e3928b77f18db0fdc615693017c6c15eb71bf4e0 |
02-Apr-2014 |
JP Abgrall <jpa@google.com> |
Fixup build so that the update from nefilter.org to 1.4.20 works * Keep the generated files needed for building. Used ./configure --enable-static --disable-shared make * Update the various Android *.mk files. Change-Id: If0e45cf6289f0e3dcf3adf73e6ccff86d640f1c0 Signed-off-by: JP Abgrall <jpa@google.com>
ptables/internal.h
tables-version.h
|
11ef84b856859e7d4a08625d09c8573e5f5eef63 |
02-Apr-2014 |
JP Abgrall <jpa@google.com> |
Merge remote-tracking branch 'upstream/stable-1.4.20' into update Conflicts: .gitignore include/linux/types.h libiptc/libiptc.c Change-Id: I2c949ba9de090db9ae09d914f4ac5c13e5b7d4da
|
37aaf36719addeaaf717fb1183eb3336254fef99 |
08-Feb-2014 |
Elliott Hughes <enh@google.com> |
Post-uapi cleanup. We can just use the uapi headers now. (This is probably true for most of these header files, but I just want to undo the changes we made during the uapi transition.) Change-Id: I4ab0c6f782f73699595a2ce24809a2c0187c98f8
inux/types.h
|
72000dcfdc0b0f26ccf52f7b877221bb008a7869 |
12-Nov-2013 |
Elliott Hughes <enh@google.com> |
Fix iptables to build with old or uapi header files. Bug: 11559337 Change-Id: Iefb938b87e1f29cbf45d8833e9416c38004d9b5e
inux/types.h
|
7b26bafb9be05a23b47653640aadbb61d0032665 |
28-Jan-2013 |
Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> |
libxt_CT: Add the "NOTRACK" alias Available since Linux kernel 3.8. Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
inux/netfilter/xt_CT.h
|
d7aeda5ed45ac7ca959f12180690caa371b5b14b |
08-Jul-2013 |
Pablo Neira Ayuso <pablo@netfilter.org> |
ip{6}tables-restore: fix breakage due to new locking approach Since (93587a0 ip[6]tables: Add locking to prevent concurrent instances), ip{6}tables-restore does not work anymore: iptables-restore < x Another app is currently holding the xtables lock. Perhaps you want to use the -w option? do_command{6}(...) is called from ip{6}tables-restore for every iptables command contained in the rule-set file. Thus, hitting the lock error after the second command. Fix it by bypassing the locking in the ip{6}tables-restore path. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
p6tables.h
ptables.h
|
34844da8f53ec80b34ad094f2fca2519a7079ec2 |
01-May-2013 |
Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> |
Introduce a new revision for the set match with the counters support The revision add the support of matching the packet/byte counters if the set was defined with the extension. Also, a new flag is introduced to suppress updating the packet/byte counters if required. Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
inux/netfilter/ipset/ip_set.h
inux/netfilter/xt_set.h
|
ce7d0619ce49587ca78456caf467cf25f7cbbc4e |
02-Apr-2013 |
holger@eitzenberger.org <holger@eitzenberger.org> |
extensions: libxt_NFQUEUE: add --queue-cpu-fanout parameter Signed-off-by: Holger Eitzenberger <holger@eitzenberger.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
inux/netfilter/xt_NFQUEUE.h
|
ccbf6b6448a4210432b76fd4660798705b05f8c4 |
06-May-2013 |
Florian Westphal <fw@strlen.de> |
extensions: add connlabel match allows to "tag" connections with up to 128 label names. Labels are defined in /etc/xtables/connlabel.conf, example: 0 from eth0 1 via eth0 Labels can then be attached to flows, e.g. -A PREROUTING -i eth0 -m connlabel --label "from eth0" --set Signed-off-by: Florian Westphal <fw@strlen.de>
inux/netfilter/xt_connlabel.h
|
e0a0dd703b3448f0f07fc59b7232bf1f1cce7b86 |
23-Jan-2013 |
Willem de Bruijn <willemb@google.com> |
extensions: add libxt_bpf extension Add user-space code to support the new BPF iptables extension. Pablo has mangled the original patch to: * include a copy of include/linux/netfilter/xt_bpf.h in the tree. * I have also remove the --bytecode-file option. The original proposal was to accept BPF code in a file in human readable format. Now, with the nfbpf_compile utility, it's very easy to generate the filter using tcpdump-like syntax. * I have remove the trailing comma in the backtick format, the parser works just fine for me here. * Fix error message if --bytecode is missing. Signed-off-by: Willem de Bruijn <willemb@google.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
inux/netfilter/xt_bpf.h
|
cccfff9309743f173c504dd265fae173caa5b47f |
16-Mar-2013 |
Pablo Neira Ayuso <pablo@netfilter.org> |
libip6t_NETMAP: Use xtables_ip6mask_to_cidr and get rid of libip6tc dependency This patch changes the NETMAP target extension (IPv6 side) to use the xtables_ip6mask_to_cidr available in libxtables. As a side effect, we get rid of the libip6tc dependency. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
ibiptc/libip6tc.h
|
e612a9d285477e9951349dd137305393a1255b19 |
28-Jan-2013 |
Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> |
Add the "state" alias to the "conntrack" match
inux/netfilter/xt_conntrack.h
|
efcdba41ca6bde51c8753cb30c869c370f0a3b93 |
28-Jan-2013 |
Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> |
Introduce match/target aliases The match/target alias allows us to support the syntax of matches, targets targets merged into other matches/targets.
tables.h
|
2f655ede64e07a861e3ec50150f572ed98755013 |
29-Oct-2012 |
Pablo Neira Ayuso <pablo@netfilter.org> |
libxtables: add xtables_print_num This function is used both by iptables and ip6tables, and refactorize to avoid longer than 80-chars per column lines of code. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
tables.h
|
d1e7922a587a239e16e0dbe654e63f76e1375e49 |
04-Jan-2013 |
Pablo Neira Ayuso <pablo@netfilter.org> |
libxtables: add xtables_rule_matches_free This function is shared by iptables and ip6tables. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
tables.h
|
9d284c1c67188dfa8a4c7a6e36eb9a10bd9c15e2 |
25-Oct-2012 |
Pablo Neira Ayuso <pablo@netfilter.org> |
Merge branch 'next' branch that contains new features scheduled for Linux kernel 3.7
|
8d8896a3833292d091ee5a028f3461083bb956bd |
17-Sep-2012 |
Florian Westphal <fw@strlen.de> |
libxt_time: add support to ignore day transition Currently, if you want to do something like: "match Monday, starting 23:00, for two hours" You need two rules, one for Mon 23:00 to 0:00 and one for Tue 0:00-1:00. The rule --weekdays Mo --timestart 23:00 --timestop 01:00 looks correct, but it will first match on monday from midnight to 1 a.m. and then again for another hour from 23:00 onwards. This permits userspace to explicitly ignore the day transition and match for a single, continuous time period instead. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
inux/netfilter/xt_time.h
|
ec40b897289745da3d67de2cb14be30353003922 |
30-Sep-2012 |
Jan Engelhardt <jengelh@inai.de> |
Merge branch 'master' of git://git.inai.de/iptables
|
c436dad7cfdd80ca4a05ceed556c39babc266f55 |
27-Sep-2012 |
Jan Engelhardt <jengelh@inai.de> |
iptables: support for match aliases This patch allows for match names listed on the command line to be rewritten to new names and revisions, like we did for targets before. Signed-off-by: Jan Engelhardt <jengelh@inai.de>
tables.h
|
cd2f9bdbb7f9b737e5d640aafeb78bcd8e3a7adf |
04-Sep-2012 |
Jan Engelhardt <jengelh@inai.de> |
iptables: support for target aliases This patch allows for target names listed on the command line to be rewritten to new names and revisions. As before, we will pick a revision that is supported by the kernel - now including real_name in the search. This gives us the possibility to test for many action names. Signed-off-by: Jan Engelhardt <jengelh@inai.de>
tables.h
|
d637ead63658d741501974c381889b3857073308 |
21-Sep-2012 |
Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> |
New set match revision with --return-nomatch flag support
inux/netfilter/ipset/ip_set.h
|
1871796877956ee68a39092c6fc3678e5a9d1d88 |
22-Aug-2012 |
Patrick McHardy <kaber@trash.net> |
extensions: add NPT extension Add extensions for the SNPT and DNPT stateless IPv6-to-IPv6 Network Prefix Translation targets. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
inux/netfilter_ipv6/ip6t_NPT.h
|
0e37f00980eb6b4fc2c5f979cc5fa83c0fff9d30 |
22-Aug-2012 |
Patrick McHardy <kaber@trash.net> |
extensions: add IPv6 MASQUERADE extension Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
inux/netfilter/nf_nat.h
|
e62f426c7ead7c0025d15860df97426db6509942 |
22-Aug-2012 |
Patrick McHardy <kaber@trash.net> |
Convert the NAT targets to use the kernel supplied nf_nat.h header Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
inux/netfilter/nf_conntrack_tuple_common.h
inux/netfilter/nf_nat.h
inux/netfilter_ipv4/ipt_SAME.h
et/netfilter/nf_conntrack_tuple.h
et/netfilter/nf_nat.h
|
df60a301bf24c3b3e37188d9da155b97fd6dc076 |
31-Aug-2012 |
Jan Engelhardt <jengelh@inai.de> |
build: separate AC variable replacements from xtables.h It was/is a bit annoying that modifying xtables.h.in causes configure to rerun. Split the @foo@ things into a separate file to bypass this. Signed-off-by: Jan Engelhardt <jengelh@inai.de>
akefile.am
tables-version.h.in
tables.h
tables.h.in
|
ad8858c0d3ef875e2c118ebcc69487070fb87f72 |
03-Aug-2012 |
Pablo Neira Ayuso <pablo@netfilter.org> |
include: add missing linux/netfilter_ipv4/ip_queue.h This patch fixes compilation of libipq with headers from Linux kernel 3.5: In file included from libipq.c:34:0: ../include/libipq/libipq.h:33:43: fatal error: linux/netfilter_ipv4/ip_queue.h: No such file or directory ip_queue is gone since Linux kernel 3.5. However, you can still use new iptables versions with old Linux kernels. We have to keep libipq in this tree for a while (1.5-2 years should be OK). Reported-by: Arkadiusz Miśkiewicz <arekm@maven.pl> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
inux/netfilter_ipv4/ip_queue.h
|
74ded7257e5da5e309844d386290f24ae91950a6 |
17-May-2012 |
Denys Fedoryshchenko <denys@visp.net.lb> |
libxt_recent: add --mask netmask This new option will be available in the Linux kernel 3.5 [ Pablo fixed coding-style issues and cleaned up this. Added manpages as well ] Signed-off-by: Denys Fedoryshchenko <denys@visp.net.lb> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
inux/netfilter/xt_recent.h
|
abdef13f36b63758f8775eb86febd96bf062df6f |
08-May-2012 |
Florian Westphal <fw@strlen.de> |
libxt_hashlimit: add support for byte-based operation allows --hashlimit-(upto|above) Xb/s [ --hashlimit-burst Yb ] to make hashlimit match when X bytes/second are exceeded; optionally, Y bytes will not be matched (i.e. bursted). [ Pablo fixed minor compilation warning in this patch with gcc-4.6 and x86_64 ] libxt_hashlimit.c: In function ‘parse_bytes’: libxt_hashlimit.c:216:6: warning: format ‘%llu’ expects argument of type ‘long long unsigned int’, but argument 3 has type ‘uint64_t’ [-Wformat] Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
inux/netfilter/xt_hashlimit.h
|
4df8cb6ab176f3c1f2bf9498d0abde8d9362087b |
23-Apr-2012 |
Hans Schillstrom <hans.schillstrom@ericsson.com> |
extensions: add HMARK target The target allows you to set mark packets based Jenkins' hash calculation: h(t, rnd) = x mark = (x % mod) + offset where: * t is a tuple that is used for the hashing: t = [ src, dst, proto, sport, dport ] Note that you can customize the tuple, thus, removing some component that you don't want to use for the calculation. You can also use spi instead of sport and dport, btw. * rnd is the random seed that is explicitly passed via --hmark-rnd * mod is the modulus, to determine the range of possible marks * offset determines where the mark starts from This target only works for the "raw" and "mangle" tables. This can be used to distribute flows between a cluster of systems and uplinks. Initially based on work from Hans Schillingstrom. Pablo took it over and introduced several improvements. Signed-off-by: Hans Schillstrom <hans.schillstrom@ericsson.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
inux/netfilter/xt_HMARK.h
|
a96166c24eaac1c91bed4815c09e91733409d888 |
14-Jul-2012 |
Pablo Neira Ayuso <pablo@netfilter.org> |
libxtables: add xtables_ip[6]mask_to_cidr This patch adds generic functions to return the mask in CIDR notation whenever is possible. This patch also simplifies xtables_ip[6]mask_to_numeric, that now use these new two functions. This patch also bumps libxtables_vcurrent and libxtables_vage since we added a couple new interfaces (thanks to Jan Engelhardt for his little reminder on this). Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
tables.h.in
|
e07e0d31f48d951e0f03ba254d4754810732c241 |
30-Mar-2012 |
Ashish Sharma <ashishsharma@google.com> |
Modify iptables to talk to xt_IDLETIMER version 1. Change-Id: Ib144c5289681cdff21b21be74173164d097710e7
inux/netfilter/xt_IDLETIMER.h
|
e8f32983048d6aa4a908b6a92da55fa71c859623 |
29-Feb-2012 |
Pablo Neira Ayuso <pablo@netfilter.org> |
libxt_CT: add --timeout option This patch adds the --timeout option to allow to attach timeout policy objects to flows, eg. iptables -I PREROUTING -t raw -s 1.1.1.1 -p tcp \ -j CT --timeout custom-tcp-policy You need the nfct(8) tool which is available at: http://git.netfilter.org/cgi-bin/gitweb.cgi?p=nfct.git To define the cttimeout policies. Example of usage: nfct timeout add custom-tcp-policy inet tcp established 1000 The new nfct tool also requires libnetfilter_cttimeout: http://git.netfilter.org/cgi-bin/gitweb.cgi?p=libnetfilter_cttimeout.git Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
inux/netfilter/xt_CT.h
|
f233df44196f568075a5d70fc29f31b72b512783 |
27-Mar-2012 |
Pablo Neira Ayuso <pablo@netfilter.org> |
extensions: add nfacct match This patch provides the user-space iptables support for the nfacct match. This can be used as it follows: nfacct add http-traffic iptables -I INPUT -p tcp --sport 80 -m nfacct --nfacct-name http-traffic iptables -I OUTPUT -p tcp --dport 80 -m nfacct --nfacct-name http-traffic nfacct get http-traffic See also man nfacct(8) for more information. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
inux/netfilter/xt_nfacct.h
|
7c1b69b97571ddeb8c624b0a1da366a456895a6d |
01-Mar-2012 |
Pablo Neira Ayuso <pablo@netfilter.org> |
Revert "libiptc: Returns the position the entry was inserted" This reverts commit d65702c5c5bbab0ef12298386fa4098c72584e6c. This is breaking my iptables scripts: iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT iptables: Incompatible with this kernel.
ibiptc/libiptc.h
|
d65702c5c5bbab0ef12298386fa4098c72584e6c |
04-Jan-2012 |
Jonh Wendell <jonh.wendell@vexcorp.com> |
libiptc: Returns the position the entry was inserted Jan Engelhardt showed no objections to this patch.
ibiptc/libiptc.h
|
98e1769b65b71989e3f16b25529b40f374aef323 |
28-Dec-2011 |
Patrick McHardy <kaber@trash.net> |
extensions: add IPv6 capable ECN match extension Patrick submitted this patch by 9th Jun 2011, I'm recovering and applying it to iptables. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
inux/netfilter/xt_ecn.h
inux/netfilter_ipv4/ipt_ecn.h
|
166b92d3fb2a7fc008df1b59332ef528a9a573ea |
14-Jul-2011 |
Florian Westphal <fw@strlen.de> |
extensions: add rpfilter module Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
inux/netfilter/xt_rpfilter.h
|
de4d2d3b716d83a6d3831aaf902c5adb5d1d14c9 |
27-Aug-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libiptc: use a family-invariant xtc_ops struct for code reduction Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibiptc/libip6tc.h
ibiptc/libiptc.h
ibiptc/xtcshared.h
|
14da56743c6cdf25da35b7b5ca7a5d201771990d |
27-Aug-2011 |
Jan Engelhardt <jengelh@medozas.de> |
src: resolve old macro names that are indirections Command used: git grep -f <(pcregrep -hior '(?<=#define\s)IP6?(T_\w+)(?=\s+X\1)' include/) and then fix all occurrences. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibiptc/libip6tc.h
ibiptc/libiptc.h
|
1639fe86579f86f5f6a954a9b0adde2e16ad1980 |
27-Aug-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libiptc: combine common types: _handle No real API/ABI change incurred, since the definition of the structs' types is not visible anyhow. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
p6tables.h
ptables.h
ibiptc/libip6tc.h
ibiptc/libiptc.h
ibiptc/xtcshared.h
|
7e5e866a36a76c153e5903b8251f90cfe07a1d34 |
27-Aug-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libiptc: replace ipt_chainlabel by xt_chainlabel Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
p6tables.h
ptables.h
ibiptc/libip6tc.h
ibiptc/libiptc.h
|
2325c0fedf7507f94aa3bb11cc65a70d33836f8f |
27-Aug-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libiptc: combine common types Make an xt_chainlabel type out of ipt_chainlabel and ip6t_chainlabel, and add backward-API #defines. The ABI naturally does not change either, so no soversion bump. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
akefile.am
ibiptc/libip6tc.h
ibiptc/libiptc.h
ibiptc/xtcshared.h
|
62fc25fd1625f0f65b9eed3e15fe929dd0aff2c5 |
08-Sep-2011 |
Jan Engelhardt <jengelh@medozas.de> |
Merge branch 'master' of git://dev.medozas.de/iptables
|
f56b8a8bf4b1041cb875fd8439778f35276bdb30 |
03-Sep-2011 |
Jan Engelhardt <jengelh@medozas.de> |
iptables: move kernel version find routing into libxtables That way, the remaining unreferenced symbols that do appear in libipt_DNAT and libipt_SNAT as part of the new check can be resolved, and the ugly -rdynamic hack can finally be removed. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ptables.h
tables.h.in
|
dbe77cc974cee656eae37e75039dd1a410a4535b |
28-Aug-2011 |
Jan Engelhardt <jengelh@medozas.de> |
include: refresh include files from kernel 3.1-rc3 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
inux/kernel.h
inux/netfilter.h
inux/netfilter/ipset/ip_set.h
inux/netfilter/nf_conntrack_common.h
inux/netfilter/nf_conntrack_tuple_common.h
inux/netfilter/x_tables.h
inux/netfilter/xt_CT.h
inux/netfilter/xt_TCPOPTSTRIP.h
inux/netfilter/xt_TPROXY.h
inux/netfilter/xt_cluster.h
inux/netfilter/xt_connbytes.h
inux/netfilter/xt_connlimit.h
inux/netfilter/xt_physdev.h
inux/netfilter/xt_policy.h
inux/netfilter/xt_quota.h
inux/netfilter/xt_sctp.h
inux/netfilter/xt_set.h
inux/netfilter/xt_socket.h
inux/netfilter/xt_time.h
inux/netfilter/xt_u32.h
inux/netfilter_ipv4/ip_tables.h
inux/netfilter_ipv4/ipt_CLUSTERIP.h
inux/netfilter_ipv4/ipt_ECN.h
inux/netfilter_ipv4/ipt_SAME.h
inux/netfilter_ipv4/ipt_TTL.h
inux/netfilter_ipv4/ipt_addrtype.h
inux/netfilter_ipv4/ipt_ah.h
inux/netfilter_ipv4/ipt_ecn.h
inux/netfilter_ipv4/ipt_ttl.h
inux/netfilter_ipv6/ip6_tables.h
inux/netfilter_ipv6/ip6t_HL.h
inux/netfilter_ipv6/ip6t_REJECT.h
inux/netfilter_ipv6/ip6t_ah.h
inux/netfilter_ipv6/ip6t_frag.h
inux/netfilter_ipv6/ip6t_hl.h
inux/netfilter_ipv6/ip6t_ipv6header.h
inux/netfilter_ipv6/ip6t_mh.h
inux/netfilter_ipv6/ip6t_opts.h
inux/netfilter_ipv6/ip6t_rt.h
inux/types.h
|
3775fb69f63b76191bc3571bfa8538c18173d90f |
28-Aug-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_addrtype: add support for revision 1 Rev 1 was added to the kernel in commit v2.6.39-rc1~468^2~10^2~1 but there was no corresponding iptables patch so far. Cc: Florian Westphal <fw@strlen.de> Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
inux/netfilter/xt_addrtype.h
|
fbe9f1ecccb5ac02858fa7eee2979e0e4d97bb5f |
09-Jul-2011 |
Jan Engelhardt <jengelh@medozas.de> |
option: remove last traces of intrapositional negation Intrapositional negation was deprecated in 1.4.3. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
tables.h.in
|
5caed2aebebf7c72dfa982f247ac35ec67a1b852 |
21-Jun-2011 |
JP Abgrall <jpa@google.com> |
Adding the original quota2 from xtables-addons The original xt_quota in the kernel is plain broken: - counts quota at a per CPU level (was written back when ubiquitous SMP was just a dream) - provides no way to count across IPV4/IPV6. This patch is the original unaltered code from: http://sourceforge.net/projects/xtables-addons at commit e84391ce665cef046967f796dd91026851d6bbf3 Change-Id: Ia8b21394ea79ef55514748e96f769e40355a6ccf Signed-off-by: JP Abgrall <jpa@google.com>
inux/netfilter/xt_quota2.h
|
2dba676b68ef842025f3afecba26cb0b2ae4c09b |
18-Jun-2011 |
Jan Engelhardt <jengelh@medozas.de> |
extensions: support for per-extension instance "global" variable space Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
tables.h.in
|
8b4807f0a1d98f1d980d3d616ad565c9b72d7c49 |
11-Jun-2011 |
JP Abgrall <jpa@google.com> |
Post-merge fixup. Add new Android.mk, re-checkin generated files They have no more compilable files in the top dir. Created extra Android.mk for each subdir. Regenerated the include/iptables/internal.h and include/xtables.h with ./autogen.sh export ANDROID_ROOT=$(gettop)/prebuilt/linux-x86/toolchain/arm-linux-androideabi-4.4.x/ ./configure -host=arm-eabi CC=arm-linux-androideabi-gcc CPPFLAGS="$funky_includes" CFLAGS="-nostdlib" LDFLAGS="-Wl,-rpath-link=$ANDROID_ROOT/arm-linux-androideabi/lib -L$ANDROID_ROOT/arm-linux-androideabi/lib" Change-Id: Ia57ed699edd32ffce16e94e2f13fb93d94924a04
ptables/internal.h
tables.h
|
ebf81627b1a2f50fd47add49f9976ed430a19673 |
11-Jun-2011 |
JP Abgrall <jpa@google.com> |
Merge git://git.netfilter.org/iptables into v1.4.11_upstream Using theirs, as they have taken some of my prior changes\ with some improvements. Conflicts: include/xtables.h.in iptables/xtables.c iptables/xtoptions.c Change-Id: I8e1e537fbb868eeebb448c8f1d9e33b283448aac
|
0b7a140944738d67b9c4e6f09992c8407eefb18a |
24-May-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxtables: use uintmax for xtables_strtoul Addendum to 2305d5fb42fc059f38fc1bdf53411dbeecdb310b. I noticed that unsigned long long is not consistently used, for example, min/max are still just unsigned long, and strtoul is being called. Instead of changing it to unsigned long long, just use uintmax functions right away so this does not need size-related changing in the future. Cc: JP Abgrall <jpa@google.com> Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
tables.h.in
|
2305d5fb42fc059f38fc1bdf53411dbeecdb310b |
19-May-2011 |
JP Abgrall <jpa@google.com> |
libxt_quota: make sure uint64 is not truncated The xtables_strtoul() would cram a long long into a long. The parse_int would try to cram a UINT64 into a long.
tables.h.in
|
16bd81be22ba2753e26f6a9ee6cb291e1e707d0d |
19-May-2011 |
JP Abgrall <jpa@google.com> |
androidifying: fixup includes and extraneous typedefs for __ANDROID__ The current could would take steps to define missing types, and include extra stuff based on GLIBC defines/versions. Make those places be ANDROID aware. Change-Id: I2d1f03e3c0f7f53250288a84db4c9ccf0431d482 Signed-off-by: JP Abgrall <jpa@google.com>
ibiptc/ipt_kernel_headers.h
|
b3d101788ebac83cdf7aa71f78069cf1af4a748d |
19-May-2011 |
JP Abgrall <jpa@google.com> |
androidifying build: allow check-in of generated files. internal.h and xtables.h are generated at ./configure time from their *.h.in and are gitignored. These were generated with: ./autogen.sh export ANDROID_ROOT=$(gettop)/prebuilt/linux-x86/toolchain/arm-linux-androideabi-4.4.x/ ./configure -host=arm-eabi CC=arm-linux-androideabi-gcc CFLAGS="-nostdlib" LDFLAGS="-Wl,-rpath-link=$ANDROID_ROOT/arm-linux-androideabi/lib -L$ANDROID_ROOT/arm-linux-androideabi/lib" Change-Id: Ic0178d74d846cc989d4fa29029bf5e04911c85bc Signed-off-by: JP Abgrall <jpa@google.com>
ptables/internal.h
tables.h
|
b65b9fe5096bd49a9ec2f0f6c2f23d274cfc88ee |
19-May-2011 |
JP Abgrall <jpa@google.com> |
xtoptions + quota: parse and store 64bit values The xtables_strtoul() would cram a long long into a long. The parse_int would try to cram a UINT64 into a long. The quota_parse would just ignore whatever value was parsed. Change-Id: Ie1f05e98e974a255d962dd757a5592458f942f8b
tables.h.in
|
c02c92d1fcaa1223caf9a5eef32bedcb78f1e714 |
18-May-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxtables: retract _NE types and use a flag instead Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
tables.h.in
|
dcd1ad89105faf1f3a9a3febdb970b70c5466518 |
09-May-2011 |
Jan Engelhardt <jengelh@medozas.de> |
src: replace old IP*T_ALIGN macros Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibiptc/libip6tc.h
ibiptc/libiptc.h
|
59ce5bd1d05225911051a4c46ce5ccdd7c1ed078 |
12-May-2011 |
Patrick McHardy <kaber@trash.net> |
Merge branch 'floating/opts' of git://dev.medozas.de/iptables
|
8075493a00e06857147263574333df4073ea671b |
11-May-2011 |
Patrick McHardy <kaber@trash.net> |
Merge branch 'opts' of git://dev.medozas.de/iptables
|
c29f7ef7cb5a31620060ef721d3c65b343eb537a |
09-May-2011 |
Patrick McHardy <kaber@trash.net> |
Merge branch 'opts' of git://dev.medozas.de/iptables
|
cb225e26856accf5661dcbc3cf34d7f77b2f0c36 |
08-May-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxtables: XTTYPE_ETHERMAC support Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
tables.h.in
|
edc2b1adf32d2b11e126174f525293b3bca6e7bc |
09-May-2011 |
Patrick McHardy <kaber@trash.net> |
Merge branch 'opts' of git://dev.medozas.de/iptables
|
170cf49a630fd0d237818b537c01794dde00b07a |
07-May-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxtables: XTTYPE_PROTOCOL support Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
tables.h.in
|
87a34d7aef2cba833f4f36536575dee304bbece5 |
07-May-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_multiport: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
tables.h.in
|
66266abd17adc9631f3769ef0b82968c0bac6f38 |
05-May-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxtables: XTTYPE_HOSTMASK support Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
tables.h.in
|
fa9b759bacc0ad6a093892ef508811e7feb981b0 |
04-May-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxtables: XTTYPE_PLEN support Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
tables.h.in
|
d7282413763b0ba85d512c1cd49174b762ff449c |
04-May-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxtables: do not overlay addr and mask parts, and cleanup XTTYPE_HOSTMASK will require that what has now become haddr, hmask/hlen are not overlays of another. Thus relax the structure and always set all members of the {haddr, hmask, hlen} triplet now for all types that touch any of the members. Add some more comments and clean out ONEHOST.
tables.h.in
|
e8b42fee7eaa1ba6df203fe0bc4496cae226cbd2 |
02-May-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxtables: support for XTTYPE_PLENMASK Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
tables.h.in
|
f012b3c9190cd95ac170072f759a97575613ea07 |
02-May-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxtables: XTTYPE_DOUBLE support Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
tables.h.in
|
104fb318d22231c9edf9d61ef84cc84386e52d6b |
07-May-2011 |
Jan Engelhardt <jengelh@medozas.de> |
extensions: remove bogus use of XT_GETOPT_TABLEEND Commit v1.4.8-36-g32b8e61 added this end marker in a little too many places: at non-getopt places. Fix that. Also change the definition of XT_GETOPT_TABLEEND to reference a struct getopt member by name so that this cannot happen again. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
tables.h.in
|
f30231a02e145020fb47524f9a0daeb498a4f7d0 |
17-Apr-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxtables: XTTYPE_PORTRC support Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
tables.h.in
|
61cc52b6f9edfa3efb1d0c9ea9531abb42828ec2 |
29-Apr-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_TOS: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
tables.h.in
|
9a9694fbf1796a6a5011b60b2a15c01fa3c61368 |
06-Apr-2011 |
Maciej Żenczykowski <maze@google.com> |
Move common parts of libext{4,6}.a into libext.a Signed-off-by: Maciej Zenczykowski <maze@google.com>
tables.h.in
|
57a92c7b7ed01ad8f49c680af63341409c3afb1a |
18-Apr-2011 |
Patrick McHardy <kaber@trash.net> |
Merge branch 'floating/opts' of git://dev.medozas.de/iptables
|
e39f367d905670e39e6f08d2b73c715a6d0b4bfb |
17-Apr-2011 |
Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> |
SET target revision 2 added The new revision of the SET target supports the following new operations - specifying the timeout value of the entry to be added - flag to instruct the kernel that if the entry already exists then reset the timeout value to the specified one (or to the default from the set definition)
inux/netfilter/xt_set.h
|
b8592fa3352018646b0befaa48f930f75c5b7d92 |
14-Feb-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxtables: XTTYPE_PORT support Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
tables.h.in
|
2b01f706e7ba48d72e57f8e47457a86d9ed44992 |
14-Feb-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxtables: XTTYPE_ONEHOST support The bonus of the POSIX socket API is that it is almost protocol-agnostic and that there are ready-made functions to take over the gist of address parsing and packing. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
tables.h.in
|
41a4cea0f4109fb76762dca073c3c1217658ee06 |
15-Feb-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxtables: XTTYPE_SYSLOGLEVEL support Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
tables.h.in
|
33d180871bea281a448efd0c1a49517318162382 |
06-Mar-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxtables: pass struct xt_entry_{match,target} to x6 parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
tables.h.in
|
0eff54bd407aae6b99c3b189d356929e399b5a38 |
06-Mar-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxtables: XTTYPE_UINT16 support Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
tables.h.in
|
bc438c4cbdab09fafbbceecddd54e44e4234a4a1 |
06-Mar-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxtables: XTTYPE_UINT64RC support Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
tables.h.in
|
8bf513ada0aae0e4b1ac5160113fc532c2f525d0 |
06-Mar-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxtables: XTTYPE_UINT8RC support Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
tables.h.in
|
564eaf48e14411803a353206eefbb89d525c63ff |
06-Mar-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxtables: XTTYPE_UINT16RC support Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
tables.h.in
|
2e0ec4fa0fb5162c441cd666f55fe76777e40d5e |
06-Mar-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxtables: linked-list name<->id map This consolidates the maps from libxt_devgroup and libxt_realm. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
tables.h.in
|
8b5bdea659f1fb86b3288a2568ab104a90b914e5 |
06-Mar-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxtables: XTTYPE_UINT64 support Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
tables.h.in
|
d25e217578492d17f7752bf77cfab5f2c2509795 |
06-Mar-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxtables: XTTYPE_MARKMASK32 support Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
tables.h.in
|
316ae9d2f1996caea4cf221201accb8c2087a154 |
13-Apr-2011 |
Patrick McHardy <kaber@trash.net> |
Merge branch 'opts' of git://dev.medozas.de/iptables
|
cd50f26ad6016ae57af1f822f8aa3ceb2ef9727a |
12-Apr-2011 |
Patrick McHardy <kaber@trash.net> |
Merge branch 'opts' of git://dev.medozas.de/iptables
|
4a0a17620017c1f45946b2cde7139ef18ea3d93c |
15-Feb-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxtables: XTTYPE_STRING support Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
tables.h.in
|
04bb988275ac76815a15788a7fc75ac78f3bb833 |
27-Feb-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxtables: XTTYPE_UINT32RC support Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
tables.h.in
|
dfe99f1bf291b4b954d3608dbe95a43e16a8bb49 |
27-Feb-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxtables: XTTYPE_UINT8 support Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
tables.h.in
|
d78254d7f9d18ef76377a3013302430cce8ea702 |
27-Feb-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxtables: min-max option support Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
tables.h.in
|
a93142d5f55db74ebd7d49be9bd88f7a499ded40 |
16-Feb-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxtables: XTTYPE_UINT32 support Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
tables.h.in
|
3af739b0e7c3b6dcc986645c57c982d0add5006b |
10-Feb-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxtables: provide better final_check This passes the per-extension data block to the new x6_fcheck function pointer, which can then do last alterations without using hacks like global variables (think libxt_statistic). Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
tables.h.in
|
aa37acc1423126f555135935c687eb91995b9440 |
07-Feb-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxtables: guided option parser This patchset seeks to drastically reduce the code in the individual extensions by centralizing their argument parsing (breakdown of strings), validation, and in part, assignment. As a secondary goal, this reduces the number of static storage duration variables in flight. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
tables.h.in
|
c1e04bd1b057151afaf7e6138089f2fe2c1b7d1c |
04-Apr-2011 |
Maciej Zenczykowski <maze@google.com> |
v4: rename do_command() to do_command4() Signed-off-by: Maciej Zenczykowski <maze@google.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
ptables.h
|
9680f2ecbdb7e5c61ab60e7399e9ca9f1013fd8d |
04-Apr-2011 |
Maciej Zenczykowski <maze@google.com> |
v6: rename print_rule() to print_rule6() Signed-off-by: Maciej Zenczykowski <maze@google.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
p6tables.h
|
bb9fe8059f40f0dde9c780498f5af42f5aa6a179 |
04-Apr-2011 |
Maciej Zenczykowski <maze@google.com> |
v4: rename print_rule() to print_rule4() Signed-off-by: Maciej Zenczykowski <maze@google.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
ptables.h
|
85aae15567b8ae1eaedf9f011ba7aef80dfca208 |
04-Apr-2011 |
Maciej Zenczykowski <maze@google.com> |
v6: rename delete_chain() to delete_chain6() Signed-off-by: Maciej Zenczykowski <maze@google.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
p6tables.h
|
e5c061afabf018634a507f00df5b1d0c4bd53a37 |
04-Apr-2011 |
Maciej Zenczykowski <maze@google.com> |
v4: rename delete_chain() to delete_chain4() Signed-off-by: Maciej Zenczykowski <maze@google.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
ptables.h
|
74ace0a46048d01611a44c24f6fe5f59d936231b |
04-Apr-2011 |
Maciej Zenczykowski <maze@google.com> |
v6: rename flush_entries() to flush_entries6() Signed-off-by: Maciej Zenczykowski <maze@google.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
p6tables.h
|
cc38d058d14e84d3008a0c0035348e0ad5f0d5d2 |
04-Apr-2011 |
Maciej Zenczykowski <maze@google.com> |
v4: rename flush_entries() to flush_entries4() Signed-off-by: Maciej Zenczykowski <maze@google.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
ptables.h
|
241e73594f6d75e32a7e89ebdb6b7f7917a48df0 |
04-Apr-2011 |
Maciej Zenczykowski <maze@google.com> |
v6: rename for_each_chain() to for_each_chain6() Signed-off-by: Maciej Zenczykowski <maze@google.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
p6tables.h
|
e70844a98d125679cfe0c62e48d0f19bf175280d |
04-Apr-2011 |
Maciej Zenczykowski <maze@google.com> |
v4: rename for_each_chain() to for_each_chain4() Signed-off-by: Maciej Zenczykowski <maze@google.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
ptables.h
|
a85112dc330188035a8d7a58cab499d7672e4d87 |
04-Apr-2011 |
Maciej Zenczykowski <maze@google.com> |
xtables.h: init_extensions() no longer exists Signed-off-by: Maciej Zenczykowski <maze@google.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
tables.h.in
|
49d8c5d564cad70c5c1bef2d5571e8e494454210 |
04-Apr-2011 |
Maciej Zenczykowski <maze@google.com> |
v6: rename init_extensions() to init_extensions6() Signed-off-by: Maciej Zenczykowski <maze@google.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
tables.h.in
|
5e8f947becc00a79e78b2a6cf0e25fd674c57ec4 |
04-Apr-2011 |
Maciej Zenczykowski <maze@google.com> |
v4: rename init_extensions() to init_extensions4() Signed-off-by: Maciej Zenczykowski <maze@google.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
tables.h.in
|
d59b9db031abee37a9aa9776662dd15370faabf4 |
08-Mar-2011 |
Stefan Tomanek <stefan.tomanek@wertarbyte.de> |
iptables: add -C to check for existing rules It is often useful to check whether a specific rule is already present in a chain without actually modifying the iptables config. Services like fail2ban usually employ techniques like grepping through the output of "iptables -L" which is quite error prone. This patch adds a new operation -C to the iptables command which mostly works like -D; it can detect and indicate the existence of the specified rule by modifying the exit code. The new operation TC_CHECK_ENTRY uses the same code as the -D operation, whose functions got a dry-run parameter appended. Signed-off-by: Stefan Tomanek <stefan.tomanek@wertarbyte.de> Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibiptc/libip6tc.h
ibiptc/libiptc.h
|
9ee2a9fe2f74b616da34878104bd1ff406534ad1 |
03-Feb-2011 |
Patrick McHardy <kaber@trash.net> |
extensions: add extension for devgroup match Signed-off-by: Patrick McHardy <kaber@trash.net>
inux/netfilter/xt_devgroup.h
|
f46f8c1c5b6d9f5685b9d945e95647eaf6c2d35b |
20-Jan-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_connlimit: remove duplicate member that caused size change Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
inux/netfilter/xt_connlimit.h
|
c8f28cc8b84133f20421470e9a61a5a0c78b9c4a |
20-Jan-2011 |
Patrick McHardy <kaber@trash.net> |
extensions: libxt_conntrack: add support for specifying port ranges Add support for revision 3 of the conntrack match, which allows to specify port ranges for origsrc/origdst/replsrc/repldst. Signed-off-by: Patrick McHardy <kaber@trash.net>
inux/netfilter/xt_conntrack.h
|
6924b4987d88fbe383bec4da4cf331cc466c245e |
20-Jan-2011 |
Florian Westphal <fw@strlen.de> |
extensions: libxt_NFQUEUE: add v2 revision with --queue-bypass option --queue-bypass: if no userpace program is listening on the queue, then allow packets to continue through the ruleset instead of dropping them. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
inux/netfilter/xt_NFQUEUE.h
|
773438bd93851dc1a9129a638925c04868820297 |
20-Jan-2011 |
Thomas Graf <tgraf@redhat.com> |
libxt_AUDIT: add AUDIT target libxt module for the AUDIT target. -j AUDIT --type (accept|reject|drop) Signed-off-by: Thomas Graf <tgraf@redhat.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
inux/netfilter/xt_AUDIT.h
|
5da9e63f66ca190cb90193ebb9eebf5aa523b4d1 |
19-Jan-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_connlimit: support for dstaddr-supporting revision 1 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
inux/netfilter/xt_connlimit.h
|
4a1d810bb52aa5d5c450f7adcde5145d40261b54 |
26-Dec-2010 |
Jan Engelhardt <jengelh@medozas.de> |
xt_comment: remove redundant cast
inux/netfilter/xt_comment.h
|
b4af04be14560b3fcc6cf23200148d408014a2f5 |
03-Dec-2010 |
Jan Engelhardt <jengelh@medozas.de> |
include: update files with headers from Linux 2.6.37-rc1 Also includes the type change to __u{8,16,32} kernel types already.
inux/netfilter/xt_CHECKSUM.h
inux/netfilter/xt_CT.h
inux/netfilter/xt_IDLETIMER.h
inux/netfilter/xt_SECMARK.h
inux/netfilter/xt_TCPOPTSTRIP.h
inux/netfilter/xt_TPROXY.h
inux/netfilter/xt_cluster.h
inux/netfilter/xt_connlimit.h
inux/netfilter/xt_ipvs.h
inux/netfilter/xt_physdev.h
inux/netfilter/xt_policy.h
inux/netfilter/xt_quota.h
inux/netfilter/xt_sctp.h
inux/netfilter/xt_socket.h
inux/netfilter/xt_time.h
inux/netfilter/xt_u32.h
|
710a132ce9fbecedbf9447f2b2a134f2359a583c |
15-Nov-2010 |
Jan Engelhardt <jengelh@medozas.de> |
Revert "Revert "libxtables: change option precedence order to be intuitive"" This reverts commit e84f131b5f992577119bd3679241f69ec394e0a7. Solution follows.
tables.h.in
|
e84f131b5f992577119bd3679241f69ec394e0a7 |
15-Nov-2010 |
Patrick McHardy <kaber@trash.net> |
Revert "libxtables: change option precedence order to be intuitive" This reverts commit 600f38db82548a683775fd89b6e136673e924097. The commit breaks option parsing: iptables v1.4.9: host/network `port' not found Try `iptables -h' or 'iptables --help' for more information. Signed-off-by: Patrick McHardy <kaber@trash.net>
tables.h.in
|
600f38db82548a683775fd89b6e136673e924097 |
29-Oct-2010 |
Jan Engelhardt <jengelh@medozas.de> |
libxtables: change option precedence order to be intuitive When using `-m mark --mark 2 -m connmark --mark 2`, the user currently gets an error about the (libxt_mark) --mark option being used twice. This is because libxt_connmark's option table does not override any previous options. This patch changes this behavior, since the current behavior does not allow connmark's option to be used at all, which is illogical. Cc: Florian Westphal <fw@strlen.de> Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
tables.h.in
|
422342e47c18e70757231f2210b13df8e1f5931c |
02-Aug-2010 |
Changli Gao <xiaosuo@gmail.com> |
libxt_quota: don't ignore the quota value on deletion Don't ignore the quota value on deletion, then we can remove a special rule everytime. Signed-off-by: Changli Gao <xiaosuo@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
inux/netfilter/xt_quota.h
|
32b8e61e4e5bd405d9ad07bf9468498dfbb19f9e |
23-Jul-2010 |
Jan Engelhardt <jengelh@medozas.de> |
all: consistent syntax use in struct option Try to inhibit copypasting old stuff. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
tables.h.in
|
2d59208943a3a2a6e0e30b6c84bb8ae80d444cd3 |
23-Jul-2010 |
Eric Dumazet <eric.dumazet@gmail.com> |
extension: add xt_cpu match Kernel 2.6.36 supports xt_cpu match In some situations a CPU match permits a better spreading of connections, or select targets only for a given cpu. With Remote Packet Steering or multiqueue NIC and appropriate IRQ affinities, we can distribute trafic on available cpus, per session. (all RX packets for a given flow are handled by a given cpu) Some legacy applications being not SMP friendly, one way to scale a server is to run multiple copies of them. Instead of randomly choosing an instance, we can use the cpu number as a key so that softirq handler for a whole instance is running on a single cpu, maximizing cache effects in TCP/UDP stacks. Using NAT for example, a four ways machine might run four copies of server application, using a separate listening port for each instance, but still presenting an unique external port : iptables -t nat -A PREROUTING -p tcp --dport 80 -m cpu --cpu 0 \ -j REDIRECT --to-port 8080 iptables -t nat -A PREROUTING -p tcp --dport 80 -m cpu --cpu 1 \ -j REDIRECT --to-port 8081 iptables -t nat -A PREROUTING -p tcp --dport 80 -m cpu --cpu 2 \ -j REDIRECT --to-port 8082 iptables -t nat -A PREROUTING -p tcp --dport 80 -m cpu --cpu 3 \ -j REDIRECT --to-port 8083 Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
inux/netfilter/xt_cpu.h
|
c36d05e42406966440e3644110d3d2504c4b165c |
23-Jul-2010 |
Hannes Eder <heder@google.com> |
libxt_ipvs: user-space lib for netfilter matcher xt_ipvs The user-space library for the netfilter matcher xt_ipvs. [ trivial up-port by Simon Horman <horms@verge.net.au> ] Signed-off-by: Hannes Eder <heder@google.com> Acked-by: Simon Horman <horms@verge.net.au> Signed-off-by: Patrick McHardy <kaber@trash.net>
inux/netfilter/xt_ipvs.h
|
b14f160c11196aeb99000611207bd353c7ae2cb9 |
15-Jul-2010 |
Patrick McHardy <kaber@trash.net> |
Merge branch 'master' into iptables-next
|
0bcda81f5f6d121084131fb944e2940f614cc98c |
15-Jul-2010 |
Patrick McHardy <kaber@trash.net> |
extensions: fix compilation of the new CHECKSUM target Add missing header file. Signed-off-by: Patrick McHardy <kaber@trash.net>
inux/netfilter/xt_CHECKSUM.h
|
127647892c7cac85baf8da62ed21232baa60f1c9 |
28-Jun-2010 |
Patrick McHardy <kaber@trash.net> |
extensions: libipt_LOG/libip6t_LOG: support macdecode option Signed-off-by: Patrick McHardy <kaber@trash.net>
inux/netfilter_ipv4/ipt_LOG.h
inux/netfilter_ipv6/ip6t_LOG.h
|
78514bc3a9b1b724c9fc904941c5854644865673 |
25-Jun-2010 |
Patrick McHardy <kaber@trash.net> |
Merge branch 'master' of vishnu.netfilter.org:/data/git/iptables
|
d40f1628c3717daebc437a398a285e371b5b6f7f |
16-Jun-2010 |
Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> |
libxt_set: new revision added libipt_set renamed to libxt_set and the support for the forthcoming ipset release added. I have tested backward (IPv4) and forward compatibility (IPv4/IPv6): ipset -N test iphash ipset -A test test-address iptables -N test-set iptables -A test-set -j LOG --log-prefix "match " iptables -A test-set -j DROP iptables -A OUTPUT -m set --match-set test dst -j test-set ping test-address
inux/netfilter/xt_set.h
inux/netfilter_ipv4/ip_set.h
inux/netfilter_ipv4/ipt_set.h
|
d96993e50b44b358ea5bd15f3944674eafd62542 |
15-Jun-2010 |
Luciano Coelho <luciano.coelho@nokia.com> |
extensions: add idletimer xt target extension Add the extension plugin for the IDLETIMER x_tables target. Signed-off-by: Luciano Coelho <luciano.coelho@nokia.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
inux/netfilter/xt_IDLETIMER.h
|
11c2dd54b69e06ae3f35dea130ecba3df3859243 |
07-Jun-2010 |
Jan Engelhardt <jengelh@medozas.de> |
xtables: remove xtables_set_revision function Since iptables uses its own copies of the header files anyway where the revision field is exposed, there is no reach to access name[] beyond its size. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
tables.h.in
|
491c1660fced08e2d1a08c101c63af04250275d0 |
07-Jun-2010 |
Jan Engelhardt <jengelh@medozas.de> |
includes: sync header files from Linux 2.6.35-rc1 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
inux/kernel.h
inux/netfilter/x_tables.h
inux/netfilter/xt_CONNMARK.h
inux/netfilter/xt_MARK.h
inux/netfilter/xt_TEE.h
inux/netfilter/xt_connmark.h
inux/netfilter/xt_mark.h
inux/netfilter/xt_recent.h
inux/netfilter_ipv6.h
|
8532c70fd182057b440b41f013d8021a95bd72b2 |
21-May-2010 |
Patrick McHardy <kaber@trash.net> |
Revert "Revert "Merge branch 'iptables-next'"" This reverts commit 110c1e4502e21ea38e0980e6f8af857d24330099. Revert the revert to restore the TEE target.
inux/netfilter/xt_TEE.h
|
110c1e4502e21ea38e0980e6f8af857d24330099 |
21-May-2010 |
Patrick McHardy <kaber@trash.net> |
Revert "Merge branch 'iptables-next'" This reverts commit 65414babaebcd403e9bf2c27d9d74adb369bf3aa, reversing changes made to 7278461dfad72e2008585dd0bac0e889e5bba99e. Forgot to commit the version increase.
