wiz
4fe1cb8b61
Remove trailing whitespace.
2013-09-20 21:30:49 +00:00
rmind
f797733a7e
- NPF: change the group/ruleset syntax - simplify. Update npf.conf(5) manual.
...
- Add support for the inline pcap-filter(7) syntax in the rule, e.g.:
block out final pcap-filter "tcp and dst 10.1.1.252"
2013-09-20 03:03:52 +00:00
rmind
f5730e945b
npfctl: remove some n-code leftovers, fix the build, update the man pages.
2013-09-19 12:05:11 +00:00
rmind
7b5edfdc0d
NPF: G/C n-code in favour of BPF byte-code. Delete lots of code, mmm!
2013-09-19 01:49:07 +00:00
rmind
4e592132ab
- Convert NPF to use BPF byte-code by default. Compile BPF byte-code in
...
npfctl(8) and generate separate marks to describe the filter criteria.
- Rewrite 'npfctl show' functionality and fix some of the bugs.
- npftest: add a test for BPF COP.
- Bump NPF_VERSION.
2013-09-19 01:04:45 +00:00
rmind
ce38978248
- Add NPF table flushing functionality.
...
- Fix line numbering for npfctl debug command.
2013-05-19 20:45:34 +00:00
christos
464306f9db
always allow hex where decimal is allowed.
2013-05-09 19:12:03 +00:00
christos
bc0f55de88
Make ALG's autoloadable by providing in the config file:
...
alg "algname"
2013-03-20 00:29:46 +00:00
rmind
543d2971ab
- Extend npf.conf syntax to support dynamic NAT policies.
...
- Imply dynamic group when using "ruleset" keyword.
2013-03-18 02:17:49 +00:00
christos
29e670c87b
more explicit syntax
2013-03-13 02:44:28 +00:00
christos
5f0daf8289
more todo's
2013-03-13 02:41:23 +00:00
christos
b46215b9d2
add another
2013-03-13 02:36:51 +00:00
christos
668937be38
one more fixed
2013-03-11 16:38:31 +00:00
christos
08ba3be1b4
more breakage.
2013-03-11 02:12:15 +00:00
christos
fce0192186
explain further.
2013-03-11 02:02:28 +00:00
christos
8493e8dcfc
separate sess commands.
2013-03-11 00:39:32 +00:00
christos
feb589a817
remove dup usage.
2013-03-11 00:34:43 +00:00
christos
c85651a383
fix usage
2013-03-11 00:16:59 +00:00
christos
58bc4d4e58
handle port "ftp-data"
2013-03-11 00:09:07 +00:00
christos
cd72feefe1
more
2013-03-11 00:05:36 +00:00
christos
b58e208695
my laundry list
2013-03-11 00:04:46 +00:00
christos
2acab3345b
centralize error handling and print what went wrong instead of "ioctl"
2013-03-10 23:59:00 +00:00
christos
8c8be406dd
modules moved to /lib
2013-03-10 23:57:07 +00:00
christos
e0620b41b3
deal with strings as interfaces
2013-03-10 23:11:26 +00:00
christos
9f5f8a86c5
normalise -> normalize
2013-03-10 21:55:40 +00:00
rmind
e1515f844d
Fix the example (deja vu?).
2013-03-10 21:17:30 +00:00
rmind
56910be779
- Convert NPF dynamic rule ID to just incremented 64-bit counter.
...
- Fix multiple bugs. Also, update the man page.
2013-02-16 21:11:12 +00:00
rmind
82975ead3b
Allow filtering on IP addresses even if the L4 protocol is unknown.
...
Patch from spz@.
2013-02-11 00:00:20 +00:00
rmind
50c5afcad4
- Fix NPF config reload with dynamic rules present.
...
- Implement list and flush commands on a dynamic ruleset.
2013-02-10 23:47:37 +00:00
rmind
0e21825481
NPF:
...
- Implement dynamic NPF rules. Controlled through npf(3) library of via
npfctl rule command. A rule can be removed using a unique identifier,
returned on addition, or using a key which is SHA1 hash of the rule.
Adjust npftest and add a regression test.
- Improvements to rule inspection mechanism.
- Initial BPF support as an alternative to n-code.
- Minor fixes; bump the version.
2013-02-09 03:35:31 +00:00
spz
a3b287e514
IPv6 linklocal address printing cosmetics
2013-02-01 05:40:07 +00:00
rmind
352f160615
- Rework NPF's nbuf interface: use advancing and ensuring as a main method.
...
Eliminate unnecessary copy and simplify. Adapt regression tests.
- Simplify ICMP ALG a little. While here, handle ICMP ECHO for traceroute.
- Minor fixes, misc cleanup.
2012-12-24 19:05:42 +00:00
rmind
57ff5416fd
- Add NPF version check in proplist as well, not only ioctl. Bump the version.
...
- Fix a bug in table entry lookup.
- Updates/fixes to the man pages. Misc.
2012-12-23 21:01:03 +00:00
rmind
f960ba1c63
npfctl: add 'validate' command to check the config, but not load it. Update
...
the man page. Also add a small note about 'debug' command, PR/47298.
2012-12-10 02:26:04 +00:00
rmind
7d7f70e66e
- npf.conf(5): fix of the example config.
...
- Mention npf_ext_log in a comment.
2012-12-06 22:36:51 +00:00
rmind
5111d7eafd
npfctl: extend syntax for extracting interface IP address(es) by the family.
2012-11-26 20:34:28 +00:00
rmind
4a1b0d45b2
npfctl(8): mention table listing.
2012-11-15 22:22:53 +00:00
rmind
b4a9940e50
npfctl: switch to ecalloc(3).
2012-11-15 22:20:27 +00:00
rmind
7b016567c0
npfctl: switch to efun(3) routines.
2012-11-05 23:47:12 +00:00
christos
599362a983
put in /sbin
2012-11-01 03:21:49 +00:00
martin
73809d4025
gcc 4.1 is not smart enough to notice "arg" is only used when initialized
...
correctly and produces a "might be used unintialized" warning.
2012-10-31 08:54:39 +00:00
rmind
64647e51e4
Implement NPF table listing and preservation of entries on reload.
...
Bump the version.
2012-10-29 02:27:11 +00:00
rmind
3ed953299c
Fix for npfctl show case. Improve some description while here.
2012-10-28 16:27:20 +00:00
rmind
e7cdd21f2e
npfctl/yyerror(): print the right line number if we already parsed the line.
2012-10-02 23:38:52 +00:00
wiz
df3325de63
Wording, more macros.
2012-09-30 21:15:08 +00:00
rmind
395bd44a04
Add some content to the Procedures section.
2012-09-30 21:09:30 +00:00
wiz
cda4ed683f
Use more markup. New sentence, new line.
2012-09-30 13:15:03 +00:00
spz
34865a25d0
Add some content to the "Rules" section.
2012-09-30 12:59:31 +00:00
wiz
c92c93101c
Whitespace fixes, remove unnecessary Pp
...
XXX: Subsections Rules and Procedures seem empty?
2012-09-30 07:43:03 +00:00
rmind
703f289235
npf.conf(5): add syntax section and a first cut describing the structural
...
elements. Some improvements and fixes from spz@.
2012-09-29 19:50:03 +00:00