src - OpenBSD base system

Age	Commit message (Collapse)	Author
1997-02-21	-nostdinc and big endian cleanup	Niklas Hallqvist

1997-02-21	Fixed error introduced with last patch.	Angelos D. Keromytis

1997-02-21	Removed some of the ugliness in ipsp_kern().	Angelos D. Keromytis

1997-02-20	DES library for IPSEC; Eric Young (eay@mincom.oz.au)	Theo de Raadt

1997-02-20	IPSEC package by John Ioannidis and Angelos D. Keromytis. Written in	Theo de Raadt
	Greece. From ftp.funet.fi:/pub/unix/security/net/ip/BSDipsec.tar.gz
1997-02-16	udp packets less than min udp packet length are bad; davem@jenolan.rutgers.edu	Theo de Raadt

1997-02-13	prevent free()ed object from being referenced	kstailey

1997-02-13	off-by-one-slot for IP timestamp option data inserts, PR#103, ↵	Theo de Raadt
	andreas.gunnarsson@emw.ericsson.se
1997-02-13	back out prev. change	kstailey

1997-02-13	make SPLNET() do splsoftnet()	kstailey

1997-02-12	protect ip_natexpire	kstailey

1997-02-11	IPF 1.3.7	kstailey

1997-02-11	ensure ipt->ipt_ptr is right; pr#96, andreas.gunnarsson@emw.ericsson.se	Theo de Raadt

1997-02-05	use arc4random()	Theo de Raadt

1997-02-05	#define ICMP_UNREACH_FILTER -> ICMP_UNREACH_FILTER_PROHIB to match ↵	kstailey
	tcpdump/print_icmp.c which had it first
1997-02-04	changed comment to reflect RFC-1812	kstailey

1997-02-04	Changed ICMP "unreachable" code #defines to match the ones in	kstailey
	tcpdump/print-icmp.c since they were in BSD first.
1997-01-30	for IP_HDRINCL option, use ip_len/ip_off in network order; lidl@va.pubnix.com	Theo de Raadt

1997-01-30	Added ICMP Destination Unreachable codes from RFC-1812:	kstailey
	14 = Host Precedence Violation. Sent by the first hop router to a host to indicate that a requested precedence is not permitted for the particular combination of source/destination host or 15 = Precedence cutoff in effect. The network operators have imposed a minimum level of precedence required for operation, the datagram was sent with a precedence below this level;
1997-01-30	added #define for Communication Administratively Prohibited	kstailey
	as in RFC-1812 Section 5.2.7.1 Destination Unreachable
1997-01-26	Make ip_len and ip_off unsigned values; don't transmit or accept packets	Thorsten Lockert
	larger than the maximum IP packet size. From NetBSD.
1997-01-18	syslog.h -> sys/syslog.h	Jason Downs
	THIS IS THE KERNEL, DAMNIT.
1997-01-15	prevent warning:	kstailey
	in_pcb.c:182: warning: `old' might be used uninitialized in this function
1996-10-27	record route is not a problem; thanks bitblt	Theo de Raadt

1996-10-24	<sys/dir.h> is for use as a compatibility interface only. Warn if	Thorsten Lockert
	included by kernel modules, and also remove use from any modules that currently attempt to use it.
1996-10-18	Do not run IP defragmentation routines unneccecarily; NetBSD PR# 2772	Thorsten Lockert

1996-10-08	Prototype & Stylistic fixes for high -W gcc levels	Niklas Hallqvist

1996-09-30	handle openbsd cases	Theo de Raadt

1996-09-25	Drop unused variable	Niklas Hallqvist

1996-09-23	fix tuba after synbomb fixes	Theo de Raadt

1996-09-20	`solve' the syn bomb problem as well as currently known; add sysctl's for	Theo de Raadt
	SOMAXCONN (kern.somaxconn), SOMINCONN (kern.sominconn), and TCPTV_KEEP_INIT (net.inet.tcp.keepinittime). when this is not enough (ie. overfull), start doing tail drop, but slightly prefer the same port.
1996-09-12	Close TCP receive window when we cannot receive data; suggested by Darren	Thorsten Lockert
	Reed. Also make a conditional easier to read.
1996-09-12	TCP Persist handling; from 4.4BSD Lite2 (via NetBSD PR 2335)	Thorsten Lockert

1996-09-12	Don't assume other subnets than our own are local to us; from Luigi Rizzo	Thorsten Lockert
	by way of Jason Downs & Theo de Raadt. Can be overridden in the kernel configuration file by using "option SUBNETSARELOCAL=1"
1996-09-02	Don't drain the protocol queues at interrupt level.	dm

1996-08-24	change to so_uid, also fix a missing credential found by dm	Theo de Raadt

1996-08-14	restrict some raw ip packets that may crash ip_output(); from freebsd	Theo de Raadt

1996-08-14	ipaddrs are int; like many other things found after spotting a similar ↵	Theo de Raadt
	netbsd commit...
1996-08-07	Partial protection from TCP SYN attacks	Thorsten Lockert

1996-08-05	stupid typo, going to bed in penance	Theo de Raadt

1996-08-05	only check for takeover permission if non-root	Theo de Raadt

1996-08-05	struct socket gets so_ucred; permit only same uid or root to do port takeover.	Theo de Raadt

1996-08-02	ICMP Router Discovery definitions; from FreeBSD	Thorsten Lockert

1996-08-02	Allow viewing of net.inet.ip.sourceroute in secure mode	Thorsten Lockert

1996-07-29	Remove random() prototype, as it's not needed. Besides it was wrong for the ↵	Niklas Hallqvist
	alpha :-)
1996-07-29	Fix stupid logic error in bind().	Jason Downs

1996-07-29	Make TCP ISS increment by random amounts	Thorsten Lockert

1996-07-29	Make 600, instead of 512, the lower limit for reserved ports.	Jason Downs

1996-07-29	Fix a small bug and change the logic of the bind() port choosing:	Jason Downs
	Use a random starting point the first time through the loop.
1996-07-29	From FreeBSD (with slightly different sysctl names):	Jason Downs
	"... Allow the user to nominate one of three ranges of port numbers as candidates for selecting a local address to replace a zero port number. The ranges are selected via a setsockopt(s, IPPROTO_IP, IP_PORTRANGE, &arg) call. The three ranges are: default, high (to bypass firewalls) and low (to get a port below 1024). The default and high port ranges are sysctl settable under sysctl net.inet.ip.portrange.* [net.inet.ip.portfirst, net.inet.ip.portlast, net.inet.ip.porthifirst, and net.inet.ip.porthilast currently in OpenBSD.] This code also fixes a potential deadlock if the system accidently ran out of local port addresses. It'd drop into an infinite while loop. The secure port selection (for root) should reduce overheads and increase reliability of rlogin/rlogind/rsh/rshd if they are modified to take advantage of it."