| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2001-08-23 | o for a port_item, initialize the "next" pointer to NULL | Todd C. Miller | |
| o for an address, use calloc() instead of malloc() so the struct is zeroed Fixes a SEGV in pfctl due to uninitialized "next" pointers. | |||
| 2001-08-23 | Support var="string". Expansion (at lex time) done using $var, for instance: | Theo de Raadt | |
| okproto="{ssh, smtp, domain, auth}" pass in on key0 proto tcp from any to any port $okproto keep state Can I ask someone else to document this in pf.conf(5)? | |||
| 2001-08-23 | KNF | Theo de Raadt | |
| 2001-08-23 | for -s all, do not error out when the first ioctl fails | Theo de Raadt | |
| 2001-08-23 | fix usage | Theo de Raadt | |
| 2001-08-23 | do not permit snaplen change on an active log file | Theo de Raadt | |
| 2001-08-22 | Revert last change. | Hakan Olsson | |
| 2001-08-22 | Compile on older systems. | Hakan Olsson | |
| 2001-08-22 | use ipsec_id_string() when generating rawkey file names. | Hakan Olsson | |
| 2001-08-22 | ftp-proxy | Bob Beck | |
| 2001-08-22 | If we fail to get a key from DNSSEC, RAWKEY can still succeed. | Hakan Olsson | |
| 2001-08-22 | Modify as per deraadt@'s wishes. aaron@ ok. | Hakan Olsson | |
| 2001-08-22 | clarify tcpdump use; frantzen | Theo de Raadt | |
| 2001-08-22 | Add an example. | Hakan Olsson | |
| 2001-08-22 | Add a manual page. | Hakan Olsson | |
| 2001-08-22 | DNS KEY RR values. | Hakan Olsson | |
| 2001-08-22 | Cleanup and style fixes. Use getopt(). | Hakan Olsson | |
| 2001-08-22 | properly handle empty log file | Theo de Raadt | |
| 2001-08-22 | USER_FQDN ID support, untested. | Hakan Olsson | |
| 2001-08-22 | IPCOMP policy control should be optional for backward | Niklas Hallqvist | |
| compatibility. | |||
| 2001-08-22 | Alphabeticize extern decls. | Niklas Hallqvist | |
| 2001-08-22 | Add ipsec_id_string, a function for converting IDs to on epossible | Niklas Hallqvist | |
| string form, to be used for IKE mode config and raw key selection by ID. Not yet used though. | |||
| 2001-08-22 | Need an extra sa_release() when de-allocating exchange-associated SAs; | Angelos D. Keromytis | |
| thus, failed exchanges/negotiations don't leak SAs and transports. ok niklas@ | |||
| 2001-08-22 | Bypass IPCOMP too. | Niklas Hallqvist | |
| 2001-08-21 | pflogd; work by canacar@eee.metu.edu.tr and myself | Theo de Raadt | |
| 2001-08-21 | Remove /usr/bin/mkfifo link -- mkfifo has lived in /sbin for several | Todd C. Miller | |
| releases now. | |||
| 2001-08-20 | Powered by @mantoya. | Mike Pechkin | |
| o) fix bogus .Xr usage; millert@ ok. | |||
| 2001-08-19 | do not spin if no states are found | Theo de Raadt | |
| 2001-08-19 | Document per-rule byte counter. | Daniel Hartmeier | |
| 2001-08-19 | Add per-rule byte counter, so mickey can do accounting. We're counting the | Daniel Hartmeier | |
| data part (without IP and TCP/UDP/ICMP headers), like the state counter does. | |||
| 2001-08-19 | Document per-rule statistics. If the evaluation counters look funny, | Daniel Hartmeier | |
| think skip steps. | |||
| 2001-08-19 | Prevent section leak in conf space. | Angelos D. Keromytis | |
| 2001-08-19 | Print per-rule statistics when -v is used with -sr (show rules). | Daniel Hartmeier | |
| 2001-08-19 | Unfuck some TCP state stuff that would drop the SYN|ACK. | Mike Frantzen | |
| Enumerated the TCP states. Here's a mapping new->old tcp states if anyone gives a shit: TCPS_CLOSED 0 TCPS_SYN_SENT 1 TCPS_ESTABLISHED 2 TCPS_CLOSING 3 TCPS_FIN_WAIT_2 4 TCPS_TIME_WAIT 5 | |||
| 2001-08-19 | Add parameter list support to parser. Handles lists for protocol, hosts | Daniel Hartmeier | |
| and ports in filter rules, like block in from { 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16 } to any pass in proto tcp from any to any port { ssh, 1024 >< 2000, > 65000 } block in proto { udp, igmp } and does rule expansion (generate all needed rule combinations). | |||
| 2001-08-19 | fix buffer underrun on 1.51 | Jun-ichiro itojun Hagino | |
| 2001-08-18 | make pfctl -s state SCREAM; frantzen is now happy | Theo de Raadt | |
| 2001-08-18 | careful with snprintf() == -1; ho, provos | Theo de Raadt | |
| 2001-08-18 | also handle snprintf() < 0 | Theo de Raadt | |
| 2001-08-18 | more careful with snprintf result code | Theo de Raadt | |
| 2001-08-18 | prettier printing of states | Theo de Raadt | |
| 2001-08-18 | typo. From: "Brian J. Kifiak" <bk@rt.fm> | Jun-ichiro itojun Hagino | |
| 2001-08-18 | Add a possibility to add a random offset to the stack on exec. This makes | Artur Grabowski | |
| it slightly harder to write generic buffer overflows. This doesn't really give any real security, but it raises the bar for script-kiddies and it's really cheap. The range of the random offsets is controlled by the sysctl kern.stackgap_random (must be a power of 2). This is disabled by default right now, but we'll set it to a reasonable value (1024?) soon, after some more testing. | |||
| 2001-08-17 | Fix keyed HMAC where the key was longer than the blocksize | Niklas Hallqvist | |
| 2001-08-17 | Add test with long key, longer than common hmac blocksize | Niklas Hallqvist | |
| 2001-08-17 | o) {Open,Net,Free}BSD -> .{O,N,F}x; | Mike Pechkin | |
| o) "start sentence on new line" issues; o) minimal -mdoc improvements; millert@ ok | |||
| 2001-08-17 | Rewrite to do lookups depending on ID type. IPv4 and FQDN only for now. | Hakan Olsson | |
| 2001-08-17 | Sony is Chip ID 2 (like in the Aibo) | Todd C. Miller | |
| 2001-08-16 | remove unneeded LWRESLIB definition. ok ho@ | Jakob Schlyter | |
| 2001-08-16 | openssl black magic. | Hakan Olsson | |
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |