summaryrefslogtreecommitdiff
path: root/sys/net/pf_ioctl.c
AgeCommit message (Expand)Author
2007-12-02DIOC{GET,ADD}STATE incorrectly use a user provided pointer without usingChristopher Pascoe
2007-12-02When pf_insert_state state succeeds, increase the state count on theChristopher Pascoe
2007-12-02initialize altq->altq_disc to NULL, from Max LaierDaniel Hartmeier
2007-12-02Don't put state key if pf_insert_state fails. pf_detach_state would haveChristopher Pascoe
2007-12-02Don't leak state if key allocation fails during add.Christopher Pascoe
2007-12-02Set expiry timestamp when importing a state, otherwise it expires on theChristopher Pascoe
2007-12-02DIOCADDSTATE would always dereference a NULL pointer during this copyChristopher Pascoe
2007-09-27Add loginterface support for groups.Marco Pfatschbacher
2007-09-15malloc sweep:Henning Brauer
2007-09-01replace the machine dependant bytes-to-clicks macro by the MI ptoa()Martin Reindl
2007-08-30mechanic change:Henning Brauer
2007-06-24Save some bytes and make code more readable by removing junk union andRyan Thomas McBride
2007-06-21force logif to zero if no logging is asked forHenning Brauer
2007-06-07PR 5502 From: Marc Huber <Marc.Huber@web.de>Henning Brauer
2007-06-01factor out duplicated code to allocate state key and cross-reference itHenning Brauer
2007-05-31Move the state id and creatorid (used mainly by pfsync) into struct pf_state.Ryan Thomas McBride
2007-05-31First step of rearranging pf's state table internals...Ryan Thomas McBride
2007-05-29Add a name argument to the RWLOCK_INITIALIZER macro.Thordur I. Bjornsson
2007-02-26because sparc has variable pagesize, ctob() varies between machines, and weTheo de Raadt
2007-02-23if machine has more than 100MB of physmem, default the max table entriesTheo de Raadt
2007-02-09allow counters to be reset with DIOCGETRULES.Henning Brauer
2006-11-20ioctl to explicitly remove source tracking nodes,Ryan Thomas McBride
2006-10-27Split ruleset manipulation functions out into pf_ruleset.c to allow them toRyan Thomas McBride
2006-10-25add a "u_int8_t logif" to struct pfrule to select to which pflog interfaceHenning Brauer
2006-08-30allow DIOCNATLOOK to look up NAT states for protocols without portDamien Miller
2006-07-21fix a bug in the input sanity check of DIOCCHANGERULE (not used by pfctl,Daniel Hartmeier
2006-07-06allow rules to point to an alternate routing table, and tag packetsHenning Brauer
2006-05-28Enable adaptive timeouts by default, with adaptive.start of 60% of theRyan Thomas McBride
2006-03-04With the exception of two other small uncommited diffs this movesBrad Smith
2006-01-06DIOCNATLOOK was forgotten in the second access control switch. it's aDaniel Hartmeier
2006-01-06for DIOCCLRSTATUS (pfctl -Fi), reset 'Enabled for x' time, too. simplifiesDaniel Hartmeier
2006-01-05bzero after malloc; ok dhartmeiTheo de Raadt
2005-12-10C99 section 6.8.6.4 says "A return statement with an expression shallKenneth R Westerback
2005-10-27Basic support for attaching states from pfsync to the correct rules.Ryan Thomas McBride
2005-09-28Improve the safety of pf IOCTLs, taking into account that some paths can sleep.Christopher Pascoe
2005-09-05in DIOCCHANGERULE, properly initialize table, if used in NAT rule.Daniel Hartmeier
2005-08-18Malloc temporary buffers in pfioctl rather than having several largeChristopher Pascoe
2005-08-18Rearrange pf_state and pfi_kif so that the parts of the structure neededChristopher Pascoe
2005-08-12Fill out interface name and state creation time correctly inChristopher Pascoe
2005-08-07Do not blindly reset the state count to zero after a clear, as we may notChristopher Pascoe
2005-08-07verify ticket in DIOCADDADDR, from Boris Polevoy, ok deraadt@Daniel Hartmeier
2005-08-05make three functions non-static (namespace is no issue, they might getDaniel Hartmeier
2005-08-04instead of static locals, malloc/free. the goal is to reduce stack usage,Daniel Hartmeier
2005-08-02Instead of copying a table structure so we can mask off a bit beforeChristopher Pascoe
2005-08-01Use a string directly rather than making a copy, save on stack space.Christopher Pascoe
2005-07-31Perform pf state/rule/table expiry in a kernel thread instead of runningChristopher Pascoe
2005-07-26Add missing newline to error message.Christopher Pascoe
2005-07-11add missing {} around TAILQ_FOREACH block, found by David HillDaniel Hartmeier
2005-06-30in order for pfvar.h not to conflict with openssl's crypto.h, useNikolay Sturm
2005-06-13make the packet and byte counters on rules and src nodes per direction,Henning Brauer