summaryrefslogtreecommitdiffstats
path: root/contrib/ipfilter/tools
Commit message (Collapse)AuthorAgeFilesLines
* MFC r315368:cy2017-05-303-4/+4
| | | | | | | | | | | | | | | | | | | | | | calloc() and realloc() modernization. This commit replaces calloc calls, which called calloc() as if it were malloc() by allocating a multiple of objects as a sizeof multiplied by the number of objects. The patch rectifies this by calling calloc() as it was meant to be called. This commit also replaces realloc() with reallocarray() in a similar fashion as above. Instead of calculating the memory to reallocated (changed) by multiplying sizeof by the number of objects, the sizeof and number are passed as separate arguments to reallocarray(), letting reallocarray() do the multiplication instead. Like the calloc() adjustment above, this is approach is cleaner and more elegant than than the previous code. This has been tested on my production firewall and a laptop (also running ipfilter). Submitted by: pfg
* MFC 317830:cy2017-05-121-0/+2
| | | | Ifdef out a redundant if statement when INET6 is disabled.
* Revert r318203: Neglected to put "MFC 318203:" in the log.cy2017-05-121-2/+0
| | | | Pointy hat to: cy
* Ifdef out a redundant if statement when INET6 is disabled.cy2017-05-121-0/+2
|
* MFC r316993, r316994, r316997 as follows:cy2017-04-231-0/+5
| | | | | | | | | | | | | | | | | | | | | | r316993: Fix CID 1372601 in ipfilter/lib/parsefields.c, possible NULL pointer dereference should reallocarray() fail. Reported by: Coverity CID 1372601 r316994: Fix CID 1372600 in ipfilter/tools/ipf_y.y, possible NULL pointer dereference should reallocarray() fail. Reported by: Coverity CID 1372600 r316997: Use warnx() to issue error message. Reported by: cem
* MFC r312791:cy2017-02-091-2/+1
| | | | | | Use normal KNF cuddling of elses. Reported by: bde
* MFC r312777, r312780:cy2017-02-081-4/+7
| | | | | Issue an error message when an incorrect flush argument is encountered (and style fixup).
* Remove dead code.cy2016-06-301-17/+0
| | | | | Approved by: re@ (hrs@) MFC after: 1 week
* Revert r288682ngie2015-10-0522-0/+19162
| | | | | | I meant to do this on ^/user/ngie/more-tests Pointyhat to: ngie (use svn info next time...)
* Remove some paths preparing for a re-copy from headngie2015-10-0522-19162/+0
|
* ipf(1): Use strchr(3) instead of deprecated index(3)emaste2015-05-221-1/+1
| | | | | | | Reviewed by: cy MFC after: 1 week Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D2607
* Stop including if_var.h from userland.glebius2015-04-065-15/+0
| | | | Sponsored by: Nginx, Inc.
* o Use new function ip_fillid() in all places throughout the kernel,glebius2015-04-011-0/+8
| | | | | | | | | | | | | | | | | where we want to create a new IP datagram. o Add support for RFC6864, which allows to set IP ID for atomic IP datagrams to any value, to improve performance. The behaviour is controlled by net.inet.ip.rfc6864 sysctl knob, which is enabled by default. o In case if we generate IP ID, use counter(9) to improve performance. o Gather all code related to IP ID into ip_id.c. Differential Revision: https://reviews.freebsd.org/D2177 Reviewed by: adrian, cy, rpaulo Tested by: Emeric POUPON <emeric.poupon stormshield.eu> Sponsored by: Netflix Sponsored by: Nginx, Inc. Relnotes: yes
* #552 destination port not zero after parsing nat rulecy2014-09-221-9/+13
| | | | | Approved by: glebius (mentor) Obtained from: netbsd CVS repo (r1.4), ipfilter CVS repo (r1.38)
* 3561691 gethost never returns an ipv6 addresscy2014-09-221-7/+9
| | | | | Approved by: glebius (mentor) Obtained from: ipfilter CVS repo (r1.34), netbsd CVS repo (r1.4)
* #551 ipf.conf address structure not properly zero filledcy2014-09-221-11/+21
| | | | | Approved by: glebius (mentor) Obtained from: ipfilter CVS repo (r1.37), netbsd CVS repo (r1.3)
* Update ipfilter 4.1.28 --> 5.1.2.cy2013-09-0621-2645/+6487
|\ | | | | | | | | Approved by: glebius (mentor) BSD Licensed by: Darren Reed <darrenr@reed.wattle.id.au> (author)
| * As per the developers handbook (5.3.1 step 1), prepare the vendor trees forcy2013-07-1921-15271/+0
| | | | | | | | | | | | | | | | import of new ipfilter vendor sources by flattening them. To keep the tags consistent with dist, the tags are also flattened. Approved by: glebius (Mentor)
| * Import IPFilter 4.1.28darrenr2007-10-186-26/+163
| |
* | Use pcap's bpf header, not our own copy of it.rpaulo2010-10-291-2/+0
| |
* | Fix a typo that causes the for loop to exit immediately. There'srdivacky2009-06-161-1/+1
| | | | | | | | | | | | | | | | identical loop a few lines above. Reviewed by: sam Approved by: ed (mentor) Silence from: darrenr (maintainer)
* | 2020447 IPFilter's NAT can undo name server random port selectiondarrenr2008-07-241-3/+9
| | | | | | | | | | | | Approved by: darrenr MFC after: 1 week Security: CERT VU#521769
* | Pullup IPFilter 4.1.28 from the vendor branch into HEAD.darrenr2007-10-186-25/+161
| | | | | | | | MFC after: 7 days
* | ipfstat should parse "any" when used with -D/-S command line optionsdarrenr2007-06-241-1/+2
| | | | | | | | | | | | | | PR: bin/113879 Submitted by: kabe@sra-tohoku.co.jp Reviewed by: darrenr Approved by: re
* | Merge IPFilter 4.1.23 back to HEADdarrenr2007-06-0418-387/+1219
| | | | | | | | See src/contrib/ipfilter/HISTORY for details of changes since 4.1.13
* | This commit was generated by cvs2svn to compensate for changes in r170263,darrenr2007-06-041-1/+5
|\ \ | |/ | | | | which included commits to RCS files with non-trunk default branches.
| * Import IPFilter 4.1.23 to vendor branch.darrenr2007-06-0419-391/+1233
| | | | | | | | See src/contrib/ipfilter/HISTORY for details of changes since 4.1.13
| * Import IP Filter 4.1.13guido2006-08-1611-92/+188
| |
| * Import IP Filter 4.1.10guido2005-12-3018-92/+105
| |
* | Resolve conflictsguido2006-08-1611-92/+188
| | | | | | | | MFC after: 1 weeks
* | fix "ipf -Z" reporting rubbish and possibly panic'ing boxdarrenr2006-04-181-3/+9
| | | | | | | | MFC after: 4 days
* | Resolve conflicts (and believe me...you don't want to know).guido2005-12-3010-53/+101
| |
* | arm defaults to unsigned char as well.cognet2005-05-241-1/+1
| |
* | Enable building /sbin/ipf (but not the rescue version) with the ability todarrenr2005-05-161-1/+2
| | | | | | | | parse bpf strings for filter rules in ipf.conf
* | Fix tinderbox build on ppc.grehan2005-05-081-1/+1
| | | | | | | | Requested by: mlaier
* | Patches from Ruslam Ermilov to remove NetBSD bits from Makefiles and cleanupdarrenr2005-04-281-1/+1
| | | | | | | | build problems with rescue.
* | Fix include directives that were missing the netinet include directory, wheredarrenr2005-04-262-2/+2
| | | | | | | | | | the ipl.h file is found. Also add back in ip_fil.c, which somehow went missing in action.
* | * Someone imported a lot of files with the wrong CVS tag, so lots of files needdarrenr2005-04-2518-18/+18
|/ | | | | that fixed in them.... * Keep unnecessary files out of the non-vendor part of this CVS repository.
* import ipfilter 4.1.8 into the vendor branchdarrenr2005-04-2521-0/+14183
OpenPOWER on IntegriCloud