inux/netfilter/xt_TEE.h
|
c303bb0594fae1c4fd1097b2ce0814c5ffd0edc7 |
19-Apr-2010 |
Jan Engelhardt <jengelh@medozas.de> |
extensions: add support for xt_TEE xt_TEE is firstly included in Linux 2.6.35. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
inux/netfilter/xt_TEE.h
|
9fdbaa71452edaac9d5906716c15937f670341fa |
08-Mar-2010 |
Patrick McHardy <kaber@trash.net> |
extensions: add CT extension Signed-off-by: Patrick McHardy <kaber@trash.net>
inux/netfilter/nf_conntrack_common.h
inux/netfilter/xt_CT.h
|
350661a6eb089f3e54e67e022db9e16ea280499f |
31-Jan-2010 |
Jan Engelhardt <jengelh@medozas.de> |
includes: header updates Update the shipped Linux kernel headers from 2.6.33-rc6, as iptables's ipt_ECN.h for example references ipt_DSCP.h, which no longer exists. Since a number of old code pieces have been removed in the kernel in that fashion, the structs for older versions are moved into the .c file, to keep header updating simple. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
inux/netfilter.h
inux/netfilter/nf_conntrack_common.h
inux/netfilter/x_tables.h
inux/netfilter/xt_CLASSIFY.h
inux/netfilter/xt_CONNMARK.h
inux/netfilter/xt_CONNSECMARK.h
inux/netfilter/xt_DSCP.h
inux/netfilter/xt_LED.h
inux/netfilter/xt_MARK.h
inux/netfilter/xt_NFLOG.h
inux/netfilter/xt_NFQUEUE.h
inux/netfilter/xt_RATEEST.h
inux/netfilter/xt_SECMARK.h
inux/netfilter/xt_TCPMSS.h
inux/netfilter/xt_connbytes.h
inux/netfilter/xt_connmark.h
inux/netfilter/xt_conntrack.h
inux/netfilter/xt_dccp.h
inux/netfilter/xt_dscp.h
inux/netfilter/xt_esp.h
inux/netfilter/xt_hashlimit.h
inux/netfilter/xt_iprange.h
inux/netfilter/xt_length.h
inux/netfilter/xt_limit.h
inux/netfilter/xt_mark.h
inux/netfilter/xt_multiport.h
inux/netfilter/xt_owner.h
inux/netfilter/xt_physdev.h
inux/netfilter/xt_policy.h
inux/netfilter/xt_quota.h
inux/netfilter/xt_rateest.h
inux/netfilter/xt_realm.h
inux/netfilter/xt_recent.h
inux/netfilter/xt_sctp.h
inux/netfilter/xt_state.h
inux/netfilter/xt_statistic.h
inux/netfilter/xt_string.h
inux/netfilter/xt_tcpmss.h
inux/netfilter/xt_tcpudp.h
inux/netfilter_ipv4.h
inux/netfilter_ipv4/ip_tables.h
inux/netfilter_ipv4/ipt_ECN.h
inux/netfilter_ipv4/ipt_SAME.h
inux/netfilter_ipv4/ipt_TOS.h
inux/netfilter_ipv4/ipt_ah.h
inux/netfilter_ipv4/ipt_ecn.h
inux/netfilter_ipv4/ipt_iprange.h
inux/netfilter_ipv4/ipt_owner.h
inux/netfilter_ipv4/ipt_policy.h
inux/netfilter_ipv4/ipt_tos.h
inux/netfilter_ipv6.h
inux/netfilter_ipv6/ip6_tables.h
inux/netfilter_ipv6/ip6t_ah.h
inux/netfilter_ipv6/ip6t_frag.h
inux/netfilter_ipv6/ip6t_ipv6header.h
inux/netfilter_ipv6/ip6t_mh.h
inux/netfilter_ipv6/ip6t_opts.h
inux/netfilter_ipv6/ip6t_owner.h
inux/netfilter_ipv6/ip6t_policy.h
inux/netfilter_ipv6/ip6t_rt.h
inux/types.h
|
588b615bc78ddef3752f356d1e243129c4dbba96 |
12-Nov-2009 |
Patrick McHardy <kaber@trash.net> |
extensions: add osf extension From Evgeniy Polyakov <zbr@ioremap.net> Signed-off-by: Patrick McHardy <kaber@trash.net>
inux/netfilter/xt_osf.h
|
bf97128c7262f17a02fec41cdae75b472ba77f88 |
03-Nov-2009 |
Jan Engelhardt <jengelh@medozas.de> |
libxtables: hand argv to xtables_check_inverse In going to fix NF bug #611, "argv" is needed in xtables_check_inverse to set "optarg" to the right spot in case of an intrapositional negation. References: http://bugzilla.netfilter.org/show_bug.cgi?id=611 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
tables.h.in
|
4282d89a798adcf50973a22c5a17563b5e9421cb |
20-Aug-2009 |
Florian Westphal <fwestphal@astaro.com> |
libxt_NFQUEUE: add new v1 version with queue-balance option New version that adds support for specifying a queue range instead of a single queue id. The kernel will distribute flows across the given queue range. This is useful for multicore systems, simply start multiple instances of the userspace program on queues x, x+1, .. x+n and use "--queue-balance x:x+n". Packets belonging to the same connection are put into the same queue. With fixes from Jan Engelhardt. Signed-off-by: Florian Westphal <fwestphal@astaro.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
inux/netfilter/xt_NFQUEUE.h
|
8e4dacaed17701cb1891b962bb856e0e8cfbb5c8 |
05-Aug-2009 |
Jan Engelhardt <jengelh@medozas.de> |
Merge branch 'stable' Conflicts: extensions/libxt_conntrack.c Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
b79ec69027fd8b65e7eccd78a445b6665e8ad53b |
23-Jul-2009 |
Jan Engelhardt <jengelh@medozas.de> |
build: combine iptables-multi and iptables-static Changed the Makefile so that: 1. --enable-shared / --disable-shared control the linkage against libdl (and thus the potential to use 3rd party extensions) 2. --enable-static / --disable-static controls whether shipped extensions are built-in or provided as modules iptables-static becomes redundant by this action; iptables-multi now has the feature. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
tables.h.in
|
4186f8aa0b113ea1a52aa90292ff89b96bed9c39 |
23-Jul-2009 |
Jan Engelhardt <jengelh@medozas.de> |
build: fix struct size mismatch Mixing code compiled with and without -DNO_SHARED_LIBS is fine as long as the structs have the same layout. This patch prevents a potential (currently non-triggerable) "ip6tables: target (null)<123> is missing a version" error. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
tables.h.in
|
9a8fc4f89ef120d7beda3724994a1544346b947d |
25-Jun-2009 |
Jan Engelhardt <jengelh@medozas.de> |
xtables: add multi-registration functions Similar to the ones that are present in the kernel. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
tables.h.in
|
332e4acc574e3a348fe611d55bf642de0d50fbda |
09-Apr-2009 |
Michael Granzow <mgranzow@zeus.com> |
iptables: accept multiple IP address specifications for -s, -d libiptc already supports adding and deleting multiple rules with different addresses, so it only needs to be wired up to the options. # ip6tables -I INPUT -s 2001:db8::d,2001:db8::e -j DROP References: http://marc.info/?l=netfilter-devel&m=123929790719202&w=2 Adjustments made: syntax, removal of unneeded variables, manpage adjustment, soversion bump. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
tables.h.in
|
b97b42147ea65d7d24d70a2ffe925dbf091f26bc |
25-Jun-2009 |
Jan Engelhardt <jengelh@medozas.de> |
xt_conntrack: revision 2 for enlarged state_mask member This complements the xt_conntrack revision 2 code added to the kenrel. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
inux/netfilter/xt_conntrack.h
|
771871e1d9c39310cb6e2c595270d2e651309e6d |
22-May-2009 |
Jan Engelhardt <jengelh@medozas.de> |
xtables: use extern "C" This fixes linking errors for 3rd-party C++ code. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
tables.h.in
|
cd958a6c92c84095a439780b53832bb3aae2d512 |
06-May-2009 |
Pablo Neira Ayuso <pablo@netfilter.org> |
extensions: add `cluster' match support This patch adds support for the cluster match to iptables. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
inux/netfilter/xt_cluster.h
|
467fa9fe70f08342a50b859ddd431c848a956679 |
17-Apr-2009 |
Patrick McHardy <kaber@trash.net> |
SNAT/DNAT: add support for persistent multi-range NAT mappings Add support for persistent mappings (2.6.29-rc2+) as replacement for the removed SAME target. Signed-off-by: Patrick McHardy <kaber@trash.net>
et/netfilter/nf_nat.h
|
c4edfa63eda06f02cc5bc1a65d366c55bd2eda30 |
30-Mar-2009 |
Jan Engelhardt <jengelh@medozas.de> |
libxtables: reorder .version member When the structure's layout changes, as it did between v1.4.1 and v1.4.2, trying to compare the version string makes iptables segfault while it tries to determine whether the module is compatible in the first place. By moving the member to a known offset in the struct and keeping it there, objects (both iptables and 3rd party) compiled from this commit onwards will avoid the segfault. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
tables.h.in
|
38725a4411b0e0f34a3077e37b0be860352085a8 |
15-Mar-2009 |
Jan Engelhardt <jengelh@medozas.de> |
Merge commit 'nf/master'
|
71886fbb48ef50e212c43f5d7dffbab86f9ae31c |
25-Feb-2009 |
Stephen Hemminger <shemminger@vyatta.com> |
iptables: Add limits.h to get INT_MIN, INT_MAX, ... Fix build failure of iptables utilities on debian/ubuntu, maybe other distros. The values INT_MIN and INT_MAX are used by many filters and these are defined in limits.h --- patch against current iptables.git Signed-off-by: Patrick McHardy <kaber@trash.net>
tables.h.in
|
4e41854423b529d3107c23b85434d50a75d08057 |
21-Feb-2009 |
Jan Engelhardt <jengelh@medozas.de> |
extensions: add missing limits.h include Thanks to Stephen Hemminger for noticing. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibiptc/libip6tc.h
ibiptc/libiptc.h
|
978e27e8f8c2e49d0528c6c4ae3a56627fbe8492 |
21-Feb-2009 |
Jan Engelhardt <jengelh@medozas.de> |
include: resynchronize headers with 2.6.29-rc5 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
inux/netfilter/nf_conntrack_common.h
inux/netfilter/nf_conntrack_tuple.h
inux/netfilter/nf_nat.h
inux/netfilter/xt_NFLOG.h
inux/netfilter/xt_connlimit.h
inux/netfilter/xt_conntrack.h
inux/netfilter/xt_quota.h
inux/netfilter/xt_sctp.h
inux/netfilter/xt_string.h
inux/netfilter_ipv4/ip_tables.h
inux/netfilter_ipv4/ipt_SAME.h
inux/netfilter_ipv6/ip6_tables.h
inux/netfilter_ipv6/ip6t_TCPMSS.h
inux/types.h
et/netfilter/nf_conntrack_tuple.h
et/netfilter/nf_nat.h
|
1829ed482efbc8b390cc760d012b3a4450494e1a |
21-Feb-2009 |
Jan Engelhardt <jengelh@medozas.de> |
libxtables: prefix exit_error to xtables_error Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
tables.h.in
|
bddcb92d1f0f76d21c4469b1667c8199c9fab126 |
21-Feb-2009 |
Jan Engelhardt <jengelh@medozas.de> |
libxtables: inline and remove unused OPTION_OFFSET macro Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
tables.h.in
|
51bc836ad3fd52ed72289028871318d561b2959a |
11-Feb-2009 |
Jan Engelhardt <jengelh@medozas.de> |
libiptc: make library available as a shared library Tested-by: Jesper Dangaard Brouer <hawk@comx.dk> Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
akefile.am
|
5dd19de34380c91ad07bbe79a34726e59891cf54 |
13-Feb-2009 |
Jamal Hadi Salim <hadi@cyberus.ca> |
libxtables: general follow-up cleanup Kill program_name, program_version and xtables_program_name. Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
tables.h.in
|
7e4db2f50133007f549f222468bde4f3adcf41ac |
13-Feb-2009 |
Jamal Hadi Salim <hadi@cyberus.ca> |
libxtables: consolidate init calls into one function Introduce xtables_init_all() which hides three calls xtables_init(), xtables_set_nfproto(), and xtables_set_params(). Make ip[6]tables-restore, ip[6]tables-save and ip[6]tables-standalone use it. I moved xtables_set_params around for readability reasons. Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
tables.h.in
|
70581922f873a88306dd5b1cb83c5081ee239eb8 |
13-Feb-2009 |
Jamal Hadi Salim <hadi@cyberus.ca> |
libxtables: consolidate merge_options into xtables_merge_options Introduce xtables_merge_options() for re-use reasons. Apps can use it instead of each defining their own merge_options(). Made iptables and ip6tables use the new shared interface. Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
tables.h.in
|
139b3fe4bd5121501e60fe07963ea527d7f0bd36 |
12-Feb-2009 |
Jamal Hadi Salim <hadi@cyberus.ca> |
libxtables: make iptables and ip6tables use xtables_free_opts The patch modifies xtables_globals to introduce orig_opts and xtables_free_opts() to emulate what free_opts used to do. We also get rid of the copies of free_opts() that iptables and ip6tables keep. Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
tables.h.in
|
853322131026d62df3f8d77d67e5c63be496303c |
12-Feb-2009 |
Jamal Hadi Salim <hadi@cyberus.ca> |
libxtables: add xtables_set_revision Introduce xtables_set_revision() and make iptables and ip6tables use it. Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
tables.h.in
|
617d3d140f4739558dce2ef8ed01aef251cf5487 |
11-Feb-2009 |
Jamal Hadi Salim <hadi@cyberus.ca> |
libxtables: set names of programs Set proper name of application. Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
p6tables.h
ptables.h
|
f567ac9193bc421992e572ec3196a73dc6ed59c0 |
12-Feb-2009 |
Jan Engelhardt <jengelh@medozas.de> |
build: restructure Makefile for include/ directory This patch will support adding libiptc to the headers list in future. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
akefile.am
|
41f03ba382dfd26e7db939fd02447058b1c56f7b |
11-Feb-2009 |
Jan Engelhardt <jengelh@medozas.de> |
libxtables: use const for vars holding literals Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
tables.h.in
|
6f3c30059d9cf73c438db08998c58cd1b502eb44 |
12-Feb-2009 |
Patrick McHardy <kaber@trash.net> |
Merge branch 'master' of git://dev.medozas.de/iptables
|
8b7baebc93989106fd5d26b262d0ce191f8ef7c0 |
11-Feb-2009 |
Jamal Hadi Salim <hadi@cyberus.ca> |
libxtables: simple aliasing macro for exit_error Rename xtables_globals exit_error cb to exit_err and introduce a very simple aliasing macro to point to it. convert iptables, ip6tables and iptables_xml to use it. Note iptables_xml does not have to define its own exit_error() since it can use the basic one provided. Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca> Signed-off-by: Patrick McHardy <kaber@trash.net>
tables.h.in
|
40a8343d3ad0cdbc3a7e69c8d970ad75807c29ed |
11-Feb-2009 |
Jamal Hadi Salim <hadi@cyberus.ca> |
libxtables: Add exit_error cb to xtables_globals Introduce exit_error() as part of xtables_globals structure. When an application registers its xtables_globals definition and does not specify its exit_error() it gets assigned a basic version Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca> Signed-off-by: Patrick McHardy <kaber@trash.net>
tables.h.in
|
84c3055bf08d0a8fe5db6e5f3f96dd826a290147 |
11-Feb-2009 |
Jamal Hadi Salim <hadi@cyberus.ca> |
libxtables: define xtables_free_opts() Introduce xtables_free_opts() an xtables variant of free_opts() which uses xtables_globals already set by xtables_set_params(). The end goal is to have all internal references in xtables.c use xtables_free_opts() instead of depending on external defined free_opts() Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca> Signed-off-by: Patrick McHardy <kaber@trash.net>
tables.h.in
|
8e90ce66a99e5dc9b055a9fd14e8e9216f90233c |
11-Feb-2009 |
Jamal Hadi Salim <hadi@cyberus.ca> |
libxtables: Introduce global params structuring introduce a new struct,xtables_globals, so as to localize the globals used and help in symbol renames. The applications must invoke xtables_set_params() before starting to use any iptables APIs. xtables_set_params() is intended to free xtables from depending (as it does right now) on existence of such externally definitions (from iptables/iptables6 etc). At the moment, xtables wont even compile without presence of at least one of {iptables/iptables6 etc} Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca> Signed-off-by: Patrick McHardy <kaber@trash.net>
tables.h.in
|
47a6fd9ec9891a8040eb8fd6db3c5012c1056061 |
10-Feb-2009 |
Jan Engelhardt <jengelh@medozas.de> |
src: consolidate duplicate code in iptables/internal.h Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
p6tables.h
ptables.h
ptables/internal.h.in
|
c31870f9bebb3d4d082016fcfaf8c2177ae32eb2 |
10-Feb-2009 |
Jan Engelhardt <jengelh@medozas.de> |
libxtables: move compat defines to xtables.c Addendum to commit v1.4.3-rc1-41-g77f48c2 where the macro users got moved. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
p6tables.h
ptables.h
|
ea955480a8ae43aa956ac62e1aab3f9670529819 |
10-Feb-2009 |
Jan Engelhardt <jengelh@medozas.de> |
src: remove unused ipt_tryload macro Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
p6tables.h
ptables.h
|
395e441e20ea9ab7f37122bcfd76fec527fa447b |
10-Feb-2009 |
Jan Engelhardt <jengelh@medozas.de> |
src: remove iptables_rule_match indirection macro Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
p6tables.h
ptables.h
|
c02e80878979d2205f3d89d05548397871e598e9 |
10-Feb-2009 |
Jan Engelhardt <jengelh@medozas.de> |
libxtables: decouple non-xtables parts from header Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
p6tables.h
ptables.h
ptables/internal.h.in
tables.h.in
tables/internal.h.in
|
b6601f3a4f65d0956dd829b63c503875b10d5c74 |
10-Feb-2009 |
Jan Engelhardt <jengelh@medozas.de> |
libxtables: remove unused XT_LIB_DIR macro Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
tables/internal.h.in
|
300e2909ba4714abc6093cba0ed860708282bd3e |
09-Feb-2009 |
Patrick McHardy <kaber@trash.net> |
Merge branch 'master' of git://dev.medozas.de/iptables
|
9cfc59f71f83ee97c4513fd340acf1e45073562b |
09-Feb-2009 |
Eric Leblond <eric@inl.fr> |
xt_NFLOG: Set default NFLOG qthreshold to 0 By setting default NFLOG qthreshold to 0, userspace does not overwrite the per-instance value. Signed-off-by: Patrick McHardy <kaber@trash.net>
inux/netfilter/xt_NFLOG.h
|
77f48c2f1ef21fa43aa68c25a1457db319ca2526 |
07-Feb-2009 |
Jan Engelhardt <jengelh@medozas.de> |
libxtables: move afinfo around libxtables should not rely on the program executable providing the magic constants for using [gs]etsockopt. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
tables.h.in
tables/internal.h.in
|
212092173b63be8532d95241bbd86db96e110220 |
01-Feb-2009 |
Jan Engelhardt <jengelh@medozas.de> |
libxtables: prefix names and order #3 This change affects: find_{match,target} -> xtables_find_{match,target} enum xt_tryload -> enum xtables_tryload loose flags like DONT_LOAD -> XTF_DONT_LOAD Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
tables.h.in
tables/internal.h
|
c6132022905b10ac70223e8116f3903ea0039e75 |
01-Feb-2009 |
Jan Engelhardt <jengelh@medozas.de> |
libxtables: prefix names and order it #2 This change affects: load_xtables_ko -> xtables_load_ko modprobe_program -> xtables_modprobe_program Now uses bool for the "quiet" flag. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
tables.h.in
tables/internal.h
|
43270796c709584b67343c333adaf28faea56265 |
01-Feb-2009 |
Jan Engelhardt <jengelh@medozas.de> |
libbxtables: prefix names and order it #1 It is good practice to prefix names in a library some way so that it does not clash with external programs' variable names right on the first try. This change: rename fw_[cm]alloc to xtables_[cm]alloc and move the definition from internal.h to xtables.h to avoid potential compiler warnings. These functions are intended to fix Jamal's dependency problem in his tc's ipt action. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
tables.h.in
tables/internal.h
|
1de7edffc9085c0f41c261dca995e28ae4126c29 |
30-Jan-2009 |
Jan Engelhardt <jengelh@medozas.de> |
libxtables: prefix/order - move parse_protocol to xtables.c Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
tables.h.in
|
0f16c725aadaac7e670d632ecbaea3661ff00827 |
30-Jan-2009 |
Jan Engelhardt <jengelh@medozas.de> |
libxtables: prefix/order - move check_inverse to xtables.c This also adds a warning that intrapositional negation support is deprecated. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
tables.h.in
|
a0baae85f8159f03d52535934aa9b3a375e0f1f3 |
30-Jan-2009 |
Jan Engelhardt <jengelh@medozas.de> |
libxtables: prefix - parse and escaped output func Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
tables.h.in
|
aae6be9edc99e58164a3592c510fe5488141c698 |
30-Jan-2009 |
Jan Engelhardt <jengelh@medozas.de> |
libxtables: prefix - misc functions Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
tables.h.in
|
1e01b0b82f70b0b11dcfbced485dbe7aeac4fb8c |
30-Jan-2009 |
Jan Engelhardt <jengelh@medozas.de> |
libxtables: prefix/order - ascii to ipaddr/ipmask input Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
