mirror of
git://git.code.sf.net/p/xtables-addons/xtables-addons
synced 2025-09-06 20:55:13 +02:00
305 lines
10 KiB
Plaintext
305 lines
10 KiB
Plaintext
|
|
HEAD
|
|
====
|
|
- xt_iface: allow matching against incoming/outgoing interface
|
|
|
|
|
|
v1.30 (October 02 2010)
|
|
=======================
|
|
- update to ipset 4.4
|
|
* ipport{,ip,net}hash did not work with mixed "src" and "dst"
|
|
destination parameters
|
|
- deactivate building xt_TEE and xt_CHECKSUM by default, as these have been
|
|
merged upstream in Linux 2.6.35 and 2.6.36, respectively.
|
|
Distros still wishing to build this need to enable it in their build
|
|
script, e.g. perl -i -pe 's{^build_TEE=.*}{build_TEE=m}' mconfig;
|
|
|
|
|
|
v1.29 (September 29 2010)
|
|
=========================
|
|
- compat_xtables: return bool for match_check and target_check in 2.6.23..34
|
|
- ipset: enable building of ip_set_ipport{ip,net}hash.ko
|
|
- support for Linux 2.6.36
|
|
- SYSRQ: resolve compile error with Linux 2.6.36
|
|
- TEE: resolve compile error with Linux 2.6.36
|
|
- add workaround for broken linux-glibc-devel 2.6.34 userspace headers
|
|
("implicit declaration of function 'ALIGN'")
|
|
|
|
|
|
Xtables-addons 1.28 (July 24 2010)
|
|
==================================
|
|
- RAWNAT: IPv6 variants erroneously rejected masks /33-/128
|
|
- new target xt_CHECKSUM
|
|
- xt_length2: add support for IPv6 jumbograms
|
|
- xt_geoip: fix possible out-of-bounds access
|
|
- import xt_geoip database scripts
|
|
|
|
|
|
Xtables-addons 1.27 (May 16 2010)
|
|
=================================
|
|
- further updates for the upcoming 2.6.35 changes
|
|
|
|
|
|
Xtables-addons 1.26 (April 30 2010)
|
|
===================================
|
|
- compat_xtables: fix 2.6.34 compile error due to a typo
|
|
|
|
|
|
Xtables-addons 1.25 (April 26 2010)
|
|
===================================
|
|
- TEE: do rechecksumming in PREROUTING too
|
|
- TEE: decrease TTL on cloned packet
|
|
- TEE: set dont-fragment on cloned packets
|
|
- TEE: free skb when route lookup failed
|
|
- TEE: do not limit use to mangle table
|
|
- TEE: do not retain iif and mark on cloned packet
|
|
- TEE: new loop detection logic
|
|
- TEE: use less expensive pskb_copy
|
|
- condition: remove unnecessary RCU protection
|
|
|
|
|
|
Xtables-addons 1.24 (March 17 2010)
|
|
===================================
|
|
- build: fix build of userspace modules against old (pre-2.6.25)
|
|
headers from linux-glibc-devel (/usr/include/linux)
|
|
- ipp2p: updated bittorent command recognition
|
|
- SYSRQ: let module load when crypto is unavailable
|
|
- SYSRQ: allow processing of UDP-Lite
|
|
|
|
|
|
Xtables-addons 1.23 (February 24 2010)
|
|
======================================
|
|
- build: support for Linux 2.6.34
|
|
- build: remove unused --with-ksource option
|
|
- build: remove unneeded --with-xtables option
|
|
- build: fix compilations in RAWNAT, SYSRQ and length2 when CONFIG_IPV6=n
|
|
- ipset: update to 4.2
|
|
- ECHO: fix compilation w.r.t. skb_dst
|
|
|
|
|
|
Xtables-addons 1.22 (January 22 2010)
|
|
=====================================
|
|
- compat_xtables: support for 2.6.33 skb_iif changes
|
|
- geoip: for FHS compliance use /usr/share/xt_geoip instead of /var/geoip
|
|
- ipset: enable build of ip_set_setlist.ko
|
|
- quota2: add the --no-change mode
|
|
|
|
|
|
Xtables-addons 1.21 (December 09 2009)
|
|
======================================
|
|
- ACCOUNT: avoid collision with arp_tables setsockopt numbers
|
|
- doc: fix option mismatch --gw/--gateway in libxt_TEE.man
|
|
|
|
|
|
Xtables-addons 1.20 (November 19 2009)
|
|
======================================
|
|
- ipp2p: add more boundary checks
|
|
- ipp2p: fix Gnutelle line ending detection
|
|
- LOGMARK: remove unknown options from manpage
|
|
- ACCOUNT: endianess-correctness
|
|
- ipset: install manpage
|
|
- ipset: fast forward to v4.1
|
|
|
|
|
|
Xtables-addons 1.19 (October 12 2009)
|
|
=====================================
|
|
- build: compile fixes for 2.6.31-rt
|
|
- build: support for Linux 2.6.32
|
|
- ipp2p: try to address underflows
|
|
- psd: avoid potential crash when dealing with non-linear skbs
|
|
- merge xt_ACCOUNT userspace utilities
|
|
- added reworked xt_pknock module
|
|
Changes from pknock v0.5:
|
|
- pknock: "strict" and "checkip" flags were not displayed in `iptables -L`
|
|
- pknock: the GC expire time's lower bound is now the default gc time
|
|
(65000 msec) to avoid rendering anti-spoof protection in SPA mode useless
|
|
- pknock: avoid crash on memory allocation failure and fix memleak
|
|
- pknock: avoid fillup of peer table during DDoS
|
|
- pknock: automatic closing of ports
|
|
- pknock: make non-zero time mandatory for TCP mode
|
|
- pknock: display only pknock mode and state relevant information in procfs
|
|
- pknock: check interknock time only for !ST_ALLOWED peers
|
|
- pknock: preserve time/autoclose values for rules added in
|
|
reverse/arbitrary order
|
|
- pknock: add a manpage
|
|
|
|
|
|
Xtables-addons 1.18 (September 09 2009)
|
|
=======================================
|
|
- build: support for Linux 2.6.31
|
|
- ipset: fast forward to v3.2
|
|
- quota2: support anonymous counters
|
|
- quota2: reduce memory footprint for anonymous counters
|
|
- quota2: extend locked period during cleanup (locking bugfix)
|
|
- quota2: use strtoull instead of strtoul
|
|
- merged xt_ACCOUNT module
|
|
- merged xt_psd module
|
|
|
|
|
|
Xtables-addons 1.17 (June 16 2009)
|
|
==================================
|
|
- IPMARK: print missing --shift parameter
|
|
- build: use readlink -f in extensions/ipset/
|
|
- build: support for Linux 2.6.30
|
|
|
|
|
|
Xtables-addons 1.16 (May 27 2009)
|
|
=================================
|
|
- RAWNAT: make iptable_rawpost compile with 2.6.30-rc5
|
|
- ipset: fast forward to 3.0
|
|
|
|
|
|
Xtables-addons 1.15 (April 30 2009)
|
|
===================================
|
|
- build: add kernel version check to configure
|
|
- condition: compile fix for 2.6.30-rc
|
|
- condition: fix intrapositional negation sign
|
|
- fuzzy: fix bogus comparison logic leftover from move to new 1.4.3 API
|
|
- ipp2p: fix bogus varargs call
|
|
- ipp2p: fix typo in error message
|
|
- added "iface" match
|
|
- added rawpost table (for use with RAWNAT)
|
|
- added RAWSNAT/RAWDNAT targets
|
|
|
|
|
|
Xtables-addons 1.14 (March 31 2009)
|
|
===================================
|
|
- fuzzy: need to account for kernel-level modified variables in .userspacesize
|
|
- geoip: remove XT_ALIGN from .userspacesize when used with offsetof
|
|
- SYSRQ: ignore non-UDP packets
|
|
- SYSRQ: do proper L4 header access in IPv6 code
|
|
(must not use tcp/udp_hdr in input path)
|
|
- add "STEAL" target
|
|
- dhcpmac: rename from dhcpaddr
|
|
|
|
|
|
Xtables-addons 1.13 (March 23 2009)
|
|
===================================
|
|
- added a reworked ipv4options match
|
|
- upgrade to iptables 1.4.3 API
|
|
|
|
|
|
Xtables-addons 1.12 (March 07 2009)
|
|
===================================
|
|
- ipset: fix for compilation with 2.6.29-rt
|
|
- ipset: fast forward to 2.5.0
|
|
- rename xt_portscan to xt_lscan ("low-level scan") because
|
|
"portscan" as a word caused confusion
|
|
- xt_LOGMARK: print incoming interface index
|
|
- revert "TEE: do not use TOS for routing"
|
|
- xt_TEE: resolve unknown symbol error with CONFIG_IPV6=n
|
|
- xt_TEE: enable routing by iif, nfmark and flowlabel
|
|
|
|
|
|
Xtables-addons 1.10 (February 18 2009)
|
|
======================================
|
|
- compat: compile fixes for 2.6.29
|
|
- ipset: upgrade to ipset 2.4.9
|
|
|
|
|
|
Xtables-addons 1.9 (January 30 2009)
|
|
====================================
|
|
- add the xt_length2 extension
|
|
- xt_TEE: remove intrapositional '!' support
|
|
- ipset: upgrade to ipset 2.4.7
|
|
|
|
|
|
Xtables-addons 1.8 (January 10 2009)
|
|
====================================
|
|
- xt_TEE: IPv6 support
|
|
- xt_TEE: do not include TOS value in routing decision
|
|
- xt_TEE: fix switch-case inversion for name/IP display
|
|
- xt_ipp2p: update manpages and help text
|
|
- xt_ipp2p: remove log flooding
|
|
- xt_portscan: update manpage about --grscan option caveats
|
|
|
|
|
|
Xtables-addons 1.7 (December 25 2008)
|
|
=====================================
|
|
- xt_ECHO: compile fix
|
|
- avoid the use of "_init" which led to compile errors on some installations
|
|
- build: do not unconditionally install ipset
|
|
- doc: add manpages for xt_ECHO and xt_TEE
|
|
- xt_ipp2p: kazaa detection code cleanup
|
|
- xt_ipp2p: fix newline inspection in kazaa detection
|
|
- xt_ipp2p: ensure better array bounds checking
|
|
- xt_SYSRQ: improve security by hashing password
|
|
|
|
|
|
Xtables-addons 1.6 (November 18 2008)
|
|
=====================================
|
|
- build: support for Linux 2.6.17
|
|
- build: compile fixes for 2.6.18 and 2.6.19
|
|
- xt_ECHO: resolve compile errors in xt_ECHO
|
|
- xt_ipp2p: parenthesize unaligned-access macros
|
|
|
|
|
|
Xtables-addons 1.5.7 (September 01 2008)
|
|
========================================
|
|
- API layer: fix use of uninitialized 'hotdrop' variable
|
|
- API layer: move to pskb-based signatures
|
|
- xt_SYSRQ: compile fixes for Linux <= 2.6.19
|
|
- ipset: adjust semaphore.h include for Linux >= 2.6.27
|
|
- build: automatically run `depmod -a` on installation
|
|
- add reworked xt_fuzzy module
|
|
- add DHCP address match and mangle module
|
|
- xt_portscan: IPv6 support
|
|
- xt_SYSRQ: add missing module aliases
|
|
|
|
|
|
Xtables-addons 1.5.5 (August 03 2008)
|
|
=====================================
|
|
- manpage updates for xt_CHAOS, xt_IPMARK; README updates
|
|
- build: properly recognize external Kbuild/Mbuild files
|
|
- build: remove dependency on CONFIG_NETWORK_SECMARK
|
|
- add the xt_SYSRQ target
|
|
- add the xt_quota2 extension
|
|
- import ipset extension group
|
|
|
|
|
|
Xtables-addons 1.5.4.1 (April 26 2008)
|
|
======================================
|
|
- build: fix compile error for 2.6.18-stable
|
|
|
|
|
|
Xtables-addons 1.5.4 (April 09 2008)
|
|
====================================
|
|
- build: support building multiple files with one config option
|
|
- API layer: add check for pskb relocation
|
|
- doc: generate manpages
|
|
- xt_ECHO: catch skb_linearize out-of-memory condition
|
|
- xt_LOGMARK: add hook= and ctdir= fields in dump
|
|
- xt_LOGMARK: fix comma output in ctstatus= list
|
|
- xt_TEE: fix address copying bug
|
|
- xt_TEE: make skb writable before attempting checksum update
|
|
- add reworked xt_condition match
|
|
- add reworked xt_ipp2p match
|
|
- add reworked xt_IPMARK target
|
|
|
|
|
|
Xtables-addons 1.5.3 (March 22 2008)
|
|
====================================
|
|
- support for Linux 2.6.18
|
|
- add xt_ECHO sample target
|
|
- add reworked xt_geoip match
|
|
|
|
|
|
Xtables-addons 1.5.2 (March 04 2008)
|
|
====================================
|
|
- build: support for GNU make < 3.81 which does not have $(realpath)
|
|
|
|
|
|
Xtables-addons 1.5.1 (February 21 2008)
|
|
=======================================
|
|
- build: allow user to select what extensions to compile and install
|
|
- build: allow external proejcts to be downloaded into the tree
|
|
- xt_LOGMARK: dump classify mark, ctstate and ctstatus
|
|
- add xt_CHAOS, xt_DELUDE and xt_portscan from Chaostables
|
|
|
|
|
|
Xtables-addons 1.5.0 (February 11 2008)
|
|
=======================================
|
|
Initial release with:
|
|
- extensions: xt_LOGMARK, xt_TARPIT, xt_TEE
|
|
- support for Linux >= 2.6.19
|