src - OpenBSD base system

Age	Commit message (Collapse)	Author
2004-02-15	18 -> ETHER_ADDR_LEN*3 in ether_sprintf() for clarity	Anil Madhavapeddy
	itojun@ ok
2004-02-13	Do an explicit pf_update_anchor_rules() after an anchor gets removed.	Marco Pfatschbacher
	In some situations not all anchor rules got updated properly, so they still refered to already freed anchors. OK dhartmei@ mcbride@ cedric@ henning@
2004-02-12	from camield:	Henning Brauer
	se hash instead of linked list to speed up tag to vlan interface mapping ok markus@ and myself
2004-02-10	KNF	Daniel Hartmeier

2004-02-10	plug mbuf leak (ip_fragment() always free mbuf on error). tested by cedric,	Jun-ichiro itojun Hagino
	dhartmei ok
2004-02-10	KNF	Henning Brauer

2004-02-10	Make pfsync work correctly with IP options on 64-bit alignment	Ryan Thomas McBride
	sensitive CPUs. Pointed out by deraadt@.
2004-02-09	Repair "set loginterface". Don't flush stats on pfctl -e. pf_status.since	Cedric Berger
	is the time of last "pf -e" or "pf -d". ok dhartmei@ henning@
2004-02-08	if_detach_rtdelete(): abort and restart rn_walktree() if a cloning route	Markus Friedl
	gets deleted; fixes pr 3649; ok henning, deraadt, dhartmei
2004-02-08	Fix kernel panic which occurs under very high load:	Ryan Thomas McBride
	- Make sure we calculate the correct maximum size for PFSYNC_ACT_UREQ. - Make pfsync_sendout() return immediately if there is nothing to send.
2004-02-07	Use the offset provided to us by m_pulldown(), rather than using size of	Ryan Thomas McBride
	ip and pfsync headers. This makes us behave correctly if the packet is spread across multiple mbufs (which does not appear to happen in practice).
2004-02-06	as seen in netbsd. crank bpf sizes to adapt to faster networks.	Ted Unangst
	max size goes to 2MB, default goes to 32k. ok canacar@ mcbride@
2004-02-04	Fix a number of bugs with setting pool limits which I introduced with	Ryan Thomas McBride
	source-tracking. Found by Pyun YongHyeon. Also add support to pfctl to set the src-nodes pool limit. "Luckily" some of the bugs cancel each other out; update kernel before pfctl. ok dhartmei@
2004-02-02	missing #if NPF > 0. ok henning@	Cedric Berger

2004-02-02	Do not evaluate pfi_index2kif[ifp->if_index] if PF is disabled.	Cedric Berger
	Safer and faster since we know that ifp->if_index can potentially be garbage. ok dhartmei@
2004-01-27	drop packet if kif == NULL; ok henning deraadt	Markus Friedl

2004-01-27	don't convert tcpmd5 to ip-over-ip in SADB_X_GETSPROTO; from hshoexer	Markus Friedl

2004-01-26	- use SIOC[GS]WAVELAN.	Federico G. Schwindt
	- fill ac_enaddr correctly. - put ic_myaddr back.
2004-01-22	- Include the value of pf_state.timeout in pfsync messages	Ryan Thomas McBride
	- Fix the expiry time calculations, for real - Unbreak the collapsing of multiple updates into one And a little KNF for good measure.
2004-01-20	the pfsync interface does not have a baudrate, so don't claim 100 MBit/s	Henning Brauer
	ok mcbride@
2004-01-20	Ignore pfsync packets if pf is not running.	Ryan Thomas McBride

2004-01-19	Update comment; handling PFSYNC_ACT_UPD in pfsync_input() is no longer	Ryan Thomas McBride
	optional.
2004-01-19	Clean up creation and expiry timestamp calculations.	Ryan Thomas McBride

2004-01-18	Port is already stored in network byte order, no need to convert.	Ryan Thomas McBride

2004-01-16	Fix IPv6 stateful tcp scrubbing by not dereferencing a null pointer.	Ryan Thomas McBride
	ok dhartmei@ frantzen@
2004-01-15	add a RTM_IFANNOUNCE message; from netbsd; ok itojun, henning	Markus Friedl

2004-01-12	use klist_invalidate to permit destroy while kqueued. ok mpf@	Ted Unangst

2004-01-09	fix leak ether_deatch(): if if_free_sadl() is called before if_detach()	Markus Friedl
	then ifnet_addrs[ifp->if_index] leaks; if it's called after if_detach() then if_free_sadl() does nothing; ok itojun
2004-01-07	PFI_MTYPE leak; ok cedric@	Markus Friedl

2004-01-07	ieee80211 framework from NetBSD; ok'd by several people some time ago.	Federico G. Schwindt
	more fixes comming.
2004-01-06	Drop UDP packets with destination port 0, or zero or oversized payload	Daniel Hartmeier
	length (same as udp_input() does, if pf is not enabled). Found by Pyun YongHyeon. ok cedric@, ho@, henning@ and markus@.
2004-01-05	stop ifc_destroy() if there are still knotes registered.	Marco Pfatschbacher
	ok mcbride@ markus@
2004-01-05	0 -> (void *)NULL for last argument of icmp_error(), which is of type	Daniel Hartmeier
	struct ifnet *, from Pyun YongHyeon
2004-01-05	Repair my merging error, simplify DIOCCLRSTATUS code. ok dhartmei@	Cedric Berger

2004-01-05	Repair merge errors. Thanks Pyun YongHyeon, Sorry Henning :)	Cedric Berger

2004-01-04	oops... string.h ended up being included twice; pointed out by espie	Peter Valchev

2004-01-04	better macro name (IF_LOCKED -> BOUND_IFACE). from markus.	Cedric Berger

2004-01-04	include proper protos for userland; deraadt	Peter Valchev

2004-01-03	make sure userland sees memcmp and friends (gcc3)	Marc Espie
	okay frantzen@
2004-01-03	put an mi wrapper around stdarg.h/varargs.h. gcc3 moved stdarg/varargs macros	Marc Espie
	to built-ins, so eventually we will have one version of these files. Special adjustments for the kernel to cope: machine/stdarg.h -> sys/stdarg.h and machine/ansi.h needs to have a _BSD_VA_LIST_ for syslog* prototypes. okay millert@, drahn@, miod@.
2003-12-31	spacing. note this, cedric	Theo de Raadt

2003-12-31	delay interfaces attach until "self" has been created; ok cedric@	Markus Friedl

2003-12-31	Many improvements to the handling of interfaces in PF.	Cedric Berger
	1) PF should do the right thing when unplugging/replugging or cloning/ destroying NICs. 2) Rules can be loaded in the kernel for not-yet-existing devices (USB, PCMCIA, Cardbus). For example, it is valid to write: "pass in on kue0" before kue USB is plugged in. 3) It is possible to write rules that apply to group of interfaces (drivers), like "pass in on ppp all" 4) There is a new ":peer" modifier that completes the ":broadcast" and ":network" modifiers. 5) There is a new ":0" modifier that will filter out interface aliases. Can also be applied to DNS names to restore original PF behaviour. 6) The dynamic interface syntax (foo) has been vastly improved, and now support multiple addresses, v4 and v6 addresses, and all userland modifiers, like "pass in from (fxp0:network)" 7) Scrub rules now support the !if syntax. 8) States can be bound to the specific interface that created them or to a group of interfaces for example: - pass all keep state (if-bound) - pass all keep state (group-bound) - pass all keep state (floating) 9) The default value when only keep state is given can be selected by using the "set state-policy" statement. 10) "pfctl -ss" will now print the interface scope of the state. This diff change the pf_state structure slighltly, so you should recompile your userland tools (pfctl, authpf, pflogd, tcpdump...) Tested on i386, sparc, sparc64 by Ryan Tested on macppc, sparc64 by Daniel ok deraadt@ mcbride@
2003-12-28	Add a new PFSYNC_ACT_UREQ message type.	Ryan Thomas McBride
	A pfsync system which recieves a partial update for a state it cannot find can now request a full version of the update, and insert it. pfsync'd firewalls now converge more gracefully if one is missing some states (due to reset, lost insert packets, etc).
2003-12-22	pasto in pf_status.src_nodes backup, from 'kirash'	Daniel Hartmeier

2003-12-19	more const-correctness, ok mcbride@	Daniel Hartmeier

2003-12-19	i wrote much of these, assert my copyright	Henning Brauer

2003-12-19	rn_satsifies_leaf -> rn_satisfies_leaf	Brad Smith
	from itojun@netbsd rev 1.15 ok deraadt@
2003-12-18	Save pf_status.hostid and pf_status.stateid in the DIOCCLRSTATUS	Ryan Thomas McBride
	ioctl. Pointed out by dhartmei@ ok dhartmei@
2003-12-18	Unbreak compile with no pfsync(4) device.	Ryan Thomas McBride
	patch from Max Laier