anonfunc/xtables-addons
1
0
Fork 0
mirror of git://git.code.sf.net/p/xtables-addons/xtables-addons synced 2025-09-06 04:35:12 +02:00
Code Issues Releases Wiki Activity
564 Commits 5 Branches 85 Tags
d402cec807fe16f7f7b208f0b2871ea48dd557ea
Commit Graph

564 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Michael S. Tsirkin
d402cec807 xt_CHECKSUM: initial import 
This adds a "CHECKSUM" target, which can be used in the iptables mangle
table.

You can use this target to compute and fill in the checksum in a packet
that lacks a checksum. This is particularly useful, if you need to work
around old applications such as dhcp clients, that do not work well with
checksum offloads, but don't want to disable checksum offload in your
device.

The problem happens in the field with virtualized applications. For
reference, see Red Hat bz 605555, as well as
http://www.spinics.net/lists/kvm/msg37660.html

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
 2010-07-11 17:54:54 +02:00
John Haxby
b42190c04b xt_SYSRQ: fix a couple of problems 
The first problem is that the error response from crypto_alloc_hash()
should be extracted from the pointer before setting the pointer to NULL.

The second error is that only the first half of the password hash is
checked which slightly weakens the password checking.

Signed-off-by: John Haxby <john.haxby@oracle.com>
 2010-06-25 12:20:26 +02:00
Jan Engelhardt
4dcefe4b95 xt_geoip: fix possible out-of-bounds access 
It is possible for geoip_bsearch() to pick mid == sizeof(subnets).

Consider a set with a single entry and a "address to test"
higher than the range:

1st call: lo = 0, hi = 1 -> mid will be 0
2nd call: lo = 1, hi = 1 -> mid will be 1

On the 2nd call, we'll examine random data.

Reported-by: Florian Westphal <fw@strlen.de>
 2010-06-13 10:40:07 +02:00
Jan Engelhardt
a2662b0121 RAWNAT: IPv6 variants erroneously rejected masks /33-/128 2010-06-12 09:23:59 +02:00
Jan Engelhardt
03354eed44 build: make configure CFLAGS=-ggdb3 have effect on .so files 2010-06-12 09:22:35 +02:00
Changli Gao
ddda6972a4 RAWNAT: fix incorrect mask in rawnat_ipv6_mask 
I really think it is a typo mistake. :)

Signed-off-by: Changli Gao <xiaosuo@gmail.com>
 2010-05-29 12:35:14 +02:00
Jan Engelhardt
8e7359bb92 Merge remote branch 'sf/master' 2010-05-29 10:16:04 +02:00
Jan Engelhardt
40786af1c0 build: update tarball target 2010-05-19 19:32:28 +02:00
Jan Engelhardt
f6e2fb815e Xtables-addons 1.27 v1.27 2010-05-16 22:19:02 +02:00
Jan Engelhardt
f171a0f07e xa-d-m: remove superfluous protos 2010-05-14 13:03:16 +02:00
Jan Engelhardt
d17ddb9c94 Merge branch 'api35' 2010-05-14 11:52:18 +02:00
Jan Engelhardt
54d80a73b4 compat_xtables: more 2.6.35 support 2010-05-14 11:51:34 +02:00
Jan Engelhardt
43921c5834 compat_xtables: move to 2.6.35 xt_action_param (3/3) 
Since the last merge of the "api35" branch, further changes were
included into nf-next. This set of three commits updates the
xtables-addons API to match that.
 2010-05-13 19:45:56 +02:00
Jan Engelhardt
9a18a05d02 compat_xtables: move to 2.6.35 xt_action_param (2/3) 2010-05-13 19:45:52 +02:00
Jan Engelhardt
5b472be9bb compat_xtables: move to 2.6.35 xt_action_param (1/3) 2010-05-13 19:28:37 +02:00
Jan Engelhardt
4dd35fb564 compat_xtables: move 2.6.28+ xtnu_target_run code 2010-05-13 16:52:55 +02:00
Jan Engelhardt
b32d6dad90 compat_xtables: remove unused list member from xtnu_{match,target} 2010-05-13 16:03:05 +02:00
Jan Engelhardt
5b2cb97c06 compat_xtables: annotate struct xtnu_{match,target}->name 2010-05-13 15:58:50 +02:00
Jan Engelhardt
ca894d6687 compat_xtables: improve memory usage in struct xtnu_{match,target} 2010-05-13 15:51:54 +02:00
Jan Engelhardt
db717ec479 xt_quota2: reduce printf complexity 2010-05-13 15:39:29 +02:00
Jan Engelhardt
a46ca95078 Xtables-addons 1.26 v1.26 2010-04-30 22:54:06 +02:00
Jan Engelhardt
8b2a266db0 compat_xtables: fix 2.6.34 compile error due to a typo 2010-04-30 22:50:52 +02:00
Jan Engelhardt
03e10ff544 Xtables-addons 1.25 v1.25 2010-04-26 14:14:02 +02:00
Jan Engelhardt
37986fd785 Merge branch 'tee' 2010-04-26 14:12:03 +02:00
Jan Engelhardt
8ff64f4ef4 xt_TEE: move skb cleanup outwards 2010-04-15 23:47:07 +02:00
Jan Engelhardt
93f6c1a312 xt_TEE: remove debug printks 2010-04-15 22:54:05 +02:00
Jan Engelhardt
b535abce2e xt_TEE: use nf_conntrack_untracked 
No reason having to use our own nf_conntrack bucket.
 2010-04-15 21:29:37 +02:00
Jan Engelhardt
5db988626f Merge branch 'condition' 2010-04-15 21:10:36 +02:00
Jan Engelhardt
c6f8f72bf1 xt_condition: use non-interruptible check routine 
Patrick McHardy let's it be known: "No need for interruptible locking,
the section is very short and usually there's only a single iptables
process running at a time."
 2010-04-09 12:38:48 +02:00
Jan Engelhardt
47cbb07162 xt_condition: remove unnecessary RCU protection 
The module does not use the RCU mechanism, so calling
list_add_rcu/list_del_rcu does not make much sense either.
 2010-04-09 12:28:12 +02:00
Jan Engelhardt
79c55ab325 Merge branch 'api35' 2010-04-09 12:24:21 +02:00
Jan Engelhardt
11ab4d0acc compat_xtables: correct compile errors 2010-04-09 12:24:19 +02:00
Jan Engelhardt
8ae9ac5433 xt_TEE: use less expensive pskb_copy 2010-04-07 01:31:18 +02:00
Jan Engelhardt
2060a58912 build: do not print enter/exit during banner 2010-04-05 02:22:49 +02:00
Jan Engelhardt
e1eed2b05e Merge branch 'tee' 2010-04-05 02:15:26 +02:00
Jan Engelhardt
7b077c7459 Merge branch 'api35' 2010-04-05 02:15:24 +02:00
Jan Engelhardt
ad146dbeef compat_xtables: move to 2.6.35 API for targets 2010-04-05 02:15:20 +02:00
Jan Engelhardt
fb4c49d794 xt_TEE: new loop detection logic 2010-04-05 00:47:08 +02:00
Jan Engelhardt
a17203e036 xt_TEE: remove old loop detection 
The loop detection does not work if the kernel is built without
conntrack. In fact, since cloned packets are sent directly and do not
pass through Xtables, there are no loops happening.
 2010-04-05 00:47:08 +02:00
Jan Engelhardt
987402dc61 xt_TEE: do not retain iif and mark on cloned packet 
Patrick McHardy explains in [1] that locally-generated packets (such
as the clones xt_TEE will create) usually start with no iif and no
mark value, and even if cloned packets are a little more special than
locally-generated ones, let's do it that way.

[1] http://marc.info/?l=netfilter-devel&m=127012289008156&w=2
 2010-04-05 00:47:08 +02:00
Jan Engelhardt
295b6b6d73 xt_TEE: do not limit use to mangle table 2010-04-05 00:47:08 +02:00
Jan Engelhardt
7338a2a400 xt_TEE: free skb when route lookup failed 2010-04-05 00:47:08 +02:00
Jan Engelhardt
ba35636718 xt_TEE: set dont-fragment on cloned packets 2010-04-05 00:47:08 +02:00
Jan Engelhardt
fd19a40dbe xt_TEE: avoid making original packet writable 
There is not any real need to make the original packet writable, as it
is not going to be modified anyway.
 2010-04-05 00:47:08 +02:00
Jan Engelhardt
937571bb9d xt_TEE: decrease TTL on cloned packet 2010-04-05 00:47:03 +02:00
Jan Engelhardt
346fc1a376 xt_TEE: do rechecksumming in PREROUTING too 2010-04-05 00:46:12 +02:00
Jan Engelhardt
56535551b3 xt_TEE: use ip_send_check instead of open-coded logic 2010-04-05 00:46:12 +02:00
Jan Engelhardt
dd8fdd09c8 xt_SYSRQ: do not print error messages on ENOMEM 
Memory allocation failures are usually already reported by SLAB and
the ENOMEM error code itself.
 2010-04-05 00:45:28 +02:00
Jan Engelhardt
beb3358297 compat_xtables: move to 2.6.35 API for matches 2010-04-05 00:43:47 +02:00
Jan Engelhardt
02d8bdc3d9 build: add a version banner on make modules 
Because the build error logs of module-assistant are totally useless,
as the tarball filename has been stripped of the version, and
configure is not run either.
 2010-04-05 00:43:32 +02:00