Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Kill NFC_* stuff in iptables (Pablo Neira <pablo@eurodev.net>) | Pablo Neira | 2005-02-14 | 87 | -508/+26 |
| | | | | Fixes build with conntrack event patch for 2.6 | ||||
* | Allow "--realm ! foo" and "! --realm foo" (Closes: #297) | Harald Welte | 2005-02-13 | 1 | -1/+1 |
| | |||||
* | fix missing comma at end of line | Harald Welte | 2005-02-13 | 1 | -1/+1 |
| | |||||
* | Fix CONNMARK/connmark issues with 64bit kernel and 32bit userspace. | Martin Josefsson | 2005-02-12 | 4 | -25/+91 |
| | | | | | | | Also fixes a typo in CONNMARK, --mask set the mark, not the mask. Initial patch by: Pablo Neira <pablo@eurodev.net> Signed-off-by: Martin Josefsson <gandalf@wlug.westbo.se> | ||||
* | time to release 1.3.0 finalv1.3.0 | Harald Welte | 2005-02-12 | 1 | -1/+1 |
| | |||||
* | remove way outdated files | Harald Welte | 2005-02-12 | 2 | -96/+0 |
| | |||||
* | update notes to reflect subversion usage | Harald Welte | 2005-02-12 | 1 | -4/+4 |
| | |||||
* | try to fix realm save/restore issue (Adresses: #297) | Harald Welte | 2005-02-08 | 1 | -11/+14 |
| | |||||
* | Fix rule deletion (hinfo pointer initialized by kernel, don't compare it in ↵ | Samuel Jean | 2005-02-07 | 1 | -2/+1 |
| | | | | userspace). (Samuel Jean) | ||||
* | fix parameter handling in libipt_hashlimit with iptables-save (Nikolai Malykh) | Nikolai Malykh | 2005-02-07 | 1 | -2/+6 |
| | |||||
* | Revert the recent addition of memset()'s to TC_COMMIT. One of them is bogus ↵ | Phil Oester | 2005-02-04 | 1 | -3/+0 |
| | | | | | | and the other one needs more investigation to why valgrind is complaining. Noticed and reverted by Phil Oester. | ||||
* | Add support for inversion to multiport revision 1. | Phil Oester | 2005-02-02 | 2 | -5/+11 |
| | | | | Signed-off-by: Phil Oester <kernel@linuxace.com> | ||||
* | we now need to exclude .svn instead of CVSv1.3.0-rc1 | Harald Welte | 2005-02-01 | 1 | -1/+1 |
| | |||||
* | release rc1 | Harald Welte | 2005-02-01 | 1 | -1/+1 |
| | |||||
* | re-implement alphabetic sorting to not confuse users who upgrade to 1.3.0 | Harald Welte | 2005-02-01 | 1 | -7/+18 |
| | |||||
* | fix compiler warning about discarding const | Harald Welte | 2005-02-01 | 1 | -1/+1 |
| | |||||
* | add missing comma | Harald Welte | 2005-02-01 | 1 | -1/+1 |
| | |||||
* | fix typo | Harald Welte | 2005-02-01 | 1 | -1/+1 |
| | |||||
* | make structure initializers use C99 standard (Harald Welte) | Harald Welte | 2005-02-01 | 19 | -261/+229 |
| | |||||
* | typo | Martin Josefsson | 2005-02-01 | 1 | -1/+1 |
| | |||||
* | check for colons | Harald Welte | 2005-02-01 | 1 | -1/+6 |
| | |||||
* | be more specific what INPUT means (Matthias Bruestle) | Harald Welte | 2005-02-01 | 1 | -1/+1 |
| | |||||
* | Use C99 initializers | Harald Welte | 2005-02-01 | 1 | -11/+11 |
| | |||||
* | - Sets the 'iptc_fn' global variable to the pointer to the current functions ↵ | Derrik Pates | 2005-02-01 | 1 | -13/+36 |
| | | | | | | | | in all major TC_* functions. This is necessary because in certain cases, an error return from a function that doesn't set 'iptc_fn' will conflict with a function-specific error return from one that does, causing TC_STRERROR() to return the wrong error string. This ensures that the right one will be returned. - Implements a simple reference counter for the netlink socket global variable 'sockfd'; this is necessary for IPTables::IPv4, where multiple tables (filter, nat, mangle, untracked) may be opened at one time. The way libiptc does it in the official version causes previously-opened tables to break such that attempts to commit changes will fail. - Adds a couple of memset() invocations in TC_COMMIT, based on past analysis with valgrind. It claimed that allocated structure were not being fully initialized, and adding the memset()s corrected this warning. (Derrik Pates <demon@devrandom.net>) | ||||
* | John McCann points out via bugzilla that iptables happily accepts this | Phil Oester | 2005-02-01 | 1 | -1/+6 |
| | | | | | | | | | | | | | syntax on DNAT/SNAT: --to x.x.x.x:y:z but doesn't actually make use of the second port. Clear up the confusion by only accepting a dash between the ports. This closes bugzilla #265. Signed-off-by: Phil Oester <kernel@linuxace.com> | ||||
* | fix name of 'extra_opts' structure member (Nikolai Malykh) | Nikolai Malykh | 2005-01-22 | 1 | -1/+1 |
| | |||||
* | Make it compile on current kernels, the future isn't here yet. | Martin Josefsson | 2005-01-05 | 1 | -0/+6 |
| | |||||
* | Testsuite found an issue: multiport accepts -p ! tcp. | Rusty Russell | 2005-01-03 | 1 | -0/+4 |
| | |||||
* | Pablo Neira: | Pablo Neira | 2005-01-03 | 2 | -1/+227 |
| | | | | Multiport revision 1 userspace support. | ||||
* | Remove leftover debug printf | Martin Josefsson | 2005-01-03 | 1 | -3/+0 |
| | |||||
* | Replace memchr with strlen and fix up one of the statements. | Martin Josefsson | 2005-01-03 | 1 | -4/+4 |
| | |||||
* | Extension revision number support (if kernel supports the getsockopts). | Rusty Russell | 2005-01-03 | 5 | -21/+281 |
| | | | | | Enhance MARK match with second revision. Committed in anticipation of the kernel patch being applied. | ||||
* | Prevent user from using --helper multiple times (Nicolas Bouliane ↵ | Nicolas Bouliane | 2005-01-02 | 1 | -0/+3 |
| | | | | <nib@cookinglinux.org>) | ||||
* | Add --log-uid option (John Lange <john.lange@open-it.ca>) | John Lange | 2005-01-02 | 2 | -1/+20 |
| | |||||
* | Stupid typo that meant we didn't compare target data when doing ↵ | Rusty Russell | 2004-12-29 | 1 | -1/+1 |
| | | | | delete-by-matching-rule (found by nfsim test). | ||||
* | Fix compile error introduced by C99 conversion. | Rusty Russell | 2004-12-29 | 1 | -1/+0 |
| | |||||
* | Pablo Neira: extensions conversion to C99 structure initialization | Pablo Neira | 2004-12-28 | 69 | -939/+893 |
| | | | | (I removed the revision stuff for the moment, but this needs to go in before the code moves too much --RR) | ||||
* | Fix setting lib_dir in ip*tables-{save,restore} | Martin Josefsson | 2004-12-27 | 11 | -22/+37 |
| | |||||
* | Use string_to_number. Don't check for no optarg: we set has_arg to 1 in ↵ | Rusty Russell | 2004-12-22 | 1 | -5/+5 |
| | | | | option array, so getopt does that for us. | ||||
* | Don't need ipt_entry_target()/ip6t_entry_target() now kernel uses static ↵ | Rusty Russell | 2004-12-22 | 2 | -30/+16 |
| | | | | | | inline instead of extern inline (otherwise it doesn't compile without -O). Don't re-initialize libiptc/libip6t unless modprobe attempt actually succeeds. This makes nfsim run about 20 times faster, as it doesn't have to explore failures in the first iptc_init(). | ||||
* | Implement IPTABLES_LIB_DIR and IP6TABLES_LIB_DIR environment variables, and ↵ | Rusty Russell | 2004-12-20 | 2 | -9/+21 |
| | | | | set them in testsuite if we're running iptables within tree. | ||||
* | Nicolas Bouliane: I was writing an nfsim .sim for the match tos, when I ↵ | Nicolas Bouliane | 2004-12-20 | 1 | -0/+5 |
| | | | | realized that when we enter --tos twice the second overwrite the first. | ||||
* | Implement some optimization for finding rules to replace in TC_REPLACE_ENTRY. | Martin Josefsson | 2004-12-18 | 1 | -2/+9 |
| | | | | Stolen from TC_DELETE_NUM_ENTRY. | ||||
* | Make "is_same" test basics and entries only: targets are generic. | Rusty Russell | 2004-12-16 | 3 | -70/+72 |
| | | | | | | | Make target testing aware of different kinds of rules. Change reverse logic: target_different now target_same. Set type to MODULE in iptcc_map_target. Add testcase for this. | ||||
* | Remove GET_TARGET() define: this was for compiling iptables for debugging ↵ | Rusty Russell | 2004-12-16 | 1 | -37/+25 |
| | | | | | | | (ie. without -O) on old kernels where ipt_get_target() was defined "extern inline". These days it's "static inline", and only developers build without -O anyway. Fix up DUMP_ENTRIES a little, but remove calls: it only dumps the table as loaded, not the changed (cached) table, which is misleading. Fix TC_DELETE_ENTRY: we need to use iptcc_map_target() before comparing, otherwise "-j DROP" (as an example) doesn't work. | ||||
* | ROUTE --tee target extension (Patrick Schaaf) | Patrick Schaaf | 2004-12-14 | 4 | -13/+84 |
| | |||||
* | ipset 2 related updates (JK) | Joszef Kadlecsik | 2004-12-01 | 5 | -83/+243 |
| | |||||
* | fix some compiler warnings and errors | Harald Welte | 2004-11-18 | 1 | -17/+24 |
| | |||||
* | sync with latest patch-o-matic-ng update (support direction and mode parameters) | Harald Welte | 2004-11-18 | 1 | -11/+84 |
| | |||||
* | Search backwards when inserting/deleting in/from the top half of the rules ↵ | Martin Josefsson | 2004-10-24 | 1 | -12/+24 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | in a chain. before: insert 50k rules without any previous rules real 0m1.314s user 0m1.184s sys 0m0.123s insert 50k with one already existing rule real 2m38.052s user 2m37.296s sys 0m0.353s insert 50k rules in the middle of 20k already existing rules real 2m43.831s user 2m43.005s sys 0m0.414s delete rule #70000 10k times with 100k rules real 1m37.990s user 1m37.247s sys 0m0.500s after: insert 50k without any previous rules real 0m1.315s user 0m1.184s sys 0m0.125s insert 50k with one already existing rule real 0m1.313s user 0m1.189s sys 0m0.119s insert 50k rules in the middle of 20k already existing rules real 0m8.550s user 0m8.327s sys 0m0.197s delete rule #70000 10k times with 100k rules real 0m35.566s user 0m35.062s sys 0m0.416s |