d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
229,846 Commits 4 Branches 49 Tags
Commit Graph

59 Commits

Author SHA1 Message Date
Cy Schubert
11b5e0cd9c loadpoolfile() implements a -R (NORESOLVE) option which is not listed 
in usage(). This commit trues up usage() with loadpoolfile().
 2017-08-05 06:46:06 +00:00
Cy Schubert
e7df11b869 Document supported poollist() (ippool -l) options in usage() and in 
ippool.8 man page.
 2017-07-05 05:50:36 +00:00
Cy Schubert
3fe0d81e1f In poolnodecommand() (ippool -a and ippool -r) -m (pool name) is not 
optional.
 2017-06-28 02:30:32 +00:00
Cy Schubert
f21680fd98 Replace AF_INET6 ifdefs with USE_INET6 to be consistent with the rest 
of the ipfilter souce tree.
 2017-06-27 04:54:58 +00:00
Cy Schubert
43988e3f50 Replace AF_INET6 ifdefs with USE_INET6 ifdefs. This is more consistent 
and guaranteed to build everywhere in ipfilter.

Not all of this commit can be MFCed. Some is original code while others
are not.
 2017-06-23 02:42:04 +00:00
Cy Schubert
cd32671786 In poolnodcommand(): TTL (-T) is only valid when adding a node to a 
pool (ippool -a) not when removing a node from a pool (ippool -r).
Flag -T as an error in ippool -r.
 2017-06-22 12:46:48 +00:00
Cy Schubert
3f296d78cc poolflush() has no positional arguments. 2017-06-22 06:25:34 +00:00
Cy Schubert
3f6a9d3760 Fix -S handling within poolcommand(). Specifying a seed (-S) is only 
valid when adding a pool (ippool -A), not when removing a pool
(ippool -R). It is a command line syntax error if specifying a seed (-S)
is specified when emoving a pool (-R).
 2017-06-21 12:19:05 +00:00
Cy Schubert
49742409a3 Flag poolnodecommand() (ippool -a and ippool -r) command line syntax 
errors.
 2017-06-20 12:31:58 +00:00
Cy Schubert
254a06e0b3 poolcommand() (ippool -A and ippool -R) seed takes an argument. 2017-06-19 19:27:37 +00:00
Cy Schubert
eeafb4bc10 Flag poolcommand() (ippool -A and ippool -R) command line syntax errors. 2017-06-19 12:33:22 +00:00
Cy Schubert
2d1353a21d Chase r319848: remove -v option from getopt() call. 2017-06-14 02:42:38 +00:00
Cy Schubert
40ad94e00a -n (do nothing) is not a commmand option. 2017-06-14 02:41:22 +00:00
Cy Schubert
bfff7435ed -v (verbose) is not a command option. (See ippool.1 for a definition 
of command options).
 2017-06-12 06:08:57 +00:00
Cy Schubert
215b15da57 Flag loadpoolfile() (ippool -f) command line syntax errors. 2017-06-11 04:03:09 +00:00
Cy Schubert
d05afd2252 Identify poolstats() (ippool -s) command line syntax errors. 2017-06-11 04:00:26 +00:00
Cy Schubert
0fc43621ce Identify command line syntax errors in poolflush() (ippool -F). 2017-06-11 03:56:13 +00:00
Cy Schubert
5910b44e7d Remove redundant assignment of infile from optarg in loadpoolfile() 
which was previously assigned from optarg in the argument list from
main().
 2017-06-10 23:16:00 +00:00
Cy Schubert
2540ef60c7 Disable the -O (output fields) option in poollist() (ippool -l) for 
now. The option does not presently work. However, similar functions in
ipfstat (for state) and ipnat (for nat) do work and provide outputs that
can be easily parsed by shell scripts or subsequently loaded into CSV
files.  The intention here is to return to this option to make it work.
I suspect the problem is in printpoolfields.c.
 2017-06-10 17:05:14 +00:00
Cy Schubert
a0489e3eeb Flag poollist() (ippool -l) command line syntax errors. 2017-06-10 16:42:39 +00:00
Cy Schubert
0dda2c25d4 Remove NORESOLVE (-R) option from poollist() (ippool -l). It is not 
used in poollist().
 2017-05-31 03:11:25 +00:00
Cy Schubert
d86be5fa4f Implement ippool command line IPv6 address parse support (for the -i 
option).

PR:		218433
 2017-05-16 02:48:46 +00:00
Cy Schubert
5207c6ac74 Ifdef out a redundant if statement when INET6 is disabled. 
MFC after:	1 week
 2017-05-05 14:34:09 +00:00
Cy Schubert
c6fd01fbbb Use warnx() to issue error message. 
Reported by:	cem
MFC after:	1 week
X-MFC with:	r316993, r316994
 2017-04-16 04:36:22 +00:00
Cy Schubert
ea5e026a0d Fix CID 1372600, possible NULL pointer dereference should 
reallocarray() fail.

Reported by:	Coverity CID 1372600
MFC after:	1 week
 2017-04-16 01:15:37 +00:00
Cy Schubert
3820c3aa3f calloc() and realloc() modernization. 
This commit replaces calloc calls, which called calloc() as if it were
malloc() by allocating a multiple of objects as a sizeof multiplied by
the number of objects. The patch rectifies this by calling calloc() as
it was meant to be called.

This commit also replaces realloc() with reallocarray() in a similar
fashion as above. Instead of calculating the memory to reallocated
(changed) by multiplying sizeof by the number of objects, the sizeof
and number are passed as separate arguments to reallocarray(), letting
reallocarray() do the multiplication instead. Like the calloc()
adjustment above, this is approach is cleaner and more elegant than
than the previous code.

This has been tested on my production firewall and a laptop (also
running ipfilter).

