summaryrefslogtreecommitdiff
path: root/sys/net/pfvar.h
AgeCommit message (Expand)Author
2004-06-21Get rid of pf_test_eh() wrapper.Ryan Thomas McBride
2004-06-14Remove DIOCBEGINRULES, DIOCCOMMITRULES, DIOCBEGINALTQS, DIOCCOMMITALTQS,Cedric Berger
2004-06-10rename struct pf_rule_addr member 'not' to 'neg', as 'not' is a reservedDaniel Hartmeier
2004-05-19Allow recursive anchors (anchors within anchors, up to 64Daniel Hartmeier
2004-05-11pf_cksum_fixup() was called without last argument from normalization,Daniel Hartmeier
2004-05-05Use RFC1323 PAWS timestamps as a logical extension to the conventional TCPMike Frantzen
2004-04-28make return-rst work on pure bridges. ok dhartmei@ henning@ mcbride@Cedric Berger
2004-04-27validate the sequence numbers on TCP resets are an exact match. check is onlyMike Frantzen
2004-04-26anchor refcounting. ok dhartmei@ mcbride@Cedric Berger
2004-04-25get rid of a complete state tree walk at state expire while in splnet()Philipp Buehler
2004-04-24Add "probability xxx" rule modifier. ok deraadt@Cedric Berger
2004-03-22Support for best effort bulk transfers of states when pfsync syncif isRyan Thomas McBride
2004-02-20Make pfsync deal with clearing states bound to a group or interface (egRyan Thomas McBride
2004-02-19Makes pfctl -Fs and pfctl -w works with the optional -i specifier.Cedric Berger
2004-02-19the 2nd round of the qid assignment change.Kenjiro Cho
2004-02-10KNFDaniel Hartmeier
2004-02-10KNFHenning Brauer
2004-02-04Fix a number of bugs with setting pool limits which I introduced withRyan Thomas McBride
2003-12-31Many improvements to the handling of interfaces in PF.Cedric Berger
2003-12-15ryan left a few for me ;-)Henning Brauer
2003-12-15Add initial support for pf state synchronization over the network.Ryan Thomas McBride
2003-12-15Add support to track stateful connections by source ip. This allows usRyan Thomas McBride
2003-12-12Move PF interface code to new net/pf_if.cCedric Berger
2003-12-11Fix PR3587 and other related problems with NAT and table stats.Cedric Berger
2003-11-08Add 'no-sync' state option to prevent state transition messages for statesRyan Thomas McBride
2003-10-31Remove remenants of pf_tree stuff that I missed.Ryan Thomas McBride
2003-10-25Build state search indexes directly on pf_state instead of pf_tree_node.Ryan Thomas McBride
2003-09-26Rearchitecture of the userland/kernel IOCTL interface for transactions.Cedric Berger
2003-08-22pf spelling policeDavid Krause
2003-08-22KNFHenning Brauer
2003-08-22don't expose pf_osfp_fingerprint() to ! _KERNEL. tcpdump et al useMike Frantzen
2003-08-21Add Michal Zalewski's p0f v2 style passive OS fingerprinting to PF.Mike Frantzen
2003-08-09This patch remove the restriction that tables cannot be used in routing orCedric Berger
2003-08-07make pf_match take u_int32_t instead of u_int16_tHenning Brauer
2003-07-31Make table tickets per-ruleset instead of global.Cedric Berger
2003-07-19Simplify struct pf_pooladdr to include struct pf_addr_wrap directlyCedric Berger
2003-07-04-add a "natpass" field to pf_ruleHenning Brauer
2003-07-03unused global. dhartmei okJun-ichiro itojun Hagino
2003-06-30change that queue ID allocator so it always has the queues sorted by ID.Henning Brauer
2003-06-30move prototype for pf_tag_purge() to pfvar.hHenning Brauer
2003-06-29normalize IPv6 packet (no reass, but it is a start). dhartmei & henning okJun-ichiro itojun Hagino
2003-06-21count packets and bidirectionally on state entries, allowing for fine-grainedDamien Miller
2003-06-20Add MSS support to the synproxy. The client's MSS is sent to the server,Daniel Hartmeier
2003-06-09Attempt to resolve byte order confusion in nat code once and for all.Ryan Thomas McBride
2003-06-08A table in an anchor creates a real anchor: pfctl -sA works.Cedric Berger
2003-06-03move some prototypes to pfvar.h. needed soon.Henning Brauer
2003-05-17allow inverse matching on tagsHenning Brauer
2003-05-17Add an 'action' code that allows the SYN proxy to swallow/drop a packetDaniel Hartmeier
2003-05-16TCP SYN proxy. Instead of 'keep state' or 'modulate state', one can useDaniel Hartmeier
2003-05-14- modulate TCP Timestamps so they can't be used to detect NAT and to precludeMike Frantzen