aboutsummaryrefslogtreecommitdiff
path: root/contrib/ipfilter/ip_fil.c
Commit message (Collapse)AuthorAgeFilesLines
* ipfilter #ifdef cleanup.Cy Schubert2019-02-031-74/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Remove #ifdefs for ancient and irrelevant operating systems from ipfilter. When ipfilter was written the UNIX and UNIX-like systems in use were diverse and plentiful. IRIX, Tru64 (OSF/1) don't exist any more. OpenBSD removed ipfilter shortly after the first time the ipfilter license terms changed in the early 2000's. ipfilter on AIX, HP/UX, and Linux never really caught on. Removal of code for operating systems that ipfilter will never run on again will simplify the code making it easier to fix bugs, complete partially implemented features, and extend ipfilter. Unsupported previous version FreeBSD code and some older NetBSD code has also been removed. What remains is supported FreeBSD, NetBSD, and illumos. FreeBSD and NetBSD have collaborated exchanging patches, while illumos has expressed willingness to have their ipfilter updated to 5.1.2, provided their zone-specific updates to their ipfilter are merged (which are of interest to FreeBSD to allow control of ipfilters in jails from the global zone). Reviewed by: glebius@ MFC after: 1 month Differential Revision: https://reviews.freebsd.org/D19006 Notes: svn path=/head/; revision=343701
* As part of the general cleanup of the ipfilter code, special casesCy Schubert2018-12-041-7/+0
| | | | | | | | | | | | | | | | | | | are committed separately to document fixing them separately from the general cleanup. In this case we don't want to hide the utter brokenness of what is being fixed. Clean up a discombobulated block of #if's, with one block unreachable. ip_fil.c is used in ipftest which is used to dry-run test ipfilter rules in userspace without loading them in the kernel. The call to (*ifp->if_output) matches that in the FreeBSD kernel. Further testing and work will be required to make ipftest fully functional. MFC after: 1 week Notes: svn path=/head/; revision=341456
* calloc() and realloc() modernization.Cy Schubert2017-03-161-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | This commit replaces calloc calls, which called calloc() as if it were malloc() by allocating a multiple of objects as a sizeof multiplied by the number of objects. The patch rectifies this by calling calloc() as it was meant to be called. This commit also replaces realloc() with reallocarray() in a similar fashion as above. Instead of calculating the memory to reallocated (changed) by multiplying sizeof by the number of objects, the sizeof and number are passed as separate arguments to reallocarray(), letting reallocarray() do the multiplication instead. Like the calloc() adjustment above, this is approach is cleaner and more elegant than than the previous code. This has been tested on my production firewall and a laptop (also running ipfilter). Submitted by: pfg MFC after: 6 weeks Notes: svn path=/head/; revision=315368
* The ipftest(1) is a program that emulates ipf(4) operation and tests packetsGleb Smirnoff2015-02-191-0/+3
| | | | | | | | | | | | | | | | | against rules. It definitely doesn't need to know about kernel internals, such as 'struct ifaddr'. What it does with ifaddr, is that it only takes ifa_addr member of it, and treats it as sockaddr, while it is only a pointer to sockaddr. Fortunately, sizeof(struct ifaddr) > sizeof(struct sockaddr_in6), so no problems arise. Fix that declaring a private struct ifaddr in ipftest(1) and stop including if_var.h. Sponsored by: Netflix Sponsored by: Nginx, Inc. Notes: svn path=/head/; revision=279029
* Check return code from inet_pton.Cy Schubert2013-09-211-1/+13
| | | | | | | | | Discovered by: Coverity. Approved by: glebius (mentor) Approved by: re (blanket) Notes: svn path=/head/; revision=255761
* Update ipfilter 4.1.28 --> 5.1.2.Cy Schubert2013-09-061-286/+335
|\ | | | | | | | | | | | | | | Approved by: glebius (mentor) BSD Licensed by: Darren Reed <darrenr@reed.wattle.id.au> (author) Notes: svn path=/head/; revision=255332
| * As per the developers handbook (5.3.1 step 1), prepare the vendor trees forCy Schubert2013-07-191-801/+0
| | | | | | | | | | | | | | | | | | | | | | import of new ipfilter vendor sources by flattening them. To keep the tags consistent with dist, the tags are also flattened. Approved by: glebius (Mentor) Notes: svn path=/vendor/ipfilter/dist/; revision=253467
| * Import IPFilter 4.1.28Darren Reed2007-10-181-3/+6
| | | | | | | | Notes: svn path=/vendor/ipfilter/dist/; revision=172771
| * Import IPFilter 4.1.23 to vendor branch.Darren Reed2007-06-041-220/+20
| | | | | | | | | | | | | | See src/contrib/ipfilter/HISTORY for details of changes since 4.1.13 Notes: svn path=/vendor/ipfilter/dist/; revision=170263
| * Import IP Filter 4.1.13Guido van Rooij2006-08-161-5/+38
| | | | | | | | Notes: svn path=/vendor/ipfilter/dist/; revision=161351
| * Missing file from vendor branch import.Darren Reed2005-04-261-3/+1
| | | | | | | | Notes: svn path=/vendor/ipfilter/dist/; revision=145551
| * import ipfilter 4.1.8 into the vendor branchDarren Reed2005-04-251-1817/+491
| | | | | | | | Notes: svn path=/vendor/ipfilter/dist/; revision=145510
| * Import ipfilter 3.4.35 onto vendor branchDarren Reed2004-06-211-33/+76
| | | | | | | | Notes: svn path=/vendor/ipfilter/dist/; revision=130887
| * Import userland tools for IPFilter 3.4.31 into -currentDarren Reed2003-02-151-27/+86
| | | | | | | | Notes: svn path=/vendor/ipfilter/dist/; revision=110917
| * With a bit of luck, this will be a first-time right import of ipfilter 3.4.29Darren Reed2002-08-281-5/+18
| | | | | | | | | | | | | | on to the vendor branch. Notes: svn path=/vendor/ipfilter/dist/; revision=102521
| * Import IPFilter 3.4.28Darren Reed2002-06-071-10/+30
| | | | | | | | Notes: svn path=/vendor/ipfilter/dist/; revision=98005
| * Import IPFilter 3.4.26Darren Reed2002-04-251-5/+6
| | | | | | | | Notes: svn path=/vendor/ipfilter/dist/; revision=95419
| * Import IPFilter 3.4.25Darren Reed2002-03-191-132/+450
| | | | | | | | Notes: svn path=/vendor/ipfilter/dist/; revision=92686
| * Import IPFilter version 3.4.20Darren Reed2001-07-281-67/+148
| | | | | | | | Notes: svn path=/vendor/ipfilter/dist/; revision=80486
* | Fix build when WITHOUT_DYNAMICROOT is specified in src.conf(5).Max Laier2008-08-041-0/+2
| | | | | | | | Notes: svn path=/head/; revision=181313
* | 2020447 IPFilter's NAT can undo name server random port selectionDarren Reed2008-07-241-0/+15
| | | | | | | | | | | | | | | | | | Approved by: darrenr MFC after: 1 week Security: CERT VU#521769 Notes: svn path=/head/; revision=180778
* | Pullup IPFilter 4.1.28 from the vendor branch into HEAD.Darren Reed2007-10-181-3/+6
