summaryrefslogtreecommitdiff
path: root/sys/net/pf.c
AgeCommit message (Expand)Author
2010-06-27stuff nsaddr/ndaddr/nsport/ndport (addrs/ports after NAT, used a lot whileHenning Brauer
2010-05-07Start cleaning up the mess called rtalloc*. Kill rtalloc2, make rtalloc1Claudio Jeker
2010-02-04pf_get_sport() picks a random port from the port range specified in aStuart Henderson
2010-01-18Convert pf debug logging to using log()/addlog(), a single standardisedRyan Thomas McBride
2010-01-14henning and I are both dumbasses, testing &foo against NULL is pointless.Ryan Thomas McBride
2010-01-14When printing states in debug output, print the rule number that createdRyan Thomas McBride
2010-01-14i forgot to remove a now obsolete comment in pf_create_state aboutHenning Brauer
2010-01-14in pf_create_state, when we fixed the leaks, we were a bit too triggerHenning Brauer
2010-01-13in pf_state_key_detach, ensure that the state key pointer on the stateHenning Brauer
2010-01-12First pass at removing the 'pf_pool' mechanism for translation and routingRyan Thomas McBride
2010-01-11"final" leak in state creation: in pf_state_key_setup, if we actuallyHenning Brauer
2010-01-11fix a bug in pf_create_state that was a major source of amusement for meHenning Brauer
2009-12-24add support to pf for filtering a packet by the interface it was receivedDavid Gwynne
2009-12-14fix sticky-address - by pretty much re-implementing it. still followingHenning Brauer
2009-12-08move "pf: key search" and "pf: key setup" messages to PF_DEBUG_NOISYStuart Henderson
2009-11-26magical fix for a fault which reliably brings my firewalls down. i thinkDavid Gwynne
2009-11-23with the old code we initialized the state keys early in some casesHenning Brauer
2009-11-23one kinda-missing log |= PFLOG_FORCE in the v6 case, spotted by claudioHenning Brauer
2009-11-23sync the handling of the log flag from pf_test (where it is correct)Henning Brauer
2009-11-23pf_test_fragment: we need to bail out if action == PF_DROP, notHenning Brauer
2009-11-23sync some comments with realityHenning Brauer
2009-11-23remove the nat_rule pointer on pf_state and pf_pdesc, obsolete afterHenning Brauer
2009-11-22cleanup after the NAT changes. we used to have multiple rulesets (scrub,Henning Brauer
2009-11-21knfHenning Brauer
2009-11-05IPv6 support for divert sockets.Michele Marchetto
2009-11-03rtables are stacked on rdomains (it is possible to have multiple routingClaudio Jeker
2009-10-29I missed updating a line for the AF_INET6 route case whenJonathan Gray
2009-10-28Add a dedicated pf pool for route options as suggested by henning,Jonathan Gray
2009-10-06Redo the route lookup in the output (and IPv6 forwarding) path if theClaudio Jeker
2009-10-04Add (again) support for divert sockets. They allow you to:Michele Marchetto
2009-09-16style: in pf_test_state_other, fix indentation, kill excessive newlines,Henning Brauer
2009-09-16fix copy & paste error from almost a year ago (bad ryan)Henning Brauer
2009-09-08I had not enough oks to commit this diff.Michele Marchetto
2009-09-08Add support for divert sockets. They allow you to:Michele Marchetto
2009-09-01the diff theo calls me insanae for:Henning Brauer
2009-07-28do not leak pf_rule_item_pl items in pf_test_rule() whenHenning Brauer
2009-07-28check that pool_get actually gives us memory in pf_test_rule.Henning Brauer
2009-06-26invert direction for inner icmp state lookups (e.g. traceroute with icmp)Markus Friedl
2009-06-22Check that the address family is appropriate before processing ICMPv4 andJoel Sing
2009-06-22Always drop ICMPv6 in IPv4 datagrams, not only when compiled with INET6.Joel Sing
2009-06-22Fix scrub max-mss for IPv6 traffic.Joel Sing
2009-06-08in pf_print_state_parts, do not use skw->proto to print the protocolHenning Brauer
2009-06-08"do not call PF_ANEQ with af=0, dragons". fixes a problem with skipStuart Henderson
2009-06-05Initial support for routing domains. This allows to bind interfaces toClaudio Jeker
2009-05-18The routing table index rtableid has type unsigned int in the routingAlexander Bluhm
2009-04-30treat log as what it is, a flag variable. effectively a noop now but stopsHenning Brauer
2009-04-23print the type of the icmp message we're bitching about when debugging isDavid Gwynne
2009-04-17move the lastr = r assignment behind the anchor rule check so we don'tHenning Brauer
2009-04-15little dose of scrubbing after the monster changes:Henning Brauer
2009-04-15move OK ICMP to NOISY level, makes it easier to run at MISC level; ok henning@David Krause