summaryrefslogtreecommitdiffstats
path: root/extensions/libxt_connlimit.c
Commit message (Collapse)AuthorAgeFilesLines
* libxt_connlimit: use guided option parserJan Engelhardt2011-05-091-111/+65
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* iptables: do not print trailing whitespacesJan Engelhardt2011-01-311-12/+12
| | | | | | | | | | | | | | | | | Due to the use of printf("foobar "), iptables emits spaces at the end-of-line, which looks odd to some users because it causes the terminal to wrap even if there is seemingly nothing to print. It may also have other points of annoyance, such as mailers interpreting a trailing space as an indicator that the paragraph continues when format=flowed is also on. And git highlights trailing spaces in red, so let's avoid :) Preexisting inconsistencies in outputting spaces in the right spot are also addressed right away. References: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=429579 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxt_connlimit: support for dstaddr-supporting revision 1Jan Engelhardt2011-01-191-15/+82
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxt_connlimit: add a --connlimit-upto optionJan Engelhardt2011-01-181-27/+43
| | | | | | | | Direct specifications like "upto" are easier to grasp than "not above". This patch adds such an upto variant similar to what libxt_hashlimit already has. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxt_connlimit: reword help text to say prefix lengthJan Engelhardt2011-01-181-1/+1
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* extensions: remove no longer necessary default: casesJan Engelhardt2011-01-081-2/+0
| | | | | | | Match and target parse functions now only get option characters they have defined themselves. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* src: use C99/POSIX typesJan Engelhardt2011-01-081-4/+4
| | | | | | "u_int" was a non-standardized extension predating C99 on some platforms. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* all: consistent syntax use in struct optionJan Engelhardt2010-07-231-3/+4
| | | | | | Try to inhibit copypasting old stuff. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* iptables/extensions: make bundled options work againJan Engelhardt2009-11-031-2/+2
| | | | | | | | | | | | | When using a bundled option like "-ptcp", 'argv[optind-1]' would logically point to "-ptcp", but this is obviously not right. 'optarg' is needed instead, which if properly offset to "tcp". Not all places change optind-based access to optarg; where look-ahead is needed, such as for tcp's --tcp-flags option for example, optind is ok. References: http://bugzilla.netfilter.org/show_bug.cgi?id=611 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxtables: hand argv to xtables_check_inverseJan Engelhardt2009-11-031-1/+1
| | | | | | | | | In going to fix NF bug #611, "argv" is needed in xtables_check_inverse to set "optarg" to the right spot in case of an intrapositional negation. References: http://bugzilla.netfilter.org/show_bug.cgi?id=611 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* extensions: collapse data variables to use multi-reg callsJan Engelhardt2009-06-261-30/+30
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxt_connlimit: initialize v6_maskkd6lvw2009-06-101-1/+3
| | | | | | | | | | When converting "--connlimit-mask $bits" to a 128-bit v6 mask, the code uses a left shift on v6_mask[n]. This requires v6_mask to be filled with all one-bits beforehand, but this initialization was not done. References: http://bugzilla.netfilter.org/show_bug.cgi?id=597 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxtables: prefix exit_error to xtables_errorJan Engelhardt2009-02-211-5/+5
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxtables: prefix/order - move check_inverse to xtables.cJan Engelhardt2009-01-301-1/+1
| | | | | | | This also adds a warning that intrapositional negation support is deprecated. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* src: remove inclusion of iptables.hJan Engelhardt2008-11-201-1/+1
| | | | | | | | | iptables.h and ip6tables.h only include declarations internal to iptables (specifically iptables.c and ip6tables.c), as most of the public API has been moved to xtables.h a few months ago. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* src: use NFPROTO_ constantsJan Engelhardt2008-11-181-5/+5
| | | | | | | | Resync netfilter.h from the latest kernel and make use of the new NFPROTO_ constants that have been introduced. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* src: use regular includesJan Engelhardt2008-09-011-1/+1
| | | | | | | | iptables ships with all header files and prioritized its own include directory over /usr/include/linux, so just use the normal brackets. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* Remove old functions, constantsJan Engelhardt2008-04-151-5/+4
|
* fix gcc warningsMax Kellermann2008-01-291-1/+1
| | | | Max Kellermann <max@duempel.org>
* Fix connlimit output for inverted --connlimit-above: ! > is <=, not <Patrick McHardy2007-11-281-2/+2
|
* Unique symbols 1/6Jan Engelhardt2007-10-041-4/+4
| | | | | | | | | | | Give symbols of libxt matches unique names (1/3). Adds unique prefixes to all functions (most of them - especially the hook functions) so that debugging programs can unambiguously map a symbol to an address. Also unifies the names of the xtables_match/xtables_target structs, (based upon libxt_connmark.c/libip6t_*.c). Signed-off-by: Jan Engelhardt <jengelh@gmx.de>
* No ipt in xtJan Engelhardt2007-10-041-1/+1
| | | | | | Cease using ipt_entry_match (replaced by xt_entry_match). Signed-off-by: Jan Engelhardt <jengelh@gmx.de>
* Remove last vestiges of NFC (Peter Riley <Peter.Riley@hotpop.com>)Peter Riley2007-09-021-3/+1
|
* Moves libip{,6}t_connlimit to libxt.Jan Engelhardt2007-07-311-0/+217
Also fixes an option parsing bug (connlimit_parse() may receive a 'c' that is not from the connlimit options table). Signed-off-by: Jan Engelhardt <jengelh@gmx.de>