31aebc134e
build: remove support for Linux 2.6.20
2012-10-16 02:36:10 +02:00
e640a15ec9
build: remove support for Linux 2.6.19
2012-10-16 02:36:06 +02:00
66f213e324
build: remove support for Linux 2.6.18
2012-10-16 02:36:02 +02:00
0dcc56bc62
build: remove support for Linux 2.6.17
2012-10-16 02:35:57 +02:00
8db01220fd
Xtables-addons 1.47.1
2012-10-15 21:29:22 +02:00
95ff9a2de3
build: resolve compiler error
...
extensions/xt_psd.c:141:2: error: implicit declaration of function
'vmalloc' [-Werror=implicit-function-declaration]
2012-10-15 21:15:25 +02:00
2f1e094125
Xtables-addons 1.47
2012-10-15 20:03:02 +02:00
37b000182f
xt_psd: replace vzalloc by vmalloc+memset
...
The lower support boundary is currently 2.6.32, but vzalloc is only
available since 2.6.37.
2012-10-15 20:02:43 +02:00
255a310536
Merge branch 'psd'
2012-09-18 07:33:00 +02:00
3a6e73e986
xt_psd: add IPv6 support
...
Because most users will probably only use IPv4 psd, allocate most of the
state6 storage when the first IPv6 psd rule is added, and not at module
load time via .bss.
2012-09-18 03:33:37 +02:00
0a97126f5b
xt_psd: move IPv4 state locking responsibility to caller
...
The former psd_match function is now < 72 lines.
2012-09-18 02:53:02 +02:00
2ba833fe47
xt_psd: move L4 header fetching into helper
...
Also start splitting psd_match into two functions, one to do initial
sanity checking and header retrieval, one to do the actual work.
2012-09-18 02:47:30 +02:00
77240e0918
xt_psd: use tcph->dest directly
...
This allows us to move more code away from the main match function.
2012-09-18 02:45:17 +02:00
651e60f8d7
xt_psd: move table cleanup into helper
2012-09-18 02:43:04 +02:00
54ac2a899a
xt_psd: split struct host into generic and AF-dependent structure
2012-09-18 02:42:22 +02:00
61d2be172d
xt_psd: remove unneeded variables, make hash unsigned
...
- dest port and dest address were only written, never read
- struct inaddr isn't needed either, just look at iph->saddr
2012-09-18 02:41:15 +02:00
093f3b0a97
xt_psd: move match functionality to helpers
...
Reduce line count and to allow code reuse when IPv6 support will be
introduced.
2012-09-17 04:44:29 +02:00
57d25f22f1
xt_psd: avoid if (c=h) do {..} while (c = c->next)
...
It is aquivalent to c=h; while (c) { ..; c = c->next; }
which is a bit easier to read.
2012-09-17 04:42:56 +02:00
2f18ab31ec
xt_psd: move parts of main match function to helpers
...
The match function is way too large, start to split this into smaller
chunks.
2012-09-17 00:02:49 +02:00
12d0a8702c
xt_psd: consider protocol when searching port list
...
If we saw a TCP packet on port X, and we receive a UDP packet from the
same host to port X, we counted this as "port X", and did not see this
as a new packet.
Change compare to also consider protocol number and move it to a helper
to de-bloat the overlay large match function.
This change makes psd more aggressive with mixed TCP/UDP traffic.
2012-09-17 00:02:45 +02:00
35ce1adf5e
Xtables-addons 1.46
2012-08-23 15:54:21 +02:00
e5fe0b9c14
doc: update xt_SYSRQ.man to reflect that the full IPv6 address is needed
...
xt_SYSRQ uses NIP6_FMT, so requires the expanded form for the digest.
Reported-by: Jan Krcmar <honza801@gmail.com >
2012-08-23 15:27:23 +02:00
cd7fc84b29
build: remove extraneous closing bracket in configure.ac
...
Now autogen.sh will work without complaints.
2012-08-02 17:49:40 +02:00
4ff5a8fbf6
TARPIT: fix memory leak when tarpit_generic() fails
...
Currently tarpit_generic() just returns on failure, but this does not
free nskb.
Signed-off-by: Josh Hunt <johunt@akamai.com >
2012-08-02 17:48:05 +02:00
37e3a543a9
extensions: fix ipv6_find_hdr upstream change fallout
...
Upstream commit v3.5-rc1~109^2~138^2~4 ("netfilter: ip6_tables: add
flags parameter to ipv6_find_hdr()") changed the offset parameter of
ipv6_find_hdr() to be an input-output value. Moreover, if it is
non-zero, it MUST point to a valid IPv6 header embedded in the
packet.
2012-07-21 15:42:02 +02:00
5f6cbbc663
Xtables-addons 1.45
2012-07-16 05:39:32 +02:00
a2676585da
build: avoid use of unexported functions
...
Fixes: "WARNING 'ipv6_find_hdr' [xt_TARPIT.ko] not found" in
<= linux-2.6.37.
2012-07-16 05:36:41 +02:00
4a8aab6aed
fix: "WARNING 'xtnu_ipv6_find_hdr' [.ko] not found"
2012-07-16 05:34:24 +02:00
dec7d7fc4d
Xtables-addons 1.44
2012-07-15 13:58:51 +02:00
5c615a3c73
build: do not attempt to build IPv6 parts if CONFIG_IP6_NF_IPTABLES=n
...
Checking for IPV6 is not sufficient, use IP6_NF_IPTABLES instead.
2012-07-14 23:19:16 +02:00
0c1375414d
build: do not attempt to build IPv6 parts if CONFIG_IPV6=n
2012-07-14 22:55:39 +02:00
7e5a8b0501
geoip: remove outdated instructions in xt_geoip_build
...
The manpage contains the authoritative description of options
currently supported.
2012-07-14 02:17:38 +02:00
cb8050172a
SYSRQ: fix double target initialization at module load
2012-07-11 01:42:39 +02:00
5be4ac8b2b
Merge branch 'tarpit6'
2012-07-09 19:07:26 +02:00
8d5b7c5b7d
doc: changelog entry for IPv6 TARPIT
2012-07-09 19:07:24 +02:00
f9aca7621c
compat_xtables: avoid compile abort on <= 2.6.37
2012-07-09 19:06:22 +02:00
af940bcbae
TARPIT: enable IPv6 userspace support
...
Signed-off-by: Josh Hunt <johunt@akamai.com >
2012-07-09 18:57:41 +02:00
06b82c649d
TARPIT: resolve build errors with newer kernels
...
Adds fragment offset arg to ipv6_skip_exthdr() and also removes usage
of ipv6_addr_copy() in favor or direct assignment.
Signed-off-by: Josh Hunt <johunt@akamai.com >
2012-07-09 18:55:12 +02:00
e5093b61cd
compat_xtables: add xtnu_ipv6_skip_exthdr
2012-07-09 18:54:22 +02:00
7cd01e0b14
TARPIT: add IPv6 support
...
This adds IPv6 support for the tarpit target. It performs the same
functionality as the v4 version, but with IPv6 connections.
Signed-off-by: Josh Hunt <johunt@akamai.com >
2012-07-08 21:22:22 +02:00
4eb97c7a01
TARPIT: make tarpit code generic
...
Creates a generic function to perform the tcp header manipulation in.
Done in preparation for IPv6 support. This allows us to share code
between v4 and v6 processing.
Signed-off-by: Josh Hunt <johunt@akamai.com >
2012-07-08 20:54:35 +02:00
48fbc6783e
TARPIT: move XTTARPIT_RESET to its own function
...
Moves XTTARPIT_RESET into its own function.
Signed-off-by: Josh Hunt <johunt@akamai.com >
2012-07-08 20:51:46 +02:00
a9f383daf8
TARPIT: move XTTARPIT_HONEYPOT mode into its own function
...
Moves XTTARPIT_HONEYPOT into its own function.
Signed-off-by: Josh Hunt <johunt@akamai.com >
2012-07-08 20:51:05 +02:00
cbe58f55d0
TARPIT: move XTTARPIT_TARPIT mode processing to its own function
...
Moves the XTTARPIT_TARPIT mode processing to its own function.
Signed-off-by: Josh Hunt <johunt@akamai.com >
2012-07-08 20:51:00 +02:00
d11218815f
TARPIT: mark oldtcphdr const
2012-07-08 20:51:00 +02:00
911d3d146a
build: include <net/ip6_checksum.h> for csum_ipv6_magic
...
xt_ECHO fails to build on PPC because csum_ipv6_magic is declared in
<net/ip6_checksum.h>, which is not implicitly included from other
headers on PPC causing build failures due to this function being
undefined. So, include this header explicitly.
Note: Same cause as <http://bugzilla.netfilter.org/show_bug.cgi?id=307 >.
2012-07-03 22:53:57 +02:00
e2ecff2071
Xtables-addons 1.43
2012-06-30 19:46:21 +02:00
b2bcedd1ef
build: support for Linux 3.5
2012-06-30 18:38:49 +02:00
36c349054e
build: do not fail if AM_PROG_AR is not known
2012-06-30 15:44:44 +02:00
95da880d39
build: remove empty warning message
2012-06-21 19:13:13 +02:00
Jan Engelhardt