Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 18 Aug 2009 16:13:59 +0000 (UTC)
From:      Max Laier <mlaier@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org
Subject:   svn commit: r196360 - vendor-sys/pf/dist/net vendor-sys/pf/dist/netinet vendor/pf/dist/authpf vendor/pf/dist/ftp-proxy vendor/pf/dist/libevent vendor/pf/dist/man vendor/pf/dist/pfctl vendor/pf/dist...
Message-ID:  <200908181613.n7IGDxSQ021986@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: mlaier
Date: Tue Aug 18 16:13:59 2009
New Revision: 196360
URL: http://svn.freebsd.org/changeset/base/196360

Log:
  eri@ wants to start on porting the latest pf in his user space so we can
  finally have a new version in 9.0.  Import pf as of OPENBSD_4_5_BASE to help
  with that.

Added:
  vendor/pf/dist/man/pflow.4
Modified:
  vendor/pf/dist/authpf/Makefile
  vendor/pf/dist/authpf/authpf.8
  vendor/pf/dist/authpf/authpf.c
  vendor/pf/dist/authpf/pathnames.h
  vendor/pf/dist/ftp-proxy/Makefile
  vendor/pf/dist/ftp-proxy/filter.c
  vendor/pf/dist/ftp-proxy/filter.h
  vendor/pf/dist/ftp-proxy/ftp-proxy.8
  vendor/pf/dist/ftp-proxy/ftp-proxy.c
  vendor/pf/dist/libevent/buffer.c
  vendor/pf/dist/libevent/evbuffer.c
  vendor/pf/dist/libevent/event-internal.h
  vendor/pf/dist/libevent/event.c
  vendor/pf/dist/libevent/event.h
  vendor/pf/dist/libevent/evsignal.h
  vendor/pf/dist/libevent/kqueue.c
  vendor/pf/dist/libevent/log.c
  vendor/pf/dist/libevent/log.h
  vendor/pf/dist/libevent/poll.c
  vendor/pf/dist/libevent/select.c
  vendor/pf/dist/libevent/signal.c
  vendor/pf/dist/man/pf.4
  vendor/pf/dist/man/pf.conf.5
  vendor/pf/dist/man/pf.os.5
  vendor/pf/dist/man/pflog.4
  vendor/pf/dist/man/pfsync.4
  vendor/pf/dist/pfctl/Makefile
  vendor/pf/dist/pfctl/parse.y
  vendor/pf/dist/pfctl/pf_print_state.c
  vendor/pf/dist/pfctl/pfctl.8
  vendor/pf/dist/pfctl/pfctl.c
  vendor/pf/dist/pfctl/pfctl.h
  vendor/pf/dist/pfctl/pfctl_altq.c
  vendor/pf/dist/pfctl/pfctl_optimize.c
  vendor/pf/dist/pfctl/pfctl_osfp.c
  vendor/pf/dist/pfctl/pfctl_parser.c
  vendor/pf/dist/pfctl/pfctl_parser.h
  vendor/pf/dist/pfctl/pfctl_qstats.c
  vendor/pf/dist/pfctl/pfctl_radix.c
  vendor/pf/dist/pfctl/pfctl_table.c
  vendor/pf/dist/pflogd/Makefile
  vendor/pf/dist/pflogd/pflogd.8
  vendor/pf/dist/pflogd/pflogd.c
  vendor/pf/dist/pflogd/pflogd.h
  vendor/pf/dist/pflogd/privsep.c
  vendor/pf/dist/pflogd/privsep_fdpass.c
  vendor/pf/dist/tftp-proxy/Makefile
  vendor/pf/dist/tftp-proxy/filter.c
  vendor/pf/dist/tftp-proxy/filter.h
  vendor/pf/dist/tftp-proxy/tftp-proxy.8
  vendor/pf/dist/tftp-proxy/tftp-proxy.c

Changes in other areas also in this revision:
Added:
  vendor-sys/pf/dist/net/if_pflow.c
  vendor-sys/pf/dist/net/if_pflow.h
  vendor-sys/pf/dist/net/pf_lb.c
Modified:
  vendor-sys/pf/dist/net/if_pflog.c
  vendor-sys/pf/dist/net/if_pflog.h
  vendor-sys/pf/dist/net/if_pfsync.c
  vendor-sys/pf/dist/net/if_pfsync.h
  vendor-sys/pf/dist/net/pf.c
  vendor-sys/pf/dist/net/pf_if.c
  vendor-sys/pf/dist/net/pf_ioctl.c
  vendor-sys/pf/dist/net/pf_norm.c
  vendor-sys/pf/dist/net/pf_osfp.c
  vendor-sys/pf/dist/net/pf_ruleset.c
  vendor-sys/pf/dist/net/pf_table.c
  vendor-sys/pf/dist/net/pfvar.h
  vendor-sys/pf/dist/netinet/in4_cksum.c

Modified: vendor/pf/dist/authpf/Makefile
==============================================================================
--- vendor/pf/dist/authpf/Makefile	Tue Aug 18 14:00:25 2009	(r196359)
+++ vendor/pf/dist/authpf/Makefile	Tue Aug 18 16:13:59 2009	(r196360)
@@ -1,4 +1,4 @@
-#	$OpenBSD: Makefile,v 1.13 2008/02/14 01:49:17 mcbride Exp $
+#	$OpenBSD: Makefile,v 1.12 2004/04/25 19:24:52 deraadt Exp $
 
 PROG=	authpf
 MAN=	authpf.8

Modified: vendor/pf/dist/authpf/authpf.8
==============================================================================
--- vendor/pf/dist/authpf/authpf.8	Tue Aug 18 14:00:25 2009	(r196359)
+++ vendor/pf/dist/authpf/authpf.8	Tue Aug 18 16:13:59 2009	(r196360)
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: February 14 2008 $
+.Dd $Mdocdate: March 18 2008 $
 .Dt AUTHPF 8
 .Os
 .Sh NAME
@@ -202,6 +202,9 @@ It is also possible to configure
 to only allow specific users access.
 This is done by listing their login names, one per line, in
 .Pa /etc/authpf/authpf.allow .
+A group of users can also be indicated by prepending "%" to the group name,
+and all members of a login class can be indicated by prepending "@" to the
+login class name.
 If "*" is found on a line, then all usernames match.
 If
 .Nm
@@ -314,7 +317,8 @@ They have a
 wireless network which they would like to protect from unauthorized use.
 To accomplish this, they create the file
 .Pa /etc/authpf/authpf.allow
-which lists their login ids, one per line.
+which lists their login ids, group prepended with "%", or login class
+prepended with "@", one per line.
 At this point, even if eve could authenticate to
 .Xr sshd 8 ,
 she would not be allowed to use the gateway.

