anonfunc/xtables-addons
1
0
Fork 0
mirror of git://git.code.sf.net/p/xtables-addons/xtables-addons synced 2025-09-07 21:25:12 +02:00
Code Issues Releases Wiki Activity
785 Commits 5 Branches 85 Tags
e5093b61cd4145ba7da4efd143f8211ace4bbc96
Commit Graph

625 Commits

Author SHA1 Message Date
Jan Engelhardt
e5093b61cd compat_xtables: add xtnu_ipv6_skip_exthdr 2012-07-09 18:54:22 +02:00
Josh Hunt
7cd01e0b14 TARPIT: add IPv6 support 
This adds IPv6 support for the tarpit target. It performs the same
functionality as the v4 version, but with IPv6 connections.

Signed-off-by: Josh Hunt <johunt@akamai.com>
 2012-07-08 21:22:22 +02:00
Josh Hunt
4eb97c7a01 TARPIT: make tarpit code generic 
Creates a generic function to perform the tcp header manipulation in.
Done in preparation for IPv6 support. This allows us to share code
between v4 and v6 processing.

Signed-off-by: Josh Hunt <johunt@akamai.com>
 2012-07-08 20:54:35 +02:00
Josh Hunt
48fbc6783e TARPIT: move XTTARPIT_RESET to its own function 
Moves XTTARPIT_RESET into its own function.

Signed-off-by: Josh Hunt <johunt@akamai.com>
 2012-07-08 20:51:46 +02:00
Josh Hunt
a9f383daf8 TARPIT: move XTTARPIT_HONEYPOT mode into its own function 
Moves XTTARPIT_HONEYPOT into its own function.

Signed-off-by: Josh Hunt <johunt@akamai.com>
 2012-07-08 20:51:05 +02:00
Josh Hunt
cbe58f55d0 TARPIT: move XTTARPIT_TARPIT mode processing to its own function 
Moves the XTTARPIT_TARPIT mode processing to its own function.

Signed-off-by: Josh Hunt <johunt@akamai.com>
 2012-07-08 20:51:00 +02:00
Jan Engelhardt
d11218815f TARPIT: mark oldtcphdr const 2012-07-08 20:51:00 +02:00
Kevin Locke
911d3d146a build: include <net/ip6_checksum.h> for csum_ipv6_magic 
xt_ECHO fails to build on PPC because csum_ipv6_magic is declared in
<net/ip6_checksum.h>, which is not implicitly included from other
headers on PPC causing build failures due to this function being
undefined. So, include this header explicitly.

Note:  Same cause as <http://bugzilla.netfilter.org/show_bug.cgi?id=307>.
 2012-07-03 22:53:57 +02:00
Jan Engelhardt
b2bcedd1ef build: support for Linux 3.5 2012-06-30 18:38:49 +02:00
Jan Engelhardt
95da880d39 build: remove empty warning message 2012-06-21 19:13:13 +02:00
Jan Engelhardt
3be26a731b build: add missing include for xt_DNETMAP 
xt_DNETMAP.c: In function 'dnetmap_tg_proc_write':
xt_DNETMAP.c:703:3: error: implicit declaration of function 'in4_pton'
[-Werror=implicit-function-declaration]
 2012-06-15 15:48:42 +02:00
Florian Westphal
d66d07d01d psd: move defines to user/kernelspace part where possible 
Some of these defines have no meaning in userspace, so there
is no need to make those available.
 2012-06-15 15:17:30 +02:00
Florian Westphal
3736a265d8 psd: reduce size of struct host 
We can use u16, saving 8 bytes total (weight cannot exceed
PSD_MAX_RATE, 10000). Also re-format comments & struct initializers.

No functional changes.
 2012-06-15 15:17:21 +02:00
Jan Engelhardt
5b2649b1a2 psd: re-format comments 2012-06-15 15:16:31 +02:00
Florian Westphal
f6b8767228 psd: add basic validation of userspace matchinfo data 
psd multiplies weight_thresh by HZ, so it could overflow.

Userspace libxt_psd refuses values exceeding PSD_MAX_RATE, so check
that on kernel side, too.

Also, setting 0 weight for both privileged and highports will cause
psd to never match at all.

Reject 0 weight threshold, too because it makes no sense (triggers
match for every initial packet).
 2012-06-15 15:11:32 +02:00
Florian Westphal
ac58f2e94b psd: rip out scanlogd leftovers 
scanlogd remembers tcp flags and uses the *_CHANGING values in its
logger function to determine the best log format to use (e.g. TTL is
not logged if HF_TTL_CHANGING was set, as TTL values were different).

As psd does not log at all, we do not need track this.

Also get rid of bogus/misleading comments.
 2012-06-15 15:09:26 +02:00
Jan Engelhardt
7cc774641a all: remove trailing squatspaces 2012-06-10 22:31:10 +02:00
Marek Kierdelewicz
492236f931 DNETMAP version 2 
- new type: static binding
- new persistent flag option for prefix
- add extra information in /proc/net/xt_DNETMAP/prefix_stat that
  includes the count of static bindings and persistent flag
- add proc interface write support (add/del/flush binding)
- updated manual
 2012-06-10 22:27:28 +02:00
Jan Engelhardt
3f1202c211 build: limit xt_ECHO to kernel 3.x 
(Would also work on 2.6.39, but eh.)
 2012-04-21 02:44:51 +02:00
Florian Westphal
759546f8d0 xt_psd: avoid crash due to curr->next corruption 
curr->ports[] is of size SCAN_MAX_COUNT - 1, so under certain
conditions we wrote past end of array, corrupting ->next pointer
of the adjacent host entry.

