![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / sbin / pfctl
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.88 / (download) - annotate - [select for diffs], Thu May 9 08:35:40 2024 UTC (4 weeks, 2 days ago) by florian
Branch: MAIN
CVS Tags: HEAD
Changes since 1.87: +26 -10 lines
Diff to previous 1.87 (colored)
ctime(3) and ctime_r(3) can fail when timestamps are way off. Add missing error checks to all calls under sbin/ Input kettenis, millert OK millert
Revision 1.87 / (download) - annotate - [select for diffs], Mon Jan 15 07:23:32 2024 UTC (4 months, 3 weeks ago) by sashan
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5
Changes since 1.86: +10 -10 lines
Diff to previous 1.86 (colored)
Currently 'pfctl -a "*" -sr' recursively walks anchor tree and shows rules found in every anchor. This commit introduces the same behavior for tables. Command 'pfctl -a "*" -sT' prints all tables attached to every anchor loaded to pf(4). Inconsistency has been noticed by Klemens (kn@). OK @bluhm, OK @kn
Revision 1.86 / (download) - annotate - [select for diffs], Thu Oct 26 16:26:01 2023 UTC (7 months, 1 week ago) by deraadt
Branch: MAIN
Changes since 1.85: +2 -2 lines
Diff to previous 1.85 (colored)
whitespace cleanup my fingers couldn't avoid doing while i was re-reading the parsing code
Revision 1.85 / (download) - annotate - [select for diffs], Mon Nov 21 07:27:10 2022 UTC (18 months, 2 weeks ago) by sashan
Branch: MAIN
CVS Tags: OPENBSD_7_4_BASE,
OPENBSD_7_4,
OPENBSD_7_3_BASE,
OPENBSD_7_3
Changes since 1.84: +3 -5 lines
Diff to previous 1.84 (colored)
Fix DIOCIGETIFACES ioctl so all network interfaces and interface groups are reported. The bug allowed to enumerate the first 64 interfaces only. The issue has been noticed and bug kindly reported by Olivier Croquin. OK kn@
Revision 1.84 / (download) - annotate - [select for diffs], Wed Jan 15 22:38:31 2020 UTC (4 years, 4 months ago) by kn
Branch: MAIN
CVS Tags: OPENBSD_7_2_BASE,
OPENBSD_7_2,
OPENBSD_7_1_BASE,
OPENBSD_7_1,
OPENBSD_7_0_BASE,
OPENBSD_7_0,
OPENBSD_6_9_BASE,
OPENBSD_6_9,
OPENBSD_6_8_BASE,
OPENBSD_6_8,
OPENBSD_6_7_BASE,
OPENBSD_6_7
Changes since 1.83: +4 -4 lines
Diff to previous 1.83 (colored)
Do the actual pfr_strerror() to pf_strerror() rename Missed in previous
Revision 1.83 / (download) - annotate - [select for diffs], Wed Jan 15 15:45:49 2020 UTC (4 years, 4 months ago) by kn
Branch: MAIN
Changes since 1.82: +12 -22 lines
Diff to previous 1.82 (colored)
Merge radix_perror() into simpler warnx()/errx() usage Less nesting for clearer code. OK sashan
Revision 1.82 / (download) - annotate - [select for diffs], Wed Jan 15 11:52:50 2020 UTC (4 years, 4 months ago) by sashan
Branch: MAIN
Changes since 1.81: +12 -5 lines
Diff to previous 1.81 (colored)
Enable pfctl(8) to recursively flush rules and tables from PF driver. The
recursive operation ("pfctl -a '*' ...") works for '-s' option already. This
change enables the same thing for '-F' option, so "pfctl -a '*' -Fa" will flush
everything from PF driver.
The idea was discussed with many on tech@ in spring 2019.