Modified: vendor/pf/dist/authpf/authpf.c
==============================================================================
--- vendor/pf/dist/authpf/authpf.c	Tue Aug 18 14:00:25 2009	(r196359)
+++ vendor/pf/dist/authpf/authpf.c	Tue Aug 18 16:13:59 2009	(r196360)
@@ -1,4 +1,4 @@
-/*	$OpenBSD: authpf.c,v 1.107 2008/02/14 01:49:17 mcbride Exp $	*/
+/*	$OpenBSD: authpf.c,v 1.111 2009/01/10 17:17:32 todd Exp $	*/
 
 /*
  * Copyright (C) 1998 - 2007 Bob Beck (beck@openbsd.org).
@@ -32,6 +32,7 @@
 #include <errno.h>
 #include <login_cap.h>
 #include <pwd.h>
+#include <grp.h>
 #include <signal.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -43,7 +44,7 @@
 
 static int	read_config(FILE *);
 static void	print_message(char *);
-static int	allowed_luser(char *);
+static int	allowed_luser(struct passwd *);
 static int	check_luser(char *, char *);
 static int	remove_stale_rulesets(void);
 static int	recursive_ruleset_purge(char *, char *);
@@ -58,6 +59,7 @@ char	tablename[PF_TABLE_NAME_SIZE] = "au
 int	user_ip = 1;	/* controls whether $user_ip is set */
 
 FILE	*pidfp;
+int	pidfd = -1;
 char	 luser[MAXLOGNAME];	/* username */
 char	 ipsrc[256];		/* ip as a string */
 char	 pidfile[MAXPATHLEN];	/* we save pid in this file. */
@@ -78,7 +80,7 @@ extern char *__progname;	/* program name
 int
 main(int argc, char *argv[])
 {
-	int		 lockcnt = 0, n, pidfd;
+	int		 lockcnt = 0, n;
 	FILE		*config;
 	struct in6_addr	 ina;
 	struct passwd	*pw;
@@ -93,7 +95,7 @@ main(int argc, char *argv[])
 
 	config = fopen(PATH_CONFFILE, "r");
 	if (config == NULL) {
-		syslog(LOG_ERR, "can not open %s (%m)", PATH_CONFFILE);
+		syslog(LOG_ERR, "cannot open %s (%m)", PATH_CONFFILE);
 		exit(1);
 	}
 
@@ -186,6 +188,14 @@ main(int argc, char *argv[])
 		goto die;
 	}
 
+	signal(SIGTERM, need_death);
+	signal(SIGINT, need_death);
+	signal(SIGALRM, need_death);
+	signal(SIGPIPE, need_death);
+	signal(SIGHUP, need_death);
+	signal(SIGQUIT, need_death);
+	signal(SIGTSTP, need_death);
+
 	/*
 	 * If someone else is already using this ip, then this person
 	 * wants to switch users - so kill the old process and exit
@@ -239,15 +249,17 @@ main(int argc, char *argv[])
 		}
 
 		/*
-		 * we try to kill the previous process and acquire the lock
+		 * We try to kill the previous process and acquire the lock
 		 * for 10 seconds, trying once a second. if we can't after
-		 * 10 attempts we log an error and give up
+		 * 10 attempts we log an error and give up.
 		 */
-		if (++lockcnt > 10) {
-			syslog(LOG_ERR, "cannot kill previous authpf (pid %d)",
-			    otherpid);
+		if (want_death || ++lockcnt > 10) {
+			if (!want_death)
+				syslog(LOG_ERR, "cannot kill previous authpf (pid %d)",
+				    otherpid);
 			fclose(pidfp);
 			pidfp = NULL;
+			pidfd = -1;
 			goto dogdeath;
 		}
 		sleep(1);
@@ -258,6 +270,7 @@ main(int argc, char *argv[])
 		 */
 		fclose(pidfp);
 		pidfp = NULL;
+		pidfd = -1;
 	} while (1);
 	
 	/* whack the group list */
@@ -275,7 +288,7 @@ main(int argc, char *argv[])
 	}
 	openlog("authpf", LOG_PID | LOG_NDELAY, LOG_DAEMON);
 
-	if (!check_luser(PATH_BAN_DIR, luser) || !allowed_luser(luser)) {
+	if (!check_luser(PATH_BAN_DIR, luser) || !allowed_luser(pw)) {
 		syslog(LOG_INFO, "user %s prohibited", luser);
 		do_death(0);
 	}
@@ -306,13 +319,6 @@ main(int argc, char *argv[])
 		do_death(0);
 	}
 
-	signal(SIGTERM, need_death);
-	signal(SIGINT, need_death);
-	signal(SIGALRM, need_death);
-	signal(SIGPIPE, need_death);
-	signal(SIGHUP, need_death);
-	signal(SIGQUIT, need_death);
-	signal(SIGTSTP, need_death);
 	while (1) {
 		printf("\r\nHello %s. ", luser);
 		printf("You are authenticated from host \"%s\"\r\n", ipsrc);
@@ -434,6 +440,7 @@ print_message(char *filename)
  * allowed_luser checks to see if user "luser" is allowed to
  * use this gateway by virtue of being listed in an allowed
  * users file, namely /etc/authpf/authpf.allow .
+ * Users may be listed by <username>, %<group>, or @<login_class>.
  *
  * If /etc/authpf/authpf.allow does not exist, then we assume that
  * all users who are allowed in by sshd(8) are permitted to
@@ -442,7 +449,7 @@ print_message(char *filename)
  * the session terminates in the same manner as being banned.
  */
 static int
-allowed_luser(char *luser)
+allowed_luser(struct passwd *pw)
 {
 	char	*buf, *lbuf;
 	int	 matched;
@@ -474,8 +481,14 @@ allowed_luser(char *luser)
 		 * "public" gateway, such as it is, so let
 		 * everyone use it.
 		 */
+		int gl_init = 0, ngroups = NGROUPS + 1;
+		gid_t groups[NGROUPS + 1];
+
 		lbuf = NULL;
+		matched = 0;
+
 		while ((buf = fgetln(f, &len))) {
+			
 			if (buf[len - 1] == '\n')
 				buf[len - 1] = '\0';
 			else {
@@ -486,7 +499,40 @@ allowed_luser(char *luser)
 				buf = lbuf;
 			}
 
-			matched = strcmp(luser, buf) == 0 || strcmp("*", buf) == 0;
+			if (buf[0] == '@') {
+				/* check login class */
+				if (strcmp(pw->pw_class, buf + 1) == 0)
+					matched++;
+			} else if (buf[0] == '%') {
+				/* check group membership */
+				int cnt; 
+				struct group *group;
+
+				if ((group = getgrnam(buf + 1)) == NULL) {
+					syslog(LOG_ERR,
+					    "invalid group '%s' in %s (%s)",
+					    buf + 1, PATH_ALLOWFILE,
+				 	    strerror(errno));
+					return (0);
+				}
+
+				if (!gl_init) {
+					(void) getgrouplist(pw->pw_name,
+					    pw->pw_gid, groups, &ngroups);
+					gl_init++;
+				}
+			
+				for ( cnt = 0; cnt < ngroups; cnt++) {
+					if (group->gr_gid == groups[cnt]) {
+						matched++;
+						break;
+					}
+				}
+			} else {
+				/* check username and wildcard */
+				matched = strcmp(pw->pw_name, buf) == 0 ||
+				    strcmp("*", buf) == 0;
+			}
 
 			if (lbuf != NULL) {
 				free(lbuf);
@@ -494,10 +540,10 @@ allowed_luser(char *luser)
 			}
 
 			if (matched)
-				return (1); /* matched an allowed username */
+				return (1); /* matched an allowed user/group */
 		}
 		syslog(LOG_INFO, "denied access to %s: not listed in %s",
-		    luser, PATH_ALLOWFILE);
+		    pw->pw_name, PATH_ALLOWFILE);
 
 		/* reuse buf */
 		buf = "\n\nSorry, you are not allowed to use this facility!\n";
@@ -878,7 +924,7 @@ do_death(int active)
 			authpf_kill_states();
 		}
 	}
-	if (pidfile[0] && (pidfp != NULL))
+	if (pidfile[0] && pidfd != -1)
 		if (unlink(pidfile) == -1)
 			syslog(LOG_ERR, "cannot unlink %s (%m)", pidfile);
 	exit(ret);

Modified: vendor/pf/dist/authpf/pathnames.h
==============================================================================
--- vendor/pf/dist/authpf/pathnames.h	Tue Aug 18 14:00:25 2009	(r196359)
+++ vendor/pf/dist/authpf/pathnames.h	Tue Aug 18 16:13:59 2009	(r196360)
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pathnames.h,v 1.8 2008/02/14 01:49:17 mcbride Exp $	*/
+/*	$OpenBSD: pathnames.h,v 1.7 2004/04/25 18:40:42 beck Exp $	*/
 
 /*
  * Copyright (C) 2002 Chris Kuethe (ckuethe@ualberta.ca)

Modified: vendor/pf/dist/ftp-proxy/Makefile
==============================================================================
--- vendor/pf/dist/ftp-proxy/Makefile	Tue Aug 18 14:00:25 2009	(r196359)
+++ vendor/pf/dist/ftp-proxy/Makefile	Tue Aug 18 16:13:59 2009	(r196360)
@@ -1,4 +1,4 @@
-#	$OpenBSD: Makefile,v 1.3 2006/11/26 11:31:13 deraadt Exp $
+#	$OpenBSD: Makefile,v 1.2 2005/06/07 14:12:07 camield Exp $
 
 PROG=	ftp-proxy
 SRCS=	ftp-proxy.c filter.c

Modified: vendor/pf/dist/ftp-proxy/filter.c
==============================================================================
--- vendor/pf/dist/ftp-proxy/filter.c	Tue Aug 18 14:00:25 2009	(r196359)
+++ vendor/pf/dist/ftp-proxy/filter.c	Tue Aug 18 16:13:59 2009	(r196360)
@@ -1,4 +1,4 @@
-/*	$OpenBSD: filter.c,v 1.8 2008/06/13 07:25:26 claudio Exp $ */
+/*	$OpenBSD: filter.c,v 1.7 2008/02/26 18:52:53 henning Exp $ */
 
 /*
  * Copyright (c) 2004, 2005 Camiel Dobbelaar, <cd@sentia.nl>

Modified: vendor/pf/dist/ftp-proxy/filter.h
==============================================================================
--- vendor/pf/dist/ftp-proxy/filter.h	Tue Aug 18 14:00:25 2009	(r196359)
+++ vendor/pf/dist/ftp-proxy/filter.h	Tue Aug 18 16:13:59 2009	(r196360)
@@ -1,4 +1,4 @@
-/*	$OpenBSD: filter.h,v 1.4 2007/08/01 09:31:41 henning Exp $ */
+/*	$OpenBSD: filter.h,v 1.3 2005/06/07 14:12:07 camield Exp $ */
 
 /*
  * Copyright (c) 2004, 2005 Camiel Dobbelaar, <cd@sentia.nl>

Modified: vendor/pf/dist/ftp-proxy/ftp-proxy.8
==============================================================================
--- vendor/pf/dist/ftp-proxy/ftp-proxy.8	Tue Aug 18 14:00:25 2009	(r196359)
+++ vendor/pf/dist/ftp-proxy/ftp-proxy.8	Tue Aug 18 16:13:59 2009	(r196360)
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: ftp-proxy.8,v 1.11 2008/02/26 18:52:53 henning Exp $
+.\"	$OpenBSD: ftp-proxy.8,v 1.10 2007/08/01 15:45:41 jmc Exp $
 .\"
 .\" Copyright (c) 2004, 2005 Camiel Dobbelaar, <cd@sentia.nl>
 .\"

