| #
5824df8d |
|
23-Mar-2024 |
Kristof Provost <kp@FreeBSD.org> |
pf: convert DIOCGETSTATUS to netlink
Introduce pfctl_get_status_h() because we need the pfctl_handle. In this variant
use netlink to obtain the information.
Sponsored by: Rubicon Communications, LLC ("Netgate")
|
| #
044243fc |
|
24-Apr-2024 |
Kristof Provost <kp@FreeBSD.org> |
libpfctl: allow access to the fd
pfctl_open() opens both /dev/pf and a netlink socket. Allow access to the /dev/
pf fd via pfctl_fd().
This means that libpfctl users no longer have to open /dev/pf themselves for any
calls that are not yet available in libpfctl.
Sponsored by: Rubicon Communications, LLC ("Netgate")
MFC after: 2 weeks
|
| #
324fd7ec |
|
04-Jan-2024 |
Kristof Provost <kp@FreeBSD.org> |
libpfctl: introduce a handle-enabled variant of pfctl_add_rule()
Introduce pfctl_add_rule_h(), which takes a pfctl_handle rather than a
file descriptor (which it didn't use). This means that library users can
open the handle while they're running as root, but later drop privileges
and still add rules to pf.
Sponsored by: Rubicon Communications, LLC ("Netgate")
|
| #
ddd08375 |
|
29-Aug-2023 |
Kristof Provost <kp@FreeBSD.org> |
pf (t)ftp-proxy: use libpfctl instead of DIOCGETSTATUS
Prefer libpfctl functions over direct access to the ioctl whenever
possible. This will allow subsequent removal of DIOCGETSTATUS (in 15) as
there already is an nvlist-based alternative.
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D41647
|
| #
8923ea6c |
|
01-Jul-2021 |
Kristof Provost <kp@FreeBSD.org> |
ftp-proxy: Revert incorrect migration to libpfctl
libpfctl supports creating rules, but not (yet) adding addresses to a
pool. Adding addresses certainly does not work through adding a rule.
PR: 256917
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")
|
| #
e9eb0941 |
|
08-Apr-2021 |
Kristof Provost <kp@FreeBSD.org> |
libpfctl: Switch to pfctl_rule
Stop using the kernel's struct pf_rule, switch to libpfctl's pfctl_rule.
Now that we use nvlists to communicate with the kernel these structures
can be fully decoupled.
Reviewed by: glebius
MFC after: 4 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D29644
|
| #
95be9288 |
|
29-Mar-2021 |
Kristof Provost <kp@FreeBSD.org> |
(t)ftp-proxy: use libpfctl
Reviewed by: glebius
MFC after: 4 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D29641
|
| #
a7d5f7eb |
|
19-Oct-2010 |
Jamie Gritton <jamie@FreeBSD.org> |
A new jail(8) with a configuration file, to replace the work currently done
by /etc/rc.d/jail.
|
| #
fe0506d7 |
|
09-Mar-2010 |
Marcel Moolenaar <marcel@FreeBSD.org> |
Create the altix project branch. The altix project will add support
for the SGI Altix 350 to FreeBSD/ia64. The hardware used for porting
is a two-module system, consisting of a base compute module and a
CPU expansion module. SGI's NUMAFlex architecture can be an excellent
platform to test CPU affinity and NUMA-aware features in FreeBSD.
|
| #
d7f03759 |
|
19-Oct-2008 |
Ulf Lilleengen <lulf@FreeBSD.org> |
- Import the HEAD csup code which is the basis for the cvsmode work.
|
| #
67ecd4f3 |
|
02-Jul-2007 |
Max Laier <mlaier@FreeBSD.org> |
Import pf userland from OpenBSD 4.1 and (for ftp-proxy) libevent 1.3b as
a local lib.
|