head	1.22;
access;
symbols
	RELENG_8_4:1.22.0.2
	RELENG_9_1_0_RELEASE:1.19.2.1.4.2
	RELENG_9_1:1.19.2.1.0.4
	RELENG_9_1_BP:1.19.2.1
	RELENG_8_3_0_RELEASE:1.17.2.2.8.1
	RELENG_8_3:1.17.2.2.0.8
	RELENG_8_3_BP:1.17.2.2
	RELENG_9_0_0_RELEASE:1.19.2.1.2.1
	RELENG_9_0:1.19.2.1.0.2
	RELENG_9_0_BP:1.19.2.1
	RELENG_9:1.19.0.2
	RELENG_9_BP:1.19
	RELENG_7_4_0_RELEASE:1.13.2.1.4.1
	RELENG_8_2_0_RELEASE:1.17.2.2.6.1
	RELENG_7_4:1.13.2.1.0.4
	RELENG_7_4_BP:1.13.2.1
	RELENG_8_2:1.17.2.2.0.6
	RELENG_8_2_BP:1.17.2.2
	RELENG_8_1_0_RELEASE:1.17.2.2.4.1
	RELENG_8_1:1.17.2.2.0.4
	RELENG_8_1_BP:1.17.2.2
	RELENG_7_3_0_RELEASE:1.13.2.1.2.1
	RELENG_7_3:1.13.2.1.0.2
	RELENG_7_3_BP:1.13.2.1
	RELENG_8_0_0_RELEASE:1.17.2.2.2.1
	RELENG_8_0:1.17.2.2.0.2
	RELENG_8_0_BP:1.17.2.2
	RELENG_8:1.17.0.2
	RELENG_8_BP:1.17
	RELENG_7_2_0_RELEASE:1.13.8.1
	RELENG_7_2:1.13.0.8
	RELENG_7_2_BP:1.13
	RELENG_7_1_0_RELEASE:1.13.6.1
	RELENG_6_4_0_RELEASE:1.7.2.3.6.1
	RELENG_7_1:1.13.0.6
	RELENG_7_1_BP:1.13
	RELENG_6_4:1.7.2.3.0.6
	RELENG_6_4_BP:1.7.2.3
	RELENG_7_0_0_RELEASE:1.13
	RELENG_6_3_0_RELEASE:1.7.2.3
	RELENG_7_0:1.13.0.4
	RELENG_7_0_BP:1.13
	RELENG_6_3:1.7.2.3.0.4
	RELENG_6_3_BP:1.7.2.3
	RELENG_7:1.13.0.2
	RELENG_7_BP:1.13
	RELENG_6_2_0_RELEASE:1.7.2.3
	RELENG_6_2:1.7.2.3.0.2
	RELENG_6_2_BP:1.7.2.3
	RELENG_5_5_0_RELEASE:1.4
	RELENG_5_5:1.4.0.8
	RELENG_5_5_BP:1.4
	RELENG_6_1_0_RELEASE:1.7.2.2
	RELENG_6_1:1.7.2.2.0.2
	RELENG_6_1_BP:1.7.2.2
	RELENG_6_0_0_RELEASE:1.7
	RELENG_6_0:1.7.0.4
	RELENG_6_0_BP:1.7
	RELENG_6:1.7.0.2
	RELENG_6_BP:1.7
	RELENG_5_4_0_RELEASE:1.4
	RELENG_5_4:1.4.0.6
	RELENG_5_4_BP:1.4
	RELENG_5_3_0_RELEASE:1.4
	RELENG_5_3:1.4.0.4
	RELENG_5_3_BP:1.4
	RELENG_5:1.4.0.2
	RELENG_5_BP:1.4;
locks; strict;
comment	@# @;


1.22
date	2012.11.17.01.52.59;	author svnexp;	state Exp;
branches
	1.22.2.1;
next	1.21;

1.21
date	2012.09.14.11.51.49;	author glebius;	state Exp;
branches;
next	1.20;

1.20
date	2012.09.08.06.41.54;	author glebius;	state Exp;
branches;
next	1.19;

1.19
date	2011.06.28.11.57.25;	author bz;	state Exp;
branches
	1.19.2.1;
next	1.18;

1.18
date	2009.10.10.03.32.46;	author eri;	state Exp;
branches;
next	1.17;

1.17
date	2009.06.08.19.57.35;	author bz;	state Exp;
branches
	1.17.2.1;
next	1.16;

1.16
date	2009.06.06.17.01.44;	author rwatson;	state Exp;
branches;
next	1.15;

1.15
date	2008.12.02.21.37.28;	author bz;	state Exp;
branches;
next	1.14;

1.14
date	2008.09.01.23.59.00;	author imp;	state Exp;
branches;
next	1.13;

1.13
date	2007.07.03.12.46.06;	author mlaier;	state Exp;
branches
	1.13.2.1
	1.13.6.1
	1.13.8.1;
next	1.12;

1.12
date	2006.09.12.04.25.12;	author csjp;	state Exp;
branches;
next	1.11;

1.11
date	2006.03.17.18.54.37;	author ru;	state Exp;
branches;
next	1.10;

1.10
date	2006.03.09.15.48.45;	author yar;	state Exp;
branches;
next	1.9;

1.9
date	2006.02.05.17.17.31;	author mlaier;	state Exp;
branches;
next	1.8;

1.8
date	2005.10.14.23.30.14;	author yar;	state Exp;
branches;
next	1.7;

1.7
date	2005.06.05.05.30.37;	author ru;	state Exp;
branches
	1.7.2.1;
next	1.6;

1.6
date	2004.12.21.10.49.28;	author ru;	state Exp;
branches;
next	1.5;

1.5
date	2004.09.01.07.39.12;	author ru;	state Exp;
branches;
next	1.4;

1.4
date	2004.08.14.15.32.40;	author dwmalone;	state Exp;
branches;
next	1.3;

1.3
date	2004.06.16.23.24.01;	author mlaier;	state Exp;
branches;
next	1.2;

1.2
date	2004.04.06.15.12.49;	author mlaier;	state Exp;
branches;
next	1.1;

1.1
date	2004.02.26.03.53.53;	author mlaier;	state Exp;
branches;
next	;

1.22.2.1
date	2012.11.17.01.52.59;	author svnexp;	state dead;
branches;
next	1.22.2.2;

1.22.2.2
date	2013.03.28.13.05.23;	author svnexp;	state Exp;
branches;
next	;

1.19.2.1
date	2011.09.23.00.51.37;	author kensmith;	state Exp;
branches
	1.19.2.1.2.1
	1.19.2.1.4.1;
next	1.19.2.2;

1.19.2.2
date	2012.11.17.11.37.18;	author svnexp;	state Exp;
branches;
next	;

1.19.2.1.2.1
date	2011.11.11.04.20.22;	author kensmith;	state Exp;
branches;
next	1.19.2.1.2.2;

1.19.2.1.2.2
date	2012.11.17.08.37.14;	author svnexp;	state Exp;
branches;
next	;

1.19.2.1.4.1
date	2012.08.05.23.54.33;	author kensmith;	state Exp;
branches;
next	1.19.2.1.4.2;

1.19.2.1.4.2
date	2012.11.17.08.48.05;	author svnexp;	state Exp;
branches;
next	;

1.17.2.1
date	2009.08.03.08.13.06;	author kensmith;	state Exp;
branches;
next	1.17.2.2;

1.17.2.2
date	2009.10.14.15.32.46;	author eri;	state Exp;
branches
	1.17.2.2.2.1
	1.17.2.2.4.1
	1.17.2.2.6.1
	1.17.2.2.8.1;
next	1.17.2.3;

1.17.2.3
date	2012.11.17.10.36.58;	author svnexp;	state Exp;
branches;
next	;

1.17.2.2.2.1
date	2009.10.25.01.10.29;	author kensmith;	state Exp;
branches;
next	;

1.17.2.2.4.1
date	2010.06.14.02.09.06;	author kensmith;	state Exp;
branches;
next	;

1.17.2.2.6.1
date	2010.12.21.17.09.25;	author kensmith;	state Exp;
branches;
next	;

1.17.2.2.8.1
date	2012.03.03.06.15.13;	author kensmith;	state Exp;
branches;
next	1.17.2.2.8.2;

1.17.2.2.8.2
date	2012.11.17.08.25.33;	author svnexp;	state Exp;
branches;
next	;

1.13.2.1
date	2009.10.14.15.37.03;	author eri;	state Exp;
branches
	1.13.2.1.2.1
	1.13.2.1.4.1;
next	1.13.2.2;

1.13.2.2
date	2012.11.17.08.06.54;	author svnexp;	state Exp;
branches;
next	;

1.13.2.1.2.1
date	2010.02.10.00.26.20;	author kensmith;	state Exp;
branches;
next	;

1.13.2.1.4.1
date	2010.12.21.17.10.29;	author kensmith;	state Exp;
branches;
next	1.13.2.1.4.2;

1.13.2.1.4.2
date	2012.11.17.08.17.27;	author svnexp;	state Exp;
branches;
next	;

1.13.6.1
date	2008.11.25.02.59.29;	author kensmith;	state Exp;
branches;
next	;

1.13.8.1
date	2009.04.15.03.14.26;	author kensmith;	state Exp;
branches;
next	;

1.7.2.1
date	2006.03.06.16.10.18;	author mlaier;	state Exp;
branches;
next	1.7.2.2;

1.7.2.2
date	2006.03.22.15.56.32;	author yar;	state Exp;
branches;
next	1.7.2.3;

1.7.2.3
date	2006.09.19.15.45.21;	author csjp;	state Exp;
branches
	1.7.2.3.6.1;
next	1.7.2.4;

1.7.2.4
date	2012.11.17.07.44.24;	author svnexp;	state Exp;
branches;
next	;

1.7.2.3.6.1
date	2008.10.02.02.57.24;	author kensmith;	state Exp;
branches;
next	;


desc
@@


1.22
log
@Switching exporter and resync
@
text
@# $FreeBSD: head/sys/modules/pf/Makefile 240494 2012-09-14 11:51:49Z glebius $

.include <bsd.own.mk>

.PATH: ${.CURDIR}/../../netpfil/pf

KMOD=	pf
SRCS=	pf.c pf_if.c pf_lb.c pf_osfp.c pf_ioctl.c pf_norm.c pf_table.c \
	pf_ruleset.c in4_cksum.c \
	bus_if.h device_if.h \
	opt_pf.h opt_inet.h opt_inet6.h opt_bpf.h opt_global.h

.if !defined(KERNBUILDDIR)
.if ${MK_INET_SUPPORT} != "no"
opt_inet.h:
	echo "#define INET 1" > ${.TARGET}
.endif

.if ${MK_INET6_SUPPORT} != "no"
opt_inet6.h:
	echo "#define INET6 1" > ${.TARGET}
.endif

opt_bpf.h:
	echo "#define DEV_BPF 1" > ${.TARGET}

# pflog can be loaded as a module, have the additional checks turned on
# pfsync can be loaded as a module, have the additional checks turned on
opt_pf.h:
	echo "#define DEV_PF 1" > ${.TARGET}
	echo "#define DEV_PFLOG 1" >> ${.TARGET}
	echo "#define DEV_PFSYNC 1" >> ${.TARGET}

.if defined(VIMAGE)
opt_global.h:
	echo "#define VIMAGE 1" >> ${.TARGET}
.endif
.endif

.include <bsd.kmod.mk>
@


1.22.2.1
log
@file Makefile was added on branch RELENG_8_4 on 2013-03-28 13:05:23 +0000
@
text
@d1 40
@


1.22.2.2
log
@## SVN ## Exported commit - http://svnweb.freebsd.org/changeset/base/248810
## SVN ## CVS IS DEPRECATED: http://wiki.freebsd.org/CvsIsDeprecated
@
text
@a0 34
# $FreeBSD: releng/8.4/sys/modules/pf/Makefile 198083 2009-10-14 15:32:46Z eri $

.include <bsd.own.mk>

.PATH: ${.CURDIR}/../../contrib/pf/net
.PATH: ${.CURDIR}/../../contrib/pf/netinet

KMOD=	pf
SRCS = 	pf.c pf_if.c pf_subr.c pf_osfp.c pf_ioctl.c pf_norm.c pf_table.c \
	pf_ruleset.c \
	in4_cksum.c \
	opt_pf.h opt_inet.h opt_inet6.h opt_bpf.h

CFLAGS+=  -I${.CURDIR}/../../contrib/pf

.if !defined(KERNBUILDDIR)
opt_inet.h:
	echo "#define INET 1" > ${.TARGET}

.if ${MK_INET6_SUPPORT} != "no"
opt_inet6.h:
	echo "#define INET6 1" > ${.TARGET}
.endif

opt_bpf.h:
	echo "#define DEV_BPF 1" > ${.TARGET}

# pflog can be loaded as a module, have the additional checks turned on
opt_pf.h:
	echo "#define DEV_PF 1" > ${.TARGET}
	echo "#define DEV_PFLOG 1" >> ${.TARGET}
.endif

.include <bsd.kmod.mk>
@


1.21
log
@SVN rev 240494 on 2012-09-14 11:51:49Z by glebius

o Create directory sys/netpfil, where all packet filters should
  reside, and move there ipfw(4) and pf(4).

o Move most modified parts of pf out of contrib.

Actual movements:

sys/contrib/pf/net/*.c		-> sys/netpfil/pf/
sys/contrib/pf/net/*.h		-> sys/net/
contrib/pf/pfctl/*.c		-> sbin/pfctl
contrib/pf/pfctl/*.h		-> sbin/pfctl
contrib/pf/pfctl/pfctl.8	-> sbin/pfctl
contrib/pf/pfctl/*.4		-> share/man/man4
contrib/pf/pfctl/*.5		-> share/man/man5

sys/netinet/ipfw		-> sys/netpfil/ipfw

The arguable movement is pf/net/*.h -> sys/net. There are
future plans to refactor pf includes, so I decided not to
break things twice.

Not modified bits of pf left in contrib: authpf, ftp-proxy,
tftp-proxy, pflogd.

The ipfw(4) movement is planned to be merged to stable/9,
to make head and stable match.

Discussed with:		bz, luigi
@
text
@d1 1
a1 1
# $FreeBSD$
@


1.20
log
@SVN rev 240233 on 2012-09-08 06:41:54Z by glebius

Merge the projects/pf/head branch, that was worked on for last six months,
into head. The most significant achievements in the new code:

 o Fine grained locking, thus much better performance.
 o Fixes to many problems in pf, that were specific to FreeBSD port.

New code doesn't have that many ifdefs and much less OpenBSDisms, thus
is more attractive to our developers.

  Those interested in details, can browse through SVN log of the
projects/pf/head branch. And for reference, here is exact list of
revisions merged:

r232043, r232044, r232062, r232148, r232149, r232150, r232298, r232330,
r232332, r232340, r232386, r232390, r232391, r232605, r232655, r232656,
r232661, r232662, r232663, r232664, r232673, r232691, r233309, r233782,
r233829, r233830, r233834, r233835, r233836, r233865, r233866, r233868,
r233873, r234056, r234096, r234100, r234108, r234175, r234187, r234223,
r234271, r234272, r234282, r234307, r234309, r234382, r234384, r234456,
r234486, r234606, r234640, r234641, r234642, r234644, r234651, r235505,
r235506, r235535, r235605, r235606, r235826, r235991, r235993, r236168,
r236173, r236179, r236180, r236181, r236186, r236223, r236227, r236230,
r236252, r236254, r236298, r236299, r236300, r236301, r236397, r236398,
r236399, r236499, r236512, r236513, r236525, r236526, r236545, r236548,
r236553, r236554, r236556, r236557, r236561, r236570, r236630, r236672,
r236673, r236679, r236706, r236710, r236718, r237154, r237155, r237169,
r237314, r237363, r237364, r237368, r237369, r237376, r237440, r237442,
r237751, r237783, r237784, r237785, r237788, r237791, r238421, r238522,
r238523, r238524, r238525, r239173, r239186, r239644, r239652, r239661,
r239773, r240125, r240130, r240131, r240136, r240186, r240196, r240212.

I'd like to thank people who participated in early testing:

Tested by:	Florian Smeets <flo freebsd.org>
Tested by:	Chekaluk Vitaly <artemrts ukr.net>
Tested by:	Ben Wilber <ben desync.com>
Tested by:	Ian FREISLICH <ianf cloudseed.co.za>
@
text
@d5 1
a5 2
.PATH: ${.CURDIR}/../../contrib/pf/net
.PATH: ${.CURDIR}/../../contrib/pf/netinet
a12 2
CFLAGS+= -I${.CURDIR}/../../contrib/pf

@


1.19
log
@SVN rev 223637 on 2011-06-28 11:57:25Z by bz

Update packet filter (pf) code to OpenBSD 4.5.

You need to update userland (world and ports) tools
to be in sync with the kernel.

Submitted by:	mlaier
Submitted by:	eri
@
text
@d10 2
a11 2
	pf_ruleset.c \
	in4_cksum.c \
a35 1
	echo "#define DEV_PFLOW 1" >> ${.TARGET}
@


1.19.2.1
log
@SVN rev 225736 on 2011-09-23 00:51:37Z by kensmith

Copy head to stable/9 as part of 9.0-RELEASE release cycle.

