summaryrefslogtreecommitdiff
path: root/sys/net/pf.c
AgeCommit message (Expand)Author
2001-06-28lower hiwat limits, enforce hi water markNiels Provos
2001-06-28add tree traversal code (new pf_tree_node->parent), dump states TAILQ and tra...Daniel Hartmeier
2001-06-28wrap 5-tuple rule match with MATCH_TUPLE. from ben fleis <ben@monkey.org>Dug Song
2001-06-28forgot to init fr_timeoutNiels Provos
2001-06-28first stab at packet normalization. includes full ip reassembly.Niels Provos
2001-06-28Disallow filter modification when the system is "highly secure".Hugh Graham
2001-06-27change pf_tree_key->addr[2] from u_int32_t to struct in_addr for NielsDaniel Hartmeier
2001-06-27in rdr rules, let port 0 be the port wildcard; ok dhartmei@jasoni
2001-06-27change pf_tree_node->state to void *, so Niels can use a tree for fragment ha...Daniel Hartmeier
2001-06-27use proper icmp defineNiels Provos
2001-06-27add -z flag for zeroing statistics. -s status no longer resets anythingKjell Wooding
2001-06-27add microtime, which seems to have gotten lost.Kjell Wooding
2001-06-27big KNFTheo de Raadt
2001-06-27remove unneccessary check in ioctlTheo de Raadt
2001-06-27typoDug Song
2001-06-27for other protocols, keep correct track of match statsNiels Provos
2001-06-27handle non-TCP/UDP/ICMP protocolsDug Song
2001-06-27remove print_ip, its unusedNiels Provos
2001-06-27clean up TAILQ usageNiels Provos
2001-06-27KNFNiels Provos
2001-06-27only set reason code match if there was a rule that we matchedNiels Provos
2001-06-26update match countsNiels Provos
2001-06-26name comparison operatorsDug Song
2001-06-26array of counters indexed by reason codesTheo de Raadt
2001-06-26rules have numbers now, use them. add two spl locks.Daniel Hartmeier
2001-06-26rule nr is in rule nowNiels Provos
2001-06-26add rule nr for NielsDaniel Hartmeier
2001-06-26pass rule to logging for state matchesNiels Provos
2001-06-26log-all causes state matches to log packets to pflogNiels Provos
2001-06-26add rule pointer and log option to statesDaniel Hartmeier
2001-06-26get rid of another printfNiels Provos
2001-06-26use reasons in pull_hdr, default log if pull_hdr fails. okay deraadt@Niels Provos
2001-06-26no longer pass around **mTheo de Raadt
2001-06-26deal with NULL rule being passed to loggingNiels Provos
2001-06-26fix logging. the ip header is contained in the first mbuf. itojun and me.Niels Provos
2001-06-26forgot htonsNiels Provos
2001-06-26add a subreason to the link header to allow us to determine why a packet wasNiels Provos
2001-06-26allow 0.0.0.0/x in rulesPeter Stromberg
2001-06-26more suitable error values when DIOCSTART/STOP fail; peters@telia.netDaniel Hartmeier
2001-06-26no // commentsMarkus Friedl
2001-06-26avoid useless m_copybackJun-ichiro itojun Hagino
2001-06-26use m_copydata for 1st ip header too.Jun-ichiro itojun Hagino
2001-06-26avoid m_pulldown (and mbuf alloc/free).Jun-ichiro itojun Hagino
2001-06-26pass ip header offset to child functions. a preparation forJun-ichiro itojun Hagino
2001-06-26Replicated TCP sequence tracking code in PF from Guido's IPF paper.Mike Frantzen
2001-06-26sighNiels Provos
2001-06-26pflog_packet fails on NULL mbufNiels Provos
2001-06-26mea culpaDaniel Hartmeier
2001-06-25extend the logging via a new link header type. export interface, direction,Niels Provos
2001-06-25remaining lists converted to TAILQsDaniel Hartmeier