Commit message (Collapse) | Author | Age | Files | Lines | ||
---|---|---|---|---|---|---|
... | ||||||
* | Restore chain order (Olaf Rempel <razzor@kopf-tisch.de>) | Olaf Rempel | 2005-03-04 | 1 | -4/+7 | |
| | ||||||
* | Kill NFC_* stuff in iptables (Pablo Neira <pablo@eurodev.net>) | Pablo Neira | 2005-02-14 | 87 | -508/+26 | |
| | | | | Fixes build with conntrack event patch for 2.6 | |||||
* | Allow "--realm ! foo" and "! --realm foo" (Closes: #297) | Harald Welte | 2005-02-13 | 1 | -1/+1 | |
| | ||||||
* | fix missing comma at end of line | Harald Welte | 2005-02-13 | 1 | -1/+1 | |
| | ||||||
* | Fix CONNMARK/connmark issues with 64bit kernel and 32bit userspace. | Martin Josefsson | 2005-02-12 | 4 | -25/+91 | |
| | | | | | | | Also fixes a typo in CONNMARK, --mask set the mark, not the mask. Initial patch by: Pablo Neira <pablo@eurodev.net> Signed-off-by: Martin Josefsson <gandalf@wlug.westbo.se> | |||||
* | time to release 1.3.0 finalv1.3.0 | Harald Welte | 2005-02-12 | 1 | -1/+1 | |
| | ||||||
* | remove way outdated files | Harald Welte | 2005-02-12 | 2 | -96/+0 | |
| | ||||||
* | update notes to reflect subversion usage | Harald Welte | 2005-02-12 | 1 | -4/+4 | |
| | ||||||
* | try to fix realm save/restore issue (Adresses: #297) | Harald Welte | 2005-02-08 | 1 | -11/+14 | |
| | ||||||
* | Fix rule deletion (hinfo pointer initialized by kernel, don't compare it in ↵ | Samuel Jean | 2005-02-07 | 1 | -2/+1 | |
| | | | | userspace). (Samuel Jean) | |||||
* | fix parameter handling in libipt_hashlimit with iptables-save (Nikolai Malykh) | Nikolai Malykh | 2005-02-07 | 1 | -2/+6 | |
| | ||||||
* | Revert the recent addition of memset()'s to TC_COMMIT. One of them is bogus ↵ | Phil Oester | 2005-02-04 | 1 | -3/+0 | |
| | | | | | | and the other one needs more investigation to why valgrind is complaining. Noticed and reverted by Phil Oester. | |||||
* | Add support for inversion to multiport revision 1. | Phil Oester | 2005-02-02 | 2 | -5/+11 | |
| | | | | Signed-off-by: Phil Oester <kernel@linuxace.com> | |||||
* | we now need to exclude .svn instead of CVSv1.3.0-rc1 | Harald Welte | 2005-02-01 | 1 | -1/+1 | |
| | ||||||
* | release rc1 | Harald Welte | 2005-02-01 | 1 | -1/+1 | |
| | ||||||
* | re-implement alphabetic sorting to not confuse users who upgrade to 1.3.0 | Harald Welte | 2005-02-01 | 1 | -7/+18 | |
| | ||||||
* | fix compiler warning about discarding const | Harald Welte | 2005-02-01 | 1 | -1/+1 | |
| | ||||||
* | add missing comma | Harald Welte | 2005-02-01 | 1 | -1/+1 | |
| | ||||||
* | fix typo | Harald Welte | 2005-02-01 | 1 | -1/+1 | |
| | ||||||
* | make structure initializers use C99 standard (Harald Welte) | Harald Welte | 2005-02-01 | 19 | -261/+229 | |
| | ||||||
* | typo | Martin Josefsson | 2005-02-01 | 1 | -1/+1 | |
| | ||||||
* | check for colons | Harald Welte | 2005-02-01 | 1 | -1/+6 | |
| | ||||||
* | be more specific what INPUT means (Matthias Bruestle) | Harald Welte | 2005-02-01 | 1 | -1/+1 | |
| | ||||||
* | Use C99 initializers | Harald Welte | 2005-02-01 | 1 | -11/+11 | |
| | ||||||
* | - Sets the 'iptc_fn' global variable to the pointer to the current functions ↵ | Derrik Pates | 2005-02-01 | 1 | -13/+36 | |
| | | | | | | | | in all major TC_* functions. This is necessary because in certain cases, an error return from a function that doesn't set 'iptc_fn' will conflict with a function-specific error return from one that does, causing TC_STRERROR() to return the wrong error string. This ensures that the right one will be returned. - Implements a simple reference counter for the netlink socket global variable 'sockfd'; this is necessary for IPTables::IPv4, where multiple tables (filter, nat, mangle, untracked) may be opened at one time. The way libiptc does it in the official version causes previously-opened tables to break such that attempts to commit changes will fail. - Adds a couple of memset() invocations in TC_COMMIT, based on past analysis with valgrind. It claimed that allocated structure were not being fully initialized, and adding the memset()s corrected this warning. (Derrik Pates <demon@devrandom.net>) | |||||
* | John McCann points out via bugzilla that iptables happily accepts this | Phil Oester | 2005-02-01 | 1 | -1/+6 | |
| | | | | | | | | | | | | | syntax on DNAT/SNAT: --to x.x.x.x:y:z but doesn't actually make use of the second port. Clear up the confusion by only accepting a dash between the ports. This closes bugzilla #265. Signed-off-by: Phil Oester <kernel@linuxace.com> | |||||
