darrenr
2f5a5e95ad
Pullup IPFilter 4.1.29 from the vendor branch to HEAD.
...
See src/dist/ipf/HISTORY for a list of bug fixes since 4.1.23 (although
a few are already in NetBSD)
2008-05-20 07:08:06 +00:00
darrenr
675eb13106
Import IPFilter 4.1.29 to the vendor branch
2008-05-20 06:43:46 +00:00
martti
3a717a15fc
Added instructions how I've updated IPF. This should make it easier for anyone
...
to upgrade our in-tree IPF to the latest version...
2008-05-18 18:19:05 +00:00
martin
11a6dbe728
Convert TNF licenses to new 2 clause variant
2008-04-30 13:10:46 +00:00
lukem
49c8589969
Also escape $Header tags.
2007-12-11 03:34:59 +00:00
mrg
862626dd09
two new hacks:
...
- include <stdbool.h> so bool is available _KERNEL for sys/condvar.h
- include <sys/mutex.h> before defining _KERNEL so it won't try to
include <machine/intr.h> which isn't available to userland.
fixes builds on sparc64.
2007-10-09 01:23:20 +00:00
martti
abde7e33e0
Fixed IPF bug #1767831
...
ipflog() & ipmon ignore IPv6 extension headers
2007-09-17 18:02:21 +00:00
martti
61078fef5f
Revert to previous, it was not working for me correctly...
2007-09-10 06:28:38 +00:00
martti
fcbc8c046f
Fixed IPF bug #1767831
...
ipflog() & ipmon ignore IPv6 extension headers
Patch fetched from the SourceForge bug report.
2007-09-10 06:12:02 +00:00
martin
c77a3f5aad
Upgraded IPFilter to v4.1.23
2007-06-16 10:52:24 +00:00
martin
03f2531d69
Import IPFilter 4.1.23
2007-06-16 10:33:08 +00:00
martti
fff7fd04df
s/iplattach/ipfattach/ and s/ipldetach/ipfdetach/
2007-06-04 12:38:58 +00:00
martti
657382d62b
Added missing .TP
2007-05-23 05:18:45 +00:00
martin
6718c86598
Merge IP-Filter 4.1.22
2007-05-15 22:52:20 +00:00
martin
29fd0d9db1
Import IPFilter 4.1.22
2007-05-15 22:26:02 +00:00
martti
872147fef7
Upgraded IPFilter to 4.1.20
2007-05-01 19:08:03 +00:00
martti
68eb121d73
Import IPFilter 4.1.20
2007-05-01 19:00:58 +00:00
dsl
8767590c76
On amd64 U_QUAD_T is (probably) 'unsigned long', but "%qd" expects to see
...
a "long long" - giving a compilation warning.
Check for the presence of PRIu64 and use that in preference.
Adjust code to avoid multiple printf() calls.
Use unsigned format specifiers in all cases.
2007-04-21 11:16:53 +00:00
dogcow
65febf04fc
fix build on arches with chars that're by default unsigned.
...
(patch supplied by martin.)
2007-04-16 02:36:24 +00:00
martin
8ebafcc992
Update IPFilter to version 4.1.19
2007-04-14 20:34:18 +00:00
martin
993d757ec6
Import IPFilter 4.1.19
2007-04-14 20:17:19 +00:00
jnemeth
9f5aa7f07f
fallout from caddr_t -> void * change
2007-03-04 20:04:14 +00:00
matt
75a9720952
#include <machine/lock.h> before _KERNEL is defined to bypass
...
lossage when including it when _KERNEL is defined in userland.
2007-02-20 15:40:08 +00:00
dyoung
2d212326ef
Use the new ifnet->if_output signature, the one with a const
...
argument, when __NetBSD__Version >= 499001100.
2007-02-18 04:01:27 +00:00
dogcow
51701d90f7
constify struct sockaddr for no_output and write_output, due to if.h 1.122
2007-02-18 03:22:03 +00:00
alc
980fc49cd5
CID-3325: don't leak `fd'
...
Also, check for the return value of malloc(3)
ok christos@
2006-12-27 18:13:53 +00:00
alc
0fd99769e3
CID-3224: check the return value of strtok() before use
...
ok christos@
2006-12-25 23:55:47 +00:00
christos
1bb7c537ad
Coverity CID 3013: Don't check for NULL after deref! (from Arnaud Lacombe)
2006-10-03 18:18:18 +00:00
christos
e9506eb74b
PR/34284: Gene ENonymous: Fix the userland copy of ip_lookup.c. Why do we
...
have 2 copies?
2006-09-17 14:49:46 +00:00
christos
18b025cbc8
PR/34286: Gene ENonymous: Increase YYSTACKSIZE so that we can handle huge
...
pools.
2006-08-26 23:20:56 +00:00
chap
5d80ae61bf
Clarify that to avoid ioctl(SIOCGNATS): Input/output error, ipf must be
...
enabled (ipf -E) before ipnat is used; this detail is automated by the
rc scripts, but not by ipnat itself. ipf's author agrees this is a doc
bug.
Closes PR kern/33409.
2006-05-29 16:09:46 +00:00
christos
be1c3e616c
XXX: GCC uninitialized.
2006-05-14 02:37:46 +00:00
mrg
084c052803
quell GCC 4.1 uninitialised variable warnings.
...
XXX: we should audit the tree for which old ones are no longer needed
after getting the older compilers out of the tree..
2006-05-10 21:53:14 +00:00
mrg
0c37c63edc
change (mostly) int to socklen_t. GCC 4 doesn't like that int and
...
socklen_t are different signness.
2006-05-09 20:18:05 +00:00
christos
70a262c03c
Coverity CID 785: Prevent NULL pointer dereference if an appropriate group
...
is not found.
2006-04-28 19:49:13 +00:00
pavel
1cca0f0250
correct a typo: configruation -> configuration
2006-04-20 08:37:33 +00:00
darrenr
0df9b5fe68
ipf -Z returns junk and/or can cause a panic (seen on solaris.)
2006-04-18 12:40:49 +00:00
hubertf
f5ffa47293
Add missing .TP
...
Patch sent to tech-net@ by Patrick Welche <prlw1@newn.cam.ac.uk>
2006-04-05 18:07:30 +00:00
martti
10531caa29
Removed file.
2006-04-04 16:18:56 +00:00
martti
9ea58d54bc
Upgraded IPFilter to 4.1.13
2006-04-04 16:17:18 +00:00
martti
983a2072ce
Import IPFilter 4.1.13
2006-04-04 16:08:18 +00:00
elad
6dceae8a70
Ditch the ugly hardcoded value and do proper bounds checking.
...
Addresses CID 1417, found by Coverity.
Hi Darren! is this code maintained?
2006-03-18 04:12:52 +00:00
he
56dbe819ca
If compiling for NetBSD/vax, define boolean_t here before including
...
<sys/file.h> with _KERNEL defined. Also add a 3-line XXX comment
explaining some of why this is done.
Should fix the build problem documented in PR#32907.
Will be documented in doc/HACKS shortly.
Fix discussed with thorpej.
2006-03-07 18:18:06 +00:00
wiz
b82f53ae21
Fix typo in comment.
2006-02-25 01:58:39 +00:00
martti
10f294ab64
Make the list of files more readable (so it's easier to add and remove files).
2005-12-27 15:23:28 +00:00
martti
ac29c41761
Removed ip_rules.c and ip_rules.h
2005-12-27 15:19:38 +00:00
rpaulo
dd25e265f4
PR 32241: Igor Sobrado: ipnat(5) FILES section is missing.
2005-12-04 23:37:27 +00:00
martti
4a909698d6
Avoid crash with invalid input.
2005-09-27 12:22:27 +00:00
darrenr
4e1ba8b46a
bin/29508 - fix "ipf -T" - kernel wasn't setting ipft_cookie and userland
...
was expecting it to be set, thus ignored it.
bin/29509 - because ipft_cookie wasn't reset to 0 before making the ioctl
call for each variable, only the first name to find was used, each successive
call just used the cookie.
CVn: ----------------------------------------------------------------------
2005-06-11 12:31:40 +00:00
lukem
311c22130d
appease gcc -Wuninitialized
2005-06-02 09:47:37 +00:00