Modified: vendor/pf/dist/ftp-proxy/ftp-proxy.c
==============================================================================
--- vendor/pf/dist/ftp-proxy/ftp-proxy.c	Tue Aug 18 14:00:25 2009	(r196359)
+++ vendor/pf/dist/ftp-proxy/ftp-proxy.c	Tue Aug 18 16:13:59 2009	(r196360)
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ftp-proxy.c,v 1.19 2008/06/13 07:25:26 claudio Exp $ */
+/*	$OpenBSD: ftp-proxy.c,v 1.18 2008/04/22 02:22:22 joel Exp $ */
 
 /*
  * Copyright (c) 2004, 2005 Camiel Dobbelaar, <cd@sentia.nl>

Modified: vendor/pf/dist/libevent/buffer.c
==============================================================================
--- vendor/pf/dist/libevent/buffer.c	Tue Aug 18 14:00:25 2009	(r196359)
+++ vendor/pf/dist/libevent/buffer.c	Tue Aug 18 16:13:59 2009	(r196360)
@@ -1,3 +1,5 @@
+/*	$OpenBSD: buffer.c,v 1.14 2007/03/19 15:12:49 millert Exp $	*/
+
 /*
  * Copyright (c) 2002, 2003 Niels Provos <provos@citi.umich.edu>
  * All rights reserved.
@@ -62,7 +64,7 @@ struct evbuffer *
 evbuffer_new(void)
 {
 	struct evbuffer *buffer;
-	
+
 	buffer = calloc(1, sizeof(struct evbuffer));
 
 	return (buffer);
@@ -76,7 +78,7 @@ evbuffer_free(struct evbuffer *buffer)
 	free(buffer);
 }
 
-/* 
+/*
  * This is a destructive add.  The data from one buffer moves into
  * the other buffer.
  */
@@ -104,16 +106,16 @@ evbuffer_add_buffer(struct evbuffer *out
 		SWAP(outbuf, inbuf);
 		SWAP(inbuf, &tmp);
 
-		/* 
+		/*
 		 * Optimization comes with a price; we need to notify the
 		 * buffer if necessary of the changes. oldoff is the amount
-		 * of data that we transfered from inbuf to outbuf
+		 * of data that we transferred from inbuf to outbuf
 		 */
 		if (inbuf->off != oldoff && inbuf->cb != NULL)
 			(*inbuf->cb)(inbuf, oldoff, inbuf->off, inbuf->cbarg);
 		if (oldoff && outbuf->cb != NULL)
 			(*outbuf->cb)(outbuf, 0, oldoff, outbuf->cbarg);
-		
+
 		return (0);
 	}
 
@@ -196,7 +198,7 @@ evbuffer_remove(struct evbuffer *buf, vo
 
 	memcpy(data, buf->buffer, nread);
 	evbuffer_drain(buf, nread);
-	
+
 	return (nread);
 }
 
@@ -371,7 +373,7 @@ evbuffer_read(struct evbuffer *buf, int 
 		if (n < EVBUFFER_MAX_READ)
 			n = EVBUFFER_MAX_READ;
 	}
-#endif	
+#endif
 	if (howmuch < 0 || howmuch > n)
 		howmuch = n;
 

Modified: vendor/pf/dist/libevent/evbuffer.c
==============================================================================
--- vendor/pf/dist/libevent/evbuffer.c	Tue Aug 18 14:00:25 2009	(r196359)
+++ vendor/pf/dist/libevent/evbuffer.c	Tue Aug 18 16:13:59 2009	(r196360)
@@ -1,3 +1,5 @@
+/*	$OpenBSD: evbuffer.c,v 1.10 2007/03/19 15:12:49 millert Exp $	*/
+
 /*
  * Copyright (c) 2002-2004 Niels Provos <provos@citi.umich.edu>
  * All rights reserved.
@@ -64,7 +66,7 @@ bufferevent_add(struct event *ev, int ti
 	return (event_add(ev, ptv));
 }
 
-/* 
+/*
  * This callback is executed when the size of the input buffer changes.
  * We use it to apply back pressure on the reading side.
  */
@@ -73,7 +75,7 @@ void
 bufferevent_read_pressure_cb(struct evbuffer *buf, size_t old, size_t now,
     void *arg) {
 	struct bufferevent *bufev = arg;
-	/* 
+	/*
 	 * If we are below the watermark then reschedule reading if it's
 	 * still enabled.
 	 */
@@ -288,7 +290,7 @@ bufferevent_free(struct bufferevent *buf
  */
 
 int
-bufferevent_write(struct bufferevent *bufev, void *data, size_t size)
+bufferevent_write(struct bufferevent *bufev, const void *data, size_t size)
 {
 	int res;
 

Modified: vendor/pf/dist/libevent/event-internal.h
==============================================================================
--- vendor/pf/dist/libevent/event-internal.h	Tue Aug 18 14:00:25 2009	(r196359)
+++ vendor/pf/dist/libevent/event-internal.h	Tue Aug 18 16:13:59 2009	(r196360)
@@ -1,3 +1,5 @@
+/*	$OpenBSD: event-internal.h,v 1.4 2007/03/19 15:12:49 millert Exp $	*/
+
 /*
  * Copyright (c) 2000-2004 Niels Provos <provos@citi.umich.edu>
  * All rights reserved.

Modified: vendor/pf/dist/libevent/event.c
==============================================================================
--- vendor/pf/dist/libevent/event.c	Tue Aug 18 14:00:25 2009	(r196359)
+++ vendor/pf/dist/libevent/event.c	Tue Aug 18 16:13:59 2009	(r196360)
@@ -1,3 +1,5 @@
+/*	$OpenBSD: event.c,v 1.18 2008/05/02 06:09:11 brad Exp $	*/
+
 /*
  * Copyright (c) 2000-2004 Niels Provos <provos@citi.umich.edu>
  * All rights reserved.
@@ -38,7 +40,7 @@
 #include <sys/tree.h>
 #ifdef HAVE_SYS_TIME_H
 #include <sys/time.h>
-#else 
+#else
 #include <sys/_time.h>
 #endif
 #include <sys/queue.h>
@@ -180,7 +182,7 @@ RB_PROTOTYPE(event_tree, event, ev_timeo
 RB_GENERATE(event_tree, event, ev_timeout_node, compare);
 
 
-void *
+struct event_base *
 event_init(void)
 {
 	int i;
@@ -194,13 +196,13 @@ event_init(void)
 
 	detect_monotonic();
 	gettime(&base->event_tv);
-	
+
 	RB_INIT(&base->timetree);
 	TAILQ_INIT(&base->eventqueue);
 	TAILQ_INIT(&base->sig.signalqueue);
 	base->sig.ev_signal_pair[0] = -1;
 	base->sig.ev_signal_pair[1] = -1;
-	
+
 	base->evbase = NULL;
 	for (i = 0; eventops[i] && !base->evbase; i++) {
 		base->evsel = eventops[i];
@@ -321,7 +323,7 @@ event_process_active(struct event_base *
 
 	for (ev = TAILQ_FIRST(activeq); ev; ev = TAILQ_FIRST(activeq)) {
 		event_queue_remove(base, ev, EVLIST_ACTIVE);
-		
+
 		/* Allows deletes to work */
 		ncalls = ev->ev_ncalls;
 		ev->ev_pncalls = &ncalls;
@@ -430,7 +432,7 @@ event_base_loop(struct event_base *base,
 			 */
 			timerclear(&tv);
 		}
-		
+
 		/* If we have no events, we just exit */
 		if (!event_haveevents(base)) {
 			event_debug(("%s: no events registered.", __func__));
@@ -439,7 +441,6 @@ event_base_loop(struct event_base *base,
 
 		res = evsel->dispatch(base, evbase, tv_p);
 
-
 		if (res == -1)
 			return (-1);
 
@@ -652,7 +653,7 @@ event_add(struct event *ev, struct timev
 				/* Abort loop */
 				*ev->ev_pncalls = 0;
 			}
-			
+
 			event_queue_remove(base, ev, EVLIST_ACTIVE);
 		}
 
@@ -913,10 +914,10 @@ event_queue_insert(struct event_base *ba
 const char *
 event_get_version(void)
 {
-	return (VERSION);
+	return (LIBEVENT_VERSION);
 }
 
-/* 
+/*
  * No thread-safe interface needed - the information should be the same
  * for all threads.
  */

Modified: vendor/pf/dist/libevent/event.h
==============================================================================
--- vendor/pf/dist/libevent/event.h	Tue Aug 18 14:00:25 2009	(r196359)
+++ vendor/pf/dist/libevent/event.h	Tue Aug 18 16:13:59 2009	(r196360)
@@ -1,3 +1,5 @@
+/*	$OpenBSD: event.h,v 1.19 2008/05/02 06:09:11 brad Exp $	*/
+
 /*
  * Copyright (c) 2000-2004 Niels Provos <provos@citi.umich.edu>
  * All rights reserved.
@@ -43,6 +45,8 @@ typedef unsigned char u_char;
 typedef unsigned short u_short;
 #endif
 
+#define LIBEVENT_VERSION	"1.3e"
+
 #define EVLIST_TIMEOUT	0x01
 #define EVLIST_INSERTED	0x02
 #define EVLIST_SIGNAL	0x04
@@ -141,7 +145,7 @@ struct eventop {
 	void (*dealloc)(struct event_base *, void *);
 };
 
-void *event_init(void);
+struct event_base *event_init(void);
 int event_dispatch(void);
 int event_base_dispatch(struct event_base *);
 void event_base_free(struct event_base *);
@@ -169,12 +173,6 @@ int event_base_loopexit(struct event_bas
 #define evtimer_pending(ev, tv)		event_pending(ev, EV_TIMEOUT, tv)
 #define evtimer_initialized(ev)		((ev)->ev_flags & EVLIST_INIT)
 
-#define timeout_add(ev, tv)		event_add(ev, tv)
-#define timeout_set(ev, cb, arg)	event_set(ev, -1, 0, cb, arg)
-#define timeout_del(ev)			event_del(ev)
-#define timeout_pending(ev, tv)		event_pending(ev, EV_TIMEOUT, tv)
-#define timeout_initialized(ev)		((ev)->ev_flags & EVLIST_INIT)
-
 #define signal_add(ev, tv)		event_add(ev, tv)
 #define signal_set(ev, x, cb, arg)	\
 	event_set(ev, x, EV_SIGNAL|EV_PERSIST, cb, arg)
@@ -264,7 +262,8 @@ struct bufferevent *bufferevent_new(int 
 int bufferevent_base_set(struct event_base *base, struct bufferevent *bufev);
 int bufferevent_priority_set(struct bufferevent *bufev, int pri);
 void bufferevent_free(struct bufferevent *bufev);
-int bufferevent_write(struct bufferevent *bufev, void *data, size_t size);
+int bufferevent_write(struct bufferevent *bufev,
+    const void *data, size_t size);
 int bufferevent_write_buffer(struct bufferevent *bufev, struct evbuffer *buf);
 size_t bufferevent_read(struct bufferevent *bufev, void *data, size_t size);
 int bufferevent_enable(struct bufferevent *bufev, short event);
@@ -292,7 +291,7 @@ int evbuffer_read(struct evbuffer *, int
 u_char *evbuffer_find(struct evbuffer *, const u_char *, size_t);
 void evbuffer_setcb(struct evbuffer *, void (*)(struct evbuffer *, size_t, size_t, void *), void *);
 
-/* 
+/*
  * Marshaling tagged data - We assume that all tags are inserted in their
  * numeric order - so that unknown tags will always be higher than the
  * known ones - and we can just ignore the end of an event buffer.

Modified: vendor/pf/dist/libevent/evsignal.h
==============================================================================
--- vendor/pf/dist/libevent/evsignal.h	Tue Aug 18 14:00:25 2009	(r196359)
+++ vendor/pf/dist/libevent/evsignal.h	Tue Aug 18 16:13:59 2009	(r196360)
@@ -1,3 +1,5 @@
+/*	$OpenBSD: evsignal.h,v 1.2 2004/04/28 06:53:12 brad Exp $	*/
+
 /*
  * Copyright 2000-2002 Niels Provos <provos@citi.umich.edu>
  * All rights reserved.

