summaryrefslogtreecommitdiff
path: root/sys/net
AgeCommit message (Expand)Author
2001-07-03Use PADUP() instead of hand-crafted weirdness; also, it's supposed toAngelos D. Keromytis
2001-07-03grr, you guys keep not obeying KNFTheo de Raadt
2001-07-03add DIOCNATLOOK ioctl and pf_natlook structure, this enables a userlandBob Beck
2001-07-02another memory leakNiels Provos
2001-07-02fix memory leakNiels Provos
2001-07-01-WallDug Song
2001-07-01tag packets generated by pf (return-rst, return-icmp) so they are not filtere...Daniel Hartmeier
2001-07-01Add port ranges to the rdr directive. Connections can be redirectedKjell Wooding
2001-07-01for ICMP error messages refering to TCP packets, only use the first 8 bytes o...Daniel Hartmeier
2001-07-01Add missing space in debug message.Angelos D. Keromytis
2001-07-01Fix length check, add some more sanity checks on INET6.Angelos D. Keromytis
2001-07-01KNF, and add DPRINTFs all over the place.Angelos D. Keromytis
2001-06-29Move ifq_maxlen setting to if_attach(). Doing it at if_init() is wrong,Federico G. Schwindt
2001-06-29Prepend pf_ to limit potential namespace problems, shorten some lines.Niklas Hallqvist
2001-06-29list instead of tailq for frents, use pool hardlimits, correctly freeNiels Provos
2001-06-29Fix PF_SCRUB enumerator.Angelos D. Keromytis
2001-06-29fix counter/reason array usageDaniel Hartmeier
2001-06-28lower hiwat limits, enforce hi water markNiels Provos
2001-06-28add tree traversal code (new pf_tree_node->parent), dump states TAILQ and tra...Daniel Hartmeier
2001-06-28wrap 5-tuple rule match with MATCH_TUPLE. from ben fleis <ben@monkey.org>Dug Song
2001-06-28forgot to init fr_timeoutNiels Provos
2001-06-28first stab at packet normalization. includes full ip reassembly.Niels Provos
2001-06-28Disallow filter modification when the system is "highly secure".Hugh Graham
2001-06-27change pf_tree_key->addr[2] from u_int32_t to struct in_addr for NielsDaniel Hartmeier
2001-06-27in rdr rules, let port 0 be the port wildcard; ok dhartmei@jasoni
2001-06-27change pf_tree_node->state to void *, so Niels can use a tree for fragment ha...Daniel Hartmeier
2001-06-27use proper icmp defineNiels Provos
2001-06-27add -z flag for zeroing statistics. -s status no longer resets anythingKjell Wooding
2001-06-27add microtime, which seems to have gotten lost.Kjell Wooding
2001-06-27IPFILTER->NPFAngelos D. Keromytis
2001-06-27introduce the ALTQ queue macros into sys/net files.Kenjiro Cho
2001-06-27ALTQ base modifications to the kernel.Kenjiro Cho
2001-06-27Don't bzero() after doing a TAILQ_INIT()...Angelos D. Keromytis
2001-06-27Initialize acquire state list in newly allocated policy.Angelos D. Keromytis
2001-06-27state counter changesTheo de Raadt
2001-06-27big KNFTheo de Raadt
2001-06-27remove unneccessary check in ioctlTheo de Raadt
2001-06-27Get rid of M_COPY_* macros; either use M_MOVE_* or M_DUP_*, dependingAngelos D. Keromytis
2001-06-27typoDug Song
2001-06-27for other protocols, keep correct track of match statsNiels Provos
2001-06-27handle non-TCP/UDP/ICMP protocolsDug Song
2001-06-27remove print_ip, its unusedNiels Provos
2001-06-27clean up TAILQ usageNiels Provos
2001-06-27KNFNiels Provos
2001-06-27KNFNiels Provos
2001-06-27only set reason code match if there was a rule that we matchedNiels Provos
2001-06-27Don't cache packets that hit policies -- we'll do that at the PCB forAngelos D. Keromytis
2001-06-26update match countsNiels Provos
2001-06-26name comparison operatorsDug Song
2001-06-26fix PFRES_MAX handlingTheo de Raadt