* | fix name of 'extra_opts' structure member (Nikolai Malykh) | Nikolai Malykh | 2005-01-22 | 1 | -1/+1 | |
| | ||||||
* | Make it compile on current kernels, the future isn't here yet. | Martin Josefsson | 2005-01-05 | 1 | -0/+6 | |
| | ||||||
* | Testsuite found an issue: multiport accepts -p ! tcp. | Rusty Russell | 2005-01-03 | 1 | -0/+4 | |
| | ||||||
* | Pablo Neira: | Pablo Neira | 2005-01-03 | 2 | -1/+227 | |
| | | | | Multiport revision 1 userspace support. | |||||
* | Remove leftover debug printf | Martin Josefsson | 2005-01-03 | 1 | -3/+0 | |
| | ||||||
* | Replace memchr with strlen and fix up one of the statements. | Martin Josefsson | 2005-01-03 | 1 | -4/+4 | |
| | ||||||
* | Extension revision number support (if kernel supports the getsockopts). | Rusty Russell | 2005-01-03 | 5 | -21/+281 | |
| | | | | | Enhance MARK match with second revision. Committed in anticipation of the kernel patch being applied. | |||||
* | Prevent user from using --helper multiple times (Nicolas Bouliane ↵ | Nicolas Bouliane | 2005-01-02 | 1 | -0/+3 | |
| | | | | <nib@cookinglinux.org>) | |||||
* | Add --log-uid option (John Lange <john.lange@open-it.ca>) | John Lange | 2005-01-02 | 2 | -1/+20 | |
| | ||||||
* | Stupid typo that meant we didn't compare target data when doing ↵ | Rusty Russell | 2004-12-29 | 1 | -1/+1 | |
| | | | | delete-by-matching-rule (found by nfsim test). | |||||
* | Fix compile error introduced by C99 conversion. | Rusty Russell | 2004-12-29 | 1 | -1/+0 | |
| | ||||||
* | Pablo Neira: extensions conversion to C99 structure initialization | Pablo Neira | 2004-12-28 | 69 | -939/+893 | |
| | | | | (I removed the revision stuff for the moment, but this needs to go in before the code moves too much --RR) | |||||
* | Fix setting lib_dir in ip*tables-{save,restore} | Martin Josefsson | 2004-12-27 | 11 | -22/+37 | |
| | ||||||
* | Use string_to_number. Don't check for no optarg: we set has_arg to 1 in ↵ | Rusty Russell | 2004-12-22 | 1 | -5/+5 | |
| | | | | option array, so getopt does that for us. | |||||
* | Don't need ipt_entry_target()/ip6t_entry_target() now kernel uses static ↵ | Rusty Russell | 2004-12-22 | 2 | -30/+16 | |
| | | | | | | inline instead of extern inline (otherwise it doesn't compile without -O). Don't re-initialize libiptc/libip6t unless modprobe attempt actually succeeds. This makes nfsim run about 20 times faster, as it doesn't have to explore failures in the first iptc_init(). | |||||
* | Implement IPTABLES_LIB_DIR and IP6TABLES_LIB_DIR environment variables, and ↵ | Rusty Russell | 2004-12-20 | 2 | -9/+21 | |
| | | | | set them in testsuite if we're running iptables within tree. | |||||
* | Nicolas Bouliane: I was writing an nfsim .sim for the match tos, when I ↵ | Nicolas Bouliane | 2004-12-20 | 1 | -0/+5 | |
| | | | | realized that when we enter --tos twice the second overwrite the first. | |||||
* | Implement some optimization for finding rules to replace in TC_REPLACE_ENTRY. | Martin Josefsson | 2004-12-18 | 1 | -2/+9 | |
| | | | | Stolen from TC_DELETE_NUM_ENTRY. | |||||
* | Make "is_same" test basics and entries only: targets are generic. | Rusty Russell | 2004-12-16 | 3 | -70/+72 | |
| | | | | | | | Make target testing aware of different kinds of rules. Change reverse logic: target_different now target_same. Set type to MODULE in iptcc_map_target. Add testcase for this. | |||||
* | Remove GET_TARGET() define: this was for compiling iptables for debugging ↵ | Rusty Russell | 2004-12-16 | 1 | -37/+25 | |
| | | | | | | | (ie. without -O) on old kernels where ipt_get_target() was defined "extern inline". These days it's "static inline", and only developers build without -O anyway. Fix up DUMP_ENTRIES a little, but remove calls: it only dumps the table as loaded, not the changed (cached) table, which is misleading. Fix TC_DELETE_ENTRY: we need to use iptcc_map_target() before comparing, otherwise "-j DROP" (as an example) doesn't work. | |||||
* | ROUTE --tee target extension (Patrick Schaaf) | Patrick Schaaf | 2004-12-14 | 4 | -13/+84 | |
| | ||||||
* | ipset 2 related updates (JK) | Joszef Kadlecsik | 2004-12-01 | 5 | -83/+243 | |
| | ||||||
* | fix some compiler warnings and errors | Harald Welte | 2004-11-18 | 1 | -17/+24 | |
| | ||||||
* | sync with latest patch-o-matic-ng update (support direction and mode parameters) | Harald Welte | 2004-11-18 | 1 | -11/+84 | |
| |