tangled
alpha
login
or
join now
jcs.org
/
openbsd-src
0
fork
atom
jcs's openbsd hax
openbsd
0
fork
atom
overview
issues
pulls
pipelines
openbsd-src
/
sbin
/
pfctl
/
at
fan
13 files
Makefile
Revert change that benno apparently commited by mistake and breaks build on gcc architectures. ok florian@
8 years ago
parse.y
internal representation of icmp type/code in pfctl(8)/pf(4) does not fit into u_int8_t. Issue has been noticed and kindly reported by amalinin _at_ bh0.amt.ru via bugs@.
3 years ago
pf_print_state.c
Show the routing address selected by "route-to" in "pfctl -s states".
7 years ago
pfctl.8
Improve "once" bits
3 years ago
pfctl.c
PF_ANCHOR_STACK_MAX is insufficient protection against stack overflow. On amd64 stack overflows for anchor rule with depth ~30. The tricky thing is the 'safe' depth varies depending on kind of packet processed by pf_match_rule(). For example for local outbound TCP packet stack overflows when recursion if pf_match_rule() reaches depth 24.
3 years ago
pfctl.h
Do the actual pfr_strerror() to pf_strerror() rename
6 years ago
pfctl_optimize.c
When it's the possessive of 'it', it's spelled "its", without the apostrophe.
4 years ago
pfctl_osfp.c
Enable pfctl(8) to recursively flush rules and tables from PF driver. The recursive operation ("pfctl -a '*' ...") works for '-s' option already. This change enables the same thing for '-F' option, so "pfctl -a '*' -Fa" will flush everything from PF driver.
6 years ago
pfctl_parser.c
simplify expiration of 'once' rules. let packet to mark 'once' rule as expired. The rule will be removed by pfctl(8) when rules are updated.
3 years ago
pfctl_parser.h
- pfctl $nr incorrect macro expansion
4 years ago
pfctl_queue.c
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
6 years ago
pfctl_radix.c
Unify error message for nonexisting anchors
6 years ago
pfctl_table.c
Fix DIOCIGETIFACES ioctl so all network interfaces and interface groups are reported. The bug allowed to enumerate the first 64 interfaces only.
3 years ago
jcs.org