Approved by:	re (implicit)
@
text
@@


1.19.2.2
log
@## SVN ##
## SVN ## Exported commit - http://svnweb.freebsd.org/changeset/base/ 242902
## SVN ## CVS IS DEPRECATED: http://wiki.freebsd.org/CvsIsDeprecated
## SVN ##
## SVN ## ------------------------------------------------------------------------
## SVN ## r242902 | dteske | 2012-11-11 23:29:45 +0000 (Sun, 11 Nov 2012) | 10 lines
## SVN ##
## SVN ## Fix a regression introduced by SVN r211417 that saw the breakage of a feature
## SVN ## documented in usr.sbin/sysinstall/help/shortcuts.hlp (reproduced below):
## SVN ##
## SVN ## If /usr/sbin/sysinstall is linked to another filename, say
## SVN ## `/usr/local/bin/configPackages', then the basename will be used
## SVN ## as an implicit command name.
## SVN ##
## SVN ## Reviewed by:	adrian (co-mentor)
## SVN ## Approved by:	adrian (co-mentor)
## SVN ##
## SVN ## ------------------------------------------------------------------------
## SVN ##
@
text
@d1 1
a1 1
# $FreeBSD: stable/9/sys/modules/pf/Makefile 223637 2011-06-28 11:57:25Z bz $
@


1.19.2.1.4.1
log
@SVN rev 239080 on 2012-08-05 23:54:33Z by kensmith

Copy stable/9 to releng/9.1 as part of the 9.1-RELEASE release process.

Approved by:	re (implicit)
@
text
@@


1.19.2.1.4.2
log
@Switch importer
@
text
@d1 1
a1 1
# $FreeBSD: releng/9.1/sys/modules/pf/Makefile 223637 2011-06-28 11:57:25Z bz $
@


1.19.2.1.2.1
log
@SVN rev 227445 on 2011-11-11 04:20:22Z by kensmith

Copy stable/9 to releng/9.0 as part of the FreeBSD 9.0-RELEASE release
cycle.

Approved by:	re (implicit)
@
text
@@


1.19.2.1.2.2
log
@Switch importer
@
text
@d1 1
a1 1
# $FreeBSD: releng/9.0/sys/modules/pf/Makefile 223637 2011-06-28 11:57:25Z bz $
@


1.18
log
@SVN rev 197928 on 2009-10-10 03:32:46Z by eri

Fix typo which has survived amazingly long!

Approved by:	mlaier(mentor)
MFC after:	3 days
@
text
@d9 1
a9 1
SRCS = 	pf.c pf_if.c pf_subr.c pf_osfp.c pf_ioctl.c pf_norm.c pf_table.c \
d12 1
a12 1
	opt_pf.h opt_inet.h opt_inet6.h opt_bpf.h
d14 1
a14 1
CFLAGS+=  -I${.CURDIR}/../../contrib/pf
d17 1
d20 1
d31 1
d35 7
@


1.17
log
@SVN rev 193744 on 2009-06-08 19:57:35Z by bz

After r193232 rt_tables in vnet.h are no longer indirectly dependent on
the ROUTETABLES kernel option thus there is no need to include opt_route.h
anymore in all consumers of vnet.h and no longer depend on it for module
builds.

Remove the hidden include in flowtable.h as well and leave the two
explicit #includes in ip_input.c and ip_output.c.
@
text
@d31 1
a31 1
	echo "#define DEF_PFLOG 1" >> ${.TARGET}
@


1.17.2.1
log
@SVN rev 196045 on 2009-08-03 08:13:06Z by kensmith

Copy head to stable/8 as part of 8.0 Release cycle.

Approved by:	re (Implicit)
@
text
@@


1.17.2.2
log
@SVN rev 198083 on 2009-10-14 15:32:46Z by eri

Fix typo which has survived amazingly long!

