| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2004-05-10 | write filter and lock bpf descriptor before dropping privileges, | Can Erkin Acar | |
| with help from otto@, tested by mickey@ and jolan@, ok deraadt@ | |||
| 2004-05-10 | Check return value of fclose() calls after writing. | Otto Moerbeek | |
| ok deraadt@ tdeval@ | |||
| 2004-05-10 | Do not always print banner page. | Otto Moerbeek | |
| ok henning@ millert@ | |||
| 2004-05-10 | Make the accept socket non-blocking. Should not matter since we | Todd C. Miller | |
| use select anyway but seems like a good idea since we really don't want cron to block... | |||
| 2004-05-10 | when adding a new group to /etc/groups, place it just before the first | Theo de Raadt | |
| + entry. assistance from tdeval and otto. this is the first half of pr 3727, brendan@cs.uchicago.edu | |||
| 2004-05-09 | pretty | Theo de Raadt | |
| 2004-05-08 | off by one in key too long detection | Henning Brauer | |
| 2004-05-08 | fix redefinition detection with manual keyes ipsec | Henning Brauer | |
| 2004-05-08 | with manual keyed ipsec, we need keys and spis for both directions - | Henning Brauer | |
| enforce that | |||
| 2004-05-08 | Filter bpf writes and lock descriptor. tested by hshoexer@ | Can Erkin Acar | |
| ok henning@ deraadt@ | |||
| 2004-05-08 | as bloody attempt to document neighbor cloning | Henning Brauer | |
| 2004-05-08 | lots of munging about; canacar ok, tested by pb, looked at by various others | Theo de Raadt | |
| 2004-05-08 | a bloody attempt at documenting the ipsec fluff. | Henning Brauer | |
| this needs to be fleshed out and polished, but at least it is somewhat documented now... | |||
| 2004-05-08 | KNF | Henning Brauer | |
| 2004-05-08 | break out the consistency checking for neighbors in its own function, | Henning Brauer | |
| and verify that peers with ipsec have local-address specified (needed to set up the flows...) | |||
| 2004-05-08 | do not omit the IPv6 listening address | Henning Brauer | |
| 2004-05-08 | provide log_sockaddr, which uses getnameinfo(), and use it in | Henning Brauer | |
| log_conn_attempt | |||
| 2004-05-08 | allow for neighbor statements without { parameters } block; everything | Henning Brauer | |
| can be inherited from the group | |||
| 2004-05-08 | add support for ipsec ah with manual keys, pfkey part already does so, and | Henning Brauer | |
| flesh parser out a bit. also add support for printing ipsec ah with manual keys in printconf | |||
| 2004-05-08 | factor out the string -> key conversion code used for md5sig and twice for ipsec | Henning Brauer | |
| 2004-05-08 | remove unused argument to control_dispatch_msg(), lint | Henning Brauer | |
| 2004-05-08 | remove hostname lookup stuff, done at parse time now, ok theo | Henning Brauer | |
| 2004-05-08 | resolve hostnames at parse time, solves PR3771, ok theo | Henning Brauer | |
| 2004-05-08 | implement and use prefixlen2mask() instead of doing it by hand 3 times | Henning Brauer | |
| 2004-05-08 | Pass the length of what was captured to pfsync_print, not the length | Ryan Thomas McBride | |
| of the original packet. ok beck@ | |||
| 2004-05-07 | This makes afsd drop priviledge to user _afs inside a chroot (the | Bob Beck | |
| cache directory). This is privledge dropping, not full privsep. | |||
| 2004-05-07 | Fix some sizeof(ptr) bugs based on diffs from aaron@. | Todd C. Miller | |
| Note that this is not code that actually gets compiled. | |||
| 2004-05-07 | add a filter option to dump prefixes learned in UPDATEs into a PF table, | Damien Miller | |
| intended for building realtime BGP blacklists (e.g. with spamd); ok claudio & henning | |||
| 2004-05-06 | spacing | Theo de Raadt | |
| 2004-05-06 | knf and other cleanups | Theo de Raadt | |
| 2004-05-06 | pppoe now drops privileges to user _ppp and chroots after setting | Can Erkin Acar | |
| write filters and locking its bpf descriptor. ok deraadt@ | |||
| 2004-05-06 | debug.c not used | Theo de Raadt | |
| 2004-05-06 | actually reset p->auth_established to 0 in pfkey_[md5sig|ipsec]_remove | Henning Brauer | |
| 2004-05-06 | we need a seperate field for the md5 key len, can't use strlen, noticed | Henning Brauer | |
| by markus some time ago | |||
| 2004-05-06 | oups, spaces | Henning Brauer | |
| 2004-05-06 | print Multiprotocol capabilities slightly nicer | Henning Brauer | |
| 2004-05-06 | the Address Family Identifier field in the capability announcement is | Henning Brauer | |
| 2 octets, thus we need to transform it from/to network byte order... fixes capability announcement and -parsing | |||
| 2004-05-06 | do not punish the peer (by holding him in IDLE for IdleHoldTime seconds) when | Henning Brauer | |
| receiving a "unsupported capabilities" notification. Speeds capability negotiation up quite a bit with peers that like to whine about caoabilities they don't understand | |||
| 2004-05-06 | .Fl for flags, .Ar for arguments; | Jason McIntyre | |
| 2004-05-06 | improve logging in teh capabilities parser | Henning Brauer | |
| 2004-05-06 | scale socket buffer sizes (and thus window size) up to up to 64k, | Henning Brauer | |
| but only of tcp md5sig or ipsec is in use. excellent idea by ryan some time ago, claudio and theo agree | |||
| 2004-05-06 | whitespace; | Jason McIntyre | |
| 2004-05-06 | there's a little race condition: a session is taken down and its associated | Henning Brauer | |
| write buffers are cleared, but there could be imsgs from the RDE for that peer (e. g. UPDATEs) in the read buffers for the pipe to the RDE or buffered in the RDE or somesuch. Thus, in session_update(), explicitely check for the session state and just drop the message if the session is not in state ESTABLISHED. claudio ok | |||
| 2004-05-05 | Use RFC1323 PAWS timestamps as a logical extension to the conventional TCP | Mike Frantzen | |
| sequence numbers by taking advantage of the maximum 1KHz clock as an upperbound on the timestamp. Typically gains 10 to 18 bits of additional security against blind data insertion attacks. More if the TS Echo wasn't optional :-( Enabled with: scrub on !lo0 all reassemble tcp ok dhartmei@. documentation help from jmc@ | |||
| 2004-05-05 | simplify license. ok author. | Jakob Schlyter | |
| 2004-05-05 | move static filter out of function | Theo de Raadt | |
| 2004-05-04 | bye bye bootpd. You will not be missed. | Theo de Raadt | |
| 2004-05-04 | disable bootpd and friends. everyone -- get used to dhcpd for this. if | Theo de Raadt | |
| it cannot do something that it should be able to, let us know so that dhcpd can be fixed/extended/etc... there is no point in privsep'ing a duplicate daemon. other parts of this equation will be removed in the next few days.. | |||
| 2004-05-04 | remove DEBUG_PACKET stuff; henning ok | Theo de Raadt | |
| 2004-05-04 | remove unused stuff; henning ok | Theo de Raadt | |
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |