| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
| |
From 2018 Linuxhotel Hackathon & DevSummit
Approved by: eadler
Obtained from: OpenBSD r1.49
Differential Revision: https://reviews.freebsd.org/D16616
Notes:
svn path=/head/; revision=337595
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Restore local change to include <net/bpf.h> inside pcap.h.
This fixes ports build problems.
- Update local copy of dlt.h with new DLT types.
- Revert no longer needed <net/bpf.h> includes which were added
as part of r334277.
Suggested by: antoine@, delphij@, np@
MFC after: 3 weeks
Sponsored by: Mellanox Technologies
Notes:
svn path=/head/; revision=334418
|
| |
|
|
|
|
|
|
| |
MFC after: 1 month
Sponsored by: Mellanox Technologies
Notes:
svn path=/head/; revision=334277
|
| |
|
|
|
|
|
|
|
|
| |
When getline(3) in 2009 was added a _WITH_GETLINE guard has also been added.
This rename is made in preparation for the removal of this guard
Obtained from: OpenBSD
Notes:
svn path=/head/; revision=299354
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
contrib/pf/pflogd/pflogd.c:769:8: error: logical not is only applied to the left hand side of this comparison [-Werror,-Wlogical-not-parentheses]
if (!if_exists(interface) == -1) {
^ ~~
The if_exists() function does not return -1, and even if it did, it
would not be the correct way to check. Just ditch the == -1 instead.
Obtained from: OpenBSD's pflogd.c 1.49
MFC after: 3 days
Notes:
svn path=/projects/clang380-import/; revision=293013
|
| |
|
|
|
|
|
|
| |
Submitted by: Jonathan de Boyne Pollard <J.deBoynePollard-newsgroups@NTLWorld.com>
MFC after: 1 week
Notes:
svn path=/head/; revision=284914
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The NetBSD Foundation states "Third parties are encouraged to change the
license on any files which have a 4-clause license contributed to the
NetBSD Foundation to a 2-clause license."
This change removes clauses 3 and 4 from copyright / license blocks that
list The NetBSD Foundation as the only copyright holder.
Sponsored by: The FreeBSD Foundation
Notes:
svn path=/head/; revision=263289
|
| |
|
|
|
|
|
|
|
|
| |
authpf's requirement for a mounted fdescfs(5).
PR: docs/186250
MFC after: 1 week
Notes:
svn path=/head/; revision=261271
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
reside, and move there ipfw(4) and pf(4).
o Move most modified parts of pf out of contrib.
Actual movements:
sys/contrib/pf/net/*.c -> sys/netpfil/pf/
sys/contrib/pf/net/*.h -> sys/net/
contrib/pf/pfctl/*.c -> sbin/pfctl
contrib/pf/pfctl/*.h -> sbin/pfctl
contrib/pf/pfctl/pfctl.8 -> sbin/pfctl
contrib/pf/pfctl/*.4 -> share/man/man4
contrib/pf/pfctl/*.5 -> share/man/man5
sys/netinet/ipfw -> sys/netpfil/ipfw
The arguable movement is pf/net/*.h -> sys/net. There are
future plans to refactor pf includes, so I decided not to
break things twice.
Not modified bits of pf left in contrib: authpf, ftp-proxy,
tftp-proxy, pflogd.
The ipfw(4) movement is planned to be merged to stable/9,
to make head and stable match.
Discussed with: bz, luigi
Notes:
svn path=/head/; revision=240494
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
into head. The most significant achievements in the new code:
o Fine grained locking, thus much better performance.
o Fixes to many problems in pf, that were specific to FreeBSD port.
New code doesn't have that many ifdefs and much less OpenBSDisms, thus
is more attractive to our developers.
Those interested in details, can browse through SVN log of the
projects/pf/head branch. And for reference, here is exact list of
revisions merged:
r232043, r232044, r232062, r232148, r232149, r232150, r232298, r232330,
r232332, r232340, r232386, r232390, r232391, r232605, r232655, r232656,
r232661, r232662, r232663, r232664, r232673, r232691, r233309, r233782,
r233829, r233830, r233834, r233835, r233836, r233865, r233866, r233868,
r233873, r234056, r234096, r234100, r234108, r234175, r234187, r234223,
r234271, r234272, r234282, r234307, r234309, r234382, r234384, r234456,
r234486, r234606, r234640, r234641, r234642, r234644, r234651, r235505,
r235506, r235535, r235605, r235606, r235826, r235991, r235993, r236168,
r236173, r236179, r236180, r236181, r236186, r236223, r236227, r236230,
r236252, r236254, r236298, r236299, r236300, r236301, r236397, r236398,
r236399, r236499, r236512, r236513, r236525, r236526, r236545, r236548,
r236553, r236554, r236556, r236557, r236561, r236570, r236630, r236672,
r236673, r236679, r236706, r236710, r236718, r237154, r237155, r237169,
r237314, r237363, r237364, r237368, r237369, r237376, r237440, r237442,
r237751, r237783, r237784, r237785, r237788, r237791, r238421, r238522,
r238523, r238524, r238525, r239173, r239186, r239644, r239652, r239661,
r239773, r240125, r240130, r240131, r240136, r240186, r240196, r240212.
I'd like to thank people who participated in early testing:
Tested by: Florian Smeets <flo freebsd.org>
Tested by: Chekaluk Vitaly <artemrts ukr.net>
Tested by: Ben Wilber <ben desync.com>
Tested by: Ian FREISLICH <ianf cloudseed.co.za>
Notes:
svn path=/head/; revision=240233
|
| |
|
|
|
|
|
|
|
|
| |
it in a function to dynamically query the currently supported number
of FIBs by the kernel for FreeBSD.
Sponsored by: Cisco Systems, Inc.
Notes:
svn path=/projects/multi-fibv6/head/; revision=230946
|
| |
|
|
|
|
|
|
|
|
| |
configuration file man pages in section 5, and we prefer rc.conf to
rc.conf.local.
MFC after: 3 days
Notes:
svn path=/head/; revision=229669
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
7.x, 8.x and 9.x with pf(4) imports: pfsync(4) should suppress CARP
preemption, while it is running its bulk update.
However, reimplement the feature in more elegant manner, that is
partially inspired by newer OpenBSD:
- Rename term "suppression" to "demotion", to match with OpenBSD.
- Keep a global demotion factor, that can be raised by several
conditions, for now these are:
- interface goes down
- carp(4) has problems with ip_output() or ip6_output()
- pfsync performs bulk update
- Unlike in OpenBSD the demotion factor isn't a counter, but
is actual value added to advskew. The adjustment values for
particular error conditions are also configurable, and their
defaults are maximum advskew value, so a single failure bumps
demotion to maximum. This is for POLA compatibility, and should
satisfy most users.
- Demotion factor is a writable sysctl, so user can do
foot shooting, if he desires to.
Notes:
svn path=/head/; revision=228736
|
| |
|
|
|
|
|
| |
- Remove OpenBSDisms, add FreeBSDisms.
Notes:
svn path=/head/; revision=228734
|
| |
|
|
|
|
|
|
| |
PR: kern/158997
Submitted by: ohauer
Notes:
svn path=/head/; revision=224141
|
| |
|
|
|
|
|
| |
Discussed with: bz
Notes:
svn path=/head/; revision=223849
|
| |\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
You need to update userland (world and ports) tools
to be in sync with the kernel.
Submitted by: mlaier
Submitted by: eri
Notes:
svn path=/head/; revision=223637
|
| | |
| |
| |
| | |
Notes:
svn path=/vendor/pf/dist/; revision=185872
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This allows one to force consistent printing of numeric port numbers like
we do with -n for other tools like netstat (just that -n was already taken)
rather than the service names.
-P is currently unused in OpenBSD so the change is eligible for upstreaming.
PR: misc/151015
Submitted by: Matt Koivisto (mkoivisto sandvine.com)
Sponsored by: Sandvine Incorporated
MFC after: 1 week
Notes:
svn path=/head/; revision=223057
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Discussed with: mlaier
MFC after: 2 weeks
Notes:
svn path=/head/; revision=210878
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Server Return mode, where not all packets would be visible to the load
balancer or gateway.
This commit should be reverted when we merge future pf versions. The
benefit it would provide is that this version does not break any existing
public interface and thus won't be a problem if we want to MFC it to
earlier FreeBSD releases.
Discussed with: mlaier
Obtained from: OpenBSD
Sponsored by: iXsystems, Inc.
MFC after: 1 month
Notes:
svn path=/head/; revision=200930
|
| | |
| |
| |
| | |
Notes:
svn path=/head/; revision=178894
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
and netgraph in gernal). This also allows to add queues for an interface
that is not yet existing (you have to provide the bandwidth for the
interface, however).
