Another round of bug fixes. Nothing terribly exciting except for the changes to make things compile on Solaris 10 Update4 (or OpenSolaris.)
Soemthing that might be significant is the teardown of NAT entries if a packet is blocked. This is likely to impact rdr'd sessins more than map'd ones. The goal is to prevent NAT table entries from staying there if they will never allow any packets through. The source code can be downloaded at: http://coombs.anu.edu.au/~avalon/ip_fil4.1.25.tar.gz http://coombs.anu.edu.au/~avalon/patch-4.1.25.gz or via CVS from sourceforge. MD5 (ip_fil4.1.25.tar.gz) = ac6f0a322d8bafc9c9764a2afffbce94 MD5 (patch-4.1.25.gz) = f757cee2ccc22a4945588f75d93a101d Cheers, Darren 4.1.25 - Released 20 September 2007 stepping through structures with ioctls can lead to the wrong things being free'd and panics if a NAT entry (such as an rdr) is created but the packet ends up being blocked, tear down the NAT entry. fix fragment cache preventing keep state from functioning fix handling of \ to indicate a continued line in .conf files include port ranges in the allowed input for ipf when using "port = ()" only advance TCP state for packets on the leading edgeof the window. using ipnat -l can lead to memory corruption in high stress situations track TCP sequence numbers with NAT so that it can do timeout advances correctly inline with state ICMP checksums for some redirect'd packets are not adjusted correctly. IPv6 address components need to be explicitly cast to a 32bit pointer boundary so that compilers don't try to access them as two 64bit pieces (no guarantee is made that an Ipv6 address is on a 64bit aligned address) filling up the ipauth packet queue can lead to no more packets being processed. locking used to deref a nat entry causes a significant performance hit m_pulldown isn't properly handled, leading to possible panics with ICMPv6 packets IPv6 fragment handling doesn't allow for "keep frag" to work build on Solaris10 Update4 with pfhooks in the kernel logging of Ipv6 packets with extension headers fix - Miroslaw Luc 4.1.24 - Released 8 July 2007
