anonfunc/xtables-addons
1
0
Fork 0
mirror of git://git.code.sf.net/p/xtables-addons/xtables-addons synced 2026-05-11 05:08:38 +02:00
Code Issues Releases Wiki Activity
767 Commits 5 Branches 85 Tags
f6b8767228afe33dc92ae8d09c54091ccceaef18
Commit Graph

611 Commits

Author SHA1 Message Date
Florian Westphal f6b8767228 psd: add basic validation of userspace matchinfo data 
psd multiplies weight_thresh by HZ, so it could overflow.

Userspace libxt_psd refuses values exceeding PSD_MAX_RATE, so check
that on kernel side, too.

Also, setting 0 weight for both privileged and highports will cause
psd to never match at all.

Reject 0 weight threshold, too because it makes no sense (triggers
match for every initial packet).
 2012-06-15 15:11:32 +02:00
Florian Westphal ac58f2e94b psd: rip out scanlogd leftovers 
scanlogd remembers tcp flags and uses the *_CHANGING values in its
logger function to determine the best log format to use (e.g. TTL is
not logged if HF_TTL_CHANGING was set, as TTL values were different).

As psd does not log at all, we do not need track this.

Also get rid of bogus/misleading comments.
 2012-06-15 15:09:26 +02:00
Jan Engelhardt 7cc774641a all: remove trailing squatspaces 2012-06-10 22:31:10 +02:00
Marek Kierdelewicz 492236f931 DNETMAP version 2 
- new type: static binding
- new persistent flag option for prefix
- add extra information in /proc/net/xt_DNETMAP/prefix_stat that
  includes the count of static bindings and persistent flag
- add proc interface write support (add/del/flush binding)
- updated manual
 2012-06-10 22:27:28 +02:00
Jan Engelhardt 3f1202c211 build: limit xt_ECHO to kernel 3.x 
(Would also work on 2.6.39, but eh.)
 2012-04-21 02:44:51 +02:00
Florian Westphal 759546f8d0 xt_psd: avoid crash due to curr->next corruption 
curr->ports[] is of size SCAN_MAX_COUNT - 1, so under certain
conditions we wrote past end of array, corrupting ->next pointer
of the adjacent host entry.

Reported-and-tested-by: Serge Leschinsky <serge.leschinsky@gmail.com>
 2012-04-18 14:30:22 +02:00
Jan Engelhardt 0b3d1bc4f0 src: remove ipset6-genl 
As scheduled, perform the removal of ipset from the tree.
 2012-04-05 06:58:46 +02:00
Jan Engelhardt 7ee9feb20e build: support for Linux 3.3 2012-04-05 06:58:43 +02:00
Jan Engelhardt f830dbd34e Remove unused Kconfig files 2012-03-14 01:32:33 +01:00
Jan Engelhardt 916013cd89 xt_SYSRQ: fix compile error when crypto is turned off 2012-01-20 21:19:13 +01:00
Jan Engelhardt a6b06502ca compat_xtables: fixed mistranslation of checkentry return values 2012-01-12 09:21:39 +01:00
Jan Engelhardt 54d784ffdf build: stash away build tools and update .gitignore 2012-01-04 21:45:45 +01:00
Jan Engelhardt 076610e3af build: additional compilation fixes for Linux 3.2/3.3 2012-01-04 21:45:43 +01:00
Jan Engelhardt 31fdd86247 build: support for Linux 3.2 2011-12-31 02:15:45 +01:00
Jan Engelhardt 2b671829d8 xt_quota2: license clarification 
GPL3 did not exist back when Sam's xt_quota was written, therefore it
should be assumed that MODULE_LICENSE("GPL") intended to mean just
GPL2.
 2011-11-30 11:41:04 +01:00
Jan Engelhardt 9ab6a0ee0d ipset: update to 6.10-genl 2011-11-30 11:14:29 +01:00
Eivind Naess 75cd1d7d6a xt_ipv4options: fix an infinite loop 2011-11-05 15:31:00 +01:00
Jan Engelhardt b0dc0e6f4c Merge remote branch 'origin/master' 2011-11-04 20:08:04 +01:00
Jan Engelhardt bc1c37618a src: use xtables_register_targets throughout 2011-11-02 00:26:23 +01:00
Jan Engelhardt 487da26146 xt_ECHO: IPv6 support 2011-09-25 14:57:48 +02:00
Jan Engelhardt 434dea2b53 xt_ECHO: calculate UDP checksum 2011-09-25 14:39:43 +02:00
Jan Engelhardt 30d227135b xt_ECHO: fix kernel warning about RTAX_HOPLIMIT being used 2011-09-25 14:39:43 +02:00
Jan Engelhardt a508ec048c xt_ECHO: misc backports from ipt_REJECT and cosmetics 2011-09-25 14:39:10 +02:00
Jan Engelhardt 5245220246 ipset: update to 6.9.1-genl 2011-09-21 19:58:05 +02:00
Jan Engelhardt ec97cd6d89 build: add missing linux/version.h includes where needed 
Reported-by: Sergei Zhirikov <sfzhi@yahoo.com>
References: http://marc.info/?l=netfilter-devel&m=131404939007827&w=2
 2011-08-28 19:45:39 +02:00
Arkadiusz Miskiewicz d509951fcf ipset: move ipset_errcode from src to library to avoid undefined reference 
Unresolved symbols found in: /home/users/arekm/tmp/
xtables-addons-1.38-root-arekm/usr/lib64/libipset.so.1.0.0
        ipset_errcode

