Age | Commit message (Expand) | Author |
2002-03-08 | Fix arc4random() usage; add more randomness to pf_get_sport(). | Mike Pechkin |
2002-02-26 | Add optional pool memory hard limits, mainly as temporary solution | Daniel Hartmeier |
2002-02-23 | Pools that are only used in the ioctls can use the nointr allocator. | Artur Grabowski |
2002-02-17 | Calculate IP checksum and copyback modified headers before logging a | Daniel Hartmeier |
2002-02-15 | pf only uses seconds for time measuring. There is no need to call microtime | Artur Grabowski |
2002-02-14 | KNF | Theo de Raadt |
2002-02-14 | Add skip steps for rule action (pass/block vs. scrub) and direction | Daniel Hartmeier |
2002-02-11 | Remove unused function prototype, from Jason Ish | Daniel Hartmeier |
2002-02-11 | Remove ancient comment regarding memcmp(), from Jason Ish | Daniel Hartmeier |
2002-01-23 | Pool deals fairly well with physical memory shortage, but it doesn't deal | Artur Grabowski |
2002-01-12 | - Only apply fastroute and route-to if we are going in the same | jasoni |
2002-01-09 | Add labels to rules. These are arbitrary names (not to be confused with | Daniel Hartmeier |
2002-01-08 | Add "no nat/rdr/binat" to nat.conf. The first matching rule applies. | Daniel Hartmeier |
2001-12-31 | only require write mode for modifying ioctls; dhartmei@, frantzen@, deraadt@ ok | Michael Shalayeff |
2001-12-18 | Update rt_ifp in DIOCCHANGERULE. | jasoni |
2001-12-11 | - Log packet while mbuf is still valid. | jasoni |
2001-12-10 | Add an ioctl to add state entries (DIOCADDSTATE) for proxies. | Daniel Hartmeier |
2001-12-10 | Add stateful filtering for other (non-TCP/UDP/ICMP) protocol, based on | Daniel Hartmeier |
2001-12-03 | Don't reset pf_status.debug and .since on DIOCCLRSTATUS. | Daniel Hartmeier |
2001-12-01 | 217 lines of diff for KNF, dhartmei, you are evil | Theo de Raadt |
2001-11-30 | only make a copy of the mbuf if the route rule is dup-to | jasoni |
2001-11-27 | typo - use correct mbuf | jasoni |
2001-11-27 | do pf_route() before logging in case the logging created a bogus rule | Mike Frantzen |
2001-11-26 | add fastroute options similar to what is found in ipf | jasoni |
2001-11-21 | Use pf_pull_hdr() instead of manual mbuf traversal. Fixes potential crashes | Daniel Hartmeier |
2001-11-20 | don't allow CHANGEBINAT ioctl in securelevel > 1 | Mike Pechkin |
2001-11-16 | yes, signed substraction does not work because of underflows, revert the prev... | Michael Shalayeff |
2001-11-14 | use substract when comparing keys, for ip addrs as well. | Michael Shalayeff |
2001-11-13 | fix pf from going off into the weeds on an ipv6 icmp packet with certain option | Mike Frantzen |
2001-11-06 | Use #defines for skip step values. From dgregor@net.ohio-state.edu. | Daniel Hartmeier |
2001-10-24 | Reset states counter when clearing states. | Daniel Hartmeier |
2001-10-15 | Add 'allow-opts' to rules. Packets with IP options will be blocked by | Daniel Hartmeier |
2001-10-13 | Patch from Ryan McBride, fixes IPv6 return-rst problem, found by | Daniel Hartmeier |
2001-10-02 | Convert ip_off of the inner IP header to host order in pf_test_state_icmp(). | Daniel Hartmeier |
2001-09-30 | Tune TCP fsm (99.7% - 99.9% accuracy over 1e6 connections) | Mike Frantzen |
2001-09-27 | The skip steps array was one element short (since adding steps for af). | Daniel Hartmeier |
2001-09-27 | switch without break. This caused the 'ICMP too short' messages, since | Daniel Hartmeier |
2001-09-27 | Fix th_ack calculation in pf_send_reset(). return-rst didn't work since | Daniel Hartmeier |
2001-09-23 | Bump up the tcp half closed timeout (single FIN) to an hour | Mike Frantzen |
2001-09-21 | Fix natlook (broke ftp-proxy) and a memory leak. | Daniel Hartmeier |
2001-09-19 | Patch from Ryan McBride. Compile without INET6, remove unnecessary | Daniel Hartmeier |
2001-09-17 | icmpv6 nat fix, from Ryan McBride | Daniel Hartmeier |
2001-09-15 | The inner protocol of IPv4 ICMP error messages was ignored, leading to | Daniel Hartmeier |
2001-09-15 | Don't use m_pkthdr.rcvif in pflog_packet(), it doesn't work for outgoing | Daniel Hartmeier |
2001-09-15 | IPv6 support from Ryan McBride (mcbride@countersiege.com) | Mike Frantzen |
2001-09-14 | binat non icmp/udp/tcp protocols as well; ok dhartmei@ | jasoni |
2001-09-11 | Undo BINAT translation when blocking with return-rst/-icmp. | Daniel Hartmeier |
2001-09-06 | 1:1 bidrectional NAT (binat); ok dhartmei@ and frantzen@ | jasoni |
2001-09-05 | Handle uh_sum == 0x0000 correctly. Before, UDP packet checksums were | Daniel Hartmeier |
2001-09-05 | s/pf_natlook/pfioc_natlook (ioctl parameter struct) | Daniel Hartmeier |