| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
| |
This is a barn find from Fedora package, actually spooking around in
various places in the internet. No idea who wrote it, but it seems to be
used. So add it for the time being.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
| |
Sources contained in there are built from toplevel Makefile.am. This
seems like a leftover from commit 131920089dc21 ("build: move to
automake").
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
| |
Boolean AND was applied instead of binary one, causing the exclamation
mark to be printed whenever info->bitmask was non-zero. In practice,
this leads to incorrect output if e.g. --among-src was given with an
inverted match as well as --among-dst with a non-inverted one. Output
would then list both matches as inverted.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Florian Westphal <fw@strlen.de>
|
|
|
|
|
|
|
|
|
|
|
| |
The ebtables initialization is easier, and, judging from the "static"
recipe in Makefile, that calling ebt_*_register ahead of main is
safe.
This means that a static build won't need the pseudomain hack,
and that -nostartfiles can also go away.
Signed-off-by: Florian Westphal <fw@strlen.de>
|
|
|
|
|
|
|
|
|
|
|
| |
56993546c805 ("extensions: fix build failure on fc28") eliminated a gcc
warning that strncpy could make a string w/out a NUL terminator.
snprintf guarantees NUL-termination (so fixes that possibility). But,
snprintf may discard data to make room for the NUL. This patch errors
straight away in that eventuality.
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
| |
make fails via:
extensions/ebt_string.c: In function ‘parse’:
extensions/ebt_string.c:171:3: error: ‘strncpy’ specified bound 16 equals destination size [-Werror=stringop-truncation]
strncpy(info->algo, optarg, XT_STRING_MAX_ALGO_NAME_SIZE);
Signed-off-by: Florian Westphal <fw@strlen.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since commit b1cdae87f25021eb835872d86d6e7206bd421c3f, make fails thusly:
> libebtc.c: In function 'ebt_reinit_extensions':
> libebtc.c:275:11: error: 'union <anonymous>' has no member named 'revision'
> m->m->u.revision = m->revision;
> ^
> libebtc.c: In function 'ebt_check_rule_exists':
> libebtc.c:555:21: error: 'union <anonymous>' has no member named 'revision'
> m_l2->m->u.revision != m->m->u.revision)) {
> ^
> libebtc.c:555:41: error: 'union <anonymous>' has no member named 'revision'
> m_l2->m->u.revision != m->m->u.revision)) {
> ^
> libebtc.c: In function 'ebt_register_match':
> libebtc.c:1215:9: error: 'union <anonymous>' has no member named 'revision'
> m->m->u.revision = m->revision;
> ^
The cause of this failure is that the commit updated include/ebtables.h but
libebtc.c uses include/linux/netfilter_bridge/ebtables.h via
include/ebtables_u.h (gcc -E -C verifies this).
The 2 versions of ebtables.h looked to me to be otherwise close enough, so
amended ebtables_u.h to use the newer one.
Makefile insists on being warning-free, so cleared up warnings. Apart from
unused variables, there was also the issue that the diagnostic macro
ebt_print_error2 *returns* (i.e. makes its caller return) and returns -1. This
is unsuitable for use in functions which do not return a value, so introduced
ebt_print_error3 to do this.
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Florian Westphal <fw@strlen.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch is part of a proposal to add a string filter to
ebtables, which would be similar to the string filter in
iptables.
Like iptables, the ebtables filter uses the xt_string module,
however some modifications have been made for this to work
correctly.
Currently ebtables assumes that the revision number of all match
modules is 0. The xt_string module doesn't register a match with
revision 0 so the solution is to modify ebtables to allow
extensions to specify a revision number, similar to iptables.
This gets passed down to the kernel, which is then able to find
the match module correctly.
Signed-off-by: Bernie Harris <bernie.harris@alliedtelesis.co.nz>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
We already have ICMPv6 type/code matches (which can be used to distinguish
different types of MLD packets). Add support for IPv4 IGMP matches in the
same way.
To reuse as much code as possible, the ICMP type/code handling functions
are extended to allow passing a NULL code range.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
| |
We already have ICMPv6 type/code matches. This adds support for IPv4 ICMP
matches in the same way.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
| |
Allow using these functions for ebt_ip as well.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
| |
The struct of the type option is only used to initialise a field
inside the ebt_u_watcher or ebt_u_target or ebt_u_match struct and
is not modified anywhere.
Signed-off-by: Gargi Sharma <gs051095@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
| |
Signed-off-by: Felix Janda <felix.janda@posteo.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
| |
<mmazur at axeos.com>)
|
|
|
|
| |
potentially not matched correctly
|
| |
|
|
|
|
| |
Volkov)
|
|
|
|
| |
Coverity static analysis (thanks to Jiri Popelka)
|
| |
|
| |
|
| |
|
|
|
|
| |
Watelet)
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|