1# 2# NOTE: Quite a few patches and suggestions come from other sources, to whom 3# I'm greatly indebted, even if no names are mentioned. 4#
| 1# 2# NOTE: Quite a few patches and suggestions come from other sources, to whom 3# I'm greatly indebted, even if no names are mentioned. 4#
|
5# Thanks to Craig Bishop of connect.com.au and Sun Microsystems for the 6# loan of a machine to work on a Solaris 2.x port of this software.
| 5# Thanks to the Coombs Computing Unit at the ANU for their continued support 6# in providing a very available location for the IP Filter home page and 7# distribution center.
|
7#
| 8#
|
| 9# Thanks to Tel.Net Media for allowing me to maintain and further develop 10# IP Filter as part of my job and supplying Sun equipment for testing the 11# move to 64bits. 12#
|
8# Thanks to BSDI for providing object files for BSD/OS 3.1 and the means 9# to further support development of IP Filter under BSDI. 10#
| 13# Thanks to BSDI for providing object files for BSD/OS 3.1 and the means 14# to further support development of IP Filter under BSDI. 15#
|
| 16# Thanks to Craig Bishop of connect.com.au and Sun Microsystems for the 17# loan of a machine to work on a Solaris 2.x port of this software. 18#
|
11# Thanks also to all those who have contributed patches and other code, 12# and especially those who have found the time to port IP Filter to new 13# platforms.
| 19# Thanks also to all those who have contributed patches and other code, 20# and especially those who have found the time to port IP Filter to new 21# platforms.
|
| 22# 233.3.3 22/10/1999 - Released
|
14
| 24
|
| 25add -g command line option to ipfstat to show groups still define. 26 27fix problem with fragment table not recording rule pointer when called 28from state functions (fin_fr not set). 29 30fixup fastroute problems with keep state rules. 31 32load rules into inactive set first, so we don't disable things like NIS 33lookups half way through processing - found by Kevin Littlejohn 34 35fix handling of unaligned ip pointer for solaris 36 37patch for fr_newauth from Rudi Sluijtman 38 39fixed htons() bug in fr_tcpsum() where ip_p wasn't cast to u_short 40 413.3.2 23/09/1999 - Released 42 43patches from Scott Presnell to fix rcmd proxy 44 45patches from Greg to fix Solaris detachment of interfaces 46 47add openbsd compatibility fixes 48 49fix free'ing already freed memory in ipfr_slowtimer() 50 51fix for deferencing invalid memory in cleaning up after a device disappears 52 533.3.1 14/8/1999 - Released 54 55remove include file sys/user.h for irix 56 57prevent people from running buildsunos directly 58 59fix up some problems with the saving of rule pointers so that NAT saves 60that information in case it should need to call fr_addstate() from a proxy. 61 62fix up scanning for the end of FTP messages 63 64don't remove /etc/opt/ipf in postremove 65 66attempt to prevent people running buildsolaris script without doing a 67"make solaris" 68 69fix timeout losing on freebsd3 70 713.3 7/8/1999 - Released 72 73NAT: information (rules, mappings) are stored in hash tables; setup some 74basic NAT regression testing. 75 76display version name of installed kernel code when initializing. 77 78add -V command line option to ipf, showing version (program and kernel 79module) as well as the run-status of the kernel code. 80 81fix problem with "log" rules actually affecting result of filtering. 82 83automatically use SUNWspro if available and on a 64bit Solaris system for 84compiling. 85 86add kernel proxies for rcmd(3) and RealAudio (PNA) 87 88use timeout/untimeout on SunOS4/BSD platforms too rather than hijacking 89ip_slowtimo 90 91fix IP headers generated through parsing of text information 92 93fix NAT rules to be in the correct order again. 94 95make keep-state work with to/fastroute keywords and enforce usage of those 96interfaces. 97 98update keep-state code with new algorithm from Guido 99 100add FreeBSD-3 support 101 102add return-icmp-as-dest option to retrun an ICMP packet using the original 103destination as the source rather than a local IP address 104 105add "level [facility.]<priority>" option to filter language 106 107add changes from Guido to state code. 108 109add code to return EPERM if the device is opened for writing and we're 110in securelevel 2 or greater. 111 112authentication code patches from Guido 113 114fix real audio proxy 115 116fix ipmon rule printing of interfaces and add IN/OUT to the end of ipmon 117log output. 118 119fix bimap rules with hash tables 120 121update addresses used in NAT mappings for 0/32 rules for any protocol but TCP 122if it changes on the interface - check every ip_natexpire() 123 124add redirect regression test 125 126count buckets used in the state hash table. 127 128fix sending of RST's with return-rst to use the ack number provided in 129the packet being replied to in addition to the sequence number. 130 131fix to compile as a 64bit application on solaris7-64bit 132 133add NAT IP mapping to ranges of IP addresses that aren't CIDR specified 134 135fix calculation of in_space parameter for NAT 136 137fix `wrapping' when incrementing the next ip address for use in NAT 138 139fix free'ing of kernel memory in ip_natunload on solaris 140 141fix -l/-U command line options from interfering with each other 142 143fix fastroute under solaris2 and cleanup compilation for solaris7 144 145add install scripts and compile cleanly on BSD/OS 4.0 146 147safely open files in /tmp for writing device output when testing. 148 149fix uninitialized pointer bug in NAT 150 151fix SIOCZRLST (zero list rule stats) bug with groups 152 153change some usage of u_short to u_int in function calling 154 155fix compilation for Solaris7 (SUNWspro) 156 157change solaris makefiles to build for either sparc or i386 rather than 158per-cpu (sun4u, etc). 159 160fixed bug in ipllog 161 162add patches from George Michaelson for FreeBSD 3.0 163 164add patch from Guido to provide ICMP checking for known state in the same 165manner as is done for NAT. 166 167enable FTP PASV proxying and enable wildcarding in NAT/state code for ports 168for better PORT/PASV support with FTP. 169 170bring into main tree static nat features: map-block and "auto" portmapping. 171 172add in source host filtering for redirects (alan jones) 173 1743.2.10 22/11/98 - Released 175 1763.2.10beta9 17/11/98 - Released 177 178fix fr_tcpsum problems in handling mbufs with an odd number of bytes 179and/or split across an mbuf boundary 180 181fix NAT list entry comparisons and allow multiple entries for the same 182proxy (but on different ports). 183 184don't create duplicate NAT entries for repeated PORT commands. 185 1863.2.10beta8 14/11/98 - Released 187 188always exit an rwlock before expecting to enter it again on solaris 189 190fix loop in nat_new for pre-existing nat 191 192don't setup state for an ftp connection if creating nat fails. 193 1943.2.10beta7 05/11/98 - Released 195 196set fake window in ipft_tx.c to ensure code passes tests. 197 198cleaned up/enhanced ipnat -l/ipnat -lv output 199 200fixed NAT handling of non-TCP/UDP packets, esp. for ICMP errors returned. 201 202Solaris recusive mutex on icmp-error/tcp-reset - requires rwlock's rather 203than mutexes. 204 2053.2.10beta6 03/11/98 - Released 206 207fix mixed use of krwlock_t and kmutex_t on Solaris2 208 209fix FTP proxy back up, splitting pasv code out of port code. 210 2113.2.10beta5 02/11/98 - Released 212 213fixed port translation in ICMP reply handling 214 2153.2.10beta4 01/11/98 - Released 216 217increase useful statistic collection on solaris 218 219filter DL_UNITDATA_REQ as well as DL_UNITDATA_IND on solaris 220 221disable PASV reply translation for now 222 223fail with an error if we try to load a NAT rule with a non-existant 224 proxy name - Guido 225 226fix portmap usage with 0/0 and 0/32 map rules 227 228remove ap_unload/ap_expire - automatically done when NAT is cleaned up 229 230print "STATE:CLOSED" from ipmon if the connection progresses past established 231 rather than "STATE:EXPIRED" 232 2333.2.10beta3 26/10/98 - Released 234 235fixed traceroute/nat problem 236 237rewrote nat/proxy interface 238 239ipnat now lists associated proxy sessions for each NAT where applicable 240 2413.2.10beta2 13/10/98 - Released 242 243use KRWLOCK_T in place of krwlock_t for solaris as well as irix 244 245disable use of read-write lock acquisition by default 246 247add in mb_t for linux, non-kernel 248 249some changes to progress compilation on linux with glibc 250 251change PASV as well as PORT when passed through kernel ftp proxy. 252 253don't allow window to become 0 in tcp state code 254 255make ipmon compile cleaner 256 257irix patches 258 2593.2.10beta 11/09/98 - Released 260 261stop fr_tcpsum() thinking it has run out of data when it hasn't. 262 263stop solaris panics due to fin_dp being something wild. 264 265revisit usage of ATOMIC_*() 266 267log closing state of TCP connection in "keep state" 268 269fix fake-arp table code for ipsend. 270 271ipmon now writes pid to a file. 272 273fix "ipmon -a" to actually activate all logging devices. 274 275add patches for BSDOS4. 276 277perl scripts for log analysis donated. 278 2793.2.9 22/06/98 - Released 280 281fix byte order for ICMP packets generated on Solaris 282 283fix some locking problems. 284 285fix malloc bug in NAT (introduced in 3.2.8). 286 287patch from guido for state connections that get fragmented 288 2893.2.8 08/06/98 - Released 290 291use readers/writers locks in Solaris2 in place of some mutexes. 292 293Solaris2 installation enhancements - Martin Forssen (maf@carlstedt.se) 294
|
153.2.7 24/05/98 - Released 16 17u_long -> u_32_t conversions 18 19patches from Bernd Ernesti for NetBSD 20 21fixup ipmon to actually handle HUP's. 22
--- 964 unchanged lines hidden --- | 2953.2.7 24/05/98 - Released 296 297u_long -> u_32_t conversions 298 299patches from Bernd Ernesti for NetBSD 300 301fixup ipmon to actually handle HUP's. 302
--- 964 unchanged lines hidden --- |