summaryrefslogtreecommitdiff
path: root/sys/net
AgeCommit message (Collapse)Author
2003-01-25Fix the behaviour of rdr rules which redirect to a range of ports;Ryan Thomas McBride
Stop overloading PF_OP_RRG as a flag where it doesn't make sense, and makes the port mapping more flexble, allows mapping a destination port range of one size to an other of a different size. Fixes and additional testing courtesy of dhartmei@ ok dhartmei@
2003-01-25Fix a bug that potentially caused fragments to be dropped when theDaniel Hartmeier
overlap calculation got negative. Found by Baruch Even. ok henning@
2003-01-24Sigh, pf_pull_hdr (aka pf_pull_hair) doesn't do an m_pullup, it merelyDaniel Hartmeier
copies the data to the specified buffer. So, for TCP options, provide an sufficiently large buffer and copy to there.
2003-01-24Move the mbuf pullup for TCP options to the beginning of TCP handling,Daniel Hartmeier
doing it later can invalidate pointers to mbuf data. This fixes subtle breakage just introduced (with 1.306).
2003-01-24Fix wscale support, the first version didn't really work right.Daniel Hartmeier
Interestingly, our own stack uses wscale 1 quite regularly, and I now suspect that this is what caused most of the state failures I've seen. They were quite rare, but with working wscale support, they are reduced even more. ok henning@
2003-01-23Fix a bug where the kernel crashes when translating IPv6 ICMP packets.Daniel Hartmeier
This only happens when using nat/rdr/binat on IPv6 connections, which hasn't been used before, obviously. But it does work now. Reported and confirmed by evilted@efnet, ok mcbride@
2003-01-21Support for TCP window scaling (RFC 1323). ok frantzen@Daniel Hartmeier
2003-01-20It's difficult to create a table by changing its flags.Cedric Berger
2003-01-20just for safety. from http://templeofhate.com/tglaser/pub/obsd.diffJun-ichiro itojun Hagino
2003-01-19format string fixesHenning Brauer
inspired by Thorsten Glaser via fries@ ok theo
2003-01-18Argh! KNF.Ryan Thomas McBride
pointed out in advance by dhartmei@
2003-01-18Make nat behave the way it used to by copying back the random source portRyan Thomas McBride
correctly. Also remove some extra cruft in pf_get_sport related to the "static-port" behaviour. bug report from mpech@ and form@ testing cedric@ "looks sane to me" henning@ ok dhartmei@
2003-01-17typo: bandwith -> bandwidthCamiel Dobbelaar
2003-01-15Fix another buglet with inactive sets.Cedric Berger
table <foo> { 1.2.3.4 1.2.3.4 1.2.3.4 } Was causing the kernel to become noisy. Now duplicates are silently rejected.
2003-01-15Fix a buglet when one "creates" a table which is already in theCedric Berger
referenced or inactive set. Flags were not updated correctly. Tested on i386, sparc64. More regression tests coming.
2003-01-15Cleanup NULL tests in and around pfr_destroy_ktable().Cedric Berger
Makes code more readable.
2003-01-15Kill stupid leaks when using FLAG_DUMMY option.Cedric Berger
Removes "_" from pool names. Regression tests for memory allocation coming soon....
2003-01-13Improve robustness & error handling. More thorough checks of user data.Cedric Berger
- Reject invalid CIDR networks (1.2.3.4/16 & friends). - Only allow values 0 or 1 for the "neg" flag. - Require all unused data to be set to 0 in pfr_addr and pfr_table. - Always check the return value of pfr_route_entry(). - Remove redundant kernel messages. Tested on i386, sparc64. Pass my (uncommited) regression tests.
2003-01-10Fix adding and deleting addresses in a table when there is a conflict withCedric Berger
the "negated" attribute of an address. The previous behaviour was incorrect in both cases (too strict for the add command and too permissive for the delete command). ok dhartmei@
2003-01-10Cosmetic change, makes code a bit easier to understand.Cedric Berger
2003-01-09minor KNFHenning Brauer
2003-01-09(whitespace) KNF, re-fold -w 80Daniel Hartmeier
2003-01-09Add support for active/inactive tablesets in the kernel.Cedric Berger
Add table definition/initialisation construct in pfctl parser. Add and fix documentation for pf.4 and pf.conf.5. Tested on i386 and sparc64 by myself, macppc by Daniel. ok dhartmei@
2003-01-07apply the discover rule to bridge_output() as wellJason Wright
2003-01-07remove the altq classifier code which is replaced by pf and no longer used.Kenjiro Cho
ok henning@, deraadt@
2003-01-07Remove table name hashing (pass the name in each ioctl instead), andDaniel Hartmeier
introduce reference counting for tables, they are now automatically created and deleted through referencing rules. Diff partly from cedric@. ok mcbride@, henning@, cedric@
2003-01-06Move initialisation of radix table globals in pfr_initialize()Cedric Berger
ok dhartmei@
2003-01-06knfTheo de Raadt
2003-01-05Move ifname from pf_addr to pf_addr_wrap, prepare pf_addr_wrap for tableDaniel Hartmeier
name. ok henning@, mcbride@, cedric@
2003-01-04spellingTheo de Raadt
2003-01-04move noroute from flag in pf_rule_addr into type in pf_addr_wrap.Daniel Hartmeier
ok henning@, mcbride@
2003-01-04Honour noroute in skip step calculation, found by cedric@Daniel Hartmeier
2003-01-04Remove unused pf_add_addr(), ok mcbride@Daniel Hartmeier
2003-01-03KNFTheo de Raadt
2003-01-03Fix the unicast case call to bridge_rtupdate(), check that the -source-Jason Wright
interface is LEARNING not the destination.
2003-01-031) pfr_insert_kentries() cannot return ENOMEM anymore -> make it void.Cedric Berger
2) add new PFR_FLAG_REPLACE for use by pfr_tst_addrs(). 3) add new pfrio_nmatch alias to pfioc_table, set by pfr_tst_addrs(). Tested on i386, sparc64
2003-01-02Remove explicit numbering of enums.Ryan Thomas McBride
ok fgsch@ dhartmei@ henning@
2003-01-02Require a direction to be specified for rules which do routing.Ryan Thomas McBride
ok dhartmei@ henning@
2003-01-02When route-to/reply-to is used in combination with address translation,Daniel Hartmeier
pf_test() may be called twice for the same packet. In this case, make sure the translation is only applied in the second call. This solves the problem with state insert failures where the second pf_test() call tried to insert another state entry after the first call's translation. ok henning@, mcbride@, thanks to Joe Nall for additional testing.
2003-01-01Repair my last commit - zero the 2 radix nodes before inserting into table.Cedric Berger
2003-01-01use a #define for the default state table sizeHenning Brauer
2003-01-01KNFHenning Brauer
2003-01-01KNFHenning Brauer
2003-01-01disable the CLSTATS flag for now, since it violates the O_RDONLY check.Cedric Berger
2003-01-01Behaves correctly when duplicate addresses are given in the same ioctl.Cedric Berger
(i.e: pfradix -a test 1.2.3.4 1.2.3.4). The ioctl can also report theses duplicate to the caller using the new PFR_FB_DUPLICATE feedback tag.
2003-01-01Behaves properly when someone try to insert/delete the same table nameCedric Berger
multiple time in the same ioctl (i.e. pfradix -A/D test test test). This is not a very efficient implementation, and I'll change it if someone really add/delete more than hundred of tables in the same ioctl.
2003-01-01Remove skip step for action (scrub vs. non-scrub), as scrub rules areDaniel Hartmeier
stored in a separate list now. Regress tests still pass after sed "s/ a=end / /g", other skip steps are not affected.
2003-01-01Fix breakage from PF_RULESET_MAX increase, regress tests match again.Daniel Hartmeier
2002-12-31Split scrub rules out from the filter rules in the kernel.Ryan Thomas McBride
Precursor to removing rule.action from skip steps. Also a couple of other small fixes: - s/PF_RULESET_RULE/PF_RULESET_FILTER/ - replacement of 4 with PF_RULESET_MAX in pfvar.h struct ruleset { - error handling in ioctl of an invalid value in rule.action - counting evaluations and matching packets for scrub rules ok henning@ dhartmei@
2002-12-31don't overrun user-supplied buffer. from jinmei@kame, deraadt okJun-ichiro itojun Hagino
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-22 22:42:06 +0000