain bug.
2003-07-20 03:14:40 +00:00
978d7b8991
Fix some typos, reported by Juha Hyttinen in PR 22035.
2003-07-02 13:26:26 +00:00
e6bc82abd9
Everything is now in src/
2003-06-27 05:45:11 +00:00
4e7f8e8660
backout previous.
2003-05-17 13:58:07 +00:00
aa5672d8c5
sscanf overrun
2003-05-17 01:02:01 +00:00
c42e1fac66
Management, not managment. Mostly from jmc@openbsd.
2003-04-26 22:07:12 +00:00
5e6d862997
Separate "command" from "line".
2003-03-30 17:09:37 +00:00
83de4abed2
Use "its" instead of "it's" where appropriate.
...
From Soren Jacobsen in PR 20730.
2003-03-15 23:48:27 +00:00
c9ac698957
IPv4, not IPV4.
2003-03-15 19:26:42 +00:00
688d6608cc
Fix some typos reported by Igor Sobrado in PR 19653.
2003-01-04 01:18:01 +00:00
fe6e776886
Misc typo fixes from Adrian Mrva.
2002-12-21 13:28:25 +00:00
3c9f6b6387
hexadecimal, not hexidecimal. From Adrian Mrva.
2002-12-21 13:15:11 +00:00
7ae57bfafd
arbitrary with all three rs, from Adrian Mrva.
2002-12-21 13:14:38 +00:00
b7c1b899f2
Avoid strict alias warning.
2002-12-06 04:43:53 +00:00
0b48b4c927
Fix typos. Found by Adrian Mrva.
2002-10-29 16:22:33 +00:00
77e9b5999f
Fix typo. Found by Adrian Mrva.
2002-10-29 16:21:18 +00:00
9e0869ba07
* <sys/poll.h> -> <poll.h>
...
* define "struct pollfd set[]" for USE_POLL
2002-09-29 08:19:16 +00:00
9b50522649
<sys/poll.h> -> <poll.h>
2002-09-29 08:14:32 +00:00
bd0971158d
This file is now in regress/sys/kern/ipf/
2002-09-27 09:13:23 +00:00
b6a507dfee
Fix syntax rule (PR#16499).
2002-09-25 12:49:40 +00:00
15e6ca78da
Fix ipmon problems on 64-bit platforms (PR#17403 and PR#17404).
2002-09-25 06:43:17 +00:00
ace9bd9c2e
select() -> poll(), nanosleep()
2002-09-20 15:00:06 +00:00
38041d0ad0
Print newline after pid (reapply revision 1.10).
2002-09-19 09:03:09 +00:00
3a5ea42f37
We don't need this file
2002-09-19 08:21:53 +00:00
5b3c5dc17f
Make this compile
2002-09-19 08:11:38 +00:00
7bfcc4bc66
Resync with official IPF
2002-09-19 08:11:13 +00:00
1c7ea364cc
Add __attribute__((__unused__)) to SCCS and RCS IDs
2002-09-19 08:10:38 +00:00
87f18f024e
Upgraded IPFilter to 3.4.29
2002-09-19 08:08:14 +00:00
1b37ad3011
Import IPFilter 3.4.29
2002-09-19 07:56:23 +00:00
d89a42dbe9
document couple ipnat flags, which were not mentioned previously
2002-09-12 06:58:13 +00:00
b19f6de011
ispell.
2002-09-04 00:09:23 +00:00
66d91e6892
Fix ipmon problems on sparc64 [Tomi Nylund]
...
1. localtime() expects a time_t, not a pointer to unsigned long.
2. adapt to the kernel use of struct timeval.
2002-07-01 13:56:53 +00:00
ccb24c64f4
Consistency patch by John Franklin from bin/17281; additional grammar fix
...
by me.
2002-06-16 14:43:46 +00:00
938d959959
Add __attribute__((__unused__)) to SCCS and RCS IDs.
2002-05-30 18:10:25 +00:00
da0b574ae0
Comment out token after #endif.
2002-05-16 19:30:41 +00:00
67c70b98e1
ipf regression tests are in regress/sys/kern/ipf
2002-05-13 06:35:47 +00:00
1286035f0a
Import regression tests into basesrc/regress/sys/kern/ipf
2002-05-13 06:23:30 +00:00
d30d25dc1a
Spelling fixes, from Sergey Svishchev in kern/16650.
2002-05-12 15:48:36 +00:00
0486c7bccc
Show active rules correctly if "portmap auto" is used (PR#16615 by Sergey
...
Svishchev)
2002-05-03 08:27:10 +00:00
fb5ea935fe
remove stuff not relevant for NetBSD
2002-05-02 21:45:06 +00:00
dc57912eac
This is in /sys/netinet
2002-05-02 17:27:25 +00:00
e74092de02
Upgraded IPFilter to 3.4.27
2002-05-02 17:11:37 +00:00
0071d2a114
Import IPFilter 3.4.27
2002-05-02 16:51:52 +00:00
d02c43db4c
Import IPFilter 3.4.27
2002-05-02 16:48:42 +00:00
48e5349fdc
Import IPFilter 3.4.27
2002-05-02 16:47:12 +00:00
ac4fd59f8c
`Normalize' the pid file contents to "<pid><newline>", just like
...
pidfile(3) does; patch sent to Darren a while ago.
2002-04-17 12:06:23 +00:00
7cb50ab7ee
Spelling fixes and grammar improvements.
2002-04-14 14:35:05 +00:00
a3f3f844dc
Document the mssclamp option.
2002-04-14 07:53:46 +00:00
082e0b796d
Add the __unused__ attribute to rcsid[]/sccsid[]. Need to talk
...
to Darren about this more, but this gets it to compile with gcc 3.2.
2002-04-09 02:32:51 +00:00
3c53e00e43
Don't remove ip_h323_pxy.c
2002-04-03 09:32:06 +00:00
1414ac04e0
remove stuff not related to NetBSD
2002-04-01 15:58:08 +00:00
aa2f829ddf
remove the 'mv ipnat.1 ipnat.8', the distribution comes with ipnat.8 nowadays
...
add back ip_h323_pxy.c - upon closer examination, the licence seems to be okay
2002-04-01 15:56:51 +00:00
58d564bc8c
Add MSS clamping to the IP Filter NAT subsystem.
...
Configured by a new option "mssclamp" in NAT rules, like:
map pppoe0 192.168.1.0/24 -> 0/32 mssclamp 1452
This is based on work by Xiaodan Tang <xtang@qnx.com>.
2002-03-14 21:46:54 +00:00
83b3487b70
Upgraded IPFilter to 3.4.25
2002-03-14 12:32:36 +00:00
a79df224af
Import IPFilter 3.4.25
2002-03-14 12:30:07 +00:00
27df1070c7
Don't import ip_h323_pxy.c (license issues)
2002-03-14 08:07:06 +00:00
3e18fc136f
More ipip references
2002-03-04 15:15:39 +00:00
c6a4a9d33a
Fixed Darren's original IPv6 icmp-type patch (rev 1.8) to display
...
better error messages if the user tries to use symbolic names such
as "echo" and "echorep" in "ipv6-icmp ... icmp-type ..." rules.
Consider the following rules:
# cat /etc/ipf6.conf
pass in quick proto ipv6-icmp from any to any icmp-type 128
pass in quick proto ipv6-icmp from any to any icmp-type echo
Use of symbolic names give now the following error:
# ipf -Fa -6f /etc/ipf6.conf
2: Unknown ICMPv6 type (echo) specified (use numeric value instead)
The first rule with numeric value will work as expected:
# ipfstat -6hi
0 pass in quick proto ipv6-icmp from any to any icmp-type 128
NOTE: You MUST use numerical values for ICMPv6 types. See
/sys/netinet/icmp6.h for available codes!
2002-02-04 19:07:47 +00:00
6ffd37ccd1
Back out version 1.8 as it fixes the display BUT breaks the icmp-type rules:
...
ROOT localhost:~> /etc/rc.d/ipfilter reload
Reloading ipfilter rules.
22: Invalid icmp-type (echo) specified
With version 1.7 everything works just fine:
ROOT localhost:~> /etc/rc.d/ipfilter reload
Reloading ipfilter rules.
Set 1 now inactive
2002-02-04 12:00:52 +00:00
bfc0fa18e9
Fixed display of "proto ipv6-icmp ... icmp-type ..." rule. Before
...
this fix ipfstat reported:
0 pass in quick proto ipv6-icmp from any to any
while after this fix:
0 pass in quick proto ipv6-icmp from any to any icmp-type 8
This was just a display bug, the rule worked as expected.
2002-02-01 11:31:56 +00:00
d4e37ff89e
Add a missing "else".
2002-01-24 10:40:12 +00:00
5ecddfad8c
Fixed return value (I was unable to compile this on sparc64 before
...
this fix).
2002-01-24 08:30:27 +00:00
7421720886
This file is not needed
2002-01-24 08:25:37 +00:00
e6acaff1c5
This file is in /sys/netinet
2002-01-24 08:25:21 +00:00
a0dddbc807
Manual page fixes regarding IPv6
2002-01-24 08:24:14 +00:00
b9920d0f43
Upgraded IPFilter to 3.4.23
2002-01-24 08:21:30 +00:00
b0499f9062
Import IPFilter 3.4.23
2002-01-24 08:18:28 +00:00
14b3179d7c
Added ip_netbios_pxy.c and ip_ipsec_pxy.c
2002-01-23 11:03:19 +00:00
1fd7eeefcd
"than" instead of "then".
2001-11-21 19:14:19 +00:00
456dff6cb8
Spell 'occurred' with two 'r's.
2001-09-16 16:34:23 +00:00
e3f8252b49
Xref ipf(8) instead of non-existing ipf(1).
2001-09-09 17:22:59 +00:00
1288f79bbd
Xref curses(3) instead of ncurses(3).
2001-09-09 17:22:39 +00:00
23fec241fa
Change Xref to ipfilter(4) from [not installed] ipfilter(5).
2001-09-03 01:19:05 +00:00
2a32c938de
make this program actually work.
2001-06-07 14:15:39 +00:00
2e4a6df0d4
Change perl location from /usr/local/bin/perl to /usr/pkg/bin/perl.
2001-04-11 19:08:05 +00:00
bc80fa8140
Fix typo.
2001-04-11 09:41:37 +00:00
c73fe2d6a1
protocols(5), not (4).
2001-04-09 12:39:02 +00:00
fb2dc295a6
Resolve conflicts.
2001-03-26 06:11:46 +00:00
204c25d632
Import IP Filter 3.4.16
2001-03-26 03:52:19 +00:00
713e855d22
we are NetBSD -- we don't need stinking ncurses.
2001-03-13 16:30:39 +00:00
85213a5c3e
Clean up wording slightly in previous.
2001-01-25 11:59:27 +00:00
8e11103138
document about ipf interaction with ipsec tunnel, and tunnelling devices.
...
(the behavior is netbsd specific)
2001-01-25 11:16:16 +00:00
9934ff5271
Xref ipf.conf(5)
2001-01-07 04:33:47 +00:00
890345ee05
Format string cleanups by Bill Sommerfeld.
2000-10-09 14:52:15 +00:00
b3d0df91fb
Resolve conflicts.
2000-08-09 21:00:39 +00:00
dd200b1b9b
Import IP Filter 3.4.9
2000-08-09 20:49:40 +00:00
6acc606aa4
Update to reflect that you don't need to explicitly do an
...
`ipf -E' in order to be able to use NAT.
2000-08-06 07:05:50 +00:00
5189b64cf6
Resolve conflicts.
2000-06-12 10:43:24 +00:00
8a1de3e633
Import IP Filter 3.4.6
2000-06-12 10:21:51 +00:00
c02ef5cc85
Resolve conflicts.
2000-05-23 06:07:42 +00:00
11120ba212
Resolve conflicts.
2000-05-21 18:53:54 +00:00
8fcd61625e
Rename ipnat.1 to ipnat.8.
2000-05-21 18:37:27 +00:00
ca37c80f5b
Resolve conflicts.
2000-05-11 19:54:35 +00:00
b358e4a2ae
Import IP Filter 3.4.2
2000-05-11 19:49:13 +00:00
b3f239a7bf
Use unsigned long long and not long long for the change in Rev 1.6 and
...
also change the the printf format.
2000-05-08 13:07:56 +00:00
c1ae3e842e
Add again out changes which get lost during the changeover to the dist
...
format and fix PR#8932 while I am here.
Thanks to Darren for letting me know that it was gone.
We should just move to mandoc, but that makes it harder to keep it in sync
with the releases, so I made the changes in the old format.
2000-05-06 15:39:02 +00:00
4ca015c23a
Add the -6 option to the usage output.
2000-05-05 21:49:47 +00:00
280a47cc0a
Again, fix a build problem on the alpha.
2000-05-05 20:59:17 +00:00
0392fc75f8
Put the (long long) and (unsigned long long) casts back.
2000-05-04 19:55:44 +00:00
6a6c8edcab
Resolve conflicts and remove some files.
2000-05-03 11:40:15 +00:00
he