Commit Graph

255 Commits

Author SHA1 Message Date
darrenr
2f5a5e95ad Pullup IPFilter 4.1.29 from the vendor branch to HEAD.
See src/dist/ipf/HISTORY for a list of bug fixes since 4.1.23 (although
a few are already in NetBSD)
2008-05-20 07:08:06 +00:00
darrenr
675eb13106 Import IPFilter 4.1.29 to the vendor branch 2008-05-20 06:43:46 +00:00
martti
3a717a15fc Added instructions how I've updated IPF. This should make it easier for anyone
to upgrade our in-tree IPF to the latest version...
2008-05-18 18:19:05 +00:00
martin
11a6dbe728 Convert TNF licenses to new 2 clause variant 2008-04-30 13:10:46 +00:00
lukem
49c8589969 Also escape $Header tags. 2007-12-11 03:34:59 +00:00
mrg
862626dd09 two new hacks:
- include <stdbool.h> so bool is available _KERNEL for sys/condvar.h
- include <sys/mutex.h> before defining _KERNEL so it won't try to
  include <machine/intr.h> which isn't available to userland.

fixes builds on sparc64.
2007-10-09 01:23:20 +00:00
martti
abde7e33e0 Fixed IPF bug #1767831
ipflog() & ipmon ignore IPv6 extension headers
2007-09-17 18:02:21 +00:00
martti
61078fef5f Revert to previous, it was not working for me correctly... 2007-09-10 06:28:38 +00:00
martti
fcbc8c046f Fixed IPF bug #1767831
ipflog() & ipmon ignore IPv6 extension headers

Patch fetched from the SourceForge bug report.
2007-09-10 06:12:02 +00:00
martin
c77a3f5aad Upgraded IPFilter to v4.1.23 2007-06-16 10:52:24 +00:00
martin
03f2531d69 Import IPFilter 4.1.23 2007-06-16 10:33:08 +00:00
martti
fff7fd04df s/iplattach/ipfattach/ and s/ipldetach/ipfdetach/ 2007-06-04 12:38:58 +00:00
martti
657382d62b Added missing .TP 2007-05-23 05:18:45 +00:00
martin
6718c86598 Merge IP-Filter 4.1.22 2007-05-15 22:52:20 +00:00
martin
29fd0d9db1 Import IPFilter 4.1.22 2007-05-15 22:26:02 +00:00
martti
872147fef7 Upgraded IPFilter to 4.1.20 2007-05-01 19:08:03 +00:00
martti
68eb121d73 Import IPFilter 4.1.20 2007-05-01 19:00:58 +00:00
dsl
8767590c76 On amd64 U_QUAD_T is (probably) 'unsigned long', but "%qd" expects to see
a "long long" - giving a compilation warning.
Check for the presence of PRIu64 and use that in preference.
Adjust code to avoid multiple printf() calls.
Use unsigned format specifiers in all cases.
2007-04-21 11:16:53 +00:00
dogcow
65febf04fc fix build on arches with chars that're by default unsigned.
(patch supplied by martin.)
2007-04-16 02:36:24 +00:00
martin
8ebafcc992 Update IPFilter to version 4.1.19 2007-04-14 20:34:18 +00:00
martin
993d757ec6 Import IPFilter 4.1.19 2007-04-14 20:17:19 +00:00
jnemeth
9f5aa7f07f fallout from caddr_t -> void * change 2007-03-04 20:04:14 +00:00
matt
75a9720952 #include <machine/lock.h> before _KERNEL is defined to bypass
lossage when including it when _KERNEL is defined in userland.
2007-02-20 15:40:08 +00:00
dyoung
2d212326ef Use the new ifnet->if_output signature, the one with a const
argument, when __NetBSD__Version >= 499001100.
2007-02-18 04:01:27 +00:00
dogcow
51701d90f7 constify struct sockaddr for no_output and write_output, due to if.h 1.122 2007-02-18 03:22:03 +00:00
alc
980fc49cd5 CID-3325: don't leak `fd'
Also, check for the return value of malloc(3)

ok christos@
2006-12-27 18:13:53 +00:00
alc
0fd99769e3 CID-3224: check the return value of strtok() before use
ok christos@
2006-12-25 23:55:47 +00:00
christos
1bb7c537ad Coverity CID 3013: Don't check for NULL after deref! (from Arnaud Lacombe) 2006-10-03 18:18:18 +00:00
christos
e9506eb74b PR/34284: Gene ENonymous: Fix the userland copy of ip_lookup.c. Why do we
have 2 copies?
2006-09-17 14:49:46 +00:00
christos
18b025cbc8 PR/34286: Gene ENonymous: Increase YYSTACKSIZE so that we can handle huge
pools.
2006-08-26 23:20:56 +00:00
chap
5d80ae61bf Clarify that to avoid ioctl(SIOCGNATS): Input/output error, ipf must be
enabled (ipf -E) before ipnat is used; this detail is automated by the
rc scripts, but not by ipnat itself. ipf's author agrees this is a doc
bug.

Closes PR kern/33409.
2006-05-29 16:09:46 +00:00
christos
be1c3e616c XXX: GCC uninitialized. 2006-05-14 02:37:46 +00:00
mrg
084c052803 quell GCC 4.1 uninitialised variable warnings.
XXX: we should audit the tree for which old ones are no longer needed
after getting the older compilers out of the tree..
2006-05-10 21:53:14 +00:00
mrg
0c37c63edc change (mostly) int to socklen_t. GCC 4 doesn't like that int and
socklen_t are different signness.
2006-05-09 20:18:05 +00:00
christos
70a262c03c Coverity CID 785: Prevent NULL pointer dereference if an appropriate group
is not found.
2006-04-28 19:49:13 +00:00
pavel
1cca0f0250 correct a typo: configruation -> configuration 2006-04-20 08:37:33 +00:00
darrenr
0df9b5fe68 ipf -Z returns junk and/or can cause a panic (seen on solaris.) 2006-04-18 12:40:49 +00:00
hubertf
f5ffa47293 Add missing .TP
Patch sent to tech-net@ by Patrick Welche <prlw1@newn.cam.ac.uk>
2006-04-05 18:07:30 +00:00
martti
10531caa29 Removed file. 2006-04-04 16:18:56 +00:00
martti
9ea58d54bc Upgraded IPFilter to 4.1.13 2006-04-04 16:17:18 +00:00
martti
983a2072ce Import IPFilter 4.1.13 2006-04-04 16:08:18 +00:00
elad
6dceae8a70 Ditch the ugly hardcoded value and do proper bounds checking.
Addresses CID 1417, found by Coverity.

Hi Darren! is this code maintained?
2006-03-18 04:12:52 +00:00
he
56dbe819ca If compiling for NetBSD/vax, define boolean_t here before including
<sys/file.h> with _KERNEL defined.  Also add a 3-line XXX comment
explaining some of why this is done.
Should fix the build problem documented in PR#32907.
Will be documented in doc/HACKS shortly.
Fix discussed with thorpej.
2006-03-07 18:18:06 +00:00
wiz
b82f53ae21 Fix typo in comment. 2006-02-25 01:58:39 +00:00
martti
10f294ab64 Make the list of files more readable (so it's easier to add and remove files). 2005-12-27 15:23:28 +00:00
martti
ac29c41761 Removed ip_rules.c and ip_rules.h 2005-12-27 15:19:38 +00:00
rpaulo
dd25e265f4 PR 32241: Igor Sobrado: ipnat(5) FILES section is missing. 2005-12-04 23:37:27 +00:00
martti
4a909698d6 Avoid crash with invalid input. 2005-09-27 12:22:27 +00:00
darrenr
4e1ba8b46a bin/29508 - fix "ipf -T" - kernel wasn't setting ipft_cookie and userland
was expecting it to be set, thus ignored it.
bin/29509 - because ipft_cookie wasn't reset to 0 before making the ioctl
call for each variable, only the first name to find was used, each successive
call just used the cookie.
CVn: ----------------------------------------------------------------------
2005-06-11 12:31:40 +00:00
lukem
311c22130d appease gcc -Wuninitialized 2005-06-02 09:47:37 +00:00