| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2002-09-15 | Make compile with -Werror (unused vars warnings) | Niklas Hallqvist | |
| 2002-09-13 | Paul Mackerras and the Australian National University have worked things | Theo de Raadt | |
| out, and as a result, Paul now owns copyright on all these files, with the proper terms. | |||
| 2002-09-11 | KNF - return is not a function. | Jun-ichiro itojun Hagino | |
| 2002-08-28 | Fix a problem where passing NULL as a pointer with varargs does not promote | Per Fogelstrom | |
| NULL to full 64 bits on a 64 bit address system. Soultion is to add a (void *) cast before NULL. This makes a 64 bit MIPS kernel work and will probably help future 64 bit ports as well. OK from art@ | |||
| 2002-08-12 | Use state tree instead of separate (flat) list to find NAT proxy ports, | Daniel Hartmeier | |
| allows to use the same proxy port with different external peers. From Ryan McBride | |||
| 2002-08-08 | th_flags doesn't have to be equal to TH_SYN to generate modulator, it's | Daniel Hartmeier | |
| sufficient if TH_SYN is set and TH_ACK is unset, ignore TH_ECN etc. ok frantzen@ | |||
| 2002-08-07 | consistently check byte order of ether_type; pointed out by dhartmei | Jason Wright | |
| 2002-07-31 | fix potential NULL pointer deref. From: tedu <grendel@zeitbombe.org> | Jun-ichiro itojun Hagino | |
| 2002-07-30 | no need for check if m0 is NULL, as we have touched it already. | Jun-ichiro itojun Hagino | |
| From: tedu <grendel@zeitbombe.org> | |||
| 2002-07-24 | Use host order when adding packet size to interface statistics counter. | Daniel Hartmeier | |
| Only affects pfctl -si output for IPv6. And some whitespace KNF. | |||
| 2002-07-18 | make it compile by removing unused local vars | Michael Shalayeff | |
| 2002-07-17 | Don't dereference freed memory. | Artur Grabowski | |
| 2002-07-15 | add u_int8_t ifnot to struct pf_rule to support matching packets on any | Henning Brauer | |
| interface except the given one. adjust the pf_test_* functions and pf_skip_step accordingly. ok dhartmei@ | |||
| 2002-07-15 | remove duplicated interface check in test_icmp | Henning Brauer | |
| ok dhartmei@ | |||
| 2002-07-12 | Remove duplicate function declarations (they are in pfvar.h). | Artur Grabowski | |
| 2002-07-11 | KNF. | Artur Grabowski | |
| From Lurene Angela Grenier <lurene@daemonkitty.net> | |||
| 2002-07-10 | let IPv6 fragment go through based on normal rulesets. | Jun-ichiro itojun Hagino | |
| TODO: sort-of normalization against fragments for inspection ok dhartmei@ | |||
| 2002-07-05 | fix a small bug I found while installing a -current pf firewall at a | Henning Brauer | |
| client some days ago: if you had a rulefile with "set loginterface <interface>" and loaded through pfctl -e -f /etc/pf.conf, pfctl -si didn't display the interface stats, because on DIOCSTART pf_status.ifname was cleared and enableing is done after loading the ruleset. similar for DIOCCLRSTATUS, remember pf_status.ifname there as well. added feature: On DIOCSETSTATUSIF unset the statusinterface if pi->ifname is empty. ok dhartmei@ | |||
| 2002-07-03 | Change all variables definitions (int foo) in sys/sys/*.h to variable | Miod Vallat | |
| declarations (extern int foo), and compensate in the appropriate locations. | |||
| 2002-07-03 | fix a null deref in sysctl_iflist() | Michael Shalayeff | |
| 2002-07-02 | make it compile w/ ipsec and no pf ; smth that was left for homework | Michael Shalayeff | |
| 2002-07-02 | inital -> initial | Nathan Binkert | |
| 2002-07-01 | Fix really long standing bug with fetching address cache entries: | Jason Wright | |
| handle ifbac_len == 0 as per the man page; Benny Holmgren <bigfoot@astrakan.hig.se> | |||
| 2002-07-01 | license update of CMU parts. due to communication with wcw+@andrew.cmu.edu, | Theo de Raadt | |
| pushed for by tygs@netcologne.de. Apparently we also now known how to talk to the lawyers there, if we were so mad. Note that a few other copyright issues in pppd still remain, so this does not close this story. | |||
