Age | Commit message (Collapse) | Author | |
---|---|---|---|
2013-03-15 | camield requested backout of rev 1.26, and indeed ftp-proxy does not | Sebastian Benoit | |
need it. | |||
2013-03-11 | handle ECONNABORTED errors from accept(). In many code blocks they can be | Theo de Raadt | |
ignored silently and without aborting, much like EINTR and EWOULDBLOCK are. ok's from various maintainers of these directories... | |||
2013-03-10 | reserve a filedescriptor on accept() for subsequent connect() call, as | Sebastian Benoit | |
done in relayd. ok sthen, deraadt | |||
2012-09-18 | prio 0 is valid, therefore, I chose an "impossible" value for prio meaning | Henning Brauer | |
"not set" and used a PF_PRIO_NOTSET define for it. now that means that everything that creates a struct pf_rule doesn't get away with bzero'ing it, which turned out to be not so nice. so get rid of PF_PRIO_NOTSET, instead, make a rule+state flag PFSTATE_SETPRIO which indicates wether the prio should be set. ok benno claudio mikeb | |||
2012-07-07 | rename prio in struct pf_rule and related structs to set_prio so it is | Henning Brauer | |
utterly clear this is not a filter criteria but a packet modification thing. also preparation for upcoming changes, including one to unscrew this mess (I should not have to touch half the tree for this - ifixitlater) not user visible, ok gcc | |||
2012-06-25 | log all, not log-all; ok henning | Jason McIntyre | |
2012-04-30 | Check for nat_range_high before creating the PF nat rule. | Christiano F. Haesbaert | |
From Lawrence Teo. ok camield, myself, mikeb. | |||
2012-04-05 | Rate-limit accepting of new connections while we are experiencing | Camiel Dobbelaar | |
fd exhaustion. ok deraadt mikeb | |||
2012-03-06 | catch up with "on rdomain" changes; ok claudio | Mike Belopuhov | |
2012-03-04 | In preparation for getline and getdelim additions to libc, rename getline() | Federico G. Schwindt | |
occurrences to get_line(). Based on a diff from Jan Klemkow <j-dot-klemkow-at-wemelug-dot-de> to tech. | |||
2011-06-22 | fix whitespace | Stuart Henderson | |
2011-06-21 | Convert SO_RTABLE's protocol level to the SOL_SOCKET; ok claudio | Mike Belopuhov | |
2011-05-16 | tweak previous; | Jason McIntyre | |
2011-05-12 | Make it clear that ftp-proxy needs to make outbound connections. | Ryan Thomas McBride | |
ok claudio | |||
2011-04-28 | divert-to is picky about the address family so adjust the rule | Mike Belopuhov | |
2011-04-28 | switch ftp-proxy over to divert-to instead of rdr-to. this avoids | Mike Belopuhov | |
an expensive state lookup (via natlook ioctl) and shrinks the code. tested by me and sthen, ok reyk sthen | |||
2011-03-25 | Use the rdomain information returned by DIOCNATLOOK to install the | Claudio Jeker | |
nat-to and rdr-to rules with correct rtable rule attributes. This allows to use ftp-proxy to proxy accross rdomains. Tested and OK phessler@, OK henning@ | |||
2010-01-13 | pfr.rule.*.addr.type must be initialized to PF_ADDR_NONE for things that | Claudio Jeker | |
are not used. bzero() of the rule structure is not enough. Find with dlg@, OK mcbride@ | |||
2010-01-12 | First pass at removing the 'pf_pool' mechanism for translation and routing | Ryan Thomas McBride | |
actions. Allow interfaces to be specified in special table entries for the routing actions. Lists of addresses can now only be done using tables, which pfctl will generate automatically from the existing syntax. Functionally, this deprecates the use of multiple tables or dynamic interfaces in a single nat or rdr rule. ok henning dlg claudio | |||
2009-11-22 | Move from the PF_RULESET_FILTER world order to PF_TRANS_RULESET | Theo de Raadt | |
due to the standard henning+oga commit-and-run-for-beer problem. ok claudio | |||
2009-11-21 | If tagging is used use match rules instead of pass rules. This is needed | Claudio Jeker | |
so that later pass rules will not overwrite the nat-to/rdr-to settings. Because of this there must be an expilicit "pass .. tagged proxytag .." rule after the ftp-proxy anchor. OK henning@ | |||
2009-09-07 | rdr -> rdr-to | Jason McIntyre | |
from Karl-Heinz Wild | |||
2009-09-01 | Bring manpage up to speed with the changes that just happend or at least | Claudio Jeker | |
try to. | |||
2009-09-01 | Bring ftp-proxy in sync with the massive pf change just commited by Henning. | Claudio Jeker | |
This changes the way the rdr/nat rules are added to pf. Now only a single anchor is needed (the other ones do no longer exist). To convert your ruleset you need something like this at the start of your ruleset: # filter rules and anchors for ftp-proxy(8) anchor "ftp-proxy/*" pass in quick proto tcp to port ftp rdr-to 127.0.0.1 port 8021 This was tested by myself, sthen@, dlg@ and I think many more. OK by the same people plus henning. | |||
2008-06-13 | Better error messages. Include the function causing the problem and do not | Claudio Jeker | |
include the program name in logmsg() plus exit_daemon() does not return so make it a void function. OK mpf@ | |||
2008-04-22 | Flush output buffers before closing TCP session. Fixes the case where | Joel Knight | |
the proxy would eat the 221 response coming from the server towards the client. Patch from camield@. Tested by Camiel and myself. ok camield@ | |||
2008-04-13 | Use arc4random_buf() when requesting more than a single word of output | Damien Miller | |
Use arc4random_uniform() when the desired random number upper bound is not a power of two ok deraadt@ millert@ | |||
2008-02-26 | Don't pass quick when tagging, so the tag can be used outside | Henning Brauer | |
the ftp-proxy anchor. Exotic setups with route-to etc. can be implemented this way. from camield, ok reyk beck canacar and manpage polished by jmc | |||
2007-08-15 | Some servers / proxies out there like to open the data connection | Camiel Dobbelaar | |
immediately after the client sends the PORT command. The "normal" behaviour is to wait for the client to actually request a transfer. Make ftp-proxy add the active mode rules immediately too, so that both scenario's work. ok david pyr Tested by Frank Denis, Stephan A. Rickauer, Ingo Schwarze, Stuart Henderson. Thanks. | |||
2007-08-01 | - -T before -t | Jason McIntyre | |
- use .Bk/.Ek | |||
2007-08-01 | allow ftp-proxy to add tag statements to teh rules it inserts | Henning Brauer | |
clever, nice and easy diff from bsd@openbsd.rutgers.edu, ok pyr reyk | |||
2007-05-31 | convert to new .Dd format; | Jason McIntyre | |
2006-12-30 | Remove stub write callback functions now that libevent allows them to be NULL. | Camiel Dobbelaar | |
2006-12-30 | Convert three instances of atoi() to strtonum() and apply sane upper bounds. | Camiel Dobbelaar | |
Triggered by Rik/harry Bobbaers on bugs@. ok mbalmer@ ray@ | |||
2006-12-12 | Ignore sigpipe as libevent does not handle that for us. Confirmed by | Camiel Dobbelaar | |
provos. Fixes race condition where ftp-proxy would silently exit if a write was attempted on a socket that was closed by an RST. Should fix PR 5260. ok claudio@ | |||
2006-12-01 | forgot to update the comment as well | Camiel Dobbelaar | |
2006-12-01 | use flags S/SA for consistency with the rest of pf | Camiel Dobbelaar | |
2006-11-26 | repair missing DPADD requests | Theo de Raadt | |
2006-10-23 | no need to use "keep state" and "flags S/SA" in pf rules, | Jason McIntyre | |
now that it is the default; ok henning mcbride camield (ftp-proxy bits) deraadt | |||
2006-10-15 | Close file descriptors before cleaning up the events, might cause a race | Camiel Dobbelaar | |
otherwise. | |||
2006-08-30 | document that ftp-proxy cannot function at a raised securelevel | Camiel Dobbelaar | |
ok jmc marco | |||
2006-03-25 | unused variable | Camiel Dobbelaar | |
from Andrey Matveev | |||
2006-03-22 | Rework signal handling the idiomatic libevent way. From ospfd. | Camiel Dobbelaar | |
ok claudio henning | |||
2005-11-20 | .Sh SECURITY -> .Sh CAVEATS | Jason McIntyre | |
ok camield@ | |||
2005-11-18 | don't assume that close() can fail, from deraadt | Camiel Dobbelaar | |
ok henning deraadt | |||
2005-11-17 | buffer overflow | Theo de Raadt | |
2005-06-07 | add OpenBSD cvs tags, prompted by xsa@ | Camiel Dobbelaar | |
2005-06-07 | Introduce verbose option to control the logging of the pf rules. | Camiel Dobbelaar | |
ok beck mpf | |||
2005-05-31 | tweaks; | Jason McIntyre | |
2005-05-30 | Don't call va_start() when we do not log. From Andrey Matveev. | Camiel Dobbelaar | |