src - OpenBSD base system

Age	Commit message (Collapse)	Author
2011-07-27	oops, missing file for weighted round-robin test.	Ryan Thomas McBride

2011-07-27	Update regress tests for weighted round-robin (and recent pool bugfix)	Ryan Thomas McBride

2011-07-24	Handle 'show' specially to prepare for regress tests on pfrke_route	Ryan Thomas McBride
	and pfrke_cost entries. Output becomes sorted in table order.
2011-07-24	Update PF table regress tests to work with -current.	Ryan Thomas McBride

2011-07-13	Must now specify correct protocol (tcp, udp) for user and group attributes.	Ryan Thomas McBride

2011-07-08	Add regress tests for 'prio' keyword.	Ryan Thomas McBride

2011-07-08	'prio' will be a reserved keyword soon.	Ryan Thomas McBride

2011-07-08	Update regress tests for the following changes:	Ryan Thomas McBride
	- if_addr RB_TREE (Address sort differently on an interface) - skip steps changes - RDOMAIN - reordering of address/port tests - fastroute is gone - keep state is no longer printed by default - lo0 now has link-local scope address in addition to ::1
2011-07-07	Regress test cleanup step 1 of n: require-order no longer exists.	Ryan Thomas McBride

2011-07-06	update regress for non-crypto flow 'type use' case	Theo de Raadt

2011-04-18	Deprecate vnds in favour of svnds.	Thordur I. Bjornsson
	In effect, this removes the "old" vndX nodes, and renames the svndX nodes to vndX. Old svndX nodes will still continue to work though, for now. Cleanup accordingly. ok deraadt@, todd@ comments and ok on the man page bits from jmc@
2010-10-15	libdes -> libcrypto	Jonathan Gray

2010-10-06	Retire Skipjack	Mike Belopuhov
	There's not much use for the declassified cipher from the 80's with a questionable license these days. According to the FIPS drafts, Skipjack reaches its EOL in December 2010. The libc portion will be removed after the ports hackathon. djm and thib agree, no objections from deraadt Thanks to jsg for digging up FIPS drafts.
2010-07-03	add several new tests for pfctl, and fix the output of some existing	Peter Hessler
	tests for the updated pfctl. OK henning@, mcbride@
2010-07-01	if we cannot copy the setup file (because objdir doesn't exist), then	Peter Hessler
	continue anyways.
2010-06-30	Add a test for route labels, re PR6416. ok phessler@	Stuart Henderson

2010-06-29	Replace the hand-crafted Diffie-Hellman implementation in isakmpd with	Reyk Floeter
	the smaller implementation from iked that is using libcrypto instead. This allows to remove a lot of code (which is always good), get rid of some custom crypto code by using libcrypto, theoretically adds support for many new MODP and EC2N/ECP modes (but it is not configurable yet), and allows to share the dh.c/dh.h code in different codebases (it is identical in isakmpd and iked, but could also be used elsewhere). ok deraadt@
2010-06-20	The -R option was removed from pfctl in March, so we no longer need this	Peter Hessler
	test. The remaining pieces are all tested in other regress tests. OK sthen@
2010-05-10	Various comment typos. 'wether' -> 'whether' (most popular), 'possiblity' ->	Kenneth R Westerback
	'possibility', 'optins' -> 'options', 'resposne' -> 'response', 'unecessary' -> 'unnecessary', 'desination' -> 'destination'. Collected from various misc@ and tech@ postings, many by Brad Tilley.
2010-03-23	adjust after -A / -O / -R / -T load removal	Henning Brauer

2010-01-13	Update regress output files to -current behaviour	Ryan Thomas McBride
	- non-pool translation/routing specification - leftover bits from nat-to/rdr-to/binat-to
2010-01-13	Remove random component of auto-generated table names in loaded rules.	Ryan Thomas McBride

2010-01-12	no nat is no longer legal	Ryan Thomas McBride
	convert nat/rdr/binat rules to nat-to/rdr-to/binat-to
2010-01-12	{ if0, if1 } is ambiguous in a route spec, and this should have been	Ryan Thomas McBride
	rejected before (I'm surprised this worked)
2010-01-12	nat-anchor, rdr-anchor, binat-anchor are no longer legal in the grammar.	Ryan Thomas McBride

2010-01-04	add a script that I use before ever release to check that our	Theo de Raadt
	edge conditions for disklabel -A are going to be acceptable ok krw
2009-10-06	more updates for new pf with source-hash manually added to	Jonathan Gray
	loaded output as it doesn't currently appear as it should. ok henning@
2009-09-24	Update some more tests for new pf.	Jonathan Gray
	ok henning@
2009-09-24	Remove some tests that are no longer relevant with the new pf.	Jonathan Gray
	ok henning@
2009-09-23	sync with pfopt5.in correct comments regarding -N/-R	Jonathan Gray

2009-09-23	More tweaks to try to catchup to recent pf changes.	Jonathan Gray
	pfopt5 part from sthen@ ok henning@ sthen@
2009-09-07	implement binat-to as a macro-like rule: a rule using the new binat-to	Reyk Floeter
	syntax will be expanded by the parser to a nat-to+rdr-to combination to be loaded into the kernel. this simplifies the migration from old binat rules and is less error-prone. feedback from many, manpage bits from jmc@ ok henning@
2009-09-03	Adapt to new pfctl, remove use of -Fn and -sn	Jonathan Gray
	Thanks to phessler for pointing out that the show command was buried in '-gvvsn' ok henning
2009-09-03	adapt to new pf	Jonathan Gray
	ok henning
2009-09-03	adapt to nat changes	Jonathan Gray
	ok henning
2009-09-02	convert a bunch of rdr/nat rules to the new syntax	Jonathan Gray
	Things still need to be changed for route-to/binat/command line options among other things. ok henning
2009-08-04	Add regress tests with IPv4 and IPv6 addresses for the srcid and/or dstid.	Joel Sing
	ok hshoexer@
2009-06-30	add "-o none" to pfctl call to prevent automatic table creation of	David Krause
	multiple addresses which causes the test to fail; ok sthen@
2009-06-30	update after the "reassemble tcp" fix (kernel/6178); ok sthen@	David Krause

2009-06-24	fix this regression test; "reassemble tcp" should be in this location	Stuart Henderson
	in the output. this test currently fails; see kernel/6178
2009-05-14	handle the new require-order default of "no" in existing tests, and add	Stuart Henderson
	a new test to check it's working correctly. ok deraadt@
2009-04-26	- check equality with '==', from skreuzer@exit2shell.com	Okan Demirmen
	- unbreak, since -r was removed from disklabel(8) ok otto@
2009-04-06	more scrub scrubbing	Henning Brauer

2009-04-06	scrub gone	Henning Brauer

2009-01-30	If the "peer" address is not specified or derived from "to" for	Alexander Bluhm
	"ike" rules in ipsec.conf, the default peer is used. In theory ipsecctl -f ipsec.conf can configure the default peer for each "ike" entry. As isakmpd only supports one default peer, the last "ike" rule that uses a default peer wins. This configuration is then significant for all "ike" rules that use the default peer. Now a warning is printed if a later rule in ipsec.conf changes the configuration of the original default peer. This should be an error but that would break existing user configs. So only a warning is printed. ok hshoexer@, todd@
2009-01-29	Remove ikefail10 ipsecctl regression test as it always fails. It	Alexander Bluhm
	was expecting a certain parser error message. Accepting the ikefail10 config file is not considered to be a bug anymore. ok hshoexer@
2009-01-28	Allow to specify ike and flow explicitly without peer. The any	Alexander Bluhm
	keyword as argument for the peer parameter will do that. An ike without peer creates the peer-default config. A flow without peer acquires a host-to-host SA. tested by grunk@, todd@, ok grunk@, hshoexer@, todd@
2009-01-20	Regression tests for source flow NAT support.	Marco Pfatschbacher
	OK hshoexer@, markus@.
2009-01-19	Do not use "egress" keyword as it expands to an actual interface,	Hans-Joerg Hoexer
	which might be different on different machines. Use some fixed addresses instead. pointed out and ok david@
2008-12-22	add regression test for aes-{128,192,256} being used with main and quick	Hans-Joerg Hoexer
	mode.