src - OpenBSD base system

Age	Commit message (Collapse)	Author
2002-11-07	Short-circuit evaluation can leave invalid pointers, closes PR2874.	Daniel Hartmeier

2002-11-02	Compare dynamic addresses correctly in pf_compare_*: check the interface name	Ryan Thomas McBride
	rather than the ip address if it exists. ok dhartmei@ henning@
2002-11-02	Make PF_ANEQ(), PF_ANEQ() and PF_AZERO() check the whole address if af	Ryan Thomas McBride
	is not set to AF_INET6 or AF_INET ok dhartmei@ henning@
2002-10-29	keep all pflog goodies in pflog sources, avoids code duplications; okski ↵	Michael Shalayeff
	frantzen@ and dhartmei@
2002-10-25	Compare pf_rule->label in pf_compare_rules(), too.	Daniel Hartmeier
	Found by DJ Gregor.
2002-10-22	Convert "int af" and "u_int8_t af" declarations and function arguments	Ryan Thomas McBride
	to the more correct and descriptive "sa_family_t af" ok dhartmei@ henning@
2002-10-22	check the correct return value from ifunit()	Ryan Thomas McBride
	(returns ifp, not ifname) ok dhartmei@ ish@ camield@ henning@
2002-10-20	Move pf_compare_(rules\|nats\|binats\|rdrs) to pf_ioctl.c. Simplifies and	Ryan Thomas McBride
	reduces cross-file dependancies. ok dhartmei@ ish@ henning@
2002-10-14	Allow one to specify a netblock in a binat rule:	Henning Brauer
	binat on fxp0 from 192.168.0.32/27 to any -> 10.0.7.128/27 Both the network mask on the source and redirect addresses MUST be the same, and it works by essentially combining the network section of the redirect address with the host section of the source address. from ryan ok dhartmei@
2002-10-10	Missing m_pullup() and mbuf corruption. This potentially caused	Daniel Hartmeier
	panic: m_copym0: m == 0 and not COPYALL and/or panic: m_copydata: null muf on bridges running pf with scrubbing enabled. Bug report, test vector and confirmation by Jon Morby. ok jason@, jasoni@
2002-10-10	padd pf_state; dhartmei@ ok	Michael Shalayeff

2002-10-08	the first step of pf/altq merge.	Kenjiro Cho
	this commit is to allow further development in both userland and kernel. the goal is to replace altq's classifier by pf(4). - make pf tag a queue id to mbuf and make altq read the queue id - merge altq config into pf.conf(5) ok dhartmei@, henning@
2002-10-07	-Wsign-compare clean	Daniel Hartmeier

2002-10-07	set block-policy [drop\|return]	Henning Brauer
	drop is default, same behaviour as before support block drop to override a return policy
2002-10-07	support a generic return	Henning Brauer
	block return in\|out ... acts like return-rst on tcp, like return-icmp on udp and like an ordinary block on anything else ok dhartmei@
2002-10-07	make return-icmp work for rules covering both v4 and v6	Henning Brauer
	-new field "return_icmp6" in pf_rule -parser accepts block return-icmp(ipv4-icmpcode, ipv6-icmpcode) ok and some input dhartmei@
2002-10-07	use a new rule_flag PFRULE_RETURNICMP to decide wether to return-icmp or not	Henning Brauer
	instead of just testing return_icmp > 0 ok dhartmei@
2002-10-07	Add 'reply-to' to filter rules, similar to route-to, but applying to	Daniel Hartmeier
	replies (packets that flow in the opposite direction of the packet that created state), used for symmetric routing enforcement. Document how route-to and reply-to work in context of stateful filtering.
2002-10-05	Allow filtering based on IP header's tos field.	Daniel Hartmeier

2002-10-04	[to the right branch this time]	Jason Ish
	To detect routing loops use the actual outgoing interface and not the interface that the rule is to apply to (as there may not be one). - noticed by mcbride@countersiege.com - ok dhartmei@, henning@
2002-09-27	daddr was used where saddr was meant while checking incoming packets for	Henning Brauer
	binat. pointed out by Ryan McBride, mcbride at countersiege dot com, Thanks! ok frantzen@ pb@ jasoni@ deraadt@
2002-09-26	BSD-style license from Serge Vakulenko <vak@cronyx.ru>	Chris Cappuccio

2002-09-24	sizeof(structure) not sizeof(structure *); pointed out by dvamsi@yahoo.com.	Jason Wright

2002-09-15	Make compile with -Werror (unused vars warnings)	Niklas Hallqvist

2002-09-13	Paul Mackerras and the Australian National University have worked things	Theo de Raadt
	out, and as a result, Paul now owns copyright on all these files, with the proper terms.
2002-09-11	KNF - return is not a function.	Jun-ichiro itojun Hagino

2002-08-28	Fix a problem where passing NULL as a pointer with varargs does not promote	Per Fogelstrom
	NULL to full 64 bits on a 64 bit address system. Soultion is to add a (void *) cast before NULL. This makes a 64 bit MIPS kernel work and will probably help future 64 bit ports as well. OK from art@
2002-08-12	Use state tree instead of separate (flat) list to find NAT proxy ports,	Daniel Hartmeier
	allows to use the same proxy port with different external peers. From Ryan McBride
2002-08-08	th_flags doesn't have to be equal to TH_SYN to generate modulator, it's	Daniel Hartmeier
	sufficient if TH_SYN is set and TH_ACK is unset, ignore TH_ECN etc. ok frantzen@
2002-08-07	consistently check byte order of ether_type; pointed out by dhartmei	Jason Wright

2002-07-31	fix potential NULL pointer deref. From: tedu <grendel@zeitbombe.org>	Jun-ichiro itojun Hagino

2002-07-30	no need for check if m0 is NULL, as we have touched it already.	Jun-ichiro itojun Hagino
	From: tedu <grendel@zeitbombe.org>
2002-07-24	Use host order when adding packet size to interface statistics counter.	Daniel Hartmeier
	Only affects pfctl -si output for IPv6. And some whitespace KNF.
2002-07-18	make it compile by removing unused local vars	Michael Shalayeff

2002-07-17	Don't dereference freed memory.	Artur Grabowski

2002-07-15	add u_int8_t ifnot to struct pf_rule to support matching packets on any	Henning Brauer
	interface except the given one. adjust the pf_test_* functions and pf_skip_step accordingly. ok dhartmei@
2002-07-15	remove duplicated interface check in test_icmp	Henning Brauer
	ok dhartmei@
2002-07-12	Remove duplicate function declarations (they are in pfvar.h).	Artur Grabowski

2002-07-11	KNF.	Artur Grabowski
	From Lurene Angela Grenier <lurene@daemonkitty.net>
2002-07-10	let IPv6 fragment go through based on normal rulesets.	Jun-ichiro itojun Hagino
	TODO: sort-of normalization against fragments for inspection ok dhartmei@
2002-07-05	fix a small bug I found while installing a -current pf firewall at a	Henning Brauer
	client some days ago: if you had a rulefile with "set loginterface <interface>" and loaded through pfctl -e -f /etc/pf.conf, pfctl -si didn't display the interface stats, because on DIOCSTART pf_status.ifname was cleared and enableing is done after loading the ruleset. similar for DIOCCLRSTATUS, remember pf_status.ifname there as well. added feature: On DIOCSETSTATUSIF unset the statusinterface if pi->ifname is empty. ok dhartmei@
2002-07-03	Change all variables definitions (int foo) in sys/sys/*.h to variable	Miod Vallat
	declarations (extern int foo), and compensate in the appropriate locations.
2002-07-03	fix a null deref in sysctl_iflist()	Michael Shalayeff

2002-07-02	make it compile w/ ipsec and no pf ; smth that was left for homework	Michael Shalayeff

2002-07-02	inital -> initial	Nathan Binkert

2002-07-01	Fix really long standing bug with fetching address cache entries:	Jason Wright
	handle ifbac_len == 0 as per the man page; Benny Holmgren <bigfoot@astrakan.hig.se>
2002-07-01	license update of CMU parts. due to communication with wcw+@andrew.cmu.edu,	Theo de Raadt
	pushed for by tygs@netcologne.de. Apparently we also now known how to talk to the lawyers there, if we were so mad. Note that a few other copyright issues in pppd still remain, so this does not close this story.
2002-06-30	Fix fallout from recent changes.	Artur Grabowski

2002-06-30	allocate sockaddr_dl for ifnet in if_alloc_sadl(), as we don't always know	Jun-ichiro itojun Hagino
	the size of sockaddr_dl on if_attach() - for instance, see ether_ifattach(). from netbsd. fgs ok
2002-06-28	KNF	Theo de Raadt