| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2005-01-08 | Use the handler specified in phandler instead of always using | Can Erkin Acar | |
| dump_packet. Report and patch from Peter Postma, thanks. | |||
| 2005-01-07 | Print disk size and free space in requested unit. Some refactoring to | Otto Moerbeek | |
| avoid code duplication as well. ok marco@ deraadt@ | |||
| 2005-01-07 | Use fstatfs(), not statfs() to determine free space so if /var/crash | Todd C. Miller | |
| is a link we follow it. OK deraadt@ jcs@ | |||
| 2005-01-06 | validate mfs size to avoid wrapping. ok miod@ | Otto Moerbeek | |
| 2005-01-06 | Missing braces in pfctl_load_debug(), pointed out by camield@ | Ryan Thomas McBride | |
| 2005-01-05 | spelling; | Jason McIntyre | |
| 2005-01-05 | kill whitespace; | Jason McIntyre | |
| 2005-01-05 | Document -m flag. | Ryan Thomas McBride | |
| 2005-01-05 | Modify pfctl behaviour so that 'set ...' options are no longer "sticky", ie. | Ryan Thomas McBride | |
| they are reset to default values if omitted from a subsequent ruleset load. Also: - make sure 'set ...' options are not loaded in anchors. - add a -m ("merge") flag to pfctl which allows an individual option to be set without reseting the others, eg: # echo "set loginterface fxp0" | pfctl -mf - ok henning@ dhartmei@ | |||
| 2005-01-05 | Discourage using aggressive mode. | Hans-Joerg Hoexer | |
| ok and some help ho@ | |||
| 2005-01-03 | don't merge a rule's source address into a table if we're already trying to | Mike Frantzen | |
| merge its destination address. caught by an assertion. it's tempting to do recursive reduction here to pick that low hanging fruit.... bug report from <gustavo AT hades DOT uint8t DOT org> | |||
| 2005-01-02 | "bad-timestamp" is a valid logging reason; | Jason McIntyre | |
| from joel knight; | |||
| 2004-12-31 | Build wicontrol on all arm archs, not just cats. | Dale Rahn | |
| 2004-12-30 | Replace home-grown byte swapping routine with calls to swap* macros | Todd C. Miller | |
| from endian.h. Header swapping is moved into its own function. Fixes problems reading non-native endian dump images on sparc64. Adapted from changes in NetBSD. | |||
| 2004-12-29 | Put settimeslot() into #ifndef SMALL as it is not needed on ramdisks. | Claudio Jeker | |
| OK deraadt@ | |||
| 2004-12-29 | Print 'set fingerprints' correctly when parsing verbosely. | Ryan Thomas McBride | |
| 2004-12-29 | Make sure that fingerprint_count gets reset to 0 correctly when we flush | Ryan Thomas McBride | |
| our list of fingerprints. ok dhartmei@ henning@ frantzen@ | |||
| 2004-12-29 | change last commit so that the test for PF_OPT_NOACTION is actually in | Dan Harnett | |
| pfctl_clear_interface_flags(). suggested by and ok henning@ | |||
| 2004-12-29 | don't clear interface flags if '-n' option was given. | Dan Harnett | |
| ok henning@ | |||
| 2004-12-29 | be quiet about resetting the interface flags omn ruleset load, only | Henning Brauer | |
| print that info on manual flushes. noticed by marc@ | |||
| 2004-12-28 | reset skip interface flags on reloads and for -Fall | Henning Brauer | |
| from max, this time working :) | |||
| 2004-12-28 | handle strtoul correctly on 64-bit machines; hshoexer ok | Theo de Raadt | |
| 2004-12-28 | proper portable C; ok hshoexer | Theo de Raadt | |
| 2004-12-28 | Correctly determine length of rsa key passed by the kernel to userland. Found | Hans-Joerg Hoexer | |
| and fix provided by Stefan Miltchev. Again, many thanks! Slightly different fix. ok ho@ | |||
| 2004-12-28 | use __LP64__; miod | Theo de Raadt | |
| 2004-12-27 | unbreak tree | Theo de Raadt | |
| 2004-12-27 | reset skip interface flags on reloads and for -Fall | Henning Brauer | |
| from max | |||
| 2004-12-27 | Fix broken pointer arithmetic when receiving a RSA key from the kernel. Found | Hans-Joerg Hoexer | |
| and fix provided by Stefan Miltchev. Thanks! ok otto@ | |||
| 2004-12-26 | snprintf return value paranoia; henning ok | Theo de Raadt | |
| 2004-12-25 | #ifndef SMALL throughout this, for install media; ok mcbride | Theo de Raadt | |
| 2004-12-23 | set rule_flag PFRULE_SRCTRACK when setting srctrack, found by camield@ | Daniel Hartmeier | |
| using regress test pf84 | |||
| 2004-12-22 | Introduce 'set skip on <ifspec>' to support a list of interfaces where no | Daniel Hartmeier | |
| packet filtering should occur (like loopback, for instance). Code from Max Laier, with minor improvements based on feedback from deraadt@. ok mcbride@, henning@ | |||
| 2004-12-22 | Fix parenthesis mismatch, from Stefan Miltchev. Thanks! | Hans-Joerg Hoexer | |
| While around, zap some spaces ok markus@ | |||
| 2004-12-22 | also pass SIGINT/QUIT to child, from mpech@. ok avsm@ | Otto Moerbeek | |
| 2004-12-22 | some -Wimplicit-function-declaration cleaning; ok millert@ | David Krause | |
| 2004-12-19 | use strchr instead of index | Theo de Raadt | |
| 2004-12-15 | missing free()s; with pat | Henning Brauer | |
| 2004-12-14 | &&/|| inversion would try to merge IP addresses with non-addresses into a | Mike Frantzen | |
| single table causing a ruleset load error and eventually a double-free. bug report and testing from martin{AT}spamcop net | |||
| 2004-12-14 | Reword comment a bit for clarity. hshoexer@ ok. | Hakan Olsson | |
| 2004-12-14 | add two warn() calls to make sure a warning message gets printed if one of | Mike Frantzen | |
| the table calls fails and the optimizer is gonna bomb out | |||
| 2004-12-14 | Allow the Address, Network, or Netmask values of the <IPsec-ID> to be | Ryan Thomas McBride | |
| specified with an interface name (in which case the first address is used) or the keyword 'default' (in which case the address is selected based on the default route). eg: [roadwarrior-ip] ID-type= IPV4_ADDR Address= default ok ho@ hshoexer@ | |||
| 2004-12-14 | link0 drops IP multicast, and link1 non-IP multicast. Not the other way | Camiel Dobbelaar | |
| around. ok fgsch@ | |||
| 2004-12-14 | mention /var/backups; | Jason McIntyre | |
| ok otto@ | |||
| 2004-12-13 | sync authpf anchor syntax; | Jason McIntyre | |
| also, spelling while i'm in here; from joel knight; | |||
| 2004-12-13 | make sure the isakmpd_s has id_r/s set; ok hshoexer, ho | Markus Friedl | |
| 2004-12-11 | A compare function for heapsort(3) should not just subtract two | Otto Moerbeek | |
| offsets, it does not work if the difference is large. Problem found by Jean-Gerard Pailloncyi who had false warnings of overlapping partitions. ok millert@ tedu@ | |||
| 2004-12-10 | allow pf to filter on route labels | Henning Brauer | |
| pass in from route dtag keep state queue reallyslow tested by Gabriel Kihlman <gk@stacken.kth.se> and Michael Knudsen <e@molioner.dk> and ryan ok ryan | |||
| 2004-12-10 | check msg->isakmp_sa != NULL before the transport gets updated; ok hshoexer | Markus Friedl | |
| 2004-12-08 | 1. allow up to DPD_RETRANS_MAX retransmitted R_U_THERE messages. | Markus Friedl | |
| 2. reset dpd_failcount when switching to DPD_TIMER_NORMAL. 3. ignore DPD timeouts on SAs that are marked SA_FLAG_REPLACED. ok hshoexer, ho | |||
| 2004-12-08 | NAT/T: replace the isakmpd SA transport with the transport from the | Markus Friedl | |
| message (only during phase 1). this avoids DPD messages to the 'wrong' port. ok hshoexer | |||
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |