summaryrefslogtreecommitdiff
path: root/sys/net/pf.c
AgeCommit message (Expand)Author
2015-09-01- route-to, dup-to, reply-to should not override the block actionAlexandr Nedvedicky
2015-08-19PF must keep IPv6 fragment size as chosen by sender also for packets,Alexandr Nedvedicky
2015-07-21- added /* FALLTHROUGH */ comments, typecasts (u_int32_t)-1, ...Alexandr Nedvedicky
2015-07-20Add some panics to default paths where code later assumes a non defaultJonathan Gray
2015-07-20INET6 is here to stay, so stop hauling around never-compiled codeRyan Thomas McBride
2015-07-19rule_item might leak, when pf_create_state() failssashan
2015-07-19unsinged variables should not be compared to be leq than 0 (unsigned a <= 0)sashan
2015-07-19unused arguments at pf_normalize_tcp_init() and pf_refragment6()sashan
2015-07-18pf_send_tcp() should also use unhandled_af()sashan
2015-07-18msg.mpisashan
2015-07-18Even if pf(4) is not compiled with SMALL_KERNEL add a define aroundMartin Pieuchot
2015-07-18INET/INET6 address family check should be unified in PFsashan
2015-07-17remove obsolete INET kernel optionTed Unangst
2015-07-16Kill IP_ROUTETOETHER.Martin Pieuchot
2015-07-16Expand ancient NTOHL/NTOHS/HTONS/HTONL macros.Martin Pieuchot
2015-07-08Linking the local socket to pf states went wrong when IPsec wasAlexander Bluhm
2015-06-30Get rid of the undocumented & temporary* m_copy() macro added forMartin Pieuchot
2015-06-22Increment rule counters only after successful state insertionMike Belopuhov
2015-06-16Store a unique ID, an interface index, rather than a pointer to theMartin Pieuchot
2015-06-07Introduce unhandled_af() for cases where code conditionally doesJonathan Gray
2015-06-05Improve error handling and recovery during state insertionMike Belopuhov
2015-05-26Don't create ICMP states on reply packets unless tracking states sloppyMike Belopuhov
2015-05-22Cut down on if statements around pf_icmp_state_lookupMike Belopuhov
2015-05-22Cleanup leftover PF_ICMP_MULTI_* code that is not needed anymore.Mike Belopuhov
2015-05-11fix a potential use-after-free in pf_state_rm_src_nodeHenning Brauer
2015-04-17Stubs and support code for NIC-enabled IPsec bite the dust.Mike Belopuhov
2015-04-11the hfsc pools are only used in hfsc.c, so move the init of themDavid Gwynne
2015-04-08Destination table needs it's own negation flag passed to the pfr_update_stats.Mike Belopuhov
2015-03-18remove the congestion handling from struct ifqueue.David Gwynne
2015-03-16When state creations happen in short term by outgoing packets of oneYASUOKA Masahiko
2015-03-14Remove some includes include-what-you-use claims don'tJonathan Gray
2015-02-14Rather than using 0xff as a placeholder for "don't check prio", use 0xff toStuart Henderson
2015-02-12change log(matches) semantics slightly to make it more useful. since itHenning Brauer
2015-02-10include the "set prio" values.Henning Brauer
2015-02-10since we inherit prio (as in, the queuing priority) from outside sources,Henning Brauer
2015-02-09correctly reset max_win if the SYN-ACK lacks a wscale option. pfMarkus Friedl
2015-02-07pf synproxy will do the 3WHS on behalf of the target machine, and onceHenning Brauer
2015-02-05Make sure pf(4) does not see embedded scopes.Martin Pieuchot
2015-01-24Userland (base & ports) was adapted to always include <netinet/in.h>Theo de Raadt
2014-12-19unifdef INET in net code as a precursor to removing the pretend option.Ted Unangst
2014-12-11Do not use "struct route" when it is not necessary.Martin Pieuchot
2014-11-20Rework the handling of interfaces and IPv6 addresses for local delivery.Martin Pieuchot
2014-11-18move arc4random prototype to systm.h. more appropriate for most codeTed Unangst
2014-11-16remove now unnecessary casts from hash update calls.Ted Unangst
2014-11-16convert to use sha512 for pf iss. ok deraadt dlgTed Unangst
2014-11-16mix the rdomain (rtable?) into the hash for tcp iss generation.David Gwynne
2014-11-11Ask networking stack to recalculate the ICMPv6 checksum in pf_route6Mike Belopuhov
2014-11-01Rename rtalloc1() into rtalloc(9) and convert its flags to only enableMartin Pieuchot
2014-10-14Use rtfree() instead of RTFREE(), NULLify some free'd route pointers andMartin Pieuchot
2014-10-08Use rtalloc1() instead of rtalloc_noclone().Martin Pieuchot