| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
| |
iprange_parse() was incomplete and did not include parsed ranges into
ipt_iprange_info structure resulting in always adding range
0.0.0.0-0.0.0.0 in the kernel.
Moreover, when using --dst-range, error messages may display
--src-range instead. Fix this too.
Signed-off-by: Vincent Bernat <bernat@luffy.cx>
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Update the shipped Linux kernel headers from 2.6.33-rc6, as
iptables's ipt_ECN.h for example references ipt_DSCP.h, which no
longer exists.
Since a number of old code pieces have been removed in the kernel in
that fashion, the structs for older versions are moved into the .c
file, to keep header updating simple.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
|
|
|
|
|
|
|
| |
In going to fix NF bug #611, "argv" is needed in
xtables_check_inverse to set "optarg" to the right spot in case of an
intrapositional negation.
References: http://bugzilla.netfilter.org/show_bug.cgi?id=611
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| | |
|
| | |
|
| |
|
|
| |
[fill in details]
|
| |
|
|
| |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
|
|
| |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
|
|
|
|
|
| |
This also adds a warning that intrapositional negation support
is deprecated.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
|
|
| |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
|
|
| |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
|
|
|
|
|
|
| |
Changes:
exittype -> xtables_exittype
P_* -> XTF_* flags
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
|
|
|
|
|
|
| |
Resync netfilter.h from the latest kernel and make use of the new
NFPROTO_ constants that have been introduced.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In file included from libxt_iprange.c:9:
../include/linux/netfilter.h:43: error: field 'in' has incomplete type
../include/linux/netfilter.h:44: error: field 'in6' has incomplete type
libxt_iprange.c: In function 'parse_iprange':
libxt_iprange.c:46: error: dereferencing pointer to incomplete type
libxt_iprange.c:53: error: dereferencing pointer to incomplete type
libxt_iprange.c: In function 'iprange_mt4_parse':
libxt_iprange.c:117: error: dereferencing pointer to incomplete type
libxt_iprange.c:121: error: dereferencing pointer to incomplete type
libxt_iprange.c:136: error: dereferencing pointer to incomplete type
libxt_iprange.c:140: error: dereferencing pointer to incomplete type
libxt_iprange.c: In function 'iprange_mt6_parse':
libxt_iprange.c:167: error: dereferencing pointer to incomplete type
libxt_iprange.c:171: error: dereferencing pointer to incomplete type
libxt_iprange.c:186: error: dereferencing pointer to incomplete type
libxt_iprange.c:190: error: dereferencing pointer to incomplete type
Signed-off-by: Thomas Jarosch <thomas.jarosch@intra2net.com>
|
| |
|
|
|
|
|
| |
There is no --src-ip, just --src-range. (Same for --dst-range.)
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
| |
|
|
|
|
|
|
|
| |
The --src-range and --dst-range parameters did not set the IPRANGE_*
flags in struct xt_iprange_mtinfo.
Reported-by: Maxim Britov <maxim.britov@gmail.com>
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
| | |
|
| |
|
|
|
|
|
| |
IP address validation logic was inverted, causing valid addresses to
be rejected.
Signed-off-by: James King <t.james.king@gmail.com>
|
| |
|
|
| |
Max Kellermann <max@duempel.org>
|
| |
|
|
|
|
| |
Add support for xt_iprange revision 1
Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
|
|
|
Move libipt_iprange to libxt_iprange.
Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
|
