Cross Reference: /external/iptables/include/

History log of /external/iptables/include/
Revision	Date	Author	Comments (<<< Hide modified files) (Show modified files >>>)
e3928b77f18db0fdc615693017c6c15eb71bf4e0	02-Apr-2014	JP Abgrall <jpa@google.com>	Fixup build so that the update from nefilter.org to 1.4.20 works * Keep the generated files needed for building. Used ./configure --enable-static --disable-shared make * Update the various Android *.mk files. Change-Id: If0e45cf6289f0e3dcf3adf73e6ccff86d640f1c0 Signed-off-by: JP Abgrall <jpa@google.com> ptables/internal.h tables-version.h
11ef84b856859e7d4a08625d09c8573e5f5eef63	02-Apr-2014	JP Abgrall <jpa@google.com>	Merge remote-tracking branch 'upstream/stable-1.4.20' into update Conflicts: .gitignore include/linux/types.h libiptc/libiptc.c Change-Id: I2c949ba9de090db9ae09d914f4ac5c13e5b7d4da
37aaf36719addeaaf717fb1183eb3336254fef99	08-Feb-2014	Elliott Hughes <enh@google.com>	Post-uapi cleanup. We can just use the uapi headers now. (This is probably true for most of these header files, but I just want to undo the changes we made during the uapi transition.) Change-Id: I4ab0c6f782f73699595a2ce24809a2c0187c98f8 inux/types.h
72000dcfdc0b0f26ccf52f7b877221bb008a7869	12-Nov-2013	Elliott Hughes <enh@google.com>	Fix iptables to build with old or uapi header files. Bug: 11559337 Change-Id: Iefb938b87e1f29cbf45d8833e9416c38004d9b5e inux/types.h
7b26bafb9be05a23b47653640aadbb61d0032665	28-Jan-2013	Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>	libxt_CT: Add the "NOTRACK" alias Available since Linux kernel 3.8. Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> inux/netfilter/xt_CT.h
d7aeda5ed45ac7ca959f12180690caa371b5b14b	08-Jul-2013	Pablo Neira Ayuso <pablo@netfilter.org>	ip{6}tables-restore: fix breakage due to new locking approach Since (93587a0 ip[6]tables: Add locking to prevent concurrent instances), ip{6}tables-restore does not work anymore: iptables-restore < x Another app is currently holding the xtables lock. Perhaps you want to use the -w option? do_command{6}(...) is called from ip{6}tables-restore for every iptables command contained in the rule-set file. Thus, hitting the lock error after the second command. Fix it by bypassing the locking in the ip{6}tables-restore path. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> p6tables.h ptables.h
34844da8f53ec80b34ad094f2fca2519a7079ec2	01-May-2013	Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>	Introduce a new revision for the set match with the counters support The revision add the support of matching the packet/byte counters if the set was defined with the extension. Also, a new flag is introduced to suppress updating the packet/byte counters if required. Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> inux/netfilter/ipset/ip_set.h inux/netfilter/xt_set.h
ce7d0619ce49587ca78456caf467cf25f7cbbc4e	02-Apr-2013	holger@eitzenberger.org <holger@eitzenberger.org>	extensions: libxt_NFQUEUE: add --queue-cpu-fanout parameter Signed-off-by: Holger Eitzenberger <holger@eitzenberger.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> inux/netfilter/xt_NFQUEUE.h
ccbf6b6448a4210432b76fd4660798705b05f8c4	06-May-2013	Florian Westphal <fw@strlen.de>	extensions: add connlabel match allows to "tag" connections with up to 128 label names. Labels are defined in /etc/xtables/connlabel.conf, example: 0 from eth0 1 via eth0 Labels can then be attached to flows, e.g. -A PREROUTING -i eth0 -m connlabel --label "from eth0" --set Signed-off-by: Florian Westphal <fw@strlen.de> inux/netfilter/xt_connlabel.h
e0a0dd703b3448f0f07fc59b7232bf1f1cce7b86	23-Jan-2013	Willem de Bruijn <willemb@google.com>	extensions: add libxt_bpf extension Add user-space code to support the new BPF iptables extension. Pablo has mangled the original patch to: * include a copy of include/linux/netfilter/xt_bpf.h in the tree. * I have also remove the --bytecode-file option. The original proposal was to accept BPF code in a file in human readable format. Now, with the nfbpf_compile utility, it's very easy to generate the filter using tcpdump-like syntax. * I have remove the trailing comma in the backtick format, the parser works just fine for me here. * Fix error message if --bytecode is missing. Signed-off-by: Willem de Bruijn <willemb@google.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> inux/netfilter/xt_bpf.h
cccfff9309743f173c504dd265fae173caa5b47f	16-Mar-2013	Pablo Neira Ayuso <pablo@netfilter.org>	libip6t_NETMAP: Use xtables_ip6mask_to_cidr and get rid of libip6tc dependency This patch changes the NETMAP target extension (IPv6 side) to use the xtables_ip6mask_to_cidr available in libxtables. As a side effect, we get rid of the libip6tc dependency. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> ibiptc/libip6tc.h
e612a9d285477e9951349dd137305393a1255b19	28-Jan-2013	Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>	Add the "state" alias to the "conntrack" match inux/netfilter/xt_conntrack.h
efcdba41ca6bde51c8753cb30c869c370f0a3b93	28-Jan-2013	Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>	Introduce match/target aliases The match/target alias allows us to support the syntax of matches, targets targets merged into other matches/targets. tables.h
2f655ede64e07a861e3ec50150f572ed98755013	29-Oct-2012	Pablo Neira Ayuso <pablo@netfilter.org>	libxtables: add xtables_print_num This function is used both by iptables and ip6tables, and refactorize to avoid longer than 80-chars per column lines of code. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> tables.h
d1e7922a587a239e16e0dbe654e63f76e1375e49	04-Jan-2013	Pablo Neira Ayuso <pablo@netfilter.org>	libxtables: add xtables_rule_matches_free This function is shared by iptables and ip6tables. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> tables.h
9d284c1c67188dfa8a4c7a6e36eb9a10bd9c15e2	25-Oct-2012	Pablo Neira Ayuso <pablo@netfilter.org>	Merge branch 'next' branch that contains new features scheduled for Linux kernel 3.7
8d8896a3833292d091ee5a028f3461083bb956bd	17-Sep-2012	Florian Westphal <fw@strlen.de>	libxt_time: add support to ignore day transition Currently, if you want to do something like: "match Monday, starting 23:00, for two hours" You need two rules, one for Mon 23:00 to 0:00 and one for Tue 0:00-1:00. The rule --weekdays Mo --timestart 23:00 --timestop 01:00 looks correct, but it will first match on monday from midnight to 1 a.m. and then again for another hour from 23:00 onwards. This permits userspace to explicitly ignore the day transition and match for a single, continuous time period instead. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> inux/netfilter/xt_time.h
ec40b897289745da3d67de2cb14be30353003922	30-Sep-2012	Jan Engelhardt <jengelh@inai.de>	Merge branch 'master' of git://git.inai.de/iptables
c436dad7cfdd80ca4a05ceed556c39babc266f55	27-Sep-2012	Jan Engelhardt <jengelh@inai.de>	iptables: support for match aliases This patch allows for match names listed on the command line to be rewritten to new names and revisions, like we did for targets before. Signed-off-by: Jan Engelhardt <jengelh@inai.de> tables.h
cd2f9bdbb7f9b737e5d640aafeb78bcd8e3a7adf	04-Sep-2012	Jan Engelhardt <jengelh@inai.de>	iptables: support for target aliases This patch allows for target names listed on the command line to be rewritten to new names and revisions. As before, we will pick a revision that is supported by the kernel - now including real_name in the search. This gives us the possibility to test for many action names. Signed-off-by: Jan Engelhardt <jengelh@inai.de> tables.h
d637ead63658d741501974c381889b3857073308	21-Sep-2012	Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>	New set match revision with --return-nomatch flag support inux/netfilter/ipset/ip_set.h
1871796877956ee68a39092c6fc3678e5a9d1d88	22-Aug-2012	Patrick McHardy <kaber@trash.net>	extensions: add NPT extension Add extensions for the SNPT and DNPT stateless IPv6-to-IPv6 Network Prefix Translation targets. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> inux/netfilter_ipv6/ip6t_NPT.h
0e37f00980eb6b4fc2c5f979cc5fa83c0fff9d30	22-Aug-2012	Patrick McHardy <kaber@trash.net>	extensions: add IPv6 MASQUERADE extension Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> inux/netfilter/nf_nat.h
e62f426c7ead7c0025d15860df97426db6509942	22-Aug-2012	Patrick McHardy <kaber@trash.net>	Convert the NAT targets to use the kernel supplied nf_nat.h header Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> inux/netfilter/nf_conntrack_tuple_common.h inux/netfilter/nf_nat.h inux/netfilter_ipv4/ipt_SAME.h et/netfilter/nf_conntrack_tuple.h et/netfilter/nf_nat.h
df60a301bf24c3b3e37188d9da155b97fd6dc076	31-Aug-2012	Jan Engelhardt <jengelh@inai.de>	build: separate AC variable replacements from xtables.h It was/is a bit annoying that modifying xtables.h.in causes configure to rerun. Split the @foo@ things into a separate file to bypass this. Signed-off-by: Jan Engelhardt <jengelh@inai.de> akefile.am tables-version.h.in tables.h tables.h.in
ad8858c0d3ef875e2c118ebcc69487070fb87f72	03-Aug-2012	Pablo Neira Ayuso <pablo@netfilter.org>	include: add missing linux/netfilter_ipv4/ip_queue.h This patch fixes compilation of libipq with headers from Linux kernel 3.5: In file included from libipq.c:34:0: ../include/libipq/libipq.h:33:43: fatal error: linux/netfilter_ipv4/ip_queue.h: No such file or directory ip_queue is gone since Linux kernel 3.5. However, you can still use new iptables versions with old Linux kernels. We have to keep libipq in this tree for a while (1.5-2 years should be OK). Reported-by: Arkadiusz Miśkiewicz <arekm@maven.pl> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> inux/netfilter_ipv4/ip_queue.h
74ded7257e5da5e309844d386290f24ae91950a6	17-May-2012	Denys Fedoryshchenko <denys@visp.net.lb>	libxt_recent: add --mask netmask This new option will be available in the Linux kernel 3.5 [ Pablo fixed coding-style issues and cleaned up this. Added manpages as well ] Signed-off-by: Denys Fedoryshchenko <denys@visp.net.lb> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> inux/netfilter/xt_recent.h
abdef13f36b63758f8775eb86febd96bf062df6f	08-May-2012	Florian Westphal <fw@strlen.de>	libxt_hashlimit: add support for byte-based operation allows --hashlimit-(upto\|above) Xb/s [ --hashlimit-burst Yb ] to make hashlimit match when X bytes/second are exceeded; optionally, Y bytes will not be matched (i.e. bursted). [ Pablo fixed minor compilation warning in this patch with gcc-4.6 and x86_64 ] libxt_hashlimit.c: In function ‘parse_bytes’: libxt_hashlimit.c:216:6: warning: format ‘%llu’ expects argument of type ‘long long unsigned int’, but argument 3 has type ‘uint64_t’ [-Wformat] Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> inux/netfilter/xt_hashlimit.h
4df8cb6ab176f3c1f2bf9498d0abde8d9362087b	23-Apr-2012	Hans Schillstrom <hans.schillstrom@ericsson.com>	extensions: add HMARK target The target allows you to set mark packets based Jenkins' hash calculation: h(t, rnd) = x mark = (x % mod) + offset where: * t is a tuple that is used for the hashing: t = [ src, dst, proto, sport, dport ] Note that you can customize the tuple, thus, removing some component that you don't want to use for the calculation. You can also use spi instead of sport and dport, btw. * rnd is the random seed that is explicitly passed via --hmark-rnd * mod is the modulus, to determine the range of possible marks * offset determines where the mark starts from This target only works for the "raw" and "mangle" tables. This can be used to distribute flows between a cluster of systems and uplinks. Initially based on work from Hans Schillingstrom. Pablo took it over and introduced several improvements. Signed-off-by: Hans Schillstrom <hans.schillstrom@ericsson.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> inux/netfilter/xt_HMARK.h
a96166c24eaac1c91bed4815c09e91733409d888	14-Jul-2012	Pablo Neira Ayuso <pablo@netfilter.org>	libxtables: add xtables_ip[6]mask_to_cidr This patch adds generic functions to return the mask in CIDR notation whenever is possible. This patch also simplifies xtables_ip[6]mask_to_numeric, that now use these new two functions. This patch also bumps libxtables_vcurrent and libxtables_vage since we added a couple new interfaces (thanks to Jan Engelhardt for his little reminder on this). Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> tables.h.in
e07e0d31f48d951e0f03ba254d4754810732c241	30-Mar-2012	Ashish Sharma <ashishsharma@google.com>	Modify iptables to talk to xt_IDLETIMER version 1. Change-Id: Ib144c5289681cdff21b21be74173164d097710e7 inux/netfilter/xt_IDLETIMER.h
e8f32983048d6aa4a908b6a92da55fa71c859623	29-Feb-2012	Pablo Neira Ayuso <pablo@netfilter.org>	libxt_CT: add --timeout option This patch adds the --timeout option to allow to attach timeout policy objects to flows, eg. iptables -I PREROUTING -t raw -s 1.1.1.1 -p tcp \ -j CT --timeout custom-tcp-policy You need the nfct(8) tool which is available at: http://git.netfilter.org/cgi-bin/gitweb.cgi?p=nfct.git To define the cttimeout policies. Example of usage: nfct timeout add custom-tcp-policy inet tcp established 1000 The new nfct tool also requires libnetfilter_cttimeout: http://git.netfilter.org/cgi-bin/gitweb.cgi?p=libnetfilter_cttimeout.git Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> inux/netfilter/xt_CT.h
f233df44196f568075a5d70fc29f31b72b512783	27-Mar-2012	Pablo Neira Ayuso <pablo@netfilter.org>	extensions: add nfacct match This patch provides the user-space iptables support for the nfacct match. This can be used as it follows: nfacct add http-traffic iptables -I INPUT -p tcp --sport 80 -m nfacct --nfacct-name http-traffic iptables -I OUTPUT -p tcp --dport 80 -m nfacct --nfacct-name http-traffic nfacct get http-traffic See also man nfacct(8) for more information. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> inux/netfilter/xt_nfacct.h
7c1b69b97571ddeb8c624b0a1da366a456895a6d	01-Mar-2012	Pablo Neira Ayuso <pablo@netfilter.org>	Revert "libiptc: Returns the position the entry was inserted" This reverts commit d65702c5c5bbab0ef12298386fa4098c72584e6c. This is breaking my iptables scripts: iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT iptables: Incompatible with this kernel. ibiptc/libiptc.h
d65702c5c5bbab0ef12298386fa4098c72584e6c	04-Jan-2012	Jonh Wendell <jonh.wendell@vexcorp.com>	libiptc: Returns the position the entry was inserted Jan Engelhardt showed no objections to this patch. ibiptc/libiptc.h
98e1769b65b71989e3f16b25529b40f374aef323	28-Dec-2011	Patrick McHardy <kaber@trash.net>	extensions: add IPv6 capable ECN match extension Patrick submitted this patch by 9th Jun 2011, I'm recovering and applying it to iptables. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> inux/netfilter/xt_ecn.h inux/netfilter_ipv4/ipt_ecn.h
166b92d3fb2a7fc008df1b59332ef528a9a573ea	14-Jul-2011	Florian Westphal <fw@strlen.de>	extensions: add rpfilter module Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> inux/netfilter/xt_rpfilter.h
de4d2d3b716d83a6d3831aaf902c5adb5d1d14c9	27-Aug-2011	Jan Engelhardt <jengelh@medozas.de>	libiptc: use a family-invariant xtc_ops struct for code reduction Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibiptc/libip6tc.h ibiptc/libiptc.h ibiptc/xtcshared.h
14da56743c6cdf25da35b7b5ca7a5d201771990d	27-Aug-2011	Jan Engelhardt <jengelh@medozas.de>	src: resolve old macro names that are indirections Command used: git grep -f <(pcregrep -hior '(?<=#define\s)IP6?(T_\w+)(?=\s+X\1)' include/) and then fix all occurrences. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibiptc/libip6tc.h ibiptc/libiptc.h
1639fe86579f86f5f6a954a9b0adde2e16ad1980	27-Aug-2011	Jan Engelhardt <jengelh@medozas.de>	libiptc: combine common types: _handle No real API/ABI change incurred, since the definition of the structs' types is not visible anyhow. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> p6tables.h ptables.h ibiptc/libip6tc.h ibiptc/libiptc.h ibiptc/xtcshared.h
7e5e866a36a76c153e5903b8251f90cfe07a1d34	27-Aug-2011	Jan Engelhardt <jengelh@medozas.de>	libiptc: replace ipt_chainlabel by xt_chainlabel Signed-off-by: Jan Engelhardt <jengelh@medozas.de> p6tables.h ptables.h ibiptc/libip6tc.h ibiptc/libiptc.h
2325c0fedf7507f94aa3bb11cc65a70d33836f8f	27-Aug-2011	Jan Engelhardt <jengelh@medozas.de>	libiptc: combine common types Make an xt_chainlabel type out of ipt_chainlabel and ip6t_chainlabel, and add backward-API #defines. The ABI naturally does not change either, so no soversion bump. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> akefile.am ibiptc/libip6tc.h ibiptc/libiptc.h ibiptc/xtcshared.h
62fc25fd1625f0f65b9eed3e15fe929dd0aff2c5	08-Sep-2011	Jan Engelhardt <jengelh@medozas.de>	Merge branch 'master' of git://dev.medozas.de/iptables
f56b8a8bf4b1041cb875fd8439778f35276bdb30	03-Sep-2011	Jan Engelhardt <jengelh@medozas.de>	iptables: move kernel version find routing into libxtables That way, the remaining unreferenced symbols that do appear in libipt_DNAT and libipt_SNAT as part of the new check can be resolved, and the ugly -rdynamic hack can finally be removed. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ptables.h tables.h.in
dbe77cc974cee656eae37e75039dd1a410a4535b	28-Aug-2011	Jan Engelhardt <jengelh@medozas.de>	include: refresh include files from kernel 3.1-rc3 Signed-off-by: Jan Engelhardt <jengelh@medozas.de> inux/kernel.h inux/netfilter.h inux/netfilter/ipset/ip_set.h inux/netfilter/nf_conntrack_common.h inux/netfilter/nf_conntrack_tuple_common.h inux/netfilter/x_tables.h inux/netfilter/xt_CT.h inux/netfilter/xt_TCPOPTSTRIP.h inux/netfilter/xt_TPROXY.h inux/netfilter/xt_cluster.h inux/netfilter/xt_connbytes.h inux/netfilter/xt_connlimit.h inux/netfilter/xt_physdev.h inux/netfilter/xt_policy.h inux/netfilter/xt_quota.h inux/netfilter/xt_sctp.h inux/netfilter/xt_set.h inux/netfilter/xt_socket.h inux/netfilter/xt_time.h inux/netfilter/xt_u32.h inux/netfilter_ipv4/ip_tables.h inux/netfilter_ipv4/ipt_CLUSTERIP.h inux/netfilter_ipv4/ipt_ECN.h inux/netfilter_ipv4/ipt_SAME.h inux/netfilter_ipv4/ipt_TTL.h inux/netfilter_ipv4/ipt_addrtype.h inux/netfilter_ipv4/ipt_ah.h inux/netfilter_ipv4/ipt_ecn.h inux/netfilter_ipv4/ipt_ttl.h inux/netfilter_ipv6/ip6_tables.h inux/netfilter_ipv6/ip6t_HL.h inux/netfilter_ipv6/ip6t_REJECT.h inux/netfilter_ipv6/ip6t_ah.h inux/netfilter_ipv6/ip6t_frag.h inux/netfilter_ipv6/ip6t_hl.h inux/netfilter_ipv6/ip6t_ipv6header.h inux/netfilter_ipv6/ip6t_mh.h inux/netfilter_ipv6/ip6t_opts.h inux/netfilter_ipv6/ip6t_rt.h inux/types.h
3775fb69f63b76191bc3571bfa8538c18173d90f	28-Aug-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_addrtype: add support for revision 1 Rev 1 was added to the kernel in commit v2.6.39-rc1~468^2~10^2~1 but there was no corresponding iptables patch so far. Cc: Florian Westphal <fw@strlen.de> Signed-off-by: Jan Engelhardt <jengelh@medozas.de> inux/netfilter/xt_addrtype.h
fbe9f1ecccb5ac02858fa7eee2979e0e4d97bb5f	09-Jul-2011	Jan Engelhardt <jengelh@medozas.de>	option: remove last traces of intrapositional negation Intrapositional negation was deprecated in 1.4.3. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> tables.h.in
5caed2aebebf7c72dfa982f247ac35ec67a1b852	21-Jun-2011	JP Abgrall <jpa@google.com>	Adding the original quota2 from xtables-addons The original xt_quota in the kernel is plain broken: - counts quota at a per CPU level (was written back when ubiquitous SMP was just a dream) - provides no way to count across IPV4/IPV6. This patch is the original unaltered code from: http://sourceforge.net/projects/xtables-addons at commit e84391ce665cef046967f796dd91026851d6bbf3 Change-Id: Ia8b21394ea79ef55514748e96f769e40355a6ccf Signed-off-by: JP Abgrall <jpa@google.com> inux/netfilter/xt_quota2.h
2dba676b68ef842025f3afecba26cb0b2ae4c09b	18-Jun-2011	Jan Engelhardt <jengelh@medozas.de>	extensions: support for per-extension instance "global" variable space Signed-off-by: Jan Engelhardt <jengelh@medozas.de> tables.h.in
8b4807f0a1d98f1d980d3d616ad565c9b72d7c49	11-Jun-2011	JP Abgrall <jpa@google.com>	Post-merge fixup. Add new Android.mk, re-checkin generated files They have no more compilable files in the top dir. Created extra Android.mk for each subdir. Regenerated the include/iptables/internal.h and include/xtables.h with ./autogen.sh export ANDROID_ROOT=$(gettop)/prebuilt/linux-x86/toolchain/arm-linux-androideabi-4.4.x/ ./configure -host=arm-eabi CC=arm-linux-androideabi-gcc CPPFLAGS="$funky_includes" CFLAGS="-nostdlib" LDFLAGS="-Wl,-rpath-link=$ANDROID_ROOT/arm-linux-androideabi/lib -L$ANDROID_ROOT/arm-linux-androideabi/lib" Change-Id: Ia57ed699edd32ffce16e94e2f13fb93d94924a04 ptables/internal.h tables.h
ebf81627b1a2f50fd47add49f9976ed430a19673	11-Jun-2011	JP Abgrall <jpa@google.com>	Merge git://git.netfilter.org/iptables into v1.4.11_upstream Using theirs, as they have taken some of my prior changes\ with some improvements. Conflicts: include/xtables.h.in iptables/xtables.c iptables/xtoptions.c Change-Id: I8e1e537fbb868eeebb448c8f1d9e33b283448aac
0b7a140944738d67b9c4e6f09992c8407eefb18a	24-May-2011	Jan Engelhardt <jengelh@medozas.de>	libxtables: use uintmax for xtables_strtoul Addendum to 2305d5fb42fc059f38fc1bdf53411dbeecdb310b. I noticed that unsigned long long is not consistently used, for example, min/max are still just unsigned long, and strtoul is being called. Instead of changing it to unsigned long long, just use uintmax functions right away so this does not need size-related changing in the future. Cc: JP Abgrall <jpa@google.com> Signed-off-by: Jan Engelhardt <jengelh@medozas.de> tables.h.in
2305d5fb42fc059f38fc1bdf53411dbeecdb310b	19-May-2011	JP Abgrall <jpa@google.com>	libxt_quota: make sure uint64 is not truncated The xtables_strtoul() would cram a long long into a long. The parse_int would try to cram a UINT64 into a long. tables.h.in
16bd81be22ba2753e26f6a9ee6cb291e1e707d0d	19-May-2011	JP Abgrall <jpa@google.com>	androidifying: fixup includes and extraneous typedefs for __ANDROID__ The current could would take steps to define missing types, and include extra stuff based on GLIBC defines/versions. Make those places be ANDROID aware. Change-Id: I2d1f03e3c0f7f53250288a84db4c9ccf0431d482 Signed-off-by: JP Abgrall <jpa@google.com> ibiptc/ipt_kernel_headers.h
b3d101788ebac83cdf7aa71f78069cf1af4a748d	19-May-2011	JP Abgrall <jpa@google.com>	androidifying build: allow check-in of generated files. internal.h and xtables.h are generated at ./configure time from their *.h.in and are gitignored. These were generated with: ./autogen.sh export ANDROID_ROOT=$(gettop)/prebuilt/linux-x86/toolchain/arm-linux-androideabi-4.4.x/ ./configure -host=arm-eabi CC=arm-linux-androideabi-gcc CFLAGS="-nostdlib" LDFLAGS="-Wl,-rpath-link=$ANDROID_ROOT/arm-linux-androideabi/lib -L$ANDROID_ROOT/arm-linux-androideabi/lib" Change-Id: Ic0178d74d846cc989d4fa29029bf5e04911c85bc Signed-off-by: JP Abgrall <jpa@google.com> ptables/internal.h tables.h
b65b9fe5096bd49a9ec2f0f6c2f23d274cfc88ee	19-May-2011	JP Abgrall <jpa@google.com>	xtoptions + quota: parse and store 64bit values The xtables_strtoul() would cram a long long into a long. The parse_int would try to cram a UINT64 into a long. The quota_parse would just ignore whatever value was parsed. Change-Id: Ie1f05e98e974a255d962dd757a5592458f942f8b tables.h.in
c02c92d1fcaa1223caf9a5eef32bedcb78f1e714	18-May-2011	Jan Engelhardt <jengelh@medozas.de>	libxtables: retract _NE types and use a flag instead Signed-off-by: Jan Engelhardt <jengelh@medozas.de> tables.h.in
dcd1ad89105faf1f3a9a3febdb970b70c5466518	09-May-2011	Jan Engelhardt <jengelh@medozas.de>	src: replace old IP*T_ALIGN macros Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibiptc/libip6tc.h ibiptc/libiptc.h
59ce5bd1d05225911051a4c46ce5ccdd7c1ed078	12-May-2011	Patrick McHardy <kaber@trash.net>	Merge branch 'floating/opts' of git://dev.medozas.de/iptables
8075493a00e06857147263574333df4073ea671b	11-May-2011	Patrick McHardy <kaber@trash.net>	Merge branch 'opts' of git://dev.medozas.de/iptables
c29f7ef7cb5a31620060ef721d3c65b343eb537a	09-May-2011	Patrick McHardy <kaber@trash.net>	Merge branch 'opts' of git://dev.medozas.de/iptables
cb225e26856accf5661dcbc3cf34d7f77b2f0c36	08-May-2011	Jan Engelhardt <jengelh@medozas.de>	libxtables: XTTYPE_ETHERMAC support Signed-off-by: Jan Engelhardt <jengelh@medozas.de> tables.h.in
edc2b1adf32d2b11e126174f525293b3bca6e7bc	09-May-2011	Patrick McHardy <kaber@trash.net>	Merge branch 'opts' of git://dev.medozas.de/iptables
170cf49a630fd0d237818b537c01794dde00b07a	07-May-2011	Jan Engelhardt <jengelh@medozas.de>	libxtables: XTTYPE_PROTOCOL support Signed-off-by: Jan Engelhardt <jengelh@medozas.de> tables.h.in
87a34d7aef2cba833f4f36536575dee304bbece5	07-May-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_multiport: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de> tables.h.in
66266abd17adc9631f3769ef0b82968c0bac6f38	05-May-2011	Jan Engelhardt <jengelh@medozas.de>	libxtables: XTTYPE_HOSTMASK support Signed-off-by: Jan Engelhardt <jengelh@medozas.de> tables.h.in
fa9b759bacc0ad6a093892ef508811e7feb981b0	04-May-2011	Jan Engelhardt <jengelh@medozas.de>	libxtables: XTTYPE_PLEN support Signed-off-by: Jan Engelhardt <jengelh@medozas.de> tables.h.in
d7282413763b0ba85d512c1cd49174b762ff449c	04-May-2011	Jan Engelhardt <jengelh@medozas.de>	libxtables: do not overlay addr and mask parts, and cleanup XTTYPE_HOSTMASK will require that what has now become haddr, hmask/hlen are not overlays of another. Thus relax the structure and always set all members of the {haddr, hmask, hlen} triplet now for all types that touch any of the members. Add some more comments and clean out ONEHOST. tables.h.in
e8b42fee7eaa1ba6df203fe0bc4496cae226cbd2	02-May-2011	Jan Engelhardt <jengelh@medozas.de>	libxtables: support for XTTYPE_PLENMASK Signed-off-by: Jan Engelhardt <jengelh@medozas.de> tables.h.in
f012b3c9190cd95ac170072f759a97575613ea07	02-May-2011	Jan Engelhardt <jengelh@medozas.de>	libxtables: XTTYPE_DOUBLE support Signed-off-by: Jan Engelhardt <jengelh@medozas.de> tables.h.in
104fb318d22231c9edf9d61ef84cc84386e52d6b	07-May-2011	Jan Engelhardt <jengelh@medozas.de>	extensions: remove bogus use of XT_GETOPT_TABLEEND Commit v1.4.8-36-g32b8e61 added this end marker in a little too many places: at non-getopt places. Fix that. Also change the definition of XT_GETOPT_TABLEEND to reference a struct getopt member by name so that this cannot happen again. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> tables.h.in
f30231a02e145020fb47524f9a0daeb498a4f7d0	17-Apr-2011	Jan Engelhardt <jengelh@medozas.de>	libxtables: XTTYPE_PORTRC support Signed-off-by: Jan Engelhardt <jengelh@medozas.de> tables.h.in
61cc52b6f9edfa3efb1d0c9ea9531abb42828ec2	29-Apr-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_TOS: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de> tables.h.in
9a9694fbf1796a6a5011b60b2a15c01fa3c61368	06-Apr-2011	Maciej Żenczykowski <maze@google.com>	Move common parts of libext{4,6}.a into libext.a Signed-off-by: Maciej Zenczykowski <maze@google.com> tables.h.in
57a92c7b7ed01ad8f49c680af63341409c3afb1a	18-Apr-2011	Patrick McHardy <kaber@trash.net>	Merge branch 'floating/opts' of git://dev.medozas.de/iptables
e39f367d905670e39e6f08d2b73c715a6d0b4bfb	17-Apr-2011	Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>	SET target revision 2 added The new revision of the SET target supports the following new operations - specifying the timeout value of the entry to be added - flag to instruct the kernel that if the entry already exists then reset the timeout value to the specified one (or to the default from the set definition) inux/netfilter/xt_set.h
b8592fa3352018646b0befaa48f930f75c5b7d92	14-Feb-2011	Jan Engelhardt <jengelh@medozas.de>	libxtables: XTTYPE_PORT support Signed-off-by: Jan Engelhardt <jengelh@medozas.de> tables.h.in
2b01f706e7ba48d72e57f8e47457a86d9ed44992	14-Feb-2011	Jan Engelhardt <jengelh@medozas.de>	libxtables: XTTYPE_ONEHOST support The bonus of the POSIX socket API is that it is almost protocol-agnostic and that there are ready-made functions to take over the gist of address parsing and packing. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> tables.h.in
41a4cea0f4109fb76762dca073c3c1217658ee06	15-Feb-2011	Jan Engelhardt <jengelh@medozas.de>	libxtables: XTTYPE_SYSLOGLEVEL support Signed-off-by: Jan Engelhardt <jengelh@medozas.de> tables.h.in
33d180871bea281a448efd0c1a49517318162382	06-Mar-2011	Jan Engelhardt <jengelh@medozas.de>	libxtables: pass struct xt_entry_{match,target} to x6 parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de> tables.h.in
0eff54bd407aae6b99c3b189d356929e399b5a38	06-Mar-2011	Jan Engelhardt <jengelh@medozas.de>	libxtables: XTTYPE_UINT16 support Signed-off-by: Jan Engelhardt <jengelh@medozas.de> tables.h.in
bc438c4cbdab09fafbbceecddd54e44e4234a4a1	06-Mar-2011	Jan Engelhardt <jengelh@medozas.de>	libxtables: XTTYPE_UINT64RC support Signed-off-by: Jan Engelhardt <jengelh@medozas.de> tables.h.in
8bf513ada0aae0e4b1ac5160113fc532c2f525d0	06-Mar-2011	Jan Engelhardt <jengelh@medozas.de>	libxtables: XTTYPE_UINT8RC support Signed-off-by: Jan Engelhardt <jengelh@medozas.de> tables.h.in
564eaf48e14411803a353206eefbb89d525c63ff	06-Mar-2011	Jan Engelhardt <jengelh@medozas.de>	libxtables: XTTYPE_UINT16RC support Signed-off-by: Jan Engelhardt <jengelh@medozas.de> tables.h.in
2e0ec4fa0fb5162c441cd666f55fe76777e40d5e	06-Mar-2011	Jan Engelhardt <jengelh@medozas.de>	libxtables: linked-list name<->id map This consolidates the maps from libxt_devgroup and libxt_realm. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> tables.h.in
8b5bdea659f1fb86b3288a2568ab104a90b914e5	06-Mar-2011	Jan Engelhardt <jengelh@medozas.de>	libxtables: XTTYPE_UINT64 support Signed-off-by: Jan Engelhardt <jengelh@medozas.de> tables.h.in
d25e217578492d17f7752bf77cfab5f2c2509795	06-Mar-2011	Jan Engelhardt <jengelh@medozas.de>	libxtables: XTTYPE_MARKMASK32 support Signed-off-by: Jan Engelhardt <jengelh@medozas.de> tables.h.in
316ae9d2f1996caea4cf221201accb8c2087a154	13-Apr-2011	Patrick McHardy <kaber@trash.net>	Merge branch 'opts' of git://dev.medozas.de/iptables
cd50f26ad6016ae57af1f822f8aa3ceb2ef9727a	12-Apr-2011	Patrick McHardy <kaber@trash.net>	Merge branch 'opts' of git://dev.medozas.de/iptables
4a0a17620017c1f45946b2cde7139ef18ea3d93c	15-Feb-2011	Jan Engelhardt <jengelh@medozas.de>	libxtables: XTTYPE_STRING support Signed-off-by: Jan Engelhardt <jengelh@medozas.de> tables.h.in
04bb988275ac76815a15788a7fc75ac78f3bb833	27-Feb-2011	Jan Engelhardt <jengelh@medozas.de>	libxtables: XTTYPE_UINT32RC support Signed-off-by: Jan Engelhardt <jengelh@medozas.de> tables.h.in
dfe99f1bf291b4b954d3608dbe95a43e16a8bb49	27-Feb-2011	Jan Engelhardt <jengelh@medozas.de>	libxtables: XTTYPE_UINT8 support Signed-off-by: Jan Engelhardt <jengelh@medozas.de> tables.h.in
d78254d7f9d18ef76377a3013302430cce8ea702	27-Feb-2011	Jan Engelhardt <jengelh@medozas.de>	libxtables: min-max option support Signed-off-by: Jan Engelhardt <jengelh@medozas.de> tables.h.in
a93142d5f55db74ebd7d49be9bd88f7a499ded40	16-Feb-2011	Jan Engelhardt <jengelh@medozas.de>	libxtables: XTTYPE_UINT32 support Signed-off-by: Jan Engelhardt <jengelh@medozas.de> tables.h.in
3af739b0e7c3b6dcc986645c57c982d0add5006b	10-Feb-2011	Jan Engelhardt <jengelh@medozas.de>	libxtables: provide better final_check This passes the per-extension data block to the new x6_fcheck function pointer, which can then do last alterations without using hacks like global variables (think libxt_statistic). Signed-off-by: Jan Engelhardt <jengelh@medozas.de> tables.h.in
aa37acc1423126f555135935c687eb91995b9440	07-Feb-2011	Jan Engelhardt <jengelh@medozas.de>	libxtables: guided option parser This patchset seeks to drastically reduce the code in the individual extensions by centralizing their argument parsing (breakdown of strings), validation, and in part, assignment. As a secondary goal, this reduces the number of static storage duration variables in flight. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> tables.h.in
c1e04bd1b057151afaf7e6138089f2fe2c1b7d1c	04-Apr-2011	Maciej Zenczykowski <maze@google.com>	v4: rename do_command() to do_command4() Signed-off-by: Maciej Zenczykowski <maze@google.com> Signed-off-by: Patrick McHardy <kaber@trash.net> ptables.h
9680f2ecbdb7e5c61ab60e7399e9ca9f1013fd8d	04-Apr-2011	Maciej Zenczykowski <maze@google.com>	v6: rename print_rule() to print_rule6() Signed-off-by: Maciej Zenczykowski <maze@google.com> Signed-off-by: Patrick McHardy <kaber@trash.net> p6tables.h
bb9fe8059f40f0dde9c780498f5af42f5aa6a179	04-Apr-2011	Maciej Zenczykowski <maze@google.com>	v4: rename print_rule() to print_rule4() Signed-off-by: Maciej Zenczykowski <maze@google.com> Signed-off-by: Patrick McHardy <kaber@trash.net> ptables.h
85aae15567b8ae1eaedf9f011ba7aef80dfca208	04-Apr-2011	Maciej Zenczykowski <maze@google.com>	v6: rename delete_chain() to delete_chain6() Signed-off-by: Maciej Zenczykowski <maze@google.com> Signed-off-by: Patrick McHardy <kaber@trash.net> p6tables.h
e5c061afabf018634a507f00df5b1d0c4bd53a37	04-Apr-2011	Maciej Zenczykowski <maze@google.com>	v4: rename delete_chain() to delete_chain4() Signed-off-by: Maciej Zenczykowski <maze@google.com> Signed-off-by: Patrick McHardy <kaber@trash.net> ptables.h
74ace0a46048d01611a44c24f6fe5f59d936231b	04-Apr-2011	Maciej Zenczykowski <maze@google.com>	v6: rename flush_entries() to flush_entries6() Signed-off-by: Maciej Zenczykowski <maze@google.com> Signed-off-by: Patrick McHardy <kaber@trash.net> p6tables.h
cc38d058d14e84d3008a0c0035348e0ad5f0d5d2	04-Apr-2011	Maciej Zenczykowski <maze@google.com>	v4: rename flush_entries() to flush_entries4() Signed-off-by: Maciej Zenczykowski <maze@google.com> Signed-off-by: Patrick McHardy <kaber@trash.net> ptables.h
241e73594f6d75e32a7e89ebdb6b7f7917a48df0	04-Apr-2011	Maciej Zenczykowski <maze@google.com>	v6: rename for_each_chain() to for_each_chain6() Signed-off-by: Maciej Zenczykowski <maze@google.com> Signed-off-by: Patrick McHardy <kaber@trash.net> p6tables.h
e70844a98d125679cfe0c62e48d0f19bf175280d	04-Apr-2011	Maciej Zenczykowski <maze@google.com>	v4: rename for_each_chain() to for_each_chain4() Signed-off-by: Maciej Zenczykowski <maze@google.com> Signed-off-by: Patrick McHardy <kaber@trash.net> ptables.h
a85112dc330188035a8d7a58cab499d7672e4d87	04-Apr-2011	Maciej Zenczykowski <maze@google.com>	xtables.h: init_extensions() no longer exists Signed-off-by: Maciej Zenczykowski <maze@google.com> Signed-off-by: Patrick McHardy <kaber@trash.net> tables.h.in
49d8c5d564cad70c5c1bef2d5571e8e494454210	04-Apr-2011	Maciej Zenczykowski <maze@google.com>	v6: rename init_extensions() to init_extensions6() Signed-off-by: Maciej Zenczykowski <maze@google.com> Signed-off-by: Patrick McHardy <kaber@trash.net> tables.h.in
5e8f947becc00a79e78b2a6cf0e25fd674c57ec4	04-Apr-2011	Maciej Zenczykowski <maze@google.com>	v4: rename init_extensions() to init_extensions4() Signed-off-by: Maciej Zenczykowski <maze@google.com> Signed-off-by: Patrick McHardy <kaber@trash.net> tables.h.in
d59b9db031abee37a9aa9776662dd15370faabf4	08-Mar-2011	Stefan Tomanek <stefan.tomanek@wertarbyte.de>	iptables: add -C to check for existing rules It is often useful to check whether a specific rule is already present in a chain without actually modifying the iptables config. Services like fail2ban usually employ techniques like grepping through the output of "iptables -L" which is quite error prone. This patch adds a new operation -C to the iptables command which mostly works like -D; it can detect and indicate the existence of the specified rule by modifying the exit code. The new operation TC_CHECK_ENTRY uses the same code as the -D operation, whose functions got a dry-run parameter appended. Signed-off-by: Stefan Tomanek <stefan.tomanek@wertarbyte.de> Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibiptc/libip6tc.h ibiptc/libiptc.h
9ee2a9fe2f74b616da34878104bd1ff406534ad1	03-Feb-2011	Patrick McHardy <kaber@trash.net>	extensions: add extension for devgroup match Signed-off-by: Patrick McHardy <kaber@trash.net> inux/netfilter/xt_devgroup.h
f46f8c1c5b6d9f5685b9d945e95647eaf6c2d35b	20-Jan-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_connlimit: remove duplicate member that caused size change Signed-off-by: Jan Engelhardt <jengelh@medozas.de> inux/netfilter/xt_connlimit.h
c8f28cc8b84133f20421470e9a61a5a0c78b9c4a	20-Jan-2011	Patrick McHardy <kaber@trash.net>	extensions: libxt_conntrack: add support for specifying port ranges Add support for revision 3 of the conntrack match, which allows to specify port ranges for origsrc/origdst/replsrc/repldst. Signed-off-by: Patrick McHardy <kaber@trash.net> inux/netfilter/xt_conntrack.h
6924b4987d88fbe383bec4da4cf331cc466c245e	20-Jan-2011	Florian Westphal <fw@strlen.de>	extensions: libxt_NFQUEUE: add v2 revision with --queue-bypass option --queue-bypass: if no userpace program is listening on the queue, then allow packets to continue through the ruleset instead of dropping them. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Patrick McHardy <kaber@trash.net> inux/netfilter/xt_NFQUEUE.h
773438bd93851dc1a9129a638925c04868820297	20-Jan-2011	Thomas Graf <tgraf@redhat.com>	libxt_AUDIT: add AUDIT target libxt module for the AUDIT target. -j AUDIT --type (accept\|reject\|drop) Signed-off-by: Thomas Graf <tgraf@redhat.com> Signed-off-by: Patrick McHardy <kaber@trash.net> inux/netfilter/xt_AUDIT.h
5da9e63f66ca190cb90193ebb9eebf5aa523b4d1	19-Jan-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_connlimit: support for dstaddr-supporting revision 1 Signed-off-by: Jan Engelhardt <jengelh@medozas.de> inux/netfilter/xt_connlimit.h
4a1d810bb52aa5d5c450f7adcde5145d40261b54	26-Dec-2010	Jan Engelhardt <jengelh@medozas.de>	xt_comment: remove redundant cast inux/netfilter/xt_comment.h
b4af04be14560b3fcc6cf23200148d408014a2f5	03-Dec-2010	Jan Engelhardt <jengelh@medozas.de>	include: update files with headers from Linux 2.6.37-rc1 Also includes the type change to __u{8,16,32} kernel types already. inux/netfilter/xt_CHECKSUM.h inux/netfilter/xt_CT.h inux/netfilter/xt_IDLETIMER.h inux/netfilter/xt_SECMARK.h inux/netfilter/xt_TCPOPTSTRIP.h inux/netfilter/xt_TPROXY.h inux/netfilter/xt_cluster.h inux/netfilter/xt_connlimit.h inux/netfilter/xt_ipvs.h inux/netfilter/xt_physdev.h inux/netfilter/xt_policy.h inux/netfilter/xt_quota.h inux/netfilter/xt_sctp.h inux/netfilter/xt_socket.h inux/netfilter/xt_time.h inux/netfilter/xt_u32.h
710a132ce9fbecedbf9447f2b2a134f2359a583c	15-Nov-2010	Jan Engelhardt <jengelh@medozas.de>	Revert "Revert "libxtables: change option precedence order to be intuitive"" This reverts commit e84f131b5f992577119bd3679241f69ec394e0a7. Solution follows. tables.h.in
e84f131b5f992577119bd3679241f69ec394e0a7	15-Nov-2010	Patrick McHardy <kaber@trash.net>	Revert "libxtables: change option precedence order to be intuitive" This reverts commit 600f38db82548a683775fd89b6e136673e924097. The commit breaks option parsing: iptables v1.4.9: host/network `port' not found Try `iptables -h' or 'iptables --help' for more information. Signed-off-by: Patrick McHardy <kaber@trash.net> tables.h.in
600f38db82548a683775fd89b6e136673e924097	29-Oct-2010	Jan Engelhardt <jengelh@medozas.de>	libxtables: change option precedence order to be intuitive When using `-m mark --mark 2 -m connmark --mark 2`, the user currently gets an error about the (libxt_mark) --mark option being used twice. This is because libxt_connmark's option table does not override any previous options. This patch changes this behavior, since the current behavior does not allow connmark's option to be used at all, which is illogical. Cc: Florian Westphal <fw@strlen.de> Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net> tables.h.in
422342e47c18e70757231f2210b13df8e1f5931c	02-Aug-2010	Changli Gao <xiaosuo@gmail.com>	libxt_quota: don't ignore the quota value on deletion Don't ignore the quota value on deletion, then we can remove a special rule everytime. Signed-off-by: Changli Gao <xiaosuo@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net> inux/netfilter/xt_quota.h
32b8e61e4e5bd405d9ad07bf9468498dfbb19f9e	23-Jul-2010	Jan Engelhardt <jengelh@medozas.de>	all: consistent syntax use in struct option Try to inhibit copypasting old stuff. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> tables.h.in
2d59208943a3a2a6e0e30b6c84bb8ae80d444cd3	23-Jul-2010	Eric Dumazet <eric.dumazet@gmail.com>	extension: add xt_cpu match Kernel 2.6.36 supports xt_cpu match In some situations a CPU match permits a better spreading of connections, or select targets only for a given cpu. With Remote Packet Steering or multiqueue NIC and appropriate IRQ affinities, we can distribute trafic on available cpus, per session. (all RX packets for a given flow are handled by a given cpu) Some legacy applications being not SMP friendly, one way to scale a server is to run multiple copies of them. Instead of randomly choosing an instance, we can use the cpu number as a key so that softirq handler for a whole instance is running on a single cpu, maximizing cache effects in TCP/UDP stacks. Using NAT for example, a four ways machine might run four copies of server application, using a separate listening port for each instance, but still presenting an unique external port : iptables -t nat -A PREROUTING -p tcp --dport 80 -m cpu --cpu 0 \ -j REDIRECT --to-port 8080 iptables -t nat -A PREROUTING -p tcp --dport 80 -m cpu --cpu 1 \ -j REDIRECT --to-port 8081 iptables -t nat -A PREROUTING -p tcp --dport 80 -m cpu --cpu 2 \ -j REDIRECT --to-port 8082 iptables -t nat -A PREROUTING -p tcp --dport 80 -m cpu --cpu 3 \ -j REDIRECT --to-port 8083 Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net> inux/netfilter/xt_cpu.h
c36d05e42406966440e3644110d3d2504c4b165c	23-Jul-2010	Hannes Eder <heder@google.com>	libxt_ipvs: user-space lib for netfilter matcher xt_ipvs The user-space library for the netfilter matcher xt_ipvs. [ trivial up-port by Simon Horman <horms@verge.net.au> ] Signed-off-by: Hannes Eder <heder@google.com> Acked-by: Simon Horman <horms@verge.net.au> Signed-off-by: Patrick McHardy <kaber@trash.net> inux/netfilter/xt_ipvs.h
b14f160c11196aeb99000611207bd353c7ae2cb9	15-Jul-2010	Patrick McHardy <kaber@trash.net>	Merge branch 'master' into iptables-next
0bcda81f5f6d121084131fb944e2940f614cc98c	15-Jul-2010	Patrick McHardy <kaber@trash.net>	extensions: fix compilation of the new CHECKSUM target Add missing header file. Signed-off-by: Patrick McHardy <kaber@trash.net> inux/netfilter/xt_CHECKSUM.h
127647892c7cac85baf8da62ed21232baa60f1c9	28-Jun-2010	Patrick McHardy <kaber@trash.net>	extensions: libipt_LOG/libip6t_LOG: support macdecode option Signed-off-by: Patrick McHardy <kaber@trash.net> inux/netfilter_ipv4/ipt_LOG.h inux/netfilter_ipv6/ip6t_LOG.h
78514bc3a9b1b724c9fc904941c5854644865673	25-Jun-2010	Patrick McHardy <kaber@trash.net>	Merge branch 'master' of vishnu.netfilter.org:/data/git/iptables
d40f1628c3717daebc437a398a285e371b5b6f7f	16-Jun-2010	Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>	libxt_set: new revision added libipt_set renamed to libxt_set and the support for the forthcoming ipset release added. I have tested backward (IPv4) and forward compatibility (IPv4/IPv6): ipset -N test iphash ipset -A test test-address iptables -N test-set iptables -A test-set -j LOG --log-prefix "match " iptables -A test-set -j DROP iptables -A OUTPUT -m set --match-set test dst -j test-set ping test-address inux/netfilter/xt_set.h inux/netfilter_ipv4/ip_set.h inux/netfilter_ipv4/ipt_set.h
d96993e50b44b358ea5bd15f3944674eafd62542	15-Jun-2010	Luciano Coelho <luciano.coelho@nokia.com>	extensions: add idletimer xt target extension Add the extension plugin for the IDLETIMER x_tables target. Signed-off-by: Luciano Coelho <luciano.coelho@nokia.com> Signed-off-by: Patrick McHardy <kaber@trash.net> inux/netfilter/xt_IDLETIMER.h
11c2dd54b69e06ae3f35dea130ecba3df3859243	07-Jun-2010	Jan Engelhardt <jengelh@medozas.de>	xtables: remove xtables_set_revision function Since iptables uses its own copies of the header files anyway where the revision field is exposed, there is no reach to access name[] beyond its size. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> tables.h.in
491c1660fced08e2d1a08c101c63af04250275d0	07-Jun-2010	Jan Engelhardt <jengelh@medozas.de>	includes: sync header files from Linux 2.6.35-rc1 Signed-off-by: Jan Engelhardt <jengelh@medozas.de> inux/kernel.h inux/netfilter/x_tables.h inux/netfilter/xt_CONNMARK.h inux/netfilter/xt_MARK.h inux/netfilter/xt_TEE.h inux/netfilter/xt_connmark.h inux/netfilter/xt_mark.h inux/netfilter/xt_recent.h inux/netfilter_ipv6.h
8532c70fd182057b440b41f013d8021a95bd72b2	21-May-2010	Patrick McHardy <kaber@trash.net>	Revert "Revert "Merge branch 'iptables-next'"" This reverts commit 110c1e4502e21ea38e0980e6f8af857d24330099. Revert the revert to restore the TEE target. inux/netfilter/xt_TEE.h
110c1e4502e21ea38e0980e6f8af857d24330099	21-May-2010	Patrick McHardy <kaber@trash.net>	Revert "Merge branch 'iptables-next'" This reverts commit 65414babaebcd403e9bf2c27d9d74adb369bf3aa, reversing changes made to 7278461dfad72e2008585dd0bac0e889e5bba99e. Forgot to commit the version increase. inux/netfilter/xt_TEE.h
c303bb0594fae1c4fd1097b2ce0814c5ffd0edc7	19-Apr-2010	Jan Engelhardt <jengelh@medozas.de>	extensions: add support for xt_TEE xt_TEE is firstly included in Linux 2.6.35. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> inux/netfilter/xt_TEE.h
9fdbaa71452edaac9d5906716c15937f670341fa	08-Mar-2010	Patrick McHardy <kaber@trash.net>	extensions: add CT extension Signed-off-by: Patrick McHardy <kaber@trash.net> inux/netfilter/nf_conntrack_common.h inux/netfilter/xt_CT.h
350661a6eb089f3e54e67e022db9e16ea280499f	31-Jan-2010	Jan Engelhardt <jengelh@medozas.de>	includes: header updates Update the shipped Linux kernel headers from 2.6.33-rc6, as iptables's ipt_ECN.h for example references ipt_DSCP.h, which no longer exists. Since a number of old code pieces have been removed in the kernel in that fashion, the structs for older versions are moved into the .c file, to keep header updating simple. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> inux/netfilter.h inux/netfilter/nf_conntrack_common.h inux/netfilter/x_tables.h inux/netfilter/xt_CLASSIFY.h inux/netfilter/xt_CONNMARK.h inux/netfilter/xt_CONNSECMARK.h inux/netfilter/xt_DSCP.h inux/netfilter/xt_LED.h inux/netfilter/xt_MARK.h inux/netfilter/xt_NFLOG.h inux/netfilter/xt_NFQUEUE.h inux/netfilter/xt_RATEEST.h inux/netfilter/xt_SECMARK.h inux/netfilter/xt_TCPMSS.h inux/netfilter/xt_connbytes.h inux/netfilter/xt_connmark.h inux/netfilter/xt_conntrack.h inux/netfilter/xt_dccp.h inux/netfilter/xt_dscp.h inux/netfilter/xt_esp.h inux/netfilter/xt_hashlimit.h inux/netfilter/xt_iprange.h inux/netfilter/xt_length.h inux/netfilter/xt_limit.h inux/netfilter/xt_mark.h inux/netfilter/xt_multiport.h inux/netfilter/xt_owner.h inux/netfilter/xt_physdev.h inux/netfilter/xt_policy.h inux/netfilter/xt_quota.h inux/netfilter/xt_rateest.h inux/netfilter/xt_realm.h inux/netfilter/xt_recent.h inux/netfilter/xt_sctp.h inux/netfilter/xt_state.h inux/netfilter/xt_statistic.h inux/netfilter/xt_string.h inux/netfilter/xt_tcpmss.h inux/netfilter/xt_tcpudp.h inux/netfilter_ipv4.h inux/netfilter_ipv4/ip_tables.h inux/netfilter_ipv4/ipt_ECN.h inux/netfilter_ipv4/ipt_SAME.h inux/netfilter_ipv4/ipt_TOS.h inux/netfilter_ipv4/ipt_ah.h inux/netfilter_ipv4/ipt_ecn.h inux/netfilter_ipv4/ipt_iprange.h inux/netfilter_ipv4/ipt_owner.h inux/netfilter_ipv4/ipt_policy.h inux/netfilter_ipv4/ipt_tos.h inux/netfilter_ipv6.h inux/netfilter_ipv6/ip6_tables.h inux/netfilter_ipv6/ip6t_ah.h inux/netfilter_ipv6/ip6t_frag.h inux/netfilter_ipv6/ip6t_ipv6header.h inux/netfilter_ipv6/ip6t_mh.h inux/netfilter_ipv6/ip6t_opts.h inux/netfilter_ipv6/ip6t_owner.h inux/netfilter_ipv6/ip6t_policy.h inux/netfilter_ipv6/ip6t_rt.h inux/types.h
588b615bc78ddef3752f356d1e243129c4dbba96	12-Nov-2009	Patrick McHardy <kaber@trash.net>	extensions: add osf extension From Evgeniy Polyakov <zbr@ioremap.net> Signed-off-by: Patrick McHardy <kaber@trash.net> inux/netfilter/xt_osf.h
bf97128c7262f17a02fec41cdae75b472ba77f88	03-Nov-2009	Jan Engelhardt <jengelh@medozas.de>	libxtables: hand argv to xtables_check_inverse In going to fix NF bug #611, "argv" is needed in xtables_check_inverse to set "optarg" to the right spot in case of an intrapositional negation. References: http://bugzilla.netfilter.org/show_bug.cgi?id=611 Signed-off-by: Jan Engelhardt <jengelh@medozas.de> tables.h.in
4282d89a798adcf50973a22c5a17563b5e9421cb	20-Aug-2009	Florian Westphal <fwestphal@astaro.com>	libxt_NFQUEUE: add new v1 version with queue-balance option New version that adds support for specifying a queue range instead of a single queue id. The kernel will distribute flows across the given queue range. This is useful for multicore systems, simply start multiple instances of the userspace program on queues x, x+1, .. x+n and use "--queue-balance x:x+n". Packets belonging to the same connection are put into the same queue. With fixes from Jan Engelhardt. Signed-off-by: Florian Westphal <fwestphal@astaro.com> Signed-off-by: Patrick McHardy <kaber@trash.net> inux/netfilter/xt_NFQUEUE.h
8e4dacaed17701cb1891b962bb856e0e8cfbb5c8	05-Aug-2009	Jan Engelhardt <jengelh@medozas.de>	Merge branch 'stable' Conflicts: extensions/libxt_conntrack.c Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
b79ec69027fd8b65e7eccd78a445b6665e8ad53b	23-Jul-2009	Jan Engelhardt <jengelh@medozas.de>	build: combine iptables-multi and iptables-static Changed the Makefile so that: 1. --enable-shared / --disable-shared control the linkage against libdl (and thus the potential to use 3rd party extensions) 2. --enable-static / --disable-static controls whether shipped extensions are built-in or provided as modules iptables-static becomes redundant by this action; iptables-multi now has the feature. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> tables.h.in
4186f8aa0b113ea1a52aa90292ff89b96bed9c39	23-Jul-2009	Jan Engelhardt <jengelh@medozas.de>	build: fix struct size mismatch Mixing code compiled with and without -DNO_SHARED_LIBS is fine as long as the structs have the same layout. This patch prevents a potential (currently non-triggerable) "ip6tables: target (null)<123> is missing a version" error. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> tables.h.in
9a8fc4f89ef120d7beda3724994a1544346b947d	25-Jun-2009	Jan Engelhardt <jengelh@medozas.de>	xtables: add multi-registration functions Similar to the ones that are present in the kernel. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> tables.h.in
332e4acc574e3a348fe611d55bf642de0d50fbda	09-Apr-2009	Michael Granzow <mgranzow@zeus.com>	iptables: accept multiple IP address specifications for -s, -d libiptc already supports adding and deleting multiple rules with different addresses, so it only needs to be wired up to the options. # ip6tables -I INPUT -s 2001:db8::d,2001:db8::e -j DROP References: http://marc.info/?l=netfilter-devel&m=123929790719202&w=2 Adjustments made: syntax, removal of unneeded variables, manpage adjustment, soversion bump. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> tables.h.in
b97b42147ea65d7d24d70a2ffe925dbf091f26bc	25-Jun-2009	Jan Engelhardt <jengelh@medozas.de>	xt_conntrack: revision 2 for enlarged state_mask member This complements the xt_conntrack revision 2 code added to the kenrel. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> inux/netfilter/xt_conntrack.h
771871e1d9c39310cb6e2c595270d2e651309e6d	22-May-2009	Jan Engelhardt <jengelh@medozas.de>	xtables: use extern "C" This fixes linking errors for 3rd-party C++ code. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> tables.h.in
cd958a6c92c84095a439780b53832bb3aae2d512	06-May-2009	Pablo Neira Ayuso <pablo@netfilter.org>	extensions: add `cluster' match support This patch adds support for the cluster match to iptables. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> inux/netfilter/xt_cluster.h
467fa9fe70f08342a50b859ddd431c848a956679	17-Apr-2009	Patrick McHardy <kaber@trash.net>	SNAT/DNAT: add support for persistent multi-range NAT mappings Add support for persistent mappings (2.6.29-rc2+) as replacement for the removed SAME target. Signed-off-by: Patrick McHardy <kaber@trash.net> et/netfilter/nf_nat.h
c4edfa63eda06f02cc5bc1a65d366c55bd2eda30	30-Mar-2009	Jan Engelhardt <jengelh@medozas.de>	libxtables: reorder .version member When the structure's layout changes, as it did between v1.4.1 and v1.4.2, trying to compare the version string makes iptables segfault while it tries to determine whether the module is compatible in the first place. By moving the member to a known offset in the struct and keeping it there, objects (both iptables and 3rd party) compiled from this commit onwards will avoid the segfault. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> tables.h.in
38725a4411b0e0f34a3077e37b0be860352085a8	15-Mar-2009	Jan Engelhardt <jengelh@medozas.de>	Merge commit 'nf/master'
71886fbb48ef50e212c43f5d7dffbab86f9ae31c	25-Feb-2009	Stephen Hemminger <shemminger@vyatta.com>	iptables: Add limits.h to get INT_MIN, INT_MAX, ... Fix build failure of iptables utilities on debian/ubuntu, maybe other distros. The values INT_MIN and INT_MAX are used by many filters and these are defined in limits.h --- patch against current iptables.git Signed-off-by: Patrick McHardy <kaber@trash.net> tables.h.in
4e41854423b529d3107c23b85434d50a75d08057	21-Feb-2009	Jan Engelhardt <jengelh@medozas.de>	extensions: add missing limits.h include Thanks to Stephen Hemminger for noticing. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> ibiptc/libip6tc.h ibiptc/libiptc.h
978e27e8f8c2e49d0528c6c4ae3a56627fbe8492	21-Feb-2009	Jan Engelhardt <jengelh@medozas.de>	include: resynchronize headers with 2.6.29-rc5 Signed-off-by: Jan Engelhardt <jengelh@medozas.de> inux/netfilter/nf_conntrack_common.h inux/netfilter/nf_conntrack_tuple.h inux/netfilter/nf_nat.h inux/netfilter/xt_NFLOG.h inux/netfilter/xt_connlimit.h inux/netfilter/xt_conntrack.h inux/netfilter/xt_quota.h inux/netfilter/xt_sctp.h inux/netfilter/xt_string.h inux/netfilter_ipv4/ip_tables.h inux/netfilter_ipv4/ipt_SAME.h inux/netfilter_ipv6/ip6_tables.h inux/netfilter_ipv6/ip6t_TCPMSS.h inux/types.h et/netfilter/nf_conntrack_tuple.h et/netfilter/nf_nat.h
1829ed482efbc8b390cc760d012b3a4450494e1a	21-Feb-2009	Jan Engelhardt <jengelh@medozas.de>	libxtables: prefix exit_error to xtables_error Signed-off-by: Jan Engelhardt <jengelh@medozas.de> tables.h.in
bddcb92d1f0f76d21c4469b1667c8199c9fab126	21-Feb-2009	Jan Engelhardt <jengelh@medozas.de>	libxtables: inline and remove unused OPTION_OFFSET macro Signed-off-by: Jan Engelhardt <jengelh@medozas.de> tables.h.in
51bc836ad3fd52ed72289028871318d561b2959a	11-Feb-2009	Jan Engelhardt <jengelh@medozas.de>	libiptc: make library available as a shared library Tested-by: Jesper Dangaard Brouer <hawk@comx.dk> Signed-off-by: Jan Engelhardt <jengelh@medozas.de> akefile.am
5dd19de34380c91ad07bbe79a34726e59891cf54	13-Feb-2009	Jamal Hadi Salim <hadi@cyberus.ca>	libxtables: general follow-up cleanup Kill program_name, program_version and xtables_program_name. Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca> tables.h.in
7e4db2f50133007f549f222468bde4f3adcf41ac	13-Feb-2009	Jamal Hadi Salim <hadi@cyberus.ca>	libxtables: consolidate init calls into one function Introduce xtables_init_all() which hides three calls xtables_init(), xtables_set_nfproto(), and xtables_set_params(). Make ip[6]tables-restore, ip[6]tables-save and ip[6]tables-standalone use it. I moved xtables_set_params around for readability reasons. Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca> tables.h.in
70581922f873a88306dd5b1cb83c5081ee239eb8	13-Feb-2009	Jamal Hadi Salim <hadi@cyberus.ca>	libxtables: consolidate merge_options into xtables_merge_options Introduce xtables_merge_options() for re-use reasons. Apps can use it instead of each defining their own merge_options(). Made iptables and ip6tables use the new shared interface. Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca> tables.h.in
139b3fe4bd5121501e60fe07963ea527d7f0bd36	12-Feb-2009	Jamal Hadi Salim <hadi@cyberus.ca>	libxtables: make iptables and ip6tables use xtables_free_opts The patch modifies xtables_globals to introduce orig_opts and xtables_free_opts() to emulate what free_opts used to do. We also get rid of the copies of free_opts() that iptables and ip6tables keep. Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca> tables.h.in
853322131026d62df3f8d77d67e5c63be496303c	12-Feb-2009	Jamal Hadi Salim <hadi@cyberus.ca>	libxtables: add xtables_set_revision Introduce xtables_set_revision() and make iptables and ip6tables use it. Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca> tables.h.in
617d3d140f4739558dce2ef8ed01aef251cf5487	11-Feb-2009	Jamal Hadi Salim <hadi@cyberus.ca>	libxtables: set names of programs Set proper name of application. Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca> p6tables.h ptables.h
f567ac9193bc421992e572ec3196a73dc6ed59c0	12-Feb-2009	Jan Engelhardt <jengelh@medozas.de>	build: restructure Makefile for include/ directory This patch will support adding libiptc to the headers list in future. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> akefile.am
41f03ba382dfd26e7db939fd02447058b1c56f7b	11-Feb-2009	Jan Engelhardt <jengelh@medozas.de>	libxtables: use const for vars holding literals Signed-off-by: Jan Engelhardt <jengelh@medozas.de> tables.h.in
6f3c30059d9cf73c438db08998c58cd1b502eb44	12-Feb-2009	Patrick McHardy <kaber@trash.net>	Merge branch 'master' of git://dev.medozas.de/iptables
8b7baebc93989106fd5d26b262d0ce191f8ef7c0	11-Feb-2009	Jamal Hadi Salim <hadi@cyberus.ca>	libxtables: simple aliasing macro for exit_error Rename xtables_globals exit_error cb to exit_err and introduce a very simple aliasing macro to point to it. convert iptables, ip6tables and iptables_xml to use it. Note iptables_xml does not have to define its own exit_error() since it can use the basic one provided. Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca> Signed-off-by: Patrick McHardy <kaber@trash.net> tables.h.in
40a8343d3ad0cdbc3a7e69c8d970ad75807c29ed	11-Feb-2009	Jamal Hadi Salim <hadi@cyberus.ca>	libxtables: Add exit_error cb to xtables_globals Introduce exit_error() as part of xtables_globals structure. When an application registers its xtables_globals definition and does not specify its exit_error() it gets assigned a basic version Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca> Signed-off-by: Patrick McHardy <kaber@trash.net> tables.h.in
84c3055bf08d0a8fe5db6e5f3f96dd826a290147	11-Feb-2009	Jamal Hadi Salim <hadi@cyberus.ca>	libxtables: define xtables_free_opts() Introduce xtables_free_opts() an xtables variant of free_opts() which uses xtables_globals already set by xtables_set_params(). The end goal is to have all internal references in xtables.c use xtables_free_opts() instead of depending on external defined free_opts() Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca> Signed-off-by: Patrick McHardy <kaber@trash.net> tables.h.in
8e90ce66a99e5dc9b055a9fd14e8e9216f90233c	11-Feb-2009	Jamal Hadi Salim <hadi@cyberus.ca>	libxtables: Introduce global params structuring introduce a new struct,xtables_globals, so as to localize the globals used and help in symbol renames. The applications must invoke xtables_set_params() before starting to use any iptables APIs. xtables_set_params() is intended to free xtables from depending (as it does right now) on existence of such externally definitions (from iptables/iptables6 etc). At the moment, xtables wont even compile without presence of at least one of {iptables/iptables6 etc} Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca> Signed-off-by: Patrick McHardy <kaber@trash.net> tables.h.in
47a6fd9ec9891a8040eb8fd6db3c5012c1056061	10-Feb-2009	Jan Engelhardt <jengelh@medozas.de>	src: consolidate duplicate code in iptables/internal.h Signed-off-by: Jan Engelhardt <jengelh@medozas.de> p6tables.h ptables.h ptables/internal.h.in
c31870f9bebb3d4d082016fcfaf8c2177ae32eb2	10-Feb-2009	Jan Engelhardt <jengelh@medozas.de>	libxtables: move compat defines to xtables.c Addendum to commit v1.4.3-rc1-41-g77f48c2 where the macro users got moved. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> p6tables.h ptables.h
