d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
224,444 Commits 4 Branches 49 Tags
Commit Graph

14 Commits

Author SHA1 Message Date
kp
86090567a8 pfctl: Make most global variables static. 
This will make it easier to link as a library.

Submitted by:	Christian Mauderer <christian.mauderer@embedded-brains.de>
 2016-08-04 19:24:44 +00:00
kp
119d258974 pfctl: Use const where possible. 
This adds const qualifiers where it is possible.

Submitted by:	Christian Mauderer <christian.mauderer@embedded-brains.de>
 2016-08-02 20:32:02 +00:00
kp
7999df886d pfctl: Match prototype of pfctl_load_hostid. 
The prototype and the implementation of the pfctl_load_hostid used a
different data type for one of the parameters.

Submitted by:	Christian Mauderer <christian.mauderer@embedded-brains.de>
 2016-08-02 19:54:40 +00:00
kp
412c34d241 pfctl: Fix uninitialised veriable 
In pfctl_set_debug() we used 'level' without ever initialising it.
We correctly parsed the option, but them failed to actually assign the parsed
value to 'level' before performing to ioctl() to configure the debug level.

PR:		202996
Submitted by:	Andrej Kolontai
 2015-11-01 17:20:17 +00:00
gnn
1c64df87f0 Only report the lack of ALTQ support if pfctl is using verbose (-v) mode. 
PR:		194935
Submitted by:	Jim Thompson
MFC after:	2 weeks
 2015-07-20 23:24:25 +00:00
glebius
a29f5e7ca8 Move ALTQ from contrib to net/altq. The ALTQ code is for many years 
discontinued by its initial authors. In FreeBSD the code was already
slightly edited during the pf(4) SMP project. It is about to be edited
more in the projects/ifnet. Moving out of contrib also allows to remove
several hacks to the make glue.

Reviewed by:	net@
 2015-04-16 20:22:40 +00:00
glebius
453f59d0c8 Fix compilation for 32-bit machines. 2014-03-05 19:26:22 +00:00
glebius
c23c087e5b Instead of playing games with casts simply add 3 more members to the 
structure pf_rule, that are used when the structure is passed via
ioctl().

PR:		187074
 2014-03-05 00:40:03 +00:00
glebius
746ea0f7a9 Better build fix. 2014-02-15 16:22:51 +00:00
glebius
c8ef7052cb Fix build on 32bit arches broken by me in r261882. 2014-02-14 19:43:00 +00:00
glebius
1ea1d562a3 Once pf became not covered by a single mutex, many counters in it became 
race prone. Some just gather statistics, but some are later used in
different calculations.

A real problem was the race provoked underflow of the states_cur counter
on a rule. Once it goes below zero, it wraps to UINT32_MAX. Later this
value is used in pf_state_expires() and any state created by this rule
is immediately expired.

Thus, make fields states_cur, states_tot and src_nodes of struct
pf_rule be counter(9)s.

Thanks to Dennis for providing me shell access to problematic box and
his help with reproducing, debugging and investigating the problem.

Thanks to:		Dennis Yusupoff <dyr smartspb.net>
Also reported by:	dumbbell, pgj, Rambler
Sponsored by:		Nginx, Inc.
 2014-02-14 10:05:21 +00:00
glebius
29e30ead58 Remove __FreeBSD__ ifdefs. 2013-11-22 20:13:32 +00:00
glebius
fc232cc4e8 Rewrite usage() so that its source code resembles what is printed. 2013-11-22 20:11:17 +00:00
glebius
0ccf4838d7 o Create directory sys/netpfil, where all packet filters should 
reside, and move there ipfw(4) and pf(4).

o Move most modified parts of pf out of contrib.

Actual movements:

sys/contrib/pf/net/*.c		-> sys/netpfil/pf/
sys/contrib/pf/net/*.h		-> sys/net/
contrib/pf/pfctl/*.c		-> sbin/pfctl
contrib/pf/pfctl/*.h		-> sbin/pfctl
contrib/pf/pfctl/pfctl.8	-> sbin/pfctl
contrib/pf/pfctl/*.4		-> share/man/man4
contrib/pf/pfctl/*.5		-> share/man/man5

sys/netinet/ipfw		-> sys/netpfil/ipfw

The arguable movement is pf/net/*.h -> sys/net. There are
future plans to refactor pf includes, so I decided not to
break things twice.

Not modified bits of pf left in contrib: authpf, ftp-proxy,
tftp-proxy, pflogd.

The ipfw(4) movement is planned to be merged to stable/9,
to make head and stable match.

Discussed with:		bz, luigi
 2012-09-14 11:51:49 +00:00