Commit Graph

207 Commits

Author SHA1 Message Date
darrenr
4e1ba8b46a bin/29508 - fix "ipf -T" - kernel wasn't setting ipft_cookie and userland
was expecting it to be set, thus ignored it.
bin/29509 - because ipft_cookie wasn't reset to 0 before making the ioctl
call for each variable, only the first name to find was used, each successive
call just used the cookie.
CVn: ----------------------------------------------------------------------
2005-06-11 12:31:40 +00:00
lukem
311c22130d appease gcc -Wuninitialized 2005-06-02 09:47:37 +00:00
christos
e3b50bebf6 backout previous. ISDIGIT is used all over the place without a cast. 2005-05-18 00:54:14 +00:00
christos
d0eca17dfa Cast isdigit() argument to unsigned char. 2005-05-18 00:15:52 +00:00
reed
a74aa39245 Document that ipmon reopens its log file(s) and rereads its configuration
file when it receives a SIGHUP signal.

Okayed by martti.

This was suggested by Richard Braun on netbsd-help list.
2005-04-20 19:53:04 +00:00
martti
58b8abcbf8 Upgraded IPFilter to 4.1.8 2005-04-03 15:05:30 +00:00
martti
c775aec128 Import IPFilter 4.1.8 2005-04-03 15:01:04 +00:00
he
e3e9ad241e Get rid of a compiler warning saying "dereferencing type-punned pointer
will break strict-aliasing rules" by casting the argument to rn_inithead()
to (void*) instead of (void**).
2005-03-13 10:44:40 +00:00
dsl
4bcbdc6712 Reinstate the ntohs() on port numbers returned bu getport() 2005-02-20 21:44:51 +00:00
martin
5605ab81e0 Do not use bogus (long) casts and ntohl() on port numbers.
Only test for -1 error return from getport().
2005-02-20 21:15:37 +00:00
martti
460bbcc960 Upgraded IPFilter to 4.1.6 2005-02-19 21:30:24 +00:00
martti
76b5d9e30f Import IPFilter 4.1.6 2005-02-19 21:26:02 +00:00
martti
fdf846c8d1 REMOVED 2005-02-08 07:20:11 +00:00
martti
a023cb1d19 Upgraded IPFilter to 4.1.5 2005-02-08 07:01:52 +00:00
martti
4d6a62d250 Import IPFilter 4.1.5 2005-02-08 06:52:59 +00:00
wiz
959a1400b9 Remove duplicate description for -d. From Chris Ross in PR 29035. 2005-01-21 15:10:16 +00:00
lukem
a546e7bfc2 Fix compilation with -UUSE_INET6 2005-01-10 02:08:51 +00:00
martti
4ce4e7d229 Fixed ifdef logic 2005-01-04 12:36:02 +00:00
martti
92ee66b8a1 Note also src/regress/sys/kern/ipf 2004-12-30 13:12:01 +00:00
darrenr
32b2d1458b undo this last change, it did match fil.c - bad me. 2004-12-30 12:07:07 +00:00
martti
34a5ffc74e Use src/sys/dist/ipf/netinet instead of src/sys/netinet 2004-12-30 10:09:32 +00:00
darrenr
760d20de7a the bitmask array in this file should be the same as the one in fil.c if
rules with v6hdr options are going to match packets.  this sorts the array
by incrementing value of the v6 option.
2004-12-30 08:29:09 +00:00
darrenr
f314fbb0f1 Expand out an unused byte to give each NAT rule a protocol version field,
allowing rules to be set to match only ipv4/ipv6. And so ipnat must be updated
to actually set this field correctly but to keep things working for old
versions of ipnat (that will set this to 0), make the ioctl handler "update"
the 0 to a 4 to keep things working when people just upgrade kernels.  This
forces NAT rule matching to be limited to ipv4 only, here forward, fixing
kern/28662
2004-12-16 17:01:02 +00:00
christos
d1f40c5512 Make bpf use the cloning device 2004-12-01 23:51:36 +00:00
christos
f63af1b624 Use the cloning device if that is available 2004-12-01 23:49:27 +00:00
darrenr
f3736130c9 Fix a regression from 3.4 behaviour where the destination of a redirect rule
could be either a hostname or an IP address (now it can only be an IP#)
2004-11-21 03:44:59 +00:00
he
2befd828c2 Remove declaration of unused "cksum" variable. 2004-11-13 22:28:49 +00:00
he
4a9ab9770a Apply patch from Darren for the ctype() functions/macros.
Encapsulates the ctype() functions so that the casts are centralized.
2004-11-13 19:14:48 +00:00
he
76d82c7f1f Revert previous, paving the way for Darren's cleaner patch. 2004-11-13 18:43:49 +00:00
he
a46d912ed3 More instances of casts to usngiend char for the ctype functions.
Will also be sent to maintainer for inclusion in original.
2004-11-13 15:18:41 +00:00
he
29d6827a49 Add casts to unsigned char for arguments to ctype functions.
Note to be sent to Darren Reed for possible inclusion in master sources.
2004-11-13 14:36:29 +00:00
darrenr
541f8060fe In going from 3.4.x to 4.1.x, "state-age" became "age" but the input grammar
did not allow for backwards compatibility.

