src - OpenBSD base system

Age	Commit message (Collapse)	Author
2005-05-28	don't print the "[ Inserted: uid pid ]" line when -g is used, so the	Daniel Hartmeier
	regress tests don't have to deal with it (and it's a useless thing to check from there).
2005-05-27	Hide Hostid and Checksum in pfctl -si output unless the -v flag is used.	Ryan Thomas McBride
	Prodded by henning@
2005-05-27	Calculate an MD5 checksum over the main pf ruleset.	Marco Pfatschbacher
	This is the basis for further pfsync improvements, to ensure that pf rules are in sync with the master. "get it in" mcbride@
2005-05-27	get rid of 'log-all'. now that we have 'log (options)', make 'all' an	Daniel Hartmeier
	option to log. so, 'log-all' becomes 'log (all)'.
2005-05-27	get rid of shift/reduce conflicts, don't support empty logopts	Daniel Hartmeier

2005-05-27	log two pairs of uid/pid through pflog: the uid/pid of the process that	Daniel Hartmeier
	inserted the rule which causes the logging. secondly, the uid/pid of the process in case the logged packet is delivered to/from a local socket. a lookup of the local socket can be forced for logged packets with a new option, 'log (user)'. make tcpdump print the additional information when -e and -v is used. note: this changes the pflog header struct, rebuild all dependancies. ok bob@, henning@.
2005-05-27	allow 'tagged' in 'anchor' rules (without complaining about missing	Daniel Hartmeier
	'keep state'), as a condition to branch into the anchor. suggested by Bill Marquette.
2005-05-26	The illegalness of "no nat log" is already enforced by the grammar.	Camiel Dobbelaar
	ok dhartmei
2005-05-26	use PF_LOG, PF_LOGALL instead of numeric constants	Daniel Hartmeier

2005-05-26	support 'log' and 'log-all' in 'nat/rdr/binat pass' rules. original patch	Daniel Hartmeier
	from camield@. use #defines PF_LOG, PF_LOGALL instead of magic constants. ok frantzen@, camield@
2005-05-26	switch the max_src_{states,conn,conn_rate} from superblock breaks to superblock	Mike Frantzen
	optimization barriers to prevent table merging or rule re-ordering ok dhartmei@
2005-05-25	make the remaining pf_rule fields named superblock BREAKs instead just letting	Mike Frantzen
	them default to BREAKs. no functional change
2005-05-25	make the optimizer safe in the presence of interface groups. they must act as	Mike Frantzen
	an optimization block break ok dhartmei@
2005-05-24	Identify states that will not be synchronised in pfctl -vvss output.	Christopher Pascoe
	ok mcbride@ henning@
2005-05-23	change pool allocation of table entries, no longer use the oldnointr	Daniel Hartmeier
	allocator and two pools, but PR_WAITOK when called from non-interrupt context (ioctl). add configurable hard limits for tables and table entries (set limit tables/table-entries), defaulting to 1000/100000. ok aaron@, henning@, mcbride@, art@
2005-05-23	remove code that duplicates getservice()	Camiel Dobbelaar
	ok dhartmei mcbride
2005-05-22	Add support to kill states that match networks.	Marco Pfatschbacher
	man page from jmc@ OK dhartmei@
2005-05-21	clean up and rework the interface absraction code big time, rip out multiple	Henning Brauer
	useless layers of indirection and make the code way cleaner overall. this is just the start, more to come... worked very hard on by Ryan and me in Montreal last week, on the airplane to vancouver and yesterday here in calgary. it hurt. ok ryan theo
2005-05-05	typo	Joel Knight

2005-04-22	Catch bad flags, ie. flags that always evaluate to false. This happens	Camiel Dobbelaar
	if there are flags on the lefthandside that are masked off by the righthand side. ok mcbride@ (long time ago) dhartmei@ henning@
2005-03-07	fd leaks in error paths, From: Andrey Matveev <andrushock@korovino.net>	Henning Brauer

