anonfunc/xtables-addons
1
0
Fork 0
mirror of git://git.code.sf.net/p/xtables-addons/xtables-addons synced 2025-09-07 05:05:12 +02:00
Code Issues Releases Wiki Activity
768 Commits 5 Branches 85 Tags
5b2649b1a29f87b27e963dd68ffa57fe4c01a04b
Commit Graph

768 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jan Engelhardt
5b2649b1a2 psd: re-format comments 2012-06-15 15:16:31 +02:00
Florian Westphal
f6b8767228 psd: add basic validation of userspace matchinfo data 
psd multiplies weight_thresh by HZ, so it could overflow.

Userspace libxt_psd refuses values exceeding PSD_MAX_RATE, so check
that on kernel side, too.

Also, setting 0 weight for both privileged and highports will cause
psd to never match at all.

Reject 0 weight threshold, too because it makes no sense (triggers
match for every initial packet).
 2012-06-15 15:11:32 +02:00
Florian Westphal
ac58f2e94b psd: rip out scanlogd leftovers 
scanlogd remembers tcp flags and uses the *_CHANGING values in its
logger function to determine the best log format to use (e.g. TTL is
not logged if HF_TTL_CHANGING was set, as TTL values were different).

As psd does not log at all, we do not need track this.

Also get rid of bogus/misleading comments.
 2012-06-15 15:09:26 +02:00
Jan Engelhardt
7cc774641a all: remove trailing squatspaces 2012-06-10 22:31:10 +02:00
Marek Kierdelewicz
492236f931 DNETMAP version 2 
- new type: static binding
- new persistent flag option for prefix
- add extra information in /proc/net/xt_DNETMAP/prefix_stat that
  includes the count of static bindings and persistent flag
- add proc interface write support (add/del/flush binding)
- updated manual
 2012-06-10 22:27:28 +02:00
Jan Engelhardt
1e8da7c31c build: update installation requirements 
Versions prior to 2.6.32 are not tested anymore due to make 3.82 being
troubled with an old ambiguous Makefile syntax.
 2012-04-21 02:45:10 +02:00
Jan Engelhardt
3f1202c211 build: limit xt_ECHO to kernel 3.x 
(Would also work on 2.6.39, but eh.)
 2012-04-21 02:44:51 +02:00
Florian Westphal
759546f8d0 xt_psd: avoid crash due to curr->next corruption 
curr->ports[] is of size SCAN_MAX_COUNT - 1, so under certain
conditions we wrote past end of array, corrupting ->next pointer
of the adjacent host entry.

Reported-and-tested-by: Serge Leschinsky <serge.leschinsky@gmail.com>
 2012-04-18 14:30:22 +02:00
Jan Engelhardt
72b1421783 Xtables-addons 1.42 v1.42 2012-04-05 06:58:46 +02:00
Jan Engelhardt
0b3d1bc4f0 src: remove ipset6-genl 
As scheduled, perform the removal of ipset from the tree.
 2012-04-05 06:58:46 +02:00
Jan Engelhardt
3679e0efa6 build: support for Linux 3.4 2012-04-05 06:58:46 +02:00
Jan Engelhardt
517b8c66b5 build: enable xt_ECHO by default 2012-04-05 06:58:46 +02:00
Jan Engelhardt
7ee9feb20e build: support for Linux 3.3 2012-04-05 06:58:43 +02:00
Jan Engelhardt
f830dbd34e Remove unused Kconfig files 2012-03-14 01:32:33 +01:00
Jan Engelhardt
916013cd89 xt_SYSRQ: fix compile error when crypto is turned off 2012-01-20 21:19:13 +01:00
Jan Engelhardt
a6b06502ca compat_xtables: fixed mistranslation of checkentry return values 2012-01-12 09:21:39 +01:00
Jan Engelhardt
aee5aedc63 Xtables-addons 1.41 v1.41 2012-01-04 21:45:45 +01:00
Jan Engelhardt
54d784ffdf build: stash away build tools and update .gitignore 2012-01-04 21:45:45 +01:00
Jan Engelhardt
076610e3af build: additional compilation fixes for Linux 3.2/3.3 2012-01-04 21:45:43 +01:00
Jan Engelhardt
7a1ad32d1a doc: document --without-kbuild 
References: http://comments.gmane.org/gmane.comp.security.firewalls.netfilter.general/42337
 2011-12-31 03:06:58 +01:00
Jan Engelhardt
40094379dd doc: update README/INSTALL with recent changes 2011-12-31 03:05:25 +01:00
Jan Engelhardt
ce37dd6984 build: deactivate build of ipset-genl by default 2011-12-31 02:17:30 +01:00
Jan Engelhardt
31fdd86247 build: support for Linux 3.2 2011-12-31 02:15:45 +01:00
Jan Engelhardt
36df60c940 Xtables-addons 1.40 v1.40 2011-11-30 11:41:04 +01:00
Jan Engelhardt
2b671829d8 xt_quota2: license clarification 
GPL3 did not exist back when Sam's xt_quota was written, therefore it
should be assumed that MODULE_LICENSE("GPL") intended to mean just
GPL2.
 2011-11-30 11:41:04 +01:00
Jan Engelhardt
9ab6a0ee0d ipset: update to 6.10-genl 2011-11-30 11:14:29 +01:00
Jan Engelhardt
365d5edfb3 build: notify of unsupported Linux kernel versions 
make 3.82 does not like mixing normal rules with implicit rules,
which rejects Makefiles of Linux kernels before 2.6.32 series.
 2011-11-26 00:20:36 +01:00
Eivind Naess
75cd1d7d6a xt_ipv4options: fix an infinite loop 2011-11-05 15:31:00 +01:00
Jan Engelhardt
b0dc0e6f4c Merge remote branch 'origin/master' 2011-11-04 20:08:04 +01:00
Jan Engelhardt
bc1c37618a src: use xtables_register_targets throughout 2011-11-02 00:26:23 +01:00
Jan Engelhardt
d7aeb7da4b build: iptables >= 1.4.5 is in fact required 2011-11-02 00:17:54 +01:00
Jan Engelhardt
487da26146 xt_ECHO: IPv6 support 2011-09-25 14:57:48 +02:00
Jan Engelhardt
434dea2b53 xt_ECHO: calculate UDP checksum 2011-09-25 14:39:43 +02:00
Jan Engelhardt
30d227135b xt_ECHO: fix kernel warning about RTAX_HOPLIMIT being used 2011-09-25 14:39:43 +02:00
Jan Engelhardt
a508ec048c xt_ECHO: misc backports from ipt_REJECT and cosmetics 2011-09-25 14:39:10 +02:00
Jan Engelhardt
3069c9a3a2 Xtables-addons 1.39 v1.39 2011-09-21 19:59:41 +02:00
Jan Engelhardt
5245220246 ipset: update to 6.9.1-genl 2011-09-21 19:58:05 +02:00
Jan Engelhardt
ec97cd6d89 build: add missing linux/version.h includes where needed 
Reported-by: Sergei Zhirikov <sfzhi@yahoo.com>
References: http://marc.info/?l=netfilter-devel&m=131404939007827&w=2
 2011-08-28 19:45:39 +02:00
Jan Engelhardt
dc58126e37 doc: update changelog 2011-08-28 19:45:24 +02:00
Arkadiusz Miskiewicz
d509951fcf ipset: move ipset_errcode from src to library to avoid undefined reference 
Unresolved symbols found in: /home/users/arekm/tmp/
xtables-addons-1.38-root-arekm/usr/lib64/libipset.so.1.0.0
        ipset_errcode

References: http://marc.info/?l=netfilter-devel&m=131435791514602&w=2
 2011-08-28 19:40:14 +02:00
Frank Reppin
6ef91897b2 build: fix compilation after missing libxtables_CFLAGS in submodules 2011-08-21 13:56:42 +02:00
Jan Engelhardt
c7f60a33c5 ipset-4: remove unsupported version from the VCS 2011-08-20 20:30:03 +02:00
Jan Engelhardt
65b75fc19c Xtables-addons 1.38 v1.38 2011-08-20 17:02:31 +02:00
Jan Engelhardt
bac406bff5 ipset-6: unambiguouize reported name 2011-08-20 16:50:41 +02:00
Jan Engelhardt
aa53733851 build: disable ipset-4 by default 
This is no longer supported by upstream.
 2011-08-20 16:47:40 +02:00
Jan Engelhardt
9ccd32d840 ipset: fix compile error due to changed function signature with Linux 3.1 2011-08-20 16:45:58 +02:00
Jan Engelhardt
939d3c8b27 xt_ipp2p: support UDPLITE 2011-08-16 14:50:53 +02:00
Jan Engelhardt
c2d93e16fd xt_SYSRQ: fix UDPLITE header lookup in IPv6 2011-08-12 15:44:27 +02:00
Jan Engelhardt
04aed87cb6 xt_pknock: support UDPLITE 2011-08-12 15:42:44 +02:00
Jan Engelhardt
5ef3a7c436 xt_CHECKSUM: abort build when the feature is already provided by mainline 2011-08-12 15:42:39 +02:00