diff options
author | cy <cy@FreeBSD.org> | 2017-04-26 02:37:25 +0000 |
---|---|---|
committer | cy <cy@FreeBSD.org> | 2017-04-26 02:37:25 +0000 |
commit | 514018bd92fda890355773ca2f09dd025081119d (patch) | |
tree | fc1578f0cbe54cbd21d3624fbb9dfa7ae599e8f9 /UPDATING | |
parent | 07de40498e933557fe781ebeae22608d613aea0b (diff) | |
download | FreeBSD-src-514018bd92fda890355773ca2f09dd025081119d.zip FreeBSD-src-514018bd92fda890355773ca2f09dd025081119d.tar.gz |
MFC r316810, r316814, r316816, r316991:
Keep state incorrectly assumes keep frags. This is counter to the
ipfilter man pages. This also currently restricts keep frags to only when
keep state is used, which is redundant because keep state currently
assumes keep frags. This commit fixes this.
To the user this change means that to maintain the current behaviour
one must add keep frags to any ipfilter keep state rule (as documented
in the man pages).
This patch also allows the flexability to specify and use keep frags
separate from keep state, as documented in an example in ipf.conf.5,
instead of the currently broken behaviour.
MFC suggested by: rgrimes
Relnotes: yes
Diffstat (limited to 'UPDATING')
-rw-r--r-- | UPDATING | 9 |
1 files changed, 9 insertions, 0 deletions
@@ -21,6 +21,15 @@ from older version of current across the gcc/clang cutover is a bit fragile. use any explicitly assigned loopback address available in the jail instead of using the first assigned address of the jail. +20170413: + As of r316810 for ipfilter, keep frags is no longer assumed when + keep state is specified in a rule. r316810 aligns ipfilter with + documentation in man pages separating keep frags from keep state. + This allows keep state to specified without forcing keep frags + and allows keep frags to be specified independently of keep state. + To maintain previous behaviour, also specify keep frags with + keep state (as documented in ipf.conf.5). + 20170402: Clang, llvm, lldb, compiler-rt and libc++ have been upgraded to 4.0.0. Please see the 20141231 entry below for information about prerequisites |