summaryrefslogtreecommitdiff
path: root/usr.sbin/ftp-proxy
AgeCommit message (Collapse)Author
2013-03-15camield requested backout of rev 1.26, and indeed ftp-proxy does notSebastian Benoit
need it.
2013-03-11handle ECONNABORTED errors from accept(). In many code blocks they can beTheo de Raadt
ignored silently and without aborting, much like EINTR and EWOULDBLOCK are. ok's from various maintainers of these directories...
2013-03-10reserve a filedescriptor on accept() for subsequent connect() call, asSebastian Benoit
done in relayd. ok sthen, deraadt
2012-09-18prio 0 is valid, therefore, I chose an "impossible" value for prio meaningHenning Brauer
"not set" and used a PF_PRIO_NOTSET define for it. now that means that everything that creates a struct pf_rule doesn't get away with bzero'ing it, which turned out to be not so nice. so get rid of PF_PRIO_NOTSET, instead, make a rule+state flag PFSTATE_SETPRIO which indicates wether the prio should be set. ok benno claudio mikeb
2012-07-07rename prio in struct pf_rule and related structs to set_prio so it isHenning Brauer
utterly clear this is not a filter criteria but a packet modification thing. also preparation for upcoming changes, including one to unscrew this mess (I should not have to touch half the tree for this - ifixitlater) not user visible, ok gcc
2012-06-25log all, not log-all; ok henningJason McIntyre
2012-04-30Check for nat_range_high before creating the PF nat rule.Christiano F. Haesbaert
From Lawrence Teo. ok camield, myself, mikeb.
2012-04-05Rate-limit accepting of new connections while we are experiencingCamiel Dobbelaar
fd exhaustion. ok deraadt mikeb
2012-03-06catch up with "on rdomain" changes; ok claudioMike Belopuhov
2012-03-04In preparation for getline and getdelim additions to libc, rename getline()Federico G. Schwindt
occurrences to get_line(). Based on a diff from Jan Klemkow <j-dot-klemkow-at-wemelug-dot-de> to tech.
2011-06-22fix whitespaceStuart Henderson
2011-06-21Convert SO_RTABLE's protocol level to the SOL_SOCKET; ok claudioMike Belopuhov
2011-05-16tweak previous;Jason McIntyre
2011-05-12Make it clear that ftp-proxy needs to make outbound connections.Ryan Thomas McBride
ok claudio
2011-04-28divert-to is picky about the address family so adjust the ruleMike Belopuhov
2011-04-28switch ftp-proxy over to divert-to instead of rdr-to. this avoidsMike Belopuhov
an expensive state lookup (via natlook ioctl) and shrinks the code. tested by me and sthen, ok reyk sthen
2011-03-25Use the rdomain information returned by DIOCNATLOOK to install theClaudio Jeker
nat-to and rdr-to rules with correct rtable rule attributes. This allows to use ftp-proxy to proxy accross rdomains. Tested and OK phessler@, OK henning@
2010-01-13pfr.rule.*.addr.type must be initialized to PF_ADDR_NONE for things thatClaudio Jeker
are not used. bzero() of the rule structure is not enough. Find with dlg@, OK mcbride@
2010-01-12First pass at removing the 'pf_pool' mechanism for translation and routingRyan Thomas McBride
actions. Allow interfaces to be specified in special table entries for the routing actions. Lists of addresses can now only be done using tables, which pfctl will generate automatically from the existing syntax. Functionally, this deprecates the use of multiple tables or dynamic interfaces in a single nat or rdr rule. ok henning dlg claudio
2009-11-22Move from the PF_RULESET_FILTER world order to PF_TRANS_RULESETTheo de Raadt
due to the standard henning+oga commit-and-run-for-beer problem. ok claudio
2009-11-21If tagging is used use match rules instead of pass rules. This is neededClaudio Jeker
so that later pass rules will not overwrite the nat-to/rdr-to settings. Because of this there must be an expilicit "pass .. tagged proxytag .." rule after the ftp-proxy anchor. OK henning@
2009-09-07rdr -> rdr-toJason McIntyre
from Karl-Heinz Wild
2009-09-01Bring manpage up to speed with the changes that just happend or at leastClaudio Jeker
try to.
2009-09-01Bring ftp-proxy in sync with the massive pf change just commited by Henning.Claudio Jeker
This changes the way the rdr/nat rules are added to pf. Now only a single anchor is needed (the other ones do no longer exist). To convert your ruleset you need something like this at the start of your ruleset: # filter rules and anchors for ftp-proxy(8) anchor "ftp-proxy/*" pass in quick proto tcp to port ftp rdr-to 127.0.0.1 port 8021 This was tested by myself, sthen@, dlg@ and I think many more. OK by the same people plus henning.
2008-06-13Better error messages. Include the function causing the problem and do notClaudio Jeker
include the program name in logmsg() plus exit_daemon() does not return so make it a void function. OK mpf@
2008-04-22Flush output buffers before closing TCP session. Fixes the case whereJoel Knight
the proxy would eat the 221 response coming from the server towards the client. Patch from camield@. Tested by Camiel and myself. ok camield@
2008-04-13Use arc4random_buf() when requesting more than a single word of outputDamien Miller
Use arc4random_uniform() when the desired random number upper bound is not a power of two ok deraadt@ millert@
2008-02-26Don't pass quick when tagging, so the tag can be used outsideHenning Brauer
the ftp-proxy anchor. Exotic setups with route-to etc. can be implemented this way. from camield, ok reyk beck canacar and manpage polished by jmc
2007-08-15Some servers / proxies out there like to open the data connectionCamiel Dobbelaar
immediately after the client sends the PORT command. The "normal" behaviour is to wait for the client to actually request a transfer. Make ftp-proxy add the active mode rules immediately too, so that both scenario's work. ok david pyr Tested by Frank Denis, Stephan A. Rickauer, Ingo Schwarze, Stuart Henderson. Thanks.
2007-08-01- -T before -tJason McIntyre
- use .Bk/.Ek
2007-08-01allow ftp-proxy to add tag statements to teh rules it insertsHenning Brauer
clever, nice and easy diff from bsd@openbsd.rutgers.edu, ok pyr reyk
2007-05-31convert to new .Dd format;Jason McIntyre
2006-12-30Remove stub write callback functions now that libevent allows them to be NULL.Camiel Dobbelaar
2006-12-30Convert three instances of atoi() to strtonum() and apply sane upper bounds.Camiel Dobbelaar
Triggered by Rik/harry Bobbaers on bugs@. ok mbalmer@ ray@
2006-12-12Ignore sigpipe as libevent does not handle that for us. Confirmed byCamiel Dobbelaar
provos. Fixes race condition where ftp-proxy would silently exit if a write was attempted on a socket that was closed by an RST. Should fix PR 5260. ok claudio@
2006-12-01forgot to update the comment as wellCamiel Dobbelaar
2006-12-01use flags S/SA for consistency with the rest of pfCamiel Dobbelaar
2006-11-26repair missing DPADD requestsTheo de Raadt
2006-10-23no need to use "keep state" and "flags S/SA" in pf rules,Jason McIntyre
now that it is the default; ok henning mcbride camield (ftp-proxy bits) deraadt
2006-10-15Close file descriptors before cleaning up the events, might cause a raceCamiel Dobbelaar
otherwise.
2006-08-30document that ftp-proxy cannot function at a raised securelevelCamiel Dobbelaar
ok jmc marco
2006-03-25unused variableCamiel Dobbelaar
from Andrey Matveev
2006-03-22Rework signal handling the idiomatic libevent way. From ospfd.Camiel Dobbelaar
ok claudio henning
2005-11-20.Sh SECURITY -> .Sh CAVEATSJason McIntyre
ok camield@
2005-11-18don't assume that close() can fail, from deraadtCamiel Dobbelaar
ok henning deraadt
2005-11-17buffer overflowTheo de Raadt
2005-06-07add OpenBSD cvs tags, prompted by xsa@Camiel Dobbelaar
2005-06-07Introduce verbose option to control the logging of the pf rules.Camiel Dobbelaar
ok beck mpf
2005-05-31tweaks;Jason McIntyre
2005-05-30Don't call va_start() when we do not log. From Andrey Matveev.Camiel Dobbelaar