summaryrefslogtreecommitdiff
path: root/sys/net/pf_norm.c
AgeCommit message (Expand)Author
2002-12-06Introduce anchors and named rule sets, allowing to load additional ruleDaniel Hartmeier
2002-11-23kernel code to allow multiple redirection addresses to be specified for natRyan Thomas McBride
2002-10-29keep all pflog goodies in pflog sources, avoids code duplications; okski fran...Michael Shalayeff
2002-10-22Convert "int af" and "u_int8_t af" declarations and function argumentsRyan Thomas McBride
2002-10-07-Wsign-compare cleanDaniel Hartmeier
2002-06-28KNFTheo de Raadt
2002-06-11split the grammar of scrub(fragcache) into scrub ... 'fragment reassemble',Mike Frantzen
2002-06-11KNF (tabs, return (x))Daniel Hartmeier
2002-06-11SCRUB(fragcache) to do gap tracking and overlap pruning of IPv4 fragmentsMike Frantzen
2002-06-10Don't #include <sys/malloc.h>Daniel Hartmeier
2002-06-08keep the count of fragments consistent when we have to do a fail safe dropMike Frantzen
2002-06-07switch from AVL tree's to herr Provos' red-black treesMike Frantzen
2002-05-21Junk gcc's deprecated __FUNCTION__. Use standard __func__ instead.Marc Espie
2002-05-19KNF againTheo de Raadt
2002-05-09Add a max-mss option to the scrub rule which will enforce a maximum mssjasoni
2002-05-06typo in commentjasoni
2002-04-24Add dynamic (in-kernel) interface name -> address translation. Instead ofDaniel Hartmeier
2002-04-20Move normalization messages from log level 'urgent' to 'misc'.Daniel Hartmeier
2002-04-20All calls to pool_get(9) should use PR_xx flags, not M_xx.Federico G. Schwindt
2002-03-27implement a "no-route" keyword.Michael Shalayeff
2002-02-26Add optional pool memory hard limits, mainly as temporary solutionDaniel Hartmeier
2002-02-25Change timeouts from microtime() to time.tv_sec like in pf.c,Daniel Hartmeier
2002-02-14Add skip steps for rule action (pass/block vs. scrub) and directionDaniel Hartmeier
2002-01-23Pool deals fairly well with physical memory shortage, but it doesn't dealArtur Grabowski
2001-12-03reason int -> u_short. From Mike Pechkin.Daniel Hartmeier
2001-11-06Use #defines for skip step values. From dgregor@net.ohio-state.edu.Daniel Hartmeier
2001-10-17make sure we use same key for removal (AF_INET was missing), ok deraadt@, dha...Markus Friedl
2001-10-07fixes pr/2105Niels Provos
2001-09-15Don't use m_pkthdr.rcvif in pflog_packet(), it doesn't work for outgoingDaniel Hartmeier
2001-09-15IPv6 support from Ryan McBride (mcbride@countersiege.com)Mike Frantzen
2001-09-08initialize variable and more careful bounts checking; okay frantzen@Niels Provos
2001-09-06Reflect skip step changes. Spotted by Ryan McBride.Daniel Hartmeier
2001-09-04#define empty PFLOG_PACKET correctly (no side effects). Closes PR2044.Daniel Hartmeier
2001-08-31Forgot to commit frag expire tuning beforeMike Frantzen
2001-08-11Add support for ICMP errors referring to ICMP queries/replies. FixesDaniel Hartmeier
2001-08-02KNFTheo de Raadt
2001-08-01stateless tcp normalization along the lines of the normalization paper byNiels Provos
2001-07-17support min-ttl, okay dhartmei@Niels Provos
2001-07-17normalize ip_off, make IP_DF stripping optional, return rst is a flag now.Niels Provos
2001-07-17ip normalization codeNiels Provos