e3928b77f18db0fdc615693017c6c15eb71bf4e0 |
02-Apr-2014 |
JP Abgrall <jpa@google.com> |
Fixup build so that the update from nefilter.org to 1.4.20 works * Keep the generated files needed for building. Used ./configure --enable-static --disable-shared make * Update the various Android *.mk files. Change-Id: If0e45cf6289f0e3dcf3adf73e6ccff86d640f1c0 Signed-off-by: JP Abgrall <jpa@google.com>
ndroid.mk
|
11ef84b856859e7d4a08625d09c8573e5f5eef63 |
02-Apr-2014 |
JP Abgrall <jpa@google.com> |
Merge remote-tracking branch 'upstream/stable-1.4.20' into update Conflicts: .gitignore include/linux/types.h libiptc/libiptc.c Change-Id: I2c949ba9de090db9ae09d914f4ac5c13e5b7d4da
|
d4cea4666768eeadd0d1fde61e8231bba353d8ee |
23-Jan-2014 |
Colin Cross <ccross@android.com> |
iptables: remove $(KERNEL_HEADERS) from include path The kernel headers are already in the include path, and manually adding them again will break on a multiarch build, where the kernel headers may be different for each arch. Change-Id: I20867af3061bbc86d2205f5479c40f6034a61b72
ndroid.mk
|
9b5ca5cf509bd1ed37ba692082ec6f3f180546c1 |
05-Dec-2013 |
Kristian Monsen <kristianm@google.com> |
Silence all warnings. Change-Id: I9d180c2da268117a8774290ba49c8774fabd3272
ndroid.mk
|
72000dcfdc0b0f26ccf52f7b877221bb008a7869 |
12-Nov-2013 |
Elliott Hughes <enh@google.com> |
Fix iptables to build with old or uapi header files. Bug: 11559337 Change-Id: Iefb938b87e1f29cbf45d8833e9416c38004d9b5e
ibiptc.c
|
cccfff9309743f173c504dd265fae173caa5b47f |
16-Mar-2013 |
Pablo Neira Ayuso <pablo@netfilter.org> |
libip6t_NETMAP: Use xtables_ip6mask_to_cidr and get rid of libip6tc dependency This patch changes the NETMAP target extension (IPv6 side) to use the xtables_ip6mask_to_cidr available in libxtables. As a side effect, we get rid of the libip6tc dependency. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
ibip6tc.c
|
8db1044ba608a78035bbf89007aab6b6d8ff6f68 |
19-Apr-2012 |
Miguel GAIO <miguel.gaio@efixo.com> |
libiptc: fix retry path in TC_INIT There is an issue on TC_INIT retry path: In error case, TC_FREE is called and close sockfd. The retry does not reopen then always fail. The proposing patch reopens sockfd in retry patch. Signed-off-by: Miguel GAIO <miguel.gaio@efixo.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
ibiptc.c
|
c0aa38e22e8a09fcb1898ad0e042eaf6314d2d42 |
21-Mar-2012 |
Maciej Żenczykowski <maze@google.com> |
src: mark newly opened fds as FD_CLOEXEC (close on exec) By default, Unix-like systems leak file descriptors after fork/exec call. I think this seem to result in SELinux spotting a strange AVC log messages according to what I can find on the web. Fedora 18 iptables source includes this change. Maciej says: "iptables does potentially fork/exec modprobe to load modules. That can cause a selinux 'domain'/'role'/whatever-it-is-called crossing. You can do automated inspection of what gets carried across such privilege changes and any unexpected open file descriptors flag problems, patches like this cut down on the noise." Signed-off-by: Maciej enczykowski <maze@google.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
ibiptc.c
|
61b8f7ecb64b3b6fe04d2a6ad9598f66e42ceea8 |
08-Mar-2012 |
Franz Flasch <franz.flasch@frequentis.com> |
iptables: missing free() in function delete_entry() Fixed a memory leak in the dry run path of function delete_entry(). Signed-off-by: Franz Flasch <franz.flasch@frequentis.com> Signed-off-by: Christian Engelmayer <christian.engelmayer@frequentis.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
ibiptc.c
|
1a7732f965c2b09e526eeca8a551538fbdc099ef |
08-Mar-2012 |
Franz Flasch <franz.flasch@frequentis.com> |
iptables: missing free() in function cache_add_entry() Fixed a memory leak in the error path of function cache_add_entry(). Signed-off-by: Franz Flasch <franz.flasch@frequentis.com> Signed-off-by: Christian Engelmayer <christian.engelmayer@frequentis.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
ibiptc.c
|
7c1b69b97571ddeb8c624b0a1da366a456895a6d |
01-Mar-2012 |
Pablo Neira Ayuso <pablo@netfilter.org> |
Revert "libiptc: Returns the position the entry was inserted" This reverts commit d65702c5c5bbab0ef12298386fa4098c72584e6c. This is breaking my iptables scripts: iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT iptables: Incompatible with this kernel.
ibiptc.c
|
d65702c5c5bbab0ef12298386fa4098c72584e6c |
04-Jan-2012 |
Jonh Wendell <jonh.wendell@vexcorp.com> |
libiptc: Returns the position the entry was inserted Jan Engelhardt showed no objections to this patch.
