summaryrefslogtreecommitdiff
path: root/sys/net/pf.c
AgeCommit message (Expand)Author
2008-08-26introduce a function to be called when addressing information has changed,Henning Brauer
2008-08-22Make pf_print_host() print IPv6 addresses correctly.Alexander Bluhm
2008-08-02do not write the pf state key pointer to the pkhdr.Henning Brauer
2008-07-22after pf_state_key_atach nothing must use the state keys passed to it anyHenning Brauer
2008-07-21some whitespace cleanup I did while looking through the codeDavid Krause
2008-07-21fix typo that broke rdr rules (without pass) with non-TCP/UDP/ICMP protocolsDavid Krause
2008-07-14m_copy can return NULL, so check for itHenning Brauer
2008-07-10check pf NAT source port allocation against net.inet.(tcp|udp).baddynamicDamien Miller
2008-07-10In pf_state_insert(), if the first pf_state_key_attach() fails, theDavid Krause
2008-07-05in pf_state_key_attach(), when there is already an existing state key thatDavid Krause
2008-07-04in pf_state_key_attach(), when we find that there already is a state keyHenning Brauer
2008-07-04remove prototype for nonexistant functionHenning Brauer
2008-07-03link pf state keys to tcp pcbs and vice versa.Henning Brauer
2008-07-01Don't return immediately if we're actually passing the traffic, we want toRyan Thomas McBride
2008-07-01PF_DT_SKIP_STATETREE is no longer used.Ryan Thomas McBride
2008-06-29Simplify state creation code; merge state import/export code between pfsyncRyan Thomas McBride
2008-06-26Fix sticky-address on rdr; With the current nat code, we always use the sameRyan Thomas McBride
2008-06-21Only do state key linking on the outbound path.Ryan Thomas McBride
2008-06-16when freeing a state key sk1, look wether it is linked to another state keyHenning Brauer
2008-06-12fix synproxy.Henning Brauer
2008-06-11when we establish the mapping from a state key, do it both ways, akaHenning Brauer
2008-06-11factor out state creation code for readability; make it static inlineHenning Brauer
2008-06-11superfluous to check for m != NULL in pf_find_state, it is plainHenning Brauer
2008-06-11after finding a state in the outbound path clear the statekey pointerHenning Brauer
2008-06-11extra paranoia:Henning Brauer
2008-06-11yuck, fix a last minute collisionHenning Brauer
2008-06-11store a pointer to the stack side state key in the mbuf packetHenning Brauer
2008-06-10Handle the closing of half connections where we don't see the fullReyk Floeter
2008-06-10Simplify code slightly; use PR_ZERO with pool_get() rather than bzero().Ryan Thomas McBride
2008-06-10Handle a special sloppy case where we only see one half of theReyk Floeter
2008-06-10remove a debug check& printf that should not have gone in in the firstHenning Brauer
2008-06-10save somespace in the state by collapsing two 8 bit ints used as booleansHenning Brauer
2008-06-10in pf_test_state_icmp when trying tomatch icmp errors to tcp sessionsHenning Brauer
2008-06-10implement a sloppy tcpstate tracker which does not look at sequenceHenning Brauer
2008-06-09rename arc4random_bytes => arc4random_buf to match libc's nicer name;Damien Miller
2008-06-08factor out the tcp sequence number tracking from pf_test_state_tcpHenning Brauer
2008-06-08null pointer check before derefHenning Brauer
2008-06-02Fix synproxy breakage introduced with the state table reorganization.Ryan Thomas McBride
2008-05-30trivial KNF before we go furtherHenning Brauer
2008-05-29Second half of PF state table rearrangement.Ryan Thomas McBride
2008-05-29rewrite the state table logic.Henning Brauer
2008-05-18KNFRyan Thomas McBride
2008-05-15divert for ipv6; ok henning, pyrMarkus Friedl
2008-05-09divert packets to local socket without modifying the ip header;Markus Friedl
2008-05-07scrub packets based on tags; ok henningMarkus Friedl
2008-05-07backout last change, it's already there....Markus Friedl
2008-05-06Kill state if we get SYN for a state that has been closed from both sides.Markus Friedl
2008-05-06Add a counter to record how many states have been created by a rule.Marco Pfatschbacher
2008-05-05remove a useless refcnt in pf_state_key.Henning Brauer
2008-02-20make return-rst work correctly in the IPv6 case again.Henning Brauer