Age | Commit message (Expand) | Author |
2005-04-15 | Try this again. | Joel Knight |
2005-04-14 | back out last, some breakage crept in | Henning Brauer |
2005-04-14 | When synproxy sends packets to the destination host, make sure to copy | Joel Knight |
2005-03-15 | byte order of mss, only affects synproxy code path, from John L. Scarfone | Daniel Hartmeier |
2005-03-04 | add state's tag for IPv6, too. spotted by markus@ | Daniel Hartmeier |
2005-03-03 | when tagging, apply the same tag to all packets matching a state entry | Daniel Hartmeier |
2005-02-27 | support 'tagged' in translation rules, non-delayed tag lookup | Daniel Hartmeier |
2005-01-30 | Add some more reason counters and use them instead of overloading the | Daniel Hartmeier |
2005-01-20 | Use the packet's address family instead of the rule's when selecting a | Daniel Hartmeier |
2005-01-07 | Make carp(4) traffic always appear on the physical (carpdev) interface | Ryan Thomas McBride |
2004-12-22 | Introduce 'set skip on <ifspec>' to support a list of interfaces where no | Daniel Hartmeier |
2004-12-17 | ICMP state entries use the ICMP ID as port for the unique state key. When | Daniel Hartmeier |
2004-12-14 | Initialise init_addr in pf_map_addr() in the PF_POOL_ROUNDROBIN, | Ryan Thomas McBride |
2004-12-11 | Handle errors in pf_route{,6} more gracefully. | Marco Pfatschbacher |
2004-12-10 | allow pf to filter on route labels | Henning Brauer |
2004-12-07 | KNF | Ryan Thomas McBride |
2004-12-07 | re-commit mcbride@'s 'flush global', this time without the breakage in | Daniel Hartmeier |
2004-12-07 | tree does not compile, spotted by dlg (not obvious how to fix) | Theo de Raadt |
2004-12-07 | Change the default for 'overload <table> flush' to flush only states from the | Ryan Thomas McBride |
2004-12-06 | support max-src-conn-rate with synproxy, ok mcbride@ | Daniel Hartmeier |
2004-12-05 | IPv6 packets can contain headers (like options) before the TCP/UDP/ICMP6 | Daniel Hartmeier |
2004-12-04 | Add kernel code to keep track of tcp connections which have completed | Ryan Thomas McBride |
2004-11-24 | fix a bug that leads to a crash when binat rules of the form | Daniel Hartmeier |
2004-11-19 | remove superfluous m_tag_copy/m_tag_prepend, already covered by m_copym2() | Daniel Hartmeier |
2004-11-12 | The flag to re-filter pf-generated packets was set wrong by synproxy | Daniel Hartmeier |
2004-11-07 | For RST generated due to state mismatch during handshake, don't set | Daniel Hartmeier |
2004-09-29 | reset anchor pointer to NULL when stepping back into the main ruleset, | Daniel Hartmeier |
2004-09-20 | pf_routable(), used for the no-route keyword, was a v4 only implementation, | Henning Brauer |
2004-09-17 | Clean up reference counting wrt state creation and destruction. Fixes | Ryan Thomas McBride |
2004-07-11 | backout IPv6 reass-on-scrub patch (more work needs to be done). | Jun-ichiro itojun Hagino |
2004-06-25 | correct "scrub in" behavior for IPv6. | Jun-ichiro itojun Hagino |
2004-06-25 | IPv6 reassembly on "scrub" directive. | Jun-ichiro itojun Hagino |
2004-06-22 | Pull the plug on source-based routing until remaining bugs are eradicated. | Cedric Berger |
2004-06-21 | First step towards more sane time handling in the kernel -- this changes | Thorsten Lockert |
2004-06-21 | Get rid of pf_test_eh() wrapper. | Ryan Thomas McBride |
2004-06-10 | rename struct pf_rule_addr member 'not' to 'neg', as 'not' is a reserved | Daniel Hartmeier |
2004-06-06 | extend routing table to be able to match and route packets based on | Cedric Berger |
2004-05-19 | Allow recursive anchors (anchors within anchors, up to 64 | Daniel Hartmeier |
2004-05-11 | pf_cksum_fixup() was called without last argument from normalization, | Daniel Hartmeier |
2004-05-11 | change pf_route() loop detection: introduce a counter (number of times | Daniel Hartmeier |
2004-05-05 | Use RFC1323 PAWS timestamps as a logical extension to the conventional TCP | Mike Frantzen |
2004-04-28 | make return-rst work on pure bridges. ok dhartmei@ henning@ mcbride@ | Cedric Berger |
2004-04-28 | Dont step into INET6 code, just because af != AF_INET | Philipp Buehler |
2004-04-27 | validate the sequence numbers on TCP resets are an exact match. check is only | Mike Frantzen |
2004-04-26 | Prevent biases in arc4random() from disclosing the byte order of the firewall. | Ryan Thomas McBride |
2004-04-26 | anchor refcounting. ok dhartmei@ mcbride@ | Cedric Berger |
2004-04-25 | prevent an endless loop with route-to lo0, fixes PR 3736, | Daniel Hartmeier |
2004-04-25 | get rid of a complete state tree walk at state expire while in splnet() | Philipp Buehler |
2004-04-25 | sync 'other' in test6, too. | Philipp Buehler |
2004-04-25 | don't add PF_GENERATED tag to synproxy generated packets for the second | Daniel Hartmeier |