| Age | Commit message (Expand) | Author |
|---|
| 2012-11-23 | make sure to always pass an array of struct pf_src_node pointers to | Mike Belopuhov |
| 2012-11-06 | backout csum diff for the moment, requested by theo | Henning Brauer |
| 2012-11-01 | redo most of the protocol (tcp/udp/...) checksum handling | Henning Brauer |
| 2012-10-30 | Use time_uptime for expiration values as time_second can be skewed at | Florian Obser |
| 2012-10-21 | Add the IP_DIVERTFL socket option on divert(4) sockets to control | Sebastian Benoit |
| 2012-09-19 | More radix internals pushdown; place rn_mpath_next, which accepts and | Bret Lambert |
| 2012-09-18 | prio 0 is valid, therefore, I chose an "impossible" value for prio meaning | Henning Brauer |
| 2012-08-30 | Sloppy state tracking renders ICMP direction check useless | Mike Belopuhov |
| 2012-07-26 | rename all_state_flags to state_flags to finish the transition | Mike Belopuhov |
| 2012-07-10 | With address family translation, the ip length of the quoted ip | Alexander Bluhm |
| 2012-07-07 | rename prio in struct pf_rule and related structs to set_prio so it is | Henning Brauer |
| 2012-06-26 | initialize 'reason' variable before passing it to the pflog_packet; | Mike Belopuhov |
| 2012-05-12 | Ignore/preserve ECN bits on ToS matching and scrubbing. | Marco Pfatschbacher |
| 2012-04-11 | SLIST_REMOVE_NEXT -> SLIST_REMOVE_AFTER for better consistency and | Christian Weisgerber |
| 2012-04-03 | Fix kernel compilation with pf but without pfsync pseudo-device by | Mike Belopuhov |
| 2012-02-05 | Improve the ICMPv6 direction check | Mike Belopuhov |
| 2012-02-03 | The kernel did not compile without INET6. Put some #ifdefs into | Alexander Bluhm |
| 2012-01-28 | improve icmp virtual id generation for ND and MLD packets so that | Mike Belopuhov |
| 2012-01-28 | try to lookup the icmp state based on a correct packet descriptor; | Mike Belopuhov |
| 2012-01-26 | Clean up the pf normalization code: | Alexander Bluhm |
| 2012-01-26 | Minor fixes for pf_walk_header6(): | Alexander Bluhm |
| 2012-01-18 | Remove dead assignments and newly created unused variables. | Charles Longeau |
| 2012-01-17 | Fix trailing whitespace. | Alexander Bluhm |
| 2012-01-16 | Pass struct pf_pdesc to pf_walk_option6() and pf_walk_header6() to | Alexander Bluhm |
| 2012-01-15 | Calling pf_normalize_ip() from pf_setup_pdesc() was bad as the | Alexander Bluhm |
| 2011-12-21 | Just use pd->sidx and pd->didx to reverse the state key arguments | Marco Pfatschbacher |
| 2011-12-19 | improve the icmp direction check to deal correctly with af-to states | Mike Belopuhov |
| 2011-12-12 | fixup af-to regression with match rules | Mike Belopuhov |
| 2011-12-02 | Kill unused IFCAP_IPSEC and IFCAP_IPCOMP. | Christiano F. Haesbaert |
| 2011-11-28 | deprecate PFTM_UNTIL_PACKET. nothing in the tree uses it, and | David Gwynne |
| 2011-11-26 | Apply route-to to deferred packet; without this the first packet of a | Ryan Thomas McBride |
| 2011-11-25 | use time_uptime to set state creation values as time_second can be | David Gwynne |
| 2011-10-21 | add forgotten fixup for icmp6 id's when translating; ok henning | Mike Belopuhov |
| 2011-10-13 | Since the IPv6 madness is not enough introduce NAT64 -- which is actually | Claudio Jeker |
| 2011-10-07 | remove inaccurate comment - we don't have state tableS any more, there is | Henning Brauer |
| 2011-09-28 | As requested by henning, move the mbuf pointer into struct pf_pdesc. | Alexander Bluhm |
| 2011-09-22 | As I have touched half of pf lines anyway, fix whitespaces now. | Alexander Bluhm |
| 2011-09-21 | Check the protocol header length for tcp, udp, icmp, icmp6 in | Alexander Bluhm |
| 2011-09-20 | pf_setup_pdesc() panics if address family is neither AF_INET nor | Alexander Bluhm |
| 2011-09-20 | Put kif and dir into pdesc an use this instead of passing the values | Alexander Bluhm |
| 2011-09-19 | Consolidate pf function parameters. Move off and hdrlen into pdesc | Alexander Bluhm |
| 2011-09-18 | Move the pdesc initialization code into pf_setup_pdesc(). Unify | Alexander Bluhm |
| 2011-09-18 | Move the call to pf_test_rule() for fragments that have not been | Alexander Bluhm |
| 2011-09-17 | The pd->ip_sum and pd->proto_sum fields are not needed. Replace | Alexander Bluhm |
| 2011-09-17 | move initialisation of pd->nsaddr and pd->ndaddr from pf_test_rule to | Henning Brauer |
| 2011-09-17 | Deduplicate IPv4 and IPv6 code that handles fragments that have not | Alexander Bluhm |
| 2011-08-30 | Add support for one shot rules that remove themselves from an active | Mike Belopuhov |
| 2011-08-03 | Remove redundant prototype for pf_socket_lookup(). | Marco Pfatschbacher |
| 2011-07-27 | Add support for weighted round-robin in load balancing pools and tables. | Ryan Thomas McBride |
| 2011-07-24 | OS fingerprinting can only be done on rules that explicitly specify TCP | Ryan Thomas McBride |
