| Age | Commit message (Expand) | Author |
|---|
| 2014-12-09 | More malloc() -> mallocarray() in the kernel. | Doug Hogan |
| 2014-12-05 | Explicitly include <net/if_var.h> instead of pulling it in <net/if.h>. | Martin Pieuchot |
| 2014-11-18 | move arc4random prototype to systm.h. more appropriate for most code | Ted Unangst |
| 2014-08-12 | Finally implement what's stated in the man page regarding parent | Mike Belopuhov |
| 2014-08-12 | Apart from some minor code reshuffling the big change is that we | Mike Belopuhov |
| 2014-07-22 | Fewer <netinet/in_systm.h> ! | Martin Pieuchot |
| 2014-07-12 | add a size argument to free. will be used soon, but for now default to 0. | Ted Unangst |
| 2014-04-22 | Remove some altq tentacles. | Martin Pieuchot |
| 2014-04-19 | shrink pf by 445 lines. | Henning Brauer |
| 2014-03-30 | Eliminates struct pcred by moving the real and saved ugids into | Philip Guenther |
| 2014-02-04 | reduce the length of some pool names. ok deraadt guenther mpi | Ted Unangst |
| 2014-01-20 | support negated matches on the rcvif, ok dlg benno | Henning Brauer |
| 2014-01-03 | Switch frequently allocated structs from malloc(M_DEVBUF) to separate pools. | pelikan |
| 2014-01-03 | Make queues disappear correctly on interfaces being destroyed. | pelikan |
| 2013-11-13 | DIOCGETSRCNODES was leaking a little bit more kernel information | Theo de Raadt |
| 2013-11-12 | two ioctl's were disclosing kernel pointers and such. | Theo de Raadt |
| 2013-10-20 | Deep inside DIOCXCOMMIT, should return a real errno instead of -1 | Theo de Raadt |
| 2013-10-17 | The header file netinet/in_var.h included netinet6/in6_var.h. This | Alexander Bluhm |
| 2013-10-12 | new bandwidth shaping subsystem, kernel side | Henning Brauer |
| 2013-10-12 | give tagname2tag and its siblings an extra "create" parameter. if 1, it | Henning Brauer |
| 2013-03-28 | no need for a lot of code to include proc.h | Ted Unangst |
| 2013-03-27 | Use the correct src/dst ports depending on direction (one of src or dst was | Ryan Thomas McBride |
| 2013-02-26 | Don't try to purge one-time rules from the main ruleset. | Mike Belopuhov |
| 2012-10-30 | Use time_uptime for expiration values as time_second can be skewed at | Florian Obser |
| 2012-09-20 | Lower pf frags limit to not risk running out of mbuf clusters | Camiel Dobbelaar |
| 2012-09-18 | prio 0 is valid, therefore, I chose an "impossible" value for prio meaning | Henning Brauer |
| 2012-07-08 | there was a limit on the number of pflog interfaces - 16. remove that. | Henning Brauer |
| 2012-07-07 | rename prio in struct pf_rule and related structs to set_prio so it is | Henning Brauer |
| 2012-07-07 | restore DIOCKILLSTATE semantics to what they were before the NAT rewrite. | Henning Brauer |
| 2012-04-03 | Fix kernel compilation with pf but without pfsync pseudo-device by | Mike Belopuhov |
| 2012-03-28 | Another pid that needs to be the process pid and not the thread one. | Claudio Jeker |
| 2011-12-12 | fixup af-to regression with match rules | Mike Belopuhov |
| 2011-11-29 | use a u_int64_t for the state id in pfsync_state. this makes it consistent | David Gwynne |
| 2011-11-28 | deprecate PFTM_UNTIL_PACKET. nothing in the tree uses it, and | David Gwynne |
| 2011-11-25 | use time_uptime to set state creation values as time_second can be | David Gwynne |
| 2011-10-13 | Since the IPv6 madness is not enough introduce NAT64 -- which is actually | Claudio Jeker |
| 2011-10-07 | rename some vars and functions | Henning Brauer |
| 2011-08-30 | Add support for one shot rules that remove themselves from an active | Mike Belopuhov |
| 2011-07-08 | surprisingly, we use pf as classifier for the new priority queueing | Henning Brauer |
| 2011-06-02 | Don't destroy a non-persistent table if referenced by src_nodes. Fixes | Stuart Henderson |
| 2011-04-19 | Fix potential null dereference. | Charles Longeau |
| 2011-04-06 | Allow PF to filter on the rdomain a packet belongs to. This allows to | Claudio Jeker |
| 2011-03-25 | Include original rdomain in DIOCNATLOOK. This allows userland proxies | Claudio Jeker |
| 2010-12-15 | Be more careful when copying the pf rule from userland into the kernel. | Claudio Jeker |
| 2010-06-30 | fix route label awesomeness, issue also known as PR6416 | Henning Brauer |
| 2010-06-28 | Clean up iterface stats handling: | Ryan Thomas McBride |
| 2010-06-27 | Fix DIOCCHANGERULE ioctl broken in the remove of the address pools. | Ryan Thomas McBride |
| 2010-01-18 | Convert pf debug logging to using log()/addlog(), a single standardised | Ryan Thomas McBride |
| 2010-01-12 | First pass at removing the 'pf_pool' mechanism for translation and routing | Ryan Thomas McBride |
| 2009-12-24 | add support to pf for filtering a packet by the interface it was received | David Gwynne |
