e3928b77f18db0fdc615693017c6c15eb71bf4e0 |
02-Apr-2014 |
JP Abgrall <jpa@google.com> |
Fixup build so that the update from nefilter.org to 1.4.20 works * Keep the generated files needed for building. Used ./configure --enable-static --disable-shared make * Update the various Android *.mk files. Change-Id: If0e45cf6289f0e3dcf3adf73e6ccff86d640f1c0 Signed-off-by: JP Abgrall <jpa@google.com>
ndroid.mk
ibext.mk
|
11ef84b856859e7d4a08625d09c8573e5f5eef63 |
02-Apr-2014 |
JP Abgrall <jpa@google.com> |
Merge remote-tracking branch 'upstream/stable-1.4.20' into update Conflicts: .gitignore include/linux/types.h libiptc/libiptc.c Change-Id: I2c949ba9de090db9ae09d914f4ac5c13e5b7d4da
|
84d100d6119fd4df196c0e121d8f7ffe4c2076e1 |
28-Jan-2014 |
Colin Cross <ccross@android.com> |
external/iptables: use local-generated-sources-dir local-intermediates-dir doesn't work for multiarch builds, because each architecture needs a separate intermediates dir. Use local-generated-sources-dir, which gives a directory under $OUT/gen that can be shared by both architectures. Files installed into $OUT/gen/*/*_intermediates and listed in LOCAL_GENERATED_SOURCES will be copied into $OUT/obj*/*/*_intermediates automatically as necessary. (cherry picked from commit b4ad8a418b48b6a7df8f88a276c52f00c1bb43af) Change-Id: I35ed4bc51e694ca4dc8343bc59977f1daeae3abc
ibext.mk
|
cc1f024e0bd08588f0dae6ef83cb6af47dc155fc |
28-Jan-2014 |
Colin Cross <ccross@android.com> |
Revert "external/iptables: use local-generated-sources-dir" This reverts commit b4ad8a418b48b6a7df8f88a276c52f00c1bb43af. Change-Id: I7870513ad908957a1370cd8e1f7c0a80d8fbb7bb
ibext.mk
|
b4ad8a418b48b6a7df8f88a276c52f00c1bb43af |
28-Jan-2014 |
Colin Cross <ccross@android.com> |
external/iptables: use local-generated-sources-dir local-intermediates-dir doesn't work for multiarch builds, because each architecture needs a separate intermediates dir. Use local-generated-sources-dir, which gives a directory under $OUT/gen that can be shared by both architectures. Files installed into $OUT/gen/*/*_intermediates and listed in LOCAL_GENERATED_SOURCES will be copied into $OUT/obj*/*/*_intermediates automatically as necessary. Change-Id: I78e7898147a0e2303e814e8b93f7cd0edbd2914e
ibext.mk
|
22e7fb7a9e435e8a736ae2c596b57db904a9a1b2 |
23-Jan-2014 |
Colin Cross <ccross@android.com> |
iptables: rewrite extensions makefile to avoid duplication Move the duplicated parts of the extensions makefile into a separate libext.mk, and include it 3 times from the main makefile. Change-Id: Idcbe1da8e024af895da33e396595e616f52e25ad
ndroid.mk
ibext.mk
|
d4cea4666768eeadd0d1fde61e8231bba353d8ee |
23-Jan-2014 |
Colin Cross <ccross@android.com> |
iptables: remove $(KERNEL_HEADERS) from include path The kernel headers are already in the include path, and manually adding them again will break on a multiarch build, where the kernel headers may be different for each arch. Change-Id: I20867af3061bbc86d2205f5479c40f6034a61b72
ndroid.mk
|
9b5ca5cf509bd1ed37ba692082ec6f3f180546c1 |
05-Dec-2013 |
Kristian Monsen <kristianm@google.com> |
Silence all warnings. Change-Id: I9d180c2da268117a8774290ba49c8774fabd3272
ndroid.mk
|
76e230e41947576efb96e86e605bb84015cdb287 |
13-Aug-2013 |
Jan Engelhardt <jengelh@inai.de> |
iptables: link against libnetfilter_conntrack Linking currently fails in --enable-static case: ../extensions/libext.a(libxt_connlabel.o): In function `connlabel_get_name': iptables/extensions/libxt_connlabel.c:57: undefined reference to `nfct_labelmap_get_name' [..] It's libxtables.la(libxt_connlabel.o) using libnetfilter_conntrack. If libnetfilter_conntrack is not found, @libnetfilter_conntrack_CFLAGS@ and @libnetfilter_conntrack_LIBS@ (and their ${} ones) should be empty, therefore producing no harm to include unconditionally. Reported-and-tested-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Florian Westphal <fw@strlen.de>
NUmakefile.in
|
b28d4dcc9f5559e9c03f35458ac103cfb89d8f87 |
08-Aug-2013 |
Phil Oester <kernel@linuxace.com> |
iptables: state match incompatibilty across versions As reported in Debian bug #718810 [1], state match rules added in < 1.4.16 iptables versions are incorrectly displayed by >= 1.4.16 iptables versions. Issue bisected to commit 0d701631 (libxt_state: replace as an alias to xt_conntrack). Fix this by adding the missing .print and .save functions for state match aliases in the conntrack match. [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718810 Signed-off-by: Phil Oester <kernel@linuxace.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
ibxt_conntrack.c
|
7b26bafb9be05a23b47653640aadbb61d0032665 |
28-Jan-2013 |
Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> |
libxt_CT: Add the "NOTRACK" alias Available since Linux kernel 3.8. Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
ibxt_CT.c
ibxt_NOTRACK.man
|
33b529a7208952c250f245557d248e50ce533c7d |
06-Jul-2013 |
Phil Oester <kernel@linuxace.com> |
libip6t_LOG: target output is different to libipt_LOG libipt_LOG is using the xtables_save_string func, which escapes unsafe characters as needed. libip6t_LOG should do the same. Signed-off-by: Phil Oester <kernel@linuxace.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
ibip6t_LOG.c
|
88b73a2bad9fc02355fad70698cc2c9469048abc |
15-Jul-2013 |
Pablo Neira Ayuso <pablo@netfilter.org> |
libxt_recent: restore minimum value for --seconds This checking was accidentally removed in (74ded72 libxt_recent: add --mask netmask). Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
ibxt_recent.c
|
51340f7b6a1103b12d86ef488f7140406d80401e |
15-Jul-2013 |
Florian Westphal <fw@strlen.de> |
extensions: libxt_connlabel: use libnetfilter_conntrack Pablo suggested to make it depend on lnf-conntrack, and get rid of the example config file as well. The problem is that the file must be in a fixed path, /etc/xtables/connlabel.conf, else userspace needs to "guess-the-right-file" when translating names to their bit values (and vice versa). Originally "make install" did put an example file into /etc/xtables/, but distributors complained about iptables ignoring the sysconfdir. So rather remove the example file, the man-page explains the format, and connlabels are inherently system-specific anyway. Signed-off-by: Florian Westphal <fw@strlen.de>
NUmakefile.in
ibxt_connlabel.c
ibxt_connlabel.man
|
a963e217528d2849f32ec6516a1f82450c65f588 |
12-Jul-2013 |
Florian Westphal <fw@strlen.de> |
extensions: libipt_ULOG: man page should mention NFLOG as replacement Signed-off-by: Florian Westphal <fw@strlen.de>
ibipt_ULOG.man
|
8cf6fb833840d794289f2abf04b2c5cade5a37bf |
13-Jul-2013 |
Russell Senior <russell@personaltelco.net> |
libxt_recent: restore reap functionality to recent module The reap functionality appears to have been accidentally disabled by (74ded72 libxt_recent: add --mask netmask) since iptables 1.4.15 and later. This adds a patch to restore reap functionality for recent_opts_v1. Patch obtained via: http://patchwork.openwrt.org/patch/3812/ Signed-off-by: Russell Senior <russell@personaltelco.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
ibxt_recent.c
|
34844da8f53ec80b34ad094f2fca2519a7079ec2 |
01-May-2013 |
Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> |
Introduce a new revision for the set match with the counters support The revision add the support of matching the packet/byte counters if the set was defined with the extension. Also, a new flag is introduced to suppress updating the packet/byte counters if required. Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
ibxt_set.c
ibxt_set.man
|
f927d5fc3a6a0a8a8fb03e733a6572a934482723 |
10-Apr-2013 |
Mart Frauenlob <mart.frauenlob@chello.at> |
extensions: libxt_LOG: rename IPv4 manpage and tell about IPv6 support Signed-off-by: Mart Frauenlob <mart.frauenlob@chello.at> Signed-off-by: Florian Westphal <fw@strlen.de>
ibip6t_LOG.man
ibipt_LOG.man
ibxt_LOG.man
|
48356408ccf03ec2fdba0ceae3d9b5eae5e5e959 |
10-Apr-2013 |
Mart Frauenlob <mart.frauenlob@chello.at> |
extensions: libxt_MASQUERADE: rename IPv4 manpage and tell about IPv6 support also update list of protocols valid for port mapping. Signed-off-by: Mart Frauenlob <mart.frauenlob@chello.at> Signed-off-by: Florian Westphal <fw@strlen.de>
ibip6t_MASQUERADE.man
ibipt_MASQUERADE.man
ibxt_MASQUERADE.man
|
5ff71e97448ebbeed8b2ad4654726361a0c84131 |
30-May-2013 |
Pablo Neira Ayuso <pablo@netfilter.org> |
Merge branch 'stable' Get fix for LED extension.
|
96c42d4c46df3edbd41fa47b860fba217f03cfeb |
30-May-2013 |
Pablo Neira Ayuso <pablo@netfilter.org> |
extensions: libxt_LED: fix parsing of delay Closes bugzilla: https://bugzilla.netfilter.org/show_bug.cgi?id=825 Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
ibxt_LED.c
|
8df3c38438bb75edb480845913af77692c8a5c99 |
10-Apr-2013 |
Mart Frauenlob <mart.frauenlob@chello.at> |
extensions: libxt_SNAT: rename IPv4 manpage and tell about IPv6 support This patch renames libipt_SNAT.man to libxt_SNAT.man thus informing about the IPv6 version. Also the list of valid protocols for port mapping is updated to: tcp, udp, dccp and sctp. Signed-off-by: Mart Frauenlob <mart.frauenlob@chello.at> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
ibipt_SNAT.man
ibxt_SNAT.man
|
b8646dc9623631db3b71a5c1846566cf54a66a3a |
10-Apr-2013 |
Mart Frauenlob <mart.frauenlob@chello.at> |
extensions: libxt_NETMAP: rename IPv4 manpage and tell about IPv6 support This patch renames libipt_NETMAP.man to libxt_NETMAP.man thus informing about the IPv6 version. Signed-off-by: Mart Frauenlob <mart.frauenlob@chello.at> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
ibipt_NETMAP.man
ibxt_NETMAP.man
|
ebd4a00b74aa99ed25841a235fe79b1462baea7f |
10-Apr-2013 |
Mart Frauenlob <mart.frauenlob@chello.at> |
extensions: libxt_REDIRECT: rename IPv4 manpage and tell about IPv6 support This patch renames libipt_REDIRECT.man to libxt_REDIRECT.man thus informing about the IPv6 version. Also the list of valid protocols for port mapping is updated to: tcp, udp, dccp and sctp. Signed-off-by: Mart Frauenlob <mart.frauenlob@chello.at> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
ibipt_REDIRECT.man
ibxt_REDIRECT.man
|
11965180ba6f278fea81f55a3aa48c8f7c667142 |
10-Apr-2013 |
Mart Frauenlob <mart.frauenlob@chello.at> |
extensions: libxt_DNAT: rename IPv4 manpage and tell about IPv6 support This patch renames libipt_DNAT.man to libxt_DNAT.man thus informing about the IPv6 version, as suggested by Patrick McHardy. Also, it updates the list of valid protocols for port mapping is updated to: tcp, udp, dccp and sctp. Signed-off-by: Mart Frauenlob <mart.frauenlob@chello.at> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
ibipt_DNAT.man
ibxt_DNAT.man
|
a17d7fdf4fd8da8b41e67f02c8b8b371c2daa619 |
10-Apr-2013 |
Mart Frauenlob <mart.frauenlob@chello.at> |
libip6t_mh: Correct command to list named mh types in manpage Signed-off-by: Patrick McHardy <kaber@trash.net>
ibip6t_mh.man
|
0c3753b1d4226a6e7bea9619415cf40cadee1e58 |
06-Apr-2013 |
Patrick McHardy <kaber@trash.net> |
extensions: add copyright statements Add copyright statements to all extensions authored by myself. Signed-off-by: Patrick McHardy <kaber@trash.net>
ibip6t_DNPT.c
ibip6t_SNPT.c
ibxt_CLASSIFY.c
ibxt_CT.c
ibxt_RATEEST.c
ibxt_addrtype.c
ibxt_policy.c
ibxt_rateest.c
ibxt_statistic.c
|
ce7d0619ce49587ca78456caf467cf25f7cbbc4e |
02-Apr-2013 |
holger@eitzenberger.org <holger@eitzenberger.org> |
extensions: libxt_NFQUEUE: add --queue-cpu-fanout parameter Signed-off-by: Holger Eitzenberger <holger@eitzenberger.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
ibxt_NFQUEUE.c
ibxt_NFQUEUE.man
|
472bc914415baf2cd9aeb44605867365723a2e3d |
19-May-2013 |
Michael Roth <mroth@nessie.de> |
doc: mention SNAT in INPUT chain since kernel 2.6.36 SNAT in the INPUT chain was added Jun 2010 to the kernel (commit c68cd6cc21eb329c47ff020ff7412bf58176984e). Signed-off-by: Michael Roth <mail@mroth.net> Signed-off-by: Florian Westphal <fw@strlen.de>
ibipt_SNAT.man
|
ccbf6b6448a4210432b76fd4660798705b05f8c4 |
06-May-2013 |
Florian Westphal <fw@strlen.de> |
extensions: add connlabel match allows to "tag" connections with up to 128 label names. Labels are defined in /etc/xtables/connlabel.conf, example: 0 from eth0 1 via eth0 Labels can then be attached to flows, e.g. -A PREROUTING -i eth0 -m connlabel --label "from eth0" --set Signed-off-by: Florian Westphal <fw@strlen.de>
ibxt_connlabel.c
ibxt_connlabel.man
|
b5c12f4aa3ebfc4dac37799e41616c37c188ab4f |
26-Apr-2013 |
Patrick McHardy <kaber@trash.net> |
libxt_conntrack: fix state match alias state parsing The conntrack match uses a different value for the UNTRACKED state than the state match. Translate states to conntrack states to make sure they all match. Signed-off-by: Patrick McHardy <kaber@trash.net>
ibxt_conntrack.c
|
b46f3d833f926c40dd73d52d8cedb94206e6d83d |
09-Apr-2013 |
Mart Frauenlob <mart.frauenlob@chello.at> |
extensions: libxt_multiport: Update manpage to list valid protocols This patch updates the list of valid protocols in the man page section of the multiport match to: tcp, udp, udplite, dccp and sctp. Signed-off-by: Mart Frauenlob <mart.frauenlob@chello.at> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
ibxt_multiport.man
|
1cb432c06637b5030b4a70ff33e306f2bb81d366 |
19-Apr-2013 |
Pablo Neira Ayuso <pablo@netfilter.org> |
extensions: libxt_bpf: clarify --bytecode argument Mart Frauenlob suggested a change to explain the --bytecode better. I have added some reference to the example bytecode in the format that this argument accepts. Reported-by: Mart Frauenlob <mart.frauenlob@chello.at> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
ibxt_bpf.man
|
e816ac4fa83f65a5d7d40445c72aa1c3e811cb78 |
13-Apr-2013 |
Florian Westphal <fw@strlen.de> |
libxt_NFQUEUE: fix bypass option documentation Steve Caligo points out that the documentation says 'packet will move on to the next rule'. This is incorrect; packet moves to the next table. nf bugzilla #778. Signed-off-by: Florian Westphal <fw@strlen.de>
ibxt_NFQUEUE.man
|
d09cc98b481efc6ea121ce7acd739a87a381c6ed |
06-Apr-2013 |
Mart Frauenlob <mart.frauenlob@chello.at> |
libxt_recent: Fix missing space in manpage for --mask option Signed-off-by: Mart Frauenlob <mart.frauenlob@chello.at> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
ibxt_recent.man
|
e0a0dd703b3448f0f07fc59b7232bf1f1cce7b86 |
23-Jan-2013 |
Willem de Bruijn <willemb@google.com> |
extensions: add libxt_bpf extension Add user-space code to support the new BPF iptables extension. Pablo has mangled the original patch to: * include a copy of include/linux/netfilter/xt_bpf.h in the tree. * I have also remove the --bytecode-file option. The original proposal was to accept BPF code in a file in human readable format. Now, with the nfbpf_compile utility, it's very easy to generate the filter using tcpdump-like syntax. * I have remove the trailing comma in the backtick format, the parser works just fine for me here. * Fix error message if --bytecode is missing. Signed-off-by: Willem de Bruijn <willemb@google.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
ibxt_bpf.c
ibxt_bpf.man
|
71eddedcbf7aebe0cd05421d13b049dd710eaf7f |
21-Mar-2013 |
Pablo Neira Ayuso <pablo@netfilter.org> |
libip6t_DNPT: add manpage Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
ibip6t_DNPT.man
|
0a4c357cb91e16a001b1b06ff509d7fb75f5f2e0 |
21-Mar-2013 |
Pablo Neira Ayuso <pablo@netfilter.org> |
libip6t_SNPT: add manpage Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
ibip6t_SNPT.man
|
5c522b4523f2edb8e581131ba4cb414a5ee7ece4 |
24-Mar-2013 |
Pablo Neira Ayuso <pablo@netfilter.org> |
libxt_osf: fix bad location for location in --genre closes http://bugzilla.netfilter.org/show_bug.cgi?id=805 Reported-by: Bourne Without <blackhole@airpost.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
ibxt_osf.c
|
71e2bf5cf25a821d62f7d75eb8efa4c61a214c6b |
24-Mar-2013 |
Pablo Neira Ayuso <pablo@netfilter.org> |
libxt_osf: fix missing --ttl and --log in save output closes http://bugzilla.netfilter.org/show_bug.cgi?id=805 Reported-by: Bourne Without <blackhole@airpost.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
ibxt_osf.c
|
37b19d08f3cbc83a653386d76261490e173a874b |
16-Mar-2013 |
Pablo Neira Ayuso <pablo@netfilter.org> |
Revert "build: resolve link failure for ip6t_NETMAP" This reverts commit 68e77a26111ee6b8f10c735a76891a7de6d57ee6. The use of libtool was introduced to resolve linking problems in NETMAP (IPv6 version), but that resulted in RPATH problems reported from distributors and warnings spotted by libtool at linking stage. Since (0ca548b libip6t_NETMAP: Use xtables_ip6mask_to_cidr and get rid of libip6tc dependency) fixed the NETMAP issue, let's roll back to our previous stage. A small conflicts in extensions/GNUmakefile.in has been resolved in this revert. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
NUmakefile.in
|
cccfff9309743f173c504dd265fae173caa5b47f |
16-Mar-2013 |
Pablo Neira Ayuso <pablo@netfilter.org> |
libip6t_NETMAP: Use xtables_ip6mask_to_cidr and get rid of libip6tc dependency This patch changes the NETMAP target extension (IPv6 side) to use the xtables_ip6mask_to_cidr available in libxtables. As a side effect, we get rid of the libip6tc dependency. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
NUmakefile.in
ibip6t_NETMAP.c
|
d4961b909a75ed0745abb43cdc940e8d947ccf4a |
17-Feb-2013 |
Florian Westphal <fw@strlen.de> |
doc: rpfilter: invert option should have own paragraph Signed-off-by: Florian Westphal <fw@strlen.de>
ibxt_rpfilter.man
|
817ac5a5e54d083983b7c834194b46c4366d71d2 |
31-Jan-2013 |
Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> |
Merge branch 'master' of vishnu.netfilter.org:/data/git/iptables
|
e612a9d285477e9951349dd137305393a1255b19 |
28-Jan-2013 |
Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> |
Add the "state" alias to the "conntrack" match
ibxt_conntrack.c
ibxt_state.man
|
1c317dafa986699127d08951037869f9669e3b25 |
28-Jan-2013 |
Pablo Neira Ayuso <pablo@netfilter.org> |
Merge branch 'stable' into 'master'
|
2fda8fcef0f3c321fb03953b8ecc424a2bad4476 |
24-Jan-2013 |
Jan Engelhardt <jengelh@inai.de> |
extensions: S/DNPT: add missing save function Jean-Michel DILLY reports that `ip6tables -S` exits with Target `DNPT' is missing save function when a DNPT rule is invoked. Fix this omission. References: http://marc.info/?l=netfilter&m=135904831220440&w=2 Signed-off-by: Jan Engelhardt <jengelh@inai.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
ibip6t_DNPT.c
ibip6t_SNPT.c
|
85346f6e406207f85550f1b7b4f61b22a8e38fbb |
25-Dec-2012 |
Jan Engelhardt <jengelh@inai.de> |
doc: name the supported log levels for ipt_LOG Leonardo Ferreira da Silva Boiko lets it be known that syslogd.conf may not exist on certain systems. Referencing that manpage is not a good idea in any case, I believe, since the strings that are accepted are defined by iptables and not a syslog implementation. References: http://bugs.debian.org/567564 Signed-off-by: Jan Engelhardt <jengelh@inai.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
ibip6t_LOG.man
ibipt_LOG.man
|
ff338552d318b49e07662fd7648fdb11e3c42bc9 |
03-Jan-2013 |
Ulrich Weber <ulrich.weber@sophos.com> |
extensions: libip6t_DNAT: set IPv6 DNAT --to-destination as in IPv4 and fixes DNAT_save Signed-off-by: Ulrich Weber <ulrich.weber@sophos.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
ibip6t_DNAT.c
|
92f05a2f38e6c6bc6c69880358c41ac17bd31298 |
03-Jan-2013 |
Ulrich Weber <ulrich.weber@sophos.com> |
extension: libip6t_DNAT: allow port DNAT without address correct parsing of IPv6 port NAT without address NAT, assume one colon as port information. Allows: * address only: -j DNAT --to affe::1 -j DNAT --to [affe::1] * port only -j DNAT --to :80 -j DNAT --to :80-110 -j DNAT --to []:80 -j DNAT --to []:80-110 * address and port -j DNAT --to [affe::1]:80 -j DNAT --to [affe::1]:80-110 Signed-off-by: Ulrich Weber <ulrich.weber@sophos.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
ibip6t_DNAT.c
ibip6t_SNAT.c
|
7b04e3ef3a6ffccb23de83ef3b2d8f5aeaaa09e5 |
02-Jan-2013 |
Ulrich Weber <ulrich.weber@sophos.com> |
extensions: libip6t_DNPT: fix wording in DNPT target replaces SNPT by DNPT. This fixes broken help message that points to SNPT. Signed-off-by: Ulrich Weber <ulrich.weber@sophos.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
ibip6t_DNPT.c
|
68e77a26111ee6b8f10c735a76891a7de6d57ee6 |
01-Jan-2013 |
Jan Engelhardt <jengelh@inai.de> |
build: resolve link failure for ip6t_NETMAP Link stage of libip6t_NETMAP failed since recently. CCLD libip6t_NETMAP.so /usr/lib64/gcc/x86_64-suse-linux/4.7/../../../../x86_64-suse-linux/bin/ld: cannot find -lip6tc libip6t_NETMAP.c uses the "ipv6_prefix_length" function from libip6tc.so; "-lip6tc" is used in the Makefile, but, the directory to it is not specified. Why does the link succeed for some people? Because /usr/lib(64)/libip6tc.so satisfies -lip6tc, but not all environments, especially those without iptables development files, have that file, hence this link error can happen. By suggestion of Mike Frysinger, this patch uses libtool to produce and link the plugins. Signed-off-by: Jan Engelhardt <jengelh@inai.de> Acked-by: Mike Frysinger <vapier@gentoo.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
NUmakefile.in
|
3518a04cff1fb48ca0bf5d2d58b4cd6325f3917c |
01-Aug-2012 |
Kevin Schoedel <kevin.p.schoedel@intel.com> |
Include strings.h for the defintion of ffs() ffs() is defined in strings.h. gcc had no problem with this as it automatically used it's own builtin for ffs(). Change-Id: I7062f6143d680b2ae73f69b6b4b1e0be94a3e28b Author: Edwin Vane <edwin.vane@intel.com> Reviewed-by: Kevin Schoedel <kevin.p.schoedel@intel.com>
ibipt_ULOG.c
|
a46a5698027aa48e27e3cc2d54bb8bbafb10e7da |
19-Nov-2012 |
Tom Eastep <teastep@shorewall.net> |
extensions: libxt_statistic: Fix save output Suppressing '--packet 0' in save output resulted in restore failure. This patch includes '--packet 0' in save output while continuing to suppress it in print output. Signed-off-by: Tom Eastep <teastep@shorewall.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
ibxt_statistic.c
|
9d284c1c67188dfa8a4c7a6e36eb9a10bd9c15e2 |
25-Oct-2012 |
Pablo Neira Ayuso <pablo@netfilter.org> |
Merge branch 'next' branch that contains new features scheduled for Linux kernel 3.7
|
9921f2b9a241750e4730fc7d486687c6a32779f4 |
10-Oct-2012 |
Jan Engelhardt <jengelh@inai.de> |
build: resolve compile abort in libxt_limit on RHEL5 libxt_limit.c: In function 'print_rate': libxt_limit.c:124: error: 'INFINITY' undeclared (first use in this function) The default mode of glibc-2.15's <features.h> sets "-D_POSIX_C_SOURCE=200809L", and therefore "-D_ISOC99_SOURCE". However, on þe olde RHEL 5's glibc-2.5, it only has "-D_POSIX_C_SOURCE=200112L". Explicitly draw in the definition of INFINITY by always defining _ISOC99_SOURCE. By doing this, we are moving off of the default set, so _BSD_SOURCE also needs to be explicitly set to get at IFNAMSIZ that is used in xt_hashlimit.h. Signed-off-by: Jan Engelhardt <jengelh@inai.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
ibxt_hashlimit.c
ibxt_limit.c
|
269655d54e22f3a36250bb2c4639dddd102258c6 |
08-Oct-2012 |
Jan Engelhardt <jengelh@inai.de> |
build: remove symlink-only extensions from static object list $ ./configure --enable-static --disable-shared --enable-ipv4 --enable-ipv6 && make [...] make[3]: *** No rule to make target "libxt_NOTRACK.o", needed by "libext.a". Stop. Signed-off-by: Jan Engelhardt <jengelh@inai.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
NUmakefile.in
|
4c1a015e201c6e5192448cbcf1975dd7630cad82 |
30-Sep-2012 |
Jan Engelhardt <jengelh@inai.de> |
Merge branch 'master' of git://git.inai.de/iptables Conflicts: extensions/GNUmakefile.in Resolution: trivial, since this was a fuzz 3. Reason: Line added from v1.4.15-16-g33710a5 was in vincinity of changes from v1.4.15-22-g4496801.
|
8d8896a3833292d091ee5a028f3461083bb956bd |
17-Sep-2012 |
Florian Westphal <fw@strlen.de> |
libxt_time: add support to ignore day transition Currently, if you want to do something like: "match Monday, starting 23:00, for two hours" You need two rules, one for Mon 23:00 to 0:00 and one for Tue 0:00-1:00. The rule --weekdays Mo --timestart 23:00 --timestop 01:00 looks correct, but it will first match on monday from midnight to 1 a.m. and then again for another hour from 23:00 onwards. This permits userspace to explicitly ignore the day transition and match for a single, continuous time period instead. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
ibxt_time.c
ibxt_time.man
|
d97d546ba4540a28b14fcbf75176df345caee954 |
28-Sep-2012 |
Jan Engelhardt <jengelh@inai.de> |
doc: have NOTRACK manpage point to CT instead The module is obsolete, so point to CT --notrack instead. Signed-off-by: Jan Engelhardt <jengelh@inai.de>
ibxt_NOTRACK.man
ibxt_conntrack.man
|
faeaf11536f605ebb733d4d5f5ec2ca074d3f247 |
28-Sep-2012 |
Jan Engelhardt <jengelh@inai.de> |
doc: trim "state" manpage and reference conntrack instead The module is practically obsolete, so just pinpoint to the replacement in short order. Signed-off-by: Jan Engelhardt <jengelh@inai.de>
ibxt_HMARK.man
ibxt_state.man
|
4496801821c01e3934996b40e0012ddcb969a8df |
28-Sep-2012 |
Jan Engelhardt <jengelh@inai.de> |
doc: deduplicate extension descriptions into a new manpage iptables.8 and ip6tables.8 had pretty much the same content, with a few protocol-specific deviations here and there. Not only did that bloat the manpages, but it also made it harder to spot differences. Separate out the extension descriptions into a new manpage, which conveniently features differences next to one another (cf. REJECT). Signed-off-by: Jan Engelhardt <jengelh@inai.de>
gitignore
NUmakefile.in
|
9517bbf5b805df874dcc452dfeb2cc36a7bf1500 |
28-Sep-2012 |
Jan Engelhardt <jengelh@inai.de> |
doc: clean up interpunction in state list for xt_conntrack Signed-off-by: Jan Engelhardt <jengelh@inai.de>
ibxt_conntrack.man
|
ec40b897289745da3d67de2cb14be30353003922 |
30-Sep-2012 |
Jan Engelhardt <jengelh@inai.de> |
Merge branch 'master' of git://git.inai.de/iptables
|
0d701631625898ac33fb53c67ed2b529668fe0d7 |
28-Sep-2012 |
Jan Engelhardt <jengelh@inai.de> |
libxt_state: replace as an alias to xt_conntrack Signed-off-by: Jan Engelhardt <jengelh@inai.de>
NUmakefile.in
ibxt_conntrack.c
ibxt_state.c
|
50f19190a60ff7d69e88406a71a2f27e09008566 |
04-Sep-2012 |
Jan Engelhardt <jengelh@inai.de> |
libxt_NOTRACK: replace as an alias to CT --notrack Note that we do not need any print/save functions for the alias entries, since the real CT entry will handle this. Signed-off-by: Jan Engelhardt <jengelh@inai.de>
NUmakefile.in
ibxt_CT.c
ibxt_NOTRACK.c
|
d637ead63658d741501974c381889b3857073308 |
21-Sep-2012 |
Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> |
New set match revision with --return-nomatch flag support
ibxt_set.c
ibxt_set.man
|
33710a5773df0e9fabdec7a2ebdd3c4e206a6a09 |
10-Sep-2012 |
Jan Engelhardt <jengelh@inai.de> |
build: have `make clean` remove dep files too While changing branches, one can hit errors like: make[2]: *** CC libipt_CLUSTERIP.oo No hay ninguna regla para construir el objetivo `../include/net/netfilter/nf_nat.h', necesario para `libipt_DNAT.oo'. Alto. Pablo thinks dep files should be removed on `make clean`, and I concur. (JFI, Note that native automake would not clear its ".deps" directory.) Keep the "distclean: clean" line to keep invocations by automake from the parent directory working. Reported-by: Pablo Neira Ayuso <pablo@netfilter.org>
NUmakefile.in
|
1871796877956ee68a39092c6fc3678e5a9d1d88 |
22-Aug-2012 |
Patrick McHardy <kaber@trash.net> |
extensions: add NPT extension Add extensions for the SNPT and DNPT stateless IPv6-to-IPv6 Network Prefix Translation targets. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
ibip6t_DNPT.c
ibip6t_SNPT.c
|
5f896fd9432d2c16d17550b943f4b9a782bffe04 |
22-Aug-2012 |
Patrick McHardy <kaber@trash.net> |
extensions: add IPv6 NETMAP extension Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
NUmakefile.in
ibip6t_NETMAP.c
|
5eca41982d29bc25b241692d03b09b953e7a908a |
22-Aug-2012 |
Patrick McHardy <kaber@trash.net> |
extensions: add IPv6 REDIRECT extension Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
ibip6t_REDIRECT.c
|
9caf63581907860a1a0acee970b9f50d41b6a8ba |
22-Aug-2012 |
Patrick McHardy <kaber@trash.net> |
extensions: add IPv6 DNAT target Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
ibip6t_DNAT.c
|
3672111649732be657cb7566178b7d2618ba6ec5 |
22-Aug-2012 |
Patrick McHardy <kaber@trash.net> |
extensions: add IPv6 SNAT extension Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
ibip6t_SNAT.c
|
0e37f00980eb6b4fc2c5f979cc5fa83c0fff9d30 |
22-Aug-2012 |
Patrick McHardy <kaber@trash.net> |
extensions: add IPv6 MASQUERADE extension Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
ibip6t_MASQUERADE.c
ibip6t_MASQUERADE.man
|
e62f426c7ead7c0025d15860df97426db6509942 |
22-Aug-2012 |
Patrick McHardy <kaber@trash.net> |
Convert the NAT targets to use the kernel supplied nf_nat.h header Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
ibipt_DNAT.c
ibipt_MASQUERADE.c
ibipt_NETMAP.c
ibipt_REDIRECT.c
ibipt_SAME.c
ibipt_SNAT.c
|
807e1f0e6ede73792337b595a99af21b01f8826e |
07-Sep-2012 |
Pablo Neira Ayuso <pablo@netfilter.org> |
extensions: libxt_addrtype: fix type in help message --limit-iface-out Match only on the packet's incoming device Note that it says "incoming" when it should say "outcoming" Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
ibxt_addrtype.c
|
3abf5cc5ac0c32eba2436567d25e175d7e0f42bc |
20-Aug-2012 |
Andreas Schwab <schwab@linux-m68k.org> |
libxt_tcp: print space before, not after "flags:" tcp dpt:10flags: 0x17/0x02 ^^ Signed-off-by: Andreas Schwab <schwab@linux-m68k.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
ibxt_tcp.c
|
8a988f6707719340114bfa3d85ea3e1c80fe6f5f |
07-Aug-2012 |
Michal Kubeček <mkubecek@suse.cz> |
libip6t_frag: match any frag id by default If no --fragid option is given, the frag extension only matches fragments with a zero-valued "Identification" field. This behavior deviates from what other extensions do (they match all values in this case) and is unexpected, and therefore changed by this patch. Additionally, --fragid 0:4294967295 leads to no output on `iptables -S` because part of the code thinks that this would be the default, when it is not. So, default to match all frag values, such that iptables -S not outputting anything also becomes correct. Signed-off-by: Michal Kubecek <mkubecek@suse.cz> Signed-off-by: Jan Engelhardt <jengelh@inai.de>
ibip6t_frag.c
|
9d69da4bdb1d546218d168b72f12ac8aa042e3d8 |
28-Jul-2012 |
Jan Engelhardt <jengelh@inai.de> |
libxt_*limit: avoid division by zero It was possible to specify -A mychain -m hashlimit --hashlimit 600059/minute; this would convert to r->avg=0, which subsequently causes a division by zero when printing with -S mychain. 1. Avoid division by zero in print_rate by printing infinity instead. 2. Rewrite the test in parse_rate to properly reject too high rates. Signed-off-by: Jan Engelhardt <jengelh@inai.de>
ibxt_hashlimit.c
ibxt_limit.c
|
a19988f2795770ce470562c1795e1cf53e3aa54b |
15-Jul-2012 |
Jan Engelhardt <jengelh@inai.de> |
libxt_LED: guard against negative numbers Signed-off-by: Jan Engelhardt <jengelh@inai.de>
ibxt_LED.c
|
d18b451ec82bbaeaf385241ebdf926912a075ade |
14-Jul-2012 |
Jan Engelhardt <jengelh@inai.de> |
libxt_devgroup: guard against negative numbers More corrections of the strtoul kind. Signed-off-by: Jan Engelhardt <jengelh@inai.de>
ibxt_devgroup.c
|
c0b7138f39882e2bf8f3d85d15e0ffbd868ed7ba |
14-Jul-2012 |
Jan Engelhardt <jengelh@inai.de> |
libxt_devgroup: consolidate devgroup specification parsing This is a small cleanup, reducing the two copies of X/Y parsing to one. Signed-off-by: Jan Engelhardt <jengelh@inai.de>
ibxt_devgroup.c
|
dc23c2d7afd2103cbc589372769c2f6723ea5235 |
13-Jul-2012 |
Jan Engelhardt <jengelh@inai.de> |
libxt_u32: do bounds checking for @'s operands Using only strtoul is prone to accept all values, including negative ones which are not explicitly allowed. Therefore, use xtables_strtoui with bounds checking. Signed-off-by: Jan Engelhardt <jengelh@inai.de>
ibxt_u32.c
|
a3c1c206a665d81afa2363507a5e162c20694311 |
13-Jul-2012 |
Jan Engelhardt <jengelh@inai.de> |
doc: grammatical updates to libxt_SET Cherry-picked these from recent patches from Mr Dash Four. Signed-off-by: Jan Engelhardt <jengelh@inai.de>
ibxt_SET.man
|
74ded7257e5da5e309844d386290f24ae91950a6 |
17-May-2012 |
Denys Fedoryshchenko <denys@visp.net.lb> |
libxt_recent: add --mask netmask This new option will be available in the Linux kernel 3.5 [ Pablo fixed coding-style issues and cleaned up this. Added manpages as well ] Signed-off-by: Denys Fedoryshchenko <denys@visp.net.lb> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
ibxt_recent.c
ibxt_recent.man
|
f4a6c20c39c97214e22625764bfa80ef8e1e3147 |
17-Jul-2012 |
Hans Schillstrom <hans@schillstrom.com> |
libxt_HMARK: correct a number of errors introduced by Pablo's rework * Fix typo in --hmark-rnd description. * Remove trailing -set from port and spi options. * Take missing value for ports and spi from command line. * Fix spi / port validation. * Remove --hmark-offset as mandatory. Signed-off-by: Hans Schillstrom <hans@schillstrom.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
ibxt_HMARK.c
|
7fb49101acfbec265e96c1d5e475c7051beece19 |
16-Jul-2012 |
Pablo Neira Ayuso <pablo@netfilter.org> |
libxt_HMARK: fix ct case example ... -j HMARK --hmark-tuple ct,src,dst --hmark-offset 10000 ... Note `ct' requires also the tuples. Reported-by: Hans Schillstrom <hans@schillstrom.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
ibxt_HMARK.man
|
3ee90dffea02c9be38dca6544ad5f22d4467e334 |
16-Jul-2012 |
Hans Schillstrom <hans@schillstrom.com> |
libxt_HMARK: fix output of iptables -L Fix accidental swap of [s|d]port-mask and [s|d]port-port. Use xtables_ipmask_to_cidr instead of xtables_ipmask_to_numeric. Signed-off-by: Hans Schillstrom <hans@schillstrom.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
ibxt_HMARK.c
|
abdef13f36b63758f8775eb86febd96bf062df6f |
08-May-2012 |
Florian Westphal <fw@strlen.de> |
libxt_hashlimit: add support for byte-based operation allows --hashlimit-(upto|above) Xb/s [ --hashlimit-burst Yb ] to make hashlimit match when X bytes/second are exceeded; optionally, Y bytes will not be matched (i.e. bursted). [ Pablo fixed minor compilation warning in this patch with gcc-4.6 and x86_64 ] libxt_hashlimit.c: In function ‘parse_bytes’: libxt_hashlimit.c:216:6: warning: format ‘%llu’ expects argument of type ‘long long unsigned int’, but argument 3 has type ‘uint64_t’ [-Wformat] Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
ibxt_hashlimit.c
ibxt_hashlimit.man
|
874d7ee3c36ba54220fd204e6aa7cbc731a66395 |
04-Jul-2012 |
Eldad Zack <eldad@fogrefinery.com> |
libxt_recent: remove unused variable The info variable is assigned but never read in recent_check(). Signed-off-by: Eldad Zack <eldad@fogrefinery.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
ibxt_recent.c
|
4df8cb6ab176f3c1f2bf9498d0abde8d9362087b |
23-Apr-2012 |
Hans Schillstrom <hans.schillstrom@ericsson.com> |
extensions: add HMARK target The target allows you to set mark packets based Jenkins' hash calculation: h(t, rnd) = x mark = (x % mod) + offset where: * t is a tuple that is used for the hashing: t = [ src, dst, proto, sport, dport ] Note that you can customize the tuple, thus, removing some component that you don't want to use for the calculation. You can also use spi instead of sport and dport, btw. * rnd is the random seed that is explicitly passed via --hmark-rnd * mod is the modulus, to determine the range of possible marks * offset determines where the mark starts from This target only works for the "raw" and "mangle" tables. This can be used to distribute flows between a cluster of systems and uplinks. Initially based on work from Hans Schillingstrom. Pablo took it over and introduced several improvements. Signed-off-by: Hans Schillstrom <hans.schillstrom@ericsson.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
ibxt_HMARK.c
ibxt_HMARK.man
|
7e2b63603fef2253b463ad33395520297cfe8378 |
02-Jul-2012 |
Florian Westphal <fw@strlen.de> |
libxt_devgroup: add man page snippet Signed-off-by: Florian Westphal <fw@strlen.de>
ibxt_devgroup.man
|
a05910364fa0f2f919dbe0b01bcaba9c3cb127ca |
17-May-2012 |
Florian Westphal <fw@strlen.de> |
extensions: libxt_rateest: output all options in save hook ipt-restore fails to parse the ipt-save output: zmatches -m rateest --rateest RE1 --rateest-pps --rateest-lt 5 (should be "--rateest-pps 5 --rateest-lt"). Also, the "delta" option was never shown in -save output, but twice in some cases when using "iptables -L". Also, the "b/pps1" option must be shown when "delta" option is used with relative mode. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
ibxt_rateest.c
|
6111382a6c27e73c1cef1777c1253be0453a9dbb |
09-May-2012 |
Pablo Neira Ayuso <pablo@netfilter.org> |
libipt_ULOG: fix --ulog-cprange In 1f2474a libipt_ULOG: use guided option parser. A bug has been accidentally introduced in --ulog-cprange, limiting possible values from 1 to 50. However, that limit should be applied to --ulog-qthreshold. Reported-by: Gaurav Sinha <vgsinha@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
ibipt_ULOG.c
|
e07e0d31f48d951e0f03ba254d4754810732c241 |
30-Mar-2012 |
Ashish Sharma <ashishsharma@google.com> |
Modify iptables to talk to xt_IDLETIMER version 1. Change-Id: Ib144c5289681cdff21b21be74173164d097710e7
ibxt_IDLETIMER.c
ibxt_IDLETIMER.man
|
e8f32983048d6aa4a908b6a92da55fa71c859623 |
29-Feb-2012 |
Pablo Neira Ayuso <pablo@netfilter.org> |
libxt_CT: add --timeout option This patch adds the --timeout option to allow to attach timeout policy objects to flows, eg. iptables -I PREROUTING -t raw -s 1.1.1.1 -p tcp \ -j CT --timeout custom-tcp-policy You need the nfct(8) tool which is available at: http://git.netfilter.org/cgi-bin/gitweb.cgi?p=nfct.git To define the cttimeout policies. Example of usage: nfct timeout add custom-tcp-policy inet tcp established 1000 The new nfct tool also requires libnetfilter_cttimeout: http://git.netfilter.org/cgi-bin/gitweb.cgi?p=libnetfilter_cttimeout.git Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
ibxt_CT.c
ibxt_CT.man
|
f233df44196f568075a5d70fc29f31b72b512783 |
27-Mar-2012 |
Pablo Neira Ayuso <pablo@netfilter.org> |
extensions: add nfacct match This patch provides the user-space iptables support for the nfacct match. This can be used as it follows: nfacct add http-traffic iptables -I INPUT -p tcp --sport 80 -m nfacct --nfacct-name http-traffic iptables -I OUTPUT -p tcp --dport 80 -m nfacct --nfacct-name http-traffic nfacct get http-traffic See also man nfacct(8) for more information. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
ibxt_nfacct.c
ibxt_nfacct.man
|
c0aa38e22e8a09fcb1898ad0e042eaf6314d2d42 |
21-Mar-2012 |
Maciej Żenczykowski <maze@google.com> |
src: mark newly opened fds as FD_CLOEXEC (close on exec) By default, Unix-like systems leak file descriptors after fork/exec call. I think this seem to result in SELinux spotting a strange AVC log messages according to what I can find on the web. Fedora 18 iptables source includes this change. Maciej says: "iptables does potentially fork/exec modprobe to load modules. That can cause a selinux 'domain'/'role'/whatever-it-is-called crossing. You can do automated inspection of what gets carried across such privilege changes and any unexpected open file descriptors flag problems, patches like this cut down on the noise." Signed-off-by: Maciej enczykowski <maze@google.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
ibxt_set.h
|
98e1769b65b71989e3f16b25529b40f374aef323 |
28-Dec-2011 |
Patrick McHardy <kaber@trash.net> |
extensions: add IPv6 capable ECN match extension Patrick submitted this patch by 9th Jun 2011, I'm recovering and applying it to iptables. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
ibipt_ecn.c
ibipt_ecn.man
ibxt_ecn.c
ibxt_ecn.man
|
166b92d3fb2a7fc008df1b59332ef528a9a573ea |
14-Jul-2011 |
Florian Westphal <fw@strlen.de> |
extensions: add rpfilter module Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
ibxt_rpfilter.c
ibxt_rpfilter.man
|
79cefabaac7a0ecf864db7da2a665845c0789f10 |
30-Dec-2011 |
Jan Engelhardt <jengelh@medozas.de> |
extensions: link on libxtables and check symbols Have each extension link against libxtables.so; with this, all home symbols are known at link time and we can use ld's --no-undefined to run the check, dropping the homebrew solution. By having libxtables.so required by extensions, package managers' automatic dependency discovery will become effective so that manual dependencies for distros with split extension packages (e.g. OpenWRT) will not be necessary anymore. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
NUmakefile.in
|
32d8532a37004e11e5994d93df5e249c43197930 |
18-Dec-2011 |
Jan Engelhardt <jengelh@medozas.de> |
build: use delayed expansion on the user-settable variables Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
NUmakefile.in
|
f63d056f0c1ac122973a0859445c9cb5747e7213 |
18-Dec-2011 |
Jan Engelhardt <jengelh@medozas.de> |
Update .gitignore Split off extensions/.gitignore.
gitignore
|
4c15dcc6ec505d26649be8a8a9c8eb19134bfd5a |
23-Dec-2011 |
Pablo Neira Ayuso <pablo@netfilter.org> |
Merge branch 'stable'
|
08628f20f492a1f9178f6df2a276f9a108ac0022 |
16-Dec-2011 |
Florian Westphal <fw@strlen.de> |
libxt_connbytes: fix handling of --connbytes FROM quoting man page: match packets from a connection whose packets/bytes/average packet size is more than FROM and less than TO bytes/packets. if TO is omitted only FROM check is done. But, when TO was omitted, we did treat it like "x:x" which is not the same at all. Before commit 09631dc60ce41bc484a42fcf4d4ddf7036820bd1 (libxt_connbytes: use guided option parser), we failed to parse "--connbytes x" ('Bad range "x"'), but treated "x:" like "x:0xffffffff". Also, restore the "from must be smaller than to" check. Signed-off-by: Florian Westphal <fw@strlen.de>
ibxt_connbytes.c
|
32a4b7dcaf252348732362cd6d853bf0005b2bdd |
18-Dec-2011 |
Jan Engelhardt <jengelh@medozas.de> |
Merge branch 'stable'
|
79ddbf202a06e6f018e087a328c2ca91e65a8463 |
30-Nov-2011 |
Tim Gardner <tim.gardner@canonical.com> |
libxt_recent: Add support for --reap option Support for the reap option was merged in the kernel as of 2.6.35. Cc: Pablo Neira Ayuso <pablo@netfilter.org> Cc: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
ibxt_recent.c
ibxt_recent.man
|
3964023f8640b60456373825b326b91badd7a058 |
25-Nov-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libipt_SAME: set PROTO_RANDOM on all ranges Resolve the (justified) WTF remark to a clearer version of when/why PROTO_RANDOM needs to be set. Especially when --random is used before --to in SAME, it would have not been appleid.
ibipt_DNAT.c
ibipt_SAME.c
ibipt_SNAT.c
|
ba525eb3d3a77a5465e4e8a24970d8f15ba59ee3 |
01-Nov-2011 |
Pablo Neira Ayuso <pablo@netfilter.org> |
Merge branch 'stable'
|
3c461ceeed5f55599930051f6feaec014b08f730 |
31-Oct-2011 |
Florian Westphal <fw@strlen.de> |
libxt_NFQUEUE: fix --queue-bypass ipt-save output else, this will print "--queue-num 0--queue-bypass ". Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
ibxt_NFQUEUE.c
|
8fe22aa0a242314349f6cd7219b56a60a9d75276 |
05-Sep-2011 |
Thomas Jarosch <thomas.jarosch@intra2net.com> |
Improve readability of bitwise operation CLUSTERIP: improve readability of bitwise operation Signed-off-by: Thomas Jarosch <thomas.jarosch@intra2net.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
ibipt_CLUSTERIP.c
|
134280881a3c99f313da669117de71bc236f1f77 |
19-Sep-2011 |
Jan Engelhardt <jengelh@medozas.de> |
Merge branch 'stable'
|
d2b0eaa297dfa87f54b3fbcaa292f14d793e3f3c |
18-Sep-2011 |
Jan Engelhardt <jengelh@medozas.de> |
build: make check stage not fail when building statically Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
NUmakefile.in
|
8816e91cddef785c78b3598c7c41a1f88be08f5a |
18-Sep-2011 |
Jan Engelhardt <jengelh@medozas.de> |
build: restore build order of modules iptables(exe) requires libext.a, but extensions/ require libxtables.la (in iptables/). This circular dependency does not work out, so separate libxtables into its own directory and put it in front. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
NUmakefile.in
|
14da56743c6cdf25da35b7b5ca7a5d201771990d |
27-Aug-2011 |
Jan Engelhardt <jengelh@medozas.de> |
src: resolve old macro names that are indirections Command used: git grep -f <(pcregrep -hior '(?<=#define\s)IP6?(T_\w+)(?=\s+X\1)' include/) and then fix all occurrences. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibipt_realm.c
|
34d23bd14002aeeae0374d2561ad329e5cdc96e2 |
11-Sep-2011 |
Jan Engelhardt <jengelh@medozas.de> |
Merge branch 'stable'
|
5e5ea1ccf61d96879531929874109c17c1894908 |
08-Sep-2011 |
Jan Engelhardt <jengelh@medozas.de> |
build: sort file list before build Manpage subsections are already sorted for obvious reasons. Since $(wildcard) can actually return results unordered (just what the OS can do) do the sorting with the .o file list too, for developer comfort. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
NUmakefile.in
|
62fc25fd1625f0f65b9eed3e15fe929dd0aff2c5 |
08-Sep-2011 |
Jan Engelhardt <jengelh@medozas.de> |
Merge branch 'master' of git://dev.medozas.de/iptables
|
153c23d9b14285b24aae3e96da0b547dcc7ee051 |
03-Sep-2011 |
Tom Eastep <teastep@shorewall.net> |
libxt_CONNSECMARK: fix spacing in output ~# iptables -t mangle -A foo -j CONNSECMARK --save ~# iptables -t mangle -S [...] -A foo -j CONNSECMARK--save Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_CONNSECMARK.c
|
751da923262746bf8fd3195e178504fb18c37dc5 |
03-Sep-2011 |
Jan Engelhardt <jengelh@medozas.de> |
build: scan for unreferenced symbols To be notified of occurrences where we are missing any libraries, run some ldd checks post building. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
NUmakefile.in
|
9249ad37b2342eb48009e18f3982362e1018ea5a |
03-Sep-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_RATEEST: link with -lm $ ldd -r libxt_RATEEST.so undefined symbol: log (./libxt_RATEEST.so) Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
NUmakefile.in
|
d4e72dc1c684c2f8361d87e6bde2902cd2ee8efb |
03-Sep-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_statistic: link with -lm $ ldd -r libxt_statistic.so undefined symbol: lround (./libxt_statistic.so) References: https://bugs.archlinux.org/task/25358 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
NUmakefile.in
|
3775fb69f63b76191bc3571bfa8538c18173d90f |
28-Aug-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_addrtype: add support for revision 1 Rev 1 was added to the kernel in commit v2.6.39-rc1~468^2~10^2~1 but there was no corresponding iptables patch so far. Cc: Florian Westphal <fw@strlen.de> Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_addrtype.c
|
a49002efbdc5813ee193aa8fde3da3e35ff0d38f |
28-Aug-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_addrtype: rename from libipt_addrtype Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibipt_addrtype.c
ibipt_addrtype.man
ibxt_addrtype.c
ibxt_addrtype.man
|
3412bd0bfb8b8bac9834cbfd3392b3d5487133bf |
19-Aug-2011 |
Tom Eastep <teastep@shorewall.net> |
libxt_conntrack: improve error message on parsing violation Tom Eastep noted: $ iptables -A foo -m conntrack --ctorigdstport 22 iptables v1.4.12: conntrack rev 2 does not support port ranges Try `iptables -h' or 'iptables --help' for more information. Commit v1.4.12-41-g1ad6407 takes care of the actual cause of the bug, but let's include Tom's patch nevertheless for the better error message in case one actually does specify a range with rev 2. References: http://marc.info/?l=netfilter-devel&m=131370592105298&w=2 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_conntrack.c
|
debcf48f6a72914a9c06e99b175ad64ef1f6f1cb |
02-Aug-2011 |
Fernando Luis Vázquez Cao <fernando@oss.ntt.co.jp> |
libxt_TOS: update linux kernel version list for backported fix Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_TOS.man
|
d51a97bc52ee81a962b761c7e58a5eb9f07a2c8a |
26-Aug-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_string: escape the escaping char too References: http://bugzilla.netfilter.org/show_bug.cgi?id=740 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_string.c
|
f4daf54e5c184680559de33eb08f2a0fb701dbe9 |
25-Aug-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_string: replace hex codes by char equivalents Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_string.c
|
131d4fb53b45be85b1315f72f958cadf7b24a63f |
21-Aug-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_string: simplify hex output routine Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_string.c
|
4a56bcbd49ef20a0203017c15ab1cec9bb140d1a |
21-Aug-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_hashlimit: observe new default gc-expire time when saving Since a while, --htable-gc-expire defaults to the chosen time quantum instead of 10 fixed seconds, which leads the expiry value to be always printed, which is redundant. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_hashlimit.c
|
03deef5241330db418652c42af4d517527743f22 |
21-Aug-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_policy: remove superfluous inversion --dir cannot be inverted. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_policy.c
|
c2a47ead16fc488fbf7fd8aa12d306cedf4da441 |
21-Aug-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_physdev: restore inversion support Bug origin is in commit v1.4.11~26^2~4. References: Dave Täht via netfilter-devel on 2011-08-20 14:40:11 -0700 References: <CAA93jw6mpDL6rLXM+9SpAhafkDdKoSfhAxU8UM87vUqjuzjYJw@mail.gmail.com> Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_physdev.c
|
c4e1c0992937bce3ac72987aa43f4f3c219cf3e3 |
21-Aug-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_owner: restore inversion support Bug origin is in commit v1.4.11~16^2~7. References: Dave Täht via netfilter-devel on 2011-08-20 14:40:11 -0700 References: <CAA93jw6mpDL6rLXM+9SpAhafkDdKoSfhAxU8UM87vUqjuzjYJw@mail.gmail.com> Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_owner.c
|
c96e524e98de81b333d772aa9a4f9b93275525dd |
21-Aug-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libipt_ttl: document that negation is available Glitch since commit v1.2.1~75. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibipt_ttl.c
ibipt_ttl.man
|
0859fdf5d0ae24c88e64246164c4959ad3b0d098 |
21-Aug-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libip6t_dst: restore setting IP6T_OPTS_LEN flag Bug origin is in commit v1.4.11~26^2~18. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibip6t_dst.c
|
975aeec7d34419fece8710997b6ec88cc0abb580 |
21-Aug-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libip6t_hbh: restore setting IP6T_OPTS_LEN flag Bug origin is in commit v1.4.11~26^2~17. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibip6t_hbh.c
|
de1f06dca906bfcb82d7c7c2d555fbf3229d12b6 |
21-Aug-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_hashlimit: remove inversion from hashlimit rev 0 Revision 0 indeed did not have inversion support, nor presence of --hashlimit-above. This glitch was added in v1.4.11~16^2~10. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_hashlimit.c
|
97dac48e7dfd3e2f35e33fdad72bda5b3dfc2241 |
21-Aug-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libip6t_frag: restore inversion support --fraglen also was not printed since v1.4.11~26^2~22. References: Dave Täht via netfilter-devel on 2011-08-20 14:40:11 -0700 References: <CAA93jw6mpDL6rLXM+9SpAhafkDdKoSfhAxU8UM87vUqjuzjYJw@mail.gmail.com> Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibip6t_frag.c
|
bca5b9afbe4b3823989f1e78f178203eb3bfa37d |
21-Aug-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_conntrack: fix --ctproto 0 output First, we are missing XTOPT_PUT when trying to use XTOPT_POINTER. (Next commit will flag this.) Furthermore, l4proto is of type uint16_t, while XTTYPE_PROTOCOL wants a uint8_t so the idea would not work => revert v1.4.12~1^2. Bug goes back to v1.4.12~1^2. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_conntrack.c
|
c148c4ad2e28b94125c0c9954a887f0a473d598b |
21-Aug-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_hashlimit: default htable-expire must be in milliseconds Bug goes back to v1.4.12~3^2~11. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_hashlimit.c
|
83c342b36a7048ab86827e09a4916064837293d3 |
21-Aug-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_dscp: restore inversion support References: Dave Täht via netfilter-devel on 2011-08-20 14:40:11 -0700 References: <CAA93jw6mpDL6rLXM+9SpAhafkDdKoSfhAxU8UM87vUqjuzjYJw@mail.gmail.com> Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_dscp.c
|
f17fd48448aafdc762a3b439864bcb1127b0da6c |
21-Aug-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_dccp: fix random output of ! on --dccp-option dccp-option tests info->typemask, but it really should look at info->invflags instead. This bug goes back to commit v1.3.4~11. References: Dave Täht via netfilter-devel on 2011-08-20 14:40:11 -0700 References: <CAA93jw6mpDL6rLXM+9SpAhafkDdKoSfhAxU8UM87vUqjuzjYJw@mail.gmail.com> Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_dccp.c
|
ca48066aaa8179025c0b4e17ed40a4bc12487190 |
21-Aug-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_dccp: provide man pages options in short help too This omission goes back to commit v1.3.4~11. References: Dave Täht via netfilter-devel on 2011-08-20 14:40:11 -0700 References: <CAA93jw6mpDL6rLXM+9SpAhafkDdKoSfhAxU8UM87vUqjuzjYJw@mail.gmail.com> Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_dccp.c
ibxt_dccp.man
|
f677e7b10c72bd3007c89d51eea13a0c2c3d262b |
21-Aug-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_dccp: spell out option name on save This glitch goes back to commit v1.3.4~11. References: Dave Täht via netfilter-devel on 2011-08-20 14:40:11 -0700 References: <CAA93jw6mpDL6rLXM+9SpAhafkDdKoSfhAxU8UM87vUqjuzjYJw@mail.gmail.com> Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_dccp.c
|
7e66a657d0fbb8a3f27fd78c7bb27859d44002aa |
21-Aug-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_dccp: fix deprecated intrapositional ordering of ! This bug goes back to v1.4.3~63. References: Dave Täht via netfilter-devel on 2011-08-20 14:40:11 -0700 References: <CAA93jw6mpDL6rLXM+9SpAhafkDdKoSfhAxU8UM87vUqjuzjYJw@mail.gmail.com> Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_dccp.c
|
d152d6acd6751884621e0b760fecc0d652aea479 |
21-Aug-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_dccp: restore missing XTOPT_INVERT tags for options This regression goes back to v1.4.11~19^2. References: Dave Täht via netfilter-devel on 2011-08-20 14:40:11 -0700 References: <CAA93jw6mpDL6rLXM+9SpAhafkDdKoSfhAxU8UM87vUqjuzjYJw@mail.gmail.com> Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_dccp.c
|
107dca41800f7aeb6600438ea3aaf0fd66019417 |
21-Aug-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_conntrack: remove one misleading comment Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_conntrack.c
|
79e1f97a966e82155ebc00b30e3b60c48d060448 |
21-Aug-2011 |
Jan Engelhardt <jengelh@medozas.de> |
doc: clarify libxt_connlimit defaults Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_connlimit.man
|
3716dfd7eac3afa7fb3098952550e510c8df0220 |
12-Aug-2011 |
Dwight Davis <sivad_thgiwd@yahoo.ca> |
libxt_string: fix space around arguments Fix oversight from commit v1.4.11~80. References: http://bugs.debian.org/637499 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_string.c
|
886a89bf378e079e807cda2eb43573ca6c886d0a |
20-Aug-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_set: put differing variable names in directly Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_SET.c
ibxt_set.c
|
b6ad32fe050126e5557c19ab970547d1472e4728 |
10-Aug-2011 |
Bernard Massot <bernard@massot.ath.cx> |
doc: fix typo in libxt_TRACE References: http://bugzilla.netfilter.org/show_bug.cgi?id=736 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_TRACE.man
|
3dafef40228c372976eb714836ea097115d8fd03 |
20-Aug-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_tcp: always print the mask parts 0xFF is unlikely to happen (given that ALL translates to 0x3F at most), but assuming that through magic, 0xFF was put into memory, iptables -S/iptables-save would ignore printing it, practically outputting just one argument to --tcp-flags which currently wants two. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_tcp.c
|
085b233bd85173082cc872563505ad3755ac5455 |
20-Aug-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_set: update man page about kernel support on the feature Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_SET.man
ibxt_set.man
|
bc3aeaafcf33e3e6a51948568f4f7a16304f619b |
15-Aug-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_u32: fix missing allowance for inversion Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_u32.c
|
91ca4603f649a9b9fed4f2e31a8c005cdbdacd1e |
09-Aug-2011 |
Patrick McHardy <kaber@trash.net> |
Merge branch 'master' of git://dev.medozas.de/iptables
|
67156c0b9a3d35f5e7836e5683d8ca0b46ac36ca |
01-Aug-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_string: define _GNU_SOURCE for strnlen On RHEL-5.6 and clones with its gcc-4.1.2 and glibc-2.5: libxt_string.c: In function "parse_string": libxt_string.c:84: warning: implicit declaration of function "strnlen" Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_string.c
|
4d8656ad9d0afd04820f125a85a7b673c7e74fe6 |
22-Jul-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_TCPMSS: restore build with IPv6-less libcs Commit v1.4.10-149-gea2a02f added an netinet/ip6.h include, which is not available on systems without IPv6 header files. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
NUmakefile.in
ibxt_TCPMSS.c
|
1757ec846419c76da4e104f9675b40e05ac3eee6 |
22-Jul-2011 |
Jan Engelhardt <jengelh@medozas.de> |
extensions: use multi-target registration Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_TCPMSS.c
ibxt_TEE.c
|
88e0a097c3f23dadf041b60445c6c9802c502f15 |
11-Jul-2011 |
Patrick McHardy <kaber@trash.net> |
Merge branch 'master' of git://dev.medozas.de/iptables
|
d22ceae71eaae9f641e002074fb49cd7925a7c2f |
10-Jul-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_conntrack: move more data into the xt_option_entry Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_conntrack.c
|
34d9ce1b80618eebcf63e933cf4a15cc5482c0d2 |
10-Jul-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_conntrack: restore network-byte order for v1,v2 References: http://bugs.debian.org/632804 References: http://marc.info/?l=netfilter-devel&m=130999299016674&w=2 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_conntrack.c
|
fbe9f1ecccb5ac02858fa7eee2979e0e4d97bb5f |
09-Jul-2011 |
Jan Engelhardt <jengelh@medozas.de> |
option: remove last traces of intrapositional negation Intrapositional negation was deprecated in 1.4.3. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_SET.c
ibxt_rateest.c
ibxt_sctp.c
ibxt_set.c
ibxt_tcp.c
|
411b390f3ffcd4708a0dfc0f2824a637de511cea |
30-Jun-2011 |
Patrick McHardy <kaber@trash.net> |
Merge branch 'master' of git://dev.medozas.de/iptables
|
92556c7047257284cc8659c769b800219cff47a5 |
30-Jun-2011 |
JP Abgrall <jpa@google.com> |
quota2: fix inversion handling for --quota Change-Id: I55f21aaab3c90955b4ce61687651ada60f400037 Signed-off-by: JP Abgrall <jpa@google.com>
ibxt_quota2.c
|
447ddfbfb3ed16ad0059f4559334670e9b9806ec |
13-Jun-2011 |
Jakub Zawadzki <darkjames@darkjames.ath.cx> |
doc: fix group range in libxt_NFLOG's man References: http://bugzilla.netfilter.org/show_bug.cgi?id=723 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_NFLOG.man
|
622abc73b097e7e778b432e422fd3c1f035bcfd3 |
15-Jun-2011 |
Massimo Maggi <massimo@mmmm.it> |
libxt_RATEEST: fix userspacesize field I cannot delete a rule by matching it if the target of the rule is RATEEST. Copy-paste from terminal: # iptables -t mangle -A PREROUTING -j RATEEST --rateest-name somename --rateest-interval 250ms --rateest-ewmalog 4s # iptables -t mangle -D PREROUTING -j RATEEST --rateest-name somename --rateest-interval 250ms --rateest-ewmalog 4s iptables: No chain/target/match by that name. I saw in comments of the kernel code that the last part of the struct xt_rateest_target_info is used only by kernel: struct xt_rateest_target_info { char name[IFNAMSIZ]; __s8 interval; __u8 ewma_log; /* Used internally by the kernel */ struct xt_rateest *est __attribute__((aligned(8))); }; but in struct xtables_target, .size and .userspacesize are equal. Simply correcting this solved the problem. References: http://bugzilla.netfilter.org/show_bug.cgi?id=724 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_RATEEST.c
|
36574090407b87fbb72c752698c805ef87046ae8 |
24-Jun-2011 |
JP Abgrall <jpa@google.com> |
xt_quota2: fixup so that it works with iptables It was using xtables-addons conventions: mostly incorrect arg parsing. Change-Id: I6d2ed5518d122616f252a9436b3b3dc1bd201133 Signed-off-by: JP Abgrall <jpa@google.com>
ibxt_quota2.c
|
5caed2aebebf7c72dfa982f247ac35ec67a1b852 |
21-Jun-2011 |
JP Abgrall <jpa@google.com> |
Adding the original quota2 from xtables-addons The original xt_quota in the kernel is plain broken: - counts quota at a per CPU level (was written back when ubiquitous SMP was just a dream) - provides no way to count across IPV4/IPV6. This patch is the original unaltered code from: http://sourceforge.net/projects/xtables-addons at commit e84391ce665cef046967f796dd91026851d6bbf3 Change-Id: Ia8b21394ea79ef55514748e96f769e40355a6ccf Signed-off-by: JP Abgrall <jpa@google.com>
ibxt_quota2.c
ibxt_quota2.man
|
68146dad91611bd8d6d12c8ba27219130d99607b |
22-Jun-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_hashlimit: use a more obvious expiry value by default Due to the previous default expiry of 10 sec, "--hashlimit 1/min" would allow matching up to 6/min if a properly timed. To do what the user expects, the minimum expiry must equal the selected time quantum however. Cc: Jan Rovner <jan.rovner@diadema.cz> Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_hashlimit.c
|
70cb0a6d3e09f64f9a05870d694ac0160319de9a |
22-Jun-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_state: fix regression about inversion of main option Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_state.c
|
017e7b7e1cf4fb63208e46592d06cc030f6d552d |
22-Jun-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libip6t_HL: fix option names from ttl -> hl Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibip6t_HL.c
|
12bc22a9d3e4ae4a3276dbae1cf3bd50ef5dbe9d |
21-Jun-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_RATEEST: abolish global variables Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_RATEEST.c
|
4a96d2e2c9d8c43b58d9490cd1d2ae2d1b3e0bef |
21-Jun-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_rateest: abolish global variables Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_rateest.c
|
68818f746bf9c68de04a75fbe756bf2c73e0fb32 |
21-Jun-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_RATEEST: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_RATEEST.c
|
4e98e81ecdcc321d232edc42fac168d257e712ff |
21-Jun-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libipt_LOG: fix ignoring all but last flags Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibip6t_LOG.c
ibipt_LOG.c
|
3b7a22b44d74b9b05d5e4b0529ebf72c49dcbff5 |
17-Jun-2011 |
Fernando Luis Vazquez Cao <fernando@oss.ntt.co.jp> |
doc: document IPv6 TOS mangling bug in old Linux kernels In Linux kernels up to and including 2.6.38, with the exception of longterm releases 2.6.32.42 (or later) and 2.6.33.15 (or later), there is a bug (*) whereby IPv6 TOS mangling does not behave as documented and differs from the IPv4 version. The TOS mask indicates the bits one wants to zero out, so it needs to be inverted before applying it to the original TOS field. However, the aformentioned kernels forgo the inversion which breaks --set-tos and its mnemonics. (*) Fixed by upstream commit: 1ed2f73d90fb49bcf5704aee7e9084adb882bfc5 (netfilter: IPv6: fix DSCP mangle code) Signed-off-by: Fernando Luis Vazquez Cao <fernando@oss.ntt.co.jp> Signed-off-by: Patrick McHardy <kaber@trash.net>
ibxt_TOS.man
|
8b4807f0a1d98f1d980d3d616ad565c9b72d7c49 |
11-Jun-2011 |
JP Abgrall <jpa@google.com> |
Post-merge fixup. Add new Android.mk, re-checkin generated files They have no more compilable files in the top dir. Created extra Android.mk for each subdir. Regenerated the include/iptables/internal.h and include/xtables.h with ./autogen.sh export ANDROID_ROOT=$(gettop)/prebuilt/linux-x86/toolchain/arm-linux-androideabi-4.4.x/ ./configure -host=arm-eabi CC=arm-linux-androideabi-gcc CPPFLAGS="$funky_includes" CFLAGS="-nostdlib" LDFLAGS="-Wl,-rpath-link=$ANDROID_ROOT/arm-linux-androideabi/lib -L$ANDROID_ROOT/arm-linux-androideabi/lib" Change-Id: Ia57ed699edd32ffce16e94e2f13fb93d94924a04
ndroid.mk
|
ebf81627b1a2f50fd47add49f9976ed430a19673 |
11-Jun-2011 |
JP Abgrall <jpa@google.com> |
Merge git://git.netfilter.org/iptables into v1.4.11_upstream Using theirs, as they have taken some of my prior changes\ with some improvements. Conflicts: include/xtables.h.in iptables/xtables.c iptables/xtoptions.c Change-Id: I8e1e537fbb868eeebb448c8f1d9e33b283448aac
|
0727c2cea3ccd2b5bad4d6467125132cc700ad39 |
08-Jun-2011 |
Vlad Dogaru <ddvlad@rosedu.org> |
doc: fix MASQUERADE section of man page The section about MASQUERADE specifies that it takes a single option, but in reality it takes two: --to-ports and --random. Signed-off-by: Vlad Dogaru <ddvlad@rosedu.org> Signed-off-by: Patrick McHardy <kaber@trash.net>
ibipt_MASQUERADE.man
|
a1cd1f2a4a35427c68cd0d1bd2761d5be42b12b1 |
07-Mar-2011 |
Elie De Brauwer <eliedebrauwer@gmail.com> |
doc: fix trivial typo in libipt_SNAT The word "occur" had ufortunately been removed in v1.3.8~23. References: http://bugzilla.netfilter.org/show_bug.cgi?id=707 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibipt_SNAT.man
|
6918795519ddbf4d0efa9aa5b1b51cdafb99c55a |
03-Apr-2011 |
Mike Frysinger <vapier@gentoo.org> |
build: move remaining preprocessor flags to CPPFLAGS References; http://bugzilla.netfilter.org/show_bug.cgi?id=713 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
NUmakefile.in
|
5085c3a037fa9327377dec7540d9c3ef2d53a58e |
01-Jun-2011 |
Jan Engelhardt <jengelh@medozas.de> |
build: move kinclude's preprocessor flags to kinclude_CPPFLAGS References: http://bugzilla.netfilter.org/show_bug.cgi?id=713 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
NUmakefile.in
|
8e336251e155888f0ac2c79259f8792fc31920a1 |
01-Jun-2011 |
Jan Engelhardt <jengelh@medozas.de> |
build: move basic preprocessor flags to regular_CPPFLAGS This is where they belong, after all. References: http://bugzilla.netfilter.org/show_bug.cgi?id=713 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
NUmakefile.in
|
874b76221f74a00520a712ef89b5254a1ed896f8 |
29-May-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_owner: restore inversion support Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_owner.c
|
790845385fb84ce8e79a96e91fc6c4f7df60713d |
25-May-2011 |
Patrick McHardy <kaber@trash.net> |
Merge branch 'master' of git://dev.medozas.de/iptables
|
db50b83bc3cd634beb71f38978ad7d035c88ff11 |
23-May-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_time: deprecate --localtz option, document kernel TZ caveats Comparing against the kernel time zone has significant caveats. This patch adds documentation about the issue, and makes --utc the default setting for libxt_time. Furthremore, throw a warning on using the "--localtz" option, to avoid confusion with one's shell TZ environment variable, and rename it to "--kerneltz" to be explicit about whose timezone will be used. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_time.c
ibxt_time.man
|
1201871343223d9781253283a64686be4e63ad52 |
23-May-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_time: --utc and --localtz are mutually exclusive Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_time.c
|
b1319cc083de658c0007da93f25d19874f75d55f |
23-May-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_time: always ignore libc timezone Since xt_time is meant to work across many months, libc doing automatic conversion from local time to UTC (during parse) is unwanted, especially when --utc is specified. The same goes for dumping. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_time.c
|
d8784613a5be2821ff910cd4c2bfe889a9b306c5 |
25-May-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_NFQUEUE: add mutual exclusion between qnum and qbal Only one is printed on save operation, which leads me to believe that only one is meant to be used. The manpage seems to corroborate. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_NFQUEUE.c
|
089585f14fda80508e26ea019703add07cb72f64 |
25-May-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_NFQUEUE: avoid double attempt at parsing Fixes this error: NFQUEUE: option "--queue-num" can only be used once. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_NFQUEUE.c
|
6944f2c8190f1c4319aeac748470c71b0ba45025 |
24-May-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxtables: have xtopt_parse_mint interpret partially-spec'd ranges When ":n" or "n:" is specified, it will now be interpreted as "0:n" and "n:<max>", respecitvely. nvals will always reflect the number of (expanded) components. This restores the functionality of options that take such partially-unspecified ranges. This makes it possible to nuke the per-matchdata init functions of some extensions and simply the extensions postparsing to the point where it only needs to check for nvals==1 or ==2. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibip6t_ah.c
ibip6t_frag.c
ibip6t_rt.c
ibipt_ah.c
ibxt_conntrack.c
ibxt_esp.c
ibxt_length.c
|
319046c3f96f810f81a5a2e6189ba87527e882f1 |
24-May-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libip6t_rt: restore --rt-type storing Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibip6t_rt.c
|
5a66f40d2f64e8792e1360906d3d6a1c829ba2b7 |
24-May-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_u32: --u32 option is required Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_u32.c
|
c52f7aa866ee3cdc0e0dc67f3eae629055a126dc |
23-May-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_ipvs: restore network-byte order Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_ipvs.c
|
9039600d2a50970274b5a13f6f616e38cc9c3e6d |
23-May-2011 |
Jan Engelhardt <jengelh@medozas.de> |
doc: remove redundant .IP calls in libxt_time Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_time.man
|
4f0d5a7fd4cb1452493921446603c837316e0179 |
23-May-2011 |
Jan Engelhardt <jengelh@medozas.de> |
doc: use .IP list for TCPMSS Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_TCPMSS.man
|
17f7937f79af4d260c60cb800e56fc0df0a48b37 |
23-May-2011 |
Lutz Jaenicke <ljaenicke@innominate.com> |
libxt_devgroup: actually set XT_DEVGROUP_OPT_???GROUP flags Signed-off-by: Lutz Jaenicke <ljaenicke@innominate.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
ibxt_devgroup.c
|
25ea60de20fb5f7981a0170eb05c0c9a61525763 |
17-May-2011 |
Jan Engelhardt <jengelh@medozas.de> |
doc: make usage of libxt_rateest more obvious Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_rateest.man
|
88cfbe258b0d30ef26fae8da5484b08e65292a09 |
21-May-2011 |
Jan Engelhardt <jengelh@medozas.de> |
doc: add some coded option examples to libxt_hashlimit Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_hashlimit.man
|
60b9051f64869434c5bab6739556cb1975232267 |
20-May-2011 |
JP Abgrall <jpa@google.com> |
androidify build: Add Android.mk and support script The Android.mk is based on what a generated makefile would look like. The extra filter_init script is to work around the fact that we can't have -D_INIT=lib$*_init passed down as some compile flags due to $*. This is used to rename all the modules' init() functions. Some modules are excluded because they are not needed and would require more changes in bionic to accommodate the needed types. Change-Id: I9422a5d30ff22a56f28b2c80f6aba8d28b28a051 Signed-off-by: JP Abgrall <jpa@google.com>
ilter_init
|
463628b03eec6e7456ca5121f9b81af7f4690e08 |
12-May-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_rateest: streamline case display of units Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_rateest.c
|
67db7615580f5c3490a39310f5adcb4e767ea6a8 |
20-May-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_quota: readd missing XTOPT_PUT request Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_quota.c
|
b65b9fe5096bd49a9ec2f0f6c2f23d274cfc88ee |
19-May-2011 |
JP Abgrall <jpa@google.com> |
xtoptions + quota: parse and store 64bit values The xtables_strtoul() would cram a long long into a long. The parse_int would try to cram a UINT64 into a long. The quota_parse would just ignore whatever value was parsed. Change-Id: Ie1f05e98e974a255d962dd757a5592458f942f8b
ibxt_quota.c
|
ae06c6dc6d68d11ed15d4c6c47b7b7a709d3c9cb |
18-May-2011 |
Lutz Jaenicke <ljaenicke@innominate.com> |
libipt_REDIRECT: "--to-ports" is not mandatory The REDIRECT target can be called without the --to-ports option being specified. From the manual page: ...without this, the destination port is never altered. Signed-off-by: Lutz Jaenicke <ljaenicke@innominate.com> Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibipt_REDIRECT.c
|
c02c92d1fcaa1223caf9a5eef32bedcb78f1e714 |
18-May-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxtables: retract _NE types and use a flag instead Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_TPROXY.c
|
65c0621d48e818d75f8c2810e93eb405a6d31406 |
13-May-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libip6t_rt: rt-0-not-strict should take no arg This unfortunately got mixed up during the getopt -> guided parser move. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibip6t_rt.c
|
9bfedca6347c2e079e569954197777813f4ef2fb |
13-May-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_conntrack: resolve erroneous rev-2 port range message --ctorigdstport 13 ip6tables-restore v1.4.10: conntrack rev 2 does not support port ranges Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_conntrack.c
|
fe9922cb4f1fb75072970dd09605fdc056b96195 |
13-May-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_conntrack: fix assignment to wrong member Of course the range end ought to be set, not doing the start value twice. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_conntrack.c
|
10dbcd0bfb5a62a71a706d11134f83b0539f4dd3 |
13-May-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_conntrack: correct printed module name Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_conntrack.c
|
f25b2355e889290879c8cecad3dd24ec0c384fb8 |
13-May-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libipt_[SD]NAT: avoid false error about multiple destinations specified iptables-restore v1.4.10: DNAT: Multiple --to-destination not supported xtables_option_parse sets cb->xflags already, so that it cannot be directly used to test whether an option is being used for the second time. Thus use a private option/flag (X_TO_DEST/SRC) that is not under the control of xtables_option_parse. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibipt_DNAT.c
ibipt_SNAT.c
|
e82d031af24c8155357c6f2d2b2e236bd6cf67e4 |
13-May-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libipt_[SD]NAT: flag up module name on error Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibipt_DNAT.c
ibipt_SNAT.c
|
cdc8e0b252c14a17b47e1c89a2fa4dbac2002473 |
12-May-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_policy: use XTTYPE_PROTOCOL type Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_policy.c
|
15392934cf81ef85e2a1c21380c61a7a42e260d5 |
12-May-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_policy: option table fixes, improved error tracking Most of the flags are multi-use in this extension. Also transfer --next => --strict requirement to option table. Furthermore, augment the error messages emitted from fcheck to contain the policy element number, and elaborate on what an "empty policy element" is. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_policy.c
ibxt_policy.man
|
59ce5bd1d05225911051a4c46ce5ccdd7c1ed078 |
12-May-2011 |
Patrick McHardy <kaber@trash.net> |
Merge branch 'floating/opts' of git://dev.medozas.de/iptables
|
8075493a00e06857147263574333df4073ea671b |
11-May-2011 |
Patrick McHardy <kaber@trash.net> |
Merge branch 'opts' of git://dev.medozas.de/iptables
|
77b6230adfe51836ad5b31b41638b43e9b0062e2 |
11-May-2011 |
Patrick McHardy <kaber@trash.net> |
Merge branch 'master' of git://dev.medozas.de/iptables
|
c29f7ef7cb5a31620060ef721d3c65b343eb537a |
09-May-2011 |
Patrick McHardy <kaber@trash.net> |
Merge branch 'opts' of git://dev.medozas.de/iptables
|
8d14aeb8c4c3dc8ce9264b04b97f2e8634c1f381 |
09-May-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libipt_SAME: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibipt_SAME.c
|
c0bba1a8033ce15d1eec80da94c8f249a967568e |
09-May-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libipt_REDIRECT: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibipt_REDIRECT.c
|
bf07750fd4fc5f5e603e59e72d62696d2389e9b3 |
08-May-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libipt_MASQUERADE: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibipt_MASQUERADE.c
|
9f4a637ee5856e8f260e3f3867782ed5584e00f9 |
08-May-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libipt_SNAT: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibipt_SNAT.c
|
f875e84427de17b34ecb69a56d87161571ffab76 |
08-May-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libipt_DNAT: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibipt_DNAT.c
|
ce4b79577fa9c1ed68c36797890d39ca5ba9a8bf |
07-May-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_iprange: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_iprange.c
|
4eb3d6da8f677f978126bb00928f64da15c3d623 |
08-May-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libipt_CLUSTERIP: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibipt_CLUSTERIP.c
|
7e79d139c1ea6e1b72bbedc53c0426c9d5ffa0e0 |
07-May-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_mac: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_mac.c
|
1f8e52ed2ac513476dc93fedde915079c4387728 |
08-May-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libip6t_rt: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibip6t_rt.c
|
7752e649cec9d23b867d166ace38d213f0584077 |
08-May-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libip6t_mh: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibip6t_mh.c
|
73425492d4c57d34a616d948666ac75ecc612eed |
08-May-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_conntrack: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_conntrack.c
|
58e9118dc61c9ff656c0140c429f0fa892c36ac5 |
09-May-2011 |
Jan Engelhardt <jengelh@medozas.de> |
doc: S/DNAT allows to omit IP addresses Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibipt_DNAT.c
ibipt_DNAT.man
ibipt_SNAT.c
ibipt_SNAT.man
|
edc2b1adf32d2b11e126174f525293b3bca6e7bc |
09-May-2011 |
Patrick McHardy <kaber@trash.net> |
Merge branch 'opts' of git://dev.medozas.de/iptables
|
372203af4c70fb20bc7ff3a49788b9bbf57d2eb1 |
07-May-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_ipvs: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_ipvs.c
|
0f77e2e40a498688f3d8f8a65bf74ce13db893b2 |
07-May-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_limit: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_limit.c
|
ef7d2e845f72fd3a01c9d89e73c90de5dcca73a7 |
08-May-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libipt_NETMAP: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibipt_NETMAP.c
|
87a34d7aef2cba833f4f36536575dee304bbece5 |
07-May-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_multiport: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_multiport.c
|
94cd683a969e024ec870df258fafd790b8a1abf1 |
06-May-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_osf: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_osf.c
|
21d243c3152f0798683aacbf95acfc8c1378924e |
06-May-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_owner: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_owner.c
|
d441ad6a68c5d65344449962f4648d297d453b6c |
06-May-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_policy: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_policy.c
|
fe02f76e013941a7f65f57f297d3177bcfeb0623 |
04-May-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_hashlimit: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_hashlimit.c
|
d7282413763b0ba85d512c1cd49174b762ff449c |
04-May-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxtables: do not overlay addr and mask parts, and cleanup XTTYPE_HOSTMASK will require that what has now become haddr, hmask/hlen are not overlays of another. Thus relax the structure and always set all members of the {haddr, hmask, hlen} triplet now for all types that touch any of the members. Add some more comments and clean out ONEHOST.
ibxt_TEE.c
ibxt_TPROXY.c
|
51a746e6b1d66ca546fd2f8a1f7809868174e637 |
04-May-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_recent: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_recent.c
|
27adf1ec123b949f1c7b48fbdef67d1d4ed18901 |
01-May-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_connlimit: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_connlimit.c
|
6cfb28bb9032dcf2749ff80f88ad37b9fe5e7c2a |
01-May-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_NFLOG: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_NFLOG.c
|
a0b2facfa1fe70d9a9e628b09bc4895de0bfd672 |
01-May-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_IDLETIMER: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_IDLETIMER.c
|
3c7f501545828965908cc28fc40f7da2be747561 |
02-May-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_statistic: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_statistic.c
|
39d3aa36ea38668a2c343b5af42b2d8d3616a9de |
02-May-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_statistic: increase precision on create and dump Currently, libxt_statistic only dumps the probability with a granularity of 1/1000000. Assuming only stuffed packets with 1440 bytes payload, this would match approximately every 1.341 GB, which is pretty low for a high-volume router. Trying to match any larger interval than that (e.g. 2 GB) will cause libxt_statistic to output "--probability 0.000000", and when restored, will cause it to never match again. Bump the dump precision to what xt_statistic can really do, and adjust the manpage to include a word about it. Furthermore, employ explicit rounding when reading the argument from the command line, because the previous implicit conversion would use truncation, which is not very exact. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_statistic.c
ibxt_statistic.man
|
d118d21ea3108f94ca1f84f11dd39f3f12e9ee2b |
02-May-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_statistic: streamline and document possible placement of negation Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_statistic.c
ibxt_statistic.man
|
dd6e4b90b5b2dbc2bbaac5008e26949a18478197 |
07-May-2011 |
Jan Engelhardt <jengelh@medozas.de> |
extensions: const annotations Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibip6t_ipv6header.c
ibip6t_rt.c
ibxt_dccp.c
ibxt_multiport.c
ibxt_policy.c
ibxt_sctp.c
ibxt_tcp.c
ibxt_udp.c
|
752a30dfe4429ec2623a3c1181e1499b87158c5c |
06-May-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_owner: remove ifdef IPT_COMM_OWNER Ever since we keep a copy of the header files anyway, IPT_COMM_OWNER is always available. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_owner.c
|
104fb318d22231c9edf9d61ef84cc84386e52d6b |
07-May-2011 |
Jan Engelhardt <jengelh@medozas.de> |
extensions: remove bogus use of XT_GETOPT_TABLEEND Commit v1.4.8-36-g32b8e61 added this end marker in a little too many places: at non-getopt places. Fix that. Also change the definition of XT_GETOPT_TABLEEND to reference a struct getopt member by name so that this cannot happen again. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_TCPOPTSTRIP.c
ibxt_rateest.c
|
373e8513c4b9b0491e46ae89397ead03d093ee76 |
06-May-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_u32: add missing call to xtables_option_parse Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_u32.c
|
06312dab6c530a214a4e7bad1b2329381430bddc |
01-May-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_tos: add inversion support back again It was unfortunately removed during the option parser switch. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_tos.c
|
753bbed383cde1c18e05b5b726b6c28afbde3a3c |
20-Apr-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_dccp: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_dccp.c
|
2e73af96178f0ed7ebbd99478f1bc05ec5c86dc7 |
19-Apr-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_udp: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_udp.c
|
ee1fbbe536c6dd3a252886815314cf910d672ca6 |
29-Apr-2011 |
Jan Engelhardt <jengelh@medozas.de> |
extensions: remove unused TOS code Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
os_values.c
|
d8f591993eb610b41f3170a94a879edd24ad348a |
29-Apr-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_tos: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_tos.c
|
61cc52b6f9edfa3efb1d0c9ea9531abb42828ec2 |
29-Apr-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_TOS: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_TOS.c
|
9a9694fbf1796a6a5011b60b2a15c01fa3c61368 |
06-Apr-2011 |
Maciej Żenczykowski <maze@google.com> |
Move common parts of libext{4,6}.a into libext.a Signed-off-by: Maciej Zenczykowski <maze@google.com>
NUmakefile.in
|
57a92c7b7ed01ad8f49c680af63341409c3afb1a |
18-Apr-2011 |
Patrick McHardy <kaber@trash.net> |
Merge branch 'floating/opts' of git://dev.medozas.de/iptables
|
e39f367d905670e39e6f08d2b73c715a6d0b4bfb |
17-Apr-2011 |
Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> |
SET target revision 2 added The new revision of the SET target supports the following new operations - specifying the timeout value of the entry to be added - flag to instruct the kernel that if the entry already exists then reset the timeout value to the specified one (or to the default from the set definition)
ibxt_SET.c
ibxt_SET.man
ibxt_set.c
|
d44c31ac8e52f34e058f44aba14f679abcc7edf9 |
14-Apr-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_TEE: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_TEE.c
|
1f2474ae5276e49005c8e234dec091b007e3fce2 |
08-Mar-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libipt_ULOG: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibipt_ULOG.c
|
64cb56e3e894f6b8b523ecb45f91abe43b07cf0c |
09-Feb-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_TPROXY: use guided option parser I am starting with a simple module here that does not require a final_check function. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_TPROXY.c
|
0dd344a9bedc24feb6ad99d4620bdc7da171c72d |
15-Feb-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libip[6]t_LOG: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibip6t_LOG.c
ibipt_LOG.c
|
c618a0b1d3696c30f7791a427da9ba60186dfe05 |
06-Mar-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_string: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_string.c
|
ea2a02f7e961011b2e226c25a5e8ff49e1f84278 |
06-Mar-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_TCPMSS: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_TCPMSS.c
|
478be25c3b64e0f2ddbd2aa97ebe78df7ca00c0a |
06-Mar-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_NFQUEUE: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_NFQUEUE.c
|
a05562e1e2fb2e18f34d29ec57c4217a3014d1f2 |
06-Mar-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_CT: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_CT.c
|
09631dc60ce41bc484a42fcf4d4ddf7036820bd1 |
06-Mar-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_connbytes: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_connbytes.c
|
ba77b9b142b55c856b0a2950eddece7ad7e6bfbc |
06-Mar-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_tcpmss: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_tcpmss.c
|
c15f9e3f6d8552cddfc858b115d996c7cf5b47e9 |
06-Mar-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_length: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_length.c
|
f04d48879fea70451148d7867d5a388efe63b48f |
06-Mar-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libipt_realm: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibipt_realm.c
|
5d8e61ef4636383ca47cd748cd7457a238de37a6 |
06-Mar-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_devgroup: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_devgroup.c
|
1e6c1ee1bf2822d5fdf61725148700a410fb8b86 |
06-Mar-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_quota: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_quota.c
|
7299fa4b615d7f7ee12cde444266f6b31f667f9f |
06-Mar-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_CONNMARK: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_CONNMARK.c
ibxt_connmark.c
|
60756e7f8be9242b606f1b5fbcb38f45e4de29c5 |
06-Mar-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_MARK: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_MARK.c
ibxt_mark.c
|
316ae9d2f1996caea4cf221201accb8c2087a154 |
13-Apr-2011 |
Patrick McHardy <kaber@trash.net> |
Merge branch 'opts' of git://dev.medozas.de/iptables
|
cd50f26ad6016ae57af1f822f8aa3ceb2ef9727a |
12-Apr-2011 |
Patrick McHardy <kaber@trash.net> |
Merge branch 'opts' of git://dev.medozas.de/iptables
|
884d2675f1a880ffcc072da69ab8c9aaea2a3bce |
12-Apr-2011 |
Patrick McHardy <kaber@trash.net> |
Merge branch 'master' of vishnu.netfilter.org:/data/git/iptables
|
aeb8af909befedbfc85e9f184471b219e4ea191a |
09-Apr-2011 |
Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> |
Fix set match/target direction parser The direction parser did not catch when more src/dst direction parameters were supplied than allowed.
ibxt_set.h
|
c0431520a5f91e754cec8d827d8f978da4241717 |
06-Apr-2011 |
Jan Engelhardt <jengelh@medozas.de> |
doc: avoid duplicate entries in manpage Commit v1.4.9-35-gd4105ad changed from [A-Z] and [a-z] to use [[:alnum:]], which unfortunately drew matches into the target section, and targets into the match section. [[:upper:]] and [[:lower:]] should have been used instead, of course. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
NUmakefile.in
|
4f7f187ffe1773487071b413491f062d141309dd |
02-Mar-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_u32: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_u32.c
|
d64d54777b4a9405a8229a533e44a2e80f000a9f |
02-Mar-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_time: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_time.c
|
72ef3d3063ce7a12ee199f9539e958b4f4ca561d |
02-Mar-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_state: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_state.c
|
de31da35a8042db0ea1b106b77d03a5920e7198b |
02-Mar-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_pkttype: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_pkttype.c
|
2291d887cea2412af380f1ae995ddfee0362386b |
02-Mar-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_physdev: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_physdev.c
|
76e18aeaa67940544a3d5b740a37dce4f169a108 |
02-Mar-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_helper: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_helper.c
|
cc2511ee64df98e45d0b42a93a9b789b9726d4b9 |
01-Mar-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_comment: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_comment.c
|
693420f27bea05ef22a218cd599e42af5b014453 |
02-Mar-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_TCPOPTSTRIP: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_TCPOPTSTRIP.c
|
03fe3d289ded9b1b8640e4be1398b0cf1f7e4fa0 |
02-Mar-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_SECMARK: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_SECMARK.c
|
942f140a57745f5e12d6a8cd2a4ca3f51ef4403a |
06-Mar-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_LED: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_LED.c
|
72c359784a03b1ea46a9964e5c1f8636a52507dd |
01-Mar-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_DSCP: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_DSCP.c
ibxt_dscp.c
|
35459f05f5addd1b92c32a241863995aa619495b |
01-Mar-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_CLASSIFY: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_CLASSIFY.c
|
ba3b73f0d3aae8188ff0b75d0839c841352f7760 |
01-Mar-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_AUDIT: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_AUDIT.c
|
94c5d622b2c88d78a153b9e2986467c84417020d |
01-Mar-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libipt_addrtype: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibipt_addrtype.c
|
e36463232e2f1fe9363700b2740c2a82dbf1821d |
03-Mar-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libipt_ECN: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibipt_ECN.c
ibipt_ecn.c
|
b26d08b56eb81779589eb43fb0f636ac9eb51cb2 |
01-Mar-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libip6t_ipv6header: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibip6t_ipv6header.c
|
1b8db4f4ca250f13a0e7edddb31cfc1f82d42806 |
01-Mar-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libip[6]t_icmp: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibip6t_icmp6.c
ibipt_icmp.c
|
7a969bb06cef93b6b0dadbb784c30d33856445d1 |
03-Mar-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libip6t_hbh: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibip6t_hbh.c
|
082e9e11ed345572e2bf4790a5f8ba5245164fc6 |
18-Feb-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libip6t_dst: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibip6t_dst.c
|
b313d8f3f78c62cce930728bc9163ecf942c22e8 |
16-Feb-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libip[6]t_REJECT: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibip6t_REJECT.c
ibipt_REJECT.c
|
a3876fa13ffe792e209cc1a8ac1214946c898eea |
27-Feb-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_esp: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_esp.c
|
7c51e38d7586e2f6207c78743cc955e8778a925d |
18-Feb-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libip6t_frag: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibip6t_frag.c
|
4d6ede0b324e5e9dcbb1d7cc2a7aebed9e56821a |
16-Feb-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libip[6]t_ah: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibip6t_ah.c
ibipt_ah.c
|
dba0839a103fe0384b41a8f08a3b3a5f9eba732b |
18-Feb-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libip[6]t_hl: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibip6t_hl.c
ibipt_ttl.c
|
fa728c88fd0bfdc3f2bdb79beed91cd9e1fca5e5 |
13-Feb-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libip[6]t_HL: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibip6t_HL.c
ibipt_TTL.c
|
b18ffe3636b07cd817628de81643136e4755a944 |
27-Feb-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_cluster: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_cluster.c
|
93112921153c43dc0521be499f6a792d2aaae5e9 |
18-Feb-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_cpu: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_cpu.c
|
97265fb806dffc6fd87ee5e0f0963dfbe7a094f6 |
27-Feb-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_CONNSECMARK: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_CONNSECMARK.c
|
9c5c10554c61f0b22cbc65b27b765fa8172040f7 |
18-Feb-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_socket: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_socket.c
|
f92bca9da4ee68f05dbb827a8444804a8edb1b87 |
27-Feb-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_CHECKSUM: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_CHECKSUM.c
|
458d84de2412b43604a8efe2b82a2084a2859a46 |
01-Mar-2011 |
Jan Engelhardt <jengelh@medozas.de> |
extensions: add missing checks for specific flags (2) Addendum to v1.4.10-75-g4e5d4bf. It does not make sense to use ipv6header's --soft without specifying any options. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibip6t_ipv6header.c
|
49d8c5d564cad70c5c1bef2d5571e8e494454210 |
04-Apr-2011 |
Maciej Zenczykowski <maze@google.com> |
v6: rename init_extensions() to init_extensions6() Signed-off-by: Maciej Zenczykowski <maze@google.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
NUmakefile.in
|
5e8f947becc00a79e78b2a6cf0e25fd674c57ec4 |
04-Apr-2011 |
Maciej Zenczykowski <maze@google.com> |
v4: rename init_extensions() to init_extensions4() Signed-off-by: Maciej Zenczykowski <maze@google.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
NUmakefile.in
|
a239728ec064666025de2723997d87b176d57fd6 |
04-Apr-2011 |
Maciej Zenczykowski <maze@google.com> |
mark newly opened fds as FD_CLOEXEC (close on exec) (This is iptables-1.4.3.1-cloexec.patch from RedHat iptables.src.rpm) Signed-off-by: Maciej Zenczykowski <maze@google.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
ibipt_realm.c
|
8d6492d582c7284217c042d5638cf50174e5fbfd |
04-Apr-2011 |
Maciej Zenczykowski <maze@google.com> |
man pages: allow underscores in match and target names Signed-off-by: Maciej Zenczykowski <maze@google.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
NUmakefile.in
|
df37d99b0cba63443d4224187f2d5a0c299ad7ad |
04-Apr-2011 |
Mark Montague <mark@catseye.org> |
iptables: documentation for iptables and ip6tables "security" tables Add documentation for the iptables and ip6tables "security" tables. Based on http://lwn.net/Articles/267140/ and kernel source. Signed-off-by: Mark Montague <mark@catseye.org> Signed-off-by: Patrick McHardy <kaber@trash.net>
ibxt_CONNSECMARK.man
ibxt_SECMARK.man
|
c7948744bf591e0c46b6d19ccfa408cc59e11ef1 |
16-Mar-2011 |
Thomas Graf <tgraf@redhat.com> |
iptables: add manual page section for AUDIT target Signed-off-by: Thomas Graf <tgraf@redhat.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
ibxt_AUDIT.man
|
2d039bcf8421c992fb74849facc2d7205960f68e |
21-Feb-2011 |
Jan Engelhardt <jengelh@medozas.de> |
doc: rateest options can be optional Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_rateest.man
|
8a5270b14908b3173de080a958e50e21e2f046de |
20-Feb-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_quota: require --quota to be specified It is pretty pointless to use -m quota without specifying --quota. There would be nothing left to count down on. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_quota.c
|
37f6d57c4e030a459ccafafd8a574e327315e148 |
20-Feb-2011 |
Jan Engelhardt <jengelh@medozas.de> |
doc: fix odd partial sentence in libipt_TTL Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibipt_TTL.man
|
887f58666af9ccde7051169aa9d6160d7e09ec46 |
20-Feb-2011 |
Jan Engelhardt <jengelh@medozas.de> |
doc: mention other possible nf_loggers for TRACE Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_TRACE.man
|
094f104af71ca859c7c44406baed401659ad9421 |
19-Feb-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libipt_ECN: set proper option flags When specifying --ecn-tcp-remove, *flags will be wrongly set to denote that --ecn-ip-ect had been specified. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibipt_ECN.c
|
4e5d4bff933d77158d9d32b4f87c5842decf670e |
19-Feb-2011 |
Jan Engelhardt <jengelh@medozas.de> |
extensions: add missing checks for specific flags With "!flags", any option will be accepted. The extensions however want one very specific option to be used (or wrong help text). Commits: DNAT: v1.3.8~23, osf: v1.4.6~3 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibipt_DNAT.c
ibipt_ECN.c
ibxt_osf.c
|
b9210cfd9da3d57610be4e86ef45c48dd1b65edf |
19-Feb-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libip6t_hbh: remove unimplemented --hbh-not-strict Same as with ip6t_dst. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibip6t_hbh.c
|
7a1043bcb6ac6315c991cf02c9a12568398fc837 |
18-Feb-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libip6t_dst: remove unimplemented --dst-not-strict This was never ever implemented in the kernel, so just remove it. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibip6t_dst.c
|
86786bf3a5e875232ae63d9f9b3dbb542ac2e392 |
18-Feb-2011 |
Jan Engelhardt <jengelh@medozas.de> |
Remove unused CVS expanded keywords Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibipt_ECN.c
ibipt_TTL.c
ibipt_ttl.c
|
e88a7c2c7175742b58b6aa03f2b5aba2d80330a1 |
18-Feb-2011 |
Jan Engelhardt <jengelh@medozas.de> |
extensions: remove redundant init functions The main program already zeroes the per-extension data block. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibip6t_ah.c
ibip6t_dst.c
ibip6t_frag.c
ibip6t_hbh.c
ibip6t_ipv6header.c
ibip6t_rt.c
ibipt_SAME.c
ibxt_NFLOG.c
ibxt_RATEEST.c
ibxt_TCPOPTSTRIP.c
ibxt_dccp.c
ibxt_hashlimit.c
ibxt_sctp.c
ibxt_string.c
|
12a18d6043092bd2574b2bced635259b16317e57 |
18-Feb-2011 |
Jan Engelhardt <jengelh@medozas.de> |
doc: fix misspelling of "field" Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibip6t_ah.c
ibip6t_frag.c
ibip6t_rt.c
|
c2efcd321271e6658d9cad87eff0a09d16f2766e |
17-Feb-2011 |
Jan Engelhardt <jengelh@medozas.de> |
doc: fix wrong sentence about negation in xt_limit This is an update to commit v1.4.7~6. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_limit.man
|
e1df221d7a1b3df0224d94865ec05ba336995608 |
15-Feb-2011 |
Jan Engelhardt <jengelh@medozas.de> |
extensions: fix indent of vtable Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibip6t_LOG.c
ibipt_LOG.c
ibipt_ecn.c
ibxt_recent.c
|
c0f6d17764e9bc1724cedd78b880a80446363146 |
16-Feb-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_devgroup: option whitespace update following v1.4.10-49-g7386635 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_devgroup.c
|
e76ec99b48745b0e3c8aecbc91ed5bba186cf25f |
06-Feb-2011 |
Pablo Neira Ayuso <pablo@netfilter.org> |
libxt_cluster: fix inversion in the cluster match In libxt_cluster.c, we use: info->flags |= (1 << XT_CLUSTER_F_INV); but we should use instead: info->flags |= XT_CLUSTER_F_INV; since the definition of XT_CLUSTER_F_INV is: enum xt_cluster_flags { XT_CLUSTER_F_INV = (1 << 0) }; This fixes the inversion in the cluster match. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
ibxt_cluster.c
|
9ee2a9fe2f74b616da34878104bd1ff406534ad1 |
03-Feb-2011 |
Patrick McHardy <kaber@trash.net> |
extensions: add extension for devgroup match Signed-off-by: Patrick McHardy <kaber@trash.net>
ibxt_devgroup.c
|
73866357e4a7a0fdc1b293bf8863fee2bd56da9e |
18-Dec-2010 |
Jan Engelhardt <jengelh@medozas.de> |
iptables: do not print trailing whitespaces Due to the use of printf("foobar "), iptables emits spaces at the end-of-line, which looks odd to some users because it causes the terminal to wrap even if there is seemingly nothing to print. It may also have other points of annoyance, such as mailers interpreting a trailing space as an indicator that the paragraph continues when format=flowed is also on. And git highlights trailing spaces in red, so let's avoid :) Preexisting inconsistencies in outputting spaces in the right spot are also addressed right away. References: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=429579 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibip6t_HL.c
ibip6t_LOG.c
ibip6t_REJECT.c
ibip6t_ah.c
ibip6t_dst.c
ibip6t_frag.c
ibip6t_hbh.c
ibip6t_hl.c
ibip6t_icmp6.c
ibip6t_ipv6header.c
ibip6t_mh.c
ibip6t_rt.c
ibipt_CLUSTERIP.c
ibipt_DNAT.c
ibipt_ECN.c
ibipt_LOG.c
ibipt_MASQUERADE.c
ibipt_NETMAP.c
ibipt_REDIRECT.c
ibipt_REJECT.c
ibipt_SAME.c
ibipt_SNAT.c
ibipt_TTL.c
ibipt_ULOG.c
ibipt_addrtype.c
ibipt_ah.c
ibipt_ecn.c
ibipt_icmp.c
ibipt_realm.c
ibipt_ttl.c
ibxt_AUDIT.c
ibxt_CHECKSUM.c
ibxt_CLASSIFY.c
ibxt_CONNMARK.c
ibxt_CONNSECMARK.c
ibxt_CT.c
ibxt_DSCP.c
ibxt_IDLETIMER.c
ibxt_LED.c
ibxt_MARK.c
ibxt_NFLOG.c
ibxt_NFQUEUE.c
ibxt_RATEEST.c
ibxt_SECMARK.c
ibxt_SET.c
ibxt_TCPMSS.c
ibxt_TCPOPTSTRIP.c
ibxt_TEE.c
ibxt_TOS.c
ibxt_TPROXY.c
ibxt_cluster.c
ibxt_comment.c
ibxt_connbytes.c
ibxt_connlimit.c
ibxt_connmark.c
ibxt_conntrack.c
ibxt_cpu.c
ibxt_dccp.c
ibxt_dscp.c
ibxt_esp.c
ibxt_hashlimit.c
ibxt_helper.c
ibxt_iprange.c
ibxt_ipvs.c
ibxt_length.c
ibxt_limit.c
ibxt_mac.c
ibxt_mark.c
ibxt_multiport.c
ibxt_osf.c
ibxt_owner.c
ibxt_physdev.c
ibxt_pkttype.c
ibxt_policy.c
ibxt_quota.c
ibxt_rateest.c
ibxt_recent.c
ibxt_sctp.c
ibxt_set.c
ibxt_socket.c
ibxt_state.c
ibxt_statistic.c
ibxt_string.c
ibxt_tcp.c
ibxt_tcpmss.c
ibxt_time.c
ibxt_tos.c
ibxt_u32.c
ibxt_udp.c
os_values.c
|
298d70e8564f03c844435123bf36e84419c2f65a |
31-Jan-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_u32: enclose argument in quotes Otherwise ip6tables-save piped to ip6tables-restore can cause a parse error when the expression list is empty. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_u32.c
|
fbd47262d2417c17f1c57896dea8a0c55fb6c770 |
25-Jan-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_quota: clarifications on matching Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_quota.man
|
6f03bf79952753fbc0dc8611aa4d6e70a108dbc7 |
21-Jan-2011 |
Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> |
Fix listing/saving the new revision of the SET target Instead of the dimension of the set, the max dimension was used at listing/saving the src,dst parameters, which produced broken output.
ibxt_SET.c
|
c8f28cc8b84133f20421470e9a61a5a0c78b9c4a |
20-Jan-2011 |
Patrick McHardy <kaber@trash.net> |
extensions: libxt_conntrack: add support for specifying port ranges Add support for revision 3 of the conntrack match, which allows to specify port ranges for origsrc/origdst/replsrc/repldst. Signed-off-by: Patrick McHardy <kaber@trash.net>
ibxt_conntrack.c
ibxt_conntrack.man
|
6924b4987d88fbe383bec4da4cf331cc466c245e |
20-Jan-2011 |
Florian Westphal <fw@strlen.de> |
extensions: libxt_NFQUEUE: add v2 revision with --queue-bypass option --queue-bypass: if no userpace program is listening on the queue, then allow packets to continue through the ruleset instead of dropping them. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
ibxt_NFQUEUE.c
ibxt_NFQUEUE.man
|
773438bd93851dc1a9129a638925c04868820297 |
20-Jan-2011 |
Thomas Graf <tgraf@redhat.com> |
libxt_AUDIT: add AUDIT target libxt module for the AUDIT target. -j AUDIT --type (accept|reject|drop) Signed-off-by: Thomas Graf <tgraf@redhat.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
ibxt_AUDIT.c
|
5da9e63f66ca190cb90193ebb9eebf5aa523b4d1 |
19-Jan-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_connlimit: support for dstaddr-supporting revision 1 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_connlimit.c
ibxt_connlimit.man
|
2cae5334de3a817947742e0b466355e5f5566474 |
18-Jan-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_connlimit: add a --connlimit-upto option Direct specifications like "upto" are easier to grasp than "not above". This patch adds such an upto variant similar to what libxt_hashlimit already has. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_connlimit.c
ibxt_connlimit.man
|
8d5e773508b154dcfa8d866f68f64ef1ad773957 |
18-Jan-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_connlimit: reword help text to say prefix length Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_connlimit.c
ibxt_connlimit.man
|
9c60365e043a430f74115bbfaf58ce0df7585f49 |
18-Jan-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_quota: print negation when it has been selected Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_quota.c
|
8ad33a34a34ba2bcd360352ad3b7772916832702 |
09-Jan-2011 |
Florian Westphal <fwestphal@astaro.com> |
libxt_time: fix random --datestart skips Frank Lichtenheld points out that -m time --datestart ... sometimes messes up --datestart: $ iptables -A INPUT -m time --datestart 2010-11-24T16:50:00 -j ACCEPT $ iptables-save | grep 11 -A INPUT -m time --datestart 2010-11-24T16:50:00 -j ACCEPT $ iptables-save | iptables-restore $ iptables-save | grep 11 -A INPUT -m time --datestart 2010-11-24T15:50:00 -j ACCEPT --datestart moved by one hour. As the --timestart option does not care about DST, always set dst=0 when parsing --starttime input. Reported-by: Frank Lichtenheld <flichtenheld@astaro.com> Signed-off-by: Florian Westphal <fwestphal@astaro.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
ibxt_time.c
|
63ef52ac6bf8d555779456166009bd2f6b0a1081 |
09-Dec-2010 |
Stephen Beahm <stephenbeahm@comcast.net> |
libipt_REDIRECT: avoid dereference of uninitialized pointer When using --to-ports with a port name instead of a numerical specification, a segfault occurs. References: http://bugzilla.netfilter.org/show_bug.cgi?id=691 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibipt_REDIRECT.c
|
e814c8b894e5b8d1570c18aec2c67dfb0c0a59c0 |
08-Jan-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libipt_CLUSTERIP: const annotations Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibipt_CLUSTERIP.c
|
da580fe55ebf234febf4a8880f53a80870e9088f |
08-Jan-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_sctp: fix a typo Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_sctp.c
|
d09b6d591ca7d7d7575cb6aa20384c9830f777ab |
08-Jan-2011 |
Jan Engelhardt <jengelh@medozas.de> |
extensions: remove no longer necessary default: cases Match and target parse functions now only get option characters they have defined themselves. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibip6t_HL.c
ibip6t_LOG.c
ibip6t_REJECT.c
ibip6t_ah.c
ibip6t_dst.c
ibip6t_frag.c
ibip6t_hbh.c
ibip6t_hl.c
ibip6t_icmp6.c
ibip6t_ipv6header.c
ibip6t_mh.c
ibip6t_rt.c
ibipt_CLUSTERIP.c
ibipt_DNAT.c
ibipt_ECN.c
ibipt_LOG.c
ibipt_MASQUERADE.c
ibipt_NETMAP.c
ibipt_REDIRECT.c
ibipt_REJECT.c
ibipt_SAME.c
ibipt_SNAT.c
ibipt_TTL.c
ibipt_ULOG.c
ibipt_addrtype.c
ibipt_ah.c
ibipt_ecn.c
ibipt_icmp.c
ibipt_realm.c
ibipt_ttl.c
ibxt_CHECKSUM.c
ibxt_CLASSIFY.c
ibxt_CONNMARK.c
ibxt_CONNSECMARK.c
ibxt_CT.c
ibxt_DSCP.c
ibxt_IDLETIMER.c
ibxt_MARK.c
ibxt_NFLOG.c
ibxt_NFQUEUE.c
ibxt_RATEEST.c
ibxt_SECMARK.c
ibxt_SET.c
ibxt_TCPMSS.c
ibxt_TOS.c
ibxt_cluster.c
ibxt_comment.c
ibxt_connbytes.c
ibxt_connlimit.c
ibxt_connmark.c
ibxt_conntrack.c
ibxt_cpu.c
ibxt_dccp.c
ibxt_dscp.c
ibxt_esp.c
ibxt_hashlimit.c
ibxt_helper.c
ibxt_iprange.c
ibxt_ipvs.c
ibxt_length.c
ibxt_limit.c
ibxt_mac.c
ibxt_mark.c
ibxt_multiport.c
ibxt_osf.c
ibxt_physdev.c
ibxt_pkttype.c
ibxt_policy.c
ibxt_quota.c
ibxt_rateest.c
ibxt_recent.c
ibxt_sctp.c
ibxt_set.c
ibxt_state.c
ibxt_statistic.c
ibxt_string.c
ibxt_tcp.c
ibxt_tcpmss.c
ibxt_udp.c
|
7ac405297ec38449b30e3b05fd6bf2082fd3d803 |
07-Jan-2011 |
Jan Engelhardt <jengelh@medozas.de> |
src: use C99/POSIX types "u_int" was a non-standardized extension predating C99 on some platforms. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibip6t_LOG.c
ibip6t_ah.c
ibip6t_dst.c
ibip6t_frag.c
ibip6t_hbh.c
ibip6t_hl.c
ibip6t_icmp6.c
ibip6t_ipv6header.c
ibip6t_mh.c
ibip6t_rt.c
ibipt_CLUSTERIP.c
ibipt_LOG.c
ibipt_NETMAP.c
ibipt_addrtype.c
ibipt_ah.c
ibipt_icmp.c
ibxt_CONNMARK.c
ibxt_DSCP.c
ibxt_MARK.c
ibxt_TOS.c
ibxt_connlimit.c
ibxt_connmark.c
ibxt_conntrack.c
ibxt_dccp.c
ibxt_esp.c
ibxt_hashlimit.c
ibxt_iprange.c
ibxt_ipvs.c
ibxt_length.c
ibxt_limit.c
ibxt_mark.c
ibxt_multiport.c
ibxt_owner.c
ibxt_policy.c
ibxt_quota.c
ibxt_rateest.c
ibxt_sctp.c
ibxt_tcp.c
ibxt_tcpmss.c
ibxt_tos.c
ibxt_u32.c
ibxt_udp.c
os_values.c
|
4a1d810bb52aa5d5c450f7adcde5145d40261b54 |
26-Dec-2010 |
Jan Engelhardt <jengelh@medozas.de> |
xt_comment: remove redundant cast
ibxt_comment.c
|
3a84b3d5de492e40aff7bae5038b06dd6b6041c4 |
15-Dec-2010 |
Patrick McHardy <kaber@trash.net> |
Merge branch 'master' of git://dev.medozas.de/iptables
|
a3f101331deb9314caa0cfa1061c925865e79380 |
11-Dec-2010 |
Jan Engelhardt <jengelh@medozas.de> |
build: stop on error in subcommand make only evaluates $? of an entire shell invocation. As such, if any command in the chain can fail, $? needs to be thrown, and early so. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
NUmakefile.in
|
f3578faae096f191a44742777275a23b566d7566 |
06-Dec-2010 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_owner: output numeric IDs when save is requested References: http://bugzilla.netfilter.org/show_bug.cgi?id=683 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_owner.c
|
d4105ad56335058af4b0b1be1278e01f5c0bd4ac |
04-Dec-2010 |
Jan Engelhardt <jengelh@medozas.de> |
build: fix globbing of extensions in other locales In the fi_FI locale, [a-z] would not include 'w', for example. Rectify this by using [[:alnum:]] (to counter against different ordering) and forcing the POSIX locale (so that the alphabet has at least the 26 base characters). Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
NUmakefile.in
|
4d2a77ff8cb4115925477cd5ce0ea972494107ab |
03-Dec-2010 |
Jan Engelhardt <jengelh@medozas.de> |
socket: add support for revision 1 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_socket.c
ibxt_socket.man
|
9e152fa9f1283ce4f4274cf251b2b2e69bbdfee6 |
03-Dec-2010 |
Jan Engelhardt <jengelh@medozas.de> |
TPROXY: add support for revision 1 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_TPROXY.c
|
b4af04be14560b3fcc6cf23200148d408014a2f5 |
03-Dec-2010 |
Jan Engelhardt <jengelh@medozas.de> |
include: update files with headers from Linux 2.6.37-rc1 Also includes the type change to __u{8,16,32} kernel types already.
ibxt_SECMARK.c
ibxt_time.c
|
2f09f1b39ced2ae7109382dcf066785bab4a966a |
17-Nov-2010 |
Florian Westphal <fwestphal@astaro.com> |
libxt_conntrack: fix --ctdir save/dump output format $ iptables-save | iptables-restore iptables-restore v1.4.6: conntrack: Bad value for "--ctdir" option: "ORIGINAL-j" Signed-off-by: Florian Westphal <fwestphal@astaro.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
ibxt_conntrack.c
|
648fd1ad68ae2ec675ac07efee80783912535404 |
02-Nov-2010 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_TOS: avoid an undesired overflowing computation The @bits parameter was wrongly labeled and should have been @max already. This makes the - overflowing - 1<<bits redundant of course. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
os_values.c
|
0428e5a6541c3f5eaaf683d8da9ea60c44eac4c7 |
03-Aug-2010 |
Jan Engelhardt <jengelh@medozas.de> |
build: fix static linking Gabor Z. Papp noted this link-time error when configuring with --enable-static: extensions/libext4.a(initext4.o): In function "init_extensions": extensions/initext4.c:144: undefined reference to "libxt_IDLETIMER_init" extensions/initext4.c:145: undefined reference to "libxt_TEE_init" Indeed, since the two modules did not use our special macro "_init" (which expands to libxt_foo_init), initext4.c could not find them by that name. Correct this. References: http://marc.info/?l=netfilter&m=128085480927924&w=2 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_IDLETIMER.c
ibxt_TEE.c
|
422342e47c18e70757231f2210b13df8e1f5931c |
02-Aug-2010 |
Changli Gao <xiaosuo@gmail.com> |
libxt_quota: don't ignore the quota value on deletion Don't ignore the quota value on deletion, then we can remove a special rule everytime. Signed-off-by: Changli Gao <xiaosuo@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
ibxt_quota.c
|
c6775d6c192f7e337360f238cc3ab224a406d5b8 |
23-Jul-2010 |
Jan Engelhardt <jengelh@medozas.de> |
doc: consistent use of markup Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_CONNMARK.man
ibxt_MARK.man
ibxt_TOS.man
ibxt_TPROXY.man
ibxt_connlimit.man
ibxt_connmark.man
ibxt_conntrack.man
ibxt_hashlimit.man
ibxt_iprange.man
ibxt_ipvs.man
ibxt_recent.man
ibxt_set.man
ibxt_time.man
ibxt_u32.man
|
32b8e61e4e5bd405d9ad07bf9468498dfbb19f9e |
23-Jul-2010 |
Jan Engelhardt <jengelh@medozas.de> |
all: consistent syntax use in struct option Try to inhibit copypasting old stuff. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibip6t_HL.c
ibip6t_LOG.c
ibip6t_REJECT.c
ibip6t_ah.c
ibip6t_dst.c
ibip6t_frag.c
ibip6t_hbh.c
ibip6t_hl.c
ibip6t_icmp6.c
ibip6t_ipv6header.c
ibip6t_mh.c
ibip6t_rt.c
ibipt_CLUSTERIP.c
ibipt_DNAT.c
ibipt_ECN.c
ibipt_LOG.c
ibipt_MASQUERADE.c
ibipt_NETMAP.c
ibipt_REDIRECT.c
ibipt_REJECT.c
ibipt_SAME.c
ibipt_SNAT.c
ibipt_TTL.c
ibipt_ULOG.c
ibipt_addrtype.c
ibipt_ah.c
ibipt_ecn.c
ibipt_icmp.c
ibipt_realm.c
ibipt_ttl.c
ibxt_CHECKSUM.c
ibxt_CLASSIFY.c
ibxt_CONNMARK.c
ibxt_CONNSECMARK.c
ibxt_CT.c
ibxt_DSCP.c
ibxt_IDLETIMER.c
ibxt_LED.c
ibxt_MARK.c
ibxt_NFLOG.c
ibxt_NFQUEUE.c
ibxt_RATEEST.c
ibxt_SECMARK.c
ibxt_SET.c
ibxt_TCPMSS.c
ibxt_TCPOPTSTRIP.c
ibxt_TOS.c
ibxt_TPROXY.c
ibxt_cluster.c
ibxt_comment.c
ibxt_connbytes.c
ibxt_connlimit.c
ibxt_connmark.c
ibxt_conntrack.c
ibxt_cpu.c
ibxt_dccp.c
ibxt_dscp.c
ibxt_esp.c
ibxt_hashlimit.c
ibxt_helper.c
ibxt_iprange.c
ibxt_ipvs.c
ibxt_length.c
ibxt_limit.c
ibxt_mac.c
ibxt_mark.c
ibxt_multiport.c
ibxt_osf.c
ibxt_owner.c
ibxt_physdev.c
ibxt_pkttype.c
ibxt_policy.c
ibxt_quota.c
ibxt_rateest.c
ibxt_recent.c
ibxt_sctp.c
ibxt_set.c
ibxt_state.c
ibxt_statistic.c
ibxt_string.c
ibxt_tcp.c
ibxt_tcpmss.c
ibxt_time.c
ibxt_tos.c
ibxt_u32.c
ibxt_udp.c
os_values.c
|
854fe779211ffa051009b68b3f07673938b714c5 |
23-Jul-2010 |
Jan Engelhardt <jengelh@medozas.de> |
doc: minimal spelling updates to xt_cpu Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_cpu.man
|
7071387eaa708a82fd572e1a27443c1765c297f9 |
23-Jul-2010 |
Jan Engelhardt <jengelh@medozas.de> |
doc: remove extra empty line from xt_cpu Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_cpu.man
|
10ec8150ad83bddc66431810026daf97c60077d3 |
23-Jul-2010 |
Jan Engelhardt <jengelh@medozas.de> |
doc: let man(1) autoalign the text in xt_cpu Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_cpu.man
|
2d59208943a3a2a6e0e30b6c84bb8ae80d444cd3 |
23-Jul-2010 |
Eric Dumazet <eric.dumazet@gmail.com> |
extension: add xt_cpu match Kernel 2.6.36 supports xt_cpu match In some situations a CPU match permits a better spreading of connections, or select targets only for a given cpu. With Remote Packet Steering or multiqueue NIC and appropriate IRQ affinities, we can distribute trafic on available cpus, per session. (all RX packets for a given flow are handled by a given cpu) Some legacy applications being not SMP friendly, one way to scale a server is to run multiple copies of them. Instead of randomly choosing an instance, we can use the cpu number as a key so that softirq handler for a whole instance is running on a single cpu, maximizing cache effects in TCP/UDP stacks. Using NAT for example, a four ways machine might run four copies of server application, using a separate listening port for each instance, but still presenting an unique external port : iptables -t nat -A PREROUTING -p tcp --dport 80 -m cpu --cpu 0 \ -j REDIRECT --to-port 8080 iptables -t nat -A PREROUTING -p tcp --dport 80 -m cpu --cpu 1 \ -j REDIRECT --to-port 8081 iptables -t nat -A PREROUTING -p tcp --dport 80 -m cpu --cpu 2 \ -j REDIRECT --to-port 8082 iptables -t nat -A PREROUTING -p tcp --dport 80 -m cpu --cpu 3 \ -j REDIRECT --to-port 8083 Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
ibxt_cpu.c
ibxt_cpu.man
|
59ccf53b9414d998afd6169cb2d6ba0f3c249081 |
23-Jul-2010 |
Eric Dumazet <eric.dumazet@gmail.com> |
extensions: REDIRECT: add random help Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
ibipt_REDIRECT.c
|
c36d05e42406966440e3644110d3d2504c4b165c |
23-Jul-2010 |
Hannes Eder <heder@google.com> |
libxt_ipvs: user-space lib for netfilter matcher xt_ipvs The user-space library for the netfilter matcher xt_ipvs. [ trivial up-port by Simon Horman <horms@verge.net.au> ] Signed-off-by: Hannes Eder <heder@google.com> Acked-by: Simon Horman <horms@verge.net.au> Signed-off-by: Patrick McHardy <kaber@trash.net>
ibxt_ipvs.c
ibxt_ipvs.man
|
b14f160c11196aeb99000611207bd353c7ae2cb9 |
15-Jul-2010 |
Patrick McHardy <kaber@trash.net> |
Merge branch 'master' into iptables-next
|
b4fa7222923bc10476b8753f358e871f461eb2db |
15-Jul-2010 |
Luciano Coelho <luciano.coelho@nokia.com> |
extensions: libxt_rateest: fix bps options for iptables-save The output generated by the libxt_rateest extension for bps matches was wrong and could not be restored properly. This patch fixes this problem by using the correct options in the right order when saving the table. Signed-off-by: Luciano Coelho <luciano.coelho@nokia.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
ibxt_rateest.c
|
9d1b11102b53103c00b7fddf4658a4d2bdee1338 |
15-Jul-2010 |
Michael S. Tsirkin <mst@redhat.com> |
extensions: libxt_CHECKSUM extension This adds a `CHECKSUM' target, which can be used in the iptables mangle table. You can use this target to compute and fill in the checksum in a packet that lacks a checksum. This is particularly useful, if you need to work around old applications such as dhcp clients, that do not work well with checksum offloads, but don't want to disable checksum offload in your device. The problem happens in the field with virtualized applications. For reference, see Red Hat bz 605555, as well as http://www.spinics.net/lists/kvm/msg37660.html Typical expected use (helps old dhclient binary running in a VM): iptables -A POSTROUTING -t mangle -p udp --dport bootpc \ -j CHECKSUM --checksum-fill Includes fixes by Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
ibxt_CHECKSUM.c
ibxt_CHECKSUM.man
|
67195a8c8a03d12994e91315e49e3d78c51a385a |
15-Jul-2010 |
Luciano Coelho <luciano.coelho@nokia.com> |
extensions: libxt_IDLETIMER: use xtables_param_act when checking options This patch changes custom error messages for illegal options into the default iptables messages, by using xtables_param_act(). Signed-off-by: Luciano Coelho <luciano.coelho@nokia.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
ibxt_IDLETIMER.c
ibxt_IDLETIMER.man
|
ce06c99ee107102a7168493b55970b53380ebbb6 |
02-Jul-2010 |
Jan Engelhardt <jengelh@medozas.de> |
xt_quota: also document negation Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
ibxt_quota.c
ibxt_quota.man
|
e4540fcb86c2d7f4cdf51c49872847a03a11b433 |
02-Jul-2010 |
Samuel Ortiz <sameo@linux.intel.com> |
extensions: libxt_quota.c: Support option negation The xt_quota_info flags should be set properly for the --quota option negation support. Signed-off-by: Samuel Ortiz <sameo@linux.intel.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
ibxt_quota.c
|
b1c768168ef1f79c4bdd02f6e681e6e1fbb8d533 |
02-Jul-2010 |
Luciano Coelho <luciano.coelho@nokia.com> |
extensions: libxt_rateest: fix typo in the man page There were a few typos in some options in the rateest match section of the man page: --rateest1-bps should be --rateest-bps1 and so on. Signed-off-by: Luciano Coelho <luciano.coelho@nokia.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
ibxt_rateest.man
|
127647892c7cac85baf8da62ed21232baa60f1c9 |
28-Jun-2010 |
Patrick McHardy <kaber@trash.net> |
extensions: libipt_LOG/libip6t_LOG: support macdecode option Signed-off-by: Patrick McHardy <kaber@trash.net>
ibip6t_LOG.c
ibipt_LOG.c
|
78514bc3a9b1b724c9fc904941c5854644865673 |
25-Jun-2010 |
Patrick McHardy <kaber@trash.net> |
Merge branch 'master' of vishnu.netfilter.org:/data/git/iptables
|
e6d0d94139e826f7b5d8446ce174155c04963b07 |
25-Jun-2010 |
Patrick McHardy <kaber@trash.net> |
Merge branch 'master' of git://dev.medozas.de/iptables
|
76f7a230e4182ab2b64a68c9d84437035d925f3b |
24-Jun-2010 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_conntrack: do print netmask References: http://bugzilla.netfilter.org/show_bug.cgi?id=659 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_conntrack.c
|
dd2bbe0b614ad60fb2e267863471836aae424425 |
24-Jun-2010 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_hashlimit: always print burst value iptables -L lists the burst value, and so should iptables -S. I was certainly surprised to see it gone even when explicitly specifying --hashlimit-burst 5 on the command line. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_hashlimit.c
|
d40f1628c3717daebc437a398a285e371b5b6f7f |
16-Jun-2010 |
Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> |
libxt_set: new revision added libipt_set renamed to libxt_set and the support for the forthcoming ipset release added. I have tested backward (IPv4) and forward compatibility (IPv4/IPv6): ipset -N test iphash ipset -A test test-address iptables -N test-set iptables -A test-set -j LOG --log-prefix "match " iptables -A test-set -j DROP iptables -A OUTPUT -m set --match-set test dst -j test-set ping test-address
ibipt_SET.c
ibipt_SET.man
ibipt_set.c
ibipt_set.h
ibipt_set.man
ibxt_SET.c
ibxt_SET.man
ibxt_set.c
ibxt_set.h
ibxt_set.man
|
d96993e50b44b358ea5bd15f3944674eafd62542 |
15-Jun-2010 |
Luciano Coelho <luciano.coelho@nokia.com> |
extensions: add idletimer xt target extension Add the extension plugin for the IDLETIMER x_tables target. Signed-off-by: Luciano Coelho <luciano.coelho@nokia.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
ibxt_IDLETIMER.c
ibxt_IDLETIMER.man
|
4a498502c10e690798aa78eb92e3aed7ce79f4e0 |
08-Jun-2010 |
Shan Wei <shanwei@cn.fujitsu.com> |
xt_sctp: support FORWARD_TSN chunk type The latest kernel has implemented Partial Reliability Extension that defined in RFC3758. This patch adds FORWARD_TSN chunk for tracing. Signed-off-by: Shan Wei<shanwei@cn.fujitsu.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
ibxt_sctp.c
ibxt_sctp.man
|
b9f458f87453a62cea7aeb0441e7a2ac05689f91 |
08-Jun-2010 |
Shan Wei <shanwei@cn.fujitsu.com> |
xt_sctp: Trace DATA chunk that supports SACK-IMMEDIATELY extension SACK-IMMEDIATELY extension has defined in: http://tools.ietf.org/html/draft-tuexen-tsvwg-sctp-sack-immediately-03. And the latest kernel has added a I flag in DATA chunk to support this extension. So let iptables/netfilter can trace it. Signed-off-by: Shan Wei<shanwei@cn.fujitsu.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
ibxt_sctp.c
ibxt_sctp.man
|
fdc19bea817086425c1ad2ad6a2b732eb610fb76 |
04-Jun-2010 |
Jan Engelhardt <jengelh@medozas.de> |
doc: xt_LED: nroff formatting requirements Verbatim dashes need to be backslash-prefixed. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_LED.man
|
7cd3c2edb1dba13867b80dd29b02d6c945fcd03f |
04-Apr-2010 |
Adam Nielsen <a.nielsen@shikadi.net> |
extensions: add the LED target For the xt_LED target introduced in Linux 2.6.31. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_LED.c
ibxt_LED.man
|
c5424b94a548cd549b2be1396ce35f82f2df18bf |
04-Jun-2010 |
Jan Engelhardt <jengelh@medozas.de> |
doc: xt_hashlimit: fix a typo References: http://bugzilla.netfilter.org/show_bug.cgi?id=646 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_hashlimit.man
|
2b253f4b2c321066b4301a5a8d47b37fc69e6f80 |
04-Jun-2010 |
Jan Engelhardt <jengelh@medozas.de> |
doc: xt_string: correct copy-and-pasting in manpage References: http://bugzilla.netfilter.org/show_bug.cgi?id=653 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_string.man
|
8532c70fd182057b440b41f013d8021a95bd72b2 |
21-May-2010 |
Patrick McHardy <kaber@trash.net> |
Revert "Revert "Merge branch 'iptables-next'"" This reverts commit 110c1e4502e21ea38e0980e6f8af857d24330099. Revert the revert to restore the TEE target.
ibxt_TEE.c
ibxt_TEE.man
|
110c1e4502e21ea38e0980e6f8af857d24330099 |
21-May-2010 |
Patrick McHardy <kaber@trash.net> |
Revert "Merge branch 'iptables-next'" This reverts commit 65414babaebcd403e9bf2c27d9d74adb369bf3aa, reversing changes made to 7278461dfad72e2008585dd0bac0e889e5bba99e. Forgot to commit the version increase.
ibxt_TEE.c
ibxt_TEE.man
|
65414babaebcd403e9bf2c27d9d74adb369bf3aa |
20-May-2010 |
Patrick McHardy <kaber@trash.net> |
Merge branch 'iptables-next'
|
7278461dfad72e2008585dd0bac0e889e5bba99e |
20-May-2010 |
Dmitry V. Levin <ldv@altlinux.org> |
extensions: MASQUERADE: fix --to-ports parser Rewrite port range validator to use xtables_strtoui() and xtables_param_act(). Original check failed to recognize such port range errors as "1a-2" and "1-2a". Also, original parser erroneously denied using port 0, which is now allowed. Signed-off-by: Dmitry V. Levin <ldv@altlinux.org> Signed-off-by: Patrick McHardy <kaber@trash.net>
ibipt_MASQUERADE.c
|
84d758b3bc3121a5603261699c474f64672ef9f6 |
14-May-2010 |
Dmitry V. Levin <ldv@altlinux.org> |
extensions: REDIRECT: fix --to-ports parser Rewrite port range validator to use xtables_strtoui() and xtables_param_act(). Original check failed to recognize several types of port range errors, including: "-1", "-1a", "-1-a", "a-1", "1a-2", "1-2a", etc. Also, original parser erroneously denied using port 0, which is now allowed. Signed-off-by: Dmitry V. Levin <ldv@altlinux.org> Signed-off-by: Patrick McHardy <kaber@trash.net>
ibipt_REDIRECT.c
|
d990c6d9a0bcb5e5469db35d392d587bf5753a51 |
13-May-2010 |
Patrick McHardy <kaber@trash.net> |
Merge branch 'master' of git://dev.medozas.de/iptables into iptables-next
|
afbac0d462328d798f8612d3e793506c0a135a17 |
10-May-2010 |
Simon Lodal <simonl@parknet.dk> |
libxt_conntrack: document --ctstate UNTRACKED Signed-off-by: Simon Lodal <simonl@parknet.dk> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
ibxt_conntrack.man
ibxt_state.man
|
bed2ba957d545b50c3eae6fb28fc0decadbc0dcb |
09-May-2010 |
Pablo Neira Ayuso <pablo@netfilter.org> |
CT: fix --ctevents parsing This patch fixes the following problem: # iptables -t raw -I PREROUTING -t raw -j CT --ctevents assured iptables v1.4.7: Unknown event type "assured" Try `iptables -h' or 'iptables --help' for more information. However, `assured' is one of the supported arguments for --ctevents. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
ibxt_CT.c
|
ada4ff6155a02b0aed8400e46f34e72c91e36277 |
21-Apr-2010 |
Vincent Bernat <bernat@luffy.cx> |
iprange: fix xt_iprange v0 parsing iprange_parse() was incomplete and did not include parsed ranges into ipt_iprange_info structure resulting in always adding range 0.0.0.0-0.0.0.0 in the kernel. Moreover, when using --dst-range, error messages may display --src-range instead. Fix this too. Signed-off-by: Vincent Bernat <bernat@luffy.cx> Signed-off-by: Patrick McHardy <kaber@trash.net>
ibxt_iprange.c
|
9f27e6b6f8638bde93e9901e999287ad5118f17c |
20-Apr-2010 |
Patrick McHardy <kaber@trash.net> |
libxt_CT: print conntrack zone in ->print/->save Signed-off-by: Patrick McHardy <kaber@trash.net>
ibxt_CT.c
|
c303bb0594fae1c4fd1097b2ce0814c5ffd0edc7 |
19-Apr-2010 |
Jan Engelhardt <jengelh@medozas.de> |
extensions: add support for xt_TEE xt_TEE is firstly included in Linux 2.6.35. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_TEE.c
ibxt_TEE.man
|
db6d027bb9626129617ea3a3f2fe4b87ab307bf6 |
27-Mar-2010 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_osf: import nfnl_osf program xt_osf is pretty useless without the actual fingerprint loader. Import nfnl_osf-2009-06-07 and make it a part of the iptables distribution. Cc: Evgeniy Polyakov <johnpol@2ka.mxt.ru> Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_osf.man
|
23e718b525f96b95510f50d20161c2bd92824ff1 |
27-Mar-2010 |
Jan Engelhardt <jengelh@medozas.de> |
doc: add manpage for libxt_osf Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_osf.c
ibxt_osf.man
|
204a253e63f8e0d270d51796a7db057135c3c609 |
17-Mar-2010 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_recent: add a missing space in output Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_recent.c
|
937998088f9cf8518f8af57ff2d0b5500e247eb3 |
17-Mar-2010 |
Jan Engelhardt <jengelh@medozas.de> |
doc: remove claim that TCPMSS is limited to mangle There was no real restriction, and in fact, the kernel module never had such a limitation in the last years. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_TCPMSS.man
|
c9be7f153f7bf112640057a0cb6108b686041029 |
16-Mar-2010 |
Jan Engelhardt <jengelh@medozas.de> |
doc: libxt_MARK: no longer restricted to mangle table MARK used to be limited to the mangle table, but there was no real restriction. References: http://marc.info/?l=netfilter-devel&m=126806510332668&w=2 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_MARK.man
|
89b6c32f88be47e83c3f6e7f8fee812088cb8c22 |
11-Mar-2010 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_CT: add a manpage Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_CT.c
ibxt_CT.man
|
3324ac52c80a6213b4bafa007f7b566a2f7ba071 |
11-Mar-2010 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_comment: avoid use of IPv4-specific examples Since libxt_comment.man is included in both iptables.8 and ip6tables.8, we should probably try to create examples that do not rely on either address family. References: http://bugs.debian.org/572628 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_comment.man
|
9fdbaa71452edaac9d5906716c15937f670341fa |
08-Mar-2010 |
Patrick McHardy <kaber@trash.net> |
extensions: add CT extension Signed-off-by: Patrick McHardy <kaber@trash.net>
ibxt_CT.c
|
350661a6eb089f3e54e67e022db9e16ea280499f |
31-Jan-2010 |
Jan Engelhardt <jengelh@medozas.de> |
includes: header updates Update the shipped Linux kernel headers from 2.6.33-rc6, as iptables's ipt_ECN.h for example references ipt_DSCP.h, which no longer exists. Since a number of old code pieces have been removed in the kernel in that fashion, the structs for older versions are moved into the .c file, to keep header updating simple. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_CONNMARK.c
ibxt_MARK.c
ibxt_TOS.c
ibxt_connmark.c
ibxt_conntrack.c
ibxt_iprange.c
ibxt_mark.c
ibxt_owner.c
ibxt_tos.c
os_values.c
|
028ad9ec6d5c27c107c9a7a316617cbe366abb0f |
31-Jan-2010 |
Jan Engelhardt <jengelh@medozas.de> |
policy: fix error message showing wrong option
ibxt_policy.c
|
cd46b143c32f2cf76ada7a9503243ba9e45bb163 |
19-Jan-2010 |
Jan Engelhardt <jengelh@medozas.de> |
doc: mention requirement of additional packages for ipset References: https://bugzilla.novell.com/561177 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibipt_SET.man
ibipt_set.man
|
2d8f775cc03638d53053b3a448ca505646441542 |
19-Jan-2010 |
Jan Engelhardt <jengelh@medozas.de> |
doc: fix limit manpage to reflect actual supported syntax References: https://bugzilla.novell.com/561179 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_limit.man
|
27c8d2a55a40c4a6232a76924f524ca7368e4b36 |
19-Jan-2010 |
Jan Engelhardt <jengelh@medozas.de> |
doc: fix recent manpage to reflect actual supported syntax References: https://bugzilla.novell.com/561180 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_recent.man
|
6ce22ff936611347f1154c8546c93f4781be199d |
19-Jan-2010 |
Jan Engelhardt <jengelh@medozas.de> |
recent: reorder cases in code (cosmetic cleanup) Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_recent.c
|
b1f40e1d31b900f90fd5641a483788ed9cb91c64 |
24-Nov-2009 |
Patrick McHardy <kaber@trash.net> |
Merge branch 'master' of git://dev.medozas.de/iptables
|
f294f843473718f8d32745600b9a97c0b799e7c5 |
20-Nov-2009 |
Patrick McHardy <kaber@trash.net> |
conntrack: fix --expires parsing Using ranges in --ctexpire results in a parsing error: conntrack: Bad value for "--expires" option: "1:1000" The first value is parsed twice, after which the end pointer doesn't point to the expected '\0' but to the colon. Signed-off-by: Patrick McHardy <kaber@trash.net>
ibxt_conntrack.c
|
7573631fa9f6f15b28a13cc5d22f2a446f69fd64 |
17-Nov-2009 |
Jan Engelhardt <jengelh@medozas.de> |
doc: explain experienced --hitcount limit Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_recent.man
|
588b615bc78ddef3752f356d1e243129c4dbba96 |
12-Nov-2009 |
Patrick McHardy <kaber@trash.net> |
extensions: add osf extension From Evgeniy Polyakov <zbr@ioremap.net> Signed-off-by: Patrick McHardy <kaber@trash.net>
ibxt_osf.c
|
596c69007acb569843391e4c98dc21d6f2336e7b |
06-Nov-2009 |
Patrick McHardy <kaber@trash.net> |
DNAT: fix incorrect check during parsing Specifying --random before --to-dest results in: Multiple --to-destination not supported Fix the flags check to only test the IPT_DNAT_OPT_DEST bit. Signed-off-by: Patrick McHardy <kaber@trash.net>
ibipt_DNAT.c
|
5fdf032a02b671bc1a18cec0e803c17c64175ab1 |
04-Nov-2009 |
Jan Engelhardt <jengelh@medozas.de> |
CONNMARK: print mark rules with mask 0xffffffff as set instead of xset Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_CONNMARK.c
|
3d915e1ac610bce44250b4aea556f4726387388d |
04-Nov-2009 |
Patrick McHardy <kaber@trash.net> |
MARK: print mark rules with mask 0xffffffff as --set-mark instead of --set-xmark Signed-off-by: Patrick McHardy <kaber@trash.net>
ibxt_MARK.c
|
bbe83862a5e1baf15f7c923352d4afdf59bc70e2 |
24-Oct-2009 |
Jan Engelhardt <jengelh@medozas.de> |
iptables/extensions: make bundled options work again When using a bundled option like "-ptcp", 'argv[optind-1]' would logically point to "-ptcp", but this is obviously not right. 'optarg' is needed instead, which if properly offset to "tcp". Not all places change optind-based access to optarg; where look-ahead is needed, such as for tcp's --tcp-flags option for example, optind is ok. References: http://bugzilla.netfilter.org/show_bug.cgi?id=611 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibip6t_ah.c
ibip6t_dst.c
ibip6t_frag.c
ibip6t_hbh.c
ibip6t_hl.c
ibip6t_icmp6.c
ibip6t_ipv6header.c
ibip6t_mh.c
ibip6t_rt.c
ibipt_SET.c
ibipt_addrtype.c
ibipt_ah.c
ibipt_icmp.c
ibipt_realm.c
ibipt_set.c
ibxt_comment.c
ibxt_connbytes.c
ibxt_connlimit.c
ibxt_conntrack.c
ibxt_dccp.c
ibxt_dscp.c
ibxt_esp.c
ibxt_hashlimit.c
ibxt_length.c
ibxt_limit.c
ibxt_mac.c
ibxt_multiport.c
ibxt_physdev.c
ibxt_pkttype.c
ibxt_rateest.c
ibxt_sctp.c
ibxt_state.c
ibxt_string.c
ibxt_tcp.c
ibxt_tcpmss.c
ibxt_u32.c
ibxt_udp.c
|
bf97128c7262f17a02fec41cdae75b472ba77f88 |
03-Nov-2009 |
Jan Engelhardt <jengelh@medozas.de> |
libxtables: hand argv to xtables_check_inverse In going to fix NF bug #611, "argv" is needed in xtables_check_inverse to set "optarg" to the right spot in case of an intrapositional negation. References: http://bugzilla.netfilter.org/show_bug.cgi?id=611 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibip6t_HL.c
ibip6t_LOG.c
ibip6t_REJECT.c
ibip6t_ah.c
ibip6t_dst.c
ibip6t_frag.c
ibip6t_hbh.c
ibip6t_hl.c
ibip6t_icmp6.c
ibip6t_ipv6header.c
ibip6t_mh.c
ibip6t_rt.c
ibipt_DNAT.c
ibipt_LOG.c
ibipt_MASQUERADE.c
ibipt_NETMAP.c
ibipt_REDIRECT.c
ibipt_REJECT.c
ibipt_SAME.c
ibipt_SET.c
ibipt_SNAT.c
ibipt_TTL.c
ibipt_ULOG.c
ibipt_addrtype.c
ibipt_ah.c
ibipt_ecn.c
ibipt_icmp.c
ibipt_realm.c
ibipt_set.c
ibipt_ttl.c
ibxt_NFLOG.c
ibxt_cluster.c
ibxt_comment.c
ibxt_connbytes.c
ibxt_connlimit.c
ibxt_connmark.c
ibxt_conntrack.c
ibxt_dccp.c
ibxt_dscp.c
ibxt_esp.c
ibxt_hashlimit.c
ibxt_helper.c
ibxt_iprange.c
ibxt_length.c
ibxt_limit.c
ibxt_mac.c
ibxt_mark.c
ibxt_multiport.c
ibxt_physdev.c
ibxt_pkttype.c
ibxt_policy.c
ibxt_quota.c
ibxt_rateest.c
ibxt_recent.c
ibxt_sctp.c
ibxt_state.c
ibxt_string.c
ibxt_tcp.c
ibxt_tcpmss.c
ibxt_udp.c
|
7fa7329fc972513021131416dbd9d535141bd2ea |
18-Sep-2009 |
Jan Engelhardt <jengelh@medozas.de> |
iprange: roll address parsing into a loop
ibxt_iprange.c
|
648a7bafa7acc33d986f113275a20199a6ad2aaa |
18-Sep-2009 |
Jan Engelhardt <jengelh@medozas.de> |
iprange: warn on reverse range
ibxt_iprange.c
|
a10a12afee2083d240a304ceac7f3d9902a6f60a |
18-Sep-2009 |
Jan Engelhardt <jengelh@medozas.de> |
iprange: do accept non-ranges for xt_iprange v1 [fill in details]
ibxt_iprange.c
|
4a0fbe37a9879ade6a6bf99ab105316284eb4102 |
24-Oct-2009 |
Jan Engelhardt <jengelh@medozas.de> |
realm: remove static initializations Save a little disk space, they are initialized to zero anyway. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibipt_realm.c
|
22bdd6966f2c3ccded984a37ba0b97470bcf9323 |
16-Oct-2009 |
Tim Small <tim@buttersideup.com> |
doc: update TCPMSS manpage with Linux 2.6.25 changes References: http://bugs.debian.org/551272 [j.eng: modified --set-mss option description to be understandable] Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_TCPMSS.man
|
7b041d47428cdbc3da522d8194c2568ef5db0e5d |
21-Oct-2009 |
sobtwmxt <sobtwmxt@sdf.lonestar.org> |
doc: fix typo in length manpage References: http://bugs.debian.org/551867 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_length.man
|
bc57906530df924324efef494a4fcff65d25e4ce |
05-Oct-2009 |
Jan Engelhardt <jengelh@medozas.de> |
doc: mention maximum mark size in manpages
ibxt_CONNMARK.man
ibxt_MARK.man
ibxt_SECMARK.man
|
cdff3088dbab62bba0ab1d4311263a032e4bde14 |
24-Aug-2009 |
Patrick McHardy <kaber@trash.net> |
man: fix incorrect plural in libipt_set.man Signed-off-by: Patrick McHardy <kaber@trash.net>
ibipt_set.man
|
352ccfb847dfd290a7b761cd87445a48e551acb5 |
20-Aug-2009 |
Jan Engelhardt <jengelh@medozas.de> |
manpages: more fixes to minuses, hyphens, dashes Debian still carries patches patches to the iptables nroff code touching ASCII minuses, so I thought, what's it this time. Eventually, this patch tries to straighten things once more, per http://en.wikipedia.org/wiki/Wikipedia:Manual_of_Style#Hyphens and http://en.wikipedia.org/wiki/Wikipedia:Manual_of_Style#Dashes . Titles will get the em dash; all typed commands or parameters with a hyphen get a minus (so that man(1) hyperlinking and copy-pasting does work), but other mentions get the hyphen. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
ibxt_NFLOG.man
ibxt_connbytes.man
|
cfb048f5b5778a57144b00866cd0734e9617a4ea |
20-Aug-2009 |
Laurence J. Lane <ljlane@debian.org> |
manpage: fix lintian warnings Description: extraneous slash caused this lintian warning: W: iptables: manpage-has-errors-from-man usr/share/man/man8/iptables.8.gz 220: cannot use newline as a starting delimiter W: iptables: manpage-has-errors-from-man usr/share/man/man8/ip6tables.8.gz 1823: warning: `precedence'' not defined Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
ibxt_TOS.man
|
4a682aa233ea02b342a9cc827d25e4c6c11dd349 |
20-Aug-2009 |
Trent W. Buck <trentbuck@gmail.com> |
ipt_set: fix a typo in the manpage References: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=539101 Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
ibipt_set.man
|
4282d89a798adcf50973a22c5a17563b5e9421cb |
20-Aug-2009 |
Florian Westphal <fwestphal@astaro.com> |
libxt_NFQUEUE: add new v1 version with queue-balance option New version that adds support for specifying a queue range instead of a single queue id. The kernel will distribute flows across the given queue range. This is useful for multicore systems, simply start multiple instances of the userspace program on queues x, x+1, .. x+n and use "--queue-balance x:x+n". Packets belonging to the same connection are put into the same queue. With fixes from Jan Engelhardt. Signed-off-by: Florian Westphal <fwestphal@astaro.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
ibxt_NFQUEUE.c
ibxt_NFQUEUE.man
|
8e4dacaed17701cb1891b962bb856e0e8cfbb5c8 |
05-Aug-2009 |
Jan Engelhardt <jengelh@medozas.de> |
Merge branch 'stable' Conflicts: extensions/libxt_conntrack.c Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
b79ec69027fd8b65e7eccd78a445b6665e8ad53b |
23-Jul-2009 |
Jan Engelhardt <jengelh@medozas.de> |
build: combine iptables-multi and iptables-static Changed the Makefile so that: 1. --enable-shared / --disable-shared control the linkage against libdl (and thus the potential to use 3rd party extensions) 2. --enable-static / --disable-static controls whether shipped extensions are built-in or provided as modules iptables-static becomes redundant by this action; iptables-multi now has the feature. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
NUmakefile.in
|
f2a77520693f0a6dd1df1f87be4b81913961c1f5 |
25-Jun-2009 |
Jan Engelhardt <jengelh@medozas.de> |
extensions: collapse data variables to use multi-reg calls Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibipt_addrtype.c
ibxt_CONNMARK.c
ibxt_MARK.c
ibxt_TOS.c
ibxt_connlimit.c
ibxt_connmark.c
ibxt_conntrack.c
ibxt_hashlimit.c
ibxt_iprange.c
ibxt_mark.c
ibxt_multiport.c
ibxt_owner.c
ibxt_policy.c
ibxt_string.c
ibxt_tos.c
|
7d68df47fad305673958351a4e2a5c6e75927caa |
12-Jun-2009 |
Jan Engelhardt <jengelh@medozas.de> |
extensions: remove empty help and parse functions Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibip6t_eui64.c
ibipt_MIRROR.c
ibipt_unclean.c
ibxt_NOTRACK.c
ibxt_TRACE.c
ibxt_socket.c
ibxt_standard.c
|
c5e85736c207f211d82d2878a5781f512327dfce |
12-Jun-2009 |
Jan Engelhardt <jengelh@medozas.de> |
extensions: collapse registration structures There are no different code paths between IPV4 and IPV6, so data can be consolidated here. text data bss dec hex filename 243757 12212 2576 258545 3f1f1 ip6tables-static[before.i586] 243613 9428 2576 255617 3e681 ip6tables-static[after.i586] -144 -2784 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_CONNMARK.c
ibxt_CONNSECMARK.c
ibxt_DSCP.c
ibxt_MARK.c
ibxt_NFLOG.c
ibxt_NFQUEUE.c
ibxt_NOTRACK.c
ibxt_TCPOPTSTRIP.c
ibxt_TOS.c
ibxt_comment.c
ibxt_connbytes.c
ibxt_connmark.c
ibxt_dccp.c
ibxt_dscp.c
ibxt_esp.c
ibxt_hashlimit.c
ibxt_helper.c
ibxt_mac.c
ibxt_owner.c
ibxt_physdev.c
ibxt_recent.c
ibxt_sctp.c
ibxt_state.c
ibxt_tcp.c
ibxt_tcpmss.c
ibxt_tos.c
ibxt_udp.c
|
efebafa0021f36f4547b7fcc47620274f333e001 |
25-Jun-2009 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_helper: fix invalid passed option to check_inverse Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_helper.c
|
b97b42147ea65d7d24d70a2ffe925dbf091f26bc |
25-Jun-2009 |
Jan Engelhardt <jengelh@medozas.de> |
xt_conntrack: revision 2 for enlarged state_mask member This complements the xt_conntrack revision 2 code added to the kenrel. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_conntrack.c
|
4ada8440f43e8335c96706b749f606b527c8a038 |
11-Jun-2009 |
Patrick McHardy <kaber@trash.net> |
Merge branch 'stable' of git://dev.medozas.de/iptables
|
2d280014e281b520280b1a11662aea0da2ffc59c |
11-Jun-2009 |
Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> |
Updated set/SET match and target to support multiple ipset protocols. By checking the protocol version of the kernel part, the sockopt type of ipset protocols are all supported. Forward compatibility with the netlink based protocol is missing. The --set option of the set match is replaced by --match-set to avoid clashing with the recent match, but the old option is also kept. Manpages are updated, references to bindings removed.
ibipt_SET.c
ibipt_SET.man
ibipt_set.c
ibipt_set.h
ibipt_set.man
|
18c475d7040abc6d3094ee0348904deafe997508 |
10-Jun-2009 |
Jan Engelhardt <jengelh@medozas.de> |
manpages: markup corrections The manpage of xt_cluster and xt_recent had some unclosed tags. Backslashes in commands are also not wanted because manpages are a freeform, automatically-wrapped text. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_TCPMSS.man
ibxt_TPROXY.man
ibxt_cluster.man
ibxt_connlimit.man
ibxt_recent.man
|
a3726818e07d47136010f09762637a3e597329e3 |
07-Jun-2009 |
kd6lvw <kd6lvw@yahoo.com> |
libxt_connlimit: initialize v6_mask When converting "--connlimit-mask $bits" to a 128-bit v6 mask, the code uses a left shift on v6_mask[n]. This requires v6_mask to be filled with all one-bits beforehand, but this initialization was not done. References: http://bugzilla.netfilter.org/show_bug.cgi?id=597 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_connlimit.c
|
ae737f0070c9aaccb722ba342b12043fb124d9e2 |
06-Jun-2009 |
Ian Bruce <ian_bruce@fastmail.net> |
libxt_tcp: manpage corrections and suggestions From: Ian Bruce <ian_bruce@fastmail.net> The commit corrects some minor errors in the iptables(8) man page, related to port ranges in the "tcp" module. Reference: http://bugs.debian.org/531677 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_tcp.man
|
156f58692bbe9e509b32670f93582bead785c926 |
21-May-2009 |
Frank Tobin <ftobin+netfilter@neverending.org> |
libxt_tcp: fix a manpage syntax typo Reference: http://bugzilla.netfilter.org/show_bug.cgi?id=596 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_tcp.man
|
ecd48dd6ba534deea7fd4d0ce20c7b5c00f4128f |
08-Jun-2009 |
Jan Engelhardt <jengelh@medozas.de> |
extensions: remove redundant casts Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
ibipt_realm.c
ibxt_multiport.c
|
6d7d91e86729e3b2bcca6821409e8d78e83430e7 |
08-Jun-2009 |
Jan Engelhardt <jengelh@medozas.de> |
DNAT/SNAT: add manpage documentation for --persistent flag Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
ibipt_DNAT.man
ibipt_SAME.man
ibipt_SNAT.man
|
42979363f3958b4436c6d2503753c182c58e55ea |
01-Jun-2009 |
Jan Engelhardt <jengelh@medozas.de> |
extensions: use NFPROTO_UNSPEC for .family field This constant would be the designated one for the .family field; it also, given recent changes, makes grep for NFPROTO_UNSPEC work to finally recollect all manpages. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_CLASSIFY.c
ibxt_MARK.c
ibxt_RATEEST.c
ibxt_SECMARK.c
ibxt_TRACE.c
ibxt_cluster.c
ibxt_length.c
ibxt_limit.c
ibxt_mark.c
ibxt_pkttype.c
ibxt_quota.c
ibxt_rateest.c
ibxt_standard.c
ibxt_statistic.c
ibxt_string.c
ibxt_time.c
ibxt_u32.c
|
cdcfd887b0dcb3c5cff3c2ae49fc34d0cbac5c44 |
01-Jun-2009 |
Jan Engelhardt <jengelh@medozas.de> |
build: fix manpage collection Florian Westphal points out that v1.4.3.2-9-gc304d77 greps for the keyword in the wrong file, and that files with NFPROTO_UNSPEC are skipped. This patch corrects that part, and makes `make` now output the manpages it collected. Reported-by: Florian Westphal <fw@strlen.de> Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
NUmakefile.in
|
67cf1a928952f1d1ca32f529d78036cebc1b8800 |
01-Jun-2009 |
Jan Engelhardt <jengelh@medozas.de> |
policy: merge ipv6 and ipv4 variant The files duplicate most of their code, and struct ipt_policy_info being defined to xt_policy_info makes them actually have even more in common. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibip6t_policy.c
ibipt_policy.c
ibxt_policy.c
|
cd30054544021bad206efb6b98df640528e1cba1 |
31-May-2009 |
Jan Engelhardt <jengelh@medozas.de> |
policy: use direct xt_policy_info instead of ipt/ip6t Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibip6t_policy.c
ibipt_policy.c
|
9d08310f7611b044ad40f4b1c240d9012fbe050f |
31-May-2009 |
Jan Engelhardt <jengelh@medozas.de> |
libip6t_policy: remove redundant functions Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibip6t_policy.c
|
c304d776e9bf546829c90d0cbaeae6a3a79ef9db |
26-May-2009 |
Jan Engelhardt <jengelh@medozas.de> |
manpages: do not include v4-only modules in ip6tables manpage References: http://bugs.debian.org/529954 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
NUmakefile.in
|
74670b185f8f92c499e1a67139405524da32fc66 |
13-May-2009 |
Jan Engelhardt <jengelh@medozas.de> |
addrtype: fix one manpage type References: http://bugs.debian.org/528457 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibipt_addrtype.man
|
2c69b55e55f2efc5a334b87ccdceaa9de0ecb658 |
30-Apr-2009 |
Jan Engelhardt <jengelh@medozas.de> |
iptables: replace open-coded sizeof by ARRAY_SIZE Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
scp_helper.c
ibip6t_LOG.c
ibip6t_REJECT.c
ibip6t_icmp6.c
ibip6t_ipv6header.c
ibip6t_mh.c
ibipt_LOG.c
ibipt_REJECT.c
ibipt_icmp.c
ibxt_dccp.c
ibxt_hashlimit.c
ibxt_limit.c
ibxt_pkttype.c
ibxt_sctp.c
ibxt_tcp.c
|
69f564e3890976461de0016cd81171ff8bfa8353 |
26-May-2009 |
Jan Engelhardt <jengelh@medozas.de> |
extensions: add const qualifiers in print/save functions Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibip6t_hl.c
ibipt_DNAT.c
ibipt_MASQUERADE.c
ibipt_NETMAP.c
ibipt_REDIRECT.c
ibipt_SAME.c
ibipt_SET.c
ibipt_SNAT.c
ibipt_realm.c
ibipt_set.c
ibxt_CONNSECMARK.c
ibxt_RATEEST.c
ibxt_SECMARK.c
ibxt_comment.c
ibxt_connbytes.c
ibxt_connmark.c
ibxt_conntrack.c
ibxt_hashlimit.c
ibxt_helper.c
ibxt_limit.c
ibxt_mark.c
ibxt_physdev.c
ibxt_pkttype.c
ibxt_quota.c
ibxt_rateest.c
ibxt_state.c
ibxt_statistic.c
ibxt_time.c
|
cd958a6c92c84095a439780b53832bb3aae2d512 |
06-May-2009 |
Pablo Neira Ayuso <pablo@netfilter.org> |
extensions: add `cluster' match support This patch adds support for the cluster match to iptables. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
ibxt_cluster.c
ibxt_cluster.man
|
467fa9fe70f08342a50b859ddd431c848a956679 |
17-Apr-2009 |
Patrick McHardy <kaber@trash.net> |
SNAT/DNAT: add support for persistent multi-range NAT mappings Add support for persistent mappings (2.6.29-rc2+) as replacement for the removed SAME target. Signed-off-by: Patrick McHardy <kaber@trash.net>
ibipt_DNAT.c
ibipt_SNAT.c
|
093d5fc9d1826b8f0ccfbb3160c98a3c844d0273 |
05-Apr-2009 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_conntrack: properly output negation symbol Because the wrong flag was checked, the "!" was either wrongly printed, or not printed at all. This was broken since v1.4.0-29-ga8ad34c. Reported-by: Steven Jan Springl <steven@springl.ukfsn.org> Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_conntrack.c
|
c9ccba543b52cb443f110670420967ac6a41c302 |
04-Apr-2009 |
Jan Engelhardt <jengelh@medozas.de> |
CLASSIFY: document non-standard interpretation behavior Most other extensions use strtoul (by means of xtables_strtoui) and would abide by the standard convention of hex/octal prefixes 0x/0, and decimal otherwise, but CLASSIFY is an exception. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_CLASSIFY.c
ibxt_CLASSIFY.man
|
a094eb0f2a57592b6f3cf42fdbb9d49fead2d57c |
03-Apr-2009 |
Jan Engelhardt <jengelh@medozas.de> |
build: add configure option to disable ipv4 iptables This patch complements the previous one. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
NUmakefile.in
|
8e58613df53f5f83e8ab92dec61d8065c68d967d |
03-Apr-2009 |
Jan Engelhardt <jengelh@medozas.de> |
build: add configure option to disable ip6tables This also skips building the IPv6 extensions. It does not #ifdef out all code however, I think that would make it too ugly. Inspired-by: http://bugzilla.netfilter.org/show_bug.cgi?id=560 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
NUmakefile.in
|
ed7925b77010dd17531ea0424b49d2b72af4add9 |
24-Mar-2009 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_tcpmss: fix an inversion while parsing --mss Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_tcpmss.c
|
bf02bd290c03fd47b256258e06157f4d9d76e46d |
24-Mar-2009 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_hashlimit: add missing space for iptables-save output Reference: http://bugzilla.netfilter.org/show_bug.cgi?id=568 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_hashlimit.c
|
421157976351606bee0d2a33acee89178521f78a |
19-Mar-2009 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_comment: output quotes must be escaped in Reference: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=519584 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_comment.c
|
71bc61f926ca2d8ec57d9fbd698c2af32c9a9f64 |
17-Mar-2009 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_connbytes: document nf_ct_acct behavior Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_connbytes.man
|
a73a34ad9c9bb30dafbd7b5ca15b902e83c50ee2 |
17-Mar-2009 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_connbytes: minor manpage adustments Use explicit paragraph separator and conntrack(8). Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_connbytes.man
|
38725a4411b0e0f34a3077e37b0be860352085a8 |
15-Mar-2009 |
Jan Engelhardt <jengelh@medozas.de> |
Merge commit 'nf/master'
|
409f2a8e3b2706c8c6c5e345a4bc77fca8ad7105 |
02-Mar-2009 |
Pablo Neira Ayuso <pablo@netfilter.org> |
string: fix wrong pattern length calculation This fixes a problem introduced in 37b4bde745698bf140d74e59a2561f34deeb8726 that leads to the wrong calculation of the pattern length in the string match. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
ibxt_string.c
|
4e41854423b529d3107c23b85434d50a75d08057 |
21-Feb-2009 |
Jan Engelhardt <jengelh@medozas.de> |
extensions: add missing limits.h include Thanks to Stephen Hemminger for noticing. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibip6t_icmp6.c
ibipt_DNAT.c
ibipt_MASQUERADE.c
ibipt_REDIRECT.c
ibipt_SNAT.c
ibipt_icmp.c
ibxt_multiport.c
|
978e27e8f8c2e49d0528c6c4ae3a56627fbe8492 |
21-Feb-2009 |
Jan Engelhardt <jengelh@medozas.de> |
include: resynchronize headers with 2.6.29-rc5 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibipt_DNAT.c
ibipt_MASQUERADE.c
ibipt_NETMAP.c
ibipt_REDIRECT.c
ibipt_SAME.c
ibipt_SNAT.c
|
da68957303dea58632466d79d52f83bcbbca8925 |
21-Feb-2009 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_policy: use bounded strtoui reqid and SPI can only have a value in the range 0..UINT32_MAX, not the entire range of the "long" type. Also throw an error if the incoming string does not look like a pure number. "Replaces" commit 6db2ded2f22a7e78743c86af523b8430876582e9. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibip6t_policy.c
ibipt_policy.c
|
afe6b357db60c7d70379a27360c10a352bf55203 |
21-Feb-2009 |
Jan Engelhardt <jengelh@medozas.de> |
extensions: remove unwanted/add needed includes for IPv4 exts Most touched files do not use anything from ip_tables.h, so remove that #include. multiport instead, does need it (ipt_entry). Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibipt_CLUSTERIP.c
ibipt_DNAT.c
ibipt_ECN.c
ibipt_LOG.c
ibipt_MIRROR.c
ibipt_NETMAP.c
ibipt_REJECT.c
ibipt_SAME.c
ibipt_SET.c
ibipt_TTL.c
ibipt_ULOG.c
ibipt_addrtype.c
ibipt_ecn.c
ibipt_policy.c
ibipt_ttl.c
ibxt_multiport.c
|
2bc9d348e11820567685670147bd58deef2f938f |
21-Feb-2009 |
Jan Engelhardt <jengelh@medozas.de> |
extensions: remove unwanted/add needed includes for IPv6 exts Most touched files do not use anything from ip6_tables.h, so remove that #include. multiport instead, does need it (ip6t_entry). Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibip6t_HL.c
ibip6t_LOG.c
ibip6t_REJECT.c
ibip6t_hl.c
ibip6t_ipv6header.c
ibip6t_mh.c
ibip6t_policy.c
ibxt_multiport.c
|
1829ed482efbc8b390cc760d012b3a4450494e1a |
21-Feb-2009 |
Jan Engelhardt <jengelh@medozas.de> |
libxtables: prefix exit_error to xtables_error Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
scp_helper.c
ibip6t_HL.c
ibip6t_LOG.c
ibip6t_REJECT.c
ibip6t_ah.c
ibip6t_dst.c
ibip6t_frag.c
ibip6t_hbh.c
ibip6t_hl.c
ibip6t_icmp6.c
ibip6t_ipv6header.c
ibip6t_mh.c
ibip6t_policy.c
ibip6t_rt.c
ibipt_CLUSTERIP.c
ibipt_DNAT.c
ibipt_ECN.c
ibipt_LOG.c
ibipt_MASQUERADE.c
ibipt_NETMAP.c
ibipt_REDIRECT.c
ibipt_REJECT.c
ibipt_SAME.c
ibipt_SET.c
ibipt_SNAT.c
ibipt_TTL.c
ibipt_ULOG.c
ibipt_addrtype.c
ibipt_ah.c
ibipt_ecn.c
ibipt_icmp.c
ibipt_policy.c
ibipt_realm.c
ibipt_set.c
ibipt_set.h
ibipt_ttl.c
ibxt_CLASSIFY.c
ibxt_CONNMARK.c
ibxt_CONNSECMARK.c
ibxt_DSCP.c
ibxt_MARK.c
ibxt_NFLOG.c
ibxt_NFQUEUE.c
ibxt_RATEEST.c
ibxt_SECMARK.c
ibxt_TCPMSS.c
ibxt_TCPOPTSTRIP.c
ibxt_TOS.c
ibxt_TPROXY.c
ibxt_comment.c
ibxt_connbytes.c
ibxt_connlimit.c
ibxt_connmark.c
ibxt_conntrack.c
ibxt_dccp.c
ibxt_dscp.c
ibxt_esp.c
ibxt_hashlimit.c
ibxt_helper.c
ibxt_iprange.c
ibxt_length.c
ibxt_limit.c
ibxt_mac.c
ibxt_mark.c
ibxt_multiport.c
ibxt_owner.c
ibxt_physdev.c
ibxt_pkttype.c
ibxt_quota.c
ibxt_rateest.c
ibxt_recent.c
ibxt_sctp.c
ibxt_state.c
ibxt_statistic.c
ibxt_string.c
ibxt_tcp.c
ibxt_tcpmss.c
ibxt_time.c
ibxt_tos.c
ibxt_u32.c
ibxt_udp.c
os_values.c
|
6db2ded2f22a7e78743c86af523b8430876582e9 |
17-Feb-2009 |
Christian Perle <chris@linuxinfotag.de> |
libxt_policy: cannot set spi/reqid numbers higher than 0x7fffffff http://bugzilla.netfilter.org/show_bug.cgi?id=577 When using the -m policy match, the option argument for --spi is converted using strtol(), which returns a signed 32 bit value, so the highest positive value is 0x7fffffff. Instead strtoul() should be used. The same applies for the --reqid option argument. Signed-off-by: Patrick McHardy <kaber@trash.net>
ibip6t_policy.c
ibipt_policy.c
|
0ff6b46a331b7fa620c40d3110be5b3deb3c40a6 |
17-Feb-2009 |
Jan Engelhardt <jengelh@medozas.de> |
doc: do not put IPv4 doc into ip6tables.8 Reference: http://bugs.debian.org/515752 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
NUmakefile.in
|
ae6f9b978aded200def693dcba80f7b97de7f7c6 |
15-Jan-2009 |
Marc Fournier <marc.fournier@camptocamp.com> |
doc: fix option typo in libxt_multiport Reference: http://bugs.debian.org/511891 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_multiport.man
|
37b4bde745698bf140d74e59a2561f34deeb8726 |
12-Feb-2009 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_string: fix undefined behavior/incorrect patlen calculation strlen ran over the end of the string. Use strnlen to bound it. Reference: http://bugs.debian.org/513516 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_string.c
|
1de7edffc9085c0f41c261dca995e28ae4126c29 |
30-Jan-2009 |
Jan Engelhardt <jengelh@medozas.de> |
libxtables: prefix/order - move parse_protocol to xtables.c Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibip6t_policy.c
ibipt_policy.c
ibxt_conntrack.c
ibxt_time.c
|
0f16c725aadaac7e670d632ecbaea3661ff00827 |
30-Jan-2009 |
Jan Engelhardt <jengelh@medozas.de> |
libxtables: prefix/order - move check_inverse to xtables.c This also adds a warning that intrapositional negation support is deprecated. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibip6t_HL.c
ibip6t_LOG.c
ibip6t_REJECT.c
ibip6t_ah.c
ibip6t_dst.c
ibip6t_frag.c
ibip6t_hbh.c
ibip6t_hl.c
ibip6t_icmp6.c
ibip6t_ipv6header.c
ibip6t_mh.c
ibip6t_policy.c
ibip6t_rt.c
ibipt_DNAT.c
ibipt_LOG.c
ibipt_MASQUERADE.c
ibipt_NETMAP.c
ibipt_REDIRECT.c
ibipt_REJECT.c
ibipt_SAME.c
ibipt_SET.c
ibipt_SNAT.c
ibipt_TTL.c
ibipt_ULOG.c
ibipt_addrtype.c
ibipt_ah.c
ibipt_ecn.c
ibipt_icmp.c
ibipt_policy.c
ibipt_realm.c
ibipt_set.c
ibipt_ttl.c
ibxt_NFLOG.c
ibxt_comment.c
ibxt_connbytes.c
ibxt_connlimit.c
ibxt_connmark.c
ibxt_conntrack.c
ibxt_dccp.c
ibxt_dscp.c
ibxt_esp.c
ibxt_hashlimit.c
ibxt_helper.c
ibxt_iprange.c
ibxt_length.c
ibxt_limit.c
ibxt_mac.c
ibxt_mark.c
ibxt_multiport.c
ibxt_physdev.c
ibxt_pkttype.c
ibxt_quota.c
ibxt_rateest.c
ibxt_recent.c
ibxt_sctp.c
ibxt_state.c
ibxt_string.c
ibxt_tcp.c
ibxt_tcpmss.c
ibxt_udp.c
|
a0baae85f8159f03d52535934aa9b3a375e0f1f3 |
30-Jan-2009 |
Jan Engelhardt <jengelh@medozas.de> |
libxtables: prefix - parse and escaped output func Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibip6t_policy.c
ibipt_LOG.c
ibipt_ULOG.c
ibipt_policy.c
ibxt_NFLOG.c
ibxt_conntrack.c
ibxt_helper.c
|
aae6be9edc99e58164a3592c510fe5488141c698 |
30-Jan-2009 |
Jan Engelhardt <jengelh@medozas.de> |
libxtables: prefix - misc functions Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibipt_REDIRECT.c
ibxt_dccp.c
ibxt_multiport.c
ibxt_physdev.c
ibxt_sctp.c
ibxt_tcp.c
ibxt_udp.c
|
1e01b0b82f70b0b11dcfbced485dbe7aeac4fb8c |
30-Jan-2009 |
Jan Engelhardt <jengelh@medozas.de> |
libxtables: prefix/order - ascii to ipaddr/ipmask input Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibipt_DNAT.c
ibipt_NETMAP.c
ibipt_SAME.c
ibipt_SNAT.c
ibxt_TPROXY.c
ibxt_iprange.c
|
e44ea7faa17c10c68f14f5338a7cc6e3291a0ce7 |
30-Jan-2009 |
Jan Engelhardt <jengelh@medozas.de> |
libxtables: prefix/order - ipaddr/ipmask to ascii output Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibipt_DNAT.c
ibipt_NETMAP.c
ibipt_SAME.c
ibipt_SNAT.c
ibipt_policy.c
ibxt_TPROXY.c
ibxt_conntrack.c
ibxt_iprange.c
|
a41545ca7cde43e0ba53260ba74bd9bf74025a68 |
27-Jan-2009 |
Jan Engelhardt <jengelh@medozas.de> |
libxtables: prefix/order - param_act Changes: exittype -> xtables_exittype P_* -> XTF_* flags Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_CONNMARK.c
ibxt_MARK.c
ibxt_TOS.c
ibxt_TPROXY.c
ibxt_connmark.c
ibxt_conntrack.c
ibxt_hashlimit.c
ibxt_iprange.c
ibxt_mark.c
ibxt_owner.c
ibxt_tos.c
|
5f2922cfc0bbfbeb878f5c12e9fb3eb602ae5507 |
27-Jan-2009 |
Jan Engelhardt <jengelh@medozas.de> |
libxtables: prefix/order - strtoui This commit also throws out the redundant string_to_number_*. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibip6t_HL.c
ibip6t_LOG.c
ibip6t_icmp6.c
ibip6t_mh.c
ibipt_CLUSTERIP.c
ibipt_ECN.c
ibipt_LOG.c
ibipt_NETMAP.c
ibipt_TTL.c
ibipt_ecn.c
ibipt_icmp.c
ibipt_ttl.c
ibxt_CONNMARK.c
ibxt_DSCP.c
ibxt_MARK.c
ibxt_NFQUEUE.c
ibxt_TCPMSS.c
ibxt_TCPOPTSTRIP.c
ibxt_TOS.c
ibxt_TPROXY.c
ibxt_connmark.c
ibxt_conntrack.c
ibxt_dccp.c
ibxt_dscp.c
ibxt_hashlimit.c
ibxt_length.c
ibxt_limit.c
ibxt_mark.c
ibxt_owner.c
ibxt_rateest.c
ibxt_statistic.c
ibxt_tcp.c
ibxt_tcpmss.c
os_values.c
|
e917bca09924435f3fca23c01042543b1826c81e |
27-Jan-2009 |
Jan Engelhardt <jengelh@medozas.de> |
extensions: use UINT_MAX constants over open-coded numbers (2/2) Use the handy constants for ranges. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibip6t_HL.c
ibip6t_icmp6.c
ibip6t_mh.c
ibipt_TTL.c
ibipt_icmp.c
ibipt_ttl.c
ibxt_DSCP.c
ibxt_NFQUEUE.c
ibxt_TCPMSS.c
ibxt_TCPOPTSTRIP.c
ibxt_TOS.c
ibxt_TPROXY.c
ibxt_dccp.c
ibxt_dscp.c
ibxt_hashlimit.c
ibxt_length.c
ibxt_statistic.c
ibxt_tcp.c
ibxt_tcpmss.c
os_values.c
|
a80975497968e69b23f56bf15d346c65bec381f2 |
27-Jan-2009 |
Jan Engelhardt <jengelh@medozas.de> |
extensions: use UINT_MAX constants over open-coded bits (1/2) ~0 depends on the sizeof(int), so it is better to use UINT32_MAX. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_CONNMARK.c
ibxt_MARK.c
ibxt_TPROXY.c
ibxt_connmark.c
ibxt_conntrack.c
ibxt_mark.c
ibxt_quota.c
ibxt_string.c
|
7a63ca74dbcd323217cab7296e68a19b8c9ea6c4 |
27-Jan-2009 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_owner: use correct UID/GID boundaries -1 is a reserved number (chown uses it to denote "do not change"), so the maximum libxt_owner should permit is up to UINT32_MAX-1. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibxt_owner.c
|
213e185afbb298e6708881e4c2adffdc47a8b6da |
27-Jan-2009 |
Jan Engelhardt <jengelh@medozas.de> |
src: remove redundant casts All of them are implicitly convertable without any wanted side effects. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibip6t_LOG.c
ibip6t_ah.c
ibip6t_dst.c
ibip6t_frag.c
ibip6t_hbh.c
ibip6t_ipv6header.c
ibip6t_rt.c
ibipt_CLUSTERIP.c
ibipt_LOG.c
ibipt_ah.c
ibipt_realm.c
ibxt_DSCP.c
ibxt_dccp.c
ibxt_dscp.c
ibxt_esp.c
ibxt_length.c
ibxt_tcp.c
ibxt_tcpmss.c
|
825c317eedc12e1c8c93e22a96bc423d27b3c1f4 |
27-Jan-2009 |
Jan Engelhardt <jengelh@medozas.de> |
src: remove redundant returns at end of void-returning functions Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibip6t_ipv6header.c
ibxt_DSCP.c
ibxt_NFQUEUE.c
ibxt_dscp.c
ibxt_u32.c
|
ea268e19a8b820cce4bab3318e656efa51134487 |
26-Jan-2009 |
Bart De Schuymer <bdschuym@pandora.be> |
man: fix physdev manpage A sentence of the physdev module's help entry was truncated by the man program because the line starts with a single quote. Signed-off-by: Bart De Schuymer <bdschuym@pandora.be> Signed-off-by: Patrick McHardy <kaber@trash.net>
ibxt_physdev.man
|
cfb9cf0509ad8100cd8d6ab52d60a8ffbb318578 |
19-Jan-2009 |
Daniel Drake <dsd@gentoo.org> |
libxt_owner: add more spaces to output Commit bb9284d1 ("libxt_owner: add spaces to output") moved the printing of spaces away from the owner_mt_print() function family, but forgot to add spaces in all of the print_item() functions that are called. This is likely to be at least the partial cause of https://bugs.gentoo.org/show_bug.cgi?id=254435 Signed-off-by: Daniel Drake <dsd@gentoo.org> Approves-of-this-patch: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
ibxt_owner.c
|
3d12c3bbffb43182df9ac5c0ad549b095d30d021 |
13-Jan-2009 |
Jan Engelhardt <jengelh@medozas.de> |
doc: augment ICMP manpage by type/code syntax The ICMP match module also allows numeric type/code as in "--icmp-type type/code". Document it. Based upon a patch by Victor Stinner <vstinner@inl.fr>. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibipt_icmp.c
ibipt_icmp.man
|
fea74bf74ff524431ce65145f1523584edf99dc9 |
12-Jan-2009 |
Jan Engelhardt <jengelh@medozas.de> |
doc: escape minus sign in manpages groff formats '-' as a hyphen, and '\-' is needed for a minus. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
ibip6t_HL.man
ibip6t_LOG.man
ibip6t_REJECT.man
ibip6t_ah.man
ibip6t_dst.man
ibip6t_frag.man
ibip6t_hbh.man
ibip6t_hl.man
ibip6t_icmp6.man
ibip6t_ipv6header.man
ibip6t_mh.man
ibip6t_rt.man
ibipt_CLUSTERIP.man
ibipt_DNAT.man
ibipt_ECN.man
ibipt_LOG.man
ibipt_MASQUERADE.man
ibipt_NETMAP.man
ibipt_REDIRECT.man
ibipt_REJECT.man
ibipt_SAME.man
ibipt_SET.man
ibipt_SNAT.man
ibipt_TTL.man
ibipt_ULOG.man
ibipt_addrtype.man
ibipt_ah.man
ibipt_ecn.man
ibipt_icmp.man
ibipt_realm.man
ibipt_set.man
ibipt_ttl.man
ibxt_CLASSIFY.man
ibxt_CONNMARK.man
ibxt_CONNSECMARK.man
ibxt_DSCP.man
ibxt_MARK.man
ibxt_NFLOG.man
ibxt_NFQUEUE.man
ibxt_RATEEST.man
ibxt_SECMARK.man
ibxt_TCPMSS.man
ibxt_TCPOPTSTRIP.man
ibxt_TOS.man
ibxt_TPROXY.man
ibxt_comment.man
ibxt_connbytes.man
ibxt_connlimit.man
ibxt_connmark.man
ibxt_conntrack.man
ibxt_dccp.man
ibxt_dscp.man
ibxt_esp.man
ibxt_hashlimit.man
ibxt_helper.man
ibxt_iprange.man
ibxt_length.man
ibxt_limit.man
ibxt_mac.man
ibxt_mark.man
ibxt_multiport.man
ibxt_owner.man
ibxt_physdev.man
ibxt_pkttype.man
ibxt_policy.man
ibxt_quota.man
ibxt_rateest.man
ibxt_recent.man
ibxt_sctp.man
ibxt_state.man
ibxt_statistic.man
ibxt_string.man
ibxt_tcp.man
ibxt_tcpmss.man
ibxt_time.man
ibxt_tos.man
ibxt_u32.man
ibxt_udp.man
|
c3d0a7b800277fcc4401f19a584edf1d7dfaeda9 |
30-Dec-2008 |
Jan Engelhardt <jengelh@medozas.de> |
rateest: guard against segfault Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
ibxt_rateest.c
|
cea9f71f5618250a38acb21c31fbbf93a752f7d4 |
09-Dec-2008 |
Jan Engelhardt <jengelh@medozas.de> |
iptables-save: output ! in position according to manpage Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
ibip6t_ah.c
ibip6t_dst.c
ibip6t_frag.c
ibip6t_hbh.c
ibip6t_hl.c
ibip6t_ipv6header.c
ibip6t_rt.c
ibipt_addrtype.c
ibipt_ah.c
ibxt_dscp.c
ibxt_esp.c
ibxt_length.c
ibxt_multiport.c
ibxt_pkttype.c
ibxt_string.c
ibxt_tcpmss.c
|
64f948b24407c3cf3d02476059a3f9fa0265cb3d |
24-Nov-2008 |
Jan Engelhardt <jengelh@medozas.de> |
doc: fix a typo in libip6t_REJECT.man Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
ibip6t_REJECT.man
|
5d9678ad3eabc34ac40dfe055d7f6a8e44445a5a |
20-Nov-2008 |
Jan Engelhardt <jengelh@medozas.de> |
src: remove inclusion of iptables.h iptables.h and ip6tables.h only include declarations internal to iptables (specifically iptables.c and ip6tables.c), as most of the public API has been moved to xtables.h a few months ago. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
ibip6t_HL.c
ibip6t_LOG.c
ibip6t_REJECT.c
ibip6t_ah.c
ibip6t_dst.c
ibip6t_eui64.c
ibip6t_frag.c
ibip6t_hbh.c
ibip6t_hl.c
ibip6t_icmp6.c
ibip6t_ipv6header.c
ibip6t_mh.c
ibip6t_policy.c
ibip6t_rt.c
ibipt_CLUSTERIP.c
ibipt_DNAT.c
ibipt_ECN.c
ibipt_LOG.c
ibipt_MASQUERADE.c
ibipt_MIRROR.c
ibipt_NETMAP.c
ibipt_REDIRECT.c
ibipt_REJECT.c
ibipt_SAME.c
ibipt_SET.c
ibipt_SNAT.c
ibipt_TTL.c
ibipt_ULOG.c
ibipt_addrtype.c
ibipt_ah.c
ibipt_ecn.c
ibipt_icmp.c
ibipt_policy.c
ibipt_realm.c
ibipt_set.c
ibipt_ttl.c
ibipt_unclean.c
ibxt_TPROXY.c
ibxt_connlimit.c
ibxt_conntrack.c
|
0ec8c0f00b591681076af2db34df0f230b08fa2c |
19-Nov-2008 |
Pablo Neira Ayuso <pablo@netfilter.org> |
state: report spaces in the state list parsing This patch adds better error reporting when the user inserts a space between two states with the --state option. iptables -I INPUT -m state ESTABLISHED, RELATED ^ mind the space results in: iptables v1.4.2-rc1: Bad state `' Try `iptables -h' or 'iptables --help' for more information. Now this returns: iptables v1.4.2-rc1: `--state' requires a list of states with no spaces, e.g. ESTABLISHED,RELATED This patch also applies to libxt_conntrack which has a copy of the function. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
ibxt_conntrack.c
ibxt_state.c
|
03d99486d8283552705b58dc55b6085dffc38792 |
18-Nov-2008 |
Jan Engelhardt <jengelh@medozas.de> |
src: use NFPROTO_ constants Resync netfilter.h from the latest kernel and make use of the new NFPROTO_ constants that have been introduced. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
ibip6t_HL.c
ibip6t_LOG.c
ibip6t_REJECT.c
ibip6t_ah.c
ibip6t_dst.c
ibip6t_eui64.c
ibip6t_frag.c
ibip6t_hbh.c
ibip6t_hl.c
ibip6t_icmp6.c
ibip6t_ipv6header.c
ibip6t_mh.c
ibip6t_policy.c
ibip6t_rt.c
ibipt_CLUSTERIP.c
ibipt_DNAT.c
ibipt_ECN.c
ibipt_LOG.c
ibipt_MASQUERADE.c
ibipt_MIRROR.c
ibipt_NETMAP.c
ibipt_REDIRECT.c
ibipt_REJECT.c
ibipt_SAME.c
ibipt_SET.c
ibipt_SNAT.c
ibipt_TTL.c
ibipt_ULOG.c
ibipt_addrtype.c
ibipt_ah.c
ibipt_ecn.c
ibipt_icmp.c
ibipt_policy.c
ibipt_realm.c
ibipt_set.c
ibipt_ttl.c
ibipt_unclean.c
ibxt_CONNMARK.c
ibxt_CONNSECMARK.c
ibxt_DSCP.c
ibxt_MARK.c
ibxt_NFLOG.c
ibxt_NFQUEUE.c
ibxt_NOTRACK.c
ibxt_TCPMSS.c
ibxt_TCPOPTSTRIP.c
ibxt_TOS.c
ibxt_TPROXY.c
ibxt_comment.c
ibxt_connbytes.c
ibxt_connlimit.c
ibxt_connmark.c
ibxt_conntrack.c
ibxt_dccp.c
ibxt_dscp.c
ibxt_esp.c
ibxt_hashlimit.c
ibxt_helper.c
ibxt_iprange.c
ibxt_mac.c
ibxt_multiport.c
ibxt_owner.c
ibxt_physdev.c
ibxt_recent.c
ibxt_sctp.c
ibxt_socket.c
ibxt_state.c
ibxt_tcp.c
ibxt_tcpmss.c
ibxt_tos.c
ibxt_udp.c
|
c7fc1dae1e8f8a5fe2ad4eac4bdd1f3c59d8c975 |
12-Nov-2008 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_conntrack: dump ctdir Sent in as part of a larger private mail by G�sp�r Lajos <swifty@freemail.hu>; I cherry-picked the ctdir part. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
ibxt_conntrack.c
|
6b6c096ca56975125edf2aadfd195f23d34df38f |
10-Nov-2008 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_conntrack: respect -n option during ruledump Reference: http://bugs.debian.org/502548 Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
ibxt_conntrack.c
|
5a942f9501f7ce287e1c37c553eb02a1e269e081 |
04-Nov-2008 |
Patrick McHardy <kaber@trash.net> |
Add SCTP/DCCP support to NAT targets Signed-off-by: Patrick McHardy <kaber@trash.net>
ibipt_DNAT.c
ibipt_MASQUERADE.c
ibipt_REDIRECT.c
ibipt_SNAT.c
|
ecae0c3efc6851d767c759b77d897d113af821a0 |
23-Oct-2008 |
Thomas Jarosch <thomas.jarosch@intra2net.com> |
Fix compile warnings using gcc 4.3.2 libxt_dccp.c: In function 'port_to_service': libxt_dccp.c:196: warning: implicit declaration of function 'htons' libxt_sctp.c: In function 'port_to_service': libxt_sctp.c:321: warning: implicit declaration of function 'htons' libxt_tcp.c: In function 'port_to_service': libxt_tcp.c:220: warning: implicit declaration of function 'htons' libxt_udp.c: In function 'port_to_service': libxt_udp.c:104: warning: implicit declaration of function 'htons' Signed-off-by: Thomas Jarosch <thomas.jarosch@intra2net.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
ibxt_dccp.c
ibxt_sctp.c
ibxt_tcp.c
ibxt_udp.c
|
240eee607ab7e5bb9f671b7ceba40e2940182f61 |
23-Oct-2008 |
Thomas Jarosch <thomas.jarosch@intra2net.com> |
Fix compile error in libxt_iprange.c using gcc 4.3.2 In file included from libxt_iprange.c:9: ../include/linux/netfilter.h:43: error: field 'in' has incomplete type ../include/linux/netfilter.h:44: error: field 'in6' has incomplete type libxt_iprange.c: In function 'parse_iprange': libxt_iprange.c:46: error: dereferencing pointer to incomplete type libxt_iprange.c:53: error: dereferencing pointer to incomplete type libxt_iprange.c: In function 'iprange_mt4_parse': libxt_iprange.c:117: error: dereferencing pointer to incomplete type libxt_iprange.c:121: error: dereferencing pointer to incomplete type libxt_iprange.c:136: error: dereferencing pointer to incomplete type libxt_iprange.c:140: error: dereferencing pointer to incomplete type libxt_iprange.c: In function 'iprange_mt6_parse': libxt_iprange.c:167: error: dereferencing pointer to incomplete type libxt_iprange.c:171: error: dereferencing pointer to incomplete type libxt_iprange.c:186: error: dereferencing pointer to incomplete type libxt_iprange.c:190: error: dereferencing pointer to incomplete type Signed-off-by: Thomas Jarosch <thomas.jarosch@intra2net.com>
ibxt_iprange.c
|
c7f0e945e01ad3ab995061e28564adba6ca5e974 |
22-Oct-2008 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_recent: add IPv6 support Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
ibxt_recent.c
ibxt_recent.man
|
af1660fe0e88cd9f1c770864e1c643718cb2cc62 |
22-Oct-2008 |
Jan Engelhardt <jengelh@medozas.de> |
Move libipt_recent to libxt_recent Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
ibipt_recent.c
ibipt_recent.man
ibxt_recent.c
ibxt_recent.man
|
56156cda196154aa015b7df030a2a9bbf34f4fcc |
22-Oct-2008 |
Jir� Moravec <jim.lkml@gmail.com> |
libxt_TOS: fix compilation error Fix compilation error caused by double definition of IPPROTO_SCTP: In file included from /usr/include/netinet/ip.h:25, from /usr/include/linux/ip.h:19, from tos_values.c:4, from libxt_TOS.c:15: /usr/include/netinet/in.h:84: error: expected identifier before numeric constant make[2]: *** [libxt_TOS.oo] Error 1 Signed-off-by: Patrick McHardy <kaber@trash.net>
ibxt_TOS.c
|
430bbc782ea034c6314a00a841f737560a56717c |
15-Oct-2008 |
KOVACS Krisztian <hidden@sch.bme.hu> |
Add iptables support for the socket match Add user-space code for the socket match. Signed-off-by: KOVACS Krisztian <hidden@sch.bme.hu> Signed-off-by: Patrick McHardy <kaber@trash.net>
ibxt_socket.c
ibxt_socket.man
|
92b54aa2b436387f85783d3f420ccaa12fdaf891 |
15-Oct-2008 |
KOVACS Krisztian <hidden@sch.bme.hu> |
Add iptables support for the TPROXY target Signed-off-by: KOVACS Krisztian <hidden@sch.bme.hu> Signed-off-by: Patrick McHardy <kaber@trash.net>
ibxt_TPROXY.c
ibxt_TPROXY.man
|
3cc6fc3cbf26b847ba7232ff220b74e74e72c219 |
29-Sep-2008 |
Pablo Sebastian Greco <pablo@fliagreco.com.ar> |
mark: fix invalid iptables-save output When a neg mark is saved via iptables-save it is saved as !--mark, but this is not recognized by iptables-restore, just adding a space to the saved file to make it look like "! --mark" makes iptables-restore accept the file. Signed-off-by: Pablo Sebastian Greco <pablo@fliagreco.com.ar> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
ibxt_mark.c
|
81bd58838403fc8c4a63840f0af42deebe6d4a20 |
04-Sep-2008 |
Jan Engelhardt <jengelh@medozas.de> |
src: update comments part II A number of comments are redundant, some outdated and others outright wrong in their own way. Remove and fixup. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
ibxt_hashlimit.c
ibxt_limit.c
|
de0844bd2ebddbea758802cb63a530d7815018f7 |
01-Sep-2008 |
Patrick McHardy <kaber@trash.net> |
manpages: fix another typo in tcp manpage
ibxt_tcp.man
|
995e5cfa8e5ceb7f7e9d0e56ad7147b2dea1221f |
01-Sep-2008 |
WANG Cong <wangcong@zeuux.org> |
manpages: Fix a typo in tcp man page Signed-off-by: WANG Cong <wangcong@zeuux.org> Signed-off-by: Patrick McHardy <kaber@trash.net>
ibxt_tcp.man
|
9a90f9075cbcaa743c93b57f12f6e38b04dfc790 |
01-Sep-2008 |
Phil Oester <kernel@linuxace.com> |
src: Missing limits.h includes Latest git doesn't compile for me on Fedora 9 due to various *MAX constants being undefined. Below adds the include in 3 files which need it (although I can't see why this isn't required in 1.4.1.1). Signed-off-by: Phil Oester <kernel@linuxace.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
ibxt_esp.c
ibxt_owner.c
ibxt_time.c
|
a4be7cb319212ba7907a541bbb5f9af1ffa7db0f |
01-Sep-2008 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_recent: do allow --rttl for --update Tony Ho noticed a too-strict check in xt_recent, so here is a fix. Reported-by: Tony Ho <iptables@iblink.com.cn> Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
ibipt_recent.c
ibipt_recent.man
|
ddac6c5bc636003d664d25c08ea3fe176565096c |
01-Sep-2008 |
Jan Engelhardt <jengelh@medozas.de> |
src: Update comments A number of comments are redundant, some outdated and others outright wrong in their own way. Remove and fixup. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
ibip6t_LOG.c
ibip6t_REJECT.c
ibip6t_ah.c
ibip6t_dst.c
ibip6t_eui64.c
ibip6t_frag.c
ibip6t_hbh.c
ibip6t_icmp6.c
ibip6t_ipv6header.c
ibip6t_policy.c
ibip6t_rt.c
ibipt_CLUSTERIP.c
ibipt_DNAT.c
ibipt_ECN.c
ibipt_LOG.c
ibipt_MASQUERADE.c
ibipt_MIRROR.c
ibipt_NETMAP.c
ibipt_REDIRECT.c
ibipt_REJECT.c
ibipt_SAME.c
ibipt_SET.c
ibipt_SNAT.c
ibipt_ULOG.c
ibipt_ah.c
ibipt_ecn.c
ibipt_icmp.c
ibipt_realm.c
ibipt_recent.c
ibipt_set.c
ibipt_unclean.c
ibxt_CLASSIFY.c
ibxt_CONNMARK.c
ibxt_DSCP.c
ibxt_MARK.c
ibxt_NFQUEUE.c
ibxt_NOTRACK.c
ibxt_SECMARK.c
ibxt_TCPMSS.c
ibxt_TRACE.c
ibxt_comment.c
ibxt_connbytes.c
ibxt_connmark.c
ibxt_conntrack.c
ibxt_dccp.c
ibxt_dscp.c
ibxt_esp.c
ibxt_hashlimit.c
ibxt_helper.c
ibxt_length.c
ibxt_limit.c
ibxt_mac.c
ibxt_mark.c
ibxt_pkttype.c
ibxt_quota.c
ibxt_sctp.c
ibxt_standard.c
ibxt_state.c
ibxt_statistic.c
ibxt_string.c
ibxt_tcp.c
ibxt_tcpmss.c
ibxt_u32.c
ibxt_udp.c
|
a2a7f2b531cc582ab6cc3c2b73715ed1d58b9eab |
01-Sep-2008 |
Jan Engelhardt <jengelh@medozas.de> |
src: use regular includes iptables ships with all header files and prioritized its own include directory over /usr/include/linux, so just use the normal brackets. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
ibip6t_policy.c
ibipt_CLUSTERIP.c
ibipt_SAME.c
ibipt_ULOG.c
ibipt_policy.c
ibxt_connlimit.c
ibxt_limit.c
ibxt_multiport.c
ibxt_u32.c
|
bfb7e0b84b5d732e378a3fcbb4132fdbd9938766 |
01-Sep-2008 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_iprange: fix option names There is no --src-ip, just --src-range. (Same for --dst-range.) Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
ibxt_iprange.c
|
161143d88c4c6f8b25ef191971757803dc5c7c2d |
01-Sep-2008 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_mac: flatten casts in libxt_mac Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
ibxt_mac.c
|
a47bb4a9fa24db2f3ba6559c9175f3f1144ee74c |
15-Aug-2008 |
Jan Engelhardt <jengelh@medozas.de> |
manpages: add missing rateest match documentation Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
ibxt_rateest.man
|
7d0917b8f94ffc9dd236799cff86e80daf5dd340 |
15-Aug-2008 |
Jan Engelhardt <jengelh@medozas.de> |
manpages: add missing rateest documentation Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
ibxt_RATEEST.man
|
d91bd17eccd00fd392fbd89568bc21a605e84ea9 |
13-Aug-2008 |
Jan Engelhardt <jengelh@medozas.de> |
manpages: add missing --rsource,--rdest options to libxt_recent.man Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
ibipt_recent.man
|
7963845decf9de40e612e62eaf7ef62f15cf8080 |
13-Aug-2008 |
Jan Engelhardt <jengelh@medozas.de> |
build: fix initext.c dependency initext?.c is generated within the current directory, not in ${srcdir}. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
NUmakefile.in
|
967279231a9ecfa99f26694a954afc535c63db1d |
13-Aug-2008 |
Jan Engelhardt <jengelh@medozas.de> |
Synchronize invert flag order with manpages Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
ibip6t_ah.c
ibip6t_dst.c
ibip6t_frag.c
ibip6t_hbh.c
ibip6t_hl.c
ibip6t_icmp6.c
ibip6t_ipv6header.c
ibip6t_mh.c
ibip6t_rt.c
ibipt_ah.c
ibipt_icmp.c
ibipt_realm.c
ibxt_dccp.c
ibxt_esp.c
ibxt_mac.c
ibxt_multiport.c
ibxt_physdev.c
ibxt_sctp.c
ibxt_tcp.c
ibxt_udp.c
|
d38eaf488dcd9c78d1ea7c1b9613d210688114af |
13-Aug-2008 |
Jan Engelhardt <jengelh@medozas.de> |
physdev: remove extra space in output Just a cosmetic fix for `iptables -S` and `iptables-save` printing two spaces between arguments in the physdev match. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
ibxt_physdev.c
|
aeafdb8126d6ee658ff2b55dea380a84d1d77a25 |
12-Aug-2008 |
Jan Engelhardt <jengelh@medozas.de> |
manpages: correct erroneous markup Text paragraphs should use .PP, since .TP makes it a list item with indented description. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
ibip6t_HL.man
ibipt_REJECT.man
ibipt_SET.man
ibipt_TTL.man
ibipt_addrtype.man
ibxt_NFQUEUE.man
ibxt_NOTRACK.man
ibxt_TCPMSS.man
ibxt_statistic.man
|
dee5f0009f7ca1a6d092c3c17450c33c53121b7c |
04-Aug-2008 |
Phil Oester <kernel@linuxace.com> |
libxt_dscp: fix save of negated dscp match rules As pointed out by Vyacheslav Garashchenko, iptables-save does not save negated dscp matches properly. Fix below. This closes bugzilla #533. Phil Signed-off-by: Phil Oester <kernel@linuxace.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
ibxt_dscp.c
|
04c97954d5933fc935616f69a8e63944d5c6cec4 |
04-Aug-2008 |
Phil Oester <kernel@linuxace.com> |
iptables-save: fix hashlimit output In bugzilla 550, Xeb notes that the --hashlimit-htable-gcinterval argument is saved incorrectly. Patch below corrects. Patch-from: Xeb <xeb@mail.ru> Signed-off-by: Phil Oester <kernel@linuxace.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
ibxt_hashlimit.c
|
3c5d15c880c6dca1facf666272fc309b5d307def |
04-Aug-2008 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_recent: do not allow both --set and --rttl Reported-by: Erich Schubert <erich@debian.org> Reference: Debian bug #346034 "I was using the --rttl option in my --set line; this caused all incoming ssh connections to be rejected; --rttl is only to be used with --rcheck and --update." Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
ibipt_recent.c
|
ef18e8147903885708d1c264904129af4fb636d6 |
04-Aug-2008 |
Jan Engelhardt <jengelh@medozas.de> |
src: remove dependency on libiptc headers xtables.h does not need really need libxtc.h, and we can drop it from the install as it is internal-only. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
ibxt_TCPOPTSTRIP.c
ibxt_hashlimit.c
ibxt_time.c
os_values.c
|
78d2d14211466f1986882ba6bdf82e6429ce78dc |
07-Jul-2008 |
Joonwoo Park <joonwpark81@gmail.com> |
xt_string: string extension case insensitive matching The string extension can search patterns case insensitively with --icase option. A new revision 1 was added, in the meantime invert of xt_string_info was moved into flags as a flag. Signed-off-by: Joonwoo Park <joonwpark81@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
ibxt_string.c
|
4ded0f11d382c37a57c04077f453b3978eeded17 |
30-Jun-2008 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_TOS: make sure --set-tos value/mask is recognized Only when a 'stop' pointer is passed, the string may consist of more than just a number. Reported-by: Anonymous Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
os_values.c
|
6a0cd58f7e444137eb757695f917e46eb14201c8 |
13-Jun-2008 |
Jan Engelhardt <jengelh@medozas.de> |
iprange: kernel flags were not set The --src-range and --dst-range parameters did not set the IPRANGE_* flags in struct xt_iprange_mtinfo. Reported-by: Maxim Britov <maxim.britov@gmail.com> Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
ibxt_iprange.c
|
e145621e88ef65d2c1f34f9225c4c0cb7e52516d |
12-Jun-2008 |
Jan Engelhardt <jengelh@medozas.de> |
build: fix `make install` when --disable-shared is used When --disable-shared is used, there are no .so files to install, and the argument order for install would get messed up. Reported-by: Michael Teicher <mteicher@gmail.com> Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
NUmakefile.in
|
9b488b992872d4d2b7ebf7897d74d52f4fb59e1c |
08-Jun-2008 |
Jan Engelhardt <jengelh@medozas.de> |
manpage updates A number of options support negation, but the manpage did not reflect this ("[!]" was absent). Also fix a few [] (optional arguments) to {} (required arguments) in the option-BNF. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
ibipt_addrtype.man
ibipt_ecn.man
ibipt_set.man
ibxt_connbytes.man
ibxt_dccp.man
ibxt_dscp.man
ibxt_hashlimit.man
ibxt_length.man
ibxt_limit.man
ibxt_multiport.man
ibxt_pkttype.c
ibxt_pkttype.man
ibxt_policy.man
ibxt_state.man
ibxt_string.c
ibxt_string.man
ibxt_time.c
ibxt_time.man
|
0ea82bc43e9262cdbb9880ca56bb514db4c77f8e |
07-Jun-2008 |
Patrick McHardy <kaber@trash.net> |
sparse warning fixes: integer used as pointer Signed-off-by: Patrick McHardy <kaber@trash.net>
ibipt_SET.c
ibipt_set.c
ibxt_CONNSECMARK.c
ibxt_SECMARK.c
ibxt_quota.c
|
bb9284d153f338b01975344e96c1b8bcde7d82a8 |
06-Jun-2008 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_owner: add spaces to output It could happen that --<arg><value> was printed on iptables-save with owner rules (owner_mt_save() function) without the obligatory space inbetween. Also transfer printing of the space character into owner_mt_print_item(). Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
ibxt_owner.c
|
4dfd25a405199c03fc694b9a43efdae6a91d8ae8 |
06-Jun-2008 |
Laszlo Attila Toth <panther@balabit.hu> |
addrtype match: added revision 1 In revision 1 address type checking can be limited to either the incoming or outgoing interface depending on the current chain. In the FORWARD chain only one of them is allowed at the same time. Signed-off-by: Laszlo Attila Toth <panther@balabit.hu> Signed-off-by: Patrick McHardy <kaber@trash.net>
ibipt_addrtype.c
ibipt_addrtype.man
|
e2562c8207dcb730ef2406faccf1d55ec42994f6 |
06-Jun-2008 |
Lutz Jaenicke <ljaenicke@innominate.com> |
Fix iptables-save output of libxt_owner match The _save functions need to use the same syntax that is used for parsing the input instead of "user readable" output.
ibxt_owner.c
|
2c570e76d4c627a0b0417cfa0d0f2e787a6d629d |
05-Jun-2008 |
Jan Engelhardt <jengelh@medozas.de> |
build: check for missing feature files linux/dccp.h is unlikely to be installed before 2.6.18 (which was when headers_install was introduced), and does not exist at all before 2.6.14. Add a compile-time check to skip compilation of libxt_dccp in case this was detected. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
NUmakefile.in
|
510aef98a56cdbfdb147f78b05d7554bb91770a9 |
02-Jun-2008 |
Patrick McHardy <kaber@trash.net> |
manpages: consistent syntax In the manpages, bold is used to denote characters the user has to enter verbatim, italic denotes placeholders and non-highlighted pieces are used as a structure: "[]" specifying an optional part, "{}" a mandatory part, with "|" used for alternations. The "!" for negation is better supported before the option than after it, too. The patch makes a few files consistent with this style already used in manpages.
ibip6t_ah.man
ibip6t_dst.man
ibip6t_frag.man
ibip6t_hbh.man
ibip6t_hl.man
ibip6t_icmp6.man
ibip6t_ipv6header.man
ibip6t_mh.man
ibip6t_rt.man
ibipt_MASQUERADE.man
ibipt_NETMAP.man
ibipt_REDIRECT.man
ibipt_SET.man
ibipt_ah.man
ibipt_icmp.man
ibipt_realm.man
ibipt_set.man
ibxt_CLASSIFY.man
ibxt_TCPOPTSTRIP.man
ibxt_dscp.man
ibxt_esp.man
ibxt_mac.man
ibxt_multiport.man
ibxt_physdev.man
ibxt_pkttype.man
ibxt_policy.man
ibxt_string.man
ibxt_tcp.man
ibxt_tcpmss.man
ibxt_udp.man
|
ccecd38e168fe089106f69f61197ae1dfacb4f6d |
26-May-2008 |
Kristof Provost <kristof@sigsegv.be> |
REDIRECT: Allow symbolic port in REDIRECT --to-port Fixes Bugzilla 482. Signed-off-by: Kristof Provost <kristof@sigsegv.be>
ibipt_REDIRECT.c
|
f858d3702f7a0e4434fa82836f3666d3d5b6816e |
20-May-2008 |
Thomas Jacob <jacob@internet24.de> |
Don't assume /bin/sh is bash The new iptables git version assumes /bin/sh is always GNU bash, that's not the case (Ubuntu 8.04 uses dash), see attachment for a fix. Signed-off-by: Patrick McHardy <kaber@trash.net>
NUmakefile.in
|
ac21a5cb811dad7928c34534cae24427068dd440 |
12-May-2008 |
Jan Engelhardt <jengelh@medozas.de> |
iptables out-of-tree build directory Reported by: Henrik Nordstrom When xtables.h is not already found in /usr/include, compilation would fail when ${top_srcdir} != ${top_builddir}.
NUmakefile.in
|
8b7c64d6ba156a99008fcd810cba874c73294333 |
15-Apr-2008 |
Jan Engelhardt <jengelh@medozas.de> |
Remove old functions, constants
ibip6t_HL.c
ibip6t_LOG.c
ibip6t_REJECT.c
ibip6t_ah.c
ibip6t_dst.c
ibip6t_eui64.c
ibip6t_frag.c
ibip6t_hbh.c
ibip6t_hl.c
ibip6t_icmp6.c
ibip6t_ipv6header.c
ibip6t_mh.c
ibip6t_policy.c
ibip6t_rt.c
ibipt_CLUSTERIP.c
ibipt_DNAT.c
ibipt_ECN.c
ibipt_LOG.c
ibipt_MASQUERADE.c
ibipt_MIRROR.c
ibipt_NETMAP.c
ibipt_REDIRECT.c
ibipt_REJECT.c
ibipt_SAME.c
ibipt_SET.c
ibipt_SNAT.c
ibipt_TTL.c
ibipt_ULOG.c
ibipt_addrtype.c
ibipt_ah.c
ibipt_ecn.c
ibipt_icmp.c
ibipt_policy.c
ibipt_realm.c
ibipt_recent.c
ibipt_set.c
ibipt_ttl.c
ibipt_unclean.c
ibxt_CLASSIFY.c
ibxt_CONNMARK.c
ibxt_CONNSECMARK.c
ibxt_DSCP.c
ibxt_MARK.c
ibxt_NFLOG.c
ibxt_NFQUEUE.c
ibxt_NOTRACK.c
ibxt_RATEEST.c
ibxt_SECMARK.c
ibxt_TCPMSS.c
ibxt_TCPOPTSTRIP.c
ibxt_TOS.c
ibxt_TRACE.c
ibxt_comment.c
ibxt_connbytes.c
ibxt_connlimit.c
ibxt_connmark.c
ibxt_conntrack.c
ibxt_dccp.c
ibxt_dscp.c
ibxt_esp.c
ibxt_hashlimit.c
ibxt_helper.c
ibxt_iprange.c
ibxt_length.c
ibxt_limit.c
ibxt_mac.c
ibxt_mark.c
ibxt_multiport.c
ibxt_owner.c
ibxt_physdev.c
ibxt_pkttype.c
ibxt_quota.c
ibxt_rateest.c
ibxt_sctp.c
ibxt_standard.c
ibxt_state.c
ibxt_statistic.c
ibxt_string.c
ibxt_tcp.c
ibxt_tcpmss.c
ibxt_time.c
ibxt_tos.c
ibxt_u32.c
ibxt_udp.c
|
cbf0700f08c850207026c1b6e0382fa9a972ddf5 |
14-Apr-2008 |
Jan Engelhardt <jengelh@medozas.de> |
Resolve libipt_set warnings
ibipt_set.h
|
ed342edd98456bd4f23d230481854be160fad1dc |
13-Feb-2008 |
Jan Engelhardt <jengelh@medozas.de> |
Remove support for compilation of conditional extensions
condition-test
condition-test6
set-test
NUmakefile.in
ibip6t_condition.c
ibip6t_condition.man
ibipt_condition.c
ibipt_condition.man
|
e24815d8a1b2755182fe983582a56fcc47153804 |
14-Feb-2008 |
Jan Engelhardt <jengelh@medozas.de> |
Combine ipt and ip6t manpages Combine ipt and ip6t manpages
ibip6t_TCPMSS.man
ibip6t_TRACE.man
ibip6t_connlimit.man
ibip6t_length.man
ibip6t_multiport.man
ibip6t_policy.man
ibip6t_tcp.man
ibipt_TCPMSS.man
ibipt_TRACE.man
ibipt_connlimit.man
ibipt_length.man
ibipt_multiport.man
ibipt_policy.man
ibipt_tcp.man
ibxt_TCPMSS.man
ibxt_TRACE.man
ibxt_connlimit.man
ibxt_length.man
ibxt_multiport.man
ibxt_policy.man
ibxt_tcp.man
|
23545c2a7a31c68c1e49c7c901b632c2f1c59968 |
14-Feb-2008 |
Jan Engelhardt <jengelh@medozas.de> |
Implement AF_UNSPEC as a wildcard for extensions
ibxt_CLASSIFY.c
ibxt_MARK.c
ibxt_RATEEST.c
ibxt_SECMARK.c
ibxt_TRACE.c
ibxt_length.c
ibxt_limit.c
ibxt_mark.c
ibxt_pkttype.c
ibxt_quota.c
ibxt_rateest.c
ibxt_standard.c
ibxt_statistic.c
ibxt_string.c
ibxt_time.c
ibxt_u32.c
|
bce1c2159f8d24479e994a22561c0f97df4aec4d |
27-Mar-2008 |
Jan Engelhardt <jengelh@medozas.de> |
RATEEST: add manpage
ibxt_RATEEST.c
ibxt_RATEEST.man
|
9df688566bd53f489c75b5dda84582361fec1ab7 |
10-Mar-2008 |
Jan Engelhardt <jengelh@medozas.de> |
manpages: update to reflect fine-grained control
ibip6t_frag.man
ibipt_DNAT.man
ibipt_SAME.man
ibipt_SNAT.man
ibxt_connmark.man
ibxt_helper.man
ibxt_iprange.man
ibxt_mark.man
ibxt_owner.man
ibxt_tos.man
|
6cf172ed4064df729ca83eb71133741dfbd6c6e7 |
10-Mar-2008 |
Jan Engelhardt <jengelh@medozas.de> |
manpages: grammar and spelling
ibip6t_frag.man
ibipt_SAME.man
ibxt_NFQUEUE.man
ibxt_connbytes.man
ibxt_dscp.man
ibxt_hashlimit.man
|
27a98c71b37c8b7ecd9c72d9a275640f32973e0d |
10-Mar-2008 |
Jan Engelhardt <jengelh@medozas.de> |
manpages: fix broken markup (missing close tags)
ibip6t_ah.man
ibip6t_dst.man
ibipt_connlimit.man
ibxt_NFQUEUE.man
ibxt_connbytes.man
ibxt_dccp.man
ibxt_sctp.man
ibxt_u32.man
|
21b41eea4724c57d2b6e5998cf38255046e43ad3 |
11-Feb-2008 |
Jan Engelhardt <jengelh@medozas.de> |
Combine IP{,6}T_LIB_DIR into XTABLES_LIBDIR
NUmakefile.in
|
9a8c77fc8df3155747c34dcea79b7834a2a9a40a |
11-Feb-2008 |
Jan Engelhardt <jengelh@medozas.de> |
Add support for xt_hashlimit match revision 1
ibxt_hashlimit.c
ibxt_hashlimit.man
|
33690a1aec0b6309ff90066ca56285b6e43013f2 |
11-Feb-2008 |
Jan Engelhardt <jengelh@medozas.de> |
Fix all remaining warnings (missing declarations, missing prototypes)
NUmakefile.in
ibip6t_policy.c
ibipt_ULOG.c
|
1a756e948d66ca17f088411c175858cae19bfd66 |
11-Feb-2008 |
Jan Engelhardt <jengelh@medozas.de> |
Update the libxt_owner manpage with the UID/GID-range feature
ibxt_owner.man
|
dbb77543ad6afe29e9a1881b2d4fc212de621a55 |
11-Feb-2008 |
Jan Engelhardt <jengelh@medozas.de> |
Fix -Wshadow warnings and clean up xt_sctp.h Note: xt_sctp.h is still not merged upstream in the kernel as of this commit. But a refactoring was really needed.
ibipt_SAME.c
ibipt_addrtype.c
ibxt_RATEEST.c
ibxt_conntrack.c
ibxt_hashlimit.c
ibxt_state.c
ibxt_statistic.c
|
7a236f4cc685a420c1a782a5db614a93baf37ccf |
03-Mar-2008 |
Jan Engelhardt <jengelh@medozas.de> |
Drop -W from CFLAGS and some tiny code cleanups - change "unsigned" to explicit "unsigned int" - remove some casts
scp_helper.c
ibip6t_dst.c
ibip6t_hbh.c
ibip6t_rt.c
ibipt_SAME.c
ibxt_TCPOPTSTRIP.c
ibxt_quota.c
|
5180032804c03225542368aaaf19060fe7a47a1c |
14-Feb-2008 |
Jan Engelhardt <jengelh@medozas.de> |
Correct the family member value of libxt_mark revision 1 libxt_mark rev1 used AF_INET6 in the class structure where it should have used AF_INET.
ibxt_mark.c
|
c924621bb986c445864bdabdc38d2f13efa99ae5 |
11-Feb-2008 |
Jan Engelhardt <jengelh@medozas.de> |
Fix compilation of iptables-static build Adjust the _INIT macro and thus fix the build/linking procedure of the monolithic do-it-all binary (iptables-static). Also fix the Makefile since unfortunately, lib%.o does not seem to have a higher precedence than %.o
NUmakefile.in
|
dbe6c3b74ee847707181f1fe28b2975b4a8ab425 |
01-Apr-2008 |
James King <t.james.king@gmail.com> |
[IPTABLES]: libxt_iprange: Fix IP validation logic IP address validation logic was inverted, causing valid addresses to be rejected. Signed-off-by: James King <t.james.king@gmail.com>
ibxt_iprange.c
|
ecd7f5ed3bbdb45f7edc8febea6f29cd61bf58db |
29-Feb-2008 |
Naohiro Ooiwa <nooiwa@miraclelinux.com> |
Fix define value of SCTP chunk type. There are wrong chunk_type values in sctp table. The chunk_type of ASCONF and ASCNF_ACK must be 193 and 128, respectively. Naohiro Ooiwa <nooiwa@miraclelinux.com>
ibxt_sctp.c
|
9ee386a1b6d7704b259460152c959ab0e79e02aa |
29-Jan-2008 |
Max Kellermann <max@duempel.org> |
fix gcc warnings Max Kellermann <max@duempel.org>
scp_helper.c
ibip6t_HL.c
ibip6t_LOG.c
ibip6t_REJECT.c
ibip6t_ah.c
ibip6t_dst.c
ibip6t_frag.c
ibip6t_hbh.c
ibip6t_hl.c
ibip6t_icmp6.c
ibip6t_ipv6header.c
ibip6t_mh.c
ibip6t_policy.c
ibip6t_rt.c
ibipt_CLUSTERIP.c
ibipt_DNAT.c
ibipt_ECN.c
ibipt_LOG.c
ibipt_MASQUERADE.c
ibipt_NETMAP.c
ibipt_REDIRECT.c
ibipt_REJECT.c
ibipt_SAME.c
ibipt_SNAT.c
ibipt_TTL.c
ibipt_ULOG.c
ibipt_addrtype.c
ibipt_ah.c
ibipt_ecn.c
ibipt_icmp.c
ibipt_policy.c
ibipt_realm.c
ibipt_recent.c
ibipt_ttl.c
ibxt_CLASSIFY.c
ibxt_CONNMARK.c
ibxt_CONNSECMARK.c
ibxt_DSCP.c
ibxt_MARK.c
ibxt_NFLOG.c
ibxt_NFQUEUE.c
ibxt_RATEEST.c
ibxt_SECMARK.c
ibxt_TCPMSS.c
ibxt_TCPOPTSTRIP.c
ibxt_TOS.c
ibxt_comment.c
ibxt_connbytes.c
ibxt_connlimit.c
ibxt_connmark.c
ibxt_conntrack.c
ibxt_dccp.c
ibxt_dscp.c
ibxt_esp.c
ibxt_hashlimit.c
ibxt_helper.c
ibxt_iprange.c
ibxt_length.c
ibxt_limit.c
ibxt_mac.c
ibxt_mark.c
ibxt_multiport.c
ibxt_owner.c
ibxt_physdev.c
ibxt_pkttype.c
ibxt_quota.c
ibxt_rateest.c
ibxt_sctp.c
ibxt_state.c
ibxt_statistic.c
ibxt_string.c
ibxt_tcp.c
ibxt_tcpmss.c
ibxt_time.c
ibxt_tos.c
ibxt_u32.c
ibxt_udp.c
os_values.c
|
a5d099400fd6f9ad3880dda10f85d2aa36b5ec65 |
29-Jan-2008 |
Max Kellermann <max@duempel.org> |
escape strings Max Kellermann <max@duempel.org>
ibipt_LOG.c
ibipt_ULOG.c
ibxt_NFLOG.c
ibxt_helper.c
|
b4ef34f5be162ffcfe53f5f5fa93541691161580 |
29-Jan-2008 |
Max Kellermann <max@duempel.org> |
use size_t Max Kellermann <max@duempel.org>
ibxt_NFLOG.c
|
5b76f682f722bebc2f0616fca4600eee2c08dfe2 |
29-Jan-2008 |
Max Kellermann <max@duempel.org> |
whitespace cleanup Max Kellermann <max@duempel.org>
ibxt_quota.c
|
5ae6f2011dd435dc1ed905c0e5eab3fddcbb66b3 |
29-Jan-2008 |
Max Kellermann <max@duempel.org> |
Fix REDIRECT manpage Max Kellermann <max@duempel.org>
ibipt_REDIRECT.man
|
ca1da708b6d41dbc5df99335b4370bd1592b4de3 |
29-Jan-2008 |
Jan Engelhardt <jengelh@medozas.de> |
[IPTABLES]: libxt_owner: UID/GID range support UID/GID range support for libxt_owner Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
ibxt_owner.c
|
a8ad34cf11540d147b8aded6826a1452841d2aa7 |
29-Jan-2008 |
Jan Engelhardt <jengelh@medozas.de> |
[IPTABLES]: libxt_conntrack revision 1 Add support for xt_conntrack match revision 1. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
ibxt_conntrack.c
ibxt_conntrack.man
|
ff068719055ae2327d94c79048381c09d3b744c4 |
29-Jan-2008 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_CONNMARK revision 1 Add support for xt_CONNMARK target revision 1. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
ibxt_CONNMARK.c
ibxt_CONNMARK.man
|
a99cb4444ceff1b0029c7e25b0714dbee9021b12 |
29-Jan-2008 |
Jan Engelhardt <jengelh@medozas.de> |
Build adjustments A few build system changes. * ip6tables needs IP6T_LIB_DIR * correctly trigger rebuild of master manpages when submanpages have been touched Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de.
NUmakefile.in
|
fb6209a30fd576cd740eefe0a3ad88d65d2bb2b7 |
29-Jan-2008 |
Jan Engelhardt <jengelh@medozas.de> |
Give preference to iptables header files Have the header files in the iptables source tree take precedence over those from the kernel source. Otherwise, building the current iptables from subversion just fails with kernels < 2.6.25. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
NUmakefile.in
|
aef4c1e7275633e4650d16440faaf4cb7163ac0e |
20-Jan-2008 |
Sven Schnelle <svens@bitebene.org> |
libxt_TCPOPTSTRIP Import libxt_TCPOPTSTRIP into iptables. Signed-off-by: Sven Schnelle <svens@bitebene.org> Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
ibxt_TCPOPTSTRIP.c
ibxt_TCPOPTSTRIP.man
|
fc11b0b24ca2f808adcca3fd6b1aad581538171d |
20-Jan-2008 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_iprange r1 Add support for xt_iprange revision 1 Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
ibxt_iprange.c
|
41daaa0cfbb1cb6b80a2ce2571f9f92f164f0228 |
20-Jan-2008 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_iprange r0 Move libipt_iprange to libxt_iprange. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
ibipt_iprange.c
ibipt_iprange.man
ibxt_iprange.c
ibxt_iprange.man
|
d95d92f0a480008a89f4ffa69f0c67f55dbbe05f |
20-Jan-2008 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_mark r1 Introduce libxt_mark match revision 1 support. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
ibxt_mark.c
|
da75a5a4ed43d3a822b9a75d6fbbfc2e06ccfbfa |
20-Jan-2008 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_hashlimit checks Add checks for libxt_hashlimit so that options cannot be passed twice Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
ibxt_hashlimit.c
|
bd9438420d92c41a5cf20a53b7a18d3ddea4216d |
20-Jan-2008 |
Jan Engelhardt <jengelh@medozas.de> |
rename overlapping function names Rename overlapping function names. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
ibip6t_policy.c
ibipt_DNAT.c
ibipt_NETMAP.c
ibipt_SAME.c
ibipt_SNAT.c
ibipt_iprange.c
ibipt_policy.c
ibxt_conntrack.c
|
08b1616e068166e016b3ee7110db10ae5d853422 |
20-Jan-2008 |
Jan Engelhardt <jengelh@medozas.de> |
bunch o' renames Move a few functions from iptables.c/ip6tables.c to xtables.c so they are available for combined (both AF_INET and AF_INET6) libxt modules. Rename overlapping function names. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
ibipt_DNAT.c
ibipt_NETMAP.c
ibipt_SAME.c
ibipt_SNAT.c
ibipt_policy.c
ibxt_conntrack.c
|
a80b6046fa216c26dbc18d587f6255afa8444885 |
20-Jan-2008 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_conntrack r0 Move libipt_conntrack to libxt_conntrack. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
ibipt_conntrack.c
ibipt_conntrack.man
ibxt_conntrack.c
ibxt_conntrack.man
|
a7b0707bd83bac30a92871872dab79ec8cebebbb |
20-Jan-2008 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_connmark r1 Add support for xt_connmark match revision 1. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
ibxt_connmark.c
ibxt_connmark.man
|
f4b737fb0c52a95a48f2e313ed4cff43db720ad6 |
20-Jan-2008 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_MARK r2 Add support for xt_MARK target revision 2. Also consolidate libip6t_MARK.man and libipt_MARK.man. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
ibip6t_MARK.man
ibipt_MARK.man
ibxt_MARK.c
ibxt_MARK.man
|
36f2eadca556da9bb4979b3f67f38020e80ef7d2 |
20-Jan-2008 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_TOS Move libipt_TOS revision 0 to libxt_TOS revision 0 and add support for xt_TOS target revision 1. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
ibipt_TOS.c
ibipt_TOS.man
ibxt_TOS.c
ibxt_TOS.man
|
0720c1226381f5c71748673c43c12499f1f254c7 |
20-Jan-2008 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_tos Move libipt_tos revision 0 to libxt_tos revision 0 and add support for xt_tos match revision 1. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
ibipt_tos.c
ibipt_tos.man
ibxt_tos.c
ibxt_tos.man
os_values.c
|
5c5cd885daf43256f7bd24a3a698306764438145 |
20-Jan-2008 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_owner libxt_owner merges libipt_owner and libip6t_owner, and adds support for the xt_owner match revision 1. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
ibip6t_owner.c
ibip6t_owner.man
ibipt_owner.c
ibipt_owner.man
ibxt_owner.c
ibxt_owner.man
|
f82070f9871d281c2802c1624dcf222886b5fb50 |
20-Jan-2008 |
Jan Engelhardt <jengelh@medozas.de> |
Converts the iptables build infrastructure to autotools. - Can build both static and dynamic at the same time - iptables-static will be a multi-binary, semi-static (link against libc but w/o dynamic plugins) - Always build IPv6 modules - consider INSTALL Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
condition-test
condition-test6
set-test
NUmakefile.in
akefile
scp_helper.c
ibipt_dscp_helper.c
ibxt_DSCP.c
ibxt_dscp.c
|
6afc5b720ed78173e4e21b759df16577fbce13d6 |
15-Jan-2008 |
Patrick McHardy <kaber@trash.net> |
Add rateest match extension Signed-off-by: Patrick McHardy <kaber@trash.net>
akefile
ibxt_rateest.c
|
2528258ddf066a5147394dc65cae3bde8e80e3c0 |
15-Jan-2008 |
Patrick McHardy <kaber@trash.net> |
Add RATEEST target extension Signed-off-by: Patrick McHardy <kaber@trash.net>
akefile
ibxt_RATEEST.c
|
2c3ce6ad598cb479640f6f14c7c5e25488923062 |
15-Jan-2008 |
Peter Warasin <peter@endian.com> |
Fix CONNMARK mask initialisation This patch fixes the problem that the CONNMARK mask value has been set to 0 whenever the CONNMARK target options were not the last options to be processed. It initalizes the mask value rather than setting it for each parse. Signed-off-by: Peter Warasin <peter@endian.com>
ibxt_CONNMARK.c
|
19b61ddebbd67bc91d2c395dea29bad7db21f316 |
29-Nov-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Unifies libip[6]t_SECMARK.man to libxt_SECMARK.man
ibip6t_SECMARK.man
ibipt_SECMARK.man
ibxt_SECMARK.man
|
c256896b239eaf0581f5c9b5ad5e398b0918b6e4 |
29-Nov-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Unifies libip[6]t_CONNSECMARK.man to libxt_CONNSECMARK.man
ibip6t_CONNSECMARK.man
ibipt_CONNSECMARK.man
ibxt_CONNSECMARK.man
|
fbce50a6f5dddec592888a1ae95770e39aee76cd |
29-Nov-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Fixes missing '6' and 'X' in definitions of selinux related extension lists.
akefile
|
d6a7eeb69d7b5e88f31bd73d16250a0d32108f28 |
29-Nov-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Remove libip6t_state.c. libxt_state.c supports IPv6.
ibip6t_state.c
|
58c8939cad29e99397495d3398bfa7d373308fdb |
29-Nov-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Unifies libip[6]t_udp.man to libxt_udp.man
ibip6t_udp.man
ibipt_udp.man
ibxt_udp.man
|
64d1335ef9346ec224633504245057067ec6d4ae |
29-Nov-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Removes libip6t_u32.man libxt_u32.man already exists.
ibip6t_u32.man
|
47c0e698188cbe769bd6da5cda5d2318f4b6a782 |
29-Nov-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Unifies libip[6]t_physdev.man to libxt_physdev.man
ibip6t_physdev.man
ibipt_physdev.man
ibxt_physdev.man
|
6c819f059e2bc585554c6d4f46e108f67df657b8 |
29-Nov-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Unifies libip[6]t_mark.man to libxt_mark.man
ibip6t_mark.man
ibipt_mark.man
ibxt_mark.man
|
fb6ef49a4d3cac528b78332977c903397e6137d2 |
29-Nov-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Unifies libip[6]t_mac.man to libxt_mac.man
ibip6t_mac.man
ibipt_mac.man
ibxt_mac.man
|
f0f8129bba8311d2feefb6fd685ad4b7e3c1e8ab |
29-Nov-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Unifies libip[6]t_limit.man to libxt_limit.man
ibip6t_limit.man
ibipt_limit.man
ibxt_limit.man
|
0c0cf4713ea992399ae8fee50e33f458fd77b020 |
29-Nov-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Unifies libip[6]t_esp.man to libxt_esp.man
ibip6t_esp.man
ibipt_esp.man
ibxt_esp.man
|
bbdd169bbf03976c71c9156c57a436ce4b7aef46 |
29-Nov-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Unifies libip[6]t_NFQUEUE.man to libxt_NFQUEUE.man
ibip6t_NFQUEUE.man
ibipt_NFQUEUE.man
ibxt_NFQUEUE.man
|
3943ebf3493dac6fb135c9ed4a45750d8cdcdb82 |
29-Nov-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Move libipt_tcpmss.man to libxt_tcpmss.man for ip6tables.8
ibipt_tcpmss.man
ibxt_tcpmss.man
|
ec642db62a28be7e13a6ab5b3f800376bb7a8dff |
29-Nov-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Move libipt_string.man to libxt_string.man for ip6tables.8
ibipt_string.man
ibxt_string.man
|
c03962bebfcf5ee9a9097aa564d16836903b57ea |
29-Nov-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Move libipt_state.man to libxt_state.man for ip6tables.8
ibipt_state.man
ibxt_state.man
|
fe7e95ee772b7e74f5ac8219bf5d3473349a80e5 |
29-Nov-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Move libipt_sctp.man to libxt_sctp.man for ip6tables.8
ibipt_sctp.man
ibxt_sctp.man
|
a2c18dd82af45cbd1d7a352d81e1512671701411 |
29-Nov-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Move libipt_quota.man to libxt_quota.man for ip6tables.8
ibipt_quota.man
ibxt_quota.man
|
5b5fbca369830bebf56fc2c9a79de8a8f667817e |
29-Nov-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Move libipt_pkttype.man to libxt_pkttype.man for ip6tables.8
ibipt_pkttype.man
ibxt_pkttype.man
|
946397340806ca9f0bab7e0371668058e7a98de4 |
29-Nov-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Move libipt_helper.man to libxt_helper.man for ip6tables.8
ibipt_helper.man
ibxt_helper.man
|
549510a00c5983eb200ab74fe7fc884d28301423 |
29-Nov-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Move libipt_hashlimit.man to libxt_hashlimit.man for ip6tables.8
ibipt_hashlimit.man
ibxt_hashlimit.man
|
762476173aa1caeb0c40286a5e89f8d3bbf3eaa8 |
29-Nov-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Move libipt_dscp.man to libxt_dscp.man for ip6tables.8
ibipt_dscp.man
ibxt_dscp.man
|
a399d80ed746d24745a066b40e6ea624b8a606ad |
29-Nov-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Move libipt_dccp.man to libxt_dccp.man for ip6tables.8
ibipt_dccp.man
ibxt_dccp.man
|
b992748c8ae97326f48f108729d4d75d529576b1 |
29-Nov-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Move libipt_connmark.man to libxt_connmark.man for ip6tables.8
ibipt_connmark.man
ibxt_connmark.man
|
26d3f05cc8a12f6a1377f6248155e196e661d63a |
29-Nov-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Move libipt_connbytes.man to libxt_connbytes.man for ip6tables.8
ibipt_connbytes.man
ibxt_connbytes.man
|
65b2d1c5fa2981230a56a9166544d5fe0d4e2998 |
29-Nov-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Move libipt_comment.man to libxt_comment.man for ip6tables.8
ibipt_comment.man
ibxt_comment.man
|
21e367e935fd7eb5850999bf0e12907d7e599e6f |
29-Nov-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Move libipt_NOTRACK.man to libxt_NOTRACK.man for ip6tables.8
ibipt_NOTRACK.man
ibxt_NOTRACK.man
|
0dbf1be314062c33df4d675451badbf0dd2dcd57 |
29-Nov-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Move libipt_DSCP.man to libxt_DSCP.man for ip6tables.8
ibipt_DSCP.man
ibxt_DSCP.man
|
dea46b39b7b8d7b763b0e13c724161bc48af0a8e |
29-Nov-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Moves libipt_CONNMARK.man to libxt_CONNMARK.man for ip6tables.8
ibipt_CONNMARK.man
ibxt_CONNMARK.man
|
a87716abc2bdd47009670c57bdf86d254a8f6c81 |
29-Nov-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Moves libipt_CLASSYFY.man to libxt_CLASSYFY.man for ip6tables.8
ibipt_CLASSIFY.man
ibxt_CLASSIFY.man
|
e33bf8eb6467d8d3acf16efa65b09844aea59824 |
28-Nov-2007 |
Patrick McHardy <kaber@trash.net> |
Fix connlimit output for inverted --connlimit-above: ! > is <=, not <
ibxt_connlimit.c
|
e29da4e9610ab376593e50a44efba874a533dfe0 |
26-Nov-2007 |
Patrick McHardy <kaber@trash.net> |
Add NFLOG manpage
ibxt_NFLOG.man
|
725ebb1ca4e93ad11b38ee37338f92600454344a |
25-Nov-2007 |
Jan Engelhardt <jengelh@medozas.de> |
iptables: move manpage Rename libipt_{time,u32}.man to libxt_{time,u32}.man to go in line with the C files. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
ibipt_time.man
ibipt_u32.man
ibxt_time.man
ibxt_u32.man
|
40eaf2a1fe01c37141bc457537971538fefd47af |
25-Nov-2007 |
Jan Engelhardt <jengelh@medozas.de> |
iptables: fix check_inverse() call Fix a typo in call to check_inverse(). Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
ibipt_conntrack.c
|
75b4b2081522ab2f680ca0edf2242bc6f28a0ef7 |
15-Nov-2007 |
Tom Eastep <teastep@shorewall.net> |
PATCH - Fix for --random option in DNAT and REDIRECT The --random option produces "Unknown arg `--random'" errors with both the DNAT and REDIRECT targets. Corrected by the attached patch. Tom Eastep <teastep@shorewall.net>
ibipt_DNAT.c
ibipt_REDIRECT.c
|
8f4c67fe008261ff6075e162e5e5eb2860cd7dab |
12-Nov-2007 |
Stefano Sabatini <stefano.sabatini-lala@poste.it> |
Document xt_statistic (Stefano Sabatini <stefano.sabatini-lala@poste.it>)
ibxt_statistic.man
|
3ca9cc6040b72121931bd788c7d45437d5326daf |
31-Oct-2007 |
László Attila Tóth <panther@balabit.hu> |
Introducing libxt_*.man files. Sorted matches and modules The iptables.8 and ip6tables.8 man pages are now generated from libxt_*.man files too. For xtables modules one man page is enough with libxt_ prefix. The match and target lists are sorted alphabetically. The make command doesn't print anything when creates man pages. Signed-off-by: Laszlo Attila Toth <panther@balabit.hu>
akefile
|
032722b2d24138ee92e459c779ae4869f33b1f37 |
20-Oct-2007 |
Jan Engelhardt <jengelh@medozas.de> |
Transfer all my copyright over to our company. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
ibxt_time.c
ibxt_u32.c
|
fceebd8a493a16a767cf1c8e890830c129218c8f |
18-Oct-2007 |
Patrick McHardy <kaber@trash.net> |
Fix the compile warning fix According to Jan: While the fields of struct xt_time are uints, the defined time_t span is by definition 0..231-1, i.e. it should be INT_MAX, not UINT_MAX.
ibxt_time.c
|
ff64ae696f64811d513b7969713d8002e37c0c3b |
18-Oct-2007 |
Patrick McHardy <kaber@trash.net> |
Fix compiler warning on 64 bit: date_stop is an u_int32_t, so use UINT_MAX instead of LONG_MAX
ibxt_time.c
|
1f25b402553db8dd4448ee502d7ebcf47c9151c9 |
18-Oct-2007 |
Li Zefan <lizf@cn.fujitsu.com> |
extension/sctp: fix - mistake to pass a pointer where array is required Macros like SCTP_CHUNKMAP_XXX(chukmap) require chukmap to be an array, but print_chunks() passes a pointer to these macros. Li Zefan <lizf@cn.fujitsu.com>
ibxt_sctp.c
|
9e6fcb226fb767784d5f530f67bd30144aa98459 |
08-Oct-2007 |
Sebastian Claßen <sebastian.classen@freenet.ag> |
make print-extensions doesn't show libxt_* extensions In extensions/Makefile the variable PFX_EXT_SLIB_OPTS is not appended to OPTIONALS, therefor 'make print-extensions' doesn't show any optional libxt_* extension. Sebastian Claßen <sebastian.classen@freenet.ag>
akefile
|
72118884b63f36ec0f42ce5a7e5e9569033291ab |
08-Oct-2007 |
László Attila Tóth <panther@balabit.hu> |
Unique symbols and no '&' characters Removing '&' from .._match and ..._target variables. Give all symbols unique names. Signed-off-by: Laszlo Attila Toth
ibxt_CLASSIFY.c
ibxt_state.c
|
e2f588ab7481760f069cd30d3146569f074721aa |
04-Oct-2007 |
Jan Engelhardt <jengelh@medozas.de> |
Remove redundant dst/hbh lines Remove hbh stuff from libip6t_dst, remove dst stuff from libip6t_hbh. Signed-off-by: Jan Engelhardt <jengelh@gmx.de>
ibip6t_dst.c
ibip6t_hbh.c
|
4d150eb5934fd4343b5fac2419c994e2bf97a96c |
04-Oct-2007 |
Jan Engelhardt <jengelh@medozas.de> |
Unique symbols 6/6 Give symbols of libxt targets unique names (3/3). Adds unique prefixes to all functions (most of them - especially the hook functions) so that debugging programs can unambiguously map a symbol to an address. Also unifies the names of the xtables_match/xtables_target structs, (based upon libxt_connmark.c/libip6t_*.c). Signed-off-by: Jan Engelhardt <jengelh@gmx.de>
ibip6t_HL.c
ibip6t_LOG.c
ibip6t_REJECT.c
|
997045f536026c0d643bf884da5ff5de2605197f |
04-Oct-2007 |
Jan Engelhardt <jengelh@medozas.de> |
Unique names 5/6 Give symbols of libxt matches unique names (3/3). Adds unique prefixes to all functions (most of them - especially the hook functions) so that debugging programs can unambiguously map a symbol to an address. Also unifies the names of the xtables_match/xtables_target structs, (based upon libxt_connmark.c/libip6t_*.c). Signed-off-by: Jan Engelhardt <jengelh@gmx.de>
ibip6t_ah.c
ibip6t_condition.c
ibip6t_dst.c
ibip6t_eui64.c
ibip6t_frag.c
ibip6t_hbh.c
ibip6t_hl.c
ibip6t_icmp6.c
ibip6t_ipv6header.c
ibip6t_mh.c
ibip6t_owner.c
ibip6t_policy.c
ibip6t_rt.c
ibip6t_state.c
|
1d5b63d12984d12c8d87242179855e17657be16d |
04-Oct-2007 |
Jan Engelhardt <jengelh@medozas.de> |
Unique names 4/6 Give symbols of libxt targets unique names (2/3). Adds unique prefixes to all functions (most of them - especially the hook functions) so that debugging programs can unambiguously map a symbol to an address. Also unifies the names of the xtables_match/xtables_target structs, (based upon libxt_connmark.c/libip6t_*.c). Signed-off-by: Jan Engelhardt <jengelh@gmx.de>
ibipt_CLUSTERIP.c
ibipt_DNAT.c
ibipt_ECN.c
ibipt_LOG.c
ibipt_MASQUERADE.c
ibipt_MIRROR.c
ibipt_NETMAP.c
ibipt_REDIRECT.c
ibipt_REJECT.c
ibipt_SAME.c
ibipt_SET.c
ibipt_SNAT.c
ibipt_TOS.c
ibipt_TTL.c
ibipt_ULOG.c
|
59d164019340d110d302634e429320577f0db7be |
04-Oct-2007 |
Jan Engelhardt <jengelh@medozas.de> |
Unique names 3/6 Give symbols of libxt matches unique names (2/3). Adds unique prefixes to all functions (most of them - especially the hook functions) so that debugging programs can unambiguously map a symbol to an address. Also unifies the names of the xtables_match/xtables_target structs, (based upon libxt_connmark.c/libip6t_*.c). Signed-off-by: Jan Engelhardt <jengelh@gmx.de>
ibipt_addrtype.c
ibipt_ah.c
ibipt_condition.c
ibipt_conntrack.c
ibipt_ecn.c
ibipt_icmp.c
ibipt_iprange.c
ibipt_owner.c
ibipt_policy.c
ibipt_realm.c
ibipt_recent.c
ibipt_set.c
ibipt_tos.c
ibipt_ttl.c
ibipt_unclean.c
|
932e648f38ac16b1ea14c1f66f23951388448c5a |
04-Oct-2007 |
Jan Engelhardt <jengelh@medozas.de> |
Unique names 2/6 Give symbols of libxt targets unique names (1/3). Adds unique prefixes to all functions (most of them - especially the hook functions) so that debugging programs can unambiguously map a symbol to an address. Also unifies the names of the xtables_match/xtables_target structs, (based upon libxt_connmark.c/libip6t_*.c). Signed-off-by: Jan Engelhardt <jengelh@gmx.de>
ibxt_CONNMARK.c
ibxt_CONNSECMARK.c
ibxt_DSCP.c
ibxt_MARK.c
ibxt_NFLOG.c
ibxt_NFQUEUE.c
ibxt_NOTRACK.c
ibxt_SECMARK.c
ibxt_TCPMSS.c
ibxt_TRACE.c
|
181dead3f13befe02769ef479bcbb51801b7fc4e |
04-Oct-2007 |
Jan Engelhardt <jengelh@medozas.de> |
Unique symbols 1/6 Give symbols of libxt matches unique names (1/3). Adds unique prefixes to all functions (most of them - especially the hook functions) so that debugging programs can unambiguously map a symbol to an address. Also unifies the names of the xtables_match/xtables_target structs, (based upon libxt_connmark.c/libip6t_*.c). Signed-off-by: Jan Engelhardt <jengelh@gmx.de>
ibxt_comment.c
ibxt_connbytes.c
ibxt_connlimit.c
ibxt_connmark.c
ibxt_dccp.c
ibxt_dscp.c
ibxt_esp.c
ibxt_hashlimit.c
ibxt_helper.c
ibxt_length.c
ibxt_limit.c
ibxt_mac.c
ibxt_mark.c
ibxt_multiport.c
ibxt_physdev.c
ibxt_pkttype.c
ibxt_quota.c
ibxt_sctp.c
ibxt_standard.c
ibxt_statistic.c
ibxt_string.c
ibxt_tcp.c
ibxt_tcpmss.c
ibxt_time.c
ibxt_u32.c
ibxt_udp.c
|
926bde877f8182e7db4d057969dc8293e81fd6cf |
04-Oct-2007 |
Jan Engelhardt <jengelh@medozas.de> |
No ipt in xt Cease using ipt_entry_match (replaced by xt_entry_match). Signed-off-by: Jan Engelhardt <jengelh@gmx.de>
ibxt_connlimit.c
|
0e2abed11985e16215559cefd90625f99317b96c |
04-Oct-2007 |
Jan Engelhardt <jengelh@medozas.de> |
Constify data structures Constify more data structures. Make functions static. Signed-off-by: Jan Engelhardt <jengelh@gmx.de>
ibip6t_LOG.c
ibip6t_REJECT.c
ibip6t_policy.c
ibipt_LOG.c
ibipt_policy.c
ibipt_realm.c
ibxt_CLASSIFY.c
ibxt_dccp.c
ibxt_hashlimit.c
ibxt_limit.c
ibxt_sctp.c
ibxt_tcp.c
|
278654a9aa89311eb624dc5b79b5b37d99248129 |
04-Oct-2007 |
Jan Engelhardt <jengelh@medozas.de> |
Delete empty ->print() and ->save() functions Deletes empty ->print() and ->save() functions. ip[6]tables prints the trivial thing automatically. Signed-off-by: Jan Engelhardt <jengelh@gmx.de>
ibip6t_eui64.c
ibipt_unclean.c
ibxt_TRACE.c
ibxt_standard.c
|
830132ac9c0d270bf9dcfe85c2464e3fe8c73fb9 |
04-Oct-2007 |
Jan Engelhardt <jengelh@medozas.de> |
Delete empty ->final_check() functions Deletes empty ->final_check() functions, and makes ip[6]tables checks for NULL on these. Signed-off-by: Jan Engelhardt <jengelh@gmx.de>
ibip6t_LOG.c
ibip6t_REJECT.c
ibip6t_ah.c
ibip6t_dst.c
ibip6t_eui64.c
ibip6t_frag.c
ibip6t_hbh.c
ibip6t_mh.c
ibip6t_rt.c
ibipt_LOG.c
ibipt_MASQUERADE.c
ibipt_MIRROR.c
ibipt_REDIRECT.c
ibipt_REJECT.c
ibipt_ULOG.c
ibipt_ah.c
ibipt_icmp.c
ibipt_unclean.c
ibxt_NFLOG.c
ibxt_NFQUEUE.c
ibxt_NOTRACK.c
ibxt_TRACE.c
ibxt_dccp.c
ibxt_esp.c
ibxt_limit.c
ibxt_quota.c
ibxt_sctp.c
ibxt_standard.c
ibxt_tcp.c
ibxt_time.c
ibxt_u32.c
ibxt_udp.c
|
0463ee1f28946cc49815737daa0ced0c68f39f0b |
04-Oct-2007 |
Jan Engelhardt <jengelh@medozas.de> |
Delete empty ->init() functions Deletes empty ->init() functions. ip[6]tables already checks for .init being NULL or not. Signed-off-by: Jan Engelhardt <jengelh@gmx.de>
ibip6t_HL.c
ibip6t_policy.c
ibipt_CLUSTERIP.c
ibipt_ECN.c
ibipt_MIRROR.c
ibipt_TOS.c
ibipt_TTL.c
ibipt_policy.c
ibxt_CLASSIFY.c
ibxt_CONNMARK.c
ibxt_DSCP.c
ibxt_MARK.c
ibxt_NFQUEUE.c
ibxt_NOTRACK.c
ibxt_SECMARK.c
ibxt_TCPMSS.c
ibxt_TRACE.c
ibxt_multiport.c
ibxt_physdev.c
ibxt_standard.c
|
d3daa435a4790111ac6d6d0b0da2721081160341 |
04-Oct-2007 |
Jan Engelhardt <jengelh@medozas.de> |
Remove stray NULLs Mixing member accessors (non-named vs named) is not good. Remove stray NULL. Signed-off-by: Jan Engelhardt <jengelh@gmx.de>
ibip6t_HL.c
ibipt_MASQUERADE.c
ibipt_realm.c
|
14d5ebef1e932451b634d8370079b4c93407aea1 |
04-Oct-2007 |
László Attila Tóth <panther@balabit.hu> |
Addrtype match: renaming functions The function names in libipt_addrtype.c makes debugging hard, also I renamed them prefixed by 'addrtype_'. Laszlo attila toth <panther@balabit.hu>
ibipt_addrtype.c
|
92dc7096c8076f2228c1c6cadb81f7892384033b |
28-Sep-2007 |
Hann-Huei Chiou <koala@ascenvision.com> |
Couldn't load/find match `u32' iptables (up to 0927 snapshot) keeps complaining of "Couldn't load (or find, if NO_SHARED_LIBS=1) match `u32'. After comparing with other libxt_*.c, I found that there's no member ".family" in the "u32_reg" structure, while ".family = AF_INET6" exists in "u32_reg6" Hann-Huei Chiou <koala@ascenvision.com>
ibxt_u32.c
|
ad326ef9f734ac30548de292c59fc0e2fd81ac2a |
23-Sep-2007 |
Jan Engelhardt <jengelh@medozas.de> |
Add the libxt_time iptables match This is libipt_time from POM-ng enhanced by the following: * day-of-month support (for example "match on the 15th of each month") * inversion support for --weekdays and --monthdays * match against UTC or local timezone * a manpage Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
akefile
ibipt_time.man
ibxt_time.c
|
55951a0532e35cf73bd83b01014387616eb31431 |
19-Sep-2007 |
Jan Engelhardt <jengelh@medozas.de> |
Fix u32 warnings warning: format '%ld' expects type 'long int', but argument 3 has type 'int'. With %u alone, you would get "but arg-start is long" warnings on x64. With %lu, you would get "but arg-start is int" on x86. Fix it up by explicitly deciding for one (%u and cast to unsigned int) and using that. Jan Engelhardt <jengelh@computergmbh.de>
ibxt_u32.c
|
9640e529bd08c4c0458246fae0fd6b473c94ab46 |
10-Sep-2007 |
Jan Engelhardt <jengelh@medozas.de> |
Adds u32 to iptables. Signed-off-by: Jan Engelhardt <jengelh@gmx.de>
akefile
ibip6t_u32.man
ibipt_u32.man
ibxt_u32.c
|
500f483fff529dcd88ec96b9d5054be6cd6363a0 |
08-Sep-2007 |
Patrick McHardy <kaber@trash.net> |
Fix sparse warnings: non-ANSI function declarations, 0 used as pointer
ibip6t_HL.c
ibip6t_LOG.c
ibip6t_REJECT.c
ibip6t_ah.c
ibip6t_dst.c
ibip6t_frag.c
ibip6t_hbh.c
ibip6t_hl.c
ibip6t_icmp6.c
ibip6t_ipv6header.c
ibip6t_mh.c
ibip6t_owner.c
ibip6t_rt.c
ibipt_CLUSTERIP.c
ibipt_DNAT.c
ibipt_ECN.c
ibipt_LOG.c
ibipt_MASQUERADE.c
ibipt_NETMAP.c
ibipt_REDIRECT.c
ibipt_REJECT.c
ibipt_SAME.c
ibipt_SNAT.c
ibipt_TOS.c
ibipt_TTL.c
ibipt_ULOG.c
ibipt_addrtype.c
ibipt_ah.c
ibipt_conntrack.c
ibipt_ecn.c
ibipt_icmp.c
ibipt_iprange.c
ibipt_owner.c
ibipt_realm.c
ibipt_recent.c
ibipt_tos.c
ibipt_ttl.c
ibxt_CLASSIFY.c
ibxt_CONNMARK.c
ibxt_DSCP.c
ibxt_MARK.c
ibxt_NFLOG.c
ibxt_NFQUEUE.c
ibxt_TCPMSS.c
ibxt_comment.c
ibxt_connbytes.c
ibxt_connmark.c
ibxt_dccp.c
ibxt_dscp.c
ibxt_esp.c
ibxt_hashlimit.c
ibxt_helper.c
ibxt_length.c
ibxt_limit.c
ibxt_mac.c
ibxt_mark.c
ibxt_multiport.c
ibxt_physdev.c
ibxt_pkttype.c
ibxt_quota.c
ibxt_sctp.c
ibxt_state.c
ibxt_statistic.c
ibxt_string.c
ibxt_tcp.c
ibxt_tcpmss.c
ibxt_udp.c
|
4a058c1729f22ac6224d7175dc5b310842c0e392 |
06-Sep-2007 |
László Attila Tóth <panther@balabit.hu> |
Makefile for man pages of xtables extensions (Laszlo Attila Toth <panther@balabit.hu>) * no extra target/match by default :) * man page of fix modules (PF_EXT_SLIB etc.) plus optional (...SLIB_OPTS) modules generated, but not all. * because of the previous one I had to rename PF_EXT_SE_SLIB to PF_EXT_SELINUX_SLIB etc. as a non-optional variable, original PF_EXT_SE_SLIB gets the value of PF_EXT_SELINUX_SLIB if DO_SELINUX is set to 1.
akefile
|
07143e402a60f46f17ef34c210781f100eb7abde |
06-Sep-2007 |
Patrick McHardy <kaber@trash.net> |
Remove unsupported connrate extension
ibipt_connrate.c
ibipt_connrate.man
|
6c4ab9cfa2f42d4efe22bcaee2614ccde941ddac |
05-Sep-2007 |
László Attila Tóth <panther@balabit.hu> |
Build manpages for xtables extensions (Laszlo Attila Toth <panther@balabit.hu>)
akefile
|
c329d6a7085e3123f3d5ca98a8e0ab37edca2dcc |
05-Sep-2007 |
Patrick McHardy <kaber@trash.net> |
Fix aligned_u64 type on 64 bit: its an unsigned long, not an unsigned long long. Fixes compiler warning in quota match.
ibxt_connbytes.c
|
31317ed1f9103434adda716abbe65e9fc7bdd418 |
05-Sep-2007 |
Patrick McHardy <kaber@trash.net> |
Build IPv6 hbh/dst matches unconditionally
opts-test6
akefile
|
248a109b3bf6c9a0b3724f3123ad64a624d30631 |
05-Sep-2007 |
Patrick McHardy <kaber@trash.net> |
Build IPv6 rt match unconditionally
rt-test6
akefile
|
1d1ad90494bf909871c233e76036b18841949c9e |
05-Sep-2007 |
Patrick McHardy <kaber@trash.net> |
Build ipv6header match unconditionally
ipv6header-test6
akefile
|
389f785b060c181ce77d44840274b5c68e39b23f |
05-Sep-2007 |
Patrick McHardy <kaber@trash.net> |
Build IPv6 mh match unconditionally
mh-test6
akefile
|
eda0390fe200f2d9f37d2a19b50e7ca531367ada |
05-Sep-2007 |
Patrick McHardy <kaber@trash.net> |
Resync header files and build IPv6 frag match unconditionally
frag-test6
akefile
|
7a87b74d4d41a356df3a81d0e8415c4f7a76097b |
05-Sep-2007 |
Patrick McHardy <kaber@trash.net> |
Resync header file and build IPv6 ah match unconditionally
ah-test6
akefile
|
b4a6920d4bb9fa634279c93b9d2cc543603ea772 |
05-Sep-2007 |
Patrick McHardy <kaber@trash.net> |
Build IPv6 REJECT target unconditionally
REJECT-test6
akefile
|
9fc3b5e9aaecaa4f3ebaf4bb55ddde2620e7f13e |
05-Sep-2007 |
Patrick McHardy <kaber@trash.net> |
Resync header file and build CLUSTERIP target unconditionally
CLUSTERIP-test
akefile
|
3df9b22a5b0fde0e0a00259078f419a4ad3a92cd |
05-Sep-2007 |
Patrick McHardy <kaber@trash.net> |
Build recent match unconditionally
recent-test
akefile
|
9e9022562d76644a2c9d1024b597729af68c81e5 |
05-Sep-2007 |
Patrick McHardy <kaber@trash.net> |
Build dccp match unconditionally
dccp-testx
akefile
|
b8a0a100a68098c0329735b5724d9c0b425e72eb |
05-Sep-2007 |
Patrick McHardy <kaber@trash.net> |
Build string match unconditionally
string-testx
akefile
|
800b7e54e81f86d290a66330cecb1fe5a3a9a31a |
05-Sep-2007 |
Patrick McHardy <kaber@trash.net> |
Build statistic match unconditionally
statistic-testx
akefile
|
42a28540500062823c4562c7acc076a5c00a579b |
05-Sep-2007 |
Patrick McHardy <kaber@trash.net> |
Build connbytes match unconditionally
connbytes-testx
akefile
|
cddfd941e7a24dbc01a7dc79e4ce51f60f7128fc |
05-Sep-2007 |
Patrick McHardy <kaber@trash.net> |
Build quota match unconditionally
quota-testx
akefile
|
002d129b694633d47c76913b360329baa0d8e923 |
05-Sep-2007 |
Patrick McHardy <kaber@trash.net> |
Build NFLOG target unconditionally
NFLOG-testx
akefile
|
ea146a982e26c42f9954f140276f8deeb2edbe98 |
02-Sep-2007 |
Peter Riley <Peter.Riley@hotpop.com> |
Remove last vestiges of NFC (Peter Riley <Peter.Riley@hotpop.com>)
ibip6t_HL.c
ibip6t_LOG.c
ibip6t_REJECT.c
ibip6t_ah.c
ibip6t_condition.c
ibip6t_dst.c
ibip6t_eui64.c
ibip6t_frag.c
ibip6t_hbh.c
ibip6t_hl.c
ibip6t_icmp6.c
ibip6t_ipv6header.c
ibip6t_mh.c
ibip6t_owner.c
ibip6t_policy.c
ibip6t_rt.c
ibip6t_state.c
ibipt_CLUSTERIP.c
ibipt_ECN.c
ibipt_LOG.c
ibipt_MASQUERADE.c
ibipt_MIRROR.c
ibipt_NETMAP.c
ibipt_REDIRECT.c
ibipt_REJECT.c
ibipt_SAME.c
ibipt_SET.c
ibipt_TOS.c
ibipt_TTL.c
ibipt_ULOG.c
ibipt_addrtype.c
ibipt_ah.c
ibipt_condition.c
ibipt_connrate.c
ibipt_conntrack.c
ibipt_ecn.c
ibipt_icmp.c
ibipt_iprange.c
ibipt_owner.c
ibipt_policy.c
ibipt_realm.c
ibipt_recent.c
ibipt_set.c
ibipt_tos.c
ibipt_ttl.c
ibipt_unclean.c
ibxt_CLASSIFY.c
ibxt_CONNMARK.c
ibxt_DSCP.c
ibxt_MARK.c
ibxt_NFLOG.c
ibxt_NFQUEUE.c
ibxt_NOTRACK.c
ibxt_SECMARK.c
ibxt_TCPMSS.c
ibxt_TRACE.c
ibxt_comment.c
ibxt_connbytes.c
ibxt_connlimit.c
ibxt_connmark.c
ibxt_dccp.c
ibxt_dscp.c
ibxt_esp.c
ibxt_hashlimit.c
ibxt_helper.c
ibxt_length.c
ibxt_limit.c
ibxt_mac.c
ibxt_mark.c
ibxt_multiport.c
ibxt_physdev.c
ibxt_pkttype.c
ibxt_quota.c
ibxt_sctp.c
ibxt_standard.c
ibxt_state.c
ibxt_statistic.c
ibxt_string.c
ibxt_tcp.c
ibxt_tcpmss.c
ibxt_udp.c
|
dcfd0a487fc622c76feedeeae2c2bd985cd7e19f |
29-Aug-2007 |
zhangxiliang <zhangxiliang@cn.fujitsu.com> |
Fix dscp match manpage (zhangxiliang <zhangxiliang@cn.fujitsu.com>) The description for the value in option "-m dscp -dscp" should be modified to 0~63. The option can match 6 bit DSCP field within the TOS field in the IP header. So the range for the option should be 0~(26-1) that is 0~63.
ibipt_dscp.man
|
dfd78a8066857c56284a263623a4ffabd1021ce6 |
04-Aug-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Add IPv6 support to statistic match
statistic-test
statistic-testx
ibipt_statistic.c
ibxt_statistic.c
|
f8137b1b4cc18d4ff528ac40b83345260bb644ae |
04-Aug-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Add IPv6 support to helper match
akefile
ibipt_helper.c
ibxt_helper.c
|
6aac50010e50aa42b42089110c8cf4d80b224f14 |
04-Aug-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Add IPv6 support to connbytes match
connbytes-test
connbytes-testx
ibipt_connbytes.c
ibxt_connbytes.c
|
a7bf6d0decd93ade089a98a8de76a529cd96427e |
04-Aug-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Add IPv6 support to DSCP target
akefile
ibipt_DSCP.c
ibxt_DSCP.c
|
e4cc20b2367362c2f9c84c0daaccd985e3236118 |
04-Aug-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Add IPv6 support to CLASSIFY target
akefile
ibipt_CLASSIFY.c
ibxt_CLASSIFY.c
|
1a31b4251a71e5cd3845860405ecbe156c5f13c7 |
04-Aug-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Unifies libip[6]t_TRACE into libxt_TRACE
akefile
ibip6t_TRACE.c
ibipt_TRACE.c
ibxt_TRACE.c
|
a16e11418405980334734e9edda6b705aea31f8e |
04-Aug-2007 |
Yasuyuki KOZAKAIYasuyuki KOZAKAI <yasuyuki@netfilter.orgyasuyuki@netfilter.org> |
Unifies libip[6]t_NFLOG into libxt_NFLOG
NFLOG-test
NFLOG-test6
NFLOG-testx
ibip6t_NFLOG.c
ibipt_NFLOG.c
ibxt_NFLOG.c
|
9bbf867821db55bd6e109934b9aa871322405767 |
04-Aug-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Revert commit 6990. That log is not correct and .NF_LOG-testx has incorrect mode.
