summaryrefslogtreecommitdiff
path: root/sys/net/pf.c
AgeCommit message (Expand)Author
2004-06-22Pull the plug on source-based routing until remaining bugs are eradicated.Cedric Berger
2004-06-21First step towards more sane time handling in the kernel -- this changesThorsten Lockert
2004-06-21Get rid of pf_test_eh() wrapper.Ryan Thomas McBride
2004-06-10rename struct pf_rule_addr member 'not' to 'neg', as 'not' is a reservedDaniel Hartmeier
2004-06-06extend routing table to be able to match and route packets based onCedric Berger
2004-05-19Allow recursive anchors (anchors within anchors, up to 64Daniel Hartmeier
2004-05-11pf_cksum_fixup() was called without last argument from normalization,Daniel Hartmeier
2004-05-11change pf_route() loop detection: introduce a counter (number of timesDaniel Hartmeier
2004-05-05Use RFC1323 PAWS timestamps as a logical extension to the conventional TCPMike Frantzen
2004-04-28make return-rst work on pure bridges. ok dhartmei@ henning@ mcbride@Cedric Berger
2004-04-28Dont step into INET6 code, just because af != AF_INETPhilipp Buehler
2004-04-27validate the sequence numbers on TCP resets are an exact match. check is onlyMike Frantzen
2004-04-26Prevent biases in arc4random() from disclosing the byte order of the firewall.Ryan Thomas McBride
2004-04-26anchor refcounting. ok dhartmei@ mcbride@Cedric Berger
2004-04-25prevent an endless loop with route-to lo0, fixes PR 3736,Daniel Hartmeier
2004-04-25get rid of a complete state tree walk at state expire while in splnet()Philipp Buehler
2004-04-25sync 'other' in test6, too.Philipp Buehler
2004-04-25don't add PF_GENERATED tag to synproxy generated packets for the secondDaniel Hartmeier
2004-04-24Add "probability xxx" rule modifier. ok deraadt@Cedric Berger
2004-04-17when the input queue congestion flag is set stop evaluating the rulesetHenning Brauer
2004-04-05make pftag ** (pass pointer by reference), otherwise it's never updated.Daniel Hartmeier
2004-03-26Properly m_copyback() modified TCP sequence number after demodulationDaniel Hartmeier
2004-03-25Fix icmp checksum when sequence number modlation is being used.Ryan Thomas McBride
2004-03-22Support for best effort bulk transfers of states when pfsync syncif isRyan Thomas McBride
2004-03-11Don't call pf_src_tree_remove_state() on error in pf_insert_state(),Ryan Thomas McBride
2004-03-09KNF, ok cedric@ deraadt@Ryan Thomas McBride
2004-02-24Remove redundant logging from pf_test_other().Ryan Thomas McBride
2004-02-24KNFRyan Thomas McBride
2004-02-20Make pfsync deal with clearing states bound to a group or interface (egRyan Thomas McBride
2004-02-19the 2nd round of the qid assignment change.Kenjiro Cho
2004-02-10KNFDaniel Hartmeier
2004-02-10plug mbuf leak (ip_fragment() always free mbuf on error). tested by cedric,Jun-ichiro itojun Hagino
2004-02-10KNFHenning Brauer
2004-02-04Fix a number of bugs with setting pool limits which I introduced withRyan Thomas McBride
2004-02-02Do not evaluate pfi_index2kif[ifp->if_index] if PF is disabled.Cedric Berger
2004-01-27drop packet if kif == NULL; ok henning deraadtMarkus Friedl
2004-01-06Drop UDP packets with destination port 0, or zero or oversized payloadDaniel Hartmeier
2004-01-050 -> (void *)NULL for last argument of icmp_error(), which is of typeDaniel Hartmeier
2004-01-04better macro name (IF_LOCKED -> BOUND_IFACE). from markus.Cedric Berger
2003-12-31spacing. note this, cedricTheo de Raadt
2003-12-31Many improvements to the handling of interfaces in PF.Cedric Berger
2003-12-19i wrote much of these, assert my copyrightHenning Brauer
2003-12-18resolve compiler warnings, from Pyun YongHyeon, ok cedric@, mcbride@Daniel Hartmeier
2003-12-15ryan left a few for me ;-)Henning Brauer
2003-12-15Fix whitespace screwups before henning wakes up.Ryan Thomas McBride
2003-12-15Add initial support for pf state synchronization over the network.Ryan Thomas McBride
2003-12-15Add support to track stateful connections by source ip. This allows usRyan Thomas McBride
2003-12-12Move PF interface code to new net/pf_if.cCedric Berger
2003-12-11Fix PR3587 and other related problems with NAT and table stats.Cedric Berger
2003-12-08Mbuf tag tcp and udp packets which are translated to localhost, andRyan Thomas McBride