| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2004-03-31 | in the tcp md5sig case allow empty (wildcard) src or dst | Henning Brauer | |
| ok markus@ | |||
| 2004-03-28 | Check variables in incoming packets which can cause problems if they're set | Ryan Thomas McBride | |
| to arbitrary values. Invalid state->timeout can hit a KASSERT in pf, the other ones should be ok but we check them just to make sure. ok dhartmei@ deraadt@ | |||
| 2004-03-27 | wrap if_down() in splimp; tholo ran into splassert, miod tholo ok | Theo de Raadt | |
| 2004-03-26 | Properly m_copyback() modified TCP sequence number after demodulation | Daniel Hartmeier | |
| ok mcbride@, henning@, cedric@, deraadt@ | |||
| 2004-03-25 | Fix icmp checksum when sequence number modlation is being used. | Ryan Thomas McBride | |
| Also fix a daddr vs saddr cut-n-paste error in ICMP error handling. From dhartmei@ ok deraadt@ | |||
| 2004-03-23 | Hold off for 1 second before beginning bulk transfer. Avoids looping | Ryan Thomas McBride | |
| until mono_time.tv_sec advances past the time the bulk transfer request was recieved. ok cedric@ deraadt@ | |||
| 2004-03-22 | Support for best effort bulk transfers of states when pfsync syncif is | Ryan Thomas McBride | |
| configured. This this allows pfsync+carp clusters to come up gracefully without killing active connections. pfsync now prevents carp from preempting to become master until the state table has sync'd. ABI change, any application which use struct pf_state must be recompiled. Reminded about this by Christian Gut. Thanks to beck@ cedric@ and dhartmei@ for testing and comments. ok deraadt@ | |||
| 2004-03-19 | remove trailing ';' in PFLOG_REAL_HDRLEN definition. ok dhartmei@ mcbride@ | Mike Frantzen | |
| 2004-03-18 | state->rule.ptr shall not be NULL. from Jon Coller. ok dhartmei@ mcbride@ | Cedric Berger | |
| 2004-03-15 | Kill redundant(IPv4) and bogus(IPv6) tests. found+ok dhartmei@ | Cedric Berger | |
| 2004-03-15 | plug memory leak in error path | Henning Brauer | |
| missing break; in error case from patrick latifi, cedric ok | |||
| 2004-03-11 | Don't call pf_src_tree_remove_state() on error in pf_insert_state(), | Ryan Thomas McBride | |
| it's also called in the function which calls pf_insert_state(). Pointed out by Patrick Latifi, ok cedric@ dhartmei@ | |||
| 2004-03-09 | KNF, ok cedric@ deraadt@ | Ryan Thomas McBride | |
| 2004-03-02 | don't leak mbuf if uiomove fails; from netbsd; | Markus Friedl | |
| ok henning, cedric, claudio, deraadt | |||
| 2004-02-28 | - Don't permit 0-padded unit numbers on cloned interfaces. Bug repoprt | Ryan Thomas McBride | |
| from otto@ - Fix signedness issue with unit numbers. Bug report from Thorsten Glaser ok millert@ otto@ | |||
| 2004-02-24 | sysctl knob for bpf tunables. some tips from canacar@ | Ted Unangst | |
| ok canacar@ deraadt@ mcbride@ | |||
| 2004-02-24 | Remove redundant logging from pf_test_other(). | Ryan Thomas McBride | |
| ok henning@ cedric@ | |||
| 2004-02-24 | KNF | Ryan Thomas McBride | |
| 2004-02-23 | prevent backward jumps; pls@egsys.hu; ok canacar, deraadt | Markus Friedl | |
| 2004-02-20 | Make pfsync deal with clearing states bound to a group or interface (eg | Ryan Thomas McBride | |
| pfctl -i fxp0 -Fs). Also don't send out individual state deletions if we're sending a clear message, move pfsync_clear_states() inside splnet, and fix if_pfsync.h includes in pf.c and pf_ioctl.c. ok cedric@ dhartmei@ | |||
| 2004-02-19 | Makes pfctl -Fs and pfctl -w works with the optional -i specifier. | Cedric Berger | |
| Kernel/Userland Sync needed. ok dhartmei@ jmc@ markus@ mcbride@ | |||
| 2004-02-19 | the 2nd round of the qid assignment change. | Kenjiro Cho | |
| make the semantics in line with the tag assignment, which simplifies the id management in pf. ok, henning@ | |||
| 2004-02-17 | Tighten pfi_skip_if() up, and a bit of KNF. ok mcbride@ | Cedric Berger | |
| 2004-02-15 | 18 -> ETHER_ADDR_LEN*3 in ether_sprintf() for clarity | Anil Madhavapeddy | |
| itojun@ ok | |||
| 2004-02-13 | Do an explicit pf_update_anchor_rules() after an anchor gets removed. | Marco Pfatschbacher | |
| In some situations not all anchor rules got updated properly, so they still refered to already freed anchors. OK dhartmei@ mcbride@ cedric@ henning@ | |||
| 2004-02-12 | from camield: | Henning Brauer | |
| se hash instead of linked list to speed up tag to vlan interface mapping ok markus@ and myself | |||
| 2004-02-10 | KNF | Daniel Hartmeier | |
| 2004-02-10 | plug mbuf leak (ip_fragment() always free mbuf on error). tested by cedric, | Jun-ichiro itojun Hagino | |
| dhartmei ok | |||
| 2004-02-10 | KNF | Henning Brauer | |
| 2004-02-10 | Make pfsync work correctly with IP options on 64-bit alignment | Ryan Thomas McBride | |
| sensitive CPUs. Pointed out by deraadt@. | |||
| 2004-02-09 | Repair "set loginterface". Don't flush stats on pfctl -e. pf_status.since | Cedric Berger | |
| is the time of last "pf -e" or "pf -d". ok dhartmei@ henning@ | |||
| 2004-02-08 | if_detach_rtdelete(): abort and restart rn_walktree() if a cloning route | Markus Friedl | |
| gets deleted; fixes pr 3649; ok henning, deraadt, dhartmei | |||
| 2004-02-08 | Fix kernel panic which occurs under very high load: | Ryan Thomas McBride | |
| - Make sure we calculate the correct maximum size for PFSYNC_ACT_UREQ. - Make pfsync_sendout() return immediately if there is nothing to send. | |||
| 2004-02-07 | Use the offset provided to us by m_pulldown(), rather than using size of | Ryan Thomas McBride | |
| ip and pfsync headers. This makes us behave correctly if the packet is spread across multiple mbufs (which does not appear to happen in practice). | |||
| 2004-02-06 | as seen in netbsd. crank bpf sizes to adapt to faster networks. | Ted Unangst | |
| max size goes to 2MB, default goes to 32k. ok canacar@ mcbride@ | |||
| 2004-02-04 | Fix a number of bugs with setting pool limits which I introduced with | Ryan Thomas McBride | |
| source-tracking. Found by Pyun YongHyeon. Also add support to pfctl to set the src-nodes pool limit. "Luckily" some of the bugs cancel each other out; update kernel before pfctl. ok dhartmei@ | |||
| 2004-02-02 | missing #if NPF > 0. ok henning@ | Cedric Berger | |
| 2004-02-02 | Do not evaluate pfi_index2kif[ifp->if_index] if PF is disabled. | Cedric Berger | |
| Safer and faster since we know that ifp->if_index can potentially be garbage. ok dhartmei@ | |||
| 2004-01-27 | drop packet if kif == NULL; ok henning deraadt | Markus Friedl | |
| 2004-01-27 | don't convert tcpmd5 to ip-over-ip in SADB_X_GETSPROTO; from hshoexer | Markus Friedl | |
| 2004-01-26 | - use SIOC[GS]WAVELAN. | Federico G. Schwindt | |
| - fill ac_enaddr correctly. - put ic_myaddr back. | |||
| 2004-01-22 | - Include the value of pf_state.timeout in pfsync messages | Ryan Thomas McBride | |
| - Fix the expiry time calculations, for real - Unbreak the collapsing of multiple updates into one And a little KNF for good measure. | |||
| 2004-01-20 | the pfsync interface does not have a baudrate, so don't claim 100 MBit/s | Henning Brauer | |
| ok mcbride@ | |||
| 2004-01-20 | Ignore pfsync packets if pf is not running. | Ryan Thomas McBride | |
| 2004-01-19 | Update comment; handling PFSYNC_ACT_UPD in pfsync_input() is no longer | Ryan Thomas McBride | |
| optional. | |||
| 2004-01-19 | Clean up creation and expiry timestamp calculations. | Ryan Thomas McBride | |
| 2004-01-18 | Port is already stored in network byte order, no need to convert. | Ryan Thomas McBride | |
| 2004-01-16 | Fix IPv6 stateful tcp scrubbing by not dereferencing a null pointer. | Ryan Thomas McBride | |
| ok dhartmei@ frantzen@ | |||
| 2004-01-15 | add a RTM_IFANNOUNCE message; from netbsd; ok itojun, henning | Markus Friedl | |
| 2004-01-12 | use klist_invalidate to permit destroy while kqueued. ok mpf@ | Ted Unangst | |
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |