| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2004-02-24 | sysctl knob for bpf tunables. some tips from canacar@ | Ted Unangst | |
| ok canacar@ deraadt@ mcbride@ | |||
| 2004-02-24 | Remove redundant logging from pf_test_other(). | Ryan Thomas McBride | |
| ok henning@ cedric@ | |||
| 2004-02-24 | KNF | Ryan Thomas McBride | |
| 2004-02-23 | prevent backward jumps; pls@egsys.hu; ok canacar, deraadt | Markus Friedl | |
| 2004-02-20 | Make pfsync deal with clearing states bound to a group or interface (eg | Ryan Thomas McBride | |
| pfctl -i fxp0 -Fs). Also don't send out individual state deletions if we're sending a clear message, move pfsync_clear_states() inside splnet, and fix if_pfsync.h includes in pf.c and pf_ioctl.c. ok cedric@ dhartmei@ | |||
| 2004-02-19 | Makes pfctl -Fs and pfctl -w works with the optional -i specifier. | Cedric Berger | |
| Kernel/Userland Sync needed. ok dhartmei@ jmc@ markus@ mcbride@ | |||
| 2004-02-19 | the 2nd round of the qid assignment change. | Kenjiro Cho | |
| make the semantics in line with the tag assignment, which simplifies the id management in pf. ok, henning@ | |||
| 2004-02-17 | Tighten pfi_skip_if() up, and a bit of KNF. ok mcbride@ | Cedric Berger | |
| 2004-02-15 | 18 -> ETHER_ADDR_LEN*3 in ether_sprintf() for clarity | Anil Madhavapeddy | |
| itojun@ ok | |||
| 2004-02-13 | Do an explicit pf_update_anchor_rules() after an anchor gets removed. | Marco Pfatschbacher | |
| In some situations not all anchor rules got updated properly, so they still refered to already freed anchors. OK dhartmei@ mcbride@ cedric@ henning@ | |||
| 2004-02-12 | from camield: | Henning Brauer | |
| se hash instead of linked list to speed up tag to vlan interface mapping ok markus@ and myself | |||
| 2004-02-10 | KNF | Daniel Hartmeier | |
| 2004-02-10 | plug mbuf leak (ip_fragment() always free mbuf on error). tested by cedric, | Jun-ichiro itojun Hagino | |
| dhartmei ok | |||
| 2004-02-10 | KNF | Henning Brauer | |
| 2004-02-10 | Make pfsync work correctly with IP options on 64-bit alignment | Ryan Thomas McBride | |
| sensitive CPUs. Pointed out by deraadt@. | |||
| 2004-02-09 | Repair "set loginterface". Don't flush stats on pfctl -e. pf_status.since | Cedric Berger | |
| is the time of last "pf -e" or "pf -d". ok dhartmei@ henning@ | |||
| 2004-02-08 | if_detach_rtdelete(): abort and restart rn_walktree() if a cloning route | Markus Friedl | |
| gets deleted; fixes pr 3649; ok henning, deraadt, dhartmei | |||
| 2004-02-08 | Fix kernel panic which occurs under very high load: | Ryan Thomas McBride | |
| - Make sure we calculate the correct maximum size for PFSYNC_ACT_UREQ. - Make pfsync_sendout() return immediately if there is nothing to send. | |||
| 2004-02-07 | Use the offset provided to us by m_pulldown(), rather than using size of | Ryan Thomas McBride | |
| ip and pfsync headers. This makes us behave correctly if the packet is spread across multiple mbufs (which does not appear to happen in practice). | |||
| 2004-02-06 | as seen in netbsd. crank bpf sizes to adapt to faster networks. | Ted Unangst | |
| max size goes to 2MB, default goes to 32k. ok canacar@ mcbride@ | |||
| 2004-02-04 | Fix a number of bugs with setting pool limits which I introduced with | Ryan Thomas McBride | |
| source-tracking. Found by Pyun YongHyeon. Also add support to pfctl to set the src-nodes pool limit. "Luckily" some of the bugs cancel each other out; update kernel before pfctl. ok dhartmei@ | |||
| 2004-02-02 | missing #if NPF > 0. ok henning@ | Cedric Berger | |
| 2004-02-02 | Do not evaluate pfi_index2kif[ifp->if_index] if PF is disabled. | Cedric Berger | |
