summaryrefslogtreecommitdiffstats
path: root/extensions
Commit message (Collapse)AuthorAgeFilesLines
* doc: explain experienced --hitcount limitJan Engelhardt2009-11-171-1/+3
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* DNAT: fix incorrect check during parsingPatrick McHardy2009-11-061-1/+1
| | | | | | | | | | Specifying --random before --to-dest results in: Multiple --to-destination not supported Fix the flags check to only test the IPT_DNAT_OPT_DEST bit. Signed-off-by: Patrick McHardy <kaber@trash.net>
* CONNMARK: print mark rules with mask 0xffffffff as set instead of xsetJan Engelhardt2009-11-041-0/+2
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* MARK: print mark rules with mask 0xffffffff as --set-mark instead of --set-xmarkPatrick McHardy2009-11-041-0/+2
| | | | Signed-off-by: Patrick McHardy <kaber@trash.net>
* iptables/extensions: make bundled options work againJan Engelhardt2009-11-0337-95/+95
| | | | | | | | | | | | | When using a bundled option like "-ptcp", 'argv[optind-1]' would logically point to "-ptcp", but this is obviously not right. 'optarg' is needed instead, which if properly offset to "tcp". Not all places change optind-based access to optarg; where look-ahead is needed, such as for tcp's --tcp-flags option for example, optind is ok. References: http://bugzilla.netfilter.org/show_bug.cgi?id=611 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxtables: hand argv to xtables_check_inverseJan Engelhardt2009-11-0360-128/+128
| | | | | | | | | In going to fix NF bug #611, "argv" is needed in xtables_check_inverse to set "optarg" to the right spot in case of an intrapositional negation. References: http://bugzilla.netfilter.org/show_bug.cgi?id=611 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* iprange: roll address parsing into a loopJan Engelhardt2009-10-251-20/+16
|
* iprange: warn on reverse rangeJan Engelhardt2009-10-251-22/+29
|
* iprange: do accept non-ranges for xt_iprange v1Jan Engelhardt2009-10-251-72/+47
| | | | [fill in details]
* realm: remove static initializationsJan Engelhardt2009-10-251-3/+2
| | | | | | Save a little disk space, they are initialized to zero anyway. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* doc: update TCPMSS manpage with Linux 2.6.25 changesTim Small2009-10-251-1/+9
| | | | | | | | References: http://bugs.debian.org/551272 [j.eng: modified --set-mss option description to be understandable] Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* doc: fix typo in length manpagesobtwmxt2009-10-251-1/+1
| | | | | References: http://bugs.debian.org/551867 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* doc: mention maximum mark size in manpagesJan Engelhardt2009-10-253-3/+5
|
* man: fix incorrect plural in libipt_set.manPatrick McHardy2009-08-241-1/+1
| | | | Signed-off-by: Patrick McHardy <kaber@trash.net>
* manpages: more fixes to minuses, hyphens, dashesJan Engelhardt2009-08-202-2/+2
| | | | | | | | | | | | | | | | Debian still carries patches patches to the iptables nroff code touching ASCII minuses, so I thought, what's it this time. Eventually, this patch tries to straighten things once more, per http://en.wikipedia.org/wiki/Wikipedia:Manual_of_Style#Hyphens and http://en.wikipedia.org/wiki/Wikipedia:Manual_of_Style#Dashes . Titles will get the em dash; all typed commands or parameters with a hyphen get a minus (so that man(1) hyperlinking and copy-pasting does work), but other mentions get the hyphen. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* manpage: fix lintian warningsLaurence J. Lane2009-08-201-1/+1
| | | | | | | | | | | Description: extraneous slash caused this lintian warning: W: iptables: manpage-has-errors-from-man usr/share/man/man8/iptables.8.gz 220: cannot use newline as a starting delimiter W: iptables: manpage-has-errors-from-man usr/share/man/man8/ip6tables.8.gz 1823: warning: `precedence'' not defined Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* ipt_set: fix a typo in the manpageTrent W. Buck2009-08-201-1/+1
| | | | | | References: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=539101 Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* libxt_NFQUEUE: add new v1 version with queue-balance optionFlorian Westphal2009-08-202-10/+124
| | | | | | | | | | | | | | | | New version that adds support for specifying a queue range instead of a single queue id. The kernel will distribute flows across the given queue range. This is useful for multicore systems, simply start multiple instances of the userspace program on queues x, x+1, .. x+n and use "--queue-balance x:x+n". Packets belonging to the same connection are put into the same queue. With fixes from Jan Engelhardt. Signed-off-by: Florian Westphal <fwestphal@astaro.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
* Merge branch 'stable'Jan Engelhardt2009-08-052-22/+139
|\ | | | | | | | | | | | | Conflicts: extensions/libxt_conntrack.c Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxt_helper: fix invalid passed option to check_inverseJan Engelhardt2009-06-251-1/+1
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * xt_conntrack: revision 2 for enlarged state_mask memberJan Engelhardt2009-06-251-27/+148
| | | | | | | | | | | | This complements the xt_conntrack revision 2 code added to the kenrel. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* | build: combine iptables-multi and iptables-staticJan Engelhardt2009-07-251-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Changed the Makefile so that: 1. --enable-shared / --disable-shared control the linkage against libdl (and thus the potential to use 3rd party extensions) 2. --enable-static / --disable-static controls whether shipped extensions are built-in or provided as modules iptables-static becomes redundant by this action; iptables-multi now has the feature. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* | extensions: collapse data variables to use multi-reg callsJan Engelhardt2009-06-2615-566/+552
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* | extensions: remove empty help and parse functionsJan Engelhardt2009-06-267-127/+0
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* | extensions: collapse registration structuresJan Engelhardt2009-06-2627-474/+29
|/ | | | | | | | | | | | There are no different code paths between IPV4 and IPV6, so data can be consolidated here. text data bss dec hex filename 243757 12212 2576 258545 3f1f1 ip6tables-static[before.i586] 243613 9428 2576 255617 3e681 ip6tables-static[after.i586] -144 -2784 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* Merge branch 'stable' of git://dev.medozas.de/iptablesPatrick McHardy2009-06-117-30/+31
|\
| * manpages: markup correctionsJan Engelhardt2009-06-105-26/+25
| | | | | | | | | | | | | | | | The manpage of xt_cluster and xt_recent had some unclosed tags. Backslashes in commands are also not wanted because manpages are a freeform, automatically-wrapped text. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxt_connlimit: initialize v6_maskkd6lvw2009-06-101-1/+3
| | | | | | | | | | | | | | | | | | | | When converting "--connlimit-mask $bits" to a 128-bit v6 mask, the code uses a left shift on v6_mask[n]. This requires v6_mask to be filled with all one-bits beforehand, but this initialization was not done. References: http://bugzilla.netfilter.org/show_bug.cgi?id=597 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxt_tcp: manpage corrections and suggestionsIan Bruce2009-06-081-2/+2
| | | | | | | | | | | | | | | | | | | | From: Ian Bruce <ian_bruce@fastmail.net> The commit corrects some minor errors in the iptables(8) man page, related to port ranges in the "tcp" module. Reference: http://bugs.debian.org/531677 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxt_tcp: fix a manpage syntax typoFrank Tobin2009-06-081-1/+1
| | | | | | | | | | Reference: http://bugzilla.netfilter.org/show_bug.cgi?id=596 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* | Updated set/SET match and target to support multiple ipset protocols.Jozsef Kadlecsik2009-06-115-44/+65
|/ | | | | | | | | | | By checking the protocol version of the kernel part, the sockopt type of ipset protocols are all supported. Forward compatibility with the netlink based protocol is missing. The --set option of the set match is replaced by --match-set to avoid clashing with the recent match, but the old option is also kept. Manpages are updated, references to bindings removed.
* extensions: remove redundant castsJan Engelhardt2009-06-082-8/+8
| | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* DNAT/SNAT: add manpage documentation for --persistent flagJan Engelhardt2009-06-083-4/+12
| | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* extensions: use NFPROTO_UNSPEC for .family fieldJan Engelhardt2009-06-0117-19/+19
| | | | | | | | This constant would be the designated one for the .family field; it also, given recent changes, makes grep for NFPROTO_UNSPEC work to finally recollect all manpages. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* build: fix manpage collectionJan Engelhardt2009-06-011-1/+4
| | | | | | | | | | | | Florian Westphal points out that v1.4.3.2-9-gc304d77 greps for the keyword in the wrong file, and that files with NFPROTO_UNSPEC are skipped. This patch corrects that part, and makes `make` now output the manpages it collected. Reported-by: Florian Westphal <fw@strlen.de> Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* policy: merge ipv6 and ipv4 variantJan Engelhardt2009-06-012-463/+114
| | | | | | | | The files duplicate most of their code, and struct ipt_policy_info being defined to xt_policy_info makes them actually have even more in common. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* policy: use direct xt_policy_info instead of ipt/ip6tJan Engelhardt2009-05-312-66/+66
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libip6t_policy: remove redundant functionsJan Engelhardt2009-05-311-40/+8
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* manpages: do not include v4-only modules in ip6tables manpageJan Engelhardt2009-05-261-5/+5
| | | | | References: http://bugs.debian.org/529954 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* addrtype: fix one manpage typeJan Engelhardt2009-05-261-1/+1
| | | | | References: http://bugs.debian.org/528457 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* iptables: replace open-coded sizeof by ARRAY_SIZEJan Engelhardt2009-05-2615-101/+44
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* extensions: add const qualifiers in print/save functionsJan Engelhardt2009-05-2628-80/+67
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* extensions: add `cluster' match supportPablo Neira Ayuso2009-05-062-0/+300
| | | | | | This patch adds support for the cluster match to iptables. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* SNAT/DNAT: add support for persistent multi-range NAT mappingsPatrick McHardy2009-04-172-2/+21
| | | | | | | Add support for persistent mappings (2.6.29-rc2+) as replacement for the removed SAME target. Signed-off-by: Patrick McHardy <kaber@trash.net>
* libxt_conntrack: properly output negation symbolJan Engelhardt2009-04-051-4/+4
| | | | | | | | | Because the wrong flag was checked, the "!" was either wrongly printed, or not printed at all. This was broken since v1.4.0-29-ga8ad34c. Reported-by: Steven Jan Springl <steven@springl.ukfsn.org> Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* CLASSIFY: document non-standard interpretation behaviorJan Engelhardt2009-04-042-2/+3
| | | | | | | | Most other extensions use strtoul (by means of xtables_strtoui) and would abide by the standard convention of hex/octal prefixes 0x/0, and decimal otherwise, but CLASSIFY is an exception. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* build: add configure option to disable ipv4 iptablesJan Engelhardt2009-04-031-1/+1
| | | | | | This patch complements the previous one. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* build: add configure option to disable ip6tablesJan Engelhardt2009-04-031-1/+1
| | | | | | | | This also skips building the IPv6 extensions. It does not #ifdef out all code however, I think that would make it too ugly. Inspired-by: http://bugzilla.netfilter.org/show_bug.cgi?id=560 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxt_tcpmss: fix an inversion while parsing --mssJan Engelhardt2009-03-241-1/+1
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxt_hashlimit: add missing space for iptables-save outputJan Engelhardt2009-03-241-1/+1
| | | | | Reference: http://bugzilla.netfilter.org/show_bug.cgi?id=568 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
generated by cgit v1.2.3 (git 2.25.0) at 2024-11-13 06:41:10 +0000