From owner-cvs-all  Mon Jan  8 19:10:49 2001
Delivered-To: cvs-all@freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP
	id 271E637B402; Mon,  8 Jan 2001 19:10:31 -0800 (PST)
Received: (from rwatson@localhost)
	by freefall.freebsd.org (8.11.1/8.11.1) id f093AVW09100;
	Mon, 8 Jan 2001 19:10:31 -0800 (PST)
	(envelope-from rwatson)
Message-Id: <200101090310.f093AVW09100@freefall.freebsd.org>
From: Robert Watson <rwatson@FreeBSD.org>
Date: Mon, 8 Jan 2001 19:10:31 -0800 (PST)
To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject: cvs commit: src/sbin/ipfw ipfw.c src/sys/netinet ip_fw.c ip_fw.h
         tcp.h
X-FreeBSD-CVS-Branch: HEAD
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

rwatson     2001/01/08 19:10:30 PST

  Modified files:
    sbin/ipfw            ipfw.c 
    sys/netinet          ip_fw.c ip_fw.h tcp.h 
  Log:
  o IPFW incorrectly handled filtering in the presence of previously
    reserved and now allocated TCP flags in incoming packets.  This patch
    stops overloading those bits in the IP firewall rules, and moves
    colliding flags to a seperate field, ipflg.  The IPFW userland
    management tool, ipfw(8), is updated to reflect this change.  New TCP
    flags related to ECN are now included in tcp.h for reference, although
    we don't currently implement TCP+ECN.
  
  o To use this fix without completely rebuilding, it is sufficient to copy
    ip_fw.h and tcp.h into your appropriate include directory, then rebuild
    the ipfw kernel module, and ipfw tool, and install both.  Note that a
    mismatch between module and userland tool will result in incorrect
    installation of firewall rules that may have unexpected effects.  This
    is an MFC candidate, following shakedown.  This bug does not appear
    to affect ipfilter.
  
  Reviewed by:	security-officer, billf
  Reported by:	Aragon Gouveia <aragon@phat.za.net>
  
  Revision  Changes    Path
  1.98      +3 -4      src/sbin/ipfw/ipfw.c
  1.151     +14 -6     src/sys/netinet/ip_fw.c
  1.54      +3 -3      src/sys/netinet/ip_fw.h
  1.15      +4 -2      src/sys/netinet/tcp.h



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message