tables.h.in
|
e44ea7faa17c10c68f14f5338a7cc6e3291a0ce7 |
30-Jan-2009 |
Jan Engelhardt <jengelh@medozas.de> |
libxtables: prefix/order - ipaddr/ipmask to ascii output Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
tables.h.in
|
a41545ca7cde43e0ba53260ba74bd9bf74025a68 |
27-Jan-2009 |
Jan Engelhardt <jengelh@medozas.de> |
libxtables: prefix/order - param_act Changes: exittype -> xtables_exittype P_* -> XTF_* flags Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
tables.h.in
|
dacafa55379fd98212031d8c559096c91d7ce93b |
27-Jan-2009 |
Jan Engelhardt <jengelh@medozas.de> |
libxtables: prefix/order - program_name Split XTABLES_VERSION into xtables and iptables, and encode the xtables soversion into the extensions instead. This makes it possible to upgrade iptables without having to recompile 3rd-party extensions (if the libxtables version matches, of course). Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
tables.h.in
tables/internal.h
tables/internal.h.in
|
5f2922cfc0bbfbeb878f5c12e9fb3eb602ae5507 |
27-Jan-2009 |
Jan Engelhardt <jengelh@medozas.de> |
libxtables: prefix/order - strtoui This commit also throws out the redundant string_to_number_*. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
tables.h.in
|
39bf9c8214d3073a496a8a1eff91046a8d6fbbdf |
27-Jan-2009 |
Jan Engelhardt <jengelh@medozas.de> |
libxtables: prefix/order - libdir Consolidate the libdir variable initialization code into xtables.c. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
tables.h.in
tables/internal.h
|
2338efd8f799d8373dc196c797bda9690283b698 |
27-Jan-2009 |
Jan Engelhardt <jengelh@medozas.de> |
libxtables: prefix/order - match/target loading This change affects: find_{match,target} -> xtables_find_{match,target} enum xt_tryload -> enum xtables_tryload loose flags like DONT_LOAD -> XTF_DONT_LOAD Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
tables.h.in
tables/internal.h
|
c021c3ce7b1583eb5dd71b10ac3d8ab3cd36beaa |
27-Jan-2009 |
Jan Engelhardt <jengelh@medozas.de> |
libxtables: prefix/order - modprobe and xtables.ko loading This change affects: load_xtables_ko -> xtables_load_ko modprobe_program -> xtables_modprobe_program Now uses bool for the "quiet" flag. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
tables.h.in
tables/internal.h
|
630ef48037f3602333addfdb53789c9c6a4bb4c8 |
27-Jan-2009 |
Jan Engelhardt <jengelh@medozas.de> |
libxtables: prefix/order - fw_xalloc It is good practice to prefix names in a library some way so that it does not clash with external programs' variable names right on the first try. This change: rename fw_[cm]alloc to xtables_[cm]alloc and move the definition from internal.h to xtables.h to avoid potential compiler warnings. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
tables.h.in
tables/internal.h
|
b8e74adfa512c220839dea399fc11197dd9b43ff |
07-Dec-2008 |
Jan Engelhardt <jengelh@medozas.de> |
src: remove unused include files No .c files include any of these - in fact they seem to be remnants missed during commit b1f568309a09e61f892dee3c23279cecff0b0ff4 - so remove them. Signed-off-by: Patrick McHardy <kaber@trash.net>
inux/netfilter_ipv4/ipt_DSCP.h
inux/netfilter_ipv4/ipt_FTOS.h
inux/netfilter_ipv4/ipt_connlimit.h
inux/netfilter_ipv4/ipt_dscp.h
inux/netfilter_ipv4/ipt_dstlimit.h
inux/netfilter_ipv4/ipt_rpc.h
|
03d99486d8283552705b58dc55b6085dffc38792 |
18-Nov-2008 |
Jan Engelhardt <jengelh@medozas.de> |
src: use NFPROTO_ constants Resync netfilter.h from the latest kernel and make use of the new NFPROTO_ constants that have been introduced. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
inux/netfilter.h
tables.h.in
|
1c9015b2cb483678f153121255e10ec0bbfde3e6 |
10-Nov-2008 |
Jan Engelhardt <jengelh@medozas.de> |
libiptc: remove indirections Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
p6tables.h
ptables.h
ibiptc/libip6tc.h
ibiptc/libiptc.h
|
fd1873110f8e57be578df17fc9d03536b10f4f73 |
10-Nov-2008 |
Jan Engelhardt <jengelh@medozas.de> |
libiptc: remove typedef indirection Don't you hate it when iptc_handle_t *x actually is a double-indirection struct iptc_handle **? This also shows the broken constness model, since "const iptc_handle_t x" = "iptc_handle_t const x" = "struct iptc_handle *const x", which is like no const at all. Lots of things to do then. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
p6tables.h
ptables.h
ibiptc/libip6tc.h
ibiptc/libiptc.h
|
af1660fe0e88cd9f1c770864e1c643718cb2cc62 |
22-Oct-2008 |
Jan Engelhardt <jengelh@medozas.de> |
Move libipt_recent to libxt_recent Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
inux/netfilter/xt_recent.h
inux/netfilter_ipv4/ipt_recent.h
|
92b54aa2b436387f85783d3f420ccaa12fdaf891 |
15-Oct-2008 |
KOVACS Krisztian <hidden@sch.bme.hu> |
Add iptables support for the TPROXY target Signed-off-by: KOVACS Krisztian <hidden@sch.bme.hu> Signed-off-by: Patrick McHardy <kaber@trash.net>
inux/netfilter/xt_TPROXY.h
|
ef18e8147903885708d1c264904129af4fb636d6 |
04-Aug-2008 |
Jan Engelhardt <jengelh@medozas.de> |
src: remove dependency on libiptc headers xtables.h does not need really need libxtc.h, and we can drop it from the install as it is internal-only. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
p6tables.h
ptables.h
ibiptc/libxtc.h
tables.h.in
|
78d2d14211466f1986882ba6bdf82e6429ce78dc |
07-Jul-2008 |
Joonwoo Park <joonwpark81@gmail.com> |
xt_string: string extension case insensitive matching The string extension can search patterns case insensitively with --icase option. A new revision 1 was added, in the meantime invert of xt_string_info was moved into flags as a flag. Signed-off-by: Joonwoo Park <joonwpark81@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
inux/netfilter/xt_string.h
|
4dfd25a405199c03fc694b9a43efdae6a91d8ae8 |
06-Jun-2008 |
Laszlo Attila Toth <panther@balabit.hu> |
addrtype match: added revision 1 In revision 1 address type checking can be limited to either the incoming or outgoing interface depending on the current chain. In the FORWARD chain only one of them is allowed at the same time. Signed-off-by: Laszlo Attila Toth <panther@balabit.hu> Signed-off-by: Patrick McHardy <kaber@trash.net>
inux/netfilter_ipv4/ipt_addrtype.h
|
e0bba47e550420e371c97425cc6d39909a6e059b |
05-Jun-2008 |
Patrick McHardy <kaber@trash.net> |
Resync header files with kernel Resync headers and add types.h file for endian annotated types, which are not available with old headers.
inux/netfilter.h
inux/netfilter/nf_conntrack_common.h
inux/netfilter/xt_RATEEST.h
inux/netfilter/xt_conntrack.h
inux/netfilter/xt_limit.h
inux/netfilter/xt_physdev.h
inux/netfilter/xt_policy.h
inux/netfilter/xt_rateest.h
inux/netfilter/xt_realm.h
inux/netfilter/xt_statistic.h
inux/netfilter/xt_string.h
inux/netfilter_ipv4.h
inux/netfilter_ipv4/ipt_CLUSTERIP.h
inux/netfilter_ipv4/ipt_ECN.h
inux/netfilter_ipv4/ipt_TTL.h
inux/netfilter_ipv4/ipt_ecn.h
inux/netfilter_ipv4/ipt_policy.h
inux/netfilter_ipv4/ipt_realm.h
inux/netfilter_ipv6.h
inux/netfilter_ipv6/ip6t_policy.h
inux/types.h
|
c634cb9cb13d6e1b6fd661b426363431f7ef321a |
03-Jun-2008 |
Thomas Jarosch <thomas.jarosch@intra2net.com> |
Add xtables version defines. Attached is a patch to add the new defines. The macro XTABLES_VERSION is already in use, so I named it XTABLES_VERSION_CHECK. I've also tested that an empty XTABLES_VERSION_EXTRA in configure.ac works. Now we can write code like this: #warning You are obselete and will be assimilated. Signed-off-by: Thomas Jarosch <thomas.jarosch@intra2net.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
tables.h.in
|
510aef98a56cdbfdb147f78b05d7554bb91770a9 |
02-Jun-2008 |
Patrick McHardy <kaber@trash.net> |
manpages: consistent syntax In the manpages, bold is used to denote characters the user has to enter verbatim, italic denotes placeholders and non-highlighted pieces are used as a structure: "[]" specifying an optional part, "{}" a mandatory part, with "|" used for alternations. The "!" for negation is better supported before the option than after it, too. The patch makes a few files consistent with this style already used in manpages.
inux/netfilter.h
|
96296cfb7e01298234c7fa9403619f50391620d1 |
13-May-2008 |
Henrik Nordstrom <henrik@henriknordstrom.net> |
iptables --list-rules command Adds iptables --list-rules (-S) command, acting as a combination of iptables --list and iptables-save. The primary motivation behind this patch is to get iptables-save like output capabilities in iptables-restore, allowing "iptables-restore -n" to be used as a consistent API to iptables for all kind of operations, not only blind updates.. As a bonus iptables also gets the capability of printing the rules as-is. This completely replaces the earlier patch which added the --rules option. Henrik Nordstrom <henrik@henriknordstrom.net>
p6tables.h
ptables.h
|
8b7c64d6ba156a99008fcd810cba874c73294333 |
15-Apr-2008 |
Jan Engelhardt <jengelh@medozas.de> |
Remove old functions, constants
p6tables.h
ptables.h
|
493c712d61c35a6d8db877b208d34c111337a918 |
15-Apr-2008 |
Jan Engelhardt <jengelh@medozas.de> |
Dynamically create xtables.h.in with version
tables.h
tables.h.in
|
ed342edd98456bd4f23d230481854be160fad1dc |
13-Feb-2008 |
Jan Engelhardt <jengelh@medozas.de> |
Remove support for compilation of conditional extensions
inux/netfilter_ipv4/ip_set.h
inux/netfilter_ipv4/ipt_set.h
|
ca7cd666949b68bf41a32de38ee38e332e89863b |
11-Feb-2008 |
Jan Engelhardt <jengelh@medozas.de> |
Add all necessary header files - compilation fix for various cases Allow iptables to compile without a kernel source tree. This implies fixing build for older kernels, such as 2.6.17 which lack xt_SECMARK.h.
inux/netfilter.h
inux/netfilter/x_tables.h
inux/netfilter/xt_SECMARK.h
inux/netfilter_ipv4/ip_tables.h
inux/netfilter_ipv4/ipt_DSCP.h
inux/netfilter_ipv4/ipt_LOG.h
inux/netfilter_ipv4/ipt_REJECT.h
inux/netfilter_ipv4/ipt_TOS.h
inux/netfilter_ipv4/ipt_dscp.h
inux/netfilter_ipv4/ipt_owner.h
inux/netfilter_ipv4/ipt_tos.h
inux/netfilter_ipv6/ip6_tables.h
inux/netfilter_ipv6/ip6t_LOG.h
|
21b41eea4724c57d2b6e5998cf38255046e43ad3 |
11-Feb-2008 |
Jan Engelhardt <jengelh@medozas.de> |
Combine IP{,6}T_LIB_DIR into XTABLES_LIBDIR
p6tables.h
ptables.h
|
9a8c77fc8df3155747c34dcea79b7834a2a9a40a |
11-Feb-2008 |
Jan Engelhardt <jengelh@medozas.de> |
Add support for xt_hashlimit match revision 1
inux/netfilter/xt_hashlimit.h
|
31558608e77c9712d26c0cb7e97f20e20f459830 |
10-Apr-2008 |
Jan Engelhardt <jengelh@medozas.de> |
xtables.h: move non-exported parts to internal.h
tables.h
tables/internal.h
|
33690a1aec0b6309ff90066ca56285b6e43013f2 |
11-Feb-2008 |
Jan Engelhardt <jengelh@medozas.de> |
Fix all remaining warnings (missing declarations, missing prototypes)
ptables.h
ibiptc/libip6tc.h
ibiptc/libiptc.h
tables.h
tables/internal.h
|
dbb77543ad6afe29e9a1881b2d4fc212de621a55 |
11-Feb-2008 |
Jan Engelhardt <jengelh@medozas.de> |
Fix -Wshadow warnings and clean up xt_sctp.h Note: xt_sctp.h is still not merged upstream in the kernel as of this commit. But a refactoring was really needed.
inux/netfilter/xt_sctp.h
tables.h
|
e75a227c1ba6ddaceb63969eb4df27dbd98a3dfc |
22-Feb-2008 |
Patrick McHardy <kaber@trash.net> |
Remove compiler.h inclusions.
inux/netfilter.h
inux/netfilter_ipv4/ip_tables.h
inux/netfilter_ipv6/ip6_tables.h
|
f2565b7a45c51d318706ffd0e372ba4e23cd2d32 |
29-Jan-2008 |
Patrick McHardy <kaber@trash.net> |
Add netfilter.h
inux/netfilter.h
|
9ee386a1b6d7704b259460152c959ab0e79e02aa |
29-Jan-2008 |
Max Kellermann <max@duempel.org> |
fix gcc warnings Max Kellermann <max@duempel.org>
ibiptc/libip6tc.h
ibiptc/libiptc.h
|
a5d099400fd6f9ad3880dda10f85d2aa36b5ec65 |
29-Jan-2008 |
Max Kellermann <max@duempel.org> |
escape strings Max Kellermann <max@duempel.org>
tables.h
|
ca1da708b6d41dbc5df99335b4370bd1592b4de3 |
29-Jan-2008 |
Jan Engelhardt <jengelh@medozas.de> |
[IPTABLES]: libxt_owner: UID/GID range support UID/GID range support for libxt_owner Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
inux/netfilter/xt_owner.h
|
ff068719055ae2327d94c79048381c09d3b744c4 |
29-Jan-2008 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_CONNMARK revision 1 Add support for xt_CONNMARK target revision 1. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
inux/netfilter/xt_CONNMARK.h
|
aef4c1e7275633e4650d16440faaf4cb7163ac0e |
20-Jan-2008 |
Sven Schnelle <svens@bitebene.org> |
libxt_TCPOPTSTRIP Import libxt_TCPOPTSTRIP into iptables. Signed-off-by: Sven Schnelle <svens@bitebene.org> Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
inux/netfilter/xt_TCPOPTSTRIP.h
|
41daaa0cfbb1cb6b80a2ce2571f9f92f164f0228 |
20-Jan-2008 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_iprange r0 Move libipt_iprange to libxt_iprange. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
inux/netfilter/xt_iprange.h
inux/netfilter_ipv4/ipt_iprange.h
|
d95d92f0a480008a89f4ffa69f0c67f55dbbe05f |
20-Jan-2008 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_mark r1 Introduce libxt_mark match revision 1 support. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
inux/netfilter/xt_mark.h
|
bd9438420d92c41a5cf20a53b7a18d3ddea4216d |
20-Jan-2008 |
Jan Engelhardt <jengelh@medozas.de> |
rename overlapping function names Rename overlapping function names. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
ptables.h
tables.h
|
08b1616e068166e016b3ee7110db10ae5d853422 |
20-Jan-2008 |
Jan Engelhardt <jengelh@medozas.de> |
bunch o' renames Move a few functions from iptables.c/ip6tables.c to xtables.c so they are available for combined (both AF_INET and AF_INET6) libxt modules. Rename overlapping function names. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
ptables.h
tables.h
|
a80b6046fa216c26dbc18d587f6255afa8444885 |
20-Jan-2008 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_conntrack r0 Move libipt_conntrack to libxt_conntrack. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
inux/netfilter/xt_conntrack.h
inux/netfilter_ipv4/ipt_conntrack.h
|
a7b0707bd83bac30a92871872dab79ec8cebebbb |
20-Jan-2008 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_connmark r1 Add support for xt_connmark match revision 1. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
inux/netfilter/xt_connmark.h
|
f4b737fb0c52a95a48f2e313ed4cff43db720ad6 |
20-Jan-2008 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_MARK r2 Add support for xt_MARK target revision 2. Also consolidate libip6t_MARK.man and libipt_MARK.man. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
inux/netfilter/xt_MARK.h
|
36f2eadca556da9bb4979b3f67f38020e80ef7d2 |
20-Jan-2008 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_TOS Move libipt_TOS revision 0 to libxt_TOS revision 0 and add support for xt_TOS target revision 1. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
inux/netfilter/xt_DSCP.h
|
0720c1226381f5c71748673c43c12499f1f254c7 |
20-Jan-2008 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_tos Move libipt_tos revision 0 to libxt_tos revision 0 and add support for xt_tos match revision 1. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
inux/netfilter/xt_dscp.h
|
5c5cd885daf43256f7bd24a3a698306764438145 |
20-Jan-2008 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_owner libxt_owner merges libipt_owner and libip6t_owner, and adds support for the xt_owner match revision 1. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
inux/netfilter/xt_owner.h
|
aafd269675fc45bac6340027c866ea6073643c3b |
20-Jan-2008 |
Jan Engelhardt <jengelh@medozas.de> |
common error messages Error messages vary wildly among modules, and there is a lot of reundance in it too. Introduce a helper function that does all of the parameter checking boilerplate and gives unique messages. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
tables.h
|
cd9e7aa106e80c44bd526af74b616701b0772d05 |
20-Jan-2008 |
Jan Engelhardt <jengelh@medozas.de> |
Introduce strtonum(), which works like string_to_number(), but passes back the 'end' pointer. It is useful where you want to do boundary checking yet work with strings that are not entirely slurped by strtoul(), e.g.: s = "1/2"; /* one half */ if (!strtonum(s, &end, &value, 0, 5)) error("Zero-length string, or value out of bounds"); if (*end != '/') error("Malformed string"); info->param1 = value; if (!strtonum(end + 1, &end, &value, 2, 4)) error(".."); if (*end != '\0') error("Malformed string"); info->param2 = value; Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
tables.h
|
f82070f9871d281c2802c1624dcf222886b5fb50 |
20-Jan-2008 |
Jan Engelhardt <jengelh@medozas.de> |
Converts the iptables build infrastructure to autotools. - Can build both static and dynamic at the same time - iptables-static will be a multi-binary, semi-static (link against libc but w/o dynamic plugins) - Always build IPv6 modules - consider INSTALL Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
tables.h
|
6afc5b720ed78173e4e21b759df16577fbce13d6 |
15-Jan-2008 |
Patrick McHardy <kaber@trash.net> |
Add rateest match extension Signed-off-by: Patrick McHardy <kaber@trash.net>
inux/netfilter/xt_rateest.h
|
2528258ddf066a5147394dc65cae3bde8e80e3c0 |
15-Jan-2008 |
Patrick McHardy <kaber@trash.net> |
Add RATEEST target extension Signed-off-by: Patrick McHardy <kaber@trash.net>
inux/netfilter/xt_RATEEST.h
|
5e9eaed23d0cf1cfdd49c88e68beb43e611f0191 |
17-Dec-2007 |
Jan Engelhardt <jengelh@medozas.de> |
use <linux/types.h> Remove our own definitions of the Linux types and use <linux/types.h> instead. libiptc needs it too, or otherwise will choke on union nf_inet_addr. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
ibiptc/libip6tc.h
ibiptc/libiptc.h
tables.h
|
2cfa903a2882a5d7819c697870af9ae3ab106386 |
25-Nov-2007 |
Jesper Brouer <jdb@comx.dk> |
Fix make/compile error for iptables-1.4.0rc1 Fixing a make/compile issue with iptables, release candidate 1.4.0rc1, which has existed since SVN changeset 6920. This patch adds ip_tables.h and ip6_tables.h, and updates x_tables.h, taken from Linus'es git tree. Changeset 6920 added the include file x_tables.h from kernel source, but didn't add ip_tables.h and ip6_tables.h. At some point (Tue Nov 14 19:48:48 2006, by Yasuyuki Kozakai) these kernel headers where changed, which actually removes certain depencencies from ip_tables.h and ip6_tables.h to x_tables.h. If compiling will fail, with old kernel headers (ip_tables.h and ip6_tables.h) available in systems include path, because they depend on certaine defines in x_tables.h with is missing in the version in SVN. Jesper Brouer <jdb@comx.dk>
inux/netfilter/x_tables.h
inux/netfilter_ipv4/ip_tables.h
inux/netfilter_ipv6/ip6_tables.h
|
ad326ef9f734ac30548de292c59fc0e2fd81ac2a |
23-Sep-2007 |
Jan Engelhardt <jengelh@medozas.de> |
Add the libxt_time iptables match This is libipt_time from POM-ng enhanced by the following: * day-of-month support (for example "match on the 15th of each month") * inversion support for --weekdays and --monthdays * match against UTC or local timezone * a manpage Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
inux/netfilter/xt_time.h
|
9640e529bd08c4c0458246fae0fd6b473c94ab46 |
10-Sep-2007 |
Jan Engelhardt <jengelh@medozas.de> |
Adds u32 to iptables. Signed-off-by: Jan Engelhardt <jengelh@gmx.de>
inux/netfilter/xt_u32.h
|
0b63936140032deac44072951451bdf47b54296a |
08-Sep-2007 |
Patrick McHardy <kaber@trash.net> |
Fix more sparse warnings: non-C99 array declaration, incorrect function prototypes
tables.h
|
c329d6a7085e3123f3d5ca98a8e0ab37edca2dcc |
05-Sep-2007 |
Patrick McHardy <kaber@trash.net> |
Fix aligned_u64 type on 64 bit: its an unsigned long, not an unsigned long long. Fixes compiler warning in quota match.
