summaryrefslogtreecommitdiff
path: root/sys/net/pf_ioctl.c
AgeCommit message (Expand)Author
2013-11-13DIOCGETSRCNODES was leaking a little bit more kernel informationTheo de Raadt
2013-11-12two ioctl's were disclosing kernel pointers and such.Theo de Raadt
2013-10-20Deep inside DIOCXCOMMIT, should return a real errno instead of -1Theo de Raadt
2013-10-17The header file netinet/in_var.h included netinet6/in6_var.h. ThisAlexander Bluhm
2013-10-12new bandwidth shaping subsystem, kernel sideHenning Brauer
2013-10-12give tagname2tag and its siblings an extra "create" parameter. if 1, itHenning Brauer
2013-03-28no need for a lot of code to include proc.hTed Unangst
2013-03-27Use the correct src/dst ports depending on direction (one of src or dst wasRyan Thomas McBride
2013-02-26Don't try to purge one-time rules from the main ruleset.Mike Belopuhov
2012-10-30Use time_uptime for expiration values as time_second can be skewed atFlorian Obser
2012-09-20Lower pf frags limit to not risk running out of mbuf clustersCamiel Dobbelaar
2012-09-18prio 0 is valid, therefore, I chose an "impossible" value for prio meaningHenning Brauer
2012-07-08there was a limit on the number of pflog interfaces - 16. remove that.Henning Brauer
2012-07-07rename prio in struct pf_rule and related structs to set_prio so it isHenning Brauer
2012-07-07restore DIOCKILLSTATE semantics to what they were before the NAT rewrite.Henning Brauer
2012-04-03Fix kernel compilation with pf but without pfsync pseudo-device byMike Belopuhov
2012-03-28Another pid that needs to be the process pid and not the thread one.Claudio Jeker
2011-12-12fixup af-to regression with match rulesMike Belopuhov
2011-11-29use a u_int64_t for the state id in pfsync_state. this makes it consistentDavid Gwynne
2011-11-28deprecate PFTM_UNTIL_PACKET. nothing in the tree uses it, andDavid Gwynne
2011-11-25use time_uptime to set state creation values as time_second can beDavid Gwynne
2011-10-13Since the IPv6 madness is not enough introduce NAT64 -- which is actuallyClaudio Jeker
2011-10-07rename some vars and functionsHenning Brauer
2011-08-30Add support for one shot rules that remove themselves from an activeMike Belopuhov
2011-07-08surprisingly, we use pf as classifier for the new priority queueingHenning Brauer
2011-06-02Don't destroy a non-persistent table if referenced by src_nodes. FixesStuart Henderson
2011-04-19Fix potential null dereference.Charles Longeau
2011-04-06Allow PF to filter on the rdomain a packet belongs to. This allows toClaudio Jeker
2011-03-25Include original rdomain in DIOCNATLOOK. This allows userland proxiesClaudio Jeker
2010-12-15Be more careful when copying the pf rule from userland into the kernel.Claudio Jeker
2010-06-30fix route label awesomeness, issue also known as PR6416Henning Brauer
2010-06-28Clean up iterface stats handling:Ryan Thomas McBride
2010-06-27Fix DIOCCHANGERULE ioctl broken in the remove of the address pools.Ryan Thomas McBride
2010-01-18Convert pf debug logging to using log()/addlog(), a single standardisedRyan Thomas McBride
2010-01-12First pass at removing the 'pf_pool' mechanism for translation and routingRyan Thomas McBride
2009-12-24add support to pf for filtering a packet by the interface it was receivedDavid Gwynne
2009-12-14fix sticky-address - by pretty much re-implementing it. still followingHenning Brauer
2009-11-24kill obsolete natpassHenning Brauer
2009-11-23remove the nat_rule pointer on pf_state and pf_pdesc, obsolete afterHenning Brauer
2009-11-22cleanup after the NAT changes. we used to have multiple rulesets (scrub,Henning Brauer
2009-11-11Fix some memory leaks in error cases.Jonathan Gray
2009-11-03Use u_int16_t for rdomains for everything. Using various types makesClaudio Jeker
2009-11-03rtables are stacked on rdomains (it is possible to have multiple routingClaudio Jeker
2009-10-28Add a dedicated pf pool for route options as suggested by henning,Jonathan Gray
2009-10-06Replace if (af) tests operating as an af blacklist with stricter switchRyan Thomas McBride
2009-09-01the diff theo calls me insanae for:Henning Brauer
2009-05-31make set loginterface, set hostid, set reassemble and set debugHenning Brauer
2009-04-16Really turn fragment reassembly on by default. pfctl must handle thisDavid Krause
2009-04-07turn fragment reassembly on by default. the is little to no reason toHenning Brauer
2009-04-061) scrub rules are completely gone.Henning Brauer