[netfilter-cvslog] [IPtables] annotated tag, svn_t_iptables_1_3_0rc1, created. svn_t_iptables_1_3_0rc1
Patrick McHardy
netfilter-cvslog-bounces at lists.netfilter.org
Wed May 14 19:11:20 CEST 2008
Gitweb: http://git.netfilter.org/cgi-bin/gitweb.cgi?p=iptables.git;a=commit;h=16327c858eb42d216c0d9eb68d65d770a24c519b
Commit: 16327c858eb42d216c0d9eb68d65d770a24c519b
Parent: 0000000000000000000000000000000000000000
The annotated tag, svn_t_iptables_1_3_0rc1 has been created
at 16327c858eb42d216c0d9eb68d65d770a24c519b (tag)
tagging 6b155071c312cc4f82979f5f64bb581f2a026545 (commit)
replaces svn_t_iptables_1_2_9
tagged by Patrick McHardy
on Wed May 14 18:58:01 2008 +0200
- Log -----------------------------------------------------------------
Tag svn_t_iptables_1_3_0rc1
/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=gandalf/emailAddress=gandalf at netfilter.org (7):
Search backwards when inserting/deleting in/from the top half of the rules in a chain.
Implement some optimization for finding rules to replace in TC_REPLACE_ENTRY.
Fix setting lib_dir in ip*tables-{save,restore}
Replace memchr with strlen and fix up one of the statements.
Remove leftover debug printf
Make it compile on current kernels, the future isn't here yet.
typo
/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber at netfilter.org (3):
ROUTE --tee target extension (Patrick Schaaf)
Add --log-uid option (John Lange <john.lange at open-it.ca>)
Prevent user from using --helper multiple times (Nicolas Bouliane <nib at cookinglinux.org>)
/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kadlec/emailAddress=kadlec at netfilter.org (1):
ipset 2 related updates (JK)
/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge at netfilter.org (21):
hashlimit port of userspace plugin
add hashlimit kernel header file
move ipt_hashlimit to it's correct location
- add hashlimit to makefile
minor syntax fixes
Fix module-autoloading in certain cases (Fixse Debian Bug 219686)
sync with latest patch-o-matic-ng update (support direction and mode parameters)
fix some compiler warnings and errors
fix name of 'extra_opts' structure member (Nikolai Malykh)
John McCann points out via bugzilla that iptables happily accepts this
- Sets the 'iptc_fn' global variable to the pointer to the current functions in all major TC_* functions. This is necessary because in certain cases, an error return from a function that doesn't set 'iptc_fn' will conflict with a function-specific error return from one that does, causing TC_STRERROR() to return the wrong error string. This ensures that the right one will be returned.
Use C99 initializers
be more specific what INPUT means (Matthias Bruestle)
check for colons
make structure initializers use C99 standard (Harald Welte)
fix typo
add missing comma
fix compiler warning about discarding const
re-implement alphabetic sorting to not confuse users who upgrade to 1.3.0
release rc1
we now need to exclude .svn instead of CVS
/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=rusty/emailAddress=rusty at netfilter.org (12):
Remove GET_TARGET() define: this was for compiling iptables for debugging (ie. without -O) on old kernels where ipt_get_target() was defined "extern inline". These days it's "static inline", and only developers build without -O anyway.
Make "is_same" test basics and entries only: targets are generic.
Nicolas Bouliane: I was writing an nfsim .sim for the match tos, when I realized that when we enter --tos twice the second overwrite the first.
Implement IPTABLES_LIB_DIR and IP6TABLES_LIB_DIR environment variables, and set them in testsuite if we're running iptables within tree.
Don't need ipt_entry_target()/ip6t_entry_target() now kernel uses static inline instead of extern inline (otherwise it doesn't compile without -O).
Use string_to_number. Don't check for no optarg: we set has_arg to 1 in option array, so getopt does that for us.
Pablo Neira: extensions conversion to C99 structure initialization
Fix compile error introduced by C99 conversion.
Stupid typo that meant we didn't compare target data when doing delete-by-matching-rule (found by nfsim test).
Extension revision number support (if kernel supports the getsockopts).
Pablo Neira:
Testsuite found an issue: multiport accepts -p ! tcp.
gandalf (36):
Fix possibly not zero-terminated string after copy (Karsten Desler)
Fix another possibly not zero-terminated string after copy (Karsten Desler)
Fix even more possibly not zero-terminated strings after copy (Karsten Desler)
I guess nobody actually used --verbose
Minor codestyle fix
Another minor codestyle fix
Complain when COMMIT is missing for the last table in the input
Add --test (-t) in order to test the whole file without changing anything if something fails
Bloody copy-n-edit. Complain when COMMIT is missing...
Bloody copy-n-edit. Add --test (-t) in order to test...
Make sure to use matches in the order they are given when calling do_command() multiple times.
Bloody copy-n-edit. Make sure to use matches in the order they are given...
(Continuing the bloody-series) Bloody typos :)
(Continuing the bloody-series) Bloody missing resync (Did I mention how much I hate copy-n-edits?)
Add Patrick to manpage
Fix missing 6 (Bjorn Mattsson)
don't use signed things...
Get rid of some memoryleaks.
When compiled static, don't show help-messages for all matches and targets,
What is this doing here? Go away.
Better(?) detection for 64bit kernel / 32bit userspace.
Fix 64bit kernel / 32bit userspace issue.
Add versions of string_to_number() for use in 32bit userspace with 64bit kernel.
Fix 64bit kernel / 32bit userspace issue.
Get rid of some warnings when compiling 64bit.
With a 64bit kernel only the high 32bits of nfmark was used regardless of
Fix typo. (Phil Oester) Closes #239
Fix listing of module targets.
Fix rule counting
Insertion of rules with -I was broken.
Fix two more rulenumber off by 1 errors
Make TC_DELETE_ENTRY() and TC_DELETE_NUM_ENTRY() actually do something practical
Make sure to zero all the memory we allocate for the new table.
Fix returnvalue of TC_BUILTIN()
Spelling error.
Replace O(n) with O(1) when TC_INSERT_ENTRY() inserts an entry at the end.
kaber (20):
Fix missing newline in libipt_DSCP help-text (Maciej Soltysiak)
Add connrate match userspace part (Nuuti Kotivuori)
Add ipt_addrtype.h
Add addrtype match to list of unconditionally built extensions
Check that TTL is between 0 and 255 (Nicolas Bouliane)
Limit ttl-value to 0-255 (Maciej Soltysiak <solt at dns.toxicfilms.tv>)
Allocate enough memory for addr-list in host_to_addr()
Fix conntrack-match typo, fixes bugzilla #194 (Phil Oester)
Cleanup ttl-match option parsing, fixes bugzilla #183 (Phil Oester)
Fix number parsing (Piotr Gasidlo)
port physdev to ip6tables (Bart De Schuymer)
Print error when '!' is used with multiport. Based on patch by Phil Oester.
fix psd option parsing (Phil Oester)
Add comment match extension (Brad Fisher)
limit match does not support invert, warn about it. Closes bugzilla #95 (Phil Oester)
Fix half-working dstlimit invert check (Phil Oester)
Fix half-working ipv6 limit invert check (Phil Oester)
realm: fix inversion (Simon Lodal)
note owner match brokenness in helptext, closes bugzilla #244 (Phil Oester)
Mention owner brokenness in manpage
kadlec (9):
Userspace part of sets: ipset added (JK)
Fabrice's time match update + Tom Eastep's conntrack mach fix applied (JK)
Compiler warnings due to missing include files (Stephane Ouellette)
Fix for empty extra match/target man page list processing
Semicolon were missing in the added assigment lines
Bastiaan Bakker's patch to combine iptables, iptables-save and iptables-restore
Missing file from multi patch added
make DO_MULTI=1 documented in INSTALL file
Giving --dst-range twice to iprange did not ring the bell
laforge (52):
todo update (minor)
todo update (ipv6 ndisc/ldp)
new CLUSTERIP target, currently in development. kernel code will follow soon
add dstlimit extension (kernel code in patch-o-matic soon)
check if received netlink messages are really from the kernel (pid==0)
added name member for proc-file
support for srcip-* hashmodes added
add mac check
forgot to commit the last osf userspace update
allow embedding of quote character inside quoted string (Michael Rash)
Fix saving of non-printable characters in string (Michael Rash) (Closes: #168)
fix deleting of time rules (SooYoun Cho) (Closes: #169)
commit all current changes
oops, don't commit this to the stable tree
split manpages into per-extension manpage snippet (Henrik Nordstrom)
use <stddef.h> instead of <linux/stddef.h> (Henrik Nordstrom)
latest version of CONNMARK (Henrik Nordstrom)
latest version of CONNMARK updates (Henrik Nordstrom)
fix '--icmp-type any' case
fix mask '/0' case (David Ahern) (Closes: #147)
fix various errors in save() function
add save() of dstlimit-name
- work with new matchinfo struct
add childlevel match support
add userspace part of SCTP match
don't print/save parameters that were automatically chosen. Only show real values as specified by administrator.
add support for netlink reporting to ipt_osf (Evgeniy Polyakov)
update for matching chunk flags (Kiran Kumar)
add definition for IPPROTO_SCTP for systems with old header files
better wording for '-i' (Matthew Strait)
add userspace support for 'ipt_account' match (Piotr Gasid'o)
use /etc/protocols when printing protocol names (Pedro Lamarão)
fix case where somebody uses '-i +' as interface name (Ozgur AKAN)
fix typo
iptables-1.2.10 coming up
include netdb.h if we use getprotobynumber
cosmetic fix (space between include directive and filename)
fix 'make distrib'
pom-ng only deals with numerical versions
add missing include
fix dual-free bug with multiple-A dns records (keso at klister.net)
fix syntax of help message
In C, we declare variables at the top of function (Olivier Clerget)
update to ipt_account 0.1.16 (Piotr Gasid?o)
add missing spaces in 'save' printout (youza at post.cz) (Closes: #235)
complete libiptc rewrite. Time to load 10k rules goes down from 2.20 minutes to 1.255 seconds (!). Might still contain bugs, use with caution.
fix slightly changed semantics of iptc_is_builtin
slightly different semantics of iptc_builtin
add delete by matching-rule to libiptc2 (still untested)
fix segfault from memory allocation: handle->entries is actualy struct ipt_get_entries plus the size
Add comment about time not adhering DST (Phil Oester) (Closes: #75)
add paragraph about raw table
-----------------------------------------------------------------------
hooks/post-receive
--
IPtables
More information about the netfilter-cvslog
mailing list