| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2001-11-06 | Replace inclusion of <vm/foo.h> with the correct <uvm/bar.h> when necessary. | Miod Vallat | |
| (Look ma, I might have broken the tree) | |||
| 2001-11-06 | Use #defines for skip step values. From dgregor@net.ohio-state.edu. | Daniel Hartmeier | |
| 2001-10-24 | Reset states counter when clearing states. | Daniel Hartmeier | |
| 2001-10-17 | make sure we use same key for removal (AF_INET was missing), ok deraadt@, ↵ | Markus Friedl | |
| dhartmei@ reported buy wizz@mniam.net | |||
| 2001-10-15 | Add 'allow-opts' to rules. Packets with IP options will be blocked by | Daniel Hartmeier | |
| default now, and can be allowed per rule. ok deraadt@ | |||
| 2001-10-13 | Patch from Ryan McBride, fixes IPv6 return-rst problem, found by | Daniel Hartmeier | |
| Todd Fries. ok deraadt@ | |||
| 2001-10-07 | fixes pr/2105 | Niels Provos | |
| 2001-10-05 | Fix bug in if_vlan which could cause crashes in timeouts and 'ifconfig -a' | Dale Rahn | |
| ok niklas@ | |||
| 2001-10-03 | M_WAIT in ether_output is wrong. Fix APPLETALK stuff. | Artur Grabowski | |
| 2001-10-02 | change timeval to bpf_timeval; 32 bit in size, permitting much greater ↵ | Theo de Raadt | |
| portability | |||
| 2001-10-02 | Convert ip_off of the inner IP header to host order in pf_test_state_icmp(). | Daniel Hartmeier | |
| Some of the IP header fields are already converted by ip_input.c (including ip_off), but of course not for inner headers of ICMP packets. The other fields which are left in network order are ok. This broke state search for any ICMP error message who referred to an IP header with the DF flag set, hence any ICMP_UNREACH_NEEDFRAG message. Found by Andreas Gunnarsson <andreas@crt.se>. Thank you. | |||
| 2001-10-01 | Make number of vlan interfaces configurable from UKC. | Niklas Hallqvist | |
| ok jason@, chris@, deraadt@ | |||
| 2001-09-30 | Tune TCP fsm (99.7% - 99.9% accuracy over 1e6 connections) | Mike Frantzen | |
| 2001-09-27 | The skip steps array was one element short (since adding steps for af). | Daniel Hartmeier | |
| This invoked undefined behaviour under the proper circumstances. | |||
| 2001-09-27 | switch without break. This caused the 'ICMP too short' messages, since | Daniel Hartmeier | |
| both IPv4 and IPv6 cases were executed. 'switch considered harmful'. | |||
| 2001-09-27 | Fix th_ack calculation in pf_send_reset(). return-rst didn't work since | Daniel Hartmeier | |
| 1.150 (at least for IPv4). | |||
| 2001-09-23 | ipxintr was missing | Michael Shalayeff | |
| 2001-09-23 | Bump up the tcp half closed timeout (single FIN) to an hour | Mike Frantzen | |
| 2001-09-21 | Fix natlook (broke ftp-proxy) and a memory leak. | Daniel Hartmeier | |
| From Ryan McBride. | |||
| 2001-09-20 | document why we use random() | Theo de Raadt | |
| 2001-09-20 | occured->occurred | Mike Pechkin | |
| idea from deraadt@ via NetBSD millert@ ok | |||
| 2001-09-20 | the use of arc4random() in ether_ifattach() is wrong as randomattach() | Peter Galbavy | |
| has not yet been called at this point. replace arc4random() with the more mundae random()&0xff as the use of a strong PRNG is not need here, where this code just helps fix up broken MAC addresses anyway now to find the real problem with my sis(4) LAN interface... ok'd by jason@ | |||
| 2001-09-19 | Patch from Ryan McBride. Compile without INET6, remove unnecessary | Daniel Hartmeier | |
| rewrite++. | |||
| 2001-09-17 | icmpv6 nat fix, from Ryan McBride | Daniel Hartmeier | |
| 2001-09-16 | Add some missing lengths checks when passing data from userland to | Todd C. Miller | |
| kernel. From based on NetBSD patches. | |||
| 2001-09-15 | The inner protocol of IPv4 ICMP error messages was ignored, leading to | Daniel Hartmeier | |
| 'ICMP error message for bad proto' messages and breaking traceroute etc. Please increase debugging level (pfctl -x m) while testing. | |||
| 2001-09-15 | Revert the sleep priority to something more sane | Mike Frantzen | |
| (the previous priority didn't help performance in tests on a hacked up BPF and it weighed down the load average) | |||
| 2001-09-15 | Don't use m_pkthdr.rcvif in pflog_packet(), it doesn't work for outgoing | Daniel Hartmeier | |
| packets and is obviously invalid (and not NULL) for IPv6 packets (hence crashed). Pass ifp down instead. sizeof(ih) instead of sizeof(&ih) for pf_pull_hdr() from pf_test6(). | |||
| 2001-09-15 | IPv6 support from Ryan McBride (mcbride@countersiege.com) | Mike Frantzen | |
| 2001-09-14 | binat non icmp/udp/tcp protocols as well; ok dhartmei@ | jasoni | |
| 2001-09-11 | Undo BINAT translation when blocking with return-rst/-icmp. | Daniel Hartmeier | |
| Translate at most once. From Ryan McBride. | |||
| 2001-09-08 | initialize variable and more careful bounts checking; okay frantzen@ | Niels Provos | |
| 2001-09-06 | Reflect skip step changes. Spotted by Ryan McBride. | Daniel Hartmeier | |
| 2001-09-06 | 1:1 bidrectional NAT (binat); ok dhartmei@ and frantzen@ | jasoni | |
| 2001-09-05 | Handle uh_sum == 0x0000 correctly. Before, UDP packet checksums were | Daniel Hartmeier | |
| broken by NAT/RDR when unset by the sender. Fixes ntpdate behind NAT. | |||
| 2001-09-05 | s/pf_natlook/pfioc_natlook (ioctl parameter struct) | Daniel Hartmeier | |
| 2001-09-04 | Add skip steps for interface (ifp). | Daniel Hartmeier | |
| 2001-09-04 | #define empty PFLOG_PACKET correctly (no side effects). Closes PR2044. | Daniel Hartmeier | |
| From Claus Assmann. | |||
| 2001-09-01 | Inherit baudrate from parent. Now MRTG will show vlan interfaces ;) | Chris Cappuccio | |
| 2001-08-31 | Forgot to commit frag expire tuning before | Mike Frantzen | |
| Check for a short ip_hl. Could have caused proto headers to overlap IP header. | |||
| 2001-08-28 | Add new ioctls to securelevel check, from Can Erkin Acar | Daniel Hartmeier | |
| <canacar@eee.metu.edu.tr> | |||
| 2001-08-28 | Bump state timeouts and allow tweaking them from pfctl. | Mike Frantzen | |
| (The state timeouts need some _serious_ tuning) | |||
| 2001-08-26 | 2nd uninitialized variable that bit me today | Niklas Hallqvist | |
| 2001-08-25 | PF ISN randomization. Or in trekkie techno-babble, ISN phase modulation. | Mike Frantzen | |
| 2001-08-22 | Correct the setup of the intial TCP state window and pre-validate th_ack | Mike Frantzen | |
| on an FIN|ACK close if the client has never responded. | |||
| 2001-08-22 | Fix panic in pf (was my fault) caused by a bad key compare optimization | Mike Frantzen | |
| Add debug output to track loose state matches | |||
| 2001-08-21 | KNF | Theo de Raadt | |
| 2001-08-21 | cut/pasto in rule flushing code (using wrong list); base on patch from Henk ↵ | Jason Wright | |
| van Lingen <henk@vanlingen.net> | |||
| 2001-08-21 | Add support for SIOCADDMULTI & SIOCDELMULTI; NetBSD | brian | |
| 2001-08-21 | Pass closing TCP connections through looser state machine (handle Solaris' | Mike Frantzen | |
| stupid spurious ACK|FINs after a close) | |||
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |