Age | Commit message (Expand) | Author |
2011-12-21 | Just use pd->sidx and pd->didx to reverse the state key arguments | Marco Pfatschbacher |
2011-12-19 | improve the icmp direction check to deal correctly with af-to states | Mike Belopuhov |
2011-12-12 | fixup af-to regression with match rules | Mike Belopuhov |
2011-12-02 | Kill unused IFCAP_IPSEC and IFCAP_IPCOMP. | Christiano F. Haesbaert |
2011-11-28 | deprecate PFTM_UNTIL_PACKET. nothing in the tree uses it, and | David Gwynne |
2011-11-26 | Apply route-to to deferred packet; without this the first packet of a | Ryan Thomas McBride |
2011-11-25 | use time_uptime to set state creation values as time_second can be | David Gwynne |
2011-10-21 | add forgotten fixup for icmp6 id's when translating; ok henning | Mike Belopuhov |
2011-10-13 | Since the IPv6 madness is not enough introduce NAT64 -- which is actually | Claudio Jeker |
2011-10-07 | remove inaccurate comment - we don't have state tableS any more, there is | Henning Brauer |
2011-09-28 | As requested by henning, move the mbuf pointer into struct pf_pdesc. | Alexander Bluhm |
2011-09-22 | As I have touched half of pf lines anyway, fix whitespaces now. | Alexander Bluhm |
2011-09-21 | Check the protocol header length for tcp, udp, icmp, icmp6 in | Alexander Bluhm |
2011-09-20 | pf_setup_pdesc() panics if address family is neither AF_INET nor | Alexander Bluhm |
2011-09-20 | Put kif and dir into pdesc an use this instead of passing the values | Alexander Bluhm |
2011-09-19 | Consolidate pf function parameters. Move off and hdrlen into pdesc | Alexander Bluhm |
2011-09-18 | Move the pdesc initialization code into pf_setup_pdesc(). Unify | Alexander Bluhm |
2011-09-18 | Move the call to pf_test_rule() for fragments that have not been | Alexander Bluhm |
2011-09-17 | The pd->ip_sum and pd->proto_sum fields are not needed. Replace | Alexander Bluhm |
2011-09-17 | move initialisation of pd->nsaddr and pd->ndaddr from pf_test_rule to | Henning Brauer |
2011-09-17 | Deduplicate IPv4 and IPv6 code that handles fragments that have not | Alexander Bluhm |
2011-08-30 | Add support for one shot rules that remove themselves from an active | Mike Belopuhov |
2011-08-03 | Remove redundant prototype for pf_socket_lookup(). | Marco Pfatschbacher |
2011-07-27 | Add support for weighted round-robin in load balancing pools and tables. | Ryan Thomas McBride |
2011-07-24 | OS fingerprinting can only be done on rules that explicitly specify TCP | Ryan Thomas McBride |
2011-07-23 | Replace the IPv6 header walking loop in pf_test_state_icmp() with | Alexander Bluhm |
2011-07-22 | Sync 'block return' behaviour for ICMP packets with our IP stack: | Ryan Thomas McBride |
2011-07-22 | fix typos, martin pelikan | Henning Brauer |
2011-07-09 | If ipv4+icmp6 or ipv6+icmp packets were embedded into an icmp | Alexander Bluhm |
2011-07-08 | surprisingly, we use pf as classifier for the new priority queueing | Henning Brauer |
2011-07-07 | There were two loops in pf_setup_pdesc() and pf_normalize_ip6() | Alexander Bluhm |
2011-07-07 | Fold pf_test_fragment() into pf_test_rule(), reduce code and fixes | Ryan Thomas McBride |
2011-07-05 | add missing ifdefs for INET6; diff from form, ok henning, bluhm, claudio | Mike Belopuhov |
2011-07-04 | Rename the pf_pdesc field rh_cnt to badopts as it is also used for | Alexander Bluhm |
2011-07-04 | IPv4 packets with IP options get dropped and no state is created. | Alexander Bluhm |
2011-07-04 | Bye bye pf_test6(). Only one pf_test function for both IPv4 and v6. | Claudio Jeker |
2011-07-03 | bring in least-states load balancing algorithm | Joerg Zinke |
2011-07-03 | In pf_setup_pdesc() the code for analysing TCP and UDP headers was | Alexander Bluhm |
2011-07-03 | garbage collect unused parameter to PFLOG_PACKET | Henning Brauer |
2011-07-03 | Refactor the fragment handling in pf_setup_pdesc() so that AF_INET | Claudio Jeker |
2011-07-01 | The pf_headers union may also contain a mld_hdr or nd_neighbor_solicit | Alexander Bluhm |
2011-06-23 | Set pd->af very early in pf_setup_pdesc() since the AF is used in | Claudio Jeker |
2011-06-21 | There is no need to handle fragmented TCP reset packets in a special | Alexander Bluhm |
2011-06-20 | More cleanup in pf_test/pf_test6 this time mostly the fragment | Claudio Jeker |
2011-06-14 | KNF (no change in .o files) | Ryan Thomas McBride |
2011-06-02 | When checking to see if a rule is referenced by any source-tracking nodes, | Stuart Henderson |
2011-05-25 | Don't do last minute changes to diffs. Revert the argument change to | Claudio Jeker |
2011-05-24 | Merge pf_scrub_ip() and pf_scrub_ip6() into a single function. Call | Claudio Jeker |
2011-05-22 | Do not pass AF specific information to pf_test_rule() and PFLOG_PACKET() | Claudio Jeker |
2011-05-13 | Revert the pf->socket linking diff. | Owain Ainsworth |