xtables-addons

mirror of git://git.code.sf.net/p/xtables-addons/xtables-addons synced 2025-09-06 20:55:13 +02:00

Go to file

Jan Rafaj b132101b63 pknock: check interknock time only for !ST_ALLOWED peers

Fixes a bug whereby an ST_ALLOWED peer existing for a time greater
than gc_expir_time would be gc-deleted, because both
!has_logged_during_this_minute(peer) and
is_interknock_time_exceeded(peer, rule->max_time) would be satisfied
for ST_ALLOWED hosts.

We also no longer test for !has_logged_during_this_minute(peer) in
peer_gc(), since there is really no need for this: the anti-spoof
minute check is performed (and subsequent remove_peer(peer) called if
needed) for each passing UDP-mode peer with expired autoclose in
pknock_mt(), given that --autoclose has been specified. If autoclose
has not been set, it will be subject to reset_knock_status(peer)
called from knock_mt() upon receiving the first closing secret - so it
is still guaranteed to disappear at the closest opportunity.

Signed-off-by: Jan Rafaj <jr+netfilter-devel@cedric.unob.cz>

2009-10-12 17:21:32 +02:00

doc

pknock: disallow running peer_gc too early

2009-10-04 21:00:04 +02:00

extensions

pknock: check interknock time only for !ST_ALLOWED peers

2009-10-12 17:21:32 +02:00

include/linux

src: update netfilter.h to unifdef'ed variant

2008-07-04 19:08:10 +02:00

Xtables-addons 1.7

2008-12-25 20:10:38 +01:00

.gitignore

Update .gitignore files

2009-09-26 00:13:15 +02:00

autogen.sh

Initial commit.

2008-01-29 03:57:08 +01:00

configure.ac

pknock: move into separate directory

2009-10-09 17:50:05 +02:00

INSTALL

pknock: add CONNECTOR guards

2009-10-09 18:15:27 +02:00

LICENSE

Update license texts

2008-08-02 13:08:48 -04:00

Makefile.am

build: enable automake for extensions/ directory

2009-09-24 00:59:59 +02:00

Makefile.extra

build: restore parallel build capability

2009-09-25 21:18:09 +02:00

Makefile.iptrules.in

build: enable automake for extensions/ directory

2009-09-24 00:59:59 +02:00

Makefile.mans.in

build: enable automake for extensions/ directory

2009-09-24 00:59:59 +02:00

mconfig

pknock: import pknock trunk@463

2009-09-29 14:00:59 +02:00

README

Update README, .gitignore

2008-06-30 23:46:26 +02:00

sources

Add support for external tarballs

2008-02-16 16:10:40 +01:00

xa-download-more

Add support for external tarballs

2008-02-16 16:10:40 +01:00

xtables-addons.8.in

Xtables-addons 1.18

2009-09-09 17:37:07 +02:00

README

Xtables-addons
==============

Xtables-addons is the proclaimed successor to patch-o-matic(-ng). It
contains extensions that were not accepted in the main Xtables
package.

Xtables-addons is different from patch-o-matic in that you do not
have to patch or recompile either kernel or Xtables(iptables). But
please see the INSTALL file for the minimum requirements of this
package.

All code imported from patch-o-matic has been reviewed and all
apparent bugs like binary stability across multiarches, missing
sanity checks and incorrect endianess handling have been fixed,
simplified, and sped up.


Inclusion into a kernel tree
============================




External extensions
===================

The program "xa-download-more" can be used to download more
extensions from 3rd parties into the source tree. The URLs are listed
in the "sources" file. If the "sources" file contains an entry like

	http://foobar.org/xa/

xa-download-more will inspect http://foobar.org/xa/xa-index.txt for
files to download. That file may contain

	foobar.tar.bz2

and xa-download-more will then retrieve and unpack
http://foobar.org/xa/foobar.tar.bz2.

Files that should be contained in the tarball are an mconfig and
Kbuild files to control building the extension, libxt_foobar.c for
the userspace extension and xt_foobar.c for the kernel extension.

	mconfig.foobar
	extensions/Kbuild.foobar
	extensions/Mbuild.foobar
	extensions/libxt_foobar.c
	extensions/libxt_foobar.man
	extensions/xt_foobar.c
	extensions/xt_foobar.h

Languages

C 83.9%

Roff 10.7%

Perl 2.5%

Makefile 2%

M4 0.6%

Other 0.3%