summaryrefslogtreecommitdiff
path: root/sys/net
AgeCommit message (Collapse)Author
2001-06-27Get rid of M_COPY_* macros; either use M_MOVE_* or M_DUP_*, dependingAngelos D. Keromytis
on how macros should be treated. Code by fgsch@, ok by me and itojun@
2001-06-27typoDug Song
2001-06-27for other protocols, keep correct track of match statsNiels Provos
2001-06-27handle non-TCP/UDP/ICMP protocolsDug Song
2001-06-27remove print_ip, its unusedNiels Provos
2001-06-27clean up TAILQ usageNiels Provos
2001-06-27KNFNiels Provos
2001-06-27KNFNiels Provos
2001-06-27only set reason code match if there was a rule that we matchedNiels Provos
2001-06-27Don't cache packets that hit policies -- we'll do that at the PCB forAngelos D. Keromytis
local packets.
2001-06-26update match countsNiels Provos
2001-06-26name comparison operatorsDug Song
2001-06-26fix PFRES_MAX handlingTheo de Raadt
2001-06-26array of counters indexed by reason codesTheo de Raadt
2001-06-26rules have numbers now, use them. add two spl locks.Daniel Hartmeier
2001-06-26clean up copyrightNiels Provos
2001-06-26rule nr is in rule nowNiels Provos
2001-06-26add rule nr for NielsDaniel Hartmeier
2001-06-26pass rule to logging for state matchesNiels Provos
2001-06-26log-all causes state matches to log packets to pflogNiels Provos
2001-06-26add rule pointer and log option to statesDaniel Hartmeier
2001-06-26get rid of another printfNiels Provos
2001-06-26use reasons in pull_hdr, default log if pull_hdr fails. okay deraadt@Niels Provos
2001-06-26Use pool(9) for IPsec policy structures.Angelos D. Keromytis
2001-06-26Keep the PFKEY sequence number at the TDB, plus a little bit of KNFAngelos D. Keromytis
2001-06-26no longer pass around **mTheo de Raadt
2001-06-26deal with NULL rule being passed to loggingNiels Provos
2001-06-26fix logging. the ip header is contained in the first mbuf. itojun and me.Niels Provos
2001-06-26forgot htonsNiels Provos
2001-06-26add a subreason to the link header to allow us to determine why a packet wasNiels Provos
dropped or passed. from discussion with theo and me.
2001-06-26allow 0.0.0.0/x in rulesPeter Stromberg
2001-06-26more suitable error values when DIOCSTART/STOP fail; peters@telia.netDaniel Hartmeier
2001-06-26no // commentsMarkus Friedl
2001-06-26KNFAngelos D. Keromytis
2001-06-26avoid useless m_copybackJun-ichiro itojun Hagino
2001-06-26use m_copydata for 1st ip header too.Jun-ichiro itojun Hagino
2001-06-26avoid m_pulldown (and mbuf alloc/free).Jun-ichiro itojun Hagino
- copy the data content of mbuf to local data structure by m_copydata. - if we did any NAT operation, copy the updated content back by m_copyback. XXX PFLOG_PACKET will now log the original packet, before the NAT. is it correct? XXX does not do m_copyback on PF_DROP case. is it okay?
2001-06-26pass ip header offset to child functions. a preparation forJun-ichiro itojun Hagino
m_pulldown -> m_copydata transition.
2001-06-26Replicated TCP sequence tracking code in PF from Guido's IPF paper.Mike Frantzen
2001-06-26sighNiels Provos
2001-06-26pflog_packet fails on NULL mbufNiels Provos
2001-06-26mea culpaDaniel Hartmeier
2001-06-25extend the logging via a new link header type. export interface, direction,Niels Provos
action and rule nr.
2001-06-25remaining lists converted to TAILQsDaniel Hartmeier
2001-06-25use TAILQ instead of homegrown list, other lists will followDaniel Hartmeier
2001-06-25ANSIfyArtur Grabowski
2001-06-25first stab at packet logging for pf. inspired by late night dreams of art.Niels Provos
we just pass drop and passed packets to different pseudo interface that can be listened to with bpf.
2001-06-25Unnecessary gotos.Artur Grabowski
2001-06-25Rework COMMITRULES.Artur Grabowski
First we swap in the new rules, then we free the old (freeing can be done outside splnet).
2001-06-25revised ioctl interface, first getopt version of pfctlDaniel Hartmeier
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-24 15:29:43 +0000