summaryrefslogtreecommitdiffstats
path: root/sbin/ipfw
Commit message (Collapse)AuthorAgeFilesLines
* MFHgjb2016-04-164-48/+163
|\ | | | | | | Sponsored by: The FreeBSD Foundation
| * Add External Actions KPI to ipfw(9).ae2016-04-143-43/+158
| | | | | | | | | | | | | | | | | | | | | | | | | | It allows implementing loadable kernel modules with new actions and without needing to modify kernel headers and ipfw(8). The module registers its action handler and keyword string, that will be used as action name. Using generic syntax user can add rules with this action. Also ipfw(8) can be easily modified to extend basic syntax for external actions, that become a part base system. Sample modules will coming soon. Obtained from: Yandex LLC Sponsored by: Yandex LLC
| * Fix output formatting of O_UNREACH6 opcode.ae2016-04-143-5/+5
| | | | | | | | Obtained from: Yandex LLC
* | MFHgjb2016-03-101-0/+1
|\ \ | |/ | | | | Sponsored by: The FreeBSD Foundation
| * Set buffer to empty string to prevent duplicated output in some cases.ae2016-03-091-0/+1
| | | | | | | | PR: 193888
* | MFHgjb2016-03-021-1/+1
|\ \ | |/ | | | | Sponsored by: The FreeBSD Foundation
| * Fix bug in filling and handling ipfw's O_DSCP opcode.ae2016-02-241-1/+1
| | | | | | | | | | | | | | Due to integer overflow CS4 token was handled as BE. PR: 207459 MFC after: 1 week
* | Create packages for atm, ccdconfig, devd, ipf, ipfw,gjb2016-02-091-0/+1
|/ | | | | | | | iscsi, natd, nandfs, pf, quotacheck, and routed. Add ping6 and rtsol to the runtime package. Sponsored by: The FreeBSD Foundation
* Implement `ipfw internal olist` command to list named objects.ae2015-11-032-0/+42
| | | | | | Reviewed by: melifaro Obtained from: Yandex LLC Sponsored by: Yandex LLC
* Fix a ton of speelling errorseadler2015-10-211-5/+5
| | | | | | | arc lint is helpful Reviewed By: allanjude, wblock, #manpages, chris@bsdjunk.com Differential Revision: https://reviews.freebsd.org/D3337
* Fix possible segmentation fault.ae2015-10-031-1/+1
| | | | | PR: 203494 MFC after: 1 week
* Code cleanup unused-but-set-variable spotted by gcc.araujo2015-08-253-14/+4
| | | | | | Reviewed by: melifaro Approved by: bapt (mentor) Differential Revision: D3473
* In ipfw2, avoid left-shifting negative integers, which is undefined.dim2015-08-121-4/+4
| | | | | | While here, make some other arguments to htonl(3) unsigned too. MFC after: 3 days
* sbin/ipfw fix typo: info -> intofeld2015-08-101-1/+1
| | | | | | | | example: DEPRECATED: inserting data into non-existent table sshguard. (auto-created) Approved by: bdrewery
* Fix ipfw range deletion.melifaro2015-08-031-3/+8
| | | | Spotted by: ian,julian
* Add META_MODE support.sjg2015-06-131-0/+21
|\ | | | | | | | | | | | | | | | | | | | | Off by default, build behaves normally. WITH_META_MODE we get auto objdir creation, the ability to start build from anywhere in the tree. Still need to add real targets under targets/ to build packages. Differential Revision: D2796 Reviewed by: brooks imp
| * dirdeps.mk now sets DEP_RELDIRsjg2015-06-081-2/+0
| |
| * Merge sync of headsjg2015-05-276-124/+254
| |\ | |/ |/|
| * Merge from head@274682sjg2014-11-1910-1087/+4078
| |\
| * \ Merge head from 7/28sjg2014-08-194-13/+28
| |\ \
| * | | Updated dependenciessjg2014-05-161-1/+0
| | | |
| * | | Updated dependenciessjg2014-05-101-0/+2
| | | |
| * | | Merge from headsjg2014-05-081-1/+1
| |\ \ \
| * \ \ \ Merge headsjg2014-04-284-16/+69
| |\ \ \ \
| * \ \ \ \ Merge from headsjg2013-09-052-24/+24
| |\ \ \ \ \
| * \ \ \ \ \ sync from headsjg2013-04-124-122/+452
| |\ \ \ \ \ \
| * | | | | | | Updated dependenciessjg2013-03-111-0/+1
| | | | | | | |
| * | | | | | | Updated dependenciessjg2013-02-161-2/+0
| | | | | | | |
| | | | | | | |
| | \ \ \ \ \ \
| | \ \ \ \ \ \
| | \ \ \ \ \ \
| | \ \ \ \ \ \
| | \ \ \ \ \ \
| *-----. \ \ \ \ \ \ Sync from headsjg2012-11-045-78/+148
| |\ \ \ \ \ \ \ \ \ \
| * | | | | | | | | | | Sync FreeBSD's bmake branch with Juniper's internal bmake branch.marcel2012-08-221-0/+22
| | |_|_|/ / / / / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Requested by: Simon Gerraty <sjg@juniper.net>
* | | | | | | | | | | Bring back support for checking tables via "ipfw -n".melifaro2015-05-191-18/+80
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently we have different table key types which can easily interfere with each other (numbers and IPv4 address, interface names and hostnames, flows and hostnames/addresses). This conflicts are solved by [auto-]creating _typed_ tables, so after table is created, only keys of given type can be inserted to that table. ipfw(8) consults with kernel about key/value type for particular table so it knows key/value interpretation. However, we have 2 cases (adding entries to non-existing table and parsing configuration file via `ipfw -n`) when kernel is unable to provide us table info we need. Fix the latter case by partially importing old `table_fill_xentry()` parse function responsible for guessing key type. Sponsored by: Yandex LLC
* | | | | | | | | | | Correctly print valtype for empty bitmask.melifaro2015-05-061-0/+1
| | | | | | | | | | |
* | | | | | | | | | | Generalize object reference handling in ipfw rules.melifaro2015-04-263-76/+118
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | No ABI changes.
* | | | | | | | | | | Fix use-after-free.melifaro2015-04-191-3/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Reported by: Coverity Scan, pfg CID: 1245747
* | | | | | | | | | | Properly initialize scope zone id when next hop address storedae2015-03-131-5/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | directly in the O_FORWARD_IP6 opcode. Use getnameinfo(3) to formatting the IPv6 addresses of such opcodes. Obtained from: Yandex LLC Sponsored by: Yandex LLC
* | | | | | | | | | | Fix `ipfw fwd tablearg'. Use dedicated field nh4 in struct table_valueae2015-03-132-9/+32
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | to obtain IPv4 next hop address in tablearg case. Add `fwd tablearg' support for IPv6. ipfw(8) uses INADDR_ANY as next hop address in O_FORWARD_IP opcode for specifying tablearg case. For IPv6 we still use this opcode, but when packet identified as IPv6 packet, we obtain next hop address from dedicated field nh6 in struct table_value. Replace hopstore field in struct ip_fw_args with anonymous union and add hopstore6 field. Use this field to copy tablearg value for IPv6. Replace spare1 field in struct table_value with zoneid. Use it to keep scope zone id for link-local IPv6 addresses. Since spare1 was used internally, replace spare0 array with two variables spare0 and spare1. Use getaddrinfo(3)/getnameinfo(3) functions for parsing and formatting IPv6 addresses in table_value. Use zoneid field in struct table_value to store sin6_scope_id value. Since the kernel still uses embedded scope zone id to represent link-local addresses, convert next_hop6 address into this form before return from pfil processing. This also fixes in6_localip() check for link-local addresses. Differential Revision: https://reviews.freebsd.org/D2015 Obtained from: Yandex LLC Sponsored by: Yandex LLC
* | | | | | | | | | | Retrieve counters from kernel if rule timstamping is requested.melifaro2015-02-051-2/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | PR: kern/197271 Submitted by: lev Sponsored by: Yandex LLC
* | | | | | | | | | | natd(8) will work with an unconfigured interface and effectively not dojhb2015-01-251-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | anything until the interface is assigned an address. This fixes ipfw_nat to do the same by using an IP of INADDR_ANY instead of aborting the nat setup if the requested interface is not yet configured. Differential Revision: https://reviews.freebsd.org/D1539 Reviewed by: melifaro, glebius, gnn MFC after: 1 week
* | | | | | | | | | | mdoc: remove EOL whitespace.joel2014-12-291-4/+4
| | | | | | | | | | |
* | | | | | | | | | | Convert sbin/ to LIBADDbapt2014-11-251-2/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Reduce overlinking
* | | | | | | | | | | Misc mdoc fixes:joel2014-11-231-2/+1
| |_|_|_|_|_|_|_|_|/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Remove superfluous paragraph macros. - Remove/fix empty or incorrect macros. - Sort sections into conventional order. - Terminate quoted strings properly. - Remove EOL whitespace.
* | | | | | | | | | Fix documentation issue.melifaro2014-10-241-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | PR: 194581 Submitted by: madpilot
* | | | | | | | | | Fix displaying non-contiguous netmasks.melifaro2014-10-241-3/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Found by: ae Sponsored by: Yandex LLC
* | | | | | | | | | * Zero rule buffer.melifaro2014-10-181-6/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Rename 'read' variable. Pointed by: luigi
* | | | | | | | | | * Fix table sets handling.melifaro2014-10-172-3/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Simplify formatting. Suggested by: luigi
* | | | | | | | | | Show error when deleting non-existing rule number.melifaro2014-10-131-2/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Found by: Oleg Ginzburg
* | | | | | | | | | * Fix zeroing individual entries via ipfw(8).melifaro2014-10-131-1/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Report error and return non-zero exit code if zeroing non-matched entries Found by: Oleg Ginzburg
* | | | | | | | | | Partially fix build on !amd64melifaro2014-10-102-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Pointed by: bz
* | | | | | | | | | * Fix use-after-free in table printing code.melifaro2014-10-091-5/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Fix showing human-readable error in table cmds code.
* | | | | | | | | | Sync to HEAD@r272609.melifaro2014-10-061-4/+25
|\ \ \ \ \ \ \ \ \ \
OpenPOWER on IntegriCloud