summaryrefslogtreecommitdiffstats
path: root/xtables.c
Commit message (Collapse)AuthorAgeFilesLines
* src: remove dependency on libiptc headersJan Engelhardt2008-08-041-0/+1
| | | | | | | | xtables.h does not need really need libxtc.h, and we can drop it from the install as it is internal-only. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* ip6tables: fix printing of ipv6 network masksJan Engelhardt2008-06-101-4/+4
| | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* Use s6_addr32 to access bits in int6_addr instead of incompatible nameYasuyuki Kozakai2008-06-041-1/+1
| | | | | | | Spotted by Khem Raj <raj.khem@gmail.com> Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> Signed-off-by: Patrick McHardy <kaber@trash.net>
* Wrap dlopen code into NO_SHARED_LIBSJan Engelhardt2008-04-151-0/+2
|
* Resolve warnings on 64-bit compileJan Engelhardt2008-04-151-2/+2
|
* Implement AF_UNSPEC as a wildcard for extensionsJan Engelhardt2008-04-141-6/+16
|
* Combine IP{,6}T_LIB_DIR into XTABLES_LIBDIRJan Engelhardt2008-04-131-43/+51
|
* Fix -Wshadow warnings and clean up xt_sctp.hJan Engelhardt2008-04-061-2/+2
| | | | | Note: xt_sctp.h is still not merged upstream in the kernel as of this commit. But a refactoring was really needed.
* Drop -W from CFLAGS and some tiny code cleanupsJan Engelhardt2008-04-061-1/+1
| | | | | - change "unsigned" to explicit "unsigned int" - remove some casts
* fix gcc warningsMax Kellermann2008-01-291-2/+2
| | | | Max Kellermann <max@duempel.org>
* escape stringsMax Kellermann2008-01-291-0/+37
| | | | Max Kellermann <max@duempel.org>
* rename overlapping function namesJan Engelhardt2008-01-201-0/+318
| | | | | | Rename overlapping function names. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
* bunch o' renamesJan Engelhardt2008-01-201-0/+148
| | | | | | | | Move a few functions from iptables.c/ip6tables.c to xtables.c so they are available for combined (both AF_INET and AF_INET6) libxt modules. Rename overlapping function names. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
* print warning when dlopen failsJan Engelhardt2008-01-201-0/+14
| | | | | | | If the file exists but could not be loaded, print the dlerror(). Often it is a missing symbol. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
* common error messagesJan Engelhardt2008-01-201-0/+49
| | | | | | | | Error messages vary wildly among modules, and there is a lot of reundance in it too. Introduce a helper function that does all of the parameter checking boilerplate and gives unique messages. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
* Introduce strtonum(), which works like string_to_number(), but passesJan Engelhardt2008-01-201-0/+44
| | | | | | | | | | | | | | | | | | | | back the 'end' pointer. It is useful where you want to do boundary checking yet work with strings that are not entirely slurped by strtoul(), e.g.: s = "1/2"; /* one half */ if (!strtonum(s, &end, &value, 0, 5)) error("Zero-length string, or value out of bounds"); if (*end != '/') error("Malformed string"); info->param1 = value; if (!strtonum(end + 1, &end, &value, 2, 4)) error(".."); if (*end != '\0') error("Malformed string"); info->param2 = value; Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
* iptables and NO_SHARED_LIBS/dlfcn.hMike Frysinger2007-12-191-1/+4
| | | | | | | | if NO_SHARED_LIBS is defined, then iptables shouldnt even include dlfcn.h. otherwise you hit a build failure when using toolchains that do not provide dlfcn.h because they do not support shared objects. Signed-Off-By: Mike Frysinger <vapier@gentoo.org>
* Fix showing help text for matches/targets with revision as userPatrick McHardy2007-12-031-0/+9
| | | | | | | When running as a user iptables can't determine the highest supported revision and exits. Assume all revision are supported in case we get a EPERM. If the user is not showing the help text but trying to add new rules he'll get EPERM later anyway.
* [PATCH iptables] print warnings to stderrMax Kellermann2007-10-171-3/+4
| | | | | | | | iptables prints some of its error messages and warnings to stdout. This patch applies to svn r7075 and will make iptables print diagnostic messages to stderr instead. Signed-off-by: Max Kellermann <max@duempel.org>
* Tries to load libxt_*.so at first.Yasuyuki KOZAKAI2007-08-041-15/+22
| | | | If failed, it tries libip[6]t_*.so.
* Moves all declarations in iptables_common.h to xtables.h.Yasuyuki KOZAKAI2007-07-241-1/+0
|
* Moves some duplicated functions in ip[6]tables.c to xtables.cYasuyuki KOZAKAI2007-07-241-0/+103
| | | | | string_to_number_ll, string_to_number_l, string_to_number, service_to_port, parse_port, parse_interface, are moved.
* Introduces xtables match/target registrationYasuyuki KOZAKAI2007-07-241-0/+342
| | | | | | | | | | | | | | | | | | | | | | | - moves lib_dir to xtables.c - introduces struct pfinfo which has protocol family dependent infomations. - unifies load_ip[6]tables_ko() and moves them as load_xtables_ko() - introduces xt_{match,match_rule,target,tryload} and replaces ip[6]t_* with them - unifies following functions and move them to xtables.c - find_{match,find_target} - compatible_revision, compatible_{match,target}_revision - introduces xtables_register_{match,target} and make register_{match,target}[6] call them. xtables_register_* register ONLY matches/targets matched protocol family Some concepts: - source compatibility for libip[6]t_xxx.c with warning on compilation not binary compatibility. - binary compatibility between 2.4/2.6 kernel and iptables/ip6tables, of cause. - xtables is enough to support only one address family at runtime. Then xtables keeps infomations of only the focused address famiy in struct afinfo.
* Moves ip[6]tables_insmod() to xtables.c as xtables_insmod()Yasuyuki KOZAKAI2007-07-241-1/+85
|
* Moves common fw_malloc() and fw_calloc() to xtables.cYasuyuki KOZAKAI2007-07-241-0/+30
|
* Adds xtables.[ch] and change Makefile to compile itYasuyuki KOZAKAI2007-07-241-0/+19