summaryrefslogtreecommitdiff
path: root/sys/net/if_pfsync.c
AgeCommit message (Expand)Author
2007-06-01factor out duplicated code to allocate state key and cross-reference itHenning Brauer
2007-05-31unlink the right state, ryan okHenning Brauer
2007-05-31Move the state id and creatorid (used mainly by pfsync) into struct pf_state.Ryan Thomas McBride
2007-05-31First step of rearranging pf's state table internals...Ryan Thomas McBride
2007-05-26one extern seems to be better than 20 for ifqmaxlen; ok krwJason Wright
2006-11-16no need to always attach pfsync0 any more. ok mpf mcbrideHenning Brauer
2006-11-01Attach pfsync0 and pflog0 by default like they used to, /etc/rc depends onRyan Thomas McBride
2006-11-01remove redundant null check, ok ryanHenning Brauer
2006-10-31slightly improve consustency and readability, no functional changeHenning Brauer
2006-10-31in pfsync_update_tdb, when there is no pfsync interface, we must returnHenning Brauer
2006-10-31hard to believe people still manage to commit non-compiling code once in a whileTheo de Raadt
2006-10-31make pfsync a clonable too, but prevent more than one instance fromHenning Brauer
2006-06-02Introduce attributes to interface groups.Marco Pfatschbacher
2006-05-28Only preemptively increase the replay counter for outbound TDBs.Ryan Thomas McBride
2006-05-13Avoid potential hash collisions and increase efficiency by doing an exactRyan Thomas McBride
2006-05-06The SPI in a TDB is actually stored in network order. Make sa synchronisationRyan Thomas McBride
2006-03-25allow bpf(4) to ignore packets based on their direction (inbound orDamien Miller
2006-03-04With the exception of two other small uncommited diffs this movesBrad Smith
2006-02-20Fix kernel builds without bpfilter. Linking is still broken.Damien Bergamini
2005-11-04crank pf_state and pf_src_node byte and packet counters to u_in64_t, sinceRyan Thomas McBride
2005-11-01Always sure that we have memory for the 'dst' scrub information, which mayChristopher Pascoe
2005-10-28s/rmatch/chksum_flag/ to clarify what's going on. Pointed out by dhartmei@Ryan Thomas McBride
2005-10-27Basic support for attaching states from pfsync to the correct rules.Ryan Thomas McBride
2005-09-28Improve the safety of pf IOCTLs, taking into account that some paths can sleep.Christopher Pascoe
2005-08-18Rearrange pf_state and pfi_kif so that the parts of the structure neededChristopher Pascoe
2005-08-16Synchronise timestamp modulation and scrubbing min ttl information.Christopher Pascoe
2005-08-11Remove bogus debug printf().Ryan Thomas McBride
2005-08-03Eliminate another case where pool routines are called without process context.Christopher Pascoe
2005-08-01Minor whitespace cleanup.Christopher Pascoe
2005-07-12default mtu to no more than ETHERMTU to avoid fragmentation; henning@ okMichael Shalayeff
2005-05-28Add SA replay counter synchronization to pfsync(4). Required for IPsecHakan Olsson
2005-05-21clean up and rework the interface absraction code big time, rip out multipleHenning Brauer
2005-02-20Avoid use after free when purging states.Ryan Thomas McBride
2005-02-15Fix scoping error which could cause some states with an empty ifname to beAaron Campbell
2005-01-20sc->sc_sync_ifp = NULL if we fail to attach the multicast group.Ryan Thomas McBride
2005-01-20Use syncdev instead of syncif in ifconfig, and modify ioctl struct pfsyncreqRyan Thomas McBride
2004-12-16Clean up handling of sync_flags.Ryan Thomas McBride
2004-12-13Set creation timestamps correctly on states learnt by pfsync that areChristopher Pascoe
2004-12-06At PFSYNC_ACT_CLR:Marco Pfatschbacher
2004-11-16Fix for PR3983Ryan Thomas McBride
2004-09-17Clean up reference counting wrt state creation and destruction. FixesRyan Thomas McBride
2004-08-30Increment the states reference counter in the rule attached to the stateRyan Thomas McBride
2004-08-03Allow a unicast ip address to be specified for pfsync to send it's stateRyan Thomas McBride
2004-06-21First step towards more sane time handling in the kernel -- this changesThorsten Lockert
2004-06-04Remove the multicast address when we unconfigure the syncif.Ryan Thomas McBride
2004-05-17fix uninitialized var; found by millert@Michael Shalayeff
2004-04-30Unbreak building pfsync without carp. Found by marc@Ryan Thomas McBride
2004-04-28Make carp(4) aware of its physical interface:Ryan Thomas McBride
2004-04-28point out that pfsync_send_bus and pfsync_sendout must be called in splnet()Philipp Buehler
2004-04-25get rid of a complete state tree walk at state expire while in splnet()Philipp Buehler