| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2003-07-31 | Make table tickets per-ruleset instead of global. | Cedric Berger | |
| Make table tickets u_int32_t for consistency with other parts of PF. Ok dhartmei@ henning@ | |||
| 2003-07-29 | avoid stack smash on FDDI case. found by kernel propolice. | Jun-ichiro itojun Hagino | |
| markus ok. miod/paul confirmed | |||
| 2003-07-29 | Set pf_state->rt_ifp when creating the state entry, instead of doing it | Daniel Hartmeier | |
| later on, when another packet matches the state. ok mcbride@ | |||
| 2003-07-29 | More aggressive and easier to understand skip steps for addresses. | Cedric Berger | |
| Help daniel@ mcbride@ Ok henning@ mcbride@ | |||
| 2003-07-28 | typo. from cedric | Jun-ichiro itojun Hagino | |
| 2003-07-25 | do not flip ip_len/ip_off. pechkin and henning ok | Jun-ichiro itojun Hagino | |
| 2003-07-25 | %lu for u_long arg | Jason Wright | |
| 2003-07-24 | conform to RFC2367 on SADB_xx naming (local name must be prefixed with | Jun-ichiro itojun Hagino | |
| SADB_X_xx) | |||
| 2003-07-24 | hmac-sha2-{256,384,512} support in AH/ESP auth. markus ok | Jun-ichiro itojun Hagino | |
| 2003-07-23 | remove packets in queues (like ipintrq) with m->m_pkthdr.rcvif pointing | Jun-ichiro itojun Hagino | |
| to detached if. deraadt ok | |||
| 2003-07-19 | Simplify struct pf_pooladdr to include struct pf_addr_wrap directly | Cedric Berger | |
| instead of indirectly trough struct pf_rule_addr. Ryan McBride says: If I'm not mistaken, the code _used_ to use the ports in pf_rule_addr as well. The code was changed to fix some of the bugs with port ranges, but it was too late in the release cycle to make kernel API changes, so the structure was left as is. Needless to say: KERNEL/USERLAND SYNC REQUIRED. ok henning@ mcbride@ | |||
| 2003-07-18 | add missing includes | David Krause | |
| ok tedu@ | |||
| 2003-07-17 | fix scrub frag reassembly after the stack's ip_len/ip_off flip correction | Mike Frantzen | |
| ok itojun@ and dhartmei@. heckling from henning@ | |||
| 2003-07-15 | Adjust pflog after recent byte order changes, fixes the 'truncated-ip' | Daniel Hartmeier | |
| errors on pflog0. Reported and tested by Ben Lovett. ok frantzen@, cedric@ | |||
| 2003-07-15 | no named args in prototypes | Jason Wright | |
| 2003-07-12 | Remove two htons(), which were meant as ntohs(), and are wrong since | Daniel Hartmeier | |
| ip_ouput() flipped byte order. From Pyun YongHyeon. ok itojun@ | |||
| 2003-07-12 | Prevent u_int16_t variable from overflowing and get rid of the compiler | Daniel Hartmeier | |
| warning. From Pyun YongHyeon. ok itojun@ | |||
| 2003-07-10 | correct another incorrect comparison in ip6 normalization. | Jun-ichiro itojun Hagino | |
| don't use m->m_pkthdr.len for checking, as it is not reliable | |||
| 2003-07-10 | wrong comparison of IPv6 packetsize | Jun-ichiro itojun Hagino | |
| 2003-07-09 | check if m->m_pkthdr.len is too short | Jun-ichiro itojun Hagino | |
| 2003-07-09 | don't check exact ip6_plen and m->m_pkthdr.len match, as ip6_input() | Jun-ichiro itojun Hagino | |
| does the m_adj() only after filtering. reported by marc | |||
| 2003-07-09 | do not flip ip_len/ip_off in netinet stack. deraadt ok. | Jun-ichiro itojun Hagino | |
| (please test, especially PF portion) | |||
| 2003-07-09 | KNF | Daniel Hartmeier | |
| 2003-07-05 | backout 1.29; problem reported by Rukh w/ userland ppp. | Jun-ichiro itojun Hagino | |
| 2003-07-04 | cosmetic changes to keep the different code paths in sync; ok henning | Markus Friedl | |
| 2003-07-04 | -add a "natpass" field to pf_rule | Henning Brauer | |
| -if natpass is nonzero on nat/rdr/binat rules, do not evaluate the filter ruleset, but set the rulepointer to the default rule (which is a pass rule) in cooperation with daniel. ok dhartmei@ cedric@ markus@ | |||
| 2003-07-04 | bad redundant copy; ok daniel | Markus Friedl | |
| 2003-07-03 | unused global. dhartmei ok | Jun-ichiro itojun Hagino | |
| 2003-07-01 | wrap pf_normalize_ip6() by #ifdef INET6. pointed out by Wouter Clarie | Jun-ichiro itojun Hagino | |
| 2003-06-30 | change that queue ID allocator so it always has the queues sorted by ID. | Henning Brauer | |
| that allows us to get rid of the "tagid" global which stored the highest tag ID in use. when allocating a new ID scan the list for a free slot and only use highest + 1 on failure instead of using highest + 1 from the beginning scanning for a dup afterwards. this prevents ID space fragmentation better. as a result this allows us do get rid of the pf_tag_purge() function completely and let pf_tag_unref() remove an entry once the reference counter reaches zero by itself. after all it makes for easier code and is about 50% faster. idea came up during a discussion on icb earlier today between cedric and myself, which itself was particulary inspired by Darren Reed questioning the need for pf_tag_purge on tech-net@netbsd. ok dhartmei@ cedric@ | |||
| 2003-06-30 | reset interface statistics when loginterface is changed, closes pr3332, | Daniel Hartmeier | |
| from Jason Ackley, ok henning@, cedric@ | |||
| 2003-06-30 | missing pf_tag_purge() | Henning Brauer | |
| cedric made me check | |||
| 2003-06-30 | move prototype for pf_tag_purge() to pfvar.h | Henning Brauer | |
| 2003-06-29 | normalize IPv6 packet (no reass, but it is a start). dhartmei & henning ok | Jun-ichiro itojun Hagino | |
| - length, jumbo payload option - TTL ("hoplimit" in IPv6 terminology) rewrite | |||
| 2003-06-29 | unused global. dhartmei ok | Jun-ichiro itojun Hagino | |
| 2003-06-28 | redundant (pfvar.h already have it) | Jun-ichiro itojun Hagino | |
| 2003-06-28 | remove duplicated prototype (they are in pfvar.h). dhartmei ok | Jun-ichiro itojun Hagino | |
| 2003-06-27 | protos for userland build | Theo de Raadt | |
| 2003-06-27 | do pf_tagname2tag() in DIOCCHANGERULE as well. | Henning Brauer | |
| noticed by and ok cedric@ | |||
| 2003-06-27 | move down pf_tag_unref() calls in pf_rm_rule() to after the check wetehr there | Henning Brauer | |
| are still states for the given rule existant. based on a very nice analysis from cedric@, that is so completely right that I have nothing to add: in pf_rm_rule(), the pf_tag_unref() calls are done *before* the if (rule->states > 0 || rule->entries.tqe_prev != NULL) test. That mean that the two pf_tag_unref() calls could occur *twice* for a given rule: first when the rule is removed from the ruleset and (if the rule was kept around because of a state) a second time when the state refcount drops to zero and the rule gets really deleted. Unless I'm mistaken, that breaks the refcounting. ...and cedric was not mistaken. and, as daniel pointed out: The breakage this causes is so subtle, I doubt anyone noticed it before, if it did occur. consensus on this between cedric, dhartmei and myself | |||
| 2003-06-25 | add a pf_tagname field to ifbrlreq and a pf_tag field to ifbrlnode. | Henning Brauer | |
| on bridge rule load translate tagnames to pf tags using pf_tagname2tag etc if packets match a bridge filter rule tag them using pf_tag_packet() with the given tag help dhartmei@ ok deraadt@ jason@ dhartmei@ | |||
| 2003-06-24 | in the ipv6 case, allow route-to to route to link-local addresses | Henning Brauer | |
| from KOZUKA Masahiro <ma-kun@kozuka.jp> with a minor adjustment from itojun ok itojun@ dhartmei@ | |||
| 2003-06-24 | KNF | Henning Brauer | |
| 2003-06-24 | recover code that requires exact match on rtm_change/lock (lost in netbsd 1.16). | Jun-ichiro itojun Hagino | |
| without it "route change X" would change less-specific route by mistake. reported by jinmei@kame, markus ok | |||
| 2003-06-23 | Don't remove anchor too early in table code, it makes PF use freed memory. | Cedric Berger | |
| This might just be a temporary fix, we're still looking for a better one. ok dhartmei@ | |||
| 2003-06-21 | count packets and bidirectionally on state entries, allowing for fine-grained | Damien Miller | |
| traffic reporting w/ pfsync; ok dhartmei@ Note: ABI change (new fields in struct pf_state), requires a rebuild of pfctl and tcpdump. | |||
| 2003-06-20 | Add MSS support to the synproxy. The client's MSS is sent to the server, | Daniel Hartmeier | |
| the server's MSS is guessed based on the routing table and interface MTU. Fine patch entirely from Krists Krilovs <pow@pow.za.net>, ok frantzen@ Note: ABI change (new field in struct pf_state), requires a pfctl rebuild (and tcpdump for pfsync). | |||
| 2003-06-20 | Extend 'BAD ICMP' debug message, include icmp type/code and outer IP header | Daniel Hartmeier | |
| addresses. ok mcbride@, cedric@ | |||
| 2003-06-18 | Do not panic on no memory available when allocating bufs, pass ENOBUFS | Henning Brauer | |
| to userland instead. fixes PRs 2235, 2236 and 2640 from Otto Moerbeek <otto@drijf.net> ok frantzen@, tedu@, deraadt@ | |||
| 2003-06-14 | Use source's window scaling factor (instead of destination's) when | Daniel Hartmeier | |
| comparing ackskew, otherwise legitimate low acks can get blocked. Was triggered when asymmetric scale factors where used in combination with SACK. Report and logs provided by Peter Galbavy. ok frantzen@, henning@ | |||
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |