Age | Commit message (Expand) | Author |
2011-12-21 | Just use pd->sidx and pd->didx to reverse the state key arguments | Marco Pfatschbacher |
2011-12-21 | don't attempt to run pf_translate on fragments: it will fail miserably. | Mike Belopuhov |
2011-12-19 | improve the icmp direction check to deal correctly with af-to states | Mike Belopuhov |
2011-12-12 | fixup af-to regression with match rules | Mike Belopuhov |
2011-12-06 | Remove needless temporary variable for greater clarity. | Bret Lambert |
2011-12-06 | don't duplicate rtfree actions taken by rtrequest1() in rtdeletemsg() | Bret Lambert |
2011-12-06 | simplify the somewhat-tangled conditional maze in rt_getifa() | Bret Lambert |
2011-12-02 | Kill unused IFCAP_IPSEC and IFCAP_IPCOMP. | Christiano F. Haesbaert |
2011-12-01 | Make sure we only enter pf_route() when undefering in the PF_ROUTETO case. | Ryan Thomas McBride |
2011-11-29 | use a u_int64_t for the state id in pfsync_state. this makes it consistent | David Gwynne |
2011-11-28 | deprecate PFTM_UNTIL_PACKET. nothing in the tree uses it, and | David Gwynne |
2011-11-27 | Protect more operations in the pfsync_clone_destroy to prevent | Mike Belopuhov |
2011-11-27 | Kill old comment, we already do 802.1p tagging. | Christiano F. Haesbaert |
2011-11-26 | Tie the 802.1p (CoS) value in vlan(4) with the new prio scheme in pf. | Christiano F. Haesbaert |
2011-11-26 | Apply route-to to deferred packet; without this the first packet of a | Ryan Thomas McBride |
2011-11-25 | fix compile errors without INET6. no binary change. | YASUOKA Masahiko |
2011-11-25 | use time_uptime to set state creation values as time_second can be | David Gwynne |
2011-11-16 | Improve flag setting ioctl so that bulk updates are requested | Mike Belopuhov |
2011-11-12 | Fix a comment | Claudio Jeker |
2011-11-09 | State expire time is a baseline time ("last active") for expiry | Camiel Dobbelaar |
2011-11-04 | Select a correct protocol for a stack side state key when importing | Mike Belopuhov |
2011-11-02 | Expose if_capabilities to userland so that ifconfig can display the | Christiano F. Haesbaert |
2011-10-31 | Don't forget to cancel bulk update failure timeout when destroying an | Mike Belopuhov |
2011-10-30 | Allow setting big MTU values on the pfsync interface but not larger | Mike Belopuhov |
2011-10-28 | Take more care to ensure all callbacks are initialized. In particular | Kenneth R Westerback |
2011-10-25 | i didnt copy the tun code properly. fix a use of an uninitted value found | David Gwynne |
2011-10-24 | Don't detach interface from group in if_clone_destroy(), | Camiel Dobbelaar |
2011-10-21 | strengthen some checks to prevent m_copy* routines from operating | Mike Belopuhov |
2011-10-21 | add forgotten fixup for icmp6 id's when translating; ok henning | Mike Belopuhov |
2011-10-20 | remove a bogus chunk accidentally introduced by mcbride in rev1.141; | Mike Belopuhov |
2011-10-15 | Added "provision for rewound PPP frames" that allows receiving | YASUOKA Masahiko |
2011-10-13 | Since the IPv6 madness is not enough introduce NAT64 -- which is actually | Claudio Jeker |
2011-10-07 | rename some vars and functions | Henning Brauer |
2011-10-07 | remove inaccurate comment - we don't have state tableS any more, there is | Henning Brauer |
2011-10-07 | pf_poolqueue is long dead, remove corpses. from eurobsdcon, ryan ok | Henning Brauer |
2011-09-28 | As requested by henning, move the mbuf pointer into struct pf_pdesc. | Alexander Bluhm |
2011-09-22 | As I have touched half of pf lines anyway, fix whitespaces now. | Alexander Bluhm |
2011-09-21 | Check the protocol header length for tcp, udp, icmp, icmp6 in | Alexander Bluhm |
2011-09-20 | pf_setup_pdesc() panics if address family is neither AF_INET nor | Alexander Bluhm |
2011-09-20 | Put kif and dir into pdesc an use this instead of passing the values | Alexander Bluhm |
2011-09-19 | Consolidate pf function parameters. Move off and hdrlen into pdesc | Alexander Bluhm |
2011-09-18 | Move the pdesc initialization code into pf_setup_pdesc(). Unify | Alexander Bluhm |
2011-09-18 | Fix various format string types to as a minimum match the width of the | Miod Vallat |
2011-09-18 | Move the call to pf_test_rule() for fragments that have not been | Alexander Bluhm |
2011-09-17 | The pd->ip_sum and pd->proto_sum fields are not needed. Replace | Alexander Bluhm |
2011-09-17 | move initialisation of pd->nsaddr and pd->ndaddr from pf_test_rule to | Henning Brauer |
2011-09-17 | Deduplicate IPv4 and IPv6 code that handles fragments that have not | Alexander Bluhm |
2011-08-30 | Add support for one shot rules that remove themselves from an active | Mike Belopuhov |
2011-08-21 | Use the lowest available unit number for new pppx ifs. Somewhat | Jonathan Matthew |
2011-08-20 | Fix packet accounting in error cases. | Ryan Thomas McBride |