Age | Commit message (Expand) | Author |
2003-10-10 | make sure pd is initialized before use (or byte counters may increase | Daniel Hartmeier |
2003-10-02 | correct endian handling of ip->ip_off. | Jun-ichiro itojun Hagino |
2003-09-26 | Rearchitecture of the userland/kernel IOCTL interface for transactions. | Cedric Berger |
2003-09-26 | Move statistics counters from individual pf_test_<proto>() and | Ryan Thomas McBride |
2003-09-24 | Remove state setup no-ops. | Ryan Thomas McBride |
2003-09-01 | KNF | Henning Brauer |
2003-09-01 | Make nat rule update the table counters when no filtering rule is used. | Cedric Berger |
2003-08-28 | fix "pfctl -vvsr" output for rules with tables inside anchors. | Cedric Berger |
2003-08-21 | Add Michal Zalewski's p0f v2 style passive OS fingerprinting to PF. | Mike Frantzen |
2003-08-18 | prevent looutput() feedback of broadcast/multicast packets if they are | Daniel Hartmeier |
2003-08-17 | Missing break, change NULL -> 0 for int parameter (no functional | Daniel Hartmeier |
2003-08-14 | m_copyback()'s 4th arg is const void *, nuke (caddr_t) casts. | Jason Wright |
2003-08-09 | This patch remove the restriction that tables cannot be used in routing or | Cedric Berger |
2003-08-07 | make pf_match take u_int32_t instead of u_int16_t | Henning Brauer |
2003-07-29 | Set pf_state->rt_ifp when creating the state entry, instead of doing it | Daniel Hartmeier |
2003-07-29 | More aggressive and easier to understand skip steps for addresses. | Cedric Berger |
2003-07-19 | Simplify struct pf_pooladdr to include struct pf_addr_wrap directly | Cedric Berger |
2003-07-12 | Remove two htons(), which were meant as ntohs(), and are wrong since | Daniel Hartmeier |
2003-07-09 | do not flip ip_len/ip_off in netinet stack. deraadt ok. | Jun-ichiro itojun Hagino |
2003-07-04 | cosmetic changes to keep the different code paths in sync; ok henning | Markus Friedl |
2003-07-04 | -add a "natpass" field to pf_rule | Henning Brauer |
2003-07-04 | bad redundant copy; ok daniel | Markus Friedl |
2003-06-29 | normalize IPv6 packet (no reass, but it is a start). dhartmei & henning ok | Jun-ichiro itojun Hagino |
2003-06-29 | unused global. dhartmei ok | Jun-ichiro itojun Hagino |
2003-06-28 | remove duplicated prototype (they are in pfvar.h). dhartmei ok | Jun-ichiro itojun Hagino |
2003-06-24 | in the ipv6 case, allow route-to to route to link-local addresses | Henning Brauer |
2003-06-24 | KNF | Henning Brauer |
2003-06-21 | count packets and bidirectionally on state entries, allowing for fine-grained | Damien Miller |
2003-06-20 | Add MSS support to the synproxy. The client's MSS is sent to the server, | Daniel Hartmeier |
2003-06-20 | Extend 'BAD ICMP' debug message, include icmp type/code and outer IP header | Daniel Hartmeier |
2003-06-14 | Use source's window scaling factor (instead of destination's) when | Daniel Hartmeier |
2003-06-10 | It would kind of help if the flags member was initialized, otherwise random | Daniel Hartmeier |
2003-06-09 | Attempt to resolve byte order confusion in nat code once and for all. | Ryan Thomas McBride |
2003-06-03 | move some prototypes to pfvar.h. needed soon. | Henning Brauer |
2003-05-18 | speed hack: delay fetching the mbuf tag until we really need it (hit a | Henning Brauer |
2003-05-18 | Merge pf_send_ack() and _send_syn() into a generic _send_tcp(). | Daniel Hartmeier |
2003-05-17 | Correct two comment typos. | Daniel Hartmeier |
2003-05-17 | With rdr we want the source IP from the packet, not the source IP from | Ryan Thomas McBride |
2003-05-17 | allow inverse matching on tags | Henning Brauer |
2003-05-17 | Add an 'action' code that allows the SYN proxy to swallow/drop a packet | Daniel Hartmeier |
2003-05-16 | TCP SYN proxy. Instead of 'keep state' or 'modulate state', one can use | Daniel Hartmeier |
2003-05-14 | - modulate TCP Timestamps so they can't be used to detect NAT and to preclude | Mike Frantzen |
2003-05-14 | tag on each matching rule, not just the last one. | Henning Brauer |
2003-05-14 | Use official (from pcap people) link type for pflog. | Can Erkin Acar |
2003-05-14 | 2 lines of code bring us tags on nat rules | Henning Brauer |
2003-05-13 | add support for tagging packets with arbitary tags and filtering based on | Henning Brauer |
2003-05-12 | - TCP window scaling is not applied to the SYNs' window so we must retract the | Mike Frantzen |
2003-05-12 | Reorder IPv6 address comparisons to check the least significant parts | Ryan Thomas McBride |
2003-05-12 | Adaptive timeout value scaling. Allows to reduce timeout values as the | Daniel Hartmeier |
2003-05-11 | the start of stateful TCP scrubbing. dynamically determine the highest TTL of | Mike Frantzen |