summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
| * | libxtables: prefix/order - program_nameJan Engelhardt2009-01-3013-48/+68
| | | | | | | | | | | | | | | | | | | | | | | | | | | Split XTABLES_VERSION into xtables and iptables, and encode the xtables soversion into the extensions instead. This makes it possible to upgrade iptables without having to recompile 3rd-party extensions (if the libxtables version matches, of course). Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * | libxtables: prefix/order - strtouiJan Engelhardt2009-01-2738-173/+141
| | | | | | | | | | | | | | | | | | This commit also throws out the redundant string_to_number_*. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * | libxtables: prefix/order - libdirJan Engelhardt2009-01-279-65/+27
| | | | | | | | | | | | | | | | | | Consolidate the libdir variable initialization code into xtables.c. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * | libxtables: prefix/order - match/target loadingJan Engelhardt2009-01-275-82/+94
| | | | | | | | | | | | | | | | | | | | | | | | | | | This change affects: find_{match,target} -> xtables_find_{match,target} enum xt_tryload -> enum xtables_tryload loose flags like DONT_LOAD -> XTF_DONT_LOAD Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * | libxtables: prefix/order - modprobe and xtables.ko loadingJan Engelhardt2009-01-277-17/+22
| | | | | | | | | | | | | | | | | | | | | | | | | | | This change affects: load_xtables_ko -> xtables_load_ko modprobe_program -> xtables_modprobe_program Now uses bool for the "quiet" flag. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * | libxtables: prefix/order - fw_xallocJan Engelhardt2009-01-276-26/+29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It is good practice to prefix names in a library some way so that it does not clash with external programs' variable names right on the first try. This change: rename fw_[cm]alloc to xtables_[cm]alloc and move the definition from internal.h to xtables.h to avoid potential compiler warnings. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * | extensions: use UINT_MAX constants over open-coded numbers (2/2)Jan Engelhardt2009-01-2723-42/+42
| | | | | | | | | | | | | | | | | | Use the handy constants for ranges. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * | extensions: use UINT_MAX constants over open-coded bits (1/2)Jan Engelhardt2009-01-278-33/+33
| | | | | | | | | | | | | | | | | | ~0 depends on the sizeof(int), so it is better to use UINT32_MAX. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * | libxt_owner: use correct UID/GID boundariesJan Engelhardt2009-01-271-7/+7
| | | | | | | | | | | | | | | | | | | | | -1 is a reserved number (chown uses it to denote "do not change"), so the maximum libxt_owner should permit is up to UINT32_MAX-1. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * | src: remove redundant castsJan Engelhardt2009-01-2719-28/+26
| | | | | | | | | | | | | | | | | | All of them are implicitly convertable without any wanted side effects. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * | src: remove redundant returns at end of void-returning functionsJan Engelhardt2009-01-276-11/+0
| | | | | | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* | | xt_NFLOG: Set default NFLOG qthreshold to 0Eric Leblond2009-02-091-1/+1
| |/ |/| | | | | | | | | | | By setting default NFLOG qthreshold to 0, userspace does not overwrite the per-instance value. Signed-off-by: Patrick McHardy <kaber@trash.net>
* | libxtables: prefix names and order #3Jan Engelhardt2009-02-015-82/+94
| | | | | | | | | | | | | | | | | | | | This change affects: find_{match,target} -> xtables_find_{match,target} enum xt_tryload -> enum xtables_tryload loose flags like DONT_LOAD -> XTF_DONT_LOAD Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* | libxtables: prefix names and order it #2Jan Engelhardt2009-02-017-17/+22
| | | | | | | | | | | | | | | | | | | | This change affects: load_xtables_ko -> xtables_load_ko modprobe_program -> xtables_modprobe_program Now uses bool for the "quiet" flag. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* | libbxtables: prefix names and order it #1Jan Engelhardt2009-02-016-26/+29
|/ | | | | | | | | | | | | | | | It is good practice to prefix names in a library some way so that it does not clash with external programs' variable names right on the first try. This change: rename fw_[cm]alloc to xtables_[cm]alloc and move the definition from internal.h to xtables.h to avoid potential compiler warnings. These functions are intended to fix Jamal's dependency problem in his tc's ipt action. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* man: fix physdev manpageBart De Schuymer2009-01-261-3/+3
| | | | | | | | A sentence of the physdev module's help entry was truncated by the man program because the line starts with a single quote. Signed-off-by: Bart De Schuymer <bdschuym@pandora.be> Signed-off-by: Patrick McHardy <kaber@trash.net>
* libxt_owner: add more spaces to outputDaniel Drake2009-01-191-2/+2
| | | | | | | | | | | | | Commit bb9284d1 ("libxt_owner: add spaces to output") moved the printing of spaces away from the owner_mt_print() function family, but forgot to add spaces in all of the print_item() functions that are called. This is likely to be at least the partial cause of https://bugs.gentoo.org/show_bug.cgi?id=254435 Signed-off-by: Daniel Drake <dsd@gentoo.org> Approves-of-this-patch: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* doc: augment ICMP manpage by type/code syntaxJan Engelhardt2009-01-142-3/+3
| | | | | | | | | The ICMP match module also allows numeric type/code as in "--icmp-type type/code". Document it. Based upon a patch by Victor Stinner <vstinner@inl.fr>. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* doc: escape minus sign in manpage (2)Jan Engelhardt2009-01-142-135/+136
| | | | Addendum to previous patch.
* build: remove non-portable ruleJan Engelhardt2009-01-121-3/+0
| | | | | | | | | | > Makefile.am:97: `%'-style pattern rules are a GNU make extension (iptables still requires GNU make for extensions/, because it is so much easier to write.) Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* build: use regular = assignments in MakefileJan Engelhardt2009-01-121-10/+10
| | | | | | | | | | Resolves warnings: Makefile.am:7: `:='-style assignments are not portable Makefile.am:71: `:='-style assignments are not portable etc. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* doc: escape minus sign in manpagesJan Engelhardt2009-01-1279-414/+416
| | | | | | | groff formats '-' as a hyphen, and '\-' is needed for a minus. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* doc: resynchronize markup in iptables,ip6tables.8.inJan Engelhardt2009-01-082-15/+13
| | | | | | | | Change .br to .PP in the intro section and use consistent paragraphing in later ones. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* doc: put iptables version into manpageJan Engelhardt2009-01-083-4/+4
| | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* build: resolve autotools suggestionsJan Engelhardt2009-01-073-4/+9
| | | | | | | libtool2 wants to put files into m4, so let it have it. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* env: augment deprecation noticeJan Engelhardt2009-01-076-6/+12
| | | | | | | Tell the user what to use instead of IP*TABLES_LIBDIR. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* rateest: guard against segfaultJan Engelhardt2008-12-301-0/+3
| | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* iptables-save: output ! in position according to manpageJan Engelhardt2008-12-0916-78/+54
| | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* src: remove unused include filesJan Engelhardt2008-12-076-141/+0
| | | | | | | | No .c files include any of these - in fact they seem to be remnants missed during commit b1f568309a09e61f892dee3c23279cecff0b0ff4 - so remove them. Signed-off-by: Patrick McHardy <kaber@trash.net>
* libiptc: guard chain index allocation for different malloc implementationsJan Engelhardt2008-11-261-1/+1
| | | | | | | | Some libc implementations such as µClibc return NULL on malloc(0). They are free to do that per C standard. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signeed-off-by: Patrick McHardy <kaber@trash.net>
* doc: fix a typo in libip6t_REJECT.manJan Engelhardt2008-11-241-2/+1
| | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* src: remove inclusion of iptables.hJan Engelhardt2008-11-2040-38/+38
| | | | | | | | | iptables.h and ip6tables.h only include declarations internal to iptables (specifically iptables.c and ip6tables.c), as most of the public API has been moved to xtables.h a few months ago. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* iptables: refer to dmesg when we hit errorPablo Neira Ayuso2008-11-192-2/+4
| | | | | | | | | | | This does not make any better, but at least refer to dmesg which is the common source of information to diagnose kernel-side problems. This is helpful for newbie users. # iptables -I INPUT -j CLUSTERIP iptables: Invalid argument. Run `dmesg' for more information. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* state: report spaces in the state list parsingPablo Neira Ayuso2008-11-192-2/+8
| | | | | | | | | | | | | | | | | | | | | | | | This patch adds better error reporting when the user inserts a space between two states with the --state option. iptables -I INPUT -m state ESTABLISHED, RELATED ^ mind the space results in: iptables v1.4.2-rc1: Bad state `' Try `iptables -h' or 'iptables --help' for more information. Now this returns: iptables v1.4.2-rc1: `--state' requires a list of states with no spaces, e.g. ESTABLISHED,RELATED This patch also applies to libxt_conntrack which has a copy of the function. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* iptables: fix error reporting with wrong/missing argumentsPablo Neira Ayuso2008-11-192-2/+36
| | | | | | | | | | | | | | | | This patch fixes wrong error reporting when arguments are missing: # iptables -I INPUT -m state --state iptables v1.4.2-rc1: Unknown arg `(null)' Try `iptables -h' or 'iptables --help' for more information. or wrong: # iptables -I INPUT -m state --xyz iptables v1.4.2-rc1: Unknown arg `(null)' Try `iptables -h' or 'iptables --help' for more information. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: use NFPROTO_ constantsJan Engelhardt2008-11-1878-134/+146
| | | | | | | | Resync netfilter.h from the latest kernel and make use of the new NFPROTO_ constants that have been introduced. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* src: reuse the global modprobe_program variableJan Engelhardt2008-11-182-11/+8
| | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* Bump version to 1.4.3-rc1v1.4.3-rc1Patrick McHardy2008-11-132-4/+4
|
* libxt_conntrack: dump ctdirJan Engelhardt2008-11-121-0/+15
| | | | | | | | Sent in as part of a larger private mail by Gáspár Lajos <swifty@freemail.hu>; I cherry-picked the ctdir part. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* libiptc: make sockfd a per-handle thingJan Engelhardt2008-11-101-24/+14
| | | | | | | Get away from this singleton. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* libxt_conntrack: respect -n option during ruledumpJan Engelhardt2008-11-101-2/+8
| | | | | | | Reference: http://bugs.debian.org/502548 Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* libiptc: use hex output for hookmaskJan Engelhardt2008-11-101-2/+2
| | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* libiptc: remove unused iptc_get_raw_socket and iptc_check_packetJan Engelhardt2008-11-103-26/+0
| | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* libiptc: remove indirectionsJan Engelhardt2008-11-1013-279/+284
| | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* libiptc: remove typedef indirectionJan Engelhardt2008-11-1015-188/+186
| | | | | | | | | | | Don't you hate it when iptc_handle_t *x actually is a double-indirection struct iptc_handle **? This also shows the broken constness model, since "const iptc_handle_t x" = "iptc_handle_t const x" = "struct iptc_handle *const x", which is like no const at all. Lots of things to do then. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* Add SCTP/DCCP support to NAT targetsPatrick McHardy2008-11-044-4/+12
| | | | Signed-off-by: Patrick McHardy <kaber@trash.net>
* manpage: explain what rule-specification isJan Engelhardt2008-10-291-5/+11
| | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* manpage: use separate paragraphs for command syntaxJan Engelhardt2008-10-291-9/+9
| | | | | | | | This makes it (IMO) easier to follow when the terminal is small and the command line specifications begin to wrap. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* Fix compile warnings using gcc 4.3.2Thomas Jarosch2008-10-234-0/+4
| | | | | | | | | | | | | | libxt_dccp.c: In function 'port_to_service': libxt_dccp.c:196: warning: implicit declaration of function 'htons' libxt_sctp.c: In function 'port_to_service': libxt_sctp.c:321: warning: implicit declaration of function 'htons' libxt_tcp.c: In function 'port_to_service': libxt_tcp.c:220: warning: implicit declaration of function 'htons' libxt_udp.c: In function 'port_to_service': libxt_udp.c:104: warning: implicit declaration of function 'htons' Signed-off-by: Thomas Jarosch <thomas.jarosch@intra2net.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
* Fix compile error in libxt_iprange.c using gcc 4.3.2Thomas Jarosch2008-10-231-0/+1
| | | | | | | | | | | | | | | | | | | | | In file included from libxt_iprange.c:9: ../include/linux/netfilter.h:43: error: field 'in' has incomplete type ../include/linux/netfilter.h:44: error: field 'in6' has incomplete type libxt_iprange.c: In function 'parse_iprange': libxt_iprange.c:46: error: dereferencing pointer to incomplete type libxt_iprange.c:53: error: dereferencing pointer to incomplete type libxt_iprange.c: In function 'iprange_mt4_parse': libxt_iprange.c:117: error: dereferencing pointer to incomplete type libxt_iprange.c:121: error: dereferencing pointer to incomplete type libxt_iprange.c:136: error: dereferencing pointer to incomplete type libxt_iprange.c:140: error: dereferencing pointer to incomplete type libxt_iprange.c: In function 'iprange_mt6_parse': libxt_iprange.c:167: error: dereferencing pointer to incomplete type libxt_iprange.c:171: error: dereferencing pointer to incomplete type libxt_iprange.c:186: error: dereferencing pointer to incomplete type libxt_iprange.c:190: error: dereferencing pointer to incomplete type Signed-off-by: Thomas Jarosch <thomas.jarosch@intra2net.com>