FreeBSD source tree https://cgit-dev.freebsd.org/src-test2/atom?h=stable%2F5 2005-07-04T08:29:11Z 2005-07-04T08:29:11Z Colin Percival cperciva@FreeBSD.org 2005-07-04T08:29:11Z urn:sha1:dd958362c516924e4e4272bcd2320ecec1cd84c8 2005-06-17T23:30:32Z Brian Feldman green@FreeBSD.org 2005-06-17T23:30:32Z urn:sha1:a02fbaf8a5d0c41e19ed89b0032122b62b78481c Properly document the IPFW ALTQ first-match behavior that was intended, as well as actually implementing it. 2005-05-12T15:11:30Z Brian Feldman green@FreeBSD.org 2005-05-12T15:11:30Z urn:sha1:efb93e779a4dd1d7a15d73eeae73db4ab63d9b08 and the TCP packet data length match rule. 2005-03-02T19:50:12Z Andre Oppermann andre@FreeBSD.org 2005-03-02T19:50:12Z urn:sha1:d2c9038812184aa8abd590704225431cb44b53f0 with the kernel compile time option: options IPFIREWALL_FORWARD_EXTENDED This option has to be specified in addition to IPFIRWALL_FORWARD. PR: kern/71910 PR: kern/73129 2005-01-25T07:23:34Z Gleb Smirnoff glebius@FreeBSD.org 2005-01-25T07:23:34Z urn:sha1:99d58d531c8cb45ca6a7416c170102cfff5b7ffb Don't print extra " via ", if we have already printed one. While here, slightly style brackets. PR: misc/75297 2005-01-07T23:12:11Z Christian S.J. Peron csjp@FreeBSD.org 2005-01-07T23:12:11Z urn:sha1:8e80cd47fe208902bdc13d4b61fd67896d7c3be7 Log: Update the IPFW man page to reflect reality. mpsafenet=0 is no longer required when using ucred based rules. Pointed out by: seanc (thanks!) 2004-11-08T19:07:03Z Ceri Davies ceri@FreeBSD.org 2004-11-08T19:07:03Z urn:sha1:07f3cbff8c3d6e2fd5c8ce9eff346761ce65ba9e Be more clear that "bridged" is a synonym for "layer2". 2004-10-10T00:57:23Z Christian S.J. Peron csjp@FreeBSD.org 2004-10-10T00:57:23Z urn:sha1:5d1e011ac870302eca8611e2f7bd4cdc19567c8e Add a note to the man page warning users about possible lock order reversals+system lock ups if they are using ucred based rules while running with debug.mpsafenet=1. I am working on merging a shared locking mechanism into ipfw which should take care of this problem, but it still requires a bit more testing and review. Approved by: re@ (hrs) 2004-09-21T15:57:06Z Ruslan Ermilov ru@FreeBSD.org 2004-09-21T15:57:06Z urn:sha1:e0b30b76dcfe890bec9431f9a77d15d06feb6ff0 Approved by: re (hrs) 2004-09-17T14:49:08Z Christian S.J. Peron csjp@FreeBSD.org 2004-09-17T14:49:08Z urn:sha1:c098407bf34016e467bf48c847ac404b51ae722d Currently when ipfw(8) generates the micro-instructions for rules which contain O_UID, O_GID and O_JAIL opcodes, the F_NOT or F_OR logical operator bits get clobbered. Making it impossible to use the ``NOT'' or ``OR'' operators with uid, gid and jail based constraints. The ipfw_insn instruction template contains a ``len'' element which stores two pieces of information, the size of the instruction (in 32-bit words) in the low 6 bits of "len" with the 2 remaining bits to implement OR and NOT. The current code clobbers the OR and NOT bits by initializing the ``len'' element to the size, rather than OR'ing the bits. This change fixes this by changing the initialization of cmd->len to an OR operation for the O_UID, O_GID and O_JAIL opcodes. Approved by: re@ (scottl) PR: kern/63961 (partially)