Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
305,047 Commits 606 Branches 0 Tags 3.1 GiB
Commit Graph

324 Commits

Author SHA1 Message Date
uwe 61417cee53 Actually, according to the grammar the square brackets in the "tcp 
flags" are not literal, so use .Op to show that /mask is optional.
 2019-01-08 11:36:10 +00:00
uwe 94cd499daa Restore macro with effect. Fix the real problem that prevented it to 
have the effect.
 2019-01-08 11:28:01 +00:00
wiz 65808c7ffa New sentence, new line. Punctuation fixes. Remove macros without effect. 2019-01-08 10:25:26 +00:00
gutteridge a7a743c1a4 npf.conf(5): add a minor clarification about table types that can't 
accept masks on IP addresses. Prompted by Rob Hunter in PR bin/51900.
 2019-01-08 01:19:16 +00:00
rmind 39013e66c1 NPF: Major rework -- migrate NPF to the libnv library. 
- This conversion significantly simplifies the code and moves NPF to
  a binary serialisation format (replacing the XML-like format).
- Fix some memory/reference leaks and possibly use-after-free bugs.
- Bump NPF_VERSION as this change makes libnpf incompatible with the
  previous versions.  Also, different serialisation format means NPF
  connection/config saving and loading is not compatible with the
  previous versions either.

Thanks to christos@ for extra testing.
 2018-09-29 14:41:35 +00:00
uwe 97e384e7bd According to the grammar and examples the static table is defined with 
"file" keyword, not "static".
 2018-09-21 10:59:11 +00:00
uwe 6da1ab24a9 Improve markup. 2018-09-21 09:42:18 +00:00
maxv 62994698cf Wrap long lines, so that nothing overflows. 2018-09-21 07:22:26 +00:00
maxv 657923ce43 Switch back to tabs, it was nicer this way. 2018-09-19 15:36:12 +00:00
maxv bc58a324f2 Fix the "Interfaces" section, I understood wrong. Talk about inference, 
because it was not mentioned before, and it plays an important role.
Discussed with rmind. Probably not the last pass.
 2018-09-04 15:36:01 +00:00
wiz 0394df431b New sentence, new line. Use Fn for functions. 2018-09-02 18:03:23 +00:00
maxv c09ea90fc6 Be clearer about the difference between static vs dynamic interface list, 
and slightly improve wording.

My understanding is that when none of inet4/inet6/ifaddrs is passed, NPF
assumes ifaddrs.
 2018-09-02 17:45:18 +00:00
wiz 25be4c69af Remove superfluous Pp. 2018-09-01 19:26:46 +00:00
rmind b5635267ab npf.conf(5): fix some of the previous incorrect or inaccurate changes. 
The TCP flags option is not only for the stateful tracking.  Dynamic NAT
implies NAPT; algorithms, at least for now, are for static NAT mappings.
Mention that ALG ICMP is also for traceroute behind NAT; also mention
"MSS clamping" (some users might search for this term, so keeping the
terminology is helpful).
 2018-09-01 16:28:57 +00:00
maxv e3e075e240 rename net-seg -> map-seg, and document it 2018-08-31 11:18:35 +00:00
maxv e6e69c66e8 "interface" already contains "var-name", so don't mention it in "filt-addr", 
that's redundant
 2018-08-31 11:11:21 +00:00
maxv 7af2b2f68b should be port-opts 2018-08-31 11:01:09 +00:00
maxv 20048da297 Clarify the "Groups" section. 2018-08-31 10:52:30 +00:00
maxv 918cd75c72 remove commented reference to pflog 2018-08-31 10:38:17 +00:00
wiz 367a79e6ff Add missing -width; remove unnecessary .Pp. 2018-08-27 13:20:47 +00:00
maxv 6cf056e7fd Improve the "Map" section. 2018-08-27 13:09:16 +00:00
maxv c4abcc5a94 Document ALGs. 2018-08-27 12:46:03 +00:00
maxv 5458b5faf0 Add the values of "algo" in the grammar, and use # as comment marker for 
man-k.org (and others) not to highlight things in an incorrect way.
 2018-08-17 12:20:49 +00:00
maxv 143312eb5c Add missing quote in static-rule, it causes man-k.org (and other tools) 
to wrongly highlight the grammar.
 2018-08-17 12:04:20 +00:00
maxv 1dbf263b8b Replace "rproc"->"proc" in the grammar (spotted by he@), and slightly 
reword.
 2018-08-17 10:24:19 +00:00
maxv f8cd5f425f Replace () by [] in tcp-flags. 
Fix proc-opts, the value is optional, noted by he@.
 2018-08-17 10:16:24 +00:00
maxv 29f7e3440d Improve wording. 2018-08-16 09:58:00 +00:00
maxv ded4e9d920 Improve the "Map" section a little. 2018-08-16 09:50:37 +00:00
maxv 16b11b4076 Document the "flags" keyword. 2018-08-16 09:46:18 +00:00
maxv b8e06d89f6 Improve the "Rules" section: better explain the "final" keyword (it is 
the same as PF's "quick", so use the same wording), and document the
"return" options.

While here simplify the man code, suggested by wiz.
 2018-08-16 09:21:00 +00:00
maxv 65ac579f46 Add quotes around the option names, to match the actual npf conf. 2018-08-16 08:51:53 +00:00
maxv 0a9ee16931 Enlighten the "Procedures" section. In particular document the "no-df" 
option. Also replace "normalisation" -> "normalization", to match the
name of the rule.
 2018-08-16 08:37:51 +00:00
wiz 444a305543 Add missing El. Remove trailing whitespace. 2018-08-13 06:06:13 +00:00
sevan eb0a9b17da Simplify the description of npfd, default npflog interface & pcap file are 
covered later.
Move advise regarding offline analysis to the CAVEATS section.
 2018-08-07 22:55:47 +00:00
sevan 1d6667cee9 Escape ellipsis to stop it being interpreted as a macro. 
Drop commented out manual which doesn't exist.
 2018-08-07 22:02:08 +00:00
sevan eaf2f5a246 First pass at editing this manual. 
Add a link to the NPF documentation website and refer to it.
Switch the multiple structural elements to a list to make it easier to read and
extend.
Clarify tables, re-order so all terms are before the example.
Clarify obtaining addresses per family
Move the minimum requirement for a default group to the group section.
 2018-08-07 00:22:13 +00:00
sevan 059f47e275 Use Nm macro 
Move history details to the HISTORY section
Spelling
Be less meta & clarify the website should be consulted.
 2018-08-02 16:42:12 +00:00
maxv 82288565a0 Document "debug" in usage(). 2018-04-13 17:43:37 +00:00
maxv 64f4aca696 Move NPF's todo list into src/doc/TODO.npf, and add some entries. After a 
conversation (two months ago) with rmind and sborrill.
 2018-04-08 08:57:37 +00:00
wiz 4b01aa4e24 Remove superfluous Pp. 2017-12-11 23:07:49 +00:00
rmind bd05c4c470 npfctl: add support for the 'no-ports' flag in the 'map' statements. 
This allows us to create a NAT policy without the port translation.
 2017-12-10 22:04:41 +00:00
leot add6cc459e Fix a typo 2017-12-10 20:45:26 +00:00
christos 9e9f13a4e0 Add things implemented 2017-12-10 20:30:45 +00:00
mlelstv 808b264de6 allow PASS opt_proto ALL syntax in map statement. 2017-12-03 23:48:03 +00:00
ozaki-r 2acd285552 Fix showing translated port (ntohs-ed twice wrongly) 2017-10-30 04:53:43 +00:00
christos 5bf5a8b9c7 Treat EOF as a condition to re-open the pcap socket. Since we've been woken 
up by poll(2), there must be data to read. If there is not, our socket might
not be ok anymore.
 2017-10-16 11:18:43 +00:00
christos 531fc46210 Add a message when we are re-opening the pcap socket. 2017-10-16 11:17:45 +00:00
christos c06842d6f7 try to re-open the pcap connection on error. 2017-10-15 15:26:10 +00:00
wiz 01869ca4d2 Remove workaround for ancient HTML generation code. 2017-07-03 21:28:48 +00:00
christos b4b0a6b177 set "testing mode" for ioctl I/O 2017-05-17 18:55:13 +00:00
christos 01920ad36e don't print decimal and parse hex! 2017-05-14 21:38:23 +00:00
christos 624bfdf064 can't call pcap_datalink before activate. 2017-03-25 11:00:27 +00:00
christos 2e57ffe4d0 fix function argument. 2017-01-29 04:12:52 +00:00
christos f8006a404c Always print the rule id associated with a rule. 2017-01-29 00:18:15 +00:00
christos 043ad880a5 fix signed compare 2017-01-24 20:25:08 +00:00
christos ec23b4d29e output every 5 seconds instead of 60 or every 100 packets 2017-01-24 20:24:59 +00:00
rmind 82fad0d6ea npfctl: fix shift/reduce conflicts, thanks to riastradh@. 2017-01-20 23:00:30 +00:00
wiz 857253ed15 Bump date for previous. 2017-01-20 08:48:14 +00:00
kre 786e74973e Add missing ; - hopefully unbreak build. 2017-01-20 03:16:40 +00:00
rmind 60a0ec10c4 npfctl: 
- Add protocol filter option for "map".
- Print user-friendly error if table contains an entry with invalid netmask.
- Add support for inline ports.
 2017-01-19 20:18:17 +00:00
christos 103b31ec3d more todo 2017-01-11 02:13:54 +00:00
christos f07757667e Don't silently take the first element of multiple element variables. 2017-01-11 02:11:21 +00:00
christos 5da201fb8b fix hint. 2017-01-11 02:10:44 +00:00
wiz 33271d5eb0 Whitespace, fix xref, remove unnecessary macro, sort SEE ALSO. 2017-01-08 13:59:53 +00:00
christos b083914cc2 add example. 2017-01-07 18:48:47 +00:00
christos 3f2d359121 descend to npfd 2017-01-07 17:27:02 +00:00
christos cec127882c add man page, lint cleanups. 2017-01-07 16:48:03 +00:00
christos 177e6c06dd restrict permissions on log file 2017-01-07 16:36:54 +00:00
christos 9ed7390988 Add log validation 2017-01-06 19:20:24 +00:00
christos 83809af30d set the timeout to 1 second so we can see packets flowing in real time. 2017-01-05 16:23:31 +00:00
rmind f095afd741 npfctl: dynamic interface address handling; update npf.conf(8). 2017-01-03 01:29:49 +00:00
christos d8571daf5b flesh this out more. 2016-12-30 19:55:46 +00:00
rmind f97363cc85 Improve 'npfctl debug' a little bit. 2016-12-29 20:48:50 +00:00
christos f069472cf9 starts running 2016-12-28 03:02:54 +00:00
christos 204834d4f3 Add some flesh. 2016-12-28 01:25:48 +00:00
rmind 8334b9bc82 npf.conf: add support for logical NOT, e.g.: pass from ! 10.0.0.1 to any 2016-12-27 22:35:33 +00:00
rmind 61e84d3fc1 Add some very preliminary npfd(8) code. 2016-12-27 22:20:00 +00:00
christos bc388aee45 Document list 2016-12-27 20:55:11 +00:00
wiz 00bae140fd Sort options in usage. 2016-12-27 20:24:32 +00:00
christos a0cedf0df5 Add a list command to iterate over connection and nat endpoints. 2016-12-27 20:14:35 +00:00
christos ef70bf3819 We don't use openssl for NPF in NetBSD, so don't include the header, and 
provide a compatibility define.
 2016-12-27 13:43:38 +00:00
christos f75d79eb69 Sync NPF with the version on github: backport standalone NPF changes, 
which allow us to create and run separate NPF instances. Minor fixes.
(from rmind@)
 2016-12-26 23:05:05 +00:00
kre 999560307b Yet another -lrumpdev 2016-08-08 16:31:53 +00:00
christos eb3e8383b5 use sha1 from libc 2016-06-29 21:40:20 +00:00
christos fe909ecd47 remove libcrypto dependency, fix other dependencies. 2016-06-29 21:40:10 +00:00
christos 1c3e92696a npftest needs to disable mprotect because it uses bpfjit 2016-05-29 02:28:07 +00:00
wiz 70ceaf5cff Fix typo. From Michael Scherer in PR 51162. 2016-05-24 05:46:57 +00:00
knakahara 4da67da0b7 fix ATF net/npf/t_npf failure 2016-04-25 02:01:32 +00:00
pooka 76f0658b35 include proplib.h if you're going to useuseitit 2016-01-25 12:24:41 +00:00
christos 068fc977ee handle v4 mapped addresses 2016-01-22 22:03:54 +00:00
rmind 87af5b04d3 - npfvar_get_type1: check for NULL first. 
- Minor fix for the npf(7) man page.
 2015-07-12 23:54:43 +00:00
christos 8ee626c9fa improve error messages (remove \n, use __func__, etc) 2015-06-16 23:04:13 +00:00
rmind 1662d4f47c - npfctl: fix the confusion in the parser (0/0 case with no other filter). 
- Always populate the error dictionary, not only for DEBUG/DIAGNOSTIC.
 2015-06-08 01:00:43 +00:00
rmind d6bf72e999 npfctl: fix the from/to port mess up when showing the rules. 2015-06-03 23:36:05 +00:00
christos b2cf87b6f2 allow lists as filter addresses. 2015-03-24 20:24:17 +00:00
rmind 3250dbf286 npfctl: 
- Fix the filter criteria when to/from is omitted but port used.
- Print more user-friendly error if an NPF table has a duplicate entry.
 2015-03-21 00:49:07 +00:00
rmind 6cbd6e2a1c npfctl_print_rule: print the ID in hex, not decimal. 2015-02-02 19:08:32 +00:00
rmind f56b8821ba npfctl(8): report dynamic rule ID in a comment, print the case when libpcap 
is used correctly.  Also, add npf_ruleset_dump() helper in the kernel.
 2015-02-02 00:31:39 +00:00
rmind 2904ff02f1 npf.conf(5): mention alg, include in the example, minor fix. 2015-02-01 22:57:21 +00:00
christos 4e2babb88b load the config file before bpfjit so that we can disable the warning. 2015-01-04 20:02:15 +00:00