OK kn@
Revision 1.81 / (download) - annotate - [select for diffs], Thu Apr 18 22:29:41 2019 UTC (5 years, 1 month ago) by kn
Branch: MAIN
CVS Tags: OPENBSD_6_6_BASE,
OPENBSD_6_6
Changes since 1.80: +3 -3 lines
Diff to previous 1.80 (colored)
Always check for namespace collisions on table commands `-t table -T add|replace ...' would only check for duplicate tables in case addresses where actually to the table. Instead of using a positive number of added addresses as prove for successful table operations, rely on the fact that CREATE_TABLE() is guaranteed to be called only if pf(4) can be accessed, that is warn_duplicate_tables() will return. This improves duplicate detection rate as warnings are now also emitted even when table commands eventually leave tables unchanged. OK benno sashan
Revision 1.80 / (download) - annotate - [select for diffs], Fri Jan 11 01:56:54 2019 UTC (5 years, 4 months ago) by kn
Branch: MAIN
CVS Tags: OPENBSD_6_5_BASE,
OPENBSD_6_5
Changes since 1.79: +9 -19 lines
Diff to previous 1.79 (colored)
When creating tables inside anchors, pfctl warned about namespace collisions with global tables, but only in certain cases and with limited information sometimes leaving users clueless. Deferring the check to process_tabledefs() where tables are eventually created, both anchor and table name are known which allows for checking all existing anchors. With this, warn on all duplicates even in dry-runs (`-n') and print quoted names so they can be copied to fix configurations right away. No functional change in parsing or ruleset production. Discussed with and OK sashan
Revision 1.79 / (download) - annotate - [select for diffs], Wed Jan 2 23:08:00 2019 UTC (5 years, 5 months ago) by kn
Branch: MAIN
Changes since 1.78: +1 -12 lines
Diff to previous 1.78 (colored)
Error out on missing table command, zap internal wrapper function Table name and table command require each other as reflected in the synopsis [-t table -T command [address ...]], so print usage and exit if only one of them is given. By moving the inter-dependence check right after option parsing is done, we can bail out even before opening pf(4) and drop the internal wrapper pfctl_command_tables() as unneeded indirection with now duplicate checks. OK sashan
Revision 1.78 / (download) - annotate - [select for diffs], Mon Oct 15 21:15:35 2018 UTC (5 years, 7 months ago) by kn
Branch: MAIN
Changes since 1.77: +10 -6 lines
Diff to previous 1.77 (colored)
use PFR_RB_NONE consistently Replace hardcoded 0 and implicit checks with enum as done in all other use cases of `pfra_fback'. No object change. OK sashan
Revision 1.77 / (download) - annotate - [select for diffs], Fri Aug 11 22:30:38 2017 UTC (6 years, 9 months ago) by benno
Branch: MAIN
CVS Tags: OPENBSD_6_4_BASE,
OPENBSD_6_4,
OPENBSD_6_3_BASE,
OPENBSD_6_3,
OPENBSD_6_2_BASE,
OPENBSD_6_2
Changes since 1.76: +9 -9 lines
Diff to previous 1.76 (colored)
add option -N (no domain resolution) manpage wording and reminder about usage() jmc@ ok florian@ henning@
Revision 1.76 / (download) - annotate - [select for diffs], Sat Jul 15 16:01:14 2017 UTC (6 years, 10 months ago) by awolk
Branch: MAIN
Changes since 1.75: +9 -8 lines
Diff to previous 1.75 (colored)
sbin/pfctl: void functions and exit(3) on error Changes: voided: - pfctl_clear_tables - pfctl_show_tables - pfctl_show_ifaces Those functions now exit(3) in case of error instead of passing it up to the callers (where it was ignored). OK mikeb@, sashan@
Revision 1.75 / (download) - annotate - [select for diffs], Thu Apr 13 07:30:21 2017 UTC (7 years, 1 month ago) by jsg
Branch: MAIN
Changes since 1.74: +2 -2 lines
Diff to previous 1.74 (colored)
fix wrongly indented lines
Revision 1.74 / (download) - annotate - [select for diffs], Tue Jan 20 17:19:05 2015 UTC (9 years, 4 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_6_1_BASE,
OPENBSD_6_1,
OPENBSD_6_0_BASE,
OPENBSD_6_0,
OPENBSD_5_9_BASE,
OPENBSD_5_9,
OPENBSD_5_8_BASE,
OPENBSD_5_8,
OPENBSD_5_7_BASE,
OPENBSD_5_7
Changes since 1.73: +17 -12 lines
Diff to previous 1.73 (colored)
Rewrite to void using union sockaddr_union ok mikeb
Revision 1.73 / (download) - annotate - [select for diffs], Fri Jan 16 06:40:00 2015 UTC (9 years, 4 months ago) by deraadt
Branch: MAIN
Changes since 1.72: +2 -1 lines
Diff to previous 1.72 (colored)
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
Revision 1.72 / (download) - annotate - [select for diffs], Fri Jul 5 13:07:57 2013 UTC (10 years, 11 months ago) by blambert
Branch: MAIN
CVS Tags: OPENBSD_5_6_BASE,
OPENBSD_5_6,
OPENBSD_5_5_BASE,
OPENBSD_5_5,
OPENBSD_5_4_BASE,
OPENBSD_5_4
Changes since 1.71: +5 -5 lines
Diff to previous 1.71 (colored)
Collect and display 'match' counters for pf tables. While here, fix pf table displays to fit within 80 chars. Manpage input jmc@ ok henning@ reyk@
Revision 1.71 / (download) - annotate - [select for diffs], Wed Jul 27 00:26:10 2011 UTC (12 years, 10 months ago) by mcbride
Branch: MAIN
CVS Tags: OPENBSD_5_3_BASE,
OPENBSD_5_3,
OPENBSD_5_2_BASE,
OPENBSD_5_2,
OPENBSD_5_1_BASE,
OPENBSD_5_1,
OPENBSD_5_0_BASE,
OPENBSD_5_0
Changes since 1.70: +13 -6 lines
Diff to previous 1.70 (colored)
Add support for weighted round-robin in load balancing pools and tables. Diff from zinke@ with a some minor cleanup. ok henning claudio deraadt
Revision 1.70 / (download) - annotate - [select for diffs], Sun Jul 3 23:37:55 2011 UTC (12 years, 11 months ago) by zinke
Branch: MAIN
Changes since 1.69: +6 -4 lines
Diff to previous 1.69 (colored)
bring in least-states load balancing algorithm ok mcbride@ henning@
Revision 1.69 / (download) - annotate - [select for diffs], Tue Jan 12 03:20:51 2010 UTC (14 years, 4 months ago) by mcbride
Branch: MAIN
CVS Tags: OPENBSD_4_9_BASE,
OPENBSD_4_9,
OPENBSD_4_8_BASE,
OPENBSD_4_8,
OPENBSD_4_7_BASE,
OPENBSD_4_7
Changes since 1.68: +5 -1 lines
Diff to previous 1.68 (colored)
First pass at removing the 'pf_pool' mechanism for translation and routing actions. Allow interfaces to be specified in special table entries for the routing actions. Lists of addresses can now only be done using tables, which pfctl will generate automatically from the existing syntax. Functionally, this deprecates the use of multiple tables or dynamic interfaces in a single nat or rdr rule. ok henning dlg claudio
Revision 1.68 / (download) - annotate - [select for diffs], Sat Jun 21 10:34:08 2008 UTC (15 years, 11 months ago) by mcbride
Branch: MAIN
CVS Tags: OPENBSD_4_6_BASE,
OPENBSD_4_6,
OPENBSD_4_5_BASE,
OPENBSD_4_5,
OPENBSD_4_4_BASE,
OPENBSD_4_4
Changes since 1.67: +4 -2 lines
Diff to previous 1.67 (colored)
Fix "-T expire"; clear pfra_fback on addresses before sending them back to the kernel to be deleted.
Revision 1.67 / (download) - annotate - [select for diffs], Tue Jun 10 20:55:02 2008 UTC (16 years ago) by mcbride
Branch: MAIN
Changes since 1.66: +6 -3 lines
Diff to previous 1.66 (colored)
Make counters on table addresses optional and disabled by default. Use the 'counters' table option in pf.conf if you actually need them. If enabled, memory is not allocated until packets match an address. This saves about 40% memory if counters are not being used, and paves the way for some more significant cleanups coming soon. ok henning mpf deraadt
Revision 1.66 / (download) - annotate - [select for diffs], Thu Mar 1 17:20:54 2007 UTC (17 years, 3 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_4_3_BASE,
OPENBSD_4_3,
OPENBSD_4_2_BASE,
OPENBSD_4_2,
OPENBSD_4_1_BASE,
OPENBSD_4_1
Changes since 1.65: +3 -3 lines
Diff to previous 1.65 (colored)
be more careful with mixing &/| with &&/||, ok otto
Revision 1.65 / (download) - annotate - [select for diffs], Thu Jan 18 20:45:55 2007 UTC (17 years, 4 months ago) by henning
Branch: MAIN
Changes since 1.64: +37 -1 lines
Diff to previous 1.64 (colored)
implement -T expire. "pfctl -t tablename -T expire 3600" would expire all entries in the given table that are older than 3600 seconds. ok dhartmei, manpage help & ok jmc
Revision 1.64 / (download) - annotate - [select for diffs], Wed Aug 17 14:54:59 2005 UTC (18 years, 9 months ago) by dhartmei
Branch: MAIN
CVS Tags: OPENBSD_4_0_BASE,
OPENBSD_4_0,
OPENBSD_3_9_BASE,
OPENBSD_3_9,
OPENBSD_3_8_BASE,
OPENBSD_3_8
Changes since 1.63: +5 -1 lines
Diff to previous 1.63 (colored)
with pfctl -vsI, indicate which interfaces are being skipped. ok henning@, markus@, mpf@
Revision 1.63 / (download) - annotate - [select for diffs], Sat May 21 21:03:58 2005 UTC (19 years ago) by henning
Branch: MAIN
Changes since 1.62: +11 -34 lines
Diff to previous 1.62 (colored)
clean up and rework the interface absraction code big time, rip out multiple useless layers of indirection and make the code way cleaner overall. this is just the start, more to come... worked very hard on by Ryan and me in Montreal last week, on the airplane to vancouver and yesterday here in calgary. it hurt. ok ryan theo
Revision 1.62 / (download) - annotate - [select for diffs], Wed Dec 22 17:17:55 2004 UTC (19 years, 5 months ago) by dhartmei
Branch: MAIN
CVS Tags: OPENBSD_3_7_BASE,
OPENBSD_3_7
Changes since 1.61: +3 -2 lines
Diff to previous 1.61 (colored)
Introduce 'set skip on <ifspec>' to support a list of interfaces where no packet filtering should occur (like loopback, for instance). Code from Max Laier, with minor improvements based on feedback from deraadt@. ok mcbride@, henning@
Revision 1.61 / (download) - annotate - [select for diffs], Sat Jun 12 22:22:44 2004 UTC (20 years ago) by cedric
Branch: MAIN
CVS Tags: OPENBSD_3_6_BASE,
OPENBSD_3_6
Changes since 1.60: +8 -2 lines
Diff to previous 1.60 (colored)
Fix table add/replace commands with securelevel=2. Reported by James J. Lippard. ok otto@
Revision 1.60 / (download) - annotate - [select for diffs], Wed May 19 17:50:51 2004 UTC (20 years ago) by dhartmei
Branch: MAIN
Changes since 1.59: +12 -20 lines
Diff to previous 1.59 (colored)
Allow recursive anchors (anchors within anchors, up to 64 levels deep). More work required, but this is already functional. authpf users will need to adjust their anchor calls, but this will change again soon. ok beck@, cedric@, henning@, mcbride@
Revision 1.59 / (download) - annotate - [select for diffs], Mon Mar 15 15:25:44 2004 UTC (20 years, 2 months ago) by dhartmei
Branch: MAIN
CVS Tags: OPENBSD_3_5_BASE,
OPENBSD_3_5
Changes since 1.58: +12 -8 lines
Diff to previous 1.58 (colored)
cast %llu arguments to unsigned long long, from Max Laier, ok henning@ cedric@
Revision 1.58 / (download) - annotate - [select for diffs], Thu Feb 26 11:57:19 2004 UTC (20 years, 3 months ago) by cedric
Branch: MAIN
Changes since 1.57: +2 -4 lines
Diff to previous 1.57 (colored)
Fix pfctl -sa output. Found by David Krause, ok mcbride@
Revision 1.57 / (download) - annotate - [select for diffs], Thu Feb 19 21:37:01 2004 UTC (20 years, 3 months ago) by cedric
Branch: MAIN
Changes since 1.56: +5 -4 lines
Diff to previous 1.56 (colored)
Makes pfctl -ss and pfctl -sq use optional -i argument. ok dhartmei@ markus@ mcbride@
Revision 1.56 / (download) - annotate - [select for diffs], Tue Feb 17 08:48:29 2004 UTC (20 years, 3 months ago) by cedric
Branch: MAIN
Changes since 1.55: +3 -3 lines
Diff to previous 1.55 (colored)
add -i flag, use it for -sI as a start. ok henning@, ok+test mcbride@
Revision 1.55 / (download) - annotate - [select for diffs], Tue Feb 10 22:26:56 2004 UTC (20 years, 4 months ago) by dhartmei
Branch: MAIN
Changes since 1.54: +7 -7 lines
Diff to previous 1.54 (colored)
KNF
Revision 1.54 / (download) - annotate - [select for diffs], Tue Feb 10 18:29:30 2004 UTC (20 years, 4 months ago) by henning
Branch: MAIN
Changes since 1.53: +45 -49 lines
Diff to previous 1.53 (colored)
lotsoflotsoflotsof KNF and an off by one
Revision 1.53 / (download) - annotate - [select for diffs], Thu Jan 29 01:25:13 2004 UTC (20 years, 4 months ago) by mcbride
Branch: MAIN
Changes since 1.52: +58 -48 lines
Diff to previous 1.52 (colored)
Clean up 'pfctl -s all' output. ok deraadt@ henning@
Revision 1.52 / (download) - annotate - [select for diffs], Wed Dec 31 22:14:41 2003 UTC (20 years, 5 months ago) by deraadt
Branch: MAIN
Changes since 1.51: +2 -3 lines
Diff to previous 1.51 (colored)
spacing. note this, cedric
Revision 1.51 / (download) - annotate - [select for diffs], Wed Dec 31 11:18:24 2003 UTC (20 years, 5 months ago) by cedric
Branch: MAIN
Changes since 1.50: +80 -1 lines
Diff to previous 1.50 (colored)
