| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2001-08-23 | Correct ipsec_id_string buffer and length handling. | Niklas Hallqvist | |
| 2001-08-23 | Compile on old systems, my version. | Niklas Hallqvist | |
| 2001-08-23 | RSA-enabling is not necessary anymore. | Niklas Hallqvist | |
| 2001-08-23 | ignore EEXIST for SPDADD on KAME; ok ho@ | Markus Friedl | |
| 2001-08-23 | sync w/ netbsd | Markus Friedl | |
| 2001-08-23 | recieve -> receive | Aaron Campbell | |
| 2001-08-23 | o for a port_item, initialize the "next" pointer to NULL | Todd C. Miller | |
| o for an address, use calloc() instead of malloc() so the struct is zeroed Fixes a SEGV in pfctl due to uninitialized "next" pointers. | |||
| 2001-08-23 | Support var="string". Expansion (at lex time) done using $var, for instance: | Theo de Raadt | |
| okproto="{ssh, smtp, domain, auth}" pass in on key0 proto tcp from any to any port $okproto keep state Can I ask someone else to document this in pf.conf(5)? | |||
| 2001-08-23 | KNF | Theo de Raadt | |
| 2001-08-23 | for -s all, do not error out when the first ioctl fails | Theo de Raadt | |
| 2001-08-23 | fix usage | Theo de Raadt | |
| 2001-08-23 | do not permit snaplen change on an active log file | Theo de Raadt | |
| 2001-08-22 | Revert last change. | Hakan Olsson | |
| 2001-08-22 | Compile on older systems. | Hakan Olsson | |
| 2001-08-22 | use ipsec_id_string() when generating rawkey file names. | Hakan Olsson | |
| 2001-08-22 | ftp-proxy | Bob Beck | |
| 2001-08-22 | If we fail to get a key from DNSSEC, RAWKEY can still succeed. | Hakan Olsson | |
| 2001-08-22 | Modify as per deraadt@'s wishes. aaron@ ok. | Hakan Olsson | |
| 2001-08-22 | clarify tcpdump use; frantzen | Theo de Raadt | |
| 2001-08-22 | Add an example. | Hakan Olsson | |
| 2001-08-22 | Add a manual page. | Hakan Olsson | |
| 2001-08-22 | DNS KEY RR values. | Hakan Olsson | |
| 2001-08-22 | Cleanup and style fixes. Use getopt(). | Hakan Olsson | |
| 2001-08-22 | properly handle empty log file | Theo de Raadt | |
| 2001-08-22 | USER_FQDN ID support, untested. | Hakan Olsson | |
| 2001-08-22 | IPCOMP policy control should be optional for backward | Niklas Hallqvist | |
| compatibility. | |||
| 2001-08-22 | Alphabeticize extern decls. | Niklas Hallqvist | |
| 2001-08-22 | Add ipsec_id_string, a function for converting IDs to on epossible | Niklas Hallqvist | |
| string form, to be used for IKE mode config and raw key selection by ID. Not yet used though. | |||
| 2001-08-22 | Need an extra sa_release() when de-allocating exchange-associated SAs; | Angelos D. Keromytis | |
| thus, failed exchanges/negotiations don't leak SAs and transports. ok niklas@ | |||
| 2001-08-22 | Bypass IPCOMP too. | Niklas Hallqvist | |
| 2001-08-21 | pflogd; work by canacar@eee.metu.edu.tr and myself | Theo de Raadt | |
| 2001-08-21 | Remove /usr/bin/mkfifo link -- mkfifo has lived in /sbin for several | Todd C. Miller | |
| releases now. | |||
| 2001-08-20 | Powered by @mantoya. | Mike Pechkin | |
| o) fix bogus .Xr usage; millert@ ok. | |||
| 2001-08-19 | do not spin if no states are found | Theo de Raadt | |
| 2001-08-19 | Document per-rule byte counter. | Daniel Hartmeier | |
| 2001-08-19 | Add per-rule byte counter, so mickey can do accounting. We're counting the | Daniel Hartmeier | |
| data part (without IP and TCP/UDP/ICMP headers), like the state counter does. | |||
| 2001-08-19 | Document per-rule statistics. If the evaluation counters look funny, | Daniel Hartmeier | |
| think skip steps. | |||
| 2001-08-19 | Prevent section leak in conf space. | Angelos D. Keromytis | |
| 2001-08-19 | Print per-rule statistics when -v is used with -sr (show rules). | Daniel Hartmeier | |
| 2001-08-19 | Unfuck some TCP state stuff that would drop the SYN|ACK. | Mike Frantzen | |
| Enumerated the TCP states. Here's a mapping new->old tcp states if anyone gives a shit: TCPS_CLOSED 0 TCPS_SYN_SENT 1 TCPS_ESTABLISHED 2 TCPS_CLOSING 3 TCPS_FIN_WAIT_2 4 TCPS_TIME_WAIT 5 | |||
| 2001-08-19 | Add parameter list support to parser. Handles lists for protocol, hosts | Daniel Hartmeier | |
| and ports in filter rules, like block in from { 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16 } to any pass in proto tcp from any to any port { ssh, 1024 >< 2000, > 65000 } block in proto { udp, igmp } and does rule expansion (generate all needed rule combinations). | |||
| 2001-08-19 | fix buffer underrun on 1.51 | Jun-ichiro itojun Hagino | |
| 2001-08-18 | make pfctl -s state SCREAM; frantzen is now happy | Theo de Raadt | |
| 2001-08-18 | careful with snprintf() == -1; ho, provos | Theo de Raadt | |
| 2001-08-18 | also handle snprintf() < 0 | Theo de Raadt | |
| 2001-08-18 | more careful with snprintf result code | Theo de Raadt | |
| 2001-08-18 | prettier printing of states | Theo de Raadt | |
| 2001-08-18 | typo. From: "Brian J. Kifiak" <bk@rt.fm> | Jun-ichiro itojun Hagino | |
| 2001-08-18 | Add a possibility to add a random offset to the stack on exec. This makes | Artur Grabowski | |
| it slightly harder to write generic buffer overflows. This doesn't really give any real security, but it raises the bar for script-kiddies and it's really cheap. The range of the random offsets is controlled by the sysctl kern.stackgap_random (must be a power of 2). This is disabled by default right now, but we'll set it to a reasonable value (1024?) soon, after some more testing. | |||
| 2001-08-17 | Fix keyed HMAC where the key was longer than the blocksize | Niklas Hallqvist | |
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |