Age | Commit message (Collapse) | Author | |
---|---|---|---|
2001-07-03 | Use PADUP() instead of hand-crafted weirdness; also, it's supposed to | Angelos D. Keromytis | |
be "strlen(c) + 1", not just "strlen(c)". | |||
2001-07-03 | grr, you guys keep not obeying KNF | Theo de Raadt | |
2001-07-03 | add DIOCNATLOOK ioctl and pf_natlook structure, this enables a userland | Bob Beck | |
process recieving rdr'ed connections to look up the original destination of the connection before it was redirected - this enables the writing of transparent proxies. | |||
2001-07-02 | another memory leak | Niels Provos | |
2001-07-02 | fix memory leak | Niels Provos | |
2001-07-01 | -Wall | Dug Song | |
2001-07-01 | tag packets generated by pf (return-rst, return-icmp) so they are not ↵ | Daniel Hartmeier | |
filtered, use existing icmp_error() and ip_output(). ok dugsong@, frantzen@ | |||
2001-07-01 | Add port ranges to the rdr directive. Connections can be redirected | Kjell Wooding | |
to either a range of the same size, or a single port. Redirects between ranges of different sizes are not supported. Eg: rdr dc0 10.0.0.0/24 port 60000:61000 -> 127.0.0.1 port 65530:* proto udp rdr xl0 0.0.0.0/0 port 6660:6669 -> 127.0.0.1 port 6667 proto tcp This replaces the wildcard port patch (when port = 0), as it should no longer be necessary. ok dhartmei@ | |||
2001-07-01 | for ICMP error messages refering to TCP packets, only use the first 8 bytes ↵ | Daniel Hartmeier | |
of the TCP header. drop ackskew test and th_sum update. | |||
2001-07-01 | Add missing space in debug message. | Angelos D. Keromytis | |
2001-07-01 | Fix length check, add some more sanity checks on INET6. | Angelos D. Keromytis | |
2001-07-01 | KNF, and add DPRINTFs all over the place. | Angelos D. Keromytis | |
2001-06-29 | Move ifq_maxlen setting to if_attach(). Doing it at if_init() is wrong, | Federico G. Schwindt | |
and has been wrong since PnP devices (pcmcia, carbus, etc) shown up. If you forgot to set ifq_maxlen somewhere in the driver, you're gonna see baaaad things; jason@ ok, angelos@ "should be ok" , theo "don't understand why". | |||
2001-06-29 | Prepend pf_ to limit potential namespace problems, shorten some lines. | Niklas Hallqvist | |
2001-06-29 | list instead of tailq for frents, use pool hardlimits, correctly free | Niels Provos | |
after complete reassembly | |||
2001-06-29 | Fix PF_SCRUB enumerator. | Angelos D. Keromytis | |
2001-06-29 | fix counter/reason array usage | Daniel Hartmeier | |
2001-06-28 | lower hiwat limits, enforce hi water mark | Niels Provos | |
2001-06-28 | add tree traversal code (new pf_tree_node->parent), dump states TAILQ and ↵ | Daniel Hartmeier | |
traverse a tree instead. | |||
2001-06-28 | wrap 5-tuple rule match with MATCH_TUPLE. from ben fleis <ben@monkey.org> | Dug Song | |
2001-06-28 | forgot to init fr_timeout | Niels Provos | |
2001-06-28 | first stab at packet normalization. includes full ip reassembly. | Niels Provos | |
okay dhartmei@, dugsong@ | |||
2001-06-28 | Disallow filter modification when the system is "highly secure". | Hugh Graham | |
Passed by dhartmei. | |||
2001-06-27 | change pf_tree_key->addr[2] from u_int32_t to struct in_addr for Niels | Daniel Hartmeier | |
2001-06-27 | in rdr rules, let port 0 be the port wildcard; ok dhartmei@ | jasoni | |
2001-06-27 | change pf_tree_node->state to void *, so Niels can use a tree for fragment ↵ | Daniel Hartmeier | |
handling | |||
2001-06-27 | use proper icmp define | Niels Provos | |
2001-06-27 | add -z flag for zeroing statistics. -s status no longer resets anything | Kjell Wooding | |
2001-06-27 | add microtime, which seems to have gotten lost. | Kjell Wooding | |
2001-06-27 | IPFILTER->NPF | Angelos D. Keromytis | |
2001-06-27 | introduce the ALTQ queue macros into sys/net files. | Kenjiro Cho | |
the new model removes direct references to the fields in ifp->if_snd, and defines the following macros to manipulate ifp->if_snd. IFQ_ENQUEUE(ifq, m, pktattr, err) IFQ_DEQUEUE(ifq, m) IFQ_POLL(ifq, m) IFQ_PURGE(ifq) IFQ_IS_EMPTY(ifq) the new model also enforces some rules regarding how to use these macros. details are descrined in http://www.csl.sony.co.jp/~kjc/software/altq-new-design.txt | |||
2001-06-27 | ALTQ base modifications to the kernel. | Kenjiro Cho | |
- ALTQ introduces a set of new queue macros that coexist with the traditional IF_XXX macros. - "struct ifaltq" replaces "struct ifqueue" in "struct ifnet". - assign cdev major 74 for i386 and 54 for alpha as ALTQ control interface. | |||
2001-06-27 | Don't bzero() after doing a TAILQ_INIT()... | Angelos D. Keromytis | |
2001-06-27 | Initialize acquire state list in newly allocated policy. | Angelos D. Keromytis | |
2001-06-27 | state counter changes | Theo de Raadt | |
2001-06-27 | big KNF | Theo de Raadt | |
2001-06-27 | remove unneccessary check in ioctl | Theo de Raadt | |
2001-06-27 | Get rid of M_COPY_* macros; either use M_MOVE_* or M_DUP_*, depending | Angelos D. Keromytis | |
on how macros should be treated. Code by fgsch@, ok by me and itojun@ | |||
2001-06-27 | typo | Dug Song | |
2001-06-27 | for other protocols, keep correct track of match stats | Niels Provos | |
2001-06-27 | handle non-TCP/UDP/ICMP protocols | Dug Song | |
2001-06-27 | remove print_ip, its unused | Niels Provos | |
2001-06-27 | clean up TAILQ usage | Niels Provos | |
2001-06-27 | KNF | Niels Provos | |
2001-06-27 | KNF | Niels Provos | |
2001-06-27 | only set reason code match if there was a rule that we matched | Niels Provos | |
2001-06-27 | Don't cache packets that hit policies -- we'll do that at the PCB for | Angelos D. Keromytis | |
local packets. | |||
2001-06-26 | update match counts | Niels Provos | |
2001-06-26 | name comparison operators | Dug Song | |
2001-06-26 | fix PFRES_MAX handling | Theo de Raadt | |