| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2002-07-15 | add u_int8_t ifnot to struct pf_rule to support matching packets on any | Henning Brauer | |
| interface except the given one. adjust the pf_test_* functions and pf_skip_step accordingly. ok dhartmei@ | |||
| 2002-07-15 | remove duplicated interface check in test_icmp | Henning Brauer | |
| ok dhartmei@ | |||
| 2002-07-12 | Remove duplicate function declarations (they are in pfvar.h). | Artur Grabowski | |
| 2002-07-11 | KNF. | Artur Grabowski | |
| From Lurene Angela Grenier <lurene@daemonkitty.net> | |||
| 2002-07-10 | let IPv6 fragment go through based on normal rulesets. | Jun-ichiro itojun Hagino | |
| TODO: sort-of normalization against fragments for inspection ok dhartmei@ | |||
| 2002-07-05 | fix a small bug I found while installing a -current pf firewall at a | Henning Brauer | |
| client some days ago: if you had a rulefile with "set loginterface <interface>" and loaded through pfctl -e -f /etc/pf.conf, pfctl -si didn't display the interface stats, because on DIOCSTART pf_status.ifname was cleared and enableing is done after loading the ruleset. similar for DIOCCLRSTATUS, remember pf_status.ifname there as well. added feature: On DIOCSETSTATUSIF unset the statusinterface if pi->ifname is empty. ok dhartmei@ | |||
| 2002-07-03 | Change all variables definitions (int foo) in sys/sys/*.h to variable | Miod Vallat | |
| declarations (extern int foo), and compensate in the appropriate locations. | |||
| 2002-07-03 | fix a null deref in sysctl_iflist() | Michael Shalayeff | |
| 2002-07-02 | make it compile w/ ipsec and no pf ; smth that was left for homework | Michael Shalayeff | |
| 2002-07-02 | inital -> initial | Nathan Binkert | |
| 2002-07-01 | Fix really long standing bug with fetching address cache entries: | Jason Wright | |
| handle ifbac_len == 0 as per the man page; Benny Holmgren <bigfoot@astrakan.hig.se> | |||
| 2002-07-01 | license update of CMU parts. due to communication with wcw+@andrew.cmu.edu, | Theo de Raadt | |
| pushed for by tygs@netcologne.de. Apparently we also now known how to talk to the lawyers there, if we were so mad. Note that a few other copyright issues in pppd still remain, so this does not close this story. | |||
| 2002-06-30 | Fix fallout from recent changes. | Artur Grabowski | |
| 2002-06-30 | allocate sockaddr_dl for ifnet in if_alloc_sadl(), as we don't always know | Jun-ichiro itojun Hagino | |
| the size of sockaddr_dl on if_attach() - for instance, see ether_ifattach(). from netbsd. fgs ok | |||
| 2002-06-28 | KNF | Theo de Raadt | |
| 2002-06-25 | add ARP hardware type for IEEE1394 | Jun-ichiro itojun Hagino | |
| 2002-06-24 | KNF | Jun-ichiro itojun Hagino | |
| 2002-06-23 | g/c last remains of old ipv6 prefix management | Jun-ichiro itojun Hagino | |
| 2002-06-19 | this was derived from UCB if_sl. therefore, we can update the UCB if_sl | Theo de Raadt | |
| copyright contained in this. a license problem remains, of course... | |||
| 2002-06-16 | Missing braces around else case, fixes a kernel crash introduced in r1.5 if | Aaron Campbell | |
| a non-existent interface is passed to "pfctl -l". Reported by grange@disorder.ru. | |||
| 2002-06-15 | unnecessary () on cast | Jason Wright | |
| 2002-06-15 | Transparent IPsec processing on the bridge; for now works only with | Angelos D. Keromytis | |
| static keys. | |||
| 2002-06-14 | spelling; from Brian Poole <raj@cerias.purdue.edu> | Todd T. Fries | |
| 2002-06-12 | import of netbsd's vlan multicast code | Chris Cappuccio | |
| this works better than what we have now, although i have not been able to extensively test it. several folks thought it should be added | |||
| 2002-06-11 | split the grammar of scrub(fragcache) into scrub ... 'fragment reassemble', | Mike Frantzen | |
| 'fragment crop' or a new 'fragment drop-ovl' which will drop overlapping fragments and all corresponding ones ok kjell@ with feedback from kjell@ and deraadt@. the rest are slacking | |||
| 2002-06-11 | sprinkle splasserts where function comments tell us to. | Artur Grabowski | |
| 2002-06-11 | splassert(IPL_NET) where comment says that we should. | Artur Grabowski | |
| 2002-06-11 | splassert(IPL_SOFTNET) where comment indicate that. | Artur Grabowski | |
| 2002-06-11 | KNF (tabs, return (x)) | Daniel Hartmeier | |
| 2002-06-11 | enumerate UDP and OTHER state levels (similar to tcp_fsm.h) | Mike Frantzen | |
| ok dhartmei@, henning@ | |||
| 2002-06-11 | SCRUB(fragcache) to do gap tracking and overlap pruning of IPv4 fragments | Mike Frantzen | |
| without the memory overhead of the conventional defrag in SCRUB ok dhartmei@, idea by deraadt@ | |||
| 2002-06-11 | Make NAT proxy port range configurable per rule, for instance privileged | Daniel Hartmeier | |
| source ports can mapped to privileged proxy ports, or source port 500 to proxy port 500. ok frantzen@ | |||
| 2002-06-11 | Don't panic when pf_insert_state() detects an attempt to insert a | Daniel Hartmeier | |
| duplicate key. Instead, log according to log level and return gracefully. ok frantzen@ | |||
| 2002-06-11 | KNF return x -> return (x), ok frantzen@ | Daniel Hartmeier | |
| 2002-06-11 | rework pfctl statistics display | Henning Brauer | |
| move FCNT_NAMES from pfvar.h to pfctl_parser.h, only used by pfctl some input by nick@ ok frantzen@, dhartmei@ | |||
| 2002-06-10 | - stop abusing IFF_UP. | Jun-ichiro itojun Hagino | |
| - do not use L3 address pair for L2.5 address pair. configure L2.5 address pair by using "ifconfig tunnel". - IFF_LINK2 is not needed, as it is just a reverse of IFF_LINK0. - do not modify IFF_LINK1 when you modify protocol type. chris ok | |||
| 2002-06-10 | Split common code which converts a multicast address to an ethernet | Chris Cappuccio | |
| address from ether_addmulti() and ether_delmulti() into ether_multiaddr(), a'la netbsd. Also clean up some magic numbers. itojun likes it | |||
| 2002-06-10 | Allow ports to be specified in nat rules, useful later on for individual | Daniel Hartmeier | |
| proxy port ranges. | |||
| 2002-06-10 | #include <sys/timeout.h>, from Chris Kuethe | Daniel Hartmeier | |
| 2002-06-10 | easy error checks first. | Jun-ichiro itojun Hagino | |
| 2002-06-10 | Don't #include <sys/malloc.h> | Daniel Hartmeier | |
| 2002-06-10 | prevent mbuf leak on icmp_do_error() failure. | Jun-ichiro itojun Hagino | |
| NOTE: under 4.4BSD mbuf coding discipline, once you pass mbuf to a function like f(m), you no longer have ownership of the mbuf. the mbuf will always be freed by the called function f(). by keeping the programming rule you have less chance of memory leak. | |||
| 2002-06-09 | Export compression info only if the SA (xform) is initialized. | Angelos D. Keromytis | |
| 2002-06-09 | don't need device.h | Jason Wright | |
| 2002-06-09 | Make pf_nat.saddr/daddr a pf_rule_addr instead of pf_addr_wrap, so it | Daniel Hartmeier | |
| includes ports and operator. | |||
| 2002-06-09 | if_addrlen need not be 4, set to 0. From: Martin Husemann <martin@duskware.de> | Jun-ichiro itojun Hagino | |
| 2002-06-09 | make sure to bzero sockaddr_in | Jun-ichiro itojun Hagino | |
| 2002-06-09 | support SIO*PHYADDR, so that we can configure outer address with ifconfig(8) | Jun-ichiro itojun Hagino | |
| 2002-06-09 | reapply patch from jasoni@ for ICMP6_PACKET_TOO_BIG | Philipp Buehler | |
| both have been lost, due to diff thinking about reversing those lines after merge tested | |||
| 2002-06-09 | reapply patch from jasoni@ for pf_route[6] | Philipp Buehler | |
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |