Cross Reference: /external/iptables/include/linux/

History log of /external/iptables/include/linux/
Revision	Date	Author	Comments (<<< Hide modified files) (Show modified files >>>)
e07e0d31f48d951e0f03ba254d4754810732c241	30-Mar-2012	Ashish Sharma <ashishsharma@google.com>	Modify iptables to talk to xt_IDLETIMER version 1. Change-Id: Ib144c5289681cdff21b21be74173164d097710e7 etfilter/xt_IDLETIMER.h
5caed2aebebf7c72dfa982f247ac35ec67a1b852	21-Jun-2011	JP Abgrall <jpa@google.com>	Adding the original quota2 from xtables-addons The original xt_quota in the kernel is plain broken: - counts quota at a per CPU level (was written back when ubiquitous SMP was just a dream) - provides no way to count across IPV4/IPV6. This patch is the original unaltered code from: http://sourceforge.net/projects/xtables-addons at commit e84391ce665cef046967f796dd91026851d6bbf3 Change-Id: Ia8b21394ea79ef55514748e96f769e40355a6ccf Signed-off-by: JP Abgrall <jpa@google.com> etfilter/xt_quota2.h
e39f367d905670e39e6f08d2b73c715a6d0b4bfb	17-Apr-2011	Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>	SET target revision 2 added The new revision of the SET target supports the following new operations - specifying the timeout value of the entry to be added - flag to instruct the kernel that if the entry already exists then reset the timeout value to the specified one (or to the default from the set definition) etfilter/xt_set.h
9ee2a9fe2f74b616da34878104bd1ff406534ad1	03-Feb-2011	Patrick McHardy <kaber@trash.net>	extensions: add extension for devgroup match Signed-off-by: Patrick McHardy <kaber@trash.net> etfilter/xt_devgroup.h
f46f8c1c5b6d9f5685b9d945e95647eaf6c2d35b	20-Jan-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_connlimit: remove duplicate member that caused size change Signed-off-by: Jan Engelhardt <jengelh@medozas.de> etfilter/xt_connlimit.h
c8f28cc8b84133f20421470e9a61a5a0c78b9c4a	20-Jan-2011	Patrick McHardy <kaber@trash.net>	extensions: libxt_conntrack: add support for specifying port ranges Add support for revision 3 of the conntrack match, which allows to specify port ranges for origsrc/origdst/replsrc/repldst. Signed-off-by: Patrick McHardy <kaber@trash.net> etfilter/xt_conntrack.h
6924b4987d88fbe383bec4da4cf331cc466c245e	20-Jan-2011	Florian Westphal <fw@strlen.de>	extensions: libxt_NFQUEUE: add v2 revision with --queue-bypass option --queue-bypass: if no userpace program is listening on the queue, then allow packets to continue through the ruleset instead of dropping them. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Patrick McHardy <kaber@trash.net> etfilter/xt_NFQUEUE.h
773438bd93851dc1a9129a638925c04868820297	20-Jan-2011	Thomas Graf <tgraf@redhat.com>	libxt_AUDIT: add AUDIT target libxt module for the AUDIT target. -j AUDIT --type (accept\|reject\|drop) Signed-off-by: Thomas Graf <tgraf@redhat.com> Signed-off-by: Patrick McHardy <kaber@trash.net> etfilter/xt_AUDIT.h
5da9e63f66ca190cb90193ebb9eebf5aa523b4d1	19-Jan-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_connlimit: support for dstaddr-supporting revision 1 Signed-off-by: Jan Engelhardt <jengelh@medozas.de> etfilter/xt_connlimit.h
4a1d810bb52aa5d5c450f7adcde5145d40261b54	26-Dec-2010	Jan Engelhardt <jengelh@medozas.de>	xt_comment: remove redundant cast etfilter/xt_comment.h
b4af04be14560b3fcc6cf23200148d408014a2f5	03-Dec-2010	Jan Engelhardt <jengelh@medozas.de>	include: update files with headers from Linux 2.6.37-rc1 Also includes the type change to __u{8,16,32} kernel types already. etfilter/xt_CHECKSUM.h etfilter/xt_CT.h etfilter/xt_IDLETIMER.h etfilter/xt_SECMARK.h etfilter/xt_TCPOPTSTRIP.h etfilter/xt_TPROXY.h etfilter/xt_cluster.h etfilter/xt_connlimit.h etfilter/xt_ipvs.h etfilter/xt_physdev.h etfilter/xt_policy.h etfilter/xt_quota.h etfilter/xt_sctp.h etfilter/xt_socket.h etfilter/xt_time.h etfilter/xt_u32.h
422342e47c18e70757231f2210b13df8e1f5931c	02-Aug-2010	Changli Gao <xiaosuo@gmail.com>	libxt_quota: don't ignore the quota value on deletion Don't ignore the quota value on deletion, then we can remove a special rule everytime. Signed-off-by: Changli Gao <xiaosuo@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net> etfilter/xt_quota.h
2d59208943a3a2a6e0e30b6c84bb8ae80d444cd3	23-Jul-2010	Eric Dumazet <eric.dumazet@gmail.com>	extension: add xt_cpu match Kernel 2.6.36 supports xt_cpu match In some situations a CPU match permits a better spreading of connections, or select targets only for a given cpu. With Remote Packet Steering or multiqueue NIC and appropriate IRQ affinities, we can distribute trafic on available cpus, per session. (all RX packets for a given flow are handled by a given cpu) Some legacy applications being not SMP friendly, one way to scale a server is to run multiple copies of them. Instead of randomly choosing an instance, we can use the cpu number as a key so that softirq handler for a whole instance is running on a single cpu, maximizing cache effects in TCP/UDP stacks. Using NAT for example, a four ways machine might run four copies of server application, using a separate listening port for each instance, but still presenting an unique external port : iptables -t nat -A PREROUTING -p tcp --dport 80 -m cpu --cpu 0 \ -j REDIRECT --to-port 8080 iptables -t nat -A PREROUTING -p tcp --dport 80 -m cpu --cpu 1 \ -j REDIRECT --to-port 8081 iptables -t nat -A PREROUTING -p tcp --dport 80 -m cpu --cpu 2 \ -j REDIRECT --to-port 8082 iptables -t nat -A PREROUTING -p tcp --dport 80 -m cpu --cpu 3 \ -j REDIRECT --to-port 8083 Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net> etfilter/xt_cpu.h
c36d05e42406966440e3644110d3d2504c4b165c	23-Jul-2010	Hannes Eder <heder@google.com>	libxt_ipvs: user-space lib for netfilter matcher xt_ipvs The user-space library for the netfilter matcher xt_ipvs. [ trivial up-port by Simon Horman <horms@verge.net.au> ] Signed-off-by: Hannes Eder <heder@google.com> Acked-by: Simon Horman <horms@verge.net.au> Signed-off-by: Patrick McHardy <kaber@trash.net> etfilter/xt_ipvs.h
b14f160c11196aeb99000611207bd353c7ae2cb9	15-Jul-2010	Patrick McHardy <kaber@trash.net>	Merge branch 'master' into iptables-next
0bcda81f5f6d121084131fb944e2940f614cc98c	15-Jul-2010	Patrick McHardy <kaber@trash.net>	extensions: fix compilation of the new CHECKSUM target Add missing header file. Signed-off-by: Patrick McHardy <kaber@trash.net> etfilter/xt_CHECKSUM.h
127647892c7cac85baf8da62ed21232baa60f1c9	28-Jun-2010	Patrick McHardy <kaber@trash.net>	extensions: libipt_LOG/libip6t_LOG: support macdecode option Signed-off-by: Patrick McHardy <kaber@trash.net> etfilter_ipv4/ipt_LOG.h etfilter_ipv6/ip6t_LOG.h
78514bc3a9b1b724c9fc904941c5854644865673	25-Jun-2010	Patrick McHardy <kaber@trash.net>	Merge branch 'master' of vishnu.netfilter.org:/data/git/iptables
d40f1628c3717daebc437a398a285e371b5b6f7f	16-Jun-2010	Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>	libxt_set: new revision added libipt_set renamed to libxt_set and the support for the forthcoming ipset release added. I have tested backward (IPv4) and forward compatibility (IPv4/IPv6): ipset -N test iphash ipset -A test test-address iptables -N test-set iptables -A test-set -j LOG --log-prefix "match " iptables -A test-set -j DROP iptables -A OUTPUT -m set --match-set test dst -j test-set ping test-address etfilter/xt_set.h etfilter_ipv4/ip_set.h etfilter_ipv4/ipt_set.h
d96993e50b44b358ea5bd15f3944674eafd62542	15-Jun-2010	Luciano Coelho <luciano.coelho@nokia.com>	extensions: add idletimer xt target extension Add the extension plugin for the IDLETIMER x_tables target. Signed-off-by: Luciano Coelho <luciano.coelho@nokia.com> Signed-off-by: Patrick McHardy <kaber@trash.net> etfilter/xt_IDLETIMER.h
491c1660fced08e2d1a08c101c63af04250275d0	07-Jun-2010	Jan Engelhardt <jengelh@medozas.de>	includes: sync header files from Linux 2.6.35-rc1 Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ernel.h etfilter/x_tables.h etfilter/xt_CONNMARK.h etfilter/xt_MARK.h etfilter/xt_TEE.h etfilter/xt_connmark.h etfilter/xt_mark.h etfilter/xt_recent.h etfilter_ipv6.h
8532c70fd182057b440b41f013d8021a95bd72b2	21-May-2010	Patrick McHardy <kaber@trash.net>	Revert "Revert "Merge branch 'iptables-next'"" This reverts commit 110c1e4502e21ea38e0980e6f8af857d24330099. Revert the revert to restore the TEE target. etfilter/xt_TEE.h
110c1e4502e21ea38e0980e6f8af857d24330099	21-May-2010	Patrick McHardy <kaber@trash.net>	Revert "Merge branch 'iptables-next'" This reverts commit 65414babaebcd403e9bf2c27d9d74adb369bf3aa, reversing changes made to 7278461dfad72e2008585dd0bac0e889e5bba99e. Forgot to commit the version increase. etfilter/xt_TEE.h
c303bb0594fae1c4fd1097b2ce0814c5ffd0edc7	19-Apr-2010	Jan Engelhardt <jengelh@medozas.de>	extensions: add support for xt_TEE xt_TEE is firstly included in Linux 2.6.35. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> etfilter/xt_TEE.h
9fdbaa71452edaac9d5906716c15937f670341fa	08-Mar-2010	Patrick McHardy <kaber@trash.net>	extensions: add CT extension Signed-off-by: Patrick McHardy <kaber@trash.net> etfilter/nf_conntrack_common.h etfilter/xt_CT.h
350661a6eb089f3e54e67e022db9e16ea280499f	31-Jan-2010	Jan Engelhardt <jengelh@medozas.de>	includes: header updates Update the shipped Linux kernel headers from 2.6.33-rc6, as iptables's ipt_ECN.h for example references ipt_DSCP.h, which no longer exists. Since a number of old code pieces have been removed in the kernel in that fashion, the structs for older versions are moved into the .c file, to keep header updating simple. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> etfilter.h etfilter/nf_conntrack_common.h etfilter/x_tables.h etfilter/xt_CLASSIFY.h etfilter/xt_CONNMARK.h etfilter/xt_CONNSECMARK.h etfilter/xt_DSCP.h etfilter/xt_LED.h etfilter/xt_MARK.h etfilter/xt_NFLOG.h etfilter/xt_NFQUEUE.h etfilter/xt_RATEEST.h etfilter/xt_SECMARK.h etfilter/xt_TCPMSS.h etfilter/xt_connbytes.h etfilter/xt_connmark.h etfilter/xt_conntrack.h etfilter/xt_dccp.h etfilter/xt_dscp.h etfilter/xt_esp.h etfilter/xt_hashlimit.h etfilter/xt_iprange.h etfilter/xt_length.h etfilter/xt_limit.h etfilter/xt_mark.h etfilter/xt_multiport.h etfilter/xt_owner.h etfilter/xt_physdev.h etfilter/xt_policy.h etfilter/xt_quota.h etfilter/xt_rateest.h etfilter/xt_realm.h etfilter/xt_recent.h etfilter/xt_sctp.h etfilter/xt_state.h etfilter/xt_statistic.h etfilter/xt_string.h etfilter/xt_tcpmss.h etfilter/xt_tcpudp.h etfilter_ipv4.h etfilter_ipv4/ip_tables.h etfilter_ipv4/ipt_ECN.h etfilter_ipv4/ipt_SAME.h etfilter_ipv4/ipt_TOS.h etfilter_ipv4/ipt_ah.h etfilter_ipv4/ipt_ecn.h etfilter_ipv4/ipt_iprange.h etfilter_ipv4/ipt_owner.h etfilter_ipv4/ipt_policy.h etfilter_ipv4/ipt_tos.h etfilter_ipv6.h etfilter_ipv6/ip6_tables.h etfilter_ipv6/ip6t_ah.h etfilter_ipv6/ip6t_frag.h etfilter_ipv6/ip6t_ipv6header.h etfilter_ipv6/ip6t_mh.h etfilter_ipv6/ip6t_opts.h etfilter_ipv6/ip6t_owner.h etfilter_ipv6/ip6t_policy.h etfilter_ipv6/ip6t_rt.h ypes.h
588b615bc78ddef3752f356d1e243129c4dbba96	12-Nov-2009	Patrick McHardy <kaber@trash.net>	extensions: add osf extension From Evgeniy Polyakov <zbr@ioremap.net> Signed-off-by: Patrick McHardy <kaber@trash.net> etfilter/xt_osf.h
4282d89a798adcf50973a22c5a17563b5e9421cb	20-Aug-2009	Florian Westphal <fwestphal@astaro.com>	libxt_NFQUEUE: add new v1 version with queue-balance option New version that adds support for specifying a queue range instead of a single queue id. The kernel will distribute flows across the given queue range. This is useful for multicore systems, simply start multiple instances of the userspace program on queues x, x+1, .. x+n and use "--queue-balance x:x+n". Packets belonging to the same connection are put into the same queue. With fixes from Jan Engelhardt. Signed-off-by: Florian Westphal <fwestphal@astaro.com> Signed-off-by: Patrick McHardy <kaber@trash.net> etfilter/xt_NFQUEUE.h
b97b42147ea65d7d24d70a2ffe925dbf091f26bc	25-Jun-2009	Jan Engelhardt <jengelh@medozas.de>	xt_conntrack: revision 2 for enlarged state_mask member This complements the xt_conntrack revision 2 code added to the kenrel. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> etfilter/xt_conntrack.h
cd958a6c92c84095a439780b53832bb3aae2d512	06-May-2009	Pablo Neira Ayuso <pablo@netfilter.org>	extensions: add `cluster' match support This patch adds support for the cluster match to iptables. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> etfilter/xt_cluster.h
978e27e8f8c2e49d0528c6c4ae3a56627fbe8492	21-Feb-2009	Jan Engelhardt <jengelh@medozas.de>	include: resynchronize headers with 2.6.29-rc5 Signed-off-by: Jan Engelhardt <jengelh@medozas.de> etfilter/nf_conntrack_common.h etfilter/nf_conntrack_tuple.h etfilter/nf_nat.h etfilter/xt_NFLOG.h etfilter/xt_connlimit.h etfilter/xt_conntrack.h etfilter/xt_quota.h etfilter/xt_sctp.h etfilter/xt_string.h etfilter_ipv4/ip_tables.h etfilter_ipv4/ipt_SAME.h etfilter_ipv6/ip6_tables.h etfilter_ipv6/ip6t_TCPMSS.h ypes.h
9cfc59f71f83ee97c4513fd340acf1e45073562b	09-Feb-2009	Eric Leblond <eric@inl.fr>	xt_NFLOG: Set default NFLOG qthreshold to 0 By setting default NFLOG qthreshold to 0, userspace does not overwrite the per-instance value. Signed-off-by: Patrick McHardy <kaber@trash.net> etfilter/xt_NFLOG.h
b8e74adfa512c220839dea399fc11197dd9b43ff	07-Dec-2008	Jan Engelhardt <jengelh@medozas.de>	src: remove unused include files No .c files include any of these - in fact they seem to be remnants missed during commit b1f568309a09e61f892dee3c23279cecff0b0ff4 - so remove them. Signed-off-by: Patrick McHardy <kaber@trash.net> etfilter_ipv4/ipt_DSCP.h etfilter_ipv4/ipt_FTOS.h etfilter_ipv4/ipt_connlimit.h etfilter_ipv4/ipt_dscp.h etfilter_ipv4/ipt_dstlimit.h etfilter_ipv4/ipt_rpc.h
03d99486d8283552705b58dc55b6085dffc38792	18-Nov-2008	Jan Engelhardt <jengelh@medozas.de>	src: use NFPROTO_ constants Resync netfilter.h from the latest kernel and make use of the new NFPROTO_ constants that have been introduced. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net> etfilter.h
af1660fe0e88cd9f1c770864e1c643718cb2cc62	22-Oct-2008	Jan Engelhardt <jengelh@medozas.de>	Move libipt_recent to libxt_recent Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net> etfilter/xt_recent.h etfilter_ipv4/ipt_recent.h
92b54aa2b436387f85783d3f420ccaa12fdaf891	15-Oct-2008	KOVACS Krisztian <hidden@sch.bme.hu>	Add iptables support for the TPROXY target Signed-off-by: KOVACS Krisztian <hidden@sch.bme.hu> Signed-off-by: Patrick McHardy <kaber@trash.net> etfilter/xt_TPROXY.h
78d2d14211466f1986882ba6bdf82e6429ce78dc	07-Jul-2008	Joonwoo Park <joonwpark81@gmail.com>	xt_string: string extension case insensitive matching The string extension can search patterns case insensitively with --icase option. A new revision 1 was added, in the meantime invert of xt_string_info was moved into flags as a flag. Signed-off-by: Joonwoo Park <joonwpark81@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net> etfilter/xt_string.h
4dfd25a405199c03fc694b9a43efdae6a91d8ae8	06-Jun-2008	Laszlo Attila Toth <panther@balabit.hu>	addrtype match: added revision 1 In revision 1 address type checking can be limited to either the incoming or outgoing interface depending on the current chain. In the FORWARD chain only one of them is allowed at the same time. Signed-off-by: Laszlo Attila Toth <panther@balabit.hu> Signed-off-by: Patrick McHardy <kaber@trash.net> etfilter_ipv4/ipt_addrtype.h
e0bba47e550420e371c97425cc6d39909a6e059b	05-Jun-2008	Patrick McHardy <kaber@trash.net>	Resync header files with kernel Resync headers and add types.h file for endian annotated types, which are not available with old headers. etfilter.h etfilter/nf_conntrack_common.h etfilter/xt_RATEEST.h etfilter/xt_conntrack.h etfilter/xt_limit.h etfilter/xt_physdev.h etfilter/xt_policy.h etfilter/xt_rateest.h etfilter/xt_realm.h etfilter/xt_statistic.h etfilter/xt_string.h etfilter_ipv4.h etfilter_ipv4/ipt_CLUSTERIP.h etfilter_ipv4/ipt_ECN.h etfilter_ipv4/ipt_TTL.h etfilter_ipv4/ipt_ecn.h etfilter_ipv4/ipt_policy.h etfilter_ipv4/ipt_realm.h etfilter_ipv6.h etfilter_ipv6/ip6t_policy.h ypes.h
510aef98a56cdbfdb147f78b05d7554bb91770a9	02-Jun-2008	Patrick McHardy <kaber@trash.net>	manpages: consistent syntax In the manpages, bold is used to denote characters the user has to enter verbatim, italic denotes placeholders and non-highlighted pieces are used as a structure: "[]" specifying an optional part, "{}" a mandatory part, with "\|" used for alternations. The "!" for negation is better supported before the option than after it, too. The patch makes a few files consistent with this style already used in manpages. etfilter.h
ed342edd98456bd4f23d230481854be160fad1dc	13-Feb-2008	Jan Engelhardt <jengelh@medozas.de>	Remove support for compilation of conditional extensions etfilter_ipv4/ip_set.h etfilter_ipv4/ipt_set.h
ca7cd666949b68bf41a32de38ee38e332e89863b	11-Feb-2008	Jan Engelhardt <jengelh@medozas.de>	Add all necessary header files - compilation fix for various cases Allow iptables to compile without a kernel source tree. This implies fixing build for older kernels, such as 2.6.17 which lack xt_SECMARK.h. etfilter.h etfilter/x_tables.h etfilter/xt_SECMARK.h etfilter_ipv4/ip_tables.h etfilter_ipv4/ipt_DSCP.h etfilter_ipv4/ipt_LOG.h etfilter_ipv4/ipt_REJECT.h etfilter_ipv4/ipt_TOS.h etfilter_ipv4/ipt_dscp.h etfilter_ipv4/ipt_owner.h etfilter_ipv4/ipt_tos.h etfilter_ipv6/ip6_tables.h etfilter_ipv6/ip6t_LOG.h
9a8c77fc8df3155747c34dcea79b7834a2a9a40a	11-Feb-2008	Jan Engelhardt <jengelh@medozas.de>	Add support for xt_hashlimit match revision 1 etfilter/xt_hashlimit.h
dbb77543ad6afe29e9a1881b2d4fc212de621a55	11-Feb-2008	Jan Engelhardt <jengelh@medozas.de>	Fix -Wshadow warnings and clean up xt_sctp.h Note: xt_sctp.h is still not merged upstream in the kernel as of this commit. But a refactoring was really needed. etfilter/xt_sctp.h
e75a227c1ba6ddaceb63969eb4df27dbd98a3dfc	22-Feb-2008	Patrick McHardy <kaber@trash.net>	Remove compiler.h inclusions. etfilter.h etfilter_ipv4/ip_tables.h etfilter_ipv6/ip6_tables.h
f2565b7a45c51d318706ffd0e372ba4e23cd2d32	29-Jan-2008	Patrick McHardy <kaber@trash.net>	Add netfilter.h etfilter.h
ca1da708b6d41dbc5df99335b4370bd1592b4de3	29-Jan-2008	Jan Engelhardt <jengelh@medozas.de>	[IPTABLES]: libxt_owner: UID/GID range support UID/GID range support for libxt_owner Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> etfilter/xt_owner.h
ff068719055ae2327d94c79048381c09d3b744c4	29-Jan-2008	Jan Engelhardt <jengelh@medozas.de>	libxt_CONNMARK revision 1 Add support for xt_CONNMARK target revision 1. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> etfilter/xt_CONNMARK.h
aef4c1e7275633e4650d16440faaf4cb7163ac0e	20-Jan-2008	Sven Schnelle <svens@bitebene.org>	libxt_TCPOPTSTRIP Import libxt_TCPOPTSTRIP into iptables. Signed-off-by: Sven Schnelle <svens@bitebene.org> Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> etfilter/xt_TCPOPTSTRIP.h
41daaa0cfbb1cb6b80a2ce2571f9f92f164f0228	20-Jan-2008	Jan Engelhardt <jengelh@medozas.de>	libxt_iprange r0 Move libipt_iprange to libxt_iprange. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> etfilter/xt_iprange.h etfilter_ipv4/ipt_iprange.h
d95d92f0a480008a89f4ffa69f0c67f55dbbe05f	20-Jan-2008	Jan Engelhardt <jengelh@medozas.de>	libxt_mark r1 Introduce libxt_mark match revision 1 support. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> etfilter/xt_mark.h
a80b6046fa216c26dbc18d587f6255afa8444885	20-Jan-2008	Jan Engelhardt <jengelh@medozas.de>	libxt_conntrack r0 Move libipt_conntrack to libxt_conntrack. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> etfilter/xt_conntrack.h etfilter_ipv4/ipt_conntrack.h
a7b0707bd83bac30a92871872dab79ec8cebebbb	20-Jan-2008	Jan Engelhardt <jengelh@medozas.de>	libxt_connmark r1 Add support for xt_connmark match revision 1. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> etfilter/xt_connmark.h
f4b737fb0c52a95a48f2e313ed4cff43db720ad6	20-Jan-2008	Jan Engelhardt <jengelh@medozas.de>	libxt_MARK r2 Add support for xt_MARK target revision 2. Also consolidate libip6t_MARK.man and libipt_MARK.man. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> etfilter/xt_MARK.h
36f2eadca556da9bb4979b3f67f38020e80ef7d2	20-Jan-2008	Jan Engelhardt <jengelh@medozas.de>	libxt_TOS Move libipt_TOS revision 0 to libxt_TOS revision 0 and add support for xt_TOS target revision 1. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> etfilter/xt_DSCP.h
0720c1226381f5c71748673c43c12499f1f254c7	20-Jan-2008	Jan Engelhardt <jengelh@medozas.de>	libxt_tos Move libipt_tos revision 0 to libxt_tos revision 0 and add support for xt_tos match revision 1. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> etfilter/xt_dscp.h
5c5cd885daf43256f7bd24a3a698306764438145	20-Jan-2008	Jan Engelhardt <jengelh@medozas.de>	libxt_owner libxt_owner merges libipt_owner and libip6t_owner, and adds support for the xt_owner match revision 1. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> etfilter/xt_owner.h
6afc5b720ed78173e4e21b759df16577fbce13d6	15-Jan-2008	Patrick McHardy <kaber@trash.net>	Add rateest match extension Signed-off-by: Patrick McHardy <kaber@trash.net> etfilter/xt_rateest.h
2528258ddf066a5147394dc65cae3bde8e80e3c0	15-Jan-2008	Patrick McHardy <kaber@trash.net>	Add RATEEST target extension Signed-off-by: Patrick McHardy <kaber@trash.net> etfilter/xt_RATEEST.h
2cfa903a2882a5d7819c697870af9ae3ab106386	25-Nov-2007	Jesper Brouer <jdb@comx.dk>	Fix make/compile error for iptables-1.4.0rc1 Fixing a make/compile issue with iptables, release candidate 1.4.0rc1, which has existed since SVN changeset 6920. This patch adds ip_tables.h and ip6_tables.h, and updates x_tables.h, taken from Linus'es git tree. Changeset 6920 added the include file x_tables.h from kernel source, but didn't add ip_tables.h and ip6_tables.h. At some point (Tue Nov 14 19:48:48 2006, by Yasuyuki Kozakai) these kernel headers where changed, which actually removes certain depencencies from ip_tables.h and ip6_tables.h to x_tables.h. If compiling will fail, with old kernel headers (ip_tables.h and ip6_tables.h) available in systems include path, because they depend on certaine defines in x_tables.h with is missing in the version in SVN. Jesper Brouer <jdb@comx.dk> etfilter/x_tables.h etfilter_ipv4/ip_tables.h etfilter_ipv6/ip6_tables.h
ad326ef9f734ac30548de292c59fc0e2fd81ac2a	23-Sep-2007	Jan Engelhardt <jengelh@medozas.de>	Add the libxt_time iptables match This is libipt_time from POM-ng enhanced by the following: * day-of-month support (for example "match on the 15th of each month") * inversion support for --weekdays and --monthdays * match against UTC or local timezone * a manpage Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> etfilter/xt_time.h
9640e529bd08c4c0458246fae0fd6b473c94ab46	10-Sep-2007	Jan Engelhardt <jengelh@medozas.de>	Adds u32 to iptables. Signed-off-by: Jan Engelhardt <jengelh@gmx.de> etfilter/xt_u32.h
31317ed1f9103434adda716abbe65e9fc7bdd418	05-Sep-2007	Patrick McHardy <kaber@trash.net>	Build IPv6 hbh/dst matches unconditionally etfilter_ipv6/ip6t_opts.h
248a109b3bf6c9a0b3724f3123ad64a624d30631	05-Sep-2007	Patrick McHardy <kaber@trash.net>	Build IPv6 rt match unconditionally etfilter_ipv6/ip6t_rt.h
1d1ad90494bf909871c233e76036b18841949c9e	05-Sep-2007	Patrick McHardy <kaber@trash.net>	Build ipv6header match unconditionally etfilter_ipv6/ip6t_ipv6header.h
389f785b060c181ce77d44840274b5c68e39b23f	05-Sep-2007	Patrick McHardy <kaber@trash.net>	Build IPv6 mh match unconditionally etfilter_ipv6/ip6t_mh.h
eda0390fe200f2d9f37d2a19b50e7ca531367ada	05-Sep-2007	Patrick McHardy <kaber@trash.net>	Resync header files and build IPv6 frag match unconditionally etfilter_ipv6/ip6t_frag.h
7a87b74d4d41a356df3a81d0e8415c4f7a76097b	05-Sep-2007	Patrick McHardy <kaber@trash.net>	Resync header file and build IPv6 ah match unconditionally etfilter_ipv6/ip6t_ah.h
9fc3b5e9aaecaa4f3ebaf4bb55ddde2620e7f13e	05-Sep-2007	Patrick McHardy <kaber@trash.net>	Resync header file and build CLUSTERIP target unconditionally etfilter_ipv4/ipt_CLUSTERIP.h
3df9b22a5b0fde0e0a00259078f419a4ad3a92cd	05-Sep-2007	Patrick McHardy <kaber@trash.net>	Build recent match unconditionally etfilter_ipv4/ipt_recent.h
9e9022562d76644a2c9d1024b597729af68c81e5	05-Sep-2007	Patrick McHardy <kaber@trash.net>	Build dccp match unconditionally etfilter/xt_dccp.h
b8a0a100a68098c0329735b5724d9c0b425e72eb	05-Sep-2007	Patrick McHardy <kaber@trash.net>	Build string match unconditionally etfilter/xt_string.h
800b7e54e81f86d290a66330cecb1fe5a3a9a31a	05-Sep-2007	Patrick McHardy <kaber@trash.net>	Build statistic match unconditionally etfilter/xt_statistic.h
cddfd941e7a24dbc01a7dc79e4ce51f60f7128fc	05-Sep-2007	Patrick McHardy <kaber@trash.net>	Build quota match unconditionally etfilter/xt_quota.h
002d129b694633d47c76913b360329baa0d8e923	05-Sep-2007	Patrick McHardy <kaber@trash.net>	Build NFLOG target unconditionally etfilter/xt_NFLOG.h
001ebc22cdea0732f327142b10ff30309b36bbf8	23-Aug-2007	Patrick McHardy <kaber@trash.net>	Resync ip6t_REJECT.h with kernel - seems the entire time we had an imcompatible header :( Noticed by Peter Riley <Peter.Riley@hotpop.com> etfilter_ipv6/ip6t_REJECT.h
f8137b1b4cc18d4ff528ac40b83345260bb644ae	04-Aug-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Add IPv6 support to helper match etfilter/xt_helper.h etfilter_ipv4/ipt_helper.h
6aac50010e50aa42b42089110c8cf4d80b224f14	04-Aug-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Add IPv6 support to connbytes match etfilter/xt_connbytes.h
a7bf6d0decd93ade089a98a8de76a529cd96427e	04-Aug-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Add IPv6 support to DSCP target etfilter/xt_DSCP.h etfilter_ipv4/ipt_DSCP.h
e4cc20b2367362c2f9c84c0daaccd985e3236118	04-Aug-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Add IPv6 support to CLASSIFY target etfilter/xt_CLASSIFY.h etfilter_ipv4/ipt_CLASSIFY.h
1ff0b8d6a6669e6bbbacbfd719bd7e016a4c0406	04-Aug-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Unifies libip[6]t_state into libxt_state etfilter/xt_state.h
c57c155312a544482a6b8a3c0f7224b00cfaae20	04-Aug-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Unifies libip[6]t_connmark into libxt_connmark etfilter/xt_connmark.h etfilter_ipv4/ipt_connmark.h
d62a9db1295608ef98394b830703389973346716	04-Aug-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Unifies libip[6]t_hashlimit into libxt_hashlimit etfilter/xt_hashlimit.h etfilter_ipv4/ipt_hashlimit.h
6e22228b00cc485282db16b9637315a60b6dbd10	04-Aug-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Unifies libip[6]t_MARK into libxt_MARK etfilter/xt_MARK.h etfilter_ipv4/ipt_MARK.h etfilter_ipv6/ip6t_MARK.h
5679958c748087a3e21fbfa26d2ea08a6572ee4f	04-Aug-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Unifies libip[6]t_CONNSECMARK into libxt_CONNSECMARK etfilter/xt_CONNSECMARK.h
f36f4a8844132cbaacf3bbd5ec0254c17fcc97ae	04-Aug-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Add IPv6 support to CONNMARK match etfilter/xt_CONNMARK.h etfilter_ipv4/ipt_CONNMARK.h
a2e89ccf65e8c881e77674cd2b15b9704b0c6822	24-Jul-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Unifies libip[6]t_NFQUEUE.c into libxt_NFQUEUE.c etfilter/xt_NFQUEUE.h etfilter_ipv4/ipt_NFQUEUE.h
45e4c6946426785d30733701d1ee8112e58538a4	24-Jul-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Unifies libip[6]t_TCPMSS.c into libxt_TCPMSS.c etfilter/xt_TCPMSS.h etfilter_ipv4/ipt_TCPMSS.h
