summaryrefslogtreecommitdiff
path: root/sys/net/if_pfsync.c
AgeCommit message (Expand)Author
2013-08-07states learnt via pfsync from a peer with the same ruleset checksum wereDavid Gwynne
2013-06-20Revert previous and unbreak asr, the new include should be protected.Martin Pieuchot
2013-06-20Allocate the various hook head descriptors as part of the ifnetMartin Pieuchot
2013-05-10Since pf_state_key_attach can decide to free the provided stateMike Belopuhov
2013-03-28no need for a lot of code to include proc.hTed Unangst
2013-03-26Remove various read-only *maxlen variables and use IFQ_MAXLEN directly.Martin Pieuchot
2012-10-30Use time_uptime for expiration values as time_second can be skewed atFlorian Obser
2012-10-09simplify hook_disestablish() handling by always resetting the hook whenMarkus Friedl
2012-10-08make sure we don't call hook_disestablish() twice e.g. ifconfig -syncdevMarkus Friedl
2012-09-20pfsync_cancel_full_update needs to restore carp demotions sinceMike Belopuhov
2012-09-20spltdb() was really just #define'd to be splsoftnet(); replace the formerBret Lambert
2012-09-19update the tdb replay counter endian conversion to 64 bits;Mike Belopuhov
2012-07-26rename all_state_flags to state_flags to finish the transitionMike Belopuhov
2012-06-30Fix a number of problems introduced by the link state handling commit:Mike Belopuhov
2012-06-30backout rev1.185 as it's not what i have intended to commitMike Belopuhov
2012-06-29add ESN-related bits missed in the previous commitMike Belopuhov
2012-06-28Fix a number of problems introduced by the link state handling commit:Mike Belopuhov
2012-04-11fix all the suser calls which pass an incorrect p_acflag argument;Mike Belopuhov
2012-04-07remove superfluous return, ok mikebCamiel Dobbelaar
2012-04-03Fix kernel compilation with pf but without pfsync pseudo-device byMike Belopuhov
2012-02-03The kernel did not compile without INET6. Put some #ifdefs intoAlexander Bluhm
2012-01-16do carp demotion adjustments on syncdev link state change.Mike Belopuhov
2011-12-01Make sure we only enter pf_route() when undefering in the PF_ROUTETO case.Ryan Thomas McBride
2011-11-29use a u_int64_t for the state id in pfsync_state. this makes it consistentDavid Gwynne
2011-11-27Protect more operations in the pfsync_clone_destroy to preventMike Belopuhov
2011-11-26Apply route-to to deferred packet; without this the first packet of aRyan Thomas McBride
2011-11-25use time_uptime to set state creation values as time_second can beDavid Gwynne
2011-11-16Improve flag setting ioctl so that bulk updates are requestedMike Belopuhov
2011-11-09State expire time is a baseline time ("last active") for expiryCamiel Dobbelaar
2011-11-04Select a correct protocol for a stack side state key when importingMike Belopuhov
2011-10-31Don't forget to cancel bulk update failure timeout when destroying anMike Belopuhov
2011-10-30Allow setting big MTU values on the pfsync interface but not largerMike Belopuhov
2011-10-20remove a bogus chunk accidentally introduced by mcbride in rev1.141;Mike Belopuhov
2011-10-13Since the IPv6 madness is not enough introduce NAT64 -- which is actuallyClaudio Jeker
2011-08-03someone (*cough*henning*cough*) made pf_state.state_flags a u_int16_tDavid Gwynne
2011-08-02Replace one byte of padding with sa_family_t af in pfsync_state_key;Ryan Thomas McBride
2011-07-06cosnistently use IFQ_SET_MAXLEN, surfaced in a discussion with + ok bluhmHenning Brauer
2011-07-04use mtod.David Hill
2011-05-10when undeferring a packet, try to timeout_del first to check if youDavid Gwynne
2011-04-02dont let pfsync defer packets for states with NOSYNC set.David Gwynne
2011-03-02when sending deferred packets use ip6_output for v6 frames instead ofDavid Gwynne
2011-01-11delay deferred packets for a maximum of 20ms instead of 100 ticks (whichDavid Gwynne
2010-11-29use m_pulldown to get a contig view of the pfsync_header instead ofDavid Gwynne
2010-11-29get rid of struct pfsync_pkt. it was used to store data on the stack toDavid Gwynne
2010-11-28there's no need to take splsoftnet in the input packet action handlersDavid Gwynne
2010-09-27must have either PR_WAITOK or PR_NOWAIT set.David Gwynne
2010-09-08creating a pfsync interface is always done from process context, soBret Lambert
2010-07-28pfsync_bulk_fail was mucking around with pfsync_softc and sending packetsDavid Gwynne
2010-07-25Add missing braces so a loop will function as intended.Jonathan Gray
2010-07-09Add support for using IPsec in multiple rdomains.Reyk Floeter