Aren/NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
120,261 Commits 606 Branches 0 Tags 3.1 GiB
8647bce8c6
Commit Graph

59 Commits

Author SHA1 Message Date
agc
aad01611e7 Move UCB-licensed code from 4-clause to 3-clause licence. 
Patches provided by Joel Baker in PR 22364, verified by myself.
 2003-08-07 16:26:28 +00:00
martti
b69124b84c Resync with official IPF 2002-09-19 08:12:43 +00:00
martti
87f18f024e Upgraded IPFilter to 3.4.29 2002-09-19 08:08:14 +00:00
itojun
f192b66b94 whitespace 2002-06-09 16:33:36 +00:00
martti
6f5d858e4b Fix compilation problems 2002-05-02 17:13:27 +00:00
martti
e74092de02 Upgraded IPFilter to 3.4.27 2002-05-02 17:11:37 +00:00
martti
83b3487b70 Upgraded IPFilter to 3.4.25 2002-03-14 12:32:36 +00:00
martti
7a8f11612c Re-sync with IPFilter 2002-01-24 08:23:40 +00:00
martti
b9920d0f43 Upgraded IPFilter to 3.4.23 2002-01-24 08:21:30 +00:00
lukem
2565646230 don't need <sys/types.h> when including <sys/param.h> 2001-11-15 09:47:59 +00:00
lukem
ea1cd7eb08 add RCSIDs 2001-11-13 00:32:34 +00:00
matt
da5a70805c Convert netinet to not use the internal <sys/queue.h> field names 
but instead the access macros.  Use the FOREACH macros where appropriate.
 2001-11-04 20:55:25 +00:00
thorpej
ad9d3794b0 Implement support for IP/TCP/UDP checksum offloading provided by 
network interfaces.  This works by pre-computing the pseudo-header
checksum and caching it, delaying the actual checksum to ip_output()
if the hardware cannot perform the sum for us.  In-bound checksums
can either be fully-checked by hardware, or summed up for final
verification by software.  This method was modeled after how this
is done in FreeBSD, although the code is significantly different in
most places.

We don't delay checksums for IPv6/TCP, but we do take advantage of the
cached pseudo-header checksum.

Note: hardware-assisted checksumming defaults to "off".  It is
enabled with ifconfig(8).  See the manual page for details.

Implement hardware-assisted checksumming on the DP83820 Gigabit Ethernet,
3c90xB/3c90xC 10/100 Ethernet, and Alteon Tigon/Tigon2 Gigabit Ethernet.
 2001-06-02 16:17:09 +00:00
mike
fb2dc295a6 Resolve conflicts. 2001-03-26 06:11:46 +00:00
chs
09cb38f22b expose the definitions of MIN() and MAX() in sys/param.h to the kernel 
and use those in favor of a dozen copies scattered around the source tree.
 2001-02-05 10:42:40 +00:00
jdolecek
34c8ae80da constify 2001-01-18 20:28:15 +00:00
thorpej
e37508421d Due to a quirk (err, bug?) in IP Filter (mbuf freed without setting *mp 
to NULL), the NULL check is insufficient.  Also make sure fr_check()
returned 0.
 2000-11-12 19:50:47 +00:00
thorpej
cbf6f69cb2 Oops, the mbuf may have been freed -- do a NULL check in the wrapper. 2000-11-12 19:29:31 +00:00
thorpej
65fd25ea82 Restructure the PFIL_HOOKS mechanism a bit: 
- All packets are passed to PFIL_HOOKS as they come off the wire, i.e.
  fields in protocol headers in network order, etc.
- Allow for multiple hooks to be registered, using a "key" and a "dlt".
  The "dlt" is a BPF data link type, indicating what type of header is
  present.
- INET and INET6 register with key == AF_INET or AF_INET6, and
  dlt == DLT_RAW.
- PFIL_HOOKS now take an argument for the filter hook, and mbuf **,
  an ifnet *, and a direction (PFIL_IN or PFIL_OUT), thus making them
  less IP (really, IP Filter) centric.

Maintain compatibility with IP Filter by adding wrapper functions for
IP Filter.
 2000-11-11 00:52:36 +00:00
itojun
97c873b9b0 ipfilter currently supports IPv4 only. do not try to touch non-IPv4 
packets.  PR 11082.

This is a short-term workaround.  whenever new ipfilter comes out with
proper non-IPv4 support, we should migrate to the new ipfilter.
 2000-10-08 13:01:30 +00:00
enami
beb808e530 Put # endif directive after the right (i.e., matching) close brace 
to prevent compilation error.
 2000-08-12 14:17:13 +00:00
veego
35df2482b0 Protect a IPLLOG with ifdef IPFILTER_LOG. Patch from Darren Reed. 2000-08-12 08:04:18 +00:00
veego
b3d0df91fb Resolve conflicts. 2000-08-09 21:00:39 +00:00
veego
d6dd29c882 Resolve conflicts. 2000-06-12 10:28:20 +00:00
veego
c02ef5cc85 Resolve conflicts. 2000-05-23 06:07:42 +00:00
veego
4c4ad1d1a5 Resolve conflicts. 2000-05-21 18:45:53 +00:00
veego
8db28cd918 Resolve conflicts and fix a compile error in ip_ftp_pxy.c. 2000-05-11 19:46:05 +00:00
itojun
4a12628c71 correct out-of-bound access when hlen == 1 and opt > 1. 
reviewed by darren, darren committed to freebsd fil.c (1.12 -> 1.13)
so it should be correct enough.
 2000-05-10 00:08:03 +00:00
veego
21dea2100c Resolve conflicts. 2000-05-03 11:12:03 +00:00
augustss
8529438fe6 Remove register declarations. 2000-03-30 12:51:13 +00:00
veego
b3bffdf856 Resolve conflicts. 2000-02-01 21:29:15 +00:00
veego
64b2c34646 Resolve conflicts and small fixes. 1999-12-12 11:11:15 +00:00
cjs
8befad84b1 Remove SCCS markers and make these compile in $NetBSD$ IDs. 1999-02-02 19:57:30 +00:00
mycroft
b790730226 Fix problems with fr_tcpsum() that prevented the FTP proxy from working. 1999-01-23 08:50:52 +00:00
mrg
a94214bdd0 add a patch from darren reed, to make ipfilter use our cksum routine. 1998-11-26 12:21:47 +00:00
mrg
78db9d7d95 merge ipf 3.2.10 1998-11-22 15:17:18 +00:00
veego
97ab1bd53b Resolve conflicts from the import. 1998-07-12 15:23:59 +00:00
cgd
dd8ed56342 Another demonstration that when you're converting variables from 'long's 
to fixed 32-bit integers, you have to exercise care.
 1998-05-31 19:39:13 +00:00
veego
a4c89e3e2e Resolve conflicts from the import of IPFilter 3.2.7. 1998-05-29 20:24:36 +00:00
veego
82423e3d01 Resolve conflicts 1998-05-17 16:50:15 +00:00
thorpej
77af553e79 If packets are passed through IP Filter at all, don't allow fast-forward 
flow entries to be created for them.

Eventually, IP Filter should be extended to allow IP src/dst pairs to
be specified as "fast forward OK".
 1998-05-01 03:28:14 +00:00
mrg
fc911d1529 fix checksum problems (from marc boucher via darren reed). 1997-11-17 14:33:46 +00:00
mrg
84ecff38c2 merge ip-filter 3.2.1 1997-11-14 12:40:06 +00:00
mrg
60c28e1f95 sigh. merge ipfilter 3.2 onto the trunk. merge to the branch was a mistake. 1997-10-30 16:08:54 +00:00
veego
4508fb4354 Resolve conflicts from the merge of ipf 3.2beta5. 1997-09-21 18:00:54 +00:00
mrg
02e5531ec7 put back IPFILTER_DEFAULT_BLOCK, as documented in options(4). 1997-07-08 05:54:02 +00:00
thorpej
b19b36aff5 Restore original RCS IDs. 1997-07-06 05:29:13 +00:00
thorpej
ab01c534f6 Fix a bug caught by gcc: add parenthesis to properly group a test. 1997-07-06 05:10:41 +00:00
darrenr
729f0dc597 fix conflicts from import 1997-07-05 05:38:14 +00:00
mrg
c258d0d05e make it "options IPFILTER_DEFAULT_BLOCK". 1997-06-16 13:38:05 +00:00