Commit Graph

110 Commits

Author SHA1 Message Date
mrg fea0a40a90 fix two issues found by GCC 6.4:
- cbq_compute_idletime() had a fprintf() not in the intended missing {}.
- skip_cmp_dst_addr() compared a vs a instead of a vs b.
2018-02-04 08:44:36 +00:00
sevan 10e4d3f687 Add DragonFly BSD fingerprints. 2017-12-16 07:52:08 +00:00
sevan bef76a26e1 Synchronise with r1.27 from OpenBSD 2017-12-16 07:36:26 +00:00
dholland 2c888f6181 PR 50709 David Binderman: memory leak 2016-05-30 17:21:07 +00:00
joerg b573c5e0d5 Fix obviously broken condition. 2015-08-28 12:17:41 +00:00
riastradh 6cb10275d0 Merge riastradh-drm2 to HEAD. 2014-03-18 18:20:35 +00:00
wiz a5684d07dd Use Mt for email addresses. 2013-07-20 21:39:55 +00:00
rmind 63f8748ee9 ftp-proxy: disable NPF bits for now; it will be re-done. 2012-12-24 01:14:40 +00:00
plunky 72f78fcb94 reinstate "Update ftp-proxy for changes to ipnat_t" from Darren Reed 2012-09-15 17:42:43 +00:00
joerg efa013cb75 Fix format string usage. 2012-02-29 23:42:28 +00:00
riz f8a1d7977c Back out the recent import of IPFilter 5.1.1 for the upcoming branch,
which will now have IPFilter 4.1.34.  IPFilter 5.1.1 will be restored
post-branch.

ok: core, releng.
2012-02-15 17:55:03 +00:00
darrenr 9598df00fd Update ftp-proxy for changes to ipnat_t 2012-01-30 16:14:27 +00:00
mbalmer 24e4901256 There is no doubt whether whether should have a 'h' after the 'w'. 2011-10-17 16:35:21 +00:00
rmind 7d1dd86a47 - Fix man pages list for MKNPF=no case. Based on a patch from Scott Ellis.
- Fix build with MKNPF=yes and MKIPFILTER=no as well; close PR/44512.
2011-02-10 14:04:29 +00:00
rmind 07ac07d35f NPF checkpoint:
- Add libnpf(3) - a library to control NPF (configuration, ruleset, etc).
- Add NPF support for ftp-proxy(8).
- Add rc.d script for NPF.
- Convert npfctl(8) to use libnpf(3) and thus make it less depressive.
  Note: next clean-up step should be a parser, once dholland@ will finish it.
- Add more documentation.
- Various fixes.
2011-02-02 02:20:24 +00:00
christos f4dfcf5469 warns=4 2010-12-13 01:45:38 +00:00
wiz 19e1a3b574 Bump date for new CAVEATS. 2010-04-12 21:28:23 +00:00
ahoka 0bb59a3f04 mention pfsync not working as a kernel module 2010-04-12 14:26:11 +00:00
joerg bfbe4c3572 Use HUGE_VAL instead of INFINITY as positive infinity (or maximum value)
is good enough and the side effects of ISO C99 7.12 (4) are not desired.
2010-03-01 00:13:47 +00:00
ahoka 67bcc5b200 Remove the notice about pfsync not being supported, as we have it now. 2009-12-19 14:05:53 +00:00
martti 1a30996c87 Removed obsolete files. 2009-12-02 15:21:37 +00:00
martti 495b1f79b1 Initial version. 2009-12-02 15:07:09 +00:00
martti 77ad51d8d2 Initial version. 2009-12-01 06:27:57 +00:00
joerg 98ae2d6073 Do not use .Xo/.Xc to workaround ancient groff limits. 2009-10-14 17:44:25 +00:00
joerg 3c1f1e4f21 .Xr takes two arguments only. 2009-10-04 18:07:26 +00:00
degroote 33e10c238e Improve the pfsync(4) man page
hostname.if(5) is ifconfig.if(5) on NetBSD
Don't speak about enc, as we don't support it at the moment
Make clear that we don't support ipsec protection of pfsync traffic (as long we
doesn't support enc, or similar thing)

Catched by wiz@
2009-09-14 11:45:01 +00:00
wiz f41e8ac844 <>& -> \*[Lt]\*[Gt]\*[Am]
Bump date for pfsync(4) link.
2009-09-14 11:17:49 +00:00
wiz f8b0915e76 Fix Dd argument. 2009-09-14 11:17:42 +00:00
degroote 2d48ac808c Import pfsync support from OpenBSD 4.2
Pfsync interface exposes change in the pf(4) over a pseudo-interface, and can
be used to synchronise different pf.

This work was part of my 2009 GSoC

No objection on tech-net@
2009-09-14 10:36:48 +00:00
wiz 177b015b5d Remove references to securelevel(7) and ssl(8), which don't exist.
From Jukka Ruohonen.
2009-09-10 13:17:39 +00:00
minskim 0997da05f2 Correct the #ifdef test for struct ifdatareq. 2009-08-07 16:37:12 +00:00
christos 6c781e23d6 use the proper structure to get interface data. We depend on having the
NetBSD-specific ZIFDATA call to do the selection of the ioctl style.
From Patrick Welche.
2009-07-15 18:05:17 +00:00
roy 7027866a09 Rename internal getline() function to get_line() so it does
conflict with the soon to be added getline(3) libc function.
2009-07-13 19:05:39 +00:00
minskim bea661fe98 Reduce diff with OpenBSD. No functional change. 2009-06-16 05:16:52 +00:00
minskim da9817918e Reduce diff with OpenBSD by deleting whitespace. 2009-06-16 02:18:07 +00:00
reed 9fc4d3902e Fix roff formatting for ->
by adding an \ such as document in mdoc.7

This was reported in 41276
2009-04-24 16:48:58 +00:00
perry 4bfc10355c add missing commas to .Dd fix, pointed out by wiz 2009-03-22 14:29:34 +00:00
perry c8a35b6227 OpenBSD uses a custom CVS hack to handle Dd fields ($Mdocdate$) which
we don't have. Replace ".Dd $Mdocdate" with ".Dd Month Day Year" so
that the date comes out right when man pages get built. This will
doubtless need hand conflict resolution whenever these pages are
re-imported.

Note that it would be interesting to have some similar facility for
NetBSD, but I don't think a custom rcs keyword is the right thing --
maybe we can teach groff to parse $Date$
2009-03-21 00:15:52 +00:00
christos 5dd7ea59ad fix time_t format. 2008-12-29 04:13:28 +00:00
yamt fff57c5525 merge yamt-pf42 branch.
(import newer pf from OpenBSD 4.2)

ok'ed by peter@.  requested by core@
2008-06-18 09:06:25 +00:00
dyoung f72063f0c8 Note NSF support. 2008-05-15 04:16:00 +00:00
martin ce099b4099 Remove clause 3 and 4 from TNF licenses 2008-04-28 20:22:51 +00:00
matt e0eafe6e38 infile is const char *, not char * 2008-02-20 18:20:21 +00:00
matt ccfd1d4480 errbuf is [], not *. 2008-02-20 18:19:18 +00:00
wiz 6ffc795bbf New sentence, new line. Add comma in enumeration. 2007-12-03 18:19:08 +00:00
pavel cac90c847b Mention the ipf mode in more places, xref pf.conf(5) or ipnat.conf(5)
when speaking about the configuration file commands. Bump date.
2007-11-12 17:14:28 +00:00
pavel 7fa608457b Do not use ntohs() on TCP ports passed to the NAT lookup ioctl, apparently
they are expected in network order. Makes the proxy in ipf mode actually
work (but tested only on NetBSD 3.0).
2007-11-12 17:05:13 +00:00
tls 67fcd29261 Do not include internal header files from libpcap without setting the
feature-test macros they use.  Really, of course, this code should not
include such header files at all.
2007-05-28 11:55:19 +00:00
dyoung e096ddfc8a Document state policy flags for 'nat' and 'rdr' rules. 2007-05-10 23:03:22 +00:00
dyoung f7748bc6aa pfctl: extend pf.conf(5) syntax. Let the operator supply an optional
"state lock" flag (if-bound, gr-bound, floating) at the end of a
NAT rule.  The new syntax is backwards-compatbile with the old
syntax.

PF (kernel): change the macro BOUND_IFACE() to the inline function
bound_iface(), and add a new argument, the applicable NAT rule.
Use both the flags on the applicable filter rule and on the applicable
NAT rule to decide whether or not to bind a state to the interface
or the group where it is created.
2007-05-10 22:30:54 +00:00