Age | Commit message (Collapse) | Author | |
---|---|---|---|
2002-05-29 | attach nd_ifinfo structure to if_afdata. | Jun-ichiro itojun Hagino | |
split IPv6 MTU (advertised by RA) from real link MTU. sync with kame | |||
2002-05-29 | simplify comment, sync w/kame | Jun-ichiro itojun Hagino | |
2002-05-28 | remove duplicated fragmentation code in favour of ip_fragment().. | jasoni | |
- ok dhartmei@ | |||
2002-05-28 | refragment ip packets if too large for the outgoing interface | jasoni | |
- ok jason@, dhartmei@ | |||
2002-05-27 | if_attach() gets called before domaininit(). scan all interfaces for if_afdata | Jun-ichiro itojun Hagino | |
initialization after domaininit(). | |||
2002-05-27 | framework to add af-dependent data structure to struct ifnet. | Jun-ichiro itojun Hagino | |
as discussed at bsd-api-discuss. sync w/kame | |||
2002-05-24 | more IANA values. official # for bridge is assigned. jason ok | Jun-ichiro itojun Hagino | |
2002-05-21 | Junk gcc's deprecated __FUNCTION__. Use standard __func__ instead. | Marc Espie | |
ok dhartmei@ | |||
2002-05-20 | Allow SIOCSIFMTU on gif interfaces. | Artur Grabowski | |
From Mattias Amnefelt mattiasa at e.kth.se. niels@ ok. | |||
2002-05-19 | KNF again | Theo de Raadt | |
2002-05-17 | sync with KAME. | Kenjiro Cho | |
- make altq_etherclassify() able to handle packets whose ethernet header is in a separate mbuf. | |||
2002-05-12 | correct AH header chasing. ok dhartmei@openbsd | Jun-ichiro itojun Hagino | |
2002-05-12 | Add gid based filtering, reduce to one (effective) uid, rename parser | Daniel Hartmeier | |
keywords to 'user' and 'group'. | |||
2002-05-09 | Add a max-mss option to the scrub rule which will enforce a maximum mss | jasoni | |
by lowering it to the given value. - ok dhartmei@, provos@ | |||
2002-05-09 | Introduce user based filtering. Rules can specify ruid and euid (real and | Daniel Hartmeier | |
effective user ID) much like ports. The user of a packet is either the user that opens an outgoing connection, the one that listens on a socket, or 'unknown' if the firewall is not a connection endpoint (for forwarded connections). Socket uid lookup code from jwk@bug.it. | |||
2002-05-07 | move ether_crc32_le to if_ethersubr.c. Add ether_crc32_be | Nathan Binkert | |
2002-05-06 | typo in comment | jasoni | |
2002-05-05 | Instead of returning a useless kernel space pointer for the rule that | Daniel Hartmeier | |
created the state from DIOCGETSTATE(S), return the integer rule number, Print rule number (if existant) from pfctl -vss. Suggested by Jeff Nathan. | |||
2002-04-24 | Add dynamic (in-kernel) interface name -> address translation. Instead of | Daniel Hartmeier | |
using just the interface name instead of an address and reloading the rule set whenever the interface changes its address, the interface name can be put in parentheses, and the kernel will keep track of changes and update rules. There is no additional cost for evaluating rules (per packet), the cost occurs when an interface changes address (and the rules are traversed and updated where necessary). | |||
2002-04-24 | Initialize if_addrhooks in if_attachhead() like in if_attach(), either | Daniel Hartmeier | |
one may be called. | |||
2002-04-24 | Add hooks to struct ifnet that allow to register callbacks that will be | Daniel Hartmeier | |
notified of interface address changes. ok provos@, angelos@ | |||
2002-04-23 | Allow explicit filtering of fragments when they are not reassembled. | Daniel Hartmeier | |
Document fragment handling in the man page. Short version: if you're scrubbing everything (as is recommended, in general), nothing changes. If you want to deal with fragments manually, read the man page. ok frantzen. | |||
2002-04-20 | Move normalization messages from log level 'urgent' to 'misc'. | Daniel Hartmeier | |
2002-04-20 | All calls to pool_get(9) should use PR_xx flags, not M_xx. | Federico G. Schwindt | |
millert dhartmei ok. | |||
2002-04-10 | o Add ibss and ibss-master mediaopt for ifconfig | Todd C. Miller | |
o Map port type 4 to ibss regardless of firmware type. This gives us a consistent way to set ibss mode. | |||
2002-04-08 | Credit DARPA/USAF appropriately. | Jason Wright | |
2002-04-03 | WCCP sysctl variable -- ok deraadt@ niklas@ | Angelos D. Keromytis | |
2002-03-31 | Use ip_defttl as ttl for return-rst instead of an arbitrary hardcoded | Daniel Hartmeier | |
value (128). This matches the stack's default setting and honours sysctl net.inet.ip.ttl, making RSTs generated by pf harder to distinguish from RSTs sent by the real destination. | |||
2002-03-30 | Initialize sequence number high limit from 1 to the real value with the | Daniel Hartmeier | |
first packet. ok frantzen@ | |||
2002-03-28 | some BITS defs for %b | Michael Shalayeff | |
2002-03-28 | i forgot these for if_wi | Michael Shalayeff | |
2002-03-27 | implement a "no-route" keyword. | Michael Shalayeff | |
usage semantics are analogous w/ "any", meaning is "any ip address for which there is no route in the current routing table", could be used in both from and to. typical usage would be (assuming symmetrical routing): block in from no-route to any also doc "any" in the pf.conf.5, include in regress, etc. tested by me on i386 and sparc. dhartmei@ and frantzen@ ok | |||
2002-03-26 | Change default logging level from none to urgent. Should never print | Daniel Hartmeier | |
anything, and if it does, it should be reported. | |||
2002-03-25 | Ignore 'keep state' for ICMP errors whose inner headers mismatch state | Daniel Hartmeier | |
but are passed by rules. Found by Henning Brauer. | |||
2002-03-25 | add ioctl DIOCKILLSTATES to shootdown a subset of the state table. allows | Mike Frantzen | |
discrimination on src/dst ips and netmask, src/dst port range and protocol. ok dhartmei@ | |||
2002-03-24 | deref of NULL in out of mbuf situation, ok jason@ | Niklas Hallqvist | |
2002-03-18 | filter ipv6 on the bridge. | jasoni | |
- ok jason@ | |||
2002-03-15 | Kill #if __STDC__ used to do K&R vs. ANSI varargs/stdarg; just do things | Todd C. Miller | |
the ANSI way. | |||
2002-03-15 | Cosmetic changes only, primarily making comments line up nicely after the | Todd C. Miller | |
__P removal. | |||
2002-03-14 | Final __P removal plus some cosmetic fixups | Todd C. Miller | |
2002-03-14 | First round of __P removal in sys | Todd C. Miller | |
2002-03-12 | sync with KAME | Kenjiro Cho | |
ALTQify more drivers. ok millert@ | |||
2002-03-08 | Fix arc4random() usage; add more randomness to pf_get_sport(). | Mike Pechkin | |
dhartmei@, provos@ ok | |||
2002-03-03 | Fix crashes associated with SADB_GET/SADB_DUMP --- memory was not | Angelos D. Keromytis | |
allocated on outgoing message for encryption/authentication keys --- from umaraghunath@hotmail.com | |||
2002-02-26 | Add optional pool memory hard limits, mainly as temporary solution | Daniel Hartmeier | |
until pool exhaustion causes problems no more. | |||
2002-02-25 | Change timeouts from microtime() to time.tv_sec like in pf.c, | Daniel Hartmeier | |
initialize fr_timeout, free frent in pf_reassemble() when it's not inserted into a frag. ok provos@ | |||
2002-02-23 | SRC prefix is not required for some operations. | Angelos D. Keromytis | |
2002-02-23 | Pools that are only used in the ioctls can use the nointr allocator. | Artur Grabowski | |
2002-02-22 | IEEE80211_NWKEY_* flags; from netbsd | Michael Shalayeff | |
2002-02-21 | Correctly initialize the compression case. | Angelos D. Keromytis | |