Re: IPFilter 4.1.16

- Compiles cleanly in FreeBSD 6.1-R

- Compilation fails when building under FreeBSD 4.11-R

[snip]
gcc -Wall -Wuninitialized -Wstrict-prototypes -O -Wmissing-prototypes -Wpoin
ter-arith -Wno-sign-compare -Wno-traditional -Werror -I. -g -I../.. -D_BSD_S
OURCE -DIPFILTER_LOG -DIPFILTER_LOOKUP -DIPFILTER_SCAN -DIPFILTER_SYNC
-DIPFILTER_CKSUM -D_RADIX_H_ -c ../../fil.c -o fil_u.o
In file included from ../../fil.c:89:
/usr/include/net/route.h:100: field `rt_nodes' has incomplete type
In file included from ../../fil.c:128:
.../../netinet/ip_pool.h:34: field `ipn_nodes' has incomplete type
.../../fil.c: In function `frpr_icmp6':
.../../fil.c:715: syntax error before `*'
.../../fil.c:744: `ip6' undeclared (first use in this function)
.../../fil.c:744: (Each undeclared identifier is reported only once
.../../fil.c:744: for each function it appears in.)
*** Error code 1

----- Original Message -----
From: "Darren Reed" <darrenr@reed.wattle.id.au>
To: <ipfilter@coombs.anu.edu.au>
Sent: Tuesday, December 19, 2006 10:10 AM
Subject: IPFilter 4.1.16


> Ok, now that I've got that state bug fixed, it seems like a good time
> to roll together a new patch release.
>
> I'm not sure what else to say at this point, besides the usual mumbo
> jumbo, except to say that I need to get to work and put this stuff up
> on sourceforge too...and to look out for another email later in the
> week with more interesting ipfilter developments...
>
> Oh, one other bug that got fixed here that others might have noticed
> (or might not have) is the first one listed - rules like this:
>
> rdr ab0 0/0 port 80 -> 127.0.0.1 port 12345 tcp
> rdr ab0 0/0 port 80 -> 127.0.0.1 port 12346 tcp
>
> would not have been allowed...now fixed :)
>
> Darren
>
> http://coombs.anu.edu.au/~avalon/ip_fil4.1.16.tar.gz
>
> 4.1.16 - Released 20 December 2006
>
> allow rdr rules to only differ on the new port number
>
> when creating state entry orphans, leave them on the linked list but not
> attached to the hash table and mark them visible as orphans in
"ipfstat -sl"
>
> log state removed when unloading differently to allow visible cues
>
> return ipf ticks via SIOCGETGS for /dev/ipnat so "ipnat -l" can display
ttl
>
> abort logging a packet if the mbuf pointer is null when ipflog is called
>
> Some NetBSD's have a selinfo.h instead of select.h
>
> SIOCIPFFL was using copyoutptr and should have been using bcopy for
/dev/ipauth
>
> listing accounting rules using ioctl interface wasn't possible
>
> fix leakage of state entries due to packets not matching up with NAT
>
> improve ICMP error packet matching with state/NAT
>
> fix problems with parsing and printing "-" as an interface name in
ipnat.conf
>
> 4.1.15 - Released 03 November 2006
>
> MD5 (ip_fil4.1.16.tar.gz) = b3f03da3973becba0ec9ef2a8882bffd
> MD5 (patch-4.1.16.gz) = e649cc0a54af6b23b6c2c9572ab99ec1
>
>