summaryrefslogtreecommitdiffstats
path: root/extensions/libipt_DNAT.c
Commit message (Collapse)AuthorAgeFilesLines
* Convert the NAT targets to use the kernel supplied nf_nat.h headerPatrick McHardy2012-09-101-18/+18
| | | | | Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* libipt_SAME: set PROTO_RANDOM on all rangesJan Engelhardt2011-11-301-7/+10
| | | | | | | | Resolve the (justified) WTF remark to a clearer version of when/why PROTO_RANDOM needs to be set. Especially when --random is used before --to in SAME, it would have not been appleid.
* libipt_[SD]NAT: avoid false error about multiple destinations specifiedJan Engelhardt2011-05-131-3/+6
| | | | | | | | | | | iptables-restore v1.4.10: DNAT: Multiple --to-destination not supported xtables_option_parse sets cb->xflags already, so that it cannot be directly used to test whether an option is being used for the second time. Thus use a private option/flag (X_TO_DEST/SRC) that is not under the control of xtables_option_parse. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libipt_[SD]NAT: flag up module name on errorJan Engelhardt2011-05-131-1/+1
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* Merge branch 'floating/opts' of git://dev.medozas.de/iptablesPatrick McHardy2011-05-121-49/+39
|\
| * libipt_DNAT: use guided option parserJan Engelhardt2011-05-091-49/+39
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* | doc: S/DNAT allows to omit IP addressesJan Engelhardt2011-05-091-1/+1
|/ | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* extensions: add missing checks for specific flagsJan Engelhardt2011-02-191-1/+1
| | | | | | | | | With "!flags", any option will be accepted. The extensions however want one very specific option to be used (or wrong help text). Commits: DNAT: v1.3.8~23, osf: v1.4.6~3 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* iptables: do not print trailing whitespacesJan Engelhardt2011-01-311-8/+6
| | | | | | | | | | | | | | | | | Due to the use of printf("foobar "), iptables emits spaces at the end-of-line, which looks odd to some users because it causes the terminal to wrap even if there is seemingly nothing to print. It may also have other points of annoyance, such as mailers interpreting a trailing space as an indicator that the paragraph continues when format=flowed is also on. And git highlights trailing spaces in red, so let's avoid :) Preexisting inconsistencies in outputting spaces in the right spot are also addressed right away. References: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=429579 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* extensions: remove no longer necessary default: casesJan Engelhardt2011-01-081-3/+1
| | | | | | | Match and target parse functions now only get option characters they have defined themselves. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* all: consistent syntax use in struct optionJan Engelhardt2010-07-231-4/+5
| | | | | | Try to inhibit copypasting old stuff. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* DNAT: fix incorrect check during parsingPatrick McHardy2009-11-061-1/+1
| | | | | | | | | | Specifying --random before --to-dest results in: Multiple --to-destination not supported Fix the flags check to only test the IPT_DNAT_OPT_DEST bit. Signed-off-by: Patrick McHardy <kaber@trash.net>
* libxtables: hand argv to xtables_check_inverseJan Engelhardt2009-11-031-1/+1
| | | | | | | | | In going to fix NF bug #611, "argv" is needed in xtables_check_inverse to set "optarg" to the right spot in case of an intrapositional negation. References: http://bugzilla.netfilter.org/show_bug.cgi?id=611 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* extensions: add const qualifiers in print/save functionsJan Engelhardt2009-05-261-2/+2
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* SNAT/DNAT: add support for persistent multi-range NAT mappingsPatrick McHardy2009-04-171-1/+11
| | | | | | | Add support for persistent mappings (2.6.29-rc2+) as replacement for the removed SAME target. Signed-off-by: Patrick McHardy <kaber@trash.net>
* extensions: add missing limits.h includeJan Engelhardt2009-02-211-0/+1
| | | | | | Thanks to Stephen Hemminger for noticing. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* include: resynchronize headers with 2.6.29-rc5Jan Engelhardt2009-02-211-7/+7
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* extensions: remove unwanted/add needed includes for IPv4 extsJan Engelhardt2009-02-211-1/+1
| | | | | | | Most touched files do not use anything from ip_tables.h, so remove that #include. multiport instead, does need it (ipt_entry). Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxtables: prefix exit_error to xtables_errorJan Engelhardt2009-02-211-11/+11
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxtables: prefix/order - move check_inverse to xtables.cJan Engelhardt2009-01-301-1/+1
| | | | | | | This also adds a warning that intrapositional negation support is deprecated. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxtables: prefix/order - ascii to ipaddr/ipmask inputJan Engelhardt2009-01-301-2/+2
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxtables: prefix/order - ipaddr/ipmask to ascii outputJan Engelhardt2009-01-301-2/+2
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* src: remove inclusion of iptables.hJan Engelhardt2008-11-201-0/+1
| | | | | | | | | iptables.h and ip6tables.h only include declarations internal to iptables (specifically iptables.c and ip6tables.c), as most of the public API has been moved to xtables.h a few months ago. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* src: use NFPROTO_ constantsJan Engelhardt2008-11-181-1/+1
| | | | | | | | Resync netfilter.h from the latest kernel and make use of the new NFPROTO_ constants that have been introduced. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* Add SCTP/DCCP support to NAT targetsPatrick McHardy2008-11-041-1/+3
| | | | Signed-off-by: Patrick McHardy <kaber@trash.net>
* src: Update commentsJan Engelhardt2008-09-011-6/+0
| | | | | | | | A number of comments are redundant, some outdated and others outright wrong in their own way. Remove and fixup. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* Remove old functions, constantsJan Engelhardt2008-04-151-10/+9
|
* fix gcc warningsMax Kellermann2008-01-291-1/+1
| | | | Max Kellermann <max@duempel.org>
* rename overlapping function namesJan Engelhardt2008-01-201-3/+3
| | | | | | Rename overlapping function names. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
* bunch o' renamesJan Engelhardt2008-01-201-2/+2
| | | | | | | | Move a few functions from iptables.c/ip6tables.c to xtables.c so they are available for combined (both AF_INET and AF_INET6) libxt modules. Rename overlapping function names. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
* PATCH - Fix for --random option in DNAT and REDIRECTTom Eastep2007-11-151-0/+1
| | | | | | | The --random option produces "Unknown arg `--random'" errors with both the DNAT and REDIRECT targets. Corrected by the attached patch. Tom Eastep <teastep@shorewall.net>
* Unique names 4/6Jan Engelhardt2007-10-041-22/+16
| | | | | | | | | | | Give symbols of libxt targets unique names (2/3). Adds unique prefixes to all functions (most of them - especially the hook functions) so that debugging programs can unambiguously map a symbol to an address. Also unifies the names of the xtables_match/xtables_target structs, (based upon libxt_connmark.c/libip6t_*.c). Signed-off-by: Jan Engelhardt <jengelh@gmx.de>
* Fix sparse warnings: non-ANSI function declarations, 0 used as pointerPatrick McHardy2007-09-081-3/+3
|
* Make the option structures const.Jan Engelhardt2007-07-301-1/+1
| | | | Signed-off-by: Jan Engelhardt <jengelh@gmx.de>
* Remove the .next=NULL field. This is automatically initialized to zero.Jan Engelhardt2007-07-301-1/+0
| | | | | | | I've kept .print=NULL and .save=NULL so it stands out (since iptables will do the print/save then). Signed-off-by: Jan Engelhardt <jengelh@gmx.de>
* Fixes warning on compilation, part 2Yasuyuki KOZAKAI2007-07-241-3/+4
| | | | | | | | | | This changes the type of arguments as follows in multiport, DNAT, SNAT, MASQUERADE, and REDIRECT - ip[6]t_ip[6] * -> void * - ip[6]t_entry * -> void * and adds lines to cast these pointer with intended type.
* Replaces ipt_entry_* with xt_entry_* in matches/targetsYasuyuki KOZAKAI2007-07-241-5/+5
|
* Add --random option to DNAT and REDIRECT targets and fix the manpage mess ↵Patrick McHardy2007-05-291-2/+20
| | | | this option left behind.
* Use nf_conntrack headers instead of ip_conntrack ones and add sanitized ↵Patrick McHardy2007-04-181-1/+1
| | | | versions.
* Kernels higher than 2.6.10 don't support multiple --to arguments inPhil Oester2005-09-191-0/+7
| | | | | | | | | | | | | | | | | | | | | DNAT and SNAT targets. At present, the error is somewhat vague: # iptables -t nat -A foo -j SNAT --to 1.2.3.4 --to 2.3.4.5 iptables: Invalid argument But if we want current iptables to work with kernels <= 2.6.10, we cannot simply disallow this in all cases. So the below patch adds kernel version checking to iptables, and utilizes it in [DS]NAT. Now, users will see a more informative error: # iptables -t nat -A foo -j SNAT --to 1.2.3.4 --to 2.3.4.5 iptables v1.3.3: Multiple --to-source not supported This generic infrastructure (shamelessly lifted from procps btw) may come in handy in the future for other changes. This fixes bugzilla #367. (Phil Oester)
* Fix NAT of ICMP ID ranges (Patrick McHardy)Patrick McHardy2005-07-221-1/+2
|
* This patch prevents user to set negative port value of SNAT/DNAT.Yasuyuki KOZAKAI2005-06-221-2/+2
| | | | (Yasuyuki Kozakai)
* Kill NFC_* stuff in iptables (Pablo Neira <pablo@eurodev.net>)Pablo Neira2005-02-141-9/+0
| | | | Fixes build with conntrack event patch for 2.6
* John McCann points out via bugzilla that iptables happily accepts thisPhil Oester2005-02-011-1/+6
| | | | | | | | | | | | | syntax on DNAT/SNAT: --to x.x.x.x:y:z but doesn't actually make use of the second port. Clear up the confusion by only accepting a dash between the ports. This closes bugzilla #265. Signed-off-by: Phil Oester <kernel@linuxace.com>
* Pablo Neira: extensions conversion to C99 structure initializationPablo Neira2004-12-281-14/+13
| | | | (I removed the revision stuff for the moment, but this needs to go in before the code moves too much --RR)
* globally replace NETFILTER_VERSION with IPTABLES_VERSION to have consistent ↵Harald Welte2002-05-291-2/+2
| | | | naming
* Fix 'iptables -p !' bug (segfault when `!' used without argument)Harald Welte2002-03-141-1/+1
|
* - added patch to support statically linking of iptablesHarald Welte2001-08-061-0/+1
| | | | - iptables-save/-restore is no longer experimental
* Aligning matchsize and targetsize now responsibility of extension writersRusty Russell2000-07-031-2/+2
| | | | (PPC fix).
* Alignment fixes (requires kernel patch).Rusty Russell2000-04-271-1/+1
|