summaryrefslogtreecommitdiff
path: root/sys/net
AgeCommit message (Expand)Author
2001-10-17make sure we use same key for removal (AF_INET was missing), ok deraadt@, dha...Markus Friedl
2001-10-15Add 'allow-opts' to rules. Packets with IP options will be blocked byDaniel Hartmeier
2001-10-13Patch from Ryan McBride, fixes IPv6 return-rst problem, found byDaniel Hartmeier
2001-10-07fixes pr/2105Niels Provos
2001-10-05Fix bug in if_vlan which could cause crashes in timeouts and 'ifconfig -a'Dale Rahn
2001-10-03M_WAIT in ether_output is wrong. Fix APPLETALK stuff.Artur Grabowski
2001-10-02change timeval to bpf_timeval; 32 bit in size, permitting much greater portab...Theo de Raadt
2001-10-02Convert ip_off of the inner IP header to host order in pf_test_state_icmp().Daniel Hartmeier
2001-10-01Make number of vlan interfaces configurable from UKC.Niklas Hallqvist
2001-09-30Tune TCP fsm (99.7% - 99.9% accuracy over 1e6 connections)Mike Frantzen
2001-09-27The skip steps array was one element short (since adding steps for af).Daniel Hartmeier
2001-09-27switch without break. This caused the 'ICMP too short' messages, sinceDaniel Hartmeier
2001-09-27Fix th_ack calculation in pf_send_reset(). return-rst didn't work sinceDaniel Hartmeier
2001-09-23ipxintr was missingMichael Shalayeff
2001-09-23Bump up the tcp half closed timeout (single FIN) to an hourMike Frantzen
2001-09-21Fix natlook (broke ftp-proxy) and a memory leak.Daniel Hartmeier
2001-09-20document why we use random()Theo de Raadt
2001-09-20occured->occurredMike Pechkin
2001-09-20the use of arc4random() in ether_ifattach() is wrong as randomattach()Peter Galbavy
2001-09-19Patch from Ryan McBride. Compile without INET6, remove unnecessaryDaniel Hartmeier
2001-09-17icmpv6 nat fix, from Ryan McBrideDaniel Hartmeier
2001-09-16Add some missing lengths checks when passing data from userland toTodd C. Miller
2001-09-15The inner protocol of IPv4 ICMP error messages was ignored, leading toDaniel Hartmeier
2001-09-15Revert the sleep priority to something more saneMike Frantzen
2001-09-15Don't use m_pkthdr.rcvif in pflog_packet(), it doesn't work for outgoingDaniel Hartmeier
2001-09-15IPv6 support from Ryan McBride (mcbride@countersiege.com)Mike Frantzen
2001-09-14binat non icmp/udp/tcp protocols as well; ok dhartmei@jasoni
2001-09-11Undo BINAT translation when blocking with return-rst/-icmp.Daniel Hartmeier
2001-09-08initialize variable and more careful bounts checking; okay frantzen@Niels Provos
2001-09-06Reflect skip step changes. Spotted by Ryan McBride.Daniel Hartmeier
2001-09-061:1 bidrectional NAT (binat); ok dhartmei@ and frantzen@jasoni
2001-09-05Handle uh_sum == 0x0000 correctly. Before, UDP packet checksums wereDaniel Hartmeier
2001-09-05s/pf_natlook/pfioc_natlook (ioctl parameter struct)Daniel Hartmeier
2001-09-04Add skip steps for interface (ifp).Daniel Hartmeier
2001-09-04#define empty PFLOG_PACKET correctly (no side effects). Closes PR2044.Daniel Hartmeier
2001-09-01Inherit baudrate from parent. Now MRTG will show vlan interfaces ;)Chris Cappuccio
2001-08-31Forgot to commit frag expire tuning beforeMike Frantzen
2001-08-28Add new ioctls to securelevel check, from Can Erkin AcarDaniel Hartmeier
2001-08-28Bump state timeouts and allow tweaking them from pfctl.Mike Frantzen
2001-08-262nd uninitialized variable that bit me todayNiklas Hallqvist
2001-08-25PF ISN randomization. Or in trekkie techno-babble, ISN phase modulation.Mike Frantzen
2001-08-22Correct the setup of the intial TCP state window and pre-validate th_ackMike Frantzen
2001-08-22Fix panic in pf (was my fault) caused by a bad key compare optimizationMike Frantzen
2001-08-21KNFTheo de Raadt
2001-08-21cut/pasto in rule flushing code (using wrong list); base on patch from Henk v...Jason Wright
2001-08-21Add support for SIOCADDMULTI & SIOCDELMULTI; NetBSDbrian
2001-08-21Pass closing TCP connections through looser state machine (handle Solaris'Mike Frantzen
2001-08-19Add new ioctls for adding/removing RDR and NAT rules to/from the activeDaniel Hartmeier
2001-08-19Quick optimization of pf_tree_key_compare (should half the instruction count)Mike Frantzen
2001-08-19Make more money for mickey (count entire IP packets for statistics, not justDaniel Hartmeier