summaryrefslogtreecommitdiffstats
path: root/include
Commit message (Collapse)AuthorAgeFilesLines
* Revert "Merge branch 'iptables-next'"Patrick McHardy2010-05-211-9/+0
| | | | | | | This reverts commit 65414babaebcd403e9bf2c27d9d74adb369bf3aa, reversing changes made to 7278461dfad72e2008585dd0bac0e889e5bba99e. Forgot to commit the version increase.
* extensions: add support for xt_TEEJan Engelhardt2010-04-191-0/+9
| | | | | | xt_TEE is firstly included in Linux 2.6.35. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* extensions: add CT extensionPatrick McHardy2010-03-082-0/+38
| | | | Signed-off-by: Patrick McHardy <kaber@trash.net>
* includes: header updatesJan Engelhardt2010-02-0161-652/+296
| | | | | | | | | | | | Update the shipped Linux kernel headers from 2.6.33-rc6, as iptables's ipt_ECN.h for example references ipt_DSCP.h, which no longer exists. Since a number of old code pieces have been removed in the kernel in that fashion, the structs for older versions are moved into the .c file, to keep header updating simple. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* extensions: add osf extensionPatrick McHardy2009-11-121-0/+135
| | | | | | From Evgeniy Polyakov <zbr@ioremap.net> Signed-off-by: Patrick McHardy <kaber@trash.net>
* libxtables: hand argv to xtables_check_inverseJan Engelhardt2009-11-031-1/+1
| | | | | | | | | In going to fix NF bug #611, "argv" is needed in xtables_check_inverse to set "optarg" to the right spot in case of an intrapositional negation. References: http://bugzilla.netfilter.org/show_bug.cgi?id=611 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxt_NFQUEUE: add new v1 version with queue-balance optionFlorian Westphal2009-08-201-0/+5
| | | | | | | | | | | | | | | | New version that adds support for specifying a queue range instead of a single queue id. The kernel will distribute flows across the given queue range. This is useful for multicore systems, simply start multiple instances of the userspace program on queues x, x+1, .. x+n and use "--queue-balance x:x+n". Packets belonging to the same connection are put into the same queue. With fixes from Jan Engelhardt. Signed-off-by: Florian Westphal <fwestphal@astaro.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
* Merge branch 'stable'Jan Engelhardt2009-08-051-0/+13
|\ | | | | | | | | | | | | Conflicts: extensions/libxt_conntrack.c Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * xt_conntrack: revision 2 for enlarged state_mask memberJan Engelhardt2009-06-251-0/+13
| | | | | | | | | | | | This complements the xt_conntrack revision 2 code added to the kenrel. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* | build: combine iptables-multi and iptables-staticJan Engelhardt2009-07-251-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Changed the Makefile so that: 1. --enable-shared / --disable-shared control the linkage against libdl (and thus the potential to use 3rd party extensions) 2. --enable-static / --disable-static controls whether shipped extensions are built-in or provided as modules iptables-static becomes redundant by this action; iptables-multi now has the feature. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* | build: fix struct size mismatchJan Engelhardt2009-07-251-4/+0
| | | | | | | | | | | | | | | | | | Mixing code compiled with and without -DNO_SHARED_LIBS is fine as long as the structs have the same layout. This patch prevents a potential (currently non-triggerable) "ip6tables: target (null)<123> is missing a version" error. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* | xtables: add multi-registration functionsJan Engelhardt2009-06-261-0/+2
| | | | | | | | | | | | Similar to the ones that are present in the kernel. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* | iptables: accept multiple IP address specifications for -s, -dMichael Granzow2009-06-261-0/+5
|/ | | | | | | | | | | | | | libiptc already supports adding and deleting multiple rules with different addresses, so it only needs to be wired up to the options. # ip6tables -I INPUT -s 2001:db8::d,2001:db8::e -j DROP References: http://marc.info/?l=netfilter-devel&m=123929790719202&w=2 Adjustments made: syntax, removal of unneeded variables, manpage adjustment, soversion bump. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* xtables: use extern "C"Jan Engelhardt2009-05-261-0/+8
| | | | | | This fixes linking errors for 3rd-party C++ code. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* extensions: add `cluster' match supportPablo Neira Ayuso2009-05-061-0/+17
| | | | | | This patch adds support for the cluster match to iptables. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* SNAT/DNAT: add support for persistent multi-range NAT mappingsPatrick McHardy2009-04-171-0/+1
| | | | | | | Add support for persistent mappings (2.6.29-rc2+) as replacement for the removed SAME target. Signed-off-by: Patrick McHardy <kaber@trash.net>
* libxtables: reorder .version memberJan Engelhardt2009-04-031-3/+13
| | | | | | | | | | | | | When the structure's layout changes, as it did between v1.4.1 and v1.4.2, trying to compare the version string makes iptables segfault while it tries to determine whether the module is compatible in the first place. By moving the member to a known offset in the struct and keeping it there, objects (both iptables and 3rd party) compiled from this commit onwards will avoid the segfault. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* Merge commit 'nf/master'Jan Engelhardt2009-03-151-0/+1
|\
| * iptables: Add limits.h to get INT_MIN, INT_MAX, ...Stephen Hemminger2009-02-251-0/+1
| | | | | | | | | | | | | | | | | | | | Fix build failure of iptables utilities on debian/ubuntu, maybe other distros. The values INT_MIN and INT_MAX are used by many filters and these are defined in limits.h --- patch against current iptables.git Signed-off-by: Patrick McHardy <kaber@trash.net>
* | extensions: add missing limits.h includeJan Engelhardt2009-02-212-0/+10
| | | | | | | | | | | | Thanks to Stephen Hemminger for noticing. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* | include: resynchronize headers with 2.6.29-rc5Jan Engelhardt2009-02-2114-60/+63
|/ | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxtables: prefix exit_error to xtables_errorJan Engelhardt2009-02-211-1/+1
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxtables: inline and remove unused OPTION_OFFSET macroJan Engelhardt2009-02-211-1/+0
