summaryrefslogtreecommitdiffstats
path: root/extensions/libxt_MARK.c
Commit message (Collapse)AuthorAgeFilesLines
* extensions: prefer plain 'set' over 'set mark and'Florian Westphal2018-02-201-3/+3
| | | | | | | | | | | | | | adding a test case for MARK --set-mark 0 fails with exp: nft add rule ip mangle OUTPUT counter meta mark set 0x0 res: nft add rule ip mangle OUTPUT counter meta mark set mark and 0x0 This translation isn't wrong, but unneccessarily complex, so change order to first check if mask bits are all ones. In that case we can simply use an immediate value without need for logical operators. Signed-off-by: Florian Westphal <fw@strlen.de>
* iptables: extensions: Fix MARK target helpMart Frauenlob2017-11-271-1/+1
| | | | | | | A typo in the help output of: iptables -j MARK -h. Signed-off-by: Mart Frauenlob <mart.frauenlob@chello.at> Signed-off-by: Florian Westphal <fw@strlen.de>
* src: introduce struct xt_xlate_{mt,tg}_paramsPablo Neira Ayuso2016-07-251-6/+6
| | | | | | | | This structure is an extensible containers of parameters, so we don't need to propagate interface updates in every extension file in case we need to add new parameters in the future. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* iptables: extensions: libxt_MARK: Fix translation of --set-xmark optionRoberto García2016-06-221-2/+2
| | | | | | | | | | | | | | | | | Fix translation of MARK target's --set-xmark option. Before: #iptables-translate -t mangle -A PREROUTING -j MARK --set-xmark 0x64/0xaf nft add rule ip mangle PREROUTING counter meta mark set mark xor 0x64 and 0xaf After: # iptables-translate -t mangle -A PREROUTING -j MARK --set-xmark 0x64/0xaf nft add rule ip mangle PREROUTING counter meta mark set mark and 0xffffff50 \ xor 0x64 Signed-off-by: Roberto García <rodanber@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* extensions: libxt_MARK: Add translation for revision 1 to nftRoberto García2016-06-221-2/+26
| | | | | | | | | | | | | | | | | | | Add translation for revision 1 of the MARK target to nft. Examples: # iptables-translate -t mangle -A PREROUTING -j MARK --set-mark 0x64 nft add rule ip mangle PREROUTING counter meta mark set 0x64 # iptables-translate -t mangle -A PREROUTING -j MARK --and-mark 0x64 nft add rule ip mangle PREROUTING counter meta mark set mark and 0x64 # iptables-translate -t mangle -A PREROUTING -j MARK --or-mark 0x64 nft add rule ip mangle PREROUTING counter meta mark set mark or 0x64 Signed-off-by: Roberto García <rodanber@gmail.com> Acked-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* extensions: libxt_MARK: Add translation to nftRoberto García2016-06-141-0/+23
| | | | | | | | | | | | | | | | | | | | | | | | Add translation for the MARK target to nftables. Examples: $ sudo iptables-translate -t mangle -A OUTPUT -j MARK --set-mark 64 nft add rule ip mangle OUTPUT counter meta mark set 0x40 $ sudo iptables-translate -t mangle -A OUTPUT -j MARK --set-xmark 0x40/0x32 nft add rule ip mangle OUTPUT counter meta mark set mark xor 0x40 and 0x32 $ sudo iptables-translate -t mangle -A OUTPUT -j MARK --or-mark 64 nft add rule ip mangle OUTPUT counter meta mark set mark or 0x40 $ sudo iptables-translate -t mangle -A OUTPUT -j MARK --and-mark 64 nft add rule ip mangle OUTPUT counter meta mark set mark and 0x40 $ sudo iptables-translate -t mangle -A OUTPUT -j MARK --xor-mark 64 nft add rule ip mangle OUTPUT counter meta mark set mark xor 0x40 Signed-off-by: Roberto García <rodanber@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* libxt_MARK: use guided option parserJan Engelhardt2011-04-131-123/+79
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* iptables: do not print trailing whitespacesJan Engelhardt2011-01-311-15/+15
| | | | | | | | | | | | | | | | | Due to the use of printf("foobar "), iptables emits spaces at the end-of-line, which looks odd to some users because it causes the terminal to wrap even if there is seemingly nothing to print. It may also have other points of annoyance, such as mailers interpreting a trailing space as an indicator that the paragraph continues when format=flowed is also on. And git highlights trailing spaces in red, so let's avoid :) Preexisting inconsistencies in outputting spaces in the right spot are also addressed right away. References: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=429579 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* extensions: remove no longer necessary default: casesJan Engelhardt2011-01-081-7/+0
