src - OpenBSD base system

Age	Commit message (Collapse)	Author
2004-01-11	Trivial changes to pass through -Wall	Alexander Yurchenko
	ok millert@
2004-01-11	-DANCACHE belongs to CPPFLAGS, not CFLAGS.	Alexander Yurchenko
	ok millert@
2004-01-11	remove the temporary -O flag..	Theo de Raadt

2004-01-11	Print output as "var=value" instead of "var = value". Also, any assignment	Theo de Raadt
	implies -w. I have despised the existing behaviour for years. ok from henning, millert, grange
2004-01-09	call nc correctly (nc has changed a while ago).	Hans-Joerg Hoexer
	ok markus@
2004-01-09	route -q is supposed to be totally quiet	Theo de Raadt

2004-01-09	Tell the user to run ps if they try to view things under KERN_PROC2	Todd C. Miller
	(same handling as KERN_PROC).
2004-01-08	add dirhash sysctls	Ted Unangst

2004-01-07	document syn cache sysctl; ok deraadt, jmc, itojun	Markus Friedl

2004-01-07	Better diagnostic message if we can't open the external MBR file	Tom Cosgrove
	ok weingart@, tedu@
2004-01-07	Sync fdisk's internal master boot record with the recent changes	Tom Cosgrove
	to /usr/mdec/mbr. (This code is only used if /usr/mdec/mbr cannot be found.) ok toby@, tedu@
2004-01-06	small typos fixed.	Hans-Joerg Hoexer
	ok markus@
2004-01-06	Remove redundant test for file types. Noted by Stefan Paletta.	Hans-Joerg Hoexer
	While around, fix typos in log messages. Both ok markus@
2004-01-05	few off by ones in strlcpy overflow check; Patrick Latifi	Henning Brauer

2004-01-05	0K == -273.15C and sync computation with drivers; ok grange	Markus Friedl

2004-01-05	include path fixes for gcc3.	Marc Espie
	tests otto@, okay millert@
2004-01-04	don't ignore "!" on "binat on !foo". ok mcbride@	Cedric Berger

2004-01-03	Be more careful with INITIAL-CONTACT and do not delete SPIs when getting	Hakan Olsson
	an INVALID-SPI notification. Issues noted by Thomas Walpuski. markus@ ok.
2004-01-02	factor out dump.c from rtsol by -DSMALL	Jun-ichiro itojun Hagino

2004-01-02	unifdef for readability. req'ed by deraadt	Jun-ichiro itojun Hagino

2004-01-02	fix mount_mfs example: -N is only an option for newfs not mount_mfs	David Krause
	also use a real device name like sd0b ok millert@ jmc@
2004-01-01	use warnx for ENXIO devices, so that it says "Device not configured". For	Theo de Raadt
	other errors, continue too use the "is not a bridge" mantra.
2003-12-31	spacing. note this, cedric	Theo de Raadt

2003-12-31	Many improvements to the handling of interfaces in PF.	Cedric Berger
	1) PF should do the right thing when unplugging/replugging or cloning/ destroying NICs. 2) Rules can be loaded in the kernel for not-yet-existing devices (USB, PCMCIA, Cardbus). For example, it is valid to write: "pass in on kue0" before kue USB is plugged in. 3) It is possible to write rules that apply to group of interfaces (drivers), like "pass in on ppp all" 4) There is a new ":peer" modifier that completes the ":broadcast" and ":network" modifiers. 5) There is a new ":0" modifier that will filter out interface aliases. Can also be applied to DNS names to restore original PF behaviour. 6) The dynamic interface syntax (foo) has been vastly improved, and now support multiple addresses, v4 and v6 addresses, and all userland modifiers, like "pass in from (fxp0:network)" 7) Scrub rules now support the !if syntax. 8) States can be bound to the specific interface that created them or to a group of interfaces for example: - pass all keep state (if-bound) - pass all keep state (group-bound) - pass all keep state (floating) 9) The default value when only keep state is given can be selected by using the "set state-policy" statement. 10) "pfctl -ss" will now print the interface scope of the state. This diff change the pf_state structure slighltly, so you should recompile your userland tools (pfctl, authpf, pflogd, tcpdump...) Tested on i386, sparc, sparc64 by Ryan Tested on macppc, sparc64 by Daniel ok deraadt@ mcbride@
2003-12-30	fix TAILQ abuse.	Henning Brauer
	TAILQ_REMOVE is a no-no within a TAILQ_FOREACH loop. also free the symbol itself after removal. all found while hacking bgpd which incorporates pfctl's sym code (macros). ok cedric@
2003-12-30	s/inadvertantly/inadvertently;	Jason McIntyre

