summaryrefslogtreecommitdiff
path: root/sys/net/if_pfsync.c
AgeCommit message (Expand)Author
2008-06-10Simplify code slightly; use PR_ZERO with pool_get() rather than bzero().Ryan Thomas McBride
2008-06-10save somespace in the state by collapsing two 8 bit ints used as booleansHenning Brauer
2008-06-10implement a sloppy tcpstate tracker which does not look at sequenceHenning Brauer
2008-05-29Second half of PF state table rearrangement.Ryan Thomas McBride
2008-05-29rewrite the state table logic.Henning Brauer
2008-05-18KNFRyan Thomas McBride
2008-05-06Add a counter to record how many states have been created by a rule.Marco Pfatschbacher
2008-01-12Kill all timeouts and undo carp demotion on pfsync_clone_destroy.Marco Pfatschbacher
2007-12-14add sysctl entry points into various network layers, in particular toTheo de Raadt
2007-09-18allow 4095 instead of 20 multicast group memberships per socket (you needMarkus Friedl
2007-09-15malloc sweep:Henning Brauer
2007-09-03Make use of the pfsync 'badval' and 'stale' counters instead of usingJoel Knight
2007-09-01since theHenning Brauer
2007-06-26Fix a race condition during ruleset reload; make sure we don't walk offRyan Thomas McBride
2007-06-25pretty mechanical change: now that the state tables use seperate stateHenning Brauer
2007-06-24Save some bytes and make code more readable by removing junk union andRyan Thomas McBride
2007-06-21reimplement interface bound states in a non-retarded way.Henning Brauer
2007-06-14sprinkle some #ifdef IPSEC so that pfsync compiles w/o ipsecHenning Brauer
2007-06-01factor out duplicated code to allocate state key and cross-reference itHenning Brauer
2007-05-31unlink the right state, ryan okHenning Brauer
2007-05-31Move the state id and creatorid (used mainly by pfsync) into struct pf_state.Ryan Thomas McBride
2007-05-31First step of rearranging pf's state table internals...Ryan Thomas McBride
2007-05-26one extern seems to be better than 20 for ifqmaxlen; ok krwJason Wright
2006-11-16no need to always attach pfsync0 any more. ok mpf mcbrideHenning Brauer
2006-11-01Attach pfsync0 and pflog0 by default like they used to, /etc/rc depends onRyan Thomas McBride
2006-11-01remove redundant null check, ok ryanHenning Brauer
2006-10-31slightly improve consustency and readability, no functional changeHenning Brauer
2006-10-31in pfsync_update_tdb, when there is no pfsync interface, we must returnHenning Brauer
2006-10-31hard to believe people still manage to commit non-compiling code once in a whileTheo de Raadt
2006-10-31make pfsync a clonable too, but prevent more than one instance fromHenning Brauer
2006-06-02Introduce attributes to interface groups.Marco Pfatschbacher
2006-05-28Only preemptively increase the replay counter for outbound TDBs.Ryan Thomas McBride
2006-05-13Avoid potential hash collisions and increase efficiency by doing an exactRyan Thomas McBride
2006-05-06The SPI in a TDB is actually stored in network order. Make sa synchronisationRyan Thomas McBride
2006-03-25allow bpf(4) to ignore packets based on their direction (inbound orDamien Miller
2006-03-04With the exception of two other small uncommited diffs this movesBrad Smith
2006-02-20Fix kernel builds without bpfilter. Linking is still broken.Damien Bergamini
2005-11-04crank pf_state and pf_src_node byte and packet counters to u_in64_t, sinceRyan Thomas McBride
2005-11-01Always sure that we have memory for the 'dst' scrub information, which mayChristopher Pascoe
2005-10-28s/rmatch/chksum_flag/ to clarify what's going on. Pointed out by dhartmei@Ryan Thomas McBride
2005-10-27Basic support for attaching states from pfsync to the correct rules.Ryan Thomas McBride
2005-09-28Improve the safety of pf IOCTLs, taking into account that some paths can sleep.Christopher Pascoe
2005-08-18Rearrange pf_state and pfi_kif so that the parts of the structure neededChristopher Pascoe
2005-08-16Synchronise timestamp modulation and scrubbing min ttl information.Christopher Pascoe
2005-08-11Remove bogus debug printf().Ryan Thomas McBride
2005-08-03Eliminate another case where pool routines are called without process context.Christopher Pascoe
2005-08-01Minor whitespace cleanup.Christopher Pascoe
2005-07-12default mtu to no more than ETHERMTU to avoid fragmentation; henning@ okMichael Shalayeff
2005-05-28Add SA replay counter synchronization to pfsync(4). Required for IPsecHakan Olsson
2005-05-21clean up and rework the interface absraction code big time, rip out multipleHenning Brauer