| Age | Commit message (Collapse) | Author |
|---|
|
since we do not modify the struct pf_altq *a any more but our private copy,
we can of course not inherit teh scheduler type from it, since it did not
inherit the scheduler type from the parent.
so just inherit the scheduler type from the parent directly...
ok dhartmei@ cedric@
|
|
it. modifying the original one had undesired side effects if a queue was
expanded to more than one because it belonged to more than one interface
ok pb@ cedric@ dhartmei@
|
|
when looking up the queue IDs using qname_to_qid, we do not need to limit
the matching on the interface in question, as it is guaranteed that same
named queues on different interfaces habe the same queue id. moreover, we
must not limit the matches to the interface if we do not have an interface
given on the filter rule to match on ;-)
found after problems reported by Andre Nathan <andre at v2r dot com dot br>
ok dhartmei@ pb@ cedric@
|
|
print the bandwidth in percent instead of the calculated absolute value.
if a queue belongs to more than one interface and they have different
bandwidth the calculated absolute is of course different per interface.
previously the first calculated absolute value was shown; what of course is
incorrect on the second interface. note that only the print was wrong, the
correct values were passed to the kernel.
ok theo daniel
|
|
the control class was a legacy of the original CBQ design by LBL/Sun
to support RSVP.
the control class is not used in openbsd, in the sense that
we don't automatically set filters for ICMP/IGMP/RSVP for the control
class.
ok dhartmei@ kjc@ deraadt@
|
|
ok deraadt@ henning@
|
|
reuse the value of r->qid if not.
ok dhartmei@ mcbride@
|
|
ok dhartmei@ cedric@
|
|
ok dhartmei@ henning@
|
|
symset() but just prepend a new sym entry to symhead like we always did. as
symget searches the list sequentially, the newest one is picked first.
prevents an endless loop introduced when trying to reuse the existing entry
by an invalid setting for the next pointer.
fixes regress test pf57.
found after conversation with Chris Linn, celinn at mtu dot edu
ok dhartmei@ cedric@
|
|
ok cedric@ dhartmei@
|
|
interface, found by krause (who is doing EXCELLENT work. Thank you very
much!), fix by me, ok dhartmei@ and cedric@
|
|
with jasondixon at myrealbox dot com
ok dhartmei@
|
|
a /prefix), reported by Jason Dixon. ok henning@
|
|
ok markus@
|
|
due to a bug in the loadopt check options were always loaded no matter which
loadopts where specified.
while beeing there, move the prints for that to where they belong, into the
appropriate pfctl_set_* functions, and thus only print when the options are
actually loaded.
fixes regress tests pfopt3, pfopt4, pfopt5 I added earlier.
ok dhartmei@
|
|
shadows a global. rename.
|
|
mcbride@, dhartmei@ ok
|
|
|
|
extif>"whatever"
should not be the same as
extif="whatever"
but a syntax error.
|
|
might have occured before.
|
|
Ok dhartmei@
|
|
without '!' everywhere
ok dhartmei@
|
|
|
|
more consistently.
- Merge expand_nat and expand_rdr into expand_rule
- Merge rdrrule token into natrule
ok concept henning@
ok dhartmei@
|
|
pfctl -Dextif=wi0 -f /etc/pf.conf
command line macro definitions override the ones made in the file (idea
theo), very handy if your notebook has another NIC at some conference, as
well as for debugging etc.
idea rezine@mistrusted.net via pb@
hacked live at FOSDEM
ok pb@ dhartmei@ cedric@
|
|
make
pass in proto tcp to port 80
work.
-allow to omit the "any" if you're specifying a port
-allow to omit the from or to part if you want "any" for the other
ok dhartmei@ pb@
|
|
|
|
ok dhartmei henning
|
|
for outgoing packets that are not fragmented (after reassembly), to
compensate for predictable IDs generated by some hosts, and defeat
fingerprinting and NAT detection as described in the Bellovin paper
http://www.research.att.com/~smb/papers/fnat.pdf. ok theo@
|
|
Allow "pass out dup-to tun0 all"
ok mcbride@ henning@
|
|
route-to/dup-to/reply-to rule. Keeps round-robin from incrementing through
the entire address space.
ok dhartmei@
|
|
|
|
|
|
ok henning@
|
|
given; they used to check for their parent interface/queue even in this
case.
ok dhartmei@ cedric@
|
|
part of the struct pfctl.
|
|
|
|
- fixes behaviour of rdr on le0 from foo to bar port 1:20 -> (lo0) port 22
- makes calculated mapping more explicit for the -> (lo0) port 22:* case
testing from dhartmei@
ok dhartmei@
|
|
|
|
Cleaning up of the table options parsing, more flexible.
idea+cleanup deraadt@, ok dhartmei@, pass all regress tests.
|
|
ok dhartmei@ pass all regress tests.
|
|
aborting with a syntax error
|
|
found by lint.
ok henning
|
|
and tightens all expand_label functions.
ok dhartmei henning
|
|
|
|
Diff and report courtesy of mpech@ and form@
ok dhartmei@
|
|
YYERROR on failed parseicmpspec()
ok dhartmei mcbride henning
|
|
henning@
|
|
-move host(), set_ipmask and the ifa_* functions to pfctl_parser.[c|h]
-extend host() to handle /mask itself, plus minor adjustments
-use that in pfctl_table.c instead of coding the same shit again
discussed w/ cedric@
ok cedric@ dhartmei@
|
