summaryrefslogtreecommitdiff
path: root/sys/net/pf.c
AgeCommit message (Expand)Author
2002-12-27Fixups for pf_route and pf_route6.Ryan Thomas McBride
2002-12-27Handle binat-anchor rules in pf_match_translation(), they don't have aDaniel Hartmeier
2002-12-27Initialize rt_ifp in newly allocated pf_state objects to NULL.Daniel Hartmeier
2002-12-26Prettier debug printing in pf_map_addr.Ryan Thomas McBride
2002-12-26Additional sanity checks for pf_route(). Please report when any of theseDaniel Hartmeier
2002-12-23Change from array to single pf_pabuf (no longer need multiple buffers asRyan Thomas McBride
2002-12-22Handle rdr rules with unspecified proxy ports correctly. Also don'tRyan Thomas McBride
2002-12-19Replace skip step calculation so it scales O(n) instead of O(n*n).Daniel Hartmeier
2002-12-19fix 'no nat/rdr/binat' evaluation. from mcbride@, slightly modified :)Daniel Hartmeier
2002-12-19Initialize pf_state.nat_rule to NULL if there's no translation used.Daniel Hartmeier
2002-12-18Store translation rule pointer in state entries, so pfctl -vsn can printDaniel Hartmeier
2002-12-18When logging packets matched by rules within anchors, use the anchor ruleDaniel Hartmeier
2002-12-18big KNF roundHenning Brauer
2002-12-18Pass skip step values through ioctl interface, pfctl -vvsr shows them,Daniel Hartmeier
2002-12-18KNFHenning Brauer
2002-12-18Match the rule protocol against the actual protocol of the packet, not justRyan Thomas McBride
2002-12-17Merge pf_nat/pf_binat/pf_rdr structs into pf_rule. Simplifies code, allowsRyan Thomas McBride
2002-12-13add pqueue and pqid to pf_rule.Henning Brauer
2002-12-06Introduce anchors and named rule sets, allowing to load additional ruleDaniel Hartmeier
2002-12-03no need to mh_align (while it's wrong), cleaner mtu setting; dhartmei@ okMichael Shalayeff
2002-12-01- Clean up pf_ioctl mainly by adding new functions to handle cleaning andRyan Thomas McBride
2002-12-01pfsync currently causes kernel faults, so we don't want to call these functionsRyan Thomas McBride
2002-11-29expose state table changesMichael Shalayeff
2002-11-28- MD5 too slow, replace with pf_hash (based on hash from if_bridge.c)Ryan Thomas McBride
2002-11-24move } outside #ifdef INET6Ryan Thomas McBride
2002-11-23KNFTheo de Raadt
2002-11-23pass a pointer to the hash, not the first chunk of itRyan Thomas McBride
2002-11-23kernel code to allow multiple redirection addresses to be specified for natRyan Thomas McBride
2002-11-22on block rules, let queue apply to the RST packets in the return-rst caseHenning Brauer
2002-10-29keep all pflog goodies in pflog sources, avoids code duplications; okski fran...Michael Shalayeff
2002-10-22Convert "int af" and "u_int8_t af" declarations and function argumentsRyan Thomas McBride
2002-10-20Move pf_compare_(rules|nats|binats|rdrs) to pf_ioctl.c. Simplifies andRyan Thomas McBride
2002-10-14Allow one to specify a netblock in a binat rule:Henning Brauer
2002-10-08the first step of pf/altq merge.Kenjiro Cho
2002-10-07-Wsign-compare cleanDaniel Hartmeier
2002-10-07set block-policy [drop|return]Henning Brauer
2002-10-07support a generic returnHenning Brauer
2002-10-07make return-icmp work for rules covering both v4 and v6Henning Brauer
2002-10-07use a new rule_flag PFRULE_RETURNICMP to decide wether to return-icmp or notHenning Brauer
2002-10-07Add 'reply-to' to filter rules, similar to route-to, but applying toDaniel Hartmeier
2002-10-05Allow filtering based on IP header's tos field.Daniel Hartmeier
2002-10-04[to the right branch this time]Jason Ish
2002-09-27daddr was used where saddr was meant while checking incoming packets forHenning Brauer
2002-09-11KNF - return is not a function.Jun-ichiro itojun Hagino
2002-08-28Fix a problem where passing NULL as a pointer with varargs does not promotePer Fogelstrom
2002-08-12Use state tree instead of separate (flat) list to find NAT proxy ports,Daniel Hartmeier
2002-08-08th_flags doesn't have to be equal to TH_SYN to generate modulator, it'sDaniel Hartmeier
2002-07-24Use host order when adding packet size to interface statistics counter.Daniel Hartmeier
2002-07-15add u_int8_t ifnot to struct pf_rule to support matching packets on anyHenning Brauer
2002-07-15remove duplicated interface check in test_icmpHenning Brauer