| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2004-09-29 | reset anchor pointer to NULL when stepping back into the main ruleset, | Daniel Hartmeier | |
| fixes pflog attributing states wrongly to anchors and pfctl -vvsn/sr showing wrong state counters for anchor rules. found by camield@, ok henning@, -stable candidate | |||
| 2004-09-23 | - remove EVFILT_WRITE in bpfkqfilter() switch case, handled | Brad Smith | |
| by default label. - fill in kn_data with the number of bytes available, same behavior as FreeBSD/NetBSD. ok tedu@ | |||
| 2004-09-21 | Implement "no scrub" to allow exclusion of specific traffic from scrub rules. | Aaron Campbell | |
| First match wins, just like "no {binat,nat,rdr}". henning@, dhartmei@ ok | |||
| 2004-09-20 | pf_routable(), used for the no-route keyword, was a v4 only implementation, | Henning Brauer | |
| and behaved incorrectly when used with v6. impliment the v6 case too. ok canacar mcbride | |||
| 2004-09-17 | Clean up reference counting wrt state creation and destruction. Fixes | Ryan Thomas McBride | |
| problems with adaptive timeouts, max-states limits, and rules not being freed from memory. Diff from Chris Pascoe. ok henning@ dhartmei@ | |||
| 2004-09-16 | handle route labels on RTM_CHANGE, ok mcbride, prodded my markus some time ago | Henning Brauer | |
| 2004-09-16 | ewps, kill the src route prototypes. was sitting in my tree for ages but | Henning Brauer | |
| forgot to commit... | |||
| 2004-09-15 | Kill more netiso ghosts. | Alexander Yurchenko | |
| ok millert@ | |||
| 2004-09-14 | remove remaining unused traces from src route | Henning Brauer | |
| 2004-09-12 | Return the most common data link type instead of the first match for an | Claudio Jeker | |
| interface. Where the most common DLT is the one with the smallest id. This fixes tcpdump for atw(4) that attaches multiple bpf hooks. Tested: millert@, Sigfred Haversen, otto@, mcbride@, sturm@, krw@, Steve Shockley OK millert@ deraadt@ | |||
| 2004-09-09 | Copy out anchors with relative paths and wildcards correctly, | Daniel Hartmeier | |
| from jaredy@, ok henning@, mcbride@, deraadt@ | |||
| 2004-08-30 | Increment the states reference counter in the rule attached to the state | Ryan Thomas McBride | |
| being inserted, so that the counter does not wrap back when the state is removed. This fixes pfsync setups with adaptive timeouts. From Chris Pascoe ok canacar@ dhartmei@ henning@ deraadt@ | |||
| 2004-08-18 | fix bad packets passed to bpf from the gre(4) interface. | Can Erkin Acar | |
| reported by Robert Stone ( robert at arbor net ) via PR 3852 This is a different fix since gre(4) may carry non-ip packets. tested by Robert Stone and markus@ ok markus@ deraadt@ | |||
| 2004-08-18 | skip splx() for skiplookup; report Vafa D. Izadinia; ok henning, canacar | Markus Friedl | |
| 2004-08-15 | undo last commit, skipping over ifaddrs without IFA_ROUTE has unwanted | Henning Brauer | |
| sideffects in IPv6 land, noticed by Johan Fredin <griffin@legonet.org> | |||
| 2004-08-11 | skip over interface addresses without IFA_ROUTE, fixes some issue with pppd | Henning Brauer | |
| from Max Laier <max@love2party.net> | |||
| 2004-08-10 | Add SADB_X_EXT_LIFETIME_LASTUSE for use with isakmpd/DPD, adding this | Hakan Olsson | |
| extends the bitmap to 64bits. Also repair SADB_GET. hshoexer@ ok. | |||
| 2004-08-10 | when inserting a dynamic group entry into the pfi_ifs tree, don't incorrectly | David Gwynne | |
| create an interface entry with the same name. Prevents panics due to subsequent invalid refcounting. from Chris Pascoe ok dhartmei@ henning@ | |||
| 2004-08-09 | Change static functions to be non-static, for better backtraces. | Otto Moerbeek | |
| ok krw@ henning@ | |||
| 2004-08-08 | Zero route info structure in rtredirect(), avoiding a panic on label | Otto Moerbeek | |
| copy. ok millert@ deraadt@ henning@ | |||
| 2004-08-03 | the rest of the '#if DIAGNOSTIC' -> '#ifdef DIAGNOSTIC' in the kernel; ok miod@ | Todd T. Fries | |
| 2004-08-03 | introduce route labels, allowing for up to 32 bytes of info to be attached | Henning Brauer | |
| to a route. the label is sent over the routing socket wrapped into a new struct sockaddr_rtlabel, allowing for handling it like any other sockaddr. struct rtentry only contains a (16 bit) label-ID, with the actual labels kept outside the routing table. ID allocator code inspired by my own code for altq and pf tags. mostly hacked at the c2k4 hackathon, markus ok | |||
| 2004-08-03 | Allow a unicast ip address to be specified for pfsync to send it's state | Ryan Thomas McBride | |
| updates to; this allows pairs of pfsync firewalls to protect the traffic with IPSec. | |||
| 2004-07-28 | pool(9) for rtentry and rttimer; similar to netbsd; ok mcbride, henning, pb | Markus Friedl | |
| 2004-07-22 | Add missing check for NULL in DIOCCHANGERULE. This prevents a crash in | Mathieu Sauve-Frankel | |
| certain rare cases. ok mcbride@ dhartmei@ | |||
| 2004-07-20 | KASSERT instead of assert. Gives smaller RAMDISKS. | Artur Grabowski | |
| 2004-07-17 | Repair breakage from the hackathon's time conversion. Using the timestamp | Mike Frantzen | |
| as an extension to the sequence number got disabled because of the failing idle limit on PAWS checks. One more thing off my todo list. I need an intern | |||
| 2004-07-16 | remove netiso shitz, millert ok | Henning Brauer | |
| 2004-07-13 | spelling; dlg | Theo de Raadt | |
| 2004-07-12 | remove PF_FORWARD (which was introduced by ipv6 reass-on-scrub). | Jun-ichiro itojun Hagino | |
| daniel found it. | |||
| 2004-07-11 | backout IPv6 reass-on-scrub patch (more work needs to be done). | Jun-ichiro itojun Hagino | |
| requested by deraadt | |||
| 2004-07-11 | Create the group when adding a dynamic interface that's not yet plugged in. | Ryan Thomas McBride | |
| ok henning@ | |||
| 2004-07-08 | Make 0/0 table entries work; also fix a problem setting the network mask | Ryan Thomas McBride | |
| on v6 addresses. Reported by Ilya A. Kovalenko, fix from Cedric Berger. | |||
| 2004-07-08 | Move carp_output() call to after mcopy of MAC address so the virtual address | Ryan Thomas McBride | |
| does not get overwritten. Report and fix from Chris Pascoe. | |||
| 2004-07-05 | KNF | Henning Brauer | |
| 2004-07-04 | remove the half-baked and bogus pfi_dynamic_drivers() which tries to guess | Henning Brauer | |
| which drivers are hotpluggable. since we removed the stupid check from pfctl a few days ago nothing relies on this any more. ok pb@ mcbride@ | |||
| 2004-07-03 | quick workaround until proper PF_FORWARD reass gets implemented. | Jun-ichiro itojun Hagino | |
| 2004-06-27 | Media support for the 802.11 framework, missing in that commit the other day. | Todd C. Miller | |
| 2004-06-26 | cleanup ioctl for ifgroups; ok pb@ | Markus Friedl | |
| 2004-06-26 | Add a table-driven implementation of ether_crc32_be(). | Christian Weisgerber | |
| From Seishi Hiragushi via FreeBSD PR kern/49957. Also, while we're here, make the loop counter size_t. ok mcbride@ | |||
| 2004-06-25 | introduce "interface groups" | Philipp Buehler | |
| by "ifconfig fxp0 group foobar" "ifconfig xl0 group foobar" these two interfaces are in one group. Every interface has its if-family as default group. idea/design from henning@, based on some work/disucssion from Joris Vink. henning@, mcbride@ ok. | |||
| 2004-06-25 | correct "scrub in" behavior for IPv6. | Jun-ichiro itojun Hagino | |
| remaining TODO: - "forward" case kernel behavior (IPv4 too), then pfctl syntax change - red-black tree | |||
| 2004-06-25 | re-introduce PF_INOUT and move PF_FORWARD def to the end. | Jun-ichiro itojun Hagino | |
| pfctl is assuming that the keyword == 0 in its parser! (see decl for "dir"). | |||
| 2004-06-25 | Add tap aka layer 2 tunneling support to tun(4). It can be enabled by setting | Claudio Jeker | |
| the link0 flag via ifconfig(8). OK markus@, canacar@ also tested by ish@ | |||
| 2004-06-25 | Minor fixes suggested by nordin@ and henning@ | Thorsten Lockert | |
| ok millert@ | |||
| 2004-06-25 | IPv6 reassembly on "scrub" directive. | Jun-ichiro itojun Hagino | |
| caveats: (to be addressed soon) - "scrub in" should queue fragments back into ip6intrq again, but somehow it does not happen - the packet is kept inside reass queue. need investigation - ip6_forwarding path is not tested - does not use red-black tree. somehow red-black tree behaved badly and was not robust. performance issue, the above one is more important. good things: - "scrub out" is perfectly ok - i think now we can inspect upper-layer protocol fields (tcp port) even if ip6 packet is fragmented. - reass queue will be cleaned up properly by timeout (60sec). we might want to impose pool limit as well | |||
| 2004-06-24 | KNF, cleanup, readability fixes... this hurt | Henning Brauer | |
| ok itojun claudio | |||
| 2004-06-24 | This moves access to wall and uptime variables in MI code, | Thorsten Lockert | |
| encapsulating all such access into wall-defined functions that makes sure locking is done as needed. It also cleans up some uses of wall time vs. uptime some places, but there is sure to be more of these needed as well, particularily in MD code. Also, many current calls to microtime() should probably be changed to getmicrotime(), or to the {,get}microuptime() versions. ok art@ deraadt@ aaron@ matthieu@ beck@ sturm@ millert@ others "Oh, that is not your problem!" from miod@ | |||
| 2004-06-23 | pfr_commit_ktable calls functions that can result in the current | Ryan Thomas McBride | |
| ktable being destroyed, which makes it unsafe in a SLIST_FOREACH. Fix from Chris Pascoe | |||
| 2004-06-22 | Import current NetBSD/FreeBSD 802.11 framework. | Todd C. Miller | |
| Based in part on a diff from Matthew Gream. | |||
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |