summaryrefslogtreecommitdiff
path: root/sys/net/if_pfsync.c
AgeCommit message (Expand)Author
2009-02-24restore the parsing of incoming tdb update messages. this was disabledDavid Gwynne
2009-02-24request a bulk update when the pfsync if configuration is changed via anDavid Gwynne
2009-02-23dont put pfsync packets on the wire if no syncdev is specified. issuesDavid Gwynne
2009-02-18if a peer requests a state that is marked as NOSYNC, then skip it.David Gwynne
2009-02-17// style comments shouldnt be in the tree.David Gwynne
2009-02-17assert copyright over the changes i made.David Gwynne
2009-02-17init the tdb tailq. hopefully this fixes sthens crash.David Gwynne
2009-02-17fix uninitialized variable.Charles Longeau
2009-02-16pfsync v5, mostly written at n2k9, but based on work done at n2k8.David Gwynne
2008-12-21split the pfsync input routine up so that each action has its own functionDavid Gwynne
2008-09-17remove dead stores and newly created unused variables.Charles Longeau
2008-09-10Convert timeout_add() calls using multiples of hz to timeout_add_sec()Bret Lambert
2008-09-02remove dead stores and newly created unused variables.Charles Longeau
2008-06-29Simplify state creation code; merge state import/export code between pfsyncRyan Thomas McBride
2008-06-19Fix handling check for NAT and creation of a second pf_state_key in pfsync.Ryan Thomas McBride
2008-06-10Simplify code slightly; use PR_ZERO with pool_get() rather than bzero().Ryan Thomas McBride
2008-06-10save somespace in the state by collapsing two 8 bit ints used as booleansHenning Brauer
2008-06-10implement a sloppy tcpstate tracker which does not look at sequenceHenning Brauer
2008-05-29Second half of PF state table rearrangement.Ryan Thomas McBride
2008-05-29rewrite the state table logic.Henning Brauer
2008-05-18KNFRyan Thomas McBride
2008-05-06Add a counter to record how many states have been created by a rule.Marco Pfatschbacher
2008-01-12Kill all timeouts and undo carp demotion on pfsync_clone_destroy.Marco Pfatschbacher
2007-12-14add sysctl entry points into various network layers, in particular toTheo de Raadt
2007-09-18allow 4095 instead of 20 multicast group memberships per socket (you needMarkus Friedl
2007-09-15malloc sweep:Henning Brauer
2007-09-03Make use of the pfsync 'badval' and 'stale' counters instead of usingJoel Knight
2007-09-01since theHenning Brauer
2007-06-26Fix a race condition during ruleset reload; make sure we don't walk offRyan Thomas McBride
2007-06-25pretty mechanical change: now that the state tables use seperate stateHenning Brauer
2007-06-24Save some bytes and make code more readable by removing junk union andRyan Thomas McBride
2007-06-21reimplement interface bound states in a non-retarded way.Henning Brauer
2007-06-14sprinkle some #ifdef IPSEC so that pfsync compiles w/o ipsecHenning Brauer
2007-06-01factor out duplicated code to allocate state key and cross-reference itHenning Brauer
2007-05-31unlink the right state, ryan okHenning Brauer
2007-05-31Move the state id and creatorid (used mainly by pfsync) into struct pf_state.Ryan Thomas McBride
2007-05-31First step of rearranging pf's state table internals...Ryan Thomas McBride
2007-05-26one extern seems to be better than 20 for ifqmaxlen; ok krwJason Wright
2006-11-16no need to always attach pfsync0 any more. ok mpf mcbrideHenning Brauer
2006-11-01Attach pfsync0 and pflog0 by default like they used to, /etc/rc depends onRyan Thomas McBride
2006-11-01remove redundant null check, ok ryanHenning Brauer
2006-10-31slightly improve consustency and readability, no functional changeHenning Brauer
2006-10-31in pfsync_update_tdb, when there is no pfsync interface, we must returnHenning Brauer
2006-10-31hard to believe people still manage to commit non-compiling code once in a whileTheo de Raadt
2006-10-31make pfsync a clonable too, but prevent more than one instance fromHenning Brauer
2006-06-02Introduce attributes to interface groups.Marco Pfatschbacher
2006-05-28Only preemptively increase the replay counter for outbound TDBs.Ryan Thomas McBride
2006-05-13Avoid potential hash collisions and increase efficiency by doing an exactRyan Thomas McBride
2006-05-06The SPI in a TDB is actually stored in network order. Make sa synchronisationRyan Thomas McBride
2006-03-25allow bpf(4) to ignore packets based on their direction (inbound orDamien Miller