NFLOG-test
NFLOG-test6
NFLOG-testx
ibip6t_NFLOG.c
ibipt_NFLOG.c
ibxt_NFLOG.c
|
8338c88a83ac3828459b36332d340cbaa8e0607f |
04-Aug-2007 |
Yasuyuki KOZAKAIYasuyuki KOZAKAI <yasuyuki@netfilter.orgyasuyuki@netfilter.org> |
Unifies libip[6]t_state into libxt_state
NFLOG-test
NFLOG-test6
NFLOG-testx
ibip6t_NFLOG.c
ibipt_NFLOG.c
ibxt_NFLOG.c
|
1ff0b8d6a6669e6bbbacbfd719bd7e016a4c0406 |
04-Aug-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Unifies libip[6]t_state into libxt_state
akefile
ibipt_state.c
ibxt_state.c
|
c57c155312a544482a6b8a3c0f7224b00cfaae20 |
04-Aug-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Unifies libip[6]t_connmark into libxt_connmark
akefile
ibip6t_connmark.c
ibipt_connmark.c
ibxt_connmark.c
|
d62a9db1295608ef98394b830703389973346716 |
04-Aug-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Unifies libip[6]t_hashlimit into libxt_hashlimit
hashlimit-test6
akefile
ibip6t_hashlimit.c
ibipt_hashlimit.c
ibxt_hashlimit.c
|
6e22228b00cc485282db16b9637315a60b6dbd10 |
04-Aug-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Unifies libip[6]t_MARK into libxt_MARK
akefile
ibip6t_MARK.c
ibipt_MARK.c
ibxt_MARK.c
|
5679958c748087a3e21fbfa26d2ea08a6572ee4f |
04-Aug-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Unifies libip[6]t_CONNSECMARK into libxt_CONNSECMARK
akefile
ibip6t_CONNSECMARK.c
ibipt_CONNSECMARK.c
ibxt_CONNSECMARK.c
|
f36f4a8844132cbaacf3bbd5ec0254c17fcc97ae |
04-Aug-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Add IPv6 support to CONNMARK match
akefile
ibip6t_CONNMARK.c
ibipt_CONNMARK.c
ibxt_CONNMARK.c
|
170af8c566faa9605c1ead558792a031f1d0d48d |
04-Aug-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Tries to load libxt_*.so at first. If failed, it tries libip[6]t_*.so.
akefile
|
6053fe00dda962fbabe158291a88b1a92aadc215 |
31-Jul-2007 |
Jan Engelhardt <jengelh@medozas.de> |
Moves libip{,6}t_connlimit to libxt. Also fixes an option parsing bug (connlimit_parse() may receive a 'c' that is not from the connlimit options table). Signed-off-by: Jan Engelhardt <jengelh@gmx.de>
akefile
ibip6t_connlimit.c
ibipt_connlimit.c
ibxt_connlimit.c
|
661f112072bc13a1625c4eb5983695e122ea97da |
30-Jul-2007 |
Jan Engelhardt <jengelh@medozas.de> |
Make the option structures const. Signed-off-by: Jan Engelhardt <jengelh@gmx.de>
ibip6t_CONNMARK.c
ibip6t_CONNSECMARK.c
ibip6t_HL.c
ibip6t_LOG.c
ibip6t_MARK.c
ibip6t_NFLOG.c
ibip6t_REJECT.c
ibip6t_ah.c
ibip6t_condition.c
ibip6t_connmark.c
ibip6t_dst.c
ibip6t_frag.c
ibip6t_hashlimit.c
ibip6t_hbh.c
ibip6t_hl.c
ibip6t_icmp6.c
ibip6t_ipv6header.c
ibip6t_mh.c
ibip6t_owner.c
ibip6t_policy.c
ibip6t_rt.c
ibip6t_state.c
ibipt_CLASSIFY.c
ibipt_CLUSTERIP.c
ibipt_CONNMARK.c
ibipt_CONNSECMARK.c
ibipt_DNAT.c
ibipt_DSCP.c
ibipt_ECN.c
ibipt_LOG.c
ibipt_MARK.c
ibipt_MASQUERADE.c
ibipt_NETMAP.c
ibipt_NFLOG.c
ibipt_REDIRECT.c
ibipt_REJECT.c
ibipt_SAME.c
ibipt_SET.c
ibipt_SNAT.c
ibipt_TOS.c
ibipt_TTL.c
ibipt_ULOG.c
ibipt_addrtype.c
ibipt_ah.c
ibipt_condition.c
ibipt_connbytes.c
ibipt_connmark.c
ibipt_connrate.c
ibipt_conntrack.c
ibipt_dscp_helper.c
ibipt_ecn.c
ibipt_hashlimit.c
ibipt_helper.c
ibipt_icmp.c
ibipt_iprange.c
ibipt_owner.c
ibipt_policy.c
ibipt_realm.c
ibipt_recent.c
ibipt_set.c
ibipt_state.c
ibipt_statistic.c
ibipt_tos.c
ibipt_ttl.c
ibxt_NFQUEUE.c
ibxt_SECMARK.c
ibxt_TCPMSS.c
ibxt_comment.c
ibxt_dccp.c
ibxt_dscp.c
ibxt_esp.c
ibxt_length.c
ibxt_limit.c
ibxt_mac.c
ibxt_mark.c
ibxt_multiport.c
ibxt_physdev.c
ibxt_pkttype.c
ibxt_quota.c
ibxt_sctp.c
ibxt_string.c
ibxt_tcp.c
ibxt_tcpmss.c
ibxt_udp.c
|
d01454062d0265f118c1b721740997cb93ef8cdb |
30-Jul-2007 |
Jan Engelhardt <jengelh@medozas.de> |
Makes it possible to omit extra_opts of matches/targets if unnecessary. (Jan Engelhardt <jengelh@gmx.de>) A nice side effect is that merge_option() doesn't copy options in that case.
ibip6t_TRACE.c
ibip6t_eui64.c
ibipt_MIRROR.c
ibipt_TRACE.c
ibipt_unclean.c
ibxt_NOTRACK.c
ibxt_standard.c
|
6f1c597f2aef128e35a78717a998fed7567ade2c |
30-Jul-2007 |
Jan Engelhardt <jengelh@medozas.de> |
The option struct needs to be terminated, otherwise ip{,6}tables will access illegal memory in merge_options(). Signed-off-by: Jan Engelhardt <jengelh@gmx.de>
ibip6t_NFLOG.c
ibipt_NFLOG.c
|
18992db3bfdb3b695cae12b53434f560cbf8e2ae |
30-Jul-2007 |
Jan Engelhardt <jengelh@medozas.de> |
Remove the .next=NULL field. This is automatically initialized to zero. I've kept .print=NULL and .save=NULL so it stands out (since iptables will do the print/save then). Signed-off-by: Jan Engelhardt <jengelh@gmx.de>
ibip6t_TRACE.c
ibip6t_state.c
ibipt_CLASSIFY.c
ibipt_CLUSTERIP.c
ibipt_CONNSECMARK.c
ibipt_DNAT.c
ibipt_DSCP.c
ibipt_ECN.c
ibipt_MARK.c
ibipt_MIRROR.c
ibipt_NETMAP.c
ibipt_REDIRECT.c
ibipt_REJECT.c
ibipt_SAME.c
ibipt_SNAT.c
ibipt_TOS.c
ibipt_TRACE.c
ibipt_ULOG.c
ibipt_addrtype.c
ibipt_ah.c
ibipt_connbytes.c
ibipt_connrate.c
ibipt_conntrack.c
ibipt_helper.c
ibipt_icmp.c
ibipt_iprange.c
ibipt_owner.c
ibipt_recent.c
ibipt_state.c
ibipt_tos.c
ibipt_ttl.c
ibipt_unclean.c
ibxt_NFQUEUE.c
ibxt_SECMARK.c
ibxt_TCPMSS.c
ibxt_comment.c
ibxt_dscp.c
ibxt_esp.c
ibxt_length.c
ibxt_limit.c
ibxt_mac.c
ibxt_mark.c
ibxt_multiport.c
ibxt_physdev.c
ibxt_pkttype.c
ibxt_quota.c
ibxt_standard.c
ibxt_tcp.c
ibxt_tcpmss.c
ibxt_udp.c
|
e9db3a8674018a5ed55be46e4c0984cecbe3067d |
24-Jul-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Changes permissions of test scripts of dccp, string, and quota match
dccp-testx
quota-testx
string-testx
|
a2e89ccf65e8c881e77674cd2b15b9704b0c6822 |
24-Jul-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Unifies libip[6]t_NFQUEUE.c into libxt_NFQUEUE.c
akefile
ibip6t_NFQUEUE.c
ibipt_NFQUEUE.c
ibxt_NFQUEUE.c
|
fa00a73487f6400abc3c6b4dd306c6a269ff7cd1 |
24-Jul-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Unifies libip[6]t_SECMARK.c into libxt_SECMARK.c
akefile
ibip6t_SECMARK.c
ibipt_SECMARK.c
ibxt_SECMARK.c
|
45e4c6946426785d30733701d1ee8112e58538a4 |
24-Jul-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Unifies libip[6]t_TCPMSS.c into libxt_TCPMSS.c
akefile
ibip6t_TCPMSS.c
ibipt_TCPMSS.c
ibxt_TCPMSS.c
|
9ea637d5a7ebfb04e97db4cb114117474bbda9cf |
24-Jul-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Add IPv6 support to comment match
akefile
ibipt_comment.c
ibxt_comment.c
|
3c96c8e1947ae4621e39c1d380358da603d2e65c |
24-Jul-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Add IPv6 support to dccp match.
dccp-test
dccp-testx
ibipt_dccp.c
ibxt_dccp.c
|
18e060822be3ad17368dbe3d7289dd21efd341a5 |
24-Jul-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Add IPv6 support to dscp match.
akefile
ibipt_dscp.c
ibxt_dscp.c
|
0a04e8d695549788213f842cc99c724a564a88df |
24-Jul-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Unifies libip[6]t_esp.c into libxt_esp.c
esp-test6
akefile
ibip6t_esp.c
ibipt_esp.c
ibxt_esp.c
|
36087d952be182a6163fc508c2168b9c3b9209c2 |
24-Jul-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Unifies libip[6]t_length.c into libxt_length.c
akefile
ibip6t_length.c
ibipt_length.c
ibxt_length.c
|
4489c0d66d9a0e6033c9472fd54df155788010b7 |
24-Jul-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Unifies libip[6]t_limit.c into libxt_limit.c.
akefile
ibip6t_limit.c
ibipt_limit.c
ibxt_limit.c
|
ba2d891523121b651be54a4ce915bcee33d2ed38 |
24-Jul-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Unifies libip[6]t_mac.c into libxt_mac.c
akefile
ibip6t_mac.c
ibipt_mac.c
ibxt_mac.c
|
fec77fed67feb55aba4c33ae2367178c57ce83de |
24-Jul-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Unifies libip[6]t_physdev.c into libxt_physdev.c
akefile
ibip6t_physdev.c
ibipt_physdev.c
ibxt_physdev.c
|
5fd6ec87600ac3bd96c2500f6f4a1a9010d8d31e |
24-Jul-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Add IPv6 support to pkttype match
akefile
ibipt_pkttype.c
ibxt_pkttype.c
|
2bcb16047e048afd1457642fa7bc2aefc8d06d9d |
24-Jul-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Add IPv6 support to quota match
quota-test
quota-testx
ibipt_quota.c
ibxt_quota.c
|
19f29509c8a97219c578aeaf8be15cf005d46eb3 |
24-Jul-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Unifies libip[6]t_sctp.c into libxt_sctp.c
sctp-test6
akefile
ibip6t_sctp.c
ibipt_sctp.c
ibxt_sctp.c
|
e72f60e299e27cab2351be80e623e48815141f7a |
24-Jul-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Unifies libip[6]t_standard.c into libxt_standard.c
akefile
ibip6t_standard.c
ibipt_standard.c
ibxt_standard.c
|
95f186e2fcc553e1e8e211b2f297c70425af8299 |
24-Jul-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Unifies libip[6]t_tcp.c into libxt_tcp.c.
akefile
ibip6t_tcp.c
ibipt_tcp.c
ibxt_tcp.c
|
7999bd3ad9815f49c31d4ef9798adbbd87ba0094 |
24-Jul-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Add IPv6 support to tcpmss match
akefile
ibipt_tcpmss.c
ibxt_tcpmss.c
|
17908e4bd0bc8ddb7a85bda316864ad8e1e56a29 |
24-Jul-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Unifies libip[6]t_udp.c into libxt_udp.c
akefile
ibip6t_udp.c
ibipt_udp.c
ibxt_udp.c
|
de9d244eef00ad3633e8a1d303713390ab2e243c |
24-Jul-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Unifies libip[6]_mark.c into libxt_mark.c
akefile
ibip6t_mark.c
ibipt_mark.c
ibxt_mark.c
|
0af771d5c84ea9143cf947fb944a0e18189f0e63 |
24-Jul-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Use unified API in libipt_mark.c
ibipt_mark.c
|
4ccb6f547b6c2c355a188a267afe6358b013a438 |
24-Jul-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Add IPv6 support to string match
ibxt_string.c
|
ede46d6949cf1442196b70e3a9954ecec0e8ad27 |
24-Jul-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Moves libipt_string.c to libxt_string.c
string-test
string-testx
ibipt_string.c
ibxt_string.c
|
6ac58e399ccb3c2fbadc373266f454ce301547da |
24-Jul-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Use unified API in string match
ibipt_string.c
|
df2cf4fddfb6bddb9c6809c4aaab8de58dd2393d |
24-Jul-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Unifies libip[6]t_multiport.c into libipxt_multiport.c
akefile
ibip6t_multiport.c
ibxt_multiport.c
|
c7ae1dfb28382b3bbafeda1a7a87ffa77f2799ea |
24-Jul-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Moves libipt_multiport.c to libxt_multiport.c
akefile
ibipt_multiport.c
ibxt_multiport.c
|
f451b5794614edc80eb8c8b30bcb2b4a4d85b6b7 |
24-Jul-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Splits ipt_multport into family dependent parts and others
ibipt_multiport.c
|
eb6e65e1ccfb52457d461b72cf5abe4e9f7187c6 |
24-Jul-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Use unified API in multiport match
ibipt_multiport.c
|
5186164036d47b34c33d424d6b9487dcd63ca663 |
24-Jul-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Add IPv6 support to NOTRACK
ibxt_NOTRACK.c
|
5af93690347956ef1fc6124089ce7c19ee260ed2 |
24-Jul-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Renames libipt_NOTRACK.c to libxt_NOTRACK.c
akefile
ibipt_NOTRACK.c
ibxt_NOTRACK.c
|
857ff8b030f701838ce077a7fee68f5b007cd429 |
24-Jul-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Use unified API in NOTRACK target.
ibipt_NOTRACK.c
|
a3732db1280f790b8e26b41bdcbe8b5f92b7f51b |
24-Jul-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Moves all declarations in iptables_common.h to xtables.h.
ibipt_dscp_helper.c
|
68c79151aa8885961c70821456ad626cdc6afff3 |
24-Jul-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Installs libxt_*.so to DEST_IPT_LIBIDR and link libip[6]t_*.so to it.
akefile
|
dbda07bda2631a0271b3efb70d52d1707c06d418 |
24-Jul-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Introduces DEST_IPT_LIBDIR to simplify $(DESTDIR)$(LIBDIR)/iptables
akefile
|
ac8b2718daf8a79a59b181f6e62495f307ae86b9 |
24-Jul-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Fixes warning on compilation, part 2 This changes the type of arguments as follows in multiport, DNAT, SNAT, MASQUERADE, and REDIRECT - ip[6]t_ip[6] * -> void * - ip[6]t_entry * -> void * and adds lines to cast these pointer with intended type.
ibip6t_multiport.c
ibipt_DNAT.c
ibipt_MASQUERADE.c
ibipt_REDIRECT.c
ibipt_SNAT.c
ibipt_multiport.c
|
a620c61d441b931bc4a52ec07f1b906318ee4069 |
24-Jul-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Fixes warning on compilation of ip6tables matches/targets This changes the type of arguments as follows - ip6t_ip6 * -> void * - ip6t_entry * -> void *
ibip6t_CONNMARK.c
ibip6t_CONNSECMARK.c
ibip6t_HL.c
ibip6t_LOG.c
ibip6t_MARK.c
ibip6t_NFLOG.c
ibip6t_NFQUEUE.c
ibip6t_REJECT.c
ibip6t_SECMARK.c
ibip6t_TCPMSS.c
ibip6t_ah.c
ibip6t_condition.c
ibip6t_connmark.c
ibip6t_dst.c
ibip6t_esp.c
ibip6t_eui64.c
ibip6t_frag.c
ibip6t_hashlimit.c
ibip6t_hbh.c
ibip6t_hl.c
ibip6t_icmp6.c
ibip6t_ipv6header.c
ibip6t_length.c
ibip6t_limit.c
ibip6t_mac.c
ibip6t_mark.c
ibip6t_mh.c
ibip6t_owner.c
ibip6t_physdev.c
ibip6t_policy.c
ibip6t_rt.c
ibip6t_sctp.c
ibip6t_standard.c
ibip6t_state.c
ibip6t_tcp.c
ibip6t_udp.c
|
c0a9ab93f49a3d2508c95d0ca1a01c1089983731 |
24-Jul-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Fixes warning on compilation of iptables matches/targets This changes the type of arguments as follows - ipt_ip * -> void * - ipt_entry * -> void * This patch doesn't change multiport, DNAT, SNAT, MASQUERADE, REDIRECT because these need more changes (casting void * variable with intended type)
ibipt_CLASSIFY.c
ibipt_CLUSTERIP.c
ibipt_CONNMARK.c
ibipt_CONNSECMARK.c
ibipt_DSCP.c
ibipt_ECN.c
ibipt_LOG.c
ibipt_MARK.c
ibipt_MIRROR.c
ibipt_NETMAP.c
ibipt_NFLOG.c
ibipt_NFQUEUE.c
ibipt_NOTRACK.c
ibipt_REJECT.c
ibipt_SAME.c
ibipt_SECMARK.c
ibipt_SET.c
ibipt_TCPMSS.c
ibipt_TOS.c
ibipt_TTL.c
ibipt_ULOG.c
ibipt_addrtype.c
ibipt_ah.c
ibipt_comment.c
ibipt_condition.c
ibipt_connbytes.c
ibipt_connmark.c
ibipt_connrate.c
ibipt_conntrack.c
ibipt_dccp.c
ibipt_dscp.c
ibipt_ecn.c
ibipt_esp.c
ibipt_hashlimit.c
ibipt_helper.c
ibipt_icmp.c
ibipt_iprange.c
ibipt_length.c
ibipt_limit.c
ibipt_mac.c
ibipt_mark.c
ibipt_owner.c
ibipt_physdev.c
ibipt_pkttype.c
ibipt_policy.c
ibipt_quota.c
ibipt_realm.c
ibipt_recent.c
ibipt_sctp.c
ibipt_set.c
ibipt_standard.c
ibipt_state.c
ibipt_statistic.c
ibipt_string.c
ibipt_tcp.c
ibipt_tcpmss.c
ibipt_tos.c
ibipt_ttl.c
ibipt_udp.c
ibipt_unclean.c
|
b85256b07a2939d712a2547bc151653eae511909 |
24-Jul-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Replaces ip6t_entry_* with xt_entry_* in matches/targets
ibip6t_CONNMARK.c
ibip6t_CONNSECMARK.c
ibip6t_HL.c
ibip6t_LOG.c
ibip6t_MARK.c
ibip6t_NFQUEUE.c
ibip6t_REJECT.c
ibip6t_SECMARK.c
ibip6t_TCPMSS.c
ibip6t_ah.c
ibip6t_condition.c
ibip6t_connmark.c
ibip6t_dst.c
ibip6t_esp.c
ibip6t_eui64.c
ibip6t_frag.c
ibip6t_hbh.c
ibip6t_hl.c
ibip6t_icmp6.c
ibip6t_ipv6header.c
ibip6t_length.c
ibip6t_limit.c
ibip6t_mac.c
ibip6t_mark.c
ibip6t_mh.c
ibip6t_multiport.c
ibip6t_owner.c
ibip6t_physdev.c
ibip6t_policy.c
ibip6t_rt.c
ibip6t_standard.c
ibip6t_state.c
ibip6t_tcp.c
ibip6t_udp.c
|
193df8ee3507f0c02762c88a16916c4ea950bd99 |
24-Jul-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Replaces ipt_entry_* with xt_entry_* in matches/targets
ibipt_CLASSIFY.c
ibipt_CLUSTERIP.c
ibipt_CONNMARK.c
ibipt_CONNSECMARK.c
ibipt_DNAT.c
ibipt_DSCP.c
ibipt_ECN.c
ibipt_LOG.c
ibipt_MARK.c
ibipt_MASQUERADE.c
ibipt_MIRROR.c
ibipt_NETMAP.c
ibipt_NFQUEUE.c
ibipt_NOTRACK.c
ibipt_REDIRECT.c
ibipt_REJECT.c
ibipt_SAME.c
ibipt_SECMARK.c
ibipt_SET.c
ibipt_SNAT.c
ibipt_TCPMSS.c
ibipt_TOS.c
ibipt_TTL.c
ibipt_ULOG.c
ibipt_addrtype.c
ibipt_ah.c
ibipt_comment.c
ibipt_condition.c
ibipt_connbytes.c
ibipt_connmark.c
ibipt_connrate.c
ibipt_conntrack.c
ibipt_dccp.c
ibipt_dscp.c
ibipt_ecn.c
ibipt_esp.c
ibipt_hashlimit.c
ibipt_helper.c
ibipt_icmp.c
ibipt_iprange.c
ibipt_length.c
ibipt_limit.c
ibipt_mac.c
ibipt_mark.c
ibipt_multiport.c
ibipt_owner.c
ibipt_physdev.c
ibipt_pkttype.c
ibipt_policy.c
ibipt_quota.c
ibipt_realm.c
ibipt_recent.c
ibipt_sctp.c
ibipt_set.c
ibipt_standard.c
ibipt_state.c
ibipt_statistic.c
ibipt_string.c
ibipt_tcp.c
ibipt_tcpmss.c
ibipt_tos.c
ibipt_ttl.c
ibipt_udp.c
ibipt_unclean.c
|
a8a4f5ddfc32f21ade344dcec0fc2e3623634f55 |
16-Jul-2007 |
Patrick McHardyYasuyuki KOZAKAI <kaber@trash.netyasuyuki@netfilter.org> |
Adds missing explanations about FIN in mask part of '--syn' in libip[6]_tcp.c and libip6t_tcp.man.
ibip6t_tcp.c
ibip6t_tcp.man
ibipt_tcp.c
|
a70d29f15c809d02cb271eddba1f217d78853372 |
16-Jul-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Adds missing FIN to mask part generated by '--syn' of libip6t_tcp
ibip6t_tcp.c
ibip6t_tcp.man
|
ef329f23c00ad848c1be9c2d6f90cc23c8919e6d |
13-Jul-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Fixes compile error of connlimit where NO_SHARED_LIBS=1 is specified
ibip6t_connlimit.c
ibipt_connlimit.c
|
21df4af43dcc9f635baa2aff3ace53768d9704bc |
09-Jul-2007 |
Jan Engelhardt <jengelh@medozas.de> |
PATCH: Add connlimit to iptables. Signed-off-by: Jan Engelhardt <jengelh@gmx.de>
akefile
ibip6t_connlimit.c
ibip6t_connlimit.man
ibipt_connlimit.c
ibipt_connlimit.man
|
0c6bf10fbdbea24ec224a87118ff422279311887 |
03-Jul-2007 |
Nicolas Bouliane <nicboul@gmail.com> |
libipt_statistic: add a few missing validity checks Signed-off-by: Nicolas Bouliane
ibipt_statistic.c
|
fde395370ead306b770a3d4685e4bc1d6972266d |
28-Jun-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Removes some KERNEL_64_USERSPACE_32 because linux 2.6 has compat layer
ibip6t_MARK.c
ibip6t_mark.c
ibipt_MARK.c
ibipt_ULOG.c
ibipt_conntrack.c
ibipt_mark.c
|
06e88ddd97aaacf50a8ca2418e9c6c5d95b99865 |
25-Jun-2007 |
Patrick McHardy <kaber@trash.net> |
Add Jozsef's TRACE target. Changed to be built unconditionally by myself since it doesn't need any headerfiles anyways.
akefile
ibip6t_TRACE.c
ibip6t_TRACE.man
ibipt_TRACE.c
ibipt_TRACE.man
|
f4cb71c763b45584a9225c3fa1f4aa97fd4cb07a |
24-Jun-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Fixes build error of conntrack match because of missing ip_conntrack_tuple.h in linux 2.6.22. It is not needed because nf_conntrack headers can be used instead.
ibipt_conntrack.c
|
1d9872d7d6f2199130bb67fe8988baade53d25c1 |
03-Jun-2007 |
Jan Engelhardt <jengelh@medozas.de> |
libipt_hashlimit doc update Add srcip,srcport to hashlimit manpage. Signed-off-by: Jan Engelhardt <jengelh@gmx.de>
ibipt_hashlimit.man
|
ef399a3033aa860ea1653b9c4306c0e78777e981 |
29-May-2007 |
Patrick McHardy <kaber@trash.net> |
Add --random option to DNAT and REDIRECT targets and fix the manpage mess this option left behind.
ibipt_DNAT.c
ibipt_DNAT.man
ibipt_MASQUERADE.man
ibipt_REDIRECT.c
ibipt_REDIRECT.man
ibipt_SNAT.c
ibipt_SNAT.man
|
b8c0b78b357b927ff13a8f73a3a52711a08a3470 |
02-May-2007 |
Phil Oester <kernel@linuxace.com> |
update quota manpage for SMP (Phil Oester) The quota match works fine on SMP, so update the manpage to reflect this. Closes bugzilla #564.
ibipt_quota.man
|
9c67defe98f04f72f19dfd09c8030e1de4b8bf0f |
18-Apr-2007 |
Patrick McHardy <kaber@trash.net> |
Fix iptables-save with --random option
ibipt_MASQUERADE.c
ibipt_SAME.c
ibipt_SNAT.c
|
e656e265bc67a55f6e51aa07118f96c058a97798 |
18-Apr-2007 |
Patrick McHardy <kaber@trash.net> |
Remove unnecessary IP_NAT_RANGE_PROTO_RANDOM ifdefs.
ibipt_MASQUERADE.c
ibipt_SAME.c
ibipt_SNAT.c
|
40d54756cd8a2705e22b36f7aef03bb2c472a10b |
18-Apr-2007 |
Patrick McHardy <kaber@trash.net> |
Use nf_conntrack headers instead of ip_conntrack ones and add sanitized versions.
ibip6t_state.c
ibipt_DNAT.c
ibipt_MASQUERADE.c
ibipt_NETMAP.c
ibipt_REDIRECT.c
ibipt_SAME.c
ibipt_SNAT.c
ibipt_connbytes.c
ibipt_connrate.c
ibipt_conntrack.c
ibipt_state.c
|
10a234a5e381106825986283bf12ccb0bfed3730 |
18-Apr-2007 |
Patrick McHardy <kaber@trash.net> |
Remove unnecessary ip_conntrack/ip_nat includes
ibipt_SET.c
ibipt_set.c
|
191e3ffccbea68fa927720a8ef8f8b0a437c1f41 |
06-Mar-2007 |
Patrick McHardy <kaber@trash.net> |
Fix cut and paste error breaking use of groups != 0
ibip6t_NFLOG.c
ibipt_NFLOG.c
|
ae4b0b3aa70c67f2eff303a3e75834e45c3794a7 |
24-Feb-2007 |
Eric Leblond <eric@inl.fr> |
iptables: add random option to SNAT (Eric Leblond)
ibipt_MASQUERADE.c
ibipt_MASQUERADE.man
ibipt_SAME.c
ibipt_SAME.man
ibipt_SNAT.c
ibipt_SNAT.man
|
ee9e2205dfd53ffc35495dd60b43c59b77aa3839 |
19-Feb-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Reverted r6754. libipt_icmp has the option 'any', so it's unnecessary to check no option of ICMP type.
ibipt_icmp.c
|
d9e7e659fda0918894302bd4a87fc2bab7a458fb |
13-Feb-2007 |
Patrick McHardy <kaber@trash.net> |
Remove and readd with executable bit set. SVN doesn't seem to have a proper way of doing this.
mh-test6
|
6f9c09e818ab7bdf83b73185a7928ac56fdcff95 |
13-Feb-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Fixes man page for tcp, udp, icmp{,6}. They are not loaded when only '-p' is specified, but loaded when extra options are specified, too.
ibip6t_icmp6.man
ibip6t_tcp.man
ibip6t_udp.man
ibipt_icmp.man
ibipt_tcp.man
ibipt_udp.man
|
bee2bf9daf5c474a2e973f16a36f788882b29e7b |
13-Feb-2007 |
Patrick McHardy <kaber@trash.net> |
Forgot to add TCPMSS target to PF6_EXT_SLIB
akefile
|
3122ce9ada8a8acbf3b1035c02618559b21d7ccd |
13-Feb-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Error if no ICMP type is specified even though user intended to use icmp match.
ibipt_icmp.c
|
00d46e1c830e88f857d5fedbc9c19afe984d7a50 |
09-Feb-2007 |
Masahide NAKAMURA <nakam@linux-ipv6.org> |
Add ip6tables mh extension (Masahide NAKAMURA <nakam@linux-ipv6.org>) Kernel part will go in 2.6.21
mh-test6
ibip6t_mh.c
ibip6t_mh.man
|
4fc6669d9930c8c42ea246000fe93826ade9c1f0 |
26-Jan-2007 |
Patrick McHardy <kaber@trash.net> |
Bugzilla #535 In the tcpmss section of the iptables manpage, there is an extraneous trailing quote for the --mss option.
ibipt_tcpmss.man
|
c8c2ce30a21a582bd86b4b7fa75bfaae8d027686 |
26-Jan-2007 |
Patrick McHardy <kaber@trash.net> |
Bugzilla #534: Please remove --mss from libipt_tcp.man. The tcp match doesn't handle that option, while the tcpmss match does.
ibipt_tcp.man
|
e4076172c33810472d9d658554588b6e379a4fbe |
16-Jan-2007 |
Arnaud Ebalard <arno@natisbad.org> |
Add ip6tables TCPMSS extension (Arnaud Ebalard <arno@natisbad.org>) Kernel part will go in 2.6.21.
ibip6t_TCPMSS.c
ibip6t_TCPMSS.man
|
9561606bd938ed4b2614716a08a2856d4ef5e995 |
11-Jan-2007 |
Patrick McHardy <kaber@trash.net> |
Add UDPLITE multiport support
ibipt_multiport.c
|
8a0b6ead35931422fbe02c63d9262ad9e40daacc |
11-Jan-2007 |
Patrick McHardy <kaber@trash.net> |
Fix missing space in ruleset listing
ibipt_string.c
|
b1f568309a09e61f892dee3c23279cecff0b0ff4 |
10-Jan-2007 |
Patrick McHardy <kaber@trash.net> |
Remove extensions for unmaintained/obsolete patchlets
BALANCE-test
FTOS-test
IPMARK-test
NETLINK-test
TCPLAG-test
XOR-test
account-test
childlevel-test
connrate-test
dstlimit-test
fuzzy-test
fuzzy-test6
mport-test
nth-test
nth-test6
osf-test
psd-test
random-test
random-test6
record-rpc-test
time-test
akefile
ibip6t_TRACE.c
ibip6t_TRACE.man
ibip6t_fuzzy.c
ibip6t_fuzzy.man
ibip6t_nth.c
ibip6t_nth.man
ibip6t_random.c
ibip6t_random.man
ibipt_BALANCE.c
ibipt_BALANCE.man
ibipt_FTOS.c
ibipt_IPMARK.c
ibipt_IPMARK.man
ibipt_NETLINK.c
ibipt_TCPLAG.c
ibipt_TRACE.c
ibipt_TRACE.man
ibipt_XOR.c
ibipt_XOR.man
ibipt_account.c
ibipt_account.man
ibipt_childlevel.c
ibipt_childlevel.man
ibipt_connlimit.c
ibipt_connlimit.man
ibipt_dstlimit.c
ibipt_dstlimit.man
ibipt_fuzzy.c
ibipt_fuzzy.man
ibipt_mport.c
ibipt_mport.man
ibipt_nth.c
ibipt_nth.man
ibipt_osf.c
ibipt_osf.man
ibipt_psd.c
ibipt_psd.man
ibipt_random.c
ibipt_random.man
ibipt_record_rpc.c
ibipt_rpc.c
ibipt_time.c
ibipt_time.man
|
a565d4e81c6c4298e783bf0ae11ce4540d595f47 |
07-Jan-2007 |
thomas <thomas@aktaia.intevation.org> |
fix typo in manpage (thomas@aktaia.intevation.org)
ibip6t_eui64.man
|
29f91845300a585b5253b2e1ed3a29f064f31787 |
12-Dec-2006 |
Patrick McHardy <kaber@trash.net> |
Move extensions for pom patches to individual patchlets.
IPV4OPTSSTRIP-test
ROUTE-test
ROUTE-test6
ipv4options-test
u32-test
akefile
ibip6t_ROUTE.c
ibip6t_ROUTE.man
ibipt_IPV4OPTSSTRIP.c
ibipt_IPV4OPTSSTRIP.man
ibipt_ROUTE.c
ibipt_ROUTE.man
ibipt_TARPIT.c
ibipt_TARPIT.man
ibipt_ipv4options.c
ibipt_ipv4options.man
ibipt_u32.c
ibipt_u32.man
|
e342bf7586261158ab1c06e9e8855de1551a61b9 |
03-Dec-2006 |
Patrick McHardy <kaber@trash.net> |
Add target extensions for new NFLOG target
NFLOG-test
NFLOG-test6
ibip6t_NFLOG.c
ibipt_NFLOG.c
|
267a57007e69d8f316dea80f79ce2560459e0c30 |
29-Nov-2006 |
Pablo Neira Ayuso <pablo@netfilter.org> |
Fix /etc/network usage (Pablo Neira) http://bugs.debian.org/398082 iptables 1.3.5 and 1.3.6 appear to read /etc/networks, but the information is lost somewhere with 1.3.6. # cat /etc/networks foonet 10.0.0.0 # strace -s 255 -o /tmp/foo iptables -v -A INPUT -s foonet/8 -j ACCEPT #1.3.5 [1] ACCEPT all opt -- in * out * 10.0.0.0/8 -> 0.0.0.0/0 # strace -s 255 -o /tmp/bar iptables -v -A INPUT -s foonet/8 -j ACCEPT #1.3.6 [2] iptables v1.3.6: host/network `foonet.0.0.0' not found Try `iptables -h' or 'iptables --help' for more information. 1. http://people.debian.org/~ljlane/stuff/strace-iptables-1.3.5.txt 2. http://people.debian.org/~ljlane/stuff/strace-iptables-1.3.6.txt
ibipt_NETMAP.c
|
00524b27b5e442d27414cf48e0d6e6372b6113ae |
13-Nov-2006 |
Patrick McHardy <kaber@trash.net> |
Add ip6tables support for hashlimit match
hashlimit-test6
ibip6t_hashlimit.c
|
3810013331414e53a0bde3a791b2ce3648c892d0 |
13-Nov-2006 |
Patrick McHardy <kaber@trash.net> |
Add ip6tables support for sctp match
sctp-test6
ibip6t_sctp.c
|
0665217784822434b1732cdc773d5daa12836438 |
20-Oct-2006 |
Rémi Denis-Courmont <rdenis@simphalempin.com> |
- Add revision support to ip6tables. - Add support port range match to libip6t_multiport (R?mi Denis-Courmont <rdenis@simphalempin.com>)
ibip6t_multiport.c
|
ed26b7b0cedcdb9621ae7d4e225048614f52dc0f |
10-Oct-2006 |
Mike Frysinger <vapier@gentoo.org> |
iptables segfaults when given "" to --log-prefix (Mike Frysinger <vapier@gentoo.org>) Bugzilla #516
ibip6t_LOG.c
ibipt_LOG.c
ibipt_ULOG.c
|
48b46a615b48ef224985070cf4c3966f793c4cf3 |
06-Oct-2006 |
Joszef Kadlecsik <kadlec@blackhole.kfki.hu> |
Use correct types at error reporting (patch sent by H. Nakano)
ibipt_set.h
|
ca9d8c221f0e10cc8dd0c79e922a1dc73ae0ca5f |
02-Sep-2006 |
Simon Lodal <simon@parknet.dk> |
Named realm (Simon Lodal <simon@parknet.dk>) Optionally read realm values from /etc/iproute2/rt_realms
ibipt_realm.c
ibipt_realm.man
|
10e0fbb32828543f5f18751e116d7d9cbff9f7de |
31-Aug-2006 |
Patrick McHardy <kaber@trash.net> |
Add statistic match extension
statistic-test
ibipt_statistic.c
|
09c8e300ca4717f2f8ecd940808ef66513b0c7dd |
29-Aug-2006 |
Eric Leblond <eric@inl.fr> |
iptables: fix ipt_MARK documentation (Eric Leblond) This patch documents --or-mask and --and-mask options of the MARK target. Description is directly taken from the source code.
ibipt_MARK.man
|
ae35309923339354b48adac4fa703bd3f5e6dd2b |
08-Aug-2006 |
Phil Oester <kernel@linuxace.com> |
update quota match for xtables + fix -D bug (Phil Oester <kernel@linuxace.com>)
quota-test
ibipt_quota.c
|
c1eae41e1957db56aaf7afcafa2f097042fa4217 |
25-Jul-2006 |
Patrick McHardyJesper Brouer <kaber@trash.nethawk@diku.dk> |
Revert "proto_to_name duplication" patch, as noticed by Yasuyuki it can cause invalid arguments to get accepted.
ibipt_multiport.c
|
a6c1d926f6c3c00e0c1875d80b9579c95bde2cfa |
22-Jul-2006 |
Phil Oester <kernel@linuxace.com> |
proto_to_name duplication (Phil Oester <kernel@linuxace.com>) Update multiport match to use the iptables version of proto_to_name instead of reinventing the wheel.
ibipt_multiport.c
|
dbac8ad71c3c418fd8a62c08211885a38177b725 |
20-Jul-2006 |
Phil Oester <kernel@linuxace.com> |
reduce parse_*_port duplication (Phil Oester <kernel@linuxace.com>) The below patch (dependent upon my 'reduce service_to_port duplication' patch) centralizes the parse_*_port functions into parse_port.
ibip6t_multiport.c
ibip6t_tcp.c
ibip6t_udp.c
ibipt_dccp.c
ibipt_mport.c
ibipt_multiport.c
ibipt_sctp.c
ibipt_tcp.c
ibipt_udp.c
|
58179b1d0d1722ea16028aa2ea9d74afc86dd5dc |
20-Jul-2006 |
Phil Oester <kernel@linuxace.com> |
reduce service_to_port duplication (Phil Oester <kernel@linuxace.com>) The service_to_port function is used in a number of places, and could benefit from some centralization instead of being duplicated everywhere.
ibip6t_multiport.c
ibip6t_tcp.c
ibip6t_udp.c
ibipt_dccp.c
ibipt_mport.c
ibipt_multiport.c
ibipt_sctp.c
ibipt_tcp.c
ibipt_udp.c
|
8a173efc9af7cdc96b37867bdb3f4112be5dcbf9 |
05-Jul-2006 |
Pierre-Yves Ritschard <pierre-yves@spootnik.org> |
please kill santa-claus (Pierre-Yves Ritschard <pierre-yves@spootnik.org>) Remove "hoho" message :)
ibipt_iprange.c
|
b1cda88e9440764d8c2bdce72ec9dcffdf68de07 |
04-Jul-2006 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
- force user to specify --icmpv6-type if icmpv6 match is required to load - Don't allow multiple --icmp-type/icmpv6-type (Closes: #461)
ibip6t_icmp6.c
ibipt_icmp.c
|
b46d0b2d289175b4c37a53531220c3c853117704 |
03-Jul-2006 |
Phil Oester <kernel@linuxace.com> |
ip6tables multiport does not support x:y (Phil Oester <kernel@linuxace.com>) Update the manpage for ip6tables multiport match to reflect reality -- it does not (yet) support x:y syntax. I looked at adding it, but adding revision support to ip6tables seems a waste at this point, since once xtables support is added to iptables, this problem will resolve itself. Closes bug #451.
ibip6t_multiport.man
|
1da8351b114bf50de56d419645f29bad32d80354 |
03-Jul-2006 |
Phil Oester <kernel@linuxace.com> |
iptables trivial compile warning cleanup (Phil Oester <kernel@linuxace.com>) Cleanup a few compile warnings in latest snapshot: extensions/libipt_dscp_helper.c:69: warning: 'dscp_to_name' defined but not used extensions/libipt_sctp.c: In function 'print_chunks': extensions/libipt_sctp.c:465: warning: value computed is not used extensions/libipt_sctp.c:477: warning: value computed is not used Resolves bug #457.
ibipt_dscp_helper.c
ibipt_sctp.c
|
45ce294b43b8eb49948da7ec1defea4300bc61cc |
23-Jun-2006 |
Joszef Kadlecsik <kadlec@blackhole.kfki.hu> |
size_t changed to socklen_t in getsockopt call
ibipt_set.h
|
a05720b27920f3ba7dad8870a0acc776a6c55e47 |
23-Jun-2006 |
Joszef Kadlecsik <kadlec@blackhole.kfki.hu> |
set match negation bug fixed
ibipt_set.c
ibipt_set.h
|
3836fcc4c26ba831c38df7aa056863e8f24614a0 |
20-Jun-2006 |
Phil Oester <kernel@linuxace.com> |
REDIRECT does not accept IP (Phil Oester <kernel@linuxace.com>) As pointed out by Nicolas Mailhot in bugzilla #483, REDIRECT does not accept an IP address and when supplied with one, provides unexpected results. Patch below fixes this.
ibipt_REDIRECT.c
|
75efcae9764d2117be192a93b25e8810009aabec |
30-May-2006 |
Phil Oester <kernel@linuxace.com> |
trivial connlimit manpage fix (Phil Oester <kernel@linuxace.com>)
ibipt_connlimit.man
|
a895b9cfd9b5c20111cb442f9b7b14c774d1d544 |
24-May-2006 |
Simon Lodal <simonl@parknet.dk> |
Use lowercase letters for match name (Simon Lodal <simonl@parknet.dk>)
ibipt_realm.c
|
8185801d0dd58e6df1801b2d4832c55522274366 |
24-May-2006 |
Evan Miller <evanm@frap.net> |
Add information about :<port> syntax (Evan Miller <evanm@frap.net>)
ibipt_DNAT.man
|
630da419883a848807c044d6f718b95213cea6f3 |
24-May-2006 |
James Morris <jmorris@namei.org> |
secmark: Add libip6t_CONNSECMARK This patch adds the shared library module for the CONNSECMARK target (IPv6). Signed-off-by: James Morris <jmorris@namei.org>
akefile
ibip6t_CONNSECMARK.c
ibip6t_CONNSECMARK.man
|
ff968303f0e3daec2afd6d10648d5117da496e62 |
24-May-2006 |
Patrick McHardy <kaber@trash.net> |
D'oh .. I'm not too smart, forgot to add the new files in the previous patches :)
ibip6t_SECMARK.c
ibip6t_SECMARK.man
ibipt_CONNSECMARK.c
ibipt_CONNSECMARK.man
ibipt_SECMARK.c
ibipt_SECMARK.man
|
517ac155b5ed80b0aec1ec9db0b670d55d61a0ab |
24-May-2006 |
James Morris <jmorris@namei.org> |
secmark: Add libipt_CONNSECMARK This patch adds the shared library module for the CONNSECMARK target (IPv4). Signed-off-by: James Morris <jmorris@namei.org>
akefile
|
d718220596c970eba76b1e7f4bb82b051e27ef35 |
24-May-2006 |
James Morris <jmorris@namei.org> |
secmark: Add libip6t_SECMARK This patch adds the shared library module for the SECMARK target (IPv6). Signed-off-by: James Morris <jmorris@namei.org>
akefile
|
843b9590f58a7726a06ffb3b9965f34040c292f8 |
24-May-2006 |
James Morris <jmorris@namei.org> |
secmark: Add libipt_SECMARK This patch adds the shared library module for the SECMARK target (IPv4). Signed-off-by: James Morris <jmorris@namei.org>
akefile
|
c81a3f32cc0877784fb287beb5e862c74e5435eb |
24-May-2006 |
James Morris <jmorris@namei.org> |
secmark: Add libselinux support This patch adds the infrastructure for linking iptables against libselinux, for use with the SECMARK target. This is enabled by setting DO_SELINUX=1 in the build environment. Signed-off-by: James Morris <jmorris@namei.org>
akefile
|
2452bafd9810e8560717f10af8e26f8a3ac4f4cf |
28-Apr-2006 |
Patrick McHardy <kaber@trash.net> |
Add DCCP/SCTP support to multiport. Patch for kernel will go in 2.6.18.
ibip6t_multiport.c
ibipt_multiport.c
|
2c627cf60cfb1a4e67aea1b2333f2a11e23fecd8 |
15-Apr-2006 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
[IPTABLES,IP6TABLES]: check invalid esp spi range
ibip6t_esp.c
ibipt_esp.c
|
1f312c2e3ee57eadde7c8bfc12d838aa0f60e99e |
15-Apr-2006 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
fix loading shared library of ICMPv6 match. The current ip6tables tries to load libip6t_icmp6.so when user types 'ip6tables -p icmpv6 ...' or 'ip6tables ... -m icmpv6' ...', and it fails. This patch renames libip6t_icmpv6.c to libip6t_icmp6.c so that ip6tables can load it. Now kernel module and user library has same name 'icmp6'. It can reduce confusion about name mismatch. That's why I renamed it instead of reverting change in find_match() which brought this bug. This patch keeps compatibiity and we can use '-p icmpv6', '-p ipv6-icmpv6', '-m icmpv6', '-m ipv6-icmpv6', and '-m icmp6', as ever.
akefile
ibip6t_icmp6.c
ibip6t_icmp6.man
ibip6t_icmpv6.c
ibip6t_icmpv6.man
|
708e0580573acd24065ad052c096c5020c16dee2 |
12-Apr-2006 |
Harald Welte <laforge@gnumonks.org> |
[IPTABLES,IP6TABLES]: fix the path to detect esp/connbytes support in kernel The recent kernels don't have ipt_connbytes.c and ip6t_esp.c.
connbytes-test
esp-test6
|
a52b8fe72b86f954f62eed5d1f6e27c83544a4b6 |
31-Mar-2006 |
Daniel De Graaf <danieldegraaf@gmail.com> |
Correct iptables-save output of osf module (Daniel De Graaf)
ibipt_osf.c
|
d3476b294f6a0570b0ec3322f580d6446c6f20fe |
01-Feb-2006 |
Harald Welte <laforge@gnumonks.org> |
make policy match compile independant of kernel headers
ibip6t_policy.c
ibipt_policy.c
|
54c603a6100e8721efb8de9ea4f596a69970ce02 |
01-Feb-2006 |
Harald Welte <laforge@gnumonks.org> |
Some !%$!*##$@ has modified the kernel include/linux/netfilter_ipv4/ipt_sctp.h file in a way that breaks userspace :(
ibipt_sctp.c
|
38315b13504714f48e90363b62de2def0b05e9b8 |
01-Feb-2006 |
Harald Welte <laforge@gnumonks.org> |
remove other bits of old ip pool code, people should use ipset (ipset.netfilter.org) these days
pool-test
ibipt_POOL.c
ibipt_pool.c
|
02e88f2ae4eac6088e3f802909b77ec4b8317acd |
31-Jan-2006 |
Patrick McHardy <kaber@trash.net> |
Prepare policy match for x_tables unification by making sure both ipt_policy and ip6t_policy use the same data structure.
policy-test
policy-test6
akefile
ibip6t_policy.c
ibipt_policy.c
|
0829a2b72caa06c07e6eb710a81a04295c9f2621 |
30-Jan-2006 |
Michael Rash <mbr@cipherdyne.org> |
fix 'save' (Michael Rash)
ibipt_string.c
|
28e5b79eee634792b81bae754a321543cb29539e |
30-Jan-2006 |
Yasuyuki KOZAKAI <yasuyuki.kozakai@toshiba.co.jp> |
major manpage update (Yasuyuki Kozakai)
ibip6t_HL.man
ibip6t_REJECT.man
ibip6t_ah.man
ibip6t_condition.man
ibip6t_dst.man
ibip6t_esp.man
ibip6t_eui64.man
ibip6t_frag.man
ibip6t_fuzzy.man
ibip6t_hbh.man
ibip6t_hl.man
ibip6t_icmpv6.man
ibip6t_ipv6header.man
ibip6t_length.man
ibip6t_mark.man
ibip6t_multiport.man
ibip6t_owner.man
ibip6t_physdev.man
ibip6t_rt.man
ibipt_ah.man
ibipt_condition.man
ibipt_esp.man
ibipt_fuzzy.man
ibipt_length.man
ibipt_mark.man
ibipt_physdev.man
|
469d18f66896ef509cac5a2ade494ea38e0c86e2 |
26-Jan-2006 |
Harald Welte <laforge@gnumonks.org> |
Add 'copy+paste' support for 'state' and 'connmark' match, as well as 'CONNMARK' target for ip6tables / nf_conntrack_l3proto_ipv6. This is a temporary solution for the iptables-1.3.x branch, since the 1.4.x branch will have proper support.
akefile
ibip6t_CONNMARK.c
ibip6t_connmark.c
ibip6t_state.c
|
4b1be69742ef28af2722dec16d3fdf0b38685006 |
26-Jan-2006 |
Harald Welte <laforge@gnumonks.org> |
add note about deprecated state
ibipt_dstlimit.man
|
599d2a101c05dce55e5c2060a18a978c391125b2 |
22-Jan-2006 |
Harald Welte <laforge@gnumonks.org> |
fix spelling 'adress' -> 'address' (Closes: #431) (MJ Anthony)
ibipt_DNAT.man
ibipt_SNAT.man
|
3f347569c972830e5d619b1fe2a61e888c67ca03 |
22-Jan-2006 |
Noticed by Tom Eastep <teastep@shorewall.net> |
Fix "empty policy element" complaining in non-strict mode. Noticed by Tom Eastep <teastep@shorewall.net>.
ibip6t_policy.c
ibipt_policy.c
|
37b7c9b6c4f33fc3d5908d1f2b742e2f023e0e0b |
12-Jan-2006 |
Patrick McHardy <kaber@trash.net> |
Clarify --tunnel-src/--tunnel-dst options
ibip6t_policy.man
ibipt_policy.man
|
a46d88df3c786a33e83164a3aa88c215eaf7402c |
12-Jan-2006 |
Patrick McHardy <kaber@trash.net> |
Move empty policy element check to also catch last element
ibip6t_policy.c
ibipt_policy.c
|
1d0f57c14ad5923d8ffcecc7f372fcc15b3945fa |
12-Jan-2006 |
Patrick McHardy <kaber@trash.net> |
Don't allow using --next option without specifying a policy element
ibip6t_policy.c
ibipt_policy.c
|
cddae3dc37a6b6a5d523876a970ec0391c613ee3 |
09-Jan-2006 |
Patrick McHardy <kaber@trash.net> |
Fix invalid assignment of tunnel-src to dest address (Patrick McHardy)
ibip6t_policy.c
|
014a48fb2ddc0552547a47530ac5c89bacdf9aa1 |
03-Jan-2006 |
Pablo Neira <pablo@eurodev.net> |
Add documentation for string match (Pablo Neira)
ibipt_string.man
|
402c3116e5b6facda53b3299ad32d03ec8460512 |
05-Dec-2005 |
Harald Welte <laforge@gnumonks.org> |
fix iptables-save of 'goto' target (Closes: #410)
ibipt_connbytes.c
|
dbbcf273e98f9efff9e644cf98207a3eac6fc63a |
05-Dec-2005 |
Patrick McHardy <kaber@trash.net> |
Add note that TCPMSS is only valid in the mangle table (not true today, but maybe someday)
ibipt_TCPMSS.man
|
11b8591d596913c492833f4a1809c5c735e3d5e0 |
22-Nov-2005 |
Harald Welte <laforge@gnumonks.org> |
tcp-rst is the alias, not tcp-reset (Torsten Hilbrich)
ibipt_REJECT.c
|
524bb803727baaad532915394ada06ec3eb8a11e |
19-Nov-2005 |
Patrick McHardy <kaber@trash.net> |
Add policy match extensions from patch-o-matic
policy-test
policy-test6
ibip6t_policy.c
ibip6t_policy.man
ibipt_policy.c
ibipt_policy.man
|
2739cb813c93a25b036429e48e6bdae98d5c25ad |
18-Nov-2005 |
Patrick McHardy <kaber@trash.net> |
Fix some gcc-4 warnings
ibipt_CLASSIFY.c
ibipt_CLUSTERIP.c
ibipt_string.c
ibipt_tos.c
|
6656e1378f432ab8690e7d22128793a1ddc5166b |
18-Nov-2005 |
Patrick McHardy <kaber@trash.net> |
Don't eat numeric arguments for other extensions
ibipt_ttl.c
|
5a4892b7566fd572a195b12b3a449d0c03125a54 |
17-Nov-2005 |
Phil Oester <kernel@linuxace.com> |
The conntrack match does not print any info for --ctproto, thus breaking iptables-restore of any rules using this option. Below patch adds output and closes bug #398. (Phil Oester)
ibipt_conntrack.c
|
361bac2f2c25ecabef125c6a8bb8dfc194bf73f1 |
03-Nov-2005 |
Deti Fliegl <deti@fliegl.de> |
fix connmark, it's now only 32bits (Deti Fliegl <deti@fliegl.de) We'ver screwed this up with the 2.6.14 release. It refuses any mask that extends 32bits. We should have fixed this by adding a new target/match revision, but now it's too late anyway :(
ibipt_CONNMARK.c
ibipt_connmark.c
|
55548fd74331be4507174bd3dfb65640c8eb909d |
19-Sep-2005 |
Tom Eastep <teastep@shorewall.net> |
The conntrack match extension doesn't handle address inversion correctly. (Tom Eastep)
ibipt_conntrack.c
|
8cf65913bb6353bf0e92eab0669d1c4c53b43623 |
19-Sep-2005 |
Phil Oester <kernel@linuxace.com> |
Kernels higher than 2.6.10 don't support multiple --to arguments in DNAT and SNAT targets. At present, the error is somewhat vague: # iptables -t nat -A foo -j SNAT --to 1.2.3.4 --to 2.3.4.5 iptables: Invalid argument But if we want current iptables to work with kernels <= 2.6.10, we cannot simply disallow this in all cases. So the below patch adds kernel version checking to iptables, and utilizes it in [DS]NAT. Now, users will see a more informative error: # iptables -t nat -A foo -j SNAT --to 1.2.3.4 --to 2.3.4.5 iptables v1.3.3: Multiple --to-source not supported This generic infrastructure (shamelessly lifted from procps btw) may come in handy in the future for other changes. This fixes bugzilla #367. (Phil Oester)
ibipt_DNAT.c
ibipt_SNAT.c
|
3643aca580531eb795832feb8a83cca57f57dc0e |
19-Sep-2005 |
KOVACS Krisztian <hidden@balabit.hu> |
* specifying random seed for the Jenkins hash works as documented * iptables-save seems to work now Signed-off-by: KOVACS Krisztian <hidden@balabit.hu> Signed-off-by: Harald Welte <laforge@netfilter.org>
ibipt_CLUSTERIP.c
|
ae65b529140b07daae87ecffe267ea2fbb395c0c |
11-Sep-2005 |
Martin Josefsson <gandalf@wlug.westbo.se> |
Make libipt_connbytes.c compile with the ipt_connbytes version that has been merged into the 2.6 kernel
ibipt_connbytes.c
|
a4749bc725a7468af796bc773b3de0b0c29650f2 |
29-Aug-2005 |
Harald Welte <laforge@gnumonks.org> |
Update manpage to reflect missing ability to SNAT to multiple ranges in 2.6.11-rc1 and later
ibipt_SNAT.man
|
d2baafe40a9cc2cd4af508d38a47502c24c13b96 |
29-Aug-2005 |
Harald Welte <laforge@gnumonks.org> |
Update manpage to reflect missing NAT to multiple ranges support in 2.6.11-rc1 and later.
ibipt_DNAT.man
|
c6fbf41cdd15705559269d992da9938cbb1a1f4e |
28-Aug-2005 |
Pablo Neira <pablo@netfilter.org> |
update string match to reflect new kernel implementation (Pablo Neira)
ibipt_string.c
|
e40b11d7ef827c0e8519bcdc34619e7bcc92710f |
06-Aug-2005 |
Harald Welte <laforge@gnumonks.org> |
add support for new 'dccp' protocol match
dccp-test
ibipt_dccp.c
ibipt_dccp.man
|
ae87b8a7470dc6aa5521d226e8ed218500dfe633 |
05-Aug-2005 |
Harald Welte <laforge@gnumonks.org> |
port Eric Leblond's NFQUEUE missing-break fix to ip6tables
ibip6t_NFQUEUE.c
ibip6t_NFQUEUE.man
|
6fdefcfe7aaa02e116e44e96262fe986e87977eb |
05-Aug-2005 |
Eric Leblond <eric@inl.fr> |
Add missing 'break' to make parsing of NFQUEUE numbers work (Eric Leblond)
ibipt_NFQUEUE.c
ibipt_NFQUEUE.man
|
7bdfca450990ca68ccfc4c54acb14d3ea0fa8582 |
28-Jul-2005 |
Harald Welte <laforge@gnumonks.org> |
update manpage to reflect QUEUE / nfnetlink_queue / NFQUEUE changes
ibip6t_NFQUEUE.man
ibipt_NFQUEUE.man
|
36d870c76621b94d51816d09eb8fd05e0fb0a0ab |
22-Jul-2005 |
Patrick McHardy <kaber@trash.net> |
Fix NAT of ICMP ID ranges (Patrick McHardy)
ibipt_DNAT.c
ibipt_MASQUERADE.c
ibipt_REDIRECT.c
ibipt_SNAT.c
|
efa8fc2123a2a9fc229ab471edd2b2688ce1da3a |
20-Jul-2005 |
Harald Welte <laforge@gnumonks.org> |
get rid of numerous gcc-4 warnings
ibip6t_length.c
ibip6t_physdev.c
ibipt_DSCP.c
ibipt_TOS.c
ibipt_comment.c
ibipt_dscp.c
ibipt_physdev.c
ibipt_rpc.c
ibipt_tos.c
ibipt_ttl.c
|
daa1ef354deee764484c1494073b075859701971 |
19-Jul-2005 |
Harald Welte <laforge@gnumonks.org> |
add NFQUEUE support for ipv4 and ipv6
akefile
ibip6t_NFQUEUE.c
ibipt_NFQUEUE.c
|
893b688a2a73363c8cebe4bac0c1368178fce2fd |
10-Jul-2005 |
Harald Welte <laforge@gnumonks.org> |
fix various missing header file / #define issues on old kernels. I've now tested compilation with kernels starting 2.4.17
ibip6t_LOG.c
|
195ae91a7103d46d3aed96f339a70742b664e967 |
29-Jun-2005 |
Harald Welte <laforge@gnumonks.org> |
attempt to fix save/restore of '! --uid-owner squid' problem as reported by Costa Tsaousis (backport from ipv4 owner)
ibip6t_owner.c
|
0c4c91c1e30e229a1a80f044ab47d17590ece383 |
24-Jun-2005 |
Patrick McHardy <kaber@trash.net> |
Add --log-uid support to libip6t_LOG (Patrick McHardy <kaber@trash.net>)
ibip6t_LOG.c
ibip6t_LOG.man
|
9867e814492275cabfbccd6b30375b0e23eb10cb |
22-Jun-2005 |
Yasuyuki KOZAKAI <yasuyuki.kozakai@toshiba.co.jp> |
reduce code replication of parse_interface() (Yasuyuki Kozakai)
ibip6t_physdev.c
ibipt_physdev.c
|
a3a9c0d3e3d9df70c5ea2e64ef792e194dbfbde7 |
22-Jun-2005 |
Yasuyuki KOZAKAI <yasuyuki.kozakai@toshiba.co.jp> |
This patch prevents user to set negative port value of SNAT/DNAT. (Yasuyuki Kozakai)
ibipt_DNAT.c
ibipt_SNAT.c
|
38eb730cc867a470f3e5468e804b553e96272ccf |
11-Jun-2005 |
Evgeniy Polyakov <johnpol@2ka.mipt.ru> |
OSF: lib_ipt.c changes to support connector notifications (Evgeniy Polyakov <johnpol@2ka.mipt.ru>)
ibipt_osf.c
|
86c8513400c3c604771d710d28888d0877c6ca9d |
11-Jun-2005 |
Phil Oester <kernel@linuxace.com> |
update multiport manpage (Phil Oester <kernel@linuxace.com>)
ibip6t_multiport.man
ibipt_multiport.man
|
f3aa491a54847fbbaae0858d00e5e4c0986c1d7b |
11-Jun-2005 |
Tom Eastep <teastep@shorewall.net> |
Fix CONNMARK save/restore (Tom Eastep <teastep@shorewall.net>, Pawel Sikora <pluto@agmk.net>)
ibipt_CONNMARK.c
|
56506a10c3bc3e13134db607fd94b4f4067426f3 |
25-May-2005 |
Rusty Russell <rusty@rustcorp.com.au> |
While adding testing for inversion of multiport, noticed that documentation about --ports is *wrong*. Ports do not have to be equal: either dest or src being in list is enough for match.
