src - OpenBSD base system

Age	Commit message (Collapse)	Author
2003-05-14	add scrub modifier "reassemble tcp" to turn on stateful TCP normalizations	Mike Frantzen
	ok henning@ dhartmei@
2003-05-14	tagging on binat	Henning Brauer

2003-05-14	enabled tagging on rdr rules	Henning Brauer

2003-05-14	with tag/tagged given, only whine about missing keep state on pass rules	Henning Brauer

2003-05-14	allow SCRUB rules to specify protocol again. broken sometime in the past.	Mike Frantzen
	okie dhartmei@, yay pb@
2003-05-14	tags on nat rules:	Henning Brauer
	nat on $ext_if all tag humppa -> $ext_if pass out tagged hummpa keep state
2003-05-14	print the redirection target for nat/rdr/binat slighly later.	Henning Brauer
	no functional difference (yet)
2003-05-13	make sure tagging is only ever used with stateful filter rules	Henning Brauer

2003-05-13	correct rule printing	Henning Brauer

2003-05-13	userland part for tagging.	Henning Brauer
	it's now possible to tag packets with an arbitary tag and filter based on that tag later on other interfaces: pass in quick on fxp0 keep state tag blah pass out quick on wi0 keep state with tag blah can be used to express trust between interfaces, to distinguish between NATed connections and connection originating from teh firewall itself and much more ok dhartmei@ frantzen@ pb@ mcbride@
2003-05-12	Adaptive timeout value scaling. Allows to reduce timeout values as the	Daniel Hartmeier
	number of state table entries grows, so entries time out faster before the table fills up. Works both globally and per-rule. ok frantzen@
2003-05-11	Don't ntohs() the translation port for nat as it is already in host byte order.	Ryan Thomas McBride
	Makes nat ... -> $ext_if port 500 rules work correctly again. ok henning@ dhartemi@ frantzen@
2003-05-10	support loading of anchors from within the main ruleset via	Henning Brauer
	load anchor anchorname:rulesetname file /path/to/file ok pb@ dhartmei@ cedric@
2003-05-08	Close sockets (otherwise the file handle limit can be reached when many	Daniel Hartmeier
	queues are defined). Reported by Fernando Braga. ok henning@
2003-05-05	Describe format of pfctl -sl output, reported by Alejandro G. Belluscio.	Daniel Hartmeier

2003-05-03	these files all had >9 arguments to .Nd, causing the name description to be	Jason McIntyre
	truncated. i wrapped them in double quotes to preserve the line. grep inspired by an -mdoc lesson from millert@
2003-05-03	don't free() the char * carrying the rule label too early	Henning Brauer
	noticed by Mathieu Sauve-Frankel <m.sauve at secureops.net> via silc
2003-05-01	ease label handling	Henning Brauer
	ok cedric@
2003-05-01	allow label on antispoof; requested by Gregor Binder <gbinder at sysfive.com>	Henning Brauer
	ok cedric@
2003-04-30	kill globals anchorname and rulesetname; have them in main instead and pass	Henning Brauer
	to the functions that need them. makes the code easier and cleaner in some places and will be needed for other things to come soon ok cedric@
2003-04-30	Allow tables to be loaded into anchors.	Cedric Berger
	Most pfctl table commands (excluding 'show' and 'flush') support the "-a" modifier. ok dhartmei@
2003-04-27	Update the pfioc_table IOCTL structure.	Cedric Berger
	Prepare for anchors, improve robustness. WARNING: need to sync kernel/userland. ok dhartmei@
2003-04-25	kill a workaround now that inet_net_pton acts reasonably	Henning Brauer

2003-04-25	check asprintf return value for error as well, some implementations do	Peter Valchev
	not set the pointer to NULL necessarily; ok dhartmei, henning, kjell
2003-04-25	Properly copy the second part of nat proxy port range, when specified.	Daniel Hartmeier
	ok henning@
2003-04-15	display basic hfsc stats	Henning Brauer

2003-04-15	pass down the unparsed queue opts (struct node_queue_opt) to	Henning Brauer
	print_altq/print_hfsc -> print_hfsc_opts and extract struct node_hfsc_sc there for each service curve and pass those down to print_hfsc_sc. now bandwidth specifications in the service curves are printed correct in the case of a queue belonging to more than one interface/parent queue, the parent queues having different bandwidths and the bandwith on teh service curve beeing specified in percent.
2003-04-15	make print_hfsc_sc() take an extra struct node_hfsc_sc parameter and print	Henning Brauer
	relative bandwidth specification if that ws given instead of the calculated absolute ones. to be used soon.
2003-04-15	don't include the unit "ms" when printing the service curve; parser wants	Henning Brauer
	raw number
2003-04-15	factor out service curve printing to it's own function, print_hfsc_sc().	Henning Brauer

2003-04-14	if linkshare service curve m2 == bandwidth, but d given, we do need to print	Henning Brauer
	linkshare as it is not exactly the default case then
2003-04-14	only print hfsc linkshare when it differs from the default	Henning Brauer

2003-04-14	do not add a realtime service curve to the root queue as	Kenjiro Cho
	the realtime service is not hierarchically distributed. ok henning@
2003-04-14	let print_altq and print_queue take a struct node_queue_bw parameter instead	Henning Brauer
	of dintinct bw_percent
2003-04-13	KNF	Henning Brauer

2003-04-13	prevent double service curve specification	Henning Brauer

2003-04-13	add support for the HFSC linkshare, realtime, and upperlimit service curves	Henning Brauer
	to be specified.
2003-04-13	concistency in the print-funtions, here: HFSC uppercurve and brackets	Henning Brauer

2003-04-13	unbreak (missing })	Daniel Hartmeier

2003-04-13	use pa->ifbandwidth instead of rate as reference bandwidth for the root queue	Henning Brauer

2003-04-13	say bye bye to hfscflags_list and hfscflags_item	Henning Brauer
	welcome hfscopts_list and hfscopts_item, returning a full struct node_hfsc_opt instead of just an int for the flags. needed because of all the opts hfsc knows
2003-04-13	process HFSC options for the linkshare, realtime and upperlimit service curves	Henning Brauer

2003-04-13	break out bandwidth specification processing code to its own function, will	Henning Brauer
	be used in more places soonish
2003-04-13	new struct node_hfsc_opts for, surprise, hfsc options. needed because they	Henning Brauer
	contain bandwidth specifications and we need to carry the unprocessed bw specs around for quite some time until we can break them down to absolute values.
2003-04-13	pass down the struct node_queue_opts from the altqif/queuespec yacc targets	Henning Brauer
	to expand_altq/expand_queue -> eval_pfaltq/eval_pfqueue and further down to the new eval_queue_opts() instead of evaluating them directly in the yacc grammar. this will be needed to process the hfsc options which can contain relative bandwidth specifications, and we can't break them down to an absolute one earlier.
2003-04-13	move the structs node_queue_bw and node_queue_opt to pfctl_parser.h.	Henning Brauer
	let eval_pfqueue() and eval_pfaltq() take a pointer to a struct node_queue_bw instead of two distince bw_absolute and bw_percent parameters.
2003-04-13	move the bandwidth keyword from within the bandwidth target up to the	Henning Brauer
	queue_opts target so the bandwidth parser can be used for other things too; will be needed for hfsc's linkshare etc
2003-04-12	initial support for the HFSC scheduler.	Henning Brauer
	whoever uses that for more than toying around is on drugs. it's far from done.
2003-04-12	make the first queue id we assign 2 instead of 1, 1 is the default queue for	Henning Brauer
	HFSC
2003-04-12	in check_commit_hfsc, don't check wether the default queue is a leaf queue	Henning Brauer
	when we have no default queue. avoids null pointer deref.