anonfunc/xtables-addons
1
0
Fork 0
mirror of git://git.code.sf.net/p/xtables-addons/xtables-addons synced 2025-09-07 13:15:12 +02:00
Code Issues Releases Wiki Activity
800 Commits 5 Branches 85 Tags
4ff5a8fbf62b75b17194a5cd324c08b8fa0f08bf
Commit Graph

189 Commits

Author SHA1 Message Date
Josh Hunt
4ff5a8fbf6 TARPIT: fix memory leak when tarpit_generic() fails 
Currently tarpit_generic() just returns on failure, but this does not
free nskb.

Signed-off-by: Josh Hunt <johunt@akamai.com>
 2012-08-02 17:48:05 +02:00
Florian Westphal
37e3a543a9 extensions: fix ipv6_find_hdr upstream change fallout 
Upstream commit v3.5-rc1~109^2~138^2~4 ("netfilter: ip6_tables: add
flags parameter to ipv6_find_hdr()") changed the offset parameter of
ipv6_find_hdr() to be an input-output value. Moreover, if it is
non-zero, it MUST point to a valid IPv6 header embedded in the
packet.
 2012-07-21 15:42:02 +02:00
Jan Engelhardt
5f6cbbc663 Xtables-addons 1.45 2012-07-16 05:39:32 +02:00
Jan Engelhardt
a2676585da build: avoid use of unexported functions 
Fixes: "WARNING 'ipv6_find_hdr' [xt_TARPIT.ko] not found" in
<= linux-2.6.37.
 2012-07-16 05:36:41 +02:00
Jan Engelhardt
4a8aab6aed fix: "WARNING 'xtnu_ipv6_find_hdr' [.ko] not found" 2012-07-16 05:34:24 +02:00
Jan Engelhardt
dec7d7fc4d Xtables-addons 1.44 2012-07-15 13:58:51 +02:00
Jan Engelhardt
5c615a3c73 build: do not attempt to build IPv6 parts if CONFIG_IP6_NF_IPTABLES=n 
Checking for IPV6 is not sufficient, use IP6_NF_IPTABLES instead.
 2012-07-14 23:19:16 +02:00
Jan Engelhardt
0c1375414d build: do not attempt to build IPv6 parts if CONFIG_IPV6=n 2012-07-14 22:55:39 +02:00
Jan Engelhardt
cb8050172a SYSRQ: fix double target initialization at module load 2012-07-11 01:42:39 +02:00
Jan Engelhardt
8d5b7c5b7d doc: changelog entry for IPv6 TARPIT 2012-07-09 19:07:24 +02:00
Jan Engelhardt
e2ecff2071 Xtables-addons 1.43 2012-06-30 19:46:21 +02:00
Jan Engelhardt
b2bcedd1ef build: support for Linux 3.5 2012-06-30 18:38:49 +02:00
Florian Westphal
f6b8767228 psd: add basic validation of userspace matchinfo data 
psd multiplies weight_thresh by HZ, so it could overflow.

Userspace libxt_psd refuses values exceeding PSD_MAX_RATE, so check
that on kernel side, too.

Also, setting 0 weight for both privileged and highports will cause
psd to never match at all.

Reject 0 weight threshold, too because it makes no sense (triggers
match for every initial packet).
 2012-06-15 15:11:32 +02:00
Florian Westphal
759546f8d0 xt_psd: avoid crash due to curr->next corruption 
curr->ports[] is of size SCAN_MAX_COUNT - 1, so under certain
conditions we wrote past end of array, corrupting ->next pointer
of the adjacent host entry.

Reported-and-tested-by: Serge Leschinsky <serge.leschinsky@gmail.com>
 2012-04-18 14:30:22 +02:00
Jan Engelhardt
72b1421783 Xtables-addons 1.42 2012-04-05 06:58:46 +02:00
Jan Engelhardt
0b3d1bc4f0 src: remove ipset6-genl 
As scheduled, perform the removal of ipset from the tree.
 2012-04-05 06:58:46 +02:00
Jan Engelhardt
3679e0efa6 build: support for Linux 3.4 2012-04-05 06:58:46 +02:00
Jan Engelhardt
7ee9feb20e build: support for Linux 3.3 2012-04-05 06:58:43 +02:00
Jan Engelhardt
916013cd89 xt_SYSRQ: fix compile error when crypto is turned off 2012-01-20 21:19:13 +01:00
Jan Engelhardt
a6b06502ca compat_xtables: fixed mistranslation of checkentry return values 2012-01-12 09:21:39 +01:00
Jan Engelhardt
aee5aedc63 Xtables-addons 1.41 2012-01-04 21:45:45 +01:00
Jan Engelhardt
ce37dd6984 build: deactivate build of ipset-genl by default 2011-12-31 02:17:30 +01:00
Jan Engelhardt
31fdd86247 build: support for Linux 3.2 2011-12-31 02:15:45 +01:00
Jan Engelhardt
36df60c940 Xtables-addons 1.40 2011-11-30 11:41:04 +01:00
Jan Engelhardt
9ab6a0ee0d ipset: update to 6.10-genl 2011-11-30 11:14:29 +01:00
Jan Engelhardt
365d5edfb3 build: notify of unsupported Linux kernel versions 
make 3.82 does not like mixing normal rules with implicit rules,
which rejects Makefiles of Linux kernels before 2.6.32 series.
 2011-11-26 00:20:36 +01:00
Eivind Naess
75cd1d7d6a xt_ipv4options: fix an infinite loop 2011-11-05 15:31:00 +01:00
Jan Engelhardt
b0dc0e6f4c Merge remote branch 'origin/master' 2011-11-04 20:08:04 +01:00
Jan Engelhardt
d7aeb7da4b build: iptables >= 1.4.5 is in fact required 2011-11-02 00:17:54 +01:00
Jan Engelhardt
487da26146 xt_ECHO: IPv6 support 2011-09-25 14:57:48 +02:00
Jan Engelhardt
434dea2b53 xt_ECHO: calculate UDP checksum 2011-09-25 14:39:43 +02:00
Jan Engelhardt
30d227135b xt_ECHO: fix kernel warning about RTAX_HOPLIMIT being used 2011-09-25 14:39:43 +02:00
Jan Engelhardt
3069c9a3a2 Xtables-addons 1.39 2011-09-21 19:59:41 +02:00
Jan Engelhardt
5245220246 ipset: update to 6.9.1-genl 2011-09-21 19:58:05 +02:00
Jan Engelhardt
ec97cd6d89 build: add missing linux/version.h includes where needed 
Reported-by: Sergei Zhirikov <sfzhi@yahoo.com>
References: http://marc.info/?l=netfilter-devel&m=131404939007827&w=2
 2011-08-28 19:45:39 +02:00
Jan Engelhardt
dc58126e37 doc: update changelog 2011-08-28 19:45:24 +02:00
Frank Reppin
6ef91897b2 build: fix compilation after missing libxtables_CFLAGS in submodules 2011-08-21 13:56:42 +02:00
Jan Engelhardt
c7f60a33c5 ipset-4: remove unsupported version from the VCS 2011-08-20 20:30:03 +02:00
Jan Engelhardt
65b75fc19c Xtables-addons 1.38 2011-08-20 17:02:31 +02:00
Jan Engelhardt
9ccd32d840 ipset: fix compile error due to changed function signature with Linux 3.1 2011-08-20 16:45:58 +02:00
Jan Engelhardt
939d3c8b27 xt_ipp2p: support UDPLITE 2011-08-16 14:50:53 +02:00
Jan Engelhardt
c2d93e16fd xt_SYSRQ: fix UDPLITE header lookup in IPv6 2011-08-12 15:44:27 +02:00
Jan Engelhardt
04aed87cb6 xt_pknock: support UDPLITE 2011-08-12 15:42:44 +02:00
Jan Engelhardt
5ef3a7c436 xt_CHECKSUM: abort build when the feature is already provided by mainline 2011-08-12 15:42:39 +02:00
Jan Engelhardt
27a77b62f5 Merge branch 'ipset' 
Conflicts:
	doc/changelog.txt
 2011-08-12 15:37:50 +02:00
Jan Engelhardt
a141cc311c xt_psd: support UDPLITE 2011-08-11 15:47:20 +02:00
Jan Engelhardt
6c17eb46b5 xt_psd: restore skb_header_pointer functionality for UDP 2011-08-11 15:46:53 +02:00
Jan Engelhardt
74ea647303 ipset: update to 6.8-genl 2011-07-28 13:56:45 +02:00
Jan Engelhardt
e0154bfa4c xt_TEE: abort build when the feature is already provided by mainline 2011-07-28 13:50:38 +02:00
Jan Engelhardt
cd18e2479c xt_TARPIT: fix kernel warning about RTAX_HOPLIMIT being used 2011-07-26 01:57:45 +02:00