summaryrefslogtreecommitdiffstats
path: root/sys/contrib/ipfilter/netinet/ip_state.c
Commit message (Collapse)AuthorAgeFilesLines
* MFC r323715:cy2017-09-211-1/+1
| | | | Don't use an apostrophe in a possesive pronoun.
* MFC r323478:cy2017-09-181-4/+4
| | | | Improve the wording of a comment describing why EAGAIN is the error code.
* MFC r316810, r316814, r316816, r316991:cy2017-04-261-1/+2
| | | | | | | | | | | | | | | | | | Keep state incorrectly assumes keep frags. This is counter to the ipfilter man pages. This also currently restricts keep frags to only when keep state is used, which is redundant because keep state currently assumes keep frags. This commit fixes this. To the user this change means that to maintain the current behaviour one must add keep frags to any ipfilter keep state rule (as documented in the man pages). This patch also allows the flexability to specify and use keep frags separate from keep state, as documented in an example in ipf.conf.5, instead of the currently broken behaviour. MFC suggested by: rgrimes Relnotes: yes
* MFC r289480. Really fix ipfilter bug 3600459.cy2015-10-201-2/+1
| | | | Obtained from: ipfilter cvs repo r1.48.2.25, r1.72 and NetBSD repo r1.4
* MFC r287674, r287675. Fix ipfilter bug 3600459 NAT bucket count wrong.cy2015-09-261-1/+2
| | | | Obtained from: ipfilter cvs repo r1.48.2.25
* MFC r287651, r287652, r287653.cy2015-09-191-6/+10
| | | | | | | | | | | | | | | | | | | | | | | Fix mutex errors, fixup typos in comments. Obtained from: NetBSD r1.4. -This lie, anr those below, will be ignored-- > Description of fields to fill in above: 76 columns --| > PR: If a GNATS PR is affected by the change. > Submitted by: If someone else sent in the change. > Reviewed by: If someone else reviewed your modification. > Approved by: If you needed approval for this commit. > Obtained from: If the change is from a third party. > MFC after: N [day[s]|week[s]|month[s]]. Request a reminder email. > MFH: Ports tree branch name. Request approval for merge. > Relnotes: Set to 'yes' for mention in release notes. > Security: Vulnerability reference (one per line) or description. > Sponsored by: If the change was sponsored by an organization. > Differential Revision: https://reviews.freebsd.org/D### (*full* phabric URL needed). > Empty fields above will be automatically removed. _M . M sys/contrib/ipfilter/netinet/ip_state.c
* Update ipfilter 4.1.28 --> 5.1.2.cy2013-09-061-1239/+2386
|\ | | | | | | | | Approved by: glebius (mentor) BSD Licensed by: Darren Reed <darrenr@reed.wattle.id.au> (author)
| * As per the developers handbook (5.3.1 step 1), prepare the vendor trees forcy2013-07-191-4197/+0
| | | | | | | | | | | | | | | | import of new ipfilter vendor sources by flattening them. To keep the tags consistent with dist, the tags are also flattened. Approved by: glebius (Mentor)
| * Import IPFilter 4.1.28darrenr2007-10-181-64/+108
| |
| * Import IPFilter 4.1.23 to vendor branch.darrenr2007-06-041-249/+510
| | | | | | | | See src/contrib/ipfilter/HISTORY for details of changes since 4.1.13
| * Import IP Filter 4.1.13guido2006-08-161-48/+72
| |
| * Import IP Filter version 4.1.10guido2005-12-301-95/+161
| |
| * import ipfilter 4.1.8 into the kernel source treedarrenr2005-04-251-1178/+2673
| |
| * Import ipfilter 3.4.35 (destinated for RELENG_4) to vendor branchdarrenr2004-06-211-58/+114
| |
| * Import IPFilter 3.4.31 into -currentdarrenr2003-02-151-16/+33
| |
| * 3rd time lucky, i hope.darrenr2002-08-281-5/+9
| |
| * Import IPFilter 3.4.28darrenr2002-06-071-7/+12
| |
| * Import version 3.4.27darrenr2002-04-271-31/+37
| |
| * Import IPFilter 3.4.26 kernel sources, including H.323 proxy.darrenr2002-04-251-60/+158
| | | | | | | | | | Include the licence file for both IPFilter and the H.323 proxy (from QNX), for convienence.
