summaryrefslogtreecommitdiffstats
path: root/extensions
Commit message (Collapse)AuthorAgeFilesLines
* man: fix incorrect plural in libipt_set.manPatrick McHardy2009-08-241-1/+1
| | | | Signed-off-by: Patrick McHardy <kaber@trash.net>
* manpages: more fixes to minuses, hyphens, dashesJan Engelhardt2009-08-202-2/+2
| | | | | | | | | | | | | | | | Debian still carries patches patches to the iptables nroff code touching ASCII minuses, so I thought, what's it this time. Eventually, this patch tries to straighten things once more, per http://en.wikipedia.org/wiki/Wikipedia:Manual_of_Style#Hyphens and http://en.wikipedia.org/wiki/Wikipedia:Manual_of_Style#Dashes . Titles will get the em dash; all typed commands or parameters with a hyphen get a minus (so that man(1) hyperlinking and copy-pasting does work), but other mentions get the hyphen. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* manpage: fix lintian warningsLaurence J. Lane2009-08-201-1/+1
| | | | | | | | | | | Description: extraneous slash caused this lintian warning: W: iptables: manpage-has-errors-from-man usr/share/man/man8/iptables.8.gz 220: cannot use newline as a starting delimiter W: iptables: manpage-has-errors-from-man usr/share/man/man8/ip6tables.8.gz 1823: warning: `precedence'' not defined Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* ipt_set: fix a typo in the manpageTrent W. Buck2009-08-201-1/+1
| | | | | | References: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=539101 Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* libxt_NFQUEUE: add new v1 version with queue-balance optionFlorian Westphal2009-08-202-10/+124
| | | | | | | | | | | | | | | | New version that adds support for specifying a queue range instead of a single queue id. The kernel will distribute flows across the given queue range. This is useful for multicore systems, simply start multiple instances of the userspace program on queues x, x+1, .. x+n and use "--queue-balance x:x+n". Packets belonging to the same connection are put into the same queue. With fixes from Jan Engelhardt. Signed-off-by: Florian Westphal <fwestphal@astaro.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
* Merge branch 'stable'Jan Engelhardt2009-08-052-22/+139
|\ | | | | | | | | | | | | Conflicts: extensions/libxt_conntrack.c Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxt_helper: fix invalid passed option to check_inverseJan Engelhardt2009-06-251-1/+1
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * xt_conntrack: revision 2 for enlarged state_mask memberJan Engelhardt2009-06-251-27/+148
| | | | | | | | | | | | This complements the xt_conntrack revision 2 code added to the kenrel. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* | build: combine iptables-multi and iptables-staticJan Engelhardt2009-07-251-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Changed the Makefile so that: 1. --enable-shared / --disable-shared control the linkage against libdl (and thus the potential to use 3rd party extensions) 2. --enable-static / --disable-static controls whether shipped extensions are built-in or provided as modules iptables-static becomes redundant by this action; iptables-multi now has the feature. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* | extensions: collapse data variables to use multi-reg callsJan Engelhardt2009-06-2615-566/+552
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* | extensions: remove empty help and parse functionsJan Engelhardt2009-06-267-127/+0
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* | extensions: collapse registration structuresJan Engelhardt2009-06-2627-474/+29
|/ | | | | | | | | | | | There are no different code paths between IPV4 and IPV6, so data can be consolidated here. text data bss dec hex filename 243757 12212 2576 258545 3f1f1 ip6tables-static[before.i586] 243613 9428 2576 255617 3e681 ip6tables-static[after.i586] -144 -2784 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* Merge branch 'stable' of git://dev.medozas.de/iptablesPatrick McHardy2009-06-117-30/+31
|\
| * manpages: markup correctionsJan Engelhardt2009-06-105-26/+25
| | | | | | | | | | | | | | | | The manpage of xt_cluster and xt_recent had some unclosed tags. Backslashes in commands are also not wanted because manpages are a freeform, automatically-wrapped text. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxt_connlimit: initialize v6_maskkd6lvw2009-06-101-1/+3