ibiptc.c
|
32a4b7dcaf252348732362cd6d853bf0005b2bdd |
18-Dec-2011 |
Jan Engelhardt <jengelh@medozas.de> |
Merge branch 'stable'
|
b8c42eca0f224a00bf55b60ded81af14a1e07da1 |
18-Dec-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libiptc: provide separate pkgconfig files Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
gitignore
akefile.am
ibip4tc.pc.in
ibip6tc.pc.in
ibiptc.pc.in
|
de4d2d3b716d83a6d3831aaf902c5adb5d1d14c9 |
27-Aug-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libiptc: use a family-invariant xtc_ops struct for code reduction Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
akefile.am
ibip4tc.c
ibip6tc.c
ibiptc.c
|
14da56743c6cdf25da35b7b5ca7a5d201771990d |
27-Aug-2011 |
Jan Engelhardt <jengelh@medozas.de> |
src: resolve old macro names that are indirections Command used: git grep -f <(pcregrep -hior '(?<=#define\s)IP6?(T_\w+)(?=\s+X\1)' include/) and then fix all occurrences. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibip4tc.c
ibip6tc.c
|
1639fe86579f86f5f6a954a9b0adde2e16ad1980 |
27-Aug-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libiptc: combine common types: _handle No real API/ABI change incurred, since the definition of the structs' types is not visible anyhow. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibip4tc.c
ibip6tc.c
ibiptc.c
|
7e5e866a36a76c153e5903b8251f90cfe07a1d34 |
27-Aug-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libiptc: replace ipt_chainlabel by xt_chainlabel Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibip4tc.c
ibip6tc.c
|
160f25b09fc5695a65a8aaf485ebece85e1f853c |
27-Aug-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libiptc: remove unused HOOK_DROPPING thing Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibip4tc.c
ibiptc.c
|
9cf67deb62f127902e686c48b951861bf848d0ab |
11-Sep-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libiptc: resolve compile failure CC libip4tc.lo In file included from libip4tc.c:118:0: libiptc.c:70:8: error: redefinition of "struct xt_error_target" ../include/linux/netfilter/x_tables.h:69:8: note: originally defined here Remove libiptc's duplicate definition and substitute names. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibiptc.c
|
96d0d0130a9a08803406c5c18681903446088ebf |
10-Jun-2011 |
Jiri Popelka <jpopelka@redhat.com> |
iptables: Coverity: DEADCODE libiptc.c:407: dead_error_condition: On this path, the condition "res > 0" cannot be false. libiptc.c:396: at_least: After this line, the value of "res" is at least 1. libiptc.c:393: equality_cond: Condition "res == 0" is evaluated as false. libiptc.c:396: new_values: Noticing condition "res < 0". libiptc.c:425: new_values: Noticing condition "res < 0". libiptc.c:407: new_values: Noticing condition "res > 0". libiptc.c:435: dead_error_line: Execution cannot reach this statement "return list_pos;". Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibiptc.c
|
8b4807f0a1d98f1d980d3d616ad565c9b72d7c49 |
11-Jun-2011 |
JP Abgrall <jpa@google.com> |
Post-merge fixup. Add new Android.mk, re-checkin generated files They have no more compilable files in the top dir. Created extra Android.mk for each subdir. Regenerated the include/iptables/internal.h and include/xtables.h with ./autogen.sh export ANDROID_ROOT=$(gettop)/prebuilt/linux-x86/toolchain/arm-linux-androideabi-4.4.x/ ./configure -host=arm-eabi CC=arm-linux-androideabi-gcc CPPFLAGS="$funky_includes" CFLAGS="-nostdlib" LDFLAGS="-Wl,-rpath-link=$ANDROID_ROOT/arm-linux-androideabi/lib -L$ANDROID_ROOT/arm-linux-androideabi/lib" Change-Id: Ia57ed699edd32ffce16e94e2f13fb93d94924a04
ndroid.mk
|
ebf81627b1a2f50fd47add49f9976ed430a19673 |
11-Jun-2011 |
JP Abgrall <jpa@google.com> |
Merge git://git.netfilter.org/iptables into v1.4.11_upstream Using theirs, as they have taken some of my prior changes\ with some improvements. Conflicts: include/xtables.h.in iptables/xtables.c iptables/xtoptions.c Change-Id: I8e1e537fbb868eeebb448c8f1d9e33b283448aac
|
38ffc9dc5bb9f2b1d01bf0b0e28b7323b135f1ea |
08-Jun-2011 |
Jan Engelhardt <jengelh@medozas.de> |
build: re-add missing CPPFLAGS for libiptc These got lost on commit v1.4.11-12-g5c8f5b6. Note: When /usr/include/libiptc/libiptc.h exists, this error is masked away :-/ (IMO, #include-with-quotes "foo.h" should not search system dirs...) Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
akefile.am
|
5c8f5b60aa8e24da0bd25824f0f85bf7a4a39ea7 |
07-Jun-2011 |
Jan Engelhardt <jengelh@medozas.de> |
src: move all libiptc pieces into its directory Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
gitignore
akefile.am
ibiptc.pc.in
|
7d91a2accc92d13bb32bf881831e9c9a8b4d7734 |
30-May-2011 |
Jan Engelhardt <jengelh@medozas.de> |
build: remove dead code parts gcc-4.6 has a new warning, -Wunused-but-set-variable, which flags no-op code. CC libiptc/libip4tc.lo In file included from libiptc/libip4tc.c:118:0: libiptc/libiptc.c: In function "iptcc_chain_index_delete_chain": libiptc/libiptc.c:611:32: warning: variable "index_ptr2" set but not used libiptc/libiptc.c: In function "alloc_handle": libiptc/libiptc.c:1282:9: warning: variable "len" set but not used CC libiptc/libip6tc.lo In file included from libiptc/libip6tc.c:113:0: libiptc/libiptc.c: In function "iptcc_chain_index_delete_chain": libiptc/libiptc.c:611:32: warning: variable "index_ptr2" set but not used libiptc/libiptc.c: In function "alloc_handle": libiptc/libiptc.c:1282:9: warning: variable "len" set but not used CC xtables_multi-iptables-xml.o iptables-xml.c: In function "do_rule_part": iptables-xml.c:376:8: warning: variable "thisChain" set but not used CC xtables_multi-ip6tables.o ip6tables.c: In function "print_firewall": ip6tables.c:552:10: warning: variable "flags" set but not used Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibiptc.c
|
16bd81be22ba2753e26f6a9ee6cb291e1e707d0d |
19-May-2011 |
JP Abgrall <jpa@google.com> |
androidifying: fixup includes and extraneous typedefs for __ANDROID__ The current could would take steps to define missing types, and include extra stuff based on GLIBC defines/versions. Make those places be ANDROID aware. Change-Id: I2d1f03e3c0f7f53250288a84db4c9ccf0431d482 Signed-off-by: JP Abgrall <jpa@google.com>
ibip4tc.c
ibip6tc.c
|
dcd1ad89105faf1f3a9a3febdb970b70c5466518 |
09-May-2011 |
Jan Engelhardt <jengelh@medozas.de> |
src: replace old IP*T_ALIGN macros Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibip4tc.c
ibip6tc.c
|
d59b9db031abee37a9aa9776662dd15370faabf4 |
08-Mar-2011 |
Stefan Tomanek <stefan.tomanek@wertarbyte.de> |
iptables: add -C to check for existing rules It is often useful to check whether a specific rule is already present in a chain without actually modifying the iptables config. Services like fail2ban usually employ techniques like grepping through the output of "iptables -L" which is quite error prone. This patch adds a new operation -C to the iptables command which mostly works like -D; it can detect and indicate the existence of the specified rule by modifying the exit code. The new operation TC_CHECK_ENTRY uses the same code as the -D operation, whose functions got a dry-run parameter appended. Signed-off-by: Stefan Tomanek <stefan.tomanek@wertarbyte.de> Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibip4tc.c
ibip6tc.c
ibiptc.c
|
7ac405297ec38449b30e3b05fd6bf2082fd3d803 |
07-Jan-2011 |
Jan Engelhardt <jengelh@medozas.de> |
src: use C99/POSIX types "u_int" was a non-standardized extension predating C99 on some platforms. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibip4tc.c
|
390755ded5e4e8b0dcfa97443a95268bfa03e952 |
18-Feb-2010 |
Dmitry V. Levin <ldv@altlinux.org> |
libip4tc: Add static qualifier to dump_entry() Change dump_entry() signature defined in libip4tc.c to match prototype declared in libiptc.c and another static dump_entry() function defined in libip6tc.c. This function is not a part of the public libiptc API. Signed-off-by: Dmitry V. Levin <ldv@altlinux.org> Signed-off-by: Patrick McHardy <kaber@trash.net>
ibip4tc.c
|
7c4d668c9c2ee007c82063b7fc784cbbf46b2ec4 |
26-Oct-2009 |
Jan Engelhardt <jengelh@medozas.de> |
