| Age | Commit message (Expand) | Author |
|---|
| 2008-05-29 | Second half of PF state table rearrangement. | Ryan Thomas McBride |
| 2008-05-29 | rewrite the state table logic. | Henning Brauer |
| 2008-05-18 | KNF | Ryan Thomas McBride |
| 2008-05-15 | divert for ipv6; ok henning, pyr | Markus Friedl |
| 2008-05-09 | divert packets to local socket without modifying the ip header; | Markus Friedl |
| 2008-05-07 | scrub packets based on tags; ok henning | Markus Friedl |
| 2008-05-07 | backout last change, it's already there.... | Markus Friedl |
| 2008-05-06 | Kill state if we get SYN for a state that has been closed from both sides. | Markus Friedl |
| 2008-05-06 | Add a counter to record how many states have been created by a rule. | Marco Pfatschbacher |
| 2008-05-05 | remove a useless refcnt in pf_state_key. | Henning Brauer |
| 2008-02-20 | make return-rst work correctly in the IPv6 case again. | Henning Brauer |
| 2008-02-16 | switch to RFC 1948 style ISN, too; ok mcbride, dhartmei, henning | Markus Friedl |
| 2007-11-22 | pf_src_tree_remove_state() is called upon pf_insert_state() failures. | Henning Brauer |
| 2007-11-18 | backout 1.562 since it triggers the problem described in pr 5648 | Theo de Raadt |
| 2007-11-16 | in pf_test_fragment(), ignore protocol-specific criteria for packets of | Daniel Hartmeier |
| 2007-11-11 | Don't leak pfstatekey upon insert conflict (most often caused via pfsync). | Christopher Pascoe |
| 2007-10-31 | 'block return' must not send anything on blocked icmp packets. | Marco Pfatschbacher |
| 2007-10-25 | Fix probability rules w/ numbers (e.g probability 0.4). | Marco Pfatschbacher |
| 2007-09-18 | allow state reuse for tcp if both sides are in FIN_WAIT_2 and a new SYN | Markus Friedl |
| 2007-09-07 | Do not recalculate TCP payload length in pf_test_rule() as it has | Alexander Bluhm |
| 2007-08-30 | mechanic change: | Henning Brauer |
| 2007-08-30 | handle address ranges in skip step calculation | Daniel Hartmeier |
| 2007-08-30 | add support for address ranges ("from 10.1.2.50 - 10.1.3.75") in from/to | Daniel Hartmeier |
| 2007-08-28 | showing this diff is shameful... | Henning Brauer |
| 2007-08-23 | allow RSTs with th_seq == seqlo +- 1, reduces the amount of 'loose state' | Daniel Hartmeier |
| 2007-08-21 | don't access th_flags when it isn't available (only 8 bytes of the | Daniel Hartmeier |
| 2007-07-18 | Don't drop outgoing packets in case of a congested input queue. | Marco Pfatschbacher |
| 2007-07-10 | adjust pf_find_state_all() so that it works correctly for the new global | Kurt Miller |
| 2007-07-04 | No m_copyback for ICMP and "other" protocols on rdr/binat. | Marco Pfatschbacher |
| 2007-06-25 | pretty mechanical change: now that the state tables use seperate state | Henning Brauer |
| 2007-06-24 | Save some bytes and make code more readable by removing junk union and | Ryan Thomas McBride |
| 2007-06-21 | reimplement interface bound states in a non-retarded way. | Henning Brauer |
| 2007-06-20 | Allow "log" for nat rules without "pass". | Marco Pfatschbacher |
| 2007-06-15 | in pf_test_rule, before handling IPPROTO_ICMP / IPPROTO_ICMPV6, check that | Henning Brauer |
| 2007-06-09 | fix wrong argument passing to m_copyback for the log case | Henning Brauer |
| 2007-06-09 | sizeof(ptr) is no good if you want sizeof(*ptr). icmp/icmpv6. | Henning Brauer |
| 2007-06-02 | pf_set_rt_ifp accesses state key data, so must be called later | Henning Brauer |
| 2007-06-01 | factor out duplicated code to allocate state key and cross-reference it | Henning Brauer |
| 2007-06-01 | fold pf_test_tcp(), pf_test_udp(), pf_test_icmp(), pf_test_other() into | Henning Brauer |
| 2007-06-01 | apply the "skip ipsec if there are no flows" speedup diff to IPv6 too. | Henning Brauer |
| 2007-05-31 | Move the state id and creatorid (used mainly by pfsync) into struct pf_state. | Ryan Thomas McBride |
| 2007-05-31 | Unbreak pf.c compilation on gcc 2.95 architectures. Found by todd@ | Ryan Thomas McBride |
| 2007-05-31 | First step of rearranging pf's state table internals... | Ryan Thomas McBride |
| 2007-05-29 | gain us another 10+% of performance. | Henning Brauer |
| 2007-05-28 | double pf performance. | Henning Brauer |
| 2007-05-27 | get rid of static. | David Gwynne |
| 2007-05-27 | clarify things by passing kif->pfik_ifp around in pf_test{,6} instead | Pierre-Yves Ritschard |
| 2007-05-26 | add comments indicating why we do m = *m0; again after pf_normalize, ryan ok | Henning Brauer |
| 2007-05-08 | block ALL packets with rthdr0 in pf_test6(). We already do this | Ryan Thomas McBride |
| 2007-05-08 | Routing headers are dangerous. Deal with them the same way as IPv4 options: | Ryan Thomas McBride |
