summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
| * | extensions: libxt_DSCP: add unit testPablo Neira Ayuso2013-10-071-0/+11
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libxt_TOS: add unit testPablo Neira Ayuso2013-10-071-0/+16
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libxt_TRACE: add unit testPablo Neira Ayuso2013-10-071-0/+3
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libipt_ECN: add unit testPablo Neira Ayuso2013-10-071-0/+5
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libxt_standard: add unit testPablo Neira Ayuso2013-10-071-0/+4
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libipt_MASQUERADE: add unit testPablo Neira Ayuso2013-10-071-0/+8
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libxt_NOTRACK: add unit testPablo Neira Ayuso2013-10-071-0/+4
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libxt_sctp: add unit testPablo Neira Ayuso2013-10-071-0/+32
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libipt_REJECT: add unit testPablo Neira Ayuso2013-10-071-0/+9
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libxt_mark: add unit testPablo Neira Ayuso2013-10-071-0/+7
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libxt_nfacct: add unit testPablo Neira Ayuso2013-10-071-0/+10
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libxt_rateest: add unit testPablo Neira Ayuso2013-10-071-0/+16
| | | | | | | | | | | | | | | | | | based on tests/options-most.rules Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libxt_string: add unit testPablo Neira Ayuso2013-10-071-0/+18
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libxt_state: add unit testPablo Neira Ayuso2013-10-071-0/+6
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libxt_CT: add unit testPablo Neira Ayuso2013-10-071-0/+20
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libxt_pkttype: add unit testPablo Neira Ayuso2013-10-071-0/+6
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libipt_ttl.t: add unit testPablo Neira Ayuso2013-10-071-0/+15
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libxt_NFQUEUE: add unit testPablo Neira Ayuso2013-10-071-0/+12
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libipt_icmp: add unit testPablo Neira Ayuso2013-10-071-0/+15
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libxt_helper: add unit testPablo Neira Ayuso2013-10-071-0/+6
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libxt_esp: add unit testPablo Neira Ayuso2013-10-071-0/+9
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libxt_dccp: add unit testPablo Neira Ayuso2013-10-071-0/+30
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libxt_NFLOG: add unit testPablo Neira Ayuso2013-10-071-0/+19
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libxt_tos: add unit testPablo Neira Ayuso2013-10-071-0/+13
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libxt_tcp: add unit testPablo Neira Ayuso2013-10-071-0/+26
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libxt_udp: add unit testPablo Neira Ayuso2013-10-071-0/+22
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libxt_length: add unit testPablo Neira Ayuso2013-10-071-0/+10
| | | | | | | | | | | | | | | | | | based on tests/options-most.rules Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libxt_time: add unit testPablo Neira Ayuso2013-10-071-0/+4
| | | | | | | | | | | | | | | | | | based on tests/options-most.rules Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libxt_hashlimit: add unit testPablo Neira Ayuso2013-10-071-0/+26
| | | | | | | | | | | | | | | | | | based on tests/options-most.rules Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libxt_CONNMARK: add unit testPablo Neira Ayuso2013-10-071-0/+7
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libxt_connmark: add unit testPablo Neira Ayuso2013-10-071-0/+9
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libxt_connlimit: add unit testPablo Neira Ayuso2013-10-071-0/+16
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libxt_connbytes: add unit testPablo Neira Ayuso2013-10-071-0/+21
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libxt_CLASSIFY: add unit testPablo Neira Ayuso2013-10-071-0/+9
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libxt_CHECKSUM: add unit testPablo Neira Ayuso2013-10-071-0/+4
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libxt_AUDIT: add unit testPablo Neira Ayuso2013-10-071-0/+6
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libxt_comment: add unit testPablo Neira Ayuso2013-10-071-0/+12
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libxt_cluster: add unit testPablo Neira Ayuso2013-10-071-0/+10
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libip6t_LOG: add unit testPablo Neira Ayuso2013-10-071-0/+12
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libxt_addrtype: add unit testPablo Neira Ayuso2013-10-071-0/+17
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libipt_LOG: add unit testPablo Neira Ayuso2013-10-071-0/+12
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libip6t_ah: add unit testPablo Neira Ayuso2013-10-071-0/+14
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libipt_ah: add unit testPablo Neira Ayuso2013-10-071-0/+12
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | add iptables unit test infrastructurePablo Neira Ayuso2013-10-071-0/+311
| | | | | | | | | | | | | | | | | | This patch adds a python script to verify unit test cases. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* | | iptables-compat: get rid of error reporting via perrorPablo Neira Ayuso2014-09-303-85/+35
| | | | | | | | | | | | | | | | | | The compat layer should report problems in the iptables way instead. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* | | iptables-compat: fix use after free in the batch send pathPablo Neira Ayuso2014-09-301-8/+19
| | | | | | | | | | | | | | | | | | Release the batch pages once they have been sent via sendmsg(). Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* | | iptables-compat: nft: use nft_batch_begin and nft_batch_end from libnftnlPablo Neira Ayuso2014-09-301-21/+5
| | | | | | | | | | | | | | | | | | Use the existing functions in libnftnl to begin and end a batch. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* | | iptables-compat: fix address prefixPablo Neira Ayuso2014-09-305-111/+196
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch fixes: # iptables-compat -I INPUT -s 1.2.3.0/24 generates this bytecode: ip filter INPUT 20 [ payload load 4b @ network header + 12 => reg 1 ] [ bitwise reg 1 = (reg=1 & 0x00ffffff ) ^ 0x00000000 ] [ cmp eq reg 1 0x00030201 ] [ counter pkts 0 bytes 0 ] and it displays: # iptables-compat-save ... -A INPUT -s 1.2.3.0/24 ip6tables-compat and arptables-compat are also fixed. This patch uses the new context structure to annotate payload, meta and bitwise, so it interprets the cmp expression based on the context. This provides a rudimentary way to delinearize the iptables-compat rule-set, but it should be enough for the built-in xtables selectors since we still use the xtables extensions. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* | | extensions: libxt_devgroup: Fix the path of the group mappings fileAna Rey2014-09-191-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | Use "/etc/iproute2/group" as the default path to the mapping file instead of "/etc/iproute2/group_map". Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* | | extensions: libxt_connlabel: do not open config file from _init hookFlorian Westphal2014-09-051-7/+20
| | | | | | | | | | | | | | | | | | | | | | | | else, static builds will print this for every iptables invocation, even 'iptables -L'. Delay open until we need to translate a mapping. Reported-by: Thomas De Schampheleire <patrickdepinguin@gmail.com> Signed-off-by: Florian Westphal <fw@strlen.de>