| Safer and faster since we know that ifp->if_index can potentially be garbage. ok dhartmei@ | |||
| 2004-01-27 | drop packet if kif == NULL; ok henning deraadt | Markus Friedl | |
| 2004-01-27 | don't convert tcpmd5 to ip-over-ip in SADB_X_GETSPROTO; from hshoexer | Markus Friedl | |
| 2004-01-26 | - use SIOC[GS]WAVELAN. | Federico G. Schwindt | |
| - fill ac_enaddr correctly. - put ic_myaddr back. | |||
| 2004-01-22 | - Include the value of pf_state.timeout in pfsync messages | Ryan Thomas McBride | |
| - Fix the expiry time calculations, for real - Unbreak the collapsing of multiple updates into one And a little KNF for good measure. | |||
| 2004-01-20 | the pfsync interface does not have a baudrate, so don't claim 100 MBit/s | Henning Brauer | |
| ok mcbride@ | |||
| 2004-01-20 | Ignore pfsync packets if pf is not running. | Ryan Thomas McBride | |
| 2004-01-19 | Update comment; handling PFSYNC_ACT_UPD in pfsync_input() is no longer | Ryan Thomas McBride | |
| optional. | |||
| 2004-01-19 | Clean up creation and expiry timestamp calculations. | Ryan Thomas McBride | |
| 2004-01-18 | Port is already stored in network byte order, no need to convert. | Ryan Thomas McBride | |
| 2004-01-16 | Fix IPv6 stateful tcp scrubbing by not dereferencing a null pointer. | Ryan Thomas McBride | |
| ok dhartmei@ frantzen@ | |||
| 2004-01-15 | add a RTM_IFANNOUNCE message; from netbsd; ok itojun, henning | Markus Friedl | |
| 2004-01-12 | use klist_invalidate to permit destroy while kqueued. ok mpf@ | Ted Unangst | |
| 2004-01-09 | fix leak ether_deatch(): if if_free_sadl() is called before if_detach() | Markus Friedl | |
| then ifnet_addrs[ifp->if_index] leaks; if it's called after if_detach() then if_free_sadl() does nothing; ok itojun | |||
| 2004-01-07 | PFI_MTYPE leak; ok cedric@ | Markus Friedl | |
| 2004-01-07 | ieee80211 framework from NetBSD; ok'd by several people some time ago. | Federico G. Schwindt | |
| more fixes comming. | |||
| 2004-01-06 | Drop UDP packets with destination port 0, or zero or oversized payload | Daniel Hartmeier | |
| length (same as udp_input() does, if pf is not enabled). Found by Pyun YongHyeon. ok cedric@, ho@, henning@ and markus@. | |||
| 2004-01-05 | stop ifc_destroy() if there are still knotes registered. | Marco Pfatschbacher | |
| ok mcbride@ markus@ | |||
| 2004-01-05 | 0 -> (void *)NULL for last argument of icmp_error(), which is of type | Daniel Hartmeier | |
| struct ifnet *, from Pyun YongHyeon | |||
| 2004-01-05 | Repair my merging error, simplify DIOCCLRSTATUS code. ok dhartmei@ | Cedric Berger | |
| 2004-01-05 | Repair merge errors. Thanks Pyun YongHyeon, Sorry Henning :) | Cedric Berger | |
| 2004-01-04 | oops... string.h ended up being included twice; pointed out by espie | Peter Valchev | |
| 2004-01-04 | better macro name (IF_LOCKED -> BOUND_IFACE). from markus. | Cedric Berger | |
| 2004-01-04 | include proper protos for userland; deraadt | Peter Valchev | |
| 2004-01-03 | make sure userland sees memcmp and friends (gcc3) | Marc Espie | |
| okay frantzen@ | |||
| 2004-01-03 | put an mi wrapper around stdarg.h/varargs.h. gcc3 moved stdarg/varargs macros | Marc Espie | |
| to built-ins, so eventually we will have one version of these files. Special adjustments for the kernel to cope: machine/stdarg.h -> sys/stdarg.h and machine/ansi.h needs to have a _BSD_VA_LIST_ for syslog* prototypes. okay millert@, drahn@, miod@. | |||
| 2003-12-31 | spacing. note this, cedric | Theo de Raadt | |
| 2003-12-31 | delay interfaces attach until "self" has been created; ok cedric@ | Markus Friedl | |
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |