src - OpenBSD base system

Age	Commit message (Collapse)	Author
2001-10-07	Add interface name to address translation to pfctl, document it and add	Daniel Hartmeier
	a regress test. Translation is done on rule set load-time only, so the rule sets must be reloaded when an interface address changes. parse.y patch from Cedric Berger. Similar patch from Jonathon Fletcher. Thanks to both.
2001-10-04	Honour -v flag when printing states, print only one line per state when	Daniel Hartmeier
	non-verbose. Suggested by gwyllion@ace.ulyssis.org.
2001-10-02	Remove duplication from simultaneous commits	Mike Frantzen

2001-10-02	Typo fixes (thanks gwyllion@ace.ulyssis.org)	Mike Frantzen

2001-10-02	'pfctl -O foo' dumped core. A check was there, but didn't work.	Daniel Hartmeier

2001-10-01	print variable asignments only if -v is given. ok dhartmei/deraadt	Markus Friedl

2001-10-01	Print error message when pfctl -N/-R can't open the specified file	Daniel Hartmeier
	(instead of failing silently). Found by niklas@.
2001-09-30	Selectable preset FSM optimizations for several network environments.	Mike Frantzen
	Thanks to everyone who sent me packet captures!
2001-09-28	Support underscores in macro names and document it in the man page.	Daniel Hartmeier

2001-09-22	remove debug printf	Theo de Raadt

2001-09-20	Fix uninitialized structure fields. Problem reported by Cedric Berger.	Daniel Hartmeier

2001-09-15	Implement return-icmp(number), return-icmp6(number)	Peter Stromberg
	Differentiate between return-icmp and return-icmp6, icmp-type and ipv6-icmp-type. ok dhartmei@
2001-09-15	ICMP6_DST_UNREACH_NOROUTE <-> _ADMIN, reported by Wouter Coene.	Daniel Hartmeier

2001-09-15	Fix 'binat ... to any ...' (binat.af wasn't set).	Daniel Hartmeier

2001-09-15	Parse bug, found by wilfried@	Daniel Hartmeier

2001-09-15	IPv6 support from Ryan McBride (mcbride@countersiege.com)	Mike Frantzen

2001-09-12	check calloc() return value	Markus Friedl

2001-09-06	- you can only binat between hosts	jasoni
	- add binat example and description
2001-09-06	1:1 bidrectional NAT (binat); ok dhartmei@ and frantzen@	jasoni

2001-09-06	Initial idea from aaron@: Last char of .Xr group in SEE ALSO section should	Mike Pechkin
	be a single digit. Powered by mantoya@. millert@ ok.
2001-09-04	Support parameter lists {} for interfaces in filter rules, like	Daniel Hartmeier
	pass in on { gm0, kue0 } from any to any
2001-09-02	Print rule numbers zero-based. Noted by primus@gblx.net.	Daniel Hartmeier

2001-08-28	move '!' from host_list to host: "xhost : '!' host \| host;"; ok dhartmei@	Markus Friedl

2001-08-28	check for malloc/strdup == NULL	Markus Friedl

2001-08-28	Support ! operator in host parameter lists. Fixes PR system/2030. Reported	Daniel Hartmeier
	by Kamil Andrusz <wizz@mniam.net>.
2001-08-28	Bump state timeouts and allow tweaking them from pfctl.	Mike Frantzen
	(The state timeouts need some _serious_ tuning)
2001-08-26	sort keywords	Theo de Raadt

2001-08-25	PF ISN randomization. Or in trekkie techno-babble, ISN phase modulation.	Mike Frantzen

2001-08-23	o for a port_item, initialize the "next" pointer to NULL	Todd C. Miller
	o for an address, use calloc() instead of malloc() so the struct is zeroed Fixes a SEGV in pfctl due to uninitialized "next" pointers.
2001-08-23	Support var="string". Expansion (at lex time) done using $var, for instance:	Theo de Raadt
	okproto="{ssh, smtp, domain, auth}" pass in on key0 proto tcp from any to any port $okproto keep state Can I ask someone else to document this in pf.conf(5)?
2001-08-23	KNF	Theo de Raadt

2001-08-23	for -s all, do not error out when the first ioctl fails	Theo de Raadt

2001-08-22	ftp-proxy	Bob Beck

2001-08-19	do not spin if no states are found	Theo de Raadt

2001-08-19	Document per-rule byte counter.	Daniel Hartmeier

2001-08-19	Add per-rule byte counter, so mickey can do accounting. We're counting the	Daniel Hartmeier
	data part (without IP and TCP/UDP/ICMP headers), like the state counter does.
2001-08-19	Document per-rule statistics. If the evaluation counters look funny,	Daniel Hartmeier
	think skip steps.
2001-08-19	Print per-rule statistics when -v is used with -sr (show rules).	Daniel Hartmeier

2001-08-19	Unfuck some TCP state stuff that would drop the SYN\|ACK.	Mike Frantzen
	Enumerated the TCP states. Here's a mapping new->old tcp states if anyone gives a shit: TCPS_CLOSED 0 TCPS_SYN_SENT 1 TCPS_ESTABLISHED 2 TCPS_CLOSING 3 TCPS_FIN_WAIT_2 4 TCPS_TIME_WAIT 5
2001-08-19	Add parameter list support to parser. Handles lists for protocol, hosts	Daniel Hartmeier
	and ports in filter rules, like block in from { 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16 } to any pass in proto tcp from any to any port { ssh, 1024 >< 2000, > 65000 } block in proto { udp, igmp } and does rule expansion (generate all needed rule combinations).
2001-08-18	make pfctl -s state SCREAM; frantzen is now happy	Theo de Raadt

2001-08-18	prettier printing of states	Theo de Raadt

2001-08-16	track the line number per-token, so that we can report errors correctly	Theo de Raadt

2001-08-14	optimize the flags parsing; markus@ ok	Michael Shalayeff

2001-08-11	Add support for ICMP errors referring to ICMP queries/replies. Fixes	Daniel Hartmeier
	'ICMP error message for bad proto' messages. Reported by Mark Grimes and Steve Rumble. Add debugging level with ioctl interface and pfctl switch. Default is 'None'.
2001-08-11	\+\n support, and spit out cc-style error messages. the parser's line	Theo de Raadt
	counting is lex dependent, and will need to be tweaked
2001-08-03	o) We always closes .Bl and .Bd tags;	Mike Pechkin
	millert@ ok
2001-07-31	allow to test that flags are unset, ok dhartmei@, mickey@	Peter Stromberg

2001-07-28	start sentence on new line, from mpech@	Daniel Hartmeier

2001-07-26	sort SEE ALSO section correctly, from mpech@.	Daniel Hartmeier