summaryrefslogtreecommitdiff
path: root/sys/net/pf.c
AgeCommit message (Expand)Author
2023-05-03Remove net lock from DIOCGETRULESET and DIOCGETRULESETSKlemens Nanni
2023-04-28Relax the "pass all" rule so all forms of neighbor advertisements are allowedPeter Hessler
2023-03-23fix off-by-one in pf_state_expires() bounds testJonathan Gray
2023-03-04pf(4) should be enforcing TTL=1 to packets sent to 224.0.0.1 only.Alexandr Nedvedicky
2023-01-22Fix pf_anchor_stackframe commit to revert pf rule matching to theYASUOKA Masahiko
2023-01-12Binding the accept socket in TCP input relies on the fact that theAlexander Bluhm
2023-01-06PF_ANCHOR_STACK_MAX is insufficient protection against stack overflow.Alexandr Nedvedicky
2023-01-05more consistently name pf_state * variables "st".David Gwynne
2023-01-04move the pf_state_tree_id type from pfvar.h to pfvar_priv.h.David Gwynne
2023-01-04move the pf_state_tree rb tree type from pfvar.h to pfvar_priv.hDavid Gwynne
2023-01-02use the pf generated toeplitz hash when setting the mbuf flow id.David Gwynne
2022-12-27Fix array bounds mismatch with clang 15Patrick Wildt
2022-12-24fix and enable toeplitz hashing of pf_state_keys again.David Gwynne
2022-12-23disable the use of the has in the pf state key lookup (for now).David Gwynne
2022-12-22use stoeplitz to generate a hash/flowid for state keys.David Gwynne
2022-12-21tiny whitespace tweak.David Gwynne
2022-12-21consistently use the PF_REF wrappers around refcnts.David Gwynne
2022-12-21prefix pf_state_key and pf_state_item struct bits to make them more unique.David Gwynne
2022-12-16always keep pf_state_keys attached to pf_states.David Gwynne
2022-11-25revert pf.c r1.1152 again: move pf_purge out from under the kernel lockAlexander Bluhm
2022-11-25Revert previous commit. It was not properly tested and produces splassertMark Kettenis
2022-11-25get rid of NET_LOCK in the pf purge workDavid Gwynne
2022-11-12Put pf_state_import() under NPFSYNC>0 to fix build without pfsyncKlemens Nanni
2022-11-11try pf.c r1.1143 again: move pf_purge out from under the kernel lockDavid Gwynne
2022-11-11add a mutex to struct pf_state and init it.David Gwynne
2022-11-11rename pfsync_up() to pfsync_is_up()David Gwynne
2022-11-11rewrite the pf_state_peer_ntoh and pf_state_peer_hton macros as functions.David Gwynne
2022-11-10revert pf_state mtx commit, because it breaks tree.Alexandr Nedvedicky
2022-11-10Add a mutex to pf_state structure. Mutex retain a consistencyAlexandr Nedvedicky
2022-11-09simplify expiration of 'once' rules.Alexandr Nedvedicky
2022-11-08This diff fixes panic tripped by KASSERT(st->sync_state == PFSYNC_S_NONE)Alexandr Nedvedicky
2022-11-07revert "move pf_purge out from under the kernel lock".David Gwynne
2022-11-07move pf_purge out from under the kernel lock and avoid the hogging cpuDavid Gwynne
2022-11-06move pfsync_state_import in if_pfsync.c to pf_state_import in pf.cDavid Gwynne
2022-10-10Recalculate checksum of normalised packetBjorn Ketelaars
2022-09-03Use a mutex to update tcp_maxidle, tcp_iss, and tcp_now. ThisAlexander Bluhm
2022-09-03When divert-reply is used, keep some pf states after pcb is dropped ifYASUOKA Masahiko
2022-08-30Refactor internet PCB lookup function. Rename in_pcbhashlookup()Alexander Bluhm
2022-08-08To make protocol input functions MP safe, internet PCB need protection.Alexander Bluhm
2022-07-20Add a pool for the allocation of the pf_anchor struct.Moritz Buhl
2022-06-28fix syncookies in conjunction with tcp fast port reuse.Henning Brauer
2022-06-26Allow waiting during ktable allocation in pf_ioctl.mbuhl
2022-06-13fix logic bug in pf_find_state()Henning Brauer
2022-05-23In pf the kernel paniced if IP options in packet within ICMP payloadAlexander Bluhm
2022-05-23Fix white space.Alexander Bluhm
2022-05-18Remove #ifdef DDB specific includes, added in 1.968 but related code bitsMiod Vallat
2022-05-05Clean up divert_packet(). Function does not return error, make itAlexander Bluhm
2022-05-03Make pf(4) more paranoid about IGMP/MLP messages. MLD/IGMP messagesAlexandr Nedvedicky
2022-04-29IGMP and ICMP6 MLD packets always have the router alert option set.Alexander Bluhm
2022-03-17fix typos; Martin VahlensieckStuart Henderson