Tag 'v1.4.0-rc1' created by Pablo Neira Ayuso <[email protected]> at
2007-10-15 13:49 -0700
iptables 1.4.0-rc1
Changes since v1.3.8:
Dan Nicholson (1):
In <xsl:param name="$node"/>, "$node" is not a valid QName.
Hann-Huei Chiou (1):
Couldn't load/find match `u32'
Jan Engelhardt (24):
PATCH: Add connlimit to iptables.
Make xtables_target->extra_opts const (xtables_match->extra_opts already
is)
Remove the .next=NULL field. This is automatically initialized to zero.
The option struct needs to be terminated, otherwise ip{,6}tables
Makes it possible to omit extra_opts of matches/targets if unnecessary.
Make the option structures const.
Moves libip{,6}t_connlimit to libxt.
Make @msg argument a const char *, just like printf().
Adds u32 to iptables.
Fix u32 warnings
Add the libxt_time iptables match
Remove stray NULLs
Delete empty ->init() functions
Delete empty ->final_check() functions
Delete empty ->print() and ->save() functions
Constify data structures
No ipt in xt
Unique symbols 1/6
Unique names 2/6
Unique names 3/6
Unique names 4/6
Unique names 5/6
Unique symbols 6/6
Remove redundant dst/hbh lines
László Attila Tóth (4):
Build manpages for xtables extensions (Laszlo Attila Toth
<[email protected]>)
Makefile for man pages of xtables extensions (Laszlo Attila Toth
<[email protected]>)
Addrtype match: renaming functions
Unique symbols and no '&' characters
Nicolas Bouliane (1):
libipt_statistic: add a few missing validity checks
Pablo Neira Ayuso (1):
bump version to 1.4.0rc1
Patrick McHardy (24):
Add Jozsef's TRACE target.
Fix "iptables getsockopt failed strangely" when querying revisions for
non-existant matches and targets
Resync ip6t_REJECT.h with kernel - seems the entire time we had an
imcompatible
Build NFLOG target unconditionally
Build quota match unconditionally
Build connbytes match unconditionally
Build statistic match unconditionally
Build string match unconditionally
Build dccp match unconditionally
Build recent match unconditionally
Resync header file and build CLUSTERIP target unconditionally
Build IPv6 REJECT target unconditionally
Resync header file and build IPv6 ah match unconditionally
Resync header files and build IPv6 frag match unconditionally
Build IPv6 mh match unconditionally
Build ipv6header match unconditionally
Build IPv6 rt match unconditionally
Build IPv6 hbh/dst matches unconditionally
Fix strict aliasing warnings
Fix aligned_u64 type on 64 bit: its an unsigned long, not an unsigned
long long.
Remove unsupported connrate extension
Fix sparse warnings: non-ANSI function declarations, 0 used as pointer
Fix more sparse warnings: non-C99 array declaration, incorrect function
prototypes
Fix unused function warning
Patrick McHardyYasuyuki KOZAKAI (2):
Adds missing explanations about FIN in mask part of '--syn' in
libip[6]_tcp.c
Ignore generated files
Peter Riley (1):
Remove last vestiges of NFC (Peter Riley <[email protected]>)
Sam Liddicott (1):
iptables-xml
Sebastian ClaÃen (1):
make print-extensions doesn't show libxt_* extensions
Sven Wegener (1):
Change default KERNEL_DIR location and add KBUILD_OUTPUT (Sven Wegener
<[email protected]>)
Yasuyuki KOZAKAI (63):
Removes some KERNEL_64_USERSPACE_32 because linux 2.6 has compat layer
Removes KERNEL_64_USERSPACE_32
Fixes compile error of connlimit where NO_SHARED_LIBS=1 is specified
Adds missing FIN to mask part generated by '--syn' of libip6t_tcp
Adds xtables.[ch] and change Makefile to compile it
Moves common fw_malloc() and fw_calloc() to xtables.c
Moves ip[6]tables_insmod() to xtables.c as xtables_insmod()
Introduces xtables match/target registration
Moves some duplicated functions in ip[6]tables.c to xtables.c
Moves IPPROTO_* and IP[6]T_LIB_DIR definitions to xtables.h
Replaces ipt_entry_* with xt_entry_* in matches/targets
Replaces ip6t_entry_* with xt_entry_* in matches/targets
Fixes warning on compilation of iptables matches/targets
Fixes warning on compilation of ip6tables matches/targets
Fixes warning on compilation, part 2
Introduces DEST_IPT_LIBDIR to simplify $(DESTDIR)$(LIBDIR)/iptables
Installs libxt_*.so to DEST_IPT_LIBIDR and link libip[6]t_*.so to it.
