Commit Graph

85 Commits

Author SHA1 Message Date
degroote 33e10c238e Improve the pfsync(4) man page
hostname.if(5) is ifconfig.if(5) on NetBSD
Don't speak about enc, as we don't support it at the moment
Make clear that we don't support ipsec protection of pfsync traffic (as long we
doesn't support enc, or similar thing)

Catched by wiz@
2009-09-14 11:45:01 +00:00
wiz f41e8ac844 <>& -> \*[Lt]\*[Gt]\*[Am]
Bump date for pfsync(4) link.
2009-09-14 11:17:49 +00:00
wiz f8b0915e76 Fix Dd argument. 2009-09-14 11:17:42 +00:00
degroote 2d48ac808c Import pfsync support from OpenBSD 4.2
Pfsync interface exposes change in the pf(4) over a pseudo-interface, and can
be used to synchronise different pf.

This work was part of my 2009 GSoC

No objection on tech-net@
2009-09-14 10:36:48 +00:00
wiz 177b015b5d Remove references to securelevel(7) and ssl(8), which don't exist.
From Jukka Ruohonen.
2009-09-10 13:17:39 +00:00
minskim 0997da05f2 Correct the #ifdef test for struct ifdatareq. 2009-08-07 16:37:12 +00:00
christos 6c781e23d6 use the proper structure to get interface data. We depend on having the
NetBSD-specific ZIFDATA call to do the selection of the ioctl style.
From Patrick Welche.
2009-07-15 18:05:17 +00:00
roy 7027866a09 Rename internal getline() function to get_line() so it does
conflict with the soon to be added getline(3) libc function.
2009-07-13 19:05:39 +00:00
minskim bea661fe98 Reduce diff with OpenBSD. No functional change. 2009-06-16 05:16:52 +00:00
minskim da9817918e Reduce diff with OpenBSD by deleting whitespace. 2009-06-16 02:18:07 +00:00
reed 9fc4d3902e Fix roff formatting for ->
by adding an \ such as document in mdoc.7

This was reported in 41276
2009-04-24 16:48:58 +00:00
perry 4bfc10355c add missing commas to .Dd fix, pointed out by wiz 2009-03-22 14:29:34 +00:00
perry c8a35b6227 OpenBSD uses a custom CVS hack to handle Dd fields ($Mdocdate$) which
we don't have. Replace ".Dd $Mdocdate" with ".Dd Month Day Year" so
that the date comes out right when man pages get built. This will
doubtless need hand conflict resolution whenever these pages are
re-imported.

Note that it would be interesting to have some similar facility for
NetBSD, but I don't think a custom rcs keyword is the right thing --
maybe we can teach groff to parse $Date$
2009-03-21 00:15:52 +00:00
christos 5dd7ea59ad fix time_t format. 2008-12-29 04:13:28 +00:00
yamt fff57c5525 merge yamt-pf42 branch.
(import newer pf from OpenBSD 4.2)

ok'ed by peter@.  requested by core@
2008-06-18 09:06:25 +00:00
dyoung f72063f0c8 Note NSF support. 2008-05-15 04:16:00 +00:00
martin ce099b4099 Remove clause 3 and 4 from TNF licenses 2008-04-28 20:22:51 +00:00
matt e0eafe6e38 infile is const char *, not char * 2008-02-20 18:20:21 +00:00
matt ccfd1d4480 errbuf is [], not *. 2008-02-20 18:19:18 +00:00
wiz 6ffc795bbf New sentence, new line. Add comma in enumeration. 2007-12-03 18:19:08 +00:00
pavel cac90c847b Mention the ipf mode in more places, xref pf.conf(5) or ipnat.conf(5)
when speaking about the configuration file commands. Bump date.
2007-11-12 17:14:28 +00:00
pavel 7fa608457b Do not use ntohs() on TCP ports passed to the NAT lookup ioctl, apparently
they are expected in network order. Makes the proxy in ipf mode actually
work (but tested only on NetBSD 3.0).
2007-11-12 17:05:13 +00:00
tls 67fcd29261 Do not include internal header files from libpcap without setting the
feature-test macros they use.  Really, of course, this code should not
include such header files at all.
2007-05-28 11:55:19 +00:00
dyoung e096ddfc8a Document state policy flags for 'nat' and 'rdr' rules. 2007-05-10 23:03:22 +00:00
dyoung f7748bc6aa pfctl: extend pf.conf(5) syntax. Let the operator supply an optional
"state lock" flag (if-bound, gr-bound, floating) at the end of a
NAT rule.  The new syntax is backwards-compatbile with the old
syntax.

