src/lib/libpfctl/libpfctl.c, branch releng/14.0 FreeBSD source tree Remove $FreeBSD$: two-line .h pattern 2023-08-16T17:54:16+00:00 Warner Losh imp@FreeBSD.org 2023-08-16T17:54:16+00:00 b3e7694832e81d7a904a10f525f8797b753bf0d3 Remove /^\s*\*\n \*\s+\$FreeBSD\$$\n/ 
Remove /^\s*\*\n \*\s+\$FreeBSD\$$\n/
libpfct: ensure the initial allocation is large enough 2023-07-26T08:30:22+00:00 Kristof Provost kp@FreeBSD.org 2023-07-26T08:30:22+00:00 6422599e74db4bb8b47cead46760d96601d8396a Ensure that we allocate enough memory for the packed nvlist, no matter what size hint was provided. MFC after: 1 week Reported by: R. Christian McDonald <rcm@rcm.sh> Sponsored by: Rubicon Communications, LLC ("Netgate") 
Ensure that we allocate enough memory for the packed nvlist, no matter
what size hint was provided.

MFC after:	1 week
Reported by:	R. Christian McDonald <rcm@rcm.sh>
Sponsored by:	Rubicon Communications, LLC ("Netgate")
pfctl: Add missing state parameters in DIOCGETSTATESV2 2023-05-30T12:28:57+00:00 Kajetan Staszkiewicz vegeta@tuxpowered.net 2023-05-29T19:35:58+00:00 c45d6b0ec011d5c113e0f7dedfc0070e8464fbbc Reviewed by: kp Sponsored by: InnoGames GmbH Different Revision: https://reviews.freebsd.org/D40259 
Reviewed by:	kp
Sponsored by:	InnoGames GmbH
Different Revision:	https://reviews.freebsd.org/D40259
pf: introduce ridentifier and labels to ether rules 2023-04-26T09:14:41+00:00 Christian McDonald cmcdonald@netgate.com 2023-04-24T18:55:34+00:00 ef661d4a5bf912e4d4850faaf50664532d82541c Make Ethernet rules more similar to the usual layer 3 rules by also allowing ridentifier and labels to be set on them. Reviewed by: kp Sponsored by: Rubicon Communications, LLC ("Netgate") 
Make Ethernet rules more similar to the usual layer 3 rules by also
allowing ridentifier and labels to be set on them.

Reviewed by:	kp
Sponsored by:	Rubicon Communications, LLC ("Netgate")
pf: backport OpenBSD syntax of "scrub" option for "match" and "pass" rules 2023-04-14T07:04:06+00:00 Kajetan Staszkiewicz vegeta@tuxpowered.net 2023-04-13T16:12:59+00:00 39282ef356db25879660427de8607716a8439077 Introduce the OpenBSD syntax of "scrub" option for "match" and "pass" rules and the "set reassemble" flag. The patch is backward-compatible, pf.conf can be still written in FreeBSD-style. Obtained from: OpenBSD MFC after: never Sponsored by: InnoGames GmbH Differential Revision: https://reviews.freebsd.org/D38025 
Introduce the OpenBSD syntax of "scrub" option for "match" and "pass"
rules and the "set reassemble" flag. The patch is backward-compatible,
pf.conf can be still written in FreeBSD-style.

Obtained from:	OpenBSD
MFC after:	never
Sponsored by:	InnoGames GmbH
Differential Revision:	https://reviews.freebsd.org/D38025
libpfctl: Don't pass stack garbage to free. 2023-03-22T19:33:59+00:00 John Baldwin jhb@FreeBSD.org 2023-03-22T19:33:59+00:00 48c519be0e8005aedc817b1bc1101ad32b67a67a GCC 9 on stable/12 reports a -Wmaybe-uninitialized error for the call to free in _pfctl_clear_states. Reviewed by: mjg Differential Revision: https://reviews.freebsd.org/D39198 
GCC 9 on stable/12 reports a -Wmaybe-uninitialized error for the call
to free in _pfctl_clear_states.

Reviewed by:	mjg
Differential Revision:	https://reviews.freebsd.org/D39198
pf: bridge-to 2022-11-02T14:45:23+00:00 Kristof Provost kp@FreeBSD.org 2022-09-22T17:00:11+00:00 8a8af94240084a091a1c048da027f80ee37937e7 Allow pf (l2) to be used to redirect ethernet packets to a different interface. The intended use case is to send 802.1x challenges out to a side interface, to enable AT&T links to function with pfSense as a gateway, rather than the AT&T provided hardware. Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D37193 
Allow pf (l2) to be used to redirect ethernet packets to a different
interface.

The intended use case is to send 802.1x challenges out to a side
interface, to enable AT&T links to function with pfSense as a gateway,
rather than the AT&T provided hardware.

Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D37193
pf: expose syncookie active/inactive status 2022-10-31T17:14:09+00:00 Kristof Provost kp@FreeBSD.org 2022-09-24T12:47:17+00:00 444a77ca85c78d02c19622a83a2798d0c5c2117b When syncookies are in adaptive mode they may be active or inactive. Expose this status to users. Suggested by: Guido van Rooij Sponsored by: Rubicon Communications, LLC ("Netgate") 
When syncookies are in adaptive mode they may be active or inactive.
Expose this status to users.

Suggested by:	Guido van Rooij
Sponsored by:	Rubicon Communications, LLC ("Netgate")
libpfctl: improve syncookie watermark calculation 2022-09-12T07:32:02+00:00 Kristof Provost kp@FreeBSD.org 2022-09-08T16:32:02+00:00 6049ee60e0160bc6d564b733f02015259473f166 Ensure that we always pass sane limits for the high and low watermark values. This is especially important if users do something silly, like set the state limit to 1. In that case we wound up calculating 0/0 as a limit, which gets rejected by the kernel. While here also shift the calculation to use uint64_t, so we don't end up with overflows (and subsequently higher low than high values) with very large state limits. Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D36497 
Ensure that we always pass sane limits for the high and low watermark
values.
This is especially important if users do something silly, like set the
state limit to 1. In that case we wound up calculating 0/0 as a limit,
which gets rejected by the kernel.

While here also shift the calculation to use uint64_t, so we don't end
up with overflows (and subsequently higher low than high values) with
very large state limits.

Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D36497
pf: support matching on tags for Ethernet rules 2022-06-20T08:16:20+00:00 Kristof Provost kp@FreeBSD.org 2022-05-31T12:00:52+00:00 1f61367f8d61fd6963a47296a86f553c403b5f91 Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D35362 
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D35362