[iptables] Merge branch 'master' of git://dev.medozas.de/iptables
Patrick McHardy
netfilter-cvslog-bounces at lists.netfilter.org
Tue Nov 24 16:13:07 CET 2009
Gitweb: http://git.netfilter.org/cgi-bin/gitweb.cgi?p=iptables.git;a=commit;h=b1f40e1d31b900f90fd5641a483788ed9cb91c64
commit b1f40e1d31b900f90fd5641a483788ed9cb91c64
Merge: f294f84... 1bd2f0a...
Author: Patrick McHardy <kaber at trash.net>
AuthorDate: Tue Nov 24 16:11:46 2009 +0100
Commit: Patrick McHardy <kaber at trash.net>
CommitDate: Tue Nov 24 16:11:46 2009 +0100
Merge branch 'master' of git://dev.medozas.de/iptables
commit 1bd2f0a20596e47c082c2415369a209ed1b329f6
Author: Jan Engelhardt <jengelh at medozas.de>
AuthorDate: Wed Nov 18 00:00:37 2009 +0100
Commit: Jan Engelhardt <jengelh at medozas.de>
CommitDate: Wed Nov 18 00:01:23 2009 +0100
doc: name resolution clarification
Sometimes there are users who wonder about when name resolutions/DNS
queries are done, so let's add that for completeness.
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 7573631fa9f6f15b28a13cc5d22f2a446f69fd64
Author: Jan Engelhardt <jengelh at medozas.de>
AuthorDate: Tue Nov 17 23:54:29 2009 +0100
Commit: Jan Engelhardt <jengelh at medozas.de>
CommitDate: Tue Nov 17 23:54:29 2009 +0100
doc: explain experienced --hitcount limit
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 75cb763b54a89bf9b9c61740c760abce89df06f3
Author: Jan Engelhardt <jengelh at medozas.de>
AuthorDate: Sun Nov 15 15:51:27 2009 +0100
Commit: Jan Engelhardt <jengelh at medozas.de>
CommitDate: Sun Nov 15 15:57:23 2009 +0100
iptables: take masks into consideration for replace command
The two commands:
-A OUPUT -d 10.11.12.13/32 -j LOG
-R OUTPUT 1 -j LOG -d 10.11.12.13
will replace 10.11.12.13/32 by 10.11.12.13/0, which is not right.
(No regression, this problem was there forever.)
Reported-by: Werner Pawlitschko <werner.pawlitschko at arcor.de>
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
via b1f40e1d31b900f90fd5641a483788ed9cb91c64 (commit)
via 1bd2f0a20596e47c082c2415369a209ed1b329f6 (commit)
via 7573631fa9f6f15b28a13cc5d22f2a446f69fd64 (commit)
via 75cb763b54a89bf9b9c61740c760abce89df06f3 (commit)
from f294f843473718f8d32745600b9a97c0b799e7c5 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit b1f40e1d31b900f90fd5641a483788ed9cb91c64
Merge: f294f843473718f8d32745600b9a97c0b799e7c5 1bd2f0a20596e47c082c2415369a209ed1b329f6
Author: Patrick McHardy <kaber at trash.net>
Date: Tue Nov 24 16:11:46 2009 +0100
Merge branch 'master' of git://dev.medozas.de/iptables
commit 1bd2f0a20596e47c082c2415369a209ed1b329f6
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Wed Nov 18 00:00:37 2009 +0100
doc: name resolution clarification
Sometimes there are users who wonder about when name resolutions/DNS
queries are done, so let's add that for completeness.
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 7573631fa9f6f15b28a13cc5d22f2a446f69fd64
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Tue Nov 17 23:54:29 2009 +0100
doc: explain experienced --hitcount limit
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 75cb763b54a89bf9b9c61740c760abce89df06f3
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Sun Nov 15 15:51:27 2009 +0100
iptables: take masks into consideration for replace command
The two commands:
-A OUPUT -d 10.11.12.13/32 -j LOG
-R OUTPUT 1 -j LOG -d 10.11.12.13
will replace 10.11.12.13/32 by 10.11.12.13/0, which is not right.
(No regression, this problem was there forever.)
Reported-by: Werner Pawlitschko <werner.pawlitschko at arcor.de>
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
-----------------------------------------------------------------------
extensions/libxt_recent.man | 4 +++-
ip6tables.8.in | 10 ++++++----
ip6tables.c | 10 ++++++----
iptables.8.in | 8 +++++---
iptables.c | 10 ++++++----
5 files changed, 26 insertions(+), 16 deletions(-)
The two commands:
-A OUPUT -d 10.11.12.13/32 -j LOG
-R OUTPUT 1 -j LOG -d 10.11.12.13
will replace 10.11.12.13/32 by 10.11.12.13/0, which is not right.
(No regression, this problem was there forever.)
Reported-by: Werner Pawlitschko <werner.pawlitschko at arcor.de>
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
diff --git a/ip6tables.c b/ip6tables.c
index f6daa51..e2359df 100644
--- a/ip6tables.c
+++ b/ip6tables.c
@@ -758,13 +758,15 @@ static int
replace_entry(const ip6t_chainlabel chain,
struct ip6t_entry *fw,
unsigned int rulenum,
- const struct in6_addr *saddr,
- const struct in6_addr *daddr,
+ const struct in6_addr *saddr, const struct in6_addr *smask,
+ const struct in6_addr *daddr, const struct in6_addr *dmask,
int verbose,
struct ip6tc_handle *handle)
{
fw->ipv6.src = *saddr;
fw->ipv6.dst = *daddr;
+ fw->ipv6.smsk = *smask;
+ fw->ipv6.dmsk = *dmask;
if (verbose)
print_firewall_line(fw, handle);
@@ -1947,8 +1949,8 @@ int do_command6(int argc, char *argv[], char **table, struct ip6tc_handle **hand
break;
case CMD_REPLACE:
ret = replace_entry(chain, e, rulenum - 1,
- saddrs, daddrs, options&OPT_VERBOSE,
- *handle);
+ saddrs, smasks, daddrs, dmasks,
+ options&OPT_VERBOSE, *handle);
break;
case CMD_INSERT:
ret = insert_entry(chain, e, rulenum - 1,
diff --git a/iptables.c b/iptables.c
index a69aab3..08eb134 100644
--- a/iptables.c
+++ b/iptables.c
@@ -760,13 +760,15 @@ static int
replace_entry(const ipt_chainlabel chain,
struct ipt_entry *fw,
unsigned int rulenum,
- const struct in_addr *saddr,
- const struct in_addr *daddr,
+ const struct in_addr *saddr, const struct in_addr *smask,
+ const struct in_addr *daddr, const struct in_addr *dmask,
int verbose,
struct iptc_handle *handle)
{
fw->ip.src.s_addr = saddr->s_addr;
fw->ip.dst.s_addr = daddr->s_addr;
+ fw->ip.smsk.s_addr = smask->s_addr;
+ fw->ip.dmsk.s_addr = dmask->s_addr;
if (verbose)
print_firewall_line(fw, handle);
@@ -1988,8 +1990,8 @@ int do_command(int argc, char *argv[], char **table, struct iptc_handle **handle
break;
case CMD_REPLACE:
ret = replace_entry(chain, e, rulenum - 1,
- saddrs, daddrs, options&OPT_VERBOSE,
- *handle);
+ saddrs, smasks, daddrs, dmasks,
+ options&OPT_VERBOSE, *handle);
break;
case CMD_INSERT:
ret = insert_entry(chain, e, rulenum - 1,
More information about the netfilter-cvslog
mailing list