summaryrefslogtreecommitdiff
path: root/sys/net/pfvar.h
AgeCommit message (Expand)Author
2023-04-28This change speeds up DIOCGETRULE ioctl(2) which pfctl(8) uses toAlexandr Nedvedicky
2023-02-07internal representation of icmp type/code in pfctl(8)/pf(4) does notAlexandr Nedvedicky
2023-01-06PF_ANCHOR_STACK_MAX is insufficient protection against stack overflow.Alexandr Nedvedicky
2023-01-04move the pf_state_tree_id type from pfvar.h to pfvar_priv.h.David Gwynne
2023-01-04move the pf_state_tree rb tree type from pfvar.h to pfvar_priv.hDavid Gwynne
2022-12-22use stoeplitz to generate a hash/flowid for state keys.David Gwynne
2022-12-21prefix pf_state_key and pf_state_item struct bits to make them more unique.David Gwynne
2022-12-19move pf_state_item and pf_state_key structs from pfvar.h to pfvar_priv.h.David Gwynne
2022-12-16always keep pf_state_keys attached to pf_states.David Gwynne
2022-11-25revert pf.c r1.1152 again: move pf_purge out from under the kernel lockAlexander Bluhm
2022-11-11try pf.c r1.1143 again: move pf_purge out from under the kernel lockDavid Gwynne
2022-11-11rewrite the pf_state_peer_ntoh and pf_state_peer_hton macros as functions.David Gwynne
2022-11-11move struct pf_state from pfvar.h to pfvar_priv.h.David Gwynne
2022-11-10revert pf_state mtx commit, because it breaks tree.Alexandr Nedvedicky
2022-11-10Add a mutex to pf_state structure. Mutex retain a consistencyAlexandr Nedvedicky
2022-11-09simplify expiration of 'once' rules.Alexandr Nedvedicky
2022-11-07revert "move pf_purge out from under the kernel lock".David Gwynne
2022-11-07move pf_purge out from under the kernel lock and avoid the hogging cpuDavid Gwynne
2022-11-06move pfsync_state_import in if_pfsync.c to pf_state_import in pf.cDavid Gwynne
2022-10-10Recalculate checksum of normalised packetBjorn Ketelaars
2022-09-03When divert-reply is used, keep some pf states after pcb is dropped ifYASUOKA Masahiko
2022-07-20Add a pool for the allocation of the pf_anchor struct.Moritz Buhl
2022-06-26Allow waiting during ktable allocation in pf_ioctl.mbuhl
2022-04-29Release PF und NET lock before calling copyout for DIOCIGETIFACES.mbuhl
2022-04-21Introduce a dedicated link entries for snapshots in pfsync(4). The purposeAlexandr Nedvedicky
2021-12-26make 'set skip on ...' in pf.conf dynamicAlexandr Nedvedicky
2021-11-16move memory allocations in pfr_add_addrs() outside of NET_LOCK()/PF_LOCK()Alexandr Nedvedicky
2021-11-11Allow pfi_kif_get() callers to pre-allocate buffer for new kif. If kifAlexandr Nedvedicky
2021-06-23augment the global pf state list with its own locks.David Gwynne
2021-06-23rework pf_state_expires to avoid confusion around state->timeout.David Gwynne
2021-03-10spellingJonathan Gray
2021-02-01change route-to so it sends packets to IPs instead of interfaces.David Gwynne
2021-01-12Sometimes a user ID was logged in pflog(4) although the logopt ofAlexander Bluhm
2020-10-14replace a MAXPATHLEN that slipped back in with PATH_MAX so userland won'tChristian Weisgerber
2020-08-24Remove ptr_array from struct pf_rulesetkn
2020-07-28Use the table on root always if current table is not active.YASUOKA Masahiko
2020-07-21rename PF_OPT_TABLE_PREFIX to PF_OPTIMIZER_TABLE_PFX and move it to pfvar.hHenning Brauer
2019-11-17"set delay" never worked as committed: the delay field was not copiedOtto Moerbeek
2019-07-09Fix previous commit which made src-node have a reference for the kif.YASUOKA Masahiko
2019-07-02When source address tracking record is used for "route-to", the nextYASUOKA Masahiko
2019-02-18Change ps_len of struct pfioc_states and psn_len of structAlexander Bluhm
2018-12-17Rename pf_anchor_remove() to pf_remove_anchor()kn
2018-12-10Remove useless macroskn
2018-12-09Zap duplicate signatureskn
2018-09-13Add reference counting for inet pcb, this will be needed when weAlexander Bluhm
2018-09-11- moving state look up outside of PF_LOCK()Alexandr Nedvedicky
2018-09-10Limit the fragment entry queue length to 64 per bucket. So we haveAlexander Bluhm
2018-09-08Split the pf(4) fragment reassembly queue into smaller parts.Alexander Bluhm
2018-07-22Fix arguments of pf_purge_expired_{src_nodes,rules}()Stefan Fritsch
2018-07-11provide pfi_group_addmember(), which makes the new member interface inheritHenning Brauer