summaryrefslogtreecommitdiff
path: root/sys/net/pf.c
AgeCommit message (Expand)Author
2003-10-10make sure pd is initialized before use (or byte counters may increaseDaniel Hartmeier
2003-10-02correct endian handling of ip->ip_off.Jun-ichiro itojun Hagino
2003-09-26Rearchitecture of the userland/kernel IOCTL interface for transactions.Cedric Berger
2003-09-26Move statistics counters from individual pf_test_<proto>() andRyan Thomas McBride
2003-09-24Remove state setup no-ops.Ryan Thomas McBride
2003-09-01KNFHenning Brauer
2003-09-01Make nat rule update the table counters when no filtering rule is used.Cedric Berger
2003-08-28fix "pfctl -vvsr" output for rules with tables inside anchors.Cedric Berger
2003-08-21Add Michal Zalewski's p0f v2 style passive OS fingerprinting to PF.Mike Frantzen
2003-08-18prevent looutput() feedback of broadcast/multicast packets if they areDaniel Hartmeier
2003-08-17Missing break, change NULL -> 0 for int parameter (no functionalDaniel Hartmeier
2003-08-14m_copyback()'s 4th arg is const void *, nuke (caddr_t) casts.Jason Wright
2003-08-09This patch remove the restriction that tables cannot be used in routing orCedric Berger
2003-08-07make pf_match take u_int32_t instead of u_int16_tHenning Brauer
2003-07-29Set pf_state->rt_ifp when creating the state entry, instead of doing itDaniel Hartmeier
2003-07-29More aggressive and easier to understand skip steps for addresses.Cedric Berger
2003-07-19Simplify struct pf_pooladdr to include struct pf_addr_wrap directlyCedric Berger
2003-07-12Remove two htons(), which were meant as ntohs(), and are wrong sinceDaniel Hartmeier
2003-07-09do not flip ip_len/ip_off in netinet stack. deraadt ok.Jun-ichiro itojun Hagino
2003-07-04cosmetic changes to keep the different code paths in sync; ok henningMarkus Friedl
2003-07-04-add a "natpass" field to pf_ruleHenning Brauer
2003-07-04bad redundant copy; ok danielMarkus Friedl
2003-06-29normalize IPv6 packet (no reass, but it is a start). dhartmei & henning okJun-ichiro itojun Hagino
2003-06-29unused global. dhartmei okJun-ichiro itojun Hagino
2003-06-28remove duplicated prototype (they are in pfvar.h). dhartmei okJun-ichiro itojun Hagino
2003-06-24in the ipv6 case, allow route-to to route to link-local addressesHenning Brauer
2003-06-24KNFHenning Brauer
2003-06-21count packets and bidirectionally on state entries, allowing for fine-grainedDamien Miller
2003-06-20Add MSS support to the synproxy. The client's MSS is sent to the server,Daniel Hartmeier
2003-06-20Extend 'BAD ICMP' debug message, include icmp type/code and outer IP headerDaniel Hartmeier
2003-06-14Use source's window scaling factor (instead of destination's) whenDaniel Hartmeier
2003-06-10It would kind of help if the flags member was initialized, otherwise randomDaniel Hartmeier
2003-06-09Attempt to resolve byte order confusion in nat code once and for all.Ryan Thomas McBride
2003-06-03move some prototypes to pfvar.h. needed soon.Henning Brauer
2003-05-18speed hack: delay fetching the mbuf tag until we really need it (hit aHenning Brauer
2003-05-18Merge pf_send_ack() and _send_syn() into a generic _send_tcp().Daniel Hartmeier
2003-05-17Correct two comment typos.Daniel Hartmeier
2003-05-17With rdr we want the source IP from the packet, not the source IP fromRyan Thomas McBride
2003-05-17allow inverse matching on tagsHenning Brauer
2003-05-17Add an 'action' code that allows the SYN proxy to swallow/drop a packetDaniel Hartmeier
2003-05-16TCP SYN proxy. Instead of 'keep state' or 'modulate state', one can useDaniel Hartmeier
2003-05-14- modulate TCP Timestamps so they can't be used to detect NAT and to precludeMike Frantzen
2003-05-14tag on each matching rule, not just the last one.Henning Brauer
2003-05-14Use official (from pcap people) link type for pflog.Can Erkin Acar
2003-05-142 lines of code bring us tags on nat rulesHenning Brauer
2003-05-13add support for tagging packets with arbitary tags and filtering based onHenning Brauer
2003-05-12- TCP window scaling is not applied to the SYNs' window so we must retract theMike Frantzen
2003-05-12Reorder IPv6 address comparisons to check the least significant partsRyan Thomas McBride
2003-05-12Adaptive timeout value scaling. Allows to reduce timeout values as theDaniel Hartmeier
2003-05-11the start of stateful TCP scrubbing. dynamically determine the highest TTL ofMike Frantzen