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libiptc: make library available as a shared libraryJan Engelhardt2009-02-161-0/+4
| | | | | Tested-by: Jesper Dangaard Brouer <hawk@comx.dk> Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxtables: general follow-up cleanupJamal Hadi Salim2009-02-131-1/+0
| | | | | | Kill program_name, program_version and xtables_program_name. Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
* libxtables: consolidate init calls into one functionJamal Hadi Salim2009-02-131-0/+1
| | | | | | | | | | | Introduce xtables_init_all() which hides three calls xtables_init(), xtables_set_nfproto(), and xtables_set_params(). Make ip[6]tables-restore, ip[6]tables-save and ip[6]tables-standalone use it. I moved xtables_set_params around for readability reasons. Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
* libxtables: consolidate merge_options into xtables_merge_optionsJamal Hadi Salim2009-02-131-0/+4
| | | | | | | | Introduce xtables_merge_options() for re-use reasons. Apps can use it instead of each defining their own merge_options(). Made iptables and ip6tables use the new shared interface. Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
* libxtables: make iptables and ip6tables use xtables_free_optsJamal Hadi Salim2009-02-121-1/+2
| | | | | | | | The patch modifies xtables_globals to introduce orig_opts and xtables_free_opts() to emulate what free_opts used to do. We also get rid of the copies of free_opts() that iptables and ip6tables keep. Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
* libxtables: add xtables_set_revisionJamal Hadi Salim2009-02-121-0/+1
| | | | | | Introduce xtables_set_revision() and make iptables and ip6tables use it. Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
* libxtables: set names of programsJamal Hadi Salim2009-02-122-0/+4
| | | | | | Set proper name of application. Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
* build: restructure Makefile for include/ directoryJan Engelhardt2009-02-121-0/+8
| | | | | | This patch will support adding libiptc to the headers list in future. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxtables: use const for vars holding literalsJan Engelhardt2009-02-121-2/+1
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* Merge branch 'master' of git://dev.medozas.de/iptablesPatrick McHardy2009-02-125-38/+21
|\
| * src: consolidate duplicate code in iptables/internal.hJan Engelhardt2009-02-103-4/+2
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxtables: move compat defines to xtables.cJan Engelhardt2009-02-102-10/+0
| | | | | | | | | | | | | | Addendum to commit v1.4.3-rc1-41-g77f48c2 where the macro users got moved. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * src: remove unused ipt_tryload macroJan Engelhardt2009-02-102-4/+0
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * src: remove iptables_rule_match indirection macroJan Engelhardt2009-02-102-2/+0
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxtables: decouple non-xtables parts from headerJan Engelhardt2009-02-104-6/+11
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxtables: remove unused XT_LIB_DIR macroJan Engelhardt2009-02-101-4/+0
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* | libxtables: simple aliasing macro for exit_errorJamal Hadi Salim2009-02-111-4/+4
| | | | | | | | | | | | | | | | | | | | | | Rename xtables_globals exit_error cb to exit_err and introduce a very simple aliasing macro to point to it. convert iptables, ip6tables and iptables_xml to use it. Note iptables_xml does not have to define its own exit_error() since it can use the basic one provided. Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca> Signed-off-by: Patrick McHardy <kaber@trash.net>
* | libxtables: Add exit_error cb to xtables_globalsJamal Hadi Salim2009-02-111-8/+9
| | | | | | | | | | | | | | | | | | | | Introduce exit_error() as part of xtables_globals structure. When an application registers its xtables_globals definition and does not specify its exit_error() it gets assigned a basic version Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca> Signed-off-by: Patrick McHardy <kaber@trash.net>
* | libxtables: define xtables_free_opts()Jamal Hadi Salim2009-02-111-0/+1
| | | | | | | | | | | | | | | | | | | | | | Introduce xtables_free_opts() an xtables variant of free_opts() which uses xtables_globals already set by xtables_set_params(). The end goal is to have all internal references in xtables.c use xtables_free_opts() instead of depending on external defined free_opts() Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca> Signed-off-by: Patrick McHardy <kaber@trash.net>
* | libxtables: Introduce global params structuringJamal Hadi Salim2009-02-111-0/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | introduce a new struct,xtables_globals, so as to localize the globals used and help in symbol renames. The applications must invoke xtables_set_params() before starting to use any iptables APIs. xtables_set_params() is intended to free xtables from depending (as it does right now) on existence of such externally definitions (from iptables/iptables6 etc). At the moment, xtables wont even compile without presence of at least one of {iptables/iptables6 etc} Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca> Signed-off-by: Patrick McHardy <kaber@trash.net>
* | Merge branch 'master' of git://dev.medozas.de/iptablesPatrick McHardy2009-02-093-88/+80
|\|
| * libxtables: move afinfo aroundJan Engelhardt2009-02-072-24/+1
| | | | | | | | | | | | | | libxtables should not rely on the program executable providing the magic constants for using [gs]etsockopt. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxtables: prefix/order - move parse_protocol to xtables.cJan Engelhardt2009-01-301-2/+19
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxtables: prefix/order - move check_inverse to xtables.cJan Engelhardt2009-01-301-1/+2
| | | | | | | | | | | | | | This also adds a warning that intrapositional negation support is deprecated. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxtables: prefix - parse and escaped output funcJan Engelhardt2009-01-301-3/+3
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxtables: prefix - misc functionsJan Engelhardt2009-01-301-3/+3
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxtables: prefix/order - ascii to ipaddr/ipmask inputJan Engelhardt2009-01-301-3/+3
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>