| 272461 |
03-Oct-2014 |
gjb |
Copy stable/10@r272459 to releng/10.1 as part of
the 10.1-RELEASE process.
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
|
| 270047 |
16-Aug-2014 |
bz |
MFC r259916:
Use feature_present(3) to determine whether to open an INET or an
INET6 socket when needed to allow pfctl to work on noinet and noinet6
kernels (and try to provide a fallback using AF_LINK as best effort).
Adjust the Makefile to also respect relevant src.conf(5) options
for compile time decisions on INET and INET6 support.
Reviewed by: glebius (no objections)
|
| 263029 |
11-Mar-2014 |
glebius |
Merge r261882, r261898, r261937, r262760, r262799:
Once pf became not covered by a single mutex, many counters in it became
race prone. Some just gather statistics, but some are later used in
different calculations.
A real problem was the race provoked underflow of the states_cur counter
on a rule. Once it goes below zero, it wraps to UINT32_MAX. Later this
value is used in pf_state_expires() and any state created by this rule
is immediately expired.
Thus, make fields states_cur, states_tot and src_nodes of struct
pf_rule be counter(9)s.
|
| 256281 |
10-Oct-2013 |
gjb |
Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle.
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
|
| 241052 |
29-Sep-2012 |
glebius |
- Get rid of #ifdef __FreeBSD__.
- Use correct format when printing uint64_t.
|
| 240497 |
14-Sep-2012 |
joel |
Minor mdoc fix.
|
| 240494 |
14-Sep-2012 |
glebius |
o Create directory sys/netpfil, where all packet filters should
reside, and move there ipfw(4) and pf(4).
o Move most modified parts of pf out of contrib.
Actual movements:
sys/contrib/pf/net/*.c -> sys/netpfil/pf/
sys/contrib/pf/net/*.h -> sys/net/
contrib/pf/pfctl/*.c -> sbin/pfctl
contrib/pf/pfctl/*.h -> sbin/pfctl
contrib/pf/pfctl/pfctl.8 -> sbin/pfctl
contrib/pf/pfctl/*.4 -> share/man/man4
contrib/pf/pfctl/*.5 -> share/man/man5
sys/netinet/ipfw -> sys/netpfil/ipfw
The arguable movement is pf/net/*.h -> sys/net. There are
future plans to refactor pf includes, so I decided not to
break things twice.
Not modified bits of pf left in contrib: authpf, ftp-proxy,
tftp-proxy, pflogd.
The ipfw(4) movement is planned to be merged to stable/9,
to make head and stable match.
Discussed with: bz, luigi
|
| 198236 |
19-Oct-2009 |
ru |
Switch the default WARNS level for sbin/ to 6.
Submitted by: Ulrich Spörlein
|
| 171173 |
03-Jul-2007 |
mlaier |
Link pf 4.1 to the build:
- move ftp-proxy from libexec to usr.sbin
- add tftp-proxy
- new altq mtag link
Approved by: re (kensmith)
|
| 157721 |
13-Apr-2006 |
ru |
Add missing library dependencies.
|
| 145841 |
03-May-2005 |
mlaier |
Adapt Makefiles for pfctl(8) and authpf(8) to 3.7 sources.
|
| 136078 |
03-Oct-2004 |
mlaier |
Remove -I from CFLAGS. This splipped in with the 3.5 import (as I was
building on a box with older pfvar.h installed). Didn't intend to commit it.
Requested by: ru (on a C&P to ipfw's Makefile)
|
| 131747 |
07-Jul-2004 |
ru |
Removed redundant and unsafe BINDIR redefinition.
|
| 130617 |
16-Jun-2004 |
mlaier |
Commit userland part of pf version 3.5 from OpenBSD (OPENBSD_3_5_BASE).
|
| 128073 |
09-Apr-2004 |
markm |
Remove advertising clause from University of California Regent's license,
per letter dated July 22, 1999.
Approved by: core, imp
|
| 126385 |
28-Feb-2004 |
mlaier |
Add skeleton build dirs for pf userland:
libexec/ftp-proxy - ftp proxy for pf
sbin/pfctl - equivalent to sbin/ipf
sbin/pflogd - deamon logging packets via if_pflog in pcap format
usr.sbin/authpf - authentification shell to modify pf rulesets
Bring along some altq headers used to satisfy pfctl/authpf compile. This
helps to keep the diff down and will make it easy to have a altq-patchset
use the full powers of pf.
Also make sure that the pf headers are installed.
This does not link anything to the build. There will be a NO_PF switch for
make.conf once pf userland is linked.
Approved by: bms(mentor)
|