2003-12-29	Add support for % and & units to indicate percent of total space and	Todd C. Miller
	percent of available space respectively. From Sebastian Horzela.
2003-12-28	zap bizarre log() prototype.	Marc Espie
	Doesn't even change the resulting binary (thank Ian Darwin for that idea)
2003-12-27	Remove extra \n from pf_print_state().	Ryan Thomas McBride
	ok deraadt@ cedric@
2003-12-23	automagically create pseudo-network interfaces; ok deraadt@	Markus Friedl

2003-12-22	use AES_BLOCK_SIZE only for USE_AES; report martti.kuparinen@iki.fi; ok ho@	Markus Friedl

2003-12-20	make disklabel docs more readable: more logical SYNOPSIS; sort options;	Jason McIntyre
	make internal editor help and usage() match the docs; make sure all the forms described in SYNOPSIS are explained; various other tweaks. input from millert@; ok deraadt;
2003-12-19	i wrote much of these, assert my copyright	Henning Brauer

2003-12-19	document hw.{cpuspeed,setperf} sysctls;	Jason McIntyre
	tweak and ok tedu@
2003-12-19	assert copyright. i rewrite much of this	Theo de Raadt

2003-12-18	Mention the exchange name when giving up on a message. Suggested by	Hakan Olsson
	Michael Coulter.
2003-12-17	cosmetics, ok mcbride@	Daniel Hartmeier

2003-12-17	Add support for -DSMALL that doesn't need -lkvm (no -g option)	Todd C. Miller

2003-12-16	quotes, spaces and bars do not need to be escaped within displays;	Jason McIntyre
	.Nm does not need an argument; dashes should be escaped;
2003-12-16	- s/recieve/receive	Jason McIntyre
	- kill whitespace at EOL
2003-12-16	Document new pfsync options (syncif, -syncif and maxupd).	Ryan Thomas McBride
	ok deraadt@
2003-12-16	Check that max-src-states and max-src-nodes are not being set to 0.	Ryan Thomas McBride

2003-12-16	hostid is stored in network byte order, print in host byte order.	Ryan Thomas McBride

2003-12-15	Support for groups modp2048, modp3072, modp4096, modp6144 and modp8192 (IDs 14	Hans-Joerg Hoexer
	to 18). ok ho@
2003-12-15	KNF here too	Henning Brauer

2003-12-15	Whitespace.	Ryan Thomas McBride

2003-12-15	Add initial support for pf state synchronization over the network.	Ryan Thomas McBride
	Implemented as an in-kernel multicast IP protocol. Turn it on like this: # ifconfig pfsync0 up syncif fxp0 There is not yet any authentication on this protocol, so the syncif must be on a trusted network. ie, a crossover cable between the two firewalls. NOTABLE CHANGES: - A new index based on a unique (creatorid, stateid) tuple has been added to the state tree. - Updates now appear on the pfsync(4) interface; multiple updates may be compressed into a single update. - Applications which use bpf on pfsync(4) will need modification; packets on pfsync no longer contains regular pf_state structs, but pfsync_state structs which contain no pointers. Much more to come. ok deraadt@
2003-12-15	Add support to track stateful connections by source ip. This allows us	Ryan Thomas McBride
	to: - Ensure that clients get a consistent IP mapping with load-balanced translation/routing rules - Limit the number of simultaneous connections a client can make - Limit the number of clients which can connect through a rule ok dhartmei@ deraadt@
2003-12-14	Log the actual port for src and dst, don't assume it's always 500.	Hakan Olsson

2003-12-14	Make isakmpd work on big endian linux machines. From Sebastian Klemke.	Hakan Olsson
	Also, a few style nits and a better error message text.