9ea637d5a7ebfb04e97db4cb114117474bbda9cf	24-Jul-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Add IPv6 support to comment match etfilter/xt_comment.h etfilter_ipv4/ipt_comment.h
18e060822be3ad17368dbe3d7289dd21efd341a5	24-Jul-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Add IPv6 support to dscp match. etfilter/xt_dscp.h etfilter_ipv4/ipt_dscp.h
0a04e8d695549788213f842cc99c724a564a88df	24-Jul-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Unifies libip[6]t_esp.c into libxt_esp.c etfilter/xt_esp.h etfilter_ipv4/ipt_esp.h etfilter_ipv6/ip6t_esp.h
36087d952be182a6163fc508c2168b9c3b9209c2	24-Jul-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Unifies libip[6]t_length.c into libxt_length.c etfilter/xt_length.h etfilter_ipv4/ipt_length.h etfilter_ipv6/ip6t_length.h
4489c0d66d9a0e6033c9472fd54df155788010b7	24-Jul-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Unifies libip[6]t_limit.c into libxt_limit.c. etfilter/xt_limit.h etfilter_ipv4/ipt_limit.h etfilter_ipv6/ip6t_limit.h
ba2d891523121b651be54a4ce915bcee33d2ed38	24-Jul-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Unifies libip[6]t_mac.c into libxt_mac.c etfilter/xt_mac.h
fec77fed67feb55aba4c33ae2367178c57ce83de	24-Jul-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Unifies libip[6]t_physdev.c into libxt_physdev.c etfilter/xt_physdev.h etfilter_ipv4/ipt_physdev.h etfilter_ipv6/ip6t_physdev.h
5fd6ec87600ac3bd96c2500f6f4a1a9010d8d31e	24-Jul-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Add IPv6 support to pkttype match etfilter/xt_pkttype.h etfilter_ipv4/ipt_pkttype.h
19f29509c8a97219c578aeaf8be15cf005d46eb3	24-Jul-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Unifies libip[6]t_sctp.c into libxt_sctp.c etfilter/xt_sctp.h etfilter_ipv4/ipt_sctp.h
7999bd3ad9815f49c31d4ef9798adbbd87ba0094	24-Jul-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Add IPv6 support to tcpmss match etfilter/xt_tcpmss.h etfilter_ipv4/ipt_tcpmss.h
17908e4bd0bc8ddb7a85bda316864ad8e1e56a29	24-Jul-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Unifies libip[6]t_udp.c into libxt_udp.c etfilter/xt_tcpudp.h
de9d244eef00ad3633e8a1d303713390ab2e243c	24-Jul-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Unifies libip[6]_mark.c into libxt_mark.c etfilter_ipv6/ip6t_mark.h
0af771d5c84ea9143cf947fb944a0e18189f0e63	24-Jul-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Use unified API in libipt_mark.c etfilter/xt_mark.h etfilter_ipv4/ipt_mark.h
df2cf4fddfb6bddb9c6809c4aaab8de58dd2393d	24-Jul-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Unifies libip[6]t_multiport.c into libipxt_multiport.c etfilter_ipv4/ipt_multiport.h etfilter_ipv6/ip6t_multiport.h
eb6e65e1ccfb52457d461b72cf5abe4e9f7187c6	24-Jul-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Use unified API in multiport match etfilter/xt_multiport.h
0d502bcdbc97ed359e84f6a21dfa0049b3b60a6c	24-Jul-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Introduces xtables match/target registration - moves lib_dir to xtables.c - introduces struct pfinfo which has protocol family dependent infomations. - unifies load_ip[6]tables_ko() and moves them as load_xtables_ko() - introduces xt_{match,match_rule,target,tryload} and replaces ip[6]t_* with them - unifies following functions and move them to xtables.c - find_{match,find_target} - compatible_revision, compatible_{match,target}_revision - introduces xtables_register_{match,target} and make register_{match,target}[6] call them. xtables_register_* register ONLY matches/targets matched protocol family Some concepts: - source compatibility for libip[6]t_xxx.c with warning on compilation not binary compatibility. - binary compatibility between 2.4/2.6 kernel and iptables/ip6tables, of cause. - xtables is enough to support only one address family at runtime. Then xtables keeps infomations of only the focused address famiy in struct afinfo. etfilter/x_tables.h
21df4af43dcc9f635baa2aff3ace53768d9704bc	09-Jul-2007	Jan Engelhardt <jengelh@medozas.de>	PATCH: Add connlimit to iptables. Signed-off-by: Jan Engelhardt <jengelh@gmx.de> etfilter/xt_connlimit.h
7d5cc229064b0e718046b9ecaebad3426dfff15f	30-Jun-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Removes KERNEL_64_USERSPACE_32 The recent kernel has compat layer for iptables. It doesn't have compat layer for libipq and ip6tables, but ip6tables with KERNEL_64_USERSPACE_32 is still broken. We should fix kernel instead of fixing them if and when we want use their 32bit binary with 64bit kernel. etfilter_ipv4/ipt_CLUSTERIP.h etfilter_ipv4/ipt_SAME.h
fde395370ead306b770a3d4685e4bc1d6972266d	28-Jun-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Removes some KERNEL_64_USERSPACE_32 because linux 2.6 has compat layer etfilter_ipv4/ipt_CONNMARK.h etfilter_ipv4/ipt_MARK.h etfilter_ipv4/ipt_ULOG.h etfilter_ipv4/ipt_connmark.h etfilter_ipv4/ipt_conntrack.h etfilter_ipv4/ipt_limit.h etfilter_ipv4/ipt_mark.h etfilter_ipv6/ip6t_MARK.h etfilter_ipv6/ip6t_limit.h etfilter_ipv6/ip6t_mark.h
40d54756cd8a2705e22b36f7aef03bb2c472a10b	18-Apr-2007	Patrick McHardy <kaber@trash.net>	Use nf_conntrack headers instead of ip_conntrack ones and add sanitized versions. etfilter/nf_conntrack_common.h etfilter/nf_conntrack_tuple.h etfilter/nf_conntrack_tuple_common.h etfilter/nf_nat.h etfilter_ipv4/ipt_conntrack.h
e4076172c33810472d9d658554588b6e379a4fbe	16-Jan-2007	Arnaud Ebalard <arno@natisbad.org>	Add ip6tables TCPMSS extension (Arnaud Ebalard <arno@natisbad.org>) Kernel part will go in 2.6.21. etfilter_ipv6/ip6t_TCPMSS.h
0665217784822434b1732cdc773d5daa12836438	20-Oct-2006	Rémi Denis-Courmont <rdenis@simphalempin.com>	- Add revision support to ip6tables. - Add support port range match to libip6t_multiport (R?mi Denis-Courmont <rdenis@simphalempin.com>) etfilter_ipv6/ip6t_multiport.h
d3476b294f6a0570b0ec3322f580d6446c6f20fe	01-Feb-2006	Harald Welte <laforge@gnumonks.org>	make policy match compile independant of kernel headers etfilter_ipv4/ipt_policy.h
11e4718d30d4f25b1cfb4655df3b773608ee5405	01-Feb-2006	Harald Welte <laforge@gnumonks.org>	fix ipt_conntrack compilation against very early (2.4.0) kernel releases etfilter_ipv4/ipt_conntrack.h
02e88f2ae4eac6088e3f802909b77ec4b8317acd	31-Jan-2006	Patrick McHardy <kaber@trash.net>	Prepare policy match for x_tables unification by making sure both ipt_policy and ip6t_policy use the same data structure. etfilter_ipv4/ipt_policy.h etfilter_ipv6/ip6t_policy.h
daa1ef354deee764484c1494073b075859701971	19-Jul-2005	Harald Welte <laforge@gnumonks.org>	add NFQUEUE support for ipv4 and ipv6 etfilter_ipv4/ipt_NFQUEUE.h
893b688a2a73363c8cebe4bac0c1368178fce2fd	10-Jul-2005	Harald Welte <laforge@gnumonks.org>	fix various missing header file / #define issues on old kernels. I've now tested compilation with kernels starting 2.4.17 etfilter_ipv4/ipt_conntrack.h etfilter_ipv6/ip6t_LOG.h
63d68bf3a1e86e2c96e520f71c34519112c66453	10-Jul-2005	Harald Welte <laforge@gnumonks.org>	we need to have this header file included, since old kernels don't define IP6T_LOG_UID. etfilter_ipv6/ip6t_LOG.h
6b5effcaf26b9eaf8e6f63d9ad3570a045fb4f0c	15-Apr-2005	Harald WeltePablo Neira <laforge@gnumonks.orgpablo@eurodev.net>	omeone forgot to update ipt_conntrack.h header in user space. So, update it to use ip_conntrack_old_tuple. (Pablo Neira) etfilter_ipv4/ipt_conntrack.h
800938fcabe76265d273fa0552dcf674d33973aa	07-Mar-2005	Pablo Neira <pablo@eurodev.net>	This fixes rule deletion in CLUSTERIP in iptables (Pablo Neira) etfilter_ipv4/ipt_CLUSTERIP.h
02964b869a8616b41e4c2dc899ff23921aaaa4b0	12-Feb-2005	Martin Josefsson <gandalf@wlug.westbo.se>	Fix CONNMARK/connmark issues with 64bit kernel and 32bit userspace. Also fixes a typo in CONNMARK, --mask set the mark, not the mask. Initial patch by: Pablo Neira <pablo@eurodev.net> Signed-off-by: Martin Josefsson <gandalf@wlug.westbo.se> etfilter_ipv4/ipt_CONNMARK.h etfilter_ipv4/ipt_connmark.h
b2eedcdf84c037e346bdd4e804decf95de66cbf7	02-Feb-2005	Phil Oester <kernel@linuxace.com>	Add support for inversion to multiport revision 1. Signed-off-by: Phil Oester <kernel@linuxace.com> etfilter_ipv4/ipt_multiport.h
5df9547e093c4fef0bb926adb268dbd020e543a6	03-Jan-2005	Pablo Neira <pablo@eurodev.net>	Pablo Neira: Multiport revision 1 userspace support. etfilter_ipv4/ipt_multiport.h
3aef54dce4f9bbe0b466478fd33a1d3131efbbb8	03-Jan-2005	Rusty Russell <rusty@rustcorp.com.au>	Extension revision number support (if kernel supports the getsockopts). Enhance MARK match with second revision. Committed in anticipation of the kernel patch being applied. etfilter_ipv4/ipt_MARK.h
789c7df4e5463165cbe721cdc328d0dd18e7b1ad	20-Oct-2004	Harald Welte <laforge@gnumonks.org>	move ipt_hashlimit to it's correct location etfilter_ipv4/ipt_hashlimit.h
514b1b488eaf07d66e209681f4f34246d7db2f60	20-Sep-2004	Brad Fisher <brad@info-link.net>	Add comment match extension (Brad Fisher) etfilter_ipv4/ipt_comment.h
13218fbdc92e704953d01333ea10bd623821b71e	13-Sep-2004	Bart De Schuymer <bdschuym@pandora.be>	port physdev to ip6tables (Bart De Schuymer) etfilter_ipv6/ip6t_physdev.h
af371871085ab3f07b9b0b5edff193af35ed5a4e	28-Jun-2004	Patrick McHardy <kaber@trash.net>	Add ipt_addrtype.h etfilter_ipv4/ipt_addrtype.h
2057750071822d72200fe06f759009c216229542	21-Jun-2004	Harald Welte <laforge@gnumonks.org>	add missing include etfilter_ipv4/ipt_dstlimit.h
c5617bf84475028dd1663cde076b93f355ce42a7	26-May-2004	Martin Josefsson <gandalf@wlug.westbo.se>	With a 64bit kernel only the high 32bits of nfmark was used regardless of 32/64bit userspace. This makes it quite hard to interoperate with 'tc'. Sync ipv6 versions with ipv4 versions. Tested on x86 and sparc64 with both 32bit and 64bit userspace. etfilter_ipv4/ipt_MARK.h etfilter_ipv4/ipt_mark.h etfilter_ipv6/ip6t_MARK.h etfilter_ipv6/ip6t_mark.h
1eb0081027ee567e822b24377ea614e66c408ff2	26-May-2004	Martin Josefsson <gandalf@wlug.westbo.se>	Fix 64bit kernel / 32bit userspace issue. Sync header with kernel. etfilter_ipv4/ipt_SAME.h etfilter_ipv4/ipt_ULOG.h
1da399c30a2c42490f1c6cb84857e31522546c9d	26-May-2004	Martin Josefsson <gandalf@wlug.westbo.se>	Fix 64bit kernel / 32bit userspace issue. etfilter_ipv4/ipt_conntrack.h etfilter_ipv4/ipt_limit.h etfilter_ipv6/ip6t_limit.h
54924023ee598e626423ef9c222eff0e8d28dfac	02-Mar-2004	Kiran Kumar <immidi_kiran@yahoo.com>	update for matching chunk flags (Kiran Kumar) etfilter_ipv4/ipt_sctp.h
129152307ba7b09c9ad667eee2c4e0d23f7c500b	21-Feb-2004	Harald Welte <laforge@gnumonks.org>	add userspace part of SCTP match etfilter_ipv4/ipt_sctp.h
320443dbef678a357f7c10406e8c297d6ab3ddd9	03-Feb-2004	Henrik Nordstrom <hno@marasystems.com>	latest version of CONNMARK updates (Henrik Nordstrom) etfilter_ipv4/ipt_CONNMARK.h etfilter_ipv4/ipt_connmark.h
42cbf9855f3185dfab4d74c9b2b7dc2f78974bd4	02-Nov-2003	Harald Welte <laforge@gnumonks.org>	update ipt_physdev.h (test8 change, make parisc work, alignment issues) etfilter_ipv4/ipt_physdev.h
fef3b8ec4b10c79c75a6893c3179f13a3645aa7d	13-Sep-2003	Harald Welte <laforge@gnumonks.org>	CLASSIFY is now built unconditionally, thus we need the kernel header etfilter_ipv4/ipt_CLASSIFY.h
105650a15e20255c5d037f32b8ef4a2431c59855	24-Aug-2003	Harald Welte <laforge@gnumonks.org>	add include files for soon-to-be-submitted patches (and build them unconditionally by putting thme in the extensions/Makefile) etfilter_ipv4/ipt_CONNMARK.h etfilter_ipv4/ipt_connmark.h etfilter_ipv4/ipt_iprange.h etfilter_ipv4/ipt_realm.h
8f578a09b56f010d5bcd30086a8f7c8132b35d92	03-May-2003	Harald Welte <laforge@gnumonks.org>	add (untested) sctp userspace support for even more untested kernel part (in pom soon) etfilter_ipv4/ipt_sctp.h
59cbe17cee0499c8f25a8d9f29513f4c85e9b03c	30-Apr-2003	Harald Welte <laforge@gnumonks.org>	rename iplimit to connlimit etfilter_ipv4/ipt_connlimit.h
30596a5e7ae8c518a8a0bbf3aa891728e9f9ec1b	27-Apr-2003	Bart De Schuymer <bdschuym@pandora.be>	ipt_physdev update (--physdev-is-{in,out,bridged}) by Bart de Schuymer etfilter_ipv4/ipt_physdev.h
1254871c88483cc1a0adc448a83cab6a9d4510a1	11-Feb-2003	Bart De Schuymer <bdschuym@pandora.be>	add libipt_physdev.c (Bart de Schumyer) etfilter_ipv4/ipt_physdev.h
2aa84a489a9294730cf856f48bcf4802c04187ae	12-Jan-2003	Harald Welte <laforge@gnumonks.org>	add support for rpc match etfilter_ipv4/ipt_rpc.h
60358d73482620aeafc34f38df36e462875fd244	08-Jan-2003	Maciej Soltysiak <solt@dns.toxicfilms.tv>	apply ipv6 hoplimit (hl match, HL target) patch (Maciej Soltysiak <solt@dns.toxicfilms.tv>) etfilter_ipv6/ip6t_HL.h etfilter_ipv6/ip6t_hl.h
f4e6683c5a4c80e494a2167d1a64d1b9c63587aa	09-Aug-2002	Harald Welte <laforge@gnumonks.org>	make libipt_helper.so build always, since it's now submitted to 2.4.20 etfilter_ipv4/ipt_helper.h
40783fc33fa01469e818de1103d859d3e859c126	05-Aug-2002	Harald Welte <laforge@gnumonks.org>	bring ECN headers in sync with ecn.patch etfilter_ipv4/ipt_ECN.h etfilter_ipv4/ipt_ecn.h
ceee3db0157995c2f95bd096f64c2ea0d7ca74cf	05-Aug-2002	Harald Welte <laforge@gnumonks.org>	restore old DSCP_SHIFT behaviour etfilter_ipv4/ipt_DSCP.h etfilter_ipv4/ipt_dscp.h
744f3e25f630f00c91058867d26e29c5eb3cc213	04-Jun-2002	Harald Welte <laforge@gnumonks.org>	fix typo in ipt_ecn.h etfilter_ipv4/ipt_ecn.h
2ff07a374d2f05aa4fe3c5ae1cfa6aedbc731b42	29-May-2002	Harald Welte <laforge@gnumonks.org>	add header file for ECN match etfilter_ipv4/ipt_ECN.h etfilter_ipv4/ipt_ecn.h
c980a240bad8f8995805df3bfdfb18180dd08d03	29-May-2002	Harald Welte <laforge@gnumonks.org>	bring ECN plugin in sync with new ECN target etfilter_ipv4/ipt_ECN.h
f1f447b836a714b4646450aaed3dd1aa6ab2808a	26-Mar-2002	András Kis-Szabó <kisza@securityaudit.hu>	new ip6 FRAG match by kisza etfilter_ipv6/ip6t_ah.h etfilter_ipv6/ip6t_frag.h
d32980df1da9d81a93280b4f0e023c58055c4b0c	25-Mar-2002	Harald Welte <laforge@gnumonks.org>	Add AH/ESP match for ipv6 etfilter_ipv6/ip6t_ah.h etfilter_ipv6/ip6t_esp.h
d75a2aaf00b87c95b091a1b733a1c17ae51a950a	18-Mar-2002	Harald Welte <laforge@gnumonks.org>	make libipt_conntrack compile by default etfilter_ipv4/ipt_conntrack.h
ec03bdf9a8a645c2c4a644009475dc9d75a72558	18-Mar-2002	Harald Welte <laforge@gnumonks.org>	libipt_pkttype now compiled by default etfilter_ipv4/ipt_pkttype.h
487d1d39b6457a4a3aeb2b9dac3b1925a003a3e1	14-Mar-2002	Harald Welte <laforge@gnumonks.org>	add DSCP match etfilter_ipv4/ipt_DSCP.h etfilter_ipv4/ipt_dscp.h
385a1dd0f3b01fc0fbd6bcdee9796e0240ea77c1	17-Feb-2002	Harald Welte <laforge@gnumonks.org>	add ECN target support etfilter_ipv4/ipt_ECN.h
96d960594e7db97568e478be884f205034d3a32f	17-Feb-2002	Harald Welte <laforge@gnumonks.org>	add new version of ipt_DSCP.h etfilter_ipv4/ipt_DSCP.h
2e7377d3e21c0c93219eea0d38e2ee37308f6150	17-Feb-2002	Harald Welte <laforge@gnumonks.org>	add DSCP target support etfilter_ipv4/ipt_DSCP.h
4ab10af3f549e1ea6492c768db3778816fff7f05	17-Feb-2002	Harald Welte <laforge@gnumonks.org>	make compilation of libip6t_LOG, libipt_length, libip6t_length and libip6t_owner mandatory etfilter_ipv4/ipt_length.h etfilter_ipv6/ip6t_length.h etfilter_ipv6/ip6t_owner.h
97c0decde5669fbbc099da8a591b7a13825b69b1	24-Jan-2002	Harald Welte <laforge@gnumonks.org>	shit, forgot to update this one. Let's hope that the kernel's headers precede the ones in this directory etfilter_ipv4/ipt_ULOG.h
05e0b01bd1cd4035893c33c7084164bd8fab37c8	26-Aug-2001	Harald Welte <laforge@gnumonks.org>	second part of SAME patch which I missed to commit :( etfilter_ipv4/ipt_SAME.h
a9f714dfdad285e46250de0e227cd6b0db51462b	31-Jul-2001	Harald Welte <laforge@gnumonks.org>	added ipt_SAME.h to fix compile error etfilter_ipv4/ipt_SAME.h
c8af1fd0a9b8e7e39626c7d66ade0ddc93f25fbe	23-Jul-2001	Harald Welte <laforge@gnumonks.org>	added libip6t_REJECT.c for IPv6 reject support etfilter_ipv6/ip6t_REJECT.h
d0b6b3cd1741629991a299c95b0799eef21436b3	16-Mar-2001	Harald Welte <laforge@gnumonks.org>	NETLINK_ULOG isn't defined in an unpatched kernel etfilter_ipv4/ipt_ULOG.h
008a83fad0f131e08d03235e7615fb392d1f3c3b	28-Feb-2001	Rusty Russell <rusty@linuxcare.com.au>	Move some include files to be present always, so build always includes them even if patches not applied (eg. for distributions). etfilter_ipv4/ipt_FTOS.h etfilter_ipv4/ipt_TCPMSS.h etfilter_ipv4/ipt_TTL.h etfilter_ipv4/ipt_ULOG.h etfilter_ipv4/ipt_ah.h etfilter_ipv4/ipt_connlimit.h etfilter_ipv4/ipt_esp.h etfilter_ipv4/ipt_tcpmss.h etfilter_ipv4/ipt_ttl.h