Commit Graph

111 Commits

Author SHA1 Message Date
martti 9e0869ba07 * <sys/poll.h> -> <poll.h>
* define "struct pollfd set[]" for USE_POLL
2002-09-29 08:19:16 +00:00
martti 9b50522649 <sys/poll.h> -> <poll.h> 2002-09-29 08:14:32 +00:00
martti bd0971158d This file is now in regress/sys/kern/ipf/ 2002-09-27 09:13:23 +00:00
martti b6a507dfee Fix syntax rule (PR#16499). 2002-09-25 12:49:40 +00:00
martti 15e6ca78da Fix ipmon problems on 64-bit platforms (PR#17403 and PR#17404). 2002-09-25 06:43:17 +00:00
mycroft ace9bd9c2e select() -> poll(), nanosleep() 2002-09-20 15:00:06 +00:00
martti 38041d0ad0 Print newline after pid (reapply revision 1.10). 2002-09-19 09:03:09 +00:00
martti 3a5ea42f37 We don't need this file 2002-09-19 08:21:53 +00:00
martti 5b3c5dc17f Make this compile 2002-09-19 08:11:38 +00:00
martti 7bfcc4bc66 Resync with official IPF 2002-09-19 08:11:13 +00:00
martti 1c7ea364cc Add __attribute__((__unused__)) to SCCS and RCS IDs 2002-09-19 08:10:38 +00:00
martti 87f18f024e Upgraded IPFilter to 3.4.29 2002-09-19 08:08:14 +00:00
martti 1b37ad3011 Import IPFilter 3.4.29 2002-09-19 07:56:23 +00:00
jdolecek d89a42dbe9 document couple ipnat flags, which were not mentioned previously 2002-09-12 06:58:13 +00:00
wiz b19f6de011 ispell. 2002-09-04 00:09:23 +00:00
christos 66d91e6892 Fix ipmon problems on sparc64 [Tomi Nylund]
1. localtime() expects a time_t, not a pointer to unsigned long.
	2. adapt to the kernel use of struct timeval.
2002-07-01 13:56:53 +00:00
wiz ccb24c64f4 Consistency patch by John Franklin from bin/17281; additional grammar fix
by me.
2002-06-16 14:43:46 +00:00
thorpej 938d959959 Add __attribute__((__unused__)) to SCCS and RCS IDs. 2002-05-30 18:10:25 +00:00
wiz da0b574ae0 Comment out token after #endif. 2002-05-16 19:30:41 +00:00
martti 67c70b98e1 ipf regression tests are in regress/sys/kern/ipf 2002-05-13 06:35:47 +00:00
martti 1286035f0a Import regression tests into basesrc/regress/sys/kern/ipf 2002-05-13 06:23:30 +00:00
wiz d30d25dc1a Spelling fixes, from Sergey Svishchev in kern/16650. 2002-05-12 15:48:36 +00:00
martti 0486c7bccc Show active rules correctly if "portmap auto" is used (PR#16615 by Sergey
Svishchev)
2002-05-03 08:27:10 +00:00
jdolecek fb5ea935fe remove stuff not relevant for NetBSD 2002-05-02 21:45:06 +00:00
martti dc57912eac This is in /sys/netinet 2002-05-02 17:27:25 +00:00
martti e74092de02 Upgraded IPFilter to 3.4.27 2002-05-02 17:11:37 +00:00
martti 0071d2a114 Import IPFilter 3.4.27 2002-05-02 16:51:52 +00:00
martti d02c43db4c Import IPFilter 3.4.27 2002-05-02 16:48:42 +00:00
martti 48e5349fdc Import IPFilter 3.4.27 2002-05-02 16:47:12 +00:00
kleink ac4fd59f8c `Normalize' the pid file contents to "<pid><newline>", just like
pidfile(3) does; patch sent to Darren a while ago.
2002-04-17 12:06:23 +00:00
wiz 7cb50ab7ee Spelling fixes and grammar improvements. 2002-04-14 14:35:05 +00:00
martin a3f3f844dc Document the mssclamp option. 2002-04-14 07:53:46 +00:00
thorpej 082e0b796d Add the __unused__ attribute to rcsid[]/sccsid[]. Need to talk
to Darren about this more, but this gets it to compile with gcc 3.2.
2002-04-09 02:32:51 +00:00
martti 3c53e00e43 Don't remove ip_h323_pxy.c 2002-04-03 09:32:06 +00:00
jdolecek 1414ac04e0 remove stuff not related to NetBSD 2002-04-01 15:58:08 +00:00
jdolecek aa2f829ddf remove the 'mv ipnat.1 ipnat.8', the distribution comes with ipnat.8 nowadays
add back ip_h323_pxy.c - upon closer examination, the licence seems to be okay
2002-04-01 15:56:51 +00:00
martin 58d564bc8c Add MSS clamping to the IP Filter NAT subsystem.
Configured by a new option "mssclamp" in NAT rules, like:

 map pppoe0 192.168.1.0/24 -> 0/32 mssclamp 1452

This is based on work by Xiaodan Tang <xtang@qnx.com>.
2002-03-14 21:46:54 +00:00
martti 83b3487b70 Upgraded IPFilter to 3.4.25 2002-03-14 12:32:36 +00:00
martti a79df224af Import IPFilter 3.4.25 2002-03-14 12:30:07 +00:00
martti 27df1070c7 Don't import ip_h323_pxy.c (license issues) 2002-03-14 08:07:06 +00:00
sommerfeld 3e18fc136f More ipip references 2002-03-04 15:15:39 +00:00
martti c6a4a9d33a Fixed Darren's original IPv6 icmp-type patch (rev 1.8) to display
better error messages if the user tries to use symbolic names such
as "echo" and "echorep" in "ipv6-icmp ... icmp-type ..." rules.

Consider the following rules:

  # cat /etc/ipf6.conf
  pass in quick proto ipv6-icmp from any to any icmp-type 128
  pass in quick proto ipv6-icmp from any to any icmp-type echo

Use of symbolic names give now the following error:

  # ipf -Fa -6f /etc/ipf6.conf
  2: Unknown ICMPv6 type (echo) specified (use numeric value instead)

The first rule with numeric value will work as expected:

  # ipfstat -6hi
  0 pass in quick proto ipv6-icmp from any to any icmp-type 128

NOTE: You MUST use numerical values for ICMPv6 types. See
      /sys/netinet/icmp6.h for available codes!
2002-02-04 19:07:47 +00:00
martti 6ffd37ccd1 Back out version 1.8 as it fixes the display BUT breaks the icmp-type rules:
ROOT localhost:~> /etc/rc.d/ipfilter reload
  Reloading ipfilter rules.
  22: Invalid icmp-type (echo) specified

With version 1.7 everything works just fine:

  ROOT localhost:~> /etc/rc.d/ipfilter reload
  Reloading ipfilter rules.
  Set 1 now inactive
2002-02-04 12:00:52 +00:00
martti bfc0fa18e9 Fixed display of "proto ipv6-icmp ... icmp-type ..." rule. Before
this fix ipfstat reported:

  0 pass in quick proto ipv6-icmp from any to any

while after this fix:

  0 pass in quick proto ipv6-icmp from any to any icmp-type 8

This was just a display bug, the rule worked as expected.
2002-02-01 11:31:56 +00:00
martin d4e37ff89e Add a missing "else". 2002-01-24 10:40:12 +00:00
martti 5ecddfad8c Fixed return value (I was unable to compile this on sparc64 before
this fix).
2002-01-24 08:30:27 +00:00
martti 7421720886 This file is not needed 2002-01-24 08:25:37 +00:00
martti e6acaff1c5 This file is in /sys/netinet 2002-01-24 08:25:21 +00:00
martti a0dddbc807 Manual page fixes regarding IPv6 2002-01-24 08:24:14 +00:00
martti b9920d0f43 Upgraded IPFilter to 3.4.23 2002-01-24 08:21:30 +00:00