![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / sys / net
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.98 / (download) - annotate - [select for diffs], Thu Oct 12 19:15:21 2023 UTC (7 months, 2 weeks ago) by bluhm
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
HEAD
Changes since 1.97: +4 -2 lines
Diff to previous 1.97 (colored)
pflog(4) logs packet dropped by default rule with block. If a packet is malformed, it is dropped by pf(4). The rule referenced in pflog(4) is the default rule. As the default rule is a pass rule, tcpdump printed "pass" although the packet was actually dropped. To avoid confusion, change the action to drop. Then tcpdump prints "block". OK sashan@ kn@
Revision 1.97 / (download) - annotate - [select for diffs], Wed Jan 20 23:25:19 2021 UTC (3 years, 4 months ago) by bluhm
Branch: MAIN
CVS Tags: OPENBSD_7_4_BASE,
OPENBSD_7_4,
OPENBSD_7_3_BASE,
OPENBSD_7_3,
OPENBSD_7_2_BASE,
OPENBSD_7_2,
OPENBSD_7_1_BASE,
OPENBSD_7_1,
OPENBSD_7_0_BASE,
OPENBSD_7_0,
OPENBSD_6_9_BASE,
OPENBSD_6_9
Changes since 1.96: +9 -7 lines
Diff to previous 1.96 (colored)
An invalid packet may not have set src and dst in packet descriptor. Add a NULL check to prevent crash in pflog(4) introduced in previous commit. Reported-by: syzbot+c6d2f2ad34b822bce98a@syzkaller.appspotmail.com
Revision 1.96 / (download) - annotate - [select for diffs], Wed Jan 20 13:40:15 2021 UTC (3 years, 4 months ago) by bluhm
Branch: MAIN
Changes since 1.95: +10 -3 lines
Diff to previous 1.95 (colored)
Print rewritten addresses in tcpdump(8) logged with pflog(4) for rdr-to, nat-to, af-to rules. The kernel uses the information from the packet description and fills it into the fields in the pflog header. While doing this, it is trival to figure out whether the packet has been rewritten. OK sashan@
Revision 1.95 / (download) - annotate - [select for diffs], Tue Jan 19 22:22:23 2021 UTC (3 years, 4 months ago) by bluhm
Branch: MAIN
Changes since 1.94: +2 -139 lines
Diff to previous 1.94 (colored)
pflog(4) tried to log the translated packet with rdr-to, nat-to, and af-to addresses and ports applied. Therefore it created a mbuf chain on the stack with a partial copy. This is too complicated for IP options, extension header, NAT46 af-to, and fragmented mbuf chains. It even caused a crash in syzkaller. Usually the length checks in pf_setup_pdesc() rejected the faked mbuf and the goto copy logged the packet unmodified. Remove the pflog_mtap() function and call bpf_mtap_hdr() directly. As the old buggy code was bypassed in most cases, tcpdump(8) output of pflog does not change. Uncondionally log the unmodified packet. Reported-by: syzbot+947e89e06ac3fec187d0@syzkaller.appspotmail.com OK sashan@
Revision 1.94 / (download) - annotate - [select for diffs], Wed Jan 13 09:13:30 2021 UTC (3 years, 4 months ago) by mvs
Branch: MAIN
Changes since 1.93: +26 -49 lines
Diff to previous 1.93 (colored)
Link pflog(4) instances to `pflog_ifs' list instead of allocating `pflogifs' array. This was done to prevent panics caused by internal malloc(9) limit. Also we avoid the case while single pflog(4) interface with a high index allocates an array for all indices below and eats up kernel memory. Since we have a very little count of pflog(4) interfaces linear search does not performance impact. ok bluhm@ claudio@ kn@
Revision 1.93 / (download) - annotate - [select for diffs], Tue Jan 12 00:10:34 2021 UTC (3 years, 4 months ago) by bluhm
Branch: MAIN
Changes since 1.92: +3 -3 lines
Diff to previous 1.92 (colored)
Sometimes a user ID was logged in pflog(4) although the logopt of the rule did not specify it. Check the option again for the log rule in case another rule has triggered a socket lookup. Remove logopt group, it is not documented and cannot work as struct pfloghdr does not contain a gid. Rename PF_LOG_SOCKET_LOOKUP to PF_LOG_USER to express what it does. The lookup involved is only an implemntation detail. OK kn@ sashan@ mvs@
Revision 1.92 / (download) - annotate - [select for diffs], Mon Jan 11 21:50:56 2021 UTC (3 years, 4 months ago) by kn
Branch: MAIN
Changes since 1.91: +1 -12 lines
Diff to previous 1.91 (colored)
Remove unused start routine pflog(4) does not send or generate packets by design. OK mvs sashan
Revision 1.91 / (download) - annotate - [select for diffs], Fri Aug 28 12:01:48 2020 UTC (3 years, 9 months ago) by mvs
Branch: MAIN
CVS Tags: OPENBSD_6_8_BASE,
OPENBSD_6_8
Changes since 1.90: +6 -1 lines
Diff to previous 1.90 (colored)
Add missing #if's to fix build without bpf(4). ok deraadt@
Revision 1.90 / (download) - annotate - [select for diffs], Fri Aug 21 22:59:27 2020 UTC (3 years, 9 months ago) by kn
Branch: MAIN
Changes since 1.89: +1 -2 lines
Diff to previous 1.89 (colored)
Leave default ifq_maxlen handling to ifq_init() Most clonable interface drivers (except bridge, enc, loop, pppx, switch, trunk and vlan) initialise the send queue's length to IFQ_MAXLEN during *_clone_create() even though ifq_init(), which is eventually called through if_attach(), does the same. Remove all early "ifq_set_maxlen(&ifq->if_snd, IFQ_MAXLEN);" lines to leave it to ifq_init() and have clonable drivers a tad more in sync. OK mvs
Revision 1.89 / (download) - annotate - [select for diffs], Thu Jul 30 03:30:04 2020 UTC (3 years, 10 months ago) by dlg
Branch: MAIN
Changes since 1.88: +18 -25 lines
Diff to previous 1.88 (colored)
make pflog more mpsafe with variables on the stack instead of globals. pflog wants to copy and patch the packet that is being logged to properly show if it is being transformed, and it does this by copying the ip and transport headers into a local mbuf and patching them there, and then wiring the remaining data from the original packet into an mbuf chain hanging off this patched mbuf. it's just unfortunate that the mbufs it was using are global and not locked. this is particularly unfortunate if you're running the stack in parallel on multiple cpus and pflog gets to running concurrently. this changes pflog to use an mbuf on the stack to copy the headers into and patch. the mbuf used to point to the trailing data has been replaced with an m_hdr, also on the stack, like what bpf_mtap_ether does to skip past where a vlan shim should be. ok sashan@ jmatthew@
Revision 1.88 / (download) - annotate - [select for diffs], Fri Jul 10 13:26:42 2020 UTC (3 years, 10 months ago) by patrick
Branch: MAIN
Changes since 1.87: +2 -2 lines
Diff to previous 1.87 (colored)
Change users of IFQ_SET_MAXLEN() and IFQ_IS_EMPTY() to use the "new" API. ok dlg@ tobhe@
Revision 1.87 / (download) - annotate - [select for diffs], Fri Jul 10 13:23:34 2020 UTC (3 years, 10 months ago) by patrick
Branch: MAIN
Changes since 1.86: +2 -2 lines
Diff to previous 1.86 (colored)
Change users of IFQ_PURGE() to use the "new" API. ok dlg@ tobhe@
Revision 1.86 / (download) - annotate - [select for diffs], Thu Oct 17 11:23:49 2019 UTC (4 years, 7 months ago) by millert
Branch: MAIN
CVS Tags: OPENBSD_6_7_BASE,
OPENBSD_6_7
Changes since 1.85: +2 -2 lines
Diff to previous 1.85 (colored)
Use -1 to indicate an invalid uid/gid, not UID_MAX and GID_MAX. This is clearer and more consistent with the rest of the kernel. OK deraadt@ sashan@
Revision 1.85 / (download) - annotate - [select for diffs], Mon Sep 30 01:53:05 2019 UTC (4 years, 8 months ago) by dlg
Branch: MAIN
CVS Tags: OPENBSD_6_6_BASE,
OPENBSD_6_6
Changes since 1.84: +2 -2 lines
Diff to previous 1.84 (colored)
remove the "copy function" argument to bpf_mtap_hdr. it was previously (ab)used by pflog, which has since been fixed. apart from that nothing else used it, so we can trim the cruft. ok kn@ claudio@ visa@ visa@ also made sure i fixed ipw(4) so i386 won't break.
Revision 1.84 / (download) - annotate - [select for diffs], Fri Sep 13 01:47:51 2019 UTC (4 years, 8 months ago) by dlg
Branch: MAIN
Changes since 1.83: +17 -39 lines
Diff to previous 1.83 (colored)
avoid the use of a custom bpf copy function. currently pflog prepares a pfloghdr and then passes that, the original mbuf, and a pflog copy function to bpf. bpf matches on the original packet, and then if bpf decides it wants the packet it uses the custom function to copy the packet for userland to read. the custom function patches the packet so you see the packet after nat and rdr and af-to and so on. however, this means bpf is matching on the original packet and reporting a patched packet. this is also the only use of a custom copy function in the tree, and it relies on some behaviours that should be internal to bpf to get away with it. this pulls the patching up so it's done before the packet is given to bpf. this simplifies the code a bit, and means bpf is now matching on and reporting the same packet. removing this custom copy code also means that we can get rid of that functionality from the bpf_mtap_hdr function. ok sashan@ visa@
Revision 1.83 / (download) - annotate - [select for diffs], Thu Jun 13 21:12:52 2019 UTC (4 years, 11 months ago) by mpi
Branch: MAIN
Changes since 1.82: +3 -4 lines
Diff to previous 1.82 (colored)
free(9) sizes. ok kn@
Revision 1.82 / (download) - annotate - [select for diffs], Mon Dec 10 16:48:15 2018 UTC (5 years, 5 months ago) by kn
Branch: MAIN
CVS Tags: OPENBSD_6_5_BASE,
OPENBSD_6_5
Changes since 1.81: +9 -9 lines
Diff to previous 1.81 (colored)
Remove useless macros These are just unhelpful case conversion. OK sashan henning
Revision 1.81 / (download) - annotate - [select for diffs], Tue Jan 9 15:24:24 2018 UTC (6 years, 4 months ago) by bluhm
Branch: MAIN
CVS Tags: OPENBSD_6_4_BASE,
OPENBSD_6_4,
OPENBSD_6_3_BASE,
OPENBSD_6_3
Changes since 1.80: +2 -5 lines
Diff to previous 1.80 (colored)
Creating a cloned interface could return ENOMEM due to temporary memory shortage. As it is invoked from a system call, it should not fail and wait instead. OK visa@ mpi@
Revision 1.80 / (download) - annotate - [select for diffs], Fri Aug 11 21:24:19 2017 UTC (6 years, 9 months ago) by mpi
Branch: MAIN
CVS Tags: OPENBSD_6_2_BASE,
OPENBSD_6_2
Changes since 1.79: +7 -8 lines
Diff to previous 1.79 (colored)
Remove NET_LOCK()'s argument. Tested by Hrvoje Popovski, ok bluhm@
Revision 1.79 / (download) - annotate - [select for diffs], Tue May 16 11:35:36 2017 UTC (7 years ago) by mpi
Branch: MAIN
Changes since 1.78: +8 -11 lines
Diff to previous 1.78 (colored)
Kill unused global list and protect global array by the NET_LOCK(). ok bluhm@
Revision 1.78 / (download) - annotate - [select for diffs], Tue Jan 24 10:08:30 2017 UTC (7 years, 4 months ago) by krw
Branch: MAIN
CVS Tags: OPENBSD_6_1_BASE,
OPENBSD_6_1
Changes since 1.77: +5 -5 lines
Diff to previous 1.77 (colored)
A space here, a space there. Soon we're talking real whitespace rectification.
Revision 1.77 / (download) - annotate - [select for diffs], Mon Jan 23 11:37:29 2017 UTC (7 years, 4 months ago) by mpi
Branch: MAIN
Changes since 1.76: +2 -1 lines
Diff to previous 1.76 (colored)
Flag pseudo-interfaces as such in order to call add_net_randomness() only once per packet. Fix a regression introduced when if_input() started to be called by every pseudo-driver. ok claudio@, dlg@
Revision 1.76 / (download) - annotate - [select for diffs], Tue Nov 22 19:29:54 2016 UTC (7 years, 6 months ago) by procter
Branch: MAIN
Changes since 1.75: +3 -4 lines
Diff to previous 1.75 (colored)
Fold union pf_headers buffer into struct pf_pdesc (enabled by pfvar_priv.h). Prevent pf_socket_lookup() reading uninitialised header buffers on fragments. OK blum@ sashan@
Revision 1.75 / (download) - annotate - [select for diffs], Wed Oct 26 21:07:22 2016 UTC (7 years, 7 months ago) by bluhm
Branch: MAIN
Changes since 1.74: +4 -12 lines
Diff to previous 1.74 (colored)
Put union pf_headers and struct pf_pdesc into separate header file pfvar_priv.h. The pf_headers had to be defined in multiple .c files before. In pfvar.h it would have unknown storage size, this file is included in too many places. The idea is to have a private pf header that is only included in the pf part of the kernel. For now it contains pf_pdesc and pf_headers, it may be extended later. discussion, input and OK henning@ procter@ sashan@
Revision 1.74 / (download) - annotate - [select for diffs], Fri Apr 29 08:55:03 2016 UTC (8 years, 1 month ago) by krw
Branch: MAIN
CVS Tags: OPENBSD_6_0_BASE,
OPENBSD_6_0
Changes since 1.73: +3 -3 lines
Diff to previous 1.73 (colored)
Make if_output() return EAFNOSUPPORT instead of just dropping packets and pretending the output succeeded. Packets are still dropped! Idea from jsg@ following same change to bridge(4). ok mpi@
Revision 1.73 / (download) - annotate - [select for diffs], Sat Dec 5 10:07:55 2015 UTC (8 years, 5 months ago) by tedu
Branch: MAIN
CVS Tags: OPENBSD_5_9_BASE,
OPENBSD_5_9
Changes since 1.72: +1 -2 lines
Diff to previous 1.72 (colored)
remove old lint annotations
Revision 1.72 / (download) - annotate - [select for diffs], Tue Nov 10 06:36:14 2015 UTC (8 years, 6 months ago) by dlg
Branch: MAIN
Changes since 1.71: +2 -14 lines
Diff to previous 1.71 (colored)
flush the send queue in start routines with IFQ_PURGE. ok mpi@ uebayasi@
Revision 1.71 / (download) - annotate - [select for diffs], Tue Aug 25 12:06:47 2015 UTC (8 years, 9 months ago) by jsg
Branch: MAIN
Changes since 1.70: +7 -7 lines
Diff to previous 1.70 (colored)
#if INET && INET6 -> #ifdef INET6, the kernel no longer defines INET since July. The code involved deals with af-to handling.
Revision 1.70 / (download) - annotate - [select for diffs], Wed Jul 15 22:16:41 2015 UTC (8 years, 10 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_5_8_BASE,
OPENBSD_5_8
Changes since 1.69: +2 -3 lines
Diff to previous 1.69 (colored)
m_freem() can handle NULL, do not check for this condition beforehands. ok stsp mpi
Revision 1.69 / (download) - annotate - [select for diffs], Fri Feb 13 13:35:03 2015 UTC (9 years, 3 months ago) by millert
Branch: MAIN
CVS Tags: OPENBSD_5_7_BASE,
OPENBSD_5_7
Changes since 1.68: +2 -1 lines
Diff to previous 1.68 (colored)
Include sys/stdint.h for SIZE_MAX instead of relying on the misplaced define in sys/limits.h. OK guenther@
Revision 1.68 / (download) - annotate - [select for diffs], Thu Feb 12 01:24:10 2015 UTC (9 years, 3 months ago) by henning
Branch: MAIN
Changes since 1.67: +6 -4 lines
Diff to previous 1.67 (colored)
change log(matches) semantics slightly to make it more useful. since it is a debug tool change of semantics not considered problematic. up until now, log(matches) forced logging on subsequent matching rules, the actual logging used the log settings from that matched rule. now, log(matches) causes subsequent matches to be logged with the log settings from the log(matches) rule. in particular (this was the driving point), log(matches, to pflog23) allows you to have the trace log going to a seperate pflog interface, not clobbering your regular pflogs, actually not affecting them at all. long conversation with bluhm about it, which didn't lead to a single bit changed in the diff but was very very helpful. ok bluhm as well.
Revision 1.67 / (download) - annotate - [select for diffs], Fri Dec 19 17:14:39 2014 UTC (9 years, 5 months ago) by tedu
Branch: MAIN
Changes since 1.66: +1 -6 lines
Diff to previous 1.66 (colored)
unifdef INET in net code as a precursor to removing the pretend option. long live the one true internet. ok henning mikeb
Revision 1.66 / (download) - annotate - [select for diffs], Fri Dec 5 15:50:04 2014 UTC (9 years, 5 months ago) by mpi
Branch: MAIN
Changes since 1.65: +2 -1 lines
Diff to previous 1.65 (colored)
Explicitly include <net/if_var.h> instead of pulling it in <net/if.h>. ok mikeb@, krw@, bluhm@, tedu@
Revision 1.65 / (download) - annotate - [select for diffs], Tue Dec 2 18:11:56 2014 UTC (9 years, 6 months ago) by tedu
Branch: MAIN
Changes since 1.64: +2 -2 lines
Diff to previous 1.64 (colored)
replace some malloc multiplies with mallocarry. ok deraadt henning
Revision 1.64 / (download) - annotate - [select for diffs], Mon Sep 8 18:10:01 2014 UTC (9 years, 8 months ago) by bluhm
Branch: MAIN
Changes since 1.63: +6 -4 lines
Diff to previous 1.63 (colored)
When logging a packet to a listener on the pflog0 interface, the function pflog_bpfcopy() is setting up a packet description with pf_setup_pdesc(). When pf_setup_pdesc() is droppig a bad packet, it increments the the pf status counters. This way bad packets could be accounted multiple times. Now pflog_bpfcopy() passes a reason pointer NULL to indicate that no accounting should be done. From Florian Riehm; OK henning@
Revision 1.63 / (download) - annotate - [select for diffs], Mon Sep 8 06:24:13 2014 UTC (9 years, 8 months ago) by jsg
Branch: MAIN
Changes since 1.62: +1 -2 lines
Diff to previous 1.62 (colored)
remove uneeded route.h includes ok miod@ mpi@
Revision 1.62 / (download) - annotate - [select for diffs], Tue Jul 22 11:06:09 2014 UTC (9 years, 10 months ago) by mpi
Branch: MAIN
CVS Tags: OPENBSD_5_6_BASE,
OPENBSD_5_6
Changes since 1.61: +1 -2 lines
Diff to previous 1.61 (colored)
Fewer <netinet/in_systm.h> !
Revision 1.61 / (download) - annotate - [select for diffs], Sat Jul 12 18:44:22 2014 UTC (9 years, 10 months ago) by tedu
Branch: MAIN
Changes since 1.60: +3 -3 lines
Diff to previous 1.60 (colored)
add a size argument to free. will be used soon, but for now default to 0. after discussions with beck deraadt kettenis.
