summaryrefslogtreecommitdiff
path: root/sys/net/if_pfsync.c
AgeCommit message (Expand)Author
2009-12-14fix sticky-address - by pretty much re-implementing it. still followingHenning Brauer
2009-12-03fix order dependency of pfsync interface setup, with claudio;Otto Moerbeek
2009-11-23remove the nat_rule pointer on pf_state and pf_pdesc, obsolete afterHenning Brauer
2009-11-22cleanup after the NAT changes. we used to have multiple rulesets (scrub,Henning Brauer
2009-11-12be paranoid in case the action array changes size (again, grr)Theo de Raadt
2009-11-03rtables are stacked on rdomains (it is possible to have multiple routingClaudio Jeker
2009-09-28when inserting a state, turn the error that pf_state_insert returnsDavid Gwynne
2009-08-16remove prototypes of a bunch of functions that had their implementationsJonathan Gray
2009-06-17do better detection of when we have a better version of the tcp sequenceDavid Gwynne
2009-06-14enable support for deferring the packet that creates a state so that yourDavid Gwynne
2009-06-12rewrite the way states from pfsync are merged into the local state treeDavid Gwynne
2009-06-10jj reported a panic in bulk updates to me. this is my attempt to fix theDavid Gwynne
2009-05-13dont go splx(s) in the ioctl handler if we havent done splnet(). this addsDavid Gwynne
2009-05-13only keep track of the number of updates on tcp connections. state sync onDavid Gwynne
2009-04-15move pfsync stale update messages to NOISY level; ok dlg@ henning@David Krause
2009-04-04use time_uptime instead of time_second internally. time_uptime isntDavid Gwynne
2009-03-31do not include space in the end of the from for a hmac. after discussionDavid Gwynne
2009-03-23wait an appropriate amount of time before giving up on a bulk update,David Gwynne
2009-03-17we do know how to handle iack. in the rx path at least.David Gwynne
2009-03-15Introduce splsoftassert(), similar to splassert() but for soft interruptMiod Vallat
2009-03-01rework serialisation of messages slightly.David Gwynne
2009-03-01check pfsyncs IFF_RUNNING flag before doing stuff. should save time forDavid Gwynne
2009-03-01i can't see a reason that we'd need to go to splnet to call ip_output.David Gwynne
2009-02-26bulk updates are sent from a timeout which walks over the state tree andDavid Gwynne
2009-02-24restore the parsing of incoming tdb update messages. this was disabledDavid Gwynne
2009-02-24request a bulk update when the pfsync if configuration is changed via anDavid Gwynne
2009-02-23dont put pfsync packets on the wire if no syncdev is specified. issuesDavid Gwynne
2009-02-18if a peer requests a state that is marked as NOSYNC, then skip it.David Gwynne
2009-02-17// style comments shouldnt be in the tree.David Gwynne
2009-02-17assert copyright over the changes i made.David Gwynne
2009-02-17init the tdb tailq. hopefully this fixes sthens crash.David Gwynne
2009-02-17fix uninitialized variable.Charles Longeau
2009-02-16pfsync v5, mostly written at n2k9, but based on work done at n2k8.David Gwynne
2008-12-21split the pfsync input routine up so that each action has its own functionDavid Gwynne
2008-09-17remove dead stores and newly created unused variables.Charles Longeau
2008-09-10Convert timeout_add() calls using multiples of hz to timeout_add_sec()Bret Lambert
2008-09-02remove dead stores and newly created unused variables.Charles Longeau
2008-06-29Simplify state creation code; merge state import/export code between pfsyncRyan Thomas McBride
2008-06-19Fix handling check for NAT and creation of a second pf_state_key in pfsync.Ryan Thomas McBride
2008-06-10Simplify code slightly; use PR_ZERO with pool_get() rather than bzero().Ryan Thomas McBride
2008-06-10save somespace in the state by collapsing two 8 bit ints used as booleansHenning Brauer
2008-06-10implement a sloppy tcpstate tracker which does not look at sequenceHenning Brauer
2008-05-29Second half of PF state table rearrangement.Ryan Thomas McBride
2008-05-29rewrite the state table logic.Henning Brauer
2008-05-18KNFRyan Thomas McBride
2008-05-06Add a counter to record how many states have been created by a rule.Marco Pfatschbacher
2008-01-12Kill all timeouts and undo carp demotion on pfsync_clone_destroy.Marco Pfatschbacher
2007-12-14add sysctl entry points into various network layers, in particular toTheo de Raadt
2007-09-18allow 4095 instead of 20 multicast group memberships per socket (you needMarkus Friedl
2007-09-15malloc sweep:Henning Brauer