Commit Graph

97 Commits

Author SHA1 Message Date
rmind
7d1dd86a47 - Fix man pages list for MKNPF=no case. Based on a patch from Scott Ellis.
- Fix build with MKNPF=yes and MKIPFILTER=no as well; close PR/44512.
2011-02-10 14:04:29 +00:00
rmind
07ac07d35f NPF checkpoint:
- Add libnpf(3) - a library to control NPF (configuration, ruleset, etc).
- Add NPF support for ftp-proxy(8).
- Add rc.d script for NPF.
- Convert npfctl(8) to use libnpf(3) and thus make it less depressive.
  Note: next clean-up step should be a parser, once dholland@ will finish it.
- Add more documentation.
- Various fixes.
2011-02-02 02:20:24 +00:00
christos
f4dfcf5469 warns=4 2010-12-13 01:45:38 +00:00
wiz
19e1a3b574 Bump date for new CAVEATS. 2010-04-12 21:28:23 +00:00
ahoka
0bb59a3f04 mention pfsync not working as a kernel module 2010-04-12 14:26:11 +00:00
joerg
bfbe4c3572 Use HUGE_VAL instead of INFINITY as positive infinity (or maximum value)
is good enough and the side effects of ISO C99 7.12 (4) are not desired.
2010-03-01 00:13:47 +00:00
ahoka
67bcc5b200 Remove the notice about pfsync not being supported, as we have it now. 2009-12-19 14:05:53 +00:00
martti
1a30996c87 Removed obsolete files. 2009-12-02 15:21:37 +00:00
martti
495b1f79b1 Initial version. 2009-12-02 15:07:09 +00:00
martti
77ad51d8d2 Initial version. 2009-12-01 06:27:57 +00:00
joerg
98ae2d6073 Do not use .Xo/.Xc to workaround ancient groff limits. 2009-10-14 17:44:25 +00:00
joerg
3c1f1e4f21 .Xr takes two arguments only. 2009-10-04 18:07:26 +00:00
degroote
33e10c238e Improve the pfsync(4) man page
hostname.if(5) is ifconfig.if(5) on NetBSD
Don't speak about enc, as we don't support it at the moment
Make clear that we don't support ipsec protection of pfsync traffic (as long we
doesn't support enc, or similar thing)

Catched by wiz@
2009-09-14 11:45:01 +00:00
wiz
f41e8ac844 <>& -> \*[Lt]\*[Gt]\*[Am]
Bump date for pfsync(4) link.
2009-09-14 11:17:49 +00:00
wiz
f8b0915e76 Fix Dd argument. 2009-09-14 11:17:42 +00:00
degroote
2d48ac808c Import pfsync support from OpenBSD 4.2
Pfsync interface exposes change in the pf(4) over a pseudo-interface, and can
be used to synchronise different pf.

This work was part of my 2009 GSoC

No objection on tech-net@
2009-09-14 10:36:48 +00:00
wiz
177b015b5d Remove references to securelevel(7) and ssl(8), which don't exist.
From Jukka Ruohonen.
2009-09-10 13:17:39 +00:00
minskim
0997da05f2 Correct the #ifdef test for struct ifdatareq. 2009-08-07 16:37:12 +00:00
christos
6c781e23d6 use the proper structure to get interface data. We depend on having the
NetBSD-specific ZIFDATA call to do the selection of the ioctl style.
From Patrick Welche.
2009-07-15 18:05:17 +00:00
roy
7027866a09 Rename internal getline() function to get_line() so it does
conflict with the soon to be added getline(3) libc function.
2009-07-13 19:05:39 +00:00
minskim
bea661fe98 Reduce diff with OpenBSD. No functional change. 2009-06-16 05:16:52 +00:00
minskim
da9817918e Reduce diff with OpenBSD by deleting whitespace. 2009-06-16 02:18:07 +00:00
reed
9fc4d3902e Fix roff formatting for ->
by adding an \ such as document in mdoc.7

This was reported in 41276
2009-04-24 16:48:58 +00:00
perry
4bfc10355c add missing commas to .Dd fix, pointed out by wiz 2009-03-22 14:29:34 +00:00
perry
c8a35b6227 OpenBSD uses a custom CVS hack to handle Dd fields ($Mdocdate$) which
we don't have. Replace ".Dd $Mdocdate" with ".Dd Month Day Year" so
that the date comes out right when man pages get built. This will
doubtless need hand conflict resolution whenever these pages are
re-imported.

Note that it would be interesting to have some similar facility for
NetBSD, but I don't think a custom rcs keyword is the right thing --
maybe we can teach groff to parse $Date$
2009-03-21 00:15:52 +00:00
christos
5dd7ea59ad fix time_t format. 2008-12-29 04:13:28 +00:00
yamt
fff57c5525 merge yamt-pf42 branch.
(import newer pf from OpenBSD 4.2)

ok'ed by peter@.  requested by core@
2008-06-18 09:06:25 +00:00
dyoung
f72063f0c8 Note NSF support. 2008-05-15 04:16:00 +00:00
martin
ce099b4099 Remove clause 3 and 4 from TNF licenses 2008-04-28 20:22:51 +00:00
matt
e0eafe6e38 infile is const char *, not char * 2008-02-20 18:20:21 +00:00
matt
ccfd1d4480 errbuf is [], not *. 2008-02-20 18:19:18 +00:00
wiz
6ffc795bbf New sentence, new line. Add comma in enumeration. 2007-12-03 18:19:08 +00:00
pavel
cac90c847b Mention the ipf mode in more places, xref pf.conf(5) or ipnat.conf(5)
when speaking about the configuration file commands. Bump date.
2007-11-12 17:14:28 +00:00
pavel
7fa608457b Do not use ntohs() on TCP ports passed to the NAT lookup ioctl, apparently
they are expected in network order. Makes the proxy in ipf mode actually
work (but tested only on NetBSD 3.0).
2007-11-12 17:05:13 +00:00
tls
67fcd29261 Do not include internal header files from libpcap without setting the
feature-test macros they use.  Really, of course, this code should not
include such header files at all.
2007-05-28 11:55:19 +00:00
dyoung
e096ddfc8a Document state policy flags for 'nat' and 'rdr' rules. 2007-05-10 23:03:22 +00:00
dyoung
f7748bc6aa pfctl: extend pf.conf(5) syntax. Let the operator supply an optional
"state lock" flag (if-bound, gr-bound, floating) at the end of a
NAT rule.  The new syntax is backwards-compatbile with the old
syntax.

PF (kernel): change the macro BOUND_IFACE() to the inline function
bound_iface(), and add a new argument, the applicable NAT rule.
Use both the flags on the applicable filter rule and on the applicable
NAT rule to decide whether or not to bind a state to the interface
or the group where it is created.
2007-05-10 22:30:54 +00:00
christos
5b239d0be1 PR/35039: jklowden: Fix example to include -i or -p for ipf or pf. 2006-11-12 06:24:08 +00:00
peter
dd191f37f3 Merge the peter-altq branch.
(sync with KAME & add support for using ALTQ with pf(4)).
2006-10-12 19:59:07 +00:00
rpaulo
1921cb5602 PR 30870: Add user ``_proxy'' and make pf's ftp-proxy use it.
Initial patch by rivo nurges, thanks!
2006-10-07 15:10:17 +00:00
christos
5e4126c34c Coverity CID 3498: Don't return after yyerror(); cleanup first. 2006-09-27 15:35:12 +00:00
wiz
e89f828c3b From jmc@openbsd:
revision 1.352
date: 2006/08/02 11:45:56;  author: dhartmei;  state: Exp;  lines: +2 -2
in the BNF section, note that a comma is optional, closes PR 5191
2006-09-17 13:53:33 +00:00
peter
a916e7d758 Document the "tos" keyword. Spotted by maxim bourmistrov, patch supplied by
jared r r spiegel and forwarded by Thomas Klausner via Jason McIntyre.
2006-08-10 12:30:49 +00:00
pavel
5145dd52fa Belatedly Bump date after my not-so-recent changes. 2006-08-07 20:57:56 +00:00
peter
3942d3e2ab Revert previous and fix properly.
- The array must be NULL terminated because other code depends on it.
- Use this terminator to check if we're at the end of the array instead
  of doing sizeof(pf_timeouts) / sizeof(pf_timeouts[0]).
2006-07-03 20:26:19 +00:00
pavel
f705cb5488 We do not support pfsync, so:
- remove xrefs to pfsync(4)
- remove the no-sync keyword from pf.conf(5)
- add a note to pf(4).

Approved by Peter Postma.
2006-04-26 18:14:19 +00:00
pavel
e3b35bceeb The "group" keyword is not supported in NetBSD, so:
- add a CAVEATS section to pf(4) and note it
- in the description in pf.conf(5) say it is unsupported
- remove it from the grammar in pf.conf(5).

Approved by Peter Postma.
2006-04-26 17:55:33 +00:00
christos
b2f6added5 Coverity CID 577: remove dead code; minburst can never be 0 at this point. 2006-03-21 20:49:54 +00:00
christos
e46022bb52 Coverity CID 1514: Don't access static array beyond the end of it.
In this case PFTM_MAX == 20 and sizeof(pf_timeouts) / sizeof(pf_timeouts[0])
== 21, using a loop with the size of the array and checking for reaching the
end of the loop via j == PFTM_MAX does not work. Change the loop to use
PFTM_MAX as the upper bound and add an assertion in the code to make sure
that pf_timeouts is large enough. Finally remove last NULL element of the
array so that the array has 20 elements again.
2006-03-21 20:47:27 +00:00
christos
1a21d9be9f Coverity CID 2057: Don't forget to free tcpopts when you are done. 2006-03-21 20:31:56 +00:00