Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
243,373 Commits 606 Branches 0 Tags 3.1 GiB
Commit Graph

189 Commits

Author SHA1 Message Date
christos 1c3e92696a npftest needs to disable mprotect because it uses bpfjit 2016-05-29 02:28:07 +00:00
wiz 70ceaf5cff Fix typo. From Michael Scherer in PR 51162. 2016-05-24 05:46:57 +00:00
knakahara 4da67da0b7 fix ATF net/npf/t_npf failure 2016-04-25 02:01:32 +00:00
pooka 76f0658b35 include proplib.h if you're going to useuseitit 2016-01-25 12:24:41 +00:00
christos 068fc977ee handle v4 mapped addresses 2016-01-22 22:03:54 +00:00
rmind 87af5b04d3 - npfvar_get_type1: check for NULL first. 
- Minor fix for the npf(7) man page.
 2015-07-12 23:54:43 +00:00
christos 8ee626c9fa improve error messages (remove \n, use __func__, etc) 2015-06-16 23:04:13 +00:00
rmind 1662d4f47c - npfctl: fix the confusion in the parser (0/0 case with no other filter). 
- Always populate the error dictionary, not only for DEBUG/DIAGNOSTIC.
 2015-06-08 01:00:43 +00:00
rmind d6bf72e999 npfctl: fix the from/to port mess up when showing the rules. 2015-06-03 23:36:05 +00:00
christos b2cf87b6f2 allow lists as filter addresses. 2015-03-24 20:24:17 +00:00
rmind 3250dbf286 npfctl: 
- Fix the filter criteria when to/from is omitted but port used.
- Print more user-friendly error if an NPF table has a duplicate entry.
 2015-03-21 00:49:07 +00:00
rmind 6cbd6e2a1c npfctl_print_rule: print the ID in hex, not decimal. 2015-02-02 19:08:32 +00:00
rmind f56b8821ba npfctl(8): report dynamic rule ID in a comment, print the case when libpcap 
is used correctly.  Also, add npf_ruleset_dump() helper in the kernel.
 2015-02-02 00:31:39 +00:00
rmind 2904ff02f1 npf.conf(5): mention alg, include in the example, minor fix. 2015-02-01 22:57:21 +00:00
christos 4e2babb88b load the config file before bpfjit so that we can disable the warning. 2015-01-04 20:02:15 +00:00
joerg a668c47e7f Don't depend on yacc to include stdlib.h or string.h. 2015-01-04 18:30:05 +00:00
christos a08b1ebd50 allow turning off the bpf jit loading. 2014-12-26 22:44:54 +00:00
rmind 027d5f223a npfctl(8): attempt to preload bpfjit kernel module and print the 
warning on failure.
 2014-12-26 20:44:38 +00:00
rmind 670c10ba87 - Add and use npf_alg_export(). 
- npf_conn_import: handle NAT metadata correctly.
- npf_nat_newpolicy: restore the policy ID.
- npfctl_load: fix error code handling for the limit cases.
- npf_config_import: fix the inverted logic.
- npfctl_load: improve error handling.
 2014-08-11 23:48:01 +00:00
rmind d0850273a2 - Add npf_ruleset_export(), npf_rule_export() and npf_nat_policyexport(). 
- Split off npf_conn_export().  Add npf_ifmap_getname() and use it to save
  the interface name; pick it up on npf_conn_import().
- Misc fixes.  Bump NPF_VERSION.
 2014-08-10 19:09:43 +00:00
tls ea6af427bd Merge tls-earlyentropy branch into HEAD. 2014-08-10 16:44:32 +00:00
rmind c2b1c6cc23 Cross-link npf(7). 2014-08-03 00:02:56 +00:00
rmind b8d1dbad64 NPF: add a general npf(7) manual page. Improved by wiz@. 2014-08-02 23:57:40 +00:00
htodd c1a007a161 Build fix (use error when defined). 2014-07-23 05:00:38 +00:00
rmind a02b7176fb NPF: rework of the connection saving and restoring: 
- Add support for saving a snapshot of the current connections together
  with a full configuration.  Support a reverse load operation.  Eliminate
  the old 'sess-save' and 'sess-load' in favour of the new mechanism.
- Share code between load and reload operations: the latter performs
  load from npf.conf without affecting the connections.
- Simplify and fix races with connection loading.
- Bump NPF_VERSION.
 2014-07-23 01:25:34 +00:00
rmind 903939e342 formatting 2014-07-20 00:48:51 +00:00
rmind a7d2a60827 NPF: add nbuf_t * into npf_cache_t and remove unnecessary carrying by argument. 2014-07-20 00:37:41 +00:00
rmind 9c7a886e44 NPF: 
- Populate the BPF external memory store with L3 information.
- Eliminate NPF_COP_L3 call and just use the data in the memstore.
- Bump NPF_VERSION.
 2014-06-29 00:05:24 +00:00
rmind c3d5721647 npftest: add an example in the README, fix the total in npf_test_conc(). 2014-06-25 00:21:42 +00:00
rmind 263d30c43e Adjust NPF to the recent BPF / BPF JIT changes and make it work again. 
All regression tests are happy now (hi alnsn!).
 2014-06-25 00:20:06 +00:00
alnsn 19fed70d36 Implement copfuncs and external memory in bpfjit. 2014-06-24 10:53:30 +00:00
rmind 410bae3ffd npfctl_build_code: generate TCP/UDP check for ports case when other blocks 
do not imply L4 check; add an assert in npfctl_bpf_proto() and elsewhere.
 2014-05-31 22:41:37 +00:00
rmind 5866b12dae npfctl: allow group of zeroes in IPv6 address; noted by spz@. 2014-05-31 22:37:05 +00:00
wiz 8f7d248eb8 Wording, typo fixes. 2014-05-15 23:52:32 +00:00
rmind e05005e0b3 NPF: imply SYN-only check for the stateful rules by default (when inspecting 
TCP packets).  Many users trip here.  This behaviour can be overriden with the
explicit "flags" keyword, but other configuration does not really make sense.
 2014-05-15 02:34:29 +00:00
rmind 7da3b338d7 npftest: fix the example in the README file. 2014-05-14 21:46:50 +00:00
riastradh 4ec7cf26b7 Convert right-recursive rules to left-recursive ones. 
This should obviate the need for the workaround of a large stack in
order to handle many rules.

No change in the resulting plists.

ok rmind
 2014-03-15 15:22:37 +00:00
rmind f1567f86d3 npfctl_bpf_cidr: another buf fix in handling IPv6 masks (bug found on ARM). 2014-03-15 08:46:01 +00:00
rmind 167f6f25d6 NPF: add support for "stateful-ends". 2014-03-14 11:29:44 +00:00
rmind 27b83b3d9e npfctl_print_nat: fix the byte-order of the port. 2014-02-19 01:43:16 +00:00
rmind 247d861365 npfctl: take into account all addresses when multiple interfaces are 
specified in a set of elements.
 2014-02-17 00:45:24 +00:00
rmind a732dba5fc G/C some todo items 2014-02-14 02:01:12 +00:00
rmind d199f930bb Document NAT algorithm option in the grammar of "map". 2014-02-14 01:52:58 +00:00
rmind 068cee2998 NPF: add support for IPv6-to-IPv6 Network Prefix Translation (NPTv6), 
as per RFC 6296.  Add a unit test.  Also, bump NPF_VERSION.

Thanks to S.P.Zeidler for the help with NPTv6 work!
 2014-02-13 03:34:40 +00:00
rmind 82f6ff32b1 npfctl_bpf_cidr: fix a bug in handling of smaller IPv6 masks. 2014-02-13 00:42:01 +00:00
rmind 1e2389ed0b npfctl_print_table: add a "cdb" type. 2014-02-12 01:42:50 +00:00
rmind 8b83480d27 NPF: 
- Adjust the syntax - remove "inet" keyword in favour of more explicit
  "inet4" for the address family.  Consistent with "inet6" for IPv6.
- Adjust and improve the man page a little bit.
 2014-02-08 01:20:09 +00:00
rmind 8274d601f9 NPF: add support for static (stateless) NAT. 2014-02-07 23:45:22 +00:00
christos 61a4b10e07 fix vax build. 2014-02-06 18:48:09 +00:00
wiz 83d796ca12 Update count. Add serial comma. 2014-02-06 07:36:36 +00:00