summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2002-11-23code to support loading of pf rules with multiple redirection addressesRyan Thomas McBride
(in nat, rdr, route-to, dup-to and reply-to) Syntax looks like this, see pf.conf(5) for details: nat on wi0 proto { tcp, icmp } from any to 192.168.0.2 -> \ 192.168.0.16/29 source-hash random rdr on wi0 proto { tcp } from any to 192.168.0.34 port 22 -> \ { 192.168.0.8/31, 192.168.0.15 } port 22 round-robin ok dhartmei@ henning@
2002-11-23kernel code to allow multiple redirection addresses to be specified for natRyan Thomas McBride
and rdr, as well as route-to, dup-to and reply-to. Addresses can be allocated in a number of ways: - masking out the network portion of the address and replacing it - randomly assigning an address in the block - hashing the source address and a key to determine the redirection address - iterating through the addresses sequentially (this is the only allocation scheme which works when a list of addresses is specified) ok dhartmei@ henning@
2002-11-23Remove some error messages which were incorrectly printed. Some cleanup.Dale Rahn
ok pvalchev@
2002-11-23regenMichael Shalayeff
2002-11-233cSOHO 100B-TX; from Fredrik PerssonMichael Shalayeff
2002-11-22Fix the comments on which systemcall is being processed, ok deraadt@Dale Rahn
2002-11-22Initialize status to zero before calling waitpid(). That way, ifTodd C. Miller
there is nothing to be waited for (for instance if SIGCHLD is being ignored) we don't check WIFEXITED(garbage off the stack).
2002-11-22new sysctl: machdep.v8mul says whether the kernel replaced the mul/div/remTheo de Raadt
stubs, so that userland can do the same. we cannot just determine based on sun4m, because cypress (at least) is a sun4m cpu without the instructions
2002-11-22Formatting cleanup, no point in extra nesting block. No functional change.Dale Rahn
2002-11-22syncTheo de Raadt
2002-11-22Allow more than two load sections on ELF executables, this limitDale Rahn
should not be required, and may be violated soon. With two fixes art pointed out. ok art@
2002-11-22add /usr/share/pfHenning Brauer
ok millert@
2002-11-22add pfHenning Brauer
2002-11-22install to /usr/share/pfHenning Brauer
not linked to the build yet
2002-11-22specs for -lnpthread.Marco S Hyman
Put WANT_LIBPTHREAD=yes in /etc/mk.conf and re-build gcc to use libnpthread instead of libc_r ok espie@
2002-11-22more snprintf; ok millertTheo de Raadt
2002-11-22exaple ruleset for the new queue stuffHenning Brauer
2002-11-22Disallow non-interactive sessions, to avoid problem of users scp'ingBob Beck
to authpf gateway - noticed by Devan Reade <gdr@gno.org>, ok henning
2002-11-22Instead of statically allocating filedescs for proc0, use fdinit.Artur Grabowski
2002-11-22add (disabled) self tests (make self); ok frantzenMarkus Friedl
2002-11-22fix fd handling, so 'make build >log 2>fixme' really worksPhilipp Buehler
henning@ ok
2002-11-22Allow fdinit to be called with p == NULL so that we can useArtur Grabowski
it to properly init filedescs for proc0.
2002-11-22honor COPTS; ok henning@Christian Weisgerber
2002-11-22print altq and queue lines in the pfctl -v case including the child queueHenning Brauer
assignment
2002-11-22there's now a space after the label...Henning Brauer
no cookie for daniel ;-)
2002-11-22kill dead codeHenning Brauer
2002-11-22off by one for sis_tx_cnt, can lead to corrupt sis_tx_list; ok fgs@Markus Friedl
2002-11-22dsetination -> destination; from Yasholomew Yashinski.Federico G. Schwindt
2002-11-22on block rules, let queue apply to the RST packets in the return-rst caseHenning Brauer
and the returned icmp packets in the return-icmp case ok dhartmei@
2002-11-22repair proc0 rlimit setup for >2GB machinesTheo de Raadt
2002-11-22Add xl for pci and cardbus. It seems to work, needs additional testing...Dale Rahn
2002-11-22Add some .Xr's that have been sitting in my treeTodd C. Miller
2002-11-22Correct string termination in jobend() for saved_path and saved_user.Chad Loder
OK millert@
2002-11-22nate, why is it that for every single ethernet driver you merge into theTheo de Raadt
tree, you forget to delete the printf's that fire EVERY SINGLE TIME it changes media?!?!
2002-11-22syncTheo de Raadt
2002-11-22shadow -> _shadowMarco S Hyman
2002-11-21debug->debug2Markus Friedl
2002-11-21KNFTheo de Raadt
2002-11-21debug->debug2, unify debug messagesMarkus Friedl
2002-11-21Add a caveat on /etc/raddb/servers and permissions.Todd C. Miller
2002-11-21Install this setgid _radius, not setuid rootTodd C. Miller
2002-11-21debug->debug2Markus Friedl
2002-11-21Fix thinko, mode 0640 not 0620Todd C. Miller
2002-11-21shadow -> _shadowTodd C. Miller
2002-11-21tokenadm -> _tokenTodd C. Miller
2002-11-21Rename shadow group to _shadowTodd C. Miller
This means the instructions in the previous commit are now wrong (replace shadow with _shadow and all will be well).
2002-11-21tokenadm -> _tokenTodd C. Miller
2002-11-21To avoid possible conflict with pre-existing groups, changeTodd C. Miller
shadow -> _shadow, tokenadm -> _token, and also add _radius.
2002-11-21Add a new group, "tokenadm" and make login_token setgid tokenadm insteadTodd C. Miller
of setuid root. deraadt@ OK
2002-11-21Add a "shadow" group and make the shadow passwd db readable by thatTodd C. Miller
group. This changes getpw* to always try the shadow db first and then fall back to the db w/o password hashes. In the future, /usr/libexec/auth/login_passwd (and others) will be setgid shadow instead of setuid root. OK deraadt@ If you track -current you should do the following: o add group shadow to /etc/group o chgrp shadow /etc/spwd.db o chmod 640 /etc/spwd.db o rebuild and install src/usr.sbin/pwd_mkdb You do not need to rebuild libc yet, but it would't hurt to do so.
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-25 03:34:04 +0000