![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / sbin / pfctl
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.63 / (download) - annotate - [select for diffs], Sun May 19 10:39:40 2024 UTC (2 weeks, 6 days ago) by jsg
Branch: MAIN
CVS Tags: HEAD
Changes since 1.62: +1 -3 lines
Diff to previous 1.62 (colored)
remove prototypes with no matching function
Revision 1.62 / (download) - annotate - [select for diffs], Wed Jan 15 22:38:31 2020 UTC (4 years, 4 months ago) by kn
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
OPENBSD_7_4_BASE,
OPENBSD_7_4,
OPENBSD_7_3_BASE,
OPENBSD_7_3,
OPENBSD_7_2_BASE,
OPENBSD_7_2,
OPENBSD_7_1_BASE,
OPENBSD_7_1,
OPENBSD_7_0_BASE,
OPENBSD_7_0,
OPENBSD_6_9_BASE,
OPENBSD_6_9,
OPENBSD_6_8_BASE,
OPENBSD_6_8,
OPENBSD_6_7_BASE,
OPENBSD_6_7
Changes since 1.61: +2 -2 lines
Diff to previous 1.61 (colored)
Do the actual pfr_strerror() to pf_strerror() rename Missed in previous
Revision 1.61 / (download) - annotate - [select for diffs], Wed Jan 15 11:52:50 2020 UTC (4 years, 4 months ago) by sashan
Branch: MAIN
Changes since 1.60: +13 -2 lines
Diff to previous 1.60 (colored)
Enable pfctl(8) to recursively flush rules and tables from PF driver. The
recursive operation ("pfctl -a '*' ...") works for '-s' option already. This
change enables the same thing for '-F' option, so "pfctl -a '*' -Fa" will flush
everything from PF driver.
The idea was discussed with many on tech@ in spring 2019.
OK kn@
Revision 1.60 / (download) - annotate - [select for diffs], Fri Jan 11 01:56:54 2019 UTC (5 years, 4 months ago) by kn
Branch: MAIN
CVS Tags: OPENBSD_6_6_BASE,
OPENBSD_6_6,
OPENBSD_6_5_BASE,
OPENBSD_6_5
Changes since 1.59: +2 -2 lines
Diff to previous 1.59 (colored)
When creating tables inside anchors, pfctl warned about namespace collisions with global tables, but only in certain cases and with limited information sometimes leaving users clueless. Deferring the check to process_tabledefs() where tables are eventually created, both anchor and table name are known which allows for checking all existing anchors. With this, warn on all duplicates even in dry-runs (`-n') and print quoted names so they can be copied to fix configurations right away. No functional change in parsing or ruleset production. Discussed with and OK sashan
Revision 1.59 / (download) - annotate - [select for diffs], Wed Jan 2 23:08:00 2019 UTC (5 years, 5 months ago) by kn
Branch: MAIN
Changes since 1.58: +2 -2 lines
Diff to previous 1.58 (colored)
Error out on missing table command, zap internal wrapper function Table name and table command require each other as reflected in the synopsis [-t table -T command [address ...]], so print usage and exit if only one of them is given. By moving the inter-dependence check right after option parsing is done, we can bail out even before opening pf(4) and drop the internal wrapper pfctl_command_tables() as unneeded indirection with now duplicate checks. OK sashan
Revision 1.58 / (download) - annotate - [select for diffs], Wed Jan 2 22:59:54 2019 UTC (5 years, 5 months ago) by kn
Branch: MAIN
Changes since 1.57: +1 -9 lines
Diff to previous 1.57 (colored)
Zap unused segment struct definition There since import and last used by ALTQ which henning removed in 2004. OK sashan
Revision 1.57 / (download) - annotate - [select for diffs], Thu Sep 6 15:07:33 2018 UTC (5 years, 9 months ago) by kn
Branch: MAIN
CVS Tags: OPENBSD_6_4_BASE,
OPENBSD_6_4
Changes since 1.56: +1 -2 lines
