| Age | Commit message (Expand) | Author |
|---|
| 2007-12-02 | DIOC{GET,ADD}STATE incorrectly use a user provided pointer without using | Christopher Pascoe |
| 2007-09-27 | Add loginterface support for groups. | Marco Pfatschbacher |
| 2007-08-31 | zap unused "pf_tag" structure. | Thordur I. Bjornsson |
| 2007-08-30 | mechanic change: | Henning Brauer |
| 2007-08-30 | add support for address ranges ("from 10.1.2.50 - 10.1.3.75") in from/to | Daniel Hartmeier |
| 2007-07-13 | remove obsolete pfi_statehead and pfik_w_states; ok henning@ | Markus Friedl |
| 2007-06-25 | pretty mechanical change: now that the state tables use seperate state | Henning Brauer |
| 2007-06-24 | Save some bytes and make code more readable by removing junk union and | Ryan Thomas McBride |
| 2007-06-21 | reimplement interface bound states in a non-retarded way. | Henning Brauer |
| 2007-06-11 | move definitions for the flags in the mbuf header used by pf to mbuf.h | Henning Brauer |
| 2007-06-01 | factor out duplicated code to allocate state key and cross-reference it | Henning Brauer |
| 2007-05-31 | Make sure that pf_state_key and pf_state_key_cmp are in sync. | Ryan Thomas McBride |
| 2007-05-31 | Move the state id and creatorid (used mainly by pfsync) into struct pf_state. | Ryan Thomas McBride |
| 2007-05-31 | First step of rearranging pf's state table internals... | Ryan Thomas McBride |
| 2007-05-28 | double pf performance. | Henning Brauer |
| 2007-02-23 | if machine has more than 100MB of physmem, default the max table entries | Theo de Raadt |
| 2007-02-09 | allow counters to be reset with DIOCGETRULES. | Henning Brauer |
| 2006-12-13 | IPv6 passive OS fingerprinting. | Jun-ichiro itojun Hagino |
| 2006-11-20 | ioctl to explicitly remove source tracking nodes, | Ryan Thomas McBride |
| 2006-10-27 | Split ruleset manipulation functions out into pf_ruleset.c to allow them to | Ryan Thomas McBride |
| 2006-10-25 | add a "u_int8_t logif" to struct pfrule to select to which pflog interface | Henning Brauer |
| 2006-10-17 | increase max pf tag name size from 16 to 64 characters. | Reyk Floeter |
| 2006-10-11 | Allow the 'quick' keyword on an anchor. IFF there is a matching rule inside | Ryan Thomas McBride |
| 2006-07-06 | allow rules to point to an alternate routing table, and tag packets | Henning Brauer |
| 2006-05-28 | Enable adaptive timeouts by default, with adaptive.start of 60% of the | Ryan Thomas McBride |
| 2006-03-14 | implement a Unicast Reverse Path Forwarding (uRPF) check for pf(4) | Damien Miller |
| 2005-11-04 | crank pf_state and pf_src_node byte and packet counters to u_in64_t, since | Ryan Thomas McBride |
| 2005-10-27 | Basic support for attaching states from pfsync to the correct rules. | Ryan Thomas McBride |
| 2005-10-17 | make pf use one mbuf tag instead of 6 distinct ones. use a little struct | Henning Brauer |
| 2005-09-28 | Improve the safety of pf IOCTLs, taking into account that some paths can sleep. | Christopher Pascoe |
| 2005-08-18 | Rearrange pf_state and pfi_kif so that the parts of the structure needed | Christopher Pascoe |
| 2005-08-11 | Only decrement the max-src-conn counter for tcp connections that reached | Joel Knight |
| 2005-08-02 | Instead of copying a table structure so we can mask off a bit before | Christopher Pascoe |
| 2005-07-31 | Perform pf state/rule/table expiry in a kernel thread instead of running | Christopher Pascoe |
| 2005-06-30 | in order for pfvar.h not to conflict with openssl's crypto.h, use | Nikolay Sturm |
| 2005-06-13 | spurious XXX comment left over from interface abstraction code whacking | Henning Brauer |
| 2005-06-13 | make the packet and byte counters on rules and src nodes per direction, | Henning Brauer |
| 2005-06-05 | const'ify the char * parameter to pfi_kif_get and pfi_group_change | Henning Brauer |
| 2005-05-27 | Calculate an MD5 checksum over the main pf ruleset. | Marco Pfatschbacher |
| 2005-05-27 | log two pairs of uid/pid through pflog: the uid/pid of the process that | Daniel Hartmeier |
| 2005-05-26 | support 'log' and 'log-all' in 'nat/rdr/binat pass' rules. original patch | Daniel Hartmeier |
| 2005-05-25 | when an interface joins or leaves a group call back into pf so it can | Henning Brauer |
| 2005-05-23 | change pool allocation of table entries, no longer use the oldnointr | Daniel Hartmeier |
| 2005-05-23 | further cleanup: don't mimic ifnet and add hooks and the dohooks() stuff to | Henning Brauer |
| 2005-05-22 | allow pf to match on interface groups | Henning Brauer |
| 2005-05-21 | clean up and rework the interface absraction code big time, rip out multiple | Henning Brauer |
| 2005-03-03 | when tagging, apply the same tag to all packets matching a state entry | Daniel Hartmeier |
| 2005-01-30 | Add some more reason counters and use them instead of overloading the | Daniel Hartmeier |
| 2005-01-05 | Define defaults for the timeouts ensure consistency between kernel | Ryan Thomas McBride |
| 2004-12-22 | Introduce 'set skip on <ifspec>' to support a list of interfaces where no | Daniel Hartmeier |
