summaryrefslogtreecommitdiff
path: root/sys/net/pf.c
AgeCommit message (Expand)Author
2002-06-14spelling; from Brian Poole <raj@cerias.purdue.edu>Todd T. Fries
2002-06-11enumerate UDP and OTHER state levels (similar to tcp_fsm.h)Mike Frantzen
2002-06-11Make NAT proxy port range configurable per rule, for instance privilegedDaniel Hartmeier
2002-06-11Don't panic when pf_insert_state() detects an attempt to insert aDaniel Hartmeier
2002-06-11KNF return x -> return (x), ok frantzen@Daniel Hartmeier
2002-06-10Allow ports to be specified in nat rules, useful later on for individualDaniel Hartmeier
2002-06-10Don't #include <sys/malloc.h>Daniel Hartmeier
2002-06-09Make pf_nat.saddr/daddr a pf_rule_addr instead of pf_addr_wrap, so itDaniel Hartmeier
2002-06-09reapply patch from jasoni@ for ICMP6_PACKET_TOO_BIGPhilipp Buehler
2002-06-09reapply patch from jasoni@ for pf_route[6]Philipp Buehler
2002-06-09split ioctl functions out of pf.c into pf_ioctl.cPhilipp Buehler
2002-06-09uncommit, broken (by corrupt diff)Philipp Buehler
2002-06-09new file sys/net/pf_ioctl.cPhilipp Buehler
2002-06-09increment ifs6_in_toobig if ipv6 packet too large for interface injasoni
2002-06-09in pf_route{6}, if too large for outgoing interface and not allowed tojasoni
2002-06-08Make state timeouts configurable per rule, likeDaniel Hartmeier
2002-06-07add the possibility to configure a TTL while return-rstPhilipp Buehler
2002-06-07in pf_route{6}, do not pass thru pf_test again if the outgoingjasoni
2002-06-07Add "(max <number>)" option for "keep/modulate state" to limit the numberDaniel Hartmeier
2002-06-07switch from AVL tree's to herr Provos' red-black treesMike Frantzen
2002-06-07Call pf_test() from pf_route() to filter (and translate) routed packets,Daniel Hartmeier
2002-06-07sync behaviour about DF bit between ip_output()/tcp_response()Philipp Buehler
2002-06-01ECN flag support for pf. Committed in consultation with Daniel.Hugh Graham
2002-05-31respect rmx_mtu (cached PMTUD result) on outbound. deraadt/angelos okJun-ichiro itojun Hagino
2002-05-31KNFTheo de Raadt
2002-05-28remove duplicated fragmentation code in favour of ip_fragment()..jasoni
2002-05-19KNF againTheo de Raadt
2002-05-12correct AH header chasing. ok dhartmei@openbsdJun-ichiro itojun Hagino
2002-05-12Add gid based filtering, reduce to one (effective) uid, rename parserDaniel Hartmeier
2002-05-09Introduce user based filtering. Rules can specify ruid and euid (real andDaniel Hartmeier
2002-05-05Instead of returning a useless kernel space pointer for the rule thatDaniel Hartmeier
2002-04-24Add dynamic (in-kernel) interface name -> address translation. Instead ofDaniel Hartmeier
2002-04-23Allow explicit filtering of fragments when they are not reassembled.Daniel Hartmeier
2002-04-20All calls to pool_get(9) should use PR_xx flags, not M_xx.Federico G. Schwindt
2002-04-08Credit DARPA/USAF appropriately.Jason Wright
2002-03-31Use ip_defttl as ttl for return-rst instead of an arbitrary hardcodedDaniel Hartmeier
2002-03-30Initialize sequence number high limit from 1 to the real value with theDaniel Hartmeier
2002-03-27implement a "no-route" keyword.Michael Shalayeff
2002-03-26Change default logging level from none to urgent. Should never printDaniel Hartmeier
2002-03-25Ignore 'keep state' for ICMP errors whose inner headers mismatch stateDaniel Hartmeier
2002-03-25add ioctl DIOCKILLSTATES to shootdown a subset of the state table. allowsMike Frantzen
2002-03-08Fix arc4random() usage; add more randomness to pf_get_sport().Mike Pechkin
2002-02-26Add optional pool memory hard limits, mainly as temporary solutionDaniel Hartmeier
2002-02-23Pools that are only used in the ioctls can use the nointr allocator.Artur Grabowski
2002-02-17Calculate IP checksum and copyback modified headers before logging aDaniel Hartmeier
2002-02-15pf only uses seconds for time measuring. There is no need to call microtimeArtur Grabowski
2002-02-14KNFTheo de Raadt
2002-02-14Add skip steps for rule action (pass/block vs. scrub) and directionDaniel Hartmeier
2002-02-11Remove unused function prototype, from Jason IshDaniel Hartmeier
2002-02-11Remove ancient comment regarding memcmp(), from Jason IshDaniel Hartmeier
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-03 01:45:28 +0000