[arch-dev-public] [signoff] iptables

Stéphane Gaudreault stephane at archlinux.org
Mon Jul 18 20:05:37 EDT 2011

Le 18 juillet 2011 22:37:46 Ronald van Haren a écrit :
> please signoff for both architectures.
> Ronald
> Changelog
> Elie De Brauwer (1):
>       doc: fix trivial typo in libipt_SNAT
> Jan Engelhardt (13):
>       libxt_owner: restore inversion support
>       build: remove dead code parts
>       build: fix installation of symlinks
>       build: fix absence of xml translator in IPv6-only builds
>       doc: update GPL license text
>       doc: iptables-xml should be in manpage section 1
>       build: move basic preprocessor flags to regular_CPPFLAGS
>       build: move kinclude's preprocessor flags to kinclude_CPPFLAGS
>       src: move all libiptc pieces into its directory
>       src: move all iptables pieces into a separate directory
>       tests: add some sample rulesets to test save-restore cycle
>       option: fix ignored negation before implicit extension loading
>       build: re-add missing CPPFLAGS for libiptc
> Maciej Żenczykowski (1):
>       xtables-multi: fix absence of xml translator in IPv6-only builds
> Mike Frysinger (1):
>       build: move remaining preprocessor flags to CPPFLAGS
> Patrick McHardy (1):
>       Bump version to
> Vlad Dogaru (1):
>       doc: fix MASQUERADE section of man page
> Chamgelog 1.4.11:
> Changli Gao (1):
>       iptables: fix the dead loop when meeting unknown options
> Florian Westphal (3):
>       libxt_conntrack: fix --ctdir save/dump output format
>       libxt_time: fix random --datestart skips
>       extensions: libxt_NFQUEUE: add v2 revision with --queue-bypass option
> JP Abgrall (1):
>       libxt_quota: make sure uint64 is not truncated
> Jan Engelhardt (218):
>       libxtables: change option precedence order to be intuitive
>       libxt_TOS: avoid an undesired overflowing computation
>       iptables: fix longopt reecognition and workaround getopt(3) behavior
>       Revert "Revert "libxtables: change option precedence order to be
> intuitive""
>       Merge branch 'master' of git://dev.medozas.de/iptables into m2
>       iptables: reset options at the start of each command
>       iptables: do not emit orig_opts twice
>       include: update files with headers from Linux 2.6.37-rc1
>       TPROXY: add support for revision 1
>       socket: add support for revision 1
>       build: fix globbing of extensions in other locales
>       libxt_owner: output numeric IDs when save is requested
>       Merge commit 'v1.4.10'
>       build: stop on error in subcommand
>       src: const annotations
>       xt_comment: remove redundant cast
>       src: use C99/POSIX types
>       iptables: abort on empty interface specification
>       xtables: reorder num_old substraction for clarity
>       ip[6]tables: only call match's parse function when option char is in
> range ip[6]tables: only call target's parse function when option char is in
> range
>       extensions: remove no longer necessary default: cases
>       libxt_sctp: fix a typo
>       libipt_CLUSTERIP: const annotations
>       libxtables: do some option structure checking
>       libxt_quota: print negation when it has been selected
>       libxt_connlimit: reword help text to say prefix length
>       libxt_connlimit: add a --connlimit-upto option
>       libxt_connlimit: support for dstaddr-supporting revision 1
>       libxt_connlimit: remove duplicate member that caused size change
>       libxt_quota: clarifications on matching
>       iptables: improve error reporting with extension loading troubles
>       libxt_u32: enclose argument in quotes
>       xtables: set custom opts to NULL on free
>       iptables: warn when parameter limit is exceeded
>       iptables: remove bogus address-of
>       iptables: remove more redundant casts
>       iptables: do not print trailing whitespaces
>       src: collect do_command variables in a struct
>       src: move large default: block from do_command6 into its own function
>       src: share iptables_command_state across the two programs
>       src: deduplicate find_proto function
>       src: move OPT_FRAGMENT to the end so the list can be shared
>       src: put shared option flags into xshared
