      [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables · 2e4e6a17
      This monster-patch tries to do the best job for unifying the data
      structures and backend interfaces for the three evil clones ip_tables,
      ip6_tables and arp_tables.  In an ideal world we would never have
      allowed this kind of copy+paste programming... but well, our world
      isn't (yet?) ideal.
      o introduce a new x_tables module
      o {ip,arp,ip6}_tables depend on this x_tables module
      o registration functions for tables, matches and targets are only
        wrappers around x_tables provided functions
      o all matches/targets that are used from ip_tables and ip6_tables
        are now implemented as xt_FOOBAR.c files and provide module aliases
        to ipt_FOOBAR and ip6t_FOOBAR
      o header files for xt_matches are in include/linux/netfilter/,
        include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
        around the xt_FOOBAR.h headers
      Based on this patchset we're going to further unify the code,
      gradually getting rid of all the layer 3 specific assumptions.
      Signed-off-by: default avatarHarald Welte <laforge@netfilter.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      [NETFILTER]: Fix recent match jiffies wrap mismatches · 2a43c4af
      Around jiffies wrap time (i.e. within first 5 mins after boot), recent
      match rules which contain both --seconds and --hitcount arguments
      experience false matches.
      This is because the last_pkts array is filled with zeros on creation, and
      when comparing 'now' to 0 (+ --seconds argument), time_before_eq thinks it
      has found a hit.
      Below patch adds a break if the packet value is zero.  This has the
      unfortunate side effect of causing mismatches if a packet was received
      when jiffies really was equal to zero.  The odds of that happening are
      slim compared to the problems caused by not adding the break however.
      Plus, the author used this same method just below, so it is "good enough".
      This fixes netfilter bugs #383 and #395.
      Signed-off-by: default avatarPhil Oester <kernel@linuxace.com>
      Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Linux-2.6.12-rc2 · 1da177e4
      Initial git repository build. I'm not bothering with the full history,
      even though we have it. We can create a separate "historical" git
      archive of that later if we want to, and in the meantime it's about
      3.2GB when imported into git - space that would just make the early
      git days unnecessarily complicated, when we don't have a lot of good
      infrastructure for it.
      Let it rip!