summaryrefslogtreecommitdiff
path: root/sys/net/pf.c
AgeCommit message (Expand)Author
2004-01-06Drop UDP packets with destination port 0, or zero or oversized payloadDaniel Hartmeier
2004-01-050 -> (void *)NULL for last argument of icmp_error(), which is of typeDaniel Hartmeier
2004-01-04better macro name (IF_LOCKED -> BOUND_IFACE). from markus.Cedric Berger
2003-12-31spacing. note this, cedricTheo de Raadt
2003-12-31Many improvements to the handling of interfaces in PF.Cedric Berger
2003-12-19i wrote much of these, assert my copyrightHenning Brauer
2003-12-18resolve compiler warnings, from Pyun YongHyeon, ok cedric@, mcbride@Daniel Hartmeier
2003-12-15ryan left a few for me ;-)Henning Brauer
2003-12-15Fix whitespace screwups before henning wakes up.Ryan Thomas McBride
2003-12-15Add initial support for pf state synchronization over the network.Ryan Thomas McBride
2003-12-15Add support to track stateful connections by source ip. This allows usRyan Thomas McBride
2003-12-12Move PF interface code to new net/pf_if.cCedric Berger
2003-12-11Fix PR3587 and other related problems with NAT and table stats.Cedric Berger
2003-12-08Mbuf tag tcp and udp packets which are translated to localhost, andRyan Thomas McBride
2003-11-28More pf stats fixups:Ryan Thomas McBride
2003-11-21Remove redundant arguments to pf_sockaddr_lookup(); proto and af are alreadyRyan Thomas McBride
2003-11-21Remove unused "ipoff" arguments.Ryan Thomas McBride
2003-11-16pf_test() and pf_test6() consistency:Ryan Thomas McBride
2003-11-09remove stale forward declarationDaniel Hartmeier
2003-11-04add in(6)_pcblookup_listen() and replace all calls to in_pcblookup()Markus Friedl
2003-11-03pf_route() can change output NIC, so we need to check its capabilities.Cedric Berger
2003-10-31Remove remenants of pf_tree stuff that I missed.Ryan Thomas McBride
2003-10-29fix binat for incoming connections when a netblock (not just a singleDaniel Hartmeier
2003-10-25Build state search indexes directly on pf_state instead of pf_tree_node.Ryan Thomas McBride
2003-10-10make sure pd is initialized before use (or byte counters may increaseDaniel Hartmeier
2003-10-02correct endian handling of ip->ip_off.Jun-ichiro itojun Hagino
2003-09-26Rearchitecture of the userland/kernel IOCTL interface for transactions.Cedric Berger
2003-09-26Move statistics counters from individual pf_test_<proto>() andRyan Thomas McBride
2003-09-24Remove state setup no-ops.Ryan Thomas McBride
2003-09-01KNFHenning Brauer
2003-09-01Make nat rule update the table counters when no filtering rule is used.Cedric Berger
2003-08-28fix "pfctl -vvsr" output for rules with tables inside anchors.Cedric Berger
2003-08-21Add Michal Zalewski's p0f v2 style passive OS fingerprinting to PF.Mike Frantzen
2003-08-18prevent looutput() feedback of broadcast/multicast packets if they areDaniel Hartmeier
2003-08-17Missing break, change NULL -> 0 for int parameter (no functionalDaniel Hartmeier
2003-08-14m_copyback()'s 4th arg is const void *, nuke (caddr_t) casts.Jason Wright
2003-08-09This patch remove the restriction that tables cannot be used in routing orCedric Berger
2003-08-07make pf_match take u_int32_t instead of u_int16_tHenning Brauer
2003-07-29Set pf_state->rt_ifp when creating the state entry, instead of doing itDaniel Hartmeier
2003-07-29More aggressive and easier to understand skip steps for addresses.Cedric Berger
2003-07-19Simplify struct pf_pooladdr to include struct pf_addr_wrap directlyCedric Berger
2003-07-12Remove two htons(), which were meant as ntohs(), and are wrong sinceDaniel Hartmeier
2003-07-09do not flip ip_len/ip_off in netinet stack. deraadt ok.Jun-ichiro itojun Hagino
2003-07-04cosmetic changes to keep the different code paths in sync; ok henningMarkus Friedl
2003-07-04-add a "natpass" field to pf_ruleHenning Brauer
2003-07-04bad redundant copy; ok danielMarkus Friedl
2003-06-29normalize IPv6 packet (no reass, but it is a start). dhartmei & henning okJun-ichiro itojun Hagino
2003-06-29unused global. dhartmei okJun-ichiro itojun Hagino
2003-06-28remove duplicated prototype (they are in pfvar.h). dhartmei okJun-ichiro itojun Hagino
2003-06-24in the ipv6 case, allow route-to to route to link-local addressesHenning Brauer