| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2001-09-21 | Fix natlook (broke ftp-proxy) and a memory leak. | Daniel Hartmeier | |
| From Ryan McBride. | |||
| 2001-09-20 | document why we use random() | Theo de Raadt | |
| 2001-09-20 | occured->occurred | Mike Pechkin | |
| idea from deraadt@ via NetBSD millert@ ok | |||
| 2001-09-20 | the use of arc4random() in ether_ifattach() is wrong as randomattach() | Peter Galbavy | |
| has not yet been called at this point. replace arc4random() with the more mundae random()&0xff as the use of a strong PRNG is not need here, where this code just helps fix up broken MAC addresses anyway now to find the real problem with my sis(4) LAN interface... ok'd by jason@ | |||
| 2001-09-19 | Patch from Ryan McBride. Compile without INET6, remove unnecessary | Daniel Hartmeier | |
| rewrite++. | |||
| 2001-09-17 | icmpv6 nat fix, from Ryan McBride | Daniel Hartmeier | |
| 2001-09-16 | Add some missing lengths checks when passing data from userland to | Todd C. Miller | |
| kernel. From based on NetBSD patches. | |||
| 2001-09-15 | The inner protocol of IPv4 ICMP error messages was ignored, leading to | Daniel Hartmeier | |
| 'ICMP error message for bad proto' messages and breaking traceroute etc. Please increase debugging level (pfctl -x m) while testing. | |||
| 2001-09-15 | Revert the sleep priority to something more sane | Mike Frantzen | |
| (the previous priority didn't help performance in tests on a hacked up BPF and it weighed down the load average) | |||
| 2001-09-15 | Don't use m_pkthdr.rcvif in pflog_packet(), it doesn't work for outgoing | Daniel Hartmeier | |
| packets and is obviously invalid (and not NULL) for IPv6 packets (hence crashed). Pass ifp down instead. sizeof(ih) instead of sizeof(&ih) for pf_pull_hdr() from pf_test6(). | |||
| 2001-09-15 | IPv6 support from Ryan McBride (mcbride@countersiege.com) | Mike Frantzen | |
| 2001-09-14 | binat non icmp/udp/tcp protocols as well; ok dhartmei@ | jasoni | |
| 2001-09-11 | Undo BINAT translation when blocking with return-rst/-icmp. | Daniel Hartmeier | |
| Translate at most once. From Ryan McBride. | |||
| 2001-09-08 | initialize variable and more careful bounts checking; okay frantzen@ | Niels Provos | |
| 2001-09-06 | Reflect skip step changes. Spotted by Ryan McBride. | Daniel Hartmeier | |
| 2001-09-06 | 1:1 bidrectional NAT (binat); ok dhartmei@ and frantzen@ | jasoni | |
| 2001-09-05 | Handle uh_sum == 0x0000 correctly. Before, UDP packet checksums were | Daniel Hartmeier | |
| broken by NAT/RDR when unset by the sender. Fixes ntpdate behind NAT. | |||
| 2001-09-05 | s/pf_natlook/pfioc_natlook (ioctl parameter struct) | Daniel Hartmeier | |
| 2001-09-04 | Add skip steps for interface (ifp). | Daniel Hartmeier | |
| 2001-09-04 | #define empty PFLOG_PACKET correctly (no side effects). Closes PR2044. | Daniel Hartmeier | |
| From Claus Assmann. | |||
| 2001-09-01 | Inherit baudrate from parent. Now MRTG will show vlan interfaces ;) | Chris Cappuccio | |
| 2001-08-31 | Forgot to commit frag expire tuning before | Mike Frantzen | |
| Check for a short ip_hl. Could have caused proto headers to overlap IP header. | |||
| 2001-08-28 | Add new ioctls to securelevel check, from Can Erkin Acar | Daniel Hartmeier | |
| <canacar@eee.metu.edu.tr> | |||
| 2001-08-28 | Bump state timeouts and allow tweaking them from pfctl. | Mike Frantzen | |
| (The state timeouts need some _serious_ tuning) | |||
| 2001-08-26 | 2nd uninitialized variable that bit me today | Niklas Hallqvist | |
| 2001-08-25 | PF ISN randomization. Or in trekkie techno-babble, ISN phase modulation. | Mike Frantzen | |
| 2001-08-22 | Correct the setup of the intial TCP state window and pre-validate th_ack | Mike Frantzen | |
| on an FIN|ACK close if the client has never responded. | |||
| 2001-08-22 | Fix panic in pf (was my fault) caused by a bad key compare optimization | Mike Frantzen | |
| Add debug output to track loose state matches | |||
| 2001-08-21 | KNF | Theo de Raadt | |
| 2001-08-21 | cut/pasto in rule flushing code (using wrong list); base on patch from Henk ↵ | Jason Wright | |
| van Lingen <henk@vanlingen.net> | |||
| 2001-08-21 | Add support for SIOCADDMULTI & SIOCDELMULTI; NetBSD | brian | |
| 2001-08-21 | Pass closing TCP connections through looser state machine (handle Solaris' | Mike Frantzen | |
| stupid spurious ACK|FINs after a close) | |||
| 2001-08-19 | Add new ioctls for adding/removing RDR and NAT rules to/from the active | Daniel Hartmeier | |
| rule sets. | |||
| 2001-08-19 | Quick optimization of pf_tree_key_compare (should half the instruction count) | Mike Frantzen | |
| 2001-08-19 | Make more money for mickey (count entire IP packets for statistics, not just | Daniel Hartmeier | |
| inner data). | |||
| 2001-08-19 | Yet another batch of improvements and un-fuckups to the TCP state code. | Mike Frantzen | |
| Improved the state miss debug messages to cover the new checks. | |||
| 2001-08-19 | Add per-rule byte counter, so mickey can do accounting. We're counting the | Daniel Hartmeier | |
| data part (without IP and TCP/UDP/ICMP headers), like the state counter does. | |||
| 2001-08-19 | Add per-rule statistics (number of evaluations and number of packets). | Daniel Hartmeier | |
| Packets passed statefully will be counted using the rule that created the state. | |||
| 2001-08-19 | Unfuck some TCP state stuff that would drop the SYN|ACK. | Mike Frantzen | |
| Enumerated the TCP states. Here's a mapping new->old tcp states if anyone gives a shit: TCPS_CLOSED 0 TCPS_SYN_SENT 1 TCPS_ESTABLISHED 2 TCPS_CLOSING 3 TCPS_FIN_WAIT_2 4 TCPS_TIME_WAIT 5 | |||
| 2001-08-19 | compile w/out INET | Jason Wright | |
| 2001-08-19 | Loosened TCP state code which should allow stupid stacks to shotgun their | Mike Frantzen | |
| SYNs and provide better handling for pre-existing connections. | |||
| 2001-08-18 | Add new ioctl for adding/removing individual rules to/from the active rule set. | Daniel Hartmeier | |
| 2001-08-18 | make pfctl -s state SCREAM; frantzen is now happy | Theo de Raadt | |
| 2001-08-12 | now, that kernel compiles, i can go get an ash tray somewhere | Michael Shalayeff | |
| 2001-08-11 | Add support for ICMP errors referring to ICMP queries/replies. Fixes | Daniel Hartmeier | |
| 'ICMP error message for bad proto' messages. Reported by Mark Grimes and Steve Rumble. Add debugging level with ioctl interface and pfctl switch. Default is 'None'. | |||
| 2001-08-05 | Actually, move the check inside the switch. | Angelos D. Keromytis | |
| 2001-08-05 | Only flush the policies if the message type is UNSPEC. | Angelos D. Keromytis | |
| 2001-08-03 | Use IFCAP_VLAN_MTU and IFCAP_VLAN_HWTAGGING capabilities: | Chris Cappuccio | |
| LINK0 disappears; we now set IFCAP_VLAN_HWTAGGING at ifnet->if_capabilities in the Ethernet driver for cards/drivers which support hardware tagging. MTU ambiguity disppears; we now set IFCAP_VLAN_MTU in the Ethernet driver when we know the chip will not truncate/discard vlan-sized frames. Only allow the MTU to be changed within the scope of the parent interface's MTU. (Here we also take into account IFCAP_VLAN_MTU) Propagate hardware-assisted IP/TCP/UDP checksumming flags to the vlan interface if the card supports hardware tagging (from NetBSD) | |||
| 2001-08-03 | simplify previous fix (0-length mbuf in mbuf chain). from freebsd | Jun-ichiro itojun Hagino | |
| 2001-08-02 | do not exit loop even if m_len == 0. it is legal to have an mbuf with | Jun-ichiro itojun Hagino | |
| m_len == 0 in mbuf chain. | |||
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |