summaryrefslogtreecommitdiff
path: root/sys/net/pfvar.h
AgeCommit message (Expand)Author
2011-09-18Move the pdesc initialization code into pf_setup_pdesc(). UnifyAlexander Bluhm
2011-09-18Move the call to pf_test_rule() for fragments that have not beenAlexander Bluhm
2011-09-17The pd->ip_sum and pd->proto_sum fields are not needed. ReplaceAlexander Bluhm
2011-08-30Add support for one shot rules that remove themselves from an activeMike Belopuhov
2011-08-03someone (*cough*henning*cough*) made pf_state.state_flags a u_int16_tDavid Gwynne
2011-08-02Replace one byte of padding with sa_family_t af in pfsync_state_key;Ryan Thomas McBride
2011-07-27Add support for weighted round-robin in load balancing pools and tables.Ryan Thomas McBride
2011-07-08surprisingly, we use pf as classifier for the new priority queueingHenning Brauer
2011-07-07There were two loops in pf_setup_pdesc() and pf_normalize_ip6()Alexander Bluhm
2011-07-07Fold pf_test_fragment() into pf_test_rule(), reduce code and fixesRyan Thomas McBride
2011-07-04Rename the pf_pdesc field rh_cnt to badopts as it is also used forAlexander Bluhm
2011-07-04Bye bye pf_test6(). Only one pf_test function for both IPv4 and v6.Claudio Jeker
2011-07-03bring in least-states load balancing algorithmJoerg Zinke
2011-06-21There is no need to handle fragmented TCP reset packets in a specialAlexander Bluhm
2011-06-20More cleanup in pf_test/pf_test6 this time mostly the fragmentClaudio Jeker
2011-05-24Merge pf_scrub_ip() and pf_scrub_ip6() into a single function. CallClaudio Jeker
2011-05-22Do not pass AF specific information to pf_test_rule() and PFLOG_PACKET()Claudio Jeker
2011-05-17exclude link local address from the dynamic interface address poolMike Belopuhov
2011-04-23pf_scrub_ip() does not modify the given mbuf pointer. So don'tAlexander Bluhm
2011-04-22pf_pooladdr_pl does not exist anymore. Remove its extern declaration.Alexander Bluhm
2011-04-12put the accepted socket of a diverted connection into the routing domainMike Belopuhov
2011-04-06Allow PF to filter on the rdomain a packet belongs to. This allows toClaudio Jeker
2011-04-05ditch fastroute, an ipf feature that made its way into pf beforeMike Belopuhov
2011-03-25Include original rdomain in DIOCNATLOOK. This allows userland proxiesClaudio Jeker
2011-03-24Reassemble IPv6 fragments in pf. In the forward case, pf refragmentsAlexander Bluhm
2011-03-07Declare the inline function pf_addr_compare() non-static in pfvar.hAlexander Bluhm
2011-03-05The function pf_tag_packet() never fails. Remove a redundant checkAlexander Bluhm
2011-01-11Perform IP options check in pf_test_rule(), before creating state.Ryan Thomas McBride
2010-12-07remove a bunch of unused argumentsJonathan Gray
2010-10-23remove PFR_FLAG_ATOMIC. not used, and doesn't work as advertised.Ted Unangst
2010-10-18Revert non-compatible and undocumented bullshit commited by 3 developersTheo de Raadt
2010-10-17Add quirks support to operating system fingerprinting. tcpdump partJoel Sing
2010-09-22add a new log opt PF_LOG_MATCHESHenning Brauer
2010-09-21assert copyrights / bump yearsHenning Brauer
2010-09-21make pf_translate (void so far) return 1 if it actually changed somethingHenning Brauer
2010-09-21factor our the code to set up pf_pdesc, a central structure in pf carryingHenning Brauer
2010-06-28Clean up iterface stats handling:Ryan Thomas McBride
2010-06-27stuff nsaddr/ndaddr/nsport/ndport (addrs/ports after NAT, used a lot whileHenning Brauer
2010-05-07Start cleaning up the mess called rtalloc*. Kill rtalloc2, make rtalloc1Claudio Jeker
2010-04-28Cast 'a' to (void *) in the REASON_SET macro. Makes gcc4 happy.Robert Nagy
2010-01-20One \ too many in pfvar.h. From Daniel Dickman <didickman@gmail.com>Ryan Thomas McBride
2010-01-18Convert pf debug logging to using log()/addlog(), a single standardisedRyan Thomas McBride
2010-01-13Remove extern reference to pf_pabuf which uses a structJonathan Gray
2010-01-12First pass at removing the 'pf_pool' mechanism for translation and routingRyan Thomas McBride
2009-12-24add support to pf for filtering a packet by the interface it was receivedDavid Gwynne
2009-12-14fix sticky-address - by pretty much re-implementing it. still followingHenning Brauer
2009-11-24kill obsolete natpassHenning Brauer
2009-11-23remove the nat_rule pointer on pf_state and pf_pdesc, obsolete afterHenning Brauer
2009-11-22cleanup after the NAT changes. we used to have multiple rulesets (scrub,Henning Brauer
2009-11-03Use u_int16_t for rdomains for everything. Using various types makesClaudio Jeker