| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2002-10-18 | correct prefixlen handling (-prefixlen 32 will make it a host route) | Jun-ichiro itojun Hagino | |
| 2002-10-17 | Make prefixlen check to make sure its argument is present before deref; ↵ | Jason Wright | |
| millert ok. | |||
| 2002-10-17 | sync usage(). | Brad Smith | |
| -- Ok'd by: deraadt@ | |||
| 2002-10-17 | These checks are also made in nat_consistent() and rdr_consistent(). | Ryan Thomas McBride | |
| ok dhartmei@ henning@ | |||
| 2002-10-17 | - accept all protocols that are specified by number if they are in | Camiel Dobbelaar | |
| the valid range (also when they're not listed in /etc/protocols) - explicitly disallow protocol number 0, because it has special meaning to pf ok dhartmei@ henning@ | |||
| 2002-10-17 | Style nits and missing free(), from david@phobia.ms | Daniel Hartmeier | |
| 2002-10-16 | Check parameters range. Alexander Yurchenko <grange@rt.mipt.ru> | Grigoriy Orlov | |
| costa@ ok. | |||
| 2002-10-16 | Fix and improve binat mask comparison. | Mike Pechkin | |
| dhartmei@, henning@ ok | |||
| 2002-10-15 | option, not options; hamajima@nagoya.ydc.co.jp | Theo de Raadt | |
| 2002-10-14 | Allow one to specify a netblock in a binat rule: | Henning Brauer | |
| binat on fxp0 from 192.168.0.32/27 to any -> 10.0.7.128/27 Both the network mask on the source and redirect addresses MUST be the same, and it works by essentially combining the network section of the redirect address with the host section of the source address. from ryan ok dhartmei@ | |||
| 2002-10-11 | Add a letoh16() since card ids in WI_CARD_IDS are not guaranteed | Todd C. Miller | |
| to be little endian. | |||
| 2002-10-11 | When a macro cannot be expanded because it is not defined, say so. Also warn | Camiel Dobbelaar | |
| about unused macros. ok dhartmei@ henning@ | |||
| 2002-10-11 | In lgetc(), compress strings of whitespace to a single space. This makes | Camiel Dobbelaar | |
| macros come out right in verbose mode and is less functional overhead. Also err on whitespace after a backslash. That type of error is hard to find otherwise. ok dhartmei@ henning@ | |||
| 2002-10-10 | Style nits. Use STDERR_FILENO, not just 2. Also use parens with | Todd C. Miller | |
| return; David Hill | |||
| 2002-10-10 | Make wi_get_id() table driven, similar to NetBSD and FreeBSD but | Todd C. Miller | |
| make the table itself a #define so we can reuse it in wicontrol. Also add a bunch of chip IDs from NetBSD/FreeBSD. mickey@ OK | |||
| 2002-10-08 | remove <0 checks on unsigned numbers. | Vincent Labrecque | |
| ok henning@ | |||
| 2002-10-07 | -Wsign-compare clean | Daniel Hartmeier | |
| 2002-10-07 | Two cases of const-correctness and make one global local. | Daniel Hartmeier | |
| 2002-10-07 | set block-policy [drop|return] | Henning Brauer | |
| drop is default, same behaviour as before support block drop to override a return policy | |||
| 2002-10-07 | support a generic return | Henning Brauer | |
| block return in|out ... acts like return-rst on tcp, like return-icmp on udp and like an ordinary block on anything else ok dhartmei@ | |||
| 2002-10-07 | make return-icmp work for rules covering both v4 and v6 | Henning Brauer | |
| -new field "return_icmp6" in pf_rule -parser accepts block return-icmp(ipv4-icmpcode, ipv6-icmpcode) ok and some input dhartmei@ | |||
| 2002-10-07 | use a new rule_flag PFRULE_RETURNICMP to decide wether to return-icmp or not | Henning Brauer | |
| instead of just testing return_icmp > 0 ok dhartmei@ | |||
| 2002-10-07 | Add 'reply-to' to filter rules, similar to route-to, but applying to | Daniel Hartmeier | |
| replies (packets that flow in the opposite direction of the packet that created state), used for symmetric routing enforcement. Document how route-to and reply-to work in context of stateful filtering. | |||
| 2002-10-06 | Move CHECK_ROOT into LOOP_THROUGH, gets rid of one macro and saves | Daniel Hartmeier | |
| several lines, no functional difference. From Camiel Dobbelaar. | |||
| 2002-10-05 | Expand {} lists from left to right, so 'pass in from { a, b } to any' | Daniel Hartmeier | |
| becomes '@0 pass in from a to any @1 pass in from b to any' instead of the other way around. Patch from Camiel Dobbelaar. | |||
| 2002-10-05 | Allow filtering based on IP header's tos field. | Daniel Hartmeier | |
| 2002-09-29 | much prettier; wgriffin@jtan.com | Theo de Raadt | |
| 2002-09-22 | little KNF: return(something) -> return (something) | Henning Brauer | |
| 2002-09-22 | fix linenumber counting in findeol, and simplify by ignoring the \ case, | Henning Brauer | |
| that's already handled earlier. fast-forward on errnous lines partitially from camield@, parts result of a discussion with Mike ok frantzen@ dhartmei@ | |||
| 2002-09-22 | antispoof, take 2. | Henning Brauer | |
| also block incoming packets with our own IP as src. discussion & help frantzen ok ho@ dhartmei@ frantzen@ | |||
| 2002-09-18 | fix Xr refs; frisco@blackant.net | Theo de Raadt | |
| 2002-09-17 | easier "self" implementation. | Henning Brauer | |
| no functional changes ok pb@ | |||
| 2002-09-15 | set a netmask in the dynaddr case | Henning Brauer | |
| noticed by <han@mijncomputer.nl> ok pb@ | |||
| 2002-09-14 | oooooooopsie | Henning Brauer | |
| 2002-09-14 | bit more clue in rdr/nat rules wrt address family examination | Henning Brauer | |
| don't take the af from host_node structs based on interface lookups, most interfaces will have both IPv4 and IPv6 addresses. Most rdr/nat rules will at least have one IP address specified from whoch we take the af for the whole rule. The rare exceptional cases require the user to specify the af. ok frantzen@ | |||
| 2002-09-14 | Document -R default (10000); ok deraadt | Peter Valchev | |
| 2002-09-12 | check for calloc() failure; ho@ | Henning Brauer | |
| 2002-09-12 | antispoof [log] [quick] for [interface|interface_list] [af] | Henning Brauer | |
| e. g. antispoof log quick for { dc0, dc1 } inet docs & regress coming ok pb@, frantzen@, deraadt@ also looked over kjell@, markus@, itojun@, dhartmei@ IPv6 help itojun@ finally, a long story finds its happy end here. | |||
| 2002-09-12 | rework netmask handling: | Henning Brauer | |
| -don't set netmask in host token handler -clear netmask in ipmask() proper before setting it -in ifa_load(), also store interface's netmask and broadcast address -allow ifa_lookup() to return either the interface's IP address(es), network(s) or broadcast address(es) - not used anywhere yet. This implies that ifa_lookup() also returns the netmask now. -host() returns netmasks, too ok pb@, frantzen@, deraadt@ also looked over kjell@, markus@, itojun@, dhartmei@ | |||
| 2002-09-11 | signed vs unsigned from -pedantic. | Hakan Olsson | |
| 2002-09-11 | signed vs unsigned, some void * arithmetic, from -pedantic. niklas@ ok. | Hakan Olsson | |
| 2002-09-10 | socklen_t; cloder | Theo de Raadt | |
| 2002-09-08 | ansi pedantic. sync w/kame | Jun-ichiro itojun Hagino | |
| 2002-09-08 | be more clueful wrt address family in nat/rdr rules. | Henning Brauer | |
| behaviour noticed by Paul de Weerd, thanks! ok dhartmei@ | |||
| 2002-09-08 | Fix -pedantic errors. | Hakan Olsson | |
| 2002-09-06 | remove Xr to photuris | Theo de Raadt | |
| 2002-09-06 | socklen_t and various other minor tweaks | Theo de Raadt | |
| 2002-09-06 | socklen_t | Theo de Raadt | |
| 2002-09-06 | support long names; henning ok | Theo de Raadt | |
| 2002-09-06 | assume that noone uses photurisd anymore. | Theo de Raadt | |
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |