Commit Graph

462 Commits

Author SHA1 Message Date
luigi
d0b8e66dba restore setting of sin_len (was removed in 1.146 last february) as
it seems that now it is necessary for 'forward' to work outside lo0.
The bug (and fix) was reported on 8.0. This patch probably applies
to RELENG_7 as well.
It seems that 'pf' has a similar bug.

Submitted by:	Lytochkin Boris
MFC after:	3 days
2009-12-06 18:04:26 +00:00
luigi
62461e96f5 fix argument type in the call to expand_number
Submitted by:	gcc 4.3
MFC after:	3 days
2009-12-04 14:18:30 +00:00
luigi
98a49a6613 use qsort_r instead of heapsort;
staticize two functions.

MFC after:	3 days
2009-12-03 12:23:48 +00:00
netchild
10efa8a238 Fix minor resource leak in a function.
Reviewed by:	luigi
MFC after:	1 week
2009-11-21 10:46:49 +00:00
brueffer
2100141d0b Fix setfib(1) section number.
PR:		133765
Submitted by:	Konstantin Zolotukhin <erebus@gorodok.net>
MFC after:	3 days
2009-09-18 14:17:00 +00:00
oleg
0c8702bb1e - 'burst' description rewritten.
Submitted by:	Ben Kaduk
Approved by:	re (kib)
2009-06-26 19:49:06 +00:00
maxim
c26bbc521d o Kill grammar nits.
PR:		docs/136061
Submitted by:	Ben Kaduk
MFC after:	1 week
2009-06-26 05:09:00 +00:00
oleg
11197296ca - fix dummynet 'fast' mode for WF2Q case.
- fix printing of pipe profile data.
- introduce new pipe parameter: 'burst' - how much data can be sent through
  pipe bypassing bandwidth limit.
2009-06-24 22:57:07 +00:00
luigi
bf5db0adae Permit the specification of bandwidth values within
"profile" files (bandwidth is mandatory when using a
profile, so it makes sense to have everything in one place).

Update the manpage accordingly.

Submitted by:	Marta Carbone
2009-06-08 14:32:29 +00:00
luigi
d90175e4d6 add a missing format in a printf
Detected building with gcc 4.3.3

MFC after:	3 days
2009-06-08 10:53:18 +00:00
luigi
78a4bbf287 Several ipfw options and actions use a 16-bit argument to indicate
pipes, queues, tags, rule numbers and so on.
These are all different namespaces, and the only thing they have in
common is the fact they use a 16-bit slot to represent the argument.

There is some confusion in the code, mostly for historical reasons,
on how the values 0 and 65535 should be used. At the moment, 0 is
forbidden almost everywhere, while 65535 is used to represent a
'tablearg' argument, i.e. the result of the most recent table() lookup.

For now, try to use explicit constants for the min and max allowed
values, and do not overload the default rule number for that.

Also, make the MTAG_IPFW declaration only visible to the kernel.

NOTE: I think the issue needs to be revisited before 8.0 is out:
the 2^16 namespace limit for rule numbers and pipe/queue is
annoying, and we can easily bump the limit to 2^32 which gives
a lot more flexibility in partitioning the namespace.

MFC after:	5 days
2009-06-05 16:16:07 +00:00
luigi
2e85daee53 remove a printf that was only useful for debugging.
MFC after:	3 days
2009-06-05 13:11:34 +00:00
trhodes
c9f2c65c9f Kill hard sentence break added in the previous revision. 2009-04-11 08:52:02 +00:00
luigi
5c7675fccb Add emulation of delay profiles, which lets you model various
types of MAC overheads such as preambles, link level retransmissions
and more.

Note- this commit changes the userland/kernel ABI for pipes
(but not for ordinary firewall rules) so you need to rebuild
kernel and /sbin/ipfw to use dummynet features.

Please check the manpage for details on the new feature.

The MFC would be trivial but it breaks the ABI, so it will
be postponed until after 7.2 is released.

Interested users are welcome to apply the patch manually
to their RELENG_7 tree.

Work supported by the European Commission, Projects Onelab and
Onelab2 (contract 224263).
2009-04-09 12:46:00 +00:00
maxim
d45acb8459 o Grammar. 2009-04-08 17:46:45 +00:00
luigi
7543af0746 Various cleanup of text, moving a couple of paragraphs
above to avoid referencing undefined terms (humans are not compilers
but still care about these things).

Change some .Sh to .Ss to better reflect the structure of the text.

No new content.
2009-04-08 15:18:21 +00:00
trhodes
263a066905 Remove contractions, reword a sentence to avoid a double negative,
and bump document date for previous change.

OKed by:	piso
2009-04-07 13:51:41 +00:00
piso
30d15f06f1 Improve a bit reass documentation:
-document fragment handling sysctls
-mention some caveats about fragments handling (and to deal with it)
2009-04-05 15:24:27 +00:00
piso
c9b4c10995 Implement an ipfw action to reassemble ip packets: reass. 2009-04-01 20:23:47 +00:00
brueffer
4bb1b51862 Mdoc style, spelling, grammar and wording fixes. This manpage needs more work. 2009-03-19 10:42:07 +00:00
luigi
359ccc0fed move a variable declaration to the beginning of the block
(unfortunately, it is far away; we need to pack this code in
a better way).
2009-03-05 08:08:09 +00:00
luigi
b29749721a remove some signed/unsigned and one const/!const warning 2009-03-05 08:01:58 +00:00
luigi
d5c4f3cf08 mark a function static, as it is 2009-03-05 08:01:19 +00:00
piso
d34fad2923 Add SCTP NAT support.
Submitted by: CAIA (http://caia.swin.edu.au)
2009-02-07 18:49:42 +00:00
luigi
af5756126e Explain that we assume AF_INET and only use the addr and port field
from a struct sockaddr_in, so there is no need to initialize sin_len
2009-02-02 11:02:19 +00:00
luigi
bec0413580 remove duplicate #include 2009-02-02 10:58:05 +00:00
luigi
23001c70f6 put the altq-related functions into a separate file.
Minor cleanup of the includes used by the various source files,
including annotations of why certain headers are used.
2009-02-01 16:00:49 +00:00
luigi
427f135f75 Avoid the use of duplicated typedefs -- see the comment for details. 2009-01-28 11:43:12 +00:00
luigi
5f74942998 fix printing of uint64_t values, so we can use WARNS=2 2009-01-27 20:26:45 +00:00
luigi
66a879082d fix wrong variable usage... 2009-01-27 12:24:53 +00:00
luigi
8a3b5c8587 Put nat and ipv6 support in their own files.
Usual moving of code with no changes from ipfw2.c to the
newly created files, and addition of prototypes to ipfw2.h

I have added forward declarations for ipfw_insn_* in ipfw2.h
to avoid a global dependency on ip_fw.h
2009-01-27 12:01:30 +00:00
luigi
5153c1f1c4 Put dummynet-related code in a separate file.
To this purpose, add prototypes for global functions in ipfw2.h
and move there also the list of tokens used in various places in the code.
2009-01-27 11:06:59 +00:00
luigi
836697aeba never mind, for the time being let's stick with WARNS=0 until
we sort out all proper printf formats.
2009-01-27 11:03:47 +00:00
luigi
80a7476516 Start splitting the monster file in smaller blocks.
In this episode:
- introduce a common header with a minimal set of common definitions;
- bring the main() function and options parser in main.c
- rename the main functions with an ipfw_ prefix

No code changes except for the introduction of a global variable,
resvd_set_number, which stores the RESVD_SET value from ip_fw.h
and is used to remove the dependency of main.c from ip_fw.h
(and the subtree of dependencies) for just a single constant.
2009-01-27 10:18:55 +00:00
luigi
4e134bba31 put the usage() function inline, it was only 1 line and used once;
slightly reformat the help() text;
slightly correct the text for the 'extraneous filename' error message;
2009-01-27 09:27:13 +00:00
luigi
a1283d8086 put all options in a single struct, and document them.
This will allow us to easily restore the original values when processing
commands from a file (where each individual line can have its own options).
2009-01-27 09:06:25 +00:00
luigi
f4b57841c3 I believe this is safe to build with WARNS=2 now 2009-01-27 09:04:29 +00:00
luigi
3b18b2924e remove a couple of rarely used #define;
change PRINT_UINT from a macro to a function (renaming is
postponed to reduce clutter)
2009-01-27 07:40:16 +00:00
luigi
b193317a46 wrap all malloc/calloc/realloc calls so they exit on failure
without having to check in each place.

Remove an wrong strdup from previous commit.
2009-01-26 14:26:35 +00:00
luigi
a9074e77b8 Some implementations of getopt() expect that argv[0] is always the
program name, and ignore that entry.  ipfw2.c code instead skips
this entry and starts with options at offset 0, relying on a more
tolerant implementation of the library.

This change fixes the issue by always passing a program name
in the first entry to getopt. The motivation for this change
is to remove a potential compatibility issue should we use
a different getopt() implementation in the future.

No functional changes.

Submitted by:	Marta Carbone (parts)
MFC after:	4 weeks
2009-01-26 14:03:39 +00:00
luigi
6cbadf0764 remove some useless #include,
document why timeconv.h is needed

MFC after:	3 days
2009-01-22 23:25:28 +00:00
luigi
cee4a08b62 Fix a number of (innocuous) warnings, and remove a useless test.
There are still several signed/unsigned warnings left, which
require a bit more study for a proper fix.

This file has grown beyond reasonable limits.

We really need to split it into separate components (ipv4, ipv6,
dummynet, nat, table, userland-kernel communication ...) so we can
make mainteinance easier.

MFC after:	1 weeks
2009-01-20 18:16:31 +00:00
piso
8af3d78dd2 Import sctp nat support in ipfw obtained from CAIA - http://caia.swin.edu.au. 2008-12-28 17:16:32 +00:00
piso
982a9ea01c Update the ipfw man page to reflect last change (-q option with nat option).
MFC after:	3 days
2008-12-18 21:46:18 +00:00
piso
9102cbe344 Honor the quiet (-q) option while adding a nat rule.
Submitted by:	Andrey V. Elsukov<bu7cher@yandex.ru>
MFC after:	3 days
2008-12-18 21:37:31 +00:00
maxim
be9cccafc2 o Remove a debug code and restore an accidentally deleted code
in a previous commit.
2008-10-14 17:59:39 +00:00
maxim
c9e34ff82a o Do nothing in show_nat() for a test mode (-n). This prevents
show_nat() from endless loop and makes work ipfw -n nat <...>.

PR:		bin/128064
Submitted by:	sem
MFC after:	1 month
2008-10-14 17:53:26 +00:00
rik
192de0a030 Fix the build.
Noted by: ganbold@
2008-09-27 15:58:54 +00:00
rik
4d3e47c771 * add all keyword for table list & flush actions.
* add tables_max sysctl.
* add default_rule sysctl.

PR:		127058 (partially)
2008-09-27 15:09:00 +00:00
rik
187806f48e Add keyword all in addtion to the table number for the 'list' and the
'flush' actions on tables.  Part of PR: 127058.

PR:		127058 (based on)
MFC after:	1 month
2008-09-27 14:30:34 +00:00