Commit message (Collapse) | Author | Age | Files | Lines | ||
---|---|---|---|---|---|---|
... | ||||||
* | Unifies libip[6]t_limit.c into libxt_limit.c. | Yasuyuki KOZAKAI | 2007-07-24 | 2 | -27/+6 | |
| | ||||||
* | Unifies libip[6]t_mac.c into libxt_mac.c | Yasuyuki KOZAKAI | 2007-07-24 | 1 | -0/+8 | |
| | ||||||
* | Unifies libip[6]t_physdev.c into libxt_physdev.c | Yasuyuki KOZAKAI | 2007-07-24 | 3 | -48/+24 | |
| | ||||||
* | Add IPv6 support to pkttype match | Yasuyuki KOZAKAI | 2007-07-24 | 2 | -9/+8 | |
| | ||||||
* | Unifies libip[6]t_sctp.c into libxt_sctp.c | Yasuyuki KOZAKAI | 2007-07-24 | 1 | -11/+11 | |
| | ||||||
* | Add IPv6 support to tcpmss match | Yasuyuki KOZAKAI | 2007-07-24 | 2 | -9/+9 | |
| | ||||||
* | Unifies libip[6]t_udp.c into libxt_udp.c | Yasuyuki KOZAKAI | 2007-07-24 | 1 | -0/+36 | |
| | ||||||
* | Unifies libip[6]_mark.c into libxt_mark.c | Yasuyuki KOZAKAI | 2007-07-24 | 1 | -9/+0 | |
| | ||||||
* | Use unified API in libipt_mark.c | Yasuyuki KOZAKAI | 2007-07-24 | 2 | -9/+9 | |
| | ||||||
* | Unifies libip[6]t_multiport.c into libipxt_multiport.c | Yasuyuki KOZAKAI | 2007-07-24 | 2 | -59/+0 | |
| | ||||||
* | Use unified API in multiport match | Yasuyuki KOZAKAI | 2007-07-24 | 1 | -0/+30 | |
| | ||||||
* | Moves all declarations in iptables_common.h to xtables.h. | Yasuyuki KOZAKAI | 2007-07-24 | 4 | -38/+31 | |
| | ||||||
* | Moves IPPROTO_* and IP[6]T_LIB_DIR definitions to xtables.h | Yasuyuki KOZAKAI | 2007-07-24 | 3 | -22/+16 | |
| | ||||||
* | Moves some duplicated functions in ip[6]tables.c to xtables.c | Yasuyuki KOZAKAI | 2007-07-24 | 4 | -18/+17 | |
| | | | | | string_to_number_ll, string_to_number_l, string_to_number, service_to_port, parse_port, parse_interface, are moved. | |||||
* | Introduces xtables match/target registration | Yasuyuki KOZAKAI | 2007-07-24 | 6 | -276/+342 | |
| | | | | | | | | | | | | | | | | | | | | | | | - moves lib_dir to xtables.c - introduces struct pfinfo which has protocol family dependent infomations. - unifies load_ip[6]tables_ko() and moves them as load_xtables_ko() - introduces xt_{match,match_rule,target,tryload} and replaces ip[6]t_* with them - unifies following functions and move them to xtables.c - find_{match,find_target} - compatible_revision, compatible_{match,target}_revision - introduces xtables_register_{match,target} and make register_{match,target}[6] call them. xtables_register_* register ONLY matches/targets matched protocol family Some concepts: - source compatibility for libip[6]t_xxx.c with warning on compilation not binary compatibility. - binary compatibility between 2.4/2.6 kernel and iptables/ip6tables, of cause. - xtables is enough to support only one address family at runtime. Then xtables keeps infomations of only the focused address famiy in struct afinfo. | |||||
* | Moves ip[6]tables_insmod() to xtables.c as xtables_insmod() | Yasuyuki KOZAKAI | 2007-07-24 | 3 | -4/+3 | |
| | ||||||
* | Moves common fw_malloc() and fw_calloc() to xtables.c | Yasuyuki KOZAKAI | 2007-07-24 | 1 | -0/+3 | |
| | ||||||
* | Adds xtables.[ch] and change Makefile to compile it | Yasuyuki KOZAKAI | 2007-07-24 | 1 | -0/+4 | |
| | ||||||
* | PATCH: Add connlimit to iptables. | Jan Engelhardt | 2007-07-09 | 1 | -0/+17 | |
| | | | | Signed-off-by: Jan Engelhardt <jengelh@gmx.de> | |||||
* | Removes KERNEL_64_USERSPACE_32 | Yasuyuki KOZAKAI | 2007-06-30 | 4 | -75/+0 | |
| | | | | | | | The recent kernel has compat layer for iptables. It doesn't have compat layer for libipq and ip6tables, but ip6tables with KERNEL_64_USERSPACE_32 is still broken. We should fix kernel instead of fixing them if and when we want use their 32bit binary with 64bit kernel. | |||||
* | Removes some KERNEL_64_USERSPACE_32 because linux 2.6 has compat layer | Yasuyuki KOZAKAI | 2007-06-28 | 10 | -50/+3 | |
| | ||||||
* | Use nf_conntrack headers instead of ip_conntrack ones and add sanitized ↵ | Patrick McHardy | 2007-04-18 | 5 | -1/+297 | |
| | | | | versions. | |||||
* | Fixes typos in the argument of ip[6]tables_insmod: quit -> quiet | Yasuyuki KOZAKAI | 2007-03-20 | 2 | -4/+6 | |
| | ||||||
* | Supress error message from modprobe on checking revision. | Yasuyuki KOZAKAI | 2007-03-13 | 2 | -4/+4 | |
| | ||||||
* | Add ip6tables TCPMSS extension (Arnaud Ebalard <arno@natisbad.org>) | Arnaud Ebalard | 2007-01-16 | 1 | -0/+10 | |
| | | | | Kernel part will go in 2.6.21. | |||||
* | Add UDPLITE multiport support | Patrick McHardy | 2007-01-11 | 2 | -0/+6 | |
| | ||||||
* | Fix /etc/network usage (Pablo Neira) | Pablo Neira Ayuso | 2006-11-29 | 1 | -0/+1 | |
| | | | | | | | | | | | | | | | | | | | | | | http://bugs.debian.org/398082 iptables 1.3.5 and 1.3.6 appear to read /etc/networks, but the information is lost somewhere with 1.3.6. # cat /etc/networks foonet 10.0.0.0 # strace -s 255 -o /tmp/foo iptables -v -A INPUT -s foonet/8 -j ACCEPT #1.3.5 [1] ACCEPT all opt -- in * out * 10.0.0.0/8 -> 0.0.0.0/0 # strace -s 255 -o /tmp/bar iptables -v -A INPUT -s foonet/8 -j ACCEPT #1.3.6 [2] iptables v1.3.6: host/network `foonet.0.0.0' not found Try `iptables -h' or 'iptables --help' for more information. 1. http://people.debian.org/~ljlane/stuff/strace-iptables-1.3.5.txt 2. http://people.debian.org/~ljlane/stuff/strace-iptables-1.3.6.txt | |||||
* | load ip_[6]tables.ko just before checking revision support in kernel. | Yasuyuki KOZAKAI | 2006-11-13 | 2 | -0/+2 | |
| | ||||||
* | changes IP6T_SO_GET_REVISION_{MATCH,TARGET} to 68,69 | Yasuyuki KOZAKAI | 2006-11-13 | 1 | -2/+2 | |
| | | | | 66 and 67 is conflicted with IPv6 Advanced API in kernel <= 2.6.18. | |||||
* | - Add revision support to ip6tables. | Rémi Denis-Courmont | 2006-10-20 | 2 | -0/+45 | |
| | | | | | - Add support port range match to libip6t_multiport (R?mi Denis-Courmont <rdenis@simphalempin.com>) | |||||
* | Add endian annotation types to fix compilation for kernels > 2.6.18 | Patrick McHardy | 2006-10-09 | 1 | -0/+5 | |
| | ||||||
* | Revert "proto_to_name duplication" patch, as noticed by Yasuyuki it can cause | Patrick McHardyJesper Brouer | 2006-07-25 | 1 | -1/+0 | |
| | | | | invalid arguments to get accepted. | |||||
* | proto_to_name duplication (Phil Oester <kernel@linuxace.com>) | Phil Oester | 2006-07-22 | 1 | -0/+1 | |
| | | | | | Update multiport match to use the iptables version of proto_to_name instead of reinventing the wheel. | |||||
* | reduce parse_*_port duplication (Phil Oester <kernel@linuxace.com>) | Phil Oester | 2006-07-20 | 2 | -0/+2 | |
| | | | | | The below patch (dependent upon my 'reduce service_to_port duplication' patch) centralizes the parse_*_port functions into parse_port. | |||||
* | reduce service_to_port duplication (Phil Oester <kernel@linuxace.com>) | Phil Oester | 2006-07-20 | 2 | -0/+2 | |
| | | | | | The service_to_port function is used in a number of places, and could benefit from some centralization instead of being duplicated everywhere. | |||||
* | Use gcc to build shared objects (Phil Oester <kernel@linuxace.com>) | Phil Oester | 2006-07-20 | 1 | -0/+2 | |
