summaryrefslogtreecommitdiffstats
path: root/include/libiptc
Commit message (Collapse)AuthorAgeFilesLines
* Revert "libiptc: Returns the position the entry was inserted"Pablo Neira Ayuso2012-03-011-2/+1
| | | | | | | | | This reverts commit d65702c5c5bbab0ef12298386fa4098c72584e6c. This is breaking my iptables scripts: iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT iptables: Incompatible with this kernel.
* libiptc: Returns the position the entry was insertedJonh Wendell2012-02-291-1/+2
| | | | Jan Engelhardt showed no objections to this patch.
* libiptc: use a family-invariant xtc_ops struct for code reductionJan Engelhardt2011-09-113-0/+17
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* src: resolve old macro names that are indirectionsJan Engelhardt2011-09-112-8/+8
| | | | | | | | | | | Command used: git grep -f <(pcregrep -hior '(?<=#define\s)IP6?(T_\w+)(?=\s+X\1)' include/) and then fix all occurrences. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libiptc: combine common types: _handleJan Engelhardt2011-09-113-62/+61
| | | | | | | No real API/ABI change incurred, since the definition of the structs' types is not visible anyhow. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libiptc: replace ipt_chainlabel by xt_chainlabelJan Engelhardt2011-09-112-38/+38
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libiptc: combine common typesJan Engelhardt2011-09-113-2/+10
| | | | | | | | Make an xt_chainlabel type out of ipt_chainlabel and ip6t_chainlabel, and add backward-API #defines. The ABI naturally does not change either, so no soversion bump. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* src: replace old IP*T_ALIGN macrosJan Engelhardt2011-05-122-14/+0
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* iptables: add -C to check for existing rulesStefan Tomanek2011-03-082-0/+12
| | | | | | | | | | | | | | | | | It is often useful to check whether a specific rule is already present in a chain without actually modifying the iptables config. Services like fail2ban usually employ techniques like grepping through the output of "iptables -L" which is quite error prone. This patch adds a new operation -C to the iptables command which mostly works like -D; it can detect and indicate the existence of the specified rule by modifying the exit code. The new operation TC_CHECK_ENTRY uses the same code as the -D operation, whose functions got a dry-run parameter appended. Signed-off-by: Stefan Tomanek <stefan.tomanek@wertarbyte.de> Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* extensions: add missing limits.h includeJan Engelhardt2009-02-212-0/+10
| | | | | | Thanks to Stephen Hemminger for noticing. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libiptc: remove indirectionsJan Engelhardt2008-11-102-48/+48
| | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* libiptc: remove typedef indirectionJan Engelhardt2008-11-102-62/+60
| | | | | | | | | | | Don't you hate it when iptc_handle_t *x actually is a double-indirection struct iptc_handle **? This also shows the broken constness model, since "const iptc_handle_t x" = "iptc_handle_t const x" = "struct iptc_handle *const x", which is like no const at all. Lots of things to do then. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* src: remove dependency on libiptc headersJan Engelhardt2008-08-041-2/+0
| | | | | | | | xtables.h does not need really need libxtc.h, and we can drop it from the install as it is internal-only. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* Fix all remaining warnings (missing declarations, missing prototypes)Jan Engelhardt2008-04-132-0/+4
|
* fix gcc warningsMax Kellermann2008-01-292-2/+2
| | | | Max Kellermann <max@duempel.org>
* use <linux/types.h>Jan Engelhardt2007-12-172-0/+2
| | | | | | | | Remove our own definitions of the Linux types and use <linux/types.h> instead. libiptc needs it too, or otherwise will choke on union nf_inet_addr. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
* Introduces xtables match/target registrationYasuyuki KOZAKAI2007-07-241-0/+35
| | | | | | | | | | | | | | | | | | | | | | | - moves lib_dir to xtables.c - introduces struct pfinfo which has protocol family dependent infomations. - unifies load_ip[6]tables_ko() and moves them as load_xtables_ko() - introduces xt_{match,match_rule,target,tryload} and replaces ip[6]t_* with them - unifies following functions and move them to xtables.c - find_{match,find_target} - compatible_revision, compatible_{match,target}_revision - introduces xtables_register_{match,target} and make register_{match,target}[6] call them. xtables_register_* register ONLY matches/targets matched protocol family Some concepts: - source compatibility for libip[6]t_xxx.c with warning on compilation not binary compatibility. - binary compatibility between 2.4/2.6 kernel and iptables/ip6tables, of cause. - xtables is enough to support only one address family at runtime. Then xtables keeps infomations of only the focused address famiy in struct afinfo.
* Fix the previous fixMartin Josefsson2003-05-051-0/+3
| | | | No more segfaults or compilewarnings.
* fix memory leak(s) in libiptc. Reverts the previous (wrong) patch. (Martin ↵Martin Josefsson2003-05-021-0/+3
| | | | Josefsson)
* fix IP6T_MIN_ALIGN macro (Andreas Herrmann)Andreas Herrmann2002-02-251-1/+1
|
* pkttype match (new) + scorefile,Harald Welte2001-04-191-0/+10
| | | | libiptc C++ compatibility + scorefile
* libiptc counter functionsHarald Welte2001-01-052-0/+34
|
* Added <linux/in6.h> for libc5.Rusty Russell2000-11-061-0/+2
|
* Philip Blundell's IPv6 patches.Rusty Russell2000-06-021-1/+2
|
* Philip Blundell's IPv6 fixes.Philip Blundell2000-05-151-7/+7
|
* Philip Blundell's IPv6 fixes.Philip Blundell2000-05-101-5/+6
|
* IPv6 enhancements.Rusty Russell2000-05-021-0/+133
|
* Alignment fixes (requires kernel patch).Rusty Russell2000-04-271-2/+6
|
* More fixes and testsuite enhancements.Rusty Russell2000-04-231-12/+11
|
* Changes to allow matching (for delete) on part of a rule, for rules whichRusty Russell2000-04-191-1/+3
| | | | change in the kernel (eg. ipt_limit).
* Added linux/types.h for non-glibc systems.Rusty Russell2000-04-191-0/+1
|
* James Morris' limits.h patch.James Morris2000-03-241-0/+1
|
* reorganized tree after kernel mergeMarc Boucher2000-03-202-0/+153