summaryrefslogtreecommitdiff
path: root/sys/net/pfvar.h
AgeCommit message (Expand)Author
2008-07-03link pf state keys to tcp pcbs and vice versa.Henning Brauer
2008-06-29Simplify state creation code; merge state import/export code between pfsyncRyan Thomas McBride
2008-06-11store a pointer to the stack side state key in the mbuf packetHenning Brauer
2008-06-10Make counters on table addresses optional and disabled by default.Ryan Thomas McBride
2008-06-10save somespace in the state by collapsing two 8 bit ints used as booleansHenning Brauer
2008-06-10implement a sloppy tcpstate tracker which does not look at sequenceHenning Brauer
2008-05-30trivial KNF before we go furtherHenning Brauer
2008-05-29Second half of PF state table rearrangement.Ryan Thomas McBride
2008-05-29rewrite the state table logic.Henning Brauer
2008-05-18KNFRyan Thomas McBride
2008-05-09Add support to kill states by rule label or state id.Marco Pfatschbacher
2008-05-09divert packets to local socket without modifying the ip header;Markus Friedl
2008-05-08reorder elements in pf_state_peer to avoid wasting memory. cvs blameTheo de Raadt
2008-05-07scrub packets based on tags; ok henningMarkus Friedl
2008-05-07allow setting TOS with scrub; ok mcbride, claudioMarkus Friedl
2008-05-06Add a counter to record how many states have been created by a rule.Marco Pfatschbacher
2008-05-05remove a useless refcnt in pf_state_key.Henning Brauer
2007-12-02DIOC{GET,ADD}STATE incorrectly use a user provided pointer without usingChristopher Pascoe
2007-09-27Add loginterface support for groups.Marco Pfatschbacher
2007-08-31zap unused "pf_tag" structure.Thordur I. Bjornsson
2007-08-30mechanic change:Henning Brauer
2007-08-30add support for address ranges ("from 10.1.2.50 - 10.1.3.75") in from/toDaniel Hartmeier
2007-07-13remove obsolete pfi_statehead and pfik_w_states; ok henning@Markus Friedl
2007-06-25pretty mechanical change: now that the state tables use seperate stateHenning Brauer
2007-06-24Save some bytes and make code more readable by removing junk union andRyan Thomas McBride
2007-06-21reimplement interface bound states in a non-retarded way.Henning Brauer
2007-06-11move definitions for the flags in the mbuf header used by pf to mbuf.hHenning Brauer
2007-06-01factor out duplicated code to allocate state key and cross-reference itHenning Brauer
2007-05-31Make sure that pf_state_key and pf_state_key_cmp are in sync.Ryan Thomas McBride
2007-05-31Move the state id and creatorid (used mainly by pfsync) into struct pf_state.Ryan Thomas McBride
2007-05-31First step of rearranging pf's state table internals...Ryan Thomas McBride
2007-05-28double pf performance.Henning Brauer
2007-02-23if machine has more than 100MB of physmem, default the max table entriesTheo de Raadt
2007-02-09allow counters to be reset with DIOCGETRULES.Henning Brauer
2006-12-13IPv6 passive OS fingerprinting.Jun-ichiro itojun Hagino
2006-11-20ioctl to explicitly remove source tracking nodes,Ryan Thomas McBride
2006-10-27Split ruleset manipulation functions out into pf_ruleset.c to allow them toRyan Thomas McBride
2006-10-25add a "u_int8_t logif" to struct pfrule to select to which pflog interfaceHenning Brauer
2006-10-17increase max pf tag name size from 16 to 64 characters.Reyk Floeter
2006-10-11Allow the 'quick' keyword on an anchor. IFF there is a matching rule insideRyan Thomas McBride
2006-07-06allow rules to point to an alternate routing table, and tag packetsHenning Brauer
2006-05-28Enable adaptive timeouts by default, with adaptive.start of 60% of theRyan Thomas McBride
2006-03-14implement a Unicast Reverse Path Forwarding (uRPF) check for pf(4)Damien Miller
2005-11-04crank pf_state and pf_src_node byte and packet counters to u_in64_t, sinceRyan Thomas McBride
2005-10-27Basic support for attaching states from pfsync to the correct rules.Ryan Thomas McBride
2005-10-17make pf use one mbuf tag instead of 6 distinct ones. use a little structHenning Brauer
2005-09-28Improve the safety of pf IOCTLs, taking into account that some paths can sleep.Christopher Pascoe
2005-08-18Rearrange pf_state and pfi_kif so that the parts of the structure neededChristopher Pascoe
2005-08-11Only decrement the max-src-conn counter for tcp connections that reachedJoel Knight
2005-08-02Instead of copying a table structure so we can mask off a bit beforeChristopher Pascoe