Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
169,484 Commits 606 Branches 0 Tags 3.1 GiB
Commit Graph

59 Commits

Author SHA1 Message Date
martti abde7e33e0 Fixed IPF bug #1767831 
ipflog() & ipmon ignore IPv6 extension headers
 2007-09-17 18:02:21 +00:00
martti 61078fef5f Revert to previous, it was not working for me correctly... 2007-09-10 06:28:38 +00:00
martti fcbc8c046f Fixed IPF bug #1767831 
ipflog() & ipmon ignore IPv6 extension headers

Patch fetched from the SourceForge bug report.
 2007-09-10 06:12:02 +00:00
martin c77a3f5aad Upgraded IPFilter to v4.1.23 2007-06-16 10:52:24 +00:00
martin 6718c86598 Merge IP-Filter 4.1.22 2007-05-15 22:52:20 +00:00
martin 29fd0d9db1 Import IPFilter 4.1.22 2007-05-15 22:26:02 +00:00
martti 872147fef7 Upgraded IPFilter to 4.1.20 2007-05-01 19:08:03 +00:00
martin 8ebafcc992 Update IPFilter to version 4.1.19 2007-04-14 20:34:18 +00:00
martin 993d757ec6 Import IPFilter 4.1.19 2007-04-14 20:17:19 +00:00
christos 1bb7c537ad Coverity CID 3013: Don't check for NULL after deref! (from Arnaud Lacombe) 2006-10-03 18:18:18 +00:00
christos 18b025cbc8 PR/34286: Gene ENonymous: Increase YYSTACKSIZE so that we can handle huge 
pools.
 2006-08-26 23:20:56 +00:00
mrg 084c052803 quell GCC 4.1 uninitialised variable warnings. 
XXX: we should audit the tree for which old ones are no longer needed
after getting the older compilers out of the tree..
 2006-05-10 21:53:14 +00:00
christos 70a262c03c Coverity CID 785: Prevent NULL pointer dereference if an appropriate group 
is not found.
 2006-04-28 19:49:13 +00:00
darrenr 0df9b5fe68 ipf -Z returns junk and/or can cause a panic (seen on solaris.) 2006-04-18 12:40:49 +00:00
martti 9ea58d54bc Upgraded IPFilter to 4.1.13 2006-04-04 16:17:18 +00:00
martti 983a2072ce Import IPFilter 4.1.13 2006-04-04 16:08:18 +00:00
lukem 311c22130d appease gcc -Wuninitialized 2005-06-02 09:47:37 +00:00
martti 58b8abcbf8 Upgraded IPFilter to 4.1.8 2005-04-03 15:05:30 +00:00
dsl 4bcbdc6712 Reinstate the ntohs() on port numbers returned bu getport() 2005-02-20 21:44:51 +00:00
martin 5605ab81e0 Do not use bogus (long) casts and ntohl() on port numbers. 
Only test for -1 error return from getport().
 2005-02-20 21:15:37 +00:00
martti 460bbcc960 Upgraded IPFilter to 4.1.6 2005-02-19 21:30:24 +00:00
martti 76b5d9e30f Import IPFilter 4.1.6 2005-02-19 21:26:02 +00:00
martti a023cb1d19 Upgraded IPFilter to 4.1.5 2005-02-08 07:01:52 +00:00
martti 4d6a62d250 Import IPFilter 4.1.5 2005-02-08 06:52:59 +00:00
lukem a546e7bfc2 Fix compilation with -UUSE_INET6 2005-01-10 02:08:51 +00:00
darrenr f314fbb0f1 Expand out an unused byte to give each NAT rule a protocol version field, 
allowing rules to be set to match only ipv4/ipv6. And so ipnat must be updated
to actually set this field correctly but to keep things working for old
versions of ipnat (that will set this to 0), make the ioctl handler "update"
the 0 to a 4 to keep things working when people just upgrade kernels.  This
forces NAT rule matching to be limited to ipv4 only, here forward, fixing
kern/28662
 2004-12-16 17:01:02 +00:00
darrenr f3736130c9 Fix a regression from 3.4 behaviour where the destination of a redirect rule 
could be either a hostname or an IP address (now it can only be an IP#)
 2004-11-21 03:44:59 +00:00
he 4a9ab9770a Apply patch from Darren for the ctype() functions/macros. 
Encapsulates the ctype() functions so that the casts are centralized.
 2004-11-13 19:14:48 +00:00
darrenr 541f8060fe In going from 3.4.x to 4.1.x, "state-age" became "age" but the input grammar 
did not allow for backwards compatibility.

PR: kern/27590
 2004-10-30 13:33:58 +00:00
darrenr 346ea4671b Fix bin/25972 and actually add a token to generate the value IPNY_TCPUDP 
as expected by the grammar.
 2004-10-03 20:37:17 +00:00
darrenr 857c5d7740 kern/27086 (should be bin/27086) - the "keep options" only allow one order, 
not both as they should for proper backwards compatibility.
 2004-10-03 20:18:49 +00:00
martti dd39bdf1e1 Allow \ at the end of line so long lines can be splitted and made more 
readable. Without this modification old IPF 3.x and 4.1.1 rules will not
work with IPF 4.1.3. Patch from Darren Reed.
 2004-09-27 08:23:15 +00:00
martti 7ff15b917f Upgraded IPFilter to 4.1.3 2004-07-23 05:39:03 +00:00
martti 9e82a8bf0d Import IPFilter 4.1.3 2004-07-23 05:33:55 +00:00
christos fe028e1238 PR/26882: Matthew Mondor: ipfstat -t fails to restore termios tty state 
if it fails for ipf disabled. Fix from Peter Postma.
 2004-07-14 18:22:10 +00:00
christos 22b751b93d Play more games with yyvarnext to make numeric protocols work again. 
Parsing an ambiguous language with an LR(1) parser is not the best
road to sanity.
 2004-07-12 21:52:01 +00:00
christos a998d914f3 make the code identical to 4.1.2 2004-07-12 18:09:39 +00:00
christos 065a08dedc Sprinkle yyvarnext assignment until the port and proto rules work again. 
XXX: this is not nice.
 2004-07-12 18:09:24 +00:00
christos 5e63f46756 PR/25991: Martin Husemann: ipnat.conf rules don't allow port/protocol names 
Patch applied, but new we have a never reduced rule (dport)
 2004-07-10 16:11:00 +00:00
christos 981c88b630 PR/25992: Grant Beattie: some protocol names in ipf.conf don't work 
patch applied.
 2004-07-10 15:38:28 +00:00
christos b074ee3b58 Attempt to fix PR/25992 [protocol parsing] by bringing these files in from 
4.1.2
 2004-07-08 02:51:24 +00:00
christos aa17268ea7 PR/25993: Grant Beattie: Ipf parser accepts invalid flags in rules 2004-06-29 22:33:25 +00:00
christos c06c3a3172 PR/24989: Arto Selonen: ipfilter 4.1.1 does not behave according to rules 
in ipf.conf
 2004-06-03 20:32:40 +00:00
christos fa159ed2be PR/25594: Arto Huusko: LP64 sign extension bug in ipnat. 
Fix: change to ioctlcmd_t as suggested by darren.
 2004-05-26 20:32:48 +00:00
christos 596171adc5 PR/24961: Arto Selonen: ipfilter 4.1.1 has problems parsing ipf.conf 2004-05-22 17:59:37 +00:00
christos 02a532d111 PR/25532: Geoff C. Wing: a bad icmp-type rule in /etc/ipf.conf can cause ipf 
to segv upon parsing.
 2004-05-22 17:19:25 +00:00
christos 4c00db0b81 PR/24969: Arto Selonen: ipfs does not work at all with 4.1.1. Applied portion 
of the patch that did not conflict with the previous commit. Darren should
take a look at it, and keep what it apropriate.
 2004-05-10 00:50:07 +00:00
christos 191890ee3f PR/21334: Mike M. Volokhov: NAT halts on ipfs(8) restore in case of ftp 
proxy used. Apply userland patch from this PR, since the kernel patch does
not match at all anymore, and seems to have been applied differently.
 2004-05-10 00:36:19 +00:00
christos a218a37d8f PR/25122: Peter Postma: ipfstat state top broken with IPv6 addresses 
patch applied.
 2004-05-09 04:12:03 +00:00
christos e786da0edd PR/25365: HIROSE yuuji: ipf 4.1.1 fails to parse ipv6 address in fastroute 
destination. Patch from darren applied.
 2004-05-09 03:53:23 +00:00