296373 |
04-Mar-2016 |
marius |
- Copy stable/10@296371 to releng/10.3 in preparation for 10.3-RC1 builds. - Update newvers.sh to reflect RC1. - Update __FreeBSD_version to reflect 10.3. - Update default pkg(8) configuration to use the quarterly branch.
Approved by: re (implicit) |
296370 |
03-Mar-2016 |
gnn |
MFC 285730 Only report the lack of ALTQ support if pfctl is using verbose (-v) mode.
PR: 194935 Submitted by: Jim Thompson Approved by: re (gjb)
|
292288 |
15-Dec-2015 |
kp |
MFC r290236
pfctl: Fix uninitialised veriable
In pfctl_set_debug() we used 'level' without ever initialising it. We correctly parsed the option, but them failed to actually assign the parsed value to 'level' before performing to ioctl() to configure the debug level.
PR: 202996 Submitted by: Andrej Kolontai
|
270047 |
16-Aug-2014 |
bz |
MFC r259916:
Use feature_present(3) to determine whether to open an INET or an INET6 socket when needed to allow pfctl to work on noinet and noinet6 kernels (and try to provide a fallback using AF_LINK as best effort). Adjust the Makefile to also respect relevant src.conf(5) options for compile time decisions on INET and INET6 support.
Reviewed by: glebius (no objections)
|
263029 |
11-Mar-2014 |
glebius |
Merge r261882, r261898, r261937, r262760, r262799: Once pf became not covered by a single mutex, many counters in it became race prone. Some just gather statistics, but some are later used in different calculations.
A real problem was the race provoked underflow of the states_cur counter on a rule. Once it goes below zero, it wraps to UINT32_MAX. Later this value is used in pf_state_expires() and any state created by this rule is immediately expired.
Thus, make fields states_cur, states_tot and src_nodes of struct pf_rule be counter(9)s.
|
256281 |
10-Oct-2013 |
gjb |
Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
|
241052 |
29-Sep-2012 |
glebius |
- Get rid of #ifdef __FreeBSD__. - Use correct format when printing uint64_t.
|
240497 |
14-Sep-2012 |
joel |
Minor mdoc fix.
|
240494 |
14-Sep-2012 |
glebius |
o Create directory sys/netpfil, where all packet filters should reside, and move there ipfw(4) and pf(4).
o Move most modified parts of pf out of contrib.
Actual movements:
sys/contrib/pf/net/*.c -> sys/netpfil/pf/ sys/contrib/pf/net/*.h -> sys/net/ contrib/pf/pfctl/*.c -> sbin/pfctl contrib/pf/pfctl/*.h -> sbin/pfctl contrib/pf/pfctl/pfctl.8 -> sbin/pfctl contrib/pf/pfctl/*.4 -> share/man/man4 contrib/pf/pfctl/*.5 -> share/man/man5
sys/netinet/ipfw -> sys/netpfil/ipfw
The arguable movement is pf/net/*.h -> sys/net. There are future plans to refactor pf includes, so I decided not to break things twice.
Not modified bits of pf left in contrib: authpf, ftp-proxy, tftp-proxy, pflogd.
The ipfw(4) movement is planned to be merged to stable/9, to make head and stable match.
Discussed with: bz, luigi
|
198236 |
19-Oct-2009 |
ru |
Switch the default WARNS level for sbin/ to 6.
Submitted by: Ulrich Spörlein
|
171173 |
03-Jul-2007 |
mlaier |
Link pf 4.1 to the build: - move ftp-proxy from libexec to usr.sbin - add tftp-proxy - new altq mtag link
Approved by: re (kensmith)
|
157721 |
13-Apr-2006 |
ru |
Add missing library dependencies.
|
145841 |
03-May-2005 |
mlaier |
Adapt Makefiles for pfctl(8) and authpf(8) to 3.7 sources.
|
136078 |
03-Oct-2004 |
mlaier |
Remove -I from CFLAGS. This splipped in with the 3.5 import (as I was building on a box with older pfvar.h installed). Didn't intend to commit it.
Requested by: ru (on a C&P to ipfw's Makefile)
|
131747 |
07-Jul-2004 |
ru |
Removed redundant and unsafe BINDIR redefinition.
|
130617 |
16-Jun-2004 |
mlaier |
Commit userland part of pf version 3.5 from OpenBSD (OPENBSD_3_5_BASE).
|
128073 |
09-Apr-2004 |
markm |
Remove advertising clause from University of California Regent's license, per letter dated July 22, 1999.
Approved by: core, imp
|
126385 |
28-Feb-2004 |
mlaier |
Add skeleton build dirs for pf userland: libexec/ftp-proxy - ftp proxy for pf sbin/pfctl - equivalent to sbin/ipf sbin/pflogd - deamon logging packets via if_pflog in pcap format usr.sbin/authpf - authentification shell to modify pf rulesets
Bring along some altq headers used to satisfy pfctl/authpf compile. This helps to keep the diff down and will make it easy to have a altq-patchset use the full powers of pf.
Also make sure that the pf headers are installed.
This does not link anything to the build. There will be a NO_PF switch for make.conf once pf userland is linked.
Approved by: bms(mentor)
|