summaryrefslogtreecommitdiff
path: root/sys/net/pf.c
AgeCommit message (Expand)Author
2013-05-14Pass the correct pointer to pool_put if pf_state_key_attach fails.Mike Belopuhov
2013-05-10Since pf_state_key_attach can decide to free the provided stateMike Belopuhov
2013-05-03Export ingress/egress interface index in pflow(4).Florian Obser
2013-04-10Remove various external variable declaration from sources files andMartin Pieuchot
2013-03-29Declare struct pf_state_key in the mbuf and in_pcb header files toAlexander Bluhm
2013-03-28Unfortunately the satosin, sintosa, ifatoia, satosin6, sin6tosa,Alexander Bluhm
2013-03-11Add a separate "translation" counter and use this rather than "memory"Stuart Henderson
2013-01-20Make pf TCP sequence number tracking less strict by one octet forAlexander Bluhm
2012-11-23make sure to always pass an array of struct pf_src_node pointers toMike Belopuhov
2012-11-06backout csum diff for the moment, requested by theoHenning Brauer
2012-11-01redo most of the protocol (tcp/udp/...) checksum handlingHenning Brauer
2012-10-30Use time_uptime for expiration values as time_second can be skewed atFlorian Obser
2012-10-21Add the IP_DIVERTFL socket option on divert(4) sockets to controlSebastian Benoit
2012-09-19More radix internals pushdown; place rn_mpath_next, which accepts andBret Lambert
2012-09-18prio 0 is valid, therefore, I chose an "impossible" value for prio meaningHenning Brauer
2012-08-30Sloppy state tracking renders ICMP direction check uselessMike Belopuhov
2012-07-26rename all_state_flags to state_flags to finish the transitionMike Belopuhov
2012-07-10With address family translation, the ip length of the quoted ipAlexander Bluhm
2012-07-07rename prio in struct pf_rule and related structs to set_prio so it isHenning Brauer
2012-06-26initialize 'reason' variable before passing it to the pflog_packet;Mike Belopuhov
2012-05-12Ignore/preserve ECN bits on ToS matching and scrubbing.Marco Pfatschbacher
2012-04-11SLIST_REMOVE_NEXT -> SLIST_REMOVE_AFTER for better consistency andChristian Weisgerber
2012-04-03Fix kernel compilation with pf but without pfsync pseudo-device byMike Belopuhov
2012-02-05Improve the ICMPv6 direction checkMike Belopuhov
2012-02-03The kernel did not compile without INET6. Put some #ifdefs intoAlexander Bluhm
2012-01-28improve icmp virtual id generation for ND and MLD packets so thatMike Belopuhov
2012-01-28try to lookup the icmp state based on a correct packet descriptor;Mike Belopuhov
2012-01-26Clean up the pf normalization code:Alexander Bluhm
2012-01-26Minor fixes for pf_walk_header6():Alexander Bluhm
2012-01-18Remove dead assignments and newly created unused variables.Charles Longeau
2012-01-17Fix trailing whitespace.Alexander Bluhm
2012-01-16Pass struct pf_pdesc to pf_walk_option6() and pf_walk_header6() toAlexander Bluhm
2012-01-15Calling pf_normalize_ip() from pf_setup_pdesc() was bad as theAlexander Bluhm
2011-12-21Just use pd->sidx and pd->didx to reverse the state key argumentsMarco Pfatschbacher
2011-12-19improve the icmp direction check to deal correctly with af-to statesMike Belopuhov
2011-12-12fixup af-to regression with match rulesMike Belopuhov
2011-12-02Kill unused IFCAP_IPSEC and IFCAP_IPCOMP.Christiano F. Haesbaert
2011-11-28deprecate PFTM_UNTIL_PACKET. nothing in the tree uses it, andDavid Gwynne
2011-11-26Apply route-to to deferred packet; without this the first packet of aRyan Thomas McBride
2011-11-25use time_uptime to set state creation values as time_second can beDavid Gwynne
2011-10-21add forgotten fixup for icmp6 id's when translating; ok henningMike Belopuhov
2011-10-13Since the IPv6 madness is not enough introduce NAT64 -- which is actuallyClaudio Jeker
2011-10-07remove inaccurate comment - we don't have state tableS any more, there isHenning Brauer
2011-09-28As requested by henning, move the mbuf pointer into struct pf_pdesc.Alexander Bluhm
2011-09-22As I have touched half of pf lines anyway, fix whitespaces now.Alexander Bluhm
2011-09-21Check the protocol header length for tcp, udp, icmp, icmp6 inAlexander Bluhm
2011-09-20pf_setup_pdesc() panics if address family is neither AF_INET norAlexander Bluhm
2011-09-20Put kif and dir into pdesc an use this instead of passing the valuesAlexander Bluhm
2011-09-19Consolidate pf function parameters. Move off and hdrlen into pdescAlexander Bluhm
2011-09-18Move the pdesc initialization code into pf_setup_pdesc(). UnifyAlexander Bluhm