| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2004-01-31 | rename tcp sockopt TCP_SIGNATURE_ENABLE to TCP_MD5SIG | Henning Brauer | |
| requested by theo ok markus@ hshoexer@ | |||
| 2004-01-31 | !sack_disable -> sack_enable; ok deraadt@ | Markus Friedl | |
| 2004-01-30 | add support for getsockopt(..., TCP_SIGNATURE_ENABLE | Henning Brauer | |
| so you can check wether a just accept()ed connection is md5sig'd ok deraadt@ markus@ | |||
| 2004-01-29 | reset TCPT_KEEP to tcp_keepidle when switching to ESTABLISHED; | Markus Friedl | |
| ok henning, deraadt | |||
| 2004-01-29 | turn off TF_SIGNATURE on the listen socket if there is no matching SA. | Markus Friedl | |
| allows using a single listen socket for both tcpmd5 and plain tcp. ok aaron, henning. | |||
| 2004-01-29 | support for RFC3390 (Increasing TCP's Initial Window); ok deraadt, itojun | Markus Friedl | |
| 2004-01-29 | don't increase the cwnd on syn-ack; ok itojun@, deraadt@ | Markus Friedl | |
| 2004-01-27 | in gettdbbysrcdst(): hash by SRC and lookup SA in the tdbsrc[] hash table | Markus Friedl | |
| with hshoexer@ | |||
| 2004-01-22 | add gettdbbysrcdst(), just like gettdb(), but compares tdb_src as well; ok ↵ | Markus Friedl | |
| mcbride@ | |||
| 2004-01-18 | send RTM_IFINFO on carp state changes; with mpf@; ok mcbride@, mpf@ | Markus Friedl | |
| 2004-01-15 | es tanzt das KNF | Markus Friedl | |
| 2004-01-15 | missing #ifdef INET6, ok henning@ | Daniel Hartmeier | |
| 2004-01-15 | move call to tcp_mss_update() from syn_cache_add() to syn_cache_get(), | Markus Friedl | |
| when the 3-way handshake completes (and not on the listen pcb). ok itojun, dhartmei | |||
| 2004-01-14 | syncache+ipv6 support for TCP_SIGNATURE; with itojun; ok deraadt | Markus Friedl | |
| 2004-01-13 | bring back the old TCP_SIGNATURE code from tcp_input.c rev 1.45 | Markus Friedl | |
| and make it compile (does not work yet); ok deraadt@ | |||
| 2004-01-13 | pass pcb and not socket to ip_output; #ifdef SACK; ok itojun@ | Markus Friedl | |
| 2004-01-13 | Add and remove IPv6 routes so when we're MASTER, we can connect to the | Ryan Thomas McBride | |
| common address. | |||
| 2004-01-09 | decrease min mss to (256 - 40); ok deraadt | Markus Friedl | |
| 2004-01-09 | don't restrict tcp signature keys to ascii; ok mcbride | Markus Friedl | |
| 2004-01-08 | struct for IPv6 pseudo header checksum - nonstandard. from kame | Jun-ichiro itojun Hagino | |
| 2004-01-07 | crank mss limit from 64 to 256; ok itojun@, dhartmei@ | Markus Friedl | |
| 2004-01-07 | syn_XXX_limit -> synXXXlimit for consistency; ok deraadt | Markus Friedl | |
| 2004-01-07 | in_pcbnotify() now returns number of matches. | Markus Friedl | |
| 2004-01-07 | cleanup obsolete comment from NRL code. markus ok | Jun-ichiro itojun Hagino | |
| 2004-01-06 | import netbsd's version of David Borman's syncache code | Markus Friedl | |
| http://www.kohala.com/start/borman.97jun06.txt; ok deraadt@, henning@ | |||
| 2004-01-06 | fix vlan destroy for MROUTING; report spamme@wouz.dk via tedu; ok itojun | Markus Friedl | |
| 2004-01-03 | put an mi wrapper around stdarg.h/varargs.h. gcc3 moved stdarg/varargs macros | Marc Espie | |
| to built-ins, so eventually we will have one version of these files. Special adjustments for the kernel to cope: machine/stdarg.h -> sys/stdarg.h and machine/ansi.h needs to have a _BSD_VA_LIST_ for syslog* prototypes. okay millert@, drahn@, miod@. | |||
| 2004-01-02 | use pool for pcb; with grange@ like netbsd; ok itojun@, cedric@ | Markus Friedl | |
| 2003-12-21 | change in*_pcbnotify to return numbers of matches; ok itojun, mcbride, henning | Markus Friedl | |
| 2003-12-21 | use CIRCLEQ* for pcb's; ok deraadt, henning, mcbride, with help from canacar | Markus Friedl | |
| 2003-12-21 | check for multicast early, remove redundant checks; ok itojun, mcbride | Markus Friedl | |
| 2003-12-18 | Permit ethernet multicast addresses, as used by some HA/failover solutions. ↵ | Hakan Olsson | |
| Suggested by and ok markus@. | |||
| 2003-12-17 | Change pfsync IP protocol and multicast group numbers. | Ryan Thomas McBride | |
| IPPROTO_PFSYNC -> 240 INADDR_PFSYNC_GROUP -> 224.0.0.240 ok deraadt@ | |||
| 2003-12-15 | Add initial support for pf state synchronization over the network. | Ryan Thomas McBride | |
| Implemented as an in-kernel multicast IP protocol. Turn it on like this: # ifconfig pfsync0 up syncif fxp0 There is not yet any authentication on this protocol, so the syncif must be on a trusted network. ie, a crossover cable between the two firewalls. NOTABLE CHANGES: - A new index based on a unique (creatorid, stateid) tuple has been added to the state tree. - Updates now appear on the pfsync(4) interface; multiple updates may be compressed into a single update. - Applications which use bpf on pfsync(4) will need modification; packets on pfsync no longer contains regular pf_state structs, but pfsync_state structs which contain no pointers. Much more to come. ok deraadt@ | |||
| 2003-12-12 | niels kindly dropped clause 3/4 from the license. tnx! | Jun-ichiro itojun Hagino | |
| 2003-12-12 | previous commit included bad hunk. sorry | Jun-ichiro itojun Hagino | |
| 2003-12-12 | no need to call arc4random() if we don't skip numbers in ip_randomid(). | Jun-ichiro itojun Hagino | |
| from markus | |||
| 2003-12-10 | de-register. deraadt ok | Jun-ichiro itojun Hagino | |
| 2003-12-10 | correct non-repetitive ID code, based on comments from niels provos. | Jun-ichiro itojun Hagino | |
| - seed2 is necessary, but use it as "seed2 + x" not "seed2 ^ x". - skipping number is not needed, so disable it for 16bit generator (makes the repetition period to 30000) | |||
| 2003-12-08 | switch to CIRCLEQ_FOREACH_REVERSE in tcpdropoldhalfopen() and | Markus Friedl | |
| avoid dropping youngest TCB; ok henning deraadt | |||
| 2003-12-08 | Mbuf tag tcp and udp packets which are translated to localhost, and | Ryan Thomas McBride | |
| use the the presence of this tag to reverse the match order in in{6}_pcblookup_listen(). Some daemons (such as portmap) do a double bind, binding to both * and localhost in order to differentiate local from non-local connections, and potentially granting more privilege to local ones. This change ensures that redirected connections to localhost do not appear local to such a daemon. Bulk of changes from dhartmei@, some changes markus@ ok dhartmei@ deraadt@ | |||
| 2003-12-06 | Mark u_int64_t constants with ULL to make gcc3 happy. | Alexander Yurchenko | |
| ok drahn@ | |||
| 2003-12-03 | add support for ifconfig clone; ok henning deraadt | Markus Friedl | |
| 2003-12-03 | add support for ifconfig clone/destroy; ok henning deraadt | Markus Friedl | |
| 2003-12-03 | add support for ifconfig clone/destroy; ok henning deraadt | Markus Friedl | |
| 2003-12-02 | UDP encapsulation for ESP in transport mode (draft-ietf-ipsec-udp-encaps-XX.txt) | Markus Friedl | |
| ok deraadt@ | |||
| 2003-11-16 | convert __attribute__((__packed__)) to __packed so that parsers unaware | Anil Madhavapeddy | |
| of gcc extensions have more of a chance. ok mcbride@, no objections from millert@, deraadt@ | |||
| 2003-11-16 | compile without INET6 | Markus Friedl | |
| 2003-11-14 | Don't include KAME link-local interface ID in HMAC. | Ryan Thomas McBride | |
| from itojun@ | |||
| 2003-11-09 | No need to pass an unused struct carp_softc * into carp_input_c() from | Ryan Thomas McBride | |
| carp_input() and carp6_input(). | |||
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |