summaryrefslogtreecommitdiff
path: root/sys/net
AgeCommit message (Collapse)Author
2001-07-03Use PADUP() instead of hand-crafted weirdness; also, it's supposed toAngelos D. Keromytis
be "strlen(c) + 1", not just "strlen(c)".
2001-07-03grr, you guys keep not obeying KNFTheo de Raadt
2001-07-03add DIOCNATLOOK ioctl and pf_natlook structure, this enables a userlandBob Beck
process recieving rdr'ed connections to look up the original destination of the connection before it was redirected - this enables the writing of transparent proxies.
2001-07-02another memory leakNiels Provos
2001-07-02fix memory leakNiels Provos
2001-07-01-WallDug Song
2001-07-01tag packets generated by pf (return-rst, return-icmp) so they are not ↵Daniel Hartmeier
filtered, use existing icmp_error() and ip_output(). ok dugsong@, frantzen@
2001-07-01Add port ranges to the rdr directive. Connections can be redirectedKjell Wooding
to either a range of the same size, or a single port. Redirects between ranges of different sizes are not supported. Eg: rdr dc0 10.0.0.0/24 port 60000:61000 -> 127.0.0.1 port 65530:* proto udp rdr xl0 0.0.0.0/0 port 6660:6669 -> 127.0.0.1 port 6667 proto tcp This replaces the wildcard port patch (when port = 0), as it should no longer be necessary. ok dhartmei@
2001-07-01for ICMP error messages refering to TCP packets, only use the first 8 bytes ↵Daniel Hartmeier
of the TCP header. drop ackskew test and th_sum update.
2001-07-01Add missing space in debug message.Angelos D. Keromytis
2001-07-01Fix length check, add some more sanity checks on INET6.Angelos D. Keromytis
2001-07-01KNF, and add DPRINTFs all over the place.Angelos D. Keromytis
2001-06-29Move ifq_maxlen setting to if_attach(). Doing it at if_init() is wrong,Federico G. Schwindt
and has been wrong since PnP devices (pcmcia, carbus, etc) shown up. If you forgot to set ifq_maxlen somewhere in the driver, you're gonna see baaaad things; jason@ ok, angelos@ "should be ok" , theo "don't understand why".
2001-06-29Prepend pf_ to limit potential namespace problems, shorten some lines.Niklas Hallqvist
2001-06-29list instead of tailq for frents, use pool hardlimits, correctly freeNiels Provos
after complete reassembly
2001-06-29Fix PF_SCRUB enumerator.Angelos D. Keromytis
2001-06-29fix counter/reason array usageDaniel Hartmeier
2001-06-28lower hiwat limits, enforce hi water markNiels Provos
2001-06-28add tree traversal code (new pf_tree_node->parent), dump states TAILQ and ↵Daniel Hartmeier
traverse a tree instead.
2001-06-28wrap 5-tuple rule match with MATCH_TUPLE. from ben fleis <ben@monkey.org>Dug Song
2001-06-28forgot to init fr_timeoutNiels Provos
2001-06-28first stab at packet normalization. includes full ip reassembly.Niels Provos
okay dhartmei@, dugsong@
2001-06-28Disallow filter modification when the system is "highly secure".Hugh Graham
Passed by dhartmei.
2001-06-27change pf_tree_key->addr[2] from u_int32_t to struct in_addr for NielsDaniel Hartmeier
2001-06-27in rdr rules, let port 0 be the port wildcard; ok dhartmei@jasoni
2001-06-27change pf_tree_node->state to void *, so Niels can use a tree for fragment ↵Daniel Hartmeier
handling
2001-06-27use proper icmp defineNiels Provos
2001-06-27add -z flag for zeroing statistics. -s status no longer resets anythingKjell Wooding
2001-06-27add microtime, which seems to have gotten lost.Kjell Wooding
2001-06-27IPFILTER->NPFAngelos D. Keromytis
2001-06-27introduce the ALTQ queue macros into sys/net files.Kenjiro Cho
the new model removes direct references to the fields in ifp->if_snd, and defines the following macros to manipulate ifp->if_snd. IFQ_ENQUEUE(ifq, m, pktattr, err) IFQ_DEQUEUE(ifq, m) IFQ_POLL(ifq, m) IFQ_PURGE(ifq) IFQ_IS_EMPTY(ifq) the new model also enforces some rules regarding how to use these macros. details are descrined in http://www.csl.sony.co.jp/~kjc/software/altq-new-design.txt
2001-06-27ALTQ base modifications to the kernel.Kenjiro Cho
- ALTQ introduces a set of new queue macros that coexist with the traditional IF_XXX macros. - "struct ifaltq" replaces "struct ifqueue" in "struct ifnet". - assign cdev major 74 for i386 and 54 for alpha as ALTQ control interface.
2001-06-27Don't bzero() after doing a TAILQ_INIT()...Angelos D. Keromytis
2001-06-27Initialize acquire state list in newly allocated policy.Angelos D. Keromytis
2001-06-27state counter changesTheo de Raadt
2001-06-27big KNFTheo de Raadt
2001-06-27remove unneccessary check in ioctlTheo de Raadt
2001-06-27Get rid of M_COPY_* macros; either use M_MOVE_* or M_DUP_*, dependingAngelos D. Keromytis
on how macros should be treated. Code by fgsch@, ok by me and itojun@
2001-06-27typoDug Song
2001-06-27for other protocols, keep correct track of match statsNiels Provos
2001-06-27handle non-TCP/UDP/ICMP protocolsDug Song
2001-06-27remove print_ip, its unusedNiels Provos
2001-06-27clean up TAILQ usageNiels Provos
2001-06-27KNFNiels Provos
2001-06-27KNFNiels Provos
2001-06-27only set reason code match if there was a rule that we matchedNiels Provos
2001-06-27Don't cache packets that hit policies -- we'll do that at the PCB forAngelos D. Keromytis
local packets.
2001-06-26update match countsNiels Provos
2001-06-26name comparison operatorsDug Song
2001-06-26fix PFRES_MAX handlingTheo de Raadt