Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Use flock() for --concurrent option | Phil Sutter | 2017-10-24 | 2 | -52/+5 |
| | | | | | | | | | | | | | | The previous locking mechanism was not atomic, hence it was possible that a killed ebtables process would leave the lock file in place which in turn made future ebtables processes wait indefinitely for the lock to become free. Fix this by using flock(). This also simplifies code quite a bit because there is no need for a custom signal handler or an __exit routine anymore. Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> | ||||
* | ebtables: extensions: Constify option struct | Gargi Sharma | 2017-03-28 | 18 | -20/+20 |
| | | | | | | | | | The struct of the type option is only used to initialise a field inside the ebt_u_watcher or ebt_u_target or ebt_u_match struct and is not modified anywhere. Signed-off-by: Gargi Sharma <gs051095@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> | ||||
* | ebtables: Allow RETURN target rules in user defined chains | Alin Năstac | 2015-10-28 | 1 | -1/+1 |
| | | | | | | | | | | | | | | | | | | | | | | | | | During loop checking ebtables marks entries with '1 << NF_BR_NUMHOOKS' if they're called from a base chain rather than a user defined chain. This can be used by ebtables targets that can encode a special return value to bail out if e.g. RETURN is used from a base chain. Unfortunately, this is broken, since the '1 << NF_BR_NUMHOOKS' is also copied to called user-defined-chains (i.e., a user defined chain can no longer be distinguished from a base chain): root@OpenWrt:~# ebtables -N foo root@OpenWrt:~# ebtables -A OUTPUT -j foo root@OpenWrt:~# ebtables -A foo -j mark --mark-or 3 --mark-target RETURN --mark-target RETURN not allowed on base chain. This works if -A OUTPUT -j foo is omitted, but will still appear if we try to call foo from OUTPUT afterwards. After this patch we still reject '-A OUTPUT -j mark .. --mark-target RETURN'. Signed-off-by: Florian Westphal <fw@strlen.de> | ||||
* | ethernetdb.h: Remove C++ specific compiler hint macro _THROW | Felix Janda | 2015-05-21 | 1 | -6/+5 |
| | | | | | | | Fixes compilation with musl libc Signed-off-by: Felix Janda <felix.janda@posteo.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> | ||||
* | extensions: Use stdint types | Felix Janda | 2015-05-21 | 2 | -7/+7 |
| | | | | | Signed-off-by: Felix Janda <felix.janda@posteo.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> | ||||
* | Add kernel headers needed from v3.16 | Pedro Alvarez | 2015-03-02 | 20 | -0/+860 |
| | | | | | | | | | | | | | | Ebtables fails to compile with versions of the linux headers greater than v3.16 with this error: extensions/ebt_ulog.c:17:45: fatal error: linux/netfilter_bridge/ebt_ulog.h: No such file or directory #include <linux/netfilter_bridge/ebt_ulog.h> This patch adds netfilter_bridge headers for every supported extension, including filter.h and types.h, to avoid this problem and future problems with changes in the kernel headers. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> | ||||
* | don't print IPv6 mask if it's all ones (based on patch by Mariusz Mazur ↵ | Bart De Schuymer | 2014-04-14 | 3 | -2/+16 |
| | | | | <mmazur at axeos.com>) | ||||
* | remove ebtables-restore binary from repository | Bart De Schuymer | 2013-07-31 | 1 | -118/+0 |
| | |||||
* | Add --noflush command line support for ebtables-restore | Sanket Shah | 2013-07-31 | 1 | -4/+25 |
| | |||||
* | workaround for kernel regression bug: IPv6 source/destination addresses are ↵ | Luis Fernando | 2013-07-03 | 1 | -0/+4 |
| | | | | potentially not matched correctly | ||||
* | add info about -Wl,-no-as-needed | Bart De Schuymer | 2013-07-03 | 1 | -0/+2 |
| | |||||
* | fix compilation warning | Petri Gynther | 2013-02-24 | 1 | -1/+1 |
| | |||||
* | add RARP and update iana url | Bart De Schuymer | 2012-07-03 | 1 | -4/+6 |
| | |||||
* | bump release and update program dateebtables-2.0.10-4 | Bart De Schuymer | 2011-12-15 | 1 | -2/+2 |
| | |||||
* | changelog for 2.0.10-4 | Bart De Schuymer | 2011-12-15 | 1 | -0/+3 |
| | |||||
* | bugfix: setting rule in first built-in chain caused setting all counters to ↵ | Bart De Schuymer | 2011-12-15 | 1 | -1/+1 |
| | | | | zero (thanks to James Sinclair) | ||||
