summaryrefslogtreecommitdiff
path: root/sys/net/pf_ioctl.c
AgeCommit message (Expand)Author
2006-05-28Enable adaptive timeouts by default, with adaptive.start of 60% of theRyan Thomas McBride
2006-03-04With the exception of two other small uncommited diffs this movesBrad Smith
2006-01-06DIOCNATLOOK was forgotten in the second access control switch. it's aDaniel Hartmeier
2006-01-06for DIOCCLRSTATUS (pfctl -Fi), reset 'Enabled for x' time, too. simplifiesDaniel Hartmeier
2006-01-05bzero after malloc; ok dhartmeiTheo de Raadt
2005-12-10C99 section 6.8.6.4 says "A return statement with an expression shallKenneth R Westerback
2005-10-27Basic support for attaching states from pfsync to the correct rules.Ryan Thomas McBride
2005-09-28Improve the safety of pf IOCTLs, taking into account that some paths can sleep.Christopher Pascoe
2005-09-05in DIOCCHANGERULE, properly initialize table, if used in NAT rule.Daniel Hartmeier
2005-08-18Malloc temporary buffers in pfioctl rather than having several largeChristopher Pascoe
2005-08-18Rearrange pf_state and pfi_kif so that the parts of the structure neededChristopher Pascoe
2005-08-12Fill out interface name and state creation time correctly inChristopher Pascoe
2005-08-07Do not blindly reset the state count to zero after a clear, as we may notChristopher Pascoe
2005-08-07verify ticket in DIOCADDADDR, from Boris Polevoy, ok deraadt@Daniel Hartmeier
2005-08-05make three functions non-static (namespace is no issue, they might getDaniel Hartmeier
2005-08-04instead of static locals, malloc/free. the goal is to reduce stack usage,Daniel Hartmeier
2005-08-02Instead of copying a table structure so we can mask off a bit beforeChristopher Pascoe
2005-08-01Use a string directly rather than making a copy, save on stack space.Christopher Pascoe
2005-07-31Perform pf state/rule/table expiry in a kernel thread instead of runningChristopher Pascoe
2005-07-26Add missing newline to error message.Christopher Pascoe
2005-07-11add missing {} around TAILQ_FOREACH block, found by David HillDaniel Hartmeier
2005-06-30in order for pfvar.h not to conflict with openssl's crypto.h, useNikolay Sturm
2005-06-13make the packet and byte counters on rules and src nodes per direction,Henning Brauer
2005-05-27Calculate an MD5 checksum over the main pf ruleset.Marco Pfatschbacher
2005-05-27log two pairs of uid/pid through pflog: the uid/pid of the process thatDaniel Hartmeier
2005-05-21clean up and rework the interface absraction code big time, rip out multipleHenning Brauer
2005-05-10In DIOCKILLSTATES: take into account the direction of the state whenJoel Knight
2005-03-03when tagging, apply the same tag to all packets matching a state entryDaniel Hartmeier
2005-01-05- Use defines from pfvar.h for timeoutsRyan Thomas McBride
2004-12-22Introduce 'set skip on <ifspec>' to support a list of interfaces where noDaniel Hartmeier
2004-12-10allow pf to filter on route labelsHenning Brauer
2004-12-07KNFRyan Thomas McBride
2004-12-05after attaching an overload table, set its active flag. otherwise, theDaniel Hartmeier
2004-12-04Add kernel code to keep track of tcp connections which have completedRyan Thomas McBride
2004-12-01replace finer-grained spl locking in pfioctl() with a single broad lockDaniel Hartmeier
2004-09-21Implement "no scrub" to allow exclusion of specific traffic from scrub rules.Aaron Campbell
2004-09-09Copy out anchors with relative paths and wildcards correctly,Daniel Hartmeier
2004-07-22Add missing check for NULL in DIOCCHANGERULE. This prevents a crash inMathieu Sauve-Frankel
2004-07-05KNFHenning Brauer
2004-06-21First step towards more sane time handling in the kernel -- this changesThorsten Lockert
2004-06-14Remove DIOCBEGINRULES, DIOCCOMMITRULES, DIOCBEGINALTQS, DIOCCOMMITALTQS,Cedric Berger
2004-06-10rename struct pf_rule_addr member 'not' to 'neg', as 'not' is a reservedDaniel Hartmeier
2004-05-31thinko, reported by Fernando BragaDaniel Hartmeier
2004-05-21Use '/' instead of ':' as separator for anchor path components. Note thatDaniel Hartmeier
2004-05-21copy out relative anchor paths correctlyDaniel Hartmeier
2004-05-19Allow recursive anchors (anchors within anchors, up to 64Daniel Hartmeier
2004-05-18In DIOCCHANGERULE, move ticket increment above code that might freeDaniel Hartmeier
2004-05-05Use RFC1323 PAWS timestamps as a logical extension to the conventional TCPMike Frantzen
2004-05-03fix a stupid mistake in my previous commit.Kenjiro Cho
2004-04-28Dont step into INET6 code, just because af != AF_INETPhilipp Buehler