summaryrefslogtreecommitdiffstats
path: root/include
Commit message (Collapse)AuthorAgeFilesLines
* Make xtables_target->extra_opts const (xtables_match->extra_opts already is)Jan Engelhardt2007-07-301-1/+1
| | | | Signed-off-by: Jan Engelhardt <jengelh@gmx.de>
* Unifies libip[6]t_NFQUEUE.c into libxt_NFQUEUE.cYasuyuki KOZAKAI2007-07-241-4/+4
|
* Unifies libip[6]t_TCPMSS.c into libxt_TCPMSS.cYasuyuki KOZAKAI2007-07-242-10/+10
|
* Add IPv6 support to comment matchYasuyuki KOZAKAI2007-07-242-10/+10
|
* Add IPv6 support to dscp match.Yasuyuki KOZAKAI2007-07-242-23/+23
|
* Unifies libip[6]t_esp.c into libxt_esp.cYasuyuki KOZAKAI2007-07-243-39/+14
|
* Unifies libip[6]t_length.c into libxt_length.cYasuyuki KOZAKAI2007-07-243-19/+9
|
* Unifies libip[6]t_limit.c into libxt_limit.c.Yasuyuki KOZAKAI2007-07-242-27/+6
|
* Unifies libip[6]t_mac.c into libxt_mac.cYasuyuki KOZAKAI2007-07-241-0/+8
|
* Unifies libip[6]t_physdev.c into libxt_physdev.cYasuyuki KOZAKAI2007-07-243-48/+24
|
* Add IPv6 support to pkttype matchYasuyuki KOZAKAI2007-07-242-9/+8
|
* Unifies libip[6]t_sctp.c into libxt_sctp.cYasuyuki KOZAKAI2007-07-241-11/+11
|
* Add IPv6 support to tcpmss matchYasuyuki KOZAKAI2007-07-242-9/+9
|
* Unifies libip[6]t_udp.c into libxt_udp.cYasuyuki KOZAKAI2007-07-241-0/+36
|
* Unifies libip[6]_mark.c into libxt_mark.cYasuyuki KOZAKAI2007-07-241-9/+0
|
* Use unified API in libipt_mark.cYasuyuki KOZAKAI2007-07-242-9/+9
|
* Unifies libip[6]t_multiport.c into libipxt_multiport.cYasuyuki KOZAKAI2007-07-242-59/+0
|
* Use unified API in multiport matchYasuyuki KOZAKAI2007-07-241-0/+30
|
* Moves all declarations in iptables_common.h to xtables.h.Yasuyuki KOZAKAI2007-07-244-38/+31
|
* Moves IPPROTO_* and IP[6]T_LIB_DIR definitions to xtables.hYasuyuki KOZAKAI2007-07-243-22/+16
|
* Moves some duplicated functions in ip[6]tables.c to xtables.cYasuyuki KOZAKAI2007-07-244-18/+17
| | | | | string_to_number_ll, string_to_number_l, string_to_number, service_to_port, parse_port, parse_interface, are moved.
* Introduces xtables match/target registrationYasuyuki KOZAKAI2007-07-246-276/+342
| | | | | | | | | | | | | | | | | | | | | | | - moves lib_dir to xtables.c - introduces struct pfinfo which has protocol family dependent infomations. - unifies load_ip[6]tables_ko() and moves them as load_xtables_ko() - introduces xt_{match,match_rule,target,tryload} and replaces ip[6]t_* with them - unifies following functions and move them to xtables.c - find_{match,find_target} - compatible_revision, compatible_{match,target}_revision - introduces xtables_register_{match,target} and make register_{match,target}[6] call them. xtables_register_* register ONLY matches/targets matched protocol family Some concepts: - source compatibility for libip[6]t_xxx.c with warning on compilation not binary compatibility. - binary compatibility between 2.4/2.6 kernel and iptables/ip6tables, of cause. - xtables is enough to support only one address family at runtime. Then xtables keeps infomations of only the focused address famiy in struct afinfo.
* Moves ip[6]tables_insmod() to xtables.c as xtables_insmod()Yasuyuki KOZAKAI2007-07-243-4/+3
|
* Moves common fw_malloc() and fw_calloc() to xtables.cYasuyuki KOZAKAI2007-07-241-0/+3
|
* Adds xtables.[ch] and change Makefile to compile itYasuyuki KOZAKAI2007-07-241-0/+4
|
* PATCH: Add connlimit to iptables.Jan Engelhardt2007-07-091-0/+17
| | | | Signed-off-by: Jan Engelhardt <jengelh@gmx.de>
* Removes KERNEL_64_USERSPACE_32Yasuyuki KOZAKAI2007-06-304-75/+0
| | | | | | | The recent kernel has compat layer for iptables. It doesn't have compat layer for libipq and ip6tables, but ip6tables with KERNEL_64_USERSPACE_32 is still broken. We should fix kernel instead of fixing them if and when we want use their 32bit binary with 64bit kernel.
* Removes some KERNEL_64_USERSPACE_32 because linux 2.6 has compat layerYasuyuki KOZAKAI2007-06-2810-50/+3
|
* Use nf_conntrack headers instead of ip_conntrack ones and add sanitized ↵Patrick McHardy2007-04-185-1/+297
| | | | versions.
