| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Note the version PF first appeared in FreeBSD & from which version it was ported from.
Address the contractions raised by igor.
PR: 212574
Approved by: bcr (mentor)
Differential Revision: https://reviews.freebsd.org/D8105
|
| |\ \
| |/ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
pfctl: Allow TOS bits to be cleared
TOS value 0 is valid, so use 256 as an invalid value rather than zero.
This allows users to enforce TOS == 0 with pf.
Reported by: Radek Krejča <radek.krejca@starnet.cz>
|
| |\ \
| |/ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fix a regression in pf.conf while parsing the 'interval' keyword.
The bug was introduced by r287009.
PR: 210924
Submitted by: kp@
Sponsored by: Rubicon Communications (Netgate)
|
| |\ \
| |/ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Make pfctl(8) more flexible when parsing bandwidth values.
This is the current behaviour in OpenBSD and a similar patch exist in
pfSense too.
Obtained from: OpenBSD (partly - rev. 1.625)
Sponsored by: Rubicon Communications (Netgate)
|
| | | |
|
| |\ \
| |/ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add ALTQ(9) support for the CoDel algorithm.
CoDel is a parameterless queue discipline that handles variable bandwidth
and RTT.
It can be used as the single queue discipline on an interface or as a sub
discipline of existing queue disciplines such as PRIQ, CBQ, HFSC, FAIRQ.
Obtained from: pfSense
Sponsored by: Rubicon Communications (Netgate)
|
| | |
| |
| |
| |
| | |
pointy hat to: loos
Reported by: gjb, Herbert J. Skuhra
|
| | |
| |
| |
| |
| |
| |
| |
| | |
ALTQ FAIRQ discipline import from DragonFLY.
Differential Revision: https://reviews.freebsd.org/D2847
Obtained from: pfSense
Sponsored by: Rubicon Communications (Netgate)
|
| | |
| |
| |
| |
| |
| | |
This reverts commit c548a571ceaeae698d02b862b4170d015a265ba7.
TAG: FAIRQ
|
| | |
| |
| |
| |
| |
| | |
This reverts commit 9622cc803af75551a6623d5d9c5311f1e0af1cb5.
TAG: CODEL
|
| |\ \
| |/ |
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Only report the lack of ALTQ support if pfctl is using verbose (-v) mode.
PR: 194935
Submitted by: Jim Thompson
Approved by: re (gjb)
|
| | |
| |
| |
| | |
Sets default speed to 1G.
|
| | |
| |
| |
| | |
This reverts commit 9b3c3fc58b6b3162259b33fc56746f42a48e0301.
|
| | |
| |
| |
| | |
This version fixes the issue with 'State Creations' in pfctl -vvsr.
|
| | |
| |
| |
| | |
This reverts commit 9068fb423dfecae0f8b611d4bc558dd6cb2e2bd7.
|
| |\ \
| |/ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
pfctl: Fix uninitialised veriable
In pfctl_set_debug() we used 'level' without ever initialising it.
We correctly parsed the option, but them failed to actually assign the parsed
value to 'level' before performing to ioctl() to configure the debug level.
PR: 202996
Submitted by: Andrej Kolontai
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add ALTQ(9) support for the CoDel algorithm.
CoDel is a parameterless queue discipline that handles variable bandwidth
and RTT.
It can be used as the single queue discipline on an interface or as a sub
discipline of existing queue disciplines such as PRIQ, CBQ, HFSC, FAIRQ.
Differential Revision: https://reviews.freebsd.org/D3272
Reviewd by: rpaulo, gnn (previous version)
Obtained from: pfSense
Sponsored by: Rubicon Communications (Netgate)
TAG: CODEL
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
ALTQ FAIRQ discipline import from DragonFLY
Differential Revision: https://reviews.freebsd.org/D2847
Reviewed by: glebius, wblock(manpage)
Approved by: gnn(mentor)
Obtained from: pfSense
Sponsored by: Netgate
TAG: FAIRQ
|
| | |
| |
| |
| |
| |
| | |
This reverts commit 570dae5561e54cd2703f546b04a3fa029c92dc62.
TAG: FAIRQ
|
| | |
| |
| |
| |
| |
| | |
This reverts commit cf3bb1a7166bec431631defe01c8d4e706a99638.
TAG: CODEL
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| |/ |
|
| |
|
|
|
|
|
|
|
|
| |
Use feature_present(3) to determine whether to open an INET or an
INET6 socket when needed to allow pfctl to work on noinet and noinet6
kernels (and try to provide a fallback using AF_LINK as best effort).
Adjust the Makefile to also respect relevant src.conf(5) options
for compile time decisions on INET and INET6 support.
Reviewed by: glebius (no objections)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Once pf became not covered by a single mutex, many counters in it became
race prone. Some just gather statistics, but some are later used in
different calculations.
A real problem was the race provoked underflow of the states_cur counter
on a rule. Once it goes below zero, it wraps to UINT32_MAX. Later this
value is used in pf_state_expires() and any state created by this rule
is immediately expired.
Thus, make fields states_cur, states_tot and src_nodes of struct
pf_rule be counter(9)s.
|
| |
|
|
| |
- Use correct format when printing uint64_t.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
reside, and move there ipfw(4) and pf(4).
o Move most modified parts of pf out of contrib.
Actual movements:
sys/contrib/pf/net/*.c -> sys/netpfil/pf/
sys/contrib/pf/net/*.h -> sys/net/
contrib/pf/pfctl/*.c -> sbin/pfctl
contrib/pf/pfctl/*.h -> sbin/pfctl
contrib/pf/pfctl/pfctl.8 -> sbin/pfctl
contrib/pf/pfctl/*.4 -> share/man/man4
contrib/pf/pfctl/*.5 -> share/man/man5
sys/netinet/ipfw -> sys/netpfil/ipfw
The arguable movement is pf/net/*.h -> sys/net. There are
future plans to refactor pf includes, so I decided not to
break things twice.
Not modified bits of pf left in contrib: authpf, ftp-proxy,
tftp-proxy, pflogd.
The ipfw(4) movement is planned to be merged to stable/9,
to make head and stable match.
Discussed with: bz, luigi
|
| |
|
|
| |
Submitted by: Ulrich Spörlein
|
| |
|
|
|
|
|
|
| |
- move ftp-proxy from libexec to usr.sbin
- add tftp-proxy
- new altq mtag link
Approved by: re (kensmith)
|
| | |
|
| | |
|
| |
|
|
|
|
| |
building on a box with older pfvar.h installed). Didn't intend to commit it.
Requested by: ru (on a C&P to ipfw's Makefile)
|
| | |
|