libiptc: fix wrong maptype of base chain counters on restore When a ruleset that does not reset any chain policies/counters, such as *filter COMMIT is sourced by iptables-restore, the previous policy and counters (i.e. the ones read from the kernel) are reused. The counter skew offsetting is wrong however, causing the read value to be readded to the kernel value. This manifests itself in practice by the counter value almost doubling everytime iptables-restore is called. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibiptc.c
|
51651b64fffc58d4f58d005fa7dc0d9669147c57 |
23-Oct-2009 |
Jan Engelhardt <jengelh@medozas.de> |
libiptc: avoid strict-aliasing warnings In file included from libiptc/libip4tc.c:117:0: libiptc/libiptc.c: In function ‘__iptcc_p_del_policy’: libiptc/libiptc.c:826:4: warning: dereferencing type-punned pointer will break strict-aliasing rules libiptc/libiptc.c: In function ‘iptc_get_target’: libiptc/libiptc.c:1650:4: warning: dereferencing type-punned pointer will break strict-aliasing rules libiptc/libip4tc.c: In function ‘dump_entry’: libiptc/libip4tc.c:157:3: warning: dereferencing type-punned pointer will break strict-aliasing rules CC libiptc/libip6tc.lo In file included from libiptc/libip6tc.c:112:0: libiptc/libiptc.c: In function ‘__iptcc_p_del_policy’: libiptc/libiptc.c:826:4: warning: dereferencing type-punned pointer will break strict-aliasing rules libiptc/libiptc.c: In function ‘ip6tc_get_target’: libiptc/libiptc.c:1650:4: warning: dereferencing type-punned pointer will break strict-aliasing rules libiptc/libip6tc.c: In function ‘dump_entry’: libiptc/libip6tc.c:188:3: warning: dereferencing type-punned pointer will break strict-aliasing rules Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibip4tc.c
ibip6tc.c
ibiptc.c
|
a9c79c7ba494b39bad959a0c833e58a343686272 |
23-Oct-2009 |
Jan Engelhardt <jengelh@medozas.de> |
libiptc: remove unused functions Fix the two warnings in libiptc.c: CC libiptc/libip4tc.lo libiptc/libiptc.c:1570:1: warning: ‘iptc_num_rules’ defined but not used libiptc/libiptc.c:1586:1: warning: ‘iptc_get_rule’ defined but not used CC libiptc/libip6tc.lo libiptc/libiptc.c:1570:1: warning: ‘ip6tc_num_rules’ defined but not used libiptc/libiptc.c:1586:1: warning: ‘ip6tc_get_rule’ defined but not used Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibiptc.c
|
c9477d0dcd01af5d1ee6c95c757a8c814fb3be63 |
23-Mar-2009 |
Jesper Dangaard Brouer <hawk@comx.dk> |
libiptc: give credits to my self Add notes about my scalability work on the library libiptc. This should make in more obvious who to complain to. Signed-off-by: Jesper Dangaard Brouer <hawk@comx.dk> Signed-off-by: Patrick McHardy <kaber@trash.net>
ibiptc.c
|
a9fe5b3d62e4e974e9517b23d0bf7f0f146ed11e |
23-Mar-2009 |
Jesper Dangaard Brouer <hawk@comx.dk> |
libiptc: fix whitespaces and typos Cleanup whitespaces while going through the code. Signed-off-by: Jesper Dangaard Brouer <hawk@comx.dk> Signed-off-by: Patrick McHardy <kaber@trash.net>
ibiptc.c
|
64ff47cde38e48b621883947fd61b9b1357f9451 |
23-Mar-2009 |
Jesper Dangaard Brouer <hawk@comx.dk> |
libiptc: fix chain rename bug in libiptc Chain renaming (TC_RENAME_CHAIN) can result in an unsorted chain list. That breaks the requirement of the binary search done in iptcc_bsearch_chain_index(). Signed-off-by: Jesper Dangaard Brouer <hawk@comx.dk> Signed-off-by: Patrick McHardy <kaber@trash.net>
ibiptc.c
|
7cd15e367cc81c839ef2ca061d201c46ca1deb7c |
23-Mar-2009 |
Christoph Paasch <christoph.paasch@gmail.com> |
libiptc: avoid compile warnings for iptc_insert_chain iptc_insert_chain is too big to get inlined and so it generates a warning while compiling. Signed-off-by: Christoph Paasch <christoph.paasch@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
ibiptc.c
|
0eee3009e7015b82a46b2eccad91f759d75ec4df |
26-Nov-2008 |
Jan Engelhardt <jengelh@medozas.de> |
libiptc: guard chain index allocation for different malloc implementations Some libc implementations such as �Clibc return NULL on malloc(0). They are free to do that per C standard. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signeed-off-by: Patrick McHardy <kaber@trash.net>
ibiptc.c
|
175f451104532f3054b1824695d16a4ee1d8ea34 |
10-Nov-2008 |
Jan Engelhardt <jengelh@medozas.de> |
libiptc: make sockfd a per-handle thing Get away from this singleton. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
ibiptc.c
|
d73af64b9d28a5b0309104232c848e8ca8ab6956 |
10-Nov-2008 |
Jan Engelhardt <jengelh@medozas.de> |
libiptc: use hex output for hookmask Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
ibiptc.c
|
de899697fd8eb18e828e806ffab04d053208bbf2 |
10-Nov-2008 |
Jan Engelhardt <jengelh@medozas.de> |
libiptc: remove unused iptc_get_raw_socket and iptc_check_packet Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
ibip4tc.c
ibip6tc.c
ibiptc.c
|
1c9015b2cb483678f153121255e10ec0bbfde3e6 |
10-Nov-2008 |
Jan Engelhardt <jengelh@medozas.de> |
libiptc: remove indirections Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
ibiptc.c
|
fd1873110f8e57be578df17fc9d03536b10f4f73 |
10-Nov-2008 |
Jan Engelhardt <jengelh@medozas.de> |
libiptc: remove typedef indirection Don't you hate it when iptc_handle_t *x actually is a double-indirection struct iptc_handle **? This also shows the broken constness model, since "const iptc_handle_t x" = "iptc_handle_t const x" = "struct iptc_handle *const x", which is like no const at all. Lots of things to do then. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
ibip4tc.c
ibip6tc.c
ibiptc.c
|
4eb03c8e087c4cc438f2cbc0ff6a5e9b85f6d4fb |
24-Sep-2008 |
Jesper Dangaard Brouer <hawk@comx.dk> |
libiptc: remove old fixme Chains _are_ sorted, binary search depend on it! Signed-off-by: Jesper Dangaard Brouer <hawk@comx.dk> Signed-off-by: Patrick McHardy <kaber@trash.net>
ibiptc.c
|
4bae3f1001028ee283a5e1fcea4a561b0068f95d |
03-Jul-2008 |
Jesper Dangaard Brouer <hawk@comx.dk> |
libiptc: fix scalability performance issue during initial ruleset parsing Finding jump chains is slow O(Chain*Rules). The problem: is that the chain list is searched lineary for each rule with a jump target. The problem lies in the "second pass" (of function parse_table) where the userchain jump targets are found. For each rule "R" with a IPTCC_R_JUMP target, function iptcc_find_chain_by_offset() searches through the chains "C" in the chain list (worst-case hitting the last one). The solution: in this patch is to speed up iptcc_find_chain_by_offset() by using binary search. Reducing complexity from O(C) to O(log C). Implementation: Its possible to use the same bsearch algorithm and data structure (chain_index), as used for chain name searching. How is that possible: One has to realize that the chains are both sorted by name and offsets, this is because the chains are already sorted in the ruleset from the kernel. Signed-off-by: Jesper Dangaard Brouer <hawk@comx.dk> Signed-off-by: Patrick McHardy <kaber@trash.net>
ibiptc.c
|
526d3e138635e33773d1ca16477052a04f53f5bd |
03-Jul-2008 |
Jesper Dangaard Brouer <hawk@comx.dk> |
libiptc: minor bugfix Minor bugfix, an extra check is needed if the tail element is a builtin chain, as builtin chains are not sorted. Signed-off-by: Jesper Dangaard Brouer <hawk@comx.dk> Signed-off-by: Patrick McHardy <kaber@trash.net>
ibiptc.c
|
1f23d3c2544f4329b31804392abc4eff434ba308 |
07-Jun-2008 |
Patrick McHardy <kaber@trash.net> |
libiptc: move variable definitions to head of function Signed-off-by: Patrick McHardy <kaber@trash.net>
ibiptc.c
|
5a2208c3e62a150e6f6297abbfa63056ab4a8066 |
04-Jun-2008 |
Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> |
Use s6_addr32 to access bits in int6_addr instead of incompatible name Spotted by Khem Raj <raj.khem@gmail.com> Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> Signed-off-by: Patrick McHardy <kaber@trash.net>
ibip6tc.c
|
8b7c64d6ba156a99008fcd810cba874c73294333 |
15-Apr-2008 |
Jan Engelhardt <jengelh@medozas.de> |
Remove old functions, constants
ibiptc.c
|
21b41eea4724c57d2b6e5998cf38255046e43ad3 |
11-Feb-2008 |
Jan Engelhardt <jengelh@medozas.de> |
Combine IP{,6}T_LIB_DIR into XTABLES_LIBDIR
ibiptc.c
|
33690a1aec0b6309ff90066ca56285b6e43013f2 |
11-Feb-2008 |
Jan Engelhardt <jengelh@medozas.de> |
Fix all remaining warnings (missing declarations, missing prototypes)
ibiptc.c
|
dbb77543ad6afe29e9a1881b2d4fc212de621a55 |
11-Feb-2008 |
Jan Engelhardt <jengelh@medozas.de> |
Fix -Wshadow warnings and clean up xt_sctp.h Note: xt_sctp.h is still not merged upstream in the kernel as of this commit. But a refactoring was really needed.
