e2ecff2071
Xtables-addons 1.43
2012-06-30 19:46:21 +02:00
b2bcedd1ef
build: support for Linux 3.5
2012-06-30 18:38:49 +02:00
f6b8767228
psd: add basic validation of userspace matchinfo data
...
psd multiplies weight_thresh by HZ, so it could overflow.
Userspace libxt_psd refuses values exceeding PSD_MAX_RATE, so check
that on kernel side, too.
Also, setting 0 weight for both privileged and highports will cause
psd to never match at all.
Reject 0 weight threshold, too because it makes no sense (triggers
match for every initial packet).
2012-06-15 15:11:32 +02:00
759546f8d0
xt_psd: avoid crash due to curr->next corruption
...
curr->ports[] is of size SCAN_MAX_COUNT - 1, so under certain
conditions we wrote past end of array, corrupting ->next pointer
of the adjacent host entry.
Reported-and-tested-by: Serge Leschinsky <serge.leschinsky@gmail.com >
2012-04-18 14:30:22 +02:00
72b1421783
Xtables-addons 1.42
2012-04-05 06:58:46 +02:00
0b3d1bc4f0
src: remove ipset6-genl
...
As scheduled, perform the removal of ipset from the tree.
2012-04-05 06:58:46 +02:00
3679e0efa6
build: support for Linux 3.4
2012-04-05 06:58:46 +02:00
7ee9feb20e
build: support for Linux 3.3
2012-04-05 06:58:43 +02:00
916013cd89
xt_SYSRQ: fix compile error when crypto is turned off
2012-01-20 21:19:13 +01:00
a6b06502ca
compat_xtables: fixed mistranslation of checkentry return values
2012-01-12 09:21:39 +01:00
aee5aedc63
Xtables-addons 1.41
2012-01-04 21:45:45 +01:00
ce37dd6984
build: deactivate build of ipset-genl by default
2011-12-31 02:17:30 +01:00
31fdd86247
build: support for Linux 3.2
2011-12-31 02:15:45 +01:00
36df60c940
Xtables-addons 1.40
2011-11-30 11:41:04 +01:00
9ab6a0ee0d
ipset: update to 6.10-genl
2011-11-30 11:14:29 +01:00
365d5edfb3
build: notify of unsupported Linux kernel versions
...
make 3.82 does not like mixing normal rules with implicit rules,
which rejects Makefiles of Linux kernels before 2.6.32 series.
2011-11-26 00:20:36 +01:00
75cd1d7d6a
xt_ipv4options: fix an infinite loop
2011-11-05 15:31:00 +01:00
b0dc0e6f4c
Merge remote branch 'origin/master'
2011-11-04 20:08:04 +01:00
d7aeb7da4b
build: iptables >= 1.4.5 is in fact required
2011-11-02 00:17:54 +01:00
487da26146
xt_ECHO: IPv6 support
2011-09-25 14:57:48 +02:00
434dea2b53
xt_ECHO: calculate UDP checksum
2011-09-25 14:39:43 +02:00
30d227135b
xt_ECHO: fix kernel warning about RTAX_HOPLIMIT being used
2011-09-25 14:39:43 +02:00
3069c9a3a2
Xtables-addons 1.39
2011-09-21 19:59:41 +02:00
5245220246
ipset: update to 6.9.1-genl
2011-09-21 19:58:05 +02:00
ec97cd6d89
build: add missing linux/version.h includes where needed
...
Reported-by: Sergei Zhirikov <sfzhi@yahoo.com >
References: http://marc.info/?l=netfilter-devel&m=131404939007827&w=2
2011-08-28 19:45:39 +02:00
dc58126e37
doc: update changelog
2011-08-28 19:45:24 +02:00
6ef91897b2
build: fix compilation after missing libxtables_CFLAGS in submodules
2011-08-21 13:56:42 +02:00
c7f60a33c5
ipset-4: remove unsupported version from the VCS
2011-08-20 20:30:03 +02:00
65b75fc19c
Xtables-addons 1.38
2011-08-20 17:02:31 +02:00
9ccd32d840
ipset: fix compile error due to changed function signature with Linux 3.1
2011-08-20 16:45:58 +02:00
939d3c8b27
xt_ipp2p: support UDPLITE
2011-08-16 14:50:53 +02:00
c2d93e16fd
xt_SYSRQ: fix UDPLITE header lookup in IPv6
2011-08-12 15:44:27 +02:00
04aed87cb6
xt_pknock: support UDPLITE
2011-08-12 15:42:44 +02:00
5ef3a7c436
xt_CHECKSUM: abort build when the feature is already provided by mainline
2011-08-12 15:42:39 +02:00
27a77b62f5
Merge branch 'ipset'
...
Conflicts:
doc/changelog.txt
2011-08-12 15:37:50 +02:00
a141cc311c
xt_psd: support UDPLITE
2011-08-11 15:47:20 +02:00
6c17eb46b5
xt_psd: restore skb_header_pointer functionality for UDP
2011-08-11 15:46:53 +02:00
74ea647303
ipset: update to 6.8-genl
2011-07-28 13:56:45 +02:00
e0154bfa4c
xt_TEE: abort build when the feature is already provided by mainline
2011-07-28 13:50:38 +02:00
cd18e2479c
xt_TARPIT: fix kernel warning about RTAX_HOPLIMIT being used
2011-07-26 01:57:45 +02:00
6e8fb7f231
Xtables-addons 1.37
2011-06-25 00:57:02 +02:00
77b29a62ee
xt_SYSRQ: include host address in digest
...
The xt_SYSRQ hash now includes the destination IPv4 or IPv6 address
which makes it harder to replay a request to many different machines
in the hope that some of them are using the same password.
2011-06-25 00:03:28 +02:00
33db992c39
xt_SYSRQ: make IPv6 trigger work again
...
IPv6 sysrq never worked because of bad pointer arithmetic.
2011-06-24 23:42:38 +02:00
85d8f98dd7
xt_TARPIT: fix a kernel oops in --reset mode
...
1. Moved misplaced code that was causing kernel oops in reset mode.
2. Added payload size calc to honeypot mode, so ack sequence may ACK
the length of client's sent payload packets correctly.
3. Modified TTL for honeypot mode so we look more like a Windows
machine.
2011-06-24 22:09:34 +02:00
4203259e5a
Xtables-addons 1.36
2011-06-03 16:45:29 +02:00
a5355e74ea
xt_geoip: avoid recursive function calls
...
The stack memory is very limited in Linux kernel.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de >
2011-04-14 09:07:25 +02:00
757bf0e993
Xtables-addons 1.35
...
Trim the changelog to only reveal changes relevant to the end user.
2011-04-11 18:37:32 +02:00
cea4817a46
Merge branch 'ipset-6'
...
Conflicts:
INSTALL
mconfig
2011-04-11 04:23:18 +02:00
2dc79fe008
ipset; update to ipset-6.3 (genl)
...
* Handle EAGAIN from autoloading code.
* Turn one nfgenmsg site into genlmsg to avoid protocol mismatch
2011-04-11 04:11:30 +02:00
b60f8f1de2
Xtables-addons 1.34
2011-04-07 15:15:39 +02:00
Jan Engelhardt