d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
c4fb1f7419
freebsd-skq/sys
History
rwatson c4fb1f7419 o IPFW incorrectly handled filtering in the presence of previously 
reserved and now allocated TCP flags in incoming packets.  This patch
  stops overloading those bits in the IP firewall rules, and moves
  colliding flags to a seperate field, ipflg.  The IPFW userland
  management tool, ipfw(8), is updated to reflect this change.  New TCP
  flags related to ECN are now included in tcp.h for reference, although
  we don't currently implement TCP+ECN.

o To use this fix without completely rebuilding, it is sufficient to copy
  ip_fw.h and tcp.h into your appropriate include directory, then rebuild
  the ipfw kernel module, and ipfw tool, and install both.  Note that a
  mismatch between module and userland tool will result in incorrect
  installation of firewall rules that may have unexpected effects.  This
  is an MFC candidate, following shakedown.  This bug does not appear
  to affect ipfilter.

Reviewed by:	security-officer, billf
Reported by:	Aragon Gouveia <aragon@phat.za.net>
2001-01-09 03:10:30 +00:00
..
alpha Put VCS ids in a consistent place and form. 2001-01-08 06:24:08 +00:00
amd64 Fix a warning. The type of globaldata.gd_prvspace has changed. 2001-01-08 15:25:45 +00:00
arm/include Remove seconds types we don't use that came in thru the NetBSD heiratage. 2001-01-08 06:17:11 +00:00
boot Add commented out examples for the new KTR loader tunables. 2001-01-06 06:52:49 +00:00
cam Add the 'No 6 byte commands' quirk for the Yano ATAPI USB bridge. 2001-01-08 00:32:51 +00:00
coda When p_ucred is passed to the venus daemon, first grab the proc lock to 2000-12-15 00:12:30 +00:00
compat Map FreeBSD character device hard disks to Linux block device hard disks. 2000-12-29 00:44:42 +00:00
compile
conf Move if_wl.c from sys/i386/isa to dev/wi - it is not i386 (or even isa) 2001-01-09 00:44:33 +00:00
contrib Resolve conflicts from the ACPI CA 20001215 vendor import. 2000-12-21 07:04:32 +00:00
crypto This commit was generated by cvs2svn to compensate for changes in r67957, 2000-10-30 11:03:32 +00:00
ddb Use macro API for <sys/queue.h> 2000-12-30 22:06:19 +00:00
dev ISPASYNC_PDB_CHANGED -> ISPASYNC_LOGGED_INOUT. 2001-01-09 02:49:02 +00:00
fs Use macro API to <sys/queue.h> 2000-12-31 10:24:19 +00:00
geom Convert more malloc+bzero to malloc+M_ZERO. 2000-12-08 21:51:06 +00:00
gnu Completed move of Digiboard drivers to dev/dgb 2001-01-08 02:47:37 +00:00
i4b Part 2 of the netgraph rewrite. 2001-01-08 05:34:06 +00:00
i386 Send the old if_wl in the old location to the Attic after a repo copy to 2001-01-09 00:53:06 +00:00
ia64 Put VCS ids in a consistent place and form. 2001-01-08 06:24:08 +00:00
isa Add OZO8008 - Zoom (33.6k Modem). 2000-12-26 06:52:57 +00:00
isofs/cd9660 Convert more malloc+bzero to malloc+M_ZERO. 2000-12-08 21:51:06 +00:00
kern Unset the devclass if the attach fails and the devclass was not set to 2001-01-08 22:16:26 +00:00
libkern Add __ucmpdi2 prototype to quelch a warning. 2000-12-07 22:28:20 +00:00
miscfs Use macro API to <sys/queue.h> 2000-12-31 10:24:19 +00:00
modules Add aic to the list of drivers that might work with NEWCARD. I've added 2001-01-08 01:59:15 +00:00
msdosfs Use macro API to <sys/queue.h> 2000-12-31 10:24:19 +00:00
net Small fix for bpf compat: 2000-12-27 22:20:13 +00:00
netatalk * Rename M_WAIT mbuf subsystem flag to M_TRYWAIT. 2000-12-21 21:44:31 +00:00
netatm * Rename M_WAIT mbuf subsystem flag to M_TRYWAIT. 2000-12-21 21:44:31 +00:00
netgraph Missing FREE(). 2001-01-09 00:49:31 +00:00
netinet o IPFW incorrectly handled filtering in the presence of previously 2001-01-09 03:10:30 +00:00
netinet6 do not touch ra_addr if it is NULL. from IIJ SEIL team 2001-01-02 15:17:19 +00:00
netipx * Rename M_WAIT mbuf subsystem flag to M_TRYWAIT. 2000-12-21 21:44:31 +00:00
netkey Revert previous commit after discussion with phk. 2000-10-30 09:13:46 +00:00
netnatm Convert more malloc+bzero to malloc+M_ZERO. 2000-12-08 21:51:06 +00:00
netncp Common option '-N' do not require an argument. 2001-01-07 07:03:59 +00:00
netns * Rename M_WAIT mbuf subsystem flag to M_TRYWAIT. 2000-12-21 21:44:31 +00:00
nfs NFS O_EXCL file create semantics temporarily uses file attributes to store 2001-01-04 22:45:19 +00:00
nfsclient NFS O_EXCL file create semantics temporarily uses file attributes to store 2001-01-04 22:45:19 +00:00
nfsserver * Rename M_WAIT mbuf subsystem flag to M_TRYWAIT. 2000-12-21 21:44:31 +00:00
ntfs Convert more malloc+bzero to malloc+M_ZERO. 2000-12-08 21:51:06 +00:00
nwfs v_interlock is a mutex now, not simple lock. 2000-11-04 02:42:11 +00:00
pc98 Correct typo. 2001-01-08 09:17:58 +00:00
pccard o Now that I've had time to test the new interface, reintegrate it back in. 2001-01-07 16:31:09 +00:00
pci add missing length argument 2001-01-09 02:12:42 +00:00
posix4 Add $FreeBSD$ 2000-05-01 20:32:07 +00:00
powerpc Remove seconds types we don't use that came in thru the NetBSD heiratage. 2001-01-08 06:17:11 +00:00
rpc
svr4 This patchset fixes a large number of file descriptor race conditions. 2000-11-18 21:01:04 +00:00
sys o Correct typos in comment fields. 2001-01-07 19:21:06 +00:00
tools Simplify this a bit so that it doesn't have to generate silly redundant 2000-12-06 06:59:38 +00:00
ufs o Commit reems of style(9) changes, whitespace improvements, and comment 2001-01-07 23:45:56 +00:00
vm fix comment which was outdated 3 years ago 2000-12-29 13:49:05 +00:00
Makefile I should know better than to touch this without testing a 'make release' 2000-08-24 18:53:09 +00:00