src - OpenBSD base system

Age	Commit message (Collapse)	Author
2004-05-07	typos	Henning Brauer
	From: Jared Yanovich <phirerunner@comcast.net>
2004-05-05	Use RFC1323 PAWS timestamps as a logical extension to the conventional TCP	Mike Frantzen
	sequence numbers by taking advantage of the maximum 1KHz clock as an upperbound on the timestamp. Typically gains 10 to 18 bits of additional security against blind data insertion attacks. More if the TS Echo wasn't optional :-( Enabled with: scrub on !lo0 all reassemble tcp ok dhartmei@. documentation help from jmc@
2004-04-27	make "pfctl -vvsq" to print "No queue in use" and exit when there is no	Kenjiro Cho
	queue to show the state. requested by "Alexey E. Suslikov" <cruel@texnika.com.ua> ok henning@
2004-04-26	do more careful altq bandwidth checking.	Kenjiro Cho
	- fix a bug in HFSC that does not take the newly added queue into account when computing the bandwidth for admission control. - warn when the sum of the child bandwidth exceeds parent's bandwidth for both CBQ and HFSC. - allow to explicitly specify 0bps to bandwidth. HFSC can have only the real-time sc, and it means a blackhole queue for CBQ. problem reports by "Alexey E. Suslikov" <cruel@texnika.com.ua> ok henning@
2004-04-24	Add "probability xxx" rule modifier. ok deraadt@	Cedric Berger

2004-04-22	typo, From: Jared Yanovich <jjy2+@pitt.edu>	Henning Brauer

2004-04-14	make antispoof work with dynamic addresses. ok dhartmei@ mcbride@	Cedric Berger

2004-04-14	Better interface filtering. vlan1 should not match vlan19.	Cedric Berger
	Found by Mike Wolman, ok dhartmei@ mcbride@
2004-04-09	Do not try to load directories. found+ok mpech@	Cedric Berger

2004-03-20	spelling fix; ok dhartmei@ henning@ deraadt@	David Krause

2004-03-20	make pfctl -s osfp work and remove -o option from manpage; ok deraadt@	David Krause
	pointed out by David Hill <davidh at wmis dot net>
2004-03-15	cast %llu arguments to unsigned long long, from Max Laier,	Daniel Hartmeier
	ok henning@ cedric@
2004-03-14	#include fixes, from Max Laier, ok beck@ henning@	Daniel Hartmeier

2004-03-10	Actually use SRCS+= so that we don't have a wrapped line.	Ryan Thomas McBride

2004-03-10	plug 3 memory leaks; 2 from andrushock, 1 by me	Henning Brauer
	ok pb deraadt
2004-03-08	plug 124 memory leaks	Henning Brauer
	ok mcbride@ pb@ dhartmei@
2004-03-06	from bgpd:	Henning Brauer
	plug a memory leak in the lexer. the issue is this code fragement from yylex(): . token = lookup(buf); . yylval.v.string = strdup(buf); . if (yylval.v.string == NULL) . err(1, "yylex: strdup"); . return (token); lookup() tries to match buf against a list of keywords, and returns the associated token if it has a match, or the token STRING otherwise. STRING is the only token that needs (and free()s) yylval.v.string. however, we assigned memory for it with the strdup in yylex for each and every token. the fix is obviously only setting yylval.v.string when lookup() returns STRING. Patrick Latifi noticed that something was leaking with token handling, analysis and fix by me. ok deraadt@
2004-03-03	no newline in errx, bad cedric; spotted by tedu	Theo de Raadt

2004-03-01	support "tagged <name>" on anchor rules, suggested by vd@vmunix.lt,	Daniel Hartmeier
	ok henning@, cedric@
2004-02-27	make pfctl -s all a bit more useful again by not printing a lllooooooottttt of	Henning Brauer
	OS fingerprints and a list of interface drivers... cedric deraadt ok
2004-02-26	Fix/Simplify printing of titles with "pfctl -s all". ok mcbride@	Cedric Berger

2004-02-26	Fix pfctl -sa output. Found by David Krause, ok mcbride@	Cedric Berger

2004-02-25	Don't clear global stuff when an anchor is given in addition to -Fa.	Cedric Berger
	Ok mcbride@ pb@
2004-02-24	'max-src-nodes' requires 'source-track rule'. Set that automatically,	Ryan Thomas McBride
	unless 'source-track global' is explicit, in which case error out. Lots of help from cedric@. ok cedric@ henning@
2004-02-24	fixup.	Cedric Berger