tables.h
|
31317ed1f9103434adda716abbe65e9fc7bdd418 |
05-Sep-2007 |
Patrick McHardy <kaber@trash.net> |
Build IPv6 hbh/dst matches unconditionally
inux/netfilter_ipv6/ip6t_opts.h
|
248a109b3bf6c9a0b3724f3123ad64a624d30631 |
05-Sep-2007 |
Patrick McHardy <kaber@trash.net> |
Build IPv6 rt match unconditionally
inux/netfilter_ipv6/ip6t_rt.h
|
1d1ad90494bf909871c233e76036b18841949c9e |
05-Sep-2007 |
Patrick McHardy <kaber@trash.net> |
Build ipv6header match unconditionally
inux/netfilter_ipv6/ip6t_ipv6header.h
|
389f785b060c181ce77d44840274b5c68e39b23f |
05-Sep-2007 |
Patrick McHardy <kaber@trash.net> |
Build IPv6 mh match unconditionally
inux/netfilter_ipv6/ip6t_mh.h
|
eda0390fe200f2d9f37d2a19b50e7ca531367ada |
05-Sep-2007 |
Patrick McHardy <kaber@trash.net> |
Resync header files and build IPv6 frag match unconditionally
inux/netfilter_ipv6/ip6t_frag.h
|
7a87b74d4d41a356df3a81d0e8415c4f7a76097b |
05-Sep-2007 |
Patrick McHardy <kaber@trash.net> |
Resync header file and build IPv6 ah match unconditionally
inux/netfilter_ipv6/ip6t_ah.h
|
9fc3b5e9aaecaa4f3ebaf4bb55ddde2620e7f13e |
05-Sep-2007 |
Patrick McHardy <kaber@trash.net> |
Resync header file and build CLUSTERIP target unconditionally
inux/netfilter_ipv4/ipt_CLUSTERIP.h
|
3df9b22a5b0fde0e0a00259078f419a4ad3a92cd |
05-Sep-2007 |
Patrick McHardy <kaber@trash.net> |
Build recent match unconditionally
inux/netfilter_ipv4/ipt_recent.h
|
9e9022562d76644a2c9d1024b597729af68c81e5 |
05-Sep-2007 |
Patrick McHardy <kaber@trash.net> |
Build dccp match unconditionally
inux/netfilter/xt_dccp.h
|
b8a0a100a68098c0329735b5724d9c0b425e72eb |
05-Sep-2007 |
Patrick McHardy <kaber@trash.net> |
Build string match unconditionally
inux/netfilter/xt_string.h
|
800b7e54e81f86d290a66330cecb1fe5a3a9a31a |
05-Sep-2007 |
Patrick McHardy <kaber@trash.net> |
Build statistic match unconditionally
inux/netfilter/xt_statistic.h
|
cddfd941e7a24dbc01a7dc79e4ce51f60f7128fc |
05-Sep-2007 |
Patrick McHardy <kaber@trash.net> |
Build quota match unconditionally
inux/netfilter/xt_quota.h
|
002d129b694633d47c76913b360329baa0d8e923 |
05-Sep-2007 |
Patrick McHardy <kaber@trash.net> |
Build NFLOG target unconditionally
inux/netfilter/xt_NFLOG.h
|
ea146a982e26c42f9954f140276f8deeb2edbe98 |
02-Sep-2007 |
Peter Riley <Peter.Riley@hotpop.com> |
Remove last vestiges of NFC (Peter Riley <Peter.Riley@hotpop.com>)
tables.h
|
001ebc22cdea0732f327142b10ff30309b36bbf8 |
23-Aug-2007 |
Patrick McHardy <kaber@trash.net> |
Resync ip6t_REJECT.h with kernel - seems the entire time we had an imcompatible header :( Noticed by Peter Riley <Peter.Riley@hotpop.com>
inux/netfilter_ipv6/ip6t_REJECT.h
|
f8137b1b4cc18d4ff528ac40b83345260bb644ae |
04-Aug-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Add IPv6 support to helper match
inux/netfilter/xt_helper.h
inux/netfilter_ipv4/ipt_helper.h
|
6aac50010e50aa42b42089110c8cf4d80b224f14 |
04-Aug-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Add IPv6 support to connbytes match
inux/netfilter/xt_connbytes.h
|
a7bf6d0decd93ade089a98a8de76a529cd96427e |
04-Aug-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Add IPv6 support to DSCP target
inux/netfilter/xt_DSCP.h
inux/netfilter_ipv4/ipt_DSCP.h
|
e4cc20b2367362c2f9c84c0daaccd985e3236118 |
04-Aug-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Add IPv6 support to CLASSIFY target
inux/netfilter/xt_CLASSIFY.h
inux/netfilter_ipv4/ipt_CLASSIFY.h
|
1ff0b8d6a6669e6bbbacbfd719bd7e016a4c0406 |
04-Aug-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Unifies libip[6]t_state into libxt_state
inux/netfilter/xt_state.h
|
c57c155312a544482a6b8a3c0f7224b00cfaae20 |
04-Aug-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Unifies libip[6]t_connmark into libxt_connmark
inux/netfilter/xt_connmark.h
inux/netfilter_ipv4/ipt_connmark.h
|
d62a9db1295608ef98394b830703389973346716 |
04-Aug-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Unifies libip[6]t_hashlimit into libxt_hashlimit
inux/netfilter/xt_hashlimit.h
inux/netfilter_ipv4/ipt_hashlimit.h
|
6e22228b00cc485282db16b9637315a60b6dbd10 |
04-Aug-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Unifies libip[6]t_MARK into libxt_MARK
inux/netfilter/xt_MARK.h
inux/netfilter_ipv4/ipt_MARK.h
inux/netfilter_ipv6/ip6t_MARK.h
|
5679958c748087a3e21fbfa26d2ea08a6572ee4f |
04-Aug-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Unifies libip[6]t_CONNSECMARK into libxt_CONNSECMARK
inux/netfilter/xt_CONNSECMARK.h
|
f36f4a8844132cbaacf3bbd5ec0254c17fcc97ae |
04-Aug-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Add IPv6 support to CONNMARK match
inux/netfilter/xt_CONNMARK.h
inux/netfilter_ipv4/ipt_CONNMARK.h
|
d884051d7dfa51ebe1a37e343af516b1bba6943d |
01-Aug-2007 |
Jan Engelhardt <jengelh@medozas.de> |
Make @msg argument a const char *, just like printf(). Signed-off-by: Jan Engelhardt <jengelh@gmx.de>
tables.h
|
3365332f89bd0fa65cea60a38e46a20346ba9964 |
30-Jul-2007 |
Jan Engelhardt <jengelh@medozas.de> |
Make xtables_target->extra_opts const (xtables_match->extra_opts already is) Signed-off-by: Jan Engelhardt <jengelh@gmx.de>
tables.h
|
a2e89ccf65e8c881e77674cd2b15b9704b0c6822 |
24-Jul-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Unifies libip[6]t_NFQUEUE.c into libxt_NFQUEUE.c
inux/netfilter/xt_NFQUEUE.h
inux/netfilter_ipv4/ipt_NFQUEUE.h
|
45e4c6946426785d30733701d1ee8112e58538a4 |
24-Jul-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Unifies libip[6]t_TCPMSS.c into libxt_TCPMSS.c
inux/netfilter/xt_TCPMSS.h
inux/netfilter_ipv4/ipt_TCPMSS.h
|
9ea637d5a7ebfb04e97db4cb114117474bbda9cf |
24-Jul-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Add IPv6 support to comment match
inux/netfilter/xt_comment.h
inux/netfilter_ipv4/ipt_comment.h
|
18e060822be3ad17368dbe3d7289dd21efd341a5 |
24-Jul-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Add IPv6 support to dscp match.
inux/netfilter/xt_dscp.h
inux/netfilter_ipv4/ipt_dscp.h
|
0a04e8d695549788213f842cc99c724a564a88df |
24-Jul-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Unifies libip[6]t_esp.c into libxt_esp.c
inux/netfilter/xt_esp.h
inux/netfilter_ipv4/ipt_esp.h
inux/netfilter_ipv6/ip6t_esp.h
|
36087d952be182a6163fc508c2168b9c3b9209c2 |
24-Jul-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Unifies libip[6]t_length.c into libxt_length.c
inux/netfilter/xt_length.h
inux/netfilter_ipv4/ipt_length.h
inux/netfilter_ipv6/ip6t_length.h
|
4489c0d66d9a0e6033c9472fd54df155788010b7 |
24-Jul-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Unifies libip[6]t_limit.c into libxt_limit.c.
inux/netfilter/xt_limit.h
inux/netfilter_ipv4/ipt_limit.h
inux/netfilter_ipv6/ip6t_limit.h
|
ba2d891523121b651be54a4ce915bcee33d2ed38 |
24-Jul-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Unifies libip[6]t_mac.c into libxt_mac.c
inux/netfilter/xt_mac.h
|
fec77fed67feb55aba4c33ae2367178c57ce83de |
24-Jul-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Unifies libip[6]t_physdev.c into libxt_physdev.c
inux/netfilter/xt_physdev.h
inux/netfilter_ipv4/ipt_physdev.h
inux/netfilter_ipv6/ip6t_physdev.h
|
5fd6ec87600ac3bd96c2500f6f4a1a9010d8d31e |
24-Jul-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Add IPv6 support to pkttype match
inux/netfilter/xt_pkttype.h
inux/netfilter_ipv4/ipt_pkttype.h
|
19f29509c8a97219c578aeaf8be15cf005d46eb3 |
24-Jul-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Unifies libip[6]t_sctp.c into libxt_sctp.c
inux/netfilter/xt_sctp.h
inux/netfilter_ipv4/ipt_sctp.h
|
7999bd3ad9815f49c31d4ef9798adbbd87ba0094 |
24-Jul-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Add IPv6 support to tcpmss match
inux/netfilter/xt_tcpmss.h
inux/netfilter_ipv4/ipt_tcpmss.h
|
17908e4bd0bc8ddb7a85bda316864ad8e1e56a29 |
24-Jul-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Unifies libip[6]t_udp.c into libxt_udp.c
inux/netfilter/xt_tcpudp.h
|
de9d244eef00ad3633e8a1d303713390ab2e243c |
24-Jul-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Unifies libip[6]_mark.c into libxt_mark.c
inux/netfilter_ipv6/ip6t_mark.h
|
0af771d5c84ea9143cf947fb944a0e18189f0e63 |
24-Jul-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Use unified API in libipt_mark.c
inux/netfilter/xt_mark.h
inux/netfilter_ipv4/ipt_mark.h
|
df2cf4fddfb6bddb9c6809c4aaab8de58dd2393d |
24-Jul-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Unifies libip[6]t_multiport.c into libipxt_multiport.c
inux/netfilter_ipv4/ipt_multiport.h
inux/netfilter_ipv6/ip6t_multiport.h
|
eb6e65e1ccfb52457d461b72cf5abe4e9f7187c6 |
24-Jul-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Use unified API in multiport match
inux/netfilter/xt_multiport.h
|
a3732db1280f790b8e26b41bdcbe8b5f92b7f51b |
24-Jul-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Moves all declarations in iptables_common.h to xtables.h.
p6tables.h
ptables.h
ptables_common.h
tables.h
|
5cd1ff53a500256997519ec1d871750773c44803 |
24-Jul-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Moves IPPROTO_* and IP[6]T_LIB_DIR definitions to xtables.h
p6tables.h
ptables.h
tables.h
|
04f8c54dc52e19096d31d94593bd1040716afe4d |
24-Jul-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Moves some duplicated functions in ip[6]tables.c to xtables.c string_to_number_ll, string_to_number_l, string_to_number, service_to_port, parse_port, parse_interface, are moved.
p6tables.h
ptables.h
ptables_common.h
tables.h
|
0d502bcdbc97ed359e84f6a21dfa0049b3b60a6c |
24-Jul-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Introduces xtables match/target registration - moves lib_dir to xtables.c - introduces struct pfinfo which has protocol family dependent infomations. - unifies load_ip[6]tables_ko() and moves them as load_xtables_ko() - introduces xt_{match,match_rule,target,tryload} and replaces ip[6]t_* with them - unifies following functions and move them to xtables.c - find_{match,find_target} - compatible_revision, compatible_{match,target}_revision - introduces xtables_register_{match,target} and make register_{match,target}[6] call them. xtables_register_* register ONLY matches/targets matched protocol family Some concepts: - source compatibility for libip[6]t_xxx.c with warning on compilation not binary compatibility. - binary compatibility between 2.4/2.6 kernel and iptables/ip6tables, of cause. - xtables is enough to support only one address family at runtime. Then xtables keeps infomations of only the focused address famiy in struct afinfo.
p6tables.h
ptables.h
ptables_common.h
ibiptc/libxtc.h
inux/netfilter/x_tables.h
tables.h
|
0b82e8e81e887843011c8771f70d2302901f7e5e |
24-Jul-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Moves ip[6]tables_insmod() to xtables.c as xtables_insmod()
p6tables.h
ptables_common.h
tables.h
|
3dfa4488b032fc32aaf2470f48ac1fc3a534794f |
24-Jul-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Moves common fw_malloc() and fw_calloc() to xtables.c
tables.h
|
5208806f2708f761e97e62550561e3164b541770 |
24-Jul-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Adds xtables.[ch] and change Makefile to compile it
tables.h
|
21df4af43dcc9f635baa2aff3ace53768d9704bc |
09-Jul-2007 |
Jan Engelhardt <jengelh@medozas.de> |
PATCH: Add connlimit to iptables. Signed-off-by: Jan Engelhardt <jengelh@gmx.de>
inux/netfilter/xt_connlimit.h
|
7d5cc229064b0e718046b9ecaebad3426dfff15f |
30-Jun-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Removes KERNEL_64_USERSPACE_32 The recent kernel has compat layer for iptables. It doesn't have compat layer for libipq and ip6tables, but ip6tables with KERNEL_64_USERSPACE_32 is still broken. We should fix kernel instead of fixing them if and when we want use their 32bit binary with 64bit kernel.
ibipq/ip_queue_64.h
ibipq/libipq.h
inux/netfilter_ipv4/ipt_CLUSTERIP.h
inux/netfilter_ipv4/ipt_SAME.h
|
fde395370ead306b770a3d4685e4bc1d6972266d |
28-Jun-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Removes some KERNEL_64_USERSPACE_32 because linux 2.6 has compat layer
inux/netfilter_ipv4/ipt_CONNMARK.h
inux/netfilter_ipv4/ipt_MARK.h
inux/netfilter_ipv4/ipt_ULOG.h
inux/netfilter_ipv4/ipt_connmark.h
inux/netfilter_ipv4/ipt_conntrack.h
inux/netfilter_ipv4/ipt_limit.h
inux/netfilter_ipv4/ipt_mark.h
inux/netfilter_ipv6/ip6t_MARK.h
inux/netfilter_ipv6/ip6t_limit.h
inux/netfilter_ipv6/ip6t_mark.h
|
40d54756cd8a2705e22b36f7aef03bb2c472a10b |
18-Apr-2007 |
Patrick McHardy <kaber@trash.net> |
Use nf_conntrack headers instead of ip_conntrack ones and add sanitized versions.