Modified: vendor/pf/dist/libevent/kqueue.c
==============================================================================
--- vendor/pf/dist/libevent/kqueue.c	Tue Aug 18 14:00:25 2009	(r196359)
+++ vendor/pf/dist/libevent/kqueue.c	Tue Aug 18 16:13:59 2009	(r196360)
@@ -1,4 +1,4 @@
-/*	$OpenBSD: kqueue.c,v 1.5 2002/07/10 14:41:31 art Exp $	*/
+/*	$OpenBSD: kqueue.c,v 1.23 2007/09/02 15:19:18 deraadt Exp $	*/
 
 /*
  * Copyright 2000-2002 Niels Provos <provos@citi.umich.edu>
@@ -97,14 +97,14 @@ kq_init(struct event_base *base)
 	struct kqop *kqueueop;
 
 	/* Disable kqueue when this environment variable is set */
-	if (getenv("EVENT_NOKQUEUE"))
+	if (!issetugid() && getenv("EVENT_NOKQUEUE"))
 		return (NULL);
 
 	if (!(kqueueop = calloc(1, sizeof(struct kqop))))
 		return (NULL);
 
 	/* Initalize the kernel queue */
-	
+
 	if ((kq = kqueue()) == -1) {
 		event_warn("kqueue");
 		free (kqueueop);
@@ -114,12 +114,12 @@ kq_init(struct event_base *base)
 	kqueueop->kq = kq;
 
 	/* Initalize fields */
-	kqueueop->changes = malloc(NEVENT * sizeof(struct kevent));
+	kqueueop->changes = calloc(NEVENT, sizeof(struct kevent));
 	if (kqueueop->changes == NULL) {
 		free (kqueueop);
 		return (NULL);
 	}
-	kqueueop->events = malloc(NEVENT * sizeof(struct kevent));
+	kqueueop->events = calloc(NEVENT, sizeof(struct kevent));
 	if (kqueueop->events == NULL) {
 		free (kqueueop->changes);
 		free (kqueueop);
@@ -131,7 +131,7 @@ kq_init(struct event_base *base)
 	kqueueop->changes[0].ident = -1;
 	kqueueop->changes[0].filter = EVFILT_READ;
 	kqueueop->changes[0].flags = EV_ADD;
-	/* 
+	/*
 	 * If kqueue works, then kevent will succeed, and it will
 	 * stick an error in events[0].  If kqueue is broken, then
 	 * kevent will fail.
@@ -195,7 +195,7 @@ kq_insert(struct kqop *kqop, struct keve
 	memcpy(&kqop->changes[kqop->nchanges++], kev, sizeof(struct kevent));
 
 	event_debug(("%s: fd %d %s%s",
-		 __func__, kev->ident, 
+		 __func__, kev->ident,
 		 kev->filter == EVFILT_READ ? "EVFILT_READ" : "EVFILT_WRITE",
 		 kev->flags == EV_DELETE ? " (del)" : ""));
 
@@ -241,7 +241,7 @@ kq_dispatch(struct event_base *base, voi
 		int which = 0;
 
 		if (events[i].flags & EV_ERROR) {
-			/* 
+			/*
 			 * Error messages that can happen, when a delete fails.
 			 *   EBADF happens when the file discriptor has been
 			 *   closed,
@@ -301,7 +301,7 @@ kq_add(void *arg, struct event *ev)
 		if (!(ev->ev_events & EV_PERSIST))
 			kev.flags |= EV_ONESHOT;
 		kev.udata = PTR_TO_UDATA(ev);
-		
+
 		if (kq_insert(kqop, &kev) == -1)
 			return (-1);
 
@@ -324,7 +324,7 @@ kq_add(void *arg, struct event *ev)
 		if (!(ev->ev_events & EV_PERSIST))
 			kev.flags |= EV_ONESHOT;
 		kev.udata = PTR_TO_UDATA(ev);
-		
+
 		if (kq_insert(kqop, &kev) == -1)
 			return (-1);
 
@@ -339,7 +339,7 @@ kq_add(void *arg, struct event *ev)
 		if (!(ev->ev_events & EV_PERSIST))
 			kev.flags |= EV_ONESHOT;
 		kev.udata = PTR_TO_UDATA(ev);
-		
+
 		if (kq_insert(kqop, &kev) == -1)
 			return (-1);
 
@@ -365,7 +365,7 @@ kq_del(void *arg, struct event *ev)
 		kev.ident = nsignal;
 		kev.filter = EVFILT_SIGNAL;
 		kev.flags = EV_DELETE;
-		
+
 		if (kq_insert(kqop, &kev) == -1)
 			return (-1);
 
@@ -381,7 +381,7 @@ kq_del(void *arg, struct event *ev)
 		kev.ident = ev->ev_fd;
 		kev.filter = EVFILT_READ;
 		kev.flags = EV_DELETE;
-		
+
 		if (kq_insert(kqop, &kev) == -1)
 			return (-1);
 
@@ -393,7 +393,7 @@ kq_del(void *arg, struct event *ev)
 		kev.ident = ev->ev_fd;
 		kev.filter = EVFILT_WRITE;
 		kev.flags = EV_DELETE;
-		
+
 		if (kq_insert(kqop, &kev) == -1)
 			return (-1);
 

Modified: vendor/pf/dist/libevent/log.c
==============================================================================
--- vendor/pf/dist/libevent/log.c	Tue Aug 18 14:00:25 2009	(r196359)
+++ vendor/pf/dist/libevent/log.c	Tue Aug 18 16:13:59 2009	(r196360)
@@ -1,4 +1,4 @@
-/*	$OpenBSD: err.c,v 1.2 2002/06/25 15:50:15 mickey Exp $	*/
+/*	$OpenBSD: log.c,v 1.4 2005/05/04 03:17:48 brad Exp $	*/
 
 /*
  * log.c
@@ -102,7 +102,7 @@ void
 event_err(int eval, const char *fmt, ...)
 {
 	va_list ap;
-	
+
 	va_start(ap, fmt);
 	_warn_helper(_EVENT_LOG_ERR, errno, fmt, ap);
 	va_end(ap);
@@ -113,7 +113,7 @@ void
 event_warn(const char *fmt, ...)
 {
 	va_list ap;
-	
+
 	va_start(ap, fmt);
 	_warn_helper(_EVENT_LOG_WARN, errno, fmt, ap);
 	va_end(ap);
@@ -123,7 +123,7 @@ void
 event_errx(int eval, const char *fmt, ...)
 {
 	va_list ap;
-	
+
 	va_start(ap, fmt);
 	_warn_helper(_EVENT_LOG_ERR, -1, fmt, ap);
 	va_end(ap);
@@ -134,7 +134,7 @@ void
 event_warnx(const char *fmt, ...)
 {
 	va_list ap;
-	
+
 	va_start(ap, fmt);
 	_warn_helper(_EVENT_LOG_WARN, -1, fmt, ap);
 	va_end(ap);
@@ -144,7 +144,7 @@ void
 event_msgx(const char *fmt, ...)
 {
 	va_list ap;
-	
+
 	va_start(ap, fmt);
 	_warn_helper(_EVENT_LOG_MSG, -1, fmt, ap);
 	va_end(ap);
@@ -154,7 +154,7 @@ void
 _event_debugx(const char *fmt, ...)
 {
 	va_list ap;
-	
+
 	va_start(ap, fmt);
 	_warn_helper(_EVENT_LOG_DEBUG, -1, fmt, ap);
 	va_end(ap);

Modified: vendor/pf/dist/libevent/log.h
==============================================================================
--- vendor/pf/dist/libevent/log.h	Tue Aug 18 14:00:25 2009	(r196359)
+++ vendor/pf/dist/libevent/log.h	Tue Aug 18 16:13:59 2009	(r196360)
@@ -1,3 +1,5 @@
+/*	$OpenBSD: log.h,v 1.4 2007/03/19 15:12:49 millert Exp $	*/
+
 /*
  * Copyright (c) 2000-2004 Niels Provos <provos@citi.umich.edu>
  * All rights reserved.

Modified: vendor/pf/dist/libevent/poll.c
==============================================================================
--- vendor/pf/dist/libevent/poll.c	Tue Aug 18 14:00:25 2009	(r196359)
+++ vendor/pf/dist/libevent/poll.c	Tue Aug 18 16:13:59 2009	(r196360)
@@ -1,4 +1,4 @@
-/*	$OpenBSD: poll.c,v 1.2 2002/06/25 15:50:15 mickey Exp $	*/
+/*	$OpenBSD: poll.c,v 1.13 2006/11/26 15:24:34 brad Exp $	*/
 
 /*
  * Copyright 2000-2003 Niels Provos <provos@citi.umich.edu>
@@ -89,7 +89,7 @@ poll_init(struct event_base *base)
 	struct pollop *pollop;
 
 	/* Disable poll when this environment variable is set */
-	if (getenv("EVENT_NOPOLL"))
+	if (!issetugid() && getenv("EVENT_NOPOLL"))
 		return (NULL);
 
 	if (!(pollop = calloc(1, sizeof(struct pollop))))
@@ -179,6 +179,7 @@ poll_dispatch(struct event_base *base, v
 	for (i = 0; i < nfds; i++) {
 		int what = pop->event_set[i].revents;
 		struct event *r_ev = NULL, *w_ev = NULL;
+
 		if (!what)
 			continue;
 
@@ -356,7 +357,7 @@ poll_del(void *arg, struct event *ev)
 
 	--pop->nfds;
 	if (i != pop->nfds) {
-		/* 
+		/*
 		 * Shift the last pollfd down into the now-unoccupied
 		 * position.
 		 */

Modified: vendor/pf/dist/libevent/select.c
==============================================================================
--- vendor/pf/dist/libevent/select.c	Tue Aug 18 14:00:25 2009	(r196359)
+++ vendor/pf/dist/libevent/select.c	Tue Aug 18 16:13:59 2009	(r196360)
@@ -1,4 +1,4 @@
-/*	$OpenBSD: select.c,v 1.2 2002/06/25 15:50:15 mickey Exp $	*/
+/*	$OpenBSD: select.c,v 1.13 2007/03/19 15:12:49 millert Exp $	*/
 
 /*
  * Copyright 2000-2002 Niels Provos <provos@citi.umich.edu>
@@ -96,7 +96,7 @@ select_init(struct event_base *base)
 	struct selectop *sop;
 
 	/* Disable select when this environment variable is set */
-	if (getenv("EVENT_NOSELECT"))
+	if (!issetugid() && getenv("EVENT_NOSELECT"))
 		return (NULL);
 
 	if (!(sop = calloc(1, sizeof(struct selectop))))

Modified: vendor/pf/dist/libevent/signal.c
==============================================================================
--- vendor/pf/dist/libevent/signal.c	Tue Aug 18 14:00:25 2009	(r196359)
+++ vendor/pf/dist/libevent/signal.c	Tue Aug 18 16:13:59 2009	(r196360)
@@ -1,4 +1,4 @@
-/*	$OpenBSD: select.c,v 1.2 2002/06/25 15:50:15 mickey Exp $	*/
+/*	$OpenBSD: signal.c,v 1.11 2007/03/19 15:12:49 millert Exp $	*/
 
 /*
  * Copyright 2000-2002 Niels Provos <provos@citi.umich.edu>
@@ -85,7 +85,7 @@ evsignal_cb(int fd, short what, void *ar
 void
 evsignal_init(struct event_base *base)
 {
-	/* 
+	/*
 	 * Our signal handler is going to write to one end of the socket
 	 * pair to wake up our event loop.  The event loop then scans for
 	 * signals that got delivered.

Modified: vendor/pf/dist/man/pf.4
==============================================================================
--- vendor/pf/dist/man/pf.4	Tue Aug 18 14:00:25 2009	(r196359)
+++ vendor/pf/dist/man/pf.4	Tue Aug 18 16:13:59 2009	(r196360)
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: pf.4,v 1.60 2007/12/02 12:08:04 pascoe Exp $
+.\"	$OpenBSD: pf.4,v 1.61 2008/09/04 13:50:37 jmc Exp $
 .\"
 .\" Copyright (C) 2001, Kjell Wooding.  All rights reserved.
 .\"
@@ -26,7 +26,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: May 31 2007 $
+.Dd $Mdocdate: September 4 2008 $
 .Dt PF 4
 .Os
 .Sh NAME
@@ -1050,12 +1050,14 @@ internal interface description.
 The filtering process is the same as for
 .Dv DIOCIGETIFACES .
 .Bd -literal
-#define PFI_IFLAG_SKIP		0x0100	/* skip filtering on interface */
+#define PFI_IFLAG_SKIP	0x0100	/* skip filtering on interface */
 .Ed
 .It Dv DIOCCLRIFFLAG Fa "struct pfioc_iface *io"
 Works as
 .Dv DIOCSETIFFLAG
 above but clears the flags.
+.It Dv DIOCKILLSRCNODES Fa "struct pfioc_iface *io"
+Explicitly remove source tracking nodes.
 .El
 .Sh FILES
 .Bl -tag -width /dev/pf -compact
@@ -1133,6 +1135,7 @@ main(int argc, char *argv[])
 .Xr ioctl 2 ,
 .Xr bridge 4 ,
 .Xr pflog 4 ,
+.Xr pflow 4 ,
 .Xr pfsync 4 ,
 .Xr pfctl 8 ,
 .Xr altq 9

