| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
| |
strlen ran over the end of the string. Use strnlen to bound it.
Reference: http://bugs.debian.org/513516
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
|
|
| |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |\ |
|
| | |
| |
| |
| | |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| | |
| |
| |
| |
| |
| |
| | |
Addendum to commit v1.4.3-rc1-41-g77f48c2 where the macro users
got moved.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| | |
| |
| |
| | |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| | |
| |
| |
| | |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| | |
| |
| |
| | |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| | |
| |
| |
| | |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| | |
| |
| |
| |
| |
| | |
libxtables uses dlopen, so *it* has to use -ldl, not the main program.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Commit v1.4.3-rc1-47-g300e290 tried to consolidate the environment
variable presence checking code into xtables.c, but missed
adding IP6TABLES_LIB_DIR to libxtables.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Rename xtables_globals exit_error cb to exit_err and introduce
a very simple aliasing macro to point to it.
convert iptables, ip6tables and iptables_xml to use it.
Note iptables_xml does not have to define its own exit_error()
since it can use the basic one provided.
Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Replace direct exit_error() calls inside libxtables with
xt_params->exit_error().
With this change; i can now compile the useless app:
-----
#include <xtables.h>
int main(int argc, char **argv) {
return 0;
}
----
with "gcc useless.c -lxtables -ldl"
Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
convert ip6tables, iptables and iptables-xml to use
xtables_globals/xtables_set_params()
Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Introduce exit_error() as part of xtables_globals structure.
When an application registers its xtables_globals definition
and does not specify its exit_error() it gets assigned a
basic version
Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Introduce xtables_free_opts() an xtables variant of
free_opts() which uses xtables_globals already set
by xtables_set_params(). The end goal is to have all internal
references in xtables.c use xtables_free_opts() instead of
depending on external defined free_opts()
Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
introduce a new struct,xtables_globals, so as to
localize the globals used and help in symbol renames.
The applications must invoke xtables_set_params() before starting
to use any iptables APIs.
xtables_set_params() is intended to free xtables from depending
(as it does right now) on existence of such externally definitions
(from iptables/iptables6 etc). At the moment, xtables wont even
compile without presence of at least one of {iptables/iptables6 etc}
Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
| |\| |
|
| | |\
| | |
| | |
| | |
| | | |
(throw away remote three commits as they had been redone
in this local branch)
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
libxtables should not rely on the program executable providing the
magic constants for using [gs]etsockopt.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
This also adds a warning that intrapositional negation support
is deprecated.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Changes:
exittype -> xtables_exittype
P_* -> XTF_* flags
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Split XTABLES_VERSION into xtables and iptables, and encode the
xtables soversion into the extensions instead. This makes it possible
to upgrade iptables without having to recompile 3rd-party extensions
(if the libxtables version matches, of course).
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| | | |
| | |
| | |
| | |
| | |
| | | |
This commit also throws out the redundant string_to_number_*.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| | | |
| | |
| | |
| | |
| | |
| | | |
Consolidate the libdir variable initialization code into xtables.c.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This change affects:
find_{match,target} -> xtables_find_{match,target}
enum xt_tryload -> enum xtables_tryload
loose flags like DONT_LOAD -> XTF_DONT_LOAD
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This change affects:
load_xtables_ko -> xtables_load_ko
modprobe_program -> xtables_modprobe_program
Now uses bool for the "quiet" flag.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
It is good practice to prefix names in a library some way so that
it does not clash with external programs' variable names right
on the first try.
This change: rename fw_[cm]alloc to xtables_[cm]alloc and
move the definition from internal.h to xtables.h to avoid
potential compiler warnings.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| | | |
| | |
| | |
| | |
| | |
| | | |
Use the handy constants for ranges.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| | | |
| | |
| | |
| | |
| | |
| | | |
~0 depends on the sizeof(int), so it is better to use UINT32_MAX.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
-1 is a reserved number (chown uses it to denote "do not change"),
so the maximum libxt_owner should permit is up to UINT32_MAX-1.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| | | |
| | |
| | |
| | |
| | |
| | | |
All of them are implicitly convertable without any wanted side effects.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| | |/
|/|
| |
| |
| |
| |
| | |
By setting default NFLOG qthreshold to 0, userspace does not overwrite
the per-instance value.
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This change affects:
find_{match,target} -> xtables_find_{match,target}
enum xt_tryload -> enum xtables_tryload
loose flags like DONT_LOAD -> XTF_DONT_LOAD
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This change affects:
load_xtables_ko -> xtables_load_ko
modprobe_program -> xtables_modprobe_program
Now uses bool for the "quiet" flag.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It is good practice to prefix names in a library some way so that
it does not clash with external programs' variable names right
on the first try.
This change: rename fw_[cm]alloc to xtables_[cm]alloc and
move the definition from internal.h to xtables.h to avoid
potential compiler warnings.
These functions are intended to fix Jamal's dependency problem in
his tc's ipt action.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
| |
A sentence of the physdev module's help entry was truncated by the man
program because the line starts with a single quote.
Signed-off-by: Bart De Schuymer <bdschuym@pandora.be>
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Commit bb9284d1 ("libxt_owner: add spaces to output") moved the printing
of spaces away from the owner_mt_print() function family, but forgot to
add spaces in all of the print_item() functions that are called.
This is likely to be at least the partial cause of
https://bugs.gentoo.org/show_bug.cgi?id=254435
Signed-off-by: Daniel Drake <dsd@gentoo.org>
Approves-of-this-patch: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
| |
|
|
|
|
|
|
|
| |
The ICMP match module also allows numeric type/code as in
"--icmp-type type/code". Document it.
Based upon a patch by Victor Stinner <vstinner@inl.fr>.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
|
|
| |
Addendum to previous patch.
|
| |
|
|
|
|
|
|
|
|
| |
> Makefile.am:97: `%'-style pattern rules are a GNU make extension
(iptables still requires GNU make for extensions/, because it is
so much easier to write.)
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
| |
|
|
|
|
|
|
|
|
| |
Resolves warnings:
Makefile.am:7: `:='-style assignments are not portable
Makefile.am:71: `:='-style assignments are not portable
etc.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
| |
|
|
|
|
|
| |
groff formats '-' as a hyphen, and '\-' is needed for a minus.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
| |
|
|
|
|
|
|
| |
Change .br to .PP in the intro section and use consistent
paragraphing in later ones.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
