summaryrefslogtreecommitdiffstats
path: root/contrib/pf/pfctl
Commit message (Collapse)AuthorAgeFilesLines
* o Create directory sys/netpfil, where all packet filters shouldglebius2012-09-1413-17361/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | reside, and move there ipfw(4) and pf(4). o Move most modified parts of pf out of contrib. Actual movements: sys/contrib/pf/net/*.c -> sys/netpfil/pf/ sys/contrib/pf/net/*.h -> sys/net/ contrib/pf/pfctl/*.c -> sbin/pfctl contrib/pf/pfctl/*.h -> sbin/pfctl contrib/pf/pfctl/pfctl.8 -> sbin/pfctl contrib/pf/pfctl/*.4 -> share/man/man4 contrib/pf/pfctl/*.5 -> share/man/man5 sys/netinet/ipfw -> sys/netpfil/ipfw The arguable movement is pf/net/*.h -> sys/net. There are future plans to refactor pf includes, so I decided not to break things twice. Not modified bits of pf left in contrib: authpf, ftp-proxy, tftp-proxy, pflogd. The ipfw(4) movement is planned to be merged to stable/9, to make head and stable match. Discussed with: bz, luigi
* Merge the projects/pf/head branch, that was worked on for last six months,glebius2012-09-085-71/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | into head. The most significant achievements in the new code: o Fine grained locking, thus much better performance. o Fixes to many problems in pf, that were specific to FreeBSD port. New code doesn't have that many ifdefs and much less OpenBSDisms, thus is more attractive to our developers. Those interested in details, can browse through SVN log of the projects/pf/head branch. And for reference, here is exact list of revisions merged: r232043, r232044, r232062, r232148, r232149, r232150, r232298, r232330, r232332, r232340, r232386, r232390, r232391, r232605, r232655, r232656, r232661, r232662, r232663, r232664, r232673, r232691, r233309, r233782, r233829, r233830, r233834, r233835, r233836, r233865, r233866, r233868, r233873, r234056, r234096, r234100, r234108, r234175, r234187, r234223, r234271, r234272, r234282, r234307, r234309, r234382, r234384, r234456, r234486, r234606, r234640, r234641, r234642, r234644, r234651, r235505, r235506, r235535, r235605, r235606, r235826, r235991, r235993, r236168, r236173, r236179, r236180, r236181, r236186, r236223, r236227, r236230, r236252, r236254, r236298, r236299, r236300, r236301, r236397, r236398, r236399, r236499, r236512, r236513, r236525, r236526, r236545, r236548, r236553, r236554, r236556, r236557, r236561, r236570, r236630, r236672, r236673, r236679, r236706, r236710, r236718, r237154, r237155, r237169, r237314, r237363, r237364, r237368, r237369, r237376, r237440, r237442, r237751, r237783, r237784, r237785, r237788, r237791, r238421, r238522, r238523, r238524, r238525, r239173, r239186, r239644, r239652, r239661, r239773, r240125, r240130, r240131, r240136, r240186, r240196, r240212. I'd like to thank people who participated in early testing: Tested by: Florian Smeets <flo freebsd.org> Tested by: Chekaluk Vitaly <artemrts ukr.net> Tested by: Ben Wilber <ben desync.com> Tested by: Ian FREISLICH <ianf cloudseed.co.za>
* Merge multi-FIB IPv6 support from projects/multi-fibv6/head/:bz2012-02-171-4/+28
| | | | | | | | | | | | Extend the so far IPv4-only support for multiple routing tables (FIBs) introduced in r178888 to IPv6 providing feature parity. This includes an extended rtalloc(9) KPI for IPv6, the necessary adjustments to the network stack, and user land support as in netstat. Sponsored by: Cisco Systems, Inc. Reviewed by: melifaro (basically) MFC after: 10 days
* Replace an OpenBSDism with a FreeBSDism in the pfctl(8) man page: we putrwatson2012-01-051-1/+1
| | | | | | | configuration file man pages in section 5, and we prefer rc.conf to rc.conf.local. MFC after: 3 days
* Update packet filter (pf) code to OpenBSD 4.5.bz2011-06-2813-848/+1419
| | | | | | | | You need to update userland (world and ports) tools to be in sync with the kernel. Submitted by: mlaier Submitted by: eri
* Add a new option -P to suppress getservbyport(3) calls when printing rules.bz2011-06-135-19/+34
| | | | | | | | | | | | | This allows one to force consistent printing of numeric port numbers like we do with -n for other tools like netstat (just that -n was already taken) rather than the service names. -P is currently unused in OpenBSD so the change is eligible for upstreaming. PR: misc/151015 Submitted by: Matt Koivisto (mkoivisto sandvine.com) Sponsored by: Sandvine Incorporated MFC after: 1 week
* Adapt OpenBSD pf's "sloopy" TCP state machine which is useful for Directdelphij2009-12-243-2/+36
| | | | | | | | | | | | | | | Server Return mode, where not all packets would be visible to the load balancer or gateway. This commit should be reverted when we merge future pf versions. The benefit it would provide is that this version does not break any existing public interface and thus won't be a problem if we want to MFC it to earlier FreeBSD releases. Discussed with: mlaier Obtained from: OpenBSD Sponsored by: iXsystems, Inc. MFC after: 1 month
* Max's changes got left out of the MRT commit.julian2008-05-091-15/+6
|
* Make ALTQ cope with disappearing interfaces (particularly common with mpdmlaier2008-03-292-0/+38
| | | | | | | | | and netgraph in gernal). This also allows to add queues for an interface that is not yet existing (you have to provide the bandwidth for the interface, however). PR: kern/106400, kern/117827 MFC after: 2 weeks
* Commit resolved import of OpenBSD 4.1 pf userland from perforce.mlaier2007-07-0310-571/+1632
| | | | Approved by: re (kensmith)
* This commit was generated by cvs2svn to compensate for changes in r171169,mlaier2007-07-032-6/+14
|\ | | | | | | which included commits to RCS files with non-trunk default branches.
