summaryrefslogtreecommitdiffstats
path: root/ip6tables.c
Commit message (Collapse)AuthorAgeFilesLines
* Use negative-list for "weird character in interface" warning instead of ↵/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2006-09-201-4/+4
| | | | warning for basically every non-alphanumeric character.
* [PATCH] reduce parse_*_port duplication (Phil Oester <kernel@linuxace.com>)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2006-07-201-0/+13
| | | | | The below patch (dependent upon my 'reduce service_to_port duplication' patch) centralizes the parse_*_port functions into parse_port.
* [PATCH] reduce service_to_port duplication (Phil Oester <kernel@linuxace.com>)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2006-07-201-0/+11
| | | | | The service_to_port function is used in a number of places, and could benefit from some centralization instead of being duplicated everywhere.
* In ip[6]tables.c, NUMBER_OF_OPT was increased to 12 for the OPT_COUNTERS/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2006-04-211-15/+16
| | | | | | option. However, the new array element is not initialized in either commands_v_options[NUMBER_OF_CMD][NUMBER_OF_OPT] or inverse_for_options[NUMBER_OF_OPT]. (Closes: #462)
* cmdflags is used in cmd2char() to return the option for a command. It uses the/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2006-04-211-2/+1
| | | | | | bit position of the command mask as an index in the array. There's no entry for CMD_CHECK (0x0800U), so lookups for CMD_RENAME_CHAIN (0x1000U) index outside the array. (Closes: #463)
* [IP6TABLES] kill manual comparing protocol name with "ipv6-icmp"./C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=yasuyuki/emailAddress=yasuyuki@netfilter.org2006-04-151-3/+1
|
* [PATCH] don't allow to specify protocol of IPv6 extension header (Yasuyuki ↵/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2006-03-291-0/+16
| | | | | | | | | Kozakai) Sometimes I hear that people do 'ip6tables -p ah ...' which never matches any packet. IPv6 extension headers except of ESP are skipped and invalid as argument of '-p'. Then I propose that ip6tables exits with error in such case.
* Multiple matches of the same type can be specified on the commandline./C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kadlec/emailAddress=kadlec@netfilter.org2006-03-031-25/+44
| | | | | | | | | | If two or more matches of the same type are detected then the options are assumed to be grouped in order to tell which option belongs to which match: ... -m foo ... <options0> ... -m foo ... <options1> ... Otherwise the commandline parsing is unmodified.
* Make '-p all' a special case that is handled before calling getprotoent() ↵/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2006-02-111-1/+7
| | | | (Closes: #446)
* fix double-free if a single match is used multiple times within a signle rule/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2006-02-111-1/+3
| | | | | | (Closes: #440). However, while this fixes the double-free, it still doesn't make iptables support two of the same matches within one rule. Apparently the last matchinfo is copied into all the previous matchinfo instances.
* Fix probing for supported revisions (Jones Desougi <jones@ingate.com>)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2005-12-221-4/+4
| | | | Bugzilla #413
* The call to free_opts() in merge_options() is invalid C. The oldopts/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-07-291-3/+1
| | | | | | | | | argument always refers to the memory pointed to by the opts global, which may be freed by the call to free_opts(), but oldopts is used after the free_opts() call. This patch makes sure we don't use freed memory. (Marcus Sundberg <marcus@ingate.com>) ip6tables merge by myself.
* get rid of numerous gcc-4 warnings/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-07-191-1/+2
|
* reduce code replication of parse_interface() (Yasuyuki Kozakai)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-06-221-2/+1
|
* Chain name should not start with '!' (Yasuyuki Kozakai ↵/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2005-06-131-2/+2
| | | | <yasuyuki.kozakai@toshiba.co.jp>)
* Release previously merged options from merge_opts(), reduces memory-usage of ↵/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-05-291-5/+17
| | | | iptables-restore dramatically (Pablo Neira)
* re-sync ip6tables with iptables (check for init functions) (Jonas Berlin)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-04-011-8/+12
|
* the optflags array contains a '3' for the OPT_LINENUMBERS entry while ↵/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-04-011-1/+1
| | | | everywhere else '0' is used (Jonas Berlin)
* Kill NFC_* stuff in iptables (Pablo Neira <pablo@eurodev.net>)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2005-02-141-5/+0
| | | | Fixes build with conntrack event patch for 2.6
* Fix setting lib_dir in ip*tables-{save,restore}/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=gandalf/emailAddress=gandalf@netfilter.org2004-12-271-10/+1
|
* Don't need ipt_entry_target()/ip6t_entry_target() now kernel uses static ↵/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=rusty/emailAddress=rusty@netfilter.org2004-12-221-15/+8
| | | | | | inline instead of extern inline (otherwise it doesn't compile without -O). Don't re-initialize libiptc/libip6t unless modprobe attempt actually succeeds. This makes nfsim run about 20 times faster, as it doesn't have to explore failures in the first iptc_init().
