* [PATCH v2 0/5] ipset: add "inner" flag support
@ 2013-06-16 23:26 Dash Four
0 siblings, 0 replies; only message in thread
From: Dash Four @ 2013-06-16 23:26 UTC (permalink / raw)
To: Jozsef Kadlecsik; +Cc: Pablo Neira Ayuso, Netfilter Core Team
This series of 5 patches implements "inner" flag option in the set
iptables match, allowing matching based on the properties
(source/destination IP address, protocol, port and so on) of the
original (inner) connection in the event of the following
ICMP[v4,v6] messages:
ICMPv4 destination-unreachable (code 3);
ICMPv4 source-quench (code 4);
ICMPv4 time-exceeded (code 11);
ICMPv6 destination-unreachable (code 1);
ICMPv6 packet-too-big (code 2);
ICMPv6 time-exceeded (code 3);
Revision history:
v1 * initial revision
v2 * redundant code removed;
* added a new header file (ip_set_icmp.h) with 2 inline functions,
allowing access to the internal icmp header properties;
* removed ip[46]inneraddr[ptr]functions as they are no longer needed
* added new ipv[46]addr[ptr] and ip_set_get*port functions, the old
functions are still preserved for backwards compatibility;
Dash Four (5):
iptables: bugfix: prevent wrong syntax being accepted by the set match
ipset: add "inner" flag implementation
ipset: add set match "inner" flag support
iptables: add set match "inner" flag support
iptables (userspace): add set match "inner" flag support
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2013-06-16 23:27 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-06-16 23:26 [PATCH v2 0/5] ipset: add "inner" flag support Dash Four
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).