#
6ee3e376 |
|
24-May-2024 |
Kristof Provost <kp@FreeBSD.org> |
pf: fix incorrect anchor_call to userspace 777a4702c changed how we copy out the anchor_call string, and incorrectly limited it to 8 (4 on 32-bit systems) bytes. Fix that so we get the full anchor path, rather than just the first few characters. PR: 279225 Sponsored by: Rubicon Communications, LLC ("Netgate")
|
#
777a4702 |
|
12-Jan-2024 |
Kristof Provost <kp@FreeBSD.org> |
pf: implement addrule via netlink Sponsored by: Rubicon Communications, LLC ("Netgate")
|
#
fdafd315 |
|
24-Nov-2023 |
Warner Losh <imp@FreeBSD.org> |
sys: Automated cleanup of cdefs and other formatting Apply the following automated changes to try to eliminate no-longer-needed sys/cdefs.h includes as well as now-empty blank lines in a row. Remove /^#if.*\n#endif.*\n#include\s+<sys/cdefs.h>.*\n/ Remove /\n+#include\s+<sys/cdefs.h>.*\n+#if.*\n#endif.*\n+/ Remove /\n+#if.*\n#endif.*\n+/ Remove /^#if.*\n#endif.*\n/ Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/types.h>/ Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/param.h>/ Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/capsicum.h>/ Sponsored by: Netflix
|
#
685dc743 |
|
16-Aug-2023 |
Warner Losh <imp@FreeBSD.org> |
sys: Remove $FreeBSD$: one-line .c pattern Remove /^[\s*]*__FBSDID\("\$FreeBSD\$"\);?\s*\n/
|
#
c5131afe |
|
01-Oct-2021 |
Kristof Provost <kp@FreeBSD.org> |
pf: add anchor support for ether rules Support anchors in ether rules. Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D32482
|
#
20c4899a |
|
10-Feb-2021 |
Kristof Provost <kp@FreeBSD.org> |
pf: Do not hold PF_RULES_RLOCK while processing Ethernet rules Avoid the overhead of acquiring a (read) RULES lock when processing the Ethernet rules. We can get away with that because when rules are modified they're staged in V_pf_keth_inactive. We take care to ensure the swap to V_pf_keth is atomic, so that pf_test_eth_rule() always sees either the old rules, or the new ruleset. We need to take care not to delete the old ruleset until we're sure no pf_test_eth_rule() is still running with those. We accomplish that by using NET_EPOCH_CALL() to actually free the old rules. Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D31739
|
#
e732e742 |
|
03-Feb-2021 |
Kristof Provost <kp@FreeBSD.org> |
pf: Initial Ethernet level filtering code This is the kernel side of stateless Ethernel level filtering for pf. The primary use case for this is to enable captive portal functionality to allow/deny access by MAC address, rather than per IP address. Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D31737
|
#
ef950daa |
|
02-Mar-2021 |
Kristof Provost <kp@FreeBSD.org> |
pf: match keyword support Support the 'match' keyword. Note that support is limited to adding queuing information, so without ALTQ support in the kernel setting match rules is pointless. For the avoidance of doubt: this is NOT full support for the match keyword as found in OpenBSD's pf. That could potentially be built on top of this, but this commit is NOT that. MFC after: 2 weeks Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D31115
|
#
d710367d |
|
25-Mar-2021 |
Kristof Provost <kp@FreeBSD.org> |
pf: Implement nvlist variant of DIOCGETRULE MFC after: 4 weeks Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D29559
|
#
86b653ed |
|
11-Jan-2021 |
Kristof Provost <kp@FreeBSD.org> |
pf: quiet debugging printfs Only log these when debugging output is enabled.
|
#
fda7daf0 |
|
24-Dec-2020 |
Kristof Provost <kp@FreeBSD.org> |
pfctl: Stop sharing pf_ruleset.c with the kernel Now that we've split up the datastructures used by the kernel and userspace there's essentually no more overlap between the pf_ruleset.c code used by userspace and kernelspace. Copy the userspace bits to the pfctl directory and stop using the kernel file. Reviewed by: philip MFC after: 2 weeks Sponsored by: Orange Business Services Differential Revision: https://reviews.freebsd.org/D27764
|
#
e86bddea |
|
05-Dec-2020 |
Kristof Provost <kp@FreeBSD.org> |
pf: Split pf_rule into kernel and user space versions No functional change intended. MFC after: 2 weeks Sponsored by: Orange Business Services Differential Revision: https://reviews.freebsd.org/D27758
|
#
662c1305 |
|
01-Sep-2020 |
Mateusz Guzik <mjg@FreeBSD.org> |
net: clean up empty lines in .c and .h files
|
#
fe267a55 |
|
27-Nov-2017 |
Pedro F. Giffuni <pfg@FreeBSD.org> |
sys: general adoption of SPDX licensing ID tags. Mainly focus on files that use BSD 2-Clause license, however the tool I was using misidentified many licenses so this was mostly a manual - error prone - task. The Software Package Data Exchange (SPDX) group provides a specification to make it easier for automated tools to detect and summarize well known opensource licenses. We are gradually adopting the specification, noting that the tags are considered only advisory and do not, in any way, superceed or replace the license texts. No functional change intended.
|
#
eedc7fd9 |
|
26-Oct-2013 |
Gleb Smirnoff <glebius@FreeBSD.org> |
Provide includes that are needed in these files, and before were read in implicitly via if.h -> if_var.h pollution. Sponsored by: Netflix Sponsored by: Nginx, Inc.
|
#
d8aa10cc |
|
28-Dec-2012 |
Gleb Smirnoff <glebius@FreeBSD.org> |
In netpfil/pf: - Add my copyright to files I've touched a lot this year. - Add dash in front of all copyright notices according to style(9). - Move $OpenBSD$ down below copyright notices. - Remove extra line between cdefs.h and __FBSDID.
|
#
3b3a8eb9 |
|
14-Sep-2012 |
Gleb Smirnoff <glebius@FreeBSD.org> |
o Create directory sys/netpfil, where all packet filters should reside, and move there ipfw(4) and pf(4). o Move most modified parts of pf out of contrib. Actual movements: sys/contrib/pf/net/*.c -> sys/netpfil/pf/ sys/contrib/pf/net/*.h -> sys/net/ contrib/pf/pfctl/*.c -> sbin/pfctl contrib/pf/pfctl/*.h -> sbin/pfctl contrib/pf/pfctl/pfctl.8 -> sbin/pfctl contrib/pf/pfctl/*.4 -> share/man/man4 contrib/pf/pfctl/*.5 -> share/man/man5 sys/netinet/ipfw -> sys/netpfil/ipfw The arguable movement is pf/net/*.h -> sys/net. There are future plans to refactor pf includes, so I decided not to break things twice. Not modified bits of pf left in contrib: authpf, ftp-proxy, tftp-proxy, pflogd. The ipfw(4) movement is planned to be merged to stable/9, to make head and stable match. Discussed with: bz, luigi
|