ibipt_multiport.man
|
38ed421276ff0312965c96754b4bc01d0e4f0679 |
04-May-2005 |
Harald Welte <laforge@gnumonks.org> |
include FIN bit in mask of "--syn" bits
ibipt_tcp.c
ibipt_tcp.man
|
e556800cf137e49a47cf1ac889c613f5d33cfe3b |
02-May-2005 |
Patrick McHardy <kaber@trash.net> |
Ignore unknown arguments in libipt_ULOG (Patrick McHardy <kaber@trash.net>)
ibipt_ULOG.c
|
1c0f2365ab7a884cc3e1aaed487ecdc2109fe0e2 |
24-Apr-2005 |
Piotrek Kaczmarek <kaczorek@daleka.net> |
Fix connbytes command line parsing bug (Piotrek Kaczmarek <kaczorek@daleka.net>)
ibipt_connbytes.c
|
7d7745153bcb13ea5f53fb51b44885718f7d8398 |
15-Apr-2005 |
Harald Welte <laforge@gnumonks.org> |
pull out pmtu changes to fix compilation issues
ibipt_REJECT.c
ibipt_REJECT.man
|
7a8bdfdd5f21c67fd1d47d2b1d94b5a61d2e14af |
10-Apr-2005 |
Florian Lohoff <flo@rfc822.org> |
add REJECT with icmp-frag-needed (Florian Lohoff)
ibipt_REJECT.c
ibipt_REJECT.man
|
182f3f62acbcb88b615b3d7d5940e316472be049 |
01-Apr-2005 |
Phil Oester <kernel@linuxace.com> |
don't allow newlines in LOG prefix (Phil Oester) (Closes: #312)
ibip6t_LOG.c
ibipt_LOG.c
|
f33c46140f0e0a230aba5d739ce40cb14e066b13 |
01-Apr-2005 |
Jonas Berlin <xkr47@outerspace.dyndns.org> |
add lots of man pages (Jonas Berlin)
ibipt_IPMARK.man
ibipt_IPV4OPTSSTRIP.man
ibipt_SAME.man
ibipt_TARPIT.man
ibipt_XOR.man
ibipt_account.man
ibipt_comment.man
ibipt_connbytes.man
ibipt_connlimit.man
ibipt_hashlimit.man
ibipt_ipv4options.man
ibipt_osf.man
ibipt_psd.man
ibipt_quota.man
ibipt_recent.man
ibipt_sctp.man
ibipt_u32.man
|
b9e814c4f3162a3f4deb93c42481fb1e4ca4f42e |
18-Mar-2005 |
Michal Pokrywka <mpokrywka@hoga.pl> |
SET target bugfix by Michal Pokrywka applied
ibipt_SET.c
|
1afcffdeba6ebfd383a846d18d01b2fb4c072a59 |
16-Mar-2005 |
Torsten Lüttgert <t.luettgert@pressestimmen.de> |
Fix TCPLAG version (Torsten Lüttgert <t.luettgert@pressestimmen.de>)
ibipt_TCPLAG.c
|
8b7cc8a00d78810542efdeca309cd8bcccde6513 |
15-Mar-2005 |
Jonas Berlin <xkr47@outerspace.dyndns.org> |
improve REDIRECT manpage (Jonas Berlin <xkr47@outerspace.dyndns.org>)
ibipt_REDIRECT.man
|
800938fcabe76265d273fa0552dcf674d33973aa |
07-Mar-2005 |
Pablo Neira <pablo@eurodev.net> |
This fixes rule deletion in CLUSTERIP in iptables (Pablo Neira)
ibipt_CLUSTERIP.c
|
8115e5425721cd610b6390c3d4c24540773b0520 |
14-Feb-2005 |
Pablo Neira <pablo@eurodev.net> |
Kill NFC_* stuff in iptables (Pablo Neira <pablo@eurodev.net>) Fixes build with conntrack event patch for 2.6
ibip6t_LOG.c
ibip6t_REJECT.c
ibip6t_condition.c
ibip6t_eui64.c
ibip6t_fuzzy.c
ibip6t_hl.c
ibip6t_icmpv6.c
ibip6t_ipv6header.c
ibip6t_length.c
ibip6t_limit.c
ibip6t_mac.c
ibip6t_mark.c
ibip6t_multiport.c
ibip6t_nth.c
ibip6t_owner.c
ibip6t_random.c
ibip6t_tcp.c
ibip6t_udp.c
ibipt_BALANCE.c
ibipt_DNAT.c
ibipt_IPMARK.c
ibipt_IPV4OPTSSTRIP.c
ibipt_LOG.c
ibipt_MASQUERADE.c
ibipt_NETLINK.c
ibipt_NETMAP.c
ibipt_POOL.c
ibipt_REDIRECT.c
ibipt_REJECT.c
ibipt_SAME.c
ibipt_SET.c
ibipt_SNAT.c
ibipt_TARPIT.c
ibipt_TCPLAG.c
ibipt_ULOG.c
ibipt_account.c
ibipt_addrtype.c
ibipt_childlevel.c
ibipt_comment.c
ibipt_condition.c
ibipt_connbytes.c
ibipt_connlimit.c
ibipt_connrate.c
ibipt_conntrack.c
ibipt_dscp.c
ibipt_dstlimit.c
ibipt_ecn.c
ibipt_fuzzy.c
ibipt_hashlimit.c
ibipt_helper.c
ibipt_icmp.c
ibipt_iprange.c
ibipt_ipv4options.c
ibipt_length.c
ibipt_limit.c
ibipt_mac.c
ibipt_mark.c
ibipt_mport.c
ibipt_multiport.c
ibipt_nth.c
ibipt_osf.c
ibipt_owner.c
ibipt_pkttype.c
ibipt_pool.c
ibipt_psd.c
ibipt_quota.c
ibipt_random.c
ibipt_realm.c
ibipt_recent.c
ibipt_record_rpc.c
ibipt_rpc.c
ibipt_sctp.c
ibipt_set.c
ibipt_state.c
ibipt_string.c
ibipt_tcp.c
ibipt_tcpmss.c
ibipt_time.c
ibipt_tos.c
ibipt_ttl.c
ibipt_u32.c
ibipt_udp.c
ibipt_unclean.c
|
69558bf5d1acbc9112b7568d9db6aec2efa0fd7a |
13-Feb-2005 |
Harald Welte <laforge@gnumonks.org> |
Allow "--realm ! foo" and "! --realm foo" (Closes: #297)
ibipt_realm.c
|
8430fb96e331987c4e3ccd9195ddd33b4099ab51 |
13-Feb-2005 |
Harald Welte <laforge@gnumonks.org> |
fix missing comma at end of line
ibip6t_random.c
|
02964b869a8616b41e4c2dc899ff23921aaaa4b0 |
12-Feb-2005 |
Martin Josefsson <gandalf@wlug.westbo.se> |
Fix CONNMARK/connmark issues with 64bit kernel and 32bit userspace. Also fixes a typo in CONNMARK, --mask set the mark, not the mask. Initial patch by: Pablo Neira <pablo@eurodev.net> Signed-off-by: Martin Josefsson <gandalf@wlug.westbo.se>
ibipt_CONNMARK.c
ibipt_connmark.c
|
61d274fc47d0a69a2b4aa005a3a786774f1200c9 |
08-Feb-2005 |
Harald Welte <laforge@gnumonks.org> |
try to fix realm save/restore issue (Adresses: #297)
ibipt_realm.c
|
77cb03f05f5cc43de409c978712ba17843cbad8d |
07-Feb-2005 |
Samuel Jean <sj-netfilter@cookinglinux.org> |
Fix rule deletion (hinfo pointer initialized by kernel, don't compare it in userspace). (Samuel Jean)
ibipt_hashlimit.c
|
e6ebb1cf6ddf49cff467131f42a15fa40aaade0b |
07-Feb-2005 |
Nikolai Malykh <nmalykh@bilim.com> |
fix parameter handling in libipt_hashlimit with iptables-save (Nikolai Malykh)
ibipt_hashlimit.c
|
b2eedcdf84c037e346bdd4e804decf95de66cbf7 |
02-Feb-2005 |
Phil Oester <kernel@linuxace.com> |
Add support for inversion to multiport revision 1. Signed-off-by: Phil Oester <kernel@linuxace.com>
ibipt_multiport.c
|
37963e0e357b31b6378cc711a7ca54dad5f7f921 |
01-Feb-2005 |
Harald Welte <laforge@gnumonks.org> |
fix compiler warning about discarding const
ibipt_CLUSTERIP.c
|
58e7285844eacbaa9d7510f4dd6c986b5c649fc8 |
01-Feb-2005 |
Harald Welte <laforge@gnumonks.org> |
add missing comma
ibip6t_tcp.c
|
3d121875b169e3a95a768021efe8eb6a5f650f1f |
01-Feb-2005 |
Harald Welte <laforge@gnumonks.org> |
fix typo
ibip6t_multiport.c
|
02aa73312d6078b6de26757d5a558e0085ec20b5 |
01-Feb-2005 |
Harald Welte <laforge@gnumonks.org> |
make structure initializers use C99 standard (Harald Welte)
ibip6t_REJECT.c
ibip6t_ROUTE.c
ibip6t_eui64.c
ibip6t_hbh.c
ibip6t_icmpv6.c
ibip6t_ipv6header.c
ibip6t_length.c
ibip6t_limit.c
ibip6t_mac.c
ibip6t_mark.c
ibip6t_multiport.c
ibip6t_nth.c
ibip6t_owner.c
ibip6t_physdev.c
ibip6t_random.c
ibip6t_rt.c
ibip6t_standard.c
ibip6t_tcp.c
ibip6t_udp.c
|
de5ba5db3fd28dbb4cf3f3ec23b888ce0e1e1e4d |
01-Feb-2005 |
Harald Welte <laforge@gnumonks.org> |
check for colons
ibipt_SNAT.c
|
fcbab568c52643337d42e48a57b45be481db2e05 |
01-Feb-2005 |
Harald Welte <laforge@gnumonks.org> |
Use C99 initializers
ibip6t_HL.c
|
3fb61f3d4a194ba989fe8470f16064f20e59e3bc |
01-Feb-2005 |
Phil Oester <kernel@linuxace.com> |
John McCann points out via bugzilla that iptables happily accepts this syntax on DNAT/SNAT: --to x.x.x.x:y:z but doesn't actually make use of the second port. Clear up the confusion by only accepting a dash between the ports. This closes bugzilla #265. Signed-off-by: Phil Oester <kernel@linuxace.com>
ibipt_DNAT.c
|
22a8c9365f62cf64141e93a574a7b41ba66a4dbe |
22-Jan-2005 |
Nikolai Malykh <nmalykh@bilim.com> |
fix name of 'extra_opts' structure member (Nikolai Malykh)
ibipt_dstlimit.c
|
2b9a577a68c49d4ac3f44dbf0eb6c622de6b5c30 |
05-Jan-2005 |
Martin Josefsson <gandalf@wlug.westbo.se> |
Make it compile on current kernels, the future isn't here yet.
ibipt_LOG.c
|
225f462b814a47394858b5994acdcc4f3c951a66 |
03-Jan-2005 |
Rusty Russell <rusty@rustcorp.com.au> |
Testsuite found an issue: multiport accepts -p ! tcp.
ibipt_multiport.c
|
5df9547e093c4fef0bb926adb268dbd020e543a6 |
03-Jan-2005 |
Pablo Neira <pablo@eurodev.net> |
Pablo Neira: Multiport revision 1 userspace support.
ibipt_multiport.c
|
3aef54dce4f9bbe0b466478fd33a1d3131efbbb8 |
03-Jan-2005 |
Rusty Russell <rusty@rustcorp.com.au> |
Extension revision number support (if kernel supports the getsockopts). Enhance MARK match with second revision. Committed in anticipation of the kernel patch being applied.
ibipt_MARK.c
|
708f7b97a5a7455abf5c3c5a86bf6603c6c7a1c5 |
03-Jan-2005 |
Nicolas Bouliane <nib@cookinglinux.org> |
Prevent user from using --helper multiple times (Nicolas Bouliane <nib@cookinglinux.org>)
ibipt_helper.c
|
f46e1afd45c6d735c8bb8f5a67286780ff40be6a |
03-Jan-2005 |
John Lange <john.lange@open-it.ca> |
Add --log-uid option (John Lange <john.lange@open-it.ca>)
ibipt_LOG.c
ibipt_LOG.man
|
3ef2fb8f721418491b3459441331496ee3ed24bd |
29-Dec-2004 |
Rusty Russell <rusty@rustcorp.com.au> |
Fix compile error introduced by C99 conversion.
ibipt_helper.c
|
8caee8b9e34fed4562fcff553197c161fc9d9979 |
28-Dec-2004 |
Pablo Neira <pablo@eurodev.net> |
Pablo Neira: extensions conversion to C99 structure initialization (I removed the revision stuff for the moment, but this needs to go in before the code moves too much --RR)
ibipt_BALANCE.c
ibipt_CLASSIFY.c
ibipt_CLUSTERIP.c
ibipt_DNAT.c
ibipt_DSCP.c
ibipt_ECN.c
ibipt_FTOS.c
ibipt_IPMARK.c
ibipt_IPV4OPTSSTRIP.c
ibipt_MARK.c
ibipt_MASQUERADE.c
ibipt_MIRROR.c
ibipt_NETLINK.c
ibipt_NETMAP.c
ibipt_POOL.c
ibipt_REDIRECT.c
ibipt_REJECT.c
ibipt_ROUTE.c
ibipt_SAME.c
ibipt_SNAT.c
ibipt_TARPIT.c
ibipt_TCPMSS.c
ibipt_TOS.c
ibipt_TTL.c
ibipt_ULOG.c
ibipt_XOR.c
ibipt_addrtype.c
ibipt_ah.c
ibipt_comment.c
ibipt_condition.c
ibipt_connbytes.c
ibipt_connlimit.c
ibipt_connrate.c
ibipt_conntrack.c
ibipt_dscp.c
ibipt_dstlimit.c
ibipt_esp.c
ibipt_fuzzy.c
ibipt_hashlimit.c
ibipt_helper.c
ibipt_icmp.c
ibipt_iprange.c
ibipt_ipv4options.c
ibipt_length.c
ibipt_limit.c
ibipt_mac.c
ibipt_mark.c
ibipt_mport.c
ibipt_multiport.c
ibipt_nth.c
ibipt_owner.c
ibipt_physdev.c
ibipt_pkttype.c
ibipt_pool.c
ibipt_psd.c
ibipt_quota.c
ibipt_random.c
ibipt_realm.c
ibipt_rpc.c
ibipt_standard.c
ibipt_state.c
ibipt_tcp.c
ibipt_tcpmss.c
ibipt_time.c
ibipt_tos.c
ibipt_ttl.c
ibipt_u32.c
ibipt_udp.c
ibipt_unclean.c
|
70f758db30e46d084397d89bfb670274b0288ac8 |
22-Dec-2004 |
Rusty Russell <rusty@rustcorp.com.au> |
Use string_to_number. Don't check for no optarg: we set has_arg to 1 in option array, so getopt does that for us.
ibipt_ttl.c
|
0b46d1db6b3b71265b1c1a15dbfca4025ab26494 |
20-Dec-2004 |
Nicolas Bouliane <nib@cookinglinux.org> |
Nicolas Bouliane: I was writing an nfsim .sim for the match tos, when I realized that when we enter --tos twice the second overwrite the first.
ibipt_tos.c
|
3f2987813d32da5eb40afdc58e5bff39bf51cd0b |
14-Dec-2004 |
Patrick Schaaf <bof@bof.de> |
ROUTE --tee target extension (Patrick Schaaf)
ibip6t_ROUTE.c
ibip6t_ROUTE.man
ibipt_ROUTE.c
ibipt_ROUTE.man
|
b9a4938640a631a281f805d1dca343651c8d4a20 |
01-Dec-2004 |
Joszef Kadlecsik <kadlec@blackhole.kfki.hu> |
ipset 2 related updates (JK)
ibipt_SET.c
ibipt_SET.man
ibipt_set.c
ibipt_set.h
ibipt_set.man
|
7dc57e2933f0d6eeefb7c6d937c56655e5d1c9ea |
18-Nov-2004 |
Harald Welte <laforge@gnumonks.org> |
fix some compiler warnings and errors
ibipt_connbytes.c
|
93f4a3d72ad082ea42d67787d43e25343890dcdc |
18-Nov-2004 |
Harald Welte <laforge@gnumonks.org> |
sync with latest patch-o-matic-ng update (support direction and mode parameters)
ibipt_connbytes.c
|
60953f027743af52ba6d3ea4561b5ae169629cd0 |
21-Oct-2004 |
Harald Welte <laforge@gnumonks.org> |
minor syntax fixes
ibipt_hashlimit.c
|
5d4a1b8d4fdbd4f23245c748c7045929dfea52c1 |
20-Oct-2004 |
Harald Welte <laforge@gnumonks.org> |
- add hashlimit to makefile - fix typo in libipt_hashlimit
akefile
ibipt_hashlimit.c
|
77e2ecac2ad27fa93a99363279f015ce7b0ee114 |
20-Oct-2004 |
Harald Welte <laforge@gnumonks.org> |
hashlimit port of userspace plugin
ibipt_hashlimit.c
|
373f8e9a4d0b7794290f590b5664d3718bfbde15 |
03-Oct-2004 |
Patrick McHardy <kaber@trash.net> |
Mention owner brokenness in manpage
ibip6t_owner.man
ibipt_owner.man
|
2608b6e268635aca5d885cd551b4d3d6f4dbd7e6 |
01-Oct-2004 |
Phil Oester <kernel@linuxace.com> |
note owner match brokenness in helptext, closes bugzilla #244 (Phil Oester)
ibipt_owner.c
|
1b68d2e9643b6775749f190cd63cd80275b1999f |
26-Sep-2004 |
Phil Oester <kernel@linuxace.com> |
Add comment about time not adhering DST (Phil Oester) (Closes: #75)
ibipt_time.c
|
4066ee9e891e1d482cb90fb7c47213bfa6f3fb5b |
22-Sep-2004 |
Simon Lodal <simonl@parknet.dk> |
realm: fix inversion (Simon Lodal)
ibipt_realm.c
|
57ff0b441bab760d0b78d762b6367af1b1a67a1f |
21-Sep-2004 |
Phil Oester <kernel@linuxace.com> |
Fix half-working ipv6 limit invert check (Phil Oester)
ibip6t_limit.c
|
2731398efe38c42b703d2751852e97bd2198663d |
21-Sep-2004 |
Phil Oester <kernel@linuxace.com> |
Fix half-working dstlimit invert check (Phil Oester)
ibipt_dstlimit.c
|
35160ee618b7015f7dd9da0cf199a518e3b8b70e |
21-Sep-2004 |
Phil Oester <kernel@linuxace.com> |
limit match does not support invert, warn about it. Closes bugzilla #95 (Phil Oester)
ibipt_limit.c
|
514b1b488eaf07d66e209681f4f34246d7db2f60 |
20-Sep-2004 |
Brad Fisher <brad@info-link.net> |
Add comment match extension (Brad Fisher)
akefile
ibipt_comment.c
|
6a93fa02bb4f98156196088e14603ab4707745ed |
18-Sep-2004 |
Phil Oester <kernel@linuxace.com> |
fix psd option parsing (Phil Oester)
ibipt_psd.c
|
d0a2e8adfaa8bc60f2c52f64ab32ca11d00e49db |
18-Sep-2004 |
Patrick McHardy <kaber@trash.net> |
Print error when '!' is used with multiport. Based on patch by Phil Oester.
ibip6t_multiport.c
ibipt_mport.c
ibipt_multiport.c
|
13218fbdc92e704953d01333ea10bd623821b71e |
13-Sep-2004 |
Bart De Schuymer <bdschuym@pandora.be> |
port physdev to ip6tables (Bart De Schuymer)
akefile
ibip6t_physdev.c
ibip6t_physdev.man
|
63730f10f09b39a6b4d2257fd0bd380f9306ba52 |
02-Sep-2004 |
Piotr Gasidło <quaker@pandora.barbara.ds.polsl.gliwice.pl> |
Fix number parsing (Piotr Gasidlo)
ibipt_u32.c
|
161b35f372c1612863f9ebd327e6c4a9f0959e2a |
24-Aug-2004 |
Youza Youzovic <youza@post.cz> |
add missing spaces in 'save' printout (youza@post.cz) (Closes: #235)
ibipt_connbytes.c
|
7defa34947c015cf8f8ea40dd29be5cedc9e73cd |
23-Aug-2004 |
Phil Oester <kernel@linuxace.com> |
Cleanup ttl-match option parsing, fixes bugzilla #183 (Phil Oester)
ibipt_ttl.c
|
811b040b4d9fbf98e6206e8200caa6825210d3a9 |
23-Aug-2004 |
Phil Oester <kernel@linuxace.com> |
Fix conntrack-match typo, fixes bugzilla #194 (Phil Oester)
ibipt_conntrack.c
|
46e8538e2254fcd48517067b659bcdc8ba1c3cc0 |
28-Jul-2004 |
Maciej Soltysiak <solt@dns.toxicfilms.tv> |
Limit ttl-value to 0-255 (Maciej Soltysiak <solt@dns.toxicfilms.tv>)
ibip6t_HL.c
|
37fd00d68995779dafde80ee51eaeaaaa5c149c0 |
27-Jul-2004 |
Nicolas Bouliane <nib@cookinglinux.org> |
Check that TTL is between 0 and 255 (Nicolas Bouliane)
ibipt_TTL.c
|
07de9c0c5fd0bb9c0d135811eb44eea181cdf553 |
23-Jul-2004 |
Piotr Gasidło <quaker@pandora.barbara.eu.org> |
update to ipt_account 0.1.16 (Piotr Gasid?o)
ibipt_account.c
|
5e4bb564d9c1b7a4ecd14cac52224ae9c63b38b5 |
16-Jul-2004 |
Harald Welte <laforge@gnumonks.org> |
In C, we declare variables at the top of function (Olivier Clerget)
ibipt_time.c
|
b9c6ec1fbe185b38071cdab9d50538ae35c8ad26 |
12-Jul-2004 |
Nicolas Bouliane <nib@cookinglinux.org> |
Giving --dst-range twice to iprange did not ring the bell Bug reported and fixed by Nicolas Bouliane
ibipt_iprange.c
|
3e2b8df5bb07dcb04216e2f54d528d7f01de5932 |
11-Jul-2004 |
Harald Welte <laforge@gnumonks.org> |
fix syntax of help message
ibipt_nth.c
ibipt_random.c
|
f92ab33303163a221e9edd5591193f938cda7c9e |
28-Jun-2004 |
Patrick McHardy <kaber@trash.net> |
Add addrtype match to list of unconditionally built extensions
addrtype-test
akefile
|
e4077d02a9deb86bf88ca65795c5702ef0f1a866 |
17-Jun-2004 |
Joszef Kadlecsik <kadlec@blackhole.kfki.hu> |
Semicolon were missing in the added assigment lines
akefile
|
d566c9bed88daba44b913dc159a771659cb68f6a |
17-Jun-2004 |
Joszef Kadlecsik <kadlec@blackhole.kfki.hu> |
Fix for empty extra match/target man page list processing
akefile
|
c5617bf84475028dd1663cde076b93f355ce42a7 |
26-May-2004 |
Martin Josefsson <gandalf@wlug.westbo.se> |
With a 64bit kernel only the high 32bits of nfmark was used regardless of 32/64bit userspace. This makes it quite hard to interoperate with 'tc'. Sync ipv6 versions with ipv4 versions. Tested on x86 and sparc64 with both 32bit and 64bit userspace.
ibip6t_MARK.c
ibip6t_mark.c
ibipt_MARK.c
ibipt_mark.c
|
a28d495285ad7dd9f286d63958cf20d74eec6bcb |
26-May-2004 |
Martin Josefsson <gandalf@wlug.westbo.se> |
Get rid of some warnings when compiling 64bit.
ibip6t_LOG.c
ibipt_LOG.c
ibipt_ULOG.c
ibipt_owner.c
|
1eb0081027ee567e822b24377ea614e66c408ff2 |
26-May-2004 |
Martin Josefsson <gandalf@wlug.westbo.se> |
Fix 64bit kernel / 32bit userspace issue. Sync header with kernel.
ibipt_SAME.c
ibipt_ULOG.c
|
1da399c30a2c42490f1c6cb84857e31522546c9d |
26-May-2004 |
Martin Josefsson <gandalf@wlug.westbo.se> |
Fix 64bit kernel / 32bit userspace issue.
ibip6t_limit.c
ibipt_conntrack.c
ibipt_limit.c
|
1f661e3c268496d72d4de73bac7a86920a508cce |
26-May-2004 |
Martin Josefsson <gandalf@wlug.westbo.se> |
What is this doing here? Go away.
ibipt_MARK.c
|
114608849951fdc6fdee1a0be7c35f5d86e38bee |
08-May-2004 |
Martin Josefsson <gandalf@wlug.westbo.se> |
don't use signed things...
ibipt_connbytes.c
|
db503f9a45f2a765ef63834a2c9416ccf59385af |
05-May-2004 |
Joszef Kadlecsik <kadlec@blackhole.kfki.hu> |
Fabrice's time match update + Tom Eastep's conntrack mach fix applied (JK)
ibipt_conntrack.c
ibipt_time.c
ibipt_time.man
|
7737eec010d91eef238271294f1f21cba8122c74 |
18-Apr-2004 |
Nuuti Kotivuori <naked@iki.fi> |
Add connrate match userspace part (Nuuti Kotivuori)
connrate-test
ibipt_connrate.c
ibipt_connrate.man
|
d89b2f44a687f91750a21f07b603ee9e31b768e9 |
15-Apr-2004 |
Harald Welte <laforge@gnumonks.org> |
fix typo
ibipt_dstlimit.c
|
c9dd71a16506acb598b89d8e01d0b01390009b0b |
07-Apr-2004 |
Martin Josefsson <gandalf@wlug.westbo.se> |
Fix missing 6 (Bjorn Mattsson)
akefile
|
4f37d48f03bec7bf5e23a6e8b313c1285578c958 |
17-Mar-2004 |
Piotr Gasidło <quaker@pandora.barbara.eu.org> |
add userspace support for 'ipt_account' match (Piotr Gasid'o)
account-test
ibipt_account.c
|
920463da635a2e28c2673a3101109de58108f429 |
04-Mar-2004 |
Maciej Soltysiak <solt@dns.toxicfilms.tv> |
Fix missing newline in libipt_DSCP help-text (Maciej Soltysiak)
ibipt_DSCP.c
|
54924023ee598e626423ef9c222eff0e8d28dfac |
02-Mar-2004 |
Kiran Kumar <immidi_kiran@yahoo.com> |
update for matching chunk flags (Kiran Kumar)
ibipt_sctp.c
|
dd6dd3ec5390807bf52e1afe7f4ec9489fc4dcb4 |
29-Feb-2004 |
Evgeniy Polyakov <johnpol@2ka.mipt.ru> |
add support for netlink reporting to ipt_osf (Evgeniy Polyakov)
ibipt_osf.c
|
0be628561762d37090155afb6322da8f8ce4789c |
22-Feb-2004 |
Harald Welte <laforge@gnumonks.org> |
don't print/save parameters that were automatically chosen. Only show real values as specified by administrator.
ibipt_dstlimit.c
|
129152307ba7b09c9ad667eee2c4e0d23f7c500b |
21-Feb-2004 |
Harald Welte <laforge@gnumonks.org> |
add userspace part of SCTP match
akefile
ibipt_sctp.c
|
b58ee5402818d3bf5ca506749c6a6402ca3a8c1b |
17-Feb-2004 |
Harald Welte <laforge@gnumonks.org> |
add childlevel match support
childlevel-test
ibipt_childlevel.c
ibipt_childlevel.man
|
435c99c1be6f336172be8e65a7951d5724b06685 |
17-Feb-2004 |
Harald Welte <laforge@gnumonks.org> |
- work with new matchinfo struct - fix save() function - fix dstport/destport ambiguity
ibipt_dstlimit.c
|
f020d6351e7a7eb66c59dd8198839e4296d6a470 |
16-Feb-2004 |
Harald Welte <laforge@gnumonks.org> |
add save() of dstlimit-name
ibipt_dstlimit.c
|
6132e80e1d438086baf5a1331b907b684bf78546 |
16-Feb-2004 |
Harald Welte <laforge@gnumonks.org> |
fix various errors in save() function
ibipt_dstlimit.c
|
9c50ebe1b02335cfacbee0472d9c5f83612c6016 |
09-Feb-2004 |
Joszef Kadlecsik <kadlec@blackhole.kfki.hu> |
Userspace part of sets: ipset added (JK)
set-test
ibipt_SET.c
ibipt_set.c
|
09603cb48b44d8a8da26d1ca836343a3a0fd9540 |
04-Feb-2004 |
Harald Welte <laforge@gnumonks.org> |
fix mask '/0' case (David Ahern) (Closes: #147)
ibipt_connlimit.c
|
d2979574652b9c1a49bd25c0e927912cab0a3ac5 |
04-Feb-2004 |
Harald Welte <laforge@gnumonks.org> |
fix '--icmp-type any' case
ibipt_icmp.c
|
a6ef99487b05ac5f358cb58d9448e28ac5f38b30 |
03-Feb-2004 |
Henrik Nordstrom <hno@marasystems.com> |
latest version of CONNMARK (Henrik Nordstrom)
ibipt_CONNMARK.c
ibipt_CONNMARK.man
ibipt_connmark.c
ibipt_connmark.man
|
073df8feb0a8c4023ce40138e519ac9b341b1ca2 |
31-Jan-2004 |
Karsten Desler <kdesler@soohrt.org> |
Fix even more possibly not zero-terminated strings after copy (Karsten Desler)
ibip6t_owner.c
ibipt_XOR.c
ibipt_helper.c
ibipt_owner.c
ibipt_recent.c
|
867f4db6d500b9981bba8e8ec52a097ed6f6dd89 |
27-Jan-2004 |
Henrik Nordstrom <hno@marasystems.com> |
use <stddef.h> instead of <linux/stddef.h> (Henrik Nordstrom)
ibipt_time.c
|
c2794131b445ebccba184066af6d3fb2f38d1f38 |
22-Jan-2004 |
Henrik Nordstrom <hno@marasystems.com> |
split manpages into per-extension manpage snippet (Henrik Nordstrom) add lots of missing manpage snippets (Harald Welte)
akefile
ibip6t_HL.man
ibip6t_LOG.man
ibip6t_MARK.man
ibip6t_REJECT.man
ibip6t_ROUTE.man
ibip6t_TRACE.man
ibip6t_ah.man
ibip6t_condition.man
ibip6t_dst.man
ibip6t_esp.man
ibip6t_eui64.man
ibip6t_frag.man
ibip6t_fuzzy.man
ibip6t_hbh.man
ibip6t_hl.man
ibip6t_icmpv6.man
ibip6t_ipv6header.man
ibip6t_length.man
ibip6t_limit.man
ibip6t_mac.man
ibip6t_mark.man
ibip6t_multiport.man
ibip6t_nth.man
ibip6t_owner.man
ibip6t_random.man
ibip6t_rt.man
ibip6t_tcp.man
ibip6t_udp.man
ibipt_BALANCE.man
ibipt_CLASSIFY.man
ibipt_CLUSTERIP.man
ibipt_CONNMARK.man
ibipt_DNAT.man
ibipt_DSCP.man
ibipt_ECN.man
ibipt_LOG.man
ibipt_MARK.man
ibipt_MASQUERADE.man
ibipt_MIRROR.man
ibipt_NETMAP.man
ibipt_NOTRACK.man
ibipt_REDIRECT.man
ibipt_REJECT.man
ibipt_ROUTE.man
ibipt_SNAT.man
ibipt_TCPMSS.man
ibipt_TOS.man
ibipt_TRACE.man
ibipt_TTL.man
ibipt_ULOG.man
ibipt_addrtype.man
ibipt_ah.man
ibipt_condition.man
ibipt_conntrack.man
ibipt_dscp.man
ibipt_dstlimit.man
ibipt_ecn.man
ibipt_esp.man
ibipt_fuzzy.man
ibipt_helper.man
ibipt_icmp.man
ibipt_iprange.man
ibipt_length.man
ibipt_limit.man
ibipt_mac.man
ibipt_mark.man
ibipt_mport.man
ibipt_multiport.man
ibipt_nth.man
ibipt_owner.man
ibipt_physdev.man
ibipt_pkttype.man
ibipt_random.man
ibipt_realm.man
ibipt_state.man
ibipt_tcp.man
ibipt_tcpmss.man
ibipt_time.man
ibipt_tos.man
ibipt_ttl.man
ibipt_udp.man
ibipt_unclean.man
|
a753811078b056d7c394f420af4e6bed72a16126 |
05-Jan-2004 |
Harald Welte <laforge@gnumonks.org> |
fix deleting of time rules (SooYoun Cho) (Closes: #169)
ibipt_time.c
|
b807fb348369d852d031056f1c911f5b2b4c2114 |
05-Jan-2004 |
Michael Rash <mbr@cipherdyne.org> |
Fix saving of non-printable characters in string (Michael Rash) (Closes: #168)
ibipt_string.c
|
714c88476c4a637d67baaa078a7f13e27709b430 |
02-Jan-2004 |
Harald Welte <laforge@gnumonks.org> |
forgot to commit the last osf userspace update
ibipt_osf.c
|
db986e8a33ddd84be9045494d8d94ffd775be0fb |
26-Nov-2003 |
Harald Welte <laforge@gnumonks.org> |
add mac check
ibipt_CLUSTERIP.c
|
f997120aaa36b28b6949813ed2cb2fa87fd65bd0 |
20-Nov-2003 |
Harald Welte <laforge@gnumonks.org> |
support for srcip-* hashmodes added
ibipt_dstlimit.c
|
38d4d45b6ed5c318cbe1017f650428046f04d33c |
15-Nov-2003 |
Harald Welte <laforge@gnumonks.org> |
added name member for proc-file
ibipt_dstlimit.c
|
4fe389f87d5b8be160a6706823d5aa71deb78835 |
13-Nov-2003 |
Harald Welte <laforge@gnumonks.org> |
add dstlimit extension (kernel code in patch-o-matic soon)
dstlimit-test
ibipt_dstlimit.c
|
c340f6c3020d10975241662d449046eb4ca7a020 |
11-Nov-2003 |
Harald Welte <laforge@gnumonks.org> |
new CLUSTERIP target, currently in development. kernel code will follow soon
CLUSTERIP-test
ibipt_CLUSTERIP.c
|
1d095f8df6570b832b4c95d89e9a98541e85f4c7 |
30-Oct-2003 |
Yasuyuki KOZAKAI <yasuyuki.kozakai@toshiba.co.jp> |
Fix invalid port number (Yasuyuki Kozakai)
ibipt_MASQUERADE.c
|
11ce3320a0140425dac9e01c9d74f12e6afa1e58 |
08-Oct-2003 |
Harald Welte <laforge@gnumonks.org> |
unconditionally build libipt_connmark.so (Carlo Pires)
akefile
|
3bdcc221cda8e7d5053e83ef8e535b9902ac9a6d |
07-Oct-2003 |
Harald Welte <laforge@gnumonks.org> |
unconditionally build TRACE and NOTRACK plugins
NOTRACK-test
TRACE-test
TRACE-test6
akefile
|
4dc734c73cc4a0ff87c0ce3673544628b58c7e24 |
07-Oct-2003 |
Harald Welte <laforge@gnumonks.org> |
add support for the raw table to userspace
ibipt_conntrack.c
ibipt_state.c
|
7fb4d1f3143eb1235aacc424b29e296948a78034 |
02-Oct-2003 |
Thomas Woerner <twoerner@redhat.com> |
fix saving of udp port range in ip6tables (Thomas Woerner)
ibip6t_udp.c
|
aeba2406d2657fff3c00578f96b7dd8358b38d2e |
22-Sep-2003 |
Evgeniy Polyakov <johnpol@2ka.mipt.ru> |
further updates to the 'osf' module (Evgeniy Polyakov). now supports reading fingerprint data at runtime via /proc.
ibipt_osf.c
|
c687c2086dcfa6f6505d96b359aff0b1e8eaccd3 |
13-Sep-2003 |
Harald Welte <laforge@gnumonks.org> |
remove .NETMAP-test - build plugin unconditionally
NETMAP-test
|
5119ad344261eab98d4490cf9889b5fc706ccb1d |
13-Sep-2003 |
Evgeniy Polyakov <johnpol@2ka.mipt.ru> |
add passive OS fingerprinting (Evgeniy Polyakov)
osf-test
ibipt_osf.c
|
174ef9f10cd07f9541b4174e4ce7c4e51917d769 |
05-Sep-2003 |
Cédric de Launois <delaunois@info.ucl.ac.be> |
IPv6 'port' of ROUTE target (Cedric de Launois)
ROUTE-test6
ibip6t_ROUTE.c
|
46a73cf56e9338c160223e617bdb4e85db300428 |
05-Sep-2003 |
Harald Welte <laforge@gnumonks.org> |
1- printf() simplifications, 2- indentation fixes, 3- C99 initializers. (Stephane Ouellette)
ibip6t_MARK.c
ibip6t_frag.c
|
ad8d1ab2e36be7100afaf6fabfe3049423e51cce |
04-Sep-2003 |
Harald Welte <laforge@gnumonks.org> |
1- Fix preprocessor directive usage, 2- Redefine UNAME and LNAME macros such that their value is determined at compile-time, not at run-time, 3- Modify all printf() calls that use LNAME and UNAME to take advantage of the compile-time macro definitions, 4- More indentation fixes. (Stephane Ouellette)
ibip6t_dst.c
|
a643c3eccb6a985e720c807f5a4c86347fc9b899 |
25-Aug-2003 |
Harald Welte <laforge@gnumonks.org> |
add support for matching the IPS_CONFIRMED bit (Harald Welte)
ibipt_conntrack.c
|
c8d8a2f4e376eb4b012a11a88e266ff291d87e90 |
24-Aug-2003 |
Telford Tendys <telford@triode.net.au> |
add TCPLAG target (patch was lost on notebook drive)
TCPLAG-test
ibipt_TCPLAG.c
|
c6c85377dd5e4a14953dbd453e03cb1422741eed |
24-Aug-2003 |
Harald Welte <laforge@gnumonks.org> |
remove obsolete tests. the respective extensions are now built unconditionally
CLASSIFY-test
CONNMARK-test
connmark-test
iprange-test
realm-test
|
105650a15e20255c5d037f32b8ef4a2431c59855 |
24-Aug-2003 |
Harald Welte <laforge@gnumonks.org> |
add include files for soon-to-be-submitted patches (and build them unconditionally by putting thme in the extensions/Makefile)
akefile
|
703575d4b45d15996ee2ca0b13d958a22cd78f4f |
23-Aug-2003 |
Stephane Ouellette <ouellettes@videotron.ca> |
various cosmetic / c99 cleanups (Stephane Ouellette)
ibip6t_ah.c
ibip6t_dst.c
ibip6t_esp.c
ibip6t_fuzzy.c
|
2be28abae41cd5de9eb9a9035e46304dab13093c |
11-Aug-2003 |
Stephane Ouellette <ouellettes@videotron.ca> |
remove unused variable and move to c99 initializers (Stephane Ouellette)
ibip6t_LOG.c
ibipt_LOG.c
|
ab859188054a65fe95f29ae7e0390a49f2173af6 |
25-Jul-2003 |
Cédric de Launois <delaunois@info.ucl.ac.be> |
Updated version with new option to continue rule-traversal (Cedric de Launois)
ibipt_ROUTE.c
|
01cbaa6125344733148615c1664be83d24097136 |
14-Jul-2003 |
Thomas Woerner <twoerner@redhat.com> |
Fix iptables-save (save everything numerically) by Thomas Woerner <twoerner@redhat.com>
ibip6t_LOG.c
ibip6t_multiport.c
ibipt_LOG.c
ibipt_mport.c
ibipt_multiport.c
ibipt_psd.c
|
766113ac7457f4e14014d2accd5344a03bb6854f |
19-Jun-2003 |
Martin Devera <devik@cdi.cz> |
Add new connbytes match, include a warning (Martin Devera <devik@cdi.cz>)
connbytes-test
ibipt_connbytes.c
|
ce26c586c2217116c8e91628ce23f4429dccfae3 |
19-Jun-2003 |
Harald Welte <laforge@gnumonks.org> |
fix saving of inverted parameters (same as in ipv4 libipt_owner.c)
ibip6t_owner.c
|
cbc963941ef4abcb5c2d889b4173501e7a4cbc3b |
19-Jun-2003 |
Oliver Fudd <ofudd@speed-test.net> |
fix NETFILTER_VERSION -> IPTABLES_VERSION (Oliver Fudd ofudd@speed-test.net)
ibipt_IPMARK.c
|
78c57fac86e7ac32332684e80429a8dab9a8f556 |
14-Jun-2003 |
Dave Zambonini <dave@alfar.co.uk> |
Fix save-invert printout (David Zambonini, me)
ibip6t_mac.c
ibipt_mac.c
|
0cc203a59f2d8687f8ec3f6ebb86a81aaa574648 |
14-Jun-2003 |
Hime Junior <hime@engineer.com> |
Fix save function (Hime Aguiar e Oliveira Jr.)
ibip6t_fuzzy.c
ibipt_fuzzy.c
|
0c1b776db83c5d49a2ec53f575deda9fd2fa03fc |
01-Jun-2003 |
Sven Strickroth <sstrickroth@gym-oha.de> |
Fix libipt_recent.c save() (Sven Strickroth)
ibipt_recent.c
|
6640b3cbe3217a3e21aafc64f98d25bb6fc69be2 |
31-May-2003 |
Grzegorz Janoszka <Grzegorz.Janoszka@pro.onet.pl> |
add new IPMARK target (Grzegorz Janoszka)
IPMARK-test
ibipt_IPMARK.c
|
926d46fc2998b7f59a0ca932852082b9bc9db4ed |
31-May-2003 |
Tim Vandermeersch <tim.vandermeersch@pandora.be> |
add XOR patch by Tim Vandermeersch
XOR-test
ibipt_XOR.c
|
5a52c517ebb2c7421f57b0f00f2de6697cdd7a9c |
24-May-2003 |
Harald Welte <laforge@gnumonks.org> |
finally commit the overly delayed RFC1812 admin prohibited option
ibipt_REJECT.c
|
690a395725367c814ec20b5508a98eef9bea5bac |
21-May-2003 |
Joszef Kadlecsik <kadlec@blackhole.kfki.hu> |
Userspace files of the raw patch (JK).
NOTRACK-test
TRACE-test
TRACE-test6
ibip6t_TRACE.c
ibipt_NOTRACK.c
ibipt_TRACE.c
|
46525cd3880d2b1aad0b049122a67c9e626ec6d9 |
07-May-2003 |
Stephane Ouellette <ouellettes@videotron.ca> |
Cleanups (Stephane Ouellette)
ibip6t_hl.c
|
6e0e0ed90a35cf3104874102a647ee8d2a2c1662 |
07-May-2003 |
Patrick McHardy <kaber@trash.net> |
Add addrtype match (Patrick McHardy)
addrtype-test
ibipt_addrtype.c
|
8f578a09b56f010d5bcd30086a8f7c8132b35d92 |
03-May-2003 |
Harald Welte <laforge@gnumonks.org> |
add (untested) sctp userspace support for even more untested kernel part (in pom soon)
ibipt_sctp.c
|
63aee026e08f9dd1a4b9d551a5b3f650a9d1ada7 |
03-May-2003 |
Maciej Soltysiak <solt@dns.toxicfilms.tv> |
add nth match for ipv6 (Maciej Soltysiak)
nth-test6
ibip6t_nth.c
|
62fb4593f22e666b1fe3065be9d0c72a75dc91e4 |
03-May-2003 |
Maciej Soltysiak <solt@dns.toxifilms.tv> |
add random6 patch (Maciej Soltysiak)
random-test6
ibip6t_random.c
|
93b7e708ae3fe46c827c09b1ee6c1409597ce67a |
03-May-2003 |
Martin Josefsson <gandalf@wlug.westbo.se> |
fix saving of inverted owner match parameters (Martin Josefsson)
ibipt_owner.c
|
59cbe17cee0499c8f25a8d9f29513f4c85e9b03c |
30-Apr-2003 |
Harald Welte <laforge@gnumonks.org> |
rename iplimit to connlimit
akefile
ibipt_connlimit.c
|
7a937bd94f611ccec176341ea1b7811634f8ed5c |
30-Apr-2003 |
Harald Welte <laforge@gnumonks.org> |
Fix typo in libipt_string (Nancy Fudd). (Closes: #89)
ibipt_string.c
|
ed30c6bd6f4e9745468b095fbf8b1d0bd9844114 |
27-Apr-2003 |
Stephane Ouellette <ouellettes@videotron.ca> |
the following two patches move the call to check_inverse() to a saner place and surround the condition name by double-quotes in save(). (Stephane Ouellette)
ibip6t_condition.c
ibipt_condition.c
|
451f3eaad6712ba790aeba1a5af41ef9ee007d68 |
27-Apr-2003 |
Stephane Ouellette <ouellettes@videotron.ca> |
- Remove unneeded fputc() in help(). - C99 initializers. - In parse(), print an error message when multiple strings are specified on the command line. - Remove print_string(). This fixes save() when used with iptables-save/iptables-restore. (Stephane Ouellette)
ibipt_string.c
|
30596a5e7ae8c518a8a0bbf3aa891728e9f9ec1b |
27-Apr-2003 |
Bart De Schuymer <bdschuym@pandora.be> |
ipt_physdev update (--physdev-is-{in,out,bridged}) by Bart de Schuymer
ibipt_physdev.c
|
9cb66152f7286d9520dfe01406d27f09aac36a8e |
23-Apr-2003 |
Joszef Kadlecsik <kadlec@blackhole.kfki.hu> |
iprange match support added (Jozsef Kadlecsik)
iprange-test
ibipt_iprange.c
|
96d8593fffe816b3ee1bcd27df33beff5c404058 |
21-Apr-2003 |
Michael Rash <mbr@cipherdyne.org> |
add fix to string match (Michael Rash)
ibipt_string.c
|
27e1fa8d7bde95f3a0dbd627e7e15d26fa9ef1e3 |
14-Apr-2003 |
Stephen Frost <sfrost@snowman.net> |
add ipt_recent version 0.3.1 to CVS
ibipt_recent.c
|
5e3d5ca1b25b3cde9a40c5c74b7484dc909f097f |
13-Apr-2003 |
Patrick McHardy <kaber@trash.net> |
apply ipv6 port of ownercmd patch (Patrick McHardy)
ibip6t_owner.c
|
22b21353f551f6f96a25f92e32ccfb39e24af98f |
13-Apr-2003 |
Harald Welte <laforge@gnumonks.org> |
no space between '#!' and '/bin/sh'
CLASSIFY-test
|
244f7bc6d74e25e0d314db7714313420968563ad |
11-Apr-2003 |
Joszef Kadlecsik <kadlec@blackhole.kfki.hu> |
IPv6 port of the fuzzy match added.
fuzzy-test6
ibip6t_fuzzy.c
|
6ab626bb74153c180f98e8ba6c8bff88d2d45ebc |
11-Apr-2003 |
Joszef Kadlecsik <kadlec@blackhole.kfki.hu> |
CLASSIFY target added.
