| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2004-12-23 | set rule_flag PFRULE_SRCTRACK when setting srctrack, found by camield@ | Daniel Hartmeier | |
| using regress test pf84 | |||
| 2004-12-22 | Introduce 'set skip on <ifspec>' to support a list of interfaces where no | Daniel Hartmeier | |
| packet filtering should occur (like loopback, for instance). Code from Max Laier, with minor improvements based on feedback from deraadt@. ok mcbride@, henning@ | |||
| 2004-12-22 | Fix parenthesis mismatch, from Stefan Miltchev. Thanks! | Hans-Joerg Hoexer | |
| While around, zap some spaces ok markus@ | |||
| 2004-12-22 | also pass SIGINT/QUIT to child, from mpech@. ok avsm@ | Otto Moerbeek | |
| 2004-12-22 | some -Wimplicit-function-declaration cleaning; ok millert@ | David Krause | |
| 2004-12-19 | use strchr instead of index | Theo de Raadt | |
| 2004-12-15 | missing free()s; with pat | Henning Brauer | |
| 2004-12-14 | &&/|| inversion would try to merge IP addresses with non-addresses into a | Mike Frantzen | |
| single table causing a ruleset load error and eventually a double-free. bug report and testing from martin{AT}spamcop net | |||
| 2004-12-14 | Reword comment a bit for clarity. hshoexer@ ok. | Hakan Olsson | |
| 2004-12-14 | add two warn() calls to make sure a warning message gets printed if one of | Mike Frantzen | |
| the table calls fails and the optimizer is gonna bomb out | |||
| 2004-12-14 | Allow the Address, Network, or Netmask values of the <IPsec-ID> to be | Ryan Thomas McBride | |
| specified with an interface name (in which case the first address is used) or the keyword 'default' (in which case the address is selected based on the default route). eg: [roadwarrior-ip] ID-type= IPV4_ADDR Address= default ok ho@ hshoexer@ | |||
| 2004-12-14 | link0 drops IP multicast, and link1 non-IP multicast. Not the other way | Camiel Dobbelaar | |
| around. ok fgsch@ | |||
| 2004-12-14 | mention /var/backups; | Jason McIntyre | |
| ok otto@ | |||
| 2004-12-13 | sync authpf anchor syntax; | Jason McIntyre | |
| also, spelling while i'm in here; from joel knight; | |||
| 2004-12-13 | make sure the isakmpd_s has id_r/s set; ok hshoexer, ho | Markus Friedl | |
| 2004-12-11 | A compare function for heapsort(3) should not just subtract two | Otto Moerbeek | |
| offsets, it does not work if the difference is large. Problem found by Jean-Gerard Pailloncyi who had false warnings of overlapping partitions. ok millert@ tedu@ | |||
| 2004-12-10 | allow pf to filter on route labels | Henning Brauer | |
| pass in from route dtag keep state queue reallyslow tested by Gabriel Kihlman <gk@stacken.kth.se> and Michael Knudsen <e@molioner.dk> and ryan ok ryan | |||
| 2004-12-10 | check msg->isakmp_sa != NULL before the transport gets updated; ok hshoexer | Markus Friedl | |
| 2004-12-08 | 1. allow up to DPD_RETRANS_MAX retransmitted R_U_THERE messages. | Markus Friedl | |
| 2. reset dpd_failcount when switching to DPD_TIMER_NORMAL. 3. ignore DPD timeouts on SAs that are marked SA_FLAG_REPLACED. ok hshoexer, ho | |||
| 2004-12-08 | NAT/T: replace the isakmpd SA transport with the transport from the | Markus Friedl | |
| message (only during phase 1). this avoids DPD messages to the 'wrong' port. ok hshoexer | |||
| 2004-12-08 | Add "'overload' requires 'max-src-conn' or 'max-src-conn-rate'" sanity check, | Ryan Thomas McBride | |
| fix some cut-n-paste mayhem in other related checks. | |||
| 2004-12-07 | space between macro arg and punctuation; | Jason McIntyre | |
| 2004-12-07 | Document 'carpdev' | Ryan Thomas McBride | |
| 2004-12-07 | Add the 'carpdev' option, to set the carp devices physical interface. | Ryan Thomas McBride | |
| If not specified, the kernel will attempt to select the correct interface by the subnet (this is the current behaviour). ok deraadt@ henning@ | |||
| 2004-12-07 | KNF | Ryan Thomas McBride | |
| 2004-12-07 | re-commit mcbride@'s 'flush global', this time without the breakage in | Daniel Hartmeier | |
| pfvar.h. builds kernel and userland. | |||
| 2004-12-07 | note that -a is the default if no params given; | Jason McIntyre | |
| `interface' is now optional; | |||
| 2004-12-07 | real backout | Theo de Raadt | |
| 2004-12-07 | oops, incomplete backout | Theo de Raadt | |
| 2004-12-07 | tree does not compile, spotted by dlg (not obvious how to fix) | Theo de Raadt | |
| ---- Change the default for 'overload <table> flush' to flush only states from the offending source created by the rule. 'flush global' flushes all states originating from the offending source. ABI change, requires kernel and pfctl to be in sync. ok deraadt@ henning@ dhartmei@ | |||
| 2004-12-07 | Change the default for 'overload <table> flush' to flush only states from the | Ryan Thomas McBride | |
| offending source created by the rule. 'flush global' flushes all states originating from the offending source. ABI change, requires kernel and pfctl to be in sync. ok deraadt@ henning@ dhartmei@ | |||
| 2004-12-07 | default to interface printing, instead of help message. any illegal - | Theo de Raadt | |
| option goes to usage. initial work by ian, changed by me, ok mcbride | |||
| 2004-12-06 | RFC2409 mandates min and max nonce lengths. hshoexer@ ok. | Hakan Olsson | |
| 2004-12-05 | extend window of "ignoring route messages on the socket" for 10 seconds | Theo de Raadt | |
| instead of 3. | |||
| 2004-12-05 | initialize $$->tail and $$->next for MAXSRCCONNRATE | Daniel Hartmeier | |
| 2004-12-04 | Userland support for limiting open tcp connections per source. eg: | Ryan Thomas McBride | |
| keep state (max-src-conn 1000, max-src-conn-rate 100/10, overflow <bad> flush) allow a maximum of 1000 open connections or 100 new connections in 10 seconds. The addresses of offenders are added to the <bad> table which can be used in the ruleset, and existing states from that host are flushed. ok deraadt@ dhartmei@ | |||
| 2004-12-02 | Default to A/UX partition type for OpenBSD newly created partitions on mac68k. | Miod Vallat | |
| ok drahn@ | |||
| 2004-12-01 | not all interfaces support mtu setting; | Jason McIntyre | |
| ok tdeval@ miod@ nick@ | |||
| 2004-12-01 | add pppoe stuff to usage(); | Jason McIntyre | |
| ok jaredy@ | |||
| 2004-12-01 | - sort options | Jason McIntyre | |
| - tweak pppoe stuff - add pppoe to `create' list ok canacar@ jaredy@ | |||
| 2004-11-29 | Spell precede correctly. | Jonathan Gray | |
| 'looks fine' millert@, krw@. ok jmc@ | |||
| 2004-11-28 | In kernel pppoe client, a simple IPv4 only implementation. | Can Erkin Acar | |
| Initial porting from NetBSD by David Berghoff. Modified/simplified to match our sppp implementation. ok deraadt@ | |||
| 2004-11-28 | 1 inode per 8192 bytes now | Ted Unangst | |
| 2004-11-26 | implement net.key.v2.sadb_dump.{unspec,esp,ah,...} sysctl subtree | Markus Friedl | |
| and use sysctl for 'ipsecadm show'; ok deraadt | |||
| 2004-11-25 | off by one in err() | Markus Friedl | |
| 2004-11-25 | Ignore 0.0.0.0 in RTM_NEWADDR messages as these messages are generated by | Claudio Jeker | |
| dhclient. This fixes the dhclient exiting problem reported by Steve Shockley. This is a fast fix for the problem acctually the dhclient-script needs to be replaced. OK henning@ deraadt@ | |||
| 2004-11-24 | replace old net/if_ieee80211.h header with the net80211 ones, userland part. | Federico G. Schwindt | |
| millert@ mcbride@ jsg@ | |||
| 2004-11-24 | typo in previous | Ian Darwin | |
| 2004-11-24 | kernfs caveats, ok deraadt@ | Ian Darwin | |
| 2004-11-23 | tweaks; | Jason McIntyre | |
| ok damien@ | |||
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |