| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2001-07-17 | split ip normalization out into a separate file, okay dhartmei@ | Niels Provos | |
| 2001-07-15 | increase src->state to 1 when creating state from intermediate (non-SYN) ↵ | Daniel Hartmeier | |
| packets. this fixes one class of BAD state messages (where seqlo=0, seqhi=1). | |||
| 2001-07-14 | use int instead of signed char. doesn't use more memory (padding occurs) and ↵ | Daniel Hartmeier | |
| is actually faster. | |||
| 2001-07-13 | indent. | Federico G. Schwindt | |
| 2001-07-13 | everytime i clean in here, i get a 250 line diff... | Theo de Raadt | |
| 2001-07-11 | Simplify pf_pull_hdr(), don't use inner IP header's ip_len or ip_off | Daniel Hartmeier | |
| in case of pf_test_state_icmp(). This solves the "ICMP error message too short" problems. Reported by ycchang and heko. | |||
| 2001-07-10 | Missing breaks. | Marc Espie | |
| Case labels must be integral values for deterministic behavior. | |||
| 2001-07-10 | another lame OpenBSD tag. | Federico G. Schwindt | |
| 2001-07-09 | do compare in host order. found by millert@. | Daniel Hartmeier | |
| 2001-07-09 | More lame OpenBSD tags. | Federico G. Schwindt | |
| 2001-07-09 | Extend nat/rdr syntax. Add source/destination selection. Make | Daniel Hartmeier | |
| interface optional. Suggested by rdump@river.com. nat [on [!] <ifname>] from (any | [!] <addr>[/<mask>]) to (any | [!] <addr>[/<mask>]) -> <addr> [proto (tcp | udp | icmp)] rdr [on [!] <ifname>] from (any | [!] <addr>[/<mask>]) to (any | [!] <addr>[/<mask>]) port <a>[:<b>] -> <addr> port <c>[:*] [proto (tcp | udp | icmp)] | |||
| 2001-07-07 | get rid of compiler warning | Marco S Hyman | |
| 2001-07-06 | style change #2, avoid (a == b) == c | Daniel Hartmeier | |
| 2001-07-06 | style change #1, avoid ternary operator | Daniel Hartmeier | |
| 2001-07-06 | theo requests less archaic style | Chris Cappuccio | |
| 2001-07-06 | don't evaluate rules for packets that have state but mismatch seq range ↵ | Daniel Hartmeier | |
| (could create duplicate state) | |||
| 2001-07-06 | Allow negative match on interface name for nat and rdr | Chris Cappuccio | |
| ok dhartmei@ | |||
| 2001-07-06 | some cleanup, okay dhartmei@ | Niels Provos | |
| 2001-07-06 | Indentation. | Hakan Olsson | |
| 2001-07-06 | fix userland side prototypes | Theo de Raadt | |
| 2001-07-06 | do not use quad for counters | Theo de Raadt | |
| 2001-07-05 | initalize fragment correctly | Niels Provos | |
| 2001-07-05 | IPComp. angelos@ ok. | Jean-Jacques Bernard-Gundol | |
| 2001-07-05 | $OpenBSD$ tag | Angelos D. Keromytis | |
| 2001-07-05 | KNF | Angelos D. Keromytis | |
| 2001-07-05 | Include files for IPComp support. angelos@ ok. | Jean-Jacques Bernard-Gundol | |
| 2001-07-04 | Make preprocessor happier, don't give it untasty tokens at end of input. | Marc Espie | |
| Ok millert@ | |||
| 2001-07-04 | call ip_output() correctly, use ICMP_MINLEN, only m_copyback() where needed. ↵ | Daniel Hartmeier | |
| ok deraadt@ | |||
| 2001-07-03 | Use PADUP() instead of hand-crafted weirdness; also, it's supposed to | Angelos D. Keromytis | |
| be "strlen(c) + 1", not just "strlen(c)". | |||
| 2001-07-03 | grr, you guys keep not obeying KNF | Theo de Raadt | |
| 2001-07-03 | add DIOCNATLOOK ioctl and pf_natlook structure, this enables a userland | Bob Beck | |
| process recieving rdr'ed connections to look up the original destination of the connection before it was redirected - this enables the writing of transparent proxies. | |||
| 2001-07-02 | another memory leak | Niels Provos | |
| 2001-07-02 | fix memory leak | Niels Provos | |
| 2001-07-01 | -Wall | Dug Song | |
| 2001-07-01 | tag packets generated by pf (return-rst, return-icmp) so they are not ↵ | Daniel Hartmeier | |
| filtered, use existing icmp_error() and ip_output(). ok dugsong@, frantzen@ | |||
| 2001-07-01 | Add port ranges to the rdr directive. Connections can be redirected | Kjell Wooding | |
| to either a range of the same size, or a single port. Redirects between ranges of different sizes are not supported. Eg: rdr dc0 10.0.0.0/24 port 60000:61000 -> 127.0.0.1 port 65530:* proto udp rdr xl0 0.0.0.0/0 port 6660:6669 -> 127.0.0.1 port 6667 proto tcp This replaces the wildcard port patch (when port = 0), as it should no longer be necessary. ok dhartmei@ | |||
| 2001-07-01 | for ICMP error messages refering to TCP packets, only use the first 8 bytes ↵ | Daniel Hartmeier | |
| of the TCP header. drop ackskew test and th_sum update. | |||
| 2001-07-01 | Add missing space in debug message. | Angelos D. Keromytis | |
| 2001-07-01 | Fix length check, add some more sanity checks on INET6. | Angelos D. Keromytis | |
| 2001-07-01 | KNF, and add DPRINTFs all over the place. | Angelos D. Keromytis | |
| 2001-06-29 | Move ifq_maxlen setting to if_attach(). Doing it at if_init() is wrong, | Federico G. Schwindt | |
| and has been wrong since PnP devices (pcmcia, carbus, etc) shown up. If you forgot to set ifq_maxlen somewhere in the driver, you're gonna see baaaad things; jason@ ok, angelos@ "should be ok" , theo "don't understand why". | |||
| 2001-06-29 | Prepend pf_ to limit potential namespace problems, shorten some lines. | Niklas Hallqvist | |
| 2001-06-29 | list instead of tailq for frents, use pool hardlimits, correctly free | Niels Provos | |
| after complete reassembly | |||
| 2001-06-29 | Fix PF_SCRUB enumerator. | Angelos D. Keromytis | |
| 2001-06-29 | fix counter/reason array usage | Daniel Hartmeier | |
| 2001-06-28 | lower hiwat limits, enforce hi water mark | Niels Provos | |
| 2001-06-28 | add tree traversal code (new pf_tree_node->parent), dump states TAILQ and ↵ | Daniel Hartmeier | |
| traverse a tree instead. | |||
| 2001-06-28 | wrap 5-tuple rule match with MATCH_TUPLE. from ben fleis <ben@monkey.org> | Dug Song | |
| 2001-06-28 | forgot to init fr_timeout | Niels Provos | |
| 2001-06-28 | first stab at packet normalization. includes full ip reassembly. | Niels Provos | |
| okay dhartmei@, dugsong@ | |||
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |