| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
|
|
|
|
|
|
|
|
|
|
| |
http://bugzilla.netfilter.org/show_bug.cgi?id=577
When using the -m policy match, the option argument for --spi is converted
using strtol(), which returns a signed 32 bit value, so the highest
positive value is 0x7fffffff. Instead strtoul() should be used.
The same applies for the --reqid option argument.
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
|
|
|
|
| |
Reference: http://bugs.debian.org/515752
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
|
|
|
| |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
|
|
|
|
| |
Tested-by: Jesper Dangaard Brouer <hawk@comx.dk>
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
|
|
|
|
|
| |
Kill program_name, program_version and xtables_program_name.
Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
|
|
|
|
|
|
|
|
|
|
|
| |
Introduce xtables_init_all() which hides three calls xtables_init(),
xtables_set_nfproto(), and xtables_set_params(). Make
ip[6]tables-restore, ip[6]tables-save and ip[6]tables-standalone use
it.
I moved xtables_set_params around for readability reasons.
Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
|
|
|
|
|
|
|
|
| |
Introduce xtables_merge_options() for re-use reasons. Apps can use it
instead of each defining their own merge_options(). Made iptables and
ip6tables use the new shared interface.
Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
|
|
|
|
|
|
| |
Addendum to commit 5c3e0767764bb7fa1db61ac326e8359161380e21.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
|
|
|
|
|
|
|
| |
The patch modifies xtables_globals to introduce orig_opts and
xtables_free_opts() to emulate what free_opts used to do. We also get
rid of the copies of free_opts() that iptables and ip6tables keep.
Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
|
|
|
|
|
|
| |
Introduce xtables_set_revision() and make iptables and ip6tables use it.
Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
|
|
|
|
|
|
| |
Set proper name of application.
Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
|
|
|
|
|
|
|
|
|
|
|
|
| |
libipq.c: In function `ipq_create_handle':
libipq.c:220: error: `NFPROTO_IPV4' undeclared (first use in this function)
libipq.c:220: error: (Each undeclared identifier is reported only once
libipq.c:220: error: for each function it appears in.)
libipq.c:222: error: `NFPROTO_IPV6' undeclared (first use in this function)
Add the required includes.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
|
|
|
|
|
| |
This patch will support adding libiptc to the headers list in future.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
|
|
|
|
| |
Reference: http://bugs.debian.org/512281
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
|
|
|
|
| |
Reference: http://bugs.debian.org/511891
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
|
|
|
| |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
|
|
|
|
| |
Reference: http://bugs.debian.org/514869
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
|
|
|
|
|
|
| |
strlen ran over the end of the string. Use strnlen to bound it.
Reference: http://bugs.debian.org/513516
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
|
|
|
| |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
|\ |
|
| |
| |
| |
| | |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
| |
| |
| |
| |
| |
| | |
Addendum to commit v1.4.3-rc1-41-g77f48c2 where the macro users
got moved.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
| |
| |
| | |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
| |
| |
| | |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
| |
| |
| | |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
| |
| |
| | |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
| |
| |
| |
| |
| | |
libxtables uses dlopen, so *it* has to use -ldl, not the main program.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
| |
| |
| |
| |
| |
| |
| | |
Commit v1.4.3-rc1-47-g300e290 tried to consolidate the environment
variable presence checking code into xtables.c, but missed
adding IP6TABLES_LIB_DIR to libxtables.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Rename xtables_globals exit_error cb to exit_err and introduce
a very simple aliasing macro to point to it.
convert iptables, ip6tables and iptables_xml to use it.
Note iptables_xml does not have to define its own exit_error()
since it can use the basic one provided.
Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Replace direct exit_error() calls inside libxtables with
xt_params->exit_error().
With this change; i can now compile the useless app:
-----
#include <xtables.h>
int main(int argc, char **argv) {
return 0;
}
----
with "gcc useless.c -lxtables -ldl"
Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
| |
| |
| |
| |
| |
| |
| |
| | |
convert ip6tables, iptables and iptables-xml to use
xtables_globals/xtables_set_params()
Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Introduce exit_error() as part of xtables_globals structure.
When an application registers its xtables_globals definition
and does not specify its exit_error() it gets assigned a
basic version
Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Introduce xtables_free_opts() an xtables variant of
free_opts() which uses xtables_globals already set
by xtables_set_params(). The end goal is to have all internal
references in xtables.c use xtables_free_opts() instead of
depending on external defined free_opts()
Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
introduce a new struct,xtables_globals, so as to
localize the globals used and help in symbol renames.
The applications must invoke xtables_set_params() before starting
to use any iptables APIs.
xtables_set_params() is intended to free xtables from depending
(as it does right now) on existence of such externally definitions
(from iptables/iptables6 etc). At the moment, xtables wont even
compile without presence of at least one of {iptables/iptables6 etc}
Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
|\| |
|
| |\
| | |
| | |
| | |
| | | |
(throw away remote three commits as they had been redone
in this local branch)
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
libxtables should not rely on the program executable providing the
magic constants for using [gs]etsockopt.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This also adds a warning that intrapositional negation support
is deprecated.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Changes:
exittype -> xtables_exittype
P_* -> XTF_* flags
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Split XTABLES_VERSION into xtables and iptables, and encode the
xtables soversion into the extensions instead. This makes it possible
to upgrade iptables without having to recompile 3rd-party extensions
(if the libxtables version matches, of course).
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| | |
| | |
| | |
| | |
| | |
| | | |
This commit also throws out the redundant string_to_number_*.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| | |
| | |
| | |
| | |
| | |
| | | |
Consolidate the libdir variable initialization code into xtables.c.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This change affects:
find_{match,target} -> xtables_find_{match,target}
enum xt_tryload -> enum xtables_tryload
loose flags like DONT_LOAD -> XTF_DONT_LOAD
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This change affects:
load_xtables_ko -> xtables_load_ko
modprobe_program -> xtables_modprobe_program
Now uses bool for the "quiet" flag.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|