src - OpenBSD base system

Age	Commit message (Collapse)	Author
2002-04-24	Add dynamic (in-kernel) interface name -> address translation. Instead of	Daniel Hartmeier
	using just the interface name instead of an address and reloading the rule set whenever the interface changes its address, the interface name can be put in parentheses, and the kernel will keep track of changes and update rules. There is no additional cost for evaluating rules (per packet), the cost occurs when an interface changes address (and the rules are traversed and updated where necessary).
2002-04-23	Allow explicit filtering of fragments when they are not reassembled.	Daniel Hartmeier
	Document fragment handling in the man page. Short version: if you're scrubbing everything (as is recommended, in general), nothing changes. If you want to deal with fragments manually, read the man page. ok frantzen.
2002-04-18	use strlcpy	Theo de Raadt

2002-04-17	Reset lineno for each file, so pfctl -R ... -N ... reports the right	Daniel Hartmeier
	line number for non-first files. Reported by aaron@
2002-04-15	Use in_addr_t instead of unsigned long, which breaks on alpha (64-bit).	Daniel Hartmeier
	Closes PR 2547. Reported by Dries Schellekens. Found by frantzen@.
2002-04-08	Fix typo, from Raymond M Schneider	Daniel Hartmeier

2002-04-01	change return values back from EX_* to 0/1	Daniel Hartmeier

2002-04-01	style(9) improvements from Raymond M Schneider	Daniel Hartmeier

2002-03-28	prototype pfctl_kill_states()	Daniel Hartmeier

2002-03-27	implement a "no-route" keyword.	Michael Shalayeff
	usage semantics are analogous w/ "any", meaning is "any ip address for which there is no route in the current routing table", could be used in both from and to. typical usage would be (assuming symmetrical routing): block in from no-route to any also doc "any" in the pf.conf.5, include in regress, etc. tested by me on i386 and sparc. dhartmei@ and frantzen@ ok
2002-03-26	tidy up usage statement and sort headers. patch from dfa@solo.ee	Mike Frantzen

2002-03-26	sort options and clean up the -k descrption. patch from dfa@solo.ee	Mike Frantzen

2002-03-25	add -k option to shootdown all the state entries from the specified host	Mike Frantzen
	ok dhartmei@
2002-03-21	Add r option to SYNOPSIS. From Brian Poole.	Daniel Hartmeier

2002-03-12	Handle inet_ntop() returning NULL explicitly. Found by mpech@.	Daniel Hartmeier

2002-03-11	Add -r to reverse lookup addresses when displaying states.	Daniel Hartmeier
	From John Kerbawy.
2002-02-28	Don't force /dev/pf to be opened read-write for pfctl -t/-m when values	Daniel Hartmeier
	are only queried but not set.
2002-02-27	Instead of printing useless @0 rule numbers from pfctl -vR, increase a	Daniel Hartmeier
	counter. Helps debugging rule sets that are not loaded. Suggested by John Kerbawy.
2002-02-26	Add optional pool memory hard limits, mainly as temporary solution	Daniel Hartmeier
	until pool exhaustion causes problems no more.
2002-02-11	Initial patch.	Mike Pechkin
	When you give command examples in a manual page prefix them with $ command or # command deraadt@ ok
2002-01-11	use bsearch() for keywords lookup, swap couple of entries to make the ↵	Michael Shalayeff
	keywords array sorted and add a comment to keep it that way; dhartmei@ ok
2002-01-10	Let port 0 be specified as it's not special here.	Hugh Graham
	Agreement with Daniel and others.
2002-01-09	Port must be >0 and <=65535. Idea while have fun with ssh.	Mike Pechkin
	dhartmei@ ok
2002-01-09	free() 'interface' in {nat,binat,rdr}rule	Mike Pechkin
	dhartmei@ ok
2002-01-09	Add labels to rules. These are arbitrary names (not to be confused with	Daniel Hartmeier
	tags that will be used to tag packets later on). Add pfctl -z to clear per-rule counters. Add pfctl -s labels to output per-rule counters in terse format and only for rules that have labels. Suggested by Henning Brauer.
2002-01-08	Add "no nat/rdr/binat" to nat.conf. The first matching rule applies.	Daniel Hartmeier
	If it is a "no" rule, no translation occurs. Useful to exclude certain packets from translation. Suggested by Henning Brauer.
2002-01-07	Next issue:	Mike Pechkin
	af is always u_int8_t, not int; dhartmei@ ok
2002-01-07	remove 3rd argument from ipmask(), not used.	Mike Pechkin
	dhartmei@ ok
2002-01-06	-x needs read-write access for DIOCSETDEBUG ioctl	Daniel Hartmeier

