summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Fix make/compile error for iptables-1.4.0rc1Jesper Brouer2007-11-253-2/+616
| | | | | | | | | | | | | | | | | | | Fixing a make/compile issue with iptables, release candidate 1.4.0rc1, which has existed since SVN changeset 6920. This patch adds ip_tables.h and ip6_tables.h, and updates x_tables.h, taken from Linus'es git tree. Changeset 6920 added the include file x_tables.h from kernel source, but didn't add ip_tables.h and ip6_tables.h. At some point (Tue Nov 14 19:48:48 2006, by Yasuyuki Kozakai) these kernel headers where changed, which actually removes certain depencencies from ip_tables.h and ip6_tables.h to x_tables.h. If compiling will fail, with old kernel headers (ip_tables.h and ip6_tables.h) available in systems include path, because they depend on certaine defines in x_tables.h with is missing in the version in SVN. Jesper Brouer <jdb@comx.dk>
* PATCH - Fix for --random option in DNAT and REDIRECTTom Eastep2007-11-152-1/+2
| | | | | | | The --random option produces "Unknown arg `--random'" errors with both the DNAT and REDIRECT targets. Corrected by the attached patch. Tom Eastep <teastep@shorewall.net>
* Document xt_statistic (Stefano Sabatini <stefano.sabatini-lala@poste.it>)Stefano Sabatini2007-11-121-0/+30
|
* iptables-edit: iptables-edit: adds --table to iptables-restorePeter Warasin2007-11-051-1/+11
| | | | | | adds --table to iptables-restore which allows to restore only the supplied table Signed-off-by: Peter Warasin <peter@endian.com>
* let DO_MULTI=1 work for ip6tables* binaries part 2Hann-Huei Chiou2007-10-311-0/+31
| | | | | | | Sorry forgot to mention that the "ip6tables-multi.c" (in the patch) which is not in the repository has to be manually added. Hann-huei Chiou <koala@ascenvision.com>
* Introducing libxt_*.man files. Sorted matches and modulesLászló Attila Tóth2007-10-312-33/+103
| | | | | | | | | | | The iptables.8 and ip6tables.8 man pages are now generated from libxt_*.man files too. For xtables modules one man page is enough with libxt_ prefix. The match and target lists are sorted alphabetically. The make command doesn't print anything when creates man pages. Signed-off-by: Laszlo Attila Toth <panther@balabit.hu>
* let DO_MULTI=1 work for ip6tables* binariesHann-Huei Chiou2007-10-234-0/+33
| | | | | | | | When defining DO_MULTI=1 in Makefile, only iptables is built as a single multipurpose binary. This patch makes ip6tables also be built in the same manner. Hann-huei Chiou <koala@ascenvision.com>
* Transfer all my copyright over to our company.Jan Engelhardt2007-10-202-2/+5
| | | | Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
* Don't silenty exit on failure to open /proc/net/{ip,ip6}_tables_namesVictor Stinner2007-10-182-2/+6
| | | | Victor Stinner <victor.stinner@inl.fr>
* Fix the compile warning fixPatrick McHardy2007-10-181-2/+2
| | | | | | | | According to Jan: While the fields of struct xt_time are uints, the defined time_t span is by definition 0..231-1, i.e. it should be INT_MAX, not UINT_MAX.
* Fix compiler warning on 64 bit: date_stop is an u_int32_t, so use UINT_MAX ↵Patrick McHardy2007-10-181-2/+2
| | | | instead of LONG_MAX
* extension/sctp: fix - mistake to pass a pointer where array is requiredLi Zefan2007-10-181-12/+9
| | | | | | | Macros like SCTP_CHUNKMAP_XXX(chukmap) require chukmap to be an array, but print_chunks() passes a pointer to these macros. Li Zefan <lizf@cn.fujitsu.com>
* [PATCH iptables] print warnings to stderrMax Kellermann2007-10-173-12/+16
| | | | | | | | iptables prints some of its error messages and warnings to stdout. This patch applies to svn r7075 and will make iptables print diagnostic messages to stderr instead. Signed-off-by: Max Kellermann <max@duempel.org>
* Install ip6tables-{save,restore} manpagesPatrick McHardy2007-10-171-1/+1
|
* Fix sscanf type errorsPatrick McHardy2007-10-174-22/+29
|
* Add ip6tables-{save,restore} to non-experimental target, fix strict aliasing ↵Patrick McHardy2007-10-162-3/+7
| | | | warnings
* bump version to 1.4.0rc1v1.4.0-rc1Pablo Neira Ayuso2007-10-151-2/+2
|
* make print-extensions doesn't show libxt_* extensionsSebastian Claßen2007-10-081-0/+1
| | | | | | | | In extensions/Makefile the variable PFX_EXT_SLIB_OPTS is not appended to OPTIONALS, therefor 'make print-extensions' doesn't show any optional libxt_* extension. Sebastian Claßen <sebastian.classen@freenet.ag>
* Unique symbols and no '&' charactersLászló Attila Tóth2007-10-082-56/+56
| | | | | | | Removing '&' from .._match and ..._target variables. Give all symbols unique names. Signed-off-by: Laszlo Attila Toth
* Remove redundant dst/hbh linesJan Engelhardt2007-10-042-61/+38
| | | | | | | Remove hbh stuff from libip6t_dst, remove dst stuff from libip6t_hbh. Signed-off-by: Jan Engelhardt <jengelh@gmx.de>
* Unique symbols 6/6Jan Engelhardt2007-10-043-67/+48
| | | | | | | | | | | Give symbols of libxt targets unique names (3/3). Adds unique prefixes to all functions (most of them - especially the hook functions) so that debugging programs can unambiguously map a symbol to an address. Also unifies the names of the xtables_match/xtables_target structs, (based upon libxt_connmark.c/libip6t_*.c). Signed-off-by: Jan Engelhardt <jengelh@gmx.de>
* Unique names 5/6Jan Engelhardt2007-10-0414-297/+220
| | | | | | | | | | | Give symbols of libxt matches unique names (3/3). Adds unique prefixes to all functions (most of them - especially the hook functions) so that debugging programs can unambiguously map a symbol to an address. Also unifies the names of the xtables_match/xtables_target structs, (based upon libxt_connmark.c/libip6t_*.c). Signed-off-by: Jan Engelhardt <jengelh@gmx.de>
* Unique names 4/6Jan Engelhardt2007-10-0415-329/+242
| | | | | | | | | | | Give symbols of libxt targets unique names (2/3). Adds unique prefixes to all functions (most of them - especially the hook functions) so that debugging programs can unambiguously map a symbol to an address. Also unifies the names of the xtables_match/xtables_target structs, (based upon libxt_connmark.c/libip6t_*.c). Signed-off-by: Jan Engelhardt <jengelh@gmx.de>
* Unique names 3/6Jan Engelhardt2007-10-0415-339/+248
| | | | | | | | | | | Give symbols of libxt matches unique names (2/3). Adds unique prefixes to all functions (most of them - especially the hook functions) so that debugging programs can unambiguously map a symbol to an address. Also unifies the names of the xtables_match/xtables_target structs, (based upon libxt_connmark.c/libip6t_*.c). Signed-off-by: Jan Engelhardt <jengelh@gmx.de>
* Unique names 2/6Jan Engelhardt2007-10-0410-277/+234
| | | | | | | | | | | Give symbols of libxt targets unique names (1/3). Adds unique prefixes to all functions (most of them - especially the hook functions) so that debugging programs can unambiguously map a symbol to an address. Also unifies the names of the xtables_match/xtables_target structs, (based upon libxt_connmark.c/libip6t_*.c). Signed-off-by: Jan Engelhardt <jengelh@gmx.de>
* Unique symbols 1/6Jan Engelhardt2007-10-0426-709/+600
| | | | | | | | | | | Give symbols of libxt matches unique names (1/3). Adds unique prefixes to all functions (most of them - especially the hook functions) so that debugging programs can unambiguously map a symbol to an address. Also unifies the names of the xtables_match/xtables_target structs, (based upon libxt_connmark.c/libip6t_*.c). Signed-off-by: Jan Engelhardt <jengelh@gmx.de>
* No ipt in xtJan Engelhardt2007-10-041-1/+1
| | | | | | Cease using ipt_entry_match (replaced by xt_entry_match). Signed-off-by: Jan Engelhardt <jengelh@gmx.de>
* Constify data structuresJan Engelhardt2007-10-0412-13/+13
| | | | | | Constify more data structures. Make functions static. Signed-off-by: Jan Engelhardt <jengelh@gmx.de>
* Delete empty ->print() and ->save() functionsJan Engelhardt2007-10-044-33/+0
| | | | | | | Deletes empty ->print() and ->save() functions. ip[6]tables prints the trivial thing automatically. Signed-off-by: Jan Engelhardt <jengelh@gmx.de>
* Delete empty ->final_check() functionsJan Engelhardt2007-10-0434-218/+6
| | | | | | | Deletes empty ->final_check() functions, and makes ip[6]tables checks for NULL on these. Signed-off-by: Jan Engelhardt <jengelh@gmx.de>
* Delete empty ->init() functionsJan Engelhardt2007-10-0420-138/+0
| | | | | | | Deletes empty ->init() functions. ip[6]tables already checks for .init being NULL or not. Signed-off-by: Jan Engelhardt <jengelh@gmx.de>
* Remove stray NULLsJan Engelhardt2007-10-043-3/+3
| | | | | | | Mixing member accessors (non-named vs named) is not good. Remove stray NULL. Signed-off-by: Jan Engelhardt <jengelh@gmx.de>
* Addrtype match: renaming functionsLászló Attila Tóth2007-10-041-23/+23
| | | | | | | The function names in libipt_addrtype.c makes debugging hard, also I renamed them prefixed by 'addrtype_'. Laszlo attila toth <panther@balabit.hu>
* Couldn't load/find match `u32'Hann-Huei Chiou2007-09-281-0/+1
| | | | | | | | | | iptables (up to 0927 snapshot) keeps complaining of "Couldn't load (or find, if NO_SHARED_LIBS=1) match `u32'. After comparing with other libxt_*.c, I found that there's no member ".family" in the "u32_reg" structure, while ".family = AF_INET6" exists in "u32_reg6" Hann-Huei Chiou <koala@ascenvision.com>
* Add the libxt_time iptables matchJan Engelhardt2007-09-234-1/+599
| | | | | | | | | | | This is libipt_time from POM-ng enhanced by the following: * day-of-month support (for example "match on the 15th of each month") * inversion support for --weekdays and --monthdays * match against UTC or local timezone * a manpage Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
* Fix u32 warningsJan Engelhardt2007-09-191-13/+13
| | | | | | | | | | | warning: format '%ld' expects type 'long int', but argument 3 has type 'int'. With %u alone, you would get "but arg-start is long" warnings on x64. With %lu, you would get "but arg-start is int" on x86. Fix it up by explicitly deciding for one (%u and cast to unsigned int) and using that. Jan Engelhardt <jengelh@computergmbh.de>
* Adds u32 to iptables.Jan Engelhardt2007-09-105-1/+606
| | | | Signed-off-by: Jan Engelhardt <jengelh@gmx.de>
* Fix unused function warningPatrick McHardy2007-09-081-2/+1
|
* Fix more sparse warnings: non-C99 array declaration, incorrect function ↵Patrick McHardy2007-09-084-86/+84
| | | | prototypes
* Fix sparse warnings: non-ANSI function declarations, 0 used as pointerPatrick McHardy2007-09-0867-279/+279
|
* Makefile for man pages of xtables extensions (Laszlo Attila Toth ↵László Attila Tóth2007-09-061-10/+42
| | | | | | | | | | | | <panther@balabit.hu>) * no extra target/match by default :) * man page of fix modules (PF_EXT_SLIB etc.) plus optional (...SLIB_OPTS) modules generated, but not all. * because of the previous one I had to rename PF_EXT_SE_SLIB to PF_EXT_SELINUX_SLIB etc. as a non-optional variable, original PF_EXT_SE_SLIB gets the value of PF_EXT_SELINUX_SLIB if DO_SELINUX is set to 1.
* Remove unsupported connrate extensionPatrick McHardy2007-09-062-183/+0
|
* Build manpages for xtables extensions (Laszlo Attila Toth <panther@balabit.hu>)László Attila Tóth2007-09-051-4/+9
|
* Fix aligned_u64 type on 64 bit: its an unsigned long, not an unsigned long long.Patrick McHardy2007-09-052-10/+15
| | | | Fixes compiler warning in quota match.
* Fix strict aliasing warningsPatrick McHardy2007-09-054-9/+23
|
* Build IPv6 hbh/dst matches unconditionallyPatrick McHardy2007-09-053-3/+24
|
* Build IPv6 rt match unconditionallyPatrick McHardy2007-09-053-3/+34
|
* Build ipv6header match unconditionallyPatrick McHardy2007-09-053-3/+28
|
* Build IPv6 mh match unconditionallyPatrick McHardy2007-09-053-3/+16
|
* Resync header files and build IPv6 frag match unconditionallyPatrick McHardy2007-09-053-12/+1
|