Commit Graph

37 Commits

Author SHA1 Message Date
David Malone
5b24835127 Add a -n option that stops ip6fw making any changes to the rules
in the kernel.

Submitted by:	Orla McGann <orly@redbrick.dcu.ie>
MFC after:	3 weeks
2004-02-18 15:56:53 +00:00
David Malone
7028d20d07 When calculating the sequence number to use in an ip6fw reset, remember to
add one if the SYN flag was set in the original packet. This seems to make
ip6fw reset work correctly for new and in-progress connections. Update
the man page to reflect the fact it now seems to work.

Glanced at by:	ume
MFC after:	2 weeks
2003-12-25 23:39:44 +00:00
Brooks Davis
9bf40ede4a Replace the if_name and if_unit members of struct ifnet with new members
if_xname, if_dname, and if_dunit. if_xname is the name of the interface
and if_dname/unit are the driver name and instance.

This change paves the way for interface renaming and enhanced pseudo
device creation and configuration symantics.

Approved By:	re (in principle)
Reviewed By:	njl, imp
Tested On:	i386, amd64, sparc64
Obtained From:	NetBSD (if_xname)
2003-10-31 18:32:15 +00:00
Hajimu UMEMOTO
c0839c961f correct unsafe use of realloc().
Obtained from:	KAME
2003-10-11 10:37:43 +00:00
Ruslan Ermilov
743d5d518c mdoc(7): Properly mark C headers. 2003-09-10 19:24:35 +00:00
Warner Losh
834a93de56 No need to define optind as an extern. stdlib.h does that for us. 2003-08-07 04:53:48 +00:00
Hajimu UMEMOTO
0c6257801e Make -N option work.
Submitted by:	KONDOU Kazuhiro <kazuhiro@alib.jp>
2003-03-25 11:27:46 +00:00
Ruslan Ermilov
8b5381e069 /modules is gone long ago, use the safe equivalents. 2003-03-03 22:46:36 +00:00
Jens Schweikhardt
57bd0fc6e8 english(4) police. 2002-12-27 12:15:40 +00:00
Crist J. Clark
0b3a80af0d Check if a host argument is a IPv6 presentation format address before
going to gethostbyname2(3).

PR:		bin/31632
MFC after:	3 days
2002-08-25 05:44:13 +00:00
Tom Rhodes
ce66ddb763 s/filesystem/file system/g as discussed on -developers 2002-08-21 18:11:48 +00:00
Philippe Charnier
e1205e80e5 The .Nm utility 2002-07-06 19:34:18 +00:00
Jun Kuriyama
0196ba9cf8 Fix typos (s/IP6FILREWALL_VERBOSE/IPV6FIREWALL_VERBOSE/, s/netinet/netinet6/).
MFC after:	1 week
2002-05-30 07:01:58 +00:00
SUZUKI Shinsuke
88ff5695c1 just merged cosmetic changes from KAME to ease sync between KAME and FreeBSD.
(based on freebsd4-snap-20020128)

Reviewed by:	ume
MFC after:	1 week
2002-04-19 04:46:24 +00:00
Matthew Dillon
170ac683f2 I've been meaning to do this for a while. Add an underscore to the
time_to_xxx() and xxx_to_time() functions.  e.g. _time_to_xxx()
instead of time_to_xxx(), to make it more obvious that these are
stopgap functions & placemarkers and not meant to create a defacto
standard.  They will eventually be replaced when a real standard
comes out of committee.
2002-01-19 23:20:02 +00:00
David E. O'Brien
2d68bf45bf Default to WARNS=2.
Binary builds that cannot handle this must explicitly set WARNS=0.

Reviewed by:	mike
2001-12-04 02:19:58 +00:00
Matthew Dillon
9ef76b94a7 Properly convert long to time_t 2001-10-28 20:19:14 +00:00
Ruslan Ermilov
9fe48c6e8d mdoc(7) police: removed HISTORY info from the .Os call. 2001-07-10 11:04:34 +00:00
Dima Dorfman
70d51341bf mdoc(7) police: remove extraneous .Pp before and/or after .Sh. 2001-07-09 09:54:33 +00:00
Jun Kuriyama
8194b338dc Merge from ipfw.8 (1.57).
o Sync with netinet6/ip6_fw.c (1.12).

MFC after:	10 days
2001-06-24 23:40:09 +00:00
Ruslan Ermilov
506c373bc0 Update comment to match ipfw/ipfw.c,v 1.95. 2001-04-13 06:49:47 +00:00
Gregory Neil Shapiro
3371e17cb6 Match ip6fw's command line options to those of ipfw (specifically, added
the ability to use a preprocessor, use the -q (quiet) flag when reading
from a file).  The source used is from ipfw.

Clean up exit codes while I am here.

KAME has been informed and plans on integrating these patches into their
own source as well.
2001-04-13 01:31:17 +00:00
Ruslan Ermilov
0a5779d45b - Backout botched attempt to introduce MANSECT feature.
- MAN[1-9] -> MAN.
2001-03-26 14:33:27 +00:00
Ruslan Ermilov
fe655281c5 Set the default manual section for sbin/ to 8. 2001-03-20 18:13:31 +00:00
Hajimu UMEMOTO
e3a50e99c6 Correct typo in usage.
Submitted by:	David Malone <dwmalone@maths.tcd.ie>
2001-03-18 18:45:43 +00:00
Ruslan Ermilov
d0353b836e mdoc(7) police: split punctuation characters + misc fixes. 2001-02-01 16:38:02 +00:00
Kris Kennaway
1b2556e4a4 Fix the vulnerability with TCP ECE packets recently fixed in ipfw.
This is untested, but believed to work.
2001-01-23 21:11:28 +00:00
Hajimu UMEMOTO
e26aac8d24 avoid conflicting #define symbol (s/FW_IFNLEN/IP6&/).
Obtained from:	KAME
2001-01-22 19:20:06 +00:00
Hajimu UMEMOTO
dd9d139453 Room to hold rules should be dynamically allocated.
PR:		kern/24248
2001-01-20 22:40:39 +00:00
Ruslan Ermilov
1252c1bb05 Prepare for mdoc(7)NG. 2000-12-18 15:16:24 +00:00
Ruslan Ermilov
f4d874a1db mdoc(7) police: do not split author names in the AUTHORS section. 2000-11-22 09:35:58 +00:00
Ruslan Ermilov
7c7fb079b9 mdoc(7) police: use the new features of the Nm macro. 2000-11-20 16:52:27 +00:00
Alexey Zelkin
eb418154a1 mdoc(7) style fixes and cleanup 2000-05-04 17:34:31 +00:00
Alexey Zelkin
533fa4bd2d Fix path to ip6fw 2000-05-04 17:33:27 +00:00
Sheldon Hearn
ef8f7ac935 Remove single-space hard sentence breaks. These degrade the quality
of the typeset output, tend to make diffs harder to read and provide
bad examples for new-comers to mdoc.
2000-03-01 11:27:47 +00:00
Chris Costello
d92ce96b1c Repair incorrect ``first appeared in'' reference, which originally stated
that we supported an IPv6 firewall since version 2.0.  It now correctly
says `4.0'.
2000-02-09 19:54:14 +00:00
Yoshinobu Inoue
210d0432a3 Add ip6fw.
Yes it is almost code freeze, but as the result of many thought, now I
think this should be added before 4.0...

make world check, kernel build check is done.

Reviewed by: green
Obtained from: KAME project
2000-01-29 13:54:44 +00:00