summaryrefslogtreecommitdiffstats
path: root/ip6tables.c
Commit message (Collapse)AuthorAgeFilesLines
* [PATCH]: fix ip6tables dest address printingJamie Strandboge2008-05-161-2/+2
| | | | | | | | | | | | | | | | | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=464244 ip6tables improperly displays the destination address when the address is longer than 18 characters. Here is example output: ... DROP tcp 2001:db8::/32 2001:db8:3:4:5:6:7:8/128tcp spt:25 ... Proper formatting should have a space between '2001:db8:3:4:5:6:7:8/128' and 'tcp'. Signed-off-by: Jamie Strandboge <jamie@ubuntu.com> Signed-off-by: Lawrence J. Lane <ljlane@debian.org> Signed-off-by: Patrick McHardy <kaber@trash.net>
* [patch] Make --set-counters (-c) accept comma separated counters/C=EU/ST=EU/CN=Patrick McHardy/emailAddress=kaber@trash.net2008-05-131-5/+7
| | | | | | | | | | | | Here is the --set-counters syntax patch requested earlier today making --set-counters (-c) accept comma separated counts. -c packets,bytes I have not updated the manpage to reflect this alternate syntax for the --set-counters (-c) option. Henrik Nordstrom <henrik@henriknordstrom.net>
* [patch 4/4] iptables --list chain rulenum/C=EU/ST=EU/CN=Patrick McHardy/emailAddress=kaber@trash.net2008-05-131-15/+31
| | | | | | | | | | | | Excent --list (and --list-rules) to allow selection of a single rule number iptables --list INPUT 4 iptables --list-rules INPUT 4 list rule number 4 in INPUT. Henrik Nordstrom <henrik@henriknordstrom.net>
* [patch 3/4] iptables --list-rules command/C=EU/ST=EU/CN=Patrick McHardy/emailAddress=kaber@trash.net2008-05-131-16/+264
| | | | | | | | | | | | | | | | | | Adds iptables --list-rules (-S) command, acting as a combination of iptables --list and iptables-save. The primary motivation behind this patch is to get iptables-save like output capabilities in iptables-restore, allowing "iptables-restore -n" to be used as a consistent API to iptables for all kind of operations, not only blind updates.. As a bonus iptables also gets the capability of printing the rules as-is. This completely replaces the earlier patch which added the --rules option. Henrik Nordstrom <henrik@henriknordstrom.net>
* [patch 2/4] Add support for --set-counters to iptables -P/C=EU/ST=EU/CN=Patrick McHardy/emailAddress=kaber@trash.net2008-05-121-2/+2
| | | | | | | | Adds support for setting the policy counters iptables -P INPUT -J DROP -c 10 20 Henrik Nordstrom <henrik@henriknordstrom.net>
* Properly initialize revision for ip6tables targets/C=EU/ST=EU/CN=Patrick McHardy/emailAddress=kaber@trash.net2008-04-151-1/+8
| | | | Also resync error handling with iptables.
* [PATCH 08/10] Remove old functions, constants/C=EU/ST=EU/CN=Patrick McHardy/emailAddress=kaber@trash.net2008-04-151-19/+7
|
* [PATCH 4/8] iptables: use C99 lists for struct options/C=EU/ST=EU/CN=Patrick McHardy/emailAddress=kaber@trash.net2008-04-141-30/+30
|
* [PATCH 10/13] manpages: grammar and spelling/C=EU/ST=EU/CN=Patrick McHardy/emailAddress=kaber@trash.net2008-04-131-1/+1
|
* [PATCH 02/13] Fix all remaining warnings (missing declarations, missing ↵/C=EU/ST=EU/CN=Patrick McHardy/emailAddress=kaber@trash.net2008-04-131-4/+2
| | | | prototypes)
* [PATCH 05/24] Fix -Wshadow warnings and clean up xt_sctp.h/C=EU/ST=EU/CN=Patrick McHardy/emailAddress=kaber@trash.net2008-04-061-6/+6
| | | | | Note: xt_sctp.h is still not merged upstream in the kernel as of this commit. But a refactoring was really needed.
* [PATCH]: fix gcc warnings/C=EU/ST=EU/CN=Patrick McHardy/emailAddress=kaber@trash.net2008-01-291-4/+5
| | | | Max Kellermann <max@duempel.org>
* [PATCH]: whitespace cleanup/C=EU/ST=EU/CN=Patrick McHardy/emailAddress=kaber@trash.net2008-01-291-15/+15
| | | | Max Kellermann <max@duempel.org>
* [PATCH]: rename overlapping function names/C=EU/ST=EU/CN=Patrick McHardy/emailAddress=kaber@trash.net2008-01-201-155/+4
| | | | | | Rename overlapping function names. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
* [PATCH]: bunch o' renames/C=EU/ST=EU/CN=Patrick McHardy/emailAddress=kaber@trash.net2008-01-201-81/+10
| | | | | | | | Move a few functions from iptables.c/ip6tables.c to xtables.c so they are available for combined (both AF_INET and AF_INET6) libxt modules. Rename overlapping function names. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
* [PATCH iptables] print warnings to stderr/C=EU/ST=EU/CN=Patrick McHardy/emailAddress=kaber@trash.net2007-10-171-6/+8
| | | | | | | | iptables prints some of its error messages and warnings to stdout. This patch applies to svn r7075 and will make iptables print diagnostic messages to stderr instead. Signed-off-by: Max Kellermann <max@duempel.org>
* Fix sscanf type errors/C=EU/ST=EU/CN=Patrick McHardy/emailAddress=kaber@trash.net2007-10-171-6/+6
|
* [PATCH 03/14] Delete empty ->final_check() functions/C=EU/ST=EU/CN=Patrick McHardy/emailAddress=kaber@trash.net2007-10-041-2/+3
| | | | | | | Deletes empty ->final_check() functions, and makes ip[6]tables checks for NULL on these. Signed-off-by: Jan Engelhardt <jengelh@gmx.de>
* Fix more sparse warnings: non-C99 array declaration, incorrect function ↵/C=EU/ST=EU/CN=Patrick McHardy/emailAddress=kaber@trash.net2007-09-081-22/+22
| | | | prototypes
* Fix strict aliasing warnings/C=EU/ST=EU/CN=Patrick McHardy/emailAddress=kaber@trash.net2007-09-051-2/+5
|
* [PATCH]: Remove last vestiges of NFC (Peter Riley <Peter.Riley@hotpop.com>)/C=EU/ST=EU/CN=Patrick McHardy/emailAddress=kaber@trash.net2007-09-021-5/+4
|
* Make @msg argument a const char *, just like printf()./C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org2007-08-011-1/+1
| | | | Signed-off-by: Jan Engelhardt <jengelh@gmx.de>
* Makes it possible to omit extra_opts of matches/targets if unnecessary./C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org2007-07-301-0/+3
| | | | | | (Jan Engelhardt <jengelh@gmx.de>) A nice side effect is that merge_option() doesn't copy options in that case.
* Moves some duplicated functions in ip[6]tables.c to xtables.c/C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org2007-07-241-106/+0
| | | | | string_to_number_ll, string_to_number_l, string_to_number, service_to_port, parse_port, parse_interface, are moved.
* Introduces xtables match/target registration/C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org2007-07-241-287/+21
| | | | | | | | | | | | | | | | | | | | | | | - moves lib_dir to xtables.c - introduces struct pfinfo which has protocol family dependent infomations. - unifies load_ip[6]tables_ko() and moves them as load_xtables_ko() - introduces xt_{match,match_rule,target,tryload} and replaces ip[6]t_* with them - unifies following functions and move them to xtables.c - find_{match,find_target} - compatible_revision, compatible_{match,target}_revision - introduces xtables_register_{match,target} and make register_{match,target}[6] call them. xtables_register_* register ONLY matches/targets matched protocol family Some concepts: - source compatibility for libip[6]t_xxx.c with warning on compilation not binary compatibility. - binary compatibility between 2.4/2.6 kernel and iptables/ip6tables, of cause. - xtables is enough to support only one address family at runtime. Then xtables keeps infomations of only the focused address famiy in struct afinfo.
* Moves ip[6]tables_insmod() to xtables.c as xtables_insmod()/C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org2007-07-241-80/+1
|
* Moves common fw_malloc() and fw_calloc() to xtables.c/C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org2007-07-241-24/+1
|
* Fix "iptables getsockopt failed strangely" when querying revisions for ↵/C=EU/ST=EU/CN=Patrick McHardy/emailAddress=kaber@trash.net2007-06-261-1/+1
| | | | | | non-existant matches and targets Reported by Joseph Jezak <josejx@gentoo.org>.
* A white space fix in ip6tables.c/C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org2007-06-121-1/+1
|
* '-p all' and '-p 0' should be allowed. And actually ip6tables in kernel/C=JP/ST=JP/CN=Yasuyuki Kozakai/emailAddress=yasuyuki@netfilter.org2007-06-111-7/+6
| | | | | allows '! -p xxx' where xxx is extension header. It matches all valid IPv6 packets.
* In fixing bug #446 [1], the output for unspecified proto was changed from ↵/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2007-04-301-0/+1
| | | | "all" to "0". This reverts to the original behaviour, and closes bugzilla #543. (Phil Oester)
* Fixes typos in the argument of ip[6]tables_insmod: quit -> quiet/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=yasuyuki/emailAddress=yasuyuki@netfilter.org2007-03-201-4/+4
|
* Supress error message from modprobe on checking revision./C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=yasuyuki/emailAddress=yasuyuki@netfilter.org2007-03-131-8/+14
|
* Add ip6tables mh extension (Masahide NAKAMURA <nakam@linux-ipv6.org>)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=yasuyuki/emailAddress=yasuyuki@netfilter.org2007-02-091-0/+5
| | | | Kernel part will go in 2.6.21
* Add UDPLITE multiport support/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2007-01-111-0/+1
|
* [PATCH] Fix -E (rename) in iptables/ip6tables/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2006-11-141-1/+0
| | | | | | | | | | Remove ununsed CHECK entry in commands_v_options. It makes -E (rename) working again - generic_opt_check expects options for RENAME not for CHECK at that table index. Signed-off-by: Krzysztof Piotr Oledzki <ole@ans.pl> Signed-off-by: Patrick McHardy <kaber@trash.net>
* load ip_[6]tables.ko just before checking revision support in kernel./C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=yasuyuki/emailAddress=yasuyuki@netfilter.org2006-11-131-2/+19
|
* - Add revision support to ip6tables./C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=yasuyuki/emailAddress=yasuyuki@netfilter.org2006-10-201-3/+79
| | | | | - Add support port range match to libip6t_multiport (R?mi Denis-Courmont <rdenis@simphalempin.com>)
* Use negative-list for "weird character in interface" warning instead of ↵/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2006-09-201-4/+4
| | | | warning for basically every non-alphanumeric character.
* [PATCH] reduce parse_*_port duplication (Phil Oester <kernel@linuxace.com>)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2006-07-201-0/+13
| | | | | The below patch (dependent upon my 'reduce service_to_port duplication' patch) centralizes the parse_*_port functions into parse_port.
* [PATCH] reduce service_to_port duplication (Phil Oester <kernel@linuxace.com>)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2006-07-201-0/+11
| | | | | The service_to_port function is used in a number of places, and could benefit from some centralization instead of being duplicated everywhere.
* In ip[6]tables.c, NUMBER_OF_OPT was increased to 12 for the OPT_COUNTERS/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2006-04-211-15/+16
| | | | | | option. However, the new array element is not initialized in either commands_v_options[NUMBER_OF_CMD][NUMBER_OF_OPT] or inverse_for_options[NUMBER_OF_OPT]. (Closes: #462)
* cmdflags is used in cmd2char() to return the option for a command. It uses the/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2006-04-211-2/+1
| | | | | | bit position of the command mask as an index in the array. There's no entry for CMD_CHECK (0x0800U), so lookups for CMD_RENAME_CHAIN (0x1000U) index outside the array. (Closes: #463)
* [IP6TABLES] kill manual comparing protocol name with "ipv6-icmp"./C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=yasuyuki/emailAddress=yasuyuki@netfilter.org2006-04-151-3/+1
|
* [PATCH] don't allow to specify protocol of IPv6 extension header (Yasuyuki ↵/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2006-03-291-0/+16
| | | | | | | | | Kozakai) Sometimes I hear that people do 'ip6tables -p ah ...' which never matches any packet. IPv6 extension headers except of ESP are skipped and invalid as argument of '-p'. Then I propose that ip6tables exits with error in such case.
* Multiple matches of the same type can be specified on the commandline./C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kadlec/emailAddress=kadlec@netfilter.org2006-03-031-25/+44
| | | | | | | | | | If two or more matches of the same type are detected then the options are assumed to be grouped in order to tell which option belongs to which match: ... -m foo ... <options0> ... -m foo ... <options1> ... Otherwise the commandline parsing is unmodified.
* Make '-p all' a special case that is handled before calling getprotoent() ↵/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2006-02-111-1/+7
| | | | (Closes: #446)
* fix double-free if a single match is used multiple times within a signle rule/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2006-02-111-1/+3
| | | | | | (Closes: #440). However, while this fixes the double-free, it still doesn't make iptables support two of the same matches within one rule. Apparently the last matchinfo is copied into all the previous matchinfo instances.
* Fix probing for supported revisions (Jones Desougi <jones@ingate.com>)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2005-12-221-4/+4
| | | | Bugzilla #413
* The call to free_opts() in merge_options() is invalid C. The oldopts/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-07-291-3/+1
| | | | | | | | | argument always refers to the memory pointed to by the opts global, which may be freed by the call to free_opts(), but oldopts is used after the free_opts() call. This patch makes sure we don't use freed memory. (Marcus Sundberg <marcus@ingate.com>) ip6tables merge by myself.