ibiptc.c
|
2f93205b375ee9f5a383f8041749a9b989012dd0 |
02-Apr-2008 |
Patrick McHardy <kaber@trash.net> |
Retry ruleset dump when kernel returns EAGAIN. Bugzilla #104
ibiptc.c
|
2b62b62509dfccdb6ebbb17628aad95fb7681a89 |
20-Jan-2008 |
Patrick McHardy <kaber@trash.net> |
Remove obsolete file
akefile
|
01444da4cb70417d2dc2643e2d48c70de7ff8e96 |
15-Jan-2008 |
Jesper Dangaard Brouer <hawk@comx.dk> |
Solving scalability issue: for chain list "name" searching. Solving scalability issue: for chain list "name" searching. Functions: iptcc_find_label(), iptc_is_chain(). Testing if a chain exist, requires a linearly walk of linked list with chain-names (doing a strcmp(3) in each step). Giving a worst-case runtime of O(n) where n is the number of chains. Why is this important to fix?! If only called once, this should not be a big concern, even-though the string compares are expensive. The performance issue arise with many chains for example; when using "iptables-restore", or when listing all "iptables -nL" rules, or when using CPAN IPTables::libiptc. Having 50k chains, the rule listing, with the command: "./iptables -nL > /dev/null", Without patch it takes approximately 5 minutes, With the patch it takes 0.5 seconds. Listing without patch: real 4m49.426s user 4m37.993s sys 0m0.280s Listing with patch: real 0m0.558s user 0m0.484s sys 0m0.064s How is it solved?! The issue is solved introducing a new data structure, that allow us to do binary search of chain names. Thus, reducing the worst-case runtime to O(log n). Being more specific: The new data structure is called "chain index", which is an array with pointers into the chain list, with CHAIN_INDEX_BUCKET_LEN spacing. This facilitates the ability to speedup chain list searching, by find a more optimal starting points when searching the linked list. The runtime complexity is actually also affected by this "bucket" size concept. Thus, O(log(n/k) + k) where k is CHAIN_INDEX_BUCKET_LEN. A nice property of the chain index, is that the "bucket" list length is max CHAIN_INDEX_BUCKET_LEN (when just build, inserts will change this). Oppose to hashing, where the "bucket" list length can vary a lot. Signed-off-by: Jesper Dangaard Brouer <hawk@comx.dk>
ibiptc.c
|
48bde40e73b45ad134d32cde88b779fe509faf64 |
15-Jan-2008 |
Jesper Dangaard Brouer <hawk@comx.dk> |
Introduce a counter for number of user defined chains. Introduce a counter for number of user defined chains. Signed-off-by: Jesper Dangaard Brouer <hawk@comx.dk>
ibiptc.c
|
910939897ea0cb9be2729a98c60a92e807aad5c3 |
15-Jan-2008 |
Jesper Dangaard Brouer <hawk@comx.dk> |
Inline functions iptcc_is_builtin() and set_changed(). The two functions are obvious candidates for inlining. Using gprof(1) shows that they actually affects performance. Signed-off-by: Jesper Dangaard Brouer <hawk@comx.dk>
ibiptc.c
|
1336451ead58d608618ff5b0a251d132b73f9866 |
12-Dec-2007 |
Jesper Dangaard Brouer <hawk@comx.dk> |
More safe chain sorting, improving r7098 This patch is an improvment of r7098 (made by me). Assuring compatibility between 1.4.0 and older versions, regarding chain sorting. Chains from kernel are already sorted, as they are inserted sorted. But there exists an issue when shifting to 1.4.0 from an older version, as old versions allow last created chain to be unsorted. This unsorted chain would survive in 1.4.0, as chains are now only sorted on creation. This patch verifies that chains are sorted, if not it fixes the sorting. Signed-off-by: Jesper Dangaard Brouer <hawk@comx.dk>
ibiptc.c
|
f791a5d77d09a689da95e9899cb0eb15b1401ddf |
04-Dec-2007 |
Patrick McHardy <kaber@trash.net> |
Fix sockfd use accounting for kernels without autoloading
ibiptc.c
|
d8cb787ab44e9d2de4fd3b04fcaa370c9918fc5d |
28-Nov-2007 |
Jesper Dangaard Brouer <hawk@comx.dk> |
iptables/libiptc perf issue: Sorting chain during pull-out Performance optimize scalability issue: Sorting chain during pull-out give worst-case runtime O(Chains2). When pulling out the blob, every chain name is inserted alphabetically into a linked list (by function iptc_insert_chain()). The problem with this approach is that the chain names delivered in the blob is already sorted (as we push it back to the kernel sorted). This cause chain parsing to always process every element in the chain list and finish with a tail add. Causing worst-case runtime O(C2/2) for alphabetically sorting of chains. The patch solves this by only calling iptc_insert_chain() when creating new chains. Signed-off-by: Jesper Dangaard Brouer <hawk@comx.dk>
ibiptc.c
|
97fb2f1579f0794377db1dca7c5bb07fade1a0dc |
08-Sep-2007 |
Patrick McHardy <kaber@trash.net> |
Fix unused function warning
ibiptc.c
|
0b63936140032deac44072951451bdf47b54296a |
08-Sep-2007 |
Patrick McHardy <kaber@trash.net> |
Fix more sparse warnings: non-C99 array declaration, incorrect function prototypes
ibiptc.c
|
ea146a982e26c42f9954f140276f8deeb2edbe98 |
02-Sep-2007 |
Peter Riley <Peter.Riley@hotpop.com> |
Remove last vestiges of NFC (Peter Riley <Peter.Riley@hotpop.com>)
ibip4tc.c
ibip6tc.c
|
7d5cc229064b0e718046b9ecaebad3426dfff15f |
30-Jun-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Removes KERNEL_64_USERSPACE_32 The recent kernel has compat layer for iptables. It doesn't have compat layer for libipq and ip6tables, but ip6tables with KERNEL_64_USERSPACE_32 is still broken. We should fix kernel instead of fixing them if and when we want use their 32bit binary with 64bit kernel.
