Tag 'v1.3.0-rc1' created by Harald Welte <[email protected]> at 2005-02-01
16:47 -0800
iptables 1.3.0-rc1
Changes since v1.2.9:
Bart De Schuymer (1):
port physdev to ip6tables (Bart De Schuymer)
Bastiaan Bakker (1):
Bastiaan Bakker's patch to combine iptables, iptables-save and
iptables-restore
Brad Fisher (1):
Add comment match extension (Brad Fisher)
Derrik Pates (1):
- Sets the 'iptc_fn' global variable to the pointer to the current
functions in all major TC_* functions. This is necessary because in certain
cases, an error return from a function that doesn't set 'iptc_fn' will conflict
with a function-specific error return from one that does, causing TC_STRERROR()
to return the wrong error string. This ensures that the right one will be
returned.
Evgeniy Polyakov (1):
add support for netlink reporting to ipt_osf (Evgeniy Polyakov)
Harald Welte (54):
todo update (minor)
todo update (ipv6 ndisc/ldp)
new CLUSTERIP target, currently in development. kernel code will follow
soon
add dstlimit extension (kernel code in patch-o-matic soon)
check if received netlink messages are really from the kernel (pid==0)
added name member for proc-file
support for srcip-* hashmodes added
add mac check
forgot to commit the last osf userspace update
fix deleting of time rules (SooYoun Cho) (Closes: #169)
commit all current changes
oops, don't commit this to the stable tree
fix '--icmp-type any' case
fix mask '/0' case (David Ahern) (Closes: #147)
fix various errors in save() function
add save() of dstlimit-name
- work with new matchinfo struct
add childlevel match support
add userspace part of SCTP match
don't print/save parameters that were automatically chosen. Only show
real values as specified by administrator.
add definition for IPPROTO_SCTP for systems with old header files
fix typo
iptables-1.2.10 coming up
include netdb.h if we use getprotobynumber
cosmetic fix (space between include directive and filename)
fix 'make distrib'
pom-ng only deals with numerical versions
add missing include
fix syntax of help message
In C, we declare variables at the top of function (Olivier Clerget)
complete libiptc rewrite. Time to load 10k rules goes down from 2.20
minutes to 1.255 seconds (!). Might still contain bugs, use with caution.
fix slightly changed semantics of iptc_is_builtin
slightly different semantics of iptc_builtin
add delete by matching-rule to libiptc2 (still untested)
fix segfault from memory allocation: handle->entries is actualy struct
ipt_get_entries plus the size
add paragraph about raw table
hashlimit port of userspace plugin
add hashlimit kernel header file
move ipt_hashlimit to it's correct location
- add hashlimit to makefile
minor syntax fixes
Fix module-autoloading in certain cases (Fixse Debian Bug 219686)
sync with latest patch-o-matic-ng update (support direction and mode
parameters)
fix some compiler warnings and errors
Use C99 initializers
be more specific what INPUT means (Matthias Bruestle)
check for colons
make structure initializers use C99 standard (Harald Welte)
fix typo
add missing comma
fix compiler warning about discarding const
re-implement alphabetic sorting to not confuse users who upgrade to 1.3.0
release rc1
we now need to exclude .svn instead of CVS
Henrik Nordstrom (4):
split manpages into per-extension manpage snippet (Henrik Nordstrom)
use <stddef.h> instead of <linux/stddef.h> (Henrik Nordstrom)
latest version of CONNMARK (Henrik Nordstrom)
latest version of CONNMARK updates (Henrik Nordstrom)
John Lange (1):
Add --log-uid option (John Lange <[email protected]>)
Joszef Kadlecsik (7):
Userspace part of sets: ipset added (JK)
Fabrice's time match update + Tom Eastep's conntrack mach fix applied (JK)
Fix for empty extra match/target man page list processing
Semicolon were missing in the added assigment lines
Missing file from multi patch added
make DO_MULTI=1 documented in INSTALL file
ipset 2 related updates (JK)
Karsten Desler (3):
Fix possibly not zero-terminated string after copy (Karsten Desler)
Fix another possibly not zero-terminated string after copy (Karsten
Desler)
Fix even more possibly not zero-terminated strings after copy (Karsten
Desler)
Kiran Kumar (1):
update for matching chunk flags (Kiran Kumar)
Maciej Soltysiak (2):
Fix missing newline in libipt_DSCP help-text (Maciej Soltysiak)
Limit ttl-value to 0-255 (Maciej Soltysiak <[email protected]>)
Martin Josefsson (39):
I guess nobody actually used --verbose
Minor codestyle fix
Another minor codestyle fix
Complain when COMMIT is missing for the last table in the input
Add --test (-t) in order to test the whole file without changing anything
if something fails
Bloody copy-n-edit. Complain when COMMIT is missing...
Bloody copy-n-edit. Add --test (-t) in order to test...
Make sure to use matches in the order they are given when calling
do_command() multiple times.
Bloody copy-n-edit. Make sure to use matches in the order they are
given...
(Continuing the bloody-series) Bloody typos :)
(Continuing the bloody-series) Bloody missing resync (Did I mention how
much I hate copy-n-edits?)
Add Patrick to manpage
Fix missing 6 (Bjorn Mattsson)
don't use signed things...
Get rid of some memoryleaks.
When compiled static, don't show help-messages for all matches and
targets,
What is this doing here? Go away.
Better(?) detection for 64bit kernel / 32bit userspace.
Fix 64bit kernel / 32bit userspace issue.
Add versions of string_to_number() for use in 32bit userspace with 64bit
kernel.
Fix 64bit kernel / 32bit userspace issue.
Get rid of some warnings when compiling 64bit.
With a 64bit kernel only the high 32bits of nfmark was used regardless of
Fix listing of module targets.
Fix rule counting
Insertion of rules with -I was broken.
Fix two more rulenumber off by 1 errors
Make TC_DELETE_ENTRY() and TC_DELETE_NUM_ENTRY() actually do something
practical
Make sure to zero all the memory we allocate for the new table.
Fix returnvalue of TC_BUILTIN()
Spelling error.
Replace O(n) with O(1) when TC_INSERT_ENTRY() inserts an entry at the end.
Search backwards when inserting/deleting in/from the top half of the
rules in a chain.
Implement some optimization for finding rules to replace in
TC_REPLACE_ENTRY.
Fix setting lib_dir in ip*tables-{save,restore}
Replace memchr with strlen and fix up one of the statements.
Remove leftover debug printf
Make it compile on current kernels, the future isn't here yet.
typo
Matthew Strait (1):
better wording for '-i' (Matthew Strait)
Michael Rash (2):
allow embedding of quote character inside quoted string (Michael Rash)
Fix saving of non-printable characters in string (Michael Rash) (Closes:
#168)
Nicolas Bouliane (4):
Giving --dst-range twice to iprange did not ring the bell
Check that TTL is between 0 and 255 (Nicolas Bouliane)
Nicolas Bouliane: I was writing an nfsim .sim for the match tos, when I
realized that when we enter --tos twice the second overwrite the first.
Prevent user from using --helper multiple times (Nicolas Bouliane
<[email protected]>)
Nikolai Malykh (1):
fix name of 'extra_opts' structure member (Nikolai Malykh)
Nuuti Kotivuori (1):
Add connrate match userspace part (Nuuti Kotivuori)
Ozgur AKAN (1):
fix case where somebody uses '-i +' as interface name (Ozgur AKAN)
Pablo Neira (2):
Pablo Neira: extensions conversion to C99 structure initialization
Pablo Neira:
Patrick McHardy (5):
Add ipt_addrtype.h
Add addrtype match to list of unconditionally built extensions
Allocate enough memory for addr-list in host_to_addr()
Print error when '!' is used with multiport. Based on patch by Phil
Oester.
Mention owner brokenness in manpage
Patrick Schaaf (1):
ROUTE --tee target extension (Patrick Schaaf)
Pedro Lamarão (1):
use /etc/protocols when printing protocol names (Pedro Lamarão)
Phil Oester (10):
Fix conntrack-match typo, fixes bugzilla #194 (Phil Oester)
Cleanup ttl-match option parsing, fixes bugzilla #183 (Phil Oester)
Fix typo. (Phil Oester) Closes #239
fix psd option parsing (Phil Oester)
limit match does not support invert, warn about it. Closes bugzilla #95
(Phil Oester)
Fix half-working dstlimit invert check (Phil Oester)
Fix half-working ipv6 limit invert check (Phil Oester)
Add comment about time not adhering DST (Phil Oester) (Closes: #75)
note owner match brokenness in helptext, closes bugzilla #244 (Phil
Oester)
John McCann points out via bugzilla that iptables happily accepts this
Piotr GasidÅo (3):
add userspace support for 'ipt_account' match (Piotr Gasid'o)
update to ipt_account 0.1.16 (Piotr Gasid?o)
Fix number parsing (Piotr Gasidlo)
Rusty Russell (9):
Remove GET_TARGET() define: this was for compiling iptables for debugging
(ie. without -O) on old kernels where ipt_get_target() was defined "extern
inline". These days it's "static inline", and only developers build without -O
anyway.
