summaryrefslogtreecommitdiffstats
path: root/sys/contrib/ipfilter/netinet/ip_frag.c
Commit message (Collapse)AuthorAgeFilesLines
* Fix ipfilter(4) fragment handling panic.delphij2017-04-271-1/+1
| | | | | Security: FreeBSD-SA-17:04.ipfilter Approved by: so
* Remove extraneous blank line.cy2016-05-201-1/+0
| | | | | MFC after: 1 month X-MFC with: r300259
* Enable the two ip_frag tuneables. The code is there but the twocy2016-05-201-1/+20
| | | | | | | | ip_frag tuneables aren't registered in the ipf_tuners linked list. This commmit enables the two existing ip_frag tuneables by registering them. MFC after: 1 month
* Add DTrace probes for packets flagged as bad by ipfilter. All probescy2016-04-071-0/+3
| | | | | | | | for bad packets are named ipf_fi_bad_*. An example of its use might be: dtrace -n 'sdt:::ipf_fi_bad_* { stack(); }' Reviewed by: Darren Reed <darrenr@reed.wattle.id.au>
* Correctly define constants.cy2014-11-281-1/+1
| | | | MFC after: 1 week
* ipfilter bug #558 add in some missing frag table function comments.cy2014-09-241-5/+33
| | | | | Approved by: glebius (mentor) Obtained from: ipfilter CVS repo (r1.36)
* Implement the final missing sysctls by moving ipf_auth_softc_t fromcy2014-04-071-21/+0
| | | | | | | | | ip_auth.c to ip_auth.h. ip_frag_soft_t moves from ip_frag.c to ip_frag.h. mlfk_ipl.c creates sysctl MIBs that reference control blocks that are dynamically created when IP Filter is loaded. This necessitated creating them on-the-fly rather than statically at compile time. Approved by: glebius (mentor)
* Update ipfilter 4.1.28 --> 5.1.2.cy2013-09-061-375/+720
|\ | | | | | | | | Approved by: glebius (mentor) BSD Licensed by: Darren Reed <darrenr@reed.wattle.id.au> (author)
| * As per the developers handbook (5.3.1 step 1), prepare the vendor trees forcy2013-07-191-990/+0
| | | | | | | | | | | | | | | | import of new ipfilter vendor sources by flattening them. To keep the tags consistent with dist, the tags are also flattened. Approved by: glebius (Mentor)
| * Import IPFilter 4.1.28darrenr2007-10-181-9/+9
| |
| * Import IPFilter 4.1.23 to vendor branch.darrenr2007-06-041-33/+163
| | | | | | | | See src/contrib/ipfilter/HISTORY for details of changes since 4.1.13
| * Import IP Filter 4.1.13guido2006-08-161-7/+5
| |
| * Import IP Filter version 4.1.10guido2005-12-301-11/+15
| |
| * import ipfilter 4.1.8 into the kernel source treedarrenr2005-04-251-284/+505
| |
| * Import ipfilter 3.4.35 (destinated for RELENG_4) to vendor branchdarrenr2004-06-211-4/+23
| |
| * Import IPFilter 3.4.31 into -currentdarrenr2003-02-151-2/+2
| |
| * 3rd time lucky, i hope.darrenr2002-08-281-12/+9
| |
| * Import IPFilter 3.4.26 kernel sources, including H.323 proxy.darrenr2002-04-251-2/+2
| | | | | | | | | | Include the licence file for both IPFilter and the H.323 proxy (from QNX), for convienence.
| * Import IPFilter 3.4.25 (last version 3.4.20)darrenr2002-03-191-8/+13
| |
| * Import version 3.4.20 of IPFilterdarrenr2001-07-281-23/+84
| |
| * Update IP Filter kernel sourcedarrenr2001-02-041-11/+10
| |
| * Import IP Filter 3.4.12 into kernel source treedarrenr2000-10-261-10/+13
| |
| * import ipfilter 3.4.8darrenr2000-07-191-1/+4
| |
| * Import IP Filter 3.4.4 into the kerneldarrenr2000-05-241-141/+233
| |
* | Pullup IPFilter 4.1.28 from the vendor branch into HEAD.darrenr2007-10-181-7/+7
| | | | | | | | MFC after: 7 days
* | Merge IPFilter 4.1.23 back to HEADdarrenr2007-06-041-32/+162
| | | | | | | | See src/contrib/ipfilter/HISTORY for details of changes since 4.1.13
* | Resolve conflictsguido2006-08-161-7/+5
| | | | | | | | MFC after: 2 weeks
* | Resolve conflictsguido2005-12-301-8/+14
| |
* | Fix the following warnings on amd64:ru2005-04-291-2/+2
| | | | | | | | | | | | | | /usr/src/sbin/ipf/ipftest/../../../sys/contrib/ipfilter/netinet/ip_frag.c: In function `fr_ipid_newfrag': /usr/src/sbin/ipf/ipftest/../../../sys/contrib/ipfilter/netinet/ip_frag.c:397: warning: cast to pointer from integer of different size /usr/src/sbin/ipf/ipftest/../../../sys/contrib/ipfilter/netinet/ip_frag.c: In function `fr_ipid_knownfrag': /usr/src/sbin/ipf/ipftest/../../../sys/contrib/ipfilter/netinet/ip_frag.c:582: warning: cast from pointer to integer of different size
* | - Comment out duplicate rcsid strings in *.c filesdarrenr2005-04-271-1/+1
| | | | | | | | | | - Move SIOCPROXY from ip_nat.h to ip_proxy.h and fix ip_proxy.h so that it can be easily compiled into kdump, et al.
* | Merge the changes from 3.4.35 to 4.1.8 into the kernel source treedarrenr2005-04-251-283/+505
| |
* | Enable fine grained locking within IPFilter, using mtx(9) and sx(9) allowingdarrenr2004-12-241-1/+1
| | | | | | | | the the "needs giant" flag to be removed from the driver.
* | Update ipfilter from 3.4.31 -> 3.4.35. Some important changes:darrenr2004-06-211-3/+22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * block packets that fail to create state table entries * only allow non-fragmented packets to influence whether or not a logged packet is the same as the one logged before. * correct the ICMP packet checksum fixing up when processing ICMP errors for NAT * implement a maximum for the number of entries in the NAT table (NAT_TABLE_MAX and ipf_nattable_max) * frsynclist() wasn't paying attention to all the places where interface names are, like it should. * fix comparing ICMP packets with established TCP state where only 8 bytes of header are returned in the ICMP error. MFC after: 1 week
* | Commit import changed from vendor branch of ipfilter to -current headdarrenr2003-02-151-1/+1
| |
* | Finally merge in the changes from ipfilter 3.4.29 to freebsd-current.darrenr2002-08-281-10/+7
| | | | | | | | Main changes here are related to the ftp proxy and making that work better.
* | Don't use "NULL" when "0" is really meant.archie2002-08-231-1/+1
| | | | | | | | | | | | But in this case, "-1" is really meant. Reviewed by: darrenr
* | bring in changes from 3.4.26.darrenr2002-04-251-1/+1
| |
* | fix conflicts (mostly damn rcs id's) generated by importdarrenr2002-03-191-7/+12
| |
* | Backout inclusion of queue.h since rev 1.38 sys/file.h now has italfred2002-01-141-3/+0
| | | | | | | | included in the right order.
* | Include sys/_lock.h and sys/_mutex.h to reduce namespace pollution.alfred2002-01-131-0/+3
| | | | | | | | Requested by: jhb
* | fix import/merge related code problemsdarrenr2001-07-301-6/+3
| |
* | fix conflicts created by importdarrenr2001-07-281-17/+60
| |
* | fix security hole created by fragment cachedarrenr2001-04-061-4/+25
| |
* | fix conflictsdarrenr2001-02-041-11/+9
| |
* | fix conflicts from rcsidsdarrenr2000-10-261-9/+12
| |
* | fix conflictsdarrenr2000-07-191-1/+4
| |
* | fix conflictsdarrenr2000-05-241-47/+75
| |
* | Re add rev 1.11 diffs to ip_fil.h Also discover that I did not undefineguido2000-02-101-1/+2
| | | | | | | | | | | | | | CVS_FUBAR (which no longer exists) and thus forgot to add $FreeBSD's. Add them. Approved by: jkh (is part of ipfilter upgrade)
* | Bring over ipfilter v3_3_8 kernel sources, including merging theguido2000-02-091-4/+2
| | | | | | | | | | | | | | | | local modifications. Also fix initializing fr_running in KLD case. Rename ipl_inited to fr_runninhg in mlfk_ipl Approved by: jkh
* | Bring over ipfilter kernel sources, including merging the local modifications.guido2000-01-131-12/+11
| |
OpenPOWER on IntegriCloud