| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2005-06-08 | if a cloned interface's destroy function fails, re-join the interface class | Henning Brauer | |
| group, spotted by and ok markus | |||
| 2005-06-08 | netns bits die | Henning Brauer | |
| 2005-06-08 | kill NS and DECNET bits | Henning Brauer | |
| 2005-06-08 | bye bye netns (and a few leftover DECNET bits while here) | Henning Brauer | |
| 2005-06-08 | huch, more netns shitz | Henning Brauer | |
| 2005-06-08 | kill some leftover bits from netns and iso routing | Henning Brauer | |
| 2005-06-08 | no more netns handling for the various tunnel devices and loopback | Henning Brauer | |
| 2005-06-08 | in rtlabel_name2id, handle the case of an empty name: return 0 | Henning Brauer | |
| label id 0 means "no label". in pf_ioctl, where this is used to filter based on a label, this is an error condition. for the other 2 cases, messages on the routing socket, this allows for an sockaddr_rtlabel to be always present for messages on the routing socket, and when it is all zero it is exactly like if there was no sockaddr_rtlabel at all. ryan ok | |||
| 2005-06-08 | more inet6 stuff that got exposed | Theo de Raadt | |
| 2005-06-08 | handle ramdisks, and kernels without inet6; henning ok | Theo de Raadt | |
| 2005-06-07 | introduce a default "external" interface group, containing the interface(s) | Henning Brauer | |
| the the default route(s) point to. handles IPv4 and IPv6 as well as multipath routes. follows default route changes, of course. eases writing pf rulesets especially on laptops etc. that use different interfaces depending on the environment (wired, wireless, ...) ok theo ryan | |||
| 2005-06-07 | oops | Theo de Raadt | |
| 2005-06-07 | avoid retarded C unsigned char -> signed integer promotion rules. | Theo de Raadt | |
| mac->ac_enaddr[2] << 24 resulted in sign extension smashing other stuff djast@cs.toronto.edu, ok mickey | |||
| 2005-06-07 | de-register, ok henning | Camiel Dobbelaar | |
| 2005-06-07 | Run vlan_input before bridge_input, and change vlan_input to not | Camiel Dobbelaar | |
| consume vlan frames that no vlan interface wants, so they can still be bridged. This way, the bridge can bridge encapsulated frames _and_ bridge between vlan interfaces. ok henning markus | |||
| 2005-06-07 | fix a possible panic in error path, | Can Erkin Acar | |
| do not try to check debug status of a non existing interface in server mode. | |||
| 2005-06-07 | do not handle CCITT any longer | Henning Brauer | |
| 2005-06-06 | Backout 1.64, switch back to two-pool allocation scheme (with oldnointr | Daniel Hartmeier | |
| allocator on one pool). Should fix PR 4231 and 4240, but reintroduces 4186. ok deraadt@ | |||
| 2005-06-06 | use a define instead of hardcoding "all" in 3 places | Henning Brauer | |
| 2005-06-06 | make cloned interfaces join an interface class group (carp for carpX, tun | Henning Brauer | |
| for tunX etc) in if_clone_create and leave it in if_clone_destroy, ryan ok | |||
| 2005-06-05 | const'ify the char *groupname param to if_addgroup and if_delgroup | Henning Brauer | |
| 2005-06-05 | const'ify the char * parameter to pfi_kif_get and pfi_group_change | Henning Brauer | |
| 2005-06-02 | tsc, ryan left debug crap behind | Henning Brauer | |
| 2005-06-01 | when dumping policies, skip those attached to a socket. | Hans-Joerg Hoexer | |
| ok ho | |||
| 2005-05-28 | Remove duplicate pfi_ifs. | Ryan Thomas McBride | |
| 2005-05-28 | Only protect IDs by suser() | Hans-Joerg Hoexer | |
| ok ho | |||
| 2005-05-28 | Add SA replay counter synchronization to pfsync(4). Required for IPsec | Hakan Olsson | |
| failover gateways. ok mcbride@, "looks good" hshoexer@ | |||
| 2005-05-27 | add missing free on error. thanks to Andrey Matveev. | Reyk Floeter | |
| 2005-05-27 | Use rtm_fmask instead of rtm_use. | Ryan Thomas McBride | |
| ok marius@ claudio@ | |||
| 2005-05-27 | Calculate an MD5 checksum over the main pf ruleset. | Marco Pfatschbacher | |
| This is the basis for further pfsync improvements, to ensure that pf rules are in sync with the master. "get it in" mcbride@ | |||
| 2005-05-27 | pass UID_MAX/NO_PID when the socket lookup failed, so tcpdump can | Daniel Hartmeier | |
| suppress output in this case. | |||
| 2005-05-27 | -in our current model, a kif has either a pointer to an interface (ifnet) or | Henning Brauer | |
| a group, or there cannot be addresses associated with it. so we can get rid of checking kifs in the 3rd case and just be done with it. -we don't need to try to manually clear the table used for the (interface) notation when both the ifp and the group pointers are NULL, the pfr_set_addrs call will do the right thing with an empty set of addrs suggested by cedric, ryan ok | |||
| 2005-05-27 | add back ACCEPT_GLAGS and active flag check, pointed out by cedric | Henning Brauer | |
| 2005-05-27 | Convert IPSP_IPSEC_x to SADB_X_FLOW_TYPE_x. hshoexer@ ok. | Hakan Olsson | |
| 2005-05-27 | Must convert back from IPPROTO_x to SADB_SATYPE_x. hshoexer@ ok | Hakan Olsson | |
| 2005-05-27 | log two pairs of uid/pid through pflog: the uid/pid of the process that | Daniel Hartmeier | |
| inserted the rule which causes the logging. secondly, the uid/pid of the process in case the logged packet is delivered to/from a local socket. a lookup of the local socket can be forced for logged packets with a new option, 'log (user)'. make tcpdump print the additional information when -e and -v is used. note: this changes the pflog header struct, rebuild all dependancies. ok bob@, henning@. | |||
| 2005-05-27 | Add rtm_fmask define to make the (ab)use of rtm_use more obvious. | Ryan Thomas McBride | |
| Suggestion from Cedric Berger ok marius@ claudio@ | |||
| 2005-05-27 | Use export_flow() to wrap policies retrieved via sysctl in pfkey message | Hans-Joerg Hoexer | |
| ok ho markus | |||
| 2005-05-27 | Add export_flow() | Hans-Joerg Hoexer | |
| ok ho markus | |||
| 2005-05-27 | only access if_linkstatehooks inside splnet. | Marco Pfatschbacher | |
| with pascoe@ | |||
| 2005-05-27 | Allow us to clear the RTM_JUMBO flag as well as set it. | Ryan Thomas McBride | |
| Reported by Cedric Berger | |||
| 2005-05-27 | Experimental support for opportunitic use of jumbograms where only some hosts | Ryan Thomas McBride | |
| on the local network support them. This adds a new socket option, SO_JUMBO, and a new route flag, RTF_JUMBO. If _both_ the socket option is set and the route for the host has RTF_JUMBO set, ip_output will fragment the packet to the largest possible size for the link, ignoring the card's MTU. The semantics of this feature will be evolving rapidly; talk to us if you intend to use it. ok deraadt@ marius@ | |||
| 2005-05-26 | remove last races of SIOCADDRT and SIOCDELRT, the 4.3BSD routing table ioctls | Henning Brauer | |
| theo ok | |||
| 2005-05-26 | support 'log' and 'log-all' in 'nat/rdr/binat pass' rules. original patch | Daniel Hartmeier | |
| from camield@. use #defines PF_LOG, PF_LOGALL instead of magic constants. ok frantzen@, camield@ | |||
| 2005-05-26 | turd polishing | Henning Brauer | |
| 2005-05-26 | repair (self) notation - just attach "self" to the "all" group | Henning Brauer | |
| 2005-05-26 | deny groupnames ending in digits in if_addgroup, frantzen ok | Henning Brauer | |
| (this has been on my todo, mike beat me to it with the check in ifconfig, but we want it here too) | |||
| 2005-05-26 | oups another unused var | Henning Brauer | |
| 2005-05-26 | unused var | Henning Brauer | |
| 2005-05-26 | remove the interface family group (i. e. "em" for "em0") | Henning Brauer | |
| I foudn this stupid from the beginning on :) talked about and agreed with ryan and theo on the hike | |||
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |