From: Patrick McHardy <kaber@trash.net>
To: davem@davemloft.net
Cc: netfilter-devel@lists.netfilter.org, Patrick McHardy <kaber@trash.net>
Subject: [NETFILTER 00/15]: Netfilter patches for 2.6.21
Date: Wed, 7 Feb 2007 09:22:29 +0100 (MET) [thread overview]
Message-ID: <20070207082228.27478.19484.sendpatchset@localhost.localdomain> (raw)
Hi Dave,
following is a first batch of my netfilter patches for 2.6.21.
Besides some cleanup, the highlights are:
- New SANE connection tracking helper
- New ip6tables Mobility Header match
- x_tables TCPMSS target port with IPv6 support
- Automatic liberal TCP connection tracking for picked up connections
- Optional source port randomization for SNAT
Once again the diffstat is quite huge, but mainly because of some harmless
cleanup of x_tables wrappers, touching almost all iptables related files.
Please apply, thanks.
include/linux/netfilter/Kbuild | 1
include/linux/netfilter/nf_conntrack_sane.h | 21 +
include/linux/netfilter/nf_conntrack_tcp.h | 4
include/linux/netfilter/xt_TCPMSS.h | 10
include/linux/netfilter_ipv4/ip_nat.h | 1
include/linux/netfilter_ipv4/ip_tables.h | 24 --
include/linux/netfilter_ipv4/ipt_TCPMSS.h | 7
include/linux/netfilter_ipv6/ip6_tables.h | 35 ++-
include/linux/netfilter_ipv6/ip6t_mh.h | 15 +
include/net/netfilter/nf_conntrack.h | 2
include/net/netfilter/nf_nat.h | 1
net/bridge/br_netfilter.c | 29 --
net/bridge/netfilter/ebt_ip.c | 1
net/bridge/netfilter/ebt_log.c | 1
net/ipv4/netfilter/Kconfig | 26 --
net/ipv4/netfilter/Makefile | 1
net/ipv4/netfilter/ip_conntrack_proto_tcp.c | 40 +--
net/ipv4/netfilter/ip_nat_core.c | 12 -
net/ipv4/netfilter/ip_nat_proto_tcp.c | 5
net/ipv4/netfilter/ip_nat_proto_udp.c | 5
net/ipv4/netfilter/ip_nat_rule.c | 32 +--
net/ipv4/netfilter/ip_tables.c | 40 +--
net/ipv4/netfilter/ipt_CLUSTERIP.c | 15 -
net/ipv4/netfilter/ipt_ECN.c | 13 -
net/ipv4/netfilter/ipt_LOG.c | 18 +
net/ipv4/netfilter/ipt_MASQUERADE.c | 9
net/ipv4/netfilter/ipt_NETMAP.c | 8
net/ipv4/netfilter/ipt_REDIRECT.c | 8
net/ipv4/netfilter/ipt_REJECT.c | 10
net/ipv4/netfilter/ipt_SAME.c | 8
net/ipv4/netfilter/ipt_TCPMSS.c | 207 -------------------
net/ipv4/netfilter/ipt_TOS.c | 11 -
net/ipv4/netfilter/ipt_TTL.c | 11 -
net/ipv4/netfilter/ipt_ULOG.c | 20 -
net/ipv4/netfilter/ipt_addrtype.c | 9
net/ipv4/netfilter/ipt_ah.c | 10
net/ipv4/netfilter/ipt_ecn.c | 10
net/ipv4/netfilter/ipt_iprange.c | 10
net/ipv4/netfilter/ipt_owner.c | 9
net/ipv4/netfilter/ipt_recent.c | 12 -
net/ipv4/netfilter/ipt_tos.c | 10
net/ipv4/netfilter/ipt_ttl.c | 11 -
net/ipv4/netfilter/iptable_filter.c | 2
net/ipv4/netfilter/iptable_mangle.c | 2
net/ipv4/netfilter/iptable_raw.c | 2
net/ipv4/netfilter/nf_nat_core.c | 12 -
net/ipv4/netfilter/nf_nat_proto_tcp.c | 4
net/ipv4/netfilter/nf_nat_proto_udp.c | 4
net/ipv4/netfilter/nf_nat_rule.c | 8
net/ipv4/netfilter/nf_nat_standalone.c | 6
net/ipv6/netfilter/Kconfig | 8
net/ipv6/netfilter/Makefile | 1
net/ipv6/netfilter/ip6_tables.c | 12 -
net/ipv6/netfilter/ip6t_HL.c | 17 -
net/ipv6/netfilter/ip6t_LOG.c | 17 +
net/ipv6/netfilter/ip6t_REJECT.c | 10
net/ipv6/netfilter/ip6t_ah.c | 8
net/ipv6/netfilter/ip6t_eui64.c | 8
net/ipv6/netfilter/ip6t_frag.c | 8
net/ipv6/netfilter/ip6t_hbh.c | 1
net/ipv6/netfilter/ip6t_hl.c | 11 -
net/ipv6/netfilter/ip6t_ipv6header.c | 8
net/ipv6/netfilter/ip6t_mh.c | 108 ++++++++++
net/ipv6/netfilter/ip6t_owner.c | 8
net/ipv6/netfilter/ip6t_rt.c | 8
net/ipv6/netfilter/ip6table_filter.c | 21 -
net/ipv6/netfilter/ip6table_mangle.c | 21 -
net/ipv6/netfilter/ip6table_raw.c | 19 -
net/netfilter/Kconfig | 39 +++
net/netfilter/Makefile | 2
