iptables branch, iptables-next, updated. v1.4.11.1
Patrick McHardy
netfilter-cvslog-bounces at lists.netfilter.org
Wed Jun 8 21:02:36 CEST 2011
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "iptables".
The branch, iptables-next has been updated
via c960bde4a82792c285110589cf8b2cf1438e1b8f (commit)
via 0727c2cea3ccd2b5bad4d6467125132cc700ad39 (commit)
via 38ffc9dc5bb9f2b1d01bf0b0e28b7323b135f1ea (commit)
via 780607f8b040a47cd2d4775376e2d30f567dc049 (commit)
via 6a74dc80fcdf48e2b149e92aee08f3445055ea3b (commit)
via 033e25a3ad215ee3f5a07f0a3315f74c4abfaced (commit)
via 5c8f5b60aa8e24da0bd25824f0f85bf7a4a39ea7 (commit)
via 4598ed7d3e22d74ffaad7948ddc3455ac9aa7576 (commit)
via a1cd1f2a4a35427c68cd0d1bd2761d5be42b12b1 (commit)
via 6918795519ddbf4d0efa9aa5b1b51cdafb99c55a (commit)
via 5085c3a037fa9327377dec7540d9c3ef2d53a58e (commit)
via 8e336251e155888f0ac2c79259f8792fc31920a1 (commit)
via a6793dbb87751a6a201c76ad75efb5d6b7f1e484 (commit)
via 0e6d4dcaccdc86079d7252f6569a9fc6656a63c4 (commit)
via de791ff2d7ac85fa0a707bbd6d98457bb18c5cbb (commit)
via 71e402bbb3db7b54571f0e44354fd37706ff90aa (commit)
via 7d91a2accc92d13bb32bf881831e9c9a8b4d7734 (commit)
via 874b76221f74a00520a712ef89b5254a1ed896f8 (commit)
via 172e9b15271c276aa1485b4a2fb63928a65b13ae (commit)
via 790845385fb84ce8e79a96e91fc6c4f7df60713d (commit)
via db50b83bc3cd634beb71f38978ad7d035c88ff11 (commit)
via 1201871343223d9781253283a64686be4e63ad52 (commit)
via b1319cc083de658c0007da93f25d19874f75d55f (commit)
via d8784613a5be2821ff910cd4c2bfe889a9b306c5 (commit)
via 089585f14fda80508e26ea019703add07cb72f64 (commit)
via 6944f2c8190f1c4319aeac748470c71b0ba45025 (commit)
via 1b6c7632e5e35ecce91f87a4ae36eca3103cfee2 (commit)
via 57e2e37ebe5319cf84381bdb319ea94143b1bf97 (commit)
via 0b7a140944738d67b9c4e6f09992c8407eefb18a (commit)
via 5e35b7d435c5bc1b3641f76a6601a55d32d63ac8 (commit)
via 319046c3f96f810f81a5a2e6189ba87527e882f1 (commit)
via 5a66f40d2f64e8792e1360906d3d6a1c829ba2b7 (commit)
via c52f7aa866ee3cdc0e0dc67f3eae629055a126dc (commit)
via 9039600d2a50970274b5a13f6f616e38cc9c3e6d (commit)
via 4f0d5a7fd4cb1452493921446603c837316e0179 (commit)
via 17f7937f79af4d260c60cb800e56fc0df0a48b37 (commit)
via 10345ca36786592aa176036f11dd186b24ba1c76 (commit)
via 25ea60de20fb5f7981a0170eb05c0c9a61525763 (commit)
via 88cfbe258b0d30ef26fae8da5484b08e65292a09 (commit)
via 463628b03eec6e7456ca5121f9b81af7f4690e08 (commit)
via d61b02fbbbe7f6e643aad8649c8559c175c68c52 (commit)
via 2305d5fb42fc059f38fc1bdf53411dbeecdb310b (commit)
via 67db7615580f5c3490a39310f5adcb4e767ea6a8 (commit)
via ae06c6dc6d68d11ed15d4c6c47b7b7a709d3c9cb (commit)
via c02c92d1fcaa1223caf9a5eef32bedcb78f1e714 (commit)
via 65c0621d48e818d75f8c2810e93eb405a6d31406 (commit)
via 9bfedca6347c2e079e569954197777813f4ef2fb (commit)
via fe9922cb4f1fb75072970dd09605fdc056b96195 (commit)
via 10dbcd0bfb5a62a71a706d11134f83b0539f4dd3 (commit)
via f25b2355e889290879c8cecad3dd24ec0c384fb8 (commit)
via e82d031af24c8155357c6f2d2b2e236bd6cf67e4 (commit)
via 85f423addb46736e414f70b59c9f885e99aeb488 (commit)
via cdc8e0b252c14a17b47e1c89a2fa4dbac2002473 (commit)
via ab847dfe38529d2aa67cc8178a54d5b45af11cfa (commit)
via 15392934cf81ef85e2a1c21380c61a7a42e260d5 (commit)
via 449cdd6bcc8d1867bbd26ecbcae9832ab01eb04a (commit)
via dcd1ad89105faf1f3a9a3febdb970b70c5466518 (commit)
via 59ce5bd1d05225911051a4c46ce5ccdd7c1ed078 (commit)
via 8075493a00e06857147263574333df4073ea671b (commit)
via 77b6230adfe51836ad5b31b41638b43e9b0062e2 (commit)
via c29f7ef7cb5a31620060ef721d3c65b343eb537a (commit)
via 8d14aeb8c4c3dc8ce9264b04b97f2e8634c1f381 (commit)
via c0bba1a8033ce15d1eec80da94c8f249a967568e (commit)
via bf07750fd4fc5f5e603e59e72d62696d2389e9b3 (commit)
via 9f4a637ee5856e8f260e3f3867782ed5584e00f9 (commit)
via f875e84427de17b34ecb69a56d87161571ffab76 (commit)
via ce4b79577fa9c1ed68c36797890d39ca5ba9a8bf (commit)
via 4eb3d6da8f677f978126bb00928f64da15c3d623 (commit)
via 7e79d139c1ea6e1b72bbedc53c0426c9d5ffa0e0 (commit)
via cb225e26856accf5661dcbc3cf34d7f77b2f0c36 (commit)
via 1f8e52ed2ac513476dc93fedde915079c4387728 (commit)
via 7752e649cec9d23b867d166ace38d213f0584077 (commit)
via 73425492d4c57d34a616d948666ac75ecc612eed (commit)
via 58e9118dc61c9ff656c0140c429f0fa892c36ac5 (commit)
via 7c816547270050ccc29fb07c9e62c230e015c8e3 (commit)
via edc2b1adf32d2b11e126174f525293b3bca6e7bc (commit)
via 372203af4c70fb20bc7ff3a49788b9bbf57d2eb1 (commit)
via 170cf49a630fd0d237818b537c01794dde00b07a (commit)
via 0f77e2e40a498688f3d8f8a65bf74ce13db893b2 (commit)
via ef7d2e845f72fd3a01c9d89e73c90de5dcca73a7 (commit)
via 87a34d7aef2cba833f4f36536575dee304bbece5 (commit)
via 94cd683a969e024ec870df258fafd790b8a1abf1 (commit)
via 21d243c3152f0798683aacbf95acfc8c1378924e (commit)
via d441ad6a68c5d65344449962f4648d297d453b6c (commit)
via 66266abd17adc9631f3769ef0b82968c0bac6f38 (commit)
via fe02f76e013941a7f65f57f297d3177bcfeb0623 (commit)
via fa9b759bacc0ad6a093892ef508811e7feb981b0 (commit)
via 269cbfd30aac18c1fd251be83430dabc60abee0c (commit)
via d7282413763b0ba85d512c1cd49174b762ff449c (commit)
via 51a746e6b1d66ca546fd2f8a1f7809868174e637 (commit)
via 27adf1ec123b949f1c7b48fbdef67d1d4ed18901 (commit)
via e8b42fee7eaa1ba6df203fe0bc4496cae226cbd2 (commit)
via 6cfb28bb9032dcf2749ff80f88ad37b9fe5e7c2a (commit)
via a0b2facfa1fe70d9a9e628b09bc4895de0bfd672 (commit)
via 3c7f501545828965908cc28fc40f7da2be747561 (commit)
via f012b3c9190cd95ac170072f759a97575613ea07 (commit)
via 39d3aa36ea38668a2c343b5af42b2d8d3616a9de (commit)
via d118d21ea3108f94ca1f84f11dd39f3f12e9ee2b (commit)
via dd6e4b90b5b2dbc2bbaac5008e26949a18478197 (commit)
via e1639b0bc28420ca01d733749c8db16d5a3fbd0c (commit)
via 752a30dfe4429ec2623a3c1181e1499b87158c5c (commit)
via 104fb318d22231c9edf9d61ef84cc84386e52d6b (commit)
via 373e8513c4b9b0491e46ae89397ead03d093ee76 (commit)
via 0787a82873fe9db5dea478942b183e6ff2a8500d (commit)
via 06312dab6c530a214a4e7bad1b2329381430bddc (commit)
via 753bbed383cde1c18e05b5b726b6c28afbde3a3c (commit)
via 2e73af96178f0ed7ebbd99478f1bc05ec5c86dc7 (commit)
via f30231a02e145020fb47524f9a0daeb498a4f7d0 (commit)
via ee1fbbe536c6dd3a252886815314cf910d672ca6 (commit)
via d8f591993eb610b41f3170a94a879edd24ad348a (commit)
via 61cc52b6f9edfa3efb1d0c9ea9531abb42828ec2 (commit)
via 26ed9ea93564bb5ffdb5238eaa202cd9bcf6d6d1 (commit)
via 9a9694fbf1796a6a5011b60b2a15c01fa3c61368 (commit)
via 57664121bce6d3ae05a186c7627c919fb0799649 (commit)
via b32b361a725c8fe3a3aa494e6cdec09a80785aac (commit)
via 57a92c7b7ed01ad8f49c680af63341409c3afb1a (commit)
via e39f367d905670e39e6f08d2b73c715a6d0b4bfb (commit)
via 44517bda3d8130638882f69478a8091316f30cbb (commit)
via d44c31ac8e52f34e058f44aba14f679abcc7edf9 (commit)
via 3a32dcbb5512bfc1fd385c26fb906ce8562200da (commit)
via 1f2474ae5276e49005c8e234dec091b007e3fce2 (commit)
via 64cb56e3e894f6b8b523ecb45f91abe43b07cf0c (commit)
via b8592fa3352018646b0befaa48f930f75c5b7d92 (commit)
via 2b01f706e7ba48d72e57f8e47457a86d9ed44992 (commit)
via 0dd344a9bedc24feb6ad99d4620bdc7da171c72d (commit)
via 41a4cea0f4109fb76762dca073c3c1217658ee06 (commit)
via c618a0b1d3696c30f7791a427da9ba60186dfe05 (commit)
via 33d180871bea281a448efd0c1a49517318162382 (commit)
via ea2a02f7e961011b2e226c25a5e8ff49e1f84278 (commit)
via 478be25c3b64e0f2ddbd2aa97ebe78df7ca00c0a (commit)
via a05562e1e2fb2e18f34d29ec57c4217a3014d1f2 (commit)
via 0eff54bd407aae6b99c3b189d356929e399b5a38 (commit)
via 09631dc60ce41bc484a42fcf4d4ddf7036820bd1 (commit)
via bc438c4cbdab09fafbbceecddd54e44e4234a4a1 (commit)
via 8bf513ada0aae0e4b1ac5160113fc532c2f525d0 (commit)
via ba77b9b142b55c856b0a2950eddece7ad7e6bfbc (commit)
via c15f9e3f6d8552cddfc858b115d996c7cf5b47e9 (commit)
via 564eaf48e14411803a353206eefbb89d525c63ff (commit)
via f04d48879fea70451148d7867d5a388efe63b48f (commit)
via 5d8e61ef4636383ca47cd748cd7457a238de37a6 (commit)
via 2e0ec4fa0fb5162c441cd666f55fe76777e40d5e (commit)
via 1e6c1ee1bf2822d5fdf61725148700a410fb8b86 (commit)
via 8b5bdea659f1fb86b3288a2568ab104a90b914e5 (commit)
via 7299fa4b615d7f7ee12cde444266f6b31f667f9f (commit)
via 60756e7f8be9242b606f1b5fbcb38f45e4de29c5 (commit)
via d25e217578492d17f7752bf77cfab5f2c2509795 (commit)
via 316ae9d2f1996caea4cf221201accb8c2087a154 (commit)
via cd50f26ad6016ae57af1f822f8aa3ceb2ef9727a (commit)
via 884d2675f1a880ffcc072da69ab8c9aaea2a3bce (commit)
via aeb8af909befedbfc85e9f184471b219e4ea191a (commit)
via c0431520a5f91e754cec8d827d8f978da4241717 (commit)
via 4f7f187ffe1773487071b413491f062d141309dd (commit)
via d64d54777b4a9405a8229a533e44a2e80f000a9f (commit)
via 72ef3d3063ce7a12ee199f9539e958b4f4ca561d (commit)
via de31da35a8042db0ea1b106b77d03a5920e7198b (commit)
via 2291d887cea2412af380f1ae995ddfee0362386b (commit)
via 76e18aeaa67940544a3d5b740a37dce4f169a108 (commit)
via cc2511ee64df98e45d0b42a93a9b789b9726d4b9 (commit)
via 693420f27bea05ef22a218cd599e42af5b014453 (commit)
via 03fe3d289ded9b1b8640e4be1398b0cf1f7e4fa0 (commit)
via 942f140a57745f5e12d6a8cd2a4ca3f51ef4403a (commit)
via 72c359784a03b1ea46a9964e5c1f8636a52507dd (commit)
via 35459f05f5addd1b92c32a241863995aa619495b (commit)
via ba3b73f0d3aae8188ff0b75d0839c841352f7760 (commit)
via 94c5d622b2c88d78a153b9e2986467c84417020d (commit)
via e36463232e2f1fe9363700b2740c2a82dbf1821d (commit)
via b26d08b56eb81779589eb43fb0f636ac9eb51cb2 (commit)
via 1b8db4f4ca250f13a0e7edddb31cfc1f82d42806 (commit)
via 7a969bb06cef93b6b0dadbb784c30d33856445d1 (commit)
via 082e9e11ed345572e2bf4790a5f8ba5245164fc6 (commit)
via b313d8f3f78c62cce930728bc9163ecf942c22e8 (commit)
via 4a0a17620017c1f45946b2cde7139ef18ea3d93c (commit)
via a3876fa13ffe792e209cc1a8ac1214946c898eea (commit)
via 7c51e38d7586e2f6207c78743cc955e8778a925d (commit)
via 4d6ede0b324e5e9dcbb1d7cc2a7aebed9e56821a (commit)
via 04bb988275ac76815a15788a7fc75ac78f3bb833 (commit)
via dba0839a103fe0384b41a8f08a3b3a5f9eba732b (commit)
via fa728c88fd0bfdc3f2bdb79beed91cd9e1fca5e5 (commit)
via dfe99f1bf291b4b954d3608dbe95a43e16a8bb49 (commit)
via b18ffe3636b07cd817628de81643136e4755a944 (commit)
via d78254d7f9d18ef76377a3013302430cce8ea702 (commit)
via 93112921153c43dc0521be499f6a792d2aaae5e9 (commit)
via a93142d5f55db74ebd7d49be9bd88f7a499ded40 (commit)
via 97265fb806dffc6fd87ee5e0f0963dfbe7a094f6 (commit)
via 3af739b0e7c3b6dcc986645c57c982d0add5006b (commit)
via 9c5c10554c61f0b22cbc65b27b765fa8172040f7 (commit)
via f92bca9da4ee68f05dbb827a8444804a8edb1b87 (commit)
via aa37acc1423126f555135935c687eb91995b9440 (commit)
via 458d84de2412b43604a8efe2b82a2084a2859a46 (commit)
via 6a86854bf91227a70392fc2665ed4f99af0229e3 (commit)
via 37911de507d0597980ad218a044a482501a21b01 (commit)
via 742e9a43c314b45a76acdac8f53d36f1337154bf (commit)
via c1e04bd1b057151afaf7e6138089f2fe2c1b7d1c (commit)
via 9680f2ecbdb7e5c61ab60e7399e9ca9f1013fd8d (commit)
via bb9fe8059f40f0dde9c780498f5af42f5aa6a179 (commit)
via 85aae15567b8ae1eaedf9f011ba7aef80dfca208 (commit)
via e5c061afabf018634a507f00df5b1d0c4bd53a37 (commit)
via 74ace0a46048d01611a44c24f6fe5f59d936231b (commit)
via cc38d058d14e84d3008a0c0035348e0ad5f0d5d2 (commit)
via 241e73594f6d75e32a7e89ebdb6b7f7917a48df0 (commit)
via e70844a98d125679cfe0c62e48d0f19bf175280d (commit)
via a85112dc330188035a8d7a58cab499d7672e4d87 (commit)
via 49d8c5d564cad70c5c1bef2d5571e8e494454210 (commit)
via 5e8f947becc00a79e78b2a6cf0e25fd674c57ec4 (commit)
via 2c6ac071a9c660b61a76565d1024d372deac8a98 (commit)
via cf3e52d00b7d3fedf98ef7710c337c441270d936 (commit)
via a239728ec064666025de2723997d87b176d57fd6 (commit)
via 8d6492d582c7284217c042d5638cf50174e5fbfd (commit)
via df37d99b0cba63443d4224187f2d5a0c299ad7ad (commit)
via c7948744bf591e0c46b6d19ccfa408cc59e11ef1 (commit)
via d59b9db031abee37a9aa9776662dd15370faabf4 (commit)
via 9cc4f24e72f87ca191c2e723e7cd293f6477481c (commit)
via f96cb8094ceffb9ffe8e94b4ee6800aa581dd021 (commit)
via ee52e00adfb10250e1828b94e43d9482bb201827 (commit)
via 2ad8dc895ec28a173c629c695c2e11c41b625b6e (commit)
via adcb28101d53c2a7f372de256b1af50804fee899 (commit)
via 11e250ba02349cb1e34058673db3d0b54eb56c44 (commit)
via 64230aa45c5ad8505d81812d19bd2ee9a37e3467 (commit)
via 4b110b426df7bf486a3e7884c56ebb3487023601 (commit)
via 2d039bcf8421c992fb74849facc2d7205960f68e (commit)
via 8a5270b14908b3173de080a958e50e21e2f046de (commit)
via 37f6d57c4e030a459ccafafd8a574e327315e148 (commit)
via 887f58666af9ccde7051169aa9d6160d7e09ec46 (commit)
via 094f104af71ca859c7c44406baed401659ad9421 (commit)
via 4e5d4bff933d77158d9d32b4f87c5842decf670e (commit)
via b9210cfd9da3d57610be4e86ef45c48dd1b65edf (commit)
via 7a1043bcb6ac6315c991cf02c9a12568398fc837 (commit)
via 86786bf3a5e875232ae63d9f9b3dbb542ac2e392 (commit)
via e88a7c2c7175742b58b6aa03f2b5aba2d80330a1 (commit)
via 12a18d6043092bd2574b2bced635259b16317e57 (commit)
via c2efcd321271e6658d9cad87eff0a09d16f2766e (commit)
via 87dc7c4c842deb1e2e3d38089ffcad9f238d98de (commit)
via e1df221d7a1b3df0224d94865ec05ba336995608 (commit)
via c0f6d17764e9bc1724cedd78b880a80446363146 (commit)
via aa66aeda34bea5a8d05717899a229e57aa3237d5 (commit)
via af3d73ec867debb5e38c6c6fde66f05093714fec (commit)
via 7ada0bb7aafd94ef7c9c076e8be50c80bc549a4f (commit)
via 58b491f8cb5b4a0315037d0e1f61f8162a556e8a (commit)
via 17e310b2610448605567644f667c79f41d76f51e (commit)
via 9bb76094b26d22c7a85d98a075640f054b7910f4 (commit)
via 94e247b80a0c28140056ee07ea24e54ca5dbebaf (commit)
via acef6043f647806096c41294b00472f6ce7462d7 (commit)
via f4b6e5290e869fccb87c03da5603a38b7e55abc5 (commit)
via f1e71016dddb65709afe0746a96a3fefbec3ba27 (commit)
via f6992cbb211a42f776333fe65dfad49f17455a3f (commit)
via 7a548b32d9ad8d6e4a8398573d4fa8c4e4a1f9e0 (commit)
via f935ae05040d2d790433abee49ef79f4a8ed393c (commit)
via 3a9d8b0bcaeeb7f260c881fbaaea62f705d0d47e (commit)
via e76ec99b48745b0e3c8aecbc91ed5bba186cf25f (commit)
via 9ee2a9fe2f74b616da34878104bd1ff406534ad1 (commit)
via 73866357e4a7a0fdc1b293bf8863fee2bd56da9e (commit)
via bb8be30857edd501e701c2f22db6c59bd6839c87 (commit)
via 00696591b1f2582cb0c5a8c1887c2f24b6aafedd (commit)
via 6a0448eecdee4c6a19303b75c1707915a80cbfbb (commit)
via df288236cd254798be3759fef4cbc3e535f5a1c3 (commit)
via 298d70e8564f03c844435123bf36e84419c2f65a (commit)
via 927385017047dce3f01c0aee73ab2989b108bbf0 (commit)
via fbd47262d2417c17f1c57896dea8a0c55fb6c770 (commit)
via 6f03bf79952753fbc0dc8611aa4d6e70a108dbc7 (commit)
via f46f8c1c5b6d9f5685b9d945e95647eaf6c2d35b (commit)
via c8f28cc8b84133f20421470e9a61a5a0c78b9c4a (commit)
via 6924b4987d88fbe383bec4da4cf331cc466c245e (commit)
via 773438bd93851dc1a9129a638925c04868820297 (commit)
via 5da9e63f66ca190cb90193ebb9eebf5aa523b4d1 (commit)
via 2cae5334de3a817947742e0b466355e5f5566474 (commit)
via 8d5e773508b154dcfa8d866f68f64ef1ad773957 (commit)
via 9c60365e043a430f74115bbfaf58ce0df7585f49 (commit)
via 281439ba6b96b729ef1400a49ec53eda298bb9f8 (commit)
via 8ad33a34a34ba2bcd360352ad3b7772916832702 (commit)
via 63ef52ac6bf8d555779456166009bd2f6b0a1081 (commit)
via dfbedfedf610210c4ee3f00e9c4f9ea24c4ffe23 (commit)
via e814c8b894e5b8d1570c18aec2c67dfb0c0a59c0 (commit)
via da580fe55ebf234febf4a8880f53a80870e9088f (commit)
via d09b6d591ca7d7d7575cb6aa20384c9830f777ab (commit)
via fa503ad59f73d20d85f4cdf53324a01d2ad8591e (commit)
via 1e128bd804b676ee91beca48312de9b251845d09 (commit)
via 1dc27393b7ba401e6228a5ee2472a6eb72836c43 (commit)
via 5b1fecc7d017df093db7c667bcd1718e45b1df67 (commit)
via 7ac405297ec38449b30e3b05fd6bf2082fd3d803 (commit)
via 4a1d810bb52aa5d5c450f7adcde5145d40261b54 (commit)
via d1435e0772e40c310dff35abe7bf1e7de5b18ee4 (commit)
via f6d6449c88812634e663cef4e09db7b691af3eb5 (commit)
via 3a84b3d5de492e40aff7bae5038b06dd6b6041c4 (commit)
via a3f101331deb9314caa0cfa1061c925865e79380 (commit)
via da41ea1688f03f8869b9c50e878ae505988ead9a (commit)
via f3578faae096f191a44742777275a23b566d7566 (commit)
via d4105ad56335058af4b0b1be1278e01f5c0bd4ac (commit)
via 4d2a77ff8cb4115925477cd5ce0ea972494107ab (commit)
via 9e152fa9f1283ce4f4274cf251b2b2e69bbdfee6 (commit)
via b4af04be14560b3fcc6cf23200148d408014a2f5 (commit)
via 2d68ae7ce6e40e3977ee11a57296cf76801ae320 (commit)
via d3b2e391e3b944581e20e216af76339cc87d0590 (commit)
via 2f09f1b39ced2ae7109382dcf066785bab4a966a (commit)
via a905ea5c97149da9d76cd278b0447e3316087a45 (commit)
via 710a132ce9fbecedbf9447f2b2a134f2359a583c (commit)
via 59e8114c6792242e80785f4461d5e663fb9a3d64 (commit)
via e84f131b5f992577119bd3679241f69ec394e0a7 (commit)
via 648fd1ad68ae2ec675ac07efee80783912535404 (commit)
via 8d89535b38e719f644d858e83f73bee9adf5b1a0 (commit)
from 600f38db82548a683775fd89b6e136673e924097 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit c960bde4a82792c285110589cf8b2cf1438e1b8f
Author: Patrick McHardy <kaber at trash.net>
Date: Wed Jun 8 15:26:17 2011 +0200
Bump version to 1.4.11.1
Signed-off-by: Patrick McHardy <kaber at trash.net>
commit 0727c2cea3ccd2b5bad4d6467125132cc700ad39
Author: Vlad Dogaru <ddvlad at rosedu.org>
Date: Wed Jun 8 14:44:06 2011 +0200
doc: fix MASQUERADE section of man page
The section about MASQUERADE specifies that it takes a single option,
but in reality it takes two: --to-ports and --random.
Signed-off-by: Vlad Dogaru <ddvlad at rosedu.org>
Signed-off-by: Patrick McHardy <kaber at trash.net>
commit 38ffc9dc5bb9f2b1d01bf0b0e28b7323b135f1ea
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Wed Jun 8 12:28:24 2011 +0200
build: re-add missing CPPFLAGS for libiptc
These got lost on commit v1.4.11-12-g5c8f5b6.
Note: When /usr/include/libiptc/libiptc.h exists, this error is
masked away :-/ (IMO, #include-with-quotes "foo.h" should not
search system dirs...)
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 780607f8b040a47cd2d4775376e2d30f567dc049
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Tue Jun 7 22:20:13 2011 +0200
option: fix ignored negation before implicit extension loading
`iptables -A INPUT -p tcp ! --syn` forgot the negation, i.e. it
was not present in a subsequent `iptables -S`.
Commit v1.4.11~77^2~9 missed the fact that after autoloading a proto
extension, cs.invert must not be touched until the next getopt call.
This is now fixed by having command_default return a value to indicate
whether to jump or not.
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 6a74dc80fcdf48e2b149e92aee08f3445055ea3b
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Tue Jun 7 19:06:51 2011 +0200
tests: add some sample rulesets to test save-restore cycle
These rulesets use practically all options (I may have missed some)
for verification that the new Guided Option Parser would take the same
input as the old open-coded ones did. They might come in handy at some
point.
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 033e25a3ad215ee3f5a07f0a3315f74c4abfaced
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Tue Jun 7 14:02:37 2011 +0200
src: move all iptables pieces into a separate directory
(Unclutter top-level dir)
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 5c8f5b60aa8e24da0bd25824f0f85bf7a4a39ea7
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Tue Jun 7 11:42:03 2011 +0200
src: move all libiptc pieces into its directory
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 4598ed7d3e22d74ffaad7948ddc3455ac9aa7576
Author: Maciej Żenczykowski <zenczykowski at gmail.com>
Date: Mon Jun 6 18:27:09 2011 -0700
xtables-multi: fix absence of xml translator in IPv6-only builds
Commit v1.4.11-4-gde791ff did not actually build the iptables-xml code
into the xtables-multi binary.
Signed-off-by: Maciej Zenczykowski <maze at google.com>
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit a1cd1f2a4a35427c68cd0d1bd2761d5be42b12b1
Author: Elie De Brauwer <eliedebrauwer at gmail.com>
Date: Mon Mar 7 21:29:16 2011 +0100
doc: fix trivial typo in libipt_SNAT
The word "occur" had ufortunately been removed in v1.3.8~23.
References: http://bugzilla.netfilter.org/show_bug.cgi?id=707
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 6918795519ddbf4d0efa9aa5b1b51cdafb99c55a
Author: Mike Frysinger <vapier at gentoo.org>
Date: Sat Apr 2 22:13:23 2011 -0400
build: move remaining preprocessor flags to CPPFLAGS
References; http://bugzilla.netfilter.org/show_bug.cgi?id=713
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 5085c3a037fa9327377dec7540d9c3ef2d53a58e
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Wed Jun 1 02:20:40 2011 +0200
build: move kinclude's preprocessor flags to kinclude_CPPFLAGS
References: http://bugzilla.netfilter.org/show_bug.cgi?id=713
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 8e336251e155888f0ac2c79259f8792fc31920a1
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Wed Jun 1 02:16:05 2011 +0200
build: move basic preprocessor flags to regular_CPPFLAGS
This is where they belong, after all.
References: http://bugzilla.netfilter.org/show_bug.cgi?id=713
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit a6793dbb87751a6a201c76ad75efb5d6b7f1e484
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Mon May 30 02:25:43 2011 +0200
doc: iptables-xml should be in manpage section 1
References: http://bugs.debian.org/623112
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 0e6d4dcaccdc86079d7252f6569a9fc6656a63c4
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Mon May 30 01:54:28 2011 +0200
doc: update GPL license text
The Open Build Service/rpmlint flagged the outdated address in the
license text :-)
iptables.x86_64: W: incorrect-fsf-address
/usr/share/doc/packages/iptables/COPYING
The Free Software Foundation address in this file seems to be outdated
or misspelled. Ask upstream to update the address, or if this is a
license file, possibly the entire file with a new copy available from
the FSF.
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit de791ff2d7ac85fa0a707bbd6d98457bb18c5cbb
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Mon May 30 01:47:38 2011 +0200
build: fix absence of xml translator in IPv6-only builds
Due to iptables-xml being listed under IPV4 only, its symlink was not
created on `./configure --disable-ipv4 && make install`.
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 71e402bbb3db7b54571f0e44354fd37706ff90aa
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Mon May 30 01:45:14 2011 +0200
build: fix installation of symlinks
Commit v1.4.11~20 forgot to change the symlink target names to the new
executable name.
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 7d91a2accc92d13bb32bf881831e9c9a8b4d7734
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Mon May 30 01:39:54 2011 +0200
build: remove dead code parts
gcc-4.6 has a new warning, -Wunused-but-set-variable, which flags
no-op code.
CC libiptc/libip4tc.lo
In file included from libiptc/libip4tc.c:118:0:
libiptc/libiptc.c: In function "iptcc_chain_index_delete_chain":
libiptc/libiptc.c:611:32: warning: variable "index_ptr2" set but not used
libiptc/libiptc.c: In function "alloc_handle":
libiptc/libiptc.c:1282:9: warning: variable "len" set but not used
CC libiptc/libip6tc.lo
In file included from libiptc/libip6tc.c:113:0:
libiptc/libiptc.c: In function "iptcc_chain_index_delete_chain":
libiptc/libiptc.c:611:32: warning: variable "index_ptr2" set but not used
libiptc/libiptc.c: In function "alloc_handle":
libiptc/libiptc.c:1282:9: warning: variable "len" set but not used
CC xtables_multi-iptables-xml.o
iptables-xml.c: In function "do_rule_part":
iptables-xml.c:376:8: warning: variable "thisChain" set but not used
CC xtables_multi-ip6tables.o
ip6tables.c: In function "print_firewall":
ip6tables.c:552:10: warning: variable "flags" set but not used
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 874b76221f74a00520a712ef89b5254a1ed896f8
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Sun May 29 16:43:25 2011 +0200
libxt_owner: restore inversion support
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 172e9b15271c276aa1485b4a2fb63928a65b13ae
Author: Patrick McHardy <kaber at trash.net>
Date: Thu May 26 18:12:12 2011 +0200
Bump version to 1.4.11
Signed-off-by: Patrick McHardy <kaber at trash.net>
commit 790845385fb84ce8e79a96e91fc6c4f7df60713d
Merge: 17f7937f79af4d260c60cb800e56fc0df0a48b37 db50b83bc3cd634beb71f38978ad7d035c88ff11
Author: Patrick McHardy <kaber at trash.net>
Date: Wed May 25 05:34:04 2011 +0200
Merge branch 'master' of git://dev.medozas.de/iptables
commit db50b83bc3cd634beb71f38978ad7d035c88ff11
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Mon May 23 18:38:09 2011 +0200
libxt_time: deprecate --localtz option, document kernel TZ caveats
Comparing against the kernel time zone has significant caveats. This
patch adds documentation about the issue, and makes --utc the default
setting for libxt_time.
Furthremore, throw a warning on using the "--localtz" option, to avoid
confusion with one's shell TZ environment variable, and rename it to
"--kerneltz" to be explicit about whose timezone will be used.
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 1201871343223d9781253283a64686be4e63ad52
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Mon May 23 17:48:20 2011 +0200
libxt_time: --utc and --localtz are mutually exclusive
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit b1319cc083de658c0007da93f25d19874f75d55f
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Mon May 23 17:42:37 2011 +0200
libxt_time: always ignore libc timezone
Since xt_time is meant to work across many months, libc doing
automatic conversion from local time to UTC (during parse) is
unwanted, especially when --utc is specified. The same goes for
dumping.
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit d8784613a5be2821ff910cd4c2bfe889a9b306c5
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Wed May 25 00:26:01 2011 +0200
libxt_NFQUEUE: add mutual exclusion between qnum and qbal
Only one is printed on save operation, which leads me to believe that
only one is meant to be used. The manpage seems to corroborate.
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 089585f14fda80508e26ea019703add07cb72f64
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Wed May 25 00:11:48 2011 +0200
libxt_NFQUEUE: avoid double attempt at parsing
Fixes this error:
NFQUEUE: option "--queue-num" can only be used once.
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 6944f2c8190f1c4319aeac748470c71b0ba45025
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Tue May 24 23:50:29 2011 +0200
libxtables: have xtopt_parse_mint interpret partially-spec'd ranges
When ":n" or "n:" is specified, it will now be interpreted as "0:n"
and "n:<max>", respecitvely. nvals will always reflect the number of
(expanded) components. This restores the functionality of options that
take such partially-unspecified ranges.
This makes it possible to nuke the per-matchdata init functions of
some extensions and simply the extensions postparsing to the point
where it only needs to check for nvals==1 or ==2.
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 1b6c7632e5e35ecce91f87a4ae36eca3103cfee2
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Tue May 24 14:49:15 2011 +0200
libxtables: unclutter xtopt_parse_mint
..by moving type-based actions into their own function.
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 57e2e37ebe5319cf84381bdb319ea94143b1bf97
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Tue May 24 02:45:50 2011 +0200
libxtables: make multiint parser have greater range
Since parse_mint can handle XTTYPE_UINT64RC, it must allow numbers
larger than UINT32_MAX.
Cc: JP Abgrall <jpa at google.com>
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 0b7a140944738d67b9c4e6f09992c8407eefb18a
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Tue May 24 02:30:23 2011 +0200
libxtables: use uintmax for xtables_strtoul
Addendum to 2305d5fb42fc059f38fc1bdf53411dbeecdb310b.
I noticed that unsigned long long is not consistently used, for
example, min/max are still just unsigned long, and strtoul is being
called.
Instead of changing it to unsigned long long, just use uintmax
functions right away so this does not need size-related changing in
the future.
Cc: JP Abgrall <jpa at google.com>
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 5e35b7d435c5bc1b3641f76a6601a55d32d63ac8
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Tue May 24 02:03:00 2011 +0200
libxtables: more detailed error message on multi-int parsing
Now shows where exactly the error is.
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 319046c3f96f810f81a5a2e6189ba87527e882f1
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Tue May 24 00:45:08 2011 +0200
libip6t_rt: restore --rt-type storing
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 5a66f40d2f64e8792e1360906d3d6a1c829ba2b7
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Tue May 24 00:35:00 2011 +0200
libxt_u32: --u32 option is required
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit c52f7aa866ee3cdc0e0dc67f3eae629055a126dc
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Mon May 23 00:22:27 2011 +0200
libxt_ipvs: restore network-byte order
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 9039600d2a50970274b5a13f6f616e38cc9c3e6d
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Mon May 23 17:55:29 2011 +0200
doc: remove redundant .IP calls in libxt_time
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 4f0d5a7fd4cb1452493921446603c837316e0179
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Mon May 23 17:54:38 2011 +0200
doc: use .IP list for TCPMSS
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 17f7937f79af4d260c60cb800e56fc0df0a48b37
Author: Lutz Jaenicke <ljaenicke at innominate.com>
Date: Mon May 23 16:28:25 2011 +0200
libxt_devgroup: actually set XT_DEVGROUP_OPT_???GROUP flags
Signed-off-by: Lutz Jaenicke <ljaenicke at innominate.com>
Signed-off-by: Patrick McHardy <kaber at trash.net>
commit 10345ca36786592aa176036f11dd186b24ba1c76
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Sat May 21 00:58:44 2011 +0200
doc: clarify that -p all is a special keyword only
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 25ea60de20fb5f7981a0170eb05c0c9a61525763
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Tue May 17 15:17:08 2011 +0200
doc: make usage of libxt_rateest more obvious
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 88cfbe258b0d30ef26fae8da5484b08e65292a09
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Sat May 21 00:59:11 2011 +0200
doc: add some coded option examples to libxt_hashlimit
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 463628b03eec6e7456ca5121f9b81af7f4690e08
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Thu May 12 17:36:25 2011 +0200
libxt_rateest: streamline case display of units
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit d61b02fbbbe7f6e643aad8649c8559c175c68c52
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Fri May 20 16:26:04 2011 +0200
libxtables: check for negative numbers in xtables_strtou*
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 2305d5fb42fc059f38fc1bdf53411dbeecdb310b
Author: JP Abgrall <jpa at google.com>
Date: Wed May 18 20:26:14 2011 -0700
libxt_quota: make sure uint64 is not truncated
The xtables_strtoul() would cram a long long into a long.
The parse_int would try to cram a UINT64 into a long.
commit 67db7615580f5c3490a39310f5adcb4e767ea6a8
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Fri May 20 16:01:18 2011 +0200
libxt_quota: readd missing XTOPT_PUT request
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit ae06c6dc6d68d11ed15d4c6c47b7b7a709d3c9cb
Author: Lutz Jaenicke <ljaenicke at innominate.com>
Date: Wed May 18 15:11:47 2011 +0200
libipt_REDIRECT: "--to-ports" is not mandatory
The REDIRECT target can be called without the --to-ports option
being specified. From the manual page:
...without this, the destination port is never altered.
Signed-off-by: Lutz Jaenicke <ljaenicke at innominate.com>
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit c02c92d1fcaa1223caf9a5eef32bedcb78f1e714
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Wed May 18 22:48:51 2011 +0200
libxtables: retract _NE types and use a flag instead
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 65c0621d48e818d75f8c2810e93eb405a6d31406
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Fri May 13 01:53:07 2011 +0200
libip6t_rt: rt-0-not-strict should take no arg
This unfortunately got mixed up during the getopt -> guided parser
move.
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 9bfedca6347c2e079e569954197777813f4ef2fb
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Fri May 13 01:13:35 2011 +0200
libxt_conntrack: resolve erroneous rev-2 port range message
--ctorigdstport 13
ip6tables-restore v1.4.10: conntrack rev 2 does not support port ranges
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit fe9922cb4f1fb75072970dd09605fdc056b96195
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Fri May 13 01:12:05 2011 +0200
libxt_conntrack: fix assignment to wrong member
Of course the range end ought to be set, not doing the start value
twice.
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 10dbcd0bfb5a62a71a706d11134f83b0539f4dd3
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Fri May 13 01:06:31 2011 +0200
libxt_conntrack: correct printed module name
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit f25b2355e889290879c8cecad3dd24ec0c384fb8
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Fri May 13 00:15:45 2011 +0200
libipt_[SD]NAT: avoid false error about multiple destinations specified
iptables-restore v1.4.10: DNAT: Multiple --to-destination not supported
xtables_option_parse sets cb->xflags already, so that it cannot be
directly used to test whether an option is being used for the second
time. Thus use a private option/flag (X_TO_DEST/SRC) that is not under
the control of xtables_option_parse.
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit e82d031af24c8155357c6f2d2b2e236bd6cf67e4
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Fri May 13 00:11:00 2011 +0200
libipt_[SD]NAT: flag up module name on error
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 85f423addb46736e414f70b59c9f885e99aeb488
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Thu May 12 14:03:36 2011 +0200
libxtables: collapse double protocol parsing
Un-dent xtables_parse_protocol, and make xtopt_parse_protocol make use
of it.
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit cdc8e0b252c14a17b47e1c89a2fa4dbac2002473
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Thu May 12 13:59:38 2011 +0200
libxt_policy: use XTTYPE_PROTOCOL type
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit ab847dfe38529d2aa67cc8178a54d5b45af11cfa
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Thu May 12 13:20:00 2011 +0200
libxtables: avoid running into .also checks when option not used
If a particular option was not specified, it should not be subject to
.also checks in xtables_option_fcheck2 either.
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 15392934cf81ef85e2a1c21380c61a7a42e260d5
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Thu May 12 12:46:40 2011 +0200
libxt_policy: option table fixes, improved error tracking
Most of the flags are multi-use in this extension. Also transfer
--next => --strict requirement to option table.
Furthermore, augment the error messages emitted from fcheck to contain
the policy element number, and elaborate on what an "empty policy
element" is.
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 449cdd6bcc8d1867bbd26ecbcae9832ab01eb04a
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Thu May 12 12:21:59 2011 +0200
src: combine default_command functions
commit dcd1ad89105faf1f3a9a3febdb970b70c5466518
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Mon May 9 19:32:05 2011 +0200
src: replace old IP*T_ALIGN macros
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 59ce5bd1d05225911051a4c46ce5ccdd7c1ed078
Merge: 8075493a00e06857147263574333df4073ea671b 8d14aeb8c4c3dc8ce9264b04b97f2e8634c1f381
Author: Patrick McHardy <kaber at trash.net>
Date: Thu May 12 11:11:51 2011 +0200
Merge branch 'floating/opts' of git://dev.medozas.de/iptables
commit 8075493a00e06857147263574333df4073ea671b
Merge: 77b6230adfe51836ad5b31b41638b43e9b0062e2 73425492d4c57d34a616d948666ac75ecc612eed
Author: Patrick McHardy <kaber at trash.net>
Date: Wed May 11 13:43:44 2011 +0200
Merge branch 'opts' of git://dev.medozas.de/iptables
commit 77b6230adfe51836ad5b31b41638b43e9b0062e2
Merge: c29f7ef7cb5a31620060ef721d3c65b343eb537a 58e9118dc61c9ff656c0140c429f0fa892c36ac5
Author: Patrick McHardy <kaber at trash.net>
Date: Wed May 11 13:43:04 2011 +0200
Merge branch 'master' of git://dev.medozas.de/iptables
commit c29f7ef7cb5a31620060ef721d3c65b343eb537a
Merge: edc2b1adf32d2b11e126174f525293b3bca6e7bc 6cfb28bb9032dcf2749ff80f88ad37b9fe5e7c2a
Author: Patrick McHardy <kaber at trash.net>
Date: Mon May 9 20:23:21 2011 +0200
Merge branch 'opts' of git://dev.medozas.de/iptables
commit 8d14aeb8c4c3dc8ce9264b04b97f2e8634c1f381
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Mon May 9 02:29:02 2011 +0200
libipt_SAME: use guided option parser
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit c0bba1a8033ce15d1eec80da94c8f249a967568e
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Mon May 9 01:10:30 2011 +0200
libipt_REDIRECT: use guided option parser
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit bf07750fd4fc5f5e603e59e72d62696d2389e9b3
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Sun May 8 19:46:17 2011 +0200
libipt_MASQUERADE: use guided option parser
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 9f4a637ee5856e8f260e3f3867782ed5584e00f9
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Sun May 8 19:07:28 2011 +0200
libipt_SNAT: use guided option parser
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit f875e84427de17b34ecb69a56d87161571ffab76
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Sun May 8 18:18:46 2011 +0200
libipt_DNAT: use guided option parser
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit ce4b79577fa9c1ed68c36797890d39ca5ba9a8bf
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Sat May 7 14:39:08 2011 +0200
libxt_iprange: use guided option parser
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 4eb3d6da8f677f978126bb00928f64da15c3d623
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Sun May 8 14:43:55 2011 +0200
libipt_CLUSTERIP: use guided option parser
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 7e79d139c1ea6e1b72bbedc53c0426c9d5ffa0e0
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Sat May 7 03:18:11 2011 +0200
libxt_mac: use guided option parser
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit cb225e26856accf5661dcbc3cf34d7f77b2f0c36
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Sun May 8 13:31:19 2011 +0200
libxtables: XTTYPE_ETHERMAC support
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 1f8e52ed2ac513476dc93fedde915079c4387728
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Sun May 8 12:53:20 2011 +0200
libip6t_rt: use guided option parser
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 7752e649cec9d23b867d166ace38d213f0584077
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Sun May 8 12:16:18 2011 +0200
libip6t_mh: use guided option parser
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 73425492d4c57d34a616d948666ac75ecc612eed
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Sun May 8 12:15:49 2011 +0200
libxt_conntrack: use guided option parser
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 58e9118dc61c9ff656c0140c429f0fa892c36ac5
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Mon May 9 16:34:46 2011 +0200
doc: S/DNAT allows to omit IP addresses
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 7c816547270050ccc29fb07c9e62c230e015c8e3
Author: Changli Gao <xiaosuo at gmail.com>
Date: Mon Mar 14 14:23:31 2011 +0800
iptables: fix the dead loop when meeting unknown options
Signed-off-by: Changli Gao <xiaosuo at gmail.com>
commit edc2b1adf32d2b11e126174f525293b3bca6e7bc
Merge: 26ed9ea93564bb5ffdb5238eaa202cd9bcf6d6d1 753bbed383cde1c18e05b5b726b6c28afbde3a3c
Author: Patrick McHardy <kaber at trash.net>
Date: Mon May 9 11:26:32 2011 +0200
Merge branch 'opts' of git://dev.medozas.de/iptables
commit 372203af4c70fb20bc7ff3a49788b9bbf57d2eb1
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Sat May 7 13:03:06 2011 +0200
libxt_ipvs: use guided option parser
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 170cf49a630fd0d237818b537c01794dde00b07a
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Sat May 7 12:56:39 2011 +0200
libxtables: XTTYPE_PROTOCOL support
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 0f77e2e40a498688f3d8f8a65bf74ce13db893b2
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Sat May 7 03:26:08 2011 +0200
libxt_limit: use guided option parser
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit ef7d2e845f72fd3a01c9d89e73c90de5dcca73a7
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Sun May 8 21:12:46 2011 +0200
libipt_NETMAP: use guided option parser
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 87a34d7aef2cba833f4f36536575dee304bbece5
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Sat May 7 00:15:49 2011 +0200
libxt_multiport: use guided option parser
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 94cd683a969e024ec870df258fafd790b8a1abf1
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Fri May 6 22:59:07 2011 +0200
libxt_osf: use guided option parser
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 21d243c3152f0798683aacbf95acfc8c1378924e
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Fri May 6 22:49:43 2011 +0200
libxt_owner: use guided option parser
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit d441ad6a68c5d65344449962f4648d297d453b6c
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Fri May 6 17:45:12 2011 +0200
libxt_policy: use guided option parser
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 66266abd17adc9631f3769ef0b82968c0bac6f38
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Thu May 5 14:19:25 2011 +0200
libxtables: XTTYPE_HOSTMASK support
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit fe02f76e013941a7f65f57f297d3177bcfeb0623
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Wed May 4 23:18:57 2011 +0200
libxt_hashlimit: use guided option parser
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit fa9b759bacc0ad6a093892ef508811e7feb981b0
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Wed May 4 17:25:54 2011 +0200
libxtables: XTTYPE_PLEN support
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 269cbfd30aac18c1fd251be83430dabc60abee0c
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Thu May 5 12:53:14 2011 +0200
libxtables: flag invalid uses of XTOPT_PUT
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit d7282413763b0ba85d512c1cd49174b762ff449c
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Wed May 4 16:41:13 2011 +0200
libxtables: do not overlay addr and mask parts, and cleanup
XTTYPE_HOSTMASK will require that what has now become haddr,
hmask/hlen are not overlays of another. Thus relax the structure and
always set all members of the {haddr, hmask, hlen} triplet now for all
types that touch any of the members.
Add some more comments and clean out ONEHOST.
commit 51a746e6b1d66ca546fd2f8a1f7809868174e637
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Wed May 4 12:30:15 2011 +0200
libxt_recent: use guided option parser
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 27adf1ec123b949f1c7b48fbdef67d1d4ed18901
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Sun May 1 21:52:25 2011 +0200
libxt_connlimit: use guided option parser
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit e8b42fee7eaa1ba6df203fe0bc4496cae226cbd2
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Mon May 2 02:13:16 2011 +0200
libxtables: support for XTTYPE_PLENMASK
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 6cfb28bb9032dcf2749ff80f88ad37b9fe5e7c2a
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Sun May 1 16:27:46 2011 +0200
libxt_NFLOG: use guided option parser
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit a0b2facfa1fe70d9a9e628b09bc4895de0bfd672
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Sun May 1 16:11:31 2011 +0200
libxt_IDLETIMER: use guided option parser
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 3c7f501545828965908cc28fc40f7da2be747561
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Mon May 2 18:26:31 2011 +0200
libxt_statistic: use guided option parser
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit f012b3c9190cd95ac170072f759a97575613ea07
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Mon May 2 18:09:59 2011 +0200
libxtables: XTTYPE_DOUBLE support
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 39d3aa36ea38668a2c343b5af42b2d8d3616a9de
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Mon May 2 16:38:11 2011 +0200
libxt_statistic: increase precision on create and dump
Currently, libxt_statistic only dumps the probability with a
granularity of 1/1000000. Assuming only stuffed packets with 1440
bytes payload, this would match approximately every 1.341 GB, which is
pretty low for a high-volume router. Trying to match any larger
interval than that (e.g. 2 GB) will cause libxt_statistic to output
"--probability 0.000000", and when restored, will cause it to never
match again.
Bump the dump precision to what xt_statistic can really do, and adjust
the manpage to include a word about it.
Furthermore, employ explicit rounding when reading the argument from
the command line, because the previous implicit conversion would use
truncation, which is not very exact.
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit d118d21ea3108f94ca1f84f11dd39f3f12e9ee2b
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Mon May 2 16:29:18 2011 +0200
libxt_statistic: streamline and document possible placement of negation
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit dd6e4b90b5b2dbc2bbaac5008e26949a18478197
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Sat May 7 00:05:24 2011 +0200
extensions: const annotations
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit e1639b0bc28420ca01d733749c8db16d5a3fbd0c
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Thu May 5 12:54:52 2011 +0200
libxtables: output name of extension on rev detect failure
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 752a30dfe4429ec2623a3c1181e1499b87158c5c
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Fri May 6 21:58:38 2011 +0200
libxt_owner: remove ifdef IPT_COMM_OWNER
Ever since we keep a copy of the header files anyway, IPT_COMM_OWNER
is always available.
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 104fb318d22231c9edf9d61ef84cc84386e52d6b
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Sat May 7 04:01:25 2011 +0200
extensions: remove bogus use of XT_GETOPT_TABLEEND
Commit v1.4.8-36-g32b8e61 added this end marker in a little too many
places: at non-getopt places. Fix that.
Also change the definition of XT_GETOPT_TABLEEND to reference a struct
getopt member by name so that this cannot happen again.
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 373e8513c4b9b0491e46ae89397ead03d093ee76
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Fri May 6 22:40:35 2011 +0200
libxt_u32: add missing call to xtables_option_parse
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 0787a82873fe9db5dea478942b183e6ff2a8500d
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Mon May 2 02:43:15 2011 +0200
libxtables: fix assignment in wrong offset (XTTYPE_UINT*RC)
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 06312dab6c530a214a4e7bad1b2329381430bddc
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Sun May 1 19:58:56 2011 +0200
libxt_tos: add inversion support back again
It was unfortunately removed during the option parser switch.
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 753bbed383cde1c18e05b5b726b6c28afbde3a3c
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Wed Apr 20 10:17:33 2011 +0200
libxt_dccp: use guided option parser
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 2e73af96178f0ed7ebbd99478f1bc05ec5c86dc7
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Tue Apr 19 15:44:48 2011 +0200
libxt_udp: use guided option parser
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit f30231a02e145020fb47524f9a0daeb498a4f7d0
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Sun Apr 17 13:33:50 2011 +0200
libxtables: XTTYPE_PORTRC support
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit ee1fbbe536c6dd3a252886815314cf910d672ca6
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Fri Apr 29 02:19:52 2011 +0200
extensions: remove unused TOS code
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit d8f591993eb610b41f3170a94a879edd24ad348a
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Fri Apr 29 02:12:56 2011 +0200
libxt_tos: use guided option parser
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 61cc52b6f9edfa3efb1d0c9ea9531abb42828ec2
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Fri Apr 29 01:25:14 2011 +0200
libxt_TOS: use guided option parser
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 26ed9ea93564bb5ffdb5238eaa202cd9bcf6d6d1
Author: Maciej Żenczykowski <maze at google.com>
Date: Mon Apr 4 22:30:16 2011 -0700
combine ip6?tables-multi into xtables-multi
Signed-off-by: Maciej Zenczykowski <maze at google.com>
commit 9a9694fbf1796a6a5011b60b2a15c01fa3c61368
Author: Maciej Żenczykowski <maze at google.com>
Date: Wed Apr 6 13:35:11 2011 -0700
Move common parts of libext{4,6}.a into libext.a
Signed-off-by: Maciej Zenczykowski <maze at google.com>
commit 57664121bce6d3ae05a186c7627c919fb0799649
Author: Maciej Żenczykowski <maze at google.com>
Date: Thu Apr 14 02:22:14 2011 -0700
Add --ipv4/-4 and --ipv6/-6 support to ip6?tables{,-restore}.
This enables one to have a single configuration file for both ipv4 and ipv6
firewall rules.
Example:
iptables-restore config
ip6tables-restore config
Where the file 'config' contains:
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:ssh - [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -m state --state INVALID -j DROP
-A INPUT -i lo -j ACCEPT
-A INPUT -4 -p icmp -j ACCEPT
-A INPUT -6 -p icmpv6 -j ACCEPT
-A INPUT -p tcp --dport 22 -m state --state NEW -j ssh
-A ssh -j ACCEPT
COMMIT
Signed-off-by: Maciej Zenczykowski <maze at google.com>
commit b32b361a725c8fe3a3aa494e6cdec09a80785aac
Author: Maciej Zenczykowski <maze at google.com>
Date: Tue Apr 19 09:14:04 2011 +0200
Don't load ip6?_tables module when already loaded
Signed-off-by: Maciej Zenczykowski <maze at google.com>
Signed-off-by: Patrick McHardy <kaber at trash.net>
commit 57a92c7b7ed01ad8f49c680af63341409c3afb1a
Merge: e39f367d905670e39e6f08d2b73c715a6d0b4bfb 1f2474ae5276e49005c8e234dec091b007e3fce2
Author: Patrick McHardy <kaber at trash.net>
Date: Mon Apr 18 15:03:22 2011 +0200
Merge branch 'floating/opts' of git://dev.medozas.de/iptables
commit e39f367d905670e39e6f08d2b73c715a6d0b4bfb
Author: Jozsef Kadlecsik <kadlec at blackhole.kfki.hu>
Date: Sun Apr 17 11:38:18 2011 +0200
SET target revision 2 added
The new revision of the SET target supports the following new operations
- specifying the timeout value of the entry to be added
- flag to instruct the kernel that if the entry already
exists then reset the timeout value to the specified one (or
to the default from the set definition)
commit 44517bda3d8130638882f69478a8091316f30cbb
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Thu Apr 14 13:54:24 2011 +0200
xtoptions: respect return value in xtables_getportbyname
If ret was negative, ntohs may make it positive, which is undesired.
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit d44c31ac8e52f34e058f44aba14f679abcc7edf9
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Thu Apr 14 13:42:43 2011 +0200
libxt_TEE: use guided option parser
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 3a32dcbb5512bfc1fd385c26fb906ce8562200da
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Thu Apr 14 13:34:18 2011 +0200
build: bump libxtables ABI version
Adding the x6_* members to struct xtables_{match,target} caused a
change requiring a bump.
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 1f2474ae5276e49005c8e234dec091b007e3fce2
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Tue Mar 8 01:24:26 2011 +0100
libipt_ULOG: use guided option parser
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 64cb56e3e894f6b8b523ecb45f91abe43b07cf0c
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Wed Feb 9 02:15:22 2011 +0100
libxt_TPROXY: use guided option parser
I am starting with a simple module here that does not require a
final_check function.
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit b8592fa3352018646b0befaa48f930f75c5b7d92
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Mon Feb 14 15:12:50 2011 +0100
libxtables: XTTYPE_PORT support
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 2b01f706e7ba48d72e57f8e47457a86d9ed44992
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Mon Feb 14 15:10:15 2011 +0100
libxtables: XTTYPE_ONEHOST support
The bonus of the POSIX socket API is that it is almost protocol-agnostic
and that there are ready-made functions to take over the gist of address
parsing and packing.
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 0dd344a9bedc24feb6ad99d4620bdc7da171c72d
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Tue Feb 15 12:05:12 2011 +0100
libip[6]t_LOG: use guided option parser
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 41a4cea0f4109fb76762dca073c3c1217658ee06
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Tue Feb 15 22:10:48 2011 +0100
libxtables: XTTYPE_SYSLOGLEVEL support
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit c618a0b1d3696c30f7791a427da9ba60186dfe05
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Sun Mar 6 18:12:04 2011 +0100
libxt_string: use guided option parser
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 33d180871bea281a448efd0c1a49517318162382
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Sun Mar 6 18:11:58 2011 +0100
libxtables: pass struct xt_entry_{match,target} to x6 parser
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit ea2a02f7e961011b2e226c25a5e8ff49e1f84278
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Sun Mar 6 18:00:05 2011 +0100
libxt_TCPMSS: use guided option parser
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 478be25c3b64e0f2ddbd2aa97ebe78df7ca00c0a
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Sun Mar 6 17:54:50 2011 +0100
libxt_NFQUEUE: use guided option parser
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit a05562e1e2fb2e18f34d29ec57c4217a3014d1f2
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Sun Mar 6 17:47:03 2011 +0100
libxt_CT: use guided option parser
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 0eff54bd407aae6b99c3b189d356929e399b5a38
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Sun Mar 6 17:42:51 2011 +0100
libxtables: XTTYPE_UINT16 support
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 09631dc60ce41bc484a42fcf4d4ddf7036820bd1
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Sun Mar 6 17:19:10 2011 +0100
libxt_connbytes: use guided option parser
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit bc438c4cbdab09fafbbceecddd54e44e4234a4a1
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Sun Mar 6 17:13:54 2011 +0100
libxtables: XTTYPE_UINT64RC support
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 8bf513ada0aae0e4b1ac5160113fc532c2f525d0
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Sun Mar 6 17:09:19 2011 +0100
libxtables: XTTYPE_UINT8RC support
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit ba77b9b142b55c856b0a2950eddece7ad7e6bfbc
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Sun Mar 6 17:04:35 2011 +0100
libxt_tcpmss: use guided option parser
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit c15f9e3f6d8552cddfc858b115d996c7cf5b47e9
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Sun Mar 6 17:00:49 2011 +0100
libxt_length: use guided option parser
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 564eaf48e14411803a353206eefbb89d525c63ff
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Sun Mar 6 16:59:23 2011 +0100
libxtables: XTTYPE_UINT16RC support
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit f04d48879fea70451148d7867d5a388efe63b48f
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Sun Mar 6 16:38:51 2011 +0100
libipt_realm: use guided option parser
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 5d8e61ef4636383ca47cd748cd7457a238de37a6
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Sun Mar 6 16:02:03 2011 +0100
libxt_devgroup: use guided option parser
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 2e0ec4fa0fb5162c441cd666f55fe76777e40d5e
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Sun Mar 6 16:24:43 2011 +0100
libxtables: linked-list name<->id map
This consolidates the maps from libxt_devgroup and libxt_realm.