References: http://marc.info/?l=netfilter-devel&m=131435791514602&w=2
 2011-08-28 19:40:14 +02:00
Frank Reppin 6ef91897b2 build: fix compilation after missing libxtables_CFLAGS in submodules 2011-08-21 13:56:42 +02:00
Jan Engelhardt c7f60a33c5 ipset-4: remove unsupported version from the VCS 2011-08-20 20:30:03 +02:00
Jan Engelhardt bac406bff5 ipset-6: unambiguouize reported name 2011-08-20 16:50:41 +02:00
Jan Engelhardt 9ccd32d840 ipset: fix compile error due to changed function signature with Linux 3.1 2011-08-20 16:45:58 +02:00
Jan Engelhardt 939d3c8b27 xt_ipp2p: support UDPLITE 2011-08-16 14:50:53 +02:00
Jan Engelhardt c2d93e16fd xt_SYSRQ: fix UDPLITE header lookup in IPv6 2011-08-12 15:44:27 +02:00
Jan Engelhardt 04aed87cb6 xt_pknock: support UDPLITE 2011-08-12 15:42:44 +02:00
Jan Engelhardt 5ef3a7c436 xt_CHECKSUM: abort build when the feature is already provided by mainline 2011-08-12 15:42:39 +02:00
Jan Engelhardt 27a77b62f5 Merge branch 'ipset' 
Conflicts:
	doc/changelog.txt
 2011-08-12 15:37:50 +02:00
Jan Engelhardt 01d864f4fc xt_psd: resolve compiler warning 
xt_psd.c: In function "xt_psd_match":
xt_psd.c:253:27: warning: "tcph" may be used uninitialized in this
function [-Wuninitialized]
 2011-08-11 15:50:08 +02:00
Jan Engelhardt 071c95b750 xt_psd: compact temporary skb buffers 2011-08-11 15:49:40 +02:00
Jan Engelhardt a141cc311c xt_psd: support UDPLITE 2011-08-11 15:47:20 +02:00
Jan Engelhardt 7e92ce7ce6 xt_psd: move early bail-out code above skb_header_pointer 2011-08-11 15:46:53 +02:00
Jan Engelhardt 21da1dfea5 xt_psd: cleanup and reduce number of condition checks 2011-08-11 15:46:53 +02:00
Jan Engelhardt 6c17eb46b5 xt_psd: restore skb_header_pointer functionality for UDP 2011-08-11 15:46:53 +02:00
Jan Engelhardt 74ea647303 ipset: update to 6.8-genl 2011-07-28 13:56:45 +02:00
Jan Engelhardt e0154bfa4c xt_TEE: abort build when the feature is already provided by mainline 2011-07-28 13:50:38 +02:00
Jan Engelhardt cd18e2479c xt_TARPIT: fix kernel warning about RTAX_HOPLIMIT being used 2011-07-26 01:57:45 +02:00
Jan Engelhardt d2f3541cda xt_LOGMARK: put ct dumping into its own function 2011-07-21 00:18:28 +02:00
Jan Engelhardt 1fed8bbf09 extensions: more precise description 2011-07-17 14:27:07 +02:00
Jan Engelhardt eceaee3431 doc: do not advertise old tools 
Remove mention of netcat from the libxt_SYSRQ manpage.
 2011-06-25 00:05:26 +02:00
John Haxby 77b29a62ee xt_SYSRQ: include host address in digest 
The xt_SYSRQ hash now includes the destination IPv4 or IPv6 address
which makes it harder to replay a request to many different machines
in the hope that some of them are using the same password.
 2011-06-25 00:03:28 +02:00
John Haxby 33db992c39 xt_SYSRQ: make IPv6 trigger work again 
IPv6 sysrq never worked because of bad pointer arithmetic.
 2011-06-24 23:42:38 +02:00
Martin Barrowcliff 85d8f98dd7 xt_TARPIT: fix a kernel oops in --reset mode 
1. Moved misplaced code that was causing kernel oops in reset mode.

2. Added payload size calc to honeypot mode, so ack sequence may ACK
the length of client's sent payload packets correctly.

3. Modified TTL for honeypot mode so we look more like a Windows
machine.
 2011-06-24 22:09:34 +02:00