Commit Graph

40 Commits

Author SHA1 Message Date
martin 449c740399 Remove tests for IPN_FRAG bits.
There is no place in the source where this bit could ever be set (or I'm
to blind to find it).

This fixes PR 12671.

If someone thinks this is the wrong solution, please make sure to (a) reopen
the PR and (b) explain to me how the tested bits would ever get set. I'll
be glad to then look further for the real cause (i.e. the flags not getting
set in the case described in the PR).
2001-05-20 13:03:39 +00:00
darrenr 0b6031033d fix fragment cache security hole 2001-04-06 15:32:40 +00:00
mike fb2dc295a6 Resolve conflicts. 2001-03-26 06:11:46 +00:00
chs 09cb38f22b expose the definitions of MIN() and MAX() in sys/param.h to the kernel
and use those in favor of a dozen copies scattered around the source tree.
2001-02-05 10:42:40 +00:00
veego fea1509f80 Apply fix from IWAMOTO Toshihiro in pr#10813:
rev 1.35 of ip_nat.c checks if packets are too short.
 For ICMP packets, this packet length checking double counts
 the length of an IP header contained in ICMP messages.
 So, unless ICMP packets are long enough (such as echo-reply),
 packets are mistakingly considered too short and are dropped.
2000-08-12 08:08:54 +00:00
veego b3d0df91fb Resolve conflicts. 2000-08-09 21:00:39 +00:00
veego d6dd29c882 Resolve conflicts. 2000-06-12 10:28:20 +00:00
veego 4c4ad1d1a5 Resolve conflicts. 2000-05-21 18:45:53 +00:00
veego 8db28cd918 Resolve conflicts and fix a compile error in ip_ftp_pxy.c. 2000-05-11 19:46:05 +00:00
veego 21dea2100c Resolve conflicts. 2000-05-03 11:12:03 +00:00
chs 46faa6bb58 remove ifdefs to skip htons() on some big-endian platforms. 2000-04-16 20:58:52 +00:00
augustss 8529438fe6 Remove register declarations. 2000-03-30 12:51:13 +00:00
veego b3bffdf856 Resolve conflicts. 2000-02-01 21:29:15 +00:00
darrenr 1904e0a218 update ipfilter code to 3.3.6 1999-12-28 07:14:53 +00:00
veego 64b2c34646 Resolve conflicts and small fixes. 1999-12-12 11:11:15 +00:00
mycroft c6d172438d Minor cleanup to use LONG_SUM() and CALC_SUMD() more. 1999-03-05 07:27:09 +00:00
cjs 8befad84b1 Remove SCCS markers and make these compile in $NetBSD$ IDs. 1999-02-02 19:57:30 +00:00
mrg 78db9d7d95 merge ipf 3.2.10 1998-11-22 15:17:18 +00:00
drochner 1658ac64a8 fix the previous: "securelevel" in kernel only 1998-11-15 17:36:19 +00:00
tls da1c106b85 In 'highly secure' mode (securelevel >= 2), the filter lists may not be tampered with. It might be desirable to allow enabling of preset filter lists, but it seems too good a candidate for a denial-of-service attack, so we don't. 1998-11-14 07:42:37 +00:00
veego 97ab1bd53b Resolve conflicts from the import. 1998-07-12 15:23:59 +00:00
veego a4c89e3e2e Resolve conflicts from the import of IPFilter 3.2.7. 1998-05-29 20:24:36 +00:00
veego 82423e3d01 Resolve conflicts 1998-05-17 16:50:15 +00:00
scottr 81a5bfdf33 Change from IP-Filter 3.2.3: avoid infinite loop in nat_new() when
NAT'ing to a single IP address.
1998-03-29 22:56:00 +00:00
mrg 2a9598ccdf fixes for memory leaks in proxying, and byte ordering problems. from darren reed. 1997-11-25 03:14:11 +00:00
mrg 84ecff38c2 merge ip-filter 3.2.1 1997-11-14 12:40:06 +00:00
mrg 60c28e1f95 sigh. merge ipfilter 3.2 onto the trunk. merge to the branch was a mistake. 1997-10-30 16:08:54 +00:00
veego 4508fb4354 Resolve conflicts from the merge of ipf 3.2beta5. 1997-09-21 18:00:54 +00:00
kleink 512b9c1d90 Nuke an `#ifdef sparc' conditional around ntohs() usage: this (1) is incomplete
and (2) makes no difference anyway.  Also, minor KNF.
1997-07-21 16:53:47 +00:00
kleink b2bead304f Fix a misplaced brace which caused NAT list corruption; from Dave Huang
<khym@bga.com> in PR kern/3872.
1997-07-16 11:06:07 +00:00
thorpej b19b36aff5 Restore original RCS IDs. 1997-07-06 05:29:13 +00:00
thorpej 329a831bd5 Deal with a bogus warning from -Wuninitialized. 1997-07-06 05:14:08 +00:00
darrenr 729f0dc597 fix conflicts from import 1997-07-05 05:38:14 +00:00
thorpej 41d4822677 Resolve conflicts from merge of 3.2a7, take 2. Also, eliminate some
silly differences between the NetBSD copy of the code and the
vendor branch, keeping only those which are necessary.  Of those
differences that currently exist, several "portability to NetBSD"
issues, which will be fed back to the ipfilter author.
1997-05-28 00:17:11 +00:00
thorpej 55323c48ca Make this compile on 32-bit architectures again:
- Add prototypes.
- Get arguments to ioctl right (cmd is a u_long in NetBSD)
1997-05-27 01:20:46 +00:00
darrenr 29fab67628 fix conflicts 1997-05-25 12:40:11 +00:00
thorpej f30d8f327f Resolve conflicts from merge.
XXX !!! XXX !!!
I noticed a few semi-serious bugs while doing this merge, one of which
has existed for a fairly long time.  Some of them are addressed in this
commit (because they caused the kernel to not compile), and are annoted
by "XXX" and "--thorpej".  The other one will be addressed shortly in
a future commit, and, as far as I can tell, affects all operating systems
which IP Filter supports.
1997-03-29 00:54:55 +00:00
thorpej b21c166228 ioctl cmd arguments are u_long, not int. Pointed out by
Fred L. Templin <templin@nas.nasa.gov>
1997-01-29 02:16:23 +00:00
veego 473d4f54d1 Add $NetBSD$ id's and restore the orginal Id's. 1997-01-05 21:32:18 +00:00
mrg c1067a3f4b initial import of darren reed's ip-filter, version 3.1.2. 1997-01-05 13:47:59 +00:00