2005-03-07	print unsigned long with %lu, not with %d and not with %ld.	Henning Brauer
	From: Andrey Matveev <andrushock@korovino.net>
2005-03-06	allow commas in the hfsc service curve spec, inconsistency pointed out in	Henning Brauer
	PR4134 / geoff@collyer.net and a longer mail exhcange with han boetes
2005-03-06	print "set skip on" with -v in such a way that the output is valid input	Daniel Hartmeier
	syntax, instead of the cryptic hex flags output.
2005-02-28	use the linkshar keyword when gtalking about the link sharing service	Henning Brauer
	curve, inspired by PR4127
2005-02-27	support 'tagged' in translation rules, non-delayed tag lookup	Daniel Hartmeier
	ok henning@, deraadt@
2005-02-26	ypu sure get the impression the number of memory leaks in error pathes	Henning Brauer
	is infinite... Andrey Matveev <andrushock@korovino.net> spotted a few again!
2005-02-17	Fix indentation as to not mislead the code reader. No functional change.	Aaron Campbell

2005-02-07	KNF; ok henning@	David Krause

2005-01-28	add messages for syntax errors that caused silent failure before.	Daniel Hartmeier
	found by Peter Fraser, ok henning@
2005-01-27	dynamic interface names must start with a letter. catches the nonsensical	Daniel Hartmeier
	"(10.1.2.3)" that results from a simple typo like "$(ext_ip)" instead of "$(ext_if)".
2005-01-06	Missing braces in pfctl_load_debug(), pointed out by camield@	Ryan Thomas McBride

2005-01-05	spelling;	Jason McIntyre

2005-01-05	Document -m flag.	Ryan Thomas McBride

2005-01-05	Modify pfctl behaviour so that 'set ...' options are no longer "sticky", ie.	Ryan Thomas McBride
	they are reset to default values if omitted from a subsequent ruleset load. Also: - make sure 'set ...' options are not loaded in anchors. - add a -m ("merge") flag to pfctl which allows an individual option to be set without reseting the others, eg: # echo "set loginterface fxp0" \| pfctl -mf - ok henning@ dhartmei@
2005-01-03	don't merge a rule's source address into a table if we're already trying to	Mike Frantzen
	merge its destination address. caught by an assertion. it's tempting to do recursive reduction here to pick that low hanging fruit.... bug report from <gustavo AT hades DOT uint8t DOT org>
2004-12-29	Print 'set fingerprints' correctly when parsing verbosely.	Ryan Thomas McBride

2004-12-29	Make sure that fingerprint_count gets reset to 0 correctly when we flush	Ryan Thomas McBride
	our list of fingerprints. ok dhartmei@ henning@ frantzen@
2004-12-29	change last commit so that the test for PF_OPT_NOACTION is actually in	Dan Harnett
	pfctl_clear_interface_flags(). suggested by and ok henning@
2004-12-29	don't clear interface flags if '-n' option was given.	Dan Harnett
	ok henning@
2004-12-29	be quiet about resetting the interface flags omn ruleset load, only	Henning Brauer
	print that info on manual flushes. noticed by marc@
2004-12-28	reset skip interface flags on reloads and for -Fall	Henning Brauer
	from max, this time working :)
2004-12-27	unbreak tree	Theo de Raadt

2004-12-27	reset skip interface flags on reloads and for -Fall	Henning Brauer
	from max
2004-12-23	set rule_flag PFRULE_SRCTRACK when setting srctrack, found by camield@	Daniel Hartmeier
	using regress test pf84
2004-12-22	Introduce 'set skip on <ifspec>' to support a list of interfaces where no	Daniel Hartmeier
	packet filtering should occur (like loopback, for instance). Code from Max Laier, with minor improvements based on feedback from deraadt@. ok mcbride@, henning@
2004-12-19	use strchr instead of index	Theo de Raadt

2004-12-15	missing free()s; with pat	Henning Brauer

2004-12-14	&&/\|\| inversion would try to merge IP addresses with non-addresses into a	Mike Frantzen
	single table causing a ruleset load error and eventually a double-free. bug report and testing from martin{AT}spamcop net
2004-12-14	add two warn() calls to make sure a warning message gets printed if one of	Mike Frantzen
	the table calls fails and the optimizer is gonna bomb out