| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2000-06-06 | Get rid of tdb_ref, keep indirect pointer to TDB. | Angelos D. Keromytis | |
| 2000-06-03 | correctly handle ctlinput messages for IPv6. | Jun-ichiro itojun Hagino | |
| 2000-06-01 | Fix the German's comment typos. | Angelos D. Keromytis | |
| 2000-06-01 | Should learn how to count... | Angelos D. Keromytis | |
| 2000-06-01 | Check for invalid TDBs right away in the callbacks. | Angelos D. Keromytis | |
| 2000-06-01 | Oops, remove bogus comment. | Angelos D. Keromytis | |
| 2000-06-01 | Beautify a little bit. | Angelos D. Keromytis | |
| 2000-06-01 | Use the cached entry for security requirements from the inp. | Angelos D. Keromytis | |
| 2000-06-01 | Use ipsp_spd_lookup() in ip_output() | Angelos D. Keromytis | |
| 2000-06-01 | ipsp_acquire_sa() | Angelos D. Keromytis | |
| 2000-06-01 | ipsp_spd_lookup() | Angelos D. Keromytis | |
| 2000-06-01 | Prototype for ipsp_spd_lookup() | Angelos D. Keromytis | |
| 2000-05-25 | net.inet.ip.gif_ttl (and IPv6 counterpart) is never used. | Jun-ichiro itojun Hagino | |
| enforce type checking on IN6_ARE_ADDR_EQUAL. | |||
| 2000-05-24 | Update to ipf 3.3.16. among other things, this addresses a security issue | Kjell Wooding | |
| with certain rule configurations: * don't add TCP state if it is an RST packet and (attempt) to send out RST/ICMP packets in a manner that bypasses IP Filter. | |||
| 2000-05-15 | parse IPv4 options more carefully. make boundary checks against every | Jun-ichiro itojun Hagino | |
| steps (including option type/length field - there were no checks, seems to me 4.4BSD bug) | |||
| 2000-05-15 | Add comment on input MSS calculation based on previous PMTUD results, | Angelos D. Keromytis | |
| as per TCP-imply IETF WG draft(s). The correct approach is to just use the relevant interface's MTU. | |||
| 2000-05-15 | Fix sanity check that caused really short packets (ICMPs with less | Angelos D. Keromytis | |
| than 8 bytes of payload) to be dropped. Did not affect TCP/UDP packets and most ICMP packets. | |||
| 2000-05-10 | ipf 3.3.14, fixes an ipnat problem and ip option mishandling, which the ↵ | Theo de Raadt | |
| bridge code cares about | |||
| 2000-05-10 | make sure ip_timestamp is aligned correctly | Jason Wright | |
| 2000-05-06 | avoid underflow on unsigned value arithmetic (when optlen < 4). | Jun-ichiro itojun Hagino | |
| 2nd half of NetBSD Security Advisory 2000-002. | |||
| 2000-05-06 | avoid unaligned access in timestamp; ↵ | Theo de Raadt | |
| http://www.newhackcity.net/advisories/20000504a_0.txt; checked by provos and itojun | |||
| 2000-05-04 | Bypass routes only worked for one packet, then they effectively became a | Niklas Hallqvist | |
| filter. | |||
| 2000-05-01 | Update to ipfilter 3.3.13. This should be the last of the 3.3.x releases. | Kjell Wooding | |
| This patch fixes mostly ICMP timeout problems, as the ftp proxy changes were imported previously. | |||
| 2000-04-28 | actually m_adj tries to drop tcp header part. it is better to | Jun-ichiro itojun Hagino | |
| touch tcp header before m_adj, than the other way around. (no behavior change with the current m_adj code, new code is safer against any future m_adj changes) | |||
| 2000-04-27 | mbuf is freed by sbappend(), move the references to th up. found by art@ | Niels Provos | |
| 2000-04-27 | add TCP port 587 to default list of reserved ports not to allocate ↵ | Todd C. Miller | |
| dynamically in order to reserve it for sendmail. | |||
| 2000-04-27 | avoid infinite loop in in{6,}_pcbnotify (can occurs on family mismatch) | Jun-ichiro itojun Hagino | |
| 2000-04-26 | add ARCTYPE_INET6 | Jakob Schlyter | |
| 2000-04-25 | Avoid divide-by-zero; from FreeBSD PR/8990 and NetBSD PR/6541. Use the same fix | Aaron Campbell | |
| for now, at least until we determine if there is a more correct one. | |||
| 2000-04-25 | when fixing up the header, copy from the right sized datatype (fixes IPsec | Jason Wright | |
| on big-endian machines) | |||
| 2000-04-21 | NRL pcb issue; inp_{f,l}addr{,6} is a union so we need to be sure about | Jun-ichiro itojun Hagino | |
| af match. - do not touch IPv4 pcb entries on in6_pcbnotify. - do not touch IPv6 pcb entries on in_pcbnotify. | |||
| 2000-04-19 | tdb_ref should be signed, this avoid a problem with flushing the TDB | Angelos D. Keromytis | |
| table causing repeated allocations of bypass TDBs. | |||
| 2000-04-18 | Remove the ethernet header from the mbuf before passing it on to | Angelos D. Keromytis | |
| bridge_input() | |||
| 2000-04-14 | make "option TCPDEBUG" kernel compile. | Jun-ichiro itojun Hagino | |
| PR1186 from "Robert Mooney" <rjmooney@atl.mediaone.net>. (printf format change is not bringed in - i'm unsure about it) | |||
| 2000-04-14 | for layer 3 protocols that does not support path MTU discovery | Jun-ichiro itojun Hagino | |
| (I mean, IPv4) do not try to use rmx_mtu on routing table. this symptom was introduced by rmx_mtu initialization (necessary for IPv6 path MTU discovery) in net/route.c. now prior behavior is recovered. From: Hugh Graham <hugh@openbsd.org> there are several question about mssdflt semantics, though: Question 1: with the current code, mssdflt does not override rmx_mtu value (mssdflt overrides interface mtu only). should we override rmx_mtu by mssdflt as well? Question 2: with the current code, mssdflt overrides mss computed from if mtu, only when the destination is IPv4 non-local. is it safe enough? we may want to use mssdflt, whenever we are uncertain. mss = if mtu - hdrsiz; if (IPv4 non-local destination) mss = min(mss, mssdflt); | |||
| 2000-04-13 | When fragmenting a packet, inherit the multicast and broadcast flags so that | Artur Grabowski | |
| the link layer can choose the right address. | |||
| 2000-04-13 | #ifndef the definitions of IPSTATE_MAX and IPSTATE_SIZE | Kjell Wooding | |
| This allows the redefinition of these constants in mk.conf, for example. mep@netset.net | |||
| 2000-04-12 | bump ipf version (3.3.12a) to go with last commit | Kjell Wooding | |
| 2000-04-12 | FTP Proxy changes introduced in 3.3.12 were too agressive. Tone down | Kjell Wooding | |
| a bit. posted to ipf list by darrenr@pobox.com | |||
| 2000-04-11 | Don't add an extra 20 bytes to ip_len, m_pkthdr.len is already updated | Angelos D. Keromytis | |
| by M_PREPEND. | |||
| 2000-04-10 | Oops on sanity logic. | Angelos D. Keromytis | |
| 2000-04-09 | Pass ip_off and ip_len in the correct byte order to icmp_error(); this | Angelos D. Keromytis | |
| should fix the crash problems with isic, reported last week. | |||
| 2000-04-06 | only call get_random_bytes() once in m_pad() | Theo de Raadt | |
| 2000-04-05 | Update to ipf 3.3.12. Most fixes relate to hardening of | Kjell Wooding | |
| in-kernel ftp proxy. See sbin/ipf/HISTORY for details. | |||
| 2000-04-04 | Verbiage fix. | Angelos D. Keromytis | |
| 2000-03-30 | Only allocate space for a copy of the authenticator if authentication | Angelos D. Keromytis | |
| is in use. | |||
| 2000-03-30 | Set re_rt to NULL, so we don't double free. | Angelos D. Keromytis | |
| 2000-03-29 | Be consistent about packet properties. | Angelos D. Keromytis | |
| 2000-03-29 | Fix problem with TCP/UDP and ACLs. | Angelos D. Keromytis | |
| 2000-03-29 | Minor cleanup. | Angelos D. Keromytis | |
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |