Age | Commit message (Expand) | Author |
2009-12-14 | fix sticky-address - by pretty much re-implementing it. still following | Henning Brauer |
2009-12-03 | fix order dependency of pfsync interface setup, with claudio; | Otto Moerbeek |
2009-11-23 | remove the nat_rule pointer on pf_state and pf_pdesc, obsolete after | Henning Brauer |
2009-11-22 | cleanup after the NAT changes. we used to have multiple rulesets (scrub, | Henning Brauer |
2009-11-12 | be paranoid in case the action array changes size (again, grr) | Theo de Raadt |
2009-11-03 | rtables are stacked on rdomains (it is possible to have multiple routing | Claudio Jeker |
2009-09-28 | when inserting a state, turn the error that pf_state_insert returns | David Gwynne |
2009-08-16 | remove prototypes of a bunch of functions that had their implementations | Jonathan Gray |
2009-06-17 | do better detection of when we have a better version of the tcp sequence | David Gwynne |
2009-06-14 | enable support for deferring the packet that creates a state so that your | David Gwynne |
2009-06-12 | rewrite the way states from pfsync are merged into the local state tree | David Gwynne |
2009-06-10 | jj reported a panic in bulk updates to me. this is my attempt to fix the | David Gwynne |
2009-05-13 | dont go splx(s) in the ioctl handler if we havent done splnet(). this adds | David Gwynne |
2009-05-13 | only keep track of the number of updates on tcp connections. state sync on | David Gwynne |
2009-04-15 | move pfsync stale update messages to NOISY level; ok dlg@ henning@ | David Krause |
2009-04-04 | use time_uptime instead of time_second internally. time_uptime isnt | David Gwynne |
2009-03-31 | do not include space in the end of the from for a hmac. after discussion | David Gwynne |
2009-03-23 | wait an appropriate amount of time before giving up on a bulk update, | David Gwynne |
2009-03-17 | we do know how to handle iack. in the rx path at least. | David Gwynne |
2009-03-15 | Introduce splsoftassert(), similar to splassert() but for soft interrupt | Miod Vallat |
2009-03-01 | rework serialisation of messages slightly. | David Gwynne |
2009-03-01 | check pfsyncs IFF_RUNNING flag before doing stuff. should save time for | David Gwynne |
2009-03-01 | i can't see a reason that we'd need to go to splnet to call ip_output. | David Gwynne |
2009-02-26 | bulk updates are sent from a timeout which walks over the state tree and | David Gwynne |
2009-02-24 | restore the parsing of incoming tdb update messages. this was disabled | David Gwynne |
2009-02-24 | request a bulk update when the pfsync if configuration is changed via an | David Gwynne |
2009-02-23 | dont put pfsync packets on the wire if no syncdev is specified. issues | David Gwynne |
2009-02-18 | if a peer requests a state that is marked as NOSYNC, then skip it. | David Gwynne |
2009-02-17 | // style comments shouldnt be in the tree. | David Gwynne |
2009-02-17 | assert copyright over the changes i made. | David Gwynne |
2009-02-17 | init the tdb tailq. hopefully this fixes sthens crash. | David Gwynne |
2009-02-17 | fix uninitialized variable. | Charles Longeau |
2009-02-16 | pfsync v5, mostly written at n2k9, but based on work done at n2k8. | David Gwynne |
2008-12-21 | split the pfsync input routine up so that each action has its own function | David Gwynne |
2008-09-17 | remove dead stores and newly created unused variables. | Charles Longeau |
2008-09-10 | Convert timeout_add() calls using multiples of hz to timeout_add_sec() | Bret Lambert |
2008-09-02 | remove dead stores and newly created unused variables. | Charles Longeau |
2008-06-29 | Simplify state creation code; merge state import/export code between pfsync | Ryan Thomas McBride |
2008-06-19 | Fix handling check for NAT and creation of a second pf_state_key in pfsync. | Ryan Thomas McBride |
2008-06-10 | Simplify code slightly; use PR_ZERO with pool_get() rather than bzero(). | Ryan Thomas McBride |
2008-06-10 | save somespace in the state by collapsing two 8 bit ints used as booleans | Henning Brauer |
2008-06-10 | implement a sloppy tcpstate tracker which does not look at sequence | Henning Brauer |
2008-05-29 | Second half of PF state table rearrangement. | Ryan Thomas McBride |
2008-05-29 | rewrite the state table logic. | Henning Brauer |
2008-05-18 | KNF | Ryan Thomas McBride |
2008-05-06 | Add a counter to record how many states have been created by a rule. | Marco Pfatschbacher |
2008-01-12 | Kill all timeouts and undo carp demotion on pfsync_clone_destroy. | Marco Pfatschbacher |
2007-12-14 | add sysctl entry points into various network layers, in particular to | Theo de Raadt |
2007-09-18 | allow 4095 instead of 20 multicast group memberships per socket (you need | Markus Friedl |
2007-09-15 | malloc sweep: | Henning Brauer |