| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2004-09-09 | Copy out anchors with relative paths and wildcards correctly, | Daniel Hartmeier | |
| from jaredy@, ok henning@, mcbride@, deraadt@ | |||
| 2004-08-30 | Increment the states reference counter in the rule attached to the state | Ryan Thomas McBride | |
| being inserted, so that the counter does not wrap back when the state is removed. This fixes pfsync setups with adaptive timeouts. From Chris Pascoe ok canacar@ dhartmei@ henning@ deraadt@ | |||
| 2004-08-18 | fix bad packets passed to bpf from the gre(4) interface. | Can Erkin Acar | |
| reported by Robert Stone ( robert at arbor net ) via PR 3852 This is a different fix since gre(4) may carry non-ip packets. tested by Robert Stone and markus@ ok markus@ deraadt@ | |||
| 2004-08-18 | skip splx() for skiplookup; report Vafa D. Izadinia; ok henning, canacar | Markus Friedl | |
| 2004-08-15 | undo last commit, skipping over ifaddrs without IFA_ROUTE has unwanted | Henning Brauer | |
| sideffects in IPv6 land, noticed by Johan Fredin <griffin@legonet.org> | |||
| 2004-08-11 | skip over interface addresses without IFA_ROUTE, fixes some issue with pppd | Henning Brauer | |
| from Max Laier <max@love2party.net> | |||
| 2004-08-10 | Add SADB_X_EXT_LIFETIME_LASTUSE for use with isakmpd/DPD, adding this | Hakan Olsson | |
| extends the bitmap to 64bits. Also repair SADB_GET. hshoexer@ ok. | |||
| 2004-08-10 | when inserting a dynamic group entry into the pfi_ifs tree, don't incorrectly | David Gwynne | |
| create an interface entry with the same name. Prevents panics due to subsequent invalid refcounting. from Chris Pascoe ok dhartmei@ henning@ | |||
| 2004-08-09 | Change static functions to be non-static, for better backtraces. | Otto Moerbeek | |
| ok krw@ henning@ | |||
| 2004-08-08 | Zero route info structure in rtredirect(), avoiding a panic on label | Otto Moerbeek | |
| copy. ok millert@ deraadt@ henning@ | |||
| 2004-08-03 | the rest of the '#if DIAGNOSTIC' -> '#ifdef DIAGNOSTIC' in the kernel; ok miod@ | Todd T. Fries | |
| 2004-08-03 | introduce route labels, allowing for up to 32 bytes of info to be attached | Henning Brauer | |
| to a route. the label is sent over the routing socket wrapped into a new struct sockaddr_rtlabel, allowing for handling it like any other sockaddr. struct rtentry only contains a (16 bit) label-ID, with the actual labels kept outside the routing table. ID allocator code inspired by my own code for altq and pf tags. mostly hacked at the c2k4 hackathon, markus ok | |||
| 2004-08-03 | Allow a unicast ip address to be specified for pfsync to send it's state | Ryan Thomas McBride | |
| updates to; this allows pairs of pfsync firewalls to protect the traffic with IPSec. | |||
| 2004-07-28 | pool(9) for rtentry and rttimer; similar to netbsd; ok mcbride, henning, pb | Markus Friedl | |
| 2004-07-22 | Add missing check for NULL in DIOCCHANGERULE. This prevents a crash in | Mathieu Sauve-Frankel | |
| certain rare cases. ok mcbride@ dhartmei@ | |||
| 2004-07-20 | KASSERT instead of assert. Gives smaller RAMDISKS. | Artur Grabowski | |
| 2004-07-17 | Repair breakage from the hackathon's time conversion. Using the timestamp | Mike Frantzen | |
| as an extension to the sequence number got disabled because of the failing idle limit on PAWS checks. One more thing off my todo list. I need an intern | |||
| 2004-07-16 | remove netiso shitz, millert ok | Henning Brauer | |
| 2004-07-13 | spelling; dlg | Theo de Raadt | |
| 2004-07-12 | remove PF_FORWARD (which was introduced by ipv6 reass-on-scrub). | Jun-ichiro itojun Hagino | |
| daniel found it. | |||
| 2004-07-11 | backout IPv6 reass-on-scrub patch (more work needs to be done). | Jun-ichiro itojun Hagino | |
| requested by deraadt | |||
| 2004-07-11 | Create the group when adding a dynamic interface that's not yet plugged in. | Ryan Thomas McBride | |
| ok henning@ | |||
| 2004-07-08 | Make 0/0 table entries work; also fix a problem setting the network mask | Ryan Thomas McBride | |
| on v6 addresses. Reported by Ilya A. Kovalenko, fix from Cedric Berger. | |||
| 2004-07-08 | Move carp_output() call to after mcopy of MAC address so the virtual address | Ryan Thomas McBride | |
| does not get overwritten. Report and fix from Chris Pascoe. | |||
| 2004-07-05 | KNF | Henning Brauer | |
| 2004-07-04 | remove the half-baked and bogus pfi_dynamic_drivers() which tries to guess | Henning Brauer | |
| which drivers are hotpluggable. since we removed the stupid check from pfctl a few days ago nothing relies on this any more. ok pb@ mcbride@ | |||
| 2004-07-03 | quick workaround until proper PF_FORWARD reass gets implemented. | Jun-ichiro itojun Hagino | |
| 2004-06-27 | Media support for the 802.11 framework, missing in that commit the other day. | Todd C. Miller | |
| 2004-06-26 | cleanup ioctl for ifgroups; ok pb@ | Markus Friedl | |
| 2004-06-26 | Add a table-driven implementation of ether_crc32_be(). | Christian Weisgerber | |
| From Seishi Hiragushi via FreeBSD PR kern/49957. Also, while we're here, make the loop counter size_t. ok mcbride@ | |||
| 2004-06-25 | introduce "interface groups" | Philipp Buehler | |
| by "ifconfig fxp0 group foobar" "ifconfig xl0 group foobar" these two interfaces are in one group. Every interface has its if-family as default group. idea/design from henning@, based on some work/disucssion from Joris Vink. henning@, mcbride@ ok. | |||
| 2004-06-25 | correct "scrub in" behavior for IPv6. | Jun-ichiro itojun Hagino | |
| remaining TODO: - "forward" case kernel behavior (IPv4 too), then pfctl syntax change - red-black tree | |||
| 2004-06-25 | re-introduce PF_INOUT and move PF_FORWARD def to the end. | Jun-ichiro itojun Hagino | |
| pfctl is assuming that the keyword == 0 in its parser! (see decl for "dir"). | |||
| 2004-06-25 | Add tap aka layer 2 tunneling support to tun(4). It can be enabled by setting | Claudio Jeker | |
| the link0 flag via ifconfig(8). OK markus@, canacar@ also tested by ish@ | |||
| 2004-06-25 | Minor fixes suggested by nordin@ and henning@ | Thorsten Lockert | |
| ok millert@ | |||
| 2004-06-25 | IPv6 reassembly on "scrub" directive. | Jun-ichiro itojun Hagino | |
| caveats: (to be addressed soon) - "scrub in" should queue fragments back into ip6intrq again, but somehow it does not happen - the packet is kept inside reass queue. need investigation - ip6_forwarding path is not tested - does not use red-black tree. somehow red-black tree behaved badly and was not robust. performance issue, the above one is more important. good things: - "scrub out" is perfectly ok - i think now we can inspect upper-layer protocol fields (tcp port) even if ip6 packet is fragmented. - reass queue will be cleaned up properly by timeout (60sec). we might want to impose pool limit as well | |||
| 2004-06-24 | KNF, cleanup, readability fixes... this hurt | Henning Brauer | |
| ok itojun claudio | |||
| 2004-06-24 | This moves access to wall and uptime variables in MI code, | Thorsten Lockert | |
| encapsulating all such access into wall-defined functions that makes sure locking is done as needed. It also cleans up some uses of wall time vs. uptime some places, but there is sure to be more of these needed as well, particularily in MD code. Also, many current calls to microtime() should probably be changed to getmicrotime(), or to the {,get}microuptime() versions. ok art@ deraadt@ aaron@ matthieu@ beck@ sturm@ millert@ others "Oh, that is not your problem!" from miod@ | |||
| 2004-06-23 | pfr_commit_ktable calls functions that can result in the current | Ryan Thomas McBride | |
| ktable being destroyed, which makes it unsafe in a SLIST_FOREACH. Fix from Chris Pascoe | |||
| 2004-06-22 | Import current NetBSD/FreeBSD 802.11 framework. | Todd C. Miller | |
| Based in part on a diff from Matthew Gream. | |||
| 2004-06-22 | Pull the plug on source-based routing until remaining bugs are eradicated. | Cedric Berger | |
| No need to reconfig kernel or rebuild userland stuff. requested deraadt@, help beck@ | |||
| 2004-06-22 | Unbreak previous commit ok markus@ | Can Erkin Acar | |
| 2004-06-22 | Add a new "filter drop" flag to bpf and related ioclts. | Can Erkin Acar | |
| When enabled, it notifies the calling interface that the packet matches a bpf filter and should be dropped. ok henning@ markus@ frantzen@ | |||
| 2004-06-22 | Don't use time-based random number generation | Thorsten Lockert | |
| ok millert@ deraadt@ | |||
| 2004-06-21 | First step towards more sane time handling in the kernel -- this changes | Thorsten Lockert | |
| things such that code that only need a second-resolution uptime or wall time, and used to get that from time.tv_secs or mono_time.tv_secs now get this from separate time_t globals time_second and time_uptime. ok art@ niklas@ nordin@ | |||
| 2004-06-21 | don't accept SADB_X_EXT_UDPENCAP if encapsulation is disabled; ok ho@ | Markus Friedl | |
| 2004-06-21 | move the IFF_UP check to bpfwrite; ok canacar@ | Markus Friedl | |
| 2004-06-21 | make it possble to use IPsec over link-local address (policy table uses | Jun-ichiro itojun Hagino | |
| sin6_scope_id, IPsec porion uses embedded form). beck ok | |||
| 2004-06-21 | Get rid of pf_test_eh() wrapper. | Ryan Thomas McBride | |
| ok cedric@ henning@ | |||
| 2004-06-21 | Don't use time for random starting value... "love it" deraadt@ | Thorsten Lockert | |
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |