| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
| |
By default the build system only looks for $(LOCAL_PATH)/NOTICE.
In this case we need to explicitly set LOCAL_NOTICE_FILE.
Bug: 27844589
Change-Id: Ia6d19e50b132e1bd9f8f3b82e5d66280638ad867
|
|\
| |
| |
| |
| |
| | |
ip[6]tables-restore"
* commit 'c4afcd7f3bfbc3b0c74eb024d2263cc6cc40b9d3':
|
| |\
| | |
| | |
| | |
| | |
| | | |
ip[6]tables-restore"
* commit '16752d9f7a92d4404a65296080f581d821e52e11':
|
| | |\
| | | |
| | | |
| | | |
| | | | |
* commit 'f2a192e32451d50910c432dbc66352602fda5136':
Add '-w' option to ip[6]tables-restore
|
|\| | |
| | | |
| | | |
| | | |
| | | |
| | | | |
ip[6]tables-restore and ip[6]tables-save to /system/bin"
* commit '508f165911045f283deaccc86f925daffe2867f2':
|
| |\| |
| | | |
| | | |
| | | |
| | | |
| | | | |
ip[6]tables-save to /system/bin"
* commit '0304f3bd45922a134b001955529bc72dc7525303':
|
| | |\ \
| | | | |
| | | | |
| | | | |
| | | | | |
* commit '745484a52c87b3d8d87f1e055713c3cec4744326':
Add ip[6]tables-restore and ip[6]tables-save to /system/bin
|
|\| | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
isn\'t guaranteed to be sorted"
* commit '968fa2eecc668bb07d8eaecd5293f6a3a527f957':
|
| |\| | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
to be sorted"
* commit 'a2981544ac2f64fcf942881362057bf81e9a195e':
|
| | |\ \ \
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
* commit '592f0b0cbfc7d9c6e88c00d963e9cad5a8e7374f':
build: wildcard isn't guaranteed to be sorted
|
|\| | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
libxt_socket: add --restore-skmark option"
* commit '3dad54a15e5719f6e2e5c70871943616c1df0a04':
|
| |\| | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
--restore-skmark option"
* commit 'a41cf02b99cfc7fc6f577d79a746424239de2cf6':
|
| | |\ \ \ \
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
* commit '53b5e80f3deffc6134f6b2582746b3474d0cffd1':
extensions: libxt_socket: add --restore-skmark option
|
|\| | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
* commit 'b48d95166b2b01228ca278e71df41d0876ea1fa9':
Add '-w' option to ip[6]tables-restore
|
| |\ \ \ \ \ \
| | | |_|_|_|/
| | |/| | | |
| | | | | | |
| | | | | | | |
* commit 'f2a192e32451d50910c432dbc66352602fda5136':
Add '-w' option to ip[6]tables-restore
|
| | |\ \ \ \ \
| | | |_|_|_|/
| | |/| | | | |
|
| | |/ / / /
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
so ip[6]tables-restrore and ip[6]tables commands can be safely
executed in parallel.
Bug: 21725996
Change-Id: I4d0c0e5ff9e7881d9ebdfa5d4c733029703bb8de
|
|\| | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
ip[6]tables-save to /system/bin"
* commit 'd26b57b65706376ab01abefcb093a52ced73afa4':
Add ip[6]tables-restore and ip[6]tables-save to /system/bin
|
| |\| | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
* commit '745484a52c87b3d8d87f1e055713c3cec4744326':
Add ip[6]tables-restore and ip[6]tables-save to /system/bin
|
| | |\ \ \ \
| | | |_|_|/
| | |/| | | |
|
| | |/ / /
| | | | |
| | | | |
| | | | |
| | | | | |
Bug: 21725996
Change-Id: I948dc7282b51c05fe795ead9a764c2dcc9705001
|
|\| | | |
| | | | |
| | | | |
| | | | |
| | | | | |
* commit '34030eac10964de1cba20720e58b4bbba5f13dfe':
build: wildcard isn't guaranteed to be sorted
|
| |\| | |
| | | | |
| | | | |
| | | | |
| | | | | |
* commit '592f0b0cbfc7d9c6e88c00d963e9cad5a8e7374f':
build: wildcard isn't guaranteed to be sorted
|
| | |\ \ \
| | | |_|/
| | |/| | |
|
| | |/ /
| | | |
| | | |
| | | |
| | | |
| | | | |
To prevent this from changing between builds, wrap in $(sort )
Change-Id: Ib7758346c9d5a6752bca6d547ccdd5ce7344fb49
|
|\| | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
--restore-skmark option"
* commit '1eb9371aeb2be36673223cc1c6ce274466f1d2c3':
extensions: libxt_socket: add --restore-skmark option
|
| |\| |
| | | |
| | | |
| | | |
| | | | |
* commit '53b5e80f3deffc6134f6b2582746b3474d0cffd1':
extensions: libxt_socket: add --restore-skmark option
|
| | |\ \ |
|
| | |/ /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
xt_socket is useful for matching sockets with IP_TRANSPARENT and
taking some action on the matching packets. However, it lacks the
ability to match only a small subset of transparent sockets.
Suppose there are 2 applications, each with its own set of transparent
sockets. The first application wants all matching packets dropped,
while the second application wants them forwarded somewhere else.
Add the ability to retore the skb->mark from the sk_mark. The mark
is only restored if a matching socket is found and the transparent /
nowildcard conditions are satisfied.
Now the 2 hypothetical applications can differentiate their sockets
based on a mark value set with SO_MARK.
iptables -t mangle -I PREROUTING -m socket --transparent \
--restore-skmark -j action
iptables -t mangle -A action -m mark --mark 10 -j action2
iptables -t mangle -A action -m mark --mark 11 -j action3
Signed-off-by: Harout Hedeshian <harouth@codeaurora.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Change-Id: I8f95f053bf32181bf0928f0a86f594212a1c767b
|
|\ \ \ \
| |/ / /
|/| | | |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This will be used for automated notification of external vulnerability
reports.
Change-Id: Idb22ae6b4986dad5e9a5c8b907ea104cf1132394
|
|\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | | |
* commit 'de2fa7133374831bcb5080a43e567e2e41f84ee7':
extensions: libxt_socket: add --restore-skmark option
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
xt_socket is useful for matching sockets with IP_TRANSPARENT and
taking some action on the matching packets. However, it lacks the
ability to match only a small subset of transparent sockets.
Suppose there are 2 applications, each with its own set of transparent
sockets. The first application wants all matching packets dropped,
while the second application wants them forwarded somewhere else.
Add the ability to retore the skb->mark from the sk_mark. The mark
is only restored if a matching socket is found and the transparent /
nowildcard conditions are satisfied.
Now the 2 hypothetical applications can differentiate their sockets
based on a mark value set with SO_MARK.
iptables -t mangle -I PREROUTING -m socket --transparent \
--restore-skmark -j action
iptables -t mangle -A action -m mark --mark 10 -j action2
iptables -t mangle -A action -m mark --mark 11 -j action3
Bug: 20663075
Signed-off-by: Harout Hedeshian <harouth@codeaurora.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
(cherry picked from commit 3b20fc71c99acd604d635deacef99769e36191b5)
Change-Id: If746841dea9db9f1c7ad1d74ed37fa13109e37ff
|
|\| | | |
| |_|_|/
|/| | |
| | | |
| | | | |
* commit 'fbb436cf1271a2868f5c55009bb8bf044a6aa809':
xt_socket: add --nowildcard flag
|
| |\ \ \
| | |/ /
| |/| | |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
xt_socket module can be a nice replacement to conntrack module
in some cases (SYN filtering for example)
But it lacks the ability to match the 3rd packet of TCP
handshake (ACK coming from the client).
Add a XT_SOCKET_NOWILDCARD flag to disable the wildcard mechanism
The wildcard is the legacy socket match behavior, that ignores
LISTEN sockets bound to INADDR_ANY (or ipv6 equivalent)
iptables -I INPUT -p tcp --syn -j SYN_CHAIN
iptables -I INPUT -m socket -j ACCEPT
Bug: 20663075
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Patrick McHardy <kaber@trash.net>
Cc: Jesper Dangaard Brouer <brouer@redhat.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|\ \ \ \
| |/ / /
|/| | /
| | |/
| |/| |
* commit '9bc8d9b4e3b0229b0e9a8007cac49e1093e58f21':
xt_socket: add --nowildcard flag
|
| |\ \ |
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
xt_socket module can be a nice replacement to conntrack module
in some cases (SYN filtering for example)
But it lacks the ability to match the 3rd packet of TCP
handshake (ACK coming from the client).
Add a XT_SOCKET_NOWILDCARD flag to disable the wildcard mechanism
The wildcard is the legacy socket match behavior, that ignores
LISTEN sockets bound to INADDR_ANY (or ipv6 equivalent)
iptables -I INPUT -p tcp --syn -j SYN_CHAIN
iptables -I INPUT -m socket -j ACCEPT
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Patrick McHardy <kaber@trash.net>
Cc: Jesper Dangaard Brouer <brouer@redhat.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|\ \ \
| |/ /
|/| /
| |/ |
master_merge
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Correct trimming of userspacesize to fix deletions.
Fixes: Bugzilla #884.
The rule having TEE target with '--oif' option cannot be deleted by iptables command.
$ iptables -I INPUT -i foo -j TEE --gateway x.x.x.x --oif bar
$ iptables -D INPUT -i foo -j TEE --gateway x.x.x.x --oif bar
iptables: No chain/target/match by that name.
[Cherry-pick of iptables df3741332d86629a8fdd267930e0a249803f6aa8]
Signed-off-by: Loganaden Velvindron <logan@elandsys.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Change-Id: Ieb43487811669d502074330a0cba7c8d4c9c7446
|
|\ \ |
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Correct trimming of userspacesize to fix deletions.
Fixes: Bugzilla #884.
The rule having TEE target with '--oif' option cannot be deleted by iptables command.
$ iptables -I INPUT -i foo -j TEE --gateway x.x.x.x --oif bar
$ iptables -D INPUT -i foo -j TEE --gateway x.x.x.x --oif bar
iptables: No chain/target/match by that name.
[Cherry-pick of iptables df3741332d86629a8fdd267930e0a249803f6aa8]
Signed-off-by: Loganaden Velvindron <logan@elandsys.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Change-Id: Ieb43487811669d502074330a0cba7c8d4c9c7446
|
|\ \ |
|
|/ /
| |
| |
| |
| |
| |
| |
| | |
calling local-intermediates-dir before LOCAL_MODULE and LOCAL_MODULE_CLASS
have been set will break the build system when using the mm option
( build modules in the current directory )
Change-Id: Ib89dc80fb6f7ca77207d2114d1237477ac2d7a1f
|
|\ \ |
|
|/ /
| |
| |
| |
| |
| | |
libxt_recent.c compares address of array 'info->name' with null.
Change-Id: I3be0763ab261439cb9d6881ef2b6ba0ea29e7f4e
|
|\ \ |
|
|/ /
| |
| |
| |
| |
| |
| |
| | |
This variable is unused, and will actually break the build system if
this makefile is included first, since `local-intermediates-dir`
requires LOCAL_MODULE and LOCAL_MODULE_CLASS to be set before calling.
Change-Id: I326e9f184bb00f53bf81c59cdbeddb4be801e1e3
|
|\ \
| |/
|/| |
|