Through fixes and improvements our ipfilter sources have diverged
enough to warrant move from contrib into sbin/ipf. Now that I'm
planning on implementing MSS clamping as in iptables it makes more
sense to move ipfilter to sbin.
This is the second of three commits of the ipfilter move.
Suggested by glebius on two occaions.
Suggested by and discussed with: glebius
Reviewed by: glebius, kp (for #network)
Differential Revision: https://reviews.freebsd.org/D33510
(cherry picked from commit 41edb306f0)
Display of stats from a kernel core dump was never fully implemented.
Remove the dangling vars and remove the documentation.
(cherry picked from commit 2169572e74)
1e811efbc5:
57785538c6:
Simplify the FreeBSD check using __FreeBSD__ compiler macro.
Rather than rely on __FreeBSD_version, defined in sys/param.h, use
__FreeBSD__ defined by the compiler.
Reported by: emaste
MFC after: 1 week
(cherry picked from commit 57785538c6)
1e811efbc5:
Fix non-IPv6 build post 57785538c6.
57785538c6 change the test for FreeBSD
from __FreeBSD_version to __FreeBSD__. However this test was performed
before sys/param.h was included, therefore __FreeBSD_version was never
defined. As the test was never true opt_random_ip_id.h was never included.
Submitted by: bdragon
Reported by: bdragon
(cherry picked from commit 1e811efbc5)
Replace the redundant MENTAT macro with SOLARIS.
MENTAT and SOLARIS are synonymous. Remove the extraneous duplicate
macro.
(cherry picked from commit 0f34c80f37)
Retire the K&R/STD C __P prototype declarations.
In the old days when K&R C and STD C were each in use a workaround
(read hack) was required to allow the same code to work on each
without modification. All C compilers support STD C. We can finally
put the __P prototype to rest.
(cherry picked from commit 4cd1807c7d)
ipfilter: Retire pre-standard C support.
All C compilers in 2021 support standard C and architectures that did
not were retired long ago. Simplify by removing now redundant
pre-standard C code.
(cherry picked from commit 83edbc3cb5)
and ipfstat -o where without an argument IPv4 and IPv6 states are
shown. Use -4 and -6 to limit the display to IPv4 or IPv6 respectively.
PR: 247952
MFC after: 1 week
ipfstat would list IPv4 outputs by default while -6 would produce IPv6
outputs. This commit combines the ipfstat -i and -o outputs into one
listing of IPv4 and IPv6 rules. The -4 option lists only IPv4 rules
(as the default before) while -6 continues to list only rules that affect
IPv6.
PR: 247952
Reported by: joeb1@a1poweruser.com
MFC after: 1 week
the kernel, not an arbitrary 4 or 6.
This only affected printing ipfilter stats and rules from a kernel
dump. (This is currently undocumented.)
PR: 247952
MFC after: 1 week
This is a prerequisite to upcoming argument processing cleanups which
will resolve consistency as was done with ippool previously.
PR: 247952
MFC after: 1 week
thishost is already defined in lib/initparse.c; no need for this one. This
fixes the ipfilter build with -fno-common.
-fno-common will become the default in GCC10/LLVM11.
MFC after: 3 days
files. This allows for loading, during the same invocation of ippool, of
multiple sources of input using multiple tools to concurrently maintain the
files such as fail2ban, macro preprocessors, and manually.
MFC after: 1 week
from the command line. Prior to this the functionality was mostly there
however since the pool type (-t) was not recognized by the -A and -R
command options -- not recognized by getopt(). Additionally the code to
implement the dynamic add and removal of pools didn't work.
When dynamically adding (-A) a pool a type (-t) to specify if the pool
is a tree or hash pool must be specified. When dynamically removing (-R)
a pool, omitting -t will cause a search-and-destroy which will remove
both types of pools matching the name given (-m).
PR: 218433
MFC after: 1 week
conflicts with the command option of the same name (also -R).
Remove the superfluous and confusing non-global non-command -R option.
PR: 218433
MFC after: 1 week
Only a role of "ipf" is currentlysupported as the other documented
(and undocumented) roles are #ifdef'd out.
The plan is to complete ippool(8) as it is even in its current state
a powerful feature/tool.
PR: 218433
MFC after: 1 month
