summaryrefslogtreecommitdiff
path: root/sys/net/pfvar.h
AgeCommit message (Expand)Author
2009-11-23remove the nat_rule pointer on pf_state and pf_pdesc, obsolete afterHenning Brauer
2009-11-22cleanup after the NAT changes. we used to have multiple rulesets (scrub,Henning Brauer
2009-11-03Use u_int16_t for rdomains for everything. Using various types makesClaudio Jeker
2009-11-03rtables are stacked on rdomains (it is possible to have multiple routingClaudio Jeker
2009-10-28Add a dedicated pf pool for route options as suggested by henning,Jonathan Gray
2009-10-06Redo the route lookup in the output (and IPv6 forwarding) path if theClaudio Jeker
2009-10-04Add (again) support for divert sockets. They allow you to:Michele Marchetto
2009-09-08I had not enough oks to commit this diff.Michele Marchetto
2009-09-08Add support for divert sockets. They allow you to:Michele Marchetto
2009-09-01the diff theo calls me insanae for:Henning Brauer
2009-06-25scrub_flags is a u_int8_t, but PFSTATE_SCRUB_TCP is 0x0100, so theStuart Henderson
2009-06-08bring back the fixed PF_AEQ/ANEQ/AZERO macros, the offending use has beenHenning Brauer
2009-06-08gah. something is not quite right, sthen sees strange behaviour fixedHenning Brauer
2009-06-08unfuck PF_AEQ PF_ANEQ PF_AZERO macos that got fucked when v6 supportHenning Brauer
2009-05-18The routing table index rtableid has type unsigned int in the routingAlexander Bluhm
2009-04-061) scrub rules are completely gone.Henning Brauer
2009-03-09Make the DIOCSETIFFLAG, DIOCSETLIMIT, and DIOCSETTIMEOUT ioctlsRyan Thomas McBride
2009-02-16pfsync v5, mostly written at n2k9, but based on work done at n2k8.David Gwynne
2009-01-29Split the address selection from pools away from pf.c and put it inPierre-Yves Ritschard
2008-11-24Fix splasserts seen in pr 5987 by propagating a flag that discribesMike Belopuhov
2008-10-08Get rid of the second table entry pool (pfr_kentry_pl2); we're alreadyRyan Thomas McBride
2008-09-22Reorder PFSTATE_PFLOW define:Marco Pfatschbacher
2008-09-09welcome pflow(4), a netflow v5 compatible flow export interface.Henning Brauer
2008-08-26introduce a function to be called when addressing information has changed,Henning Brauer
2008-07-03link pf state keys to tcp pcbs and vice versa.Henning Brauer
2008-06-29Simplify state creation code; merge state import/export code between pfsyncRyan Thomas McBride
2008-06-11store a pointer to the stack side state key in the mbuf packetHenning Brauer
2008-06-10Make counters on table addresses optional and disabled by default.Ryan Thomas McBride
2008-06-10save somespace in the state by collapsing two 8 bit ints used as booleansHenning Brauer
2008-06-10implement a sloppy tcpstate tracker which does not look at sequenceHenning Brauer
2008-05-30trivial KNF before we go furtherHenning Brauer
2008-05-29Second half of PF state table rearrangement.Ryan Thomas McBride
2008-05-29rewrite the state table logic.Henning Brauer
2008-05-18KNFRyan Thomas McBride
2008-05-09Add support to kill states by rule label or state id.Marco Pfatschbacher
2008-05-09divert packets to local socket without modifying the ip header;Markus Friedl
2008-05-08reorder elements in pf_state_peer to avoid wasting memory. cvs blameTheo de Raadt
2008-05-07scrub packets based on tags; ok henningMarkus Friedl
2008-05-07allow setting TOS with scrub; ok mcbride, claudioMarkus Friedl
2008-05-06Add a counter to record how many states have been created by a rule.Marco Pfatschbacher
2008-05-05remove a useless refcnt in pf_state_key.Henning Brauer
2007-12-02DIOC{GET,ADD}STATE incorrectly use a user provided pointer without usingChristopher Pascoe
2007-09-27Add loginterface support for groups.Marco Pfatschbacher
2007-08-31zap unused "pf_tag" structure.Thordur I. Bjornsson
2007-08-30mechanic change:Henning Brauer
2007-08-30add support for address ranges ("from 10.1.2.50 - 10.1.3.75") in from/toDaniel Hartmeier
2007-07-13remove obsolete pfi_statehead and pfik_w_states; ok henning@Markus Friedl
2007-06-25pretty mechanical change: now that the state tables use seperate stateHenning Brauer
2007-06-24Save some bytes and make code more readable by removing junk union andRyan Thomas McBride
2007-06-21reimplement interface bound states in a non-retarded way.Henning Brauer