| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2004-10-17 | Replace ifdef NATM with if NATM > 0 | Alexander Yurchenko | |
| ok millert@ miod@ | |||
| 2004-10-15 | correctly parse the anchor names to which tables refer. | Jared Yanovich | |
| now they abide to the same rules as anchor names referred to by rules: - initial slashes (/) are stripped - anchor names with characters after the terminating NUL byte are considered invalid ok dhartmei (and previously) beck henning | |||
| 2004-10-14 | avoid stupid commons | Michael Shalayeff | |
| 2004-10-11 | ifgroups reqrite | Henning Brauer | |
| there is now a TAILQ with all interface groups as members, and in struct ofnet there is only a pointer to the group structure stored and not its name. mostly hacked at c2k4 and somewhere over the atlantic ocean ok markus mcbride | |||
| 2004-10-09 | sizeof(struct ether_header) -> ETHER_HDR_LEN | Brad Smith | |
| ok mcbride@ | |||
| 2004-10-07 | Add an Ethernet option bit for master mode (for 1000baseT, the link | Brad Smith | |
| master provides the clock -- this is normally the switch, but if you are doing back-to-back NICs, you need to tell one side to be the master). ok mcbride@ | |||
| 2004-09-29 | reset anchor pointer to NULL when stepping back into the main ruleset, | Daniel Hartmeier | |
| fixes pflog attributing states wrongly to anchors and pfctl -vvsn/sr showing wrong state counters for anchor rules. found by camield@, ok henning@, -stable candidate | |||
| 2004-09-23 | - remove EVFILT_WRITE in bpfkqfilter() switch case, handled | Brad Smith | |
| by default label. - fill in kn_data with the number of bytes available, same behavior as FreeBSD/NetBSD. ok tedu@ | |||
| 2004-09-21 | Implement "no scrub" to allow exclusion of specific traffic from scrub rules. | Aaron Campbell | |
| First match wins, just like "no {binat,nat,rdr}". henning@, dhartmei@ ok | |||
| 2004-09-20 | pf_routable(), used for the no-route keyword, was a v4 only implementation, | Henning Brauer | |
| and behaved incorrectly when used with v6. impliment the v6 case too. ok canacar mcbride | |||
| 2004-09-17 | Clean up reference counting wrt state creation and destruction. Fixes | Ryan Thomas McBride | |
| problems with adaptive timeouts, max-states limits, and rules not being freed from memory. Diff from Chris Pascoe. ok henning@ dhartmei@ | |||
| 2004-09-16 | handle route labels on RTM_CHANGE, ok mcbride, prodded my markus some time ago | Henning Brauer | |
| 2004-09-16 | ewps, kill the src route prototypes. was sitting in my tree for ages but | Henning Brauer | |
| forgot to commit... | |||
| 2004-09-15 | Kill more netiso ghosts. | Alexander Yurchenko | |
| ok millert@ | |||
| 2004-09-14 | remove remaining unused traces from src route | Henning Brauer | |
| 2004-09-12 | Return the most common data link type instead of the first match for an | Claudio Jeker | |
| interface. Where the most common DLT is the one with the smallest id. This fixes tcpdump for atw(4) that attaches multiple bpf hooks. Tested: millert@, Sigfred Haversen, otto@, mcbride@, sturm@, krw@, Steve Shockley OK millert@ deraadt@ | |||
| 2004-09-09 | Copy out anchors with relative paths and wildcards correctly, | Daniel Hartmeier | |
| from jaredy@, ok henning@, mcbride@, deraadt@ | |||
| 2004-08-30 | Increment the states reference counter in the rule attached to the state | Ryan Thomas McBride | |
| being inserted, so that the counter does not wrap back when the state is removed. This fixes pfsync setups with adaptive timeouts. From Chris Pascoe ok canacar@ dhartmei@ henning@ deraadt@ | |||
| 2004-08-18 | fix bad packets passed to bpf from the gre(4) interface. | Can Erkin Acar | |
| reported by Robert Stone ( robert at arbor net ) via PR 3852 This is a different fix since gre(4) may carry non-ip packets. tested by Robert Stone and markus@ ok markus@ deraadt@ | |||
| 2004-08-18 | skip splx() for skiplookup; report Vafa D. Izadinia; ok henning, canacar | Markus Friedl | |
| 2004-08-15 | undo last commit, skipping over ifaddrs without IFA_ROUTE has unwanted | Henning Brauer | |
| sideffects in IPv6 land, noticed by Johan Fredin <griffin@legonet.org> | |||
| 2004-08-11 | skip over interface addresses without IFA_ROUTE, fixes some issue with pppd | Henning Brauer | |
| from Max Laier <max@love2party.net> | |||
| 2004-08-10 | Add SADB_X_EXT_LIFETIME_LASTUSE for use with isakmpd/DPD, adding this | Hakan Olsson | |
| extends the bitmap to 64bits. Also repair SADB_GET. hshoexer@ ok. | |||
| 2004-08-10 | when inserting a dynamic group entry into the pfi_ifs tree, don't incorrectly | David Gwynne | |
