summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
| * | Merge branch 'stable'Pablo Neira Ayuso2011-09-281-0/+1
| |\ \
| * | | Improve readability of bitwise operationThomas Jarosch2011-09-281-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | CLUSTERIP: improve readability of bitwise operation Signed-off-by: Thomas Jarosch <thomas.jarosch@intra2net.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | | Merge branch 'stable'Jan Engelhardt2011-09-197-23/+30
| |\ \ \
| * | | | ip6tables-restore: make code look alike with iptables-restoreJan Engelhardt2011-09-112-33/+30
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * | | | libiptc: use a family-invariant xtc_ops struct for code reductionJan Engelhardt2011-09-117-2/+33
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * | | | src: resolve old macro names that are indirectionsJan Engelhardt2011-09-1113-130/+128
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Command used: git grep -f <(pcregrep -hior '(?<=#define\s)IP6?(T_\w+)(?=\s+X\1)' include/) and then fix all occurrences. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * | | | libiptc: combine common types: _handleJan Engelhardt2011-09-1116-130/+122
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | No real API/ABI change incurred, since the definition of the structs' types is not visible anyhow. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * | | | libiptc: replace ipt_chainlabel by xt_chainlabelJan Engelhardt2011-09-118-76/+76
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * | | | libiptc: combine common typesJan Engelhardt2011-09-114-3/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Make an xt_chainlabel type out of ipt_chainlabel and ip6t_chainlabel, and add backward-API #defines. The ABI naturally does not change either, so no soversion bump. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * | | | libiptc: remove unused HOOK_DROPPING thingJan Engelhardt2011-09-112-15/+0
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * | | | iptables-save: remove binary dumping dead codeJan Engelhardt2011-09-112-92/+68
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Was never implemented, kill it. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * | | | libiptc: resolve compile failureJan Engelhardt2011-09-111-20/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | CC libip4tc.lo In file included from libip4tc.c:118:0: libiptc.c:70:8: error: redefinition of "struct xt_error_target" ../include/linux/netfilter/x_tables.h:69:8: note: originally defined here Remove libiptc's duplicate definition and substitute names. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * | | | Merge branch 'stable'Jan Engelhardt2011-09-114-9/+23
| |\ \ \ \
| * \ \ \ \ Merge branch 'master' of git://dev.medozas.de/iptablesJan Engelhardt2011-09-0843-324/+543
| |\ \ \ \ \
| | * | | | | include: refresh include files from kernel 3.1-rc3Jan Engelhardt2011-08-3140-292/+475
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| | * | | | | libxt_addrtype: add support for revision 1Jan Engelhardt2011-08-282-32/+68
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Rev 1 was added to the kernel in commit v2.6.39-rc1~468^2~10^2~1 but there was no corresponding iptables patch so far. Cc: Florian Westphal <fw@strlen.de> Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| | * | | | | libxt_addrtype: rename from libipt_addrtypeJan Engelhardt2011-08-282-0/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* | | | | | | libiptc: provide separate pkgconfig filesJan Engelhardt2011-12-186-7/+27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* | | | | | | doc: clarification on the meaning of -p 0Jan Engelhardt2011-12-182-7/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* | | | | | | libipt_SAME: set PROTO_RANDOM on all rangesJan Engelhardt2011-11-303-24/+34
| |_|_|_|_|/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Resolve the (justified) WTF remark to a clearer version of when/why PROTO_RANDOM needs to be set. Especially when --random is used before --to in SAME, it would have not been appleid.
* | | | | | libxt_NFQUEUE: fix --queue-bypass ipt-save outputFlorian Westphal2011-11-012-1/+3
| |_|_|_|/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | else, this will print "--queue-num 0--queue-bypass ". Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* | | | | libxtables: Fix file descriptor leak in xtables_lmap_init on errorThomas Jarosch2011-09-281-0/+1
| |_|_|/ |/| | | | | | | | | | | | | | | Signed-off-by: Thomas Jarosch <thomas.jarosch@intra2net.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* | | | build: make check stage not fail when building staticallyJan Engelhardt2011-09-191-2/+2
| | | | | | | | | | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* | | | build: restore build order of modulesJan Engelhardt2011-09-197-21/+28
| |_|/ |/| | | | | | | | | | | | | | | | | | | | iptables(exe) requires libext.a, but extensions/ require libxtables.la (in iptables/). This circular dependency does not work out, so separate libxtables into its own directory and put it in front. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* | | doc: document iptables-restore's -T optionJan Engelhardt2011-09-082-1/+7
| | | | | | | | | | | | | | | | | | Commit v1.4.0-rc1-12-ge8665f8 completely forgot this. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* | | ip6tables-restore: implement missing -T optionJan Engelhardt2011-09-081-1/+10
| | | | | | | | | | | | | | | | | | | | | Commit v1.4.0-rc1-12-ge8665f8 forgot to port the change to the ip6tables part. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* | | doc: fix undesired newline in ip6tables-restore(8)Jan Engelhardt2011-09-081-1/+0
| | | | | | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* | | build: sort file list before buildJan Engelhardt2011-09-081-6/+6
|/ / | | | | | | | | | | | | | | | | Manpage subsections are already sorted for obvious reasons. Since $(wildcard) can actually return results unordered (just what the OS can do) do the sorting with the .o file list too, for developer comfort. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* | Merge branch 'stable'Jan Engelhardt2011-09-088-33/+51
|\ \
| * | libxt_CONNSECMARK: fix spacing in outputTom Eastep2011-09-051-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | ~# iptables -t mangle -A foo -j CONNSECMARK --save ~# iptables -t mangle -S [...] -A foo -j CONNSECMARK--save Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * | iptables: move kernel version find routing into libxtablesJan Engelhardt2011-09-036-28/+28
| | | | | | | | | | | | | | | | | | | | | | | | That way, the remaining unreferenced symbols that do appear in libipt_DNAT and libipt_SNAT as part of the new check can be resolved, and the ugly -rdynamic hack can finally be removed. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * | build: scan for unreferenced symbolsJan Engelhardt2011-09-031-1/+10
| | | | | | | | | | | | | | | | | | | | | To be notified of occurrences where we are missing any libraries, run some ldd checks post building. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * | libxt_RATEEST: link with -lmJan Engelhardt2011-09-031-0/+1
| | | | | | | | | | | | | | | | | | | | | $ ldd -r libxt_RATEEST.so undefined symbol: log (./libxt_RATEEST.so) Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * | libxt_statistic: link with -lmJan Engelhardt2011-09-032-3/+11
| |/ | | | | | | | | | | | | | | $ ldd -r libxt_statistic.so undefined symbol: lround (./libxt_statistic.so) References: https://bugs.archlinux.org/task/25358 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* | Merge branch 'stable' of git://dev.medozas.de/iptablesJan Engelhardt2011-09-053-7/+18
|\| | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * xtoptions: simplify xtables_parse_interfaceRichard Weinberger2011-08-271-3/+1
| | | | | | | | | | | | | | mask is already filled with zeros, there is no need to zero it again. References: http://marc.info/?l=netfilter-devel&m=131445196526269&w=2 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxt_conntrack: improve error message on parsing violationTom Eastep2011-08-271-4/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Tom Eastep noted: $ iptables -A foo -m conntrack --ctorigdstport 22 iptables v1.4.12: conntrack rev 2 does not support port ranges Try `iptables -h' or 'iptables --help' for more information. Commit v1.4.12-41-g1ad6407 takes care of the actual cause of the bug, but let's include Tom's patch nevertheless for the better error message in case one actually does specify a range with rev 2. References: http://marc.info/?l=netfilter-devel&m=131370592105298&w=2 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * xtoptions: fill in fallback value for nvalsJan Engelhardt2011-08-271-0/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | Parsing for libxt_conntrack rev 2 is done by using rev 2's option structure, which specifies XTTYPE_PORT, and using rev 3's parser skeleton, which uses cb->nvals. Reading cb->nvals when not using XTTYPE_PORTRC (or any other multi-value type) is undefined behavior. Make it defined. Since XTTYPE_NONE is the only type that can take void, nvals logically ought to be 1. References: http://marc.info/?l=netfilter-devel&m=131370592105298&w=2 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* | Bump version to 1.4.12.1v1.4.12.1Pablo Neira Ayuso2011-09-011-1/+1
|/ | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* libxt_TOS: update linux kernel version list for backported fixFernando Luis Vázquez Cao2011-08-261-4/+4
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxt_string: escape the escaping char tooJan Engelhardt2011-08-262-1/+5
| | | | | References: http://bugzilla.netfilter.org/show_bug.cgi?id=740 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* src: remove unused IPTABLES_MULTI defineJan Engelhardt2011-08-268-38/+1
| | | | | | This dead code has been lingering around since commit v1.4.5~7. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxt_string: replace hex codes by char equivalentsJan Engelhardt2011-08-251-3/+3
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxt_string: simplify hex output routineJan Engelhardt2011-08-251-7/+2
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxt_hashlimit: observe new default gc-expire time when savingJan Engelhardt2011-08-212-13/+21
| | | | | | | | Since a while, --htable-gc-expire defaults to the chosen time quantum instead of 10 fixed seconds, which leads the expiry value to be always printed, which is redundant. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* tests: add negation tests for libxt_statisticJan Engelhardt2011-08-211-0/+4
| | | | | | | Note: it is valid to check cb->invert before calling xtables_option_parse. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxt_policy: remove superfluous inversionJan Engelhardt2011-08-211-2/+1
| | | | | | --dir cannot be inverted. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxt_physdev: restore inversion supportJan Engelhardt2011-08-212-3/+6
| | | | | | | | Bug origin is in commit v1.4.11~26^2~4. References: Dave Täht via netfilter-devel on 2011-08-20 14:40:11 -0700 References: <CAA93jw6mpDL6rLXM+9SpAhafkDdKoSfhAxU8UM87vUqjuzjYJw@mail.gmail.com> Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxt_owner: restore inversion supportJan Engelhardt2011-08-212-1/+3
| | | | | | | | Bug origin is in commit v1.4.11~16^2~7. References: Dave Täht via netfilter-devel on 2011-08-20 14:40:11 -0700 References: <CAA93jw6mpDL6rLXM+9SpAhafkDdKoSfhAxU8UM87vUqjuzjYJw@mail.gmail.com> Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libipt_ttl: document that negation is availableJan Engelhardt2011-08-212-2/+2
| | | | | | Glitch since commit v1.2.1~75. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>