summaryrefslogtreecommitdiff
path: root/sys/net/pf_norm.c
AgeCommit message (Expand)Author
2010-01-18Convert pf debug logging to using log()/addlog(), a single standardisedRyan Thomas McBride
2009-09-01Clear the IP_DF bit if no-df is enabled, not if it is not enabled.Joel Sing
2009-07-21pf_scrub_ip/ip6 prototypes are already in pfvar.hHenning Brauer
2009-06-25scrub_flags is a u_int8_t, but PFSTATE_SCRUB_TCP is 0x0100, so theStuart Henderson
2009-04-07after i took everything in this fiule apart and reassembled with a lot ofHenning Brauer
2009-04-061) scrub rules are completely gone.Henning Brauer
2009-01-31unbreak ! INET6 case by sprinking #ifdef INET6Henning Brauer
2009-01-29move some code around in preparation for future work:Henning Brauer
2008-05-07scrub packets based on tags; ok henningMarkus Friedl
2008-05-07allow setting TOS with scrub; ok mcbride, claudioMarkus Friedl
2007-12-30In pf_normalize_tcpopt() call pf_pull_hdr() address family safe.Marcus Glocker
2007-12-30Make "scrub max-mss" rule work correctly;Marcus Glocker
2007-05-28double pf performance.Henning Brauer
2007-05-26More comment typos from Diego Casati. Including winners like funtion, allmost,Kenneth R Westerback
2006-04-16After fragment reassembly/trimming, pf must revalidate the mbuf tag of theChristopher Pascoe
2006-03-25fixup IP checksum when modifying IP header fields, based on a patch inDaniel Hartmeier
2006-03-14implement a Unicast Reverse Path Forwarding (uRPF) check for pf(4)Damien Miller
2006-01-18fix a bug in the fragment cache (used for 'scrub fragment crop/drop-ovl',Daniel Hartmeier
2005-10-17make pf use one mbuf tag instead of 6 distinct ones. use a little structHenning Brauer
2005-08-06correct some spellosChristopher Pascoe
2005-06-13make the packet and byte counters on rules and src nodes per direction,Henning Brauer
2005-05-27log two pairs of uid/pid through pflog: the uid/pid of the process thatDaniel Hartmeier
2005-05-22honour the 'no' in 'no scrub' rules for IP normalizations. found byDaniel Hartmeier
2005-05-21clean up and rework the interface absraction code big time, rip out multipleHenning Brauer
2004-09-21Implement "no scrub" to allow exclusion of specific traffic from scrub rules.Aaron Campbell
2004-07-17Repair breakage from the hackathon's time conversion. Using the timestampMike Frantzen
2004-07-11backout IPv6 reass-on-scrub patch (more work needs to be done).Jun-ichiro itojun Hagino
2004-07-05KNFHenning Brauer
2004-07-03quick workaround until proper PF_FORWARD reass gets implemented.Jun-ichiro itojun Hagino
2004-06-25correct "scrub in" behavior for IPv6.Jun-ichiro itojun Hagino
2004-06-25IPv6 reassembly on "scrub" directive.Jun-ichiro itojun Hagino
2004-06-24This moves access to wall and uptime variables in MI code,Thorsten Lockert
2004-06-21First step towards more sane time handling in the kernel -- this changesThorsten Lockert
2004-06-10rename struct pf_rule_addr member 'not' to 'neg', as 'not' is a reservedDaniel Hartmeier
2004-05-11pf_cksum_fixup() was called without last argument from normalization,Daniel Hartmeier
2004-05-09Don't dereference scrub pointer when it's NULL, fix PR 3775, fromDaniel Hartmeier
2004-05-05Use RFC1323 PAWS timestamps as a logical extension to the conventional TCPMike Frantzen
2004-04-28Dont step into INET6 code, just because af != AF_INETPhilipp Buehler
2004-04-27validate the sequence numbers on TCP resets are an exact match. check is onlyMike Frantzen
2004-04-26Prevent biases in arc4random() from disclosing the byte order of the firewall.Ryan Thomas McBride
2004-04-24be careful about option lengths. ok henning@ mcbride@Mike Frantzen
2004-03-09KNF, ok cedric@ deraadt@Ryan Thomas McBride
2004-02-10KNFHenning Brauer
2004-01-16Fix IPv6 stateful tcp scrubbing by not dereferencing a null pointer.Ryan Thomas McBride
2003-12-31Many improvements to the handling of interfaces in PF.Cedric Berger
2003-12-18TCP timestamp modulation (scrub reassemble tcp) fix from frantzen@Daniel Hartmeier
2003-08-29Fix three cases of potential accesses to free'd memory. At least one ofDaniel Hartmeier
2003-08-22pf spelling policeDavid Krause
2003-08-22KNFHenning Brauer
2003-08-21Add Michal Zalewski's p0f v2 style passive OS fingerprinting to PF.Mike Frantzen