| create an interface entry with the same name. Prevents panics due to subsequent invalid refcounting. from Chris Pascoe ok dhartmei@ henning@ | |||
| 2004-08-09 | Change static functions to be non-static, for better backtraces. | Otto Moerbeek | |
| ok krw@ henning@ | |||
| 2004-08-08 | Zero route info structure in rtredirect(), avoiding a panic on label | Otto Moerbeek | |
| copy. ok millert@ deraadt@ henning@ | |||
| 2004-08-03 | the rest of the '#if DIAGNOSTIC' -> '#ifdef DIAGNOSTIC' in the kernel; ok miod@ | Todd T. Fries | |
| 2004-08-03 | introduce route labels, allowing for up to 32 bytes of info to be attached | Henning Brauer | |
| to a route. the label is sent over the routing socket wrapped into a new struct sockaddr_rtlabel, allowing for handling it like any other sockaddr. struct rtentry only contains a (16 bit) label-ID, with the actual labels kept outside the routing table. ID allocator code inspired by my own code for altq and pf tags. mostly hacked at the c2k4 hackathon, markus ok | |||
| 2004-08-03 | Allow a unicast ip address to be specified for pfsync to send it's state | Ryan Thomas McBride | |
| updates to; this allows pairs of pfsync firewalls to protect the traffic with IPSec. | |||
| 2004-07-28 | pool(9) for rtentry and rttimer; similar to netbsd; ok mcbride, henning, pb | Markus Friedl | |
| 2004-07-22 | Add missing check for NULL in DIOCCHANGERULE. This prevents a crash in | Mathieu Sauve-Frankel | |
| certain rare cases. ok mcbride@ dhartmei@ | |||
| 2004-07-20 | KASSERT instead of assert. Gives smaller RAMDISKS. | Artur Grabowski | |
| 2004-07-17 | Repair breakage from the hackathon's time conversion. Using the timestamp | Mike Frantzen | |
| as an extension to the sequence number got disabled because of the failing idle limit on PAWS checks. One more thing off my todo list. I need an intern | |||
| 2004-07-16 | remove netiso shitz, millert ok | Henning Brauer | |
| 2004-07-13 | spelling; dlg | Theo de Raadt | |
| 2004-07-12 | remove PF_FORWARD (which was introduced by ipv6 reass-on-scrub). | Jun-ichiro itojun Hagino | |
| daniel found it. | |||
| 2004-07-11 | backout IPv6 reass-on-scrub patch (more work needs to be done). | Jun-ichiro itojun Hagino | |
| requested by deraadt | |||
| 2004-07-11 | Create the group when adding a dynamic interface that's not yet plugged in. | Ryan Thomas McBride | |
| ok henning@ | |||
| 2004-07-08 | Make 0/0 table entries work; also fix a problem setting the network mask | Ryan Thomas McBride | |
| on v6 addresses. Reported by Ilya A. Kovalenko, fix from Cedric Berger. | |||
| 2004-07-08 | Move carp_output() call to after mcopy of MAC address so the virtual address | Ryan Thomas McBride | |
| does not get overwritten. Report and fix from Chris Pascoe. | |||
| 2004-07-05 | KNF | Henning Brauer | |
| 2004-07-04 | remove the half-baked and bogus pfi_dynamic_drivers() which tries to guess | Henning Brauer | |
| which drivers are hotpluggable. since we removed the stupid check from pfctl a few days ago nothing relies on this any more. ok pb@ mcbride@ | |||
| 2004-07-03 | quick workaround until proper PF_FORWARD reass gets implemented. | Jun-ichiro itojun Hagino | |
| 2004-06-27 | Media support for the 802.11 framework, missing in that commit the other day. | Todd C. Miller | |
| 2004-06-26 | cleanup ioctl for ifgroups; ok pb@ | Markus Friedl | |
| 2004-06-26 | Add a table-driven implementation of ether_crc32_be(). | Christian Weisgerber | |
| From Seishi Hiragushi via FreeBSD PR kern/49957. Also, while we're here, make the loop counter size_t. ok mcbride@ | |||
| 2004-06-25 | introduce "interface groups" | Philipp Buehler | |
| by "ifconfig fxp0 group foobar" "ifconfig xl0 group foobar" these two interfaces are in one group. Every interface has its if-family as default group. idea/design from henning@, based on some work/disucssion from Joris Vink. henning@, mcbride@ ok. | |||
| 2004-06-25 | correct "scrub in" behavior for IPv6. | Jun-ichiro itojun Hagino | |
| remaining TODO: - "forward" case kernel behavior (IPv4 too), then pfctl syntax change - red-black tree | |||
| 2004-06-25 | re-introduce PF_INOUT and move PF_FORWARD def to the end. | Jun-ichiro itojun Hagino | |
| pfctl is assuming that the keyword == 0 in its parser! (see decl for "dir"). | |||
| 2004-06-25 | Add tap aka layer 2 tunneling support to tun(4). It can be enabled by setting | Claudio Jeker | |
| the link0 flag via ifconfig(8). OK markus@, canacar@ also tested by ish@ | |||
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |