Age | Commit message (Expand) | Author |
2004-05-09 | Don't dereference scrub pointer when it's NULL, fix PR 3775, from | Daniel Hartmeier |
2004-05-05 | Use RFC1323 PAWS timestamps as a logical extension to the conventional TCP | Mike Frantzen |
2004-04-28 | Dont step into INET6 code, just because af != AF_INET | Philipp Buehler |
2004-04-27 | validate the sequence numbers on TCP resets are an exact match. check is only | Mike Frantzen |
2004-04-26 | Prevent biases in arc4random() from disclosing the byte order of the firewall. | Ryan Thomas McBride |
2004-04-24 | be careful about option lengths. ok henning@ mcbride@ | Mike Frantzen |
2004-03-09 | KNF, ok cedric@ deraadt@ | Ryan Thomas McBride |
2004-02-10 | KNF | Henning Brauer |
2004-01-16 | Fix IPv6 stateful tcp scrubbing by not dereferencing a null pointer. | Ryan Thomas McBride |
2003-12-31 | Many improvements to the handling of interfaces in PF. | Cedric Berger |
2003-12-18 | TCP timestamp modulation (scrub reassemble tcp) fix from frantzen@ | Daniel Hartmeier |
2003-08-29 | Fix three cases of potential accesses to free'd memory. At least one of | Daniel Hartmeier |
2003-08-22 | pf spelling police | David Krause |
2003-08-22 | KNF | Henning Brauer |
2003-08-21 | Add Michal Zalewski's p0f v2 style passive OS fingerprinting to PF. | Mike Frantzen |
2003-08-14 | m_copyback()'s 4th arg is const void *, nuke (caddr_t) casts. | Jason Wright |
2003-07-17 | fix scrub frag reassembly after the stack's ip_len/ip_off flip correction | Mike Frantzen |
2003-07-12 | Prevent u_int16_t variable from overflowing and get rid of the compiler | Daniel Hartmeier |
2003-07-10 | correct another incorrect comparison in ip6 normalization. | Jun-ichiro itojun Hagino |
2003-07-10 | wrong comparison of IPv6 packetsize | Jun-ichiro itojun Hagino |
2003-07-09 | check if m->m_pkthdr.len is too short | Jun-ichiro itojun Hagino |
2003-07-09 | don't check exact ip6_plen and m->m_pkthdr.len match, as ip6_input() | Jun-ichiro itojun Hagino |
2003-07-09 | do not flip ip_len/ip_off in netinet stack. deraadt ok. | Jun-ichiro itojun Hagino |
2003-07-09 | KNF | Daniel Hartmeier |
2003-07-01 | wrap pf_normalize_ip6() by #ifdef INET6. pointed out by Wouter Clarie | Jun-ichiro itojun Hagino |
2003-06-29 | normalize IPv6 packet (no reass, but it is a start). dhartmei & henning ok | Jun-ichiro itojun Hagino |
2003-06-28 | redundant (pfvar.h already have it) | Jun-ichiro itojun Hagino |
2003-05-14 | - modulate TCP Timestamps so they can't be used to detect NAT and to preclude | Mike Frantzen |
2003-05-14 | Use official (from pcap people) link type for pflog. | Can Erkin Acar |
2003-05-11 | the start of stateful TCP scrubbing. dynamically determine the highest TTL of | Mike Frantzen |
2003-04-05 | Replace the timeout variables by the content of the timeout | Cedric Berger |
2003-02-18 | Enforce min-ttl and random-id on inbound scrub as well as outbound. | Camiel Dobbelaar |
2003-02-12 | Address the NFS problems recently discussed in various threads. | Daniel Hartmeier |
2003-02-08 | Add scrub option 'random-id', which replaces IP IDs with random values | Daniel Hartmeier |
2003-01-25 | Fix a bug that potentially caused fragments to be dropped when the | Daniel Hartmeier |
2003-01-09 | (whitespace) KNF, re-fold -w 80 | Daniel Hartmeier |
2003-01-07 | Remove table name hashing (pass the name in each ioctl instead), and | Daniel Hartmeier |
2003-01-05 | Move ifname from pf_addr to pf_addr_wrap, prepare pf_addr_wrap for table | Daniel Hartmeier |
2003-01-04 | move noroute from flag in pf_rule_addr into type in pf_addr_wrap. | Daniel Hartmeier |
2003-01-03 | KNF | Theo de Raadt |
2003-01-01 | KNF | Henning Brauer |
2003-01-01 | Remove skip step for action (scrub vs. non-scrub), as scrub rules are | Daniel Hartmeier |
2002-12-31 | Split scrub rules out from the filter rules in the kernel. | Ryan Thomas McBride |
2002-12-18 | KNF | Henning Brauer |
2002-12-18 | Pass skip step values through ioctl interface, pfctl -vvsr shows them, | Daniel Hartmeier |
2002-12-17 | Merge pf_nat/pf_binat/pf_rdr structs into pf_rule. Simplifies code, allows | Ryan Thomas McBride |
2002-12-06 | Introduce anchors and named rule sets, allowing to load additional rule | Daniel Hartmeier |
2002-11-23 | kernel code to allow multiple redirection addresses to be specified for nat | Ryan Thomas McBride |
2002-10-29 | keep all pflog goodies in pflog sources, avoids code duplications; okski fran... | Michael Shalayeff |
2002-10-22 | Convert "int af" and "u_int8_t af" declarations and function arguments | Ryan Thomas McBride |