summaryrefslogtreecommitdiff
path: root/sys/net/pf_ioctl.c
AgeCommit message (Expand)Author
2015-11-20shuffle struct ifqueue so in flight mbufs are protected by a mutex.David Gwynne
2015-10-13- pf_insert_src_node(): global argument (arg6) is useless, functionAlexandr Nedvedicky
2015-09-04The pf_osfp_pl and pf_osfp_entry_pl never get used in interrupt context.Mark Kettenis
2015-07-21- added /* FALLTHROUGH */ comments, typecasts (u_int32_t)-1, ...Alexandr Nedvedicky
2015-07-19potential memory leak in SIOCADDRULEsashan
2015-07-19unsinged variables should not be compared to be leq than 0 (unsigned a <= 0)sashan
2015-07-18msg.mpisashan
2015-04-11the hfsc pools are only used in hfsc.c, so move the init of themDavid Gwynne
2015-03-14Remove some includes include-what-you-use claims don'tJonathan Gray
2015-02-20fix a memory leak in the error case found by Maxime Villard's BrainyTed Unangst
2015-02-10since we inherit prio (as in, the queuing priority) from outside sources,Henning Brauer
2015-01-24Userland (base & ports) was adapted to always include <netinet/in.h>Theo de Raadt
2014-12-19unifdef INET in net code as a precursor to removing the pretend option.Ted Unangst
2014-12-09More malloc() -> mallocarray() in the kernel.Doug Hogan
2014-12-05Explicitly include <net/if_var.h> instead of pulling it in <net/if.h>.Martin Pieuchot
2014-11-18move arc4random prototype to systm.h. more appropriate for most codeTed Unangst
2014-08-12Finally implement what's stated in the man page regarding parentMike Belopuhov
2014-08-12Apart from some minor code reshuffling the big change is that weMike Belopuhov
2014-07-22Fewer <netinet/in_systm.h> !Martin Pieuchot
2014-07-12add a size argument to free. will be used soon, but for now default to 0.Ted Unangst
2014-04-22Remove some altq tentacles.Martin Pieuchot
2014-04-19shrink pf by 445 lines.Henning Brauer
2014-03-30Eliminates struct pcred by moving the real and saved ugids intoPhilip Guenther
2014-02-04reduce the length of some pool names. ok deraadt guenther mpiTed Unangst
2014-01-20support negated matches on the rcvif, ok dlg bennoHenning Brauer
2014-01-03Switch frequently allocated structs from malloc(M_DEVBUF) to separate pools.pelikan
2014-01-03Make queues disappear correctly on interfaces being destroyed.pelikan
2013-11-13DIOCGETSRCNODES was leaking a little bit more kernel informationTheo de Raadt
2013-11-12two ioctl's were disclosing kernel pointers and such.Theo de Raadt
2013-10-20Deep inside DIOCXCOMMIT, should return a real errno instead of -1Theo de Raadt
2013-10-17The header file netinet/in_var.h included netinet6/in6_var.h. ThisAlexander Bluhm
2013-10-12new bandwidth shaping subsystem, kernel sideHenning Brauer
2013-10-12give tagname2tag and its siblings an extra "create" parameter. if 1, itHenning Brauer
2013-03-28no need for a lot of code to include proc.hTed Unangst
2013-03-27Use the correct src/dst ports depending on direction (one of src or dst wasRyan Thomas McBride
2013-02-26Don't try to purge one-time rules from the main ruleset.Mike Belopuhov
2012-10-30Use time_uptime for expiration values as time_second can be skewed atFlorian Obser
2012-09-20Lower pf frags limit to not risk running out of mbuf clustersCamiel Dobbelaar
2012-09-18prio 0 is valid, therefore, I chose an "impossible" value for prio meaningHenning Brauer
2012-07-08there was a limit on the number of pflog interfaces - 16. remove that.Henning Brauer
2012-07-07rename prio in struct pf_rule and related structs to set_prio so it isHenning Brauer
2012-07-07restore DIOCKILLSTATE semantics to what they were before the NAT rewrite.Henning Brauer
2012-04-03Fix kernel compilation with pf but without pfsync pseudo-device byMike Belopuhov
2012-03-28Another pid that needs to be the process pid and not the thread one.Claudio Jeker
2011-12-12fixup af-to regression with match rulesMike Belopuhov
2011-11-29use a u_int64_t for the state id in pfsync_state. this makes it consistentDavid Gwynne
2011-11-28deprecate PFTM_UNTIL_PACKET. nothing in the tree uses it, andDavid Gwynne
2011-11-25use time_uptime to set state creation values as time_second can beDavid Gwynne
2011-10-13Since the IPv6 madness is not enough introduce NAT64 -- which is actuallyClaudio Jeker
2011-10-07rename some vars and functionsHenning Brauer