Age | Commit message (Expand) | Author |
2007-06-24 | Save some bytes and make code more readable by removing junk union and | Ryan Thomas McBride |
2007-06-21 | reimplement interface bound states in a non-retarded way. | Henning Brauer |
2007-06-20 | Allow "log" for nat rules without "pass". | Marco Pfatschbacher |
2007-06-15 | in pf_test_rule, before handling IPPROTO_ICMP / IPPROTO_ICMPV6, check that | Henning Brauer |
2007-06-09 | fix wrong argument passing to m_copyback for the log case | Henning Brauer |
2007-06-09 | sizeof(ptr) is no good if you want sizeof(*ptr). icmp/icmpv6. | Henning Brauer |
2007-06-02 | pf_set_rt_ifp accesses state key data, so must be called later | Henning Brauer |
2007-06-01 | factor out duplicated code to allocate state key and cross-reference it | Henning Brauer |
2007-06-01 | fold pf_test_tcp(), pf_test_udp(), pf_test_icmp(), pf_test_other() into | Henning Brauer |
2007-06-01 | apply the "skip ipsec if there are no flows" speedup diff to IPv6 too. | Henning Brauer |
2007-05-31 | Move the state id and creatorid (used mainly by pfsync) into struct pf_state. | Ryan Thomas McBride |
2007-05-31 | Unbreak pf.c compilation on gcc 2.95 architectures. Found by todd@ | Ryan Thomas McBride |
2007-05-31 | First step of rearranging pf's state table internals... | Ryan Thomas McBride |
2007-05-29 | gain us another 10+% of performance. | Henning Brauer |
2007-05-28 | double pf performance. | Henning Brauer |
2007-05-27 | get rid of static. | David Gwynne |
2007-05-27 | clarify things by passing kif->pfik_ifp around in pf_test{,6} instead | Pierre-Yves Ritschard |
2007-05-26 | add comments indicating why we do m = *m0; again after pf_normalize, ryan ok | Henning Brauer |
2007-05-08 | block ALL packets with rthdr0 in pf_test6(). We already do this | Ryan Thomas McBride |
2007-05-08 | Routing headers are dangerous. Deal with them the same way as IPv4 options: | Ryan Thomas McBride |
2007-02-22 | make urpf-failed work with multipath routes. | Pierre-Yves Ritschard |
2007-02-19 | add handling of skip steps for urpf-failed addresses. | Pierre-Yves Ritschard |
2007-02-14 | Consistently spell FALLTHROUGH to appease lint. | Jonathan Gray |
2007-02-08 | compute pseudo-header checksum based on flnal destination as | Jun-ichiro itojun Hagino |
2006-12-22 | add special handling for "urpf-failed" with carp interfaces. the | Reyk Floeter |
2006-12-21 | in pf_route(), initialize ro to NULL at the beginning. if left un- | Daniel Hartmeier |
2006-12-14 | in "BAD/loose state" messages, also print the packet's original sequence | Daniel Hartmeier |
2006-12-13 | use IN6_IS_SCOPE_EMBED to check kernel-internal form addresses | Jun-ichiro itojun Hagino |
2006-11-16 | conditional for appending the pf mbuf tag in pf_test/pf_test6 was wrong, | Henning Brauer |
2006-10-31 | make pfsync a clonable too, but prevent more than one instance from | Henning Brauer |
2006-10-27 | Split ruleset manipulation functions out into pf_ruleset.c to allow them to | Ryan Thomas McBride |
2006-10-11 | Allow the 'quick' keyword on an anchor. IFF there is a matching rule inside | Ryan Thomas McBride |
2006-09-18 | allow RST from TCP client, even if client does not send data after SYN; | Markus Friedl |
2006-09-18 | fix tos (type-of-service) comparisons. for rules which use 'tos x', compare | Daniel Hartmeier |
2006-07-06 | allow rules to point to an alternate routing table, and tag packets | Henning Brauer |
2006-05-17 | missing rtlabel support in pf_addr_wrap_neq() | Henning Brauer |
2006-03-14 | implement a Unicast Reverse Path Forwarding (uRPF) check for pf(4) | Damien Miller |
2006-02-07 | mention source of pf_modulate_sack() in comment, no code change, | Daniel Hartmeier |
2006-01-31 | the TCP SACK option needs sequence number modulation | Mike Frantzen |
2005-11-14 | fix spello | Christopher Pascoe |
2005-11-04 | crank pf_state and pf_src_node byte and packet counters to u_in64_t, since | Ryan Thomas McBride |
2005-10-26 | Instead of using arc4random() to modulate the TCP isn, call tcp_rndiss_next() | Ryan Thomas McBride |
2005-10-25 | mtag in pf_route is now only used for IPSEC, so #ifdef it | Henning Brauer |
2005-10-17 | make pf use one mbuf tag instead of 6 distinct ones. use a little struct | Henning Brauer |
2005-09-28 | Improve the safety of pf IOCTLs, taking into account that some paths can sleep. | Christopher Pascoe |
2005-08-22 | when nat'ing icmp 'connections', replace icmp id with proxy values | Daniel Hartmeier |
2005-08-22 | fix rdr to bitmask replacement address pool. patch from Max Laier, | Daniel Hartmeier |
2005-08-18 | Rearrange pf_state and pfi_kif so that the parts of the structure needed | Christopher Pascoe |
2005-08-11 | Only decrement the max-src-conn counter for tcp connections that reached | Joel Knight |
2005-07-31 | Perform pf state/rule/table expiry in a kernel thread instead of running | Christopher Pascoe |