| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2002-06-07 | Detect wrap-around of timeout and set it to its maximum value. Hacky | Angelos D. Keromytis | |
| way of getting the max value attributed to millert@ | |||
| 2002-06-07 | increase rule label length from 32 to 64 chars | Henning Brauer | |
| okay dhartmei@, frantzen@ | |||
| 2002-06-07 | add the possibility to configure a TTL while return-rst | Philipp Buehler | |
| ok dhartmei@, ipv6 part itojun@ ok | |||
| 2002-06-07 | in pf_route{6}, do not pass thru pf_test again if the outgoing | jasoni | |
| interface has not changed - ok dhartmei@ | |||
| 2002-06-07 | Add "(max <number>)" option for "keep/modulate state" to limit the number | Daniel Hartmeier | |
| of concurrent connections a rule can create. ok frantzen@ | |||
| 2002-06-07 | switch from AVL tree's to herr Provos' red-black trees | Mike Frantzen | |
| with suggestions from provos@ ok dhartmei@ | |||
| 2002-06-07 | Call pf_test() from pf_route() to filter (and translate) routed packets, | Daniel Hartmeier | |
| too. Use mbuf tag to prevent loops. Suggested by Darren Reed. ok frantzen@ | |||
| 2002-06-07 | sync behaviour about DF bit between ip_output()/tcp_response() | Philipp Buehler | |
| and pf_send_reset() while sending a RST ok dhartmei@, itojun@, frantzen@ | |||
| 2002-06-07 | There is absolutely no need to protect a reference to mono_time.tv_sec with ↵ | Artur Grabowski | |
| splclock. | |||
| 2002-06-07 | Move all duplicated enqueueing code into one function, | jasoni | |
| bridge_ifenqueu(). - ok jason@, dhartmei@ | |||
| 2002-06-07 | FLOW_TYPE in ADD/UPDATE. | Angelos D. Keromytis | |
| 2002-06-07 | Add flow type arg to import_flow() | Hakan Olsson | |
| 2002-06-07 | While src is rarely NULL, ssrc might be. Fixes PR#2721. | Hakan Olsson | |
| 2002-06-06 | kqueue support for bpf; okay markus@ | Niels Provos | |
| 2002-06-04 | no need to specify rmx_send/recvpipe. | Jun-ichiro itojun Hagino | |
| 2002-06-01 | ECN flag support for pf. Committed in consultation with Daniel. | Hugh Graham | |
| 2002-05-31 | respect rmx_mtu (cached PMTUD result) on outbound. deraadt/angelos ok | Jun-ichiro itojun Hagino | |
| 2002-05-31 | KNF | Theo de Raadt | |
| 2002-05-31 | revert incorrect rmx_mtu handling in 1.16 and 1.24. | Jun-ichiro itojun Hagino | |
| do not try to copy if_mtu to rmx_mtu, as if_mtu can change via SIOCSIFMTU. (as a result, rmx_mtu will be 0 most of the time) | |||
| 2002-05-31 | Pass authentication information (if available) in ACQUIRE message. | Angelos D. Keromytis | |
| 2002-05-31 | import_flow() prototype | Angelos D. Keromytis | |
| 2002-05-31 | Move code out of pfkeyv2.c into import_flow() | Angelos D. Keromytis | |
| 2002-05-31 | Allow auth payloads in ACQUIRE messages. Part of a larger commit to come. | Angelos D. Keromytis | |
| 2002-05-30 | improve nd6_setmtu(), to warn too-small MTU on SIOCSIFMTU. sync w/kame | Jun-ichiro itojun Hagino | |
| 2002-05-30 | remove extra */ | Jun-ichiro itojun Hagino | |
| 2002-05-29 | attach nd_ifinfo structure to if_afdata. | Jun-ichiro itojun Hagino | |
| split IPv6 MTU (advertised by RA) from real link MTU. sync with kame | |||
| 2002-05-29 | simplify comment, sync w/kame | Jun-ichiro itojun Hagino | |
| 2002-05-28 | remove duplicated fragmentation code in favour of ip_fragment().. | jasoni | |
| - ok dhartmei@ | |||
| 2002-05-28 | refragment ip packets if too large for the outgoing interface | jasoni | |
| - ok jason@, dhartmei@ | |||
| 2002-05-27 | if_attach() gets called before domaininit(). scan all interfaces for if_afdata | Jun-ichiro itojun Hagino | |
| initialization after domaininit(). | |||
| 2002-05-27 | framework to add af-dependent data structure to struct ifnet. | Jun-ichiro itojun Hagino | |
| as discussed at bsd-api-discuss. sync w/kame | |||
| 2002-05-24 | more IANA values. official # for bridge is assigned. jason ok | Jun-ichiro itojun Hagino | |
| 2002-05-21 | Junk gcc's deprecated __FUNCTION__. Use standard __func__ instead. | Marc Espie | |
| ok dhartmei@ | |||
| 2002-05-20 | Allow SIOCSIFMTU on gif interfaces. | Artur Grabowski | |
| From Mattias Amnefelt mattiasa at e.kth.se. niels@ ok. | |||
| 2002-05-19 | KNF again | Theo de Raadt | |
| 2002-05-17 | sync with KAME. | Kenjiro Cho | |
| - make altq_etherclassify() able to handle packets whose ethernet header is in a separate mbuf. | |||
| 2002-05-12 | correct AH header chasing. ok dhartmei@openbsd | Jun-ichiro itojun Hagino | |
| 2002-05-12 | Add gid based filtering, reduce to one (effective) uid, rename parser | Daniel Hartmeier | |
| keywords to 'user' and 'group'. | |||
| 2002-05-09 | Add a max-mss option to the scrub rule which will enforce a maximum mss | jasoni | |
| by lowering it to the given value. - ok dhartmei@, provos@ | |||
| 2002-05-09 | Introduce user based filtering. Rules can specify ruid and euid (real and | Daniel Hartmeier | |
| effective user ID) much like ports. The user of a packet is either the user that opens an outgoing connection, the one that listens on a socket, or 'unknown' if the firewall is not a connection endpoint (for forwarded connections). Socket uid lookup code from jwk@bug.it. | |||
| 2002-05-07 | move ether_crc32_le to if_ethersubr.c. Add ether_crc32_be | Nathan Binkert | |
| 2002-05-06 | typo in comment | jasoni | |
| 2002-05-05 | Instead of returning a useless kernel space pointer for the rule that | Daniel Hartmeier | |
| created the state from DIOCGETSTATE(S), return the integer rule number, Print rule number (if existant) from pfctl -vss. Suggested by Jeff Nathan. | |||
| 2002-04-24 | Add dynamic (in-kernel) interface name -> address translation. Instead of | Daniel Hartmeier | |
| using just the interface name instead of an address and reloading the rule set whenever the interface changes its address, the interface name can be put in parentheses, and the kernel will keep track of changes and update rules. There is no additional cost for evaluating rules (per packet), the cost occurs when an interface changes address (and the rules are traversed and updated where necessary). | |||
| 2002-04-24 | Initialize if_addrhooks in if_attachhead() like in if_attach(), either | Daniel Hartmeier | |
| one may be called. | |||
| 2002-04-24 | Add hooks to struct ifnet that allow to register callbacks that will be | Daniel Hartmeier | |
| notified of interface address changes. ok provos@, angelos@ | |||
| 2002-04-23 | Allow explicit filtering of fragments when they are not reassembled. | Daniel Hartmeier | |
| Document fragment handling in the man page. Short version: if you're scrubbing everything (as is recommended, in general), nothing changes. If you want to deal with fragments manually, read the man page. ok frantzen. | |||
| 2002-04-20 | Move normalization messages from log level 'urgent' to 'misc'. | Daniel Hartmeier | |
| 2002-04-20 | All calls to pool_get(9) should use PR_xx flags, not M_xx. | Federico G. Schwindt | |
| millert dhartmei ok. | |||
| 2002-04-10 | o Add ibss and ibss-master mediaopt for ifconfig | Todd C. Miller | |
| o Map port type 4 to ibss regardless of firmware type. This gives us a consistent way to set ibss mode. | |||
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |