PERFORCE change 76761 for review
Sam Leffler
sam at FreeBSD.org
Mon May 9 13:08:03 PDT 2005
http://perforce.freebsd.org/chv.cgi?CH=76761
Change 76761 by sam at sam_ebb on 2005/05/09 20:07:14
IFC @ 76760
Affected files ...
.. //depot/projects/wifi/UPDATING#15 integrate
.. //depot/projects/wifi/bin/csh/config.h#5 integrate
.. //depot/projects/wifi/contrib/ipfilter/tools/ipmon.c#2 integrate
.. //depot/projects/wifi/contrib/pf/authpf/authpf.8#2 integrate
.. //depot/projects/wifi/contrib/pf/authpf/authpf.c#2 integrate
.. //depot/projects/wifi/contrib/pf/authpf/pathnames.h#2 integrate
.. //depot/projects/wifi/contrib/pf/ftp-proxy/ftp-proxy.8#2 integrate
.. //depot/projects/wifi/contrib/pf/ftp-proxy/ftp-proxy.c#2 integrate
.. //depot/projects/wifi/contrib/pf/ftp-proxy/getline.c#2 integrate
.. //depot/projects/wifi/contrib/pf/ftp-proxy/util.c#2 integrate
.. //depot/projects/wifi/contrib/pf/ftp-proxy/util.h#2 integrate
.. //depot/projects/wifi/contrib/pf/man/pf.4#3 integrate
.. //depot/projects/wifi/contrib/pf/man/pf.conf.5#4 integrate
.. //depot/projects/wifi/contrib/pf/man/pf.os.5#2 integrate
.. //depot/projects/wifi/contrib/pf/man/pflog.4#2 integrate
.. //depot/projects/wifi/contrib/pf/man/pfsync.4#3 integrate
.. //depot/projects/wifi/contrib/pf/pfctl/parse.y#2 integrate
.. //depot/projects/wifi/contrib/pf/pfctl/pf_print_state.c#2 integrate
.. //depot/projects/wifi/contrib/pf/pfctl/pfctl.8#2 integrate
.. //depot/projects/wifi/contrib/pf/pfctl/pfctl.c#2 integrate
.. //depot/projects/wifi/contrib/pf/pfctl/pfctl.h#2 integrate
.. //depot/projects/wifi/contrib/pf/pfctl/pfctl_altq.c#2 integrate
.. //depot/projects/wifi/contrib/pf/pfctl/pfctl_optimize.c#1 branch
.. //depot/projects/wifi/contrib/pf/pfctl/pfctl_osfp.c#2 integrate
.. //depot/projects/wifi/contrib/pf/pfctl/pfctl_parser.c#2 integrate
.. //depot/projects/wifi/contrib/pf/pfctl/pfctl_parser.h#2 integrate
.. //depot/projects/wifi/contrib/pf/pfctl/pfctl_qstats.c#2 integrate
.. //depot/projects/wifi/contrib/pf/pfctl/pfctl_radix.c#2 integrate
.. //depot/projects/wifi/contrib/pf/pfctl/pfctl_table.c#2 integrate
.. //depot/projects/wifi/contrib/pf/pflogd/pflogd.8#2 integrate
.. //depot/projects/wifi/contrib/pf/pflogd/pflogd.c#2 integrate
.. //depot/projects/wifi/contrib/pf/pflogd/pidfile.c#2 integrate
.. //depot/projects/wifi/contrib/pf/pflogd/privsep.c#2 integrate
.. //depot/projects/wifi/contrib/pf/pflogd/privsep_fdpass.c#2 integrate
.. //depot/projects/wifi/contrib/smbfs/lib/smb/ctx.c#2 integrate
.. //depot/projects/wifi/games/fortune/datfiles/limerick#3 integrate
.. //depot/projects/wifi/gnu/usr.bin/gdb/libgdb/fbsd-threads.c#6 integrate
.. //depot/projects/wifi/lib/libalias/HISTORY#2 delete
.. //depot/projects/wifi/lib/libalias/Makefile#3 integrate
.. //depot/projects/wifi/lib/libalias/alias.c#3 delete
.. //depot/projects/wifi/lib/libalias/alias.h#2 delete
.. //depot/projects/wifi/lib/libalias/alias_cuseeme.c#2 delete
.. //depot/projects/wifi/lib/libalias/alias_db.c#2 delete
.. //depot/projects/wifi/lib/libalias/alias_ftp.c#2 delete
.. //depot/projects/wifi/lib/libalias/alias_irc.c#2 delete
.. //depot/projects/wifi/lib/libalias/alias_local.h#2 delete
.. //depot/projects/wifi/lib/libalias/alias_nbt.c#2 delete
.. //depot/projects/wifi/lib/libalias/alias_old.c#3 delete
.. //depot/projects/wifi/lib/libalias/alias_pptp.c#2 delete
.. //depot/projects/wifi/lib/libalias/alias_proxy.c#2 delete
.. //depot/projects/wifi/lib/libalias/alias_skinny.c#3 delete
.. //depot/projects/wifi/lib/libalias/alias_smedia.c#2 delete
.. //depot/projects/wifi/lib/libalias/alias_util.c#2 delete
.. //depot/projects/wifi/lib/libalias/libalias.3#3 delete
.. //depot/projects/wifi/lib/libarchive/archive_entry.c#4 integrate
.. //depot/projects/wifi/lib/libc/gen/getbootfile.c#2 integrate
.. //depot/projects/wifi/lib/libc/gen/getgrouplist.c#2 integrate
.. //depot/projects/wifi/lib/libc/gmon/mcount.c#2 integrate
.. //depot/projects/wifi/lib/libc/net/getnameinfo.c#3 integrate
.. //depot/projects/wifi/lib/libc/stdio/fopen.3#2 integrate
.. //depot/projects/wifi/lib/libc/sys/accept.2#2 integrate
.. //depot/projects/wifi/lib/libc/yp/yplib.c#4 integrate
.. //depot/projects/wifi/lib/msun/i387/s_ceilf.S#2 integrate
.. //depot/projects/wifi/lib/msun/i387/s_floorf.S#2 integrate
.. //depot/projects/wifi/lib/msun/i387/s_truncf.S#2 integrate
.. //depot/projects/wifi/libexec/talkd/process.c#2 integrate
.. //depot/projects/wifi/release/Makefile#8 integrate
.. //depot/projects/wifi/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml#13 integrate
.. //depot/projects/wifi/release/doc/share/sgml/release.dsl#2 integrate
.. //depot/projects/wifi/release/scripts/package-split.py#4 integrate
.. //depot/projects/wifi/release/scripts/package-trees.sh#2 integrate
.. //depot/projects/wifi/sbin/ifconfig/ifpfsync.c#2 integrate
.. //depot/projects/wifi/sbin/ipfw/ipfw.8#10 integrate
.. //depot/projects/wifi/sbin/kldstat/kldstat.8#3 integrate
.. //depot/projects/wifi/sbin/kldstat/kldstat.c#2 integrate
.. //depot/projects/wifi/sbin/pfctl/Makefile#2 integrate
.. //depot/projects/wifi/share/dict/freebsd#2 integrate
.. //depot/projects/wifi/share/examples/etc/make.conf#14 integrate
.. //depot/projects/wifi/share/examples/mdoc/example.4#3 integrate
.. //depot/projects/wifi/share/man/man4/Makefile#21 integrate
.. //depot/projects/wifi/share/man/man4/ichsmb.4#2 integrate
.. //depot/projects/wifi/share/man/man4/man4.i386/Makefile#5 integrate
.. //depot/projects/wifi/share/man/man4/man4.i386/acpi_asus.4#3 integrate
.. //depot/projects/wifi/share/man/man4/man4.i386/acpi_ibm.4#1 branch
.. //depot/projects/wifi/share/man/man4/man4.i386/ep.4#5 integrate
.. //depot/projects/wifi/share/man/man4/ng_nat.4#1 branch
.. //depot/projects/wifi/sys/amd64/amd64/machdep.c#10 integrate
.. //depot/projects/wifi/sys/boot/pc98/boot2/Makefile#4 integrate
.. //depot/projects/wifi/sys/boot/pc98/boot2/boot.c#3 integrate
.. //depot/projects/wifi/sys/boot/pc98/boot2/boot.h#2 integrate
.. //depot/projects/wifi/sys/boot/pc98/boot2/boot2.S#2 integrate
.. //depot/projects/wifi/sys/boot/pc98/boot2/disk.c#2 integrate
.. //depot/projects/wifi/sys/boot/pc98/boot2/io.c#2 integrate
.. //depot/projects/wifi/sys/boot/pc98/boot2/sys.c#2 integrate
.. //depot/projects/wifi/sys/boot/pc98/boot2/table.c#2 integrate
.. //depot/projects/wifi/sys/boot/pc98/btx/btx/Makefile#3 integrate
.. //depot/projects/wifi/sys/boot/pc98/btx/btx/btx.S#3 integrate
.. //depot/projects/wifi/sys/boot/pc98/btx/btxldr/Makefile#3 integrate
.. //depot/projects/wifi/sys/boot/pc98/btx/btxldr/btxldr.S#2 integrate
.. //depot/projects/wifi/sys/boot/pc98/kgzldr/Makefile#3 integrate
.. //depot/projects/wifi/sys/boot/pc98/kgzldr/crt.s#2 integrate
.. //depot/projects/wifi/sys/boot/pc98/libpc98/Makefile#3 integrate
.. //depot/projects/wifi/sys/boot/pc98/libpc98/biosdisk.c#2 integrate
.. //depot/projects/wifi/sys/boot/pc98/libpc98/biosmem.c#2 integrate
.. //depot/projects/wifi/sys/boot/pc98/libpc98/comconsole.c#2 integrate
.. //depot/projects/wifi/sys/boot/pc98/libpc98/gatea20.c#2 integrate
.. //depot/projects/wifi/sys/boot/pc98/libpc98/time.c#2 integrate
.. //depot/projects/wifi/sys/boot/pc98/libpc98/vidconsole.c#3 integrate
.. //depot/projects/wifi/sys/boot/pc98/loader/Makefile#4 integrate
.. //depot/projects/wifi/sys/boot/pc98/loader/main.c#3 integrate
.. //depot/projects/wifi/sys/cam/scsi/scsi_da.c#4 integrate
.. //depot/projects/wifi/sys/compat/ndis/kern_ndis.c#12 integrate
.. //depot/projects/wifi/sys/compat/ndis/kern_windrv.c#7 integrate
.. //depot/projects/wifi/sys/compat/ndis/ndis_var.h#10 integrate
.. //depot/projects/wifi/sys/compat/ndis/ntoskrnl_var.h#12 integrate
.. //depot/projects/wifi/sys/compat/ndis/subr_hal.c#10 integrate
.. //depot/projects/wifi/sys/compat/ndis/subr_ndis.c#13 integrate
.. //depot/projects/wifi/sys/compat/ndis/subr_ntoskrnl.c#14 integrate
.. //depot/projects/wifi/sys/compat/ndis/subr_usbd.c#3 integrate
.. //depot/projects/wifi/sys/conf/NOTES#22 integrate
.. //depot/projects/wifi/sys/conf/files#25 integrate
.. //depot/projects/wifi/sys/conf/options#17 integrate
.. //depot/projects/wifi/sys/contrib/pf/net/if_pflog.c#3 integrate
.. //depot/projects/wifi/sys/contrib/pf/net/if_pflog.h#2 integrate
.. //depot/projects/wifi/sys/contrib/pf/net/if_pfsync.c#4 integrate
.. //depot/projects/wifi/sys/contrib/pf/net/if_pfsync.h#2 integrate
.. //depot/projects/wifi/sys/contrib/pf/net/pf.c#10 integrate
.. //depot/projects/wifi/sys/contrib/pf/net/pf_if.c#4 integrate
.. //depot/projects/wifi/sys/contrib/pf/net/pf_ioctl.c#4 integrate
.. //depot/projects/wifi/sys/contrib/pf/net/pf_norm.c#2 integrate
.. //depot/projects/wifi/sys/contrib/pf/net/pf_osfp.c#2 integrate
.. //depot/projects/wifi/sys/contrib/pf/net/pf_subr.c#2 integrate
.. //depot/projects/wifi/sys/contrib/pf/net/pf_table.c#2 integrate
.. //depot/projects/wifi/sys/contrib/pf/net/pfvar.h#2 integrate
.. //depot/projects/wifi/sys/dev/acpi_support/acpi_asus.c#5 integrate
.. //depot/projects/wifi/sys/dev/acpica/Osd/OsdSchedule.c#4 integrate
.. //depot/projects/wifi/sys/dev/acpica/acpi.c#13 integrate
.. //depot/projects/wifi/sys/dev/acpica/acpivar.h#10 integrate
.. //depot/projects/wifi/sys/dev/arcmsr/arcmsr.c#4 integrate
.. //depot/projects/wifi/sys/dev/ata/ata-all.c#10 integrate
.. //depot/projects/wifi/sys/dev/ata/ata-all.h#8 integrate
.. //depot/projects/wifi/sys/dev/ata/ata-chipset.c#12 integrate
.. //depot/projects/wifi/sys/dev/ata/ata-dma.c#7 integrate
.. //depot/projects/wifi/sys/dev/ata/ata-lowlevel.c#12 integrate
.. //depot/projects/wifi/sys/dev/ata/ata-pci.c#8 integrate
.. //depot/projects/wifi/sys/dev/ata/ata-queue.c#7 integrate
.. //depot/projects/wifi/sys/dev/ata/atapi-cd.c#8 integrate
.. //depot/projects/wifi/sys/dev/bge/if_bge.c#9 integrate
.. //depot/projects/wifi/sys/dev/digi/CX.bios.h#2 integrate
.. //depot/projects/wifi/sys/dev/digi/CX.fepos.h#2 integrate
.. //depot/projects/wifi/sys/dev/digi/CX_PCI.bios.h#2 integrate
.. //depot/projects/wifi/sys/dev/digi/CX_PCI.fepos.h#2 integrate
.. //depot/projects/wifi/sys/dev/digi/EPCX.bios.h#2 integrate
.. //depot/projects/wifi/sys/dev/digi/EPCX.fepos.h#2 integrate
.. //depot/projects/wifi/sys/dev/digi/EPCX_PCI.bios.h#2 integrate
.. //depot/projects/wifi/sys/dev/digi/EPCX_PCI.fepos.h#2 integrate
.. //depot/projects/wifi/sys/dev/digi/Xe.bios.h#2 integrate
.. //depot/projects/wifi/sys/dev/digi/Xe.fepos.h#2 integrate
.. //depot/projects/wifi/sys/dev/digi/Xem.bios.h#2 integrate
.. //depot/projects/wifi/sys/dev/digi/Xem.fepos.h#2 integrate
.. //depot/projects/wifi/sys/dev/if_ndis/if_ndis.c#16 integrate
.. //depot/projects/wifi/sys/dev/if_ndis/if_ndis_pccard.c#6 integrate
.. //depot/projects/wifi/sys/dev/if_ndis/if_ndis_pci.c#8 integrate
.. //depot/projects/wifi/sys/dev/if_ndis/if_ndisvar.h#8 integrate
.. //depot/projects/wifi/sys/dev/iir/iir_ctrl.c#3 integrate
.. //depot/projects/wifi/sys/dev/nve/if_nve.c#3 integrate
.. //depot/projects/wifi/sys/dev/uart/uart_tty.c#3 integrate
.. //depot/projects/wifi/sys/dev/usb/uvisor.c#3 integrate
.. //depot/projects/wifi/sys/dev/wl/if_wl.c#3 integrate
.. //depot/projects/wifi/sys/dev/wl/if_wl_i82586.h#1 branch
.. //depot/projects/wifi/sys/fs/ntfs/ntfs_subr.c#4 integrate
.. //depot/projects/wifi/sys/fs/smbfs/smbfs_smb.c#4 integrate
.. //depot/projects/wifi/sys/fs/smbfs/smbfs_subr.c#3 integrate
.. //depot/projects/wifi/sys/fs/smbfs/smbfs_subr.h#4 integrate
.. //depot/projects/wifi/sys/fs/unionfs/union_vnops.c#14 integrate
.. //depot/projects/wifi/sys/i386/i386/machdep.c#12 integrate
.. //depot/projects/wifi/sys/i386/i386/sys_machdep.c#8 integrate
.. //depot/projects/wifi/sys/i386/isa/ic/if_wl_i82586.h#3 delete
.. //depot/projects/wifi/sys/kern/imgact_aout.c#6 integrate
.. //depot/projects/wifi/sys/kern/imgact_elf.c#5 integrate
.. //depot/projects/wifi/sys/kern/kern_descrip.c#14 integrate
.. //depot/projects/wifi/sys/kern/kern_exec.c#13 integrate
.. //depot/projects/wifi/sys/kern/kern_exit.c#9 integrate
.. //depot/projects/wifi/sys/kern/subr_bus.c#14 integrate
.. //depot/projects/wifi/sys/kern/subr_devstat.c#3 integrate
.. //depot/projects/wifi/sys/kern/subr_rman.c#5 integrate
.. //depot/projects/wifi/sys/kern/uipc_mbuf.c#10 integrate
.. //depot/projects/wifi/sys/kern/uipc_sem.c#5 integrate
.. //depot/projects/wifi/sys/kern/uipc_syscalls.c#13 integrate
.. //depot/projects/wifi/sys/kern/uipc_usrreq.c#10 integrate
.. //depot/projects/wifi/sys/kern/vfs_subr.c#26 integrate
.. //depot/projects/wifi/sys/modules/Makefile#23 integrate
.. //depot/projects/wifi/sys/modules/acpi/acpi/Makefile#4 integrate
.. //depot/projects/wifi/sys/modules/libalias/Makefile#1 branch
.. //depot/projects/wifi/sys/modules/netgraph/Makefile#7 integrate
.. //depot/projects/wifi/sys/modules/netgraph/nat/Makefile#1 branch
.. //depot/projects/wifi/sys/modules/sem/Makefile#2 integrate
.. //depot/projects/wifi/sys/net/bpf.c#10 integrate
.. //depot/projects/wifi/sys/net/if_mib.c#3 integrate
.. //depot/projects/wifi/sys/net/if_tap.c#7 integrate
.. //depot/projects/wifi/sys/net/if_tun.c#6 integrate
.. //depot/projects/wifi/sys/netgraph/ng_device.c#9 integrate
.. //depot/projects/wifi/sys/netgraph/ng_nat.c#1 branch
.. //depot/projects/wifi/sys/netgraph/ng_nat.h#1 branch
.. //depot/projects/wifi/sys/netinet/ip_divert.c#7 integrate
.. //depot/projects/wifi/sys/netinet/ip_dummynet.c#7 integrate
.. //depot/projects/wifi/sys/netinet/ip_fastfwd.c#5 integrate
.. //depot/projects/wifi/sys/netinet/ip_fw.h#6 integrate
.. //depot/projects/wifi/sys/netinet/ip_fw2.c#11 integrate
.. //depot/projects/wifi/sys/netinet/ip_icmp.c#5 integrate
.. //depot/projects/wifi/sys/netinet/ip_icmp.h#4 integrate
.. //depot/projects/wifi/sys/netinet/ip_input.c#7 integrate
.. //depot/projects/wifi/sys/netinet/libalias/Makefile#2 delete
.. //depot/projects/wifi/sys/netinet/libalias/alias.c#2 integrate
.. //depot/projects/wifi/sys/netinet/libalias/alias.h#2 integrate
.. //depot/projects/wifi/sys/netinet/libalias/alias_cuseeme.c#2 integrate
.. //depot/projects/wifi/sys/netinet/libalias/alias_db.c#2 integrate
.. //depot/projects/wifi/sys/netinet/libalias/alias_ftp.c#2 integrate
.. //depot/projects/wifi/sys/netinet/libalias/alias_irc.c#2 integrate
.. //depot/projects/wifi/sys/netinet/libalias/alias_local.h#2 integrate
.. //depot/projects/wifi/sys/netinet/libalias/alias_nbt.c#2 integrate
.. //depot/projects/wifi/sys/netinet/libalias/alias_old.c#2 integrate
.. //depot/projects/wifi/sys/netinet/libalias/alias_pptp.c#2 integrate
.. //depot/projects/wifi/sys/netinet/libalias/alias_proxy.c#2 integrate
.. //depot/projects/wifi/sys/netinet/libalias/alias_skinny.c#2 integrate
.. //depot/projects/wifi/sys/netinet/libalias/alias_smedia.c#2 integrate
.. //depot/projects/wifi/sys/netinet/libalias/alias_util.c#2 integrate
.. //depot/projects/wifi/sys/netinet/raw_ip.c#5 integrate
.. //depot/projects/wifi/sys/netinet/tcp_subr.c#13 integrate
.. //depot/projects/wifi/sys/netinet/udp_usrreq.c#6 integrate
.. //depot/projects/wifi/sys/nfsclient/nfs_socket.c#8 integrate
.. //depot/projects/wifi/sys/posix4/ksem.h#1 branch
.. //depot/projects/wifi/sys/powerpc/conf/GENERIC#4 integrate
.. //depot/projects/wifi/sys/security/mac/mac_posix_sem.c#1 branch
.. //depot/projects/wifi/sys/security/mac_biba/mac_biba.c#5 integrate
.. //depot/projects/wifi/sys/security/mac_mls/mac_mls.c#5 integrate
.. //depot/projects/wifi/sys/security/mac_stub/mac_stub.c#5 integrate
.. //depot/projects/wifi/sys/security/mac_test/mac_test.c#6 integrate
.. //depot/projects/wifi/sys/sys/diskpc98.h#4 integrate
.. //depot/projects/wifi/sys/sys/imgact_aout.h#2 integrate
.. //depot/projects/wifi/sys/sys/mac.h#4 integrate
.. //depot/projects/wifi/sys/sys/mac_policy.h#5 integrate
.. //depot/projects/wifi/sys/sys/mbuf.h#10 integrate
.. //depot/projects/wifi/sys/sys/param.h#12 integrate
.. //depot/projects/wifi/sys/ufs/ffs/ffs_softdep.c#10 integrate
.. //depot/projects/wifi/sys/vm/vm_fault.c#6 integrate
.. //depot/projects/wifi/sys/vm/vm_meter.c#7 integrate
.. //depot/projects/wifi/sys/vm/vm_object.c#11 integrate
.. //depot/projects/wifi/sys/vm/vm_object.h#6 integrate
.. //depot/projects/wifi/sys/vm/vnode_pager.c#17 integrate
.. //depot/projects/wifi/tools/regression/lib/libc/resolv/Makefile#1 branch
.. //depot/projects/wifi/tools/regression/lib/libc/resolv/mach#1 branch
.. //depot/projects/wifi/tools/regression/lib/libc/resolv/resolv.c#1 branch
.. //depot/projects/wifi/tools/regression/lib/libc/resolv/resolv.t#1 branch
.. //depot/projects/wifi/tools/regression/net80211/ccmp/test_ccmp.c#3 integrate
.. //depot/projects/wifi/tools/regression/net80211/tkip/test_tkip.c#3 integrate
.. //depot/projects/wifi/tools/regression/net80211/wep/test_wep.c#3 integrate
.. //depot/projects/wifi/usr.bin/make/arch.c#12 integrate
.. //depot/projects/wifi/usr.bin/make/compat.c#10 integrate
.. //depot/projects/wifi/usr.bin/make/for.c#11 integrate
.. //depot/projects/wifi/usr.bin/make/hash_tables.c#2 integrate
.. //depot/projects/wifi/usr.bin/make/job.c#16 integrate
.. //depot/projects/wifi/usr.bin/make/main.c#19 integrate
.. //depot/projects/wifi/usr.bin/make/parse.c#15 integrate
.. //depot/projects/wifi/usr.bin/make/suff.c#10 integrate
.. //depot/projects/wifi/usr.bin/make/var.c#14 integrate
.. //depot/projects/wifi/usr.bin/make/var.h#7 integrate
.. //depot/projects/wifi/usr.bin/smbutil/Makefile#2 integrate
.. //depot/projects/wifi/usr.bin/tar/Makefile#8 integrate
.. //depot/projects/wifi/usr.bin/tar/tree.c#2 integrate
.. //depot/projects/wifi/usr.bin/tar/tree.h#2 integrate
.. //depot/projects/wifi/usr.bin/tar/write.c#6 integrate
.. //depot/projects/wifi/usr.sbin/authpf/Makefile#2 integrate
.. //depot/projects/wifi/usr.sbin/mount_smbfs/Makefile#3 integrate
.. //depot/projects/wifi/usr.sbin/ndiscvt/windrv_stub.c#2 integrate
.. //depot/projects/wifi/usr.sbin/ppp/ppp.8.m4#10 integrate
.. //depot/projects/wifi/usr.sbin/sysinstall/menus.c#8 integrate
Differences ...
==== //depot/projects/wifi/UPDATING#15 (text+ko) ====
@@ -21,6 +21,11 @@
developers choose to disable these features on build machines
to maximize performance.
+20050503:
+ The packet filter (pf) code has been updated to OpenBSD 3.7
+ Please note the changed anchor syntax and the fact that
+ authpf(8) now needs a mounted fdescfs(5) to function.
+
20050415:
The NO_MIXED_MODE kernel option has been removed from the i386
amd64 platforms as its use has been superceded by the new local
@@ -198,7 +203,6 @@
make kernel KERNCONF=YOUR_KERNEL_HERE
[1]
<reboot in single user> [3]
- src/etc/rc.d/preseedrandom [10]
mergemaster -p [5]
make installworld
mergemaster [4]
@@ -331,4 +335,4 @@
Contact Warner Losh if you have any questions about your use of
this document.
-$FreeBSD: src/UPDATING,v 1.401 2005/04/18 14:33:18 scottl Exp $
+$FreeBSD: src/UPDATING,v 1.403 2005/05/09 16:44:22 imp Exp $
==== //depot/projects/wifi/bin/csh/config.h#5 (text+ko) ====
@@ -1,4 +1,4 @@
-/* $FreeBSD: src/bin/csh/config.h,v 1.11 2005/04/24 19:50:22 mp Exp $ */
+/* $FreeBSD: src/bin/csh/config.h,v 1.12 2005/05/04 20:21:57 mp Exp $ */
/* config.h. Generated by configure. */
/* config.h.in. Generated from configure.in by autoheader. */
@@ -99,7 +99,7 @@
#define HAVE_STRUCT_SOCKADDR_STORAGE_SS_FAMILY 1
/* Define to 1 if `ut_host' is member of `struct utmp'. */
-/* #undef HAVE_STRUCT_UTMP_UT_HOST */
+#define HAVE_STRUCT_UTMP_UT_HOST 1
/* Define to 1 if `ut_tv' is member of `struct utmp'. */
/* #undef HAVE_STRUCT_UTMP_UT_TV */
==== //depot/projects/wifi/contrib/ipfilter/tools/ipmon.c#2 (text+ko) ====
@@ -1,4 +1,4 @@
-/* $FreeBSD: src/contrib/ipfilter/tools/ipmon.c,v 1.2 2005/04/25 18:20:15 darrenr Exp $ */
+/* $FreeBSD: src/contrib/ipfilter/tools/ipmon.c,v 1.3 2005/05/08 00:29:15 grehan Exp $ */
/*
* Copyright (C) 1993-2001, 2003 by Darren Reed.
@@ -1024,7 +1024,7 @@
(void) sprintf(t, "%*.*s%u", len, len, ipf->fl_ifname, ipf->fl_unit);
t += strlen(t);
#endif
-#ifdef __sgi
+#if (defined(__sgi) || defined(__powerpc__))
if ((ipf->fl_group[0] == 255) && (ipf->fl_group[1] == '\0'))
#else
if ((ipf->fl_group[0] == -1) && (ipf->fl_group[1] == '\0'))
==== //depot/projects/wifi/contrib/pf/authpf/authpf.8#2 (text+ko) ====
@@ -1,4 +1,4 @@
-.\" $OpenBSD: authpf.8,v 1.31 2003/12/10 04:10:37 beck Exp $
+.\" $OpenBSD: authpf.8,v 1.38 2005/01/04 09:57:04 jmc Exp $
.\"
.\" Copyright (c) 2002 Bob Beck (beck at openbsd.org>. All rights reserved.
.\"
@@ -60,6 +60,10 @@
requires that the
.Xr pf 4
system be enabled before use.
+.Nm
+can also maintain the list of IP address of connected users
+in the "authpf_users"
+.Pa table .
.Pp
.Nm
is meant to be used with users who can connect via
@@ -93,11 +97,16 @@
.Nm
rules:
.Bd -literal -offset indent
-nat-anchor authpf
-rdr-anchor authpf
-binat-anchor authpf
-anchor authpf
+nat-anchor "authpf/*"
+rdr-anchor "authpf/*"
+binat-anchor "authpf/*"
+anchor "authpf/*"
.Ed
+.Pp
+The "/*" at the end of the anchor name is required for
+.Xr pf 4
+to process the rulesets attached to the anchor by
+.Nm authpf .
.Sh FILTER AND TRANSLATION RULES
Filter and translation rules for
.Nm
@@ -113,10 +122,14 @@
.Em user_id
is assigned the user name.
.Pp
-Filter and nat rules will first be searched for in
+Filter and translation rules are stored in a file called
+.Pa authpf.rules .
+This file will first be searched for in
.Pa /etc/authpf/users/$USER/
and then in
.Pa /etc/authpf/ .
+Only one of these files will be used if both are present.
+.Pp
Per-user rules from the
.Pa /etc/authpf/users/$USER/
directory are intended to be used when non-default rules
@@ -124,21 +137,11 @@
It is important to ensure that a user can not write or change
these configuration files.
.Pp
-Filter and translation rules are loaded from the file
-.Pa /etc/authpf/users/$USER/authpf.rules .
-If this file does not exist the file
-.Pa /etc/authpf/authpf.rules
-is used.
The
.Pa authpf.rules
file must exist in one of the above locations for
.Nm
to run.
-.Pp
-Translation rules are also loaded from this file.
-The use of translation rules in an
-.Pa authpf.rules
-file is optional.
.Sh CONFIGURATION
Options are controlled by the
.Pa /etc/authpf/authpf.conf
@@ -154,6 +157,10 @@
Use the specified
.Pa anchor
name instead of "authpf".
+.It table=name
+Use the specified
+.Pa table
+name instead of "authpf_users".
.El
.Sh USER MESSAGES
On successful invocation,
@@ -218,9 +225,15 @@
hijack the session.
Note that TCP keepalives are not sufficient for
this, since they are not secure.
+Also note that
+.Ar AllowTcpForwarding
+should be disabled for
+.Nm
+users to prevent them from circumventing restrictions imposed by the
+packet filter ruleset.
.Pp
.Nm
-will remove statetable entries that were created during a user's
+will remove state table entries that were created during a user's
session.
This ensures that there will be no unauthenticated traffic
allowed to pass after the controlling
@@ -391,15 +404,15 @@
# ssh and use us as a dns server.
internal_if="fxp1"
gateway_addr="10.0.1.1"
-nat-anchor authpf
-rdr-anchor authpf
-binat-anchor authpf
+nat-anchor "authpf/*"
+rdr-anchor "authpf/*"
+binat-anchor "authpf/*"
block in on $internal_if from any to any
pass in quick on $internal_if proto tcp from any to $gateway_addr \e
port = ssh
pass in quick on $internal_if proto udp from any to $gateway_addr \e
port = domain
-anchor authpf
+anchor "authpf/*"
.Ed
.Pp
.Sy For a switched, wired net
@@ -465,6 +478,33 @@
129.128.11.10.60539 > 198.137.240.92.22: S 2131494121:2131494121(0) win \e
16384 <mss 1460,nop,nop,sackOK> (DF)
.Ed
+.Pp
+.Sy Using the authpf_users table
+\- Simple
+.Nm
+settings can be implemented without an anchor by just using the "authpf_users"
+.Pa table .
+For example, the following
+.Xr pf.conf 5
+lines will give SMTP and IMAP access to logged in users:
+.Bd -literal
+table <authpf_users> persist
+pass in on $ext_if proto tcp from <authpf_users> \e
+ to port { smtp imap } keep state
+.Ed
+.Pp
+It is also possible to use the "authpf_users"
+.Pa table
+in combination with anchors.
+For example,
+.Xr pf 4
+processing can be sped up by looking up the anchor
+only for packets coming from logged in users:
+.Bd -literal
+table <authpf_users> persist
+anchor "authpf/*" from <authpf_users>
+rdr-anchor "authpf/*" from <authpf_users>
+.Ed
.Sh FILES
.Bl -tag -width "/etc/authpf/authpf.conf" -compact
.It Pa /etc/authpf/authpf.conf
==== //depot/projects/wifi/contrib/pf/authpf/authpf.c#2 (text+ko) ====
@@ -1,4 +1,4 @@
-/* $OpenBSD: authpf.c,v 1.75 2004/01/29 01:55:10 deraadt Exp $ */
+/* $OpenBSD: authpf.c,v 1.89 2005/02/10 04:24:15 joel Exp $ */
/*
* Copyright (C) 1998 - 2002 Bob Beck (beck at openbsd.org).
@@ -26,13 +26,15 @@
*/
#include <sys/cdefs.h>
-__FBSDID("$FreeBSD: src/contrib/pf/authpf/authpf.c,v 1.5 2004/06/16 23:39:30 mlaier Exp $");
+__FBSDID("$FreeBSD: src/contrib/pf/authpf/authpf.c,v 1.6 2005/05/03 16:55:19 mlaier Exp $");
#include <sys/param.h>
#include <sys/file.h>
#include <sys/ioctl.h>
#include <sys/socket.h>
+#include <sys/stat.h>
#include <sys/time.h>
+#include <sys/wait.h>
#include <net/if.h>
#include <net/pfvar.h>
@@ -40,6 +42,7 @@
#include <err.h>
#include <errno.h>
+#include <login_cap.h>
#include <pwd.h>
#include <signal.h>
#include <stdio.h>
@@ -48,9 +51,6 @@
#include <syslog.h>
#include <unistd.h>
-#include <pfctl_parser.h>
-#include <pfctl.h>
-
#include "pathnames.h"
extern int symset(const char *, const char *, int);
@@ -61,11 +61,13 @@
static int check_luser(char *, char *);
static int remove_stale_rulesets(void);
static int change_filter(int, const char *, const char *);
+static int change_table(int, const char *, const char *);
static void authpf_kill_states(void);
int dev; /* pf device */
char anchorname[PF_ANCHOR_NAME_SIZE] = "authpf";
-char rulesetname[PF_RULESET_NAME_SIZE];
+char rulesetname[MAXPATHLEN - PF_ANCHOR_NAME_SIZE - 2];
+char tablename[PF_TABLE_NAME_SIZE] = "authpf_users";
FILE *pidfp;
char *infile; /* file name printed by yyerror() in parse.y */
@@ -94,10 +96,12 @@
{
int lockcnt = 0, n, pidfd;
FILE *config;
- struct in_addr ina;
+ struct in6_addr ina;
struct passwd *pw;
char *cp;
uid_t uid;
+ char *shell;
+ login_cap_t *lc;
config = fopen(PATH_CONFFILE, "r");
@@ -121,7 +125,8 @@
exit(1);
}
*cp = '\0';
- if (inet_pton(AF_INET, ipsrc, &ina) != 1) {
+ if (inet_pton(AF_INET, ipsrc, &ina) != 1 &&
+ inet_pton(AF_INET6, ipsrc, &ina) != 1) {
syslog(LOG_ERR,
"cannot determine IP from SSH_CLIENT %s", ipsrc);
exit(1);
@@ -135,16 +140,31 @@
uid = getuid();
pw = getpwuid(uid);
+ endpwent();
if (pw == NULL) {
syslog(LOG_ERR, "cannot find user for uid %u", uid);
goto die;
}
- if (strcmp(pw->pw_shell, PATH_AUTHPF_SHELL)) {
+
+ if ((lc = login_getclass(pw->pw_class)) != NULL)
+ shell = (char *)login_getcapstr(lc, "shell", pw->pw_shell,
+ pw->pw_shell);
+ else
+ shell = pw->pw_shell;
+
+ login_close(lc);
+
+ if (strcmp(shell, PATH_AUTHPF_SHELL)) {
syslog(LOG_ERR, "wrong shell for user %s, uid %u",
pw->pw_name, pw->pw_uid);
+ if (shell != pw->pw_shell)
+ free(shell);
goto die;
}
+ if (shell != pw->pw_shell)
+ free(shell);
+
/*
* Paranoia, but this data _does_ come from outside authpf, and
* truncation would be bad.
@@ -155,11 +175,11 @@
}
if ((n = snprintf(rulesetname, sizeof(rulesetname), "%s(%ld)",
- luser, (long)getpid())) < 0 || n >= sizeof(rulesetname)) {
+ luser, (long)getpid())) < 0 || (u_int)n >= sizeof(rulesetname)) {
syslog(LOG_INFO, "%s(%ld) too large, ruleset name will be %ld",
luser, (long)getpid(), (long)getpid());
if ((n = snprintf(rulesetname, sizeof(rulesetname), "%ld",
- (long)getpid())) < 0 || n >= sizeof(rulesetname)) {
+ (long)getpid())) < 0 || (u_int)n >= sizeof(rulesetname)) {
syslog(LOG_ERR, "pid too large for ruleset name");
goto die;
}
@@ -269,12 +289,17 @@
rewind(pidfp);
fprintf(pidfp, "%ld\n%s\n", (long)getpid(), luser);
fflush(pidfp);
- (void) ftruncate(fileno(pidfp), ftell(pidfp));
+ (void) ftruncate(fileno(pidfp), ftello(pidfp));
if (change_filter(1, luser, ipsrc) == -1) {
printf("Unable to modify filters\r\n");
do_death(0);
}
+ if (change_table(1, luser, ipsrc) == -1) {
+ printf("Unable to modify table\r\n");
+ change_filter(0, luser, ipsrc);
+ do_death(0);
+ }
signal(SIGTERM, need_death);
signal(SIGINT, need_death);
@@ -284,7 +309,7 @@
signal(SIGSTOP, need_death);
signal(SIGTSTP, need_death);
while (1) {
- printf("\r\nHello %s, ", luser);
+ printf("\r\nHello %s. ", luser);
printf("You are authenticated from host \"%s\"\r\n", ipsrc);
setproctitle("%s@%s", luser, ipsrc);
print_message(PATH_MESSAGE);
@@ -359,6 +384,11 @@
sizeof(anchorname)) >= sizeof(anchorname))
goto parse_error;
}
+ if (strcasecmp(pair[0], "table") == 0) {
+ if (!pair[1][0] || strlcpy(tablename, pair[1],
+ sizeof(tablename)) >= sizeof(tablename))
+ goto parse_error;
+ }
} while (!feof(f) && !ferror(f));
fclose(f);
return (0);
@@ -542,12 +572,10 @@
remove_stale_rulesets(void)
{
struct pfioc_ruleset prs;
- const int action[PF_RULESET_MAX] = { PF_SCRUB,
- PF_PASS, PF_NAT, PF_BINAT, PF_RDR };
u_int32_t nr, mnr;
memset(&prs, 0, sizeof(prs));
- strlcpy(prs.anchor, anchorname, sizeof(prs.anchor));
+ strlcpy(prs.path, anchorname, sizeof(prs.path));
if (ioctl(dev, DIOCGETRULESETS, &prs)) {
if (errno == EINVAL)
return (0);
@@ -574,20 +602,25 @@
(*s && (t == prs.name || *s != ')')))
return (1);
if (kill(pid, 0) && errno != EPERM) {
- int i;
+ int i;
+ struct pfioc_trans_e t_e[PF_RULESET_MAX+1];
+ struct pfioc_trans t;
- for (i = 0; i < PF_RULESET_MAX; ++i) {
- struct pfioc_rule pr;
-
- memset(&pr, 0, sizeof(pr));
- memcpy(pr.anchor, prs.anchor, sizeof(pr.anchor));
- memcpy(pr.ruleset, prs.name, sizeof(pr.ruleset));
- pr.rule.action = action[i];
- if ((ioctl(dev, DIOCBEGINRULES, &pr) ||
- ioctl(dev, DIOCCOMMITRULES, &pr)) &&
- errno != EINVAL)
- return (1);
+ bzero(&t, sizeof(t));
+ bzero(t_e, sizeof(t_e));
+ t.size = PF_RULESET_MAX+1;
+ t.esize = sizeof(t_e[0]);
+ t.array = t_e;
+ for (i = 0; i < PF_RULESET_MAX+1; ++i) {
+ t_e[i].rs_num = i;
+ snprintf(t_e[i].anchor, sizeof(t_e[i].anchor),
+ "%s/%s", anchorname, prs.name);
}
+ t_e[PF_RULESET_MAX].rs_num = PF_RULESET_TABLE;
+ if ((ioctl(dev, DIOCXBEGIN, &t) ||
+ ioctl(dev, DIOCXCOMMIT, &t)) &&
+ errno != EINVAL)
+ return (1);
mnr--;
} else
nr++;
@@ -601,85 +634,67 @@
static int
change_filter(int add, const char *luser, const char *ipsrc)
{
- char fn[MAXPATHLEN];
- FILE *f = NULL;
- struct pfctl pf;
- struct pfr_buffer t;
- int i;
+ char *pargv[13] = {
+ "pfctl", "-p", "/dev/pf", "-q", "-a", "anchor/ruleset",
+ "-D", "user_ip=X", "-D", "user_id=X", "-f",
+ "file", NULL
+ };
+ char *fdpath = NULL, *userstr = NULL, *ipstr = NULL;
+ char *rsn = NULL, *fn = NULL;
+ pid_t pid;
+ int s;
if (luser == NULL || !luser[0] || ipsrc == NULL || !ipsrc[0]) {
syslog(LOG_ERR, "invalid luser/ipsrc");
goto error;
}
+ if (asprintf(&rsn, "%s/%s", anchorname, rulesetname) == -1)
+ goto no_mem;
+ if (asprintf(&fdpath, "/dev/fd/%d", dev) == -1)
+ goto no_mem;
+ if (asprintf(&ipstr, "user_ip=%s", ipsrc) == -1)
+ goto no_mem;
+ if (asprintf(&userstr, "user_id=%s", luser) == -1)
+ goto no_mem;
+
if (add) {
- if ((i = snprintf(fn, sizeof(fn), "%s/%s/authpf.rules",
- PATH_USER_DIR, luser)) < 0 || i >= sizeof(fn)) {
- syslog(LOG_ERR, "user rule path too long");
- goto error;
- }
- if ((f = fopen(fn, "r")) == NULL && errno != ENOENT) {
- syslog(LOG_ERR, "cannot open %s (%m)", fn);
- goto error;
- }
- if (f == NULL) {
- if (strlcpy(fn, PATH_PFRULES, sizeof(fn)) >=
- sizeof(fn)) {
- syslog(LOG_ERR, "rule path too long");
- goto error;
- }
- if ((f = fopen(fn, "r")) == NULL) {
- syslog(LOG_ERR, "cannot open %s (%m)", fn);
- goto error;
- }
+ struct stat sb;
+
+ if (asprintf(&fn, "%s/%s/authpf.rules", PATH_USER_DIR, luser)
+ == -1)
+ goto no_mem;
+ if (stat(fn, &sb) == -1) {
+ free(fn);
+ if ((fn = strdup(PATH_PFRULES)) == NULL)
+ goto no_mem;
}
}
+ pargv[2] = fdpath;
+ pargv[5] = rsn;
+ pargv[7] = userstr;
+ pargv[9] = ipstr;
