Age | Commit message (Expand) | Author |
2016-12-06 | Use the sizeof udphdr not the sizeof a pointer to it in the af-to | Jonathan Gray |
2016-11-28 | Path MTU discovery and traceroute did not always work with pf af-to. | Alexander Bluhm |
2016-11-23 | Explicitly forbid to combine af-to with route-to in pfctl. The | Alexander Bluhm |
2016-11-22 | Fold union pf_headers buffer into struct pf_pdesc (enabled by pfvar_priv.h). | Richard Procter |
2016-11-21 | In pf_route() and pf_route6() the !r->rt case was only used by | Alexander Bluhm |
2016-11-17 | The pf fragment reassembly code accepted IPv6 hop-by-hop headers | Alexander Bluhm |
2016-11-14 | Instead of passing an extra mbuf pointer to pf_route(), it should | Alexander Bluhm |
2016-11-14 | turn ipstat into a set of percpu counters. | David Gwynne |
2016-10-28 | - once rule should not attempt to remove its parent rule. | Alexandr Nedvedicky |
2016-10-27 | Pass a struct pf_pdesc to pf_route() like it is done in the other | Alexander Bluhm |
2016-10-26 | Put union pf_headers and struct pf_pdesc into separate header file | Alexander Bluhm |
2016-10-20 | - PF should send a challenge ACK as response to SYN, which matches existing | Alexandr Nedvedicky |
2016-10-18 | split pf_send_tcp() into the part that builds the mbuf and the actual | Henning Brauer |
2016-10-18 | The variable dlen is always positive and d may be negative. So | Alexander Bluhm |
2016-10-18 | The checksum of a ICMP "need to frag" packet for TCP was wrong when | Alexander Bluhm |
2016-10-09 | formatting nit (a tab got lost somewhen) | Henning Brauer |
2016-10-06 | Remove redundant comments that say a function must be called at | Alexander Bluhm |
2016-09-27 | roll back turning RB into RBT until i get better at this process. | David Gwynne |
2016-09-27 | move pf from the RB macros to the RBT functions. | David Gwynne |
2016-09-22 | Fix indentation. No binary change. | Jonathan Gray |
2016-09-07 | Rename rtable_mpath_next() into rtable_iterate() and make it do a proper | Martin Pieuchot |
2016-09-03 | Let purge thread to remove once rules, not packets. | Alexandr Nedvedicky |
2016-08-20 | Push 'field changed' guards into 'change field' functions; | Richard Procter |
2016-08-20 | Retire pf_translate_ap() | Richard Procter |
2016-08-17 | Reintroduce 5.3-style checksum modification to preserve end-to-end checksums | procter |
2016-07-18 | Hide pf internals by moving code from in_ouraddr() to pf_ouraddr(). | Alexander Bluhm |
2016-06-21 | To assist debugging TCP connection reuse with NAT, expand the | Alexander Bluhm |
2016-06-15 | Kill nd6_output(), it doesn't do anything since the resolution logic | Martin Pieuchot |
2016-06-15 | There's no need to convert values returned by arc4random to the network | Mike Belopuhov |
2016-06-07 | per trending style, add continue to empty loops. | Ted Unangst |
2016-05-31 | Do not call nd6_output() without route entry argument. | Martin Pieuchot |
2016-05-28 | Backout pf.c r1.972, pf_norm.c r1.184, ok claudio | Stuart Henderson |
2016-05-24 | Do not call nd6_output() without route entry argument. | Martin Pieuchot |
2016-05-23 | Pass a route entry to if_output() instead of relying on arpresolve() magic. | Martin Pieuchot |
2016-05-03 | Put back a panic() if an incoming packet already has a statekey. | Martin Pieuchot |
2016-04-15 | replace m_copym2 with m_dup_pkt for the dup-to handling. | David Gwynne |
2016-04-07 | Instead of panicking if an mbuf(9) already has a statekey dump its | Martin Pieuchot |
2016-03-29 | - packet must keep reference to statekey | Alexandr Nedvedicky |
2016-03-04 | - putting back KASSERT(), which I've backed out on Jan 31 | Alexandr Nedvedicky |
2016-01-31 | - m_pkthdr.pf.statekey changes are not ready for 5.9, I must back them out | Alexandr Nedvedicky |
2016-01-25 | - plugging massive pf_state_key leak | Alexandr Nedvedicky |
2016-01-07 | - retrying to commit earlier change, which got backed out | Alexandr Nedvedicky |
2015-12-23 | revert previous: | Jasper Lievisse Adriaanse |
2015-12-22 | - yet another tiny step towards MP PF. This time we need to make sure | Alexandr Nedvedicky |
2015-12-06 | g/c pf_change_a6(). it's exactly the same thing as pf_change_ap() with p = | Henning Brauer |
2015-12-05 | g/c unneeded af (address family) params to pf_change_ap and _icmp | Henning Brauer |
2015-12-05 | pass a pointer to pf_test()'s reason to pf_test_rule instead of using a | Henning Brauer |
2015-12-03 | ip_send()/ip6_send() allow PF to send response packet in ipsoftnet task. | Alexandr Nedvedicky |
2015-12-03 | To avoid that the stack manipules the pf statekeys directly, introduce | Alexander Bluhm |
2015-12-03 | Rename pf_unlink_state() to pf_remove_state() so the name does not | Alexander Bluhm |