PF (kernel): change the macro BOUND_IFACE() to the inline function
bound_iface(), and add a new argument, the applicable NAT rule.
Use both the flags on the applicable filter rule and on the applicable
NAT rule to decide whether or not to bind a state to the interface
or the group where it is created.
2007-05-10 22:30:54 +00:00
christos 5b239d0be1 PR/35039: jklowden: Fix example to include -i or -p for ipf or pf. 2006-11-12 06:24:08 +00:00
peter dd191f37f3 Merge the peter-altq branch.
(sync with KAME & add support for using ALTQ with pf(4)).
2006-10-12 19:59:07 +00:00
rpaulo 1921cb5602 PR 30870: Add user ``_proxy'' and make pf's ftp-proxy use it.
Initial patch by rivo nurges, thanks!
2006-10-07 15:10:17 +00:00
christos 5e4126c34c Coverity CID 3498: Don't return after yyerror(); cleanup first. 2006-09-27 15:35:12 +00:00
wiz e89f828c3b From jmc@openbsd:
revision 1.352
date: 2006/08/02 11:45:56;  author: dhartmei;  state: Exp;  lines: +2 -2
in the BNF section, note that a comma is optional, closes PR 5191
2006-09-17 13:53:33 +00:00
peter a916e7d758 Document the "tos" keyword. Spotted by maxim bourmistrov, patch supplied by
jared r r spiegel and forwarded by Thomas Klausner via Jason McIntyre.
2006-08-10 12:30:49 +00:00
pavel 5145dd52fa Belatedly Bump date after my not-so-recent changes. 2006-08-07 20:57:56 +00:00
peter 3942d3e2ab Revert previous and fix properly.
- The array must be NULL terminated because other code depends on it.
- Use this terminator to check if we're at the end of the array instead
  of doing sizeof(pf_timeouts) / sizeof(pf_timeouts[0]).
2006-07-03 20:26:19 +00:00
pavel f705cb5488 We do not support pfsync, so:
- remove xrefs to pfsync(4)
- remove the no-sync keyword from pf.conf(5)
- add a note to pf(4).

Approved by Peter Postma.
2006-04-26 18:14:19 +00:00
pavel e3b35bceeb The "group" keyword is not supported in NetBSD, so:
- add a CAVEATS section to pf(4) and note it
- in the description in pf.conf(5) say it is unsupported
- remove it from the grammar in pf.conf(5).

Approved by Peter Postma.
2006-04-26 17:55:33 +00:00
christos b2f6added5 Coverity CID 577: remove dead code; minburst can never be 0 at this point. 2006-03-21 20:49:54 +00:00
christos e46022bb52 Coverity CID 1514: Don't access static array beyond the end of it.
In this case PFTM_MAX == 20 and sizeof(pf_timeouts) / sizeof(pf_timeouts[0])
== 21, using a loop with the size of the array and checking for reaching the
end of the loop via j == PFTM_MAX does not work. Change the loop to use
PFTM_MAX as the upper bound and add an assertion in the code to make sure
that pf_timeouts is large enough. Finally remove last NULL element of the
array so that the array has 20 elements again.
2006-03-21 20:47:27 +00:00
christos 1a21d9be9f Coverity CID 2057: Don't forget to free tcpopts when you are done. 2006-03-21 20:31:56 +00:00
peter 11f7fb17d4 Fix file descriptor leaks.
Coverity CID 1681.
2006-03-17 15:50:44 +00:00
peter c4add27fee Fix a few Xrefs. 2005-08-07 01:05:51 +00:00
peter 3592744c86 Remove Xref to securelevel(7), we don't have it. 2005-08-07 00:53:13 +00:00
rpaulo 8a5e2a50be ftp-proxy -i also supports '-R address[:port]' and '-S address'.
ok peter@
2005-07-29 21:34:18 +00:00
peter f9967d10c9 Resolve conflicts (pf from OpenBSD 3.7, userland part). 2005-07-01 12:43:50 +00:00
peter bf1e9b32e2 Remove the distribution files of spamd. Future imports of pf will not
include spamd anymore.
2005-06-29 09:55:22 +00:00
lukem 4952bc0ec3 appease gcc -Wuninitialized 2005-06-02 09:58:55 +00:00
jwise c48b1f0323 If path to /etc/spamd.conf is passed in on cpp command line, don't override it. 2005-04-12 14:35:36 +00:00
jwise 20e85ad185 Instead of hardcoding /var/chroot/spamd in two places, use a macro
SPAMD_CHROOT, which is passed in by src/usr.sbin/pf/spamd/Makefile.
2005-04-12 14:22:43 +00:00
peter 94921da3bb Changes to build on NetBSD:
* #ifdef out some things we don't have or do differently.
* Write struct "pcap_sf_pkthdr" instead of "pcap_pkthdr".
  Fixes an LP64 specific problem with reading the pflog with tcpdump(8).
  (OpenBSD fixed this by changing the structs to always use 32-bit fields)

Reviewed by yamt@.
2005-03-15 16:26:49 +00:00
peter 0a9aa9779a Install pf(4) examples. Reviewed by yamt@.
Thanks to hubertf@ for the reminder.
2005-03-15 16:05:03 +00:00
peter 1c9b56c830 Add MKIPFILTER; if set to no, don't build and install the ipf(4) programs,
headers and LKM.

Add MKPF; if set to no, don't build and install the pf(4) programs,
headers, LKM and spamd.

Both options default to yes, so nothing changed in the default build.

Reviewed by lukem.
2005-02-22 14:39:58 +00:00