summaryrefslogtreecommitdiff
path: root/sys/net
AgeCommit message (Expand)Author
2011-12-21Just use pd->sidx and pd->didx to reverse the state key argumentsMarco Pfatschbacher
2011-12-21don't attempt to run pf_translate on fragments: it will fail miserably.Mike Belopuhov
2011-12-19improve the icmp direction check to deal correctly with af-to statesMike Belopuhov
2011-12-12fixup af-to regression with match rulesMike Belopuhov
2011-12-06Remove needless temporary variable for greater clarity.Bret Lambert
2011-12-06don't duplicate rtfree actions taken by rtrequest1() in rtdeletemsg()Bret Lambert
2011-12-06simplify the somewhat-tangled conditional maze in rt_getifa()Bret Lambert
2011-12-02Kill unused IFCAP_IPSEC and IFCAP_IPCOMP.Christiano F. Haesbaert
2011-12-01Make sure we only enter pf_route() when undefering in the PF_ROUTETO case.Ryan Thomas McBride
2011-11-29use a u_int64_t for the state id in pfsync_state. this makes it consistentDavid Gwynne
2011-11-28deprecate PFTM_UNTIL_PACKET. nothing in the tree uses it, andDavid Gwynne
2011-11-27Protect more operations in the pfsync_clone_destroy to preventMike Belopuhov
2011-11-27Kill old comment, we already do 802.1p tagging.Christiano F. Haesbaert
2011-11-26Tie the 802.1p (CoS) value in vlan(4) with the new prio scheme in pf.Christiano F. Haesbaert
2011-11-26Apply route-to to deferred packet; without this the first packet of aRyan Thomas McBride
2011-11-25fix compile errors without INET6. no binary change.YASUOKA Masahiko
2011-11-25use time_uptime to set state creation values as time_second can beDavid Gwynne
2011-11-16Improve flag setting ioctl so that bulk updates are requestedMike Belopuhov
2011-11-12Fix a commentClaudio Jeker
2011-11-09State expire time is a baseline time ("last active") for expiryCamiel Dobbelaar
2011-11-04Select a correct protocol for a stack side state key when importingMike Belopuhov
2011-11-02Expose if_capabilities to userland so that ifconfig can display theChristiano F. Haesbaert
2011-10-31Don't forget to cancel bulk update failure timeout when destroying anMike Belopuhov
2011-10-30Allow setting big MTU values on the pfsync interface but not largerMike Belopuhov
2011-10-28Take more care to ensure all callbacks are initialized. In particularKenneth R Westerback
2011-10-25i didnt copy the tun code properly. fix a use of an uninitted value foundDavid Gwynne
2011-10-24Don't detach interface from group in if_clone_destroy(),Camiel Dobbelaar
2011-10-21strengthen some checks to prevent m_copy* routines from operatingMike Belopuhov
2011-10-21add forgotten fixup for icmp6 id's when translating; ok henningMike Belopuhov
2011-10-20remove a bogus chunk accidentally introduced by mcbride in rev1.141;Mike Belopuhov
2011-10-15Added "provision for rewound PPP frames" that allows receivingYASUOKA Masahiko
2011-10-13Since the IPv6 madness is not enough introduce NAT64 -- which is actuallyClaudio Jeker
2011-10-07rename some vars and functionsHenning Brauer
2011-10-07remove inaccurate comment - we don't have state tableS any more, there isHenning Brauer
2011-10-07pf_poolqueue is long dead, remove corpses. from eurobsdcon, ryan okHenning Brauer
2011-09-28As requested by henning, move the mbuf pointer into struct pf_pdesc.Alexander Bluhm
2011-09-22As I have touched half of pf lines anyway, fix whitespaces now.Alexander Bluhm
2011-09-21Check the protocol header length for tcp, udp, icmp, icmp6 inAlexander Bluhm
2011-09-20pf_setup_pdesc() panics if address family is neither AF_INET norAlexander Bluhm
2011-09-20Put kif and dir into pdesc an use this instead of passing the valuesAlexander Bluhm
2011-09-19Consolidate pf function parameters. Move off and hdrlen into pdescAlexander Bluhm
2011-09-18Move the pdesc initialization code into pf_setup_pdesc(). UnifyAlexander Bluhm
2011-09-18Fix various format string types to as a minimum match the width of theMiod Vallat
2011-09-18Move the call to pf_test_rule() for fragments that have not beenAlexander Bluhm
2011-09-17The pd->ip_sum and pd->proto_sum fields are not needed. ReplaceAlexander Bluhm
2011-09-17move initialisation of pd->nsaddr and pd->ndaddr from pf_test_rule toHenning Brauer
2011-09-17Deduplicate IPv4 and IPv6 code that handles fragments that have notAlexander Bluhm
2011-08-30Add support for one shot rules that remove themselves from an activeMike Belopuhov
2011-08-21Use the lowest available unit number for new pppx ifs. SomewhatJonathan Matthew
2011-08-20Fix packet accounting in error cases.Ryan Thomas McBride