Age | Commit message (Expand) | Author |
2006-01-18 | fix a bug in the fragment cache (used for 'scrub fragment crop/drop-ovl', | Daniel Hartmeier |
2005-10-17 | make pf use one mbuf tag instead of 6 distinct ones. use a little struct | Henning Brauer |
2005-08-06 | correct some spellos | Christopher Pascoe |
2005-06-13 | make the packet and byte counters on rules and src nodes per direction, | Henning Brauer |
2005-05-27 | log two pairs of uid/pid through pflog: the uid/pid of the process that | Daniel Hartmeier |
2005-05-22 | honour the 'no' in 'no scrub' rules for IP normalizations. found by | Daniel Hartmeier |
2005-05-21 | clean up and rework the interface absraction code big time, rip out multiple | Henning Brauer |
2004-09-21 | Implement "no scrub" to allow exclusion of specific traffic from scrub rules. | Aaron Campbell |
2004-07-17 | Repair breakage from the hackathon's time conversion. Using the timestamp | Mike Frantzen |
2004-07-11 | backout IPv6 reass-on-scrub patch (more work needs to be done). | Jun-ichiro itojun Hagino |
2004-07-05 | KNF | Henning Brauer |
2004-07-03 | quick workaround until proper PF_FORWARD reass gets implemented. | Jun-ichiro itojun Hagino |
2004-06-25 | correct "scrub in" behavior for IPv6. | Jun-ichiro itojun Hagino |
2004-06-25 | IPv6 reassembly on "scrub" directive. | Jun-ichiro itojun Hagino |
2004-06-24 | This moves access to wall and uptime variables in MI code, | Thorsten Lockert |
2004-06-21 | First step towards more sane time handling in the kernel -- this changes | Thorsten Lockert |
2004-06-10 | rename struct pf_rule_addr member 'not' to 'neg', as 'not' is a reserved | Daniel Hartmeier |
2004-05-11 | pf_cksum_fixup() was called without last argument from normalization, | Daniel Hartmeier |
2004-05-09 | Don't dereference scrub pointer when it's NULL, fix PR 3775, from | Daniel Hartmeier |
2004-05-05 | Use RFC1323 PAWS timestamps as a logical extension to the conventional TCP | Mike Frantzen |
2004-04-28 | Dont step into INET6 code, just because af != AF_INET | Philipp Buehler |
2004-04-27 | validate the sequence numbers on TCP resets are an exact match. check is only | Mike Frantzen |
2004-04-26 | Prevent biases in arc4random() from disclosing the byte order of the firewall. | Ryan Thomas McBride |
2004-04-24 | be careful about option lengths. ok henning@ mcbride@ | Mike Frantzen |
2004-03-09 | KNF, ok cedric@ deraadt@ | Ryan Thomas McBride |
2004-02-10 | KNF | Henning Brauer |
2004-01-16 | Fix IPv6 stateful tcp scrubbing by not dereferencing a null pointer. | Ryan Thomas McBride |
2003-12-31 | Many improvements to the handling of interfaces in PF. | Cedric Berger |
2003-12-18 | TCP timestamp modulation (scrub reassemble tcp) fix from frantzen@ | Daniel Hartmeier |
2003-08-29 | Fix three cases of potential accesses to free'd memory. At least one of | Daniel Hartmeier |
2003-08-22 | pf spelling police | David Krause |
2003-08-22 | KNF | Henning Brauer |
2003-08-21 | Add Michal Zalewski's p0f v2 style passive OS fingerprinting to PF. | Mike Frantzen |
2003-08-14 | m_copyback()'s 4th arg is const void *, nuke (caddr_t) casts. | Jason Wright |
2003-07-17 | fix scrub frag reassembly after the stack's ip_len/ip_off flip correction | Mike Frantzen |
2003-07-12 | Prevent u_int16_t variable from overflowing and get rid of the compiler | Daniel Hartmeier |
2003-07-10 | correct another incorrect comparison in ip6 normalization. | Jun-ichiro itojun Hagino |
2003-07-10 | wrong comparison of IPv6 packetsize | Jun-ichiro itojun Hagino |
2003-07-09 | check if m->m_pkthdr.len is too short | Jun-ichiro itojun Hagino |
2003-07-09 | don't check exact ip6_plen and m->m_pkthdr.len match, as ip6_input() | Jun-ichiro itojun Hagino |
2003-07-09 | do not flip ip_len/ip_off in netinet stack. deraadt ok. | Jun-ichiro itojun Hagino |
2003-07-09 | KNF | Daniel Hartmeier |
2003-07-01 | wrap pf_normalize_ip6() by #ifdef INET6. pointed out by Wouter Clarie | Jun-ichiro itojun Hagino |
2003-06-29 | normalize IPv6 packet (no reass, but it is a start). dhartmei & henning ok | Jun-ichiro itojun Hagino |
2003-06-28 | redundant (pfvar.h already have it) | Jun-ichiro itojun Hagino |
2003-05-14 | - modulate TCP Timestamps so they can't be used to detect NAT and to preclude | Mike Frantzen |
2003-05-14 | Use official (from pcap people) link type for pflog. | Can Erkin Acar |
2003-05-11 | the start of stateful TCP scrubbing. dynamically determine the highest TTL of | Mike Frantzen |
2003-04-05 | Replace the timeout variables by the content of the timeout | Cedric Berger |
2003-02-18 | Enforce min-ttl and random-id on inbound scrub as well as outbound. | Camiel Dobbelaar |