Close the ip-fragment hole.
Waste less memory.
Rewrite to contemporary more readable style.
Kill separate IPACCT facility, use "accept" rules in IPFIREWALL.
Filter incoming >and< outgoing packets.
Replace "policy" by sticky "deny all" rule.
Rules have numbers used for ordering and deletion.
Remove "rerorder" code entirely.
Count packet & bytecount matches for rules.
Code in -current & -stable is now the same.
matching IP options..Check and test this - i made only a couple
of rough tests and this could be buggy.. Ipaccounting can't use
IP Options (and i don't see any need to cound packets with specific
options either..)
More to come...
incorrect indents, a variety of poor coding practices such as comparing
pointers to constants ('0'), poor code structuring, etc, etc. This brings
the code up to the minimum standards for inclusion in FreeBSD.
2) Rewrote "bad_packet" code to be less buggy and more readable.
3) Removed a pile of goto's; the code is now somewhat less reminiscent
of a certain Italian pasta.
4) Changed all boolean returns of "0" and "1" to FALSE/TRUE.
1) Firewall is not subdivided on forwarding / blocking chains
anymore.Actually only one chain left-it was the blocking one.
2) LKM support.ip_fwdef.c is function pointers definition and
goes into kernel along with all INET stuff.
I think it's time for Ugen to get a freefall account, just so I can
direct mail at him directly and let him drop off patches for us here. Ugen?
Done!
Submitted by: ugen