* Fixes typos in the argument of ip[6]tables_insmod: quit -> quietYasuyuki KOZAKAI2007-03-202-4/+6
|
* Supress error message from modprobe on checking revision.Yasuyuki KOZAKAI2007-03-132-4/+4
|
* Add ip6tables TCPMSS extension (Arnaud Ebalard <arno@natisbad.org>)Arnaud Ebalard2007-01-161-0/+10
| | | | Kernel part will go in 2.6.21.
* Add UDPLITE multiport supportPatrick McHardy2007-01-112-0/+6
|
* Fix /etc/network usage (Pablo Neira)Pablo Neira Ayuso2006-11-291-0/+1
| | | | | | | | | | | | | | | | | | | | | | http://bugs.debian.org/398082 iptables 1.3.5 and 1.3.6 appear to read /etc/networks, but the information is lost somewhere with 1.3.6. # cat /etc/networks foonet 10.0.0.0 # strace -s 255 -o /tmp/foo iptables -v -A INPUT -s foonet/8 -j ACCEPT #1.3.5 [1] ACCEPT all opt -- in * out * 10.0.0.0/8 -> 0.0.0.0/0 # strace -s 255 -o /tmp/bar iptables -v -A INPUT -s foonet/8 -j ACCEPT #1.3.6 [2] iptables v1.3.6: host/network `foonet.0.0.0' not found Try `iptables -h' or 'iptables --help' for more information. 1. http://people.debian.org/~ljlane/stuff/strace-iptables-1.3.5.txt 2. http://people.debian.org/~ljlane/stuff/strace-iptables-1.3.6.txt
* load ip_[6]tables.ko just before checking revision support in kernel.Yasuyuki KOZAKAI2006-11-132-0/+2
|
* changes IP6T_SO_GET_REVISION_{MATCH,TARGET} to 68,69Yasuyuki KOZAKAI2006-11-131-2/+2
| | | | 66 and 67 is conflicted with IPv6 Advanced API in kernel <= 2.6.18.
* - Add revision support to ip6tables.Rémi Denis-Courmont2006-10-202-0/+45
| | | | | - Add support port range match to libip6t_multiport (R?mi Denis-Courmont <rdenis@simphalempin.com>)
* Add endian annotation types to fix compilation for kernels > 2.6.18Patrick McHardy2006-10-091-0/+5
|
* Revert "proto_to_name duplication" patch, as noticed by Yasuyuki it can causePatrick McHardyJesper Brouer2006-07-251-1/+0
| | | | invalid arguments to get accepted.
* proto_to_name duplication (Phil Oester <kernel@linuxace.com>)Phil Oester2006-07-221-0/+1
| | | | | Update multiport match to use the iptables version of proto_to_name instead of reinventing the wheel.
* reduce parse_*_port duplication (Phil Oester <kernel@linuxace.com>)Phil Oester2006-07-202-0/+2
| | | | | The below patch (dependent upon my 'reduce service_to_port duplication' patch) centralizes the parse_*_port functions into parse_port.
* reduce service_to_port duplication (Phil Oester <kernel@linuxace.com>)Phil Oester2006-07-202-0/+2
| | | | | The service_to_port function is used in a number of places, and could benefit from some centralization instead of being duplicated everywhere.
* Use gcc to build shared objects (Phil Oester <kernel@linuxace.com>)Phil Oester2006-07-201-0/+2
| | | | | | | | | | | | As suggested by Dmitry Levin and included in Fedora Core releases, use gcc instead of ld to link shared objects. Fedora rpm notes refer to this fixing a plugin problem, but does not offer specifics. But in any event, 'gcc -dumpspecs' does show gcc will pass a number of parameters which in theory it thinks are better. Compile tested both with and without NO_SHARED_LIBS. Closes bug #454.
* Add new exit value to indicate concurrency issues (Jesper Dangaard Brouer ↵Jesper Dangaard Brouer2006-06-191-1/+2
| | | | <hawk@comx.dk>)
* Add DCCP/SCTP support to multiport. Patch for kernel will go in 2.6.18.Patrick McHardy2006-04-282-0/+10
|
* Multiple matches of the same type can be specified on the commandline.Joszef Kadlecsik2006-03-032-0/+8
| | | | | | | | | | If two or more matches of the same type are detected then the options are assumed to be grouped in order to tell which option belongs to which match: ... -m foo ... <options0> ... -m foo ... <options1> ... Otherwise the commandline parsing is unmodified.
* make policy match compile independant of kernel headersv1.3.5Harald Welte2006-02-011-0/+4
|
* fix ipt_conntrack compilation against very early (2.4.0) kernel releasesHarald Welte2006-02-011-1/+1
|
* remove other bits of old ip pool code, people should use ipset ↵Harald Welte2006-02-011-26/+0
| | | | (ipset.netfilter.org) these days
* Prepare policy match for x_tables unification by making sure bothPatrick McHardy2006-01-312-0/+116
| | | | ipt_policy and ip6t_policy use the same data structure.