PR: kern/27590
2004-10-30 13:33:58 +00:00
darrenr
346ea4671b Fix bin/25972 and actually add a token to generate the value IPNY_TCPUDP
as expected by the grammar.
2004-10-03 20:37:17 +00:00
darrenr
857c5d7740 kern/27086 (should be bin/27086) - the "keep options" only allow one order,
not both as they should for proper backwards compatibility.
2004-10-03 20:18:49 +00:00
martti
dd39bdf1e1 Allow \ at the end of line so long lines can be splitted and made more
readable. Without this modification old IPF 3.x and 4.1.1 rules will not
work with IPF 4.1.3. Patch from Darren Reed.
2004-09-27 08:23:15 +00:00
martti
87c4b6357b Sync with official IPF 2004-07-23 07:18:14 +00:00
martti
a17d8fa0a5 Not needed in NetBSD 2004-07-23 05:42:27 +00:00
martti
7ff15b917f Upgraded IPFilter to 4.1.3 2004-07-23 05:39:03 +00:00
martti
9e82a8bf0d Import IPFilter 4.1.3 2004-07-23 05:33:55 +00:00
christos
fe028e1238 PR/26882: Matthew Mondor: ipfstat -t fails to restore termios tty state
if it fails for ipf disabled. Fix from Peter Postma.
2004-07-14 18:22:10 +00:00
christos
22b751b93d Play more games with yyvarnext to make numeric protocols work again.
Parsing an ambiguous language with an LR(1) parser is not the best
road to sanity.
2004-07-12 21:52:01 +00:00
christos
a998d914f3 make the code identical to 4.1.2 2004-07-12 18:09:39 +00:00
christos
065a08dedc Sprinkle yyvarnext assignment until the port and proto rules work again.
XXX: this is not nice.
2004-07-12 18:09:24 +00:00
christos
5e63f46756 PR/25991: Martin Husemann: ipnat.conf rules don't allow port/protocol names
Patch applied, but new we have a never reduced rule (dport)
2004-07-10 16:11:00 +00:00
christos
981c88b630 PR/25992: Grant Beattie: some protocol names in ipf.conf don't work
patch applied.
2004-07-10 15:38:28 +00:00
christos
b074ee3b58 Attempt to fix PR/25992 [protocol parsing] by bringing these files in from
4.1.2
2004-07-08 02:51:24 +00:00
christos
aa17268ea7 PR/25993: Grant Beattie: Ipf parser accepts invalid flags in rules 2004-06-29 22:33:25 +00:00
martti
09b9f88e19 Do no add NetBSD tags for IPv6 regression tests 2004-06-07 11:52:46 +00:00
christos
c06c3a3172 PR/24989: Arto Selonen: ipfilter 4.1.1 does not behave according to rules
in ipf.conf
2004-06-03 20:32:40 +00:00
christos
fa159ed2be PR/25594: Arto Huusko: LP64 sign extension bug in ipnat.
Fix: change to ioctlcmd_t as suggested by darren.
2004-05-26 20:32:48 +00:00