The loop detection does not work if the kernel is built without
conntrack. In fact, since cloned packets are sent directly and do not
pass through Xtables, there are no loops happening.
Patrick McHardy explains in [1] that locally-generated packets (such
as the clones xt_TEE will create) usually start with no iif and no
mark value, and even if cloned packets are a little more special than
locally-generated ones, let's do it that way.
[1] http://marc.info/?l=netfilter-devel&m=127012289008156&w=2
Because the build error logs of module-assistant are totally useless,
as the tarball filename has been stripped of the version, and
configure is not run either.
After testing I decide to write my patch to bittorrent GET commands
from xt_ipp2p.c because old procedure is useless for modified and/or
private trackers.
BTW: info_hash may be 3rd argument, passkey (private trackers) may be
1st argument (or not) etc. so we need to search.
In case the kernel is built without IPv6 support the compilation of
this module fails as it assumes IPv6. This patch makes kernel support
conditional on kernel .config.
In case the kernel is built without IPv6 support the compilation of
this module fails as it assumes IPv6. This patch makes kernel support
conditional on kernel .config.
This commit adds an option to xt_quota2 called "no-change". The
effect of this option, when used, is that it will skip incrementing
or decrementing the quota counter, effectively providing a quota test
only.
The reason for implementing this is so that I could have a rule check
if quota is available for a rule in the PREROUTING tables, without
actually decrementing the amount of available quota. I only wanted to
decrement the amount of available quota in the FORWARD rule.
Otherwise, the first packet of every connection would be counted
twice.
Not sure if this was overlooked, or if it is not in a suitable state
for general use, but lets give it a shot and see how it works.
Signed-off-by: Kevin Locke <kevin@kevinlocke.name>
[j.eng: it was overlooked]
xt_pknock.c: In function "update_peer":
xt_pknock.c:890:3: warning: implicit declaration of function "pass_security"
xt_pknock.c: In function "pknock_mt":
xt_pknock.c:1030:5: warning: implicit declaration of function "is_close_knock"
IP refers to Internet Protocol; adding "address" is therefore beneficial.
The CIDR size is better known as "prefix length".
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Jan Engelhardt