Age | Commit message (Collapse) | Author | |
---|---|---|---|
2003-12-22 | Fix unbounded recursion and an unsigned/signed mixup. Resolves PR 3610. | Otto Moerbeek | |
ok deraadt@ millert@ | |||
2003-12-19 | Argh. Calculate the length really, really correctly. | Ryan Thomas McBride | |
2003-12-19 | Calculate the length of the captured pfsync payload correctly when printing | Ryan Thomas McBride | |
pfsync packets recieved on the wire. Prevents printing of giberish states with snaplen smaller than the mtu of syncif on the sender, and probably other ungoodness. | |||
2003-12-18 | Recognize NAT-D and NAT-OA payloads. markus@ ok. | Hakan Olsson | |
2003-12-17 | Change pfsync IP protocol and multicast group numbers. | Ryan Thomas McBride | |
IPPROTO_PFSYNC -> 240 INADDR_PFSYNC_GROUP -> 224.0.0.240 ok deraadt@ | |||
2003-12-15 | Add initial support for pf state synchronization over the network. | Ryan Thomas McBride | |
Implemented as an in-kernel multicast IP protocol. Turn it on like this: # ifconfig pfsync0 up syncif fxp0 There is not yet any authentication on this protocol, so the syncif must be on a trusted network. ie, a crossover cable between the two firewalls. NOTABLE CHANGES: - A new index based on a unique (creatorid, stateid) tuple has been added to the state tree. - Updates now appear on the pfsync(4) interface; multiple updates may be compressed into a single update. - Applications which use bpf on pfsync(4) will need modification; packets on pfsync no longer contains regular pf_state structs, but pfsync_state structs which contain no pointers. Much more to come. ok deraadt@ | |||
2003-11-08 | Return proper anchor rule number in correct byte order. | Daniel Hartmeier | |
From Pyun YongHyeon. ok henning@, canacar@ | |||
2003-11-08 | typos from Jonathon Gray; | Jason McIntyre | |
2003-11-08 | Print "|pfsync" if the packet is truncated, not "|pflog". | Ryan Thomas McBride | |
2003-11-05 | Make tcpdump -x work with pfsync. | Ryan Thomas McBride | |
ok dhartmei@ | |||
2003-11-02 | - newline before printing first state (so they all line up and the first | Ryan Thomas McBride | |
state doesn't wrap) - No need to print the rule number, that's included in the -v output. ok dhartmei@ canacar@ | |||
2003-10-12 | Default snaplen is 96 not 68, from Pyun YongHyeon, ok deraadt@ | Daniel Hartmeier | |
2003-10-12 | Make it compile without INET6, from Max Laier, ok deraadt@ | Daniel Hartmeier | |
2003-09-25 | - simplify macros | Jason McIntyre | |
- sort options - typos and formatting improvements - sync usage() and SYNOPSIS | |||
2003-09-08 | Fix 'tcpdump -v icmp' endianess buglet, print ID in hex. | Cedric Berger | |
Found by ho@, help/test pb@, hex suggestion/ok deraadt@ | |||
2003-09-04 | put escapes in the right place; | Jason McIntyre | |
(i.e. stuff I got wrong the first time, or missed) this includes some .Cd's with missing quotes and .Nm abuse in man4; | |||
2003-09-02 | escape punctuation; (and a nit in openssl.1) | Jason McIntyre | |
ok deraadt@ | |||
2003-08-28 | tweak; | Jason McIntyre | |
ok frantzen@ | |||
2003-08-21 | print the operating system of TCP SYN packets with the -o option | Mike Frantzen | |
2003-07-17 | add support for ESP decryption; ok deraadt@; feedback mickey@; | Markus Friedl | |
many manpage fixes from jmc@ | |||
2003-07-14 | macro fixes; | Jason McIntyre | |
2003-07-08 | print ip_{src,dst} again; ok henning@ | Markus Friedl | |
2003-06-26 | ansi and protos | Theo de Raadt | |
2003-06-21 | #ifdef INET6 | Daniel Hartmeier | |
2003-06-21 | count packets and bidirectionally on state entries, allowing for fine-grained | Damien Miller | |
traffic reporting w/ pfsync; ok dhartmei@ Note: ABI change (new fields in struct pf_state), requires a rebuild of pfctl and tcpdump. | |||
2003-06-12 | - section reorder | Jason McIntyre | |
- macro fixes - kill whitespace at EOL - new sentence, new line | |||
2003-06-11 | support for NAT-T (draft-ietf-ipsec-udp-encaps-06.txt); ok deraadt@ | Markus Friedl | |
2003-06-03 | last bit of clause 3 & 4 nuking for me. | Jason Wright | |
2003-06-02 | Remove the advertising clause in the UCB license which Berkeley | Todd C. Miller | |
rescinded 22 July 1999. Proofed by myself and Theo. | |||
2003-06-02 | three four kill ... | Michael Shalayeff | |
2003-05-22 | remove -Werror; ok millert | Peter Valchev | |
2003-05-14 | libpcap and tcpdump now understand the new pflog datalink type. | Can Erkin Acar | |
old datalink type is still recognized. ok henning@ dhartmei@ frantzen@ | |||
2003-04-14 | %d is 12 chars, not 10; ok deraadt | Peter Valchev | |
2003-04-08 | invalid mdoc macros | David Krause | |
caused words to disappear from the output ok jmc@ a while ago | |||
2003-04-04 | Back out the realloc change, to do it right requires more record | Todd C. Miller | |
keeping and could result in very large memory chunks. | |||
2003-04-02 | o Use realloc() instead of leaking memory when we need more than 1024 bytes | Todd C. Miller | |
o use strlcpy() deraadt@ OK | |||
2003-02-20 | add printing of ipcomp, and while in the neighborhood, make ah/esp actually | Jason Wright | |
check the length of the data | |||
2003-02-11 | Show DF on IP fragments | Cedric Berger | |
ok henric@ | |||
2003-01-28 | a lost ntohs() caused tcpdump not to print the action. | Henning Brauer | |
debugging session with and ok'd by dhartmei@ | |||
2003-01-27 | bugfix from Can Erkin Acar <canacar@eee.metu.edu.tr>: | Henning Brauer | |
hbhopt_print() and dstopt_print() can return 0 if the option is located just one byte short of snapend this would cause an infinite loop in ip6_print(). | |||
2003-01-07 | Remove pfr_unwrap_table workaround, it's no longer needed. | Daniel Hartmeier | |
2003-01-04 | workaround until pf fixes this | Theo de Raadt | |
2003-01-01 | Support all possible rule types ("scrub" rules can log packets being | Ryan Thomas McBride | |
dropped, others may as well in the future). ok dhartmei@ henning@ | |||
2002-12-23 | no need to ntohs the ports | Michael Shalayeff | |
2002-12-20 | use bcopy instead of struct assignment | Michael Shalayeff | |
2002-12-01 | Grammar nitpicking. | margarida | |
Closes PR 3005. fgsch@ ok | |||
2002-11-30 | pfsync support; deraadt@ ok | Michael Shalayeff | |
2002-11-30 | stop breaking the damn tree mickey | Theo de Raadt | |
2002-11-29 | tcpdump support for pfsync; henning@ ok | Michael Shalayeff | |
2002-11-28 | Check for invalid ICMP6 option length, ok itojun@ | Daniel Hartmeier | |