aboutsummaryrefslogtreecommitdiff
path: root/sbin/ipf
Commit message (Collapse)AuthorAgeFilesLines
* ipf.5: revert C style(9) applied to man pageGraham Percival2024-09-241-4/+4
| | | | | | | | | | | | | | These changes were made by accident in: ipfilter: Adjust userland returns to conform to style(9) 2582ae5740181e0d2bab10003d66ae91c9b56329 That commit made similar mistakes in other man pages, but those have already been fixed. Signed-off-by: Graham Percival <gperciva@tarsnap.com> Reviewed by: mhorne Sponsored by: Tarsnap Backup Inc. Pull Request: https://github.com/freebsd/freebsd-src/pull/1433
* ipf: correct size limit in snprintfRyan Libby2024-07-201-1/+1
| | | | | | Reported by: GCC -Wsizeof-pointer-memaccess Reviewed by: zlei Differential Revision: https://reviews.freebsd.org/D45899
* Remove residual blank line at start of MakefileWarner Losh2024-07-1512-12/+0
| | | | | | | This is a residual of the $FreeBSD$ removal. MFC After: 3 days (though I'll just run the command on the branches) Sponsored by: Netflix
* ipf: Use nitems(foo) instead of sizeof(foo)/sizeof(foo[0])Elyes Haouas2024-04-292-4/+5
| | | | | Pull Request: https://github.com/freebsd/freebsd-src/pull/888 Signed-off-by: Elyes Haouas <ehaouas@noos.fr>
* sbin: Remove repeated wordsElyes Haouas2024-04-112-2/+2
| | | | | | Signed-off-by: Elyes Haouas <ehaouas@noos.fr> Reviewed by: imp Pull Request: https://github.com/freebsd/freebsd-src/pull/887
* ipf(8): Fix typoShin-Yi Zheng2024-02-131-1/+1
| | | | | Event: Advanced UNIX Programming Course (Fall’23) at NTHU Pull Request: https://github.com/freebsd/freebsd-src/pull/1002
* ipf: Fix some typosElyes Haouas2024-02-037-26/+26
| | | | Signed-off-by: Elyes Haouas <ehaouas@noos.fr>
* Typos corrected; dependant, addres.Jens Schweikhardt2024-01-041-1/+1
|
* tree: Use 1 semicolon at the end of a statementElyes Haouas2023-12-283-4/+4
| | | | | | Signed-off-by: Elyes Haouas <ehaouas@noos.fr> Reviewed by: imp Pull Request: https://github.com/freebsd/freebsd-src/pull/889
* sccs: Manual changesWarner Losh2023-11-275-21/+0
| | | | | | | | | | | | | | | For the uncommon items: Go through the tree and remove sccs tags that didn't fit any nice pattern. If in the neighborhood, other SCM tags were removed when they were detritis of long-ago CVS somehow in the early mists of the project. Some adjacent copyrights stringswere removed (they duplicated the copyright notices in the file). This also removed non-standard formations of omission of SCCS tags (usually by adding an extra #if 0 somewhere. After this commit, a number of strings tagged with the 'what' @(#) prefix remain, but they are primarily copyright notices. Sponsored by: Netflix
* sbin: Remove ancient SCCS tags.Warner Losh2023-11-2738-134/+0
| | | | | | | | Remove ancient SCCS tags from the tree, automated scripting, with two minor fixup to keep things compiling. All the common forms in the tree were removed with a perl script. Sponsored by: Netflix
* libipf: fix parser error message.Dag-Erling Smørgrav2023-08-311-5/+1
| | | | | | MFC after: 1 week Reviewed by: cy Differential Revision: https://reviews.freebsd.org/D41652
* Remove $FreeBSD$: one-line nroff patternWarner Losh2023-08-1622-22/+0
| | | | Remove /^\.\\"\s*\$FreeBSD\$$\n/
* Remove $FreeBSD$: one-line sh patternWarner Losh2023-08-1621-21/+0
| | | | Remove /^\s*#[#!]?\s*\$FreeBSD\$.*$\n/
* Remove $FreeBSD$: one-line .c comment patternWarner Losh2023-08-16132-132/+0
| | | | Remove /^/[*/]\s*\$FreeBSD\$.*\n/
* Remove $FreeBSD$: one-line .h patternWarner Losh2023-08-161-1/+0
| | | | Remove /^\s*\*+\s*\$FreeBSD\$.*$\n/
* ipf: low-effort fix to make it compilable without inet6Mateusz Guzik2023-07-054-0/+4
|
* ipf: Remove set but unused variables.John Baldwin2023-06-271-6/+2
| | | | | Reported by: clang Differential Revision: https://reviews.freebsd.org/D40667
* libipf: Remove set but unused variable from printfraginfo().John Baldwin2023-06-271-7/+0
| | | | | Reported by: GCC Differential Revision: https://reviews.freebsd.org/D40652
* ipf: Remove no-longer-needed NO_WARRAY_BOUNDS.John Baldwin2023-06-091-1/+0
|
* ipf: Fix typosElyes Haouas2023-06-023-3/+3
| | | | | | Signed-off-by: Elyes Haouas <ehaouas@noos.fr> Reviewed by: imp Pull Request: https://github.com/freebsd/freebsd-src/pull/653
* ipf/ipfstat: Fix typosElyes Haouas2023-06-021-1/+1
| | | | | | Signed-off-by: Elyes Haouas <ehaouas@noos.fr> Reviewed by: imp Pull Request: https://github.com/freebsd/freebsd-src/pull/653
* ipf/libipf: Fix typosElyes Haouas2023-06-023-8/+8
| | | | | | Signed-off-by: Elyes Haouas <ehaouas@noos.fr> Reviewed by: imp Pull Request: https://github.com/freebsd/freebsd-src/pull/653
* Update/fix Makefile.depend for userlandSimon J. Gerraty2023-04-196-13/+2
|
* ipf: Use C89 function definitions.John Baldwin2023-04-188-36/+12
| | | | | Reviewed by: zlei Differential Revision: https://reviews.freebsd.org/D39523
* ipfilter: replace defunct home page link with FAQ URLEd Maste2022-11-151-2/+1
| | | | | ipfilter.org disappeared in mid 2004. There is still a FAQ at https://www.phildev.net/ipf so point to that.
* ipfilter: Removed unused ioctl typedefCy Schubert2022-10-091-6/+1
| | | | | | | Defunct operating systems no longer pollute the ipfilter sources. Remove their typedefs. MFC after: 1 week
* ipfilter/libipf: printpool_live() consumer ignores return codeCy Schubert2022-09-222-4/+4
| | | | | | | The single consumer of printpool_live() ignores the return code. Avoid wasting resources on this. MFC after: 2 weeks
* ipfilter/ippool: Return error code when listing a pool failsCy Schubert2022-09-221-26/+37
| | | | | | | | When an internal or other error occurs during the listing of a pool, return an error code when extiting ippool(8). Printing an error to stderr without returning an error code is useless in shell scripts. MFC after: 2 weeks
* ipfilter/ippool: Dump a copy of ippool in ippool.conf formatCy Schubert2022-09-224-6/+27
| | | | | | | Add an ippool(8) option to dump a copy of the inm-memory ippool tables in an ippool(5) format so that it can be reloaded using ippool -f. MFC after: 2 weeks
* ipf.4: Correct a typo in the manual pageGordon Bergling2022-09-041-1/+1
| | | | | | - s/occured/occurred/ MFC after: 3 days
* ipfilter: Support only jails in VNETCy Schubert2022-07-071-1/+3
| | | | | | | | | | | | Jails without VNET have complete access to the ipfilter rules, NAT, pools and logs. This is insecure. Only allow jails to manipulate ipfilter rules, NAT tables and ippools if the jail has its own VNET. Otherwise a jail can affect the global system. This patch brings ipfilter in line with ipfw's support of VNET jails and non-support of non-VNET jails. MFC after: 1 week
* ipnat(5): Fix a double word in the manual pageGordon Bergling2022-04-091-1/+1
| | | | | | - s/be be/be/ MFC after: 3 days
* ipf(5): Fix a typo in the manual pageGordon Bergling2022-04-021-1/+1
| | | | | | - s/accomodate/accommodate/ MFC after: 3 days
* ipfilter: Reliably print the interface nameCy Schubert2022-03-031-9/+5
| | | | | | | | | | | | When printing the interface name from the ipstate_t struct the interface name in is_ifp may not always be avaiable when reading it from kmem (tested on FreeBSD and NetBSD). However the is_ifname (the interface name character string) is almost always available -- it is not available when the source of the packet is a process running on the firewall itself. Rather than print both interface name strings, print only the one. MFC after: 1 week
* ipfilter: Obtain the interface name more efficientlyCy Schubert2022-03-031-2/+2
| | | | | | | | | Rather than use a kmem read to determine the interface name used by a nat_t structure through a pointer, nat_ipfs->netif->if_xname, obtain it directly from nat_ifnames in the nat_t structure itself using the new FORMAT_IF macro. MFC after: 1 week
* ipfilter: Introduce the new FORMAT_IF macroCy Schubert2022-03-031-0/+1
| | | | | | | | | | | | Interface names stored in the ipstate_t and ipnat_t structures can be NULL. This occurs when an application, such as named, is running on the firewall machine itself. For example an application, i.e. named, running on the firewall itself will cause a state table display and NAT mapping display to show a null ingress interface and its egress interface. This is perfectly valid but confusing to human eyes. Rather than print nothing, print "(null)". MFC after: 1 week
* ipfilter: Print protocol when listing NAT table mappingsCy Schubert2022-02-281-0/+17
| | | | | | | | | | | | | NAT table mappings list only the source and destination IP, the source and destinaion port numbers, and their mappings. But the protocol is not listed. Now that Facebook and Google use QUIC, seeing port 443 in in a list of active NAT sessions could mean 443/tcp or 443/udp. This patch adds the protocol to the listing to aid in determining whether HTTPS is TCP or QUIC in a NAT mapping listing. This also helps differentiatinete between other protocols such as ICMP, ESP, and AH in ipnat list of active sessions. MFC after: 1 week
* ipfilter: Restore ipfsyncCy Schubert2022-01-083-0/+1201
| | | | | | | | | ipfsync is a WIP sync daemon designed to be used in a failover scenario. It was removed by 5ee61c7daa511927aae8652d6a3ea78866a50ef8. This commit restores its three files. ipfsync is in my work queue. MFC after: 10 days X-MFC with: 5ee61c7daa511927aae8652d6a3ea78866a50ef8
* ipfilter: Fix manpage typosCy Schubert2022-01-045-6/+6
| | | | | | Reported by: jrtc27 Fixes: 2582ae5740181e0d2bab10003d66ae91c9b56329 MFC after: 1 month
* ipfilter userland: Fix typosCy Schubert2022-01-041-4/+4
| | | | | | Reported by: netchild Fixes: 2582ae5740181e0d2bab10003d66ae91c9b56329 MFC after: 1 month
* ipfilter userland: Fix branch mismergeCy Schubert2022-01-041-44/+27
| | | | | | | | | | | | | | | | The work to ANSIfy and adjust returns to style(9) resulted in a mismerge of a stash when ipfilter was moved from contrib to sbin. An older file replaced WIP at the time, resulting in a regression. The majority of this work was done in 2018 saved as git stashes within a git-svn tree and migrated to the git tree. The regression occurred when the various stashes were sequentially merged to create individual commits, following the ipfilter move to netpfil and sbin. Reported by: jrtc27 Fixes: 2582ae5740181e0d2bab10003d66ae91c9b56329 Pointy hat to: cy MFC after: 1 month
* ipfilter userland: Style(9) requires a space after returnCy Schubert2022-01-04105-778/+778
| | | | | | Reported by: jrtc27 Fixes: 2582ae5740181e0d2bab10003d66ae91c9b56329 MFC after: 1 month
* ipfilter: Fix typosCy Schubert2022-01-041-4/+4
| | | | | | Reported by: jrtc27 Fixes: 2582ae5740181e0d2bab10003d66ae91c9b56329 MFC after: 1 month
* ipfilter userland: Fix whitespace errorsCy Schubert2022-01-046-20/+20
| | | | | | Replace leading spaces with a tabs on affected lines. MFC after: 1 month
* ipfilter userland: Remove trailing whitespaceCy Schubert2022-01-047-14/+14
| | | | MFC after: 1 month
* ipfilter: Adjust userland returns to conform to style(9)Cy Schubert2022-01-04117-948/+965
| | | | | | Adjust ipfilter's userland return statements to conform to style(9). MFC after: 1 month
* ipfilter: INLINE --> inlineCy Schubert2022-01-041-3/+3
| | | | | | | | | Replace the INLINE macro with inline. Some ancient compilers supported __inline__ instead of inline. The INLINE hack compensated for it. Ancient compilers are history. Reported by: glebius MFC after: 1 month
* ipflter: ANSIfy userland function declarationsCy Schubert2022-01-04154-1594/+837
| | | | | | | | | | | Convert ipfilter userland function declarations from K&R to ANSI. This syncs our function declarations with NetBSD hg commit 75edcd7552a0 (apply our changes). Though not copied from NetBSD, this change was partially inspired by NetBSD's work and inspired by style(9). Reviewed by: glebius (for #network) MFC after: 1 month Differential Revision: https://reviews.freebsd.org/D33595
* ipfilter userland: Revert the ipmon part of a6fb9bbea731Cy Schubert2021-12-272-65/+61
| | | | | | | a6fb9bbea731 caused incorrect formatting of ipmon log output. Fixes: a6fb9bbea7318e993dfe0f8a7f00821f79850b26 MFC after: immediately
generated by cgit v1.2.3 (git 2.25.1) at 2024-10-21 06:42:59 +0000