Moves all declarations in iptables_common.h to xtables.h.
Use unified API in NOTRACK target.
Renames libipt_NOTRACK.c to libxt_NOTRACK.c
Add IPv6 support to NOTRACK
Use unified API in multiport match
Splits ipt_multport into family dependent parts and others
Moves libipt_multiport.c to libxt_multiport.c
Unifies libip[6]t_multiport.c into libipxt_multiport.c
Use unified API in string match
Moves libipt_string.c to libxt_string.c
Add IPv6 support to string match
Use unified API in libipt_mark.c
Unifies libip[6]_mark.c into libxt_mark.c
Unifies libip[6]t_udp.c into libxt_udp.c
Add IPv6 support to tcpmss match
Unifies libip[6]t_tcp.c into libxt_tcp.c.
Unifies libip[6]t_standard.c into libxt_standard.c
Unifies libip[6]t_sctp.c into libxt_sctp.c
Add IPv6 support to quota match
Add IPv6 support to pkttype match
Unifies libip[6]t_physdev.c into libxt_physdev.c
Unifies libip[6]t_mac.c into libxt_mac.c
Unifies libip[6]t_limit.c into libxt_limit.c.
Unifies libip[6]t_length.c into libxt_length.c
Unifies libip[6]t_esp.c into libxt_esp.c
Add IPv6 support to dscp match.
Add IPv6 support to dccp match.
Add IPv6 support to comment match
Unifies libip[6]t_TCPMSS.c into libxt_TCPMSS.c
Unifies libip[6]t_SECMARK.c into libxt_SECMARK.c
Unifies libip[6]t_NFQUEUE.c into libxt_NFQUEUE.c
Changes permissions of test scripts of dccp, string, and quota match
Tries to load libxt_*.so at first.
Add IPv6 support to CONNMARK match
Unifies libip[6]t_CONNSECMARK into libxt_CONNSECMARK
Unifies libip[6]t_MARK into libxt_MARK
Unifies libip[6]t_hashlimit into libxt_hashlimit
Unifies libip[6]t_connmark into libxt_connmark
Unifies libip[6]t_state into libxt_state
Revert commit 6990.
Unifies libip[6]t_TRACE into libxt_TRACE
Add IPv6 support to CLASSIFY target
Add IPv6 support to DSCP target
Add IPv6 support to connbytes match
Add IPv6 support to helper match
Add IPv6 support to statistic match
Yasuyuki KOZAKAIYasuyuki KOZAKAI (2):
Unifies libip[6]t_state into libxt_state
Unifies libip[6]t_NFLOG into libxt_NFLOG
zhangxiliang (1):
Fix dscp match manpage (zhangxiliang <[email protected]>)
---
extensions/.CLUSTERIP-test | 2
extensions/.NFLOG-test | 2
extensions/.NFLOG-test6 | 2
extensions/.REJECT-test6 | 4
extensions/.ah-test6 | 2
extensions/.connbytes-test | 2
extensions/.dccp-test | 3
extensions/.esp-test6 | 2
extensions/.frag-test6 | 2
extensions/.hashlimit-test6 | 3
extensions/.ipv6header-test6 | 2
extensions/.mh-test6 | 2
extensions/.opts-test6 | 2
extensions/.quota-test | 3
extensions/.recent-test | 3
extensions/.rt-test6 | 2
extensions/.sctp-test6 | 3
extensions/.statistic-test | 2
extensions/.string-test | 2
extensions/libip6t_CONNMARK.c | 220 --------
extensions/libip6t_CONNSECMARK.c | 124 ----
extensions/libip6t_MARK.c | 131 ----
extensions/libip6t_NFLOG.c | 161 -----
extensions/libip6t_NFQUEUE.c | 114 ----
extensions/libip6t_SECMARK.c | 125 ----
extensions/libip6t_TCPMSS.c | 134 ----
extensions/libip6t_connmark.c | 151 -----
extensions/libip6t_esp.c | 185 ------
extensions/libip6t_hashlimit.c | 369 -------------
extensions/libip6t_length.c | 152 -----
extensions/libip6t_limit.c | 195 -------
