summaryrefslogtreecommitdiffstats
path: root/include
Commit message (Collapse)AuthorAgeFilesLines
* extensions: Add AUDIT targetPhil Sutter2019-04-031-0/+30
| | | | | | | | | This is a barn find from Fedora package, actually spooking around in various places in the internet. No idea who wrote it, but it seems to be used. So add it for the time being. Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* ebtables: legacy renamingArturo Borrero Gonzalez2018-12-051-1/+1
| | | | | | | | | | | | | The original ebtables tool is now the legacy version, let's rename it. A more uptodate client of the ebtables tool is provided in the iptables tarball (ebtables-nft). The new tool was formerly known as ebtables-compat. The new -legacy binary has no problem if called via a symlink with the 'ebtables' name, so users can still name this binary with whatever name. Signed-off-by: Arturo Borrero Gonzalez <arturo@netfilter.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* extensions: use __attribute__((constructor)) for autoregistrationJan Engelhardt2018-07-021-0/+2
| | | | | | | | | | | The ebtables initialization is easier, and, judging from the "static" recipe in Makefile, that calling ebt_*_register ahead of main is safe. This means that a static build won't need the pseudomain hack, and that -nostartfiles can also go away. Signed-off-by: Florian Westphal <fw@strlen.de>
* build: update ebtables.h from kernel and drop local unused copyJan Engelhardt2018-06-063-295/+20
| | | | | | | | | | | | Revert 66a97018a31eed416c6a25d051ea172e4d65be1b partly so as to use <linux/netfilter_bridge/ebtables.h> again and import a new ebtables.h from the kernel tree that has the "revision" field. With this, include/ebtables.h is (again) used by no source file, and so can be removed. Signed-off-by: Jan Engelhardt <jengelh@inai.de> Signed-off-by: Florian Westphal <fw@strlen.de>
* ebtables: Fix build errors and warningsDuncan Roe2018-05-151-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Since commit b1cdae87f25021eb835872d86d6e7206bd421c3f, make fails thusly: > libebtc.c: In function 'ebt_reinit_extensions': > libebtc.c:275:11: error: 'union <anonymous>' has no member named 'revision' > m->m->u.revision = m->revision; > ^ > libebtc.c: In function 'ebt_check_rule_exists': > libebtc.c:555:21: error: 'union <anonymous>' has no member named 'revision' > m_l2->m->u.revision != m->m->u.revision)) { > ^ > libebtc.c:555:41: error: 'union <anonymous>' has no member named 'revision' > m_l2->m->u.revision != m->m->u.revision)) { > ^ > libebtc.c: In function 'ebt_register_match': > libebtc.c:1215:9: error: 'union <anonymous>' has no member named 'revision' > m->m->u.revision = m->revision; > ^ The cause of this failure is that the commit updated include/ebtables.h but libebtc.c uses include/linux/netfilter_bridge/ebtables.h via include/ebtables_u.h (gcc -E -C verifies this). The 2 versions of ebtables.h looked to me to be otherwise close enough, so amended ebtables_u.h to use the newer one. Makefile insists on being warning-free, so cleared up warnings. Apart from unused variables, there was also the issue that the diagnostic macro ebt_print_error2 *returns* (i.e. makes its caller return) and returns -1. This is unsuitable for use in functions which do not return a value, so introduced ebt_print_error3 to do this. Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au> Signed-off-by: Florian Westphal <fw@strlen.de>
* include: Fix musl libc compatibilityBaruch Siach2018-05-081-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | Conflicting definitions of struct ethhdr between the kernel and musl libc provides headers causes a build failure: In file included from .../usr/include/netinet/ether.h:8:0, from useful_functions.c:28: .../usr/include/netinet/if_ether.h:107:8: error: redefinition of ‘struct ethhdr’ struct ethhdr { ^~~~~~ In file included from include/linux/netfilter_bridge.h:8:0, from include/linux/netfilter_bridge/ebtables.h:17, from include/ebtables_u.h:27, from useful_functions.c:25: include/linux/if_ether.h:119:8: note: originally defined here struct ethhdr { ^~~~~~ Recent enough versions kernel headers allow the libc to suppress conflicting kernel definitions. Include the libc proivded netinet/ether.h before kernel headers to suppress the conflicting definition of struct ethhdr. Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* extensions: Add string filter to ebtablesBernie Harris2018-04-272-3/+14