* | typo | Bart De Schuymer | 2011-12-04 | 1 | -1/+1 |
| | |||||
* | add changelog for v 2.0.10-3 | Bart De Schuymer | 2011-12-04 | 1 | -0/+3 |
| | |||||
* | bump version | Bart De Schuymer | 2011-12-04 | 1 | -1/+1 |
| | |||||
* | fix rule counter bug (reported by James Sinclair): possible wrong ↵ | Bart De Schuymer | 2011-12-04 | 1 | -0/+1 |
| | | | | initialization of counters | ||||
* | add changelog for v2.0.10-2 | Bart De Schuymer | 2011-08-11 | 1 | -0/+6 |
| | |||||
* | respect LDFLAGS (Peter Volkov) | Bart De Schuymer | 2011-08-11 | 2 | -2/+2 |
| | |||||
* | enable compiler optimizations, bump release number | Bart De Schuymer | 2011-08-11 | 1 | -2/+2 |
| | |||||
* | small changes to remove warnings when optimization is on (thanks to Peter ↵ | Bart De Schuymer | 2011-08-11 | 1 | -4/+4 |
| | | | | Volkov) | ||||
* | initialize some variables to get rid of warnings when compiling with ↵ | Bart De Schuymer | 2011-08-11 | 2 | -4/+4 |
| | | | | optimization | ||||
* | remove definition of __EXPORTED_HEADERS__: we use sanitized header files now | Bart De Schuymer | 2011-08-11 | 2 | -2/+0 |
| | |||||
* | add changelog for v2.0.10-1 | Bart De Schuymer | 2011-07-10 | 1 | -0/+15 |
| | |||||
* | bump prog version, add LOCKDIR variable, add -Werror compile flag | Bart De Schuymer | 2011-07-10 | 1 | -10/+13 |
| | |||||
* | remove compile warning, conditionally define LOCKFILE | Bart De Schuymer | 2011-07-10 | 1 | -0/+4 |
| | |||||
* | define __EXPORTED_HEADERS__ to get access to kernel headers | Bart De Schuymer | 2011-07-10 | 1 | -1/+1 |
| | |||||
* | add a reference to the lock file | Bart De Schuymer | 2011-07-10 | 1 | -0/+1 |
| | |||||
* | add info about the lock file compile time option | Bart De Schuymer | 2011-07-10 | 1 | -3/+6 |
| | |||||
* | remove irrelevant negative value check for the result of strtoul, found by ↵ | Bart De Schuymer | 2011-06-23 | 1 | -7/+0 |
| | | | | Coverity static analysis (thanks to Jiri Popelka) | ||||
* | free possible memory leak found by Coverity static analysis (Jiri Popelka) | Bart De Schuymer | 2011-06-23 | 1 | -0/+2 |
| | |||||
* | fix use-after-free issue found by Coverity static analysis (thanks to Jiri ↵ | Bart De Schuymer | 2011-06-23 | 1 | -2/+2 |
| | | | | Popelka) | ||||
* | fix possible issues found by Coverity static analysis (thanks to Jiri Popelka) | Bart De Schuymer | 2011-06-23 | 1 | -3/+7 |
| | |||||
* | Make the error message printed when an update of a table is rejected by the ↵ | Bart De Schuymer | 2011-06-19 | 1 | -3/+7 |
| | | | | kernel | ||||
* | export use_lockfd | Bart De Schuymer | 2011-06-19 | 1 | -0/+2 |
| | |||||
* | add logic to support the --concurrent option: use a file lock to support ↵ | Bart De Schuymer | 2011-06-19 | 1 | -0/+67 |
| | | | | concurrent scripts running ebtables | ||||
* | add logic to support the --concurrent option: use a file lock to support ↵ | Bart De Schuymer | 2011-06-19 | 1 | -0/+14 |
| | | | | concurrent scripts running ebtables | ||||
* | add option --concurrent | Bart De Schuymer | 2011-06-19 | 1 | -0/+3 |
| | |||||
* | rename the libebtc target to libebtc.so and remove the .PHONY for libebtc ↵ | Bart De Schuymer | 2011-06-19 | 1 | -5/+4 |
| | | | | (thanks to Bertrand Jacquin) | ||||
* | only test on errno when an error occurred (especially on mips); fix some ↵ | Bart De Schuymer | 2011-05-29 | 1 | -5/+5 |
| | | | | warnings | ||||
* | extend ebt_ip6 to allow matching on ipv6-icmp types/codes (by Florian Westphal) | Bart De Schuymer | 2011-01-18 | 3 | -2/+240 |
| | |||||
* | put include of ebtables_u.h higher so that __EXPORTED_HEADERS__ is defined | Bart De Schuymer | 2010-12-18 | 3 | -3/+3 |
| | |||||
* | define __EXPORTED_HEADERS__ so we don't get warnings about: Attempt to use ↵ | Bart De Schuymer | 2010-12-18 | 1 | -0/+1 |
| | | | | kernel headers from user space | ||||
* | remove reference to old mailing lists and refer to the relevant web pages ↵ | Bart De Schuymer | 2010-12-18 | 1 | -3/+3 |
| | | | | instead | ||||
* | *** empty log message *** | Bart De Schuymer | 2010-04-22 | 1 | -0/+2 |
| | |||||
* | fix --among-dst-file, which translated into --among-src (reported by Thierry ↵ | Bart De Schuymer | 2010-04-22 | 1 | -1/+1 |
| | | | | Watelet) | ||||
* | fix syntax error with DESTDIR | Bart De Schuymer | 2010-03-18 | 1 | -2/+2 |
| |