summaryrefslogtreecommitdiff
path: root/sys/net/pf_norm.c
AgeCommit message (Expand)Author
2003-08-21Add Michal Zalewski's p0f v2 style passive OS fingerprinting to PF.Mike Frantzen
2003-08-14m_copyback()'s 4th arg is const void *, nuke (caddr_t) casts.Jason Wright
2003-07-17fix scrub frag reassembly after the stack's ip_len/ip_off flip correctionMike Frantzen
2003-07-12Prevent u_int16_t variable from overflowing and get rid of the compilerDaniel Hartmeier
2003-07-10correct another incorrect comparison in ip6 normalization.Jun-ichiro itojun Hagino
2003-07-10wrong comparison of IPv6 packetsizeJun-ichiro itojun Hagino
2003-07-09check if m->m_pkthdr.len is too shortJun-ichiro itojun Hagino
2003-07-09don't check exact ip6_plen and m->m_pkthdr.len match, as ip6_input()Jun-ichiro itojun Hagino
2003-07-09do not flip ip_len/ip_off in netinet stack. deraadt ok.Jun-ichiro itojun Hagino
2003-07-09KNFDaniel Hartmeier
2003-07-01wrap pf_normalize_ip6() by #ifdef INET6. pointed out by Wouter ClarieJun-ichiro itojun Hagino
2003-06-29normalize IPv6 packet (no reass, but it is a start). dhartmei & henning okJun-ichiro itojun Hagino
2003-06-28redundant (pfvar.h already have it)Jun-ichiro itojun Hagino
2003-05-14- modulate TCP Timestamps so they can't be used to detect NAT and to precludeMike Frantzen
2003-05-14Use official (from pcap people) link type for pflog.Can Erkin Acar
2003-05-11the start of stateful TCP scrubbing. dynamically determine the highest TTL ofMike Frantzen
2003-04-05Replace the timeout variables by the content of the timeoutCedric Berger
2003-02-18Enforce min-ttl and random-id on inbound scrub as well as outbound.Camiel Dobbelaar
2003-02-12Address the NFS problems recently discussed in various threads.Daniel Hartmeier
2003-02-08Add scrub option 'random-id', which replaces IP IDs with random valuesDaniel Hartmeier
2003-01-25Fix a bug that potentially caused fragments to be dropped when theDaniel Hartmeier
2003-01-09(whitespace) KNF, re-fold -w 80Daniel Hartmeier
2003-01-07Remove table name hashing (pass the name in each ioctl instead), andDaniel Hartmeier
2003-01-05Move ifname from pf_addr to pf_addr_wrap, prepare pf_addr_wrap for tableDaniel Hartmeier
2003-01-04move noroute from flag in pf_rule_addr into type in pf_addr_wrap.Daniel Hartmeier
2003-01-03KNFTheo de Raadt
2003-01-01KNFHenning Brauer
2003-01-01Remove skip step for action (scrub vs. non-scrub), as scrub rules areDaniel Hartmeier
2002-12-31Split scrub rules out from the filter rules in the kernel.Ryan Thomas McBride
2002-12-18KNFHenning Brauer
2002-12-18Pass skip step values through ioctl interface, pfctl -vvsr shows them,Daniel Hartmeier
2002-12-17Merge pf_nat/pf_binat/pf_rdr structs into pf_rule. Simplifies code, allowsRyan Thomas McBride
2002-12-06Introduce anchors and named rule sets, allowing to load additional ruleDaniel Hartmeier
2002-11-23kernel code to allow multiple redirection addresses to be specified for natRyan Thomas McBride
2002-10-29keep all pflog goodies in pflog sources, avoids code duplications; okski fran...Michael Shalayeff
2002-10-22Convert "int af" and "u_int8_t af" declarations and function argumentsRyan Thomas McBride
2002-10-07-Wsign-compare cleanDaniel Hartmeier
2002-06-28KNFTheo de Raadt
2002-06-11split the grammar of scrub(fragcache) into scrub ... 'fragment reassemble',Mike Frantzen
2002-06-11KNF (tabs, return (x))Daniel Hartmeier
2002-06-11SCRUB(fragcache) to do gap tracking and overlap pruning of IPv4 fragmentsMike Frantzen
2002-06-10Don't #include <sys/malloc.h>Daniel Hartmeier
2002-06-08keep the count of fragments consistent when we have to do a fail safe dropMike Frantzen
2002-06-07switch from AVL tree's to herr Provos' red-black treesMike Frantzen
2002-05-21Junk gcc's deprecated __FUNCTION__. Use standard __func__ instead.Marc Espie
2002-05-19KNF againTheo de Raadt
2002-05-09Add a max-mss option to the scrub rule which will enforce a maximum mssjasoni
2002-05-06typo in commentjasoni
2002-04-24Add dynamic (in-kernel) interface name -> address translation. Instead ofDaniel Hartmeier
2002-04-20Move normalization messages from log level 'urgent' to 'misc'.Daniel Hartmeier