Age | Commit message (Expand) | Author |
2011-09-18 | Move the pdesc initialization code into pf_setup_pdesc(). Unify | Alexander Bluhm |
2011-09-18 | Move the call to pf_test_rule() for fragments that have not been | Alexander Bluhm |
2011-09-17 | The pd->ip_sum and pd->proto_sum fields are not needed. Replace | Alexander Bluhm |
2011-08-30 | Add support for one shot rules that remove themselves from an active | Mike Belopuhov |
2011-08-03 | someone (*cough*henning*cough*) made pf_state.state_flags a u_int16_t | David Gwynne |
2011-08-02 | Replace one byte of padding with sa_family_t af in pfsync_state_key; | Ryan Thomas McBride |
2011-07-27 | Add support for weighted round-robin in load balancing pools and tables. | Ryan Thomas McBride |
2011-07-08 | surprisingly, we use pf as classifier for the new priority queueing | Henning Brauer |
2011-07-07 | There were two loops in pf_setup_pdesc() and pf_normalize_ip6() | Alexander Bluhm |
2011-07-07 | Fold pf_test_fragment() into pf_test_rule(), reduce code and fixes | Ryan Thomas McBride |
2011-07-04 | Rename the pf_pdesc field rh_cnt to badopts as it is also used for | Alexander Bluhm |
2011-07-04 | Bye bye pf_test6(). Only one pf_test function for both IPv4 and v6. | Claudio Jeker |
2011-07-03 | bring in least-states load balancing algorithm | Joerg Zinke |
2011-06-21 | There is no need to handle fragmented TCP reset packets in a special | Alexander Bluhm |
2011-06-20 | More cleanup in pf_test/pf_test6 this time mostly the fragment | Claudio Jeker |
2011-05-24 | Merge pf_scrub_ip() and pf_scrub_ip6() into a single function. Call | Claudio Jeker |
2011-05-22 | Do not pass AF specific information to pf_test_rule() and PFLOG_PACKET() | Claudio Jeker |
2011-05-17 | exclude link local address from the dynamic interface address pool | Mike Belopuhov |
2011-04-23 | pf_scrub_ip() does not modify the given mbuf pointer. So don't | Alexander Bluhm |
2011-04-22 | pf_pooladdr_pl does not exist anymore. Remove its extern declaration. | Alexander Bluhm |
2011-04-12 | put the accepted socket of a diverted connection into the routing domain | Mike Belopuhov |
2011-04-06 | Allow PF to filter on the rdomain a packet belongs to. This allows to | Claudio Jeker |
2011-04-05 | ditch fastroute, an ipf feature that made its way into pf before | Mike Belopuhov |
2011-03-25 | Include original rdomain in DIOCNATLOOK. This allows userland proxies | Claudio Jeker |
2011-03-24 | Reassemble IPv6 fragments in pf. In the forward case, pf refragments | Alexander Bluhm |
2011-03-07 | Declare the inline function pf_addr_compare() non-static in pfvar.h | Alexander Bluhm |
2011-03-05 | The function pf_tag_packet() never fails. Remove a redundant check | Alexander Bluhm |
2011-01-11 | Perform IP options check in pf_test_rule(), before creating state. | Ryan Thomas McBride |
2010-12-07 | remove a bunch of unused arguments | Jonathan Gray |
2010-10-23 | remove PFR_FLAG_ATOMIC. not used, and doesn't work as advertised. | Ted Unangst |
2010-10-18 | Revert non-compatible and undocumented bullshit commited by 3 developers | Theo de Raadt |
2010-10-17 | Add quirks support to operating system fingerprinting. tcpdump part | Joel Sing |
2010-09-22 | add a new log opt PF_LOG_MATCHES | Henning Brauer |
2010-09-21 | assert copyrights / bump years | Henning Brauer |
2010-09-21 | make pf_translate (void so far) return 1 if it actually changed something | Henning Brauer |
2010-09-21 | factor our the code to set up pf_pdesc, a central structure in pf carrying | Henning Brauer |
2010-06-28 | Clean up iterface stats handling: | Ryan Thomas McBride |
2010-06-27 | stuff nsaddr/ndaddr/nsport/ndport (addrs/ports after NAT, used a lot while | Henning Brauer |
2010-05-07 | Start cleaning up the mess called rtalloc*. Kill rtalloc2, make rtalloc1 | Claudio Jeker |
2010-04-28 | Cast 'a' to (void *) in the REASON_SET macro. Makes gcc4 happy. | Robert Nagy |
2010-01-20 | One \ too many in pfvar.h. From Daniel Dickman <didickman@gmail.com> | Ryan Thomas McBride |
2010-01-18 | Convert pf debug logging to using log()/addlog(), a single standardised | Ryan Thomas McBride |
2010-01-13 | Remove extern reference to pf_pabuf which uses a struct | Jonathan Gray |
2010-01-12 | First pass at removing the 'pf_pool' mechanism for translation and routing | Ryan Thomas McBride |
2009-12-24 | add support to pf for filtering a packet by the interface it was received | David Gwynne |
2009-12-14 | fix sticky-address - by pretty much re-implementing it. still following | Henning Brauer |
2009-11-24 | kill obsolete natpass | Henning Brauer |
2009-11-23 | remove the nat_rule pointer on pf_state and pf_pdesc, obsolete after | Henning Brauer |
2009-11-22 | cleanup after the NAT changes. we used to have multiple rulesets (scrub, | Henning Brauer |
2009-11-03 | Use u_int16_t for rdomains for everything. Using various types makes | Claudio Jeker |