Age | Commit message (Expand) | Author |
2001-08-22 | Correct the setup of the intial TCP state window and pre-validate th_ack | Mike Frantzen |
2001-08-22 | Fix panic in pf (was my fault) caused by a bad key compare optimization | Mike Frantzen |
2001-08-21 | KNF | Theo de Raadt |
2001-08-21 | Pass closing TCP connections through looser state machine (handle Solaris' | Mike Frantzen |
2001-08-19 | Add new ioctls for adding/removing RDR and NAT rules to/from the active | Daniel Hartmeier |
2001-08-19 | Quick optimization of pf_tree_key_compare (should half the instruction count) | Mike Frantzen |
2001-08-19 | Make more money for mickey (count entire IP packets for statistics, not just | Daniel Hartmeier |
2001-08-19 | Yet another batch of improvements and un-fuckups to the TCP state code. | Mike Frantzen |
2001-08-19 | Add per-rule byte counter, so mickey can do accounting. We're counting the | Daniel Hartmeier |
2001-08-19 | Add per-rule statistics (number of evaluations and number of packets). | Daniel Hartmeier |
2001-08-19 | Unfuck some TCP state stuff that would drop the SYN|ACK. | Mike Frantzen |
2001-08-19 | Loosened TCP state code which should allow stupid stacks to shotgun their | Mike Frantzen |
2001-08-18 | Add new ioctl for adding/removing individual rules to/from the active rule set. | Daniel Hartmeier |
2001-08-18 | make pfctl -s state SCREAM; frantzen is now happy | Theo de Raadt |
2001-08-11 | Add support for ICMP errors referring to ICMP queries/replies. Fixes | Daniel Hartmeier |
2001-08-01 | stateless tcp normalization along the lines of the normalization paper by | Niels Provos |
2001-07-30 | never before has a file so often deviated from KNF | Theo de Raadt |
2001-07-29 | Implement rule skipping. This is a transparent evaluation optimization, | Daniel Hartmeier |
2001-07-25 | nat proxy port randomization by ben fleis. | Daniel Hartmeier |
2001-07-21 | print additional debugging information for 'insert invalid' messages. occurs ... | Daniel Hartmeier |
2001-07-19 | Fix/complete the handling of the binary ops >< and <> to behave | Kenneth R Westerback |
2001-07-18 | fix pf_get_rdr() for single port (dport2 == 0) rules. found by lebel@. | Daniel Hartmeier |
2001-07-17 | normalize ip_off, make IP_DF stripping optional, return rst is a flag now. | Niels Provos |
2001-07-17 | split ip normalization out into a separate file, okay dhartmei@ | Niels Provos |
2001-07-15 | increase src->state to 1 when creating state from intermediate (non-SYN) pack... | Daniel Hartmeier |
2001-07-14 | use int instead of signed char. doesn't use more memory (padding occurs) and ... | Daniel Hartmeier |
2001-07-13 | indent. | Federico G. Schwindt |
2001-07-13 | everytime i clean in here, i get a 250 line diff... | Theo de Raadt |
2001-07-11 | Simplify pf_pull_hdr(), don't use inner IP header's ip_len or ip_off | Daniel Hartmeier |
2001-07-09 | do compare in host order. found by millert@. | Daniel Hartmeier |
2001-07-09 | Extend nat/rdr syntax. Add source/destination selection. Make | Daniel Hartmeier |
2001-07-07 | get rid of compiler warning | Marco S Hyman |
2001-07-06 | style change #2, avoid (a == b) == c | Daniel Hartmeier |
2001-07-06 | style change #1, avoid ternary operator | Daniel Hartmeier |
2001-07-06 | theo requests less archaic style | Chris Cappuccio |
2001-07-06 | don't evaluate rules for packets that have state but mismatch seq range (coul... | Daniel Hartmeier |
2001-07-06 | Allow negative match on interface name for nat and rdr | Chris Cappuccio |
2001-07-06 | some cleanup, okay dhartmei@ | Niels Provos |
2001-07-05 | initalize fragment correctly | Niels Provos |
2001-07-04 | call ip_output() correctly, use ICMP_MINLEN, only m_copyback() where needed. ... | Daniel Hartmeier |
2001-07-03 | grr, you guys keep not obeying KNF | Theo de Raadt |
2001-07-03 | add DIOCNATLOOK ioctl and pf_natlook structure, this enables a userland | Bob Beck |
2001-07-02 | another memory leak | Niels Provos |
2001-07-02 | fix memory leak | Niels Provos |
2001-07-01 | -Wall | Dug Song |
2001-07-01 | tag packets generated by pf (return-rst, return-icmp) so they are not filtere... | Daniel Hartmeier |
2001-07-01 | Add port ranges to the rdr directive. Connections can be redirected | Kjell Wooding |
2001-07-01 | for ICMP error messages refering to TCP packets, only use the first 8 bytes o... | Daniel Hartmeier |
2001-06-29 | Prepend pf_ to limit potential namespace problems, shorten some lines. | Niklas Hallqvist |
2001-06-29 | list instead of tailq for frents, use pool hardlimits, correctly free | Niels Provos |