This update of IPFilter and pfil corrects problems with compiling on Solaris 10 Update 3 (function prototypes changed due to the integration of Trusted Solaris.)
There are two bugs of significance fixed here - one dealing with fragments and the other recycling TCP connections in the state table. The rest is pretty much a non-event for most people. Darren MD5 (ip_fil4.1.20.tar.gz) = f611eb913c882b573faeeb0e9d135644 MD5 (patch-4.1.20.gz) = 8593bc2e8da59c66f95ee7f2016a5b12 MD5 (pfil-2.1.13.tar.gz) = 3cee72b153b716799ece7e4723cad317 4.1.20 - Released 30 April 2007 adjust TCP state numbers, making 11 closed (was 0) to better facilitate detecting closing connections that we can wipe out when a SYN arrives that matches the old make it compile on Solaris10 Update3 structures used for ipf command ioctls weren't being freed in timeout fashion on solairs use NL_EXPIRE, not ISL_EXPIRE, for expiring NAT sessions adjust TCP timeout values and introduce a time-wait specifc timeout to get a better TCP FSM emulation and one that can hopefully do a better job of cleaning up in a speedy fashion than previous refactor the automatic flushing of TCP state entries when we fill up, but use the same algorithm as before but now it hopefully works only 2 out of 4 interface names were being changed by ipfs when interface renaming was being used for state entries add ipf_proxy_debug to ipf -T matching of last fragments that had a number of bytes that wasn't a multiple of 8 failed some combinations of TCP flags are considered bad aren't picked up as such, but these may be possible with T/TCP 4.1.19 - Released 22 February 2007