Many improvements to the handling of interfaces in PF. 1) PF should do the right thing when unplugging/replugging or cloning/ destroying NICs. 2) Rules can be loaded in the kernel for not-yet-existing devices (USB, PCMCIA, Cardbus). For example, it is valid to write: "pass in on kue0" before kue USB is plugged in. 3) It is possible to write rules that apply to group of interfaces (drivers), like "pass in on ppp all" 4) There is a new ":peer" modifier that completes the ":broadcast" and ":network" modifiers. 5) There is a new ":0" modifier that will filter out interface aliases. Can also be applied to DNS names to restore original PF behaviour. 6) The dynamic interface syntax (foo) has been vastly improved, and now support multiple addresses, v4 and v6 addresses, and all userland modifiers, like "pass in from (fxp0:network)" 7) Scrub rules now support the !if syntax. 8) States can be bound to the specific interface that created them or to a group of interfaces for example: - pass all keep state (if-bound) - pass all keep state (group-bound) - pass all keep state (floating) 9) The default value when only keep state is given can be selected by using the "set state-policy" statement. 10) "pfctl -ss" will now print the interface scope of the state. This diff change the pf_state structure slighltly, so you should recompile your userland tools (pfctl, authpf, pflogd, tcpdump...) Tested on i386, sparc, sparc64 by Ryan Tested on macppc, sparc64 by Daniel ok deraadt@ mcbride@
Revision 1.50 / (download) - annotate - [select for diffs], Fri Aug 29 21:47:36 2003 UTC (20 years, 9 months ago) by cedric
Branch: MAIN
CVS Tags: OPENBSD_3_4_BASE,
OPENBSD_3_4
Changes since 1.49: +43 -1 lines
Diff to previous 1.49 (colored)
Document interactions between tables and anchors. Add a warning on global/anchor name clashes to help prevent mistakes from our users during the 3.3 -> 3.4 switch. ok henning@
Revision 1.49 / (download) - annotate - [select for diffs], Thu Jul 31 22:25:54 2003 UTC (20 years, 10 months ago) by cedric
Branch: MAIN
Changes since 1.48: +2 -2 lines
Diff to previous 1.48 (colored)
Make table tickets per-ruleset instead of global. Make table tickets u_int32_t for consistency with other parts of PF. Ok dhartmei@ henning@
Revision 1.48 / (download) - annotate - [select for diffs], Fri Jul 11 08:29:34 2003 UTC (20 years, 11 months ago) by cedric
Branch: MAIN
Changes since 1.47: +15 -23 lines
Diff to previous 1.47 (colored)
Better parsing and -v support for tables:
- remove the tableaddrs and tableaddr yacc production and reuse
host_list instead.
- produce better error messages.
- do not load addresses from external file when it is not
required (like with -R option).
- store initializers in a new node_tinit linked list before
putting them into the address buffer (see next point).
- add a new print_tabledef() function, which makes "pfctl -nvf"
print something useful for table definitions, which in turn
makes it possible to write better regress tests (see first chunk
of the diff) and bring table definition consistant with other
parsed rules.
ok dhartmei@
Revision 1.47 / (download) - annotate - [select for diffs], Thu Jul 3 21:09:13 2003 UTC (20 years, 11 months ago) by cedric
Branch: MAIN
Changes since 1.46: +4 -39 lines
Diff to previous 1.46 (colored)
Bye bye atexit(), bye bye globals... The pfctl.c part will probably need some further improvements. ok henning@
Revision 1.46 / (download) - annotate - [select for diffs], Thu Jul 3 09:13:06 2003 UTC (20 years, 11 months ago) by cedric
Branch: MAIN
Changes since 1.45: +121 -228 lines
Diff to previous 1.45 (colored)
This patch finally cleanup pfctl_table.c. No more global buffer, and a couple of parsing functions moved to parse.y or pfctl_parser where they belong. I also took the opportunity to replace "void" functions with exit(1) or err() inside by "int" functions, with the caller checking the return value for errors (much cleaner and an old request from Theo) ok dhartmei@ henning@
Revision 1.45 / (download) - annotate - [select for diffs], Sun Jun 29 12:22:39 2003 UTC (20 years, 11 months ago) by dhartmei
Branch: MAIN
Changes since 1.44: +6 -4 lines
Diff to previous 1.44 (colored)
Replace assert(3) calls with warnx(3), if the warning is relevant at all.
Revision 1.44 / (download) - annotate - [select for diffs], Fri Jun 27 15:35:00 2003 UTC (20 years, 11 months ago) by cedric
Branch: MAIN
Changes since 1.43: +3 -60 lines
Diff to previous 1.43 (colored)
Reorg part I: move 3 functions out of pf_table.c to pf_radix.c ok dhartmei@
Revision 1.43 / (download) - annotate - [select for diffs], Sun Jun 8 09:41:07 2003 UTC (21 years ago) by cedric
Branch: MAIN
Changes since 1.42: +9 -6 lines
Diff to previous 1.42 (colored)
A table in an anchor creates a real anchor: pfctl -sA works. The following two pfctl functions work with an "-a" option: - pfctl [-a foo[:bar]] -sT - pfctl [-a foo[:bar]] -FT ok dhartmei@
Revision 1.42 / (download) - annotate - [select for diffs], Sat May 24 18:12:12 2003 UTC (21 years ago) by cedric
Branch: MAIN
Changes since 1.41: +7 -2 lines
Diff to previous 1.41 (colored)
Properly reset buffers after each "table" command. More to come for the error case. ok henning@
Revision 1.41 / (download) - annotate - [select for diffs], Wed Apr 30 12:30:27 2003 UTC (21 years, 1 month ago) by cedric
Branch: MAIN
Changes since 1.40: +35 -14 lines
Diff to previous 1.40 (colored)
Allow tables to be loaded into anchors. Most pfctl table commands (excluding 'show' and 'flush') support the "-a" modifier. ok dhartmei@
Revision 1.40 / (download) - annotate - [select for diffs], Sun Apr 27 16:02:08 2003 UTC (21 years, 1 month ago) by cedric
Branch: MAIN
Changes since 1.39: +2 -2 lines
Diff to previous 1.39 (colored)
Update the pfioc_table IOCTL structure. Prepare for anchors, improve robustness. WARNING: need to sync kernel/userland. ok dhartmei@
Revision 1.39 / (download) - annotate - [select for diffs], Fri Apr 25 19:07:28 2003 UTC (21 years, 1 month ago) by pvalchev
Branch: MAIN
Changes since 1.38: +6 -5 lines
Diff to previous 1.38 (colored)
check asprintf return value for error as well, some implementations do not set the pointer to NULL necessarily; ok dhartmei, henning, kjell
Revision 1.38 / (download) - annotate - [select for diffs], Sat Apr 5 23:56:32 2003 UTC (21 years, 2 months ago) by henning
Branch: MAIN
Changes since 1.37: +2 -2 lines
Diff to previous 1.37 (colored)
ease netmask handling a bit input theo, ok dhartmei@
Revision 1.37 / (download) - annotate - [select for diffs], Thu Mar 27 18:01:57 2003 UTC (21 years, 2 months ago) by henning
Branch: MAIN
Changes since 1.36: +7 -7 lines
Diff to previous 1.36 (colored)
lotsa const char * from David Hill <david at phobia.ms> a while ago
Revision 1.36 / (download) - annotate - [select for diffs], Fri Mar 7 15:16:33 2003 UTC (21 years, 3 months ago) by cedric
Branch: MAIN
CVS Tags: OPENBSD_3_3_BASE,
OPENBSD_3_3
Changes since 1.35: +11 -10 lines
Diff to previous 1.35 (colored)
Only show non-active tables when the -g flag is given. ok dhartmei@ henning@
Revision 1.35 / (download) - annotate - [select for diffs], Fri Feb 14 17:17:27 2003 UTC (21 years, 3 months ago) by henning
Branch: MAIN
Changes since 1.34: +1 -7 lines
Diff to previous 1.34 (colored)
remove explicit table creation ( -T create ), it's useless. ok pb@ mcbride@ deraadt@
Revision 1.34 / (download) - annotate - [select for diffs], Wed Feb 5 08:52:08 2003 UTC (21 years, 4 months ago) by cedric
Branch: MAIN
Changes since 1.33: +2 -2 lines
Diff to previous 1.33 (colored)
Do not scare ppl too much. Suggested by camield@
Revision 1.33 / (download) - annotate - [select for diffs], Tue Feb 4 17:29:06 2003 UTC (21 years, 4 months ago) by cedric
Branch: MAIN
Changes since 1.32: +5 -3 lines
Diff to previous 1.32 (colored)
use size_t for struct size and offset calculations. check msize for overflow and realloc overflow.
Revision 1.32 / (download) - annotate - [select for diffs], Tue Feb 4 12:10:02 2003 UTC (21 years, 4 months ago) by cedric
Branch: MAIN
Changes since 1.31: +2 -1 lines
Diff to previous 1.31 (colored)
Cleanup buffer before reuse. Consistency + defensive programming.
Revision 1.31 / (download) - annotate - [select for diffs], Mon Feb 3 14:51:36 2003 UTC (21 years, 4 months ago) by cedric
Branch: MAIN
Changes since 1.30: +14 -20 lines
Diff to previous 1.30 (colored)
remove loadopt global definition and cleanup a bit. ok henning@
Revision 1.30 / (download) - annotate - [select for diffs], Mon Feb 3 08:42:15 2003 UTC (21 years, 4 months ago) by cedric
Branch: MAIN
Changes since 1.29: +9 -16 lines
Diff to previous 1.29 (colored)
More cleanup in tables thanks to Andrey Matveev: - get rid of unnecessary header netinet/in.h in pfctl_radix.c and pfctl_table.c - do fclose(3) only when we use config file, not STDIN - get rid of unneeded temporatory variables - minor KNF
Revision 1.29 / (download) - annotate - [select for diffs], Sat Jan 25 23:17:34 2003 UTC (21 years, 4 months ago) by cedric
Branch: MAIN
Changes since 1.28: +7 -10 lines
Diff to previous 1.28 (colored)
Another nice cleanup patch from Andrey Matveev KNF + remove/reorg headers.
