Age | Commit message (Collapse) | Author | |
---|---|---|---|
2003-12-16 | Document new pfsync options (syncif, -syncif and maxupd). | Ryan Thomas McBride | |
ok deraadt@ | |||
2003-12-16 | Check that max-src-states and max-src-nodes are not being set to 0. | Ryan Thomas McBride | |
2003-12-16 | hostid is stored in network byte order, print in host byte order. | Ryan Thomas McBride | |
2003-12-15 | Support for groups modp2048, modp3072, modp4096, modp6144 and modp8192 (IDs 14 | Hans-Joerg Hoexer | |
to 18). ok ho@ | |||
2003-12-15 | KNF here too | Henning Brauer | |
2003-12-15 | Whitespace. | Ryan Thomas McBride | |
2003-12-15 | Add initial support for pf state synchronization over the network. | Ryan Thomas McBride | |
Implemented as an in-kernel multicast IP protocol. Turn it on like this: # ifconfig pfsync0 up syncif fxp0 There is not yet any authentication on this protocol, so the syncif must be on a trusted network. ie, a crossover cable between the two firewalls. NOTABLE CHANGES: - A new index based on a unique (creatorid, stateid) tuple has been added to the state tree. - Updates now appear on the pfsync(4) interface; multiple updates may be compressed into a single update. - Applications which use bpf on pfsync(4) will need modification; packets on pfsync no longer contains regular pf_state structs, but pfsync_state structs which contain no pointers. Much more to come. ok deraadt@ | |||
2003-12-15 | Add support to track stateful connections by source ip. This allows us | Ryan Thomas McBride | |
to: - Ensure that clients get a consistent IP mapping with load-balanced translation/routing rules - Limit the number of simultaneous connections a client can make - Limit the number of clients which can connect through a rule ok dhartmei@ deraadt@ | |||
2003-12-14 | Log the actual port for src and dst, don't assume it's always 500. | Hakan Olsson | |
2003-12-14 | Make isakmpd work on big endian linux machines. From Sebastian Klemke. | Hakan Olsson | |
Also, a few style nits and a better error message text. | |||
2003-12-08 | make man page more closely match what's in /proc; | Jason McIntyre | |
partly from PR 2101 (still open, since code needs fixed); ok tedu@ | |||
2003-12-08 | add IOCIFGCLONERS; ifconfig -C; from netbsd; ok henning, deraadt | Markus Friedl | |
2003-12-07 | ANSI | Markus Friedl | |
2003-12-07 | typo; lists-openbsd@2ls4agd.net | Theo de Raadt | |
2003-12-06 | bit more flesh to the create and destroy; thanks jmc | Theo de Raadt | |
2003-12-05 | Style nits | Hakan Olsson | |
2003-12-05 | madvise() the mfs storage area as randomly accessed as mfs does it's own ↵ | Michael Shalayeff | |
clustering; tedu@ ok | |||
2003-12-04 | Validate SPIs presented in DELETE messages of the informational exchange. | Hans-Joerg Hoexer | |
ok markus@ | |||
2003-12-04 | Typos | Miod Vallat | |
2003-12-04 | no, you cannot form a raid from wd0h and wd0h. | Henning Brauer | |
found by Joel Knight | |||
2003-12-03 | add support for ifconfig clone; from netbsd; ok deraadt, henning | Markus Friedl | |
2003-12-02 | UDP encapsulation for ESP in transport mode (draft-ietf-ipsec-udp-encaps-XX.txt) | Markus Friedl | |
ok deraadt@ | |||
2003-11-29 | allow ':' (range including boundaries) to be used whereever '><' (range | Daniel Hartmeier | |
excluding boundaries) is legal. already supported by kernel, requires only removal of three error messages. ok henning@ | |||
2003-11-25 | - document interaction with SIGINFO, as observed by Franciszek Holop on misc@ | Jason McIntyre | |
- add some .Pp - typo | |||
2003-11-22 | daniel stumbled over a broken regress test, and it turned out that I forgot | Henning Brauer | |
to commit a diff from 11/6... do not insert the "block in on ! interface" rule for antispoof statements when the interface in question does not have any IP address, because that then expands to block in on ! interface all which is obviously bad. niklas@ found it, dhartmei@ ok, and I think some more ppl ok I don't remember | |||
2003-11-21 | - standard SYNOPSIS | Jason McIntyre | |
- sort OPTIONS - s/Dq/Sq when quoting single characters - sync usage() - simplify macros | |||
2003-11-20 | remove -Werror from userland builds, to give us a chance to | Anil Madhavapeddy | |
use more verbose warning options if desired. ok millert@, henning@, david@ | |||
2003-11-20 | use .Dv for AF_INET and AF_INET6 (kills ugly line break); | Jason McIntyre | |
spotted by Alexey E. Suslikov; also kill some .Pp's before displays/lists for better PostScript output; | |||
2003-11-16 | __attribute__((__packed__)) -> __packed | Anil Madhavapeddy | |
2003-11-15 | fix savecore on big endian 64 bit arches. OK millert@ | Marco S Hyman | |
2003-11-15 | no dup header sys/types.h. from Andrey Matveev | Ted Unangst | |
2003-11-14 | in print_status: | Henning Brauer | |
-print debuglevel "Loud", this was omitted before (catched by mpech@) -use the fine PF_DEBUG_* defines instead of magic numbers ok markus | |||
2003-11-14 | allow the debuglevel to be set from pf.conf (set debug) | Henning Brauer | |
ok cedric@ | |||
2003-11-09 | Unbreak printing of vlan interface information, commented out accidentally | Ryan Thomas McBride | |
in CARP import. | |||
2003-11-08 | typos from Jonathon Gray; | Jason McIntyre | |
2003-11-08 | Add 'no-sync' state option to prevent state transition messages for states | Ryan Thomas McBride | |
created by this rule from appearing on the pfsync(4) interface. e.g. pass in proto tcp to self flags S/SA keep state (no-sync) ok cedric@ henning@ dhartmei@ | |||
2003-11-07 | adress -> address, and a few more; all from Jonathon Gray; | Jason McIntyre | |
(mvme68k/mvme88k) vs.c and (vax) if_le.c ok miod@ isakmpd ones ok ho@ | |||
2003-11-07 | - document /etc/kbdtype | Jason McIntyre | |
- sort options list and FILES - put example descriptions before examples and indent them ok mickey@ | |||
2003-11-06 | Style nits. | Hakan Olsson | |
2003-11-06 | Require encrypted messages are soon as we have the keystate for it. | Hakan Olsson | |
Require DELETE payloads to be accompanied by HASHes, and add validation for HASH payloads without active exchanges. From Hans-Joerg Hoexer with various modifications and suggestions from me and markus@. Ok markus@. | |||
2003-11-06 | spis[] type tweak. From Hans-Joerg Hoexer. | Hakan Olsson | |
2003-11-06 | two more KNF violations I missed earlier. who introduces those all the time? | Henning Brauer | |
2003-11-06 | and fix two err() that should be errx() while beeing here | Henning Brauer | |
2003-11-06 | need calloc here | Henning Brauer | |
2003-11-06 | KNF | Henning Brauer | |
2003-11-06 | allow the label macros to be used in tags as well. | Henning Brauer | |
the idea is not mine and I'dlove to get credit, but I cannot find the mail any more :-(( ok canacar@ dhartmei@ | |||
2003-11-06 | don't write magic until the file system is really done. prevents | Ted Unangst | |
fsck/mount unhappiness. hint from freebsd-arch ml. ok deraadt@ | |||
2003-11-05 | PFS: Perfect Forward Secrecy (RFC 2409); | Jason McIntyre | |
from misc@ and ok markus@ | |||
2003-11-05 | updated URL from Jared Yanovich; | Jason McIntyre | |
2003-11-05 | updated URL from Jared Yanovich; | Jason McIntyre | |