1#
2# NOTE: Quite a few patches and suggestions come from other sources, to whom
3# I'm greatly indebted, even if no names are mentioned.
4#
| 1#
2# NOTE: Quite a few patches and suggestions come from other sources, to whom
3# I'm greatly indebted, even if no names are mentioned.
4#
|
5# Thanks to Craig Bishop of connect.com.au and Sun Microsystems for the
6# loan of a machine to work on a Solaris 2.x port of this software.
| 5# Thanks to the Coombs Computing Unit at the ANU for their continued support
6# in providing a very available location for the IP Filter home page and
7# distribution center.
|
7#
| 8#
|
| 9# Thanks to Tel.Net Media for allowing me to maintain and further develop
10# IP Filter as part of my job and supplying Sun equipment for testing the
11# move to 64bits.
12#
|
8# Thanks to BSDI for providing object files for BSD/OS 3.1 and the means
9# to further support development of IP Filter under BSDI.
10#
| 13# Thanks to BSDI for providing object files for BSD/OS 3.1 and the means
14# to further support development of IP Filter under BSDI.
15#
|
| 16# Thanks to Craig Bishop of connect.com.au and Sun Microsystems for the
17# loan of a machine to work on a Solaris 2.x port of this software.
18#
|
11# Thanks also to all those who have contributed patches and other code,
12# and especially those who have found the time to port IP Filter to new
13# platforms.
| 19# Thanks also to all those who have contributed patches and other code,
20# and especially those who have found the time to port IP Filter to new
21# platforms.
|
| 22#
233.3.3 22/10/1999 - Released
|
14
| 24
|
| 25add -g command line option to ipfstat to show groups still define.
26
27fix problem with fragment table not recording rule pointer when called
28from state functions (fin_fr not set).
29
30fixup fastroute problems with keep state rules.
31
32load rules into inactive set first, so we don't disable things like NIS
33lookups half way through processing - found by Kevin Littlejohn
34
35fix handling of unaligned ip pointer for solaris
36
37patch for fr_newauth from Rudi Sluijtman
38
39fixed htons() bug in fr_tcpsum() where ip_p wasn't cast to u_short
40
413.3.2 23/09/1999 - Released
42
43patches from Scott Presnell to fix rcmd proxy
44
45patches from Greg to fix Solaris detachment of interfaces
46
47add openbsd compatibility fixes
48
49fix free'ing already freed memory in ipfr_slowtimer()
50
51fix for deferencing invalid memory in cleaning up after a device disappears
52
533.3.1 14/8/1999 - Released
54
55remove include file sys/user.h for irix
56
57prevent people from running buildsunos directly
58
59fix up some problems with the saving of rule pointers so that NAT saves
60that information in case it should need to call fr_addstate() from a proxy.
61
62fix up scanning for the end of FTP messages
63
64don't remove /etc/opt/ipf in postremove
65
66attempt to prevent people running buildsolaris script without doing a
67"make solaris"
68
69fix timeout losing on freebsd3
70
713.3 7/8/1999 - Released
72
73NAT: information (rules, mappings) are stored in hash tables; setup some
74basic NAT regression testing.
75
76display version name of installed kernel code when initializing.
77
78add -V command line option to ipf, showing version (program and kernel
79module) as well as the run-status of the kernel code.
80
81fix problem with "log" rules actually affecting result of filtering.
82
83automatically use SUNWspro if available and on a 64bit Solaris system for
84compiling.
85
86add kernel proxies for rcmd(3) and RealAudio (PNA)
87
88use timeout/untimeout on SunOS4/BSD platforms too rather than hijacking
89ip_slowtimo
90
91fix IP headers generated through parsing of text information
92
93fix NAT rules to be in the correct order again.
94
95make keep-state work with to/fastroute keywords and enforce usage of those
96interfaces.
97
98update keep-state code with new algorithm from Guido
99
100add FreeBSD-3 support
101
102add return-icmp-as-dest option to retrun an ICMP packet using the original
103destination as the source rather than a local IP address
104
105add "level [facility.]<priority>" option to filter language
106
107add changes from Guido to state code.
108
109add code to return EPERM if the device is opened for writing and we're
110in securelevel 2 or greater.
111
112authentication code patches from Guido
113
114fix real audio proxy
115
116fix ipmon rule printing of interfaces and add IN/OUT to the end of ipmon
117log output.
118
119fix bimap rules with hash tables
120
121update addresses used in NAT mappings for 0/32 rules for any protocol but TCP
122if it changes on the interface - check every ip_natexpire()
123
124add redirect regression test
125
126count buckets used in the state hash table.
127
128fix sending of RST's with return-rst to use the ack number provided in
129the packet being replied to in addition to the sequence number.
130
131fix to compile as a 64bit application on solaris7-64bit
132
133add NAT IP mapping to ranges of IP addresses that aren't CIDR specified
134
135fix calculation of in_space parameter for NAT
136
137fix `wrapping' when incrementing the next ip address for use in NAT
138
139fix free'ing of kernel memory in ip_natunload on solaris
140
141fix -l/-U command line options from interfering with each other
142
143fix fastroute under solaris2 and cleanup compilation for solaris7
144
145add install scripts and compile cleanly on BSD/OS 4.0
146
147safely open files in /tmp for writing device output when testing.
148
149fix uninitialized pointer bug in NAT
150
151fix SIOCZRLST (zero list rule stats) bug with groups
152
153change some usage of u_short to u_int in function calling
154
155fix compilation for Solaris7 (SUNWspro)
156
157change solaris makefiles to build for either sparc or i386 rather than
158per-cpu (sun4u, etc).
159
160fixed bug in ipllog
161
162add patches from George Michaelson for FreeBSD 3.0
163
164add patch from Guido to provide ICMP checking for known state in the same
165manner as is done for NAT.
166
167enable FTP PASV proxying and enable wildcarding in NAT/state code for ports
168for better PORT/PASV support with FTP.
169
170bring into main tree static nat features: map-block and "auto" portmapping.
171
172add in source host filtering for redirects (alan jones)
173
1743.2.10 22/11/98 - Released
175
1763.2.10beta9 17/11/98 - Released
177
178fix fr_tcpsum problems in handling mbufs with an odd number of bytes
179and/or split across an mbuf boundary
180
181fix NAT list entry comparisons and allow multiple entries for the same
182proxy (but on different ports).
183
184don't create duplicate NAT entries for repeated PORT commands.
185
1863.2.10beta8 14/11/98 - Released
187
188always exit an rwlock before expecting to enter it again on solaris
189
190fix loop in nat_new for pre-existing nat
191
192don't setup state for an ftp connection if creating nat fails.
193
1943.2.10beta7 05/11/98 - Released
195
196set fake window in ipft_tx.c to ensure code passes tests.
197
198cleaned up/enhanced ipnat -l/ipnat -lv output
199
200fixed NAT handling of non-TCP/UDP packets, esp. for ICMP errors returned.
201
202Solaris recusive mutex on icmp-error/tcp-reset - requires rwlock's rather
203than mutexes.
204
2053.2.10beta6 03/11/98 - Released
206
207fix mixed use of krwlock_t and kmutex_t on Solaris2
208
209fix FTP proxy back up, splitting pasv code out of port code.
210
2113.2.10beta5 02/11/98 - Released
212
213fixed port translation in ICMP reply handling
214
2153.2.10beta4 01/11/98 - Released
216
217increase useful statistic collection on solaris
218
219filter DL_UNITDATA_REQ as well as DL_UNITDATA_IND on solaris
220
221disable PASV reply translation for now
222
223fail with an error if we try to load a NAT rule with a non-existant
224 proxy name - Guido
225
226fix portmap usage with 0/0 and 0/32 map rules
227
228remove ap_unload/ap_expire - automatically done when NAT is cleaned up
229
230print "STATE:CLOSED" from ipmon if the connection progresses past established
231 rather than "STATE:EXPIRED"
232
2333.2.10beta3 26/10/98 - Released
234
235fixed traceroute/nat problem
236
237rewrote nat/proxy interface
238
239ipnat now lists associated proxy sessions for each NAT where applicable
240
2413.2.10beta2 13/10/98 - Released
242
243use KRWLOCK_T in place of krwlock_t for solaris as well as irix
244
245disable use of read-write lock acquisition by default
246
247add in mb_t for linux, non-kernel
248
249some changes to progress compilation on linux with glibc
250
251change PASV as well as PORT when passed through kernel ftp proxy.
252
253don't allow window to become 0 in tcp state code
254
255make ipmon compile cleaner
256
257irix patches
258
2593.2.10beta 11/09/98 - Released
260
261stop fr_tcpsum() thinking it has run out of data when it hasn't.
262
263stop solaris panics due to fin_dp being something wild.
264
265revisit usage of ATOMIC_*()
266
267log closing state of TCP connection in "keep state"
268
269fix fake-arp table code for ipsend.
270
271ipmon now writes pid to a file.
272
273fix "ipmon -a" to actually activate all logging devices.
274
275add patches for BSDOS4.
276
277perl scripts for log analysis donated.
278
2793.2.9 22/06/98 - Released
280
281fix byte order for ICMP packets generated on Solaris
282
283fix some locking problems.
284
285fix malloc bug in NAT (introduced in 3.2.8).
286
287patch from guido for state connections that get fragmented
288
2893.2.8 08/06/98 - Released
290
291use readers/writers locks in Solaris2 in place of some mutexes.
292
293Solaris2 installation enhancements - Martin Forssen (maf@carlstedt.se)
294
|
153.2.7 24/05/98 - Released
16
17u_long -> u_32_t conversions
18
19patches from Bernd Ernesti for NetBSD
20
21fixup ipmon to actually handle HUP's.
22
--- 964 unchanged lines hidden --- | 2953.2.7 24/05/98 - Released
296
297u_long -> u_32_t conversions
298
299patches from Bernd Ernesti for NetBSD
300
301fixup ipmon to actually handle HUP's.
302
--- 964 unchanged lines hidden --- |