anonfunc/xtables-addons
1
0
Fork 0
mirror of git://git.code.sf.net/p/xtables-addons/xtables-addons synced 2025-09-07 13:15:12 +02:00
Code Issues Releases Wiki Activity
597 Commits 5 Branches 85 Tags
9c4c76f9e2eb30c44b0bb788f104f06115c9ad74
Commit Graph

42 Commits

Author SHA1 Message Date
Jan Engelhardt
03ec8a7696 TEE: resolve compile error with Linux 2.6.36-rc 
xt_TEE.c:54:19: error: request for member "dst" in something not a
structure or union
xt_TEE.c:55:20: error: "struct rtable" has no member named "u"

Linux kernel commit v2.6.36-rc1~571^2~616 changed this.
 2010-09-22 23:37:19 +02:00
Jan Engelhardt
5b472be9bb compat_xtables: move to 2.6.35 xt_action_param (1/3) 2010-05-13 19:28:37 +02:00
Jan Engelhardt
8ff64f4ef4 xt_TEE: move skb cleanup outwards 2010-04-15 23:47:07 +02:00
Jan Engelhardt
93f6c1a312 xt_TEE: remove debug printks 2010-04-15 22:54:05 +02:00
Jan Engelhardt
b535abce2e xt_TEE: use nf_conntrack_untracked 
No reason having to use our own nf_conntrack bucket.
 2010-04-15 21:29:37 +02:00
Jan Engelhardt
8ae9ac5433 xt_TEE: use less expensive pskb_copy 2010-04-07 01:31:18 +02:00
Jan Engelhardt
e1eed2b05e Merge branch 'tee' 2010-04-05 02:15:26 +02:00
Jan Engelhardt
7b077c7459 Merge branch 'api35' 2010-04-05 02:15:24 +02:00
Jan Engelhardt
ad146dbeef compat_xtables: move to 2.6.35 API for targets 2010-04-05 02:15:20 +02:00
Jan Engelhardt
fb4c49d794 xt_TEE: new loop detection logic 2010-04-05 00:47:08 +02:00
Jan Engelhardt
a17203e036 xt_TEE: remove old loop detection 
The loop detection does not work if the kernel is built without
conntrack. In fact, since cloned packets are sent directly and do not
pass through Xtables, there are no loops happening.
 2010-04-05 00:47:08 +02:00
Jan Engelhardt
987402dc61 xt_TEE: do not retain iif and mark on cloned packet 
Patrick McHardy explains in [1] that locally-generated packets (such
as the clones xt_TEE will create) usually start with no iif and no
mark value, and even if cloned packets are a little more special than
locally-generated ones, let's do it that way.

[1] http://marc.info/?l=netfilter-devel&m=127012289008156&w=2
 2010-04-05 00:47:08 +02:00
Jan Engelhardt
295b6b6d73 xt_TEE: do not limit use to mangle table 2010-04-05 00:47:08 +02:00
Jan Engelhardt
7338a2a400 xt_TEE: free skb when route lookup failed 2010-04-05 00:47:08 +02:00
Jan Engelhardt
ba35636718 xt_TEE: set dont-fragment on cloned packets 2010-04-05 00:47:08 +02:00
Jan Engelhardt
fd19a40dbe xt_TEE: avoid making original packet writable 
There is not any real need to make the original packet writable, as it
is not going to be modified anyway.
 2010-04-05 00:47:08 +02:00
Jan Engelhardt
937571bb9d xt_TEE: decrease TTL on cloned packet 2010-04-05 00:47:03 +02:00
Jan Engelhardt
346fc1a376 xt_TEE: do rechecksumming in PREROUTING too 2010-04-05 00:46:12 +02:00
Jan Engelhardt
56535551b3 xt_TEE: use ip_send_check instead of open-coded logic 2010-04-05 00:46:12 +02:00
Jan Engelhardt
dd8fdd09c8 xt_SYSRQ: do not print error messages on ENOMEM 
Memory allocation failures are usually already reported by SLAB and
the ENOMEM error code itself.
 2010-04-05 00:45:28 +02:00
Jan Engelhardt
8dd316ed56 Revert "xt_TEE: cosmetic replace a version check" 
This reverts commit ab13e58f96.

Whoops. There is no mark at all before 2.6.19.
 2010-03-17 02:38:22 +01:00
Jan Engelhardt
ab13e58f96 xt_TEE: cosmetic replace a version check 2010-03-16 17:01:02 +01:00
Olivier Mehani
d643fc4b6c doc: fix option mismatch --gw/--gateway (2) 2009-11-25 11:45:16 +01:00
Jan Engelhardt
d97f77a8f5 TEE: spello fix 2009-07-02 04:16:14 +02:00
Jan Engelhardt
fdf42a3a50 build: support for Linux 2.6.31-rc1 2009-07-02 01:51:40 +02:00
Jan Engelhardt
e11a07b230 build: fix compile issues with <= 2.6.19 
Resolve compile breakage from commits
36f80be2f7 and
7b9ca945d4.
 2009-03-07 02:58:36 +01:00
Jan Engelhardt
36f80be2f7 xt_TEE: enable routing by iif, nfmark and flowlabel 
Patrick McHardy suggests in
http://marc.info/?l=netfilter-devel&m=123564267330117&w=2 that
routing should handle the clone more like its original.
 2009-03-07 01:27:08 +01:00
Florian Westphal
d2d8712980 xt_TEE: resolve unknown symbol error with CONFIG_IPV6=n 
WARNING: xt_TEE.ko needs unknown symbol ip6_route_output

Signed-off-by: Florian Westphal <fwestphal@astaro.com>
 2009-03-07 00:48:16 +01:00
Jan Engelhardt
621cef39f5 revert "TEE: do not use TOS for routing" 
Revert commit f77a8e2eda.

Patrick McHardy suggests in
http://marc.info/?l=netfilter-devel&m=123564267330117&w=2 that
routing should handle the clone more like its original.
 2009-03-05 02:03:06 +01:00
Jan Engelhardt
9ed364ed36 TEE: collapse tee_tg_send{4,6} 2009-01-10 13:58:19 +01:00
Jan Engelhardt
4aad07bdc4 TEE: IPv6 support 2008-11-21 01:15:21 +01:00
Jan Engelhardt
7a3f874753 TEE: various cleanups, add comments 
Normalize function names in light of upcoming IPv6 support.
Reformat other lines.
Add comment note about tee_send4.
 2008-11-21 01:15:03 +01:00
Jan Engelhardt
f77a8e2eda TEE: do not use TOS for routing 
Otherwise the cloned packet may be subject to more policy routing
rules than expected.
 2008-11-21 01:15:02 +01:00
Jan Engelhardt
ee7e4f5a42 Update for Linux 2.6.28 2008-11-18 12:51:25 +01:00
Jan Engelhardt
be6fbee56a src: use NFPROTO_ constants 2008-11-18 11:57:14 +01:00
Jan Engelhardt
ab27472eb4 src: move to a pskb-based API 
It occurred that skb reallocation does happen on older kernels, and
those kernels should really be supported, since the patch is really
minimal.
 2008-09-01 15:27:43 -04:00
Jan Engelhardt
74880dd6ca Update license texts 2008-08-02 13:08:48 -04:00
Jan Engelhardt
f34be8445f TEE: make skb writable before attempting checksum update 
This also adds the compat function xtnu_skb_make_writable().
 2008-04-09 20:06:17 +02:00
Jan Engelhardt
2f6bc4c8cb TEE: reenable header_ops check 2008-04-07 08:44:25 +02:00
Jan Engelhardt
75e88a7321 Update compat code for new 2.6.25 code 
Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
 2008-02-21 13:29:31 +01:00
Jan Engelhardt
47b700b0f5 Add a compat wrapper to make modules work with older Linux. 
The extension modules use the API of a fairly recent kernel, if not
even the networking git tree. To make it work with older Linux
kernels, an API wrapper is added. Should compile against
running-kernels Linux 2.6.19..current (tested: 2.6.22..current).

Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
 2008-01-29 15:40:57 +01:00
Jan Engelhardt
7a981b17b5 Initial commit. 
Populate the iptables-addons repository with two modules, xt_TARPIT
and xt_TEE, as a starting point.

Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
 2008-01-29 03:57:08 +01:00