wireguard-openbsd - WireGuard implementation for the OpenBSD kernel

	Commit message (Collapse)	Author	Age	Files	Lines
*	remove libexec/tftp-proxy now we have usr.sbin/tftp-proxy	dlg	2012-08-30	5	-683/+0
\| \| \| \|	ok deraadt@
*	remove unused functions, ok phessler	sthen	2012-07-08	1	-41/+1
\|
*	rename prio in struct pf_rule and related structs to set_prio so it is	henning	2012-07-07	1	-2/+2
\| \| \| \| \| \| \|	utterly clear this is not a filter criteria but a packet modification thing. also preparation for upcoming changes, including one to unscrew this mess (I should not have to touch half the tree for this - ifixitlater) not user visible, ok gcc
*	Fill in default values for rtableid/onrdomain/prio when creating PF rules,	sthen	2012-03-06	1	-1/+4
\| \| \| \|	prompted by a mail from Gabriel Linder. OK henning@
*	tweak previous;	jmc	2011-09-28	1	-2/+2
\|
*	tweak tftp-proxy to:	dlg	2011-09-28	2	-85/+73
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	1. use a BINDANY socket to connect from the proxy to the server using the clients address. 2. fork a child to do the work so inetd doesnt keep trying to send more packets to the proxy, as per doco in the inetd manpage for dgram wait sockets. because of 1 you now have to add a pass out divert-reply for the proxy to server packet to your pf ruleset. this allows a series of rapid tftp connections from the same host to a server in my environment. without this diff there's several minutes of waiting in between requests because of issues with the rules from previous requests stealing packets but not forwarding them combined with inetd giving too many packets to tftp-proxy that only expects to handle one. this is going in so i can hack on PFRULE_ONCE support. ok mikeb@ sthen@
*	fix whitespace	sthen	2011-06-22	1	-5/+5
\|
*	Fix another pre-{rdr,nat}-to rule example...	sthen	2011-06-22	1	-3/+4
\|
*	Switch tftp-proxy over to using divert-to. Based on a diff from oga@	sthen	2011-05-05	4	-161/+28
\| \| \| \| \| \| \| \| \| \| \| \|	with lots of help from claudio@. Earlier version was ok mikeb@ and looks good to markus@. Note: tftp-proxy rdr-to rules must be changed to use divert-to and must specify the address family. pass in quick on internal proto udp to port tftp rdr-to 127.0.0.1 port 6969 -changes to- pass in quick on internal inet proto udp to port tftp divert-to 127.0.0.1 port 6969
*	pfr.rule.*.addr.type must be initialized to PF_ADDR_NONE for things that	claudio	2010-01-13	1	-1/+5
\| \| \| \| \|	are not used. bzero() of the rule structure is not enough. Found with dlg@, OK mcbride@
*	First pass at removing the 'pf_pool' mechanism for translation and routing	mcbride	2010-01-12	1	-15/+5
\| \| \| \| \| \| \| \| \| \| \|	actions. Allow interfaces to be specified in special table entries for the routing actions. Lists of addresses can now only be done using tables, which pfctl will generate automatically from the existing syntax. Functionally, this deprecates the use of multiple tables or dynamic interfaces in a single nat or rdr rule. ok henning dlg claudio
*	Move from the PF_RULESET_FILTER world order to PF_TRANS_RULESET	deraadt	2009-11-22	1	-2/+2
\| \| \| \| \|	due to the standard henning+oga commit-and-run-for-beer problem. ok claudio
*	remove unused variable	chl	2009-11-01	1	-2/+1
\| \| \| \|	ok sthen@
*	Adjust example pf rules to take nat-to/rdr-to into account.	sthen	2009-09-01	1	-26/+13
\|
*	adapt to new pf, ok henning@	sthen	2009-09-01	1	-77/+26
\|
*	Remove unused add_nat() function, ok jcs@	sthen	2009-07-30	2	-38/+2
\|
*	Use arc4random_buf() when requesting more than a single word of output	djm	2008-04-13	1	-3/+3
\| \| \| \| \| \| \|	Use arc4random_uniform() when the desired random number upper bound is not a power of two ok deraadt@ millert@
*	msg_controllen has to be CMSG_SPACE so that the kernel can account for	deraadt	2008-03-24	1	-2/+2
\| \| \| \| \| \| \|	each cmsg_len (ie. msg_controllen = sum of CMSG_ALIGN(cmsg_len). This works now that kernel fd passing has been fixed to accept a bit of sloppiness because of this ABI repair. lots of discussion with kettenis
*	Repair more msg_controllen dealing with structures or arrays of	deraadt	2008-03-15	1	-2/+2
\| \| \| \|	descriptors; ok hshoexer, also looked at by kettenis and henning
*	Correct CMSG_SPACE and CMSG_LEN usage everywhere in the tree. Due to	deraadt	2008-03-13	1	-5/+7
\| \| \| \|	an extensive discussion with otto, kettenis, millert, and hshoexer
*	default rule.flags and rule.flagset to 0 instead of null	jcs	2007-06-23	1	-3/+3
\| \| \| \|	from max laier
*	convert to new .Dd format;	jmc	2007-05-31	1	-2/+2
\|
*	add an additional rule to the filter anchor that allows traffic out from	joel	2006-12-20	1	-1/+8
\| \| \| \| \| \| \|	the server to the client. this is necessary in case the server is not otherwise allowed to talk to the client. ok jcs@
*	import tftp-proxy 1.6, a tftp helper for pf	jcs	2005-12-28	5	-0/+962
	ok jolan@, msf@, millert@ man page help from jmc@