03 Dec, 2006
1 commit
-
Add new NFLOG target to allow use of nfnetlink_log for both IPv4 and IPv6.
Currently we have two (unsupported by userspace) hacks in the LOG and ULOG
targets to optionally call to the nflog API. They lack a few features,
namely the IPv4 and IPv6 LOG targets can not specify a number of arguments
related to nfnetlink_log, while the ULOG target is only available for IPv4.
Remove those hacks and add a clean way to use nfnetlink_log.Signed-off-by: Patrick McHardy
16 Nov, 2006
1 commit
-
66 and 67 for getsockopt on IPv6 socket is doubly used for IPv6 Advanced
API and ip6tables. This moves numbers for ip6tables to 68 and 69.
This also kills XT_SO_* because {ip,ip6,arp}_tables doesn't have so much
common numbers now.The old userland tools keep to behave as ever, because old kernel always
calls functions of IPv6 Advanced API for their numbers.Signed-off-by: Yasuyuki Kozakai
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
23 Sep, 2006
1 commit
-
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
19 Sep, 2006
1 commit
-
Signed-off-by: David Woodhouse
18 Jun, 2006
1 commit
-
This adds the Kbuild files listing the files which are to be installed by
the 'headers_install' make target, in generic directories.Signed-off-by: David Woodhouse
01 Apr, 2006
2 commits
-
This unifies ipt_multiport and ip6t_multiport to xt_multiport.
As a result, this addes support for inversion and port range match
to IPv6 packets.Signed-off-by: Yasuyuki Kozakai
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
This unifies ipt_esp and ip6t_esp to xt_esp. Please note that now
a user program needs to specify IPPROTO_ESP as protocol to use esp match
with IPv6. This means that ip6tables requires '-p esp' like iptables.Signed-off-by: Yasuyuki Kozakai
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
23 Mar, 2006
2 commits
-
This patch moves {ip,ip6,arp}t_entry_{match,target} definitions to
x_tables.h. This move simplifies code and future compatibility fixes.Signed-off-by: Dmitry Mishin
Acked-off-by: Kirill Korotaev
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Set the family field in xt_[matches|targets] registered.
Signed-off-by: Pablo Neira Ayuso
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
21 Mar, 2006
1 commit
-
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
28 Feb, 2006
1 commit
-
The nfnetlink_log infrastructure changes broke compatiblity of the LOG
targets. They currently use whatever log backend was registered first,
which means that if ipt_ULOG was loaded first, no messages will be printed
to the ring buffer anymore.Restore compatiblity by using the old log functions by default and only use
the nf_log backend if the user explicitly said so.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
05 Feb, 2006
1 commit
-
The IPv4 and IPv6 version of the policy match are identical besides address
comparison and the data structure used for userspace communication. Unify
the data structures to break compatiblity now (before it is released), so
we can port it to x_tables in 2.6.17.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
17 Jan, 2006
1 commit
-
These definitions ware used for only internal use in kernel
Signed-off-by: Harald Welte
Signed-off-by: David S. Miller
13 Jan, 2006
1 commit
-
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headersBased on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.Signed-off-by: Harald Welte
Signed-off-by: David S. Miller
08 Jan, 2006
1 commit
-
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
06 Jan, 2006
2 commits
-
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
The original ipv6_find_hdr() finds the specified header in IPv6 packets.
This makes it possible to get transport header so that we can kill similar
loop in ip6_match_packet().Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
01 Nov, 2005
1 commit
-
Like ip_tables already has it for some time, this adds support for
having multiple revisions for each match/target. We steal one byte from
the name in order to accomodate a 8 bit version number.Signed-off-by: Harald Welte
Signed-off-by: Arnaldo Carvalho de Melo
20 Sep, 2005
1 commit
-
Some IPv6 matches have very similar loops to find IPv6 extension header
and we can unify them. This patch introduces ipv6_find_hdr() to do it.
I just checked that it can find the target headers in the packet which has
dst,hbh,rt,frag,ah,esp headers.Signed-off-by: Yasuyuki Kozakai
Signed-off-by: Harald Welte
Signed-off-by: David S. Miller
30 Aug, 2005
5 commits
-
This target allows users to modify the hoplimit header field of the
IPv6 header.Signed-off-by: Harald Welte
Signed-off-by: David S. Miller -
Originally written by Henrik Nordstrom , taken
from netfilter patch-o-matic and added ip6_tables support.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Originally written by Yasuyuki Kozakai ,
taken from netfilter patch-o-matic and fixed up to work with current
kernels.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Signed-off-by: Domen Puncer
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
This patch is in preparation to nfnetlink_log:
- loggers now have to register struct nf_logger instead of nf_logfn
- nf_log_unregister() replaced by nf_log_unregister_pf() and
nf_log_unregister_logger()
- add comment to ip[6]t_LOG.h to assure nobody redefines flags
- add /proc/net/netfilter/nf_log to tell user which logger is currently
registered for which address family
- if user has configured logging, but no logging backend (logger) is
available, always spit a message to syslog, not just the first time.
- split ip[6]t_LOG.c into two parts:
Backend: Always try to register as logger for the respective address family
Frontend: Always log via nf_log_packet() API
- modify all users of nf_log_packet() to accomodate additional argumentSigned-off-by: Harald Welte
Signed-off-by: David S. Miller
17 Apr, 2005
1 commit
-
Initial git repository build. I'm not bothering with the full history,
even though we have it. We can create a separate "historical" git
archive of that later if we want to, and in the meantime it's about
3.2GB when imported into git - space that would just make the early
git days unnecessarily complicated, when we don't have a lot of good
infrastructure for it.Let it rip!