| * Import pf userland from OpenBSD 4.1 and (for ftp-proxy) libevent 1.3b asmlaier2007-07-0312-572/+1610
| | | | | | | | a local lib.
* | From OpenBSD, rev. 1.91:mlaier2006-11-301-2/+3
| | | | | | | | | | | | | | | | | | fix servicecurve check; no point in checking the same sc three times, it was obviously intended to check all three. has been wrong since the beginning, 4 years... noticed by Earl Lapus <earl.lapus@gmail.com>, Vasil Dimov <vd@FreeBSD.org> mailed me then, ok mcbride MFC after: 3 days
* | - Remove MLINKS to nonexistant manpagesbrueffer2005-07-141-2/+4
| | | | | | | | | | | | | | - Change some section numbers to match reality - For MLINKS to manpages from ports, mention which port installs them MFC after: 3 days
* | Resolve conflicts created during the import of pf 3.7 Some features aremlaier2005-05-0310-649/+1127
| | | | | | | | | | | | | | missing and will be implemented in a second step. This is functional as is. Tested by: freebsd-pf, pfsense.org Obtained from: OpenBSD
* | This commit was generated by cvs2svn to compensate for changes in r145837,mlaier2005-05-034-141/+1748
|\ \ | |/ | | | | which included commits to RCS files with non-trunk default branches.
| * Import pf userland from OpenBSD 3.7 (OPENBSD_3_7 as of today)mlaier2005-05-0313-781/+2864
| |
| * Import pfctl_table.c#1.61 from OpenBSD into vendor branch.mlaier2004-08-221-1/+8
| |
* | Loopback a fix from Cedric Berger:mlaier2004-08-221-1/+8
| | | | | | | | | | | | | | | | Fix table add/replace commands with securelevel=2. Reported by James J. Lippard. Discussed with: yongari MFC after: 5 days
* | Fix printing of u_int64_t with a cast to unsigned long long.mlaier2004-06-171-1/+1
| | | | | | | | Found-by: tinderbox(amd64)
* | Commit userland part of pf version 3.5 from OpenBSD (OPENBSD_3_5_BASE).mlaier2004-06-169-597/+1593
| |
* | This commit was generated by cvs2svn to compensate for changes in r130614,mlaier2004-06-164-74/+161
|\ \ | |/ | | | | which included commits to RCS files with non-trunk default branches.
| * Import userland of pf 3.5 from OpenBSD (OPENBSD_3_5_BASE).mlaier2004-06-1612-700/+1770
| |
* | Fix $FreeBSD$ ids.obrien2004-03-168-8/+20
| |
* | Fix some style(9) related issues after discussion with/education from bde:mlaier2004-03-158-100/+76
| | | | | | | | | | | | | | | | | | | | | | | | | | | | - Add <sys/param.h> and <limits.h> where required (do not depend on other headers pulling it in). - __dead -> __dead2 - #if defined() -> #ifdef - Remove ugly PRIu64 macros and use %llu w/ (unsigned long long) cast. All changes looped back to OpenBSD (where applicable) for easier sync in the future. Requested by: bde Approved by: bms(mentor)
* | Fix two instances of improper NULL/0 use idetified by the changes lately.mlaier2004-03-082-2/+2
| | | | | | | | | | Submitted by: Patrick Marie Approved by: bms(mentor)
* | Add local define of HTONL() as it was decided to protect this by _KERNELmlaier2004-02-281-0/+5
| | | | | | | | in <net/pfvar.h>
* | Apply diff from the port.mlaier2004-02-287-23/+143
|/ | | | | | | | | | Rather small diff for the userland (in contrast to the kernel): - Some header file location/differences - Clean compilation on 64bit arch (identified by bento a long time ago) - ALTQ not (yet) available. Leave a switch for patchsets and future ... - most files can be used from the vendor branch Approved by: bms(in general)
* Vendor import of OpenBSD's pf userland as of OpenBSD 3.4mlaier2004-02-2812-0/+12396
Approved by: bms(mentor), core(in general)
OpenPOWER on IntegriCloud