Age | Commit message (Expand) | Author |
2013-10-17 | The header file netinet/in_var.h included netinet6/in6_var.h. This | Alexander Bluhm |
2013-10-01 | Format string fixes: Cast time_t to long long | Stefan Fritsch |
2013-07-23 | Do not reset the fragment timeout each time a fragment arrives. | Alexander Bluhm |
2013-06-26 | put the cksum diff back, of course with the bug fixed where we could | Henning Brauer |
2013-06-17 | Before pulling the TCP options from the mbuf onto the stack, do an | Alexander Bluhm |
2012-11-06 | backout csum diff for the moment, requested by theo | Henning Brauer |
2012-11-01 | redo most of the protocol (tcp/udp/...) checksum handling | Henning Brauer |
2012-10-30 | Use time_uptime for expiration values as time_second can be skewed at | Florian Obser |
2012-05-12 | Ignore/preserve ECN bits on ToS matching and scrubbing. | Marco Pfatschbacher |
2012-02-03 | The kernel did not compile without INET6. Put some #ifdefs into | Alexander Bluhm |
2012-01-26 | Clean up the pf normalization code: | Alexander Bluhm |
2012-01-23 | Do not keep state when dropping overlapping IPv6 fragments in pf | Alexander Bluhm |
2012-01-15 | Calling pf_normalize_ip() from pf_setup_pdesc() was bad as the | Alexander Bluhm |
2012-01-13 | Drop IPv6 packets built from overlapping fragments in pf reassembly. | Alexander Bluhm |
2012-01-03 | Instead of having two functions pf_free_fragment() and pf_remove_fragment() | Alexander Bluhm |
2011-11-25 | use time_uptime to set state creation values as time_second can be | David Gwynne |
2011-09-28 | As requested by henning, move the mbuf pointer into struct pf_pdesc. | Alexander Bluhm |
2011-09-22 | As I have touched half of pf lines anyway, fix whitespaces now. | Alexander Bluhm |
2011-09-21 | Check the protocol header length for tcp, udp, icmp, icmp6 in | Alexander Bluhm |
2011-09-20 | Put kif and dir into pdesc an use this instead of passing the values | Alexander Bluhm |
2011-09-19 | Consolidate pf function parameters. Move off and hdrlen into pdesc | Alexander Bluhm |
2011-09-18 | Fix various format string types to as a minimum match the width of the | Miod Vallat |
2011-07-18 | unbreak set-tos for ipv6; reported by babut at yandex dot ru, | Mike Belopuhov |
2011-07-07 | There were two loops in pf_setup_pdesc() and pf_normalize_ip6() | Alexander Bluhm |
2011-07-05 | Instead of passing the ip header and mbuf to pf_reassemble(), lookup | Alexander Bluhm |
2011-07-05 | add missing ifdefs for INET6; diff from form, ok henning, bluhm, claudio | Mike Belopuhov |
2011-07-03 | Refactor the fragment handling in pf_setup_pdesc() so that AF_INET | Claudio Jeker |
2011-06-21 | There is no need to handle fragmented TCP reset packets in a special | Alexander Bluhm |
2011-06-20 | More cleanup in pf_test/pf_test6 this time mostly the fragment | Claudio Jeker |
2011-05-24 | Merge pf_scrub_ip() and pf_scrub_ip6() into a single function. Call | Claudio Jeker |
2011-04-23 | pf_scrub_ip() does not modify the given mbuf pointer. So don't | Alexander Bluhm |
2011-04-04 | stop fiddling with the ip checksum here too, it is always recalculated | Henning Brauer |
2011-03-24 | Reassemble IPv6 fragments in pf. In the forward case, pf refragments | Alexander Bluhm |
2011-03-23 | Extract the address family independent functions from pf fragment | Alexander Bluhm |
2011-02-01 | The check for invalid IPv6 fragment size in pf_normalize_ip6() was | Alexander Bluhm |
2011-01-20 | The reason accounting in pf_reassemble() was not correct. Change | Alexander Bluhm |
2011-01-19 | Give pf_normalize_ip() the same 3 way semantics as pf_test(). | Alexander Bluhm |
2011-01-06 | Put htons() around ip_randomid() for pf scrub random-id to make it | Alexander Bluhm |
2010-12-31 | Remove dead code from pf_norm.c. The fragment cache is some leftover | Alexander Bluhm |
2010-07-08 | Use correct alignment for scrub max-mss. Based on a diff from deraadt. | Stuart Henderson |
2010-07-02 | m_copyback can fail to allocate memory, but is a void fucntion so gymnastics | Bret Lambert |
2010-01-18 | Convert pf debug logging to using log()/addlog(), a single standardised | Ryan Thomas McBride |
2009-09-01 | Clear the IP_DF bit if no-df is enabled, not if it is not enabled. | Joel Sing |
2009-07-21 | pf_scrub_ip/ip6 prototypes are already in pfvar.h | Henning Brauer |
2009-06-25 | scrub_flags is a u_int8_t, but PFSTATE_SCRUB_TCP is 0x0100, so the | Stuart Henderson |
2009-04-07 | after i took everything in this fiule apart and reassembled with a lot of | Henning Brauer |
2009-04-06 | 1) scrub rules are completely gone. | Henning Brauer |
2009-01-31 | unbreak ! INET6 case by sprinking #ifdef INET6 | Henning Brauer |
2009-01-29 | move some code around in preparation for future work: | Henning Brauer |
2008-05-07 | scrub packets based on tags; ok henning | Markus Friedl |