Age | Commit message (Collapse) | Author | |
---|---|---|---|
2005-06-01 | Fix memory leak. OK hshoexer | Chad Loder | |
2005-06-01 | Fix memory leaks. OK hshoexer | Chad Loder | |
2005-06-01 | This file is outdated, everything needed for setting up PKI is in the man pages | Hans-Joerg Hoexer | |
now. noticed by david@ ok ho markus | |||
2005-06-01 | snprintf returns an int, not a size_t. OK deraadt@ | Chad Loder | |
2005-05-31 | grammar; | Jason McIntyre | |
2005-05-31 | tidy up the trunk stuff; | Jason McIntyre | |
2005-05-31 | fix a typo, touch-pannel -> touch-panel | Brad Smith | |
From: Chris Kuethe via PR 4232 | |||
2005-05-31 | certpatch is gone, noticed by david@ | Hans-Joerg Hoexer | |
2005-05-29 | robustness against malformed snames. | marius eriksen | |
ok henning@ | |||
2005-05-28 | ooops | Hans-Joerg Hoexer | |
2005-05-28 | Remove current state code, it's bogus. We'll redo this. | Hans-Joerg Hoexer | |
suggested by and ok moritz | |||
2005-05-28 | do sanity checking on directoy entries. ok hshoexer@ | Moritz Jodeit | |
2005-05-28 | Cleanup sample configurations a bit; more AES, less MD5, remove fields we | Hakan Olsson | |
no longer require etc. Also add a 9-line "default" config sample. | |||
2005-05-28 | introduce new readdir implementation for the monitor. | Moritz Jodeit | |
testing and ok hshoexer@ | |||
2005-05-28 | make path checking in the monitor a lot easier. ok hshoexer@ | Moritz Jodeit | |
2005-05-28 | don't print the "[ Inserted: uid pid ]" line when -g is used, so the | Daniel Hartmeier | |
regress tests don't have to deal with it (and it's a useless thing to check from there). | |||
2005-05-27 | Use rtm_fmask instead of rtm_use | Ryan Thomas McBride | |
ok marius@ claudio@ | |||
2005-05-27 | Hide Hostid and Checksum in pfctl -si output unless the -v flag is used. | Ryan Thomas McBride | |
Prodded by henning@ | |||
2005-05-27 | Calculate an MD5 checksum over the main pf ruleset. | Marco Pfatschbacher | |
This is the basis for further pfsync improvements, to ensure that pf rules are in sync with the master. "get it in" mcbride@ | |||
2005-05-27 | Make monitor.c use unsigned lengths in messages. Makes this compile | Chad Loder | |
with -Wsign-compare. OK and a little testing by hshoexer, OK moritz Now it's anil's turn to do some of this somewhere else | |||
2005-05-27 | filtering on ruleset name is already implemented, document it. | Daniel Hartmeier | |
2005-05-27 | show flow type (require, use, etc.) | Hans-Joerg Hoexer | |
2005-05-27 | Additional paranoia. OK hshoexer | Chad Loder | |
2005-05-27 | Use SADB_SATYPE_* instead of IPPROTO_* | Hans-Joerg Hoexer | |
2005-05-27 | get rid of 'log-all'. now that we have 'log (options)', make 'all' an | Daniel Hartmeier | |
option to log. so, 'log-all' becomes 'log (all)'. | |||
2005-05-27 | get rid of shift/reduce conflicts, don't support empty logopts | Daniel Hartmeier | |
2005-05-27 | log two pairs of uid/pid through pflog: the uid/pid of the process that | Daniel Hartmeier | |
inserted the rule which causes the logging. secondly, the uid/pid of the process in case the logged packet is delivered to/from a local socket. a lookup of the local socket can be forced for logged packets with a new option, 'log (user)'. make tcpdump print the additional information when -e and -v is used. note: this changes the pflog header struct, rebuild all dependancies. ok bob@, henning@. | |||
2005-05-27 | When looping over pfkey messages, make sure extension length is > 0. | Hans-Joerg Hoexer | |
While around, do some minor tweaks in a not yet used code path. | |||
2005-05-27 | use new sysctl to retrieve flow informations including IDs | Hans-Joerg Hoexer | |
2005-05-27 | o only pass signals from monitor to slave when pid is valid | Moritz Jodeit | |
o remove some unused monitor command with and ok hshoexer | |||
2005-05-27 | move m_state.s directly into must_{read,write} instead of passing | Moritz Jodeit | |
it every time as an argument. ok cloder@ hshoexer@ | |||
2005-05-27 | remove unused table | Hans-Joerg Hoexer | |
2005-05-27 | Support for dumping the SADB. | Hans-Joerg Hoexer | |
2005-05-27 | Experimental support for opportunitic use of jumbograms where only some hosts | Ryan Thomas McBride | |
on the local network support them. This adds a new socket option, SO_JUMBO, and a new route flag, RTF_JUMBO. If _both_ the socket option is set and the route for the host has RTF_JUMBO set, ip_output will fragment the packet to the largest possible size for the link, ignoring the card's MTU. The semantics of this feature will be evolving rapidly; talk to us if you intend to use it. ok deraadt@ marius@ | |||
2005-05-27 | guarantee nul-termination in the monitor, we must. ok cloder@ hshoexer@ | Moritz Jodeit | |
2005-05-27 | allow 'tagged' in 'anchor' rules (without complaining about missing | Daniel Hartmeier | |
'keep state'), as a condition to branch into the anchor. suggested by Bill Marquette. | |||
2005-05-26 | simplify read/write between child and monitor | Hans-Joerg Hoexer | |
help and ok cloder moritz | |||
2005-05-26 | Add ARGSUSED for lint, one comment for me | Hans-Joerg Hoexer | |
2005-05-26 | The illegalness of "no nat log" is already enforced by the grammar. | Camiel Dobbelaar | |
ok dhartmei | |||
2005-05-26 | remove traces from union et al; pedro@ ok. | Federico G. Schwindt | |
2005-05-26 | use PF_LOG, PF_LOGALL instead of numeric constants | Daniel Hartmeier | |
2005-05-26 | support 'log' and 'log-all' in 'nat/rdr/binat pass' rules. original patch | Daniel Hartmeier | |
from camield@. use #defines PF_LOG, PF_LOGALL instead of magic constants. ok frantzen@, camield@ | |||
2005-05-26 | Use TAILQ_FOREACH where possible, remove payload_last() | Hans-Joerg Hoexer | |
ok markus | |||
2005-05-26 | add log_errorx() which doesn't print the errno value. ok hshoexer@ | Moritz Jodeit | |
2005-05-26 | introduce ISAKMP_PAYLOAD_MAX | Hans-Joerg Hoexer | |
2005-05-26 | get rid of payload mapping | Hans-Joerg Hoexer | |
ok markus ho cloder | |||
2005-05-26 | remove hiding of interface family groups | Henning Brauer | |
2005-05-26 | Handle strdup returning NULL. OK hshoexer | Chad Loder | |
2005-05-26 | switch the max_src_{states,conn,conn_rate} from superblock breaks to superblock | Mike Frantzen | |
optimization barriers to prevent table merging or rule re-ordering ok dhartmei@ | |||
2005-05-26 | disallow interface group names that end in a digit to differentiate them from | Mike Frantzen | |
true interfaces ok henning@ |