History log of /freebsd/sbin/pfctl/parse.y (Results 76 – 100 of 118)
Revision (<<< Hide revision tags) (Show revision tags >>>) Date Author Comments
# c6879c6c 23-Oct-2018 Dimitry Andric <dim@FreeBSD.org>

Merge ^/head r339015 through r339669.


# 4a8e4793 22-Oct-2018 Kristof Provost <kp@FreeBSD.org>

pfctl: Fix line numbers when \ is used inside ""

PR: 201520
Obtained from: OpenBSD
MFC after: 2 weeks


# a2a90d6e 20-Oct-2018 Kristof Provost <kp@FreeBSD.org>

pfctl: Dup strings

When we set the ifname we have to copy the string, rather than just keep
the pointer.

PR: 231323
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D17507


# 7847e041 24-Aug-2018 Dimitry Andric <dim@FreeBSD.org>

Merge ^/head r338026 through r338297, and resolve conflicts.


# 249cc75f 22-Aug-2018 Patrick Kelsey <pkelsey@FreeBSD.org>

Extended pf(4) ioctl interface and pfctl(8) to allow bandwidths of
2^32 bps or greater to be used. Prior to this, bandwidth parameters
would simply wrap at the 2^32 boundary. The computations in th

Extended pf(4) ioctl interface and pfctl(8) to allow bandwidths of
2^32 bps or greater to be used. Prior to this, bandwidth parameters
would simply wrap at the 2^32 boundary. The computations in the HFSC
scheduler and token bucket regulator have been modified to operate
correctly up to at least 100 Gbps. No other algorithms have been
examined or modified for correct operation above 2^32 bps (some may
have existing computation resolution or overflow issues at rates below
that threshold). pfctl(8) will now limit non-HFSC bandwidth
parameters to 2^32 - 1 before passing them to the kernel.

The extensions to the pf(4) ioctl interface have been made in a
backwards-compatible way by versioning affected data structures,
supporting all versions in the kernel, and implementing macros that
will cause existing code that consumes that interface to use version 0
without source modifications. If version 0 consumers of the interface
are used against a new kernel that has had bandwidth parameters of
2^32 or greater configured by updated tools, such bandwidth parameters
will be reported as 2^32 - 1 bps by those old consumers.

All in-tree consumers of the pf(4) interface have been updated. To
update out-of-tree consumers to the latest version of the interface,
define PFIOC_USE_LATEST ahead of any includes and use the code of
pfctl(8) as a guide for the ioctls of interest.

PR: 211730
Reviewed by: jmallett, kp, loos
MFC after: 2 weeks
Relnotes: yes
Sponsored by: RG Nets
Differential Revision: https://reviews.freebsd.org/D16782

show more ...


# 150182e3 22-Jun-2018 Kristof Provost <kp@FreeBSD.org>

pf: Support "return" statements in passing rules when they fail.

Normally pf rules are expected to do one of two things: pass the traffic or
block it. Blocking can be silent - "drop", or loud - "ret

pf: Support "return" statements in passing rules when they fail.

Normally pf rules are expected to do one of two things: pass the traffic or
block it. Blocking can be silent - "drop", or loud - "return", "return-rst",
"return-icmp". Yet there is a 3rd category of traffic passing through pf:
Packets matching a "pass" rule but when applying the rule fails. This happens
when redirection table is empty or when src node or state creation fails. Such
rules always fail silently without notifying the sender.

Allow users to configure this behaviour too, so that pf returns an error packet
in these cases.

PR: 226850
Submitted by: Kajetan Staszkiewicz <vegeta tuxpowered.net>
MFC after: 1 week
Sponsored by: InnoGames GmbH

show more ...


Revision tags: release/11.2.0
# 1de7b4b8 27-Nov-2017 Pedro F. Giffuni <pfg@FreeBSD.org>

various: general adoption of SPDX licensing ID tags.

Mainly focus on files that use BSD 2-Clause license, however the tool I
was using misidentified many licenses so this was mostly a manual - error

various: general adoption of SPDX licensing ID tags.

Mainly focus on files that use BSD 2-Clause license, however the tool I
was using misidentified many licenses so this was mostly a manual - error
prone - task.

The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.

No functional change intended.

show more ...


# 937d37fc 19-Nov-2017 Hans Petter Selasky <hselasky@FreeBSD.org>

Merge ^/head r325842 through r325998.


# 58c8430a 15-Nov-2017 Kristof Provost <kp@FreeBSD.org>

pfctl: teach route-to to deal with interfaces with multiple addresses

The route_host parsing code set the interface name, but only for the first
node_host in the list. If that one happened to be the

pfctl: teach route-to to deal with interfaces with multiple addresses

The route_host parsing code set the interface name, but only for the first
node_host in the list. If that one happened to be the inet6 address and the
rule wanted an inet address it'd get removed by remove_invalid_hosts() later
on, and we'd have no interface name.

We must set the interface name for all node_host entries in the list, not just
the first one.

PR: 223208
MFC after: 2 weeks

show more ...


Revision tags: release/10.4.0, release/11.1.0
# 1e93588b 28-Dec-2016 Luiz Otavio O Souza <loos@FreeBSD.org>

Fix the parsing of NPt binat rules.

In this specific case the src address can be set to any, which was not
accepted prior to this commit.

pfSense bug report: https://redmine.pfsense.org/issues/6985

Fix the parsing of NPt binat rules.

In this specific case the src address can be set to any, which was not
accepted prior to this commit.

pfSense bug report: https://redmine.pfsense.org/issues/6985
Reviewed by: kp
Obtained from: pfSense
MFC after: 2 weeks
Sponsored by: Rubicon Communications, LLC (Netgate)

show more ...


# a0e610c4 16-Oct-2016 Dimitry Andric <dim@FreeBSD.org>

Merge ^/head r306906 through r307382.


# 1f495578 13-Oct-2016 Kristof Provost <kp@FreeBSD.org>

pf: port extended DSCP support from OpenBSD

Ignore the ECN bits on 'tos' and 'set-tos' and allow to use
DCSP names instead of having to embed their TOS equivalents
as plain numbers.

Obtained from:

pf: port extended DSCP support from OpenBSD

Ignore the ECN bits on 'tos' and 'set-tos' and allow to use
DCSP names instead of having to embed their TOS equivalents
as plain numbers.

Obtained from: OpenBSD
Sponsored by: OPNsense
Differential Revision: https://reviews.freebsd.org/D8165

show more ...


# 242b2482 09-Oct-2016 Dimitry Andric <dim@FreeBSD.org>

Merge ^/head r306412 through r306905.


# 813196a1 04-Oct-2016 Kristof Provost <kp@FreeBSD.org>

pf: remove fastroute tag

The tag fastroute came from ipf and was removed in OpenBSD in 2011. The code
allows to skip the in pfil hooks and completely removes the out pfil invoke,
albeit looking up a

pf: remove fastroute tag

The tag fastroute came from ipf and was removed in OpenBSD in 2011. The code
allows to skip the in pfil hooks and completely removes the out pfil invoke,
albeit looking up a route that the IP stack will likely find on its own.
The code between IPv4 and IPv6 is also inconsistent and marked as "XXX"
for years.

Submitted by: Franco Fichtner <franco@opnsense.org>
Differential Revision: https://reviews.freebsd.org/D8058

show more ...


Revision tags: release/11.0.1, release/11.0.0
# 27067774 16-Aug-2016 Dimitry Andric <dim@FreeBSD.org>

Merge ^/head r303250 through r304235.


# 7f8af000 05-Aug-2016 Luiz Otavio O Souza <loos@FreeBSD.org>

Fix a regression in pf.conf while parsing the 'interval' keyword.

The bug was introduced by r287009.

PR: 210924
Submitted by: kp@
Sponsored by: Rubicon Communications (Netgate)
Pointy hat to: loos


# 13cfafab 04-Aug-2016 Kristof Provost <kp@FreeBSD.org>

pfctl: Make most global variables static.

This will make it easier to link as a library.

Submitted by: Christian Mauderer <christian.mauderer@embedded-brains.de>


# 0cd7a91a 02-Aug-2016 Kristof Provost <kp@FreeBSD.org>

pfctl: Allow TOS bits to be cleared

TOS value 0 is valid, so use 256 as an invalid value rather than zero.
This allows users to enforce TOS == 0 with pf.

Reported by: Radek Krejča <radek.krejca@sta

pfctl: Allow TOS bits to be cleared

TOS value 0 is valid, so use 256 as an invalid value rather than zero.
This allows users to enforce TOS == 0 with pf.

Reported by: Radek Krejča <radek.krejca@starnet.cz>

show more ...


# 3e248e0f 17-Jun-2016 Kristof Provost <kp@FreeBSD.org>

pf: Filter on and set vlan PCP values

Adopt the OpenBSD syntax for setting and filtering on VLAN PCP values. This
introduces two new keywords: 'set prio' to set the PCP value, and 'prio' to
filter o

pf: Filter on and set vlan PCP values

Adopt the OpenBSD syntax for setting and filtering on VLAN PCP values. This
introduces two new keywords: 'set prio' to set the PCP value, and 'prio' to
filter on it.

Reviewed by: allanjude, araujo
Approved by: re (gjb)
Obtained from: OpenBSD (mostly)
Differential Revision: https://reviews.freebsd.org/D6786

show more ...


# b68ac800 30-Apr-2016 Pedro F. Giffuni <pfg@FreeBSD.org>

sbin: minor spelling fixes.

No functional change.


# 0edd2576 16-Apr-2016 Glen Barber <gjb@FreeBSD.org>

MFH

Sponsored by: The FreeBSD Foundation


# db1bbde6 14-Apr-2016 Luiz Otavio O Souza <loos@FreeBSD.org>

Make pfctl(8) more flexible when parsing bandwidth values.

This is the current behaviour in OpenBSD and a similar patch exist in
pfSense too.

Obtained from: OpenBSD (partly - rev. 1.625)
MFC after:

Make pfctl(8) more flexible when parsing bandwidth values.

This is the current behaviour in OpenBSD and a similar patch exist in
pfSense too.

Obtained from: OpenBSD (partly - rev. 1.625)
MFC after: 2 weeks
Sponsored by: Rubicon Communications (Netgate)

show more ...


Revision tags: release/10.3.0
# 11d38a57 28-Oct-2015 Baptiste Daroussin <bapt@FreeBSD.org>

Merge from head

Sponsored by: Gandi.net


# becbad1f 13-Oct-2015 Baptiste Daroussin <bapt@FreeBSD.org>

Merge from head


# b5ff185e 12-Sep-2015 Baptiste Daroussin <bapt@FreeBSD.org>

Merge from head


12345