summaryrefslogtreecommitdiff
path: root/sys/net/pf.c
AgeCommit message (Expand)Author
2003-11-09remove stale forward declarationDaniel Hartmeier
2003-11-04add in(6)_pcblookup_listen() and replace all calls to in_pcblookup()Markus Friedl
2003-11-03pf_route() can change output NIC, so we need to check its capabilities.Cedric Berger
2003-10-31Remove remenants of pf_tree stuff that I missed.Ryan Thomas McBride
2003-10-29fix binat for incoming connections when a netblock (not just a singleDaniel Hartmeier
2003-10-25Build state search indexes directly on pf_state instead of pf_tree_node.Ryan Thomas McBride
2003-10-10make sure pd is initialized before use (or byte counters may increaseDaniel Hartmeier
2003-10-02correct endian handling of ip->ip_off.Jun-ichiro itojun Hagino
2003-09-26Rearchitecture of the userland/kernel IOCTL interface for transactions.Cedric Berger
2003-09-26Move statistics counters from individual pf_test_<proto>() andRyan Thomas McBride
2003-09-24Remove state setup no-ops.Ryan Thomas McBride
2003-09-01KNFHenning Brauer
2003-09-01Make nat rule update the table counters when no filtering rule is used.Cedric Berger
2003-08-28fix "pfctl -vvsr" output for rules with tables inside anchors.Cedric Berger
2003-08-21Add Michal Zalewski's p0f v2 style passive OS fingerprinting to PF.Mike Frantzen
2003-08-18prevent looutput() feedback of broadcast/multicast packets if they areDaniel Hartmeier
2003-08-17Missing break, change NULL -> 0 for int parameter (no functionalDaniel Hartmeier
2003-08-14m_copyback()'s 4th arg is const void *, nuke (caddr_t) casts.Jason Wright
2003-08-09This patch remove the restriction that tables cannot be used in routing orCedric Berger
2003-08-07make pf_match take u_int32_t instead of u_int16_tHenning Brauer
2003-07-29Set pf_state->rt_ifp when creating the state entry, instead of doing itDaniel Hartmeier
2003-07-29More aggressive and easier to understand skip steps for addresses.Cedric Berger
2003-07-19Simplify struct pf_pooladdr to include struct pf_addr_wrap directlyCedric Berger
2003-07-12Remove two htons(), which were meant as ntohs(), and are wrong sinceDaniel Hartmeier
2003-07-09do not flip ip_len/ip_off in netinet stack. deraadt ok.Jun-ichiro itojun Hagino
2003-07-04cosmetic changes to keep the different code paths in sync; ok henningMarkus Friedl
2003-07-04-add a "natpass" field to pf_ruleHenning Brauer
2003-07-04bad redundant copy; ok danielMarkus Friedl
2003-06-29normalize IPv6 packet (no reass, but it is a start). dhartmei & henning okJun-ichiro itojun Hagino
2003-06-29unused global. dhartmei okJun-ichiro itojun Hagino
2003-06-28remove duplicated prototype (they are in pfvar.h). dhartmei okJun-ichiro itojun Hagino
2003-06-24in the ipv6 case, allow route-to to route to link-local addressesHenning Brauer
2003-06-24KNFHenning Brauer
2003-06-21count packets and bidirectionally on state entries, allowing for fine-grainedDamien Miller
2003-06-20Add MSS support to the synproxy. The client's MSS is sent to the server,Daniel Hartmeier
2003-06-20Extend 'BAD ICMP' debug message, include icmp type/code and outer IP headerDaniel Hartmeier
2003-06-14Use source's window scaling factor (instead of destination's) whenDaniel Hartmeier
2003-06-10It would kind of help if the flags member was initialized, otherwise randomDaniel Hartmeier
2003-06-09Attempt to resolve byte order confusion in nat code once and for all.Ryan Thomas McBride
2003-06-03move some prototypes to pfvar.h. needed soon.Henning Brauer
2003-05-18speed hack: delay fetching the mbuf tag until we really need it (hit aHenning Brauer
2003-05-18Merge pf_send_ack() and _send_syn() into a generic _send_tcp().Daniel Hartmeier
2003-05-17Correct two comment typos.Daniel Hartmeier
2003-05-17With rdr we want the source IP from the packet, not the source IP fromRyan Thomas McBride
2003-05-17allow inverse matching on tagsHenning Brauer
2003-05-17Add an 'action' code that allows the SYN proxy to swallow/drop a packetDaniel Hartmeier
2003-05-16TCP SYN proxy. Instead of 'keep state' or 'modulate state', one can useDaniel Hartmeier
2003-05-14- modulate TCP Timestamps so they can't be used to detect NAT and to precludeMike Frantzen
2003-05-14tag on each matching rule, not just the last one.Henning Brauer
2003-05-14Use official (from pcap people) link type for pflog.Can Erkin Acar