Modified: vendor/pf/dist/man/pf.conf.5
==============================================================================
--- vendor/pf/dist/man/pf.conf.5	Tue Aug 18 14:00:25 2009	(r196359)
+++ vendor/pf/dist/man/pf.conf.5	Tue Aug 18 16:13:59 2009	(r196360)
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: pf.conf.5,v 1.402 2008/06/11 07:21:00 jmc Exp $
+.\"	$OpenBSD: pf.conf.5,v 1.405 2008/10/02 12:36:32 henning Exp $
 .\"
 .\" Copyright (c) 2002, Daniel Hartmeier
 .\" All rights reserved.
@@ -27,7 +27,7 @@
 .\" ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 .\" POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: June 10 2008 $
+.Dd $Mdocdate: October 2 2008 $
 .Dt PF.CONF 5
 .Os
 .Sh NAME
@@ -517,6 +517,16 @@ For example:
 .Bd -literal -offset indent
 set state-policy if-bound
 .Ed
+.It Ar set state-defaults
+The
+.Ar state-defaults
+option sets the state options for states created from rules
+without an explicit
+.Ar keep state .
+For example:
+.Bd -literal -offset indent
+set state-defaults pflow, no-sync
+.Ed
 .It Ar set hostid
 The 32-bit
 .Ar hostid
@@ -901,7 +911,7 @@ Defines a list of subqueues to create on
 .El
 .Pp
 In the following example, the interface dc0
-should queue up to 5 Mbit/s in four second-level queues using
+should queue up to 5Mbps in four second-level queues using
 Class Based Queueing.
 Those four queues will be shown in a later example.
 .Bd -literal -offset indent
@@ -1488,7 +1498,7 @@ Translates to the network(s) attached to
 .It Ar :broadcast
 Translates to the interface's broadcast address(es).
 .It Ar :peer
-Translates to the point to point interface's peer address(es).
+Translates to the point-to-point interface's peer address(es).
 .It Ar :0
 Do not include interface aliases.
 .El
@@ -2098,6 +2108,10 @@ easier.
 This is intended to be used in situations where one does not see all
 packets of a connection, e.g. in asymmetric routing situations.
 Cannot be used with modulate or synproxy state.
+.It Ar pflow
+States created by this rule are exported on the
+.Xr pflow 4
+interface.
 .El
 .Pp
 Multiple options can be specified, separated by commas:
@@ -2821,6 +2835,7 @@ option         = "set" ( [ "timeout" ( t
                  [ "loginterface" ( interface-name | "none" ) ] |
                  [ "block-policy" ( "drop" | "return" ) ] |
                  [ "state-policy" ( "if-bound" | "floating" ) ]
+                 [ "state-defaults" state-opts ]
                  [ "require-order" ( "yes" | "no" ) ]
                  [ "fingerprints" filename ] |
                  [ "skip on" ifspec ] |
@@ -2963,7 +2978,7 @@ tos            = ( "lowdelay" | "through
                  [ "0x" ] number )
 
 state-opts     = state-opt [ [ "," ] state-opts ]
-state-opt      = ( "max" number | "no-sync" | timeout | sloppy |
+state-opt      = ( "max" number | "no-sync" | timeout | "sloppy" | "pflow" |
                  "source-track" [ ( "rule" | "global" ) ] |
                  "max-src-nodes" number | "max-src-states" number |
                  "max-src-conn" number |
@@ -3026,6 +3041,7 @@ Service name database.
 .Xr ip 4 ,
 .Xr ip6 4 ,
 .Xr pf 4 ,
+.Xr pflow 4 ,
 .Xr pfsync 4 ,
 .Xr route 4 ,
 .Xr tcp 4 ,

Modified: vendor/pf/dist/man/pf.os.5
==============================================================================
--- vendor/pf/dist/man/pf.os.5	Tue Aug 18 14:00:25 2009	(r196359)
+++ vendor/pf/dist/man/pf.os.5	Tue Aug 18 16:13:59 2009	(r196360)
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: pf.os.5,v 1.8 2007/05/31 19:19:58 jmc Exp $
+.\"	$OpenBSD: pf.os.5,v 1.7 2005/11/16 20:07:18 stevesk Exp $
 .\"
 .\" Copyright (c) 2003 Mike Frantzen <frantzen@w4g.org>
 .\"

Modified: vendor/pf/dist/man/pflog.4
==============================================================================
--- vendor/pf/dist/man/pflog.4	Tue Aug 18 14:00:25 2009	(r196359)
+++ vendor/pf/dist/man/pflog.4	Tue Aug 18 16:13:59 2009	(r196360)
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: pflog.4,v 1.10 2007/05/31 19:19:51 jmc Exp $
+.\"	$OpenBSD: pflog.4,v 1.9 2006/10/25 12:51:31 jmc Exp $
 .\"
 .\" Copyright (c) 2001 Tobias Weingartner
 .\" All rights reserved.

Added: vendor/pf/dist/man/pflow.4
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ vendor/pf/dist/man/pflow.4	Tue Aug 18 16:13:59 2009	(r196360)
@@ -0,0 +1,113 @@
+.\" $OpenBSD: pflow.4,v 1.8 2008/10/28 16:55:37 gollo Exp $
+.\"
+.\" Copyright (c) 2008 Henning Brauer <henning@openbsd.org>
+.\" Copyright (c) 2008 Joerg Goltermann <jg@osn.de>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALLWARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BELIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISINGOUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate: October 28 2008 $
+.Dt PFLOW 4
+.Os
+.Sh NAME
+.Nm pflow
+.Nd kernel interface for pflow data export
+.Sh SYNOPSIS
+.Cd "pseudo-device pflow"
+.Sh DESCRIPTION
+The

*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200908181613.n7IGDxSQ021986>