summaryrefslogtreecommitdiff
path: root/sys/net/pfvar.h
AgeCommit message (Expand)Author
2012-12-29pass pf_pool directly to pfr_pool_get(); simplifies the API;Markus Friedl
2012-11-06backout csum diff for the moment, requested by theoHenning Brauer
2012-11-01redo most of the protocol (tcp/udp/...) checksum handlingHenning Brauer
2012-10-30Use time_uptime for expiration values as time_second can be skewed atFlorian Obser
2012-10-08Forward declare struct m_tag in netinet/ip_ipsp.h so we don't need toCamiel Dobbelaar
2012-10-05include sys/mbuf.hCamiel Dobbelaar
2012-09-20Lower pf frags limit to not risk running out of mbuf clustersCamiel Dobbelaar
2012-09-18prio 0 is valid, therefore, I chose an "impossible" value for prio meaningHenning Brauer
2012-07-26rename all_state_flags to state_flags to finish the transitionMike Belopuhov
2012-07-13remove confuzzling commentHenning Brauer
2012-07-10define a PFSTATE_SCRUBMASK. relying on numeric order of flags is stupidHenning Brauer
2012-07-07rename prio in struct pf_rule and related structs to set_prio so it isHenning Brauer
2012-04-03Fix kernel compilation with pf but without pfsync pseudo-device byMike Belopuhov
2012-02-03The kernel did not compile without INET6. Put some #ifdefs intoAlexander Bluhm
2012-01-26Clean up the pf normalization code:Alexander Bluhm
2012-01-16Pass struct pf_pdesc to pf_walk_option6() and pf_walk_header6() toAlexander Bluhm
2012-01-15Calling pf_normalize_ip() from pf_setup_pdesc() was bad as theAlexander Bluhm
2011-12-12fixup af-to regression with match rulesMike Belopuhov
2011-11-29use a u_int64_t for the state id in pfsync_state. this makes it consistentDavid Gwynne
2011-11-28deprecate PFTM_UNTIL_PACKET. nothing in the tree uses it, andDavid Gwynne
2011-11-26Apply route-to to deferred packet; without this the first packet of aRyan Thomas McBride
2011-10-13Since the IPv6 madness is not enough introduce NAT64 -- which is actuallyClaudio Jeker
2011-10-07rename some vars and functionsHenning Brauer
2011-10-07pf_poolqueue is long dead, remove corpses. from eurobsdcon, ryan okHenning Brauer
2011-09-28As requested by henning, move the mbuf pointer into struct pf_pdesc.Alexander Bluhm
2011-09-22As I have touched half of pf lines anyway, fix whitespaces now.Alexander Bluhm
2011-09-20Put kif and dir into pdesc an use this instead of passing the valuesAlexander Bluhm
2011-09-19Consolidate pf function parameters. Move off and hdrlen into pdescAlexander Bluhm
2011-09-18Move the pdesc initialization code into pf_setup_pdesc(). UnifyAlexander Bluhm
2011-09-18Move the call to pf_test_rule() for fragments that have not beenAlexander Bluhm
2011-09-17The pd->ip_sum and pd->proto_sum fields are not needed. ReplaceAlexander Bluhm
2011-08-30Add support for one shot rules that remove themselves from an activeMike Belopuhov
2011-08-03someone (*cough*henning*cough*) made pf_state.state_flags a u_int16_tDavid Gwynne
2011-08-02Replace one byte of padding with sa_family_t af in pfsync_state_key;Ryan Thomas McBride
2011-07-27Add support for weighted round-robin in load balancing pools and tables.Ryan Thomas McBride
2011-07-08surprisingly, we use pf as classifier for the new priority queueingHenning Brauer
2011-07-07There were two loops in pf_setup_pdesc() and pf_normalize_ip6()Alexander Bluhm
2011-07-07Fold pf_test_fragment() into pf_test_rule(), reduce code and fixesRyan Thomas McBride
2011-07-04Rename the pf_pdesc field rh_cnt to badopts as it is also used forAlexander Bluhm
2011-07-04Bye bye pf_test6(). Only one pf_test function for both IPv4 and v6.Claudio Jeker
2011-07-03bring in least-states load balancing algorithmJoerg Zinke
2011-06-21There is no need to handle fragmented TCP reset packets in a specialAlexander Bluhm
2011-06-20More cleanup in pf_test/pf_test6 this time mostly the fragmentClaudio Jeker
2011-05-24Merge pf_scrub_ip() and pf_scrub_ip6() into a single function. CallClaudio Jeker
2011-05-22Do not pass AF specific information to pf_test_rule() and PFLOG_PACKET()Claudio Jeker
2011-05-17exclude link local address from the dynamic interface address poolMike Belopuhov
2011-04-23pf_scrub_ip() does not modify the given mbuf pointer. So don'tAlexander Bluhm
2011-04-22pf_pooladdr_pl does not exist anymore. Remove its extern declaration.Alexander Bluhm
2011-04-12put the accepted socket of a diverted connection into the routing domainMike Belopuhov
2011-04-06Allow PF to filter on the rdomain a packet belongs to. This allows toClaudio Jeker