| Age | Commit message (Expand) | Author |
|---|
| 2021-06-25 | let pfsync_request_update actually retry when it overfills a packet. | David Gwynne |
| 2021-06-23 | rtsock: revert from timeout_set_flags(9) to timeout_set_proc(9); ok mvs@ | cheloha |
| 2021-06-23 | augment the global pf state list with its own locks. | David Gwynne |
| 2021-06-23 | pf_purge_expired_states can check the time once instead of for every state. | David Gwynne |
| 2021-06-23 | pfsync_undefer_notify needs to be careful before dereferecing state keys. | David Gwynne |
| 2021-06-23 | rework pf_state_expires to avoid confusion around state->timeout. | David Gwynne |
| 2021-06-17 | more consistently use pfsync_free_deferral to free the mbuf. | David Gwynne |
| 2021-06-15 | use getnsecuptime instead of getmicrouptime. | David Gwynne |
| 2021-06-15 | get the uptime before comparing to it. | David Gwynne |
| 2021-06-15 | factor out nsecuptime and getnsecuptime. | David Gwynne |
| 2021-06-15 | rework pfsync deferal timeout handling. | David Gwynne |
| 2021-06-09 | whitespace tweak. no functional change. | David Gwynne |
| 2021-06-02 | With parallel execution of pf_test() two packets may try to update the same | Alexandr Nedvedicky |
| 2021-06-02 | whitespace tweaks, no functional change. | David Gwynne |
| 2021-06-02 | only read the if_bpf pointer once. | David Gwynne |
| 2021-06-02 | tpmr_input is called in an smr crit section, so it doesnt need its own. | David Gwynne |
| 2021-06-02 | read the tpmr if_flags once in tpmr_input so link flags apply consistently. | David Gwynne |
| 2021-06-02 | use ipv4_check and ipv6_check to well, check ip headers before running pf. | David Gwynne |
| 2021-06-02 | use ipv4_check and ipv6_check provided by the network stacks. | David Gwynne |
| 2021-06-01 | Check `so_state' in rtm_senddesync() and return if SS_ISCONNECTED or | mvs |
| 2021-06-01 | a couple of minor whitespace tweaks. no functional change. | David Gwynne |
| 2021-05-30 | Declare all struct protosw as constant. | Alexander Bluhm |
| 2021-05-27 | ajacoutot says i missed copying some bits from bridge for divert-to. | David Gwynne |
| 2021-05-27 | ajacouto says i missed copying some bits from bridge for divert-to. | David Gwynne |
| 2021-05-26 | Use `so_lock' to protect key management (PF_KEY) sockets. This can be | mvs |
| 2021-05-26 | add support for pf divert-to on tpmr, like what was done for veb(4). | David Gwynne |
| 2021-05-26 | support divert-to when pf applies it to a packet. | David Gwynne |
| 2021-05-25 | As network features are not added dynamically, the domain structures | Alexander Bluhm |
| 2021-05-25 | The arrays sadb_exts_allowed_out and sadb_exts_required_out are | Alexander Bluhm |
| 2021-05-17 | fix state key reference underflow, when sk == skrev | Alexandr Nedvedicky |
| 2021-05-17 | Revert. Last change should not have been committed. | Claudio Jeker |
| 2021-05-17 | Increase the default buffer space using on PF_UNIX sockets to 8k. | Claudio Jeker |
| 2021-05-16 | panic does not require a \n at the end. When one is provided, it looks wrong. | Theo de Raadt |
| 2021-05-16 | In route detach we delete `rop_timeout' while `rop' is still linked to | mvs |
| 2021-05-15 | Fix IPsec NAT-T to work with pipex(4). Introduce a new packet tag | YASUOKA Masahiko |
| 2021-05-06 | Kill pfkeyv2_parsemessage() declaration which is absolutely useless | mvs |
| 2021-05-04 | Initialize `ipsec_policy_pool' within pfkey_init() instead of doing that | mvs |
| 2021-05-04 | Remove unused `spd_tables' declaration. | mvs |
| 2021-05-02 | Do soreserve() before `kp' allocation. This simplifies error path. The | mvs |
| 2021-05-01 | Implement per-socket `so_lock' rwlock(9) and use it to protect routing | mvs |
| 2021-04-27 | pf_state_key_link_reverse() is prone to race on parallel forwarding | Alexandr Nedvedicky |
| 2021-04-26 | Revert per-socket `so_lock' rwlock(9) and use it to protect routing | Claudio Jeker |
| 2021-04-25 | Implement per-socket `so_lock' rwlock(9) and use it to protect routing | mvs |
| 2021-04-23 | call klist_invalidate from bpfsdetach to tell kq listeners what happened. | David Gwynne |
| 2021-04-23 | only skip pf once for packets that are injected by a divert-packet socket. | David Gwynne |
| 2021-03-26 | Push kernel lock within rtable_add(9) and rework it to return 0 in the | mvs |
| 2021-03-26 | Push kernel lock down to rt_setsource() to make `ifa' dereference safe. | mvs |
| 2021-03-26 | Only install route with label, fix route leak on destroy | kn |
| 2021-03-21 | wg(4): fix race between tx/rx handshakes, from Matt Dunwoodie, ok mpi@ | Stuart Henderson |
| 2021-03-20 | RFC 8981 allows the configuration of only temporary IPv6 addresses. | Florian Obser |
