| Age | Commit message (Expand) | Author |
|---|
| 2007-05-29 | Add a name argument to the RWLOCK_INITIALIZER macro. | Thordur I. Bjornsson |
| 2007-02-26 | because sparc has variable pagesize, ctob() varies between machines, and we | Theo de Raadt |
| 2007-02-23 | if machine has more than 100MB of physmem, default the max table entries | Theo de Raadt |
| 2007-02-09 | allow counters to be reset with DIOCGETRULES. | Henning Brauer |
| 2006-11-20 | ioctl to explicitly remove source tracking nodes, | Ryan Thomas McBride |
| 2006-10-27 | Split ruleset manipulation functions out into pf_ruleset.c to allow them to | Ryan Thomas McBride |
| 2006-10-25 | add a "u_int8_t logif" to struct pfrule to select to which pflog interface | Henning Brauer |
| 2006-08-30 | allow DIOCNATLOOK to look up NAT states for protocols without port | Damien Miller |
| 2006-07-21 | fix a bug in the input sanity check of DIOCCHANGERULE (not used by pfctl, | Daniel Hartmeier |
| 2006-07-06 | allow rules to point to an alternate routing table, and tag packets | Henning Brauer |
| 2006-05-28 | Enable adaptive timeouts by default, with adaptive.start of 60% of the | Ryan Thomas McBride |
| 2006-03-04 | With the exception of two other small uncommited diffs this moves | Brad Smith |
| 2006-01-06 | DIOCNATLOOK was forgotten in the second access control switch. it's a | Daniel Hartmeier |
| 2006-01-06 | for DIOCCLRSTATUS (pfctl -Fi), reset 'Enabled for x' time, too. simplifies | Daniel Hartmeier |
| 2006-01-05 | bzero after malloc; ok dhartmei | Theo de Raadt |
| 2005-12-10 | C99 section 6.8.6.4 says "A return statement with an expression shall | Kenneth R Westerback |
| 2005-10-27 | Basic support for attaching states from pfsync to the correct rules. | Ryan Thomas McBride |
| 2005-09-28 | Improve the safety of pf IOCTLs, taking into account that some paths can sleep. | Christopher Pascoe |
| 2005-09-05 | in DIOCCHANGERULE, properly initialize table, if used in NAT rule. | Daniel Hartmeier |
| 2005-08-18 | Malloc temporary buffers in pfioctl rather than having several large | Christopher Pascoe |
| 2005-08-18 | Rearrange pf_state and pfi_kif so that the parts of the structure needed | Christopher Pascoe |
| 2005-08-12 | Fill out interface name and state creation time correctly in | Christopher Pascoe |
| 2005-08-07 | Do not blindly reset the state count to zero after a clear, as we may not | Christopher Pascoe |
| 2005-08-07 | verify ticket in DIOCADDADDR, from Boris Polevoy, ok deraadt@ | Daniel Hartmeier |
| 2005-08-05 | make three functions non-static (namespace is no issue, they might get | Daniel Hartmeier |
| 2005-08-04 | instead of static locals, malloc/free. the goal is to reduce stack usage, | Daniel Hartmeier |
| 2005-08-02 | Instead of copying a table structure so we can mask off a bit before | Christopher Pascoe |
| 2005-08-01 | Use a string directly rather than making a copy, save on stack space. | Christopher Pascoe |
| 2005-07-31 | Perform pf state/rule/table expiry in a kernel thread instead of running | Christopher Pascoe |
| 2005-07-26 | Add missing newline to error message. | Christopher Pascoe |
| 2005-07-11 | add missing {} around TAILQ_FOREACH block, found by David Hill | Daniel Hartmeier |
| 2005-06-30 | in order for pfvar.h not to conflict with openssl's crypto.h, use | Nikolay Sturm |
| 2005-06-13 | make the packet and byte counters on rules and src nodes per direction, | Henning Brauer |
| 2005-05-27 | Calculate an MD5 checksum over the main pf ruleset. | Marco Pfatschbacher |
| 2005-05-27 | log two pairs of uid/pid through pflog: the uid/pid of the process that | Daniel Hartmeier |
| 2005-05-21 | clean up and rework the interface absraction code big time, rip out multiple | Henning Brauer |
| 2005-05-10 | In DIOCKILLSTATES: take into account the direction of the state when | Joel Knight |
| 2005-03-03 | when tagging, apply the same tag to all packets matching a state entry | Daniel Hartmeier |
| 2005-01-05 | - Use defines from pfvar.h for timeouts | Ryan Thomas McBride |
| 2004-12-22 | Introduce 'set skip on <ifspec>' to support a list of interfaces where no | Daniel Hartmeier |
| 2004-12-10 | allow pf to filter on route labels | Henning Brauer |
| 2004-12-07 | KNF | Ryan Thomas McBride |
| 2004-12-05 | after attaching an overload table, set its active flag. otherwise, the | Daniel Hartmeier |
| 2004-12-04 | Add kernel code to keep track of tcp connections which have completed | Ryan Thomas McBride |
| 2004-12-01 | replace finer-grained spl locking in pfioctl() with a single broad lock | Daniel Hartmeier |
| 2004-09-21 | Implement "no scrub" to allow exclusion of specific traffic from scrub rules. | Aaron Campbell |
| 2004-09-09 | Copy out anchors with relative paths and wildcards correctly, | Daniel Hartmeier |
| 2004-07-22 | Add missing check for NULL in DIOCCHANGERULE. This prevents a crash in | Mathieu Sauve-Frankel |
| 2004-07-05 | KNF | Henning Brauer |
| 2004-06-21 | First step towards more sane time handling in the kernel -- this changes | Thorsten Lockert |