* Implement IPTABLES_LIB_DIR and IP6TABLES_LIB_DIR environment variables, and ↵/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=rusty/emailAddress=rusty@netfilter.org2004-12-201-5/+11
| | | | set them in testsuite if we're running iptables within tree.
* Fix module-autoloading in certain cases (Fixse Debian Bug 219686)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2004-10-221-3/+5
|
* slightly different semantics of iptc_builtinlaforge2004-08-301-1/+1
|
* Get rid of some warnings when compiling 64bit.gandalf2004-05-261-13/+13
|
* Add versions of string_to_number() for use in 32bit userspace with 64bit kernel.gandalf2004-05-261-5/+30
|
* When compiled static, don't show help-messages for all matches and targets,gandalf2004-05-261-11/+13
| | | | only show help for specified ones.
* Get rid of some memoryleaks.gandalf2004-05-181-3/+25
| | | | Will make ip(6)tables-restore sessions use less memory.
* fix case where somebody uses '-i +' as interface name (Ozgur AKAN)laforge2004-04-071-1/+1
|
* Bloody copy-n-edit. Make sure to use matches in the order they are given...gandalf2004-02-021-62/+67
|
* Fix even more possibly not zero-terminated strings after copy (Karsten Desler)gandalf2004-01-311-0/+1
|
* Fix printing of odd ip6tables netmasks (Closes: #103)laforge2003-06-241-3/+6
|
* Fix the previous fixgandalf2003-05-051-7/+1
| | | | No more segfaults or compilewarnings.
* fix memory leak(s) in libiptc. Reverts the previous (wrong) patch. (Martin ↵laforge2003-05-021-1/+7
| | | | Josefsson)
* port 'line number on error in iptables-restore' from ipv4laforge2003-03-051-0/+8
|
* rename-chain has a mandatary argument, not an optional (Juergen Baumann)laforge2002-11-021-1/+1
|
* bring ip6tables up-to-date with recent iptables change (proto match ext)laforge2002-08-261-0/+55
|
* minor fixes by kisza:laforge2002-08-141-94/+6
| | | | | | | | - remove -C(check) function from ip6tables - -M added to the getopts()'s list (missed) - small change in the iptables help - remove some unused code - some GPL notice added
* copyright / GPL noticelaforge2002-08-071-0/+7
|
* chain name may not clash with target namekadlec2002-06-241-3/+8
|
* make find_target() and find_match() honor LOAD_MUST_SUCCEED when NO_SHARED_LIBSmarc2002-03-241-0/+8
| | | | is defined.
* Fix 'iptables -p !' bug (segfault when `!' used without argument)laforge2002-03-141-12/+13
|
* sync ip6tables.c / ip6tables.8 with ipv4laforge2002-03-031-238/+265
|
* IPv6 ICMP naming problem fixlaforge2001-10-041-8/+26
|
* - added patch to support statically linking of iptableslaforge2001-08-061-0/+18
| | | | - iptables-save/-restore is no longer experimental
* string_to_number fixlaforge2001-07-231-15/+17
|
* small addition by kisza.laforge2001-06-271-0/+1
|
* Added support for iptables-restore module-load-on-demand (a. van schie)laforge2001-06-161-1/+1
|
* name resolver patch (by kisza)laforge2001-06-161-47/+81
|
* ip6tables bug fixedlaforge2001-05-281-1/+1
|