| | | | | | | | | | | | | | | | | | | | When converting "--connlimit-mask $bits" to a 128-bit v6 mask, the code uses a left shift on v6_mask[n]. This requires v6_mask to be filled with all one-bits beforehand, but this initialization was not done. References: http://bugzilla.netfilter.org/show_bug.cgi?id=597 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxt_tcp: manpage corrections and suggestionsIan Bruce2009-06-081-2/+2
| | | | | | | | | | | | | | | | | | | | From: Ian Bruce <ian_bruce@fastmail.net> The commit corrects some minor errors in the iptables(8) man page, related to port ranges in the "tcp" module. Reference: http://bugs.debian.org/531677 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxt_tcp: fix a manpage syntax typoFrank Tobin2009-06-081-1/+1
| | | | | | | | | | Reference: http://bugzilla.netfilter.org/show_bug.cgi?id=596 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* | Updated set/SET match and target to support multiple ipset protocols.Jozsef Kadlecsik2009-06-115-44/+65
|/ | | | | | | | | | | By checking the protocol version of the kernel part, the sockopt type of ipset protocols are all supported. Forward compatibility with the netlink based protocol is missing. The --set option of the set match is replaced by --match-set to avoid clashing with the recent match, but the old option is also kept. Manpages are updated, references to bindings removed.
* extensions: remove redundant castsJan Engelhardt2009-06-082-8/+8
| | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* DNAT/SNAT: add manpage documentation for --persistent flagJan Engelhardt2009-06-083-4/+12
| | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* extensions: use NFPROTO_UNSPEC for .family fieldJan Engelhardt2009-06-0117-19/+19
| | | | | | | | This constant would be the designated one for the .family field; it also, given recent changes, makes grep for NFPROTO_UNSPEC work to finally recollect all manpages. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* build: fix manpage collectionJan Engelhardt2009-06-011-1/+4
| | | | | | | | | | | | Florian Westphal points out that v1.4.3.2-9-gc304d77 greps for the keyword in the wrong file, and that files with NFPROTO_UNSPEC are skipped. This patch corrects that part, and makes `make` now output the manpages it collected. Reported-by: Florian Westphal <fw@strlen.de> Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* policy: merge ipv6 and ipv4 variantJan Engelhardt2009-06-012-463/+114
| | | | | | | | The files duplicate most of their code, and struct ipt_policy_info being defined to xt_policy_info makes them actually have even more in common. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* policy: use direct xt_policy_info instead of ipt/ip6tJan Engelhardt2009-05-312-66/+66
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libip6t_policy: remove redundant functionsJan Engelhardt2009-05-311-40/+8
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* manpages: do not include v4-only modules in ip6tables manpageJan Engelhardt2009-05-261-5/+5
| | | | | References: http://bugs.debian.org/529954 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* addrtype: fix one manpage typeJan Engelhardt2009-05-261-1/+1
| | | | | References: http://bugs.debian.org/528457 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* iptables: replace open-coded sizeof by ARRAY_SIZEJan Engelhardt2009-05-2615-101/+44
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* extensions: add const qualifiers in print/save functionsJan Engelhardt2009-05-2628-80/+67
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* extensions: add `cluster' match supportPablo Neira Ayuso2009-05-062-0/+300
| | | | | | This patch adds support for the cluster match to iptables. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* SNAT/DNAT: add support for persistent multi-range NAT mappingsPatrick McHardy2009-04-172-2/+21
| | | | | | | Add support for persistent mappings (2.6.29-rc2+) as replacement for the removed SAME target. Signed-off-by: Patrick McHardy <kaber@trash.net>
* libxt_conntrack: properly output negation symbolJan Engelhardt2009-04-051-4/+4
