| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2005-03-04 | add state's tag for IPv6, too. spotted by markus@ | Daniel Hartmeier | |
| 2005-03-03 | when tagging, apply the same tag to all packets matching a state entry | Daniel Hartmeier | |
| (not just to the initial packet). note: kernel/userland abi change (rebuild pfctl). ok henning@ | |||
| 2005-02-27 | support 'tagged' in translation rules, non-delayed tag lookup | Daniel Hartmeier | |
| ok henning@, deraadt@ | |||
| 2005-02-20 | Avoid use after free when purging states. | Ryan Thomas McBride | |
| ok henning@ dhartmei@ claudio@ | |||
| 2005-02-20 | ifmedia_set() should not panic, nor can it really fail. So if there is | Brad Smith | |
| some problem setting the media to the requested value (usually IFM_AUTO), we now force the media selection to IFM_NONE. From NetBSD | |||
| 2005-02-15 | rev 1.19 | Brad Smith | |
| Avoid DoS attack by setting ifm->ifm_media to a high number and running the kernel out of memory. From NetBSD Fixes panic mentioned in PR 4088. ok krw@ mcbride@ dhartmei@ | |||
| 2005-02-15 | Fix scoping error which could cause some states with an empty ifname to be | Aaron Campbell | |
| purged errneously. mpf@ ok | |||
| 2005-02-07 | Add new function if_link_state_change() to take care of sending messages | Ryan Thomas McBride | |
| on the routing socket and notifying carp() of link changes. ok brad@ mpf@ | |||
| 2005-01-30 | Add some more reason counters and use them instead of overloading the | Daniel Hartmeier | |
| 'memory' one, which helps debugging. Alters the kernel/userland ABI, rebuild pfctl and tcpdump. ok henning@ | |||
| 2005-01-20 | Use the packet's address family instead of the rule's when selecting a | Daniel Hartmeier | |
| replacement address for an rdr rule. Some rdr rules have no address family (when the replacement is a table and no other criterion implies one AF). In this case, pf would fail to select a replacement address and drop the packet due to translation failure. Found by Gustavo A. Baratto. ok mcbride@, henning@, markus@ | |||
| 2005-01-20 | sc->sc_sync_ifp = NULL if we fail to attach the multicast group. | Ryan Thomas McBride | |
| ok mpf@ | |||
| 2005-01-20 | Use syncdev instead of syncif in ifconfig, and modify ioctl struct pfsyncreq | Ryan Thomas McBride | |
| in kernel code to match. Brings pfsync in line with carp, vlan and pppoe devices. Old syncif and -syncif options still work, will be removed later. ok markus@ | |||
| 2005-01-18 | Rewriting the lladdr can now be done without using mbuf tags. | Marco Pfatschbacher | |
| Advertisements run through the carp interface first. So we just take the address from ifp0. While we're there, also remove carp_macmatch6, which isn't used anymore. Proposed by mcbride@ ok mcbride@, pascoe@ | |||
| 2005-01-18 | If there is no match in ifaof_ifpforaddr() return the first match -- main | Claudio Jeker | |
| interface address -- and not the last one -- some alias. Also handle point to point networks a bit more special. With some input from markus@ OK markus@ henning@ fgsch@ | |||
| 2005-01-14 | First step in Bluetooth protocol stack support. | Alexander Yurchenko | |
| The code is adopted from the FreeBSD netgraph-based Bluetooth implementation by Maksim Yevmenkin <m_evmenkin@yahoo.com> but all netgraph glue was replaced with usual BSD network stack hooks. This is a work in progress. Only HCI layer works for now, L2CAP and RFCOMM are on the way. Help in testing from many, ok markus@. | |||
| 2005-01-14 | remove old ifgroups ioctls | Henning Brauer | |
| the old ifgroups haven't been in use ever really, and the new implementation is 3 months old today. theo ok (3 months ago) | |||
| 2005-01-13 | protect pfkeyv2_dump_walker with spltdb(). Noticed by mpech@, thanks! | Hans-Joerg Hoexer | |
| ok ho@ markus@ | |||
| 2005-01-08 | Unslack and increase AUTHNAMELEN, since some ISP's prefer long usernames. | Can Erkin Acar | |
| Reported long time ago by Marc Huber and more recently by Steffen Schutz. | |||
| 2005-01-07 | Make carp(4) traffic always appear on the physical (carpdev) interface | Ryan Thomas McBride | |
| from pf's perspective. ok pascoe@ dhartmei@ henning@ | |||
| 2005-01-07 | add support for BIOCGDLTLIST and BIOCSDLT, see bpf(4) | Reyk Floeter | |
| ok canacar@, fgsch@, tested by some other people | |||
| 2005-01-05 | - Use defines from pfvar.h for timeouts | Ryan Thomas McBride | |
| - instead of erroring on an attempt to set hostid to 0, just set it with arc4random() ok henning@ dhartmei@ | |||
| 2005-01-05 | Define defaults for the timeouts ensure consistency between kernel | Ryan Thomas McBride | |
| and userland. ok henning@ dhartmei@ | |||
| 2005-01-01 | Disable timeout before destroying a pppoe interface | Can Erkin Acar | |
| ok deraadt@, henning@, krw@ | |||
| 2004-12-23 | Simplify hashtable (de)allocation by moving it into the clone functions. | Camiel Dobbelaar | |
| ok mickey@ henning@, "looks good" markus@ jason@ | |||
| 2004-12-22 | Introduce 'set skip on <ifspec>' to support a list of interfaces where no | Daniel Hartmeier | |
| packet filtering should occur (like loopback, for instance). Code from Max Laier, with minor improvements based on feedback from deraadt@. ok mcbride@, henning@ | |||
| 2004-12-20 | Enforce an ordering on ifnet such that CARP interfaces appear later in the | Christopher Pascoe | |
| list than physical interfaces. This makes ifa_ifwith* prefer a physical interface over a CARP one. This addresses the problem where a CARP interface in BACKUP state is selected after a route change, resulting in a loss of communications despite there being another interface available which is perfectly usable. ok mcbride@ mpf@ | |||
| 2004-12-19 | Make it possible for carp to work on fddi and token ring again. | Ryan Thomas McBride | |
| ok pascoe@ mpf@ | |||
| 2004-12-17 | ICMP state entries use the ICMP ID as port for the unique state key. When | Daniel Hartmeier | |
| checking for a usable key, construct the key in the same way. Otherwise, a colliding key might be missed or a state insertion might be refused even though it could be inserted. The second case triggers the endless loop fixed by 1.474, possibly allowing a NATed LAN client to lock up the kernel. Report and test data by Srebrenko Sehic. | |||
| 2004-12-17 | knf cleanup, convert old k&r-style functions to ansi-style for a | Reyk Floeter | |
| consistent style in sys/net/bpf.c. ok henning@, "looks fine" canacar@ | |||
| 2004-12-17 | Reorder code in the ethernet output path, and enhance unicast address | Christopher Pascoe | |
| matching in the bridge receive path to make CARP operate correctly on physical interfaces that are participating in a bridge. ok mcbride@ henning@ dlg@ | |||
| 2004-12-16 | Clean up handling of sync_flags. | Ryan Thomas McBride | |
| ok pascoe@ | |||
| 2004-12-14 | move the ioctls w/ all the other ifaces; mcbride@ ok | Michael Shalayeff | |
| 2004-12-14 | Initialise init_addr in pf_map_addr() in the PF_POOL_ROUNDROBIN, | Ryan Thomas McBride | |
| prevents a possible endless loop in pf_get_sport() with 'static-port' Reported by adm at celeritystorm dot com in FreeBSD PR74930, debugging by dhartmei@ ok dhartmei@ | |||
| 2004-12-13 | move splsoftnet() below ACCEPT_FLAGS(), which contains a potential return. | Daniel Hartmeier | |
| from Max Laier. | |||
| 2004-12-13 | Set creation timestamps correctly on states learnt by pfsync that are | Christopher Pascoe | |
| more than a second old. ok mcbride@ henning@ | |||
| 2004-12-11 | SADB_X_EXT_LIFETIME_LASTUSE is always defined | Markus Friedl | |
| 2004-12-11 | pass out the correct lifetime type on expire | Markus Friedl | |
| 2004-12-11 | count SADB_REGISTER only once per socket | Markus Friedl | |
| 2004-12-11 | Handle errors in pf_route{,6} more gracefully. | Marco Pfatschbacher | |
| Proposed by mcbride. ok henning@, mcbride@ | |||
| 2004-12-10 | Rename carp_output() to carp_fix_lladdr(). | Ryan Thomas McBride | |
| 2004-12-10 | allow pf to filter on route labels | Henning Brauer | |
| pass in from route dtag keep state queue reallyslow tested by Gabriel Kihlman <gk@stacken.kth.se> and Michael Knudsen <e@molioner.dk> and ryan ok ryan | |||
| 2004-12-10 | fix ipsec crash from pr 4025, Stefan Miltchev; ok hshoexer@ | Markus Friedl | |
| 2004-12-10 | Run address change notification hooks when the interface address is updated. | Christian Weisgerber | |
| Notably, this fixes "(pppoe0)" in pf. ok markus@ | |||
| 2004-12-09 | Remove shadow variable 'error'. From camield@ | Ryan Thomas McBride | |
| 2004-12-08 | Call if_down() in if_clone_destroy(). Based on diff from Chris Pascoe. | Ryan Thomas McBride | |
| ok markus@ | |||
| 2004-12-08 | Check if_type in carp_carpdev_state() to make sure we're not | Ryan Thomas McBride | |
| dealing with a carp interface. | |||
| 2004-12-07 | Convert carp(4) to behave more like a regular interface, much in the same | Ryan Thomas McBride | |
| style as vlan(4). carp interfaces no longer require the physical interface to be on the same subnet as the carp interface, or even that the physical interface has an adress at all, so CARP can now be used on /30 networks. ok deraadt@ henning@ | |||
| 2004-12-07 | KNF | Ryan Thomas McBride | |
| 2004-12-07 | KNF | Ryan Thomas McBride | |
| 2004-12-07 | re-commit mcbride@'s 'flush global', this time without the breakage in | Daniel Hartmeier | |
| pfvar.h. builds kernel and userland. | |||
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |