summaryrefslogtreecommitdiff
path: root/ChangeLog
blob: a8fa0bcbd1af1b68c8c830843474b8b08e8b74a1 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
20111204
	Changelog for v2.0.10-3
	* fix counter setting bug (reported by James Sinclair)
20110710
	Changelog for v2.0.10-2
	* enable compiler optimizations (-O3)
	* small changes to remove the compiler warnings due to optimization being
	  turned on (thanks to Peter Volkov)
	* respect LDFLAGS in Makefiles (Peter Volkov)
20110710
	Changelog for v2.0.10-1
	* fix --among-dst-file, which translated to --among-src
	  (reported by Thierry Watelet)
	* fix bug in test_ulog.c example
	* Makefile: respect LDFLAGS during ebtables build (Peter Volkov)
	* Makefile: create directories to avoid build failure when DESTDIR is
	  supplied (Peter Volkov)
	* incorporate fixes for possible issues found by Coverity analysis
	  (thanks to Jiri Popelka)
	* define __EXPORTED_HEADERS__ to get access to the Linux kernel headers
	* extend ebt_ip6 to allow matching on ipv6-icmp types/codes (by Florian
	  Westphal)
	* Print a more useful error message when an update of the kernel table
	  failed.
	* Add --concurrent option, which enables using a file lock to support
	  concurrent scripts updating the ebtables kernel tables
20100203
	Changelog for v2.0.9-2
	* fix unwanted zeroing of counters in the last user-defined chain
	  (reported by Jon Lewis)
	* fix hidden symbol compilation error when using ld directly
	* fix return value checking of creat to give a correct error
	  message if the atomic file couldn't be created
	* correct info in INSTALL about compilation of ulog
20090621
	Changelog for v2.0.9 vs v2.0.8-2
	* added ip6 module for filtering IPv6 traffic (Kuo-Lang Tseng,
	  Manohar Castelino)
	* added --log-ip6 option for logging IPv6 traffic (Kuo-Lang Tseng,
	  Manohar Castelino)
	* added nflog watcher for logging packets to userspace (Peter Warasin)
	* bugfix in ebtables.sysv (Michal Soltys)
	* bugfix for among match on x86-64 (reported by Pavel Emelyanov)
20061217
	Since last entry:
	* fixed a few reported bugs
	* ebt_among --among-dst-file and --among-src-file: allow
	  the list to be given in a file (circumvents command line max.
	  line length
	* ebt_nat --snat-arp: if it's an arp packet, also change the source
	  address in the arp header
	* ebt_mark --mark-or, --mark-xor, --mark-and
20051020
	Since last entry:
	* ebtables modules are now located in /usr/lib/ebtables/
	* added '/sbin/service ebtables' support
	* added ebtables-save (thanks to Rok Papez <rok.papez@arnes.si>)
	  and ebtables-restore (the first one a perl script, the second
	  one written in c (fast))
	* optimized the code for the '-A' command, making ebtables-restore
	  very fast.
	* ebtablesd/ebtablesu is deprecated and not compiled by default
	  the ebtables-save/ebtables-restore scheme is much better
20050117
	Since last entry:
	* added ulog watcher
	* made the ebtables code modular (make library functions).
	* added the ebtablesd/ebtablesu scheme to allow faster
	  addition of rules (and to test the modular code).
	* some small fixes
	* added -c option (initialize counters)
	* added -C option (change counters)
20031102
	Since last entry:
	* <grzes_at_gnu.univ.gda.pl> added arpreply and among modules
	* <tommy_at_home.tig-grr.com> added limit match
20030724
	* added (automatic) Sparc64 support, thanks to Michael Bellion and
	  Thomas Heinz from hipac.org for providing a test-box.
20030717
	* added stp frames match type
20030713
	* added support for deleting all user-defined chains (-X option
	  without specified chain)
20030601
	* added --Lmac2
	* <csv_at_bluetail.com> Chris Vitale: basic 802.3/802.2 filtering
	  (experimental, kernel files are in the CVS)

20030503
	* added negative rule counter support
	* bugfix: bcnt was not updated correctly
	* <blancher_at_cartel-securite.fr> Cedric Blancher: add ARP MAC
	  matching support
	* added pkttype match
20030402
	* fixed check bug in ebt_ip.c (report from
	  joe_judge_at_guardium.com).
20030111
	* fixed problem when removing a chain (report from
	  ykphuah_at_greenpacket.com).
	* Added --help list_extensions which, well, lists the extensions
20021203
	* changed the way to use the atomic operations. It's now possible
	  to use the EBTABLES_ATOMIC_FILE environment variable, so it's no
	  longer necessary to explicitly state the file name. See the man.
20021120
	* changed the way of compiling. New releases will now contain their
	  own set of kernel includes. No more copying of kernel includes to
	  /usr/include/linux
	* added getethertype.c (Nick) and use it. Removed name_to_number()
	  and number_to_name().
20021106
	* added possibility to specify a rule number interval when deleting
	  rules
20021102
	* added ! - option possibility, which is equivalent to - ! option
20021102
	* since last entry: added byte counters and udp/tcp port matching
20020830
	* updated the kernel files for 2.4.20-pre5 and 2.5.32
	* last big cleanup of kernel and userspace code just finished
20020820
	* ARP module bugfix
	* IP module bugfix
	* nat module bugfix
20020730
	* other things done before 2.0-rc1 that I can think of,
	  including kernel:
	* cache align counters for better smp performance
	* simplify snat code
	* check for --xxxx-target RETURN on base chain
	* cleanup code
	* minor bugfixes
20020724
	* code cleanup
	* bugfix for --atomic-commit
20020720
	* added mark target+match
20020714
	* added --atomic options
20020710
	* some unlogged changes (due to lazyness)
	* added --Lc, --Ln, --Lx
20020625
	* user defined chains support: added -N, -X, -E options.
20020621
	* some unlogged changes (due to lazyness)
	* change the output for -L to make it look like it would look when
	  the user inputs the command.
	* try to autoload modules
	* some minor bugfixes
	* add user defined chains support (without new commands yet,
	  deliberately)
	* comparing rules didn't take the logical devices into account
20020520
	* update help for -s and -d
	* add VLAN in ethertypes
	* add SYMLINK option for compiling
20020501
	* allow -i and --logical-in in BROUTING
	* update the manual page
	* rename /etc/etherproto into /etc/ethertypes (seems to be a more
	  standard name)
	* add MAC mask for -s and -d, also added Unicast, Multicast and
	  Broadcast specification for specifying a (family of) MAC
	  addresses.
20020427
	* added broute table.
	* added redirect target.
	* added --redirect-target, --snat-target and --dnat-target options.
	* added logical_out and logical_in
	* snat bugfix (->size)
20020414
	* fixed some things in the manual.
	* fixed -P problem.
20020411
	* -j standard no longer works, is this cryptic? good :)
	* lots of beautification.
	  - made some code smaller
	  - made everything fit within 80 columns
	* fix problems with -i and -o option
	* print_memory now prints useful info
	* trying to see the tables when ebtables is not loaded in kernel
	  no longer makes this be seen as a bug.
20020403
	ebtables v2.0 released, changes:
	* A complete rewrite, made everything modular.
	* Fixed a one year old bug in br_db.c. A similar bug was present
	  in ebtables.c. It was visible when the number of rules got
	  bigger (around 90).
	* Removed the option to allow/disallow counters. Frames passing
	  by are always counted now.
	* Didn't really add any new functionality. However, it will be
	  _alot_ easier and prettier to do so now. Feel free to add an
	  extension yourself.
	* There are 4 types of extensions:
	  - Tables.
	  - Matches: like iptables has.
	  - Watchers: these only watch frames that passed all the matches
	    of the rule. They don't change the frame, nor give a verdict.
	    The log extension is a watcher.
	  - Targets.
	* user32/kernel64 architectures like the Sparc64 are unsupported.
	  If you want me to change this, give me access to such a box,
	  and don't pressure me.