Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
221,871 Commits 606 Branches 0 Tags 3.1 GiB
Commit Graph

100 Commits

Author SHA1 Message Date
wiz 4fe1cb8b61 Remove trailing whitespace. 2013-09-20 21:30:49 +00:00
rmind f797733a7e - NPF: change the group/ruleset syntax - simplify. Update npf.conf(5) manual. 
- Add support for the inline pcap-filter(7) syntax in the rule, e.g.:
	block out final pcap-filter "tcp and dst 10.1.1.252"
 2013-09-20 03:03:52 +00:00
rmind f5730e945b npfctl: remove some n-code leftovers, fix the build, update the man pages. 2013-09-19 12:05:11 +00:00
rmind 7b5edfdc0d NPF: G/C n-code in favour of BPF byte-code. Delete lots of code, mmm! 2013-09-19 01:49:07 +00:00
rmind 4e592132ab - Convert NPF to use BPF byte-code by default. Compile BPF byte-code in 
npfctl(8) and generate separate marks to describe the filter criteria.
- Rewrite 'npfctl show' functionality and fix some of the bugs.
- npftest: add a test for BPF COP.
- Bump NPF_VERSION.
 2013-09-19 01:04:45 +00:00
rmind ce38978248 - Add NPF table flushing functionality. 
- Fix line numbering for npfctl debug command.
 2013-05-19 20:45:34 +00:00
christos 464306f9db always allow hex where decimal is allowed. 2013-05-09 19:12:03 +00:00
christos bc0f55de88 Make ALG's autoloadable by providing in the config file: 
alg "algname"
 2013-03-20 00:29:46 +00:00
rmind 543d2971ab - Extend npf.conf syntax to support dynamic NAT policies. 
- Imply dynamic group when using "ruleset" keyword.
 2013-03-18 02:17:49 +00:00
christos 29e670c87b more explicit syntax 2013-03-13 02:44:28 +00:00
christos 5f0daf8289 more todo's 2013-03-13 02:41:23 +00:00
christos b46215b9d2 add another 2013-03-13 02:36:51 +00:00
christos 668937be38 one more fixed 2013-03-11 16:38:31 +00:00
christos 08ba3be1b4 more breakage. 2013-03-11 02:12:15 +00:00
christos fce0192186 explain further. 2013-03-11 02:02:28 +00:00
christos 8493e8dcfc separate sess commands. 2013-03-11 00:39:32 +00:00
christos feb589a817 remove dup usage. 2013-03-11 00:34:43 +00:00
christos c85651a383 fix usage 2013-03-11 00:16:59 +00:00
christos 58bc4d4e58 handle port "ftp-data" 2013-03-11 00:09:07 +00:00
christos cd72feefe1 more 2013-03-11 00:05:36 +00:00
christos b58e208695 my laundry list 2013-03-11 00:04:46 +00:00
christos 2acab3345b centralize error handling and print what went wrong instead of "ioctl" 2013-03-10 23:59:00 +00:00
christos 8c8be406dd modules moved to /lib 2013-03-10 23:57:07 +00:00
christos e0620b41b3 deal with strings as interfaces 2013-03-10 23:11:26 +00:00
christos 9f5f8a86c5 normalise -> normalize 2013-03-10 21:55:40 +00:00
rmind e1515f844d Fix the example (deja vu?). 2013-03-10 21:17:30 +00:00
rmind 56910be779 - Convert NPF dynamic rule ID to just incremented 64-bit counter. 
- Fix multiple bugs.  Also, update the man page.
 2013-02-16 21:11:12 +00:00
rmind 82975ead3b Allow filtering on IP addresses even if the L4 protocol is unknown. 
Patch from spz@.
 2013-02-11 00:00:20 +00:00
rmind 50c5afcad4 - Fix NPF config reload with dynamic rules present. 
- Implement list and flush commands on a dynamic ruleset.
 2013-02-10 23:47:37 +00:00
rmind 0e21825481 NPF: 
- Implement dynamic NPF rules.  Controlled through npf(3) library of via
  npfctl rule command.  A rule can be removed using a unique identifier,
  returned on addition, or using a key which is SHA1 hash of the rule.
  Adjust npftest and add a regression test.
- Improvements to rule inspection mechanism.
- Initial BPF support as an alternative to n-code.
- Minor fixes; bump the version.
 2013-02-09 03:35:31 +00:00
spz a3b287e514 IPv6 linklocal address printing cosmetics 2013-02-01 05:40:07 +00:00
rmind 352f160615 - Rework NPF's nbuf interface: use advancing and ensuring as a main method. 
Eliminate unnecessary copy and simplify.  Adapt regression tests.
- Simplify ICMP ALG a little.  While here, handle ICMP ECHO for traceroute.
- Minor fixes, misc cleanup.
 2012-12-24 19:05:42 +00:00
rmind 57ff5416fd - Add NPF version check in proplist as well, not only ioctl. Bump the version. 
- Fix a bug in table entry lookup.
- Updates/fixes to the man pages.  Misc.
 2012-12-23 21:01:03 +00:00
rmind f960ba1c63 npfctl: add 'validate' command to check the config, but not load it. Update 
the man page.  Also add a small note about 'debug' command, PR/47298.
 2012-12-10 02:26:04 +00:00
rmind 7d7f70e66e - npf.conf(5): fix of the example config. 
- Mention npf_ext_log in a comment.
 2012-12-06 22:36:51 +00:00
rmind 5111d7eafd npfctl: extend syntax for extracting interface IP address(es) by the family. 2012-11-26 20:34:28 +00:00
rmind 4a1b0d45b2 npfctl(8): mention table listing. 2012-11-15 22:22:53 +00:00
rmind b4a9940e50 npfctl: switch to ecalloc(3). 2012-11-15 22:20:27 +00:00
rmind 7b016567c0 npfctl: switch to efun(3) routines. 2012-11-05 23:47:12 +00:00
christos 599362a983 put in /sbin 2012-11-01 03:21:49 +00:00
martin 73809d4025 gcc 4.1 is not smart enough to notice "arg" is only used when initialized 
correctly and produces a "might be used unintialized" warning.
 2012-10-31 08:54:39 +00:00
rmind 64647e51e4 Implement NPF table listing and preservation of entries on reload. 
Bump the version.
 2012-10-29 02:27:11 +00:00
rmind 3ed953299c Fix for npfctl show case. Improve some description while here. 2012-10-28 16:27:20 +00:00
rmind e7cdd21f2e npfctl/yyerror(): print the right line number if we already parsed the line. 2012-10-02 23:38:52 +00:00
wiz df3325de63 Wording, more macros. 2012-09-30 21:15:08 +00:00
rmind 395bd44a04 Add some content to the Procedures section. 2012-09-30 21:09:30 +00:00
wiz cda4ed683f Use more markup. New sentence, new line. 2012-09-30 13:15:03 +00:00
spz 34865a25d0 Add some content to the "Rules" section. 2012-09-30 12:59:31 +00:00
wiz c92c93101c Whitespace fixes, remove unnecessary Pp 
XXX: Subsections Rules and Procedures seem empty?
 2012-09-30 07:43:03 +00:00
rmind 703f289235 npf.conf(5): add syntax section and a first cut describing the structural 
elements.  Some improvements and fixes from spz@.
 2012-09-29 19:50:03 +00:00