Age | Commit message (Expand) | Author |
2001-09-14 | binat non icmp/udp/tcp protocols as well; ok dhartmei@ | jasoni |
2001-09-11 | Undo BINAT translation when blocking with return-rst/-icmp. | Daniel Hartmeier |
2001-09-08 | initialize variable and more careful bounts checking; okay frantzen@ | Niels Provos |
2001-09-06 | Reflect skip step changes. Spotted by Ryan McBride. | Daniel Hartmeier |
2001-09-06 | 1:1 bidrectional NAT (binat); ok dhartmei@ and frantzen@ | jasoni |
2001-09-05 | Handle uh_sum == 0x0000 correctly. Before, UDP packet checksums were | Daniel Hartmeier |
2001-09-05 | s/pf_natlook/pfioc_natlook (ioctl parameter struct) | Daniel Hartmeier |
2001-09-04 | Add skip steps for interface (ifp). | Daniel Hartmeier |
2001-09-04 | #define empty PFLOG_PACKET correctly (no side effects). Closes PR2044. | Daniel Hartmeier |
2001-09-01 | Inherit baudrate from parent. Now MRTG will show vlan interfaces ;) | Chris Cappuccio |
2001-08-31 | Forgot to commit frag expire tuning before | Mike Frantzen |
2001-08-28 | Add new ioctls to securelevel check, from Can Erkin Acar | Daniel Hartmeier |
2001-08-28 | Bump state timeouts and allow tweaking them from pfctl. | Mike Frantzen |
2001-08-26 | 2nd uninitialized variable that bit me today | Niklas Hallqvist |
2001-08-25 | PF ISN randomization. Or in trekkie techno-babble, ISN phase modulation. | Mike Frantzen |
2001-08-22 | Correct the setup of the intial TCP state window and pre-validate th_ack | Mike Frantzen |
2001-08-22 | Fix panic in pf (was my fault) caused by a bad key compare optimization | Mike Frantzen |
2001-08-21 | KNF | Theo de Raadt |
2001-08-21 | cut/pasto in rule flushing code (using wrong list); base on patch from Henk v... | Jason Wright |
2001-08-21 | Add support for SIOCADDMULTI & SIOCDELMULTI; NetBSD | brian |
2001-08-21 | Pass closing TCP connections through looser state machine (handle Solaris' | Mike Frantzen |
2001-08-19 | Add new ioctls for adding/removing RDR and NAT rules to/from the active | Daniel Hartmeier |
2001-08-19 | Quick optimization of pf_tree_key_compare (should half the instruction count) | Mike Frantzen |
2001-08-19 | Make more money for mickey (count entire IP packets for statistics, not just | Daniel Hartmeier |
2001-08-19 | Yet another batch of improvements and un-fuckups to the TCP state code. | Mike Frantzen |
2001-08-19 | Add per-rule byte counter, so mickey can do accounting. We're counting the | Daniel Hartmeier |
2001-08-19 | Add per-rule statistics (number of evaluations and number of packets). | Daniel Hartmeier |
2001-08-19 | Unfuck some TCP state stuff that would drop the SYN|ACK. | Mike Frantzen |
2001-08-19 | compile w/out INET | Jason Wright |
2001-08-19 | Loosened TCP state code which should allow stupid stacks to shotgun their | Mike Frantzen |
2001-08-18 | Add new ioctl for adding/removing individual rules to/from the active rule set. | Daniel Hartmeier |
2001-08-18 | make pfctl -s state SCREAM; frantzen is now happy | Theo de Raadt |
2001-08-12 | now, that kernel compiles, i can go get an ash tray somewhere | Michael Shalayeff |
2001-08-11 | Add support for ICMP errors referring to ICMP queries/replies. Fixes | Daniel Hartmeier |
2001-08-05 | Actually, move the check inside the switch. | Angelos D. Keromytis |
2001-08-05 | Only flush the policies if the message type is UNSPEC. | Angelos D. Keromytis |
2001-08-03 | Use IFCAP_VLAN_MTU and IFCAP_VLAN_HWTAGGING capabilities: | Chris Cappuccio |
2001-08-03 | simplify previous fix (0-length mbuf in mbuf chain). from freebsd | Jun-ichiro itojun Hagino |
2001-08-02 | do not exit loop even if m_len == 0. it is legal to have an mbuf with | Jun-ichiro itojun Hagino |
2001-08-02 | KNF | Theo de Raadt |
2001-08-01 | stateless tcp normalization along the lines of the normalization paper by | Niels Provos |
2001-07-30 | never before has a file so often deviated from KNF | Theo de Raadt |
2001-07-30 | use queue.h macros | Jason Wright |
2001-07-29 | Implement rule skipping. This is a transparent evaluation optimization, | Daniel Hartmeier |
2001-07-27 | PF_IN/PF_OUT aren't defined if NPF <= 0, deal with it. | Jason Wright |
2001-07-27 | variable name "gif" is way too generic - use "gif_softc". sync with kame | Jun-ichiro itojun Hagino |
2001-07-25 | nat proxy port randomization by ben fleis. | Daniel Hartmeier |
2001-07-25 | Make sure pkthdr.rcvif is correct before calling pf_test() | Jason Wright |
2001-07-25 | - unconditionalize call to bridge_input() (fewer #ifdef's and NPF>0 is defaul... | Jason Wright |
2001-07-25 | Initialization of arpcom * based on ifp was too soon: ifp can change as | Jason Wright |