Age | Commit message (Collapse) | Author | |
---|---|---|---|
2004-12-11 | A compare function for heapsort(3) should not just subtract two | Otto Moerbeek | |
offsets, it does not work if the difference is large. Problem found by Jean-Gerard Pailloncyi who had false warnings of overlapping partitions. ok millert@ tedu@ | |||
2004-12-10 | allow pf to filter on route labels | Henning Brauer | |
pass in from route dtag keep state queue reallyslow tested by Gabriel Kihlman <gk@stacken.kth.se> and Michael Knudsen <e@molioner.dk> and ryan ok ryan | |||
2004-12-10 | check msg->isakmp_sa != NULL before the transport gets updated; ok hshoexer | Markus Friedl | |
2004-12-08 | 1. allow up to DPD_RETRANS_MAX retransmitted R_U_THERE messages. | Markus Friedl | |
2. reset dpd_failcount when switching to DPD_TIMER_NORMAL. 3. ignore DPD timeouts on SAs that are marked SA_FLAG_REPLACED. ok hshoexer, ho | |||
2004-12-08 | NAT/T: replace the isakmpd SA transport with the transport from the | Markus Friedl | |
message (only during phase 1). this avoids DPD messages to the 'wrong' port. ok hshoexer | |||
2004-12-08 | Add "'overload' requires 'max-src-conn' or 'max-src-conn-rate'" sanity check, | Ryan Thomas McBride | |
fix some cut-n-paste mayhem in other related checks. | |||
2004-12-07 | space between macro arg and punctuation; | Jason McIntyre | |
2004-12-07 | Document 'carpdev' | Ryan Thomas McBride | |
2004-12-07 | Add the 'carpdev' option, to set the carp devices physical interface. | Ryan Thomas McBride | |
If not specified, the kernel will attempt to select the correct interface by the subnet (this is the current behaviour). ok deraadt@ henning@ | |||
2004-12-07 | KNF | Ryan Thomas McBride | |
2004-12-07 | re-commit mcbride@'s 'flush global', this time without the breakage in | Daniel Hartmeier | |
pfvar.h. builds kernel and userland. | |||
2004-12-07 | note that -a is the default if no params given; | Jason McIntyre | |
`interface' is now optional; | |||
2004-12-07 | real backout | Theo de Raadt | |
2004-12-07 | oops, incomplete backout | Theo de Raadt | |
2004-12-07 | tree does not compile, spotted by dlg (not obvious how to fix) | Theo de Raadt | |
---- Change the default for 'overload <table> flush' to flush only states from the offending source created by the rule. 'flush global' flushes all states originating from the offending source. ABI change, requires kernel and pfctl to be in sync. ok deraadt@ henning@ dhartmei@ | |||
2004-12-07 | Change the default for 'overload <table> flush' to flush only states from the | Ryan Thomas McBride | |
offending source created by the rule. 'flush global' flushes all states originating from the offending source. ABI change, requires kernel and pfctl to be in sync. ok deraadt@ henning@ dhartmei@ | |||
2004-12-07 | default to interface printing, instead of help message. any illegal - | Theo de Raadt | |
option goes to usage. initial work by ian, changed by me, ok mcbride | |||
2004-12-06 | RFC2409 mandates min and max nonce lengths. hshoexer@ ok. | Hakan Olsson | |
2004-12-05 | extend window of "ignoring route messages on the socket" for 10 seconds | Theo de Raadt | |
instead of 3. | |||
2004-12-05 | initialize $$->tail and $$->next for MAXSRCCONNRATE | Daniel Hartmeier | |
2004-12-04 | Userland support for limiting open tcp connections per source. eg: | Ryan Thomas McBride | |
keep state (max-src-conn 1000, max-src-conn-rate 100/10, overflow <bad> flush) allow a maximum of 1000 open connections or 100 new connections in 10 seconds. The addresses of offenders are added to the <bad> table which can be used in the ruleset, and existing states from that host are flushed. ok deraadt@ dhartmei@ | |||
2004-12-02 | Default to A/UX partition type for OpenBSD newly created partitions on mac68k. | Miod Vallat | |
ok drahn@ | |||
2004-12-01 | not all interfaces support mtu setting; | Jason McIntyre | |
ok tdeval@ miod@ nick@ | |||
2004-12-01 | add pppoe stuff to usage(); | Jason McIntyre | |
ok jaredy@ | |||
2004-12-01 | - sort options | Jason McIntyre | |
- tweak pppoe stuff - add pppoe to `create' list ok canacar@ jaredy@ | |||
2004-11-29 | Spell precede correctly. | Jonathan Gray | |
'looks fine' millert@, krw@. ok jmc@ | |||
2004-11-28 | In kernel pppoe client, a simple IPv4 only implementation. | Can Erkin Acar | |
Initial porting from NetBSD by David Berghoff. Modified/simplified to match our sppp implementation. ok deraadt@ | |||
2004-11-28 | 1 inode per 8192 bytes now | Ted Unangst | |
2004-11-26 | implement net.key.v2.sadb_dump.{unspec,esp,ah,...} sysctl subtree | Markus Friedl | |
and use sysctl for 'ipsecadm show'; ok deraadt | |||
2004-11-25 | off by one in err() | Markus Friedl | |
2004-11-25 | Ignore 0.0.0.0 in RTM_NEWADDR messages as these messages are generated by | Claudio Jeker | |
dhclient. This fixes the dhclient exiting problem reported by Steve Shockley. This is a fast fix for the problem acctually the dhclient-script needs to be replaced. OK henning@ deraadt@ | |||
2004-11-24 | replace old net/if_ieee80211.h header with the net80211 ones, userland part. | Federico G. Schwindt | |
millert@ mcbride@ jsg@ | |||
2004-11-24 | typo in previous | Ian Darwin | |
2004-11-24 | kernfs caveats, ok deraadt@ | Ian Darwin | |
2004-11-23 | tweaks; | Jason McIntyre | |
ok damien@ | |||
2004-11-22 | use the filesystem based firmware loader; ok deraadt@ | Damien Bergamini | |
2004-11-21 | tweaks; | Jason McIntyre | |
ok damien@ | |||
2004-11-19 | repair display.focus pokus; from janjaap@ in pr#3990 | Michael Shalayeff | |
2004-11-18 | use the filesystem based firmware loader; deraadt ok | Damien Bergamini | |
2004-11-18 | use hash and not hmac to calculate NAT-D payloads. Also add NAT-D payload for | Hans-Joerg Hoexer | |
the destination address first. Remove support for obsolete V1 NAT-T. This fixes interoperability problems with non-openbsd isakmpd implementations. "looks good" ho@, ok markus@ for hash/hmac testing by various people (thanks!) | |||
2004-11-17 | remove NI_WITHSCOPEID (which is not standard) | Jun-ichiro itojun Hagino | |
2004-11-13 | Let mount -a mount mfs systems shadowing a disk partition, if disklabel reports | Miod Vallat | |
the partition type as ffs. Makes people's life easier on platforms where disklabel does not record partition types and hardcodes values for them, such as sparc and sparc64. ok otto@ | |||
2004-11-10 | Use ${STATIC} rather than -static (dont hardcode). ok miod@ | Dale Rahn | |
2004-11-10 | 0xBF is new Solaris ID; lclee@west.sun.com | Theo de Raadt | |
2004-11-09 | do not assume entries in pf_timeouts[] are ordererd like PFTM_* in pfvar.h | Daniel Hartmeier | |
reported by Alexey E. Suslikov, ok henning@ | |||
2004-11-08 | rename char array realpath to pathreal to avoid naming conflict with | Hans-Joerg Hoexer | |
realpath(3); makes lint a bit happier ok ho@ | |||
2004-11-08 | more monitor cleanup: | Hans-Joerg Hoexer | |
remove dead code, some debug messages, prototype monitor_close() to void. ok ho@ | |||
2004-11-08 | no const for sysdep_sa_len (not yet), slipped in during previous commit... | Hans-Joerg Hoexer | |
2004-11-08 | monitor cleanup: honor const, added missing inlcude, missing typecast (makes | Hans-Joerg Hoexer | |
lint happy) ok ho@ | |||
2004-11-08 | make lint happy and honor const. | Hans-Joerg Hoexer | |
ok ho@ |