aboutsummaryrefslogtreecommitdiffstats
path: root/package/network
Commit message (Collapse)AuthorAgeFilesLines
* hostapd: fix compile of -mini variantsDaniel Golle2018-04-131-0/+23
| | | | | | Fixes commit d88934aa5a (hostapd: update to git snapshot of 2018-04-09) Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* hostapd: update to git snapshot of 2018-04-09Daniel Golle2018-04-1332-76/+1085
| | | | | | | | | And import patchset to allow 802.11s mesh on DFS channels, see also http://lists.infradead.org/pipermail/hostap/2018-April/038418.html Fix sae_password for encryption mesh (sent upstream as well). Also refreshed existing patches and fixed 463-add-mcast_rate-to-11s. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* ebtables: update to latest git 2018-04-11Matthias Schiffer2018-04-122-5/+5
| | | | | | | | | | | 2e783b227766 ebt_ip: add support for matching IGMP type b5fbb8d786c9 ebt_ip: add support for matching ICMP type and code c5e5b784fd1a Move ICMP type handling functions from ebt_ip6 to useful_functions.c 11da52177196 include: sync linux/netfilter_bridge/ebt_ip.h with kernel Note: the new features require at least kernel 4.17 or backported patches. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* iptables: split physdev match out as a separate packageMatthias Schiffer2018-04-091-1/+10
| | | | | | | Split physdev match out of ipt-extra to allow installing ipt-extra without pulling in br-netfilter. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* dnsmasq: remove example domains from rfc6761.conf (FS#1447)Hans Dedecker2018-04-092-5/+1
| | | | | | | | | | | | RFC6771 does not exclude the forwarding of the example domain as it states : "Caching DNS servers SHOULD NOT recognize example names as special and SHOULD resolve them normally." Example domains cannot be assigned to any user or person by DNS registrars as they're registered in perpetuity to IANA meaning they can be resolved; therefore let's remove the example domains from the rfc6761.conf file. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* odhcpd: update to latest git HEADHans Dedecker2018-04-091-4/+4
| | | | | | 31f217f router: improve RFC7084 compliancy Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* odhcp6c: update to latest git HEADHans Dedecker2018-04-051-4/+4
| | | | | | | | 74b5a3 script: fix possible negative delay 473f248 dhcpv6: always trigger script update in case of IA updates ea18935 ra: rework route information option handling Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* firewall: update to the latest version, adds hw flow offload supportFelix Fietkau2018-04-051-3/+3
| | | | | | 35b3e74 defaults: add support for setting --hw on the xt_FLOWOFFLOAD rule Signed-off-by: Felix Fietkau <nbd@nbd.name>
* kernel: add support for enabling hardware flow offload via iptablesFelix Fietkau2018-04-051-5/+82
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* samba36: fix some security problemsHauke Mehrtens2018-04-038-3/+322
| | | | | | | | | | This Adds fixes for the following security problems based on debians patches: CVE-2016-2125: Unconditional privilege delegation to Kerberos servers in trusted realms CVE-2017-12163: Server memory information leak over SMB1 CVE-2017-12150: SMB1/2/3 connections may not require signing where they should CVE-2018-1050: Denial of Service Attack on external print server. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* netifd: update to latest git HEADHans Dedecker2018-04-031-3/+3
| | | | | | 3dc8c91 interface-ip: fix memory leak in interface_ip_add_target_route() Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* odhcp6c: update to latest git HEADHans Dedecker2018-03-311-3/+3
| | | | | | | | | | 5cbd305 odhcp6c: improve code readibility eb83b7e treewide: improve error handling b7b11cb dhcpv6: initialize ifreq struct f0469e2 ra: handle socket fail creation d573461 odhcp6c: fix file pointer leakage Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* Revert "iproute2: fix hidden uint to uin64_t promotion in json_print"Kevin Darbyshire-Bryant2018-03-312-66/+1
| | | | | | | | | | This reverts commit 745d0e7f4b6e8659cc967291acd33889035127f0. It looks like upstream don't want the patch so let's revert it here too. I hope a fix from upstream is forthcoming. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* map: fix psidlen becoming negative (FS#1430)Hans Dedecker2018-03-292-11/+17
| | | | | | | | | Fix psidlen becomes negative in case embedded address bit lenght is smaller than IPv4 suffix length. While at it improve parameter checking making the code more logical and easier to read. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* Revert "ppp: make ppp-multilink provide ppp"Felix Fietkau2018-03-291-10/+9
| | | | | | | | | | opkg currently has some issues with Provides and this change makes the image builder fail because of that. Revert the change for now until opkg is fixed This reverts commit 092d75aa3e86db8331fffdbd0a99987df9dc438b. Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: update to git snapshot of 2018-03-26Daniel Golle2018-03-2735-1530/+153
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The following patches were merged upstream: 000-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch replaced by commit 0e3bd7ac6 001-Prevent-reinstallation-of-an-already-in-use-group-ke.patch replaced by commit cb5132bb3 002-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch replaced by commit 87e2db16b 003-Prevent-installation-of-an-all-zero-TK.patch replaced by commit 53bb18cc8 004-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch replaced by commit 0adc9b28b 005-TDLS-Reject-TPK-TK-reconfiguration.patch replaced by commit ff89af96e 006-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch replaced by commit adae51f8b 007-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch replaced by commit 2a9c5217b 008-WPA-Extra-defense-against-PTK-reinstalls-in-4-way-ha.patch replaced by commit a00e946c1 009-Clear-PMK-length-and-check-for-this-when-deriving-PT.patch replaced by commit b488a1294 010-Optional-AP-side-workaround-for-key-reinstallation-a.patch replaced by commit 6f234c1e2 011-Additional-consistentcy-checks-for-PTK-component-len.patch replaced by commit a6ea66530 012-Clear-BSSID-information-in-supplicant-state-machine-.patch replaced by commit c0fe5f125 013-WNM-Ignore-WNM-Sleep-Mode-Request-in-wnm_sleep_mode-.patch replaced by commit 114f2830d Some patches had to be modified to work with changed upstream source: 380-disable_ctrl_iface_mib.patch (adding more ifdef'ery) plus some minor knits needed for other patches to apply which are not worth being explicitely listed here. For SAE key management in mesh mode, use the newly introduce sae_password parameter instead of the psk parameter to also support SAE keys which would fail the checks applied on the psk field (ie. length and such). This fixes compatibility issues for users migrating from authsae. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* netifd: update to the latest version (fixes FS#1452)Felix Fietkau2018-03-271-4/+4
| | | | | | 9c8d781 netifd: return the interface for locally addressable host dependencies Signed-off-by: Felix Fietkau <nbd@nbd.name>
* dnsmasq: improve init script portability (FS#1446)Hans Dedecker2018-03-242-2/+2
| | | | | | | | | | | | | Improve portability of init script by declaring resolvfile as local in dnsmasq_stop function. Fixes resolvfile being set for older busybox versions in dnsmasq_start in a multi dnsmasq instance config when doing restart; this happens when the last instance has a resolvfile configured while the first instance being started has noresolv set to 1. Base on a patch by "Phil" Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* ethtool: Update to 4.15.Rosen Penev2018-03-231-2/+2
| | | | | | Contains kernel 4.14 updates. Compile tested on mvebu. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* iproute2: cake: support new overhead reporting & stats structuresKevin Darbyshire-Bryant2018-03-231-266/+969
| | | | | | | | | | | | | | | | | | | | | | Cake in kernel space now splits stats structure handling across netlink messages to reduce stack usage issue flagged by upstream kernel checks. Update user space (tc) qdisc handling to understand this new regime. Cake also reports packet overheads & compensation in a different way so add display code for this. e.g. 'tc -s qdisc show dev eth0' reports this extra detail: min/max transport layer size: 28 / 1500 min/max overhead-adjusted size: 65 / 1550 average transport hdr offset: 14 Cake also supports output in JSON format. Patch is bulkier than before because a (slightly out of date - see above stats) man page is included for reference. Better than nothing! Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* firewall: update to latest git HEADHans Dedecker2018-03-221-3/+3
