summaryrefslogtreecommitdiffstats
path: root/extensions
Commit message (Collapse)AuthorAgeFilesLines
* includes: header updatesJan Engelhardt2010-02-0110-5/+124
| | | | | | | | | | | | Update the shipped Linux kernel headers from 2.6.33-rc6, as iptables's ipt_ECN.h for example references ipt_DSCP.h, which no longer exists. Since a number of old code pieces have been removed in the kernel in that fashion, the structs for older versions are moved into the .c file, to keep header updating simple. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* policy: fix error message showing wrong optionJan Engelhardt2010-01-311-1/+1
|
* doc: mention requirement of additional packages for ipsetJan Engelhardt2010-01-192-0/+8
| | | | | References: https://bugzilla.novell.com/561177 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* doc: fix limit manpage to reflect actual supported syntaxJan Engelhardt2010-01-191-1/+1
| | | | | References: https://bugzilla.novell.com/561179 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* doc: fix recent manpage to reflect actual supported syntaxJan Engelhardt2010-01-191-2/+5
| | | | | References: https://bugzilla.novell.com/561180 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* recent: reorder cases in code (cosmetic cleanup)Jan Engelhardt2010-01-191-8/+8
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* Merge branch 'master' of git://dev.medozas.de/iptablesPatrick McHardy2009-11-241-1/+3
|\
| * doc: explain experienced --hitcount limitJan Engelhardt2009-11-171-1/+3
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* | conntrack: fix --expires parsingPatrick McHardy2009-11-201-1/+1
| | | | | | | | | | | | | | | | | | | | | | Using ranges in --ctexpire results in a parsing error: conntrack: Bad value for "--expires" option: "1:1000" The first value is parsed twice, after which the end pointer doesn't point to the expected '\0' but to the colon. Signed-off-by: Patrick McHardy <kaber@trash.net>
* | extensions: add osf extensionPatrick McHardy2009-11-121-0/+155
|/ | | | | | From Evgeniy Polyakov <zbr@ioremap.net> Signed-off-by: Patrick McHardy <kaber@trash.net>
* DNAT: fix incorrect check during parsingPatrick McHardy2009-11-061-1/+1
| | | | | | | | | | Specifying --random before --to-dest results in: Multiple --to-destination not supported Fix the flags check to only test the IPT_DNAT_OPT_DEST bit. Signed-off-by: Patrick McHardy <kaber@trash.net>
* CONNMARK: print mark rules with mask 0xffffffff as set instead of xsetJan Engelhardt2009-11-041-0/+2
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* MARK: print mark rules with mask 0xffffffff as --set-mark instead of --set-xmarkPatrick McHardy2009-11-041-0/+2
| | | | Signed-off-by: Patrick McHardy <kaber@trash.net>
* iptables/extensions: make bundled options work againJan Engelhardt2009-11-0337-95/+95
| | | | | | | | | | | | | When using a bundled option like "-ptcp", 'argv[optind-1]' would logically point to "-ptcp", but this is obviously not right. 'optarg' is needed instead, which if properly offset to "tcp". Not all places change optind-based access to optarg; where look-ahead is needed, such as for tcp's --tcp-flags option for example, optind is ok. References: http://bugzilla.netfilter.org/show_bug.cgi?id=611 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxtables: hand argv to xtables_check_inverseJan Engelhardt2009-11-0360-128/+128
| | | | | | | | | In going to fix NF bug #611, "argv" is needed in xtables_check_inverse to set "optarg" to the right spot in case of an intrapositional negation. References: http://bugzilla.netfilter.org/show_bug.cgi?id=611 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* iprange: roll address parsing into a loopJan Engelhardt2009-10-251-20/+16
|
* iprange: warn on reverse rangeJan Engelhardt2009-10-251-22/+29
|
* iprange: do accept non-ranges for xt_iprange v1Jan Engelhardt2009-10-251-72/+47
| | | | [fill in details]
* realm: remove static initializationsJan Engelhardt2009-10-251-3/+2
| | | | | | Save a little disk space, they are initialized to zero anyway. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* doc: update TCPMSS manpage with Linux 2.6.25 changesTim Small2009-10-251-1/+9
| | | | | | | | References: http://bugs.debian.org/551272 [j.eng: modified --set-mss option description to be understandable] Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* doc: fix typo in length manpagesobtwmxt2009-10-251-1/+1
| | | | | References: http://bugs.debian.org/551867 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* doc: mention maximum mark size in manpagesJan Engelhardt2009-10-253-3/+5
|
* man: fix incorrect plural in libipt_set.manPatrick McHardy2009-08-241-1/+1
| | | | Signed-off-by: Patrick McHardy <kaber@trash.net>
* manpages: more fixes to minuses, hyphens, dashesJan Engelhardt2009-08-202-2/+2
| | | | | | | | | | | | | | | | Debian still carries patches patches to the iptables nroff code touching ASCII minuses, so I thought, what's it this time. Eventually, this patch tries to straighten things once more, per http://en.wikipedia.org/wiki/Wikipedia:Manual_of_Style#Hyphens and http://en.wikipedia.org/wiki/Wikipedia:Manual_of_Style#Dashes . Titles will get the em dash; all typed commands or parameters with a hyphen get a minus (so that man(1) hyperlinking and copy-pasting does work), but other mentions get the hyphen. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* manpage: fix lintian warningsLaurence J. Lane2009-08-201-1/+1
| | | | | | | | | | | Description: extraneous slash caused this lintian warning: W: iptables: manpage-has-errors-from-man usr/share/man/man8/iptables.8.gz 220: cannot use newline as a starting delimiter W: iptables: manpage-has-errors-from-man usr/share/man/man8/ip6tables.8.gz 1823: warning: `precedence'' not defined Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* ipt_set: fix a typo in the manpageTrent W. Buck2009-08-201-1/+1
| | | | | | References: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=539101 Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* libxt_NFQUEUE: add new v1 version with queue-balance optionFlorian Westphal2009-08-202-10/+124
| | | | | | | | | | | | | | | | New version that adds support for specifying a queue range instead of a single queue id. The kernel will distribute flows across the given queue range. This is useful for multicore systems, simply start multiple instances of the userspace program on queues x, x+1, .. x+n and use "--queue-balance x:x+n". Packets belonging to the same connection are put into the same queue. With fixes from Jan Engelhardt. Signed-off-by: Florian Westphal <fwestphal@astaro.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
* Merge branch 'stable'Jan Engelhardt2009-08-052-22/+139
|\ | | | | | | | | | | | | Conflicts: extensions/libxt_conntrack.c Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxt_helper: fix invalid passed option to check_inverseJan Engelhardt2009-06-251-1/+1
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * xt_conntrack: revision 2 for enlarged state_mask memberJan Engelhardt2009-06-251-27/+148
| | | | | | | | | | | | This complements the xt_conntrack revision 2 code added to the kenrel. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* | build: combine iptables-multi and iptables-staticJan Engelhardt2009-07-251-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Changed the Makefile so that: 1. --enable-shared / --disable-shared control the linkage against libdl (and thus the potential to use 3rd party extensions) 2. --enable-static / --disable-static controls whether shipped extensions are built-in or provided as modules iptables-static becomes redundant by this action; iptables-multi now has the feature. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* | extensions: collapse data variables to use multi-reg callsJan Engelhardt2009-06-2615-566/+552
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* | extensions: remove empty help and parse functionsJan Engelhardt2009-06-267-127/+0
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* | extensions: collapse registration structuresJan Engelhardt2009-06-2627-474/+29
|/ | | | | | | | | | | | There are no different code paths between IPV4 and IPV6, so data can be consolidated here. text data bss dec hex filename 243757 12212 2576 258545 3f1f1 ip6tables-static[before.i586] 243613 9428 2576 255617 3e681 ip6tables-static[after.i586] -144 -2784 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* Merge branch 'stable' of git://dev.medozas.de/iptablesPatrick McHardy2009-06-117-30/+31
|\
| * manpages: markup correctionsJan Engelhardt2009-06-105-26/+25
| | | | | | | | | | | | | | | | The manpage of xt_cluster and xt_recent had some unclosed tags. Backslashes in commands are also not wanted because manpages are a freeform, automatically-wrapped text. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxt_connlimit: initialize v6_maskkd6lvw2009-06-101-1/+3
| | | | | | | | | | | | | | | | | | | | When converting "--connlimit-mask $bits" to a 128-bit v6 mask, the code uses a left shift on v6_mask[n]. This requires v6_mask to be filled with all one-bits beforehand, but this initialization was not done. References: http://bugzilla.netfilter.org/show_bug.cgi?id=597 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxt_tcp: manpage corrections and suggestionsIan Bruce2009-06-081-2/+2
| | | | | | | | | | | | | | | | | | | | From: Ian Bruce <ian_bruce@fastmail.net> The commit corrects some minor errors in the iptables(8) man page, related to port ranges in the "tcp" module. Reference: http://bugs.debian.org/531677 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxt_tcp: fix a manpage syntax typoFrank Tobin2009-06-081-1/+1
| | | | | | | | | | Reference: http://bugzilla.netfilter.org/show_bug.cgi?id=596 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* | Updated set/SET match and target to support multiple ipset protocols.Jozsef Kadlecsik2009-06-115-44/+65
|/ | | | | | | | | | | By checking the protocol version of the kernel part, the sockopt type of ipset protocols are all supported. Forward compatibility with the netlink based protocol is missing. The --set option of the set match is replaced by --match-set to avoid clashing with the recent match, but the old option is also kept. Manpages are updated, references to bindings removed.
* extensions: remove redundant castsJan Engelhardt2009-06-082-8/+8
| | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* DNAT/SNAT: add manpage documentation for --persistent flagJan Engelhardt2009-06-083-4/+12
| | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* extensions: use NFPROTO_UNSPEC for .family fieldJan Engelhardt2009-06-0117-19/+19
| | | | | | | | This constant would be the designated one for the .family field; it also, given recent changes, makes grep for NFPROTO_UNSPEC work to finally recollect all manpages. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* build: fix manpage collectionJan Engelhardt2009-06-011-1/+4
| | | | | | | | | | | | Florian Westphal points out that v1.4.3.2-9-gc304d77 greps for the keyword in the wrong file, and that files with NFPROTO_UNSPEC are skipped. This patch corrects that part, and makes `make` now output the manpages it collected. Reported-by: Florian Westphal <fw@strlen.de> Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* policy: merge ipv6 and ipv4 variantJan Engelhardt2009-06-012-463/+114
| | | | | | | | The files duplicate most of their code, and struct ipt_policy_info being defined to xt_policy_info makes them actually have even more in common. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* policy: use direct xt_policy_info instead of ipt/ip6tJan Engelhardt2009-05-312-66/+66
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libip6t_policy: remove redundant functionsJan Engelhardt2009-05-311-40/+8
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* manpages: do not include v4-only modules in ip6tables manpageJan Engelhardt2009-05-261-5/+5
| | | | | References: http://bugs.debian.org/529954 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* addrtype: fix one manpage typeJan Engelhardt2009-05-261-1/+1
| | | | | References: http://bugs.debian.org/528457 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* iptables: replace open-coded sizeof by ARRAY_SIZEJan Engelhardt2009-05-2615-101/+44
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>