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 1e6c1ee1bf2822d5fdf61725148700a410fb8b86
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Sun Mar 6 16:58:24 2011 +0100
libxt_quota: use guided option parser
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 8b5bdea659f1fb86b3288a2568ab104a90b914e5
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Sun Mar 6 16:56:53 2011 +0100
libxtables: XTTYPE_UINT64 support
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 7299fa4b615d7f7ee12cde444266f6b31f667f9f
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Sun Mar 6 15:54:58 2011 +0100
libxt_CONNMARK: use guided option parser
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 60756e7f8be9242b606f1b5fbcb38f45e4de29c5
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Sun Mar 6 15:21:24 2011 +0100
libxt_MARK: use guided option parser
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit d25e217578492d17f7752bf77cfab5f2c2509795
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Sun Mar 6 14:57:44 2011 +0100
libxtables: XTTYPE_MARKMASK32 support
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 316ae9d2f1996caea4cf221201accb8c2087a154
Merge: cd50f26ad6016ae57af1f822f8aa3ceb2ef9727a 4f7f187ffe1773487071b413491f062d141309dd
Author: Patrick McHardy <kaber at trash.net>
Date: Wed Apr 13 13:38:20 2011 +0200
Merge branch 'opts' of git://dev.medozas.de/iptables
commit cd50f26ad6016ae57af1f822f8aa3ceb2ef9727a
Merge: 884d2675f1a880ffcc072da69ab8c9aaea2a3bce b18ffe3636b07cd817628de81643136e4755a944
Author: Patrick McHardy <kaber at trash.net>
Date: Tue Apr 12 16:05:39 2011 +0200
Merge branch 'opts' of git://dev.medozas.de/iptables
commit 884d2675f1a880ffcc072da69ab8c9aaea2a3bce
Merge: c0431520a5f91e754cec8d827d8f978da4241717 aeb8af909befedbfc85e9f184471b219e4ea191a
Author: Patrick McHardy <kaber at trash.net>
Date: Tue Apr 12 16:05:28 2011 +0200
Merge branch 'master' of vishnu.netfilter.org:/data/git/iptables
commit aeb8af909befedbfc85e9f184471b219e4ea191a
Author: Jozsef Kadlecsik <kadlec at blackhole.kfki.hu>
Date: Sat Apr 9 21:29:08 2011 +0200
Fix set match/target direction parser
The direction parser did not catch when more src/dst direction
parameters were supplied than allowed.
commit c0431520a5f91e754cec8d827d8f978da4241717
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Wed Apr 6 13:21:54 2011 +0200
doc: avoid duplicate entries in manpage
Commit v1.4.9-35-gd4105ad changed from [A-Z] and [a-z] to use
[[:alnum:]], which unfortunately drew matches into the target section,
and targets into the match section. [[:upper:]] and [[:lower:]] should
have been used instead, of course.
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 4f7f187ffe1773487071b413491f062d141309dd
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Wed Mar 2 23:06:59 2011 +0100
libxt_u32: use guided option parser
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit d64d54777b4a9405a8229a533e44a2e80f000a9f
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Wed Mar 2 23:03:36 2011 +0100
libxt_time: use guided option parser
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 72ef3d3063ce7a12ee199f9539e958b4f4ca561d
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Wed Mar 2 22:52:04 2011 +0100
libxt_state: use guided option parser
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit de31da35a8042db0ea1b106b77d03a5920e7198b
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Wed Mar 2 19:19:16 2011 +0100
libxt_pkttype: use guided option parser
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 2291d887cea2412af380f1ae995ddfee0362386b
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Wed Mar 2 19:09:38 2011 +0100
libxt_physdev: use guided option parser
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 76e18aeaa67940544a3d5b740a37dce4f169a108
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Wed Mar 2 18:55:32 2011 +0100
libxt_helper: use guided option parser
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit cc2511ee64df98e45d0b42a93a9b789b9726d4b9
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Tue Mar 1 20:16:22 2011 +0100
libxt_comment: use guided option parser
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 693420f27bea05ef22a218cd599e42af5b014453
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Wed Mar 2 22:57:52 2011 +0100
libxt_TCPOPTSTRIP: use guided option parser
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 03fe3d289ded9b1b8640e4be1398b0cf1f7e4fa0
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Wed Mar 2 22:50:13 2011 +0100
libxt_SECMARK: use guided option parser
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 942f140a57745f5e12d6a8cd2a4ca3f51ef4403a
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Sun Mar 6 18:21:42 2011 +0100
libxt_LED: use guided option parser
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 72c359784a03b1ea46a9964e5c1f8636a52507dd
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Tue Mar 1 20:28:24 2011 +0100
libxt_DSCP: use guided option parser
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 35459f05f5addd1b92c32a241863995aa619495b
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Tue Mar 1 20:14:16 2011 +0100
libxt_CLASSIFY: use guided option parser
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit ba3b73f0d3aae8188ff0b75d0839c841352f7760
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Tue Mar 1 20:11:01 2011 +0100
libxt_AUDIT: use guided option parser
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 94c5d622b2c88d78a153b9e2986467c84417020d
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Tue Mar 1 20:02:35 2011 +0100
libipt_addrtype: use guided option parser
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit e36463232e2f1fe9363700b2740c2a82dbf1821d
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Thu Mar 3 00:51:16 2011 +0100
libipt_ECN: use guided option parser
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit b26d08b56eb81779589eb43fb0f636ac9eb51cb2
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Tue Mar 1 19:51:16 2011 +0100
libip6t_ipv6header: use guided option parser
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 1b8db4f4ca250f13a0e7edddb31cfc1f82d42806
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Tue Mar 1 18:36:15 2011 +0100
libip[6]t_icmp: use guided option parser
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 7a969bb06cef93b6b0dadbb784c30d33856445d1
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Thu Mar 3 00:40:43 2011 +0100
libip6t_hbh: use guided option parser
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 082e9e11ed345572e2bf4790a5f8ba5245164fc6
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Fri Feb 18 02:11:31 2011 +0100
libip6t_dst: use guided option parser
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit b313d8f3f78c62cce930728bc9163ecf942c22e8
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Wed Feb 16 01:16:39 2011 +0100
libip[6]t_REJECT: use guided option parser
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 4a0a17620017c1f45946b2cde7139ef18ea3d93c
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Tue Feb 15 22:09:21 2011 +0100
libxtables: XTTYPE_STRING support
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit a3876fa13ffe792e209cc1a8ac1214946c898eea
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Sun Feb 27 23:56:28 2011 +0100
libxt_esp: use guided option parser
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 7c51e38d7586e2f6207c78743cc955e8778a925d
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Fri Feb 18 02:17:54 2011 +0100
libip6t_frag: use guided option parser
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 4d6ede0b324e5e9dcbb1d7cc2a7aebed9e56821a
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Wed Feb 16 01:59:18 2011 +0100
libip[6]t_ah: use guided option parser
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 04bb988275ac76815a15788a7fc75ac78f3bb833
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Sun Feb 27 23:41:10 2011 +0100
libxtables: XTTYPE_UINT32RC support
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit dba0839a103fe0384b41a8f08a3b3a5f9eba732b
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Fri Feb 18 03:20:56 2011 +0100
libip[6]t_hl: use guided option parser
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit fa728c88fd0bfdc3f2bdb79beed91cd9e1fca5e5
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Sun Feb 13 03:31:54 2011 +0100
libip[6]t_HL: use guided option parser
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit dfe99f1bf291b4b954d3608dbe95a43e16a8bb49
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Sun Feb 27 19:03:28 2011 +0100
libxtables: XTTYPE_UINT8 support
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit b18ffe3636b07cd817628de81643136e4755a944
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Sun Feb 27 17:52:23 2011 +0100
libxt_cluster: use guided option parser
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit d78254d7f9d18ef76377a3013302430cce8ea702
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Sun Feb 27 17:38:34 2011 +0100
libxtables: min-max option support
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 93112921153c43dc0521be499f6a792d2aaae5e9
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Fri Feb 18 03:41:18 2011 +0100
libxt_cpu: use guided option parser
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit a93142d5f55db74ebd7d49be9bd88f7a499ded40
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Wed Feb 16 01:22:25 2011 +0100
libxtables: XTTYPE_UINT32 support
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 97265fb806dffc6fd87ee5e0f0963dfbe7a094f6
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Sun Feb 27 16:50:22 2011 +0100
libxt_CONNSECMARK: use guided option parser
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 3af739b0e7c3b6dcc986645c57c982d0add5006b
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Thu Feb 10 16:57:37 2011 +0100
libxtables: provide better final_check
This passes the per-extension data block to the new x6_fcheck function
pointer, which can then do last alterations without using hacks
like global variables (think libxt_statistic).
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 9c5c10554c61f0b22cbc65b27b765fa8172040f7
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Fri Feb 18 03:22:52 2011 +0100
libxt_socket: use guided option parser
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit f92bca9da4ee68f05dbb827a8444804a8edb1b87
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Sun Feb 27 16:54:27 2011 +0100
libxt_CHECKSUM: use guided option parser
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit aa37acc1423126f555135935c687eb91995b9440
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Mon Feb 7 04:00:50 2011 +0100
libxtables: guided option parser
This patchset seeks to drastically reduce the code in the individual
extensions by centralizing their argument parsing (breakdown of
strings), validation, and in part, assignment.
As a secondary goal, this reduces the number of static storage duration
variables in flight.
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 458d84de2412b43604a8efe2b82a2084a2859a46
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Tue Mar 1 19:48:10 2011 +0100
extensions: add missing checks for specific flags (2)
Addendum to v1.4.10-75-g4e5d4bf. It does not make sense to use
ipv6header's --soft without specifying any options.
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 6a86854bf91227a70392fc2665ed4f99af0229e3
Author: Maciej Zenczykowski <maze at google.com>
Date: Tue Apr 5 12:43:26 2011 +0200
convert ip6?tables-multi to actually use their own header files
Signed-off-by: Maciej Zenczykowski <maze at google.com>
Signed-off-by: Patrick McHardy <kaber at trash.net>
commit 37911de507d0597980ad218a044a482501a21b01
Author: Maciej Zenczykowski <maze at google.com>
Date: Tue Apr 5 12:42:37 2011 +0200
move 'int line' definition from ip6?tables.c into xtables.c
Signed-off-by: Maciej Zenczykowski <maze at google.com>
Signed-off-by: Patrick McHardy <kaber at trash.net>
commit 742e9a43c314b45a76acdac8f53d36f1337154bf
Author: Maciej Zenczykowski <maze at google.com>
Date: Mon Apr 4 15:38:44 2011 +0200
v6: rename do_command() to do_command6()
(actually only applies to two comments, since the
function has long been called do_command6)
Signed-off-by: Maciej Zenczykowski <maze at google.com>
Signed-off-by: Patrick McHardy <kaber at trash.net>
commit c1e04bd1b057151afaf7e6138089f2fe2c1b7d1c
Author: Maciej Zenczykowski <maze at google.com>
Date: Mon Apr 4 15:38:11 2011 +0200
v4: rename do_command() to do_command4()
Signed-off-by: Maciej Zenczykowski <maze at google.com>
Signed-off-by: Patrick McHardy <kaber at trash.net>
commit 9680f2ecbdb7e5c61ab60e7399e9ca9f1013fd8d
Author: Maciej Zenczykowski <maze at google.com>
Date: Mon Apr 4 15:37:43 2011 +0200
v6: rename print_rule() to print_rule6()
Signed-off-by: Maciej Zenczykowski <maze at google.com>
Signed-off-by: Patrick McHardy <kaber at trash.net>
commit bb9fe8059f40f0dde9c780498f5af42f5aa6a179
Author: Maciej Zenczykowski <maze at google.com>
Date: Mon Apr 4 15:37:13 2011 +0200
v4: rename print_rule() to print_rule4()
Signed-off-by: Maciej Zenczykowski <maze at google.com>
Signed-off-by: Patrick McHardy <kaber at trash.net>
commit 85aae15567b8ae1eaedf9f011ba7aef80dfca208
Author: Maciej Zenczykowski <maze at google.com>
Date: Mon Apr 4 15:36:45 2011 +0200
v6: rename delete_chain() to delete_chain6()
Signed-off-by: Maciej Zenczykowski <maze at google.com>
Signed-off-by: Patrick McHardy <kaber at trash.net>
commit e5c061afabf018634a507f00df5b1d0c4bd53a37
Author: Maciej Zenczykowski <maze at google.com>
Date: Mon Apr 4 15:36:14 2011 +0200
v4: rename delete_chain() to delete_chain4()
Signed-off-by: Maciej Zenczykowski <maze at google.com>
Signed-off-by: Patrick McHardy <kaber at trash.net>
commit 74ace0a46048d01611a44c24f6fe5f59d936231b
Author: Maciej Zenczykowski <maze at google.com>
Date: Mon Apr 4 15:35:47 2011 +0200
v6: rename flush_entries() to flush_entries6()
Signed-off-by: Maciej Zenczykowski <maze at google.com>
Signed-off-by: Patrick McHardy <kaber at trash.net>
commit cc38d058d14e84d3008a0c0035348e0ad5f0d5d2
Author: Maciej Zenczykowski <maze at google.com>
Date: Mon Apr 4 15:35:20 2011 +0200
v4: rename flush_entries() to flush_entries4()
Signed-off-by: Maciej Zenczykowski <maze at google.com>
Signed-off-by: Patrick McHardy <kaber at trash.net>
commit 241e73594f6d75e32a7e89ebdb6b7f7917a48df0
Author: Maciej Zenczykowski <maze at google.com>
Date: Mon Apr 4 15:34:54 2011 +0200
v6: rename for_each_chain() to for_each_chain6()
Signed-off-by: Maciej Zenczykowski <maze at google.com>
Signed-off-by: Patrick McHardy <kaber at trash.net>
commit e70844a98d125679cfe0c62e48d0f19bf175280d
Author: Maciej Zenczykowski <maze at google.com>
Date: Mon Apr 4 15:34:28 2011 +0200
v4: rename for_each_chain() to for_each_chain4()
Signed-off-by: Maciej Zenczykowski <maze at google.com>
Signed-off-by: Patrick McHardy <kaber at trash.net>
commit a85112dc330188035a8d7a58cab499d7672e4d87
Author: Maciej Zenczykowski <maze at google.com>
Date: Mon Apr 4 15:33:58 2011 +0200
xtables.h: init_extensions() no longer exists
Signed-off-by: Maciej Zenczykowski <maze at google.com>
Signed-off-by: Patrick McHardy <kaber at trash.net>
commit 49d8c5d564cad70c5c1bef2d5571e8e494454210
Author: Maciej Zenczykowski <maze at google.com>
Date: Mon Apr 4 15:33:25 2011 +0200
v6: rename init_extensions() to init_extensions6()
Signed-off-by: Maciej Zenczykowski <maze at google.com>
Signed-off-by: Patrick McHardy <kaber at trash.net>
commit 5e8f947becc00a79e78b2a6cf0e25fd674c57ec4
Author: Maciej Zenczykowski <maze at google.com>
Date: Mon Apr 4 15:32:39 2011 +0200
v4: rename init_extensions() to init_extensions4()
Signed-off-by: Maciej Zenczykowski <maze at google.com>
Signed-off-by: Patrick McHardy <kaber at trash.net>
commit 2c6ac071a9c660b61a76565d1024d372deac8a98
Author: Maciej Zenczykowski <maze at google.com>
Date: Mon Apr 4 15:31:43 2011 +0200
xtables: delay (statically built) match/target initialization
Matches and targets built into the iptables static binary will always
be registered as the binary starts up, this may potentially (as a result
of kernel version support checking) result in modules being autoloaded.
This is undesirable (for example it may cause CONNMARK target to load
and thus cause the kernel to load the conntrack module, which isn't a
no-op).
Transition to a system where matches and targets are registered into
a pending list, from whence they get fully registered only when
required.
