martin
449c740399
Remove tests for IPN_FRAG bits.
...
There is no place in the source where this bit could ever be set (or I'm
to blind to find it).
This fixes PR 12671.
If someone thinks this is the wrong solution, please make sure to (a) reopen
the PR and (b) explain to me how the tested bits would ever get set. I'll
be glad to then look further for the real cause (i.e. the flags not getting
set in the case described in the PR).
2001-05-20 13:03:39 +00:00
darrenr
0b6031033d
fix fragment cache security hole
2001-04-06 15:32:40 +00:00
mike
fb2dc295a6
Resolve conflicts.
2001-03-26 06:11:46 +00:00
chs
09cb38f22b
expose the definitions of MIN() and MAX() in sys/param.h to the kernel
...
and use those in favor of a dozen copies scattered around the source tree.
2001-02-05 10:42:40 +00:00
veego
fea1509f80
Apply fix from IWAMOTO Toshihiro in pr#10813:
...
rev 1.35 of ip_nat.c checks if packets are too short.
For ICMP packets, this packet length checking double counts
the length of an IP header contained in ICMP messages.
So, unless ICMP packets are long enough (such as echo-reply),
packets are mistakingly considered too short and are dropped.
2000-08-12 08:08:54 +00:00
veego
b3d0df91fb
Resolve conflicts.
2000-08-09 21:00:39 +00:00
veego
d6dd29c882
Resolve conflicts.
2000-06-12 10:28:20 +00:00
veego
4c4ad1d1a5
Resolve conflicts.
2000-05-21 18:45:53 +00:00
veego
8db28cd918
Resolve conflicts and fix a compile error in ip_ftp_pxy.c.
2000-05-11 19:46:05 +00:00
veego
21dea2100c
Resolve conflicts.
2000-05-03 11:12:03 +00:00
chs
46faa6bb58
remove ifdefs to skip htons() on some big-endian platforms.
2000-04-16 20:58:52 +00:00
augustss
8529438fe6
Remove register declarations.
2000-03-30 12:51:13 +00:00
veego
b3bffdf856
Resolve conflicts.
2000-02-01 21:29:15 +00:00
darrenr
1904e0a218
update ipfilter code to 3.3.6
1999-12-28 07:14:53 +00:00
veego
64b2c34646
Resolve conflicts and small fixes.
1999-12-12 11:11:15 +00:00
mycroft
c6d172438d
Minor cleanup to use LONG_SUM() and CALC_SUMD() more.
1999-03-05 07:27:09 +00:00
cjs
8befad84b1
Remove SCCS markers and make these compile in $NetBSD$ IDs.
1999-02-02 19:57:30 +00:00
mrg
78db9d7d95
merge ipf 3.2.10
1998-11-22 15:17:18 +00:00
drochner
1658ac64a8
fix the previous: "securelevel" in kernel only
1998-11-15 17:36:19 +00:00
tls
da1c106b85
In 'highly secure' mode (securelevel >= 2), the filter lists may not be tampered with. It might be desirable to allow enabling of preset filter lists, but it seems too good a candidate for a denial-of-service attack, so we don't.
1998-11-14 07:42:37 +00:00
veego
97ab1bd53b
Resolve conflicts from the import.
1998-07-12 15:23:59 +00:00
veego
a4c89e3e2e
Resolve conflicts from the import of IPFilter 3.2.7.
1998-05-29 20:24:36 +00:00
veego
82423e3d01
Resolve conflicts
1998-05-17 16:50:15 +00:00
scottr
81a5bfdf33
Change from IP-Filter 3.2.3: avoid infinite loop in nat_new() when
...
NAT'ing to a single IP address.
1998-03-29 22:56:00 +00:00
mrg
2a9598ccdf
fixes for memory leaks in proxying, and byte ordering problems. from darren reed.
1997-11-25 03:14:11 +00:00
mrg
84ecff38c2
merge ip-filter 3.2.1
1997-11-14 12:40:06 +00:00
mrg
60c28e1f95
sigh. merge ipfilter 3.2 onto the trunk. merge to the branch was a mistake.
1997-10-30 16:08:54 +00:00
veego
4508fb4354
Resolve conflicts from the merge of ipf 3.2beta5.
1997-09-21 18:00:54 +00:00
kleink
512b9c1d90
Nuke an `#ifdef sparc' conditional around ntohs() usage: this (1) is incomplete
...
and (2) makes no difference anyway. Also, minor KNF.
1997-07-21 16:53:47 +00:00
kleink
b2bead304f
Fix a misplaced brace which caused NAT list corruption; from Dave Huang
...
<khym@bga.com> in PR kern/3872.
1997-07-16 11:06:07 +00:00
thorpej
b19b36aff5
Restore original RCS IDs.
1997-07-06 05:29:13 +00:00
thorpej
329a831bd5
Deal with a bogus warning from -Wuninitialized.
1997-07-06 05:14:08 +00:00
darrenr
729f0dc597
fix conflicts from import
1997-07-05 05:38:14 +00:00
thorpej
41d4822677
Resolve conflicts from merge of 3.2a7, take 2. Also, eliminate some
...
silly differences between the NetBSD copy of the code and the
vendor branch, keeping only those which are necessary. Of those
differences that currently exist, several "portability to NetBSD"
issues, which will be fed back to the ipfilter author.
1997-05-28 00:17:11 +00:00
thorpej
55323c48ca
Make this compile on 32-bit architectures again:
...
- Add prototypes.
- Get arguments to ioctl right (cmd is a u_long in NetBSD)
1997-05-27 01:20:46 +00:00
darrenr
29fab67628
fix conflicts
1997-05-25 12:40:11 +00:00
thorpej
f30d8f327f
Resolve conflicts from merge.
...
XXX !!! XXX !!!
I noticed a few semi-serious bugs while doing this merge, one of which
has existed for a fairly long time. Some of them are addressed in this
commit (because they caused the kernel to not compile), and are annoted
by "XXX" and "--thorpej". The other one will be addressed shortly in
a future commit, and, as far as I can tell, affects all operating systems
which IP Filter supports.
1997-03-29 00:54:55 +00:00
thorpej
b21c166228
ioctl cmd arguments are u_long, not int. Pointed out by
...
Fred L. Templin <templin@nas.nasa.gov>
1997-01-29 02:16:23 +00:00
veego
473d4f54d1
Add $NetBSD$ id's and restore the orginal Id's.
1997-01-05 21:32:18 +00:00
mrg
c1067a3f4b
initial import of darren reed's ip-filter, version 3.1.2.
1997-01-05 13:47:59 +00:00