> anantha wrote: >> we are currently using 4.1.16 version of IPfilter. And we know that >> the latest version is 4.1.24 (correct me if i am wrong) .
4.1.26 http://coombs.anu.edu.au/~avalon/ Plus maybe a patch for Solaris 10 Update 4 .. I think. >> We would like know the >> list of difference in >> features between our version and the latest one.This would be really >> helpful for us to take a decision on our IPfilter upgrade. We tried to >> find it in several places >> and were unsuccessful. So can you pls help us by either giving us the >> difference or tell us from where we can find it. > > download the latest version and review the contents of the file "HISTORY". > I must say that while access to the source code is quite easy it would be "nice" if there was a little note right under that download link that had .. just a paragraph or two .. a few sentences even .. with most recent activity or some such. For example .. if we look at HISTORY : $ ls -lap HISTORY -rw-r--r-- 1 dclarke csw 67784 Sep 21 05:12 HISTORY The top few sentences say things like : 4.1.26 - Released 24 September 2007 Fix build problem for Solaris prior to S10U4 4.1.25 - Released 20 September 2007 stepping through structures with ioctls can lead to the wrong things being free'd and panics if a NAT entry (such as an rdr) is created but the packet ends up being blocked, tear down the NAT entry. fix fragment cache preventing keep state from functioning . . . just a few lines there from this release and maybe the previous one. Gives us unwashed masses an update of what is happening. I have to assume that the diff between 4.1.25 and 4.1.26 is this : $ ls -lap ip_fil4.1.25_solaris.patch -rw-r--r-- 1 dclarke csw 1402 Sep 23 16:56 ip_fil4.1.25_solaris.patch Index: ip_fil_solaris.c =================================================================== RCS file: /devel/CVS/IP-Filter/ip_fil_solaris.c,v retrieving revision 2.62.2.42 diff -c -r2.62.2.42 ip_fil_solaris.c *** ip_fil_solaris.c 21 Sep 2007 09:03:39 -0000 2.62.2.42 --- ip_fil_solaris.c 21 Sep 2007 18:13:15 -0000 *************** *** 495,501 **** #endif ip->ip_ttl = 63; #if !defined(_INET_IP_STACK_H) ! if (ip_mtudisc != NULL) && (*ip_mtudisc == 0)) #else if (!net_getpmtuenabled(ipfipv4)) #endif --- 495,501 ---- #endif ip->ip_ttl = 63; #if !defined(_INET_IP_STACK_H) ! if ((ip_mtudisc != NULL) && (*ip_mtudisc == 0)) #else if (!net_getpmtuenabled(ipfipv4)) #endif Index: solaris.c =================================================================== RCS file: /devel/CVS/IP-Filter/solaris.c,v retrieving revision 2.73.2.14 diff -c -r2.73.2.14 solaris.c *** solaris.c 16 Sep 2007 23:04:00 -0000 2.73.2.14 --- solaris.c 21 Sep 2007 18:13:43 -0000 *************** *** 670,675 **** --- 670,676 ---- } + #if defined(_INET_IP_STACK_H) static int ipf_hook(hook_event_token_t event, hook_data_t data, netstack_t *stp) { *************** *** 712,714 **** --- 713,716 ---- } return 0; } + #endif $ If I look in my source trees here I see this : $ find . -type f -name ip_fil_solaris.c -ls 1388 32 -rw-r--r-- 1 dclarke csw 32746 Sep 21 05:03 ./ip_fil4.1.25/ip_fil_solaris.c 2456 32 -rw-r--r-- 1 dclarke csw 32747 Sep 24 04:02 ./ip_fil4.1.26/ip_fil_solaris.c I see a one byte change in that file and diff tells me : $ diff ./ip_fil4.1.25/ip_fil_solaris.c ./ip_fil4.1.26/ip_fil_solaris.c 8c8 < static const char rcsid[] = "@(#)$Id: ip_fil_solaris.c,v 2.62.2.42 2007/09/21 09:03:39 darrenr Exp $"; --- > static const char rcsid[] = "@(#)$Id: ip_fil_solaris.c,v 2.62.2.43 2007/09/24 08:02:42 darrenr Exp $"; 498c498 < if (ip_mtudisc != NULL) && (*ip_mtudisc == 0)) --- > if ((ip_mtudisc != NULL) && (*ip_mtudisc == 0)) $ If I use sed/awk/grep and md5sum I find the diffs between these two trees to be : bash-3.2$ diff ip_fil4.1.25/SunOS5/pkginfo ip_fil4.1.26/SunOS5/pkginfo 8c8 < VERSION=4.1.25 --- > VERSION=4.1.26 bash-3.2$ diff ip_fil4.1.25/Linux/ipfilter.spec.dist ip_fil4.1.26/Linux/ipfilter.spec.dist 3c3 < Version: 4.1.25 --- > Version: 4.1.26 bash-3.2$ diff ip_fil4.1.25/ipl.h ip_fil4.1.26/ipl.h 7c7 < * $Id: ipl.h,v 2.52.2.27 2007/09/21 09:12:46 darrenr Exp $ --- > * $Id: ipl.h,v 2.52.2.28 2007/09/24 08:06:51 darrenr Exp $ 13c13 < #define IPL_VERSION "IP Filter: v4.1.25" --- > #define IPL_VERSION "IP Filter: v4.1.26" 15c15 < #define IPFILTER_VERSION 4012500 --- > #define IPFILTER_VERSION 4012600 bash-3.2$ diff ./ip_fil4.1.25/solaris.c ./ip_fil4.1.26/solaris.c 7c7 < #pragma ident "@(#)$Id: solaris.c,v 2.73.2.14 2007/09/16 23:04:00 darrenr Exp $" --- > #pragma ident "@(#)$Id: solaris.c,v 2.73.2.15 2007/09/24 08:02:42 darrenr Exp $" 672a673 > #if defined(_INET_IP_STACK_H) 714a716 > #endif .. and probably lots of others. So the patch from a few days ago that affected ip_fil_solaris.c doe not seem to be what is going on here and I'm confused. Can I offer a free SVN service to you Darren ? Something like this : http://svn.blastwave.org/trac/browser/csw/trunk/apps/mplayer/files/sparc-v8-novis.diff See how everything is neatly color coded and you can see any change made there ? That would be helpful to people and no big deal to get this into the svn repository. I know that ipfilter is hardly at all Solaris specific and Blastwave is all about open source software for Solaris. But, and I don't like starting sentences with "but", it would really be nice if we knew what was changing in the sources from release to release. Do you see where I am going here ? Dennis
