| Age | Commit message (Expand) | Author |
|---|
| 2002-06-08 | Make state timeouts configurable per rule, like | Daniel Hartmeier |
| 2002-06-07 | add the possibility to configure a TTL while return-rst | Philipp Buehler |
| 2002-06-07 | in pf_route{6}, do not pass thru pf_test again if the outgoing | jasoni |
| 2002-06-07 | Add "(max <number>)" option for "keep/modulate state" to limit the number | Daniel Hartmeier |
| 2002-06-07 | switch from AVL tree's to herr Provos' red-black trees | Mike Frantzen |
| 2002-06-07 | Call pf_test() from pf_route() to filter (and translate) routed packets, | Daniel Hartmeier |
| 2002-06-07 | sync behaviour about DF bit between ip_output()/tcp_response() | Philipp Buehler |
| 2002-06-01 | ECN flag support for pf. Committed in consultation with Daniel. | Hugh Graham |
| 2002-05-31 | respect rmx_mtu (cached PMTUD result) on outbound. deraadt/angelos ok | Jun-ichiro itojun Hagino |
| 2002-05-31 | KNF | Theo de Raadt |
| 2002-05-28 | remove duplicated fragmentation code in favour of ip_fragment().. | jasoni |
| 2002-05-19 | KNF again | Theo de Raadt |
| 2002-05-12 | correct AH header chasing. ok dhartmei@openbsd | Jun-ichiro itojun Hagino |
| 2002-05-12 | Add gid based filtering, reduce to one (effective) uid, rename parser | Daniel Hartmeier |
| 2002-05-09 | Introduce user based filtering. Rules can specify ruid and euid (real and | Daniel Hartmeier |
| 2002-05-05 | Instead of returning a useless kernel space pointer for the rule that | Daniel Hartmeier |
| 2002-04-24 | Add dynamic (in-kernel) interface name -> address translation. Instead of | Daniel Hartmeier |
| 2002-04-23 | Allow explicit filtering of fragments when they are not reassembled. | Daniel Hartmeier |
| 2002-04-20 | All calls to pool_get(9) should use PR_xx flags, not M_xx. | Federico G. Schwindt |
| 2002-04-08 | Credit DARPA/USAF appropriately. | Jason Wright |
| 2002-03-31 | Use ip_defttl as ttl for return-rst instead of an arbitrary hardcoded | Daniel Hartmeier |
| 2002-03-30 | Initialize sequence number high limit from 1 to the real value with the | Daniel Hartmeier |
| 2002-03-27 | implement a "no-route" keyword. | Michael Shalayeff |
| 2002-03-26 | Change default logging level from none to urgent. Should never print | Daniel Hartmeier |
| 2002-03-25 | Ignore 'keep state' for ICMP errors whose inner headers mismatch state | Daniel Hartmeier |
| 2002-03-25 | add ioctl DIOCKILLSTATES to shootdown a subset of the state table. allows | Mike Frantzen |
| 2002-03-08 | Fix arc4random() usage; add more randomness to pf_get_sport(). | Mike Pechkin |
| 2002-02-26 | Add optional pool memory hard limits, mainly as temporary solution | Daniel Hartmeier |
| 2002-02-23 | Pools that are only used in the ioctls can use the nointr allocator. | Artur Grabowski |
| 2002-02-17 | Calculate IP checksum and copyback modified headers before logging a | Daniel Hartmeier |
| 2002-02-15 | pf only uses seconds for time measuring. There is no need to call microtime | Artur Grabowski |
| 2002-02-14 | KNF | Theo de Raadt |
| 2002-02-14 | Add skip steps for rule action (pass/block vs. scrub) and direction | Daniel Hartmeier |
| 2002-02-11 | Remove unused function prototype, from Jason Ish | Daniel Hartmeier |
| 2002-02-11 | Remove ancient comment regarding memcmp(), from Jason Ish | Daniel Hartmeier |
| 2002-01-23 | Pool deals fairly well with physical memory shortage, but it doesn't deal | Artur Grabowski |
| 2002-01-12 | - Only apply fastroute and route-to if we are going in the same | jasoni |
| 2002-01-09 | Add labels to rules. These are arbitrary names (not to be confused with | Daniel Hartmeier |
| 2002-01-08 | Add "no nat/rdr/binat" to nat.conf. The first matching rule applies. | Daniel Hartmeier |
| 2001-12-31 | only require write mode for modifying ioctls; dhartmei@, frantzen@, deraadt@ ok | Michael Shalayeff |
| 2001-12-18 | Update rt_ifp in DIOCCHANGERULE. | jasoni |
| 2001-12-11 | - Log packet while mbuf is still valid. | jasoni |
| 2001-12-10 | Add an ioctl to add state entries (DIOCADDSTATE) for proxies. | Daniel Hartmeier |
| 2001-12-10 | Add stateful filtering for other (non-TCP/UDP/ICMP) protocol, based on | Daniel Hartmeier |
| 2001-12-03 | Don't reset pf_status.debug and .since on DIOCCLRSTATUS. | Daniel Hartmeier |
| 2001-12-01 | 217 lines of diff for KNF, dhartmei, you are evil | Theo de Raadt |
| 2001-11-30 | only make a copy of the mbuf if the route rule is dup-to | jasoni |
| 2001-11-27 | typo - use correct mbuf | jasoni |
| 2001-11-27 | do pf_route() before logging in case the logging created a bogus rule | Mike Frantzen |
| 2001-11-26 | add fastroute options similar to what is found in ipf | jasoni |
