summaryrefslogtreecommitdiffstats
path: root/iptables.c
Commit message (Collapse)AuthorAgeFilesLines
* Fix probing for supported revisions (Jones Desougi <jones@ingate.com>)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2005-12-221-4/+4
| | | | Bugzilla #413
* fix compilation of iptables on [old] systems that don't have IPT_F_GOTO/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-11-241-0/+2
|
* only set revisions on real targets, not on jumps. (Pablo Neira)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-11-171-1/+3
|
* add 'goto' support (Henrik Nordstrom <hno@marasystems.com>)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-11-051-1/+23
|
* Kernels higher than 2.6.10 don't support multiple --to arguments in/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-09-191-0/+18
| | | | | | | | | | | | | | | | | | | | | DNAT and SNAT targets. At present, the error is somewhat vague: # iptables -t nat -A foo -j SNAT --to 1.2.3.4 --to 2.3.4.5 iptables: Invalid argument But if we want current iptables to work with kernels <= 2.6.10, we cannot simply disallow this in all cases. So the below patch adds kernel version checking to iptables, and utilizes it in [DS]NAT. Now, users will see a more informative error: # iptables -t nat -A foo -j SNAT --to 1.2.3.4 --to 2.3.4.5 iptables v1.3.3: Multiple --to-source not supported This generic infrastructure (shamelessly lifted from procps btw) may come in handy in the future for other changes. This fixes bugzilla #367. (Phil Oester)
* The call to free_opts() in merge_options() is invalid C. The oldopts/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-07-291-3/+1
| | | | | | | | | argument always refers to the memory pointed to by the opts global, which may be freed by the call to free_opts(), but oldopts is used after the free_opts() call. This patch makes sure we don't use freed memory. (Marcus Sundberg <marcus@ingate.com>) ip6tables merge by myself.
* get rid of numerous gcc-4 warnings/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-07-191-1/+2
|
* reduce code replication of parse_interface() (Yasuyuki Kozakai)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-06-221-2/+1
|
* Chain name should not start with '!' (Yasuyuki Kozakai ↵/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2005-06-131-2/+2
| | | | <yasuyuki.kozakai@toshiba.co.jp>)
* Release previously merged options from merge_opts(), reduces memory-usage of ↵/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-05-291-6/+17
| | | | iptables-restore dramatically (Pablo Neira)
* poll goto specific changes out of trunk/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-04-151-3/+0
|
* fix iptables-save/restore of goto (Jonas Berlin)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-04-151-0/+3
|
* the optflags array contains a '3' for the OPT_LINENUMBERS entry while ↵/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2005-04-011-1/+1
| | | | everywhere else '0' is used (Jonas Berlin)
* Kill NFC_* stuff in iptables (Pablo Neira <pablo@eurodev.net>)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber@netfilter.org2005-02-141-10/+8
| | | | Fixes build with conntrack event patch for 2.6
* Remove leftover debug printf/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=gandalf/emailAddress=gandalf@netfilter.org2005-01-031-3/+0
|
* Replace memchr with strlen and fix up one of the statements./C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=gandalf/emailAddress=gandalf@netfilter.org2005-01-031-4/+4
|
* Extension revision number support (if kernel supports the getsockopts)./C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=rusty/emailAddress=rusty@netfilter.org2005-01-031-5/+120
| | | | | Enhance MARK match with second revision. Committed in anticipation of the kernel patch being applied.
* Fix setting lib_dir in ip*tables-{save,restore}/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=gandalf/emailAddress=gandalf@netfilter.org2004-12-271-10/+1
|
* Don't need ipt_entry_target()/ip6t_entry_target() now kernel uses static ↵/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=rusty/emailAddress=rusty@netfilter.org2004-12-221-15/+8
| | | | | | inline instead of extern inline (otherwise it doesn't compile without -O). Don't re-initialize libiptc/libip6t unless modprobe attempt actually succeeds. This makes nfsim run about 20 times faster, as it doesn't have to explore failures in the first iptc_init().
* Implement IPTABLES_LIB_DIR and IP6TABLES_LIB_DIR environment variables, and ↵/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=rusty/emailAddress=rusty@netfilter.org2004-12-201-4/+10
| | | | set them in testsuite if we're running iptables within tree.
* Fix module-autoloading in certain cases (Fixse Debian Bug 219686)/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2004-10-221-3/+5
|
* fix slightly changed semantics of iptc_is_builtinlaforge2004-08-301-1/+1
|
* Allocate enough memory for addr-list in host_to_addr()kaber2004-08-031-1/+1
|
* fix dual-free bug with multiple-A dns records (keso@klister.net)laforge2004-07-041-5/+2
|
* Get rid of some warnings when compiling 64bit.gandalf2004-05-261-13/+13
|
* Add versions of string_to_number() for use in 32bit userspace with 64bit kernel.gandalf2004-05-261-5/+30
|
* When compiled static, don't show help-messages for all matches and targets,gandalf2004-05-261-11/+13
| | | | only show help for specified ones.
* Get rid of some memoryleaks.gandalf2004-05-181-3/+25
| | | | Will make ip(6)tables-restore sessions use less memory.
* fix case where somebody uses '-i +' as interface name (Ozgur AKAN)laforge2004-04-071-1/+1
|
* add userspace part of SCTP matchlaforge2004-02-211-0/+1
|
* Make sure to use matches in the order they are given when calling ↵gandalf2004-02-021-62/+67
| | | | do_command() multiple times.
* Fix another possibly not zero-terminated string after copy (Karsten Desler)gandalf2004-01-311-0/+1
|
* Fix possibly not zero-terminated string after copy (Karsten Desler)gandalf2004-01-311-0/+1
|
* Fix '-L format bug' (Edward J. Huff) (Closes: #93)laforge2003-05-311-2/+2
|
* Fix the previous fixgandalf2003-05-051-7/+1
| | | | No more segfaults or compilewarnings.
* fix trivial typolaforge2003-05-031-1/+1
|
* fix memory leak(s) in libiptc. Reverts the previous (wrong) patch. (Martin ↵laforge2003-05-021-1/+7
| | | | Josefsson)
* fix stupid typo (Maciej Soltysiak)laforge2003-03-311-1/+1
|
* make iptables-restore print the line number in case of an errorlaforge2003-03-031-0/+8
| | | | (Illes Marci <marci@balabit.hu>)
* rename-chain has a mandatary argument, not an optional (Juergen Baumann)laforge2002-11-021-1/+1
|
* fix long-standing bug with regard to protocol-on-demand-loading and ↵laforge2002-08-261-15/+55
| | | | iptables-save/restore (1.2.7 release bug)
* minor fixes by kisza:laforge2002-08-141-1/+1
| | | | | | | | - remove -C(check) function from ip6tables - -M added to the getopts()'s list (missed) - small change in the iptables help - remove some unused code - some GPL notice added
* modify protocol-match-extension load behaviour to eliminate the twolaforge2002-08-071-24/+21
| | | | outstanding bugs.
* chain name may not clash with target namekadlec2002-06-241-3/+4
|
* make -M (aka --modprobe) work [Bart De Schuymer]laforge2002-06-151-1/+1
|
* remove '-C' check function;laforge2002-05-071-63/+7
| | | | add check for chain names starting with '-' to -N command.
* remove check of find_proto(), since do_command() can be called multiple times,laforge2002-05-041-2/+0
| | | | and match will be loaded after first call.
* make find_target() and find_match() honor LOAD_MUST_SUCCEED when NO_SHARED_LIBSmarc2002-03-241-0/+8
| | | | is defined.
* Fix 'iptables -p !' bug (segfault when `!' used without argument)laforge2002-03-141-12/+13
|
* add bugfix in case we are using a protocol number (-p N) which has no ↵laforge2002-02-181-3/+8
| | | | matching /etc/protocols entry