| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2004-02-17 | switch to sysctl_int_arr(); ok henning, deraadt | Markus Friedl | |
| 2004-02-16 | don't allocate a cluster if the header fits into a mbuf; | Markus Friedl | |
| ok itojun@, henning@, mcbride@ | |||
| 2004-02-15 | check TDBF_INVALID for TCP MD5 SA lookups; ok mcbride, henning | Markus Friedl | |
| 2004-02-15 | switch to sysctl_int_arr(); ok itojun, henning, miod, deraadt | Markus Friedl | |
| 2004-02-13 | typo, lenght -> length | Brad Smith | |
| 2004-02-11 | make mss signed; avoids large mss if ifp==NULL; ok itojun@ | Markus Friedl | |
| 2004-02-10 | plug mbuf leak (ip_fragment() always free mbuf on error). tested by cedric, | Jun-ichiro itojun Hagino | |
| dhartmei ok | |||
| 2004-02-10 | check TF_SIGNATURE when calculating the mss; add TCPOLEN_SIGLEN and | Markus Friedl | |
| avoid magic constants; ok henning@ | |||
| 2004-02-05 | take RFC2460 section 5 last paragraph into consideration when we compute MSS | Jun-ichiro itojun Hagino | |
| (if path MTU < 1280, use 1280 as packet size and attach fragment header). markus ok | |||
| 2004-01-31 | rename tcp sockopt TCP_SIGNATURE_ENABLE to TCP_MD5SIG | Henning Brauer | |
| requested by theo ok markus@ hshoexer@ | |||
| 2004-01-31 | !sack_disable -> sack_enable; ok deraadt@ | Markus Friedl | |
| 2004-01-30 | add support for getsockopt(..., TCP_SIGNATURE_ENABLE | Henning Brauer | |
| so you can check wether a just accept()ed connection is md5sig'd ok deraadt@ markus@ | |||
| 2004-01-29 | reset TCPT_KEEP to tcp_keepidle when switching to ESTABLISHED; | Markus Friedl | |
| ok henning, deraadt | |||
| 2004-01-29 | turn off TF_SIGNATURE on the listen socket if there is no matching SA. | Markus Friedl | |
| allows using a single listen socket for both tcpmd5 and plain tcp. ok aaron, henning. | |||
| 2004-01-29 | support for RFC3390 (Increasing TCP's Initial Window); ok deraadt, itojun | Markus Friedl | |
| 2004-01-29 | don't increase the cwnd on syn-ack; ok itojun@, deraadt@ | Markus Friedl | |
| 2004-01-27 | in gettdbbysrcdst(): hash by SRC and lookup SA in the tdbsrc[] hash table | Markus Friedl | |
| with hshoexer@ | |||
| 2004-01-22 | add gettdbbysrcdst(), just like gettdb(), but compares tdb_src as well; ok ↵ | Markus Friedl | |
| mcbride@ | |||
| 2004-01-18 | send RTM_IFINFO on carp state changes; with mpf@; ok mcbride@, mpf@ | Markus Friedl | |
| 2004-01-15 | es tanzt das KNF | Markus Friedl | |
| 2004-01-15 | missing #ifdef INET6, ok henning@ | Daniel Hartmeier | |
| 2004-01-15 | move call to tcp_mss_update() from syn_cache_add() to syn_cache_get(), | Markus Friedl | |
| when the 3-way handshake completes (and not on the listen pcb). ok itojun, dhartmei | |||
| 2004-01-14 | syncache+ipv6 support for TCP_SIGNATURE; with itojun; ok deraadt | Markus Friedl | |
| 2004-01-13 | bring back the old TCP_SIGNATURE code from tcp_input.c rev 1.45 | Markus Friedl | |
| and make it compile (does not work yet); ok deraadt@ | |||
| 2004-01-13 | pass pcb and not socket to ip_output; #ifdef SACK; ok itojun@ | Markus Friedl | |
| 2004-01-13 | Add and remove IPv6 routes so when we're MASTER, we can connect to the | Ryan Thomas McBride | |
| common address. | |||
| 2004-01-09 | decrease min mss to (256 - 40); ok deraadt | Markus Friedl | |
| 2004-01-09 | don't restrict tcp signature keys to ascii; ok mcbride | Markus Friedl | |
| 2004-01-08 | struct for IPv6 pseudo header checksum - nonstandard. from kame | Jun-ichiro itojun Hagino | |
| 2004-01-07 | crank mss limit from 64 to 256; ok itojun@, dhartmei@ | Markus Friedl | |
| 2004-01-07 | syn_XXX_limit -> synXXXlimit for consistency; ok deraadt | Markus Friedl | |
| 2004-01-07 | in_pcbnotify() now returns number of matches. | Markus Friedl | |
| 2004-01-07 | cleanup obsolete comment from NRL code. markus ok | Jun-ichiro itojun Hagino | |
| 2004-01-06 | import netbsd's version of David Borman's syncache code | Markus Friedl | |
| http://www.kohala.com/start/borman.97jun06.txt; ok deraadt@, henning@ | |||
| 2004-01-06 | fix vlan destroy for MROUTING; report spamme@wouz.dk via tedu; ok itojun | Markus Friedl | |
| 2004-01-03 | put an mi wrapper around stdarg.h/varargs.h. gcc3 moved stdarg/varargs macros | Marc Espie | |
| to built-ins, so eventually we will have one version of these files. Special adjustments for the kernel to cope: machine/stdarg.h -> sys/stdarg.h and machine/ansi.h needs to have a _BSD_VA_LIST_ for syslog* prototypes. okay millert@, drahn@, miod@. | |||
| 2004-01-02 | use pool for pcb; with grange@ like netbsd; ok itojun@, cedric@ | Markus Friedl | |
| 2003-12-21 | change in*_pcbnotify to return numbers of matches; ok itojun, mcbride, henning | Markus Friedl | |
| 2003-12-21 | use CIRCLEQ* for pcb's; ok deraadt, henning, mcbride, with help from canacar | Markus Friedl | |
| 2003-12-21 | check for multicast early, remove redundant checks; ok itojun, mcbride | Markus Friedl | |
| 2003-12-18 | Permit ethernet multicast addresses, as used by some HA/failover solutions. ↵ | Hakan Olsson | |
| Suggested by and ok markus@. | |||
| 2003-12-17 | Change pfsync IP protocol and multicast group numbers. | Ryan Thomas McBride | |
| IPPROTO_PFSYNC -> 240 INADDR_PFSYNC_GROUP -> 224.0.0.240 ok deraadt@ | |||
| 2003-12-15 | Add initial support for pf state synchronization over the network. | Ryan Thomas McBride | |
| Implemented as an in-kernel multicast IP protocol. Turn it on like this: # ifconfig pfsync0 up syncif fxp0 There is not yet any authentication on this protocol, so the syncif must be on a trusted network. ie, a crossover cable between the two firewalls. NOTABLE CHANGES: - A new index based on a unique (creatorid, stateid) tuple has been added to the state tree. - Updates now appear on the pfsync(4) interface; multiple updates may be compressed into a single update. - Applications which use bpf on pfsync(4) will need modification; packets on pfsync no longer contains regular pf_state structs, but pfsync_state structs which contain no pointers. Much more to come. ok deraadt@ | |||
| 2003-12-12 | niels kindly dropped clause 3/4 from the license. tnx! | Jun-ichiro itojun Hagino | |
| 2003-12-12 | previous commit included bad hunk. sorry | Jun-ichiro itojun Hagino | |
| 2003-12-12 | no need to call arc4random() if we don't skip numbers in ip_randomid(). | Jun-ichiro itojun Hagino | |
| from markus | |||
| 2003-12-10 | de-register. deraadt ok | Jun-ichiro itojun Hagino | |
| 2003-12-10 | correct non-repetitive ID code, based on comments from niels provos. | Jun-ichiro itojun Hagino | |
| - seed2 is necessary, but use it as "seed2 + x" not "seed2 ^ x". - skipping number is not needed, so disable it for 16bit generator (makes the repetition period to 30000) | |||
| 2003-12-08 | switch to CIRCLEQ_FOREACH_REVERSE in tcpdropoldhalfopen() and | Markus Friedl | |
| avoid dropping youngest TCB; ok henning deraadt | |||
| 2003-12-08 | Mbuf tag tcp and udp packets which are translated to localhost, and | Ryan Thomas McBride | |
| use the the presence of this tag to reverse the match order in in{6}_pcblookup_listen(). Some daemons (such as portmap) do a double bind, binding to both * and localhost in order to differentiate local from non-local connections, and potentially granting more privilege to local ones. This change ensures that redirected connections to localhost do not appear local to such a daemon. Bulk of changes from dhartmei@, some changes markus@ ok dhartmei@ deraadt@ | |||
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |