src - OpenBSD base system

Age	Commit message (Collapse)	Author
2003-05-19	print out the full netmask; don't just ignore the upper bits in the v4 case	Henning Brauer
	helps finding assignment bugs.
2003-05-19	reject invalid netmasks like 10.0.0.0/68, and fix up the netmask for	Henning Brauer
	dynaddr rules after we know the address family ok dhartmei@, inspired by a session with bob
2003-05-19	all host() receivers have to test for NULL	Henning Brauer

2003-05-19	err out on obviously wrong netmasks	Henning Brauer

2003-05-19	if host() returns NULL, it is an error, so err the fuck out and don't	Henning Brauer
	load bullshit
2003-05-19	don't print altq en-/disabled - there's no point, you can't turn them on	Henning Brauer
	and off independently. so only complain if there's a real error. ok dhartmei@ pb@ camield@
2003-05-19	style consistency	Henning Brauer

2003-05-19	Use a decaying average for smoother rate estimates.	Camiel Dobbelaar
	ok henning dhartmei
2003-05-18	Add some path sanitation; only permit write operations to /tmp,	Hakan Olsson
	/var/tmp and /var/run. Opens in /etc/isakmpd/ are read-only. Any other path is invalid. markus@ ok.
2003-05-18	Style tweak.	Hakan Olsson

2003-05-18	Add a debug message to sa_reinit() to indicate when we renegotiate	Hakan Olsson
	active connections.
2003-05-18	indent here in the same way as in -vsr for consistency	Henning Brauer

2003-05-18	in the pfctl -vsr output (-vvsr/-gvvsr as well), indent instead of extra	Henning Brauer
	newline. requested by markus@, dhartmei and myself agree
2003-05-18	Forgot to remove a couple of debug messages	Hakan Olsson

2003-05-18	struct sockaddr is not large enough in itself to contain the address	Hakan Olsson
	value. Switching to sockaddr_storage makes interface rescanning work properly. niklas@ ok.
2003-05-18	More isakmpd privsep work. X509 private keys are now kept in the privileged	Hakan Olsson
	process only. Various cleanup and bugfixes. markus@ ok
2003-05-18	Sysdep for native Linux IPSec, 2.5 and later. From Thomas Walpuski, with	Hakan Olsson
	various tweaks by me. niklas@ ok.
2003-05-17	Better return codes from mm_send_fd and mm_receive_fd	Hakan Olsson

2003-05-17	Use log_error(), not log_fatal().	Hakan Olsson
	Style.
2003-05-17	tweak;	Jason McIntyre
	ok ho@
2003-05-17	Fix proxy related output.	Daniel Hartmeier

2003-05-17	A little bugfix. We want pfioc_states, not pfioc_state.	Ryan Thomas McBride
	ok henning@
2003-05-17	support inverse matching on tags like	Henning Brauer
	block in ! tagged sometag ok dhartmei@ pb@
2003-05-16	If the "Renegotiate-on-HUP" tag is defined in the [General] section, a	Hakan Olsson
	HUP signal (or "R" to the FIFO) will also renegotiate all Phase 2 SAs, i.e all connections. ok niklas@, tested and ok kjell@.
2003-05-16	TCP SYN proxy. Instead of 'keep state' or 'modulate state', one can use	Daniel Hartmeier
	'synproxy state' for TCP connections. pf will complete the TCP handshake with the active endpoint before passing any packets to the passive end- point, preventing spoofed SYN floods from reaching the passive endpoint. No additional memory requirements, no cookies needed, random initial sequence numbers, uses the existing sequence number modulators to translate packets after the handshakes. ok frantzen@
2003-05-15	make getifaddrs(3) a default, as all BSD has it by now	Jun-ichiro itojun Hagino

2003-05-15	properly complain about too long tags	Henning Brauer

2003-05-15	Correct a two year old typo, which might actually make	Hakan Olsson
	setsockopt(..., IP_IPSEC_LOCAL_AUTH, ...) start working.
2003-05-15	Cleanup. Do not store the private key in either the exchange or sa structs.	Hakan Olsson

2003-05-15	Work around some OpenSSL BIO "features" to read the key correctly.	Hakan Olsson

2003-05-15	Proper exit of the monitor process.	Hakan Olsson

2003-05-15	wait() for the child process	Hakan Olsson

2003-05-15	Start of privilege separation for isakmpd.	Hakan Olsson
	There are some kinks left, so keep it default disabled for now. markus@ says ok to commit.
2003-05-15	(c)	Hakan Olsson

2003-05-14	add scrub modifier "reassemble tcp" to turn on stateful TCP normalizations	Mike Frantzen
	ok henning@ dhartmei@
2003-05-14	properly terminate debug string (levels >=40)	Kjell Wooding
	Use "%.*s" as suggested by Niklas. ok ho@. Lost by kjell. oked ho@. lost by kjell again. oked ho@
2003-05-14	Remove the .if/.endif stuff that gmake does not understand.	Hakan Olsson
	Replace with a comment about needing keynote for policy.
2003-05-14	tagging on binat	Henning Brauer

2003-05-14	enabled tagging on rdr rules	Henning Brauer

2003-05-14	Call the FreeS/WAN sysdep 'freeswan'. The 'linux' sysdep will be native ↵	Hakan Olsson
	Linux IPSec.
2003-05-14	Default public key directory definition sanity.	Hakan Olsson

2003-05-14	Policy file default defined twice, kill the local copy.	Hakan Olsson

2003-05-14	Fix a typo (in unused code).	Hakan Olsson

2003-05-14	I did not test this enough. Unbreak.	Hakan Olsson

2003-05-14	pflogd now uses the new pflog link type. Trying to append to an existing	Can Erkin Acar
	old-style logfile will fail. Move away old log files. ok henning@ dhartmei@ frantzen@
2003-05-14	Minor format string correctness.	Chad Loder
	OK deraadt, ian darwin
2003-05-14	The ramdac's hater club is proud to present new yet another SBus frame	Miod Vallat
	bufer driver, this time for the Southland Media Systems (now Quantum 3D) MGX and MGXPlus cards. Not complete, but a good start.
2003-05-14	with tag/tagged given, only whine about missing keep state on pass rules	Henning Brauer

2003-05-14	allow SCRUB rules to specify protocol again. broken sometime in the past.	Mike Frantzen
	okie dhartmei@, yay pb@
2003-05-14	tags on nat rules:	Henning Brauer
	nat on $ext_if all tag humppa -> $ext_if pass out tagged hummpa keep state