summaryrefslogtreecommitdiff
path: root/sys/net/pf_ioctl.c
AgeCommit message (Expand)Author
2010-12-15Be more careful when copying the pf rule from userland into the kernel.Claudio Jeker
2010-06-30fix route label awesomeness, issue also known as PR6416Henning Brauer
2010-06-28Clean up iterface stats handling:Ryan Thomas McBride
2010-06-27Fix DIOCCHANGERULE ioctl broken in the remove of the address pools.Ryan Thomas McBride
2010-01-18Convert pf debug logging to using log()/addlog(), a single standardisedRyan Thomas McBride
2010-01-12First pass at removing the 'pf_pool' mechanism for translation and routingRyan Thomas McBride
2009-12-24add support to pf for filtering a packet by the interface it was receivedDavid Gwynne
2009-12-14fix sticky-address - by pretty much re-implementing it. still followingHenning Brauer
2009-11-24kill obsolete natpassHenning Brauer
2009-11-23remove the nat_rule pointer on pf_state and pf_pdesc, obsolete afterHenning Brauer
2009-11-22cleanup after the NAT changes. we used to have multiple rulesets (scrub,Henning Brauer
2009-11-11Fix some memory leaks in error cases.Jonathan Gray
2009-11-03Use u_int16_t for rdomains for everything. Using various types makesClaudio Jeker
2009-11-03rtables are stacked on rdomains (it is possible to have multiple routingClaudio Jeker
2009-10-28Add a dedicated pf pool for route options as suggested by henning,Jonathan Gray
2009-10-06Replace if (af) tests operating as an af blacklist with stricter switchRyan Thomas McBride
2009-09-01the diff theo calls me insanae for:Henning Brauer
2009-05-31make set loginterface, set hostid, set reassemble and set debugHenning Brauer
2009-04-16Really turn fragment reassembly on by default. pfctl must handle thisDavid Krause
2009-04-07turn fragment reassembly on by default. the is little to no reason toHenning Brauer
2009-04-061) scrub rules are completely gone.Henning Brauer
2009-03-09Make the DIOCSETIFFLAG, DIOCSETLIMIT, and DIOCSETTIMEOUT ioctlsRyan Thomas McBride
2009-02-16pfsync v5, mostly written at n2k9, but based on work done at n2k8.David Gwynne
2009-02-15Revert previous.Marc Balmer
2009-02-15Fix compilation of kernels that have pf, but not pfsync.Marc Balmer
2008-11-24Fix splasserts seen in pr 5987 by propagating a flag that discribesMike Belopuhov
2008-10-23use the correct idiom for NFOO things which come from "foo.h" filesTheo de Raadt
2008-06-29Simplify state creation code; merge state import/export code between pfsyncRyan Thomas McBride
2008-06-22Revert 1.203; it's not safe to blindly walk the tailq instead of the rbtreeRyan Thomas McBride
2008-06-14Include "pflog.h" so that we get NPFLOG.Joel Sing
2008-06-14pool_get()s not in interrupt context should not be PR_NOWAIT, butHenning Brauer
2008-06-11Split address setup operations into a separate function. More to come.Ryan Thomas McBride
2008-06-10Simplify code slightly; use PR_ZERO with pool_get() rather than bzero().Ryan Thomas McBride
2008-06-10when walking the entire state table it makes much more sense to walkHenning Brauer
2008-06-10save somespace in the state by collapsing two 8 bit ints used as booleansHenning Brauer
2008-06-10implement a sloppy tcpstate tracker which does not look at sequenceHenning Brauer
2008-05-30trivial KNF before we go furtherHenning Brauer
2008-05-29Second half of PF state table rearrangement.Ryan Thomas McBride
2008-05-29rewrite the state table logic.Henning Brauer
2008-05-18KNFRyan Thomas McBride
2008-05-09Add support to kill states by rule label or state id.Marco Pfatschbacher
2008-05-06Add a counter to record how many states have been created by a rule.Marco Pfatschbacher
2008-05-06Prevent possible overflow of int variable on large memory machines.Tobias Weingartner
2007-12-02DIOC{GET,ADD}STATE incorrectly use a user provided pointer without usingChristopher Pascoe
2007-12-02When pf_insert_state state succeeds, increase the state count on theChristopher Pascoe
2007-12-02initialize altq->altq_disc to NULL, from Max LaierDaniel Hartmeier
2007-12-02Don't put state key if pf_insert_state fails. pf_detach_state would haveChristopher Pascoe
2007-12-02Don't leak state if key allocation fails during add.Christopher Pascoe
2007-12-02Set expiry timestamp when importing a state, otherwise it expires on theChristopher Pascoe
2007-12-02DIOCADDSTATE would always dereference a NULL pointer during this copyChristopher Pascoe