summaryrefslogtreecommitdiffstats
path: root/extensions
Commit message (Collapse)AuthorAgeFilesLines
* doc: use .IP list for TCPMSSJan Engelhardt2011-05-241-10/+4
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* doc: make usage of libxt_rateest more obviousJan Engelhardt2011-05-221-15/+56
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* doc: add some coded option examples to libxt_hashlimitJan Engelhardt2011-05-221-10/+16
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxt_rateest: streamline case display of unitsJan Engelhardt2011-05-201-3/+3
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxt_quota: readd missing XTOPT_PUT requestJan Engelhardt2011-05-201-1/+2
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libipt_REDIRECT: "--to-ports" is not mandatoryLutz Jaenicke2011-05-181-2/+1
| | | | | | | | | The REDIRECT target can be called without the --to-ports option being specified. From the manual page: ...without this, the destination port is never altered. Signed-off-by: Lutz Jaenicke <ljaenicke@innominate.com> Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxtables: retract _NE types and use a flag insteadJan Engelhardt2011-05-181-4/+4
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libip6t_rt: rt-0-not-strict should take no argJan Engelhardt2011-05-131-1/+1
| | | | | | | This unfortunately got mixed up during the getopt -> guided parser move. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxt_conntrack: resolve erroneous rev-2 port range messageJan Engelhardt2011-05-131-0/+8
| | | | | | | --ctorigdstport 13 ip6tables-restore v1.4.10: conntrack rev 2 does not support port ranges Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxt_conntrack: fix assignment to wrong memberJan Engelhardt2011-05-131-8/+4
| | | | | | | Of course the range end ought to be set, not doing the start value twice. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxt_conntrack: correct printed module nameJan Engelhardt2011-05-131-2/+2
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libipt_[SD]NAT: avoid false error about multiple destinations specifiedJan Engelhardt2011-05-132-6/+12
| | | | | | | | | | | iptables-restore v1.4.10: DNAT: Multiple --to-destination not supported xtables_option_parse sets cb->xflags already, so that it cannot be directly used to test whether an option is being used for the second time. Thus use a private option/flag (X_TO_DEST/SRC) that is not under the control of xtables_option_parse. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libipt_[SD]NAT: flag up module name on errorJan Engelhardt2011-05-132-2/+2
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxt_policy: use XTTYPE_PROTOCOL typeJan Engelhardt2011-05-121-2/+2
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxt_policy: option table fixes, improved error trackingJan Engelhardt2011-05-122-10/+32
| | | | | | | | | | | Most of the flags are multi-use in this extension. Also transfer --next => --strict requirement to option table. Furthermore, augment the error messages emitted from fcheck to contain the policy element number, and elaborate on what an "empty policy element" is. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* Merge branch 'floating/opts' of git://dev.medozas.de/iptablesPatrick McHardy2011-05-1210-611/+341
|\
| * libipt_SAME: use guided option parserJan Engelhardt2011-05-091-52/+30
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libipt_REDIRECT: use guided option parserJan Engelhardt2011-05-091-37/+25
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libipt_MASQUERADE: use guided option parserJan Engelhardt2011-05-091-27/+21
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libipt_SNAT: use guided option parserJan Engelhardt2011-05-091-49/+39
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libipt_DNAT: use guided option parserJan Engelhardt2011-05-091-49/+39
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxt_iprange: use guided option parserJan Engelhardt2011-05-091-90/+54
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libipt_CLUSTERIP: use guided option parserJan Engelhardt2011-05-091-105/+52
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxt_mac: use guided option parserJan Engelhardt2011-05-091-60/+20
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libip6t_rt: use guided option parserJan Engelhardt2011-05-091-115/+44
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libip6t_mh: use guided option parserJan Engelhardt2011-05-091-27/+17
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* | Merge branch 'opts' of git://dev.medozas.de/iptablesPatrick McHardy2011-05-1113-1768/+890
|\|
| * libxt_conntrack: use guided option parserJan Engelhardt2011-05-091-451/+219
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxt_ipvs: use guided option parserJan Engelhardt2011-05-091-143/+65
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxt_limit: use guided option parserJan Engelhardt2011-05-091-32/+21
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libipt_NETMAP: use guided option parserJan Engelhardt2011-05-091-90/+16
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxt_multiport: use guided option parserJan Engelhardt2011-05-091-105/+73
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxt_osf: use guided option parserJan Engelhardt2011-05-091-68/+29
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxt_owner: use guided option parserJan Engelhardt2011-05-091-171/+117
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxt_policy: use guided option parserJan Engelhardt2011-05-091-196/+73
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxt_hashlimit: use guided option parserJan Engelhardt2011-05-091-290/+129
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxtables: do not overlay addr and mask parts, and cleanupJan Engelhardt2011-05-092-4/+4
| | | | | | | | | | | | | | | | | | XTTYPE_HOSTMASK will require that what has now become haddr, hmask/hlen are not overlays of another. Thus relax the structure and always set all members of the {haddr, hmask, hlen} triplet now for all types that touch any of the members. Add some more comments and clean out ONEHOST.
| * libxt_recent: use guided option parserJan Engelhardt2011-05-091-107/+79
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxt_connlimit: use guided option parserJan Engelhardt2011-05-091-111/+65
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* | Merge branch 'master' of git://dev.medozas.de/iptablesPatrick McHardy2011-05-114-4/+4
|\ \
| * | doc: S/DNAT allows to omit IP addressesJan Engelhardt2011-05-094-4/+4
| | | | | | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* | | Merge branch 'opts' of git://dev.medozas.de/iptablesPatrick McHardy2011-05-0917-281/+135
|\ \ \ | |/ / |/| / | |/
| * libxt_NFLOG: use guided option parserJan Engelhardt2011-05-091-74/+24
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxt_IDLETIMER: use guided option parserJan Engelhardt2011-05-091-58/+12
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxt_statistic: use guided option parserJan Engelhardt2011-05-091-88/+56
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxt_statistic: increase precision on create and dumpJan Engelhardt2011-05-092-7/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently, libxt_statistic only dumps the probability with a granularity of 1/1000000. Assuming only stuffed packets with 1440 bytes payload, this would match approximately every 1.341 GB, which is pretty low for a high-volume router. Trying to match any larger interval than that (e.g. 2 GB) will cause libxt_statistic to output "--probability 0.000000", and when restored, will cause it to never match again. Bump the dump precision to what xt_statistic can really do, and adjust the manpage to include a word about it. Furthermore, employ explicit rounding when reading the argument from the command line, because the previous implicit conversion would use truncation, which is not very exact. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxt_statistic: streamline and document possible placement of negationJan Engelhardt2011-05-092-9/+10
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * extensions: const annotationsJan Engelhardt2011-05-098-24/+24
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxt_owner: remove ifdef IPT_COMM_OWNERJan Engelhardt2011-05-081-20/+0
| | | | | | | | | | | | | | Ever since we keep a copy of the header files anyway, IPT_COMM_OWNER is always available. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * extensions: remove bogus use of XT_GETOPT_TABLEENDJan Engelhardt2011-05-082-2/+2
| | | | | | | | | | | | | | | | | | | | Commit v1.4.8-36-g32b8e61 added this end marker in a little too many places: at non-getopt places. Fix that. Also change the definition of XT_GETOPT_TABLEEND to reference a struct getopt member by name so that this cannot happen again. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>