freebsd-skq/sbin
glebius 9978a7d924 New pfil(9) KPI together with newborn pfil API and control utility.
The KPI have been reviewed and cleansed of features that were planned
back 20 years ago and never implemented.  The pfil(9) internals have
been made opaque to protocols with only returned types and function
declarations exposed. The KPI is made more strict, but at the same time
more extensible, as kernel uses same command structures that userland
ioctl uses.

In nutshell [KA]PI is about declaring filtering points, declaring
filters and linking and unlinking them together.

New [KA]PI makes it possible to reconfigure pfil(9) configuration:
change order of hooks, rehook filter from one filtering point to a
different one, disconnect a hook on output leaving it on input only,
prepend/append a filter to existing list of filters.

Now it possible for a single packet filter to provide multiple rulesets
that may be linked to different points. Think of per-interface ACLs in
Cisco or Juniper. None of existing packet filters yet support that,
however limited usage is already possible, e.g. default ruleset can
be moved to single interface, as soon as interface would pride their
filtering points.

Another future feature is possiblity to create pfil heads, that provide
not an mbuf pointer but just a memory pointer with length. That would
allow filtering at very early stages of a packet lifecycle, e.g. when
packet has just been received by a NIC and no mbuf was yet allocated.

Differential Revision:	https://reviews.freebsd.org/D18951
2019-01-31 23:01:03 +00:00
..
adjkerntz various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
bectl bectl(8) test: Force destroy the zpool in cleanup 2019-01-29 04:08:49 +00:00
bsdlabel Move disktab to sbin/bsdlabel/ 2018-09-18 20:52:24 +00:00
camcontrol NVME support is only for x86 and powerpc64. 2018-06-14 01:15:19 +00:00
ccdconfig ccdconfig: Move VCS tags to be more consistent with our style. 2017-12-30 00:26:42 +00:00
clri In preparation for adding inode check-hashes, clean up and 2018-11-13 21:40:56 +00:00
comcontrol various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
conscontrol various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
ddb Move ddb.conf to sbin/ddb/ and switch to CONFS. 2018-08-11 13:25:39 +00:00
decryptcore Make decryptcore(8) buildable. 2018-09-19 07:07:03 +00:00
devd devd.conf(5): simplify regex 2019-01-27 15:29:58 +00:00
devfs Move all devfs related files to sbin/devfs/ 2018-08-22 15:55:23 +00:00
devmatch Add in a missing newline 2018-08-25 15:47:52 +00:00
dhclient capsicum: use a new capsicum helpers in tools 2018-11-04 19:24:49 +00:00
dmesg General further adoption of SPDX licensing ID tags. 2017-11-20 19:49:47 +00:00
dump Normally when an attempt is made to mount a UFS/FFS filesystem whose 2018-12-06 00:09:39 +00:00
dumpfs The goal of this change is to prevent accidental foot shooting by 2018-02-08 23:06:58 +00:00
dumpon Avoid clobbering a user-specified -g value after r340547. 2018-11-20 18:10:56 +00:00
etherswitchcfg Finish removing FDDI and tokenring media support. 2018-04-23 21:10:33 +00:00
fdisk Allow fdisk(8) to deal with sectors larger than 2048 2018-10-25 12:13:13 +00:00
ffsinfo In preparation for adding inode check-hashes, clean up and 2018-11-13 21:40:56 +00:00
fsck various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
fsck_ffs Fsck would find, report, and offer to fix inode check-hash failures. 2018-12-15 17:32:47 +00:00
fsck_msdosfs Detect and handle invalid number of FATs 2018-07-13 02:02:16 +00:00
fsdb In preparation for adding inode check-hashes, change the fsck_ffs 2018-10-31 05:17:53 +00:00
fsirand Continuing efforts to provide hardening of FFS. This change adds a 2018-12-11 22:14:37 +00:00
gbde various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
geom Add the "-t" option to geom(8) utility, to display geoms hierarchy. 2018-09-14 15:29:45 +00:00
ggate ggated: do not expose stack data in sendfail() 2018-12-04 15:25:15 +00:00
growfs Normally when an attempt is made to mount a UFS/FFS filesystem whose 2018-12-06 00:09:39 +00:00
gvinum gvinum: revert WARNS change in Makefile 2018-06-17 01:39:22 +00:00
hastctl various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
hastd Revert 335888 ("Ensure va_list is declared by including stdarg.h.") 2018-07-03 15:48:34 +00:00
ifconfig Speed up non-status operations applied to a single interface 2019-01-28 20:30:04 +00:00
init Move the rc framework out of sbin/init into libexec/rc. 2018-10-17 16:49:11 +00:00
ipf rescue ipf: Remove hacks and link in libipf directly. 2017-11-10 07:52:58 +00:00
ipfw Allow use underscores and dots in service names without escaping. 2018-12-21 10:41:45 +00:00
iscontrol various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
kldconfig various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
kldload various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
kldstat Allow three digits of module id without breaking table alignment. 2018-07-02 09:14:00 +00:00
kldunload various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
ldconfig Make ldconfig(8) atomic, by removing an unneccessary call to unlink(2) 2018-08-09 11:46:12 +00:00
md5 capsicum: use a new capsicum helpers in tools 2018-11-04 19:24:49 +00:00
mdconfig Use VOP_ADVISE() with POSIX_FADV_DONTNEED instead of IO_DIRECT to 2018-12-21 08:15:31 +00:00
mdmfs mdmfs(8): Check for other types of helper-program failure 2018-10-20 21:33:00 +00:00
mknod General further adoption of SPDX licensing ID tags. 2017-11-20 19:49:47 +00:00
mksnap_ffs various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
mount When getting mount information for all filesystems, mount uses the 2018-08-07 21:17:45 +00:00
mount_cd9660 Advise reader to also see mdconfig(8) in mount_cd9660(8). 2018-08-11 08:34:24 +00:00
mount_fusefs mount_fusefs.8: expand HISTORY section 2018-11-17 21:35:01 +00:00
mount_msdosfs mount_msdosfs: do not fail mounts requiring locale name conversion table 2018-10-27 16:41:34 +00:00
mount_nfs General further adoption of SPDX licensing ID tags. 2017-11-20 19:49:47 +00:00
mount_nullfs General further adoption of SPDX licensing ID tags. 2017-11-20 19:49:47 +00:00
mount_udf General further adoption of SPDX licensing ID tags. 2017-11-20 19:49:47 +00:00
mount_unionfs General further adoption of SPDX licensing ID tags. 2017-11-20 19:49:47 +00:00
nandfs various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
natd DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
newfs Allow dashes as a valid character in UFS labels. 2019-01-29 10:21:41 +00:00
newfs_msdos Added option to cluster-align the start of the root directory. 2018-06-15 06:03:40 +00:00
newfs_nandfs various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
nfsiod General further adoption of SPDX licensing ID tags. 2017-11-20 19:49:47 +00:00
nos-tun various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
nvmecontrol Try the first 256 units with nvmecontrol devlist. 2018-12-21 23:22:37 +00:00
pfctl pfctl: Point users to net.pf.request_maxcount if large requests are rejected 2019-01-28 08:36:10 +00:00
pfilctl New pfil(9) KPI together with newborn pfil API and control utility. 2019-01-31 23:01:03 +00:00
pflogd DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
ping Use caph_enter_casper() in ping(8). 2018-12-18 16:47:03 +00:00
ping6 General further adoption of SPDX licensing ID tags. 2017-11-20 19:49:47 +00:00
quotacheck Normally when an attempt is made to mount a UFS/FFS filesystem whose 2018-12-06 00:09:39 +00:00
rcorder rcorder(8): add support for /etc/rc.resume, so it calls "rcorder -k resume" 2018-10-27 17:21:13 +00:00
reboot Fix "fasthalt" to halt instead of reboot 2018-09-14 18:12:30 +00:00
recoverdisk SPDX: use the Beerware identifier. 2017-11-30 20:33:45 +00:00
resolvconf sbin: normalize paths using SRCTOP-relative paths or :H when possible 2017-03-04 11:33:01 +00:00
restore Re-enable reading byte swapped NFS_MAGIC dumps. 2018-08-11 16:12:23 +00:00
route route(8): clarify -prefixlen description 2019-01-10 00:10:12 +00:00
routed When bind fails, make sure we closed the socket we tried to bind the 2017-12-28 05:34:24 +00:00
rtsol Capsicumize rtsol(8) and rtsold(8). 2019-01-05 16:05:39 +00:00
savecore Disable savecore(8)'s libcasper support when WITHOUT_DYNAMICROOT=yes. 2019-01-04 19:20:19 +00:00
sconfig DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
setkey General further adoption of SPDX licensing ID tags. 2017-11-20 19:49:47 +00:00
shutdown shutdown: Fix r327476 by adding init 2018-01-02 09:02:42 +00:00
spppcontrol various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
sunlabel General further adoption of SPDX licensing ID tags. 2017-11-20 19:49:47 +00:00
swapon General further adoption of SPDX licensing ID tags. 2017-11-20 19:49:47 +00:00
sysctl sysctl(8): Add a standard exit status section. 2018-09-24 20:46:45 +00:00
tests Merge ^/user/ngie/release-pkg-fix-tests to unbreak how test files are installed 2016-05-04 23:20:53 +00:00
tunefs Allow dashes as a valid character in UFS labels. 2019-01-29 10:21:41 +00:00
umount umount: remove sync(2) call when used with -f 2018-09-13 13:57:42 +00:00
zfsbootcfg DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
Makefile New pfil(9) KPI together with newborn pfil API and control utility. 2019-01-31 23:01:03 +00:00
Makefile.amd64 NVME support is only for x86 and powerpc64. 2018-06-14 01:15:19 +00:00
Makefile.arm
Makefile.i386 NVME support is only for x86 and powerpc64. 2018-06-14 01:15:19 +00:00
Makefile.inc
Makefile.mips
Makefile.powerpc64 NVME support is only for x86 and powerpc64. 2018-06-14 01:15:19 +00:00
Makefile.sparc64