summaryrefslogtreecommitdiff
path: root/sys/net/pfvar.h
AgeCommit message (Expand)Author
2009-02-16pfsync v5, mostly written at n2k9, but based on work done at n2k8.David Gwynne
2009-01-29Split the address selection from pools away from pf.c and put it inPierre-Yves Ritschard
2008-11-24Fix splasserts seen in pr 5987 by propagating a flag that discribesMike Belopuhov
2008-10-08Get rid of the second table entry pool (pfr_kentry_pl2); we're alreadyRyan Thomas McBride
2008-09-22Reorder PFSTATE_PFLOW define:Marco Pfatschbacher
2008-09-09welcome pflow(4), a netflow v5 compatible flow export interface.Henning Brauer
2008-08-26introduce a function to be called when addressing information has changed,Henning Brauer
2008-07-03link pf state keys to tcp pcbs and vice versa.Henning Brauer
2008-06-29Simplify state creation code; merge state import/export code between pfsyncRyan Thomas McBride
2008-06-11store a pointer to the stack side state key in the mbuf packetHenning Brauer
2008-06-10Make counters on table addresses optional and disabled by default.Ryan Thomas McBride
2008-06-10save somespace in the state by collapsing two 8 bit ints used as booleansHenning Brauer
2008-06-10implement a sloppy tcpstate tracker which does not look at sequenceHenning Brauer
2008-05-30trivial KNF before we go furtherHenning Brauer
2008-05-29Second half of PF state table rearrangement.Ryan Thomas McBride
2008-05-29rewrite the state table logic.Henning Brauer
2008-05-18KNFRyan Thomas McBride
2008-05-09Add support to kill states by rule label or state id.Marco Pfatschbacher
2008-05-09divert packets to local socket without modifying the ip header;Markus Friedl
2008-05-08reorder elements in pf_state_peer to avoid wasting memory. cvs blameTheo de Raadt
2008-05-07scrub packets based on tags; ok henningMarkus Friedl
2008-05-07allow setting TOS with scrub; ok mcbride, claudioMarkus Friedl
2008-05-06Add a counter to record how many states have been created by a rule.Marco Pfatschbacher
2008-05-05remove a useless refcnt in pf_state_key.Henning Brauer
2007-12-02DIOC{GET,ADD}STATE incorrectly use a user provided pointer without usingChristopher Pascoe
2007-09-27Add loginterface support for groups.Marco Pfatschbacher
2007-08-31zap unused "pf_tag" structure.Thordur I. Bjornsson
2007-08-30mechanic change:Henning Brauer
2007-08-30add support for address ranges ("from 10.1.2.50 - 10.1.3.75") in from/toDaniel Hartmeier
2007-07-13remove obsolete pfi_statehead and pfik_w_states; ok henning@Markus Friedl
2007-06-25pretty mechanical change: now that the state tables use seperate stateHenning Brauer
2007-06-24Save some bytes and make code more readable by removing junk union andRyan Thomas McBride
2007-06-21reimplement interface bound states in a non-retarded way.Henning Brauer
2007-06-11move definitions for the flags in the mbuf header used by pf to mbuf.hHenning Brauer
2007-06-01factor out duplicated code to allocate state key and cross-reference itHenning Brauer
2007-05-31Make sure that pf_state_key and pf_state_key_cmp are in sync.Ryan Thomas McBride
2007-05-31Move the state id and creatorid (used mainly by pfsync) into struct pf_state.Ryan Thomas McBride
2007-05-31First step of rearranging pf's state table internals...Ryan Thomas McBride
2007-05-28double pf performance.Henning Brauer
2007-02-23if machine has more than 100MB of physmem, default the max table entriesTheo de Raadt
2007-02-09allow counters to be reset with DIOCGETRULES.Henning Brauer
2006-12-13IPv6 passive OS fingerprinting.Jun-ichiro itojun Hagino
2006-11-20ioctl to explicitly remove source tracking nodes,Ryan Thomas McBride
2006-10-27Split ruleset manipulation functions out into pf_ruleset.c to allow them toRyan Thomas McBride
2006-10-25add a "u_int8_t logif" to struct pfrule to select to which pflog interfaceHenning Brauer
2006-10-17increase max pf tag name size from 16 to 64 characters.Reyk Floeter
2006-10-11Allow the 'quick' keyword on an anchor. IFF there is a matching rule insideRyan Thomas McBride
2006-07-06allow rules to point to an alternate routing table, and tag packetsHenning Brauer
2006-05-28Enable adaptive timeouts by default, with adaptive.start of 60% of theRyan Thomas McBride
2006-03-14implement a Unicast Reverse Path Forwarding (uRPF) check for pf(4)Damien Miller