summaryrefslogtreecommitdiff
path: root/sbin
AgeCommit message (Collapse)Author
2005-06-01Fix memory leak. OK hshoexerChad Loder
2005-06-01Fix memory leaks. OK hshoexerChad Loder
2005-06-01This file is outdated, everything needed for setting up PKI is in the man pagesHans-Joerg Hoexer
now. noticed by david@ ok ho markus
2005-06-01snprintf returns an int, not a size_t. OK deraadt@Chad Loder
2005-05-31grammar;Jason McIntyre
2005-05-31tidy up the trunk stuff;Jason McIntyre
2005-05-31fix a typo, touch-pannel -> touch-panelBrad Smith
From: Chris Kuethe via PR 4232
2005-05-31certpatch is gone, noticed by david@Hans-Joerg Hoexer
2005-05-29robustness against malformed snames.marius eriksen
ok henning@
2005-05-28ooopsHans-Joerg Hoexer
2005-05-28Remove current state code, it's bogus. We'll redo this.Hans-Joerg Hoexer
suggested by and ok moritz
2005-05-28do sanity checking on directoy entries. ok hshoexer@Moritz Jodeit
2005-05-28Cleanup sample configurations a bit; more AES, less MD5, remove fields weHakan Olsson
no longer require etc. Also add a 9-line "default" config sample.
2005-05-28introduce new readdir implementation for the monitor.Moritz Jodeit
testing and ok hshoexer@
2005-05-28make path checking in the monitor a lot easier. ok hshoexer@Moritz Jodeit
2005-05-28don't print the "[ Inserted: uid pid ]" line when -g is used, so theDaniel Hartmeier
regress tests don't have to deal with it (and it's a useless thing to check from there).
2005-05-27Use rtm_fmask instead of rtm_useRyan Thomas McBride
ok marius@ claudio@
2005-05-27Hide Hostid and Checksum in pfctl -si output unless the -v flag is used.Ryan Thomas McBride
Prodded by henning@
2005-05-27Calculate an MD5 checksum over the main pf ruleset.Marco Pfatschbacher
This is the basis for further pfsync improvements, to ensure that pf rules are in sync with the master. "get it in" mcbride@
2005-05-27Make monitor.c use unsigned lengths in messages. Makes this compileChad Loder
with -Wsign-compare. OK and a little testing by hshoexer, OK moritz Now it's anil's turn to do some of this somewhere else
2005-05-27filtering on ruleset name is already implemented, document it.Daniel Hartmeier
2005-05-27show flow type (require, use, etc.)Hans-Joerg Hoexer
2005-05-27Additional paranoia. OK hshoexerChad Loder
2005-05-27Use SADB_SATYPE_* instead of IPPROTO_*Hans-Joerg Hoexer
2005-05-27get rid of 'log-all'. now that we have 'log (options)', make 'all' anDaniel Hartmeier
option to log. so, 'log-all' becomes 'log (all)'.
2005-05-27get rid of shift/reduce conflicts, don't support empty logoptsDaniel Hartmeier
2005-05-27log two pairs of uid/pid through pflog: the uid/pid of the process thatDaniel Hartmeier
inserted the rule which causes the logging. secondly, the uid/pid of the process in case the logged packet is delivered to/from a local socket. a lookup of the local socket can be forced for logged packets with a new option, 'log (user)'. make tcpdump print the additional information when -e and -v is used. note: this changes the pflog header struct, rebuild all dependancies. ok bob@, henning@.
2005-05-27When looping over pfkey messages, make sure extension length is > 0.Hans-Joerg Hoexer
While around, do some minor tweaks in a not yet used code path.
2005-05-27use new sysctl to retrieve flow informations including IDsHans-Joerg Hoexer
2005-05-27o only pass signals from monitor to slave when pid is validMoritz Jodeit
o remove some unused monitor command with and ok hshoexer
2005-05-27move m_state.s directly into must_{read,write} instead of passingMoritz Jodeit
it every time as an argument. ok cloder@ hshoexer@
2005-05-27remove unused tableHans-Joerg Hoexer
2005-05-27Support for dumping the SADB.Hans-Joerg Hoexer
2005-05-27Experimental support for opportunitic use of jumbograms where only some hostsRyan Thomas McBride
on the local network support them. This adds a new socket option, SO_JUMBO, and a new route flag, RTF_JUMBO. If _both_ the socket option is set and the route for the host has RTF_JUMBO set, ip_output will fragment the packet to the largest possible size for the link, ignoring the card's MTU. The semantics of this feature will be evolving rapidly; talk to us if you intend to use it. ok deraadt@ marius@
2005-05-27guarantee nul-termination in the monitor, we must. ok cloder@ hshoexer@Moritz Jodeit
2005-05-27allow 'tagged' in 'anchor' rules (without complaining about missingDaniel Hartmeier
'keep state'), as a condition to branch into the anchor. suggested by Bill Marquette.
2005-05-26simplify read/write between child and monitorHans-Joerg Hoexer
help and ok cloder moritz
2005-05-26Add ARGSUSED for lint, one comment for meHans-Joerg Hoexer
2005-05-26The illegalness of "no nat log" is already enforced by the grammar.Camiel Dobbelaar
ok dhartmei
2005-05-26remove traces from union et al; pedro@ ok.Federico G. Schwindt
2005-05-26use PF_LOG, PF_LOGALL instead of numeric constantsDaniel Hartmeier
2005-05-26support 'log' and 'log-all' in 'nat/rdr/binat pass' rules. original patchDaniel Hartmeier
from camield@. use #defines PF_LOG, PF_LOGALL instead of magic constants. ok frantzen@, camield@
2005-05-26Use TAILQ_FOREACH where possible, remove payload_last()Hans-Joerg Hoexer
ok markus
2005-05-26add log_errorx() which doesn't print the errno value. ok hshoexer@Moritz Jodeit
2005-05-26introduce ISAKMP_PAYLOAD_MAXHans-Joerg Hoexer
2005-05-26get rid of payload mappingHans-Joerg Hoexer
ok markus ho cloder
2005-05-26remove hiding of interface family groupsHenning Brauer
2005-05-26Handle strdup returning NULL. OK hshoexerChad Loder
2005-05-26switch the max_src_{states,conn,conn_rate} from superblock breaks to superblockMike Frantzen
optimization barriers to prevent table merging or rule re-ordering ok dhartmei@
2005-05-26disallow interface group names that end in a digit to differentiate them fromMike Frantzen
true interfaces ok henning@