CVS commit: src/dist/pf/sbin/pfctl
Module Name:src Committed By: joerg Date: Wed Apr 22 23:40:40 UTC 2020 Modified Files: src/dist/pf/sbin/pfctl: pfctl.c Log Message: Externalize variables owned logically by pf_ruleset.c To generate a diff of this commit: cvs rdiff -u -r1.5 -r1.6 src/dist/pf/sbin/pfctl/pfctl.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/dist/pf/sbin/pfctl/pfctl.c diff -u src/dist/pf/sbin/pfctl/pfctl.c:1.5 src/dist/pf/sbin/pfctl/pfctl.c:1.6 --- src/dist/pf/sbin/pfctl/pfctl.c:1.5 Wed Jun 18 09:06:26 2008 +++ src/dist/pf/sbin/pfctl/pfctl.c Wed Apr 22 23:40:40 2020 @@ -1,4 +1,4 @@ -/* $NetBSD: pfctl.c,v 1.5 2008/06/18 09:06:26 yamt Exp $ */ +/* $NetBSD: pfctl.c,v 1.6 2020/04/22 23:40:40 joerg Exp $ */ /* $OpenBSD: pfctl.c,v 1.268 2007/06/30 18:25:08 henning Exp $ */ /* @@ -96,8 +96,8 @@ int pfctl_load_ruleset(struct pfctl *, int pfctl_load_rule(struct pfctl *, char *, struct pf_rule *, int); const char *pfctl_lookup_option(char *, const char **); -struct pf_anchor_global pf_anchors; -struct pf_anchor pf_main_anchor; +extern struct pf_anchor_global pf_anchors; +extern struct pf_anchor pf_main_anchor; const char *clearopt; char *rulesopt;
CVS commit: src/dist/pf/share/man
Module Name:src Committed By: maxv Date: Fri Aug 17 12:36:53 UTC 2018 Modified Files: src/dist/pf/share/man/man4: pflog.4 pfsync.4 src/dist/pf/share/man/man5: pf.conf.5 pf.os.5 Log Message: Add a deprecation note in each of the PF man pages (instead of just pf.4), so that it's really clear. To generate a diff of this commit: cvs rdiff -u -r1.6 -r1.7 src/dist/pf/share/man/man4/pflog.4 \ src/dist/pf/share/man/man4/pfsync.4 cvs rdiff -u -r1.16 -r1.17 src/dist/pf/share/man/man5/pf.conf.5 cvs rdiff -u -r1.6 -r1.7 src/dist/pf/share/man/man5/pf.os.5 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/dist/pf/share/man/man4/pflog.4 diff -u src/dist/pf/share/man/man4/pflog.4:1.6 src/dist/pf/share/man/man4/pflog.4:1.7 --- src/dist/pf/share/man/man4/pflog.4:1.6 Sun Mar 22 14:29:34 2009 +++ src/dist/pf/share/man/man4/pflog.4 Fri Aug 17 12:36:53 2018 @@ -1,4 +1,4 @@ -.\" $NetBSD: pflog.4,v 1.6 2009/03/22 14:29:34 perry Exp $ +.\" $NetBSD: pflog.4,v 1.7 2018/08/17 12:36:53 maxv Exp $ .\" $OpenBSD: pflog.4,v 1.10 2007/05/31 19:19:51 jmc Exp $ .\" .\" Copyright (c) 2001 Tobias Weingartner @@ -24,7 +24,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd May 31, 2007 +.Dd August 17, 2018 .Dt PFLOG 4 .Os .Sh NAME @@ -33,6 +33,13 @@ .Sh SYNOPSIS .Cd "pseudo-device pflog" .Sh DESCRIPTION +.Bf -symbolic +The NetBSD version of PF is obsolete, and its use is strongly discouraged. +Use +.Xr npf 7 +instead. +.Pp +.Ef The .Nm pflog interface is a pseudo-device which makes visible all packets logged by Index: src/dist/pf/share/man/man4/pfsync.4 diff -u src/dist/pf/share/man/man4/pfsync.4:1.6 src/dist/pf/share/man/man4/pfsync.4:1.7 --- src/dist/pf/share/man/man4/pfsync.4:1.6 Mon Apr 12 21:28:23 2010 +++ src/dist/pf/share/man/man4/pfsync.4 Fri Aug 17 12:36:53 2018 @@ -1,4 +1,4 @@ -.\" $NetBSD: pfsync.4,v 1.6 2010/04/12 21:28:23 wiz Exp $ +.\" $NetBSD: pfsync.4,v 1.7 2018/08/17 12:36:53 maxv Exp $ .\" $OpenBSD: pfsync.4,v 1.25 2007/05/31 19:19:51 jmc Exp $ .\" .\" Copyright (c) 2002 Michael Shalayeff @@ -25,7 +25,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd April 12, 2010 +.Dd August 17, 2018 .Dt PFSYNC 4 .Os .Sh NAME @@ -34,6 +34,13 @@ .Sh SYNOPSIS .Cd "pseudo-device pfsync" .Sh DESCRIPTION +.Bf -symbolic +The NetBSD version of PF is obsolete, and its use is strongly discouraged. +Use +.Xr npf 7 +instead. +.Pp +.Ef The .Nm interface is a pseudo-device which exposes certain changes to the state Index: src/dist/pf/share/man/man5/pf.conf.5 diff -u src/dist/pf/share/man/man5/pf.conf.5:1.16 src/dist/pf/share/man/man5/pf.conf.5:1.17 --- src/dist/pf/share/man/man5/pf.conf.5:1.16 Wed Oct 14 17:44:25 2009 +++ src/dist/pf/share/man/man5/pf.conf.5 Fri Aug 17 12:36:53 2018 @@ -1,4 +1,4 @@ -.\" $NetBSD: pf.conf.5,v 1.16 2009/10/14 17:44:25 joerg Exp $ +.\" $NetBSD: pf.conf.5,v 1.17 2018/08/17 12:36:53 maxv Exp $ .\" $OpenBSD: pf.conf.5,v 1.383 2007/07/17 16:27:38 jmc Exp $ .\" .\" Copyright (c) 2002, Daniel Hartmeier @@ -28,13 +28,20 @@ .\" ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.Dd June 26, 2007 +.Dd August 17, 2018 .Dt PF.CONF 5 .Os .Sh NAME .Nm pf.conf .Nd packet filter configuration file .Sh DESCRIPTION +.Bf -symbolic +The NetBSD version of PF is obsolete, and its use is strongly discouraged. +Use +.Xr npf 7 +instead. +.Pp +.Ef The .Xr pf 4 packet filter modifies, drops or passes packets according to rules or Index: src/dist/pf/share/man/man5/pf.os.5 diff -u src/dist/pf/share/man/man5/pf.os.5:1.6 src/dist/pf/share/man/man5/pf.os.5:1.7 --- src/dist/pf/share/man/man5/pf.os.5:1.6 Sun Mar 22 14:29:35 2009 +++ src/dist/pf/share/man/man5/pf.os.5 Fri Aug 17 12:36:53 2018 @@ -1,4 +1,4 @@ -.\" $NetBSD: pf.os.5,v 1.6 2009/03/22 14:29:35 perry Exp $ +.\" $NetBSD: pf.os.5,v 1.7 2018/08/17 12:36:53 maxv Exp $ .\" $OpenBSD: pf.os.5,v 1.8 2007/05/31 19:19:58 jmc Exp $ .\" .\" Copyright (c) 2003 Mike Frantzen @@ -14,13 +14,20 @@ .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.Dd May 31, 2007 +.Dd August 17, 2018 .Dt PF.OS 5 .Os .Sh NAME .Nm pf.os .Nd format of the operating system fingerprints file .Sh DESCRIPTION +.Bf -symbolic +The NetBSD version of PF is obsolete, and its use is strongly discouraged. +Use +.Xr npf 7 +instead. +.Pp +.Ef The .Xr pf 4 firewall and the
CVS commit: src/dist/pf/sbin/pflogd
Module Name:src Committed By: sevan Date: Tue Aug 7 21:11:19 UTC 2018 Modified Files: src/dist/pf/sbin/pflogd: pflogd.8 Log Message: Escape Dx which otherwise gets interpreted as DragonFly. via r1.49 in OpenBSD. To generate a diff of this commit: cvs rdiff -u -r1.8 -r1.9 src/dist/pf/sbin/pflogd/pflogd.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/dist/pf/sbin/pflogd/pflogd.8 diff -u src/dist/pf/sbin/pflogd/pflogd.8:1.8 src/dist/pf/sbin/pflogd/pflogd.8:1.9 --- src/dist/pf/sbin/pflogd/pflogd.8:1.8 Tue Mar 18 18:20:35 2014 +++ src/dist/pf/sbin/pflogd/pflogd.8 Tue Aug 7 21:11:19 2018 @@ -1,4 +1,4 @@ -.\" $NetBSD: pflogd.8,v 1.8 2014/03/18 18:20:35 riastradh Exp $ +.\" $NetBSD: pflogd.8,v 1.9 2018/08/07 21:11:19 sevan Exp $ .\" $OpenBSD: pflogd.8,v 1.35 2007/05/31 19:19:47 jmc Exp $ .\" .\" Copyright (c) 2001 Can Erkin Acar. All rights reserved. @@ -34,7 +34,7 @@ .Sh SYNOPSIS .Nm pflogd .Bk -words -.Op Fl Dx +.Op Fl \ .Op Fl d Ar delay .Op Fl f Ar filename .Op Fl i Ar interface
CVS commit: src/dist/pf/share/man/man4
Module Name:src Committed By: maxv Date: Wed Aug 1 13:30:14 UTC 2018 Modified Files: src/dist/pf/share/man/man4: pf.4 Log Message: Add a bold note to say our PF is obsolete. To generate a diff of this commit: cvs rdiff -u -r1.12 -r1.13 src/dist/pf/share/man/man4/pf.4 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/dist/pf/share/man/man4/pf.4 diff -u src/dist/pf/share/man/man4/pf.4:1.12 src/dist/pf/share/man/man4/pf.4:1.13 --- src/dist/pf/share/man/man4/pf.4:1.12 Sat Dec 19 14:05:53 2009 +++ src/dist/pf/share/man/man4/pf.4 Wed Aug 1 13:30:13 2018 @@ -1,4 +1,4 @@ -.\" $NetBSD: pf.4,v 1.12 2009/12/19 14:05:53 ahoka Exp $ +.\" $NetBSD: pf.4,v 1.13 2018/08/01 13:30:13 maxv Exp $ .\" $OpenBSD: pf.4,v 1.59 2007/05/31 19:19:51 jmc Exp $ .\" .\" Copyright (C) 2001, Kjell Wooding. All rights reserved. @@ -27,7 +27,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd December 19, 2009 +.Dd August 1, 2018 .Dt PF 4 .Os .Sh NAME @@ -36,6 +36,13 @@ .Sh SYNOPSIS .Cd "pseudo-device pf" .Sh DESCRIPTION +.Bf -symbolic +The NetBSD version of PF is obsolete, and its use is strongly discouraged. +Use +.Xr npf 7 +instead. +.Pp +.Ef Packet filtering takes place in the kernel. A pseudo-device, .Pa /dev/pf ,
CVS commit: src/dist/pf/sbin/pfctl
Module Name:src
Committed By: mrg
Date: Sun Feb 4 08:44:36 UTC 2018
Modified Files:
src/dist/pf/sbin/pfctl: pfctl_altq.c pfctl_optimize.c
Log Message:
fix two issues found by GCC 6.4:
- cbq_compute_idletime() had a fprintf() not in the intended missing {}.
- skip_cmp_dst_addr() compared a vs a instead of a vs b.
To generate a diff of this commit:
cvs rdiff -u -r1.9 -r1.10 src/dist/pf/sbin/pfctl/pfctl_altq.c
cvs rdiff -u -r1.7 -r1.8 src/dist/pf/sbin/pfctl/pfctl_optimize.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/dist/pf/sbin/pfctl/pfctl_altq.c
diff -u src/dist/pf/sbin/pfctl/pfctl_altq.c:1.9 src/dist/pf/sbin/pfctl/pfctl_altq.c:1.10
--- src/dist/pf/sbin/pfctl/pfctl_altq.c:1.9 Mon Mar 1 00:14:08 2010
+++ src/dist/pf/sbin/pfctl/pfctl_altq.c Sun Feb 4 08:44:36 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: pfctl_altq.c,v 1.9 2010/03/01 00:14:08 joerg Exp $ */
+/* $NetBSD: pfctl_altq.c,v 1.10 2018/02/04 08:44:36 mrg Exp $ */
/* $OpenBSD: pfctl_altq.c,v 1.92 2007/05/27 05:15:17 claudio Exp $ */
/*
@@ -450,12 +450,13 @@ cbq_compute_idletime(struct pfctl *pf, s
* this causes integer overflow in kernel!
* (bandwidth < 6Kbps when max_pkt_size=1500)
*/
- if (pa->bandwidth != 0 && (pf->opts & PF_OPT_QUIET) == 0)
+ if (pa->bandwidth != 0 && (pf->opts & PF_OPT_QUIET) == 0) {
warnx("queue bandwidth must be larger than %s",
rate2str(ifnsPerByte * (double)opts->maxpktsize /
(double)INT_MAX * (double)pa->ifbandwidth));
fprintf(stderr, "cbq: queue %s is too slow!\n",
pa->qname);
+ }
nsPerByte = (double)(INT_MAX / opts->maxpktsize);
}
Index: src/dist/pf/sbin/pfctl/pfctl_optimize.c
diff -u src/dist/pf/sbin/pfctl/pfctl_optimize.c:1.7 src/dist/pf/sbin/pfctl/pfctl_optimize.c:1.8
--- src/dist/pf/sbin/pfctl/pfctl_optimize.c:1.7 Mon May 30 17:21:07 2016
+++ src/dist/pf/sbin/pfctl/pfctl_optimize.c Sun Feb 4 08:44:36 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: pfctl_optimize.c,v 1.7 2016/05/30 17:21:07 dholland Exp $ */
+/* $NetBSD: pfctl_optimize.c,v 1.8 2018/02/04 08:44:36 mrg Exp $ */
/* $OpenBSD: pfctl_optimize.c,v 1.13 2006/10/31 14:17:45 mcbride Exp $ */
/*
@@ -1084,7 +1084,7 @@ skip_cmp_dst_addr(struct pf_rule *a, str
return (0);
case PF_ADDR_DYNIFTL:
if (strcmp(a->dst.addr.v.ifname, b->dst.addr.v.ifname) != 0 ||
- a->dst.addr.iflags != a->dst.addr.iflags ||
+ a->dst.addr.iflags != b->dst.addr.iflags ||
memcmp(>dst.addr.v.a.mask, >dst.addr.v.a.mask,
sizeof(a->dst.addr.v.a.mask)))
return (1);
@@ -1156,7 +1156,7 @@ skip_cmp_src_addr(struct pf_rule *a, str
return (0);
case PF_ADDR_DYNIFTL:
if (strcmp(a->src.addr.v.ifname, b->src.addr.v.ifname) != 0 ||
- a->src.addr.iflags != a->src.addr.iflags ||
+ a->src.addr.iflags != b->src.addr.iflags ||
memcmp(>src.addr.v.a.mask, >src.addr.v.a.mask,
sizeof(a->src.addr.v.a.mask)))
return (1);
CVS commit: src/dist/pf/etc
Module Name:src Committed By: sevan Date: Sat Dec 16 07:52:08 UTC 2017 Modified Files: src/dist/pf/etc: pf.os Log Message: Add DragonFly BSD fingerprints. To generate a diff of this commit: cvs rdiff -u -r1.4 -r1.5 src/dist/pf/etc/pf.os Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/dist/pf/etc/pf.os diff -u src/dist/pf/etc/pf.os:1.4 src/dist/pf/etc/pf.os:1.5 --- src/dist/pf/etc/pf.os:1.4 Sat Dec 16 07:36:26 2017 +++ src/dist/pf/etc/pf.os Sat Dec 16 07:52:08 2017 @@ -1,4 +1,4 @@ -# $NetBSD: pf.os,v 1.4 2017/12/16 07:36:26 sevan Exp $ +# $NetBSD: pf.os,v 1.5 2017/12/16 07:52:08 sevan Exp $ # $OpenBSD: pf.os,v 1.27 2016/09/03 17:08:57 sthen Exp $ # passive OS fingerprinting # - @@ -318,6 +318,14 @@ S22:64:1:52:M*,N,N,S,N,W0: Linux:2.2:ts: 16384:64:1:64:M*,N,N,S,N,W6,N,N,T: OpenBSD:6.1::OpenBSD 6.1 16384:64:0:64:M*,N,N,S,N,W6,N,N,T: OpenBSD:6.1:no-df:OpenBSD 6.1 (scrub no-df) +# - DragonFly BSD - + +57344:64:1:60:M*,N,W0,N,N,T: DragonFly:1.0:A:DragonFly 1.0A +57344:64:0:64:M*,N,W0,N,N,S,N,N,T: DragonFly:1.2-1.12::DragonFly 1.2-1.12 +5840:64:1:60:M*,S,T,N,W4: DragonFly:2.0-2.1::DragonFly 2.0-2.1 +57344:64:0:64:M*,N,W0,N,N,S,N,N,T: DragonFly:2.2-2.3::DragonFly 2.2-2.3 +57344:64:0:64:M*,N,W5,N,N,S,N,N,T: DragonFly:2.4-2.7::DragonFly 2.4-2.7 + # - Solaris - S17:64:1:64:N,W3,N,N,T0,N,N,S,M*: Solaris:8:RFC1323:Solaris 8 RFC1323
CVS commit: src/dist/pf/etc
Module Name:src Committed By: sevan Date: Sat Dec 16 07:36:26 UTC 2017 Modified Files: src/dist/pf/etc: pf.os Log Message: Synchronise with r1.27 from OpenBSD To generate a diff of this commit: cvs rdiff -u -r1.3 -r1.4 src/dist/pf/etc/pf.os Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/dist/pf/etc/pf.os diff -u src/dist/pf/etc/pf.os:1.3 src/dist/pf/etc/pf.os:1.4 --- src/dist/pf/etc/pf.os:1.3 Wed Jun 18 09:06:25 2008 +++ src/dist/pf/etc/pf.os Sat Dec 16 07:36:26 2017 @@ -1,5 +1,5 @@ -# $NetBSD: pf.os,v 1.3 2008/06/18 09:06:25 yamt Exp $ -# $OpenBSD: pf.os,v 1.21 2006/07/28 21:51:12 david Exp $ +# $NetBSD: pf.os,v 1.4 2017/12/16 07:36:26 sevan Exp $ +# $OpenBSD: pf.os,v 1.27 2016/09/03 17:08:57 sthen Exp $ # passive OS fingerprinting # - # @@ -226,7 +226,13 @@ S2:64:1:60:M*,S,T,N,W0: Linux:2.4::Linu S3:64:1:60:M*,S,T,N,W0: Linux:2.4:.18-21:Linux 2.4.18 and newer S4:64:1:60:M*,S,T,N,W0: Linux:2.4::Linux 2.4/2.6 <= 2.6.7 S4:64:1:60:M*,S,T,N,W0: Linux:2.6:.1-7:Linux 2.4/2.6 <= 2.6.7 -S4:64:1:60:M*,S,T,N,W7: Linux:2.6:8:Linux 2.6.8 and newer (?) + +S4:64:1:60:M*,S,T,N,W5: Linux:2.6::Linux 2.6 (newer, 1) +S4:64:1:60:M*,S,T,N,W6: Linux:2.6::Linux 2.6 (newer, 2) +S4:64:1:60:M*,S,T,N,W7: Linux:2.6::Linux 2.6 (newer, 3) +T4:64:1:60:M*,S,T,N,W7: Linux:2.6::Linux 2.6 (newer, 4) + +S10:64:1:60:M*,S,T,N,W4: Linux:3.0::Linux 3.0 S3:64:1:60:M*,S,T,N,W1: Linux:2.5::Linux 2.5 (sometimes 2.4) S4:64:1:60:M*,S,T,N,W1: Linux:2.5-2.6::Linux 2.5/2.6 @@ -299,13 +305,19 @@ S22:64:1:52:M*,N,N,S,N,W0: Linux:2.2:ts: # - OpenBSD - 16384:64:0:60:M*,N,W0,N,N,T: OpenBSD:2.6::NetBSD 1.3 (or OpenBSD 2.6) -16384:64:1:64:M*,N,N,S,N,W0,N,N,T: OpenBSD:3.0-4.0::OpenBSD 3.0-4.0 -16384:64:0:64:M*,N,N,S,N,W0,N,N,T: OpenBSD:3.0-4.0:no-df:OpenBSD 3.0-4.0 (scrub no-df) +16384:64:1:64:M*,N,N,S,N,W0,N,N,T: OpenBSD:3.0-4.8::OpenBSD 3.0-4.8 +16384:64:0:64:M*,N,N,S,N,W0,N,N,T: OpenBSD:3.0-4.8:no-df:OpenBSD 3.0-4.8 (scrub no-df) 57344:64:1:64:M*,N,N,S,N,W0,N,N,T: OpenBSD:3.3-4.0::OpenBSD 3.3-4.0 57344:64:0:64:M*,N,N,S,N,W0,N,N,T: OpenBSD:3.3-4.0:no-df:OpenBSD 3.3-4.0 (scrub no-df) 65535:64:1:64:M*,N,N,S,N,W0,N,N,T: OpenBSD:3.0-4.0:opera:OpenBSD 3.0-4.0 (Opera) +16384:64:1:64:M*,N,N,S,N,W3,N,N,T: OpenBSD:4.9::OpenBSD 4.9 +16384:64:0:64:M*,N,N,S,N,W3,N,N,T: OpenBSD:4.9:no-df:OpenBSD 4.9 (scrub no-df) + +16384:64:1:64:M*,N,N,S,N,W6,N,N,T: OpenBSD:6.1::OpenBSD 6.1 +16384:64:0:64:M*,N,N,S,N,W6,N,N,T: OpenBSD:6.1:no-df:OpenBSD 6.1 (scrub no-df) + # - Solaris - S17:64:1:64:N,W3,N,N,T0,N,N,S,M*: Solaris:8:RFC1323:Solaris 8 RFC1323 @@ -362,7 +374,7 @@ S34:64:1:52:M*,N,W0,N,N,S: Solaris:10:b # - Windows - # Windows TCP/IP stack is a mess. For most recent XP, 2000 and -# even 98, the pathlevel, not the actual OS version, is more +# even 98, the patchlevel, not the actual OS version, is more # relevant to the signature. They share the same code, so it would # seem. Luckily for us, almost all Windows 9x boxes have an # awkward MSS of 536, which I use to tell one from another @@ -426,6 +438,8 @@ S44:128:1:48:M*,N,N,S: Windows:XP:SP1: 32767:128:1:48:M*,N,N,S: Windows:2000:SP4:Windows SP1, 2000 SP4 32767:128:1:48:M*,N,N,S: Windows:XP:SP1:Windows SP1, 2000 SP4 +8192:128:1:52:M*,N,W2,N,N,S: Windows:Vista::Windows Vista/7 + # Odds, ends, mods: S52:128:1:48:M1260,N,N,S: Windows:2000:cisco:Windows XP/2000 via Cisco
CVS commit: src/dist/pf/sbin/pfctl
Module Name:src
Committed By: dholland
Date: Mon May 30 17:21:07 UTC 2016
Modified Files:
src/dist/pf/sbin/pfctl: pfctl_optimize.c
Log Message:
PR 50709 David Binderman: memory leak
To generate a diff of this commit:
cvs rdiff -u -r1.6 -r1.7 src/dist/pf/sbin/pfctl/pfctl_optimize.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/dist/pf/sbin/pfctl/pfctl_optimize.c
diff -u src/dist/pf/sbin/pfctl/pfctl_optimize.c:1.6 src/dist/pf/sbin/pfctl/pfctl_optimize.c:1.7
--- src/dist/pf/sbin/pfctl/pfctl_optimize.c:1.6 Wed Jun 18 09:06:26 2008
+++ src/dist/pf/sbin/pfctl/pfctl_optimize.c Mon May 30 17:21:07 2016
@@ -1,4 +1,4 @@
-/* $NetBSD: pfctl_optimize.c,v 1.6 2008/06/18 09:06:26 yamt Exp $ */
+/* $NetBSD: pfctl_optimize.c,v 1.7 2016/05/30 17:21:07 dholland Exp $ */
/* $OpenBSD: pfctl_optimize.c,v 1.13 2006/10/31 14:17:45 mcbride Exp $ */
/*
@@ -902,6 +902,7 @@ load_feedback_profile(struct pfctl *pf,
pr.nr = nr;
if (ioctl(pf->dev, DIOCGETRULE, )) {
warn("DIOCGETRULES");
+ free(por);
return (1);
}
memcpy(>por_rule, , sizeof(por->por_rule));
CVS commit: src/dist/pf/usr.sbin/ftp-proxy
Module Name:src
Committed By: rmind
Date: Mon Dec 24 01:14:41 UTC 2012
Modified Files:
src/dist/pf/usr.sbin/ftp-proxy: npf.c
Log Message:
ftp-proxy: disable NPF bits for now; it will be re-done.
