* [PATCH v2 0/5] ipset: add "inner" flag support
@ 2013-06-16 23:26 Dash Four
0 siblings, 0 replies; only message in thread
From: Dash Four @ 2013-06-16 23:26 UTC (permalink / raw)
To: Jozsef Kadlecsik; +Cc: Pablo Neira Ayuso, Netfilter Core Team
This series of 5 patches implements "inner" flag option in the set
iptables match, allowing matching based on the properties
(source/destination IP address, protocol, port and so on) of the
original (inner) connection in the event of the following
ICMP[v4,v6] messages:
ICMPv4 destination-unreachable (code 3);
ICMPv4 source-quench (code 4);
ICMPv4 time-exceeded (code 11);
ICMPv6 destination-unreachable (code 1);
ICMPv6 packet-too-big (code 2);
ICMPv6 time-exceeded (code 3);
Revision history:
v1 * initial revision
v2 * redundant code removed;
* added a new header file (ip_set_icmp.h) with 2 inline functions,
allowing access to the internal icmp header properties;
* removed ip[46]inneraddr[ptr]functions as they are no longer needed
* added new ipv[46]addr[ptr] and ip_set_get*port functions, the old
functions are still preserved for backwards compatibility;
Dash Four (5):
iptables: bugfix: prevent wrong syntax being accepted by the set match
ipset: add "inner" flag implementation
ipset: add set match "inner" flag support
iptables: add set match "inner" flag support
iptables (userspace): add set match "inner" flag support
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2013-06-16 23:27 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-06-16 23:26 [PATCH v2 0/5] ipset: add "inner" flag support Dash Four
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.