Reviewed by:	mlaier(mentor)
Approved by:	re(kib)
@
text
@d31 1
a31 1
	echo "#define DEV_PFLOG 1" >> ${.TARGET}
@


1.17.2.3
log
@## SVN ##
## SVN ## Exported commit - http://svnweb.freebsd.org/changeset/base/ 242909
## SVN ## CVS IS DEPRECATED: http://wiki.freebsd.org/CvsIsDeprecated
## SVN ##
## SVN ## ------------------------------------------------------------------------
## SVN ## r242909 | dim | 2012-11-12 07:47:19 +0000 (Mon, 12 Nov 2012) | 20 lines
## SVN ##
## SVN ## MFC r242625:
## SVN ##
## SVN ## Remove duplicate const specifiers in many drivers (I hope I got all of
## SVN ## them, please let me know if not).  Most of these are of the form:
## SVN ##
## SVN ## static const struct bzzt_type {
## SVN ##       [...list of members...]
## SVN ## } const bzzt_devs[] = {
## SVN ##       [...list of initializers...]
## SVN ## };
## SVN ##
## SVN ## The second const is unnecessary, as arrays cannot be modified anyway,
## SVN ## and if the elements are const, the whole thing is const automatically
## SVN ## (e.g. it is placed in .rodata).
## SVN ##
## SVN ## I have verified this does not change the binary output of a full kernel
## SVN ## build (except for build timestamps embedded in the object files).
## SVN ##
## SVN ## Reviewed by:	yongari, marius
## SVN ##
## SVN ## ------------------------------------------------------------------------
## SVN ##
@
text
@d1 1
a1 1
# $FreeBSD: stable/8/sys/modules/pf/Makefile 198083 2009-10-14 15:32:46Z eri $
@


1.17.2.2.8.1
log
@SVN rev 232438 on 2012-03-03 06:15:13Z by kensmith

Copy stable/8 to releng/8.3 as part of 8.3-RELEASE release cycle.

Approved by:	re (implicit)
@
text
@@


1.17.2.2.8.2
log
@Switch importer
@
text
@d1 1
a1 1
# $FreeBSD: releng/8.3/sys/modules/pf/Makefile 198083 2009-10-14 15:32:46Z eri $
@


1.17.2.2.6.1
log
@SVN rev 216617 on 2010-12-21 17:09:25Z by kensmith

Copy stable/8 to releng/8.2 in preparation for FreeBSD-8.2 release.

Approved by:	re (implicit)
@
text
@@


1.17.2.2.4.1
log
@SVN rev 209145 on 2010-06-14 02:09:06Z by kensmith

Copy stable/8 to releng/8.1 in preparation for 8.1-RC1.

Approved by:	re (implicit)
@
text
@@


1.17.2.2.2.1
log
@SVN rev 198460 on 2009-10-25 01:10:29Z by kensmith

Copy stable/8 to releng/8.0 as part of 8.0-RELEASE release procedure.

Approved by:	re (implicit)
@
text
@@


1.16
log
@SVN rev 193588 on 2009-06-06 17:01:44Z by rwatson

Remove opt_mac.h generation for various kernel modules that no longer
require it.

Submitted by:	pjd
@
text
@d12 1
a12 1
	opt_pf.h opt_inet.h opt_inet6.h opt_bpf.h opt_route.h
@


1.15
log
@SVN rev 185571 on 2008-12-02 21:37:28Z by bz

Rather than using hidden includes (with cicular dependencies),
directly include only the header files needed. This reduces the
unneeded spamming of various headers into lots of files.

For now, this leaves us with very few modules including vnet.h
and thus needing to depend on opt_route.h.

Reviewed by:	brooks, gnn, des, zec, imp
Sponsored by:	The FreeBSD Foundation
@
text
@d12 1
a12 1
	opt_pf.h opt_inet.h opt_inet6.h opt_bpf.h opt_mac.h opt_route.h
@


1.14
log
@SVN rev 182668 on 2008-09-01 23:59:00Z by imp

Per email to arch@@ a little while ago (that was greeted with silence),
prefer the more common > ${.TARGET} over > opt_foo.h in modules
makefiles.
@
text
@d12 1
a12 1
	opt_pf.h opt_inet.h opt_inet6.h opt_bpf.h opt_mac.h
@


1.13
log
@Link pf 4.1 to the build:
 - move ftp-proxy from libexec to usr.sbin
 - add tftp-proxy
 - new altq mtag link

Approved by:	re (kensmith)
@
text
@d18 1
a18 1
	echo "#define INET 1" > opt_inet.h
d22 1
a22 1
	echo "#define INET6 1" > opt_inet6.h
d26 1
a26 1
	echo "#define DEV_BPF 1" > opt_bpf.h
d30 2
a31 2
	echo "#define DEV_PF 1" > opt_pf.h
	echo "#define DEF_PFLOG 1" >> opt_pf.h
@


1.13.2.1
log
@SVN rev 198084 on 2009-10-14 15:37:03Z by eri

Fix typo which has survived amazingly long!

Approved by:	mlaier(mentor)
@
text
@d31 1
a31 1
	echo "#define DEV_PFLOG 1" >> opt_pf.h
@


1.13.2.2
log
@Switch importer
@
text
@d1 1
a1 1
# $FreeBSD: stable/7/sys/modules/pf/Makefile 198084 2009-10-14 15:37:03Z eri $
@


1.13.2.1.4.1
log
@SVN rev 216618 on 2010-12-21 17:10:29Z by kensmith

Copy stable/7 to releng/7.4 in preparation for FreeBSD-7.4 release.

Approved by:	re (implicit)
@
text
@@


1.13.2.1.4.2
log
@Switch importer
@
text
@d1 1
a1 1
# $FreeBSD: releng/7.4/sys/modules/pf/Makefile 198084 2009-10-14 15:37:03Z eri $
@


1.13.2.1.2.1
log
@SVN rev 203736 on 2010-02-10 00:26:20Z by kensmith

Copy stable/7 to releng/7.3 as part of the 7.3-RELEASE process.

Approved by:	re (implicit)
@
text
@@


1.13.8.1
log
@SVN rev 191087 on 2009-04-15 03:14:26Z by kensmith

Create releng/7.2 from stable/7 in preparation for 7.2-RELEASE.

Approved by:	re (implicit)
@
text
@@


1.13.6.1
log
@SVN rev 185281 on 2008-11-25 02:59:29Z by kensmith

Create releng/7.1 in preparation for moving into RC phase of 7.1 release
cycle.

Approved by:	re (implicit)
@
text
@@


1.12
log
@Introduce a new entry point, mac_create_mbuf_from_firewall. This entry point
exists to allow the mandatory access control policy to properly initialize
mbufs generated by the firewall. An example where this might happen is keep
alive packets, or ICMP error packets in response to other packets.

This takes care of kernel panics associated with un-initialize mbuf labels
when the firewall generates packets.

[1] I modified this patch from it's original version, the initial patch
    introduced a number of entry points which were programmatically
    equivalent. So I introduced only one. Instead, we should leverage
    mac_create_mbuf_netlayer() which is used for similar situations,
    an example being icmp_error()

    This will minimize the impact associated with the MFC

Submitted by:	mlaier [1]
MFC after:	1 week

This is a RELENG_6 candidate
@
text
@d10 1
d27 5
@


1.11
log
@Reimplementation of world/kernel build options.  For details, see:

http://lists.freebsd.org/pipermail/freebsd-current/2006-March/061725.html

The src.conf(5) manpage is to follow in a few days.

Brought to you by:	imp, jhb, kris, phk, ru (all bugs are mine)
@
text
@d11 1
a11 1
	opt_pf.h opt_inet.h opt_inet6.h opt_bpf.h
@


1.10
log
@The `pf' and `pflog' sources do not depend on DEV_PF or DEV_PFLOG,
which is normal for own files of a device driver.

DEV_FOO should be used if an unrelated kernel file needs to know of
the `foo' driver's static presence.  Obviously, module source files
should never use DEV_*.
@
text
@d3 2
d19 1
a19 1
.if !defined(NO_INET6)
@


1.9
log
@Make pflog a seperate module.  As a result pflog_packet() becomes a function
pointer that is declared in pf_ioctl.c

Requested by:	yar (as part of the module build reorg)
MFC after:	1 week
X-MFC with:	yar's module reorg
@
text
@a13 3
opt_pf.h:
	echo "#define DEV_PF 1" > opt_pf.h

@


1.8
log
@Let modules use the kernel's opt_*.h files if built along with
the kernel by wrapping all targets for fake opt_*.h files in
.if defined(KERNBUILDDIR).  Thus, such fake files won't be
created at all if modules are built with the kernel.

Some modules undergo cleanup like removing unused or unneeded
options or .h files, without which they wouldn't build this way
or the other.

