[netfilter-cvslog] [IPtables] annotated tag, svn_t_iptables_1_3_0rc1, created. svn_t_iptables_1_3_0rc1

Patrick McHardy netfilter-cvslog-bounces at lists.netfilter.org
Wed May 14 19:11:20 CEST 2008 

Gitweb:		http://git.netfilter.org/cgi-bin/gitweb.cgi?p=iptables.git;a=commit;h=16327c858eb42d216c0d9eb68d65d770a24c519b
Commit:		16327c858eb42d216c0d9eb68d65d770a24c519b
Parent:		0000000000000000000000000000000000000000

The annotated tag, svn_t_iptables_1_3_0rc1 has been created
        at  16327c858eb42d216c0d9eb68d65d770a24c519b (tag)
   tagging  6b155071c312cc4f82979f5f64bb581f2a026545 (commit)
  replaces  svn_t_iptables_1_2_9
 tagged by  Patrick McHardy
        on  Wed May 14 18:58:01 2008 +0200

- Log -----------------------------------------------------------------
Tag svn_t_iptables_1_3_0rc1

/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=gandalf/emailAddress=gandalf at netfilter.org (7):
      Search backwards when inserting/deleting in/from the top half of the rules in a chain.
      Implement some optimization for finding rules to replace in TC_REPLACE_ENTRY.
      Fix setting lib_dir in ip*tables-{save,restore}
      Replace memchr with strlen and fix up one of the statements.
      Remove leftover debug printf
      Make it compile on current kernels, the future isn't here yet.
      typo

/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber at netfilter.org (3):
      ROUTE --tee target extension (Patrick Schaaf)
      Add --log-uid option (John Lange <john.lange at open-it.ca>)
      Prevent user from using --helper multiple times (Nicolas Bouliane <nib at cookinglinux.org>)

/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kadlec/emailAddress=kadlec at netfilter.org (1):
      ipset 2 related updates (JK)

/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge at netfilter.org (21):
      hashlimit port of userspace plugin
      add hashlimit kernel header file
      move ipt_hashlimit to it's correct location
      - add hashlimit to makefile
      minor syntax fixes
      Fix module-autoloading in certain cases (Fixse Debian Bug 219686)
      sync with latest patch-o-matic-ng update (support direction and mode parameters)
      fix some compiler warnings and errors
      fix name of 'extra_opts' structure member (Nikolai Malykh)
      John McCann points out via bugzilla that iptables happily accepts this
      - Sets the 'iptc_fn' global variable to the pointer to the current functions in all major TC_* functions. This is necessary because in certain cases, an error return from a function that doesn't set 'iptc_fn' will conflict with a function-specific error return from one that does, causing TC_STRERROR() to return the wrong error string. This ensures that the right one will be returned.
      Use C99 initializers
      be more specific what INPUT means (Matthias Bruestle)
      check for colons
      make structure initializers use C99 standard (Harald Welte)
      fix typo
      add missing comma
      fix compiler warning about discarding const
      re-implement alphabetic sorting to not confuse users who upgrade to 1.3.0
      release rc1
      we now need to exclude .svn instead of CVS

/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=rusty/emailAddress=rusty at netfilter.org (12):
      Remove GET_TARGET() define: this was for compiling iptables for debugging (ie. without -O) on old kernels where ipt_get_target() was defined "extern inline".  These days it's "static inline", and only developers build without -O anyway.
      Make "is_same" test basics and entries only: targets are generic.
      Nicolas Bouliane: I was writing an nfsim .sim for the match tos, when I realized that when we enter --tos twice the second overwrite the first.
      Implement IPTABLES_LIB_DIR and IP6TABLES_LIB_DIR environment variables, and set them in testsuite if we're running iptables within tree.
      Don't need ipt_entry_target()/ip6t_entry_target() now kernel uses static inline instead of extern inline (otherwise it doesn't compile without -O).
      Use string_to_number.  Don't check for no optarg: we set has_arg to 1 in option array, so getopt does that for us.
      Pablo Neira: extensions conversion to C99 structure initialization
      Fix compile error introduced by C99 conversion.
      Stupid typo that meant we didn't compare target data when doing delete-by-matching-rule (found by nfsim test).
      Extension revision number support (if kernel supports the getsockopts).
      Pablo Neira:
      Testsuite found an issue: multiport accepts -p ! tcp.

gandalf (36):
      Fix possibly not zero-terminated string after copy (Karsten Desler)
      Fix another possibly not zero-terminated string after copy (Karsten Desler)
      Fix even more possibly not zero-terminated strings after copy (Karsten Desler)
      I guess nobody actually used --verbose
      Minor codestyle fix
      Another minor codestyle fix
      Complain when COMMIT is missing for the last table in the input
      Add --test (-t) in order to test the whole file without changing anything if something fails
      Bloody copy-n-edit. Complain when COMMIT is missing...
      Bloody copy-n-edit. Add --test (-t) in order to test...
      Make sure to use matches in the order they are given when calling do_command() multiple times.
      Bloody copy-n-edit. Make sure to use matches in the order they are given...
      (Continuing the bloody-series) Bloody typos :)
      (Continuing the bloody-series) Bloody missing resync (Did I mention how much I hate copy-n-edits?)
      Add Patrick to manpage
      Fix missing 6 (Bjorn Mattsson)
      don't use signed things...
      Get rid of some memoryleaks.
      When compiled static, don't show help-messages for all matches and targets,
      What is this doing here? Go away.
      Better(?) detection for 64bit kernel / 32bit userspace.
      Fix 64bit kernel / 32bit userspace issue.
      Add versions of string_to_number() for use in 32bit userspace with 64bit kernel.
      Fix 64bit kernel / 32bit userspace issue.
      Get rid of some warnings when compiling 64bit.
      With a 64bit kernel only the high 32bits of nfmark was used regardless of
      Fix typo. (Phil Oester) Closes #239
      Fix listing of module targets.
      Fix rule counting
      Insertion of rules with -I was broken.
      Fix two more rulenumber off by 1 errors
      Make TC_DELETE_ENTRY() and TC_DELETE_NUM_ENTRY() actually do something practical
      Make sure to zero all the memory we allocate for the new table.
      Fix returnvalue of TC_BUILTIN()
      Spelling error.
      Replace O(n) with O(1) when TC_INSERT_ENTRY() inserts an entry at the end.

kaber (20):
      Fix missing newline in libipt_DSCP help-text (Maciej Soltysiak)
      Add connrate match userspace part (Nuuti Kotivuori)
      Add ipt_addrtype.h
      Add addrtype match to list of unconditionally built extensions
      Check that TTL is between 0 and 255 (Nicolas Bouliane)
      Limit ttl-value to 0-255 (Maciej Soltysiak <solt at dns.toxicfilms.tv>)
      Allocate enough memory for addr-list in host_to_addr()
      Fix conntrack-match typo, fixes bugzilla #194 (Phil Oester)
      Cleanup ttl-match option parsing, fixes bugzilla #183 (Phil Oester)
      Fix number parsing (Piotr Gasidlo)
      port physdev to ip6tables (Bart De Schuymer)
      Print error when '!' is used with multiport. Based on patch by Phil Oester.
      fix psd option parsing (Phil Oester)
      Add comment match extension (Brad Fisher)
      limit match does not support invert, warn about it. Closes bugzilla #95 (Phil Oester)
      Fix half-working dstlimit invert check (Phil Oester)
      Fix half-working ipv6 limit invert check (Phil Oester)
      realm: fix inversion (Simon Lodal)
      note owner match brokenness in helptext, closes bugzilla #244 (Phil Oester)
      Mention owner brokenness in manpage

kadlec (9):
      Userspace part of sets: ipset added (JK)
      Fabrice's time match update + Tom Eastep's conntrack mach fix applied (JK)
      Compiler warnings due to missing include files (Stephane Ouellette)
      Fix for empty extra match/target man page list processing
      Semicolon were missing in the added assigment lines
      Bastiaan Bakker's patch to combine iptables, iptables-save and iptables-restore
      Missing file from multi patch added
      make DO_MULTI=1 documented in INSTALL file
      Giving --dst-range twice to iprange did not ring the bell

laforge (52):
      todo update (minor)
      todo update (ipv6 ndisc/ldp)
      new CLUSTERIP target, currently in development. kernel code will follow soon
      add dstlimit extension (kernel code in patch-o-matic soon)
      check if received netlink messages are really from the kernel (pid==0)
      added name member for proc-file
      support for srcip-* hashmodes added
      add mac check
      forgot to commit the last osf userspace update
      allow embedding of quote character inside quoted string (Michael Rash)
      Fix saving of non-printable characters in string (Michael Rash) (Closes: #168)
      fix deleting of time rules (SooYoun Cho) (Closes: #169)
      commit all current changes
      oops, don't commit this to the stable tree
      split manpages into per-extension manpage snippet (Henrik Nordstrom)
      use <stddef.h> instead of <linux/stddef.h> (Henrik Nordstrom)
      latest version of CONNMARK (Henrik Nordstrom)
      latest version of CONNMARK updates (Henrik Nordstrom)
      fix '--icmp-type any' case
      fix mask '/0' case (David Ahern) (Closes: #147)
      fix various errors in save() function
      add save() of dstlimit-name
      - work with new matchinfo struct
      add childlevel match support
      add userspace part of SCTP match
      don't print/save parameters that were automatically chosen.  Only show real values as specified by administrator.
      add support for netlink reporting to ipt_osf (Evgeniy Polyakov)
      update for matching chunk flags (Kiran Kumar)
      add definition for IPPROTO_SCTP for systems with old header files
      better wording for '-i' (Matthew Strait)
      add userspace support for 'ipt_account' match (Piotr Gasid'o)
      use /etc/protocols when printing protocol names (Pedro Lamarão)
      fix case where somebody uses '-i +' as interface name (Ozgur AKAN)
      fix typo
      iptables-1.2.10 coming up
      include netdb.h if we use getprotobynumber
      cosmetic fix (space between include directive and filename)
      fix 'make distrib'
      pom-ng only deals with numerical versions
      add missing include
      fix dual-free bug with multiple-A dns records (keso at klister.net)
      fix syntax of help message
      In C, we declare variables at the top of function (Olivier Clerget)
      update to ipt_account 0.1.16 (Piotr Gasid?o)
      add missing spaces in 'save' printout (youza at post.cz) (Closes: #235)
      complete libiptc rewrite.  Time to load 10k rules goes down from 2.20 minutes to 1.255 seconds (!).  Might still contain bugs, use with caution.
      fix slightly changed semantics of iptc_is_builtin
      slightly different semantics of iptc_builtin
      add delete by matching-rule to libiptc2 (still untested)
      fix segfault from memory allocation: handle->entries is actualy struct ipt_get_entries plus the size
      Add comment about time not adhering DST (Phil Oester) (Closes: #75)
      add paragraph about raw table

-----------------------------------------------------------------------


hooks/post-receive
--
IPtables

More information about the netfilter-cvslog mailing list