| d7e9df4f | 12-Nov-2024 |
Kristof Provost <kp@FreeBSD.org> |
pfctl: print_rule: rename opts -> ropts
no binary change
1/2 from Lawrence Teo <lteo at devio dot us>
ok sthen dlg myself and gcc
Obtained from: OpenBSD, henning <henning@openbsd.org>, 6992ade79a
S
pfctl: print_rule: rename opts -> ropts
no binary change
1/2 from Lawrence Teo <lteo at devio dot us>
ok sthen dlg myself and gcc
Obtained from: OpenBSD, henning <henning@openbsd.org>, 6992ade79a
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D47800
show more ...
|
| aa69fdf1 | 10-Oct-2024 |
Kristof Provost <kp@FreeBSD.org> |
pfctl: change for af-to / NAT64 support.
The general syntax is:
pass in inet from any to 192.168.1.1 af-to inet6 from 2001::1 to 2001::2
In the NAT64 case the "to" is not needed in af-to and the IP
pfctl: change for af-to / NAT64 support.
The general syntax is:
pass in inet from any to 192.168.1.1 af-to inet6 from 2001::1 to 2001::2
In the NAT64 case the "to" is not needed in af-to and the IP is extraced
from the IPv6 dst (assuming a /64 prefix).
Again most work by sperreault@, mikeb@ and reyk@
OK mcbride@, put it in deraadt@
Obtained from: OpenBSD, claudio <claudio@openbsd.org>, 0cde32ce3f
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D47790
show more ...
|
| 6562157d | 02-Oct-2024 |
Kristof Provost <kp@FreeBSD.org> |
pfctl: avoid possible SIGSEGV when wrong tos option
Obtained from: OpenBSD, haesbaert <haesbaert@openbsd.org>, 934eaac797
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision:
pfctl: avoid possible SIGSEGV when wrong tos option
Obtained from: OpenBSD, haesbaert <haesbaert@openbsd.org>, 934eaac797
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D46933
show more ...
|
| f3ab00c2 | 03-Sep-2024 |
Kristof Provost <kp@FreeBSD.org> |
pf: add a new log opt PF_LOG_MATCHES
forces logging on all subsequent matching rules
new log opt "matches"
awesome for debugging, a rule like
match log(matches) from $testbox
will show you exactly w
pf: add a new log opt PF_LOG_MATCHES
forces logging on all subsequent matching rules
new log opt "matches"
awesome for debugging, a rule like
match log(matches) from $testbox
will show you exactly which subsequent rules match on that packet
real ok theo assumed oks ryan & dlg bikeshedding many
Obtained from: OpenBSD, henning <henning@openbsd.org>, 1603e01ae4
Obtained from: OpenBSD, henning <henning@openbsd.org>, f496e91672
Obtained from: OpenBSD, henning <henning@openbsd.org>, 07481a9fee
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D46588
show more ...
|
| 80eb861d | 29-Aug-2024 |
Kristof Provost <kp@FreeBSD.org> |
pfctl: lex <=, >=, and != into a single token
lex <=, >=, and != into a single token for correctness and to reduce the
lookahead in the parser
ok henning otto
Reviewed by: zlei
Obtained from: OpenB
pfctl: lex <=, >=, and != into a single token
lex <=, >=, and != into a single token for correctness and to reduce the
lookahead in the parser
ok henning otto
Reviewed by: zlei
Obtained from: OpenBSD, deraadt <deraadt@openbsd.org>, e6e3ecf338
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D46582
show more ...
|
| 637d81c5 | 29-Aug-2024 |
Kristof Provost <kp@FreeBSD.org> |
pfctl: fix incorrect optimization
In the non-optimized case, an address list containing "any" (ie. { any 10.0.0.1 })
should be folded in the parser to any, not to 10.0.0.1. How long this bug has
be
pfctl: fix incorrect optimization
In the non-optimized case, an address list containing "any" (ie. { any 10.0.0.1 })
should be folded in the parser to any, not to 10.0.0.1. How long this bug has
been with us is unclear.
ok guenther mcbride
Obtained from: OpenBSD, deraadt <deraadt@openbsd.org>, e3b4bc25a0
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D46580
show more ...
|