| Commit message (Collapse) | Author | Age | Files | Lines |
|\
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
extensions/GNUmakefile.in
Resolution: trivial, since this was a fuzz 3.
Reason: Line added from v1.4.15-16-g33710a5 was in vincinity of changes
from v1.4.15-22-g4496801.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
iptables.8 and ip6tables.8 had pretty much the same content, with a few
protocol-specific deviations here and there. Not only did that bloat the
manpages, but it also made it harder to spot differences. Separate out
the extension descriptions into a new manpage, which conveniently
features differences next to one another (cf. REJECT).
Signed-off-by: Jan Engelhardt <jengelh@inai.de>
|
|\| |
|
| |
| |
| |
| | |
Signed-off-by: Jan Engelhardt <jengelh@inai.de>
|
| |
| |
| |
| |
| |
| |
| | |
Note that we do not need any print/save functions for the alias entries,
since the real CT entry will handle this.
Signed-off-by: Jan Engelhardt <jengelh@inai.de>
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
While changing branches, one can hit errors like:
make[2]: *** CC libipt_CLUSTERIP.oo
No hay ninguna regla para construir el objetivo
`../include/net/netfilter/nf_nat.h', necesario para
`libipt_DNAT.oo'. Alto.
Pablo thinks dep files should be removed on `make clean`, and I
concur. (JFI, Note that native automake would not clear its ".deps"
directory.) Keep the "distclean: clean" line to keep invocations by
automake from the parent directory working.
Reported-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Have each extension link against libxtables.so; with this, all home
symbols are known at link time and we can use ld's --no-undefined to
run the check, dropping the homebrew solution.
By having libxtables.so required by extensions, package managers'
automatic dependency discovery will become effective so that manual
dependencies for distros with split extension packages (e.g. OpenWRT)
will not be necessary anymore.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
|
|
|
| |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
|
|
|
| |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
|
|
|
|
|
|
|
| |
iptables(exe) requires libext.a, but extensions/ require libxtables.la
(in iptables/). This circular dependency does not work out, so
separate libxtables into its own directory and put it in front.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
|
|
|
|
|
|
|
|
| |
Manpage subsections are already sorted for obvious reasons. Since
$(wildcard) can actually return results unordered (just what the OS
can do) do the sorting with the .o file list too, for developer
comfort.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
|
|
|
|
|
|
| |
To be notified of occurrences where we are missing any libraries, run
some ldd checks post building.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
|
|
|
|
|
|
| |
$ ldd -r libxt_RATEEST.so
undefined symbol: log (./libxt_RATEEST.so)
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
|
|
|
|
|
|
|
| |
$ ldd -r libxt_statistic.so
undefined symbol: lround (./libxt_statistic.so)
References: https://bugs.archlinux.org/task/25358
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
|
|
|
|
|
|
| |
Commit v1.4.10-149-gea2a02f added an netinet/ip6.h include, which is
not available on systems without IPv6 header files.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
|
|
|
|
| |
References; http://bugzilla.netfilter.org/show_bug.cgi?id=713
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
|
|
|
|
| |
References: http://bugzilla.netfilter.org/show_bug.cgi?id=713
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
|
|
|
|
|
|
| |
This is where they belong, after all.
References: http://bugzilla.netfilter.org/show_bug.cgi?id=713
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
|
|
|
| |
Signed-off-by: Maciej Zenczykowski <maze@google.com>
|
|
|
|
|
|
|
|
|
| |
Commit v1.4.9-35-gd4105ad changed from [A-Z] and [a-z] to use
[[:alnum:]], which unfortunately drew matches into the target section,
and targets into the match section. [[:upper:]] and [[:lower:]] should
have been used instead, of course.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
|
|
|
|
| |
Signed-off-by: Maciej Zenczykowski <maze@google.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
|
|
|
|
| |
Signed-off-by: Maciej Zenczykowski <maze@google.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
|
|
|
|
| |
Signed-off-by: Maciej Zenczykowski <maze@google.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
|
|
|
|
|
|
| |
make only evaluates $? of an entire shell invocation. As such, if any
command in the chain can fail, $? needs to be thrown, and early so.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
|
|
|
|
|
|
|
|
| |
In the fi_FI locale, [a-z] would not include 'w', for example. Rectify
this by using [[:alnum:]] (to counter against different ordering) and
forcing the POSIX locale (so that the alphabet has at least the 26
base characters).
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changed the Makefile so that:
1. --enable-shared / --disable-shared control the linkage against
libdl (and thus the potential to use 3rd party extensions)
2. --enable-static / --disable-static controls whether shipped
extensions are built-in or provided as modules
iptables-static becomes redundant by this action; iptables-multi now
has the feature.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Florian Westphal points out that v1.4.3.2-9-gc304d77 greps for the
keyword in the wrong file, and that files with NFPROTO_UNSPEC are
skipped.
This patch corrects that part, and makes `make` now output the
manpages it collected.
Reported-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
|
|
|
|
| |
References: http://bugs.debian.org/529954
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
|
|
|
|
|
| |
This patch complements the previous one.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
|
|
|
|
|
|
|
| |
This also skips building the IPv6 extensions. It does not #ifdef out
all code however, I think that would make it too ugly.
Inspired-by: http://bugzilla.netfilter.org/show_bug.cgi?id=560
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
|
|
|
|
| |
Reference: http://bugs.debian.org/515752
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
|
|
|
|
|
|
| |
initext?.c is generated within the current directory, not in ${srcdir}.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
|
|
|
|
|
|
|
|
| |
When --disable-shared is used, there are no .so files to install, and
the argument order for install would get messed up.
Reported-by: Michael Teicher <mteicher@gmail.com>
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
|
|
|
|
|
|
|
|
|
| |
linux/dccp.h is unlikely to be installed before 2.6.18 (which was
when headers_install was introduced), and does not exist at all
before 2.6.14. Add a compile-time check to skip compilation of
libxt_dccp in case this was detected.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
|
|
|
|
|
|
|
| |
The new iptables git version assumes /bin/sh is always GNU bash,
that's not the case (Ubuntu 8.04 uses dash), see attachment
for a fix.
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
|
|
|
|
|
|
| |
Reported by: Henrik Nordstrom
When xtables.h is not already found in /usr/include, compilation
would fail when ${top_srcdir} != ${top_builddir}.
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
Adjust the _INIT macro and thus fix the build/linking procedure of
the monolithic do-it-all binary (iptables-static).
Also fix the Makefile since unfortunately, lib%.o does not seem to
have a higher precedence than %.o
|
|
|
|
|
|
|
|
|
| |
A few build system changes.
* ip6tables needs IP6T_LIB_DIR
* correctly trigger rebuild of master manpages when
submanpages have been touched
Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de.
|
|
|
|
|
|
|
|
| |
Have the header files in the iptables source tree take precedence
over those from the kernel source. Otherwise, building the current
iptables from subversion just fails with kernels < 2.6.25.
Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
|
|
- Can build both static and dynamic at the same time
- iptables-static will be a multi-binary, semi-static
(link against libc but w/o dynamic plugins)
- Always build IPv6 modules
- consider INSTALL
Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
|