anonfunc/xtables-addons
1
0
Fork 0
mirror of git://git.code.sf.net/p/xtables-addons/xtables-addons synced 2025-09-06 20:55:13 +02:00
Code Issues Releases Wiki Activity
833 Commits 5 Branches 85 Tags
3ba7d8c3a95fa9989478cfa77d22cd2639e2385e
Commit Graph

833 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jan Engelhardt
3ba7d8c3a9 build: remove support for Linux 2.6.30 2012-10-16 04:16:57 +02:00
Jan Engelhardt
28d12faba8 build: remove support for Linux 2.6.29 2012-10-16 04:16:57 +02:00
Jan Engelhardt
cf7a3d4342 build: remove support for Linux 2.6.28 2012-10-16 04:16:57 +02:00
Jan Engelhardt
fabad77f8f build: remove support for Linux 2.6.27 2012-10-16 04:16:57 +02:00
Jan Engelhardt
5e020d380c build: remove support for Linux 2.6.26 2012-10-16 04:16:57 +02:00
Jan Engelhardt
a7fbf4f4de build: remove support for Linux 2.6.25 2012-10-16 04:16:57 +02:00
Jan Engelhardt
4137f6c111 build: remove support for Linux 2.6.24 2012-10-16 04:16:57 +02:00
Jan Engelhardt
04d8ebe31c build: remove support for Linux 2.6.23 2012-10-16 04:16:56 +02:00
Jan Engelhardt
6ab4c02a54 build: remove support for Linux 2.6.22 2012-10-16 04:16:56 +02:00
Jan Engelhardt
a66e4510b8 build: remove support for Linux 2.6.21 2012-10-16 02:36:14 +02:00
Jan Engelhardt
31aebc134e build: remove support for Linux 2.6.20 2012-10-16 02:36:10 +02:00
Jan Engelhardt
e640a15ec9 build: remove support for Linux 2.6.19 2012-10-16 02:36:06 +02:00
Jan Engelhardt
66f213e324 build: remove support for Linux 2.6.18 2012-10-16 02:36:02 +02:00
Jan Engelhardt
0dcc56bc62 build: remove support for Linux 2.6.17 2012-10-16 02:35:57 +02:00
Jan Engelhardt
8db01220fd Xtables-addons 1.47.1 v1.47.1 2012-10-15 21:29:22 +02:00
Jan Engelhardt
95ff9a2de3 build: resolve compiler error 
extensions/xt_psd.c:141:2: error: implicit declaration of function
'vmalloc' [-Werror=implicit-function-declaration]
 2012-10-15 21:15:25 +02:00
Jan Engelhardt
2f1e094125 Xtables-addons 1.47 v1.47 2012-10-15 20:03:02 +02:00
Jan Engelhardt
37b000182f xt_psd: replace vzalloc by vmalloc+memset 
The lower support boundary is currently 2.6.32, but vzalloc is only
available since 2.6.37.
 2012-10-15 20:02:43 +02:00
Jan Engelhardt
255a310536 Merge branch 'psd' 2012-09-18 07:33:00 +02:00
Florian Westphal
3a6e73e986 xt_psd: add IPv6 support 
Because most users will probably only use IPv4 psd, allocate most of the
state6 storage when the first IPv6 psd rule is added, and not at module
load time via .bss.
 2012-09-18 03:33:37 +02:00
Florian Westphal
0a97126f5b xt_psd: move IPv4 state locking responsibility to caller 
The former psd_match function is now < 72 lines.
 2012-09-18 02:53:02 +02:00
Florian Westphal
2ba833fe47 xt_psd: move L4 header fetching into helper 
Also start splitting psd_match into two functions, one to do initial
sanity checking and header retrieval, one to do the actual work.
 2012-09-18 02:47:30 +02:00
Florian Westphal
77240e0918 xt_psd: use tcph->dest directly 
This allows us to move more code away from the main match function.
 2012-09-18 02:45:17 +02:00
Florian Westphal
651e60f8d7 xt_psd: move table cleanup into helper 2012-09-18 02:43:04 +02:00
Florian Westphal
54ac2a899a xt_psd: split struct host into generic and AF-dependent structure 2012-09-18 02:42:22 +02:00
Florian Westphal
61d2be172d xt_psd: remove unneeded variables, make hash unsigned 
- dest port and dest address were only written, never read
- struct inaddr isn't needed either, just look at iph->saddr
 2012-09-18 02:41:15 +02:00
Florian Westphal
093f3b0a97 xt_psd: move match functionality to helpers 
Reduce line count and to allow code reuse when IPv6 support will be
introduced.
 2012-09-17 04:44:29 +02:00
Florian Westphal
57d25f22f1 xt_psd: avoid if (c=h) do {..} while (c = c->next) 
It is aquivalent to c=h; while (c) { ..; c = c->next; }
which is a bit easier to read.
 2012-09-17 04:42:56 +02:00
Florian Westphal
2f18ab31ec xt_psd: move parts of main match function to helpers 
The match function is way too large, start to split this into smaller
chunks.
 2012-09-17 00:02:49 +02:00
Florian Westphal
12d0a8702c xt_psd: consider protocol when searching port list 
If we saw a TCP packet on port X, and we receive a UDP packet from the
same host to port X, we counted this as "port X", and did not see this
as a new packet.

Change compare to also consider protocol number and move it to a helper
to de-bloat the overlay large match function.

This change makes psd more aggressive with mixed TCP/UDP traffic.
 2012-09-17 00:02:45 +02:00
Jan Engelhardt
35ce1adf5e Xtables-addons 1.46 v1.46 2012-08-23 15:54:21 +02:00
Jan Engelhardt
e5fe0b9c14 doc: update xt_SYSRQ.man to reflect that the full IPv6 address is needed 
xt_SYSRQ uses NIP6_FMT, so requires the expanded form for the digest.

Reported-by: Jan Krcmar <honza801@gmail.com>
 2012-08-23 15:27:23 +02:00
Arif Hossain
cd7fc84b29 build: remove extraneous closing bracket in configure.ac 
Now autogen.sh will work without complaints.
 2012-08-02 17:49:40 +02:00
Josh Hunt
4ff5a8fbf6 TARPIT: fix memory leak when tarpit_generic() fails 
Currently tarpit_generic() just returns on failure, but this does not
free nskb.

Signed-off-by: Josh Hunt <johunt@akamai.com>
 2012-08-02 17:48:05 +02:00
Florian Westphal
37e3a543a9 extensions: fix ipv6_find_hdr upstream change fallout 
Upstream commit v3.5-rc1~109^2~138^2~4 ("netfilter: ip6_tables: add
flags parameter to ipv6_find_hdr()") changed the offset parameter of
ipv6_find_hdr() to be an input-output value. Moreover, if it is
non-zero, it MUST point to a valid IPv6 header embedded in the
packet.
 2012-07-21 15:42:02 +02:00
Jan Engelhardt
5f6cbbc663 Xtables-addons 1.45 v1.45 2012-07-16 05:39:32 +02:00
Jan Engelhardt
a2676585da build: avoid use of unexported functions 
Fixes: "WARNING 'ipv6_find_hdr' [xt_TARPIT.ko] not found" in
<= linux-2.6.37.
 2012-07-16 05:36:41 +02:00
Jan Engelhardt
4a8aab6aed fix: "WARNING 'xtnu_ipv6_find_hdr' [.ko] not found" 2012-07-16 05:34:24 +02:00
Jan Engelhardt
dec7d7fc4d Xtables-addons 1.44 v1.44 2012-07-15 13:58:51 +02:00
Jan Engelhardt
5c615a3c73 build: do not attempt to build IPv6 parts if CONFIG_IP6_NF_IPTABLES=n 
Checking for IPV6 is not sufficient, use IP6_NF_IPTABLES instead.
 2012-07-14 23:19:16 +02:00
Jan Engelhardt
0c1375414d build: do not attempt to build IPv6 parts if CONFIG_IPV6=n 2012-07-14 22:55:39 +02:00
Jan Engelhardt
7e5a8b0501 geoip: remove outdated instructions in xt_geoip_build 
The manpage contains the authoritative description of options
currently supported.
 2012-07-14 02:17:38 +02:00
Jan Engelhardt
cb8050172a SYSRQ: fix double target initialization at module load 2012-07-11 01:42:39 +02:00
Jan Engelhardt
5be4ac8b2b Merge branch 'tarpit6' 2012-07-09 19:07:26 +02:00
Jan Engelhardt
8d5b7c5b7d doc: changelog entry for IPv6 TARPIT 2012-07-09 19:07:24 +02:00
Jan Engelhardt
f9aca7621c compat_xtables: avoid compile abort on <= 2.6.37 2012-07-09 19:06:22 +02:00
Josh Hunt
af940bcbae TARPIT: enable IPv6 userspace support 
Signed-off-by: Josh Hunt <johunt@akamai.com>
 2012-07-09 18:57:41 +02:00
Josh Hunt
06b82c649d TARPIT: resolve build errors with newer kernels 
Adds fragment offset arg to ipv6_skip_exthdr() and also removes usage
of ipv6_addr_copy() in favor or direct assignment.

Signed-off-by: Josh Hunt <johunt@akamai.com>
 2012-07-09 18:55:12 +02:00
Jan Engelhardt
e5093b61cd compat_xtables: add xtnu_ipv6_skip_exthdr 2012-07-09 18:54:22 +02:00
Josh Hunt
7cd01e0b14 TARPIT: add IPv6 support 
This adds IPv6 support for the tarpit target. It performs the same
functionality as the v4 version, but with IPv6 connections.

Signed-off-by: Josh Hunt <johunt@akamai.com>
 2012-07-08 21:22:22 +02:00