summaryrefslogtreecommitdiffstats
path: root/include
Commit message (Collapse)AuthorAgeFilesLines
* make policy match compile independant of kernel headerssvn_t_iptables_1_3_5/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2006-02-011-0/+4
|
* fix ipt_conntrack compilation against very early (2.4.0) kernel releases/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2006-02-011-1/+1
|
* remove other bits of old ip pool code, people should use ipset ↵/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2006-02-011-26/+0
| | | | (ipset.netfilter.org) these days
* Prepare policy match for x_tables unification by making sure both/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2006-01-312-0/+116
| | | | ipt_policy and ip6t_policy use the same data structure.
* Fix probing for supported revisions (Jones Desougi <jones@ingate.com>)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2005-12-222-0/+2
| | | | Bugzilla #413
* Kernels higher than 2.6.10 don't support multiple --to arguments in/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-09-191-0/+9
| | | | | | | | | | | | | | | | | | | | | DNAT and SNAT targets. At present, the error is somewhat vague: # iptables -t nat -A foo -j SNAT --to 1.2.3.4 --to 2.3.4.5 iptables: Invalid argument But if we want current iptables to work with kernels <= 2.6.10, we cannot simply disallow this in all cases. So the below patch adds kernel version checking to iptables, and utilizes it in [DS]NAT. Now, users will see a more informative error: # iptables -t nat -A foo -j SNAT --to 1.2.3.4 --to 2.3.4.5 iptables v1.3.3: Multiple --to-source not supported This generic infrastructure (shamelessly lifted from procps btw) may come in handy in the future for other changes. This fixes bugzilla #367. (Phil Oester)
* Add the aligned_u64 typedef, it's defined in linux/types.h in the kernel./C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=gandalf/emailAddress=gandalf@netfilter.org2005-09-111-0/+4
| | | | We can't include that header since it conflicts with sys/types.h
* add NFQUEUE support for ipv4 and ipv6/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-07-191-0/+16
|
* fix various missing header file / #define issues on old kernels. I've now ↵svn_t_iptables_1_3_2/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-07-102-16/+17
| | | | tested compilation with kernels starting 2.4.17
* we need to have this header file included, since old kernels don't define ↵/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-07-101-0/+16
| | | | IP6T_LOG_UID.
* reduce code replication of parse_interface() (Yasuyuki Kozakai)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-06-222-0/+3
|
* omeone forgot to update ipt_conntrack.h header in user space. So, update it ↵/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-04-101-1/+22
| | | | to use ip_conntrack_old_tuple. (Pablo Neira)
* This fixes rule deletion in CLUSTERIP in iptables (Pablo Neira)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-03-071-0/+37
|
* Fix CONNMARK/connmark issues with 64bit kernel and 32bit userspace./C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=gandalf/emailAddress=gandalf@netfilter.org2005-02-122-0/+9
| | | | | | | Also fixes a typo in CONNMARK, --mask set the mark, not the mask. Initial patch by: Pablo Neira <pablo@eurodev.net> Signed-off-by: Martin Josefsson <gandalf@wlug.westbo.se>
* Add support for inversion to multiport revision 1./C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=gandalf/emailAddress=gandalf@netfilter.org2005-02-021-0/+1
| | | | Signed-off-by: Phil Oester <kernel@linuxace.com>
* Pablo Neira:/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=rusty/emailAddress=rusty@netfilter.org2005-01-031-0/+28
| | | | Multiport revision 1 userspace support.
* Extension revision number support (if kernel supports the getsockopts)./C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=rusty/emailAddress=rusty@netfilter.org2005-01-032-0/+33
| | | | | Enhance MARK match with second revision. Committed in anticipation of the kernel patch being applied.
* Fix setting lib_dir in ip*tables-{save,restore}/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=gandalf/emailAddress=gandalf@netfilter.org2004-12-273-0/+9
|
* move ipt_hashlimit to it's correct location/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2004-10-201-0/+0
|
* add hashlimit kernel header file/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2004-10-201-0/+40
|
* Add comment match extension (Brad Fisher)kaber2004-09-201-0/+10
|
* [PATCH] port physdev to ip6tables (Bart De Schuymer)kaber2004-09-121-0/+24
|
* Add ipt_addrtype.hkaber2004-06-281-0/+11
|
* add missing includelaforge2004-06-211-0/+39
|
* With a 64bit kernel only the high 32bits of nfmark was used regardless ofgandalf2004-05-264-0/+50
| | | | | | | 32/64bit userspace. This makes it quite hard to interoperate with 'tc'. Sync ipv6 versions with ipv4 versions. Tested on x86 and sparc64 with both 32bit and 64bit userspace.
* Fix 64bit kernel / 32bit userspace issue.gandalf2004-05-262-6/+15
| | | | Sync header with kernel.
* Add versions of string_to_number() for use in 32bit userspace with 64bit kernel.gandalf2004-05-261-0/+8
|
* Fix 64bit kernel / 32bit userspace issue.gandalf2004-05-263-1/+56
|
* add definition for IPPROTO_SCTP for systems with old header fileslaforge2004-03-041-0/+4
|
* update for matching chunk flags (Kiran Kumar)laforge2004-03-021-0/+11
|
* add userspace part of SCTP matchlaforge2004-02-211-20/+91
|
* latest version of CONNMARK updates (Henrik Nordstrom)laforge2004-02-032-0/+19
|
* Bloody copy-n-edit. Make sure to use matches in the order they are given...gandalf2004-02-021-2/+8
|
* Make sure to use matches in the order they are given when calling ↵gandalf2004-02-021-2/+8
| | | | do_command() multiple times.
* update ipt_physdev.h (test8 change, make parisc work, alignment issues)laforge2003-11-021-2/+2
|
* CLASSIFY is now built unconditionally, thus we need the kernel headerlaforge2003-09-131-0/+8
|
* fix ipq_id_t on 'real' kernel+userspace 64bit archs (Ryan Veety)laforge2003-09-071-1/+1
|
* add include files for soon-to-be-submitted patches (and build them ↵laforge2003-08-234-0/+56
| | | | unconditionally by putting thme in the extensions/Makefile)
* Fix the previous fixgandalf2003-05-051-0/+3
| | | | No more segfaults or compilewarnings.
* add (untested) sctp userspace support for even more untested kernel part (in ↵laforge2003-05-031-0/+25
| | | | pom soon)
* fix memory leak(s) in libiptc. Reverts the previous (wrong) patch. (Martin ↵laforge2003-05-021-0/+3
| | | | Josefsson)
* rename iplimit to connlimitlaforge2003-04-301-6/+6
|
* ipt_physdev update (--physdev-is-{in,out,bridged}) by Bart de Schuymerlaforge2003-04-271-2/+7
|
* port 'line number on error in iptables-restore' from ipv4laforge2003-03-051-0/+2
|
* make iptables-restore print the line number in case of an errorlaforge2003-03-031-0/+2
| | | | (Illes Marci <marci@balabit.hu>)
* add libipt_physdev.c (Bart de Schumyer)laforge2003-02-111-0/+19
|
* add support for rpc matchlaforge2003-01-121-0/+35
|
* apply ipv6 hoplimit (hl match, HL target) patch (Maciej Soltysiak ↵laforge2003-01-082-0/+44
| | | | <solt@dns.toxicfilms.tv>)
* make libipt_helper.so build always, since it's now submitted to 2.4.20laforge2002-08-091-0/+8
|
* bring ECN headers in sync with ecn.patchlaforge2002-08-052-4/+3
|