K 10
svn:author
V 3
ume
K 8
svn:date
V 27
2001-06-11T18:21:31.000000Z
K 7
svn:log
V 585
This is force commit to mention about previous commit.

- (possible) remote kernel panic fix - out of bounds access on
  ill-formed ipopt.
- strict boundary check on ipopt.
- make sure to enforce inbound IPsec policy on all final header.
- add missing ipcomp entry from ipprotosw.
- 127/8 must not appear on wire - RFC1122.
  this is rather important as we use weak host model, so outsider
  can abuse 127.0.0.1 from outside.
- introduce ipstat.ips_badaddr
- use ipsec_gethist() to prevent packet filters from looking at
  decapulated packets.
- remove duplicate 127.0.0.0/8 checking.

END