Age | Commit message (Expand) | Author |
2013-10-30 | Allow to compile a kernel without INET6. | Martin Pieuchot |
2013-10-30 | translate icmpv6 echo id's the same way we do for icmpv4; ok henning | Mike Belopuhov |
2013-10-28 | previous udp port number rewrite fix turned out to be a work around | Mike Belopuhov |
2013-10-24 | Move obvious kernel prototypes (and structure's with kernel pointers, | Theo de Raadt |
2013-10-23 | translate port numbers for inner udp packets when they're returned | Mike Belopuhov |
2013-10-23 | Remove the number of in_var.h inclusions by moving some functions and | Martin Pieuchot |
2013-10-23 | overwrite icmp packet type-specific nextptr field only when we're | Mike Belopuhov |
2013-10-22 | In pf_test_state_icmp(), actually copy pd->hdr.any back into the mbuf as | Lawrence Teo |
2013-10-21 | pf_translate: missing conditonal pf_check_proto_cksum calls before | Henning Brauer |
2013-10-20 | in pf_cksum, set the icmp/icmp6 cksums to 0, for comsistency with tcp/udp | Henning Brauer |
2013-10-20 | rt_mpath_next() was always called with 0 in the last argument. So drop it. | Claudio Jeker |
2013-10-20 | Put a large chunk of the IPv6 rdomain support in-tree. | Peter Hessler |
2013-10-19 | pf_cksum doesn't need to compute the pseudo hdr cksum any more. | Henning Brauer |
2013-10-17 | The header file netinet/in_var.h included netinet6/in6_var.h. This | Alexander Bluhm |
2013-10-12 | new bandwidth shaping subsystem, kernel side | Henning Brauer |
2013-10-11 | Prevent non-data packets from being dropped. | Gerhard Roth |
2013-10-09 | Don't leak ruleitems from match rules when hitting a per-rule max state limit. | Camiel Dobbelaar |
2013-09-27 | IPv6 atomic fragments must not go the reassembly queue, but be | Alexander Bluhm |
2013-08-19 | in pf_test_rule, when dealing with a match rule, obey the match rule's quick | Henning Brauer |
2013-07-05 | Collect and display 'match' counters for pf tables. | Bret Lambert |
2013-06-26 | put the cksum diff back, of course with the bug fixed where we could | Henning Brauer |
2013-06-26 | Rudimentary counter fix for tables used in match rules. | Bret Lambert |
2013-06-17 | Before pulling the TCP options from the mbuf onto the stack, do an | Alexander Bluhm |
2013-06-05 | after the pf_test_state folding, in pf_test in the proto switch, the | Henning Brauer |
2013-06-04 | fold pf_test_state_{tcp,udp,other} into one pf_test_state. | Henning Brauer |
2013-06-04 | add a pointer to the protocol checksum header field to pf_pdesc and set | Henning Brauer |
2013-06-04 | make pf_change_ap() usable without a port. if the port pointer is NULL, | Henning Brauer |
2013-06-03 | Link pf states and socket inpcbs together more tightly. The linking | Alexander Bluhm |
2013-06-03 | Update o[sd]port whenever n[sd]port is changed. This fixes a | Alexander Bluhm |
2013-06-03 | fix anchor quick with nested anchors. we lost the quick flag as soon as | Henning Brauer |
2013-06-02 | set up osport and odport (original src/dst port) in pf_setup_pdesc instead | Henning Brauer |
2013-06-01 | pf_step_{into,out_of}_anchor() are only ever called from pf_test_rule() | Henning Brauer |
2013-05-14 | Pass the correct pointer to pool_put if pf_state_key_attach fails. | Mike Belopuhov |
2013-05-10 | Since pf_state_key_attach can decide to free the provided state | Mike Belopuhov |
2013-05-03 | Export ingress/egress interface index in pflow(4). | Florian Obser |
2013-04-10 | Remove various external variable declaration from sources files and | Martin Pieuchot |
2013-03-29 | Declare struct pf_state_key in the mbuf and in_pcb header files to | Alexander Bluhm |
2013-03-28 | Unfortunately the satosin, sintosa, ifatoia, satosin6, sin6tosa, | Alexander Bluhm |
2013-03-11 | Add a separate "translation" counter and use this rather than "memory" | Stuart Henderson |
2013-01-20 | Make pf TCP sequence number tracking less strict by one octet for | Alexander Bluhm |
2012-11-23 | make sure to always pass an array of struct pf_src_node pointers to | Mike Belopuhov |
2012-11-06 | backout csum diff for the moment, requested by theo | Henning Brauer |
2012-11-01 | redo most of the protocol (tcp/udp/...) checksum handling | Henning Brauer |
2012-10-30 | Use time_uptime for expiration values as time_second can be skewed at | Florian Obser |
2012-10-21 | Add the IP_DIVERTFL socket option on divert(4) sockets to control | Sebastian Benoit |
2012-09-19 | More radix internals pushdown; place rn_mpath_next, which accepts and | Bret Lambert |
2012-09-18 | prio 0 is valid, therefore, I chose an "impossible" value for prio meaning | Henning Brauer |
2012-08-30 | Sloppy state tracking renders ICMP direction check useless | Mike Belopuhov |
2012-07-26 | rename all_state_flags to state_flags to finish the transition | Mike Belopuhov |
2012-07-10 | With address family translation, the ip length of the quoted ip | Alexander Bluhm |