#
303975 |
|
11-Aug-2016 |
gjb |
Copy stable/11@r303970 to releng/11.0 as part of the 11.0-RELEASE cycle.
Prune svn:mergeinfo from the new branch, and rename it to RC1.
Update __FreeBSD_version.
Use the quarterly branch for the default FreeBSD.conf pkg(8) repo and the dvd1.iso packages population.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation |
#
302408 |
|
08-Jul-2016 |
gjb |
Copy head@r302406 to stable/11 as part of the 11.0-RELEASE cycle. Prune svn:mergeinfo from the new branch, as nothing has been merged here.
Additional commits post-branch will follow.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
|
#
297632 |
|
07-Apr-2016 |
cy |
Add DTrace probes for packets flagged as bad by ipfilter. All probes for bad packets are named ipf_fi_bad_*. An example of its use might be:
dtrace -n 'sdt:::ipf_fi_bad_* { stack(); }'
Reviewed by: Darren Reed <darrenr@reed.wattle.id.au>
|
#
289480 |
|
18-Oct-2015 |
cy |
Really fix ipfilter bug 3600459.
Obtained from: ipfilter cvs repo r1.48.2.25, r1.72 and NetBSD repo r1.4 MFC after: 3 days
|
#
287674 |
|
11-Sep-2015 |
cy |
Fix ipfilter bug 3600459 NAT bucket count wrong.
Obtained from: ipfilter cvs repo r1.48.2.25 MFC after: 2 weeks
|
#
287653 |
|
11-Sep-2015 |
cy |
Revert $FreeBSD$.
|
#
287652 |
|
11-Sep-2015 |
cy |
Fix mutex errors.
Obtained from: NetBSD r1.4. MFC after: 1 week
|
#
287651 |
|
11-Sep-2015 |
cy |
Fixup typos in comments.
Obtained from: NetBSD r1.4. MFC after: 1 week
|
#
255332 |
|
06-Sep-2013 |
cy |
Update ipfilter 4.1.28 --> 5.1.2.
Approved by: glebius (mentor) BSD Licensed by: Darren Reed <darrenr@reed.wattle.id.au> (author)
|
#
180778 |
|
24-Jul-2008 |
darrenr |
2020447 IPFilter's NAT can undo name server random port selection
Approved by: darrenr MFC after: 1 week Security: CERT VU#521769
|
#
173181 |
|
30-Oct-2007 |
darrenr |
Apply a few changes from ipfilter-current: * Do not hold any locks over calls to copyin/copyout. * Clean up some #ifdefs * fix a possible mbuf leak when NAT fails on policy routed packets
PR: 117216
|
#
172776 |
|
18-Oct-2007 |
darrenr |
Pullup IPFilter 4.1.28 from the vendor branch into HEAD.
MFC after: 7 days
|
#
170268 |
|
04-Jun-2007 |
darrenr |
Merge IPFilter 4.1.23 back to HEAD See src/contrib/ipfilter/HISTORY for details of changes since 4.1.13
|
#
165515 |
|
24-Dec-2006 |
darrenr |
TCP Window scaling was being recognised but the recorded settings were being clobbered and thus effectively disabled.
MFC after: 7 days
|
#
161356 |
|
16-Aug-2006 |
guido |
Resolve conflicts
MFC after: 2 weeks
|
#
153876 |
|
30-Dec-2005 |
guido |
Resolve conflicts
|
#
145522 |
|
25-Apr-2005 |
darrenr |
Merge the changes from 3.4.35 to 4.1.8 into the kernel source tree
|
#
139255 |
|
24-Dec-2004 |
darrenr |
Enable fine grained locking within IPFilter, using mtx(9) and sx(9) allowing the the "needs giant" flag to be removed from the driver.
|
#
130886 |
|
21-Jun-2004 |
darrenr |
Update ipfilter from 3.4.31 -> 3.4.35. Some important changes: * block packets that fail to create state table entries * only allow non-fragmented packets to influence whether or not a logged packet is the same as the one logged before. * correct the ICMP packet checksum fixing up when processing ICMP errors for NAT * implement a maximum for the number of entries in the NAT table (NAT_TABLE_MAX and ipf_nattable_max) * frsynclist() wasn't paying attention to all the places where interface names are, like it should. * fix comparing ICMP packets with established TCP state where only 8 bytes of header are returned in the ICMP error.
MFC after: 1 week
|
#
113799 |
|
21-Apr-2003 |
obrien |
Explicitly declare 'int' parameters.
|
#
110921 |
|
15-Feb-2003 |
darrenr |
fix bug in updating of interface pointers when resyncing state
|
#
110916 |
|
15-Feb-2003 |
darrenr |
Commit import changed from vendor branch of ipfilter to -current head
|
#
102520 |
|
28-Aug-2002 |
darrenr |
Finally merge in the changes from ipfilter 3.4.29 to freebsd-current. Main changes here are related to the ftp proxy and making that work better.
|
#
98004 |
|
07-Jun-2002 |
darrenr |
Commit changes that happened in IPFilter versions 3.4.27 - 3.4.28
|
#
95563 |
|
27-Apr-2002 |
darrenr |
Merge updates from 3.4.26 - 3.4.27.
|
#
95418 |
|
25-Apr-2002 |
darrenr |
bring in changes from 3.4.26.
|
#
92685 |
|
19-Mar-2002 |
darrenr |
fix conflicts (mostly damn rcs id's) generated by import
|
#
89336 |
|
14-Jan-2002 |
alfred |
Backout inclusion of queue.h since rev 1.38 sys/file.h now has it included in the right order.
|
#
89316 |
|
13-Jan-2002 |
alfred |
Include sys/_lock.h and sys/_mutex.h to reduce namespace pollution.
Requested by: jhb
|
#
80482 |
|
28-Jul-2001 |
darrenr |
fix conflicts created by import
|
#
75262 |
|
06-Apr-2001 |
darrenr |
fix security hole created by fragment cache
|
#
72006 |
|
04-Feb-2001 |
darrenr |
fix conflicts
|
#
67853 |
|
29-Oct-2000 |
darrenr |
Fix conflicts creted by import.
|
#
67614 |
|
26-Oct-2000 |
darrenr |
fix conflicts from rcsids
|
#
64580 |
|
13-Aug-2000 |
darrenr |
resolve conflicts
|
#
63523 |
|
19-Jul-2000 |
darrenr |
fix conflicts
|
#
60883 |
|
24-May-2000 |
darrenr |
fix duplicate rcsid's
|
#
60854 |
|
24-May-2000 |
darrenr |
fix conflicts
|
#
57126 |
|
10-Feb-2000 |
guido |
Re add rev 1.11 diffs to ip_fil.h Also discover that I did not undefine CVS_FUBAR (which no longer exists) and thus forgot to add $FreeBSD's. Add them.
Approved by: jkh (is part of ipfilter upgrade)
|
#
57096 |
|
09-Feb-2000 |
guido |
Bring over ipfilter v3_3_8 kernel sources, including merging the local modifications. Also fix initializing fr_running in KLD case. Rename ipl_inited to fr_runninhg in mlfk_ipl
Approved by: jkh
|
#
55929 |
|
13-Jan-2000 |
guido |
Bring over ipfilter kernel sources, including merging the local modifications.
|
#
55460 |
|
05-Jan-2000 |
eivind |
KERNEL -> _KERNEL
|
#
54221 |
|
06-Dec-1999 |
guido |
Revive mlfk_ipl here. This version is slightly changed from the old one: an unnecessary define (KLD_MODULE) has been deleted and the initialisation of the module is done after domaininit was called to be sure inet is running.
Some slight changed were made to ip_auth.c and ip_state.c in order to assure including of sys/systm.h in case we make a kld
Make sure ip_fil does nmot include osreldate in kernel mode
Remove mlfk_ipl.c from here: no sources allowed in these directories!
|
#
53642 |
|
23-Nov-1999 |
guido |
Add kernel parts of revived ipfilter (3.3.3.)
|