Remove $FreeBSD$: one-line .c comment pattern

Remove /^/[*/]\s*\$FreeBSD\$.*\n/

ipfilter/ippool: Return error code when listing a pool fails

When an internal or other error occurs during the listing of a pool,
return an error code when extiting ippool(8). Printing an error to
s

ipfilter/ippool: Return error code when listing a pool fails

When an internal or other error occurs during the listing of a pool,
return an error code when extiting ippool(8). Printing an error to
stderr without returning an error code is useless in shell scripts.

MFC after: 2 weeks

show more ...

ipfilter/ippool: Dump a copy of ippool in ippool.conf format

Add an ippool(8) option to dump a copy of the inm-memory ippool tables
in an ippool(5) format so that it can be reloaded using ippool -f.

ipfilter/ippool: Dump a copy of ippool in ippool.conf format

Add an ippool(8) option to dump a copy of the inm-memory ippool tables
in an ippool(5) format so that it can be reloaded using ippool -f.

MFC after: 2 weeks

show more ...

ipfilter userland: Style(9) requires a space after return

Reported by: jrtc27
Fixes: 2582ae5740181e0d2bab10003d66ae91c9b56329
MFC after: 1 month

ipfilter userland: Fix whitespace errors

Replace leading spaces with a tabs on affected lines.

MFC after: 1 month

ipfilter userland: Remove trailing whitespace

MFC after: 1 month

ipfilter: Adjust userland returns to conform to style(9)

Adjust ipfilter's userland return statements to conform to style(9).

MFC after: 1 month

ipflter: ANSIfy userland function declarations

Convert ipfilter userland function declarations from K&R to ANSI. This
syncs our function declarations with NetBSD hg commit 75edcd7552a0
(apply our ch

ipflter: ANSIfy userland function declarations

Convert ipfilter userland function declarations from K&R to ANSI. This
syncs our function declarations with NetBSD hg commit 75edcd7552a0
(apply our changes). Though not copied from NetBSD, this change was
partially inspired by NetBSD's work and inspired by style(9).

Reviewed by: glebius (for #network)
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D33595

show more ...

ipfilter: Move userland bits to sbin

Through fixes and improvements our ipfilter sources have diverged
enough to warrant move from contrib into sbin/ipf. Now that I'm
planning on implementing MSS cl

ipfilter: Move userland bits to sbin

Through fixes and improvements our ipfilter sources have diverged
enough to warrant move from contrib into sbin/ipf. Now that I'm
planning on implementing MSS clamping as in iptables it makes more
sense to move ipfilter to sbin.

This is the second of three commits of the ipfilter move.

Suggested by glebius on two occaions.

Suggested by and discussed with: glebius
Reviewed by: glebius, kp (for #network)
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D33510

show more ...

ippool: remove set-but-not-unused vars

Display of stats from a kernel core dump was never fully implemented.
Remove the dangling vars and remove the documentation.

MFC after: 3 days

Retire the K&R/STD C __P prototype declarations.

In the old days when K&R C and STD C were each in use a workaround
(read hack) was required to allow the same code to work on each
without modificati

Retire the K&R/STD C __P prototype declarations.

In the old days when K&R C and STD C were each in use a workaround
(read hack) was required to allow the same code to work on each
without modification. All C compilers support STD C. We can finally
put the __P prototype to rest.

MFC after: 1 week

show more ...

As with ipf(8), give ippool(8) the ability to load IP pools from multiple
files. This allows for loading, during the same invocation of ippool, of
multiple sources of input using multiple tools to co

As with ipf(8), give ippool(8) the ability to load IP pools from multiple
files. This allows for loading, during the same invocation of ippool, of
multiple sources of input using multiple tools to concurrently maintain the
files such as fail2ban, macro preprocessors, and manually.

MFC after: 1 week

show more ...

Implement the dynamic add (-A) and removal (-R) of ippool pools
from the command line. Prior to this the functionality was mostly there
however since the pool type (-t) was not recognized by the -A a

Implement the dynamic add (-A) and removal (-R) of ippool pools
from the command line. Prior to this the functionality was mostly there
however since the pool type (-t) was not recognized by the -A and -R
command options -- not recognized by getopt(). Additionally the code to
implement the dynamic add and removal of pools didn't work.

When dynamically adding (-A) a pool a type (-t) to specify if the pool
is a tree or hash pool must be specified. When dynamically removing (-R)
a pool, omitting -t will cause a search-and-destroy which will remove
both types of pools matching the name given (-m).

PR: 218433
MFC after: 1 week

show more ...

The no resolve (OPT_NORESOLVE) does nothing. Additionally, it (-R)
conflicts with the command option of the same name (also -R).
Remove the superfluous and confusing non-global non-command -R option.

The no resolve (OPT_NORESOLVE) does nothing. Additionally, it (-R)
conflicts with the command option of the same name (also -R).
Remove the superfluous and confusing non-global non-command -R option.

PR: 218433
MFC after: 1 week

show more ...

ipfilter #ifdef cleanup.

Remove #ifdefs for ancient and irrelevant operating systems from
ipfilter.

When ipfilter was written the UNIX and UNIX-like systems in use
were diverse and plentiful. IRIX,

ipfilter #ifdef cleanup.

Remove #ifdefs for ancient and irrelevant operating systems from
ipfilter.

When ipfilter was written the UNIX and UNIX-like systems in use
were diverse and plentiful. IRIX, Tru64 (OSF/1) don't exist any
more. OpenBSD removed ipfilter shortly after the first time the
ipfilter license terms changed in the early 2000's. ipfilter on AIX,
HP/UX, and Linux never really caught on. Removal of code for operating
systems that ipfilter will never run on again will simplify the code
making it easier to fix bugs, complete partially implemented features,
and extend ipfilter.

Unsupported previous version FreeBSD code and some older NetBSD code
has also been removed.

What remains is supported FreeBSD, NetBSD, and illumos. FreeBSD and
NetBSD have collaborated exchanging patches, while illumos has expressed
willingness to have their ipfilter updated to 5.1.2, provided their
zone-specific updates to their ipfilter are merged (which are of interest
to FreeBSD to allow control of ipfilters in jails from the global zone).

Reviewed by: glebius@
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D19006

show more ...

loadpoolfile() implements a -R (NORESOLVE) option which is not listed
in usage(). This commit trues up usage() with loadpoolfile().

Document supported poollist() (ippool -l) options in usage() and in
ippool.8 man page.

In poolnodecommand() (ippool -a and ippool -r) -m (pool name) is not
optional.

In poolnodcommand(): TTL (-T) is only valid when adding a node to a
pool (ippool -a) not when removing a node from a pool (ippool -r).
Flag -T as an error in ippool -r.

poolflush() has no positional arguments.

Fix -S handling within poolcommand(). Specifying a seed (-S) is only
valid when adding a pool (ippool -A), not when removing a pool
(ippool -R). It is a command line syntax error if specifying a seed

Fix -S handling within poolcommand(). Specifying a seed (-S) is only
valid when adding a pool (ippool -A), not when removing a pool
(ippool -R). It is a command line syntax error if specifying a seed (-S)
is specified when emoving a pool (-R).

show more ...

Flag poolnodecommand() (ippool -a and ippool -r) command line syntax
errors.

poolcommand() (ippool -A and ippool -R) seed takes an argument.

Flag poolcommand() (ippool -A and ippool -R) command line syntax errors.

Chase r319848: remove -v option from getopt() call.