summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* | iptables-compat: fix chain policy reset with iptables -L -nPablo Neira Ayuso2014-10-241-3/+11
| | | | | | | | | | | | | | | | | | | | | | | | Initialize built-in tables/chains if they don't exists, otherwise simply skip. This avoids the chain policy reset to NF_ACCEPT by when you call iptables -L -n. Reported-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Tested-by: Ana Rey <anarey@gmail.com>
* | nft-ipv46: replace offset var with ctx->payload.offsetGiuseppe Longo2014-10-182-2/+2
| | | | | | | | | | | | | | | | | | The offset variable (undefined) is passed to DEBUGP function, so you get a compilation error if you try to build iptables with debug enabled Signed-off-by: Giuseppe Longo <giuseppelng@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* | nft: fix syntax error in nft_parse_cmp()Giuseppe Longo2014-10-181-1/+1
| | | | | | | | | | | | | | This fixes a syntax error, remove ; in an if statement Signed-off-by: Giuseppe Longo <giuseppelng@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* | refresh nf_tables.h cached copyPablo Neira Ayuso2014-10-091-1/+76
| | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* | arptables-compat: remove save codePablo Neira Ayuso2014-10-091-29/+2
| | | | | | | | | | | | | | | | There is not native arptables-save. The original author provides perl scripts to implement arptables-save and arptables-restore. We should use them to mimic arptables behaviour. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* | arptables-compat: get output in sync with arptables -L -n --line-numbersPablo Neira Ayuso2014-10-096-46/+94
| | | | | | | | | | | | | | | | | | | | # arptables-compat -L -n --line-numbers Chain INPUT (policy ACCEPT) num target prot opt source destination <-- This header is not shown by arptables. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* | arptables-compat: allow to not specify a targetPablo Neira Ayuso2014-10-096-230/+163
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | arptables allows this: # arptables -I INPUT however, arptables-compat says: arptables v1.4.21: No target provided or initalization failed Try `arptables -h' or 'arptables --help' for more information. the compat utility must mimic the same behaviour. Fix this by introducing the arptables_command_state abstraction that is already available in ip{6}tables. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* | arptables-compat: fix missing error reportingPablo Neira Ayuso2014-10-091-0/+5
| | | | | | | | | | | | | | # arptables-compat -D INPUT -j ACCEPT arptables: Bad rule (does a matching rule exist in that chain?) Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* | iptables-compat: nft: fix error reportingPablo Neira Ayuso2014-10-091-16/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | This fixes # iptables-compat -X test4345 iptables: No chain/target/match by that name. # iptables-compat -N test4345 # iptables-compat -N test4345 iptables: File exists. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* | iptables-compat: nft: fix user chain addition, deletion and renamePablo Neira Ayuso2014-10-091-27/+60
| | | | | | | | | | | | | | Add the glue code to use the chain batching for user chain commands. Reported-by: Giuseppe Longo <giuseppelng@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* | Merge branch 'tests'Pablo Neira Ayuso2014-10-0161-1/+1037
|\ \ | | | | | | | | | | | | This merges the iptables-test.py script and the corresponding test files.
| * | build: don't include tests in released tarballPablo Neira Ayuso2013-12-041-1/+1
| | | | | | | | | | | | | | | | | | | | | Do not include all our .t test files in releases. Skip iptables-tests.py script as well. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libxt_MARK: add unit testPablo Neira Ayuso2013-10-071-0/+7
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libxt_owner: add unit testPablo Neira Ayuso2013-10-071-0/+12
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libip6t_DNAT: add unit testPablo Neira Ayuso2013-10-071-0/+8
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libipt_SNAT: add unit testPablo Neira Ayuso2013-10-071-0/+8
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libxt_TEE: add unit testPablo Neira Ayuso2013-10-071-0/+4
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libxt_physdev: add unit testPablo Neira Ayuso2013-10-071-0/+14
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libxt_iprange: add unit testPablo Neira Ayuso2013-10-071-0/+11
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libxt_quota: add unit testPablo Neira Ayuso2013-10-071-0/+10
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libxt_cpu: add unit testPablo Neira Ayuso2013-10-071-0/+6
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libxt_dscp: add unit testPablo Neira Ayuso2013-10-071-0/+10
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libip6t_REJECT: add unit testPablo Neira Ayuso2013-10-071-0/+9
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libxt_multiport: add unit testPablo Neira Ayuso2013-10-071-0/+23
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libipt_ULOG: add unit testPablo Neira Ayuso2013-10-071-0/+19
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libxt_conntrack: add unit testPablo Neira Ayuso2013-10-071-0/+27
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libxt_limit: add unit testPablo Neira Ayuso2013-10-071-0/+6
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libip6t_eui64: add unit testPablo Neira Ayuso2013-10-071-0/+8
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libxt_DSCP: add unit testPablo Neira Ayuso2013-10-071-0/+11
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libxt_TOS: add unit testPablo Neira Ayuso2013-10-071-0/+16
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libxt_TRACE: add unit testPablo Neira Ayuso2013-10-071-0/+3
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libipt_ECN: add unit testPablo Neira Ayuso2013-10-071-0/+5
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libxt_standard: add unit testPablo Neira Ayuso2013-10-071-0/+4
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libipt_MASQUERADE: add unit testPablo Neira Ayuso2013-10-071-0/+8
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libxt_NOTRACK: add unit testPablo Neira Ayuso2013-10-071-0/+4
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libxt_sctp: add unit testPablo Neira Ayuso2013-10-071-0/+32
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libipt_REJECT: add unit testPablo Neira Ayuso2013-10-071-0/+9
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libxt_mark: add unit testPablo Neira Ayuso2013-10-071-0/+7
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libxt_nfacct: add unit testPablo Neira Ayuso2013-10-071-0/+10
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libxt_rateest: add unit testPablo Neira Ayuso2013-10-071-0/+16
| | | | | | | | | | | | | | | | | | based on tests/options-most.rules Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libxt_string: add unit testPablo Neira Ayuso2013-10-071-0/+18
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libxt_state: add unit testPablo Neira Ayuso2013-10-071-0/+6
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libxt_CT: add unit testPablo Neira Ayuso2013-10-071-0/+20
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libxt_pkttype: add unit testPablo Neira Ayuso2013-10-071-0/+6
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libipt_ttl.t: add unit testPablo Neira Ayuso2013-10-071-0/+15
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libxt_NFQUEUE: add unit testPablo Neira Ayuso2013-10-071-0/+12
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libipt_icmp: add unit testPablo Neira Ayuso2013-10-071-0/+15
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libxt_helper: add unit testPablo Neira Ayuso2013-10-071-0/+6
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libxt_esp: add unit testPablo Neira Ayuso2013-10-071-0/+9
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libxt_dccp: add unit testPablo Neira Ayuso2013-10-071-0/+30
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>