| | | | | | | | | | | | | | | | | | | | This patch is part of a proposal to add a string filter to ebtables, which would be similar to the string filter in iptables. Like iptables, the ebtables filter uses the xt_string module, however some modifications have been made for this to work correctly. Currently ebtables assumes that the revision number of all match modules is 0. The xt_string module doesn't register a match with revision 0 so the solution is to modify ebtables to allow extensions to specify a revision number, similar to iptables. This gets passed down to the kernel, which is then able to find the match module correctly. Signed-off-by: Bernie Harris <bernie.harris@alliedtelesis.co.nz> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* Move ICMP type handling functions from ebt_ip6 to useful_functions.cMatthias Schiffer2018-04-111-1/+16
| | | | | | | Allow using these functions for ebt_ip as well. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* include: sync linux/netfilter_bridge/ebt_ip.h with kernelMatthias Schiffer2018-04-111-3/+13
| | | | | Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* ethernetdb.h: Remove C++ specific compiler hint macro _THROWFelix Janda2015-05-211-6/+5
| | | | | | | Fixes compilation with musl libc Signed-off-by: Felix Janda <felix.janda@posteo.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* Add kernel headers needed from v3.16Pedro Alvarez2015-03-0220-0/+860
| | | | | | | | | | | | | | Ebtables fails to compile with versions of the linux headers greater than v3.16 with this error: extensions/ebt_ulog.c:17:45: fatal error: linux/netfilter_bridge/ebt_ulog.h: No such file or directory #include <linux/netfilter_bridge/ebt_ulog.h> This patch adds netfilter_bridge headers for every supported extension, including filter.h and types.h, to avoid this problem and future problems with changes in the kernel headers. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* don't print IPv6 mask if it's all ones (based on patch by Mariusz Mazur ↵Bart De Schuymer2014-04-141-0/+1
| | | | <mmazur at axeos.com>)
* remove definition of __EXPORTED_HEADERS__: we use sanitized header files nowBart De Schuymer2011-08-111-1/+0
|
* export use_lockfdBart De Schuymer2011-06-191-0/+2
|
* extend ebt_ip6 to allow matching on ipv6-icmp types/codes (by Florian Westphal)Bart De Schuymer2011-01-181-0/+4
|
* define __EXPORTED_HEADERS__ so we don't get warnings about: Attempt to use ↵Bart De Schuymer2010-12-181-0/+1
| | | | kernel headers from user space
* fix alignment on userspace32-kernel64 systems (Sachin Sanap)Bart De Schuymer2009-06-211-1/+2
|
* Kuo-Lang Tseng et al: add ipv6 supportBart De Schuymer2008-02-211-0/+4
|
* add EBT_VERDICT_BITSBart De Schuymer2006-12-171-0/+4
|
* remove unsigned char * warning with gcc 4.0Bart De Schuymer2006-01-231-3/+3
|
* allow SCTP/DCCP (Patrick McHardy)Bart De Schuymer2006-01-231-0/+7
|
* *** empty log message ***Bart De Schuymer2005-10-021-2/+2
|
* minor changesBart De Schuymer2005-10-011-3/+3
|
* cleanupBart De Schuymer2005-09-281-1/+1
|
* put rules in doubly linked listBart De Schuymer2005-08-281-0/+1
|
* put reference to cc in each entryBart De Schuymer2005-08-281-7/+10
|
* make array of chainsBart De Schuymer2005-08-271-14/+7
|
* add change fieldBart De Schuymer2005-05-241-3/+2
|
* complete -c and -C implementationBart De Schuymer2005-02-141-0/+3
|
* general cleanup + add -C and -cBart De Schuymer2005-02-081-1/+21
|
* add new counter schemeBart De Schuymer2005-01-231-0/+1
|
* add ebtablesu scheme, along with general cleanupBart De Schuymer2005-01-191-5/+13
|
* add shared librariesBart De Schuymer2004-01-211-9/+10
|
* Make ebtables library functionsBart De Schuymer2004-01-141-38/+117
|
* *** empty log message ***Bart De Schuymer2003-07-251-31/+31
|
* *** empty log message ***Bart De Schuymer2003-07-241-3/+0
|
* *** empty log message ***Bart De Schuymer2003-07-231-0/+275
|
* support sparc64Bart De Schuymer2003-07-231-0/+5
|
* --atomic-commit should only try insmod when all else failsBart De Schuymer2003-05-041-0/+1
|
* use print_mac_and_mask()Bart De Schuymer2003-05-031-0/+2
|
* *** empty log message ***Bart De Schuymer2003-04-161-1/+2
|
* <dwhedon_at_debian.org> use __FUNCTION__ as argument instead of stringBart De Schuymer2003-01-191-2/+2
| | | | constant (deprecated).
* cosmetic changesBart De Schuymer2003-01-111-24/+34
|
* Changed database path: #define _PATH_ETHERTYPES "/etc/ethertypes"fnm32002-11-211-1/+1
|
* remove name_to_number and number_to_nameBart De Schuymer2002-11-201-2/+0
|
* *** empty log message ***Bart De Schuymer2002-11-201-0/+58
|
* remove name_to_number and number_to_nameBart De Schuymer2002-11-201-1/+1
|
* *** empty log message ***Bart De Schuymer2002-08-291-1/+1
|
* *** empty log message ***Bart De Schuymer2002-08-251-6/+6
|
* cosmetic improvements and some bugfixes (global description)Bart De Schuymer2002-08-131-2/+26
|