ea955480a8ae43aa956ac62e1aab3f9670529819	10-Feb-2009	Jan Engelhardt <jengelh@medozas.de>	src: remove unused ipt_tryload macro Signed-off-by: Jan Engelhardt <jengelh@medozas.de> p6tables.h ptables.h
395e441e20ea9ab7f37122bcfd76fec527fa447b	10-Feb-2009	Jan Engelhardt <jengelh@medozas.de>	src: remove iptables_rule_match indirection macro Signed-off-by: Jan Engelhardt <jengelh@medozas.de> p6tables.h ptables.h
c02e80878979d2205f3d89d05548397871e598e9	10-Feb-2009	Jan Engelhardt <jengelh@medozas.de>	libxtables: decouple non-xtables parts from header Signed-off-by: Jan Engelhardt <jengelh@medozas.de> p6tables.h ptables.h ptables/internal.h.in tables.h.in tables/internal.h.in
b6601f3a4f65d0956dd829b63c503875b10d5c74	10-Feb-2009	Jan Engelhardt <jengelh@medozas.de>	libxtables: remove unused XT_LIB_DIR macro Signed-off-by: Jan Engelhardt <jengelh@medozas.de> tables/internal.h.in
300e2909ba4714abc6093cba0ed860708282bd3e	09-Feb-2009	Patrick McHardy <kaber@trash.net>	Merge branch 'master' of git://dev.medozas.de/iptables
9cfc59f71f83ee97c4513fd340acf1e45073562b	09-Feb-2009	Eric Leblond <eric@inl.fr>	xt_NFLOG: Set default NFLOG qthreshold to 0 By setting default NFLOG qthreshold to 0, userspace does not overwrite the per-instance value. Signed-off-by: Patrick McHardy <kaber@trash.net> inux/netfilter/xt_NFLOG.h
77f48c2f1ef21fa43aa68c25a1457db319ca2526	07-Feb-2009	Jan Engelhardt <jengelh@medozas.de>	libxtables: move afinfo around libxtables should not rely on the program executable providing the magic constants for using [gs]etsockopt. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> tables.h.in tables/internal.h.in
212092173b63be8532d95241bbd86db96e110220	01-Feb-2009	Jan Engelhardt <jengelh@medozas.de>	libxtables: prefix names and order #3 This change affects: find_{match,target} -> xtables_find_{match,target} enum xt_tryload -> enum xtables_tryload loose flags like DONT_LOAD -> XTF_DONT_LOAD Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> tables.h.in tables/internal.h
c6132022905b10ac70223e8116f3903ea0039e75	01-Feb-2009	Jan Engelhardt <jengelh@medozas.de>	libxtables: prefix names and order it #2 This change affects: load_xtables_ko -> xtables_load_ko modprobe_program -> xtables_modprobe_program Now uses bool for the "quiet" flag. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> tables.h.in tables/internal.h
43270796c709584b67343c333adaf28faea56265	01-Feb-2009	Jan Engelhardt <jengelh@medozas.de>	libbxtables: prefix names and order it #1 It is good practice to prefix names in a library some way so that it does not clash with external programs' variable names right on the first try. This change: rename fw_[cm]alloc to xtables_[cm]alloc and move the definition from internal.h to xtables.h to avoid potential compiler warnings. These functions are intended to fix Jamal's dependency problem in his tc's ipt action. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> tables.h.in tables/internal.h
1de7edffc9085c0f41c261dca995e28ae4126c29	30-Jan-2009	Jan Engelhardt <jengelh@medozas.de>	libxtables: prefix/order - move parse_protocol to xtables.c Signed-off-by: Jan Engelhardt <jengelh@medozas.de> tables.h.in
0f16c725aadaac7e670d632ecbaea3661ff00827	30-Jan-2009	Jan Engelhardt <jengelh@medozas.de>	libxtables: prefix/order - move check_inverse to xtables.c This also adds a warning that intrapositional negation support is deprecated. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> tables.h.in
a0baae85f8159f03d52535934aa9b3a375e0f1f3	30-Jan-2009	Jan Engelhardt <jengelh@medozas.de>	libxtables: prefix - parse and escaped output func Signed-off-by: Jan Engelhardt <jengelh@medozas.de> tables.h.in
aae6be9edc99e58164a3592c510fe5488141c698	30-Jan-2009	Jan Engelhardt <jengelh@medozas.de>	libxtables: prefix - misc functions Signed-off-by: Jan Engelhardt <jengelh@medozas.de> tables.h.in
1e01b0b82f70b0b11dcfbced485dbe7aeac4fb8c	30-Jan-2009	Jan Engelhardt <jengelh@medozas.de>	libxtables: prefix/order - ascii to ipaddr/ipmask input Signed-off-by: Jan Engelhardt <jengelh@medozas.de> tables.h.in
e44ea7faa17c10c68f14f5338a7cc6e3291a0ce7	30-Jan-2009	Jan Engelhardt <jengelh@medozas.de>	libxtables: prefix/order - ipaddr/ipmask to ascii output Signed-off-by: Jan Engelhardt <jengelh@medozas.de> tables.h.in
a41545ca7cde43e0ba53260ba74bd9bf74025a68	27-Jan-2009	Jan Engelhardt <jengelh@medozas.de>	libxtables: prefix/order - param_act Changes: exittype -> xtables_exittype P_* -> XTF_* flags Signed-off-by: Jan Engelhardt <jengelh@medozas.de> tables.h.in
dacafa55379fd98212031d8c559096c91d7ce93b	27-Jan-2009	Jan Engelhardt <jengelh@medozas.de>	libxtables: prefix/order - program_name Split XTABLES_VERSION into xtables and iptables, and encode the xtables soversion into the extensions instead. This makes it possible to upgrade iptables without having to recompile 3rd-party extensions (if the libxtables version matches, of course). Signed-off-by: Jan Engelhardt <jengelh@medozas.de> tables.h.in tables/internal.h tables/internal.h.in
5f2922cfc0bbfbeb878f5c12e9fb3eb602ae5507	27-Jan-2009	Jan Engelhardt <jengelh@medozas.de>	libxtables: prefix/order - strtoui This commit also throws out the redundant string_to_number_*. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> tables.h.in
39bf9c8214d3073a496a8a1eff91046a8d6fbbdf	27-Jan-2009	Jan Engelhardt <jengelh@medozas.de>	libxtables: prefix/order - libdir Consolidate the libdir variable initialization code into xtables.c. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> tables.h.in tables/internal.h
2338efd8f799d8373dc196c797bda9690283b698	27-Jan-2009	Jan Engelhardt <jengelh@medozas.de>	libxtables: prefix/order - match/target loading This change affects: find_{match,target} -> xtables_find_{match,target} enum xt_tryload -> enum xtables_tryload loose flags like DONT_LOAD -> XTF_DONT_LOAD Signed-off-by: Jan Engelhardt <jengelh@medozas.de> tables.h.in tables/internal.h
c021c3ce7b1583eb5dd71b10ac3d8ab3cd36beaa	27-Jan-2009	Jan Engelhardt <jengelh@medozas.de>	libxtables: prefix/order - modprobe and xtables.ko loading This change affects: load_xtables_ko -> xtables_load_ko modprobe_program -> xtables_modprobe_program Now uses bool for the "quiet" flag. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> tables.h.in tables/internal.h
630ef48037f3602333addfdb53789c9c6a4bb4c8	27-Jan-2009	Jan Engelhardt <jengelh@medozas.de>	libxtables: prefix/order - fw_xalloc It is good practice to prefix names in a library some way so that it does not clash with external programs' variable names right on the first try. This change: rename fw_[cm]alloc to xtables_[cm]alloc and move the definition from internal.h to xtables.h to avoid potential compiler warnings. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> tables.h.in tables/internal.h
b8e74adfa512c220839dea399fc11197dd9b43ff	07-Dec-2008	Jan Engelhardt <jengelh@medozas.de>	src: remove unused include files No .c files include any of these - in fact they seem to be remnants missed during commit b1f568309a09e61f892dee3c23279cecff0b0ff4 - so remove them. Signed-off-by: Patrick McHardy <kaber@trash.net> inux/netfilter_ipv4/ipt_DSCP.h inux/netfilter_ipv4/ipt_FTOS.h inux/netfilter_ipv4/ipt_connlimit.h inux/netfilter_ipv4/ipt_dscp.h inux/netfilter_ipv4/ipt_dstlimit.h inux/netfilter_ipv4/ipt_rpc.h
03d99486d8283552705b58dc55b6085dffc38792	18-Nov-2008	Jan Engelhardt <jengelh@medozas.de>	src: use NFPROTO_ constants Resync netfilter.h from the latest kernel and make use of the new NFPROTO_ constants that have been introduced. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net> inux/netfilter.h tables.h.in
1c9015b2cb483678f153121255e10ec0bbfde3e6	10-Nov-2008	Jan Engelhardt <jengelh@medozas.de>	libiptc: remove indirections Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net> p6tables.h ptables.h ibiptc/libip6tc.h ibiptc/libiptc.h
fd1873110f8e57be578df17fc9d03536b10f4f73	10-Nov-2008	Jan Engelhardt <jengelh@medozas.de>	libiptc: remove typedef indirection Don't you hate it when iptc_handle_t x actually is a double-indirection struct iptc_handle ? This also shows the broken constness model, since "const iptc_handle_t x" = "iptc_handle_t const x" = "struct iptc_handle const x", which is like no const at all. Lots of things to do then. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net> p6tables.h ptables.h ibiptc/libip6tc.h ibiptc/libiptc.h
af1660fe0e88cd9f1c770864e1c643718cb2cc62	22-Oct-2008	Jan Engelhardt <jengelh@medozas.de>	Move libipt_recent to libxt_recent Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net> inux/netfilter/xt_recent.h inux/netfilter_ipv4/ipt_recent.h
92b54aa2b436387f85783d3f420ccaa12fdaf891	15-Oct-2008	KOVACS Krisztian <hidden@sch.bme.hu>	Add iptables support for the TPROXY target Signed-off-by: KOVACS Krisztian <hidden@sch.bme.hu> Signed-off-by: Patrick McHardy <kaber@trash.net> inux/netfilter/xt_TPROXY.h
ef18e8147903885708d1c264904129af4fb636d6	04-Aug-2008	Jan Engelhardt <jengelh@medozas.de>	src: remove dependency on libiptc headers xtables.h does not need really need libxtc.h, and we can drop it from the install as it is internal-only. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net> p6tables.h ptables.h ibiptc/libxtc.h tables.h.in
78d2d14211466f1986882ba6bdf82e6429ce78dc	07-Jul-2008	Joonwoo Park <joonwpark81@gmail.com>	xt_string: string extension case insensitive matching The string extension can search patterns case insensitively with --icase option. A new revision 1 was added, in the meantime invert of xt_string_info was moved into flags as a flag. Signed-off-by: Joonwoo Park <joonwpark81@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net> inux/netfilter/xt_string.h
4dfd25a405199c03fc694b9a43efdae6a91d8ae8	06-Jun-2008	Laszlo Attila Toth <panther@balabit.hu>	addrtype match: added revision 1 In revision 1 address type checking can be limited to either the incoming or outgoing interface depending on the current chain. In the FORWARD chain only one of them is allowed at the same time. Signed-off-by: Laszlo Attila Toth <panther@balabit.hu> Signed-off-by: Patrick McHardy <kaber@trash.net> inux/netfilter_ipv4/ipt_addrtype.h
e0bba47e550420e371c97425cc6d39909a6e059b	05-Jun-2008	Patrick McHardy <kaber@trash.net>	Resync header files with kernel Resync headers and add types.h file for endian annotated types, which are not available with old headers. inux/netfilter.h inux/netfilter/nf_conntrack_common.h inux/netfilter/xt_RATEEST.h inux/netfilter/xt_conntrack.h inux/netfilter/xt_limit.h inux/netfilter/xt_physdev.h inux/netfilter/xt_policy.h inux/netfilter/xt_rateest.h inux/netfilter/xt_realm.h inux/netfilter/xt_statistic.h inux/netfilter/xt_string.h inux/netfilter_ipv4.h inux/netfilter_ipv4/ipt_CLUSTERIP.h inux/netfilter_ipv4/ipt_ECN.h inux/netfilter_ipv4/ipt_TTL.h inux/netfilter_ipv4/ipt_ecn.h inux/netfilter_ipv4/ipt_policy.h inux/netfilter_ipv4/ipt_realm.h inux/netfilter_ipv6.h inux/netfilter_ipv6/ip6t_policy.h inux/types.h
c634cb9cb13d6e1b6fd661b426363431f7ef321a	03-Jun-2008	Thomas Jarosch <thomas.jarosch@intra2net.com>	Add xtables version defines. Attached is a patch to add the new defines. The macro XTABLES_VERSION is already in use, so I named it XTABLES_VERSION_CHECK. I've also tested that an empty XTABLES_VERSION_EXTRA in configure.ac works. Now we can write code like this: #warning You are obselete and will be assimilated. Signed-off-by: Thomas Jarosch <thomas.jarosch@intra2net.com> Signed-off-by: Patrick McHardy <kaber@trash.net> tables.h.in
510aef98a56cdbfdb147f78b05d7554bb91770a9	02-Jun-2008	Patrick McHardy <kaber@trash.net>	manpages: consistent syntax In the manpages, bold is used to denote characters the user has to enter verbatim, italic denotes placeholders and non-highlighted pieces are used as a structure: "[]" specifying an optional part, "{}" a mandatory part, with "\|" used for alternations. The "!" for negation is better supported before the option than after it, too. The patch makes a few files consistent with this style already used in manpages. inux/netfilter.h
96296cfb7e01298234c7fa9403619f50391620d1	13-May-2008	Henrik Nordstrom <henrik@henriknordstrom.net>	iptables --list-rules command Adds iptables --list-rules (-S) command, acting as a combination of iptables --list and iptables-save. The primary motivation behind this patch is to get iptables-save like output capabilities in iptables-restore, allowing "iptables-restore -n" to be used as a consistent API to iptables for all kind of operations, not only blind updates.. As a bonus iptables also gets the capability of printing the rules as-is. This completely replaces the earlier patch which added the --rules option. Henrik Nordstrom <henrik@henriknordstrom.net> p6tables.h ptables.h
8b7c64d6ba156a99008fcd810cba874c73294333	15-Apr-2008	Jan Engelhardt <jengelh@medozas.de>	Remove old functions, constants p6tables.h ptables.h
493c712d61c35a6d8db877b208d34c111337a918	15-Apr-2008	Jan Engelhardt <jengelh@medozas.de>	Dynamically create xtables.h.in with version tables.h tables.h.in
ed342edd98456bd4f23d230481854be160fad1dc	13-Feb-2008	Jan Engelhardt <jengelh@medozas.de>	Remove support for compilation of conditional extensions inux/netfilter_ipv4/ip_set.h inux/netfilter_ipv4/ipt_set.h
ca7cd666949b68bf41a32de38ee38e332e89863b	11-Feb-2008	Jan Engelhardt <jengelh@medozas.de>	Add all necessary header files - compilation fix for various cases Allow iptables to compile without a kernel source tree. This implies fixing build for older kernels, such as 2.6.17 which lack xt_SECMARK.h. inux/netfilter.h inux/netfilter/x_tables.h inux/netfilter/xt_SECMARK.h inux/netfilter_ipv4/ip_tables.h inux/netfilter_ipv4/ipt_DSCP.h inux/netfilter_ipv4/ipt_LOG.h inux/netfilter_ipv4/ipt_REJECT.h inux/netfilter_ipv4/ipt_TOS.h inux/netfilter_ipv4/ipt_dscp.h inux/netfilter_ipv4/ipt_owner.h inux/netfilter_ipv4/ipt_tos.h inux/netfilter_ipv6/ip6_tables.h inux/netfilter_ipv6/ip6t_LOG.h
21b41eea4724c57d2b6e5998cf38255046e43ad3	11-Feb-2008	Jan Engelhardt <jengelh@medozas.de>	Combine IP{,6}T_LIB_DIR into XTABLES_LIBDIR p6tables.h ptables.h
9a8c77fc8df3155747c34dcea79b7834a2a9a40a	11-Feb-2008	Jan Engelhardt <jengelh@medozas.de>	Add support for xt_hashlimit match revision 1 inux/netfilter/xt_hashlimit.h
31558608e77c9712d26c0cb7e97f20e20f459830	10-Apr-2008	Jan Engelhardt <jengelh@medozas.de>	xtables.h: move non-exported parts to internal.h tables.h tables/internal.h
33690a1aec0b6309ff90066ca56285b6e43013f2	11-Feb-2008	Jan Engelhardt <jengelh@medozas.de>	Fix all remaining warnings (missing declarations, missing prototypes) ptables.h ibiptc/libip6tc.h ibiptc/libiptc.h tables.h tables/internal.h
dbb77543ad6afe29e9a1881b2d4fc212de621a55	11-Feb-2008	Jan Engelhardt <jengelh@medozas.de>	Fix -Wshadow warnings and clean up xt_sctp.h Note: xt_sctp.h is still not merged upstream in the kernel as of this commit. But a refactoring was really needed. inux/netfilter/xt_sctp.h tables.h
e75a227c1ba6ddaceb63969eb4df27dbd98a3dfc	22-Feb-2008	Patrick McHardy <kaber@trash.net>	Remove compiler.h inclusions. inux/netfilter.h inux/netfilter_ipv4/ip_tables.h inux/netfilter_ipv6/ip6_tables.h
f2565b7a45c51d318706ffd0e372ba4e23cd2d32	29-Jan-2008	Patrick McHardy <kaber@trash.net>	Add netfilter.h inux/netfilter.h