+ if (!add)
+ pargv[11] = "/dev/null";
+ else
+ pargv[11] = fn;
- if (pfctl_load_fingerprints(dev, 0)) {
- syslog(LOG_ERR, "unable to load kernel's OS fingerprints");
- goto error;
- }
- bzero(&t, sizeof(t));
- t.pfrb_type = PFRB_TRANS;
- memset(&pf, 0, sizeof(pf));
- for (i = 0; i < PF_RULESET_MAX; ++i) {
- if (pfctl_add_trans(&t, i, anchorname, rulesetname)) {
- syslog(LOG_ERR, "pfctl_add_trans %m");
- goto error;
- }
- }
- if (pfctl_trans(dev, &t, DIOCXBEGIN, 0)) {
- syslog(LOG_ERR, "DIOCXBEGIN (%s) %m", add?"add":"remove");
- goto error;
+ switch (pid = fork()) {
+ case -1:
+ err(1, "fork failed");
+ case 0:
+ execvp(PATH_PFCTL, pargv);
+ warn("exec of %s failed", PATH_PFCTL);
+ _exit(1);
}
- if (add) {
- if (symset("user_ip", ipsrc, 0) ||
- symset("user_id", luser, 0)) {
- syslog(LOG_ERR, "symset");
- goto error;
- }
-
- pf.dev = dev;
- pf.trans = &t;
- pf.anchor = anchorname;
- pf.ruleset = rulesetname;
-
- infile = fn;
- if (parse_rules(f, &pf) < 0) {
- syslog(LOG_ERR, "syntax error in rule file: "
- "authpf rules not loaded");
+ /* parent */
+ waitpid(pid, &s, 0);
+ if (s != 0) {
+ if (WIFEXITED(s)) {
+ syslog(LOG_ERR, "pfctl exited abnormally");
goto error;
}
-
- infile = NULL;
- fclose(f);
- f = NULL;
- }
-
- if (pfctl_trans(dev, &t, DIOCXCOMMIT, 0)) {
- syslog(LOG_ERR, "DIOCXCOMMIT (%s) %m", add?"add":"remove");
- goto error;
}
if (add) {
@@ -691,18 +706,63 @@
ipsrc, luser, Tend.tv_sec - Tstart.tv_sec);
}
return (0);
-
+no_mem:
+ syslog(LOG_ERR, "malloc failed");
error:
- if (f != NULL)
- fclose(f);
- if (pfctl_trans(dev, &t, DIOCXROLLBACK, 0))
- syslog(LOG_ERR, "DIOCXROLLBACK (%s) %m", add?"add":"remove");
-
+ free(fdpath);
+ fdpath = NULL;
+ free(rsn);
+ rsn = NULL;
+ free(userstr);
+ userstr = NULL;
+ free(ipstr);
+ ipstr = NULL;
+ free(fn);
+ fn = NULL;
infile = NULL;
return (-1);
}
/*
+ * Add/remove this IP from the "authpf_users" table.
+ */
+static int
+change_table(int add, const char *luser, const char *ipsrc)
+{
+ struct pfioc_table io;
+ struct pfr_addr addr;
+
+ bzero(&io, sizeof(io));
+ strlcpy(io.pfrio_table.pfrt_name, tablename, sizeof(io.pfrio_table));
+ io.pfrio_buffer = &addr;
+ io.pfrio_esize = sizeof(addr);
+ io.pfrio_size = 1;
+
+ bzero(&addr, sizeof(addr));
+ if (ipsrc == NULL || !ipsrc[0])
+ return (-1);
+ if (inet_pton(AF_INET, ipsrc, &addr.pfra_ip4addr) == 1) {
+ addr.pfra_af = AF_INET;
+ addr.pfra_net = 32;
+ } else if (inet_pton(AF_INET6, ipsrc, &addr.pfra_ip6addr) == 1) {
+ addr.pfra_af = AF_INET6;
+ addr.pfra_net = 128;
+ } else {
+ syslog(LOG_ERR, "invalid ipsrc");
+ return (-1);
+ }
+
+ if (ioctl(dev, add ? DIOCRADDADDRS : DIOCRDELADDRS, &io) &&
+ errno != ESRCH) {
+ syslog(LOG_ERR, "cannot %s %s from table %s: %s",
+ add ? "add" : "remove", ipsrc, tablename,
+ strerror(errno));
+ return (-1);
+ }
+ return (0);
+}
+
+/*
* This is to kill off states that would otherwise be left behind stateful
* rules. This means we don't need to allow in more traffic than we really
* want to, since we don't have to worry about any luser sessions lasting
@@ -713,24 +773,32 @@
authpf_kill_states(void)
{
struct pfioc_state_kill psk;
- struct in_addr target;
+ struct pf_addr target;
memset(&psk, 0, sizeof(psk));
- psk.psk_af = AF_INET;
+ memset(&target, 0, sizeof(target));
- inet_pton(AF_INET, ipsrc, &target);
+ if (inet_pton(AF_INET, ipsrc, &target.v4) == 1)
+ psk.psk_af = AF_INET;
+ else if (inet_pton(AF_INET6, ipsrc, &target.v6) == 1)
+ psk.psk_af = AF_INET6;
+ else {
+ syslog(LOG_ERR, "inet_pton(%s) failed", ipsrc);
+ return;
+ }
/* Kill all states from ipsrc */
- psk.psk_src.addr.v.a.addr.v4 = target;
+ memcpy(&psk.psk_src.addr.v.a.addr, &target,
+ sizeof(psk.psk_src.addr.v.a.addr));
memset(&psk.psk_src.addr.v.a.mask, 0xff,
sizeof(psk.psk_src.addr.v.a.mask));
if (ioctl(dev, DIOCKILLSTATES, &psk))
syslog(LOG_ERR, "DIOCKILLSTATES failed (%m)");
/* Kill all states to ipsrc */
- psk.psk_af = AF_INET;
memset(&psk.psk_src, 0, sizeof(psk.psk_src));
- psk.psk_dst.addr.v.a.addr.v4 = target;
+ memcpy(&psk.psk_dst.addr.v.a.addr, &target,
+ sizeof(psk.psk_dst.addr.v.a.addr));
memset(&psk.psk_dst.addr.v.a.mask, 0xff,
sizeof(psk.psk_dst.addr.v.a.mask));
if (ioctl(dev, DIOCKILLSTATES, &psk))
@@ -758,6 +826,7 @@
if (active) {
change_filter(0, luser, ipsrc);
+ change_table(0, luser, ipsrc);
authpf_kill_states();
remove_stale_rulesets();
}
@@ -768,157 +837,3 @@
syslog(LOG_ERR, "cannot unlink %s (%m)", pidfile);
exit(ret);
}
-
-/*
- * callbacks for parse_rules(void)
- */
-
-int
-pfctl_add_rule(struct pfctl *pf, struct pf_rule *r)
-{
- u_int8_t rs_num;
- struct pfioc_rule pr;
-
- switch (r->action) {
- case PF_PASS:
>>> TRUNCATED FOR MAIL (1000 lines) <<<
More information about the p4-projects
mailing list