| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2002-06-25 | add ARP hardware type for IEEE1394 | Jun-ichiro itojun Hagino | |
| 2002-06-24 | KNF | Jun-ichiro itojun Hagino | |
| 2002-06-23 | g/c last remains of old ipv6 prefix management | Jun-ichiro itojun Hagino | |
| 2002-06-19 | this was derived from UCB if_sl. therefore, we can update the UCB if_sl | Theo de Raadt | |
| copyright contained in this. a license problem remains, of course... | |||
| 2002-06-16 | Missing braces around else case, fixes a kernel crash introduced in r1.5 if | Aaron Campbell | |
| a non-existent interface is passed to "pfctl -l". Reported by grange@disorder.ru. | |||
| 2002-06-15 | unnecessary () on cast | Jason Wright | |
| 2002-06-15 | Transparent IPsec processing on the bridge; for now works only with | Angelos D. Keromytis | |
| static keys. | |||
| 2002-06-14 | spelling; from Brian Poole <raj@cerias.purdue.edu> | Todd T. Fries | |
| 2002-06-12 | import of netbsd's vlan multicast code | Chris Cappuccio | |
| this works better than what we have now, although i have not been able to extensively test it. several folks thought it should be added | |||
| 2002-06-11 | split the grammar of scrub(fragcache) into scrub ... 'fragment reassemble', | Mike Frantzen | |
| 'fragment crop' or a new 'fragment drop-ovl' which will drop overlapping fragments and all corresponding ones ok kjell@ with feedback from kjell@ and deraadt@. the rest are slacking | |||
| 2002-06-11 | sprinkle splasserts where function comments tell us to. | Artur Grabowski | |
| 2002-06-11 | splassert(IPL_NET) where comment says that we should. | Artur Grabowski | |
| 2002-06-11 | splassert(IPL_SOFTNET) where comment indicate that. | Artur Grabowski | |
| 2002-06-11 | KNF (tabs, return (x)) | Daniel Hartmeier | |
| 2002-06-11 | enumerate UDP and OTHER state levels (similar to tcp_fsm.h) | Mike Frantzen | |
| ok dhartmei@, henning@ | |||
| 2002-06-11 | SCRUB(fragcache) to do gap tracking and overlap pruning of IPv4 fragments | Mike Frantzen | |
| without the memory overhead of the conventional defrag in SCRUB ok dhartmei@, idea by deraadt@ | |||
| 2002-06-11 | Make NAT proxy port range configurable per rule, for instance privileged | Daniel Hartmeier | |
| source ports can mapped to privileged proxy ports, or source port 500 to proxy port 500. ok frantzen@ | |||
| 2002-06-11 | Don't panic when pf_insert_state() detects an attempt to insert a | Daniel Hartmeier | |
| duplicate key. Instead, log according to log level and return gracefully. ok frantzen@ | |||
| 2002-06-11 | KNF return x -> return (x), ok frantzen@ | Daniel Hartmeier | |
| 2002-06-11 | rework pfctl statistics display | Henning Brauer | |
| move FCNT_NAMES from pfvar.h to pfctl_parser.h, only used by pfctl some input by nick@ ok frantzen@, dhartmei@ | |||
| 2002-06-10 | - stop abusing IFF_UP. | Jun-ichiro itojun Hagino | |
| - do not use L3 address pair for L2.5 address pair. configure L2.5 address pair by using "ifconfig tunnel". - IFF_LINK2 is not needed, as it is just a reverse of IFF_LINK0. - do not modify IFF_LINK1 when you modify protocol type. chris ok | |||
| 2002-06-10 | Split common code which converts a multicast address to an ethernet | Chris Cappuccio | |
| address from ether_addmulti() and ether_delmulti() into ether_multiaddr(), a'la netbsd. Also clean up some magic numbers. itojun likes it | |||
| 2002-06-10 | Allow ports to be specified in nat rules, useful later on for individual | Daniel Hartmeier | |
| proxy port ranges. | |||
| 2002-06-10 | #include <sys/timeout.h>, from Chris Kuethe | Daniel Hartmeier | |
| 2002-06-10 | easy error checks first. | Jun-ichiro itojun Hagino | |
| 2002-06-10 | Don't #include <sys/malloc.h> | Daniel Hartmeier | |
| 2002-06-10 | prevent mbuf leak on icmp_do_error() failure. | Jun-ichiro itojun Hagino | |
| NOTE: under 4.4BSD mbuf coding discipline, once you pass mbuf to a function like f(m), you no longer have ownership of the mbuf. the mbuf will always be freed by the called function f(). by keeping the programming rule you have less chance of memory leak. | |||
| 2002-06-09 | Export compression info only if the SA (xform) is initialized. | Angelos D. Keromytis | |
| 2002-06-09 | don't need device.h | Jason Wright | |
| 2002-06-09 | Make pf_nat.saddr/daddr a pf_rule_addr instead of pf_addr_wrap, so it | Daniel Hartmeier | |
| includes ports and operator. | |||
| 2002-06-09 | if_addrlen need not be 4, set to 0. From: Martin Husemann <martin@duskware.de> | Jun-ichiro itojun Hagino | |
| 2002-06-09 | make sure to bzero sockaddr_in | Jun-ichiro itojun Hagino | |
| 2002-06-09 | support SIO*PHYADDR, so that we can configure outer address with ifconfig(8) | Jun-ichiro itojun Hagino | |
| 2002-06-09 | reapply patch from jasoni@ for ICMP6_PACKET_TOO_BIG | Philipp Buehler | |
| both have been lost, due to diff thinking about reversing those lines after merge tested | |||
| 2002-06-09 | reapply patch from jasoni@ for pf_route[6] | Philipp Buehler | |
| 2002-06-09 | split ioctl functions out of pf.c into pf_ioctl.c | Philipp Buehler | |
| frantzen@, dhartmei@ ok, tested kernel & userland. checked for colliding commits | |||
| 2002-06-09 | no need to log() on outgoing packet on !IFF_UP case | Jun-ichiro itojun Hagino | |
| 2002-06-09 | force FDDI link MTU be FDDI IPv4 MTU. PR 2714. jason ok | Jun-ichiro itojun Hagino | |
| 2002-06-09 | This commit commit commit without testing has to STOP. BE CAREFUL. | Theo de Raadt | |
| 2002-06-09 | uncommit, broken (by corrupt diff) | Philipp Buehler | |
| 2002-06-09 | new file sys/net/pf_ioctl.c | Philipp Buehler | |
| functions moved from pf.c to there ok dhartmei@, frantzen@ testing myself + henning@, kernel & userland utils fine | |||
| 2002-06-09 | increment ifs6_in_toobig if ipv6 packet too large for interface in | jasoni | |
| pf_route6(). | |||
| 2002-06-09 | in pf_route{6}, if too large for outgoing interface and not allowed to | jasoni | |
| fragment, send the proper icmp error. - ok frantzen@ | |||
| 2002-06-08 | use consistent style in function declarations | jasoni | |
| 2002-06-08 | If a IP packet is too large for the outgoing interface and DF is set, | jasoni | |
| drop the packet and send a icmp needfrag.. blessed by jason@ | |||
| 2002-06-08 | splnet -> splsoftnet where appropriate | Jun-ichiro itojun Hagino | |
| 2002-06-08 | more splnet protection to dom_ifattach | Jun-ichiro itojun Hagino | |
| 2002-06-08 | protect dom_ifattach by splnet | Jun-ichiro itojun Hagino | |
| 2002-06-08 | keep the count of fragments consistent when we have to do a fail safe drop | Mike Frantzen | |
| 2002-06-08 | Make state timeouts configurable per rule, like | Daniel Hartmeier | |
| pass in from any to any port www keep state (tcp.established 60) ok frantzen@ | |||
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |