| Age | Commit message (Collapse) | Author |
|---|
|
|
|
ok otto jsg henning pat markus deraadt fgs
|
|
ok canacar markus millert
|
|
as for the ports, i could only find one. if there are more, they will be
fixed in the tree as discussed with peter.
deraadt@ pvalchev@ ok.
|
|
|
|
Initial porting from NetBSD by David Berghoff.
Modified/simplified to match our sppp implementation.
ok deraadt@
|
|
and use sysctl for 'ipsecadm show'; ok deraadt
|
|
'binat from ... to ... -> (if)' are used, where the interface
is dynamic. reported by kos(at)bastard(dot)net, analyzed by
Pyun YongHyeon
|
|
reported by Joerg Sonnenberger, ok henning@
|
|
ok myself markus@
|
|
|
|
- Add a new PFSTATE_STALE flag to uncompressed state updates sent as a result
of a stale state being detected, and prevent updates with this flag from
generating similar messages.
- For the specific case where the state->src in the recieved update is ok but
the state.dst is not, take the partial update, then "fail" to let the other
peers pick up the better data that we have. From Chris Pascoe.
ok dhartmei@
|
|
for ACKs. It should filter the ACK replayed to the server, instead of
of the one to the client. Thanks to Daniel Polak for testing.
|
|
ok henning, markus.
|
|
ok millert@
|
|
|
|
from "Alexey E. Suslikov" <cruel@texnika.com.ua> with a little help from itojun
|
|
th_flags TH_ACK and leave th_ack 0, just like the RST generated by
the stack in this case. Fixes the Raptor workaround. ok beck@, markus@
|
|
mode (set mode for multi-mode interfaces) and chan (set the radio channel).
some additional output will be printed by "ifconfig -m".
ok deraadt@ millert@ damien@
|
|
|
|
of hiding under IFT_PROPVIRTUAL, ryan daniel ok
|
|
ok millert@ miod@
|
|
now they abide to the same rules as anchor names referred to by rules:
- initial slashes (/) are stripped
- anchor names with characters after the terminating NUL byte are
considered invalid
ok dhartmei (and previously) beck henning
|
|
|
|
there is now a TAILQ with all interface groups as members, and
in struct ofnet there is only a pointer to the group structure stored
and not its name.
mostly hacked at c2k4 and somewhere over the atlantic ocean
ok markus mcbride
|
|
ok mcbride@
|
|
master provides the clock -- this is normally the switch, but if you
are doing back-to-back NICs, you need to tell one side to be the master).
ok mcbride@
|
|
fixes pflog attributing states wrongly to anchors and pfctl -vvsn/sr
showing wrong state counters for anchor rules. found by camield@,
ok henning@, -stable candidate
|
|
by default label.
- fill in kn_data with the number of bytes available, same
behavior as FreeBSD/NetBSD.
ok tedu@
|
|
First match wins, just like "no {binat,nat,rdr}". henning@, dhartmei@ ok
|
|
and behaved incorrectly when used with v6. impliment the v6 case too.
ok canacar mcbride
|
|
problems with adaptive timeouts, max-states limits, and rules not being
freed from memory.
Diff from Chris Pascoe.
ok henning@ dhartmei@
|
|
|
|
forgot to commit...
|
|
ok millert@
|
|
|
|
interface. Where the most common DLT is the one with the smallest id.
This fixes tcpdump for atw(4) that attaches multiple bpf hooks.
Tested: millert@, Sigfred Haversen, otto@, mcbride@, sturm@, krw@,
Steve Shockley
OK millert@ deraadt@
|
|
from jaredy@, ok henning@, mcbride@, deraadt@
|
|
being inserted, so that the counter does not wrap back when the state
is removed. This fixes pfsync setups with adaptive timeouts.
From Chris Pascoe
ok canacar@ dhartmei@ henning@ deraadt@
|
|
reported by Robert Stone ( robert at arbor net ) via PR 3852
This is a different fix since gre(4) may carry non-ip packets.
tested by Robert Stone and markus@ ok markus@ deraadt@
|
|
|
|
sideffects in IPv6 land, noticed by Johan Fredin <griffin@legonet.org>
|
|
from Max Laier <max@love2party.net>
|
|
extends the bitmap to 64bits. Also repair SADB_GET. hshoexer@ ok.
|
|
create an interface entry with the same name. Prevents panics due to
subsequent invalid refcounting.
from Chris Pascoe
ok dhartmei@ henning@
|
|
ok krw@ henning@
|
|
copy.
ok millert@ deraadt@ henning@
|
|
|
|
to a route.
the label is sent over the routing socket wrapped into a new
struct sockaddr_rtlabel, allowing for handling it like any other sockaddr.
struct rtentry only contains a (16 bit) label-ID, with the actual labels
kept outside the routing table.
ID allocator code inspired by my own code for altq and pf tags.
mostly hacked at the c2k4 hackathon, markus ok
|
|
updates to; this allows pairs of pfsync firewalls to protect the traffic
with IPSec.
|
