Age | Commit message (Expand) | Author |
2003-11-09 | remove stale forward declaration | Daniel Hartmeier |
2003-11-04 | add in(6)_pcblookup_listen() and replace all calls to in_pcblookup() | Markus Friedl |
2003-11-03 | pf_route() can change output NIC, so we need to check its capabilities. | Cedric Berger |
2003-10-31 | Remove remenants of pf_tree stuff that I missed. | Ryan Thomas McBride |
2003-10-29 | fix binat for incoming connections when a netblock (not just a single | Daniel Hartmeier |
2003-10-25 | Build state search indexes directly on pf_state instead of pf_tree_node. | Ryan Thomas McBride |
2003-10-10 | make sure pd is initialized before use (or byte counters may increase | Daniel Hartmeier |
2003-10-02 | correct endian handling of ip->ip_off. | Jun-ichiro itojun Hagino |
2003-09-26 | Rearchitecture of the userland/kernel IOCTL interface for transactions. | Cedric Berger |
2003-09-26 | Move statistics counters from individual pf_test_<proto>() and | Ryan Thomas McBride |
2003-09-24 | Remove state setup no-ops. | Ryan Thomas McBride |
2003-09-01 | KNF | Henning Brauer |
2003-09-01 | Make nat rule update the table counters when no filtering rule is used. | Cedric Berger |
2003-08-28 | fix "pfctl -vvsr" output for rules with tables inside anchors. | Cedric Berger |
2003-08-21 | Add Michal Zalewski's p0f v2 style passive OS fingerprinting to PF. | Mike Frantzen |
2003-08-18 | prevent looutput() feedback of broadcast/multicast packets if they are | Daniel Hartmeier |
2003-08-17 | Missing break, change NULL -> 0 for int parameter (no functional | Daniel Hartmeier |
2003-08-14 | m_copyback()'s 4th arg is const void *, nuke (caddr_t) casts. | Jason Wright |
2003-08-09 | This patch remove the restriction that tables cannot be used in routing or | Cedric Berger |
2003-08-07 | make pf_match take u_int32_t instead of u_int16_t | Henning Brauer |
2003-07-29 | Set pf_state->rt_ifp when creating the state entry, instead of doing it | Daniel Hartmeier |
2003-07-29 | More aggressive and easier to understand skip steps for addresses. | Cedric Berger |
2003-07-19 | Simplify struct pf_pooladdr to include struct pf_addr_wrap directly | Cedric Berger |
2003-07-12 | Remove two htons(), which were meant as ntohs(), and are wrong since | Daniel Hartmeier |
2003-07-09 | do not flip ip_len/ip_off in netinet stack. deraadt ok. | Jun-ichiro itojun Hagino |
2003-07-04 | cosmetic changes to keep the different code paths in sync; ok henning | Markus Friedl |
2003-07-04 | -add a "natpass" field to pf_rule | Henning Brauer |
2003-07-04 | bad redundant copy; ok daniel | Markus Friedl |
2003-06-29 | normalize IPv6 packet (no reass, but it is a start). dhartmei & henning ok | Jun-ichiro itojun Hagino |
2003-06-29 | unused global. dhartmei ok | Jun-ichiro itojun Hagino |
2003-06-28 | remove duplicated prototype (they are in pfvar.h). dhartmei ok | Jun-ichiro itojun Hagino |
2003-06-24 | in the ipv6 case, allow route-to to route to link-local addresses | Henning Brauer |
2003-06-24 | KNF | Henning Brauer |
2003-06-21 | count packets and bidirectionally on state entries, allowing for fine-grained | Damien Miller |
2003-06-20 | Add MSS support to the synproxy. The client's MSS is sent to the server, | Daniel Hartmeier |
2003-06-20 | Extend 'BAD ICMP' debug message, include icmp type/code and outer IP header | Daniel Hartmeier |
2003-06-14 | Use source's window scaling factor (instead of destination's) when | Daniel Hartmeier |
2003-06-10 | It would kind of help if the flags member was initialized, otherwise random | Daniel Hartmeier |
2003-06-09 | Attempt to resolve byte order confusion in nat code once and for all. | Ryan Thomas McBride |
2003-06-03 | move some prototypes to pfvar.h. needed soon. | Henning Brauer |
2003-05-18 | speed hack: delay fetching the mbuf tag until we really need it (hit a | Henning Brauer |
2003-05-18 | Merge pf_send_ack() and _send_syn() into a generic _send_tcp(). | Daniel Hartmeier |
2003-05-17 | Correct two comment typos. | Daniel Hartmeier |
2003-05-17 | With rdr we want the source IP from the packet, not the source IP from | Ryan Thomas McBride |
2003-05-17 | allow inverse matching on tags | Henning Brauer |
2003-05-17 | Add an 'action' code that allows the SYN proxy to swallow/drop a packet | Daniel Hartmeier |
2003-05-16 | TCP SYN proxy. Instead of 'keep state' or 'modulate state', one can use | Daniel Hartmeier |
2003-05-14 | - modulate TCP Timestamps so they can't be used to detect NAT and to preclude | Mike Frantzen |
2003-05-14 | tag on each matching rule, not just the last one. | Henning Brauer |
2003-05-14 | Use official (from pcap people) link type for pflog. | Can Erkin Acar |