Diff to previous 1.56 (colored)
Remove unused af argument from unmask() This has been unused for years. While here, zap the duplicate function signature from pfctl.h (already present in pfctl_parser.h); spotted by sashan, thanks. OK sashan
Revision 1.56 / (download) - annotate - [select for diffs], Tue Jul 24 09:48:04 2018 UTC (5 years, 10 months ago) by kn
Branch: MAIN
Changes since 1.55: +2 -1 lines
Diff to previous 1.55 (colored)
Move duplicate code into new helper print_addr_str() This simply puts the wiggle around inet_ntop() from four into one location. OK benno
Revision 1.55 / (download) - annotate - [select for diffs], Fri Aug 11 22:30:38 2017 UTC (6 years, 9 months ago) by benno
Branch: MAIN
CVS Tags: OPENBSD_6_3_BASE,
OPENBSD_6_3,
OPENBSD_6_2_BASE,
OPENBSD_6_2
Changes since 1.54: +2 -2 lines
Diff to previous 1.54 (colored)
add option -N (no domain resolution) manpage wording and reminder about usage() jmc@ ok florian@ henning@
Revision 1.54 / (download) - annotate - [select for diffs], Sat Jul 15 16:01:14 2017 UTC (6 years, 10 months ago) by awolk
Branch: MAIN
Changes since 1.53: +4 -4 lines
Diff to previous 1.53 (colored)
sbin/pfctl: void functions and exit(3) on error Changes: voided: - pfctl_clear_tables - pfctl_show_tables - pfctl_show_ifaces Those functions now exit(3) in case of error instead of passing it up to the callers (where it was ignored). OK mikeb@, sashan@
Revision 1.53 / (download) - annotate - [select for diffs], Mon Jan 19 23:52:02 2015 UTC (9 years, 4 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_6_1_BASE,
OPENBSD_6_1,
OPENBSD_6_0_BASE,
OPENBSD_6_0,
OPENBSD_5_9_BASE,
OPENBSD_5_9,
OPENBSD_5_8_BASE,
OPENBSD_5_8,
OPENBSD_5_7_BASE,
OPENBSD_5_7
Changes since 1.52: +1 -9 lines
Diff to previous 1.52 (colored)
DEFAULT_PRIORITY and DEFAULT_QLIMIT no longer used
Revision 1.52 / (download) - annotate - [select for diffs], Sat Apr 19 14:22:32 2014 UTC (10 years, 1 month ago) by henning
Branch: MAIN
CVS Tags: OPENBSD_5_6_BASE,
OPENBSD_5_6
Changes since 1.51: +1 -7 lines
Diff to previous 1.51 (colored)
remove altq bits here, too (i was convinced i committed that yesterday already, hrm)
Revision 1.51 / (download) - annotate - [select for diffs], Sat Oct 12 12:16:11 2013 UTC (10 years, 7 months ago) by henning
Branch: MAIN
CVS Tags: OPENBSD_5_5_BASE,
OPENBSD_5_5
Changes since 1.50: +3 -1 lines
Diff to previous 1.50 (colored)
config bits for the bandwidth shaping part of the new queueing subsystem syntax worked out with many in ljubljana using a whiteboard, testing & looking over by many, ok phessler sthen
Revision 1.50 / (download) - annotate - [select for diffs], Sun Jul 8 17:48:37 2012 UTC (11 years, 11 months ago) by lteo
Branch: MAIN
CVS Tags: OPENBSD_5_4_BASE,
OPENBSD_5_4,
OPENBSD_5_3_BASE,
OPENBSD_5_3,
OPENBSD_5_2_BASE,
OPENBSD_5_2
Changes since 1.49: +2 -2 lines
Diff to previous 1.49 (colored)
New attempt to make the -P flag work with -ss, so that states can be printed with port names if desired. tcpdump's pf_print_state.c has diverged significantly from pfctl's, so the change to tcpdump's pf_print_state.c is not exactly the same as pfctl's. ok henning sthen
Revision 1.49 / (download) - annotate - [select for diffs], Fri Jun 1 08:35:45 2012 UTC (12 years ago) by jsg
Branch: MAIN
Changes since 1.48: +2 -2 lines
Diff to previous 1.48 (colored)
revert previous, breaks tcpdump spotted by jmc@
Revision 1.48 / (download) - annotate - [select for diffs], Fri Jun 1 02:44:36 2012 UTC (12 years ago) by lteo
