summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* bump version from 1.4.0rc1 to 1.4.0 finaliptables_1_4_0/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-12-221-2/+2
|
* [patch] iptables and NO_SHARED_LIBS/dlfcn.h/C=EU/ST=EU/CN=Patrick McHardy/emailAddress=kaber@trash.net2007-12-193-3/+12
| | | | | | | | if NO_SHARED_LIBS is defined, then iptables shouldnt even include dlfcn.h. otherwise you hit a build failure when using toolchains that do not provide dlfcn.h because they do not support shared objects. Signed-Off-By: Mike Frysinger <vapier@gentoo.org>
* [PATCH]: use <linux/types.h>/C=EU/ST=EU/CN=Patrick McHardy/emailAddress=kaber@trash.net2007-12-173-5/+3
| | | | | | | | Remove our own definitions of the Linux types and use <linux/types.h> instead. libiptc needs it too, or otherwise will choke on union nf_inet_addr. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
* [PATCH] More safe chain sorting, improving r7098/C=EU/ST=EU/CN=Patrick McHardy/emailAddress=kaber@trash.net2007-12-121-1/+17
| | | | | | | | | | | | | | | | | This patch is an improvment of r7098 (made by me). Assuring compatibility between 1.4.0 and older versions, regarding chain sorting. Chains from kernel are already sorted, as they are inserted sorted. But there exists an issue when shifting to 1.4.0 from an older version, as old versions allow last created chain to be unsorted. This unsorted chain would survive in 1.4.0, as chains are now only sorted on creation. This patch verifies that chains are sorted, if not it fixes the sorting. Signed-off-by: Jesper Dangaard Brouer <hawk@comx.dk>
* Fix sockfd use accounting for kernels without autoloading/C=EU/ST=EU/CN=Patrick McHardy/emailAddress=kaber@trash.net2007-12-041-4/+0
|
* Fix showing help text for matches/targets with revision as user/C=EU/ST=EU/CN=Patrick McHardy/emailAddress=kaber@trash.net2007-12-031-0/+9
| | | | | | | When running as a user iptables can't determine the highest supported revision and exits. Assume all revision are supported in case we get a EPERM. If the user is not showing the help text but trying to add new rules he'll get EPERM later anyway.
* Unifies libip[6]t_SECMARK.man to libxt_SECMARK.man/C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org2007-11-292-7/+0
|
* Unifies libip[6]t_CONNSECMARK.man to libxt_CONNSECMARK.man/C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org2007-11-292-15/+0
|
* Fixes missing '6' and 'X' in definitions of selinux related extension lists./C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org2007-11-291-2/+2
|
* Remove libip6t_state.c. libxt_state.c supports IPv6./C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org2007-11-291-156/+0
|
* Unifies libip[6]t_udp.man to libxt_udp.man/C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org2007-11-292-14/+0
|
* Removes libip6t_u32.man/C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org2007-11-291-129/+0
| | | | libxt_u32.man already exists.
* Unifies libip[6]t_physdev.man to libxt_physdev.man/C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org2007-11-292-42/+0
|
* Unifies libip[6]t_mark.man to libxt_mark.man/C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org2007-11-292-9/+0
|
* Unifies libip[6]t_mac.man to libxt_mac.man/C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org2007-11-292-10/+0
|
* Unifies libip[6]t_limit.man to libxt_limit.man/C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org2007-11-292-15/+0
|
* Unifies libip[6]t_esp.man to libxt_esp.man/C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org2007-11-292-3/+0
|
* Unifies libip[6]t_NFQUEUE.man to libxt_NFQUEUE.man/C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org2007-11-292-12/+0
|
* Move libipt_tcpmss.man to libxt_tcpmss.man for ip6tables.8/C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org2007-11-291-0/+0
|
* Move libipt_string.man to libxt_string.man for ip6tables.8/C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org2007-11-291-0/+0
|
* Move libipt_state.man to libxt_state.man for ip6tables.8/C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org2007-11-291-0/+0
|
* Move libipt_sctp.man to libxt_sctp.man for ip6tables.8/C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org2007-11-291-0/+0
|
* Move libipt_quota.man to libxt_quota.man for ip6tables.8/C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org2007-11-291-0/+0
|
* Move libipt_pkttype.man to libxt_pkttype.man for ip6tables.8/C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org2007-11-291-0/+0
|
* Move libipt_helper.man to libxt_helper.man for ip6tables.8/C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org2007-11-291-0/+0
|
* Move libipt_hashlimit.man to libxt_hashlimit.man for ip6tables.8/C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org2007-11-291-0/+0
|
* Move libipt_dscp.man to libxt_dscp.man for ip6tables.8/C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org2007-11-291-0/+0
|
* Move libipt_dccp.man to libxt_dccp.man for ip6tables.8/C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org2007-11-291-0/+0
|
* Move libipt_connmark.man to libxt_connmark.man for ip6tables.8/C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org2007-11-291-0/+0
|
* Move libipt_connbytes.man to libxt_connbytes.man for ip6tables.8/C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org2007-11-291-0/+0
|
* Move libipt_comment.man to libxt_comment.man for ip6tables.8/C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org2007-11-291-0/+0
|
* Move libipt_NOTRACK.man to libxt_NOTRACK.man for ip6tables.8/C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org2007-11-291-0/+0
|
* Move libipt_DSCP.man to libxt_DSCP.man for ip6tables.8/C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org2007-11-291-0/+0
|
* Moves libipt_CONNMARK.man to libxt_CONNMARK.man for ip6tables.8/C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org2007-11-291-0/+0
|
* Moves libipt_CLASSYFY.man to libxt_CLASSYFY.man for ip6tables.8/C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org2007-11-291-0/+0
|
* Fix connlimit output for inverted --connlimit-above: ! > is <=, not </C=EU/ST=EU/CN=Patrick McHardy/emailAddress=kaber@trash.net2007-11-281-2/+2
|
* [PATCH]: iptables/libiptc perf issue: Sorting chain during pull-out/C=EU/ST=EU/CN=Patrick McHardy/emailAddress=kaber@trash.net2007-11-281-3/+3
| | | | | | | | | | | | | | | | | | | Performance optimize scalability issue: Sorting chain during pull-out give worst-case runtime O(Chains2). When pulling out the blob, every chain name is inserted alphabetically into a linked list (by function iptc_insert_chain()). The problem with this approach is that the chain names delivered in the blob is already sorted (as we push it back to the kernel sorted). This cause chain parsing to always process every element in the chain list and finish with a tail add. Causing worst-case runtime O(C2/2) for alphabetically sorting of chains. The patch solves this by only calling iptc_insert_chain() when creating new chains. Signed-off-by: Jesper Dangaard Brouer <hawk@comx.dk>
* Add NFLOG manpage/C=EU/ST=EU/CN=Patrick McHardy/emailAddress=kaber@trash.net2007-11-261-0/+29
|
