summaryrefslogtreecommitdiff
path: root/sys/net
AgeCommit message (Expand)Author
2001-09-14binat non icmp/udp/tcp protocols as well; ok dhartmei@jasoni
2001-09-11Undo BINAT translation when blocking with return-rst/-icmp.Daniel Hartmeier
2001-09-08initialize variable and more careful bounts checking; okay frantzen@Niels Provos
2001-09-06Reflect skip step changes. Spotted by Ryan McBride.Daniel Hartmeier
2001-09-061:1 bidrectional NAT (binat); ok dhartmei@ and frantzen@jasoni
2001-09-05Handle uh_sum == 0x0000 correctly. Before, UDP packet checksums wereDaniel Hartmeier
2001-09-05s/pf_natlook/pfioc_natlook (ioctl parameter struct)Daniel Hartmeier
2001-09-04Add skip steps for interface (ifp).Daniel Hartmeier
2001-09-04#define empty PFLOG_PACKET correctly (no side effects). Closes PR2044.Daniel Hartmeier
2001-09-01Inherit baudrate from parent. Now MRTG will show vlan interfaces ;)Chris Cappuccio
2001-08-31Forgot to commit frag expire tuning beforeMike Frantzen
2001-08-28Add new ioctls to securelevel check, from Can Erkin AcarDaniel Hartmeier
2001-08-28Bump state timeouts and allow tweaking them from pfctl.Mike Frantzen
2001-08-262nd uninitialized variable that bit me todayNiklas Hallqvist
2001-08-25PF ISN randomization. Or in trekkie techno-babble, ISN phase modulation.Mike Frantzen
2001-08-22Correct the setup of the intial TCP state window and pre-validate th_ackMike Frantzen
2001-08-22Fix panic in pf (was my fault) caused by a bad key compare optimizationMike Frantzen
2001-08-21KNFTheo de Raadt
2001-08-21cut/pasto in rule flushing code (using wrong list); base on patch from Henk v...Jason Wright
2001-08-21Add support for SIOCADDMULTI & SIOCDELMULTI; NetBSDbrian
2001-08-21Pass closing TCP connections through looser state machine (handle Solaris'Mike Frantzen
2001-08-19Add new ioctls for adding/removing RDR and NAT rules to/from the activeDaniel Hartmeier
2001-08-19Quick optimization of pf_tree_key_compare (should half the instruction count)Mike Frantzen
2001-08-19Make more money for mickey (count entire IP packets for statistics, not justDaniel Hartmeier
2001-08-19Yet another batch of improvements and un-fuckups to the TCP state code.Mike Frantzen
2001-08-19Add per-rule byte counter, so mickey can do accounting. We're counting theDaniel Hartmeier
2001-08-19Add per-rule statistics (number of evaluations and number of packets).Daniel Hartmeier
2001-08-19Unfuck some TCP state stuff that would drop the SYN|ACK.Mike Frantzen
2001-08-19compile w/out INETJason Wright
2001-08-19Loosened TCP state code which should allow stupid stacks to shotgun theirMike Frantzen
2001-08-18Add new ioctl for adding/removing individual rules to/from the active rule set.Daniel Hartmeier
2001-08-18make pfctl -s state SCREAM; frantzen is now happyTheo de Raadt
2001-08-12now, that kernel compiles, i can go get an ash tray somewhereMichael Shalayeff
2001-08-11Add support for ICMP errors referring to ICMP queries/replies. FixesDaniel Hartmeier
2001-08-05Actually, move the check inside the switch.Angelos D. Keromytis
2001-08-05Only flush the policies if the message type is UNSPEC.Angelos D. Keromytis
2001-08-03Use IFCAP_VLAN_MTU and IFCAP_VLAN_HWTAGGING capabilities:Chris Cappuccio
2001-08-03simplify previous fix (0-length mbuf in mbuf chain). from freebsdJun-ichiro itojun Hagino
2001-08-02do not exit loop even if m_len == 0. it is legal to have an mbuf withJun-ichiro itojun Hagino
2001-08-02KNFTheo de Raadt
2001-08-01stateless tcp normalization along the lines of the normalization paper byNiels Provos
2001-07-30never before has a file so often deviated from KNFTheo de Raadt
2001-07-30use queue.h macrosJason Wright
2001-07-29Implement rule skipping. This is a transparent evaluation optimization,Daniel Hartmeier
2001-07-27PF_IN/PF_OUT aren't defined if NPF <= 0, deal with it.Jason Wright
2001-07-27variable name "gif" is way too generic - use "gif_softc". sync with kameJun-ichiro itojun Hagino
2001-07-25nat proxy port randomization by ben fleis.Daniel Hartmeier
2001-07-25Make sure pkthdr.rcvif is correct before calling pf_test()Jason Wright
2001-07-25- unconditionalize call to bridge_input() (fewer #ifdef's and NPF>0 is defaul...Jason Wright
2001-07-25Initialization of arpcom * based on ifp was too soon: ifp can change asJason Wright