#
303975 |
|
11-Aug-2016 |
gjb |
Copy stable/11@r303970 to releng/11.0 as part of the 11.0-RELEASE cycle.
Prune svn:mergeinfo from the new branch, and rename it to RC1.
Update __FreeBSD_version.
Use the quarterly branch for the default FreeBSD.conf pkg(8) repo and the dvd1.iso packages population.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation |
#
302408 |
|
08-Jul-2016 |
gjb |
Copy head@r302406 to stable/11 as part of the 11.0-RELEASE cycle. Prune svn:mergeinfo from the new branch, as nothing has been merged here.
Additional commits post-branch will follow.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
|
#
302289 |
|
30-Jun-2016 |
bz |
Remove unused global variables as well as unused memory allocations from ipfilter in preparation for VNET support.
Suggested by: cy (see D7000) Sponsored by: The FreeBSD Foundation MFC after: 2 weeks Approved by: re (gjb)
|
#
292813 |
|
28-Dec-2015 |
cy |
Correct __FreeBSD__ check.
MFC after: 3 days
|
#
292518 |
|
20-Dec-2015 |
cy |
Don't assume checksums will be calculated later when fastfoward is enabled (by default in r290383).
PR: 72210 MFC after: 1 week
|
#
288242 |
|
25-Sep-2015 |
bz |
Compare the newly allocated array elements to NULL in order to see if the malloc succeeded.
Spotted by: reading kernel compile time log MFC after: 2 weeks
|
#
280971 |
|
01-Apr-2015 |
glebius |
o Use new function ip_fillid() in all places throughout the kernel, where we want to create a new IP datagram. o Add support for RFC6864, which allows to set IP ID for atomic IP datagrams to any value, to improve performance. The behaviour is controlled by net.inet.ip.rfc6864 sysctl knob, which is enabled by default. o In case if we generate IP ID, use counter(9) to improve performance. o Gather all code related to IP ID into ip_id.c.
Differential Revision: https://reviews.freebsd.org/D2177 Reviewed by: adrian, cy, rpaulo Tested by: Emeric POUPON <emeric.poupon stormshield.eu> Sponsored by: Netflix Sponsored by: Nginx, Inc. Relnotes: yes
|
#
272555 |
|
05-Oct-2014 |
cy |
ipfilter bug #537 NAT rules with sticky have incorrect hostmap IP address. This fixes when an IP address mapping is put in the hostmap table for sticky NAT rules, it ends up having the wrong byte order.
Obtained from: ipfilter CVS repo (r1.102), NetBSD CVS repo (r1.12)
|
#
255332 |
|
06-Sep-2013 |
cy |
Update ipfilter 4.1.28 --> 5.1.2.
Approved by: glebius (mentor) BSD Licensed by: Darren Reed <darrenr@reed.wattle.id.au> (author)
|
#
192895 |
|
27-May-2009 |
jamie |
Add hierarchical jails. A jail may further virtualize its environment by creating a child jail, which is visible to that jail and to any parent jails. Child jails may be restricted more than their parents, but never less. Jail names reflect this hierarchy, being MIB-style dot-separated strings.
Every thread now points to a jail, the default being prison0, which contains information about the physical system. Prison0's root directory is the same as rootvnode; its hostname is the same as the global hostname, and its securelevel replaces the global securelevel. Note that the variable "securelevel" has actually gone away, which should not cause any problems for code that properly uses securelevel_gt() and securelevel_ge().
Some jail-related permissions that were kept in global variables and set via sysctls are now per-jail settings. The sysctls still exist for backward compatibility, used only by the now-deprecated jail(2) system call.
Approved by: bz (mentor)
|
#
180832 |
|
26-Jul-2008 |
darrenr |
2020447 IPFilter's NAT can undo name server random port selection (fix output port range, was a random number in [0,max-min] (byteswapped on litle endian), instead of [min,max])
Submitted by: darrenr
|
#
180778 |
|
24-Jul-2008 |
darrenr |
2020447 IPFilter's NAT can undo name server random port selection
Approved by: darrenr MFC after: 1 week Security: CERT VU#521769
|
#
173181 |
|
30-Oct-2007 |
darrenr |
Apply a few changes from ipfilter-current: * Do not hold any locks over calls to copyin/copyout. * Clean up some #ifdefs * fix a possible mbuf leak when NAT fails on policy routed packets
PR: 117216
|
#
172776 |
|
18-Oct-2007 |
darrenr |
Pullup IPFilter 4.1.28 from the vendor branch into HEAD.
MFC after: 7 days
|
#
170268 |
|
04-Jun-2007 |
darrenr |
Merge IPFilter 4.1.23 back to HEAD See src/contrib/ipfilter/HISTORY for details of changes since 4.1.13
|
#
161356 |
|
16-Aug-2006 |
guido |
Resolve conflicts
MFC after: 2 weeks
|
#
153876 |
|
30-Dec-2005 |
guido |
Resolve conflicts
|
#
145579 |
|
27-Apr-2005 |
darrenr |
- Comment out duplicate rcsid strings in *.c files - Move SIOCPROXY from ip_nat.h to ip_proxy.h and fix ip_proxy.h so that it can be easily compiled into kdump, et al.
|
#
145522 |
|
25-Apr-2005 |
darrenr |
Merge the changes from 3.4.35 to 4.1.8 into the kernel source tree
|
#
139005 |
|
18-Dec-2004 |
mlaier |
Make ip_nat compile again. Should read #if->n<-def LARGE_NAT as in ipf 4.x
|
#
138979 |
|
17-Dec-2004 |
darrenr |
Move two variables that are unused if LARGE_NAT is defined inside an #ifdef to keep them out of harms way when compiling.
PR: 72783
|
#
138947 |
|
17-Dec-2004 |
darrenr |
Allow ipnat redirect rules to work for non-TCP/UDP packets.
PR: 70038 Submitted by: fming@borderware.com Reviewed by: darrenr Obtained from: fming@borderware.com
|
#
130886 |
|
21-Jun-2004 |
darrenr |
Update ipfilter from 3.4.31 -> 3.4.35. Some important changes: * block packets that fail to create state table entries * only allow non-fragmented packets to influence whether or not a logged packet is the same as the one logged before. * correct the ICMP packet checksum fixing up when processing ICMP errors for NAT * implement a maximum for the number of entries in the NAT table (NAT_TABLE_MAX and ipf_nattable_max) * frsynclist() wasn't paying attention to all the places where interface names are, like it should. * fix comparing ICMP packets with established TCP state where only 8 bytes of header are returned in the ICMP error.
MFC after: 1 week
|
#
110916 |
|
15-Feb-2003 |
darrenr |
Commit import changed from vendor branch of ipfilter to -current head
|
#
102520 |
|
28-Aug-2002 |
darrenr |
Finally merge in the changes from ipfilter 3.4.29 to freebsd-current. Main changes here are related to the ftp proxy and making that work better.
|
#
98004 |
|
07-Jun-2002 |
darrenr |
Commit changes that happened in IPFilter versions 3.4.27 - 3.4.28
|
#
95563 |
|
27-Apr-2002 |
darrenr |
Merge updates from 3.4.26 - 3.4.27.
|
#
95418 |
|
25-Apr-2002 |
darrenr |
bring in changes from 3.4.26.
|
#
92685 |
|
19-Mar-2002 |
darrenr |
fix conflicts (mostly damn rcs id's) generated by import
|
#
89336 |
|
14-Jan-2002 |
alfred |
Backout inclusion of queue.h since rev 1.38 sys/file.h now has it included in the right order.
|
#
89316 |
|
13-Jan-2002 |
alfred |
Include sys/_lock.h and sys/_mutex.h to reduce namespace pollution.
Requested by: jhb
|
#
88876 |
|
04-Jan-2002 |
darrenr |
Import this patch to address user concerns.
PR: 27615 Submitted by: Andria Thomas <andria@tovaris.com> Approved by: Me. MFC after: 7 days
|
#
87394 |
|
05-Dec-2001 |
guido |
Fix initialisation of struct nat entry, to solve a panic that occurs when reloading a nat table after reboot
Submitted by: Arjan de Vet <devet@devet.org> Reviewed by: IP Filter mailing list MFC after: 3 days
|
#
80482 |
|
28-Jul-2001 |
darrenr |
fix conflicts created by import
|
#
75262 |
|
06-Apr-2001 |
darrenr |
fix security hole created by fragment cache
|
#
72010 |
|
04-Feb-2001 |
darrenr |
fix duplicate rcsid
|
#
72006 |
|
04-Feb-2001 |
darrenr |
fix conflicts
|
#
67853 |
|
29-Oct-2000 |
darrenr |
Fix conflicts creted by import.
|
#
67614 |
|
26-Oct-2000 |
darrenr |
fix conflicts from rcsids
|
#
64580 |
|
13-Aug-2000 |
darrenr |
resolve conflicts
|
#
63523 |
|
19-Jul-2000 |
darrenr |
fix conflicts
|
#
60857 |
|
24-May-2000 |
darrenr |
fix up conflicts
|
#
60853 |
|
24-May-2000 |
darrenr |
fix conflicts
|
#
60852 |
|
24-May-2000 |
darrenr |
fix conflicts
|
#
57126 |
|
10-Feb-2000 |
guido |
Re add rev 1.11 diffs to ip_fil.h Also discover that I did not undefine CVS_FUBAR (which no longer exists) and thus forgot to add $FreeBSD's. Add them.
Approved by: jkh (is part of ipfilter upgrade)
|
#
57096 |
|
09-Feb-2000 |
guido |
Bring over ipfilter v3_3_8 kernel sources, including merging the local modifications. Also fix initializing fr_running in KLD case. Rename ipl_inited to fr_runninhg in mlfk_ipl
Approved by: jkh
|
#
55929 |
|
13-Jan-2000 |
guido |
Bring over ipfilter kernel sources, including merging the local modifications.
|
#
55460 |
|
05-Jan-2000 |
eivind |
KERNEL -> _KERNEL
|
#
53642 |
|
23-Nov-1999 |
guido |
Add kernel parts of revived ipfilter (3.3.3.)
|