-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 For the first time in a long time, I need to bump the version number to deal with a security threat - that of sequential port number use by NATs (CERT VU#521769.) With reports of an exploit of the DNS bug circulating, it seems prudent to push ahead with getting the patches out now rather than wait until everyone can get in on the act (if you're using Solaris 10 and the Solaris IPFilter, I suggest you get on the horn and demand a bug fix as some would like you to wait another month or more, which I think is unacceptable.) Both FreeBSD and NetBSD have the head branch up to date and work is in progress to get the changes pulled up to the appropriate places.
For those that are wondering what 2022104 is about, what it means is that instead of putting "set ipf:foo=1234" in /etc/system, you can add "foo=1234" to /usr/kernel/drv/ipf.conf, i.e.: name="ipf" parent="pseudo" instance=0 fr_statesize=10101 fr_statemax=20202; Cheers, Darren http://coombs.anu.edu.au/~avalon/ip_fil4.1.30.tar.gz http://coombs.anu.edu.au/~avalon/patch-4.1.30.gz MD5 (ip_fil4.1.30.tar.gz) = f5dd1d6bc3c39ea16d9b34d17e2be8d2 MD5 (patch-4.1.30.gz) = 5ccbd8b367562646fea5c9b84860738c 4.1.30 - Release 24 July 2008 2022104 solaris's driver.conf cannot set timeout values 2020447 IPFilter's NAT can undo name server random port selection 1988795 NetBSD doesn't build with kernel malloc stats 1988782 fr_movequeue can take a short cut 1988669 first nat creation failure prevents further success 1988668 hostmap searching does not work properly * on some 64bit architectures (such as alpha), the addrfamily_t is packed ~ differently, throwing off the calculations for adf_len * one too many READ_ENTERs in ip_sync code. * clean up fr_fastroute a little by removing some #ifdefs and pushing the ~ code around a bit to use the same variables (NetBSD) * more recent NetBSDs use VOP related macros differently 4.1.29 - Release 14 April 2008 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkiIfw4ACgkQP7JIXtvLbFXxUACgsUw3KgXnA26O4Ezcc1h0+bb7 JBkAn2nOe1C1pNcEnmtOVHLv4XU14QZR =BXFP -----END PGP SIGNATURE-----