Branch: MAIN
Changes since 1.47: +2 -2 lines
Diff to previous 1.47 (colored)
Make the -P flag work with -ss, so that states can be printed with port names if desired. ok henning
Revision 1.47 / (download) - annotate - [select for diffs], Wed Jul 27 00:26:10 2011 UTC (12 years, 10 months ago) by mcbride
Branch: MAIN
CVS Tags: OPENBSD_5_1_BASE,
OPENBSD_5_1,
OPENBSD_5_0_BASE,
OPENBSD_5_0
Changes since 1.46: +2 -3 lines
Diff to previous 1.46 (colored)
Add support for weighted round-robin in load balancing pools and tables. Diff from zinke@ with a some minor cleanup. ok henning claudio deraadt
Revision 1.46 / (download) - annotate - [select for diffs], Fri Nov 12 13:14:41 2010 UTC (13 years, 6 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_4_9_BASE,
OPENBSD_4_9
Changes since 1.45: +2 -2 lines
Diff to previous 1.45 (colored)
The ioctl to show states returns a pfsync_state which is in network byte order and therefore a ntohs is needed to show the rdomain correctly. OK henning@ dlg@
Revision 1.45 / (download) - annotate - [select for diffs], Tue Mar 23 13:31:29 2010 UTC (14 years, 2 months ago) by henning
Branch: MAIN
CVS Tags: OPENBSD_4_8_BASE,
OPENBSD_4_8
Changes since 1.44: +1 -3 lines
Diff to previous 1.44 (colored)
remove -A, -O, -R and -T load the partial loading of a ruleset (leaving ancors aside) is wrong and conflicts with the general idea of how pf works. last not least it breaks with the optimizer generating tables automagically. ok deraadt sthen krw manpage jmc
Revision 1.44 / (download) - annotate - [select for diffs], Tue Nov 3 10:59:04 2009 UTC (14 years, 7 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_4_7_BASE,
OPENBSD_4_7
Changes since 1.43: +2 -2 lines
Diff to previous 1.43 (colored)
rtables are stacked on rdomains (it is possible to have multiple routing tables on top of a rdomain) but until now our code was a crazy mix so that it was impossible to correctly use rtables in that case. Additionally pf(4) only knows about rtables and not about rdomains. This is especially bad when tracking (possibly conflicting) states in various domains. This diff fixes all or most of these issues. It adds a lookup function to get the rdomain id based on a rtable id. Makes pf understand rdomains and allows pf to move packets between rdomains (it is similar to NAT). Because pf states now track the rdomain id as well it is necessary to modify the pfsync wire format. So old and new systems will not sync up. A lot of help by dlg@, tested by sthen@, jsg@ and probably more OK dlg@, mpf@, deraadt@
Revision 1.43 / (download) - annotate - [select for diffs], Thu May 29 01:00:53 2008 UTC (16 years ago) by mcbride
Branch: MAIN
CVS Tags: OPENBSD_4_6_BASE,
OPENBSD_4_6,
OPENBSD_4_5_BASE,
OPENBSD_4_5,
OPENBSD_4_4_BASE,
OPENBSD_4_4
Changes since 1.42: +2 -2 lines
Diff to previous 1.42 (colored)
Second half of PF state table rearrangement. - Mechanical change: Use arrays for state key pointers in pf_state, and addr/port in pf_state_key, to allow the use of indexes. - Fix NAT, pfsync, pfctl, and tcpdump to handle the new state structures. In struct pfsync_state, both state keys are included even when identical. - Also fix some bugs discovered in the existing code during testing. (in particular, "block return" for TCP packets was not returning an RST) ok henning beck deraadt tested by otto dlg beck laurent Special thanks to users Manuel Pata and Emilio Perea who did enough testing to actually find some bugs.
Revision 1.42 / (download) - annotate - [select for diffs], Wed Dec 5 12:01:47 2007 UTC (16 years, 6 months ago) by chl
Branch: MAIN
CVS Tags: OPENBSD_4_3_BASE,
OPENBSD_4_3
Changes since 1.41: +1 -4 lines
Diff to previous 1.41 (colored)
remove unused functions from tobias@ ok mcbride@ tobias@
Revision 1.41 / (download) - annotate - [select for diffs], Thu May 31 04:13:37 2007 UTC (17 years ago) by mcbride
Branch: MAIN
CVS Tags: OPENBSD_4_2_BASE,
OPENBSD_4_2
Changes since 1.40: +4 -4 lines
Diff to previous 1.40 (colored)
Cope with new ioctl interface (use pfsync_state instead of pf_state) ok henning@ toby@ pyr@
Revision 1.40 / (download) - annotate - [select for diffs], Fri Feb 9 11:25:27 2007 UTC (17 years, 4 months ago) by henning
Branch: MAIN
CVS Tags: OPENBSD_4_1_BASE,
OPENBSD_4_1
Changes since 1.39: +3 -1 lines
Diff to previous 1.39 (colored)
use DIOCGETRULE ioctl & action set to PF_GET_CLR_CNTR to clear counters with -z instead of DIOCCLRRULECTRS. Unbreaks -z with anchors and makes the read & reset operation atomic. innstrument pfctl_show_rules() to clear counters while reading rules and add a new output format for it, showing nothing, if only resetting counters without actually displaying them is requested. minor cleanups on the way. ok dhartmei & agreement from theo and ryan
Revision 1.39 / (download) - annotate - [select for diffs], Sat Jan 28 18:54:28 2006 UTC (18 years, 4 months ago) by henning
Branch: MAIN
CVS Tags: OPENBSD_4_0_BASE,
OPENBSD_4_0,
OPENBSD_3_9_BASE,
OPENBSD_3_9
Changes since 1.38: +1 -2 lines
Diff to previous 1.38 (colored)
zap unused function From: Andrey Matveev <evol@online.ptt.ru>
Revision 1.38 / (download) - annotate - [select for diffs], Sat May 21 21:03:58 2005 UTC (19 years ago) by henning
Branch: MAIN
CVS Tags: OPENBSD_3_8_BASE,
OPENBSD_3_8
Changes since 1.37: +2 -2 lines
Diff to previous 1.37 (colored)
clean up and rework the interface absraction code big time, rip out multiple useless layers of indirection and make the code way cleaner overall. this is just the start, more to come... worked very hard on by Ryan and me in Montreal last week, on the airplane to vancouver and yesterday here in calgary. it hurt. ok ryan theo
Revision 1.37 / (download) - annotate - [select for diffs], Wed Jan 5 18:23:10 2005 UTC (19 years, 5 months ago) by mcbride
Branch: MAIN
CVS Tags: OPENBSD_3_7_BASE,
OPENBSD_3_7
Changes since 1.36: +3 -1 lines
Diff to previous 1.36 (colored)
Modify pfctl behaviour so that 'set ...' options are no longer "sticky", ie.
they are reset to default values if omitted from a subsequent ruleset load.
Also:
- make sure 'set ...' options are not loaded in anchors.
- add a -m ("merge") flag to pfctl which allows an individual option to be set
without reseting the others, eg:
# echo "set loginterface fxp0" | pfctl -mf -
ok henning@ dhartmei@
Revision 1.36 / (download) - annotate - [select for diffs], Mon Jun 14 20:44:22 2004 UTC (19 years, 11 months ago) by cedric
Branch: MAIN
CVS Tags: OPENBSD_3_6_BASE,
OPENBSD_3_6
Changes since 1.35: +1 -3 lines
Diff to previous 1.35 (colored)
Remove unused functions. ok beck@ henning@
Revision 1.35 / (download) - annotate - [select for diffs], Wed May 19 17:50:51 2004 UTC (20 years ago) by dhartmei
Branch: MAIN
Changes since 1.34: +6 -6 lines
Diff to previous 1.34 (colored)
Allow recursive anchors (anchors within anchors, up to 64 levels deep). More work required, but this is already functional. authpf users will need to adjust their anchor calls, but this will change again soon. ok beck@, cedric@, henning@, mcbride@
Revision 1.34 / (download) - annotate - [select for diffs], Fri Apr 9 12:42:06 2004 UTC (20 years, 2 months ago) by cedric
Branch: MAIN
Changes since 1.33: +2 -1 lines
Diff to previous 1.33 (colored)
Do not try to load directories. found+ok mpech@
Revision 1.33 / (download) - annotate - [select for diffs], Thu Feb 19 21:37:01 2004 UTC (20 years, 3 months ago) by cedric
Branch: MAIN
CVS Tags: OPENBSD_3_5_BASE,
OPENBSD_3_5
Changes since 1.32: +2 -2 lines
Diff to previous 1.32 (colored)
Makes pfctl -ss and pfctl -sq use optional -i argument. ok dhartmei@ markus@ mcbride@
Revision 1.32 / (download) - annotate - [select for diffs], Tue Feb 17 08:48:29 2004 UTC (20 years, 3 months ago) by cedric
Branch: MAIN
Changes since 1.31: +2 -2 lines
Diff to previous 1.31 (colored)
add -i flag, use it for -sI as a start. ok henning@, ok+test mcbride@
Revision 1.31 / (download) - annotate - [select for diffs], Tue Feb 10 22:26:56 2004 UTC (20 years, 4 months ago) by dhartmei
Branch: MAIN
Changes since 1.30: +4 -4 lines
Diff to previous 1.30 (colored)
KNF
Revision 1.30 / (download) - annotate - [select for diffs], Thu Jan 29 01:25:13 2004 UTC (20 years, 4 months ago) by mcbride
Branch: MAIN
Changes since 1.29: +2 -1 lines
Diff to previous 1.29 (colored)
Clean up 'pfctl -s all' output. ok deraadt@ henning@
Revision 1.29 / (download) - annotate - [select for diffs], Wed Dec 31 11:18:24 2003 UTC (20 years, 5 months ago) by cedric
Branch: MAIN
Changes since 1.28: +6 -3 lines
Diff to previous 1.28 (colored)
Many improvements to the handling of interfaces in PF. 1) PF should do the right thing when unplugging/replugging or cloning/ destroying NICs. 2) Rules can be loaded in the kernel for not-yet-existing devices (USB, PCMCIA, Cardbus). For example, it is valid to write: "pass in on kue0" before kue USB is plugged in. 3) It is possible to write rules that apply to group of interfaces (drivers), like "pass in on ppp all" 4) There is a new ":peer" modifier that completes the ":broadcast" and ":network" modifiers. 5) There is a new ":0" modifier that will filter out interface aliases. Can also be applied to DNS names to restore original PF behaviour. 6) The dynamic interface syntax (foo) has been vastly improved, and now support multiple addresses, v4 and v6 addresses, and all userland modifiers, like "pass in from (fxp0:network)" 7) Scrub rules now support the !if syntax. 8) States can be bound to the specific interface that created them or to a group of interfaces for example: - pass all keep state (if-bound) - pass all keep state (group-bound) - pass all keep state (floating) 9) The default value when only keep state is given can be selected by using the "set state-policy" statement. 10) "pfctl -ss" will now print the interface scope of the state. This diff change the pf_state structure slighltly, so you should recompile your userland tools (pfctl, authpf, pflogd, tcpdump...) Tested on i386, sparc, sparc64 by Ryan Tested on macppc, sparc64 by Daniel ok deraadt@ mcbride@
Revision 1.28 / (download) - annotate - [select for diffs], Thu Nov 6 15:01:30 2003 UTC (20 years, 7 months ago) by henning
Branch: MAIN
Changes since 1.27: +2 -2 lines
Diff to previous 1.27 (colored)
KNF
