Cross Reference: extensions

xref: /external/iptables/extensions/

• Home
• History
• Annotate
• only in /external/iptables/extensions/

History log of /external/iptables/extensions/

Revision	Date	Author	Comments (<<< Hide modified files) (Show modified files >>>)
e3928b77f18db0fdc615693017c6c15eb71bf4e0	02-Apr-2014	JP Abgrall <jpa@google.com>	Fixup build so that the update from nefilter.org to 1.4.20 works * Keep the generated files needed for building. Used ./configure --enable-static --disable-shared make * Update the various Android *.mk files. Change-Id: If0e45cf6289f0e3dcf3adf73e6ccff86d640f1c0 Signed-off-by: JP Abgrall <jpa@google.com> ndroid.mk ibext.mk
11ef84b856859e7d4a08625d09c8573e5f5eef63	02-Apr-2014	JP Abgrall <jpa@google.com>	Merge remote-tracking branch 'upstream/stable-1.4.20' into update Conflicts: .gitignore include/linux/types.h libiptc/libiptc.c Change-Id: I2c949ba9de090db9ae09d914f4ac5c13e5b7d4da
84d100d6119fd4df196c0e121d8f7ffe4c2076e1	28-Jan-2014	Colin Cross <ccross@android.com>	external/iptables: use local-generated-sources-dir local-intermediates-dir doesn't work for multiarch builds, because each architecture needs a separate intermediates dir. Use local-generated-sources-dir, which gives a directory under $OUT/gen that can be shared by both architectures. Files installed into $OUT/gen/*/*_intermediates and listed in LOCAL_GENERATED_SOURCES will be copied into $OUT/obj*/*/*_intermediates automatically as necessary. (cherry picked from commit b4ad8a418b48b6a7df8f88a276c52f00c1bb43af) Change-Id: I35ed4bc51e694ca4dc8343bc59977f1daeae3abc ibext.mk
cc1f024e0bd08588f0dae6ef83cb6af47dc155fc	28-Jan-2014	Colin Cross <ccross@android.com>	Revert "external/iptables: use local-generated-sources-dir" This reverts commit b4ad8a418b48b6a7df8f88a276c52f00c1bb43af. Change-Id: I7870513ad908957a1370cd8e1f7c0a80d8fbb7bb ibext.mk
b4ad8a418b48b6a7df8f88a276c52f00c1bb43af	28-Jan-2014	Colin Cross <ccross@android.com>	external/iptables: use local-generated-sources-dir local-intermediates-dir doesn't work for multiarch builds, because each architecture needs a separate intermediates dir. Use local-generated-sources-dir, which gives a directory under $OUT/gen that can be shared by both architectures. Files installed into $OUT/gen/*/*_intermediates and listed in LOCAL_GENERATED_SOURCES will be copied into $OUT/obj*/*/*_intermediates automatically as necessary. Change-Id: I78e7898147a0e2303e814e8b93f7cd0edbd2914e ibext.mk
22e7fb7a9e435e8a736ae2c596b57db904a9a1b2	23-Jan-2014	Colin Cross <ccross@android.com>	iptables: rewrite extensions makefile to avoid duplication Move the duplicated parts of the extensions makefile into a separate libext.mk, and include it 3 times from the main makefile. Change-Id: Idcbe1da8e024af895da33e396595e616f52e25ad ndroid.mk ibext.mk
d4cea4666768eeadd0d1fde61e8231bba353d8ee	23-Jan-2014	Colin Cross <ccross@android.com>	iptables: remove $(KERNEL_HEADERS) from include path The kernel headers are already in the include path, and manually adding them again will break on a multiarch build, where the kernel headers may be different for each arch. Change-Id: I20867af3061bbc86d2205f5479c40f6034a61b72 ndroid.mk
9b5ca5cf509bd1ed37ba692082ec6f3f180546c1	05-Dec-2013	Kristian Monsen <kristianm@google.com>	Silence all warnings. Change-Id: I9d180c2da268117a8774290ba49c8774fabd3272 ndroid.mk
76e230e41947576efb96e86e605bb84015cdb287	13-Aug-2013	Jan Engelhardt <jengelh@inai.de>	iptables: link against libnetfilter_conntrack Linking currently fails in --enable-static case: ../extensions/libext.a(libxt_connlabel.o): In function `connlabel_get_name': iptables/extensions/libxt_connlabel.c:57: undefined reference to `nfct_labelmap_get_name' [..] It's libxtables.la(libxt_connlabel.o) using libnetfilter_conntrack. If libnetfilter_conntrack is not found, @libnetfilter_conntrack_CFLAGS@ and @libnetfilter_conntrack_LIBS@ (and their ${} ones) should be empty, therefore producing no harm to include unconditionally. Reported-and-tested-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Florian Westphal <fw@strlen.de> NUmakefile.in
b28d4dcc9f5559e9c03f35458ac103cfb89d8f87	08-Aug-2013	Phil Oester <kernel@linuxace.com>	iptables: state match incompatibilty across versions As reported in Debian bug #718810 [1], state match rules added in < 1.4.16 iptables versions are incorrectly displayed by >= 1.4.16 iptables versions. Issue bisected to commit 0d701631 (libxt_state: replace as an alias to xt_conntrack). Fix this by adding the missing .print and .save functions for state match aliases in the conntrack match. [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718810 Signed-off-by: Phil Oester <kernel@linuxace.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> ibxt_conntrack.c
7b26bafb9be05a23b47653640aadbb61d0032665	28-Jan-2013	Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>	libxt_CT: Add the "NOTRACK" alias Available since Linux kernel 3.8. Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> ibxt_CT.c ibxt_NOTRACK.man
33b529a7208952c250f245557d248e50ce533c7d	06-Jul-2013	Phil Oester <kernel@linuxace.com>	libip6t_LOG: target output is different to libipt_LOG libipt_LOG is using the xtables_save_string func, which escapes unsafe characters as needed. libip6t_LOG should do the same. Signed-off-by: Phil Oester <kernel@linuxace.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> ibip6t_LOG.c
88b73a2bad9fc02355fad70698cc2c9469048abc	15-Jul-2013	Pablo Neira Ayuso <pablo@netfilter.org>	libxt_recent: restore minimum value for --seconds This checking was accidentally removed in (74ded72 libxt_recent: add --mask netmask). Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> ibxt_recent.c
51340f7b6a1103b12d86ef488f7140406d80401e	15-Jul-2013	Florian Westphal <fw@strlen.de>	extensions: libxt_connlabel: use libnetfilter_conntrack Pablo suggested to make it depend on lnf-conntrack, and get rid of the example config file as well. The problem is that the file must be in a fixed path, /etc/xtables/connlabel.conf, else userspace needs to "guess-the-right-file" when translating names to their bit values (and vice versa). Originally "make install" did put an example file into /etc/xtables/, but distributors complained about iptables ignoring the sysconfdir. So rather remove the example file, the man-page explains the format, and connlabels are inherently system-specific anyway. Signed-off-by: Florian Westphal <fw@strlen.de> NUmakefile.in ibxt_connlabel.c ibxt_connlabel.man
a963e217528d2849f32ec6516a1f82450c65f588	12-Jul-2013	Florian Westphal <fw@strlen.de>	extensions: libipt_ULOG: man page should mention NFLOG as replacement Signed-off-by: Florian Westphal <fw@strlen.de> ibipt_ULOG.man
8cf6fb833840d794289f2abf04b2c5cade5a37bf	13-Jul-2013	Russell Senior <russell@personaltelco.net>	libxt_recent: restore reap functionality to recent module The reap functionality appears to have been accidentally disabled by (74ded72 libxt_recent: add --mask netmask) since iptables 1.4.15 and later. This adds a patch to restore reap functionality for recent_opts_v1. Patch obtained via: http://patchwork.openwrt.org/patch/3812/ Signed-off-by: Russell Senior <russell@personaltelco.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> ibxt_recent.c
34844da8f53ec80b34ad094f2fca2519a7079ec2	01-May-2013	Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>	Introduce a new revision for the set match with the counters support The revision add the support of matching the packet/byte counters if the set was defined with the extension. Also, a new flag is introduced to suppress updating the packet/byte counters if required. Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> ibxt_set.c ibxt_set.man
f927d5fc3a6a0a8a8fb03e733a6572a934482723	10-Apr-2013	Mart Frauenlob <mart.frauenlob@chello.at>	extensions: libxt_LOG: rename IPv4 manpage and tell about IPv6 support Signed-off-by: Mart Frauenlob <mart.frauenlob@chello.at> Signed-off-by: Florian Westphal <fw@strlen.de> ibip6t_LOG.man ibipt_LOG.man ibxt_LOG.man
48356408ccf03ec2fdba0ceae3d9b5eae5e5e959	10-Apr-2013	Mart Frauenlob <mart.frauenlob@chello.at>	extensions: libxt_MASQUERADE: rename IPv4 manpage and tell about IPv6 support also update list of protocols valid for port mapping. Signed-off-by: Mart Frauenlob <mart.frauenlob@chello.at> Signed-off-by: Florian Westphal <fw@strlen.de> ibip6t_MASQUERADE.man ibipt_MASQUERADE.man ibxt_MASQUERADE.man
5ff71e97448ebbeed8b2ad4654726361a0c84131	30-May-2013	Pablo Neira Ayuso <pablo@netfilter.org>	Merge branch 'stable' Get fix for LED extension.
96c42d4c46df3edbd41fa47b860fba217f03cfeb	30-May-2013	Pablo Neira Ayuso <pablo@netfilter.org>	extensions: libxt_LED: fix parsing of delay Closes bugzilla: https://bugzilla.netfilter.org/show_bug.cgi?id=825 Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> ibxt_LED.c
8df3c38438bb75edb480845913af77692c8a5c99	10-Apr-2013	Mart Frauenlob <mart.frauenlob@chello.at>	extensions: libxt_SNAT: rename IPv4 manpage and tell about IPv6 support This patch renames libipt_SNAT.man to libxt_SNAT.man thus informing about the IPv6 version. Also the list of valid protocols for port mapping is updated to: tcp, udp, dccp and sctp. Signed-off-by: Mart Frauenlob <mart.frauenlob@chello.at> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> ibipt_SNAT.man ibxt_SNAT.man
b8646dc9623631db3b71a5c1846566cf54a66a3a	10-Apr-2013	Mart Frauenlob <mart.frauenlob@chello.at>	extensions: libxt_NETMAP: rename IPv4 manpage and tell about IPv6 support This patch renames libipt_NETMAP.man to libxt_NETMAP.man thus informing about the IPv6 version. Signed-off-by: Mart Frauenlob <mart.frauenlob@chello.at> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> ibipt_NETMAP.man ibxt_NETMAP.man
ebd4a00b74aa99ed25841a235fe79b1462baea7f	10-Apr-2013	Mart Frauenlob <mart.frauenlob@chello.at>	extensions: libxt_REDIRECT: rename IPv4 manpage and tell about IPv6 support This patch renames libipt_REDIRECT.man to libxt_REDIRECT.man thus informing about the IPv6 version. Also the list of valid protocols for port mapping is updated to: tcp, udp, dccp and sctp. Signed-off-by: Mart Frauenlob <mart.frauenlob@chello.at> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> ibipt_REDIRECT.man ibxt_REDIRECT.man
11965180ba6f278fea81f55a3aa48c8f7c667142	10-Apr-2013	Mart Frauenlob <mart.frauenlob@chello.at>	extensions: libxt_DNAT: rename IPv4 manpage and tell about IPv6 support This patch renames libipt_DNAT.man to libxt_DNAT.man thus informing about the IPv6 version, as suggested by Patrick McHardy. Also, it updates the list of valid protocols for port mapping is updated to: tcp, udp, dccp and sctp. Signed-off-by: Mart Frauenlob <mart.frauenlob@chello.at> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> ibipt_DNAT.man ibxt_DNAT.man
a17d7fdf4fd8da8b41e67f02c8b8b371c2daa619	10-Apr-2013	Mart Frauenlob <mart.frauenlob@chello.at>	libip6t_mh: Correct command to list named mh types in manpage Signed-off-by: Patrick McHardy <kaber@trash.net> ibip6t_mh.man
0c3753b1d4226a6e7bea9619415cf40cadee1e58	06-Apr-2013	Patrick McHardy <kaber@trash.net>	extensions: add copyright statements Add copyright statements to all extensions authored by myself. Signed-off-by: Patrick McHardy <kaber@trash.net> ibip6t_DNPT.c ibip6t_SNPT.c ibxt_CLASSIFY.c ibxt_CT.c ibxt_RATEEST.c ibxt_addrtype.c ibxt_policy.c ibxt_rateest.c ibxt_statistic.c
ce7d0619ce49587ca78456caf467cf25f7cbbc4e	02-Apr-2013	holger@eitzenberger.org <holger@eitzenberger.org>	extensions: libxt_NFQUEUE: add --queue-cpu-fanout parameter Signed-off-by: Holger Eitzenberger <holger@eitzenberger.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> ibxt_NFQUEUE.c ibxt_NFQUEUE.man
472bc914415baf2cd9aeb44605867365723a2e3d	19-May-2013	Michael Roth <mroth@nessie.de>	doc: mention SNAT in INPUT chain since kernel 2.6.36 SNAT in the INPUT chain was added Jun 2010 to the kernel (commit c68cd6cc21eb329c47ff020ff7412bf58176984e). Signed-off-by: Michael Roth <mail@mroth.net> Signed-off-by: Florian Westphal <fw@strlen.de> ibipt_SNAT.man
ccbf6b6448a4210432b76fd4660798705b05f8c4	06-May-2013	Florian Westphal <fw@strlen.de>	extensions: add connlabel match allows to "tag" connections with up to 128 label names. Labels are defined in /etc/xtables/connlabel.conf, example: 0 from eth0 1 via eth0 Labels can then be attached to flows, e.g. -A PREROUTING -i eth0 -m connlabel --label "from eth0" --set Signed-off-by: Florian Westphal <fw@strlen.de> ibxt_connlabel.c ibxt_connlabel.man
b5c12f4aa3ebfc4dac37799e41616c37c188ab4f	26-Apr-2013	Patrick McHardy <kaber@trash.net>	libxt_conntrack: fix state match alias state parsing The conntrack match uses a different value for the UNTRACKED state than the state match. Translate states to conntrack states to make sure they all match. Signed-off-by: Patrick McHardy <kaber@trash.net> ibxt_conntrack.c
b46f3d833f926c40dd73d52d8cedb94206e6d83d	09-Apr-2013	Mart Frauenlob <mart.frauenlob@chello.at>	extensions: libxt_multiport: Update manpage to list valid protocols This patch updates the list of valid protocols in the man page section of the multiport match to: tcp, udp, udplite, dccp and sctp. Signed-off-by: Mart Frauenlob <mart.frauenlob@chello.at> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> ibxt_multiport.man
1cb432c06637b5030b4a70ff33e306f2bb81d366	19-Apr-2013	Pablo Neira Ayuso <pablo@netfilter.org>	extensions: libxt_bpf: clarify --bytecode argument Mart Frauenlob suggested a change to explain the --bytecode better. I have added some reference to the example bytecode in the format that this argument accepts. Reported-by: Mart Frauenlob <mart.frauenlob@chello.at> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> ibxt_bpf.man
e816ac4fa83f65a5d7d40445c72aa1c3e811cb78	13-Apr-2013	Florian Westphal <fw@strlen.de>	libxt_NFQUEUE: fix bypass option documentation Steve Caligo points out that the documentation says 'packet will move on to the next rule'. This is incorrect; packet moves to the next table. nf bugzilla #778. Signed-off-by: Florian Westphal <fw@strlen.de> ibxt_NFQUEUE.man
d09cc98b481efc6ea121ce7acd739a87a381c6ed	06-Apr-2013	Mart Frauenlob <mart.frauenlob@chello.at>	libxt_recent: Fix missing space in manpage for --mask option Signed-off-by: Mart Frauenlob <mart.frauenlob@chello.at> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> ibxt_recent.man
e0a0dd703b3448f0f07fc59b7232bf1f1cce7b86	23-Jan-2013	Willem de Bruijn <willemb@google.com>	extensions: add libxt_bpf extension Add user-space code to support the new BPF iptables extension. Pablo has mangled the original patch to: * include a copy of include/linux/netfilter/xt_bpf.h in the tree. * I have also remove the --bytecode-file option. The original proposal was to accept BPF code in a file in human readable format. Now, with the nfbpf_compile utility, it's very easy to generate the filter using tcpdump-like syntax. * I have remove the trailing comma in the backtick format, the parser works just fine for me here. * Fix error message if --bytecode is missing. Signed-off-by: Willem de Bruijn <willemb@google.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> ibxt_bpf.c ibxt_bpf.man
71eddedcbf7aebe0cd05421d13b049dd710eaf7f	21-Mar-2013	Pablo Neira Ayuso <pablo@netfilter.org>	libip6t_DNPT: add manpage Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> ibip6t_DNPT.man
0a4c357cb91e16a001b1b06ff509d7fb75f5f2e0	21-Mar-2013	Pablo Neira Ayuso <pablo@netfilter.org>	libip6t_SNPT: add manpage Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> ibip6t_SNPT.man
5c522b4523f2edb8e581131ba4cb414a5ee7ece4	24-Mar-2013	Pablo Neira Ayuso <pablo@netfilter.org>	libxt_osf: fix bad location for location in --genre closes http://bugzilla.netfilter.org/show_bug.cgi?id=805 Reported-by: Bourne Without <blackhole@airpost.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> ibxt_osf.c
71e2bf5cf25a821d62f7d75eb8efa4c61a214c6b	24-Mar-2013	Pablo Neira Ayuso <pablo@netfilter.org>	libxt_osf: fix missing --ttl and --log in save output closes http://bugzilla.netfilter.org/show_bug.cgi?id=805 Reported-by: Bourne Without <blackhole@airpost.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> ibxt_osf.c
37b19d08f3cbc83a653386d76261490e173a874b	16-Mar-2013	Pablo Neira Ayuso <pablo@netfilter.org>	Revert "build: resolve link failure for ip6t_NETMAP" This reverts commit 68e77a26111ee6b8f10c735a76891a7de6d57ee6. The use of libtool was introduced to resolve linking problems in NETMAP (IPv6 version), but that resulted in RPATH problems reported from distributors and warnings spotted by libtool at linking stage. Since (0ca548b libip6t_NETMAP: Use xtables_ip6mask_to_cidr and get rid of libip6tc dependency) fixed the NETMAP issue, let's roll back to our previous stage. A small conflicts in extensions/GNUmakefile.in has been resolved in this revert. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> NUmakefile.in
cccfff9309743f173c504dd265fae173caa5b47f	16-Mar-2013	Pablo Neira Ayuso <pablo@netfilter.org>	libip6t_NETMAP: Use xtables_ip6mask_to_cidr and get rid of libip6tc dependency This patch changes the NETMAP target extension (IPv6 side) to use the xtables_ip6mask_to_cidr available in libxtables. As a side effect, we get rid of the libip6tc dependency. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> NUmakefile.in ibip6t_NETMAP.c
d4961b909a75ed0745abb43cdc940e8d947ccf4a	17-Feb-2013	Florian Westphal <fw@strlen.de>	doc: rpfilter: invert option should have own paragraph Signed-off-by: Florian Westphal <fw@strlen.de> ibxt_rpfilter.man
817ac5a5e54d083983b7c834194b46c4366d71d2	31-Jan-2013	Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>	Merge branch 'master' of vishnu.netfilter.org:/data/git/iptables
e612a9d285477e9951349dd137305393a1255b19	28-Jan-2013	Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>	Add the "state" alias to the "conntrack" match ibxt_conntrack.c ibxt_state.man
1c317dafa986699127d08951037869f9669e3b25	28-Jan-2013	Pablo Neira Ayuso <pablo@netfilter.org>	Merge branch 'stable' into 'master'
2fda8fcef0f3c321fb03953b8ecc424a2bad4476	24-Jan-2013	Jan Engelhardt <jengelh@inai.de>	extensions: S/DNPT: add missing save function Jean-Michel DILLY reports that `ip6tables -S` exits with Target `DNPT' is missing save function when a DNPT rule is invoked. Fix this omission. References: http://marc.info/?l=netfilter&m=135904831220440&w=2 Signed-off-by: Jan Engelhardt <jengelh@inai.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> ibip6t_DNPT.c ibip6t_SNPT.c
85346f6e406207f85550f1b7b4f61b22a8e38fbb	25-Dec-2012	Jan Engelhardt <jengelh@inai.de>	doc: name the supported log levels for ipt_LOG Leonardo Ferreira da Silva Boiko lets it be known that syslogd.conf may not exist on certain systems. Referencing that manpage is not a good idea in any case, I believe, since the strings that are accepted are defined by iptables and not a syslog implementation. References: http://bugs.debian.org/567564 Signed-off-by: Jan Engelhardt <jengelh@inai.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> ibip6t_LOG.man ibipt_LOG.man
ff338552d318b49e07662fd7648fdb11e3c42bc9	03-Jan-2013	Ulrich Weber <ulrich.weber@sophos.com>	extensions: libip6t_DNAT: set IPv6 DNAT --to-destination as in IPv4 and fixes DNAT_save Signed-off-by: Ulrich Weber <ulrich.weber@sophos.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> ibip6t_DNAT.c
92f05a2f38e6c6bc6c69880358c41ac17bd31298	03-Jan-2013	Ulrich Weber <ulrich.weber@sophos.com>	extension: libip6t_DNAT: allow port DNAT without address correct parsing of IPv6 port NAT without address NAT, assume one colon as port information. Allows: * address only: -j DNAT --to affe::1 -j DNAT --to [affe::1] * port only -j DNAT --to :80 -j DNAT --to :80-110 -j DNAT --to []:80 -j DNAT --to []:80-110 * address and port -j DNAT --to [affe::1]:80 -j DNAT --to [affe::1]:80-110 Signed-off-by: Ulrich Weber <ulrich.weber@sophos.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> ibip6t_DNAT.c ibip6t_SNAT.c
7b04e3ef3a6ffccb23de83ef3b2d8f5aeaaa09e5	02-Jan-2013	Ulrich Weber <ulrich.weber@sophos.com>	extensions: libip6t_DNPT: fix wording in DNPT target replaces SNPT by DNPT. This fixes broken help message that points to SNPT. Signed-off-by: Ulrich Weber <ulrich.weber@sophos.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> ibip6t_DNPT.c
68e77a26111ee6b8f10c735a76891a7de6d57ee6	01-Jan-2013	Jan Engelhardt <jengelh@inai.de>	build: resolve link failure for ip6t_NETMAP Link stage of libip6t_NETMAP failed since recently. CCLD libip6t_NETMAP.so /usr/lib64/gcc/x86_64-suse-linux/4.7/../../../../x86_64-suse-linux/bin/ld: cannot find -lip6tc libip6t_NETMAP.c uses the "ipv6_prefix_length" function from libip6tc.so; "-lip6tc" is used in the Makefile, but, the directory to it is not specified. Why does the link succeed for some people? Because /usr/lib(64)/libip6tc.so satisfies -lip6tc, but not all environments, especially those without iptables development files, have that file, hence this link error can happen. By suggestion of Mike Frysinger, this patch uses libtool to produce and link the plugins. Signed-off-by: Jan Engelhardt <jengelh@inai.de> Acked-by: Mike Frysinger <vapier@gentoo.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> NUmakefile.in
3518a04cff1fb48ca0bf5d2d58b4cd6325f3917c	01-Aug-2012	Kevin Schoedel <kevin.p.schoedel@intel.com>	Include strings.h for the defintion of ffs() ffs() is defined in strings.h. gcc had no problem with this as it automatically used it's own builtin for ffs(). Change-Id: I7062f6143d680b2ae73f69b6b4b1e0be94a3e28b Author: Edwin Vane <edwin.vane@intel.com> Reviewed-by: Kevin Schoedel <kevin.p.schoedel@intel.com> ibipt_ULOG.c
a46a5698027aa48e27e3cc2d54bb8bbafb10e7da	19-Nov-2012	Tom Eastep <teastep@shorewall.net>	extensions: libxt_statistic: Fix save output Suppressing '--packet 0' in save output resulted in restore failure. This patch includes '--packet 0' in save output while continuing to suppress it in print output. Signed-off-by: Tom Eastep <teastep@shorewall.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> ibxt_statistic.c
9d284c1c67188dfa8a4c7a6e36eb9a10bd9c15e2	25-Oct-2012	Pablo Neira Ayuso <pablo@netfilter.org>	Merge branch 'next' branch that contains new features scheduled for Linux kernel 3.7
9921f2b9a241750e4730fc7d486687c6a32779f4	10-Oct-2012	Jan Engelhardt <jengelh@inai.de>	build: resolve compile abort in libxt_limit on RHEL5 libxt_limit.c: In function 'print_rate': libxt_limit.c:124: error: 'INFINITY' undeclared (first use in this function) The default mode of glibc-2.15's <features.h> sets "-D_POSIX_C_SOURCE=200809L", and therefore "-D_ISOC99_SOURCE". However, on þe olde RHEL 5's glibc-2.5, it only has "-D_POSIX_C_SOURCE=200112L". Explicitly draw in the definition of INFINITY by always defining _ISOC99_SOURCE. By doing this, we are moving off of the default set, so _BSD_SOURCE also needs to be explicitly set to get at IFNAMSIZ that is used in xt_hashlimit.h. Signed-off-by: Jan Engelhardt <jengelh@inai.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> ibxt_hashlimit.c ibxt_limit.c
269655d54e22f3a36250bb2c4639dddd102258c6	08-Oct-2012	Jan Engelhardt <jengelh@inai.de>	build: remove symlink-only extensions from static object list $ ./configure --enable-static --disable-shared --enable-ipv4 --enable-ipv6 && make [...] make[3]: *** No rule to make target "libxt_NOTRACK.o", needed by "libext.a". Stop. Signed-off-by: Jan Engelhardt <jengelh@inai.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> NUmakefile.in
4c1a015e201c6e5192448cbcf1975dd7630cad82	30-Sep-2012	Jan Engelhardt <jengelh@inai.de>	Merge branch 'master' of git://git.inai.de/iptables Conflicts: extensions/GNUmakefile.in Resolution: trivial, since this was a fuzz 3. Reason: Line added from v1.4.15-16-g33710a5 was in vincinity of changes from v1.4.15-22-g4496801.
8d8896a3833292d091ee5a028f3461083bb956bd	17-Sep-2012	Florian Westphal <fw@strlen.de>	libxt_time: add support to ignore day transition Currently, if you want to do something like: "match Monday, starting 23:00, for two hours" You need two rules, one for Mon 23:00 to 0:00 and one for Tue 0:00-1:00. The rule --weekdays Mo --timestart 23:00 --timestop 01:00 looks correct, but it will first match on monday from midnight to 1 a.m. and then again for another hour from 23:00 onwards. This permits userspace to explicitly ignore the day transition and match for a single, continuous time period instead. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> ibxt_time.c ibxt_time.man
d97d546ba4540a28b14fcbf75176df345caee954	28-Sep-2012	Jan Engelhardt <jengelh@inai.de>	doc: have NOTRACK manpage point to CT instead The module is obsolete, so point to CT --notrack instead. Signed-off-by: Jan Engelhardt <jengelh@inai.de> ibxt_NOTRACK.man ibxt_conntrack.man
faeaf11536f605ebb733d4d5f5ec2ca074d3f247	28-Sep-2012	Jan Engelhardt <jengelh@inai.de>	doc: trim "state" manpage and reference conntrack instead The module is practically obsolete, so just pinpoint to the replacement in short order. Signed-off-by: Jan Engelhardt <jengelh@inai.de> ibxt_HMARK.man ibxt_state.man
4496801821c01e3934996b40e0012ddcb969a8df	28-Sep-2012	Jan Engelhardt <jengelh@inai.de>	doc: deduplicate extension descriptions into a new manpage iptables.8 and ip6tables.8 had pretty much the same content, with a few protocol-specific deviations here and there. Not only did that bloat the manpages, but it also made it harder to spot differences. Separate out the extension descriptions into a new manpage, which conveniently features differences next to one another (cf. REJECT). Signed-off-by: Jan Engelhardt <jengelh@inai.de> gitignore NUmakefile.in
9517bbf5b805df874dcc452dfeb2cc36a7bf1500	28-Sep-2012	Jan Engelhardt <jengelh@inai.de>	doc: clean up interpunction in state list for xt_conntrack Signed-off-by: Jan Engelhardt <jengelh@inai.de> ibxt_conntrack.man
ec40b897289745da3d67de2cb14be30353003922	30-Sep-2012	Jan Engelhardt <jengelh@inai.de>	Merge branch 'master' of git://git.inai.de/iptables
0d701631625898ac33fb53c67ed2b529668fe0d7	28-Sep-2012	Jan Engelhardt <jengelh@inai.de>	libxt_state: replace as an alias to xt_conntrack Signed-off-by: Jan Engelhardt <jengelh@inai.de> NUmakefile.in ibxt_conntrack.c ibxt_state.c
50f19190a60ff7d69e88406a71a2f27e09008566	04-Sep-2012	Jan Engelhardt <jengelh@inai.de>	libxt_NOTRACK: replace as an alias to CT --notrack Note that we do not need any print/save functions for the alias entries, since the real CT entry will handle this. Signed-off-by: Jan Engelhardt <jengelh@inai.de> NUmakefile.in ibxt_CT.c ibxt_NOTRACK.c
d637ead63658d741501974c381889b3857073308	21-Sep-2012	Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>	New set match revision with --return-nomatch flag support ibxt_set.c ibxt_set.man
33710a5773df0e9fabdec7a2ebdd3c4e206a6a09	10-Sep-2012	Jan Engelhardt <jengelh@inai.de>	build: have `make clean` remove dep files too While changing branches, one can hit errors like: make[2]: *** CC libipt_CLUSTERIP.oo No hay ninguna regla para construir el objetivo `../include/net/netfilter/nf_nat.h', necesario para `libipt_DNAT.oo'. Alto. Pablo thinks dep files should be removed on `make clean`, and I concur. (JFI, Note that native automake would not clear its ".deps" directory.) Keep the "distclean: clean" line to keep invocations by automake from the parent directory working. Reported-by: Pablo Neira Ayuso <pablo@netfilter.org> NUmakefile.in
1871796877956ee68a39092c6fc3678e5a9d1d88	22-Aug-2012	Patrick McHardy <kaber@trash.net>	extensions: add NPT extension Add extensions for the SNPT and DNPT stateless IPv6-to-IPv6 Network Prefix Translation targets. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> ibip6t_DNPT.c ibip6t_SNPT.c
5f896fd9432d2c16d17550b943f4b9a782bffe04	22-Aug-2012	Patrick McHardy <kaber@trash.net>	extensions: add IPv6 NETMAP extension Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> NUmakefile.in ibip6t_NETMAP.c
5eca41982d29bc25b241692d03b09b953e7a908a	22-Aug-2012	Patrick McHardy <kaber@trash.net>	extensions: add IPv6 REDIRECT extension Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> ibip6t_REDIRECT.c
9caf63581907860a1a0acee970b9f50d41b6a8ba	22-Aug-2012	Patrick McHardy <kaber@trash.net>	extensions: add IPv6 DNAT target Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> ibip6t_DNAT.c
3672111649732be657cb7566178b7d2618ba6ec5	22-Aug-2012	Patrick McHardy <kaber@trash.net>	extensions: add IPv6 SNAT extension Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> ibip6t_SNAT.c
0e37f00980eb6b4fc2c5f979cc5fa83c0fff9d30	22-Aug-2012	Patrick McHardy <kaber@trash.net>	extensions: add IPv6 MASQUERADE extension Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> ibip6t_MASQUERADE.c ibip6t_MASQUERADE.man
e62f426c7ead7c0025d15860df97426db6509942	22-Aug-2012	Patrick McHardy <kaber@trash.net>	Convert the NAT targets to use the kernel supplied nf_nat.h header Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> ibipt_DNAT.c ibipt_MASQUERADE.c ibipt_NETMAP.c ibipt_REDIRECT.c ibipt_SAME.c ibipt_SNAT.c
807e1f0e6ede73792337b595a99af21b01f8826e	07-Sep-2012	Pablo Neira Ayuso <pablo@netfilter.org>	extensions: libxt_addrtype: fix type in help message --limit-iface-out Match only on the packet's incoming device Note that it says "incoming" when it should say "outcoming" Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> ibxt_addrtype.c
3abf5cc5ac0c32eba2436567d25e175d7e0f42bc	20-Aug-2012	Andreas Schwab <schwab@linux-m68k.org>	libxt_tcp: print space before, not after "flags:" tcp dpt:10flags: 0x17/0x02 ^^ Signed-off-by: Andreas Schwab <schwab@linux-m68k.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> ibxt_tcp.c
8a988f6707719340114bfa3d85ea3e1c80fe6f5f	07-Aug-2012	Michal Kubeček <mkubecek@suse.cz>	libip6t_frag: match any frag id by default If no --fragid option is given, the frag extension only matches fragments with a zero-valued "Identification" field. This behavior deviates from what other extensions do (they match all values in this case) and is unexpected, and therefore changed by this patch. Additionally, --fragid 0:4294967295 leads to no output on `iptables -S` because part of the code thinks that this would be the default, when it is not. So, default to match all frag values, such that iptables -S not outputting anything also becomes correct. Signed-off-by: Michal Kubecek <mkubecek@suse.cz> Signed-off-by: Jan Engelhardt <jengelh@inai.de> ibip6t_frag.c
9d69da4bdb1d546218d168b72f12ac8aa042e3d8	28-Jul-2012	Jan Engelhardt <jengelh@inai.de>	libxt_*limit: avoid division by zero It was possible to specify -A mychain -m hashlimit --hashlimit 600059/minute; this would convert to r->avg=0, which subsequently causes a division by zero when printing with -S mychain. 1. Avoid division by zero in print_rate by printing infinity instead. 2. Rewrite the test in parse_rate to properly reject too high rates. Signed-off-by: Jan Engelhardt <jengelh@inai.de> ibxt_hashlimit.c ibxt_limit.c
a19988f2795770ce470562c1795e1cf53e3aa54b	15-Jul-2012	Jan Engelhardt <jengelh@inai.de>	libxt_LED: guard against negative numbers Signed-off-by: Jan Engelhardt <jengelh@inai.de> ibxt_LED.c
d18b451ec82bbaeaf385241ebdf926912a075ade	14-Jul-2012	Jan Engelhardt <jengelh@inai.de>	libxt_devgroup: guard against negative numbers More corrections of the strtoul kind. Signed-off-by: Jan Engelhardt <jengelh@inai.de> ibxt_devgroup.c
c0b7138f39882e2bf8f3d85d15e0ffbd868ed7ba	14-Jul-2012	Jan Engelhardt <jengelh@inai.de>	libxt_devgroup: consolidate devgroup specification parsing This is a small cleanup, reducing the two copies of X/Y parsing to one. Signed-off-by: Jan Engelhardt <jengelh@inai.de> ibxt_devgroup.c
dc23c2d7afd2103cbc589372769c2f6723ea5235	13-Jul-2012	Jan Engelhardt <jengelh@inai.de>	libxt_u32: do bounds checking for @'s operands Using only strtoul is prone to accept all values, including negative ones which are not explicitly allowed. Therefore, use xtables_strtoui with bounds checking. Signed-off-by: Jan Engelhardt <jengelh@inai.de> ibxt_u32.c
a3c1c206a665d81afa2363507a5e162c20694311	13-Jul-2012	Jan Engelhardt <jengelh@inai.de>	doc: grammatical updates to libxt_SET Cherry-picked these from recent patches from Mr Dash Four. Signed-off-by: Jan Engelhardt <jengelh@inai.de> ibxt_SET.man
74ded7257e5da5e309844d386290f24ae91950a6	17-May-2012	Denys Fedoryshchenko <denys@visp.net.lb>	libxt_recent: add --mask netmask This new option will be available in the Linux kernel 3.5 [ Pablo fixed coding-style issues and cleaned up this. Added manpages as well ] Signed-off-by: Denys Fedoryshchenko <denys@visp.net.lb> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> ibxt_recent.c ibxt_recent.man
f4a6c20c39c97214e22625764bfa80ef8e1e3147	17-Jul-2012	Hans Schillstrom <hans@schillstrom.com>	libxt_HMARK: correct a number of errors introduced by Pablo's rework * Fix typo in --hmark-rnd description. * Remove trailing -set from port and spi options. * Take missing value for ports and spi from command line. * Fix spi / port validation. * Remove --hmark-offset as mandatory. Signed-off-by: Hans Schillstrom <hans@schillstrom.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> ibxt_HMARK.c
7fb49101acfbec265e96c1d5e475c7051beece19	16-Jul-2012	Pablo Neira Ayuso <pablo@netfilter.org>	libxt_HMARK: fix ct case example ... -j HMARK --hmark-tuple ct,src,dst --hmark-offset 10000 ... Note `ct' requires also the tuples. Reported-by: Hans Schillstrom <hans@schillstrom.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> ibxt_HMARK.man
3ee90dffea02c9be38dca6544ad5f22d4467e334	16-Jul-2012	Hans Schillstrom <hans@schillstrom.com>	libxt_HMARK: fix output of iptables -L Fix accidental swap of [s|d]port-mask and [s|d]port-port. Use xtables_ipmask_to_cidr instead of xtables_ipmask_to_numeric. Signed-off-by: Hans Schillstrom <hans@schillstrom.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> ibxt_HMARK.c
abdef13f36b63758f8775eb86febd96bf062df6f	08-May-2012	Florian Westphal <fw@strlen.de>	libxt_hashlimit: add support for byte-based operation allows --hashlimit-(upto|above) Xb/s [ --hashlimit-burst Yb ] to make hashlimit match when X bytes/second are exceeded; optionally, Y bytes will not be matched (i.e. bursted). [ Pablo fixed minor compilation warning in this patch with gcc-4.6 and x86_64 ] libxt_hashlimit.c: In function ‘parse_bytes’: libxt_hashlimit.c:216:6: warning: format ‘%llu’ expects argument of type ‘long long unsigned int’, but argument 3 has type ‘uint64_t’ [-Wformat] Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> ibxt_hashlimit.c ibxt_hashlimit.man
874d7ee3c36ba54220fd204e6aa7cbc731a66395	04-Jul-2012	Eldad Zack <eldad@fogrefinery.com>	libxt_recent: remove unused variable The info variable is assigned but never read in recent_check(). Signed-off-by: Eldad Zack <eldad@fogrefinery.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> ibxt_recent.c
4df8cb6ab176f3c1f2bf9498d0abde8d9362087b	23-Apr-2012	Hans Schillstrom <hans.schillstrom@ericsson.com>	extensions: add HMARK target The target allows you to set mark packets based Jenkins' hash calculation: h(t, rnd) = x mark = (x % mod) + offset where: * t is a tuple that is used for the hashing: t = [ src, dst, proto, sport, dport ] Note that you can customize the tuple, thus, removing some component that you don't want to use for the calculation. You can also use spi instead of sport and dport, btw. * rnd is the random seed that is explicitly passed via --hmark-rnd * mod is the modulus, to determine the range of possible marks * offset determines where the mark starts from This target only works for the "raw" and "mangle" tables. This can be used to distribute flows between a cluster of systems and uplinks. Initially based on work from Hans Schillingstrom. Pablo took it over and introduced several improvements. Signed-off-by: Hans Schillstrom <hans.schillstrom@ericsson.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> ibxt_HMARK.c ibxt_HMARK.man
7e2b63603fef2253b463ad33395520297cfe8378	02-Jul-2012	Florian Westphal <fw@strlen.de>	libxt_devgroup: add man page snippet Signed-off-by: Florian Westphal <fw@strlen.de> ibxt_devgroup.man
a05910364fa0f2f919dbe0b01bcaba9c3cb127ca	17-May-2012	Florian Westphal <fw@strlen.de>	extensions: libxt_rateest: output all options in save hook ipt-restore fails to parse the ipt-save output: zmatches -m rateest --rateest RE1 --rateest-pps --rateest-lt 5 (should be "--rateest-pps 5 --rateest-lt"). Also, the "delta" option was never shown in -save output, but twice in some cases when using "iptables -L". Also, the "b/pps1" option must be shown when "delta" option is used with relative mode. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> ibxt_rateest.c
6111382a6c27e73c1cef1777c1253be0453a9dbb	09-May-2012	Pablo Neira Ayuso <pablo@netfilter.org>	libipt_ULOG: fix --ulog-cprange In 1f2474a libipt_ULOG: use guided option parser. A bug has been accidentally introduced in --ulog-cprange, limiting possible values from 1 to 50. However, that limit should be applied to --ulog-qthreshold. Reported-by: Gaurav Sinha <vgsinha@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> ibipt_ULOG.c
e07e0d31f48d951e0f03ba254d4754810732c241	30-Mar-2012	Ashish Sharma <ashishsharma@google.com>	Modify iptables to talk to xt_IDLETIMER version 1. Change-Id: Ib144c5289681cdff21b21be74173164d097710e7 ibxt_IDLETIMER.c ibxt_IDLETIMER.man
e8f32983048d6aa4a908b6a92da55fa71c859623	29-Feb-2012	Pablo Neira Ayuso <pablo@netfilter.org>	libxt_CT: add --timeout option This patch adds the --timeout option to allow to attach timeout policy objects to flows, eg. iptables -I PREROUTING -t raw -s 1.1.1.1 -p tcp \ -j CT --timeout custom-tcp-policy You need the nfct(8) tool which is available at: http://git.netfilter.org/cgi-bin/gitweb.cgi?p=nfct.git To define the cttimeout policies. Example of usage: nfct timeout add custom-tcp-policy inet tcp established 1000 The new nfct tool also requires libnetfilter_cttimeout: http://git.netfilter.org/cgi-bin/gitweb.cgi?p=libnetfilter_cttimeout.git Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> ibxt_CT.c ibxt_CT.man
f233df44196f568075a5d70fc29f31b72b512783	27-Mar-2012	Pablo Neira Ayuso <pablo@netfilter.org>	extensions: add nfacct match This patch provides the user-space iptables support for the nfacct match. This can be used as it follows: nfacct add http-traffic iptables -I INPUT -p tcp --sport 80 -m nfacct --nfacct-name http-traffic iptables -I OUTPUT -p tcp --dport 80 -m nfacct --nfacct-name http-traffic nfacct get http-traffic See also man nfacct(8) for more information. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> ibxt_nfacct.c ibxt_nfacct.man
c0aa38e22e8a09fcb1898ad0e042eaf6314d2d42	21-Mar-2012	Maciej Żenczykowski <maze@google.com>	src: mark newly opened fds as FD_CLOEXEC (close on exec) By default, Unix-like systems leak file descriptors after fork/exec call. I think this seem to result in SELinux spotting a strange AVC log messages according to what I can find on the web. Fedora 18 iptables source includes this change. Maciej says: "iptables does potentially fork/exec modprobe to load modules. That can cause a selinux 'domain'/'role'/whatever-it-is-called crossing. You can do automated inspection of what gets carried across such privilege changes and any unexpected open file descriptors flag problems, patches like this cut down on the noise." Signed-off-by: Maciej enczykowski <maze@google.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> ibxt_set.h
98e1769b65b71989e3f16b25529b40f374aef323	28-Dec-2011	Patrick McHardy <kaber@trash.net>	extensions: add IPv6 capable ECN match extension Patrick submitted this patch by 9th Jun 2011, I'm recovering and applying it to iptables. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> ibipt_ecn.c ibipt_ecn.man ibxt_ecn.c ibxt_ecn.man
166b92d3fb2a7fc008df1b59332ef528a9a573ea	14-Jul-2011	Florian Westphal <fw@strlen.de>	extensions: add rpfilter module Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> ibxt_rpfilter.c ibxt_rpfilter.man
79cefabaac7a0ecf864db7da2a665845c0789f10	30-Dec-2011	Jan Engelhardt <jengelh@medozas.de>	extensions: link on libxtables and check symbols Have each extension link against libxtables.so; with this, all home symbols are known at link time and we can use ld's --no-undefined to run the check, dropping the homebrew solution. By having libxtables.so required by extensions, package managers' automatic dependency discovery will become effective so that manual dependencies for distros with split extension packages (e.g. OpenWRT) will not be necessary anymore. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> NUmakefile.in
32d8532a37004e11e5994d93df5e249c43197930	18-Dec-2011	Jan Engelhardt <jengelh@medozas.de>	build: use delayed expansion on the user-settable variables Signed-off-by: Jan Engelhardt <jengelh@medozas.de> NUmakefile.in
f63d056f0c1ac122973a0859445c9cb5747e7213	18-Dec-2011	Jan Engelhardt <jengelh@medozas.de>	Update .gitignore Split off extensions/.gitignore. gitignore
4c15dcc6ec505d26649be8a8a9c8eb19134bfd5a	23-Dec-2011	Pablo Neira Ayuso <pablo@netfilter.org>	Merge branch 'stable'
08628f20f492a1f9178f6df2a276f9a108ac0022	16-Dec-2011	Florian Westphal <fw@strlen.de>	libxt_connbytes: fix handling of --connbytes FROM quoting man page: match packets from a connection whose packets/bytes/average packet size is more than FROM and less than TO bytes/packets. if TO is omitted only FROM check is done. But, when TO was omitted, we did treat it like "x:x" which is not the same at all. Before commit 09631dc60ce41bc484a42fcf4d4ddf7036820bd1 (libxt_connbytes: use guided option parser), we failed to parse "--connbytes x" ('Bad range "x"'), but treated "x:" like "x:0xffffffff". Also, restore the "from must be smaller than to" check. Signed-off-by: Florian Westphal <fw@strlen.de> ibxt_connbytes.c
32a4b7dcaf252348732362cd6d853bf0005b2bdd	18-Dec-2011	Jan Engelhardt <jengelh@medozas.de>	Merge branch 'stable'
79ddbf202a06e6f018e087a328c2ca91e65a8463	30-Nov-2011	Tim Gardner <tim.gardner@canonical.com>	libxt_recent: Add support for --reap option Support for the reap option was merged in the kernel as of 2.6.35. Cc: Pablo Neira Ayuso <pablo@netfilter.org> Cc: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Tim Gardner <tim.gardner@canonical.com> ibxt_recent.c ibxt_recent.man
3964023f8640b60456373825b326b91badd7a058	25-Nov-2011	Jan Engelhardt <jengelh@medozas.de>	libipt_SAME: set PROTO_RANDOM on all ranges Resolve the (justified) WTF remark to a clearer version of when/why PROTO_RANDOM needs to be set. Especially when --random is used before --to in SAME, it would have not been appleid. ibipt_DNAT.c ibipt_SAME.c ibipt_SNAT.c
ba525eb3d3a77a5465e4e8a24970d8f15ba59ee3	01-Nov-2011	Pablo Neira Ayuso <pablo@netfilter.org>	Merge branch 'stable'
3c461ceeed5f55599930051f6feaec014b08f730	31-Oct-2011	Florian Westphal <fw@strlen.de>	libxt_NFQUEUE: fix --queue-bypass ipt-save output else, this will print "--queue-num 0--queue-bypass ". Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> ibxt_NFQUEUE.c
8fe22aa0a242314349f6cd7219b56a60a9d75276	05-Sep-2011	Thomas Jarosch <thomas.jarosch@intra2net.com>	Improve readability of bitwise operation CLUSTERIP: improve readability of bitwise operation Signed-off-by: Thomas Jarosch <thomas.jarosch@intra2net.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> ibipt_CLUSTERIP.c
134280881a3c99f313da669117de71bc236f1f77	19-Sep-2011	Jan Engelhardt <jengelh@medozas.de>	Merge branch 'stable'
d2b0eaa297dfa87f54b3fbcaa292f14d793e3f3c	18-Sep-2011	Jan Engelhardt <jengelh@medozas.de>	build: make check stage not fail when building statically Signed-off-by: Jan Engelhardt <jengelh@medozas.de> NUmakefile.in
8816e91cddef785c78b3598c7c41a1f88be08f5a	18-Sep-2011	Jan Engelhardt <jengelh@medozas.de>	build: restore build order of modules iptables(exe) requires libext.a, but extensions/ require libxtables.la (in iptables/). This circular dependency does not work out, so separate libxtables into its own directory and put it in front. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> NUmakefile.in
14da56743c6cdf25da35b7b5ca7a5d201771990d	27-Aug-2011	Jan Engelhardt <jengelh@medozas.de>	src: resolve old macro names that are indirections Command used: git grep -f <(pcregrep -hior '(?<=#define\s)IP6?(T_\w+)(?=\s+X\1)' include/) and then fix all occurrences. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibipt_realm.c
34d23bd14002aeeae0374d2561ad329e5cdc96e2	11-Sep-2011	Jan Engelhardt <jengelh@medozas.de>	Merge branch 'stable'
5e5ea1ccf61d96879531929874109c17c1894908	08-Sep-2011	Jan Engelhardt <jengelh@medozas.de>	build: sort file list before build Manpage subsections are already sorted for obvious reasons. Since $(wildcard) can actually return results unordered (just what the OS can do) do the sorting with the .o file list too, for developer comfort. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> NUmakefile.in
62fc25fd1625f0f65b9eed3e15fe929dd0aff2c5	08-Sep-2011	Jan Engelhardt <jengelh@medozas.de>	Merge branch 'master' of git://dev.medozas.de/iptables
153c23d9b14285b24aae3e96da0b547dcc7ee051	03-Sep-2011	Tom Eastep <teastep@shorewall.net>	libxt_CONNSECMARK: fix spacing in output ~# iptables -t mangle -A foo -j CONNSECMARK --save ~# iptables -t mangle -S [...] -A foo -j CONNSECMARK--save Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_CONNSECMARK.c
751da923262746bf8fd3195e178504fb18c37dc5	03-Sep-2011	Jan Engelhardt <jengelh@medozas.de>	build: scan for unreferenced symbols To be notified of occurrences where we are missing any libraries, run some ldd checks post building. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> NUmakefile.in
9249ad37b2342eb48009e18f3982362e1018ea5a	03-Sep-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_RATEEST: link with -lm $ ldd -r libxt_RATEEST.so undefined symbol: log (./libxt_RATEEST.so) Signed-off-by: Jan Engelhardt <jengelh@medozas.de> NUmakefile.in
d4e72dc1c684c2f8361d87e6bde2902cd2ee8efb	03-Sep-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_statistic: link with -lm $ ldd -r libxt_statistic.so undefined symbol: lround (./libxt_statistic.so) References: https://bugs.archlinux.org/task/25358 Signed-off-by: Jan Engelhardt <jengelh@medozas.de> NUmakefile.in
3775fb69f63b76191bc3571bfa8538c18173d90f	28-Aug-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_addrtype: add support for revision 1 Rev 1 was added to the kernel in commit v2.6.39-rc1~468^2~10^2~1 but there was no corresponding iptables patch so far. Cc: Florian Westphal <fw@strlen.de> Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_addrtype.c
a49002efbdc5813ee193aa8fde3da3e35ff0d38f	28-Aug-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_addrtype: rename from libipt_addrtype Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibipt_addrtype.c ibipt_addrtype.man ibxt_addrtype.c ibxt_addrtype.man
3412bd0bfb8b8bac9834cbfd3392b3d5487133bf	19-Aug-2011	Tom Eastep <teastep@shorewall.net>	libxt_conntrack: improve error message on parsing violation Tom Eastep noted: $ iptables -A foo -m conntrack --ctorigdstport 22 iptables v1.4.12: conntrack rev 2 does not support port ranges Try `iptables -h' or 'iptables --help' for more information. Commit v1.4.12-41-g1ad6407 takes care of the actual cause of the bug, but let's include Tom's patch nevertheless for the better error message in case one actually does specify a range with rev 2. References: http://marc.info/?l=netfilter-devel&m=131370592105298&w=2 Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_conntrack.c
debcf48f6a72914a9c06e99b175ad64ef1f6f1cb	02-Aug-2011	Fernando Luis Vázquez Cao <fernando@oss.ntt.co.jp>	libxt_TOS: update linux kernel version list for backported fix Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_TOS.man
d51a97bc52ee81a962b761c7e58a5eb9f07a2c8a	26-Aug-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_string: escape the escaping char too References: http://bugzilla.netfilter.org/show_bug.cgi?id=740 Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_string.c
f4daf54e5c184680559de33eb08f2a0fb701dbe9	25-Aug-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_string: replace hex codes by char equivalents Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_string.c
131d4fb53b45be85b1315f72f958cadf7b24a63f	21-Aug-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_string: simplify hex output routine Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_string.c
4a56bcbd49ef20a0203017c15ab1cec9bb140d1a	21-Aug-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_hashlimit: observe new default gc-expire time when saving Since a while, --htable-gc-expire defaults to the chosen time quantum instead of 10 fixed seconds, which leads the expiry value to be always printed, which is redundant. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_hashlimit.c
03deef5241330db418652c42af4d517527743f22	21-Aug-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_policy: remove superfluous inversion --dir cannot be inverted. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_policy.c
c2a47ead16fc488fbf7fd8aa12d306cedf4da441	21-Aug-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_physdev: restore inversion support Bug origin is in commit v1.4.11~26^2~4. References: Dave Täht via netfilter-devel on 2011-08-20 14:40:11 -0700 References: <CAA93jw6mpDL6rLXM+9SpAhafkDdKoSfhAxU8UM87vUqjuzjYJw@mail.gmail.com> Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_physdev.c
c4e1c0992937bce3ac72987aa43f4f3c219cf3e3	21-Aug-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_owner: restore inversion support Bug origin is in commit v1.4.11~16^2~7. References: Dave Täht via netfilter-devel on 2011-08-20 14:40:11 -0700 References: <CAA93jw6mpDL6rLXM+9SpAhafkDdKoSfhAxU8UM87vUqjuzjYJw@mail.gmail.com> Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_owner.c
c96e524e98de81b333d772aa9a4f9b93275525dd	21-Aug-2011	Jan Engelhardt <jengelh@medozas.de>	libipt_ttl: document that negation is available Glitch since commit v1.2.1~75. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibipt_ttl.c ibipt_ttl.man
0859fdf5d0ae24c88e64246164c4959ad3b0d098	21-Aug-2011	Jan Engelhardt <jengelh@medozas.de>	libip6t_dst: restore setting IP6T_OPTS_LEN flag Bug origin is in commit v1.4.11~26^2~18. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibip6t_dst.c
975aeec7d34419fece8710997b6ec88cc0abb580	21-Aug-2011	Jan Engelhardt <jengelh@medozas.de>	libip6t_hbh: restore setting IP6T_OPTS_LEN flag Bug origin is in commit v1.4.11~26^2~17. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibip6t_hbh.c
de1f06dca906bfcb82d7c7c2d555fbf3229d12b6	21-Aug-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_hashlimit: remove inversion from hashlimit rev 0 Revision 0 indeed did not have inversion support, nor presence of --hashlimit-above. This glitch was added in v1.4.11~16^2~10. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_hashlimit.c
97dac48e7dfd3e2f35e33fdad72bda5b3dfc2241	21-Aug-2011	Jan Engelhardt <jengelh@medozas.de>	libip6t_frag: restore inversion support --fraglen also was not printed since v1.4.11~26^2~22. References: Dave Täht via netfilter-devel on 2011-08-20 14:40:11 -0700 References: <CAA93jw6mpDL6rLXM+9SpAhafkDdKoSfhAxU8UM87vUqjuzjYJw@mail.gmail.com> Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibip6t_frag.c
bca5b9afbe4b3823989f1e78f178203eb3bfa37d	21-Aug-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_conntrack: fix --ctproto 0 output First, we are missing XTOPT_PUT when trying to use XTOPT_POINTER. (Next commit will flag this.) Furthermore, l4proto is of type uint16_t, while XTTYPE_PROTOCOL wants a uint8_t so the idea would not work => revert v1.4.12~1^2. Bug goes back to v1.4.12~1^2. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_conntrack.c
c148c4ad2e28b94125c0c9954a887f0a473d598b	21-Aug-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_hashlimit: default htable-expire must be in milliseconds Bug goes back to v1.4.12~3^2~11. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_hashlimit.c
83c342b36a7048ab86827e09a4916064837293d3	21-Aug-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_dscp: restore inversion support References: Dave Täht via netfilter-devel on 2011-08-20 14:40:11 -0700 References: <CAA93jw6mpDL6rLXM+9SpAhafkDdKoSfhAxU8UM87vUqjuzjYJw@mail.gmail.com> Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_dscp.c
f17fd48448aafdc762a3b439864bcb1127b0da6c	21-Aug-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_dccp: fix random output of ! on --dccp-option dccp-option tests info->typemask, but it really should look at info->invflags instead. This bug goes back to commit v1.3.4~11. References: Dave Täht via netfilter-devel on 2011-08-20 14:40:11 -0700 References: <CAA93jw6mpDL6rLXM+9SpAhafkDdKoSfhAxU8UM87vUqjuzjYJw@mail.gmail.com> Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_dccp.c
ca48066aaa8179025c0b4e17ed40a4bc12487190	21-Aug-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_dccp: provide man pages options in short help too This omission goes back to commit v1.3.4~11. References: Dave Täht via netfilter-devel on 2011-08-20 14:40:11 -0700 References: <CAA93jw6mpDL6rLXM+9SpAhafkDdKoSfhAxU8UM87vUqjuzjYJw@mail.gmail.com> Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_dccp.c ibxt_dccp.man
f677e7b10c72bd3007c89d51eea13a0c2c3d262b	21-Aug-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_dccp: spell out option name on save This glitch goes back to commit v1.3.4~11. References: Dave Täht via netfilter-devel on 2011-08-20 14:40:11 -0700 References: <CAA93jw6mpDL6rLXM+9SpAhafkDdKoSfhAxU8UM87vUqjuzjYJw@mail.gmail.com> Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_dccp.c
7e66a657d0fbb8a3f27fd78c7bb27859d44002aa	21-Aug-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_dccp: fix deprecated intrapositional ordering of ! This bug goes back to v1.4.3~63. References: Dave Täht via netfilter-devel on 2011-08-20 14:40:11 -0700 References: <CAA93jw6mpDL6rLXM+9SpAhafkDdKoSfhAxU8UM87vUqjuzjYJw@mail.gmail.com> Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_dccp.c
d152d6acd6751884621e0b760fecc0d652aea479	21-Aug-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_dccp: restore missing XTOPT_INVERT tags for options This regression goes back to v1.4.11~19^2. References: Dave Täht via netfilter-devel on 2011-08-20 14:40:11 -0700 References: <CAA93jw6mpDL6rLXM+9SpAhafkDdKoSfhAxU8UM87vUqjuzjYJw@mail.gmail.com> Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_dccp.c
107dca41800f7aeb6600438ea3aaf0fd66019417	21-Aug-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_conntrack: remove one misleading comment Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_conntrack.c
79e1f97a966e82155ebc00b30e3b60c48d060448	21-Aug-2011	Jan Engelhardt <jengelh@medozas.de>	doc: clarify libxt_connlimit defaults Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_connlimit.man
3716dfd7eac3afa7fb3098952550e510c8df0220	12-Aug-2011	Dwight Davis <sivad_thgiwd@yahoo.ca>	libxt_string: fix space around arguments Fix oversight from commit v1.4.11~80. References: http://bugs.debian.org/637499 Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_string.c
886a89bf378e079e807cda2eb43573ca6c886d0a	20-Aug-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_set: put differing variable names in directly Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_SET.c ibxt_set.c
b6ad32fe050126e5557c19ab970547d1472e4728	10-Aug-2011	Bernard Massot <bernard@massot.ath.cx>	doc: fix typo in libxt_TRACE References: http://bugzilla.netfilter.org/show_bug.cgi?id=736 Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_TRACE.man
3dafef40228c372976eb714836ea097115d8fd03	20-Aug-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_tcp: always print the mask parts 0xFF is unlikely to happen (given that ALL translates to 0x3F at most), but assuming that through magic, 0xFF was put into memory, iptables -S/iptables-save would ignore printing it, practically outputting just one argument to --tcp-flags which currently wants two. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_tcp.c
085b233bd85173082cc872563505ad3755ac5455	20-Aug-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_set: update man page about kernel support on the feature Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_SET.man ibxt_set.man
bc3aeaafcf33e3e6a51948568f4f7a16304f619b	15-Aug-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_u32: fix missing allowance for inversion Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_u32.c
91ca4603f649a9b9fed4f2e31a8c005cdbdacd1e	09-Aug-2011	Patrick McHardy <kaber@trash.net>	Merge branch 'master' of git://dev.medozas.de/iptables
67156c0b9a3d35f5e7836e5683d8ca0b46ac36ca	01-Aug-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_string: define _GNU_SOURCE for strnlen On RHEL-5.6 and clones with its gcc-4.1.2 and glibc-2.5: libxt_string.c: In function "parse_string": libxt_string.c:84: warning: implicit declaration of function "strnlen" Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_string.c
4d8656ad9d0afd04820f125a85a7b673c7e74fe6	22-Jul-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_TCPMSS: restore build with IPv6-less libcs Commit v1.4.10-149-gea2a02f added an netinet/ip6.h include, which is not available on systems without IPv6 header files. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> NUmakefile.in ibxt_TCPMSS.c
1757ec846419c76da4e104f9675b40e05ac3eee6	22-Jul-2011	Jan Engelhardt <jengelh@medozas.de>	extensions: use multi-target registration Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_TCPMSS.c ibxt_TEE.c
88e0a097c3f23dadf041b60445c6c9802c502f15	11-Jul-2011	Patrick McHardy <kaber@trash.net>	Merge branch 'master' of git://dev.medozas.de/iptables
d22ceae71eaae9f641e002074fb49cd7925a7c2f	10-Jul-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_conntrack: move more data into the xt_option_entry Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_conntrack.c
34d9ce1b80618eebcf63e933cf4a15cc5482c0d2	10-Jul-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_conntrack: restore network-byte order for v1,v2 References: http://bugs.debian.org/632804 References: http://marc.info/?l=netfilter-devel&m=130999299016674&w=2 Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_conntrack.c
fbe9f1ecccb5ac02858fa7eee2979e0e4d97bb5f	09-Jul-2011	Jan Engelhardt <jengelh@medozas.de>	option: remove last traces of intrapositional negation Intrapositional negation was deprecated in 1.4.3. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_SET.c ibxt_rateest.c ibxt_sctp.c ibxt_set.c ibxt_tcp.c
411b390f3ffcd4708a0dfc0f2824a637de511cea	30-Jun-2011	Patrick McHardy <kaber@trash.net>	Merge branch 'master' of git://dev.medozas.de/iptables
92556c7047257284cc8659c769b800219cff47a5	30-Jun-2011	JP Abgrall <jpa@google.com>	quota2: fix inversion handling for --quota Change-Id: I55f21aaab3c90955b4ce61687651ada60f400037 Signed-off-by: JP Abgrall <jpa@google.com> ibxt_quota2.c
447ddfbfb3ed16ad0059f4559334670e9b9806ec	13-Jun-2011	Jakub Zawadzki <darkjames@darkjames.ath.cx>	doc: fix group range in libxt_NFLOG's man References: http://bugzilla.netfilter.org/show_bug.cgi?id=723 Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_NFLOG.man
622abc73b097e7e778b432e422fd3c1f035bcfd3	15-Jun-2011	Massimo Maggi <massimo@mmmm.it>	libxt_RATEEST: fix userspacesize field I cannot delete a rule by matching it if the target of the rule is RATEEST. Copy-paste from terminal: # iptables -t mangle -A PREROUTING -j RATEEST --rateest-name somename --rateest-interval 250ms --rateest-ewmalog 4s # iptables -t mangle -D PREROUTING -j RATEEST --rateest-name somename --rateest-interval 250ms --rateest-ewmalog 4s iptables: No chain/target/match by that name. I saw in comments of the kernel code that the last part of the struct xt_rateest_target_info is used only by kernel: struct xt_rateest_target_info { char name[IFNAMSIZ]; __s8 interval; __u8 ewma_log; /* Used internally by the kernel */ struct xt_rateest *est __attribute__((aligned(8))); }; but in struct xtables_target, .size and .userspacesize are equal. Simply correcting this solved the problem. References: http://bugzilla.netfilter.org/show_bug.cgi?id=724 Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_RATEEST.c
36574090407b87fbb72c752698c805ef87046ae8	24-Jun-2011	JP Abgrall <jpa@google.com>	xt_quota2: fixup so that it works with iptables It was using xtables-addons conventions: mostly incorrect arg parsing. Change-Id: I6d2ed5518d122616f252a9436b3b3dc1bd201133 Signed-off-by: JP Abgrall <jpa@google.com> ibxt_quota2.c
5caed2aebebf7c72dfa982f247ac35ec67a1b852	21-Jun-2011	JP Abgrall <jpa@google.com>	Adding the original quota2 from xtables-addons The original xt_quota in the kernel is plain broken: - counts quota at a per CPU level (was written back when ubiquitous SMP was just a dream) - provides no way to count across IPV4/IPV6. This patch is the original unaltered code from: http://sourceforge.net/projects/xtables-addons at commit e84391ce665cef046967f796dd91026851d6bbf3 Change-Id: Ia8b21394ea79ef55514748e96f769e40355a6ccf Signed-off-by: JP Abgrall <jpa@google.com> ibxt_quota2.c ibxt_quota2.man
68146dad91611bd8d6d12c8ba27219130d99607b	22-Jun-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_hashlimit: use a more obvious expiry value by default Due to the previous default expiry of 10 sec, "--hashlimit 1/min" would allow matching up to 6/min if a properly timed. To do what the user expects, the minimum expiry must equal the selected time quantum however. Cc: Jan Rovner <jan.rovner@diadema.cz> Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_hashlimit.c
70cb0a6d3e09f64f9a05870d694ac0160319de9a	22-Jun-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_state: fix regression about inversion of main option Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_state.c
017e7b7e1cf4fb63208e46592d06cc030f6d552d	22-Jun-2011	Jan Engelhardt <jengelh@medozas.de>	libip6t_HL: fix option names from ttl -> hl Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibip6t_HL.c
12bc22a9d3e4ae4a3276dbae1cf3bd50ef5dbe9d	21-Jun-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_RATEEST: abolish global variables Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_RATEEST.c
4a96d2e2c9d8c43b58d9490cd1d2ae2d1b3e0bef	21-Jun-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_rateest: abolish global variables Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_rateest.c
68818f746bf9c68de04a75fbe756bf2c73e0fb32	21-Jun-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_RATEEST: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_RATEEST.c
4e98e81ecdcc321d232edc42fac168d257e712ff	21-Jun-2011	Jan Engelhardt <jengelh@medozas.de>	libipt_LOG: fix ignoring all but last flags Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibip6t_LOG.c ibipt_LOG.c
3b7a22b44d74b9b05d5e4b0529ebf72c49dcbff5	17-Jun-2011	Fernando Luis Vazquez Cao <fernando@oss.ntt.co.jp>	doc: document IPv6 TOS mangling bug in old Linux kernels In Linux kernels up to and including 2.6.38, with the exception of longterm releases 2.6.32.42 (or later) and 2.6.33.15 (or later), there is a bug (*) whereby IPv6 TOS mangling does not behave as documented and differs from the IPv4 version. The TOS mask indicates the bits one wants to zero out, so it needs to be inverted before applying it to the original TOS field. However, the aformentioned kernels forgo the inversion which breaks --set-tos and its mnemonics. (*) Fixed by upstream commit: 1ed2f73d90fb49bcf5704aee7e9084adb882bfc5 (netfilter: IPv6: fix DSCP mangle code) Signed-off-by: Fernando Luis Vazquez Cao <fernando@oss.ntt.co.jp> Signed-off-by: Patrick McHardy <kaber@trash.net> ibxt_TOS.man
8b4807f0a1d98f1d980d3d616ad565c9b72d7c49	11-Jun-2011	JP Abgrall <jpa@google.com>	Post-merge fixup. Add new Android.mk, re-checkin generated files They have no more compilable files in the top dir. Created extra Android.mk for each subdir. Regenerated the include/iptables/internal.h and include/xtables.h with ./autogen.sh export ANDROID_ROOT=$(gettop)/prebuilt/linux-x86/toolchain/arm-linux-androideabi-4.4.x/ ./configure -host=arm-eabi CC=arm-linux-androideabi-gcc CPPFLAGS="$funky_includes" CFLAGS="-nostdlib" LDFLAGS="-Wl,-rpath-link=$ANDROID_ROOT/arm-linux-androideabi/lib -L$ANDROID_ROOT/arm-linux-androideabi/lib" Change-Id: Ia57ed699edd32ffce16e94e2f13fb93d94924a04 ndroid.mk
ebf81627b1a2f50fd47add49f9976ed430a19673	11-Jun-2011	JP Abgrall <jpa@google.com>	Merge git://git.netfilter.org/iptables into v1.4.11_upstream Using theirs, as they have taken some of my prior changes\ with some improvements. Conflicts: include/xtables.h.in iptables/xtables.c iptables/xtoptions.c Change-Id: I8e1e537fbb868eeebb448c8f1d9e33b283448aac
0727c2cea3ccd2b5bad4d6467125132cc700ad39	08-Jun-2011	Vlad Dogaru <ddvlad@rosedu.org>	doc: fix MASQUERADE section of man page The section about MASQUERADE specifies that it takes a single option, but in reality it takes two: --to-ports and --random. Signed-off-by: Vlad Dogaru <ddvlad@rosedu.org> Signed-off-by: Patrick McHardy <kaber@trash.net> ibipt_MASQUERADE.man
a1cd1f2a4a35427c68cd0d1bd2761d5be42b12b1	07-Mar-2011	Elie De Brauwer <eliedebrauwer@gmail.com>	doc: fix trivial typo in libipt_SNAT The word "occur" had ufortunately been removed in v1.3.8~23. References: http://bugzilla.netfilter.org/show_bug.cgi?id=707 Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibipt_SNAT.man
6918795519ddbf4d0efa9aa5b1b51cdafb99c55a	03-Apr-2011	Mike Frysinger <vapier@gentoo.org>	build: move remaining preprocessor flags to CPPFLAGS References; http://bugzilla.netfilter.org/show_bug.cgi?id=713 Signed-off-by: Jan Engelhardt <jengelh@medozas.de> NUmakefile.in
5085c3a037fa9327377dec7540d9c3ef2d53a58e	01-Jun-2011	Jan Engelhardt <jengelh@medozas.de>	build: move kinclude's preprocessor flags to kinclude_CPPFLAGS References: http://bugzilla.netfilter.org/show_bug.cgi?id=713 Signed-off-by: Jan Engelhardt <jengelh@medozas.de> NUmakefile.in
8e336251e155888f0ac2c79259f8792fc31920a1	01-Jun-2011	Jan Engelhardt <jengelh@medozas.de>	build: move basic preprocessor flags to regular_CPPFLAGS This is where they belong, after all. References: http://bugzilla.netfilter.org/show_bug.cgi?id=713 Signed-off-by: Jan Engelhardt <jengelh@medozas.de> NUmakefile.in
874b76221f74a00520a712ef89b5254a1ed896f8	29-May-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_owner: restore inversion support Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_owner.c
790845385fb84ce8e79a96e91fc6c4f7df60713d	25-May-2011	Patrick McHardy <kaber@trash.net>	Merge branch 'master' of git://dev.medozas.de/iptables
db50b83bc3cd634beb71f38978ad7d035c88ff11	23-May-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_time: deprecate --localtz option, document kernel TZ caveats Comparing against the kernel time zone has significant caveats. This patch adds documentation about the issue, and makes --utc the default setting for libxt_time. Furthremore, throw a warning on using the "--localtz" option, to avoid confusion with one's shell TZ environment variable, and rename it to "--kerneltz" to be explicit about whose timezone will be used. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_time.c ibxt_time.man
1201871343223d9781253283a64686be4e63ad52	23-May-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_time: --utc and --localtz are mutually exclusive Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_time.c
b1319cc083de658c0007da93f25d19874f75d55f	23-May-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_time: always ignore libc timezone Since xt_time is meant to work across many months, libc doing automatic conversion from local time to UTC (during parse) is unwanted, especially when --utc is specified. The same goes for dumping. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_time.c
d8784613a5be2821ff910cd4c2bfe889a9b306c5	25-May-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_NFQUEUE: add mutual exclusion between qnum and qbal Only one is printed on save operation, which leads me to believe that only one is meant to be used. The manpage seems to corroborate. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_NFQUEUE.c
089585f14fda80508e26ea019703add07cb72f64	25-May-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_NFQUEUE: avoid double attempt at parsing Fixes this error: NFQUEUE: option "--queue-num" can only be used once. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_NFQUEUE.c
6944f2c8190f1c4319aeac748470c71b0ba45025	24-May-2011	Jan Engelhardt <jengelh@medozas.de>	libxtables: have xtopt_parse_mint interpret partially-spec'd ranges When ":n" or "n:" is specified, it will now be interpreted as "0:n" and "n:<max>", respecitvely. nvals will always reflect the number of (expanded) components. This restores the functionality of options that take such partially-unspecified ranges. This makes it possible to nuke the per-matchdata init functions of some extensions and simply the extensions postparsing to the point where it only needs to check for nvals==1 or ==2. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibip6t_ah.c ibip6t_frag.c ibip6t_rt.c ibipt_ah.c ibxt_conntrack.c ibxt_esp.c ibxt_length.c
319046c3f96f810f81a5a2e6189ba87527e882f1	24-May-2011	Jan Engelhardt <jengelh@medozas.de>	libip6t_rt: restore --rt-type storing Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibip6t_rt.c
5a66f40d2f64e8792e1360906d3d6a1c829ba2b7	24-May-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_u32: --u32 option is required Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_u32.c
c52f7aa866ee3cdc0e0dc67f3eae629055a126dc	23-May-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_ipvs: restore network-byte order Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_ipvs.c
9039600d2a50970274b5a13f6f616e38cc9c3e6d	23-May-2011	Jan Engelhardt <jengelh@medozas.de>	doc: remove redundant .IP calls in libxt_time Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_time.man
4f0d5a7fd4cb1452493921446603c837316e0179	23-May-2011	Jan Engelhardt <jengelh@medozas.de>	doc: use .IP list for TCPMSS Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_TCPMSS.man
17f7937f79af4d260c60cb800e56fc0df0a48b37	23-May-2011	Lutz Jaenicke <ljaenicke@innominate.com>	libxt_devgroup: actually set XT_DEVGROUP_OPT_???GROUP flags Signed-off-by: Lutz Jaenicke <ljaenicke@innominate.com> Signed-off-by: Patrick McHardy <kaber@trash.net> ibxt_devgroup.c
25ea60de20fb5f7981a0170eb05c0c9a61525763	17-May-2011	Jan Engelhardt <jengelh@medozas.de>	doc: make usage of libxt_rateest more obvious Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_rateest.man
88cfbe258b0d30ef26fae8da5484b08e65292a09	21-May-2011	Jan Engelhardt <jengelh@medozas.de>	doc: add some coded option examples to libxt_hashlimit Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_hashlimit.man
60b9051f64869434c5bab6739556cb1975232267	20-May-2011	JP Abgrall <jpa@google.com>	androidify build: Add Android.mk and support script The Android.mk is based on what a generated makefile would look like. The extra filter_init script is to work around the fact that we can't have -D_INIT=lib$*_init passed down as some compile flags due to $*. This is used to rename all the modules' init() functions. Some modules are excluded because they are not needed and would require more changes in bionic to accommodate the needed types. Change-Id: I9422a5d30ff22a56f28b2c80f6aba8d28b28a051 Signed-off-by: JP Abgrall <jpa@google.com> ilter_init
463628b03eec6e7456ca5121f9b81af7f4690e08	12-May-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_rateest: streamline case display of units Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_rateest.c
67db7615580f5c3490a39310f5adcb4e767ea6a8	20-May-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_quota: readd missing XTOPT_PUT request Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_quota.c
b65b9fe5096bd49a9ec2f0f6c2f23d274cfc88ee	19-May-2011	JP Abgrall <jpa@google.com>	xtoptions + quota: parse and store 64bit values The xtables_strtoul() would cram a long long into a long. The parse_int would try to cram a UINT64 into a long. The quota_parse would just ignore whatever value was parsed. Change-Id: Ie1f05e98e974a255d962dd757a5592458f942f8b ibxt_quota.c
ae06c6dc6d68d11ed15d4c6c47b7b7a709d3c9cb	18-May-2011	Lutz Jaenicke <ljaenicke@innominate.com>	libipt_REDIRECT: "--to-ports" is not mandatory The REDIRECT target can be called without the --to-ports option being specified. From the manual page: ...without this, the destination port is never altered. Signed-off-by: Lutz Jaenicke <ljaenicke@innominate.com> Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibipt_REDIRECT.c
c02c92d1fcaa1223caf9a5eef32bedcb78f1e714	18-May-2011	Jan Engelhardt <jengelh@medozas.de>	libxtables: retract _NE types and use a flag instead Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_TPROXY.c
65c0621d48e818d75f8c2810e93eb405a6d31406	13-May-2011	Jan Engelhardt <jengelh@medozas.de>	libip6t_rt: rt-0-not-strict should take no arg This unfortunately got mixed up during the getopt -> guided parser move. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibip6t_rt.c
9bfedca6347c2e079e569954197777813f4ef2fb	13-May-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_conntrack: resolve erroneous rev-2 port range message --ctorigdstport 13 ip6tables-restore v1.4.10: conntrack rev 2 does not support port ranges Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_conntrack.c
fe9922cb4f1fb75072970dd09605fdc056b96195	13-May-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_conntrack: fix assignment to wrong member Of course the range end ought to be set, not doing the start value twice. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_conntrack.c
10dbcd0bfb5a62a71a706d11134f83b0539f4dd3	13-May-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_conntrack: correct printed module name Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_conntrack.c
f25b2355e889290879c8cecad3dd24ec0c384fb8	13-May-2011	Jan Engelhardt <jengelh@medozas.de>	libipt_[SD]NAT: avoid false error about multiple destinations specified iptables-restore v1.4.10: DNAT: Multiple --to-destination not supported xtables_option_parse sets cb->xflags already, so that it cannot be directly used to test whether an option is being used for the second time. Thus use a private option/flag (X_TO_DEST/SRC) that is not under the control of xtables_option_parse. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibipt_DNAT.c ibipt_SNAT.c
e82d031af24c8155357c6f2d2b2e236bd6cf67e4	13-May-2011	Jan Engelhardt <jengelh@medozas.de>	libipt_[SD]NAT: flag up module name on error Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibipt_DNAT.c ibipt_SNAT.c
cdc8e0b252c14a17b47e1c89a2fa4dbac2002473	12-May-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_policy: use XTTYPE_PROTOCOL type Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_policy.c
15392934cf81ef85e2a1c21380c61a7a42e260d5	12-May-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_policy: option table fixes, improved error tracking Most of the flags are multi-use in this extension. Also transfer --next => --strict requirement to option table. Furthermore, augment the error messages emitted from fcheck to contain the policy element number, and elaborate on what an "empty policy element" is. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_policy.c ibxt_policy.man
59ce5bd1d05225911051a4c46ce5ccdd7c1ed078	12-May-2011	Patrick McHardy <kaber@trash.net>	Merge branch 'floating/opts' of git://dev.medozas.de/iptables
8075493a00e06857147263574333df4073ea671b	11-May-2011	Patrick McHardy <kaber@trash.net>	Merge branch 'opts' of git://dev.medozas.de/iptables
77b6230adfe51836ad5b31b41638b43e9b0062e2	11-May-2011	Patrick McHardy <kaber@trash.net>	Merge branch 'master' of git://dev.medozas.de/iptables
c29f7ef7cb5a31620060ef721d3c65b343eb537a	09-May-2011	Patrick McHardy <kaber@trash.net>	Merge branch 'opts' of git://dev.medozas.de/iptables
8d14aeb8c4c3dc8ce9264b04b97f2e8634c1f381	09-May-2011	Jan Engelhardt <jengelh@medozas.de>	libipt_SAME: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibipt_SAME.c
c0bba1a8033ce15d1eec80da94c8f249a967568e	09-May-2011	Jan Engelhardt <jengelh@medozas.de>	libipt_REDIRECT: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibipt_REDIRECT.c
bf07750fd4fc5f5e603e59e72d62696d2389e9b3	08-May-2011	Jan Engelhardt <jengelh@medozas.de>	libipt_MASQUERADE: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibipt_MASQUERADE.c
9f4a637ee5856e8f260e3f3867782ed5584e00f9	08-May-2011	Jan Engelhardt <jengelh@medozas.de>	libipt_SNAT: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibipt_SNAT.c
f875e84427de17b34ecb69a56d87161571ffab76	08-May-2011	Jan Engelhardt <jengelh@medozas.de>	libipt_DNAT: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibipt_DNAT.c
ce4b79577fa9c1ed68c36797890d39ca5ba9a8bf	07-May-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_iprange: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_iprange.c
4eb3d6da8f677f978126bb00928f64da15c3d623	08-May-2011	Jan Engelhardt <jengelh@medozas.de>	libipt_CLUSTERIP: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibipt_CLUSTERIP.c
7e79d139c1ea6e1b72bbedc53c0426c9d5ffa0e0	07-May-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_mac: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_mac.c
1f8e52ed2ac513476dc93fedde915079c4387728	08-May-2011	Jan Engelhardt <jengelh@medozas.de>	libip6t_rt: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibip6t_rt.c
7752e649cec9d23b867d166ace38d213f0584077	08-May-2011	Jan Engelhardt <jengelh@medozas.de>	libip6t_mh: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibip6t_mh.c
73425492d4c57d34a616d948666ac75ecc612eed	08-May-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_conntrack: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_conntrack.c
58e9118dc61c9ff656c0140c429f0fa892c36ac5	09-May-2011	Jan Engelhardt <jengelh@medozas.de>	doc: S/DNAT allows to omit IP addresses Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibipt_DNAT.c ibipt_DNAT.man ibipt_SNAT.c ibipt_SNAT.man
edc2b1adf32d2b11e126174f525293b3bca6e7bc	09-May-2011	Patrick McHardy <kaber@trash.net>	Merge branch 'opts' of git://dev.medozas.de/iptables
372203af4c70fb20bc7ff3a49788b9bbf57d2eb1	07-May-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_ipvs: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_ipvs.c
0f77e2e40a498688f3d8f8a65bf74ce13db893b2	07-May-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_limit: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_limit.c
ef7d2e845f72fd3a01c9d89e73c90de5dcca73a7	08-May-2011	Jan Engelhardt <jengelh@medozas.de>	libipt_NETMAP: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibipt_NETMAP.c
87a34d7aef2cba833f4f36536575dee304bbece5	07-May-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_multiport: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_multiport.c
94cd683a969e024ec870df258fafd790b8a1abf1	06-May-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_osf: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_osf.c
21d243c3152f0798683aacbf95acfc8c1378924e	06-May-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_owner: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_owner.c
d441ad6a68c5d65344449962f4648d297d453b6c	06-May-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_policy: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_policy.c
fe02f76e013941a7f65f57f297d3177bcfeb0623	04-May-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_hashlimit: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_hashlimit.c
d7282413763b0ba85d512c1cd49174b762ff449c	04-May-2011	Jan Engelhardt <jengelh@medozas.de>	libxtables: do not overlay addr and mask parts, and cleanup XTTYPE_HOSTMASK will require that what has now become haddr, hmask/hlen are not overlays of another. Thus relax the structure and always set all members of the {haddr, hmask, hlen} triplet now for all types that touch any of the members. Add some more comments and clean out ONEHOST. ibxt_TEE.c ibxt_TPROXY.c
51a746e6b1d66ca546fd2f8a1f7809868174e637	04-May-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_recent: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_recent.c
27adf1ec123b949f1c7b48fbdef67d1d4ed18901	01-May-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_connlimit: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_connlimit.c
6cfb28bb9032dcf2749ff80f88ad37b9fe5e7c2a	01-May-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_NFLOG: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_NFLOG.c
a0b2facfa1fe70d9a9e628b09bc4895de0bfd672	01-May-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_IDLETIMER: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_IDLETIMER.c
3c7f501545828965908cc28fc40f7da2be747561	02-May-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_statistic: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_statistic.c
39d3aa36ea38668a2c343b5af42b2d8d3616a9de	02-May-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_statistic: increase precision on create and dump Currently, libxt_statistic only dumps the probability with a granularity of 1/1000000. Assuming only stuffed packets with 1440 bytes payload, this would match approximately every 1.341 GB, which is pretty low for a high-volume router. Trying to match any larger interval than that (e.g. 2 GB) will cause libxt_statistic to output "--probability 0.000000", and when restored, will cause it to never match again. Bump the dump precision to what xt_statistic can really do, and adjust the manpage to include a word about it. Furthermore, employ explicit rounding when reading the argument from the command line, because the previous implicit conversion would use truncation, which is not very exact. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_statistic.c ibxt_statistic.man
d118d21ea3108f94ca1f84f11dd39f3f12e9ee2b	02-May-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_statistic: streamline and document possible placement of negation Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_statistic.c ibxt_statistic.man
dd6e4b90b5b2dbc2bbaac5008e26949a18478197	07-May-2011	Jan Engelhardt <jengelh@medozas.de>	extensions: const annotations Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibip6t_ipv6header.c ibip6t_rt.c ibxt_dccp.c ibxt_multiport.c ibxt_policy.c ibxt_sctp.c ibxt_tcp.c ibxt_udp.c
752a30dfe4429ec2623a3c1181e1499b87158c5c	06-May-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_owner: remove ifdef IPT_COMM_OWNER Ever since we keep a copy of the header files anyway, IPT_COMM_OWNER is always available. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_owner.c
104fb318d22231c9edf9d61ef84cc84386e52d6b	07-May-2011	Jan Engelhardt <jengelh@medozas.de>	extensions: remove bogus use of XT_GETOPT_TABLEEND Commit v1.4.8-36-g32b8e61 added this end marker in a little too many places: at non-getopt places. Fix that. Also change the definition of XT_GETOPT_TABLEEND to reference a struct getopt member by name so that this cannot happen again. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_TCPOPTSTRIP.c ibxt_rateest.c
373e8513c4b9b0491e46ae89397ead03d093ee76	06-May-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_u32: add missing call to xtables_option_parse Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_u32.c
06312dab6c530a214a4e7bad1b2329381430bddc	01-May-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_tos: add inversion support back again It was unfortunately removed during the option parser switch. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_tos.c
753bbed383cde1c18e05b5b726b6c28afbde3a3c	20-Apr-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_dccp: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_dccp.c
2e73af96178f0ed7ebbd99478f1bc05ec5c86dc7	19-Apr-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_udp: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_udp.c
ee1fbbe536c6dd3a252886815314cf910d672ca6	29-Apr-2011	Jan Engelhardt <jengelh@medozas.de>	extensions: remove unused TOS code Signed-off-by: Jan Engelhardt <jengelh@medozas.de> os_values.c
d8f591993eb610b41f3170a94a879edd24ad348a	29-Apr-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_tos: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_tos.c
61cc52b6f9edfa3efb1d0c9ea9531abb42828ec2	29-Apr-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_TOS: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_TOS.c
9a9694fbf1796a6a5011b60b2a15c01fa3c61368	06-Apr-2011	Maciej Żenczykowski <maze@google.com>	Move common parts of libext{4,6}.a into libext.a Signed-off-by: Maciej Zenczykowski <maze@google.com> NUmakefile.in
57a92c7b7ed01ad8f49c680af63341409c3afb1a	18-Apr-2011	Patrick McHardy <kaber@trash.net>	Merge branch 'floating/opts' of git://dev.medozas.de/iptables
e39f367d905670e39e6f08d2b73c715a6d0b4bfb	17-Apr-2011	Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>	SET target revision 2 added The new revision of the SET target supports the following new operations - specifying the timeout value of the entry to be added - flag to instruct the kernel that if the entry already exists then reset the timeout value to the specified one (or to the default from the set definition) ibxt_SET.c ibxt_SET.man ibxt_set.c
d44c31ac8e52f34e058f44aba14f679abcc7edf9	14-Apr-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_TEE: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_TEE.c
1f2474ae5276e49005c8e234dec091b007e3fce2	08-Mar-2011	Jan Engelhardt <jengelh@medozas.de>	libipt_ULOG: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibipt_ULOG.c
64cb56e3e894f6b8b523ecb45f91abe43b07cf0c	09-Feb-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_TPROXY: use guided option parser I am starting with a simple module here that does not require a final_check function. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_TPROXY.c
0dd344a9bedc24feb6ad99d4620bdc7da171c72d	15-Feb-2011	Jan Engelhardt <jengelh@medozas.de>	libip[6]t_LOG: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibip6t_LOG.c ibipt_LOG.c
c618a0b1d3696c30f7791a427da9ba60186dfe05	06-Mar-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_string: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_string.c
ea2a02f7e961011b2e226c25a5e8ff49e1f84278	06-Mar-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_TCPMSS: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_TCPMSS.c
478be25c3b64e0f2ddbd2aa97ebe78df7ca00c0a	06-Mar-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_NFQUEUE: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_NFQUEUE.c
a05562e1e2fb2e18f34d29ec57c4217a3014d1f2	06-Mar-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_CT: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_CT.c
09631dc60ce41bc484a42fcf4d4ddf7036820bd1	06-Mar-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_connbytes: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_connbytes.c
ba77b9b142b55c856b0a2950eddece7ad7e6bfbc	06-Mar-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_tcpmss: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_tcpmss.c
c15f9e3f6d8552cddfc858b115d996c7cf5b47e9	06-Mar-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_length: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_length.c
f04d48879fea70451148d7867d5a388efe63b48f	06-Mar-2011	Jan Engelhardt <jengelh@medozas.de>	libipt_realm: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibipt_realm.c
5d8e61ef4636383ca47cd748cd7457a238de37a6	06-Mar-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_devgroup: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_devgroup.c
1e6c1ee1bf2822d5fdf61725148700a410fb8b86	06-Mar-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_quota: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_quota.c
7299fa4b615d7f7ee12cde444266f6b31f667f9f	06-Mar-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_CONNMARK: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_CONNMARK.c ibxt_connmark.c
60756e7f8be9242b606f1b5fbcb38f45e4de29c5	06-Mar-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_MARK: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_MARK.c ibxt_mark.c
316ae9d2f1996caea4cf221201accb8c2087a154	13-Apr-2011	Patrick McHardy <kaber@trash.net>	Merge branch 'opts' of git://dev.medozas.de/iptables
cd50f26ad6016ae57af1f822f8aa3ceb2ef9727a	12-Apr-2011	Patrick McHardy <kaber@trash.net>	Merge branch 'opts' of git://dev.medozas.de/iptables
884d2675f1a880ffcc072da69ab8c9aaea2a3bce	12-Apr-2011	Patrick McHardy <kaber@trash.net>	Merge branch 'master' of vishnu.netfilter.org:/data/git/iptables
aeb8af909befedbfc85e9f184471b219e4ea191a	09-Apr-2011	Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>	Fix set match/target direction parser The direction parser did not catch when more src/dst direction parameters were supplied than allowed. ibxt_set.h
c0431520a5f91e754cec8d827d8f978da4241717	06-Apr-2011	Jan Engelhardt <jengelh@medozas.de>	doc: avoid duplicate entries in manpage Commit v1.4.9-35-gd4105ad changed from [A-Z] and [a-z] to use [[:alnum:]], which unfortunately drew matches into the target section, and targets into the match section. [[:upper:]] and [[:lower:]] should have been used instead, of course. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> NUmakefile.in
4f7f187ffe1773487071b413491f062d141309dd	02-Mar-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_u32: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_u32.c
d64d54777b4a9405a8229a533e44a2e80f000a9f	02-Mar-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_time: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_time.c
72ef3d3063ce7a12ee199f9539e958b4f4ca561d	02-Mar-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_state: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_state.c
de31da35a8042db0ea1b106b77d03a5920e7198b	02-Mar-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_pkttype: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_pkttype.c
2291d887cea2412af380f1ae995ddfee0362386b	02-Mar-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_physdev: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_physdev.c
76e18aeaa67940544a3d5b740a37dce4f169a108	02-Mar-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_helper: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_helper.c
cc2511ee64df98e45d0b42a93a9b789b9726d4b9	01-Mar-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_comment: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_comment.c
693420f27bea05ef22a218cd599e42af5b014453	02-Mar-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_TCPOPTSTRIP: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_TCPOPTSTRIP.c
03fe3d289ded9b1b8640e4be1398b0cf1f7e4fa0	02-Mar-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_SECMARK: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_SECMARK.c
942f140a57745f5e12d6a8cd2a4ca3f51ef4403a	06-Mar-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_LED: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_LED.c
72c359784a03b1ea46a9964e5c1f8636a52507dd	01-Mar-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_DSCP: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_DSCP.c ibxt_dscp.c
35459f05f5addd1b92c32a241863995aa619495b	01-Mar-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_CLASSIFY: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_CLASSIFY.c
ba3b73f0d3aae8188ff0b75d0839c841352f7760	01-Mar-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_AUDIT: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_AUDIT.c
94c5d622b2c88d78a153b9e2986467c84417020d	01-Mar-2011	Jan Engelhardt <jengelh@medozas.de>	libipt_addrtype: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibipt_addrtype.c
e36463232e2f1fe9363700b2740c2a82dbf1821d	03-Mar-2011	Jan Engelhardt <jengelh@medozas.de>	libipt_ECN: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibipt_ECN.c ibipt_ecn.c
b26d08b56eb81779589eb43fb0f636ac9eb51cb2	01-Mar-2011	Jan Engelhardt <jengelh@medozas.de>	libip6t_ipv6header: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibip6t_ipv6header.c
1b8db4f4ca250f13a0e7edddb31cfc1f82d42806	01-Mar-2011	Jan Engelhardt <jengelh@medozas.de>	libip[6]t_icmp: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibip6t_icmp6.c ibipt_icmp.c
7a969bb06cef93b6b0dadbb784c30d33856445d1	03-Mar-2011	Jan Engelhardt <jengelh@medozas.de>	libip6t_hbh: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibip6t_hbh.c
082e9e11ed345572e2bf4790a5f8ba5245164fc6	18-Feb-2011	Jan Engelhardt <jengelh@medozas.de>	libip6t_dst: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibip6t_dst.c
b313d8f3f78c62cce930728bc9163ecf942c22e8	16-Feb-2011	Jan Engelhardt <jengelh@medozas.de>	libip[6]t_REJECT: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibip6t_REJECT.c ibipt_REJECT.c
a3876fa13ffe792e209cc1a8ac1214946c898eea	27-Feb-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_esp: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_esp.c
7c51e38d7586e2f6207c78743cc955e8778a925d	18-Feb-2011	Jan Engelhardt <jengelh@medozas.de>	libip6t_frag: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibip6t_frag.c
4d6ede0b324e5e9dcbb1d7cc2a7aebed9e56821a	16-Feb-2011	Jan Engelhardt <jengelh@medozas.de>	libip[6]t_ah: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibip6t_ah.c ibipt_ah.c
dba0839a103fe0384b41a8f08a3b3a5f9eba732b	18-Feb-2011	Jan Engelhardt <jengelh@medozas.de>	libip[6]t_hl: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibip6t_hl.c ibipt_ttl.c
fa728c88fd0bfdc3f2bdb79beed91cd9e1fca5e5	13-Feb-2011	Jan Engelhardt <jengelh@medozas.de>	libip[6]t_HL: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibip6t_HL.c ibipt_TTL.c
b18ffe3636b07cd817628de81643136e4755a944	27-Feb-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_cluster: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_cluster.c
93112921153c43dc0521be499f6a792d2aaae5e9	18-Feb-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_cpu: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_cpu.c
97265fb806dffc6fd87ee5e0f0963dfbe7a094f6	27-Feb-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_CONNSECMARK: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_CONNSECMARK.c
9c5c10554c61f0b22cbc65b27b765fa8172040f7	18-Feb-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_socket: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_socket.c
f92bca9da4ee68f05dbb827a8444804a8edb1b87	27-Feb-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_CHECKSUM: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_CHECKSUM.c
458d84de2412b43604a8efe2b82a2084a2859a46	01-Mar-2011	Jan Engelhardt <jengelh@medozas.de>	extensions: add missing checks for specific flags (2) Addendum to v1.4.10-75-g4e5d4bf. It does not make sense to use ipv6header's --soft without specifying any options. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibip6t_ipv6header.c
49d8c5d564cad70c5c1bef2d5571e8e494454210	04-Apr-2011	Maciej Zenczykowski <maze@google.com>	v6: rename init_extensions() to init_extensions6() Signed-off-by: Maciej Zenczykowski <maze@google.com> Signed-off-by: Patrick McHardy <kaber@trash.net> NUmakefile.in
5e8f947becc00a79e78b2a6cf0e25fd674c57ec4	04-Apr-2011	Maciej Zenczykowski <maze@google.com>	v4: rename init_extensions() to init_extensions4() Signed-off-by: Maciej Zenczykowski <maze@google.com> Signed-off-by: Patrick McHardy <kaber@trash.net> NUmakefile.in
a239728ec064666025de2723997d87b176d57fd6	04-Apr-2011	Maciej Zenczykowski <maze@google.com>	mark newly opened fds as FD_CLOEXEC (close on exec) (This is iptables-1.4.3.1-cloexec.patch from RedHat iptables.src.rpm) Signed-off-by: Maciej Zenczykowski <maze@google.com> Signed-off-by: Patrick McHardy <kaber@trash.net> ibipt_realm.c
8d6492d582c7284217c042d5638cf50174e5fbfd	04-Apr-2011	Maciej Zenczykowski <maze@google.com>	man pages: allow underscores in match and target names Signed-off-by: Maciej Zenczykowski <maze@google.com> Signed-off-by: Patrick McHardy <kaber@trash.net> NUmakefile.in
df37d99b0cba63443d4224187f2d5a0c299ad7ad	04-Apr-2011	Mark Montague <mark@catseye.org>	iptables: documentation for iptables and ip6tables "security" tables Add documentation for the iptables and ip6tables "security" tables. Based on http://lwn.net/Articles/267140/ and kernel source. Signed-off-by: Mark Montague <mark@catseye.org> Signed-off-by: Patrick McHardy <kaber@trash.net> ibxt_CONNSECMARK.man ibxt_SECMARK.man
c7948744bf591e0c46b6d19ccfa408cc59e11ef1	16-Mar-2011	Thomas Graf <tgraf@redhat.com>	iptables: add manual page section for AUDIT target Signed-off-by: Thomas Graf <tgraf@redhat.com> Signed-off-by: Patrick McHardy <kaber@trash.net> ibxt_AUDIT.man
2d039bcf8421c992fb74849facc2d7205960f68e	21-Feb-2011	Jan Engelhardt <jengelh@medozas.de>	doc: rateest options can be optional Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_rateest.man
8a5270b14908b3173de080a958e50e21e2f046de	20-Feb-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_quota: require --quota to be specified It is pretty pointless to use -m quota without specifying --quota. There would be nothing left to count down on. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_quota.c
37f6d57c4e030a459ccafafd8a574e327315e148	20-Feb-2011	Jan Engelhardt <jengelh@medozas.de>	doc: fix odd partial sentence in libipt_TTL Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibipt_TTL.man
887f58666af9ccde7051169aa9d6160d7e09ec46	20-Feb-2011	Jan Engelhardt <jengelh@medozas.de>	doc: mention other possible nf_loggers for TRACE Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_TRACE.man
094f104af71ca859c7c44406baed401659ad9421	19-Feb-2011	Jan Engelhardt <jengelh@medozas.de>	libipt_ECN: set proper option flags When specifying --ecn-tcp-remove, *flags will be wrongly set to denote that --ecn-ip-ect had been specified. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibipt_ECN.c
4e5d4bff933d77158d9d32b4f87c5842decf670e	19-Feb-2011	Jan Engelhardt <jengelh@medozas.de>	extensions: add missing checks for specific flags With "!flags", any option will be accepted. The extensions however want one very specific option to be used (or wrong help text). Commits: DNAT: v1.3.8~23, osf: v1.4.6~3 Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibipt_DNAT.c ibipt_ECN.c ibxt_osf.c
b9210cfd9da3d57610be4e86ef45c48dd1b65edf	19-Feb-2011	Jan Engelhardt <jengelh@medozas.de>	libip6t_hbh: remove unimplemented --hbh-not-strict Same as with ip6t_dst. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibip6t_hbh.c
7a1043bcb6ac6315c991cf02c9a12568398fc837	18-Feb-2011	Jan Engelhardt <jengelh@medozas.de>	libip6t_dst: remove unimplemented --dst-not-strict This was never ever implemented in the kernel, so just remove it. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibip6t_dst.c
86786bf3a5e875232ae63d9f9b3dbb542ac2e392	18-Feb-2011	Jan Engelhardt <jengelh@medozas.de>	Remove unused CVS expanded keywords Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibipt_ECN.c ibipt_TTL.c ibipt_ttl.c
e88a7c2c7175742b58b6aa03f2b5aba2d80330a1	18-Feb-2011	Jan Engelhardt <jengelh@medozas.de>	extensions: remove redundant init functions The main program already zeroes the per-extension data block. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibip6t_ah.c ibip6t_dst.c ibip6t_frag.c ibip6t_hbh.c ibip6t_ipv6header.c ibip6t_rt.c ibipt_SAME.c ibxt_NFLOG.c ibxt_RATEEST.c ibxt_TCPOPTSTRIP.c ibxt_dccp.c ibxt_hashlimit.c ibxt_sctp.c ibxt_string.c
12a18d6043092bd2574b2bced635259b16317e57	18-Feb-2011	Jan Engelhardt <jengelh@medozas.de>	doc: fix misspelling of "field" Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibip6t_ah.c ibip6t_frag.c ibip6t_rt.c
c2efcd321271e6658d9cad87eff0a09d16f2766e	17-Feb-2011	Jan Engelhardt <jengelh@medozas.de>	doc: fix wrong sentence about negation in xt_limit This is an update to commit v1.4.7~6. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_limit.man
e1df221d7a1b3df0224d94865ec05ba336995608	15-Feb-2011	Jan Engelhardt <jengelh@medozas.de>	extensions: fix indent of vtable Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibip6t_LOG.c ibipt_LOG.c ibipt_ecn.c ibxt_recent.c
c0f6d17764e9bc1724cedd78b880a80446363146	16-Feb-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_devgroup: option whitespace update following v1.4.10-49-g7386635 Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_devgroup.c
e76ec99b48745b0e3c8aecbc91ed5bba186cf25f	06-Feb-2011	Pablo Neira Ayuso <pablo@netfilter.org>	libxt_cluster: fix inversion in the cluster match In libxt_cluster.c, we use: info->flags |= (1 << XT_CLUSTER_F_INV); but we should use instead: info->flags |= XT_CLUSTER_F_INV; since the definition of XT_CLUSTER_F_INV is: enum xt_cluster_flags { XT_CLUSTER_F_INV = (1 << 0) }; This fixes the inversion in the cluster match. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> ibxt_cluster.c
9ee2a9fe2f74b616da34878104bd1ff406534ad1	03-Feb-2011	Patrick McHardy <kaber@trash.net>	extensions: add extension for devgroup match Signed-off-by: Patrick McHardy <kaber@trash.net> ibxt_devgroup.c
73866357e4a7a0fdc1b293bf8863fee2bd56da9e	18-Dec-2010	Jan Engelhardt <jengelh@medozas.de>	iptables: do not print trailing whitespaces Due to the use of printf("foobar "), iptables emits spaces at the end-of-line, which looks odd to some users because it causes the terminal to wrap even if there is seemingly nothing to print. It may also have other points of annoyance, such as mailers interpreting a trailing space as an indicator that the paragraph continues when format=flowed is also on. And git highlights trailing spaces in red, so let's avoid :) Preexisting inconsistencies in outputting spaces in the right spot are also addressed right away. References: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=429579 Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibip6t_HL.c ibip6t_LOG.c ibip6t_REJECT.c ibip6t_ah.c ibip6t_dst.c ibip6t_frag.c ibip6t_hbh.c ibip6t_hl.c ibip6t_icmp6.c ibip6t_ipv6header.c ibip6t_mh.c ibip6t_rt.c ibipt_CLUSTERIP.c ibipt_DNAT.c ibipt_ECN.c ibipt_LOG.c ibipt_MASQUERADE.c ibipt_NETMAP.c ibipt_REDIRECT.c ibipt_REJECT.c ibipt_SAME.c ibipt_SNAT.c ibipt_TTL.c ibipt_ULOG.c ibipt_addrtype.c ibipt_ah.c ibipt_ecn.c ibipt_icmp.c ibipt_realm.c ibipt_ttl.c ibxt_AUDIT.c ibxt_CHECKSUM.c ibxt_CLASSIFY.c ibxt_CONNMARK.c ibxt_CONNSECMARK.c ibxt_CT.c ibxt_DSCP.c ibxt_IDLETIMER.c ibxt_LED.c ibxt_MARK.c ibxt_NFLOG.c ibxt_NFQUEUE.c ibxt_RATEEST.c ibxt_SECMARK.c ibxt_SET.c ibxt_TCPMSS.c ibxt_TCPOPTSTRIP.c ibxt_TEE.c ibxt_TOS.c ibxt_TPROXY.c ibxt_cluster.c ibxt_comment.c ibxt_connbytes.c ibxt_connlimit.c ibxt_connmark.c ibxt_conntrack.c ibxt_cpu.c ibxt_dccp.c ibxt_dscp.c ibxt_esp.c ibxt_hashlimit.c ibxt_helper.c ibxt_iprange.c ibxt_ipvs.c ibxt_length.c ibxt_limit.c ibxt_mac.c ibxt_mark.c ibxt_multiport.c ibxt_osf.c ibxt_owner.c ibxt_physdev.c ibxt_pkttype.c ibxt_policy.c ibxt_quota.c ibxt_rateest.c ibxt_recent.c ibxt_sctp.c ibxt_set.c ibxt_socket.c ibxt_state.c ibxt_statistic.c ibxt_string.c ibxt_tcp.c ibxt_tcpmss.c ibxt_time.c ibxt_tos.c ibxt_u32.c ibxt_udp.c os_values.c
298d70e8564f03c844435123bf36e84419c2f65a	31-Jan-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_u32: enclose argument in quotes Otherwise ip6tables-save piped to ip6tables-restore can cause a parse error when the expression list is empty. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_u32.c
fbd47262d2417c17f1c57896dea8a0c55fb6c770	25-Jan-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_quota: clarifications on matching Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_quota.man
6f03bf79952753fbc0dc8611aa4d6e70a108dbc7	21-Jan-2011	Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>	Fix listing/saving the new revision of the SET target Instead of the dimension of the set, the max dimension was used at listing/saving the src,dst parameters, which produced broken output. ibxt_SET.c
c8f28cc8b84133f20421470e9a61a5a0c78b9c4a	20-Jan-2011	Patrick McHardy <kaber@trash.net>	extensions: libxt_conntrack: add support for specifying port ranges Add support for revision 3 of the conntrack match, which allows to specify port ranges for origsrc/origdst/replsrc/repldst. Signed-off-by: Patrick McHardy <kaber@trash.net> ibxt_conntrack.c ibxt_conntrack.man
6924b4987d88fbe383bec4da4cf331cc466c245e	20-Jan-2011	Florian Westphal <fw@strlen.de>	extensions: libxt_NFQUEUE: add v2 revision with --queue-bypass option --queue-bypass: if no userpace program is listening on the queue, then allow packets to continue through the ruleset instead of dropping them. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Patrick McHardy <kaber@trash.net> ibxt_NFQUEUE.c ibxt_NFQUEUE.man
773438bd93851dc1a9129a638925c04868820297	20-Jan-2011	Thomas Graf <tgraf@redhat.com>	libxt_AUDIT: add AUDIT target libxt module for the AUDIT target. -j AUDIT --type (accept|reject|drop) Signed-off-by: Thomas Graf <tgraf@redhat.com> Signed-off-by: Patrick McHardy <kaber@trash.net> ibxt_AUDIT.c
5da9e63f66ca190cb90193ebb9eebf5aa523b4d1	19-Jan-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_connlimit: support for dstaddr-supporting revision 1 Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_connlimit.c ibxt_connlimit.man
2cae5334de3a817947742e0b466355e5f5566474	18-Jan-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_connlimit: add a --connlimit-upto option Direct specifications like "upto" are easier to grasp than "not above". This patch adds such an upto variant similar to what libxt_hashlimit already has. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_connlimit.c ibxt_connlimit.man
8d5e773508b154dcfa8d866f68f64ef1ad773957	18-Jan-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_connlimit: reword help text to say prefix length Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_connlimit.c ibxt_connlimit.man
9c60365e043a430f74115bbfaf58ce0df7585f49	18-Jan-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_quota: print negation when it has been selected Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_quota.c
8ad33a34a34ba2bcd360352ad3b7772916832702	09-Jan-2011	Florian Westphal <fwestphal@astaro.com>	libxt_time: fix random --datestart skips Frank Lichtenheld points out that -m time --datestart ... sometimes messes up --datestart: $ iptables -A INPUT -m time --datestart 2010-11-24T16:50:00 -j ACCEPT $ iptables-save | grep 11 -A INPUT -m time --datestart 2010-11-24T16:50:00 -j ACCEPT $ iptables-save | iptables-restore $ iptables-save | grep 11 -A INPUT -m time --datestart 2010-11-24T15:50:00 -j ACCEPT --datestart moved by one hour. As the --timestart option does not care about DST, always set dst=0 when parsing --starttime input. Reported-by: Frank Lichtenheld <flichtenheld@astaro.com> Signed-off-by: Florian Westphal <fwestphal@astaro.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> ibxt_time.c
63ef52ac6bf8d555779456166009bd2f6b0a1081	09-Dec-2010	Stephen Beahm <stephenbeahm@comcast.net>	libipt_REDIRECT: avoid dereference of uninitialized pointer When using --to-ports with a port name instead of a numerical specification, a segfault occurs. References: http://bugzilla.netfilter.org/show_bug.cgi?id=691 Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibipt_REDIRECT.c
e814c8b894e5b8d1570c18aec2c67dfb0c0a59c0	08-Jan-2011	Jan Engelhardt <jengelh@medozas.de>	libipt_CLUSTERIP: const annotations Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibipt_CLUSTERIP.c
da580fe55ebf234febf4a8880f53a80870e9088f	08-Jan-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_sctp: fix a typo Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_sctp.c
d09b6d591ca7d7d7575cb6aa20384c9830f777ab	08-Jan-2011	Jan Engelhardt <jengelh@medozas.de>	extensions: remove no longer necessary default: cases Match and target parse functions now only get option characters they have defined themselves. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibip6t_HL.c ibip6t_LOG.c ibip6t_REJECT.c ibip6t_ah.c ibip6t_dst.c ibip6t_frag.c ibip6t_hbh.c ibip6t_hl.c ibip6t_icmp6.c ibip6t_ipv6header.c ibip6t_mh.c ibip6t_rt.c ibipt_CLUSTERIP.c ibipt_DNAT.c ibipt_ECN.c ibipt_LOG.c ibipt_MASQUERADE.c ibipt_NETMAP.c ibipt_REDIRECT.c ibipt_REJECT.c ibipt_SAME.c ibipt_SNAT.c ibipt_TTL.c ibipt_ULOG.c ibipt_addrtype.c ibipt_ah.c ibipt_ecn.c ibipt_icmp.c ibipt_realm.c ibipt_ttl.c ibxt_CHECKSUM.c ibxt_CLASSIFY.c ibxt_CONNMARK.c ibxt_CONNSECMARK.c ibxt_CT.c ibxt_DSCP.c ibxt_IDLETIMER.c ibxt_MARK.c ibxt_NFLOG.c ibxt_NFQUEUE.c ibxt_RATEEST.c ibxt_SECMARK.c ibxt_SET.c ibxt_TCPMSS.c ibxt_TOS.c ibxt_cluster.c ibxt_comment.c ibxt_connbytes.c ibxt_connlimit.c ibxt_connmark.c ibxt_conntrack.c ibxt_cpu.c ibxt_dccp.c ibxt_dscp.c ibxt_esp.c ibxt_hashlimit.c ibxt_helper.c ibxt_iprange.c ibxt_ipvs.c ibxt_length.c ibxt_limit.c ibxt_mac.c ibxt_mark.c ibxt_multiport.c ibxt_osf.c ibxt_physdev.c ibxt_pkttype.c ibxt_policy.c ibxt_quota.c ibxt_rateest.c ibxt_recent.c ibxt_sctp.c ibxt_set.c ibxt_state.c ibxt_statistic.c ibxt_string.c ibxt_tcp.c ibxt_tcpmss.c ibxt_udp.c
7ac405297ec38449b30e3b05fd6bf2082fd3d803	07-Jan-2011	Jan Engelhardt <jengelh@medozas.de>	src: use C99/POSIX types "u_int" was a non-standardized extension predating C99 on some platforms. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibip6t_LOG.c ibip6t_ah.c ibip6t_dst.c ibip6t_frag.c ibip6t_hbh.c ibip6t_hl.c ibip6t_icmp6.c ibip6t_ipv6header.c ibip6t_mh.c ibip6t_rt.c ibipt_CLUSTERIP.c ibipt_LOG.c ibipt_NETMAP.c ibipt_addrtype.c ibipt_ah.c ibipt_icmp.c ibxt_CONNMARK.c ibxt_DSCP.c ibxt_MARK.c ibxt_TOS.c ibxt_connlimit.c ibxt_connmark.c ibxt_conntrack.c ibxt_dccp.c ibxt_esp.c ibxt_hashlimit.c ibxt_iprange.c ibxt_ipvs.c ibxt_length.c ibxt_limit.c ibxt_mark.c ibxt_multiport.c ibxt_owner.c ibxt_policy.c ibxt_quota.c ibxt_rateest.c ibxt_sctp.c ibxt_tcp.c ibxt_tcpmss.c ibxt_tos.c ibxt_u32.c ibxt_udp.c os_values.c
4a1d810bb52aa5d5c450f7adcde5145d40261b54	26-Dec-2010	Jan Engelhardt <jengelh@medozas.de>	xt_comment: remove redundant cast ibxt_comment.c
3a84b3d5de492e40aff7bae5038b06dd6b6041c4	15-Dec-2010	Patrick McHardy <kaber@trash.net>	Merge branch 'master' of git://dev.medozas.de/iptables
a3f101331deb9314caa0cfa1061c925865e79380	11-Dec-2010	Jan Engelhardt <jengelh@medozas.de>	build: stop on error in subcommand make only evaluates $? of an entire shell invocation. As such, if any command in the chain can fail, $? needs to be thrown, and early so. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> NUmakefile.in
f3578faae096f191a44742777275a23b566d7566	06-Dec-2010	Jan Engelhardt <jengelh@medozas.de>	libxt_owner: output numeric IDs when save is requested References: http://bugzilla.netfilter.org/show_bug.cgi?id=683 Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_owner.c
d4105ad56335058af4b0b1be1278e01f5c0bd4ac	04-Dec-2010	Jan Engelhardt <jengelh@medozas.de>	build: fix globbing of extensions in other locales In the fi_FI locale, [a-z] would not include 'w', for example. Rectify this by using [[:alnum:]] (to counter against different ordering) and forcing the POSIX locale (so that the alphabet has at least the 26 base characters). Signed-off-by: Jan Engelhardt <jengelh@medozas.de> NUmakefile.in
4d2a77ff8cb4115925477cd5ce0ea972494107ab	03-Dec-2010	Jan Engelhardt <jengelh@medozas.de>	socket: add support for revision 1 Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_socket.c ibxt_socket.man
9e152fa9f1283ce4f4274cf251b2b2e69bbdfee6	03-Dec-2010	Jan Engelhardt <jengelh@medozas.de>	TPROXY: add support for revision 1 Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_TPROXY.c
b4af04be14560b3fcc6cf23200148d408014a2f5	03-Dec-2010	Jan Engelhardt <jengelh@medozas.de>	include: update files with headers from Linux 2.6.37-rc1 Also includes the type change to __u{8,16,32} kernel types already. ibxt_SECMARK.c ibxt_time.c
2f09f1b39ced2ae7109382dcf066785bab4a966a	17-Nov-2010	Florian Westphal <fwestphal@astaro.com>	libxt_conntrack: fix --ctdir save/dump output format $ iptables-save | iptables-restore iptables-restore v1.4.6: conntrack: Bad value for "--ctdir" option: "ORIGINAL-j" Signed-off-by: Florian Westphal <fwestphal@astaro.com> Signed-off-by: Patrick McHardy <kaber@trash.net> ibxt_conntrack.c
648fd1ad68ae2ec675ac07efee80783912535404	02-Nov-2010	Jan Engelhardt <jengelh@medozas.de>	libxt_TOS: avoid an undesired overflowing computation The @bits parameter was wrongly labeled and should have been @max already. This makes the - overflowing - 1<<bits redundant of course. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> os_values.c
0428e5a6541c3f5eaaf683d8da9ea60c44eac4c7	03-Aug-2010	Jan Engelhardt <jengelh@medozas.de>	build: fix static linking Gabor Z. Papp noted this link-time error when configuring with --enable-static: extensions/libext4.a(initext4.o): In function "init_extensions": extensions/initext4.c:144: undefined reference to "libxt_IDLETIMER_init" extensions/initext4.c:145: undefined reference to "libxt_TEE_init" Indeed, since the two modules did not use our special macro "_init" (which expands to libxt_foo_init), initext4.c could not find them by that name. Correct this. References: http://marc.info/?l=netfilter&m=128085480927924&w=2 Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_IDLETIMER.c ibxt_TEE.c
422342e47c18e70757231f2210b13df8e1f5931c	02-Aug-2010	Changli Gao <xiaosuo@gmail.com>	libxt_quota: don't ignore the quota value on deletion Don't ignore the quota value on deletion, then we can remove a special rule everytime. Signed-off-by: Changli Gao <xiaosuo@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net> ibxt_quota.c
c6775d6c192f7e337360f238cc3ab224a406d5b8	23-Jul-2010	Jan Engelhardt <jengelh@medozas.de>	doc: consistent use of markup Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_CONNMARK.man ibxt_MARK.man ibxt_TOS.man ibxt_TPROXY.man ibxt_connlimit.man ibxt_connmark.man ibxt_conntrack.man ibxt_hashlimit.man ibxt_iprange.man ibxt_ipvs.man ibxt_recent.man ibxt_set.man ibxt_time.man ibxt_u32.man
32b8e61e4e5bd405d9ad07bf9468498dfbb19f9e	23-Jul-2010	Jan Engelhardt <jengelh@medozas.de>	all: consistent syntax use in struct option Try to inhibit copypasting old stuff. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibip6t_HL.c ibip6t_LOG.c ibip6t_REJECT.c ibip6t_ah.c ibip6t_dst.c ibip6t_frag.c ibip6t_hbh.c ibip6t_hl.c ibip6t_icmp6.c ibip6t_ipv6header.c ibip6t_mh.c ibip6t_rt.c ibipt_CLUSTERIP.c ibipt_DNAT.c ibipt_ECN.c ibipt_LOG.c ibipt_MASQUERADE.c ibipt_NETMAP.c ibipt_REDIRECT.c ibipt_REJECT.c ibipt_SAME.c ibipt_SNAT.c ibipt_TTL.c ibipt_ULOG.c ibipt_addrtype.c ibipt_ah.c ibipt_ecn.c ibipt_icmp.c ibipt_realm.c ibipt_ttl.c ibxt_CHECKSUM.c ibxt_CLASSIFY.c ibxt_CONNMARK.c ibxt_CONNSECMARK.c ibxt_CT.c ibxt_DSCP.c ibxt_IDLETIMER.c ibxt_LED.c ibxt_MARK.c ibxt_NFLOG.c ibxt_NFQUEUE.c ibxt_RATEEST.c ibxt_SECMARK.c ibxt_SET.c ibxt_TCPMSS.c ibxt_TCPOPTSTRIP.c ibxt_TOS.c ibxt_TPROXY.c ibxt_cluster.c ibxt_comment.c ibxt_connbytes.c ibxt_connlimit.c ibxt_connmark.c ibxt_conntrack.c ibxt_cpu.c ibxt_dccp.c ibxt_dscp.c ibxt_esp.c ibxt_hashlimit.c ibxt_helper.c ibxt_iprange.c ibxt_ipvs.c ibxt_length.c ibxt_limit.c ibxt_mac.c ibxt_mark.c ibxt_multiport.c ibxt_osf.c ibxt_owner.c ibxt_physdev.c ibxt_pkttype.c ibxt_policy.c ibxt_quota.c ibxt_rateest.c ibxt_recent.c ibxt_sctp.c ibxt_set.c ibxt_state.c ibxt_statistic.c ibxt_string.c ibxt_tcp.c ibxt_tcpmss.c ibxt_time.c ibxt_tos.c ibxt_u32.c ibxt_udp.c os_values.c
854fe779211ffa051009b68b3f07673938b714c5	23-Jul-2010	Jan Engelhardt <jengelh@medozas.de>	doc: minimal spelling updates to xt_cpu Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_cpu.man
7071387eaa708a82fd572e1a27443c1765c297f9	23-Jul-2010	Jan Engelhardt <jengelh@medozas.de>	doc: remove extra empty line from xt_cpu Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_cpu.man
10ec8150ad83bddc66431810026daf97c60077d3	23-Jul-2010	Jan Engelhardt <jengelh@medozas.de>	doc: let man(1) autoalign the text in xt_cpu Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_cpu.man
2d59208943a3a2a6e0e30b6c84bb8ae80d444cd3	23-Jul-2010	Eric Dumazet <eric.dumazet@gmail.com>	extension: add xt_cpu match Kernel 2.6.36 supports xt_cpu match In some situations a CPU match permits a better spreading of connections, or select targets only for a given cpu. With Remote Packet Steering or multiqueue NIC and appropriate IRQ affinities, we can distribute trafic on available cpus, per session. (all RX packets for a given flow are handled by a given cpu) Some legacy applications being not SMP friendly, one way to scale a server is to run multiple copies of them. Instead of randomly choosing an instance, we can use the cpu number as a key so that softirq handler for a whole instance is running on a single cpu, maximizing cache effects in TCP/UDP stacks. Using NAT for example, a four ways machine might run four copies of server application, using a separate listening port for each instance, but still presenting an unique external port : iptables -t nat -A PREROUTING -p tcp --dport 80 -m cpu --cpu 0 \ -j REDIRECT --to-port 8080 iptables -t nat -A PREROUTING -p tcp --dport 80 -m cpu --cpu 1 \ -j REDIRECT --to-port 8081 iptables -t nat -A PREROUTING -p tcp --dport 80 -m cpu --cpu 2 \ -j REDIRECT --to-port 8082 iptables -t nat -A PREROUTING -p tcp --dport 80 -m cpu --cpu 3 \ -j REDIRECT --to-port 8083 Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net> ibxt_cpu.c ibxt_cpu.man
59ccf53b9414d998afd6169cb2d6ba0f3c249081	23-Jul-2010	Eric Dumazet <eric.dumazet@gmail.com>	extensions: REDIRECT: add random help Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net> ibipt_REDIRECT.c
c36d05e42406966440e3644110d3d2504c4b165c	23-Jul-2010	Hannes Eder <heder@google.com>	libxt_ipvs: user-space lib for netfilter matcher xt_ipvs The user-space library for the netfilter matcher xt_ipvs. [ trivial up-port by Simon Horman <horms@verge.net.au> ] Signed-off-by: Hannes Eder <heder@google.com> Acked-by: Simon Horman <horms@verge.net.au> Signed-off-by: Patrick McHardy <kaber@trash.net> ibxt_ipvs.c ibxt_ipvs.man
b14f160c11196aeb99000611207bd353c7ae2cb9	15-Jul-2010	Patrick McHardy <kaber@trash.net>	Merge branch 'master' into iptables-next
b4fa7222923bc10476b8753f358e871f461eb2db	15-Jul-2010	Luciano Coelho <luciano.coelho@nokia.com>	extensions: libxt_rateest: fix bps options for iptables-save The output generated by the libxt_rateest extension for bps matches was wrong and could not be restored properly. This patch fixes this problem by using the correct options in the right order when saving the table. Signed-off-by: Luciano Coelho <luciano.coelho@nokia.com> Signed-off-by: Patrick McHardy <kaber@trash.net> ibxt_rateest.c
9d1b11102b53103c00b7fddf4658a4d2bdee1338	15-Jul-2010	Michael S. Tsirkin <mst@redhat.com>	extensions: libxt_CHECKSUM extension This adds a `CHECKSUM' target, which can be used in the iptables mangle table. You can use this target to compute and fill in the checksum in a packet that lacks a checksum. This is particularly useful, if you need to work around old applications such as dhcp clients, that do not work well with checksum offloads, but don't want to disable checksum offload in your device. The problem happens in the field with virtualized applications. For reference, see Red Hat bz 605555, as well as http://www.spinics.net/lists/kvm/msg37660.html Typical expected use (helps old dhclient binary running in a VM): iptables -A POSTROUTING -t mangle -p udp --dport bootpc \ -j CHECKSUM --checksum-fill Includes fixes by Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Patrick McHardy <kaber@trash.net> ibxt_CHECKSUM.c ibxt_CHECKSUM.man
67195a8c8a03d12994e91315e49e3d78c51a385a	15-Jul-2010	Luciano Coelho <luciano.coelho@nokia.com>	extensions: libxt_IDLETIMER: use xtables_param_act when checking options This patch changes custom error messages for illegal options into the default iptables messages, by using xtables_param_act(). Signed-off-by: Luciano Coelho <luciano.coelho@nokia.com> Signed-off-by: Patrick McHardy <kaber@trash.net> ibxt_IDLETIMER.c ibxt_IDLETIMER.man
ce06c99ee107102a7168493b55970b53380ebbb6	02-Jul-2010	Jan Engelhardt <jengelh@medozas.de>	xt_quota: also document negation Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net> ibxt_quota.c ibxt_quota.man
e4540fcb86c2d7f4cdf51c49872847a03a11b433	02-Jul-2010	Samuel Ortiz <sameo@linux.intel.com>	extensions: libxt_quota.c: Support option negation The xt_quota_info flags should be set properly for the --quota option negation support. Signed-off-by: Samuel Ortiz <sameo@linux.intel.com> Signed-off-by: Patrick McHardy <kaber@trash.net> ibxt_quota.c
b1c768168ef1f79c4bdd02f6e681e6e1fbb8d533	02-Jul-2010	Luciano Coelho <luciano.coelho@nokia.com>	extensions: libxt_rateest: fix typo in the man page There were a few typos in some options in the rateest match section of the man page: --rateest1-bps should be --rateest-bps1 and so on. Signed-off-by: Luciano Coelho <luciano.coelho@nokia.com> Signed-off-by: Patrick McHardy <kaber@trash.net> ibxt_rateest.man
127647892c7cac85baf8da62ed21232baa60f1c9	28-Jun-2010	Patrick McHardy <kaber@trash.net>	extensions: libipt_LOG/libip6t_LOG: support macdecode option Signed-off-by: Patrick McHardy <kaber@trash.net> ibip6t_LOG.c ibipt_LOG.c
78514bc3a9b1b724c9fc904941c5854644865673	25-Jun-2010	Patrick McHardy <kaber@trash.net>	Merge branch 'master' of vishnu.netfilter.org:/data/git/iptables
e6d0d94139e826f7b5d8446ce174155c04963b07	25-Jun-2010	Patrick McHardy <kaber@trash.net>	Merge branch 'master' of git://dev.medozas.de/iptables
76f7a230e4182ab2b64a68c9d84437035d925f3b	24-Jun-2010	Jan Engelhardt <jengelh@medozas.de>	libxt_conntrack: do print netmask References: http://bugzilla.netfilter.org/show_bug.cgi?id=659 Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_conntrack.c
dd2bbe0b614ad60fb2e267863471836aae424425	24-Jun-2010	Jan Engelhardt <jengelh@medozas.de>	libxt_hashlimit: always print burst value iptables -L lists the burst value, and so should iptables -S. I was certainly surprised to see it gone even when explicitly specifying --hashlimit-burst 5 on the command line. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_hashlimit.c
d40f1628c3717daebc437a398a285e371b5b6f7f	16-Jun-2010	Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>	libxt_set: new revision added libipt_set renamed to libxt_set and the support for the forthcoming ipset release added. I have tested backward (IPv4) and forward compatibility (IPv4/IPv6): ipset -N test iphash ipset -A test test-address iptables -N test-set iptables -A test-set -j LOG --log-prefix "match " iptables -A test-set -j DROP iptables -A OUTPUT -m set --match-set test dst -j test-set ping test-address ibipt_SET.c ibipt_SET.man ibipt_set.c ibipt_set.h ibipt_set.man ibxt_SET.c ibxt_SET.man ibxt_set.c ibxt_set.h ibxt_set.man
d96993e50b44b358ea5bd15f3944674eafd62542	15-Jun-2010	Luciano Coelho <luciano.coelho@nokia.com>	extensions: add idletimer xt target extension Add the extension plugin for the IDLETIMER x_tables target. Signed-off-by: Luciano Coelho <luciano.coelho@nokia.com> Signed-off-by: Patrick McHardy <kaber@trash.net> ibxt_IDLETIMER.c ibxt_IDLETIMER.man
4a498502c10e690798aa78eb92e3aed7ce79f4e0	08-Jun-2010	Shan Wei <shanwei@cn.fujitsu.com>	xt_sctp: support FORWARD_TSN chunk type The latest kernel has implemented Partial Reliability Extension that defined in RFC3758. This patch adds FORWARD_TSN chunk for tracing. Signed-off-by: Shan Wei<shanwei@cn.fujitsu.com> Signed-off-by: Patrick McHardy <kaber@trash.net> ibxt_sctp.c ibxt_sctp.man
b9f458f87453a62cea7aeb0441e7a2ac05689f91	08-Jun-2010	Shan Wei <shanwei@cn.fujitsu.com>	xt_sctp: Trace DATA chunk that supports SACK-IMMEDIATELY extension SACK-IMMEDIATELY extension has defined in: http://tools.ietf.org/html/draft-tuexen-tsvwg-sctp-sack-immediately-03. And the latest kernel has added a I flag in DATA chunk to support this extension. So let iptables/netfilter can trace it. Signed-off-by: Shan Wei<shanwei@cn.fujitsu.com> Signed-off-by: Patrick McHardy <kaber@trash.net> ibxt_sctp.c ibxt_sctp.man
fdc19bea817086425c1ad2ad6a2b732eb610fb76	04-Jun-2010	Jan Engelhardt <jengelh@medozas.de>	doc: xt_LED: nroff formatting requirements Verbatim dashes need to be backslash-prefixed. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_LED.man
7cd3c2edb1dba13867b80dd29b02d6c945fcd03f	04-Apr-2010	Adam Nielsen <a.nielsen@shikadi.net>	extensions: add the LED target For the xt_LED target introduced in Linux 2.6.31. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_LED.c ibxt_LED.man
c5424b94a548cd549b2be1396ce35f82f2df18bf	04-Jun-2010	Jan Engelhardt <jengelh@medozas.de>	doc: xt_hashlimit: fix a typo References: http://bugzilla.netfilter.org/show_bug.cgi?id=646 Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_hashlimit.man
2b253f4b2c321066b4301a5a8d47b37fc69e6f80	04-Jun-2010	Jan Engelhardt <jengelh@medozas.de>	doc: xt_string: correct copy-and-pasting in manpage References: http://bugzilla.netfilter.org/show_bug.cgi?id=653 Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_string.man
8532c70fd182057b440b41f013d8021a95bd72b2	21-May-2010	Patrick McHardy <kaber@trash.net>	Revert "Revert "Merge branch 'iptables-next'"" This reverts commit 110c1e4502e21ea38e0980e6f8af857d24330099. Revert the revert to restore the TEE target. ibxt_TEE.c ibxt_TEE.man
110c1e4502e21ea38e0980e6f8af857d24330099	21-May-2010	Patrick McHardy <kaber@trash.net>	Revert "Merge branch 'iptables-next'" This reverts commit 65414babaebcd403e9bf2c27d9d74adb369bf3aa, reversing changes made to 7278461dfad72e2008585dd0bac0e889e5bba99e. Forgot to commit the version increase. ibxt_TEE.c ibxt_TEE.man
65414babaebcd403e9bf2c27d9d74adb369bf3aa	20-May-2010	Patrick McHardy <kaber@trash.net>	Merge branch 'iptables-next'
7278461dfad72e2008585dd0bac0e889e5bba99e	20-May-2010	Dmitry V. Levin <ldv@altlinux.org>	extensions: MASQUERADE: fix --to-ports parser Rewrite port range validator to use xtables_strtoui() and xtables_param_act(). Original check failed to recognize such port range errors as "1a-2" and "1-2a". Also, original parser erroneously denied using port 0, which is now allowed. Signed-off-by: Dmitry V. Levin <ldv@altlinux.org> Signed-off-by: Patrick McHardy <kaber@trash.net> ibipt_MASQUERADE.c
84d758b3bc3121a5603261699c474f64672ef9f6	14-May-2010	Dmitry V. Levin <ldv@altlinux.org>	extensions: REDIRECT: fix --to-ports parser Rewrite port range validator to use xtables_strtoui() and xtables_param_act(). Original check failed to recognize several types of port range errors, including: "-1", "-1a", "-1-a", "a-1", "1a-2", "1-2a", etc. Also, original parser erroneously denied using port 0, which is now allowed. Signed-off-by: Dmitry V. Levin <ldv@altlinux.org> Signed-off-by: Patrick McHardy <kaber@trash.net> ibipt_REDIRECT.c
d990c6d9a0bcb5e5469db35d392d587bf5753a51	13-May-2010	Patrick McHardy <kaber@trash.net>	Merge branch 'master' of git://dev.medozas.de/iptables into iptables-next
afbac0d462328d798f8612d3e793506c0a135a17	10-May-2010	Simon Lodal <simonl@parknet.dk>	libxt_conntrack: document --ctstate UNTRACKED Signed-off-by: Simon Lodal <simonl@parknet.dk> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> ibxt_conntrack.man ibxt_state.man
bed2ba957d545b50c3eae6fb28fc0decadbc0dcb	09-May-2010	Pablo Neira Ayuso <pablo@netfilter.org>	CT: fix --ctevents parsing This patch fixes the following problem: # iptables -t raw -I PREROUTING -t raw -j CT --ctevents assured iptables v1.4.7: Unknown event type "assured" Try `iptables -h' or 'iptables --help' for more information. However, `assured' is one of the supported arguments for --ctevents. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> ibxt_CT.c
ada4ff6155a02b0aed8400e46f34e72c91e36277	21-Apr-2010	Vincent Bernat <bernat@luffy.cx>	iprange: fix xt_iprange v0 parsing iprange_parse() was incomplete and did not include parsed ranges into ipt_iprange_info structure resulting in always adding range 0.0.0.0-0.0.0.0 in the kernel. Moreover, when using --dst-range, error messages may display --src-range instead. Fix this too. Signed-off-by: Vincent Bernat <bernat@luffy.cx> Signed-off-by: Patrick McHardy <kaber@trash.net> ibxt_iprange.c
9f27e6b6f8638bde93e9901e999287ad5118f17c	20-Apr-2010	Patrick McHardy <kaber@trash.net>	libxt_CT: print conntrack zone in ->print/->save Signed-off-by: Patrick McHardy <kaber@trash.net> ibxt_CT.c
c303bb0594fae1c4fd1097b2ce0814c5ffd0edc7	19-Apr-2010	Jan Engelhardt <jengelh@medozas.de>	extensions: add support for xt_TEE xt_TEE is firstly included in Linux 2.6.35. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_TEE.c ibxt_TEE.man
db6d027bb9626129617ea3a3f2fe4b87ab307bf6	27-Mar-2010	Jan Engelhardt <jengelh@medozas.de>	libxt_osf: import nfnl_osf program xt_osf is pretty useless without the actual fingerprint loader. Import nfnl_osf-2009-06-07 and make it a part of the iptables distribution. Cc: Evgeniy Polyakov <johnpol@2ka.mxt.ru> Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_osf.man
23e718b525f96b95510f50d20161c2bd92824ff1	27-Mar-2010	Jan Engelhardt <jengelh@medozas.de>	doc: add manpage for libxt_osf Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_osf.c ibxt_osf.man
204a253e63f8e0d270d51796a7db057135c3c609	17-Mar-2010	Jan Engelhardt <jengelh@medozas.de>	libxt_recent: add a missing space in output Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_recent.c
937998088f9cf8518f8af57ff2d0b5500e247eb3	17-Mar-2010	Jan Engelhardt <jengelh@medozas.de>	doc: remove claim that TCPMSS is limited to mangle There was no real restriction, and in fact, the kernel module never had such a limitation in the last years. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_TCPMSS.man
c9be7f153f7bf112640057a0cb6108b686041029	16-Mar-2010	Jan Engelhardt <jengelh@medozas.de>	doc: libxt_MARK: no longer restricted to mangle table MARK used to be limited to the mangle table, but there was no real restriction. References: http://marc.info/?l=netfilter-devel&m=126806510332668&w=2 Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_MARK.man
89b6c32f88be47e83c3f6e7f8fee812088cb8c22	11-Mar-2010	Jan Engelhardt <jengelh@medozas.de>	libxt_CT: add a manpage Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_CT.c ibxt_CT.man
3324ac52c80a6213b4bafa007f7b566a2f7ba071	11-Mar-2010	Jan Engelhardt <jengelh@medozas.de>	libxt_comment: avoid use of IPv4-specific examples Since libxt_comment.man is included in both iptables.8 and ip6tables.8, we should probably try to create examples that do not rely on either address family. References: http://bugs.debian.org/572628 Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_comment.man
9fdbaa71452edaac9d5906716c15937f670341fa	08-Mar-2010	Patrick McHardy <kaber@trash.net>	extensions: add CT extension Signed-off-by: Patrick McHardy <kaber@trash.net> ibxt_CT.c
350661a6eb089f3e54e67e022db9e16ea280499f	31-Jan-2010	Jan Engelhardt <jengelh@medozas.de>	includes: header updates Update the shipped Linux kernel headers from 2.6.33-rc6, as iptables's ipt_ECN.h for example references ipt_DSCP.h, which no longer exists. Since a number of old code pieces have been removed in the kernel in that fashion, the structs for older versions are moved into the .c file, to keep header updating simple. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_CONNMARK.c ibxt_MARK.c ibxt_TOS.c ibxt_connmark.c ibxt_conntrack.c ibxt_iprange.c ibxt_mark.c ibxt_owner.c ibxt_tos.c os_values.c
028ad9ec6d5c27c107c9a7a316617cbe366abb0f	31-Jan-2010	Jan Engelhardt <jengelh@medozas.de>	policy: fix error message showing wrong option ibxt_policy.c
cd46b143c32f2cf76ada7a9503243ba9e45bb163	19-Jan-2010	Jan Engelhardt <jengelh@medozas.de>	doc: mention requirement of additional packages for ipset References: https://bugzilla.novell.com/561177 Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibipt_SET.man ibipt_set.man
2d8f775cc03638d53053b3a448ca505646441542	19-Jan-2010	Jan Engelhardt <jengelh@medozas.de>	doc: fix limit manpage to reflect actual supported syntax References: https://bugzilla.novell.com/561179 Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_limit.man
27c8d2a55a40c4a6232a76924f524ca7368e4b36	19-Jan-2010	Jan Engelhardt <jengelh@medozas.de>	doc: fix recent manpage to reflect actual supported syntax References: https://bugzilla.novell.com/561180 Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_recent.man
6ce22ff936611347f1154c8546c93f4781be199d	19-Jan-2010	Jan Engelhardt <jengelh@medozas.de>	recent: reorder cases in code (cosmetic cleanup) Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_recent.c
b1f40e1d31b900f90fd5641a483788ed9cb91c64	24-Nov-2009	Patrick McHardy <kaber@trash.net>	Merge branch 'master' of git://dev.medozas.de/iptables
f294f843473718f8d32745600b9a97c0b799e7c5	20-Nov-2009	Patrick McHardy <kaber@trash.net>	conntrack: fix --expires parsing Using ranges in --ctexpire results in a parsing error: conntrack: Bad value for "--expires" option: "1:1000" The first value is parsed twice, after which the end pointer doesn't point to the expected '\0' but to the colon. Signed-off-by: Patrick McHardy <kaber@trash.net> ibxt_conntrack.c
7573631fa9f6f15b28a13cc5d22f2a446f69fd64	17-Nov-2009	Jan Engelhardt <jengelh@medozas.de>	doc: explain experienced --hitcount limit Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_recent.man
588b615bc78ddef3752f356d1e243129c4dbba96	12-Nov-2009	Patrick McHardy <kaber@trash.net>	extensions: add osf extension From Evgeniy Polyakov <zbr@ioremap.net> Signed-off-by: Patrick McHardy <kaber@trash.net> ibxt_osf.c
596c69007acb569843391e4c98dc21d6f2336e7b	06-Nov-2009	Patrick McHardy <kaber@trash.net>	DNAT: fix incorrect check during parsing Specifying --random before --to-dest results in: Multiple --to-destination not supported Fix the flags check to only test the IPT_DNAT_OPT_DEST bit. Signed-off-by: Patrick McHardy <kaber@trash.net> ibipt_DNAT.c
5fdf032a02b671bc1a18cec0e803c17c64175ab1	04-Nov-2009	Jan Engelhardt <jengelh@medozas.de>	CONNMARK: print mark rules with mask 0xffffffff as set instead of xset Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_CONNMARK.c
3d915e1ac610bce44250b4aea556f4726387388d	04-Nov-2009	Patrick McHardy <kaber@trash.net>	MARK: print mark rules with mask 0xffffffff as --set-mark instead of --set-xmark Signed-off-by: Patrick McHardy <kaber@trash.net> ibxt_MARK.c
bbe83862a5e1baf15f7c923352d4afdf59bc70e2	24-Oct-2009	Jan Engelhardt <jengelh@medozas.de>	iptables/extensions: make bundled options work again When using a bundled option like "-ptcp", 'argv[optind-1]' would logically point to "-ptcp", but this is obviously not right. 'optarg' is needed instead, which if properly offset to "tcp". Not all places change optind-based access to optarg; where look-ahead is needed, such as for tcp's --tcp-flags option for example, optind is ok. References: http://bugzilla.netfilter.org/show_bug.cgi?id=611 Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibip6t_ah.c ibip6t_dst.c ibip6t_frag.c ibip6t_hbh.c ibip6t_hl.c ibip6t_icmp6.c ibip6t_ipv6header.c ibip6t_mh.c ibip6t_rt.c ibipt_SET.c ibipt_addrtype.c ibipt_ah.c ibipt_icmp.c ibipt_realm.c ibipt_set.c ibxt_comment.c ibxt_connbytes.c ibxt_connlimit.c ibxt_conntrack.c ibxt_dccp.c ibxt_dscp.c ibxt_esp.c ibxt_hashlimit.c ibxt_length.c ibxt_limit.c ibxt_mac.c ibxt_multiport.c ibxt_physdev.c ibxt_pkttype.c ibxt_rateest.c ibxt_sctp.c ibxt_state.c ibxt_string.c ibxt_tcp.c ibxt_tcpmss.c ibxt_u32.c ibxt_udp.c
bf97128c7262f17a02fec41cdae75b472ba77f88	03-Nov-2009	Jan Engelhardt <jengelh@medozas.de>	libxtables: hand argv to xtables_check_inverse In going to fix NF bug #611, "argv" is needed in xtables_check_inverse to set "optarg" to the right spot in case of an intrapositional negation. References: http://bugzilla.netfilter.org/show_bug.cgi?id=611 Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibip6t_HL.c ibip6t_LOG.c ibip6t_REJECT.c ibip6t_ah.c ibip6t_dst.c ibip6t_frag.c ibip6t_hbh.c ibip6t_hl.c ibip6t_icmp6.c ibip6t_ipv6header.c ibip6t_mh.c ibip6t_rt.c ibipt_DNAT.c ibipt_LOG.c ibipt_MASQUERADE.c ibipt_NETMAP.c ibipt_REDIRECT.c ibipt_REJECT.c ibipt_SAME.c ibipt_SET.c ibipt_SNAT.c ibipt_TTL.c ibipt_ULOG.c ibipt_addrtype.c ibipt_ah.c ibipt_ecn.c ibipt_icmp.c ibipt_realm.c ibipt_set.c ibipt_ttl.c ibxt_NFLOG.c ibxt_cluster.c ibxt_comment.c ibxt_connbytes.c ibxt_connlimit.c ibxt_connmark.c ibxt_conntrack.c ibxt_dccp.c ibxt_dscp.c ibxt_esp.c ibxt_hashlimit.c ibxt_helper.c ibxt_iprange.c ibxt_length.c ibxt_limit.c ibxt_mac.c ibxt_mark.c ibxt_multiport.c ibxt_physdev.c ibxt_pkttype.c ibxt_policy.c ibxt_quota.c ibxt_rateest.c ibxt_recent.c ibxt_sctp.c ibxt_state.c ibxt_string.c ibxt_tcp.c ibxt_tcpmss.c ibxt_udp.c
7fa7329fc972513021131416dbd9d535141bd2ea	18-Sep-2009	Jan Engelhardt <jengelh@medozas.de>	iprange: roll address parsing into a loop ibxt_iprange.c
648a7bafa7acc33d986f113275a20199a6ad2aaa	18-Sep-2009	Jan Engelhardt <jengelh@medozas.de>	iprange: warn on reverse range ibxt_iprange.c
a10a12afee2083d240a304ceac7f3d9902a6f60a	18-Sep-2009	Jan Engelhardt <jengelh@medozas.de>	iprange: do accept non-ranges for xt_iprange v1 [fill in details] ibxt_iprange.c
4a0fbe37a9879ade6a6bf99ab105316284eb4102	24-Oct-2009	Jan Engelhardt <jengelh@medozas.de>	realm: remove static initializations Save a little disk space, they are initialized to zero anyway. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibipt_realm.c
22bdd6966f2c3ccded984a37ba0b97470bcf9323	16-Oct-2009	Tim Small <tim@buttersideup.com>	doc: update TCPMSS manpage with Linux 2.6.25 changes References: http://bugs.debian.org/551272 [j.eng: modified --set-mss option description to be understandable] Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_TCPMSS.man
7b041d47428cdbc3da522d8194c2568ef5db0e5d	21-Oct-2009	sobtwmxt <sobtwmxt@sdf.lonestar.org>	doc: fix typo in length manpage References: http://bugs.debian.org/551867 Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_length.man
bc57906530df924324efef494a4fcff65d25e4ce	05-Oct-2009	Jan Engelhardt <jengelh@medozas.de>	doc: mention maximum mark size in manpages ibxt_CONNMARK.man ibxt_MARK.man ibxt_SECMARK.man
cdff3088dbab62bba0ab1d4311263a032e4bde14	24-Aug-2009	Patrick McHardy <kaber@trash.net>	man: fix incorrect plural in libipt_set.man Signed-off-by: Patrick McHardy <kaber@trash.net> ibipt_set.man
352ccfb847dfd290a7b761cd87445a48e551acb5	20-Aug-2009	Jan Engelhardt <jengelh@medozas.de>	manpages: more fixes to minuses, hyphens, dashes Debian still carries patches patches to the iptables nroff code touching ASCII minuses, so I thought, what's it this time. Eventually, this patch tries to straighten things once more, per http://en.wikipedia.org/wiki/Wikipedia:Manual_of_Style#Hyphens and http://en.wikipedia.org/wiki/Wikipedia:Manual_of_Style#Dashes . Titles will get the em dash; all typed commands or parameters with a hyphen get a minus (so that man(1) hyperlinking and copy-pasting does work), but other mentions get the hyphen. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net> ibxt_NFLOG.man ibxt_connbytes.man
cfb048f5b5778a57144b00866cd0734e9617a4ea	20-Aug-2009	Laurence J. Lane <ljlane@debian.org>	manpage: fix lintian warnings Description: extraneous slash caused this lintian warning: W: iptables: manpage-has-errors-from-man usr/share/man/man8/iptables.8.gz 220: cannot use newline as a starting delimiter W: iptables: manpage-has-errors-from-man usr/share/man/man8/ip6tables.8.gz 1823: warning: `precedence'' not defined Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net> ibxt_TOS.man
4a682aa233ea02b342a9cc827d25e4c6c11dd349	20-Aug-2009	Trent W. Buck <trentbuck@gmail.com>	ipt_set: fix a typo in the manpage References: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=539101 Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net> ibipt_set.man
4282d89a798adcf50973a22c5a17563b5e9421cb	20-Aug-2009	Florian Westphal <fwestphal@astaro.com>	libxt_NFQUEUE: add new v1 version with queue-balance option New version that adds support for specifying a queue range instead of a single queue id. The kernel will distribute flows across the given queue range. This is useful for multicore systems, simply start multiple instances of the userspace program on queues x, x+1, .. x+n and use "--queue-balance x:x+n". Packets belonging to the same connection are put into the same queue. With fixes from Jan Engelhardt. Signed-off-by: Florian Westphal <fwestphal@astaro.com> Signed-off-by: Patrick McHardy <kaber@trash.net> ibxt_NFQUEUE.c ibxt_NFQUEUE.man
8e4dacaed17701cb1891b962bb856e0e8cfbb5c8	05-Aug-2009	Jan Engelhardt <jengelh@medozas.de>	Merge branch 'stable' Conflicts: extensions/libxt_conntrack.c Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
b79ec69027fd8b65e7eccd78a445b6665e8ad53b	23-Jul-2009	Jan Engelhardt <jengelh@medozas.de>	build: combine iptables-multi and iptables-static Changed the Makefile so that: 1. --enable-shared / --disable-shared control the linkage against libdl (and thus the potential to use 3rd party extensions) 2. --enable-static / --disable-static controls whether shipped extensions are built-in or provided as modules iptables-static becomes redundant by this action; iptables-multi now has the feature. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> NUmakefile.in
f2a77520693f0a6dd1df1f87be4b81913961c1f5	25-Jun-2009	Jan Engelhardt <jengelh@medozas.de>	extensions: collapse data variables to use multi-reg calls Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibipt_addrtype.c ibxt_CONNMARK.c ibxt_MARK.c ibxt_TOS.c ibxt_connlimit.c ibxt_connmark.c ibxt_conntrack.c ibxt_hashlimit.c ibxt_iprange.c ibxt_mark.c ibxt_multiport.c ibxt_owner.c ibxt_policy.c ibxt_string.c ibxt_tos.c
7d68df47fad305673958351a4e2a5c6e75927caa	12-Jun-2009	Jan Engelhardt <jengelh@medozas.de>	extensions: remove empty help and parse functions Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibip6t_eui64.c ibipt_MIRROR.c ibipt_unclean.c ibxt_NOTRACK.c ibxt_TRACE.c ibxt_socket.c ibxt_standard.c
c5e85736c207f211d82d2878a5781f512327dfce	12-Jun-2009	Jan Engelhardt <jengelh@medozas.de>	extensions: collapse registration structures There are no different code paths between IPV4 and IPV6, so data can be consolidated here. text data bss dec hex filename 243757 12212 2576 258545 3f1f1 ip6tables-static[before.i586] 243613 9428 2576 255617 3e681 ip6tables-static[after.i586] -144 -2784 Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_CONNMARK.c ibxt_CONNSECMARK.c ibxt_DSCP.c ibxt_MARK.c ibxt_NFLOG.c ibxt_NFQUEUE.c ibxt_NOTRACK.c ibxt_TCPOPTSTRIP.c ibxt_TOS.c ibxt_comment.c ibxt_connbytes.c ibxt_connmark.c ibxt_dccp.c ibxt_dscp.c ibxt_esp.c ibxt_hashlimit.c ibxt_helper.c ibxt_mac.c ibxt_owner.c ibxt_physdev.c ibxt_recent.c ibxt_sctp.c ibxt_state.c ibxt_tcp.c ibxt_tcpmss.c ibxt_tos.c ibxt_udp.c
efebafa0021f36f4547b7fcc47620274f333e001	25-Jun-2009	Jan Engelhardt <jengelh@medozas.de>	libxt_helper: fix invalid passed option to check_inverse Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_helper.c
b97b42147ea65d7d24d70a2ffe925dbf091f26bc	25-Jun-2009	Jan Engelhardt <jengelh@medozas.de>	xt_conntrack: revision 2 for enlarged state_mask member This complements the xt_conntrack revision 2 code added to the kenrel. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_conntrack.c
4ada8440f43e8335c96706b749f606b527c8a038	11-Jun-2009	Patrick McHardy <kaber@trash.net>	Merge branch 'stable' of git://dev.medozas.de/iptables
2d280014e281b520280b1a11662aea0da2ffc59c	11-Jun-2009	Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>	Updated set/SET match and target to support multiple ipset protocols. By checking the protocol version of the kernel part, the sockopt type of ipset protocols are all supported. Forward compatibility with the netlink based protocol is missing. The --set option of the set match is replaced by --match-set to avoid clashing with the recent match, but the old option is also kept. Manpages are updated, references to bindings removed. ibipt_SET.c ibipt_SET.man ibipt_set.c ibipt_set.h ibipt_set.man
18c475d7040abc6d3094ee0348904deafe997508	10-Jun-2009	Jan Engelhardt <jengelh@medozas.de>	manpages: markup corrections The manpage of xt_cluster and xt_recent had some unclosed tags. Backslashes in commands are also not wanted because manpages are a freeform, automatically-wrapped text. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_TCPMSS.man ibxt_TPROXY.man ibxt_cluster.man ibxt_connlimit.man ibxt_recent.man
a3726818e07d47136010f09762637a3e597329e3	07-Jun-2009	kd6lvw <kd6lvw@yahoo.com>	libxt_connlimit: initialize v6_mask When converting "--connlimit-mask $bits" to a 128-bit v6 mask, the code uses a left shift on v6_mask[n]. This requires v6_mask to be filled with all one-bits beforehand, but this initialization was not done. References: http://bugzilla.netfilter.org/show_bug.cgi?id=597 Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_connlimit.c
ae737f0070c9aaccb722ba342b12043fb124d9e2	06-Jun-2009	Ian Bruce <ian_bruce@fastmail.net>	libxt_tcp: manpage corrections and suggestions From: Ian Bruce <ian_bruce@fastmail.net> The commit corrects some minor errors in the iptables(8) man page, related to port ranges in the "tcp" module. Reference: http://bugs.debian.org/531677 Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_tcp.man
156f58692bbe9e509b32670f93582bead785c926	21-May-2009	Frank Tobin <ftobin+netfilter@neverending.org>	libxt_tcp: fix a manpage syntax typo Reference: http://bugzilla.netfilter.org/show_bug.cgi?id=596 Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_tcp.man
ecd48dd6ba534deea7fd4d0ce20c7b5c00f4128f	08-Jun-2009	Jan Engelhardt <jengelh@medozas.de>	extensions: remove redundant casts Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net> ibipt_realm.c ibxt_multiport.c
6d7d91e86729e3b2bcca6821409e8d78e83430e7	08-Jun-2009	Jan Engelhardt <jengelh@medozas.de>	DNAT/SNAT: add manpage documentation for --persistent flag Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net> ibipt_DNAT.man ibipt_SAME.man ibipt_SNAT.man
42979363f3958b4436c6d2503753c182c58e55ea	01-Jun-2009	Jan Engelhardt <jengelh@medozas.de>	extensions: use NFPROTO_UNSPEC for .family field This constant would be the designated one for the .family field; it also, given recent changes, makes grep for NFPROTO_UNSPEC work to finally recollect all manpages. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_CLASSIFY.c ibxt_MARK.c ibxt_RATEEST.c ibxt_SECMARK.c ibxt_TRACE.c ibxt_cluster.c ibxt_length.c ibxt_limit.c ibxt_mark.c ibxt_pkttype.c ibxt_quota.c ibxt_rateest.c ibxt_standard.c ibxt_statistic.c ibxt_string.c ibxt_time.c ibxt_u32.c
cdcfd887b0dcb3c5cff3c2ae49fc34d0cbac5c44	01-Jun-2009	Jan Engelhardt <jengelh@medozas.de>	build: fix manpage collection Florian Westphal points out that v1.4.3.2-9-gc304d77 greps for the keyword in the wrong file, and that files with NFPROTO_UNSPEC are skipped. This patch corrects that part, and makes `make` now output the manpages it collected. Reported-by: Florian Westphal <fw@strlen.de> Signed-off-by: Jan Engelhardt <jengelh@medozas.de> NUmakefile.in
67cf1a928952f1d1ca32f529d78036cebc1b8800	01-Jun-2009	Jan Engelhardt <jengelh@medozas.de>	policy: merge ipv6 and ipv4 variant The files duplicate most of their code, and struct ipt_policy_info being defined to xt_policy_info makes them actually have even more in common. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibip6t_policy.c ibipt_policy.c ibxt_policy.c
cd30054544021bad206efb6b98df640528e1cba1	31-May-2009	Jan Engelhardt <jengelh@medozas.de>	policy: use direct xt_policy_info instead of ipt/ip6t Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibip6t_policy.c ibipt_policy.c
9d08310f7611b044ad40f4b1c240d9012fbe050f	31-May-2009	Jan Engelhardt <jengelh@medozas.de>	libip6t_policy: remove redundant functions Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibip6t_policy.c
c304d776e9bf546829c90d0cbaeae6a3a79ef9db	26-May-2009	Jan Engelhardt <jengelh@medozas.de>	manpages: do not include v4-only modules in ip6tables manpage References: http://bugs.debian.org/529954 Signed-off-by: Jan Engelhardt <jengelh@medozas.de> NUmakefile.in
74670b185f8f92c499e1a67139405524da32fc66	13-May-2009	Jan Engelhardt <jengelh@medozas.de>	addrtype: fix one manpage type References: http://bugs.debian.org/528457 Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibipt_addrtype.man
2c69b55e55f2efc5a334b87ccdceaa9de0ecb658	30-Apr-2009	Jan Engelhardt <jengelh@medozas.de>	iptables: replace open-coded sizeof by ARRAY_SIZE Signed-off-by: Jan Engelhardt <jengelh@medozas.de> scp_helper.c ibip6t_LOG.c ibip6t_REJECT.c ibip6t_icmp6.c ibip6t_ipv6header.c ibip6t_mh.c ibipt_LOG.c ibipt_REJECT.c ibipt_icmp.c ibxt_dccp.c ibxt_hashlimit.c ibxt_limit.c ibxt_pkttype.c ibxt_sctp.c ibxt_tcp.c
69f564e3890976461de0016cd81171ff8bfa8353	26-May-2009	Jan Engelhardt <jengelh@medozas.de>	extensions: add const qualifiers in print/save functions Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibip6t_hl.c ibipt_DNAT.c ibipt_MASQUERADE.c ibipt_NETMAP.c ibipt_REDIRECT.c ibipt_SAME.c ibipt_SET.c ibipt_SNAT.c ibipt_realm.c ibipt_set.c ibxt_CONNSECMARK.c ibxt_RATEEST.c ibxt_SECMARK.c ibxt_comment.c ibxt_connbytes.c ibxt_connmark.c ibxt_conntrack.c ibxt_hashlimit.c ibxt_helper.c ibxt_limit.c ibxt_mark.c ibxt_physdev.c ibxt_pkttype.c ibxt_quota.c ibxt_rateest.c ibxt_state.c ibxt_statistic.c ibxt_time.c
cd958a6c92c84095a439780b53832bb3aae2d512	06-May-2009	Pablo Neira Ayuso <pablo@netfilter.org>	extensions: add `cluster' match support This patch adds support for the cluster match to iptables. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> ibxt_cluster.c ibxt_cluster.man
467fa9fe70f08342a50b859ddd431c848a956679	17-Apr-2009	Patrick McHardy <kaber@trash.net>	SNAT/DNAT: add support for persistent multi-range NAT mappings Add support for persistent mappings (2.6.29-rc2+) as replacement for the removed SAME target. Signed-off-by: Patrick McHardy <kaber@trash.net> ibipt_DNAT.c ibipt_SNAT.c
093d5fc9d1826b8f0ccfbb3160c98a3c844d0273	05-Apr-2009	Jan Engelhardt <jengelh@medozas.de>	libxt_conntrack: properly output negation symbol Because the wrong flag was checked, the "!" was either wrongly printed, or not printed at all. This was broken since v1.4.0-29-ga8ad34c. Reported-by: Steven Jan Springl <steven@springl.ukfsn.org> Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_conntrack.c
c9ccba543b52cb443f110670420967ac6a41c302	04-Apr-2009	Jan Engelhardt <jengelh@medozas.de>	CLASSIFY: document non-standard interpretation behavior Most other extensions use strtoul (by means of xtables_strtoui) and would abide by the standard convention of hex/octal prefixes 0x/0, and decimal otherwise, but CLASSIFY is an exception. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_CLASSIFY.c ibxt_CLASSIFY.man
a094eb0f2a57592b6f3cf42fdbb9d49fead2d57c	03-Apr-2009	Jan Engelhardt <jengelh@medozas.de>	build: add configure option to disable ipv4 iptables This patch complements the previous one. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> NUmakefile.in
8e58613df53f5f83e8ab92dec61d8065c68d967d	03-Apr-2009	Jan Engelhardt <jengelh@medozas.de>	build: add configure option to disable ip6tables This also skips building the IPv6 extensions. It does not #ifdef out all code however, I think that would make it too ugly. Inspired-by: http://bugzilla.netfilter.org/show_bug.cgi?id=560 Signed-off-by: Jan Engelhardt <jengelh@medozas.de> NUmakefile.in
ed7925b77010dd17531ea0424b49d2b72af4add9	24-Mar-2009	Jan Engelhardt <jengelh@medozas.de>	libxt_tcpmss: fix an inversion while parsing --mss Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_tcpmss.c
bf02bd290c03fd47b256258e06157f4d9d76e46d	24-Mar-2009	Jan Engelhardt <jengelh@medozas.de>	libxt_hashlimit: add missing space for iptables-save output Reference: http://bugzilla.netfilter.org/show_bug.cgi?id=568 Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_hashlimit.c
421157976351606bee0d2a33acee89178521f78a	19-Mar-2009	Jan Engelhardt <jengelh@medozas.de>	libxt_comment: output quotes must be escaped in Reference: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=519584 Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_comment.c
71bc61f926ca2d8ec57d9fbd698c2af32c9a9f64	17-Mar-2009	Jan Engelhardt <jengelh@medozas.de>	libxt_connbytes: document nf_ct_acct behavior Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_connbytes.man
a73a34ad9c9bb30dafbd7b5ca15b902e83c50ee2	17-Mar-2009	Jan Engelhardt <jengelh@medozas.de>	libxt_connbytes: minor manpage adustments Use explicit paragraph separator and conntrack(8). Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_connbytes.man
38725a4411b0e0f34a3077e37b0be860352085a8	15-Mar-2009	Jan Engelhardt <jengelh@medozas.de>	Merge commit 'nf/master'
409f2a8e3b2706c8c6c5e345a4bc77fca8ad7105	02-Mar-2009	Pablo Neira Ayuso <pablo@netfilter.org>	string: fix wrong pattern length calculation This fixes a problem introduced in 37b4bde745698bf140d74e59a2561f34deeb8726 that leads to the wrong calculation of the pattern length in the string match. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> ibxt_string.c
4e41854423b529d3107c23b85434d50a75d08057	21-Feb-2009	Jan Engelhardt <jengelh@medozas.de>	extensions: add missing limits.h include Thanks to Stephen Hemminger for noticing. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibip6t_icmp6.c ibipt_DNAT.c ibipt_MASQUERADE.c ibipt_REDIRECT.c ibipt_SNAT.c ibipt_icmp.c ibxt_multiport.c
978e27e8f8c2e49d0528c6c4ae3a56627fbe8492	21-Feb-2009	Jan Engelhardt <jengelh@medozas.de>	include: resynchronize headers with 2.6.29-rc5 Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibipt_DNAT.c ibipt_MASQUERADE.c ibipt_NETMAP.c ibipt_REDIRECT.c ibipt_SAME.c ibipt_SNAT.c
da68957303dea58632466d79d52f83bcbbca8925	21-Feb-2009	Jan Engelhardt <jengelh@medozas.de>	libxt_policy: use bounded strtoui reqid and SPI can only have a value in the range 0..UINT32_MAX, not the entire range of the "long" type. Also throw an error if the incoming string does not look like a pure number. "Replaces" commit 6db2ded2f22a7e78743c86af523b8430876582e9. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibip6t_policy.c ibipt_policy.c
afe6b357db60c7d70379a27360c10a352bf55203	21-Feb-2009	Jan Engelhardt <jengelh@medozas.de>	extensions: remove unwanted/add needed includes for IPv4 exts Most touched files do not use anything from ip_tables.h, so remove that #include. multiport instead, does need it (ipt_entry). Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibipt_CLUSTERIP.c ibipt_DNAT.c ibipt_ECN.c ibipt_LOG.c ibipt_MIRROR.c ibipt_NETMAP.c ibipt_REJECT.c ibipt_SAME.c ibipt_SET.c ibipt_TTL.c ibipt_ULOG.c ibipt_addrtype.c ibipt_ecn.c ibipt_policy.c ibipt_ttl.c ibxt_multiport.c
2bc9d348e11820567685670147bd58deef2f938f	21-Feb-2009	Jan Engelhardt <jengelh@medozas.de>	extensions: remove unwanted/add needed includes for IPv6 exts Most touched files do not use anything from ip6_tables.h, so remove that #include. multiport instead, does need it (ip6t_entry). Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibip6t_HL.c ibip6t_LOG.c ibip6t_REJECT.c ibip6t_hl.c ibip6t_ipv6header.c ibip6t_mh.c ibip6t_policy.c ibxt_multiport.c
1829ed482efbc8b390cc760d012b3a4450494e1a	21-Feb-2009	Jan Engelhardt <jengelh@medozas.de>	libxtables: prefix exit_error to xtables_error Signed-off-by: Jan Engelhardt <jengelh@medozas.de> scp_helper.c ibip6t_HL.c ibip6t_LOG.c ibip6t_REJECT.c ibip6t_ah.c ibip6t_dst.c ibip6t_frag.c ibip6t_hbh.c ibip6t_hl.c ibip6t_icmp6.c ibip6t_ipv6header.c ibip6t_mh.c ibip6t_policy.c ibip6t_rt.c ibipt_CLUSTERIP.c ibipt_DNAT.c ibipt_ECN.c ibipt_LOG.c ibipt_MASQUERADE.c ibipt_NETMAP.c ibipt_REDIRECT.c ibipt_REJECT.c ibipt_SAME.c ibipt_SET.c ibipt_SNAT.c ibipt_TTL.c ibipt_ULOG.c ibipt_addrtype.c ibipt_ah.c ibipt_ecn.c ibipt_icmp.c ibipt_policy.c ibipt_realm.c ibipt_set.c ibipt_set.h ibipt_ttl.c ibxt_CLASSIFY.c ibxt_CONNMARK.c ibxt_CONNSECMARK.c ibxt_DSCP.c ibxt_MARK.c ibxt_NFLOG.c ibxt_NFQUEUE.c ibxt_RATEEST.c ibxt_SECMARK.c ibxt_TCPMSS.c ibxt_TCPOPTSTRIP.c ibxt_TOS.c ibxt_TPROXY.c ibxt_comment.c ibxt_connbytes.c ibxt_connlimit.c ibxt_connmark.c ibxt_conntrack.c ibxt_dccp.c ibxt_dscp.c ibxt_esp.c ibxt_hashlimit.c ibxt_helper.c ibxt_iprange.c ibxt_length.c ibxt_limit.c ibxt_mac.c ibxt_mark.c ibxt_multiport.c ibxt_owner.c ibxt_physdev.c ibxt_pkttype.c ibxt_quota.c ibxt_rateest.c ibxt_recent.c ibxt_sctp.c ibxt_state.c ibxt_statistic.c ibxt_string.c ibxt_tcp.c ibxt_tcpmss.c ibxt_time.c ibxt_tos.c ibxt_u32.c ibxt_udp.c os_values.c
6db2ded2f22a7e78743c86af523b8430876582e9	17-Feb-2009	Christian Perle <chris@linuxinfotag.de>	libxt_policy: cannot set spi/reqid numbers higher than 0x7fffffff http://bugzilla.netfilter.org/show_bug.cgi?id=577 When using the -m policy match, the option argument for --spi is converted using strtol(), which returns a signed 32 bit value, so the highest positive value is 0x7fffffff. Instead strtoul() should be used. The same applies for the --reqid option argument. Signed-off-by: Patrick McHardy <kaber@trash.net> ibip6t_policy.c ibipt_policy.c
0ff6b46a331b7fa620c40d3110be5b3deb3c40a6	17-Feb-2009	Jan Engelhardt <jengelh@medozas.de>	doc: do not put IPv4 doc into ip6tables.8 Reference: http://bugs.debian.org/515752 Signed-off-by: Jan Engelhardt <jengelh@medozas.de> NUmakefile.in
ae6f9b978aded200def693dcba80f7b97de7f7c6	15-Jan-2009	Marc Fournier <marc.fournier@camptocamp.com>	doc: fix option typo in libxt_multiport Reference: http://bugs.debian.org/511891 Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_multiport.man
37b4bde745698bf140d74e59a2561f34deeb8726	12-Feb-2009	Jan Engelhardt <jengelh@medozas.de>	libxt_string: fix undefined behavior/incorrect patlen calculation strlen ran over the end of the string. Use strnlen to bound it. Reference: http://bugs.debian.org/513516 Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_string.c
1de7edffc9085c0f41c261dca995e28ae4126c29	30-Jan-2009	Jan Engelhardt <jengelh@medozas.de>	libxtables: prefix/order - move parse_protocol to xtables.c Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibip6t_policy.c ibipt_policy.c ibxt_conntrack.c ibxt_time.c
0f16c725aadaac7e670d632ecbaea3661ff00827	30-Jan-2009	Jan Engelhardt <jengelh@medozas.de>	libxtables: prefix/order - move check_inverse to xtables.c This also adds a warning that intrapositional negation support is deprecated. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibip6t_HL.c ibip6t_LOG.c ibip6t_REJECT.c ibip6t_ah.c ibip6t_dst.c ibip6t_frag.c ibip6t_hbh.c ibip6t_hl.c ibip6t_icmp6.c ibip6t_ipv6header.c ibip6t_mh.c ibip6t_policy.c ibip6t_rt.c ibipt_DNAT.c ibipt_LOG.c ibipt_MASQUERADE.c ibipt_NETMAP.c ibipt_REDIRECT.c ibipt_REJECT.c ibipt_SAME.c ibipt_SET.c ibipt_SNAT.c ibipt_TTL.c ibipt_ULOG.c ibipt_addrtype.c ibipt_ah.c ibipt_ecn.c ibipt_icmp.c ibipt_policy.c ibipt_realm.c ibipt_set.c ibipt_ttl.c ibxt_NFLOG.c ibxt_comment.c ibxt_connbytes.c ibxt_connlimit.c ibxt_connmark.c ibxt_conntrack.c ibxt_dccp.c ibxt_dscp.c ibxt_esp.c ibxt_hashlimit.c ibxt_helper.c ibxt_iprange.c ibxt_length.c ibxt_limit.c ibxt_mac.c ibxt_mark.c ibxt_multiport.c ibxt_physdev.c ibxt_pkttype.c ibxt_quota.c ibxt_rateest.c ibxt_recent.c ibxt_sctp.c ibxt_state.c ibxt_string.c ibxt_tcp.c ibxt_tcpmss.c ibxt_udp.c
a0baae85f8159f03d52535934aa9b3a375e0f1f3	30-Jan-2009	Jan Engelhardt <jengelh@medozas.de>	libxtables: prefix - parse and escaped output func Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibip6t_policy.c ibipt_LOG.c ibipt_ULOG.c ibipt_policy.c ibxt_NFLOG.c ibxt_conntrack.c ibxt_helper.c
aae6be9edc99e58164a3592c510fe5488141c698	30-Jan-2009	Jan Engelhardt <jengelh@medozas.de>	libxtables: prefix - misc functions Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibipt_REDIRECT.c ibxt_dccp.c ibxt_multiport.c ibxt_physdev.c ibxt_sctp.c ibxt_tcp.c ibxt_udp.c
1e01b0b82f70b0b11dcfbced485dbe7aeac4fb8c	30-Jan-2009	Jan Engelhardt <jengelh@medozas.de>	libxtables: prefix/order - ascii to ipaddr/ipmask input Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibipt_DNAT.c ibipt_NETMAP.c ibipt_SAME.c ibipt_SNAT.c ibxt_TPROXY.c ibxt_iprange.c
e44ea7faa17c10c68f14f5338a7cc6e3291a0ce7	30-Jan-2009	Jan Engelhardt <jengelh@medozas.de>	libxtables: prefix/order - ipaddr/ipmask to ascii output Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibipt_DNAT.c ibipt_NETMAP.c ibipt_SAME.c ibipt_SNAT.c ibipt_policy.c ibxt_TPROXY.c ibxt_conntrack.c ibxt_iprange.c
a41545ca7cde43e0ba53260ba74bd9bf74025a68	27-Jan-2009	Jan Engelhardt <jengelh@medozas.de>	libxtables: prefix/order - param_act Changes: exittype -> xtables_exittype P_* -> XTF_* flags Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_CONNMARK.c ibxt_MARK.c ibxt_TOS.c ibxt_TPROXY.c ibxt_connmark.c ibxt_conntrack.c ibxt_hashlimit.c ibxt_iprange.c ibxt_mark.c ibxt_owner.c ibxt_tos.c
5f2922cfc0bbfbeb878f5c12e9fb3eb602ae5507	27-Jan-2009	Jan Engelhardt <jengelh@medozas.de>	libxtables: prefix/order - strtoui This commit also throws out the redundant string_to_number_*. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibip6t_HL.c ibip6t_LOG.c ibip6t_icmp6.c ibip6t_mh.c ibipt_CLUSTERIP.c ibipt_ECN.c ibipt_LOG.c ibipt_NETMAP.c ibipt_TTL.c ibipt_ecn.c ibipt_icmp.c ibipt_ttl.c ibxt_CONNMARK.c ibxt_DSCP.c ibxt_MARK.c ibxt_NFQUEUE.c ibxt_TCPMSS.c ibxt_TCPOPTSTRIP.c ibxt_TOS.c ibxt_TPROXY.c ibxt_connmark.c ibxt_conntrack.c ibxt_dccp.c ibxt_dscp.c ibxt_hashlimit.c ibxt_length.c ibxt_limit.c ibxt_mark.c ibxt_owner.c ibxt_rateest.c ibxt_statistic.c ibxt_tcp.c ibxt_tcpmss.c os_values.c
e917bca09924435f3fca23c01042543b1826c81e	27-Jan-2009	Jan Engelhardt <jengelh@medozas.de>	extensions: use UINT_MAX constants over open-coded numbers (2/2) Use the handy constants for ranges. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibip6t_HL.c ibip6t_icmp6.c ibip6t_mh.c ibipt_TTL.c ibipt_icmp.c ibipt_ttl.c ibxt_DSCP.c ibxt_NFQUEUE.c ibxt_TCPMSS.c ibxt_TCPOPTSTRIP.c ibxt_TOS.c ibxt_TPROXY.c ibxt_dccp.c ibxt_dscp.c ibxt_hashlimit.c ibxt_length.c ibxt_statistic.c ibxt_tcp.c ibxt_tcpmss.c os_values.c
a80975497968e69b23f56bf15d346c65bec381f2	27-Jan-2009	Jan Engelhardt <jengelh@medozas.de>	extensions: use UINT_MAX constants over open-coded bits (1/2) ~0 depends on the sizeof(int), so it is better to use UINT32_MAX. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_CONNMARK.c ibxt_MARK.c ibxt_TPROXY.c ibxt_connmark.c ibxt_conntrack.c ibxt_mark.c ibxt_quota.c ibxt_string.c
7a63ca74dbcd323217cab7296e68a19b8c9ea6c4	27-Jan-2009	Jan Engelhardt <jengelh@medozas.de>	libxt_owner: use correct UID/GID boundaries -1 is a reserved number (chown uses it to denote "do not change"), so the maximum libxt_owner should permit is up to UINT32_MAX-1. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibxt_owner.c
213e185afbb298e6708881e4c2adffdc47a8b6da	27-Jan-2009	Jan Engelhardt <jengelh@medozas.de>	src: remove redundant casts All of them are implicitly convertable without any wanted side effects. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibip6t_LOG.c ibip6t_ah.c ibip6t_dst.c ibip6t_frag.c ibip6t_hbh.c ibip6t_ipv6header.c ibip6t_rt.c ibipt_CLUSTERIP.c ibipt_LOG.c ibipt_ah.c ibipt_realm.c ibxt_DSCP.c ibxt_dccp.c ibxt_dscp.c ibxt_esp.c ibxt_length.c ibxt_tcp.c ibxt_tcpmss.c
825c317eedc12e1c8c93e22a96bc423d27b3c1f4	27-Jan-2009	Jan Engelhardt <jengelh@medozas.de>	src: remove redundant returns at end of void-returning functions Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibip6t_ipv6header.c ibxt_DSCP.c ibxt_NFQUEUE.c ibxt_dscp.c ibxt_u32.c
ea268e19a8b820cce4bab3318e656efa51134487	26-Jan-2009	Bart De Schuymer <bdschuym@pandora.be>	man: fix physdev manpage A sentence of the physdev module's help entry was truncated by the man program because the line starts with a single quote. Signed-off-by: Bart De Schuymer <bdschuym@pandora.be> Signed-off-by: Patrick McHardy <kaber@trash.net> ibxt_physdev.man
cfb9cf0509ad8100cd8d6ab52d60a8ffbb318578	19-Jan-2009	Daniel Drake <dsd@gentoo.org>	libxt_owner: add more spaces to output Commit bb9284d1 ("libxt_owner: add spaces to output") moved the printing of spaces away from the owner_mt_print() function family, but forgot to add spaces in all of the print_item() functions that are called. This is likely to be at least the partial cause of https://bugs.gentoo.org/show_bug.cgi?id=254435 Signed-off-by: Daniel Drake <dsd@gentoo.org> Approves-of-this-patch: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net> ibxt_owner.c
3d12c3bbffb43182df9ac5c0ad549b095d30d021	13-Jan-2009	Jan Engelhardt <jengelh@medozas.de>	doc: augment ICMP manpage by type/code syntax The ICMP match module also allows numeric type/code as in "--icmp-type type/code". Document it. Based upon a patch by Victor Stinner <vstinner@inl.fr>. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibipt_icmp.c ibipt_icmp.man
fea74bf74ff524431ce65145f1523584edf99dc9	12-Jan-2009	Jan Engelhardt <jengelh@medozas.de>	doc: escape minus sign in manpages groff formats '-' as a hyphen, and '\-' is needed for a minus. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net> ibip6t_HL.man ibip6t_LOG.man ibip6t_REJECT.man ibip6t_ah.man ibip6t_dst.man ibip6t_frag.man ibip6t_hbh.man ibip6t_hl.man ibip6t_icmp6.man ibip6t_ipv6header.man ibip6t_mh.man ibip6t_rt.man ibipt_CLUSTERIP.man ibipt_DNAT.man ibipt_ECN.man ibipt_LOG.man ibipt_MASQUERADE.man ibipt_NETMAP.man ibipt_REDIRECT.man ibipt_REJECT.man ibipt_SAME.man ibipt_SET.man ibipt_SNAT.man ibipt_TTL.man ibipt_ULOG.man ibipt_addrtype.man ibipt_ah.man ibipt_ecn.man ibipt_icmp.man ibipt_realm.man ibipt_set.man ibipt_ttl.man ibxt_CLASSIFY.man ibxt_CONNMARK.man ibxt_CONNSECMARK.man ibxt_DSCP.man ibxt_MARK.man ibxt_NFLOG.man ibxt_NFQUEUE.man ibxt_RATEEST.man ibxt_SECMARK.man ibxt_TCPMSS.man ibxt_TCPOPTSTRIP.man ibxt_TOS.man ibxt_TPROXY.man ibxt_comment.man ibxt_connbytes.man ibxt_connlimit.man ibxt_connmark.man ibxt_conntrack.man ibxt_dccp.man ibxt_dscp.man ibxt_esp.man ibxt_hashlimit.man ibxt_helper.man ibxt_iprange.man ibxt_length.man ibxt_limit.man ibxt_mac.man ibxt_mark.man ibxt_multiport.man ibxt_owner.man ibxt_physdev.man ibxt_pkttype.man ibxt_policy.man ibxt_quota.man ibxt_rateest.man ibxt_recent.man ibxt_sctp.man ibxt_state.man ibxt_statistic.man ibxt_string.man ibxt_tcp.man ibxt_tcpmss.man ibxt_time.man ibxt_tos.man ibxt_u32.man ibxt_udp.man
c3d0a7b800277fcc4401f19a584edf1d7dfaeda9	30-Dec-2008	Jan Engelhardt <jengelh@medozas.de>	rateest: guard against segfault Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> ibxt_rateest.c
cea9f71f5618250a38acb21c31fbbf93a752f7d4	09-Dec-2008	Jan Engelhardt <jengelh@medozas.de>	iptables-save: output ! in position according to manpage Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net> ibip6t_ah.c ibip6t_dst.c ibip6t_frag.c ibip6t_hbh.c ibip6t_hl.c ibip6t_ipv6header.c ibip6t_rt.c ibipt_addrtype.c ibipt_ah.c ibxt_dscp.c ibxt_esp.c ibxt_length.c ibxt_multiport.c ibxt_pkttype.c ibxt_string.c ibxt_tcpmss.c
64f948b24407c3cf3d02476059a3f9fa0265cb3d	24-Nov-2008	Jan Engelhardt <jengelh@medozas.de>	doc: fix a typo in libip6t_REJECT.man Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net> ibip6t_REJECT.man
5d9678ad3eabc34ac40dfe055d7f6a8e44445a5a	20-Nov-2008	Jan Engelhardt <jengelh@medozas.de>	src: remove inclusion of iptables.h iptables.h and ip6tables.h only include declarations internal to iptables (specifically iptables.c and ip6tables.c), as most of the public API has been moved to xtables.h a few months ago. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net> ibip6t_HL.c ibip6t_LOG.c ibip6t_REJECT.c ibip6t_ah.c ibip6t_dst.c ibip6t_eui64.c ibip6t_frag.c ibip6t_hbh.c ibip6t_hl.c ibip6t_icmp6.c ibip6t_ipv6header.c ibip6t_mh.c ibip6t_policy.c ibip6t_rt.c ibipt_CLUSTERIP.c ibipt_DNAT.c ibipt_ECN.c ibipt_LOG.c ibipt_MASQUERADE.c ibipt_MIRROR.c ibipt_NETMAP.c ibipt_REDIRECT.c ibipt_REJECT.c ibipt_SAME.c ibipt_SET.c ibipt_SNAT.c ibipt_TTL.c ibipt_ULOG.c ibipt_addrtype.c ibipt_ah.c ibipt_ecn.c ibipt_icmp.c ibipt_policy.c ibipt_realm.c ibipt_set.c ibipt_ttl.c ibipt_unclean.c ibxt_TPROXY.c ibxt_connlimit.c ibxt_conntrack.c
0ec8c0f00b591681076af2db34df0f230b08fa2c	19-Nov-2008	Pablo Neira Ayuso <pablo@netfilter.org>	state: report spaces in the state list parsing This patch adds better error reporting when the user inserts a space between two states with the --state option. iptables -I INPUT -m state ESTABLISHED, RELATED ^ mind the space results in: iptables v1.4.2-rc1: Bad state `' Try `iptables -h' or 'iptables --help' for more information. Now this returns: iptables v1.4.2-rc1: `--state' requires a list of states with no spaces, e.g. ESTABLISHED,RELATED This patch also applies to libxt_conntrack which has a copy of the function. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> ibxt_conntrack.c ibxt_state.c
03d99486d8283552705b58dc55b6085dffc38792	18-Nov-2008	Jan Engelhardt <jengelh@medozas.de>	src: use NFPROTO_ constants Resync netfilter.h from the latest kernel and make use of the new NFPROTO_ constants that have been introduced. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net> ibip6t_HL.c ibip6t_LOG.c ibip6t_REJECT.c ibip6t_ah.c ibip6t_dst.c ibip6t_eui64.c ibip6t_frag.c ibip6t_hbh.c ibip6t_hl.c ibip6t_icmp6.c ibip6t_ipv6header.c ibip6t_mh.c ibip6t_policy.c ibip6t_rt.c ibipt_CLUSTERIP.c ibipt_DNAT.c ibipt_ECN.c ibipt_LOG.c ibipt_MASQUERADE.c ibipt_MIRROR.c ibipt_NETMAP.c ibipt_REDIRECT.c ibipt_REJECT.c ibipt_SAME.c ibipt_SET.c ibipt_SNAT.c ibipt_TTL.c ibipt_ULOG.c ibipt_addrtype.c ibipt_ah.c ibipt_ecn.c ibipt_icmp.c ibipt_policy.c ibipt_realm.c ibipt_set.c ibipt_ttl.c ibipt_unclean.c ibxt_CONNMARK.c ibxt_CONNSECMARK.c ibxt_DSCP.c ibxt_MARK.c ibxt_NFLOG.c ibxt_NFQUEUE.c ibxt_NOTRACK.c ibxt_TCPMSS.c ibxt_TCPOPTSTRIP.c ibxt_TOS.c ibxt_TPROXY.c ibxt_comment.c ibxt_connbytes.c ibxt_connlimit.c ibxt_connmark.c ibxt_conntrack.c ibxt_dccp.c ibxt_dscp.c ibxt_esp.c ibxt_hashlimit.c ibxt_helper.c ibxt_iprange.c ibxt_mac.c ibxt_multiport.c ibxt_owner.c ibxt_physdev.c ibxt_recent.c ibxt_sctp.c ibxt_socket.c ibxt_state.c ibxt_tcp.c ibxt_tcpmss.c ibxt_tos.c ibxt_udp.c
c7fc1dae1e8f8a5fe2ad4eac4bdd1f3c59d8c975	12-Nov-2008	Jan Engelhardt <jengelh@medozas.de>	libxt_conntrack: dump ctdir Sent in as part of a larger private mail by G�sp�r Lajos <swifty@freemail.hu>; I cherry-picked the ctdir part. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net> ibxt_conntrack.c
6b6c096ca56975125edf2aadfd195f23d34df38f	10-Nov-2008	Jan Engelhardt <jengelh@medozas.de>	libxt_conntrack: respect -n option during ruledump Reference: http://bugs.debian.org/502548 Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net> ibxt_conntrack.c