| * Import IPFilter 3.4.25 (last version 3.4.20)darrenr2002-03-191-200/+409
| |
| * Import version 3.4.20 of IPFilterdarrenr2001-07-281-33/+44
| |
| * Update IP Filter kernel sourcedarrenr2001-02-041-13/+11
| |
| * Import IP filter 3.4.13darrenr2000-10-291-1/+2
| |
| * Import IP Filter 3.4.12 into kernel source treedarrenr2000-10-261-58/+86
| |
| * Import IP Filter 3.4.9 bits into the kerneldarrenr2000-08-131-50/+248
| |
| * import ipfilter 3.4.8darrenr2000-07-191-4/+22
| |
| * Import IP Filter 3.4.4 into the kerneldarrenr2000-05-241-327/+1193
| |
| * Import ipfilter 3.2.7 kernel componentspeter1998-06-201-30/+118
| |
* | 2020447 IPFilter's NAT can undo name server random port selectiondarrenr2008-07-241-2/+16
| | | | | | | | | | | | Approved by: darrenr MFC after: 1 week Security: CERT VU#521769
* | Apply a few changes from ipfilter-current:darrenr2007-10-301-1/+6
| | | | | | | | | | | | | | | | * Do not hold any locks over calls to copyin/copyout. * Clean up some #ifdefs * fix a possible mbuf leak when NAT fails on policy routed packets PR: 117216
* | Pullup IPFilter 4.1.28 from the vendor branch into HEAD.darrenr2007-10-181-64/+108
| | | | | | | | MFC after: 7 days
* | Merge IPFilter 4.1.23 back to HEADdarrenr2007-06-041-230/+503
| | | | | | | | See src/contrib/ipfilter/HISTORY for details of changes since 4.1.13
* | TCP Window scaling was being recognised but the recorded settings were beingdarrenr2006-12-241-19/+7
| | | | | | | | | | | | clobbered and thus effectively disabled. MFC after: 7 days
* | Resolve conflictsguido2006-08-161-48/+72
| | | | | | | | MFC after: 2 weeks
* | Resolve conflictsguido2005-12-301-93/+161
| |
* | Merge the changes from 3.4.35 to 4.1.8 into the kernel source treedarrenr2005-04-251-1181/+2673
| |
* | Enable fine grained locking within IPFilter, using mtx(9) and sx(9) allowingdarrenr2004-12-241-1/+1
| | | | | | | | the the "needs giant" flag to be removed from the driver.
* | Update ipfilter from 3.4.31 -> 3.4.35. Some important changes:darrenr2004-06-211-51/+83
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * block packets that fail to create state table entries * only allow non-fragmented packets to influence whether or not a logged packet is the same as the one logged before. * correct the ICMP packet checksum fixing up when processing ICMP errors for NAT * implement a maximum for the number of entries in the NAT table (NAT_TABLE_MAX and ipf_nattable_max) * frsynclist() wasn't paying attention to all the places where interface names are, like it should. * fix comparing ICMP packets with established TCP state where only 8 bytes of header are returned in the ICMP error. MFC after: 1 week
* | Explicitly declare 'int' parameters.obrien2003-04-211-0/+1
| |
* | fix bug in updating of interface pointers when resyncing statedarrenr2003-02-151-6/+30
| |
* | Commit import changed from vendor branch of ipfilter to -current headdarrenr2003-02-151-15/+32
| |
* | Finally merge in the changes from ipfilter 3.4.29 to freebsd-current.darrenr2002-08-281-5/+9
| | | | | | | | Main changes here are related to the ftp proxy and making that work better.
* | Commit changes that happened in IPFilter versions 3.4.27 - 3.4.28darrenr2002-06-071-6/+11
| |
* | Merge updates from 3.4.26 - 3.4.27.darrenr2002-04-271-30/+36
| |
* | bring in changes from 3.4.26.darrenr2002-04-251-59/+157
| |
* | fix conflicts (mostly damn rcs id's) generated by importdarrenr2002-03-191-199/+408
| |
* | Backout inclusion of queue.h since rev 1.38 sys/file.h now has italfred2002-01-141-3/+0
| | | | | | | | included in the right order.
* | Include sys/_lock.h and sys/_mutex.h to reduce namespace pollution.alfred2002-01-131-0/+3
| | | | | | | | Requested by: jhb
* | fix conflicts created by importdarrenr2001-07-281-30/+43
| |
* | fix security hole created by fragment cachedarrenr2001-04-061-2/+2
| |
OpenPOWER on IntegriCloud