CLASSIFY-test
ibipt_CLASSIFY.c
|
fb7ed72f53b4d1cf645cc7529a6dc68e2a7ecd26 |
11-Apr-2003 |
Stephane Ouellette <ouellettes@videotron.ca> |
unused print_dscp removed, structures converted to C99 (Stephane Ouellette)
ibipt_ecn.c
|
b217dce4785b1772c5dc1b45eca1757061268971 |
30-Mar-2003 |
Harald Welte <laforge@gnumonks.org> |
compile with old kernel, new userspace
ibipt_rpc.c
|
122e7c0808eb6f3092c1a1750bd02001efc7cfb3 |
30-Mar-2003 |
Harald Welte <laforge@gnumonks.org> |
fix a compiler warning
ibipt_recent.c
|
2aa78fe7b29140d601bee6f4999ea7c6869339c0 |
30-Mar-2003 |
Harald Welte <laforge@gnumonks.org> |
fix error message if invalid flag is specified (Aaron Sethman) (Closes: #65)
ibip6t_tcp.c
ibipt_tcp.c
|
fbe3abea2fd199cada42d66d11e24c0c26a8760a |
26-Mar-2003 |
Stephane Ouellette <ouellettes@videotron.ca> |
fix parse error (Stephane Ouellette)
ibip6t_condition.c
ibipt_condition.c
|
9c8cdd4a2dc25f5e2f6836f7acc7800fd04b6f68 |
05-Mar-2003 |
Harald Welte <laforge@gnumonks.org> |
dont build ipv6 when DO_IPV6=0
akefile
|
2354d928a6864e8753decc054873d562689577d3 |
05-Mar-2003 |
Harald Welte <laforge@gnumonks.org> |
make DO_IPV6 work again..
akefile
|
d0ae04e7ee969882f6558f2ef8bca89a2d226e62 |
04-Mar-2003 |
Lutz Preßler <lp@sernet.de> |
fix listing of conntrack match (lp@sernet.se) (Closes: #60)
ibipt_conntrack.c
|
9230c11493abb0622f3df5f1cd6ccacbbf40cef3 |
03-Mar-2003 |
Hervé Eychenne <rv@wallfire.org> |
add iptables 'helper' match manpage section (Herve Eychenne)
ibipt_helper.c
|
d5903958e7fee47fa2828d7b2dc86238a15fa3dd |
03-Mar-2003 |
Stephen Frost <sfrost@snowman.net> |
'recent' match update by Stephen Frost: - Moved RECENT_NAME/RECENT_VER #define's to ipt_recent.h - Added #define for IPT_RECENT_NAME_LEN instead of using constants directly - Changed default packet count list length to 20 instead of 10 - Added option to define permissions for proc files created under /proc/net/ipt_recent - Changed printfs to be unsigned for unsigned variables - Added explicit NULL termination for table name - Fixed TTL checking to deal with TTL decrementing in routing logic, should work across chains now. - Side to check/set against is no longer per-table but per-rule, default src - Created unsigned time_temp for time caluclations instead of using signed temp variables - Fixed spinlock handling in checkentry to not vmalloc while holding a spinlock. - Cleaned up memory free'ing routines to correctly free all memory on failure - Fixed spinlock handling in destroy to not free while holding spinlock - Added sanity check to hash table size, if an invalid size is given the default will be used instead and a warning generated. - Fixed save() function in libipt_recent.c - Cleaned up and shortened recent.patch.help
ibipt_recent.c
|
f8ac329cc9a8822273aefc6686d58cae07e8a8f9 |
26-Feb-2003 |
Michael Rash <mbr@cipherdyne.com> |
Add support for hex strings (Michael Rash)
ibipt_string.c
|
a2c70378a8ed7df652757dec01b9cc4b022b2f1c |
25-Feb-2003 |
Stephane Ouellette <ouellettes@videotron.ca> |
update to condition extension, add condition6 (Stephane Ouellette)
condition-test6
ibip6t_condition.c
ibipt_condition.c
|
fc9237da4e8455e34193a56e56e561d7cd0b31ba |
25-Feb-2003 |
Harald Welte <laforge@gnumonks.org> |
Fix '-p icmp -m icmp' issue (Closes: #37)
ibipt_icmp.c
|
1254871c88483cc1a0adc448a83cab6a9d4510a1 |
11-Feb-2003 |
Bart De Schuymer <bdschuym@pandora.be> |
add libipt_physdev.c (Bart de Schumyer)
akefile
ibipt_physdev.c
|
31ad6a249f3ead10e5d4111498f8022eb1169e19 |
01-Feb-2003 |
Harald Welte <laforge@gnumonks.org> |
u32 match added
u32-test
ibipt_u32.c
|
4ac9fddb50eb4898f145d6daf14cbf97702ee763 |
13-Jan-2003 |
Harald Welte <laforge@gnumonks.org> |
fix typo in help message
ibipt_ECN.c
|
21218c8f083e36d905fddf7957dc91b35a15ffb4 |
12-Jan-2003 |
Harald Welte <laforge@gnumonks.org> |
no absolute include paths
ibipt_rpc.c
|
2aa84a489a9294730cf856f48bcf4802c04187ae |
12-Jan-2003 |
Harald Welte <laforge@gnumonks.org> |
add support for rpc match
akefile
ibipt_rpc.c
|
eb1c6464bb19d6192543473dc9d9835e00ba1435 |
08-Jan-2003 |
Cédric de Launois <delaunois@info.ucl.ac.be> |
december update to ROUTE target ;)
ibipt_ROUTE.c
|
60358d73482620aeafc34f38df36e462875fd244 |
08-Jan-2003 |
Maciej Soltysiak <solt@dns.toxicfilms.tv> |
apply ipv6 hoplimit (hl match, HL target) patch (Maciej Soltysiak <solt@dns.toxicfilms.tv>)
ibip6t_HL.c
ibip6t_hl.c
|
fcb1646bf7c511d300b4c3ce916c3d835b9d63b0 |
06-Jan-2003 |
Harald Welte <laforge@gnumonks.org> |
fix save() function when used with !
ibip6t_mac.c
|
d0b0ca42600b2a11009529f9cc2d21af5f60c1c8 |
06-Jan-2003 |
Harald Welte <laforge@gnumonks.org> |
attempt to fix save/restore of '! --uid-owner squid' problem as reported by Costa Tsaousis
ibipt_owner.c
|
4e53670bda3a61cdfc69c62f9748e208ccf9a5ba |
05-Dec-2002 |
Aaron Hopkins <lists@die.net> |
add TARPIT target (Aaron Hopkins)
akefile
ibipt_TARPIT.c
|
a858ef6873cefb349530a1051c4ec21b04fee207 |
05-Dec-2002 |
Cédric de Launois <delaunois@info.ucl.ac.be> |
new '--to' option to route target (by original author)
ibipt_ROUTE.c
|
c8c0f409a365cf6ad503454f15ea071108587204 |
05-Dec-2002 |
Gerry Skerbitz <gsker@attbi.com> |
fix save() functions of libip[6]t_length (Gerry Skerbitz)
ibip6t_length.c
ibipt_length.c
|
dfba3ac05e9844a07e87d2c01be4917dc1a487c1 |
05-Dec-2002 |
Michael Schwendt <rh0209ms@arcor.de> |
Fix save() function of libipt_conntrack (Michael Schwendt)
ibipt_conntrack.c
|
2ef6881edb3509b5ed650e5a1ad1f78ea0d06560 |
05-Dec-2002 |
Oskar Berggren <beo@sgs.o.se> |
fix save() function of libipt_pool (Oskar Berggren)
ibipt_pool.c
|
9647359b12021df45159f38d6c16687b58623434 |
05-Dec-2002 |
Harald Welte <laforge@gnumonks.org> |
fix save function of libipt_tos
ibipt_tos.c
|
d57b0609ef00da33bcbc4a7b718a88b141f06c28 |
02-Nov-2002 |
Stephane Ouellette <ouellettes@videotron.ca> |
add condition patch (Stephane Ouelle)
condition-test
ibipt_condition.c
|
c25718248bcb0ab737449226b9bf9416a5435b43 |
22-Oct-2002 |
Harald Welte <laforge@gnumonks.org> |
update Fabrice's email address
ibipt_IPV4OPTSSTRIP.c
ibipt_nth.c
ibipt_random.c
|
a18c0006bff022e75facd34608a7a0c2f6bd5380 |
02-Oct-2002 |
Harald Welte <laforge@gnumonks.org> |
print space between '!' and mac address (Kristian Gronfeldt Sorensen)
ibipt_mac.c
|
42479ccb51bc11c7097b6c0fdca63766fe298cd6 |
20-Sep-2002 |
Harald Welte <laforge@gnumonks.org> |
fix connmark and mark match save() functions
ibipt_connmark.c
ibipt_mark.c
|
b05758a974c02c3c12449a102d82721da1073db5 |
15-Sep-2002 |
Jimmy Hedman <jimmy.hedman@southpole.se> |
make save() function use quotes for --ulog-prefixto allow prefixes with spaces (Jimmy Hedman)
ibipt_ULOG.c
|
010491fd08073baedbbb8407056de4428306c936 |
12-Sep-2002 |
Michael Schwendt <mschwendt@yahoo.com> |
Fix save() functions of mac match,ipv4 and ipv6. (Michael Schwendt)
ibip6t_mac.c
ibipt_mac.c
|
e95bd7a204bd19bc526e599730bc86657d07f57b |
07-Sep-2002 |
Michael Schwendt <mschwendt@yahoo.com> |
make IPv4 and IPv6 LOG target save() the log-level as string, instead of the numeric value. (Michael Schwendt)
ibip6t_LOG.c
ibipt_LOG.c
|
a713ce0dba73e45d569bf62fdb5248bc1d4694e9 |
05-Sep-2002 |
Harald Welte <laforge@gnumonks.org> |
fix save function of tcpmss match (Michael Schwendt)
ibipt_tcpmss.c
|
769ef3058d9236905ddd69f3b1efce6833407350 |
29-Aug-2002 |
Harald Welte <laforge@gnumonks.org> |
remove bogus '\n'
ibipt_ULOG.c
|
070b7af06a088772451fcca25595a0fb2e2ea541 |
26-Aug-2002 |
Hime Junior <hime@engineer.com> |
add fuzzy support (Hime Junior)
fuzzy-test
ibipt_fuzzy.c
|
2a7116ec8070adfe2c17abf822e23c8875da164e |
26-Aug-2002 |
Harald Welte <laforge@gnumonks.org> |
make NO_SHARED_LIBS work again (Roberto Nibali)
ibipt_dscp_helper.c
|
f4e6683c5a4c80e494a2167d1a64d1b9c63587aa |
09-Aug-2002 |
Harald Welte <laforge@gnumonks.org> |
make libipt_helper.so build always, since it's now submitted to 2.4.20
helper-test
akefile
|
e0f47ada0d9b447333ef9f4ece4cc32438ab989a |
07-Aug-2002 |
Harald Welte <laforge@gnumonks.org> |
remove bogus argument to printf()
ibipt_ECN.c
|
a49ded0aced6e22e4fcc7a6463e0366e05550b37 |
07-Aug-2002 |
Harald Welte <laforge@gnumonks.org> |
rename '--class' into '--dscp-class' and '--set-class' into '--set-dscp-class' in order not to waste the namespace
ibipt_DSCP.c
ibipt_dscp.c
|
ef22543936c50c57a8eab412a93a4d07d63e0e83 |
07-Aug-2002 |
Harald Welte <laforge@gnumonks.org> |
rename 'host' in 'unicast'
ibipt_pkttype.c
|
31d12a598c80f609e68550cf043b1c6b2fd0e35e |
06-Aug-2002 |
Harald Welte <laforge@gnumonks.org> |
do not show potentially dangerous parameteres of ECN target (Alexey)
ibipt_ECN.c
ibipt_MARK.c
|
92cad5f4a349daac294332b8f8f696b43c55d3fc |
06-Aug-2002 |
Harald Welte <laforge@gnumonks.org> |
fix typo in help message
ibipt_ECN.c
|
c05c44fc6018fcd94df499c981d846ff20882c4c |
05-Aug-2002 |
Harald Welte <laforge@gnumonks.org> |
fix ECN_OP_SET_IP case (missing flags assignment and break stmt)
ibipt_ECN.c
|
0e9ed738e0344ccb75b457dac5291f0849944c61 |
05-Aug-2002 |
Harald Welte <laforge@gnumonks.org> |
remove bogus ECN_SHIFT from libipt_ecn.c
ibipt_ecn.c
|
6e85beb63aa4bd2e7a6c2b6e4e58ca92f3156ba5 |
03-Aug-2002 |
Harald Welte <laforge@gnumonks.org> |
make MARK target use string_to_number [and thus report range overflows].
ibipt_MARK.c
|
d15fb34c777c10a67f8db2b6960bc094b3284fc5 |
26-Jul-2002 |
Harald Welte <laforge@gnumonks.org> |
check for invalid port ranges (Thomas Poehnitz)
ibip6t_tcp.c
ibip6t_udp.c
ibipt_tcp.c
ibipt_udp.c
|
158b0909fe185e7b6dfe3881add797b6d9bda30a |
23-Jul-2002 |
Harald Welte <laforge@gnumonks.org> |
add hint about local-nat.patch to KNOWN_BUGS, make libipt_ecn work
ibipt_ecn.c
|
b7ff0ae0f43d338bcdaac3e334f95c7835b49774 |
08-Jul-2002 |
András Kis-Szabó <kisza@securityaudit.hu> |
2x bugfixes for libip6t_tcp from Andras Kis-Szabo
ibip6t_tcp.c
|
7e25327907409e0369d0fb0527f68f3b8db777be |
24-Jun-2002 |
Cédric de Launois <delaunoi@info.ucl.ac.be> |
update ROUTE target to 0.2.2 (Cedric de Launois)
ibipt_ROUTE.c
|
0ddae8f8ade1084c38a1408d61b6a16725912283 |
21-Jun-2002 |
Iain Barnes <zenadsl3030@zen.co.uk> |
move DSCP name/value conversion to libipt_dscp_helper.c (Iain Barnes)
ibipt_DSCP.c
ibipt_dscp.c
ibipt_dscp_helper.c
|
7fdbc95796b8e592a445b3fb599fc99c25fc826b |
21-Jun-2002 |
Stephen Frost <sfrost@snowman.net> |
version 0.2.1 of ipt_recent patch (stephen frost)
ibipt_recent.c
|
ae31bb6bac68f800a1e4b30cf2548dacaaf76102 |
14-Jun-2002 |
Fabrice MARIE <fabrice@celestix.com> |
fix all compile warnings within iptables extensions (fabrice)
ibip6t_REJECT.c
ibip6t_dst.c
ibip6t_hbh.c
ibip6t_rt.c
ibipt_recent.c
|
2318b508d123fea7a3bc267650ba7b6acec24342 |
13-Jun-2002 |
Cédric de Launois <delaunoi@info.ucl.ac.be> |
add ROUTE target / rsip table
ROUTE-test
ibipt_ROUTE.c
|
671ef2f51def8575b0f9d37780be43be2373929d |
04-Jun-2002 |
Harald Welte <laforge@gnumonks.org> |
pool compile fixes
ibipt_POOL.c
|
cff123aad2eecb9ca178a567469898575ae50a65 |
04-Jun-2002 |
Harald Welte <laforge@gnumonks.org> |
make connmark patch comply with NO_SHARED_LIBS
ibipt_CONNMARK.c
ibipt_connmark.c
|
7a44731615d950a2966737d1d1c960859023f3a3 |
29-May-2002 |
Harald Welte <laforge@gnumonks.org> |
add ECN match plugin
akefile
ibipt_ecn.c
|
7b49af40179706d42d98cb72330a07df37dcb7ea |
29-May-2002 |
Harald Welte <laforge@gnumonks.org> |
make ECN save function correcly save --ecn-tcp-remove
ibipt_ECN.c
|
80fe35d6339b53a12ddaec41885613e4e37ed031 |
29-May-2002 |
Harald Welte <laforge@gnumonks.org> |
globally replace NETFILTER_VERSION with IPTABLES_VERSION to have consistent naming
ibip6t_LOG.c
ibip6t_MARK.c
ibip6t_REJECT.c
ibip6t_ah.c
ibip6t_dst.c
ibip6t_esp.c
ibip6t_eui64.c
ibip6t_frag.c
ibip6t_hbh.c
ibip6t_icmpv6.c
ibip6t_ipv6header.c
ibip6t_length.c
ibip6t_limit.c
ibip6t_mac.c
ibip6t_mark.c
ibip6t_multiport.c
ibip6t_owner.c
ibip6t_rt.c
ibip6t_standard.c
ibip6t_tcp.c
ibip6t_udp.c
ibipt_BALANCE.c
ibipt_CONNMARK.c
ibipt_DNAT.c
ibipt_DSCP.c
ibipt_ECN.c
ibipt_FTOS.c
ibipt_IPV4OPTSSTRIP.c
ibipt_LOG.c
ibipt_MARK.c
ibipt_MASQUERADE.c
ibipt_MIRROR.c
ibipt_NETLINK.c
ibipt_NETMAP.c
ibipt_POOL.c
ibipt_REDIRECT.c
ibipt_REJECT.c
ibipt_SAME.c
ibipt_SNAT.c
ibipt_TCPMSS.c
ibipt_TOS.c
ibipt_TTL.c
ibipt_ULOG.c
ibipt_ah.c
ibipt_connlimit.c
ibipt_connmark.c
ibipt_conntrack.c
ibipt_dscp.c
ibipt_esp.c
ibipt_helper.c
ibipt_icmp.c
ibipt_ipv4options.c
ibipt_length.c
ibipt_limit.c
ibipt_mac.c
ibipt_mark.c
ibipt_mport.c
ibipt_multiport.c
ibipt_nth.c
ibipt_owner.c
ibipt_pkttype.c
ibipt_pool.c
ibipt_psd.c
ibipt_quota.c
ibipt_random.c
ibipt_realm.c
ibipt_recent.c
ibipt_record_rpc.c
ibipt_standard.c
ibipt_state.c
ibipt_string.c
ibipt_tcp.c
ibipt_tcpmss.c
ibipt_time.c
ibipt_tos.c
ibipt_ttl.c
ibipt_udp.c
ibipt_unclean.c
|
1c8fa733e6092029d97bc5b2b6a4cb13b513f2f0 |
29-May-2002 |
Harald Welte <laforge@gnumonks.org> |
fix help message printout
ibipt_ECN.c
|
c980a240bad8f8995805df3bfdfb18180dd08d03 |
29-May-2002 |
Harald Welte <laforge@gnumonks.org> |
bring ECN plugin in sync with new ECN target
ibipt_ECN.c
|
2ea56498b07506c00a511ddee39cb1c4bd85457d |
29-Apr-2002 |
András Kis-Szabó <kisza@securityaudit.hu> |
new HBH and DSTopts match for IPv6 by kisza
opts-test6
ibip6t_dst.c
ibip6t_hbh.c
|
fce8699bb8e87b0156a15df2358d1e7dc8222c16 |
29-Apr-2002 |
András Kis-Szabó <kisza@securityaudit.hu> |
Route6 updates by Kisza: - Type0 address handling (up to 16 addresses) - 'soft' mode (--rt-0-not-strict): the address list in the packet is not exactly the same, but contains all the specified addresses in the same order
ibip6t_rt.c
|
23e296c911cabd9ab488cdf2be54a67cd2f5b96c |
27-Apr-2002 |
Harald Welte <laforge@gnumonks.org> |
this file was missed during commit
rt-test6
|
d8a12a841de648bd38dc52ba624d1ed1810a6333 |
24-Apr-2002 |
András Kis-Szabó <kisza@securityaudit.hu> |
Some ipv6 fixes by kisza: AH save function fix (problem with --len ! 0) FRAG help fix FRAG save and prtint fix (problem with --len [!] 0)
ibip6t_ah.c
ibip6t_frag.c
|
a42041665a9d5d08d52a5f1a27916743fbb2736c |
24-Apr-2002 |
András Kis-Szabó <kisza@securityaudit.hu> |
New 'route6' match by kisza.
ibip6t_rt.c
|
f6ed1d60cf9186333f2bca4fb581585c7263eedf |
16-Apr-2002 |
Bob Hockney <zeus@ix.netcom.com> |
fix libipt_mport save/restore (Bob Hockney)
ibipt_mport.c
|
df5e13f1606f341d3ca513b51acd295d6d4c7ee7 |
11-Apr-2002 |
Iain Barnes <igbarnes@yahoo.co.uk> |
DSCP class support (Iain Barnes)
ibipt_DSCP.c
|
5cc4f7ef79a227e1825dd4496ca5c72a31400af8 |
10-Apr-2002 |
Silvan Minghetti <bullet@users.sourceforge.net> |
Fix gcc3 compile errors (Silvan Minghetti)
ibipt_ECN.c
ibipt_owner.c
|
4b5566b718ccd52a11d5eabe1de9b1f4ff10ce41 |
01-Apr-2002 |
A. van Schie <a.van.schie@quicknet.nl> |
fix bug in save() function of MASQUERADE target (A. van Schie)
ibipt_MASQUERADE.c
|
f0ac814a2137abe334bd0000d59e9be4721e1ddc |
26-Mar-2002 |
Harald Welte <laforge@gnumonks.org> |
fix to save() and restore() functions of ah/esp match.
ibipt_ah.c
ibipt_esp.c
|
f1f447b836a714b4646450aaed3dd1aa6ab2808a |
26-Mar-2002 |
András Kis-Szabó <kisza@securityaudit.hu> |
new ip6 FRAG match by kisza
frag-test6
ibip6t_frag.c
|
d32980df1da9d81a93280b4f0e023c58055c4b0c |
25-Mar-2002 |
Harald Welte <laforge@gnumonks.org> |
Add AH/ESP match for ipv6
ah-test6
esp-test6
ibip6t_ah.c
ibip6t_esp.c
|
e920f29853671e9a7f7fea3e0b43305136793159 |
24-Mar-2002 |
Harald Welte <laforge@gnumonks.org> |
ipv6 agr match now called eui64
ibip6t_agr.c
ibip6t_eui64.c
|
07b69b60e98f7be23b7038b64b6d170be3ab7791 |
19-Mar-2002 |
Harald Welte <laforge@gnumonks.org> |
rename ipv6_agr to ipv6_eui64
akefile
|
d46818effcc8ccb7d312396ebf1b0b82c72b6216 |
18-Mar-2002 |
Harald Welte <laforge@gnumonks.org> |
Fix ip6tables save/restore '! --syn' output of libip6t_tcp.c
ibip6t_tcp.c
|
3198b9c029a17517214d5b17d577433f0e377cd7 |
18-Mar-2002 |
Harald Welte <laforge@gnumonks.org> |
compile libip6t_agr by default
agr-test6
akefile
|
d75a2aaf00b87c95b091a1b733a1c17ae51a950a |
18-Mar-2002 |
Harald Welte <laforge@gnumonks.org> |
make libipt_conntrack compile by default
conntrack-test
akefile
|
ec03bdf9a8a645c2c4a644009475dc9d75a72558 |
18-Mar-2002 |
Harald Welte <laforge@gnumonks.org> |
libipt_pkttype now compiled by default
pkttype-test
akefile
|
3c5bd600130c14f1049fd3e75cb4cef20c069a6b |
14-Mar-2002 |
Harald Welte <laforge@gnumonks.org> |
fixed stupid typo. why does this always have to happen _after_ the release?
ibipt_conntrack.c
|
2757fd7400c98ce23c28f42a869d0313e8e62627 |
14-Mar-2002 |
Harald Welte <laforge@gnumonks.org> |
add FTOS test file
FTOS-test
|
487d1d39b6457a4a3aeb2b9dac3b1925a003a3e1 |
14-Mar-2002 |
Harald Welte <laforge@gnumonks.org> |
add DSCP match
akefile
ibipt_dscp.c
|
b77f1dafb9f35752bb9685323bcacb32a0e6ddc5 |
14-Mar-2002 |
Harald Welte <laforge@gnumonks.org> |
Fix 'iptables -p !' bug (segfault when `!' used without argument)
ibip6t_LOG.c
ibip6t_REJECT.c
ibip6t_icmpv6.c
ibip6t_ipv6header.c
ibip6t_length.c
ibip6t_limit.c
ibip6t_mac.c
ibip6t_mark.c
ibip6t_owner.c
ibip6t_tcp.c
ibip6t_udp.c
ibipt_BALANCE.c
ibipt_DNAT.c
ibipt_LOG.c
ibipt_MASQUERADE.c
ibipt_NETLINK.c
ibipt_NETMAP.c
ibipt_REDIRECT.c
ibipt_REJECT.c
ibipt_SAME.c
ibipt_SNAT.c
ibipt_TTL.c
ibipt_ULOG.c
ibipt_ah.c
ibipt_connlimit.c
ibipt_connmark.c
ibipt_conntrack.c
ibipt_esp.c
ibipt_helper.c
ibipt_icmp.c
ibipt_length.c
ibipt_limit.c
ibipt_mac.c
ibipt_mark.c
ibipt_owner.c
ibipt_pkttype.c
ibipt_pool.c
ibipt_quota.c
ibipt_realm.c
ibipt_recent.c
ibipt_state.c
ibipt_string.c
ibipt_tcp.c
ibipt_tcpmss.c
ibipt_tos.c
ibipt_ttl.c
ibipt_udp.c
|
dffa8ddb43ca2d5bfe7344daea2f6e80c5adaa58 |
14-Mar-2002 |
Harald Welte <laforge@gnumonks.org> |
add length match to default extension build list
akefile
|
e0a71a88ca64bc139d9cf93d984e21984875c5c1 |
03-Mar-2002 |
András Kis-Szabó <kisza@securityaudit.hu> |
Makefile fix for owner mac multiport limit (kisza)
akefile
|
3068e95d6f9aa3e28d0a1bd3ff8adcbd96d77823 |
03-Mar-2002 |
Harald Welte <laforge@gnumonks.org> |
Add LOGv6 to Makefile list
akefile
|
0e81d5db9ca61069e213236582deedb61dd38b45 |
25-Feb-2002 |
Harald Welte <laforge@gnumonks.org> |
add support for connmark match/target
CONNMARK-test
connmark-test
ibipt_CONNMARK.c
ibipt_connmark.c
|
bbbf9380d044a5ae9c42e36665c3f23c4c4fa429 |
25-Feb-2002 |
Harald Welte <laforge@gnumonks.org> |
Change $Id$ tags
ibipt_TTL.c
ibipt_ttl.c
|
5a15c9a8b29871fc3246ed91423f271041a87c21 |
18-Feb-2002 |
Harald Welte <laforge@gnumonks.org> |
fix cut&paste typo
ibipt_ECN.c
|
385a1dd0f3b01fc0fbd6bcdee9796e0240ea77c1 |
17-Feb-2002 |
Harald Welte <laforge@gnumonks.org> |
add ECN target support
ibipt_ECN.c
|
ed18bad86af91f852fd79aa058a06018bdffc39e |
17-Feb-2002 |
Harald Welte <laforge@gnumonks.org> |
dscp fixes
ibipt_DSCP.c
|
2e7377d3e21c0c93219eea0d38e2ee37308f6150 |
17-Feb-2002 |
Harald Welte <laforge@gnumonks.org> |
add DSCP target support
ibipt_DSCP.c
|
4ab10af3f549e1ea6492c768db3778816fff7f05 |
17-Feb-2002 |
Harald Welte <laforge@gnumonks.org> |
make compilation of libip6t_LOG, libipt_length, libip6t_length and libip6t_owner mandatory
LOG-test6
length-test
length-test6
owner-test6
akefile
|
63c364d6fd20b1f58df9e91bcb4cfea2ebae6507 |
15-Feb-2002 |
Harald Welte <laforge@gnumonks.org> |
fix for psd-delay-threshold > 100
ibipt_psd.c
|
4fce44c21c93fdc358917e6a9238f1de7601b295 |
04-Feb-2002 |
Stephen Frost <sfrost@snowman.net> |
recent patch update by stephen frost
ibipt_recent.c
|
6e9bfc7af3e5c2edd70feb4d03ceeed1de0ed412 |
19-Jan-2002 |
Marc Boucher <marc@mbsi.ca> |
added break; to eliminate gcc3 warning
ibipt_REJECT.c
|
f5c32d633daeccdf4d2bb381fcc7bb5c3cbcd273 |
19-Jan-2002 |
Marc Boucher <marc@mbsi.ca> |
Added support for --cmd-owner option when ownercmd.patch is applied to kernel.
ibipt_owner.c
|
5054e85be306809cf0a484469d7f7f6e16a31646 |
19-Jan-2002 |
Marc Boucher <marc@mbsi.ca> |
general conntrack match module userspace support files
conntrack-test
ibipt_conntrack.c
|
110610b73adbc7b57df53cbc4f6931aa9a82fbaf |
11-Jan-2002 |
Martin Josefsson <gandalf@wlug.westbo.se> |
helper match (Martin Josefsson)
helper-test
ibipt_helper.c
|
426d90102b2fa88e6bdd50248b56fa25465ea9dd |
25-Dec-2001 |
Harald Welte <laforge@gnumonks.org> |
updated ipv6header patch
ibip6t_ipv6header.c
|
46281d4b6f200dfacdbcf25f0d915f9ca2120030 |
18-Dec-2001 |
Harald Welte <laforge@gnumonks.org> |
add new ipv6header match
ipv6header-test6
ibip6t_ipv6header.c
|
48ea58532803c56d31933af3e74af83312748d22 |
07-Dec-2001 |
Harald Welte <laforge@gnumonks.org> |
add timezone support to time match
ibipt_time.c
|
389e3544861d170016c1059abe699d991e341d41 |
06-Dec-2001 |
Marc Boucher <marc@mbsi.ca> |
removed duplicate 'static' keyword.
ibipt_connlimit.c
|
e746abb15df34da1729de8d669c95f1b0b9ecb7c |
03-Dec-2001 |
Harald Welte <laforge@gnumonks.org> |
add quota patch
quota-test
ibipt_quota.c
|
de4f7f6a099e1ea499a5d395f3974263090ca35a |
27-Nov-2001 |
Harald Welte <laforge@gnumonks.org> |
new IPV4OPTSSTRIP target
IPV4OPTSSTRIP-test
ibipt_IPV4OPTSSTRIP.c
|
ddc342cfc6ce1631874c0a787fb1038b0fd5231a |
27-Nov-2001 |
Harald Welte <laforge@gnumonks.org> |
add support for all ipv4 options to the ipv4options match
ibipt_ipv4options.c
|
93c7e5ad01a728c96356ce0325298fa60c39fb1e |
08-Nov-2001 |
Stephen Frost <sfrost@snowman.net> |
add new recent match to patch-o-matic (Stephen Frost)
recent-test
ibipt_recent.c
|
0942dd87902f4f7362245b593447790a8f8ef582 |
22-Oct-2001 |
Harald Welte <laforge@gnumonks.org> |
same set problem as libipt_LOG.c - very, very strange
ibip6t_LOG.c
|
3e44c50eca6081cc26204aef4aa152af24156044 |
22-Oct-2001 |
Harald Welte <laforge@gnumonks.org> |
loglevel patch was missing one line (strange...)
ibipt_LOG.c
|
3b6a948bfaa00834a6529690e504151c2d62034d |
17-Oct-2001 |
Rick Wagner <rwagner@cloudnet.com> |
nth match extension by Rick Wagner
ibipt_nth.c
|
57a11e59267485370012f5bf0852e4ad7a969807 |
17-Oct-2001 |
Harald Welte <laforge@gnumonks.org> |
add " " to log-level save function
ibip6t_LOG.c
|
1412e459e4439cd878d036d1f3191bd70d795b08 |
16-Oct-2001 |
Harald Welte <laforge@gnumonks.org> |
more precise limit rate printing/saving
ibipt_limit.c
|
6b9e8f1dad610edf89e5bdc7d71e28b966184ed4 |
15-Oct-2001 |
Harald Welte <laforge@gnumonks.org> |
string_to_number fix (*sigh*)
ibipt_mport.c
|
cced2e496a974d333b394177d18f8d0b9506e12d |
15-Oct-2001 |
Fabrice MARIE <fabrice@celestix.com> |
added randmo match by Fabrice Maurie
random-test
ibipt_random.c
|
cfaed1f30b83996c3c164ed5e0f14a312262ef05 |
04-Oct-2001 |
Harald Welte <laforge@gnumonks.org> |
IPv6 ICMP naming problem fix
ibip6t_icmpv6.c
|
358a33ec17b3104f85d38cd745e06c8d55eded20 |
02-Oct-2001 |
Fabrice MARIE <fabrice@celestix.com> |
Fabrice MARIE's patch, fixes bug in time parsing of list of days
ibipt_time.c
|
52b6857822bc17ef7c3a18a4c7b28ac4a0282ba0 |
13-Sep-2001 |
Harald Welte <laforge@gnumonks.org> |
i'm stupid and deleted a {
ibip6t_length.c
|
e143b910468734512017d0900673a4ca600931e2 |
13-Sep-2001 |
Harald Welte <laforge@gnumonks.org> |
another string_to_number fix
ibip6t_length.c
|
7a7cc2808efc409711f5fa36be097aec0b2ebca3 |
13-Sep-2001 |
Harald Welte <laforge@gnumonks.org> |
another string_to_number fix
ibip6t_LOG.c
|
670a686db18ebf41cc1454c0c521d2424cd93bbe |
13-Sep-2001 |
Harald Welte <laforge@gnumonks.org> |
removed re-defined structure
ibip6t_length.c
|
459357fa4339716810009fea41209ea47460ae2f |
08-Sep-2001 |
Marc Boucher <marc@mbsi.ca> |
Yet another set of string_to_number() fixes.
ibipt_FTOS.c
ibipt_LOG.c
ibipt_TOS.c
ibipt_time.c
|
2e2d3f394f40ef4ac9f213652b2976e0911cb05c |
02-Sep-2001 |
Harald Welte <laforge@gnumonks.org> |
fix comment
ibipt_realm.c
|
6185c4ba5ecce8fbc3c404dc421a84390131548a |
02-Sep-2001 |
Harald Welte <laforge@gnumonks.org> |
add shared library for lenght-ipv6 match
length-test6
ibip6t_length.c
|
6850af9a17ac0d141e92cb0fad14e30b9ed77273 |
31-Aug-2001 |
Harald Welte <laforge@gnumonks.org> |
bugfix and spelling corrections for psd match
ibipt_psd.c
|
05e0b01bd1cd4035893c33c7084164bd8fab37c8 |
26-Aug-2001 |
Harald Welte <laforge@gnumonks.org> |
second part of SAME patch which I missed to commit :(
ibipt_SAME.c
|
3efb6ead2e51fe1eca55bcb2b06afb4dc4b8cb7c |
06-Aug-2001 |
Harald Welte <laforge@gnumonks.org> |
- added patch to support statically linking of iptables - iptables-save/-restore is no longer experimental
akefile
ibip6t_LOG.c
ibip6t_MARK.c
ibip6t_agr.c
ibip6t_icmpv6.c
ibip6t_limit.c
ibip6t_mac.c
ibip6t_mark.c
ibip6t_multiport.c
ibip6t_owner.c
ibip6t_standard.c
ibip6t_tcp.c
ibip6t_udp.c
ibipt_BALANCE.c
ibipt_DNAT.c
ibipt_FTOS.c
ibipt_LOG.c
ibipt_MARK.c
ibipt_MASQUERADE.c
ibipt_MIRROR.c
ibipt_NETLINK.c
ibipt_NETMAP.c
ibipt_POOL.c
ibipt_REDIRECT.c
ibipt_REJECT.c
ibipt_SAME.c
ibipt_SNAT.c
ibipt_TCPMSS.c
ibipt_TOS.c
ibipt_TTL.c
ibipt_ULOG.c
ibipt_ah.c
ibipt_connlimit.c
ibipt_esp.c
ibipt_icmp.c
ibipt_ipv4options.c
ibipt_length.c
ibipt_limit.c
ibipt_mac.c
ibipt_mark.c
ibipt_multiport.c
ibipt_owner.c
ibipt_pkttype.c
ibipt_pool.c
ibipt_psd.c
ibipt_record_rpc.c
ibipt_standard.c
ibipt_state.c
ibipt_string.c
ibipt_tcp.c
ibipt_tcpmss.c
ibipt_time.c
ibipt_tos.c
ibipt_ttl.c
ibipt_udp.c
ibipt_unclean.c
|
c2dadf028088e2ce26ed60282ef5b1694d091532 |
30-Jul-2001 |
Harald Welte <laforge@gnumonks.org> |
Fixed REJECTv6 compile errors.
REJECT-test6
akefile
|
d6aa9666bebfe9fa1d87ce8d77c40704cd6a6199 |
30-Jul-2001 |
Sampsa Ranta <sampsa@netsonic.fi> |
added realm match from Sampsa Ranta
realm-test
ibipt_realm.c
|
cf655eb194951a93e4e1371747273c12466c1952 |
28-Jul-2001 |
Harald Welte <laforge@gnumonks.org> |
SAME patch update (add --nodst option)
ibipt_SAME.c
|
06e6394cf92b8a3a721a9492f1f2fe6d163a7bea |
23-Jul-2001 |
Marc Boucher <marc@mbsi.ca> |
Fixed string_to_number() return value check.
ibip6t_limit.c
ibipt_limit.c
|
c8af1fd0a9b8e7e39626c7d66ade0ddc93f25fbe |
23-Jul-2001 |
Harald Welte <laforge@gnumonks.org> |
added libip6t_REJECT.c for IPv6 reject support
akefile
ibip6t_REJECT.c
|
b47197629735fa1cb93112dfd7d1c4fbcdb24a95 |
23-Jul-2001 |
Harald Welte <laforge@gnumonks.org> |
further fixes of string_to_number fixes
ibip6t_LOG.c
ibip6t_icmpv6.c
ibip6t_limit.c
ibip6t_multiport.c
ibip6t_tcp.c
ibip6t_udp.c
ibipt_FTOS.c
ibipt_LOG.c
ibipt_NETMAP.c
ibipt_TCPMSS.c
ibipt_TOS.c
ibipt_icmp.c
ibipt_length.c
ibipt_limit.c
ibipt_mport.c
ibipt_multiport.c
ibipt_nth.c
ibipt_psd.c
ibipt_tcp.c
ibipt_tcpmss.c
ibipt_time.c
ibipt_tos.c
ibipt_udp.c
|
b7722f29b7d1e376bc758d25aa5a9e1cd94b2d51 |
21-Jul-2001 |
Harald Welte <laforge@gnumonks.org> |
added n'th packet match to patch-o-matic
nth-test
ibipt_nth.c
|
e0bc7a4eabc45621a7a8cc2a32f178dae51f43e0 |
14-Jul-2001 |
András Kis-Szabó <kisza@sch.bme.hu> |
Major icmpv6 cleanup / fixes by Kis-Szabo Andras.
akefile
ibip6t_icmp.c
ibip6t_icmpv6.c
|
01aadcc84a7dff4dd2cfbdfa2d2d7092e73ed261 |
14-Jul-2001 |
Harald Welte <laforge@gnumonks.org> |
fix srr and add router-alert support to ipv4options patch
ibipt_ipv4options.c
|
30d920a7cf3f9c22f46fc57f938910e37dc83b04 |
16-Jun-2001 |
Harald Welte <laforge@gnumonks.org> |
changed order of port_unreachable / prot_unreachable to reflect kernel enum
ibipt_REJECT.c
|
47caec083cb75915608660a5229812481d45163d |
05-Jun-2001 |
Andreas Ferber <af@devcon.net> |
Andreas Ferber's mulitport with ranges patch.
mport-test
ibipt_mport.c
|
a138ba42689e5581e40d89fbd1f5e0a6eb6ba0d7 |
05-Jun-2001 |
Rusty Russell <rusty@rustcorp.com.au> |
DO_IPV6 fix.
akefile
|
06d0b25aafaebd5726c222f705ce990e31ff423c |
21-May-2001 |
Harald Welte <laforge@gnumonks.org> |
typo (it's BM_MAX_NLEN, not BM_MAX_LEN) (reported by s I n)
ibipt_string.c
|
97b3fdef41a009e54a0595b78c57f93b63f92469 |
12-May-2001 |
Harald Welte <laforge@gnumonks.org> |
fixed bug in save() function causing it to print '--reject-with reject-with' in all cases
ibipt_REJECT.c
|
b2f9cb7591c0cb19a1dc8c56e283b46255da916e |
03-May-2001 |
Svenning Soerensen <svenning@post5.tele.dk> |
New NETMAP target in p-o-m, by Svenning Soerenson
NETMAP-test
ibipt_NETMAP.c
|
147a2be5ef19af6ef3842f496d1de2ae3e679ecc |
02-May-2001 |
Fabrice MARIE <fabrice_marie_sec@yahoo.com> |
Added Fabrice Marie's port of the length match
length-test
ibipt_length.c
|
97013f608752b04c707babbbd74fe8c214704611 |
01-May-2001 |
Harald Welte <laforge@gnumonks.org> |
gianni tedesco's last patch was broken... now compilation works again
akefile
|
64bb2a11065e09d5a26fb1b4c690f07a63f67fe0 |
30-Apr-2001 |
Gianni Tedesco <gianni@ecsc.co.uk> |
NETLINK target fixes, by original author (Gianni Tedesco)
akefile
|
d7e251f04f4e9dc8e823e2893a5961f9aaac28ab |
27-Apr-2001 |
Fabrice MARIE <fabrice_marie_sec@yahoo.com> |
Fabrice Marie's timestamp extensions fixes.
ibipt_time.c
|
b5166476721dd0b663f52bd220ef008ca269c0dc |
19-Apr-2001 |
Harald Welte <laforge@gnumonks.org> |
pkttype match (new) + scorefile, libiptc C++ compatibility + scorefile
pkttype-test
ibipt_pkttype.c
|
0b4efeac23186338da90a08fa48f0fd0aa293740 |
12-Apr-2001 |
Harald Welte <laforge@gnumonks.org> |
tcp match numerical output bugfix
ibip6t_tcp.c
ibipt_tcp.c
|
94a7c27009a1f045484e9fb9ccfff37a8f034c10 |
12-Apr-2001 |
Gerd Knorr <kraxel@bytesex.org> |
Gerd Knorr's fixes to iplimit match
ibipt_connlimit.c
|
81adae9a58248bf0b027708cf9c5b0b7b2b956d7 |
12-Apr-2001 |
András Kis-Szabó <kisza@sch.bme.hu> |
integrated the ip6_agr match from Kis-Szabo Andras
agr-test6
ibip6t_agr.c
|
5ea4bcb45a70f79a8df53caddeeeccfa90d735ae |
25-Mar-2001 |
Harald Welte <laforge@gnumonks.org> |
added new time match, added new ipv4options match
ipv4options-test
time-test
akefile
ibipt_ipv4options.c
ibipt_time.c
|
18f1aff721e19486d87342abb594831b08b1083e |
25-Mar-2001 |
Harald Welte <laforge@gnumonks.org> |
updated SAME match
SAME-test
ibipt_SAME.c
|
3452e0ba31efe962daea8bf85f8b3a9253449c1a |
19-Mar-2001 |
Gianni Tedesco <gianni@ecsc.co.uk> |
NETLINK patch from Gianni Tedesco. This time complete.
ibipt_NETLINK.c
|
963bdcc39ffa1e5126f8b11ee98a3e0d1d873f8d |
16-Mar-2001 |
Harald Welte <laforge@gnumonks.org> |
bug in libipt_REDIRECT save function fixed
ibipt_REDIRECT.c
|
008a83fad0f131e08d03235e7615fb392d1f3c3b |
28-Feb-2001 |
Rusty Russell <rusty@linuxcare.com.au> |
Move some include files to be present always, so build always includes them even if patches not applied (eg. for distributions).
FTOS-test
TCPMSS-test
TTL-test
ULOG-test
ah-esp-test
iplimit-test
ttl-test
akefile
|
764316a133db8e5e2d1f2a9d941ffae993d7c9d9 |
26-Feb-2001 |
András Kis-Szabó <kisza@sch.bme.hu> |
ip6tables-save/-restore by Kis-Szabo Andras
ibipt_string.c
|
f419f759735f33721a9506230d9444fb3dce5024 |
19-Feb-2001 |
Martin Josefsson <gandalf@wlug.westbo.se> |
New SAME nat target added. (contrib by Martin Josefsson)
SAME-test
ibipt_SAME.c
|
dc8af0ffcdce70d570348d39212da083a0ed6f80 |
16-Feb-2001 |
Jan Rekorajski <baggins@sith.mimuw.edu.pl> |
Port of IPv6 owner match, fixes for IPv6 limit mac and multiport matches (Jan Rekorajski)
owner-test6
ibip6t_limit.c
ibip6t_mac.c
ibip6t_multiport.c
ibip6t_owner.c
|
3ff7df41e88653e7b21c5d0bba538ded85cb950a |
15-Feb-2001 |
Jan Rekorajski <baggins@sith.mimuw.edu.pl> |
LOG Target for IPv6 (Jan Rekorajski)
LOG-test6
NETLINK-test
ibip6t_LOG.c
ibipt_NETLINK.c
|
cd44ffd23c82255aae364095815c2f463e8be302 |
05-Feb-2001 |
Harald Welte <laforge@gnumonks.org> |
psd match fix. Due to a typo in the pathname not all files have been applied.
psd-test
ibipt_psd.c
|
d3beea368e0f293d8822153366e38e0d62fcea6a |
31-Jan-2001 |
Harald Welte <laforge@gnumonks.org> |
new extension for new ULOG target (in-kernel queuing, netlink multipart msg)
ibipt_ULOG.c
|
eea8a933dc92df7e53ebe54a7a94aeb30b3f8b2f |
24-Jan-2001 |
Harald Welte <laforge@gnumonks.org> |
--log-prefix and --ulog-prefix problem when not quoted in save function (reported and fixed by Bart Theunissen)
ibipt_LOG.c
ibipt_ULOG.c
|
55bfdee763153a9d35efb95c689e9383cab44808 |
07-Jan-2001 |
Rusty Russell <rusty@linuxcare.com.au> |
Forgot to add this before, I think.
ibipt_record_rpc.c
|
d9c66ba7131b1418cdd28aab3075d32a8b47519d |
18-Dec-2000 |
Matthew G. Marsh <mgm@paktronix.com> |
Matthew G. Marsh's FTOS patch.
FTOS-test
ibipt_FTOS.c
|
d2d0263ce2d8448fb0f470f732ca39b655ed599d |
18-Dec-2000 |
Gerd Knorr <kraxel@bytesex.org> |
Gerd Knorr's iplimit.
iplimit-test
ibipt_connlimit.c
|
2047109a61d5c6014de628d306ac53ce864e9db8 |
18-Dec-2000 |
Rusty Russell <rusty@linuxcare.com.au> |
Test for record rpc.
record-rpc-test
|
bd8382bb9aa4963fde2b58550cffe190fad02ddc |
18-Dec-2000 |
Rusty Russell <rusty@linuxcare.com.au> |
Stop --reject-with echo-reply (won't be supported soon).
ibipt_REJECT.c
|
7559e07f9256c204c932aeb4036f471b037a01b6 |
16-Nov-2000 |
Harald Welte <laforge@gnumonks.org> |
added shlib plugin for ipv6 mark match
ibip6t_mark.c
|
d870b461bd54fdc090446cb4657fb92312619461 |
13-Nov-2000 |
Harald Welte <laforge@gnumonks.org> |
shlib plugin foer ip6tables MARK added
akefile
ibip6t_MARK.c
|
1441c4281ed4a9ef6d69f1e280a8f098ee336d7a |
13-Nov-2000 |
Harald Welte <laforge@gnumonks.org> |
new revision of TTL and ttl patch. Match bugfixed, supports now == !+ < >
ibipt_TTL.c
ibipt_ttl.c
|
67f23b2b40e937b3a20b4de4aa7bad7d2768e68e |
05-Nov-2000 |
Harald Welte <laforge@gnumonks.org> |
small fixes in the save() function of the ULOG and tcp extension
ibipt_ULOG.c
ibipt_tcp.c
|
1bea61a58fd16ed4d856160bbd1ef7ed78bfe187 |
24-Oct-2000 |
Harald Welte <laforge@gnumonks.org> |
minor output bug in save()
ibipt_ULOG.c
|
d4d9196c690b9fa4235cb7bbb68b395018d60150 |
23-Oct-2000 |
Rusty Russell <rusty@linuxcare.com.au> |
BALANCE target alpha support.
BALANCE-test
ibipt_BALANCE.c
|
703828fffcbcefa7adf1b835ffe930d91dcb75d7 |
04-Oct-2000 |
Harald Welte <laforge@gnumonks.org> |
Harald Welte's ttl stuff. This patch adds two new modules to the netfilter CVS patch-o-matic system: A TTL match and a TTL target for setting/incrementing/decrementing the TTL.
TTL-test
ttl-test
ibipt_TTL.c
ibipt_ttl.c
|
3071913784b69423fd25c3db2344e585872920cc |
04-Oct-2000 |
Emmanuel Roger <winfield@freegates.be> |
Emmanuel Roger's string matching patch.
string-test
ibipt_string.c
|
711fcbed84130ecf85208f4d8d25654d61b90962 |
12-Sep-2000 |
Marc Boucher <marc@mbsi.ca> |
Added support for --clamp-mss-to-pmtu option.
ibipt_TCPMSS.c
|
44540942fbd1f2a0f0dcd7247275a702bcf45a02 |
12-Sep-2000 |
Marc Boucher <marc@mbsi.ca> |
Fixed small typo.
ibipt_ULOG.c
|
3172807273373cfd08a98be2faf20af9a5b37554 |
01-Sep-2000 |
Rusty Russell <rusty@linuxcare.com.au> |
Derrik Pates's tcpflags wrong way round when -n no specified.
ibipt_tcp.c
|
2d01dca3d4e918d0c7d66fab4620050a1c72bca2 |
01-Sep-2000 |
Rusty Russell <rusty@linuxcare.com.au> |
print and save can be NULL.
ibipt_MIRROR.c
ibipt_unclean.c
|
fa9f9f907c7bb92a858127157084c6368fae23cf |
01-Sep-2000 |
Rusty Russell <rusty@linuxcare.com.au> |
Fixed ! test cases.
ibipt_tcp.c
|
78001feee0f4cbc404c824261b6867c96fc6091d |
01-Sep-2000 |
Rusty Russell <rusty@linuxcare.com.au> |
Allow --tcp-flags ! A B.
ibipt_tcp.c
|
d4a8b2887083ce8578019d5b271d9b9b48528a9f |
31-Aug-2000 |
Rusty Russell <rusty@linuxcare.com.au> |
Fixed compile errors.
ibipt_tcpmss.c
|
2ce6ec65c80baf4b4ff381f713d9d8256f044c48 |
30-Aug-2000 |
Rusty Russell <rusty@linuxcare.com.au> |
TCP MSS matching support (untested).
TCPMSS-test
ibipt_tcpmss.c
|
22513345860f790cf74f1b5435ba41a3b432ca4e |
28-Aug-2000 |
Marc Boucher <marc@mbsi.ca> |
Test for TCPMSS target.
TCPMSS-test
|
53adeb104c6065b89db5393c7ad64898d03e4b95 |
27-Aug-2000 |
Marc Boucher <marc@mbsi.ca> |
Marc Boucher's TCPMSS patch.
ibipt_TCPMSS.c
|
524518261009f3f81febfdd8398becc4a80cc941 |
27-Aug-2000 |
Rusty Russell <rusty@linuxcare.com.au> |
Patch-o-matic! now included.
ULOG-test
ah-esp-test
pool-test
akefile
ibipt_POOL.c
ibipt_ah.c
ibipt_esp.c
ibipt_pool.c
|
51d9b755aba51ad769384e1d730596747f995ed1 |
27-Aug-2000 |
Rusty Russell <rusty@linuxcare.com.au> |
Required blank MIRROR target for Harald Welte's dlopen force patch.
ibipt_MIRROR.c
|
b078ef88aebc4b02dfc7d5e21fda317924e2a991 |
23-Aug-2000 |
Rusty Russell <rusty@linuxcare.com.au> |
Disable ULOG (pending patch to make it dependent on header in KERNEL_DIR).
akefile
|
015dffbad370115ef15d9064a807acbe9ef7c60c |
01-Aug-2000 |
Harald Welte <laforge@sunbeam.franken.de> |
Harald Welte gets more ideas...
ibipt_ULOG.c
|
c5bdb40e2d78999e3bfed6256d0fd2df4bba784f |
31-Jul-2000 |
Harald Welte <laforge@sunbeam.franken.de> |
Harald Welte's other file (which Rusty forgot).
ibipt_ULOG.c
|
fdf0433110f16b0534600af2d8980487c8342ac2 |
31-Jul-2000 |
Harald Welte <laforge@sunbeam.franken.de> |
Harald Welte's ULOG target with tests (untested).
akefile
|
52e440e49cfe8f3660a4731c7bf2601baf2d6743 |
12-Jul-2000 |
Rusty Russell <rusty@linuxcare.com.au> |
Remove ICMP packet-filtered option (deprecated). Add tests for RST generation.
ibipt_REJECT.c
|
73f72f541ac4dab538d4d418b9bbf1707b31342b |
03-Jul-2000 |
Rusty Russell <rusty@linuxcare.com.au> |
Aligning matchsize and targetsize now responsibility of extension writers (PPC fix).
ibip6t_icmp.c
ibip6t_standard.c
ibip6t_tcp.c
ibip6t_udp.c
ibipt_DNAT.c
ibipt_LOG.c
ibipt_MARK.c
ibipt_MASQUERADE.c
ibipt_REDIRECT.c
ibipt_REJECT.c
ibipt_SNAT.c
ibipt_TOS.c
ibipt_icmp.c
ibipt_limit.c
ibipt_mac.c
ibipt_mark.c
ibipt_multiport.c
ibipt_owner.c
ibipt_standard.c
ibipt_state.c
ibipt_tcp.c
ibipt_tos.c
ibipt_udp.c
ibipt_unclean.c
|
f7e72d5730420194d6d3e441e881f8d7f217d888 |
20-Jun-2000 |
Rusty Russell <rusty@linuxcare.com.au> |
REJECT enhancements.
ibipt_REJECT.c
|
ee604b7e36f2678bf086e145a184e2403c72389a |
08-Jun-2000 |
Philip Blundell <Philip.Blundell@pobox.com> |
Phil's missing file 8)
ibip6t_standard.c
|
b47050c8c1ffb47ef63be37526e0afd15193c5a8 |
04-Jun-2000 |
Philip Blundell <Philip.Blundell@pobox.com> |
Phil Blundell's new ipv6 extensions.
ibip6t_icmp.c
ibip6t_tcp.c
ibip6t_udp.c
|
57e07af96a28d81281a20ad7a0e9dc189caf4861 |
04-Jun-2000 |
Philip Blundell <Philip.Blundell@pobox.com> |
Phil Blundell: ICMP, TCP and UDP extensions + rule deletion bug.
akefile
|
228e98dd6303af11925235af4cf3c3ec450f3f41 |
27-Apr-2000 |
Rusty Russell <rusty@linuxcare.com.au> |
Alignment fixes (requires kernel patch).
ibipt_DNAT.c
ibipt_SNAT.c
|
849779c4adf8dd65c83fffb65e6b7898df2a55c6 |
23-Apr-2000 |
Rusty Russell <rusty@linuxcare.com.au> |
More fixes and testsuite enhancements.
ibipt_REDIRECT.c
ibipt_limit.c
|
ac761dcadac9d6ac9ad5a957986ddedee651c3ac |
23-Apr-2000 |
Marc Boucher <marc@mbsi.ca> |
Added #include <linux/stddef.h> for offsetof().
ibipt_limit.c
|
edf14cf4b5edb148d7473f067d95e7bd1316900b |
19-Apr-2000 |
Rusty Russell <rusty@linuxcare.com.au> |
Changes to allow matching (for delete) on part of a rule, for rules which change in the kernel (eg. ipt_limit).
ibipt_DNAT.c
ibipt_LOG.c
ibipt_MARK.c
ibipt_REJECT.c
ibipt_SNAT.c
ibipt_TOS.c
ibipt_icmp.c
ibipt_limit.c
ibipt_mac.c
ibipt_mark.c
ibipt_multiport.c
ibipt_owner.c
ibipt_standard.c
ibipt_state.c
ibipt_tcp.c
ibipt_tos.c
ibipt_udp.c
ibipt_unclean.c
|
f9b2e66877b743962a36ec9c37335b9bc3f8b70f |
19-Apr-2000 |
Rusty Russell <rusty@linuxcare.com.au> |
Put ports in network order.
ibipt_MASQUERADE.c
ibipt_REDIRECT.c
|
2382c8c3a126ba82e6da03f79a88f44e7f3caa54 |
07-Apr-2000 |
Marc Boucher <marc@mbsi.ca> |
Fixed typo.
ibipt_udp.c
|
9f2009cbfda7a4e341258322a7c8b462605990af |
07-Apr-2000 |
Marc Boucher <marc@mbsi.ca> |
Fixed save() to properly interpret ports in host byte order and use ':' as range separator.
ibipt_tcp.c
ibipt_udp.c
|
a1ce9f9b8265a8c28facd52f4e3c0465dce2b9f0 |
24-Mar-2000 |
Rusty Russell <rusty@linuxcare.com.au> |
Testsuite update.
ibipt_REJECT.c
|
7e53bf9c2a697abdb6f1385557338423a86612a3 |
20-Mar-2000 |
Rusty Russell <rusty@linuxcare.com.au> |
Makefile fixes for release. Whitespace cleanups.
ibipt_LOG.c
ibipt_MARK.c
ibipt_REJECT.c
ibipt_TOS.c
ibipt_limit.c
ibipt_mark.c
ibipt_tos.c
|
e6869a8f59d779ff4d5a0984c86d80db70784962 |
20-Mar-2000 |
Marc Boucher <marc@mbsi.ca> |
reorganized tree after kernel merge
akefile
ibipt_DNAT.c
ibipt_LOG.c
ibipt_MARK.c
ibipt_MASQUERADE.c
ibipt_REDIRECT.c
ibipt_REJECT.c
ibipt_SNAT.c
ibipt_TOS.c
ibipt_icmp.c
ibipt_limit.c
ibipt_mac.c
ibipt_mark.c
ibipt_multiport.c
ibipt_owner.c
ibipt_standard.c
ibipt_state.c
ibipt_tcp.c
ibipt_tos.c
ibipt_udp.c
ibipt_unclean.c
|