summaryrefslogtreecommitdiff
path: root/sys/net
AgeCommit message (Expand)Author
2003-05-10Pass ICMP error messages referring to non-TCP/UDP/ICMP packets statefully,Daniel Hartmeier
2003-05-10Support return-icmp for 'other' protocols (non-TCP/UDP/ICMP), for instanceDaniel Hartmeier
2003-05-10Prepare pf_change_icmp() for parameter ip == NULL use.Daniel Hartmeier
2003-05-06Fix a bug that prevents rdr/binat (but not nat) from working for protocolsDaniel Hartmeier
2003-05-06string cleaning; tedu okTheo de Raadt
2003-05-03string fixes; tedu okTheo de Raadt
2003-05-03just as a safety measure, set m_flags to 0 for mbufs allocated on stack.Jun-ichiro itojun Hagino
2003-05-01use "tokenbroadcastaddr" throughout the code for consistency. deraadt okJun-ichiro itojun Hagino
2003-04-30Allow tables to be loaded into anchors.Cedric Berger
2003-04-27Update the pfioc_table IOCTL structure.Cedric Berger
2003-04-25Fix nat proxy port allocation. In case a range was manually specified,Daniel Hartmeier
2003-04-23Move m_copyback() to uipc_mbuf where it makes some kinda sense; ok dhartmeiJason Wright
2003-04-18Add code to set the TUN_* flags for INET6 addresses too. This allows aJason Wright
2003-04-11set/update the queue IDs on filter rules (qid and pqid) onHenning Brauer
2003-04-09KNFHenning Brauer
2003-04-09Change pf_state structure to point to both a rule and the anchor,Cedric Berger
2003-04-07Catch and refuse rules with invalid ICMP types (> 40), ok cedric@Daniel Hartmeier
2003-04-05Stick pf_default_rule everytime a packet pass because of theCedric Berger
2003-04-05Replace the timeout variables by the content of the timeoutCedric Berger
2003-04-05Cleanup by replacing a bunch of "(*rm)" by just "r"Cedric Berger
2003-04-04KNFTheo de Raadt
2003-04-03Back out my last change, which was incorrect or incomplete.Cedric Berger
2003-04-03Remove (state->rule.ptr != NULL) tests: this is always true now.Cedric Berger
2003-04-01When using bpf(4) in immediate mode, and using kevent(2) to receiveArtur Grabowski
2003-03-31Protect tdb access w/ spltdb; Patrick LatifiTodd C. Miller
2003-03-31Only delete rule structure when no state refer to it.Cedric Berger
2003-03-25Missing splx(); Patrick LatifiTodd C. Miller
2003-03-24Tree patches from c.pascoe at itee dot uq dot edu dot au:Jason Wright
2003-03-21- Add missing "\n" to some pf_table.c printf()Cedric Berger
2003-03-14Correctly flag out radix_node entries with RNF_ROOT flag set: this is notCedric Berger
2003-03-13Plug slow memory leak (radix_mask structure).Cedric Berger
2003-03-11forward 8021Q packets with vlan header if the destination interface hasMarkus Friedl
2003-03-11Missing break, unintentional fall-through. Found by Kimmo Mösö.Daniel Hartmeier
2003-03-09tighten the TCP state code in relation to a FIN before any server responsesMike Frantzen
2003-03-09use MGETHDR instead of MGET for the first mbuf.Kenjiro Cho
2003-03-05Small fixes after code review, mostly on error path.Cedric Berger
2003-03-04(really) support user/group rules with 'inet6'Philipp Buehler
2003-03-03Make "pfctl -ss" output easier to parse. NO TRAFFIC -> NO_TRAFFIC.Cedric Berger
2003-03-02Use priority queue for TCP ACKs that have no payload. Very useful onDaniel Hartmeier
2003-02-28splsoftnet() around rn_lookup() which is not thread-safe.Cedric Berger
2003-02-27make packet classification for altq work in the IPv6 caseHenning Brauer
2003-02-27Repair IPv6 support for tables.Cedric Berger
2003-02-25- Handle src and dst comparisons correctly for binat so that it worksRyan Thomas McBride
2003-02-24SADB_X_CALG_MAX is supposed to be the highest numbered supported algorithmJason Wright
2003-02-23typo in export_auth; ok ho@Markus Friedl
2003-02-21Plug two mbuf leak on error bugs, one from dhartmei one from me.Jason Wright
2003-02-18Enforce min-ttl and random-id on inbound scrub as well as outbound.Camiel Dobbelaar
2003-02-17enqueue the copy that was just made, not the original (probably fixes kernel/...Jason Wright
2003-02-16KNFTheo de Raadt
2003-02-16KNFJason Wright