HISTORY revision 26119
1# 2# NOTE: Quite a few patches and suggestions come from other sources, to whom 3# I'm greatly indebted, even if no names are mentioned. 4# 5# Thanks to Craig Bishop of connect.com.au and Sun Microsystems for the 6# loan of a machine to work on a Solaris 2.x port of this software. 7# 83.2alpha7 25/5/97 - Released 9 10add strlen for pre-2.2 kernels - Doug Kite <dkite@websgi.icomnet.com> 11 12setup bits and pieces for compiling into a FreeBSD-2.2 kernel. 13 14split up "bsd" targets. Now a separate netbsd/freebsd/bsd target. 15mln_ipl.c has been split up into itself and mlf_ipl.c (for freebsd). 16 17fix (negative) host matching in filtering. 18 19add sysctl interface for some variables when compiled into FreeBSD-2.2 kernels 20or later. 21 22make all the candidates for kernel compiling include "netinet/..." and build 23a subdirectory "netinet" when compiling and symlink all .h files into this. 24 25add install make target to Makefile.ipsend 26 273.2alpha6 8/5/97 - Released 28 29Add "!" (not) to hostname/ip matching. 30 31Automatically add packet info to the fragment cache if it is a fragment 32and we're translating addreses for. 33 34Automatically add packet info to the fragment cache if it is a fragment 35and we're "keeping state" for the packet. 36 37Solaris2 patches - Anthony Baxter (arb@connect.com.au) 38 39change install procedure for FreeBSD 2.2 to allow building to a kernel 40which is different to the running kernel. 41 42add FIONREAD for Solaris2! 43 44when expiring NAT table entries, if we would set a time to fr_tcpclosed 45(which is 1), make it fr_tcplaskack(20) so that the state tables have a 46chance to clear up. 47 483.2alpha5 49 50add proxying skeleton support and sample ftp transparent proxy code. 51 52add printfs at startup to tell user what is happening. 53 54add packets & bytes for EXPIRE NAT log records. 55 56fix the "install-bsd" target in the root Makefile. Chris Williams 57<psion@mv.mv.com> 58 59Fixes for FreeBSD 2.2 (and later revs) to prevent panics. Julian Assange. 60 613.2alpha4 2/4/97 - Released 62 63Some compiler warnings cleaned up. 64 65FreeBSD-2.2 patches for LKM completed. 66 673.2alpha3 31/3/97 - Released 68 69ipmon changes: -N for reading NAT logfile, -S for reading state logfile. 70-a for reading all. -n now toggles hostname resolution. 71 72Add logging of new state entries and expiration of old state entries. 73count log successes and failures. 74 75Add logging of new NAT entries and expiration of old NAT entries. 76count log successes and failures. 77 78Use u_quad_t for records of bytes & packets where kept 79(IP Accounting: fr_hits, fr_bytes; IP state: is_pkts, is_bytes). 80 81Fixup use of CPU and DCPU in Makefiles. 82 83Fix broken 0/32 NAT mapping. Carl Makin <cmakin@nla.gov.au> 84 853.2alpha2 86 87Implement mapping to 0/32 as being an alias for automatically using the 88interface's first IP address. 89 90Implement separate minor devices for both NAT and IP state code. 91 92Fully prototype all functions. 93 94Fix Makefile problem due to attempt to fix Sun compiling problems. 95 963.1.10 23/3/97 - Released 97 98ipfstat -a requires a -i or -o command line option too. Print an error 99when not present rather than attempt to do something. 100 101patch updates for SunOS4 for kernel compiling. 102patch for ipmon -s (flush's syslog file which isn't good). Andrew J. Schorr 103<schorr@ead.dsa.com> 104 105too many people hit their heads hard when compiling code into the kernel 106that doesn't let any packets through. (fil.c - IPF_NOMATCH) 107 108icmp-type parsing doesn't return any errors when it isn't constructed 109correctly. Neil Readwin 110 111Using "-conf" with modload on SunOS4 doesn't work. 112Timothy Demarest <demarest@arraycomm.com> 113 114Need to define ARCH in makefile for SunOS4 building. "make sunos4" 115in INSTALL.SunOS is incorrect. James R Grinter <jrg@blodwen.demon.co.uk> 116[all SunOS targets now run buildsunos] 117 118NAT lookups are still incorrect, matching non-TCP/UDP with TCP/UDP 119information. ArkanoiD <ark@paranoid.convey.ru> 120 121Need to check for __FreeBSD_version being 199511 rather than 199607 122in mln_ipl.c. Eric Feillant <Eric.Feillant@EUnet.fr> 123 1243.1.9 8/3/97 - Released 125 126fixed incorrect lookup of active NAT entries. 