extensions/libip6t_mac.c | 139 -----
extensions/libip6t_mark.c | 142 -----
extensions/libip6t_multiport.c | 458 -----------------
extensions/libip6t_physdev.c | 192 -------
extensions/libip6t_sctp.c | 550 --------------------
extensions/libip6t_standard.c | 66 --
extensions/libip6t_tcp.c | 416 ---------------
extensions/libip6t_udp.c | 228 --------
extensions/libipt_CLASSIFY.c | 129 ----
extensions/libipt_CONNMARK.c | 220 --------
extensions/libipt_CONNSECMARK.c | 126 ----
extensions/libipt_DSCP.c | 164 ------
extensions/libipt_MARK.c | 243 ---------
extensions/libipt_NFLOG.c | 161 -----
extensions/libipt_NFQUEUE.c | 114 ----
extensions/libipt_NOTRACK.c | 63 --
extensions/libipt_SECMARK.c | 125 ----
extensions/libipt_TCPMSS.c | 134 ----
extensions/libipt_comment.c | 119 ----
extensions/libipt_connbytes.c | 205 -------
extensions/libipt_connmark.c | 151 -----
extensions/libipt_connrate.c | 179 ------
extensions/libipt_connrate.man | 6
extensions/libipt_dccp.c | 374 -------------
extensions/libipt_dscp.c | 172 ------
extensions/libipt_esp.c | 193 -------
extensions/libipt_hashlimit.c | 369 -------------
extensions/libipt_helper.c | 101 ---
extensions/libipt_length.c | 151 -----
extensions/libipt_limit.c | 196 -------
extensions/libipt_mac.c | 140 -----
extensions/libipt_mark.c | 143 -----
extensions/libipt_multiport.c | 467 -----------------
extensions/libipt_physdev.c | 193 -------
extensions/libipt_pkttype.c | 167 ------
extensions/libipt_quota.c | 107 ---
extensions/libipt_sctp.c | 550 --------------------
extensions/libipt_standard.c | 69 --
extensions/libipt_state.c | 163 ------
extensions/libipt_statistic.c | 175 ------
extensions/libipt_string.c | 354 -------------
extensions/libipt_tcp.c | 416 ---------------
extensions/libipt_tcpmss.c | 152 -----
extensions/libipt_udp.c | 230 --------
include/iptables_common.h | 52 -
include/libipq/ip_queue_64.h | 62 --
include/linux/netfilter_ipv4/ipt_CLASSIFY.h | 8
include/linux/netfilter_ipv4/ipt_CONNMARK.h | 30 -
include/linux/netfilter_ipv4/ipt_DSCP.h | 20
include/linux/netfilter_ipv4/ipt_MARK.h | 27 -
include/linux/netfilter_ipv4/ipt_NFQUEUE.h | 16
include/linux/netfilter_ipv4/ipt_TCPMSS.h | 10
include/linux/netfilter_ipv4/ipt_comment.h | 10
include/linux/netfilter_ipv4/ipt_connmark.h | 22
include/linux/netfilter_ipv4/ipt_dscp.h | 23
include/linux/netfilter_ipv4/ipt_esp.h | 16
include/linux/netfilter_ipv4/ipt_hashlimit.h | 40 -
include/linux/netfilter_ipv4/ipt_helper.h | 8
include/linux/netfilter_ipv4/ipt_length.h | 9
include/linux/netfilter_ipv4/ipt_limit.h | 26
include/linux/netfilter_ipv4/ipt_mark.h | 13
include/linux/netfilter_ipv4/ipt_multiport.h | 29 -
include/linux/netfilter_ipv4/ipt_physdev.h | 24
include/linux/netfilter_ipv4/ipt_pkttype.h | 9
include/linux/netfilter_ipv4/ipt_sctp.h | 107 ---
include/linux/netfilter_ipv4/ipt_tcpmss.h | 9
include/linux/netfilter_ipv6/ip6t_MARK.h | 12
include/linux/netfilter_ipv6/ip6t_esp.h | 23
include/linux/netfilter_ipv6/ip6t_length.h | 10
include/linux/netfilter_ipv6/ip6t_limit.h | 25
include/linux/netfilter_ipv6/ip6t_mark.h | 13
include/linux/netfilter_ipv6/ip6t_multiport.h | 30 -
include/linux/netfilter_ipv6/ip6t_physdev.h | 24
Makefile | 62 --
extensions/Makefile | 105 +++
extensions/libip6t_HL.c | 48 -
extensions/libip6t_LOG.c | 63 --
extensions/libip6t_REJECT.c | 51 -
extensions/libip6t_TRACE.man | 10
extensions/libip6t_ah.c | 54 --
extensions/libip6t_condition.c | 43 -
extensions/libip6t_connlimit.man | 27 +
extensions/libip6t_dst.c | 96 +--
extensions/libip6t_eui64.c | 46 -
extensions/libip6t_frag.c | 60 --
extensions/libip6t_hbh.c | 104 +--
extensions/libip6t_hl.c | 46 -
extensions/libip6t_icmp6.c | 49 -
extensions/libip6t_ipv6header.c | 52 -
extensions/libip6t_mh.c | 46 -
extensions/libip6t_owner.c | 52 -
extensions/libip6t_policy.c | 41 -
extensions/libip6t_rt.c | 59 --
extensions/libip6t_state.c | 39 -
extensions/libip6t_tcp.man | 4
extensions/libip6t_u32.man | 129 ++++
extensions/libipt_CLUSTERIP.c | 60 --
extensions/libipt_DNAT.c | 50 -
extensions/libipt_ECN.c | 55 --
extensions/libipt_LOG.c | 63 --
extensions/libipt_MASQUERADE.c | 50 -
extensions/libipt_MIRROR.c | 36 -
extensions/libipt_NETMAP.c | 58 --
extensions/libipt_REDIRECT.c | 53 -
extensions/libipt_REJECT.c | 51 -
extensions/libipt_SAME.c | 52 -
extensions/libipt_SET.c | 41 -
extensions/libipt_SNAT.c | 50 -
extensions/libipt_TOS.c | 55 --
extensions/libipt_TRACE.man | 10
extensions/libipt_TTL.c | 47 -
extensions/libipt_ULOG.c | 76 --
extensions/libipt_addrtype.c | 50 -
extensions/libipt_ah.c | 50 -
extensions/libipt_condition.c | 44 -
extensions/libipt_connlimit.man | 27 +
extensions/libipt_conntrack.c | 87 ---
extensions/libipt_dscp.man | 2
extensions/libipt_dscp_helper.c | 5
extensions/libipt_ecn.c | 50 -
extensions/libipt_icmp.c | 52 -
extensions/libipt_iprange.c | 47 -
extensions/libipt_owner.c | 53 -
extensions/libipt_policy.c | 41 -
extensions/libipt_realm.c | 50 -
extensions/libipt_recent.c | 68 +-
extensions/libipt_set.c | 41 -
extensions/libipt_time.man | 69 ++
extensions/libipt_tos.c | 47 -
extensions/libipt_ttl.c | 46 -
extensions/libipt_u32.man | 129 ++++
extensions/libipt_unclean.c | 33 -
extensions/libxt_CLASSIFY.c | 137 +++++
extensions/libxt_CONNMARK.c | 223 ++++++++
extensions/libxt_CONNSECMARK.c | 145 +++++
extensions/libxt_DSCP.c | 167 ++++++
extensions/libxt_MARK.c | 221 ++++++++
extensions/libxt_NFLOG.c | 171 ++++++
extensions/libxt_NFQUEUE.c | 113 ++++
extensions/libxt_NOTRACK.c | 51 +
extensions/libxt_SECMARK.c | 136 +++++
extensions/libxt_TCPMSS.c | 158 +++++
extensions/libxt_TRACE.c | 50 +
extensions/libxt_comment.c | 128 ++++
extensions/libxt_connbytes.c | 220 ++++++++
extensions/libxt_connlimit.c | 215 +++++++
extensions/libxt_connmark.c | 151 +++++
extensions/libxt_dccp.c | 375 +++++++++++++
extensions/libxt_dscp.c | 181 ++++++
extensions/libxt_esp.c | 189 +++++++
extensions/libxt_hashlimit.c | 380 ++++++++++++++
extensions/libxt_helper.c | 108 ++++
extensions/libxt_length.c | 159 +++++
extensions/libxt_limit.c | 199 +++++++
extensions/libxt_mac.c | 150 +++++
extensions/libxt_mark.c | 133 ++++
extensions/libxt_multiport.c | 579 +++++++++++++++++++++
extensions/libxt_physdev.c | 197 +++++++
extensions/libxt_pkttype.c | 181 ++++++
extensions/libxt_quota.c | 111 ++++
extensions/libxt_sctp.c | 550 ++++++++++++++++++++
extensions/libxt_standard.c | 50 +
extensions/libxt_state.c | 177 ++++++
extensions/libxt_statistic.c | 193 +++++++
extensions/libxt_string.c | 363 +++++++++++++
extensions/libxt_tcp.c | 419 +++++++++++++++
extensions/libxt_tcpmss.c | 160 +++++
extensions/libxt_time.c | 498 ++++++++++++++++++
extensions/libxt_u32.c | 302 +++++++++++
extensions/libxt_udp.c | 232 ++++++++
include/ip6tables.h | 160 -----
include/iptables.h | 159 -----
include/libipq/libipq.h | 5
include/libiptc/libxtc.h | 35 +
include/linux/netfilter/x_tables.h | 123 ++++
include/linux/netfilter/xt_CLASSIFY.h | 8
include/linux/netfilter/xt_CONNMARK.h | 25
include/linux/netfilter/xt_CONNSECMARK.h | 13
include/linux/netfilter/xt_DSCP.h | 20
include/linux/netfilter/xt_MARK.h | 21
include/linux/netfilter/xt_NFLOG.h | 18
include/linux/netfilter/xt_NFQUEUE.h | 16
include/linux/netfilter/xt_TCPMSS.h | 10
include/linux/netfilter/xt_comment.h | 10
include/linux/netfilter/xt_connbytes.h | 25
include/linux/netfilter/xt_connlimit.h | 17
include/linux/netfilter/xt_connmark.h | 18
include/linux/netfilter/xt_dccp.h | 23
include/linux/netfilter/xt_dscp.h | 23
include/linux/netfilter/xt_esp.h | 14
include/linux/netfilter/xt_hashlimit.h | 40 +
include/linux/netfilter/xt_helper.h | 8
include/linux/netfilter/xt_length.h | 9
include/linux/netfilter/xt_limit.h | 21
include/linux/netfilter/xt_mac.h | 8
include/linux/netfilter/xt_mark.h | 9
include/linux/netfilter/xt_multiport.h | 30 +
include/linux/netfilter/xt_physdev.h | 24
include/linux/netfilter/xt_pkttype.h | 8
include/linux/netfilter/xt_quota.h | 16
include/linux/netfilter/xt_sctp.h | 107 +++
include/linux/netfilter/xt_state.h | 13
include/linux/netfilter/xt_statistic.h | 32 +
include/linux/netfilter/xt_string.h | 18
include/linux/netfilter/xt_tcpmss.h | 9
include/linux/netfilter/xt_tcpudp.h | 36 +
include/linux/netfilter/xt_time.h | 25
include/linux/netfilter/xt_u32.h | 40 +
include/linux/netfilter_ipv4/ipt_CLUSTERIP.h | 10
include/linux/netfilter_ipv4/ipt_SAME.h | 4
include/linux/netfilter_ipv4/ipt_ULOG.h | 5
include/linux/netfilter_ipv4/ipt_conntrack.h | 4
include/linux/netfilter_ipv4/ipt_recent.h | 27 +
include/linux/netfilter_ipv6/ip6t_REJECT.h | 4
include/linux/netfilter_ipv6/ip6t_ah.h | 9
include/linux/netfilter_ipv6/ip6t_frag.h | 9
include/linux/netfilter_ipv6/ip6t_ipv6header.h | 27 +
include/linux/netfilter_ipv6/ip6t_mh.h | 15
include/linux/netfilter_ipv6/ip6t_opts.h | 23
include/linux/netfilter_ipv6/ip6t_rt.h | 33 +
include/xtables.h | 242 ++++++++
ip6tables-restore.c | 3
ip6tables.c | 586 ++-------------------
iptables-restore.c | 9
iptables-xml.8 | 89 +++
iptables-xml.c | 40 +
iptables.c | 673 +++----------------------
iptables.xslt | 7
libiptc/libip4tc.c | 8
libiptc/libip6tc.c | 8
libiptc/libiptc.c | 35 -
xtables.c | 584 +++++++++++++++++++++
263 files changed, 11781 insertions(+), 15150 deletions(-)
---
_______________________________________________
svn mailing list
[email protected]
http://mailman.vyatta.com/mailman/listinfo/svn
