Commit Graph

13 Commits

Author SHA1 Message Date
kuriyama
741be83f38 Fix typo (s/=/+=/) in previous commit. 2001-06-28 05:18:31 +00:00
kuriyama
50bd3d18aa Merge from netinet/ip_fw.c (1.117 -> 1.118).
o Use syslog(3) interface for logging.

Reviewed by:	ume
MFC after:	10 days
2001-06-24 22:41:00 +00:00
ume
832f8d2249 Sync with recent KAME.
This work was based on kame-20010528-freebsd43-snap.tgz and some
critical problem after the snap was out were fixed.
There are many many changes since last KAME merge.

TODO:
  - The definitions of SADB_* in sys/net/pfkeyv2.h are still different
    from RFC2407/IANA assignment because of binary compatibility
    issue.  It should be fixed under 5-CURRENT.
  - ip6po_m member of struct ip6_pktopts is no longer used.  But, it
    is still there because of binary compatibility issue.  It should
    be removed under 5-CURRENT.

Reviewed by:	itojun
Obtained from:	KAME
MFC after:	3 weeks
2001-06-11 12:39:29 +00:00
kris
1a36de8090 Fix the vulnerability with TCP ECE packets recently fixed in ipfw.
This is untested, but believed to work.
2001-01-23 21:11:28 +00:00
ume
301ceeb33d avoid conflicting #define symbol (s/FW_IFNLEN/IP6&/).
Obtained from:	KAME
2001-01-22 19:20:06 +00:00
bmilekic
4b6a7bddad * Rename M_WAIT mbuf subsystem flag to M_TRYWAIT.
This is because calls with M_WAIT (now M_TRYWAIT) may not wait
  forever when nothing is available for allocation, and may end up
  returning NULL. Hopefully we now communicate more of the right thing
  to developers and make it very clear that it's necessary to check whether
  calls with M_(TRY)WAIT also resulted in a failed allocation.
  M_TRYWAIT basically means "try harder, block if necessary, but don't
  necessarily wait forever." The time spent blocking is tunable with
  the kern.ipc.mbuf_wait sysctl.
  M_WAIT is now deprecated but still defined for the next little while.

* Fix a typo in a comment in mbuf.h

* Fix some code that was actually passing the mbuf subsystem's M_WAIT to
  malloc(). Made it pass M_WAITOK instead. If we were ever to redefine the
  value of the M_WAIT flag, this could have became a big problem.
2000-12-21 21:44:31 +00:00
ume
ee306bc4d0 Make ip6fw as loadable module. 2000-09-23 18:50:59 +00:00
ume
cb7de0289e Make ip6fw zero work.
PR:		bin/20522
2000-08-10 20:41:33 +00:00
itojun
5f4e854de1 sync with kame tree as of july00. tons of bug fixes/improvements.
API changes:
- additional IPv6 ioctls
- IPsec PF_KEY API was changed, it is mandatory to upgrade setkey(8).
  (also syntax change)
2000-07-04 16:35:15 +00:00
jake
961b97d434 Back out the previous change to the queue(3) interface.
It was not discussed and should probably not happen.

Requested by:		msmith and others
2000-05-26 02:09:24 +00:00
jake
d93fbc9916 Change the way that the queue(3) structures are declared; don't assume that
the type argument to *_HEAD and *_ENTRY is a struct.

Suggested by:	phk
Reviewed by:	phk
Approved by:	mdodd
2000-05-23 20:41:01 +00:00
shin
3ca445ef55 Replace m_pkthdr.rcvif with oif when oif is not NULL, to count
icmp6 error statistics based on sending interface.
This also prevent kernel panic when rcvif is not initialized after M_PKTHDR().
(The initialization issue also need to be fixed in the future.)

Approved by: jkh

Submitted by: k-sugyou@kame.net
2000-03-11 20:03:22 +00:00
shin
5a973d3065 Add ip6fw.
Yes it is almost code freeze, but as the result of many thought, now I
think this should be added before 4.0...

make world check, kernel build check is done.

Reviewed by: green
Obtained from: KAME project
2000-01-29 13:54:44 +00:00