4.1.33 - Release 16 August 2009
2837931 wrong mode selected in ipf program for hash-entries
2826168 load_http can make ippool core dump
2825150 IPL_LOGMAX used to index some arrays
2825084 ipv6 fragments should not be allowed past 64k
2824713 ipfstat top output alternates between entries and nothing
2824712 ipfstat top output is shows negative ttl
2820965 a single bad ipv6 extension header should not impact others
2818197 ignored fragment bits defined as being reserved
2817667 IPv6 fragment header verification needs attention
2817098 fr_getrulen() finds the wrong rule
2817096 fr_rulen is unused
2741019 Lingering states (Established/Listen - 5/0) in state table
2702887 use of PBR/fastroute causes panic with ipv6
2671913 regression test in7 fails to execute
2598625 parsing empty config file results in an error
2698656 test parsing empty config files
2597956 not all pointers in a clone are reset
2543934 nat_t gets assigned ifp too early
2535795 No need to always bump fr_ref
2535778 Bad IPv6 packets droped by default
2031730 4.1.31 Nat drops fragmented packets after the first
2214661 ipf does not handle IPv6 fragments
2473273 NAT removed before RST/ICMP sent
2216500 fin_state serves no purpose
2424604 adding random MD5 data causes panic
2304435 Ineffecient lock usage in logging
2216491 fin_nat serves little purpose
2055619 duplicating a free-d packet will fail
2042949 Excessive locking when creating nat_t
2035610 nat_update does not need to get locks
2214658 ipf mostly ignores locking in NetBSD
1979427 Memory leak in user utilities - token never freed (rel br)
* SunOS4 does not have a curproc, but it does have u.
* The fix for 2020447 generated random port numbers but not within the
range specified in the map rule. Add in a regression test to verify
that the "random" part works.
2020447 NAT can undo name server random port selection
1988795 NetBSD does not build with kernel malloc stats
1988782 fr_movequeue can take a short cut
1988669 first nat creation failure prevents further success
1988668 hostmap searching does not work properly
* on some 64bit architectures (such as alpha), the addrfamily_t is packed
differently, throwing off the calculations for adf_len
* one too many READ_ENTERs in ip_sync code.
* clean up fr_fastroute a little by removing some #ifdefs and pushing the
code around a bit to use the same variables (NetBSD)
* more recent NetBSDs use VOP related macros differently
- Avoid atomics in more places.
- Remove the per-descriptor mutex, and just use filedesc_t::fd_lock.
It was only being used to synchronize close, and in any case we needed
to take fd_lock to free the descriptor slot.
- Optimize certain paths for the <NDFDFILE case.
- Sprinkle more comments and assertions.
- Cache more stuff in filedesc_t.
- Fix numerous minor bugs spotted along the way.
- Restructure how the open files array is maintained, for clarity and so
that we can eliminate the membar_consumer() call in fd_getfile(). This is
mostly syntactic sugar; the main functional change is that fd_nfiles now
lives alongside the open file array.
Some measurements with libmicro:
- simple file syscalls are like close() are between 1 to 10% faster.
- some nice improvements, e.g. poll(1000) which is ~50% faster.
characters and we allocated only 1024.
While here:
- use snprintf to prevent this from happening in the future.
- don't close fd twice on error.
- pass unsigned char to ctype.h functions.
- include <stdbool.h> so bool is available _KERNEL for sys/condvar.h
- include <sys/mutex.h> before defining _KERNEL so it won't try to
include <machine/intr.h> which isn't available to userland.
fixes builds on sparc64.
a "long long" - giving a compilation warning.
Check for the presence of PRIu64 and use that in preference.
Adjust code to avoid multiple printf() calls.
Use unsigned format specifiers in all cases.
enabled (ipf -E) before ipnat is used; this detail is automated by the
rc scripts, but not by ipnat itself. ipf's author agrees this is a doc
bug.
Closes PR kern/33409.