Reported-and-tested-by: Serge Leschinsky <serge.leschinsky@gmail.com>
 2012-04-18 14:30:22 +02:00
Jan Engelhardt
0b3d1bc4f0 src: remove ipset6-genl 
As scheduled, perform the removal of ipset from the tree.
 2012-04-05 06:58:46 +02:00
Jan Engelhardt
7ee9feb20e build: support for Linux 3.3 2012-04-05 06:58:43 +02:00
Jan Engelhardt
f830dbd34e Remove unused Kconfig files 2012-03-14 01:32:33 +01:00
Jan Engelhardt
916013cd89 xt_SYSRQ: fix compile error when crypto is turned off 2012-01-20 21:19:13 +01:00
Jan Engelhardt
a6b06502ca compat_xtables: fixed mistranslation of checkentry return values 2012-01-12 09:21:39 +01:00
Jan Engelhardt
54d784ffdf build: stash away build tools and update .gitignore 2012-01-04 21:45:45 +01:00
Jan Engelhardt
076610e3af build: additional compilation fixes for Linux 3.2/3.3 2012-01-04 21:45:43 +01:00
Jan Engelhardt
31fdd86247 build: support for Linux 3.2 2011-12-31 02:15:45 +01:00
Jan Engelhardt
2b671829d8 xt_quota2: license clarification 
GPL3 did not exist back when Sam's xt_quota was written, therefore it
should be assumed that MODULE_LICENSE("GPL") intended to mean just
GPL2.
 2011-11-30 11:41:04 +01:00
Jan Engelhardt
9ab6a0ee0d ipset: update to 6.10-genl 2011-11-30 11:14:29 +01:00
Eivind Naess
75cd1d7d6a xt_ipv4options: fix an infinite loop 2011-11-05 15:31:00 +01:00
Jan Engelhardt
b0dc0e6f4c Merge remote branch 'origin/master' 2011-11-04 20:08:04 +01:00
Jan Engelhardt
bc1c37618a src: use xtables_register_targets throughout 2011-11-02 00:26:23 +01:00
Jan Engelhardt
487da26146 xt_ECHO: IPv6 support 2011-09-25 14:57:48 +02:00
Jan Engelhardt
434dea2b53 xt_ECHO: calculate UDP checksum 2011-09-25 14:39:43 +02:00
Jan Engelhardt
30d227135b xt_ECHO: fix kernel warning about RTAX_HOPLIMIT being used 2011-09-25 14:39:43 +02:00
Jan Engelhardt
a508ec048c xt_ECHO: misc backports from ipt_REJECT and cosmetics 2011-09-25 14:39:10 +02:00
Jan Engelhardt
5245220246 ipset: update to 6.9.1-genl 2011-09-21 19:58:05 +02:00
Jan Engelhardt
ec97cd6d89 build: add missing linux/version.h includes where needed 
Reported-by: Sergei Zhirikov <sfzhi@yahoo.com>
References: http://marc.info/?l=netfilter-devel&m=131404939007827&w=2
 2011-08-28 19:45:39 +02:00
Arkadiusz Miskiewicz
d509951fcf ipset: move ipset_errcode from src to library to avoid undefined reference 
Unresolved symbols found in: /home/users/arekm/tmp/
xtables-addons-1.38-root-arekm/usr/lib64/libipset.so.1.0.0
        ipset_errcode

References: http://marc.info/?l=netfilter-devel&m=131435791514602&w=2
 2011-08-28 19:40:14 +02:00
Frank Reppin
6ef91897b2 build: fix compilation after missing libxtables_CFLAGS in submodules 2011-08-21 13:56:42 +02:00
Jan Engelhardt
c7f60a33c5 ipset-4: remove unsupported version from the VCS 2011-08-20 20:30:03 +02:00
Jan Engelhardt
bac406bff5 ipset-6: unambiguouize reported name 2011-08-20 16:50:41 +02:00
Jan Engelhardt
9ccd32d840 ipset: fix compile error due to changed function signature with Linux 3.1 2011-08-20 16:45:58 +02:00
Jan Engelhardt
939d3c8b27 xt_ipp2p: support UDPLITE 2011-08-16 14:50:53 +02:00
Jan Engelhardt
c2d93e16fd xt_SYSRQ: fix UDPLITE header lookup in IPv6 2011-08-12 15:44:27 +02:00
Jan Engelhardt
04aed87cb6 xt_pknock: support UDPLITE 2011-08-12 15:42:44 +02:00
Jan Engelhardt
5ef3a7c436 xt_CHECKSUM: abort build when the feature is already provided by mainline 2011-08-12 15:42:39 +02:00
Jan Engelhardt
27a77b62f5 Merge branch 'ipset' 
Conflicts:
	doc/changelog.txt
 2011-08-12 15:37:50 +02:00
Jan Engelhardt
01d864f4fc xt_psd: resolve compiler warning 
xt_psd.c: In function "xt_psd_match":
xt_psd.c:253:27: warning: "tcph" may be used uninitialized in this
function [-Wuninitialized]
 2011-08-11 15:50:08 +02:00