| | | | | | | | | 5cdf15e helpers.conf: add CT rtsp helper d5923f1 Reword rule comments c1a295a defaults: add support for xt_FLOWOFFLOAD rule 41c2ab5 ipsets: add support for specifying entries Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* openvpn: remove deprecated config optionsHans Dedecker2018-03-202-8/+1
| | | | | | | | Remove deprecated config options in 2.5 as described in [0] [0] https://community.openvpn.net/openvpn/wiki/DeprecatedOptions Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* iproute2: fix hidden uint to uin64_t promotion in json_printKevin Darbyshire-Bryant2018-03-192-1/+66
| | | | | | | | | | | | | | | | | | | | | | | | | print_int used 'int' type internally, whereas print_uint used 'uint64_t' These helper functions eventually call vfprintf(fp, fmt, args) which is a variable argument list function and is dependent upon 'fmt' containing correct information about the length of the passed arguments. Unfortunately print_int v print_uint offered no clue to the programmer that internally passed ints to print_uint were being promoted to 64bits, thus the format passed in 'fmt' string vs the actual passed integer could be different lengths. This is even more interesting on big endian architectures where 'vfprintf' would be looking in the middle of an int64 type. Symptoms of this included tc qdisc showing bizarre values for a variety of fields across a variety of qdiscs (e.g. refcnt, flows, quantum) print_u/int now stick with native int size. A similar patch has been sent upstream. Fixes FS#1425 Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* dnsmasq: bump to 2.79 releaseKevin Darbyshire-Bryant2018-03-191-3/+3
| | | | | | | 94b6878 Tidy crypto.c of old library compat. Now need libnettle 3. 8b96552 Fix compiler warning. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* curl: Update to 7.59Rosen Penev2018-03-191-2/+2
| | | | | | Compile tested on ar71xx. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* openvpn: add config param verify_client_certChristian Bayer2018-03-172-1/+2
| | | | | | | | | Option --client-cert-not-required DEPRECATED is deprecated in v2.4 and removed in OpenVPN 2.5. Replaced by param --verify-client-cert none|optional|require in v2.4 see https://community.openvpn.net/openvpn/wiki/ DeprecatedOptions#a--client-cert-not-required Signed-off-by: Christian Bayer <cave@cavebeat.org> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_ RELEASE increase]
* dnsmasq: bump to 2.79rc2Hans Dedecker2018-03-131-2/+2
| | | | | | | | | | | | | | | | | | ae29065 Fix debian/changelog syntax. 6b2b564 Enhance --synth-domain to allow names with sequential integers. 4f7bb57 Fix deletion of dhcp-options from inotify dynamic files. 56f0623 Allow trailing dot in CNAME. f3223fb Fix nettle_hash() function to avoid ABI incompatibilities. 4c4f4c2 Debian dependency tweaking for new dnsmasq-base-lua package. 773af30 Man page typo fix. 4cc944b Merge branch 'master' of ssh://thekelleys.org.uk/var/local/git/dnsmasq 87e00fe Compiler warning fixes. e7a4af8 Compiler warning fixes. 2d69d61 Add liblua-dev to Debian build-depends. 30e4a94 Debian package: add dnsmasq-base-lua binary package. 232a8f3 Merge messages for release. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* 6in4: support multiple additional user prefixesJo-Philipp Wich2018-03-132-6/+11
| | | | | | | | | | | | | | Support configuration in the form... list ip6prefix 2001:db8:1234::/64 list ip6prefix 2001:db8:5678::/64 ... to allow specifying multiple routed IPv6 prefixes. Implements feature request FS#1361. Signed-off-by: Jo-Philipp Wich <jo@mein.io> Acked-by: Hans Dedecker <dedeckeh@gmail.com>
* netifd: update to the latest version (fixes FS#1358)Felix Fietkau2018-03-131-3/+3
| | | | | | | | 1f5a29c ip: do not add local routes for host dependencies c06f842 device: add support for setting the isolate options for bridge ports 69aeaab interface-ip: fix route selection for host dependencies Signed-off-by: Felix Fietkau <nbd@nbd.name>
