Age | Commit message (Collapse) | Author | |
---|---|---|---|
2001-08-22 | USER_FQDN ID support, untested. | Hakan Olsson | |
2001-08-22 | IPCOMP policy control should be optional for backward | Niklas Hallqvist | |
compatibility. | |||
2001-08-22 | Alphabeticize extern decls. | Niklas Hallqvist | |
2001-08-22 | Add ipsec_id_string, a function for converting IDs to on epossible | Niklas Hallqvist | |
string form, to be used for IKE mode config and raw key selection by ID. Not yet used though. | |||
2001-08-22 | Need an extra sa_release() when de-allocating exchange-associated SAs; | Angelos D. Keromytis | |
thus, failed exchanges/negotiations don't leak SAs and transports. ok niklas@ | |||
2001-08-22 | Bypass IPCOMP too. | Niklas Hallqvist | |
2001-08-21 | pflogd; work by canacar@eee.metu.edu.tr and myself | Theo de Raadt | |
2001-08-21 | Remove /usr/bin/mkfifo link -- mkfifo has lived in /sbin for several | Todd C. Miller | |
releases now. | |||
2001-08-20 | Powered by @mantoya. | Mike Pechkin | |
o) fix bogus .Xr usage; millert@ ok. | |||
2001-08-19 | do not spin if no states are found | Theo de Raadt | |
2001-08-19 | Document per-rule byte counter. | Daniel Hartmeier | |
2001-08-19 | Add per-rule byte counter, so mickey can do accounting. We're counting the | Daniel Hartmeier | |
data part (without IP and TCP/UDP/ICMP headers), like the state counter does. | |||
2001-08-19 | Document per-rule statistics. If the evaluation counters look funny, | Daniel Hartmeier | |
think skip steps. | |||
2001-08-19 | Prevent section leak in conf space. | Angelos D. Keromytis | |
2001-08-19 | Print per-rule statistics when -v is used with -sr (show rules). | Daniel Hartmeier | |
2001-08-19 | Unfuck some TCP state stuff that would drop the SYN|ACK. | Mike Frantzen | |
Enumerated the TCP states. Here's a mapping new->old tcp states if anyone gives a shit: TCPS_CLOSED 0 TCPS_SYN_SENT 1 TCPS_ESTABLISHED 2 TCPS_CLOSING 3 TCPS_FIN_WAIT_2 4 TCPS_TIME_WAIT 5 | |||
2001-08-19 | Add parameter list support to parser. Handles lists for protocol, hosts | Daniel Hartmeier | |
and ports in filter rules, like block in from { 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16 } to any pass in proto tcp from any to any port { ssh, 1024 >< 2000, > 65000 } block in proto { udp, igmp } and does rule expansion (generate all needed rule combinations). | |||
2001-08-19 | fix buffer underrun on 1.51 | Jun-ichiro itojun Hagino | |
2001-08-18 | make pfctl -s state SCREAM; frantzen is now happy | Theo de Raadt | |
2001-08-18 | careful with snprintf() == -1; ho, provos | Theo de Raadt | |
2001-08-18 | also handle snprintf() < 0 | Theo de Raadt | |
2001-08-18 | more careful with snprintf result code | Theo de Raadt | |
2001-08-18 | prettier printing of states | Theo de Raadt | |
2001-08-18 | typo. From: "Brian J. Kifiak" <bk@rt.fm> | Jun-ichiro itojun Hagino | |
2001-08-18 | Add a possibility to add a random offset to the stack on exec. This makes | Artur Grabowski | |
it slightly harder to write generic buffer overflows. This doesn't really give any real security, but it raises the bar for script-kiddies and it's really cheap. The range of the random offsets is controlled by the sysctl kern.stackgap_random (must be a power of 2). This is disabled by default right now, but we'll set it to a reasonable value (1024?) soon, after some more testing. | |||
2001-08-17 | Fix keyed HMAC where the key was longer than the blocksize | Niklas Hallqvist | |
2001-08-17 | Add test with long key, longer than common hmac blocksize | Niklas Hallqvist | |
2001-08-17 | o) {Open,Net,Free}BSD -> .{O,N,F}x; | Mike Pechkin | |
o) "start sentence on new line" issues; o) minimal -mdoc improvements; millert@ ok | |||
2001-08-17 | Rewrite to do lookups depending on ID type. IPv4 and FQDN only for now. | Hakan Olsson | |
2001-08-17 | Sony is Chip ID 2 (like in the Aibo) | Todd C. Miller | |
2001-08-16 | remove unneeded LWRESLIB definition. ok ho@ | Jakob Schlyter | |
2001-08-16 | openssl black magic. | Hakan Olsson | |
2001-08-16 | Don't right-justify this debug message. | Hakan Olsson | |
2001-08-16 | Off-by-one error in [u]fqdn cases, plus better debug messages when | Hakan Olsson | |
looking for public key files. | |||
2001-08-16 | ISAKMP ID type offset was wrong. | Hakan Olsson | |
2001-08-16 | track the line number per-token, so that we can report errors correctly | Theo de Raadt | |
2001-08-16 | do not link with lwres. ok ho@ | Jakob Schlyter | |
2001-08-16 | add support for getrrsetbyname(3) from libc. ok ho@. | Jakob Schlyter | |
2001-08-15 | Some more style... | Hakan Olsson | |
2001-08-15 | A small utility to convert between OpenSSL(1) and DNSSEC key formats. | Hakan Olsson | |
2001-08-15 | Support trusted public (RSA) keys as files too. niklas@ ok. | Hakan Olsson | |
2001-08-14 | The same msg length fix for KAME cases. | Hakan Olsson | |
2001-08-14 | Proper length for PFKEYv2 messages in IPv4-in-IPv6 / IPv6-in-IPv4 flows. | Hakan Olsson | |
2001-08-14 | Print the correct fields in a debug message. (cut'n'paste bug) | Hakan Olsson | |
2001-08-14 | optimize the flags parsing; markus@ ok | Michael Shalayeff | |
2001-08-13 | grammar fix from Joshua Stein <jcs@rt.fm> | Peter Valchev | |
2001-08-13 | use getifaddrs(3) rather than SIOCGIFCONF. in fact, if_map() does not do | Jun-ichiro itojun Hagino | |
the right thing on certain set of interface addresses. SIOCGIFCONF is the worst possible ioctl API... | |||
2001-08-13 | need to use IPV6_IPSEC_POLICY for IPv6 bypass policy setting. from the | Jun-ichiro itojun Hagino | |
country of humppa. | |||
2001-08-12 | Don't coredump if the kernel doesn't support IPv6. | Angelos D. Keromytis | |
2001-08-12 | #(endif|else) foo is incorrect, make it #endif /* foo */ | Heikki Korpela | |
deraadt@ ok |