| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2003-09-09 | slight cleanup of man page and sync usage(); | Jason McIntyre | |
| 2003-09-05 | socket leak on error paths. from Patrick Latifi. ok deraadt@ ho@ | Ted Unangst | |
| 2003-09-02 | Xref boot_mvme88k | Miod Vallat | |
| 2003-09-02 | escape punctuation; | Jason McIntyre | |
| ok deraadt@ | |||
| 2003-09-02 | A couple of nits. deraadt@ ok. | Hakan Olsson | |
| 2003-09-02 | Require ISAKMP_FLAGS_ENC on phase 2 messages. ok markus@, deraadt@. | Hakan Olsson | |
| 2003-09-02 | For easier compilation on linux systems. Requested by Thomas Walpuski. | Hakan Olsson | |
| 2003-09-01 | KNF | Henning Brauer | |
| 2003-08-31 | add references to /etc/mygate in FILES and SEE ALSO; | Jason McIntyre | |
| from Han Boetes. | |||
| 2003-08-29 | Document interactions between tables and anchors. | Cedric Berger | |
| Add a warning on global/anchor name clashes to help prevent mistakes from our users during the 3.3 -> 3.4 switch. ok henning@ | |||
| 2003-08-29 | exclude __sparc64__ since it can handle 16k blocks. from jason@ | Ted Unangst | |
| 2003-08-28 | sparcs cannot handle booting from > 8k block partitions, so set the root | Ted Unangst | |
| partition block size back down. | |||
| 2003-08-28 | This change is busted. what's worse, REGRESSION TESTS WOULD HAVE CAUGHT IT! | Kjell Wooding | |
| You MUST test nework stack changes on BOTH BYTE-ORDERS. Someone can fix this later, but right now I need to get the damn firewall up. Grr. | |||
| 2003-08-28 | support AES in phase 1, too. switch to OpenSSL EVP interface; | Markus Friedl | |
| with Hans-Joerg.Hoexer at yerbouti.franken.de; ok ho@ | |||
| 2003-08-28 | tweak; | Jason McIntyre | |
| ok frantzen@ | |||
| 2003-08-27 | kill dangling 'else'. fixes modulus in W and M TCP options | Mike Frantzen | |
| 2003-08-27 | typos from deraadt@; | Jason McIntyre | |
| 2003-08-26 | catch port/user/group a <>/>< b with a >= b, from mpech@ | Daniel Hartmeier | |
| 2003-08-26 | mark cloned route with RTF_CLONED. remove RTF_CLONED route when clone parent | Jun-ichiro itojun Hagino | |
| disappers. deraadt ok | |||
| 2003-08-25 | rename struct dinode to ufs1_dinode. clears the namespace and makes | Ted Unangst | |
| way for some future work. no function changes yet. help testing otto@ and markus@ | |||
| 2003-08-25 | catch return-rst ttl values > 255, from aaron@ | Daniel Hartmeier | |
| 2003-08-24 | Tweaks: | Cedric Berger | |
| - Make sure we allow only tables in round-robin pools for routing options, same as what we do for translation rules. - Don't reject rules like: "nat on sis0 -> <foo>" because "no address family is given". This is perfectly valid. ok henning@ | |||
| 2003-08-24 | don't print info about duplicate emuls. gives the illusion there is only | Ted Unangst | |
| one linux emul and one freebsd emul. ok deraadt@ | |||
| 2003-08-23 | document necessity for sysctl to enable compat code. ok deraadt@ | Ted Unangst | |
| 2003-08-22 | correct printf arg mismatch (in 64bit arch). dhartmei ok | Jun-ichiro itojun Hagino | |
| 2003-08-22 | pf spelling police | David Krause | |
| ok dhartmei@ jmc@ | |||
| 2003-08-22 | move pfctl_file_fingerprints() call, table commands can use -f themselves | Daniel Hartmeier | |
| (like pfctl -t spammers -vvTt -f file, causing EPERM on DIOCOSFPFLUSH). | |||
| 2003-08-22 | KNF | Henning Brauer | |
| 2003-08-21 | Add Michal Zalewski's p0f v2 style passive OS fingerprinting to PF. | Mike Frantzen | |
| Exposes the source IP's operating system to the filter language. Interesting policy decisions are now enforceable: . block proto tcp from any os SCO . block proto tcp from any os Windows to any port smtp . rdr ... from any os "Windows 98" to port WWW -> 127.0.0.1 port 8001 | |||
| 2003-08-21 | emulation is now controlled by sysctl. changes: | Ted Unangst | |
| add e_flags to struct emul. this stores on/off and native flags. check for emul enabled in check_exec(). gather all the emuls into a emulsw so a sysctl can find them. create sysctl. move maxhdrsiz calcualation into init_main so it cleans up sys_execve codepath. teach sysctl utility to grok kern.emul hierarchy. requested and ok deraadt@ some comments from mickey@ | |||
| 2003-08-21 | More boot_foo Xr are valid now. | Miod Vallat | |
| 2003-08-20 | braindeadness police: catch queues which specify itself as child... 'nuff said | Henning Brauer | |
| 2003-08-20 | Zap an old "Identification" tag in this sample config. I have no idea | Hakan Olsson | |
| what it was supposed to do and in any case there is no reference to this tag in current code. Pointed out by Fridtjof Busse. | |||
| 2003-08-20 | catch invalid CBQ priorities earlier, including a better error message | Henning Brauer | |
| prodded by mpech@ | |||
| 2003-08-20 | err out nicer on errors in queue def | Henning Brauer | |
| 2003-08-20 | certpatch(8) can be used to create FQDN X509v3 extensions too. | Hakan Olsson | |
| From Fridtjof Busse, via henning@. Thanks. | |||
| 2003-08-18 | catch max-mss values > 65535, report by Gregory Steuck | Daniel Hartmeier | |
| 2003-08-18 | typos; ho@ | Markus Friedl | |
| note that ping is still not working on -current; however, SA/SPD/flow setup works for testing isakmpd/ipsec on a signle machine. | |||
| 2003-08-16 | more errx/warnx style \n errors; tom.cosgrove@arches-consulting.com | Theo de Raadt | |
| 2003-08-11 | Dynamic select(2) support; deraadt@ OK | Todd C. Miller | |
| 2003-08-09 | This patch remove the restriction that tables cannot be used in routing or | Cedric Berger | |
| redirection rules... The advantage of using tables in redirection/routing rules is not efficiency, in fact it will run slower than straight address pools. However, this brings a lot of flexibility to PF, allowing simple scripts/daemons to add/remove addresses from redirection/routing pools easily. This implementation support all table features, including cidr blocks and negated addresses. So specifying { 10.0.0.0/29 !10.0.0.0 !10.0.0.7 } will correctly round-robin between the six addresses: .1, .2, .3, .4, .5, .6. Tables can also be combined with simple addresses, so the following rule will work as expected: "nat on foo0 -> { 1.1.1.1 <bar> }" ok henning@ mcbride@ | |||
| 2003-08-09 | new sentence, new line + small cleanup; | Jason McIntyre | |
| ok ho@ | |||
| 2003-08-08 | refer to RFCs consistently (RFC XXXX); | Jason McIntyre | |
| 2003-08-08 | Be more careful when using constant_lookup() in messages. Pointed out by | Hakan Olsson | |
| Jean-Francois Dive, although I opted for a slightly different patch. | |||
| 2003-08-08 | Fine grained selectors for Linux native IPsec. From Jean-Francois Dive. | Hakan Olsson | |
| 2003-08-07 | add missing tags and make this compile with debug. | Federico G. Schwindt | |
| 2003-08-06 | Remove some double semicolons (hmm, do two semis equal a maxi?). | Todd C. Miller | |
| I've skipped the GNU stuff for now. From Patrick Latifi. | |||
| 2003-08-06 | Remove an unused variable and plug a memory leak; Patrick Latifi | Todd C. Miller | |
| 2003-08-06 | support ESP with cast/blowfish in KAME plattforms | Markus Friedl | |
| 2003-08-06 | support ESP with cast/blowfish on KAME platforms | Markus Friedl | |
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |