summaryrefslogtreecommitdiff
path: root/sys/net/pfvar.h
AgeCommit message (Expand)Author
2003-08-22pf spelling policeDavid Krause
2003-08-22KNFHenning Brauer
2003-08-22don't expose pf_osfp_fingerprint() to ! _KERNEL. tcpdump et al useMike Frantzen
2003-08-21Add Michal Zalewski's p0f v2 style passive OS fingerprinting to PF.Mike Frantzen
2003-08-09This patch remove the restriction that tables cannot be used in routing orCedric Berger
2003-08-07make pf_match take u_int32_t instead of u_int16_tHenning Brauer
2003-07-31Make table tickets per-ruleset instead of global.Cedric Berger
2003-07-19Simplify struct pf_pooladdr to include struct pf_addr_wrap directlyCedric Berger
2003-07-04-add a "natpass" field to pf_ruleHenning Brauer
2003-07-03unused global. dhartmei okJun-ichiro itojun Hagino
2003-06-30change that queue ID allocator so it always has the queues sorted by ID.Henning Brauer
2003-06-30move prototype for pf_tag_purge() to pfvar.hHenning Brauer
2003-06-29normalize IPv6 packet (no reass, but it is a start). dhartmei & henning okJun-ichiro itojun Hagino
2003-06-21count packets and bidirectionally on state entries, allowing for fine-grainedDamien Miller
2003-06-20Add MSS support to the synproxy. The client's MSS is sent to the server,Daniel Hartmeier
2003-06-09Attempt to resolve byte order confusion in nat code once and for all.Ryan Thomas McBride
2003-06-08A table in an anchor creates a real anchor: pfctl -sA works.Cedric Berger
2003-06-03move some prototypes to pfvar.h. needed soon.Henning Brauer
2003-05-17allow inverse matching on tagsHenning Brauer
2003-05-17Add an 'action' code that allows the SYN proxy to swallow/drop a packetDaniel Hartmeier
2003-05-16TCP SYN proxy. Instead of 'keep state' or 'modulate state', one can useDaniel Hartmeier
2003-05-14- modulate TCP Timestamps so they can't be used to detect NAT and to precludeMike Frantzen
2003-05-14Use official (from pcap people) link type for pflog.Can Erkin Acar
2003-05-13add support for tagging packets with arbitary tags and filtering based onHenning Brauer
2003-05-12Add comment about special (non-index) PFTM_* values.Daniel Hartmeier
2003-05-12Reorder IPv6 address comparisons to check the least significant partsRyan Thomas McBride
2003-05-12Adaptive timeout value scaling. Allows to reduce timeout values as theDaniel Hartmeier
2003-05-11the start of stateful TCP scrubbing. dynamically determine the highest TTL ofMike Frantzen
2003-04-30Allow tables to be loaded into anchors.Cedric Berger
2003-04-27Update the pfioc_table IOCTL structure.Cedric Berger
2003-04-11set/update the queue IDs on filter rules (qid and pqid) onHenning Brauer
2003-04-09Change pf_state structure to point to both a rule and the anchor,Cedric Berger
2003-04-05Replace the timeout variables by the content of the timeoutCedric Berger
2003-03-31Only delete rule structure when no state refer to it.Cedric Berger
2003-03-03Make "pfctl -ss" output easier to parse. NO TRAFFIC -> NO_TRAFFIC.Cedric Berger
2003-02-08Add scrub option 'random-id', which replaces IP IDs with random valuesDaniel Hartmeier
2003-01-21Support for TCP window scaling (RFC 1323). ok frantzen@Daniel Hartmeier
2003-01-15Fix a buglet when one "creates" a table which is already in theCedric Berger
2003-01-10Fix adding and deleting addresses in a table when there is a conflict withCedric Berger
2003-01-09(whitespace) KNF, re-fold -w 80Daniel Hartmeier
2003-01-09Add support for active/inactive tablesets in the kernel.Cedric Berger
2003-01-07Remove table name hashing (pass the name in each ioctl instead), andDaniel Hartmeier
2003-01-06Move initialisation of radix table globals in pfr_initialize()Cedric Berger
2003-01-05Move ifname from pf_addr to pf_addr_wrap, prepare pf_addr_wrap for tableDaniel Hartmeier
2003-01-04move noroute from flag in pf_rule_addr into type in pf_addr_wrap.Daniel Hartmeier
2003-01-031) pfr_insert_kentries() cannot return ENOMEM anymore -> make it void.Cedric Berger
2003-01-02Remove explicit numbering of enums.Ryan Thomas McBride
2003-01-01use a #define for the default state table sizeHenning Brauer
2003-01-01Behaves correctly when duplicate addresses are given in the same ioctl.Cedric Berger
2003-01-01Remove skip step for action (scrub vs. non-scrub), as scrub rules areDaniel Hartmeier