5a942f9501f7ce287e1c37c553eb02a1e269e081	04-Nov-2008	Patrick McHardy <kaber@trash.net>	Add SCTP/DCCP support to NAT targets Signed-off-by: Patrick McHardy <kaber@trash.net> ibipt_DNAT.c ibipt_MASQUERADE.c ibipt_REDIRECT.c ibipt_SNAT.c
ecae0c3efc6851d767c759b77d897d113af821a0	23-Oct-2008	Thomas Jarosch <thomas.jarosch@intra2net.com>	Fix compile warnings using gcc 4.3.2 libxt_dccp.c: In function 'port_to_service': libxt_dccp.c:196: warning: implicit declaration of function 'htons' libxt_sctp.c: In function 'port_to_service': libxt_sctp.c:321: warning: implicit declaration of function 'htons' libxt_tcp.c: In function 'port_to_service': libxt_tcp.c:220: warning: implicit declaration of function 'htons' libxt_udp.c: In function 'port_to_service': libxt_udp.c:104: warning: implicit declaration of function 'htons' Signed-off-by: Thomas Jarosch <thomas.jarosch@intra2net.com> Signed-off-by: Patrick McHardy <kaber@trash.net> ibxt_dccp.c ibxt_sctp.c ibxt_tcp.c ibxt_udp.c
240eee607ab7e5bb9f671b7ceba40e2940182f61	23-Oct-2008	Thomas Jarosch <thomas.jarosch@intra2net.com>	Fix compile error in libxt_iprange.c using gcc 4.3.2 In file included from libxt_iprange.c:9: ../include/linux/netfilter.h:43: error: field 'in' has incomplete type ../include/linux/netfilter.h:44: error: field 'in6' has incomplete type libxt_iprange.c: In function 'parse_iprange': libxt_iprange.c:46: error: dereferencing pointer to incomplete type libxt_iprange.c:53: error: dereferencing pointer to incomplete type libxt_iprange.c: In function 'iprange_mt4_parse': libxt_iprange.c:117: error: dereferencing pointer to incomplete type libxt_iprange.c:121: error: dereferencing pointer to incomplete type libxt_iprange.c:136: error: dereferencing pointer to incomplete type libxt_iprange.c:140: error: dereferencing pointer to incomplete type libxt_iprange.c: In function 'iprange_mt6_parse': libxt_iprange.c:167: error: dereferencing pointer to incomplete type libxt_iprange.c:171: error: dereferencing pointer to incomplete type libxt_iprange.c:186: error: dereferencing pointer to incomplete type libxt_iprange.c:190: error: dereferencing pointer to incomplete type Signed-off-by: Thomas Jarosch <thomas.jarosch@intra2net.com> ibxt_iprange.c
c7f0e945e01ad3ab995061e28564adba6ca5e974	22-Oct-2008	Jan Engelhardt <jengelh@medozas.de>	libxt_recent: add IPv6 support Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net> ibxt_recent.c ibxt_recent.man
af1660fe0e88cd9f1c770864e1c643718cb2cc62	22-Oct-2008	Jan Engelhardt <jengelh@medozas.de>	Move libipt_recent to libxt_recent Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net> ibipt_recent.c ibipt_recent.man ibxt_recent.c ibxt_recent.man
56156cda196154aa015b7df030a2a9bbf34f4fcc	22-Oct-2008	Jir� Moravec <jim.lkml@gmail.com>	libxt_TOS: fix compilation error Fix compilation error caused by double definition of IPPROTO_SCTP: In file included from /usr/include/netinet/ip.h:25, from /usr/include/linux/ip.h:19, from tos_values.c:4, from libxt_TOS.c:15: /usr/include/netinet/in.h:84: error: expected identifier before numeric constant make[2]: *** [libxt_TOS.oo] Error 1 Signed-off-by: Patrick McHardy <kaber@trash.net> ibxt_TOS.c
430bbc782ea034c6314a00a841f737560a56717c	15-Oct-2008	KOVACS Krisztian <hidden@sch.bme.hu>	Add iptables support for the socket match Add user-space code for the socket match. Signed-off-by: KOVACS Krisztian <hidden@sch.bme.hu> Signed-off-by: Patrick McHardy <kaber@trash.net> ibxt_socket.c ibxt_socket.man
92b54aa2b436387f85783d3f420ccaa12fdaf891	15-Oct-2008	KOVACS Krisztian <hidden@sch.bme.hu>	Add iptables support for the TPROXY target Signed-off-by: KOVACS Krisztian <hidden@sch.bme.hu> Signed-off-by: Patrick McHardy <kaber@trash.net> ibxt_TPROXY.c ibxt_TPROXY.man
3cc6fc3cbf26b847ba7232ff220b74e74e72c219	29-Sep-2008	Pablo Sebastian Greco <pablo@fliagreco.com.ar>	mark: fix invalid iptables-save output When a neg mark is saved via iptables-save it is saved as !--mark, but this is not recognized by iptables-restore, just adding a space to the saved file to make it look like "! --mark" makes iptables-restore accept the file. Signed-off-by: Pablo Sebastian Greco <pablo@fliagreco.com.ar> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> ibxt_mark.c
81bd58838403fc8c4a63840f0af42deebe6d4a20	04-Sep-2008	Jan Engelhardt <jengelh@medozas.de>	src: update comments part II A number of comments are redundant, some outdated and others outright wrong in their own way. Remove and fixup. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net> ibxt_hashlimit.c ibxt_limit.c
de0844bd2ebddbea758802cb63a530d7815018f7	01-Sep-2008	Patrick McHardy <kaber@trash.net>	manpages: fix another typo in tcp manpage ibxt_tcp.man
995e5cfa8e5ceb7f7e9d0e56ad7147b2dea1221f	01-Sep-2008	WANG Cong <wangcong@zeuux.org>	manpages: Fix a typo in tcp man page Signed-off-by: WANG Cong <wangcong@zeuux.org> Signed-off-by: Patrick McHardy <kaber@trash.net> ibxt_tcp.man
9a90f9075cbcaa743c93b57f12f6e38b04dfc790	01-Sep-2008	Phil Oester <kernel@linuxace.com>	src: Missing limits.h includes Latest git doesn't compile for me on Fedora 9 due to various *MAX constants being undefined. Below adds the include in 3 files which need it (although I can't see why this isn't required in 1.4.1.1). Signed-off-by: Phil Oester <kernel@linuxace.com> Signed-off-by: Patrick McHardy <kaber@trash.net> ibxt_esp.c ibxt_owner.c ibxt_time.c
a4be7cb319212ba7907a541bbb5f9af1ffa7db0f	01-Sep-2008	Jan Engelhardt <jengelh@medozas.de>	libxt_recent: do allow --rttl for --update Tony Ho noticed a too-strict check in xt_recent, so here is a fix. Reported-by: Tony Ho <iptables@iblink.com.cn> Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net> ibipt_recent.c ibipt_recent.man
ddac6c5bc636003d664d25c08ea3fe176565096c	01-Sep-2008	Jan Engelhardt <jengelh@medozas.de>	src: Update comments A number of comments are redundant, some outdated and others outright wrong in their own way. Remove and fixup. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net> ibip6t_LOG.c ibip6t_REJECT.c ibip6t_ah.c ibip6t_dst.c ibip6t_eui64.c ibip6t_frag.c ibip6t_hbh.c ibip6t_icmp6.c ibip6t_ipv6header.c ibip6t_policy.c ibip6t_rt.c ibipt_CLUSTERIP.c ibipt_DNAT.c ibipt_ECN.c ibipt_LOG.c ibipt_MASQUERADE.c ibipt_MIRROR.c ibipt_NETMAP.c ibipt_REDIRECT.c ibipt_REJECT.c ibipt_SAME.c ibipt_SET.c ibipt_SNAT.c ibipt_ULOG.c ibipt_ah.c ibipt_ecn.c ibipt_icmp.c ibipt_realm.c ibipt_recent.c ibipt_set.c ibipt_unclean.c ibxt_CLASSIFY.c ibxt_CONNMARK.c ibxt_DSCP.c ibxt_MARK.c ibxt_NFQUEUE.c ibxt_NOTRACK.c ibxt_SECMARK.c ibxt_TCPMSS.c ibxt_TRACE.c ibxt_comment.c ibxt_connbytes.c ibxt_connmark.c ibxt_conntrack.c ibxt_dccp.c ibxt_dscp.c ibxt_esp.c ibxt_hashlimit.c ibxt_helper.c ibxt_length.c ibxt_limit.c ibxt_mac.c ibxt_mark.c ibxt_pkttype.c ibxt_quota.c ibxt_sctp.c ibxt_standard.c ibxt_state.c ibxt_statistic.c ibxt_string.c ibxt_tcp.c ibxt_tcpmss.c ibxt_u32.c ibxt_udp.c
a2a7f2b531cc582ab6cc3c2b73715ed1d58b9eab	01-Sep-2008	Jan Engelhardt <jengelh@medozas.de>	src: use regular includes iptables ships with all header files and prioritized its own include directory over /usr/include/linux, so just use the normal brackets. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net> ibip6t_policy.c ibipt_CLUSTERIP.c ibipt_SAME.c ibipt_ULOG.c ibipt_policy.c ibxt_connlimit.c ibxt_limit.c ibxt_multiport.c ibxt_u32.c
bfb7e0b84b5d732e378a3fcbb4132fdbd9938766	01-Sep-2008	Jan Engelhardt <jengelh@medozas.de>	libxt_iprange: fix option names There is no --src-ip, just --src-range. (Same for --dst-range.) Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net> ibxt_iprange.c
161143d88c4c6f8b25ef191971757803dc5c7c2d	01-Sep-2008	Jan Engelhardt <jengelh@medozas.de>	libxt_mac: flatten casts in libxt_mac Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net> ibxt_mac.c
a47bb4a9fa24db2f3ba6559c9175f3f1144ee74c	15-Aug-2008	Jan Engelhardt <jengelh@medozas.de>	manpages: add missing rateest match documentation Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> ibxt_rateest.man
7d0917b8f94ffc9dd236799cff86e80daf5dd340	15-Aug-2008	Jan Engelhardt <jengelh@medozas.de>	manpages: add missing rateest documentation Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> ibxt_RATEEST.man
d91bd17eccd00fd392fbd89568bc21a605e84ea9	13-Aug-2008	Jan Engelhardt <jengelh@medozas.de>	manpages: add missing --rsource,--rdest options to libxt_recent.man Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net> ibipt_recent.man
7963845decf9de40e612e62eaf7ef62f15cf8080	13-Aug-2008	Jan Engelhardt <jengelh@medozas.de>	build: fix initext.c dependency initext?.c is generated within the current directory, not in ${srcdir}. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net> NUmakefile.in
967279231a9ecfa99f26694a954afc535c63db1d	13-Aug-2008	Jan Engelhardt <jengelh@medozas.de>	Synchronize invert flag order with manpages Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net> ibip6t_ah.c ibip6t_dst.c ibip6t_frag.c ibip6t_hbh.c ibip6t_hl.c ibip6t_icmp6.c ibip6t_ipv6header.c ibip6t_mh.c ibip6t_rt.c ibipt_ah.c ibipt_icmp.c ibipt_realm.c ibxt_dccp.c ibxt_esp.c ibxt_mac.c ibxt_multiport.c ibxt_physdev.c ibxt_sctp.c ibxt_tcp.c ibxt_udp.c
d38eaf488dcd9c78d1ea7c1b9613d210688114af	13-Aug-2008	Jan Engelhardt <jengelh@medozas.de>	physdev: remove extra space in output Just a cosmetic fix for `iptables -S` and `iptables-save` printing two spaces between arguments in the physdev match. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net> ibxt_physdev.c
aeafdb8126d6ee658ff2b55dea380a84d1d77a25	12-Aug-2008	Jan Engelhardt <jengelh@medozas.de>	manpages: correct erroneous markup Text paragraphs should use .PP, since .TP makes it a list item with indented description. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> ibip6t_HL.man ibipt_REJECT.man ibipt_SET.man ibipt_TTL.man ibipt_addrtype.man ibxt_NFQUEUE.man ibxt_NOTRACK.man ibxt_TCPMSS.man ibxt_statistic.man
dee5f0009f7ca1a6d092c3c17450c33c53121b7c	04-Aug-2008	Phil Oester <kernel@linuxace.com>	libxt_dscp: fix save of negated dscp match rules As pointed out by Vyacheslav Garashchenko, iptables-save does not save negated dscp matches properly. Fix below. This closes bugzilla #533. Phil Signed-off-by: Phil Oester <kernel@linuxace.com> Signed-off-by: Patrick McHardy <kaber@trash.net> ibxt_dscp.c
04c97954d5933fc935616f69a8e63944d5c6cec4	04-Aug-2008	Phil Oester <kernel@linuxace.com>	iptables-save: fix hashlimit output In bugzilla 550, Xeb notes that the --hashlimit-htable-gcinterval argument is saved incorrectly. Patch below corrects. Patch-from: Xeb <xeb@mail.ru> Signed-off-by: Phil Oester <kernel@linuxace.com> Signed-off-by: Patrick McHardy <kaber@trash.net> ibxt_hashlimit.c
3c5d15c880c6dca1facf666272fc309b5d307def	04-Aug-2008	Jan Engelhardt <jengelh@medozas.de>	libxt_recent: do not allow both --set and --rttl Reported-by: Erich Schubert <erich@debian.org> Reference: Debian bug #346034 "I was using the --rttl option in my --set line; this caused all incoming ssh connections to be rejected; --rttl is only to be used with --rcheck and --update." Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net> ibipt_recent.c
ef18e8147903885708d1c264904129af4fb636d6	04-Aug-2008	Jan Engelhardt <jengelh@medozas.de>	src: remove dependency on libiptc headers xtables.h does not need really need libxtc.h, and we can drop it from the install as it is internal-only. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net> ibxt_TCPOPTSTRIP.c ibxt_hashlimit.c ibxt_time.c os_values.c
78d2d14211466f1986882ba6bdf82e6429ce78dc	07-Jul-2008	Joonwoo Park <joonwpark81@gmail.com>	xt_string: string extension case insensitive matching The string extension can search patterns case insensitively with --icase option. A new revision 1 was added, in the meantime invert of xt_string_info was moved into flags as a flag. Signed-off-by: Joonwoo Park <joonwpark81@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net> ibxt_string.c
4ded0f11d382c37a57c04077f453b3978eeded17	30-Jun-2008	Jan Engelhardt <jengelh@medozas.de>	libxt_TOS: make sure --set-tos value/mask is recognized Only when a 'stop' pointer is passed, the string may consist of more than just a number. Reported-by: Anonymous Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net> os_values.c
6a0cd58f7e444137eb757695f917e46eb14201c8	13-Jun-2008	Jan Engelhardt <jengelh@medozas.de>	iprange: kernel flags were not set The --src-range and --dst-range parameters did not set the IPRANGE_* flags in struct xt_iprange_mtinfo. Reported-by: Maxim Britov <maxim.britov@gmail.com> Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net> ibxt_iprange.c
e145621e88ef65d2c1f34f9225c4c0cb7e52516d	12-Jun-2008	Jan Engelhardt <jengelh@medozas.de>	build: fix `make install` when --disable-shared is used When --disable-shared is used, there are no .so files to install, and the argument order for install would get messed up. Reported-by: Michael Teicher <mteicher@gmail.com> Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net> NUmakefile.in
9b488b992872d4d2b7ebf7897d74d52f4fb59e1c	08-Jun-2008	Jan Engelhardt <jengelh@medozas.de>	manpage updates A number of options support negation, but the manpage did not reflect this ("[!]" was absent). Also fix a few [] (optional arguments) to {} (required arguments) in the option-BNF. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net> ibipt_addrtype.man ibipt_ecn.man ibipt_set.man ibxt_connbytes.man ibxt_dccp.man ibxt_dscp.man ibxt_hashlimit.man ibxt_length.man ibxt_limit.man ibxt_multiport.man ibxt_pkttype.c ibxt_pkttype.man ibxt_policy.man ibxt_state.man ibxt_string.c ibxt_string.man ibxt_time.c ibxt_time.man
0ea82bc43e9262cdbb9880ca56bb514db4c77f8e	07-Jun-2008	Patrick McHardy <kaber@trash.net>	sparse warning fixes: integer used as pointer Signed-off-by: Patrick McHardy <kaber@trash.net> ibipt_SET.c ibipt_set.c ibxt_CONNSECMARK.c ibxt_SECMARK.c ibxt_quota.c
bb9284d153f338b01975344e96c1b8bcde7d82a8	06-Jun-2008	Jan Engelhardt <jengelh@medozas.de>	libxt_owner: add spaces to output It could happen that --<arg><value> was printed on iptables-save with owner rules (owner_mt_save() function) without the obligatory space inbetween. Also transfer printing of the space character into owner_mt_print_item(). Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net> ibxt_owner.c
4dfd25a405199c03fc694b9a43efdae6a91d8ae8	06-Jun-2008	Laszlo Attila Toth <panther@balabit.hu>	addrtype match: added revision 1 In revision 1 address type checking can be limited to either the incoming or outgoing interface depending on the current chain. In the FORWARD chain only one of them is allowed at the same time. Signed-off-by: Laszlo Attila Toth <panther@balabit.hu> Signed-off-by: Patrick McHardy <kaber@trash.net> ibipt_addrtype.c ibipt_addrtype.man
e2562c8207dcb730ef2406faccf1d55ec42994f6	06-Jun-2008	Lutz Jaenicke <ljaenicke@innominate.com>	Fix iptables-save output of libxt_owner match The _save functions need to use the same syntax that is used for parsing the input instead of "user readable" output. ibxt_owner.c
2c570e76d4c627a0b0417cfa0d0f2e787a6d629d	05-Jun-2008	Jan Engelhardt <jengelh@medozas.de>	build: check for missing feature files linux/dccp.h is unlikely to be installed before 2.6.18 (which was when headers_install was introduced), and does not exist at all before 2.6.14. Add a compile-time check to skip compilation of libxt_dccp in case this was detected. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net> NUmakefile.in
510aef98a56cdbfdb147f78b05d7554bb91770a9	02-Jun-2008	Patrick McHardy <kaber@trash.net>	manpages: consistent syntax In the manpages, bold is used to denote characters the user has to enter verbatim, italic denotes placeholders and non-highlighted pieces are used as a structure: "[]" specifying an optional part, "{}" a mandatory part, with "|" used for alternations. The "!" for negation is better supported before the option than after it, too. The patch makes a few files consistent with this style already used in manpages. ibip6t_ah.man ibip6t_dst.man ibip6t_frag.man ibip6t_hbh.man ibip6t_hl.man ibip6t_icmp6.man ibip6t_ipv6header.man ibip6t_mh.man ibip6t_rt.man ibipt_MASQUERADE.man ibipt_NETMAP.man ibipt_REDIRECT.man ibipt_SET.man ibipt_ah.man ibipt_icmp.man ibipt_realm.man ibipt_set.man ibxt_CLASSIFY.man ibxt_TCPOPTSTRIP.man ibxt_dscp.man ibxt_esp.man ibxt_mac.man ibxt_multiport.man ibxt_physdev.man ibxt_pkttype.man ibxt_policy.man ibxt_string.man ibxt_tcp.man ibxt_tcpmss.man ibxt_udp.man
ccecd38e168fe089106f69f61197ae1dfacb4f6d	26-May-2008	Kristof Provost <kristof@sigsegv.be>	REDIRECT: Allow symbolic port in REDIRECT --to-port Fixes Bugzilla 482. Signed-off-by: Kristof Provost <kristof@sigsegv.be> ibipt_REDIRECT.c
f858d3702f7a0e4434fa82836f3666d3d5b6816e	20-May-2008	Thomas Jacob <jacob@internet24.de>	Don't assume /bin/sh is bash The new iptables git version assumes /bin/sh is always GNU bash, that's not the case (Ubuntu 8.04 uses dash), see attachment for a fix. Signed-off-by: Patrick McHardy <kaber@trash.net> NUmakefile.in
ac21a5cb811dad7928c34534cae24427068dd440	12-May-2008	Jan Engelhardt <jengelh@medozas.de>	iptables out-of-tree build directory Reported by: Henrik Nordstrom When xtables.h is not already found in /usr/include, compilation would fail when ${top_srcdir} != ${top_builddir}. NUmakefile.in
8b7c64d6ba156a99008fcd810cba874c73294333	15-Apr-2008	Jan Engelhardt <jengelh@medozas.de>	Remove old functions, constants ibip6t_HL.c ibip6t_LOG.c ibip6t_REJECT.c ibip6t_ah.c ibip6t_dst.c ibip6t_eui64.c ibip6t_frag.c ibip6t_hbh.c ibip6t_hl.c ibip6t_icmp6.c ibip6t_ipv6header.c ibip6t_mh.c ibip6t_policy.c ibip6t_rt.c ibipt_CLUSTERIP.c ibipt_DNAT.c ibipt_ECN.c ibipt_LOG.c ibipt_MASQUERADE.c ibipt_MIRROR.c ibipt_NETMAP.c ibipt_REDIRECT.c ibipt_REJECT.c ibipt_SAME.c ibipt_SET.c ibipt_SNAT.c ibipt_TTL.c ibipt_ULOG.c ibipt_addrtype.c ibipt_ah.c ibipt_ecn.c ibipt_icmp.c ibipt_policy.c ibipt_realm.c ibipt_recent.c ibipt_set.c ibipt_ttl.c ibipt_unclean.c ibxt_CLASSIFY.c ibxt_CONNMARK.c ibxt_CONNSECMARK.c ibxt_DSCP.c ibxt_MARK.c ibxt_NFLOG.c ibxt_NFQUEUE.c ibxt_NOTRACK.c ibxt_RATEEST.c ibxt_SECMARK.c ibxt_TCPMSS.c ibxt_TCPOPTSTRIP.c ibxt_TOS.c ibxt_TRACE.c ibxt_comment.c ibxt_connbytes.c ibxt_connlimit.c ibxt_connmark.c ibxt_conntrack.c ibxt_dccp.c ibxt_dscp.c ibxt_esp.c ibxt_hashlimit.c ibxt_helper.c ibxt_iprange.c ibxt_length.c ibxt_limit.c ibxt_mac.c ibxt_mark.c ibxt_multiport.c ibxt_owner.c ibxt_physdev.c ibxt_pkttype.c ibxt_quota.c ibxt_rateest.c ibxt_sctp.c ibxt_standard.c ibxt_state.c ibxt_statistic.c ibxt_string.c ibxt_tcp.c ibxt_tcpmss.c ibxt_time.c ibxt_tos.c ibxt_u32.c ibxt_udp.c
cbf0700f08c850207026c1b6e0382fa9a972ddf5	14-Apr-2008	Jan Engelhardt <jengelh@medozas.de>	Resolve libipt_set warnings ibipt_set.h
ed342edd98456bd4f23d230481854be160fad1dc	13-Feb-2008	Jan Engelhardt <jengelh@medozas.de>	Remove support for compilation of conditional extensions condition-test condition-test6 set-test NUmakefile.in ibip6t_condition.c ibip6t_condition.man ibipt_condition.c ibipt_condition.man
e24815d8a1b2755182fe983582a56fcc47153804	14-Feb-2008	Jan Engelhardt <jengelh@medozas.de>	Combine ipt and ip6t manpages Combine ipt and ip6t manpages ibip6t_TCPMSS.man ibip6t_TRACE.man ibip6t_connlimit.man ibip6t_length.man ibip6t_multiport.man ibip6t_policy.man ibip6t_tcp.man ibipt_TCPMSS.man ibipt_TRACE.man ibipt_connlimit.man ibipt_length.man ibipt_multiport.man ibipt_policy.man ibipt_tcp.man ibxt_TCPMSS.man ibxt_TRACE.man ibxt_connlimit.man ibxt_length.man ibxt_multiport.man ibxt_policy.man ibxt_tcp.man
23545c2a7a31c68c1e49c7c901b632c2f1c59968	14-Feb-2008	Jan Engelhardt <jengelh@medozas.de>	Implement AF_UNSPEC as a wildcard for extensions ibxt_CLASSIFY.c ibxt_MARK.c ibxt_RATEEST.c ibxt_SECMARK.c ibxt_TRACE.c ibxt_length.c ibxt_limit.c ibxt_mark.c ibxt_pkttype.c ibxt_quota.c ibxt_rateest.c ibxt_standard.c ibxt_statistic.c ibxt_string.c ibxt_time.c ibxt_u32.c
bce1c2159f8d24479e994a22561c0f97df4aec4d	27-Mar-2008	Jan Engelhardt <jengelh@medozas.de>	RATEEST: add manpage ibxt_RATEEST.c ibxt_RATEEST.man
9df688566bd53f489c75b5dda84582361fec1ab7	10-Mar-2008	Jan Engelhardt <jengelh@medozas.de>	manpages: update to reflect fine-grained control ibip6t_frag.man ibipt_DNAT.man ibipt_SAME.man ibipt_SNAT.man ibxt_connmark.man ibxt_helper.man ibxt_iprange.man ibxt_mark.man ibxt_owner.man ibxt_tos.man
6cf172ed4064df729ca83eb71133741dfbd6c6e7	10-Mar-2008	Jan Engelhardt <jengelh@medozas.de>	manpages: grammar and spelling ibip6t_frag.man ibipt_SAME.man ibxt_NFQUEUE.man ibxt_connbytes.man ibxt_dscp.man ibxt_hashlimit.man
27a98c71b37c8b7ecd9c72d9a275640f32973e0d	10-Mar-2008	Jan Engelhardt <jengelh@medozas.de>	manpages: fix broken markup (missing close tags) ibip6t_ah.man ibip6t_dst.man ibipt_connlimit.man ibxt_NFQUEUE.man ibxt_connbytes.man ibxt_dccp.man ibxt_sctp.man ibxt_u32.man
21b41eea4724c57d2b6e5998cf38255046e43ad3	11-Feb-2008	Jan Engelhardt <jengelh@medozas.de>	Combine IP{,6}T_LIB_DIR into XTABLES_LIBDIR NUmakefile.in
9a8c77fc8df3155747c34dcea79b7834a2a9a40a	11-Feb-2008	Jan Engelhardt <jengelh@medozas.de>	Add support for xt_hashlimit match revision 1 ibxt_hashlimit.c ibxt_hashlimit.man
33690a1aec0b6309ff90066ca56285b6e43013f2	11-Feb-2008	Jan Engelhardt <jengelh@medozas.de>	Fix all remaining warnings (missing declarations, missing prototypes) NUmakefile.in ibip6t_policy.c ibipt_ULOG.c
1a756e948d66ca17f088411c175858cae19bfd66	11-Feb-2008	Jan Engelhardt <jengelh@medozas.de>	Update the libxt_owner manpage with the UID/GID-range feature ibxt_owner.man
dbb77543ad6afe29e9a1881b2d4fc212de621a55	11-Feb-2008	Jan Engelhardt <jengelh@medozas.de>	Fix -Wshadow warnings and clean up xt_sctp.h Note: xt_sctp.h is still not merged upstream in the kernel as of this commit. But a refactoring was really needed. ibipt_SAME.c ibipt_addrtype.c ibxt_RATEEST.c ibxt_conntrack.c ibxt_hashlimit.c ibxt_state.c ibxt_statistic.c
7a236f4cc685a420c1a782a5db614a93baf37ccf	03-Mar-2008	Jan Engelhardt <jengelh@medozas.de>	Drop -W from CFLAGS and some tiny code cleanups - change "unsigned" to explicit "unsigned int" - remove some casts scp_helper.c ibip6t_dst.c ibip6t_hbh.c ibip6t_rt.c ibipt_SAME.c ibxt_TCPOPTSTRIP.c ibxt_quota.c
5180032804c03225542368aaaf19060fe7a47a1c	14-Feb-2008	Jan Engelhardt <jengelh@medozas.de>	Correct the family member value of libxt_mark revision 1 libxt_mark rev1 used AF_INET6 in the class structure where it should have used AF_INET. ibxt_mark.c
c924621bb986c445864bdabdc38d2f13efa99ae5	11-Feb-2008	Jan Engelhardt <jengelh@medozas.de>	Fix compilation of iptables-static build Adjust the _INIT macro and thus fix the build/linking procedure of the monolithic do-it-all binary (iptables-static). Also fix the Makefile since unfortunately, lib%.o does not seem to have a higher precedence than %.o NUmakefile.in
dbe6c3b74ee847707181f1fe28b2975b4a8ab425	01-Apr-2008	James King <t.james.king@gmail.com>	[IPTABLES]: libxt_iprange: Fix IP validation logic IP address validation logic was inverted, causing valid addresses to be rejected. Signed-off-by: James King <t.james.king@gmail.com> ibxt_iprange.c
ecd7f5ed3bbdb45f7edc8febea6f29cd61bf58db	29-Feb-2008	Naohiro Ooiwa <nooiwa@miraclelinux.com>	Fix define value of SCTP chunk type. There are wrong chunk_type values in sctp table. The chunk_type of ASCONF and ASCNF_ACK must be 193 and 128, respectively. Naohiro Ooiwa <nooiwa@miraclelinux.com> ibxt_sctp.c
9ee386a1b6d7704b259460152c959ab0e79e02aa	29-Jan-2008	Max Kellermann <max@duempel.org>	fix gcc warnings Max Kellermann <max@duempel.org> scp_helper.c ibip6t_HL.c ibip6t_LOG.c ibip6t_REJECT.c ibip6t_ah.c ibip6t_dst.c ibip6t_frag.c ibip6t_hbh.c ibip6t_hl.c ibip6t_icmp6.c ibip6t_ipv6header.c ibip6t_mh.c ibip6t_policy.c ibip6t_rt.c ibipt_CLUSTERIP.c ibipt_DNAT.c ibipt_ECN.c ibipt_LOG.c ibipt_MASQUERADE.c ibipt_NETMAP.c ibipt_REDIRECT.c ibipt_REJECT.c ibipt_SAME.c ibipt_SNAT.c ibipt_TTL.c ibipt_ULOG.c ibipt_addrtype.c ibipt_ah.c ibipt_ecn.c ibipt_icmp.c ibipt_policy.c ibipt_realm.c ibipt_recent.c ibipt_ttl.c ibxt_CLASSIFY.c ibxt_CONNMARK.c ibxt_CONNSECMARK.c ibxt_DSCP.c ibxt_MARK.c ibxt_NFLOG.c ibxt_NFQUEUE.c ibxt_RATEEST.c ibxt_SECMARK.c ibxt_TCPMSS.c ibxt_TCPOPTSTRIP.c ibxt_TOS.c ibxt_comment.c ibxt_connbytes.c ibxt_connlimit.c ibxt_connmark.c ibxt_conntrack.c ibxt_dccp.c ibxt_dscp.c ibxt_esp.c ibxt_hashlimit.c ibxt_helper.c ibxt_iprange.c ibxt_length.c ibxt_limit.c ibxt_mac.c ibxt_mark.c ibxt_multiport.c ibxt_owner.c ibxt_physdev.c ibxt_pkttype.c ibxt_quota.c ibxt_rateest.c ibxt_sctp.c ibxt_state.c ibxt_statistic.c ibxt_string.c ibxt_tcp.c ibxt_tcpmss.c ibxt_time.c ibxt_tos.c ibxt_u32.c ibxt_udp.c os_values.c
a5d099400fd6f9ad3880dda10f85d2aa36b5ec65	29-Jan-2008	Max Kellermann <max@duempel.org>	escape strings Max Kellermann <max@duempel.org> ibipt_LOG.c ibipt_ULOG.c ibxt_NFLOG.c ibxt_helper.c
b4ef34f5be162ffcfe53f5f5fa93541691161580	29-Jan-2008	Max Kellermann <max@duempel.org>	use size_t Max Kellermann <max@duempel.org> ibxt_NFLOG.c
5b76f682f722bebc2f0616fca4600eee2c08dfe2	29-Jan-2008	Max Kellermann <max@duempel.org>	whitespace cleanup Max Kellermann <max@duempel.org> ibxt_quota.c
5ae6f2011dd435dc1ed905c0e5eab3fddcbb66b3	29-Jan-2008	Max Kellermann <max@duempel.org>	Fix REDIRECT manpage Max Kellermann <max@duempel.org> ibipt_REDIRECT.man
ca1da708b6d41dbc5df99335b4370bd1592b4de3	29-Jan-2008	Jan Engelhardt <jengelh@medozas.de>	[IPTABLES]: libxt_owner: UID/GID range support UID/GID range support for libxt_owner Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> ibxt_owner.c
a8ad34cf11540d147b8aded6826a1452841d2aa7	29-Jan-2008	Jan Engelhardt <jengelh@medozas.de>	[IPTABLES]: libxt_conntrack revision 1 Add support for xt_conntrack match revision 1. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> ibxt_conntrack.c ibxt_conntrack.man
ff068719055ae2327d94c79048381c09d3b744c4	29-Jan-2008	Jan Engelhardt <jengelh@medozas.de>	libxt_CONNMARK revision 1 Add support for xt_CONNMARK target revision 1. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> ibxt_CONNMARK.c ibxt_CONNMARK.man
a99cb4444ceff1b0029c7e25b0714dbee9021b12	29-Jan-2008	Jan Engelhardt <jengelh@medozas.de>	Build adjustments A few build system changes. * ip6tables needs IP6T_LIB_DIR * correctly trigger rebuild of master manpages when submanpages have been touched Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de. NUmakefile.in
fb6209a30fd576cd740eefe0a3ad88d65d2bb2b7	29-Jan-2008	Jan Engelhardt <jengelh@medozas.de>	Give preference to iptables header files Have the header files in the iptables source tree take precedence over those from the kernel source. Otherwise, building the current iptables from subversion just fails with kernels < 2.6.25. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> NUmakefile.in
aef4c1e7275633e4650d16440faaf4cb7163ac0e	20-Jan-2008	Sven Schnelle <svens@bitebene.org>	libxt_TCPOPTSTRIP Import libxt_TCPOPTSTRIP into iptables. Signed-off-by: Sven Schnelle <svens@bitebene.org> Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> ibxt_TCPOPTSTRIP.c ibxt_TCPOPTSTRIP.man
fc11b0b24ca2f808adcca3fd6b1aad581538171d	20-Jan-2008	Jan Engelhardt <jengelh@medozas.de>	libxt_iprange r1 Add support for xt_iprange revision 1 Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> ibxt_iprange.c
41daaa0cfbb1cb6b80a2ce2571f9f92f164f0228	20-Jan-2008	Jan Engelhardt <jengelh@medozas.de>	libxt_iprange r0 Move libipt_iprange to libxt_iprange. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> ibipt_iprange.c ibipt_iprange.man ibxt_iprange.c ibxt_iprange.man
d95d92f0a480008a89f4ffa69f0c67f55dbbe05f	20-Jan-2008	Jan Engelhardt <jengelh@medozas.de>	libxt_mark r1 Introduce libxt_mark match revision 1 support. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> ibxt_mark.c
da75a5a4ed43d3a822b9a75d6fbbfc2e06ccfbfa	20-Jan-2008	Jan Engelhardt <jengelh@medozas.de>	libxt_hashlimit checks Add checks for libxt_hashlimit so that options cannot be passed twice Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> ibxt_hashlimit.c
bd9438420d92c41a5cf20a53b7a18d3ddea4216d	20-Jan-2008	Jan Engelhardt <jengelh@medozas.de>	rename overlapping function names Rename overlapping function names. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> ibip6t_policy.c ibipt_DNAT.c ibipt_NETMAP.c ibipt_SAME.c ibipt_SNAT.c ibipt_iprange.c ibipt_policy.c ibxt_conntrack.c
08b1616e068166e016b3ee7110db10ae5d853422	20-Jan-2008	Jan Engelhardt <jengelh@medozas.de>	bunch o' renames Move a few functions from iptables.c/ip6tables.c to xtables.c so they are available for combined (both AF_INET and AF_INET6) libxt modules. Rename overlapping function names. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> ibipt_DNAT.c ibipt_NETMAP.c ibipt_SAME.c ibipt_SNAT.c ibipt_policy.c ibxt_conntrack.c
a80b6046fa216c26dbc18d587f6255afa8444885	20-Jan-2008	Jan Engelhardt <jengelh@medozas.de>	libxt_conntrack r0 Move libipt_conntrack to libxt_conntrack. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> ibipt_conntrack.c ibipt_conntrack.man ibxt_conntrack.c ibxt_conntrack.man
a7b0707bd83bac30a92871872dab79ec8cebebbb	20-Jan-2008	Jan Engelhardt <jengelh@medozas.de>	libxt_connmark r1 Add support for xt_connmark match revision 1. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> ibxt_connmark.c ibxt_connmark.man
f4b737fb0c52a95a48f2e313ed4cff43db720ad6	20-Jan-2008	Jan Engelhardt <jengelh@medozas.de>	libxt_MARK r2 Add support for xt_MARK target revision 2. Also consolidate libip6t_MARK.man and libipt_MARK.man. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> ibip6t_MARK.man ibipt_MARK.man ibxt_MARK.c ibxt_MARK.man
36f2eadca556da9bb4979b3f67f38020e80ef7d2	20-Jan-2008	Jan Engelhardt <jengelh@medozas.de>	libxt_TOS Move libipt_TOS revision 0 to libxt_TOS revision 0 and add support for xt_TOS target revision 1. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> ibipt_TOS.c ibipt_TOS.man ibxt_TOS.c ibxt_TOS.man
0720c1226381f5c71748673c43c12499f1f254c7	20-Jan-2008	Jan Engelhardt <jengelh@medozas.de>	libxt_tos Move libipt_tos revision 0 to libxt_tos revision 0 and add support for xt_tos match revision 1. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> ibipt_tos.c ibipt_tos.man ibxt_tos.c ibxt_tos.man os_values.c
5c5cd885daf43256f7bd24a3a698306764438145	20-Jan-2008	Jan Engelhardt <jengelh@medozas.de>	libxt_owner libxt_owner merges libipt_owner and libip6t_owner, and adds support for the xt_owner match revision 1. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> ibip6t_owner.c ibip6t_owner.man ibipt_owner.c ibipt_owner.man ibxt_owner.c ibxt_owner.man
f82070f9871d281c2802c1624dcf222886b5fb50	20-Jan-2008	Jan Engelhardt <jengelh@medozas.de>	Converts the iptables build infrastructure to autotools. - Can build both static and dynamic at the same time - iptables-static will be a multi-binary, semi-static (link against libc but w/o dynamic plugins) - Always build IPv6 modules - consider INSTALL Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> condition-test condition-test6 set-test NUmakefile.in akefile scp_helper.c ibipt_dscp_helper.c ibxt_DSCP.c ibxt_dscp.c
6afc5b720ed78173e4e21b759df16577fbce13d6	15-Jan-2008	Patrick McHardy <kaber@trash.net>	Add rateest match extension Signed-off-by: Patrick McHardy <kaber@trash.net> akefile ibxt_rateest.c
2528258ddf066a5147394dc65cae3bde8e80e3c0	15-Jan-2008	Patrick McHardy <kaber@trash.net>	Add RATEEST target extension Signed-off-by: Patrick McHardy <kaber@trash.net> akefile ibxt_RATEEST.c
2c3ce6ad598cb479640f6f14c7c5e25488923062	15-Jan-2008	Peter Warasin <peter@endian.com>	Fix CONNMARK mask initialisation This patch fixes the problem that the CONNMARK mask value has been set to 0 whenever the CONNMARK target options were not the last options to be processed. It initalizes the mask value rather than setting it for each parse. Signed-off-by: Peter Warasin <peter@endian.com> ibxt_CONNMARK.c
19b61ddebbd67bc91d2c395dea29bad7db21f316	29-Nov-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Unifies libip[6]t_SECMARK.man to libxt_SECMARK.man ibip6t_SECMARK.man ibipt_SECMARK.man ibxt_SECMARK.man
c256896b239eaf0581f5c9b5ad5e398b0918b6e4	29-Nov-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Unifies libip[6]t_CONNSECMARK.man to libxt_CONNSECMARK.man ibip6t_CONNSECMARK.man ibipt_CONNSECMARK.man ibxt_CONNSECMARK.man
fbce50a6f5dddec592888a1ae95770e39aee76cd	29-Nov-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Fixes missing '6' and 'X' in definitions of selinux related extension lists. akefile
d6a7eeb69d7b5e88f31bd73d16250a0d32108f28	29-Nov-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Remove libip6t_state.c. libxt_state.c supports IPv6. ibip6t_state.c
58c8939cad29e99397495d3398bfa7d373308fdb	29-Nov-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Unifies libip[6]t_udp.man to libxt_udp.man ibip6t_udp.man ibipt_udp.man ibxt_udp.man
64d1335ef9346ec224633504245057067ec6d4ae	29-Nov-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Removes libip6t_u32.man libxt_u32.man already exists. ibip6t_u32.man
47c0e698188cbe769bd6da5cda5d2318f4b6a782	29-Nov-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Unifies libip[6]t_physdev.man to libxt_physdev.man ibip6t_physdev.man ibipt_physdev.man ibxt_physdev.man
6c819f059e2bc585554c6d4f46e108f67df657b8	29-Nov-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Unifies libip[6]t_mark.man to libxt_mark.man ibip6t_mark.man ibipt_mark.man ibxt_mark.man
fb6ef49a4d3cac528b78332977c903397e6137d2	29-Nov-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Unifies libip[6]t_mac.man to libxt_mac.man ibip6t_mac.man ibipt_mac.man ibxt_mac.man
f0f8129bba8311d2feefb6fd685ad4b7e3c1e8ab	29-Nov-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Unifies libip[6]t_limit.man to libxt_limit.man ibip6t_limit.man ibipt_limit.man ibxt_limit.man
0c0cf4713ea992399ae8fee50e33f458fd77b020	29-Nov-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Unifies libip[6]t_esp.man to libxt_esp.man ibip6t_esp.man ibipt_esp.man ibxt_esp.man
bbdd169bbf03976c71c9156c57a436ce4b7aef46	29-Nov-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Unifies libip[6]t_NFQUEUE.man to libxt_NFQUEUE.man ibip6t_NFQUEUE.man ibipt_NFQUEUE.man ibxt_NFQUEUE.man
3943ebf3493dac6fb135c9ed4a45750d8cdcdb82	29-Nov-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Move libipt_tcpmss.man to libxt_tcpmss.man for ip6tables.8 ibipt_tcpmss.man ibxt_tcpmss.man
ec642db62a28be7e13a6ab5b3f800376bb7a8dff	29-Nov-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Move libipt_string.man to libxt_string.man for ip6tables.8 ibipt_string.man ibxt_string.man
c03962bebfcf5ee9a9097aa564d16836903b57ea	29-Nov-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Move libipt_state.man to libxt_state.man for ip6tables.8 ibipt_state.man ibxt_state.man
fe7e95ee772b7e74f5ac8219bf5d3473349a80e5	29-Nov-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Move libipt_sctp.man to libxt_sctp.man for ip6tables.8 ibipt_sctp.man ibxt_sctp.man
a2c18dd82af45cbd1d7a352d81e1512671701411	29-Nov-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Move libipt_quota.man to libxt_quota.man for ip6tables.8 ibipt_quota.man ibxt_quota.man
5b5fbca369830bebf56fc2c9a79de8a8f667817e	29-Nov-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Move libipt_pkttype.man to libxt_pkttype.man for ip6tables.8 ibipt_pkttype.man ibxt_pkttype.man
946397340806ca9f0bab7e0371668058e7a98de4	29-Nov-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Move libipt_helper.man to libxt_helper.man for ip6tables.8 ibipt_helper.man ibxt_helper.man
549510a00c5983eb200ab74fe7fc884d28301423	29-Nov-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Move libipt_hashlimit.man to libxt_hashlimit.man for ip6tables.8 ibipt_hashlimit.man ibxt_hashlimit.man
762476173aa1caeb0c40286a5e89f8d3bbf3eaa8	29-Nov-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Move libipt_dscp.man to libxt_dscp.man for ip6tables.8 ibipt_dscp.man ibxt_dscp.man
a399d80ed746d24745a066b40e6ea624b8a606ad	29-Nov-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Move libipt_dccp.man to libxt_dccp.man for ip6tables.8 ibipt_dccp.man ibxt_dccp.man
b992748c8ae97326f48f108729d4d75d529576b1	29-Nov-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Move libipt_connmark.man to libxt_connmark.man for ip6tables.8 ibipt_connmark.man ibxt_connmark.man
26d3f05cc8a12f6a1377f6248155e196e661d63a	29-Nov-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Move libipt_connbytes.man to libxt_connbytes.man for ip6tables.8 ibipt_connbytes.man ibxt_connbytes.man
65b2d1c5fa2981230a56a9166544d5fe0d4e2998	29-Nov-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Move libipt_comment.man to libxt_comment.man for ip6tables.8 ibipt_comment.man ibxt_comment.man
21e367e935fd7eb5850999bf0e12907d7e599e6f	29-Nov-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Move libipt_NOTRACK.man to libxt_NOTRACK.man for ip6tables.8 ibipt_NOTRACK.man ibxt_NOTRACK.man
0dbf1be314062c33df4d675451badbf0dd2dcd57	29-Nov-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Move libipt_DSCP.man to libxt_DSCP.man for ip6tables.8 ibipt_DSCP.man ibxt_DSCP.man
dea46b39b7b8d7b763b0e13c724161bc48af0a8e	29-Nov-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Moves libipt_CONNMARK.man to libxt_CONNMARK.man for ip6tables.8 ibipt_CONNMARK.man ibxt_CONNMARK.man
a87716abc2bdd47009670c57bdf86d254a8f6c81	29-Nov-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Moves libipt_CLASSYFY.man to libxt_CLASSYFY.man for ip6tables.8 ibipt_CLASSIFY.man ibxt_CLASSIFY.man
e33bf8eb6467d8d3acf16efa65b09844aea59824	28-Nov-2007	Patrick McHardy <kaber@trash.net>	Fix connlimit output for inverted --connlimit-above: ! > is <=, not < ibxt_connlimit.c
e29da4e9610ab376593e50a44efba874a533dfe0	26-Nov-2007	Patrick McHardy <kaber@trash.net>	Add NFLOG manpage ibxt_NFLOG.man
725ebb1ca4e93ad11b38ee37338f92600454344a	25-Nov-2007	Jan Engelhardt <jengelh@medozas.de>	iptables: move manpage Rename libipt_{time,u32}.man to libxt_{time,u32}.man to go in line with the C files. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> ibipt_time.man ibipt_u32.man ibxt_time.man ibxt_u32.man
40eaf2a1fe01c37141bc457537971538fefd47af	25-Nov-2007	Jan Engelhardt <jengelh@medozas.de>	iptables: fix check_inverse() call Fix a typo in call to check_inverse(). Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> ibipt_conntrack.c
75b4b2081522ab2f680ca0edf2242bc6f28a0ef7	15-Nov-2007	Tom Eastep <teastep@shorewall.net>	PATCH - Fix for --random option in DNAT and REDIRECT The --random option produces "Unknown arg `--random'" errors with both the DNAT and REDIRECT targets. Corrected by the attached patch. Tom Eastep <teastep@shorewall.net> ibipt_DNAT.c ibipt_REDIRECT.c
8f4c67fe008261ff6075e162e5e5eb2860cd7dab	12-Nov-2007	Stefano Sabatini <stefano.sabatini-lala@poste.it>	Document xt_statistic (Stefano Sabatini <stefano.sabatini-lala@poste.it>) ibxt_statistic.man
3ca9cc6040b72121931bd788c7d45437d5326daf	31-Oct-2007	László Attila Tóth <panther@balabit.hu>	Introducing libxt_*.man files. Sorted matches and modules The iptables.8 and ip6tables.8 man pages are now generated from libxt_*.man files too. For xtables modules one man page is enough with libxt_ prefix. The match and target lists are sorted alphabetically. The make command doesn't print anything when creates man pages. Signed-off-by: Laszlo Attila Toth <panther@balabit.hu> akefile
032722b2d24138ee92e459c779ae4869f33b1f37	20-Oct-2007	Jan Engelhardt <jengelh@medozas.de>	Transfer all my copyright over to our company. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> ibxt_time.c ibxt_u32.c
fceebd8a493a16a767cf1c8e890830c129218c8f	18-Oct-2007	Patrick McHardy <kaber@trash.net>	Fix the compile warning fix According to Jan: While the fields of struct xt_time are uints, the defined time_t span is by definition 0..231-1, i.e. it should be INT_MAX, not UINT_MAX. ibxt_time.c
ff64ae696f64811d513b7969713d8002e37c0c3b	18-Oct-2007	Patrick McHardy <kaber@trash.net>	Fix compiler warning on 64 bit: date_stop is an u_int32_t, so use UINT_MAX instead of LONG_MAX ibxt_time.c
1f25b402553db8dd4448ee502d7ebcf47c9151c9	18-Oct-2007	Li Zefan <lizf@cn.fujitsu.com>	extension/sctp: fix - mistake to pass a pointer where array is required Macros like SCTP_CHUNKMAP_XXX(chukmap) require chukmap to be an array, but print_chunks() passes a pointer to these macros. Li Zefan <lizf@cn.fujitsu.com> ibxt_sctp.c
9e6fcb226fb767784d5f530f67bd30144aa98459	08-Oct-2007	Sebastian Claßen <sebastian.classen@freenet.ag>	make print-extensions doesn't show libxt_* extensions In extensions/Makefile the variable PFX_EXT_SLIB_OPTS is not appended to OPTIONALS, therefor 'make print-extensions' doesn't show any optional libxt_* extension. Sebastian Claßen <sebastian.classen@freenet.ag> akefile
72118884b63f36ec0f42ce5a7e5e9569033291ab	08-Oct-2007	László Attila Tóth <panther@balabit.hu>	Unique symbols and no '&' characters Removing '&' from .._match and ..._target variables. Give all symbols unique names. Signed-off-by: Laszlo Attila Toth ibxt_CLASSIFY.c ibxt_state.c
e2f588ab7481760f069cd30d3146569f074721aa	04-Oct-2007	Jan Engelhardt <jengelh@medozas.de>	Remove redundant dst/hbh lines Remove hbh stuff from libip6t_dst, remove dst stuff from libip6t_hbh. Signed-off-by: Jan Engelhardt <jengelh@gmx.de> ibip6t_dst.c ibip6t_hbh.c
4d150eb5934fd4343b5fac2419c994e2bf97a96c	04-Oct-2007	Jan Engelhardt <jengelh@medozas.de>	Unique symbols 6/6 Give symbols of libxt targets unique names (3/3). Adds unique prefixes to all functions (most of them - especially the hook functions) so that debugging programs can unambiguously map a symbol to an address. Also unifies the names of the xtables_match/xtables_target structs, (based upon libxt_connmark.c/libip6t_*.c). Signed-off-by: Jan Engelhardt <jengelh@gmx.de> ibip6t_HL.c ibip6t_LOG.c ibip6t_REJECT.c
997045f536026c0d643bf884da5ff5de2605197f	04-Oct-2007	Jan Engelhardt <jengelh@medozas.de>	Unique names 5/6 Give symbols of libxt matches unique names (3/3). Adds unique prefixes to all functions (most of them - especially the hook functions) so that debugging programs can unambiguously map a symbol to an address. Also unifies the names of the xtables_match/xtables_target structs, (based upon libxt_connmark.c/libip6t_*.c). Signed-off-by: Jan Engelhardt <jengelh@gmx.de> ibip6t_ah.c ibip6t_condition.c ibip6t_dst.c ibip6t_eui64.c ibip6t_frag.c ibip6t_hbh.c ibip6t_hl.c ibip6t_icmp6.c ibip6t_ipv6header.c ibip6t_mh.c ibip6t_owner.c ibip6t_policy.c ibip6t_rt.c ibip6t_state.c
1d5b63d12984d12c8d87242179855e17657be16d	04-Oct-2007	Jan Engelhardt <jengelh@medozas.de>	Unique names 4/6 Give symbols of libxt targets unique names (2/3). Adds unique prefixes to all functions (most of them - especially the hook functions) so that debugging programs can unambiguously map a symbol to an address. Also unifies the names of the xtables_match/xtables_target structs, (based upon libxt_connmark.c/libip6t_*.c). Signed-off-by: Jan Engelhardt <jengelh@gmx.de> ibipt_CLUSTERIP.c ibipt_DNAT.c ibipt_ECN.c ibipt_LOG.c ibipt_MASQUERADE.c ibipt_MIRROR.c ibipt_NETMAP.c ibipt_REDIRECT.c ibipt_REJECT.c ibipt_SAME.c ibipt_SET.c ibipt_SNAT.c ibipt_TOS.c ibipt_TTL.c ibipt_ULOG.c
59d164019340d110d302634e429320577f0db7be	04-Oct-2007	Jan Engelhardt <jengelh@medozas.de>	Unique names 3/6 Give symbols of libxt matches unique names (2/3). Adds unique prefixes to all functions (most of them - especially the hook functions) so that debugging programs can unambiguously map a symbol to an address. Also unifies the names of the xtables_match/xtables_target structs, (based upon libxt_connmark.c/libip6t_*.c). Signed-off-by: Jan Engelhardt <jengelh@gmx.de> ibipt_addrtype.c ibipt_ah.c ibipt_condition.c ibipt_conntrack.c ibipt_ecn.c ibipt_icmp.c ibipt_iprange.c ibipt_owner.c ibipt_policy.c ibipt_realm.c ibipt_recent.c ibipt_set.c ibipt_tos.c ibipt_ttl.c ibipt_unclean.c
932e648f38ac16b1ea14c1f66f23951388448c5a	04-Oct-2007	Jan Engelhardt <jengelh@medozas.de>	Unique names 2/6 Give symbols of libxt targets unique names (1/3). Adds unique prefixes to all functions (most of them - especially the hook functions) so that debugging programs can unambiguously map a symbol to an address. Also unifies the names of the xtables_match/xtables_target structs, (based upon libxt_connmark.c/libip6t_*.c). Signed-off-by: Jan Engelhardt <jengelh@gmx.de> ibxt_CONNMARK.c ibxt_CONNSECMARK.c ibxt_DSCP.c ibxt_MARK.c ibxt_NFLOG.c ibxt_NFQUEUE.c ibxt_NOTRACK.c ibxt_SECMARK.c ibxt_TCPMSS.c ibxt_TRACE.c
181dead3f13befe02769ef479bcbb51801b7fc4e	04-Oct-2007	Jan Engelhardt <jengelh@medozas.de>	Unique symbols 1/6 Give symbols of libxt matches unique names (1/3). Adds unique prefixes to all functions (most of them - especially the hook functions) so that debugging programs can unambiguously map a symbol to an address. Also unifies the names of the xtables_match/xtables_target structs, (based upon libxt_connmark.c/libip6t_*.c). Signed-off-by: Jan Engelhardt <jengelh@gmx.de> ibxt_comment.c ibxt_connbytes.c ibxt_connlimit.c ibxt_connmark.c ibxt_dccp.c ibxt_dscp.c ibxt_esp.c ibxt_hashlimit.c ibxt_helper.c ibxt_length.c ibxt_limit.c ibxt_mac.c ibxt_mark.c ibxt_multiport.c ibxt_physdev.c ibxt_pkttype.c ibxt_quota.c ibxt_sctp.c ibxt_standard.c ibxt_statistic.c ibxt_string.c ibxt_tcp.c ibxt_tcpmss.c ibxt_time.c ibxt_u32.c ibxt_udp.c
926bde877f8182e7db4d057969dc8293e81fd6cf	04-Oct-2007	Jan Engelhardt <jengelh@medozas.de>	No ipt in xt Cease using ipt_entry_match (replaced by xt_entry_match). Signed-off-by: Jan Engelhardt <jengelh@gmx.de> ibxt_connlimit.c
0e2abed11985e16215559cefd90625f99317b96c	04-Oct-2007	Jan Engelhardt <jengelh@medozas.de>	Constify data structures Constify more data structures. Make functions static. Signed-off-by: Jan Engelhardt <jengelh@gmx.de> ibip6t_LOG.c ibip6t_REJECT.c ibip6t_policy.c ibipt_LOG.c ibipt_policy.c ibipt_realm.c ibxt_CLASSIFY.c ibxt_dccp.c ibxt_hashlimit.c ibxt_limit.c ibxt_sctp.c ibxt_tcp.c
278654a9aa89311eb624dc5b79b5b37d99248129	04-Oct-2007	Jan Engelhardt <jengelh@medozas.de>	Delete empty ->print() and ->save() functions Deletes empty ->print() and ->save() functions. ip[6]tables prints the trivial thing automatically. Signed-off-by: Jan Engelhardt <jengelh@gmx.de> ibip6t_eui64.c ibipt_unclean.c ibxt_TRACE.c ibxt_standard.c
830132ac9c0d270bf9dcfe85c2464e3fe8c73fb9	04-Oct-2007	Jan Engelhardt <jengelh@medozas.de>	Delete empty ->final_check() functions Deletes empty ->final_check() functions, and makes ip[6]tables checks for NULL on these. Signed-off-by: Jan Engelhardt <jengelh@gmx.de> ibip6t_LOG.c ibip6t_REJECT.c ibip6t_ah.c ibip6t_dst.c ibip6t_eui64.c ibip6t_frag.c ibip6t_hbh.c ibip6t_mh.c ibip6t_rt.c ibipt_LOG.c ibipt_MASQUERADE.c ibipt_MIRROR.c ibipt_REDIRECT.c ibipt_REJECT.c ibipt_ULOG.c ibipt_ah.c ibipt_icmp.c ibipt_unclean.c ibxt_NFLOG.c ibxt_NFQUEUE.c ibxt_NOTRACK.c ibxt_TRACE.c ibxt_dccp.c ibxt_esp.c ibxt_limit.c ibxt_quota.c ibxt_sctp.c ibxt_standard.c ibxt_tcp.c ibxt_time.c ibxt_u32.c ibxt_udp.c
0463ee1f28946cc49815737daa0ced0c68f39f0b	04-Oct-2007	Jan Engelhardt <jengelh@medozas.de>	Delete empty ->init() functions Deletes empty ->init() functions. ip[6]tables already checks for .init being NULL or not. Signed-off-by: Jan Engelhardt <jengelh@gmx.de> ibip6t_HL.c ibip6t_policy.c ibipt_CLUSTERIP.c ibipt_ECN.c ibipt_MIRROR.c ibipt_TOS.c ibipt_TTL.c ibipt_policy.c ibxt_CLASSIFY.c ibxt_CONNMARK.c ibxt_DSCP.c ibxt_MARK.c ibxt_NFQUEUE.c ibxt_NOTRACK.c ibxt_SECMARK.c ibxt_TCPMSS.c ibxt_TRACE.c ibxt_multiport.c ibxt_physdev.c ibxt_standard.c
d3daa435a4790111ac6d6d0b0da2721081160341	04-Oct-2007	Jan Engelhardt <jengelh@medozas.de>	Remove stray NULLs Mixing member accessors (non-named vs named) is not good. Remove stray NULL. Signed-off-by: Jan Engelhardt <jengelh@gmx.de> ibip6t_HL.c ibipt_MASQUERADE.c ibipt_realm.c
14d5ebef1e932451b634d8370079b4c93407aea1	04-Oct-2007	László Attila Tóth <panther@balabit.hu>	Addrtype match: renaming functions The function names in libipt_addrtype.c makes debugging hard, also I renamed them prefixed by 'addrtype_'. Laszlo attila toth <panther@balabit.hu> ibipt_addrtype.c
92dc7096c8076f2228c1c6cadb81f7892384033b	28-Sep-2007	Hann-Huei Chiou <koala@ascenvision.com>	Couldn't load/find match `u32' iptables (up to 0927 snapshot) keeps complaining of "Couldn't load (or find, if NO_SHARED_LIBS=1) match `u32'. After comparing with other libxt_*.c, I found that there's no member ".family" in the "u32_reg" structure, while ".family = AF_INET6" exists in "u32_reg6" Hann-Huei Chiou <koala@ascenvision.com> ibxt_u32.c
ad326ef9f734ac30548de292c59fc0e2fd81ac2a	23-Sep-2007	Jan Engelhardt <jengelh@medozas.de>	Add the libxt_time iptables match This is libipt_time from POM-ng enhanced by the following: * day-of-month support (for example "match on the 15th of each month") * inversion support for --weekdays and --monthdays * match against UTC or local timezone * a manpage Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> akefile ibipt_time.man ibxt_time.c
55951a0532e35cf73bd83b01014387616eb31431	19-Sep-2007	Jan Engelhardt <jengelh@medozas.de>	Fix u32 warnings warning: format '%ld' expects type 'long int', but argument 3 has type 'int'. With %u alone, you would get "but arg-start is long" warnings on x64. With %lu, you would get "but arg-start is int" on x86. Fix it up by explicitly deciding for one (%u and cast to unsigned int) and using that. Jan Engelhardt <jengelh@computergmbh.de> ibxt_u32.c
9640e529bd08c4c0458246fae0fd6b473c94ab46	10-Sep-2007	Jan Engelhardt <jengelh@medozas.de>	Adds u32 to iptables. Signed-off-by: Jan Engelhardt <jengelh@gmx.de> akefile ibip6t_u32.man ibipt_u32.man ibxt_u32.c
500f483fff529dcd88ec96b9d5054be6cd6363a0	08-Sep-2007	Patrick McHardy <kaber@trash.net>	Fix sparse warnings: non-ANSI function declarations, 0 used as pointer ibip6t_HL.c ibip6t_LOG.c ibip6t_REJECT.c ibip6t_ah.c ibip6t_dst.c ibip6t_frag.c ibip6t_hbh.c ibip6t_hl.c ibip6t_icmp6.c ibip6t_ipv6header.c ibip6t_mh.c ibip6t_owner.c ibip6t_rt.c ibipt_CLUSTERIP.c ibipt_DNAT.c ibipt_ECN.c ibipt_LOG.c ibipt_MASQUERADE.c ibipt_NETMAP.c ibipt_REDIRECT.c ibipt_REJECT.c ibipt_SAME.c ibipt_SNAT.c ibipt_TOS.c ibipt_TTL.c ibipt_ULOG.c ibipt_addrtype.c ibipt_ah.c ibipt_conntrack.c ibipt_ecn.c ibipt_icmp.c ibipt_iprange.c ibipt_owner.c ibipt_realm.c ibipt_recent.c ibipt_tos.c ibipt_ttl.c ibxt_CLASSIFY.c ibxt_CONNMARK.c ibxt_DSCP.c ibxt_MARK.c ibxt_NFLOG.c ibxt_NFQUEUE.c ibxt_TCPMSS.c ibxt_comment.c ibxt_connbytes.c ibxt_connmark.c ibxt_dccp.c ibxt_dscp.c ibxt_esp.c ibxt_hashlimit.c ibxt_helper.c ibxt_length.c ibxt_limit.c ibxt_mac.c ibxt_mark.c ibxt_multiport.c ibxt_physdev.c ibxt_pkttype.c ibxt_quota.c ibxt_sctp.c ibxt_state.c ibxt_statistic.c ibxt_string.c ibxt_tcp.c ibxt_tcpmss.c ibxt_udp.c
4a058c1729f22ac6224d7175dc5b310842c0e392	06-Sep-2007	László Attila Tóth <panther@balabit.hu>	Makefile for man pages of xtables extensions (Laszlo Attila Toth <panther@balabit.hu>) * no extra target/match by default :) * man page of fix modules (PF_EXT_SLIB etc.) plus optional (...SLIB_OPTS) modules generated, but not all. * because of the previous one I had to rename PF_EXT_SE_SLIB to PF_EXT_SELINUX_SLIB etc. as a non-optional variable, original PF_EXT_SE_SLIB gets the value of PF_EXT_SELINUX_SLIB if DO_SELINUX is set to 1. akefile
07143e402a60f46f17ef34c210781f100eb7abde	06-Sep-2007	Patrick McHardy <kaber@trash.net>	Remove unsupported connrate extension ibipt_connrate.c ibipt_connrate.man
6c4ab9cfa2f42d4efe22bcaee2614ccde941ddac	05-Sep-2007	László Attila Tóth <panther@balabit.hu>	Build manpages for xtables extensions (Laszlo Attila Toth <panther@balabit.hu>) akefile
c329d6a7085e3123f3d5ca98a8e0ab37edca2dcc	05-Sep-2007	Patrick McHardy <kaber@trash.net>	Fix aligned_u64 type on 64 bit: its an unsigned long, not an unsigned long long. Fixes compiler warning in quota match. ibxt_connbytes.c
31317ed1f9103434adda716abbe65e9fc7bdd418	05-Sep-2007	Patrick McHardy <kaber@trash.net>	Build IPv6 hbh/dst matches unconditionally opts-test6 akefile
248a109b3bf6c9a0b3724f3123ad64a624d30631	05-Sep-2007	Patrick McHardy <kaber@trash.net>	Build IPv6 rt match unconditionally rt-test6 akefile
1d1ad90494bf909871c233e76036b18841949c9e	05-Sep-2007	Patrick McHardy <kaber@trash.net>	Build ipv6header match unconditionally ipv6header-test6 akefile
389f785b060c181ce77d44840274b5c68e39b23f	05-Sep-2007	Patrick McHardy <kaber@trash.net>	Build IPv6 mh match unconditionally mh-test6 akefile
eda0390fe200f2d9f37d2a19b50e7ca531367ada	05-Sep-2007	Patrick McHardy <kaber@trash.net>	Resync header files and build IPv6 frag match unconditionally frag-test6 akefile
7a87b74d4d41a356df3a81d0e8415c4f7a76097b	05-Sep-2007	Patrick McHardy <kaber@trash.net>	Resync header file and build IPv6 ah match unconditionally ah-test6 akefile
b4a6920d4bb9fa634279c93b9d2cc543603ea772	05-Sep-2007	Patrick McHardy <kaber@trash.net>	Build IPv6 REJECT target unconditionally REJECT-test6 akefile
9fc3b5e9aaecaa4f3ebaf4bb55ddde2620e7f13e	05-Sep-2007	Patrick McHardy <kaber@trash.net>	Resync header file and build CLUSTERIP target unconditionally CLUSTERIP-test akefile
3df9b22a5b0fde0e0a00259078f419a4ad3a92cd	05-Sep-2007	Patrick McHardy <kaber@trash.net>	Build recent match unconditionally recent-test akefile
9e9022562d76644a2c9d1024b597729af68c81e5	05-Sep-2007	Patrick McHardy <kaber@trash.net>	Build dccp match unconditionally dccp-testx akefile
b8a0a100a68098c0329735b5724d9c0b425e72eb	05-Sep-2007	Patrick McHardy <kaber@trash.net>	Build string match unconditionally string-testx akefile
800b7e54e81f86d290a66330cecb1fe5a3a9a31a	05-Sep-2007	Patrick McHardy <kaber@trash.net>	Build statistic match unconditionally statistic-testx akefile
42a28540500062823c4562c7acc076a5c00a579b	05-Sep-2007	Patrick McHardy <kaber@trash.net>	Build connbytes match unconditionally connbytes-testx akefile
cddfd941e7a24dbc01a7dc79e4ce51f60f7128fc	05-Sep-2007	Patrick McHardy <kaber@trash.net>	Build quota match unconditionally quota-testx akefile
002d129b694633d47c76913b360329baa0d8e923	05-Sep-2007	Patrick McHardy <kaber@trash.net>	Build NFLOG target unconditionally NFLOG-testx akefile
ea146a982e26c42f9954f140276f8deeb2edbe98	02-Sep-2007	Peter Riley <Peter.Riley@hotpop.com>	Remove last vestiges of NFC (Peter Riley <Peter.Riley@hotpop.com>) ibip6t_HL.c ibip6t_LOG.c ibip6t_REJECT.c ibip6t_ah.c ibip6t_condition.c ibip6t_dst.c ibip6t_eui64.c ibip6t_frag.c ibip6t_hbh.c ibip6t_hl.c ibip6t_icmp6.c ibip6t_ipv6header.c ibip6t_mh.c ibip6t_owner.c ibip6t_policy.c ibip6t_rt.c ibip6t_state.c ibipt_CLUSTERIP.c ibipt_ECN.c ibipt_LOG.c ibipt_MASQUERADE.c ibipt_MIRROR.c ibipt_NETMAP.c ibipt_REDIRECT.c ibipt_REJECT.c ibipt_SAME.c ibipt_SET.c ibipt_TOS.c ibipt_TTL.c ibipt_ULOG.c ibipt_addrtype.c ibipt_ah.c ibipt_condition.c ibipt_connrate.c ibipt_conntrack.c ibipt_ecn.c ibipt_icmp.c ibipt_iprange.c ibipt_owner.c ibipt_policy.c ibipt_realm.c ibipt_recent.c ibipt_set.c ibipt_tos.c ibipt_ttl.c ibipt_unclean.c ibxt_CLASSIFY.c ibxt_CONNMARK.c ibxt_DSCP.c ibxt_MARK.c ibxt_NFLOG.c ibxt_NFQUEUE.c ibxt_NOTRACK.c ibxt_SECMARK.c ibxt_TCPMSS.c ibxt_TRACE.c ibxt_comment.c ibxt_connbytes.c ibxt_connlimit.c ibxt_connmark.c ibxt_dccp.c ibxt_dscp.c ibxt_esp.c ibxt_hashlimit.c ibxt_helper.c ibxt_length.c ibxt_limit.c ibxt_mac.c ibxt_mark.c ibxt_multiport.c ibxt_physdev.c ibxt_pkttype.c ibxt_quota.c ibxt_sctp.c ibxt_standard.c ibxt_state.c ibxt_statistic.c ibxt_string.c ibxt_tcp.c ibxt_tcpmss.c ibxt_udp.c
dcfd0a487fc622c76feedeeae2c2bd985cd7e19f	29-Aug-2007	zhangxiliang <zhangxiliang@cn.fujitsu.com>	Fix dscp match manpage (zhangxiliang <zhangxiliang@cn.fujitsu.com>) The description for the value in option "-m dscp -dscp" should be modified to 0~63. The option can match 6 bit DSCP field within the TOS field in the IP header. So the range for the option should be 0~(26-1) that is 0~63. ibipt_dscp.man
dfd78a8066857c56284a263623a4ffabd1021ce6	04-Aug-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Add IPv6 support to statistic match statistic-test statistic-testx ibipt_statistic.c ibxt_statistic.c
f8137b1b4cc18d4ff528ac40b83345260bb644ae	04-Aug-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Add IPv6 support to helper match akefile ibipt_helper.c ibxt_helper.c
6aac50010e50aa42b42089110c8cf4d80b224f14	04-Aug-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Add IPv6 support to connbytes match connbytes-test connbytes-testx ibipt_connbytes.c ibxt_connbytes.c
a7bf6d0decd93ade089a98a8de76a529cd96427e	04-Aug-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Add IPv6 support to DSCP target akefile ibipt_DSCP.c ibxt_DSCP.c
e4cc20b2367362c2f9c84c0daaccd985e3236118	04-Aug-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Add IPv6 support to CLASSIFY target akefile ibipt_CLASSIFY.c ibxt_CLASSIFY.c
1a31b4251a71e5cd3845860405ecbe156c5f13c7	04-Aug-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Unifies libip[6]t_TRACE into libxt_TRACE akefile ibip6t_TRACE.c ibipt_TRACE.c ibxt_TRACE.c
a16e11418405980334734e9edda6b705aea31f8e	04-Aug-2007	Yasuyuki KOZAKAIYasuyuki KOZAKAI <yasuyuki@netfilter.orgyasuyuki@netfilter.org>	Unifies libip[6]t_NFLOG into libxt_NFLOG NFLOG-test NFLOG-test6 NFLOG-testx ibip6t_NFLOG.c ibipt_NFLOG.c ibxt_NFLOG.c
9bbf867821db55bd6e109934b9aa871322405767	04-Aug-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Revert commit 6990. That log is not correct and .NF_LOG-testx has incorrect mode. NFLOG-test NFLOG-test6 NFLOG-testx ibip6t_NFLOG.c ibipt_NFLOG.c ibxt_NFLOG.c
8338c88a83ac3828459b36332d340cbaa8e0607f	04-Aug-2007	Yasuyuki KOZAKAIYasuyuki KOZAKAI <yasuyuki@netfilter.orgyasuyuki@netfilter.org>	Unifies libip[6]t_state into libxt_state NFLOG-test NFLOG-test6 NFLOG-testx ibip6t_NFLOG.c ibipt_NFLOG.c ibxt_NFLOG.c
1ff0b8d6a6669e6bbbacbfd719bd7e016a4c0406	04-Aug-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Unifies libip[6]t_state into libxt_state akefile ibipt_state.c ibxt_state.c
c57c155312a544482a6b8a3c0f7224b00cfaae20	04-Aug-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Unifies libip[6]t_connmark into libxt_connmark akefile ibip6t_connmark.c ibipt_connmark.c ibxt_connmark.c
d62a9db1295608ef98394b830703389973346716	04-Aug-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Unifies libip[6]t_hashlimit into libxt_hashlimit hashlimit-test6 akefile ibip6t_hashlimit.c ibipt_hashlimit.c ibxt_hashlimit.c
6e22228b00cc485282db16b9637315a60b6dbd10	04-Aug-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Unifies libip[6]t_MARK into libxt_MARK akefile ibip6t_MARK.c ibipt_MARK.c ibxt_MARK.c
5679958c748087a3e21fbfa26d2ea08a6572ee4f	04-Aug-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Unifies libip[6]t_CONNSECMARK into libxt_CONNSECMARK akefile ibip6t_CONNSECMARK.c ibipt_CONNSECMARK.c ibxt_CONNSECMARK.c
f36f4a8844132cbaacf3bbd5ec0254c17fcc97ae	04-Aug-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Add IPv6 support to CONNMARK match akefile ibip6t_CONNMARK.c ibipt_CONNMARK.c ibxt_CONNMARK.c
170af8c566faa9605c1ead558792a031f1d0d48d	04-Aug-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Tries to load libxt_*.so at first. If failed, it tries libip[6]t_*.so. akefile
6053fe00dda962fbabe158291a88b1a92aadc215	31-Jul-2007	Jan Engelhardt <jengelh@medozas.de>	Moves libip{,6}t_connlimit to libxt. Also fixes an option parsing bug (connlimit_parse() may receive a 'c' that is not from the connlimit options table). Signed-off-by: Jan Engelhardt <jengelh@gmx.de> akefile ibip6t_connlimit.c ibipt_connlimit.c ibxt_connlimit.c
661f112072bc13a1625c4eb5983695e122ea97da	30-Jul-2007	Jan Engelhardt <jengelh@medozas.de>	Make the option structures const. Signed-off-by: Jan Engelhardt <jengelh@gmx.de> ibip6t_CONNMARK.c ibip6t_CONNSECMARK.c ibip6t_HL.c ibip6t_LOG.c ibip6t_MARK.c ibip6t_NFLOG.c ibip6t_REJECT.c ibip6t_ah.c ibip6t_condition.c ibip6t_connmark.c ibip6t_dst.c ibip6t_frag.c ibip6t_hashlimit.c ibip6t_hbh.c ibip6t_hl.c ibip6t_icmp6.c ibip6t_ipv6header.c ibip6t_mh.c ibip6t_owner.c ibip6t_policy.c ibip6t_rt.c ibip6t_state.c ibipt_CLASSIFY.c ibipt_CLUSTERIP.c ibipt_CONNMARK.c ibipt_CONNSECMARK.c ibipt_DNAT.c ibipt_DSCP.c ibipt_ECN.c ibipt_LOG.c ibipt_MARK.c ibipt_MASQUERADE.c ibipt_NETMAP.c ibipt_NFLOG.c ibipt_REDIRECT.c ibipt_REJECT.c ibipt_SAME.c ibipt_SET.c ibipt_SNAT.c ibipt_TOS.c ibipt_TTL.c ibipt_ULOG.c ibipt_addrtype.c ibipt_ah.c ibipt_condition.c ibipt_connbytes.c ibipt_connmark.c ibipt_connrate.c ibipt_conntrack.c ibipt_dscp_helper.c ibipt_ecn.c ibipt_hashlimit.c ibipt_helper.c ibipt_icmp.c ibipt_iprange.c ibipt_owner.c ibipt_policy.c ibipt_realm.c ibipt_recent.c ibipt_set.c ibipt_state.c ibipt_statistic.c ibipt_tos.c ibipt_ttl.c ibxt_NFQUEUE.c ibxt_SECMARK.c ibxt_TCPMSS.c ibxt_comment.c ibxt_dccp.c ibxt_dscp.c ibxt_esp.c ibxt_length.c ibxt_limit.c ibxt_mac.c ibxt_mark.c ibxt_multiport.c ibxt_physdev.c ibxt_pkttype.c ibxt_quota.c ibxt_sctp.c ibxt_string.c ibxt_tcp.c ibxt_tcpmss.c ibxt_udp.c
d01454062d0265f118c1b721740997cb93ef8cdb	30-Jul-2007	Jan Engelhardt <jengelh@medozas.de>	Makes it possible to omit extra_opts of matches/targets if unnecessary. (Jan Engelhardt <jengelh@gmx.de>) A nice side effect is that merge_option() doesn't copy options in that case. ibip6t_TRACE.c ibip6t_eui64.c ibipt_MIRROR.c ibipt_TRACE.c ibipt_unclean.c ibxt_NOTRACK.c ibxt_standard.c
6f1c597f2aef128e35a78717a998fed7567ade2c	30-Jul-2007	Jan Engelhardt <jengelh@medozas.de>	The option struct needs to be terminated, otherwise ip{,6}tables will access illegal memory in merge_options(). Signed-off-by: Jan Engelhardt <jengelh@gmx.de> ibip6t_NFLOG.c ibipt_NFLOG.c
18992db3bfdb3b695cae12b53434f560cbf8e2ae	30-Jul-2007	Jan Engelhardt <jengelh@medozas.de>	Remove the .next=NULL field. This is automatically initialized to zero. I've kept .print=NULL and .save=NULL so it stands out (since iptables will do the print/save then). Signed-off-by: Jan Engelhardt <jengelh@gmx.de> ibip6t_TRACE.c ibip6t_state.c ibipt_CLASSIFY.c ibipt_CLUSTERIP.c ibipt_CONNSECMARK.c ibipt_DNAT.c ibipt_DSCP.c ibipt_ECN.c ibipt_MARK.c ibipt_MIRROR.c ibipt_NETMAP.c ibipt_REDIRECT.c ibipt_REJECT.c ibipt_SAME.c ibipt_SNAT.c ibipt_TOS.c ibipt_TRACE.c ibipt_ULOG.c ibipt_addrtype.c ibipt_ah.c ibipt_connbytes.c ibipt_connrate.c ibipt_conntrack.c ibipt_helper.c ibipt_icmp.c ibipt_iprange.c ibipt_owner.c ibipt_recent.c ibipt_state.c ibipt_tos.c ibipt_ttl.c ibipt_unclean.c ibxt_NFQUEUE.c ibxt_SECMARK.c ibxt_TCPMSS.c ibxt_comment.c ibxt_dscp.c ibxt_esp.c ibxt_length.c ibxt_limit.c ibxt_mac.c ibxt_mark.c ibxt_multiport.c ibxt_physdev.c ibxt_pkttype.c ibxt_quota.c ibxt_standard.c ibxt_tcp.c ibxt_tcpmss.c ibxt_udp.c
e9db3a8674018a5ed55be46e4c0984cecbe3067d	24-Jul-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Changes permissions of test scripts of dccp, string, and quota match dccp-testx quota-testx string-testx
a2e89ccf65e8c881e77674cd2b15b9704b0c6822	24-Jul-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Unifies libip[6]t_NFQUEUE.c into libxt_NFQUEUE.c akefile ibip6t_NFQUEUE.c ibipt_NFQUEUE.c ibxt_NFQUEUE.c
fa00a73487f6400abc3c6b4dd306c6a269ff7cd1	24-Jul-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Unifies libip[6]t_SECMARK.c into libxt_SECMARK.c akefile ibip6t_SECMARK.c ibipt_SECMARK.c ibxt_SECMARK.c
45e4c6946426785d30733701d1ee8112e58538a4	24-Jul-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Unifies libip[6]t_TCPMSS.c into libxt_TCPMSS.c akefile ibip6t_TCPMSS.c ibipt_TCPMSS.c ibxt_TCPMSS.c
9ea637d5a7ebfb04e97db4cb114117474bbda9cf	24-Jul-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Add IPv6 support to comment match akefile ibipt_comment.c ibxt_comment.c
3c96c8e1947ae4621e39c1d380358da603d2e65c	24-Jul-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Add IPv6 support to dccp match. dccp-test dccp-testx ibipt_dccp.c ibxt_dccp.c
18e060822be3ad17368dbe3d7289dd21efd341a5	24-Jul-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Add IPv6 support to dscp match. akefile ibipt_dscp.c ibxt_dscp.c
0a04e8d695549788213f842cc99c724a564a88df	24-Jul-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Unifies libip[6]t_esp.c into libxt_esp.c esp-test6 akefile ibip6t_esp.c ibipt_esp.c ibxt_esp.c
36087d952be182a6163fc508c2168b9c3b9209c2	24-Jul-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Unifies libip[6]t_length.c into libxt_length.c akefile ibip6t_length.c ibipt_length.c ibxt_length.c
4489c0d66d9a0e6033c9472fd54df155788010b7	24-Jul-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Unifies libip[6]t_limit.c into libxt_limit.c. akefile ibip6t_limit.c ibipt_limit.c ibxt_limit.c
ba2d891523121b651be54a4ce915bcee33d2ed38	24-Jul-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Unifies libip[6]t_mac.c into libxt_mac.c akefile ibip6t_mac.c ibipt_mac.c ibxt_mac.c
fec77fed67feb55aba4c33ae2367178c57ce83de	24-Jul-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Unifies libip[6]t_physdev.c into libxt_physdev.c akefile ibip6t_physdev.c ibipt_physdev.c ibxt_physdev.c
5fd6ec87600ac3bd96c2500f6f4a1a9010d8d31e	24-Jul-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Add IPv6 support to pkttype match akefile ibipt_pkttype.c ibxt_pkttype.c
2bcb16047e048afd1457642fa7bc2aefc8d06d9d	24-Jul-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Add IPv6 support to quota match quota-test quota-testx ibipt_quota.c ibxt_quota.c
19f29509c8a97219c578aeaf8be15cf005d46eb3	24-Jul-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Unifies libip[6]t_sctp.c into libxt_sctp.c sctp-test6 akefile ibip6t_sctp.c ibipt_sctp.c ibxt_sctp.c
e72f60e299e27cab2351be80e623e48815141f7a	24-Jul-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Unifies libip[6]t_standard.c into libxt_standard.c akefile ibip6t_standard.c ibipt_standard.c ibxt_standard.c
95f186e2fcc553e1e8e211b2f297c70425af8299	24-Jul-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Unifies libip[6]t_tcp.c into libxt_tcp.c. akefile ibip6t_tcp.c ibipt_tcp.c ibxt_tcp.c
7999bd3ad9815f49c31d4ef9798adbbd87ba0094	24-Jul-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Add IPv6 support to tcpmss match akefile ibipt_tcpmss.c ibxt_tcpmss.c
17908e4bd0bc8ddb7a85bda316864ad8e1e56a29	24-Jul-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Unifies libip[6]t_udp.c into libxt_udp.c akefile ibip6t_udp.c ibipt_udp.c ibxt_udp.c
de9d244eef00ad3633e8a1d303713390ab2e243c	24-Jul-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Unifies libip[6]_mark.c into libxt_mark.c akefile ibip6t_mark.c ibipt_mark.c ibxt_mark.c
0af771d5c84ea9143cf947fb944a0e18189f0e63	24-Jul-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Use unified API in libipt_mark.c ibipt_mark.c
4ccb6f547b6c2c355a188a267afe6358b013a438	24-Jul-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Add IPv6 support to string match ibxt_string.c
ede46d6949cf1442196b70e3a9954ecec0e8ad27	24-Jul-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Moves libipt_string.c to libxt_string.c string-test string-testx ibipt_string.c ibxt_string.c
6ac58e399ccb3c2fbadc373266f454ce301547da	24-Jul-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Use unified API in string match ibipt_string.c
df2cf4fddfb6bddb9c6809c4aaab8de58dd2393d	24-Jul-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Unifies libip[6]t_multiport.c into libipxt_multiport.c akefile ibip6t_multiport.c ibxt_multiport.c
c7ae1dfb28382b3bbafeda1a7a87ffa77f2799ea	24-Jul-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Moves libipt_multiport.c to libxt_multiport.c akefile ibipt_multiport.c ibxt_multiport.c
f451b5794614edc80eb8c8b30bcb2b4a4d85b6b7	24-Jul-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Splits ipt_multport into family dependent parts and others ibipt_multiport.c
eb6e65e1ccfb52457d461b72cf5abe4e9f7187c6	24-Jul-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Use unified API in multiport match ibipt_multiport.c
5186164036d47b34c33d424d6b9487dcd63ca663	24-Jul-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Add IPv6 support to NOTRACK ibxt_NOTRACK.c
5af93690347956ef1fc6124089ce7c19ee260ed2	24-Jul-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Renames libipt_NOTRACK.c to libxt_NOTRACK.c akefile ibipt_NOTRACK.c ibxt_NOTRACK.c
857ff8b030f701838ce077a7fee68f5b007cd429	24-Jul-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Use unified API in NOTRACK target. ibipt_NOTRACK.c
a3732db1280f790b8e26b41bdcbe8b5f92b7f51b	24-Jul-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Moves all declarations in iptables_common.h to xtables.h. ibipt_dscp_helper.c
68c79151aa8885961c70821456ad626cdc6afff3	24-Jul-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Installs libxt_*.so to DEST_IPT_LIBIDR and link libip[6]t_*.so to it. akefile
dbda07bda2631a0271b3efb70d52d1707c06d418	24-Jul-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Introduces DEST_IPT_LIBDIR to simplify $(DESTDIR)$(LIBDIR)/iptables akefile
ac8b2718daf8a79a59b181f6e62495f307ae86b9	24-Jul-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Fixes warning on compilation, part 2 This changes the type of arguments as follows in multiport, DNAT, SNAT, MASQUERADE, and REDIRECT - ip[6]t_ip[6] * -> void * - ip[6]t_entry * -> void * and adds lines to cast these pointer with intended type. ibip6t_multiport.c ibipt_DNAT.c ibipt_MASQUERADE.c ibipt_REDIRECT.c ibipt_SNAT.c ibipt_multiport.c
a620c61d441b931bc4a52ec07f1b906318ee4069	24-Jul-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Fixes warning on compilation of ip6tables matches/targets This changes the type of arguments as follows - ip6t_ip6 * -> void * - ip6t_entry * -> void * ibip6t_CONNMARK.c ibip6t_CONNSECMARK.c ibip6t_HL.c ibip6t_LOG.c ibip6t_MARK.c ibip6t_NFLOG.c ibip6t_NFQUEUE.c ibip6t_REJECT.c ibip6t_SECMARK.c ibip6t_TCPMSS.c ibip6t_ah.c ibip6t_condition.c ibip6t_connmark.c ibip6t_dst.c ibip6t_esp.c ibip6t_eui64.c ibip6t_frag.c ibip6t_hashlimit.c ibip6t_hbh.c ibip6t_hl.c ibip6t_icmp6.c ibip6t_ipv6header.c ibip6t_length.c ibip6t_limit.c ibip6t_mac.c ibip6t_mark.c ibip6t_mh.c ibip6t_owner.c ibip6t_physdev.c ibip6t_policy.c ibip6t_rt.c ibip6t_sctp.c ibip6t_standard.c ibip6t_state.c ibip6t_tcp.c ibip6t_udp.c
c0a9ab93f49a3d2508c95d0ca1a01c1089983731	24-Jul-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Fixes warning on compilation of iptables matches/targets This changes the type of arguments as follows - ipt_ip * -> void * - ipt_entry * -> void * This patch doesn't change multiport, DNAT, SNAT, MASQUERADE, REDIRECT because these need more changes (casting void * variable with intended type) ibipt_CLASSIFY.c ibipt_CLUSTERIP.c ibipt_CONNMARK.c ibipt_CONNSECMARK.c ibipt_DSCP.c ibipt_ECN.c ibipt_LOG.c ibipt_MARK.c ibipt_MIRROR.c ibipt_NETMAP.c ibipt_NFLOG.c ibipt_NFQUEUE.c ibipt_NOTRACK.c ibipt_REJECT.c ibipt_SAME.c ibipt_SECMARK.c ibipt_SET.c ibipt_TCPMSS.c ibipt_TOS.c ibipt_TTL.c ibipt_ULOG.c ibipt_addrtype.c ibipt_ah.c ibipt_comment.c ibipt_condition.c ibipt_connbytes.c ibipt_connmark.c ibipt_connrate.c ibipt_conntrack.c ibipt_dccp.c ibipt_dscp.c ibipt_ecn.c ibipt_esp.c ibipt_hashlimit.c ibipt_helper.c ibipt_icmp.c ibipt_iprange.c ibipt_length.c ibipt_limit.c ibipt_mac.c ibipt_mark.c ibipt_owner.c ibipt_physdev.c ibipt_pkttype.c ibipt_policy.c ibipt_quota.c ibipt_realm.c ibipt_recent.c ibipt_sctp.c ibipt_set.c ibipt_standard.c ibipt_state.c ibipt_statistic.c ibipt_string.c ibipt_tcp.c ibipt_tcpmss.c ibipt_tos.c ibipt_ttl.c ibipt_udp.c ibipt_unclean.c
b85256b07a2939d712a2547bc151653eae511909	24-Jul-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Replaces ip6t_entry_* with xt_entry_* in matches/targets ibip6t_CONNMARK.c ibip6t_CONNSECMARK.c ibip6t_HL.c ibip6t_LOG.c ibip6t_MARK.c ibip6t_NFQUEUE.c ibip6t_REJECT.c ibip6t_SECMARK.c ibip6t_TCPMSS.c ibip6t_ah.c ibip6t_condition.c ibip6t_connmark.c ibip6t_dst.c ibip6t_esp.c ibip6t_eui64.c ibip6t_frag.c ibip6t_hbh.c ibip6t_hl.c ibip6t_icmp6.c ibip6t_ipv6header.c ibip6t_length.c ibip6t_limit.c ibip6t_mac.c ibip6t_mark.c ibip6t_mh.c ibip6t_multiport.c ibip6t_owner.c ibip6t_physdev.c ibip6t_policy.c ibip6t_rt.c ibip6t_standard.c ibip6t_state.c ibip6t_tcp.c ibip6t_udp.c
193df8ee3507f0c02762c88a16916c4ea950bd99	24-Jul-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Replaces ipt_entry_* with xt_entry_* in matches/targets ibipt_CLASSIFY.c ibipt_CLUSTERIP.c ibipt_CONNMARK.c ibipt_CONNSECMARK.c ibipt_DNAT.c ibipt_DSCP.c ibipt_ECN.c ibipt_LOG.c ibipt_MARK.c ibipt_MASQUERADE.c ibipt_MIRROR.c ibipt_NETMAP.c ibipt_NFQUEUE.c ibipt_NOTRACK.c ibipt_REDIRECT.c ibipt_REJECT.c ibipt_SAME.c ibipt_SECMARK.c ibipt_SET.c ibipt_SNAT.c ibipt_TCPMSS.c ibipt_TOS.c ibipt_TTL.c ibipt_ULOG.c ibipt_addrtype.c ibipt_ah.c ibipt_comment.c ibipt_condition.c ibipt_connbytes.c ibipt_connmark.c ibipt_connrate.c ibipt_conntrack.c ibipt_dccp.c ibipt_dscp.c ibipt_ecn.c ibipt_esp.c ibipt_hashlimit.c ibipt_helper.c ibipt_icmp.c ibipt_iprange.c ibipt_length.c ibipt_limit.c ibipt_mac.c ibipt_mark.c ibipt_multiport.c ibipt_owner.c ibipt_physdev.c ibipt_pkttype.c ibipt_policy.c ibipt_quota.c ibipt_realm.c ibipt_recent.c ibipt_sctp.c ibipt_set.c ibipt_standard.c ibipt_state.c ibipt_statistic.c ibipt_string.c ibipt_tcp.c ibipt_tcpmss.c ibipt_tos.c ibipt_ttl.c ibipt_udp.c ibipt_unclean.c
a8a4f5ddfc32f21ade344dcec0fc2e3623634f55	16-Jul-2007	Patrick McHardyYasuyuki KOZAKAI <kaber@trash.netyasuyuki@netfilter.org>	Adds missing explanations about FIN in mask part of '--syn' in libip[6]_tcp.c and libip6t_tcp.man. ibip6t_tcp.c ibip6t_tcp.man ibipt_tcp.c
a70d29f15c809d02cb271eddba1f217d78853372	16-Jul-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Adds missing FIN to mask part generated by '--syn' of libip6t_tcp ibip6t_tcp.c ibip6t_tcp.man
ef329f23c00ad848c1be9c2d6f90cc23c8919e6d	13-Jul-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Fixes compile error of connlimit where NO_SHARED_LIBS=1 is specified ibip6t_connlimit.c ibipt_connlimit.c
21df4af43dcc9f635baa2aff3ace53768d9704bc	09-Jul-2007	Jan Engelhardt <jengelh@medozas.de>	PATCH: Add connlimit to iptables. Signed-off-by: Jan Engelhardt <jengelh@gmx.de> akefile ibip6t_connlimit.c ibip6t_connlimit.man ibipt_connlimit.c ibipt_connlimit.man
0c6bf10fbdbea24ec224a87118ff422279311887	03-Jul-2007	Nicolas Bouliane <nicboul@gmail.com>	libipt_statistic: add a few missing validity checks Signed-off-by: Nicolas Bouliane ibipt_statistic.c
fde395370ead306b770a3d4685e4bc1d6972266d	28-Jun-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Removes some KERNEL_64_USERSPACE_32 because linux 2.6 has compat layer ibip6t_MARK.c ibip6t_mark.c ibipt_MARK.c ibipt_ULOG.c ibipt_conntrack.c ibipt_mark.c
06e88ddd97aaacf50a8ca2418e9c6c5d95b99865	25-Jun-2007	Patrick McHardy <kaber@trash.net>	Add Jozsef's TRACE target. Changed to be built unconditionally by myself since it doesn't need any headerfiles anyways. akefile ibip6t_TRACE.c ibip6t_TRACE.man ibipt_TRACE.c ibipt_TRACE.man
f4cb71c763b45584a9225c3fa1f4aa97fd4cb07a	24-Jun-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Fixes build error of conntrack match because of missing ip_conntrack_tuple.h in linux 2.6.22. It is not needed because nf_conntrack headers can be used instead. ibipt_conntrack.c
1d9872d7d6f2199130bb67fe8988baade53d25c1	03-Jun-2007	Jan Engelhardt <jengelh@medozas.de>	libipt_hashlimit doc update Add srcip,srcport to hashlimit manpage. Signed-off-by: Jan Engelhardt <jengelh@gmx.de> ibipt_hashlimit.man
ef399a3033aa860ea1653b9c4306c0e78777e981	29-May-2007	Patrick McHardy <kaber@trash.net>	Add --random option to DNAT and REDIRECT targets and fix the manpage mess this option left behind. ibipt_DNAT.c ibipt_DNAT.man ibipt_MASQUERADE.man ibipt_REDIRECT.c ibipt_REDIRECT.man ibipt_SNAT.c ibipt_SNAT.man
b8c0b78b357b927ff13a8f73a3a52711a08a3470	02-May-2007	Phil Oester <kernel@linuxace.com>	update quota manpage for SMP (Phil Oester) The quota match works fine on SMP, so update the manpage to reflect this. Closes bugzilla #564. ibipt_quota.man
9c67defe98f04f72f19dfd09c8030e1de4b8bf0f	18-Apr-2007	Patrick McHardy <kaber@trash.net>	Fix iptables-save with --random option ibipt_MASQUERADE.c ibipt_SAME.c ibipt_SNAT.c
e656e265bc67a55f6e51aa07118f96c058a97798	18-Apr-2007	Patrick McHardy <kaber@trash.net>	Remove unnecessary IP_NAT_RANGE_PROTO_RANDOM ifdefs. ibipt_MASQUERADE.c ibipt_SAME.c ibipt_SNAT.c
40d54756cd8a2705e22b36f7aef03bb2c472a10b	18-Apr-2007	Patrick McHardy <kaber@trash.net>	Use nf_conntrack headers instead of ip_conntrack ones and add sanitized versions. ibip6t_state.c ibipt_DNAT.c ibipt_MASQUERADE.c ibipt_NETMAP.c ibipt_REDIRECT.c ibipt_SAME.c ibipt_SNAT.c ibipt_connbytes.c ibipt_connrate.c ibipt_conntrack.c ibipt_state.c
10a234a5e381106825986283bf12ccb0bfed3730	18-Apr-2007	Patrick McHardy <kaber@trash.net>	Remove unnecessary ip_conntrack/ip_nat includes ibipt_SET.c ibipt_set.c
191e3ffccbea68fa927720a8ef8f8b0a437c1f41	06-Mar-2007	Patrick McHardy <kaber@trash.net>	Fix cut and paste error breaking use of groups != 0 ibip6t_NFLOG.c ibipt_NFLOG.c
ae4b0b3aa70c67f2eff303a3e75834e45c3794a7	24-Feb-2007	Eric Leblond <eric@inl.fr>	iptables: add random option to SNAT (Eric Leblond) ibipt_MASQUERADE.c ibipt_MASQUERADE.man ibipt_SAME.c ibipt_SAME.man ibipt_SNAT.c ibipt_SNAT.man
ee9e2205dfd53ffc35495dd60b43c59b77aa3839	19-Feb-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Reverted r6754. libipt_icmp has the option 'any', so it's unnecessary to check no option of ICMP type. ibipt_icmp.c
d9e7e659fda0918894302bd4a87fc2bab7a458fb	13-Feb-2007	Patrick McHardy <kaber@trash.net>	Remove and readd with executable bit set. SVN doesn't seem to have a proper way of doing this. mh-test6
6f9c09e818ab7bdf83b73185a7928ac56fdcff95	13-Feb-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Fixes man page for tcp, udp, icmp{,6}. They are not loaded when only '-p' is specified, but loaded when extra options are specified, too. ibip6t_icmp6.man ibip6t_tcp.man ibip6t_udp.man ibipt_icmp.man ibipt_tcp.man ibipt_udp.man
bee2bf9daf5c474a2e973f16a36f788882b29e7b	13-Feb-2007	Patrick McHardy <kaber@trash.net>	Forgot to add TCPMSS target to PF6_EXT_SLIB akefile
3122ce9ada8a8acbf3b1035c02618559b21d7ccd	13-Feb-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Error if no ICMP type is specified even though user intended to use icmp match. ibipt_icmp.c
00d46e1c830e88f857d5fedbc9c19afe984d7a50	09-Feb-2007	Masahide NAKAMURA <nakam@linux-ipv6.org>	Add ip6tables mh extension (Masahide NAKAMURA <nakam@linux-ipv6.org>) Kernel part will go in 2.6.21 mh-test6 ibip6t_mh.c ibip6t_mh.man
4fc6669d9930c8c42ea246000fe93826ade9c1f0	26-Jan-2007	Patrick McHardy <kaber@trash.net>	Bugzilla #535 In the tcpmss section of the iptables manpage, there is an extraneous trailing quote for the --mss option. ibipt_tcpmss.man
c8c2ce30a21a582bd86b4b7fa75bfaae8d027686	26-Jan-2007	Patrick McHardy <kaber@trash.net>	Bugzilla #534: Please remove --mss from libipt_tcp.man. The tcp match doesn't handle that option, while the tcpmss match does. ibipt_tcp.man
e4076172c33810472d9d658554588b6e379a4fbe	16-Jan-2007	Arnaud Ebalard <arno@natisbad.org>	Add ip6tables TCPMSS extension (Arnaud Ebalard <arno@natisbad.org>) Kernel part will go in 2.6.21. ibip6t_TCPMSS.c ibip6t_TCPMSS.man
9561606bd938ed4b2614716a08a2856d4ef5e995	11-Jan-2007	Patrick McHardy <kaber@trash.net>	Add UDPLITE multiport support ibipt_multiport.c
8a0b6ead35931422fbe02c63d9262ad9e40daacc	11-Jan-2007	Patrick McHardy <kaber@trash.net>	Fix missing space in ruleset listing ibipt_string.c
b1f568309a09e61f892dee3c23279cecff0b0ff4	10-Jan-2007	Patrick McHardy <kaber@trash.net>	Remove extensions for unmaintained/obsolete patchlets BALANCE-test FTOS-test IPMARK-test NETLINK-test TCPLAG-test XOR-test account-test childlevel-test connrate-test dstlimit-test fuzzy-test fuzzy-test6 mport-test nth-test nth-test6 osf-test psd-test random-test random-test6 record-rpc-test time-test akefile ibip6t_TRACE.c ibip6t_TRACE.man ibip6t_fuzzy.c ibip6t_fuzzy.man ibip6t_nth.c ibip6t_nth.man ibip6t_random.c ibip6t_random.man ibipt_BALANCE.c ibipt_BALANCE.man ibipt_FTOS.c ibipt_IPMARK.c ibipt_IPMARK.man ibipt_NETLINK.c ibipt_TCPLAG.c ibipt_TRACE.c ibipt_TRACE.man ibipt_XOR.c ibipt_XOR.man ibipt_account.c ibipt_account.man ibipt_childlevel.c ibipt_childlevel.man ibipt_connlimit.c ibipt_connlimit.man ibipt_dstlimit.c ibipt_dstlimit.man ibipt_fuzzy.c ibipt_fuzzy.man ibipt_mport.c ibipt_mport.man ibipt_nth.c ibipt_nth.man ibipt_osf.c ibipt_osf.man ibipt_psd.c ibipt_psd.man ibipt_random.c ibipt_random.man ibipt_record_rpc.c ibipt_rpc.c ibipt_time.c ibipt_time.man
a565d4e81c6c4298e783bf0ae11ce4540d595f47	07-Jan-2007	thomas <thomas@aktaia.intevation.org>	fix typo in manpage (thomas@aktaia.intevation.org) ibip6t_eui64.man
29f91845300a585b5253b2e1ed3a29f064f31787	12-Dec-2006	Patrick McHardy <kaber@trash.net>	Move extensions for pom patches to individual patchlets. IPV4OPTSSTRIP-test ROUTE-test ROUTE-test6 ipv4options-test u32-test akefile ibip6t_ROUTE.c ibip6t_ROUTE.man ibipt_IPV4OPTSSTRIP.c ibipt_IPV4OPTSSTRIP.man ibipt_ROUTE.c ibipt_ROUTE.man ibipt_TARPIT.c ibipt_TARPIT.man ibipt_ipv4options.c ibipt_ipv4options.man ibipt_u32.c ibipt_u32.man
e342bf7586261158ab1c06e9e8855de1551a61b9	03-Dec-2006	Patrick McHardy <kaber@trash.net>	Add target extensions for new NFLOG target NFLOG-test NFLOG-test6 ibip6t_NFLOG.c ibipt_NFLOG.c
267a57007e69d8f316dea80f79ce2560459e0c30	29-Nov-2006	Pablo Neira Ayuso <pablo@netfilter.org>	Fix /etc/network usage (Pablo Neira) http://bugs.debian.org/398082 iptables 1.3.5 and 1.3.6 appear to read /etc/networks, but the information is lost somewhere with 1.3.6. # cat /etc/networks foonet 10.0.0.0 # strace -s 255 -o /tmp/foo iptables -v -A INPUT -s foonet/8 -j ACCEPT #1.3.5 [1] ACCEPT all opt -- in * out * 10.0.0.0/8 -> 0.0.0.0/0 # strace -s 255 -o /tmp/bar iptables -v -A INPUT -s foonet/8 -j ACCEPT #1.3.6 [2] iptables v1.3.6: host/network `foonet.0.0.0' not found Try `iptables -h' or 'iptables --help' for more information. 1. http://people.debian.org/~ljlane/stuff/strace-iptables-1.3.5.txt 2. http://people.debian.org/~ljlane/stuff/strace-iptables-1.3.6.txt ibipt_NETMAP.c
00524b27b5e442d27414cf48e0d6e6372b6113ae	13-Nov-2006	Patrick McHardy <kaber@trash.net>	Add ip6tables support for hashlimit match hashlimit-test6 ibip6t_hashlimit.c
3810013331414e53a0bde3a791b2ce3648c892d0	13-Nov-2006	Patrick McHardy <kaber@trash.net>	Add ip6tables support for sctp match sctp-test6 ibip6t_sctp.c
0665217784822434b1732cdc773d5daa12836438	20-Oct-2006	Rémi Denis-Courmont <rdenis@simphalempin.com>	- Add revision support to ip6tables. - Add support port range match to libip6t_multiport (R?mi Denis-Courmont <rdenis@simphalempin.com>) ibip6t_multiport.c
ed26b7b0cedcdb9621ae7d4e225048614f52dc0f	10-Oct-2006	Mike Frysinger <vapier@gentoo.org>	iptables segfaults when given "" to --log-prefix (Mike Frysinger <vapier@gentoo.org>) Bugzilla #516 ibip6t_LOG.c ibipt_LOG.c ibipt_ULOG.c
48b46a615b48ef224985070cf4c3966f793c4cf3	06-Oct-2006	Joszef Kadlecsik <kadlec@blackhole.kfki.hu>	Use correct types at error reporting (patch sent by H. Nakano) ibipt_set.h
ca9d8c221f0e10cc8dd0c79e922a1dc73ae0ca5f	02-Sep-2006	Simon Lodal <simon@parknet.dk>	Named realm (Simon Lodal <simon@parknet.dk>) Optionally read realm values from /etc/iproute2/rt_realms ibipt_realm.c ibipt_realm.man
10e0fbb32828543f5f18751e116d7d9cbff9f7de	31-Aug-2006	Patrick McHardy <kaber@trash.net>	Add statistic match extension statistic-test ibipt_statistic.c
09c8e300ca4717f2f8ecd940808ef66513b0c7dd	29-Aug-2006	Eric Leblond <eric@inl.fr>	iptables: fix ipt_MARK documentation (Eric Leblond) This patch documents --or-mask and --and-mask options of the MARK target. Description is directly taken from the source code. ibipt_MARK.man
ae35309923339354b48adac4fa703bd3f5e6dd2b	08-Aug-2006	Phil Oester <kernel@linuxace.com>	update quota match for xtables + fix -D bug (Phil Oester <kernel@linuxace.com>) quota-test ibipt_quota.c
c1eae41e1957db56aaf7afcafa2f097042fa4217	25-Jul-2006	Patrick McHardyJesper Brouer <kaber@trash.nethawk@diku.dk>	Revert "proto_to_name duplication" patch, as noticed by Yasuyuki it can cause invalid arguments to get accepted. ibipt_multiport.c
a6c1d926f6c3c00e0c1875d80b9579c95bde2cfa	22-Jul-2006	Phil Oester <kernel@linuxace.com>	proto_to_name duplication (Phil Oester <kernel@linuxace.com>) Update multiport match to use the iptables version of proto_to_name instead of reinventing the wheel. ibipt_multiport.c
dbac8ad71c3c418fd8a62c08211885a38177b725	20-Jul-2006	Phil Oester <kernel@linuxace.com>	reduce parse_*_port duplication (Phil Oester <kernel@linuxace.com>) The below patch (dependent upon my 'reduce service_to_port duplication' patch) centralizes the parse_*_port functions into parse_port. ibip6t_multiport.c ibip6t_tcp.c ibip6t_udp.c ibipt_dccp.c ibipt_mport.c ibipt_multiport.c ibipt_sctp.c ibipt_tcp.c ibipt_udp.c
58179b1d0d1722ea16028aa2ea9d74afc86dd5dc	20-Jul-2006	Phil Oester <kernel@linuxace.com>	reduce service_to_port duplication (Phil Oester <kernel@linuxace.com>) The service_to_port function is used in a number of places, and could benefit from some centralization instead of being duplicated everywhere. ibip6t_multiport.c ibip6t_tcp.c ibip6t_udp.c ibipt_dccp.c ibipt_mport.c ibipt_multiport.c ibipt_sctp.c ibipt_tcp.c ibipt_udp.c
8a173efc9af7cdc96b37867bdb3f4112be5dcbf9	05-Jul-2006	Pierre-Yves Ritschard <pierre-yves@spootnik.org>	please kill santa-claus (Pierre-Yves Ritschard <pierre-yves@spootnik.org>) Remove "hoho" message :) ibipt_iprange.c
b1cda88e9440764d8c2bdce72ec9dcffdf68de07	04-Jul-2006	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	- force user to specify --icmpv6-type if icmpv6 match is required to load - Don't allow multiple --icmp-type/icmpv6-type (Closes: #461) ibip6t_icmp6.c ibipt_icmp.c
