summaryrefslogtreecommitdiff
path: root/sys/net/if_pfsync.c
AgeCommit message (Expand)Author
2005-09-28Improve the safety of pf IOCTLs, taking into account that some paths can sleep.Christopher Pascoe
2005-08-18Rearrange pf_state and pfi_kif so that the parts of the structure neededChristopher Pascoe
2005-08-16Synchronise timestamp modulation and scrubbing min ttl information.Christopher Pascoe
2005-08-11Remove bogus debug printf().Ryan Thomas McBride
2005-08-03Eliminate another case where pool routines are called without process context.Christopher Pascoe
2005-08-01Minor whitespace cleanup.Christopher Pascoe
2005-07-12default mtu to no more than ETHERMTU to avoid fragmentation; henning@ okMichael Shalayeff
2005-05-28Add SA replay counter synchronization to pfsync(4). Required for IPsecHakan Olsson
2005-05-21clean up and rework the interface absraction code big time, rip out multipleHenning Brauer
2005-02-20Avoid use after free when purging states.Ryan Thomas McBride
2005-02-15Fix scoping error which could cause some states with an empty ifname to beAaron Campbell
2005-01-20sc->sc_sync_ifp = NULL if we fail to attach the multicast group.Ryan Thomas McBride
2005-01-20Use syncdev instead of syncif in ifconfig, and modify ioctl struct pfsyncreqRyan Thomas McBride
2004-12-16Clean up handling of sync_flags.Ryan Thomas McBride
2004-12-13Set creation timestamps correctly on states learnt by pfsync that areChristopher Pascoe
2004-12-06At PFSYNC_ACT_CLR:Marco Pfatschbacher
2004-11-16Fix for PR3983Ryan Thomas McBride
2004-09-17Clean up reference counting wrt state creation and destruction. FixesRyan Thomas McBride
2004-08-30Increment the states reference counter in the rule attached to the stateRyan Thomas McBride
2004-08-03Allow a unicast ip address to be specified for pfsync to send it's stateRyan Thomas McBride
2004-06-21First step towards more sane time handling in the kernel -- this changesThorsten Lockert
2004-06-04Remove the multicast address when we unconfigure the syncif.Ryan Thomas McBride
2004-05-17fix uninitialized var; found by millert@Michael Shalayeff
2004-04-30Unbreak building pfsync without carp. Found by marc@Ryan Thomas McBride
2004-04-28Make carp(4) aware of its physical interface:Ryan Thomas McBride
2004-04-28point out that pfsync_send_bus and pfsync_sendout must be called in splnet()Philipp Buehler
2004-04-25get rid of a complete state tree walk at state expire while in splnet()Philipp Buehler
2004-04-25dont splx across functionsPhilipp Buehler
2004-04-05Prevent stale states (states older than the local version) from overwritingRyan Thomas McBride
2004-03-28Check variables in incoming packets which can cause problems if they're setRyan Thomas McBride
2004-03-23Hold off for 1 second before beginning bulk transfer. Avoids loopingRyan Thomas McBride
2004-03-22Support for best effort bulk transfers of states when pfsync syncif isRyan Thomas McBride
2004-02-20Make pfsync deal with clearing states bound to a group or interface (egRyan Thomas McBride
2004-02-10Make pfsync work correctly with IP options on 64-bit alignmentRyan Thomas McBride
2004-02-08Fix kernel panic which occurs under very high load:Ryan Thomas McBride
2004-02-07Use the offset provided to us by m_pulldown(), rather than using size ofRyan Thomas McBride
2004-01-22- Include the value of pf_state.timeout in pfsync messagesRyan Thomas McBride
2004-01-20the pfsync interface does not have a baudrate, so don't claim 100 MBit/sHenning Brauer
2004-01-20Ignore pfsync packets if pf is not running.Ryan Thomas McBride
2004-01-19Update comment; handling PFSYNC_ACT_UPD in pfsync_input() is no longerRyan Thomas McBride
2004-01-19Clean up creation and expiry timestamp calculations.Ryan Thomas McBride
2003-12-31Many improvements to the handling of interfaces in PF.Cedric Berger
2003-12-28Add a new PFSYNC_ACT_UREQ message type.Ryan Thomas McBride
2003-12-18resolve compiler warnings, from Pyun YongHyeon, ok cedric@, mcbride@Daniel Hartmeier
2003-12-16Don't do all the heavy pfsync processing if there are no bpf listenersRyan Thomas McBride
2003-12-15sc_sp is a #define on some architectures, use a different nameTheo de Raadt
2003-12-15Fix whitespace screwups before henning wakes up.Ryan Thomas McBride
2003-12-15Add initial support for pf state synchronization over the network.Ryan Thomas McBride
2003-11-08Return proper anchor rule number in correct byte order.Daniel Hartmeier
2003-06-21count packets and bidirectionally on state entries, allowing for fine-grainedDamien Miller