summaryrefslogtreecommitdiff
path: root/sys/net/pf.c
AgeCommit message (Expand)Author
2023-12-01Prevent race between pf_test() and pf_purge_expired_states().Alexandr Nedvedicky
2023-10-10pf(4) must not pass packet if state cannot be created.Alexander Bluhm
2023-10-10Remove dead code in pf_pull_hdr().Alexander Bluhm
2023-09-08revert previousChristian Weisgerber
2023-09-07pf(4) ignores 'keep state' and 'nat-to' actions for unsolicitedAlexandr Nedvedicky
2023-07-31don't let pfsync send an insert message for a state pfsync just insertedDavid Gwynne
2023-07-07Fix path MTU discovery for TCP LRO/TSO when forwarding.Alexander Bluhm
2023-07-06big update to pfsync to try and clean up locking in particular.David Gwynne
2023-06-05pf_remove_state() should not attempt to remove state whichAlexandr Nedvedicky
2023-05-15Implement the TCP/IP layer for hardware TCP segmentation offload.Alexander Bluhm
2023-05-13Instead of implementing IPv4 header checksum creation everywhere,Alexander Bluhm
2023-05-10Implement TCP send offloading, for now in software only. This isAlexander Bluhm
2023-05-08The call to in_proto_cksum_out() is only needed before the packetAlexander Bluhm
2023-05-07I preparation for TSO in software, cleanup the fragment code. UseAlexander Bluhm
2023-05-03Remove net lock from DIOCGETRULESET and DIOCGETRULESETSKlemens Nanni
2023-04-28Relax the "pass all" rule so all forms of neighbor advertisements are allowedPeter Hessler
2023-03-23fix off-by-one in pf_state_expires() bounds testJonathan Gray
2023-03-04pf(4) should be enforcing TTL=1 to packets sent to 224.0.0.1 only.Alexandr Nedvedicky
2023-01-22Fix pf_anchor_stackframe commit to revert pf rule matching to theYASUOKA Masahiko
2023-01-12Binding the accept socket in TCP input relies on the fact that theAlexander Bluhm
2023-01-06PF_ANCHOR_STACK_MAX is insufficient protection against stack overflow.Alexandr Nedvedicky
2023-01-05more consistently name pf_state * variables "st".David Gwynne
2023-01-04move the pf_state_tree_id type from pfvar.h to pfvar_priv.h.David Gwynne
2023-01-04move the pf_state_tree rb tree type from pfvar.h to pfvar_priv.hDavid Gwynne
2023-01-02use the pf generated toeplitz hash when setting the mbuf flow id.David Gwynne
2022-12-27Fix array bounds mismatch with clang 15Patrick Wildt
2022-12-24fix and enable toeplitz hashing of pf_state_keys again.David Gwynne
2022-12-23disable the use of the has in the pf state key lookup (for now).David Gwynne
2022-12-22use stoeplitz to generate a hash/flowid for state keys.David Gwynne
2022-12-21tiny whitespace tweak.David Gwynne
2022-12-21consistently use the PF_REF wrappers around refcnts.David Gwynne
2022-12-21prefix pf_state_key and pf_state_item struct bits to make them more unique.David Gwynne
2022-12-16always keep pf_state_keys attached to pf_states.David Gwynne
2022-11-25revert pf.c r1.1152 again: move pf_purge out from under the kernel lockAlexander Bluhm
2022-11-25Revert previous commit. It was not properly tested and produces splassertMark Kettenis
2022-11-25get rid of NET_LOCK in the pf purge workDavid Gwynne
2022-11-12Put pf_state_import() under NPFSYNC>0 to fix build without pfsyncKlemens Nanni
2022-11-11try pf.c r1.1143 again: move pf_purge out from under the kernel lockDavid Gwynne
2022-11-11add a mutex to struct pf_state and init it.David Gwynne
2022-11-11rename pfsync_up() to pfsync_is_up()David Gwynne
2022-11-11rewrite the pf_state_peer_ntoh and pf_state_peer_hton macros as functions.David Gwynne
2022-11-10revert pf_state mtx commit, because it breaks tree.Alexandr Nedvedicky
2022-11-10Add a mutex to pf_state structure. Mutex retain a consistencyAlexandr Nedvedicky
2022-11-09simplify expiration of 'once' rules.Alexandr Nedvedicky
2022-11-08This diff fixes panic tripped by KASSERT(st->sync_state == PFSYNC_S_NONE)Alexandr Nedvedicky
2022-11-07revert "move pf_purge out from under the kernel lock".David Gwynne
2022-11-07move pf_purge out from under the kernel lock and avoid the hogging cpuDavid Gwynne
2022-11-06move pfsync_state_import in if_pfsync.c to pf_state_import in pf.cDavid Gwynne
2022-10-10Recalculate checksum of normalised packetBjorn Ketelaars
2022-09-03Use a mutex to update tcp_maxidle, tcp_iss, and tcp_now. ThisAlexander Bluhm