summaryrefslogtreecommitdiffstats
path: root/sys/netinet6/ip6_fw.c
Commit message (Collapse)AuthorAgeFilesLines
* Lock the sysctl(8) knobs that turn ip{,6}fw(8) firewalling andcjc2002-08-251-3/+5
| | | | | | | | | | | firewall logging on and off when at elevated securelevel(8). It would be nice to be able to only lock these at securelevel >= 3, like rules are, but there is no such functionality at present. I don't see reason to be adding features to securelevel(8) with MAC being merged into 5.0. PR: kern/39396 Reviewed by: luigi MFC after: 1 week
* just merged cosmetic changes from KAME to ease sync between KAME and FreeBSD.suz2002-04-191-0/+29
| | | | | | | (based on freebsd4-snap-20020128) Reviewed by: ume MFC after: 1 week
* o Move NTOHL() and associated macros into <sys/param.h>. These aremike2002-02-181-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | deprecated in favor of the POSIX-defined lowercase variants. o Change all occurrences of NTOHL() and associated marcros in the source tree to use the lowercase function variants. o Add missing license bits to sparc64's <machine/endian.h>. Approved by: jake o Clean up <machine/endian.h> files. o Remove unused __uint16_swap_uint32() from i386's <machine/endian.h>. o Remove prototypes for non-existent bswapXX() functions. o Include <machine/endian.h> in <arpa/inet.h> to define the POSIX-required ntohl() family of functions. o Do similar things to expose the ntohl() family in libstand, <netinet/in.h>, and <sys/param.h>. o Prepend underscores to the ntohl() family to help deal with complexities associated with having MD (asm and inline) versions, and having to prevent exposure of these functions in other headers that happen to make use of endian-specific defines. o Create weak aliases to the canonical function name to help deal with third-party software forgetting to include an appropriate header. o Remove some now unneeded pollution from <sys/types.h>. o Add missing <arpa/inet.h> includes in userland. Tested on: alpha, i386 Reviewed by: bde, jake, tmm
* Staticise the fw chain.msmith2002-01-081-1/+1
|
* Update to C99, s/__FUNCTION__/__func__/,obrien2001-12-101-1/+1
| | | | also don't use ANSI string concatenation.
* Fix fragmented packet handling.sumikawa2001-10-291-2/+2
| | | | | Obtained from: KAME MFC after: 3 weeks
* Fix typo (s/=/+=/) in previous commit.kuriyama2001-06-281-1/+1
|
* Merge from netinet/ip_fw.c (1.117 -> 1.118).kuriyama2001-06-241-45/+69
| | | | | | | o Use syslog(3) interface for logging. Reviewed by: ume MFC after: 10 days
* Sync with recent KAME.ume2001-06-111-7/+8
| | | | | | | | | | | | | | | | | | This work was based on kame-20010528-freebsd43-snap.tgz and some critical problem after the snap was out were fixed. There are many many changes since last KAME merge. TODO: - The definitions of SADB_* in sys/net/pfkeyv2.h are still different from RFC2407/IANA assignment because of binary compatibility issue. It should be fixed under 5-CURRENT. - ip6po_m member of struct ip6_pktopts is no longer used. But, it is still there because of binary compatibility issue. It should be removed under 5-CURRENT. Reviewed by: itojun Obtained from: KAME MFC after: 3 weeks
* Fix the vulnerability with TCP ECE packets recently fixed in ipfw.kris2001-01-231-4/+12
| | | | This is untested, but believed to work.
* avoid conflicting #define symbol (s/FW_IFNLEN/IP6&/).ume2001-01-221-2/+2
| | | | Obtained from: KAME
* * Rename M_WAIT mbuf subsystem flag to M_TRYWAIT.bmilekic2000-12-211-4/+4
| | | | | | | | | | | | | | | | | | This is because calls with M_WAIT (now M_TRYWAIT) may not wait forever when nothing is available for allocation, and may end up returning NULL. Hopefully we now communicate more of the right thing to developers and make it very clear that it's necessary to check whether calls with M_(TRY)WAIT also resulted in a failed allocation. M_TRYWAIT basically means "try harder, block if necessary, but don't necessarily wait forever." The time spent blocking is tunable with the kern.ipc.mbuf_wait sysctl. M_WAIT is now deprecated but still defined for the next little while. * Fix a typo in a comment in mbuf.h * Fix some code that was actually passing the mbuf subsystem's M_WAIT to malloc(). Made it pass M_WAITOK instead. If we were ever to redefine the value of the M_WAIT flag, this could have became a big problem.
* Make ip6fw as loadable module.ume2000-09-231-0/+49
|
* Make ip6fw zero work.ume2000-08-101-1/+1
| | | | PR: bin/20522
* sync with kame tree as of july00. tons of bug fixes/improvements.itojun2000-07-041-14/+27
| | | | | | | API changes: - additional IPv6 ioctls - IPsec PF_KEY API was changed, it is mandatory to upgrade setkey(8). (also syntax change)
* Back out the previous change to the queue(3) interface.jake2000-05-261-1/+1
| | | | | | It was not discussed and should probably not happen. Requested by: msmith and others
* Change the way that the queue(3) structures are declared; don't assume thatjake2000-05-231-1/+1
| | | | | | | | the type argument to *_HEAD and *_ENTRY is a struct. Suggested by: phk Reviewed by: phk Approved by: mdodd
* Replace m_pkthdr.rcvif with oif when oif is not NULL, to countshin2000-03-111-0/+2
| | | | | | | | | | icmp6 error statistics based on sending interface. This also prevent kernel panic when rcvif is not initialized after M_PKTHDR(). (The initialization issue also need to be fixed in the future.) Approved by: jkh Submitted by: k-sugyou@kame.net
* Add ip6fw.shin2000-01-291-0/+1171
Yes it is almost code freeze, but as the result of many thought, now I think this should be added before 4.0... make world check, kernel build check is done. Reviewed by: green Obtained from: KAME project
OpenPOWER on IntegriCloud