Hi!

I have just upgraded IPFilter to the latest version (4.1.16) on
NetBSD -current. You must recompile kernel and the ipf tools to
use the new version:

(cd share/mk && make install)
(cd sys && make includes)
(cd usr.sbin/ipf && make dependall install)

cd sys/arch/`uname -p`/conf
config GENERIC
cd ../compile/GENERIC
make dependall install

After reboot you may want to check the version number and run the
regression tests:

ipf -V
(cd regress/sys/kern/ipf && make && make clean)

If you detect errors (or have improvements), please send a problem report
with the send-pr tool.


Changes since 4.1.22
====================

[note that most of these were already present as local changes in the
NetBSD source tree]

NAT was not always correctly fixing ICMP headers for errors

some TCP state steps when closing do not update timeouts, leading to
them being removed prematurely.

fix compilation problems for netbsd 4.99

protect enumeration of lists in the kernel from callout interrupts on
BSD without locking

fix various problems with IPv6 header checks: TCP/UDP checksum validation
was not being done, fragmentation header parsed dangerously and routing
header prevented others from being seen

fix gcc 4.2 compiler warnings

fix TCP/UDP checksum calculation for IPv6

fix reference after free'ing ipftoken memory