summaryrefslogtreecommitdiff
path: root/sys/net/pf.c
AgeCommit message (Expand)Author
2016-12-06Use the sizeof udphdr not the sizeof a pointer to it in the af-toJonathan Gray
2016-11-28Path MTU discovery and traceroute did not always work with pf af-to.Alexander Bluhm
2016-11-23Explicitly forbid to combine af-to with route-to in pfctl. TheAlexander Bluhm
2016-11-22Fold union pf_headers buffer into struct pf_pdesc (enabled by pfvar_priv.h).Richard Procter
2016-11-21In pf_route() and pf_route6() the !r->rt case was only used byAlexander Bluhm
2016-11-17The pf fragment reassembly code accepted IPv6 hop-by-hop headersAlexander Bluhm
2016-11-14Instead of passing an extra mbuf pointer to pf_route(), it shouldAlexander Bluhm
2016-11-14turn ipstat into a set of percpu counters.David Gwynne
2016-10-28- once rule should not attempt to remove its parent rule.Alexandr Nedvedicky
2016-10-27Pass a struct pf_pdesc to pf_route() like it is done in the otherAlexander Bluhm
2016-10-26Put union pf_headers and struct pf_pdesc into separate header fileAlexander Bluhm
2016-10-20- PF should send a challenge ACK as response to SYN, which matches existingAlexandr Nedvedicky
2016-10-18split pf_send_tcp() into the part that builds the mbuf and the actualHenning Brauer
2016-10-18The variable dlen is always positive and d may be negative. SoAlexander Bluhm
2016-10-18The checksum of a ICMP "need to frag" packet for TCP was wrong whenAlexander Bluhm
2016-10-09formatting nit (a tab got lost somewhen)Henning Brauer
2016-10-06Remove redundant comments that say a function must be called atAlexander Bluhm
2016-09-27roll back turning RB into RBT until i get better at this process.David Gwynne
2016-09-27move pf from the RB macros to the RBT functions.David Gwynne
2016-09-22Fix indentation. No binary change.Jonathan Gray
2016-09-07Rename rtable_mpath_next() into rtable_iterate() and make it do a properMartin Pieuchot
2016-09-03Let purge thread to remove once rules, not packets.Alexandr Nedvedicky
2016-08-20Push 'field changed' guards into 'change field' functions;Richard Procter
2016-08-20Retire pf_translate_ap()Richard Procter
2016-08-17Reintroduce 5.3-style checksum modification to preserve end-to-end checksumsprocter
2016-07-18Hide pf internals by moving code from in_ouraddr() to pf_ouraddr().Alexander Bluhm
2016-06-21To assist debugging TCP connection reuse with NAT, expand theAlexander Bluhm
2016-06-15Kill nd6_output(), it doesn't do anything since the resolution logicMartin Pieuchot
2016-06-15There's no need to convert values returned by arc4random to the networkMike Belopuhov
2016-06-07per trending style, add continue to empty loops.Ted Unangst
2016-05-31Do not call nd6_output() without route entry argument.Martin Pieuchot
2016-05-28Backout pf.c r1.972, pf_norm.c r1.184, ok claudioStuart Henderson
2016-05-24Do not call nd6_output() without route entry argument.Martin Pieuchot
2016-05-23Pass a route entry to if_output() instead of relying on arpresolve() magic.Martin Pieuchot
2016-05-03Put back a panic() if an incoming packet already has a statekey.Martin Pieuchot
2016-04-15replace m_copym2 with m_dup_pkt for the dup-to handling.David Gwynne
2016-04-07Instead of panicking if an mbuf(9) already has a statekey dump itsMartin Pieuchot
2016-03-29- packet must keep reference to statekeyAlexandr Nedvedicky
2016-03-04- putting back KASSERT(), which I've backed out on Jan 31Alexandr Nedvedicky
2016-01-31- m_pkthdr.pf.statekey changes are not ready for 5.9, I must back them outAlexandr Nedvedicky
2016-01-25- plugging massive pf_state_key leakAlexandr Nedvedicky
2016-01-07- retrying to commit earlier change, which got backed outAlexandr Nedvedicky
2015-12-23revert previous:Jasper Lievisse Adriaanse
2015-12-22- yet another tiny step towards MP PF. This time we need to make sureAlexandr Nedvedicky
2015-12-06g/c pf_change_a6(). it's exactly the same thing as pf_change_ap() with p =Henning Brauer
2015-12-05g/c unneeded af (address family) params to pf_change_ap and _icmpHenning Brauer
2015-12-05pass a pointer to pf_test()'s reason to pf_test_rule instead of using aHenning Brauer
2015-12-03ip_send()/ip6_send() allow PF to send response packet in ipsoftnet task.Alexandr Nedvedicky
2015-12-03To avoid that the stack manipules the pf statekeys directly, introduceAlexander Bluhm
2015-12-03Rename pf_unlink_state() to pf_remove_state() so the name does notAlexander Bluhm