2004-02-24	Check for 'source-track rule' with 'max-src-nodes'.	Ryan Thomas McBride
	ok cedric@ henning@
2004-02-19	Makes pfctl -ss and pfctl -sq use optional -i argument.	Cedric Berger
	ok dhartmei@ markus@ mcbride@
2004-02-19	Makes pfctl -Fs and pfctl -w works with the optional -i specifier.	Cedric Berger
	Kernel/Userland Sync needed. ok dhartmei@ jmc@ markus@ mcbride@
2004-02-19	now that qids are managed entirely in the kernel, the qid related code	Kenjiro Cho
	is no longer needed in pfctl. ok, henning@
2004-02-17	add -i flag, use it for -sI as a start. ok henning@, ok+test mcbride@	Cedric Berger

2004-02-12	- sort SYNOPSIS and options list	Jason McIntyre
	- add -p to SYNOPSIS - uppercase start of sentence - sync usage() w/ SYNOPSIS
2004-02-12	add -p flag to specify the device - ok mcbride@, henning@ with no objections	Bob Beck
	from deraadt@
2004-02-11	Fix interface clobbering for link-local addresses. Found by Pyun YongHyeon.	Cedric Berger
	Fix "antispoof for foo" when foo has no addresses. ok+help dhartmei@, ok mcbride@
2004-02-10	KNF	Daniel Hartmeier

2004-02-10	KNF	Henning Brauer

2004-02-10	lotsoflotsoflotsof KNF	Henning Brauer
	and an off by one
2004-02-10	KNF	Henning Brauer

2004-02-10	fix at leats the worst of Cedric "KNF is for everybody but me" Berger's fuckup	Henning Brauer

2004-02-10	new kernel reports enabled & disabled time - use that info.	Cedric Berger
	ok henning@ mcbride@
2004-02-05	pfctl_update_qstats() returns -1 on error and the # of queues otehrwise	Henning Brauer
	fix a check of the return value to cope woth that inspired by PR3675 from Marc Huber <Marc.Huber@web.de>, fixed slightly different.
2004-02-04	Handle rules like 'pass ... proto { tcp udp icmp } ... modulate state'	Ryan Thomas McBride
	ok dhartmei@ henning@
2004-02-04	Fix a number of bugs with setting pool limits which I introduced with	Ryan Thomas McBride
	source-tracking. Found by Pyun YongHyeon. Also add support to pfctl to set the src-nodes pool limit. "Luckily" some of the bugs cancel each other out; update kernel before pfctl. ok dhartmei@
2004-02-03	fix PR 3664 / jared r r spiegel	Henning Brauer
	we need to save the unexpanded tag/tagged strings before entering the expansion loop, and at each loop, start with the unexpanded tag, so that on subsequent loops the macros are replaced with current values and not the values from previous loop persist ryan theo ok
2004-02-03	bring back this fluffy change, of course without the bug:	Henning Brauer
	== to parse v4 adresses, only use inet_net_pton when we find a /, otherwise use inet_pton. helps bob who likes to type 1.2 3.4 instead of 1.2.3.4 and wonders why this results in two addresses. PR3638, bob ok == make sure bits is either 32 or what inet_net_pton tells us, and always call set_ipmask to mask the boring bits away ok dhartmei@ mcbride@ david@
2004-01-29	Clean up 'pfctl -s all' output.	Ryan Thomas McBride
	ok deraadt@ henning@
2004-01-26	we must not omit printing the netmask when it is all zero, this is dangerous -	Henning Brauer
	1.2.3.4/0 is not equal to 1.2.3.4... this "helped" to make failure already only omit the netmask when both the addr and the mask itself are all zero (the "any" case) ok dhartmei@ mcbride@
2004-01-25	This fix was made WITHOUT RUNNING REGRESS. Henning, you are being	Theo de Raadt
	extremely unfluffy, King Bula is coming for your head.
2004-01-22	to parse v4 adresses, only use inet_net_pton when we find a /, otherwise	Henning Brauer
	use inet_pton. helps bob who likes to type 1.2 3.4 instead of 1.2.3.4 and wonders why this results in two addresses. PR3638, bob ok
2004-01-14	eliminate the predefined special qids so that qids become simple	Kenjiro Cho
	identifiers without embedded meanings. this also allows us to make the semantics of the qid assignment in line with the tag assignment in the next step. ok, henning@
2004-01-05	few off by ones in strlcpy overflow check; Patrick Latifi	Henning Brauer