summaryrefslogtreecommitdiff
path: root/sys/net/pf_norm.c
AgeCommit message (Expand)Author
2013-10-17The header file netinet/in_var.h included netinet6/in6_var.h. ThisAlexander Bluhm
2013-10-01Format string fixes: Cast time_t to long longStefan Fritsch
2013-07-23Do not reset the fragment timeout each time a fragment arrives.Alexander Bluhm
2013-06-26put the cksum diff back, of course with the bug fixed where we couldHenning Brauer
2013-06-17Before pulling the TCP options from the mbuf onto the stack, do anAlexander Bluhm
2012-11-06backout csum diff for the moment, requested by theoHenning Brauer
2012-11-01redo most of the protocol (tcp/udp/...) checksum handlingHenning Brauer
2012-10-30Use time_uptime for expiration values as time_second can be skewed atFlorian Obser
2012-05-12Ignore/preserve ECN bits on ToS matching and scrubbing.Marco Pfatschbacher
2012-02-03The kernel did not compile without INET6. Put some #ifdefs intoAlexander Bluhm
2012-01-26Clean up the pf normalization code:Alexander Bluhm
2012-01-23Do not keep state when dropping overlapping IPv6 fragments in pfAlexander Bluhm
2012-01-15Calling pf_normalize_ip() from pf_setup_pdesc() was bad as theAlexander Bluhm
2012-01-13Drop IPv6 packets built from overlapping fragments in pf reassembly.Alexander Bluhm
2012-01-03Instead of having two functions pf_free_fragment() and pf_remove_fragment()Alexander Bluhm
2011-11-25use time_uptime to set state creation values as time_second can beDavid Gwynne
2011-09-28As requested by henning, move the mbuf pointer into struct pf_pdesc.Alexander Bluhm
2011-09-22As I have touched half of pf lines anyway, fix whitespaces now.Alexander Bluhm
2011-09-21Check the protocol header length for tcp, udp, icmp, icmp6 inAlexander Bluhm
2011-09-20Put kif and dir into pdesc an use this instead of passing the valuesAlexander Bluhm
2011-09-19Consolidate pf function parameters. Move off and hdrlen into pdescAlexander Bluhm
2011-09-18Fix various format string types to as a minimum match the width of theMiod Vallat
2011-07-18unbreak set-tos for ipv6; reported by babut at yandex dot ru,Mike Belopuhov
2011-07-07There were two loops in pf_setup_pdesc() and pf_normalize_ip6()Alexander Bluhm
2011-07-05Instead of passing the ip header and mbuf to pf_reassemble(), lookupAlexander Bluhm
2011-07-05add missing ifdefs for INET6; diff from form, ok henning, bluhm, claudioMike Belopuhov
2011-07-03Refactor the fragment handling in pf_setup_pdesc() so that AF_INETClaudio Jeker
2011-06-21There is no need to handle fragmented TCP reset packets in a specialAlexander Bluhm
2011-06-20More cleanup in pf_test/pf_test6 this time mostly the fragmentClaudio Jeker
2011-05-24Merge pf_scrub_ip() and pf_scrub_ip6() into a single function. CallClaudio Jeker
2011-04-23pf_scrub_ip() does not modify the given mbuf pointer. So don'tAlexander Bluhm
2011-04-04stop fiddling with the ip checksum here too, it is always recalculatedHenning Brauer
2011-03-24Reassemble IPv6 fragments in pf. In the forward case, pf refragmentsAlexander Bluhm
2011-03-23Extract the address family independent functions from pf fragmentAlexander Bluhm
2011-02-01The check for invalid IPv6 fragment size in pf_normalize_ip6() wasAlexander Bluhm
2011-01-20The reason accounting in pf_reassemble() was not correct. ChangeAlexander Bluhm
2011-01-19Give pf_normalize_ip() the same 3 way semantics as pf_test().Alexander Bluhm
2011-01-06Put htons() around ip_randomid() for pf scrub random-id to make itAlexander Bluhm
2010-12-31Remove dead code from pf_norm.c. The fragment cache is some leftoverAlexander Bluhm
2010-07-08Use correct alignment for scrub max-mss. Based on a diff from deraadt.Stuart Henderson
2010-07-02m_copyback can fail to allocate memory, but is a void fucntion so gymnasticsBret Lambert
2010-01-18Convert pf debug logging to using log()/addlog(), a single standardisedRyan Thomas McBride
2009-09-01Clear the IP_DF bit if no-df is enabled, not if it is not enabled.Joel Sing
2009-07-21pf_scrub_ip/ip6 prototypes are already in pfvar.hHenning Brauer
2009-06-25scrub_flags is a u_int8_t, but PFSTATE_SCRUB_TCP is 0x0100, so theStuart Henderson
2009-04-07after i took everything in this fiule apart and reassembled with a lot ofHenning Brauer
2009-04-061) scrub rules are completely gone.Henning Brauer
2009-01-31unbreak ! INET6 case by sprinking #ifdef INET6Henning Brauer
2009-01-29move some code around in preparation for future work:Henning Brauer
2008-05-07scrub packets based on tags; ok henningMarkus Friedl