To generate a diff of this commit:
cvs rdiff -u -r1.1 -r1.2 src/dist/pf/usr.sbin/ftp-proxy/npf.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/dist/pf/usr.sbin/ftp-proxy/npf.c
diff -u src/dist/pf/usr.sbin/ftp-proxy/npf.c:1.1 src/dist/pf/usr.sbin/ftp-proxy/npf.c:1.2
--- src/dist/pf/usr.sbin/ftp-proxy/npf.c:1.1 Wed Feb 2 02:20:26 2011
+++ src/dist/pf/usr.sbin/ftp-proxy/npf.c Mon Dec 24 01:14:40 2012
@@ -1,4 +1,4 @@
-/* $NetBSD: npf.c,v 1.1 2011/02/02 02:20:26 rmind Exp $ */
+/* $NetBSD: npf.c,v 1.2 2012/12/24 01:14:40 rmind Exp $ */
/*
* Copyright (c) 2011 The NetBSD Foundation, Inc.
@@ -311,6 +311,7 @@ npf_server_lookup(struct sockaddr *c, st
static int
npf_do_commit(void)
{
+#if 0
nl_rule_t *group;
fp_ent_t *fpe;
pri_t pri;
@@ -327,6 +328,10 @@ npf_do_commit(void)
npf_update_rule(npf_fd, NPF_FP_RULE_TAG, group);
npf_rule_destroy(group);
return 0;
+#else
+ errno = ENOTSUP;
+ return -1;
+#endif
}
static int
CVS commit: src/dist/pf/usr.sbin/ftp-proxy
Module Name:src
Committed By: plunky
Date: Sat Sep 15 17:42:43 UTC 2012
Modified Files:
src/dist/pf/usr.sbin/ftp-proxy: ipf.c
Log Message:
reinstate Update ftp-proxy for changes to ipnat_t from Darren Reed
To generate a diff of this commit:
cvs rdiff -u -r1.5 -r1.6 src/dist/pf/usr.sbin/ftp-proxy/ipf.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/dist/pf/usr.sbin/ftp-proxy/ipf.c
diff -u src/dist/pf/usr.sbin/ftp-proxy/ipf.c:1.5 src/dist/pf/usr.sbin/ftp-proxy/ipf.c:1.6
--- src/dist/pf/usr.sbin/ftp-proxy/ipf.c:1.5 Wed Feb 15 17:55:14 2012
+++ src/dist/pf/usr.sbin/ftp-proxy/ipf.c Sat Sep 15 17:42:43 2012
@@ -1,4 +1,4 @@
-/* $NetBSD: ipf.c,v 1.5 2012/02/15 17:55:14 riz Exp $ */
+/* $NetBSD: ipf.c,v 1.6 2012/09/15 17:42:43 plunky Exp $ */
/*
* Copyright (c) 2004, 2008 The NetBSD Foundation, Inc.
@@ -151,7 +151,7 @@ ftp_proxy_entry_find(u_int32_t id)
}
static int
-ftp_proxy_entry_add_nat(struct ftp_proxy_entry *fpe, ipnat_t ipn)
+ftp_proxy_entry_add_nat(struct ftp_proxy_entry *fpe, ipnat_t *ipn)
{
struct ftp_proxy_nat *fpn;
@@ -159,22 +159,22 @@ ftp_proxy_entry_add_nat(struct ftp_proxy
if (fpn == NULL)
return (-1);
- memcpy(fpn-ipn, ipn, sizeof(fpn-ipn));
+ memcpy(fpn-ipn, ipn, sizeof(fpn-ipn));
LIST_INSERT_HEAD(fpe-nat_entries, fpn, link);
return (0);
}
static int
-ipfilter_add_nat(ipnat_t ipn)
+ipfilter_add_nat(ipnat_t *ipn)
{
ipfobj_t obj;
memset(obj, 0, sizeof(obj));
obj.ipfo_rev = IPFILTER_VERSION;
- obj.ipfo_size = sizeof(ipn);
+ obj.ipfo_size = ipn-in_size;
obj.ipfo_type = IPFOBJ_IPNAT;
- obj.ipfo_ptr = ipn;
+ obj.ipfo_ptr = ipn;
return ioctl(natfd, SIOCADNAT, obj);
}
@@ -224,7 +224,7 @@ ipf_add_rdr(u_int32_t id, struct sockadd
u_int16_t d_port, struct sockaddr *rdr, u_int16_t rdr_port)
{
struct ftp_proxy_entry *fpe = ftp_proxy_entry_find(id);
- ipnat_t ipn;
+ ipnat_t *ipn;
if (fpe == NULL) {
errno = ENOENT;
@@ -237,98 +237,48 @@ ipf_add_rdr(u_int32_t id, struct sockadd
return (-1);
}
- memset(ipn, 0, sizeof(ipn));
- ipn.in_redir = NAT_REDIRECT;
- ipn.in_v = 4;
- ipn.in_outip = satosin(dst)-sin_addr.s_addr;
- ipn.in_outmsk = 0x;
- strlcpy(ipn.in_ifnames[0], netif, sizeof(ipn.in_ifnames[0]));
- strlcpy(ipn.in_ifnames[1], netif, sizeof(ipn.in_ifnames[1]));
- ipn.in_pmin = htons(d_port);
- ipn.in_pmax = htons(d_port);
- ipn.in_inip = satosin(rdr)-sin_addr.s_addr;
- ipn.in_inmsk = 0x;
- ipn.in_pnext = htons(rdr_port);
- ipn.in_flags = IPN_FIXEDDPORT | IPN_TCP;
- strlcpy(ipn.in_tag.ipt_tag, fpe-proxy_tag, sizeof(ipn.in_tag.ipt_tag));
-
- if (ipfilter_add_nat(ipn) == -1)
+ ipn = calloc(1, sizeof(*ipn) + 2 * IF_NAMESIZE + 2);
+ if (ipn == NULL) {
+ errno = ENOMEM;
return (-1);
+ }
+ ipn-in_redir = NAT_REDIRECT;
+ ipn-in_v[0] = 4;
+ ipn-in_v[1] = 4;
+ ipn-in_odstaddr = satosin(dst)-sin_addr.s_addr;
+ ipn-in_odstmsk = 0x;
+ ipn-in_odport = htons(d_port);
+ ipn-in_dtop = htons(d_port);
+ ipn-in_ndstaddr = satosin(rdr)-sin_addr.s_addr;
+ ipn-in_ndstmsk = 0x;
+ ipn-in_dpnext = htons(rdr_port);
+ ipn-in_flags = IPN_FIXEDDPORT | IPN_TCP;
+ strlcpy(ipn-in_tag.ipt_tag, fpe-proxy_tag,
+ sizeof(ipn-in_tag.ipt_tag));
+
+ ipn-in_ifnames[0] = 0;
+ (void) strlcpy(ipn-in_names, netif, IF_NAMESIZE);
+ ipn-in_namelen = strlen(ipn-in_names) + 1;
+ ipn-in_ifnames[1] = ipn-in_namelen;
+ (void) strlcpy(ipn-in_names + ipn-in_namelen, netif, IF_NAMESIZE);
+ ipn-in_namelen += strlen(ipn-in_names + ipn-in_ifnames[1]) + 1;
+ ipn-in_size = sizeof(*ipn) + ipn-in_namelen;
- if (ftp_proxy_entry_add_nat(fpe, ipn) == -1)
+ if (ipfilter_add_nat(ipn) == -1) {
+ free(ipn);
return (-1);
+ }
- fpe-status = 1;
-
- return (0);
-}
-
-#if 0
-int
-ipf_add_rdr(u_int32_t id, struct sockaddr *src, struct sockaddr *dst,
-u_int16_t d_port, struct sockaddr *rdr, u_int16_t rdr_port)
-{
- u_32_t sum1, sum2, sumd;
- int onoff, error;
- nat_save_t ns;
- ipfobj_t obj;
- nat_t *nat;
-
- if (!src || !dst || !d_port || !rdr || !rdr_port ||
- (src-sa_family != rdr-sa_family)) {
- errno = EINVAL;
+ if (ftp_proxy_entry_add_nat(fpe, ipn) == -1) {
+ free(ipn);
return (-1);
}
- memset(ns, 0, sizeof(ns));
-
- nat = ns.ipn_nat;
- nat-nat_p = IPPROTO_TCP;
- nat-nat_dir = NAT_OUTBOUND;
- nat-nat_redir = NAT_REDIRECT;
- strlcpy(nat-nat_ifnames[0], netif, sizeof(nat-nat_ifnames[0]));
- strlcpy(nat-nat_ifnames[1], netif, sizeof(nat-nat_ifnames[1]));
-
- nat-nat_inip = satosin(rdr)-sin_addr;
- nat-nat_outip = satosin(dst)-sin_addr;
- nat-nat_oip = satosin(src)-sin_addr;
-
- sum1 = LONG_SUM(ntohl(nat-nat_inip.s_addr)) + rdr_port;
- sum2 = LONG_SUM(ntohl(nat-nat_outip.s_addr)) + d_port;
- CALC_SUMD(sum1, sum2, sumd);
- nat-nat_sumd[0] = (sumd 0x) + (sumd 16);
- nat-nat_sumd[1] = nat-nat_sumd[0];
-
- sum1 = LONG_SUM(ntohl(nat-nat_inip.s_addr));
- sum2 = LONG_SUM(ntohl(nat-nat_outip.s_addr));
- CALC_SUMD(sum1, sum2, sumd);
-
CVS commit: src/dist/pf/sbin/pflogd
Module Name:src
Committed By: joerg
Date: Wed Feb 29 23:42:29 UTC 2012
Modified Files:
src/dist/pf/sbin/pflogd: pflogd.c pflogd.h
Log Message:
Fix format string usage.
To generate a diff of this commit:
cvs rdiff -u -r1.8 -r1.9 src/dist/pf/sbin/pflogd/pflogd.c
cvs rdiff -u -r1.4 -r1.5 src/dist/pf/sbin/pflogd/pflogd.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/dist/pf/sbin/pflogd/pflogd.c
diff -u src/dist/pf/sbin/pflogd/pflogd.c:1.8 src/dist/pf/sbin/pflogd/pflogd.c:1.9
--- src/dist/pf/sbin/pflogd/pflogd.c:1.8 Mon Dec 13 01:45:38 2010
+++ src/dist/pf/sbin/pflogd/pflogd.c Wed Feb 29 23:42:28 2012
@@ -1,4 +1,4 @@
-/* $NetBSD: pflogd.c,v 1.8 2010/12/13 01:45:38 christos Exp $ */
+/* $NetBSD: pflogd.c,v 1.9 2012/02/29 23:42:28 joerg Exp $ */
/* $OpenBSD: pflogd.c,v 1.45 2007/06/06 14:11:26 henning Exp $ */
/*
@@ -559,7 +559,7 @@ dump_packet(u_char *user, const struct p
#endif
if (len sizeof(*h) || h-caplen (size_t)cur_snaplen) {
- logmsg(LOG_NOTICE, invalid size %u (%u/%u), packet dropped,
+ logmsg(LOG_NOTICE, invalid size %zu (%u/%u), packet dropped,
len, cur_snaplen, snaplen);
packets_dropped++;
return;
@@ -770,7 +770,7 @@ main(int argc, char **argv)
logmsg(LOG_WARNING, Reading stats: %s, pcap_geterr(hpcap));
else
logmsg(LOG_NOTICE,
- %u packets received, %u/%u dropped (kernel/pflogd),
+ %u packets received, %u/%ld dropped (kernel/pflogd),
pstat.ps_recv, pstat.ps_drop, packets_dropped);
pcap_close(hpcap);
Index: src/dist/pf/sbin/pflogd/pflogd.h
diff -u src/dist/pf/sbin/pflogd/pflogd.h:1.4 src/dist/pf/sbin/pflogd/pflogd.h:1.5
--- src/dist/pf/sbin/pflogd/pflogd.h:1.4 Wed Jun 18 09:06:26 2008
+++ src/dist/pf/sbin/pflogd/pflogd.h Wed Feb 29 23:42:28 2012
@@ -1,4 +1,4 @@
-/* $NetBSD: pflogd.h,v 1.4 2008/06/18 09:06:26 yamt Exp $ */
+/* $NetBSD: pflogd.h,v 1.5 2012/02/29 23:42:28 joerg Exp $ */
/* $OpenBSD: pflogd.h,v 1.3 2006/01/15 16:38:04 canacar Exp $ */
/*
@@ -36,7 +36,7 @@
#define PFLOGD_MAXSNAPLEN INT_MAX
#define PFLOGD_BUFSIZE 65536 /* buffer size for incoming packets */
-void logmsg(int priority, const char *message, ...);
+void logmsg(int priority, const char *message, ...) __printflike(2, 3);
/* Privilege separation */
int priv_init(void);
CVS commit: src/dist/pf/usr.sbin/ftp-proxy
Module Name:src
Committed By: darrenr
Date: Mon Jan 30 16:14:27 UTC 2012
Modified Files:
src/dist/pf/usr.sbin/ftp-proxy: ipf.c
Log Message:
Update ftp-proxy for changes to ipnat_t
To generate a diff of this commit:
cvs rdiff -u -r1.3 -r1.4 src/dist/pf/usr.sbin/ftp-proxy/ipf.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/dist/pf/usr.sbin/ftp-proxy/ipf.c
diff -u src/dist/pf/usr.sbin/ftp-proxy/ipf.c:1.3 src/dist/pf/usr.sbin/ftp-proxy/ipf.c:1.4
--- src/dist/pf/usr.sbin/ftp-proxy/ipf.c:1.3 Wed Feb 2 02:20:26 2011
+++ src/dist/pf/usr.sbin/ftp-proxy/ipf.c Mon Jan 30 16:14:27 2012
@@ -1,4 +1,4 @@
-/* $NetBSD: ipf.c,v 1.3 2011/02/02 02:20:26 rmind Exp $ */
+/* $NetBSD: ipf.c,v 1.4 2012/01/30 16:14:27 darrenr Exp $ */
/*
* Copyright (c) 2004, 2008 The NetBSD Foundation, Inc.
@@ -151,7 +151,7 @@ ftp_proxy_entry_find(u_int32_t id)
}
static int
-ftp_proxy_entry_add_nat(struct ftp_proxy_entry *fpe, ipnat_t ipn)
+ftp_proxy_entry_add_nat(struct ftp_proxy_entry *fpe, ipnat_t *ipn)
{
struct ftp_proxy_nat *fpn;
@@ -159,22 +159,22 @@ ftp_proxy_entry_add_nat(struct ftp_proxy
if (fpn == NULL)
return (-1);
- memcpy(fpn-ipn, ipn, sizeof(fpn-ipn));
+ memcpy(fpn-ipn, ipn, sizeof(fpn-ipn));
LIST_INSERT_HEAD(fpe-nat_entries, fpn, link);
return (0);
}
static int
-ipfilter_add_nat(ipnat_t ipn)
+ipfilter_add_nat(ipnat_t *ipn)
{
ipfobj_t obj;
memset(obj, 0, sizeof(obj));
obj.ipfo_rev = IPFILTER_VERSION;
- obj.ipfo_size = sizeof(ipn);
+ obj.ipfo_size = ipn-in_size;
obj.ipfo_type = IPFOBJ_IPNAT;
- obj.ipfo_ptr = ipn;
+ obj.ipfo_ptr = ipn;
return ioctl(natfd, SIOCADNAT, obj);
}
@@ -224,7 +224,7 @@ ipf_add_rdr(u_int32_t id, struct sockadd
u_int16_t d_port, struct sockaddr *rdr, u_int16_t rdr_port)
{
struct ftp_proxy_entry *fpe = ftp_proxy_entry_find(id);
- ipnat_t ipn;
+ ipnat_t *ipn;
if (fpe == NULL) {
errno = ENOENT;
@@ -237,98 +237,48 @@ ipf_add_rdr(u_int32_t id, struct sockadd
return (-1);
}
- memset(ipn, 0, sizeof(ipn));
- ipn.in_redir = NAT_REDIRECT;
- ipn.in_v = 4;
- ipn.in_outip = satosin(dst)-sin_addr.s_addr;
- ipn.in_outmsk = 0x;
- strlcpy(ipn.in_ifnames[0], netif, sizeof(ipn.in_ifnames[0]));
- strlcpy(ipn.in_ifnames[1], netif, sizeof(ipn.in_ifnames[1]));
- ipn.in_pmin = htons(d_port);
- ipn.in_pmax = htons(d_port);
- ipn.in_inip = satosin(rdr)-sin_addr.s_addr;
- ipn.in_inmsk = 0x;
- ipn.in_pnext = htons(rdr_port);
- ipn.in_flags = IPN_FIXEDDPORT | IPN_TCP;
- strlcpy(ipn.in_tag.ipt_tag, fpe-proxy_tag, sizeof(ipn.in_tag.ipt_tag));
-
- if (ipfilter_add_nat(ipn) == -1)
+ ipn = calloc(1, sizeof(*ipn) + 2 * IF_NAMESIZE + 2);
+ if (ipn == NULL) {
+ errno = ENOMEM;
return (-1);
+ }
+ ipn-in_redir = NAT_REDIRECT;
+ ipn-in_v[0] = 4;
+ ipn-in_v[1] = 4;
+ ipn-in_odstaddr = satosin(dst)-sin_addr.s_addr;
+ ipn-in_odstmsk = 0x;
+ ipn-in_odport = htons(d_port);
+ ipn-in_dtop = htons(d_port);
+ ipn-in_ndstaddr = satosin(rdr)-sin_addr.s_addr;
+ ipn-in_ndstmsk = 0x;
+ ipn-in_dpnext = htons(rdr_port);
+ ipn-in_flags = IPN_FIXEDDPORT | IPN_TCP;
+ strlcpy(ipn-in_tag.ipt_tag, fpe-proxy_tag,
+ sizeof(ipn-in_tag.ipt_tag));
+
+ ipn-in_ifnames[0] = 0;
+ (void) strlcpy(ipn-in_names, netif, IF_NAMESIZE);
+ ipn-in_namelen = strlen(ipn-in_names) + 1;
+ ipn-in_ifnames[1] = ipn-in_namelen;
+ (void) strlcpy(ipn-in_names + ipn-in_namelen, netif, IF_NAMESIZE);
+ ipn-in_namelen += strlen(ipn-in_names + ipn-in_ifnames[1]) + 1;
+ ipn-in_size = sizeof(*ipn) + ipn-in_namelen;
- if (ftp_proxy_entry_add_nat(fpe, ipn) == -1)
+ if (ipfilter_add_nat(ipn) == -1) {
+ free(ipn);
return (-1);
+ }
- fpe-status = 1;
-
- return (0);
-}
-
-#if 0
-int
-ipf_add_rdr(u_int32_t id, struct sockaddr *src, struct sockaddr *dst,
-u_int16_t d_port, struct sockaddr *rdr, u_int16_t rdr_port)
-{
- u_32_t sum1, sum2, sumd;
- int onoff, error;
- nat_save_t ns;
- ipfobj_t obj;
- nat_t *nat;
-
- if (!src || !dst || !d_port || !rdr || !rdr_port ||
- (src-sa_family != rdr-sa_family)) {
- errno = EINVAL;
+ if (ftp_proxy_entry_add_nat(fpe, ipn) == -1) {
+ free(ipn);
return (-1);
}
- memset(ns, 0, sizeof(ns));
-
- nat = ns.ipn_nat;
- nat-nat_p = IPPROTO_TCP;
- nat-nat_dir = NAT_OUTBOUND;
- nat-nat_redir = NAT_REDIRECT;
- strlcpy(nat-nat_ifnames[0], netif, sizeof(nat-nat_ifnames[0]));
- strlcpy(nat-nat_ifnames[1], netif, sizeof(nat-nat_ifnames[1]));
-
- nat-nat_inip = satosin(rdr)-sin_addr;
- nat-nat_outip = satosin(dst)-sin_addr;
- nat-nat_oip = satosin(src)-sin_addr;
-
- sum1 = LONG_SUM(ntohl(nat-nat_inip.s_addr)) + rdr_port;
- sum2 = LONG_SUM(ntohl(nat-nat_outip.s_addr)) + d_port;
- CALC_SUMD(sum1, sum2, sumd);
- nat-nat_sumd[0] = (sumd 0x) + (sumd 16);
- nat-nat_sumd[1] = nat-nat_sumd[0];
-
- sum1 = LONG_SUM(ntohl(nat-nat_inip.s_addr));
- sum2 = LONG_SUM(ntohl(nat-nat_outip.s_addr));
- CALC_SUMD(sum1, sum2, sumd);
- nat-nat_ipsumd = (sumd
CVS commit: src/dist/pf/sbin/pflogd
Module Name:src
Committed By: christos
Date: Mon Dec 13 01:45:39 UTC 2010
Modified Files:
src/dist/pf/sbin/pflogd: pflogd.c privsep.c
Log Message:
warns=4
To generate a diff of this commit:
cvs rdiff -u -r1.7 -r1.8 src/dist/pf/sbin/pflogd/pflogd.c
cvs rdiff -u -r1.6 -r1.7 src/dist/pf/sbin/pflogd/privsep.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/dist/pf/sbin/pflogd/pflogd.c
diff -u src/dist/pf/sbin/pflogd/pflogd.c:1.7 src/dist/pf/sbin/pflogd/pflogd.c:1.8
--- src/dist/pf/sbin/pflogd/pflogd.c:1.7 Fri Aug 7 12:37:12 2009
+++ src/dist/pf/sbin/pflogd/pflogd.c Sun Dec 12 20:45:38 2010
@@ -1,4 +1,4 @@
-/* $NetBSD: pflogd.c,v 1.7 2009/08/07 16:37:12 minskim Exp $ */
+/* $NetBSD: pflogd.c,v 1.8 2010/12/13 01:45:38 christos Exp $ */
/* $OpenBSD: pflogd.c,v 1.45 2007/06/06 14:11:26 henning Exp $ */
/*
@@ -63,14 +63,14 @@
static FILE *dpcap;
int Debug = 0;
-static int snaplen = DEF_SNAPLEN;
-static int cur_snaplen = DEF_SNAPLEN;
+static uint32_t snaplen = DEF_SNAPLEN;
+static uint32_t cur_snaplen = DEF_SNAPLEN;
volatile sig_atomic_t gotsig_close, gotsig_alrm, gotsig_hup;
-char *filename = PFLOGD_LOG_FILE;
-char *interface = PFLOGD_DEFAULT_IF;
-char *filter = NULL;
+const char *filename = PFLOGD_LOG_FILE;
+const char *interface = PFLOGD_DEFAULT_IF;
+const char *filter = NULL;
char errbuf[PCAP_ERRBUF_SIZE];
@@ -81,13 +81,13 @@
void dump_packet(u_char *, const struct pcap_pkthdr *, const u_char *);
void dump_packet_nobuf(u_char *, const struct pcap_pkthdr *, const u_char *);
int flush_buffer(FILE *);
-int if_exists(char *);
+int if_exists(const char *);
int init_pcap(void);
void logmsg(int, const char *, ...);
void purge_buffer(void);
int reset_dump(int);
int scan_dump(FILE *, off_t);
-int set_snaplen(int);
+int set_snaplen(uint32_t);
void set_suspended(int);
void sig_alrm(int);
void sig_close(int);
@@ -97,11 +97,11 @@
static int try_reset_dump(int);
/* buffer must always be greater than snaplen */
-static intbufpkt = 0; /* number of packets in buffer */
-static intbuflen = 0; /* allocated size of buffer */
+static size_t bufpkt = 0; /* number of packets in buffer */
+static size_t buflen = 0; /* allocated size of buffer */
static char *buffer = NULL; /* packet buffer */
static char *bufpos = NULL; /* position in buffer */
-static intbufleft = 0; /* bytes left in buffer */
+static size_t bufleft = 0; /* bytes left in buffer */
/* if error, stop logging but count dropped packets */
static int suspended = -1;
@@ -201,7 +201,7 @@
}
int
-if_exists(char *ifname)
+if_exists(const char *ifname)
{
int s;
#ifdef SIOCGIFDATA
@@ -261,7 +261,7 @@
}
int
-set_snaplen(int snap)
+set_snaplen(uint32_t snap)
{
if (priv_set_snaplen(snap))
return (1);
@@ -405,7 +405,7 @@
if (hdr.magic != TCPDUMP_MAGIC ||
hdr.version_major != PCAP_VERSION_MAJOR ||
hdr.version_minor != PCAP_VERSION_MINOR ||
- hdr.linktype != hpcap-linktype ||
+ hdr.linktype != (uint32_t)hpcap-linktype ||
hdr.snaplen PFLOGD_MAXSNAPLEN) {
return (1);
}
@@ -475,7 +475,7 @@
if (fwrite(sf_hdr, sizeof(sf_hdr), 1, f) != 1) {
#endif
/* try to undo header to prevent corruption */
- off_t pos = ftello(f);
+ size_t pos = (size_t)ftello(f);
#ifdef __OpenBSD__
if (pos sizeof(*h) ||
ftruncate(fileno(f), pos - sizeof(*h))) {
@@ -491,7 +491,7 @@
goto error;
}
- if (fwrite((char *)sp, h-caplen, 1, f) != 1)
+ if (fwrite(sp, h-caplen, 1, f) != 1)
goto error;
return;
Index: src/dist/pf/sbin/pflogd/privsep.c
diff -u src/dist/pf/sbin/pflogd/privsep.c:1.6 src/dist/pf/sbin/pflogd/privsep.c:1.7
--- src/dist/pf/sbin/pflogd/privsep.c:1.6 Wed Jun 18 05:06:26 2008
+++ src/dist/pf/sbin/pflogd/privsep.c Sun Dec 12 20:45:39 2010
@@ -1,4 +1,4 @@
-/* $NetBSD: privsep.c,v 1.6 2008/06/18 09:06:26 yamt Exp $ */
+/* $NetBSD: privsep.c,v 1.7 2010/12/13 01:45:39 christos Exp $ */
/* $OpenBSD: privsep.c,v 1.16 2006/10/25 20:55:04 moritz Exp $ */
/*
@@ -64,8 +64,8 @@
static int may_read(int, void *, size_t);
static void must_read(int, void *, size_t);
static void must_write(int, void *, size_t);
-static int set_snaplen(int snap);
-static int move_log(const char *name);
+static int set_snaplen(uint32_t);
+static int move_log(const char *);
extern char *filename;
extern pcap_t *hpcap;
@@ -192,7 +192,7 @@
/* this is called from parent */
static int
-set_snaplen(int snap)
+set_snaplen(uint32_t snap)
{
if (hpcap == NULL)
return (1);
@@ -214,7 +214,7 @@
len = snprintf(ren, sizeof(ren), %s.bad.%08x,
name, arc4random());
- if (len = sizeof(ren)) {
+ if ((size_t)len = sizeof(ren)) {
logmsg(LOG_ERR, [priv] new name too long);
return (1);
}
@@ -326,7 +326,7 @@
char *s = buf;
ssize_t res, pos = 0;
- while (n pos) {
+ while (n (size_t)pos) {
res = read(fd, s + pos, n - pos);
CVS commit: src/dist/pf/share/man/man4
Module Name:src Committed By: ahoka Date: Mon Apr 12 14:26:11 UTC 2010 Modified Files: src/dist/pf/share/man/man4: pfsync.4 Log Message: mention pfsync not working as a kernel module To generate a diff of this commit: cvs rdiff -u -r1.4 -r1.5 src/dist/pf/share/man/man4/pfsync.4 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/dist/pf/share/man/man4/pfsync.4 diff -u src/dist/pf/share/man/man4/pfsync.4:1.4 src/dist/pf/share/man/man4/pfsync.4:1.5 --- src/dist/pf/share/man/man4/pfsync.4:1.4 Sun Oct 4 18:07:26 2009 +++ src/dist/pf/share/man/man4/pfsync.4 Mon Apr 12 14:26:11 2010 @@ -1,4 +1,4 @@ -.\ $NetBSD: pfsync.4,v 1.4 2009/10/04 18:07:26 joerg Exp $ +.\ $NetBSD: pfsync.4,v 1.5 2010/04/12 14:26:11 ahoka Exp $ .\ $OpenBSD: pfsync.4,v 1.25 2007/05/31 19:19:51 jmc Exp $ .\ .\ Copyright (c) 2002 Michael Shalayeff @@ -246,3 +246,8 @@ .Nm device first appeared in .Ox 3.3 . +.Sh CAVEATS +.Nm +is not available when using +.Xr pf 4 +as a kernel module.
CVS commit: src/dist/pf/share/man/man4
Module Name:src Committed By: wiz Date: Mon Apr 12 21:28:24 UTC 2010 Modified Files: src/dist/pf/share/man/man4: pfsync.4 Log Message: Bump date for new CAVEATS. To generate a diff of this commit: cvs rdiff -u -r1.5 -r1.6 src/dist/pf/share/man/man4/pfsync.4 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/dist/pf/share/man/man4/pfsync.4 diff -u src/dist/pf/share/man/man4/pfsync.4:1.5 src/dist/pf/share/man/man4/pfsync.4:1.6 --- src/dist/pf/share/man/man4/pfsync.4:1.5 Mon Apr 12 14:26:11 2010 +++ src/dist/pf/share/man/man4/pfsync.4 Mon Apr 12 21:28:23 2010 @@ -1,4 +1,4 @@ -.\ $NetBSD: pfsync.4,v 1.5 2010/04/12 14:26:11 ahoka Exp $ +.\ $NetBSD: pfsync.4,v 1.6 2010/04/12 21:28:23 wiz Exp $ .\ $OpenBSD: pfsync.4,v 1.25 2007/05/31 19:19:51 jmc Exp $ .\ .\ Copyright (c) 2002 Michael Shalayeff @@ -25,7 +25,7 @@ .\ (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\ THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\ -.Dd September 14, 2009 +.Dd April 12, 2010 .Dt PFSYNC 4 .Os .Sh NAME
CVS commit: src/dist/pf/share/man/man4
Module Name:src Committed By: ahoka Date: Sat Dec 19 14:05:53 UTC 2009 Modified Files: src/dist/pf/share/man/man4: pf.4 Log Message: Remove the notice about pfsync not being supported, as we have it now. To generate a diff of this commit: cvs rdiff -u -r1.11 -r1.12 src/dist/pf/share/man/man4/pf.4 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/dist/pf/share/man/man4/pf.4 diff -u src/dist/pf/share/man/man4/pf.4:1.11 src/dist/pf/share/man/man4/pf.4:1.12 --- src/dist/pf/share/man/man4/pf.4:1.11 Mon Sep 14 11:17:49 2009 +++ src/dist/pf/share/man/man4/pf.4 Sat Dec 19 14:05:53 2009 @@ -1,4 +1,4 @@ -.\ $NetBSD: pf.4,v 1.11 2009/09/14 11:17:49 wiz Exp $ +.\ $NetBSD: pf.4,v 1.12 2009/12/19 14:05:53 ahoka Exp $ .\ $OpenBSD: pf.4,v 1.59 2007/05/31 19:19:51 jmc Exp $ .\ .\ Copyright (C) 2001, Kjell Wooding. All rights reserved. @@ -27,7 +27,7 @@ .\ OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\ SUCH DAMAGE. .\ -.Dd September 14, 2009 +.Dd December 19, 2009 .Dt PF 4 .Os .Sh NAME @@ -1146,8 +1146,6 @@ .Nx : .Bl -bullet -offset indent .It -The pfsync protocol is not supported. -.It The .Em group keyword is not supported.
CVS commit: src/dist/pf
Module Name:src
Committed By: martti
Date: Wed Dec 2 15:07:09 UTC 2009
Added Files:
src/dist/pf: README.NetBSD
Log Message:
Initial version.
To generate a diff of this commit:
cvs rdiff -u -r0 -r1.1 src/dist/pf/README.NetBSD
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Added files:
Index: src/dist/pf/README.NetBSD
diff -u /dev/null src/dist/pf/README.NetBSD:1.1
--- /dev/null Wed Dec 2 15:07:09 2009
+++ src/dist/pf/README.NetBSD Wed Dec 2 15:07:09 2009
@@ -0,0 +1,301 @@
+#
+# $NetBSD: README.NetBSD,v 1.1 2009/12/02 15:07:09 martti Exp $
+#
+# Author: Martti Kuparinen mar...@netbsd.org
+#
+# This file contains copy-pastable commands to import a new PF release
+# into the NetBSD repository. Before importing the code into the official
+# NetBSD repository, you'll import the code into your own local test
+# repository, resolve the conflicts and make sure everything works as expected.
+#
+# Steps in this document:
+# 1) Get the PF dist files and a copy of the CVS repository
+# 2) Create a local test repository for the test imports
+# 3) Import the new PF release into the test repository
+# 4) Resolve conflicts and make other adjustments
+# 5) Save the required modifications
+# 6) Re-create a local test repository for the final test import
+# 7) Import the new PF release into the test repository
+# 8) Apply the fixes
+# 9) Compile everything and make sure the new version really works
+# 10) Update your /usr/src (cd /usr/src cvs update -dPA)
+# 11) Import the new PF release into the NetBSD repository
+# 12) Apply the fixes
+# 13) Update your /usr/src one more time (cd /usr/src cvs update -dPA)
+# 14) Compile and install everything
+# 15) Update src/doc/3RDPARTY and src/doc/CHANGES
+# 16) Send an announcement to current-users
+#
+
+###
+###
+# COMMON SETTINGS FOR EVERYTHING BELOW
+###
+###
+
+export NETBSDUSERNAME=fixthis
+export VERSION=4.6
+export VERTAG=`echo ${VERSION} | sed 's+\.+_+g'`
+export VEROLD=v4_2
+export VERNEW=v4_6
+export ORIG=${HOME}/netbsd/orig
+export WORK=${HOME}/netbsd/work
+export FIXES=${HOME}/netbsd/fixes/${VERSION}
+export RSYNC_RSH=ssh -4
+export RSYNC=rsync -avzr --delete
+
+###
+###
+# Fetch the official PF sources
+###
+###
+
+mkdir -p ${ORIG}/openbsd-${VERSION}
+cd ${ORIG}/openbsd-${VERSION}
+if [ ! -f src.tar.gz ]; then
+ ftp ftp://ftp.df.lth.se/pub/OpenBSD/${VERSION}/src.tar.gz
+fi
+if [ ! -f sys.tar.gz ]; then
+ ftp ftp://ftp.df.lth.se/pub/OpenBSD/${VERSION}/sys.tar.gz
+fi
+
+###
+###
+# GET COPY OF THE CVS REPOSITORY FOR LOCAL TEST IMPORTS
+###
+###
+
+RSYNC_RSH=ssh -4
+RSYNC=rsync -avzr --delete -e ssh
+S=${netbsduserna...@cvs.netbsd.org::cvsroot
+D=${ORIG}/cvsroot
+
+if [ ${NETBSDUSERNAME} = fixthis ]; then
+ echo You MUST use your real NetBSD user name...
+ sleep 86400
+fi
+${RSYNC} ${S}/src/ ${D}/src
+${RSYNC} --exclude 'commitlog*' --exclude 'history*' ${S}/CVSROOT/ ${D}/CVSROOT
+
+###
+###
+# TEST IMPORT 1
+###
+###
+
+# Get a new repository
+mkdir -p ${WORK}
+${RSYNC} ${ORIG}/cvsroot ${WORK}
+rm -f ${WORK}/cvsroot/CVSROOT/commitinfo*
+rm -f ${WORK}/cvsroot/CVSROOT/loginfo*
+touch ${WORK}/cvsroot/CVSROOT/commitinfo
+touch ${WORK}/cvsroot/CVSROOT/loginfo
+chmod 644 ${WORK}/cvsroot/CVSROOT/config
+sed 's+/cvslock+/tmp/cvslock+' ${WORK}/cvsroot/CVSROOT/config \
+ ${WORK}/cvsroot/CVSROOT/config.1
+grep -v -e tag= -e AdminGroup= -e AdminOptions= \
+ ${WORK}/cvsroot/CVSROOT/config.1 ${WORK}/cvsroot/CVSROOT/config
+chmod 444 ${WORK}/cvsroot/CVSROOT/config
+rm -f ${WORK}/cvsroot/CVSROOT/config.1
+mkdir -p /tmp/cvslock
+export CVSROOT=${WORK}/cvsroot
+
+# Checkout a working copy
+cd ${WORK}
+rm -rf src
+cvs co -P src
+
+or
+
+cd ${WORK}/src
+rm -rf dist/pf sys/dist/pf
CVS commit: src/dist/pf
Module Name:src Committed By: martti Date: Wed Dec 2 15:21:37 UTC 2009 Modified Files: src/dist/pf: pf2netbsd Log Message: Removed obsolete files. To generate a diff of this commit: cvs rdiff -u -r1.1 -r1.2 src/dist/pf/pf2netbsd Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/dist/pf/pf2netbsd diff -u src/dist/pf/pf2netbsd:1.1 src/dist/pf/pf2netbsd:1.2 --- src/dist/pf/pf2netbsd:1.1 Tue Dec 1 06:27:57 2009 +++ src/dist/pf/pf2netbsd Wed Dec 2 15:21:37 2009 @@ -1,6 +1,6 @@ #!/bin/sh # -# $NetBSD: pf2netbsd,v 1.1 2009/12/01 06:27:57 martti Exp $ +# $NetBSD: pf2netbsd,v 1.2 2009/12/02 15:21:37 martti Exp $ # # Copyright (c) 2009 The NetBSD Foundation, Inc. # All rights reserved. @@ -93,16 +93,6 @@ share/man/man4/pfsync.4 share/man/man5/pf.conf.5 share/man/man5/pf.os.5 -share/pf/ackpri -share/pf/faq-example1 -share/pf/faq-example2 -share/pf/faq-example3 -share/pf/Makefile -share/pf/queue1 -share/pf/queue2 -share/pf/queue3 -share/pf/queue4 -share/pf/spamd usr.sbin/authpf/authpf.8 usr.sbin/authpf/authpf.c usr.sbin/authpf/Makefile
CVS commit: src/dist/pf
Module Name:src
Committed By: martti
Date: Tue Dec 1 06:27:57 UTC 2009
Added Files:
src/dist/pf: pf2netbsd
Log Message:
Initial version.
To generate a diff of this commit:
cvs rdiff -u -r0 -r1.1 src/dist/pf/pf2netbsd
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Added files:
Index: src/dist/pf/pf2netbsd
diff -u /dev/null src/dist/pf/pf2netbsd:1.1
--- /dev/null Tue Dec 1 06:27:57 2009
+++ src/dist/pf/pf2netbsd Tue Dec 1 06:27:57 2009
@@ -0,0 +1,273 @@
+#!/bin/sh
+#
+# $NetBSD: pf2netbsd,v 1.1 2009/12/01 06:27:57 martti Exp $
+#
+# Copyright (c) 2009 The NetBSD Foundation, Inc.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#notice, this list of conditions and the following disclaimer in the
+#documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+# ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+#
+
+usage()
+{
+cat EOF
+
+Usage: `basename $0` [options] srcdir dstdir
+
+where
+
+-h This help
+-v Be verbose
+
+Example:
+
+`basename $0` /tmp/openbsd-4.2 /tmp/netbsd-4.2
+
+EOF
+exit 1
+}
+
+verbose()
+{
+${VERBOSE} echo $*
+eval $*
+}
+
+mklist()
+{
+# $1 = filename
+
+if [ -z $1 ]; then
+echo ERROR: Not enough arguments for mklist!
+exit 1
+fi
+cat $1 EOF
+etc/pf.conf
+etc/pf.os
+libexec/tftp-proxy/filter.c
+libexec/tftp-proxy/filter.h
+libexec/tftp-proxy/Makefile
+libexec/tftp-proxy/tftp-proxy.8
+libexec/tftp-proxy/tftp-proxy.c
+sbin/pfctl/Makefile
+sbin/pfctl/parse.y
+sbin/pfctl/pfctl.8
+sbin/pfctl/pfctl_altq.c
+sbin/pfctl/pfctl.c
+sbin/pfctl/pfctl.h
+sbin/pfctl/pfctl_optimize.c
+sbin/pfctl/pfctl_osfp.c
+sbin/pfctl/pfctl_parser.c
+sbin/pfctl/pfctl_parser.h
+sbin/pfctl/pfctl_qstats.c
+sbin/pfctl/pfctl_radix.c
+sbin/pfctl/pfctl_table.c
+sbin/pfctl/pf_print_state.c
+sbin/pflogd/Makefile
+sbin/pflogd/pflogd.8
+sbin/pflogd/pflogd.c
+sbin/pflogd/pflogd.h
+sbin/pflogd/privsep.c
+sbin/pflogd/privsep_fdpass.c
+share/man/man4/pf.4
+share/man/man4/pflog.4
+share/man/man4/pfsync.4
+share/man/man5/pf.conf.5
+share/man/man5/pf.os.5
+share/pf/ackpri
+share/pf/faq-example1
+share/pf/faq-example2
+share/pf/faq-example3
+share/pf/Makefile
+share/pf/queue1
+share/pf/queue2
+share/pf/queue3
+share/pf/queue4
+share/pf/spamd
+usr.sbin/authpf/authpf.8
+usr.sbin/authpf/authpf.c
+usr.sbin/authpf/Makefile
+usr.sbin/authpf/pathnames.h
+usr.sbin/ftp-proxy/filter.c
+usr.sbin/ftp-proxy/filter.h
+usr.sbin/ftp-proxy/ftp-proxy.8
+usr.sbin/ftp-proxy/ftp-proxy.c
+usr.sbin/ftp-proxy/Makefile
+sys/net/if.c
+sys/net/if.h
+sys/net/if_pflog.c
+sys/net/if_pflog.h
+sys/net/if_pfsync.c
+sys/net/if_pfsync.h
+sys/net/pf.c
+sys/net/pf_if.c
+sys/net/pf_ioctl.c
+sys/net/pf_norm.c
+sys/net/pf_osfp.c
+sys/net/pf_ruleset.c
+sys/net/pf_table.c
+sys/net/pfvar.h
+sys/netinet/tcp_subr.c
+sys/netinet/tcp_var.h
+EOF
+}
+
+openbsd2netbsd()
+{
+# $1 = srcdir
+# $2 = dstdir
+
+if [ -z $2 ]; then
+echo ERROR: Not enough arguments for openbsd2netbsd!
+exit 1
+fi
+if [ -d $2/dist/pf ]; then
+echo ERROR: $2 already exists!
+exit 1
+fi
+if [ -d $1/src ]; then
+echo ERROR: Use $1/src as the srcdir!
+exit 1
+fi
+
+cd $1 || exit 1
+
+# Copy from OpenBSD
+verbose mklist /tmp/pf.$$
+verbose mkdir -p $2
+verbose tar -c -T /tmp/pf.$$ -f- | tar -x -f- -C $2
+
+# Some files have different name/location in NetBSD
+verbose cd $2
+verbose mkdir -p dist/pf sys/dist/pf
+
+verbose cd $2/sys/net
+verbose mv if.c if_compat.c
+verbose mv if.h if_compat.h
+verbose cp pf.c pf_mtag.c
+verbose cp pfvar.h pf_mtag.h
+
+verbose cd $2/sys/netinet
+verbose mv tcp_subr.c tcp_rndiss.c
+verbose mv tcp_var.h tcp_rndiss.h
+
+verbose cd $2
+verbose mv etc libexec sbin share usr.sbin dist/pf/
+
+
CVS commit: src/dist/pf/share/man/man5
Module Name:src
Committed By: joerg
Date: Wed Oct 14 17:44:25 UTC 2009
Modified Files:
src/dist/pf/share/man/man5: pf.conf.5
Log Message:
Do not use .Xo/.Xc to workaround ancient groff limits.
To generate a diff of this commit:
cvs rdiff -u -r1.15 -r1.16 src/dist/pf/share/man/man5/pf.conf.5
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/dist/pf/share/man/man5/pf.conf.5
diff -u src/dist/pf/share/man/man5/pf.conf.5:1.15 src/dist/pf/share/man/man5/pf.conf.5:1.16
--- src/dist/pf/share/man/man5/pf.conf.5:1.15 Sun Mar 22 14:29:35 2009
+++ src/dist/pf/share/man/man5/pf.conf.5 Wed Oct 14 17:44:25 2009
@@ -1,4 +1,4 @@
-.\ $NetBSD: pf.conf.5,v 1.15 2009/03/22 14:29:35 perry Exp $
+.\ $NetBSD: pf.conf.5,v 1.16 2009/10/14 17:44:25 joerg Exp $
.\ $OpenBSD: pf.conf.5,v 1.383 2007/07/17 16:27:38 jmc Exp $
.\
.\ Copyright (c) 2002, Daniel Hartmeier
@@ -1407,13 +1407,8 @@
.Xr pfctl 8 ,
see the file
.Em /etc/protocols .
-.It Xo
-.Ar from Aq Ar source
-.Ar port Aq Ar source
-.Ar os Aq Ar source
-.Ar to Aq Ar dest
-.Ar port Aq Ar dest
-.Xc
+.It Ar from Ao Ar source Ac Ar port Ao Ar source Ac Ar os Ao Ar source Ac \
+Ar to Ao Ar dest Ac Ar port Aq Ar dest
This rule applies only to packets with the specified source and destination
addresses and ports.
.Pp
@@ -1592,11 +1587,8 @@
block out proto { tcp, udp } all
pass out proto { tcp, udp } all user { \*(Lt 1000, dhartmei }
.Ed
-.It Xo Ar flags Aq Ar a
-.Pf / Ns Aq Ar b
-.No \*(Ba / Ns Aq Ar b
-.No \*(Ba any
-.Xc
+.It Ar flags Ao Ar a Ac Pf / Ns Ao Ar b Ac No \*(Ba / Ns \
+Ao Ar b Ac No \*(Ba any
This rule only applies to TCP packets that have the flags
.Aq Ar a
set out of set
@@ -1648,12 +1640,8 @@
.Ar reassemble tcp
will also not be recoverable from intermediate packets.
Such connections will stall and time out.
-.It Xo Ar icmp-type Aq Ar type
-.Ar code Aq Ar code
-.Xc
-.It Xo Ar icmp6-type Aq Ar type
-.Ar code Aq Ar code
-.Xc
+.It Ar icmp-type Ao Ar type Ac Ar code Ao Ar code Ac
+.It Ar icmp6-type Ao Ar type Ac Ar code Ao Ar code Ac
This rule only applies to ICMP or ICMPv6 packets with the specified type
and code.
Text names for ICMP types and codes are listed in
@@ -1669,9 +1657,7 @@
.Ar icmp6-type
.Pc
must match.
-.It Xo Ar tos Aq Ar string
-.No \*(Ba Aq Ar number
-.Xc
+.It Ar tos Ao Ar string Ac No \*(Ba Aq Ar number
This rule applies to packets with the specified
.Em TOS
bits set.
@@ -1747,10 +1733,7 @@
The macro expansion for the
.Ar label
directive occurs only at configuration file parse time, not during runtime.
-.It Xo Ar queue Aq Ar queue
-.No \*(Ba ( Aq Ar queue ,
-.Aq Ar queue )
-.Xc
+.It Ar queue Ao Ar queue Ac No \*(Ba ( Ao Ar queue Ac , Aq Ar queue )
Packets matching this rule will be assigned to the specified queue.
If two queues are given, packets which have a
.Em TOS
@@ -2030,9 +2013,7 @@
.\ Prevent state changes for states created by this rule from appearing on the
.\ .Xr pfsync 4
.\ interface.
-.It Xo Aq Ar timeout
-.Aq Ar seconds
-.Xc
+.It Ao Ar timeout Ac Aq Ar seconds
Changes the timeout values used for states created by this rule.
For a list of all valid timeout names, see
.Sx OPTIONS
@@ -2089,9 +2070,7 @@
.It Ar max-src-conn Aq Ar number
Limits the maximum number of simultaneous TCP connections which have
completed the 3-way handshake that a single host can make.
-.It Xo Ar max-src-conn-rate Aq Ar number
-.No / Aq Ar seconds
-.Xc
+.It Ar max-src-conn-rate Ao Ar number Ac No / Aq Ar seconds
Limit the rate of new connections over a time interval.
The connection rate is an approximation calculated as a moving average.
.El
@@ -2372,10 +2351,7 @@
.It Ar anchor Aq Ar name
Evaluates the filter rules in the specified
.Ar anchor .
-.It Xo Ar load anchor
-.Aq Ar name
-.Ar from Aq Ar file
-.Xc
+.It Ar load anchor Ao Ar name Ac Ar from Aq Ar file
Loads the rules from the specified file into the
anchor
.Ar name .
CVS commit: src/dist/pf/share/man/man4
Module Name:src Committed By: joerg Date: Sun Oct 4 18:07:26 UTC 2009 Modified Files: src/dist/pf/share/man/man4: pfsync.4 Log Message: .Xr takes two arguments only. To generate a diff of this commit: cvs rdiff -u -r1.3 -r1.4 src/dist/pf/share/man/man4/pfsync.4 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/dist/pf/share/man/man4/pfsync.4 diff -u src/dist/pf/share/man/man4/pfsync.4:1.3 src/dist/pf/share/man/man4/pfsync.4:1.4 --- src/dist/pf/share/man/man4/pfsync.4:1.3 Mon Sep 14 11:45:01 2009 +++ src/dist/pf/share/man/man4/pfsync.4 Sun Oct 4 18:07:26 2009 @@ -1,4 +1,4 @@ -.\ $NetBSD: pfsync.4,v 1.3 2009/09/14 11:45:01 degroote Exp $ +.\ $NetBSD: pfsync.4,v 1.4 2009/10/04 18:07:26 joerg Exp $ .\ $OpenBSD: pfsync.4,v 1.25 2007/05/31 19:19:51 jmc Exp $ .\ .\ Copyright (c) 2002 Michael Shalayeff @@ -125,7 +125,8 @@ Either run the pfsync protocol on a trusted network \- ideally a network dedicated to pfsync messages such as a crossover cable between two firewalls, or specify a peer address and protect the traffic with -.Xr ipsec 4 (it is not supported at the moment on +.Xr ipsec 4 +(it is not supported at the moment on .Nx due to the lack of any encapsulation pseudo-device). .Pp
CVS commit: src/dist/pf/share/man/man4
Module Name:src Committed By: wiz Date: Mon Sep 14 11:17:42 UTC 2009 Modified Files: src/dist/pf/share/man/man4: pfsync.4 Log Message: Fix Dd argument. To generate a diff of this commit: cvs rdiff -u -r1.1 -r1.2 src/dist/pf/share/man/man4/pfsync.4 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/dist/pf/share/man/man4/pfsync.4 diff -u src/dist/pf/share/man/man4/pfsync.4:1.1 src/dist/pf/share/man/man4/pfsync.4:1.2 --- src/dist/pf/share/man/man4/pfsync.4:1.1 Mon Sep 14 10:36:48 2009 +++ src/dist/pf/share/man/man4/pfsync.4 Mon Sep 14 11:17:42 2009 @@ -1,4 +1,4 @@ -.\ $NetBSD: pfsync.4,v 1.1 2009/09/14 10:36:48 degroote Exp $ +.\ $NetBSD: pfsync.4,v 1.2 2009/09/14 11:17:42 wiz Exp $ .\ $OpenBSD: pfsync.4,v 1.25 2007/05/31 19:19:51 jmc Exp $ .\ .\ Copyright (c) 2002 Michael Shalayeff @@ -25,7 +25,7 @@ .\ (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\ THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\ -.Dd $Mdocdate: May 31 2007 $ +.Dd September 14, 2009 .Dt PFSYNC 4 .Os .Sh NAME
CVS commit: src/dist/pf/share/man/man4
Module Name:src
Committed By: wiz
Date: Mon Sep 14 11:17:49 UTC 2009
Modified Files:
src/dist/pf/share/man/man4: pf.4
Log Message:
- \*[Lt]\*[Gt]\*[Am]
Bump date for pfsync(4) link.
To generate a diff of this commit:
cvs rdiff -u -r1.10 -r1.11 src/dist/pf/share/man/man4/pf.4
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/dist/pf/share/man/man4/pf.4
diff -u src/dist/pf/share/man/man4/pf.4:1.10 src/dist/pf/share/man/man4/pf.4:1.11
--- src/dist/pf/share/man/man4/pf.4:1.10 Mon Sep 14 10:36:48 2009
+++ src/dist/pf/share/man/man4/pf.4 Mon Sep 14 11:17:49 2009
@@ -1,4 +1,4 @@
-.\ $NetBSD: pf.4,v 1.10 2009/09/14 10:36:48 degroote Exp $
+.\ $NetBSD: pf.4,v 1.11 2009/09/14 11:17:49 wiz Exp $
.\ $OpenBSD: pf.4,v 1.59 2007/05/31 19:19:51 jmc Exp $
.\
.\ Copyright (C) 2001, Kjell Wooding. All rights reserved.
@@ -27,7 +27,7 @@
.\ OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\ SUCH DAMAGE.
.\
-.Dd May 31, 2007
+.Dd September 14, 2009
.Dt PF 4
.Os
.Sh NAME
@@ -1065,32 +1065,32 @@
.Dv DIOCNATLOOK
command to find the internal host/port of a NATed connection:
.Bd -literal
-#include sys/types.h
-#include sys/socket.h
-#include sys/ioctl.h
-#include sys/fcntl.h
-#include net/if.h
-#include netinet/in.h
-#include net/pfvar.h
-#include err.h
-#include stdio.h
-#include stdlib.h
+#include \*[Lt]sys/types.h\*[Gt]
+#include \*[Lt]sys/socket.h\*[Gt]
+#include \*[Lt]sys/ioctl.h\*[Gt]
+#include \*[Lt]sys/fcntl.h\*[Gt]
+#include \*[Lt]net/if.h\*[Gt]
+#include \*[Lt]netinet/in.h\*[Gt]
+#include \*[Lt]net/pfvar.h\*[Gt]
+#include \*[Lt]err.h\*[Gt]
+#include \*[Lt]stdio.h\*[Gt]
+#include \*[Lt]stdlib.h\*[Gt]
u_int32_t
read_address(const char *s)
{
int a, b, c, d;
- sscanf(s, %i.%i.%i.%i, a, b, c, d);
- return htonl(a 24 | b 16 | c 8 | d);
+ sscanf(s, %i.%i.%i.%i, \*[Am]a, \*[Am]b, \*[Am]c, \*[Am]d);
+ return htonl(a \*[Lt]\*[Lt] 24 | b \*[Lt]\*[Lt] 16 | c \*[Lt]\*[Lt] 8 | d);
}
void
print_address(u_int32_t a)
{
a = ntohl(a);
- printf(%d.%d.%d.%d, a 24 255, a 16 255,
- a 8 255, a 255);
+ printf(%d.%d.%d.%d, a \*[Gt]\*[Gt] 24 \*[Am] 255, a \*[Gt]\*[Gt] 16 \*[Am] 255,
+ a \*[Gt]\*[Gt] 8 \*[Am] 255, a \*[Am] 255);
}
int
@@ -1100,7 +1100,7 @@
int dev;
if (argc != 5) {
- printf(%s gwy addr gwy port ext addr ext port\\n,
+ printf(%s \*[Lt]gwy addr\*[Gt] \*[Lt]gwy port\*[Gt] \*[Lt]ext addr\*[Gt] \*[Lt]ext port\*[Gt]\\n,
argv[0]);
return 1;
}
@@ -1109,7 +1109,7 @@
if (dev == -1)
err(1, open(\\/dev/pf\\) failed);
- memset(nl, 0, sizeof(struct pfioc_natlook));
+ memset(\*[Am]nl, 0, sizeof(struct pfioc_natlook));
nl.saddr.v4.s_addr = read_address(argv[1]);
nl.sport = htons(atoi(argv[2]));
nl.daddr.v4.s_addr = read_address(argv[3]);
@@ -1118,7 +1118,7 @@
nl.proto = IPPROTO_TCP;
nl.direction = PF_IN;
- if (ioctl(dev, DIOCNATLOOK, nl))
+ if (ioctl(dev, DIOCNATLOOK, \*[Am]nl))
err(1, DIOCNATLOOK);
printf(internal host );
CVS commit: src/dist/pf/share/man/man4
Module Name:src Committed By: degroote Date: Mon Sep 14 11:45:01 UTC 2009 Modified Files: src/dist/pf/share/man/man4: pfsync.4 Log Message: Improve the pfsync(4) man page hostname.if(5) is ifconfig.if(5) on NetBSD Don't speak about enc, as we don't support it at the moment Make clear that we don't support ipsec protection of pfsync traffic (as long we doesn't support enc, or similar thing) Catched by wiz@ To generate a diff of this commit: cvs rdiff -u -r1.2 -r1.3 src/dist/pf/share/man/man4/pfsync.4 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/dist/pf/share/man/man4/pfsync.4 diff -u src/dist/pf/share/man/man4/pfsync.4:1.2 src/dist/pf/share/man/man4/pfsync.4:1.3 --- src/dist/pf/share/man/man4/pfsync.4:1.2 Mon Sep 14 11:17:42 2009 +++ src/dist/pf/share/man/man4/pfsync.4 Mon Sep 14 11:45:01 2009 @@ -1,4 +1,4 @@ -.\ $NetBSD: pfsync.4,v 1.2 2009/09/14 11:17:42 wiz Exp $ +.\ $NetBSD: pfsync.4,v 1.3 2009/09/14 11:45:01 degroote Exp $ .\ $OpenBSD: pfsync.4,v 1.25 2007/05/31 19:19:51 jmc Exp $ .\ .\ Copyright (c) 2002 Michael Shalayeff @@ -108,16 +108,16 @@ used is 224.0.0.240. When a peer address is specified using the .Ic syncpeer -keyword, the peer address is used as a destination for the pfsync traffic, -and the traffic can then be protected using -.Xr ipsec 4 . -In such a configuration, the syncdev should be set to the -.Xr enc 4 -interface, as this is where the traffic arrives when it is decapsulated, -e.g.: -.Bd -literal -offset indent -# ifconfig pfsync0 syncpeer 10.0.0.2 syncdev enc0 -.Ed +keyword, the peer address is used as a destination for the pfsync traffic. +.\and the traffic can then be protected using +.\.Xr ipsec 4 . +.\In such a configuration, the syncdev should be set to the +.\.Xr enc 4 +.\interface, as this is where the traffic arrives when it is decapsulated, +.\e.g.: +.\.Bd -literal -offset indent +.\# ifconfig pfsync0 syncpeer 10.0.0.2 syncdev enc0 +.\.Ed .Pp It is important that the pfsync traffic be well secured as there is no authentication on the protocol and it would @@ -125,7 +125,9 @@ Either run the pfsync protocol on a trusted network \- ideally a network dedicated to pfsync messages such as a crossover cable between two firewalls, or specify a peer address and protect the traffic with -.Xr ipsec 4 . +.Xr ipsec 4 (it is not supported at the moment on +.Nx +due to the lack of any encapsulation pseudo-device). .Pp There is a one-to-one correspondence between packets seen by .Xr bpf 4 @@ -161,32 +163,32 @@ The interfaces are configured as follows (firewall A unless otherwise indicated): .Pp -.Pa /etc/hostname.sis0 : +.Pa /etc/ifconfig.sis0 : .Bd -literal -offset indent inet 10.0.0.254 255.255.255.0 NONE .Ed .Pp -.Pa /etc/hostname.sis1 : +.Pa /etc/ifconfig.sis1 : .Bd -literal -offset indent inet 192.168.0.254 255.255.255.0 NONE .Ed .Pp -.Pa /etc/hostname.sis2 : +.Pa /etc/ifconfig.sis2 : .Bd -literal -offset indent inet 192.168.254.254 255.255.255.0 NONE .Ed .Pp -.Pa /etc/hostname.carp0 : +.Pa /etc/ifconfig.carp0 : .Bd -literal -offset indent inet 10.0.0.1 255.255.255.0 10.0.0.255 vhid 1 pass foo .Ed .Pp -.Pa /etc/hostname.carp1 : +.Pa /etc/ifconfig.carp1 : .Bd -literal -offset indent inet 192.168.0.1 255.255.255.0 192.168.0.255 vhid 2 pass bar .Ed .Pp -.Pa /etc/hostname.pfsync0 : +.Pa /etc/ifconfig.pfsync0 : .Bd -literal -offset indent up syncdev sis2 .Ed @@ -212,7 +214,7 @@ interfaces should be set to something higher than the primary's. For example, if firewall B is the backup, its -.Pa /etc/hostname.carp1 +.Pa /etc/ifconfig.carp1 would look like this: .Bd -literal -offset indent inet 192.168.0.1 255.255.255.0 192.168.0.255 vhid 2 pass bar \e @@ -232,9 +234,10 @@ .Xr ipsec 4 , .Xr netintro 4 , .Xr pf 4 , -.Xr hostname.if 5 , +.Xr ifconfig.if 5 , .Xr pf.conf 5 , .Xr protocols 5 , +.\ enc 8, .Xr ifconfig 8 , .Xr tcpdump 8 .Sh HISTORY
CVS commit: src/dist/pf/usr.sbin/authpf
Module Name:src Committed By: wiz Date: Thu Sep 10 13:17:39 UTC 2009 Modified Files: src/dist/pf/usr.sbin/authpf: authpf.8 Log Message: Remove references to securelevel(7) and ssl(8), which don't exist. From Jukka Ruohonen. To generate a diff of this commit: cvs rdiff -u -r1.9 -r1.10 src/dist/pf/usr.sbin/authpf/authpf.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/dist/pf/usr.sbin/authpf/authpf.8 diff -u src/dist/pf/usr.sbin/authpf/authpf.8:1.9 src/dist/pf/usr.sbin/authpf/authpf.8:1.10 --- src/dist/pf/usr.sbin/authpf/authpf.8:1.9 Sun Mar 22 14:29:35 2009 +++ src/dist/pf/usr.sbin/authpf/authpf.8 Thu Sep 10 13:17:39 2009 @@ -1,4 +1,4 @@ -.\ $NetBSD: authpf.8,v 1.9 2009/03/22 14:29:35 perry Exp $ +.\ $NetBSD: authpf.8,v 1.10 2009/09/10 13:17:39 wiz Exp $ .\ $OpenBSD: authpf.8,v 1.44 2007/05/31 19:20:22 jmc Exp $ .\ .\ Copyright (c) 1998-2007 Bob Beck (b...@openbsd.org. All rights reserved. @@ -390,8 +390,7 @@ wireless network (a hub with several hundred ports), the default rule set as well as the per-user rules should probably allow very few things beyond encrypted protocols like -.Xr ssh 1 , -.Xr ssl 8 , +.Xr ssh 1 or .Xr ipsec 4 . On a securely switched network, with plug-in jacks for visitors who are @@ -508,7 +507,6 @@ .Sh SEE ALSO .Xr pf 4 , .Xr pf.conf 5 , -.Xr securelevel 7 , .Xr ftp-proxy 8 .Sh HISTORY The
CVS commit: src/dist/pf/sbin/pflogd
Module Name:src
Committed By: minskim
Date: Fri Aug 7 16:37:12 UTC 2009
Modified Files:
src/dist/pf/sbin/pflogd: pflogd.c
Log Message:
Correct the #ifdef test for struct ifdatareq.
To generate a diff of this commit:
cvs rdiff -u -r1.6 -r1.7 src/dist/pf/sbin/pflogd/pflogd.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/dist/pf/sbin/pflogd/pflogd.c
diff -u src/dist/pf/sbin/pflogd/pflogd.c:1.6 src/dist/pf/sbin/pflogd/pflogd.c:1.7
--- src/dist/pf/sbin/pflogd/pflogd.c:1.6 Wed Jul 15 18:05:17 2009
+++ src/dist/pf/sbin/pflogd/pflogd.c Fri Aug 7 16:37:12 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: pflogd.c,v 1.6 2009/07/15 18:05:17 christos Exp $ */
+/* $NetBSD: pflogd.c,v 1.7 2009/08/07 16:37:12 minskim Exp $ */
/* $OpenBSD: pflogd.c,v 1.45 2007/06/06 14:11:26 henning Exp $ */
/*
@@ -204,7 +204,7 @@
if_exists(char *ifname)
{
int s;
-#ifdef SIOCGZIFDATA
+#ifdef SIOCGIFDATA
struct ifdatareq ifr;
#define ifr_name ifdr_name
#else
CVS commit: src/dist/pf/sbin/pflogd
Module Name:src
Committed By: christos
Date: Wed Jul 15 18:05:17 UTC 2009
Modified Files:
src/dist/pf/sbin/pflogd: pflogd.c
Log Message:
use the proper structure to get interface data. We depend on having the
NetBSD-specific ZIFDATA call to do the selection of the ioctl style.
From Patrick Welche.
To generate a diff of this commit:
cvs rdiff -u -r1.5 -r1.6 src/dist/pf/sbin/pflogd/pflogd.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/dist/pf/sbin/pflogd/pflogd.c
diff -u src/dist/pf/sbin/pflogd/pflogd.c:1.5 src/dist/pf/sbin/pflogd/pflogd.c:1.6
--- src/dist/pf/sbin/pflogd/pflogd.c:1.5 Wed Jun 18 05:06:26 2008
+++ src/dist/pf/sbin/pflogd/pflogd.c Wed Jul 15 14:05:17 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: pflogd.c,v 1.5 2008/06/18 09:06:26 yamt Exp $ */
+/* $NetBSD: pflogd.c,v 1.6 2009/07/15 18:05:17 christos Exp $ */
/* $OpenBSD: pflogd.c,v 1.45 2007/06/06 14:11:26 henning Exp $ */
/*
@@ -204,8 +204,13 @@
if_exists(char *ifname)
{
int s;
+#ifdef SIOCGZIFDATA
+ struct ifdatareq ifr;
+#define ifr_name ifdr_name
+#else
struct ifreq ifr;
struct if_data ifrdat;
+#endif
if ((s = socket(AF_INET, SOCK_DGRAM, 0)) == -1)
err(1, socket);
@@ -213,7 +218,9 @@
if (strlcpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name)) =
sizeof(ifr.ifr_name))
errx(1, main ifr_name: strlcpy);
+#ifndef ifr_name
ifr.ifr_data = (caddr_t)ifrdat;
+#endif
if (ioctl(s, SIOCGIFDATA, (caddr_t)ifr) == -1)
return (0);
if (close(s))
CVS commit: src/dist/pf/sbin/pfctl
Module Name:src
Committed By: minskim
Date: Tue Jun 16 05:16:52 UTC 2009
Modified Files:
src/dist/pf/sbin/pfctl: parse.y
Log Message:
Reduce diff with OpenBSD. No functional change.
To generate a diff of this commit:
cvs rdiff -u -r1.11 -r1.12 src/dist/pf/sbin/pfctl/parse.y
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/dist/pf/sbin/pfctl/parse.y
diff -u src/dist/pf/sbin/pfctl/parse.y:1.11 src/dist/pf/sbin/pfctl/parse.y:1.12
--- src/dist/pf/sbin/pfctl/parse.y:1.11 Wed Jun 18 09:06:26 2008
+++ src/dist/pf/sbin/pfctl/parse.y Tue Jun 16 05:16:52 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: parse.y,v 1.11 2008/06/18 09:06:26 yamt Exp $ */
+/* $NetBSD: parse.y,v 1.12 2009/06/16 05:16:52 minskim Exp $ */
/* $OpenBSD: parse.y,v 1.519 2007/06/21 19:30:03 henning Exp $ */
/*
@@ -26,9 +26,6 @@
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- * This material is based upon work partially supported by NSF under
- * Contract No. NSF CNS-0626584.
*/
%{
#include sys/types.h
CVS commit: src/dist/pf/usr.sbin/ftp-proxy
Module Name:src Committed By: reed Date: Fri Apr 24 16:48:58 UTC 2009 Modified Files: src/dist/pf/usr.sbin/ftp-proxy: ftp-proxy.8 Log Message: Fix roff formatting for - by adding an \ such as document in mdoc.7 This was reported in 41276 To generate a diff of this commit: cvs rdiff -u -r1.4 -r1.5 src/dist/pf/usr.sbin/ftp-proxy/ftp-proxy.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/dist/pf/usr.sbin/ftp-proxy/ftp-proxy.8 diff -u src/dist/pf/usr.sbin/ftp-proxy/ftp-proxy.8:1.4 src/dist/pf/usr.sbin/ftp-proxy/ftp-proxy.8:1.5 --- src/dist/pf/usr.sbin/ftp-proxy/ftp-proxy.8:1.4 Sun Mar 22 14:29:35 2009 +++ src/dist/pf/usr.sbin/ftp-proxy/ftp-proxy.8 Fri Apr 24 16:48:58 2009 @@ -1,4 +1,4 @@ -.\ $NetBSD: ftp-proxy.8,v 1.4 2009/03/22 14:29:35 perry Exp $ +.\ $NetBSD: ftp-proxy.8,v 1.5 2009/04/24 16:48:58 reed Exp $ .\ $OpenBSD: ftp-proxy.8,v 1.10 2007/08/01 15:45:41 jmc Exp $ .\ .\ Copyright (c) 2004, 2005 Camiel Dobbelaar, c...@sentia.nl @@ -73,14 +73,14 @@ .Pp In case of active mode (PORT or EPRT): .Bd -literal -offset 2n -rdr from $server to $proxy port $port -*[Gt] $client +rdr from $server to $proxy port $port -\*[Gt] $client pass quick inet proto tcp \e from $server to $client port $port .Ed .Pp In case of passive mode (PASV or EPSV): .Bd -literal -offset 2n -nat from $client to $server port $port -*[Gt] $proxy +nat from $client to $server port $port -\*[Gt] $proxy pass in quick inet proto tcp \e from $client to $server port $port pass out quick inet proto tcp \e @@ -174,7 +174,7 @@ .Bd -literal -offset 2n nat-anchor ftp-proxy/* rdr-anchor ftp-proxy/* -rdr pass on $int_if proto tcp from $lan to any port 21 -*[Gt] \e +rdr pass on $int_if proto tcp from $lan to any port 21 -\*[Gt] \e 127.0.0.1 port 8021 .Ed .Pp @@ -189,7 +189,7 @@ .Xr ipnat.conf 5 need the following rule: .Bd -literal -offset 2n -rdr $int_if any port 21 -*[Gt] 127.0.0.1 port 8021 tcp +rdr $int_if any port 21 -\*[Gt] 127.0.0.1 port 8021 tcp .Ed .Sh SEE ALSO .Xr ftp 1 ,