Revision 1.27 / (download) - annotate - [select for diffs], Wed Oct 8 14:47:57 2003 UTC (20 years, 8 months ago) by henning
Branch: MAIN
Changes since 1.26: +2 -2 lines
Diff to previous 1.26 (colored)
fix cedric's breakage: int is not the same as u_long caused an integer overflow on our 64 bit archs and thus made pf not working there ok mcbride@ marc@ millert@ cedric@
Revision 1.26 / (download) - annotate - [select for diffs], Fri Sep 26 21:44:09 2003 UTC (20 years, 8 months ago) by cedric
Branch: MAIN
Changes since 1.25: +7 -2 lines
Diff to previous 1.25 (colored)
Rearchitecture of the userland/kernel IOCTL interface for transactions. This brings us close to 100% atomicity for a "pfctl -f pf.conf" command. (some splxxx work remain in the kernel). Basically, improvements are: - Anchors/Rulesets cannot disappear unexpectedly anymore. - No more leftover in the kernel if "pfctl -f" fail. - Commit is now done in a single atomic IOCTL. WARNING: The kernel code is fully backward compatible, but the new pfctl/authpf userland utilities will only run on a new kernel. The following ioctls are deprecated (i.e. will be deleted sooner or later, depending on how many 3rd party utilities use them and how soon they can be upgraded): - DIOCBEGINRULES - DIOCCOMMITRULES - DIOCBEGINALTQS - DIOCCOMMITALTQS - DIOCRINABEGIN - DIOCRINADEFINE They are replaced by the following ioctls (yes, PF(4) will follow) which operate on a vector of rulesets: - DIOCXBEGIN - DIOCXCOMMIT - DIOCXROLLBACK Ok dhartmei@ mcbride@
Revision 1.25 / (download) - annotate - [select for diffs], Fri Aug 29 21:47:36 2003 UTC (20 years, 9 months ago) by cedric
Branch: MAIN
CVS Tags: OPENBSD_3_4_BASE,
OPENBSD_3_4
Changes since 1.24: +2 -1 lines
Diff to previous 1.24 (colored)
Document interactions between tables and anchors. Add a warning on global/anchor name clashes to help prevent mistakes from our users during the 3.3 -> 3.4 switch. ok henning@
Revision 1.24 / (download) - annotate - [select for diffs], Thu Jul 31 22:25:54 2003 UTC (20 years, 10 months ago) by cedric
Branch: MAIN
Changes since 1.23: +3 -3 lines
Diff to previous 1.23 (colored)
Make table tickets per-ruleset instead of global. Make table tickets u_int32_t for consistency with other parts of PF. Ok dhartmei@ henning@
Revision 1.23 / (download) - annotate - [select for diffs], Fri Jul 4 11:05:44 2003 UTC (20 years, 11 months ago) by henning
Branch: MAIN
Changes since 1.22: +2 -2 lines
Diff to previous 1.22 (colored)
KNF after cedric (grmpf)
Revision 1.22 / (download) - annotate - [select for diffs], Thu Jul 3 09:13:06 2003 UTC (20 years, 11 months ago) by cedric
Branch: MAIN
Changes since 1.21: +4 -3 lines
Diff to previous 1.21 (colored)
This patch finally cleanup pfctl_table.c. No more global buffer, and a couple of parsing functions moved to parse.y or pfctl_parser where they belong. I also took the opportunity to replace "void" functions with exit(1) or err() inside by "int" functions, with the caller checking the return value for errors (much cleaner and an old request from Theo) ok dhartmei@ henning@
Revision 1.21 / (download) - annotate - [select for diffs], Mon Jun 30 20:02:46 2003 UTC (20 years, 11 months ago) by cedric
Branch: MAIN
Changes since 1.20: +17 -1 lines
Diff to previous 1.20 (colored)
Buffer management functions. ok dhartmei@
Revision 1.20 / (download) - annotate - [select for diffs], Fri Jun 27 15:35:00 2003 UTC (20 years, 11 months ago) by cedric
Branch: MAIN
Changes since 1.19: +4 -1 lines
Diff to previous 1.19 (colored)
Reorg part I: move 3 functions out of pf_table.c to pf_radix.c ok dhartmei@
Revision 1.19 / (download) - annotate - [select for diffs], Sun Jun 8 09:41:07 2003 UTC (21 years ago) by cedric
Branch: MAIN
Changes since 1.18: +4 -4 lines
Diff to previous 1.18 (colored)
A table in an anchor creates a real anchor: pfctl -sA works. The following two pfctl functions work with an "-a" option: - pfctl [-a foo[:bar]] -sT - pfctl [-a foo[:bar]] -FT ok dhartmei@
Revision 1.18 / (download) - annotate - [select for diffs], Wed Apr 30 12:30:27 2003 UTC (21 years, 1 month ago) by cedric
Branch: MAIN
Changes since 1.17: +5 -4 lines
Diff to previous 1.17 (colored)
Allow tables to be loaded into anchors. Most pfctl table commands (excluding 'show' and 'flush') support the "-a" modifier. ok dhartmei@
Revision 1.17 / (download) - annotate - [select for diffs], Mon Apr 14 14:50:46 2003 UTC (21 years, 2 months ago) by henning
Branch: MAIN
Changes since 1.16: +1 -4 lines
Diff to previous 1.16 (colored)
let print_altq and print_queue take a struct node_queue_bw parameter instead of dintinct bw_percent
Revision 1.16 / (download) - annotate - [select for diffs], Fri Apr 11 15:18:33 2003 UTC (21 years, 2 months ago) by henning
Branch: MAIN
Changes since 1.15: +1 -3 lines
Diff to previous 1.15 (colored)
qname_to_qid and qname_to_pfaltq can be private functions now; nothing outside pfctl_altq.c uses them any more, nor should.
Revision 1.15 / (download) - annotate - [select for diffs], Fri Apr 11 15:13:34 2003 UTC (21 years, 2 months ago) by henning
Branch: MAIN
Changes since 1.14: +1 -2 lines
Diff to previous 1.14 (colored)
kill dead code. qid_to_qname is not used anywhere. moreover, I cannot think of any legitimate use; misuse is easy tho.
Revision 1.14 / (download) - annotate - [select for diffs], Sat Apr 5 21:44:46 2003 UTC (21 years, 2 months ago) by henning
Branch: MAIN
Changes since 1.13: +2 -2 lines
Diff to previous 1.13 (colored)
allow queue specs to be limited to certain interfaces.
altq on { $if0 $if1 $if2 $if3 } priq bandwidth 10Mb queue { one two }
queue one priority 1 priq(default)
queue two on $if0 priority 15
queue two on ! $if0 priority 0
ok dhartmei@
Revision 1.13 / (download) - annotate - [select for diffs], Thu Mar 27 18:01:57 2003 UTC (21 years, 2 months ago) by henning
Branch: MAIN
Changes since 1.12: +2 -2 lines
Diff to previous 1.12 (colored)
lotsa const char * from David Hill <david at phobia.ms> a while ago
Revision 1.12 / (download) - annotate - [select for diffs], Thu Mar 6 12:50:40 2003 UTC (21 years, 3 months ago) by henning
Branch: MAIN
CVS Tags: OPENBSD_3_3_BASE,
OPENBSD_3_3
Changes since 1.11: +2 -2 lines
Diff to previous 1.11 (colored)
fix queue assignment on filter rules which are not bound to an interface. when looking up the queue IDs using qname_to_qid, we do not need to limit the matching on the interface in question, as it is guaranteed that same named queues on different interfaces habe the same queue id. moreover, we must not limit the matches to the interface if we do not have an interface given on the filter rule to match on ;-) found after problems reported by Andre Nathan <andre at v2r dot com dot br> ok dhartmei@ pb@ cedric@
Revision 1.11 / (download) - annotate - [select for diffs], Sun Mar 2 23:37:24 2003 UTC (21 years, 3 months ago) by henning
Branch: MAIN
Changes since 1.10: +3 -3 lines
Diff to previous 1.10 (colored)
when printing queues at load time that have bandwidth specified in percent, print the bandwidth in percent instead of the calculated absolute value. if a queue belongs to more than one interface and they have different bandwidth the calculated absolute is of course different per interface. previously the first calculated absolute value was shown; what of course is incorrect on the second interface. note that only the print was wrong, the correct values were passed to the kernel. ok theo daniel
Revision 1.10 / (download) - annotate - [select for diffs], Tue Feb 11 20:11:36 2003 UTC (21 years, 4 months ago) by henning
Branch: MAIN
Changes since 1.9: +3 -1 lines
Diff to previous 1.9 (colored)
allow macro definition on the command line: pfctl -Dextif=wi0 -f /etc/pf.conf command line macro definitions override the ones made in the file (idea theo), very handy if your notebook has another NIC at some conference, as well as for debugging etc. idea rezine@mistrusted.net via pb@ hacked live at FOSDEM ok pb@ dhartmei@ cedric@
Revision 1.9 / (download) - annotate - [select for diffs], Fri Jan 24 11:11:17 2003 UTC (21 years, 4 months ago) by henning
Branch: MAIN
Changes since 1.8: +2 -2 lines
Diff to previous 1.8 (colored)
let pfctl -vvsq loop and display measured bandwidth and packets/s per queue. cbq only for now.
