summaryrefslogtreecommitdiffstats
path: root/sbin/ipfw
Commit message (Collapse)AuthorAgeFilesLines
* Permit the specification of bandwidth values withinluigi2009-06-082-40/+72
| | | | | | | | | "profile" files (bandwidth is mandatory when using a profile, so it makes sense to have everything in one place). Update the manpage accordingly. Submitted by: Marta Carbone
* add a missing format in a printfluigi2009-06-081-1/+1
| | | | | | Detected building with gcc 4.3.3 MFC after: 3 days
* Several ipfw options and actions use a 16-bit argument to indicateluigi2009-06-051-3/+3
| | | | | | | | | | | | | | | | | | | | | | | pipes, queues, tags, rule numbers and so on. These are all different namespaces, and the only thing they have in common is the fact they use a 16-bit slot to represent the argument. There is some confusion in the code, mostly for historical reasons, on how the values 0 and 65535 should be used. At the moment, 0 is forbidden almost everywhere, while 65535 is used to represent a 'tablearg' argument, i.e. the result of the most recent table() lookup. For now, try to use explicit constants for the min and max allowed values, and do not overload the default rule number for that. Also, make the MTAG_IPFW declaration only visible to the kernel. NOTE: I think the issue needs to be revisited before 8.0 is out: the 2^16 namespace limit for rule numbers and pipe/queue is annoying, and we can easily bump the limit to 2^32 which gives a lot more flexibility in partitioning the namespace. MFC after: 5 days
* remove a printf that was only useful for debugging.luigi2009-06-051-2/+0
| | | | MFC after: 3 days
* Kill hard sentence break added in the previous revision.trhodes2009-04-111-1/+4
|
* Add emulation of delay profiles, which lets you model variousluigi2009-04-093-2/+403
| | | | | | | | | | | | | | | | | | | | types of MAC overheads such as preambles, link level retransmissions and more. Note- this commit changes the userland/kernel ABI for pipes (but not for ordinary firewall rules) so you need to rebuild kernel and /sbin/ipfw to use dummynet features. Please check the manpage for details on the new feature. The MFC would be trivial but it breaks the ABI, so it will be postponed until after 7.2 is released. Interested users are welcome to apply the patch manually to their RELENG_7 tree. Work supported by the European Commission, Projects Onelab and Onelab2 (contract 224263).
* o Grammar.maxim2009-04-081-3/+3
|
* Various cleanup of text, moving a couple of paragraphsluigi2009-04-081-88/+99
| | | | | | | | | above to avoid referencing undefined terms (humans are not compilers but still care about these things). Change some .Sh to .Ss to better reflect the structure of the text. No new content.
* Remove contractions, reword a sentence to avoid a double negative,trhodes2009-04-071-3/+4
| | | | | | and bump document date for previous change. OKed by: piso
* Improve a bit reass documentation:piso2009-04-051-0/+25
| | | | | -document fragment handling sysctls -mention some caveats about fragments handling (and to deal with it)
* Implement an ipfw action to reassemble ip packets: reass.piso2009-04-014-1/+18
|
* Mdoc style, spelling, grammar and wording fixes. This manpage needs more work.brueffer2009-03-191-62/+68
|
* move a variable declaration to the beginning of the blockluigi2009-03-051-1/+1
| | | | | (unfortunately, it is far away; we need to pack this code in a better way).
* remove some signed/unsigned and one const/!const warningluigi2009-03-051-5/+5
|
* mark a function static, as it isluigi2009-03-051-1/+1
|
* Add SCTP NAT support.piso2009-02-072-16/+218
|\ | | | | | | Submitted by: CAIA (http://caia.swin.edu.au)
| * Import sctp nat support in ipfw obtained from CAIA - http://caia.swin.edu.au.piso2008-12-281-1/+49
| |
* | Explain that we assume AF_INET and only use the addr and port fieldluigi2009-02-021-1/+4
| | | | | | | | from a struct sockaddr_in, so there is no need to initialize sin_len
* | remove duplicate #includeluigi2009-02-021-1/+0
| |
* | put the altq-related functions into a separate file.luigi2009-02-016-122/+167
| | | | | | | | | | Minor cleanup of the includes used by the various source files, including annotations of why certain headers are used.
* | Avoid the use of duplicated typedefs -- see the comment for details.luigi2009-01-281-15/+21
| |
* | fix printing of uint64_t values, so we can use WARNS=2luigi2009-01-274-11/+27
| |
* | fix wrong variable usage...luigi2009-01-271-2/+1
| |
* | Put nat and ipv6 support in their own files.luigi2009-01-275-1320/+1436
| | | | | | | | | | | | | | | | Usual moving of code with no changes from ipfw2.c to the newly created files, and addition of prototypes to ipfw2.h I have added forward declarations for ipfw_insn_* in ipfw2.h to avoid a global dependency on ip_fw.h
* | Put dummynet-related code in a separate file.luigi2009-01-273-785/+853
| | | | | | | | | | To this purpose, add prototypes for global functions in ipfw2.h and move there also the list of tokens used in various places in the code.
* | never mind, for the time being let's stick with WARNS=0 untilluigi2009-01-271-2/+2
| | | | | | | | we sort out all proper printf formats.
* | Start splitting the monster file in smaller blocks.luigi2009-01-274-589/+681
| | | | | | | | | | | | | | | | | | | | | | | | In this episode: - introduce a common header with a minimal set of common definitions; - bring the main() function and options parser in main.c - rename the main functions with an ipfw_ prefix No code changes except for the introduction of a global variable, resvd_set_number, which stores the RESVD_SET value from ip_fw.h and is used to remove the dependency of main.c from ip_fw.h (and the subtree of dependencies) for just a single constant.
* | put the usage() function inline, it was only 1 line and used once;luigi2009-01-271-19/+10
| | | | | | | | | | slightly reformat the help() text; slightly correct the text for the 'extraneous filename' error message;
* | put all options in a single struct, and document them.luigi2009-01-271-126/+146
| | | | | | | | | | This will allow us to easily restore the original values when processing commands from a file (where each individual line can have its own options).
* | I believe this is safe to build with WARNS=2 nowluigi2009-01-271-1/+1
| |
* | remove a couple of rarely used #define;luigi2009-01-271-13/+12
| | | | | | | | | | change PRINT_UINT from a macro to a function (renaming is postponed to reduce clutter)
* | wrap all malloc/calloc/realloc calls so they exit on failureluigi2009-01-261-23/+33
| | | | | | | | | | | | without having to check in each place. Remove an wrong strdup from previous commit.
* | Some implementations of getopt() expect that argv[0] is always theluigi2009-01-261-27/+42
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | program name, and ignore that entry. ipfw2.c code instead skips this entry and starts with options at offset 0, relying on a more tolerant implementation of the library. This change fixes the issue by always passing a program name in the first entry to getopt. The motivation for this change is to remove a potential compatibility issue should we use a different getopt() implementation in the future. No functional changes. Submitted by: Marta Carbone (parts) MFC after: 4 weeks
* | remove some useless #include,luigi2009-01-221-8/+2
| | | | | | | | | | | | document why timeconv.h is needed MFC after: 3 days
* | Fix a number of (innocuous) warnings, and remove a useless test.luigi2009-01-201-18/+18
|/ | | | | | | | | | | | | There are still several signed/unsigned warnings left, which require a bit more study for a proper fix. This file has grown beyond reasonable limits. We really need to split it into separate components (ipv4, ipv6, dummynet, nat, table, userland-kernel communication ...) so we can make mainteinance easier. MFC after: 1 weeks
* Update the ipfw man page to reflect last change (-q option with nat option).piso2008-12-181-0/+2
| | | | MFC after: 3 days
* Honor the quiet (-q) option while adding a nat rule.piso2008-12-181-4/+6
| | | | | Submitted by: Andrey V. Elsukov<bu7cher@yandex.ru> MFC after: 3 days
* o Remove a debug code and restore an accidentally deleted codemaxim2008-10-141-1/+8
| | | | in a previous commit.
* o Do nothing in show_nat() for a test mode (-n). This preventsmaxim2008-10-141-8/+4
| | | | | | | | show_nat() from endless loop and makes work ipfw -n nat <...>. PR: bin/128064 Submitted by: sem MFC after: 1 month
* Fix the build.rik2008-09-271-1/+1
| | | | Noted by: ganbold@
* * add all keyword for table list & flush actions.rik2008-09-271-3/+14
| | | | | | | * add tables_max sysctl. * add default_rule sysctl. PR: 127058 (partially)
* Add keyword all in addtion to the table number for the 'list' and therik2008-09-271-8/+29
| | | | | | | 'flush' actions on tables. Part of PR: 127058. PR: 127058 (based on) MFC after: 1 month
* Unbreak the build.keramida2008-09-221-1/+1
|
* Add the check of the table number.rik2008-09-211-0/+17
|
* Move table list to a separate function.rik2008-09-211-35/+44
|
* Free allocated memory.rik2008-09-201-0/+1
|
* Remove some unused variables.rik2008-09-201-4/+3
|
* Style(9) the show_nat() function.rik2008-09-201-1/+2
|
* Do not do the useless job for an empty table.rik2008-09-201-0/+5
| | | | MFC after: 1 month
* Use IPFW_DEFAULT_RULE instead of hardcoded value since now it isrik2008-09-061-8/+9
| | | | | | available. MFC after: 5 days.
OpenPOWER on IntegriCloud