summaryrefslogtreecommitdiff
path: root/sys/net/pf.c
AgeCommit message (Expand)Author
2022-03-17fix typos; Martin VahlensieckStuart Henderson
2022-03-05#if INET6 -> #ifdef INET6 to be consistentJonathan Gray
2022-02-08Do not /0 if timeout[PFTM_INTERVAL] manages to become zeroTheo de Raadt
2022-01-02spellingJonathan Gray
2021-07-07pfsync_undefer() must be called outside of PF_LOCKAlexandr Nedvedicky
2021-06-23augment the global pf state list with its own locks.David Gwynne
2021-06-23pf_purge_expired_states can check the time once instead of for every state.David Gwynne
2021-06-23rework pf_state_expires to avoid confusion around state->timeout.David Gwynne
2021-06-01a couple of minor whitespace tweaks. no functional change.David Gwynne
2021-05-17fix state key reference underflow, when sk == skrevAlexandr Nedvedicky
2021-04-27pf_state_key_link_reverse() is prone to race on parallel forwardingAlexandr Nedvedicky
2021-04-23only skip pf once for packets that are injected by a divert-packet socket.David Gwynne
2021-03-10spellingJonathan Gray
2021-03-01Refactor ip_fragment() and ip6_fragment(). Use a mbuf list toAlexander Bluhm
2021-02-23Use NULL instead of 0 in `m_nextpkt' assignment.mvs
2021-02-16use rtalloc_mpath in pf_route and pf_route6.David Gwynne
2021-02-12pf_remove_divert_state() is an entry point into pf, modifying the pf statePatrick Wildt
2021-02-12Fix null pointer dereference in pf_route6(). Embedding scope intoAlexander Bluhm
2021-02-04make if_pfsync.c a better friend with PF_LOCKAlexandr Nedvedicky
2021-02-03change pf_route so pf only runs when packets enter and leave the stack.David Gwynne
2021-02-01change route-to so it sends packets to IPs instead of interfaces.David Gwynne
2021-01-28handle "once" rules before letting pfsync defer tx of a packet.David Gwynne
2021-01-27if the route resolved in pf_route is invalid, generate an icmp error.David Gwynne
2021-01-27have pf_route{,6} clear the pf_pdesc mbuf ref early for route-to/reply-to.David Gwynne
2021-01-27don't run copies of packets made by dup-to through pf_test.David Gwynne
2021-01-19pflog(4) tried to log the translated packet with rdr-to, nat-to,Alexander Bluhm
2021-01-16The sysctl variable net.inet.ip.forwarding is checked beforeAlexander Bluhm
2021-01-15Remove a check that bypasses pf state tests. It dates back to 2003Alexander Bluhm
2021-01-14Fix build without carp: ifp0 is only used within #if NCARP > 0.Theo Buehler
2021-01-04Minor refactoring in pf(4). Note that struct pfsync_state is noAlexander Bluhm
2020-12-10when setting a flowid, set the M_FLOWID csum_flags bit too.David Gwynne
2020-12-07synproxy should be processing incoming SYN packets only.Alexandr Nedvedicky
2020-07-24Use interface index instead of pointer to `ifnet' in carp(4).mvs
2020-06-24kernel: use gettime(9)/getuptime(9) in lieu of time_second(9)/time_uptime(9)cheloha
2020-06-17make ph_flowid in mbufs 16bits by storing whether it's set in csum_flags.David Gwynne
2019-11-17"set delay" never worked as committed: the delay field was not copiedOtto Moerbeek
2019-10-17Use -1 to indicate an invalid uid/gid, not UID_MAX and GID_MAX.Todd C. Miller
2019-08-29pf_state_insert() must grab state lock exclusivelyAlexandr Nedvedicky
2019-08-26pf.conf "set timeout interval 1" causes kernel crashAlexandr Nedvedicky
2019-07-18follow up to 'once rule' expirationAlexandr Nedvedicky
2019-07-18This commit fixes two bugs involving PF once rules:Lawrence Teo
2019-07-11fix NULL pointer dereference, reported and fix tested by sthenAlexandr Nedvedicky
2019-07-09Fix previous commit which made src-node have a reference for the kif.YASUOKA Masahiko
2019-07-02When source address tracking record is used for "route-to", the nextYASUOKA Masahiko
2019-07-01Link the state and the source track to keep the source track whileYASUOKA Masahiko
2019-03-20States in pf(4) let ICMP and ICMP6 packets pass if they have aAlexander Bluhm
2018-12-17Use timeout_add_sec() instead of timeout_add() with a multiplication with hzClaudio Jeker
2018-12-10Remove useless macroskn
2018-11-15in the "pf: key search" debug message, add the direction. interface *and*Henning Brauer
2018-10-16- pf: honor quick on anchor rulesAlexandr Nedvedicky