Signed-off-by: Maciej Zenczykowski <maze at google.com>
Signed-off-by: Patrick McHardy <kaber at trash.net>
commit cf3e52d00b7d3fedf98ef7710c337c441270d936
Author: Maciej Zenczykowski <maze at google.com>
Date: Mon Apr 4 15:31:09 2011 +0200
xtables_ip6addr_to_numeric: fix typo in comment
An IPv6 address consists of eight hexadecimal 16-bit values seperated
by colons, or alternatively, six (not five) of these followed by a colon
and an IPv4 address in standard dotted decimal quad notation
(for IPv4 mapped addresses and the like).
Signed-off-by: Maciej Zenczykowski <maze at google.com>
Signed-off-by: Patrick McHardy <kaber at trash.net>
commit a239728ec064666025de2723997d87b176d57fd6
Author: Maciej Zenczykowski <maze at google.com>
Date: Mon Apr 4 15:30:32 2011 +0200
mark newly opened fds as FD_CLOEXEC (close on exec)
(This is iptables-1.4.3.1-cloexec.patch from RedHat iptables.src.rpm)
Signed-off-by: Maciej Zenczykowski <maze at google.com>
Signed-off-by: Patrick McHardy <kaber at trash.net>
commit 8d6492d582c7284217c042d5638cf50174e5fbfd
Author: Maciej Zenczykowski <maze at google.com>
Date: Mon Apr 4 15:29:40 2011 +0200
man pages: allow underscores in match and target names
Signed-off-by: Maciej Zenczykowski <maze at google.com>
Signed-off-by: Patrick McHardy <kaber at trash.net>
commit df37d99b0cba63443d4224187f2d5a0c299ad7ad
Author: Mark Montague <mark at catseye.org>
Date: Mon Apr 4 14:54:52 2011 +0200
iptables: documentation for iptables and ip6tables "security" tables
Add documentation for the iptables and ip6tables "security" tables.
Based on http://lwn.net/Articles/267140/ and kernel source.
Signed-off-by: Mark Montague <mark at catseye.org>
Signed-off-by: Patrick McHardy <kaber at trash.net>
commit c7948744bf591e0c46b6d19ccfa408cc59e11ef1
Author: Thomas Graf <tgraf at redhat.com>
Date: Wed Mar 16 16:30:09 2011 +0100
iptables: add manual page section for AUDIT target
Signed-off-by: Thomas Graf <tgraf at redhat.com>
Signed-off-by: Patrick McHardy <kaber at trash.net>
commit d59b9db031abee37a9aa9776662dd15370faabf4
Author: Stefan Tomanek <stefan.tomanek at wertarbyte.de>
Date: Tue Mar 8 22:42:51 2011 +0100
iptables: add -C to check for existing rules
It is often useful to check whether a specific rule is already present
in a chain without actually modifying the iptables config.
Services like fail2ban usually employ techniques like grepping through
the output of "iptables -L" which is quite error prone.
This patch adds a new operation -C to the iptables command which
mostly works like -D; it can detect and indicate the existence of the
specified rule by modifying the exit code. The new operation
TC_CHECK_ENTRY uses the same code as the -D operation, whose functions
got a dry-run parameter appended.
Signed-off-by: Stefan Tomanek <stefan.tomanek at wertarbyte.de>
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 9cc4f24e72f87ca191c2e723e7cd293f6477481c
Author: Stefan Tomanek <stefan.tomanek at wertarbyte.de>
Date: Mon Mar 7 18:30:27 2011 +0100
ip(6)tables-multi: unify subcommand handling
I found the subcommand handling and naming done by iptables-multi and
ip6tables-multi very confusing and complicated; this patch
reorganizes the subcommands in a single table, allowing both variants
of them to be used (iptables/main) and also prints a list of the
allowed commands if an unknown command is entered by the user.
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit f96cb8094ceffb9ffe8e94b4ee6800aa581dd021
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Tue Mar 1 12:51:21 2011 +0100
doc: add VERSION section to manpages
This shall make it easier to identify outdated HTML renditions on the
interwebs, since many of them do not display the .TH header like man(1)
does.
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit ee52e00adfb10250e1828b94e43d9482bb201827
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Tue Mar 1 02:45:34 2011 +0100
iptables: fix an inversion
Revisiting the original condition (viewable in git log -1 -p
v1.4.10-57-gacef604), one can notice an unforuntate inversion. This
commit corrects this.
Testcase: -A INPUT -p tcp --dport 1
Reported-by: Florian Westphal
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 2ad8dc895ec28a173c629c695c2e11c41b625b6e
Author: Wes Campaigne <westacular at gmail.com>
Date: Mon Feb 21 19:10:10 2011 -0500
xtables: use all IPv6 addresses resolved from a hostname
Fixes a long-standing issue where host_to_ip6addr would only ever
examine/return the first item of the address chain returned by
getaddrinfo, instead of traversing the chain and copying each of them.
This has always been how host_to_ip6addr behaves, and all of the other
related IPv6 code is already written to handle multiple possible
addresses.
[Style fixups. Removal of redundant i<*naddrs check. -j.eng]
Signed-off-by: Wes Campaigne <westacular at gmail.com>
commit adcb28101d53c2a7f372de256b1af50804fee899
Author: Wes Campaigne <westacular at gmail.com>
Date: Mon Feb 21 19:10:12 2011 -0500
xtables: fix the broken detection/removal of redundant addresses
[To observe this issue, populate a hostname (DNS or local db)
with multiple adresses across multiple subnets (cf. prefixlen
below)
# e.g. /etc/hosts
127.0.0.2 lo-x
127.0.0.3 lo-x
127.0.1.4 lo-x
127.0.1.5 lo-x
127.0.2.6 lo-x
Then invoke xtables_ipparse_any by e.g. `-m conntrack
--ctorigsrc lo-x/24`. -j.eng]
This same block of code, apparently to detect if addresses are
identical after applying the mask, and to skip the duplicates and the
ones made redundant by the mask, has been present and unchanged from
as far back as I could find (circa iptables 1.2).
By inspection, it was wrong, and always has been: once the code finds
a duplicate, it will drop the rest of the array one by one as it
re-detects the same duplicate over and over. When the addresses came
from a single hostname lookup, and their order was random, then this
created unpredictable behaviour by iptables, which seem to ignore some
of those addresses at random times.
I suspect the original idea also involved a swap between the duplicate
and the address from the (current) end of the array, but a line of
code to do that seems to have never existed. I have finally added it.
(Well, as much as is needed: there does not need to be a full swap,
because we are just going to ignore the duplicate, pretend the array
is one shorter, and never look at the contents of the end again. So,
we can get away with just copying from the end.)
[Reword comment about shuffle: replace by mentioning tail copy to
replace dup. -j.eng]
Signed-off-by: Wes Campaigne <westacular at gmail.com>
commit 11e250ba02349cb1e34058673db3d0b54eb56c44
Author: Wes Campaigne <westacular at gmail.com>
Date: Mon Feb 21 19:10:11 2011 -0500
xtables: fix excessive memory allocation in host_to_ipaddr
host_to_ipaddr was unnecessarily asking for an array of length n^2 to
store just n addresses.
Signed-off-by: Wes Campaigne <westacular at gmail.com>
commit 64230aa45c5ad8505d81812d19bd2ee9a37e3467
Author: Wes Campaigne <westacular at gmail.com>
Date: Mon Feb 21 19:10:10 2011 -0500
libxtables: avoid confusing use of ai_protocol=IPPROTO_IPV6
[Split hunk from Wes's submission. Added commit message. -j.eng]
ai_protocol normally specifies the L4 protocol one wants to
specifically inquire about when a service (2nd parameter to
getaddrinfo) is specified. Such a service lookup would potentially
yield nothing, because there just is not any "mytunnel 2222/ipv6" in
/etc/services, since IPPROTO_IPV6 itself is not a protocol with a
concept of (port-based) services to begin with.
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 4b110b426df7bf486a3e7884c56ebb3487023601
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Mon Feb 21 03:21:18 2011 +0100
libxtables: fix memory scribble beyond end of array
When using -s "", the "n" variable in the code remains uninitialized
and usually scribbes beyond the end of the array.
Furthermore, "n" is just as big as entries in the last host lookup.
When specifying more than one item to -s, e.g. "-s host,host", "n" is
less than "count", and we are not masking the addresses at all
(leaving them at addr/32 resp. addr/128).
The issue goes back to the initial code from v1.4.5~21.
References: http://bugs.debian.org/611990
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 2d039bcf8421c992fb74849facc2d7205960f68e
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Mon Feb 21 02:59:50 2011 +0100
doc: rateest options can be optional
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 8a5270b14908b3173de080a958e50e21e2f046de
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Sun Feb 20 20:30:56 2011 +0100
libxt_quota: require --quota to be specified
It is pretty pointless to use -m quota without specifying --quota.
There would be nothing left to count down on.
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 37f6d57c4e030a459ccafafd8a574e327315e148
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Sun Feb 20 17:15:14 2011 +0100
doc: fix odd partial sentence in libipt_TTL
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 887f58666af9ccde7051169aa9d6160d7e09ec46
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Sun Feb 20 17:13:03 2011 +0100
doc: mention other possible nf_loggers for TRACE
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 094f104af71ca859c7c44406baed401659ad9421
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Sat Feb 19 20:00:06 2011 +0100
libipt_ECN: set proper option flags
When specifying --ecn-tcp-remove, *flags will be wrongly set to denote
that --ecn-ip-ect had been specified.
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 4e5d4bff933d77158d9d32b4f87c5842decf670e
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Sat Feb 19 19:37:53 2011 +0100
extensions: add missing checks for specific flags
With "!flags", any option will be accepted. The extensions however
want one very specific option to be used (or wrong help text).
Commits: DNAT: v1.3.8~23, osf: v1.4.6~3
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit b9210cfd9da3d57610be4e86ef45c48dd1b65edf
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Sat Feb 19 15:29:21 2011 +0100
libip6t_hbh: remove unimplemented --hbh-not-strict
Same as with ip6t_dst.
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 7a1043bcb6ac6315c991cf02c9a12568398fc837
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Fri Feb 18 01:48:33 2011 +0100
libip6t_dst: remove unimplemented --dst-not-strict
This was never ever implemented in the kernel, so just remove it.
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 86786bf3a5e875232ae63d9f9b3dbb542ac2e392
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Fri Feb 18 02:29:14 2011 +0100
Remove unused CVS expanded keywords
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit e88a7c2c7175742b58b6aa03f2b5aba2d80330a1
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Fri Feb 18 02:00:33 2011 +0100
extensions: remove redundant init functions
The main program already zeroes the per-extension data block.
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 12a18d6043092bd2574b2bced635259b16317e57
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Fri Feb 18 01:45:05 2011 +0100
doc: fix misspelling of "field"
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit c2efcd321271e6658d9cad87eff0a09d16f2766e
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Thu Feb 17 14:56:05 2011 +0100
doc: fix wrong sentence about negation in xt_limit
This is an update to commit v1.4.7~6.
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 87dc7c4c842deb1e2e3d38089ffcad9f238d98de
Author: Max Kellerman <max at duempel.org>
Date: Thu Feb 17 11:57:19 2011 +0100
xtables: use strspn() to check if string needs to be quoted
Problem: the call xtables_save_string("'") prints just a single quote,
not enclosed in double quoted and not escaped.
Steps to reproduce:
$ iptables -A foo -m comment --comment "'" -j ACCEPT
$ iptables-multi save|grep foo
-A foo -m comment --comment ' -j ACCEPT
The cause was the use of strcspn() to locate the first character which
justified quoting the string in double quotes. That however was
wrong, because the way strcspn() was called, it returned a pointer to
the first character that was not to be escaped, which did the right
thing most of the time, but not for strings consisting only of quote
characters. This patch changes strcspn() to strspn().
Signed-off-by: Patrick McHardy <kaber at trash.net>
commit e1df221d7a1b3df0224d94865ec05ba336995608
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Tue Feb 15 12:02:51 2011 +0100
extensions: fix indent of vtable
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit c0f6d17764e9bc1724cedd78b880a80446363146
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Wed Feb 16 02:42:21 2011 +0100
libxt_devgroup: option whitespace update following v1.4.10-49-g7386635
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit aa66aeda34bea5a8d05717899a229e57aa3237d5
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Wed Feb 16 02:41:22 2011 +0100
ip6tables: spacing fixes for -o argument
For aesthetic consistency, put a space after -o.
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit af3d73ec867debb5e38c6c6fde66f05093714fec
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Fri Feb 11 01:45:26 2011 +0100
iptables: fix segfault target option parsing
With v1.4.10-58-g94e247b, target option parsing started to happen in the
wrong case.
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 7ada0bb7aafd94ef7c9c076e8be50c80bc549a4f
Merge: e76ec99b48745b0e3c8aecbc91ed5bba186cf25f 58b491f8cb5b4a0315037d0e1f61f8162a556e8a
Author: Patrick McHardy <kaber at trash.net>
Date: Wed Feb 9 08:13:23 2011 +0100
Merge branch 'master' of git://dev.medozas.de/iptables
commit 58b491f8cb5b4a0315037d0e1f61f8162a556e8a
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Mon Feb 7 03:45:26 2011 +0100
iptables: fix error message for unknown options
-From: iptables v1.4.10: option "-q" requires an argument
+To: iptables v1.4.10: unknown option "-q"
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 17e310b2610448605567644f667c79f41d76f51e
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Mon Feb 7 03:42:47 2011 +0100
src: move match option handling from do_command6 into its own functions
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 9bb76094b26d22c7a85d98a075640f054b7910f4
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Mon Feb 7 03:39:36 2011 +0100
src: move jump option handling from do_command6 into its own function
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 94e247b80a0c28140056ee07ea24e54ca5dbebaf
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Mon Feb 7 03:20:02 2011 +0100
src: unclutter command_default function
(Essentially, 5 levels of indentation have been stripped compared to the
original layout, and this is surely a result that looks a lot better
than it did before.)
Things to note:
1. If the m->parse call succeeded, we can return from the function and
do not need to go through the other code. As such, "m" is guaranteed to
be useless at the end of the match loop, and so, conditions can be
removed.
2. Since the per-extension parse function only ever get their own option
codes (since v1.4.10-26-gd09b6d5), their return value no longer has a
meaning and can be ignored.
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit acef6043f647806096c41294b00472f6ce7462d7
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Mon Feb 7 03:18:53 2011 +0100
src: deduplicate and simplify implicit protocol extension loading
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit f4b6e5290e869fccb87c03da5603a38b7e55abc5
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Mon Feb 7 03:16:14 2011 +0100
src: put shared option flags into xshared
This will be needed for the find_proto function.
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit f1e71016dddb65709afe0746a96a3fefbec3ba27
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Mon Feb 7 03:13:43 2011 +0100
src: move OPT_FRAGMENT to the end so the list can be shared
commit f6992cbb211a42f776333fe65dfad49f17455a3f
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Mon Feb 7 03:05:49 2011 +0100
src: deduplicate find_proto function
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 7a548b32d9ad8d6e4a8398573d4fa8c4e4a1f9e0
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Mon Feb 7 00:00:42 2011 +0100
src: share iptables_command_state across the two programs
struct iptables_command_state and quite a bit of the code looks worthy
of deduplication.
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit f935ae05040d2d790433abee49ef79f4a8ed393c
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Sun Feb 6 17:14:48 2011 +0100
src: move large default: block from do_command6 into its own function
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 3a9d8b0bcaeeb7f260c881fbaaea62f705d0d47e
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Sun Feb 6 15:52:11 2011 +0100
src: collect do_command variables in a struct
This will make it easier to put the code for the cases into separate
functions.
