1
0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-20 11:11:24 +00:00
Commit Graph

171 Commits

Author SHA1 Message Date
Max Laier
7c1fe95333 Commit pf version 3.5 and link additional files to the kernel build.
Version 3.5 brings:
 - Atomic commits of ruleset changes (reduce the chance of ending up in an
   inconsistent state).
 - A 30% reduction in the size of state table entries.
 - Source-tracking (limit number of clients and states per client).
 - Sticky-address (the flexibility of round-robin with the benefits of
   source-hash).
 - Significant improvements to interface handling.
 - and many more ...
2004-06-16 23:24:02 +00:00
Max Laier
32b3098356 Import pf from OpenBSD 3.5 (OPENBSD_3_5_BASE) 2004-06-16 23:03:14 +00:00
Max Laier
779616355a This commit was generated by cvs2svn to compensate for changes in r130610,
which included commits to RCS files with non-trunk default branches.
2004-06-16 23:03:14 +00:00
Poul-Henning Kamp
89c9c53da0 Do the dreaded s/dev_t/struct cdev */
Bump __FreeBSD_version accordingly.
2004-06-16 09:47:26 +00:00
Max Laier
4e6d06effe Remove some more leftover from the old pfaltq_module hack to allow for
kernels w/ pf, but w/o altq.

Reported-by:	 Xin LI
2004-06-14 16:13:05 +00:00
Max Laier
cc4dbc7c7d Prepare pf for building with ALTQ:
- remove old pfaltq module linkage
 - move pfaltq_running to pf_ioctl.c It is protected by PF_LOCK()
2004-06-13 01:36:31 +00:00
Max Laier
1fb675e712 "Get rid of the nested include of <sys/module.h> from <sys/kernel.h>" or
better do no longer depend on it.

Requested-by:	phk
Approved-by:	bms(mentor)
2004-05-31 22:48:19 +00:00
Daniel Hartmeier
01044eaadc Commit three imported bugfixes from OpenBSD 3.4-stable:
- change pf_get_pool() argument rule_number type from u_int32_t
    to u_int8_t, fixes corruption of address pools with large
    rulesets (mcbride@)
  - prevent endless loops with route-to (dhartmei@)
  - limit option length to 2 octets max (frantzen@)

Obtained from:	OpenBSD
Approved by:	mlaier(mentor), bms(mentor)
2004-05-02 20:47:24 +00:00
Daniel Hartmeier
ac529e0479 Import OpenBSD 3.4-stable fixes 2004-05-02 19:43:28 +00:00
Brooks Davis
bb2bfb4fa9 Staticize <if>_clone_{create,destroy} functions.
Reviewed by:	mlaier
2004-04-14 00:57:49 +00:00
Max Laier
00e7fbfb60 Commit import of OpenBSD-stable fix:
Fix by dhartmei@ and mcbride@
 1.433
 Properly m_copyback() modified TCP sequence number after demodulation
 1.432
 Fix icmp checksum when sequence number modlation is being used.
 Also fix a daddr vs saddr cut-n-paste error in ICMP error handling.

 Fixes PR 3724

Obtained from:	OpenBSD
Reviewed by:	dhartmei
Approved by:	rwatson
2004-04-11 17:35:40 +00:00
Max Laier
f43690eb9e Import another fix from the OpenBSD-Stable branch:
Fix by dhartmei@ and mcbride@
 1.433
 Properly m_copyback() modified TCP sequence number after demodulation
 1.432
 Fix icmp checksum when sequence number modlation is being used.
 Also fix a daddr vs saddr cut-n-paste error in ICMP error handling.

 Fixes PR 3724
2004-04-11 17:28:22 +00:00
Max Laier
eaa7035b13 Shut up a couple of annoying gcc warnings. Do not enclose the fixes with
#ifdefs in order to loop it back to OpenBSD after the next import. There are
a some implicit asserts involved which might be better spelled out
explicitly (af == AF_INET ...)

Approved by:	bms(mentor)
2004-03-30 18:28:30 +00:00
Max Laier
cf5011b74a Commit two fixes from OpenBSD's stable branch:
- Fix binat for incoming connections when a netblock (not just a single
  address) is used for source in the binat rule. closes PR 3535, reported by
  Karl O.Pinc. ok henning@, cedric@

- Fix a problem related to empty anchor rulesets, which could cause a kernel
  panic.

Approved by:	bms(mentor)
2004-03-28 20:04:12 +00:00
Max Laier
b855d39384 Import two fixes from OpenBSD's stable branch:
- Fix binat for incoming connections when a netblock (not just a single
  address) is used for source in the binat rule. closes PR 3535, reported by
  Karl O.Pinc. ok henning@, cedric@

- Fix a problem related to empty anchor rulesets, which could cause a kernel
  panic.

Approved by:	bms(mentor)
2004-03-28 19:31:37 +00:00
Max Laier
cc7e902276 Style(9) round for the pf kernel parts. Mostly #if defined() -> #ifdef
Also set HOOK_HACK to true (remove the related #ifdef's) as we have the
hooks in the kernel this was missed during the merge from the port.

Noticed by:	Amir S.	(for the HOOK_HACK part)
Approved by:	bms(mentor)
2004-03-17 21:11:02 +00:00
Max Laier
7b3832e8d6 Remove `$Name$' leftovers from the port version reporting.
Noticed by:	Craig Rodrigues
Approved by:	bms(mentor)
2004-03-10 15:08:21 +00:00
Max Laier
01315efca3 Remove __inline keyword from functions that can't be inlined according to
LINT. This fixes LINT compliation for now, but needs to be revised.
Changes do not affect the objects.

Approved by:	bms(mentor)
2004-02-29 16:34:43 +00:00
Max Laier
cc5934f5af Tweak existing header and other build infrastructure to be able to build
pf/pflog/pfsync as modules. Do not list them in NOTES or modules/Makefile
(i.e. do not connect it to any (automatic) builds - yet).

Approved by: bms(mentor)
2004-02-26 03:53:54 +00:00
Max Laier
2bbe8ffc9d Bring diff from the security/pf port. This has code been tested as a port
for a long time and is run in production use. This is the code present in
portversion 2.03 with some additional tweaks.

The rather extensive diff accounts for:
 - locking (to enable pf to work with a giant-free netstack)
 - byte order difference between OpenBSD and FreeBSD for ip_len/ip_off
 - conversion from pool(9) to zone(9)
 - api differences etc.

Approved by: bms(mentor) (in general)
2004-02-26 02:34:12 +00:00
Max Laier
5c45a928b9 Vendor import of OpenBSD's packet filter (pf) as of OpenBSD 3.4
Approved by: bms(mentor), core (in general)
2004-02-26 02:04:28 +00:00