diff options
| author | Darren Reed <darrenr@FreeBSD.org> | 2004-06-21 22:46:36 +0000 |
|---|---|---|
| committer | Darren Reed <darrenr@FreeBSD.org> | 2004-06-21 22:46:36 +0000 |
| commit | 7b807523f4dd61b0b6ec3c27bbf2dc16c7b8f689 (patch) | |
| tree | 30f4ea742da908fc69ce366b603ad6290481d67a /sys/contrib/ipfilter/netinet/ip_frag.h | |
| parent | c38dd4b6bd7a57ea8fcb340d6e6b91a562449abe (diff) | |
| download | src-7b807523f4dd61b0b6ec3c27bbf2dc16c7b8f689.tar.gz src-7b807523f4dd61b0b6ec3c27bbf2dc16c7b8f689.zip | |
Update ipfilter from 3.4.31 -> 3.4.35. Some important changes:
* block packets that fail to create state table entries
* only allow non-fragmented packets to influence whether or not a logged
packet is the same as the one logged before.
* correct the ICMP packet checksum fixing up when processing ICMP errors for NAT
* implement a maximum for the number of entries in the NAT table (NAT_TABLE_MAX
and ipf_nattable_max)
* frsynclist() wasn't paying attention to all the places where interface
names are, like it should.
* fix comparing ICMP packets with established TCP state where only 8 bytes
of header are returned in the ICMP error.
MFC after: 1 week
Notes
Notes:
svn path=/head/; revision=130886
Diffstat (limited to 'sys/contrib/ipfilter/netinet/ip_frag.h')
| -rw-r--r-- | sys/contrib/ipfilter/netinet/ip_frag.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/sys/contrib/ipfilter/netinet/ip_frag.h b/sys/contrib/ipfilter/netinet/ip_frag.h index fc737c7eb9ed..4055cb18874d 100644 --- a/sys/contrib/ipfilter/netinet/ip_frag.h +++ b/sys/contrib/ipfilter/netinet/ip_frag.h @@ -54,6 +54,7 @@ extern int ipfr_nat_newfrag __P((ip_t *, fr_info_t *, struct nat *)); extern nat_t *ipfr_nat_knownfrag __P((ip_t *, fr_info_t *)); extern frentry_t *ipfr_knownfrag __P((ip_t *, fr_info_t *)); extern void ipfr_forget __P((void *)); +extern void ipfr_forgetnat __P((void *)); extern void ipfr_unload __P((void)); extern void ipfr_fragexpire __P((void)); |