Age | Commit message (Expand) | Author |
2015-09-01 | - route-to, dup-to, reply-to should not override the block action | Alexandr Nedvedicky |
2015-08-19 | PF must keep IPv6 fragment size as chosen by sender also for packets, | Alexandr Nedvedicky |
2015-07-21 | - added /* FALLTHROUGH */ comments, typecasts (u_int32_t)-1, ... | Alexandr Nedvedicky |
2015-07-20 | Add some panics to default paths where code later assumes a non default | Jonathan Gray |
2015-07-20 | INET6 is here to stay, so stop hauling around never-compiled code | Ryan Thomas McBride |
2015-07-19 | rule_item might leak, when pf_create_state() fails | sashan |
2015-07-19 | unsinged variables should not be compared to be leq than 0 (unsigned a <= 0) | sashan |
2015-07-19 | unused arguments at pf_normalize_tcp_init() and pf_refragment6() | sashan |
2015-07-18 | pf_send_tcp() should also use unhandled_af() | sashan |
2015-07-18 | msg.mpi | sashan |
2015-07-18 | Even if pf(4) is not compiled with SMALL_KERNEL add a define around | Martin Pieuchot |
2015-07-18 | INET/INET6 address family check should be unified in PF | sashan |
2015-07-17 | remove obsolete INET kernel option | Ted Unangst |
2015-07-16 | Kill IP_ROUTETOETHER. | Martin Pieuchot |
2015-07-16 | Expand ancient NTOHL/NTOHS/HTONS/HTONL macros. | Martin Pieuchot |
2015-07-08 | Linking the local socket to pf states went wrong when IPsec was | Alexander Bluhm |
2015-06-30 | Get rid of the undocumented & temporary* m_copy() macro added for | Martin Pieuchot |
2015-06-22 | Increment rule counters only after successful state insertion | Mike Belopuhov |
2015-06-16 | Store a unique ID, an interface index, rather than a pointer to the | Martin Pieuchot |
2015-06-07 | Introduce unhandled_af() for cases where code conditionally does | Jonathan Gray |
2015-06-05 | Improve error handling and recovery during state insertion | Mike Belopuhov |
2015-05-26 | Don't create ICMP states on reply packets unless tracking states sloppy | Mike Belopuhov |
2015-05-22 | Cut down on if statements around pf_icmp_state_lookup | Mike Belopuhov |
2015-05-22 | Cleanup leftover PF_ICMP_MULTI_* code that is not needed anymore. | Mike Belopuhov |
2015-05-11 | fix a potential use-after-free in pf_state_rm_src_node | Henning Brauer |
2015-04-17 | Stubs and support code for NIC-enabled IPsec bite the dust. | Mike Belopuhov |
2015-04-11 | the hfsc pools are only used in hfsc.c, so move the init of them | David Gwynne |
2015-04-08 | Destination table needs it's own negation flag passed to the pfr_update_stats. | Mike Belopuhov |
2015-03-18 | remove the congestion handling from struct ifqueue. | David Gwynne |
2015-03-16 | When state creations happen in short term by outgoing packets of one | YASUOKA Masahiko |
2015-03-14 | Remove some includes include-what-you-use claims don't | Jonathan Gray |
2015-02-14 | Rather than using 0xff as a placeholder for "don't check prio", use 0xff to | Stuart Henderson |
2015-02-12 | change log(matches) semantics slightly to make it more useful. since it | Henning Brauer |
2015-02-10 | include the "set prio" values. | Henning Brauer |
2015-02-10 | since we inherit prio (as in, the queuing priority) from outside sources, | Henning Brauer |
2015-02-09 | correctly reset max_win if the SYN-ACK lacks a wscale option. pf | Markus Friedl |
2015-02-07 | pf synproxy will do the 3WHS on behalf of the target machine, and once | Henning Brauer |
2015-02-05 | Make sure pf(4) does not see embedded scopes. | Martin Pieuchot |
2015-01-24 | Userland (base & ports) was adapted to always include <netinet/in.h> | Theo de Raadt |
2014-12-19 | unifdef INET in net code as a precursor to removing the pretend option. | Ted Unangst |
2014-12-11 | Do not use "struct route" when it is not necessary. | Martin Pieuchot |
2014-11-20 | Rework the handling of interfaces and IPv6 addresses for local delivery. | Martin Pieuchot |
2014-11-18 | move arc4random prototype to systm.h. more appropriate for most code | Ted Unangst |
2014-11-16 | remove now unnecessary casts from hash update calls. | Ted Unangst |
2014-11-16 | convert to use sha512 for pf iss. ok deraadt dlg | Ted Unangst |
2014-11-16 | mix the rdomain (rtable?) into the hash for tcp iss generation. | David Gwynne |
2014-11-11 | Ask networking stack to recalculate the ICMPv6 checksum in pf_route6 | Mike Belopuhov |
2014-11-01 | Rename rtalloc1() into rtalloc(9) and convert its flags to only enable | Martin Pieuchot |
2014-10-14 | Use rtfree() instead of RTFREE(), NULLify some free'd route pointers and | Martin Pieuchot |
2014-10-08 | Use rtalloc1() instead of rtalloc_noclone(). | Martin Pieuchot |