b46d0b2d289175b4c37a53531220c3c853117704	03-Jul-2006	Phil Oester <kernel@linuxace.com>	ip6tables multiport does not support x:y (Phil Oester <kernel@linuxace.com>) Update the manpage for ip6tables multiport match to reflect reality -- it does not (yet) support x:y syntax. I looked at adding it, but adding revision support to ip6tables seems a waste at this point, since once xtables support is added to iptables, this problem will resolve itself. Closes bug #451. ibip6t_multiport.man
1da8351b114bf50de56d419645f29bad32d80354	03-Jul-2006	Phil Oester <kernel@linuxace.com>	iptables trivial compile warning cleanup (Phil Oester <kernel@linuxace.com>) Cleanup a few compile warnings in latest snapshot: extensions/libipt_dscp_helper.c:69: warning: 'dscp_to_name' defined but not used extensions/libipt_sctp.c: In function 'print_chunks': extensions/libipt_sctp.c:465: warning: value computed is not used extensions/libipt_sctp.c:477: warning: value computed is not used Resolves bug #457. ibipt_dscp_helper.c ibipt_sctp.c
45ce294b43b8eb49948da7ec1defea4300bc61cc	23-Jun-2006	Joszef Kadlecsik <kadlec@blackhole.kfki.hu>	size_t changed to socklen_t in getsockopt call ibipt_set.h
a05720b27920f3ba7dad8870a0acc776a6c55e47	23-Jun-2006	Joszef Kadlecsik <kadlec@blackhole.kfki.hu>	set match negation bug fixed ibipt_set.c ibipt_set.h
3836fcc4c26ba831c38df7aa056863e8f24614a0	20-Jun-2006	Phil Oester <kernel@linuxace.com>	REDIRECT does not accept IP (Phil Oester <kernel@linuxace.com>) As pointed out by Nicolas Mailhot in bugzilla #483, REDIRECT does not accept an IP address and when supplied with one, provides unexpected results. Patch below fixes this. ibipt_REDIRECT.c
75efcae9764d2117be192a93b25e8810009aabec	30-May-2006	Phil Oester <kernel@linuxace.com>	trivial connlimit manpage fix (Phil Oester <kernel@linuxace.com>) ibipt_connlimit.man
a895b9cfd9b5c20111cb442f9b7b14c774d1d544	24-May-2006	Simon Lodal <simonl@parknet.dk>	Use lowercase letters for match name (Simon Lodal <simonl@parknet.dk>) ibipt_realm.c
8185801d0dd58e6df1801b2d4832c55522274366	24-May-2006	Evan Miller <evanm@frap.net>	Add information about :<port> syntax (Evan Miller <evanm@frap.net>) ibipt_DNAT.man
630da419883a848807c044d6f718b95213cea6f3	24-May-2006	James Morris <jmorris@namei.org>	secmark: Add libip6t_CONNSECMARK This patch adds the shared library module for the CONNSECMARK target (IPv6). Signed-off-by: James Morris <jmorris@namei.org> akefile ibip6t_CONNSECMARK.c ibip6t_CONNSECMARK.man
ff968303f0e3daec2afd6d10648d5117da496e62	24-May-2006	Patrick McHardy <kaber@trash.net>	D'oh .. I'm not too smart, forgot to add the new files in the previous patches :) ibip6t_SECMARK.c ibip6t_SECMARK.man ibipt_CONNSECMARK.c ibipt_CONNSECMARK.man ibipt_SECMARK.c ibipt_SECMARK.man
517ac155b5ed80b0aec1ec9db0b670d55d61a0ab	24-May-2006	James Morris <jmorris@namei.org>	secmark: Add libipt_CONNSECMARK This patch adds the shared library module for the CONNSECMARK target (IPv4). Signed-off-by: James Morris <jmorris@namei.org> akefile
d718220596c970eba76b1e7f4bb82b051e27ef35	24-May-2006	James Morris <jmorris@namei.org>	secmark: Add libip6t_SECMARK This patch adds the shared library module for the SECMARK target (IPv6). Signed-off-by: James Morris <jmorris@namei.org> akefile
843b9590f58a7726a06ffb3b9965f34040c292f8	24-May-2006	James Morris <jmorris@namei.org>	secmark: Add libipt_SECMARK This patch adds the shared library module for the SECMARK target (IPv4). Signed-off-by: James Morris <jmorris@namei.org> akefile
c81a3f32cc0877784fb287beb5e862c74e5435eb	24-May-2006	James Morris <jmorris@namei.org>	secmark: Add libselinux support This patch adds the infrastructure for linking iptables against libselinux, for use with the SECMARK target. This is enabled by setting DO_SELINUX=1 in the build environment. Signed-off-by: James Morris <jmorris@namei.org> akefile
2452bafd9810e8560717f10af8e26f8a3ac4f4cf	28-Apr-2006	Patrick McHardy <kaber@trash.net>	Add DCCP/SCTP support to multiport. Patch for kernel will go in 2.6.18. ibip6t_multiport.c ibipt_multiport.c
2c627cf60cfb1a4e67aea1b2333f2a11e23fecd8	15-Apr-2006	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	[IPTABLES,IP6TABLES]: check invalid esp spi range ibip6t_esp.c ibipt_esp.c
1f312c2e3ee57eadde7c8bfc12d838aa0f60e99e	15-Apr-2006	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	fix loading shared library of ICMPv6 match. The current ip6tables tries to load libip6t_icmp6.so when user types 'ip6tables -p icmpv6 ...' or 'ip6tables ... -m icmpv6' ...', and it fails. This patch renames libip6t_icmpv6.c to libip6t_icmp6.c so that ip6tables can load it. Now kernel module and user library has same name 'icmp6'. It can reduce confusion about name mismatch. That's why I renamed it instead of reverting change in find_match() which brought this bug. This patch keeps compatibiity and we can use '-p icmpv6', '-p ipv6-icmpv6', '-m icmpv6', '-m ipv6-icmpv6', and '-m icmp6', as ever. akefile ibip6t_icmp6.c ibip6t_icmp6.man ibip6t_icmpv6.c ibip6t_icmpv6.man
708e0580573acd24065ad052c096c5020c16dee2	12-Apr-2006	Harald Welte <laforge@gnumonks.org>	[IPTABLES,IP6TABLES]: fix the path to detect esp/connbytes support in kernel The recent kernels don't have ipt_connbytes.c and ip6t_esp.c. connbytes-test esp-test6
a52b8fe72b86f954f62eed5d1f6e27c83544a4b6	31-Mar-2006	Daniel De Graaf <danieldegraaf@gmail.com>	Correct iptables-save output of osf module (Daniel De Graaf) ibipt_osf.c
d3476b294f6a0570b0ec3322f580d6446c6f20fe	01-Feb-2006	Harald Welte <laforge@gnumonks.org>	make policy match compile independant of kernel headers ibip6t_policy.c ibipt_policy.c
54c603a6100e8721efb8de9ea4f596a69970ce02	01-Feb-2006	Harald Welte <laforge@gnumonks.org>	Some !%$!*##$@ has modified the kernel include/linux/netfilter_ipv4/ipt_sctp.h file in a way that breaks userspace :( ibipt_sctp.c
38315b13504714f48e90363b62de2def0b05e9b8	01-Feb-2006	Harald Welte <laforge@gnumonks.org>	remove other bits of old ip pool code, people should use ipset (ipset.netfilter.org) these days pool-test ibipt_POOL.c ibipt_pool.c
02e88f2ae4eac6088e3f802909b77ec4b8317acd	31-Jan-2006	Patrick McHardy <kaber@trash.net>	Prepare policy match for x_tables unification by making sure both ipt_policy and ip6t_policy use the same data structure. policy-test policy-test6 akefile ibip6t_policy.c ibipt_policy.c
0829a2b72caa06c07e6eb710a81a04295c9f2621	30-Jan-2006	Michael Rash <mbr@cipherdyne.org>	fix 'save' (Michael Rash) ibipt_string.c
28e5b79eee634792b81bae754a321543cb29539e	30-Jan-2006	Yasuyuki KOZAKAI <yasuyuki.kozakai@toshiba.co.jp>	major manpage update (Yasuyuki Kozakai) ibip6t_HL.man ibip6t_REJECT.man ibip6t_ah.man ibip6t_condition.man ibip6t_dst.man ibip6t_esp.man ibip6t_eui64.man ibip6t_frag.man ibip6t_fuzzy.man ibip6t_hbh.man ibip6t_hl.man ibip6t_icmpv6.man ibip6t_ipv6header.man ibip6t_length.man ibip6t_mark.man ibip6t_multiport.man ibip6t_owner.man ibip6t_physdev.man ibip6t_rt.man ibipt_ah.man ibipt_condition.man ibipt_esp.man ibipt_fuzzy.man ibipt_length.man ibipt_mark.man ibipt_physdev.man
469d18f66896ef509cac5a2ade494ea38e0c86e2	26-Jan-2006	Harald Welte <laforge@gnumonks.org>	Add 'copy+paste' support for 'state' and 'connmark' match, as well as 'CONNMARK' target for ip6tables / nf_conntrack_l3proto_ipv6. This is a temporary solution for the iptables-1.3.x branch, since the 1.4.x branch will have proper support. akefile ibip6t_CONNMARK.c ibip6t_connmark.c ibip6t_state.c
4b1be69742ef28af2722dec16d3fdf0b38685006	26-Jan-2006	Harald Welte <laforge@gnumonks.org>	add note about deprecated state ibipt_dstlimit.man
599d2a101c05dce55e5c2060a18a978c391125b2	22-Jan-2006	Harald Welte <laforge@gnumonks.org>	fix spelling 'adress' -> 'address' (Closes: #431) (MJ Anthony) ibipt_DNAT.man ibipt_SNAT.man
3f347569c972830e5d619b1fe2a61e888c67ca03	22-Jan-2006	Noticed by Tom Eastep <teastep@shorewall.net>	Fix "empty policy element" complaining in non-strict mode. Noticed by Tom Eastep <teastep@shorewall.net>. ibip6t_policy.c ibipt_policy.c
37b7c9b6c4f33fc3d5908d1f2b742e2f023e0e0b	12-Jan-2006	Patrick McHardy <kaber@trash.net>	Clarify --tunnel-src/--tunnel-dst options ibip6t_policy.man ibipt_policy.man
a46d88df3c786a33e83164a3aa88c215eaf7402c	12-Jan-2006	Patrick McHardy <kaber@trash.net>	Move empty policy element check to also catch last element ibip6t_policy.c ibipt_policy.c
1d0f57c14ad5923d8ffcecc7f372fcc15b3945fa	12-Jan-2006	Patrick McHardy <kaber@trash.net>	Don't allow using --next option without specifying a policy element ibip6t_policy.c ibipt_policy.c
cddae3dc37a6b6a5d523876a970ec0391c613ee3	09-Jan-2006	Patrick McHardy <kaber@trash.net>	Fix invalid assignment of tunnel-src to dest address (Patrick McHardy) ibip6t_policy.c
014a48fb2ddc0552547a47530ac5c89bacdf9aa1	03-Jan-2006	Pablo Neira <pablo@eurodev.net>	Add documentation for string match (Pablo Neira) ibipt_string.man
402c3116e5b6facda53b3299ad32d03ec8460512	05-Dec-2005	Harald Welte <laforge@gnumonks.org>	fix iptables-save of 'goto' target (Closes: #410) ibipt_connbytes.c
dbbcf273e98f9efff9e644cf98207a3eac6fc63a	05-Dec-2005	Patrick McHardy <kaber@trash.net>	Add note that TCPMSS is only valid in the mangle table (not true today, but maybe someday) ibipt_TCPMSS.man
11b8591d596913c492833f4a1809c5c735e3d5e0	22-Nov-2005	Harald Welte <laforge@gnumonks.org>	tcp-rst is the alias, not tcp-reset (Torsten Hilbrich) ibipt_REJECT.c
524bb803727baaad532915394ada06ec3eb8a11e	19-Nov-2005	Patrick McHardy <kaber@trash.net>	Add policy match extensions from patch-o-matic policy-test policy-test6 ibip6t_policy.c ibip6t_policy.man ibipt_policy.c ibipt_policy.man
2739cb813c93a25b036429e48e6bdae98d5c25ad	18-Nov-2005	Patrick McHardy <kaber@trash.net>	Fix some gcc-4 warnings ibipt_CLASSIFY.c ibipt_CLUSTERIP.c ibipt_string.c ibipt_tos.c
6656e1378f432ab8690e7d22128793a1ddc5166b	18-Nov-2005	Patrick McHardy <kaber@trash.net>	Don't eat numeric arguments for other extensions ibipt_ttl.c
5a4892b7566fd572a195b12b3a449d0c03125a54	17-Nov-2005	Phil Oester <kernel@linuxace.com>	The conntrack match does not print any info for --ctproto, thus breaking iptables-restore of any rules using this option. Below patch adds output and closes bug #398. (Phil Oester) ibipt_conntrack.c
361bac2f2c25ecabef125c6a8bb8dfc194bf73f1	03-Nov-2005	Deti Fliegl <deti@fliegl.de>	fix connmark, it's now only 32bits (Deti Fliegl <deti@fliegl.de) We'ver screwed this up with the 2.6.14 release. It refuses any mask that extends 32bits. We should have fixed this by adding a new target/match revision, but now it's too late anyway :( ibipt_CONNMARK.c ibipt_connmark.c
55548fd74331be4507174bd3dfb65640c8eb909d	19-Sep-2005	Tom Eastep <teastep@shorewall.net>	The conntrack match extension doesn't handle address inversion correctly. (Tom Eastep) ibipt_conntrack.c
8cf65913bb6353bf0e92eab0669d1c4c53b43623	19-Sep-2005	Phil Oester <kernel@linuxace.com>	Kernels higher than 2.6.10 don't support multiple --to arguments in DNAT and SNAT targets. At present, the error is somewhat vague: # iptables -t nat -A foo -j SNAT --to 1.2.3.4 --to 2.3.4.5 iptables: Invalid argument But if we want current iptables to work with kernels <= 2.6.10, we cannot simply disallow this in all cases. So the below patch adds kernel version checking to iptables, and utilizes it in [DS]NAT. Now, users will see a more informative error: # iptables -t nat -A foo -j SNAT --to 1.2.3.4 --to 2.3.4.5 iptables v1.3.3: Multiple --to-source not supported This generic infrastructure (shamelessly lifted from procps btw) may come in handy in the future for other changes. This fixes bugzilla #367. (Phil Oester) ibipt_DNAT.c ibipt_SNAT.c
3643aca580531eb795832feb8a83cca57f57dc0e	19-Sep-2005	KOVACS Krisztian <hidden@balabit.hu>	* specifying random seed for the Jenkins hash works as documented * iptables-save seems to work now Signed-off-by: KOVACS Krisztian <hidden@balabit.hu> Signed-off-by: Harald Welte <laforge@netfilter.org> ibipt_CLUSTERIP.c
ae65b529140b07daae87ecffe267ea2fbb395c0c	11-Sep-2005	Martin Josefsson <gandalf@wlug.westbo.se>	Make libipt_connbytes.c compile with the ipt_connbytes version that has been merged into the 2.6 kernel ibipt_connbytes.c
a4749bc725a7468af796bc773b3de0b0c29650f2	29-Aug-2005	Harald Welte <laforge@gnumonks.org>	Update manpage to reflect missing ability to SNAT to multiple ranges in 2.6.11-rc1 and later ibipt_SNAT.man
d2baafe40a9cc2cd4af508d38a47502c24c13b96	29-Aug-2005	Harald Welte <laforge@gnumonks.org>	Update manpage to reflect missing NAT to multiple ranges support in 2.6.11-rc1 and later. ibipt_DNAT.man
c6fbf41cdd15705559269d992da9938cbb1a1f4e	28-Aug-2005	Pablo Neira <pablo@netfilter.org>	update string match to reflect new kernel implementation (Pablo Neira) ibipt_string.c
e40b11d7ef827c0e8519bcdc34619e7bcc92710f	06-Aug-2005	Harald Welte <laforge@gnumonks.org>	add support for new 'dccp' protocol match dccp-test ibipt_dccp.c ibipt_dccp.man
ae87b8a7470dc6aa5521d226e8ed218500dfe633	05-Aug-2005	Harald Welte <laforge@gnumonks.org>	port Eric Leblond's NFQUEUE missing-break fix to ip6tables ibip6t_NFQUEUE.c ibip6t_NFQUEUE.man
6fdefcfe7aaa02e116e44e96262fe986e87977eb	05-Aug-2005	Eric Leblond <eric@inl.fr>	Add missing 'break' to make parsing of NFQUEUE numbers work (Eric Leblond) ibipt_NFQUEUE.c ibipt_NFQUEUE.man
7bdfca450990ca68ccfc4c54acb14d3ea0fa8582	28-Jul-2005	Harald Welte <laforge@gnumonks.org>	update manpage to reflect QUEUE / nfnetlink_queue / NFQUEUE changes ibip6t_NFQUEUE.man ibipt_NFQUEUE.man
36d870c76621b94d51816d09eb8fd05e0fb0a0ab	22-Jul-2005	Patrick McHardy <kaber@trash.net>	Fix NAT of ICMP ID ranges (Patrick McHardy) ibipt_DNAT.c ibipt_MASQUERADE.c ibipt_REDIRECT.c ibipt_SNAT.c
efa8fc2123a2a9fc229ab471edd2b2688ce1da3a	20-Jul-2005	Harald Welte <laforge@gnumonks.org>	get rid of numerous gcc-4 warnings ibip6t_length.c ibip6t_physdev.c ibipt_DSCP.c ibipt_TOS.c ibipt_comment.c ibipt_dscp.c ibipt_physdev.c ibipt_rpc.c ibipt_tos.c ibipt_ttl.c
daa1ef354deee764484c1494073b075859701971	19-Jul-2005	Harald Welte <laforge@gnumonks.org>	add NFQUEUE support for ipv4 and ipv6 akefile ibip6t_NFQUEUE.c ibipt_NFQUEUE.c
893b688a2a73363c8cebe4bac0c1368178fce2fd	10-Jul-2005	Harald Welte <laforge@gnumonks.org>	fix various missing header file / #define issues on old kernels. I've now tested compilation with kernels starting 2.4.17 ibip6t_LOG.c
195ae91a7103d46d3aed96f339a70742b664e967	29-Jun-2005	Harald Welte <laforge@gnumonks.org>	attempt to fix save/restore of '! --uid-owner squid' problem as reported by Costa Tsaousis (backport from ipv4 owner) ibip6t_owner.c
0c4c91c1e30e229a1a80f044ab47d17590ece383	24-Jun-2005	Patrick McHardy <kaber@trash.net>	Add --log-uid support to libip6t_LOG (Patrick McHardy <kaber@trash.net>) ibip6t_LOG.c ibip6t_LOG.man
9867e814492275cabfbccd6b30375b0e23eb10cb	22-Jun-2005	Yasuyuki KOZAKAI <yasuyuki.kozakai@toshiba.co.jp>	reduce code replication of parse_interface() (Yasuyuki Kozakai) ibip6t_physdev.c ibipt_physdev.c
a3a9c0d3e3d9df70c5ea2e64ef792e194dbfbde7	22-Jun-2005	Yasuyuki KOZAKAI <yasuyuki.kozakai@toshiba.co.jp>	This patch prevents user to set negative port value of SNAT/DNAT. (Yasuyuki Kozakai) ibipt_DNAT.c ibipt_SNAT.c
38eb730cc867a470f3e5468e804b553e96272ccf	11-Jun-2005	Evgeniy Polyakov <johnpol@2ka.mipt.ru>	OSF: lib_ipt.c changes to support connector notifications (Evgeniy Polyakov <johnpol@2ka.mipt.ru>) ibipt_osf.c
86c8513400c3c604771d710d28888d0877c6ca9d	11-Jun-2005	Phil Oester <kernel@linuxace.com>	update multiport manpage (Phil Oester <kernel@linuxace.com>) ibip6t_multiport.man ibipt_multiport.man
f3aa491a54847fbbaae0858d00e5e4c0986c1d7b	11-Jun-2005	Tom Eastep <teastep@shorewall.net>	Fix CONNMARK save/restore (Tom Eastep <teastep@shorewall.net>, Pawel Sikora <pluto@agmk.net>) ibipt_CONNMARK.c
56506a10c3bc3e13134db607fd94b4f4067426f3	25-May-2005	Rusty Russell <rusty@rustcorp.com.au>	While adding testing for inversion of multiport, noticed that documentation about --ports is *wrong*. Ports do not have to be equal: either dest or src being in list is enough for match. ibipt_multiport.man
38ed421276ff0312965c96754b4bc01d0e4f0679	04-May-2005	Harald Welte <laforge@gnumonks.org>	include FIN bit in mask of "--syn" bits ibipt_tcp.c ibipt_tcp.man
e556800cf137e49a47cf1ac889c613f5d33cfe3b	02-May-2005	Patrick McHardy <kaber@trash.net>	Ignore unknown arguments in libipt_ULOG (Patrick McHardy <kaber@trash.net>) ibipt_ULOG.c
1c0f2365ab7a884cc3e1aaed487ecdc2109fe0e2	24-Apr-2005	Piotrek Kaczmarek <kaczorek@daleka.net>	Fix connbytes command line parsing bug (Piotrek Kaczmarek <kaczorek@daleka.net>) ibipt_connbytes.c
7d7745153bcb13ea5f53fb51b44885718f7d8398	15-Apr-2005	Harald Welte <laforge@gnumonks.org>	pull out pmtu changes to fix compilation issues ibipt_REJECT.c ibipt_REJECT.man
7a8bdfdd5f21c67fd1d47d2b1d94b5a61d2e14af	10-Apr-2005	Florian Lohoff <flo@rfc822.org>	add REJECT with icmp-frag-needed (Florian Lohoff) ibipt_REJECT.c ibipt_REJECT.man
182f3f62acbcb88b615b3d7d5940e316472be049	01-Apr-2005	Phil Oester <kernel@linuxace.com>	don't allow newlines in LOG prefix (Phil Oester) (Closes: #312) ibip6t_LOG.c ibipt_LOG.c
f33c46140f0e0a230aba5d739ce40cb14e066b13	01-Apr-2005	Jonas Berlin <xkr47@outerspace.dyndns.org>	add lots of man pages (Jonas Berlin) ibipt_IPMARK.man ibipt_IPV4OPTSSTRIP.man ibipt_SAME.man ibipt_TARPIT.man ibipt_XOR.man ibipt_account.man ibipt_comment.man ibipt_connbytes.man ibipt_connlimit.man ibipt_hashlimit.man ibipt_ipv4options.man ibipt_osf.man ibipt_psd.man ibipt_quota.man ibipt_recent.man ibipt_sctp.man ibipt_u32.man
b9e814c4f3162a3f4deb93c42481fb1e4ca4f42e	18-Mar-2005	Michal Pokrywka <mpokrywka@hoga.pl>	SET target bugfix by Michal Pokrywka applied ibipt_SET.c
1afcffdeba6ebfd383a846d18d01b2fb4c072a59	16-Mar-2005	Torsten Lüttgert <t.luettgert@pressestimmen.de>	Fix TCPLAG version (Torsten Lüttgert <t.luettgert@pressestimmen.de>) ibipt_TCPLAG.c
8b7cc8a00d78810542efdeca309cd8bcccde6513	15-Mar-2005	Jonas Berlin <xkr47@outerspace.dyndns.org>	improve REDIRECT manpage (Jonas Berlin <xkr47@outerspace.dyndns.org>) ibipt_REDIRECT.man
800938fcabe76265d273fa0552dcf674d33973aa	07-Mar-2005	Pablo Neira <pablo@eurodev.net>	This fixes rule deletion in CLUSTERIP in iptables (Pablo Neira) ibipt_CLUSTERIP.c
8115e5425721cd610b6390c3d4c24540773b0520	14-Feb-2005	Pablo Neira <pablo@eurodev.net>	Kill NFC_* stuff in iptables (Pablo Neira <pablo@eurodev.net>) Fixes build with conntrack event patch for 2.6 ibip6t_LOG.c ibip6t_REJECT.c ibip6t_condition.c ibip6t_eui64.c ibip6t_fuzzy.c ibip6t_hl.c ibip6t_icmpv6.c ibip6t_ipv6header.c ibip6t_length.c ibip6t_limit.c ibip6t_mac.c ibip6t_mark.c ibip6t_multiport.c ibip6t_nth.c ibip6t_owner.c ibip6t_random.c ibip6t_tcp.c ibip6t_udp.c ibipt_BALANCE.c ibipt_DNAT.c ibipt_IPMARK.c ibipt_IPV4OPTSSTRIP.c ibipt_LOG.c ibipt_MASQUERADE.c ibipt_NETLINK.c ibipt_NETMAP.c ibipt_POOL.c ibipt_REDIRECT.c ibipt_REJECT.c ibipt_SAME.c ibipt_SET.c ibipt_SNAT.c ibipt_TARPIT.c ibipt_TCPLAG.c ibipt_ULOG.c ibipt_account.c ibipt_addrtype.c ibipt_childlevel.c ibipt_comment.c ibipt_condition.c ibipt_connbytes.c ibipt_connlimit.c ibipt_connrate.c ibipt_conntrack.c ibipt_dscp.c ibipt_dstlimit.c ibipt_ecn.c ibipt_fuzzy.c ibipt_hashlimit.c ibipt_helper.c ibipt_icmp.c ibipt_iprange.c ibipt_ipv4options.c ibipt_length.c ibipt_limit.c ibipt_mac.c ibipt_mark.c ibipt_mport.c ibipt_multiport.c ibipt_nth.c ibipt_osf.c ibipt_owner.c ibipt_pkttype.c ibipt_pool.c ibipt_psd.c ibipt_quota.c ibipt_random.c ibipt_realm.c ibipt_recent.c ibipt_record_rpc.c ibipt_rpc.c ibipt_sctp.c ibipt_set.c ibipt_state.c ibipt_string.c ibipt_tcp.c ibipt_tcpmss.c ibipt_time.c ibipt_tos.c ibipt_ttl.c ibipt_u32.c ibipt_udp.c ibipt_unclean.c
69558bf5d1acbc9112b7568d9db6aec2efa0fd7a	13-Feb-2005	Harald Welte <laforge@gnumonks.org>	Allow "--realm ! foo" and "! --realm foo" (Closes: #297) ibipt_realm.c
8430fb96e331987c4e3ccd9195ddd33b4099ab51	13-Feb-2005	Harald Welte <laforge@gnumonks.org>	fix missing comma at end of line ibip6t_random.c
02964b869a8616b41e4c2dc899ff23921aaaa4b0	12-Feb-2005	Martin Josefsson <gandalf@wlug.westbo.se>	Fix CONNMARK/connmark issues with 64bit kernel and 32bit userspace. Also fixes a typo in CONNMARK, --mask set the mark, not the mask. Initial patch by: Pablo Neira <pablo@eurodev.net> Signed-off-by: Martin Josefsson <gandalf@wlug.westbo.se> ibipt_CONNMARK.c ibipt_connmark.c
61d274fc47d0a69a2b4aa005a3a786774f1200c9	08-Feb-2005	Harald Welte <laforge@gnumonks.org>	try to fix realm save/restore issue (Adresses: #297) ibipt_realm.c
77cb03f05f5cc43de409c978712ba17843cbad8d	07-Feb-2005	Samuel Jean <sj-netfilter@cookinglinux.org>	Fix rule deletion (hinfo pointer initialized by kernel, don't compare it in userspace). (Samuel Jean) ibipt_hashlimit.c
e6ebb1cf6ddf49cff467131f42a15fa40aaade0b	07-Feb-2005	Nikolai Malykh <nmalykh@bilim.com>	fix parameter handling in libipt_hashlimit with iptables-save (Nikolai Malykh) ibipt_hashlimit.c
b2eedcdf84c037e346bdd4e804decf95de66cbf7	02-Feb-2005	Phil Oester <kernel@linuxace.com>	Add support for inversion to multiport revision 1. Signed-off-by: Phil Oester <kernel@linuxace.com> ibipt_multiport.c
37963e0e357b31b6378cc711a7ca54dad5f7f921	01-Feb-2005	Harald Welte <laforge@gnumonks.org>	fix compiler warning about discarding const ibipt_CLUSTERIP.c
58e7285844eacbaa9d7510f4dd6c986b5c649fc8	01-Feb-2005	Harald Welte <laforge@gnumonks.org>	add missing comma ibip6t_tcp.c
3d121875b169e3a95a768021efe8eb6a5f650f1f	01-Feb-2005	Harald Welte <laforge@gnumonks.org>	fix typo ibip6t_multiport.c
02aa73312d6078b6de26757d5a558e0085ec20b5	01-Feb-2005	Harald Welte <laforge@gnumonks.org>	make structure initializers use C99 standard (Harald Welte) ibip6t_REJECT.c ibip6t_ROUTE.c ibip6t_eui64.c ibip6t_hbh.c ibip6t_icmpv6.c ibip6t_ipv6header.c ibip6t_length.c ibip6t_limit.c ibip6t_mac.c ibip6t_mark.c ibip6t_multiport.c ibip6t_nth.c ibip6t_owner.c ibip6t_physdev.c ibip6t_random.c ibip6t_rt.c ibip6t_standard.c ibip6t_tcp.c ibip6t_udp.c
de5ba5db3fd28dbb4cf3f3ec23b888ce0e1e1e4d	01-Feb-2005	Harald Welte <laforge@gnumonks.org>	check for colons ibipt_SNAT.c
fcbab568c52643337d42e48a57b45be481db2e05	01-Feb-2005	Harald Welte <laforge@gnumonks.org>	Use C99 initializers ibip6t_HL.c
3fb61f3d4a194ba989fe8470f16064f20e59e3bc	01-Feb-2005	Phil Oester <kernel@linuxace.com>	John McCann points out via bugzilla that iptables happily accepts this syntax on DNAT/SNAT: --to x.x.x.x:y:z but doesn't actually make use of the second port. Clear up the confusion by only accepting a dash between the ports. This closes bugzilla #265. Signed-off-by: Phil Oester <kernel@linuxace.com> ibipt_DNAT.c
22a8c9365f62cf64141e93a574a7b41ba66a4dbe	22-Jan-2005	Nikolai Malykh <nmalykh@bilim.com>	fix name of 'extra_opts' structure member (Nikolai Malykh) ibipt_dstlimit.c
2b9a577a68c49d4ac3f44dbf0eb6c622de6b5c30	05-Jan-2005	Martin Josefsson <gandalf@wlug.westbo.se>	Make it compile on current kernels, the future isn't here yet. ibipt_LOG.c
225f462b814a47394858b5994acdcc4f3c951a66	03-Jan-2005	Rusty Russell <rusty@rustcorp.com.au>	Testsuite found an issue: multiport accepts -p ! tcp. ibipt_multiport.c
5df9547e093c4fef0bb926adb268dbd020e543a6	03-Jan-2005	Pablo Neira <pablo@eurodev.net>	Pablo Neira: Multiport revision 1 userspace support. ibipt_multiport.c
3aef54dce4f9bbe0b466478fd33a1d3131efbbb8	03-Jan-2005	Rusty Russell <rusty@rustcorp.com.au>	Extension revision number support (if kernel supports the getsockopts). Enhance MARK match with second revision. Committed in anticipation of the kernel patch being applied. ibipt_MARK.c
708f7b97a5a7455abf5c3c5a86bf6603c6c7a1c5	03-Jan-2005	Nicolas Bouliane <nib@cookinglinux.org>	Prevent user from using --helper multiple times (Nicolas Bouliane <nib@cookinglinux.org>) ibipt_helper.c
f46e1afd45c6d735c8bb8f5a67286780ff40be6a	03-Jan-2005	John Lange <john.lange@open-it.ca>	Add --log-uid option (John Lange <john.lange@open-it.ca>) ibipt_LOG.c ibipt_LOG.man
3ef2fb8f721418491b3459441331496ee3ed24bd	29-Dec-2004	Rusty Russell <rusty@rustcorp.com.au>	Fix compile error introduced by C99 conversion. ibipt_helper.c
8caee8b9e34fed4562fcff553197c161fc9d9979	28-Dec-2004	Pablo Neira <pablo@eurodev.net>	Pablo Neira: extensions conversion to C99 structure initialization (I removed the revision stuff for the moment, but this needs to go in before the code moves too much --RR) ibipt_BALANCE.c ibipt_CLASSIFY.c ibipt_CLUSTERIP.c ibipt_DNAT.c ibipt_DSCP.c ibipt_ECN.c ibipt_FTOS.c ibipt_IPMARK.c ibipt_IPV4OPTSSTRIP.c ibipt_MARK.c ibipt_MASQUERADE.c ibipt_MIRROR.c ibipt_NETLINK.c ibipt_NETMAP.c ibipt_POOL.c ibipt_REDIRECT.c ibipt_REJECT.c ibipt_ROUTE.c ibipt_SAME.c ibipt_SNAT.c ibipt_TARPIT.c ibipt_TCPMSS.c ibipt_TOS.c ibipt_TTL.c ibipt_ULOG.c ibipt_XOR.c ibipt_addrtype.c ibipt_ah.c ibipt_comment.c ibipt_condition.c ibipt_connbytes.c ibipt_connlimit.c ibipt_connrate.c ibipt_conntrack.c ibipt_dscp.c ibipt_dstlimit.c ibipt_esp.c ibipt_fuzzy.c ibipt_hashlimit.c ibipt_helper.c ibipt_icmp.c ibipt_iprange.c ibipt_ipv4options.c ibipt_length.c ibipt_limit.c ibipt_mac.c ibipt_mark.c ibipt_mport.c ibipt_multiport.c ibipt_nth.c ibipt_owner.c ibipt_physdev.c ibipt_pkttype.c ibipt_pool.c ibipt_psd.c ibipt_quota.c ibipt_random.c ibipt_realm.c ibipt_rpc.c ibipt_standard.c ibipt_state.c ibipt_tcp.c ibipt_tcpmss.c ibipt_time.c ibipt_tos.c ibipt_ttl.c ibipt_u32.c ibipt_udp.c ibipt_unclean.c
70f758db30e46d084397d89bfb670274b0288ac8	22-Dec-2004	Rusty Russell <rusty@rustcorp.com.au>	Use string_to_number. Don't check for no optarg: we set has_arg to 1 in option array, so getopt does that for us. ibipt_ttl.c
0b46d1db6b3b71265b1c1a15dbfca4025ab26494	20-Dec-2004	Nicolas Bouliane <nib@cookinglinux.org>	Nicolas Bouliane: I was writing an nfsim .sim for the match tos, when I realized that when we enter --tos twice the second overwrite the first. ibipt_tos.c
3f2987813d32da5eb40afdc58e5bff39bf51cd0b	14-Dec-2004	Patrick Schaaf <bof@bof.de>	ROUTE --tee target extension (Patrick Schaaf) ibip6t_ROUTE.c ibip6t_ROUTE.man ibipt_ROUTE.c ibipt_ROUTE.man
b9a4938640a631a281f805d1dca343651c8d4a20	01-Dec-2004	Joszef Kadlecsik <kadlec@blackhole.kfki.hu>	ipset 2 related updates (JK) ibipt_SET.c ibipt_SET.man ibipt_set.c ibipt_set.h ibipt_set.man
7dc57e2933f0d6eeefb7c6d937c56655e5d1c9ea	18-Nov-2004	Harald Welte <laforge@gnumonks.org>	fix some compiler warnings and errors ibipt_connbytes.c
93f4a3d72ad082ea42d67787d43e25343890dcdc	18-Nov-2004	Harald Welte <laforge@gnumonks.org>	sync with latest patch-o-matic-ng update (support direction and mode parameters) ibipt_connbytes.c
60953f027743af52ba6d3ea4561b5ae169629cd0	21-Oct-2004	Harald Welte <laforge@gnumonks.org>	minor syntax fixes ibipt_hashlimit.c
5d4a1b8d4fdbd4f23245c748c7045929dfea52c1	20-Oct-2004	Harald Welte <laforge@gnumonks.org>	- add hashlimit to makefile - fix typo in libipt_hashlimit akefile ibipt_hashlimit.c
77e2ecac2ad27fa93a99363279f015ce7b0ee114	20-Oct-2004	Harald Welte <laforge@gnumonks.org>	hashlimit port of userspace plugin ibipt_hashlimit.c
373f8e9a4d0b7794290f590b5664d3718bfbde15	03-Oct-2004	Patrick McHardy <kaber@trash.net>	Mention owner brokenness in manpage ibip6t_owner.man ibipt_owner.man
2608b6e268635aca5d885cd551b4d3d6f4dbd7e6	01-Oct-2004	Phil Oester <kernel@linuxace.com>	note owner match brokenness in helptext, closes bugzilla #244 (Phil Oester) ibipt_owner.c
1b68d2e9643b6775749f190cd63cd80275b1999f	26-Sep-2004	Phil Oester <kernel@linuxace.com>	Add comment about time not adhering DST (Phil Oester) (Closes: #75) ibipt_time.c
4066ee9e891e1d482cb90fb7c47213bfa6f3fb5b	22-Sep-2004	Simon Lodal <simonl@parknet.dk>	realm: fix inversion (Simon Lodal) ibipt_realm.c
57ff0b441bab760d0b78d762b6367af1b1a67a1f	21-Sep-2004	Phil Oester <kernel@linuxace.com>	Fix half-working ipv6 limit invert check (Phil Oester) ibip6t_limit.c
2731398efe38c42b703d2751852e97bd2198663d	21-Sep-2004	Phil Oester <kernel@linuxace.com>	Fix half-working dstlimit invert check (Phil Oester) ibipt_dstlimit.c
35160ee618b7015f7dd9da0cf199a518e3b8b70e	21-Sep-2004	Phil Oester <kernel@linuxace.com>	limit match does not support invert, warn about it. Closes bugzilla #95 (Phil Oester) ibipt_limit.c
514b1b488eaf07d66e209681f4f34246d7db2f60	20-Sep-2004	Brad Fisher <brad@info-link.net>	Add comment match extension (Brad Fisher) akefile ibipt_comment.c
6a93fa02bb4f98156196088e14603ab4707745ed	18-Sep-2004	Phil Oester <kernel@linuxace.com>	fix psd option parsing (Phil Oester) ibipt_psd.c
d0a2e8adfaa8bc60f2c52f64ab32ca11d00e49db	18-Sep-2004	Patrick McHardy <kaber@trash.net>	Print error when '!' is used with multiport. Based on patch by Phil Oester. ibip6t_multiport.c ibipt_mport.c ibipt_multiport.c
13218fbdc92e704953d01333ea10bd623821b71e	13-Sep-2004	Bart De Schuymer <bdschuym@pandora.be>	port physdev to ip6tables (Bart De Schuymer) akefile ibip6t_physdev.c ibip6t_physdev.man
63730f10f09b39a6b4d2257fd0bd380f9306ba52	02-Sep-2004	Piotr Gasidło <quaker@pandora.barbara.ds.polsl.gliwice.pl>	Fix number parsing (Piotr Gasidlo) ibipt_u32.c
161b35f372c1612863f9ebd327e6c4a9f0959e2a	24-Aug-2004	Youza Youzovic <youza@post.cz>	add missing spaces in 'save' printout (youza@post.cz) (Closes: #235) ibipt_connbytes.c
7defa34947c015cf8f8ea40dd29be5cedc9e73cd	23-Aug-2004	Phil Oester <kernel@linuxace.com>	Cleanup ttl-match option parsing, fixes bugzilla #183 (Phil Oester) ibipt_ttl.c
811b040b4d9fbf98e6206e8200caa6825210d3a9	23-Aug-2004	Phil Oester <kernel@linuxace.com>	Fix conntrack-match typo, fixes bugzilla #194 (Phil Oester) ibipt_conntrack.c
46e8538e2254fcd48517067b659bcdc8ba1c3cc0	28-Jul-2004	Maciej Soltysiak <solt@dns.toxicfilms.tv>	Limit ttl-value to 0-255 (Maciej Soltysiak <solt@dns.toxicfilms.tv>) ibip6t_HL.c
37fd00d68995779dafde80ee51eaeaaaa5c149c0	27-Jul-2004	Nicolas Bouliane <nib@cookinglinux.org>	Check that TTL is between 0 and 255 (Nicolas Bouliane) ibipt_TTL.c
07de9c0c5fd0bb9c0d135811eb44eea181cdf553	23-Jul-2004	Piotr Gasidło <quaker@pandora.barbara.eu.org>	update to ipt_account 0.1.16 (Piotr Gasid?o) ibipt_account.c
5e4bb564d9c1b7a4ecd14cac52224ae9c63b38b5	16-Jul-2004	Harald Welte <laforge@gnumonks.org>	In C, we declare variables at the top of function (Olivier Clerget) ibipt_time.c
b9c6ec1fbe185b38071cdab9d50538ae35c8ad26	12-Jul-2004	Nicolas Bouliane <nib@cookinglinux.org>	Giving --dst-range twice to iprange did not ring the bell Bug reported and fixed by Nicolas Bouliane ibipt_iprange.c
3e2b8df5bb07dcb04216e2f54d528d7f01de5932	11-Jul-2004	Harald Welte <laforge@gnumonks.org>	fix syntax of help message ibipt_nth.c ibipt_random.c
f92ab33303163a221e9edd5591193f938cda7c9e	28-Jun-2004	Patrick McHardy <kaber@trash.net>	Add addrtype match to list of unconditionally built extensions addrtype-test akefile
e4077d02a9deb86bf88ca65795c5702ef0f1a866	17-Jun-2004	Joszef Kadlecsik <kadlec@blackhole.kfki.hu>	Semicolon were missing in the added assigment lines akefile
d566c9bed88daba44b913dc159a771659cb68f6a	17-Jun-2004	Joszef Kadlecsik <kadlec@blackhole.kfki.hu>	Fix for empty extra match/target man page list processing akefile
c5617bf84475028dd1663cde076b93f355ce42a7	26-May-2004	Martin Josefsson <gandalf@wlug.westbo.se>	With a 64bit kernel only the high 32bits of nfmark was used regardless of 32/64bit userspace. This makes it quite hard to interoperate with 'tc'. Sync ipv6 versions with ipv4 versions. Tested on x86 and sparc64 with both 32bit and 64bit userspace. ibip6t_MARK.c ibip6t_mark.c ibipt_MARK.c ibipt_mark.c
a28d495285ad7dd9f286d63958cf20d74eec6bcb	26-May-2004	Martin Josefsson <gandalf@wlug.westbo.se>	Get rid of some warnings when compiling 64bit. ibip6t_LOG.c ibipt_LOG.c ibipt_ULOG.c ibipt_owner.c
1eb0081027ee567e822b24377ea614e66c408ff2	26-May-2004	Martin Josefsson <gandalf@wlug.westbo.se>	Fix 64bit kernel / 32bit userspace issue. Sync header with kernel. ibipt_SAME.c ibipt_ULOG.c
1da399c30a2c42490f1c6cb84857e31522546c9d	26-May-2004	Martin Josefsson <gandalf@wlug.westbo.se>	Fix 64bit kernel / 32bit userspace issue. ibip6t_limit.c ibipt_conntrack.c ibipt_limit.c
1f661e3c268496d72d4de73bac7a86920a508cce	26-May-2004	Martin Josefsson <gandalf@wlug.westbo.se>	What is this doing here? Go away. ibipt_MARK.c
114608849951fdc6fdee1a0be7c35f5d86e38bee	08-May-2004	Martin Josefsson <gandalf@wlug.westbo.se>	don't use signed things... ibipt_connbytes.c
db503f9a45f2a765ef63834a2c9416ccf59385af	05-May-2004	Joszef Kadlecsik <kadlec@blackhole.kfki.hu>	Fabrice's time match update + Tom Eastep's conntrack mach fix applied (JK) ibipt_conntrack.c ibipt_time.c ibipt_time.man
7737eec010d91eef238271294f1f21cba8122c74	18-Apr-2004	Nuuti Kotivuori <naked@iki.fi>	Add connrate match userspace part (Nuuti Kotivuori) connrate-test ibipt_connrate.c ibipt_connrate.man
d89b2f44a687f91750a21f07b603ee9e31b768e9	15-Apr-2004	Harald Welte <laforge@gnumonks.org>	fix typo ibipt_dstlimit.c
c9dd71a16506acb598b89d8e01d0b01390009b0b	07-Apr-2004	Martin Josefsson <gandalf@wlug.westbo.se>	Fix missing 6 (Bjorn Mattsson) akefile
4f37d48f03bec7bf5e23a6e8b313c1285578c958	17-Mar-2004	Piotr Gasidło <quaker@pandora.barbara.eu.org>	add userspace support for 'ipt_account' match (Piotr Gasid'o) account-test ibipt_account.c
920463da635a2e28c2673a3101109de58108f429	04-Mar-2004	Maciej Soltysiak <solt@dns.toxicfilms.tv>	Fix missing newline in libipt_DSCP help-text (Maciej Soltysiak) ibipt_DSCP.c
54924023ee598e626423ef9c222eff0e8d28dfac	02-Mar-2004	Kiran Kumar <immidi_kiran@yahoo.com>	update for matching chunk flags (Kiran Kumar) ibipt_sctp.c
dd6dd3ec5390807bf52e1afe7f4ec9489fc4dcb4	29-Feb-2004	Evgeniy Polyakov <johnpol@2ka.mipt.ru>	add support for netlink reporting to ipt_osf (Evgeniy Polyakov) ibipt_osf.c
0be628561762d37090155afb6322da8f8ce4789c	22-Feb-2004	Harald Welte <laforge@gnumonks.org>	don't print/save parameters that were automatically chosen. Only show real values as specified by administrator. ibipt_dstlimit.c
129152307ba7b09c9ad667eee2c4e0d23f7c500b	21-Feb-2004	Harald Welte <laforge@gnumonks.org>	add userspace part of SCTP match akefile ibipt_sctp.c
b58ee5402818d3bf5ca506749c6a6402ca3a8c1b	17-Feb-2004	Harald Welte <laforge@gnumonks.org>	add childlevel match support childlevel-test ibipt_childlevel.c ibipt_childlevel.man
435c99c1be6f336172be8e65a7951d5724b06685	17-Feb-2004	Harald Welte <laforge@gnumonks.org>	- work with new matchinfo struct - fix save() function - fix dstport/destport ambiguity ibipt_dstlimit.c
f020d6351e7a7eb66c59dd8198839e4296d6a470	16-Feb-2004	Harald Welte <laforge@gnumonks.org>	add save() of dstlimit-name ibipt_dstlimit.c
6132e80e1d438086baf5a1331b907b684bf78546	16-Feb-2004	Harald Welte <laforge@gnumonks.org>	fix various errors in save() function ibipt_dstlimit.c
9c50ebe1b02335cfacbee0472d9c5f83612c6016	09-Feb-2004	Joszef Kadlecsik <kadlec@blackhole.kfki.hu>	Userspace part of sets: ipset added (JK) set-test ibipt_SET.c ibipt_set.c
09603cb48b44d8a8da26d1ca836343a3a0fd9540	04-Feb-2004	Harald Welte <laforge@gnumonks.org>	fix mask '/0' case (David Ahern) (Closes: #147) ibipt_connlimit.c
d2979574652b9c1a49bd25c0e927912cab0a3ac5	04-Feb-2004	Harald Welte <laforge@gnumonks.org>	fix '--icmp-type any' case ibipt_icmp.c
a6ef99487b05ac5f358cb58d9448e28ac5f38b30	03-Feb-2004	Henrik Nordstrom <hno@marasystems.com>	latest version of CONNMARK (Henrik Nordstrom) ibipt_CONNMARK.c ibipt_CONNMARK.man ibipt_connmark.c ibipt_connmark.man
073df8feb0a8c4023ce40138e519ac9b341b1ca2	31-Jan-2004	Karsten Desler <kdesler@soohrt.org>	Fix even more possibly not zero-terminated strings after copy (Karsten Desler) ibip6t_owner.c ibipt_XOR.c ibipt_helper.c ibipt_owner.c ibipt_recent.c
867f4db6d500b9981bba8e8ec52a097ed6f6dd89	27-Jan-2004	Henrik Nordstrom <hno@marasystems.com>	use <stddef.h> instead of <linux/stddef.h> (Henrik Nordstrom) ibipt_time.c
c2794131b445ebccba184066af6d3fb2f38d1f38	22-Jan-2004	Henrik Nordstrom <hno@marasystems.com>	split manpages into per-extension manpage snippet (Henrik Nordstrom) add lots of missing manpage snippets (Harald Welte) akefile ibip6t_HL.man ibip6t_LOG.man ibip6t_MARK.man ibip6t_REJECT.man ibip6t_ROUTE.man ibip6t_TRACE.man ibip6t_ah.man ibip6t_condition.man ibip6t_dst.man ibip6t_esp.man ibip6t_eui64.man ibip6t_frag.man ibip6t_fuzzy.man ibip6t_hbh.man ibip6t_hl.man ibip6t_icmpv6.man ibip6t_ipv6header.man ibip6t_length.man ibip6t_limit.man ibip6t_mac.man ibip6t_mark.man ibip6t_multiport.man ibip6t_nth.man ibip6t_owner.man ibip6t_random.man ibip6t_rt.man ibip6t_tcp.man ibip6t_udp.man ibipt_BALANCE.man ibipt_CLASSIFY.man ibipt_CLUSTERIP.man ibipt_CONNMARK.man ibipt_DNAT.man ibipt_DSCP.man ibipt_ECN.man ibipt_LOG.man ibipt_MARK.man ibipt_MASQUERADE.man ibipt_MIRROR.man ibipt_NETMAP.man ibipt_NOTRACK.man ibipt_REDIRECT.man ibipt_REJECT.man ibipt_ROUTE.man ibipt_SNAT.man ibipt_TCPMSS.man ibipt_TOS.man ibipt_TRACE.man ibipt_TTL.man ibipt_ULOG.man ibipt_addrtype.man ibipt_ah.man ibipt_condition.man ibipt_conntrack.man ibipt_dscp.man ibipt_dstlimit.man ibipt_ecn.man ibipt_esp.man ibipt_fuzzy.man ibipt_helper.man ibipt_icmp.man ibipt_iprange.man ibipt_length.man ibipt_limit.man ibipt_mac.man ibipt_mark.man ibipt_mport.man ibipt_multiport.man ibipt_nth.man ibipt_owner.man ibipt_physdev.man ibipt_pkttype.man ibipt_random.man ibipt_realm.man ibipt_state.man ibipt_tcp.man ibipt_tcpmss.man ibipt_time.man ibipt_tos.man ibipt_ttl.man ibipt_udp.man ibipt_unclean.man
a753811078b056d7c394f420af4e6bed72a16126	05-Jan-2004	Harald Welte <laforge@gnumonks.org>	fix deleting of time rules (SooYoun Cho) (Closes: #169) ibipt_time.c
b807fb348369d852d031056f1c911f5b2b4c2114	05-Jan-2004	Michael Rash <mbr@cipherdyne.org>	Fix saving of non-printable characters in string (Michael Rash) (Closes: #168) ibipt_string.c
714c88476c4a637d67baaa078a7f13e27709b430	02-Jan-2004	Harald Welte <laforge@gnumonks.org>	forgot to commit the last osf userspace update ibipt_osf.c
db986e8a33ddd84be9045494d8d94ffd775be0fb	26-Nov-2003	Harald Welte <laforge@gnumonks.org>	add mac check ibipt_CLUSTERIP.c
f997120aaa36b28b6949813ed2cb2fa87fd65bd0	20-Nov-2003	Harald Welte <laforge@gnumonks.org>	support for srcip-* hashmodes added ibipt_dstlimit.c
38d4d45b6ed5c318cbe1017f650428046f04d33c	15-Nov-2003	Harald Welte <laforge@gnumonks.org>	added name member for proc-file ibipt_dstlimit.c
4fe389f87d5b8be160a6706823d5aa71deb78835	13-Nov-2003	Harald Welte <laforge@gnumonks.org>	add dstlimit extension (kernel code in patch-o-matic soon) dstlimit-test ibipt_dstlimit.c
c340f6c3020d10975241662d449046eb4ca7a020	11-Nov-2003	Harald Welte <laforge@gnumonks.org>	new CLUSTERIP target, currently in development. kernel code will follow soon CLUSTERIP-test ibipt_CLUSTERIP.c
1d095f8df6570b832b4c95d89e9a98541e85f4c7	30-Oct-2003	Yasuyuki KOZAKAI <yasuyuki.kozakai@toshiba.co.jp>	Fix invalid port number (Yasuyuki Kozakai) ibipt_MASQUERADE.c
11ce3320a0140425dac9e01c9d74f12e6afa1e58	08-Oct-2003	Harald Welte <laforge@gnumonks.org>	unconditionally build libipt_connmark.so (Carlo Pires) akefile
3bdcc221cda8e7d5053e83ef8e535b9902ac9a6d	07-Oct-2003	Harald Welte <laforge@gnumonks.org>	unconditionally build TRACE and NOTRACK plugins NOTRACK-test TRACE-test TRACE-test6 akefile
4dc734c73cc4a0ff87c0ce3673544628b58c7e24	07-Oct-2003	Harald Welte <laforge@gnumonks.org>	add support for the raw table to userspace ibipt_conntrack.c ibipt_state.c
7fb4d1f3143eb1235aacc424b29e296948a78034	02-Oct-2003	Thomas Woerner <twoerner@redhat.com>	fix saving of udp port range in ip6tables (Thomas Woerner) ibip6t_udp.c
aeba2406d2657fff3c00578f96b7dd8358b38d2e	22-Sep-2003	Evgeniy Polyakov <johnpol@2ka.mipt.ru>	further updates to the 'osf' module (Evgeniy Polyakov). now supports reading fingerprint data at runtime via /proc. ibipt_osf.c
c687c2086dcfa6f6505d96b359aff0b1e8eaccd3	13-Sep-2003	Harald Welte <laforge@gnumonks.org>	remove .NETMAP-test - build plugin unconditionally NETMAP-test
5119ad344261eab98d4490cf9889b5fc706ccb1d	13-Sep-2003	Evgeniy Polyakov <johnpol@2ka.mipt.ru>	add passive OS fingerprinting (Evgeniy Polyakov) osf-test ibipt_osf.c
174ef9f10cd07f9541b4174e4ce7c4e51917d769	05-Sep-2003	Cédric de Launois <delaunois@info.ucl.ac.be>	IPv6 'port' of ROUTE target (Cedric de Launois) ROUTE-test6 ibip6t_ROUTE.c
46a73cf56e9338c160223e617bdb4e85db300428	05-Sep-2003	Harald Welte <laforge@gnumonks.org>	1- printf() simplifications, 2- indentation fixes, 3- C99 initializers. (Stephane Ouellette) ibip6t_MARK.c ibip6t_frag.c
ad8d1ab2e36be7100afaf6fabfe3049423e51cce	04-Sep-2003	Harald Welte <laforge@gnumonks.org>	1- Fix preprocessor directive usage, 2- Redefine UNAME and LNAME macros such that their value is determined at compile-time, not at run-time, 3- Modify all printf() calls that use LNAME and UNAME to take advantage of the compile-time macro definitions, 4- More indentation fixes. (Stephane Ouellette) ibip6t_dst.c
a643c3eccb6a985e720c807f5a4c86347fc9b899	25-Aug-2003	Harald Welte <laforge@gnumonks.org>	add support for matching the IPS_CONFIRMED bit (Harald Welte) ibipt_conntrack.c
c8d8a2f4e376eb4b012a11a88e266ff291d87e90	24-Aug-2003	Telford Tendys <telford@triode.net.au>	add TCPLAG target (patch was lost on notebook drive) TCPLAG-test ibipt_TCPLAG.c
c6c85377dd5e4a14953dbd453e03cb1422741eed	24-Aug-2003	Harald Welte <laforge@gnumonks.org>	remove obsolete tests. the respective extensions are now built unconditionally CLASSIFY-test CONNMARK-test connmark-test iprange-test realm-test
105650a15e20255c5d037f32b8ef4a2431c59855	24-Aug-2003	Harald Welte <laforge@gnumonks.org>	add include files for soon-to-be-submitted patches (and build them unconditionally by putting thme in the extensions/Makefile) akefile
703575d4b45d15996ee2ca0b13d958a22cd78f4f	23-Aug-2003	Stephane Ouellette <ouellettes@videotron.ca>	various cosmetic / c99 cleanups (Stephane Ouellette) ibip6t_ah.c ibip6t_dst.c ibip6t_esp.c ibip6t_fuzzy.c
2be28abae41cd5de9eb9a9035e46304dab13093c	11-Aug-2003	Stephane Ouellette <ouellettes@videotron.ca>	remove unused variable and move to c99 initializers (Stephane Ouellette) ibip6t_LOG.c ibipt_LOG.c
ab859188054a65fe95f29ae7e0390a49f2173af6	25-Jul-2003	Cédric de Launois <delaunois@info.ucl.ac.be>	Updated version with new option to continue rule-traversal (Cedric de Launois) ibipt_ROUTE.c
01cbaa6125344733148615c1664be83d24097136	14-Jul-2003	Thomas Woerner <twoerner@redhat.com>	Fix iptables-save (save everything numerically) by Thomas Woerner <twoerner@redhat.com> ibip6t_LOG.c ibip6t_multiport.c ibipt_LOG.c ibipt_mport.c ibipt_multiport.c ibipt_psd.c
766113ac7457f4e14014d2accd5344a03bb6854f	19-Jun-2003	Martin Devera <devik@cdi.cz>	Add new connbytes match, include a warning (Martin Devera <devik@cdi.cz>) connbytes-test ibipt_connbytes.c
ce26c586c2217116c8e91628ce23f4429dccfae3	19-Jun-2003	Harald Welte <laforge@gnumonks.org>	fix saving of inverted parameters (same as in ipv4 libipt_owner.c) ibip6t_owner.c
