| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2001-08-19 | Unfuck some TCP state stuff that would drop the SYN|ACK. | Mike Frantzen | |
| Enumerated the TCP states. Here's a mapping new->old tcp states if anyone gives a shit: TCPS_CLOSED 0 TCPS_SYN_SENT 1 TCPS_ESTABLISHED 2 TCPS_CLOSING 3 TCPS_FIN_WAIT_2 4 TCPS_TIME_WAIT 5 | |||
| 2001-08-19 | compile w/out INET | Jason Wright | |
| 2001-08-19 | Loosened TCP state code which should allow stupid stacks to shotgun their | Mike Frantzen | |
| SYNs and provide better handling for pre-existing connections. | |||
| 2001-08-18 | Add new ioctl for adding/removing individual rules to/from the active rule set. | Daniel Hartmeier | |
| 2001-08-18 | make pfctl -s state SCREAM; frantzen is now happy | Theo de Raadt | |
| 2001-08-12 | now, that kernel compiles, i can go get an ash tray somewhere | Michael Shalayeff | |
| 2001-08-11 | Add support for ICMP errors referring to ICMP queries/replies. Fixes | Daniel Hartmeier | |
| 'ICMP error message for bad proto' messages. Reported by Mark Grimes and Steve Rumble. Add debugging level with ioctl interface and pfctl switch. Default is 'None'. | |||
| 2001-08-05 | Actually, move the check inside the switch. | Angelos D. Keromytis | |
| 2001-08-05 | Only flush the policies if the message type is UNSPEC. | Angelos D. Keromytis | |
| 2001-08-03 | Use IFCAP_VLAN_MTU and IFCAP_VLAN_HWTAGGING capabilities: | Chris Cappuccio | |
| LINK0 disappears; we now set IFCAP_VLAN_HWTAGGING at ifnet->if_capabilities in the Ethernet driver for cards/drivers which support hardware tagging. MTU ambiguity disppears; we now set IFCAP_VLAN_MTU in the Ethernet driver when we know the chip will not truncate/discard vlan-sized frames. Only allow the MTU to be changed within the scope of the parent interface's MTU. (Here we also take into account IFCAP_VLAN_MTU) Propagate hardware-assisted IP/TCP/UDP checksumming flags to the vlan interface if the card supports hardware tagging (from NetBSD) | |||
| 2001-08-03 | simplify previous fix (0-length mbuf in mbuf chain). from freebsd | Jun-ichiro itojun Hagino | |
| 2001-08-02 | do not exit loop even if m_len == 0. it is legal to have an mbuf with | Jun-ichiro itojun Hagino | |
| m_len == 0 in mbuf chain. | |||
| 2001-08-02 | KNF | Theo de Raadt | |
| 2001-08-01 | stateless tcp normalization along the lines of the normalization paper by | Niels Provos | |
| handley, paxon and kreibich; okay deraadt@ | |||
| 2001-07-30 | never before has a file so often deviated from KNF | Theo de Raadt | |
| 2001-07-30 | use queue.h macros | Jason Wright | |
| 2001-07-29 | Implement rule skipping. This is a transparent evaluation optimization, | Daniel Hartmeier | |
| which reduces evaluation cost for sorted rules of similar parameters. Preparation for rule duplication for parameter lists from pfctl. | |||
| 2001-07-27 | PF_IN/PF_OUT aren't defined if NPF <= 0, deal with it. | Jason Wright | |
| 2001-07-27 | variable name "gif" is way too generic - use "gif_softc". sync with kame | Jun-ichiro itojun Hagino | |
| 2001-07-25 | nat proxy port randomization by ben fleis. | Daniel Hartmeier | |
| 2001-07-25 | Make sure pkthdr.rcvif is correct before calling pf_test() | Jason Wright | |
| 2001-07-25 | - unconditionalize call to bridge_input() (fewer #ifdef's and NPF>0 is ↵ | Jason Wright | |
| default case anyway). - add support for filtering on interface output (and call pf_test() appropriately) What all this means: nonstateful and stateful PF filtering now works with the bridge. | |||
| 2001-07-25 | Initialization of arpcom * based on ifp was too soon: ifp can change as | Jason Wright | |
| a result of a call to bridge_input(). | |||
| 2001-07-21 | print additional debugging information for 'insert invalid' messages. occurs ↵ | Daniel Hartmeier | |
| for some people (never for me), and I need more information. will be removed after the issue is resolved. please report these, if you get them. | |||
| 2001-07-21 | missing \n in a log() call | Jun-ichiro itojun Hagino | |
| 2001-07-21 | repair validation on RTAX_GENMASK insertion. has been broken since 44bsd. | Jun-ichiro itojun Hagino | |
| (freebsd3 has a fix since 1999, but has insufficient validation on sa_len) | |||
| 2001-07-20 | use a variable, not it's default value from constant | Michael Shalayeff | |
| 2001-07-20 | make equal() macro to check sa_len match, otherwise we will touch | Jun-ichiro itojun Hagino | |
| the content of a2 beyond a2->sa_len mistakenly. sync with kame | |||
| 2001-07-19 | Fix/complete the handling of the binary ops >< and <> to behave | Kenneth R Westerback | |
| like the ipf operators. The 'n >< m' construct (Include Range = PF_OP_IRG) should match ports greater than n and less than m, not greater than or equal to n and less than or equal to m. The 'n <> m' construct (Exclude Range = PF_OP_XRG) should match all ports less than n OR greater than m, not be treated as an alias for ><. Thus PF_OP_GL, which was used for both <> and >< is replaced with PF_OP_IRG and PF_OP_XRG with the 'correct' semantics. OK dhartmei@ | |||
| 2001-07-18 | fix pf_get_rdr() for single port (dport2 == 0) rules. found by lebel@. | Daniel Hartmeier | |
| 2001-07-17 | support min-ttl, okay dhartmei@ | Niels Provos | |
| 2001-07-17 | normalize ip_off, make IP_DF stripping optional, return rst is a flag now. | Niels Provos | |
| okay markus@ | |||
| 2001-07-17 | ip normalization code | Niels Provos | |
| 2001-07-17 | split ip normalization out into a separate file, okay dhartmei@ | Niels Provos | |
| 2001-07-15 | increase src->state to 1 when creating state from intermediate (non-SYN) ↵ | Daniel Hartmeier | |
| packets. this fixes one class of BAD state messages (where seqlo=0, seqhi=1). | |||
| 2001-07-14 | use int instead of signed char. doesn't use more memory (padding occurs) and ↵ | Daniel Hartmeier | |
| is actually faster. | |||
| 2001-07-13 | indent. | Federico G. Schwindt | |
| 2001-07-13 | everytime i clean in here, i get a 250 line diff... | Theo de Raadt | |
| 2001-07-11 | Simplify pf_pull_hdr(), don't use inner IP header's ip_len or ip_off | Daniel Hartmeier | |
| in case of pf_test_state_icmp(). This solves the "ICMP error message too short" problems. Reported by ycchang and heko. | |||
| 2001-07-10 | Missing breaks. | Marc Espie | |
| Case labels must be integral values for deterministic behavior. | |||
| 2001-07-10 | another lame OpenBSD tag. | Federico G. Schwindt | |
| 2001-07-09 | do compare in host order. found by millert@. | Daniel Hartmeier | |
| 2001-07-09 | More lame OpenBSD tags. | Federico G. Schwindt | |
| 2001-07-09 | Extend nat/rdr syntax. Add source/destination selection. Make | Daniel Hartmeier | |
| interface optional. Suggested by rdump@river.com. nat [on [!] <ifname>] from (any | [!] <addr>[/<mask>]) to (any | [!] <addr>[/<mask>]) -> <addr> [proto (tcp | udp | icmp)] rdr [on [!] <ifname>] from (any | [!] <addr>[/<mask>]) to (any | [!] <addr>[/<mask>]) port <a>[:<b>] -> <addr> port <c>[:*] [proto (tcp | udp | icmp)] | |||
| 2001-07-07 | get rid of compiler warning | Marco S Hyman | |
| 2001-07-06 | style change #2, avoid (a == b) == c | Daniel Hartmeier | |
| 2001-07-06 | style change #1, avoid ternary operator | Daniel Hartmeier | |
| 2001-07-06 | theo requests less archaic style | Chris Cappuccio | |
| 2001-07-06 | don't evaluate rules for packets that have state but mismatch seq range ↵ | Daniel Hartmeier | |
| (could create duplicate state) | |||
| 2001-07-06 | Allow negative match on interface name for nat and rdr | Chris Cappuccio | |
| ok dhartmei@ | |||
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |