Aren/NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
161,806 Commits 606 Branches 0 Tags 3.1 GiB
61078fef5f
Commit Graph

27 Commits

Author SHA1 Message Date
martti
20df8bbd24 Fixed IPF bug #1785199 
fr_natderef causes lock contention and performance slowdown

Patch fetched from the SourceForge bug report.
 2007-09-10 06:07:01 +00:00
martin
c77a3f5aad Upgraded IPFilter to v4.1.23 2007-06-16 10:52:24 +00:00
martti
6b17040b66 Fix problems with stateful filtering. Patch received from darrenr@. 2007-05-25 06:44:20 +00:00
martin
6718c86598 Merge IP-Filter 4.1.22 2007-05-15 22:52:20 +00:00
dogcow
93c1d76796 Instead of manually multiplying out the magic numbers, use * 15 / 10 instead 
of * 1.5; this seems to placate the various compilers into not requiring fp.
 2007-05-02 18:47:27 +00:00
dogcow
36f6a11c63 gcc is too clueless on some platforms to tell that 
(number divisible by 2 * 1.5) is an int, and thus fails spectacularly
at either link or compile time. replace exprs with their int values.
 2007-05-02 02:59:54 +00:00
martti
872147fef7 Upgraded IPFilter to 4.1.20 2007-05-01 19:08:03 +00:00
jnemeth
7456457055 Add a define for caddr_t to ip_compat.h and revert most of the 
special cases for it.  This is to simplify the code to prepare it
for pullup to netbsd-4 and submitting back upstream.  The change
was requested by martin@.
 2007-04-27 10:17:15 +00:00
martin
da6823c65c A few tweaks (no effect on NetBSD-current) to make syncing with upstream 
easier.
 2007-04-15 10:42:40 +00:00
martin
8ebafcc992 Update IPFilter to version 4.1.19 2007-04-14 20:34:18 +00:00
christos
53524e44ef Kill caddr_t; there will be some MI fallout, but it will be fixed shortly. 2007-03-04 05:59:00 +00:00
darrenr
54726f45ee TCP window scaling was being recognised but the recorded settins were being 
clobbered and thus effectively disabled
 2006-12-24 02:31:16 +00:00
christos
168cd830d2 __unused removal on arguments; approved by core. 2006-11-16 01:32:37 +00:00
dogcow
372e6ef309 now that we have -Wno-unused-parameter, back out all the tremendously ugly 
code to gratuitously access said parameters.
 2006-10-17 18:21:29 +00:00
dogcow
2023789a40 More -Wunused fallout. sprinkle __unused when possible; otherwise, use the 
do { if (&x) {} } while (/* CONSTCOND */ 0);
construct as suggested by uwe in <20061012224845.GA9449@snark.ptc.spbu.ru>.
 2006-10-13 16:53:35 +00:00
christos
4d595fd7b1 - sprinkle __unused on function decls. 
- fix a couple of unused bugs
- no more -Wno-unused for i386
 2006-10-12 01:30:41 +00:00
elad
fc9422c9d9 integrate kauth. 2006-05-14 21:31:52 +00:00
martti
7967220333 Removed BROKEN_TCP_WINDOW_CHECK hack. 2006-04-04 16:19:05 +00:00
martti
9ea58d54bc Upgraded IPFilter to 4.1.13 2006-04-04 16:17:18 +00:00
christos
95e1ffb156 merge ktrace-lwp. 2005-12-11 12:16:03 +00:00
martti
58b8abcbf8 Upgraded IPFilter to 4.1.8 2005-04-03 15:05:30 +00:00
christos
3136f75efa defopt IPFILTER_DEFAULT_BLOCK 2005-03-26 18:08:42 +00:00
martti
460bbcc960 Upgraded IPFilter to 4.1.6 2005-02-19 21:30:24 +00:00
martti
a023cb1d19 Upgraded IPFilter to 4.1.5 2005-02-08 07:01:52 +00:00
christos
78ec5c8f06 Disable the oow test because it is broken. It is killing valid packets. 2005-01-16 02:56:22 +00:00
darrenr
8fe036145c * Prevent hang when attempting to flush state entries for ipv4 when ipv6 
are present or vice versa
* Fix matching of IPv6 state entries when the initial packet is a
  sent to a multicast address.  This includes not updating the address as
  being fixed when a second (or further) such packet is seen before a reply.
* Disable code, for now, that limited how many ICMP packets could match a
  state entry based on the number of real packets seen.
 2004-10-07 03:57:02 +00:00
christos
f33294b6a4 Moved from sys/netinet as part of the ipfilter separation. 2004-10-01 15:25:59 +00:00