| | | | | | | Match and target parse functions now only get option characters they have defined themselves. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* src: use C99/POSIX typesJan Engelhardt2011-01-081-2/+2
| | | | | | "u_int" was a non-standardized extension predating C99 on some platforms. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* all: consistent syntax use in struct optionJan Engelhardt2010-07-231-5/+5
| | | | | | Try to inhibit copypasting old stuff. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* includes: header updatesJan Engelhardt2010-02-011-0/+17
| | | | | | | | | | | | Update the shipped Linux kernel headers from 2.6.33-rc6, as iptables's ipt_ECN.h for example references ipt_DSCP.h, which no longer exists. Since a number of old code pieces have been removed in the kernel in that fashion, the structs for older versions are moved into the .c file, to keep header updating simple. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* MARK: print mark rules with mask 0xffffffff as --set-mark instead of --set-xmarkPatrick McHardy2009-11-041-0/+2
| | | | Signed-off-by: Patrick McHardy <kaber@trash.net>
* extensions: collapse data variables to use multi-reg callsJan Engelhardt2009-06-261-46/+44
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* extensions: collapse registration structuresJan Engelhardt2009-06-261-17/+1
| | | | | | | | | | | | There are no different code paths between IPV4 and IPV6, so data can be consolidated here. text data bss dec hex filename 243757 12212 2576 258545 3f1f1 ip6tables-static[before.i586] 243613 9428 2576 255617 3e681 ip6tables-static[after.i586] -144 -2784 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* extensions: use NFPROTO_UNSPEC for .family fieldJan Engelhardt2009-06-011-1/+1
| | | | | | | | This constant would be the designated one for the .family field; it also, given recent changes, makes grep for NFPROTO_UNSPEC work to finally recollect all manpages. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxtables: prefix exit_error to xtables_errorJan Engelhardt2009-02-211-8/+8
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxtables: prefix/order - param_actJan Engelhardt2009-01-301-14/+14
| | | | | | | | Changes: exittype -> xtables_exittype P_* -> XTF_* flags Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxtables: prefix/order - strtouiJan Engelhardt2009-01-271-9/+11
| | | | | | This commit also throws out the redundant string_to_number_*. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* extensions: use UINT_MAX constants over open-coded bits (1/2)Jan Engelhardt2009-01-271-6/+6
| | | | | | ~0 depends on the sizeof(int), so it is better to use UINT32_MAX. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* src: use NFPROTO_ constantsJan Engelhardt2008-11-181-3/+3
| | | | | | | | Resync netfilter.h from the latest kernel and make use of the new NFPROTO_ constants that have been introduced. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* src: Update commentsJan Engelhardt2008-09-011-7/+0
| | | | | | | | A number of comments are redundant, some outdated and others outright wrong in their own way. Remove and fixup. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* Remove old functions, constantsJan Engelhardt2008-04-151-8/+6
|
* Implement AF_UNSPEC as a wildcard for extensionsJan Engelhardt2008-04-141-17/+1
|
* fix gcc warningsMax Kellermann2008-01-291-2/+2
| | | | Max Kellermann <max@duempel.org>
* libxt_MARK r2Jan Engelhardt2008-01-201-0/+148
| | | | | | | Add support for xt_MARK target revision 2. Also consolidate libip6t_MARK.man and libipt_MARK.man. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
* Unique names 2/6Jan Engelhardt2007-10-041-47/+37
| | | | | | | | | | | Give symbols of libxt targets unique names (1/3). Adds unique prefixes to all functions (most of them - especially the hook functions) so that debugging programs can unambiguously map a symbol to an address. Also unifies the names of the xtables_match/xtables_target structs, (based upon libxt_connmark.c/libip6t_*.c). Signed-off-by: Jan Engelhardt <jengelh@gmx.de>
* Delete empty ->init() functionsJan Engelhardt2007-10-041-9/+0
| | | | | | | Deletes empty ->init() functions. ip[6]tables already checks for .init being NULL or not. Signed-off-by: Jan Engelhardt <jengelh@gmx.de>
* Fix sparse warnings: non-ANSI function declarations, 0 used as pointerPatrick McHardy2007-09-081-4/+4
|
* Remove last vestiges of NFC (Peter Riley <Peter.Riley@hotpop.com>)Peter Riley2007-09-021-1/+1
|
* Unifies libip[6]t_MARK into libxt_MARKYasuyuki KOZAKAI2007-08-041-0/+240