2 Changelog for v2.0.10-4
3 * really fix counter setting bug (thanks to James' persistence)
5 Changelog for v2.0.10-3
6 * fix counter setting bug (reported by James Sinclair)
8 Changelog for v2.0.10-2
9 * enable compiler optimizations (-O3)
10 * small changes to remove the compiler warnings due to optimization being
11 turned on (thanks to Peter Volkov)
12 * respect LDFLAGS in Makefiles (Peter Volkov)
14 Changelog for v2.0.10-1
15 * fix --among-dst-file, which translated to --among-src
16 (reported by Thierry Watelet)
17 * fix bug in test_ulog.c example
18 * Makefile: respect LDFLAGS during ebtables build (Peter Volkov)
19 * Makefile: create directories to avoid build failure when DESTDIR is
20 supplied (Peter Volkov)
21 * incorporate fixes for possible issues found by Coverity analysis
22 (thanks to Jiri Popelka)
23 * define __EXPORTED_HEADERS__ to get access to the Linux kernel headers
24 * extend ebt_ip6 to allow matching on ipv6-icmp types/codes (by Florian
26 * Print a more useful error message when an update of the kernel table
28 * Add --concurrent option, which enables using a file lock to support
29 concurrent scripts updating the ebtables kernel tables
31 Changelog for v2.0.9-2
32 * fix unwanted zeroing of counters in the last user-defined chain
33 (reported by Jon Lewis)
34 * fix hidden symbol compilation error when using ld directly
35 * fix return value checking of creat to give a correct error
36 message if the atomic file couldn't be created
37 * correct info in INSTALL about compilation of ulog
39 Changelog for v2.0.9 vs v2.0.8-2
40 * added ip6 module for filtering IPv6 traffic (Kuo-Lang Tseng,
42 * added --log-ip6 option for logging IPv6 traffic (Kuo-Lang Tseng,
44 * added nflog watcher for logging packets to userspace (Peter Warasin)
45 * bugfix in ebtables.sysv (Michal Soltys)
46 * bugfix for among match on x86-64 (reported by Pavel Emelyanov)
49 * fixed a few reported bugs
50 * ebt_among --among-dst-file and --among-src-file: allow
51 the list to be given in a file (circumvents command line max.
53 * ebt_nat --snat-arp: if it's an arp packet, also change the source
54 address in the arp header
55 * ebt_mark --mark-or, --mark-xor, --mark-and
58 * ebtables modules are now located in /usr/lib/ebtables/
59 * added '/sbin/service ebtables' support
60 * added ebtables-save (thanks to Rok Papez <rok.papez@arnes.si>)
61 and ebtables-restore (the first one a perl script, the second
62 one written in c (fast))
63 * optimized the code for the '-A' command, making ebtables-restore
65 * ebtablesd/ebtablesu is deprecated and not compiled by default
66 the ebtables-save/ebtables-restore scheme is much better
70 * made the ebtables code modular (make library functions).
71 * added the ebtablesd/ebtablesu scheme to allow faster
72 addition of rules (and to test the modular code).
74 * added -c option (initialize counters)
75 * added -C option (change counters)
78 * <grzes_at_gnu.univ.gda.pl> added arpreply and among modules
79 * <tommy_at_home.tig-grr.com> added limit match
81 * added (automatic) Sparc64 support, thanks to Michael Bellion and
82 Thomas Heinz from hipac.org for providing a test-box.
84 * added stp frames match type
86 * added support for deleting all user-defined chains (-X option
87 without specified chain)
90 * <csv_at_bluetail.com> Chris Vitale: basic 802.3/802.2 filtering
91 (experimental, kernel files are in the CVS)
94 * added negative rule counter support
95 * bugfix: bcnt was not updated correctly
96 * <blancher_at_cartel-securite.fr> Cedric Blancher: add ARP MAC
100 * fixed check bug in ebt_ip.c (report from
101 joe_judge_at_guardium.com).
103 * fixed problem when removing a chain (report from
104 ykphuah_at_greenpacket.com).
105 * Added --help list_extensions which, well, lists the extensions
107 * changed the way to use the atomic operations. It's now possible
108 to use the EBTABLES_ATOMIC_FILE environment variable, so it's no
109 longer necessary to explicitly state the file name. See the man.
111 * changed the way of compiling. New releases will now contain their
112 own set of kernel includes. No more copying of kernel includes to
114 * added getethertype.c (Nick) and use it. Removed name_to_number()
115 and number_to_name().
117 * added possibility to specify a rule number interval when deleting
120 * added ! - option possibility, which is equivalent to - ! option
122 * since last entry: added byte counters and udp/tcp port matching
124 * updated the kernel files for 2.4.20-pre5 and 2.5.32
125 * last big cleanup of kernel and userspace code just finished
131 * other things done before 2.0-rc1 that I can think of,
133 * cache align counters for better smp performance
135 * check for --xxxx-target RETURN on base chain
140 * bugfix for --atomic-commit
142 * added mark target+match
144 * added --atomic options
146 * some unlogged changes (due to lazyness)
147 * added --Lc, --Ln, --Lx
149 * user defined chains support: added -N, -X, -E options.
151 * some unlogged changes (due to lazyness)
152 * change the output for -L to make it look like it would look when
153 the user inputs the command.
154 * try to autoload modules
155 * some minor bugfixes
156 * add user defined chains support (without new commands yet,
158 * comparing rules didn't take the logical devices into account
160 * update help for -s and -d
161 * add VLAN in ethertypes
162 * add SYMLINK option for compiling
164 * allow -i and --logical-in in BROUTING
165 * update the manual page
166 * rename /etc/etherproto into /etc/ethertypes (seems to be a more
168 * add MAC mask for -s and -d, also added Unicast, Multicast and
169 Broadcast specification for specifying a (family of) MAC
172 * added broute table.
173 * added redirect target.
174 * added --redirect-target, --snat-target and --dnat-target options.
175 * added logical_out and logical_in
176 * snat bugfix (->size)
178 * fixed some things in the manual.
181 * -j standard no longer works, is this cryptic? good :)
182 * lots of beautification.
183 - made some code smaller
184 - made everything fit within 80 columns
185 * fix problems with -i and -o option
186 * print_memory now prints useful info
187 * trying to see the tables when ebtables is not loaded in kernel
188 no longer makes this be seen as a bug.
190 ebtables v2.0 released, changes:
191 * A complete rewrite, made everything modular.
192 * Fixed a one year old bug in br_db.c. A similar bug was present
193 in ebtables.c. It was visible when the number of rules got
195 * Removed the option to allow/disallow counters. Frames passing
196 by are always counted now.
197 * Didn't really add any new functionality. However, it will be
198 _alot_ easier and prettier to do so now. Feel free to add an
200 * There are 4 types of extensions:
202 - Matches: like iptables has.
203 - Watchers: these only watch frames that passed all the matches
204 of the rule. They don't change the frame, nor give a verdict.
205 The log extension is a watcher.
207 * user32/kernel64 architectures like the Sparc64 are unsupported.
208 If you want me to change this, give me access to such a box,
209 and don't pressure me.