summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Introduces xtables match/target registration/C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org2007-07-2411-875/+728
| | | | | | | | | | | | | | | | | | | | | | | - moves lib_dir to xtables.c - introduces struct pfinfo which has protocol family dependent infomations. - unifies load_ip[6]tables_ko() and moves them as load_xtables_ko() - introduces xt_{match,match_rule,target,tryload} and replaces ip[6]t_* with them - unifies following functions and move them to xtables.c - find_{match,find_target} - compatible_revision, compatible_{match,target}_revision - introduces xtables_register_{match,target} and make register_{match,target}[6] call them. xtables_register_* register ONLY matches/targets matched protocol family Some concepts: - source compatibility for libip[6]t_xxx.c with warning on compilation not binary compatibility. - binary compatibility between 2.4/2.6 kernel and iptables/ip6tables, of cause. - xtables is enough to support only one address family at runtime. Then xtables keeps infomations of only the focused address famiy in struct afinfo.
* Moves ip[6]tables_insmod() to xtables.c as xtables_insmod()/C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org2007-07-248-167/+94
|
* Moves common fw_malloc() and fw_calloc() to xtables.c/C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org2007-07-244-48/+35
|
* Adds xtables.[ch] and change Makefile to compile it/C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org2007-07-243-7/+30
|
* [PATCH] iptables-xml/C=EU/ST=EU/CN=Patrick McHardy/emailAddress=kaber@trash.net2007-07-173-3/+117
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Attached are: 1. A man page for iptables-xml 2. A fix for iptables.xslt allowing for an arbitrary depth of arguments or modifiers. Although iptables-xml cannot generate more than two levels deep, xml generated by other systems may prefer to generate <action> <restore-mark> <mask>0xff00</mask> </restore-mark> </action> than <action> <restore-mark/> <mask>0xff00</mask> </action> (which is what iptables-xml generates) even though the same iptables is re-generated on conversion. 3. A fix for iptables-xml.c so that combining of consecutive targets of rules with the same match into one XML rule, will not combine over a terminating action; i.e. there is no point in converting -A table -p tcp -j DROP -A table -p tcp -j MARK --set-mark 25 -A table -p tcp -j RETURN into one XML rule with multiple actions as they are probably not logically combined in the mind of the author. Signed-off by: Sam Liddicott <azez@ufomechanic.net>
* Ignore generated files/C=EU/ST=EU/CN=Patrick McHardy/emailAddress=kaber@trash.net2007-07-160-0/+0
|
* Adds missing explanations about FIN in mask part of '--syn' in libip[6]_tcp.c/C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org2007-07-163-3/+3
| | | | and libip6t_tcp.man.
* Adds missing FIN to mask part generated by '--syn' of libip6t_tcp/C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org2007-07-162-2/+2
|
* [PATCH] Change default KERNEL_DIR location and add KBUILD_OUTPUT (Sven ↵/C=EU/ST=EU/CN=Patrick McHardy/emailAddress=kaber@trash.net2007-07-151-2/+8
| | | | Wegener <sven.wegener@stealer.net>)
* Fixes compile error of connlimit where NO_SHARED_LIBS=1 is specified/C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org2007-07-132-2/+2
|
* PATCH: Add connlimit to iptables./C=EU/ST=EU/CN=Patrick McHardy/emailAddress=kaber@trash.net2007-07-096-2/+352
| | | | Signed-off-by: Jan Engelhardt <jengelh@gmx.de>
* [PATCH]: libipt_statistic: add a few missing validity checks/C=EU/ST=EU/CN=Patrick McHardy/emailAddress=kaber@trash.net2007-07-031-0/+9
| | | | Signed-off-by: Nicolas Bouliane
* Removes KERNEL_64_USERSPACE_32/C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org2007-06-306-124/+0
| | | | | | | The recent kernel has compat layer for iptables. It doesn't have compat layer for libipq and ip6tables, but ip6tables with KERNEL_64_USERSPACE_32 is still broken. We should fix kernel instead of fixing them if and when we want use their 32bit binary with 64bit kernel.
* Removes some KERNEL_64_USERSPACE_32 because linux 2.6 has compat layer/C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org2007-06-2816-167/+3
|
* Fix "iptables getsockopt failed strangely" when querying revisions for ↵/C=EU/ST=EU/CN=Patrick McHardy/emailAddress=kaber@trash.net2007-06-262-2/+2
| | | | | | non-existant matches and targets Reported by Joseph Jezak <josejx@gentoo.org>.
* Add Jozsef's TRACE target./C=EU/ST=EU/CN=Patrick McHardy/emailAddress=kaber@trash.net2007-06-255-2/+148
| | | | | Changed to be built unconditionally by myself since it doesn't need any headerfiles anyways.
* bump versionsvn_t_iptables_1_3_8/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-06-251-2/+2
|
* Fixes build error of conntrack match because of missing ip_conntrack_tuple.h/C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org2007-06-241-1/+0
| | | | | in linux 2.6.22. It is not needed because nf_conntrack headers can be used instead.
* A white space fix in ip6tables.c/C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org2007-06-121-1/+1
|
* '-p all' and '-p 0' should be allowed. And actually ip6tables in kernel/C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org2007-06-111-7/+6
| | | | | allows '! -p xxx' where xxx is extension header. It matches all valid IPv6 packets.