Make "is_same" test basics and entries only: targets are generic.
Implement IPTABLES_LIB_DIR and IP6TABLES_LIB_DIR environment variables,
and set them in testsuite if we're running iptables within tree.
Don't need ipt_entry_target()/ip6t_entry_target() now kernel uses static
inline instead of extern inline (otherwise it doesn't compile without -O).
Use string_to_number. Don't check for no optarg: we set has_arg to 1 in
option array, so getopt does that for us.
Fix compile error introduced by C99 conversion.
Stupid typo that meant we didn't compare target data when doing
delete-by-matching-rule (found by nfsim test).
Extension revision number support (if kernel supports the getsockopts).
Testsuite found an issue: multiport accepts -p ! tcp.
Simon Lodal (1):
realm: fix inversion (Simon Lodal)
Stephane Ouellette (1):
Compiler warnings due to missing include files (Stephane Ouellette)
Youza Youzovic (1):
add missing spaces in 'save' printout ([email protected]) (Closes: #235)
keso (1):
fix dual-free bug with multiple-A dns records ([email protected])
---
extensions/.addrtype-test | 5
ip6tables.8 | 821 ---------
iptables.8 | 1072 ------------
CURRENT_ISSUES | 6
INSTALL | 6
Makefile | 97 -
Rules.make | 2
TODO | 32
extensions/.CLUSTERIP-test | 2
extensions/.account-test | 3
extensions/.childlevel-test | 2
extensions/.connrate-test | 2
extensions/.dstlimit-test | 2
extensions/.set-test | 2
extensions/Makefile | 83
extensions/libip6t_HL.c | 34
extensions/libip6t_HL.man | 17
extensions/libip6t_LOG.c | 2
extensions/libip6t_LOG.man | 28
extensions/libip6t_MARK.c | 33
extensions/libip6t_MARK.man | 6
extensions/libip6t_REJECT.c | 25
extensions/libip6t_REJECT.man | 34
extensions/libip6t_ROUTE.c | 65
extensions/libip6t_ROUTE.man | 15
extensions/libip6t_TRACE.man | 3
extensions/libip6t_ah.man | 3
extensions/libip6t_condition.man | 4
extensions/libip6t_dst.man | 7
extensions/libip6t_esp.man | 3
extensions/libip6t_eui64.c | 26
extensions/libip6t_eui64.man | 1
extensions/libip6t_frag.man | 19
extensions/libip6t_fuzzy.man | 7
extensions/libip6t_hbh.c | 28
extensions/libip6t_hbh.man | 7
extensions/libip6t_hl.man | 10
extensions/libip6t_icmpv6.c | 25
extensions/libip6t_icmpv6.man | 9
extensions/libip6t_ipv6header.c | 25
extensions/libip6t_ipv6header.man | 10
extensions/libip6t_length.c | 25
extensions/libip6t_length.man | 4
extensions/libip6t_limit.c | 42
extensions/libip6t_limit.man | 15
extensions/libip6t_mac.c | 26
extensions/libip6t_mac.man | 10
extensions/libip6t_mark.c | 72
extensions/libip6t_mark.man | 9
extensions/libip6t_multiport.c | 33
extensions/libip6t_multiport.man | 19
extensions/libip6t_nth.c | 25
extensions/libip6t_nth.man | 14
extensions/libip6t_owner.c | 27
extensions/libip6t_owner.man | 23
extensions/libip6t_physdev.c | 230 ++
extensions/libip6t_physdev.man | 42
extensions/libip6t_random.c | 25
extensions/libip6t_random.man | 4
extensions/libip6t_rt.c | 26
extensions/libip6t_rt.man | 19
extensions/libip6t_standard.c | 25
extensions/libip6t_tcp.c | 27
extensions/libip6t_tcp.man | 45
extensions/libip6t_udp.c | 26
extensions/libip6t_udp.man | 14
extensions/libipt_BALANCE.c | 27
extensions/libipt_BALANCE.man | 4
extensions/libipt_CLASSIFY.c | 27
extensions/libipt_CLASSIFY.man | 4
extensions/libipt_CLUSTERIP.c | 258 ++
extensions/libipt_CLUSTERIP.man | 24
extensions/libipt_CONNMARK.c | 102 -
extensions/libipt_CONNMARK.man | 15
extensions/libipt_DNAT.c | 34
extensions/libipt_DNAT.man | 27
extensions/libipt_DSCP.c | 29
extensions/libipt_DSCP.man | 9
extensions/libipt_ECN.c | 28
extensions/libipt_ECN.man | 7
extensions/libipt_FTOS.c | 27
extensions/libipt_IPMARK.c | 27
extensions/libipt_IPV4OPTSSTRIP.c | 27
extensions/libipt_LOG.c | 26
extensions/libipt_LOG.man | 31
extensions/libipt_MARK.c | 190 +-
extensions/libipt_MARK.man | 6
extensions/libipt_MASQUERADE.c | 26
extensions/libipt_MASQUERADE.man | 22
extensions/libipt_MIRROR.c | 27
extensions/libipt_MIRROR.man | 12
extensions/libipt_NETLINK.c | 26
extensions/libipt_NETMAP.c | 27
extensions/libipt_NETMAP.man | 9
extensions/libipt_NOTRACK.man | 5
extensions/libipt_POOL.c | 27
extensions/libipt_REDIRECT.c | 27
extensions/libipt_REDIRECT.man | 18
extensions/libipt_REJECT.c | 27
extensions/libipt_REJECT.man | 34
extensions/libipt_ROUTE.c | 75
extensions/libipt_ROUTE.man | 18
extensions/libipt_SAME.c | 30
extensions/libipt_SET.c | 180 ++
extensions/libipt_SET.man | 16
extensions/libipt_SNAT.c | 34
extensions/libipt_SNAT.man | 26
extensions/libipt_TARPIT.c | 27
extensions/libipt_TCPMSS.c | 27
extensions/libipt_TCPMSS.man | 38
extensions/libipt_TOS.c | 27
extensions/libipt_TOS.man | 11
extensions/libipt_TRACE.man | 3
extensions/libipt_TTL.c | 40
extensions/libipt_TTL.man | 19
extensions/libipt_ULOG.c | 66
extensions/libipt_ULOG.man | 27
extensions/libipt_XOR.c | 26
extensions/libipt_account.c | 278 +++
extensions/libipt_addrtype.c | 24
extensions/libipt_addrtype.man | 37
extensions/libipt_ah.c | 27
extensions/libipt_ah.man | 3
extensions/libipt_childlevel.c | 122 +
extensions/libipt_childlevel.man | 5
extensions/libipt_comment.c | 127 +
extensions/libipt_condition.c | 22
extensions/libipt_condition.man | 4
extensions/libipt_connbytes.c | 149 +
extensions/libipt_connlimit.c | 33
extensions/libipt_connmark.c | 56
extensions/libipt_connmark.man | 9
extensions/libipt_connrate.c | 188 ++
extensions/libipt_connrate.man | 6
extensions/libipt_conntrack.c | 65
extensions/libipt_conntrack.man | 49
extensions/libipt_dscp.c | 27
extensions/libipt_dscp.man | 10
extensions/libipt_dstlimit.c | 342 +++
extensions/libipt_dstlimit.man | 35
extensions/libipt_ecn.man | 11
extensions/libipt_esp.c | 27
extensions/libipt_esp.man | 3
extensions/libipt_fuzzy.c | 26
extensions/libipt_fuzzy.man | 7
extensions/libipt_hashlimit.c | 368 ++++
extensions/libipt_helper.c | 30
extensions/libipt_helper.man | 11
extensions/libipt_icmp.c | 30
extensions/libipt_icmp.man | 9
extensions/libipt_iprange.c | 29
extensions/libipt_iprange.man | 7
extensions/libipt_ipv4options.c | 27
extensions/libipt_length.c | 27
extensions/libipt_length.man | 4
extensions/libipt_limit.c | 43
extensions/libipt_limit.man | 15
extensions/libipt_mac.c | 27
extensions/libipt_mac.man | 10