9ee386a1b6d7704b259460152c959ab0e79e02aa	29-Jan-2008	Max Kellermann <max@duempel.org>	fix gcc warnings Max Kellermann <max@duempel.org> ibiptc/libip6tc.h ibiptc/libiptc.h
a5d099400fd6f9ad3880dda10f85d2aa36b5ec65	29-Jan-2008	Max Kellermann <max@duempel.org>	escape strings Max Kellermann <max@duempel.org> tables.h
ca1da708b6d41dbc5df99335b4370bd1592b4de3	29-Jan-2008	Jan Engelhardt <jengelh@medozas.de>	[IPTABLES]: libxt_owner: UID/GID range support UID/GID range support for libxt_owner Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> inux/netfilter/xt_owner.h
ff068719055ae2327d94c79048381c09d3b744c4	29-Jan-2008	Jan Engelhardt <jengelh@medozas.de>	libxt_CONNMARK revision 1 Add support for xt_CONNMARK target revision 1. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> inux/netfilter/xt_CONNMARK.h
aef4c1e7275633e4650d16440faaf4cb7163ac0e	20-Jan-2008	Sven Schnelle <svens@bitebene.org>	libxt_TCPOPTSTRIP Import libxt_TCPOPTSTRIP into iptables. Signed-off-by: Sven Schnelle <svens@bitebene.org> Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> inux/netfilter/xt_TCPOPTSTRIP.h
41daaa0cfbb1cb6b80a2ce2571f9f92f164f0228	20-Jan-2008	Jan Engelhardt <jengelh@medozas.de>	libxt_iprange r0 Move libipt_iprange to libxt_iprange. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> inux/netfilter/xt_iprange.h inux/netfilter_ipv4/ipt_iprange.h
d95d92f0a480008a89f4ffa69f0c67f55dbbe05f	20-Jan-2008	Jan Engelhardt <jengelh@medozas.de>	libxt_mark r1 Introduce libxt_mark match revision 1 support. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> inux/netfilter/xt_mark.h
bd9438420d92c41a5cf20a53b7a18d3ddea4216d	20-Jan-2008	Jan Engelhardt <jengelh@medozas.de>	rename overlapping function names Rename overlapping function names. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> ptables.h tables.h
08b1616e068166e016b3ee7110db10ae5d853422	20-Jan-2008	Jan Engelhardt <jengelh@medozas.de>	bunch o' renames Move a few functions from iptables.c/ip6tables.c to xtables.c so they are available for combined (both AF_INET and AF_INET6) libxt modules. Rename overlapping function names. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> ptables.h tables.h
a80b6046fa216c26dbc18d587f6255afa8444885	20-Jan-2008	Jan Engelhardt <jengelh@medozas.de>	libxt_conntrack r0 Move libipt_conntrack to libxt_conntrack. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> inux/netfilter/xt_conntrack.h inux/netfilter_ipv4/ipt_conntrack.h
a7b0707bd83bac30a92871872dab79ec8cebebbb	20-Jan-2008	Jan Engelhardt <jengelh@medozas.de>	libxt_connmark r1 Add support for xt_connmark match revision 1. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> inux/netfilter/xt_connmark.h
f4b737fb0c52a95a48f2e313ed4cff43db720ad6	20-Jan-2008	Jan Engelhardt <jengelh@medozas.de>	libxt_MARK r2 Add support for xt_MARK target revision 2. Also consolidate libip6t_MARK.man and libipt_MARK.man. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> inux/netfilter/xt_MARK.h
36f2eadca556da9bb4979b3f67f38020e80ef7d2	20-Jan-2008	Jan Engelhardt <jengelh@medozas.de>	libxt_TOS Move libipt_TOS revision 0 to libxt_TOS revision 0 and add support for xt_TOS target revision 1. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> inux/netfilter/xt_DSCP.h
0720c1226381f5c71748673c43c12499f1f254c7	20-Jan-2008	Jan Engelhardt <jengelh@medozas.de>	libxt_tos Move libipt_tos revision 0 to libxt_tos revision 0 and add support for xt_tos match revision 1. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> inux/netfilter/xt_dscp.h
5c5cd885daf43256f7bd24a3a698306764438145	20-Jan-2008	Jan Engelhardt <jengelh@medozas.de>	libxt_owner libxt_owner merges libipt_owner and libip6t_owner, and adds support for the xt_owner match revision 1. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> inux/netfilter/xt_owner.h
aafd269675fc45bac6340027c866ea6073643c3b	20-Jan-2008	Jan Engelhardt <jengelh@medozas.de>	common error messages Error messages vary wildly among modules, and there is a lot of reundance in it too. Introduce a helper function that does all of the parameter checking boilerplate and gives unique messages. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> tables.h
cd9e7aa106e80c44bd526af74b616701b0772d05	20-Jan-2008	Jan Engelhardt <jengelh@medozas.de>	Introduce strtonum(), which works like string_to_number(), but passes back the 'end' pointer. It is useful where you want to do boundary checking yet work with strings that are not entirely slurped by strtoul(), e.g.: s = "1/2"; /* one half / if (!strtonum(s, &end, &value, 0, 5)) error("Zero-length string, or value out of bounds"); if (end != '/') error("Malformed string"); info->param1 = value; if (!strtonum(end + 1, &end, &value, 2, 4)) error(".."); if (*end != '\0') error("Malformed string"); info->param2 = value; Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> tables.h
f82070f9871d281c2802c1624dcf222886b5fb50	20-Jan-2008	Jan Engelhardt <jengelh@medozas.de>	Converts the iptables build infrastructure to autotools. - Can build both static and dynamic at the same time - iptables-static will be a multi-binary, semi-static (link against libc but w/o dynamic plugins) - Always build IPv6 modules - consider INSTALL Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> tables.h
6afc5b720ed78173e4e21b759df16577fbce13d6	15-Jan-2008	Patrick McHardy <kaber@trash.net>	Add rateest match extension Signed-off-by: Patrick McHardy <kaber@trash.net> inux/netfilter/xt_rateest.h
2528258ddf066a5147394dc65cae3bde8e80e3c0	15-Jan-2008	Patrick McHardy <kaber@trash.net>	Add RATEEST target extension Signed-off-by: Patrick McHardy <kaber@trash.net> inux/netfilter/xt_RATEEST.h
5e9eaed23d0cf1cfdd49c88e68beb43e611f0191	17-Dec-2007	Jan Engelhardt <jengelh@medozas.de>	use <linux/types.h> Remove our own definitions of the Linux types and use <linux/types.h> instead. libiptc needs it too, or otherwise will choke on union nf_inet_addr. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> ibiptc/libip6tc.h ibiptc/libiptc.h tables.h
2cfa903a2882a5d7819c697870af9ae3ab106386	25-Nov-2007	Jesper Brouer <jdb@comx.dk>	Fix make/compile error for iptables-1.4.0rc1 Fixing a make/compile issue with iptables, release candidate 1.4.0rc1, which has existed since SVN changeset 6920. This patch adds ip_tables.h and ip6_tables.h, and updates x_tables.h, taken from Linus'es git tree. Changeset 6920 added the include file x_tables.h from kernel source, but didn't add ip_tables.h and ip6_tables.h. At some point (Tue Nov 14 19:48:48 2006, by Yasuyuki Kozakai) these kernel headers where changed, which actually removes certain depencencies from ip_tables.h and ip6_tables.h to x_tables.h. If compiling will fail, with old kernel headers (ip_tables.h and ip6_tables.h) available in systems include path, because they depend on certaine defines in x_tables.h with is missing in the version in SVN. Jesper Brouer <jdb@comx.dk> inux/netfilter/x_tables.h inux/netfilter_ipv4/ip_tables.h inux/netfilter_ipv6/ip6_tables.h
ad326ef9f734ac30548de292c59fc0e2fd81ac2a	23-Sep-2007	Jan Engelhardt <jengelh@medozas.de>	Add the libxt_time iptables match This is libipt_time from POM-ng enhanced by the following: * day-of-month support (for example "match on the 15th of each month") * inversion support for --weekdays and --monthdays * match against UTC or local timezone * a manpage Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> inux/netfilter/xt_time.h
9640e529bd08c4c0458246fae0fd6b473c94ab46	10-Sep-2007	Jan Engelhardt <jengelh@medozas.de>	Adds u32 to iptables. Signed-off-by: Jan Engelhardt <jengelh@gmx.de> inux/netfilter/xt_u32.h
0b63936140032deac44072951451bdf47b54296a	08-Sep-2007	Patrick McHardy <kaber@trash.net>	Fix more sparse warnings: non-C99 array declaration, incorrect function prototypes tables.h
c329d6a7085e3123f3d5ca98a8e0ab37edca2dcc	05-Sep-2007	Patrick McHardy <kaber@trash.net>	Fix aligned_u64 type on 64 bit: its an unsigned long, not an unsigned long long. Fixes compiler warning in quota match. tables.h
31317ed1f9103434adda716abbe65e9fc7bdd418	05-Sep-2007	Patrick McHardy <kaber@trash.net>	Build IPv6 hbh/dst matches unconditionally inux/netfilter_ipv6/ip6t_opts.h
248a109b3bf6c9a0b3724f3123ad64a624d30631	05-Sep-2007	Patrick McHardy <kaber@trash.net>	Build IPv6 rt match unconditionally inux/netfilter_ipv6/ip6t_rt.h
1d1ad90494bf909871c233e76036b18841949c9e	05-Sep-2007	Patrick McHardy <kaber@trash.net>	Build ipv6header match unconditionally inux/netfilter_ipv6/ip6t_ipv6header.h
389f785b060c181ce77d44840274b5c68e39b23f	05-Sep-2007	Patrick McHardy <kaber@trash.net>	Build IPv6 mh match unconditionally inux/netfilter_ipv6/ip6t_mh.h
eda0390fe200f2d9f37d2a19b50e7ca531367ada	05-Sep-2007	Patrick McHardy <kaber@trash.net>	Resync header files and build IPv6 frag match unconditionally inux/netfilter_ipv6/ip6t_frag.h
7a87b74d4d41a356df3a81d0e8415c4f7a76097b	05-Sep-2007	Patrick McHardy <kaber@trash.net>	Resync header file and build IPv6 ah match unconditionally inux/netfilter_ipv6/ip6t_ah.h
9fc3b5e9aaecaa4f3ebaf4bb55ddde2620e7f13e	05-Sep-2007	Patrick McHardy <kaber@trash.net>	Resync header file and build CLUSTERIP target unconditionally inux/netfilter_ipv4/ipt_CLUSTERIP.h
3df9b22a5b0fde0e0a00259078f419a4ad3a92cd	05-Sep-2007	Patrick McHardy <kaber@trash.net>	Build recent match unconditionally inux/netfilter_ipv4/ipt_recent.h
9e9022562d76644a2c9d1024b597729af68c81e5	05-Sep-2007	Patrick McHardy <kaber@trash.net>	Build dccp match unconditionally inux/netfilter/xt_dccp.h
b8a0a100a68098c0329735b5724d9c0b425e72eb	05-Sep-2007	Patrick McHardy <kaber@trash.net>	Build string match unconditionally inux/netfilter/xt_string.h
800b7e54e81f86d290a66330cecb1fe5a3a9a31a	05-Sep-2007	Patrick McHardy <kaber@trash.net>	Build statistic match unconditionally inux/netfilter/xt_statistic.h
cddfd941e7a24dbc01a7dc79e4ce51f60f7128fc	05-Sep-2007	Patrick McHardy <kaber@trash.net>	Build quota match unconditionally inux/netfilter/xt_quota.h
002d129b694633d47c76913b360329baa0d8e923	05-Sep-2007	Patrick McHardy <kaber@trash.net>	Build NFLOG target unconditionally inux/netfilter/xt_NFLOG.h
ea146a982e26c42f9954f140276f8deeb2edbe98	02-Sep-2007	Peter Riley <Peter.Riley@hotpop.com>	Remove last vestiges of NFC (Peter Riley <Peter.Riley@hotpop.com>) tables.h
001ebc22cdea0732f327142b10ff30309b36bbf8	23-Aug-2007	Patrick McHardy <kaber@trash.net>	Resync ip6t_REJECT.h with kernel - seems the entire time we had an imcompatible header :( Noticed by Peter Riley <Peter.Riley@hotpop.com> inux/netfilter_ipv6/ip6t_REJECT.h
f8137b1b4cc18d4ff528ac40b83345260bb644ae	04-Aug-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Add IPv6 support to helper match inux/netfilter/xt_helper.h inux/netfilter_ipv4/ipt_helper.h
6aac50010e50aa42b42089110c8cf4d80b224f14	04-Aug-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Add IPv6 support to connbytes match inux/netfilter/xt_connbytes.h
a7bf6d0decd93ade089a98a8de76a529cd96427e	04-Aug-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Add IPv6 support to DSCP target inux/netfilter/xt_DSCP.h inux/netfilter_ipv4/ipt_DSCP.h
e4cc20b2367362c2f9c84c0daaccd985e3236118	04-Aug-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Add IPv6 support to CLASSIFY target inux/netfilter/xt_CLASSIFY.h inux/netfilter_ipv4/ipt_CLASSIFY.h
1ff0b8d6a6669e6bbbacbfd719bd7e016a4c0406	04-Aug-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Unifies libip[6]t_state into libxt_state inux/netfilter/xt_state.h
c57c155312a544482a6b8a3c0f7224b00cfaae20	04-Aug-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Unifies libip[6]t_connmark into libxt_connmark inux/netfilter/xt_connmark.h inux/netfilter_ipv4/ipt_connmark.h
d62a9db1295608ef98394b830703389973346716	04-Aug-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Unifies libip[6]t_hashlimit into libxt_hashlimit inux/netfilter/xt_hashlimit.h inux/netfilter_ipv4/ipt_hashlimit.h
6e22228b00cc485282db16b9637315a60b6dbd10	04-Aug-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Unifies libip[6]t_MARK into libxt_MARK inux/netfilter/xt_MARK.h inux/netfilter_ipv4/ipt_MARK.h inux/netfilter_ipv6/ip6t_MARK.h
5679958c748087a3e21fbfa26d2ea08a6572ee4f	04-Aug-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Unifies libip[6]t_CONNSECMARK into libxt_CONNSECMARK inux/netfilter/xt_CONNSECMARK.h
f36f4a8844132cbaacf3bbd5ec0254c17fcc97ae	04-Aug-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Add IPv6 support to CONNMARK match inux/netfilter/xt_CONNMARK.h inux/netfilter_ipv4/ipt_CONNMARK.h
d884051d7dfa51ebe1a37e343af516b1bba6943d	01-Aug-2007	Jan Engelhardt <jengelh@medozas.de>	Make @msg argument a const char *, just like printf(). Signed-off-by: Jan Engelhardt <jengelh@gmx.de> tables.h
3365332f89bd0fa65cea60a38e46a20346ba9964	30-Jul-2007	Jan Engelhardt <jengelh@medozas.de>	Make xtables_target->extra_opts const (xtables_match->extra_opts already is) Signed-off-by: Jan Engelhardt <jengelh@gmx.de> tables.h
a2e89ccf65e8c881e77674cd2b15b9704b0c6822	24-Jul-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Unifies libip[6]t_NFQUEUE.c into libxt_NFQUEUE.c inux/netfilter/xt_NFQUEUE.h inux/netfilter_ipv4/ipt_NFQUEUE.h
45e4c6946426785d30733701d1ee8112e58538a4	24-Jul-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Unifies libip[6]t_TCPMSS.c into libxt_TCPMSS.c inux/netfilter/xt_TCPMSS.h inux/netfilter_ipv4/ipt_TCPMSS.h
9ea637d5a7ebfb04e97db4cb114117474bbda9cf	24-Jul-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Add IPv6 support to comment match inux/netfilter/xt_comment.h inux/netfilter_ipv4/ipt_comment.h
18e060822be3ad17368dbe3d7289dd21efd341a5	24-Jul-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Add IPv6 support to dscp match. inux/netfilter/xt_dscp.h inux/netfilter_ipv4/ipt_dscp.h
0a04e8d695549788213f842cc99c724a564a88df	24-Jul-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Unifies libip[6]t_esp.c into libxt_esp.c inux/netfilter/xt_esp.h inux/netfilter_ipv4/ipt_esp.h inux/netfilter_ipv6/ip6t_esp.h
36087d952be182a6163fc508c2168b9c3b9209c2	24-Jul-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Unifies libip[6]t_length.c into libxt_length.c inux/netfilter/xt_length.h inux/netfilter_ipv4/ipt_length.h inux/netfilter_ipv6/ip6t_length.h
4489c0d66d9a0e6033c9472fd54df155788010b7	24-Jul-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Unifies libip[6]t_limit.c into libxt_limit.c. inux/netfilter/xt_limit.h inux/netfilter_ipv4/ipt_limit.h inux/netfilter_ipv6/ip6t_limit.h
ba2d891523121b651be54a4ce915bcee33d2ed38	24-Jul-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Unifies libip[6]t_mac.c into libxt_mac.c inux/netfilter/xt_mac.h
fec77fed67feb55aba4c33ae2367178c57ce83de	24-Jul-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Unifies libip[6]t_physdev.c into libxt_physdev.c inux/netfilter/xt_physdev.h inux/netfilter_ipv4/ipt_physdev.h inux/netfilter_ipv6/ip6t_physdev.h
5fd6ec87600ac3bd96c2500f6f4a1a9010d8d31e	24-Jul-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Add IPv6 support to pkttype match inux/netfilter/xt_pkttype.h inux/netfilter_ipv4/ipt_pkttype.h
19f29509c8a97219c578aeaf8be15cf005d46eb3	24-Jul-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Unifies libip[6]t_sctp.c into libxt_sctp.c inux/netfilter/xt_sctp.h inux/netfilter_ipv4/ipt_sctp.h
7999bd3ad9815f49c31d4ef9798adbbd87ba0094	24-Jul-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Add IPv6 support to tcpmss match inux/netfilter/xt_tcpmss.h inux/netfilter_ipv4/ipt_tcpmss.h
17908e4bd0bc8ddb7a85bda316864ad8e1e56a29	24-Jul-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Unifies libip[6]t_udp.c into libxt_udp.c inux/netfilter/xt_tcpudp.h
de9d244eef00ad3633e8a1d303713390ab2e243c	24-Jul-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Unifies libip[6]_mark.c into libxt_mark.c inux/netfilter_ipv6/ip6t_mark.h
0af771d5c84ea9143cf947fb944a0e18189f0e63	24-Jul-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Use unified API in libipt_mark.c inux/netfilter/xt_mark.h inux/netfilter_ipv4/ipt_mark.h
df2cf4fddfb6bddb9c6809c4aaab8de58dd2393d	24-Jul-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Unifies libip[6]t_multiport.c into libipxt_multiport.c inux/netfilter_ipv4/ipt_multiport.h inux/netfilter_ipv6/ip6t_multiport.h
eb6e65e1ccfb52457d461b72cf5abe4e9f7187c6	24-Jul-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Use unified API in multiport match inux/netfilter/xt_multiport.h
a3732db1280f790b8e26b41bdcbe8b5f92b7f51b	24-Jul-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Moves all declarations in iptables_common.h to xtables.h. p6tables.h ptables.h ptables_common.h tables.h
5cd1ff53a500256997519ec1d871750773c44803	24-Jul-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Moves IPPROTO_* and IP[6]T_LIB_DIR definitions to xtables.h p6tables.h ptables.h tables.h
04f8c54dc52e19096d31d94593bd1040716afe4d	24-Jul-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Moves some duplicated functions in ip[6]tables.c to xtables.c string_to_number_ll, string_to_number_l, string_to_number, service_to_port, parse_port, parse_interface, are moved. p6tables.h ptables.h ptables_common.h tables.h
0d502bcdbc97ed359e84f6a21dfa0049b3b60a6c	24-Jul-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Introduces xtables match/target registration - moves lib_dir to xtables.c - introduces struct pfinfo which has protocol family dependent infomations. - unifies load_ip[6]tables_ko() and moves them as load_xtables_ko() - introduces xt_{match,match_rule,target,tryload} and replaces ip[6]t_* with them - unifies following functions and move them to xtables.c - find_{match,find_target} - compatible_revision, compatible_{match,target}_revision - introduces xtables_register_{match,target} and make register_{match,target}[6] call them. xtables_register_* register ONLY matches/targets matched protocol family Some concepts: - source compatibility for libip[6]t_xxx.c with warning on compilation not binary compatibility. - binary compatibility between 2.4/2.6 kernel and iptables/ip6tables, of cause. - xtables is enough to support only one address family at runtime. Then xtables keeps infomations of only the focused address famiy in struct afinfo. p6tables.h ptables.h ptables_common.h ibiptc/libxtc.h inux/netfilter/x_tables.h tables.h
0b82e8e81e887843011c8771f70d2302901f7e5e	24-Jul-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Moves ip[6]tables_insmod() to xtables.c as xtables_insmod() p6tables.h ptables_common.h tables.h
3dfa4488b032fc32aaf2470f48ac1fc3a534794f	24-Jul-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Moves common fw_malloc() and fw_calloc() to xtables.c tables.h
5208806f2708f761e97e62550561e3164b541770	24-Jul-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Adds xtables.[ch] and change Makefile to compile it tables.h
21df4af43dcc9f635baa2aff3ace53768d9704bc	09-Jul-2007	Jan Engelhardt <jengelh@medozas.de>	PATCH: Add connlimit to iptables. Signed-off-by: Jan Engelhardt <jengelh@gmx.de> inux/netfilter/xt_connlimit.h
7d5cc229064b0e718046b9ecaebad3426dfff15f	30-Jun-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Removes KERNEL_64_USERSPACE_32 The recent kernel has compat layer for iptables. It doesn't have compat layer for libipq and ip6tables, but ip6tables with KERNEL_64_USERSPACE_32 is still broken. We should fix kernel instead of fixing them if and when we want use their 32bit binary with 64bit kernel. ibipq/ip_queue_64.h ibipq/libipq.h inux/netfilter_ipv4/ipt_CLUSTERIP.h inux/netfilter_ipv4/ipt_SAME.h
fde395370ead306b770a3d4685e4bc1d6972266d	28-Jun-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Removes some KERNEL_64_USERSPACE_32 because linux 2.6 has compat layer inux/netfilter_ipv4/ipt_CONNMARK.h inux/netfilter_ipv4/ipt_MARK.h inux/netfilter_ipv4/ipt_ULOG.h inux/netfilter_ipv4/ipt_connmark.h inux/netfilter_ipv4/ipt_conntrack.h inux/netfilter_ipv4/ipt_limit.h inux/netfilter_ipv4/ipt_mark.h inux/netfilter_ipv6/ip6t_MARK.h inux/netfilter_ipv6/ip6t_limit.h inux/netfilter_ipv6/ip6t_mark.h
40d54756cd8a2705e22b36f7aef03bb2c472a10b	18-Apr-2007	Patrick McHardy <kaber@trash.net>	Use nf_conntrack headers instead of ip_conntrack ones and add sanitized versions. inux/netfilter/nf_conntrack_common.h inux/netfilter/nf_conntrack_tuple.h inux/netfilter/nf_conntrack_tuple_common.h inux/netfilter/nf_nat.h inux/netfilter_ipv4/ipt_conntrack.h
29647c878ec485779b88a0c42f096ce028cabf15	20-Mar-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Fixes typos in the argument of ip[6]tables_insmod: quit -> quiet p6tables.h ptables_common.h
0e9480b864a16400fc3572719b05f01f300026ab	13-Mar-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Supress error message from modprobe on checking revision. p6tables.h ptables_common.h
e4076172c33810472d9d658554588b6e379a4fbe	16-Jan-2007	Arnaud Ebalard <arno@natisbad.org>	Add ip6tables TCPMSS extension (Arnaud Ebalard <arno@natisbad.org>) Kernel part will go in 2.6.21. inux/netfilter_ipv6/ip6t_TCPMSS.h
9561606bd938ed4b2614716a08a2856d4ef5e995	11-Jan-2007	Patrick McHardy <kaber@trash.net>	Add UDPLITE multiport support p6tables.h ptables.h
267a57007e69d8f316dea80f79ce2560459e0c30	29-Nov-2006	Pablo Neira Ayuso <pablo@netfilter.org>	Fix /etc/network usage (Pablo Neira) http://bugs.debian.org/398082 iptables 1.3.5 and 1.3.6 appear to read /etc/networks, but the information is lost somewhere with 1.3.6. # cat /etc/networks foonet 10.0.0.0 # strace -s 255 -o /tmp/foo iptables -v -A INPUT -s foonet/8 -j ACCEPT #1.3.5 [1] ACCEPT all opt -- in * out * 10.0.0.0/8 -> 0.0.0.0/0 # strace -s 255 -o /tmp/bar iptables -v -A INPUT -s foonet/8 -j ACCEPT #1.3.6 [2] iptables v1.3.6: host/network `foonet.0.0.0' not found Try `iptables -h' or 'iptables --help' for more information. 1. http://people.debian.org/~ljlane/stuff/strace-iptables-1.3.5.txt 2. http://people.debian.org/~ljlane/stuff/strace-iptables-1.3.6.txt ptables.h
740d72705d49373c4ee05b77b34aeb385854389e	13-Nov-2006	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	load ip_[6]tables.ko just before checking revision support in kernel. p6tables.h ptables_common.h
4ebfad0cf7ff3e414a20c82513579789e8283c9f	13-Nov-2006	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	changes IP6T_SO_GET_REVISION_{MATCH,TARGET} to 68,69 66 and 67 is conflicted with IPv6 Advanced API in kernel <= 2.6.18. p6tables.h
0665217784822434b1732cdc773d5daa12836438	20-Oct-2006	Rémi Denis-Courmont <rdenis@simphalempin.com>	- Add revision support to ip6tables. - Add support port range match to libip6t_multiport (R?mi Denis-Courmont <rdenis@simphalempin.com>) p6tables.h inux/netfilter_ipv6/ip6t_multiport.h
b34bef5f9ff4ee20cd46df1e26f6d6efe0bb5380	09-Oct-2006	Patrick McHardy <kaber@trash.net>	Add endian annotation types to fix compilation for kernels > 2.6.18 ptables_common.h
c1eae41e1957db56aaf7afcafa2f097042fa4217	25-Jul-2006	Patrick McHardyJesper Brouer <kaber@trash.nethawk@diku.dk>	Revert "proto_to_name duplication" patch, as noticed by Yasuyuki it can cause invalid arguments to get accepted. ptables.h
a6c1d926f6c3c00e0c1875d80b9579c95bde2cfa	22-Jul-2006	Phil Oester <kernel@linuxace.com>	proto_to_name duplication (Phil Oester <kernel@linuxace.com>) Update multiport match to use the iptables version of proto_to_name instead of reinventing the wheel. ptables.h
dbac8ad71c3c418fd8a62c08211885a38177b725	20-Jul-2006	Phil Oester <kernel@linuxace.com>	reduce parse__port duplication (Phil Oester <kernel@linuxace.com>) The below patch (dependent upon my 'reduce service_to_port duplication' patch) centralizes the parse__port functions into parse_port. p6tables.h ptables.h
58179b1d0d1722ea16028aa2ea9d74afc86dd5dc	20-Jul-2006	Phil Oester <kernel@linuxace.com>	reduce service_to_port duplication (Phil Oester <kernel@linuxace.com>) The service_to_port function is used in a number of places, and could benefit from some centralization instead of being duplicated everywhere. p6tables.h ptables.h
7f5be628f66ec7b8b22e87ace39ee61213c6313b	20-Jul-2006	Phil Oester <kernel@linuxace.com>	Use gcc to build shared objects (Phil Oester <kernel@linuxace.com>) As suggested by Dmitry Levin and included in Fedora Core releases, use gcc instead of ld to link shared objects. Fedora rpm notes refer to this fixing a plugin problem, but does not offer specifics. But in any event, 'gcc -dumpspecs' does show gcc will pass a number of parameters which in theory it thinks are better. Compile tested both with and without NO_SHARED_LIBS. Closes bug #454. ptables_common.h
056564f6af72376dba0fb616749349fc40bd1d61	19-Jun-2006	Jesper Dangaard Brouer <hawk@comx.dk>	Add new exit value to indicate concurrency issues (Jesper Dangaard Brouer <hawk@comx.dk>) ptables_common.h
2452bafd9810e8560717f10af8e26f8a3ac4f4cf	28-Apr-2006	Patrick McHardy <kaber@trash.net>	Add DCCP/SCTP support to multiport. Patch for kernel will go in 2.6.18. p6tables.h ptables.h
a258ad7002ae4b4f366800f512db938fb78d0661	03-Mar-2006	Joszef Kadlecsik <kadlec@blackhole.kfki.hu>	Multiple matches of the same type can be specified on the commandline. If two or more matches of the same type are detected then the options are assumed to be grouped in order to tell which option belongs to which match: ... -m foo ... <options0> ... -m foo ... <options1> ... Otherwise the commandline parsing is unmodified. p6tables.h ptables.h
d3476b294f6a0570b0ec3322f580d6446c6f20fe	01-Feb-2006	Harald Welte <laforge@gnumonks.org>	make policy match compile independant of kernel headers inux/netfilter_ipv4/ipt_policy.h
11e4718d30d4f25b1cfb4655df3b773608ee5405	01-Feb-2006	Harald Welte <laforge@gnumonks.org>	fix ipt_conntrack compilation against very early (2.4.0) kernel releases inux/netfilter_ipv4/ipt_conntrack.h
38315b13504714f48e90363b62de2def0b05e9b8	01-Feb-2006	Harald Welte <laforge@gnumonks.org>	remove other bits of old ip pool code, people should use ipset (ipset.netfilter.org) these days ibippool/ip_pool_support.h
02e88f2ae4eac6088e3f802909b77ec4b8317acd	31-Jan-2006	Patrick McHardy <kaber@trash.net>	Prepare policy match for x_tables unification by making sure both ipt_policy and ip6t_policy use the same data structure. inux/netfilter_ipv4/ipt_policy.h inux/netfilter_ipv6/ip6t_policy.h
f5b86e698be2f1f96c974a4af176269f5c677596	22-Dec-2005	Jones Desougi <jones@ingate.com>	Fix probing for supported revisions (Jones Desougi <jones@ingate.com>) Bugzilla #413 p6tables.h ptables.h
8cf65913bb6353bf0e92eab0669d1c4c53b43623	19-Sep-2005	Phil Oester <kernel@linuxace.com>	Kernels higher than 2.6.10 don't support multiple --to arguments in DNAT and SNAT targets. At present, the error is somewhat vague: # iptables -t nat -A foo -j SNAT --to 1.2.3.4 --to 2.3.4.5 iptables: Invalid argument But if we want current iptables to work with kernels <= 2.6.10, we cannot simply disallow this in all cases. So the below patch adds kernel version checking to iptables, and utilizes it in [DS]NAT. Now, users will see a more informative error: # iptables -t nat -A foo -j SNAT --to 1.2.3.4 --to 2.3.4.5 iptables v1.3.3: Multiple --to-source not supported This generic infrastructure (shamelessly lifted from procps btw) may come in handy in the future for other changes. This fixes bugzilla #367. (Phil Oester) ptables.h
3ef4c8fc6d08e2b8c03dc742182184a5e4a9b5e7	11-Sep-2005	Martin Josefsson <gandalf@wlug.westbo.se>	Add the aligned_u64 typedef, it's defined in linux/types.h in the kernel. We can't include that header since it conflicts with sys/types.h ptables_common.h
daa1ef354deee764484c1494073b075859701971	19-Jul-2005	Harald Welte <laforge@gnumonks.org>	add NFQUEUE support for ipv4 and ipv6 inux/netfilter_ipv4/ipt_NFQUEUE.h
893b688a2a73363c8cebe4bac0c1368178fce2fd	10-Jul-2005	Harald Welte <laforge@gnumonks.org>	fix various missing header file / #define issues on old kernels. I've now tested compilation with kernels starting 2.4.17 inux/netfilter_ipv4/ipt_conntrack.h inux/netfilter_ipv6/ip6t_LOG.h
63d68bf3a1e86e2c96e520f71c34519112c66453	10-Jul-2005	Harald Welte <laforge@gnumonks.org>	we need to have this header file included, since old kernels don't define IP6T_LOG_UID. inux/netfilter_ipv6/ip6t_LOG.h
9867e814492275cabfbccd6b30375b0e23eb10cb	22-Jun-2005	Yasuyuki KOZAKAI <yasuyuki.kozakai@toshiba.co.jp>	reduce code replication of parse_interface() (Yasuyuki Kozakai) p6tables.h ptables.h
6b5effcaf26b9eaf8e6f63d9ad3570a045fb4f0c	15-Apr-2005	Harald WeltePablo Neira <laforge@gnumonks.orgpablo@eurodev.net>	omeone forgot to update ipt_conntrack.h header in user space. So, update it to use ip_conntrack_old_tuple. (Pablo Neira) inux/netfilter_ipv4/ipt_conntrack.h
800938fcabe76265d273fa0552dcf674d33973aa	07-Mar-2005	Pablo Neira <pablo@eurodev.net>	This fixes rule deletion in CLUSTERIP in iptables (Pablo Neira) inux/netfilter_ipv4/ipt_CLUSTERIP.h
02964b869a8616b41e4c2dc899ff23921aaaa4b0	12-Feb-2005	Martin Josefsson <gandalf@wlug.westbo.se>	Fix CONNMARK/connmark issues with 64bit kernel and 32bit userspace. Also fixes a typo in CONNMARK, --mask set the mark, not the mask. Initial patch by: Pablo Neira <pablo@eurodev.net> Signed-off-by: Martin Josefsson <gandalf@wlug.westbo.se> inux/netfilter_ipv4/ipt_CONNMARK.h inux/netfilter_ipv4/ipt_connmark.h
b2eedcdf84c037e346bdd4e804decf95de66cbf7	02-Feb-2005	Phil Oester <kernel@linuxace.com>	Add support for inversion to multiport revision 1. Signed-off-by: Phil Oester <kernel@linuxace.com> inux/netfilter_ipv4/ipt_multiport.h
5df9547e093c4fef0bb926adb268dbd020e543a6	03-Jan-2005	Pablo Neira <pablo@eurodev.net>	Pablo Neira: Multiport revision 1 userspace support. inux/netfilter_ipv4/ipt_multiport.h
3aef54dce4f9bbe0b466478fd33a1d3131efbbb8	03-Jan-2005	Rusty Russell <rusty@rustcorp.com.au>	Extension revision number support (if kernel supports the getsockopts). Enhance MARK match with second revision. Committed in anticipation of the kernel patch being applied. ptables.h inux/netfilter_ipv4/ipt_MARK.h
357d59dcfcbd125e2aa8c07b30cea9635efec2a7	27-Dec-2004	Martin Josefsson <gandalf@wlug.westbo.se>	Fix setting lib_dir in ip*tables-{save,restore} p6tables.h ptables.h ptables_common.h
789c7df4e5463165cbe721cdc328d0dd18e7b1ad	20-Oct-2004	Harald Welte <laforge@gnumonks.org>	move ipt_hashlimit to it's correct location pt_hashlimit.h inux/netfilter_ipv4/ipt_hashlimit.h
a5374b239be6d8afdcd7fdd54b9483ffa1d5444d	20-Oct-2004	Harald Welte <laforge@gnumonks.org>	add hashlimit kernel header file pt_hashlimit.h
