summaryrefslogtreecommitdiffstats
path: root/include
Commit message (Collapse)AuthorAgeFilesLines
* Multiple matches of the same type can be specified on the commandline.Joszef Kadlecsik2006-03-032-0/+8
| | | | | | | | | | If two or more matches of the same type are detected then the options are assumed to be grouped in order to tell which option belongs to which match: ... -m foo ... <options0> ... -m foo ... <options1> ... Otherwise the commandline parsing is unmodified.
* make policy match compile independant of kernel headersv1.3.5Harald Welte2006-02-011-0/+4
|
* fix ipt_conntrack compilation against very early (2.4.0) kernel releasesHarald Welte2006-02-011-1/+1
|
* remove other bits of old ip pool code, people should use ipset ↵Harald Welte2006-02-011-26/+0
| | | | (ipset.netfilter.org) these days
* Prepare policy match for x_tables unification by making sure bothPatrick McHardy2006-01-312-0/+116
| | | | ipt_policy and ip6t_policy use the same data structure.
* Fix probing for supported revisions (Jones Desougi <jones@ingate.com>)Jones Desougi2005-12-222-0/+2
| | | | Bugzilla #413
* Kernels higher than 2.6.10 don't support multiple --to arguments inPhil Oester2005-09-191-0/+9
| | | | | | | | | | | | | | | | | | | | | DNAT and SNAT targets. At present, the error is somewhat vague: # iptables -t nat -A foo -j SNAT --to 1.2.3.4 --to 2.3.4.5 iptables: Invalid argument But if we want current iptables to work with kernels <= 2.6.10, we cannot simply disallow this in all cases. So the below patch adds kernel version checking to iptables, and utilizes it in [DS]NAT. Now, users will see a more informative error: # iptables -t nat -A foo -j SNAT --to 1.2.3.4 --to 2.3.4.5 iptables v1.3.3: Multiple --to-source not supported This generic infrastructure (shamelessly lifted from procps btw) may come in handy in the future for other changes. This fixes bugzilla #367. (Phil Oester)
* Add the aligned_u64 typedef, it's defined in linux/types.h in the kernel.Martin Josefsson2005-09-111-0/+4
| | | | We can't include that header since it conflicts with sys/types.h
* add NFQUEUE support for ipv4 and ipv6Harald Welte2005-07-191-0/+16
|
* fix various missing header file / #define issues on old kernels. I've now ↵v1.3.2Harald Welte2005-07-102-16/+17
| | | | tested compilation with kernels starting 2.4.17
* we need to have this header file included, since old kernels don't define ↵Harald Welte2005-07-101-0/+16
| | | | IP6T_LOG_UID.
* reduce code replication of parse_interface() (Yasuyuki Kozakai)Yasuyuki KOZAKAI2005-06-222-0/+3
|
* omeone forgot to update ipt_conntrack.h header in user space. So, update it ↵Harald WeltePablo Neira2005-04-151-1/+22
| | | | to use ip_conntrack_old_tuple. (Pablo Neira)
* This fixes rule deletion in CLUSTERIP in iptables (Pablo Neira)Pablo Neira2005-03-071-0/+37
|
* Fix CONNMARK/connmark issues with 64bit kernel and 32bit userspace.Martin Josefsson2005-02-122-0/+9
| | | | | | | Also fixes a typo in CONNMARK, --mask set the mark, not the mask. Initial patch by: Pablo Neira <pablo@eurodev.net> Signed-off-by: Martin Josefsson <gandalf@wlug.westbo.se>
* Add support for inversion to multiport revision 1.Phil Oester2005-02-021-0/+1
| | | | Signed-off-by: Phil Oester <kernel@linuxace.com>
* Pablo Neira:Pablo Neira2005-01-031-0/+28
| | | | Multiport revision 1 userspace support.
* Extension revision number support (if kernel supports the getsockopts).Rusty Russell2005-01-032-0/+33
| | | | | Enhance MARK match with second revision. Committed in anticipation of the kernel patch being applied.
* Fix setting lib_dir in ip*tables-{save,restore}Martin Josefsson2004-12-273-0/+9
|
* move ipt_hashlimit to it's correct locationHarald Welte2004-10-201-0/+0
|
* add hashlimit kernel header fileHarald Welte2004-10-201-0/+40
|
* Add comment match extension (Brad Fisher)Brad Fisher2004-09-201-0/+10
|
* port physdev to ip6tables (Bart De Schuymer)Bart De Schuymer2004-09-121-0/+24
|
* Add ipt_addrtype.hPatrick McHardy2004-06-281-0/+11
|
* add missing includeHarald Welte2004-06-211-0/+39
|
* With a 64bit kernel only the high 32bits of nfmark was used regardless ofMartin Josefsson2004-05-264-0/+50
| | | | | | | 32/64bit userspace. This makes it quite hard to interoperate with 'tc'. Sync ipv6 versions with ipv4 versions. Tested on x86 and sparc64 with both 32bit and 64bit userspace.
* Fix 64bit kernel / 32bit userspace issue.Martin Josefsson2004-05-262-6/+15
| | | | Sync header with kernel.
* Add versions of string_to_number() for use in 32bit userspace with 64bit kernel.Martin Josefsson2004-05-261-0/+8
|
* Fix 64bit kernel / 32bit userspace issue.Martin Josefsson2004-05-263-1/+56
|
* add definition for IPPROTO_SCTP for systems with old header filesHarald Welte2004-03-041-0/+4
|
* update for matching chunk flags (Kiran Kumar)Kiran Kumar2004-03-021-0/+11
|
* add userspace part of SCTP matchHarald Welte2004-02-211-20/+91
|
* latest version of CONNMARK updates (Henrik Nordstrom)Henrik Nordstrom2004-02-032-0/+19
|
* Bloody copy-n-edit. Make sure to use matches in the order they are given...Martin Josefsson2004-02-021-2/+8
|
* Make sure to use matches in the order they are given when calling ↵Martin Josefsson2004-02-021-2/+8
| | | | do_command() multiple times.
* update ipt_physdev.h (test8 change, make parisc work, alignment issues)Harald Welte2003-11-021-2/+2
|
* CLASSIFY is now built unconditionally, thus we need the kernel headerHarald Welte2003-09-131-0/+8
|
* fix ipq_id_t on 'real' kernel+userspace 64bit archs (Ryan Veety)Ryan Veety2003-09-071-1/+1
|
* add include files for soon-to-be-submitted patches (and build them ↵Harald Welte2003-08-234-0/+56
| | | | unconditionally by putting thme in the extensions/Makefile)
* Fix the previous fixMartin Josefsson2003-05-051-0/+3
| | | | No more segfaults or compilewarnings.
* add (untested) sctp userspace support for even more untested kernel part (in ↵Harald Welte2003-05-031-0/+25
| | | | pom soon)
* fix memory leak(s) in libiptc. Reverts the previous (wrong) patch. (Martin ↵Martin Josefsson2003-05-021-0/+3
| | | | Josefsson)
* rename iplimit to connlimitHarald Welte2003-04-301-6/+6
|
* ipt_physdev update (--physdev-is-{in,out,bridged}) by Bart de SchuymerBart De Schuymer2003-04-271-2/+7
|
* port 'line number on error in iptables-restore' from ipv4Harald Welte2003-03-051-0/+2
|
* make iptables-restore print the line number in case of an errorIlles Marci2003-03-031-0/+2
| | | | (Illes Marci <marci@balabit.hu>)
* add libipt_physdev.c (Bart de Schumyer)Bart De Schuymer2003-02-111-0/+19
|
* add support for rpc matchHarald Welte2003-01-121-0/+35
|
* apply ipv6 hoplimit (hl match, HL target) patch (Maciej Soltysiak ↵Maciej Soltysiak2003-01-082-0/+44
| | | | <solt@dns.toxicfilms.tv>)
* make libipt_helper.so build always, since it's now submitted to 2.4.20Harald Welte2002-08-091-0/+8
|