| Age | Commit message (Expand) | Author |
|---|
| 2002-10-07 | Add 'reply-to' to filter rules, similar to route-to, but applying to | Daniel Hartmeier |
| 2002-10-05 | Allow filtering based on IP header's tos field. | Daniel Hartmeier |
| 2002-10-04 | [to the right branch this time] | Jason Ish |
| 2002-09-27 | daddr was used where saddr was meant while checking incoming packets for | Henning Brauer |
| 2002-09-11 | KNF - return is not a function. | Jun-ichiro itojun Hagino |
| 2002-08-28 | Fix a problem where passing NULL as a pointer with varargs does not promote | Per Fogelstrom |
| 2002-08-12 | Use state tree instead of separate (flat) list to find NAT proxy ports, | Daniel Hartmeier |
| 2002-08-08 | th_flags doesn't have to be equal to TH_SYN to generate modulator, it's | Daniel Hartmeier |
| 2002-07-24 | Use host order when adding packet size to interface statistics counter. | Daniel Hartmeier |
| 2002-07-15 | add u_int8_t ifnot to struct pf_rule to support matching packets on any | Henning Brauer |
| 2002-07-15 | remove duplicated interface check in test_icmp | Henning Brauer |
| 2002-07-12 | Remove duplicate function declarations (they are in pfvar.h). | Artur Grabowski |
| 2002-07-10 | let IPv6 fragment go through based on normal rulesets. | Jun-ichiro itojun Hagino |
| 2002-06-14 | spelling; from Brian Poole <raj@cerias.purdue.edu> | Todd T. Fries |
| 2002-06-11 | enumerate UDP and OTHER state levels (similar to tcp_fsm.h) | Mike Frantzen |
| 2002-06-11 | Make NAT proxy port range configurable per rule, for instance privileged | Daniel Hartmeier |
| 2002-06-11 | Don't panic when pf_insert_state() detects an attempt to insert a | Daniel Hartmeier |
| 2002-06-11 | KNF return x -> return (x), ok frantzen@ | Daniel Hartmeier |
| 2002-06-10 | Allow ports to be specified in nat rules, useful later on for individual | Daniel Hartmeier |
| 2002-06-10 | Don't #include <sys/malloc.h> | Daniel Hartmeier |
| 2002-06-09 | Make pf_nat.saddr/daddr a pf_rule_addr instead of pf_addr_wrap, so it | Daniel Hartmeier |
| 2002-06-09 | reapply patch from jasoni@ for ICMP6_PACKET_TOO_BIG | Philipp Buehler |
| 2002-06-09 | reapply patch from jasoni@ for pf_route[6] | Philipp Buehler |
| 2002-06-09 | split ioctl functions out of pf.c into pf_ioctl.c | Philipp Buehler |
| 2002-06-09 | uncommit, broken (by corrupt diff) | Philipp Buehler |
| 2002-06-09 | new file sys/net/pf_ioctl.c | Philipp Buehler |
| 2002-06-09 | increment ifs6_in_toobig if ipv6 packet too large for interface in | jasoni |
| 2002-06-09 | in pf_route{6}, if too large for outgoing interface and not allowed to | jasoni |
| 2002-06-08 | Make state timeouts configurable per rule, like | Daniel Hartmeier |
| 2002-06-07 | add the possibility to configure a TTL while return-rst | Philipp Buehler |
| 2002-06-07 | in pf_route{6}, do not pass thru pf_test again if the outgoing | jasoni |
| 2002-06-07 | Add "(max <number>)" option for "keep/modulate state" to limit the number | Daniel Hartmeier |
| 2002-06-07 | switch from AVL tree's to herr Provos' red-black trees | Mike Frantzen |
| 2002-06-07 | Call pf_test() from pf_route() to filter (and translate) routed packets, | Daniel Hartmeier |
| 2002-06-07 | sync behaviour about DF bit between ip_output()/tcp_response() | Philipp Buehler |
| 2002-06-01 | ECN flag support for pf. Committed in consultation with Daniel. | Hugh Graham |
| 2002-05-31 | respect rmx_mtu (cached PMTUD result) on outbound. deraadt/angelos ok | Jun-ichiro itojun Hagino |
| 2002-05-31 | KNF | Theo de Raadt |
| 2002-05-28 | remove duplicated fragmentation code in favour of ip_fragment().. | jasoni |
| 2002-05-19 | KNF again | Theo de Raadt |
| 2002-05-12 | correct AH header chasing. ok dhartmei@openbsd | Jun-ichiro itojun Hagino |
| 2002-05-12 | Add gid based filtering, reduce to one (effective) uid, rename parser | Daniel Hartmeier |
| 2002-05-09 | Introduce user based filtering. Rules can specify ruid and euid (real and | Daniel Hartmeier |
| 2002-05-05 | Instead of returning a useless kernel space pointer for the rule that | Daniel Hartmeier |
| 2002-04-24 | Add dynamic (in-kernel) interface name -> address translation. Instead of | Daniel Hartmeier |
| 2002-04-23 | Allow explicit filtering of fragments when they are not reassembled. | Daniel Hartmeier |
| 2002-04-20 | All calls to pool_get(9) should use PR_xx flags, not M_xx. | Federico G. Schwindt |
| 2002-04-08 | Credit DARPA/USAF appropriately. | Jason Wright |
| 2002-03-31 | Use ip_defttl as ttl for return-rst instead of an arbitrary hardcoded | Daniel Hartmeier |
| 2002-03-30 | Initialize sequence number high limit from 1 to the real value with the | Daniel Hartmeier |
