| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2001-12-13 | remove redundant #if NPF. ok jason@ | jasoni | |
| 2001-12-12 | Remember to add the current time...problem noticed by ho@ | Angelos D. Keromytis | |
| 2001-12-11 | Use queue.h macros. | Jason Wright | |
| 2001-12-11 | - Log packet while mbuf is still valid. | jasoni | |
| - If logging and r == NULL, use r0 leaving r untouched. - Note that pf_route/pf_route6 can free the mbuf. Thanks and ok frantzen@ | |||
| 2001-12-10 | Add an ioctl to add state entries (DIOCADDSTATE) for proxies. | Daniel Hartmeier | |
| 2001-12-10 | Add stateful filtering for other (non-TCP/UDP/ICMP) protocol, based on | Daniel Hartmeier | |
| source/destination addresses/ports only. Add RDR for ICMP. Add NAT/RDR/BINAT for other protocols. Destination and redirection port(s) are now optional for RDR rules. Not specifying destination port(s) means 'redirect all ports', not specifying redirection port(s) means 'redirect to the original port'. | |||
| 2001-12-10 | use queue.h macros for TAILQ operations | Jason Wright | |
| 2001-12-10 | update ip stats when dropping an ip packet | jasoni | |
| ok jason@ | |||
| 2001-12-09 | Use queue.h TAILQ macros instead of accessing members directly. | Jason Wright | |
| (And convert a few loops to TAILQ_FOREACH). | |||
| 2001-12-09 | Don't access the tq members directly, use the queue.h macros. Also, | Jason Wright | |
| convert several of the loops to TAILQ_FOREACH. | |||
| 2001-12-08 | mflags and len were uninitialized in bridge_broadcast (source of some | Jason Wright | |
| accounting errors me thinks). | |||
| 2001-12-06 | Use hzto() to handle overflow of (hz * timeout) cases --- when using | Angelos D. Keromytis | |
| extremely long SA expirations. | |||
| 2001-12-03 | reason int -> u_short. From Mike Pechkin. | Daniel Hartmeier | |
| 2001-12-03 | Don't reset pf_status.debug and .since on DIOCCLRSTATUS. | Daniel Hartmeier | |
| From Dries Schellekens. Closes PR 2227. | |||
| 2001-12-01 | 217 lines of diff for KNF, dhartmei, you are evil | Theo de Raadt | |
| 2001-11-30 | only make a copy of the mbuf if the route rule is dup-to | jasoni | |
| 2001-11-30 | unifdef OLDIP6OUTPUT | Jun-ichiro itojun Hagino | |
| 2001-11-27 | typo - use correct mbuf | jasoni | |
| 2001-11-27 | do pf_route() before logging in case the logging created a bogus rule | Mike Frantzen | |
| (fixes a recent panic) OK dhartmei@ jasoni@ mpech@ | |||
| 2001-11-26 | add fastroute options similar to what is found in ipf | jasoni | |
| ok dhartmei@, frantzen@ | |||
| 2001-11-21 | Use pf_pull_hdr() instead of manual mbuf traversal. Fixes potential crashes | Daniel Hartmeier | |
| in pf_test6() for IPv6 packets with options. | |||
| 2001-11-20 | don't allow CHANGEBINAT ioctl in securelevel > 1 | Mike Pechkin | |
| dhartmei@ ok | |||
| 2001-11-16 | yes, signed substraction does not work because of underflows, revert the ↵ | Michael Shalayeff | |
| previous | |||
| 2001-11-14 | use substract when comparing keys, for ip addrs as well. | Michael Shalayeff | |
| those happen as signed integers and seem to work fine. saves whole bunch of useless code. dhartmei@ ok | |||
| 2001-11-13 | fix pf from going off into the weeds on an ipv6 icmp packet with certain option | Mike Frantzen | |
| headers. should fix pr #2172 ok dhartmei@ | |||
| 2001-11-08 | fix the endif comment | Michael Shalayeff | |
| 2001-11-07 | enc and pflog were using iana space, move and update w/ iana current list; ↵ | Michael Shalayeff | |
| niels@ angelos@ ok | |||
| 2001-11-06 | Replace inclusion of <vm/foo.h> with the correct <uvm/bar.h> when necessary. | Miod Vallat | |
| (Look ma, I might have broken the tree) | |||
| 2001-11-06 | Use #defines for skip step values. From dgregor@net.ohio-state.edu. | Daniel Hartmeier | |
| 2001-10-24 | Reset states counter when clearing states. | Daniel Hartmeier | |
| 2001-10-17 | make sure we use same key for removal (AF_INET was missing), ok deraadt@, ↵ | Markus Friedl | |
| dhartmei@ reported buy wizz@mniam.net | |||
| 2001-10-15 | Add 'allow-opts' to rules. Packets with IP options will be blocked by | Daniel Hartmeier | |
| default now, and can be allowed per rule. ok deraadt@ | |||
| 2001-10-13 | Patch from Ryan McBride, fixes IPv6 return-rst problem, found by | Daniel Hartmeier | |
| Todd Fries. ok deraadt@ | |||
| 2001-10-07 | fixes pr/2105 | Niels Provos | |
| 2001-10-05 | Fix bug in if_vlan which could cause crashes in timeouts and 'ifconfig -a' | Dale Rahn | |
| ok niklas@ | |||
| 2001-10-03 | M_WAIT in ether_output is wrong. Fix APPLETALK stuff. | Artur Grabowski | |
| 2001-10-02 | change timeval to bpf_timeval; 32 bit in size, permitting much greater ↵ | Theo de Raadt | |
| portability | |||
| 2001-10-02 | Convert ip_off of the inner IP header to host order in pf_test_state_icmp(). | Daniel Hartmeier | |
| Some of the IP header fields are already converted by ip_input.c (including ip_off), but of course not for inner headers of ICMP packets. The other fields which are left in network order are ok. This broke state search for any ICMP error message who referred to an IP header with the DF flag set, hence any ICMP_UNREACH_NEEDFRAG message. Found by Andreas Gunnarsson <andreas@crt.se>. Thank you. | |||
| 2001-10-01 | Make number of vlan interfaces configurable from UKC. | Niklas Hallqvist | |
| ok jason@, chris@, deraadt@ | |||
| 2001-09-30 | Tune TCP fsm (99.7% - 99.9% accuracy over 1e6 connections) | Mike Frantzen | |
| 2001-09-27 | The skip steps array was one element short (since adding steps for af). | Daniel Hartmeier | |
| This invoked undefined behaviour under the proper circumstances. | |||
| 2001-09-27 | switch without break. This caused the 'ICMP too short' messages, since | Daniel Hartmeier | |
| both IPv4 and IPv6 cases were executed. 'switch considered harmful'. | |||
| 2001-09-27 | Fix th_ack calculation in pf_send_reset(). return-rst didn't work since | Daniel Hartmeier | |
| 1.150 (at least for IPv4). | |||
| 2001-09-23 | ipxintr was missing | Michael Shalayeff | |
| 2001-09-23 | Bump up the tcp half closed timeout (single FIN) to an hour | Mike Frantzen | |
| 2001-09-21 | Fix natlook (broke ftp-proxy) and a memory leak. | Daniel Hartmeier | |
| From Ryan McBride. | |||
| 2001-09-20 | document why we use random() | Theo de Raadt | |
| 2001-09-20 | occured->occurred | Mike Pechkin | |
| idea from deraadt@ via NetBSD millert@ ok | |||
| 2001-09-20 | the use of arc4random() in ether_ifattach() is wrong as randomattach() | Peter Galbavy | |
| has not yet been called at this point. replace arc4random() with the more mundae random()&0xff as the use of a strong PRNG is not need here, where this code just helps fix up broken MAC addresses anyway now to find the real problem with my sis(4) LAN interface... ok'd by jason@ | |||
| 2001-09-19 | Patch from Ryan McBride. Compile without INET6, remove unnecessary | Daniel Hartmeier | |
| rewrite++. | |||
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |