summaryrefslogtreecommitdiff
path: root/sys/net/pf_ioctl.c
AgeCommit message (Expand)Author
2008-06-29Simplify state creation code; merge state import/export code between pfsyncRyan Thomas McBride
2008-06-22Revert 1.203; it's not safe to blindly walk the tailq instead of the rbtreeRyan Thomas McBride
2008-06-14Include "pflog.h" so that we get NPFLOG.Joel Sing
2008-06-14pool_get()s not in interrupt context should not be PR_NOWAIT, butHenning Brauer
2008-06-11Split address setup operations into a separate function. More to come.Ryan Thomas McBride
2008-06-10Simplify code slightly; use PR_ZERO with pool_get() rather than bzero().Ryan Thomas McBride
2008-06-10when walking the entire state table it makes much more sense to walkHenning Brauer
2008-06-10save somespace in the state by collapsing two 8 bit ints used as booleansHenning Brauer
2008-06-10implement a sloppy tcpstate tracker which does not look at sequenceHenning Brauer
2008-05-30trivial KNF before we go furtherHenning Brauer
2008-05-29Second half of PF state table rearrangement.Ryan Thomas McBride
2008-05-29rewrite the state table logic.Henning Brauer
2008-05-18KNFRyan Thomas McBride
2008-05-09Add support to kill states by rule label or state id.Marco Pfatschbacher
2008-05-06Add a counter to record how many states have been created by a rule.Marco Pfatschbacher
2008-05-06Prevent possible overflow of int variable on large memory machines.Tobias Weingartner
2007-12-02DIOC{GET,ADD}STATE incorrectly use a user provided pointer without usingChristopher Pascoe
2007-12-02When pf_insert_state state succeeds, increase the state count on theChristopher Pascoe
2007-12-02initialize altq->altq_disc to NULL, from Max LaierDaniel Hartmeier
2007-12-02Don't put state key if pf_insert_state fails. pf_detach_state would haveChristopher Pascoe
2007-12-02Don't leak state if key allocation fails during add.Christopher Pascoe
2007-12-02Set expiry timestamp when importing a state, otherwise it expires on theChristopher Pascoe
2007-12-02DIOCADDSTATE would always dereference a NULL pointer during this copyChristopher Pascoe
2007-09-27Add loginterface support for groups.Marco Pfatschbacher
2007-09-15malloc sweep:Henning Brauer
2007-09-01replace the machine dependant bytes-to-clicks macro by the MI ptoa()Martin Reindl
2007-08-30mechanic change:Henning Brauer
2007-06-24Save some bytes and make code more readable by removing junk union andRyan Thomas McBride
2007-06-21force logif to zero if no logging is asked forHenning Brauer
2007-06-07PR 5502 From: Marc Huber <Marc.Huber@web.de>Henning Brauer
2007-06-01factor out duplicated code to allocate state key and cross-reference itHenning Brauer
2007-05-31Move the state id and creatorid (used mainly by pfsync) into struct pf_state.Ryan Thomas McBride
2007-05-31First step of rearranging pf's state table internals...Ryan Thomas McBride
2007-05-29Add a name argument to the RWLOCK_INITIALIZER macro.Thordur I. Bjornsson
2007-02-26because sparc has variable pagesize, ctob() varies between machines, and weTheo de Raadt
2007-02-23if machine has more than 100MB of physmem, default the max table entriesTheo de Raadt
2007-02-09allow counters to be reset with DIOCGETRULES.Henning Brauer
2006-11-20ioctl to explicitly remove source tracking nodes,Ryan Thomas McBride
2006-10-27Split ruleset manipulation functions out into pf_ruleset.c to allow them toRyan Thomas McBride
2006-10-25add a "u_int8_t logif" to struct pfrule to select to which pflog interfaceHenning Brauer
2006-08-30allow DIOCNATLOOK to look up NAT states for protocols without portDamien Miller
2006-07-21fix a bug in the input sanity check of DIOCCHANGERULE (not used by pfctl,Daniel Hartmeier
2006-07-06allow rules to point to an alternate routing table, and tag packetsHenning Brauer
2006-05-28Enable adaptive timeouts by default, with adaptive.start of 60% of theRyan Thomas McBride
2006-03-04With the exception of two other small uncommited diffs this movesBrad Smith
2006-01-06DIOCNATLOOK was forgotten in the second access control switch. it's aDaniel Hartmeier
2006-01-06for DIOCCLRSTATUS (pfctl -Fi), reset 'Enabled for x' time, too. simplifiesDaniel Hartmeier
2006-01-05bzero after malloc; ok dhartmeiTheo de Raadt
2005-12-10C99 section 6.8.6.4 says "A return statement with an expression shallKenneth R Westerback
2005-10-27Basic support for attaching states from pfsync to the correct rules.Ryan Thomas McBride