| Age | Commit message (Expand) | Author |
|---|
| 2008-05-09 | Add support to kill states by rule label or state id. | Marco Pfatschbacher |
| 2008-05-09 | divert packets to local socket without modifying the ip header; | Markus Friedl |
| 2008-05-08 | reorder elements in pf_state_peer to avoid wasting memory. cvs blame | Theo de Raadt |
| 2008-05-07 | scrub packets based on tags; ok henning | Markus Friedl |
| 2008-05-07 | allow setting TOS with scrub; ok mcbride, claudio | Markus Friedl |
| 2008-05-06 | Add a counter to record how many states have been created by a rule. | Marco Pfatschbacher |
| 2008-05-05 | remove a useless refcnt in pf_state_key. | Henning Brauer |
| 2007-12-02 | DIOC{GET,ADD}STATE incorrectly use a user provided pointer without using | Christopher Pascoe |
| 2007-09-27 | Add loginterface support for groups. | Marco Pfatschbacher |
| 2007-08-31 | zap unused "pf_tag" structure. | Thordur I. Bjornsson |
| 2007-08-30 | mechanic change: | Henning Brauer |
| 2007-08-30 | add support for address ranges ("from 10.1.2.50 - 10.1.3.75") in from/to | Daniel Hartmeier |
| 2007-07-13 | remove obsolete pfi_statehead and pfik_w_states; ok henning@ | Markus Friedl |
| 2007-06-25 | pretty mechanical change: now that the state tables use seperate state | Henning Brauer |
| 2007-06-24 | Save some bytes and make code more readable by removing junk union and | Ryan Thomas McBride |
| 2007-06-21 | reimplement interface bound states in a non-retarded way. | Henning Brauer |
| 2007-06-11 | move definitions for the flags in the mbuf header used by pf to mbuf.h | Henning Brauer |
| 2007-06-01 | factor out duplicated code to allocate state key and cross-reference it | Henning Brauer |
| 2007-05-31 | Make sure that pf_state_key and pf_state_key_cmp are in sync. | Ryan Thomas McBride |
| 2007-05-31 | Move the state id and creatorid (used mainly by pfsync) into struct pf_state. | Ryan Thomas McBride |
| 2007-05-31 | First step of rearranging pf's state table internals... | Ryan Thomas McBride |
| 2007-05-28 | double pf performance. | Henning Brauer |
| 2007-02-23 | if machine has more than 100MB of physmem, default the max table entries | Theo de Raadt |
| 2007-02-09 | allow counters to be reset with DIOCGETRULES. | Henning Brauer |
| 2006-12-13 | IPv6 passive OS fingerprinting. | Jun-ichiro itojun Hagino |
| 2006-11-20 | ioctl to explicitly remove source tracking nodes, | Ryan Thomas McBride |
| 2006-10-27 | Split ruleset manipulation functions out into pf_ruleset.c to allow them to | Ryan Thomas McBride |
| 2006-10-25 | add a "u_int8_t logif" to struct pfrule to select to which pflog interface | Henning Brauer |
| 2006-10-17 | increase max pf tag name size from 16 to 64 characters. | Reyk Floeter |
| 2006-10-11 | Allow the 'quick' keyword on an anchor. IFF there is a matching rule inside | Ryan Thomas McBride |
| 2006-07-06 | allow rules to point to an alternate routing table, and tag packets | Henning Brauer |
| 2006-05-28 | Enable adaptive timeouts by default, with adaptive.start of 60% of the | Ryan Thomas McBride |
| 2006-03-14 | implement a Unicast Reverse Path Forwarding (uRPF) check for pf(4) | Damien Miller |
| 2005-11-04 | crank pf_state and pf_src_node byte and packet counters to u_in64_t, since | Ryan Thomas McBride |
| 2005-10-27 | Basic support for attaching states from pfsync to the correct rules. | Ryan Thomas McBride |
| 2005-10-17 | make pf use one mbuf tag instead of 6 distinct ones. use a little struct | Henning Brauer |
| 2005-09-28 | Improve the safety of pf IOCTLs, taking into account that some paths can sleep. | Christopher Pascoe |
| 2005-08-18 | Rearrange pf_state and pfi_kif so that the parts of the structure needed | Christopher Pascoe |
| 2005-08-11 | Only decrement the max-src-conn counter for tcp connections that reached | Joel Knight |
| 2005-08-02 | Instead of copying a table structure so we can mask off a bit before | Christopher Pascoe |
| 2005-07-31 | Perform pf state/rule/table expiry in a kernel thread instead of running | Christopher Pascoe |
| 2005-06-30 | in order for pfvar.h not to conflict with openssl's crypto.h, use | Nikolay Sturm |
| 2005-06-13 | spurious XXX comment left over from interface abstraction code whacking | Henning Brauer |
| 2005-06-13 | make the packet and byte counters on rules and src nodes per direction, | Henning Brauer |
| 2005-06-05 | const'ify the char * parameter to pfi_kif_get and pfi_group_change | Henning Brauer |
| 2005-05-27 | Calculate an MD5 checksum over the main pf ruleset. | Marco Pfatschbacher |
| 2005-05-27 | log two pairs of uid/pid through pflog: the uid/pid of the process that | Daniel Hartmeier |
| 2005-05-26 | support 'log' and 'log-all' in 'nat/rdr/binat pass' rules. original patch | Daniel Hartmeier |
| 2005-05-25 | when an interface joins or leaves a group call back into pf so it can | Henning Brauer |
| 2005-05-23 | change pool allocation of table entries, no longer use the oldnointr | Daniel Hartmeier |
