| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2002-08-12 | Catch null pointer deref (segfault), from wilfried@ | Daniel Hartmeier | |
| 2002-08-12 | Build the wscons utilities on sparc, too | Miod Vallat | |
| 2002-08-12 | Enable wscons code on sparc, and let kbd_sparc.c die | Miod Vallat | |
| 2002-08-12 | Swap args to calloc(3) so they are in the correct order; art@ ok. | Aaron Campbell | |
| 2002-08-08 | Fix structure allocation. The code incorrectly used sizeof(pointer) instead | Aaron Campbell | |
| of sizeof(*pointer). provos@ ok | |||
| 2002-08-08 | Use & to test if bits are set, not &&; art@ ok. | Aaron Campbell | |
| 2002-08-08 | Append to the packet log file, don't overwrite. Requested by pb@. | Hakan Olsson | |
| 2002-08-08 | Insist on having the raid[0..n]a set up, when using the root on raid feature. | Thierry Deval | |
| (to avoid problems as in PR#2816) | |||
| 2002-08-08 | add a hppa case | Michael Shalayeff | |
| 2002-08-07 | A rewrite of the CRL support code, also from <Thomas.Walpuski@gmx.net>. | Hakan Olsson | |
| Some style mods, and checks added for OpenSSL version 0.9.7 or later. Currently CRLs are not supported for earlier versions. Manual pages updated. | |||
| 2002-08-06 | missing free(), mpech@ | Henning Brauer | |
| ok pb@ | |||
| 2002-08-06 | check fo strdup() allocation errors | Henning Brauer | |
| pointed out by mpech@ ok pb@ | |||
| 2002-08-04 | - grammar cleanup. | Grigoriy Orlov | |
| - check for the failure of strdup(). from tedu <grendel@zeitbombe.org> | |||
| 2002-08-02 | Check inet_aton() failure with == 0, not == -1; millert@ ok. | Aaron Campbell | |
| 2002-08-02 | Mention CRL support, tag and default value. | Hakan Olsson | |
| 2002-08-02 | CRL support for isakmpd. From <Thomas.Walpuski@gmx.net> with some minor | Hakan Olsson | |
| modifications by me. ok niklas@. | |||
| 2002-07-31 | KNF, esp. missing prototypes | Henning Brauer | |
| 2002-07-30 | grmpf. | Henning Brauer | |
| in some cases, on non-tcp rules flags weren't resetted. cosmetical only problem. but, well, checking for r->flags and r->flagset if we could have assigned them zero just one round ago is just stupid, and it's not needed to check them at all. ok pb@, dhartmei@ | |||
| 2002-07-30 | allow to specify flags on all rules that include tcp. | Henning Brauer | |
| these are valid: pass in from any to any flags S pass in proto { tcp, udp, icmp } from any to any flags S pass in proto tcp from any to any flags S these are invalid: pass in proto { udp, icmp } from any to any flags S pass in proto udp from any to any flags S ok "I've lost my slacker status for at least a week" frantzen@ ok pb@, dhartmei@, deraadt@ | |||
| 2002-07-27 | Typo; similates -> simulates | Aaron Campbell | |
| 2002-07-26 | make the order of log and quick irrelevant. now both | Henning Brauer | |
| block in log quick all and block in quick log all work. ok dhartmei@, deraadt@ | |||
| 2002-07-25 | pretty | Theo de Raadt | |
| 2002-07-25 | Rename the WSDISPLAY_TYPE_SUNFFB display type into a more generic name, | Miod Vallat | |
| ..._SUN24, since this only means 24 bit framebuffers with BGR encoding. Also add a WSDISPLAY_TYPE_SUNBW for Sun monochrome framebuffers, to be used by Xwsfb shortly. | |||
| 2002-07-23 | timeout_list/_spec and limit_list/_spec don't return anything -> no %type. | Henning Brauer | |
| ok theo | |||
| 2002-07-21 | fix route-to also | Theo de Raadt | |
| 2002-07-21 | make the , optional in many places. This makes string concat a lot more | Theo de Raadt | |
| useful. Now you can in = ssh domain www out = $in ftp finger pass in proto tcp from any to any port { $in } pass out proto tcp from any to any port { $out } a poor example, but the idea is obvious | |||
| 2002-07-21 | string concat, ie. | Theo de Raadt | |
| a=a b c=$a $a | |||
| 2002-07-20 | minor indent tweaks | Theo de Raadt | |
| 2002-07-20 | properly split yacc and lex use | Theo de Raadt | |
| 2002-07-19 | minor tweaks, sigh | Theo de Raadt | |
| 2002-07-19 | And back out the last change again. | Daniel Hartmeier | |
| 2002-07-19 | rework the interface lookup routines internals. | Henning Brauer | |
| less and easier code than before. no functional changes. ok frantzen@, dhartmei@ | |||
| 2002-07-19 | Support # comments at the end of lines and inside (multi-line) string | Daniel Hartmeier | |
| literals, so you can do things like macro="{ foo, # first entry bar, # second entry baz }" # last entry or pass in on $ext_if \ # external interface proto tcp \ # TCP connections from any to $ext_if \ # to the gateway itself keep state And sneaking in two minor fixes for KNF. | |||
| 2002-07-19 | Use getnameinfo() instead of gethostbyaddr() to support IPv6 reverse | Daniel Hartmeier | |
| lookups with pfctl -r. Makes things actually simpler. | |||
| 2002-07-19 | deal with the fact that the struct node_host ifa_pick_ip gets is not always | Henning Brauer | |
| the result of an interface expansion. in this case ifa_pick_ip does an address family check (that's actually a (wanted) side effect). Thus, we need to spit out a meaningfull error message in case of a mismatch. also adjust all the other error messages, they were also assuming that nh is the result of an interface expansion. after a looooong discussion on icb (dhartmei@, pb@, me) we agreed on the term "translation address" for that. okay dhartmei@ | |||
| 2002-07-18 | use inet_aton(), until this is made v6 aware | Theo de Raadt | |
| 2002-07-18 | fix warning | Theo de Raadt | |
| 2002-07-18 | de-lint a bit. use inet_aton(); millert ok | Theo de Raadt | |
| 2002-07-17 | support "self" as address. self expands to all IPv4 and IPv6 addresses of | Henning Brauer | |
| the machine, on all interfaces. I wanted block in log on ! lo0 from any to self for years, and now it's possible. ok "I may lose my slacking status if I OK it" frantzen@ ok dhartmei@ documentation in pf.conf.5 to come with pb@'s rewrite | |||
| 2002-07-16 | Add nat_consistent() and rdr_consistent() for checks that should occur | Daniel Hartmeier | |
| after rule expansion, similar to rule_consistent(). Fixes the non-effective test for rdr rules for non-TCP/UDP protocols with ports, found by mpech@, ok frantzen@ | |||
| 2002-07-16 | fix $OpenBSD Tag | Markus Friedl | |
| 2002-07-15 | add support for | Henning Brauer | |
| pass|block on ! $interface ... ok dhartmei@ will be documented in pf.conf(5) by "I'm not slacking!" pb@ who's currently reworking this manpage | |||
| 2002-07-15 | cosmetics/consolidations to manpage in yyerror()s | Philipp Buehler | |
| ok henning@, dhartmei@ | |||
| 2002-07-15 | o complain about keep state on block rules | Henning Brauer | |
| o complain about return-rst on rules which aren't limited to tcp pointed out by not-slacking-but-testing pb@ ok pb@, dhartmei@ | |||
| 2002-07-13 | add list expansion for interface and proto in nat rules and for proto in rdr | Henning Brauer | |
| rules (interface was already there). since the nat.conf/pf.conf merge the parser accepted these but didn't expand them. ugh. ok dhartmei@ | |||
| 2002-07-12 | Mention that an interface can be a part of at most one bridge. | Jason Wright | |
| 2002-07-11 | malloc() failure tests; rimshot@pandora.be | Theo de Raadt | |
| 2002-07-09 | HASH payload validation does not require an exchange. | Hakan Olsson | |
| 2002-07-09 | check sin6_scope_id field, just in case we change the routing socket API | Jun-ichiro itojun Hagino | |
| for scoped address (unlikely due to the deployed codebase...). | |||
| 2002-07-09 | getifaddrs(3) grabs link-local addrs in kernel internal form, convert them | Jun-ichiro itojun Hagino | |
| into proper sockaddr_in6. | |||
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |