• Home
  • History
  • Annotate
  • only in /external/iptables/libiptc/
History log of /external/iptables/libiptc/
Revision Date Author Comments (<<< Hide modified files) (Show modified files >>>)
e3928b77f18db0fdc615693017c6c15eb71bf4e0 02-Apr-2014 JP Abgrall <jpa@google.com> Fixup build so that the update from nefilter.org to 1.4.20 works


* Keep the generated files needed for building.
Used
./configure --enable-static --disable-shared
make
* Update the various Android *.mk files.


Change-Id: If0e45cf6289f0e3dcf3adf73e6ccff86d640f1c0
Signed-off-by: JP Abgrall <jpa@google.com>
ndroid.mk
11ef84b856859e7d4a08625d09c8573e5f5eef63 02-Apr-2014 JP Abgrall <jpa@google.com> Merge remote-tracking branch 'upstream/stable-1.4.20' into update

Conflicts:
.gitignore
include/linux/types.h
libiptc/libiptc.c

Change-Id: I2c949ba9de090db9ae09d914f4ac5c13e5b7d4da
d4cea4666768eeadd0d1fde61e8231bba353d8ee 23-Jan-2014 Colin Cross <ccross@android.com> iptables: remove $(KERNEL_HEADERS) from include path

The kernel headers are already in the include path, and manually
adding them again will break on a multiarch build, where the
kernel headers may be different for each arch.

Change-Id: I20867af3061bbc86d2205f5479c40f6034a61b72
ndroid.mk
9b5ca5cf509bd1ed37ba692082ec6f3f180546c1 05-Dec-2013 Kristian Monsen <kristianm@google.com> Silence all warnings.

Change-Id: I9d180c2da268117a8774290ba49c8774fabd3272
ndroid.mk
72000dcfdc0b0f26ccf52f7b877221bb008a7869 12-Nov-2013 Elliott Hughes <enh@google.com> Fix iptables to build with old or uapi header files.

Bug: 11559337
Change-Id: Iefb938b87e1f29cbf45d8833e9416c38004d9b5e
ibiptc.c
cccfff9309743f173c504dd265fae173caa5b47f 16-Mar-2013 Pablo Neira Ayuso <pablo@netfilter.org> libip6t_NETMAP: Use xtables_ip6mask_to_cidr and get rid of libip6tc dependency

This patch changes the NETMAP target extension (IPv6 side) to use
the xtables_ip6mask_to_cidr available in libxtables.

As a side effect, we get rid of the libip6tc dependency.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
ibip6tc.c
8db1044ba608a78035bbf89007aab6b6d8ff6f68 19-Apr-2012 Miguel GAIO <miguel.gaio@efixo.com> libiptc: fix retry path in TC_INIT

There is an issue on TC_INIT retry path:
In error case, TC_FREE is called and close sockfd.
The retry does not reopen then always fail.

The proposing patch reopens sockfd in retry patch.

Signed-off-by: Miguel GAIO <miguel.gaio@efixo.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
ibiptc.c
c0aa38e22e8a09fcb1898ad0e042eaf6314d2d42 21-Mar-2012 Maciej Żenczykowski <maze@google.com> src: mark newly opened fds as FD_CLOEXEC (close on exec)

By default, Unix-like systems leak file descriptors after fork/exec
call. I think this seem to result in SELinux spotting a strange AVC
log messages according to what I can find on the web.

Fedora 18 iptables source includes this change.

Maciej says:
"iptables does potentially fork/exec modprobe to load modules.
That can cause a selinux 'domain'/'role'/whatever-it-is-called crossing.
You can do automated inspection of what gets carried across such
privilege changes and any unexpected open file descriptors flag
problems, patches like this cut down on the noise."

Signed-off-by: Maciej enczykowski <maze@google.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
ibiptc.c
61b8f7ecb64b3b6fe04d2a6ad9598f66e42ceea8 08-Mar-2012 Franz Flasch <franz.flasch@frequentis.com> iptables: missing free() in function delete_entry()

Fixed a memory leak in the dry run path of function delete_entry().

Signed-off-by: Franz Flasch <franz.flasch@frequentis.com>
Signed-off-by: Christian Engelmayer <christian.engelmayer@frequentis.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
ibiptc.c
1a7732f965c2b09e526eeca8a551538fbdc099ef 08-Mar-2012 Franz Flasch <franz.flasch@frequentis.com> iptables: missing free() in function cache_add_entry()

Fixed a memory leak in the error path of function cache_add_entry().

Signed-off-by: Franz Flasch <franz.flasch@frequentis.com>
Signed-off-by: Christian Engelmayer <christian.engelmayer@frequentis.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
ibiptc.c
7c1b69b97571ddeb8c624b0a1da366a456895a6d 01-Mar-2012 Pablo Neira Ayuso <pablo@netfilter.org> Revert "libiptc: Returns the position the entry was inserted"

This reverts commit d65702c5c5bbab0ef12298386fa4098c72584e6c.

This is breaking my iptables scripts:

iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables: Incompatible with this kernel.
ibiptc.c
d65702c5c5bbab0ef12298386fa4098c72584e6c 04-Jan-2012 Jonh Wendell <jonh.wendell@vexcorp.com> libiptc: Returns the position the entry was inserted

Jan Engelhardt showed no objections to this patch.
ibiptc.c
32a4b7dcaf252348732362cd6d853bf0005b2bdd 18-Dec-2011 Jan Engelhardt <jengelh@medozas.de> Merge branch 'stable'
b8c42eca0f224a00bf55b60ded81af14a1e07da1 18-Dec-2011 Jan Engelhardt <jengelh@medozas.de> libiptc: provide separate pkgconfig files

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
gitignore
akefile.am
ibip4tc.pc.in
ibip6tc.pc.in
ibiptc.pc.in
de4d2d3b716d83a6d3831aaf902c5adb5d1d14c9 27-Aug-2011 Jan Engelhardt <jengelh@medozas.de> libiptc: use a family-invariant xtc_ops struct for code reduction

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
akefile.am
ibip4tc.c
ibip6tc.c
ibiptc.c
14da56743c6cdf25da35b7b5ca7a5d201771990d 27-Aug-2011 Jan Engelhardt <jengelh@medozas.de> src: resolve old macro names that are indirections

Command used:

git grep -f <(pcregrep -hior
'(?<=#define\s)IP6?(T_\w+)(?=\s+X\1)' include/)

and then fix all occurrences.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibip4tc.c
ibip6tc.c
1639fe86579f86f5f6a954a9b0adde2e16ad1980 27-Aug-2011 Jan Engelhardt <jengelh@medozas.de> libiptc: combine common types: _handle

No real API/ABI change incurred, since the definition of the structs'
types is not visible anyhow.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibip4tc.c
ibip6tc.c
ibiptc.c
7e5e866a36a76c153e5903b8251f90cfe07a1d34 27-Aug-2011 Jan Engelhardt <jengelh@medozas.de> libiptc: replace ipt_chainlabel by xt_chainlabel

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibip4tc.c
ibip6tc.c
160f25b09fc5695a65a8aaf485ebece85e1f853c 27-Aug-2011 Jan Engelhardt <jengelh@medozas.de> libiptc: remove unused HOOK_DROPPING thing

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibip4tc.c
ibiptc.c
9cf67deb62f127902e686c48b951861bf848d0ab 11-Sep-2011 Jan Engelhardt <jengelh@medozas.de> libiptc: resolve compile failure

CC libip4tc.lo
In file included from libip4tc.c:118:0:
libiptc.c:70:8: error: redefinition of "struct xt_error_target"
../include/linux/netfilter/x_tables.h:69:8: note: originally defined here

Remove libiptc's duplicate definition and substitute names.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibiptc.c
96d0d0130a9a08803406c5c18681903446088ebf 10-Jun-2011 Jiri Popelka <jpopelka@redhat.com> iptables: Coverity: DEADCODE

libiptc.c:407: dead_error_condition: On this path, the condition
"res > 0" cannot be false.
libiptc.c:396: at_least: After this line, the value of "res" is at
least 1.
libiptc.c:393: equality_cond: Condition "res == 0" is evaluated as
false.
libiptc.c:396: new_values: Noticing condition "res < 0".
libiptc.c:425: new_values: Noticing condition "res < 0".
libiptc.c:407: new_values: Noticing condition "res > 0".
libiptc.c:435: dead_error_line: Execution cannot reach this statement
"return list_pos;".

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibiptc.c
8b4807f0a1d98f1d980d3d616ad565c9b72d7c49 11-Jun-2011 JP Abgrall <jpa@google.com> Post-merge fixup. Add new Android.mk, re-checkin generated files

They have no more compilable files in the top dir.
Created extra Android.mk for each subdir.

Regenerated the
include/iptables/internal.h and
include/xtables.h
with
./autogen.sh
export ANDROID_ROOT=$(gettop)/prebuilt/linux-x86/toolchain/arm-linux-androideabi-4.4.x/
./configure -host=arm-eabi CC=arm-linux-androideabi-gcc CPPFLAGS="$funky_includes" CFLAGS="-nostdlib" LDFLAGS="-Wl,-rpath-link=$ANDROID_ROOT/arm-linux-androideabi/lib -L$ANDROID_ROOT/arm-linux-androideabi/lib"

Change-Id: Ia57ed699edd32ffce16e94e2f13fb93d94924a04
ndroid.mk
ebf81627b1a2f50fd47add49f9976ed430a19673 11-Jun-2011 JP Abgrall <jpa@google.com> Merge git://git.netfilter.org/iptables into v1.4.11_upstream

Using theirs, as they have taken some of my prior changes\
with some improvements.


Conflicts:
include/xtables.h.in
iptables/xtables.c
iptables/xtoptions.c

Change-Id: I8e1e537fbb868eeebb448c8f1d9e33b283448aac
38ffc9dc5bb9f2b1d01bf0b0e28b7323b135f1ea 08-Jun-2011 Jan Engelhardt <jengelh@medozas.de> build: re-add missing CPPFLAGS for libiptc

These got lost on commit v1.4.11-12-g5c8f5b6.

Note: When /usr/include/libiptc/libiptc.h exists, this error is
masked away :-/ (IMO, #include-with-quotes "foo.h" should not
search system dirs...)

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
akefile.am
5c8f5b60aa8e24da0bd25824f0f85bf7a4a39ea7 07-Jun-2011 Jan Engelhardt <jengelh@medozas.de> src: move all libiptc pieces into its directory

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
gitignore
akefile.am
ibiptc.pc.in
7d91a2accc92d13bb32bf881831e9c9a8b4d7734 30-May-2011 Jan Engelhardt <jengelh@medozas.de> build: remove dead code parts

gcc-4.6 has a new warning, -Wunused-but-set-variable, which flags
no-op code.

CC libiptc/libip4tc.lo
In file included from libiptc/libip4tc.c:118:0:
libiptc/libiptc.c: In function "iptcc_chain_index_delete_chain":
libiptc/libiptc.c:611:32: warning: variable "index_ptr2" set but not used
libiptc/libiptc.c: In function "alloc_handle":
libiptc/libiptc.c:1282:9: warning: variable "len" set but not used
CC libiptc/libip6tc.lo
In file included from libiptc/libip6tc.c:113:0:
libiptc/libiptc.c: In function "iptcc_chain_index_delete_chain":
libiptc/libiptc.c:611:32: warning: variable "index_ptr2" set but not used
libiptc/libiptc.c: In function "alloc_handle":
libiptc/libiptc.c:1282:9: warning: variable "len" set but not used
CC xtables_multi-iptables-xml.o
iptables-xml.c: In function "do_rule_part":
iptables-xml.c:376:8: warning: variable "thisChain" set but not used
CC xtables_multi-ip6tables.o
ip6tables.c: In function "print_firewall":
ip6tables.c:552:10: warning: variable "flags" set but not used

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibiptc.c
16bd81be22ba2753e26f6a9ee6cb291e1e707d0d 19-May-2011 JP Abgrall <jpa@google.com> androidifying: fixup includes and extraneous typedefs for __ANDROID__

The current could would take steps to define missing types, and include
extra stuff based on GLIBC defines/versions.
Make those places be ANDROID aware.

Change-Id: I2d1f03e3c0f7f53250288a84db4c9ccf0431d482
Signed-off-by: JP Abgrall <jpa@google.com>
ibip4tc.c
ibip6tc.c
dcd1ad89105faf1f3a9a3febdb970b70c5466518 09-May-2011 Jan Engelhardt <jengelh@medozas.de> src: replace old IP*T_ALIGN macros

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibip4tc.c
ibip6tc.c
d59b9db031abee37a9aa9776662dd15370faabf4 08-Mar-2011 Stefan Tomanek <stefan.tomanek@wertarbyte.de> iptables: add -C to check for existing rules

It is often useful to check whether a specific rule is already present
in a chain without actually modifying the iptables config.

Services like fail2ban usually employ techniques like grepping through
the output of "iptables -L" which is quite error prone.

This patch adds a new operation -C to the iptables command which
mostly works like -D; it can detect and indicate the existence of the
specified rule by modifying the exit code. The new operation
TC_CHECK_ENTRY uses the same code as the -D operation, whose functions
got a dry-run parameter appended.

Signed-off-by: Stefan Tomanek <stefan.tomanek@wertarbyte.de>
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibip4tc.c
ibip6tc.c
ibiptc.c
7ac405297ec38449b30e3b05fd6bf2082fd3d803 07-Jan-2011 Jan Engelhardt <jengelh@medozas.de> src: use C99/POSIX types

"u_int" was a non-standardized extension predating C99 on some platforms.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibip4tc.c
390755ded5e4e8b0dcfa97443a95268bfa03e952 18-Feb-2010 Dmitry V. Levin <ldv@altlinux.org> libip4tc: Add static qualifier to dump_entry()

Change dump_entry() signature defined in libip4tc.c to match prototype
declared in libiptc.c and another static dump_entry() function defined
in libip6tc.c. This function is not a part of the public libiptc API.

Signed-off-by: Dmitry V. Levin <ldv@altlinux.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
ibip4tc.c
7c4d668c9c2ee007c82063b7fc784cbbf46b2ec4 26-Oct-2009 Jan Engelhardt <jengelh@medozas.de> libiptc: fix wrong maptype of base chain counters on restore

When a ruleset that does not reset any chain policies/counters, such as

*filter
COMMIT

is sourced by iptables-restore, the previous policy and counters
(i.e. the ones read from the kernel) are reused. The counter skew
offsetting is wrong however, causing the read value to be readded to
the kernel value. This manifests itself in practice by the counter
value almost doubling everytime iptables-restore is called.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibiptc.c
51651b64fffc58d4f58d005fa7dc0d9669147c57 23-Oct-2009 Jan Engelhardt <jengelh@medozas.de> libiptc: avoid strict-aliasing warnings

In file included from libiptc/libip4tc.c:117:0:
libiptc/libiptc.c: In function ‘__iptcc_p_del_policy’:
libiptc/libiptc.c:826:4: warning: dereferencing type-punned pointer will break
strict-aliasing rules
libiptc/libiptc.c: In function ‘iptc_get_target’:
libiptc/libiptc.c:1650:4: warning: dereferencing type-punned pointer will break
strict-aliasing rules
libiptc/libip4tc.c: In function ‘dump_entry’:
libiptc/libip4tc.c:157:3: warning: dereferencing type-punned pointer will break
strict-aliasing rules
CC libiptc/libip6tc.lo
In file included from libiptc/libip6tc.c:112:0:
libiptc/libiptc.c: In function ‘__iptcc_p_del_policy’:
libiptc/libiptc.c:826:4: warning: dereferencing type-punned pointer will break
strict-aliasing rules
libiptc/libiptc.c: In function ‘ip6tc_get_target’:
libiptc/libiptc.c:1650:4: warning: dereferencing type-punned pointer will break
strict-aliasing rules
libiptc/libip6tc.c: In function ‘dump_entry’:
libiptc/libip6tc.c:188:3: warning: dereferencing type-punned pointer will break
strict-aliasing rules

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibip4tc.c
ibip6tc.c
ibiptc.c
a9c79c7ba494b39bad959a0c833e58a343686272 23-Oct-2009 Jan Engelhardt <jengelh@medozas.de> libiptc: remove unused functions

Fix the two warnings in libiptc.c:

CC libiptc/libip4tc.lo
libiptc/libiptc.c:1570:1: warning: ‘iptc_num_rules’ defined but not used
libiptc/libiptc.c:1586:1: warning: ‘iptc_get_rule’ defined but not used
CC libiptc/libip6tc.lo
libiptc/libiptc.c:1570:1: warning: ‘ip6tc_num_rules’ defined but not used
libiptc/libiptc.c:1586:1: warning: ‘ip6tc_get_rule’ defined but not used

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
ibiptc.c
c9477d0dcd01af5d1ee6c95c757a8c814fb3be63 23-Mar-2009 Jesper Dangaard Brouer <hawk@comx.dk> libiptc: give credits to my self

Add notes about my scalability work on the library libiptc.
This should make in more obvious who to complain to.

Signed-off-by: Jesper Dangaard Brouer <hawk@comx.dk>
Signed-off-by: Patrick McHardy <kaber@trash.net>
ibiptc.c
a9fe5b3d62e4e974e9517b23d0bf7f0f146ed11e 23-Mar-2009 Jesper Dangaard Brouer <hawk@comx.dk> libiptc: fix whitespaces and typos

Cleanup whitespaces while going through the code.

Signed-off-by: Jesper Dangaard Brouer <hawk@comx.dk>
Signed-off-by: Patrick McHardy <kaber@trash.net>
ibiptc.c
64ff47cde38e48b621883947fd61b9b1357f9451 23-Mar-2009 Jesper Dangaard Brouer <hawk@comx.dk> libiptc: fix chain rename bug in libiptc

Chain renaming (TC_RENAME_CHAIN) can result in an unsorted
chain list. That breaks the requirement of the binary search
done in iptcc_bsearch_chain_index().

Signed-off-by: Jesper Dangaard Brouer <hawk@comx.dk>
Signed-off-by: Patrick McHardy <kaber@trash.net>
ibiptc.c
7cd15e367cc81c839ef2ca061d201c46ca1deb7c 23-Mar-2009 Christoph Paasch <christoph.paasch@gmail.com> libiptc: avoid compile warnings for iptc_insert_chain

iptc_insert_chain is too big to get inlined and so it generates
a warning while compiling.

Signed-off-by: Christoph Paasch <christoph.paasch@gmail.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
ibiptc.c
0eee3009e7015b82a46b2eccad91f759d75ec4df 26-Nov-2008 Jan Engelhardt <jengelh@medozas.de> libiptc: guard chain index allocation for different malloc implementations

Some libc implementations such as �Clibc return NULL on malloc(0).
They are free to do that per C standard.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signeed-off-by: Patrick McHardy <kaber@trash.net>
ibiptc.c
175f451104532f3054b1824695d16a4ee1d8ea34 10-Nov-2008 Jan Engelhardt <jengelh@medozas.de> libiptc: make sockfd a per-handle thing

Get away from this singleton.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
ibiptc.c
d73af64b9d28a5b0309104232c848e8ca8ab6956 10-Nov-2008 Jan Engelhardt <jengelh@medozas.de> libiptc: use hex output for hookmask

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
ibiptc.c
de899697fd8eb18e828e806ffab04d053208bbf2 10-Nov-2008 Jan Engelhardt <jengelh@medozas.de> libiptc: remove unused iptc_get_raw_socket and iptc_check_packet

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
ibip4tc.c
ibip6tc.c
ibiptc.c
1c9015b2cb483678f153121255e10ec0bbfde3e6 10-Nov-2008 Jan Engelhardt <jengelh@medozas.de> libiptc: remove indirections

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
ibiptc.c
fd1873110f8e57be578df17fc9d03536b10f4f73 10-Nov-2008 Jan Engelhardt <jengelh@medozas.de> libiptc: remove typedef indirection

Don't you hate it when iptc_handle_t *x actually is a double-indirection
struct iptc_handle **? This also shows the broken constness model, since
"const iptc_handle_t x" = "iptc_handle_t const x" =
"struct iptc_handle *const x", which is like no const at all.
Lots of things to do then.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
ibip4tc.c
ibip6tc.c
ibiptc.c
4eb03c8e087c4cc438f2cbc0ff6a5e9b85f6d4fb 24-Sep-2008 Jesper Dangaard Brouer <hawk@comx.dk> libiptc: remove old fixme

Chains _are_ sorted, binary search depend on it!

Signed-off-by: Jesper Dangaard Brouer <hawk@comx.dk>
Signed-off-by: Patrick McHardy <kaber@trash.net>
ibiptc.c
4bae3f1001028ee283a5e1fcea4a561b0068f95d 03-Jul-2008 Jesper Dangaard Brouer <hawk@comx.dk> libiptc: fix scalability performance issue during initial ruleset parsing

Finding jump chains is slow O(Chain*Rules).

The problem:
is that the chain list is searched lineary for each rule with a jump
target. The problem lies in the "second pass" (of function
parse_table) where the userchain jump targets are found. For each
rule "R" with a IPTCC_R_JUMP target, function
iptcc_find_chain_by_offset() searches through the chains "C" in the
chain list (worst-case hitting the last one).

The solution:
in this patch is to speed up iptcc_find_chain_by_offset() by using
binary search. Reducing complexity from O(C) to O(log C).

Implementation:
Its possible to use the same bsearch algorithm and data structure
(chain_index), as used for chain name searching.

How is that possible:
One has to realize that the chains are both sorted by name and
offsets, this is because the chains are already sorted in the ruleset
from the kernel.

Signed-off-by: Jesper Dangaard Brouer <hawk@comx.dk>
Signed-off-by: Patrick McHardy <kaber@trash.net>
ibiptc.c
526d3e138635e33773d1ca16477052a04f53f5bd 03-Jul-2008 Jesper Dangaard Brouer <hawk@comx.dk> libiptc: minor bugfix

Minor bugfix, an extra check is needed if the tail element is a
builtin chain, as builtin chains are not sorted.

Signed-off-by: Jesper Dangaard Brouer <hawk@comx.dk>
Signed-off-by: Patrick McHardy <kaber@trash.net>
ibiptc.c
1f23d3c2544f4329b31804392abc4eff434ba308 07-Jun-2008 Patrick McHardy <kaber@trash.net> libiptc: move variable definitions to head of function

Signed-off-by: Patrick McHardy <kaber@trash.net>
ibiptc.c
5a2208c3e62a150e6f6297abbfa63056ab4a8066 04-Jun-2008 Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> Use s6_addr32 to access bits in int6_addr instead of incompatible name

Spotted by Khem Raj <raj.khem@gmail.com>

Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>
Signed-off-by: Patrick McHardy <kaber@trash.net>
ibip6tc.c
8b7c64d6ba156a99008fcd810cba874c73294333 15-Apr-2008 Jan Engelhardt <jengelh@medozas.de> Remove old functions, constants
ibiptc.c
21b41eea4724c57d2b6e5998cf38255046e43ad3 11-Feb-2008 Jan Engelhardt <jengelh@medozas.de> Combine IP{,6}T_LIB_DIR into XTABLES_LIBDIR
ibiptc.c
33690a1aec0b6309ff90066ca56285b6e43013f2 11-Feb-2008 Jan Engelhardt <jengelh@medozas.de> Fix all remaining warnings (missing declarations, missing prototypes)
ibiptc.c
dbb77543ad6afe29e9a1881b2d4fc212de621a55 11-Feb-2008 Jan Engelhardt <jengelh@medozas.de> Fix -Wshadow warnings and clean up xt_sctp.h

Note: xt_sctp.h is still not merged upstream in the kernel as of
this commit. But a refactoring was really needed.
ibiptc.c
2f93205b375ee9f5a383f8041749a9b989012dd0 02-Apr-2008 Patrick McHardy <kaber@trash.net> Retry ruleset dump when kernel returns EAGAIN.

Bugzilla #104
ibiptc.c
2b62b62509dfccdb6ebbb17628aad95fb7681a89 20-Jan-2008 Patrick McHardy <kaber@trash.net> Remove obsolete file
akefile
01444da4cb70417d2dc2643e2d48c70de7ff8e96 15-Jan-2008 Jesper Dangaard Brouer <hawk@comx.dk> Solving scalability issue: for chain list "name" searching.

Solving scalability issue: for chain list "name" searching.
Functions: iptcc_find_label(), iptc_is_chain().

Testing if a chain exist, requires a linearly walk of linked list with
chain-names (doing a strcmp(3) in each step). Giving a worst-case
runtime of O(n) where n is the number of chains.

Why is this important to fix?! If only called once, this should not be
a big concern, even-though the string compares are expensive.

The performance issue arise with many chains for example; when using
"iptables-restore", or when listing all "iptables -nL" rules, or when
using CPAN IPTables::libiptc.

Having 50k chains, the rule listing, with the command:
"./iptables -nL > /dev/null",
Without patch it takes approximately 5 minutes,
With the patch it takes 0.5 seconds.

Listing without patch:
real 4m49.426s
user 4m37.993s
sys 0m0.280s

Listing with patch:
real 0m0.558s
user 0m0.484s
sys 0m0.064s

How is it solved?!

The issue is solved introducing a new data structure, that allow us to
do binary search of chain names. Thus, reducing the worst-case runtime
to O(log n).

Being more specific:

The new data structure is called "chain index", which is an array with
pointers into the chain list, with CHAIN_INDEX_BUCKET_LEN spacing.
This facilitates the ability to speedup chain list searching, by find
a more optimal starting points when searching the linked list.

The runtime complexity is actually also affected by this "bucket" size
concept. Thus, O(log(n/k) + k) where k is CHAIN_INDEX_BUCKET_LEN.

A nice property of the chain index, is that the "bucket" list
length is max CHAIN_INDEX_BUCKET_LEN (when just build, inserts will
change this). Oppose to hashing, where the "bucket" list length can
vary a lot.

Signed-off-by: Jesper Dangaard Brouer <hawk@comx.dk>
ibiptc.c
48bde40e73b45ad134d32cde88b779fe509faf64 15-Jan-2008 Jesper Dangaard Brouer <hawk@comx.dk> Introduce a counter for number of user defined chains.

Introduce a counter for number of user defined chains.

Signed-off-by: Jesper Dangaard Brouer <hawk@comx.dk>
ibiptc.c
910939897ea0cb9be2729a98c60a92e807aad5c3 15-Jan-2008 Jesper Dangaard Brouer <hawk@comx.dk> Inline functions iptcc_is_builtin() and set_changed().

The two functions are obvious candidates for inlining.
Using gprof(1) shows that they actually affects performance.

Signed-off-by: Jesper Dangaard Brouer <hawk@comx.dk>
ibiptc.c
1336451ead58d608618ff5b0a251d132b73f9866 12-Dec-2007 Jesper Dangaard Brouer <hawk@comx.dk> More safe chain sorting, improving r7098

This patch is an improvment of r7098 (made by me).

Assuring compatibility between 1.4.0 and older versions,
regarding chain sorting.

Chains from kernel are already sorted, as they are inserted
sorted. But there exists an issue when shifting to 1.4.0
from an older version, as old versions allow last created
chain to be unsorted. This unsorted chain would survive in
1.4.0, as chains are now only sorted on creation.

This patch verifies that chains are sorted, if not it fixes the sorting.

Signed-off-by: Jesper Dangaard Brouer <hawk@comx.dk>
ibiptc.c
f791a5d77d09a689da95e9899cb0eb15b1401ddf 04-Dec-2007 Patrick McHardy <kaber@trash.net> Fix sockfd use accounting for kernels without autoloading
ibiptc.c
d8cb787ab44e9d2de4fd3b04fcaa370c9918fc5d 28-Nov-2007 Jesper Dangaard Brouer <hawk@comx.dk> iptables/libiptc perf issue: Sorting chain during pull-out

Performance optimize scalability issue:
Sorting chain during pull-out give worst-case runtime O(Chains2).

When pulling out the blob, every chain name is inserted alphabetically
into a linked list (by function iptc_insert_chain()). The problem
with this approach is that the chain names delivered in the blob is
already sorted (as we push it back to the kernel sorted).

This cause chain parsing to always process every element in the chain
list and finish with a tail add. Causing worst-case runtime O(C2/2)
for alphabetically sorting of chains.

The patch solves this by only calling iptc_insert_chain() when
creating new chains.

Signed-off-by: Jesper Dangaard Brouer <hawk@comx.dk>
ibiptc.c
97fb2f1579f0794377db1dca7c5bb07fade1a0dc 08-Sep-2007 Patrick McHardy <kaber@trash.net> Fix unused function warning
ibiptc.c
0b63936140032deac44072951451bdf47b54296a 08-Sep-2007 Patrick McHardy <kaber@trash.net> Fix more sparse warnings: non-C99 array declaration, incorrect function prototypes
ibiptc.c
ea146a982e26c42f9954f140276f8deeb2edbe98 02-Sep-2007 Peter Riley <Peter.Riley@hotpop.com> Remove last vestiges of NFC (Peter Riley <Peter.Riley@hotpop.com>)
ibip4tc.c
ibip6tc.c
7d5cc229064b0e718046b9ecaebad3426dfff15f 30-Jun-2007 Yasuyuki KOZAKAI <yasuyuki@netfilter.org> Removes KERNEL_64_USERSPACE_32

The recent kernel has compat layer for iptables. It doesn't have
compat layer for libipq and ip6tables, but ip6tables with
KERNEL_64_USERSPACE_32 is still broken. We should fix kernel instead of
fixing them if and when we want use their 32bit binary with 64bit kernel.
ibiptc.c
e5bd1d779fab33353c1dc2d2fa49db639dcebd38 22-Aug-2006 Andy Gay <andy@andynet.net> iptables -Z clears the per-rule counters, but not the chain policy counters (Andy Gay <andy@andynet.net>)

https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=502
ibiptc.c
04a1e4cabd185d7a93bea1ece276343044d9ecd4 25-Jul-2006 Patrick McHardyJesper Brouer <kaber@trash.nethawk@diku.dk> BUG: libiptc chain references bug (Jesper Brouer <hawk@diku.dk>)

Correcting a chain references increment bug in libiptc.

The bug lies in function iptc_delete_entry() / TC_DELETE_ENTRY. The
problem is the construction of "r" the rule entry, that is used for
comparison. The problem is that the function iptcc_map_target()
increase the target chains references count.
ibiptc.c
70067291528bb949fac8a584e782f2b4c38e4c16 05-Jul-2006 Phil Oester <kernel@linuxace.com> libiptc symbols clash (Phil Oester <kernel@linuxace.com>)

As reported by Dmitry Levin, the TC_NUM_RULES and TC_GET_RULE exports
clash. His patch below, resolving bug #456
ibip4tc.c
ibip6tc.c
e0865ad29d53b0d3d34b5cc8b5e023eb593172a8 22-Apr-2006 Patrick McHardy <kaber@trash.net> Don't overwrite errno with return value of setsockopt (which is -1 on error).
Fixes "Unknown error 4294967295" message (bugzilla #460).
ibiptc.c
a7dd0e41b7fc06b4b9f62d031b72fa0e778a204d 22-Apr-2006 Patrick McHardyHarald Welte <kaber@trash.netlaforge@gnumonks.org> Revert incorrect fix for "Unknown error 4294967295" problem
ibiptc.c
2998554a0f7fa98d22ca2076af4e6aa490d1ddae 21-Apr-2006 Harald Welte <laforge@gnumonks.org> When entering an invalid command (such as iptables -A INPUT -j MARK --set-mark
1), the error message "Unknown error 4294967295" is displayed; (Closes: #460)
ibiptc.c
0fbc8622895f1763b8815e058fb9a618ff4c629a 09-Feb-2006 Harald Welte <laforge@gnumonks.org> don't install libiptc.a
akefile
d6ba6f57658ee2fee7cf763259e8a0c601479989 12-Nov-2005 Harald Welte <laforge@gnumonks.org> - Fix memory leak in TC_COMMIT() (Markus Sundberg)
- Cleanup error path of TC_COMMIT()
- Correctly propagate errors of setsockopt to calling function
ibiptc.c
feca0578a5d035122b4b7cdb8d44d6cca819f35c 31-Jul-2005 Robert de Barth <list-netfilter@debarth.co.uk> _really_ sort only user defined chains (Robert de Barth <list-netfilter@debarth.co.uk>
ibiptc.c
efa8fc2123a2a9fc229ab471edd2b2688ce1da3a 20-Jul-2005 Harald Welte <laforge@gnumonks.org> get rid of numerous gcc-4 warnings
ibiptc.c
5ee88622ef8f38e5f6b6c60ca1ab61d8f93a0e82 23-Jun-2005 Pablo Neira <pablo@eurodev.net> fix deletion of targets where kernel size != userspace size (Pablo Neira)
ibip4tc.c
ibip6tc.c
9d3ed77341361674994f584ff69a61f31a342739 05-Mar-2005 Olaf Rempel <razzor@kopf-tisch.de> Restore chain order (Olaf Rempel <razzor@kopf-tisch.de>)
ibiptc.c
8115e5425721cd610b6390c3d4c24540773b0520 14-Feb-2005 Pablo Neira <pablo@eurodev.net> Kill NFC_* stuff in iptables (Pablo Neira <pablo@eurodev.net>)
Fixes build with conntrack event patch for 2.6
ibip4tc.c
ibip6tc.c
e37c0dc100c51541accf81e4763d0cdba807db34 04-Feb-2005 Phil Oester <kernel@linuxace.com> Revert the recent addition of memset()'s to TC_COMMIT. One of them is bogus and the other one needs more investigation to why valgrind is complaining.

Noticed and reverted by Phil Oester.
ibiptc.c
ec30b6c4d3ebb09d2c05e44f3904428893ef13bd 01-Feb-2005 Harald Welte <laforge@gnumonks.org> re-implement alphabetic sorting to not confuse users who upgrade to 1.3.0
ibiptc.c
664c0a30b7963040da2e7a7e86dc56a0f1a829b5 01-Feb-2005 Derrik Pates <demon@devrandom.net> - Sets the 'iptc_fn' global variable to the pointer to the current functions in all major TC_* functions. This is necessary because in certain cases, an error return from a function that doesn't set 'iptc_fn' will conflict with a function-specific error return from one that does, causing TC_STRERROR() to return the wrong error string. This ensures that the right one will be returned.
- Implements a simple reference counter for the netlink socket global variable 'sockfd'; this is necessary for IPTables::IPv4, where multiple tables (filter, nat, mangle, untracked) may be opened at one time. The way libiptc does it in the official version causes previously-opened tables to break such that attempts to commit changes will fail.
- Adds a couple of memset() invocations in TC_COMMIT, based on past analysis with valgrind. It claimed that allocated structure were not being fully initialized, and adding the memset()s corrected this warning.
(Derrik Pates <demon@devrandom.net>)
ibiptc.c
3aef54dce4f9bbe0b466478fd33a1d3131efbbb8 03-Jan-2005 Rusty Russell <rusty@rustcorp.com.au> Extension revision number support (if kernel supports the getsockopts).
Enhance MARK match with second revision.
Committed in anticipation of the kernel patch being applied.
ibiptc.c
daade4452715cbd1feea05d5231c5e38e3b0b98b 29-Dec-2004 Rusty Russell <rusty@rustcorp.com.au> Stupid typo that meant we didn't compare target data when doing delete-by-matching-rule (found by nfsim test).
ibiptc.c
0f9b8b158bb71b96c6b2908f5bf7bb9670ff4eb0 18-Dec-2004 Martin Josefsson <gandalf@wlug.westbo.se> Implement some optimization for finding rules to replace in TC_REPLACE_ENTRY.
Stolen from TC_DELETE_NUM_ENTRY.
ibiptc.c
733e54b8250576d6a1e0ab5621ef5b144abdf018 16-Dec-2004 Rusty Russell <rusty@rustcorp.com.au> Make "is_same" test basics and entries only: targets are generic.
Make target testing aware of different kinds of rules.
Change reverse logic: target_different now target_same.
Set type to MODULE in iptcc_map_target.
Add testcase for this.
ibip4tc.c
ibip6tc.c
ibiptc.c
e45c71321e77735a1d66b180f8a29bea33aeb1b0 16-Dec-2004 Rusty Russell <rusty@rustcorp.com.au> Remove GET_TARGET() define: this was for compiling iptables for debugging (ie. without -O) on old kernels where ipt_get_target() was defined "extern inline". These days it's "static inline", and only developers build without -O anyway.
Fix up DUMP_ENTRIES a little, but remove calls: it only dumps the table as loaded, not the changed (cached) table, which is misleading.
Fix TC_DELETE_ENTRY: we need to use iptcc_map_target() before comparing, otherwise "-j DROP" (as an example) doesn't work.
ibiptc.c
a5616dcfafd33fa46a03a8c270e5e09b2fba7cb1 25-Oct-2004 Martin Josefsson <gandalf@wlug.westbo.se> Search backwards when inserting/deleting in/from the top half of the rules in a chain.

before:

insert 50k rules without any previous rules
real 0m1.314s
user 0m1.184s
sys 0m0.123s

insert 50k with one already existing rule
real 2m38.052s
user 2m37.296s
sys 0m0.353s

insert 50k rules in the middle of 20k already existing rules
real 2m43.831s
user 2m43.005s
sys 0m0.414s

delete rule #70000 10k times with 100k rules
real 1m37.990s
user 1m37.247s
sys 0m0.500s


after:

insert 50k without any previous rules
real 0m1.315s
user 0m1.184s
sys 0m0.125s

insert 50k with one already existing rule
real 0m1.313s
user 0m1.189s
sys 0m0.119s

insert 50k rules in the middle of 20k already existing rules
real 0m8.550s
user 0m8.327s
sys 0m0.197s

delete rule #70000 10k times with 100k rules
real 0m35.566s
user 0m35.062s
sys 0m0.416s
ibiptc.c
631f3619b7fb597f5e1c8f61c7178d64be7c144f 23-Sep-2004 Martin Josefsson <gandalf@wlug.westbo.se> Replace O(n) with O(1) when TC_INSERT_ENTRY() inserts an entry at the end.
Do the same with TC_DELETE_NUM_ENTRY() when deleting the last rule.

My rule management script does both of these things in certain situations.
Created a file with 50.000 rules which my script converted into
iptables-restore format but inserting each rule with an index instead of
appending like the iptables-save output does. That took a while without this
optimization. Same thing when deleting the 45.000 last rules in that chain,
the script outputs deletes by number starting from the bottom.

Inserting or deleting (by number) in the middle of the chain is still O(n)
where n is the rulenumber where the insert/delete is taking place.
ibiptc.c
12009531e6a96a62ee398eb0ab3e9ec0b3b57701 23-Sep-2004 Martin Josefsson <gandalf@wlug.westbo.se> Spelling error.
ibiptc.c
b0f3d2d7261be3fe256a66abcc237241fea43a02 23-Sep-2004 Martin Josefsson <gandalf@wlug.westbo.se> Fix returnvalue of TC_BUILTIN()

All jumps to nonexisting chains were believed to be jumps to builtin chains,
that's bad as it made it impossible to add rules with external targets.
ibiptc.c
ad3b4f9973ac15981b98b8fc4d364ef1ce524212 23-Sep-2004 Martin Josefsson <gandalf@wlug.westbo.se> Make sure to zero all the memory we allocate for the new table.
Makes flushing of chains containing more than a few entries work without
potentially oopsing the kernel.
ibiptc.c
2a5dbbb883fb0cc8a122b47a5d8e08ef3e6ff5bc 22-Sep-2004 Martin Josefsson <gandalf@wlug.westbo.se> Make TC_DELETE_ENTRY() and TC_DELETE_NUM_ENTRY() actually do something practical
ibiptc.c
8e795b0ad07174eed4172f8d7237b3abdd9d0e15 22-Sep-2004 Martin Josefsson <gandalf@wlug.westbo.se> Fix two more rulenumber off by 1 errors
ibiptc.c
eb066cc4fb75a616400eaf38dfa31c052c76cf5c 22-Sep-2004 Martin Josefsson <gandalf@wlug.westbo.se> Insertion of rules with -I was broken.
It checked if a rule existed on the position we were inserting to.
Thus inserting into an empty chain didn't work.
And it didn't care about the fact that the first rule in the chain has index 1
the rulenumer we get starts at 0...
ibiptc.c
8d1b38a064d146c77eb8fc951717663e1a713cfc 22-Sep-2004 Martin Josefsson <gandalf@wlug.westbo.se> Fix rule counting
ibiptc.c
52c380208a87191a8c25608d2c501c0dc32aa9ad 22-Sep-2004 Martin Josefsson <gandalf@wlug.westbo.se> Fix listing of module targets.
Type was only set for standard targets.

Harald: please review.
ibiptc.c
0371c0c5eb17c81e8dd44c4aa31b58318e9b7b72 19-Sep-2004 Harald Welte <laforge@gnumonks.org> fix segfault from memory allocation: handle->entries is actualy struct ipt_get_entries plus the size
ibiptc.c
fe53707285c250c6bb1e434ea6f8271cf061c67b 30-Aug-2004 Harald Welte <laforge@gnumonks.org> add delete by matching-rule to libiptc2 (still untested)
ibiptc.c
aae69bed019826ddec93f761514652a93d871e49 30-Aug-2004 Harald Welte <laforge@gnumonks.org> complete libiptc rewrite. Time to load 10k rules goes down from 2.20 minutes to 1.255 seconds (!). Might still contain bugs, use with caution.
ibip4tc.c
ibip6tc.c
ibiptc.c
inux_list.h
inux_stddef.h
a28d495285ad7dd9f286d63958cf20d74eec6bcb 26-May-2004 Martin Josefsson <gandalf@wlug.westbo.se> Get rid of some warnings when compiling 64bit.
ibip4tc.c
ibip6tc.c
ibiptc.c
15920d160760535e51a57b3834eba45257cfa6d8 16-May-2004 Harald Welte <laforge@gnumonks.org> cosmetic fix (space between include directive and filename)
ibiptc.c
7cd002826d0f329620cb738bc4dc4760ef5e084a 14-May-2004 Stephane Ouellette <ouellettes@videotron.ca> Compiler warnings due to missing include files (Stephane Ouellette)
ibiptc.c
073df8feb0a8c4023ce40138e519ac9b341b1ca2 31-Jan-2004 Karsten Desler <kdesler@soohrt.org> Fix even more possibly not zero-terminated strings after copy (Karsten Desler)
ibiptc.c
0113fe75ff05e09e6f3d251534d9ae32e9aa717c 06-Jan-2004 Harald Welte <laforge@gnumonks.org> oops, don't commit this to the stable tree
ibiptc.c
9e03380e9f78ae347ae4f3f041c4eca50348f2e8 06-Jan-2004 Harald Welte <laforge@gnumonks.org> commit all current changes
ibiptc.c
50fceae8f9b25bbe4effed74321e51916c1ce8b6 08-Oct-2003 Harald Welte <laforge@gnumonks.org> sorry, this one didn't make it in 1.2.9rc1 :(
ibip6tc.c
4dc734c73cc4a0ff87c0ce3673544628b58c7e24 07-Oct-2003 Harald Welte <laforge@gnumonks.org> add support for the raw table to userspace
ibip4tc.c
0acde1f28a576f5d4f2b51881555c31644940372 05-Jul-2003 Martin Josefsson <gandalf@wlug.westbo.se> fix rule deletion in modified libiptc (Martin Josefsson)
ibiptc.c
cc7bb65ed37e366098983450a6f65d5f9bfaac4a 24-Jun-2003 Harald Welte <laforge@gnumonks.org> fix ipv6_prefix_length endianness bugs (Closes: #103)
ibip6tc.c
fbc85236a6140918ab1d0fb0e07e2d72da46ce45 24-Jun-2003 Harald Welte <laforge@gnumonks.org> Add my recent performance optimization work, might destabilize iptables.
Please report bugs to bugzilla, we need to fix this up before releasing
the next iptables version.
ibiptc.c
3ea8f40262386e6b1445a617841f28702fe74d9d 23-Jun-2003 Harald Welte <laforge@gnumonks.org> implement chain cache ussing relative offsets instead of absolute entry
pointers. This is needed for my current libiptc optimization work, since
it needs the chain cache to still be correct after it has been reallocated
to a different address.
ibiptc.c
e560fd604284180f3ab522993c5b8e6f424ef1d9 13-Jun-2003 Martin Josefsson <gandalf@wlug.westbo.se> Fix possible doubleclose of sockfd.
This shouldn't break anything, things were already broken.
ibiptc.c
841e4aed2349046eb2c0b1375139c06569a93bd0 02-May-2003 Martin Josefsson <gandalf@wlug.westbo.se> fix memory leak(s) in libiptc. Reverts the previous (wrong) patch. (Martin Josefsson)
ibip4tc.c
ibip6tc.c
ibiptc.c
23a6b4564bc6edecd888530b461093586842acbf 30-Apr-2003 Tomáš Lejdar <tomas.lejdar@i.cz> Fix libiptc memory hole during iptc_chain_next() (Tomas Lejdar)
ibiptc.c
2354d928a6864e8753decc054873d562689577d3 05-Mar-2003 Harald Welte <laforge@gnumonks.org> make DO_IPV6 work again..
akefile
4f8d2d95056b50a2d05eff0245fe1ddd8c382b05 12-Jun-2002 Marc Boucher <marc@mbsi.ca> Fixed destination netmask comparison bug in is_same()
ibip4tc.c
80fe35d6339b53a12ddaec41885613e4e37ed031 29-May-2002 Harald Welte <laforge@gnumonks.org> globally replace NETFILTER_VERSION with IPTABLES_VERSION to have consistent naming
ibiptc.c
95df8e79d018f2e214d24a72237abac8e57bb3cf 14-Feb-2002 Harald Welte <laforge@gnumonks.org> explicitly check for two possible sets of hooks in case of nat and mangle
ibip4tc.c
ibip6tc.c
a540b1b15e0d63ab10555502fcd569b40eec8145 13-Feb-2002 Harald Welte <laforge@gnumonks.org> fix compatibility with mangle2hooks and mangle5hooks
ibip4tc.c
ibip6tc.c
596707cf8374dba73535bc77bae76fe8770c0028 13-Feb-2002 Harald Welte <laforge@gnumonks.org> first attempt in trying to make debug code work with mangle2hooks and mangle5hooks
ibip4tc.c
ibip6tc.c
380ba5f3074a16fbaa8869d9594962d58b5f8608 13-Feb-2002 Harald Welte <laforge@gnumonks.org> - don't need -DNDEBUG anymore. Instead, use -DIPTC_DEBUG to enable
libiptc debugging. This is to make people at RedHat and Mandrake
happy.

