| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since ARP and routing are separated, "proxy only" entries
don't have any meaning, thus we don't need additional field
in sockaddr to pass SIN_PROXY flag.
New kernel is binary compatible with old tools, since sizes
of sockaddr_inarp and sockaddr_in match, and sa_family are
filled with same value.
The structure declaration is left for compatibility with
third party software, but in tree code no longer use it.
Reviewed by: ru, andre, net@
|
|
|
|
|
| |
Submitted by: Christoph Mallon
MFC after: 3 days
|
| |
|
| |
|
|
|
|
|
|
| |
PR: 144880
Submitted by: Glen Barber <glen.j.barber@gmail.com>
MFC after: 1 week
|
|
|
|
| |
This header file should not be included by anything.
|
| |
|
|
|
|
|
|
|
|
| |
identical loop a few lines above.
Reviewed by: sam
Approved by: ed (mentor)
Silence from: darrenr (maintainer)
|
|
|
|
|
|
|
|
|
|
|
|
| |
ipfilter tables via http by the user-level ippool utility. Previously
the 1024-byte buffer used to store a http request coudld easily overflow
if the length of the hostname part of the url passes exceeded 496 bytes. [1]
- Use snprintf to prevent possieble buffer overflows in future. [2]
- Do not try to close the descriptor twice on failure. [2]
Reported by: Maksymilian Arciemowicz <cxib@securityreason.com> [1]
Obtained from: NetBSD CVS [2]
MFC after: 2 weeks
|
|
|
|
|
| |
Tripped over by: a compile of an upcoming change
MFC after: 1 month
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1. separating L2 tables (ARP, NDP) from the L3 routing tables
2. removing as much locking dependencies among these layers as
possible to allow for some parallelism in the search operations
3. simplify the logic in the routing code,
The most notable end result is the obsolescent of the route
cloning (RTF_CLONING) concept, which translated into code reduction
in both IPv4 ARP and IPv6 NDP related modules, and size reduction in
struct rtentry{}. The change in design obsoletes the semantics of
RTF_CLONING, RTF_WASCLONE and RTF_LLINFO routing flags. The userland
applications such as "arp" and "ndp" have been modified to reflect
those changes. The output from "netstat -r" shows only the routing
entries.
Quite a few developers have contributed to this project in the
past: Glebius Smirnoff, Luigi Rizzo, Alessandro Cerri, and
Andre Oppermann. And most recently:
- Kip Macy revised the locking code completely, thus completing
the last piece of the puzzle, Kip has also been conducting
active functional testing
- Sam Leffler has helped me improving/refactoring the code, and
provided valuable reviews
- Julian Elischer setup the perforce tree for me and has helped
me maintaining that branch before the svn conversion
|
| |
|
|
|
|
|
|
| |
Approved by: darrenr
MFC after: 1 week
Security: CERT VU#521769
|
|
|
|
|
|
|
|
|
|
|
| |
own purposes. To pull this off, it defines _KERNEL before including the
headers where these structures are defined. This leads to no end of
trouble when some of these headers, or other headers that they include,
change, as demonstrated by r180755.
The quick fix in this particular case is to define _WANT_FILE instead of
_KERNEL, conditional on __FreeBSD__. A better long-term fix is left as
an exercise to the reader.
|
|
|
|
| |
MFC after: 7 days
|
|\
| |
| |
| | |
which included commits to RCS files with non-trunk default branches.
|
| | |
|
| |
| |
| |
| |
| |
| |
| | |
PR: bin/113879
Submitted by: kabe@sra-tohoku.co.jp
Reviewed by: darrenr
Approved by: re
|
| | |
|
| |
| |
| |
| | |
See src/contrib/ipfilter/HISTORY for details of changes since 4.1.13
|
|\ \
| |/
| |
| | |
which included commits to RCS files with non-trunk default branches.
|
| |
| |
| |
| | |
See src/contrib/ipfilter/HISTORY for details of changes since 4.1.13
|
| |
| |
| |
| | |
MFC after: 1 weeks
|
|\ \
| |/
| |
| | |
which included commits to RCS files with non-trunk default branches.
|
| | |
|
| |
| |
| |
| | |
MFC after: 4 days
|
| |
| |
| |
| |
| |
| | |
ipfilter usr/share directory
PR: docs/26879
|
| | |
|
|\ \
| |/
| |
| | |
which included commits to RCS files with non-trunk default branches.
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| | |
in src/sys/contrib/ipfilter/netinet. Makefile's reachover bits find what
they need so building is unaffected.
Approved by: re (dwhite)
|
| |
| |
| |
| |
| |
| |
| |
| | |
(1) "ipf -T" is broken for fetching single entries and
(2) loading rules with numbered collections does not order insertion right.
(3) stats aren't accumulated for hash table memory failures
Approved by: re (dwhite)
|
| |
| |
| |
| | |
/boot/kernel/kernel, not plain /kernel
|
| | |
|
| |
| |
| |
| | |
parse bpf strings for filter rules in ipf.conf
|
| |
| |
| |
| | |
Requested by: mlaier
|
| |
| |
| |
| |
| | |
Someday this should be converted to uint64_t and printstate.c changed to
use those horrid PRiud64 things.
|
| |
| |
| |
| | |
build problems with rescue.
|
| |
| |
| |
| |
| | |
the ipl.h file is found. Also add back in ip_fil.c, which somehow went missing
in action.
|
| |
| |
| |
| |
| |
| | |
ipf_dontuning.c - change the include to look in netinet for ipl.h
ipft_tx.c - make the private use of arrays with tcp flags info in them more
not use names that can be "confusing"
|
| | |
|
| |
| |
| |
| |
| | |
that fixed in them....
* Keep unnecessary files out of the non-vendor part of this CVS repository.
|
| |
| |
| |
| | |
which included commits to RCS files with non-trunk default branches.
|
|\ \
| |/
| |
| | |
which included commits to RCS files with non-trunk default branches.
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* fix bug parsing port comparisons in proxy rules
* make parsing errors in ipf/ipnat return an error rather than return
indicating success.
* make parsing errors in ipf/ipnat return an error rather than return
indicating success.
* make ipfstat work as a set{g,u}id thing - gave up privs before opening
/dev/ipl
* fix ipfstat -A
* make "ipfstat -f" output more informative
* various changes to ipsend for sending packets with ipv4 options
* ipmon was not correctly calculating the length of the IPv6 packet (excluded
ipv6 header length)
MFC: 1 week
|
|\ \
| |/
| |
| | |
which included commits to RCS files with non-trunk default branches.
|
| | |
|