![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / sbin / pfctl
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.27 / (download) - annotate - [select for diffs], Wed Jan 15 11:52:50 2020 UTC (4 years, 4 months ago) by sashan
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
OPENBSD_7_4_BASE,
OPENBSD_7_4,
OPENBSD_7_3_BASE,
OPENBSD_7_3,
OPENBSD_7_2_BASE,
OPENBSD_7_2,
OPENBSD_7_1_BASE,
OPENBSD_7_1,
OPENBSD_7_0_BASE,
OPENBSD_7_0,
OPENBSD_6_9_BASE,
OPENBSD_6_9,
OPENBSD_6_8_BASE,
OPENBSD_6_8,
OPENBSD_6_7_BASE,
OPENBSD_6_7,
HEAD
Changes since 1.26: +2 -2 lines
Diff to previous 1.26 (colored)
Enable pfctl(8) to recursively flush rules and tables from PF driver. The
recursive operation ("pfctl -a '*' ...") works for '-s' option already. This
change enables the same thing for '-F' option, so "pfctl -a '*' -Fa" will flush
everything from PF driver.
The idea was discussed with many on tech@ in spring 2019.
OK kn@
Revision 1.26 / (download) - annotate - [select for diffs], Fri Jun 28 13:32:45 2019 UTC (4 years, 11 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_6_6_BASE,
OPENBSD_6_6
Changes since 1.25: +4 -4 lines
Diff to previous 1.25 (colored)
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
Revision 1.25 / (download) - annotate - [select for diffs], Sun May 28 07:17:53 2017 UTC (7 years ago) by akfaew
Branch: MAIN
CVS Tags: OPENBSD_6_5_BASE,
OPENBSD_6_5,
OPENBSD_6_4_BASE,
OPENBSD_6_4,
OPENBSD_6_3_BASE,
OPENBSD_6_3,
OPENBSD_6_2_BASE,
OPENBSD_6_2
Changes since 1.24: +7 -2 lines
Diff to previous 1.24 (colored)
print_ioctl() is unused if not debugging. Found with clang, after marking the function "static". Use OSFP_DEBUG, in a similar fashion to OPT_DEBUG (pfctl_optimize.c). OK bluhm@
Revision 1.24 / (download) - annotate - [select for diffs], Sat May 27 19:38:38 2017 UTC (7 years ago) by akfaew
Branch: MAIN
Changes since 1.23: +3 -4 lines
Diff to previous 1.23 (colored)
Move includes. This reduces the diff with usr.sbin/tcpdump/pfctl_osfp.c. The change from tcpdump is newer, so change pfctl. No binary change. OK deraadt@
Revision 1.23 / (download) - annotate - [select for diffs], Thu Dec 10 17:27:00 2015 UTC (8 years, 5 months ago) by mmcc
Branch: MAIN
CVS Tags: OPENBSD_6_1_BASE,
OPENBSD_6_1,
OPENBSD_6_0_BASE,
OPENBSD_6_0,
OPENBSD_5_9_BASE,
OPENBSD_5_9
Changes since 1.22: +11 -21 lines
Diff to previous 1.22 (colored)
Remove NULL-checks before free(). ok tb@
Revision 1.22 / (download) - annotate - [select for diffs], Wed Jan 21 21:50:33 2015 UTC (9 years, 4 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_5_8_BASE,
OPENBSD_5_8,
OPENBSD_5_7_BASE,
OPENBSD_5_7
Changes since 1.21: +2 -1 lines
Diff to previous 1.21 (colored)
Include <netinet/in.h> before <net/pfvar.h>. In a future change when ports is ready, <net/pfvar.h> will stop including a pile of balony.
Revision 1.21 / (download) - annotate - [select for diffs], Fri Jan 16 06:40:00 2015 UTC (9 years, 4 months ago) by deraadt
Branch: MAIN
Changes since 1.20: +5 -11 lines
Diff to previous 1.20 (colored)
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
Revision 1.20 / (download) - annotate - [select for diffs], Sat Oct 25 03:18:13 2014 UTC (9 years, 7 months ago) by lteo
Branch: MAIN
Changes since 1.19: +1 -2 lines
Diff to previous 1.19 (colored)
Remove unnecessary netinet/in_systm.h include. ok millert@
Revision 1.19 / (download) - annotate - [select for diffs], Fri Nov 22 04:12:48 2013 UTC (10 years, 6 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_5_6_BASE,
OPENBSD_5_6,
OPENBSD_5_5_BASE,
OPENBSD_5_5
Changes since 1.18: +17 -16 lines
Diff to previous 1.18 (colored)
Whole bunch of (unsigned char) casts carefully added for ctype calls. Careful second audit by millert
Revision 1.18 / (download) - annotate - [select for diffs], Mon Oct 18 15:55:28 2010 UTC (13 years, 7 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_5_4_BASE,
OPENBSD_5_4,
OPENBSD_5_3_BASE,
OPENBSD_5_3,
OPENBSD_5_2_BASE,
OPENBSD_5_2,
OPENBSD_5_1_BASE,
OPENBSD_5_1,
OPENBSD_5_0_BASE,
OPENBSD_5_0,
OPENBSD_4_9_BASE,
OPENBSD_4_9
Changes since 1.17: +9 -82 lines
Diff to previous 1.17 (colored)
Revert non-compatible and undocumented bullshit commited by 3 developers who decided to just do it on their own. henning, mcbride, jsing -- shame on you -- if you had shown this diff to just 1 other network developer, the astounding mistake in it would have been noticed. Start practicing inclusionary development instead of going alone. ok claudio
Revision 1.17 / (download) - annotate - [select for diffs], Sun Oct 17 12:14:28 2010 UTC (13 years, 7 months ago) by jsing
Branch: MAIN
Changes since 1.16: +81 -8 lines
Diff to previous 1.16 (colored)
Add quirks support to operating system fingerprinting. tcpdump part by mcbride@. ok mcbride@ henning@
Revision 1.16 / (download) - annotate - [select for diffs], Thu Dec 24 10:06:35 2009 UTC (14 years, 5 months ago) by sobrado
Branch: MAIN
CVS Tags: OPENBSD_4_8_BASE,
OPENBSD_4_8,
OPENBSD_4_7_BASE,
OPENBSD_4_7
Changes since 1.15: +2 -2 lines
Diff to previous 1.15 (colored)
spelling fixes, from Brad Tilley; we will not fix src/sbin/dump/dump.h as neither arrayified not arrayfied exist -- sanctioned dictionaries like Merriam-Webster ones suggest a few alternatives (e.g., arrayed), however these made up words are easy to understand and we are not certain that current ones are not ok. ok jmc@
Revision 1.15 / (download) - annotate - [select for diffs], Wed Dec 13 05:10:15 2006 UTC (17 years, 5 months ago) by itojun
Branch: MAIN
CVS Tags: OPENBSD_4_6_BASE,
OPENBSD_4_6,
OPENBSD_4_5_BASE,
OPENBSD_4_5,
OPENBSD_4_4_BASE,
OPENBSD_4_4,
OPENBSD_4_3_BASE,
OPENBSD_4_3,
OPENBSD_4_2_BASE,
OPENBSD_4_2,
OPENBSD_4_1_BASE,
OPENBSD_4_1
Changes since 1.14: +9 -1 lines
Diff to previous 1.14 (colored)
IPv6 passive OS fingerprinting. reuses IPv4 signature file (assuming that TCP code is shared among IPv4/v6). mcbride ok.
Revision 1.14 / (download) - annotate - [select for diffs], Sat Apr 8 02:13:14 2006 UTC (18 years, 1 month ago) by ray
Branch: MAIN
CVS Tags: OPENBSD_4_0_BASE,
OPENBSD_4_0
Changes since 1.13: +3 -1 lines
Diff to previous 1.13 (colored)
Plug simple memory leak. ``Don't forget to free tcpopts when you are done.'' From NetBSD from Coverity CID 2057. OK henning@ and jaredy@
Revision 1.13 / (download) - annotate - [select for diffs], Sat Nov 12 19:44:42 2005 UTC (18 years, 6 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_3_9_BASE,
OPENBSD_3_9
Changes since 1.12: +1 -2 lines
Diff to previous 1.12 (colored)
return; at end of function is dorky
Revision 1.12 / (download) - annotate - [select for diffs], Thu Feb 17 13:18:00 2005 UTC (19 years, 3 months ago) by aaron
Branch: MAIN
CVS Tags: OPENBSD_3_8_BASE,
OPENBSD_3_8,
OPENBSD_3_7_BASE,
OPENBSD_3_7
Changes since 1.11: +3 -4 lines
Diff to previous 1.11 (colored)
Fix indentation as to not mislead the code reader. No functional change.
Revision 1.11 / (download) - annotate - [select for diffs], Wed Dec 29 16:24:42 2004 UTC (19 years, 5 months ago) by mcbride
Branch: MAIN
Changes since 1.10: +2 -2 lines
Diff to previous 1.10 (colored)
Make sure that fingerprint_count gets reset to 0 correctly when we flush our list of fingerprints. ok dhartmei@ henning@ frantzen@
Revision 1.10 / (download) - annotate - [select for diffs], Sun Dec 19 13:27:50 2004 UTC (19 years, 5 months ago) by deraadt
Branch: MAIN
Changes since 1.9: +4 -4 lines
Diff to previous 1.9 (colored)
use strchr instead of index
Revision 1.9 / (download) - annotate - [select for diffs], Fri Apr 9 12:42:06 2004 UTC (20 years, 1 month ago) by cedric
Branch: MAIN
CVS Tags: OPENBSD_3_6_BASE,
OPENBSD_3_6
Changes since 1.8: +3 -3 lines
Diff to previous 1.8 (colored)
Do not try to load directories. found+ok mpech@
Revision 1.8 / (download) - annotate - [select for diffs], Fri Feb 27 10:42:00 2004 UTC (20 years, 3 months ago) by henning
Branch: MAIN
CVS Tags: OPENBSD_3_5_BASE,
OPENBSD_3_5
Changes since 1.7: +9 -7 lines
Diff to previous 1.7 (colored)
make pfctl -s all a bit more useful again by not printing a lllooooooottttt of OS fingerprints and a list of interface drivers... cedric deraadt ok
Revision 1.7 / (download) - annotate - [select for diffs], Tue Feb 10 22:26:56 2004 UTC (20 years, 3 months ago) by dhartmei
Branch: MAIN
Changes since 1.6: +2 -2 lines
Diff to previous 1.6 (colored)
KNF
Revision 1.6 / (download) - annotate - [select for diffs], Tue Feb 10 17:53:37 2004 UTC (20 years, 3 months ago) by henning
Branch: MAIN
Changes since 1.5: +2 -2 lines
Diff to previous 1.5 (colored)
KNF
Revision 1.5 / (download) - annotate - [select for diffs], Thu Jan 29 01:25:13 2004 UTC (20 years, 4 months ago) by mcbride
Branch: MAIN
Changes since 1.4: +11 -6 lines
Diff to previous 1.4 (colored)
Clean up 'pfctl -s all' output. ok deraadt@ henning@
Revision 1.4 / (download) - annotate - [select for diffs], Wed Aug 27 17:42:00 2003 UTC (20 years, 9 months ago) by frantzen
Branch: MAIN
CVS Tags: OPENBSD_3_4_BASE,
OPENBSD_3_4
Changes since 1.3: +2 -2 lines
Diff to previous 1.3 (colored)
kill dangling 'else'. fixes modulus in W and M TCP options
Revision 1.3 / (download) - annotate - [select for diffs], Fri Aug 22 21:50:34 2003 UTC (20 years, 9 months ago) by david
Branch: MAIN
Changes since 1.2: +2 -2 lines
Diff to previous 1.2 (colored)
pf spelling police ok dhartmei@ jmc@
Revision 1.2 / (download) - annotate - [select for diffs], Fri Aug 22 15:17:03 2003 UTC (20 years, 9 months ago) by henning
Branch: MAIN
Changes since 1.1: +33 -33 lines
Diff to previous 1.1 (colored)
KNF
Revision 1.1 / (download) - annotate - [select for diffs], Thu Aug 21 19:12:08 2003 UTC (20 years, 9 months ago) by frantzen
Branch: MAIN
Add Michal Zalewski's p0f v2 style passive OS fingerprinting to PF. Exposes the source IP's operating system to the filter language. Interesting policy decisions are now enforceable: . block proto tcp from any os SCO . block proto tcp from any os Windows to any port smtp . rdr ... from any os "Windows 98" to port WWW -> 127.0.0.1 port 8001