- add debugging code for mangle5hooks table (will break debugging
of iptables >= 1.2.6 on old kernels <= 2.4.18-pre6. *sigh*
ibip4tc.c
ibip6tc.c
ibiptc.c
72c6b79b9944e4784ca21779413db71d773d7f10 08-Feb-2002 Harald Welte <laforge@gnumonks.org> update debugging code to mangle5hooks changes
ibip4tc.c
ibip6tc.c
1afc3b67b53e40e5aace076c0b650348aa5f4936 19-Jan-2002 Marc Boucher <marc@mbsi.ca> Added #include <unistd.h> to eliminate close() warning.
ibip4tc.c
ibip6tc.c
366454bc69f781fdafc3a30eb6dd77155ee4efb6 07-Jan-2002 Harald Welte <laforge@gnumonks.org> libiptc socket leaking fix
ibiptc.c
4ccfa630d9a588d4b852abef8bc467642427c8cf 30-Jul-2001 Harald Welte <laforge@gnumonks.org> move defaults to bottom, print reasonable message for CHECK functions
ibiptc.c
ec81ca7e5e5939eb0bfa4776c5c0c585efdfd1bb 26-May-2001 Harald Welte <laforge@gnumonks.org> ipt_get_target is declared non-static in ip_tables.h, so it is non-static here
ibiptc.c
10c6888656e6a1d3e236c89ca070471885266245 16-Mar-2001 Harald Welte <laforge@gnumonks.org> release-diff for 1.2.1
- added libipulog / libiptc to devel target
- added changelog for 1.2.1
- updated index.html for 1.2.1
- added reference to Oskar Andreasson's tutorial
akefile
e0072945b57dc499327567640648050563b19a5e 23-Jan-2001 Harald Welte <laforge@gnumonks.org> added iptables --set-counters
ibiptc.c
1cef74d943055668b5e356eebea877fdaa1ce3e0 05-Jan-2001 Harald Welte <laforge@gnumonks.org> libiptc counter function
ibip4tc.c
ibip6tc.c
ibiptc.c
8e07bd78ade5e2b4636d410a897119e111ea3e6c 19-Dec-2000 Rusty Russell <rusty@linuxcare.com.au> Libc5 can't do IPv6.
akefile
1de804642d4c8e9c71b7e225a1528fff15fa7faa 30-Oct-2000 Harald Welte <laforge@gnumonks.org> two libiptc bugs fixed, including the 'segv while doing more than one
action per commit' one.
ibiptc.c
3c7a6c479f3eccd65a78dc103f33f4085e8e4703 19-Sep-2000 Rusty Russell <rusty@linuxcare.com.au> Fix allocation (base new alloc on current size, not original size).
ibiptc.c
e9b4853639bffb0e71d5f7da93736aa8ae34f79b 14-Sep-2000 Rusty Russell <rusty@linuxcare.com.au> Fix typo.
ibip4tc.c
f92ba9bd4e68659e3c98aa0164cac87540ab3a76 14-Sep-2000 Rusty Russell <rusty@linuxcare.com.au> Add drop table support
ibip4tc.c
10758b743d6aa076ebe2c3e8f855e73826841e71 14-Sep-2000 Rusty Russell <rusty@linuxcare.com.au> Added DROPPING chain.
ibip4tc.c
ibiptc.c
62527ce5f0ffaa5b18aa118f64c21af238ddc156 04-Sep-2000 Rusty Russell <rusty@linuxcare.com.au> Finally fixed sparc64 counter bug (I hope).
ibiptc.c
061063f26e1a0eae9395acd2a3bbf8d13363abd1 04-Sep-2000 Rusty Russell <rusty@linuxcare.com.au> More debugging.
ibiptc.c
e1ef1b1ef42e8e2b62488624c6a44c6db63e4895 04-Sep-2000 Rusty Russell <rusty@linuxcare.com.au> More debugging.
ibiptc.c
54c307e0ff401f40a6fe382af4ae5bff0f5b40ba 04-Sep-2000 Rusty Russell <rusty@linuxcare.com.au> More debugging.
ibiptc.c
14a1c9175257f73e936a68ba68d3541278c0e52a 26-Aug-2000 Rusty Russell <rusty@linuxcare.com.au> Stop shadowing parameter.
ibiptc.c
2ee3fd0a8d4b1ab65cb4077650cda174b779e6f9 26-Aug-2000 Rusty Russell <rusty@linuxcare.com.au> Handle *really* large index values without segfaulting.
ibiptc.c
d57390ea8aaeecbcd69ad2b44f76d0f7973363d3 23-Aug-2000 Rusty Russell <rusty@linuxcare.com.au> Better message for table does not exist.
ibiptc.c
45fe27fd46b986db49f64c9058b0fbba21c9e01c 12-Aug-2000 Rusty Russell <rusty@linuxcare.com.au> Finally resolve dependency problems. (Olivier Baudron's report)
akefile
725d97a79cf0b332ed45cb7d254915178328427d 07-Jul-2000 Rusty Russell <rusty@linuxcare.com.au> Modifications for new header (entries -> entrytable, for alignment reasons)
ibip4tc.c
ibiptc.c
73ef09b21573ddb17ff75e5fd06fd4b52ec8ea40 03-Jul-2000 Rusty Russell <rusty@linuxcare.com.au> More PPC alignment fixes.
ibiptc.c
f68ce299449ab886491bbab1a8fb3ce36be3de9f 05-Jun-2000 Rusty Russell <rusty@linuxcare.com.au> Made error message clearer.
ibiptc.c
5eed48af2516ebce0412121713d285bc30edb10d 02-Jun-2000 Rusty Russell <rusty@linuxcare.com.au> Philip Blundell's IPv6 patches.
akefile
ibip6tc.c
4e242f822ef0add1359c540ed0cf3acdf74c63f3 31-May-2000 Rusty Russell <rusty@linuxcare.com.au> Minor change for debugging.
ibiptc.c
8c700900e2a0cf87d7917cb62578583a60ad1210 15-May-2000 Philip Blundell <Philip.Blundell@pobox.com> Philip Blundell's IPv6 fixes.
ibip4tc.c
ibip6tc.c
ibiptc.c
67088e73ce7707229c56987868f112051defca5a 10-May-2000 Rusty Russell <rusty@linuxcare.com.au> IPv6 Fixes
Alignment fixes.
ibiptc.c
88eb835ad207f579ae4ce21cd46f0b564ebd4748 10-May-2000 Philip Blundell <Philip.Blundell@pobox.com> Philip Blundell's IPv6 fixes.
ibip6tc.c
3eee010524ae02a3f0786b6d02bef16ab122e1c3 10-May-2000 Rusty Russell <rusty@linuxcare.com.au> Alignment assertion fix.
ibip4tc.c
79dee0702b18c8ea1d1f7a2b1f6b29349466986b 02-May-2000 Rusty Russell <rusty@linuxcare.com.au> IPv6 enhancements.
akefile
ibip4tc.c
ibip6tc.c
ibiptc.c
228e98dd6303af11925235af4cf3c3ec450f3f41 27-Apr-2000 Rusty Russell <rusty@linuxcare.com.au> Alignment fixes (requires kernel patch).
ibiptc.c
f3b36fe906d6dc80a568eb427e6b2ffa4093fdf3 27-Apr-2000 Rusty Russell <rusty@linuxcare.com.au> Fixed dependencies for libiptc.a
akefile
849779c4adf8dd65c83fffb65e6b7898df2a55c6 23-Apr-2000 Rusty Russell <rusty@linuxcare.com.au> More fixes and testsuite enhancements.
ibiptc.c
30fd6e5d45e6013f4df10a226787c7a9f49369c1 23-Apr-2000 Rusty Russell <rusty@linuxcare.com.au> Caching speedups.
ibiptc.c
c8264991454b5e77279830736f80ea3153b6f814 23-Apr-2000 Marc Boucher <marc@mbsi.ca> Improved iptc_set_policy error messages.
ibiptc.c
ca92443e5a2b6430e334900058b341b440d385d9 23-Apr-2000 Marc Boucher <marc@mbsi.ca> Fix minor compilation problems in match_different() and is_same().
ibiptc.c
edf14cf4b5edb148d7473f067d95e7bd1316900b 19-Apr-2000 Rusty Russell <rusty@linuxcare.com.au> Changes to allow matching (for delete) on part of a rule, for rules which
change in the kernel (eg. ipt_limit).
ibiptc.c
90e712a00913fe2a2f885142439c392392dc08a8 29-Mar-2000 Rusty Russell <rusty@linuxcare.com.au> Fix for match_different to correctly traverse the second rule
Nasty hack to enable us to delete rules with -m limit
ibiptc.c
175f64177743e5a417e98d483ef995bf7151f3bc 24-Mar-2000 Rusty Russell <rusty@linuxcare.com.au> libiptc caching to speed up find_label().
Makefile distrib target for userspace.
ibiptc.c
2f4e5d92c73906e0dc2ae42fee5c05740528e92b 24-Mar-2000 James Morris <jmorris@intercode.com.au> James Morris's problem with libiptc when listing the builtin
queue target.
ibiptc.c
7e53bf9c2a697abdb6f1385557338423a86612a3 20-Mar-2000 Rusty Russell <rusty@linuxcare.com.au> Makefile fixes for release.
Whitespace cleanups.
ibiptc.c
e6869a8f59d779ff4d5a0984c86d80db70784962 20-Mar-2000 Marc Boucher <marc@mbsi.ca> reorganized tree after kernel merge
akefile
ibiptc.c