Add an rc.d script to start the pfsync interface after all
the conventional network interfaces have been started so that
pfsync can be attached to any of the latter.
Record the dependency of rc.d/pf on the newly added rc.d/pfsync.
Also make rc.d/pf start as early as before rc.d/routing to improve
system security.
Document rc.d/pfsync on pfsync(4) and rc.conf(5).
Approved by: re (scottl), mlaier
- Remove MLINKS to nonexistant manpages
- Change some section numbers to match reality
- For MLINKS to manpages from ports, mention which port installs them
Approved by: re (hrs)
- comment out feature, we do not have yet: tcpdumping on pfsync,
add a BUGS section
- reference carp.4
- dereference bpf(4), tcpdump(7), hostname.if(5)
- sort references
- tell when pfsync appeared in FreeBSD
Reviewed by: mlaier
MFC after: 1 week
might result in a deadlock. The fix involves critical changes in the PF
locking strategy (which will happen after 5.3R). For now advise users to set
debug.mpsafenet=0 if they use this kind of filtering.
The same problem exists for IPFW.
mdoc help from: simon
MFC after: 2 days
- Add OpenBSD example rulesets as advertised in etc/pf.conf and pf.conf(5)
- Tweak the pointer to fit the FreeBSD default location share/examples/pf
- Account for the new directory in BSD.usr.dist (no hier(7) change required
as share/examples is an opaque item there).
Obtained from: OpenBSD
Reminded by: Thomas T. Veldhouse
PR: docs/71691
MFC after: 2 days
pcap_pkthdr. This makes /var/log/pflog standart compliant on 64bit archs.
OpenBSD has fixed this by changing the bpf timeval to 32bit in the kernel,
so no need to report this over (again).
PR: bin/71096 (w/ changes)
Submitted by: Ville-Pertti Keinonen
Tested by: amd64(submitter), sparc64(yongari), i386(myself)
MFC after: 3 days
- Add <sys/param.h> and <limits.h> where required (do not depend on other
headers pulling it in).
- __dead -> __dead2
- #if defined() -> #ifdef
- Remove ugly PRIu64 macros and use %llu w/ (unsigned long long) cast.
All changes looped back to OpenBSD (where applicable) for easier sync in the
future.
Requested by: bde
Approved by: bms(mentor)
Rather small diff for the userland (in contrast to the kernel):
- Some header file location/differences
- Clean compilation on 64bit arch (identified by bento a long time ago)
- ALTQ not (yet) available. Leave a switch for patchsets and future ...
- most files can be used from the vendor branch
Approved by: bms(in general)
