src-test2/lib/libalias, branch release/4.9.0

src-test2/lib/libalias, branch release/4.9.0_cvs FreeBSD source tree https://cgit-dev.freebsd.org/src-test2/atom?h=release%2F4.9.0_cvs 2003-10-27T07:57:33Z This commit was manufactured by cvs2svn to create tag 2003-10-27T07:57:33Z cvs2svn cvs2svn@FreeBSD.org 2003-10-27T07:57:33Z urn:sha1:90928716548537e93f54266e33cb4a3353fd3932 'RELENG_4_9_0_RELEASE'. This commit was manufactured to restore the state of the 4.9-RELEASE image. Releases prior to 5.3-RELEASE are omitting the secure/ and crypto/ subdirs. This commit was manufactured by cvs2svn to create branch 'RELENG_4_9'. 2003-10-22T20:36:28Z cvs2svn cvs2svn@FreeBSD.org 2003-10-22T20:36:28Z urn:sha1:fc871bad453b9a069f31c4931af59a89e7f8905e This commit was manufactured by cvs2svn to create branch 'RELENG_4'. 2003-10-01T12:32:43Z cvs2svn cvs2svn@FreeBSD.org 2003-10-01T12:32:43Z urn:sha1:6ed0f09c85e9b1afdcf748aa316736648871b8e4 MFC: If the natd(8) -proxy_only option is used, the -alias_address/-interface 2003-06-27T10:05:32Z Ruslan Ermilov ru@FreeBSD.org 2003-06-27T10:05:32Z urn:sha1:dbe4e38040e7c7dc7030634d49c7f279c2e6bb08 options are not required. MFC: 1.8: Handle snprintf() returning -1. 2003-06-27T09:20:54Z Ruslan Ermilov ru@FreeBSD.org 2003-06-27T09:20:54Z urn:sha1:c2dbf46544ef0611de689d302218a81d407585a2 MFC: Made the PacketAliasSetAddress() function call optional, 2003-06-27T09:15:16Z Ruslan Ermilov ru@FreeBSD.org 2003-06-27T09:15:16Z urn:sha1:165dc4e1a2b7f080251028100cf58ba440a83c7b added the new API function PacketAliasRedirectDynamic(). MFC: Fix for PR 24048 (first FTP command was ignored). 2003-06-27T09:06:34Z Ruslan Ermilov ru@FreeBSD.org 2003-06-27T09:06:34Z urn:sha1:a0d0704bcd6c63e90dbaff286740a0922b3aeb98 MFC: Whitespace and other non-functional changes for diff reduction. 2003-06-27T08:37:23Z Ruslan Ermilov ru@FreeBSD.org 2003-06-27T08:37:23Z urn:sha1:15a12b3a090afbc26652a0488ebe26ac5ad59c22 MFC: Don't forget to recalculate the IP checksum of the original 2002-07-25T12:31:37Z Ruslan Ermilov ru@FreeBSD.org 2002-07-25T12:31:37Z urn:sha1:fce4961c9c0fa5d2fbc6bc691120eeb5e93fec36 IP datagram embedded into ICMP error message. Bring ipfw2 into the -stable tree. This will give more people a 2002-07-24T03:21:24Z Luigi Rizzo luigi@FreeBSD.org 2002-07-24T03:21:24Z urn:sha1:489e451968935d9b0494271a82e41bef54210157 chance to test it, and hopefully accelerate the transition from the old to the new ipfw code. NOTE: THIS COMMIT WILL NOT CHANGE THE FIREWALL YOU USE, NOR A SINGLE BIT IN YOUR KERNEL AND BINARIES. YOU WILL KEEP USING YOUR OLD "ipfw" UNLESS YOU: + add "options IPFW2" (undocumented) to your kernel config file; + compile and install sbin/ipfw and lib/libalias with make -DIPFW2 in other words, you must really want it. On the other hand, i believe you do really want to use this new code. In addition to being twice as fast in processing individual rules, you can use more powerful match patterns such as ... ip from 1.2.3.0/24{50,6,27,158} to ... ... ip from { 1.2.3.4/26 or 5.6.7.8/22 } to ... ... ip from any 5-7,9-66,1020-3000,4000-5000 to ... i.e. match sparse sets of IP addresses in constant time; use "or" connectives between match patterns; have multiple port ranges; etc. which I believe will dramatically reduce your ruleset size. As an additional bonus, "keep-state" rules will now send keepalives when the rule is about to expire, so you will not have your remote login sessions die while you are idle. The syntax is backward compatible with the old ipfw. A manual page documenting the extensions has yet to be completed.