Revision 1.8 / (download) - annotate - [select for diffs], Fri Jan 24 10:53:32 2003 UTC (21 years, 4 months ago) by henning
Branch: MAIN
Changes since 1.7: +2 -1 lines
Diff to previous 1.7 (colored)
export rate2str
Revision 1.7 / (download) - annotate - [select for diffs], Mon Jan 20 19:05:46 2003 UTC (21 years, 4 months ago) by camield
Branch: MAIN
Changes since 1.6: +3 -3 lines
Diff to previous 1.6 (colored)
no named parameters in prototypes ok dhartmei cedric henning
Revision 1.6 / (download) - annotate - [select for diffs], Mon Jan 20 17:16:56 2003 UTC (21 years, 4 months ago) by cedric
Branch: MAIN
Changes since 1.5: +2 -2 lines
Diff to previous 1.5 (colored)
Improve pfctl -vvs{r,n} output with rule containing tables.
Shows the number of entries in the table or if the table is not active.
ok dhartmei@, no objections.
Revision 1.5 / (download) - annotate - [select for diffs], Thu Jan 9 17:33:19 2003 UTC (21 years, 5 months ago) by henning
Branch: MAIN
Changes since 1.4: +2 -15 lines
Diff to previous 1.4 (colored)
first attack at pfctl queue statistics, to be displayed with pfctl -vsq This commit is dedicated to the cute KLM girls who made part of this possible with giving me a seat in the plane where you actually have enough place to hack. Thanks, girls. ok markus@ dhartmei@
Revision 1.4 / (download) - annotate - [select for diffs], Thu Jan 9 10:40:44 2003 UTC (21 years, 5 months ago) by cedric
Branch: MAIN
Changes since 1.3: +6 -1 lines
Diff to previous 1.3 (colored)
Add support for active/inactive tablesets in the kernel. Add table definition/initialisation construct in pfctl parser. Add and fix documentation for pf.4 and pf.conf.5. Tested on i386 and sparc64 by myself, macppc by Daniel. ok dhartmei@
Revision 1.3 / (download) - annotate - [select for diffs], Tue Jan 7 00:21:08 2003 UTC (21 years, 5 months ago) by dhartmei
Branch: MAIN
Changes since 1.2: +1 -3 lines
Diff to previous 1.2 (colored)
Remove table name hashing (pass the name in each ioctl instead), and introduce reference counting for tables, they are now automatically created and deleted through referencing rules. Diff partly from cedric@. ok mcbride@, henning@, cedric@
Revision 1.2 / (download) - annotate - [select for diffs], Sat Jan 4 22:42:14 2003 UTC (21 years, 5 months ago) by henning
Branch: MAIN
Changes since 1.1: +9 -6 lines
Diff to previous 1.1 (colored)
minor style
Revision 1.1 / (download) - annotate - [select for diffs], Sat Jan 4 00:01:34 2003 UTC (21 years, 5 months ago) by deraadt
Branch: MAIN
I do not know where this policy of "one .h file for every .c file" comes from, but whoever thought of it is stupid.