cbc963941ef4abcb5c2d889b4173501e7a4cbc3b	19-Jun-2003	Oliver Fudd <ofudd@speed-test.net>	fix NETFILTER_VERSION -> IPTABLES_VERSION (Oliver Fudd ofudd@speed-test.net) ibipt_IPMARK.c
78c57fac86e7ac32332684e80429a8dab9a8f556	14-Jun-2003	Dave Zambonini <dave@alfar.co.uk>	Fix save-invert printout (David Zambonini, me) ibip6t_mac.c ibipt_mac.c
0cc203a59f2d8687f8ec3f6ebb86a81aaa574648	14-Jun-2003	Hime Junior <hime@engineer.com>	Fix save function (Hime Aguiar e Oliveira Jr.) ibip6t_fuzzy.c ibipt_fuzzy.c
0c1b776db83c5d49a2ec53f575deda9fd2fa03fc	01-Jun-2003	Sven Strickroth <sstrickroth@gym-oha.de>	Fix libipt_recent.c save() (Sven Strickroth) ibipt_recent.c
6640b3cbe3217a3e21aafc64f98d25bb6fc69be2	31-May-2003	Grzegorz Janoszka <Grzegorz.Janoszka@pro.onet.pl>	add new IPMARK target (Grzegorz Janoszka) IPMARK-test ibipt_IPMARK.c
926d46fc2998b7f59a0ca932852082b9bc9db4ed	31-May-2003	Tim Vandermeersch <tim.vandermeersch@pandora.be>	add XOR patch by Tim Vandermeersch XOR-test ibipt_XOR.c
5a52c517ebb2c7421f57b0f00f2de6697cdd7a9c	24-May-2003	Harald Welte <laforge@gnumonks.org>	finally commit the overly delayed RFC1812 admin prohibited option ibipt_REJECT.c
690a395725367c814ec20b5508a98eef9bea5bac	21-May-2003	Joszef Kadlecsik <kadlec@blackhole.kfki.hu>	Userspace files of the raw patch (JK). NOTRACK-test TRACE-test TRACE-test6 ibip6t_TRACE.c ibipt_NOTRACK.c ibipt_TRACE.c
46525cd3880d2b1aad0b049122a67c9e626ec6d9	07-May-2003	Stephane Ouellette <ouellettes@videotron.ca>	Cleanups (Stephane Ouellette) ibip6t_hl.c
6e0e0ed90a35cf3104874102a647ee8d2a2c1662	07-May-2003	Patrick McHardy <kaber@trash.net>	Add addrtype match (Patrick McHardy) addrtype-test ibipt_addrtype.c
8f578a09b56f010d5bcd30086a8f7c8132b35d92	03-May-2003	Harald Welte <laforge@gnumonks.org>	add (untested) sctp userspace support for even more untested kernel part (in pom soon) ibipt_sctp.c
63aee026e08f9dd1a4b9d551a5b3f650a9d1ada7	03-May-2003	Maciej Soltysiak <solt@dns.toxicfilms.tv>	add nth match for ipv6 (Maciej Soltysiak) nth-test6 ibip6t_nth.c
62fb4593f22e666b1fe3065be9d0c72a75dc91e4	03-May-2003	Maciej Soltysiak <solt@dns.toxifilms.tv>	add random6 patch (Maciej Soltysiak) random-test6 ibip6t_random.c
93b7e708ae3fe46c827c09b1ee6c1409597ce67a	03-May-2003	Martin Josefsson <gandalf@wlug.westbo.se>	fix saving of inverted owner match parameters (Martin Josefsson) ibipt_owner.c
59cbe17cee0499c8f25a8d9f29513f4c85e9b03c	30-Apr-2003	Harald Welte <laforge@gnumonks.org>	rename iplimit to connlimit akefile ibipt_connlimit.c
7a937bd94f611ccec176341ea1b7811634f8ed5c	30-Apr-2003	Harald Welte <laforge@gnumonks.org>	Fix typo in libipt_string (Nancy Fudd). (Closes: #89) ibipt_string.c
ed30c6bd6f4e9745468b095fbf8b1d0bd9844114	27-Apr-2003	Stephane Ouellette <ouellettes@videotron.ca>	the following two patches move the call to check_inverse() to a saner place and surround the condition name by double-quotes in save(). (Stephane Ouellette) ibip6t_condition.c ibipt_condition.c
451f3eaad6712ba790aeba1a5af41ef9ee007d68	27-Apr-2003	Stephane Ouellette <ouellettes@videotron.ca>	- Remove unneeded fputc() in help(). - C99 initializers. - In parse(), print an error message when multiple strings are specified on the command line. - Remove print_string(). This fixes save() when used with iptables-save/iptables-restore. (Stephane Ouellette) ibipt_string.c
30596a5e7ae8c518a8a0bbf3aa891728e9f9ec1b	27-Apr-2003	Bart De Schuymer <bdschuym@pandora.be>	ipt_physdev update (--physdev-is-{in,out,bridged}) by Bart de Schuymer ibipt_physdev.c
9cb66152f7286d9520dfe01406d27f09aac36a8e	23-Apr-2003	Joszef Kadlecsik <kadlec@blackhole.kfki.hu>	iprange match support added (Jozsef Kadlecsik) iprange-test ibipt_iprange.c
96d8593fffe816b3ee1bcd27df33beff5c404058	21-Apr-2003	Michael Rash <mbr@cipherdyne.org>	add fix to string match (Michael Rash) ibipt_string.c
27e1fa8d7bde95f3a0dbd627e7e15d26fa9ef1e3	14-Apr-2003	Stephen Frost <sfrost@snowman.net>	add ipt_recent version 0.3.1 to CVS ibipt_recent.c
5e3d5ca1b25b3cde9a40c5c74b7484dc909f097f	13-Apr-2003	Patrick McHardy <kaber@trash.net>	apply ipv6 port of ownercmd patch (Patrick McHardy) ibip6t_owner.c
22b21353f551f6f96a25f92e32ccfb39e24af98f	13-Apr-2003	Harald Welte <laforge@gnumonks.org>	no space between '#!' and '/bin/sh' CLASSIFY-test
244f7bc6d74e25e0d314db7714313420968563ad	11-Apr-2003	Joszef Kadlecsik <kadlec@blackhole.kfki.hu>	IPv6 port of the fuzzy match added. fuzzy-test6 ibip6t_fuzzy.c
6ab626bb74153c180f98e8ba6c8bff88d2d45ebc	11-Apr-2003	Joszef Kadlecsik <kadlec@blackhole.kfki.hu>	CLASSIFY target added. CLASSIFY-test ibipt_CLASSIFY.c
fb7ed72f53b4d1cf645cc7529a6dc68e2a7ecd26	11-Apr-2003	Stephane Ouellette <ouellettes@videotron.ca>	unused print_dscp removed, structures converted to C99 (Stephane Ouellette) ibipt_ecn.c
b217dce4785b1772c5dc1b45eca1757061268971	30-Mar-2003	Harald Welte <laforge@gnumonks.org>	compile with old kernel, new userspace ibipt_rpc.c
122e7c0808eb6f3092c1a1750bd02001efc7cfb3	30-Mar-2003	Harald Welte <laforge@gnumonks.org>	fix a compiler warning ibipt_recent.c
2aa78fe7b29140d601bee6f4999ea7c6869339c0	30-Mar-2003	Harald Welte <laforge@gnumonks.org>	fix error message if invalid flag is specified (Aaron Sethman) (Closes: #65) ibip6t_tcp.c ibipt_tcp.c
fbe3abea2fd199cada42d66d11e24c0c26a8760a	26-Mar-2003	Stephane Ouellette <ouellettes@videotron.ca>	fix parse error (Stephane Ouellette) ibip6t_condition.c ibipt_condition.c
9c8cdd4a2dc25f5e2f6836f7acc7800fd04b6f68	05-Mar-2003	Harald Welte <laforge@gnumonks.org>	dont build ipv6 when DO_IPV6=0 akefile
2354d928a6864e8753decc054873d562689577d3	05-Mar-2003	Harald Welte <laforge@gnumonks.org>	make DO_IPV6 work again.. akefile
d0ae04e7ee969882f6558f2ef8bca89a2d226e62	04-Mar-2003	Lutz Preßler <lp@sernet.de>	fix listing of conntrack match (lp@sernet.se) (Closes: #60) ibipt_conntrack.c
9230c11493abb0622f3df5f1cd6ccacbbf40cef3	03-Mar-2003	Hervé Eychenne <rv@wallfire.org>	add iptables 'helper' match manpage section (Herve Eychenne) ibipt_helper.c
d5903958e7fee47fa2828d7b2dc86238a15fa3dd	03-Mar-2003	Stephen Frost <sfrost@snowman.net>	'recent' match update by Stephen Frost: - Moved RECENT_NAME/RECENT_VER #define's to ipt_recent.h - Added #define for IPT_RECENT_NAME_LEN instead of using constants directly - Changed default packet count list length to 20 instead of 10 - Added option to define permissions for proc files created under /proc/net/ipt_recent - Changed printfs to be unsigned for unsigned variables - Added explicit NULL termination for table name - Fixed TTL checking to deal with TTL decrementing in routing logic, should work across chains now. - Side to check/set against is no longer per-table but per-rule, default src - Created unsigned time_temp for time caluclations instead of using signed temp variables - Fixed spinlock handling in checkentry to not vmalloc while holding a spinlock. - Cleaned up memory free'ing routines to correctly free all memory on failure - Fixed spinlock handling in destroy to not free while holding spinlock - Added sanity check to hash table size, if an invalid size is given the default will be used instead and a warning generated. - Fixed save() function in libipt_recent.c - Cleaned up and shortened recent.patch.help ibipt_recent.c
f8ac329cc9a8822273aefc6686d58cae07e8a8f9	26-Feb-2003	Michael Rash <mbr@cipherdyne.com>	Add support for hex strings (Michael Rash) ibipt_string.c
a2c70378a8ed7df652757dec01b9cc4b022b2f1c	25-Feb-2003	Stephane Ouellette <ouellettes@videotron.ca>	update to condition extension, add condition6 (Stephane Ouellette) condition-test6 ibip6t_condition.c ibipt_condition.c
fc9237da4e8455e34193a56e56e561d7cd0b31ba	25-Feb-2003	Harald Welte <laforge@gnumonks.org>	Fix '-p icmp -m icmp' issue (Closes: #37) ibipt_icmp.c
1254871c88483cc1a0adc448a83cab6a9d4510a1	11-Feb-2003	Bart De Schuymer <bdschuym@pandora.be>	add libipt_physdev.c (Bart de Schumyer) akefile ibipt_physdev.c
31ad6a249f3ead10e5d4111498f8022eb1169e19	01-Feb-2003	Harald Welte <laforge@gnumonks.org>	u32 match added u32-test ibipt_u32.c
4ac9fddb50eb4898f145d6daf14cbf97702ee763	13-Jan-2003	Harald Welte <laforge@gnumonks.org>	fix typo in help message ibipt_ECN.c
21218c8f083e36d905fddf7957dc91b35a15ffb4	12-Jan-2003	Harald Welte <laforge@gnumonks.org>	no absolute include paths ibipt_rpc.c
2aa84a489a9294730cf856f48bcf4802c04187ae	12-Jan-2003	Harald Welte <laforge@gnumonks.org>	add support for rpc match akefile ibipt_rpc.c
eb1c6464bb19d6192543473dc9d9835e00ba1435	08-Jan-2003	Cédric de Launois <delaunois@info.ucl.ac.be>	december update to ROUTE target ;) ibipt_ROUTE.c
60358d73482620aeafc34f38df36e462875fd244	08-Jan-2003	Maciej Soltysiak <solt@dns.toxicfilms.tv>	apply ipv6 hoplimit (hl match, HL target) patch (Maciej Soltysiak <solt@dns.toxicfilms.tv>) ibip6t_HL.c ibip6t_hl.c
fcb1646bf7c511d300b4c3ce916c3d835b9d63b0	06-Jan-2003	Harald Welte <laforge@gnumonks.org>	fix save() function when used with ! ibip6t_mac.c
d0b0ca42600b2a11009529f9cc2d21af5f60c1c8	06-Jan-2003	Harald Welte <laforge@gnumonks.org>	attempt to fix save/restore of '! --uid-owner squid' problem as reported by Costa Tsaousis ibipt_owner.c
4e53670bda3a61cdfc69c62f9748e208ccf9a5ba	05-Dec-2002	Aaron Hopkins <lists@die.net>	add TARPIT target (Aaron Hopkins) akefile ibipt_TARPIT.c
a858ef6873cefb349530a1051c4ec21b04fee207	05-Dec-2002	Cédric de Launois <delaunois@info.ucl.ac.be>	new '--to' option to route target (by original author) ibipt_ROUTE.c
c8c0f409a365cf6ad503454f15ea071108587204	05-Dec-2002	Gerry Skerbitz <gsker@attbi.com>	fix save() functions of libip[6]t_length (Gerry Skerbitz) ibip6t_length.c ibipt_length.c
dfba3ac05e9844a07e87d2c01be4917dc1a487c1	05-Dec-2002	Michael Schwendt <rh0209ms@arcor.de>	Fix save() function of libipt_conntrack (Michael Schwendt) ibipt_conntrack.c
2ef6881edb3509b5ed650e5a1ad1f78ea0d06560	05-Dec-2002	Oskar Berggren <beo@sgs.o.se>	fix save() function of libipt_pool (Oskar Berggren) ibipt_pool.c
9647359b12021df45159f38d6c16687b58623434	05-Dec-2002	Harald Welte <laforge@gnumonks.org>	fix save function of libipt_tos ibipt_tos.c
d57b0609ef00da33bcbc4a7b718a88b141f06c28	02-Nov-2002	Stephane Ouellette <ouellettes@videotron.ca>	add condition patch (Stephane Ouelle) condition-test ibipt_condition.c
c25718248bcb0ab737449226b9bf9416a5435b43	22-Oct-2002	Harald Welte <laforge@gnumonks.org>	update Fabrice's email address ibipt_IPV4OPTSSTRIP.c ibipt_nth.c ibipt_random.c
a18c0006bff022e75facd34608a7a0c2f6bd5380	02-Oct-2002	Harald Welte <laforge@gnumonks.org>	print space between '!' and mac address (Kristian Gronfeldt Sorensen) ibipt_mac.c
42479ccb51bc11c7097b6c0fdca63766fe298cd6	20-Sep-2002	Harald Welte <laforge@gnumonks.org>	fix connmark and mark match save() functions ibipt_connmark.c ibipt_mark.c
b05758a974c02c3c12449a102d82721da1073db5	15-Sep-2002	Jimmy Hedman <jimmy.hedman@southpole.se>	make save() function use quotes for --ulog-prefixto allow prefixes with spaces (Jimmy Hedman) ibipt_ULOG.c
010491fd08073baedbbb8407056de4428306c936	12-Sep-2002	Michael Schwendt <mschwendt@yahoo.com>	Fix save() functions of mac match,ipv4 and ipv6. (Michael Schwendt) ibip6t_mac.c ibipt_mac.c
e95bd7a204bd19bc526e599730bc86657d07f57b	07-Sep-2002	Michael Schwendt <mschwendt@yahoo.com>	make IPv4 and IPv6 LOG target save() the log-level as string, instead of the numeric value. (Michael Schwendt) ibip6t_LOG.c ibipt_LOG.c
a713ce0dba73e45d569bf62fdb5248bc1d4694e9	05-Sep-2002	Harald Welte <laforge@gnumonks.org>	fix save function of tcpmss match (Michael Schwendt) ibipt_tcpmss.c
769ef3058d9236905ddd69f3b1efce6833407350	29-Aug-2002	Harald Welte <laforge@gnumonks.org>	remove bogus '\n' ibipt_ULOG.c
070b7af06a088772451fcca25595a0fb2e2ea541	26-Aug-2002	Hime Junior <hime@engineer.com>	add fuzzy support (Hime Junior) fuzzy-test ibipt_fuzzy.c
2a7116ec8070adfe2c17abf822e23c8875da164e	26-Aug-2002	Harald Welte <laforge@gnumonks.org>	make NO_SHARED_LIBS work again (Roberto Nibali) ibipt_dscp_helper.c
f4e6683c5a4c80e494a2167d1a64d1b9c63587aa	09-Aug-2002	Harald Welte <laforge@gnumonks.org>	make libipt_helper.so build always, since it's now submitted to 2.4.20 helper-test akefile
e0f47ada0d9b447333ef9f4ece4cc32438ab989a	07-Aug-2002	Harald Welte <laforge@gnumonks.org>	remove bogus argument to printf() ibipt_ECN.c
a49ded0aced6e22e4fcc7a6463e0366e05550b37	07-Aug-2002	Harald Welte <laforge@gnumonks.org>	rename '--class' into '--dscp-class' and '--set-class' into '--set-dscp-class' in order not to waste the namespace ibipt_DSCP.c ibipt_dscp.c
ef22543936c50c57a8eab412a93a4d07d63e0e83	07-Aug-2002	Harald Welte <laforge@gnumonks.org>	rename 'host' in 'unicast' ibipt_pkttype.c
31d12a598c80f609e68550cf043b1c6b2fd0e35e	06-Aug-2002	Harald Welte <laforge@gnumonks.org>	do not show potentially dangerous parameteres of ECN target (Alexey) ibipt_ECN.c ibipt_MARK.c
92cad5f4a349daac294332b8f8f696b43c55d3fc	06-Aug-2002	Harald Welte <laforge@gnumonks.org>	fix typo in help message ibipt_ECN.c
c05c44fc6018fcd94df499c981d846ff20882c4c	05-Aug-2002	Harald Welte <laforge@gnumonks.org>	fix ECN_OP_SET_IP case (missing flags assignment and break stmt) ibipt_ECN.c
0e9ed738e0344ccb75b457dac5291f0849944c61	05-Aug-2002	Harald Welte <laforge@gnumonks.org>	remove bogus ECN_SHIFT from libipt_ecn.c ibipt_ecn.c
6e85beb63aa4bd2e7a6c2b6e4e58ca92f3156ba5	03-Aug-2002	Harald Welte <laforge@gnumonks.org>	make MARK target use string_to_number [and thus report range overflows]. ibipt_MARK.c
d15fb34c777c10a67f8db2b6960bc094b3284fc5	26-Jul-2002	Harald Welte <laforge@gnumonks.org>	check for invalid port ranges (Thomas Poehnitz) ibip6t_tcp.c ibip6t_udp.c ibipt_tcp.c ibipt_udp.c
158b0909fe185e7b6dfe3881add797b6d9bda30a	23-Jul-2002	Harald Welte <laforge@gnumonks.org>	add hint about local-nat.patch to KNOWN_BUGS, make libipt_ecn work ibipt_ecn.c
b7ff0ae0f43d338bcdaac3e334f95c7835b49774	08-Jul-2002	András Kis-Szabó <kisza@securityaudit.hu>	2x bugfixes for libip6t_tcp from Andras Kis-Szabo ibip6t_tcp.c
7e25327907409e0369d0fb0527f68f3b8db777be	24-Jun-2002	Cédric de Launois <delaunoi@info.ucl.ac.be>	update ROUTE target to 0.2.2 (Cedric de Launois) ibipt_ROUTE.c
0ddae8f8ade1084c38a1408d61b6a16725912283	21-Jun-2002	Iain Barnes <zenadsl3030@zen.co.uk>	move DSCP name/value conversion to libipt_dscp_helper.c (Iain Barnes) ibipt_DSCP.c ibipt_dscp.c ibipt_dscp_helper.c
7fdbc95796b8e592a445b3fb599fc99c25fc826b	21-Jun-2002	Stephen Frost <sfrost@snowman.net>	version 0.2.1 of ipt_recent patch (stephen frost) ibipt_recent.c
ae31bb6bac68f800a1e4b30cf2548dacaaf76102	14-Jun-2002	Fabrice MARIE <fabrice@celestix.com>	fix all compile warnings within iptables extensions (fabrice) ibip6t_REJECT.c ibip6t_dst.c ibip6t_hbh.c ibip6t_rt.c ibipt_recent.c
2318b508d123fea7a3bc267650ba7b6acec24342	13-Jun-2002	Cédric de Launois <delaunoi@info.ucl.ac.be>	add ROUTE target / rsip table ROUTE-test ibipt_ROUTE.c
671ef2f51def8575b0f9d37780be43be2373929d	04-Jun-2002	Harald Welte <laforge@gnumonks.org>	pool compile fixes ibipt_POOL.c
cff123aad2eecb9ca178a567469898575ae50a65	04-Jun-2002	Harald Welte <laforge@gnumonks.org>	make connmark patch comply with NO_SHARED_LIBS ibipt_CONNMARK.c ibipt_connmark.c
7a44731615d950a2966737d1d1c960859023f3a3	29-May-2002	Harald Welte <laforge@gnumonks.org>	add ECN match plugin akefile ibipt_ecn.c
7b49af40179706d42d98cb72330a07df37dcb7ea	29-May-2002	Harald Welte <laforge@gnumonks.org>	make ECN save function correcly save --ecn-tcp-remove ibipt_ECN.c
80fe35d6339b53a12ddaec41885613e4e37ed031	29-May-2002	Harald Welte <laforge@gnumonks.org>	globally replace NETFILTER_VERSION with IPTABLES_VERSION to have consistent naming ibip6t_LOG.c ibip6t_MARK.c ibip6t_REJECT.c ibip6t_ah.c ibip6t_dst.c ibip6t_esp.c ibip6t_eui64.c ibip6t_frag.c ibip6t_hbh.c ibip6t_icmpv6.c ibip6t_ipv6header.c ibip6t_length.c ibip6t_limit.c ibip6t_mac.c ibip6t_mark.c ibip6t_multiport.c ibip6t_owner.c ibip6t_rt.c ibip6t_standard.c ibip6t_tcp.c ibip6t_udp.c ibipt_BALANCE.c ibipt_CONNMARK.c ibipt_DNAT.c ibipt_DSCP.c ibipt_ECN.c ibipt_FTOS.c ibipt_IPV4OPTSSTRIP.c ibipt_LOG.c ibipt_MARK.c ibipt_MASQUERADE.c ibipt_MIRROR.c ibipt_NETLINK.c ibipt_NETMAP.c ibipt_POOL.c ibipt_REDIRECT.c ibipt_REJECT.c ibipt_SAME.c ibipt_SNAT.c ibipt_TCPMSS.c ibipt_TOS.c ibipt_TTL.c ibipt_ULOG.c ibipt_ah.c ibipt_connlimit.c ibipt_connmark.c ibipt_conntrack.c ibipt_dscp.c ibipt_esp.c ibipt_helper.c ibipt_icmp.c ibipt_ipv4options.c ibipt_length.c ibipt_limit.c ibipt_mac.c ibipt_mark.c ibipt_mport.c ibipt_multiport.c ibipt_nth.c ibipt_owner.c ibipt_pkttype.c ibipt_pool.c ibipt_psd.c ibipt_quota.c ibipt_random.c ibipt_realm.c ibipt_recent.c ibipt_record_rpc.c ibipt_standard.c ibipt_state.c ibipt_string.c ibipt_tcp.c ibipt_tcpmss.c ibipt_time.c ibipt_tos.c ibipt_ttl.c ibipt_udp.c ibipt_unclean.c
1c8fa733e6092029d97bc5b2b6a4cb13b513f2f0	29-May-2002	Harald Welte <laforge@gnumonks.org>	fix help message printout ibipt_ECN.c
c980a240bad8f8995805df3bfdfb18180dd08d03	29-May-2002	Harald Welte <laforge@gnumonks.org>	bring ECN plugin in sync with new ECN target ibipt_ECN.c
2ea56498b07506c00a511ddee39cb1c4bd85457d	29-Apr-2002	András Kis-Szabó <kisza@securityaudit.hu>	new HBH and DSTopts match for IPv6 by kisza opts-test6 ibip6t_dst.c ibip6t_hbh.c
fce8699bb8e87b0156a15df2358d1e7dc8222c16	29-Apr-2002	András Kis-Szabó <kisza@securityaudit.hu>	Route6 updates by Kisza: - Type0 address handling (up to 16 addresses) - 'soft' mode (--rt-0-not-strict): the address list in the packet is not exactly the same, but contains all the specified addresses in the same order ibip6t_rt.c
23e296c911cabd9ab488cdf2be54a67cd2f5b96c	27-Apr-2002	Harald Welte <laforge@gnumonks.org>	this file was missed during commit rt-test6
d8a12a841de648bd38dc52ba624d1ed1810a6333	24-Apr-2002	András Kis-Szabó <kisza@securityaudit.hu>	Some ipv6 fixes by kisza: AH save function fix (problem with --len ! 0) FRAG help fix FRAG save and prtint fix (problem with --len [!] 0) ibip6t_ah.c ibip6t_frag.c
a42041665a9d5d08d52a5f1a27916743fbb2736c	24-Apr-2002	András Kis-Szabó <kisza@securityaudit.hu>	New 'route6' match by kisza. ibip6t_rt.c
f6ed1d60cf9186333f2bca4fb581585c7263eedf	16-Apr-2002	Bob Hockney <zeus@ix.netcom.com>	fix libipt_mport save/restore (Bob Hockney) ibipt_mport.c
df5e13f1606f341d3ca513b51acd295d6d4c7ee7	11-Apr-2002	Iain Barnes <igbarnes@yahoo.co.uk>	DSCP class support (Iain Barnes) ibipt_DSCP.c
5cc4f7ef79a227e1825dd4496ca5c72a31400af8	10-Apr-2002	Silvan Minghetti <bullet@users.sourceforge.net>	Fix gcc3 compile errors (Silvan Minghetti) ibipt_ECN.c ibipt_owner.c
4b5566b718ccd52a11d5eabe1de9b1f4ff10ce41	01-Apr-2002	A. van Schie <a.van.schie@quicknet.nl>	fix bug in save() function of MASQUERADE target (A. van Schie) ibipt_MASQUERADE.c
f0ac814a2137abe334bd0000d59e9be4721e1ddc	26-Mar-2002	Harald Welte <laforge@gnumonks.org>	fix to save() and restore() functions of ah/esp match. ibipt_ah.c ibipt_esp.c
f1f447b836a714b4646450aaed3dd1aa6ab2808a	26-Mar-2002	András Kis-Szabó <kisza@securityaudit.hu>	new ip6 FRAG match by kisza frag-test6 ibip6t_frag.c
d32980df1da9d81a93280b4f0e023c58055c4b0c	25-Mar-2002	Harald Welte <laforge@gnumonks.org>	Add AH/ESP match for ipv6 ah-test6 esp-test6 ibip6t_ah.c ibip6t_esp.c
e920f29853671e9a7f7fea3e0b43305136793159	24-Mar-2002	Harald Welte <laforge@gnumonks.org>	ipv6 agr match now called eui64 ibip6t_agr.c ibip6t_eui64.c
07b69b60e98f7be23b7038b64b6d170be3ab7791	19-Mar-2002	Harald Welte <laforge@gnumonks.org>	rename ipv6_agr to ipv6_eui64 akefile
d46818effcc8ccb7d312396ebf1b0b82c72b6216	18-Mar-2002	Harald Welte <laforge@gnumonks.org>	Fix ip6tables save/restore '! --syn' output of libip6t_tcp.c ibip6t_tcp.c
3198b9c029a17517214d5b17d577433f0e377cd7	18-Mar-2002	Harald Welte <laforge@gnumonks.org>	compile libip6t_agr by default agr-test6 akefile
d75a2aaf00b87c95b091a1b733a1c17ae51a950a	18-Mar-2002	Harald Welte <laforge@gnumonks.org>	make libipt_conntrack compile by default conntrack-test akefile
ec03bdf9a8a645c2c4a644009475dc9d75a72558	18-Mar-2002	Harald Welte <laforge@gnumonks.org>	libipt_pkttype now compiled by default pkttype-test akefile
3c5bd600130c14f1049fd3e75cb4cef20c069a6b	14-Mar-2002	Harald Welte <laforge@gnumonks.org>	fixed stupid typo. why does this always have to happen _after_ the release? ibipt_conntrack.c
2757fd7400c98ce23c28f42a869d0313e8e62627	14-Mar-2002	Harald Welte <laforge@gnumonks.org>	add FTOS test file FTOS-test
487d1d39b6457a4a3aeb2b9dac3b1925a003a3e1	14-Mar-2002	Harald Welte <laforge@gnumonks.org>	add DSCP match akefile ibipt_dscp.c
b77f1dafb9f35752bb9685323bcacb32a0e6ddc5	14-Mar-2002	Harald Welte <laforge@gnumonks.org>	Fix 'iptables -p !' bug (segfault when `!' used without argument) ibip6t_LOG.c ibip6t_REJECT.c ibip6t_icmpv6.c ibip6t_ipv6header.c ibip6t_length.c ibip6t_limit.c ibip6t_mac.c ibip6t_mark.c ibip6t_owner.c ibip6t_tcp.c ibip6t_udp.c ibipt_BALANCE.c ibipt_DNAT.c ibipt_LOG.c ibipt_MASQUERADE.c ibipt_NETLINK.c ibipt_NETMAP.c ibipt_REDIRECT.c ibipt_REJECT.c ibipt_SAME.c ibipt_SNAT.c ibipt_TTL.c ibipt_ULOG.c ibipt_ah.c ibipt_connlimit.c ibipt_connmark.c ibipt_conntrack.c ibipt_esp.c ibipt_helper.c ibipt_icmp.c ibipt_length.c ibipt_limit.c ibipt_mac.c ibipt_mark.c ibipt_owner.c ibipt_pkttype.c ibipt_pool.c ibipt_quota.c ibipt_realm.c ibipt_recent.c ibipt_state.c ibipt_string.c ibipt_tcp.c ibipt_tcpmss.c ibipt_tos.c ibipt_ttl.c ibipt_udp.c
dffa8ddb43ca2d5bfe7344daea2f6e80c5adaa58	14-Mar-2002	Harald Welte <laforge@gnumonks.org>	add length match to default extension build list akefile
e0a71a88ca64bc139d9cf93d984e21984875c5c1	03-Mar-2002	András Kis-Szabó <kisza@securityaudit.hu>	Makefile fix for owner mac multiport limit (kisza) akefile
3068e95d6f9aa3e28d0a1bd3ff8adcbd96d77823	03-Mar-2002	Harald Welte <laforge@gnumonks.org>	Add LOGv6 to Makefile list akefile
0e81d5db9ca61069e213236582deedb61dd38b45	25-Feb-2002	Harald Welte <laforge@gnumonks.org>	add support for connmark match/target CONNMARK-test connmark-test ibipt_CONNMARK.c ibipt_connmark.c
bbbf9380d044a5ae9c42e36665c3f23c4c4fa429	25-Feb-2002	Harald Welte <laforge@gnumonks.org>	Change $Id$ tags ibipt_TTL.c ibipt_ttl.c
5a15c9a8b29871fc3246ed91423f271041a87c21	18-Feb-2002	Harald Welte <laforge@gnumonks.org>	fix cut&paste typo ibipt_ECN.c
385a1dd0f3b01fc0fbd6bcdee9796e0240ea77c1	17-Feb-2002	Harald Welte <laforge@gnumonks.org>	add ECN target support ibipt_ECN.c
ed18bad86af91f852fd79aa058a06018bdffc39e	17-Feb-2002	Harald Welte <laforge@gnumonks.org>	dscp fixes ibipt_DSCP.c
2e7377d3e21c0c93219eea0d38e2ee37308f6150	17-Feb-2002	Harald Welte <laforge@gnumonks.org>	add DSCP target support ibipt_DSCP.c
4ab10af3f549e1ea6492c768db3778816fff7f05	17-Feb-2002	Harald Welte <laforge@gnumonks.org>	make compilation of libip6t_LOG, libipt_length, libip6t_length and libip6t_owner mandatory LOG-test6 length-test length-test6 owner-test6 akefile
63c364d6fd20b1f58df9e91bcb4cfea2ebae6507	15-Feb-2002	Harald Welte <laforge@gnumonks.org>	fix for psd-delay-threshold > 100 ibipt_psd.c
4fce44c21c93fdc358917e6a9238f1de7601b295	04-Feb-2002	Stephen Frost <sfrost@snowman.net>	recent patch update by stephen frost ibipt_recent.c
6e9bfc7af3e5c2edd70feb4d03ceeed1de0ed412	19-Jan-2002	Marc Boucher <marc@mbsi.ca>	added break; to eliminate gcc3 warning ibipt_REJECT.c
f5c32d633daeccdf4d2bb381fcc7bb5c3cbcd273	19-Jan-2002	Marc Boucher <marc@mbsi.ca>	Added support for --cmd-owner option when ownercmd.patch is applied to kernel. ibipt_owner.c
5054e85be306809cf0a484469d7f7f6e16a31646	19-Jan-2002	Marc Boucher <marc@mbsi.ca>	general conntrack match module userspace support files conntrack-test ibipt_conntrack.c
110610b73adbc7b57df53cbc4f6931aa9a82fbaf	11-Jan-2002	Martin Josefsson <gandalf@wlug.westbo.se>	helper match (Martin Josefsson) helper-test ibipt_helper.c
426d90102b2fa88e6bdd50248b56fa25465ea9dd	25-Dec-2001	Harald Welte <laforge@gnumonks.org>	updated ipv6header patch ibip6t_ipv6header.c
46281d4b6f200dfacdbcf25f0d915f9ca2120030	18-Dec-2001	Harald Welte <laforge@gnumonks.org>	add new ipv6header match ipv6header-test6 ibip6t_ipv6header.c
48ea58532803c56d31933af3e74af83312748d22	07-Dec-2001	Harald Welte <laforge@gnumonks.org>	add timezone support to time match ibipt_time.c
389e3544861d170016c1059abe699d991e341d41	06-Dec-2001	Marc Boucher <marc@mbsi.ca>	removed duplicate 'static' keyword. ibipt_connlimit.c
e746abb15df34da1729de8d669c95f1b0b9ecb7c	03-Dec-2001	Harald Welte <laforge@gnumonks.org>	add quota patch quota-test ibipt_quota.c
de4f7f6a099e1ea499a5d395f3974263090ca35a	27-Nov-2001	Harald Welte <laforge@gnumonks.org>	new IPV4OPTSSTRIP target IPV4OPTSSTRIP-test ibipt_IPV4OPTSSTRIP.c
ddc342cfc6ce1631874c0a787fb1038b0fd5231a	27-Nov-2001	Harald Welte <laforge@gnumonks.org>	add support for all ipv4 options to the ipv4options match ibipt_ipv4options.c
93c7e5ad01a728c96356ce0325298fa60c39fb1e	08-Nov-2001	Stephen Frost <sfrost@snowman.net>	add new recent match to patch-o-matic (Stephen Frost) recent-test ibipt_recent.c
0942dd87902f4f7362245b593447790a8f8ef582	22-Oct-2001	Harald Welte <laforge@gnumonks.org>	same set problem as libipt_LOG.c - very, very strange ibip6t_LOG.c
3e44c50eca6081cc26204aef4aa152af24156044	22-Oct-2001	Harald Welte <laforge@gnumonks.org>	loglevel patch was missing one line (strange...) ibipt_LOG.c
3b6a948bfaa00834a6529690e504151c2d62034d	17-Oct-2001	Rick Wagner <rwagner@cloudnet.com>	nth match extension by Rick Wagner ibipt_nth.c
57a11e59267485370012f5bf0852e4ad7a969807	17-Oct-2001	Harald Welte <laforge@gnumonks.org>	add " " to log-level save function ibip6t_LOG.c
1412e459e4439cd878d036d1f3191bd70d795b08	16-Oct-2001	Harald Welte <laforge@gnumonks.org>	more precise limit rate printing/saving ibipt_limit.c
6b9e8f1dad610edf89e5bdc7d71e28b966184ed4	15-Oct-2001	Harald Welte <laforge@gnumonks.org>	string_to_number fix (*sigh*) ibipt_mport.c
cced2e496a974d333b394177d18f8d0b9506e12d	15-Oct-2001	Fabrice MARIE <fabrice@celestix.com>	added randmo match by Fabrice Maurie random-test ibipt_random.c
cfaed1f30b83996c3c164ed5e0f14a312262ef05	04-Oct-2001	Harald Welte <laforge@gnumonks.org>	IPv6 ICMP naming problem fix ibip6t_icmpv6.c
358a33ec17b3104f85d38cd745e06c8d55eded20	02-Oct-2001	Fabrice MARIE <fabrice@celestix.com>	Fabrice MARIE's patch, fixes bug in time parsing of list of days ibipt_time.c
52b6857822bc17ef7c3a18a4c7b28ac4a0282ba0	13-Sep-2001	Harald Welte <laforge@gnumonks.org>	i'm stupid and deleted a { ibip6t_length.c
e143b910468734512017d0900673a4ca600931e2	13-Sep-2001	Harald Welte <laforge@gnumonks.org>	another string_to_number fix ibip6t_length.c
7a7cc2808efc409711f5fa36be097aec0b2ebca3	13-Sep-2001	Harald Welte <laforge@gnumonks.org>	another string_to_number fix ibip6t_LOG.c
670a686db18ebf41cc1454c0c521d2424cd93bbe	13-Sep-2001	Harald Welte <laforge@gnumonks.org>	removed re-defined structure ibip6t_length.c
459357fa4339716810009fea41209ea47460ae2f	08-Sep-2001	Marc Boucher <marc@mbsi.ca>	Yet another set of string_to_number() fixes. ibipt_FTOS.c ibipt_LOG.c ibipt_TOS.c ibipt_time.c
2e2d3f394f40ef4ac9f213652b2976e0911cb05c	02-Sep-2001	Harald Welte <laforge@gnumonks.org>	fix comment ibipt_realm.c
6185c4ba5ecce8fbc3c404dc421a84390131548a	02-Sep-2001	Harald Welte <laforge@gnumonks.org>	add shared library for lenght-ipv6 match length-test6 ibip6t_length.c
6850af9a17ac0d141e92cb0fad14e30b9ed77273	31-Aug-2001	Harald Welte <laforge@gnumonks.org>	bugfix and spelling corrections for psd match ibipt_psd.c
05e0b01bd1cd4035893c33c7084164bd8fab37c8	26-Aug-2001	Harald Welte <laforge@gnumonks.org>	second part of SAME patch which I missed to commit :( ibipt_SAME.c
3efb6ead2e51fe1eca55bcb2b06afb4dc4b8cb7c	06-Aug-2001	Harald Welte <laforge@gnumonks.org>	- added patch to support statically linking of iptables - iptables-save/-restore is no longer experimental akefile ibip6t_LOG.c ibip6t_MARK.c ibip6t_agr.c ibip6t_icmpv6.c ibip6t_limit.c ibip6t_mac.c ibip6t_mark.c ibip6t_multiport.c ibip6t_owner.c ibip6t_standard.c ibip6t_tcp.c ibip6t_udp.c ibipt_BALANCE.c ibipt_DNAT.c ibipt_FTOS.c ibipt_LOG.c ibipt_MARK.c ibipt_MASQUERADE.c ibipt_MIRROR.c ibipt_NETLINK.c ibipt_NETMAP.c ibipt_POOL.c ibipt_REDIRECT.c ibipt_REJECT.c ibipt_SAME.c ibipt_SNAT.c ibipt_TCPMSS.c ibipt_TOS.c ibipt_TTL.c ibipt_ULOG.c ibipt_ah.c ibipt_connlimit.c ibipt_esp.c ibipt_icmp.c ibipt_ipv4options.c ibipt_length.c ibipt_limit.c ibipt_mac.c ibipt_mark.c ibipt_multiport.c ibipt_owner.c ibipt_pkttype.c ibipt_pool.c ibipt_psd.c ibipt_record_rpc.c ibipt_standard.c ibipt_state.c ibipt_string.c ibipt_tcp.c ibipt_tcpmss.c ibipt_time.c ibipt_tos.c ibipt_ttl.c ibipt_udp.c ibipt_unclean.c
c2dadf028088e2ce26ed60282ef5b1694d091532	30-Jul-2001	Harald Welte <laforge@gnumonks.org>	Fixed REJECTv6 compile errors. REJECT-test6 akefile
d6aa9666bebfe9fa1d87ce8d77c40704cd6a6199	30-Jul-2001	Sampsa Ranta <sampsa@netsonic.fi>	added realm match from Sampsa Ranta realm-test ibipt_realm.c
cf655eb194951a93e4e1371747273c12466c1952	28-Jul-2001	Harald Welte <laforge@gnumonks.org>	SAME patch update (add --nodst option) ibipt_SAME.c
06e6394cf92b8a3a721a9492f1f2fe6d163a7bea	23-Jul-2001	Marc Boucher <marc@mbsi.ca>	Fixed string_to_number() return value check. ibip6t_limit.c ibipt_limit.c
c8af1fd0a9b8e7e39626c7d66ade0ddc93f25fbe	23-Jul-2001	Harald Welte <laforge@gnumonks.org>	added libip6t_REJECT.c for IPv6 reject support akefile ibip6t_REJECT.c
b47197629735fa1cb93112dfd7d1c4fbcdb24a95	23-Jul-2001	Harald Welte <laforge@gnumonks.org>	further fixes of string_to_number fixes ibip6t_LOG.c ibip6t_icmpv6.c ibip6t_limit.c ibip6t_multiport.c ibip6t_tcp.c ibip6t_udp.c ibipt_FTOS.c ibipt_LOG.c ibipt_NETMAP.c ibipt_TCPMSS.c ibipt_TOS.c ibipt_icmp.c ibipt_length.c ibipt_limit.c ibipt_mport.c ibipt_multiport.c ibipt_nth.c ibipt_psd.c ibipt_tcp.c ibipt_tcpmss.c ibipt_time.c ibipt_tos.c ibipt_udp.c
b7722f29b7d1e376bc758d25aa5a9e1cd94b2d51	21-Jul-2001	Harald Welte <laforge@gnumonks.org>	added n'th packet match to patch-o-matic nth-test ibipt_nth.c
e0bc7a4eabc45621a7a8cc2a32f178dae51f43e0	14-Jul-2001	András Kis-Szabó <kisza@sch.bme.hu>	Major icmpv6 cleanup / fixes by Kis-Szabo Andras. akefile ibip6t_icmp.c ibip6t_icmpv6.c
01aadcc84a7dff4dd2cfbdfa2d2d7092e73ed261	14-Jul-2001	Harald Welte <laforge@gnumonks.org>	fix srr and add router-alert support to ipv4options patch ibipt_ipv4options.c
30d920a7cf3f9c22f46fc57f938910e37dc83b04	16-Jun-2001	Harald Welte <laforge@gnumonks.org>	changed order of port_unreachable / prot_unreachable to reflect kernel enum ibipt_REJECT.c
47caec083cb75915608660a5229812481d45163d	05-Jun-2001	Andreas Ferber <af@devcon.net>	Andreas Ferber's mulitport with ranges patch. mport-test ibipt_mport.c
a138ba42689e5581e40d89fbd1f5e0a6eb6ba0d7	05-Jun-2001	Rusty Russell <rusty@rustcorp.com.au>	DO_IPV6 fix. akefile
06d0b25aafaebd5726c222f705ce990e31ff423c	21-May-2001	Harald Welte <laforge@gnumonks.org>	typo (it's BM_MAX_NLEN, not BM_MAX_LEN) (reported by s I n) ibipt_string.c
97b3fdef41a009e54a0595b78c57f93b63f92469	12-May-2001	Harald Welte <laforge@gnumonks.org>	fixed bug in save() function causing it to print '--reject-with reject-with' in all cases ibipt_REJECT.c
b2f9cb7591c0cb19a1dc8c56e283b46255da916e	03-May-2001	Svenning Soerensen <svenning@post5.tele.dk>	New NETMAP target in p-o-m, by Svenning Soerenson NETMAP-test ibipt_NETMAP.c
147a2be5ef19af6ef3842f496d1de2ae3e679ecc	02-May-2001	Fabrice MARIE <fabrice_marie_sec@yahoo.com>	Added Fabrice Marie's port of the length match length-test ibipt_length.c
97013f608752b04c707babbbd74fe8c214704611	01-May-2001	Harald Welte <laforge@gnumonks.org>	gianni tedesco's last patch was broken... now compilation works again akefile
64bb2a11065e09d5a26fb1b4c690f07a63f67fe0	30-Apr-2001	Gianni Tedesco <gianni@ecsc.co.uk>	NETLINK target fixes, by original author (Gianni Tedesco) akefile
d7e251f04f4e9dc8e823e2893a5961f9aaac28ab	27-Apr-2001	Fabrice MARIE <fabrice_marie_sec@yahoo.com>	Fabrice Marie's timestamp extensions fixes. ibipt_time.c
b5166476721dd0b663f52bd220ef008ca269c0dc	19-Apr-2001	Harald Welte <laforge@gnumonks.org>	pkttype match (new) + scorefile, libiptc C++ compatibility + scorefile pkttype-test ibipt_pkttype.c
0b4efeac23186338da90a08fa48f0fd0aa293740	12-Apr-2001	Harald Welte <laforge@gnumonks.org>	tcp match numerical output bugfix ibip6t_tcp.c ibipt_tcp.c
94a7c27009a1f045484e9fb9ccfff37a8f034c10	12-Apr-2001	Gerd Knorr <kraxel@bytesex.org>	Gerd Knorr's fixes to iplimit match ibipt_connlimit.c
81adae9a58248bf0b027708cf9c5b0b7b2b956d7	12-Apr-2001	András Kis-Szabó <kisza@sch.bme.hu>	integrated the ip6_agr match from Kis-Szabo Andras agr-test6 ibip6t_agr.c
5ea4bcb45a70f79a8df53caddeeeccfa90d735ae	25-Mar-2001	Harald Welte <laforge@gnumonks.org>	added new time match, added new ipv4options match ipv4options-test time-test akefile ibipt_ipv4options.c ibipt_time.c
18f1aff721e19486d87342abb594831b08b1083e	25-Mar-2001	Harald Welte <laforge@gnumonks.org>	updated SAME match SAME-test ibipt_SAME.c
3452e0ba31efe962daea8bf85f8b3a9253449c1a	19-Mar-2001	Gianni Tedesco <gianni@ecsc.co.uk>	NETLINK patch from Gianni Tedesco. This time complete. ibipt_NETLINK.c
963bdcc39ffa1e5126f8b11ee98a3e0d1d873f8d	16-Mar-2001	Harald Welte <laforge@gnumonks.org>	bug in libipt_REDIRECT save function fixed ibipt_REDIRECT.c
008a83fad0f131e08d03235e7615fb392d1f3c3b	28-Feb-2001	Rusty Russell <rusty@linuxcare.com.au>	Move some include files to be present always, so build always includes them even if patches not applied (eg. for distributions). FTOS-test TCPMSS-test TTL-test ULOG-test ah-esp-test iplimit-test ttl-test akefile
764316a133db8e5e2d1f2a9d941ffae993d7c9d9	26-Feb-2001	András Kis-Szabó <kisza@sch.bme.hu>	ip6tables-save/-restore by Kis-Szabo Andras ibipt_string.c
f419f759735f33721a9506230d9444fb3dce5024	19-Feb-2001	Martin Josefsson <gandalf@wlug.westbo.se>	New SAME nat target added. (contrib by Martin Josefsson) SAME-test ibipt_SAME.c
dc8af0ffcdce70d570348d39212da083a0ed6f80	16-Feb-2001	Jan Rekorajski <baggins@sith.mimuw.edu.pl>	Port of IPv6 owner match, fixes for IPv6 limit mac and multiport matches (Jan Rekorajski) owner-test6 ibip6t_limit.c ibip6t_mac.c ibip6t_multiport.c ibip6t_owner.c
3ff7df41e88653e7b21c5d0bba538ded85cb950a	15-Feb-2001	Jan Rekorajski <baggins@sith.mimuw.edu.pl>	LOG Target for IPv6 (Jan Rekorajski) LOG-test6 NETLINK-test ibip6t_LOG.c ibipt_NETLINK.c
cd44ffd23c82255aae364095815c2f463e8be302	05-Feb-2001	Harald Welte <laforge@gnumonks.org>	psd match fix. Due to a typo in the pathname not all files have been applied. psd-test ibipt_psd.c
d3beea368e0f293d8822153366e38e0d62fcea6a	31-Jan-2001	Harald Welte <laforge@gnumonks.org>	new extension for new ULOG target (in-kernel queuing, netlink multipart msg) ibipt_ULOG.c
eea8a933dc92df7e53ebe54a7a94aeb30b3f8b2f	24-Jan-2001	Harald Welte <laforge@gnumonks.org>	--log-prefix and --ulog-prefix problem when not quoted in save function (reported and fixed by Bart Theunissen) ibipt_LOG.c ibipt_ULOG.c
55bfdee763153a9d35efb95c689e9383cab44808	07-Jan-2001	Rusty Russell <rusty@linuxcare.com.au>	Forgot to add this before, I think. ibipt_record_rpc.c
d9c66ba7131b1418cdd28aab3075d32a8b47519d	18-Dec-2000	Matthew G. Marsh <mgm@paktronix.com>	Matthew G. Marsh's FTOS patch. FTOS-test ibipt_FTOS.c
d2d0263ce2d8448fb0f470f732ca39b655ed599d	18-Dec-2000	Gerd Knorr <kraxel@bytesex.org>	Gerd Knorr's iplimit. iplimit-test ibipt_connlimit.c
2047109a61d5c6014de628d306ac53ce864e9db8	18-Dec-2000	Rusty Russell <rusty@linuxcare.com.au>	Test for record rpc. record-rpc-test
bd8382bb9aa4963fde2b58550cffe190fad02ddc	18-Dec-2000	Rusty Russell <rusty@linuxcare.com.au>	Stop --reject-with echo-reply (won't be supported soon). ibipt_REJECT.c
7559e07f9256c204c932aeb4036f471b037a01b6	16-Nov-2000	Harald Welte <laforge@gnumonks.org>	added shlib plugin for ipv6 mark match ibip6t_mark.c
d870b461bd54fdc090446cb4657fb92312619461	13-Nov-2000	Harald Welte <laforge@gnumonks.org>	shlib plugin foer ip6tables MARK added akefile ibip6t_MARK.c
1441c4281ed4a9ef6d69f1e280a8f098ee336d7a	13-Nov-2000	Harald Welte <laforge@gnumonks.org>	new revision of TTL and ttl patch. Match bugfixed, supports now == !+ < > ibipt_TTL.c ibipt_ttl.c
67f23b2b40e937b3a20b4de4aa7bad7d2768e68e	05-Nov-2000	Harald Welte <laforge@gnumonks.org>	small fixes in the save() function of the ULOG and tcp extension ibipt_ULOG.c ibipt_tcp.c
1bea61a58fd16ed4d856160bbd1ef7ed78bfe187	24-Oct-2000	Harald Welte <laforge@gnumonks.org>	minor output bug in save() ibipt_ULOG.c
d4d9196c690b9fa4235cb7bbb68b395018d60150	23-Oct-2000	Rusty Russell <rusty@linuxcare.com.au>	BALANCE target alpha support. BALANCE-test ibipt_BALANCE.c
703828fffcbcefa7adf1b835ffe930d91dcb75d7	04-Oct-2000	Harald Welte <laforge@gnumonks.org>	Harald Welte's ttl stuff. This patch adds two new modules to the netfilter CVS patch-o-matic system: A TTL match and a TTL target for setting/incrementing/decrementing the TTL. TTL-test ttl-test ibipt_TTL.c ibipt_ttl.c
3071913784b69423fd25c3db2344e585872920cc	04-Oct-2000	Emmanuel Roger <winfield@freegates.be>	Emmanuel Roger's string matching patch. string-test ibipt_string.c
711fcbed84130ecf85208f4d8d25654d61b90962	12-Sep-2000	Marc Boucher <marc@mbsi.ca>	Added support for --clamp-mss-to-pmtu option. ibipt_TCPMSS.c
44540942fbd1f2a0f0dcd7247275a702bcf45a02	12-Sep-2000	Marc Boucher <marc@mbsi.ca>	Fixed small typo. ibipt_ULOG.c
3172807273373cfd08a98be2faf20af9a5b37554	01-Sep-2000	Rusty Russell <rusty@linuxcare.com.au>	Derrik Pates's tcpflags wrong way round when -n no specified. ibipt_tcp.c
2d01dca3d4e918d0c7d66fab4620050a1c72bca2	01-Sep-2000	Rusty Russell <rusty@linuxcare.com.au>	print and save can be NULL. ibipt_MIRROR.c ibipt_unclean.c
fa9f9f907c7bb92a858127157084c6368fae23cf	01-Sep-2000	Rusty Russell <rusty@linuxcare.com.au>	Fixed ! test cases. ibipt_tcp.c
78001feee0f4cbc404c824261b6867c96fc6091d	01-Sep-2000	Rusty Russell <rusty@linuxcare.com.au>	Allow --tcp-flags ! A B. ibipt_tcp.c
d4a8b2887083ce8578019d5b271d9b9b48528a9f	31-Aug-2000	Rusty Russell <rusty@linuxcare.com.au>	Fixed compile errors. ibipt_tcpmss.c
2ce6ec65c80baf4b4ff381f713d9d8256f044c48	30-Aug-2000	Rusty Russell <rusty@linuxcare.com.au>	TCP MSS matching support (untested). TCPMSS-test ibipt_tcpmss.c
22513345860f790cf74f1b5435ba41a3b432ca4e	28-Aug-2000	Marc Boucher <marc@mbsi.ca>	Test for TCPMSS target. TCPMSS-test
53adeb104c6065b89db5393c7ad64898d03e4b95	27-Aug-2000	Marc Boucher <marc@mbsi.ca>	Marc Boucher's TCPMSS patch. ibipt_TCPMSS.c
524518261009f3f81febfdd8398becc4a80cc941	27-Aug-2000	Rusty Russell <rusty@linuxcare.com.au>	Patch-o-matic! now included. ULOG-test ah-esp-test pool-test akefile ibipt_POOL.c ibipt_ah.c ibipt_esp.c ibipt_pool.c
51d9b755aba51ad769384e1d730596747f995ed1	27-Aug-2000	Rusty Russell <rusty@linuxcare.com.au>	Required blank MIRROR target for Harald Welte's dlopen force patch. ibipt_MIRROR.c
b078ef88aebc4b02dfc7d5e21fda317924e2a991	23-Aug-2000	Rusty Russell <rusty@linuxcare.com.au>	Disable ULOG (pending patch to make it dependent on header in KERNEL_DIR). akefile
015dffbad370115ef15d9064a807acbe9ef7c60c	01-Aug-2000	Harald Welte <laforge@sunbeam.franken.de>	Harald Welte gets more ideas... ibipt_ULOG.c
c5bdb40e2d78999e3bfed6256d0fd2df4bba784f	31-Jul-2000	Harald Welte <laforge@sunbeam.franken.de>	Harald Welte's other file (which Rusty forgot). ibipt_ULOG.c
fdf0433110f16b0534600af2d8980487c8342ac2	31-Jul-2000	Harald Welte <laforge@sunbeam.franken.de>	Harald Welte's ULOG target with tests (untested). akefile
52e440e49cfe8f3660a4731c7bf2601baf2d6743	12-Jul-2000	Rusty Russell <rusty@linuxcare.com.au>	Remove ICMP packet-filtered option (deprecated). Add tests for RST generation. ibipt_REJECT.c
73f72f541ac4dab538d4d418b9bbf1707b31342b	03-Jul-2000	Rusty Russell <rusty@linuxcare.com.au>	Aligning matchsize and targetsize now responsibility of extension writers (PPC fix). ibip6t_icmp.c ibip6t_standard.c ibip6t_tcp.c ibip6t_udp.c ibipt_DNAT.c ibipt_LOG.c ibipt_MARK.c ibipt_MASQUERADE.c ibipt_REDIRECT.c ibipt_REJECT.c ibipt_SNAT.c ibipt_TOS.c ibipt_icmp.c ibipt_limit.c ibipt_mac.c ibipt_mark.c ibipt_multiport.c ibipt_owner.c ibipt_standard.c ibipt_state.c ibipt_tcp.c ibipt_tos.c ibipt_udp.c ibipt_unclean.c
f7e72d5730420194d6d3e441e881f8d7f217d888	20-Jun-2000	Rusty Russell <rusty@linuxcare.com.au>	REJECT enhancements. ibipt_REJECT.c
ee604b7e36f2678bf086e145a184e2403c72389a	08-Jun-2000	Philip Blundell <Philip.Blundell@pobox.com>	Phil's missing file 8) ibip6t_standard.c
b47050c8c1ffb47ef63be37526e0afd15193c5a8	04-Jun-2000	Philip Blundell <Philip.Blundell@pobox.com>	Phil Blundell's new ipv6 extensions. ibip6t_icmp.c ibip6t_tcp.c ibip6t_udp.c
57e07af96a28d81281a20ad7a0e9dc189caf4861	04-Jun-2000	Philip Blundell <Philip.Blundell@pobox.com>	Phil Blundell: ICMP, TCP and UDP extensions + rule deletion bug. akefile
228e98dd6303af11925235af4cf3c3ec450f3f41	27-Apr-2000	Rusty Russell <rusty@linuxcare.com.au>	Alignment fixes (requires kernel patch). ibipt_DNAT.c ibipt_SNAT.c
849779c4adf8dd65c83fffb65e6b7898df2a55c6	23-Apr-2000	Rusty Russell <rusty@linuxcare.com.au>	More fixes and testsuite enhancements. ibipt_REDIRECT.c ibipt_limit.c
ac761dcadac9d6ac9ad5a957986ddedee651c3ac	23-Apr-2000	Marc Boucher <marc@mbsi.ca>	Added #include <linux/stddef.h> for offsetof(). ibipt_limit.c
edf14cf4b5edb148d7473f067d95e7bd1316900b	19-Apr-2000	Rusty Russell <rusty@linuxcare.com.au>	Changes to allow matching (for delete) on part of a rule, for rules which change in the kernel (eg. ipt_limit). ibipt_DNAT.c ibipt_LOG.c ibipt_MARK.c ibipt_REJECT.c ibipt_SNAT.c ibipt_TOS.c ibipt_icmp.c ibipt_limit.c ibipt_mac.c ibipt_mark.c ibipt_multiport.c ibipt_owner.c ibipt_standard.c ibipt_state.c ibipt_tcp.c ibipt_tos.c ibipt_udp.c ibipt_unclean.c
f9b2e66877b743962a36ec9c37335b9bc3f8b70f	19-Apr-2000	Rusty Russell <rusty@linuxcare.com.au>	Put ports in network order. ibipt_MASQUERADE.c ibipt_REDIRECT.c
2382c8c3a126ba82e6da03f79a88f44e7f3caa54	07-Apr-2000	Marc Boucher <marc@mbsi.ca>	Fixed typo. ibipt_udp.c
9f2009cbfda7a4e341258322a7c8b462605990af	07-Apr-2000	Marc Boucher <marc@mbsi.ca>	Fixed save() to properly interpret ports in host byte order and use ':' as range separator. ibipt_tcp.c ibipt_udp.c
a1ce9f9b8265a8c28facd52f4e3c0465dce2b9f0	24-Mar-2000	Rusty Russell <rusty@linuxcare.com.au>	Testsuite update. ibipt_REJECT.c
7e53bf9c2a697abdb6f1385557338423a86612a3	20-Mar-2000	Rusty Russell <rusty@linuxcare.com.au>	Makefile fixes for release. Whitespace cleanups. ibipt_LOG.c ibipt_MARK.c ibipt_REJECT.c ibipt_TOS.c ibipt_limit.c ibipt_mark.c ibipt_tos.c
e6869a8f59d779ff4d5a0984c86d80db70784962	20-Mar-2000	Marc Boucher <marc@mbsi.ca>	reorganized tree after kernel merge akefile ibipt_DNAT.c ibipt_LOG.c ibipt_MARK.c ibipt_MASQUERADE.c ibipt_REDIRECT.c ibipt_REJECT.c ibipt_SNAT.c ibipt_TOS.c ibipt_icmp.c ibipt_limit.c ibipt_mac.c ibipt_mark.c ibipt_multiport.c ibipt_owner.c ibipt_standard.c ibipt_state.c ibipt_tcp.c ibipt_tos.c ibipt_udp.c ibipt_unclean.c