Revision 1.60 / (download) - annotate - [select for diffs], Wed Jul 9 11:03:04 2014 UTC (9 years, 10 months ago) by henning
Branch: MAIN
Changes since 1.59: +3 -1 lines
Diff to previous 1.59 (colored)
tedu bpf_mtap_pflog(). now that it is a trivial wrapper around the extended bpf_mtap_hdr, we can use bpf_mtap_hdr directly. added benefit: pflog_bpfcopy doesn't need to be exported any more and can stay private to if_pflog.c ok benno bluhm reyk
Revision 1.59 / (download) - annotate - [select for diffs], Wed Jun 25 16:21:20 2014 UTC (9 years, 11 months ago) by mikeb
Branch: MAIN
Changes since 1.58: +2 -2 lines
Diff to previous 1.58 (colored)
pf_translate doesn't use the mbuf argument anymore. From Alexandr Nedvedicky <alexandr ! nedvedicky at oracle ! com>. Thanks!
Revision 1.58 / (download) - annotate - [select for diffs], Sat Nov 16 00:36:01 2013 UTC (10 years, 6 months ago) by chl
Branch: MAIN
CVS Tags: OPENBSD_5_5_BASE,
OPENBSD_5_5
Changes since 1.57: +2 -3 lines
Diff to previous 1.57 (colored)
Remove dead assignments and now unused variables. Found by LLVM/Clang Static Analyzer. ok henning@ mikeb@ bluhm@
Revision 1.57 / (download) - annotate - [select for diffs], Thu Oct 24 11:31:43 2013 UTC (10 years, 7 months ago) by mpi
Branch: MAIN
Changes since 1.56: +1 -3 lines
Diff to previous 1.56 (colored)
Remove the number of in6_var.h inclusions by moving some functions and global variables to in6.h. ok deraadt@
Revision 1.56 / (download) - annotate - [select for diffs], Wed Oct 23 15:12:42 2013 UTC (10 years, 7 months ago) by mpi
Branch: MAIN
Changes since 1.55: +1 -2 lines
Diff to previous 1.55 (colored)
Remove the number of in_var.h inclusions by moving some functions and global variables to in.h. ok mikeb@, deraadt@
Revision 1.55 / (download) - annotate - [select for diffs], Thu Oct 17 16:27:41 2013 UTC (10 years, 7 months ago) by bluhm
Branch: MAIN
Changes since 1.54: +2 -1 lines
Diff to previous 1.54 (colored)
The header file netinet/in_var.h included netinet6/in6_var.h. This created a bunch of useless dependencies. Remove this implicit inclusion and do an explicit #include <netinet6/in6_var.h> when it is needed. OK mpi@ henning@
Revision 1.54 / (download) - annotate - [select for diffs], Wed Jun 26 09:12:39 2013 UTC (10 years, 11 months ago) by henning
Branch: MAIN
CVS Tags: OPENBSD_5_4_BASE,
OPENBSD_5_4
Changes since 1.53: +2 -2 lines
Diff to previous 1.53 (colored)
put the cksum diff back, of course with the bug fixed where we could under some circumstances repair broken checksums on the way. ok ryan naddy mikeb . redo most of the protocol (tcp/udp/...) checksum handling -assume we have hardware checksum offloading. stop mucking with the checksum in most of the stack -stop checksum mucking in pf, just set a "needs checksumming" flag if needed -in all output pathes, very late, if we figure out the outbound interface doesn't have hw cksum offloading, do the cksum in software. this especially makes the bridge path behave like a regular output path -little special casing for bridge still required until the broadcast path loses its disgusting shortcut hacks, but at least it's in one place now and not all over the stack in6_proto_cksum_out mostly written by krw@ started at k2k11 in iceland more than 1.5 years ago - yes it took that long, this stuff is everything but easy. this happens to fix the infamous pf rdr bug that made us turn off proto cksum offloading on almost all interface drivers.
Revision 1.53 / (download) - annotate - [select for diffs], Tue Mar 26 13:19:25 2013 UTC (11 years, 2 months ago) by mpi
Branch: MAIN
Changes since 1.52: +2 -2 lines
Diff to previous 1.52 (colored)
Remove various read-only *maxlen variables and use IFQ_MAXLEN directly. ok beck@, mikeb@
Revision 1.52 / (download) - annotate - [select for diffs], Tue Nov 6 12:32:41 2012 UTC (11 years, 6 months ago) by henning
Branch: MAIN
CVS Tags: OPENBSD_5_3_BASE,
OPENBSD_5_3
Changes since 1.51: +2 -2 lines
Diff to previous 1.51 (colored)
backout csum diff for the moment, requested by theo
Revision 1.51 / (download) - annotate - [select for diffs], Thu Nov 1 07:55:55 2012 UTC (11 years, 7 months ago) by henning
Branch: MAIN
Changes since 1.50: +1 -1 lines
Diff to previous 1.50 (colored)
redo most of the protocol (tcp/udp/...) checksum handling -assume we have hardware checksum offloading. stop mucking with the checksum in most of the stack -stop checksum mucking in pf, just set a "needs checksumming" flag if needed -in all output pathes, very late, if we figure out the outbound interface doesn't have hw cksum offloading, do the cksum in software. this especially makes the bridge path behave like a regular output path -little special casing for bridge still required until the broadcast path loses its disgusting shortcut hacks, but at least it's in one place now and not all over the stack in6_proto_cksum_out mostly written by krw@ started at k2k11 in iceland more than 1.5 years ago - yes it took that long, this stuff is everything but easy. this happens to fix the infamous pf rdr bug that made us turn off proto cksum offloading on almost all interface drivers. ok camield sthen claudio, testing by many, thanks!
Revision 1.50 / (download) - annotate - [select for diffs], Sun Jul 8 07:58:09 2012 UTC (11 years, 10 months ago) by henning
Branch: MAIN
CVS Tags: OPENBSD_5_2_BASE,
OPENBSD_5_2
Changes since 1.49: +44 -11 lines
Diff to previous 1.49 (colored)
there was a limit on the number of pflog interfaces - 16. remove that. mostly by dynamically allocating pflogifs instead of making that a static array. ok claudio zinke
Revision 1.49 / (download) - annotate - [select for diffs], Fri Feb 3 01:57:50 2012 UTC (12 years, 4 months ago) by bluhm
Branch: MAIN
CVS Tags: OPENBSD_5_1_BASE,
OPENBSD_5_1
Changes since 1.48: +9 -1 lines
Diff to previous 1.48 (colored)
The kernel did not compile without INET6. Put some #ifdefs into pf to fix that. - add #ifdef INET6 in obvious places - af translation is only possible with both INET and INET6 - interleave #endif /* INET6 */ and closing brace correctly - it is not necessary to #ifdef function prototypes - do not compile af translate functions at all instead of empty stub, then the linker will report inconsistencies - pf_poolmask() actually takes an sa_family_t not an u_int8_t argument No binary change for GENERIC compiled with -O2 and -UDIAGNOSTIC. reported by Olivier Cochard-Labbe; ok mikeb@ henning@
Revision 1.48 / (download) - annotate - [select for diffs], Fri Jan 27 15:30:16 2012 UTC (12 years, 4 months ago) by bluhm
Branch: MAIN
Changes since 1.47: +10 -9 lines
Diff to previous 1.47 (colored)
If some length checks in pflog_bpfcopy() failed, the function returned early. As a result tcpdump -i pflog0 printed uninitialized kernel memory for short packets. Fix this by copying the mbuf data we have if we cannot decode the packet. ok mikeb@ henning@
Revision 1.47 / (download) - annotate - [select for diffs], Sun Jan 15 22:55:35 2012 UTC (12 years, 4 months ago) by bluhm
Branch: MAIN
Changes since 1.46: +3 -3 lines
Diff to previous 1.46 (colored)
Calling pf_normalize_ip() from pf_setup_pdesc() was bad as the latter is called from pf packet logging. This resulted in normalization and reassembly of bad packets to be logged. So rearrange the code and move the call to pf_test(). ok henning@
Revision 1.46 / (download) - annotate - [select for diffs], Wed Dec 21 14:46:24 2011 UTC (12 years, 5 months ago) by mikeb
Branch: MAIN
Changes since 1.45: +4 -3 lines
Diff to previous 1.45 (colored)
don't attempt to run pf_translate on fragments: it will fail miserably. also don't do af translation if pf_translate didn't succeed. ok henning
Revision 1.45 / (download) - annotate - [select for diffs], Fri Oct 21 15:45:55 2011 UTC (12 years, 7 months ago) by mikeb
Branch: MAIN
Changes since 1.44: +29 -9 lines
Diff to previous 1.44 (colored)
strengthen some checks to prevent m_copy* routines from operating on mbuf chains of insufficient length; prevents crashes seen by dhill. also bring in some chunks omitted in the nat64 commit and are essential for correct packet interpretation. tested by dhill and me, ok henning
Revision 1.44 / (download) - annotate - [select for diffs], Thu Oct 13 18:23:39 2011 UTC (12 years, 7 months ago) by claudio
Branch: MAIN
Changes since 1.43: +91 -34 lines
Diff to previous 1.43 (colored)
Since the IPv6 madness is not enough introduce NAT64 -- which is actually "af-to" a generic IP version translator for pf(4). Not everything perfect yet but lets fix these things in the tree. Insane amount of work done by sperreault@, mikeb@ and reyk@. Looked over by mcbride@ henning@ and myself at eurobsdcon. OK mcbride@ and general put it in from deraadt@
Revision 1.43 / (download) - annotate - [select for diffs], Wed Sep 28 17:15:45 2011 UTC (12 years, 8 months ago) by bluhm
Branch: MAIN
Changes since 1.42: +8 -8 lines
Diff to previous 1.42 (colored)
As requested by henning, move the mbuf pointer into struct pf_pdesc. Also sort pd to the beginning of the functions' parameter lists for consistency. ok henning
Revision 1.42 / (download) - annotate - [select for diffs], Tue Sep 20 10:51:18 2011 UTC (12 years, 8 months ago) by bluhm
Branch: MAIN
Changes since 1.41: +9 -10 lines
Diff to previous 1.41 (colored)
Put kif and dir into pdesc an use this instead of passing the values around. This is a mechanical change. Initialize pd2 and use it where appropriate. ok henning on an earlier version; ok mpf
Revision 1.41 / (download) - annotate - [select for diffs], Mon Sep 19 12:51:52 2011 UTC (12 years, 8 months ago) by bluhm
Branch: MAIN
Changes since 1.40: +4 -5 lines
Diff to previous 1.40 (colored)
Consolidate pf function parameters. Move off and hdrlen into pdesc and change their type from int to u_int32_t. Do not pass struct tcphdr *th and sa_family_t af, it is in pd anyway. Do not use af and pd->af intermixed, the latter makes clear where it comes from. Do not calculate the packet length again if pd already has it. Use pd2.off instead of off2. go go go go don't stop henning@ mpf@
Revision 1.40 / (download) - annotate - [select for diffs], Sun Sep 18 13:50:13 2011 UTC (12 years, 8 months ago) by bluhm
Branch: MAIN
Changes since 1.39: +5 -7 lines
Diff to previous 1.39 (colored)
Move the pdesc initialization code into pf_setup_pdesc(). Unify some IPv4 and IPv6 code. Make sure that both code paths set the same fields in the same order. ok mpf henning
Revision 1.39 / (download) - annotate - [select for diffs], Sun Sep 18 10:40:54 2011 UTC (12 years, 8 months ago) by bluhm
Branch: MAIN
Changes since 1.38: +2 -3 lines
Diff to previous 1.38 (colored)
Move the call to pf_test_rule() for fragments that have not been reassembled by normalization from pf_setup_pdesc() to pf_test(). This simplifies the paramter list of pf_setup_pdesc() as it can concentrate on its job filling the pf_pdesc struct. ok henning mpf
Revision 1.38 / (download) - annotate - [select for diffs], Thu Jul 7 00:47:18 2011 UTC (12 years, 11 months ago) by mcbride
Branch: MAIN
CVS Tags: OPENBSD_5_0_BASE,
OPENBSD_5_0
Changes since 1.37: +3 -2 lines
Diff to previous 1.37 (colored)
Fold pf_test_fragment() into pf_test_rule(), reduce code and fixes a bunch of bugs with fragment handling not being in sync with the rest of the ruleset. Much feedback from mpf, bluhm & markus Thanks to Tony Sarendal for help with testing ok bluhm; various previous versions ok henning, claudio, mpf, markus
Revision 1.37 / (download) - annotate - [select for diffs], Wed Jul 6 02:42:28 2011 UTC (12 years, 11 months ago) by henning
Branch: MAIN
Changes since 1.36: +2 -2 lines
Diff to previous 1.36 (colored)
cosnistently use IFQ_SET_MAXLEN, surfaced in a discussion with + ok bluhm
Revision 1.36 / (download) - annotate - [select for diffs], Tue Jul 5 22:28:44 2011 UTC (12 years, 11 months ago) by bluhm
Branch: MAIN
Changes since 1.35: +3 -1 lines
Diff to previous 1.35 (colored)
Explicitly reserve space for special ICMP6 headers in pf_hdrs, like it was done for pf_headers in pf.c. ok mcbride@ henning@
Revision 1.35 / (download) - annotate - [select for diffs], Mon Jun 20 19:03:41 2011 UTC (12 years, 11 months ago) by claudio
Branch: MAIN
Changes since 1.34: +2 -2 lines
Diff to previous 1.34 (colored)
More cleanup in pf_test/pf_test6 this time mostly the fragment handling. More to come to make the two codepathes a bit more identical. tested by many (esp. krw@ and sthen@) input and OK bluhm@
Revision 1.34 / (download) - annotate - [select for diffs], Sun May 22 13:21:24 2011 UTC (13 years ago) by claudio
Branch: MAIN
Changes since 1.33: +3 -3 lines
Diff to previous 1.33 (colored)
Do not pass AF specific information to pf_test_rule() and PFLOG_PACKET() because either the info is already available in struct pd or easy to figure out. Makes pf_test() and pf_test6() even more similar (with the target to remove one of them in the near future). OK henning@
Revision 1.33 / (download) - annotate - [select for diffs], Tue Dec 7 11:39:40 2010 UTC (13 years, 5 months ago) by jsg
Branch: MAIN
CVS Tags: OPENBSD_4_9_BASE,
OPENBSD_4_9
Changes since 1.32: +2 -2 lines
Diff to previous 1.32 (colored)
remove a bunch of unused arguments ok henning@
Revision 1.32 / (download) - annotate - [select for diffs], Tue Sep 21 22:49:14 2010 UTC (13 years, 8 months ago) by sthen
Branch: MAIN
Changes since 1.31: +6 -4 lines
Diff to previous 1.31 (colored)
Don't dereference null pointers for protocols without port numbers. From henning@, fixed pflog_bgpcopy crashes.
Revision 1.31 / (download) - annotate - [select for diffs], Tue Sep 21 11:29:12 2010 UTC (13 years, 8 months ago) by henning
Branch: MAIN
Changes since 1.30: +2 -1 lines
Diff to previous 1.30 (colored)
assert copyrights / bump years
Revision 1.30 / (download) - annotate - [select for diffs], Tue Sep 21 10:45:26 2010 UTC (13 years, 8 months ago) by henning
Branch: MAIN
Changes since 1.29: +18 -3 lines
Diff to previous 1.29 (colored)
stuff the original (before rewriting) addresses into the already existant address fields in the pflog header, same for ports, and add a "rewritten" indicator. ok ryan dlg
Revision 1.29 / (download) - annotate - [select for diffs], Tue Sep 21 04:06:37 2010 UTC (13 years, 8 months ago) by henning
Branch: MAIN
Changes since 1.28: +86 -12 lines
Diff to previous 1.28 (colored)
pflog overhaul pflog was logging the "wrong" as in not yet rewritten (nat/rdr) addresses. to address this without making an extra copy of the mbuf chain: -introduce bpf_mtap_pflog, which is a 1:1 copy of bpf_mtap_hdr, except that it supplies bpf_catchpacket with pflog_bpfcopy as copy function instead of plain bcopy -said new shiny pflog_bpfcopy knows what a pflog packet looks like, copies everything into bpf's buffer, contructs a fake mbuf (which is allocated once at attach time and reused over and over) which points to the bpf buffer as data storage -call pf_setup_pdesc on said fake mbuf -then call pf_translate to rewrite the addresses as needed right in the bpf buffer this changes the pflog header as we have to pass the new addresses/ports around. relies on canacar's awesome work in libpcap to work olrite with the new, longer pflog header as well as with the old, shorter one. almost completely written at c2k10 in canada, finished here at j2k10 in japan. ok ryan dlg
Revision 1.28 / (download) - annotate - [select for diffs], Tue Jan 12 02:47:07 2010 UTC (14 years, 4 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_4_8_BASE,
OPENBSD_4_8,
OPENBSD_4_7_BASE,
OPENBSD_4_7
Changes since 1.27: +1 -4 lines
Diff to previous 1.27 (colored)
Remove bpfdetach() call right in front of the if_detach() call since bpfdetach() will be called in if_detach(). Diff by Gleydson Soares
Revision 1.27 / (download) - annotate - [select for diffs], Thu Dec 20 02:53:02 2007 UTC (16 years, 5 months ago) by brad
Branch: MAIN
CVS Tags: OPENBSD_4_6_BASE,
OPENBSD_4_6,
OPENBSD_4_5_BASE,
OPENBSD_4_5,
OPENBSD_4_4_BASE,
OPENBSD_4_4,
OPENBSD_4_3_BASE,
OPENBSD_4_3
Changes since 1.26: +2 -2 lines
Diff to previous 1.26 (colored)
return with ENOTTY instead of EINVAL for unknown ioctl requests. ok claudio@ krw@ jason@ dlg@
Revision 1.26 / (download) - annotate - [select for diffs], Thu Oct 18 21:58:18 2007 UTC (16 years, 7 months ago) by mpf
Branch: MAIN
Changes since 1.25: +1 -4 lines
Diff to previous 1.25 (colored)
There is no point for IP addresses on pflog(4) OK dhartmei@, henning@
Revision 1.25 / (download) - annotate - [select for diffs], Sun Sep 16 16:00:27 2007 UTC (16 years, 8 months ago) by pyr
Branch: MAIN
Changes since 1.24: +3 -3 lines
Diff to previous 1.24 (colored)
another M_ZERO diff.
Revision 1.24 / (download) - annotate - [select for diffs], Sat May 26 17:13:30 2007 UTC (17 years ago) by jason
Branch: MAIN
CVS Tags: OPENBSD_4_2_BASE,
OPENBSD_4_2
Changes since 1.23: +1 -3 lines
Diff to previous 1.23 (colored)
one extern seems to be better than 20 for ifqmaxlen; ok krw
Revision 1.23 / (download) - annotate - [select for diffs], Mon Mar 19 09:40:13 2007 UTC (17 years, 2 months ago) by henning
Branch: MAIN
Changes since 1.22: +1 -2 lines
Diff to previous 1.22 (colored)
no longer create a pflog0 by default. we had to put this workaround in since /etc/rc used to use the exit code if "ifconfig pflog0" to decide wether we run on a kernel with pflog support. rc has been fixed to explicitely create pflog0 when pf and pflogd are enabled in November 2006, so now is the time to remove this compat hack. pplz who haven't updated rc since 2006/11/16 lose pflogd. ok ryan theo
Revision 1.22 / (download) - annotate - [select for diffs], Fri Dec 15 09:31:20 2006 UTC (17 years, 5 months ago) by otto
Branch: MAIN
CVS Tags: OPENBSD_4_1_BASE,
OPENBSD_4_1
Changes since 1.21: +3 -1 lines
Diff to previous 1.21 (colored)
make pflog(4) count; ok hennig@ deraadt@
Revision 1.21 / (download) - annotate - [select for diffs], Wed Nov 1 23:39:34 2006 UTC (17 years, 7 months ago) by mcbride
Branch: MAIN
Changes since 1.20: +2 -1 lines
Diff to previous 1.20 (colored)
Attach pfsync0 and pflog0 by default like they used to, /etc/rc depends on them being there. diff & ok deraadt
Revision 1.20 / (download) - annotate - [select for diffs], Wed Oct 25 11:26:47 2006 UTC (17 years, 7 months ago) by henning
Branch: MAIN
Changes since 1.19: +2 -2 lines
Diff to previous 1.19 (colored)
add a "u_int8_t logif" to struct pfrule to select to which pflog interface logs go. ok mcbride
Revision 1.19 / (download) - annotate - [select for diffs], Mon Oct 23 12:46:09 2006 UTC (17 years, 7 months ago) by henning
Branch: MAIN
Changes since 1.18: +68 -23 lines
Diff to previous 1.18 (colored)
make the pflog interface clonable. for now, only allow pflog0 to be created. keep an array of ifps to the pflog interfaces with the unit # as index for fast access. if pflog0 does not exist, no logging is done (just like if it is down). on machines without pf enabled, this makes the pflog0 interface go away, on machines with pf, rc sets up pflog0 and starts pflogd, no change there. idea old (pf2k4 or c2k5?), hacked at the hack.lu 2006 conference, ryan ok
Revision 1.18 / (download) - annotate - [select for diffs], Wed Jun 28 12:04:31 2006 UTC (17 years, 11 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_4_0_BASE,
OPENBSD_4_0
Changes since 1.17: +1 -10 lines
Diff to previous 1.17 (colored)
Another unused function bites the dust -- this time pflogrtrequest(). OK markus@
Revision 1.17 / (download) - annotate - [select for diffs], Sat Mar 25 22:41:47 2006 UTC (18 years, 2 months ago) by djm
Branch: MAIN
Changes since 1.16: +3 -2 lines
Diff to previous 1.16 (colored)
allow bpf(4) to ignore packets based on their direction (inbound or outbound), using a new BIOCSDIRFILT ioctl; guidance, feedback and ok canacar@
Revision 1.16 / (download) - annotate - [select for diffs], Sat Mar 4 22:40:15 2006 UTC (18 years, 3 months ago) by brad
Branch: MAIN
Changes since 1.15: +2 -2 lines
Diff to previous 1.15 (colored)
With the exception of two other small uncommited diffs this moves the remainder of the network stack from splimp to splnet. ok miod@
Revision 1.15 / (download) - annotate - [select for diffs], Sun Jul 31 03:52:18 2005 UTC (18 years, 10 months ago) by pascoe
Branch: MAIN
CVS Tags: OPENBSD_3_9_BASE,
OPENBSD_3_9,
OPENBSD_3_8_BASE,
OPENBSD_3_8
Changes since 1.14: +6 -10 lines
Diff to previous 1.14 (colored)
Introduce bpf_mtap_af and bpf_mtap_hdr to be used when passing a mbuf chain to bpf with either an address family or other header added. These helpers only allocate a much smaller struct m_hdr on the stack when needed, rather than leaving 256 byte struct mbufs on the stack in deep call paths. Also removes a fair bit of duplicated code. commit now, tune after deraadt@
Revision 1.14 / (download) - annotate - [select for diffs], Fri May 27 20:17:31 2005 UTC (19 years ago) by dhartmei
Branch: MAIN
Changes since 1.13: +9 -3 lines
Diff to previous 1.13 (colored)
pass UID_MAX/NO_PID when the socket lookup failed, so tcpdump can suppress output in this case.
Revision 1.13 / (download) - annotate - [select for diffs], Fri May 27 17:22:40 2005 UTC (19 years ago) by dhartmei
Branch: MAIN
Changes since 1.12: +9 -3 lines
Diff to previous 1.12 (colored)
log two pairs of uid/pid through pflog: the uid/pid of the process that inserted the rule which causes the logging. secondly, the uid/pid of the process in case the logged packet is delivered to/from a local socket. a lookup of the local socket can be forced for logged packets with a new option, 'log (user)'. make tcpdump print the additional information when -e and -v is used. note: this changes the pflog header struct, rebuild all dependancies. ok bob@, henning@.
Revision 1.4.2.5 / (download) - annotate - [select for diffs], Sat Jun 5 23:11:23 2004 UTC (20 years ago) by niklas
Branch: SMP
Changes since 1.4.2.4: +2 -4 lines
Diff to previous 1.4.2.4 (colored) to branchpoint 1.4 (colored) next main 1.5 (colored)
Merge with the trunk
Revision 1.12 / (download) - annotate - [select for diffs], Wed May 19 17:50:51 2004 UTC (20 years ago) by dhartmei
Branch: MAIN
CVS Tags: SMP_SYNC_B,
SMP_SYNC_A,
OPENBSD_3_7_BASE,
OPENBSD_3_7,
OPENBSD_3_6_BASE,
OPENBSD_3_6
Changes since 1.11: +3 -5 lines
Diff to previous 1.11 (colored)
Allow recursive anchors (anchors within anchors, up to 64 levels deep). More work required, but this is already functional. authpf users will need to adjust their anchor calls, but this will change again soon. ok beck@, cedric@, henning@, mcbride@
Revision 1.4.2.4 / (download) - annotate - [select for diffs], Thu Feb 19 10:57:21 2004 UTC (20 years, 3 months ago) by niklas
Branch: SMP
Changes since 1.4.2.3: +5 -7 lines
Diff to previous 1.4.2.3 (colored) to branchpoint 1.4 (colored)
Merge of current from two weeks agointo the SMP branch
Revision 1.11 / (download) - annotate - [select for diffs], Wed Dec 31 11:18:25 2003 UTC (20 years, 5 months ago) by cedric
Branch: MAIN
CVS Tags: OPENBSD_3_5_BASE,
OPENBSD_3_5
Changes since 1.10: +4 -4 lines
Diff to previous 1.10 (colored)
Many improvements to the handling of interfaces in PF. 1) PF should do the right thing when unplugging/replugging or cloning/ destroying NICs. 2) Rules can be loaded in the kernel for not-yet-existing devices (USB, PCMCIA, Cardbus). For example, it is valid to write: "pass in on kue0" before kue USB is plugged in. 3) It is possible to write rules that apply to group of interfaces (drivers), like "pass in on ppp all" 4) There is a new ":peer" modifier that completes the ":broadcast" and ":network" modifiers. 5) There is a new ":0" modifier that will filter out interface aliases. Can also be applied to DNS names to restore original PF behaviour. 6) The dynamic interface syntax (foo) has been vastly improved, and now support multiple addresses, v4 and v6 addresses, and all userland modifiers, like "pass in from (fxp0:network)" 7) Scrub rules now support the !if syntax. 8) States can be bound to the specific interface that created them or to a group of interfaces for example: - pass all keep state (if-bound) - pass all keep state (group-bound) - pass all keep state (floating) 9) The default value when only keep state is given can be selected by using the "set state-policy" statement. 10) "pfctl -ss" will now print the interface scope of the state. This diff change the pf_state structure slighltly, so you should recompile your userland tools (pfctl, authpf, pflogd, tcpdump...) Tested on i386, sparc, sparc64 by Ryan Tested on macppc, sparc64 by Daniel ok deraadt@ mcbride@
Revision 1.10 / (download) - annotate - [select for diffs], Wed Oct 1 21:21:35 2003 UTC (20 years, 8 months ago) by canacar
Branch: MAIN
Changes since 1.9: +3 -5 lines
Diff to previous 1.9 (colored)
Fix stack leak into pfloghdr (the pad field is not initialized), which ends up in the pflog pcap file. From dhartmei@ ok dhartmei@, frantzen@, henning@
Revision 1.4.6.3 / (download) - annotate - [select for diffs], Mon May 19 22:30:08 2003 UTC (21 years ago) by tedu
Branch: UBC
Changes since 1.4.6.2: +68 -6 lines
Diff to previous 1.4.6.2 (colored) to branchpoint 1.4 (colored) next main 1.5 (colored)
sync
Revision 1.4.2.3 / (download) - annotate - [select for diffs], Fri May 16 00:29:43 2003 UTC (21 years ago) by niklas
Branch: SMP
Changes since 1.4.2.2: +24 -8 lines
Diff to previous 1.4.2.2 (colored) to branchpoint 1.4 (colored)
merge the trunk so we will get the genfs and locking fixes
Revision 1.9 / (download) - annotate - [select for diffs], Wed May 14 08:42:00 2003 UTC (21 years ago) by canacar
Branch: MAIN
CVS Tags: UBC_SYNC_A,
OPENBSD_3_4_BASE,
OPENBSD_3_4
Changes since 1.8: +24 -8 lines
Diff to previous 1.8 (colored)
Use official (from pcap people) link type for pflog. With this change, the log header format also changes. The new log format is extendible and allows logging of the originating anchor and ruleset information. ok henning@ dhartmei@ frantzen@
Revision 1.4.2.2 / (download) - annotate - [select for diffs], Tue May 13 19:36:15 2003 UTC (21 years ago) by ho
Branch: SMP
Changes since 1.4.2.1: +2 -2 lines
Diff to previous 1.4.2.1 (colored) to branchpoint 1.4 (colored)
Sync the SMP branch to -current. This includes moving to ELF.
Revision 1.8 / (download) - annotate - [select for diffs], Sat May 3 21:15:11 2003 UTC (21 years, 1 month ago) by deraadt
Branch: MAIN
Changes since 1.7: +2 -2 lines
Diff to previous 1.7 (colored)
string fixes; tedu ok
Revision 1.4.2.1 / (download) - annotate - [select for diffs], Fri Mar 28 00:41:28 2003 UTC (21 years, 2 months ago) by niklas
Branch: SMP
Changes since 1.4: +52 -8 lines
Diff to previous 1.4 (colored)
Sync the SMP branch with 3.3
Revision 1.7 / (download) - annotate - [select for diffs], Tue Oct 29 19:51:04 2002 UTC (21 years, 7 months ago) by mickey
Branch: MAIN
CVS Tags: OPENBSD_3_3_BASE,
OPENBSD_3_3
Changes since 1.6: +51 -5 lines
Diff to previous 1.6 (colored)
keep all pflog goodies in pflog sources, avoids code duplications; okski frantzen@ and dhartmei@
Revision 1.4.6.2 / (download) - annotate - [select for diffs], Tue Oct 29 00:36:45 2002 UTC (21 years, 7 months ago) by art
Branch: UBC
Changes since 1.4.6.1: +2 -1 lines
Diff to previous 1.4.6.1 (colored) to branchpoint 1.4 (colored)
sync to -current
Revision 1.6 / (download) - annotate - [select for diffs], Sun Jun 30 13:04:36 2002 UTC (21 years, 11 months ago) by itojun
Branch: MAIN
CVS Tags: UBC_SYNC_B,
OPENBSD_3_2_BASE,
OPENBSD_3_2
Changes since 1.5: +2 -1 lines
Diff to previous 1.5 (colored)
allocate sockaddr_dl for ifnet in if_alloc_sadl(), as we don't always know the size of sockaddr_dl on if_attach() - for instance, see ether_ifattach(). from netbsd. fgs ok
Revision 1.4.6.1 / (download) - annotate - [select for diffs], Tue Jun 11 03:30:45 2002 UTC (21 years, 11 months ago) by art
Branch: UBC
Changes since 1.4: +1 -4 lines
Diff to previous 1.4 (colored)
Sync UBC branch to -current
Revision 1.5 / (download) - annotate - [select for diffs], Wed May 29 07:54:58 2002 UTC (22 years ago) by itojun
Branch: MAIN
Changes since 1.4: +1 -4 lines
Diff to previous 1.4 (colored)
attach nd_ifinfo structure to if_afdata. split IPv6 MTU (advertised by RA) from real link MTU. sync with kame
Revision 1.4 / (download) - annotate - [select for diffs], Wed Jun 27 01:58:03 2001 UTC (22 years, 11 months ago) by provos
Branch: MAIN
CVS Tags: UBC_BASE,
OPENBSD_3_1_BASE,
OPENBSD_3_1,
OPENBSD_3_0_BASE,
OPENBSD_3_0
Branch point for: UBC,
SMP
Changes since 1.3: +3 -3 lines
Diff to previous 1.3 (colored)
KNF
Revision 1.3 / (download) - annotate - [select for diffs], Mon Jun 25 23:02:18 2001 UTC (22 years, 11 months ago) by provos
Branch: MAIN
Changes since 1.2: +3 -7 lines
Diff to previous 1.2 (colored)
extend the logging via a new link header type. export interface, direction, action and rule nr.
Revision 1.2 / (download) - annotate - [select for diffs], Mon Jun 25 21:07:44 2001 UTC (22 years, 11 months ago) by art
Branch: MAIN
Changes since 1.1: +15 -38 lines
Diff to previous 1.1 (colored)
ANSIfy
Revision 1.1 / (download) - annotate - [select for diffs], Mon Jun 25 20:48:16 2001 UTC (22 years, 11 months ago) by provos
Branch: MAIN
first stab at packet logging for pf. inspired by late night dreams of art. we just pass drop and passed packets to different pseudo interface that can be listened to with bpf.