summaryrefslogtreecommitdiff
path: root/sys/net
AgeCommit message (Collapse)Author
2002-05-29attach nd_ifinfo structure to if_afdata.Jun-ichiro itojun Hagino
split IPv6 MTU (advertised by RA) from real link MTU. sync with kame
2002-05-29simplify comment, sync w/kameJun-ichiro itojun Hagino
2002-05-28remove duplicated fragmentation code in favour of ip_fragment()..jasoni
- ok dhartmei@
2002-05-28refragment ip packets if too large for the outgoing interfacejasoni
- ok jason@, dhartmei@
2002-05-27if_attach() gets called before domaininit(). scan all interfaces for if_afdataJun-ichiro itojun Hagino
initialization after domaininit().
2002-05-27framework to add af-dependent data structure to struct ifnet.Jun-ichiro itojun Hagino
as discussed at bsd-api-discuss. sync w/kame
2002-05-24more IANA values. official # for bridge is assigned. jason okJun-ichiro itojun Hagino
2002-05-21Junk gcc's deprecated __FUNCTION__. Use standard __func__ instead.Marc Espie
ok dhartmei@
2002-05-20Allow SIOCSIFMTU on gif interfaces.Artur Grabowski
From Mattias Amnefelt mattiasa at e.kth.se. niels@ ok.
2002-05-19KNF againTheo de Raadt
2002-05-17sync with KAME.Kenjiro Cho
- make altq_etherclassify() able to handle packets whose ethernet header is in a separate mbuf.
2002-05-12correct AH header chasing. ok dhartmei@openbsdJun-ichiro itojun Hagino
2002-05-12Add gid based filtering, reduce to one (effective) uid, rename parserDaniel Hartmeier
keywords to 'user' and 'group'.
2002-05-09Add a max-mss option to the scrub rule which will enforce a maximum mssjasoni
by lowering it to the given value. - ok dhartmei@, provos@
2002-05-09Introduce user based filtering. Rules can specify ruid and euid (real andDaniel Hartmeier
effective user ID) much like ports. The user of a packet is either the user that opens an outgoing connection, the one that listens on a socket, or 'unknown' if the firewall is not a connection endpoint (for forwarded connections). Socket uid lookup code from jwk@bug.it.
2002-05-07move ether_crc32_le to if_ethersubr.c. Add ether_crc32_beNathan Binkert
2002-05-06typo in commentjasoni
2002-05-05Instead of returning a useless kernel space pointer for the rule thatDaniel Hartmeier
created the state from DIOCGETSTATE(S), return the integer rule number, Print rule number (if existant) from pfctl -vss. Suggested by Jeff Nathan.
2002-04-24Add dynamic (in-kernel) interface name -> address translation. Instead ofDaniel Hartmeier
using just the interface name instead of an address and reloading the rule set whenever the interface changes its address, the interface name can be put in parentheses, and the kernel will keep track of changes and update rules. There is no additional cost for evaluating rules (per packet), the cost occurs when an interface changes address (and the rules are traversed and updated where necessary).
2002-04-24Initialize if_addrhooks in if_attachhead() like in if_attach(), eitherDaniel Hartmeier
one may be called.
2002-04-24Add hooks to struct ifnet that allow to register callbacks that will beDaniel Hartmeier
notified of interface address changes. ok provos@, angelos@
2002-04-23Allow explicit filtering of fragments when they are not reassembled.Daniel Hartmeier
Document fragment handling in the man page. Short version: if you're scrubbing everything (as is recommended, in general), nothing changes. If you want to deal with fragments manually, read the man page. ok frantzen.
2002-04-20Move normalization messages from log level 'urgent' to 'misc'.Daniel Hartmeier
2002-04-20All calls to pool_get(9) should use PR_xx flags, not M_xx.Federico G. Schwindt
millert dhartmei ok.
2002-04-10o Add ibss and ibss-master mediaopt for ifconfigTodd C. Miller
o Map port type 4 to ibss regardless of firmware type. This gives us a consistent way to set ibss mode.
2002-04-08Credit DARPA/USAF appropriately.Jason Wright
2002-04-03WCCP sysctl variable -- ok deraadt@ niklas@Angelos D. Keromytis
2002-03-31Use ip_defttl as ttl for return-rst instead of an arbitrary hardcodedDaniel Hartmeier
value (128). This matches the stack's default setting and honours sysctl net.inet.ip.ttl, making RSTs generated by pf harder to distinguish from RSTs sent by the real destination.
2002-03-30Initialize sequence number high limit from 1 to the real value with theDaniel Hartmeier
first packet. ok frantzen@
2002-03-28some BITS defs for %bMichael Shalayeff
2002-03-28i forgot these for if_wiMichael Shalayeff
2002-03-27implement a "no-route" keyword.Michael Shalayeff
usage semantics are analogous w/ "any", meaning is "any ip address for which there is no route in the current routing table", could be used in both from and to. typical usage would be (assuming symmetrical routing): block in from no-route to any also doc "any" in the pf.conf.5, include in regress, etc. tested by me on i386 and sparc. dhartmei@ and frantzen@ ok
2002-03-26Change default logging level from none to urgent. Should never printDaniel Hartmeier
anything, and if it does, it should be reported.
2002-03-25Ignore 'keep state' for ICMP errors whose inner headers mismatch stateDaniel Hartmeier
but are passed by rules. Found by Henning Brauer.
2002-03-25add ioctl DIOCKILLSTATES to shootdown a subset of the state table. allowsMike Frantzen
discrimination on src/dst ips and netmask, src/dst port range and protocol. ok dhartmei@
2002-03-24deref of NULL in out of mbuf situation, ok jason@Niklas Hallqvist
2002-03-18filter ipv6 on the bridge.jasoni
- ok jason@
2002-03-15Kill #if __STDC__ used to do K&R vs. ANSI varargs/stdarg; just do thingsTodd C. Miller
the ANSI way.
2002-03-15Cosmetic changes only, primarily making comments line up nicely after theTodd C. Miller
__P removal.
2002-03-14Final __P removal plus some cosmetic fixupsTodd C. Miller
2002-03-14First round of __P removal in sysTodd C. Miller
2002-03-12sync with KAMEKenjiro Cho
ALTQify more drivers. ok millert@
2002-03-08Fix arc4random() usage; add more randomness to pf_get_sport().Mike Pechkin
dhartmei@, provos@ ok
2002-03-03Fix crashes associated with SADB_GET/SADB_DUMP --- memory was notAngelos D. Keromytis
allocated on outgoing message for encryption/authentication keys --- from umaraghunath@hotmail.com
2002-02-26Add optional pool memory hard limits, mainly as temporary solutionDaniel Hartmeier
until pool exhaustion causes problems no more.
2002-02-25Change timeouts from microtime() to time.tv_sec like in pf.c,Daniel Hartmeier
initialize fr_timeout, free frent in pf_reassemble() when it's not inserted into a frag. ok provos@
2002-02-23SRC prefix is not required for some operations.Angelos D. Keromytis
2002-02-23Pools that are only used in the ioctls can use the nointr allocator.Artur Grabowski
2002-02-22IEEE80211_NWKEY_* flags; from netbsdMichael Shalayeff
2002-02-21Correctly initialize the compression case.Angelos D. Keromytis