Age | Commit message (Expand) | Author |
2008-09-03 | before linking state keys compare them to verify they actually are the | Henning Brauer |
2008-09-02 | remove dead stores and newly created unused variables. | Charles Longeau |
2008-08-26 | introduce a function to be called when addressing information has changed, | Henning Brauer |
2008-08-22 | Make pf_print_host() print IPv6 addresses correctly. | Alexander Bluhm |
2008-08-02 | do not write the pf state key pointer to the pkhdr. | Henning Brauer |
2008-07-22 | after pf_state_key_atach nothing must use the state keys passed to it any | Henning Brauer |
2008-07-21 | some whitespace cleanup I did while looking through the code | David Krause |
2008-07-21 | fix typo that broke rdr rules (without pass) with non-TCP/UDP/ICMP protocols | David Krause |
2008-07-14 | m_copy can return NULL, so check for it | Henning Brauer |
2008-07-10 | check pf NAT source port allocation against net.inet.(tcp|udp).baddynamic | Damien Miller |
2008-07-10 | In pf_state_insert(), if the first pf_state_key_attach() fails, the | David Krause |
2008-07-05 | in pf_state_key_attach(), when there is already an existing state key that | David Krause |
2008-07-04 | in pf_state_key_attach(), when we find that there already is a state key | Henning Brauer |
2008-07-04 | remove prototype for nonexistant function | Henning Brauer |
2008-07-03 | link pf state keys to tcp pcbs and vice versa. | Henning Brauer |
2008-07-01 | Don't return immediately if we're actually passing the traffic, we want to | Ryan Thomas McBride |
2008-07-01 | PF_DT_SKIP_STATETREE is no longer used. | Ryan Thomas McBride |
2008-06-29 | Simplify state creation code; merge state import/export code between pfsync | Ryan Thomas McBride |
2008-06-26 | Fix sticky-address on rdr; With the current nat code, we always use the same | Ryan Thomas McBride |
2008-06-21 | Only do state key linking on the outbound path. | Ryan Thomas McBride |
2008-06-16 | when freeing a state key sk1, look wether it is linked to another state key | Henning Brauer |
2008-06-12 | fix synproxy. | Henning Brauer |
2008-06-11 | when we establish the mapping from a state key, do it both ways, aka | Henning Brauer |
2008-06-11 | factor out state creation code for readability; make it static inline | Henning Brauer |
2008-06-11 | superfluous to check for m != NULL in pf_find_state, it is plain | Henning Brauer |
2008-06-11 | after finding a state in the outbound path clear the statekey pointer | Henning Brauer |
2008-06-11 | extra paranoia: | Henning Brauer |
2008-06-11 | yuck, fix a last minute collision | Henning Brauer |
2008-06-11 | store a pointer to the stack side state key in the mbuf packet | Henning Brauer |
2008-06-10 | Handle the closing of half connections where we don't see the full | Reyk Floeter |
2008-06-10 | Simplify code slightly; use PR_ZERO with pool_get() rather than bzero(). | Ryan Thomas McBride |
2008-06-10 | Handle a special sloppy case where we only see one half of the | Reyk Floeter |
2008-06-10 | remove a debug check& printf that should not have gone in in the first | Henning Brauer |
2008-06-10 | save somespace in the state by collapsing two 8 bit ints used as booleans | Henning Brauer |
2008-06-10 | in pf_test_state_icmp when trying tomatch icmp errors to tcp sessions | Henning Brauer |
2008-06-10 | implement a sloppy tcpstate tracker which does not look at sequence | Henning Brauer |
2008-06-09 | rename arc4random_bytes => arc4random_buf to match libc's nicer name; | Damien Miller |
2008-06-08 | factor out the tcp sequence number tracking from pf_test_state_tcp | Henning Brauer |
2008-06-08 | null pointer check before deref | Henning Brauer |
2008-06-02 | Fix synproxy breakage introduced with the state table reorganization. | Ryan Thomas McBride |
2008-05-30 | trivial KNF before we go further | Henning Brauer |
2008-05-29 | Second half of PF state table rearrangement. | Ryan Thomas McBride |
2008-05-29 | rewrite the state table logic. | Henning Brauer |
2008-05-18 | KNF | Ryan Thomas McBride |
2008-05-15 | divert for ipv6; ok henning, pyr | Markus Friedl |
2008-05-09 | divert packets to local socket without modifying the ip header; | Markus Friedl |
2008-05-07 | scrub packets based on tags; ok henning | Markus Friedl |
2008-05-07 | backout last change, it's already there.... | Markus Friedl |
2008-05-06 | Kill state if we get SYN for a state that has been closed from both sides. | Markus Friedl |
2008-05-06 | Add a counter to record how many states have been created by a rule. | Marco Pfatschbacher |