inux/netfilter/nf_conntrack_common.h
inux/netfilter/nf_conntrack_tuple.h
inux/netfilter/nf_conntrack_tuple_common.h
inux/netfilter/nf_nat.h
inux/netfilter_ipv4/ipt_conntrack.h
|
29647c878ec485779b88a0c42f096ce028cabf15 |
20-Mar-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Fixes typos in the argument of ip[6]tables_insmod: quit -> quiet
p6tables.h
ptables_common.h
|
0e9480b864a16400fc3572719b05f01f300026ab |
13-Mar-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Supress error message from modprobe on checking revision.
p6tables.h
ptables_common.h
|
e4076172c33810472d9d658554588b6e379a4fbe |
16-Jan-2007 |
Arnaud Ebalard <arno@natisbad.org> |
Add ip6tables TCPMSS extension (Arnaud Ebalard <arno@natisbad.org>) Kernel part will go in 2.6.21.
inux/netfilter_ipv6/ip6t_TCPMSS.h
|
9561606bd938ed4b2614716a08a2856d4ef5e995 |
11-Jan-2007 |
Patrick McHardy <kaber@trash.net> |
Add UDPLITE multiport support
p6tables.h
ptables.h
|
267a57007e69d8f316dea80f79ce2560459e0c30 |
29-Nov-2006 |
Pablo Neira Ayuso <pablo@netfilter.org> |
Fix /etc/network usage (Pablo Neira) http://bugs.debian.org/398082 iptables 1.3.5 and 1.3.6 appear to read /etc/networks, but the information is lost somewhere with 1.3.6. # cat /etc/networks foonet 10.0.0.0 # strace -s 255 -o /tmp/foo iptables -v -A INPUT -s foonet/8 -j ACCEPT #1.3.5 [1] ACCEPT all opt -- in * out * 10.0.0.0/8 -> 0.0.0.0/0 # strace -s 255 -o /tmp/bar iptables -v -A INPUT -s foonet/8 -j ACCEPT #1.3.6 [2] iptables v1.3.6: host/network `foonet.0.0.0' not found Try `iptables -h' or 'iptables --help' for more information. 1. http://people.debian.org/~ljlane/stuff/strace-iptables-1.3.5.txt 2. http://people.debian.org/~ljlane/stuff/strace-iptables-1.3.6.txt
ptables.h
|
740d72705d49373c4ee05b77b34aeb385854389e |
13-Nov-2006 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
load ip_[6]tables.ko just before checking revision support in kernel.
p6tables.h
ptables_common.h
|
4ebfad0cf7ff3e414a20c82513579789e8283c9f |
13-Nov-2006 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
changes IP6T_SO_GET_REVISION_{MATCH,TARGET} to 68,69 66 and 67 is conflicted with IPv6 Advanced API in kernel <= 2.6.18.
p6tables.h
|
0665217784822434b1732cdc773d5daa12836438 |
20-Oct-2006 |
Rémi Denis-Courmont <rdenis@simphalempin.com> |
- Add revision support to ip6tables. - Add support port range match to libip6t_multiport (R?mi Denis-Courmont <rdenis@simphalempin.com>)
p6tables.h
inux/netfilter_ipv6/ip6t_multiport.h
|
b34bef5f9ff4ee20cd46df1e26f6d6efe0bb5380 |
09-Oct-2006 |
Patrick McHardy <kaber@trash.net> |
Add endian annotation types to fix compilation for kernels > 2.6.18
ptables_common.h
|
c1eae41e1957db56aaf7afcafa2f097042fa4217 |
25-Jul-2006 |
Patrick McHardyJesper Brouer <kaber@trash.nethawk@diku.dk> |
Revert "proto_to_name duplication" patch, as noticed by Yasuyuki it can cause invalid arguments to get accepted.
ptables.h
|
a6c1d926f6c3c00e0c1875d80b9579c95bde2cfa |
22-Jul-2006 |
Phil Oester <kernel@linuxace.com> |
proto_to_name duplication (Phil Oester <kernel@linuxace.com>) Update multiport match to use the iptables version of proto_to_name instead of reinventing the wheel.
ptables.h
|
dbac8ad71c3c418fd8a62c08211885a38177b725 |
20-Jul-2006 |
Phil Oester <kernel@linuxace.com> |
reduce parse_*_port duplication (Phil Oester <kernel@linuxace.com>) The below patch (dependent upon my 'reduce service_to_port duplication' patch) centralizes the parse_*_port functions into parse_port.
p6tables.h
ptables.h
|
58179b1d0d1722ea16028aa2ea9d74afc86dd5dc |
20-Jul-2006 |
Phil Oester <kernel@linuxace.com> |
reduce service_to_port duplication (Phil Oester <kernel@linuxace.com>) The service_to_port function is used in a number of places, and could benefit from some centralization instead of being duplicated everywhere.
p6tables.h
ptables.h
|
7f5be628f66ec7b8b22e87ace39ee61213c6313b |
20-Jul-2006 |
Phil Oester <kernel@linuxace.com> |
Use gcc to build shared objects (Phil Oester <kernel@linuxace.com>) As suggested by Dmitry Levin and included in Fedora Core releases, use gcc instead of ld to link shared objects. Fedora rpm notes refer to this fixing a plugin problem, but does not offer specifics. But in any event, 'gcc -dumpspecs' does show gcc will pass a number of parameters which in theory it thinks are better. Compile tested both with and without NO_SHARED_LIBS. Closes bug #454.
ptables_common.h
|
056564f6af72376dba0fb616749349fc40bd1d61 |
19-Jun-2006 |
Jesper Dangaard Brouer <hawk@comx.dk> |
Add new exit value to indicate concurrency issues (Jesper Dangaard Brouer <hawk@comx.dk>)
ptables_common.h
|
2452bafd9810e8560717f10af8e26f8a3ac4f4cf |
28-Apr-2006 |
Patrick McHardy <kaber@trash.net> |
Add DCCP/SCTP support to multiport. Patch for kernel will go in 2.6.18.
p6tables.h
ptables.h
|
a258ad7002ae4b4f366800f512db938fb78d0661 |
03-Mar-2006 |
Joszef Kadlecsik <kadlec@blackhole.kfki.hu> |
Multiple matches of the same type can be specified on the commandline. If two or more matches of the same type are detected then the options are assumed to be grouped in order to tell which option belongs to which match: ... -m foo ... <options0> ... -m foo ... <options1> ... Otherwise the commandline parsing is unmodified.
p6tables.h
ptables.h
|
d3476b294f6a0570b0ec3322f580d6446c6f20fe |
01-Feb-2006 |
Harald Welte <laforge@gnumonks.org> |
make policy match compile independant of kernel headers
inux/netfilter_ipv4/ipt_policy.h
|
11e4718d30d4f25b1cfb4655df3b773608ee5405 |
01-Feb-2006 |
Harald Welte <laforge@gnumonks.org> |
fix ipt_conntrack compilation against very early (2.4.0) kernel releases
inux/netfilter_ipv4/ipt_conntrack.h
|
38315b13504714f48e90363b62de2def0b05e9b8 |
01-Feb-2006 |
Harald Welte <laforge@gnumonks.org> |
remove other bits of old ip pool code, people should use ipset (ipset.netfilter.org) these days
ibippool/ip_pool_support.h
|
02e88f2ae4eac6088e3f802909b77ec4b8317acd |
31-Jan-2006 |
Patrick McHardy <kaber@trash.net> |
Prepare policy match for x_tables unification by making sure both ipt_policy and ip6t_policy use the same data structure.
inux/netfilter_ipv4/ipt_policy.h
inux/netfilter_ipv6/ip6t_policy.h
|
f5b86e698be2f1f96c974a4af176269f5c677596 |
22-Dec-2005 |
Jones Desougi <jones@ingate.com> |
Fix probing for supported revisions (Jones Desougi <jones@ingate.com>) Bugzilla #413
p6tables.h
ptables.h
|
8cf65913bb6353bf0e92eab0669d1c4c53b43623 |
19-Sep-2005 |
Phil Oester <kernel@linuxace.com> |
Kernels higher than 2.6.10 don't support multiple --to arguments in DNAT and SNAT targets. At present, the error is somewhat vague: # iptables -t nat -A foo -j SNAT --to 1.2.3.4 --to 2.3.4.5 iptables: Invalid argument But if we want current iptables to work with kernels <= 2.6.10, we cannot simply disallow this in all cases. So the below patch adds kernel version checking to iptables, and utilizes it in [DS]NAT. Now, users will see a more informative error: # iptables -t nat -A foo -j SNAT --to 1.2.3.4 --to 2.3.4.5 iptables v1.3.3: Multiple --to-source not supported This generic infrastructure (shamelessly lifted from procps btw) may come in handy in the future for other changes. This fixes bugzilla #367. (Phil Oester)
ptables.h
|
3ef4c8fc6d08e2b8c03dc742182184a5e4a9b5e7 |
11-Sep-2005 |
Martin Josefsson <gandalf@wlug.westbo.se> |
Add the aligned_u64 typedef, it's defined in linux/types.h in the kernel. We can't include that header since it conflicts with sys/types.h
ptables_common.h
|
daa1ef354deee764484c1494073b075859701971 |
19-Jul-2005 |
Harald Welte <laforge@gnumonks.org> |
add NFQUEUE support for ipv4 and ipv6
inux/netfilter_ipv4/ipt_NFQUEUE.h
|
893b688a2a73363c8cebe4bac0c1368178fce2fd |
10-Jul-2005 |
Harald Welte <laforge@gnumonks.org> |
fix various missing header file / #define issues on old kernels. I've now tested compilation with kernels starting 2.4.17
inux/netfilter_ipv4/ipt_conntrack.h
inux/netfilter_ipv6/ip6t_LOG.h
|
63d68bf3a1e86e2c96e520f71c34519112c66453 |
10-Jul-2005 |
Harald Welte <laforge@gnumonks.org> |
we need to have this header file included, since old kernels don't define IP6T_LOG_UID.
inux/netfilter_ipv6/ip6t_LOG.h
|
9867e814492275cabfbccd6b30375b0e23eb10cb |
22-Jun-2005 |
Yasuyuki KOZAKAI <yasuyuki.kozakai@toshiba.co.jp> |
reduce code replication of parse_interface() (Yasuyuki Kozakai)
p6tables.h
ptables.h
|
6b5effcaf26b9eaf8e6f63d9ad3570a045fb4f0c |
15-Apr-2005 |
Harald WeltePablo Neira <laforge@gnumonks.orgpablo@eurodev.net> |
omeone forgot to update ipt_conntrack.h header in user space. So, update it to use ip_conntrack_old_tuple. (Pablo Neira)
inux/netfilter_ipv4/ipt_conntrack.h
|
800938fcabe76265d273fa0552dcf674d33973aa |
07-Mar-2005 |
Pablo Neira <pablo@eurodev.net> |
This fixes rule deletion in CLUSTERIP in iptables (Pablo Neira)
inux/netfilter_ipv4/ipt_CLUSTERIP.h
|
02964b869a8616b41e4c2dc899ff23921aaaa4b0 |
12-Feb-2005 |
Martin Josefsson <gandalf@wlug.westbo.se> |
Fix CONNMARK/connmark issues with 64bit kernel and 32bit userspace. Also fixes a typo in CONNMARK, --mask set the mark, not the mask. Initial patch by: Pablo Neira <pablo@eurodev.net> Signed-off-by: Martin Josefsson <gandalf@wlug.westbo.se>
inux/netfilter_ipv4/ipt_CONNMARK.h
inux/netfilter_ipv4/ipt_connmark.h
|
b2eedcdf84c037e346bdd4e804decf95de66cbf7 |
02-Feb-2005 |
Phil Oester <kernel@linuxace.com> |
Add support for inversion to multiport revision 1. Signed-off-by: Phil Oester <kernel@linuxace.com>
inux/netfilter_ipv4/ipt_multiport.h
|
5df9547e093c4fef0bb926adb268dbd020e543a6 |
03-Jan-2005 |
Pablo Neira <pablo@eurodev.net> |
Pablo Neira: Multiport revision 1 userspace support.
inux/netfilter_ipv4/ipt_multiport.h
|
3aef54dce4f9bbe0b466478fd33a1d3131efbbb8 |
03-Jan-2005 |
Rusty Russell <rusty@rustcorp.com.au> |
Extension revision number support (if kernel supports the getsockopts). Enhance MARK match with second revision. Committed in anticipation of the kernel patch being applied.
ptables.h
inux/netfilter_ipv4/ipt_MARK.h
|
357d59dcfcbd125e2aa8c07b30cea9635efec2a7 |
27-Dec-2004 |
Martin Josefsson <gandalf@wlug.westbo.se> |
Fix setting lib_dir in ip*tables-{save,restore}
p6tables.h
ptables.h
ptables_common.h
|
789c7df4e5463165cbe721cdc328d0dd18e7b1ad |
20-Oct-2004 |
Harald Welte <laforge@gnumonks.org> |
move ipt_hashlimit to it's correct location
pt_hashlimit.h
inux/netfilter_ipv4/ipt_hashlimit.h
|
a5374b239be6d8afdcd7fdd54b9483ffa1d5444d |
20-Oct-2004 |
Harald Welte <laforge@gnumonks.org> |
add hashlimit kernel header file
pt_hashlimit.h
|
514b1b488eaf07d66e209681f4f34246d7db2f60 |
20-Sep-2004 |
Brad Fisher <brad@info-link.net> |
Add comment match extension (Brad Fisher)
inux/netfilter_ipv4/ipt_comment.h
|
13218fbdc92e704953d01333ea10bd623821b71e |
13-Sep-2004 |
Bart De Schuymer <bdschuym@pandora.be> |
port physdev to ip6tables (Bart De Schuymer)
inux/netfilter_ipv6/ip6t_physdev.h
|
af371871085ab3f07b9b0b5edff193af35ed5a4e |
28-Jun-2004 |
Patrick McHardy <kaber@trash.net> |
Add ipt_addrtype.h
inux/netfilter_ipv4/ipt_addrtype.h
|
2057750071822d72200fe06f759009c216229542 |
21-Jun-2004 |
Harald Welte <laforge@gnumonks.org> |
add missing include
inux/netfilter_ipv4/ipt_dstlimit.h
|
c5617bf84475028dd1663cde076b93f355ce42a7 |
26-May-2004 |
Martin Josefsson <gandalf@wlug.westbo.se> |
With a 64bit kernel only the high 32bits of nfmark was used regardless of 32/64bit userspace. This makes it quite hard to interoperate with 'tc'. Sync ipv6 versions with ipv4 versions. Tested on x86 and sparc64 with both 32bit and 64bit userspace.
inux/netfilter_ipv4/ipt_MARK.h
inux/netfilter_ipv4/ipt_mark.h
inux/netfilter_ipv6/ip6t_MARK.h
inux/netfilter_ipv6/ip6t_mark.h
|
1eb0081027ee567e822b24377ea614e66c408ff2 |
26-May-2004 |
Martin Josefsson <gandalf@wlug.westbo.se> |
Fix 64bit kernel / 32bit userspace issue. Sync header with kernel.
inux/netfilter_ipv4/ipt_SAME.h
inux/netfilter_ipv4/ipt_ULOG.h
|
b105bc9f4bf61ffa835950c3d4e4b6162e1e16f8 |
26-May-2004 |
Martin Josefsson <gandalf@wlug.westbo.se> |
Add versions of string_to_number() for use in 32bit userspace with 64bit kernel.
ptables_common.h
|
1da399c30a2c42490f1c6cb84857e31522546c9d |
26-May-2004 |
Martin Josefsson <gandalf@wlug.westbo.se> |
Fix 64bit kernel / 32bit userspace issue.
inux/netfilter_ipv4/ipt_conntrack.h
inux/netfilter_ipv4/ipt_limit.h
inux/netfilter_ipv6/ip6t_limit.h
|
db0422f80d353e7040f18344ca3e74bb0ba10e31 |
04-Mar-2004 |
Harald Welte <laforge@gnumonks.org> |
add definition for IPPROTO_SCTP for systems with old header files
ptables.h
|
54924023ee598e626423ef9c222eff0e8d28dfac |
02-Mar-2004 |
Kiran Kumar <immidi_kiran@yahoo.com> |
update for matching chunk flags (Kiran Kumar)
inux/netfilter_ipv4/ipt_sctp.h
|
129152307ba7b09c9ad667eee2c4e0d23f7c500b |
21-Feb-2004 |
Harald Welte <laforge@gnumonks.org> |
add userspace part of SCTP match
inux/netfilter_ipv4/ipt_sctp.h
|
320443dbef678a357f7c10406e8c297d6ab3ddd9 |
03-Feb-2004 |
Henrik Nordstrom <hno@marasystems.com> |
latest version of CONNMARK updates (Henrik Nordstrom)
inux/netfilter_ipv4/ipt_CONNMARK.h
inux/netfilter_ipv4/ipt_connmark.h
|
69ac0e086c7b90e82cec369570ca363201023bde |
02-Feb-2004 |
Martin Josefsson <gandalf@wlug.westbo.se> |
Bloody copy-n-edit. Make sure to use matches in the order they are given...
p6tables.h
|
78cafdaf474a333fa39efab4aa4c9aed88ab9518 |
02-Feb-2004 |
Martin Josefsson <gandalf@wlug.westbo.se> |
Make sure to use matches in the order they are given when calling do_command() multiple times.
ptables.h
|
42cbf9855f3185dfab4d74c9b2b7dc2f78974bd4 |
02-Nov-2003 |
Harald Welte <laforge@gnumonks.org> |
update ipt_physdev.h (test8 change, make parisc work, alignment issues)
inux/netfilter_ipv4/ipt_physdev.h
|
fef3b8ec4b10c79c75a6893c3179f13a3645aa7d |
13-Sep-2003 |
Harald Welte <laforge@gnumonks.org> |
CLASSIFY is now built unconditionally, thus we need the kernel header
inux/netfilter_ipv4/ipt_CLASSIFY.h
|
b0dbafaa0c9b01346d49f97acdccfb1c94def080 |
07-Sep-2003 |
Ryan Veety <ryan@ryanspc.com> |
fix ipq_id_t on 'real' kernel+userspace 64bit archs (Ryan Veety)
ibipq/libipq.h
|
105650a15e20255c5d037f32b8ef4a2431c59855 |
24-Aug-2003 |
Harald Welte <laforge@gnumonks.org> |
add include files for soon-to-be-submitted patches (and build them unconditionally by putting thme in the extensions/Makefile)
inux/netfilter_ipv4/ipt_CONNMARK.h
inux/netfilter_ipv4/ipt_connmark.h
inux/netfilter_ipv4/ipt_iprange.h
inux/netfilter_ipv4/ipt_realm.h
|
8371e15a49d422755fbd185ab8415b9b12ec9d9a |
05-May-2003 |
Martin Josefsson <gandalf@wlug.westbo.se> |
Fix the previous fix No more segfaults or compilewarnings.
ibiptc/libip6tc.h
|
8f578a09b56f010d5bcd30086a8f7c8132b35d92 |
03-May-2003 |
Harald Welte <laforge@gnumonks.org> |
add (untested) sctp userspace support for even more untested kernel part (in pom soon)
inux/netfilter_ipv4/ipt_sctp.h
|
841e4aed2349046eb2c0b1375139c06569a93bd0 |
02-May-2003 |
Martin Josefsson <gandalf@wlug.westbo.se> |
fix memory leak(s) in libiptc. Reverts the previous (wrong) patch. (Martin Josefsson)
ibiptc/libiptc.h
|
59cbe17cee0499c8f25a8d9f29513f4c85e9b03c |
30-Apr-2003 |
Harald Welte <laforge@gnumonks.org> |
rename iplimit to connlimit
inux/netfilter_ipv4/ipt_connlimit.h
|
30596a5e7ae8c518a8a0bbf3aa891728e9f9ec1b |
27-Apr-2003 |
Bart De Schuymer <bdschuym@pandora.be> |
ipt_physdev update (--physdev-is-{in,out,bridged}) by Bart de Schuymer
inux/netfilter_ipv4/ipt_physdev.h
|
a8658ca43fba82f7761f774f4daeb29b3e335053 |
05-Mar-2003 |
Harald Welte <laforge@gnumonks.org> |
port 'line number on error in iptables-restore' from ipv4
p6tables.h
|
63e9063a660809385fd17edb94da044c7c884e02 |
03-Mar-2003 |
Illes Marci <marci@balabit.hu> |
make iptables-restore print the line number in case of an error (Illes Marci <marci@balabit.hu>)
ptables.h
|
1254871c88483cc1a0adc448a83cab6a9d4510a1 |
11-Feb-2003 |
Bart De Schuymer <bdschuym@pandora.be> |
add libipt_physdev.c (Bart de Schumyer)
inux/netfilter_ipv4/ipt_physdev.h
|
2aa84a489a9294730cf856f48bcf4802c04187ae |
12-Jan-2003 |
Harald Welte <laforge@gnumonks.org> |
add support for rpc match
inux/netfilter_ipv4/ipt_rpc.h
|
60358d73482620aeafc34f38df36e462875fd244 |
08-Jan-2003 |
Maciej Soltysiak <solt@dns.toxicfilms.tv> |
apply ipv6 hoplimit (hl match, HL target) patch (Maciej Soltysiak <solt@dns.toxicfilms.tv>)
inux/netfilter_ipv6/ip6t_HL.h
inux/netfilter_ipv6/ip6t_hl.h
|
f4e6683c5a4c80e494a2167d1a64d1b9c63587aa |
09-Aug-2002 |
Harald Welte <laforge@gnumonks.org> |
make libipt_helper.so build always, since it's now submitted to 2.4.20
inux/netfilter_ipv4/ipt_helper.h
|
40783fc33fa01469e818de1103d859d3e859c126 |
05-Aug-2002 |
Harald Welte <laforge@gnumonks.org> |
bring ECN headers in sync with ecn.patch
inux/netfilter_ipv4/ipt_ECN.h
inux/netfilter_ipv4/ipt_ecn.h
|
ceee3db0157995c2f95bd096f64c2ea0d7ca74cf |
05-Aug-2002 |
Harald Welte <laforge@gnumonks.org> |
restore old DSCP_SHIFT behaviour
inux/netfilter_ipv4/ipt_DSCP.h
inux/netfilter_ipv4/ipt_dscp.h
|
744f3e25f630f00c91058867d26e29c5eb3cc213 |
04-Jun-2002 |
Harald Welte <laforge@gnumonks.org> |
fix typo in ipt_ecn.h
inux/netfilter_ipv4/ipt_ecn.h
|
2ff07a374d2f05aa4fe3c5ae1cfa6aedbc731b42 |
29-May-2002 |
Harald Welte <laforge@gnumonks.org> |
add header file for ECN match
inux/netfilter_ipv4/ipt_ECN.h
inux/netfilter_ipv4/ipt_ecn.h
|
c980a240bad8f8995805df3bfdfb18180dd08d03 |
29-May-2002 |
Harald Welte <laforge@gnumonks.org> |
bring ECN plugin in sync with new ECN target
inux/netfilter_ipv4/ipt_ECN.h
|
f1f447b836a714b4646450aaed3dd1aa6ab2808a |
26-Mar-2002 |
András Kis-Szabó <kisza@securityaudit.hu> |
new ip6 FRAG match by kisza
inux/netfilter_ipv6/ip6t_ah.h
inux/netfilter_ipv6/ip6t_frag.h
|
d32980df1da9d81a93280b4f0e023c58055c4b0c |
25-Mar-2002 |
Harald Welte <laforge@gnumonks.org> |
Add AH/ESP match for ipv6
inux/netfilter_ipv6/ip6t_ah.h
inux/netfilter_ipv6/ip6t_esp.h
|
d75a2aaf00b87c95b091a1b733a1c17ae51a950a |
18-Mar-2002 |
Harald Welte <laforge@gnumonks.org> |
make libipt_conntrack compile by default
inux/netfilter_ipv4/ipt_conntrack.h
|
ec03bdf9a8a645c2c4a644009475dc9d75a72558 |
18-Mar-2002 |
Harald Welte <laforge@gnumonks.org> |
libipt_pkttype now compiled by default
inux/netfilter_ipv4/ipt_pkttype.h
|
487d1d39b6457a4a3aeb2b9dac3b1925a003a3e1 |
14-Mar-2002 |
Harald Welte <laforge@gnumonks.org> |
add DSCP match
inux/netfilter_ipv4/ipt_DSCP.h
inux/netfilter_ipv4/ipt_dscp.h
|
b77f1dafb9f35752bb9685323bcacb32a0e6ddc5 |
14-Mar-2002 |
Harald Welte <laforge@gnumonks.org> |
Fix 'iptables -p !' bug (segfault when `!' used without argument)
ptables_common.h
|
0de32435158ffa575eaae6d821bf326970af36c0 |
25-Feb-2002 |
Andreas Herrmann <aherrman@de.ibm.com> |
fix IP6T_MIN_ALIGN macro (Andreas Herrmann)
ibiptc/libip6tc.h
|
385a1dd0f3b01fc0fbd6bcdee9796e0240ea77c1 |
17-Feb-2002 |
Harald Welte <laforge@gnumonks.org> |
add ECN target support
inux/netfilter_ipv4/ipt_ECN.h
|
96d960594e7db97568e478be884f205034d3a32f |
17-Feb-2002 |
Harald Welte <laforge@gnumonks.org> |
add new version of ipt_DSCP.h
inux/netfilter_ipv4/ipt_DSCP.h
|
2e7377d3e21c0c93219eea0d38e2ee37308f6150 |
17-Feb-2002 |
Harald Welte <laforge@gnumonks.org> |
add DSCP target support
inux/netfilter_ipv4/ipt_DSCP.h
|
4ab10af3f549e1ea6492c768db3778816fff7f05 |
17-Feb-2002 |
Harald Welte <laforge@gnumonks.org> |
make compilation of libip6t_LOG, libipt_length, libip6t_length and libip6t_owner mandatory
inux/netfilter_ipv4/ipt_length.h
inux/netfilter_ipv6/ip6t_length.h
inux/netfilter_ipv6/ip6t_owner.h
|
97c0decde5669fbbc099da8a591b7a13825b69b1 |
24-Jan-2002 |
Harald Welte <laforge@gnumonks.org> |
shit, forgot to update this one. Let's hope that the kernel's headers precede the ones in this directory
inux/netfilter_ipv4/ipt_ULOG.h
|
b93c79862b47f227ac908430a2c9f16b4ecc0631 |
06-Dec-2001 |
Marc Boucher <marc@mbsi.ca> |
Export addr_to_anyname(), mask_to_dotted(), parse_hostnetworkmask() and parse_protocol() as they are needed by the upcoming ipt_conntrack match module.
ptables.h
|
ffe96c5a701396fd666228034ff694ffdcd1ad10 |
24-Nov-2001 |
James Morris <jmorris@intercode.com.au> |
IPv6 queue handler, libipq support, documentation from Fernando Anton.
ibipq/libipq.h
|
05e0b01bd1cd4035893c33c7084164bd8fab37c8 |
26-Aug-2001 |
Harald Welte <laforge@gnumonks.org> |
second part of SAME patch which I missed to commit :(
inux/netfilter_ipv4/ipt_SAME.h
|
3efb6ead2e51fe1eca55bcb2b06afb4dc4b8cb7c |
06-Aug-2001 |
Harald Welte <laforge@gnumonks.org> |
- added patch to support statically linking of iptables - iptables-save/-restore is no longer experimental
p6tables.h
ptables.h
ptables_common.h
|
a9f714dfdad285e46250de0e227cd6b0db51462b |
31-Jul-2001 |
Harald Welte <laforge@gnumonks.org> |
added ipt_SAME.h to fix compile error
inux/netfilter_ipv4/ipt_SAME.h
|
c8af1fd0a9b8e7e39626c7d66ade0ddc93f25fbe |
23-Jul-2001 |
Harald Welte <laforge@gnumonks.org> |
added libip6t_REJECT.c for IPv6 reject support
inux/netfilter_ipv6/ip6t_REJECT.h
|
ed498493949c34e4b3292e93b41cda6776b7915e |
23-Jul-2001 |
Harald Welte <laforge@gnumonks.org> |
string_to_number fix
ptables_common.h
|
58918654563975e7bf3a6ec26af92a3bc222c229 |
16-Jun-2001 |
Harald Welte <laforge@gnumonks.org> |
Added support for iptables-restore module-load-on-demand (a. van schie)
p6tables.h
ptables_common.h
|
ef798b9b7e005209deb457d1ffccab3d2bcdba96 |
30-May-2001 |
James Morris <jmorris@intercode.com.au> |
Added more specific copyright & author information.
ibipq/libipq.h
|
2d88b871e0ea05f572117f2c4dee80a5d5461a76 |
21-May-2001 |
Harald Welte <laforge@gnumonks.org> |
glibc sucks
ibipulog/libipulog.h
|
8a5eb6dd67e5fac875da51742d9a954c0ff5d92f |
05-May-2001 |
Fabrice MARIE <fabrice_marie_sec@yahoo.com> |
ip6tables fixes by Fabrice Maurie
p6tables.h
|
b5166476721dd0b663f52bd220ef008ca269c0dc |
19-Apr-2001 |
Harald Welte <laforge@gnumonks.org> |
pkttype match (new) + scorefile, libiptc C++ compatibility + scorefile
ibiptc/libiptc.h
|
d0b6b3cd1741629991a299c95b0799eef21436b3 |
16-Mar-2001 |
Harald Welte <laforge@gnumonks.org> |
NETLINK_ULOG isn't defined in an unpatched kernel
inux/netfilter_ipv4/ipt_ULOG.h
|
008a83fad0f131e08d03235e7615fb392d1f3c3b |
28-Feb-2001 |
Rusty Russell <rusty@linuxcare.com.au> |
Move some include files to be present always, so build always includes them even if patches not applied (eg. for distributions).
inux/netfilter_ipv4/ipt_FTOS.h
inux/netfilter_ipv4/ipt_TCPMSS.h
inux/netfilter_ipv4/ipt_TTL.h
inux/netfilter_ipv4/ipt_ULOG.h
inux/netfilter_ipv4/ipt_ah.h
inux/netfilter_ipv4/ipt_connlimit.h
inux/netfilter_ipv4/ipt_esp.h
inux/netfilter_ipv4/ipt_tcpmss.h
inux/netfilter_ipv4/ipt_ttl.h
|
764316a133db8e5e2d1f2a9d941ffae993d7c9d9 |
26-Feb-2001 |
András Kis-Szabó <kisza@sch.bme.hu> |
ip6tables-save/-restore by Kis-Szabo Andras
p6tables.h
|
4c87c8a74b2df2f14ddde17fdfb1bc7ac5dd5722 |
30-Jan-2001 |
Harald Welte <laforge@gnumonks.org> |
new ULOG revision: supports in-kernel batching of packets and netlink multipart messages
ibipulog/libipulog.h
|
0fbf055c9e320a89dd8a5ad0edbeae3d8c1de4af |
05-Jan-2001 |
Harald Welte <laforge@gnumonks.org> |
libiptc counter functions
ibiptc/libip6tc.h
ibiptc/libiptc.h
|
a114e9e8be802ab744d442449b3ec7de03c58621 |
01-Dec-2000 |
Harald Welte <laforge@gnumonks.org> |
make iptables-restore and iptables-save work again
ptables.h
|
b1e0b99aff57351419c24c618ccb00ae0fb142f9 |
18-Nov-2000 |
James Morris <jmorris@intercode.com.au> |
added ipq_errstr() to API
ibipq/libipq.h
|
89463253226292b07dbc2513572517005450164f |
06-Nov-2000 |
Rusty Russell <rusty@linuxcare.com.au> |
Added <linux/in6.h> for libc5.
ibiptc/ipt_kernel_headers.h
|
803f33c0e9cb458cf7989f3826e9baba8da19e2f |
04-Sep-2000 |
Rusty Russell <rusty@linuxcare.com.au> |
More sparc64 fixes
ibipq/libipq.h
|
0afdf9e6cef052475d48bc4ec10508c15e52d384 |
04-Sep-2000 |
Rusty Russell <rusty@linuxcare.com.au> |
More sparc64 fixes.
ibipq/ip_queue_64.h
|
eede68159820640725c2f92dcc95cd97de1df743 |
04-Sep-2000 |
Rusty Russell <rusty@linuxcare.com.au> |
More sparc64 fixes.
ibipq/libipq.h
|
1311b6b9cc18dfe31838e7fce4ec199ce0d39e4e |
04-Sep-2000 |
Rusty Russell <rusty@linuxcare.com.au> |
Start of Sparc64 fixes.
ibipq/ip_queue_64.h
|
524518261009f3f81febfdd8398becc4a80cc941 |
27-Aug-2000 |
Rusty Russell <rusty@linuxcare.com.au> |
Patch-o-matic! now included.
ibippool/ip_pool_support.h
|
b6db33196870d3ec401a7ca87234dd2bc379c413 |
27-Aug-2000 |
Jan Echternach <echter@informatik.uni-rostock.de> |
Jan Echternach's const tweak.
p6tables.h
ptables.h
|
fdf0433110f16b0534600af2d8980487c8342ac2 |
31-Jul-2000 |
Harald Welte <laforge@sunbeam.franken.de> |
Harald Welte's ULOG target with tests (untested).
ibipulog/libipulog.h
|
5eed48af2516ebce0412121713d285bc30edb10d |
02-Jun-2000 |
Rusty Russell <rusty@linuxcare.com.au> |
Philip Blundell's IPv6 patches.
ibiptc/ipt_kernel_headers.h
|
8c700900e2a0cf87d7917cb62578583a60ad1210 |
15-May-2000 |
Philip Blundell <Philip.Blundell@pobox.com> |
Philip Blundell's IPv6 fixes.
p6tables.h
ibiptc/libip6tc.h
|
88eb835ad207f579ae4ce21cd46f0b564ebd4748 |
10-May-2000 |
Philip Blundell <Philip.Blundell@pobox.com> |
Philip Blundell's IPv6 fixes.
ibiptc/libip6tc.h
|
79dee0702b18c8ea1d1f7a2b1f6b29349466986b |
02-May-2000 |
Rusty Russell <rusty@linuxcare.com.au> |
IPv6 enhancements.
p6tables.h
ptables.h
ptables_common.h
ibiptc/libip6tc.h
|
228e98dd6303af11925235af4cf3c3ec450f3f41 |
27-Apr-2000 |
Rusty Russell <rusty@linuxcare.com.au> |
Alignment fixes (requires kernel patch).
ibiptc/libiptc.h
|
849779c4adf8dd65c83fffb65e6b7898df2a55c6 |
23-Apr-2000 |
Rusty Russell <rusty@linuxcare.com.au> |
More fixes and testsuite enhancements.
ibiptc/libiptc.h
|
edf14cf4b5edb148d7473f067d95e7bd1316900b |
19-Apr-2000 |
Rusty Russell <rusty@linuxcare.com.au> |
Changes to allow matching (for delete) on part of a rule, for rules which change in the kernel (eg. ipt_limit).
ptables.h
ibiptc/libiptc.h
|
01059cb18bc4837ed45b668e1c6598a0a1c8c6af |
19-Apr-2000 |
Rusty Russell <rusty@linuxcare.com.au> |
Added linux/types.h for non-glibc systems.
ibiptc/ipt_kernel_headers.h
|
3e9316494b2b8262d462c7ea12cab805eec8f268 |
24-Mar-2000 |
James Morris <jmorris@intercode.com.au> |
James Morris' limits.h patch.
ibiptc/ipt_kernel_headers.h
|
e6869a8f59d779ff4d5a0984c86d80db70784962 |
20-Mar-2000 |
Marc Boucher <marc@mbsi.ca> |
reorganized tree after kernel merge
ptables.h
ibipq/libipq.h
ibiptc/ipt_kernel_headers.h
ibiptc/libiptc.h
|