summaryrefslogtreecommitdiffstats
path: root/include/linux/netfilter
Commit message (Collapse)AuthorAgeFilesLines
* extensions: add idletimer xt target extensionLuciano Coelho2010-06-151-0/+45
| | | | | | | Add the extension plugin for the IDLETIMER x_tables target. Signed-off-by: Luciano Coelho <luciano.coelho@nokia.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
* Revert "Revert "Merge branch 'iptables-next'""Patrick McHardy2010-05-211-0/+9
| | | | | | This reverts commit 110c1e4502e21ea38e0980e6f8af857d24330099. Revert the revert to restore the TEE target.
* Revert "Merge branch 'iptables-next'"Patrick McHardy2010-05-211-9/+0
| | | | | | | This reverts commit 65414babaebcd403e9bf2c27d9d74adb369bf3aa, reversing changes made to 7278461dfad72e2008585dd0bac0e889e5bba99e. Forgot to commit the version increase.
* extensions: add support for xt_TEEJan Engelhardt2010-04-191-0/+9
| | | | | | xt_TEE is firstly included in Linux 2.6.35. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* extensions: add CT extensionPatrick McHardy2010-03-082-0/+38
| | | | Signed-off-by: Patrick McHardy <kaber@trash.net>
* includes: header updatesJan Engelhardt2010-02-0138-341/+264
| | | | | | | | | | | | Update the shipped Linux kernel headers from 2.6.33-rc6, as iptables's ipt_ECN.h for example references ipt_DSCP.h, which no longer exists. Since a number of old code pieces have been removed in the kernel in that fashion, the structs for older versions are moved into the .c file, to keep header updating simple. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* extensions: add osf extensionPatrick McHardy2009-11-121-0/+135
| | | | | | From Evgeniy Polyakov <zbr@ioremap.net> Signed-off-by: Patrick McHardy <kaber@trash.net>
* libxt_NFQUEUE: add new v1 version with queue-balance optionFlorian Westphal2009-08-201-0/+5
| | | | | | | | | | | | | | | | New version that adds support for specifying a queue range instead of a single queue id. The kernel will distribute flows across the given queue range. This is useful for multicore systems, simply start multiple instances of the userspace program on queues x, x+1, .. x+n and use "--queue-balance x:x+n". Packets belonging to the same connection are put into the same queue. With fixes from Jan Engelhardt. Signed-off-by: Florian Westphal <fwestphal@astaro.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
* xt_conntrack: revision 2 for enlarged state_mask memberJan Engelhardt2009-06-251-0/+13
| | | | | | This complements the xt_conntrack revision 2 code added to the kenrel. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* extensions: add `cluster' match supportPablo Neira Ayuso2009-05-061-0/+17
| | | | | | This patch adds support for the cluster match to iptables. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* include: resynchronize headers with 2.6.29-rc5Jan Engelhardt2009-02-219-163/+17
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* xt_NFLOG: Set default NFLOG qthreshold to 0Eric Leblond2009-02-091-1/+1
| | | | | | | By setting default NFLOG qthreshold to 0, userspace does not overwrite the per-instance value. Signed-off-by: Patrick McHardy <kaber@trash.net>
* Move libipt_recent to libxt_recentJan Engelhardt2008-10-221-0/+26
| | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* Add iptables support for the TPROXY targetKOVACS Krisztian2008-10-151-0/+14
| | | | | Signed-off-by: KOVACS Krisztian <hidden@sch.bme.hu> Signed-off-by: Patrick McHardy <kaber@trash.net>
* xt_string: string extension case insensitive matchingJoonwoo Park2008-07-071-1/+14
| | | | | | | | | The string extension can search patterns case insensitively with --icase option. A new revision 1 was added, in the meantime invert of xt_string_info was moved into flags as a flag. Signed-off-by: Joonwoo Park <joonwpark81@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
* Resync header files with kernelPatrick McHardy2008-06-0510-16/+105
| | | | | Resync headers and add types.h file for endian annotated types, which are not available with old headers.
* Add all necessary header files - compilation fix for various casesJan Engelhardt2008-04-142-0/+69
| | | | | | Allow iptables to compile without a kernel source tree. This implies fixing build for older kernels, such as 2.6.17 which lack xt_SECMARK.h.
* Add support for xt_hashlimit match revision 1Jan Engelhardt2008-04-131-6/+32
|
* Fix -Wshadow warnings and clean up xt_sctp.hJan Engelhardt2008-04-061-50/+37
| | | | | Note: xt_sctp.h is still not merged upstream in the kernel as of this commit. But a refactoring was really needed.
* [IPTABLES]: libxt_owner: UID/GID range supportJan Engelhardt2008-01-291-2/+2
| | | | | | UID/GID range support for libxt_owner Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
* libxt_CONNMARK revision 1Jan Engelhardt2008-01-291-0/+5
| | | | | | Add support for xt_CONNMARK target revision 1. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
* libxt_TCPOPTSTRIPSven Schnelle2008-01-201-0/+13
| | | | | | | Import libxt_TCPOPTSTRIP into iptables. Signed-off-by: Sven Schnelle <svens@bitebene.org> Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
* libxt_iprange r0Jan Engelhardt2008-01-201-0/+17
| | | | | | Move libipt_iprange to libxt_iprange. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
* libxt_mark r1Jan Engelhardt2008-01-201-1/+6
| | | | | | Introduce libxt_mark match revision 1 support. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
* libxt_conntrack r0Jan Engelhardt2008-01-201-0/+83
| | | | | | Move libipt_conntrack to libxt_conntrack. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
* libxt_connmark r1Jan Engelhardt2008-01-201-0/+5
| | | | | | Add support for xt_connmark match revision 1. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
* libxt_MARK r2Jan Engelhardt2008-01-201-0/+4
| | | | | | | Add support for xt_MARK target revision 2. Also consolidate libip6t_MARK.man and libipt_MARK.man. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
* libxt_TOSJan Engelhardt2008-01-201-0/+5
| | | | | | | Move libipt_TOS revision 0 to libxt_TOS revision 0 and add support for xt_TOS target revision 1. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
* libxt_tosJan Engelhardt2008-01-201-0/+6
| | | | | | | Move libipt_tos revision 0 to libxt_tos revision 0 and add support for xt_tos match revision 1. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
* libxt_ownerJan Engelhardt2008-01-201-0/+16
| | | | | | | libxt_owner merges libipt_owner and libip6t_owner, and adds support for the xt_owner match revision 1. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
* Add rateest match extensionPatrick McHardy2008-01-151-0/+33
| | | | Signed-off-by: Patrick McHardy <kaber@trash.net>
* Add RATEEST target extensionPatrick McHardy2008-01-151-0/+11
| | | | Signed-off-by: Patrick McHardy <kaber@trash.net>
* Fix make/compile error for iptables-1.4.0rc1Jesper Brouer2007-11-251-2/+9
| | | | | | | | | | | | | | | | | | | Fixing a make/compile issue with iptables, release candidate 1.4.0rc1, which has existed since SVN changeset 6920. This patch adds ip_tables.h and ip6_tables.h, and updates x_tables.h, taken from Linus'es git tree. Changeset 6920 added the include file x_tables.h from kernel source, but didn't add ip_tables.h and ip6_tables.h. At some point (Tue Nov 14 19:48:48 2006, by Yasuyuki Kozakai) these kernel headers where changed, which actually removes certain depencencies from ip_tables.h and ip6_tables.h to x_tables.h. If compiling will fail, with old kernel headers (ip_tables.h and ip6_tables.h) available in systems include path, because they depend on certaine defines in x_tables.h with is missing in the version in SVN. Jesper Brouer <jdb@comx.dk>
* Add the libxt_time iptables matchJan Engelhardt2007-09-231-0/+25
| | | | | | | | | | | This is libipt_time from POM-ng enhanced by the following: * day-of-month support (for example "match on the 15th of each month") * inversion support for --weekdays and --monthdays * match against UTC or local timezone * a manpage Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
* Adds u32 to iptables.Jan Engelhardt2007-09-101-0/+40
| | | | Signed-off-by: Jan Engelhardt <jengelh@gmx.de>
* Build dccp match unconditionallyPatrick McHardy2007-09-051-0/+23
|
* Build string match unconditionallyPatrick McHardy2007-09-051-0/+18
|
* Build statistic match unconditionallyPatrick McHardy2007-09-051-0/+32
|
* Build quota match unconditionallyPatrick McHardy2007-09-051-0/+16
|
* Build NFLOG target unconditionallyPatrick McHardy2007-09-051-0/+18
|
* Add IPv6 support to helper matchYasuyuki KOZAKAI2007-08-041-0/+8
|
* Add IPv6 support to connbytes matchYasuyuki KOZAKAI2007-08-041-0/+25
|
* Add IPv6 support to DSCP targetYasuyuki KOZAKAI2007-08-041-0/+20
|
* Add IPv6 support to CLASSIFY targetYasuyuki KOZAKAI2007-08-041-0/+8
|
* Unifies libip[6]t_state into libxt_stateYasuyuki KOZAKAI2007-08-041-0/+13
|
* Unifies libip[6]t_connmark into libxt_connmarkYasuyuki KOZAKAI2007-08-041-0/+18
|
* Unifies libip[6]t_hashlimit into libxt_hashlimitYasuyuki KOZAKAI2007-08-041-0/+40
|
* Unifies libip[6]t_MARK into libxt_MARKYasuyuki KOZAKAI2007-08-041-0/+21
|
* Unifies libip[6]t_CONNSECMARK into libxt_CONNSECMARKYasuyuki KOZAKAI2007-08-041-0/+13
|
* Add IPv6 support to CONNMARK matchYasuyuki KOZAKAI2007-08-041-0/+25
|