diff options
-rw-r--r-- | configure.ac | 8 | ||||
-rw-r--r-- | extensions/libxt_CT.c | 8 | ||||
-rw-r--r-- | extensions/libxt_conntrack.man | 4 | ||||
-rw-r--r-- | extensions/libxt_iprange.c | 8 | ||||
-rw-r--r-- | extensions/libxt_state.man | 3 |
5 files changed, 25 insertions, 6 deletions
diff --git a/configure.ac b/configure.ac index f26facba..e8fe0318 100644 --- a/configure.ac +++ b/configure.ac @@ -37,6 +37,11 @@ AC_ARG_ENABLE([ipv4], AC_ARG_ENABLE([ipv6], AS_HELP_STRING([--disable-ipv6], [Do not build ip6tables]), [enable_ipv6="$enableval"], [enable_ipv6="yes"]) +AC_ARG_ENABLE([largefile], + AS_HELP_STRING([--disable-largefile], [Do not build largefile support]), + [enable_largefile="$enableval"], + [enable_largefile="yes"; + largefile_cflags='-D_LARGEFILE_SOURCE=1 -D_LARGE_FILES -D_FILE_OFFSET_BITS=64']) AC_ARG_ENABLE([devel], AS_HELP_STRING([--enable-devel], [Install Xtables development headers]), @@ -59,6 +64,7 @@ AM_CONDITIONAL([ENABLE_STATIC], [test "$enable_static" = "yes"]) AM_CONDITIONAL([ENABLE_SHARED], [test "$enable_shared" = "yes"]) AM_CONDITIONAL([ENABLE_IPV4], [test "$enable_ipv4" = "yes"]) AM_CONDITIONAL([ENABLE_IPV6], [test "$enable_ipv6" = "yes"]) +AM_CONDITIONAL([ENABLE_LARGEFILE], [test "$enable_largefile" = "yes"]) AM_CONDITIONAL([ENABLE_DEVEL], [test "$enable_devel" = "yes"]) AM_CONDITIONAL([ENABLE_LIBIPQ], [test "$enable_libipq" = "yes"]) @@ -66,7 +72,7 @@ PKG_CHECK_MODULES([libnfnetlink], [libnfnetlink >= 1.0], [nfnetlink=1], [nfnetlink=0]) AM_CONDITIONAL([HAVE_LIBNFNETLINK], [test "$nfnetlink" = 1]) -regular_CFLAGS="-D_LARGEFILE_SOURCE=1 -D_LARGE_FILES -D_FILE_OFFSET_BITS=64 \ +regular_CFLAGS="${largefile_cflags} \ -D_REENTRANT -Wall -Waggregate-return -Wmissing-declarations \ -Wmissing-prototypes -Wredundant-decls -Wshadow -Wstrict-prototypes \ -Winline -pipe \ diff --git a/extensions/libxt_CT.c b/extensions/libxt_CT.c index 0b40fc61..6be6ea05 100644 --- a/extensions/libxt_CT.c +++ b/extensions/libxt_CT.c @@ -67,9 +67,9 @@ static uint32_t ct_parse_events(const struct event_tbl *tbl, unsigned int size, strcpy(str, events); while ((t = strsep(&e, ","))) { for (i = 0; i < size; i++) { - if (strcmp(t, tbl->name)) + if (strcmp(t, tbl[i].name)) continue; - mask |= 1 << tbl->event; + mask |= 1 << tbl[i].event; break; } @@ -150,6 +150,8 @@ static void ct_print(const void *ip, const struct xt_entry_target *target, int n if (info->exp_events) ct_print_events("expevents", exp_event_tbl, ARRAY_SIZE(exp_event_tbl), info->exp_events); + if (info->zone) + printf("zone %u ", info->zone); } static void ct_save(const void *ip, const struct xt_entry_target *target) @@ -167,6 +169,8 @@ static void ct_save(const void *ip, const struct xt_entry_target *target) if (info->exp_events) ct_print_events("--expevents", exp_event_tbl, ARRAY_SIZE(exp_event_tbl), info->exp_events); + if (info->zone) + printf("--zone %u ", info->zone); } static struct xtables_target ct_target = { diff --git a/extensions/libxt_conntrack.man b/extensions/libxt_conntrack.man index b3d9e730..ec51ef53 100644 --- a/extensions/libxt_conntrack.man +++ b/extensions/libxt_conntrack.man @@ -55,6 +55,10 @@ in both directions, meaning that the packet is starting a new connection, but is associated with an existing connection, such as an FTP data transfer, or an ICMP error. .TP +\fBUNTRACKED\fR +meaning that the packet is not tracked at all, which happens if you use +the NOTRACK target in raw table. +.TP \fBSNAT\fR A virtual state, matching if the original source address differs from the reply destination. diff --git a/extensions/libxt_iprange.c b/extensions/libxt_iprange.c index b28a635a..55a2f84b 100644 --- a/extensions/libxt_iprange.c +++ b/extensions/libxt_iprange.c @@ -108,7 +108,8 @@ static int iprange_parse(int c, char **argv, int invert, unsigned int *flags, if (invert) info->flags |= IPRANGE_SRC_INV; iprange_parse_range(optarg, range, NFPROTO_IPV4, "--src-range"); - + info->src.min_ip = range[0].ip; + info->src.max_ip = range[1].ip; break; case '2': @@ -122,8 +123,9 @@ static int iprange_parse(int c, char **argv, int invert, unsigned int *flags, if (invert) info->flags |= IPRANGE_DST_INV; - iprange_parse_range(optarg, range, NFPROTO_IPV4, "--src-range"); - + iprange_parse_range(optarg, range, NFPROTO_IPV4, "--dst-range"); + info->dst.min_ip = range[0].ip; + info->dst.max_ip = range[1].ip; break; default: diff --git a/extensions/libxt_state.man b/extensions/libxt_state.man index b5e719a4..37d095bc 100644 --- a/extensions/libxt_state.man +++ b/extensions/libxt_state.man @@ -19,3 +19,6 @@ directions, and meaning that the packet is starting a new connection, but is associated with an existing connection, such as an FTP data transfer, or an ICMP error. +.B UNTRACKED +meaning that the packet is not tracked at all, which happens if you use +the NOTRACK target in raw table. |