Age | Commit message (Expand) | Author |
2007-10-25 | Fix probability rules w/ numbers (e.g probability 0.4). | Marco Pfatschbacher |
2007-09-18 | allow state reuse for tcp if both sides are in FIN_WAIT_2 and a new SYN | Markus Friedl |
2007-09-07 | Do not recalculate TCP payload length in pf_test_rule() as it has | Alexander Bluhm |
2007-08-30 | mechanic change: | Henning Brauer |
2007-08-30 | handle address ranges in skip step calculation | Daniel Hartmeier |
2007-08-30 | add support for address ranges ("from 10.1.2.50 - 10.1.3.75") in from/to | Daniel Hartmeier |
2007-08-28 | showing this diff is shameful... | Henning Brauer |
2007-08-23 | allow RSTs with th_seq == seqlo +- 1, reduces the amount of 'loose state' | Daniel Hartmeier |
2007-08-21 | don't access th_flags when it isn't available (only 8 bytes of the | Daniel Hartmeier |
2007-07-18 | Don't drop outgoing packets in case of a congested input queue. | Marco Pfatschbacher |
2007-07-10 | adjust pf_find_state_all() so that it works correctly for the new global | Kurt Miller |
2007-07-04 | No m_copyback for ICMP and "other" protocols on rdr/binat. | Marco Pfatschbacher |
2007-06-25 | pretty mechanical change: now that the state tables use seperate state | Henning Brauer |
2007-06-24 | Save some bytes and make code more readable by removing junk union and | Ryan Thomas McBride |
2007-06-21 | reimplement interface bound states in a non-retarded way. | Henning Brauer |
2007-06-20 | Allow "log" for nat rules without "pass". | Marco Pfatschbacher |
2007-06-15 | in pf_test_rule, before handling IPPROTO_ICMP / IPPROTO_ICMPV6, check that | Henning Brauer |
2007-06-09 | fix wrong argument passing to m_copyback for the log case | Henning Brauer |
2007-06-09 | sizeof(ptr) is no good if you want sizeof(*ptr). icmp/icmpv6. | Henning Brauer |
2007-06-02 | pf_set_rt_ifp accesses state key data, so must be called later | Henning Brauer |
2007-06-01 | factor out duplicated code to allocate state key and cross-reference it | Henning Brauer |
2007-06-01 | fold pf_test_tcp(), pf_test_udp(), pf_test_icmp(), pf_test_other() into | Henning Brauer |
2007-06-01 | apply the "skip ipsec if there are no flows" speedup diff to IPv6 too. | Henning Brauer |
2007-05-31 | Move the state id and creatorid (used mainly by pfsync) into struct pf_state. | Ryan Thomas McBride |
2007-05-31 | Unbreak pf.c compilation on gcc 2.95 architectures. Found by todd@ | Ryan Thomas McBride |
2007-05-31 | First step of rearranging pf's state table internals... | Ryan Thomas McBride |
2007-05-29 | gain us another 10+% of performance. | Henning Brauer |
2007-05-28 | double pf performance. | Henning Brauer |
2007-05-27 | get rid of static. | David Gwynne |
2007-05-27 | clarify things by passing kif->pfik_ifp around in pf_test{,6} instead | Pierre-Yves Ritschard |
2007-05-26 | add comments indicating why we do m = *m0; again after pf_normalize, ryan ok | Henning Brauer |
2007-05-08 | block ALL packets with rthdr0 in pf_test6(). We already do this | Ryan Thomas McBride |
2007-05-08 | Routing headers are dangerous. Deal with them the same way as IPv4 options: | Ryan Thomas McBride |
2007-02-22 | make urpf-failed work with multipath routes. | Pierre-Yves Ritschard |
2007-02-19 | add handling of skip steps for urpf-failed addresses. | Pierre-Yves Ritschard |
2007-02-14 | Consistently spell FALLTHROUGH to appease lint. | Jonathan Gray |
2007-02-08 | compute pseudo-header checksum based on flnal destination as | Jun-ichiro itojun Hagino |
2006-12-22 | add special handling for "urpf-failed" with carp interfaces. the | Reyk Floeter |
2006-12-21 | in pf_route(), initialize ro to NULL at the beginning. if left un- | Daniel Hartmeier |
2006-12-14 | in "BAD/loose state" messages, also print the packet's original sequence | Daniel Hartmeier |
2006-12-13 | use IN6_IS_SCOPE_EMBED to check kernel-internal form addresses | Jun-ichiro itojun Hagino |
2006-11-16 | conditional for appending the pf mbuf tag in pf_test/pf_test6 was wrong, | Henning Brauer |
2006-10-31 | make pfsync a clonable too, but prevent more than one instance from | Henning Brauer |
2006-10-27 | Split ruleset manipulation functions out into pf_ruleset.c to allow them to | Ryan Thomas McBride |
2006-10-11 | Allow the 'quick' keyword on an anchor. IFF there is a matching rule inside | Ryan Thomas McBride |
2006-09-18 | allow RST from TCP client, even if client does not send data after SYN; | Markus Friedl |
2006-09-18 | fix tos (type-of-service) comparisons. for rules which use 'tos x', compare | Daniel Hartmeier |
2006-07-06 | allow rules to point to an alternate routing table, and tag packets | Henning Brauer |
2006-05-17 | missing rtlabel support in pf_addr_wrap_neq() | Henning Brauer |
2006-03-14 | implement a Unicast Reverse Path Forwarding (uRPF) check for pf(4) | Damien Miller |