Revision 1.28 / (download) - annotate - [select for diffs], Sat Jan 25 18:16:05 2003 UTC (21 years, 4 months ago) by cedric
Branch: MAIN
Changes since 1.27: +3 -3 lines
Diff to previous 1.27 (colored)
Fix NOACTION with table statements.
Revision 1.27 / (download) - annotate - [select for diffs], Sat Jan 25 16:33:19 2003 UTC (21 years, 4 months ago) by cedric
Branch: MAIN
Changes since 1.26: +7 -1 lines
Diff to previous 1.26 (colored)
Permit initialisation of a table content from a file in pf.conf. Cleaning up of the table options parsing, more flexible. idea+cleanup deraadt@, ok dhartmei@, pass all regress tests.
Revision 1.26 / (download) - annotate - [select for diffs], Thu Jan 23 16:10:29 2003 UTC (21 years, 4 months ago) by cedric
Branch: MAIN
Changes since 1.25: +10 -10 lines
Diff to previous 1.25 (colored)
Little cleanup thanks to Andrey Matveev
Revision 1.25 / (download) - annotate - [select for diffs], Wed Jan 22 01:15:32 2003 UTC (21 years, 4 months ago) by cedric
Branch: MAIN
Changes since 1.24: +14 -1 lines
Diff to previous 1.24 (colored)
Automatically create tables for the "add" and "replace" table commands. Requested by deraadt@, pass all regress tests.
Revision 1.24 / (download) - annotate - [select for diffs], Sat Jan 18 22:18:09 2003 UTC (21 years, 4 months ago) by cedric
Branch: MAIN
Changes since 1.23: +4 -1 lines
Diff to previous 1.23 (colored)
va_end() missing. Thanks to Andrey Matveev.
Revision 1.23 / (download) - annotate - [select for diffs], Sat Jan 18 15:00:24 2003 UTC (21 years, 4 months ago) by cedric
Branch: MAIN
Changes since 1.22: +39 -39 lines
Diff to previous 1.22 (colored)
Cleanup PF_OPT_NOACTION with tables. No changes on current behaviour, but do something useful when the user has no access to /dev/pf. Tested on i386, sparc64. ok henning@
Revision 1.22 / (download) - annotate - [select for diffs], Sat Jan 18 11:46:06 2003 UTC (21 years, 4 months ago) by cedric
Branch: MAIN
Changes since 1.21: +11 -17 lines
Diff to previous 1.21 (colored)
Little cleanup from Andrey Matveev <andrushock@korovino.net> Thanks!
Revision 1.21 / (download) - annotate - [select for diffs], Tue Jan 14 21:58:12 2003 UTC (21 years, 4 months ago) by henning
Branch: MAIN
Changes since 1.20: +38 -55 lines
Diff to previous 1.20 (colored)
unified IP parser: -move host(), set_ipmask and the ifa_* functions to pfctl_parser.[c|h] -extend host() to handle /mask itself, plus minor adjustments -use that in pfctl_table.c instead of coding the same shit again discussed w/ cedric@ ok cedric@ dhartmei@
Revision 1.20 / (download) - annotate - [select for diffs], Tue Jan 14 10:42:32 2003 UTC (21 years, 4 months ago) by cedric
Branch: MAIN
Changes since 1.19: +3 -3 lines
Diff to previous 1.19 (colored)
A bit of consistency in error messages. Before regress commit :)
Revision 1.19 / (download) - annotate - [select for diffs], Sat Jan 11 21:54:43 2003 UTC (21 years, 5 months ago) by henning
Branch: MAIN
Changes since 1.18: +11 -26 lines
Diff to previous 1.18 (colored)
use errx instead of handcrufting the same with fprintf and exit
Revision 1.18 / (download) - annotate - [select for diffs], Sat Jan 11 21:50:57 2003 UTC (21 years, 5 months ago) by henning
Branch: MAIN
Changes since 1.17: +22 -11 lines
Diff to previous 1.17 (colored)
-use inet_net_pton to parse IPv4 addresses, gains us support for CIDR (10/8) -remove a redundant strlen check ok cedric@
Revision 1.17 / (download) - annotate - [select for diffs], Fri Jan 10 16:09:19 2003 UTC (21 years, 5 months ago) by cedric
Branch: MAIN
Changes since 1.16: +11 -8 lines
Diff to previous 1.16 (colored)
Fix adding and deleting addresses in a table when there is a conflict with the "negated" attribute of an address. The previous behaviour was incorrect in both cases (too strict for the add command and too permissive for the delete command). ok dhartmei@
Revision 1.16 / (download) - annotate - [select for diffs], Fri Jan 10 14:21:21 2003 UTC (21 years, 5 months ago) by cedric
Branch: MAIN
Changes since 1.15: +15 -33 lines
Diff to previous 1.15 (colored)
Be a bit more strict when parsing options. Disallow "pfctl -s rabbits" and friends. ok dhartmei@
Revision 1.15 / (download) - annotate - [select for diffs], Thu Jan 9 18:59:02 2003 UTC (21 years, 5 months ago) by dhartmei
Branch: MAIN
Changes since 1.14: +11 -6 lines
Diff to previous 1.14 (colored)
knf
Revision 1.14 / (download) - annotate - [select for diffs], Thu Jan 9 18:55:32 2003 UTC (21 years, 5 months ago) by dhartmei
Branch: MAIN
Changes since 1.13: +12 -6 lines
Diff to previous 1.13 (colored)
strlcpy return checks.
