#
369277 |
|
16-Feb-2021 |
cy |
MFC 57785538c6e0d7e8ca0f161ab95bae10fd304047 and 1e811efbc591699b872bea42b9de419c373199df:
57785538c6e0d7e8ca0f161ab95bae10fd304047)
Simplify the FreeBSD check using __FreeBSD__ compiler macro.
Rather than rely on __FreeBSD_version, defined in sys/param.h, use __FreeBSD__ defined by the compiler.
Reported by: emaste MFC after: 1 week
(cherry picked from commit 57785538c6e0d7e8ca0f161ab95bae10fd304047)
1e811efbc591699b872bea42b9de419c373199df:
Fix non-IPv6 build post 57785538c6e0d7e8ca0f161ab95bae10fd304047.
57785538c6e0d7e8ca0f161ab95bae10fd304047 change the test for FreeBSD from __FreeBSD_version to __FreeBSD__. However this test was performed before sys/param.h was included, therefore __FreeBSD_version was never defined. As the test was never true opt_random_ip_id.h was never included.
Submitted by: bdragon Reported by: bdragon
(cherry picked from commit 1e811efbc591699b872bea42b9de419c373199df)
Git Hash: 62607e8680e944f89cd7b5b7bca10698c66908b2 Git Author: cy@FreeBSD.org
|
#
369272 |
|
16-Feb-2021 |
cy |
MFC 0f34c80f376345b98a972940dd4757e58d7beb06:
Replace the redundant MENTAT macro with SOLARIS.
MENTAT and SOLARIS are synonymous. Remove the extraneous duplicate macro.
(cherry picked from commit 0f34c80f376345b98a972940dd4757e58d7beb06)
Git Hash: 8d6da0aae1c4ca288537c9875eaed1f65988e51f Git Author: cy@FreeBSD.org
|
#
369246 |
|
09-Feb-2021 |
cy |
MFC7071734fae6019d1e3e44daf7deb4478582081cc:
Indentation cleanup resulting from the cleanup of #ifdefs.
The conscious decision was made not to perform any indentation or whitespace cleanup while cleaning out old redunant #ifdefs. The reason for this was to avoid confusing future readers of history and diffs with cosmetic changes, making bisection of any possible bugs introduced more difficult. This commit cleans up the whitespace detritus left behind from the previous #ifdef cleanup commits.
(cherry picked from commit 7071734fae6019d1e3e44daf7deb4478582081cc)
Git Hash: 19bebaed370c527b531c79a7abbb9efcf8f37af1 Git Author: cy@FreeBSD.org
|
#
369245 |
|
09-Feb-2021 |
git2svn |
MFC 4cd1807c7d2a67b633dd0c0bfde15091543a2514:
Retire the K&R/STD C __P prototype declarations.
In the old days when K&R C and STD C were each in use a workaround (read hack) was required to allow the same code to work on each without modification. All C compilers support STD C. We can finally put the __P prototype to rest.
(cherry picked from commit 4cd1807c7d2a67b633dd0c0bfde15091543a2514)
Git Hash: 0c7a33852aa5cd28a9d9b19b8f8034d60a9cb50f Git Author: cy@FreeBSD.org
|
#
363769 |
|
02-Aug-2020 |
cy |
MFC r363284-r363285, r363670
r363284: pfil_run_hooks() can be called recursively, so we have to define FASTROUTE_RECURSION in fil.c
Submitted by: christos@NetBSD.org Reported by: christos@NetBSD.org Obtained from: NetBSD r1.31
r363285: Fix incorrect byte order in ipfstat -f output. - make sure frag is initialized to 0 - initialize ipfr_p field
NetBSD PR: 55137 Submitted by: christos@NetBSD.org Reported by: christos@NetBSD.org Obtained from: NetBSD fil.c r1.32, ip_frag.c r1.8
r363670: Continued ipfilter #ifdef cleanup. The r343701 log entry contains a complete description.
|
#
355795 |
|
16-Dec-2019 |
cy |
MFC r355670:
Rather than pass the address of the packet information control block to ipf_pcksum6(), directly pass the adddress of the mbuf to it. This reduces one pointer dereference. ipf_pcksum6() doesn't use the packet information control block except to obtain the mbuf address.
|
#
355785 |
|
15-Dec-2019 |
cy |
MFC r355669:
in6_cksum() returns zero when checksums are good.
|
#
355306 |
|
02-Dec-2019 |
cy |
MFC r355156:
Include fin, the packet information structure (fr_info_t), in the l4sums DTrace probe, making more information available for the diagnosis of IPv6 checksum errors.
|
#
355305 |
|
02-Dec-2019 |
cy |
MFC r355142:
Move ipf_pcksum6() to its rightful place, in ip_fil_freebsd.c. This FreeBSD-only function should live in the O/S specific source file.
This essentially reverts r349929 Now that ipftest and ipfreplay are disabled in FreeBSD 11-stable.
|
#
355303 |
|
02-Dec-2019 |
cy |
MFC r355141:
Save a little stack by removing a used once intermediate variable.
|
#
355302 |
|
02-Dec-2019 |
cy |
MFC r355140:
Remove redundant #ifdef'd function definitions.
|
#
352866 |
|
29-Sep-2019 |
cy |
MFC r352737:
ipf mistakenly regards UDP packets with a checksum of 0xffff as bad.
Obtained from: NetBSD fil.c r1.30, NetBSD PR/54443
|
#
351775 |
|
03-Sep-2019 |
cy |
MFC r350882:
Initialize the frentry (the control block that defines a rule) checksum to zero. Matching checksums save time and effort by mitigating the need for full rule compare.
|
#
351479 |
|
25-Aug-2019 |
cy |
MFC r350881:
Calculate the number interface array elements using the new FR_NUM macro instead of the hard-coded value of 4. This is a precursor to increasing the number of interfaces speficied in "on {interface, ..., interface}". Note that though this feature is coded in ipf_y.y, it is partially supported in the ipfilter kld, meaning it does not work yet (and is yet to be documented in ipf.5 too).
|
#
351470 |
|
25-Aug-2019 |
cy |
MFC r350880:
r272552 applied the patch from ipfilter upstream fil.c r1.129 to fix broken ipfilter rule matches (upstream bug #554). The upstream patch was incomplete, it resolved all but one rule compare issue. The issue fixed here is when "{to, reply-to, dup-to} interface" are used in conjuncion with "on interface". The match was only made if the on keyword was specified in the same order in each case referencing the same rule. This commit fixes this.
The reason for this is that interface name strings and comment keyword comments are stored in a a variable length field starting at fr_names in the frentry struct. These strings are placed into this variable length in the order they are encountered by ipf_y.y and indexed through index pointers in fr_ifnames, fr_comment or one of the frdest struct fd_name fields. (Three frdest structs are within frentry.) Order matters and this patch takes this into account.
While in here it was discovered that though ipfilter is designed to pport multiple interface specifiations per rule (up to four), this undocumented (the man page makes no mention of it) feature does not work. A todo is to fix the multiple interfaces feature at a later date. To understand the design decision as to why only four were intended, it is suspected that the decision was made because Sun workstations and PCs rarely if ever exceeded four NICs at the time, this is not true in 2019.
PR: 238796 Reported by: WHR <msl0000023508@gmail.com>
|
#
351468 |
|
25-Aug-2019 |
cy |
MFC r351380:
Specifying array sizes for fully initialized tables at compile time is redundant.
|
#
350434 |
|
30-Jul-2019 |
cy |
MFC r350064:
As of upstream fil.c CVS r1.53 (March 1, 2009), prior to the import of ipfilter 5.1.2 into FreeBSD-10, the fix for, 2580062 from/to targets should be able to use any interface name, moved frentry.fr_cksum to prior to frentry.fr_func thereby making this code redundant. After investigating whether this fix to move fr_cksum was correct and if it broke anything, it has been determined that the fix is correct and this code is redundant. We remove it here.
|
#
350234 |
|
23-Jul-2019 |
cy |
MFC r350063:
Refactor, removing one compare.
This changes the return code however the caller only tests for 0 and != 0. One might ask then, why multiple return codes when the caller only tests for 0 and != 0? From what I can tell, Darren probably passed various return codes for sake of debugging. The debugging code is long gone however we can still use the different return codes using DTrace FBT traces. We can still determine why the compare failed by examining the differences between the fr1 and fr2 frentry structs, which is a simple test in DTrace. This allows reducing the number of tests, improving the code while not affecting our ability to capture information for diagnostic purposes.
|
#
350188 |
|
21-Jul-2019 |
cy |
MFC r349979:
Recycle the unused FR_CMPSIZ macro which became orphaned in ipfilter 5 prior to its import into FreeBSD. This macro calculates the size to be compared within the frentry structure. The ipfilter 4 version of the macro calculated the compare size based upon the static size of the frentry struct. Today it uses the ipfilter 5 method of calculating the size based upon the new to ipfilter 5 fr_size value found in the frentry struct itself.
No effective change in code is intended.
|
#
350111 |
|
18-Jul-2019 |
cy |
MFC r349917:
Remove a tautological test for adding a rule in the block that adds rules.
|
#
350110 |
|
18-Jul-2019 |
cy |
MFC r349898, r349916:
ipfilter commands, in this case ipf(8), passes its operations and rules via an ioctl interface. Rules can be added or removed and stats and counters can be zeroed out. As the ipfilter interprets these instructions or operations they are stored in an integer called addrem (add/remove). 0 is add, 1 is remove, and 2 is clear stats and counters. Much of this is not documented. This commit documents these operations by replacing simple integers with a self documenting enum along with a few basic comments.
|
#
350073 |
|
17-Jul-2019 |
cy |
MFC r349978:
style(9)
|
#
349931 |
|
12-Jul-2019 |
cy |
MFC r349927, r349929:
r349927: Resolve IPv6 checksum errors with stateful inspection. According to PR/203585 this appears to have been broken by r235959, which predates the ipfilter 5.1.2 import into FreeBSD.
The IPv6 checksum calculation is incorrect. To resolve this we call in6_cksum() to do the the heavy lifting for us, through a new function ipf_pcksum6(). Should we need to revisit this area again, a DTrace probe is added to aid with future debugging.
Plus whitespace adjustments (r348989).
PR: 203275, 203585 Differential Revision: https://reviews.freebsd.org/D20583
r349929: Move the new ipf_pcksum6() function from ip_fil_freebsd.c to fil.c. The reason for this is that ipftest(8), which still works on FreeBSD-11, fails to link to it, breaking stable/11 builds.
ipftest(8) was broken (segfault) sometime during the FreeBSD-12 cycle. glebius@ suggested we disable building it until I can get around to fixing it. Hence this was not caught in -current.
The intention is to fix ipftest(8) as it is used by the netbsd-tests (imported by ngie@ many moons ago) for regression testing.
|
#
349927 |
|
12-Jul-2019 |
cy |
MFC r348987, r348989:
Resolve IPv6 checksum errors with stateful inspection. According to PR/203585 this appears to have been broken by r235959, which predates the ipfilter 5.1.2 import into FreeBSD.
The IPv6 checksum calculation is incorrect. To resolve this we call in6_cksum() to do the the heavy lifting for us, through a new function ipf_pcksum6(). Should we need to revisit this area again, a DTrace probe is added to aid with future debugging.
Plus whitespace adjustments (r348989).
PR: 203275, 203585 Differential Revision: https://reviews.freebsd.org/D20583
|
#
349655 |
|
03-Jul-2019 |
cy |
MFC r349401:
While working on PR/238796 I discovered an unused variable in frdest, the next hop structure. It is likely this contributes to PR/238796 though other factors remain to be investigated.
PR: 238796
|
#
349654 |
|
03-Jul-2019 |
cy |
MFC r349399-349400,349567-349568:
Prompted by r349366, ipfilter is also does not conform to RFC 3128 by dropping TCP fragments with offset = 1.
In addition to dropping these fragments, add a DTrace probe to allow for more detailed monitoring and diagnosis if required.
|
#
349223 |
|
20-Jun-2019 |
cy |
MFC r349152:
Make ipf_objbytes a constant. ipf_objbytes is a table of internal data structures that are saved across reboots by ipfs(8). The table is not changed at runtime.
|
#
348891 |
|
11-Jun-2019 |
cy |
MFC r348666:
Clean up #ifdefs from old unsupported releases of FreeBSD.
Approved by: re (gjb@)
|
#
348850 |
|
10-Jun-2019 |
cy |
MFC r348575:
Properly define the fourth argument to ipf_check, the main entry point into ipfilter. A proper definition simplifies dtrace scripts a little.
Approved by: re (delphij@)
|
#
348821 |
|
08-Jun-2019 |
cy |
MFC r348312:
style(9)
Approved by: re (gjb@)
|
#
348820 |
|
08-Jun-2019 |
cy |
MFC r348311:
Fix indentation and while at it simplfy the code.
Reported by: lwhsu@ Approved by: re (gjb@)
|
#
344835 |
|
06-Mar-2019 |
cy |
MFC r343703
Remove a reference to HP-UX in a comment.
|
#
344833 |
|
06-Mar-2019 |
cy |
MFC r343701 & r343732:
ipfilter #ifdef cleanup.
Remove #ifdefs for ancient and irrelevant operating systems from ipfilter.
When ipfilter was written the UNIX and UNIX-like systems in use were diverse and plentiful. IRIX, Tru64 (OSF/1) don't exist any more. OpenBSD removed ipfilter shortly after the first time the ipfilter license terms changed in the early 2000's. ipfilter on AIX, HP/UX, and Linux never really caught on. Removal of code for operating systems that ipfilter will never run on again will simplify the code making it easier to fix bugs, complete partially implemented features, and extend ipfilter.
Unsupported previous version FreeBSD code and some older NetBSD code has also been removed.
What remains is supported FreeBSD, NetBSD, and illumos. FreeBSD and NetBSD have collaborated exchanging patches, while illumos has expressed willingness to have their ipfilter updated to 5.1.2, provided their zone-specific updates to their ipfilter are merged (which are of interest to FreeBSD to allow control of ipfilters in jails from the global zone).
Reviewed by: glebius@ Differential Revision: https://reviews.freebsd.org/D19006
|
#
343691 |
|
03-Feb-2019 |
cy |
MFC r343600:
Document the instance context pointer.
|
#
342608 |
|
30-Dec-2018 |
cy |
MFC r342547:
Remove another empty #ifdef block. This empty block also exists in the upstream HEAD.
|
#
334201 |
|
25-May-2018 |
cy |
MFC r333392-r333393, r333427
r333392: Fix memory leak. (CID 1199373).
r333393: Document intentional fallthrough. (CID 976535)
r333427: Fix style error introduced in r333393.
Reported by: jhb, imp, phk
Approved by: re (delphij)
|
#
330475 |
|
05-Mar-2018 |
eadler |
MFC r306449:
Remove an extra etter.
|
#
317434 |
|
26-Apr-2017 |
cy |
MFC r316810, r316814, r316816, r316991:
Keep state incorrectly assumes keep frags. This is counter to the ipfilter man pages. This also currently restricts keep frags to only when keep state is used, which is redundant because keep state currently assumes keep frags. This commit fixes this.
To the user this change means that to maintain the current behaviour one must add keep frags to any ipfilter keep state rule (as documented in the man pages).
This patch also allows the flexability to specify and use keep frags separate from keep state, as documented in an example in ipf.conf.5, instead of the currently broken behaviour.
MFC suggested by: rgrimes Relnotes: yes
|
#
302408 |
|
07-Jul-2016 |
gjb |
Copy head@r302406 to stable/11 as part of the 11.0-RELEASE cycle. Prune svn:mergeinfo from the new branch, as nothing has been merged here.
Additional commits post-branch will follow.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation |
#
297632 |
|
06-Apr-2016 |
cy |
Add DTrace probes for packets flagged as bad by ipfilter. All probes for bad packets are named ipf_fi_bad_*. An example of its use might be:
dtrace -n 'sdt:::ipf_fi_bad_* { stack(); }'
Reviewed by: Darren Reed <darrenr@reed.wattle.id.au>
|
#
280971 |
|
01-Apr-2015 |
glebius |
o Use new function ip_fillid() in all places throughout the kernel, where we want to create a new IP datagram. o Add support for RFC6864, which allows to set IP ID for atomic IP datagrams to any value, to improve performance. The behaviour is controlled by net.inet.ip.rfc6864 sysctl knob, which is enabled by default. o In case if we generate IP ID, use counter(9) to improve performance. o Gather all code related to IP ID into ip_id.c.
Differential Revision: https://reviews.freebsd.org/D2177 Reviewed by: adrian, cy, rpaulo Tested by: Emeric POUPON <emeric.poupon stormshield.eu> Sponsored by: Netflix Sponsored by: Nginx, Inc. Relnotes: yes
|
#
275199 |
|
28-Nov-2014 |
cy |
Correctly define constants.
MFC after: 1 week
|
#
272552 |
|
05-Oct-2014 |
cy |
ipfilter bug #554 Determining why a ipf rule matches is hard -- replace ipfilter rule compare with new ipf_rule_compare() function.
Obtained from: ipfilter CVS rep (r1.129)
|
#
272551 |
|
05-Oct-2014 |
cy |
ipfiler bug #550 filter rule list corrupted with inserted rules
Obtained from: ipfilter CVS repo (r1.128); NetBSD CVS repo (r1.15)
|
#
255355 |
|
07-Sep-2013 |
glebius |
Fix !INET6 build.
|
#
255332 |
|
06-Sep-2013 |
cy |
Update ipfilter 4.1.28 --> 5.1.2.
Approved by: glebius (mentor) BSD Licensed by: Darren Reed <darrenr@reed.wattle.id.au> (author)
|
#
241546 |
|
14-Oct-2012 |
glebius |
Fix defines in r241245. We actually don't define FreeBSD.
Reported & tested by: Oleg Ginzburg
|
#
241245 |
|
06-Oct-2012 |
glebius |
A step in resolving mess with byte ordering for AF_INET. After this change:
- All packets in NETISR_IP queue are in net byte order. - ip_input() is entered in net byte order and converts packet to host byte order right _after_ processing pfil(9) hooks. - ip_output() is entered in host byte order and converts packet to net byte order right _before_ processing pfil(9) hooks. - ip_fragment() accepts and emits packet in net byte order. - ip_forward(), ip_mloopback() use host byte order (untouched actually). - ip_fastforward() no longer modifies packet at all (except ip_ttl). - Swapping of byte order there and back removed from the following modules: pf(4), ipfw(4), enc(4), if_bridge(4). - Swapping of byte order added to ipfilter(4), based on __FreeBSD_version - __FreeBSD_version bumped. - pfil(9) manual page updated.
Reviewed by: ray, luigi, eri, melifaro Tested by: glebius (LE), ray (BE)
|
#
196019 |
|
01-Aug-2009 |
rwatson |
Merge the remainder of kern_vimage.c and vimage.h into vnet.c and vnet.h, we now use jails (rather than vimages) as the abstraction for virtualization management, and what remained was specific to virtual network stacks. Minor cleanups are done in the process, and comments updated to reflect these changes.
Reviewed by: bz Approved by: re (vimage blanket)
|
#
181803 |
|
17-Aug-2008 |
bz |
Commit step 1 of the vimage project, (network stack) virtualization work done by Marko Zec (zec@).
This is the first in a series of commits over the course of the next few weeks.
Mark all uses of global variables to be virtualized with a V_ prefix. Use macros to map them back to their global names for now, so this is a NOP change only.
We hope to have caught at least 85-90% of what is needed so we do not invalidate a lot of outstanding patches again.
Obtained from: //depot/projects/vimage-commit2/... Reviewed by: brooks, des, ed, mav, julian, jamie, kris, rwatson, zec, ... (various people I forgot, different versions) md5 (with a bit of help) Sponsored by: NLnet Foundation, The FreeBSD Foundation X-MFC after: never V_Commit_Message_Reviewed_By: more people than the patch
|
#
173931 |
|
26-Nov-2007 |
darrenr |
Fix 3 issues relating to the use of "auth" rules in IPFilter, from sourceforge: 1837014 Kernel panics after authentication of an outgoing packet 1836992 Potential bugs in packet auth code (w/patches) 1836967 Kernel panic when using auth rule with keep state and another reported only to FreeBSD by Andiry (see PR)
PR: kern/118251 Submitted by: Andriy Syrovenko <andriys@gmail.com> Reviewed by: darrenr MFC after: 5 days
|
#
173181 |
|
30-Oct-2007 |
darrenr |
Apply a few changes from ipfilter-current: * Do not hold any locks over calls to copyin/copyout. * Clean up some #ifdefs * fix a possible mbuf leak when NAT fails on policy routed packets
PR: 117216
|
#
172776 |
|
18-Oct-2007 |
darrenr |
Pullup IPFilter 4.1.28 from the vendor branch into HEAD.
MFC after: 7 days
|
#
170459 |
|
09-Jun-2007 |
darrenr |
Pointer to an ICMP header was getting left behind after doing a pullup.
|
#
170268 |
|
04-Jun-2007 |
darrenr |
Merge IPFilter 4.1.23 back to HEAD See src/contrib/ipfilter/HISTORY for details of changes since 4.1.13
|
#
161356 |
|
16-Aug-2006 |
guido |
Resolve conflicts
MFC after: 2 weeks
|
#
157836 |
|
18-Apr-2006 |
darrenr |
fix "ipf -Z" reporting rubbish and possibly panic'ing box
MFC after: 4 days
|
#
153876 |
|
30-Dec-2005 |
guido |
Resolve conflicts
|
#
153084 |
|
04-Dec-2005 |
ru |
Fix -Wundef from compiling the amd64 LINT.
|
#
147547 |
|
23-Jun-2005 |
darrenr |
Fix some minor problems before release: (1) "ipf -T" is broken for fetching single entries and (2) loading rules with numbered collections does not order insertion right. (3) stats aren't accumulated for hash table memory failures
Approved by: re (dwhite)
|
#
145579 |
|
27-Apr-2005 |
darrenr |
- Comment out duplicate rcsid strings in *.c files - Move SIOCPROXY from ip_nat.h to ip_proxy.h and fix ip_proxy.h so that it can be easily compiled into kdump, et al.
|
#
145522 |
|
25-Apr-2005 |
darrenr |
Merge the changes from 3.4.35 to 4.1.8 into the kernel source tree
|
#
139894 |
|
08-Jan-2005 |
darrenr |
Elminate 1 LOR (actually a recursive mutex grab) involving ipfilter where we loop through all the list of NICs (struct ifnet), holding the lock on it and then do a name lookup with ifunit() whilst holding it.
|
#
139326 |
|
26-Dec-2004 |
darrenr |
* The #ifdef's to cause mutex's for freebsd to be declared were meant to pick up on USE_MUTEX being defined, but this patch * Remove some code that's in a #ifndef FreeBSD that's no longer used.
|
#
139282 |
|
24-Dec-2004 |
scottl |
Sprinkle in some __FreeBSD_version checks so that this compiles again. Don't define PFIL_HOOKS anymore.
Submitted by: keramida
|
#
138928 |
|
16-Dec-2004 |
darrenr |
Using just m_pullup to get all of the interesting bits in packet into one buffer doesn't work for ipv6 packets, so use m_defrag() here instead as an easy drop-in replacement.
PR: 70399
|
#
131262 |
|
29-Jun-2004 |
darrenr |
Mess from update & merge - don't release the ifnet lock twice, just once and after we're finished with it.
|
#
130886 |
|
21-Jun-2004 |
darrenr |
Update ipfilter from 3.4.31 -> 3.4.35. Some important changes: * block packets that fail to create state table entries * only allow non-fragmented packets to influence whether or not a logged packet is the same as the one logged before. * correct the ICMP packet checksum fixing up when processing ICMP errors for NAT * implement a maximum for the number of entries in the NAT table (NAT_TABLE_MAX and ipf_nattable_max) * frsynclist() wasn't paying attention to all the places where interface names are, like it should. * fix comparing ICMP packets with established TCP state where only 8 bytes of header are returned in the ICMP error.
MFC after: 1 week
|
#
128019 |
|
07-Apr-2004 |
imp |
Remove advertising clause from University of California Regent's license, per letter dated July 22, 1999 and email from Peter Wemm, Alan Cox and Robert Watson.
Approved by: core, peter, alc, rwatson
|
#
111119 |
|
19-Feb-2003 |
imp |
Back out M_* changes, per decision of the TRB.
Approved by: trb
|
#
110915 |
|
15-Feb-2003 |
darrenr |
Commit import changed from vendor branch of ipfilter to -current head
|
#
109623 |
|
21-Jan-2003 |
alfred |
Remove M_TRYWAIT/M_WAITOK/M_WAIT. Callers should use 0. Merge M_NOWAIT/M_DONTWAIT into a single flag M_NOWAIT.
|
#
108172 |
|
22-Dec-2002 |
hsu |
SMP locking for ifnet list.
|
#
102520 |
|
28-Aug-2002 |
darrenr |
Finally merge in the changes from ipfilter 3.4.29 to freebsd-current. Main changes here are related to the ftp proxy and making that work better.
|
#
98004 |
|
07-Jun-2002 |
darrenr |
Commit changes that happened in IPFilter versions 3.4.27 - 3.4.28
|
#
95563 |
|
27-Apr-2002 |
darrenr |
Merge updates from 3.4.26 - 3.4.27.
|
#
95418 |
|
25-Apr-2002 |
darrenr |
bring in changes from 3.4.26.
|
#
92685 |
|
19-Mar-2002 |
darrenr |
fix conflicts (mostly damn rcs id's) generated by import
|
#
89336 |
|
14-Jan-2002 |
alfred |
Backout inclusion of queue.h since rev 1.38 sys/file.h now has it included in the right order.
|
#
89316 |
|
13-Jan-2002 |
alfred |
Include sys/_lock.h and sys/_mutex.h to reduce namespace pollution.
Requested by: jhb
|
#
83380 |
|
12-Sep-2001 |
darrenr |
IPFilter munges multicast address packets on the loopback interface.
Submitted by: Frank Zolf Approved by: jkh MFC after: 0
|
#
80482 |
|
28-Jul-2001 |
darrenr |
fix conflicts created by import
|
#
72006 |
|
04-Feb-2001 |
darrenr |
fix conflicts
|
#
67853 |
|
29-Oct-2000 |
darrenr |
Fix conflicts creted by import.
|
#
67614 |
|
26-Oct-2000 |
darrenr |
fix conflicts from rcsids
|
#
67564 |
|
25-Oct-2000 |
ru |
We now keep the ip_id field in network byte order all the time, so there is no need to make the distinction between ip_output() and ip_input() cases.
Reviewed by: silence on freebsd-net
|
#
64580 |
|
13-Aug-2000 |
darrenr |
resolve conflicts
|
#
63523 |
|
19-Jul-2000 |
darrenr |
fix conflicts
|
#
60944 |
|
26-May-2000 |
darrenr |
define CSUM_DELAY_DATA to match merge
|
#
60857 |
|
24-May-2000 |
darrenr |
fix up conflicts
|
#
60850 |
|
24-May-2000 |
darrenr |
fix conflicts
|
#
60765 |
|
21-May-2000 |
jlemon |
Compute the checksum before handing the packet off to IPFilter.
Tested by: Cy Schubert <Cy.Schubert@uumail.gov.bc.ca>
|
#
60295 |
|
09-May-2000 |
darrenr |
Fix bug in dealing with "hlen == 1 and opt > 1"
|
#
60265 |
|
09-May-2000 |
ps |
Add missing include machine/in_cksum.h.
Submitted by: n_hibma
|
#
59874 |
|
01-May-2000 |
peter |
Add $FreeBSD$
|
#
57096 |
|
09-Feb-2000 |
guido |
Bring over ipfilter v3_3_8 kernel sources, including merging the local modifications. Also fix initializing fr_running in KLD case. Rename ipl_inited to fr_runninhg in mlfk_ipl
Approved by: jkh
|
#
55929 |
|
13-Jan-2000 |
guido |
Bring over ipfilter kernel sources, including merging the local modifications.
|
#
55460 |
|
05-Jan-2000 |
eivind |
KERNEL -> _KERNEL
|
#
53642 |
|
23-Nov-1999 |
guido |
Add kernel parts of revived ipfilter (3.3.3.)
|