summaryrefslogtreecommitdiffstats
path: root/sys/net/pf_table.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Allow tables to be loaded into anchors.cedric2003-04-301-11/+99
| | | | | | Most pfctl table commands (excluding 'show' and 'flush') support the "-a" modifier. ok dhartmei@
* Update the pfioc_table IOCTL structure.cedric2003-04-271-5/+5
| | | | | | Prepare for anchors, improve robustness. WARNING: need to sync kernel/userland. ok dhartmei@
* KNFderaadt2003-04-041-2/+2
|
* - Add missing "\n" to some pf_table.c printf()cedric2003-03-211-15/+15
| | | | | | | | | | | | - Fix two problems with pfr_update_stats(). Filtering was done properly, only stats were wrong. People should upgrade their kernel if: - They use bidirectional rules (without "in" or "out") with tables. - They use tables in negated statements, like "block from !<foo>" Thanks to David Krause for discovering the problem. Ok dhartmei@ henning@
* Correctly flag out radix_node entries with RNF_ROOT flag set: this is notcedric2003-03-141-1/+15
| | | | | | | | a match. Before that patch, an IP packet with source or dest address of 0.0.0.0 could corrupt the kernel. People filtering DHCP packets on their firewall using tables should upgrade their kernel now. Thanks to Chris Cappuccio for the good bug report. Ok dhartmei@ henning@
* Plug slow memory leak (radix_mask structure).cedric2003-03-131-1/+20
| | | | | tested on i386 by me and Daniel on macppc. ok dhartmei@ henning@
* Small fixes after code review, mostly on error path.cedric2003-03-051-12/+8
| | | | ok dhartmei@ henning@ pb@
* splsoftnet() around rn_lookup() which is not thread-safe.cedric2003-02-281-1/+4
| | | | ok dhartmei@ henning@
* Repair IPv6 support for tables.cedric2003-02-271-3/+3
| | | | ok dhartmei@ henning@
* Labels should be followed by statements (fix gcc3 warning).henric2003-02-121-1/+4
| | | | ok cedric, jason, theo
* Fix another buglet with inactive sets.cedric2003-01-151-4/+7
| | | | | | table <foo> { 1.2.3.4 1.2.3.4 1.2.3.4 } Was causing the kernel to become noisy. Now duplicates are silently rejected.
* Fix a buglet when one "creates" a table which is already in thecedric2003-01-151-24/+26
| | | | | referenced or inactive set. Flags were not updated correctly. Tested on i386, sparc64. More regression tests coming.
* Cleanup NULL tests in and around pfr_destroy_ktable().cedric2003-01-151-14/+10
| | | | Makes code more readable.
* Kill stupid leaks when using FLAG_DUMMY option.cedric2003-01-151-5/+7
| | | | | Removes "_" from pool names. Regression tests for memory allocation coming soon....
* Improve robustness & error handling. More thorough checks of user data.cedric2003-01-131-35/+96
| | | | | | | | | - Reject invalid CIDR networks (1.2.3.4/16 & friends). - Only allow values 0 or 1 for the "neg" flag. - Require all unused data to be set to 0 in pfr_addr and pfr_table. - Always check the return value of pfr_route_entry(). - Remove redundant kernel messages. Tested on i386, sparc64. Pass my (uncommited) regression tests.
* Fix adding and deleting addresses in a table when there is a conflict withcedric2003-01-101-9/+19
| | | | | | | the "negated" attribute of an address. The previous behaviour was incorrect in both cases (too strict for the add command and too permissive for the delete command). ok dhartmei@
* Cosmetic change, makes code a bit easier to understand.cedric2003-01-101-5/+8
|
* (whitespace) KNF, re-fold -w 80dhartmei2003-01-091-5/+5
|
* Add support for active/inactive tablesets in the kernel.cedric2003-01-091-190/+459
| | | | | | | Add table definition/initialisation construct in pfctl parser. Add and fix documentation for pf.4 and pf.conf.5. Tested on i386 and sparc64 by myself, macppc by Daniel. ok dhartmei@
* Remove table name hashing (pass the name in each ioctl instead), anddhartmei2003-01-071-145/+78
| | | | | | introduce reference counting for tables, they are now automatically created and deleted through referencing rules. Diff partly from cedric@. ok mcbride@, henning@, cedric@
* Move initialisation of radix table globals in pfr_initialize()cedric2003-01-061-3/+17
| | | | ok dhartmei@
* knfderaadt2003-01-061-21/+19
|
* Move ifname from pf_addr to pf_addr_wrap, prepare pf_addr_wrap for tabledhartmei2003-01-051-8/+8
| | | | name. ok henning@, mcbride@, cedric@
* KNFderaadt2003-01-031-13/+13
|
* 1) pfr_insert_kentries() cannot return ENOMEM anymore -> make it void.cedric2003-01-031-28/+25
| | | | | | 2) add new PFR_FLAG_REPLACE for use by pfr_tst_addrs(). 3) add new pfrio_nmatch alias to pfioc_table, set by pfr_tst_addrs(). Tested on i386, sparc64
* Repair my last commit - zero the 2 radix nodes before inserting into table.cedric2003-01-011-1/+2
|
* KNFhenning2003-01-011-3/+3
|
* disable the CLSTATS flag for now, since it violates the O_RDONLY check.cedric2003-01-011-3/+3
|
* Behaves correctly when duplicate addresses are given in the same ioctl.cedric2003-01-011-21/+56
| | | | | (i.e: pfradix -a test 1.2.3.4 1.2.3.4). The ioctl can also report theses duplicate to the caller using the new PFR_FB_DUPLICATE feedback tag.
* Behaves properly when someone try to insert/delete the same table namecedric2003-01-011-23/+35
| | | | | | multiple time in the same ioctl (i.e. pfradix -A/D test test test). This is not a very efficient implementation, and I'll change it if someone really add/delete more than hundred of tables in the same ioctl.
* Don't forget to copyout the time at which statistics got cleared.cedric2002-12-301-1/+2
|
* really count the number of deleted tables - obvious fix.cedric2002-12-301-2/+4
|
* KNFhenning2002-12-301-117/+118
|
* Add support for radix tables for source and destination of PF rules.cedric2002-12-291-0/+1347
ok dhartmei@, mcbride@, henning@
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.