| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2003-06-02 | nuke clause 3 & 4 | Jason Wright | |
| 2003-05-30 | o timeout is int, not u_int32_t | Henning Brauer | |
| o reject negative timeouts ok jason@ | |||
| 2003-05-29 | forgotten machdep.userldt; from Tom Cosgrove | Michael Shalayeff | |
| 2003-05-26 | ignore longrun struct. eliminates a warning | Ted Unangst | |
| 2003-05-25 | must not run check_netmask() before remove_invalid_hosts() - binat case had it | Henning Brauer | |
| wrong for the redirection target. reported by jared r r spiegel <jrrs@ice-nine.org> | |||
| 2003-05-24 | rename export to export_info for c++ safety. report by naddy@ | Ted Unangst | |
| 2003-05-24 | better netmask check | Henning Brauer | |
| help canacar@ ok canacar@ cedric@ | |||
| 2003-05-24 | Properly reset buffers after each "table" command. | Cedric Berger | |
| More to come for the error case. ok henning@ | |||
| 2003-05-24 | tweak; | Jason McIntyre | |
| ok cedric@ | |||
| 2003-05-24 | sync | Cedric Berger | |
| 2003-05-23 | - typos | Jason McIntyre | |
| - whitespace at EOL - new sentence, new line | |||
| 2003-05-20 | typo; | Jason McIntyre | |
| 2003-05-20 | tweak; | Jason McIntyre | |
| ok tedu@ | |||
| 2003-05-20 | turn on mount_ntfs. i386 only until we know it works somewhere else | Ted Unangst | |
| 2003-05-20 | un __P | Ted Unangst | |
| 2003-05-20 | $OpenBSD$ tags | Ted Unangst | |
| 2003-05-20 | mount_ntfs, from NetBSD via Julien Bordet | Ted Unangst | |
| 2003-05-19 | print out the full netmask; don't just ignore the upper bits in the v4 case | Henning Brauer | |
| helps finding assignment bugs. | |||
| 2003-05-19 | reject invalid netmasks like 10.0.0.0/68, and fix up the netmask for | Henning Brauer | |
| dynaddr rules after we know the address family ok dhartmei@, inspired by a session with bob | |||
| 2003-05-19 | all host() receivers have to test for NULL | Henning Brauer | |
| 2003-05-19 | err out on obviously wrong netmasks | Henning Brauer | |
| 2003-05-19 | if host() returns NULL, it is an error, so err the fuck out and don't | Henning Brauer | |
| load bullshit | |||
| 2003-05-19 | don't print altq en-/disabled - there's no point, you can't turn them on | Henning Brauer | |
| and off independently. so only complain if there's a real error. ok dhartmei@ pb@ camield@ | |||
| 2003-05-19 | style consistency | Henning Brauer | |
| 2003-05-19 | Use a decaying average for smoother rate estimates. | Camiel Dobbelaar | |
| ok henning dhartmei | |||
| 2003-05-18 | Add some path sanitation; only permit write operations to /tmp, | Hakan Olsson | |
| /var/tmp and /var/run. Opens in /etc/isakmpd/ are read-only. Any other path is invalid. markus@ ok. | |||
| 2003-05-18 | Style tweak. | Hakan Olsson | |
| 2003-05-18 | Add a debug message to sa_reinit() to indicate when we renegotiate | Hakan Olsson | |
| active connections. | |||
| 2003-05-18 | indent here in the same way as in -vsr for consistency | Henning Brauer | |
| 2003-05-18 | in the pfctl -vsr output (-vvsr/-gvvsr as well), indent instead of extra | Henning Brauer | |
| newline. requested by markus@, dhartmei and myself agree | |||
| 2003-05-18 | Forgot to remove a couple of debug messages | Hakan Olsson | |
| 2003-05-18 | struct sockaddr is not large enough in itself to contain the address | Hakan Olsson | |
| value. Switching to sockaddr_storage makes interface rescanning work properly. niklas@ ok. | |||
| 2003-05-18 | More isakmpd privsep work. X509 private keys are now kept in the privileged | Hakan Olsson | |
| process only. Various cleanup and bugfixes. markus@ ok | |||
| 2003-05-18 | Sysdep for native Linux IPSec, 2.5 and later. From Thomas Walpuski, with | Hakan Olsson | |
| various tweaks by me. niklas@ ok. | |||
| 2003-05-17 | Better return codes from mm_send_fd and mm_receive_fd | Hakan Olsson | |
| 2003-05-17 | Use log_error(), not log_fatal(). | Hakan Olsson | |
| Style. | |||
| 2003-05-17 | tweak; | Jason McIntyre | |
| ok ho@ | |||
| 2003-05-17 | Fix proxy related output. | Daniel Hartmeier | |
| 2003-05-17 | A little bugfix. We want pfioc_states, not pfioc_state. | Ryan Thomas McBride | |
| ok henning@ | |||
| 2003-05-17 | support inverse matching on tags like | Henning Brauer | |
| block in ! tagged sometag ok dhartmei@ pb@ | |||
| 2003-05-16 | If the "Renegotiate-on-HUP" tag is defined in the [General] section, a | Hakan Olsson | |
| HUP signal (or "R" to the FIFO) will also renegotiate all Phase 2 SAs, i.e all connections. ok niklas@, tested and ok kjell@. | |||
| 2003-05-16 | TCP SYN proxy. Instead of 'keep state' or 'modulate state', one can use | Daniel Hartmeier | |
| 'synproxy state' for TCP connections. pf will complete the TCP handshake with the active endpoint before passing any packets to the passive end- point, preventing spoofed SYN floods from reaching the passive endpoint. No additional memory requirements, no cookies needed, random initial sequence numbers, uses the existing sequence number modulators to translate packets after the handshakes. ok frantzen@ | |||
| 2003-05-15 | make getifaddrs(3) a default, as all BSD has it by now | Jun-ichiro itojun Hagino | |
| 2003-05-15 | properly complain about too long tags | Henning Brauer | |
| 2003-05-15 | Correct a two year old typo, which might actually make | Hakan Olsson | |
| setsockopt(..., IP_IPSEC_LOCAL_AUTH, ...) start working. | |||
| 2003-05-15 | Cleanup. Do not store the private key in either the exchange or sa structs. | Hakan Olsson | |
| 2003-05-15 | Work around some OpenSSL BIO "features" to read the key correctly. | Hakan Olsson | |
| 2003-05-15 | Proper exit of the monitor process. | Hakan Olsson | |
| 2003-05-15 | wait() for the child process | Hakan Olsson | |
| 2003-05-15 | Start of privilege separation for isakmpd. | Hakan Olsson | |
| There are some kinks left, so keep it default disabled for now. markus@ says ok to commit. | |||
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |