d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
147,321 Commits 6 Branches 133 Tags 2.6 GiB
fedda42340
Commit Graph

446 Commits

Author SHA1 Message Date
Tom Rhodes
81bdd4cbcd Kill hard sentence break added in the previous revision. 2009-04-11 08:52:02 +00:00
Luigi Rizzo
4bb7ae9deb Add emulation of delay profiles, which lets you model various 
types of MAC overheads such as preambles, link level retransmissions
and more.

Note- this commit changes the userland/kernel ABI for pipes
(but not for ordinary firewall rules) so you need to rebuild
kernel and /sbin/ipfw to use dummynet features.

Please check the manpage for details on the new feature.

The MFC would be trivial but it breaks the ABI, so it will
be postponed until after 7.2 is released.

Interested users are welcome to apply the patch manually
to their RELENG_7 tree.

Work supported by the European Commission, Projects Onelab and
Onelab2 (contract 224263).
 2009-04-09 12:46:00 +00:00
Maxim Konovalov
d8ec4cdefb o Grammar. 2009-04-08 17:46:45 +00:00
Luigi Rizzo
de24303241 Various cleanup of text, moving a couple of paragraphs 
above to avoid referencing undefined terms (humans are not compilers
but still care about these things).

Change some .Sh to .Ss to better reflect the structure of the text.

No new content.
 2009-04-08 15:18:21 +00:00
Tom Rhodes
c4abdf1c01 Remove contractions, reword a sentence to avoid a double negative, 
and bump document date for previous change.

OKed by:	piso
 2009-04-07 13:51:41 +00:00
Paolo Pisati
0240be035c Improve a bit reass documentation: 
-document fragment handling sysctls
-mention some caveats about fragments handling (and to deal with it)
 2009-04-05 15:24:27 +00:00
Paolo Pisati
eb2e411915 Implement an ipfw action to reassemble ip packets: reass. 2009-04-01 20:23:47 +00:00
Christian Brueffer
cdd14ccabe Mdoc style, spelling, grammar and wording fixes. This manpage needs more work. 2009-03-19 10:42:07 +00:00
Luigi Rizzo
1fd3fc6988 move a variable declaration to the beginning of the block 
(unfortunately, it is far away; we need to pack this code in
a better way).
 2009-03-05 08:08:09 +00:00
Luigi Rizzo
d7a32e24af remove some signed/unsigned and one const/!const warning 2009-03-05 08:01:58 +00:00
Luigi Rizzo
3e9771d290 mark a function static, as it is 2009-03-05 08:01:19 +00:00
Paolo Pisati
37ce2656ec Add SCTP NAT support. 
Submitted by: CAIA (http://caia.swin.edu.au)
 2009-02-07 18:49:42 +00:00
Luigi Rizzo
a52e28c7dd Explain that we assume AF_INET and only use the addr and port field 
from a struct sockaddr_in, so there is no need to initialize sin_len
 2009-02-02 11:02:19 +00:00
Luigi Rizzo
d84d38734f remove duplicate #include 2009-02-02 10:58:05 +00:00
Luigi Rizzo
23c608c8f6 put the altq-related functions into a separate file. 
Minor cleanup of the includes used by the various source files,
including annotations of why certain headers are used.
 2009-02-01 16:00:49 +00:00
Luigi Rizzo
16e3606f57 Avoid the use of duplicated typedefs -- see the comment for details. 2009-01-28 11:43:12 +00:00
Luigi Rizzo
50a99912c1 fix printing of uint64_t values, so we can use WARNS=2 2009-01-27 20:26:45 +00:00
Luigi Rizzo
b361cf5805 fix wrong variable usage... 2009-01-27 12:24:53 +00:00
Luigi Rizzo
ead75a59f1 Put nat and ipv6 support in their own files. 
Usual moving of code with no changes from ipfw2.c to the
newly created files, and addition of prototypes to ipfw2.h

I have added forward declarations for ipfw_insn_* in ipfw2.h
to avoid a global dependency on ip_fw.h
 2009-01-27 12:01:30 +00:00
Luigi Rizzo
4e9c8ae7b5 Put dummynet-related code in a separate file. 
To this purpose, add prototypes for global functions in ipfw2.h
and move there also the list of tokens used in various places in the code.
 2009-01-27 11:06:59 +00:00
Luigi Rizzo
d36bf6e792 never mind, for the time being let's stick with WARNS=0 until 
we sort out all proper printf formats.
 2009-01-27 11:03:47 +00:00
Luigi Rizzo
3c0c871777 Start splitting the monster file in smaller blocks. 
In this episode:
- introduce a common header with a minimal set of common definitions;
- bring the main() function and options parser in main.c
- rename the main functions with an ipfw_ prefix

No code changes except for the introduction of a global variable,
resvd_set_number, which stores the RESVD_SET value from ip_fw.h
and is used to remove the dependency of main.c from ip_fw.h
(and the subtree of dependencies) for just a single constant.
 2009-01-27 10:18:55 +00:00
Luigi Rizzo
0e22daad2d put the usage() function inline, it was only 1 line and used once; 
slightly reformat the help() text;
slightly correct the text for the 'extraneous filename' error message;
 2009-01-27 09:27:13 +00:00
Luigi Rizzo
db7c522411 put all options in a single struct, and document them. 
This will allow us to easily restore the original values when processing
commands from a file (where each individual line can have its own options).
 2009-01-27 09:06:25 +00:00
Luigi Rizzo
2edea98d7f I believe this is safe to build with WARNS=2 now 2009-01-27 09:04:29 +00:00
Luigi Rizzo
be39e0b2b1 remove a couple of rarely used #define; 
change PRINT_UINT from a macro to a function (renaming is
postponed to reduce clutter)
 2009-01-27 07:40:16 +00:00
Luigi Rizzo
5f356082eb wrap all malloc/calloc/realloc calls so they exit on failure 
without having to check in each place.

Remove an wrong strdup from previous commit.
 2009-01-26 14:26:35 +00:00
Luigi Rizzo
c562063980 Some implementations of getopt() expect that argv[0] is always the 
program name, and ignore that entry.  ipfw2.c code instead skips
this entry and starts with options at offset 0, relying on a more
tolerant implementation of the library.

This change fixes the issue by always passing a program name
in the first entry to getopt. The motivation for this change
is to remove a potential compatibility issue should we use
a different getopt() implementation in the future.

No functional changes.

Submitted by:	Marta Carbone (parts)
MFC after:	4 weeks
 2009-01-26 14:03:39 +00:00
Luigi Rizzo
e5dbf7366f remove some useless #include, 
document why timeconv.h is needed

MFC after:	3 days
 2009-01-22 23:25:28 +00:00
Luigi Rizzo
daa9733afd Fix a number of (innocuous) warnings, and remove a useless test. 
There are still several signed/unsigned warnings left, which
require a bit more study for a proper fix.

This file has grown beyond reasonable limits.

We really need to split it into separate components (ipv4, ipv6,
dummynet, nat, table, userland-kernel communication ...) so we can
make mainteinance easier.

MFC after:	1 weeks
 2009-01-20 18:16:31 +00:00
Paolo Pisati
a21e097b2e Update the ipfw man page to reflect last change (-q option with nat option). 
MFC after:	3 days
 2008-12-18 21:46:18 +00:00
Paolo Pisati
3fc7bd58bc Honor the quiet (-q) option while adding a nat rule. 
Submitted by:	Andrey V. Elsukov<bu7cher@yandex.ru>
MFC after:	3 days
 2008-12-18 21:37:31 +00:00
Maxim Konovalov
20e58023f4 o Remove a debug code and restore an accidentally deleted code 
in a previous commit.
 2008-10-14 17:59:39 +00:00
Maxim Konovalov
92531c02e6 o Do nothing in show_nat() for a test mode (-n). This prevents 
show_nat() from endless loop and makes work ipfw -n nat <...>.

PR:		bin/128064
Submitted by:	sem
MFC after:	1 month
 2008-10-14 17:53:26 +00:00
Roman Kurakin
e7ef3e9494 Fix the build. 
Noted by: ganbold@
 2008-09-27 15:58:54 +00:00
Roman Kurakin
e927c2b2e6 * add all keyword for table list & flush actions. 
* add tables_max sysctl.
* add default_rule sysctl.

PR:		127058 (partially)
 2008-09-27 15:09:00 +00:00
Roman Kurakin
c15c249000 Add keyword all in addtion to the table number for the 'list' and the 
'flush' actions on tables.  Part of PR: 127058.

PR:		127058 (based on)
MFC after:	1 month
 2008-09-27 14:30:34 +00:00
Giorgos Keramidas
7bf717b721 Unbreak the build. 2008-09-22 04:12:27 +00:00
Roman Kurakin
eba1dd2124 Add the check of the table number. 2008-09-21 21:46:56 +00:00
Roman Kurakin
5ec36cd651 Move table list to a separate function. 2008-09-21 12:54:09 +00:00
Roman Kurakin
b0000a98c4 Free allocated memory. 2008-09-20 19:25:02 +00:00
Roman Kurakin
015002df0d Remove some unused variables. 2008-09-20 16:46:19 +00:00
Roman Kurakin
b88a2fe170 Style(9) the show_nat() function. 2008-09-20 16:17:49 +00:00
Roman Kurakin
03d4b38d9e Do not do the useless job for an empty table. 
MFC after:	1 month
 2008-09-20 15:54:22 +00:00
Roman Kurakin
759dd6f7f7 Use IPFW_DEFAULT_RULE instead of hardcoded value since now it is 
available.

MFC after:	5 days.
 2008-09-06 17:23:37 +00:00
Ivan Voras
0d6ff382c3 Trivial typo fix. 
Approved by:	gnn (mentor)
 2008-08-27 15:30:09 +00:00
Julian Elischer
2cc8ab2a83 Slight wordsmithing. prompted by danger@ 2008-08-01 23:31:28 +00:00
Julian Elischer
bc20b62b0e Document the use of the tablearg keyword together with the skipto command. 2008-08-01 22:34:01 +00:00
Julian Elischer
c7d1bf0bd9 Note that setfib is not a terminal rule. 2008-07-24 18:39:36 +00:00
Julian Elischer
05b0fdac8c Change two variables to size_t to improve portability. 
Submitted by:	Xin Li
 2008-05-10 15:02:56 +00:00