extensions/libipt_mark.c | 49
extensions/libipt_mark.man | 9
extensions/libipt_mport.c | 33
extensions/libipt_mport.man | 19
extensions/libipt_multiport.c | 238 ++
extensions/libipt_multiport.man | 19
extensions/libipt_nth.c | 32
extensions/libipt_nth.man | 14
extensions/libipt_osf.c | 39
extensions/libipt_owner.c | 32
extensions/libipt_owner.man | 28
extensions/libipt_physdev.c | 27
extensions/libipt_physdev.man | 42
extensions/libipt_pkttype.c | 27
extensions/libipt_pkttype.man | 3
extensions/libipt_pool.c | 27
extensions/libipt_psd.c | 32
extensions/libipt_quota.c | 25
extensions/libipt_random.c | 28
extensions/libipt_random.man | 4
extensions/libipt_realm.c | 30
extensions/libipt_realm.man | 5
extensions/libipt_recent.c | 4
extensions/libipt_rpc.c | 25
extensions/libipt_sctp.c | 396 +++-
extensions/libipt_set.c | 169 +
extensions/libipt_set.h | 104 +
extensions/libipt_set.man | 17
extensions/libipt_standard.c | 26
extensions/libipt_state.c | 27
extensions/libipt_state.man | 21
extensions/libipt_string.c | 75
extensions/libipt_tcp.c | 28
extensions/libipt_tcp.man | 49
extensions/libipt_tcpmss.c | 27
extensions/libipt_tcpmss.man | 4
extensions/libipt_time.c | 344 +++
extensions/libipt_time.man | 16
extensions/libipt_tos.c | 32
extensions/libipt_tos.man | 9
extensions/libipt_ttl.c | 52
extensions/libipt_ttl.man | 10
extensions/libipt_u32.c | 28
extensions/libipt_udp.c | 26
extensions/libipt_udp.man | 14
extensions/libipt_unclean.c | 26
extensions/libipt_unclean.man | 2
include/ip6tables.h | 14
include/iptables.h | 36
include/iptables_common.h | 9
include/linux/netfilter_ipv4/ipt_CONNMARK.h | 10
include/linux/netfilter_ipv4/ipt_MARK.h | 27
include/linux/netfilter_ipv4/ipt_SAME.h | 11
include/linux/netfilter_ipv4/ipt_ULOG.h | 10
include/linux/netfilter_ipv4/ipt_addrtype.h | 11
include/linux/netfilter_ipv4/ipt_comment.h | 10
include/linux/netfilter_ipv4/ipt_connmark.h | 9
include/linux/netfilter_ipv4/ipt_conntrack.h | 6
include/linux/netfilter_ipv4/ipt_dstlimit.h | 39
include/linux/netfilter_ipv4/ipt_hashlimit.h | 40
include/linux/netfilter_ipv4/ipt_limit.h | 26
include/linux/netfilter_ipv4/ipt_mark.h | 13
include/linux/netfilter_ipv4/ipt_multiport.h | 28
include/linux/netfilter_ipv4/ipt_sctp.h | 122 +
include/linux/netfilter_ipv6/ip6t_MARK.h | 12
include/linux/netfilter_ipv6/ip6t_limit.h | 25
include/linux/netfilter_ipv6/ip6t_mark.h | 13
include/linux/netfilter_ipv6/ip6t_physdev.h | 24
ip6tables-restore.c | 52
ip6tables-save.c | 10
ip6tables-standalone.c | 4
ip6tables.8.in | 461 +++++
ip6tables.c | 291 +--
iptables-multi.c | 31
iptables-restore.c | 58
iptables-save.c | 26
iptables-standalone.c | 9
iptables.8.in | 474 +++++
iptables.c | 410 +++-
libipq/libipq.c | 4
libiptc/libip4tc.c | 46
libiptc/libip6tc.c | 41
libiptc/libiptc.c | 2360 +++++++++++++++------------
libiptc/linux_list.h | 723 ++++++++
libiptc/linux_stddef.h | 39
244 files changed, 10648 insertions(+), 4824 deletions(-)
---
_______________________________________________
svn mailing list
[email protected]
http://mailman.vyatta.com/mailman/listinfo/svn
