Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Use unified API in multiport match | Yasuyuki KOZAKAI | 2007-07-24 | 1 | -0/+30 |
| | |||||
* | Introduces xtables match/target registration | Yasuyuki KOZAKAI | 2007-07-24 | 1 | -0/+123 |
| | | | | | | | | | | | | | | | | | | | | | | | - moves lib_dir to xtables.c - introduces struct pfinfo which has protocol family dependent infomations. - unifies load_ip[6]tables_ko() and moves them as load_xtables_ko() - introduces xt_{match,match_rule,target,tryload} and replaces ip[6]t_* with them - unifies following functions and move them to xtables.c - find_{match,find_target} - compatible_revision, compatible_{match,target}_revision - introduces xtables_register_{match,target} and make register_{match,target}[6] call them. xtables_register_* register ONLY matches/targets matched protocol family Some concepts: - source compatibility for libip[6]t_xxx.c with warning on compilation not binary compatibility. - binary compatibility between 2.4/2.6 kernel and iptables/ip6tables, of cause. - xtables is enough to support only one address family at runtime. Then xtables keeps infomations of only the focused address famiy in struct afinfo. | ||||
* | PATCH: Add connlimit to iptables. | Jan Engelhardt | 2007-07-09 | 1 | -0/+17 |
| | | | | Signed-off-by: Jan Engelhardt <jengelh@gmx.de> | ||||
* | Removes KERNEL_64_USERSPACE_32 | Yasuyuki KOZAKAI | 2007-06-30 | 2 | -8/+0 |
| | | | | | | | The recent kernel has compat layer for iptables. It doesn't have compat layer for libipq and ip6tables, but ip6tables with KERNEL_64_USERSPACE_32 is still broken. We should fix kernel instead of fixing them if and when we want use their 32bit binary with 64bit kernel. | ||||
* | Removes some KERNEL_64_USERSPACE_32 because linux 2.6 has compat layer | Yasuyuki KOZAKAI | 2007-06-28 | 10 | -50/+3 |
| | |||||
* | Use nf_conntrack headers instead of ip_conntrack ones and add sanitized ↵ | Patrick McHardy | 2007-04-18 | 5 | -1/+297 |
| | | | | versions. | ||||
* | Add ip6tables TCPMSS extension (Arnaud Ebalard <arno@natisbad.org>) | Arnaud Ebalard | 2007-01-16 | 1 | -0/+10 |
| | | | | Kernel part will go in 2.6.21. | ||||
* | - Add revision support to ip6tables. | Rémi Denis-Courmont | 2006-10-20 | 1 | -0/+30 |
| | | | | | - Add support port range match to libip6t_multiport (R?mi Denis-Courmont <rdenis@simphalempin.com>) | ||||
* | make policy match compile independant of kernel headersv1.3.5 | Harald Welte | 2006-02-01 | 1 | -0/+4 |
| | |||||
* | fix ipt_conntrack compilation against very early (2.4.0) kernel releases | Harald Welte | 2006-02-01 | 1 | -1/+1 |
| | |||||
* | Prepare policy match for x_tables unification by making sure both | Patrick McHardy | 2006-01-31 | 2 | -0/+116 |
| | | | | ipt_policy and ip6t_policy use the same data structure. | ||||
* | add NFQUEUE support for ipv4 and ipv6 | Harald Welte | 2005-07-19 | 1 | -0/+16 |
| | |||||
* | fix various missing header file / #define issues on old kernels. I've now ↵v1.3.2 | Harald Welte | 2005-07-10 | 2 | -16/+17 |
| | | | | tested compilation with kernels starting 2.4.17 | ||||
* | we need to have this header file included, since old kernels don't define ↵ | Harald Welte | 2005-07-10 | 1 | -0/+16 |
| | | | | IP6T_LOG_UID. | ||||
* | omeone forgot to update ipt_conntrack.h header in user space. So, update it ↵ | Harald WeltePablo Neira | 2005-04-15 | 1 | -1/+22 |
| | | | | to use ip_conntrack_old_tuple. (Pablo Neira) | ||||
* | This fixes rule deletion in CLUSTERIP in iptables (Pablo Neira) | Pablo Neira | 2005-03-07 | 1 | -0/+37 |
| | |||||
* | Fix CONNMARK/connmark issues with 64bit kernel and 32bit userspace. | Martin Josefsson | 2005-02-12 | 2 | -0/+9 |
| | | | | | | | Also fixes a typo in CONNMARK, --mask set the mark, not the mask. Initial patch by: Pablo Neira <pablo@eurodev.net> Signed-off-by: Martin Josefsson <gandalf@wlug.westbo.se> | ||||
* | Add support for inversion to multiport revision 1. | Phil Oester | 2005-02-02 | 1 | -0/+1 |
| | | | | Signed-off-by: Phil Oester <kernel@linuxace.com> | ||||
* | Pablo Neira: | Pablo Neira | 2005-01-03 | 1 | -0/+28 |
| | | | | Multiport revision 1 userspace support. | ||||
* | Extension revision number support (if kernel supports the getsockopts). | Rusty Russell | 2005-01-03 | 1 | -0/+15 |
| | | | | | Enhance MARK match with second revision. Committed in anticipation of the kernel patch being applied. | ||||
* | move ipt_hashlimit to it's correct location | Harald Welte | 2004-10-20 | 1 | -0/+40 |
| | |||||
* | Add comment match extension (Brad Fisher) | Brad Fisher | 2004-09-20 | 1 | -0/+10 |
| | |||||
* | port physdev to ip6tables (Bart De Schuymer) | Bart De Schuymer | 2004-09-12 | 1 | -0/+24 |
| | |||||
* | Add ipt_addrtype.h | Patrick McHardy | 2004-06-28 | 1 | -0/+11 |
| | |||||
* | add missing include | Harald Welte | 2004-06-21 | 1 | -0/+39 |
| | |||||
* | With a 64bit kernel only the high 32bits of nfmark was used regardless of | Martin Josefsson | 2004-05-26 | 4 | -0/+50 |
| | | | | | | | 32/64bit userspace. This makes it quite hard to interoperate with 'tc'. Sync ipv6 versions with ipv4 versions. Tested on x86 and sparc64 with both 32bit and 64bit userspace. | ||||
* | Fix 64bit kernel / 32bit userspace issue. | Martin Josefsson | 2004-05-26 | 2 | -6/+15 |
| | | | | Sync header with kernel. | ||||
* | Fix 64bit kernel / 32bit userspace issue. | Martin Josefsson | 2004-05-26 | 3 | -1/+56 |
| | |||||
* | update for matching chunk flags (Kiran Kumar) | Kiran Kumar | 2004-03-02 | 1 | -0/+11 |
| | |||||
* | add userspace part of SCTP match | Harald Welte | 2004-02-21 | 1 | -20/+91 |
| | |||||
* | latest version of CONNMARK updates (Henrik Nordstrom) | Henrik Nordstrom | 2004-02-03 | 2 | -0/+19 |
| | |||||
* | update ipt_physdev.h (test8 change, make parisc work, alignment issues) | Harald Welte | 2003-11-02 | 1 | -2/+2 |
| | |||||
* | CLASSIFY is now built unconditionally, thus we need the kernel header | Harald Welte | 2003-09-13 | 1 | -0/+8 |
| | |||||
* | add include files for soon-to-be-submitted patches (and build them ↵ | Harald Welte | 2003-08-23 | 4 | -0/+56 |
| | | | | unconditionally by putting thme in the extensions/Makefile) | ||||
* | add (untested) sctp userspace support for even more untested kernel part (in ↵ | Harald Welte | 2003-05-03 | 1 | -0/+25 |
| | | | | pom soon) | ||||
* | rename iplimit to connlimit | Harald Welte | 2003-04-30 | 1 | -6/+6 |
| | |||||
* | ipt_physdev update (--physdev-is-{in,out,bridged}) by Bart de Schuymer | Bart De Schuymer | 2003-04-27 | 1 | -2/+7 |
| | |||||
* | add libipt_physdev.c (Bart de Schumyer) | Bart De Schuymer | 2003-02-11 | 1 | -0/+19 |
| | |||||
* | add support for rpc match | Harald Welte | 2003-01-12 | 1 | -0/+35 |
| | |||||
* | apply ipv6 hoplimit (hl match, HL target) patch (Maciej Soltysiak ↵ | Maciej Soltysiak | 2003-01-08 | 2 | -0/+44 |
| | | | | <solt@dns.toxicfilms.tv>) | ||||
* | make libipt_helper.so build always, since it's now submitted to 2.4.20 | Harald Welte | 2002-08-09 | 1 | -0/+8 |
| | |||||
* | bring ECN headers in sync with ecn.patch | Harald Welte | 2002-08-05 | 2 | -4/+3 |
| | |||||
* | restore old DSCP_SHIFT behaviour | Harald Welte | 2002-08-05 | 2 | -3/+3 |
| | |||||
* | fix typo in ipt_ecn.h | Harald Welte | 2002-06-04 | 1 | -2/+2 |
| | |||||
* | add header file for ECN match | Harald Welte | 2002-05-29 | 2 | -1/+35 |
| | |||||
* | bring ECN plugin in sync with new ECN target | Harald Welte | 2002-05-29 | 1 | -11/+17 |
| | |||||
* | new ip6 FRAG match by kisza | András Kis-Szabó | 2002-03-26 | 2 | -0/+42 |
| | |||||
* | Add AH/ESP match for ipv6 | Harald Welte | 2002-03-25 | 2 | -0/+44 |
| | |||||
* | make libipt_conntrack compile by default | Harald Welte | 2002-03-18 | 1 | -0/+39 |
| | |||||
* | libipt_pkttype now compiled by default | Harald Welte | 2002-03-18 | 1 | -0/+9 |
| |