| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2004-11-19 | remove superfluous m_tag_copy/m_tag_prepend, already covered by m_copym2() | Daniel Hartmeier | |
| reported by Joerg Sonnenberger, ok henning@ | |||
| 2004-11-19 | Plug memory leak. Found by pat@. Thanks! | Hans-Joerg Hoexer | |
| ok myself markus@ | |||
| 2004-11-18 | s/Access/Address/ at IFT_CARP | Marco Pfatschbacher | |
| 2004-11-16 | Fix for PR3983 | Ryan Thomas McBride | |
| - Add a new PFSTATE_STALE flag to uncompressed state updates sent as a result of a stale state being detected, and prevent updates with this flag from generating similar messages. - For the specific case where the state->src in the recieved update is ok but the state.dst is not, take the partial update, then "fail" to let the other peers pick up the better data that we have. From Chris Pascoe. ok dhartmei@ | |||
| 2004-11-12 | The flag to re-filter pf-generated packets was set wrong by synproxy | Daniel Hartmeier | |
| for ACKs. It should filter the ACK replayed to the server, instead of of the one to the client. Thanks to Daniel Polak for testing. | |||
| 2004-11-11 | Check IFF_UP at tun_output(). | Marco Pfatschbacher | |
| ok henning, markus. | |||
| 2004-11-10 | Safer IF_INPUT_ENQUEUE macro. | Alexander Yurchenko | |
| ok millert@ | |||
| 2004-11-09 | big KNF spanking, no change in object file, ecstatic ok from claudio | Henning Brauer | |
| 2004-11-09 | use NULL instead of 0 for poiter comparisions, | Henning Brauer | |
| from "Alexey E. Suslikov" <cruel@texnika.com.ua> with a little help from itojun | |||
| 2004-11-07 | For RST generated due to state mismatch during handshake, don't set | Daniel Hartmeier | |
| th_flags TH_ACK and leave th_ack 0, just like the RST generated by the stack in this case. Fixes the Raptor workaround. ok beck@, markus@ | |||
| 2004-11-02 | added new commands to ifconfig used by net80211 interfaces: | Reyk Floeter | |
| mode (set mode for multi-mode interfaces) and chan (set the radio channel). some additional output will be printed by "ifconfig -m". ok deraadt@ millert@ damien@ | |||
| 2004-10-28 | media descriptions and such for carp, ryan daniel ok | Henning Brauer | |
| 2004-10-28 | define IFT_CARP, and set if_type to that on carp interfaces instead | Henning Brauer | |
| of hiding under IFT_PROPVIRTUAL, ryan daniel ok | |||
| 2004-10-17 | Replace ifdef NATM with if NATM > 0 | Alexander Yurchenko | |
| ok millert@ miod@ | |||
| 2004-10-15 | correctly parse the anchor names to which tables refer. | Jared Yanovich | |
| now they abide to the same rules as anchor names referred to by rules: - initial slashes (/) are stripped - anchor names with characters after the terminating NUL byte are considered invalid ok dhartmei (and previously) beck henning | |||
| 2004-10-14 | avoid stupid commons | Michael Shalayeff | |
| 2004-10-11 | ifgroups reqrite | Henning Brauer | |
| there is now a TAILQ with all interface groups as members, and in struct ofnet there is only a pointer to the group structure stored and not its name. mostly hacked at c2k4 and somewhere over the atlantic ocean ok markus mcbride | |||
| 2004-10-09 | sizeof(struct ether_header) -> ETHER_HDR_LEN | Brad Smith | |
| ok mcbride@ | |||
| 2004-10-07 | Add an Ethernet option bit for master mode (for 1000baseT, the link | Brad Smith | |
| master provides the clock -- this is normally the switch, but if you are doing back-to-back NICs, you need to tell one side to be the master). ok mcbride@ | |||
| 2004-09-29 | reset anchor pointer to NULL when stepping back into the main ruleset, | Daniel Hartmeier | |
| fixes pflog attributing states wrongly to anchors and pfctl -vvsn/sr showing wrong state counters for anchor rules. found by camield@, ok henning@, -stable candidate | |||
| 2004-09-23 | - remove EVFILT_WRITE in bpfkqfilter() switch case, handled | Brad Smith | |
| by default label. - fill in kn_data with the number of bytes available, same behavior as FreeBSD/NetBSD. ok tedu@ | |||
| 2004-09-21 | Implement "no scrub" to allow exclusion of specific traffic from scrub rules. | Aaron Campbell | |
| First match wins, just like "no {binat,nat,rdr}". henning@, dhartmei@ ok | |||
| 2004-09-20 | pf_routable(), used for the no-route keyword, was a v4 only implementation, | Henning Brauer | |
| and behaved incorrectly when used with v6. impliment the v6 case too. ok canacar mcbride | |||
| 2004-09-17 | Clean up reference counting wrt state creation and destruction. Fixes | Ryan Thomas McBride | |
| problems with adaptive timeouts, max-states limits, and rules not being freed from memory. Diff from Chris Pascoe. ok henning@ dhartmei@ | |||
| 2004-09-16 | handle route labels on RTM_CHANGE, ok mcbride, prodded my markus some time ago | Henning Brauer | |
| 2004-09-16 | ewps, kill the src route prototypes. was sitting in my tree for ages but | Henning Brauer | |
| forgot to commit... | |||
| 2004-09-15 | Kill more netiso ghosts. | Alexander Yurchenko | |
| ok millert@ | |||
| 2004-09-14 | remove remaining unused traces from src route | Henning Brauer | |
| 2004-09-12 | Return the most common data link type instead of the first match for an | Claudio Jeker | |
| interface. Where the most common DLT is the one with the smallest id. This fixes tcpdump for atw(4) that attaches multiple bpf hooks. Tested: millert@, Sigfred Haversen, otto@, mcbride@, sturm@, krw@, Steve Shockley OK millert@ deraadt@ | |||
| 2004-09-09 | Copy out anchors with relative paths and wildcards correctly, | Daniel Hartmeier | |
| from jaredy@, ok henning@, mcbride@, deraadt@ | |||
| 2004-08-30 | Increment the states reference counter in the rule attached to the state | Ryan Thomas McBride | |
| being inserted, so that the counter does not wrap back when the state is removed. This fixes pfsync setups with adaptive timeouts. From Chris Pascoe ok canacar@ dhartmei@ henning@ deraadt@ | |||
| 2004-08-18 | fix bad packets passed to bpf from the gre(4) interface. | Can Erkin Acar | |
| reported by Robert Stone ( robert at arbor net ) via PR 3852 This is a different fix since gre(4) may carry non-ip packets. tested by Robert Stone and markus@ ok markus@ deraadt@ | |||
| 2004-08-18 | skip splx() for skiplookup; report Vafa D. Izadinia; ok henning, canacar | Markus Friedl | |
| 2004-08-15 | undo last commit, skipping over ifaddrs without IFA_ROUTE has unwanted | Henning Brauer | |
| sideffects in IPv6 land, noticed by Johan Fredin <griffin@legonet.org> | |||
| 2004-08-11 | skip over interface addresses without IFA_ROUTE, fixes some issue with pppd | Henning Brauer | |
| from Max Laier <max@love2party.net> | |||
| 2004-08-10 | Add SADB_X_EXT_LIFETIME_LASTUSE for use with isakmpd/DPD, adding this | Hakan Olsson | |
| extends the bitmap to 64bits. Also repair SADB_GET. hshoexer@ ok. | |||
| 2004-08-10 | when inserting a dynamic group entry into the pfi_ifs tree, don't incorrectly | David Gwynne | |
| create an interface entry with the same name. Prevents panics due to subsequent invalid refcounting. from Chris Pascoe ok dhartmei@ henning@ | |||
| 2004-08-09 | Change static functions to be non-static, for better backtraces. | Otto Moerbeek | |
| ok krw@ henning@ | |||
| 2004-08-08 | Zero route info structure in rtredirect(), avoiding a panic on label | Otto Moerbeek | |
| copy. ok millert@ deraadt@ henning@ | |||
| 2004-08-03 | the rest of the '#if DIAGNOSTIC' -> '#ifdef DIAGNOSTIC' in the kernel; ok miod@ | Todd T. Fries | |
| 2004-08-03 | introduce route labels, allowing for up to 32 bytes of info to be attached | Henning Brauer | |
| to a route. the label is sent over the routing socket wrapped into a new struct sockaddr_rtlabel, allowing for handling it like any other sockaddr. struct rtentry only contains a (16 bit) label-ID, with the actual labels kept outside the routing table. ID allocator code inspired by my own code for altq and pf tags. mostly hacked at the c2k4 hackathon, markus ok | |||
| 2004-08-03 | Allow a unicast ip address to be specified for pfsync to send it's state | Ryan Thomas McBride | |
| updates to; this allows pairs of pfsync firewalls to protect the traffic with IPSec. | |||
| 2004-07-28 | pool(9) for rtentry and rttimer; similar to netbsd; ok mcbride, henning, pb | Markus Friedl | |
| 2004-07-22 | Add missing check for NULL in DIOCCHANGERULE. This prevents a crash in | Mathieu Sauve-Frankel | |
| certain rare cases. ok mcbride@ dhartmei@ | |||
| 2004-07-20 | KASSERT instead of assert. Gives smaller RAMDISKS. | Artur Grabowski | |
| 2004-07-17 | Repair breakage from the hackathon's time conversion. Using the timestamp | Mike Frantzen | |
| as an extension to the sequence number got disabled because of the failing idle limit on PAWS checks. One more thing off my todo list. I need an intern | |||
| 2004-07-16 | remove netiso shitz, millert ok | Henning Brauer | |
| 2004-07-13 | spelling; dlg | Theo de Raadt | |
| 2004-07-12 | remove PF_FORWARD (which was introduced by ipv6 reass-on-scrub). | Jun-ichiro itojun Hagino | |
| daniel found it. | |||
| 2004-07-11 | backout IPv6 reass-on-scrub patch (more work needs to be done). | Jun-ichiro itojun Hagino | |
| requested by deraadt | |||
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |