"state lock" flag (if-bound, gr-bound, floating) at the end of a
NAT rule. The new syntax is backwards-compatbile with the old
syntax.
PF (kernel): change the macro BOUND_IFACE() to the inline function
bound_iface(), and add a new argument, the applicable NAT rule.
Use both the flags on the applicable filter rule and on the applicable
NAT rule to decide whether or not to bind a state to the interface
or the group where it is created.
- The array must be NULL terminated because other code depends on it.
- Use this terminator to check if we're at the end of the array instead
of doing sizeof(pf_timeouts) / sizeof(pf_timeouts[0]).
In this case PFTM_MAX == 20 and sizeof(pf_timeouts) / sizeof(pf_timeouts[0])
== 21, using a loop with the size of the array and checking for reaching the
end of the loop via j == PFTM_MAX does not work. Change the loop to use
PFTM_MAX as the upper bound and add an assertion in the code to make sure
that pf_timeouts is large enough. Finally remove last NULL element of the
array so that the array has 20 elements again.
* #ifdef out some things we don't have or do differently.
* Write struct "pcap_sf_pkthdr" instead of "pcap_pkthdr".
Fixes an LP64 specific problem with reading the pflog with tcpdump(8).
(OpenBSD fixed this by changing the structs to always use 32-bit fields)
Reviewed by yamt@.
> revision 1.2.2.1
> date: 2004/12/17 02:51:35; author: brad; state: Exp; lines: +2 -2
> MFC:
> Fix by frantzen@
>
> &&/|| inversion would try to merge IP addresses with non-addresses into a
> single table causing a ruleset load error and eventually a double-free.
>
> ok deraadt@ mcbride@ henning@ frantzen@ dhartmei@
some files were imported to the different places from the previous version.
v3_5:
etc/pf.conf
etc/pf.os
etc/spamd.conf
share/man/man4/pf.4
share/man/man4/pflog.4
share/man/man5/pf.conf.5
share/man/man5/pf.os.5
share/man/man5/spamd.conf.5
v3_6:
dist/pf/etc/pf.conf
dist/pf/etc/pf.os
dist/pf/etc/spamd.conf
dist/pf/share/man/man4/pf.4
dist/pf/share/man/man4/pflog.4
dist/pf/share/man/man5/pf.conf.5
dist/pf/share/man/man5/pf.os.5
dist/pf/share/man/man5/spamd.conf.5
yamt