| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2002-04-24 | Add dynamic (in-kernel) interface name -> address translation. Instead of | Daniel Hartmeier | |
| using just the interface name instead of an address and reloading the rule set whenever the interface changes its address, the interface name can be put in parentheses, and the kernel will keep track of changes and update rules. There is no additional cost for evaluating rules (per packet), the cost occurs when an interface changes address (and the rules are traversed and updated where necessary). | |||
| 2002-04-24 | Initialize if_addrhooks in if_attachhead() like in if_attach(), either | Daniel Hartmeier | |
| one may be called. | |||
| 2002-04-24 | Add hooks to struct ifnet that allow to register callbacks that will be | Daniel Hartmeier | |
| notified of interface address changes. ok provos@, angelos@ | |||
| 2002-04-23 | Allow explicit filtering of fragments when they are not reassembled. | Daniel Hartmeier | |
| Document fragment handling in the man page. Short version: if you're scrubbing everything (as is recommended, in general), nothing changes. If you want to deal with fragments manually, read the man page. ok frantzen. | |||
| 2002-04-20 | Move normalization messages from log level 'urgent' to 'misc'. | Daniel Hartmeier | |
| 2002-04-20 | All calls to pool_get(9) should use PR_xx flags, not M_xx. | Federico G. Schwindt | |
| millert dhartmei ok. | |||
| 2002-04-10 | o Add ibss and ibss-master mediaopt for ifconfig | Todd C. Miller | |
| o Map port type 4 to ibss regardless of firmware type. This gives us a consistent way to set ibss mode. | |||
| 2002-04-08 | Credit DARPA/USAF appropriately. | Jason Wright | |
| 2002-04-03 | WCCP sysctl variable -- ok deraadt@ niklas@ | Angelos D. Keromytis | |
| 2002-03-31 | Use ip_defttl as ttl for return-rst instead of an arbitrary hardcoded | Daniel Hartmeier | |
| value (128). This matches the stack's default setting and honours sysctl net.inet.ip.ttl, making RSTs generated by pf harder to distinguish from RSTs sent by the real destination. | |||
| 2002-03-30 | Initialize sequence number high limit from 1 to the real value with the | Daniel Hartmeier | |
| first packet. ok frantzen@ | |||
| 2002-03-28 | some BITS defs for %b | Michael Shalayeff | |
| 2002-03-28 | i forgot these for if_wi | Michael Shalayeff | |
| 2002-03-27 | implement a "no-route" keyword. | Michael Shalayeff | |
| usage semantics are analogous w/ "any", meaning is "any ip address for which there is no route in the current routing table", could be used in both from and to. typical usage would be (assuming symmetrical routing): block in from no-route to any also doc "any" in the pf.conf.5, include in regress, etc. tested by me on i386 and sparc. dhartmei@ and frantzen@ ok | |||
| 2002-03-26 | Change default logging level from none to urgent. Should never print | Daniel Hartmeier | |
| anything, and if it does, it should be reported. | |||
| 2002-03-25 | Ignore 'keep state' for ICMP errors whose inner headers mismatch state | Daniel Hartmeier | |
| but are passed by rules. Found by Henning Brauer. | |||
| 2002-03-25 | add ioctl DIOCKILLSTATES to shootdown a subset of the state table. allows | Mike Frantzen | |
| discrimination on src/dst ips and netmask, src/dst port range and protocol. ok dhartmei@ | |||
| 2002-03-24 | deref of NULL in out of mbuf situation, ok jason@ | Niklas Hallqvist | |
| 2002-03-18 | filter ipv6 on the bridge. | jasoni | |
| - ok jason@ | |||
| 2002-03-15 | Kill #if __STDC__ used to do K&R vs. ANSI varargs/stdarg; just do things | Todd C. Miller | |
| the ANSI way. | |||
| 2002-03-15 | Cosmetic changes only, primarily making comments line up nicely after the | Todd C. Miller | |
| __P removal. | |||
| 2002-03-14 | Final __P removal plus some cosmetic fixups | Todd C. Miller | |
| 2002-03-14 | First round of __P removal in sys | Todd C. Miller | |
| 2002-03-12 | sync with KAME | Kenjiro Cho | |
| ALTQify more drivers. ok millert@ | |||
| 2002-03-08 | Fix arc4random() usage; add more randomness to pf_get_sport(). | Mike Pechkin | |
| dhartmei@, provos@ ok | |||
| 2002-03-03 | Fix crashes associated with SADB_GET/SADB_DUMP --- memory was not | Angelos D. Keromytis | |
| allocated on outgoing message for encryption/authentication keys --- from umaraghunath@hotmail.com | |||
| 2002-02-26 | Add optional pool memory hard limits, mainly as temporary solution | Daniel Hartmeier | |
| until pool exhaustion causes problems no more. | |||
| 2002-02-25 | Change timeouts from microtime() to time.tv_sec like in pf.c, | Daniel Hartmeier | |
| initialize fr_timeout, free frent in pf_reassemble() when it's not inserted into a frag. ok provos@ | |||
| 2002-02-23 | SRC prefix is not required for some operations. | Angelos D. Keromytis | |
| 2002-02-23 | Pools that are only used in the ioctls can use the nointr allocator. | Artur Grabowski | |
| 2002-02-22 | IEEE80211_NWKEY_* flags; from netbsd | Michael Shalayeff | |
| 2002-02-21 | Correctly initialize the compression case. | Angelos D. Keromytis | |
| 2002-02-17 | Calculate IP checksum and copyback modified headers before logging a | Daniel Hartmeier | |
| packet. Closes PR2402. Note that checksums were only wrong in the logged packet, packets that were passed got a valid checksum anyway. | |||
| 2002-02-15 | pf only uses seconds for time measuring. There is no need to call microtime | Artur Grabowski | |
| on every packet. Use time.tv_sec to get seconds. In the places where it seemed to matter, make sure that time doesn't change under our feet. And it's really unnecessary to do a test on every packet when the test will only fire once every 10 seconds. That's a real waste of time, that's what we have timeouts for. ok frantzen@ | |||
| 2002-02-14 | Reorder struct pf_pdesc members, saves 8 bytes. | Daniel Hartmeier | |
| 2002-02-14 | KNF | Theo de Raadt | |
| 2002-02-14 | Add skip steps for rule action (pass/block vs. scrub) and direction | Daniel Hartmeier | |
| (in vs. out). This speeds up rule set evaluation considerably, because the rules set used to be linearly traversed (even twice) when looking for scrub rules. Ok frantzen@, deraadt@ | |||
| 2002-02-14 | If helps to loop over the correct variable *sigh* | Jason Wright | |
| 2002-02-13 | Be -really- careful not to modify the payload when replacing the ethernet | Jason Wright | |
| header with the 802.1Q header. The reason for this is if_vlan is called by the bridge (via if_start). It cannot modify the mbuf because it might be shared copy. | |||
| 2002-02-13 | sync with KAME. | Kenjiro Cho | |
| make altq actually work with kernl ppp. add if_start for the altq case to kick transmission. don't call ppp_restart() to prevent useless interrupt loop under rate-limiting. | |||
| 2002-02-11 | Remove unused function prototype, from Jason Ish | Daniel Hartmeier | |
| 2002-02-11 | Remove ancient comment regarding memcmp(), from Jason Ish | Daniel Hartmeier | |
| 2002-02-07 | bridge_output() needs a forcibly aligned copy just like bridge_broadcast() | Jason Wright | |
| because of calls it makes to altq; thanks to art for testing and kjc for pointing that I forgot this case. | |||
| 2002-02-07 | Quiet down an annoying message in altq_etherclassify. | Artur Grabowski | |
| 2002-01-23 | compatability -> compatibility. | Federico G. Schwindt | |
| 2002-01-23 | Back out part of last commit, it causes memory to be freed prematurely | Todd C. Miller | |
| in this version of the zlib code; from Wayne Meissner | |||
| 2002-01-23 | It looks like there has been one crack smoking and a few cut and pastes. | Artur Grabowski | |
| PR_FREEHEADER should not be set in pool_init by the caller. It shouldn't be set in pool_init at all. Besides, it's going away soon anyway. | |||
| 2002-01-23 | Pool deals fairly well with physical memory shortage, but it doesn't deal | Artur Grabowski | |
| well (not at all) with shortages of the vm_map where the pages are mapped (usually kmem_map). Try to deal with it: - group all information the backend allocator for a pool in a separate struct. The pool will only have a pointer to that struct. - change the pool_init API to reflect that. - link all pools allocating from the same allocator on a linked list. - Since an allocator is responsible to wait for physical memory it will only fail (waitok) when it runs out of its backing vm_map, carefully drain pools using the same allocator so that va space is freed. (see comments in code for caveats and details). - change pool_reclaim to return if it actually succeeded to free some memory, use that information to make draining easier and more efficient. - get rid of PR_URGENT, noone uses it. | |||
| 2002-01-18 | Fix some zlib memory leaks, originally from Mark Adler | Todd C. Miller | |
| 2002-01-12 | - Only apply fastroute and route-to if we are going in the same | jasoni | |
| direction as the rule. - ok dhartmei@ | |||
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |