Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
142,266 Commits 606 Branches 0 Tags 3.1 GiB
Commit Graph

211 Commits

Author SHA1 Message Date
martti 10f294ab64 Make the list of files more readable (so it's easier to add and remove files). 2005-12-27 15:23:28 +00:00
martti ac29c41761 Removed ip_rules.c and ip_rules.h 2005-12-27 15:19:38 +00:00
rpaulo dd25e265f4 PR 32241: Igor Sobrado: ipnat(5) FILES section is missing. 2005-12-04 23:37:27 +00:00
martti 4a909698d6 Avoid crash with invalid input. 2005-09-27 12:22:27 +00:00
darrenr 4e1ba8b46a bin/29508 - fix "ipf -T" - kernel wasn't setting ipft_cookie and userland 
was expecting it to be set, thus ignored it.
bin/29509 - because ipft_cookie wasn't reset to 0 before making the ioctl
call for each variable, only the first name to find was used, each successive
call just used the cookie.
CVn: ----------------------------------------------------------------------
 2005-06-11 12:31:40 +00:00
lukem 311c22130d appease gcc -Wuninitialized 2005-06-02 09:47:37 +00:00
christos e3b50bebf6 backout previous. ISDIGIT is used all over the place without a cast. 2005-05-18 00:54:14 +00:00
christos d0eca17dfa Cast isdigit() argument to unsigned char. 2005-05-18 00:15:52 +00:00
reed a74aa39245 Document that ipmon reopens its log file(s) and rereads its configuration 
file when it receives a SIGHUP signal.

Okayed by martti.

This was suggested by Richard Braun on netbsd-help list.
 2005-04-20 19:53:04 +00:00
martti 58b8abcbf8 Upgraded IPFilter to 4.1.8 2005-04-03 15:05:30 +00:00
martti c775aec128 Import IPFilter 4.1.8 2005-04-03 15:01:04 +00:00
he e3e9ad241e Get rid of a compiler warning saying "dereferencing type-punned pointer 
will break strict-aliasing rules" by casting the argument to rn_inithead()
to (void*) instead of (void**).
 2005-03-13 10:44:40 +00:00
dsl 4bcbdc6712 Reinstate the ntohs() on port numbers returned bu getport() 2005-02-20 21:44:51 +00:00
martin 5605ab81e0 Do not use bogus (long) casts and ntohl() on port numbers. 
Only test for -1 error return from getport().
 2005-02-20 21:15:37 +00:00
martti 460bbcc960 Upgraded IPFilter to 4.1.6 2005-02-19 21:30:24 +00:00
martti 76b5d9e30f Import IPFilter 4.1.6 2005-02-19 21:26:02 +00:00
martti fdf846c8d1 REMOVED 2005-02-08 07:20:11 +00:00
martti a023cb1d19 Upgraded IPFilter to 4.1.5 2005-02-08 07:01:52 +00:00
martti 4d6a62d250 Import IPFilter 4.1.5 2005-02-08 06:52:59 +00:00
wiz 959a1400b9 Remove duplicate description for -d. From Chris Ross in PR 29035. 2005-01-21 15:10:16 +00:00
lukem a546e7bfc2 Fix compilation with -UUSE_INET6 2005-01-10 02:08:51 +00:00
martti 4ce4e7d229 Fixed ifdef logic 2005-01-04 12:36:02 +00:00
martti 92ee66b8a1 Note also src/regress/sys/kern/ipf 2004-12-30 13:12:01 +00:00
darrenr 32b2d1458b undo this last change, it did match fil.c - bad me. 2004-12-30 12:07:07 +00:00
martti 34a5ffc74e Use src/sys/dist/ipf/netinet instead of src/sys/netinet 2004-12-30 10:09:32 +00:00
darrenr 760d20de7a the bitmask array in this file should be the same as the one in fil.c if 
rules with v6hdr options are going to match packets.  this sorts the array
by incrementing value of the v6 option.
 2004-12-30 08:29:09 +00:00
darrenr f314fbb0f1 Expand out an unused byte to give each NAT rule a protocol version field, 
allowing rules to be set to match only ipv4/ipv6. And so ipnat must be updated
to actually set this field correctly but to keep things working for old
versions of ipnat (that will set this to 0), make the ioctl handler "update"
the 0 to a 4 to keep things working when people just upgrade kernels.  This
forces NAT rule matching to be limited to ipv4 only, here forward, fixing
kern/28662
 2004-12-16 17:01:02 +00:00
christos d1f40c5512 Make bpf use the cloning device 2004-12-01 23:51:36 +00:00
christos f63af1b624 Use the cloning device if that is available 2004-12-01 23:49:27 +00:00
darrenr f3736130c9 Fix a regression from 3.4 behaviour where the destination of a redirect rule 
could be either a hostname or an IP address (now it can only be an IP#)
 2004-11-21 03:44:59 +00:00
he 2befd828c2 Remove declaration of unused "cksum" variable. 2004-11-13 22:28:49 +00:00
he 4a9ab9770a Apply patch from Darren for the ctype() functions/macros. 
Encapsulates the ctype() functions so that the casts are centralized.
 2004-11-13 19:14:48 +00:00
he 76d82c7f1f Revert previous, paving the way for Darren's cleaner patch. 2004-11-13 18:43:49 +00:00
he a46d912ed3 More instances of casts to usngiend char for the ctype functions. 
Will also be sent to maintainer for inclusion in original.
 2004-11-13 15:18:41 +00:00
he 29d6827a49 Add casts to unsigned char for arguments to ctype functions. 
Note to be sent to Darren Reed for possible inclusion in master sources.
 2004-11-13 14:36:29 +00:00
darrenr 541f8060fe In going from 3.4.x to 4.1.x, "state-age" became "age" but the input grammar 
did not allow for backwards compatibility.

PR: kern/27590
 2004-10-30 13:33:58 +00:00
darrenr 346ea4671b Fix bin/25972 and actually add a token to generate the value IPNY_TCPUDP 
as expected by the grammar.
 2004-10-03 20:37:17 +00:00
darrenr 857c5d7740 kern/27086 (should be bin/27086) - the "keep options" only allow one order, 
not both as they should for proper backwards compatibility.
 2004-10-03 20:18:49 +00:00
martti dd39bdf1e1 Allow \ at the end of line so long lines can be splitted and made more 
readable. Without this modification old IPF 3.x and 4.1.1 rules will not
work with IPF 4.1.3. Patch from Darren Reed.
 2004-09-27 08:23:15 +00:00
martti 87c4b6357b Sync with official IPF 2004-07-23 07:18:14 +00:00
martti a17d8fa0a5 Not needed in NetBSD 2004-07-23 05:42:27 +00:00
martti 7ff15b917f Upgraded IPFilter to 4.1.3 2004-07-23 05:39:03 +00:00
martti 9e82a8bf0d Import IPFilter 4.1.3 2004-07-23 05:33:55 +00:00
christos fe028e1238 PR/26882: Matthew Mondor: ipfstat -t fails to restore termios tty state 
if it fails for ipf disabled. Fix from Peter Postma.
 2004-07-14 18:22:10 +00:00
christos 22b751b93d Play more games with yyvarnext to make numeric protocols work again. 
Parsing an ambiguous language with an LR(1) parser is not the best
road to sanity.
 2004-07-12 21:52:01 +00:00
christos a998d914f3 make the code identical to 4.1.2 2004-07-12 18:09:39 +00:00
christos 065a08dedc Sprinkle yyvarnext assignment until the port and proto rules work again. 
XXX: this is not nice.
 2004-07-12 18:09:24 +00:00
christos 5e63f46756 PR/25991: Martin Husemann: ipnat.conf rules don't allow port/protocol names 
Patch applied, but new we have a never reduced rule (dport)
 2004-07-10 16:11:00 +00:00
christos 981c88b630 PR/25992: Grant Beattie: some protocol names in ipf.conf don't work 
patch applied.
 2004-07-10 15:38:28 +00:00
christos b074ee3b58 Attempt to fix PR/25992 [protocol parsing] by bringing these files in from 
4.1.2
 2004-07-08 02:51:24 +00:00