summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Makes it possible to omit extra_opts of matches/targets if unnecessary.Jan Engelhardt2007-07-309-37/+6
| | | | | | (Jan Engelhardt <jengelh@gmx.de>) A nice side effect is that merge_option() doesn't copy options in that case.
* The option struct needs to be terminated, otherwise ip{,6}tablesJan Engelhardt2007-07-302-0/+2
| | | | | | will access illegal memory in merge_options(). Signed-off-by: Jan Engelhardt <jengelh@gmx.de>
* Remove the .next=NULL field. This is automatically initialized to zero.Jan Engelhardt2007-07-3050-71/+2
| | | | | | | I've kept .print=NULL and .save=NULL so it stands out (since iptables will do the print/save then). Signed-off-by: Jan Engelhardt <jengelh@gmx.de>
* Make xtables_target->extra_opts const (xtables_match->extra_opts already is)Jan Engelhardt2007-07-301-1/+1
| | | | Signed-off-by: Jan Engelhardt <jengelh@gmx.de>
* Changes permissions of test scripts of dccp, string, and quota matchYasuyuki KOZAKAI2007-07-243-0/+0
|
* Unifies libip[6]t_NFQUEUE.c into libxt_NFQUEUE.cYasuyuki KOZAKAI2007-07-244-135/+39
|
* Unifies libip[6]t_SECMARK.c into libxt_SECMARK.cYasuyuki KOZAKAI2007-07-243-132/+33
|
* Unifies libip[6]t_TCPMSS.c into libxt_TCPMSS.cYasuyuki KOZAKAI2007-07-245-171/+81
|
* Add IPv6 support to comment matchYasuyuki KOZAKAI2007-07-244-35/+52
|
* Add IPv6 support to dccp match.Yasuyuki KOZAKAI2007-07-243-60/+78
|
* Add IPv6 support to dscp match.Yasuyuki KOZAKAI2007-07-244-41/+58
|
* Unifies libip[6]t_esp.c into libxt_esp.cYasuyuki KOZAKAI2007-07-247-254/+53
|
* Unifies libip[6]t_length.c into libxt_length.cYasuyuki KOZAKAI2007-07-246-185/+40
|
* Unifies libip[6]t_limit.c into libxt_limit.c.Yasuyuki KOZAKAI2007-07-245-249/+51
|
* Unifies libip[6]t_mac.c into libxt_mac.cYasuyuki KOZAKAI2007-07-244-154/+40
|
* Unifies libip[6]t_physdev.c into libxt_physdev.cYasuyuki KOZAKAI2007-07-246-295/+97
|
* Add IPv6 support to pkttype matchYasuyuki KOZAKAI2007-07-244-22/+38
|
* Add IPv6 support to quota matchYasuyuki KOZAKAI2007-07-242-6/+22
|
* Unifies libip[6]t_sctp.c into libxt_sctp.cYasuyuki KOZAKAI2007-07-245-588/+50
|
* Unifies libip[6]t_standard.c into libxt_standard.cYasuyuki KOZAKAI2007-07-243-74/+27
|
* Unifies libip[6]t_tcp.c into libxt_tcp.c.Yasuyuki KOZAKAI2007-07-243-447/+49
|
* Add IPv6 support to tcpmss matchYasuyuki KOZAKAI2007-07-244-23/+40
|
* Unifies libip[6]t_udp.c into libxt_udp.cYasuyuki KOZAKAI2007-07-244-249/+76
|
* Unifies libip[6]_mark.c into libxt_mark.cYasuyuki KOZAKAI2007-07-244-135/+19
|
* Use unified API in libipt_mark.cYasuyuki KOZAKAI2007-07-243-18/+19
|
* Add IPv6 support to string matchYasuyuki KOZAKAI2007-07-241-0/+16
|
* Moves libipt_string.c to libxt_string.cYasuyuki KOZAKAI2007-07-243-2/+3
|
* Use unified API in string matchYasuyuki KOZAKAI2007-07-241-20/+21
|
* Unifies libip[6]t_multiport.c into libipxt_multiport.cYasuyuki KOZAKAI2007-07-245-524/+86
|
* Moves libipt_multiport.c to libxt_multiport.cYasuyuki KOZAKAI2007-07-242-2/+2
|
* Splits ipt_multport into family dependent parts and othersYasuyuki KOZAKAI2007-07-241-34/+68
|
* Use unified API in multiport matchYasuyuki KOZAKAI2007-07-242-46/+80
|
* Add IPv6 support to NOTRACKYasuyuki KOZAKAI2007-07-241-0/+16
|
* Renames libipt_NOTRACK.c to libxt_NOTRACK.cYasuyuki KOZAKAI2007-07-242-1/+2
|
* Use unified API in NOTRACK target.Yasuyuki KOZAKAI2007-07-241-16/+15
|
* Moves all declarations in iptables_common.h to xtables.h.Yasuyuki KOZAKAI2007-07-246-41/+32
|
* Installs libxt_*.so to DEST_IPT_LIBIDR and link libip[6]t_*.so to it.Yasuyuki KOZAKAI2007-07-241-0/+26
|
* Introduces DEST_IPT_LIBDIR to simplify $(DESTDIR)$(LIBDIR)/iptablesYasuyuki KOZAKAI2007-07-242-8/+10
|
* Fixes warning on compilation, part 2Yasuyuki KOZAKAI2007-07-246-29/+46
| | | | | | | | | | This changes the type of arguments as follows in multiport, DNAT, SNAT, MASQUERADE, and REDIRECT - ip[6]t_ip[6] * -> void * - ip[6]t_entry * -> void * and adds lines to cast these pointer with intended type.
* Fixes warning on compilation of ip6tables matches/targetsYasuyuki KOZAKAI2007-07-2436-107/+107
| | | | | | This changes the type of arguments as follows - ip6t_ip6 * -> void * - ip6t_entry * -> void *
* Fixes warning on compilation of iptables matches/targetsYasuyuki KOZAKAI2007-07-2460-177/+177
| | | | | | | | | This changes the type of arguments as follows - ipt_ip * -> void * - ipt_entry * -> void * This patch doesn't change multiport, DNAT, SNAT, MASQUERADE, REDIRECT because these need more changes (casting void * variable with intended type)
* Replaces ip6t_entry_* with xt_entry_* in matches/targetsYasuyuki KOZAKAI2007-07-2434-128/+127
|
* Replaces ipt_entry_* with xt_entry_* in matches/targetsYasuyuki KOZAKAI2007-07-2464-237/+237
|
* Moves IPPROTO_* and IP[6]T_LIB_DIR definitions to xtables.hYasuyuki KOZAKAI2007-07-243-22/+16
|
* Moves some duplicated functions in ip[6]tables.c to xtables.cYasuyuki KOZAKAI2007-07-247-230/+120
| | | | | string_to_number_ll, string_to_number_l, string_to_number, service_to_port, parse_port, parse_interface, are moved.
* Introduces xtables match/target registrationYasuyuki KOZAKAI2007-07-2411-875/+728
| | | | | | | | | | | | | | | | | | | | | | | - moves lib_dir to xtables.c - introduces struct pfinfo which has protocol family dependent infomations. - unifies load_ip[6]tables_ko() and moves them as load_xtables_ko() - introduces xt_{match,match_rule,target,tryload} and replaces ip[6]t_* with them - unifies following functions and move them to xtables.c - find_{match,find_target} - compatible_revision, compatible_{match,target}_revision - introduces xtables_register_{match,target} and make register_{match,target}[6] call them. xtables_register_* register ONLY matches/targets matched protocol family Some concepts: - source compatibility for libip[6]t_xxx.c with warning on compilation not binary compatibility. - binary compatibility between 2.4/2.6 kernel and iptables/ip6tables, of cause. - xtables is enough to support only one address family at runtime. Then xtables keeps infomations of only the focused address famiy in struct afinfo.
* Moves ip[6]tables_insmod() to xtables.c as xtables_insmod()Yasuyuki KOZAKAI2007-07-248-167/+94
|
* Moves common fw_malloc() and fw_calloc() to xtables.cYasuyuki KOZAKAI2007-07-244-48/+35
|
* Adds xtables.[ch] and change Makefile to compile itYasuyuki KOZAKAI2007-07-243-7/+30
|
* iptables-xmlSam Liddicott2007-07-173-3/+117
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Attached are: 1. A man page for iptables-xml 2. A fix for iptables.xslt allowing for an arbitrary depth of arguments or modifiers. Although iptables-xml cannot generate more than two levels deep, xml generated by other systems may prefer to generate <action> <restore-mark> <mask>0xff00</mask> </restore-mark> </action> than <action> <restore-mark/> <mask>0xff00</mask> </action> (which is what iptables-xml generates) even though the same iptables is re-generated on conversion. 3. A fix for iptables-xml.c so that combining of consecutive targets of rules with the same match into one XML rule, will not combine over a terminating action; i.e. there is no point in converting -A table -p tcp -j DROP -A table -p tcp -j MARK --set-mark 25 -A table -p tcp -j RETURN into one XML rule with multiple actions as they are probably not logically combined in the mind of the author. Signed-off by: Sam Liddicott <azez@ufomechanic.net>