PR: kern/106400, kern/117827
MFC after: 2 weeks
Notes:
svn path=/head/; revision=177700
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
do not describe `/' as solidus; from Allen (freebsd pr120484);
PR: 120484
Submitted by: Allen <alandsidel at 1001islington dot com>
MFC After: 3 days
Notes:
svn path=/head/; revision=176196
|
| | |
| |
| |
| | |
Notes:
svn path=/head/; revision=172682
|
| | |
| |
| |
| |
| |
| |
| | |
Approved by: re (implicit)
Notes:
svn path=/head/; revision=171176
|
| | |
| |
| |
| |
| |
| |
| | |
Approved by: re (kensmith)
Notes:
svn path=/head/; revision=171172
|
| |\|
| |
| |
| |
| |
| |
| | |
which included commits to RCS files with non-trunk default branches.
Notes:
svn path=/head/; revision=171170
|
| | |
| |
| |
| |
| |
| |
| | |
a local lib.
Notes:
svn path=/vendor/pf/dist/; revision=171169
|
| | |
| |
| |
| |
| |
| |
| | |
Discussed with: brueffer
Notes:
svn path=/head/; revision=170194
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
that this is within the contrib directory.
PR: docs/104402
Submitted by: Dr. Markus Waldeck <waldeck at gmx dot de>
Discussed with: mlaier
Notes:
svn path=/head/; revision=170193
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Document how 'allow-opts' applies to routing headers in IPv6.
MFC after: 1 week
Discussed with: mlaier
Notes:
svn path=/head/; revision=169844
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
fix servicecurve check; no point in checking the same sc three times, it
was obviously intended to check all three. has been wrong since the
beginning, 4 years... noticed by Earl Lapus <earl.lapus@gmail.com>, Vasil
Dimov <vd@FreeBSD.org> mailed me then, ok mcbride
MFC after: 3 days
Notes:
svn path=/head/; revision=164775
|
| | |
| |
| |
| |
| |
| |
| |
| | |
PR: docs/93590
Reported by: Niki Denev
Notes:
svn path=/head/; revision=163787
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
an IP address assigned.
- Add "quick" keyword to pf.conf example.
PR: docs/85209
Notes:
svn path=/head/; revision=159338
|
| | |
| |
| |
| |
| |
| |
| |
| | |
PR: docs/89635
MFC after: 1 day
Notes:
svn path=/head/; revision=157214
|
| | |
| |
| |
| |
| |
| |
| | |
Pointed out by: Suken Woo, Martin Wilke, Wesley Morgan
Notes:
svn path=/head/; revision=156744
|
| | |
| |
| |
| | |
Notes:
svn path=/head/; revision=156728
|
| | |
| |
| |
| | |
Notes:
svn path=/head/; revision=153722
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
system boot, and hook it up in the system.
The separate script is needed because in the presence of various
interface lists in rc.conf ($network_interfaces, $cloned_interfaces,
$sppp_interfaces, $gif_interfaces, more to come) it is hard to start
them orderly, so that pfsync is brought up after its syncdev, which
is required for the proper startup of pfsync.
Discussed with: mlaier on -pf
MFC after: 5 days
Notes:
svn path=/head/; revision=150835
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
from the begining.
Reminded by: ru
Notes:
svn path=/head/; revision=150673
|
| | |
| |
| |
| |
| |
| |
| | |
Reviewed by: mlaier
Notes:
svn path=/head/; revision=149380
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Approved by: mlaier
MFC after: 3 days
Notes:
svn path=/head/; revision=148787
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
- Change some section numbers to match reality
- For MLINKS to manpages from ports, mention which port installs them
MFC after: 3 days
Notes:
svn path=/head/; revision=148011
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
missing and will be implemented in a second step. This is functional as is.
Tested by: freebsd-pf, pfsense.org
Obtained from: OpenBSD
Notes:
svn path=/head/; revision=145840
|
| |\|
| |
| |
| |
| |
| |
| | |
which included commits to RCS files with non-trunk default branches.
Notes:
svn path=/head/; revision=145838
|
| | |
| |
| |
| |
| | |
Notes:
svn path=/vendor/pf/dist/; revision=145837
svn path=/vendor/pf/3.7/; revision=145839; tag=vendor/pf/3.7
|
| | |
| |
| |
| | |
Notes:
svn path=/vendor/pf/dist/; revision=134173
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
- comment out feature, we do not have yet: tcpdumping on pfsync,
add a BUGS section
- reference carp.4
- dereference bpf(4), tcpdump(7), hostname.if(5)
- sort references
- tell when pfsync appeared in FreeBSD
Reviewed by: mlaier
MFC after: 1 week
Notes:
svn path=/head/; revision=142319
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Random Early Detection (not ... Drop) in order to be consistent with other
documentation on ALTQ
Pointed out by: simon, ru, Brad Davis
Notes:
svn path=/head/; revision=141490
|