| | | | | | | | | Because the wrong flag was checked, the "!" was either wrongly printed, or not printed at all. This was broken since v1.4.0-29-ga8ad34c. Reported-by: Steven Jan Springl <steven@springl.ukfsn.org> Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* CLASSIFY: document non-standard interpretation behaviorJan Engelhardt2009-04-042-2/+3
| | | | | | | | Most other extensions use strtoul (by means of xtables_strtoui) and would abide by the standard convention of hex/octal prefixes 0x/0, and decimal otherwise, but CLASSIFY is an exception. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* build: add configure option to disable ipv4 iptablesJan Engelhardt2009-04-031-1/+1
| | | | | | This patch complements the previous one. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* build: add configure option to disable ip6tablesJan Engelhardt2009-04-031-1/+1
| | | | | | | | This also skips building the IPv6 extensions. It does not #ifdef out all code however, I think that would make it too ugly. Inspired-by: http://bugzilla.netfilter.org/show_bug.cgi?id=560 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxt_tcpmss: fix an inversion while parsing --mssJan Engelhardt2009-03-241-1/+1
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxt_hashlimit: add missing space for iptables-save outputJan Engelhardt2009-03-241-1/+1
| | | | | Reference: http://bugzilla.netfilter.org/show_bug.cgi?id=568 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxt_comment: output quotes must be escaped inJan Engelhardt2009-03-191-1/+2
| | | | | Reference: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=519584 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxt_connbytes: document nf_ct_acct behaviorJan Engelhardt2009-03-171-0/+6
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxt_connbytes: minor manpage adustmentsJan Engelhardt2009-03-171-5/+5
| | | | | | Use explicit paragraph separator and conntrack(8). Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* Merge commit 'nf/master'Jan Engelhardt2009-03-151-4/+4
|\
| * string: fix wrong pattern length calculationPablo Neira Ayuso2009-03-021-4/+4
| | | | | | | | | | | | | | | | This fixes a problem introduced in 37b4bde745698bf140d74e59a2561f34deeb8726 that leads to the wrong calculation of the pattern length in the string match. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* | extensions: add missing limits.h includeJan Engelhardt2009-02-217-0/+7
| | | | | | | | | | | | Thanks to Stephen Hemminger for noticing. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* | include: resynchronize headers with 2.6.29-rc5Jan Engelhardt2009-02-216-54/+54
|/ | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxt_policy: use bounded strtouiJan Engelhardt2009-02-212-6/+14
| | | | | | | | | | reqid and SPI can only have a value in the range 0..UINT32_MAX, not the entire range of the "long" type. Also throw an error if the incoming string does not look like a pure number. "Replaces" commit 6db2ded2f22a7e78743c86af523b8430876582e9. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* extensions: remove unwanted/add needed includes for IPv4 extsJan Engelhardt2009-02-2116-15/+2
| | | | | | | Most touched files do not use anything from ip_tables.h, so remove that #include. multiport instead, does need it (ipt_entry). Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* extensions: remove unwanted/add needed includes for IPv6 extsJan Engelhardt2009-02-218-9/+3
| | | | | | | Most touched files do not use anything from ip6_tables.h, so remove that #include. multiport instead, does need it (ip6t_entry). Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxtables: prefix exit_error to xtables_errorJan Engelhardt2009-02-2182-629/+629
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxt_policy: cannot set spi/reqid numbers higher than 0x7fffffffChristian Perle2009-02-172-4/+4
| | | | | | | | | | | http://bugzilla.netfilter.org/show_bug.cgi?id=577 When using the -m policy match, the option argument for --spi is converted using strtol(), which returns a signed 32 bit value, so the highest positive value is 0x7fffffff. Instead strtoul() should be used. The same applies for the --reqid option argument. Signed-off-by: Patrick McHardy <kaber@trash.net>
* doc: do not put IPv4 doc into ip6tables.8Jan Engelhardt2009-02-171-11/+5
| | | | | Reference: http://bugs.debian.org/515752 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>