* [PATCH] libipt_hashlimit doc update/C=EU/ST=EU/CN=Patrick McHardy/emailAddress=kaber@trash.net2007-06-031-2/+2
| | | | | | Add srcip,srcport to hashlimit manpage. Signed-off-by: Jan Engelhardt <jengelh@gmx.de>
* Add --random option to DNAT and REDIRECT targets and fix the manpage mess ↵/C=EU/ST=EU/CN=Patrick McHardy/emailAddress=kaber@trash.net2007-05-297-27/+76
| | | | this option left behind.
* Use posix conform directory existance check (Roy Marples <uberlord@gentoo.org>)/C=EU/ST=EU/CN=Patrick McHardy/emailAddress=kaber@trash.net2007-05-101-1/+1
| | | | | | Makefile uses [ -a /dir ] which is invalid on non bash shells Bugzilla #569
* Fix missing newlines in iptables-save/restore output (Pavol Rusnak ↵/C=EU/ST=EU/CN=Patrick McHardy/emailAddress=kaber@trash.net2007-05-104-6/+6
| | | | | | <prusnak@suse.cz>) Bugzilla #568
* [PATCH] update quota manpage for SMP (Phil Oester)/C=EU/ST=EU/CN=Patrick McHardy/emailAddress=kaber@trash.net2007-05-021-1/+0
| | | | | The quota match works fine on SMP, so update the manpage to reflect this. Closes bugzilla #564.
* In fixing bug #446 [1], the output for unspecified proto was changed from ↵/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-04-302-0/+2
| | | | "all" to "0". This reverts to the original behaviour, and closes bugzilla #543. (Phil Oester)
* Fix iptables-save with --random option/C=EU/ST=EU/CN=Patrick McHardy/emailAddress=kaber@trash.net2007-04-183-3/+14
|
* Remove unnecessary IP_NAT_RANGE_PROTO_RANDOM ifdefs./C=EU/ST=EU/CN=Patrick McHardy/emailAddress=kaber@trash.net2007-04-183-45/+7
|
* Remove libnsl from LDLIBS/C=EU/ST=EU/CN=Patrick McHardy/emailAddress=kaber@trash.net2007-04-181-1/+1
| | | | Bugzilla 557
* fix problem with iptables-restore and quotes (close bugzilla id 505)/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-04-181-15/+32
|
* Use nf_conntrack headers instead of ip_conntrack ones and add sanitized ↵/C=EU/ST=EU/CN=Patrick McHardy/emailAddress=kaber@trash.net2007-04-1816-12/+308
| | | | versions.
* Remove unnecessary ip_conntrack/ip_nat includes/C=EU/ST=EU/CN=Patrick McHardy/emailAddress=kaber@trash.net2007-04-182-2/+0
|
* revert some slipped through patches/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-04-162-33/+16
|
* prepare conntrack and conntrackd merge: rename conntrack to conntrack-tools/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-04-162-16/+33
|
* Fix iptables --modprobe parameter (Maurice van der Pot <griffon26@kfk4ever.com>)/C=EU/ST=EU/CN=Patrick McHardy/emailAddress=kaber@trash.net2007-04-161-1/+1
| | | | | | Supply modprobe parameter to iptables_insmod function. Bugzilla #556
* ip6tables-restore should output error of modprobe if failed to load/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=yasuyuki/emailAddress=yasuyuki@netfilter.org2007-03-201-1/+1
| | | | ip6tables.ko after failed to initialize handle.
* Fixes typos in the argument of ip[6]tables_insmod: quit -> quiet/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=yasuyuki/emailAddress=yasuyuki@netfilter.org2007-03-204-12/+14
|
* Supress error message from modprobe on checking revision./C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=yasuyuki/emailAddress=yasuyuki@netfilter.org2007-03-136-22/+34
|
* Fix cut and paste error breaking use of groups != 0/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2007-03-062-12/+12
|
* iptables: add random option to SNAT (Eric Leblond)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2007-02-246-9/+117
|
* Reverted r6754. libipt_icmp has the option 'any', so it's unnecessary/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=yasuyuki/emailAddress=yasuyuki@netfilter.org2007-02-191-4/+1
| | | | to check no option of ICMP type.
* Update coreteam members in manpages/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=yasuyuki/emailAddress=yasuyuki@netfilter.org2007-02-152-2/+4
|
* Fix missing space in error message (Bugzilla 544)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2007-02-142-2/+2
|
* Remove and readd with executable bit set. SVN doesn't seem to have a proper ↵/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2007-02-131-0/+0
| | | | way of doing this.
* Fixes man page for tcp, udp, icmp{,6}. They are not loaded when only '-p' is/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=yasuyuki/emailAddress=yasuyuki@netfilter.org2007-02-136-6/+6
| | | | specified, but loaded when extra options are specified, too.
* Forgot to add TCPMSS target to PF6_EXT_SLIB/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2007-02-131-1/+1
|
* Error if no ICMP type is specified even though user intended/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=yasuyuki/emailAddress=yasuyuki@netfilter.org2007-02-131-0/+3
| | | | to use icmp match.
* Add ip6tables mh extension (Masahide NAKAMURA <nakam@linux-ipv6.org>)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=yasuyuki/emailAddress=yasuyuki@netfilter.org2007-02-094-0/+271
| | | | Kernel part will go in 2.6.21
* Update coreteam members in manpages./C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2007-01-282-4/+4
|
* Bugzilla #535/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2007-01-261-1/+1
| | | | | In the tcpmss section of the iptables manpage, there is an extraneous trailing quote for the --mss option.