* [PATCH]: iptables: always print mask in iptables-save/C=EU/ST=EU/CN=Patrick McHardy/emailAddress=kaber@trash.net2007-11-251-3/+15
| | | | | | | | | | | | | iptables prints the mask as a prefix length if it is valid; This patch makes iptables-save do the same. Also, iptables-save will always print "/32" in the "-s addr/32" case now. This reduces the amount of code external parsing scripts need to provide to properly parse iptables-save output. ip6tables-save already does the right thing, so no change there. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
* [PATCH]: iptables: move manpage/C=EU/ST=EU/CN=Patrick McHardy/emailAddress=kaber@trash.net2007-11-252-0/+0
| | | | | | | Rename libipt_{time,u32}.man to libxt_{time,u32}.man to go in line with the C files. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
* [PATCH]: iptables: fix check_inverse() call/C=EU/ST=EU/CN=Patrick McHardy/emailAddress=kaber@trash.net2007-11-251-1/+1
| | | | | | Fix a typo in call to check_inverse(). Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
* [PATCH] Fix make/compile error for iptables-1.4.0rc1/C=EU/ST=EU/CN=Patrick McHardy/emailAddress=kaber@trash.net2007-11-253-2/+616
| | | | | | | | | | | | | | | | | | | Fixing a make/compile issue with iptables, release candidate 1.4.0rc1, which has existed since SVN changeset 6920. This patch adds ip_tables.h and ip6_tables.h, and updates x_tables.h, taken from Linus'es git tree. Changeset 6920 added the include file x_tables.h from kernel source, but didn't add ip_tables.h and ip6_tables.h. At some point (Tue Nov 14 19:48:48 2006, by Yasuyuki Kozakai) these kernel headers where changed, which actually removes certain depencencies from ip_tables.h and ip6_tables.h to x_tables.h. If compiling will fail, with old kernel headers (ip_tables.h and ip6_tables.h) available in systems include path, because they depend on certaine defines in x_tables.h with is missing in the version in SVN. Jesper Brouer <jdb@comx.dk>
* PATCH - Fix for --random option in DNAT and REDIRECT/C=EU/ST=EU/CN=Patrick McHardy/emailAddress=kaber@trash.net2007-11-152-1/+2
| | | | | | | The --random option produces "Unknown arg `--random'" errors with both the DNAT and REDIRECT targets. Corrected by the attached patch. Tom Eastep <teastep@shorewall.net>
* [PATCH] Document xt_statistic (Stefano Sabatini ↵/C=EU/ST=EU/CN=Patrick McHardy/emailAddress=kaber@trash.net2007-11-121-0/+30
| | | | <stefano.sabatini-lala@poste.it>)
* [PATCH]: iptables-edit: iptables-edit: adds --table to iptables-restore/C=EU/ST=EU/CN=Patrick McHardy/emailAddress=kaber@trash.net2007-11-051-1/+11
| | | | | | adds --table to iptables-restore which allows to restore only the supplied table Signed-off-by: Peter Warasin <peter@endian.com>
* [PATCH] let DO_MULTI=1 work for ip6tables* binaries part 2/C=EU/ST=EU/CN=Patrick McHardy/emailAddress=kaber@trash.net2007-10-311-0/+31
| | | | | | | Sorry forgot to mention that the "ip6tables-multi.c" (in the patch) which is not in the repository has to be manually added. Hann-huei Chiou <koala@ascenvision.com>
* [PATCH] Introducing libxt_*.man files. Sorted matches and modules/C=EU/ST=EU/CN=Patrick McHardy/emailAddress=kaber@trash.net2007-10-312-33/+103
| | | | | | | | | | | The iptables.8 and ip6tables.8 man pages are now generated from libxt_*.man files too. For xtables modules one man page is enough with libxt_ prefix. The match and target lists are sorted alphabetically. The make command doesn't print anything when creates man pages. Signed-off-by: Laszlo Attila Toth <panther@balabit.hu>
* [PATCH] let DO_MULTI=1 work for ip6tables* binaries/C=EU/ST=EU/CN=Patrick McHardy/emailAddress=kaber@trash.net2007-10-234-0/+33
| | | | | | | | When defining DO_MULTI=1 in Makefile, only iptables is built as a single multipurpose binary. This patch makes ip6tables also be built in the same manner. Hann-huei Chiou <koala@ascenvision.com>
* Transfer all my copyright over to our company./C=EU/ST=EU/CN=Patrick McHardy/emailAddress=kaber@trash.net2007-10-202-2/+5
| | | | Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
* [PATCH]: Don't silenty exit on failure to open /proc/net/{ip,ip6}_tables_names/C=EU/ST=EU/CN=Patrick McHardy/emailAddress=kaber@trash.net2007-10-182-2/+6
| | | | Victor Stinner <victor.stinner@inl.fr>