ibiptc.c
|
e5bd1d779fab33353c1dc2d2fa49db639dcebd38 |
22-Aug-2006 |
Andy Gay <andy@andynet.net> |
iptables -Z clears the per-rule counters, but not the chain policy counters (Andy Gay <andy@andynet.net>) https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=502
ibiptc.c
|
04a1e4cabd185d7a93bea1ece276343044d9ecd4 |
25-Jul-2006 |
Patrick McHardyJesper Brouer <kaber@trash.nethawk@diku.dk> |
BUG: libiptc chain references bug (Jesper Brouer <hawk@diku.dk>) Correcting a chain references increment bug in libiptc. The bug lies in function iptc_delete_entry() / TC_DELETE_ENTRY. The problem is the construction of "r" the rule entry, that is used for comparison. The problem is that the function iptcc_map_target() increase the target chains references count.
ibiptc.c
|
70067291528bb949fac8a584e782f2b4c38e4c16 |
05-Jul-2006 |
Phil Oester <kernel@linuxace.com> |
libiptc symbols clash (Phil Oester <kernel@linuxace.com>) As reported by Dmitry Levin, the TC_NUM_RULES and TC_GET_RULE exports clash. His patch below, resolving bug #456
ibip4tc.c
ibip6tc.c
|
e0865ad29d53b0d3d34b5cc8b5e023eb593172a8 |
22-Apr-2006 |
Patrick McHardy <kaber@trash.net> |
Don't overwrite errno with return value of setsockopt (which is -1 on error). Fixes "Unknown error 4294967295" message (bugzilla #460).
ibiptc.c
|
a7dd0e41b7fc06b4b9f62d031b72fa0e778a204d |
22-Apr-2006 |
Patrick McHardyHarald Welte <kaber@trash.netlaforge@gnumonks.org> |
Revert incorrect fix for "Unknown error 4294967295" problem
ibiptc.c
|
2998554a0f7fa98d22ca2076af4e6aa490d1ddae |
21-Apr-2006 |
Harald Welte <laforge@gnumonks.org> |
When entering an invalid command (such as iptables -A INPUT -j MARK --set-mark 1), the error message "Unknown error 4294967295" is displayed; (Closes: #460)
ibiptc.c
|
0fbc8622895f1763b8815e058fb9a618ff4c629a |
09-Feb-2006 |
Harald Welte <laforge@gnumonks.org> |
don't install libiptc.a
akefile
|
d6ba6f57658ee2fee7cf763259e8a0c601479989 |
12-Nov-2005 |
Harald Welte <laforge@gnumonks.org> |
- Fix memory leak in TC_COMMIT() (Markus Sundberg) - Cleanup error path of TC_COMMIT() - Correctly propagate errors of setsockopt to calling function
ibiptc.c
|
feca0578a5d035122b4b7cdb8d44d6cca819f35c |
31-Jul-2005 |
Robert de Barth <list-netfilter@debarth.co.uk> |
_really_ sort only user defined chains (Robert de Barth <list-netfilter@debarth.co.uk>
ibiptc.c
|
efa8fc2123a2a9fc229ab471edd2b2688ce1da3a |
20-Jul-2005 |
Harald Welte <laforge@gnumonks.org> |
get rid of numerous gcc-4 warnings
ibiptc.c
|
5ee88622ef8f38e5f6b6c60ca1ab61d8f93a0e82 |
23-Jun-2005 |
Pablo Neira <pablo@eurodev.net> |
fix deletion of targets where kernel size != userspace size (Pablo Neira)
ibip4tc.c
ibip6tc.c
|
9d3ed77341361674994f584ff69a61f31a342739 |
05-Mar-2005 |
Olaf Rempel <razzor@kopf-tisch.de> |
Restore chain order (Olaf Rempel <razzor@kopf-tisch.de>)
ibiptc.c
|
8115e5425721cd610b6390c3d4c24540773b0520 |
14-Feb-2005 |
Pablo Neira <pablo@eurodev.net> |
Kill NFC_* stuff in iptables (Pablo Neira <pablo@eurodev.net>) Fixes build with conntrack event patch for 2.6
ibip4tc.c
ibip6tc.c
|
e37c0dc100c51541accf81e4763d0cdba807db34 |
04-Feb-2005 |
Phil Oester <kernel@linuxace.com> |
Revert the recent addition of memset()'s to TC_COMMIT. One of them is bogus and the other one needs more investigation to why valgrind is complaining. Noticed and reverted by Phil Oester.
ibiptc.c
|
ec30b6c4d3ebb09d2c05e44f3904428893ef13bd |
01-Feb-2005 |
Harald Welte <laforge@gnumonks.org> |
re-implement alphabetic sorting to not confuse users who upgrade to 1.3.0
ibiptc.c
|
664c0a30b7963040da2e7a7e86dc56a0f1a829b5 |
01-Feb-2005 |
Derrik Pates <demon@devrandom.net> |
- Sets the 'iptc_fn' global variable to the pointer to the current functions in all major TC_* functions. This is necessary because in certain cases, an error return from a function that doesn't set 'iptc_fn' will conflict with a function-specific error return from one that does, causing TC_STRERROR() to return the wrong error string. This ensures that the right one will be returned. - Implements a simple reference counter for the netlink socket global variable 'sockfd'; this is necessary for IPTables::IPv4, where multiple tables (filter, nat, mangle, untracked) may be opened at one time. The way libiptc does it in the official version causes previously-opened tables to break such that attempts to commit changes will fail. - Adds a couple of memset() invocations in TC_COMMIT, based on past analysis with valgrind. It claimed that allocated structure were not being fully initialized, and adding the memset()s corrected this warning. (Derrik Pates <demon@devrandom.net>)
ibiptc.c
|
3aef54dce4f9bbe0b466478fd33a1d3131efbbb8 |
03-Jan-2005 |
Rusty Russell <rusty@rustcorp.com.au> |
Extension revision number support (if kernel supports the getsockopts). Enhance MARK match with second revision. Committed in anticipation of the kernel patch being applied.
ibiptc.c
|
daade4452715cbd1feea05d5231c5e38e3b0b98b |
29-Dec-2004 |
Rusty Russell <rusty@rustcorp.com.au> |
Stupid typo that meant we didn't compare target data when doing delete-by-matching-rule (found by nfsim test).
ibiptc.c
|
0f9b8b158bb71b96c6b2908f5bf7bb9670ff4eb0 |
18-Dec-2004 |
Martin Josefsson <gandalf@wlug.westbo.se> |
Implement some optimization for finding rules to replace in TC_REPLACE_ENTRY. Stolen from TC_DELETE_NUM_ENTRY.
