Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: Patrick McHardy <kaber <at> trash.net>
Subject: [NETFILTER 00/39]: Netfilter update for 2.6.19
Newsgroups: gmane.comp.security.firewalls.netfilter.devel
Date: Wednesday 20th September 2006 08:23:51 UTC (over 11 years ago)
Hi Dave,

following is another netfilter update for 2.6.19, consisting of a number of
random cleanup and fixes, a rework of the iptables compat code including
compat support for (AFAICT) all missing matches/targets and some cleanup
and fixes for the PPtP connection tracking helper. Some of these should
also
go in -stable, I'll prepare backports and send them seperately.

Please apply, thanks.


 include/linux/netfilter/nf_conntrack_tcp.h            |    1 
 include/linux/netfilter/x_tables.h                    |   33 
 include/linux/netfilter_ipv4/ip_conntrack_helper.h    |    2 
 include/linux/netfilter_ipv4/ip_conntrack_pptp.h      |   45 -
 include/linux/netfilter_ipv4/ip_conntrack_proto_gre.h |   22 
 include/linux/netfilter_ipv4/ip_nat_pptp.h            |    4 
 include/linux/netfilter_ipv6.h                        |    1 
 include/linux/netfilter_logging.h                     |   33 
 include/net/ip6_route.h                               |    2 
 net/bridge/netfilter/ebtables.c                       |   76 +-
 net/ipv4/netfilter/arp_tables.c                       |    4 
 net/ipv4/netfilter/ip_conntrack_core.c                |  209 ++---
 net/ipv4/netfilter/ip_conntrack_helper_pptp.c         |  634
+++++++-----------
 net/ipv4/netfilter/ip_conntrack_netlink.c             |   63 -
 net/ipv4/netfilter/ip_conntrack_proto_gre.c           |   52 -
 net/ipv4/netfilter/ip_conntrack_proto_tcp.c           |    4 
 net/ipv4/netfilter/ip_conntrack_standalone.c          |    1 
 net/ipv4/netfilter/ip_nat_core.c                      |    4 
 net/ipv4/netfilter/ip_nat_helper.c                    |    4 
 net/ipv4/netfilter/ip_nat_helper_pptp.c               |  210 ++---
 net/ipv4/netfilter/ip_nat_proto_gre.c                 |   22 
 net/ipv4/netfilter/ip_nat_rule.c                      |    4 
 net/ipv4/netfilter/ip_nat_standalone.c                |    4 
 net/ipv4/netfilter/ip_queue.c                         |    8 
 net/ipv4/netfilter/ip_tables.c                        |  161 +---
 net/ipv4/netfilter/ipt_TCPMSS.c                       |  101 --
 net/ipv4/netfilter/ipt_TTL.c                          |    4 
 net/ipv4/netfilter/ipt_hashlimit.c                    |   29 
 net/ipv6/netfilter/ip6_queue.c                        |    8 
 net/ipv6/netfilter/ip6_tables.c                       |    5 
 net/ipv6/netfilter/ip6t_HL.c                          |    6 
 net/ipv6/netfilter/ip6table_mangle.c                  |    8 
 net/netfilter/nf_conntrack_core.c                     |  205 ++---
 net/netfilter/nf_conntrack_netlink.c                  |   67 -
 net/netfilter/nf_conntrack_proto_tcp.c                |    4 
 net/netfilter/nf_conntrack_standalone.c               |    1 
 net/netfilter/x_tables.c                              |  209 +++--
 net/netfilter/xt_CONNMARK.c                           |   36 +
 net/netfilter/xt_MARK.c                               |   34 
 net/netfilter/xt_connmark.c                           |   36 +
 net/netfilter/xt_conntrack.c                          |  179 ++---
 net/netfilter/xt_limit.c                              |   65 +
 net/netfilter/xt_mark.c                               |   36 +
 net/netfilter/xt_policy.c                             |    2 
 44 files changed, 1238 insertions(+), 1400 deletions(-)

Alexey Dobriyan:
      [NETFILTER]: xt_policy: remove dups in .family

Brian Haley:
      [NETFILTER]: make some netfilter globals __read_mostly

Dmitry Mishin:
      [NETFILTER]: x_tables: small check_entry & module_refcount cleanup

George Hansper:
      [NETFILTER]: TCP conntrack: improve dead connection detection

Pablo Neira Ayuso:
      [NETFILTER]: ctnetlink: simplify the code to dump the conntrack table
      [NETFILTER]: conntrack: fix race condition in early_drop

Patrick McHardy:
      [NETFILTER]: remove unused include file
      [NETFILTER]: kill listhelp.h
      [NETFILTER]: xt_conntrack: clean up overly long lines
      [NETFILTER]: ipt_TCPMSS: reformat
      [NETFILTER]: ipt_TCPMSS: remove impossible condition
      [NETFILTER]: ipt_TCPMSS: misc cleanup
      [NETFILTER]: xt_limit: don't reset state on unrelated rule updates
      [NETFILTER]: ip6table_mangle: reroute when nfmark changes in
NF_IP6_LOCAL_OUT
      [NETFILTER]: ipt_TTL: fix checksum update bug
      [NETFILTER]: ip6t_HL: remove write-only variable
      [NETFILTER]: ip_tables: fix module refcount leaks in compat error
paths
      [NETFILTER]: ip_tables: revision support for compat code
      [NETFILTER]: x_tables: simplify compat API
      [NETFILTER]: xt_mark: add compat conversion functions
      [NETFILTER]: xt_MARK: add compat conversion functions
      [NETFILTER]: xt_connmark: add compat conversion functions
      [NETFILTER]: xt_CONNMARK: add compat conversion functions
      [NETFILTER]: xt_limit: add compat conversion functions
      [NETFILTER]: ipt_hashlimit: add compat conversion functions
      [NETFILTER]: PPTP conntrack: fix whitespace errors
      [NETFILTER]: PPTP conntrack: get rid of unnecessary byte order
conversions
      [NETFILTER]: PPTP conntrack: remove dead code
      [NETFILTER]: PPTP conntrack: remove more dead code
      [NETFILTER]: PPTP conntrack: fix header definitions
      [NETFILTER]: PPTP conntrack: remove unnecessary cid/pcid header
pointers
      [NETFILTER]: PPTP conntrack: simplify expectation handling
      [NETFILTER]: PPTP conntrack: consolidate header size checks
      [NETFILTER]: PPTP conntrack: consolidate header parsing
      [NETFILTER]: PPTP conntrack: clean up debugging cruft
      [NETFILTER]: PPTP conntrack: check call ID before changing state
      [NETFILTER]: PPTP conntrack: fix PPTP_IN_CALL message types
      [NETFILTER]: PPTP conntrack: fix GRE keymap leak
      [NETFILTER]: PPTP conntrack: fix another GRE keymap leak
 
CD: 3ms