Age | Commit message (Expand) | Author |
2003-08-22 | don't expose pf_osfp_fingerprint() to ! _KERNEL. tcpdump et al use | Mike Frantzen |
2003-08-21 | Add Michal Zalewski's p0f v2 style passive OS fingerprinting to PF. | Mike Frantzen |
2003-08-09 | This patch remove the restriction that tables cannot be used in routing or | Cedric Berger |
2003-08-07 | make pf_match take u_int32_t instead of u_int16_t | Henning Brauer |
2003-07-31 | Make table tickets per-ruleset instead of global. | Cedric Berger |
2003-07-19 | Simplify struct pf_pooladdr to include struct pf_addr_wrap directly | Cedric Berger |
2003-07-04 | -add a "natpass" field to pf_rule | Henning Brauer |
2003-07-03 | unused global. dhartmei ok | Jun-ichiro itojun Hagino |
2003-06-30 | change that queue ID allocator so it always has the queues sorted by ID. | Henning Brauer |
2003-06-30 | move prototype for pf_tag_purge() to pfvar.h | Henning Brauer |
2003-06-29 | normalize IPv6 packet (no reass, but it is a start). dhartmei & henning ok | Jun-ichiro itojun Hagino |
2003-06-21 | count packets and bidirectionally on state entries, allowing for fine-grained | Damien Miller |
2003-06-20 | Add MSS support to the synproxy. The client's MSS is sent to the server, | Daniel Hartmeier |
2003-06-09 | Attempt to resolve byte order confusion in nat code once and for all. | Ryan Thomas McBride |
2003-06-08 | A table in an anchor creates a real anchor: pfctl -sA works. | Cedric Berger |
2003-06-03 | move some prototypes to pfvar.h. needed soon. | Henning Brauer |
2003-05-17 | allow inverse matching on tags | Henning Brauer |
2003-05-17 | Add an 'action' code that allows the SYN proxy to swallow/drop a packet | Daniel Hartmeier |
2003-05-16 | TCP SYN proxy. Instead of 'keep state' or 'modulate state', one can use | Daniel Hartmeier |
2003-05-14 | - modulate TCP Timestamps so they can't be used to detect NAT and to preclude | Mike Frantzen |
2003-05-14 | Use official (from pcap people) link type for pflog. | Can Erkin Acar |
2003-05-13 | add support for tagging packets with arbitary tags and filtering based on | Henning Brauer |
2003-05-12 | Add comment about special (non-index) PFTM_* values. | Daniel Hartmeier |
2003-05-12 | Reorder IPv6 address comparisons to check the least significant parts | Ryan Thomas McBride |
2003-05-12 | Adaptive timeout value scaling. Allows to reduce timeout values as the | Daniel Hartmeier |
2003-05-11 | the start of stateful TCP scrubbing. dynamically determine the highest TTL of | Mike Frantzen |
2003-04-30 | Allow tables to be loaded into anchors. | Cedric Berger |
2003-04-27 | Update the pfioc_table IOCTL structure. | Cedric Berger |
2003-04-11 | set/update the queue IDs on filter rules (qid and pqid) on | Henning Brauer |
2003-04-09 | Change pf_state structure to point to both a rule and the anchor, | Cedric Berger |
2003-04-05 | Replace the timeout variables by the content of the timeout | Cedric Berger |
2003-03-31 | Only delete rule structure when no state refer to it. | Cedric Berger |
2003-03-03 | Make "pfctl -ss" output easier to parse. NO TRAFFIC -> NO_TRAFFIC. | Cedric Berger |
2003-02-08 | Add scrub option 'random-id', which replaces IP IDs with random values | Daniel Hartmeier |
2003-01-21 | Support for TCP window scaling (RFC 1323). ok frantzen@ | Daniel Hartmeier |
2003-01-15 | Fix a buglet when one "creates" a table which is already in the | Cedric Berger |
2003-01-10 | Fix adding and deleting addresses in a table when there is a conflict with | Cedric Berger |
2003-01-09 | (whitespace) KNF, re-fold -w 80 | Daniel Hartmeier |
2003-01-09 | Add support for active/inactive tablesets in the kernel. | Cedric Berger |
2003-01-07 | Remove table name hashing (pass the name in each ioctl instead), and | Daniel Hartmeier |
2003-01-06 | Move initialisation of radix table globals in pfr_initialize() | Cedric Berger |
2003-01-05 | Move ifname from pf_addr to pf_addr_wrap, prepare pf_addr_wrap for table | Daniel Hartmeier |
2003-01-04 | move noroute from flag in pf_rule_addr into type in pf_addr_wrap. | Daniel Hartmeier |
2003-01-03 | 1) pfr_insert_kentries() cannot return ENOMEM anymore -> make it void. | Cedric Berger |
2003-01-02 | Remove explicit numbering of enums. | Ryan Thomas McBride |
2003-01-01 | use a #define for the default state table size | Henning Brauer |
2003-01-01 | Behaves correctly when duplicate addresses are given in the same ioctl. | Cedric Berger |
2003-01-01 | Remove skip step for action (scrub vs. non-scrub), as scrub rules are | Daniel Hartmeier |
2002-12-31 | Split scrub rules out from the filter rules in the kernel. | Ryan Thomas McBride |
2002-12-29 | Add support for radix tables for source and destination of PF rules. | Cedric Berger |