ibiptc.c
|
733e54b8250576d6a1e0ab5621ef5b144abdf018 |
16-Dec-2004 |
Rusty Russell <rusty@rustcorp.com.au> |
Make "is_same" test basics and entries only: targets are generic. Make target testing aware of different kinds of rules. Change reverse logic: target_different now target_same. Set type to MODULE in iptcc_map_target. Add testcase for this.
ibip4tc.c
ibip6tc.c
ibiptc.c
|
e45c71321e77735a1d66b180f8a29bea33aeb1b0 |
16-Dec-2004 |
Rusty Russell <rusty@rustcorp.com.au> |
Remove GET_TARGET() define: this was for compiling iptables for debugging (ie. without -O) on old kernels where ipt_get_target() was defined "extern inline". These days it's "static inline", and only developers build without -O anyway. Fix up DUMP_ENTRIES a little, but remove calls: it only dumps the table as loaded, not the changed (cached) table, which is misleading. Fix TC_DELETE_ENTRY: we need to use iptcc_map_target() before comparing, otherwise "-j DROP" (as an example) doesn't work.
ibiptc.c
|
a5616dcfafd33fa46a03a8c270e5e09b2fba7cb1 |
25-Oct-2004 |
Martin Josefsson <gandalf@wlug.westbo.se> |
Search backwards when inserting/deleting in/from the top half of the rules in a chain. before: insert 50k rules without any previous rules real 0m1.314s user 0m1.184s sys 0m0.123s insert 50k with one already existing rule real 2m38.052s user 2m37.296s sys 0m0.353s insert 50k rules in the middle of 20k already existing rules real 2m43.831s user 2m43.005s sys 0m0.414s delete rule #70000 10k times with 100k rules real 1m37.990s user 1m37.247s sys 0m0.500s after: insert 50k without any previous rules real 0m1.315s user 0m1.184s sys 0m0.125s insert 50k with one already existing rule real 0m1.313s user 0m1.189s sys 0m0.119s insert 50k rules in the middle of 20k already existing rules real 0m8.550s user 0m8.327s sys 0m0.197s delete rule #70000 10k times with 100k rules real 0m35.566s user 0m35.062s sys 0m0.416s
ibiptc.c
|
631f3619b7fb597f5e1c8f61c7178d64be7c144f |
23-Sep-2004 |
Martin Josefsson <gandalf@wlug.westbo.se> |
Replace O(n) with O(1) when TC_INSERT_ENTRY() inserts an entry at the end. Do the same with TC_DELETE_NUM_ENTRY() when deleting the last rule. My rule management script does both of these things in certain situations. Created a file with 50.000 rules which my script converted into iptables-restore format but inserting each rule with an index instead of appending like the iptables-save output does. That took a while without this optimization. Same thing when deleting the 45.000 last rules in that chain, the script outputs deletes by number starting from the bottom. Inserting or deleting (by number) in the middle of the chain is still O(n) where n is the rulenumber where the insert/delete is taking place.
ibiptc.c
|
12009531e6a96a62ee398eb0ab3e9ec0b3b57701 |
23-Sep-2004 |
Martin Josefsson <gandalf@wlug.westbo.se> |
Spelling error.
ibiptc.c
|
b0f3d2d7261be3fe256a66abcc237241fea43a02 |
23-Sep-2004 |
Martin Josefsson <gandalf@wlug.westbo.se> |
Fix returnvalue of TC_BUILTIN() All jumps to nonexisting chains were believed to be jumps to builtin chains, that's bad as it made it impossible to add rules with external targets.
ibiptc.c
|
ad3b4f9973ac15981b98b8fc4d364ef1ce524212 |
23-Sep-2004 |
Martin Josefsson <gandalf@wlug.westbo.se> |
Make sure to zero all the memory we allocate for the new table. Makes flushing of chains containing more than a few entries work without potentially oopsing the kernel.
ibiptc.c
|
2a5dbbb883fb0cc8a122b47a5d8e08ef3e6ff5bc |
22-Sep-2004 |
Martin Josefsson <gandalf@wlug.westbo.se> |
Make TC_DELETE_ENTRY() and TC_DELETE_NUM_ENTRY() actually do something practical
ibiptc.c
|
8e795b0ad07174eed4172f8d7237b3abdd9d0e15 |
22-Sep-2004 |
Martin Josefsson <gandalf@wlug.westbo.se> |
Fix two more rulenumber off by 1 errors
ibiptc.c
|
eb066cc4fb75a616400eaf38dfa31c052c76cf5c |
22-Sep-2004 |
Martin Josefsson <gandalf@wlug.westbo.se> |
Insertion of rules with -I was broken. It checked if a rule existed on the position we were inserting to. Thus inserting into an empty chain didn't work. And it didn't care about the fact that the first rule in the chain has index 1 the rulenumer we get starts at 0...
ibiptc.c
|
8d1b38a064d146c77eb8fc951717663e1a713cfc |
22-Sep-2004 |
Martin Josefsson <gandalf@wlug.westbo.se> |
Fix rule counting
ibiptc.c
|
52c380208a87191a8c25608d2c501c0dc32aa9ad |
22-Sep-2004 |
Martin Josefsson <gandalf@wlug.westbo.se> |
Fix listing of module targets. Type was only set for standard targets. Harald: please review.
ibiptc.c
|
0371c0c5eb17c81e8dd44c4aa31b58318e9b7b72 |
19-Sep-2004 |
Harald Welte <laforge@gnumonks.org> |
fix segfault from memory allocation: handle->entries is actualy struct ipt_get_entries plus the size
ibiptc.c
|
fe53707285c250c6bb1e434ea6f8271cf061c67b |
30-Aug-2004 |
Harald Welte <laforge@gnumonks.org> |
add delete by matching-rule to libiptc2 (still untested)
ibiptc.c
|
aae69bed019826ddec93f761514652a93d871e49 |
30-Aug-2004 |
Harald Welte <laforge@gnumonks.org> |
complete libiptc rewrite. Time to load 10k rules goes down from 2.20 minutes to 1.255 seconds (!). Might still contain bugs, use with caution.
ibip4tc.c
ibip6tc.c
ibiptc.c
inux_list.h
inux_stddef.h
|
a28d495285ad7dd9f286d63958cf20d74eec6bcb |
26-May-2004 |
Martin Josefsson <gandalf@wlug.westbo.se> |
Get rid of some warnings when compiling 64bit.
