Age | Commit message (Expand) | Author |
2006-05-28 | Enable adaptive timeouts by default, with adaptive.start of 60% of the | Ryan Thomas McBride |
2006-03-04 | With the exception of two other small uncommited diffs this moves | Brad Smith |
2006-01-06 | DIOCNATLOOK was forgotten in the second access control switch. it's a | Daniel Hartmeier |
2006-01-06 | for DIOCCLRSTATUS (pfctl -Fi), reset 'Enabled for x' time, too. simplifies | Daniel Hartmeier |
2006-01-05 | bzero after malloc; ok dhartmei | Theo de Raadt |
2005-12-10 | C99 section 6.8.6.4 says "A return statement with an expression shall | Kenneth R Westerback |
2005-10-27 | Basic support for attaching states from pfsync to the correct rules. | Ryan Thomas McBride |
2005-09-28 | Improve the safety of pf IOCTLs, taking into account that some paths can sleep. | Christopher Pascoe |
2005-09-05 | in DIOCCHANGERULE, properly initialize table, if used in NAT rule. | Daniel Hartmeier |
2005-08-18 | Malloc temporary buffers in pfioctl rather than having several large | Christopher Pascoe |
2005-08-18 | Rearrange pf_state and pfi_kif so that the parts of the structure needed | Christopher Pascoe |
2005-08-12 | Fill out interface name and state creation time correctly in | Christopher Pascoe |
2005-08-07 | Do not blindly reset the state count to zero after a clear, as we may not | Christopher Pascoe |
2005-08-07 | verify ticket in DIOCADDADDR, from Boris Polevoy, ok deraadt@ | Daniel Hartmeier |
2005-08-05 | make three functions non-static (namespace is no issue, they might get | Daniel Hartmeier |
2005-08-04 | instead of static locals, malloc/free. the goal is to reduce stack usage, | Daniel Hartmeier |
2005-08-02 | Instead of copying a table structure so we can mask off a bit before | Christopher Pascoe |
2005-08-01 | Use a string directly rather than making a copy, save on stack space. | Christopher Pascoe |
2005-07-31 | Perform pf state/rule/table expiry in a kernel thread instead of running | Christopher Pascoe |
2005-07-26 | Add missing newline to error message. | Christopher Pascoe |
2005-07-11 | add missing {} around TAILQ_FOREACH block, found by David Hill | Daniel Hartmeier |
2005-06-30 | in order for pfvar.h not to conflict with openssl's crypto.h, use | Nikolay Sturm |
2005-06-13 | make the packet and byte counters on rules and src nodes per direction, | Henning Brauer |
2005-05-27 | Calculate an MD5 checksum over the main pf ruleset. | Marco Pfatschbacher |
2005-05-27 | log two pairs of uid/pid through pflog: the uid/pid of the process that | Daniel Hartmeier |
2005-05-21 | clean up and rework the interface absraction code big time, rip out multiple | Henning Brauer |
2005-05-10 | In DIOCKILLSTATES: take into account the direction of the state when | Joel Knight |
2005-03-03 | when tagging, apply the same tag to all packets matching a state entry | Daniel Hartmeier |
2005-01-05 | - Use defines from pfvar.h for timeouts | Ryan Thomas McBride |
2004-12-22 | Introduce 'set skip on <ifspec>' to support a list of interfaces where no | Daniel Hartmeier |
2004-12-10 | allow pf to filter on route labels | Henning Brauer |
2004-12-07 | KNF | Ryan Thomas McBride |
2004-12-05 | after attaching an overload table, set its active flag. otherwise, the | Daniel Hartmeier |
2004-12-04 | Add kernel code to keep track of tcp connections which have completed | Ryan Thomas McBride |
2004-12-01 | replace finer-grained spl locking in pfioctl() with a single broad lock | Daniel Hartmeier |
2004-09-21 | Implement "no scrub" to allow exclusion of specific traffic from scrub rules. | Aaron Campbell |
2004-09-09 | Copy out anchors with relative paths and wildcards correctly, | Daniel Hartmeier |
2004-07-22 | Add missing check for NULL in DIOCCHANGERULE. This prevents a crash in | Mathieu Sauve-Frankel |
2004-07-05 | KNF | Henning Brauer |
2004-06-21 | First step towards more sane time handling in the kernel -- this changes | Thorsten Lockert |
2004-06-14 | Remove DIOCBEGINRULES, DIOCCOMMITRULES, DIOCBEGINALTQS, DIOCCOMMITALTQS, | Cedric Berger |
2004-06-10 | rename struct pf_rule_addr member 'not' to 'neg', as 'not' is a reserved | Daniel Hartmeier |
2004-05-31 | thinko, reported by Fernando Braga | Daniel Hartmeier |
2004-05-21 | Use '/' instead of ':' as separator for anchor path components. Note that | Daniel Hartmeier |
2004-05-21 | copy out relative anchor paths correctly | Daniel Hartmeier |
2004-05-19 | Allow recursive anchors (anchors within anchors, up to 64 | Daniel Hartmeier |
2004-05-18 | In DIOCCHANGERULE, move ticket increment above code that might free | Daniel Hartmeier |
2004-05-05 | Use RFC1323 PAWS timestamps as a logical extension to the conventional TCP | Mike Frantzen |
2004-05-03 | fix a stupid mistake in my previous commit. | Kenjiro Cho |
2004-04-28 | Dont step into INET6 code, just because af != AF_INET | Philipp Buehler |