Submitted by:	pfg
MFC after:	6 weeks
 2017-03-16 04:40:07 +00:00
Cy Schubert
520f089ad0 Use normal KNF cuddling of elses. 
Reported by:	bde
MFC after:	2 weeks
X-MFC with:	r312777
 2017-01-26 04:51:48 +00:00
Cy Schubert
26594bd1ee Remove extraneous blank line. 
MFC after:	2 weeks
X-MFC with:	r312777
 2017-01-25 20:59:23 +00:00
Cy Schubert
d780a32bc5 Issue an error message when an incorrect flush argument is 
encountered.`

MFC after:	2 weeks
 2017-01-25 20:41:16 +00:00
Cy Schubert
53362bdcc5 Remove dead code. 
Approved by:	re@ (hrs@)
MFC after:	1 week
 2016-06-30 14:53:46 +00:00
Ed Maste
8d121298ba ipf(1): Use strchr(3) instead of deprecated index(3) 
Reviewed by:	cy
MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D2607
 2015-05-22 18:31:26 +00:00
Gleb Smirnoff
56d5e0967c Stop including if_var.h from userland. 
Sponsored by:	Nginx, Inc.
 2015-04-06 09:42:23 +00:00
Gleb Smirnoff
6d947416cc o Use new function ip_fillid() in all places throughout the kernel, 
where we want to create a new IP datagram.
o Add support for RFC6864, which allows to set IP ID for atomic IP
  datagrams to any value, to improve performance. The behaviour is
  controlled by net.inet.ip.rfc6864 sysctl knob, which is enabled by
  default.
o In case if we generate IP ID, use counter(9) to improve performance.
o Gather all code related to IP ID into ip_id.c.

Differential Revision:		https://reviews.freebsd.org/D2177
Reviewed by:			adrian, cy, rpaulo
Tested by:			Emeric POUPON <emeric.poupon stormshield.eu>
Sponsored by:			Netflix
Sponsored by:			Nginx, Inc.
Relnotes:			yes
 2015-04-01 22:26:39 +00:00
Cy Schubert
24211cc919 #552 destination port not zero after parsing nat rule 
Approved by:	glebius (mentor)
Obtained from:	netbsd CVS repo (r1.4), ipfilter CVS repo (r1.38)
 2014-09-22 16:35:48 +00:00
Cy Schubert
19455ef7e4 3561691 gethost never returns an ipv6 address 
Approved by:	glebius (mentor)
Obtained from:	ipfilter CVS repo (r1.34), netbsd CVS repo (r1.4)
 2014-09-22 16:21:25 +00:00
Cy Schubert
8a07b9a5c4 #551 ipf.conf address structure not properly zero filled 
Approved by:	glebius (mentor)
Obtained from:	ipfilter CVS repo (r1.37), netbsd CVS repo (r1.3)
 2014-09-22 16:13:38 +00:00
Cy Schubert
bfc88dcbf7 Update ipfilter 4.1.28 --> 5.1.2. 
Approved by:		glebius (mentor)
BSD Licensed by:	Darren Reed <darrenr@reed.wattle.id.au> (author)
 2013-09-06 23:11:19 +00:00
Cy Schubert
f27f47054d As per the developers handbook (5.3.1 step 1), prepare the vendor trees for 
import of new ipfilter vendor sources by flattening them.

To keep the tags consistent with dist, the tags are also flattened.

Approved by:	glebius (Mentor)
 2013-07-19 05:41:57 +00:00
Rui Paulo
be0479174b Use pcap's bpf header, not our own copy of it. 2010-10-29 21:23:34 +00:00
Roman Divacky
5caf16048e Fix a typo that causes the for loop to exit immediately. There's 
identical loop a few lines above.

Reviewed by: sam
Approved by: ed (mentor)
Silence from: darrenr (maintainer)
 2009-06-16 13:31:01 +00:00
Darren Reed
52c7653383 2020447 IPFilter's NAT can undo name server random port selection 
Approved by:	darrenr
MFC after:	1 week
Security:	CERT VU#521769
 2008-07-24 12:35:05 +00:00
Darren Reed
e86e344222 Pullup IPFilter 4.1.28 from the vendor branch into HEAD. 
MFC after:	7 days
 2007-10-18 21:52:14 +00:00
Darren Reed
39ff65a633 Import IPFilter 4.1.28 2007-10-18 21:42:51 +00:00
Darren Reed
a909f8869b ipfstat should parse "any" when used with -D/-S command line options 
PR:	bin/113879
Submitted by:	kabe@sra-tohoku.co.jp
Reviewed by:	darrenr
Approved by:	re
 2007-06-24 16:39:12 +00:00
Darren Reed
d7eeb25225 Merge IPFilter 4.1.23 back to HEAD 
See src/contrib/ipfilter/HISTORY for details of changes since 4.1.13
 2007-06-04 02:54:36 +00:00
Darren Reed
4a9a9e0514 Import IPFilter 4.1.23 to vendor branch. 
See src/contrib/ipfilter/HISTORY for details of changes since 4.1.13
 2007-06-04 02:50:28 +00:00
Darren Reed
2bf2a702cc This commit was generated by cvs2svn to compensate for changes in r170263, 
which included commits to RCS files with non-trunk default branches.
 2007-06-04 02:50:28 +00:00
Guido van Rooij
dac098f2c9 Resolve conflicts 
MFC after:	1 weeks
 2006-08-16 12:23:02 +00:00
Guido van Rooij
4e39c44e09 Import IP Filter 4.1.13 2006-08-16 11:51:32 +00:00
Darren Reed
649a43212c fix "ipf -Z" reporting rubbish and possibly panic'ing box 
MFC after:	4 days
 2006-04-18 13:24:14 +00:00