| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|
|
|
|
| |
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|\ |
|
| |
| |
| |
| | |
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Have each extension link against libxtables.so; with this, all home
symbols are known at link time and we can use ld's --no-undefined to
run the check, dropping the homebrew solution.
By having libxtables.so required by extensions, package managers'
automatic dependency discovery will become effective so that manual
dependencies for distros with split extension packages (e.g. OpenWRT)
will not be necessary anymore.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
| |
| |
| | |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
| |
| |
| | |
Split off extensions/.gitignore.
|
| | |
|
| |
| |
| |
| | |
Only ignore these paths if they are a directory.
|
|\| |
|
| | |
|
|\| |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
quoting man page:
match packets from a connection whose packets/bytes/average
packet size is more than FROM and less than TO bytes/packets. if
TO is omitted only FROM check is done.
But, when TO was omitted, we did treat it like "x:x" which is not
the same at all.
Before commit 09631dc60ce41bc484a42fcf4d4ddf7036820bd1
(libxt_connbytes: use guided option parser), we failed to parse
"--connbytes x" ('Bad range "x"'), but treated "x:" like "x:0xffffffff".
Also, restore the "from must be smaller than to" check.
Signed-off-by: Florian Westphal <fw@strlen.de>
|
|\ \
| |/
|/| |
|
| |
| |
| |
| |
| |
| |
| |
| | |
Support for the reap option was merged in the kernel as of 2.6.35.
Cc: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
|
| |\ |
|
| |\ \ |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
CLUSTERIP: improve readability of bitwise operation
Signed-off-by: Thomas Jarosch <thomas.jarosch@intra2net.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |\ \ \ |
|
| | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Command used:
git grep -f <(pcregrep -hior
'(?<=#define\s)IP6?(T_\w+)(?=\s+X\1)' include/)
and then fix all occurrences.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
No real API/ABI change incurred, since the definition of the structs'
types is not visible anyhow.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Make an xt_chainlabel type out of ipt_chainlabel and ip6t_chainlabel,
and add backward-API #defines. The ABI naturally does not change
either, so no soversion bump.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Was never implemented, kill it.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
CC libip4tc.lo
In file included from libip4tc.c:118:0:
libiptc.c:70:8: error: redefinition of "struct xt_error_target"
../include/linux/netfilter/x_tables.h:69:8: note: originally defined here
Remove libiptc's duplicate definition and substitute names.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |\ \ \ \ |
|
| |\ \ \ \ \ |
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Rev 1 was added to the kernel in commit v2.6.39-rc1~468^2~10^2~1 but
there was no corresponding iptables patch so far.
Cc: Florian Westphal <fw@strlen.de>
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |_|_|_|_|/
|/| | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Resolve the (justified) WTF remark to a clearer version of when/why
PROTO_RANDOM needs to be set.
Especially when --random is used before --to in SAME, it would have
not been appleid.
|
| |_|_|_|/
|/| | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
else, this will print "--queue-num 0--queue-bypass ".
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |_|_|/
|/| | |
| | | |
| | | |
| | | | |
Signed-off-by: Thomas Jarosch <thomas.jarosch@intra2net.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |_|/
|/| |
| | |
| | |
| | |
| | |
| | |
| | | |
iptables(exe) requires libext.a, but extensions/ require libxtables.la
(in iptables/). This circular dependency does not work out, so
separate libxtables into its own directory and put it in front.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| | |
| | |
| | |
| | |
| | |
| | | |
Commit v1.4.0-rc1-12-ge8665f8 completely forgot this.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Commit v1.4.0-rc1-12-ge8665f8 forgot to port the change to the
ip6tables part.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| | |
Manpage subsections are already sorted for obvious reasons. Since
$(wildcard) can actually return results unordered (just what the OS
can do) do the sorting with the .o file list too, for developer
comfort.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
|\ \ |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
~# iptables -t mangle -A foo -j CONNSECMARK --save
~# iptables -t mangle -S
[...]
-A foo -j CONNSECMARK--save
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
That way, the remaining unreferenced symbols that do appear in
libipt_DNAT and libipt_SNAT as part of the new check can be resolved,
and the ugly -rdynamic hack can finally be removed.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
To be notified of occurrences where we are missing any libraries, run
some ldd checks post building.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
$ ldd -r libxt_RATEEST.so
undefined symbol: log (./libxt_RATEEST.so)
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |/
| |
| |
| |
| |
| |
| |
| | |
$ ldd -r libxt_statistic.so
undefined symbol: lround (./libxt_statistic.so)
References: https://bugs.archlinux.org/task/25358
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
|\|
| |
| |
| | |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|