summaryrefslogtreecommitdiffstats
path: root/contrib/ipfilter
Commit message (Collapse)AuthorAgeFilesLines
* MFC r283295: ipf(1): Use strchr(3) instead of deprecated index(3)emaste2015-05-291-1/+1
| | | | Sponsored by: The FreeBSD Foundation
* MFC r271978cy2014-10-121-9/+13
| | | | | | ipfilter bug #552 destination port not zero after parsing nat rule. Obtained from: netbsd CVS repo (r1.4), ipfilter CVS repo (r1.38)
* MFC r271977cy2014-10-121-7/+9
| | | | | | 3561691 gethost never returns an ipv6 address Obtained from: ipfilter CVS repo (r1.34), netbsd CVS repo (r1.4)
* MFC r271974cy2014-10-121-11/+21
| | | | | | ipfilter bug #551 ipf.conf address structure not properly zero filled. Obtained from: ipfilter CVS repo (r1.37), netbsd CVS repo (r1.3)
* MFC r271972cy2014-10-121-2/+4
| | | | | | Fix ipfilter bug #536 ipnat can try to print rule as dstlist incorrectly. Obtained from: ipfilter CVS repo (r1.14), netbsd CVS repo (r1.3)
* MFC r271971cy2014-10-121-0/+1
| | | | | | Fix ipfilter bug #553 gethost needs to zero entire IP address structure. Obtained from: ipfilter CVS repo (r1.11)
* MFC r271970cy2014-10-121-4/+4
| | | | | | ipv6 address for test.hosts.dots in wrong byte order. Obtained from: ipfilter CVS repo (r1.11), netbsd CVS repo (r1.5)
* MFC r268532 and r268585. When world and kernel are built without INET6cy2014-07-211-0/+2
| | | | | | | support, the userland was still built with INET6 turned on. PR: 190964 Approved by: glebius (mentor, implicit)
* MFC r268286: Fix compile-time errors when NO_WERROR and WITHOUT_INET6_SUPPORTcy2014-07-124-4/+4
| | | | | | (NO_INET6) are specified. Approved by: glebius (mentor)
* Remove redundant files.cy2013-09-21529-30779/+0
| | | | | Approved by: glebius (mentor) Approved by: re (blanket)
* Check return code from inet_pton.cy2013-09-211-1/+13
| | | | | | Discovered by: Coverity. Approved by: glebius (mentor) Approved by: re (blanket)
* Update ipfilter 4.1.28 --> 5.1.2.cy2013-09-06579-11711/+39290
|\ | | | | | | | | Approved by: glebius (mentor) BSD Licensed by: Darren Reed <darrenr@reed.wattle.id.au> (author)
| * As per the developers handbook (5.3.1 step 1), prepare the vendor trees forcy2013-07-19794-133028/+0
| | | | | | | | | | | | | | | | import of new ipfilter vendor sources by flattening them. To keep the tags consistent with dist, the tags are also flattened. Approved by: glebius (Mentor)
* | Retire struct sockaddr_inarp.glebius2013-01-311-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Since ARP and routing are separated, "proxy only" entries don't have any meaning, thus we don't need additional field in sockaddr to pass SIN_PROXY flag. New kernel is binary compatible with old tools, since sizes of sockaddr_inarp and sockaddr_in match, and sa_family are filled with same value. The structure declaration is left for compatibility with third party software, but in tree code no longer use it. Reviewed by: ru, andre, net@
* | Clean some 'svn:executable' properties in the tree.pfg2013-01-262-0/+0
| | | | | | | | | | Submitted by: Christoph Mallon MFC after: 3 days
* | Fix paths for example files.markm2010-11-182-2/+2
| |
* | Use pcap's bpf header, not our own copy of it.rpaulo2010-10-291-2/+0
| |
* | Comment in the BUGS section header. Matches what's in ipfilter 5.10.brueffer2010-05-121-1/+1
| | | | | | | | | | | | PR: 144880 Submitted by: Glen Barber <glen.j.barber@gmail.com> MFC after: 1 week
* | Remove unneeded include of <sys/timeb.h>.ed2010-03-091-1/+0
| | | | | | | | This header file should not be included by anything.
