Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Replace annoying "Something wrong... deleting dependencies" message by ↵ | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2006-04-28 | 1 | -1/+1 |
| | | | | something more useful. | ||||
* | Don't overwrite errno with return value of setsockopt (which is -1 on error). | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2006-04-22 | 1 | -6/+2 |
| | | | | Fixes "Unknown error 4294967295" message (bugzilla #460). | ||||
* | Revert incorrect fix for "Unknown error 4294967295" problem | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2006-04-22 | 1 | -2/+0 |
| | |||||
* | When entering an invalid command (such as iptables -A INPUT -j MARK --set-mark | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2006-04-21 | 1 | -0/+2 |
| | | | | 1), the error message "Unknown error 4294967295" is displayed; (Closes: #460) | ||||
* | In ip[6]tables.c, NUMBER_OF_OPT was increased to 12 for the OPT_COUNTERS | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2006-04-21 | 2 | -30/+32 |
| | | | | | | option. However, the new array element is not initialized in either commands_v_options[NUMBER_OF_CMD][NUMBER_OF_OPT] or inverse_for_options[NUMBER_OF_OPT]. (Closes: #462) | ||||
* | cmdflags is used in cmd2char() to return the option for a command. It uses the | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2006-04-21 | 2 | -4/+2 |
| | | | | | | bit position of the command mask as an index in the array. There's no entry for CMD_CHECK (0x0800U), so lookups for CMD_RENAME_CHAIN (0x1000U) index outside the array. (Closes: #463) | ||||
* | [IPTABLES,IP6TABLES]: check invalid esp spi range | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=yasuyuki/emailAddress=yasuyuki@netfilter.org | 2006-04-15 | 2 | -0/+6 |
| | |||||
* | [IP6TABLES] kill manual comparing protocol name with "ipv6-icmp". | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=yasuyuki/emailAddress=yasuyuki@netfilter.org | 2006-04-15 | 1 | -3/+1 |
| | |||||
* | fix loading shared library of ICMPv6 match. | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=yasuyuki/emailAddress=yasuyuki@netfilter.org | 2006-04-15 | 3 | -1/+1 |
| | | | | | | | | | | | | | The current ip6tables tries to load libip6t_icmp6.so when user types 'ip6tables -p icmpv6 ...' or 'ip6tables ... -m icmpv6' ...', and it fails. This patch renames libip6t_icmpv6.c to libip6t_icmp6.c so that ip6tables can load it. Now kernel module and user library has same name 'icmp6'. It can reduce confusion about name mismatch. That's why I renamed it instead of reverting change in find_match() which brought this bug. This patch keeps compatibiity and we can use '-p icmpv6', '-p ipv6-icmpv6', '-m icmpv6', '-m ipv6-icmpv6', and '-m icmp6', as ever. | ||||
* | [IPTABLES,IP6TABLES]: fix the path to detect esp/connbytes support in kernel | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2006-04-12 | 2 | -2/+2 |
| | | | | The recent kernels don't have ipt_connbytes.c and ip6t_esp.c. | ||||
* | [PATCH]: Correct iptables-save output of osf module (Daniel De Graaf) | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2006-03-31 | 1 | -0/+8 |
| | |||||
* | [PATCH] don't allow to specify protocol of IPv6 extension header (Yasuyuki ↵ | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2006-03-29 | 1 | -0/+16 |
| | | | | | | | | | Kozakai) Sometimes I hear that people do 'ip6tables -p ah ...' which never matches any packet. IPv6 extension headers except of ESP are skipped and invalid as argument of '-p'. Then I propose that ip6tables exits with error in such case. | ||||
* | Multiple matches of the same type can be specified on the commandline. | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kadlec/emailAddress=kadlec@netfilter.org | 2006-03-03 | 4 | -32/+84 |
| | | | | | | | | | | If two or more matches of the same type are detected then the options are assumed to be grouped in order to tell which option belongs to which match: ... -m foo ... <options0> ... -m foo ... <options1> ... Otherwise the commandline parsing is unmodified. | ||||
* | Make '-p all' a special case that is handled before calling getprotoent() ↵ | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2006-02-11 | 2 | -2/+14 |
| | | | | (Closes: #446) | ||||
* | fix double-free if a single match is used multiple times within a signle rule | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2006-02-11 | 2 | -2/+6 |
| | | | | | | (Closes: #440). However, while this fixes the double-free, it still doesn't make iptables support two of the same matches within one rule. Apparently the last matchinfo is copied into all the previous matchinfo instances. | ||||
* | don't install libiptc.a | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2006-02-09 | 1 | -1/+2 |
| | |||||
* | fix segfault or loading of invalid counters in ip[6]tables-restore (Olaf ↵ | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2006-02-09 | 2 | -2/+8 |
| | | | | Rempel) (Closes: #437) | ||||
* | make policy match compile independant of kernel headerssvn_t_iptables_1_3_5 | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2006-02-01 | 3 | -2/+6 |
| | |||||
* | Some !%$!*##$@ has modified the kernel include/linux/netfilter_ipv4/ipt_sctp.h | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2006-02-01 | 1 | -0/+13 |
| | | | | file in a way that breaks userspace :( | ||||
* | fix ipt_conntrack compilation against very early (2.4.0) kernel releases | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2006-02-01 | 1 | -1/+1 |
| | |||||
* | remove other bits of old ip pool code, people should use ipset ↵ | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2006-02-01 | 5 | -323/+2 |
| | | | | (ipset.netfilter.org) these days | ||||
* | remove ippool | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2006-02-01 | 3 | -679/+0 |
| | |||||
* | Prepare policy match for x_tables unification by making sure both | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2006-01-31 | 7 | -16/+126 |
| | | | | ipt_policy and ip6t_policy use the same data structure. | ||||
* | fix 'save' (Michael Rash) | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2006-01-30 | 1 | -2/+2 |
| | |||||
* | major manpage update (Yasuyuki Kozakai) | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2006-01-30 | 27 | -88/+149 |
| | |||||
* | Add 'copy+paste' support for 'state' and 'connmark' match, as well as | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2006-01-26 | 4 | -1/+535 |
| | | | | 'CONNMARK' target for ip6tables / nf_conntrack_l3proto_ipv6. This is a temporary solution for the iptables-1.3.x branch, since the 1.4.x branch will have proper support. | ||||
* | add note about deprecated state | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2006-01-26 | 1 | -0/+2 |
| | |||||
* | fix spelling 'adress' -> 'address' (Closes: #431) (MJ Anthony) | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2006-01-22 | 2 | -2/+2 |
| | |||||
* | Fix "empty policy element" complaining in non-strict mode. | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2006-01-22 | 2 | -2/+4 |
| | | | | Noticed by Tom Eastep <teastep@shorewall.net>. | ||||
* | Clarify --tunnel-src/--tunnel-dst options | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2006-01-12 | 2 | -6/+10 |
| | |||||
* | Move empty policy element check to also catch last element | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2006-01-12 | 2 | -10/+12 |
| | |||||
* | Don't allow using --next option without specifying a policy element | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2006-01-12 | 2 | -4/+14 |
| | |||||
* | Fix invalid assignment of tunnel-src to dest address (Patrick McHardy) | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2006-01-09 | 1 | -2/+2 |
| | |||||
* | Add documentation for string match (Pablo Neira) | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2006-01-03 | 1 | -0/+15 |
| | |||||
* | Fix probing for supported revisions (Jones Desougi <jones@ingate.com>) | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2005-12-22 | 4 | -8/+10 |
| | | | | Bugzilla #413 | ||||
* | fix iptables-save of 'goto' target (Closes: #410) | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2005-12-05 | 1 | -2/+2 |
| | |||||
* | Add note that TCPMSS is only valid in the mangle table (not true today, but ↵ | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2005-12-05 | 1 | -1/+4 |
| | | | | maybe someday) | ||||
* | fix compilation of iptables on [old] systems that don't have IPT_F_GOTO | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2005-11-24 | 2 | -0/+6 |
| | |||||
* | note that we can only delete chains that are empty | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2005-11-22 | 1 | -3/+4 |
| | |||||
* | tcp-rst is the alias, not tcp-reset (Torsten Hilbrich) | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2005-11-22 | 1 | -1/+1 |
| | |||||
* | Add policy match extensions from patch-o-matic | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2005-11-19 | 6 | -0/+998 |
| | |||||
* | Fix some gcc-4 warnings | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2005-11-18 | 4 | -7/+7 |
| | |||||
* | Don't eat numeric arguments for other extensions | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org | 2005-11-18 | 1 | -4/+12 |
| | |||||
* | The conntrack match does not print any info for --ctproto, thus | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2005-11-17 | 1 | -0/+7 |
| | | | | | breaking iptables-restore of any rules using this option. Below patch adds output and closes bug #398. (Phil Oester) | ||||
* | only set revisions on real targets, not on jumps. (Pablo Neira) | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2005-11-17 | 1 | -1/+3 |
| | |||||
* | - Fix memory leak in TC_COMMIT() (Markus Sundberg) | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2005-11-12 | 1 | -23/+25 |
| | | | | | - Cleanup error path of TC_COMMIT() - Correctly propagate errors of setsockopt to calling function | ||||
* | add 'goto' support (Henrik Nordstrom <hno@marasystems.com>) | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2005-11-05 | 3 | -3/+33 |
| | |||||
* | fix connmark, it's now only 32bits (Deti Fliegl <deti@fliegl.de)svn_t_iptables_1_3_4 | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2005-11-03 | 2 | -53/+10 |
| | | | | | | We'ver screwed this up with the 2.6.14 release. It refuses any mask that extends 32bits. We should have fixed this by adding a new target/match revision, but now it's too late anyway :( | ||||
* | about to release 1.3.4 | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2005-10-31 | 1 | -2/+2 |
| | |||||
* | The conntrack match extension doesn't handle address inversion correctly. ↵ | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org | 2005-09-19 | 1 | -2/+2 |
| | | | | (Tom Eastep) |