Commit Graph

20 Commits

Author SHA1 Message Date
Max Laier
22d6889b4d Make pflogd cope with module unload (and the sudden disappearing of pflog0).
Instead of eating all the available CPU we now shutdown gracefully.

Submitted by:	yongari
MFC after:	3 days
2004-10-05 08:26:34 +00:00
Max Laier
f2403525f7 Document a problem with user/group filtering. With debug.mpsafenet=1 this
might result in a deadlock. The fix involves critical changes in the PF
locking strategy (which will happen after 5.3R). For now advise users to set
debug.mpsafenet=0 if they use this kind of filtering.

The same problem exists for IPFW.

mdoc help from:		simon
MFC after:		2 days
2004-10-03 10:42:42 +00:00
Max Laier
9007cc283f PFIL_HOOKS is no longer an optional item.
Submitted by:	Anders Hanssen
MFC after:	1 day
2004-09-26 16:10:40 +00:00
Max Laier
9d7ccc0ffa Bring in some examples (and create space for future work here):
- Add OpenBSD example rulesets as advertised in etc/pf.conf and pf.conf(5)
- Tweak the pointer to fit the FreeBSD default location share/examples/pf
- Account for the new directory in BSD.usr.dist (no hier(7) change required
  as share/examples is an opaque item there).

Obtained from:	OpenBSD
Reminded by:	Thomas T. Veldhouse
PR:		docs/71691
MFC after:	2 days
2004-09-14 01:07:19 +00:00
Max Laier
6964e37de4 Make pflogd(8) store pcap_sf_pkthdr instead of MD timeval contaminated
pcap_pkthdr. This makes /var/log/pflog standart compliant on 64bit archs.

OpenBSD has fixed this by changing the bpf timeval to 32bit in the kernel,
so no need to report this over (again).

PR:		bin/71096 (w/ changes)
Submitted by:	Ville-Pertti Keinonen
Tested by:	amd64(submitter), sparc64(yongari), i386(myself)
MFC after:	3 days
2004-08-31 18:04:34 +00:00
Max Laier
c5be312a19 Loopback a fix from Cedric Berger:
Fix table add/replace commands with securelevel=2.
	Reported by James J. Lippard.

Discussed with:	yongari
MFC after:	5 days
2004-08-22 16:58:06 +00:00
Max Laier
4238db7522 Fix printing of u_int64_t with a cast to unsigned long long.
Found-by:	tinderbox(amd64)
2004-06-17 15:23:51 +00:00
Max Laier
22ac3ead26 Commit userland part of pf version 3.5 from OpenBSD (OPENBSD_3_5_BASE). 2004-06-16 23:39:33 +00:00
Max Laier
24b10b46ce This commit was generated by cvs2svn to compensate for changes in r130614,
which included commits to RCS files with non-trunk default branches.
2004-06-16 23:26:00 +00:00
Max Laier
abff386833 Import userland of pf 3.5 from OpenBSD (OPENBSD_3_5_BASE). 2004-06-16 23:26:00 +00:00
Max Laier
abbfafd2e3 FreeBSD-ify the manpage. Our inetd does not support bind-address:port syntax
Christian will follow up with some additional words about how to protect
this from the outside world.

Submitted-by:	brueffer
Approved-by:	bms(mentor)
2004-05-27 23:51:05 +00:00
Max Laier
1abe035580 FreeBSD-if .4 manpages for pf/pflog/pfsync.
PR:		docs/65687
Submitted by:	Sergey Matveychuk
Approved by:	bms(mentor)
2004-04-18 13:59:12 +00:00
David E. O'Brien
a10f530f93 Fix $FreeBSD$ ids. 2004-03-16 17:24:06 +00:00
Max Laier
b83a49e9b9 Fix some style(9) related issues after discussion with/education from bde:
- Add <sys/param.h> and <limits.h> where required (do not depend on other
   headers pulling it in).
 - __dead -> __dead2
 - #if defined() -> #ifdef
 - Remove ugly PRIu64 macros and use %llu w/ (unsigned long long) cast.

All changes looped back to OpenBSD (where applicable) for easier sync in the
future.

Requested by:	bde
Approved by:	bms(mentor)
2004-03-15 13:41:17 +00:00
Max Laier
ffe9fd66ee Fix two instances of improper NULL/0 use idetified by the changes lately.
Submitted by:	Patrick Marie
Approved by:	bms(mentor)
2004-03-08 15:19:55 +00:00
Max Laier
23ecd01b79 Add local define of HTONL() as it was decided to protect this by _KERNEL
in <net/pfvar.h>
2004-02-28 18:41:43 +00:00
Max Laier
3178c893b8 Missed those two during the original import. Taken from OpenBSD's util.h
Approved by:	bms(mentor)
2004-02-28 18:35:40 +00:00
Max Laier
6a4fd102a4 This commit was generated by cvs2svn to compensate for changes in r126357,
which included commits to RCS files with non-trunk default branches.
2004-02-28 18:35:40 +00:00
Max Laier
8c8618f5e8 Apply diff from the port.
Rather small diff for the userland (in contrast to the kernel):
 - Some header file location/differences
 - Clean compilation on 64bit arch (identified by bento a long time ago)
 - ALTQ not (yet) available. Leave a switch for patchsets and future ...
 - most files can be used from the vendor branch

Approved by:	bms(in general)
2004-02-28 17:32:53 +00:00
Max Laier
13b9f61009 Vendor import of OpenBSD's pf userland as of OpenBSD 3.4
Approved by: bms(mentor), core(in general)
2004-02-28 16:52:45 +00:00