#
336039 |
|
06-Jul-2018 |
jamie |
MFC r335921:
Allow jail names (not just IDs) to be specified for: cpuset(1), ipfw(8), sockstat(1), ugidfw(8) These are the last of the jail-aware userland utilities that didn't work with names.
PR: 229266 Differential Revision: D16047
|
#
296311 |
|
02-Mar-2016 |
ae |
MFC r295969: Fix bug in filling and handling ipfw's O_DSCP opcode. Due to integer overflow CS4 token was handled as BE.
PR: 207459 Approved by: re (gjb)
|
#
289170 |
|
12-Oct-2015 |
ae |
MFC r288528: Fix possible segmentation fault.
PR: 203494
|
#
289170 |
|
12-Oct-2015 |
ae |
MFC r288528: Fix possible segmentation fault.
PR: 203494
|
#
288134 |
|
22-Sep-2015 |
dim |
MFC r286702:
In ipfw2, avoid left-shifting negative integers, which is undefined. While here, make some other arguments to htonl(3) unsigned too.
|
#
287963 |
|
18-Sep-2015 |
melifaro |
MFC r266310
Fix wrong formatting of 0.0.0.0/X table records in ipfw(8).
Add `flags` u16 field to the hole in ipfw_table_xentry structure. Kernel has been guessing address family for supplied record based on xent length size. Userland, however, has been getting fixed-size ipfw_table_xentry structures guessing address family by checking address by IN6_IS_ADDR_V4COMPAT().
Fix this behavior by providing specific IPFW_TCF_INET flag for IPv4 records.
PR: bin/189471,kern/200169
|
#
265700 |
|
08-May-2014 |
melifaro |
Merge r258708, r258711, r260247, r261117.
r258708: Check ipfw table numbers in both user and kernel space before rule addition. Found by: Saychik Pavel <umka@localka.net>
r258711: Simplify O_NAT opcode handling.
r260247: Use rnh_matchaddr instead of rnh_lookup for longest-prefix match. rnh_lookup is effectively the same as rnh_matchaddr if called with empy network mask.
r261117: Reorder struct ip_fw_chain: * move rarely-used fields down * move uh_lock to different cacheline * remove some usused fields
|
#
265693 |
|
08-May-2014 |
melifaro |
Merge r258677.
Fix key lookup in ipfw(8) broken since r232865. Print warning for IPv4 address strings which are valid in inet_aton() but not valid in inet_pton(). (1)
Found by: Özkan KIRIK <ozkan.kirik@gmail.com> Submitted by: Ian Smith <smithi@nimnet.asn.au> (1)
|
#
288134 |
|
22-Sep-2015 |
dim |
MFC r286702:
In ipfw2, avoid left-shifting negative integers, which is undefined. While here, make some other arguments to htonl(3) unsigned too.
|
#
287963 |
|
18-Sep-2015 |
melifaro |
MFC r266310
Fix wrong formatting of 0.0.0.0/X table records in ipfw(8).
Add `flags` u16 field to the hole in ipfw_table_xentry structure. Kernel has been guessing address family for supplied record based on xent length size. Userland, however, has been getting fixed-size ipfw_table_xentry structures guessing address family by checking address by IN6_IS_ADDR_V4COMPAT().
Fix this behavior by providing specific IPFW_TCF_INET flag for IPv4 records.
PR: bin/189471,kern/200169
|
#
265700 |
|
08-May-2014 |
melifaro |
Merge r258708, r258711, r260247, r261117.
r258708: Check ipfw table numbers in both user and kernel space before rule addition. Found by: Saychik Pavel <umka@localka.net>
r258711: Simplify O_NAT opcode handling.
r260247: Use rnh_matchaddr instead of rnh_lookup for longest-prefix match. rnh_lookup is effectively the same as rnh_matchaddr if called with empy network mask.
r261117: Reorder struct ip_fw_chain: * move rarely-used fields down * move uh_lock to different cacheline * remove some usused fields
|
#
265693 |
|
08-May-2014 |
melifaro |
Merge r258677.
Fix key lookup in ipfw(8) broken since r232865. Print warning for IPv4 address strings which are valid in inet_aton() but not valid in inet_pton(). (1)
Found by: Özkan KIRIK <ozkan.kirik@gmail.com> Submitted by: Ian Smith <smithi@nimnet.asn.au> (1)
|