| | | | | | | | | | | | | As suggested by Dmitry Levin and included in Fedora Core releases, use gcc instead of ld to link shared objects. Fedora rpm notes refer to this fixing a plugin problem, but does not offer specifics. But in any event, 'gcc -dumpspecs' does show gcc will pass a number of parameters which in theory it thinks are better. Compile tested both with and without NO_SHARED_LIBS. Closes bug #454. | |||||
* | Add new exit value to indicate concurrency issues (Jesper Dangaard Brouer ↵ | Jesper Dangaard Brouer | 2006-06-19 | 1 | -1/+2 | |
| | | | | <hawk@comx.dk>) | |||||
* | Add DCCP/SCTP support to multiport. Patch for kernel will go in 2.6.18. | Patrick McHardy | 2006-04-28 | 2 | -0/+10 | |
| | ||||||
* | Multiple matches of the same type can be specified on the commandline. | Joszef Kadlecsik | 2006-03-03 | 2 | -0/+8 | |
| | | | | | | | | | | If two or more matches of the same type are detected then the options are assumed to be grouped in order to tell which option belongs to which match: ... -m foo ... <options0> ... -m foo ... <options1> ... Otherwise the commandline parsing is unmodified. | |||||
* | make policy match compile independant of kernel headersv1.3.5 | Harald Welte | 2006-02-01 | 1 | -0/+4 | |
| | ||||||
* | fix ipt_conntrack compilation against very early (2.4.0) kernel releases | Harald Welte | 2006-02-01 | 1 | -1/+1 | |
| | ||||||
* | remove other bits of old ip pool code, people should use ipset ↵ | Harald Welte | 2006-02-01 | 1 | -26/+0 | |
| | | | | (ipset.netfilter.org) these days | |||||
* | Prepare policy match for x_tables unification by making sure both | Patrick McHardy | 2006-01-31 | 2 | -0/+116 | |
| | | | | ipt_policy and ip6t_policy use the same data structure. | |||||
* | Fix probing for supported revisions (Jones Desougi <jones@ingate.com>) | Jones Desougi | 2005-12-22 | 2 | -0/+2 | |
| | | | | Bugzilla #413 | |||||
* | Kernels higher than 2.6.10 don't support multiple --to arguments in | Phil Oester | 2005-09-19 | 1 | -0/+9 | |
| | | | | | | | | | | | | | | | | | | | | | DNAT and SNAT targets. At present, the error is somewhat vague: # iptables -t nat -A foo -j SNAT --to 1.2.3.4 --to 2.3.4.5 iptables: Invalid argument But if we want current iptables to work with kernels <= 2.6.10, we cannot simply disallow this in all cases. So the below patch adds kernel version checking to iptables, and utilizes it in [DS]NAT. Now, users will see a more informative error: # iptables -t nat -A foo -j SNAT --to 1.2.3.4 --to 2.3.4.5 iptables v1.3.3: Multiple --to-source not supported This generic infrastructure (shamelessly lifted from procps btw) may come in handy in the future for other changes. This fixes bugzilla #367. (Phil Oester) | |||||
* | Add the aligned_u64 typedef, it's defined in linux/types.h in the kernel. | Martin Josefsson | 2005-09-11 | 1 | -0/+4 | |
| | | | | We can't include that header since it conflicts with sys/types.h | |||||
* | add NFQUEUE support for ipv4 and ipv6 | Harald Welte | 2005-07-19 | 1 | -0/+16 | |
| | ||||||
* | fix various missing header file / #define issues on old kernels. I've now ↵v1.3.2 | Harald Welte | 2005-07-10 | 2 | -16/+17 | |
| | | | | tested compilation with kernels starting 2.4.17 | |||||
* | we need to have this header file included, since old kernels don't define ↵ | Harald Welte | 2005-07-10 | 1 | -0/+16 | |
| | | | | IP6T_LOG_UID. | |||||
* | reduce code replication of parse_interface() (Yasuyuki Kozakai) | Yasuyuki KOZAKAI | 2005-06-22 | 2 | -0/+3 | |
| |