src - OpenBSD base system

Age	Commit message (Collapse)	Author
2002-03-31	Use ip_defttl as ttl for return-rst instead of an arbitrary hardcoded	Daniel Hartmeier
	value (128). This matches the stack's default setting and honours sysctl net.inet.ip.ttl, making RSTs generated by pf harder to distinguish from RSTs sent by the real destination.
2002-03-30	Initialize sequence number high limit from 1 to the real value with the	Daniel Hartmeier
	first packet. ok frantzen@
2002-03-28	some BITS defs for %b	Michael Shalayeff

2002-03-28	i forgot these for if_wi	Michael Shalayeff

2002-03-27	implement a "no-route" keyword.	Michael Shalayeff
	usage semantics are analogous w/ "any", meaning is "any ip address for which there is no route in the current routing table", could be used in both from and to. typical usage would be (assuming symmetrical routing): block in from no-route to any also doc "any" in the pf.conf.5, include in regress, etc. tested by me on i386 and sparc. dhartmei@ and frantzen@ ok
2002-03-26	Change default logging level from none to urgent. Should never print	Daniel Hartmeier
	anything, and if it does, it should be reported.
2002-03-25	Ignore 'keep state' for ICMP errors whose inner headers mismatch state	Daniel Hartmeier
	but are passed by rules. Found by Henning Brauer.
2002-03-25	add ioctl DIOCKILLSTATES to shootdown a subset of the state table. allows	Mike Frantzen
	discrimination on src/dst ips and netmask, src/dst port range and protocol. ok dhartmei@
2002-03-24	deref of NULL in out of mbuf situation, ok jason@	Niklas Hallqvist

2002-03-18	filter ipv6 on the bridge.	jasoni
	- ok jason@
2002-03-15	Kill #if __STDC__ used to do K&R vs. ANSI varargs/stdarg; just do things	Todd C. Miller
	the ANSI way.
2002-03-15	Cosmetic changes only, primarily making comments line up nicely after the	Todd C. Miller
	__P removal.
2002-03-14	Final __P removal plus some cosmetic fixups	Todd C. Miller

2002-03-14	First round of __P removal in sys	Todd C. Miller

2002-03-12	sync with KAME	Kenjiro Cho
	ALTQify more drivers. ok millert@
2002-03-08	Fix arc4random() usage; add more randomness to pf_get_sport().	Mike Pechkin
	dhartmei@, provos@ ok
2002-03-03	Fix crashes associated with SADB_GET/SADB_DUMP --- memory was not	Angelos D. Keromytis
	allocated on outgoing message for encryption/authentication keys --- from umaraghunath@hotmail.com
2002-02-26	Add optional pool memory hard limits, mainly as temporary solution	Daniel Hartmeier
	until pool exhaustion causes problems no more.
2002-02-25	Change timeouts from microtime() to time.tv_sec like in pf.c,	Daniel Hartmeier
	initialize fr_timeout, free frent in pf_reassemble() when it's not inserted into a frag. ok provos@
2002-02-23	SRC prefix is not required for some operations.	Angelos D. Keromytis

2002-02-23	Pools that are only used in the ioctls can use the nointr allocator.	Artur Grabowski

2002-02-22	IEEE80211_NWKEY_* flags; from netbsd	Michael Shalayeff

2002-02-21	Correctly initialize the compression case.	Angelos D. Keromytis

2002-02-17	Calculate IP checksum and copyback modified headers before logging a	Daniel Hartmeier
	packet. Closes PR2402. Note that checksums were only wrong in the logged packet, packets that were passed got a valid checksum anyway.
2002-02-15	pf only uses seconds for time measuring. There is no need to call microtime	Artur Grabowski
	on every packet. Use time.tv_sec to get seconds. In the places where it seemed to matter, make sure that time doesn't change under our feet. And it's really unnecessary to do a test on every packet when the test will only fire once every 10 seconds. That's a real waste of time, that's what we have timeouts for. ok frantzen@
2002-02-14	Reorder struct pf_pdesc members, saves 8 bytes.	Daniel Hartmeier

2002-02-14	KNF	Theo de Raadt

2002-02-14	Add skip steps for rule action (pass/block vs. scrub) and direction	Daniel Hartmeier
	(in vs. out). This speeds up rule set evaluation considerably, because the rules set used to be linearly traversed (even twice) when looking for scrub rules. Ok frantzen@, deraadt@
2002-02-14	If helps to loop over the correct variable sigh	Jason Wright

2002-02-13	Be -really- careful not to modify the payload when replacing the ethernet	Jason Wright
	header with the 802.1Q header. The reason for this is if_vlan is called by the bridge (via if_start). It cannot modify the mbuf because it might be shared copy.
2002-02-13	sync with KAME.	Kenjiro Cho
	make altq actually work with kernl ppp. add if_start for the altq case to kick transmission. don't call ppp_restart() to prevent useless interrupt loop under rate-limiting.
2002-02-11	Remove unused function prototype, from Jason Ish	Daniel Hartmeier

2002-02-11	Remove ancient comment regarding memcmp(), from Jason Ish	Daniel Hartmeier

2002-02-07	bridge_output() needs a forcibly aligned copy just like bridge_broadcast()	Jason Wright
	because of calls it makes to altq; thanks to art for testing and kjc for pointing that I forgot this case.
2002-02-07	Quiet down an annoying message in altq_etherclassify.	Artur Grabowski

2002-01-23	compatability -> compatibility.	Federico G. Schwindt

2002-01-23	Back out part of last commit, it causes memory to be freed prematurely	Todd C. Miller
	in this version of the zlib code; from Wayne Meissner
2002-01-23	It looks like there has been one crack smoking and a few cut and pastes.	Artur Grabowski
	PR_FREEHEADER should not be set in pool_init by the caller. It shouldn't be set in pool_init at all. Besides, it's going away soon anyway.
2002-01-23	Pool deals fairly well with physical memory shortage, but it doesn't deal	Artur Grabowski
	well (not at all) with shortages of the vm_map where the pages are mapped (usually kmem_map). Try to deal with it: - group all information the backend allocator for a pool in a separate struct. The pool will only have a pointer to that struct. - change the pool_init API to reflect that. - link all pools allocating from the same allocator on a linked list. - Since an allocator is responsible to wait for physical memory it will only fail (waitok) when it runs out of its backing vm_map, carefully drain pools using the same allocator so that va space is freed. (see comments in code for caveats and details). - change pool_reclaim to return if it actually succeeded to free some memory, use that information to make draining easier and more efficient. - get rid of PR_URGENT, noone uses it.
2002-01-18	Fix some zlib memory leaks, originally from Mark Adler	Todd C. Miller

2002-01-12	- Only apply fastroute and route-to if we are going in the same	jasoni
	direction as the rule. - ok dhartmei@
2002-01-11	pad the pf_state_{host,peer} to a 32bit quantity; dhartmei@ frantzen@ ok	Michael Shalayeff

2002-01-09	Add labels to rules. These are arbitrary names (not to be confused with	Daniel Hartmeier
	tags that will be used to tag packets later on). Add pfctl -z to clear per-rule counters. Add pfctl -s labels to output per-rule counters in terse format and only for rules that have labels. Suggested by Henning Brauer.
2002-01-08	Add "no nat/rdr/binat" to nat.conf. The first matching rule applies.	Daniel Hartmeier
	If it is a "no" rule, no translation occurs. Useful to exclude certain packets from translation. Suggested by Henning Brauer.
2002-01-02	allow for setting of the loopback MTU, set IFF_RUNNING on address configuration	Dug Song

2002-01-02	Don't forget to deallocate on failure.	Jason Wright

2002-01-01	This is ugly: make a specialized deep copy in bridge_broadcast() that	Jason Wright
	ensures that the payload after the ethernet header is nicely aligned (basically this is two copies, one for the ethernet header and one for the payload) and glue the two copies together. bridge_filter() assumes it has been handed a nicely aligned packet. This should address pr#2248.
2001-12-31	only require write mode for modifying ioctls; dhartmei@, frantzen@, deraadt@ ok	Michael Shalayeff

2001-12-27	revision 1.12 lacks paren around && within \|\| (gcc warns and compilation stops).	Jun-ichiro itojun Hagino

2001-12-26	misplaced (), causing tcp header be examined in non-tcp packets	Michael Shalayeff