net/netfilter/nf_conntrack_proto_tcp.c | 40 +--
net/netfilter/nf_conntrack_sane.c | 242 ++++++++++++++++++++++
net/netfilter/xt_CLASSIFY.c | 4
net/netfilter/xt_CONNMARK.c | 5
net/netfilter/xt_CONNSECMARK.c | 6
net/netfilter/xt_MARK.c | 8
net/netfilter/xt_SECMARK.c | 4
net/netfilter/xt_TCPMSS.c | 296 ++++++++++++++++++++++++++++
net/netfilter/xt_hashlimit.c | 1
net/sched/act_ipt.c | 2
net/sched/sch_sfq.c | 2
81 files changed, 1110 insertions(+), 607 deletions(-)
Eric Leblond:
[NETFILTER]: NAT: optional source port randomization support
Jan Engelhardt:
[NETFILTER]: Remove useless comparisons before assignments
[NETFILTER]: x_tables: fix return values for LOG/ULOG
[NETFILTER]: {ip,ip6}_tables: remove x_tables wrapper functions
[NETFILTER]: {ip,ip6}_tables: use struct xt_table instead of redefined structure names
Masahide NAKAMURA:
[NETFILTER]: ip6_tables: support MH match
Michal Schmidt:
[NETFILTER]: Add SANE connection tracking helper
Patrick McHardy:
[NETFILTER]: tcp conntrack: do liberal tracking for picked up connections
[NETFILTER]: nf_conntrack_tcp: make sysctl variables static
[NETFILTER]: nf_nat: remove broken HOOKNAME macro
[NETFILTER]: bridge-netfilter: use nf_register_hooks/nf_unregister_hooks
[NET]: Add UDPLITE support in a few missing spots
[NETFILTER]: add IPv6-capable TCPMSS target
[NETFILTER]: ip_tables: remove declaration of non-existant ipt_find_target function
[NETFILTER]: ip6_tables: remove redundant structure definitions
next reply other threads:[~2007-02-07 8:22 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-02-07 8:22 Patrick McHardy [this message]
2007-02-07 8:22 ` [NETFILTER 01/15]: Add SANE connection tracking helper Patrick McHardy
2007-02-08 0:26 ` Jan Engelhardt
2007-02-08 0:48 ` Patrick McHardy
2007-02-08 11:25 ` Jan Engelhardt
2007-02-07 8:22 ` [NETFILTER 02/15]: tcp conntrack: do liberal tracking for picked up connections Patrick McHardy
2007-02-07 8:22 ` [NETFILTER 03/15]: nf_conntrack_tcp: make sysctl variables static Patrick McHardy
2007-02-07 23:06 ` David Miller
2007-02-07 23:09 ` Patrick McHardy
2007-02-07 23:24 ` David Miller
2007-02-07 23:30 ` Patrick McHardy
2007-02-07 8:22 ` [NETFILTER 04/15]: Remove useless comparisons before assignments Patrick McHardy
2007-02-07 8:22 ` [NETFILTER 05/15]: nf_nat: remove broken HOOKNAME macro Patrick McHardy
2007-02-07 8:22 ` [NETFILTER 06/15]: bridge-netfilter: use nf_register_hooks/nf_unregister_hooks Patrick McHardy
2007-02-07 8:22 ` [NET 07/15]: Add UDPLITE support in a few missing spots Patrick McHardy
2007-02-07 8:22 ` [NETFILTER 08/15]: add IPv6-capable TCPMSS target Patrick McHardy
2007-02-07 8:22 ` [NETFILTER 09/15]: NAT: optional source port randomization support Patrick McHardy
2007-02-07 8:22 ` [NETFILTER 10/15]: x_tables: fix return values for LOG/ULOG Patrick McHardy
2007-02-07 8:23 ` [NETFILTER 11/15]: {ip, ip6}_tables: remove x_tables wrapper functions Patrick McHardy
2007-02-07 8:23 ` [NETFILTER 12/15]: {ip, ip6}_tables: use struct xt_table instead of redefined structure names Patrick McHardy
2007-02-07 8:23 ` [NETFILTER 13/15]: ip6_tables: support MH match Patrick McHardy
2007-02-07 8:23 ` [NETFILTER 14/15]: ip_tables: remove declaration of non-existant ipt_find_target function Patrick McHardy
2007-02-07 8:23 ` [NETFILTER 15/15]: ip6_tables: remove redundant structure definitions Patrick McHardy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20070207082228.27478.19484.sendpatchset@localhost.localdomain \
--to=kaber@trash.net \
--cc=davem@davemloft.net \
--cc=netfilter-devel@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).