summaryrefslogtreecommitdiff
path: root/sbin/pflogd
AgeCommit message (Collapse)Author
2009-12-24spelling fixes, from Brad Tilley; we will not fix src/sbin/dump/dump.hIgor Sobrado
as neither arrayified not arrayfied exist -- sanctioned dictionaries like Merriam-Webster ones suggest a few alternatives (e.g., arrayed), however these made up words are easy to understand and we are not certain that current ones are not ok. ok jmc@
2009-12-03Adjust pflog BPF descriptions, problem pointed out by jmc@Stuart Henderson
- sync actions with PF changes (pass/block/match not just pass/block, and remove some binat/nat/rdr entries) - list all reason codes in tcpdump(8) ok henning jmc
2009-11-16pflogd no longer needs libutil; ok deraadt@Otto Moerbeek
2009-11-04tweak previous;Jason McIntyre
2009-11-03Get rid of pflogd.pid because the privsep child cannot delete the pidfile;Theo de Raadt
use pkill(1) in /etc/newsyslog.conf instead together with otto and suggestions from tedu
2008-10-22log pcap stats upon SIGUSR1; ok canacarHenning Brauer
From: Dave Harrison <dave@nullcube.com>
2008-03-24msg_controllen has to be CMSG_SPACE so that the kernel can account forTheo de Raadt
each cmsg_len (ie. msg_controllen = sum of CMSG_ALIGN(cmsg_len). This works now that kernel fd passing has been fixed to accept a bit of sloppiness because of this ABI repair. lots of discussion with kettenis
2008-03-15Repair the simple cases for msg_controllen where it should just beTheo de Raadt
CMSG_SIZE(sizeof(int)), not sizeof(buffer) which may be larger because of alignment; ok kettenis hshoexer
2008-03-13Correct CMSG_SPACE and CMSG_LEN usage everywhere in the tree. Due toTheo de Raadt
an extensive discussion with otto, kettenis, millert, and hshoexer
2008-01-14clear up pidfile(-p) option formOkan Demirmen
tweaked by jmc, ok henning
2007-06-06fix oups, mlist@scapa.dnsalias.netHenning Brauer
2007-06-06reverse logic of if_exists so that if_exists(interface) is true ifHenning Brauer
interface exists and !if_exists(interface) is when it doesn't
2007-06-04use warn() where warn() is intended, not err()Henning Brauer
exit nonzero if the inetrface does not exist From: tbert <bret.lambert@gmail.com>
2007-06-02do not shadow globals (in if_exists)Henning Brauer
2007-06-02on pcap error, check wether the interface went away and exit if it did.Henning Brauer
spinning and flooding syslog in that case was not so nice.
2007-05-31convert to new .Dd format;Jason McIntyre
2007-05-27Complain to stderr if cloned pflog interface doesn't exist. Previously only ↵Jason Dixon
logged LOG_ERR to syslog. ok henning@
2007-04-07- use .Bk/.Ek to avoid SYNOPSIS splittingJason McIntyre
- put -p in the correct place - sync the -p argument name and tweak its description - add -p to usage()
2007-04-06Adds a pidfile argument to pflogd so that individualCan Erkin Acar
instances can be rotated via newsyslog. From Berk Demir < bdd at mindcast org > ok henning@
2006-12-08state that if the log file is bad, it is first moved out of the way. ifJoel Knight
that fails, then logging is suspended.
2006-12-06styleMichael Knudsen
2006-11-26repair missing DPADD requestsTheo de Raadt
2006-11-19Default snaplen has been 116 for a while now.Joel Knight
2006-10-26- sort optionsJason McIntyre
- sync usage()
2006-10-25Remove some unneeded externs. OK canacar@Moritz Jodeit
2006-10-25allow pflogd to listen on alternate pflog interfacesHenning Brauer
"Berk D. Demir" <bdd@mindcast.org> sent a diff in private, and then it evolved quite a bit... ok djm canacar berk
2006-03-06convert permanent privilege revocation to use setresuid/setresgid;Damien Miller
ok henning@
2006-01-15If the log file is invalid/incompatible, try to rename the bad log fileCan Erkin Acar
and continue with a new name instead of suspending. ok mcbride@
2005-07-04do not whack errno before using it; Andrey MatveevTheo de Raadt
2005-05-27filtering on ruleset name is already implemented, document it.Daniel Hartmeier
2005-04-14sync the list of acceptable values for 'reason' with realityJoel Knight
2005-02-09missing tzset(), noticed by Chris Kuethe <chris.kuethe@gmail.com>Henning Brauer
2005-01-08Use the handler specified in phandler instead of always usingCan Erkin Acar
dump_packet. Report and patch from Peter Postma, thanks.
2005-01-02"bad-timestamp" is a valid logging reason;Jason McIntyre
from joel knight;
2004-12-22also pass SIGINT/QUIT to child, from mpech@. ok avsm@Otto Moerbeek
2004-09-17ugly spacingTheo de Raadt
2004-08-13extra check for no message case; ok markus, deraadt, hshoexer, henningDamien Miller
2004-08-08spacingTheo de Raadt
2004-07-14no \n in errx(3)Henning Brauer
From: Andrey Matveev <andrushock@korovino.net>
2004-05-23use strtonum instead of atoi; dhartmei okTheo de Raadt
2004-04-28fd leaks; henning okTheo de Raadt
2004-04-08sigh, really fix the error message this time, thanks Moritz JodeitAnil Madhavapeddy
2004-04-08reorder error message and send_fd in order to display the correctAnil Madhavapeddy
errno in error message; pointed out by Moritz Jodeit <moritz at jodeit.org>
2004-04-03dont close an invalid fd, canacar@ okAnil Madhavapeddy
2004-03-14Check return code of chdir() after chroot(); noted by Joris Vink, slight modOtto Moerbeek
from avsm@. ok avsm@ hshoexer@ henning@
2004-02-13cleanup signal handling; close descriptors.Otto Moerbeek
ok avsm@ millert@ canacar@
2004-01-18Create log files if they do not already exist, but do not followCan Erkin Acar
symlinks. ok markus@
2004-01-16- standard option orderJason McIntyre
- sync usage() - new sentence, new line - Dv (not Va) for signals - other nits ok canacar@
2004-01-15Try to preserve the integrity of the log file in case of errors/unexpectedCan Erkin Acar
shutdowns etc. Also check logfile integrity on startup and suspend logging if an inconsistency is detected. ok dhartmei@
2004-01-15Synchronize with syslogd privsep: When reading a new command fails,Can Erkin Acar
terminate the loop instead of exiting directly, suggested by avsm@ Also get rid of trailing comma in enum, makes lint(1) happier, from Andrey Matveev andrushock at korovino dot net