summaryrefslogtreecommitdiff
path: root/sys/net/pf.c
AgeCommit message (Collapse)Author
2001-06-27big KNFTheo de Raadt
2001-06-27remove unneccessary check in ioctlTheo de Raadt
2001-06-27typoDug Song
2001-06-27for other protocols, keep correct track of match statsNiels Provos
2001-06-27handle non-TCP/UDP/ICMP protocolsDug Song
2001-06-27remove print_ip, its unusedNiels Provos
2001-06-27clean up TAILQ usageNiels Provos
2001-06-27KNFNiels Provos
2001-06-27only set reason code match if there was a rule that we matchedNiels Provos
2001-06-26update match countsNiels Provos
2001-06-26name comparison operatorsDug Song
2001-06-26array of counters indexed by reason codesTheo de Raadt
2001-06-26rules have numbers now, use them. add two spl locks.Daniel Hartmeier
2001-06-26rule nr is in rule nowNiels Provos
2001-06-26add rule nr for NielsDaniel Hartmeier
2001-06-26pass rule to logging for state matchesNiels Provos
2001-06-26log-all causes state matches to log packets to pflogNiels Provos
2001-06-26add rule pointer and log option to statesDaniel Hartmeier
2001-06-26get rid of another printfNiels Provos
2001-06-26use reasons in pull_hdr, default log if pull_hdr fails. okay deraadt@Niels Provos
2001-06-26no longer pass around **mTheo de Raadt
2001-06-26deal with NULL rule being passed to loggingNiels Provos
2001-06-26fix logging. the ip header is contained in the first mbuf. itojun and me.Niels Provos
2001-06-26forgot htonsNiels Provos
2001-06-26add a subreason to the link header to allow us to determine why a packet wasNiels Provos
dropped or passed. from discussion with theo and me.
2001-06-26allow 0.0.0.0/x in rulesPeter Stromberg
2001-06-26more suitable error values when DIOCSTART/STOP fail; peters@telia.netDaniel Hartmeier
2001-06-26no // commentsMarkus Friedl
2001-06-26avoid useless m_copybackJun-ichiro itojun Hagino
2001-06-26use m_copydata for 1st ip header too.Jun-ichiro itojun Hagino
2001-06-26avoid m_pulldown (and mbuf alloc/free).Jun-ichiro itojun Hagino
- copy the data content of mbuf to local data structure by m_copydata. - if we did any NAT operation, copy the updated content back by m_copyback. XXX PFLOG_PACKET will now log the original packet, before the NAT. is it correct? XXX does not do m_copyback on PF_DROP case. is it okay?
2001-06-26pass ip header offset to child functions. a preparation forJun-ichiro itojun Hagino
m_pulldown -> m_copydata transition.
2001-06-26Replicated TCP sequence tracking code in PF from Guido's IPF paper.Mike Frantzen
2001-06-26sighNiels Provos
2001-06-26pflog_packet fails on NULL mbufNiels Provos
2001-06-26mea culpaDaniel Hartmeier
2001-06-25extend the logging via a new link header type. export interface, direction,Niels Provos
action and rule nr.
2001-06-25remaining lists converted to TAILQsDaniel Hartmeier
2001-06-25use TAILQ instead of homegrown list, other lists will followDaniel Hartmeier
2001-06-25first stab at packet logging for pf. inspired by late night dreams of art.Niels Provos
we just pass drop and passed packets to different pseudo interface that can be listened to with bpf.
2001-06-25Unnecessary gotos.Artur Grabowski
2001-06-25Rework COMMITRULES.Artur Grabowski
First we swap in the new rules, then we free the old (freeing can be done outside splnet).
2001-06-25revised ioctl interface, first getopt version of pfctlDaniel Hartmeier
2001-06-25display correct direction in logjasoni
2001-06-25Rename the rest of the structs to be consistent.Artur Grabowski
2001-06-25fix -> cksum_fixupArtur Grabowski
2001-06-25No c++ comments.Artur Grabowski
2001-06-25Even more global variables with too common names.Artur Grabowski
2001-06-25More renaming.Artur Grabowski
2001-06-25Avoid common names. Needs more work.Artur Grabowski
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-28 07:00:11 +0000