Reviewed by:	ru
Tested by:	no binary changes in modules built alone
Tested on:	i386 sparc64 amd64
@
text
@a4 1
.PATH: ${.CURDIR}/../../netinet
a7 1
	if_pflog.c \
a15 1
	echo "#define DEV_PFLOG 1" >> opt_pf.h
@


1.7
log
@Let kmod.mk create an empty .h file.
@
text
@d15 1
d30 1
@


1.7.2.1
log
@MFC:
  Make pflog a seperate module.  As a result pflog_packet() becomes a
  function pointer that is declared in pf_ioctl.c

  Requested by:   yar (as part of the module build reorg)

Approved by:	re (scottl)
@
text
@d5 1
d9 1
d17 1
@


1.7.2.2
log
@MFC in the pf and pflog modules:

pf: Respect KERNBUILDDIR.
both: Don't depend on DEV_*.

Approved by:	re (scottl)
@
text
@d13 3
a15 1
.if !defined(KERNBUILDDIR)
a25 1
.endif
@


1.7.2.3
log
@MFC the firewall labeling changes.

This fixes kernel panics which occur when the firewall sends out a packet.
This can happen for keep alives, or instances when the firewall is
configured to return RST or ICMP unreach packets. These panics occured
only if MLS, BIBA or LOMAC security policies were loaded.

Approved by:	re@@ (kensmith)
Submitted by:	mlaier (with changes)
@
text
@d9 1
a9 1
	opt_pf.h opt_inet.h opt_inet6.h opt_bpf.h opt_mac.h
@


1.7.2.4
log
@Switch importer
@
text
@d1 1
a1 1
# $FreeBSD: stable/6/sys/modules/pf/Makefile 162448 2006-09-19 15:45:22Z csjp $
@


1.7.2.3.6.1
log
@SVN rev 183531 on 2008-10-02 02:57:24Z by kensmith

Create releng/6.4 from stable/6 in preparation for 6.4-RC1.

Approved by:	re (implicit)
@
text
@@


1.6
log
@NOINET6 -> NO_INET6
@
text
@d22 1
a23 3
.if defined(NO_INET6)
	echo > opt_inet6.h
.else
@


1.5
log
@Removed -Wall from CFLAGS.
@
text
@d23 1
a23 1
.if defined(NOINET6)
@


1.4
log
@Get rid of the RANDOM_IP_ID option and make it a sysctl.  NetBSD
have already done this, so I have styled the patch on their work:

        1) introduce a ip_newid() static inline function that checks
        the sysctl and then decides if it should return a sequential
        or random IP ID.

        2) named the sysctl net.inet.ip.random_id

        3) IPv6 flow IDs and fragment IDs are now always random.
        Flow IDs and frag IDs are significantly less common in the
        IPv6 world (ie. rarely generated per-packet), so there should
        be smaller performance concerns.

The sysctl defaults to 0 (sequential IP IDs).

Reviewed by:	andre, silby, mlaier, ume
Based on:	NetBSD
MFC after:	2 months
@
text
@d13 1
a13 1
CFLAGS+=  -Wall -I${.CURDIR}/../../contrib/pf
@


1.3
log
@Commit pf version 3.5 and link additional files to the kernel build.

Version 3.5 brings:
 - Atomic commits of ruleset changes (reduce the chance of ending up in an
   inconsistent state).
 - A 30% reduction in the size of state table entries.
 - Source-tracking (limit number of clients and states per client).
 - Sticky-address (the flexibility of round-robin with the benefits of
   source-hash).
 - Significant improvements to interface handling.
 - and many more ...
@
text
@d10 2
a11 2
	in4_cksum.c ip_id.c \
	opt_pf.h opt_inet.h opt_inet6.h opt_bpf.h opt_random_ip_id.h
a30 3

opt_random_ip_id.h:
	echo "#define RANDOM_IP_ID 1" > opt_random_ip_id.h
@


1.2
log
@Make pf* modules respect NOINET6 from make.conf(5) in order to build them
for INET6-less kernel.

Requested by:	many
Approved by:	bms(mentor)
@
text
@d5 1
d8 3
a10 2
SRCS = 	pf.c pf_osfp.c pf_ioctl.c pf_norm.c pf_table.c \
	in4_cksum.c \
a17 1
	echo "#define DEV_PFSYNC 1" >> opt_pf.h
@


1.1
log
@Tweak existing header and other build infrastructure to be able to build
pf/pflog/pfsync as modules. Do not list them in NOTES or modules/Makefile
(i.e. do not connect it to any (automatic) builds - yet).

Approved by: bms(mentor)
@
text
@d22 3
d26 1
@