2002-01-04	check (p != NULL), not n.	Mike Pechkin
	dhartmei@ ok
2001-12-31	only open device for writing if we gonna modify anything	Michael Shalayeff

2001-12-23	find correct line number in lval, instead of val	Theo de Raadt

2001-12-21	Initial patch for a new mdoc issue.	Mike Pechkin
	Powered by @mantoya: o) kill extra line in the end of file; o) kill extra space in the end of line; o) replace blank lines with .Pp; millert@ ok
2001-12-13	o) start new sentence on a new line;	Mike Pechkin
	o) wrap long lines; o) fix bogus .Xr usage; o) we don't like blank lines; o) always close .Bl tags; o) OpenBSD -> .Ox; o) don't like .Pp before .Ss; millert@ ok;
2001-12-10	Convert usage of 'you' to third person. Reword some sentences.	Daniel Hartmeier

2001-12-10	Add stateful filtering for other (non-TCP/UDP/ICMP) protocol, based on	Daniel Hartmeier
	source/destination addresses/ports only. Add RDR for ICMP. Add NAT/RDR/BINAT for other protocols. Destination and redirection port(s) are now optional for RDR rules. Not specifying destination port(s) means 'redirect all ports', not specifying redirection port(s) means 'redirect to the original port'.
2001-12-05	Correctly parse hex numbers. Spotted by Claudio Jeker. Closes PR 2234.	Daniel Hartmeier

2001-12-03	For nat, binat and rdr rules, don't allow different address families in	Daniel Hartmeier
	one rule. pf can't translate IPv4 <-> IPv6 packets. Such rules didn't work, even if they were falsely accepted before.
2001-12-01	wipe print_nat()'s nose (use dnot correctly instead of snot). i need to start	Mike Frantzen
	naming variables 'bugger'. yes, thats what i'll do
2001-11-26	add fastroute options similar to what is found in ipf	jasoni
	ok dhartmei@, frantzen@
2001-11-05	noone responds.	Theo de Raadt
	this diff makes } and { not be part of symbols
2001-10-24	Check interface names using ifa0_lookup() and print error message for	Daniel Hartmeier
	non-existant interfaces (instead of the generic ioctl error returned by the kernel in this case).
2001-10-24	Use snot/dnot correctly in print_rdr. RDR rules with '!' used on the	Daniel Hartmeier
	destination address were printed incorrectly before (though the rules worked correctly).
2001-10-15	Add 'allow-opts' to rules. Packets with IP options will be blocked by	Daniel Hartmeier
	default now, and can be allowed per rule. ok deraadt@
2001-10-11	Don't htonl() past buffer bounds if ipmask == 128	Mike Frantzen

2001-10-11	Corrections from Brian J. Kifiak.	Daniel Hartmeier

2001-10-07	Add interface name to address translation to pfctl, document it and add	Daniel Hartmeier
	a regress test. Translation is done on rule set load-time only, so the rule sets must be reloaded when an interface address changes. parse.y patch from Cedric Berger. Similar patch from Jonathon Fletcher. Thanks to both.
2001-10-04	Honour -v flag when printing states, print only one line per state when	Daniel Hartmeier
	non-verbose. Suggested by gwyllion@ace.ulyssis.org.
2001-10-02	Remove duplication from simultaneous commits	Mike Frantzen

2001-10-02	Typo fixes (thanks gwyllion@ace.ulyssis.org)	Mike Frantzen