src - OpenBSD base system

Age	Commit message (Collapse)	Author
2001-08-20	Powered by @mantoya.	Mike Pechkin
	o) fix bogus .Xr usage; millert@ ok.
2001-08-19	do not spin if no states are found	Theo de Raadt

2001-08-19	Document per-rule byte counter.	Daniel Hartmeier

2001-08-19	Add per-rule byte counter, so mickey can do accounting. We're counting the	Daniel Hartmeier
	data part (without IP and TCP/UDP/ICMP headers), like the state counter does.
2001-08-19	Document per-rule statistics. If the evaluation counters look funny,	Daniel Hartmeier
	think skip steps.
2001-08-19	Prevent section leak in conf space.	Angelos D. Keromytis

2001-08-19	Print per-rule statistics when -v is used with -sr (show rules).	Daniel Hartmeier

2001-08-19	Unfuck some TCP state stuff that would drop the SYN\|ACK.	Mike Frantzen
	Enumerated the TCP states. Here's a mapping new->old tcp states if anyone gives a shit: TCPS_CLOSED 0 TCPS_SYN_SENT 1 TCPS_ESTABLISHED 2 TCPS_CLOSING 3 TCPS_FIN_WAIT_2 4 TCPS_TIME_WAIT 5
2001-08-19	Add parameter list support to parser. Handles lists for protocol, hosts	Daniel Hartmeier
	and ports in filter rules, like block in from { 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16 } to any pass in proto tcp from any to any port { ssh, 1024 >< 2000, > 65000 } block in proto { udp, igmp } and does rule expansion (generate all needed rule combinations).
2001-08-19	fix buffer underrun on 1.51	Jun-ichiro itojun Hagino

2001-08-18	make pfctl -s state SCREAM; frantzen is now happy	Theo de Raadt

2001-08-18	careful with snprintf() == -1; ho, provos	Theo de Raadt

2001-08-18	also handle snprintf() < 0	Theo de Raadt

2001-08-18	more careful with snprintf result code	Theo de Raadt

2001-08-18	prettier printing of states	Theo de Raadt

2001-08-18	typo. From: "Brian J. Kifiak" <bk@rt.fm>	Jun-ichiro itojun Hagino

2001-08-18	Add a possibility to add a random offset to the stack on exec. This makes	Artur Grabowski
	it slightly harder to write generic buffer overflows. This doesn't really give any real security, but it raises the bar for script-kiddies and it's really cheap. The range of the random offsets is controlled by the sysctl kern.stackgap_random (must be a power of 2). This is disabled by default right now, but we'll set it to a reasonable value (1024?) soon, after some more testing.
2001-08-17	Fix keyed HMAC where the key was longer than the blocksize	Niklas Hallqvist

2001-08-17	Add test with long key, longer than common hmac blocksize	Niklas Hallqvist

2001-08-17	o) {Open,Net,Free}BSD -> .{O,N,F}x;	Mike Pechkin
	o) "start sentence on new line" issues; o) minimal -mdoc improvements; millert@ ok
2001-08-17	Rewrite to do lookups depending on ID type. IPv4 and FQDN only for now.	Hakan Olsson

2001-08-17	Sony is Chip ID 2 (like in the Aibo)	Todd C. Miller

2001-08-16	remove unneeded LWRESLIB definition. ok ho@	Jakob Schlyter

2001-08-16	openssl black magic.	Hakan Olsson

2001-08-16	Don't right-justify this debug message.	Hakan Olsson

2001-08-16	Off-by-one error in [u]fqdn cases, plus better debug messages when	Hakan Olsson
	looking for public key files.
2001-08-16	ISAKMP ID type offset was wrong.	Hakan Olsson

2001-08-16	track the line number per-token, so that we can report errors correctly	Theo de Raadt

2001-08-16	do not link with lwres. ok ho@	Jakob Schlyter

2001-08-16	add support for getrrsetbyname(3) from libc. ok ho@.	Jakob Schlyter

2001-08-15	Some more style...	Hakan Olsson

2001-08-15	A small utility to convert between OpenSSL(1) and DNSSEC key formats.	Hakan Olsson

2001-08-15	Support trusted public (RSA) keys as files too. niklas@ ok.	Hakan Olsson

2001-08-14	The same msg length fix for KAME cases.	Hakan Olsson

2001-08-14	Proper length for PFKEYv2 messages in IPv4-in-IPv6 / IPv6-in-IPv4 flows.	Hakan Olsson

2001-08-14	Print the correct fields in a debug message. (cut'n'paste bug)	Hakan Olsson

2001-08-14	optimize the flags parsing; markus@ ok	Michael Shalayeff

2001-08-13	grammar fix from Joshua Stein <jcs@rt.fm>	Peter Valchev

2001-08-13	use getifaddrs(3) rather than SIOCGIFCONF. in fact, if_map() does not do	Jun-ichiro itojun Hagino
	the right thing on certain set of interface addresses. SIOCGIFCONF is the worst possible ioctl API...
2001-08-13	need to use IPV6_IPSEC_POLICY for IPv6 bypass policy setting. from the	Jun-ichiro itojun Hagino
	country of humppa.
2001-08-12	Don't coredump if the kernel doesn't support IPv6.	Angelos D. Keromytis

2001-08-12	#(endif\|else) foo is incorrect, make it #endif /* foo */	Heikki Korpela
	deraadt@ ok
2001-08-11	Add support for ICMP errors referring to ICMP queries/replies. Fixes	Daniel Hartmeier
	'ICMP error message for bad proto' messages. Reported by Mark Grimes and Steve Rumble. Add debugging level with ioctl interface and pfctl switch. Default is 'None'.
2001-08-11	Check socket >= 0. We should also be going through the list of cloned	Angelos D. Keromytis
	transports and invalidating (somehow) those whose socket should not be used.
2001-08-11	When a message is received on the wildcard (default) transport,	Angelos D. Keromytis
	re-examine the interface list; new addresses are bound to, and sockets to deleted addresses are closed. This only occurs if the Listen-to directive in isakmpd.conf is not used.
2001-08-11	\+\n support, and spit out cc-style error messages. the parser's line	Theo de Raadt
	counting is lex dependent, and will need to be tweaked
2001-08-11	Add TRANSPORT_MARK, for mark-and-sweep garbage collection of transport	Angelos D. Keromytis
	instances.
2001-08-11	Fix keynote credential case again.	Angelos D. Keromytis

2001-08-11	Allocate slightly larger buffer for cert.	Angelos D. Keromytis

2001-08-08	Typo: remove space before period. Spotted by Brian J. Kifiak <bk@rt.fm>.	Heikki Korpela
	millert@ ok