* ppp: make ppp-multilink provide pppFelix Fietkau2018-03-121-9/+10
| | | | | | Fixes dependencies on ppp from other packages Signed-off-by: Felix Fietkau <nbd@nbd.name>
* iperf3: update to 3.5Philip Prindeville2018-03-092-67/+2
| | | | | | Get rid of patches which are already upstream. Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* openvpn: update to 2.4.5Magnus Kroken2018-03-094-24/+19
| | | | | Signed-off-by: Magnus Kroken <mkroken@gmail.com> Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* ebtables: update to latest git 2018-01-17Hans Dedecker2018-03-081-3/+3
| | | | | | 068ba95 Fix locking if LOCKDIR does not exist Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* firewall: bump to git HEADStijn Tintel2018-03-081-3/+5
| | | | | | | | | | | 392811a ubus: let fw3_ubus_address() return the number of resolved addresses 359adcf options: emit an empty address item when resolving networks fails 503db4a zones: disable masq when resolving of all masq_src or masq_dest items failed f50a524 helpers: implement explicit CT helper assignment support a3ef503 zones: allow per-table log control 8ef12cb iptables: fix possible NULL pointer access on constructing rule masks Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* wireguard: bump to 20180304Jason A. Donenfeld2018-03-061-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 7c0d711 version: bump snapshot b6a5cc0 contrib: add extract-handshakes kprobe example 37dc953 wg-quick: if resolvconf/run/iface exists, use it 1f9be19 wg-quick: if resolvconf/interface-order exists, use it 4d2d395 noise: align static_identity keys 14395d2 compat: use correct -include path 38c6d8f noise: fix function prototype 302d0c0 global: in gnu code, use un-underscored asm ff4e06b messages: MESSAGE_TOTAL is unused ea81962 crypto: read only after init e35f409 Kconfig: require DST_CACHE explicitly 9d5baf7 Revert "contrib: keygen-html: rewrite in pure javascript" 6e09a46 contrib: keygen-html: rewrite in pure javascript e0af0f4 compat: workaround netlink refcount bug ec65415 contrib: embedded-wg-library: add key generation functions 06099b8 allowedips: fix comment style ce04251 contrib: embedded-wg-library: add ability to add and del interfaces 7403191 queueing: skb_reset: mark as xnet Changes: * queueing: skb_reset: mark as xnet This allows cgroups to classify packets. * contrib: embedded-wg-library: add ability to add and del interfaces * contrib: embedded-wg-library: add key generation functions The embeddable library gains a few extra tricks, for people implementing plugins for various network managers. * crypto: read only after init * allowedips: fix comment style * messages: MESSAGE_TOTAL is unused * global: in gnu code, use un-underscored asm * noise: fix function prototype Small cleanups. * compat: workaround netlink refcount bug An upstream refcounting bug meant that in certain situations it became impossible to unload the module. So, we work around it in the compat code. The problem has been fixed in 4.16. * contrib: keygen-html: rewrite in pure javascript * Revert "contrib: keygen-html: rewrite in pure javascript" We nearly moved away from emscripten'ing the fiat32 code, but the resultant floating point javascript was just too terrifying. * Kconfig: require DST_CACHE explicitly Required for certain frankenkernels. * compat: use correct -include path Fixes certain out-of-tree build systems. * noise: align static_identity keys Gives us better alignment of private keys. * wg-quick: if resolvconf/interface-order exists, use it * wg-quick: if resolvconf/run/iface exists, use it Better compatibility with Debian's resolvconf. * contrib: add extract-handshakes kprobe example Small utility for extracting ephemeral key data from the kernel's memory. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (git log --oneline description)
* lantiq: Deactivate ASLR support for some applicationsHauke Mehrtens2018-03-031-0/+1
| | | | | | | | | The lantiq components still leak some user space linker options into the kernel space. This breaks with build when ASLR is activated, deactivate it for now on these packages. Fixes: FS#1391 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* gre: squash grev4 and grev6 packages into gre (FS#1399)Hans Dedecker2018-03-021-34/+5
| | | | | | | | | The split-up into packages gre, grev4 and grev6 causes confusion for the users as reported in FS#1399. As IPv4 and IPv6 are considered now as bundled; squash the grev4 and grev6 packages into the gre package and let gre provide both grev4 and grev6. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* netifd: add udhcpc link check to dhcp shell handler scriptHans Dedecker2018-03-022-1/+3
| | | | | | | | Fixes the assumption the busybox udhcpc applet is always enabled; in case the symbolic link check fails the DHCP shell handler script will exit and as result the DHCP protocol handler will not be registered in netifd. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* iw: update to version 4.14Felix Fietkau2018-02-284-676/+101
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* netifd: update to the latest version, rewrite RPS/XPS handlingFelix Fietkau2018-02-282-3/+70
| | | | | | | | Remove RPS/XPS support from netifd core, move the logic to a hotplug script that uses a different policy which provides better performance and more fairness across flows Signed-off-by: Felix Fietkau <nbd@nbd.name>
* netifd: support DHCP sendopts as list optionsHans Dedecker2018-02-272-6/+8
| | | | | | | | | | | Support config in the form of .... add_list sendopts=router:10.10.10.2 add_list sendopts=nissrv:20.20.20.2 add_list sendopts=0x7D:abba This allows to configure sendopts having white spaces as option value Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* iptables: fix compile with kernel 3.18Hauke Mehrtens2018-02-261-0/+40
| | | | | | This fixes a compile bug found by build bot with kernel 3.18 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* hostapd: do not register ubus objects for mesh interfacesFelix Fietkau2018-02-241-0/+5
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* odhcp6c: rework sendopts handlingHans Dedecker2018-02-242-7/+6
| | | | | | Bring logic of sendopts handling in line with ip6prefix handling Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* odhcp6c: support multiple additional user prefixesJo-Philipp Wich2018-02-243-6/+13
| | | | | | | | | | | | | Support configuration in the form... list ip6prefix 2001:db8:1234::/64 list ip6prefix 2001:db8:5678::/64 ... to allow specifying multiple additional IPv6 prefixes. Implements feature request FS#1361. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* ethtool: import from packages, add myself as maintainerFelix Fietkau2018-02-241-0/+59
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* samba36: fix build (issue #5574)Jakub Tymejczyk2018-02-241-0/+1
| | | | | | | | | | | | As indicated in #5574 samba fails to build with linker error due to lack of talloc_* functions when the packet libtalloc also gets build. According to Makefile it is compiled with "--without-libtalloc" option. Running ./configure --help shows that there is another option connected to libtalloc: --enable/disable-external-libtalloc. Adding this option fixes build. Signed-off-by: Jakub Tymejczyk <jakub@tymejczyk.pl>
* iproute2: Add support for ports in xfrm on SCTPHauke Mehrtens2018-02-241-18/+0
| | | | | | | | Remove this old patch which prevents showing the xfrm ports for SCTP This was added in commit 60c1f0f64d23 ("finally move buildroot-ng to trunk") Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* iptables: update to 1.6.2Ansuel Smith2018-02-231-4/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 459b6932 policy: add nft translation for simple policy none/strict use case 255e55b7 tests: xlate-test: no need to require superuser privileges 6990bbc5 extensions: hashlimit: remove space before burst in translation to nft 13ecaeb0 extensions: hashlimit: Rename 'flow table' keyword to meter c252a2b0 extensions: Add test for cluster nft translation bda1daa4 extensions: ip6t_{S,D}NAT: add more tests 88fa4543 extensions: ip6t_{S,D}NAT: multiple to-dst/to-src arguments not reported 64a0e098 extensions: libxt_cluster: Add translation to nft 6067208f extensions: add support for 'srh' match 0f387b07 extensions: hashlimit: fix incorrect burst in translations 1ffe6a74 extensions: libxt_hashlimit: Do not print default timeout and burst 27de281d extensions: Add macro _DEFAULT_SOURCE. 75364151 iptables: Remove const qualifier from struct option. 8b0da213 iptables: masquerade: add randomize-full support e64db006 iptables: patch to correct linker flag sequence 033eac81 extensions: libxt_tcpmss: Add test case for invalid ranges. 505bfa11 iptables: xtables-eb: Remove const qualifier from struct option a6d6821a iptables: extensions: Fix MARK target help 71de414c libxt_sctp: fix array out of range in print_chunk 1a32381a extensions: add tests for ipcomp protocol 4bd51770 tests: xlate: print output in same way as nft-test.py d0e3d95f libxt_recent: Remove ineffective checks for info->name 23e6ed71 libxt_TOS: add tests for translation infrastructure 9564595e Update .gitignore bebce197 iptables: iptables-compat translation for TCPMSS dbbab0aa extensions: libxt_tcpmss: Detect invalid ranges 0e958281 iptables-translate: add test file for TCPMSS extension de3c68b6 iptables-compat: do not allow to delete populated user define chains f4b80ce7 iptables: change large file support handling f5b46c2f iptables: Constify option struct 21ba5b38 ip{,6}tables-restore: Don't accept wait-interval without wait 60e0ffd3 ip{,6}tables-restore: Don't ignore missing wait-interval value af468b6e utils: Add a man page for nfnl_osf 1773dcaa utils: nfnl_osf: Fix synopsis in help text 895ce096 extensions: libxt_bpf: fix missing __NR_bpf declaration 3c633296 xtables-compat-restore: fix translation of mangle's OUTPUT 1c32e560 netfilter: xt_hashlimit: add rate match mode b5331f88 xtables-compat: fix memory leak when listing 91ae12e3 xtables-compat-restore: fix several memory leaks 79e1edd1 iptables-xml: Fix segfault on jump without a target c49a93f1 xtables-translate: fix double space before comment 79fa7cc2 libip6t_icmp6: xlate: remove leftover space 8e62f572 tests: xlate: generalize owner 8d994bcf iptables: Add file output option to iptables-save f8e5ebc5 iptables: Fix crash on malformed iptables-restore 80d8bfaa iptables: insist that the lock is held. c29d99c8 libxtables: Display weird character warning for wildcards 1fe96cfb tests: xlate: check if it is being run as root 3f92b259 tests: xlate: remove python 3.5 dependency d89dc47a iptables-restore/save: exit when given an unknown option 65801d02 iptables-restore.8: document -w/-W options 9cd3adbe iptables-restore/ip6tables-restore: add --version/-V argument 1ec1fb7a extensions: libxt_hashlimit: fix 64-bit printf formats 27f69f4a iptables: extensions: Remove typedef in struct. 340105fa tests: add regression tests for xtables-translate b669e184 extensions: libxt_TOS: Add translation to nft b2a84476 iptables: Remove unnecessary braces. 2963a8df iptables: Remove explicit static variables initalization. 1cf4ba6f iptables: Constify option struct 999eaa24 iptables-restore: support acquiring the lock. 6e2e169e iptables: remove duplicated argument parsing code 836846f0 iptables: move XT_LOCK_NAME from CFLAGS to config.h. b91af533 iptables: set the path of the lock file via a configure option. 0e94eb2e iptables-translate: print nft iff there are more expanded rules to print 48ad179b libxtables: abolish AI_CANONNAME 9f50bbdf libxtables: remove unnecessary nesting from host_to_ip(6)addr c6df55d6 iptables-translate: print nft command for each expand rules via dns names 82dacbb8 xtables-translate: Avoid querying the kernel 9f972f45 extensions: libxt_addrtype: Add translation to nft 2c8e251e utils: nfsynproxy: fix build with musl libc 9b8cb756 libiptc: don't set_changed() when checking rules with module jumps eb66632d extensions: libxt_hashlimit: Add translation to nft 72bb3dbf xshared: using the blocking file lock request when we wait indefinitely 24f81746 xshared: do not lock again and again if "-w" option is not specified fc3c3b4e libxt_hashlimit: add new unit test to catch kernel bug 516d9191 iptables: update pf.os Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
* netfilter: add a xt_FLOWOFFLOAD target for NAT/routing offload supportFelix Fietkau2018-02-211-0/+18
| | | | | | | | | | This makes it possible to add an iptables rule that offloads routing/NAT packet processing to a software fast path. This fast path is much quicker than running packets through the regular tables/chains. Requires Linux 4.14 Signed-off-by: Felix Fietkau <nbd@nbd.name>