src - OpenBSD base system

Age	Commit message (Collapse)	Author
2005-03-07	fd leaks in error paths, From: Andrey Matveev <andrushock@korovino.net>	Henning Brauer

2005-03-07	print unsigned long with %lu, not with %d and not with %ld.	Henning Brauer
	From: Andrey Matveev <andrushock@korovino.net>
2005-03-06	allow commas in the hfsc service curve spec, inconsistency pointed out in	Henning Brauer
	PR4134 / geoff@collyer.net and a longer mail exhcange with han boetes
2005-03-06	print "set skip on" with -v in such a way that the output is valid input	Daniel Hartmeier
	syntax, instead of the cryptic hex flags output.
2005-02-28	use the linkshar keyword when gtalking about the link sharing service	Henning Brauer
	curve, inspired by PR4127
2005-02-27	support 'tagged' in translation rules, non-delayed tag lookup	Daniel Hartmeier
	ok henning@, deraadt@
2005-02-26	ypu sure get the impression the number of memory leaks in error pathes	Henning Brauer
	is infinite... Andrey Matveev <andrushock@korovino.net> spotted a few again!
2005-02-17	Fix indentation as to not mislead the code reader. No functional change.	Aaron Campbell

2005-02-07	KNF; ok henning@	David Krause

2005-01-28	add messages for syntax errors that caused silent failure before.	Daniel Hartmeier
	found by Peter Fraser, ok henning@
2005-01-27	dynamic interface names must start with a letter. catches the nonsensical	Daniel Hartmeier
	"(10.1.2.3)" that results from a simple typo like "$(ext_ip)" instead of "$(ext_if)".
2005-01-06	Missing braces in pfctl_load_debug(), pointed out by camield@	Ryan Thomas McBride

2005-01-05	spelling;	Jason McIntyre

2005-01-05	Document -m flag.	Ryan Thomas McBride

2005-01-05	Modify pfctl behaviour so that 'set ...' options are no longer "sticky", ie.	Ryan Thomas McBride
	they are reset to default values if omitted from a subsequent ruleset load. Also: - make sure 'set ...' options are not loaded in anchors. - add a -m ("merge") flag to pfctl which allows an individual option to be set without reseting the others, eg: # echo "set loginterface fxp0" \| pfctl -mf - ok henning@ dhartmei@
2005-01-03	don't merge a rule's source address into a table if we're already trying to	Mike Frantzen
	merge its destination address. caught by an assertion. it's tempting to do recursive reduction here to pick that low hanging fruit.... bug report from <gustavo AT hades DOT uint8t DOT org>
2004-12-29	Print 'set fingerprints' correctly when parsing verbosely.	Ryan Thomas McBride

2004-12-29	Make sure that fingerprint_count gets reset to 0 correctly when we flush	Ryan Thomas McBride
	our list of fingerprints. ok dhartmei@ henning@ frantzen@
2004-12-29	change last commit so that the test for PF_OPT_NOACTION is actually in	Dan Harnett
	pfctl_clear_interface_flags(). suggested by and ok henning@
2004-12-29	don't clear interface flags if '-n' option was given.	Dan Harnett
	ok henning@
2004-12-29	be quiet about resetting the interface flags omn ruleset load, only	Henning Brauer
	print that info on manual flushes. noticed by marc@
2004-12-28	reset skip interface flags on reloads and for -Fall	Henning Brauer
	from max, this time working :)
2004-12-27	unbreak tree	Theo de Raadt

2004-12-27	reset skip interface flags on reloads and for -Fall	Henning Brauer
	from max
2004-12-23	set rule_flag PFRULE_SRCTRACK when setting srctrack, found by camield@	Daniel Hartmeier
	using regress test pf84
2004-12-22	Introduce 'set skip on <ifspec>' to support a list of interfaces where no	Daniel Hartmeier
	packet filtering should occur (like loopback, for instance). Code from Max Laier, with minor improvements based on feedback from deraadt@. ok mcbride@, henning@
2004-12-19	use strchr instead of index	Theo de Raadt

2004-12-15	missing free()s; with pat	Henning Brauer

2004-12-14	&&/\|\| inversion would try to merge IP addresses with non-addresses into a	Mike Frantzen
	single table causing a ruleset load error and eventually a double-free. bug report and testing from martin{AT}spamcop net
2004-12-14	add two warn() calls to make sure a warning message gets printed if one of	Mike Frantzen
	the table calls fails and the optimizer is gonna bomb out
2004-12-13	sync authpf anchor syntax;	Jason McIntyre
	also, spelling while i'm in here; from joel knight;
2004-12-10	allow pf to filter on route labels	Henning Brauer
	pass in from route dtag keep state queue reallyslow tested by Gabriel Kihlman <gk@stacken.kth.se> and Michael Knudsen <e@molioner.dk> and ryan ok ryan
2004-12-08	Add "'overload' requires 'max-src-conn' or 'max-src-conn-rate'" sanity check,	Ryan Thomas McBride
	fix some cut-n-paste mayhem in other related checks.
2004-12-07	re-commit mcbride@'s 'flush global', this time without the breakage in	Daniel Hartmeier
	pfvar.h. builds kernel and userland.
2004-12-07	real backout	Theo de Raadt

2004-12-07	oops, incomplete backout	Theo de Raadt

2004-12-07	tree does not compile, spotted by dlg (not obvious how to fix)	Theo de Raadt
	---- Change the default for 'overload <table> flush' to flush only states from the offending source created by the rule. 'flush global' flushes all states originating from the offending source. ABI change, requires kernel and pfctl to be in sync. ok deraadt@ henning@ dhartmei@
2004-12-07	Change the default for 'overload <table> flush' to flush only states from the	Ryan Thomas McBride
	offending source created by the rule. 'flush global' flushes all states originating from the offending source. ABI change, requires kernel and pfctl to be in sync. ok deraadt@ henning@ dhartmei@
2004-12-05	initialize $$->tail and $$->next for MAXSRCCONNRATE	Daniel Hartmeier

2004-12-04	Userland support for limiting open tcp connections per source. eg:	Ryan Thomas McBride
	keep state (max-src-conn 1000, max-src-conn-rate 100/10, overflow <bad> flush) allow a maximum of 1000 open connections or 100 new connections in 10 seconds. The addresses of offenders are added to the <bad> table which can be used in the ruleset, and existing states from that host are flushed. ok deraadt@ dhartmei@
2004-11-09	do not assume entries in pf_timeouts[] are ordererd like PFTM_* in pfvar.h	Daniel Hartmeier
	reported by Alexey E. Suslikov, ok henning@
2004-09-30	print invalid hostmask when refusing it, ok deraadt@	Daniel Hartmeier

2004-09-27	anchor rules referencing anchors using slashes may need quotes.	Jared Yanovich
	ok mcbride henning
2004-09-21	Implement "no scrub" to allow exclusion of specific traffic from scrub rules.	Aaron Campbell
	First match wins, just like "no {binat,nat,rdr}". henning@, dhartmei@ ok
2004-08-26	sync usage for -a	Jared Yanovich
	reminded by jmc, ok deraadt
2004-08-26	update w.r.t. recursive anchors	Jared Yanovich
	includes: - simplify -a syntax - change an anchor example to mention authpf, which is more useful - document "pfctl -a anchor -vsA" for showing anchors recursively ok dhartmei jmc henning
2004-08-08	spacing	Theo de Raadt

2004-07-23	- make SYNOPSIS and usage() clear that -t precedes -T;	Jason McIntyre
	spotted by Tamas Tevesh, via dhartmei@; also, add -o to usage(), and note that /ruleset is now the correct syntax, not :ruleset; ok dhartmei@
2004-07-19	print the correct labels when displaying timeouts with pfctl (eg, pfctl -st).	David Gwynne
	From Chris Pascoe. ok dhartmei@
2004-07-16	'pfctl -o' ruleset optimizer that doesnt change the meaning of the final ruleset	Mike Frantzen
	- remove identical and subsetted rules - when advantageous merge rules w/ similar addresses into a table and one rule - re-order rules to improve skip step performance (can do better w/ kernel mods) - 'pfctl -oo' will load the currently running ruleset and use it as a profile to direct the optimization of quicked rules ok henning@ mcbride@. man page help from jmc@