* | fix spelling mistakedarrenr2009-11-191-1/+1
| |
* | Fix a typo that causes the for loop to exit immediately. There'srdivacky2009-06-161-1/+1
| | | | | | | | | | | | | | | | identical loop a few lines above. Reviewed by: sam Approved by: ed (mentor) Silence from: darrenr (maintainer)
* | - Prevent buffer overflow in IPFilter's load_http function used to loadstas2009-05-291-10/+19
| | | | | | | | | | | | | | | | | | | | | | | | ipfilter tables via http by the user-level ippool utility. Previously the 1024-byte buffer used to store a http request coudld easily overflow if the length of the hostname part of the url passes exceeded 496 bytes. [1] - Use snprintf to prevent possieble buffer overflows in future. [2] - Do not try to close the descriptor twice on failure. [2] Reported by: Maksymilian Arciemowicz <cxib@securityreason.com> [1] Obtained from: NetBSD CVS [2] MFC after: 2 weeks
* | Remove udp and tcp includes not needed here.bz2009-04-251-3/+0
| | | | | | | | | | Tripped over by: a compile of an upcoming change MFC after: 1 month
* | This main goals of this project are:qingli2008-12-151-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 1. separating L2 tables (ARP, NDP) from the L3 routing tables 2. removing as much locking dependencies among these layers as possible to allow for some parallelism in the search operations 3. simplify the logic in the routing code, The most notable end result is the obsolescent of the route cloning (RTF_CLONING) concept, which translated into code reduction in both IPv4 ARP and IPv6 NDP related modules, and size reduction in struct rtentry{}. The change in design obsoletes the semantics of RTF_CLONING, RTF_WASCLONE and RTF_LLINFO routing flags. The userland applications such as "arp" and "ndp" have been modified to reflect those changes. The output from "netstat -r" shows only the routing entries. Quite a few developers have contributed to this project in the past: Glebius Smirnoff, Luigi Rizzo, Alessandro Cerri, and Andre Oppermann. And most recently: - Kip Macy revised the locking code completely, thus completing the last piece of the puzzle, Kip has also been conducting active functional testing - Sam Leffler has helped me improving/refactoring the code, and provided valuable reviews - Julian Elischer setup the perforce tree for me and has helped me maintaining that branch before the svn conversion
* | Fix build when WITHOUT_DYNAMICROOT is specified in src.conf(5).mlaier2008-08-041-0/+2
| |
* | 2020447 IPFilter's NAT can undo name server random port selectiondarrenr2008-07-2411-15/+40
| | | | | | | | | | | | Approved by: darrenr MFC after: 1 week Security: CERT VU#521769
* | For unfathomable reasons, ipfilter abuses kernel data structures for itsdes2008-07-231-4/+12
| | | | | | | | | | | | | | | | | | | | | | own purposes. To pull this off, it defines _KERNEL before including the headers where these structures are defined. This leads to no end of trouble when some of these headers, or other headers that they include, change, as demonstrated by r180755. The quick fix in this particular case is to define _WANT_FILE instead of _KERNEL, conditional on __FreeBSD__. A better long-term fix is left as an exercise to the reader.
* | Pullup IPFilter 4.1.28 from the vendor branch into HEAD.darrenr2007-10-1819-81/+264
| | | | | | | | MFC after: 7 days
* | This commit was generated by cvs2svn to compensate for changes in r172771,darrenr2007-10-1833-61/+509
|\ \ | |/ | | | | which included commits to RCS files with non-trunk default branches.
| * Import IPFilter 4.1.28darrenr2007-10-1852-143/+775
| |
* | ipfstat should parse "any" when used with -D/-S command line optionsdarrenr2007-06-241-1/+2
| | | | | | | | | | | | | | PR: bin/113879 Submitted by: kabe@sra-tohoku.co.jp Reviewed by: darrenr Approved by: re
* | Remove files no longer required to build IPFilterdarrenr2007-06-0414-2169/+0
| |
* | Merge IPFilter 4.1.23 back to HEADdarrenr2007-06-04119-1036/+1788
| | | | | | | | See src/contrib/ipfilter/HISTORY for details of changes since 4.1.13
* | This commit was generated by cvs2svn to compensate for changes in r170263,darrenr2007-06-0478-255/+2097
|\ \ | |/ | | | | which included commits to RCS files with non-trunk default branches.
| * Import IPFilter 4.1.23 to vendor branch.darrenr2007-06-04197-1296/+3896
| | | | | | | | See src/contrib/ipfilter/HISTORY for details of changes since 4.1.13
* | Resolve conflictsguido2006-08-1638-438/+525
| | | | | | | | MFC after: 1 weeks
* | This commit was generated by cvs2svn to compensate for changes in r161351,guido2006-08-1642-32/+635
|\ \ | |/ | | | | which included commits to RCS files with non-trunk default branches.
| * Import IP Filter 4.1.13guido2006-08-1679-358/+1159
| |
* | fix "ipf -Z" reporting rubbish and possibly panic'ing boxdarrenr2006-04-181-3/+9
| | | | | | | | MFC after: 4 days
* | Add a man page for mkfilters(1) and put the corrected perl script in thedarrenr2006-02-272-0/+5
| | | | | | | | | | | | ipfilter usr/share directory PR: docs/26879
* | Resolve conflicts (and believe me...you don't want to know).guido2005-12-30126-255/+427
| |
* | This commit was generated by cvs2svn to compensate for changes in r153877,guido2005-12-30108-824/+1586
|\ \ | |/ | | | | which included commits to RCS files with non-trunk default branches.
| * Import IP Filter 4.1.10guido2005-12-30315-1505/+2032
| |
| * Missing file from vendor branch import.darrenr2005-04-261-3/+1
| |
| * these files should never have been imported...they are junkdarrenr2005-04-252-219/+0
| |
* | Remove these files from src/contrib/ipfilter as they are already presentdarrenr2005-06-2316-8232/+0
| | | | | | | | | | | | | | in src/sys/contrib/ipfilter/netinet. Makefile's reachover bits find what they need so building is unaffected. Approved by: re (dwhite)
* | Fix some minor problems before release:darrenr2005-06-231-1/+5
| | | | | | | | | | | | | | | | (1) "ipf -T" is broken for fetching single entries and (2) loading rules with numbered collections does not order insertion right. (3) stats aren't accumulated for hash table memory failures Approved by: re (dwhite)
* | Since this is already off the vendor branch: Our kernel is now ineivind2005-05-271-1/+1
| | | | | | | | /boot/kernel/kernel, not plain /kernel
* | arm defaults to unsigned char as well.cognet2005-05-241-1/+1
| |
* | Enable building /sbin/ipf (but not the rescue version) with the ability todarrenr2005-05-162-1/+689
| | | | | | | | parse bpf strings for filter rules in ipf.conf
OpenPOWER on IntegriCloud