src - OpenBSD base system

Age	Commit message (Collapse)	Author
2005-05-27	filtering on ruleset name is already implemented, document it.	Daniel Hartmeier

2005-05-27	show flow type (require, use, etc.)	Hans-Joerg Hoexer

2005-05-27	Additional paranoia. OK hshoexer	Chad Loder

2005-05-27	Use SADB_SATYPE_* instead of IPPROTO_*	Hans-Joerg Hoexer

2005-05-27	get rid of 'log-all'. now that we have 'log (options)', make 'all' an	Daniel Hartmeier
	option to log. so, 'log-all' becomes 'log (all)'.
2005-05-27	get rid of shift/reduce conflicts, don't support empty logopts	Daniel Hartmeier

2005-05-27	log two pairs of uid/pid through pflog: the uid/pid of the process that	Daniel Hartmeier
	inserted the rule which causes the logging. secondly, the uid/pid of the process in case the logged packet is delivered to/from a local socket. a lookup of the local socket can be forced for logged packets with a new option, 'log (user)'. make tcpdump print the additional information when -e and -v is used. note: this changes the pflog header struct, rebuild all dependancies. ok bob@, henning@.
2005-05-27	When looping over pfkey messages, make sure extension length is > 0.	Hans-Joerg Hoexer
	While around, do some minor tweaks in a not yet used code path.
2005-05-27	use new sysctl to retrieve flow informations including IDs	Hans-Joerg Hoexer

2005-05-27	o only pass signals from monitor to slave when pid is valid	Moritz Jodeit
	o remove some unused monitor command with and ok hshoexer
2005-05-27	move m_state.s directly into must_{read,write} instead of passing	Moritz Jodeit
	it every time as an argument. ok cloder@ hshoexer@
2005-05-27	remove unused table	Hans-Joerg Hoexer

2005-05-27	Support for dumping the SADB.	Hans-Joerg Hoexer

2005-05-27	Experimental support for opportunitic use of jumbograms where only some hosts	Ryan Thomas McBride
	on the local network support them. This adds a new socket option, SO_JUMBO, and a new route flag, RTF_JUMBO. If _both_ the socket option is set and the route for the host has RTF_JUMBO set, ip_output will fragment the packet to the largest possible size for the link, ignoring the card's MTU. The semantics of this feature will be evolving rapidly; talk to us if you intend to use it. ok deraadt@ marius@
2005-05-27	guarantee nul-termination in the monitor, we must. ok cloder@ hshoexer@	Moritz Jodeit

2005-05-27	allow 'tagged' in 'anchor' rules (without complaining about missing	Daniel Hartmeier
	'keep state'), as a condition to branch into the anchor. suggested by Bill Marquette.
2005-05-26	simplify read/write between child and monitor	Hans-Joerg Hoexer
	help and ok cloder moritz
2005-05-26	Add ARGSUSED for lint, one comment for me	Hans-Joerg Hoexer

2005-05-26	The illegalness of "no nat log" is already enforced by the grammar.	Camiel Dobbelaar
	ok dhartmei
2005-05-26	remove traces from union et al; pedro@ ok.	Federico G. Schwindt

2005-05-26	use PF_LOG, PF_LOGALL instead of numeric constants	Daniel Hartmeier

2005-05-26	support 'log' and 'log-all' in 'nat/rdr/binat pass' rules. original patch	Daniel Hartmeier
	from camield@. use #defines PF_LOG, PF_LOGALL instead of magic constants. ok frantzen@, camield@
2005-05-26	Use TAILQ_FOREACH where possible, remove payload_last()	Hans-Joerg Hoexer
	ok markus
2005-05-26	add log_errorx() which doesn't print the errno value. ok hshoexer@	Moritz Jodeit

2005-05-26	introduce ISAKMP_PAYLOAD_MAX	Hans-Joerg Hoexer

2005-05-26	get rid of payload mapping	Hans-Joerg Hoexer
	ok markus ho cloder
2005-05-26	remove hiding of interface family groups	Henning Brauer

2005-05-26	Handle strdup returning NULL. OK hshoexer	Chad Loder

2005-05-26	switch the max_src_{states,conn,conn_rate} from superblock breaks to superblock	Mike Frantzen
	optimization barriers to prevent table merging or rule re-ordering ok dhartmei@
2005-05-26	disallow interface group names that end in a digit to differentiate them from	Mike Frantzen
	true interfaces ok henning@
2005-05-26	remove reference to MNT_UNION	Pedro Martelletto

2005-05-26	bye bye	Pedro Martelletto

2005-05-26	remove the stackable filesystems	Pedro Martelletto

2005-05-26	Clean up some cleanup code. Fixes at least one leak, possibly more.	Chad Loder
	OK hshoexer
2005-05-25	make the remaining pf_rule fields named superblock BREAKs instead just letting	Mike Frantzen
	them default to BREAKs. no functional change
2005-05-25	make the optimizer safe in the presence of interface groups. they must act as	Mike Frantzen
	an optimization block break ok dhartmei@
2005-05-25	Fix a comment	Hans-Joerg Hoexer

2005-05-25	rearrange order of messages sent to the kernel	Hans-Joerg Hoexer

2005-05-25	set incoming flows to "use", outgoing to "require"	Hans-Joerg Hoexer

2005-05-25	prepare for new sysctl interface, not used yet	Hans-Joerg Hoexer

2005-05-25	do not swap srcid/dstid for INOUT rules.	Hans-Joerg Hoexer

2005-05-25	use bzero	Hans-Joerg Hoexer

2005-05-25	add ifconfig -M option to replace wicontrol -L and -l for ap scanning	Reyk Floeter
	and node listing. wicontrol is not supported by net80211 drivers anymore. further improvements will be done. ok dlg@, jsg@
2005-05-25	aesctr and null support	Markus Friedl

2005-05-24	Identify states that will not be synchronised in pfctl -vvss output.	Christopher Pascoe
	ok mcbride@ henning@
2005-05-24	fix minor ouput glitch, by using strtonum instead of strtol.	Moritz Jodeit
	ok millert@
2005-05-24	support trunk stacking (trunks as trunk ports) and some fixes	Reyk Floeter
	ok brad@
2005-05-24	add net.inet.ip.ifq for monitoring and changing ifqueue; similar to netbsd	Markus Friedl
	ok henning
2005-05-24	kill unneeded exit(). log_fatal() already does it. ok hshoexer@	Moritz Jodeit

2005-05-24	no more 'ifconfig $if 0.0.0.0 up' only 'ifconfig $if up' since dhclient	Todd T. Fries
	uses bpf exclusively ok deraadt@, henning@, claudio@