| | | | | | | | | | | | | | MFC after: 7 days Notes: svn path=/head/; revision=172776
* | Merge IPFilter 4.1.23 back to HEADDarren Reed2007-06-041-220/+20
| | | | | | | | | | | | | | See src/contrib/ipfilter/HISTORY for details of changes since 4.1.13 Notes: svn path=/head/; revision=170268
* | Resolve conflictsGuido van Rooij2006-08-161-5/+38
| | | | | | | | | | | | | | MFC after: 1 weeks Notes: svn path=/head/; revision=161357
* | Fix include directives that were missing the netinet include directory, whereDarren Reed2005-04-261-0/+967
| | | | | | | | | | | | | | | | the ipl.h file is found. Also add back in ip_fil.c, which somehow went missing in action. Notes: svn path=/head/; revision=145554
* | Removed duplicate copies of files already present in sys/contrib/ipfilter.Ruslan Ermilov2001-06-181-1758/+0
|/ | | | | | | Not objected to by: -arch Notes: svn path=/head/; revision=78415
* Import IP Filter 3.4.12Darren Reed2000-10-261-9/+30
| | | | Notes: svn path=/vendor/ipfilter/dist/; revision=67615
* Import base ipfilter 3.4.9 into contrib dir.Darren Reed2000-08-131-2/+4
| | | | Notes: svn path=/vendor/ipfilter/dist/; revision=64588
* Import v3.4.8 into -currentDarren Reed2000-07-191-5/+35
| | | | Notes: svn path=/vendor/ipfilter/dist/; revision=63516
* Import IP Filter 3.4.4 into FreeBSD-currentDarren Reed2000-05-241-224/+472
| | | | Notes: svn path=/vendor/ipfilter/dist/; revision=60841
* Import of ipfilter 3.3.8Guido van Rooij2000-02-091-15/+19
| | | | | | | Approved by: jkh Notes: svn path=/vendor/ipfilter/dist/; revision=57093
* Import of ipfilter 3.3.6 (freebsd relevant part)Guido van Rooij2000-01-131-49/+33
| | | | | | | Obtained from: ftp://coombs.anu.edu.au/pub/net/firewall/ip-filter/ip_fil3.3.6.tar.gz Notes: svn path=/vendor/ipfilter/dist/; revision=55924
* Import of ipfilter 3.3.3 in anticipation of its revival.Guido van Rooij1999-11-081-146/+368
| | | | | | | More to come in the next days. Notes: svn path=/vendor/ipfilter/dist/; revision=53024
* Import trimmed version of ipfilter 3.2.7.Peter Wemm1998-06-201-3/+4
| | | | | | | Obtained from: Darren Reed via http://cheops.anu.edu.au/~avalon/ Notes: svn path=/vendor/ipfilter/dist/; revision=37074
* Import ipfilter 3.2.3Peter Wemm1998-03-211-10/+13
| | | | Notes: svn path=/vendor/ipfilter/dist/; revision=34739
* Import ipfilter 3.2.1 (update from 3.1.8)Peter Wemm1997-11-161-280/+376
| | | | Notes: svn path=/vendor/ipfilter/dist/; revision=31183
* Import version 3.2alpha7Darren Reed1997-05-251-31/+79
| | | | Notes: svn path=/vendor/ipfilter/dist/; revision=26119
* Import IP Filter version 3.2alpha4 to bring in working LKM for 2.2vendor/ipfilter/3.2a4Darren Reed1997-04-031-115/+327
| | | | | Notes: svn path=/vendor/ipfilter/dist/; revision=24583 svn path=/vendor/ipfilter/3.2a4/; revision=24585; tag=vendor/ipfilter/3.2a4
* reimport ipfilter v3.1.8 to get it onto the vendor branch again.vendor/ipfilter/3.1.8Peter Wemm1997-03-021-3/+5
| | | | | Notes: svn path=/vendor/ipfilter/dist/; revision=23279 svn path=/vendor/ipfilter/3.1.8/; revision=23281; tag=vendor/ipfilter/3.1.8
* Import IP Filter v3.1.7 into FreeBSD treevendor/ipfilter/3.1.7Darren Reed1997-02-091-0/+885
Notes: svn path=/vendor/ipfilter/dist/; revision=22514 svn path=/vendor/ipfilter/3.1.7/; revision=22516; tag=vendor/ipfilter/3.1.7
generated by cgit v1.3 (git 2.53.0) at 2026-05-26 16:44:25 +0000