Revision 1.13 / (download) - annotate - [select for diffs], Thu Jan 9 10:40:44 2003 UTC (21 years, 5 months ago) by cedric
Branch: MAIN
Changes since 1.12: +103 -11 lines
Diff to previous 1.12 (colored)
Add support for active/inactive tablesets in the kernel. Add table definition/initialisation construct in pfctl parser. Add and fix documentation for pf.4 and pf.conf.5. Tested on i386 and sparc64 by myself, macppc by Daniel. ok dhartmei@
Revision 1.12 / (download) - annotate - [select for diffs], Tue Jan 7 00:21:08 2003 UTC (21 years, 5 months ago) by dhartmei
Branch: MAIN
Changes since 1.11: +17 -9 lines
Diff to previous 1.11 (colored)
Remove table name hashing (pass the name in each ioctl instead), and introduce reference counting for tables, they are now automatically created and deleted through referencing rules. Diff partly from cedric@. ok mcbride@, henning@, cedric@
Revision 1.11 / (download) - annotate - [select for diffs], Sat Jan 4 00:01:34 2003 UTC (21 years, 5 months ago) by deraadt
Branch: MAIN
Changes since 1.10: +2 -5 lines
Diff to previous 1.10 (colored)
I do not know where this policy of "one .h file for every .c file" comes from, but whoever thought of it is stupid.
Revision 1.10 / (download) - annotate - [select for diffs], Fri Jan 3 23:31:26 2003 UTC (21 years, 5 months ago) by cedric
Branch: MAIN
Changes since 1.9: +11 -21 lines
Diff to previous 1.9 (colored)
Make good use of the 'else' keyword.
Revision 1.9 / (download) - annotate - [select for diffs], Fri Jan 3 23:00:39 2003 UTC (21 years, 5 months ago) by deraadt
Branch: MAIN
Changes since 1.8: +3 -3 lines
Diff to previous 1.8 (colored)
knf
Revision 1.8 / (download) - annotate - [select for diffs], Fri Jan 3 22:57:02 2003 UTC (21 years, 5 months ago) by deraadt
Branch: MAIN
Changes since 1.7: +7 -4 lines
Diff to previous 1.7 (colored)
KNF
Revision 1.7 / (download) - annotate - [select for diffs], Fri Jan 3 22:54:29 2003 UTC (21 years, 5 months ago) by deraadt
Branch: MAIN
Changes since 1.6: +2 -1 lines
Diff to previous 1.6 (colored)
zero sockaddr before use
Revision 1.6 / (download) - annotate - [select for diffs], Fri Jan 3 22:50:14 2003 UTC (21 years, 5 months ago) by deraadt
Branch: MAIN
Changes since 1.5: +11 -11 lines
Diff to previous 1.5 (colored)
I am ready to strange the person who put a new strcpy() into our source tree.
Revision 1.5 / (download) - annotate - [select for diffs], Fri Jan 3 22:24:19 2003 UTC (21 years, 5 months ago) by cedric
Branch: MAIN
Changes since 1.4: +60 -60 lines
Diff to previous 1.4 (colored)
Remove _ before static functions & variables.
Revision 1.4 / (download) - annotate - [select for diffs], Fri Jan 3 21:55:44 2003 UTC (21 years, 5 months ago) by deraadt
Branch: MAIN
Changes since 1.3: +2 -2 lines
Diff to previous 1.3 (colored)
KNF
Revision 1.3 / (download) - annotate - [select for diffs], Fri Jan 3 21:53:35 2003 UTC (21 years, 5 months ago) by cedric
Branch: MAIN
Changes since 1.2: +4 -2 lines
Diff to previous 1.2 (colored)
Initialize hints addrinfo in a safe way.
Revision 1.2 / (download) - annotate - [select for diffs], Fri Jan 3 21:43:11 2003 UTC (21 years, 5 months ago) by deraadt
Branch: MAIN
Changes since 1.1: +9 -9 lines
Diff to previous 1.1 (colored)
knf
Revision 1.1 / (download) - annotate - [select for diffs], Fri Jan 3 21:37:44 2003 UTC (21 years, 5 months ago) by cedric
Branch: MAIN
Bring in userland code for accessing PF radix tables. ok dhartmei@ mcbride@