127 128patch for ip_deq() wrong for pre 2.1.6 FreeBSD. 129fyeung@fyeung8.netific.com (Francis Yeung) 130 131check for out with return-rst/return-icmp at wrong place - Erkki Ritoniemi 132(erkki@vlsi.fi) 133 134text_readip returns the interface pointer pointing to text on stack - 135Neil Readwin 136 137fix from Pradeep Krishnan for printout rules "with not opt sec". 138 1393.1.8 18/2/97 - Released 140 141Diffs for ip_output.c and ip_input.c updated to fix bug with fastroute and 142compiling warnings about reuse of m0. 143 144prevent use of return-rst and return-icmp with rules blocking packets going 145out, preventing panics in certain situations. 146 147loop forms in frag cache table - Yury Pshenychny <yura@rd.zgik.zaporizhzhe.ua> 148 149should use SPLNET/SPLX around expire routines in NAT/frag/state code. 150 151redeclared malloc in 44arp.c - 152 1533.1.7 8/2/97 - Released 154 155Macros used for ntohs/htons supplied with gcc don't always work very well 156when the assignment is the same variable being converted. 157 158Filter matching doesn't not match rule which checks tcp flags on packets 159which are fragments - David Wilson 160 1613.1.7beta 30/1/97 - Released 162 163Fix up NAT bugs introduced in last major change (now tested), including 164nat_delete(), nat_lookupredir(), checksum changes, etc. 165 1663.1.7alpha 30/1/97 - Released 167 168Many changes to NAT code, including contributions from Laurent Joncheray 169<lpj@ans.net> 170 171Use "NO_SLEEP" when allocating memory under SunOS. 172 173Make kernel printf's nicer for BSD/SunOS4 174 175Always do a checksum for packets being filtered going out and being 176processed by fastroute. 177 178Leave kernel to play with cdevsw on *BSD systems with LKM's. 179 180ipnat.1 man page fixes. 181 1823.1.6 21/1/97 - Released 183 184Allow NAT to work on BSD systems in conjunction with "pass .. to ifname" 185 186Memory leak introduced in 3.1.3 in NAT lists, clearing of NAT table tried 187to free memory twice. 188 189NAT recalculates IP header checksum based on difference between IP#'s and 190port numbers - should be just IP#'s (Solaris2 only) 191 1923.1.5 13/1/97 - Released 193 194fixed setting of NAT timeouts and use different timeouts for concurrent 195TCP sessions using the same IP# mapping (when port mapping isn't used) 196 197multiple loading/unloading of LKM's doesn't clean up cdevsw properly for 198*BSD systems. 199 2003.1.4 10/1/97 - Released 201 202add command line options -C and -F to ipnat to flush NAT list and table 203 204ipnat -l loops on output - Neil Readwin (nreadwin@nysales.micrognosis.com) 205 206NetBSD/FreeBSD kernel malloc changes - Daniel Carosone 207 2083.1.3 10/1/97 - Released 209 210NAT chains not constructed correctly in hash tables - Antony Y.R Lu 211(antony@hawk.ee.ncku.edu.tw) 212 213Updated INSTALL.NetBSD, INSTALL.FreeBSD and INSTALL.Sol2 214 215man page update (ipf.5) from Daniel Carosone (dan@geek.com.au) 216 217ICMP header checksum update now included in NAT. 218 219Solaris2 needs to modify IP header checksums in ip_natin and ip_natout. 220 2213.1.2 4/12/96 - Released 222 223ipmon doesn't use syslog all the time when given -s option 224 225fixed mclput panic in ip_input.c and replace ntohs() with NTOHS() macro 226 227check the results of hostname resolution in ipnat 228 229"make *install" fixed for subdirectories. 230 231problems with "ARCH:=" and gnu make resolved 232 233parser reports an error for lines with whitespaces only rather than skipping 234them. D.Carosone@abm.com.au (Daniel Carosone) 235 236patches for integration into NetBSD-current (post 1.2). 