summaryrefslogtreecommitdiff
path: root/sys/net/pf.c
AgeCommit message (Expand)Author
2001-08-22Correct the setup of the intial TCP state window and pre-validate th_ackMike Frantzen
2001-08-22Fix panic in pf (was my fault) caused by a bad key compare optimizationMike Frantzen
2001-08-21KNFTheo de Raadt
2001-08-21Pass closing TCP connections through looser state machine (handle Solaris'Mike Frantzen
2001-08-19Add new ioctls for adding/removing RDR and NAT rules to/from the activeDaniel Hartmeier
2001-08-19Quick optimization of pf_tree_key_compare (should half the instruction count)Mike Frantzen
2001-08-19Make more money for mickey (count entire IP packets for statistics, not justDaniel Hartmeier
2001-08-19Yet another batch of improvements and un-fuckups to the TCP state code.Mike Frantzen
2001-08-19Add per-rule byte counter, so mickey can do accounting. We're counting theDaniel Hartmeier
2001-08-19Add per-rule statistics (number of evaluations and number of packets).Daniel Hartmeier
2001-08-19Unfuck some TCP state stuff that would drop the SYN|ACK.Mike Frantzen
2001-08-19Loosened TCP state code which should allow stupid stacks to shotgun theirMike Frantzen
2001-08-18Add new ioctl for adding/removing individual rules to/from the active rule set.Daniel Hartmeier
2001-08-18make pfctl -s state SCREAM; frantzen is now happyTheo de Raadt
2001-08-11Add support for ICMP errors referring to ICMP queries/replies. FixesDaniel Hartmeier
2001-08-01stateless tcp normalization along the lines of the normalization paper byNiels Provos
2001-07-30never before has a file so often deviated from KNFTheo de Raadt
2001-07-29Implement rule skipping. This is a transparent evaluation optimization,Daniel Hartmeier
2001-07-25nat proxy port randomization by ben fleis.Daniel Hartmeier
2001-07-21print additional debugging information for 'insert invalid' messages. occurs ...Daniel Hartmeier
2001-07-19Fix/complete the handling of the binary ops >< and <> to behaveKenneth R Westerback
2001-07-18fix pf_get_rdr() for single port (dport2 == 0) rules. found by lebel@.Daniel Hartmeier
2001-07-17normalize ip_off, make IP_DF stripping optional, return rst is a flag now.Niels Provos
2001-07-17split ip normalization out into a separate file, okay dhartmei@Niels Provos
2001-07-15increase src->state to 1 when creating state from intermediate (non-SYN) pack...Daniel Hartmeier
2001-07-14use int instead of signed char. doesn't use more memory (padding occurs) and ...Daniel Hartmeier
2001-07-13indent.Federico G. Schwindt
2001-07-13everytime i clean in here, i get a 250 line diff...Theo de Raadt
2001-07-11Simplify pf_pull_hdr(), don't use inner IP header's ip_len or ip_offDaniel Hartmeier
2001-07-09do compare in host order. found by millert@.Daniel Hartmeier
2001-07-09Extend nat/rdr syntax. Add source/destination selection. MakeDaniel Hartmeier
2001-07-07get rid of compiler warningMarco S Hyman
2001-07-06style change #2, avoid (a == b) == cDaniel Hartmeier
2001-07-06style change #1, avoid ternary operatorDaniel Hartmeier
2001-07-06theo requests less archaic styleChris Cappuccio
2001-07-06don't evaluate rules for packets that have state but mismatch seq range (coul...Daniel Hartmeier
2001-07-06Allow negative match on interface name for nat and rdrChris Cappuccio
2001-07-06some cleanup, okay dhartmei@Niels Provos
2001-07-05initalize fragment correctlyNiels Provos
2001-07-04call ip_output() correctly, use ICMP_MINLEN, only m_copyback() where needed. ...Daniel Hartmeier
2001-07-03grr, you guys keep not obeying KNFTheo de Raadt
2001-07-03add DIOCNATLOOK ioctl and pf_natlook structure, this enables a userlandBob Beck
2001-07-02another memory leakNiels Provos
2001-07-02fix memory leakNiels Provos
2001-07-01-WallDug Song
2001-07-01tag packets generated by pf (return-rst, return-icmp) so they are not filtere...Daniel Hartmeier
2001-07-01Add port ranges to the rdr directive. Connections can be redirectedKjell Wooding
2001-07-01for ICMP error messages refering to TCP packets, only use the first 8 bytes o...Daniel Hartmeier
2001-06-29Prepend pf_ to limit potential namespace problems, shorten some lines.Niklas Hallqvist
2001-06-29list instead of tailq for frents, use pool hardlimits, correctly freeNiels Provos