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit e76ec99b48745b0e3c8aecbc91ed5bba186cf25f
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date: Sun Feb 6 21:34:33 2011 +0100
libxt_cluster: fix inversion in the cluster match
In libxt_cluster.c, we use:
info->flags |= (1 << XT_CLUSTER_F_INV);
but we should use instead:
info->flags |= XT_CLUSTER_F_INV;
since the definition of XT_CLUSTER_F_INV is:
enum xt_cluster_flags {
XT_CLUSTER_F_INV = (1 << 0)
};
This fixes the inversion in the cluster match.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
commit 9ee2a9fe2f74b616da34878104bd1ff406534ad1
Author: Patrick McHardy <kaber at trash.net>
Date: Thu Feb 3 06:10:41 2011 +0100
extensions: add extension for devgroup match
Signed-off-by: Patrick McHardy <kaber at trash.net>
commit 73866357e4a7a0fdc1b293bf8863fee2bd56da9e
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Sat Dec 18 02:04:59 2010 +0100
iptables: do not print trailing whitespaces
Due to the use of printf("foobar "), iptables emits spaces at the
end-of-line, which looks odd to some users because it causes the
terminal to wrap even if there is seemingly nothing to print.
It may also have other points of annoyance, such as mailers
interpreting a trailing space as an indicator that the paragraph
continues when format=flowed is also on.
And git highlights trailing spaces in red, so let's avoid :)
Preexisting inconsistencies in outputting spaces in the right
spot are also addressed right away.
References: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=429579
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit bb8be30857edd501e701c2f22db6c59bd6839c87
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Mon Jan 31 02:41:23 2011 +0100
iptables: remove more redundant casts
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 00696591b1f2582cb0c5a8c1887c2f24b6aafedd
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Mon Jan 31 02:39:46 2011 +0100
iptables: remove bogus address-of
Casts are bad. &curtable is actually of type char (*)[], which is
quite different from what add_argv expects.
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 6a0448eecdee4c6a19303b75c1707915a80cbfbb
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Mon Jan 31 02:34:49 2011 +0100
iptables: warn when parameter limit is exceeded
While testing many match extensions in a single rule, I ran into this
error not warned about. Arguments were just ignored, causing
surprising "Need to specify an argument to --whatever" when the
argument was in fact given on the command line.
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit df288236cd254798be3759fef4cbc3e535f5a1c3
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Mon Jan 31 02:33:43 2011 +0100
xtables: set custom opts to NULL on free
When inside ip6tables-restore, xtables_free_opts can be called
multiple times, especially when trying to exit with an error message
from outside do_command. So set it to NULL so that we do not attempt
to free a dangling pointer.
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 298d70e8564f03c844435123bf36e84419c2f65a
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Mon Jan 31 01:43:20 2011 +0100
libxt_u32: enclose argument in quotes
Otherwise ip6tables-save piped to ip6tables-restore can cause a parse
error when the expression list is empty.
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 927385017047dce3f01c0aee73ab2989b108bbf0
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Sun Jan 30 14:18:17 2011 +0100
iptables: improve error reporting with extension loading troubles
ip6tables v1.4.8: Could not load match "osf":
/usr/lib/xtables/libip6t_osf.so: cannot open shared object file: No
such file or directory
Given that libxt_osf.so exists, a better error is now emitted.
References: http://bugzilla.netfilter.org/show_bug.cgi?id=637
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit fbd47262d2417c17f1c57896dea8a0c55fb6c770
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Tue Jan 25 18:31:16 2011 +0100
libxt_quota: clarifications on matching
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 6f03bf79952753fbc0dc8611aa4d6e70a108dbc7
Author: Jozsef Kadlecsik <kadlec at blackhole.kfki.hu>
Date: Fri Jan 21 21:55:05 2011 +0100
Fix listing/saving the new revision of the SET target
Instead of the dimension of the set, the max dimension was used at
listing/saving the src,dst parameters, which produced broken output.
commit f46f8c1c5b6d9f5685b9d945e95647eaf6c2d35b
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Thu Jan 20 14:14:46 2011 +0100
libxt_connlimit: remove duplicate member that caused size change
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit c8f28cc8b84133f20421470e9a61a5a0c78b9c4a
Author: Patrick McHardy <kaber at trash.net>
Date: Thu Jan 20 11:45:12 2011 +0100
extensions: libxt_conntrack: add support for specifying port ranges
Add support for revision 3 of the conntrack match, which allows to
specify port ranges for origsrc/origdst/replsrc/repldst.
Signed-off-by: Patrick McHardy <kaber at trash.net>
commit 6924b4987d88fbe383bec4da4cf331cc466c245e
Author: Florian Westphal <fw at strlen.de>
Date: Thu Jan 20 11:27:42 2011 +0100
extensions: libxt_NFQUEUE: add v2 revision with --queue-bypass option
--queue-bypass: if no userpace program is listening on the queue, then
allow packets to continue through the ruleset instead of dropping them.
Signed-off-by: Florian Westphal <fw at strlen.de>
Signed-off-by: Patrick McHardy <kaber at trash.net>
commit 773438bd93851dc1a9129a638925c04868820297
Author: Thomas Graf <tgraf at redhat.com>
Date: Thu Jan 20 11:24:13 2011 +0100
libxt_AUDIT: add AUDIT target
libxt module for the AUDIT target.
-j AUDIT --type (accept|reject|drop)
Signed-off-by: Thomas Graf <tgraf at redhat.com>
Signed-off-by: Patrick McHardy <kaber at trash.net>
commit 5da9e63f66ca190cb90193ebb9eebf5aa523b4d1
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Wed Jan 19 02:09:39 2011 +0100
libxt_connlimit: support for dstaddr-supporting revision 1
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 2cae5334de3a817947742e0b466355e5f5566474
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Tue Jan 18 18:04:57 2011 +0100
libxt_connlimit: add a --connlimit-upto option
Direct specifications like "upto" are easier to grasp than "not
above". This patch adds such an upto variant similar to what
libxt_hashlimit already has.
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 8d5e773508b154dcfa8d866f68f64ef1ad773957
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Tue Jan 18 17:17:00 2011 +0100
libxt_connlimit: reword help text to say prefix length
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 9c60365e043a430f74115bbfaf58ce0df7585f49
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Tue Jan 18 11:02:04 2011 +0100
libxt_quota: print negation when it has been selected
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 281439ba6b96b729ef1400a49ec53eda298bb9f8
Author: Li Yewang <lyw at cn.fujitsu.com>
Date: Sun Jan 9 22:26:58 2011 +0100
xtables: fix typo in error message of xtables_register_match()
Signed-off-by: Li Yewang <lyw at cn.fujitsu.com>
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
commit 8ad33a34a34ba2bcd360352ad3b7772916832702
Author: Florian Westphal <fwestphal at astaro.com>
Date: Sun Jan 9 22:00:31 2011 +0100
libxt_time: fix random --datestart skips
Frank Lichtenheld points out that -m time --datestart ...
sometimes messes up --datestart:
$ iptables -A INPUT -m time --datestart 2010-11-24T16:50:00 -j ACCEPT
$ iptables-save | grep 11
-A INPUT -m time --datestart 2010-11-24T16:50:00 -j ACCEPT
$ iptables-save | iptables-restore
$ iptables-save | grep 11
-A INPUT -m time --datestart 2010-11-24T15:50:00 -j ACCEPT
--datestart moved by one hour.
As the --timestart option does not care about DST, always set
dst=0 when parsing --starttime input.
Reported-by: Frank Lichtenheld <flichtenheld at astaro.com>
Signed-off-by: Florian Westphal <fwestphal at astaro.com>
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
commit 63ef52ac6bf8d555779456166009bd2f6b0a1081
Author: Stephen Beahm <stephenbeahm at comcast.net>
Date: Thu Dec 9 06:15:50 2010 -0500
libipt_REDIRECT: avoid dereference of uninitialized pointer
When using --to-ports with a port name instead of a numerical
specification, a segfault occurs.
References: http://bugzilla.netfilter.org/show_bug.cgi?id=691
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit dfbedfedf610210c4ee3f00e9c4f9ea24c4ffe23
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Sat Jan 8 03:31:04 2011 +0100
libxtables: do some option structure checking
libxt_recent's use of numeric values >200 always looked worrisome. Now
here is a validation routine for such.
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit e814c8b894e5b8d1570c18aec2c67dfb0c0a59c0
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Sat Jan 8 03:16:51 2011 +0100
libipt_CLUSTERIP: const annotations
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit da580fe55ebf234febf4a8880f53a80870e9088f
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Sat Jan 8 03:16:14 2011 +0100
libxt_sctp: fix a typo
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit d09b6d591ca7d7d7575cb6aa20384c9830f777ab
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Sat Jan 8 03:02:37 2011 +0100
extensions: remove no longer necessary default: cases
Match and target parse functions now only get option characters they
have defined themselves.
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit fa503ad59f73d20d85f4cdf53324a01d2ad8591e
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Sat Jan 8 02:47:02 2011 +0100
ip[6]tables: only call target's parse function when option char is in range
Same as previous commit. Doing this actually allows to remove code
that is no longer needed.
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 1e128bd804b676ee91beca48312de9b251845d09
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Sat Jan 8 02:25:28 2011 +0100
ip[6]tables: only call match's parse function when option char is in range
Normally, extensions use a "default:" case in switch(c) to just return
if they do not handle c. Apparently, libip6t_hl does that too late and
checks for hl-specific parsing state before it has established that c
refers to one of its own options.
Also affected: libipt_ttl, libxt_ipvs, libxt_policy, libxt_statistic.
One way to fix this is to move the flags checks into case '2', '3',
'4'. Doing this replication feels bad, so as an alternative, let's
just free extensions from having to deal with other extension's
options passing thru.
References: http://marc.info/?l=netfilter-devel&m=129444759532377&w=2
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 1dc27393b7ba401e6228a5ee2472a6eb72836c43
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Sat Jan 8 02:10:52 2011 +0100
xtables: reorder num_old substraction for clarity
When going over this again, I noticed we happen to malloc too much.
That is no problem, but I felt moving the num_old adjustment upwards
makes things more clear, and also addresses the allocation.
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 5b1fecc7d017df093db7c667bcd1718e45b1df67
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Fri Jan 7 12:26:59 2011 +0100
iptables: abort on empty interface specification
Fiedler Roman brings to attention that if, in a faulty script,
"$some_variable" expands to an empty string, iptables should probably
catch this most likely undesired invocation. If no/all interfaces were
really desired, one can either omit -i completely, or use -i +.
References: http://marc.info/?l=netfilter&m=129439862903487&w=2
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 7ac405297ec38449b30e3b05fd6bf2082fd3d803
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Fri Jan 7 12:34:04 2011 +0100
src: use C99/POSIX types
"u_int" was a non-standardized extension predating C99 on some platforms.
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 4a1d810bb52aa5d5c450f7adcde5145d40261b54
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Sun Dec 26 10:31:03 2010 +0100
xt_comment: remove redundant cast
commit d1435e0772e40c310dff35abe7bf1e7de5b18ee4
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Sat Dec 18 01:40:04 2010 +0100
src: const annotations
Also one int -> uint here on the way through.
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit f6d6449c88812634e663cef4e09db7b691af3eb5
Author: Rob Leslie <rob at mars.org>
Date: Tue Sep 28 00:43:00 2010 -0700
iptables-restore: resolve confusing policy error message
When iptables-restore (and ip6tables-restore) is unable to set a
chain's policy, it responds with a confusing message, e.g.:
iptables-restore v1.4.9: Can't set policy "PREROUTING" on "ACCEPT"
line 16: Bad built-in chain name
This is due to the chain and policy arguments being used in the wrong
order. The attached patch corrects this problem.
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 3a84b3d5de492e40aff7bae5038b06dd6b6041c4
Merge: 2f09f1b39ced2ae7109382dcf066785bab4a966a a3f101331deb9314caa0cfa1061c925865e79380
Author: Patrick McHardy <kaber at trash.net>
Date: Wed Dec 15 23:36:19 2010 +0100
Merge branch 'master' of git://dev.medozas.de/iptables
commit a3f101331deb9314caa0cfa1061c925865e79380
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Sat Dec 11 03:35:48 2010 +0100
build: stop on error in subcommand
make only evaluates $? of an entire shell invocation. As such, if any
command in the chain can fail, $? needs to be thrown, and early so.
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit da41ea1688f03f8869b9c50e878ae505988ead9a
Merge: f3578faae096f191a44742777275a23b566d7566 8d89535b38e719f644d858e83f73bee9adf5b1a0
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Mon Dec 6 13:44:03 2010 +0100
Merge commit 'v1.4.10'
commit f3578faae096f191a44742777275a23b566d7566
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Mon Dec 6 13:32:58 2010 +0100
libxt_owner: output numeric IDs when save is requested
References: http://bugzilla.netfilter.org/show_bug.cgi?id=683
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit d4105ad56335058af4b0b1be1278e01f5c0bd4ac
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Sat Dec 4 02:53:20 2010 +0100
build: fix globbing of extensions in other locales
In the fi_FI locale, [a-z] would not include 'w', for example. Rectify
this by using [[:alnum:]] (to counter against different ordering) and
forcing the POSIX locale (so that the alphabet has at least the 26
base characters).
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 4d2a77ff8cb4115925477cd5ce0ea972494107ab
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Fri Dec 3 22:55:34 2010 +0100
socket: add support for revision 1
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 9e152fa9f1283ce4f4274cf251b2b2e69bbdfee6
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Fri Dec 3 22:08:32 2010 +0100
TPROXY: add support for revision 1
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit b4af04be14560b3fcc6cf23200148d408014a2f5
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Fri Dec 3 20:15:35 2010 +0100
include: update files with headers from Linux 2.6.37-rc1
Also includes the type change to __u{8,16,32} kernel types already.
commit 2d68ae7ce6e40e3977ee11a57296cf76801ae320
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Sun Nov 28 15:42:00 2010 +0100
iptables: do not emit orig_opts twice
This just happened to cross my eye; there was no error, but fixing
this up saves a pitfall, and some memory.
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit d3b2e391e3b944581e20e216af76339cc87d0590
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Sun Nov 28 15:35:06 2010 +0100
iptables: reset options at the start of each command
For each new command, iptables is supposed to start afresh with a
blank option set (opts) that only contains the program-specific
options (orig_opts), without any extension options. We failed to
restore this pointer (in function do_command) after the previous free
call in xtables_free_opts.
Reported-by: Florian Westphal <fw at strlen.de>
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 2f09f1b39ced2ae7109382dcf066785bab4a966a
Author: Florian Westphal <fwestphal at astaro.com>
Date: Wed Nov 17 15:54:18 2010 +0100
libxt_conntrack: fix --ctdir save/dump output format
$ iptables-save | iptables-restore
iptables-restore v1.4.6: conntrack: Bad value for "--ctdir" option: "ORIGINAL-j"
Signed-off-by: Florian Westphal <fwestphal at astaro.com>
Signed-off-by: Patrick McHardy <kaber at trash.net>
commit a905ea5c97149da9d76cd278b0447e3316087a45
Merge: 710a132ce9fbecedbf9447f2b2a134f2359a583c 59e8114c6792242e80785f4461d5e663fb9a3d64
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Mon Nov 15 14:39:50 2010 +0100
Merge branch 'master' of git://dev.medozas.de/iptables into m2
commit 710a132ce9fbecedbf9447f2b2a134f2359a583c
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Mon Nov 15 14:39:35 2010 +0100
Revert "Revert "libxtables: change option precedence order to be intuitive""
This reverts commit e84f131b5f992577119bd3679241f69ec394e0a7.
Solution follows.
commit 59e8114c6792242e80785f4461d5e663fb9a3d64
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Mon Nov 15 13:19:48 2010 +0100
iptables: fix longopt reecognition and workaround getopt(3) behavior
* On the first call to getopt, opts was NULL, so long options would
not be recognized until a match/target was loaded.
Whacky getopt behavior:
* If the longopts parameter is NULL, getopt fails to recognize unknown
options, such that `iptables-multi main --append` will print a garbage
help message ("main needs an argument").
* If the longopts parameter is NULL on the first call, but not on
subsequent calls, it completely screws up option parsing, taking
the --dport in `iptables-multi main -A INPUT -p tcp --dport 1000`
as --destination instead, but not accepting "--destination 1.2.3.4"
either.
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit e84f131b5f992577119bd3679241f69ec394e0a7
Author: Patrick McHardy <kaber at trash.net>
Date: Mon Nov 15 11:39:55 2010 +0100
Revert "libxtables: change option precedence order to be intuitive"
This reverts commit 600f38db82548a683775fd89b6e136673e924097.
The commit breaks option parsing:
iptables v1.4.9: host/network `port' not found
Try `iptables -h' or 'iptables --help' for more information.
Signed-off-by: Patrick McHardy <kaber at trash.net>
commit 648fd1ad68ae2ec675ac07efee80783912535404
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Tue Nov 2 09:10:34 2010 +0100
libxt_TOS: avoid an undesired overflowing computation
The @bits parameter was wrongly labeled and should have been @max
already. This makes the - overflowing - 1<<bits redundant of course.
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 8d89535b38e719f644d858e83f73bee9adf5b1a0
Author: Patrick McHardy <kaber at trash.net>
Date: Fri Oct 29 16:37:22 2010 +0200
Bump version to 1.4.10
Signed-off-by: Patrick McHardy <kaber at trash.net>
-----------------------------------------------------------------------
Summary of changes:
.gitignore | 17 +-
COPYING | 42 +-
Makefile.am | 77 +--
configure.ac | 26 +-
extensions/GNUmakefile.in | 76 +-
extensions/libip6t_HL.c | 133 +--
extensions/libip6t_LOG.c | 231 ++---
extensions/libip6t_REJECT.c | 55 +-
extensions/libip6t_ah.c | 158 +--
extensions/libip6t_dst.c | 115 +--
extensions/libip6t_frag.c | 201 +---
extensions/libip6t_hbh.c | 113 +--
extensions/libip6t_hl.c | 112 +--
extensions/libip6t_icmp6.c | 89 +-
extensions/libip6t_ipv6header.c | 130 +--
extensions/libip6t_mh.c | 69 +-
extensions/libip6t_rt.c | 227 ++---
extensions/libipt_CLUSTERIP.c | 171 +--
extensions/libipt_DNAT.c | 111 +-
extensions/libipt_DNAT.man | 2 +-
extensions/libipt_ECN.c | 119 +--
extensions/libipt_LOG.c | 230 ++---
extensions/libipt_MASQUERADE.c | 60 +-
extensions/libipt_MASQUERADE.man | 2 +-
extensions/libipt_NETMAP.c | 114 +--
extensions/libipt_REDIRECT.c | 75 +-
extensions/libipt_REJECT.c | 64 +-
extensions/libipt_SAME.c | 123 +--
extensions/libipt_SNAT.c | 111 +-
extensions/libipt_SNAT.man | 4 +-
extensions/libipt_TTL.c | 134 +--
extensions/libipt_TTL.man | 6 +-
extensions/libipt_ULOG.c | 151 +--
extensions/libipt_addrtype.c | 208 ++---
extensions/libipt_ah.c | 116 +--
extensions/libipt_ecn.c | 130 +--
extensions/libipt_icmp.c | 85 +-
extensions/libipt_realm.c | 219 +---
extensions/libipt_ttl.c | 136 +--
extensions/libxt_AUDIT.c | 101 ++
extensions/libxt_AUDIT.man | 14 +
extensions/libxt_CHECKSUM.c | 54 +-
extensions/libxt_CLASSIFY.c | 64 +-
extensions/libxt_CONNMARK.c | 328 +++----
extensions/libxt_CONNSECMARK.c | 68 +-
extensions/libxt_CONNSECMARK.man | 7 +-
extensions/libxt_CT.c | 91 +-
extensions/libxt_DSCP.c | 98 +--
extensions/libxt_IDLETIMER.c | 81 +--
extensions/libxt_LED.c | 104 +-
extensions/libxt_MARK.c | 241 ++---
extensions/libxt_NFLOG.c | 109 +--
extensions/libxt_NFQUEUE.c | 193 ++--
extensions/libxt_NFQUEUE.man | 9 +-
extensions/libxt_RATEEST.c | 23 +-
extensions/libxt_SECMARK.c | 62 +-
extensions/libxt_SECMARK.man | 7 +-
extensions/libxt_SET.c | 221 +++-
extensions/libxt_SET.man | 8 +
extensions/libxt_TCPMSS.c | 107 +--
extensions/libxt_TCPMSS.man | 14 +-
extensions/libxt_TCPOPTSTRIP.c | 61 +-
extensions/libxt_TEE.c | 123 +--
extensions/libxt_TOS.c | 164 ++--
extensions/libxt_TPROXY.c | 243 +++--
extensions/libxt_TRACE.man | 8 +-
extensions/libxt_cluster.c | 209 +---
extensions/libxt_comment.c | 70 +-
extensions/libxt_connbytes.c | 141 +--
extensions/libxt_connlimit.c | 249 +++--
extensions/libxt_connlimit.man | 26 +-
extensions/libxt_connmark.c | 119 +--
extensions/libxt_conntrack.c | 947 +++++++----------
extensions/libxt_conntrack.man | 9 +-
extensions/libxt_cpu.c | 72 +-
extensions/libxt_dccp.c | 186 +---
extensions/libxt_devgroup.c | 180 +++
extensions/libxt_dscp.c | 101 +--
extensions/libxt_esp.c | 125 +--
extensions/libxt_hashlimit.c | 508 +++------
extensions/libxt_hashlimit.man | 26 +-
extensions/libxt_helper.c | 61 +-
extensions/libxt_iprange.c | 227 ++---
extensions/libxt_ipvs.c | 259 ++---
extensions/libxt_length.c | 109 +--
extensions/libxt_limit.c | 76 +-
extensions/libxt_limit.man | 7 +-
extensions/libxt_mac.c | 94 +--
extensions/libxt_mark.c | 120 +--
extensions/libxt_multiport.c | 238 ++---
extensions/libxt_osf.c | 103 +--
extensions/libxt_owner.c | 378 +++----
extensions/libxt_physdev.c | 139 +--
extensions/libxt_pkttype.c | 63 +-
extensions/libxt_policy.c | 348 ++----
extensions/libxt_policy.man | 7 +-
extensions/libxt_quota.c | 68 +-
extensions/libxt_quota.man | 4 +-
extensions/libxt_rateest.c | 75 +-
extensions/libxt_rateest.man | 75 +-
extensions/libxt_recent.c | 253 ++---
extensions/libxt_sctp.c | 65 +-
extensions/libxt_set.c | 68 +-
extensions/libxt_set.h | 7 +-
extensions/libxt_socket.c | 77 ++-
extensions/libxt_socket.man | 3 +
extensions/libxt_state.c | 58 +-
extensions/libxt_statistic.c | 166 ++--
extensions/libxt_statistic.man | 11 +-
extensions/libxt_string.c | 172 ++--
extensions/libxt_tcp.c | 57 +-
extensions/libxt_tcpmss.c | 106 +--
extensions/libxt_time.c | 218 ++---
extensions/libxt_time.man | 45 +-
extensions/libxt_tos.c | 108 +--
extensions/libxt_u32.c | 54 +-
extensions/libxt_udp.c | 127 +--
extensions/tos_values.c | 59 +-
include/ip6tables.h | 8 +-
include/iptables.h | 10 +-
include/libiptc/libip6tc.h | 11 +-
include/libiptc/libiptc.h | 15 +-
include/linux/netfilter/xt_AUDIT.h | 30 +
include/linux/netfilter/xt_CHECKSUM.h | 8 +-
include/linux/netfilter/xt_CT.h | 10 +-
include/linux/netfilter/xt_IDLETIMER.h | 2 +-
include/linux/netfilter/xt_NFQUEUE.h | 6 +
include/linux/netfilter/xt_SECMARK.h | 12 +-
include/linux/netfilter/xt_TCPOPTSTRIP.h | 2 +-
include/linux/netfilter/xt_TPROXY.h | 17 +-
include/linux/netfilter/xt_cluster.h | 8 +-
include/linux/netfilter/xt_comment.h | 2 +-
include/linux/netfilter/xt_connlimit.h | 14 +-
include/linux/netfilter/xt_conntrack.h | 15 +
include/linux/netfilter/xt_devgroup.h | 21 +
include/linux/netfilter/xt_ipvs.h | 2 +
include/linux/netfilter/xt_physdev.h | 3 +
include/linux/netfilter/xt_policy.h | 11 +
include/linux/netfilter/xt_quota.h | 6 +-
include/linux/netfilter/xt_sctp.h | 4 +-
include/linux/netfilter/xt_set.h | 20 +-
include/linux/netfilter/xt_socket.h | 12 +
include/linux/netfilter/xt_time.h | 14 +-
include/linux/netfilter/xt_u32.h | 16 +-
include/xtables.h.in | 202 ++++-
ip6tables-multi.c | 45 -
iptables-multi.c | 50 -
iptables/.gitignore | 14 +
iptables/Makefile.am | 67 ++
ip6tables-multi.h => iptables/ip6tables-multi.h | 0
.../ip6tables-restore.8 | 0
.../ip6tables-restore.c | 22 +-
ip6tables-save.8 => iptables/ip6tables-save.8 | 0
ip6tables-save.c => iptables/ip6tables-save.c | 5 +-
.../ip6tables-standalone.c | 1 +
ip6tables.8.in => iptables/ip6tables.8.in | 29 +-
ip6tables.c => iptables/ip6tables.c | 714 ++++++-------
iptables-apply => iptables/iptables-apply | 0
iptables-apply.8 => iptables/iptables-apply.8 | 0
iptables-multi.h => iptables/iptables-multi.h | 1 -
iptables-restore.8 => iptables/iptables-restore.8 | 0
iptables-restore.c => iptables/iptables-restore.c | 26 +-
iptables-save.8 => iptables/iptables-save.8 | 0
iptables-save.c => iptables/iptables-save.c | 5 +-
.../iptables-standalone.c | 3 +-
iptables-xml.8 => iptables/iptables-xml.1 | 0
iptables-xml.c => iptables/iptables-xml.c | 13 +-
iptables.8.in => iptables/iptables.8.in | 28 +-
iptables.c => iptables/iptables.c | 748 ++++++-------
iptables.xslt => iptables/iptables.xslt | 0
iptables/xshared.c | 209 ++++
iptables/xshared.h | 87 ++
iptables/xtables-multi.c | 41 +
iptables/xtables-multi.h | 6 +
xtables.c => iptables/xtables.c | 374 ++++---
xtables.pc.in => iptables/xtables.pc.in | 0
iptables/xtoptions.c | 1155 ++++++++++++++++++++
libipq/Makefile.am | 3 +-
libipq/ipq_create_handle.3 | 2 -
libipq/ipq_errstr.3 | 2 -
libipq/ipq_message_type.3 | 2 -
libipq/ipq_read.3 | 2 -
libipq/ipq_set_mode.3 | 2 -
libipq/ipq_set_verdict.3 | 2 -
libipq/libipq.3 | 2 -
libipq/libipq.c | 4 +-
libiptc/.gitignore | 1 +
libiptc/Makefile.am | 15 +
libiptc/libip4tc.c | 9 +-
libiptc/libip6tc.c | 5 +-
libiptc/libiptc.c | 37 +-
libiptc.pc.in => libiptc/libiptc.pc.in | 0
tests/options-ipv4.rules | 52 +
tests/options-most.rules | 172 +++
utils/Makefile.am | 3 +-
xshared.c | 31 -
xshared.h | 10 -
197 files changed, 8684 insertions(+), 9714 deletions(-)
create mode 100644 extensions/libxt_AUDIT.c
create mode 100644 extensions/libxt_AUDIT.man
create mode 100644 extensions/libxt_devgroup.c
create mode 100644 include/linux/netfilter/xt_AUDIT.h
create mode 100644 include/linux/netfilter/xt_devgroup.h
create mode 100644 include/linux/netfilter/xt_socket.h
delete mode 100644 ip6tables-multi.c
delete mode 100644 iptables-multi.c
create mode 100644 iptables/.gitignore
create mode 100644 iptables/Makefile.am
rename ip6tables-multi.h => iptables/ip6tables-multi.h (100%)
rename ip6tables-restore.8 => iptables/ip6tables-restore.8 (100%)
rename ip6tables-restore.c => iptables/ip6tables-restore.c (96%)
rename ip6tables-save.8 => iptables/ip6tables-save.8 (100%)
rename ip6tables-save.c => iptables/ip6tables-save.c (97%)
rename ip6tables-standalone.c => iptables/ip6tables-standalone.c (99%)
rename ip6tables.8.in => iptables/ip6tables.8.in (93%)
rename ip6tables.c => iptables/ip6tables.c (76%)
rename iptables-apply => iptables/iptables-apply (100%)
rename iptables-apply.8 => iptables/iptables-apply.8 (100%)
rename iptables-multi.h => iptables/iptables-multi.h (83%)
rename iptables-restore.8 => iptables/iptables-restore.8 (100%)
rename iptables-restore.c => iptables/iptables-restore.c (95%)
rename iptables-save.8 => iptables/iptables-save.8 (100%)
rename iptables-save.c => iptables/iptables-save.c (97%)
rename iptables-standalone.c => iptables/iptables-standalone.c (97%)
rename iptables-xml.8 => iptables/iptables-xml.1 (100%)
rename iptables-xml.c => iptables/iptables-xml.c (98%)
rename iptables.8.in => iptables/iptables.8.in (93%)
rename iptables.c => iptables/iptables.c (75%)
rename iptables.xslt => iptables/iptables.xslt (100%)
create mode 100644 iptables/xshared.c
create mode 100644 iptables/xshared.h
create mode 100644 iptables/xtables-multi.c
create mode 100644 iptables/xtables-multi.h
rename xtables.c => iptables/xtables.c (84%)
rename xtables.pc.in => iptables/xtables.pc.in (100%)
create mode 100644 iptables/xtoptions.c
create mode 100644 libiptc/.gitignore
create mode 100644 libiptc/Makefile.am
rename libiptc.pc.in => libiptc/libiptc.pc.in (100%)
create mode 100644 tests/options-ipv4.rules
create mode 100644 tests/options-most.rules
delete mode 100644 xshared.c
delete mode 100644 xshared.h
hooks/post-receive
--
iptables
More information about the netfilter-cvslog
mailing list