>       src: deduplicate and simplify implicit protocol extension loading
>       src: unclutter command_default function
>       src: move jump option handling from do_command6 into its own function
>       src: move match option handling from do_command6 into its own
> functions iptables: fix error message for unknown options
>       iptables: fix segfault target option parsing
>       ip6tables: spacing fixes for -o argument
>       libxt_devgroup: option whitespace update following v1.4.10-49-g7386635
> extensions: fix indent of vtable
>       doc: fix wrong sentence about negation in xt_limit
>       doc: fix misspelling of "field"
>       extensions: remove redundant init functions
>       Remove unused CVS expanded keywords
>       libip6t_dst: remove unimplemented --dst-not-strict
>       libip6t_hbh: remove unimplemented --hbh-not-strict
>       extensions: add missing checks for specific flags
>       libipt_ECN: set proper option flags
>       doc: mention other possible nf_loggers for TRACE
>       doc: fix odd partial sentence in libipt_TTL
>       libxt_quota: require --quota to be specified
>       doc: rateest options can be optional
>       libxtables: fix memory scribble beyond end of array
>       iptables: fix an inversion
>       doc: add VERSION section to manpages
>       extensions: add missing checks for specific flags (2)
>       libxtables: guided option parser
>       libxt_CHECKSUM: use guided option parser
>       libxt_socket: use guided option parser
>       libxtables: provide better final_check
>       libxt_CONNSECMARK: use guided option parser
>       libxtables: XTTYPE_UINT32 support
>       libxt_cpu: use guided option parser
>       libxtables: min-max option support
>       libxt_cluster: use guided option parser
>       libxtables: XTTYPE_UINT8 support
>       libip[6]t_HL: use guided option parser
>       libip[6]t_hl: use guided option parser
>       libxtables: XTTYPE_UINT32RC support
>       libip[6]t_ah: use guided option parser
>       libip6t_frag: use guided option parser
>       libxt_esp: use guided option parser
>       libxtables: XTTYPE_STRING support
>       libip[6]t_REJECT: use guided option parser
>       libip6t_dst: use guided option parser
>       libip6t_hbh: use guided option parser
>       libip[6]t_icmp: use guided option parser
>       libip6t_ipv6header: use guided option parser
>       libipt_ECN: use guided option parser
>       libipt_addrtype: use guided option parser
>       libxt_AUDIT: use guided option parser
>       libxt_CLASSIFY: use guided option parser
>       libxt_DSCP: use guided option parser
>       libxt_LED: use guided option parser
>       libxt_SECMARK: use guided option parser
>       libxt_TCPOPTSTRIP: use guided option parser
>       libxt_comment: use guided option parser
>       libxt_helper: use guided option parser
>       libxt_physdev: use guided option parser
>       libxt_pkttype: use guided option parser
>       libxt_state: use guided option parser
>       libxt_time: use guided option parser
>       libxt_u32: use guided option parser
>       doc: avoid duplicate entries in manpage
>       libxtables: XTTYPE_MARKMASK32 support
>       libxt_MARK: use guided option parser
>       libxt_CONNMARK: use guided option parser
>       libxtables: XTTYPE_UINT64 support
>       libxt_quota: use guided option parser
>       libxtables: linked-list name<->id map
>       libxt_devgroup: use guided option parser
>       libipt_realm: use guided option parser
>       libxtables: XTTYPE_UINT16RC support
>       libxt_length: use guided option parser
>       libxt_tcpmss: use guided option parser
>       libxtables: XTTYPE_UINT8RC support
>       libxtables: XTTYPE_UINT64RC support
>       libxt_connbytes: use guided option parser
>       libxtables: XTTYPE_UINT16 support
>       libxt_CT: use guided option parser
>       libxt_NFQUEUE: use guided option parser
>       libxt_TCPMSS: use guided option parser
>       libxtables: pass struct xt_entry_{match,target} to x6 parser
>       libxt_string: use guided option parser
>       libxtables: XTTYPE_SYSLOGLEVEL support
>       libip[6]t_LOG: use guided option parser
>       libxtables: XTTYPE_ONEHOST support
>       libxtables: XTTYPE_PORT support
>       libxt_TPROXY: use guided option parser
>       libipt_ULOG: use guided option parser
>       build: bump libxtables ABI version
>       libxt_TEE: use guided option parser
>       xtoptions: respect return value in xtables_getportbyname
>       libxt_TOS: use guided option parser
>       libxt_tos: use guided option parser
>       extensions: remove unused TOS code
>       libxtables: XTTYPE_PORTRC support
>       libxt_udp: use guided option parser
>       libxt_dccp: use guided option parser
>       libxt_tos: add inversion support back again
>       libxtables: fix assignment in wrong offset (XTTYPE_UINT*RC)
>       libxt_u32: add missing call to xtables_option_parse
>       extensions: remove bogus use of XT_GETOPT_TABLEEND
>       libxt_owner: remove ifdef IPT_COMM_OWNER
>       libxtables: output name of extension on rev detect failure
>       extensions: const annotations
>       libxt_statistic: streamline and document possible placement of
> negation libxt_statistic: increase precision on create and dump
>       libxtables: XTTYPE_DOUBLE support
>       libxt_statistic: use guided option parser
>       libxt_IDLETIMER: use guided option parser
>       libxt_NFLOG: use guided option parser
>       libxtables: support for XTTYPE_PLENMASK
>       libxt_connlimit: use guided option parser
>       libxt_recent: use guided option parser
>       libxtables: do not overlay addr and mask parts, and cleanup
>       libxtables: flag invalid uses of XTOPT_PUT
>       libxtables: XTTYPE_PLEN support
>       libxt_hashlimit: use guided option parser
>       libxtables: XTTYPE_HOSTMASK support
>       libxt_policy: use guided option parser
>       libxt_owner: use guided option parser
>       libxt_osf: use guided option parser
>       libxt_multiport: use guided option parser
>       libipt_NETMAP: use guided option parser
>       libxt_limit: use guided option parser
>       libxtables: XTTYPE_PROTOCOL support
>       libxt_ipvs: use guided option parser
>       doc: S/DNAT allows to omit IP addresses
>       libxt_conntrack: use guided option parser
>       libip6t_mh: use guided option parser
>       libip6t_rt: use guided option parser
>       libxtables: XTTYPE_ETHERMAC support
>       libxt_mac: use guided option parser
>       libipt_CLUSTERIP: use guided option parser
>       libxt_iprange: use guided option parser
>       libipt_DNAT: use guided option parser
>       libipt_SNAT: use guided option parser
>       libipt_MASQUERADE: use guided option parser
>       libipt_REDIRECT: use guided option parser
>       libipt_SAME: use guided option parser
>       src: replace old IP*T_ALIGN macros
>       src: combine default_command functions
>       libxt_policy: option table fixes, improved error tracking
>       libxtables: avoid running into .also checks when option not used
>       libxt_policy: use XTTYPE_PROTOCOL type
>       libxtables: collapse double protocol parsing
>       libipt_[SD]NAT: flag up module name on error
>       libipt_[SD]NAT: avoid false error about multiple destinations
> specified libxt_conntrack: correct printed module name
>       libxt_conntrack: fix assignment to wrong member
>       libxt_conntrack: resolve erroneous rev-2 port range message
>       libip6t_rt: rt-0-not-strict should take no arg
>       libxtables: retract _NE types and use a flag instead
>       libxt_quota: readd missing XTOPT_PUT request
>       libxtables: check for negative numbers in xtables_strtou*
>       libxt_rateest: streamline case display of units
>       doc: add some coded option examples to libxt_hashlimit
>       doc: make usage of libxt_rateest more obvious
>       doc: clarify that -p all is a special keyword only
>       doc: use .IP list for TCPMSS
>       doc: remove redundant .IP calls in libxt_time
>       libxt_ipvs: restore network-byte order
>       libxt_u32: --u32 option is required
>       libip6t_rt: restore --rt-type storing
>       libxtables: more detailed error message on multi-int parsing
>       libxtables: use uintmax for xtables_strtoul
>       libxtables: make multiint parser have greater range
>       libxtables: unclutter xtopt_parse_mint
>       libxtables: have xtopt_parse_mint interpret partially-spec'd ranges
>       libxt_NFQUEUE: avoid double attempt at parsing
>       libxt_NFQUEUE: add mutual exclusion between qnum and qbal
>       libxt_time: always ignore libc timezone
>       libxt_time: --utc and --localtz are mutually exclusive
>       libxt_time: deprecate --localtz option, document kernel TZ caveats
> Jozsef Kadlecsik (3):
>       Fix listing/saving the new revision of the SET target
>       Fix set match/target direction parser
>       SET target revision 2 added
> Li Yewang (1):
>       xtables: fix typo in error message of xtables_register_match()
> Lutz Jaenicke (2):
>       libipt_REDIRECT: "--to-ports" is not mandatory
>       libxt_devgroup: actually set XT_DEVGROUP_OPT_???GROUP flags
> Maciej Zenczykowski (20):
>       man pages: allow underscores in match and target names
>       mark newly opened fds as FD_CLOEXEC (close on exec)
>       xtables_ip6addr_to_numeric: fix typo in comment
>       xtables: delay (statically built) match/target initialization
>       v4: rename init_extensions() to init_extensions4()
>       v6: rename init_extensions() to init_extensions6()
>       xtables.h: init_extensions() no longer exists
>       v4: rename for_each_chain() to for_each_chain4()
>       v6: rename for_each_chain() to for_each_chain6()
>       v4: rename flush_entries() to flush_entries4()
>       v6: rename flush_entries() to flush_entries6()
>       v4: rename delete_chain() to delete_chain4()
>       v6: rename delete_chain() to delete_chain6()
>       v4: rename print_rule() to print_rule4()
>       v6: rename print_rule() to print_rule6()
>       v4: rename do_command() to do_command4()
>       v6: rename do_command() to do_command6()
>       move 'int line' definition from ip6?tables.c into xtables.c
>       convert ip6?tables-multi to actually use their own header files
>       Don't load ip6?_tables module when already loaded
> Maciej Żenczykowski (3):
>       Add --ipv4/-4 and --ipv6/-6 support to ip6?tables{,-restore}.
>       Move common parts of libext{4,6}.a into libext.a
>       combine ip6?tables-multi into xtables-multi
> Mark Montague (1):
>       iptables: documentation for iptables and ip6tables "security" tables
> Max Kellerman (1):
>       xtables: use strspn() to check if string needs to be quoted
> Pablo Neira Ayuso (1):
>       libxt_cluster: fix inversion in the cluster match
> Patrick McHardy (16):
>       Revert "libxtables: change option precedence order to be intuitive"
>       Merge branch 'master' of git://dev.medozas.de/iptables
>       extensions: libxt_conntrack: add support for specifying port ranges
>       extensions: add extension for devgroup match
>       Merge branch 'master' of git://dev.medozas.de/iptables
>       Merge branch 'master' of vishnu.netfilter.org:/data/git/iptables
>       Merge branch 'opts' of git://dev.medozas.de/iptables
>       Merge branch 'opts' of git://dev.medozas.de/iptables
>       Merge branch 'floating/opts' of git://dev.medozas.de/iptables
>       Merge branch 'opts' of git://dev.medozas.de/iptables
>       Merge branch 'opts' of git://dev.medozas.de/iptables
>       Merge branch 'master' of git://dev.medozas.de/iptables
>       Merge branch 'opts' of git://dev.medozas.de/iptables
>       Merge branch 'floating/opts' of git://dev.medozas.de/iptables
>       Merge branch 'master' of git://dev.medozas.de/iptables
>       Bump version to 1.4.11
> Rob Leslie (1):
>       iptables-restore: resolve confusing policy error message
> Stefan Tomanek (2):
>       ip(6)tables-multi: unify subcommand handling
>       iptables: add -C to check for existing rules
> Stephen Beahm (1):
>       libipt_REDIRECT: avoid dereference of uninitialized pointer
> Thomas Graf (2):
>       libxt_AUDIT: add AUDIT target
>       iptables: add manual page section for AUDIT target
> Wes Campaigne (4):
>       libxtables: avoid confusing use of ai_protocol=IPPROTO_IPV6
>       xtables: fix excessive memory allocation in host_to_ipaddr
>       xtables: fix the broken detection/removal of redundant addresses
>       xtables: use all IPv6 addresses resolved from a hostname

Signoff x86_64


More information about the arch-dev-public mailing list