237 238add an option to allow non-IP packets going up/down the stream on Solaris2 239to be dropped. John Bass. 240 2413.1.2beta 21/11/96 - Released 242 243make ipsend compile on Linux 2.0.24 244 245changes to TCP kept state algorithm, making it watch state on TCP 246connections in both directions. Also use the same algorithm for NAT TCP. 247 248-Wall cleanup - Bernd Ernesti 249 250added "or-block" for "pass .. log or-block" after a suggestion from 251David Oppenheim (davido@optimation.com.au) 252 253added subdirectories for building IP Filter in SunOS5/BSD for different 254cpu architecures 255 256Solaris2 fixes to logging and pre-filtering packet processing - 3.1.1p2 257 258mbuf logging not using mtod(), remove iplbusy - 3.1.1p1 1/11/96 259 2603.1.1 28/10/96 - Released 261 262Installation script fixes and deinstall scripts for IP Filter on: 263SunOS4/FreeBSD/NetBSD 264 265Man page fixes - Paul Dubois (dubois@primate.wisc.edu) 266 267Fix use of SOLARIS macro in ipmon, rewrote ipllog() (again!) 268 269parsing isn't completely case insensitive - David Wilson 270(davidw@optimation.com.au) 271 272Release ipl_mutex across uiomove() calls 273 274print entire rule entries out for "ipf -z" when zero'ing per-rule stats. 275 276ipfstat returns same output for "hits" in "ipfstat -aio" - Terletsky Slavik 277(ts@polynet.lviv.ua) 278 279New algorithm for setting timeouts for TCP connection (more closely follow 280TCP FSM) - Pradeep Krishnan (pkrishna@netcom.com) 281 282Track both window sizes for TCP connections through "keep state". 283 284Solaris2 doesn't like _KERNEL defined in stdargs.h - Jos van Wezel 285(wezel@bio.vu.nl) 286 2873.1.1-beta2 6/10/96 - Released 288 289Solaris2 fastroute/dup-to/to now works 290 291ipmon `record' reading rewritten 292 293Added post-NetBSD1.2 packet filter patches - Mathew Green (mrg@eterna.com.au) 294 295Attempt to use in_proto.c.diff, not "..diffs" for SunOS4 - David Wilson 296(davidw@optimation.com.au) 297 298Michael Ryan (mike@NetworX.ie) reports the following: 299* The Trumpet WinSock under Windows always sends its SYN packet with an ACK 300 value of 1, unlike any other implementation I've seen, which would set it 301 to zero. The "keep state" feature of IP Filter doesn't work when receiving 302 non-zero ACK values on new connection requests. 303* */Makefile install rule doesn't install all the binaries/man pages 304* Make ipnat use "tcp/udp" instead of "tcpudp" 305* Print out "tcp/udp" properly 306* ipnat "portmap tcp" matches "portmap udp" when adding/removing 307* NAT dest. ip# increased by one on mask of 0xffffffff when it shouldn't 308 3093.1.1-beta 1/9/96 - Released 310 311add better detection of TCP connections closing to TCP state monitoring. 312 313fr_addstate() not called correctly for fragments. "keep state" and 314"keep frag" code don't work together 100% - Songqing Cai 315(songqing_cai@sterling.com) 316 317call to fr_addstate() incorrect for adding state in combination with keeping 318fragment information - Songqing Cai (songqing_cai@sterling.com) 319 320KFREE() passed fp (incorrect) and not fr (correct) in ip_frag.c - John Hood 321(cgull@smoke.marlboro.vt.us) 322 323make ipf parser recognise '\\' as a `continued line' marker - Dima Ruban 324(dima@best.net) 325 3263.1.1-alpha 23/8/96 - Released 327 328kernel panic's when ICMP packets go through NAT code 329 330stats aren't zero'd properly with ipf -Z 331 332ipnat doesn't show port numbers correctly all the time and also add the 333protocol (tcp/udp/tcpudp) to rdr output - Carson Gaspar (carson@lehman.com) 334 335fast checksum fixing not 100% - backout patch - Bill Dorsey (dorsey@lila.com) 336 337NetBSD-1.2 patches from - VaX#n8 <vax@linkdead.paranoia.com> 338 339Usage() call error in fils.c - Ajay Shekhawat (ajay@cedar.buffalo.edu) 340 341ip_optcopy() staticly defined in ip_output.c in SunOS4 - Nick Hall 342(nrh@tardis.ed.ac.uk) 343 3443.1.0 7/7/96 - Released 345 346Reformatted ipnat output to be compatible with it's input, so that 347"ipnat -l | ipnat -rf -" is possible. 348 3493.1.0beta 30/6/96 - Released 350 351NetBSD-1.2 patches from Greg Woods (woods@most.weird.com) 352 353kernel module must not be installed stripped (Solaris2), as created by 354"make package" for Solaris2 - Peter Heimann 355(peter@i3.informatik.rwth-aachen.de) 356 3573.1.0alpha 5/6/96 - Released 358 359include examples in package for solaris2 360 361patches for removing an extra ip header checksum (FreeBSD/NetBSD/SunOS) 362 363removed trailing space from printouts of rules in ipf. 364 365ipresend supports the same range of inputs that ipftest does. 366 367sending a duplicate copy of a packet to another network devices is now 368supported. ("dup-to") 369 370sending a packet to an arbitary interface is now supported, irrespective 371of its actual route, with no ttl decrement. Can also be routed without 372the ttl being decremented. ("to" and "fastroute"). 373 374"call" option added to support calling a generic function if a packet is 375matched. 376 377show all (upto 4) recorded bytes from the interface name in logging from 378ipmon. 379 380support for using unix file permissions for read/write access on the device 381is now in place. 382 383recursive mutex in nat_new() for Solaris 2.x - Per L. Hagen <per@stibo.dk> 384 385ipftest doesn't call initparse() for THISHOST - Catherine Allen 386(cla@connect.com.au) 387 388Man page corrections from Rex Bona (rex@pengo.comsmiths.com.au) 389 3903.0.4 10/4/96 - Released 391 392looop in `parsing' IP packets with optlen 0 for ip options. 393 394rule number not initialized and resulted in unexpected results for state 395maching. 396 397option parsing and printing bugs - Pradeep Krishnan 398 3993.0.4beta 25/3/96 - Released 400 401wouldn't parse "keep flags keep state" correctly. 402 403SunOS4.1.x ip_input.c doesn't recognise all 1s broadcast address - Nigel Verdon 404 405patches for BSDI's BSD/OS 2.1 and libpcap reader on little endian systems 406from Thorsten Lockert <tholo@tetherless.com> 407 408b* functions in fil.c on Solaris 2.4 409 4103.0.3 17/3/96 - Released 411 412added patches to support IP Filter initialisation when compiled into the 413kernel. 414 415added -x option to ipmon to display hex dumps of logged packets. 416 417added -H option to ipftest to allow ascii-hex formatted input to specify 418arbitary IP packets. 419 420Sending TCP RSTs as a response now work for Solaris2 x86 421 422add patches to make IP Filter compile into NetBSD kernels properly. 423 424patch to stop SunOS 4.1.x kernels panicing with "data traps". 425 426ipfboot script unloads and reloads ipf module on Solaris2 if it is already 427loaded into the kernel. 428 429Installation of IP Filter as a Solaris2 package is now supported. 430 431Man pages for ipnat.4, ipnat.5 added. 432 433added some more regression tests and fixed up IP Filter to pass the new tests 434(previous versions failed some of the tests in set 12). 435 436IP option filter processing has changed so that saying "with opt lsrr" will 437check only for that one, but not mask out other options, so a packet with 438strict source routing, along with loose source routing will match all of 439"with opt lsrr", "with opt ssrr" and "with opt lsrr,ssrr". 440 441IPL_NAME needed in ipnat.c - Kelly (kelly@count04.mry.scruznet.com) 442 443patches for clean NetBSD compilation from Bernd Ernesti (bernd@arresum.inka.de) 444 445make install is incorrect - Julian Briggs (julian@lightwork.co.uk) 446 447strtol() returns 0x7fffffff for all negative numbers, 448printfr() generates incorrect output for "opt sec-class *", 449handling of "not opt xxx opt yyy" incorrect. 450- Minh Tonthat (minht@sbei.com)/Pradeep Krishnan (pradeepk@sbei.com) 451 452m_pullup() called only for input and not output; caused problems 453with filtering icmp - Nigel Verdon (verdenn@gb.swissbank.com) 454 455parsing problem for "port 1" and NetBSD patches incorrect - 456Andreas Gustafsson (gson@guava.araneus.fi) 457 4583.0.2 4/2/96 - Released 459 460Corrected bug where NAT recalculates checksums for fragments. 461 462make NAT recalculate UDP checksums (rather than setting them to 0), 463if they're non-zero. 464 465DNS patches - Real Page (Real.Page@Matrox.com) 466 467alteration of checksum recalculations in NAT code and addition of 468redirection with NAT - Mike Neuman 469 470core dump, if tcp/udp is used with a port number and not service name, 471in ipf - Mike Neuman (mcn@engarde.com) 472 473initparse() call, missing to prime "<thishost>" hook - Craig Bishop 474 4753.0.1 14/1/96 - Released 476 477miscellaneous patches for Solaris2 478 4793.0 14/1/96 - Released 480 481Patch included for FDDI, from Richard Ohnemus 482(Richard_Ohnemus@dallas.csd.sterling.com) 483 484Code cleanup for release. 485 4863.0beta4 10/1/96 487 488recursive mutex in ipfr_slowtimer fixed, reported by Craig Bishop 489 490recursive mutex in sending TCP RSTs fixed, reported by Tony Becker 491 4923.0beta3 9/1/96 493 494FIxup for Solaris2.5 install and interface name bug in ipftest from 495Julian Briggs (julian@lightwork.co.uk) 496 497Byte order patches for ipmon from Tony Becker (tony@mcrsys.com) 498 4993.0beta2 7/1/96 500 501Added the (somewhat warped) IP accounting as it exists in ipfw on FreeBSD. 502Note, this isn't really what one would call IP account, when compared to 503process accounting, sigh. 504 505Split up ipresend into iptest/ipresend/ipsend 506 507Added another m_pullup() inside fr_check() for BSD style kernels and 508added some checks to ipllog() to not log more than is present (for short 509packets). 510 511Fixed bug where failed hostname/netname resolution goes undetecte and 512becomes 0.0.0.0 (any) (reported Guido van Rooij) 513 5143.0beta 11/11/95 - Released 515 516Rewrote the way rule testing is done, reducing the number of files needed and 517generated. 518 519SIOCIPFFL was incorrectly affected by IPFILTER_LOG (Mathew Green) 520 521Patches from Guido van Rooij to fix sending back TCP RSTs on Net-2/Net-3 522BSD based Unixes (panic'd) 523 524Patches for FreeBSD/i86 ipmon from Riku Kalinen <riku@tequila.nixu.fi> 525(I think someone else already told me about these but they got lost :-/) 526 527Changed Makefile structure to build object files for different operating 528systems in separate directories by default. 529 530BSDI has ef0 for first ethernet interface 531 532Allow for a "not" operator before optional keywords. 533 534The "rule number" was being incorrectly incremented every time it went through 535the loop rather than when it matched a rule. 536 5372.8.2 24/10/95 - Released 538 539Fixed up problems with "textip" for doing lots of testing. 540 541Fixed bug in detection of "short" tcp/ip packets (all reported as being short). 542 543Solaris 2.4 port now works 100%. 544 545Man page errors reported and fixed. 546 547Removed duplicate entry in etc/services for login on port 49 (Craig Bishop). 548 549Fixed ipmon output to put a space after the log-letter. 550 551Patch from Guido van Rooij to fix parsing problem. 552 5532.8.1 15/10/95 - Released 554 555Added ttl and tos filtering. 556 557Patches for fixing up compilation and port problems (little endian) 558from Guido van Rooij <guido@IAEhv.nl>. 559 560Man page problems reported and fixed by Carson Gaspar <carson@lehman.com>. 561 562ipsend doesn't compile properly on Solaris2.4 563 564Lots of work done for Solaris2.4 to make it MT/MP safe and work. 565 5662.8 15/9/95 - Released 567 568ipmon can now send messages to syslogd (-s) and use names instead of 569numbers (-N). 570 571IP packets are now "compiled" into a structure only containing filterable 572bits. 573 574Added regression testing in the test/ subdirectory, using a new option 575(-b) with the ipftest program. 576 577Added "nomatch" return to filter results. These are counted and show 578up in reports from ipfstat. 579 580Moved filter code out of ip_fil.c and into fil.c - there is now only one 581instance of it in the package. 582 583Added Solaris 2.4 support. 584 585Added IPSO basic security option filtering. 586 587Added name support for filtering on all 19 named IP options. 588 589Patches from Ivan Brawley to log packet contents as well as packet headers. 590 591Update for sun/conf.c.diff from Ivan Brawley <ibrawley@awadi.com.AU> 592 593Added patches for FreeBSD 1, and added two new switches (-E, -D) to ipf, 594along with a new ioctl, SIOCFRENB. 595From: Dieter Dworkin Muller <dworkin@village.org> 596 5972.7.3 31/7.95 - Released 598 599Didn't compile cleanly without IPFILTER_LOG defined (Mathew Green). 600 601ipftest now deals with tcpdump3 binary output files (from libpcap) with -P. 602 603Brought ipftest program upto date with actual filter code. 604 605Filter would cause a match to occur when it wasn't meant to if the packet 606had short headers and was missing portions that should have been there. 607Err, it would rightly not match on them, but their absence caused a match 608when it shouldn't have been. 609 6102.7.2 26/7/95 - Released 611 612Problem with filtering just SYN flagged packets reported by 613Dieter Dworkin Muller <dworkin@village.org>. To solve this 614problem, added support for masking TCP flags for comparison "flags X/Y". 615 6162.7.1 9/7/95 - Released 617 618Added ip_dirbroadcast support for Sun ip_input.c 619 620Fixed up the install scripts for FreeBSD/NetBSD to recognise where they are 621better. 622 6232.7 7/7/95 - Released 624 625Added "return-rst" to return TCP RST's to TCP packets. 626 627Actually ported it to FreeBSD-i386 2.0.0, so it works there properly now. 628 629Added insertion of filter rules. Use "@<#>" at the beginning of a filter 630to insert a rule at row #. 631 632Filter keeps track of how many times each rule is matched. 633 634Changed compile time things to match kernel option (IPFILTER_LKM & 635IPFILTER_LOG). 636 637Updated ip_input.c and ip_output.c with paches for 3.5 Multicast IP. 638(No change required for 3.6) 639 640Now includes TCP fragments which start inside the TCP header as being short. 641Added counting the number of times each rule is matched. 642 643 6442.6 11/5/95 - Released 645 646Added -n option to ipf: when supplied, no changes are made to the kernel. 647 648Added installation scripts for SunOS 4.1.x and NetBSD/FreeBSD/BSDI. 649 650Rewrote filtering to use a more generic mask & match procedure for 651checking if a packet matches a rule. 652 6532.5.2 27/4/95 - Released 654 655"tcp/udp" and a non-initialised pointer caused the "proto" to become 656a `random' value; added "ip#/dotted.mask" notation to the BNF. 657From Adam W. Feigin <feigin@iis.ee.ethz.ch> 658 6592.5.1 22/3/95 - Released 660 661"tcp/udp" had a strange effect (undesired) on getserv*() functions, 662causing protocol/service lookups to fail. Reported by Matthew Green. 663 6642.5 17/3/95 - Released 665 666Added a new keyword "all" to BNF and parsing of tcpdump/etherfind/snoop 667output through the ipftest program. Suggestions from: 668Michael Ciavarella (mikec@phyto.apana.org.au) 669 670Conflicts occur when "general" filter rules are used for ports and the 671lack of a "proto" when used with "port" matches other packets when only 672TCP/UDP are implied. 673Reported Matthew Green (mrg@fulcom.com.au); 674reported & fixed 6-8/3/95 675 676Added filtering of short TCP packets using "with short" 28/2/95 677(These can possibly slip by checks for the various flags). Short UDP 678or ICMP are dropped to the floor and logged. 679 680Added filtering of fragmented packets using "with frag" 24/2/95 681 682Port to NetBSD-current completed 20/2/95, using LKM. 683 684Added logging of the rule # which caused the logging to happen and the 685interface on which the packet is currently as suggested by 686Andreas Greulich (greulich@math-stat.unibe.ch) 10/2/95 687 6882.4 9/2/95 - Released 689Fixed saving of IP headers in ICMP packets. 690 6912.3 29/1/95 692Added ipf -F [in|out|all] to flush filter rule sets (SIOCIPFFL). 693Fixed iplread() and iplsave() with help from Marc Huber. 694 6952.2 7/1/95 - Released 696Added code from Marc Huber <huber@fzi.de> to allow it to allocate 697its own major char number dynamically when modload'ing. Fixed up 698use of <, >, <=, >= and >< for ports. 699 7002.1 21/12/94 - Released 701repackaged to include the correct ip_output.c and ip_input.c *goof* 702 7032.0 18/12/94 - Released 704added code to check for port ranges - complete. 705rewrote to work as a loadable kernel module - complete. 706 7071.1 708added code for ouput filtering as well as input filtering and added support for logging to a simple character device of packet headers. 709 7101.0 22/04/93 - Released 711First release cut. 712