[iptables] libxt_osf: import nfnl_osf program

Patrick McHardy netfilter-cvslog-bounces at lists.netfilter.org
Tue Apr 6 20:26:06 CEST 2010 

Gitweb:		http://git.netfilter.org/cgi-bin/gitweb.cgi?p=iptables.git;a=commit;h=db6d027bb9626129617ea3a3f2fe4b87ab307bf6
commit db6d027bb9626129617ea3a3f2fe4b87ab307bf6
Author:     Jan Engelhardt <jengelh at medozas.de>
AuthorDate: Sat Mar 27 12:48:55 2010 +0100
Commit:     Jan Engelhardt <jengelh at medozas.de>
CommitDate: Tue Apr 6 20:05:59 2010 +0200

    libxt_osf: import nfnl_osf program
    
    xt_osf is pretty useless without the actual fingerprint loader. Import
    nfnl_osf-2009-06-07 and make it a part of the iptables distribution.
    
    Cc: Evgeniy Polyakov <johnpol at 2ka.mxt.ru>
    Signed-off-by: Jan Engelhardt <jengelh at medozas.de>

commit 23e718b525f96b95510f50d20161c2bd92824ff1
Author:     Jan Engelhardt <jengelh at medozas.de>
AuthorDate: Sat Mar 27 12:38:45 2010 +0100
Commit:     Jan Engelhardt <jengelh at medozas.de>
CommitDate: Tue Apr 6 12:50:54 2010 +0200

    doc: add manpage for libxt_osf
    
    Signed-off-by: Jan Engelhardt <jengelh at medozas.de>

commit 204a253e63f8e0d270d51796a7db057135c3c609
Author:     Jan Engelhardt <jengelh at medozas.de>
AuthorDate: Wed Mar 17 20:20:02 2010 +0100
Commit:     Jan Engelhardt <jengelh at medozas.de>
CommitDate: Tue Apr 6 12:50:53 2010 +0200

    libxt_recent: add a missing space in output
    
    Signed-off-by: Jan Engelhardt <jengelh at medozas.de>

commit 937998088f9cf8518f8af57ff2d0b5500e247eb3
Author:     Jan Engelhardt <jengelh at medozas.de>
AuthorDate: Wed Mar 17 15:43:46 2010 +0100
Commit:     Jan Engelhardt <jengelh at medozas.de>
CommitDate: Tue Apr 6 12:50:44 2010 +0200

    doc: remove claim that TCPMSS is limited to mangle
    
    There was no real restriction, and in fact, the kernel module never
    had such a limitation in the last years.
    
    Signed-off-by: Jan Engelhardt <jengelh at medozas.de>

commit c9be7f153f7bf112640057a0cb6108b686041029
Author:     Jan Engelhardt <jengelh at medozas.de>
AuthorDate: Tue Mar 16 20:28:30 2010 +0100
Commit:     Jan Engelhardt <jengelh at medozas.de>
CommitDate: Tue Apr 6 12:50:36 2010 +0200

    doc: libxt_MARK: no longer restricted to mangle table
    
    MARK used to be limited to the mangle table, but there was no real
    restriction.
    
    References: http://marc.info/?l=netfilter-devel&m=126806510332668&w=2
    Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
       via  db6d027bb9626129617ea3a3f2fe4b87ab307bf6 (commit)
       via  23e718b525f96b95510f50d20161c2bd92824ff1 (commit)
       via  204a253e63f8e0d270d51796a7db057135c3c609 (commit)
       via  937998088f9cf8518f8af57ff2d0b5500e247eb3 (commit)
       via  c9be7f153f7bf112640057a0cb6108b686041029 (commit)
      from  21d1283750d9c4df7ca80165d2b9dc0b9bd214eb (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit db6d027bb9626129617ea3a3f2fe4b87ab307bf6
Author: Jan Engelhardt <jengelh at medozas.de>
Date:   Sat Mar 27 12:48:55 2010 +0100

    libxt_osf: import nfnl_osf program
    
    xt_osf is pretty useless without the actual fingerprint loader. Import
    nfnl_osf-2009-06-07 and make it a part of the iptables distribution.
    
    Cc: Evgeniy Polyakov <johnpol at 2ka.mxt.ru>
    Signed-off-by: Jan Engelhardt <jengelh at medozas.de>

commit 23e718b525f96b95510f50d20161c2bd92824ff1
Author: Jan Engelhardt <jengelh at medozas.de>
Date:   Sat Mar 27 12:38:45 2010 +0100

    doc: add manpage for libxt_osf
    
    Signed-off-by: Jan Engelhardt <jengelh at medozas.de>

commit 204a253e63f8e0d270d51796a7db057135c3c609
Author: Jan Engelhardt <jengelh at medozas.de>
Date:   Wed Mar 17 20:20:02 2010 +0100

    libxt_recent: add a missing space in output
    
    Signed-off-by: Jan Engelhardt <jengelh at medozas.de>

commit 937998088f9cf8518f8af57ff2d0b5500e247eb3
Author: Jan Engelhardt <jengelh at medozas.de>
Date:   Wed Mar 17 15:43:46 2010 +0100

    doc: remove claim that TCPMSS is limited to mangle
    
    There was no real restriction, and in fact, the kernel module never
    had such a limitation in the last years.
    
    Signed-off-by: Jan Engelhardt <jengelh at medozas.de>

commit c9be7f153f7bf112640057a0cb6108b686041029
Author: Jan Engelhardt <jengelh at medozas.de>
Date:   Tue Mar 16 20:28:30 2010 +0100

    doc: libxt_MARK: no longer restricted to mangle table
    
    MARK used to be limited to the mangle table, but there was no real
    restriction.
    
    References: http://marc.info/?l=netfilter-devel&m=126806510332668&w=2
    Signed-off-by: Jan Engelhardt <jengelh at medozas.de>

-----------------------------------------------------------------------

 Makefile.am                 |    3 +
 configure.ac                |    8 +-
 extensions/libxt_MARK.man   |    7 +-
 extensions/libxt_TCPMSS.man |    5 +-
 extensions/libxt_osf.c      |    4 +-
 extensions/libxt_osf.man    |   45 +++
 extensions/libxt_recent.c   |    2 +-
 utils/.gitignore            |    1 +
 utils/Makefile.am           |    6 +
 utils/nfnl_osf.c            |  485 ++++++++++++++++++++++++++++++
 utils/pf.os                 |  687 +++++++++++++++++++++++++++++++++++++++++++
 11 files changed, 1242 insertions(+), 11 deletions(-)
 create mode 100644 extensions/libxt_osf.man
 create mode 100644 utils/.gitignore
 create mode 100644 utils/Makefile.am
 create mode 100644 utils/nfnl_osf.c
 create mode 100644 utils/pf.os
MARK used to be limited to the mangle table, but there was no real
restriction.

References: http://marc.info/?l=netfilter-devel&m=126806510332668&w=2
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>

diff --git a/extensions/libxt_MARK.man b/extensions/libxt_MARK.man
index 98be812..aaeceb4 100644
--- a/extensions/libxt_MARK.man
+++ b/extensions/libxt_MARK.man
@@ -1,7 +1,8 @@
 This target is used to set the Netfilter mark value associated with the packet.
-The target can only be used in the \fBmangle\fR table. It can, for example, be
-used in conjunction with routing based on fwmark (needs iproute2). The mark
-field is 32 bits wide.
+It can, for example, be used in conjunction with routing based on fwmark (needs
+iproute2). If you plan on doing so, note that the mark needs to be set in the
+PREROUTING chain of the mangle table to affect routing.
+The mark field is 32 bits wide.
 .TP
 \fB\-\-set\-xmark\fP \fIvalue\fP[\fB/\fP\fImask\fP]
 Zeroes out the bits given by \fImask\fR and XORs \fIvalue\fR into the packet

More information about the netfilter-cvslog mailing list