Age | Commit message (Expand) | Author |
2004-11-24 | fix a bug that leads to a crash when binat rules of the form | Daniel Hartmeier |
2004-11-19 | remove superfluous m_tag_copy/m_tag_prepend, already covered by m_copym2() | Daniel Hartmeier |
2004-11-12 | The flag to re-filter pf-generated packets was set wrong by synproxy | Daniel Hartmeier |
2004-11-07 | For RST generated due to state mismatch during handshake, don't set | Daniel Hartmeier |
2004-09-29 | reset anchor pointer to NULL when stepping back into the main ruleset, | Daniel Hartmeier |
2004-09-20 | pf_routable(), used for the no-route keyword, was a v4 only implementation, | Henning Brauer |
2004-09-17 | Clean up reference counting wrt state creation and destruction. Fixes | Ryan Thomas McBride |
2004-07-11 | backout IPv6 reass-on-scrub patch (more work needs to be done). | Jun-ichiro itojun Hagino |
2004-06-25 | correct "scrub in" behavior for IPv6. | Jun-ichiro itojun Hagino |
2004-06-25 | IPv6 reassembly on "scrub" directive. | Jun-ichiro itojun Hagino |
2004-06-22 | Pull the plug on source-based routing until remaining bugs are eradicated. | Cedric Berger |
2004-06-21 | First step towards more sane time handling in the kernel -- this changes | Thorsten Lockert |
2004-06-21 | Get rid of pf_test_eh() wrapper. | Ryan Thomas McBride |
2004-06-10 | rename struct pf_rule_addr member 'not' to 'neg', as 'not' is a reserved | Daniel Hartmeier |
2004-06-06 | extend routing table to be able to match and route packets based on | Cedric Berger |
2004-05-19 | Allow recursive anchors (anchors within anchors, up to 64 | Daniel Hartmeier |
2004-05-11 | pf_cksum_fixup() was called without last argument from normalization, | Daniel Hartmeier |
2004-05-11 | change pf_route() loop detection: introduce a counter (number of times | Daniel Hartmeier |
2004-05-05 | Use RFC1323 PAWS timestamps as a logical extension to the conventional TCP | Mike Frantzen |
2004-04-28 | make return-rst work on pure bridges. ok dhartmei@ henning@ mcbride@ | Cedric Berger |
2004-04-28 | Dont step into INET6 code, just because af != AF_INET | Philipp Buehler |
2004-04-27 | validate the sequence numbers on TCP resets are an exact match. check is only | Mike Frantzen |
2004-04-26 | Prevent biases in arc4random() from disclosing the byte order of the firewall. | Ryan Thomas McBride |
2004-04-26 | anchor refcounting. ok dhartmei@ mcbride@ | Cedric Berger |
2004-04-25 | prevent an endless loop with route-to lo0, fixes PR 3736, | Daniel Hartmeier |
2004-04-25 | get rid of a complete state tree walk at state expire while in splnet() | Philipp Buehler |
2004-04-25 | sync 'other' in test6, too. | Philipp Buehler |
2004-04-25 | don't add PF_GENERATED tag to synproxy generated packets for the second | Daniel Hartmeier |
2004-04-24 | Add "probability xxx" rule modifier. ok deraadt@ | Cedric Berger |
2004-04-17 | when the input queue congestion flag is set stop evaluating the ruleset | Henning Brauer |
2004-04-05 | make pftag ** (pass pointer by reference), otherwise it's never updated. | Daniel Hartmeier |
2004-03-26 | Properly m_copyback() modified TCP sequence number after demodulation | Daniel Hartmeier |
2004-03-25 | Fix icmp checksum when sequence number modlation is being used. | Ryan Thomas McBride |
2004-03-22 | Support for best effort bulk transfers of states when pfsync syncif is | Ryan Thomas McBride |
2004-03-11 | Don't call pf_src_tree_remove_state() on error in pf_insert_state(), | Ryan Thomas McBride |
2004-03-09 | KNF, ok cedric@ deraadt@ | Ryan Thomas McBride |
2004-02-24 | Remove redundant logging from pf_test_other(). | Ryan Thomas McBride |
2004-02-24 | KNF | Ryan Thomas McBride |
2004-02-20 | Make pfsync deal with clearing states bound to a group or interface (eg | Ryan Thomas McBride |
2004-02-19 | the 2nd round of the qid assignment change. | Kenjiro Cho |
2004-02-10 | KNF | Daniel Hartmeier |
2004-02-10 | plug mbuf leak (ip_fragment() always free mbuf on error). tested by cedric, | Jun-ichiro itojun Hagino |
2004-02-10 | KNF | Henning Brauer |
2004-02-04 | Fix a number of bugs with setting pool limits which I introduced with | Ryan Thomas McBride |
2004-02-02 | Do not evaluate pfi_index2kif[ifp->if_index] if PF is disabled. | Cedric Berger |
2004-01-27 | drop packet if kif == NULL; ok henning deraadt | Markus Friedl |
2004-01-06 | Drop UDP packets with destination port 0, or zero or oversized payload | Daniel Hartmeier |
2004-01-05 | 0 -> (void *)NULL for last argument of icmp_error(), which is of type | Daniel Hartmeier |
2004-01-04 | better macro name (IF_LOCKED -> BOUND_IFACE). from markus. | Cedric Berger |
2003-12-31 | spacing. note this, cedric | Theo de Raadt |