| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Through fixes and improvements our ipfilter sources have diverged
enough to warrant move from contrib into sbin/ipf. Now that I'm
planning on implementing MSS clamping as in iptables it makes more
sense to move ipfilter to sbin.
This is the second of three commits of the ipfilter move.
Suggested by glebius on two occaions.
Suggested by and discussed with: glebius
Reviewed by: glebius, kp (for #network)
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D33510
|
| |
|
|
| |
MFC after: 1 week
|
| |
|
|
|
|
|
| |
X-NetApp-PR: 35
Sponsored by: NetApp, Inc.
Sponsored by: Klara Inc.
Differential Revision: https://reviews.freebsd.org/D27335
|
| |
|
|
|
|
|
|
| |
Rather than rely on __FreeBSD_version, defined in sys/param.h, use
__FreeBSD__ defined by the compiler.
Reported by: emaste
MFC after: 1 week
|
| |
|
|
| |
MFC after: 1 week
|
| |
|
|
|
|
| |
All FreeBSD and NetBSD are BSD >= 199306 and have been for a long time.
MFC after: 1 week
|
| |
|
|
|
|
|
|
|
| |
In the old days when K&R C and STD C were each in use a workaround
(read hack) was required to allow the same code to work on each
without modification. All C compilers support STD C. We can finally
put the __P prototype to rest.
MFC after: 1 week
|
| |
|
|
|
|
|
|
| |
All C compilers in 2021 support standard C and architectures that did
not were retired long ago. Simplify by removing now redundant
pre-standard C code.
MFC after: 1 week
|
| |
|
|
|
|
|
| |
MFC after: 1 week
Notes:
svn path=/head/; revision=366203
|
| |
|
|
|
|
|
|
|
| |
never to be used again checks.
MFC after: 1 week
Notes:
svn path=/head/; revision=366202
|
| |
|
|
|
|
|
|
|
| |
complete description.
MFC after: 1 week
Notes:
svn path=/head/; revision=363670
|
| |
|
|
|
|
|
| |
MFC after: 1 month
Notes:
svn path=/head/; revision=343702
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Remove #ifdefs for ancient and irrelevant operating systems from
ipfilter.
When ipfilter was written the UNIX and UNIX-like systems in use
were diverse and plentiful. IRIX, Tru64 (OSF/1) don't exist any
more. OpenBSD removed ipfilter shortly after the first time the
ipfilter license terms changed in the early 2000's. ipfilter on AIX,
HP/UX, and Linux never really caught on. Removal of code for operating
systems that ipfilter will never run on again will simplify the code
making it easier to fix bugs, complete partially implemented features,
and extend ipfilter.
Unsupported previous version FreeBSD code and some older NetBSD code
has also been removed.
What remains is supported FreeBSD, NetBSD, and illumos. FreeBSD and
NetBSD have collaborated exchanging patches, while illumos has expressed
willingness to have their ipfilter updated to 5.1.2, provided their
zone-specific updates to their ipfilter are merged (which are of interest
to FreeBSD to allow control of ipfilters in jails from the global zone).
Reviewed by: glebius@
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D19006
Notes:
svn path=/head/; revision=343701
|
| |
|
|
|
|
|
|
|
| |
age, more to come.
MFC after: 1 week
Notes:
svn path=/head/; revision=341650
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a painful change, but it is needed. On the one hand, we avoid
modifying them, and this slows down some ideas, on the other hand we still
eventually modify them and tools like netstat(1) never work on next version of
FreeBSD. We maintain a ton of spares in them, and we already got some ifdef
hell at the end of tcpcb.
Details:
- Hide struct inpcb, struct tcpcb under _KERNEL || _WANT_FOO.
- Make struct xinpcb, struct xtcpcb pure API structures, not including
kernel structures inpcb and tcpcb inside. Export into these structures
the fields from inpcb and tcpcb that are known to be used, and put there
a ton of spare space.
- Make kernel and userland utilities compilable after these changes.
- Bump __FreeBSD_version.
Reviewed by: rrs, gnn
Differential Revision: D10018
Notes:
svn path=/head/; revision=315662
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit replaces calloc calls, which called calloc() as if it were
malloc() by allocating a multiple of objects as a sizeof multiplied by
the number of objects. The patch rectifies this by calling calloc() as
it was meant to be called.
This commit also replaces realloc() with reallocarray() in a similar
fashion as above. Instead of calculating the memory to reallocated
(changed) by multiplying sizeof by the number of objects, the sizeof
and number are passed as separate arguments to reallocarray(), letting
reallocarray() do the multiplication instead. Like the calloc()
adjustment above, this is approach is cleaner and more elegant than
than the previous code.
This has been tested on my production firewall and a laptop (also
running ipfilter).
Submitted by: pfg
MFC after: 6 weeks
Notes:
svn path=/head/; revision=315368
|
| |
|
|
|
|
|
| |
Sponsored by: Nginx, Inc.
Notes:
svn path=/head/; revision=281143
|
| |\
| |
| |
| |
| |
| |
| |
| | |
Approved by: glebius (mentor)
BSD Licensed by: Darren Reed <darrenr@reed.wattle.id.au> (author)
Notes:
svn path=/head/; revision=255332
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
import of new ipfilter vendor sources by flattening them.
To keep the tags consistent with dist, the tags are also flattened.
Approved by: glebius (Mentor)
Notes:
svn path=/vendor/ipfilter/dist/; revision=253467
|
| | |
| |
| |
| | |
Notes:
svn path=/vendor/ipfilter/dist/; revision=172771
|
| | |
| |
| |
| |
| |
| |
| | |
See src/contrib/ipfilter/HISTORY for details of changes since 4.1.13
Notes:
svn path=/vendor/ipfilter/dist/; revision=170263
|
| | |
| |
| |
| | |
Notes:
svn path=/vendor/ipfilter/dist/; revision=161351
|
| | |
| |
| |
| | |
Notes:
svn path=/vendor/ipfilter/dist/; revision=153877
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Since ARP and routing are separated, "proxy only" entries
don't have any meaning, thus we don't need additional field
in sockaddr to pass SIN_PROXY flag.
New kernel is binary compatible with old tools, since sizes
of sockaddr_inarp and sockaddr_in match, and sa_family are
filled with same value.
The structure declaration is left for compatibility with
third party software, but in tree code no longer use it.
Reviewed by: ru, andre, net@
Notes:
svn path=/head/; revision=246143
|
| | |
| |
| |
| |
| |
| |
| | |
This header file should not be included by anything.
Notes:
svn path=/head/; revision=204925
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Tripped over by: a compile of an upcoming change
MFC after: 1 month
Notes:
svn path=/head/; revision=191490
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
1. separating L2 tables (ARP, NDP) from the L3 routing tables
2. removing as much locking dependencies among these layers as
possible to allow for some parallelism in the search operations
3. simplify the logic in the routing code,
The most notable end result is the obsolescent of the route
cloning (RTF_CLONING) concept, which translated into code reduction
in both IPv4 ARP and IPv6 NDP related modules, and size reduction in
struct rtentry{}. The change in design obsoletes the semantics of
RTF_CLONING, RTF_WASCLONE and RTF_LLINFO routing flags. The userland
applications such as "arp" and "ndp" have been modified to reflect
those changes. The output from "netstat -r" shows only the routing
entries.
Quite a few developers have contributed to this project in the
past: Glebius Smirnoff, Luigi Rizzo, Alessandro Cerri, and
Andre Oppermann. And most recently:
- Kip Macy revised the locking code completely, thus completing
the last piece of the puzzle, Kip has also been conducting
active functional testing
- Sam Leffler has helped me improving/refactoring the code, and
provided valuable reviews
- Julian Elischer setup the perforce tree for me and has helped
me maintaining that branch before the svn conversion
Notes:
svn path=/head/; revision=186119
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Approved by: darrenr
MFC after: 1 week
Security: CERT VU#521769
Notes:
svn path=/head/; revision=180778
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
own purposes. To pull this off, it defines _KERNEL before including the
headers where these structures are defined. This leads to no end of
trouble when some of these headers, or other headers that they include,
change, as demonstrated by r180755.
The quick fix in this particular case is to define _WANT_FILE instead of
_KERNEL, conditional on __FreeBSD__. A better long-term fix is left as
an exercise to the reader.
Notes:
svn path=/head/; revision=180761
|
| | |
| |
| |
| |
| |
| |
| | |
MFC after: 7 days
Notes:
svn path=/head/; revision=172776
|
| | |
| |
| |
| |
| |
| |
| | |
See src/contrib/ipfilter/HISTORY for details of changes since 4.1.13
Notes:
svn path=/head/; revision=170268
|
| | |
| |
| |
| |
| |
| |
| | |
MFC after: 1 weeks
Notes:
svn path=/head/; revision=161357
|
| | |
| |
| |
| | |
Notes:
svn path=/head/; revision=153881
|
| | |
| |
| |
| |
| |
| |
| |
| | |
that fixed in them....
* Keep unnecessary files out of the non-vendor part of this CVS repository.
Notes:
svn path=/head/; revision=145519
|
| |\|
| |
| |
| |
| |
| |
| | |
which included commits to RCS files with non-trunk default branches.
Notes:
svn path=/head/; revision=145511
|
| | |
| |
| |
| | |
Notes:
svn path=/vendor/ipfilter/dist/; revision=145510
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* fix bug parsing port comparisons in proxy rules
* make parsing errors in ipf/ipnat return an error rather than return
indicating success.
* make parsing errors in ipf/ipnat return an error rather than return
indicating success.
* make ipfstat work as a set{g,u}id thing - gave up privs before opening
/dev/ipl
* fix ipfstat -A
* make "ipfstat -f" output more informative
* various changes to ipsend for sending packets with ipv4 options
* ipmon was not correctly calculating the length of the IPv6 packet (excluded
ipv6 header length)
MFC: 1 week
Notes:
svn path=/head/; revision=130890
|
| |\|
| |
| |
| |
| |
| |
| | |
which included commits to RCS files with non-trunk default branches.
Notes:
svn path=/head/; revision=130888
|
| | |
| |
| |
| | |
Notes:
svn path=/vendor/ipfilter/dist/; revision=130887
|
| | |
| |
| |
| | |
Notes:
svn path=/head/; revision=110920
|
| |\|
| |
| |
| |
| |
| |
| | |
which included commits to RCS files with non-trunk default branches.
Notes:
svn path=/head/; revision=110918
|
| | |
| |
| |
| | |
Notes:
svn path=/vendor/ipfilter/dist/; revision=110917
|
| | |
| |
| |
| |
| |
| |
| |
| | |
removal of unnecessary casts and throw in some minor cleanups to see if
anyone complains, just for the hell of it.
Notes:
svn path=/head/; revision=109153
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
pointer types, and remove a huge number of casts from code using it.
Change struct xfile xf_data to xun_data (ABI is still compatible).
If we need to add a #define for f_data and xf_data we can, but I don't
think it will be necessary. There are no operational changes in this
commit.
Notes:
svn path=/head/; revision=109123
|
| |\|
| |
| |
| |
| |
| |
| | |
which included commits to RCS files with non-trunk default branches.
Notes:
svn path=/head/; revision=98006
|
| | |
| |
| |
| | |
Notes:
svn path=/vendor/ipfilter/dist/; revision=98005
|
| | |
| |
| |
| | |
Notes:
svn path=/vendor/ipfilter/dist/; revision=95419
|
| | |
| |
| |
| | |
Notes:
svn path=/head/; revision=95424
|
| | |
| |
| |
| | |
Notes:
svn path=/head/; revision=92691
|
| |\|
| |
| |
| |
| |
| |
| | |
which included commits to RCS files with non-trunk default branches.
Notes:
svn path=/head/; revision=92687
|
