summaryrefslogtreecommitdiff
path: root/sbin
AgeCommit message (Collapse)Author
2001-08-21pflogd; work by canacar@eee.metu.edu.tr and myselfTheo de Raadt
2001-08-21Remove /usr/bin/mkfifo link -- mkfifo has lived in /sbin for severalTodd C. Miller
releases now.
2001-08-20Powered by @mantoya.Mike Pechkin
o) fix bogus .Xr usage; millert@ ok.
2001-08-19do not spin if no states are foundTheo de Raadt
2001-08-19Document per-rule byte counter.Daniel Hartmeier
2001-08-19Add per-rule byte counter, so mickey can do accounting. We're counting theDaniel Hartmeier
data part (without IP and TCP/UDP/ICMP headers), like the state counter does.
2001-08-19Document per-rule statistics. If the evaluation counters look funny,Daniel Hartmeier
think skip steps.
2001-08-19Prevent section leak in conf space.Angelos D. Keromytis
2001-08-19Print per-rule statistics when -v is used with -sr (show rules).Daniel Hartmeier
2001-08-19Unfuck some TCP state stuff that would drop the SYN|ACK.Mike Frantzen
Enumerated the TCP states. Here's a mapping new->old tcp states if anyone gives a shit: TCPS_CLOSED 0 TCPS_SYN_SENT 1 TCPS_ESTABLISHED 2 TCPS_CLOSING 3 TCPS_FIN_WAIT_2 4 TCPS_TIME_WAIT 5
2001-08-19Add parameter list support to parser. Handles lists for protocol, hostsDaniel Hartmeier
and ports in filter rules, like block in from { 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16 } to any pass in proto tcp from any to any port { ssh, 1024 >< 2000, > 65000 } block in proto { udp, igmp } and does rule expansion (generate all needed rule combinations).
2001-08-19fix buffer underrun on 1.51Jun-ichiro itojun Hagino
2001-08-18make pfctl -s state SCREAM; frantzen is now happyTheo de Raadt
2001-08-18careful with snprintf() == -1; ho, provosTheo de Raadt
2001-08-18also handle snprintf() < 0Theo de Raadt
2001-08-18more careful with snprintf result codeTheo de Raadt
2001-08-18prettier printing of statesTheo de Raadt
2001-08-18typo. From: "Brian J. Kifiak" <bk@rt.fm>Jun-ichiro itojun Hagino
2001-08-18Add a possibility to add a random offset to the stack on exec. This makesArtur Grabowski
it slightly harder to write generic buffer overflows. This doesn't really give any real security, but it raises the bar for script-kiddies and it's really cheap. The range of the random offsets is controlled by the sysctl kern.stackgap_random (must be a power of 2). This is disabled by default right now, but we'll set it to a reasonable value (1024?) soon, after some more testing.
2001-08-17Fix keyed HMAC where the key was longer than the blocksizeNiklas Hallqvist
2001-08-17Add test with long key, longer than common hmac blocksizeNiklas Hallqvist
2001-08-17o) {Open,Net,Free}BSD -> .{O,N,F}x;Mike Pechkin
o) "start sentence on new line" issues; o) minimal -mdoc improvements; millert@ ok
2001-08-17Rewrite to do lookups depending on ID type. IPv4 and FQDN only for now.Hakan Olsson
2001-08-17Sony is Chip ID 2 (like in the Aibo)Todd C. Miller
2001-08-16remove unneeded LWRESLIB definition. ok ho@Jakob Schlyter
2001-08-16openssl black magic.Hakan Olsson
2001-08-16Don't right-justify this debug message.Hakan Olsson
2001-08-16Off-by-one error in [u]fqdn cases, plus better debug messages whenHakan Olsson
looking for public key files.
2001-08-16ISAKMP ID type offset was wrong.Hakan Olsson
2001-08-16track the line number per-token, so that we can report errors correctlyTheo de Raadt
2001-08-16do not link with lwres. ok ho@Jakob Schlyter
2001-08-16add support for getrrsetbyname(3) from libc. ok ho@.Jakob Schlyter
2001-08-15Some more style...Hakan Olsson
2001-08-15A small utility to convert between OpenSSL(1) and DNSSEC key formats.Hakan Olsson
2001-08-15Support trusted public (RSA) keys as files too. niklas@ ok.Hakan Olsson
2001-08-14The same msg length fix for KAME cases.Hakan Olsson
2001-08-14Proper length for PFKEYv2 messages in IPv4-in-IPv6 / IPv6-in-IPv4 flows.Hakan Olsson
2001-08-14Print the correct fields in a debug message. (cut'n'paste bug)Hakan Olsson
2001-08-14optimize the flags parsing; markus@ okMichael Shalayeff
2001-08-13grammar fix from Joshua Stein <jcs@rt.fm>Peter Valchev
2001-08-13use getifaddrs(3) rather than SIOCGIFCONF. in fact, if_map() does not doJun-ichiro itojun Hagino
the right thing on certain set of interface addresses. SIOCGIFCONF is the worst possible ioctl API...
2001-08-13need to use IPV6_IPSEC_POLICY for IPv6 bypass policy setting. from theJun-ichiro itojun Hagino
country of humppa.
2001-08-12Don't coredump if the kernel doesn't support IPv6.Angelos D. Keromytis
2001-08-12#(endif|else) foo is incorrect, make it #endif /* foo */Heikki Korpela
deraadt@ ok
2001-08-11Add support for ICMP errors referring to ICMP queries/replies. FixesDaniel Hartmeier
'ICMP error message for bad proto' messages. Reported by Mark Grimes and Steve Rumble. Add debugging level with ioctl interface and pfctl switch. Default is 'None'.
2001-08-11Check socket >= 0. We should also be going through the list of clonedAngelos D. Keromytis
transports and invalidating (somehow) those whose socket should not be used.
2001-08-11When a message is received on the wildcard (default) transport,Angelos D. Keromytis
re-examine the interface list; new addresses are bound to, and sockets to deleted addresses are closed. This only occurs if the Listen-to directive in isakmpd.conf is *not* used.
2001-08-11\+\n support, and spit out cc-style error messages. the parser's lineTheo de Raadt
counting is lex dependent, and will need to be tweaked
2001-08-11Add TRANSPORT_MARK, for mark-and-sweep garbage collection of transportAngelos D. Keromytis
instances.
2001-08-11Fix keynote credential case again.Angelos D. Keromytis