Date: Tue, 9 Jan 2001 19:43:34 -0800 (PST) From: Robert Watson <rwatson@FreeBSD.org> To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sbin/ipfw ipfw.c src/sys/netinet ip_fw.c ip_fw.h Message-ID: <200101100343.f0A3hZE77767@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
rwatson 2001/01/09 19:43:34 PST
Modified files: (Branch: RELENG_4)
sbin/ipfw ipfw.c
sys/netinet ip_fw.c ip_fw.h
Log:
o MFC of ECN flag handling fixes in IPFW, respectively:
Revision Changes Path
1.98 +3 -4 src/sbin/ipfw/ipfw.c
1.151 +14 -6 src/sys/netinet/ip_fw.c
1.54 +3 -3 src/sys/netinet/ip_fw.h
Prior commit message:
o IPFW incorrectly handled filtering in the presence of previously
reserved and now allocated TCP flags in incoming packets. This
patch stops overloading those bits in the IP firewall rules, and
moves colliding flags to a seperate field, ipflg. The IPFW userland
management tool, ipfw(8), is updated to reflect this change. New
TCP flags related to ECN are now included in tcp.h for reference,
although we don't currently implement TCP+ECN.
o To use this fix without completely rebuilding, it is sufficient to
copy ip_fw.h and tcp.h into your appropriate include directory,
then rebuild the ipfw kernel module, and ipfw tool, and install
both. Note that a mismatch between module and userland tool will
result in incorrect installation of firewall rules that may have
unexpected effects. This bug does not appear to affect ipfilter.
Reviewed by: security-officer, billf, jedgar
Reported by: Aragon Gouveia <aragon@phat.za.net>
Revision Changes Path
1.80.2.8 +3 -3 src/sbin/ipfw/ipfw.c
1.131.2.11 +14 -6 src/sys/netinet/ip_fw.c
1.47.2.5 +3 -2 src/sys/netinet/ip_fw.h
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200101100343.f0A3hZE77767>