summaryrefslogtreecommitdiff
path: root/sys/net
AgeCommit message (Expand)Author
2003-04-07Catch and refuse rules with invalid ICMP types (> 40), ok cedric@Daniel Hartmeier
2003-04-05Stick pf_default_rule everytime a packet pass because of theCedric Berger
2003-04-05Replace the timeout variables by the content of the timeoutCedric Berger
2003-04-05Cleanup by replacing a bunch of "(*rm)" by just "r"Cedric Berger
2003-04-04KNFTheo de Raadt
2003-04-03Back out my last change, which was incorrect or incomplete.Cedric Berger
2003-04-03Remove (state->rule.ptr != NULL) tests: this is always true now.Cedric Berger
2003-04-01When using bpf(4) in immediate mode, and using kevent(2) to receiveArtur Grabowski
2003-03-31Protect tdb access w/ spltdb; Patrick LatifiTodd C. Miller
2003-03-31Only delete rule structure when no state refer to it.Cedric Berger
2003-03-25Missing splx(); Patrick LatifiTodd C. Miller
2003-03-24Tree patches from c.pascoe at itee dot uq dot edu dot au:Jason Wright
2003-03-21- Add missing "\n" to some pf_table.c printf()Cedric Berger
2003-03-14Correctly flag out radix_node entries with RNF_ROOT flag set: this is notCedric Berger
2003-03-13Plug slow memory leak (radix_mask structure).Cedric Berger
2003-03-11forward 8021Q packets with vlan header if the destination interface hasMarkus Friedl
2003-03-11Missing break, unintentional fall-through. Found by Kimmo Mösö.Daniel Hartmeier
2003-03-09tighten the TCP state code in relation to a FIN before any server responsesMike Frantzen
2003-03-09use MGETHDR instead of MGET for the first mbuf.Kenjiro Cho
2003-03-05Small fixes after code review, mostly on error path.Cedric Berger
2003-03-04(really) support user/group rules with 'inet6'Philipp Buehler
2003-03-03Make "pfctl -ss" output easier to parse. NO TRAFFIC -> NO_TRAFFIC.Cedric Berger
2003-03-02Use priority queue for TCP ACKs that have no payload. Very useful onDaniel Hartmeier
2003-02-28splsoftnet() around rn_lookup() which is not thread-safe.Cedric Berger
2003-02-27make packet classification for altq work in the IPv6 caseHenning Brauer
2003-02-27Repair IPv6 support for tables.Cedric Berger
2003-02-25- Handle src and dst comparisons correctly for binat so that it worksRyan Thomas McBride
2003-02-24SADB_X_CALG_MAX is supposed to be the highest numbered supported algorithmJason Wright
2003-02-23typo in export_auth; ok ho@Markus Friedl
2003-02-21Plug two mbuf leak on error bugs, one from dhartmei one from me.Jason Wright
2003-02-18Enforce min-ttl and random-id on inbound scrub as well as outbound.Camiel Dobbelaar
2003-02-17enqueue the copy that was just made, not the original (probably fixes kernel/...Jason Wright
2003-02-16KNFTheo de Raadt
2003-02-16KNFJason Wright
2003-02-15skeleton support for LZS compressionJason Wright
2003-02-15s/LSZ/LZS (consistent with linux and isakmpd *.cst)Jason Wright
2003-02-12Address the NFS problems recently discussed in various threads.Daniel Hartmeier
2003-02-12Labels should be followed by statements (fix gcc3 warning).Henric Jungheim
2003-02-12Remove commons; inspired by netbsd.Jason Wright
2003-02-12Make r.rpool.proxy_port[] a consistent byte order to match cleanup inRyan Thomas McBride
2003-02-12Fix a bunch of pf_route() bugs:Ryan Thomas McBride
2003-02-09Slightly less noisy debug printf from pf_map_addr(), ok mcbride@Daniel Hartmeier
2003-02-08Add scrub option 'random-id', which replaces IP IDs with random valuesDaniel Hartmeier
2003-02-05Remove the confusing and more-or-less unnecessary temporaryRyan Thomas McBride
2003-02-01Make it build without INET6 again.Daniel Hartmeier
2003-02-01from Chris Pascoe <c.pascoe@itee.uq.edu.au>:Chris Cappuccio
2003-01-31The fix introduced with 1.294 to solve issues with route-to inDaniel Hartmeier
2003-01-31Check protocol (TCP/UDP/ICMP/ICMP6) checksums of all incoming packets,Daniel Hartmeier
2003-01-31Send a RST when an invalid packet matches a TCP state during theDaniel Hartmeier
2003-01-25Fix the behaviour of rdr rules which redirect to a range of ports;Ryan Thomas McBride