summaryrefslogtreecommitdiff
path: root/sys/net/pf_norm.c
AgeCommit message (Expand)Author
2006-04-16After fragment reassembly/trimming, pf must revalidate the mbuf tag of theChristopher Pascoe
2006-03-25fixup IP checksum when modifying IP header fields, based on a patch inDaniel Hartmeier
2006-03-14implement a Unicast Reverse Path Forwarding (uRPF) check for pf(4)Damien Miller
2006-01-18fix a bug in the fragment cache (used for 'scrub fragment crop/drop-ovl',Daniel Hartmeier
2005-10-17make pf use one mbuf tag instead of 6 distinct ones. use a little structHenning Brauer
2005-08-06correct some spellosChristopher Pascoe
2005-06-13make the packet and byte counters on rules and src nodes per direction,Henning Brauer
2005-05-27log two pairs of uid/pid through pflog: the uid/pid of the process thatDaniel Hartmeier
2005-05-22honour the 'no' in 'no scrub' rules for IP normalizations. found byDaniel Hartmeier
2005-05-21clean up and rework the interface absraction code big time, rip out multipleHenning Brauer
2004-09-21Implement "no scrub" to allow exclusion of specific traffic from scrub rules.Aaron Campbell
2004-07-17Repair breakage from the hackathon's time conversion. Using the timestampMike Frantzen
2004-07-11backout IPv6 reass-on-scrub patch (more work needs to be done).Jun-ichiro itojun Hagino
2004-07-05KNFHenning Brauer
2004-07-03quick workaround until proper PF_FORWARD reass gets implemented.Jun-ichiro itojun Hagino
2004-06-25correct "scrub in" behavior for IPv6.Jun-ichiro itojun Hagino
2004-06-25IPv6 reassembly on "scrub" directive.Jun-ichiro itojun Hagino
2004-06-24This moves access to wall and uptime variables in MI code,Thorsten Lockert
2004-06-21First step towards more sane time handling in the kernel -- this changesThorsten Lockert
2004-06-10rename struct pf_rule_addr member 'not' to 'neg', as 'not' is a reservedDaniel Hartmeier
2004-05-11pf_cksum_fixup() was called without last argument from normalization,Daniel Hartmeier
2004-05-09Don't dereference scrub pointer when it's NULL, fix PR 3775, fromDaniel Hartmeier
2004-05-05Use RFC1323 PAWS timestamps as a logical extension to the conventional TCPMike Frantzen
2004-04-28Dont step into INET6 code, just because af != AF_INETPhilipp Buehler
2004-04-27validate the sequence numbers on TCP resets are an exact match. check is onlyMike Frantzen
2004-04-26Prevent biases in arc4random() from disclosing the byte order of the firewall.Ryan Thomas McBride
2004-04-24be careful about option lengths. ok henning@ mcbride@Mike Frantzen
2004-03-09KNF, ok cedric@ deraadt@Ryan Thomas McBride
2004-02-10KNFHenning Brauer
2004-01-16Fix IPv6 stateful tcp scrubbing by not dereferencing a null pointer.Ryan Thomas McBride
2003-12-31Many improvements to the handling of interfaces in PF.Cedric Berger
2003-12-18TCP timestamp modulation (scrub reassemble tcp) fix from frantzen@Daniel Hartmeier
2003-08-29Fix three cases of potential accesses to free'd memory. At least one ofDaniel Hartmeier
2003-08-22pf spelling policeDavid Krause
2003-08-22KNFHenning Brauer
2003-08-21Add Michal Zalewski's p0f v2 style passive OS fingerprinting to PF.Mike Frantzen
2003-08-14m_copyback()'s 4th arg is const void *, nuke (caddr_t) casts.Jason Wright
2003-07-17fix scrub frag reassembly after the stack's ip_len/ip_off flip correctionMike Frantzen
2003-07-12Prevent u_int16_t variable from overflowing and get rid of the compilerDaniel Hartmeier
2003-07-10correct another incorrect comparison in ip6 normalization.Jun-ichiro itojun Hagino
2003-07-10wrong comparison of IPv6 packetsizeJun-ichiro itojun Hagino
2003-07-09check if m->m_pkthdr.len is too shortJun-ichiro itojun Hagino
2003-07-09don't check exact ip6_plen and m->m_pkthdr.len match, as ip6_input()Jun-ichiro itojun Hagino
2003-07-09do not flip ip_len/ip_off in netinet stack. deraadt ok.Jun-ichiro itojun Hagino
2003-07-09KNFDaniel Hartmeier
2003-07-01wrap pf_normalize_ip6() by #ifdef INET6. pointed out by Wouter ClarieJun-ichiro itojun Hagino
2003-06-29normalize IPv6 packet (no reass, but it is a start). dhartmei & henning okJun-ichiro itojun Hagino
2003-06-28redundant (pfvar.h already have it)Jun-ichiro itojun Hagino
2003-05-14- modulate TCP Timestamps so they can't be used to detect NAT and to precludeMike Frantzen
2003-05-14Use official (from pcap people) link type for pflog.Can Erkin Acar