| History log of /src/sys/external/bsd/ipf/netinet/ip_nat.c |
| Revision | | Date | Author | Comments |
| 1.27 |
| 08-Sep-2024 |
rillig | fix a/an grammar in obvious cases
|
| 1.26 |
| 02-Feb-2022 |
msaitoh | s/Incluse/Include/
|
| 1.25 |
| 21-Sep-2021 |
christos | don't opencode kauth_cred_get()
|
| 1.24 |
| 26-May-2021 |
christos | Fix ip_nat memory leak and use-after-free, wrong element freed (Cy Schubert)
https://cgit.freebsd.org/src/commit/?id=323a4e2c4e285e6f8eee8db3fe2cb74
|
| 1.23 |
| 01-Aug-2020 |
maxv | branches: 1.23.6; 1.23.8;
Remove #ifdef BRIDGE_IPF, compile in the code by default. Sent to
tech-net@.
|
| 1.22 |
| 24-Jun-2020 |
jdolecek | reduce stack usage in ipf_nat_ioctl()
also, in SIOCADNAT, make sure to not leak kernel data
|
| 1.21 |
| 04-Feb-2019 |
mrg | add fallthru comments.
|
| 1.20 |
| 03-Jun-2018 |
maxv | branches: 1.20.2;
Constify a bunch of global varialbes under ipf/ so that they land in
.rodata (3472 bytes).
Also, remove ipf_tuneables[], unused.
|
| 1.19 |
| 03-May-2018 |
maxv | Remove now unused tcpip.h includes. Some were already unused before.
|
| 1.18 |
| 01-Jul-2017 |
khorben | branches: 1.18.4;
Typo
|
| 1.17 |
| 04-Oct-2016 |
sborrill | Fix lookup of original destination address when using a redirect rule.
This is required for transparent proxying by squid, for example.
|
| 1.16 |
| 17-Mar-2016 |
khorben | branches: 1.16.2;
Fix matching of ICMP queries when NAT'd through IPF
This notably fixes MTU updates for hosts issueing ICMP queries through a
NAT performed by NetBSD with IPF.
|
| 1.15 |
| 06-Oct-2015 |
prlw1 | Update comments to match previous change (avoid panic in SIOCGNATL)
|
| 1.14 |
| 07-Aug-2015 |
prlw1 | Avoid panic in SIOCGNATL dereferencing a NULL softc.
Solution suggestion from Martin Husemann.
|
| 1.13 |
| 12-Jul-2014 |
darrenr | branches: 1.13.2; 1.13.4;
PR kern/47665
For ICMP packets, use the "oicmpid" and "nicmpid" fields explicitly rather
than overloading those with "port" in them and expecting them to work.
|
| 1.12 |
| 28-Jun-2014 |
darrenr | #537 NAT rules with sticky have incorrect hostmap IP address
|
| 1.11 |
| 27-Feb-2014 |
joerg | branches: 1.11.2;
Checking the return value of an allocator works better, when looking at
the stored pointer.
|
| 1.10 |
| 14-Sep-2013 |
martin | Remove unused variables
|
| 1.9 |
| 09-Jan-2013 |
christos | branches: 1.9.2;
Back out my last change, which was a partial fix for hash code computation problems.
Apply Darren's more complete reworking of hash code computation.
Ensure that the struct containing the red-black tree head is properly initialized.
From Geoff Adams
|
| 1.8 |
| 05-Jan-2013 |
christos | Fix bucket and chain counts on nat lists from Geoff Adams:
The problem was that ipf_nat_delete wasn't swapping inbound and
outbound hash codes for inbound NAT entries, so it was essentially
always looking in the wrong buckets in those cases. But because of
the way the linked list works, I don't think any NAT entries were
actually leaked. But since all the bucket counters and chain count
were getting messed up, things did start to go bad after a while.
(New NAT entries wouldn't be created, for instance.)
The fix is in the ipf_nat_delete function, itself; the other changes
are a slight refactoring of one method and adding some comments
that helped me figure out how the linked list with pointer-back-pointers
worked.
Also note that I haven't looked through the logic in ipf_nat_rehash;
it's likely that that might miss some things for the same reason.
I also haven't yet looked into the ipf_nat_newrdr problem with mappings
already existing. That'll be next.
|
| 1.7 |
| 20-Dec-2012 |
christos | - Replace the seemingly broken built-in ipf rbtree implementation with ours.
- Fix typos in comments
- Fix 2 mutex errors
From Geoff Adams
|
| 1.6 |
| 30-Jul-2012 |
pgoyette | branches: 1.6.2;
Make ipf compile even without INET6 support.
Changes have been fed upstream (to darrenr@)
|
| 1.5 |
| 22-Jul-2012 |
darrenr | ansify new function definition
|
| 1.4 |
| 22-Jul-2012 |
darrenr | ansify new function definition
|
| 1.3 |
| 22-Jul-2012 |
darrenr | Merge IPFilter 5.1.2 into HEAD
|
| 1.2 |
| 23-Mar-2012 |
christos | branches: 1.2.2; 1.2.4;
apply our changes.
- prototypes
- ip_h323_pxy.c is missing from the distribution
- original tar distribution is missing <$>Id values in most files
|
| 1.1 |
| 23-Mar-2012 |
christos | branches: 1.1.1;
Initial revision
|
| 1.1.1.2 |
| 22-Jul-2012 |
darrenr | Import IPFilter 5.1.2
|
| 1.1.1.1 |
| 23-Mar-2012 |
christos | import kernel portion of ipfilter 5.1.1
|
| 1.2.4.5 |
| 22-May-2014 |
yamt | sync with head.
for a reference, the tree before this commit was tagged
as yamt-pagecache-tag8.
this commit was splitted into small chunks to avoid
a limitation of cvs. ("Protocol error: too many arguments")
|
| 1.2.4.4 |
| 23-Jan-2013 |
yamt | sync with head
|
| 1.2.4.3 |
| 30-Oct-2012 |
yamt | sync with head
|
| 1.2.4.2 |
| 17-Apr-2012 |
yamt | sync with head
|
| 1.2.4.1 |
| 23-Mar-2012 |
yamt | file ip_nat.c was added on branch yamt-pagecache on 2012-04-17 00:08:16 +0000
|
| 1.2.2.2 |
| 17-Apr-2012 |
joerg | Re-add new ipf on the jmcneill-usbmp branch.
|
| 1.2.2.1 |
| 23-Mar-2012 |
joerg | file ip_nat.c was added on branch jmcneill-usbmp on 2012-04-17 19:25:20 +0000
|
| 1.6.2.3 |
| 03-Dec-2017 |
jdolecek | update from HEAD
|
| 1.6.2.2 |
| 20-Aug-2014 |
tls | Rebase to HEAD as of a few days ago.
|
| 1.6.2.1 |
| 25-Feb-2013 |
tls | resync with head
|
| 1.9.2.1 |
| 18-May-2014 |
rmind | sync with head
|
| 1.11.2.1 |
| 10-Aug-2014 |
tls | Rebase.
|
| 1.13.4.5 |
| 28-Aug-2017 |
skrll | Sync with HEAD
|
| 1.13.4.4 |
| 05-Dec-2016 |
skrll | Sync with HEAD
|
| 1.13.4.3 |
| 19-Mar-2016 |
skrll | Sync with HEAD
|
| 1.13.4.2 |
| 27-Dec-2015 |
skrll | Sync with HEAD (as of 26th Dec)
|
| 1.13.4.1 |
| 22-Sep-2015 |
skrll | Sync with HEAD
|
| 1.13.2.3 |
| 24-Dec-2016 |
snj | Pull up following revision(s) (requested by sborrill in ticket #1261):
sys/external/bsd/ipf/netinet/ip_nat.c: revision 1.17
sys/external/bsd/ipf/netinet/ip_nat6.c: revision 1.10
Fix lookup of original destination address when using a redirect rule.
This is required for transparent proxying by squid, for example.
|
| 1.13.2.2 |
| 29-Apr-2016 |
snj | branches: 1.13.2.2.2;
Pull up following revision(s) (requested by khorben in ticket #1148):
sys/external/bsd/ipf/netinet/ip_nat.c: revision 1.16
Fix matching of ICMP queries when NAT'd through IPF
This notably fixes MTU updates for hosts issueing ICMP queries through a
NAT performed by NetBSD with IPF.
|
| 1.13.2.1 |
| 08-Aug-2015 |
martin | Pull up following revision(s) (requested by prlw1 in ticket #939):
sys/external/bsd/ipf/netinet/ip_nat.h: revision 1.7
sys/external/bsd/ipf/netinet/ip_nat.c: revision 1.14
sys/external/bsd/ipf/netinet/ip_nat6.c: revision 1.8
Avoid panic in SIOCGNATL dereferencing a NULL softc.
Solution suggestion from Martin Husemann.
|
| 1.13.2.2.2.1 |
| 18-Jan-2017 |
skrll | Sync with netbsd-5
|
| 1.16.2.1 |
| 04-Nov-2016 |
pgoyette | Sync with HEAD
|
| 1.18.4.2 |
| 25-Jun-2018 |
pgoyette | Sync with HEAD
|
| 1.18.4.1 |
| 21-May-2018 |
pgoyette | Sync with HEAD
|
| 1.20.2.1 |
| 10-Jun-2019 |
christos | Sync with HEAD
|
| 1.23.8.1 |
| 31-May-2021 |
cjep | sync with head
|
| 1.23.6.1 |
| 17-Jun-2021 |
thorpej | Sync w/ HEAD.
|
