Age | Commit message (Expand) | Author |
2010-01-18 | Convert pf debug logging to using log()/addlog(), a single standardised | Ryan Thomas McBride |
2009-09-01 | Clear the IP_DF bit if no-df is enabled, not if it is not enabled. | Joel Sing |
2009-07-21 | pf_scrub_ip/ip6 prototypes are already in pfvar.h | Henning Brauer |
2009-06-25 | scrub_flags is a u_int8_t, but PFSTATE_SCRUB_TCP is 0x0100, so the | Stuart Henderson |
2009-04-07 | after i took everything in this fiule apart and reassembled with a lot of | Henning Brauer |
2009-04-06 | 1) scrub rules are completely gone. | Henning Brauer |
2009-01-31 | unbreak ! INET6 case by sprinking #ifdef INET6 | Henning Brauer |
2009-01-29 | move some code around in preparation for future work: | Henning Brauer |
2008-05-07 | scrub packets based on tags; ok henning | Markus Friedl |
2008-05-07 | allow setting TOS with scrub; ok mcbride, claudio | Markus Friedl |
2007-12-30 | In pf_normalize_tcpopt() call pf_pull_hdr() address family safe. | Marcus Glocker |
2007-12-30 | Make "scrub max-mss" rule work correctly; | Marcus Glocker |
2007-05-28 | double pf performance. | Henning Brauer |
2007-05-26 | More comment typos from Diego Casati. Including winners like funtion, allmost, | Kenneth R Westerback |
2006-04-16 | After fragment reassembly/trimming, pf must revalidate the mbuf tag of the | Christopher Pascoe |
2006-03-25 | fixup IP checksum when modifying IP header fields, based on a patch in | Daniel Hartmeier |
2006-03-14 | implement a Unicast Reverse Path Forwarding (uRPF) check for pf(4) | Damien Miller |
2006-01-18 | fix a bug in the fragment cache (used for 'scrub fragment crop/drop-ovl', | Daniel Hartmeier |
2005-10-17 | make pf use one mbuf tag instead of 6 distinct ones. use a little struct | Henning Brauer |
2005-08-06 | correct some spellos | Christopher Pascoe |
2005-06-13 | make the packet and byte counters on rules and src nodes per direction, | Henning Brauer |
2005-05-27 | log two pairs of uid/pid through pflog: the uid/pid of the process that | Daniel Hartmeier |
2005-05-22 | honour the 'no' in 'no scrub' rules for IP normalizations. found by | Daniel Hartmeier |
2005-05-21 | clean up and rework the interface absraction code big time, rip out multiple | Henning Brauer |
2004-09-21 | Implement "no scrub" to allow exclusion of specific traffic from scrub rules. | Aaron Campbell |
2004-07-17 | Repair breakage from the hackathon's time conversion. Using the timestamp | Mike Frantzen |
2004-07-11 | backout IPv6 reass-on-scrub patch (more work needs to be done). | Jun-ichiro itojun Hagino |
2004-07-05 | KNF | Henning Brauer |
2004-07-03 | quick workaround until proper PF_FORWARD reass gets implemented. | Jun-ichiro itojun Hagino |
2004-06-25 | correct "scrub in" behavior for IPv6. | Jun-ichiro itojun Hagino |
2004-06-25 | IPv6 reassembly on "scrub" directive. | Jun-ichiro itojun Hagino |
2004-06-24 | This moves access to wall and uptime variables in MI code, | Thorsten Lockert |
2004-06-21 | First step towards more sane time handling in the kernel -- this changes | Thorsten Lockert |
2004-06-10 | rename struct pf_rule_addr member 'not' to 'neg', as 'not' is a reserved | Daniel Hartmeier |
2004-05-11 | pf_cksum_fixup() was called without last argument from normalization, | Daniel Hartmeier |
2004-05-09 | Don't dereference scrub pointer when it's NULL, fix PR 3775, from | Daniel Hartmeier |
2004-05-05 | Use RFC1323 PAWS timestamps as a logical extension to the conventional TCP | Mike Frantzen |
2004-04-28 | Dont step into INET6 code, just because af != AF_INET | Philipp Buehler |
2004-04-27 | validate the sequence numbers on TCP resets are an exact match. check is only | Mike Frantzen |
2004-04-26 | Prevent biases in arc4random() from disclosing the byte order of the firewall. | Ryan Thomas McBride |
2004-04-24 | be careful about option lengths. ok henning@ mcbride@ | Mike Frantzen |
2004-03-09 | KNF, ok cedric@ deraadt@ | Ryan Thomas McBride |
2004-02-10 | KNF | Henning Brauer |
2004-01-16 | Fix IPv6 stateful tcp scrubbing by not dereferencing a null pointer. | Ryan Thomas McBride |
2003-12-31 | Many improvements to the handling of interfaces in PF. | Cedric Berger |
2003-12-18 | TCP timestamp modulation (scrub reassemble tcp) fix from frantzen@ | Daniel Hartmeier |
2003-08-29 | Fix three cases of potential accesses to free'd memory. At least one of | Daniel Hartmeier |
2003-08-22 | pf spelling police | David Krause |
2003-08-22 | KNF | Henning Brauer |
2003-08-21 | Add Michal Zalewski's p0f v2 style passive OS fingerprinting to PF. | Mike Frantzen |