src - OpenBSD base system

Age	Commit message (Collapse)	Author
2003-05-14	Add the -q flag to suppress all output when setting a variable	Jean-Francois Brousseau
	with -w ok jsyn@, millert@
2003-05-14	print the redirection target for nat/rdr/binat slighly later.	Henning Brauer
	no functional difference (yet)
2003-05-13	make sure tagging is only ever used with stateful filter rules	Henning Brauer

2003-05-13	correct rule printing	Henning Brauer

2003-05-13	userland part for tagging.	Henning Brauer
	it's now possible to tag packets with an arbitary tag and filter based on that tag later on other interfaces: pass in quick on fxp0 keep state tag blah pass out quick on wi0 keep state with tag blah can be used to express trust between interfaces, to distinguish between NATed connections and connection originating from teh firewall itself and much more ok dhartmei@ frantzen@ pb@ mcbride@
2003-05-12	update for mount args change	Ted Unangst

2003-05-12	update for mount args changes	Ted Unangst

2003-05-12	Update with some data for NAT-T specific payload types, IKEv2	Hakan Olsson
	notifications, ISAKMP EAP code and types, plus fix an old typo.
2003-05-12	AES -> AES_128_CBC	Hakan Olsson

2003-05-12	Add two more encapsulation types (UDP encap, potential future NAT-T)	Hakan Olsson
	Add BLOCK_SIZE attribute Rename IPSEC_ESP_AES -> IPSEC_ESP_AES_128_CBC.
2003-05-12	Adaptive timeout value scaling. Allows to reduce timeout values as the	Daniel Hartmeier
	number of state table entries grows, so entries time out faster before the table fills up. Works both globally and per-rule. ok frantzen@
2003-05-11	Slight style fix for .cst files. Permit comments also after a definition.	Hakan Olsson

2003-05-11	fix ID-type for ipv6; ok niklas; report fries	Markus Friedl

2003-05-11	Don't ntohs() the translation port for nat as it is already in host byte order.	Ryan Thomas McBride
	Makes nat ... -> $ext_if port 500 rules work correctly again. ok henning@ dhartemi@ frantzen@
2003-05-10	typos;	Jason McIntyre

2003-05-10	typo;	Jason McIntyre

2003-05-10	- setup -> set up	Jason McIntyre
	- .Xr to itself -> .Nm
2003-05-10	document that kernel automatically handles first swap partition	Jason McIntyre
	("swap_device" in swapctl -l) and does not need to be added to /etc/fstab. krw@, fries@, rohee@, millert@, henning@ ok.
2003-05-10	support loading of anchors from within the main ruleset via	Henning Brauer
	load anchor anchorname:rulesetname file /path/to/file ok pb@ dhartmei@ cedric@
2003-05-09	No longer need -lcompat	Todd C. Miller

2003-05-08	Close sockets (otherwise the file handle limit can be reached when many	Daniel Hartmeier
	queues are defined). Reported by Fernando Braga. ok henning@
2003-05-07	typo.	Jason McIntyre

2003-05-06	KNF while I'm here	Henning Brauer

2003-05-06	for hw.sensors, print stuff in a human friendly way - temperatures in	Henning Brauer
	degC and degF, fan speed in RPM, and voltages in (surprise) V. theo, millert, grange agree
2003-05-06	remove FSIRAND define and make it non-optional. ok millert@	Ted Unangst

2003-05-06	after switch to mmap, we need to zero other malloc'd data. use calloc.	Ted Unangst

2003-05-05	Describe format of pfctl -sl output, reported by Alejandro G. Belluscio.	Daniel Hartmeier

2003-05-03	these files all had >9 arguments to .Nd, causing the name description to be	Jason McIntyre
	truncated. i wrapped them in double quotes to preserve the line. grep inspired by an -mdoc lesson from millert@
2003-05-03	The 'memleft' calcuations assume that the data address starts at	Todd C. Miller
	0, which is no longer the case. So instead of the hokey private malloc() implementation, just use mmap. From diffs I ran on anoncvs.usa 4 years ago.
2003-05-03	don't free() the char * carrying the rule label too early	Henning Brauer
	noticed by Mathieu Sauve-Frankel <m.sauve at secureops.net> via silc
2003-05-01	ease label handling	Henning Brauer
	ok cedric@
2003-05-01	allow label on antispoof; requested by Gregor Binder <gbinder at sysfive.com>	Henning Brauer
	ok cedric@
2003-04-30	only compare suberblock fields that are interesting, instead of trying to	Ted Unangst
	ignore the noninteresting ones. will allow future changes to work with an older fsck. similar to changes in NetBSD and FreeBSD. ok krw@
2003-04-30	cast size_t to unsigned long and use %lu;ok ho	Jason Wright

2003-04-30	kill globals anchorname and rulesetname; have them in main instead and pass	Henning Brauer
	to the functions that need them. makes the code easier and cleaner in some places and will be needed for other things to come soon ok cedric@
2003-04-30	Allow tables to be loaded into anchors.	Cedric Berger
	Most pfctl table commands (excluding 'show' and 'flush') support the "-a" modifier. ok dhartmei@
2003-04-30	a on or off thing -> an on or off thing;	Jason McIntyre

2003-04-29	Fix parsing of noac option; noticed and OK by henning@	Todd C. Miller

2003-04-27	Update the pfioc_table IOCTL structure.	Cedric Berger
	Prepare for anchors, improve robustness. WARNING: need to sync kernel/userland. ok dhartmei@
2003-04-27	Describe the 'C set' FIFO command better. (PR#3148, also)	Hakan Olsson

2003-04-27	Make the 'C set' FIFO command work as expected. PR#3148.	Hakan Olsson

2003-04-26	strcpy -> strlcpy.	Kenneth R Westerback
	ok dhartmei@ deraadt@ (and tdeval@ with stylistic reservations)
2003-04-26	bye bye	Theo de Raadt

2003-04-26	string cleanup; ok tedu	Theo de Raadt

2003-04-26	remove a bit more junk	Theo de Raadt

2003-04-26	remove stuff not needed	Theo de Raadt

2003-04-26	string cleaning; ok tedu	Theo de Raadt

2003-04-26	blow away file not needed	Theo de Raadt

2003-04-25	string cleanup	Theo de Raadt

2003-04-25	Support for accessing the information from the hardware monitoring sensors	Alexander Yurchenko
	via hw.sensors node. To get the information from the all sensors just do $ sysctl hw.sensors. To get the information from the particular sensor (number 5 e.g.) do $ sysctl hw.sensors.5 Tested and ok'ed by henning@ and millert@.