514b1b488eaf07d66e209681f4f34246d7db2f60	20-Sep-2004	Brad Fisher <brad@info-link.net>	Add comment match extension (Brad Fisher) inux/netfilter_ipv4/ipt_comment.h
13218fbdc92e704953d01333ea10bd623821b71e	13-Sep-2004	Bart De Schuymer <bdschuym@pandora.be>	port physdev to ip6tables (Bart De Schuymer) inux/netfilter_ipv6/ip6t_physdev.h
af371871085ab3f07b9b0b5edff193af35ed5a4e	28-Jun-2004	Patrick McHardy <kaber@trash.net>	Add ipt_addrtype.h inux/netfilter_ipv4/ipt_addrtype.h
2057750071822d72200fe06f759009c216229542	21-Jun-2004	Harald Welte <laforge@gnumonks.org>	add missing include inux/netfilter_ipv4/ipt_dstlimit.h
c5617bf84475028dd1663cde076b93f355ce42a7	26-May-2004	Martin Josefsson <gandalf@wlug.westbo.se>	With a 64bit kernel only the high 32bits of nfmark was used regardless of 32/64bit userspace. This makes it quite hard to interoperate with 'tc'. Sync ipv6 versions with ipv4 versions. Tested on x86 and sparc64 with both 32bit and 64bit userspace. inux/netfilter_ipv4/ipt_MARK.h inux/netfilter_ipv4/ipt_mark.h inux/netfilter_ipv6/ip6t_MARK.h inux/netfilter_ipv6/ip6t_mark.h
1eb0081027ee567e822b24377ea614e66c408ff2	26-May-2004	Martin Josefsson <gandalf@wlug.westbo.se>	Fix 64bit kernel / 32bit userspace issue. Sync header with kernel. inux/netfilter_ipv4/ipt_SAME.h inux/netfilter_ipv4/ipt_ULOG.h
b105bc9f4bf61ffa835950c3d4e4b6162e1e16f8	26-May-2004	Martin Josefsson <gandalf@wlug.westbo.se>	Add versions of string_to_number() for use in 32bit userspace with 64bit kernel. ptables_common.h
1da399c30a2c42490f1c6cb84857e31522546c9d	26-May-2004	Martin Josefsson <gandalf@wlug.westbo.se>	Fix 64bit kernel / 32bit userspace issue. inux/netfilter_ipv4/ipt_conntrack.h inux/netfilter_ipv4/ipt_limit.h inux/netfilter_ipv6/ip6t_limit.h
db0422f80d353e7040f18344ca3e74bb0ba10e31	04-Mar-2004	Harald Welte <laforge@gnumonks.org>	add definition for IPPROTO_SCTP for systems with old header files ptables.h
54924023ee598e626423ef9c222eff0e8d28dfac	02-Mar-2004	Kiran Kumar <immidi_kiran@yahoo.com>	update for matching chunk flags (Kiran Kumar) inux/netfilter_ipv4/ipt_sctp.h
129152307ba7b09c9ad667eee2c4e0d23f7c500b	21-Feb-2004	Harald Welte <laforge@gnumonks.org>	add userspace part of SCTP match inux/netfilter_ipv4/ipt_sctp.h
320443dbef678a357f7c10406e8c297d6ab3ddd9	03-Feb-2004	Henrik Nordstrom <hno@marasystems.com>	latest version of CONNMARK updates (Henrik Nordstrom) inux/netfilter_ipv4/ipt_CONNMARK.h inux/netfilter_ipv4/ipt_connmark.h
69ac0e086c7b90e82cec369570ca363201023bde	02-Feb-2004	Martin Josefsson <gandalf@wlug.westbo.se>	Bloody copy-n-edit. Make sure to use matches in the order they are given... p6tables.h
78cafdaf474a333fa39efab4aa4c9aed88ab9518	02-Feb-2004	Martin Josefsson <gandalf@wlug.westbo.se>	Make sure to use matches in the order they are given when calling do_command() multiple times. ptables.h
42cbf9855f3185dfab4d74c9b2b7dc2f78974bd4	02-Nov-2003	Harald Welte <laforge@gnumonks.org>	update ipt_physdev.h (test8 change, make parisc work, alignment issues) inux/netfilter_ipv4/ipt_physdev.h
fef3b8ec4b10c79c75a6893c3179f13a3645aa7d	13-Sep-2003	Harald Welte <laforge@gnumonks.org>	CLASSIFY is now built unconditionally, thus we need the kernel header inux/netfilter_ipv4/ipt_CLASSIFY.h
b0dbafaa0c9b01346d49f97acdccfb1c94def080	07-Sep-2003	Ryan Veety <ryan@ryanspc.com>	fix ipq_id_t on 'real' kernel+userspace 64bit archs (Ryan Veety) ibipq/libipq.h
105650a15e20255c5d037f32b8ef4a2431c59855	24-Aug-2003	Harald Welte <laforge@gnumonks.org>	add include files for soon-to-be-submitted patches (and build them unconditionally by putting thme in the extensions/Makefile) inux/netfilter_ipv4/ipt_CONNMARK.h inux/netfilter_ipv4/ipt_connmark.h inux/netfilter_ipv4/ipt_iprange.h inux/netfilter_ipv4/ipt_realm.h
8371e15a49d422755fbd185ab8415b9b12ec9d9a	05-May-2003	Martin Josefsson <gandalf@wlug.westbo.se>	Fix the previous fix No more segfaults or compilewarnings. ibiptc/libip6tc.h
8f578a09b56f010d5bcd30086a8f7c8132b35d92	03-May-2003	Harald Welte <laforge@gnumonks.org>	add (untested) sctp userspace support for even more untested kernel part (in pom soon) inux/netfilter_ipv4/ipt_sctp.h
841e4aed2349046eb2c0b1375139c06569a93bd0	02-May-2003	Martin Josefsson <gandalf@wlug.westbo.se>	fix memory leak(s) in libiptc. Reverts the previous (wrong) patch. (Martin Josefsson) ibiptc/libiptc.h
59cbe17cee0499c8f25a8d9f29513f4c85e9b03c	30-Apr-2003	Harald Welte <laforge@gnumonks.org>	rename iplimit to connlimit inux/netfilter_ipv4/ipt_connlimit.h
30596a5e7ae8c518a8a0bbf3aa891728e9f9ec1b	27-Apr-2003	Bart De Schuymer <bdschuym@pandora.be>	ipt_physdev update (--physdev-is-{in,out,bridged}) by Bart de Schuymer inux/netfilter_ipv4/ipt_physdev.h
a8658ca43fba82f7761f774f4daeb29b3e335053	05-Mar-2003	Harald Welte <laforge@gnumonks.org>	port 'line number on error in iptables-restore' from ipv4 p6tables.h
63e9063a660809385fd17edb94da044c7c884e02	03-Mar-2003	Illes Marci <marci@balabit.hu>	make iptables-restore print the line number in case of an error (Illes Marci <marci@balabit.hu>) ptables.h
1254871c88483cc1a0adc448a83cab6a9d4510a1	11-Feb-2003	Bart De Schuymer <bdschuym@pandora.be>	add libipt_physdev.c (Bart de Schumyer) inux/netfilter_ipv4/ipt_physdev.h
2aa84a489a9294730cf856f48bcf4802c04187ae	12-Jan-2003	Harald Welte <laforge@gnumonks.org>	add support for rpc match inux/netfilter_ipv4/ipt_rpc.h
60358d73482620aeafc34f38df36e462875fd244	08-Jan-2003	Maciej Soltysiak <solt@dns.toxicfilms.tv>	apply ipv6 hoplimit (hl match, HL target) patch (Maciej Soltysiak <solt@dns.toxicfilms.tv>) inux/netfilter_ipv6/ip6t_HL.h inux/netfilter_ipv6/ip6t_hl.h
f4e6683c5a4c80e494a2167d1a64d1b9c63587aa	09-Aug-2002	Harald Welte <laforge@gnumonks.org>	make libipt_helper.so build always, since it's now submitted to 2.4.20 inux/netfilter_ipv4/ipt_helper.h
40783fc33fa01469e818de1103d859d3e859c126	05-Aug-2002	Harald Welte <laforge@gnumonks.org>	bring ECN headers in sync with ecn.patch inux/netfilter_ipv4/ipt_ECN.h inux/netfilter_ipv4/ipt_ecn.h
ceee3db0157995c2f95bd096f64c2ea0d7ca74cf	05-Aug-2002	Harald Welte <laforge@gnumonks.org>	restore old DSCP_SHIFT behaviour inux/netfilter_ipv4/ipt_DSCP.h inux/netfilter_ipv4/ipt_dscp.h
744f3e25f630f00c91058867d26e29c5eb3cc213	04-Jun-2002	Harald Welte <laforge@gnumonks.org>	fix typo in ipt_ecn.h inux/netfilter_ipv4/ipt_ecn.h
2ff07a374d2f05aa4fe3c5ae1cfa6aedbc731b42	29-May-2002	Harald Welte <laforge@gnumonks.org>	add header file for ECN match inux/netfilter_ipv4/ipt_ECN.h inux/netfilter_ipv4/ipt_ecn.h
c980a240bad8f8995805df3bfdfb18180dd08d03	29-May-2002	Harald Welte <laforge@gnumonks.org>	bring ECN plugin in sync with new ECN target inux/netfilter_ipv4/ipt_ECN.h
f1f447b836a714b4646450aaed3dd1aa6ab2808a	26-Mar-2002	András Kis-Szabó <kisza@securityaudit.hu>	new ip6 FRAG match by kisza inux/netfilter_ipv6/ip6t_ah.h inux/netfilter_ipv6/ip6t_frag.h
d32980df1da9d81a93280b4f0e023c58055c4b0c	25-Mar-2002	Harald Welte <laforge@gnumonks.org>	Add AH/ESP match for ipv6 inux/netfilter_ipv6/ip6t_ah.h inux/netfilter_ipv6/ip6t_esp.h
d75a2aaf00b87c95b091a1b733a1c17ae51a950a	18-Mar-2002	Harald Welte <laforge@gnumonks.org>	make libipt_conntrack compile by default inux/netfilter_ipv4/ipt_conntrack.h
ec03bdf9a8a645c2c4a644009475dc9d75a72558	18-Mar-2002	Harald Welte <laforge@gnumonks.org>	libipt_pkttype now compiled by default inux/netfilter_ipv4/ipt_pkttype.h
487d1d39b6457a4a3aeb2b9dac3b1925a003a3e1	14-Mar-2002	Harald Welte <laforge@gnumonks.org>	add DSCP match inux/netfilter_ipv4/ipt_DSCP.h inux/netfilter_ipv4/ipt_dscp.h
b77f1dafb9f35752bb9685323bcacb32a0e6ddc5	14-Mar-2002	Harald Welte <laforge@gnumonks.org>	Fix 'iptables -p !' bug (segfault when `!' used without argument) ptables_common.h
0de32435158ffa575eaae6d821bf326970af36c0	25-Feb-2002	Andreas Herrmann <aherrman@de.ibm.com>	fix IP6T_MIN_ALIGN macro (Andreas Herrmann) ibiptc/libip6tc.h
385a1dd0f3b01fc0fbd6bcdee9796e0240ea77c1	17-Feb-2002	Harald Welte <laforge@gnumonks.org>	add ECN target support inux/netfilter_ipv4/ipt_ECN.h
96d960594e7db97568e478be884f205034d3a32f	17-Feb-2002	Harald Welte <laforge@gnumonks.org>	add new version of ipt_DSCP.h inux/netfilter_ipv4/ipt_DSCP.h
2e7377d3e21c0c93219eea0d38e2ee37308f6150	17-Feb-2002	Harald Welte <laforge@gnumonks.org>	add DSCP target support inux/netfilter_ipv4/ipt_DSCP.h
4ab10af3f549e1ea6492c768db3778816fff7f05	17-Feb-2002	Harald Welte <laforge@gnumonks.org>	make compilation of libip6t_LOG, libipt_length, libip6t_length and libip6t_owner mandatory inux/netfilter_ipv4/ipt_length.h inux/netfilter_ipv6/ip6t_length.h inux/netfilter_ipv6/ip6t_owner.h
97c0decde5669fbbc099da8a591b7a13825b69b1	24-Jan-2002	Harald Welte <laforge@gnumonks.org>	shit, forgot to update this one. Let's hope that the kernel's headers precede the ones in this directory inux/netfilter_ipv4/ipt_ULOG.h
b93c79862b47f227ac908430a2c9f16b4ecc0631	06-Dec-2001	Marc Boucher <marc@mbsi.ca>	Export addr_to_anyname(), mask_to_dotted(), parse_hostnetworkmask() and parse_protocol() as they are needed by the upcoming ipt_conntrack match module. ptables.h
ffe96c5a701396fd666228034ff694ffdcd1ad10	24-Nov-2001	James Morris <jmorris@intercode.com.au>	IPv6 queue handler, libipq support, documentation from Fernando Anton. ibipq/libipq.h
05e0b01bd1cd4035893c33c7084164bd8fab37c8	26-Aug-2001	Harald Welte <laforge@gnumonks.org>	second part of SAME patch which I missed to commit :( inux/netfilter_ipv4/ipt_SAME.h
3efb6ead2e51fe1eca55bcb2b06afb4dc4b8cb7c	06-Aug-2001	Harald Welte <laforge@gnumonks.org>	- added patch to support statically linking of iptables - iptables-save/-restore is no longer experimental p6tables.h ptables.h ptables_common.h
a9f714dfdad285e46250de0e227cd6b0db51462b	31-Jul-2001	Harald Welte <laforge@gnumonks.org>	added ipt_SAME.h to fix compile error inux/netfilter_ipv4/ipt_SAME.h
c8af1fd0a9b8e7e39626c7d66ade0ddc93f25fbe	23-Jul-2001	Harald Welte <laforge@gnumonks.org>	added libip6t_REJECT.c for IPv6 reject support inux/netfilter_ipv6/ip6t_REJECT.h
ed498493949c34e4b3292e93b41cda6776b7915e	23-Jul-2001	Harald Welte <laforge@gnumonks.org>	string_to_number fix ptables_common.h
58918654563975e7bf3a6ec26af92a3bc222c229	16-Jun-2001	Harald Welte <laforge@gnumonks.org>	Added support for iptables-restore module-load-on-demand (a. van schie) p6tables.h ptables_common.h
ef798b9b7e005209deb457d1ffccab3d2bcdba96	30-May-2001	James Morris <jmorris@intercode.com.au>	Added more specific copyright & author information. ibipq/libipq.h
2d88b871e0ea05f572117f2c4dee80a5d5461a76	21-May-2001	Harald Welte <laforge@gnumonks.org>	glibc sucks ibipulog/libipulog.h
8a5eb6dd67e5fac875da51742d9a954c0ff5d92f	05-May-2001	Fabrice MARIE <fabrice_marie_sec@yahoo.com>	ip6tables fixes by Fabrice Maurie p6tables.h
b5166476721dd0b663f52bd220ef008ca269c0dc	19-Apr-2001	Harald Welte <laforge@gnumonks.org>	pkttype match (new) + scorefile, libiptc C++ compatibility + scorefile ibiptc/libiptc.h
d0b6b3cd1741629991a299c95b0799eef21436b3	16-Mar-2001	Harald Welte <laforge@gnumonks.org>	NETLINK_ULOG isn't defined in an unpatched kernel inux/netfilter_ipv4/ipt_ULOG.h
008a83fad0f131e08d03235e7615fb392d1f3c3b	28-Feb-2001	Rusty Russell <rusty@linuxcare.com.au>	Move some include files to be present always, so build always includes them even if patches not applied (eg. for distributions). inux/netfilter_ipv4/ipt_FTOS.h inux/netfilter_ipv4/ipt_TCPMSS.h inux/netfilter_ipv4/ipt_TTL.h inux/netfilter_ipv4/ipt_ULOG.h inux/netfilter_ipv4/ipt_ah.h inux/netfilter_ipv4/ipt_connlimit.h inux/netfilter_ipv4/ipt_esp.h inux/netfilter_ipv4/ipt_tcpmss.h inux/netfilter_ipv4/ipt_ttl.h
764316a133db8e5e2d1f2a9d941ffae993d7c9d9	26-Feb-2001	András Kis-Szabó <kisza@sch.bme.hu>	ip6tables-save/-restore by Kis-Szabo Andras p6tables.h
4c87c8a74b2df2f14ddde17fdfb1bc7ac5dd5722	30-Jan-2001	Harald Welte <laforge@gnumonks.org>	new ULOG revision: supports in-kernel batching of packets and netlink multipart messages ibipulog/libipulog.h
0fbf055c9e320a89dd8a5ad0edbeae3d8c1de4af	05-Jan-2001	Harald Welte <laforge@gnumonks.org>	libiptc counter functions ibiptc/libip6tc.h ibiptc/libiptc.h
a114e9e8be802ab744d442449b3ec7de03c58621	01-Dec-2000	Harald Welte <laforge@gnumonks.org>	make iptables-restore and iptables-save work again ptables.h
b1e0b99aff57351419c24c618ccb00ae0fb142f9	18-Nov-2000	James Morris <jmorris@intercode.com.au>	added ipq_errstr() to API ibipq/libipq.h
89463253226292b07dbc2513572517005450164f	06-Nov-2000	Rusty Russell <rusty@linuxcare.com.au>	Added <linux/in6.h> for libc5. ibiptc/ipt_kernel_headers.h
803f33c0e9cb458cf7989f3826e9baba8da19e2f	04-Sep-2000	Rusty Russell <rusty@linuxcare.com.au>	More sparc64 fixes ibipq/libipq.h
0afdf9e6cef052475d48bc4ec10508c15e52d384	04-Sep-2000	Rusty Russell <rusty@linuxcare.com.au>	More sparc64 fixes. ibipq/ip_queue_64.h
eede68159820640725c2f92dcc95cd97de1df743	04-Sep-2000	Rusty Russell <rusty@linuxcare.com.au>	More sparc64 fixes. ibipq/libipq.h
1311b6b9cc18dfe31838e7fce4ec199ce0d39e4e	04-Sep-2000	Rusty Russell <rusty@linuxcare.com.au>	Start of Sparc64 fixes. ibipq/ip_queue_64.h
524518261009f3f81febfdd8398becc4a80cc941	27-Aug-2000	Rusty Russell <rusty@linuxcare.com.au>	Patch-o-matic! now included. ibippool/ip_pool_support.h
b6db33196870d3ec401a7ca87234dd2bc379c413	27-Aug-2000	Jan Echternach <echter@informatik.uni-rostock.de>	Jan Echternach's const tweak. p6tables.h ptables.h
fdf0433110f16b0534600af2d8980487c8342ac2	31-Jul-2000	Harald Welte <laforge@sunbeam.franken.de>	Harald Welte's ULOG target with tests (untested). ibipulog/libipulog.h
5eed48af2516ebce0412121713d285bc30edb10d	02-Jun-2000	Rusty Russell <rusty@linuxcare.com.au>	Philip Blundell's IPv6 patches. ibiptc/ipt_kernel_headers.h
8c700900e2a0cf87d7917cb62578583a60ad1210	15-May-2000	Philip Blundell <Philip.Blundell@pobox.com>	Philip Blundell's IPv6 fixes. p6tables.h ibiptc/libip6tc.h
88eb835ad207f579ae4ce21cd46f0b564ebd4748	10-May-2000	Philip Blundell <Philip.Blundell@pobox.com>	Philip Blundell's IPv6 fixes. ibiptc/libip6tc.h
79dee0702b18c8ea1d1f7a2b1f6b29349466986b	02-May-2000	Rusty Russell <rusty@linuxcare.com.au>	IPv6 enhancements. p6tables.h ptables.h ptables_common.h ibiptc/libip6tc.h
228e98dd6303af11925235af4cf3c3ec450f3f41	27-Apr-2000	Rusty Russell <rusty@linuxcare.com.au>	Alignment fixes (requires kernel patch). ibiptc/libiptc.h
849779c4adf8dd65c83fffb65e6b7898df2a55c6	23-Apr-2000	Rusty Russell <rusty@linuxcare.com.au>	More fixes and testsuite enhancements. ibiptc/libiptc.h
edf14cf4b5edb148d7473f067d95e7bd1316900b	19-Apr-2000	Rusty Russell <rusty@linuxcare.com.au>	Changes to allow matching (for delete) on part of a rule, for rules which change in the kernel (eg. ipt_limit). ptables.h ibiptc/libiptc.h
01059cb18bc4837ed45b668e1c6598a0a1c8c6af	19-Apr-2000	Rusty Russell <rusty@linuxcare.com.au>	Added linux/types.h for non-glibc systems. ibiptc/ipt_kernel_headers.h
3e9316494b2b8262d462c7ea12cab805eec8f268	24-Mar-2000	James Morris <jmorris@intercode.com.au>	James Morris' limits.h patch. ibiptc/ipt_kernel_headers.h
e6869a8f59d779ff4d5a0984c86d80db70784962	20-Mar-2000	Marc Boucher <marc@mbsi.ca>	reorganized tree after kernel merge ptables.h ibipq/libipq.h ibiptc/ipt_kernel_headers.h ibiptc/libiptc.h