ibip4tc.c
ibip6tc.c
ibiptc.c
|
15920d160760535e51a57b3834eba45257cfa6d8 |
16-May-2004 |
Harald Welte <laforge@gnumonks.org> |
cosmetic fix (space between include directive and filename)
ibiptc.c
|
7cd002826d0f329620cb738bc4dc4760ef5e084a |
14-May-2004 |
Stephane Ouellette <ouellettes@videotron.ca> |
Compiler warnings due to missing include files (Stephane Ouellette)
ibiptc.c
|
073df8feb0a8c4023ce40138e519ac9b341b1ca2 |
31-Jan-2004 |
Karsten Desler <kdesler@soohrt.org> |
Fix even more possibly not zero-terminated strings after copy (Karsten Desler)
ibiptc.c
|
0113fe75ff05e09e6f3d251534d9ae32e9aa717c |
06-Jan-2004 |
Harald Welte <laforge@gnumonks.org> |
oops, don't commit this to the stable tree
ibiptc.c
|
9e03380e9f78ae347ae4f3f041c4eca50348f2e8 |
06-Jan-2004 |
Harald Welte <laforge@gnumonks.org> |
commit all current changes
ibiptc.c
|
50fceae8f9b25bbe4effed74321e51916c1ce8b6 |
08-Oct-2003 |
Harald Welte <laforge@gnumonks.org> |
sorry, this one didn't make it in 1.2.9rc1 :(
ibip6tc.c
|
4dc734c73cc4a0ff87c0ce3673544628b58c7e24 |
07-Oct-2003 |
Harald Welte <laforge@gnumonks.org> |
add support for the raw table to userspace
ibip4tc.c
|
0acde1f28a576f5d4f2b51881555c31644940372 |
05-Jul-2003 |
Martin Josefsson <gandalf@wlug.westbo.se> |
fix rule deletion in modified libiptc (Martin Josefsson)
ibiptc.c
|
cc7bb65ed37e366098983450a6f65d5f9bfaac4a |
24-Jun-2003 |
Harald Welte <laforge@gnumonks.org> |
fix ipv6_prefix_length endianness bugs (Closes: #103)
ibip6tc.c
|
fbc85236a6140918ab1d0fb0e07e2d72da46ce45 |
24-Jun-2003 |
Harald Welte <laforge@gnumonks.org> |
Add my recent performance optimization work, might destabilize iptables. Please report bugs to bugzilla, we need to fix this up before releasing the next iptables version.
ibiptc.c
|
3ea8f40262386e6b1445a617841f28702fe74d9d |
23-Jun-2003 |
Harald Welte <laforge@gnumonks.org> |
implement chain cache ussing relative offsets instead of absolute entry pointers. This is needed for my current libiptc optimization work, since it needs the chain cache to still be correct after it has been reallocated to a different address.
ibiptc.c
|
e560fd604284180f3ab522993c5b8e6f424ef1d9 |
13-Jun-2003 |
Martin Josefsson <gandalf@wlug.westbo.se> |
Fix possible doubleclose of sockfd. This shouldn't break anything, things were already broken.
ibiptc.c
|
841e4aed2349046eb2c0b1375139c06569a93bd0 |
02-May-2003 |
Martin Josefsson <gandalf@wlug.westbo.se> |
fix memory leak(s) in libiptc. Reverts the previous (wrong) patch. (Martin Josefsson)
ibip4tc.c
ibip6tc.c
ibiptc.c
|
23a6b4564bc6edecd888530b461093586842acbf |
30-Apr-2003 |
Tomáš Lejdar <tomas.lejdar@i.cz> |
Fix libiptc memory hole during iptc_chain_next() (Tomas Lejdar)
ibiptc.c
|
2354d928a6864e8753decc054873d562689577d3 |
05-Mar-2003 |
Harald Welte <laforge@gnumonks.org> |
make DO_IPV6 work again..
akefile
|
4f8d2d95056b50a2d05eff0245fe1ddd8c382b05 |
12-Jun-2002 |
Marc Boucher <marc@mbsi.ca> |
Fixed destination netmask comparison bug in is_same()
ibip4tc.c
|
80fe35d6339b53a12ddaec41885613e4e37ed031 |
29-May-2002 |
Harald Welte <laforge@gnumonks.org> |
globally replace NETFILTER_VERSION with IPTABLES_VERSION to have consistent naming
ibiptc.c
|
95df8e79d018f2e214d24a72237abac8e57bb3cf |
14-Feb-2002 |
Harald Welte <laforge@gnumonks.org> |
explicitly check for two possible sets of hooks in case of nat and mangle
ibip4tc.c
ibip6tc.c
|
a540b1b15e0d63ab10555502fcd569b40eec8145 |
13-Feb-2002 |
Harald Welte <laforge@gnumonks.org> |
fix compatibility with mangle2hooks and mangle5hooks
ibip4tc.c
ibip6tc.c
|
596707cf8374dba73535bc77bae76fe8770c0028 |
13-Feb-2002 |
Harald Welte <laforge@gnumonks.org> |
first attempt in trying to make debug code work with mangle2hooks and mangle5hooks
ibip4tc.c
ibip6tc.c
|
380ba5f3074a16fbaa8869d9594962d58b5f8608 |
13-Feb-2002 |
Harald Welte <laforge@gnumonks.org> |
- don't need -DNDEBUG anymore. Instead, use -DIPTC_DEBUG to enable libiptc debugging. This is to make people at RedHat and Mandrake happy. - add debugging code for mangle5hooks table (will break debugging of iptables >= 1.2.6 on old kernels <= 2.4.18-pre6. *sigh*
ibip4tc.c
ibip6tc.c
ibiptc.c
|
72c6b79b9944e4784ca21779413db71d773d7f10 |
08-Feb-2002 |
Harald Welte <laforge@gnumonks.org> |
update debugging code to mangle5hooks changes
ibip4tc.c
ibip6tc.c
|
1afc3b67b53e40e5aace076c0b650348aa5f4936 |
19-Jan-2002 |
Marc Boucher <marc@mbsi.ca> |
Added #include <unistd.h> to eliminate close() warning.
ibip4tc.c
ibip6tc.c
|
366454bc69f781fdafc3a30eb6dd77155ee4efb6 |
07-Jan-2002 |
Harald Welte <laforge@gnumonks.org> |
libiptc socket leaking fix
ibiptc.c
|
4ccfa630d9a588d4b852abef8bc467642427c8cf |
30-Jul-2001 |
Harald Welte <laforge@gnumonks.org> |
move defaults to bottom, print reasonable message for CHECK functions
ibiptc.c
|
ec81ca7e5e5939eb0bfa4776c5c0c585efdfd1bb |
26-May-2001 |
Harald Welte <laforge@gnumonks.org> |
ipt_get_target is declared non-static in ip_tables.h, so it is non-static here
ibiptc.c
|
10c6888656e6a1d3e236c89ca070471885266245 |
16-Mar-2001 |
Harald Welte <laforge@gnumonks.org> |
release-diff for 1.2.1 - added libipulog / libiptc to devel target - added changelog for 1.2.1 - updated index.html for 1.2.1 - added reference to Oskar Andreasson's tutorial
akefile
|
e0072945b57dc499327567640648050563b19a5e |
23-Jan-2001 |
Harald Welte <laforge@gnumonks.org> |
added iptables --set-counters
ibiptc.c
|
1cef74d943055668b5e356eebea877fdaa1ce3e0 |
05-Jan-2001 |
Harald Welte <laforge@gnumonks.org> |
libiptc counter function
ibip4tc.c
ibip6tc.c
ibiptc.c
|
8e07bd78ade5e2b4636d410a897119e111ea3e6c |
19-Dec-2000 |
Rusty Russell <rusty@linuxcare.com.au> |
Libc5 can't do IPv6.
akefile
|
1de804642d4c8e9c71b7e225a1528fff15fa7faa |
30-Oct-2000 |
Harald Welte <laforge@gnumonks.org> |
two libiptc bugs fixed, including the 'segv while doing more than one action per commit' one.
ibiptc.c
|
3c7a6c479f3eccd65a78dc103f33f4085e8e4703 |
19-Sep-2000 |
Rusty Russell <rusty@linuxcare.com.au> |
Fix allocation (base new alloc on current size, not original size).
ibiptc.c
|
e9b4853639bffb0e71d5f7da93736aa8ae34f79b |
14-Sep-2000 |
Rusty Russell <rusty@linuxcare.com.au> |
Fix typo.
ibip4tc.c
|
f92ba9bd4e68659e3c98aa0164cac87540ab3a76 |
14-Sep-2000 |
Rusty Russell <rusty@linuxcare.com.au> |
Add drop table support
ibip4tc.c
|
10758b743d6aa076ebe2c3e8f855e73826841e71 |
14-Sep-2000 |
Rusty Russell <rusty@linuxcare.com.au> |
Added DROPPING chain.
ibip4tc.c
ibiptc.c
|
62527ce5f0ffaa5b18aa118f64c21af238ddc156 |
04-Sep-2000 |
Rusty Russell <rusty@linuxcare.com.au> |
Finally fixed sparc64 counter bug (I hope).
ibiptc.c
|
061063f26e1a0eae9395acd2a3bbf8d13363abd1 |
04-Sep-2000 |
Rusty Russell <rusty@linuxcare.com.au> |
More debugging.
ibiptc.c
|
e1ef1b1ef42e8e2b62488624c6a44c6db63e4895 |
04-Sep-2000 |
Rusty Russell <rusty@linuxcare.com.au> |
More debugging.
ibiptc.c
|
54c307e0ff401f40a6fe382af4ae5bff0f5b40ba |
04-Sep-2000 |
Rusty Russell <rusty@linuxcare.com.au> |
More debugging.
ibiptc.c
|
14a1c9175257f73e936a68ba68d3541278c0e52a |
26-Aug-2000 |
Rusty Russell <rusty@linuxcare.com.au> |
Stop shadowing parameter.
ibiptc.c
|
2ee3fd0a8d4b1ab65cb4077650cda174b779e6f9 |
26-Aug-2000 |
Rusty Russell <rusty@linuxcare.com.au> |
Handle *really* large index values without segfaulting.
ibiptc.c
|
d57390ea8aaeecbcd69ad2b44f76d0f7973363d3 |
23-Aug-2000 |
Rusty Russell <rusty@linuxcare.com.au> |
Better message for table does not exist.
ibiptc.c
|
45fe27fd46b986db49f64c9058b0fbba21c9e01c |
12-Aug-2000 |
Rusty Russell <rusty@linuxcare.com.au> |
Finally resolve dependency problems. (Olivier Baudron's report)
akefile
|
725d97a79cf0b332ed45cb7d254915178328427d |
07-Jul-2000 |
Rusty Russell <rusty@linuxcare.com.au> |
Modifications for new header (entries -> entrytable, for alignment reasons)
ibip4tc.c
ibiptc.c
|
73ef09b21573ddb17ff75e5fd06fd4b52ec8ea40 |
03-Jul-2000 |
Rusty Russell <rusty@linuxcare.com.au> |
More PPC alignment fixes.
ibiptc.c
|
f68ce299449ab886491bbab1a8fb3ce36be3de9f |
05-Jun-2000 |
Rusty Russell <rusty@linuxcare.com.au> |
Made error message clearer.
ibiptc.c
|
5eed48af2516ebce0412121713d285bc30edb10d |
02-Jun-2000 |
Rusty Russell <rusty@linuxcare.com.au> |
Philip Blundell's IPv6 patches.
akefile
ibip6tc.c
|
4e242f822ef0add1359c540ed0cf3acdf74c63f3 |
31-May-2000 |
Rusty Russell <rusty@linuxcare.com.au> |
Minor change for debugging.
ibiptc.c
|
8c700900e2a0cf87d7917cb62578583a60ad1210 |
15-May-2000 |
Philip Blundell <Philip.Blundell@pobox.com> |
Philip Blundell's IPv6 fixes.
ibip4tc.c
ibip6tc.c
ibiptc.c
|
67088e73ce7707229c56987868f112051defca5a |
10-May-2000 |
Rusty Russell <rusty@linuxcare.com.au> |
IPv6 Fixes Alignment fixes.
ibiptc.c
|
88eb835ad207f579ae4ce21cd46f0b564ebd4748 |
10-May-2000 |
Philip Blundell <Philip.Blundell@pobox.com> |
Philip Blundell's IPv6 fixes.
ibip6tc.c
|
3eee010524ae02a3f0786b6d02bef16ab122e1c3 |
10-May-2000 |
Rusty Russell <rusty@linuxcare.com.au> |
Alignment assertion fix.
ibip4tc.c
|
79dee0702b18c8ea1d1f7a2b1f6b29349466986b |
02-May-2000 |
Rusty Russell <rusty@linuxcare.com.au> |
IPv6 enhancements.
akefile
ibip4tc.c
ibip6tc.c
ibiptc.c
|
228e98dd6303af11925235af4cf3c3ec450f3f41 |
27-Apr-2000 |
Rusty Russell <rusty@linuxcare.com.au> |
Alignment fixes (requires kernel patch).
ibiptc.c
|
f3b36fe906d6dc80a568eb427e6b2ffa4093fdf3 |
27-Apr-2000 |
Rusty Russell <rusty@linuxcare.com.au> |
Fixed dependencies for libiptc.a
akefile
|
849779c4adf8dd65c83fffb65e6b7898df2a55c6 |
23-Apr-2000 |
Rusty Russell <rusty@linuxcare.com.au> |
More fixes and testsuite enhancements.
ibiptc.c
|
30fd6e5d45e6013f4df10a226787c7a9f49369c1 |
23-Apr-2000 |
Rusty Russell <rusty@linuxcare.com.au> |
Caching speedups.
ibiptc.c
|
c8264991454b5e77279830736f80ea3153b6f814 |
23-Apr-2000 |
Marc Boucher <marc@mbsi.ca> |
Improved iptc_set_policy error messages.
ibiptc.c
|
ca92443e5a2b6430e334900058b341b440d385d9 |
23-Apr-2000 |
Marc Boucher <marc@mbsi.ca> |
Fix minor compilation problems in match_different() and is_same().
ibiptc.c
|
edf14cf4b5edb148d7473f067d95e7bd1316900b |
19-Apr-2000 |
Rusty Russell <rusty@linuxcare.com.au> |
Changes to allow matching (for delete) on part of a rule, for rules which change in the kernel (eg. ipt_limit).
ibiptc.c
|
90e712a00913fe2a2f885142439c392392dc08a8 |
29-Mar-2000 |
Rusty Russell <rusty@linuxcare.com.au> |
Fix for match_different to correctly traverse the second rule Nasty hack to enable us to delete rules with -m limit
ibiptc.c
|
175f64177743e5a417e98d483ef995bf7151f3bc |
24-Mar-2000 |
Rusty Russell <rusty@linuxcare.com.au> |
libiptc caching to speed up find_label(). Makefile distrib target for userspace.
ibiptc.c
|
2f4e5d92c73906e0dc2ae42fee5c05740528e92b |
24-Mar-2000 |
James Morris <jmorris@intercode.com.au> |
James Morris's problem with libiptc when listing the builtin queue target.
ibiptc.c
|
7e53bf9c2a697abdb6f1385557338423a86612a3 |
20-Mar-2000 |
Rusty Russell <rusty@linuxcare.com.au> |
Makefile fixes for release. Whitespace cleanups.
ibiptc.c
|
e6869a8f59d779ff4d5a0984c86d80db70784962 |
20-Mar-2000 |
Marc Boucher <marc@mbsi.ca> |
reorganized tree after kernel merge
akefile
ibiptc.c
|