| 2002-06-30 | Fix fallout from recent changes. | Artur Grabowski | |
| 2002-06-30 | allocate sockaddr_dl for ifnet in if_alloc_sadl(), as we don't always know | Jun-ichiro itojun Hagino | |
| the size of sockaddr_dl on if_attach() - for instance, see ether_ifattach(). from netbsd. fgs ok | |||
| 2002-06-28 | KNF | Theo de Raadt | |
| 2002-06-25 | add ARP hardware type for IEEE1394 | Jun-ichiro itojun Hagino | |
| 2002-06-24 | KNF | Jun-ichiro itojun Hagino | |
| 2002-06-23 | g/c last remains of old ipv6 prefix management | Jun-ichiro itojun Hagino | |
| 2002-06-19 | this was derived from UCB if_sl. therefore, we can update the UCB if_sl | Theo de Raadt | |
| copyright contained in this. a license problem remains, of course... | |||
| 2002-06-16 | Missing braces around else case, fixes a kernel crash introduced in r1.5 if | Aaron Campbell | |
| a non-existent interface is passed to "pfctl -l". Reported by grange@disorder.ru. | |||
| 2002-06-15 | unnecessary () on cast | Jason Wright | |
| 2002-06-15 | Transparent IPsec processing on the bridge; for now works only with | Angelos D. Keromytis | |
| static keys. | |||
| 2002-06-14 | spelling; from Brian Poole <raj@cerias.purdue.edu> | Todd T. Fries | |
| 2002-06-12 | import of netbsd's vlan multicast code | Chris Cappuccio | |
| this works better than what we have now, although i have not been able to extensively test it. several folks thought it should be added | |||
| 2002-06-11 | split the grammar of scrub(fragcache) into scrub ... 'fragment reassemble', | Mike Frantzen | |
| 'fragment crop' or a new 'fragment drop-ovl' which will drop overlapping fragments and all corresponding ones ok kjell@ with feedback from kjell@ and deraadt@. the rest are slacking | |||
| 2002-06-11 | sprinkle splasserts where function comments tell us to. | Artur Grabowski | |
| 2002-06-11 | splassert(IPL_NET) where comment says that we should. | Artur Grabowski | |
| 2002-06-11 | splassert(IPL_SOFTNET) where comment indicate that. | Artur Grabowski | |
| 2002-06-11 | KNF (tabs, return (x)) | Daniel Hartmeier | |
| 2002-06-11 | enumerate UDP and OTHER state levels (similar to tcp_fsm.h) | Mike Frantzen | |
| ok dhartmei@, henning@ | |||
| 2002-06-11 | SCRUB(fragcache) to do gap tracking and overlap pruning of IPv4 fragments | Mike Frantzen | |
| without the memory overhead of the conventional defrag in SCRUB ok dhartmei@, idea by deraadt@ | |||
| 2002-06-11 | Make NAT proxy port range configurable per rule, for instance privileged | Daniel Hartmeier | |
| source ports can mapped to privileged proxy ports, or source port 500 to proxy port 500. ok frantzen@ | |||
| 2002-06-11 | Don't panic when pf_insert_state() detects an attempt to insert a | Daniel Hartmeier | |
| duplicate key. Instead, log according to log level and return gracefully. ok frantzen@ | |||
| 2002-06-11 | KNF return x -> return (x), ok frantzen@ | Daniel Hartmeier | |
| 2002-06-11 | rework pfctl statistics display | Henning Brauer | |
| move FCNT_NAMES from pfvar.h to pfctl_parser.h, only used by pfctl some input by nick@ ok frantzen@, dhartmei@ | |||
| 2002-06-10 | - stop abusing IFF_UP. | Jun-ichiro itojun Hagino | |
| - do not use L3 address pair for L2.5 address pair. configure L2.5 address pair by using "ifconfig tunnel". - IFF_LINK2 is not needed, as it is just a reverse of IFF_LINK0. - do not modify IFF_LINK1 when you modify protocol type. chris ok | |||
| 2002-06-10 | Split common code which converts a multicast address to an ethernet | Chris Cappuccio | |
| address from ether_addmulti() and ether_delmulti() into ether_multiaddr(), a'la netbsd. Also clean up some magic numbers. itojun likes it | |||
| 2002-06-10 | Allow ports to be specified in nat rules, useful later on for individual | Daniel Hartmeier | |
| proxy port ranges. | |||
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |