| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2004-06-14 | Fix tcpslice ftp URL. From f5813 at sbcglobal dot net. | Otto Moerbeek | |
| 2004-06-09 | Take better care of people down under living in X and a half hour | Otto Moerbeek | |
| timezones. ok canacar@ | |||
| 2004-05-21 | add DLT_PPP_ETHER support plus some fixes for pppoe_if_print(). | Brad Smith | |
| ok canacar@ From: Marc Huber <pppoe at pro-bono-publico dot de> | |||
| 2004-05-15 | Naming consistency. From Alexander Guy. ok canacar@ | Otto Moerbeek | |
| 2004-05-13 | Unswap the vhid and advskew values. | Ryan Thomas McBride | |
| 2004-05-08 | Pass the length of what was captured to pfsync_print, not the length | Ryan Thomas McBride | |
| of the original packet. ok beck@ | |||
| 2004-05-06 | whitespace; | Jason McIntyre | |
| 2004-05-05 | Use RFC1323 PAWS timestamps as a logical extension to the conventional TCP | Mike Frantzen | |
| sequence numbers by taking advantage of the maximum 1KHz clock as an upperbound on the timestamp. Typically gains 10 to 18 bits of additional security against blind data insertion attacks. More if the TS Echo wasn't optional :-( Enabled with: scrub on !lo0 all reassemble tcp ok dhartmei@. documentation help from jmc@ | |||
| 2004-04-29 | a slight polishing... | Theo de Raadt | |
| 2004-04-29 | unused variables; ok mcbride | Theo de Raadt | |
| 2004-04-28 | Fix fd leaks. | Can Erkin Acar | |
| Found by and ok deraadt@ | |||
| 2004-04-28 | Make tcpdump print carp as carp. Printing vrrp can be forced with -T vrrp. | Ryan Thomas McBride | |
| ok markus@ pb@ | |||
| 2004-04-23 | Silence getopt() in the priv process. ok canacar@ henning@ | Otto Moerbeek | |
| 2004-04-14 | Don't forget to move to STATE_RUN if the -w output file is stdout. | Otto Moerbeek | |
| ok canacar@ | |||
| 2004-04-13 | Cleanup and more careful payload parsing. | Hans-Joerg Hoexer | |
| ok ho@ | |||
| 2004-04-08 | only close fd if its valid, from Moritz Jodeit <moritz at jodeit.org> | Anil Madhavapeddy | |
| canacar@ ok | |||
| 2004-04-08 | In error message, use saved errno, not current errno. | Anil Madhavapeddy | |
| From Moritz Jodeit <moritz at jodeit.org> | |||
| 2004-04-07 | Fix bounds check for printing of ip6 options. Similar fix in tcpdump | Otto Moerbeek | |
| 3.8.1. From Greg Taleck <taleck at oz dot net>, with twist from me to keep diffablility. | |||
| 2004-04-06 | Print DELETE payload contents. ok markus@. | Hakan Olsson | |
| 2004-04-03 | - dont send junk err in parent_open_dump() if filename is NULL | Anil Madhavapeddy | |
| - dont close an invalid fd canacar@ ok | |||
| 2004-03-22 | Add support for PFSYNC_ACT_BUS. (Bulk Update Status) | Ryan Thomas McBride | |
| ok deraadt@ | |||
| 2004-03-19 | Remove errant ';' from end of for() statement. deraadt@ ok | Aaron Campbell | |
| 2004-03-15 | if (foo); ok aaron@ | Damien Miller | |
| 2004-03-14 | Check return code of chdir() after chroot(); noted by Joris Vink, slight mod | Otto Moerbeek | |
| from avsm@. ok avsm@ hshoexer@ henning@ | |||
| 2004-03-12 | Check payload size more carefully when printing ike messages. Identified by | Hans-Joerg Hoexer | |
| cloder@. ok ho@ otto@ cloder@ | |||
| 2004-02-20 | Print ifname in PFSYNC_ACT_CLR message if present. | Ryan Thomas McBride | |
| 2004-02-15 | string.h for memset | Jolan Luff | |
| 2004-02-14 | KNF | Hakan Olsson | |
| 2004-02-14 | Fix DOI select logic, which was broken for IKE vendors that sends non-zero | Hakan Olsson | |
| spi_size in their phase 1 proposals, such as some DLink VPN routers. Also replace u_char with u_int8_t. markus@, hshoexer@ ok. | |||
| 2004-02-13 | Print protocol and service numbers correctly when -n switch is specified. | Can Erkin Acar | |
| reported by mcbride@ ok otto@ mcbride@ | |||
| 2004-02-10 | Make pfsync printing consistent with rest of tcpdump regarding newlines, | Ryan Thomas McBride | |
| pass -vv in to pf_print_state(), and print update count where appropriate. | |||
| 2004-02-10 | Make pfsync work correctly with IP options on 64-bit alignment | Ryan Thomas McBride | |
| sensitive CPUs. Pointed out by deraadt@. | |||
| 2004-02-05 | Don't print two confusing error messages, print a single clear one. | Otto Moerbeek | |
| ok deraadt@ hshoexer@ avsm@ | |||
| 2004-02-04 | Better error message when bpf device open fails. | Otto Moerbeek | |
| ok dhartmei@ brad@ | |||
| 2004-02-04 | Some more non-alignment problems resolved. | Otto Moerbeek | |
| ok deraadt@ | |||
| 2004-02-02 | Do away with non-aligned memory accesses. | Otto Moerbeek | |
| ok deraadt@ hshoexer@ | |||
| 2004-01-31 | general cleanup and better SIGCHLD handling from millert@ | Otto Moerbeek | |
| ok canacar@ | |||
| 2004-01-28 | privilege separated tcpdump, joint work with otto@ | Can Erkin Acar | |
| tested by avsm@ vincent@ dhartmei@ markus@ hshoexer@ and others go for it deraadt@ | |||
| 2004-01-22 | 802.3X pretty printer (dead simple) | Jason Wright | |
| jakob@: "seems reasonable" | |||
| 2004-01-21 | Increment the right pointers, so we don't print the same entries repeatedly. | Ryan Thomas McBride | |
| 2004-01-21 | Clean up pfsync output: print source address by default, pass -vv correctly | Ryan Thomas McBride | |
| to pf_print_state(), and other minor cleanup. | |||
| 2004-01-20 | If you go through the trouble of caching the name of the last printed | Otto Moerbeek | |
| rpc num, you might as well use it later too. ok canacar@ | |||
| 2004-01-18 | Sync print-domain with tcpdump.org; avoids tcpdump barfing on bogus | Otto Moerbeek | |
| DNS traffic. ok canacar@ jakob@ | |||
| 2004-01-15 | Input should be atleast an isakmp_header long. otto@, markus@ ok. | Hakan Olsson | |
| 2004-01-15 | print tcpmd5 signature options; with/ok itojun | Markus Friedl | |
| 2004-01-10 | Avoid duplication of code; handle truncated packets properly; use | Otto Moerbeek | |
| fn_print to print strings. Joint work with & ok canacar@. | |||
| 2004-01-09 | Avoid messing up the screen by non-printable chars in hostname + | Otto Moerbeek | |
| sync with tcpdump.org. ok canacar@ | |||
| 2004-01-04 | zap unused variable; ok mcbride | Peter Valchev | |
| 2003-12-31 | Many improvements to the handling of interfaces in PF. | Cedric Berger | |
| 1) PF should do the right thing when unplugging/replugging or cloning/ destroying NICs. 2) Rules can be loaded in the kernel for not-yet-existing devices (USB, PCMCIA, Cardbus). For example, it is valid to write: "pass in on kue0" before kue USB is plugged in. 3) It is possible to write rules that apply to group of interfaces (drivers), like "pass in on ppp all" 4) There is a new ":peer" modifier that completes the ":broadcast" and ":network" modifiers. 5) There is a new ":0" modifier that will filter out interface aliases. Can also be applied to DNS names to restore original PF behaviour. 6) The dynamic interface syntax (foo) has been vastly improved, and now support multiple addresses, v4 and v6 addresses, and all userland modifiers, like "pass in from (fxp0:network)" 7) Scrub rules now support the !if syntax. 8) States can be bound to the specific interface that created them or to a group of interfaces for example: - pass all keep state (if-bound) - pass all keep state (group-bound) - pass all keep state (floating) 9) The default value when only keep state is given can be selected by using the "set state-policy" statement. 10) "pfctl -ss" will now print the interface scope of the state. This diff change the pf_state structure slighltly, so you should recompile your userland tools (pfctl, authpf, pflogd, tcpdump...) Tested on i386, sparc, sparc64 by Ryan Tested on macppc, sparc64 by Daniel ok deraadt@ mcbride@ | |||
| 2003-12-28 | Unbreak tree by using correct PFSYNC_ACT_UREQ #define. | Ryan Thomas McBride | |
| Also remove unused hlen variable. | |||
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |