cvs commit: src/sys/contrib/ipfilter/netinet fil.c ip_auth.c ip_compat.h ip_fil.c ip_fil.h ip_frag.c ip_frag.h ip_ftp_pxy.c ip_log.c ip_nat.c ip_nat.h ip_raudio_pxy.c ip_rcmd_pxy.c ip_state.c ip_state.h ipl.h

Darren Reed darrenr at FreeBSD.org
Mon Jun 21 15:46:37 PDT 2004 

darrenr     2004-06-21 22:46:36 UTC

  FreeBSD src repository

  Modified files:
    sys/contrib/ipfilter/netinet fil.c ip_auth.c ip_compat.h 
                                 ip_fil.c ip_fil.h ip_frag.c 
                                 ip_frag.h ip_ftp_pxy.c ip_log.c 
                                 ip_nat.c ip_nat.h ip_raudio_pxy.c 
                                 ip_rcmd_pxy.c ip_state.c 
                                 ip_state.h ipl.h 
  Log:
  Update ipfilter from 3.4.31 -> 3.4.35.  Some important changes:
  * block packets that fail to create state table entries
  * only allow non-fragmented packets to influence whether or not a logged
    packet is the same as the one logged before.
  * correct the ICMP packet checksum fixing up when processing ICMP errors for NAT
  * implement a maximum for the number of entries in the NAT table (NAT_TABLE_MAX
    and ipf_nattable_max)
  * frsynclist() wasn't paying attention to all the places where interface
    names are, like it should.
  * fix comparing ICMP packets with established TCP state where only 8 bytes
    of header are returned in the ICMP error.
  
  MFC after:      1 week
  
  Revision  Changes    Path
  1.38      +251 -41   src/sys/contrib/ipfilter/netinet/fil.c
  1.34      +20 -4     src/sys/contrib/ipfilter/netinet/ip_auth.c
  1.23      +8 -5      src/sys/contrib/ipfilter/netinet/ip_compat.h
  1.45      +72 -32    src/sys/contrib/ipfilter/netinet/ip_fil.c
  1.26      +2 -2      src/sys/contrib/ipfilter/netinet/ip_fil.h
  1.25      +22 -3     src/sys/contrib/ipfilter/netinet/ip_frag.c
  1.16      +1 -0      src/sys/contrib/ipfilter/netinet/ip_frag.h
  1.24      +21 -15    src/sys/contrib/ipfilter/netinet/ip_ftp_pxy.c
  1.27      +6 -6      src/sys/contrib/ipfilter/netinet/ip_log.c
  1.34      +176 -208  src/sys/contrib/ipfilter/netinet/ip_nat.c
  1.21      +27 -14    src/sys/contrib/ipfilter/netinet/ip_nat.h
  1.10      +0 -6      src/sys/contrib/ipfilter/netinet/ip_raudio_pxy.c
  1.11      +1 -4      src/sys/contrib/ipfilter/netinet/ip_rcmd_pxy.c
  1.33      +83 -51    src/sys/contrib/ipfilter/netinet/ip_state.c
  1.15      +1 -0      src/sys/contrib/ipfilter/netinet/ip_state.h
  1.22      +1 -1      src/sys/contrib/ipfilter/netinet/ipl.h

More information about the cvs-src mailing list