Commit message (Collapse) | Author | Age | Files | Lines | ||
---|---|---|---|---|---|---|
... | ||||||
* | Add --log-uid option (John Lange <john.lange@open-it.ca>) | John Lange | 2005-01-02 | 2 | -1/+20 | |
| | ||||||
* | Stupid typo that meant we didn't compare target data when doing ↵ | Rusty Russell | 2004-12-29 | 1 | -1/+1 | |
| | | | | delete-by-matching-rule (found by nfsim test). | |||||
* | Fix compile error introduced by C99 conversion. | Rusty Russell | 2004-12-29 | 1 | -1/+0 | |
| | ||||||
* | Pablo Neira: extensions conversion to C99 structure initialization | Pablo Neira | 2004-12-28 | 69 | -939/+893 | |
| | | | | (I removed the revision stuff for the moment, but this needs to go in before the code moves too much --RR) | |||||
* | Fix setting lib_dir in ip*tables-{save,restore} | Martin Josefsson | 2004-12-27 | 11 | -22/+37 | |
| | ||||||
* | Use string_to_number. Don't check for no optarg: we set has_arg to 1 in ↵ | Rusty Russell | 2004-12-22 | 1 | -5/+5 | |
| | | | | option array, so getopt does that for us. | |||||
* | Don't need ipt_entry_target()/ip6t_entry_target() now kernel uses static ↵ | Rusty Russell | 2004-12-22 | 2 | -30/+16 | |
| | | | | | | inline instead of extern inline (otherwise it doesn't compile without -O). Don't re-initialize libiptc/libip6t unless modprobe attempt actually succeeds. This makes nfsim run about 20 times faster, as it doesn't have to explore failures in the first iptc_init(). | |||||
* | Implement IPTABLES_LIB_DIR and IP6TABLES_LIB_DIR environment variables, and ↵ | Rusty Russell | 2004-12-20 | 2 | -9/+21 | |
| | | | | set them in testsuite if we're running iptables within tree. | |||||
* | Nicolas Bouliane: I was writing an nfsim .sim for the match tos, when I ↵ | Nicolas Bouliane | 2004-12-20 | 1 | -0/+5 | |
| | | | | realized that when we enter --tos twice the second overwrite the first. | |||||
* | Implement some optimization for finding rules to replace in TC_REPLACE_ENTRY. | Martin Josefsson | 2004-12-18 | 1 | -2/+9 | |
| | | | | Stolen from TC_DELETE_NUM_ENTRY. | |||||
* | Make "is_same" test basics and entries only: targets are generic. | Rusty Russell | 2004-12-16 | 3 | -70/+72 | |
| | | | | | | | Make target testing aware of different kinds of rules. Change reverse logic: target_different now target_same. Set type to MODULE in iptcc_map_target. Add testcase for this. | |||||
* | Remove GET_TARGET() define: this was for compiling iptables for debugging ↵ | Rusty Russell | 2004-12-16 | 1 | -37/+25 | |
| | | | | | | | (ie. without -O) on old kernels where ipt_get_target() was defined "extern inline". These days it's "static inline", and only developers build without -O anyway. Fix up DUMP_ENTRIES a little, but remove calls: it only dumps the table as loaded, not the changed (cached) table, which is misleading. Fix TC_DELETE_ENTRY: we need to use iptcc_map_target() before comparing, otherwise "-j DROP" (as an example) doesn't work. | |||||
* | ROUTE --tee target extension (Patrick Schaaf) | Patrick Schaaf | 2004-12-14 | 4 | -13/+84 | |
| | ||||||
* | ipset 2 related updates (JK) | Joszef Kadlecsik | 2004-12-01 | 5 | -83/+243 | |
| | ||||||
* | fix some compiler warnings and errors | Harald Welte | 2004-11-18 | 1 | -17/+24 | |
| | ||||||
* | sync with latest patch-o-matic-ng update (support direction and mode parameters) | Harald Welte | 2004-11-18 | 1 | -11/+84 | |
| | ||||||
* | Search backwards when inserting/deleting in/from the top half of the rules ↵ | Martin Josefsson | 2004-10-24 | 1 | -12/+24 | |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | in a chain. before: insert 50k rules without any previous rules real 0m1.314s user 0m1.184s sys 0m0.123s insert 50k with one already existing rule real 2m38.052s user 2m37.296s sys 0m0.353s insert 50k rules in the middle of 20k already existing rules real 2m43.831s user 2m43.005s sys 0m0.414s delete rule #70000 10k times with 100k rules real 1m37.990s user 1m37.247s sys 0m0.500s after: insert 50k without any previous rules real 0m1.315s user 0m1.184s sys 0m0.125s insert 50k with one already existing rule real 0m1.313s user 0m1.189s sys 0m0.119s insert 50k rules in the middle of 20k already existing rules real 0m8.550s user 0m8.327s sys 0m0.197s delete rule #70000 10k times with 100k rules real 0m35.566s user 0m35.062s sys 0m0.416s | |||||
* | Fix module-autoloading in certain cases (Fixse Debian Bug 219686) | Harald Welte | 2004-10-22 | 2 | -6/+10 | |
| | ||||||
* | minor syntax fixes | Harald Welte | 2004-10-20 | 1 | -13/+18 | |
| | ||||||
* | - add hashlimit to makefile | Harald Welte | 2004-10-20 | 2 | -2/+2 | |
| | | | | - fix typo in libipt_hashlimit | |||||
* | move ipt_hashlimit to it's correct location | Harald Welte | 2004-10-20 | 1 | -0/+0 | |
| | ||||||
* | add hashlimit kernel header file | Harald Welte | 2004-10-20 | 1 | -0/+40 | |
| | ||||||
* | hashlimit port of userspace plugin | Harald Welte | 2004-10-20 | 1 | -0/+365 | |
| | ||||||
* | add paragraph about raw table | Harald Welte | 2004-10-06 | 1 | -0/+10 | |
| | ||||||
* | Mention owner brokenness in manpage | Patrick McHardy | 2004-10-03 | 2 | -0/+4 | |
| | ||||||
* | note owner match brokenness in helptext, closes bugzilla #244 (Phil Oester) | Phil Oester | 2004-10-01 | 1 | -0/+2 | |
| | ||||||
* | Add comment about time not adhering DST (Phil Oester) (Closes: #75) | Phil Oester | 2004-09-26 | 1 | -0/+1 | |
| | ||||||
* | Replace O(n) with O(1) when TC_INSERT_ENTRY() inserts an entry at the end. | Martin Josefsson | 2004-09-23 | 1 | -8/+23 | |
| | | | | | | | | | | | | | | Do the same with TC_DELETE_NUM_ENTRY() when deleting the last rule. My rule management script does both of these things in certain situations. Created a file with 50.000 rules which my script converted into iptables-restore format but inserting each rule with an index instead of appending like the iptables-save output does. That took a while without this optimization. Same thing when deleting the 45.000 last rules in that chain, the script outputs deletes by number starting from the bottom. Inserting or deleting (by number) in the middle of the chain is still O(n) where n is the rulenumber where the insert/delete is taking place. | |||||
* | Spelling error. | Martin Josefsson | 2004-09-23 | 1 | -2/+2 | |
| | ||||||
* | Fix returnvalue of TC_BUILTIN() | Martin Josefsson | 2004-09-23 | 1 | -2/+2 | |
| | | | | | All jumps to nonexisting chains were believed to be jumps to builtin chains, that's bad as it made it impossible to add rules with external targets. | |||||
* | Make sure to zero all the memory we allocate for the new table. | Martin Josefsson | 2004-09-22 | 1 | -2/+2 | |
| | | | | | Makes flushing of chains containing more than a few entries work without potentially oopsing the kernel. | |||||
* | Make TC_DELETE_ENTRY() and TC_DELETE_NUM_ENTRY() actually do something practical | Martin Josefsson | 2004-09-22 | 1 | -1/+5 | |
| | ||||||
* | Fix two more rulenumber off by 1 errors | Martin Josefsson | 2004-09-22 | 1 | -3/+3 | |
| | ||||||
* | Insertion of rules with -I was broken. | Martin Josefsson | 2004-09-22 | 1 | -5/+15 | |
| | | | | | | | It checked if a rule existed on the position we were inserting to. Thus inserting into an empty chain didn't work. And it didn't care about the fact that the first rule in the chain has index 1 the rulenumer we get starts at 0... | |||||
* | Fix rule counting | Martin Josefsson | 2004-09-22 | 1 | -1/+3 | |
| | ||||||
* | Fix listing of module targets. | Martin Josefsson | 2004-09-22 | 1 | -1/+4 | |
| | | | | | | Type was only set for standard targets. Harald: please review. | |||||
* | realm: fix inversion (Simon Lodal) | Simon Lodal | 2004-09-22 | 1 | -2/+3 | |
| | ||||||
* | Fix half-working ipv6 limit invert check (Phil Oester) | Phil Oester | 2004-09-21 | 1 | -7/+6 | |
| | ||||||
* | Fix half-working dstlimit invert check (Phil Oester) | Phil Oester | 2004-09-21 | 1 | -26/+12 | |
| | ||||||
* | limit match does not support invert, warn about it. Closes bugzilla #95 ↵ | Phil Oester | 2004-09-21 | 1 | -7/+6 | |
| | | | | (Phil Oester) | |||||
* | Add comment match extension (Brad Fisher) | Brad Fisher | 2004-09-20 | 3 | -1/+138 | |
| | ||||||
* | fix segfault from memory allocation: handle->entries is actualy struct ↵ | Harald Welte | 2004-09-19 | 1 | -2/+3 | |
| | | | | ipt_get_entries plus the size | |||||
* | fix psd option parsing (Phil Oester) | Phil Oester | 2004-09-18 | 1 | -5/+0 | |
| | ||||||
* | Print error when '!' is used with multiport. Based on patch by Phil Oester. | Patrick McHardy | 2004-09-18 | 3 | -0/+21 | |
| | ||||||
* | port physdev to ip6tables (Bart De Schuymer) | Bart De Schuymer | 2004-09-12 | 4 | -1/+299 | |
| | ||||||
* | Fix typo. (Phil Oester) Closes #239 | Phil Oester | 2004-09-09 | 1 | -1/+1 | |
| | ||||||
* | Fix number parsing (Piotr Gasidlo) | Piotr Gasidło | 2004-09-02 | 1 | -1/+1 | |
| | ||||||
* | add delete by matching-rule to libiptc2 (still untested) | Harald Welte | 2004-08-30 | 1 | -67/+19 | |
| | ||||||
* | slightly different semantics of iptc_builtin | Harald Welte | 2004-08-30 | 2 | -3/+3 | |
| | ||||||
* | fix slightly changed semantics of iptc_is_builtin | Harald Welte | 2004-08-30 | 2 | -3/+3 | |
| |