CVS commit: [netbsd-6] src

Fri, 23 Nov 2012 20:34:52 -0800 

Module Name:    src
Committed By:   riz
Date:           Sat Nov 24 04:34:44 UTC 2012

Modified Files:
        src/sys/net/npf [netbsd-6]: npf.c npf.h npf_ctl.c npf_impl.h
            npf_state_tcp.c npf_tableset.c
        src/usr.sbin/npf/npfctl [netbsd-6]: npf_disassemble.c npfctl.8 npfctl.c
            npfctl.h
        src/usr.sbin/npf/npftest/libnpftest [netbsd-6]: npf_table_test.c

Log Message:
Pull up following revision(s) (requested by rmind in ticket #702):
        sys/net/npf/npf_tableset.c: revision 1.15
        usr.sbin/npf/npfctl/npfctl.h: revision 1.21
        usr.sbin/npf/npftest/libnpftest/npf_table_test.c: revision 1.6
        usr.sbin/npf/npfctl/npf_disassemble.c: revision 1.10
        sys/net/npf/npf_state_tcp.c: revision 1.11
        sys/net/npf/npf_impl.h: revision 1.24
        sys/net/npf/npf.h: revision 1.22
        sys/net/npf/npf_ctl.c: revision 1.19
        sys/net/npf/npf.c: revision 1.14
        usr.sbin/npf/npfctl/npfctl.8: revision 1.10
        usr.sbin/npf/npfctl/npfctl.c: revision 1.21
npf_tcp_inwindow: inspect the sequence numbers even if the packet contains no
data, fixing up only the RST to the initial SYN.  This makes off-path attacks
more difficult.  For the reference, see "Reflection Scan: an Off-Path 
Attack
on TCP" by Jan Wrobel.
Implement NPF table listing and preservation of entries on reload.
Bump the version.
npfctl(8): mention table listing.


To generate a diff of this commit:
cvs rdiff -u -r1.7.2.5 -r1.7.2.6 src/sys/net/npf/npf.c
cvs rdiff -u -r1.14.2.7 -r1.14.2.8 src/sys/net/npf/npf.h
cvs rdiff -u -r1.12.2.5 -r1.12.2.6 src/sys/net/npf/npf_ctl.c
cvs rdiff -u -r1.10.2.9 -r1.10.2.10 src/sys/net/npf/npf_impl.h
cvs rdiff -u -r1.3.2.5 -r1.3.2.6 src/sys/net/npf/npf_state_tcp.c
cvs rdiff -u -r1.9.2.5 -r1.9.2.6 src/sys/net/npf/npf_tableset.c
cvs rdiff -u -r1.3.2.7 -r1.3.2.8 src/usr.sbin/npf/npfctl/npf_disassemble.c
cvs rdiff -u -r1.6.6.2 -r1.6.6.3 src/usr.sbin/npf/npfctl/npfctl.8
cvs rdiff -u -r1.10.2.7 -r1.10.2.8 src/usr.sbin/npf/npfctl/npfctl.c
cvs rdiff -u -r1.11.2.7 -r1.11.2.8 src/usr.sbin/npf/npfctl/npfctl.h
cvs rdiff -u -r1.2.2.6 -r1.2.2.7 \
    src/usr.sbin/npf/npftest/libnpftest/npf_table_test.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Reply via email to