| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
| |
postprocessing
Kill payload protocol expressions like "ip protocol tcp" if a higher layer
payload expression already implies this, like "tcp dport 22".
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
|
|
|
| |
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
|
|
|
|
|
|
| |
This fixes compilation with gcc-4.7
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
| |
Fix invalid register use when parsing NAT statements and handle range expressions
during postprocessing. When linearizing, allocate all registers for both proto and
address expressions at once to avoid double use.
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
|
|
|
|
|
|
| |
The RHS needs to be postprocessed before updating the payload context
for byteorder conversion. Fixes iiftype match reconstruction.
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The byteorder of the RHS of a binop must be set before post-processing it to
make sure it will get byteorder-switched if necessary.
Fixes invalid conntrack expression states when used with bitmasks:
ct state 33554432,67108864 counter packets 1924 bytes 142960
=>
ct state established,related counter packets 2029 bytes 151508
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
|
|
|
|
|
|
| |
mpz_scan1() needs to begin scanning at bit 0 and the loop must accept
bit 0 as valid. No more bits were found when ULONG_MAX is returned.
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
|
|
|
| |
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
|
|
|
|
|
|
| |
Move the data related function to netlink.c as they're going to be needed
outside of rule context for set maintenance.
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
|
|