| Age | Commit message (Collapse) | Author |
|---|
|
|
|
ok claudio@
|
|
Allow for padding bytes in the IP packet (length > ntohs(op->ospf_len))
but report both length in that case.
OK sthen@, deraadt@
|
|
longer suppress spacing when used at the beginning of an input line,
and mandoc now follows the same behaviour as new groff.
Thus, sweep the tree and remove useless .Ns.
Most places found by jmc@; ok jmc@ kristaps@.
|
|
order and therefore a ntohs is needed to show the rdomain correctly.
OK henning@ dlg@
|
|
other updates in the process. Initial report/patch from Christiano
F. Haesbaert. Ok matthew@
|
|
who decided to just do it on their own. henning, mcbride, jsing -- shame
on you -- if you had shown this diff to just 1 other network developer,
the astounding mistake in it would have been noticed. Start practicing
inclusionary development instead of going alone.
ok claudio
|
|
by mcbride@.
ok mcbride@ henning@
|
|
to 8-byte boundary on 64-bit architectures. Instead explicitly round up
to a 4-byte boundary. Reported and tested by sthen@
|
|
addresses/ports too. ok ryan dlg
|
|
and protocol header actually fit in the common cases.
stays until canacar tells us how to do it right ;)
ok dlg ryan
|
|
|
|
|
|
ok claudio@ deraadt@
|
|
Spotted by Mike Belopuhov. ok jsing@ deraadt@
|
|
labels we use decimal.
OK jsg@ deraadt@
|
|
ok ryan theo & herr reyksminister
|
|
ok deraadt@ sthen@
|
|
cleaned up to be less gross after some suggestions from stsp.
ok stsp@
|
|
of the id payload, so using the existing id printer. ok dlg@
|
|
|
|
ok yasuoka@
* add many missing truncation checks and don't output control
characters to the terminal
ok sthen@
|
|
options are specified.
ok claudio@ sthen@ deraadt@ jmc@
|
|
|
|
calculation. Mostly from tcpdump.org; ok jsing@
|
|
syntax errors found by mandoc(1), also required to fix the mandoc build;
ok jmc@
|
|
- sync actions with PF changes (pass/block/match not just pass/block,
and remove some binat/nat/rdr entries)
- list all reason codes in tcpdump(8)
ok henning jmc
|
|
is run with -v. This behavior is analog to ipv4.
ok mpf@ todd@
|
|
treat them the same as truncated packets
ok sthen
|
|
|
|
Found by parfait.
|
|
|
|
used to carry GPRS data over IP for GSM and UMTS networks. The decoder
understands GTPv0, GTPv0', GTPv1-C, GTPv1-U and GTPv1' traffic, however
at this stage not all TLV fields are fully decoded.
This work has been kindly sponsored by SystemNet AS (www.systemnet.no).
"commit" deraadt@
|
|
|
|
tables on top of a rdomain) but until now our code was a crazy mix so that
it was impossible to correctly use rtables in that case. Additionally pf(4)
only knows about rtables and not about rdomains. This is especially bad when
tracking (possibly conflicting) states in various domains.
This diff fixes all or most of these issues. It adds a lookup function to
get the rdomain id based on a rtable id. Makes pf understand rdomains and
allows pf to move packets between rdomains (it is similar to NAT).
Because pf states now track the rdomain id as well it is necessary to modify
the pfsync wire format. So old and new systems will not sync up.
A lot of help by dlg@, tested by sthen@, jsg@ and probably more
OK dlg@, mpf@, deraadt@
|
|
survived a full make build on i386;
"sure" deraadt@
|
|
unmaintainable). these days, people use source. these id's do not provide
any benefit, and do hurt the small install media
(the 33,000 line diff is essentially mechanical)
ok with the idea millert, ok dms
|
|
additional checks to make sure the known capabilities are correctly
encoded and not truncated. Help and OK sthen@
|
|
and handle 32-bit ASN. ok claudio@
|
|
of pcap_live and priv_pcap_live in rev 1.6 to differ from the implementations,
change the type back to what it was.
ok djm@
|
|
|
|
|
|
ICMP_UNREACH_PORT. from Peter J. Philipp, ok jsing@. Closes system/6149.
|
|
|
|
|
|
with deraadt@, mcbride@, and mpf@ it is obvious that a hmac doesnt make
sense for pfsync.
this also firms up some of the input parsing so it handles short frames a
bit better.
|
|
|
|
frame according to the pfsync header. dont try to parse an unsupported
version of the protocol.
|
|
ok hshoexer msf
|
|
WARNING: THIS BREAKS COMPATIBILITY WITH THE PREVIOUS VERSION OF PFSYNC
this is a new variant of the protocol and a large reworking of the
pfsync code to address some performance issues. the single largest
benefit comes from having multiple pfsync messages of different
types handled in a single packet. pfsyncs handling of pf states is
highly optimised now, along with packet parsing and construction.
huggz for beck@ for testing.
huge thanks to mcbride@ for his help during development and for
finding all the bugs during the initial tests.
thanks to peter sutton for letting me get credit for this work.
ok beck@ mcbride@ "good." deraadt@
|
