| Age | Commit message (Expand) | Author |
|---|
| 2008-06-12 | fix synproxy. | Henning Brauer |
| 2008-06-11 | when we establish the mapping from a state key, do it both ways, aka | Henning Brauer |
| 2008-06-11 | factor out state creation code for readability; make it static inline | Henning Brauer |
| 2008-06-11 | superfluous to check for m != NULL in pf_find_state, it is plain | Henning Brauer |
| 2008-06-11 | after finding a state in the outbound path clear the statekey pointer | Henning Brauer |
| 2008-06-11 | extra paranoia: | Henning Brauer |
| 2008-06-11 | yuck, fix a last minute collision | Henning Brauer |
| 2008-06-11 | store a pointer to the stack side state key in the mbuf packet | Henning Brauer |
| 2008-06-10 | Handle the closing of half connections where we don't see the full | Reyk Floeter |
| 2008-06-10 | Simplify code slightly; use PR_ZERO with pool_get() rather than bzero(). | Ryan Thomas McBride |
| 2008-06-10 | Handle a special sloppy case where we only see one half of the | Reyk Floeter |
| 2008-06-10 | remove a debug check& printf that should not have gone in in the first | Henning Brauer |
| 2008-06-10 | save somespace in the state by collapsing two 8 bit ints used as booleans | Henning Brauer |
| 2008-06-10 | in pf_test_state_icmp when trying tomatch icmp errors to tcp sessions | Henning Brauer |
| 2008-06-10 | implement a sloppy tcpstate tracker which does not look at sequence | Henning Brauer |
| 2008-06-09 | rename arc4random_bytes => arc4random_buf to match libc's nicer name; | Damien Miller |
| 2008-06-08 | factor out the tcp sequence number tracking from pf_test_state_tcp | Henning Brauer |
| 2008-06-08 | null pointer check before deref | Henning Brauer |
| 2008-06-02 | Fix synproxy breakage introduced with the state table reorganization. | Ryan Thomas McBride |
| 2008-05-30 | trivial KNF before we go further | Henning Brauer |
| 2008-05-29 | Second half of PF state table rearrangement. | Ryan Thomas McBride |
| 2008-05-29 | rewrite the state table logic. | Henning Brauer |
| 2008-05-18 | KNF | Ryan Thomas McBride |
| 2008-05-15 | divert for ipv6; ok henning, pyr | Markus Friedl |
| 2008-05-09 | divert packets to local socket without modifying the ip header; | Markus Friedl |
| 2008-05-07 | scrub packets based on tags; ok henning | Markus Friedl |
| 2008-05-07 | backout last change, it's already there.... | Markus Friedl |
| 2008-05-06 | Kill state if we get SYN for a state that has been closed from both sides. | Markus Friedl |
| 2008-05-06 | Add a counter to record how many states have been created by a rule. | Marco Pfatschbacher |
| 2008-05-05 | remove a useless refcnt in pf_state_key. | Henning Brauer |
| 2008-02-20 | make return-rst work correctly in the IPv6 case again. | Henning Brauer |
| 2008-02-16 | switch to RFC 1948 style ISN, too; ok mcbride, dhartmei, henning | Markus Friedl |
| 2007-11-22 | pf_src_tree_remove_state() is called upon pf_insert_state() failures. | Henning Brauer |
| 2007-11-18 | backout 1.562 since it triggers the problem described in pr 5648 | Theo de Raadt |
| 2007-11-16 | in pf_test_fragment(), ignore protocol-specific criteria for packets of | Daniel Hartmeier |
| 2007-11-11 | Don't leak pfstatekey upon insert conflict (most often caused via pfsync). | Christopher Pascoe |
| 2007-10-31 | 'block return' must not send anything on blocked icmp packets. | Marco Pfatschbacher |
| 2007-10-25 | Fix probability rules w/ numbers (e.g probability 0.4). | Marco Pfatschbacher |
| 2007-09-18 | allow state reuse for tcp if both sides are in FIN_WAIT_2 and a new SYN | Markus Friedl |
| 2007-09-07 | Do not recalculate TCP payload length in pf_test_rule() as it has | Alexander Bluhm |
| 2007-08-30 | mechanic change: | Henning Brauer |
| 2007-08-30 | handle address ranges in skip step calculation | Daniel Hartmeier |
| 2007-08-30 | add support for address ranges ("from 10.1.2.50 - 10.1.3.75") in from/to | Daniel Hartmeier |
| 2007-08-28 | showing this diff is shameful... | Henning Brauer |
| 2007-08-23 | allow RSTs with th_seq == seqlo +- 1, reduces the amount of 'loose state' | Daniel Hartmeier |
| 2007-08-21 | don't access th_flags when it isn't available (only 8 bytes of the | Daniel Hartmeier |
| 2007-07-18 | Don't drop outgoing packets in case of a congested input queue. | Marco Pfatschbacher |
| 2007-07-10 | adjust pf_find_state_all() so that it works correctly for the new global | Kurt Miller |
| 2007-07-04 | No m_copyback for ICMP and "other" protocols on rdr/binat. | Marco Pfatschbacher |
| 2007-06-25 | pretty mechanical change: now that the state tables use seperate state | Henning Brauer |
