Age | Commit message (Expand) | Author |
2011-06-21 | There is no need to handle fragmented TCP reset packets in a special | Alexander Bluhm |
2011-06-20 | More cleanup in pf_test/pf_test6 this time mostly the fragment | Claudio Jeker |
2011-05-24 | Merge pf_scrub_ip() and pf_scrub_ip6() into a single function. Call | Claudio Jeker |
2011-05-22 | Do not pass AF specific information to pf_test_rule() and PFLOG_PACKET() | Claudio Jeker |
2011-05-17 | exclude link local address from the dynamic interface address pool | Mike Belopuhov |
2011-04-23 | pf_scrub_ip() does not modify the given mbuf pointer. So don't | Alexander Bluhm |
2011-04-22 | pf_pooladdr_pl does not exist anymore. Remove its extern declaration. | Alexander Bluhm |
2011-04-12 | put the accepted socket of a diverted connection into the routing domain | Mike Belopuhov |
2011-04-06 | Allow PF to filter on the rdomain a packet belongs to. This allows to | Claudio Jeker |
2011-04-05 | ditch fastroute, an ipf feature that made its way into pf before | Mike Belopuhov |
2011-03-25 | Include original rdomain in DIOCNATLOOK. This allows userland proxies | Claudio Jeker |
2011-03-24 | Reassemble IPv6 fragments in pf. In the forward case, pf refragments | Alexander Bluhm |
2011-03-07 | Declare the inline function pf_addr_compare() non-static in pfvar.h | Alexander Bluhm |
2011-03-05 | The function pf_tag_packet() never fails. Remove a redundant check | Alexander Bluhm |
2011-01-11 | Perform IP options check in pf_test_rule(), before creating state. | Ryan Thomas McBride |
2010-12-07 | remove a bunch of unused arguments | Jonathan Gray |
2010-10-23 | remove PFR_FLAG_ATOMIC. not used, and doesn't work as advertised. | Ted Unangst |
2010-10-18 | Revert non-compatible and undocumented bullshit commited by 3 developers | Theo de Raadt |
2010-10-17 | Add quirks support to operating system fingerprinting. tcpdump part | Joel Sing |
2010-09-22 | add a new log opt PF_LOG_MATCHES | Henning Brauer |
2010-09-21 | assert copyrights / bump years | Henning Brauer |
2010-09-21 | make pf_translate (void so far) return 1 if it actually changed something | Henning Brauer |
2010-09-21 | factor our the code to set up pf_pdesc, a central structure in pf carrying | Henning Brauer |
2010-06-28 | Clean up iterface stats handling: | Ryan Thomas McBride |
2010-06-27 | stuff nsaddr/ndaddr/nsport/ndport (addrs/ports after NAT, used a lot while | Henning Brauer |
2010-05-07 | Start cleaning up the mess called rtalloc*. Kill rtalloc2, make rtalloc1 | Claudio Jeker |
2010-04-28 | Cast 'a' to (void *) in the REASON_SET macro. Makes gcc4 happy. | Robert Nagy |
2010-01-20 | One \ too many in pfvar.h. From Daniel Dickman <didickman@gmail.com> | Ryan Thomas McBride |
2010-01-18 | Convert pf debug logging to using log()/addlog(), a single standardised | Ryan Thomas McBride |
2010-01-13 | Remove extern reference to pf_pabuf which uses a struct | Jonathan Gray |
2010-01-12 | First pass at removing the 'pf_pool' mechanism for translation and routing | Ryan Thomas McBride |
2009-12-24 | add support to pf for filtering a packet by the interface it was received | David Gwynne |
2009-12-14 | fix sticky-address - by pretty much re-implementing it. still following | Henning Brauer |
2009-11-24 | kill obsolete natpass | Henning Brauer |
2009-11-23 | remove the nat_rule pointer on pf_state and pf_pdesc, obsolete after | Henning Brauer |
2009-11-22 | cleanup after the NAT changes. we used to have multiple rulesets (scrub, | Henning Brauer |
2009-11-03 | Use u_int16_t for rdomains for everything. Using various types makes | Claudio Jeker |
2009-11-03 | rtables are stacked on rdomains (it is possible to have multiple routing | Claudio Jeker |
2009-10-28 | Add a dedicated pf pool for route options as suggested by henning, | Jonathan Gray |
2009-10-06 | Redo the route lookup in the output (and IPv6 forwarding) path if the | Claudio Jeker |
2009-10-04 | Add (again) support for divert sockets. They allow you to: | Michele Marchetto |
2009-09-08 | I had not enough oks to commit this diff. | Michele Marchetto |
2009-09-08 | Add support for divert sockets. They allow you to: | Michele Marchetto |
2009-09-01 | the diff theo calls me insanae for: | Henning Brauer |
2009-06-25 | scrub_flags is a u_int8_t, but PFSTATE_SCRUB_TCP is 0x0100, so the | Stuart Henderson |
2009-06-08 | bring back the fixed PF_AEQ/ANEQ/AZERO macros, the offending use has been | Henning Brauer |
2009-06-08 | gah. something is not quite right, sthen sees strange behaviour fixed | Henning Brauer |
2009-06-08 | unfuck PF_AEQ PF_ANEQ PF_AZERO macos that got fucked when v6 support | Henning Brauer |
2009-05-18 | The routing table index rtableid has type unsigned int in the routing | Alexander Bluhm |
2009-04-06 | 1) scrub rules are completely gone. | Henning Brauer |