summaryrefslogtreecommitdiffstats
path: root/extensions
Commit message (Collapse)AuthorAgeFilesLines
...
| * libxt_connbytes: fix handling of --connbytes FROMFlorian Westphal2011-12-231-17/+25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | quoting man page: match packets from a connection whose packets/bytes/average packet size is more than FROM and less than TO bytes/packets. if TO is omitted only FROM check is done. But, when TO was omitted, we did treat it like "x:x" which is not the same at all. Before commit 09631dc60ce41bc484a42fcf4d4ddf7036820bd1 (libxt_connbytes: use guided option parser), we failed to parse "--connbytes x" ('Bad range "x"'), but treated "x:" like "x:0xffffffff". Also, restore the "from must be smaller than to" check. Signed-off-by: Florian Westphal <fw@strlen.de>
* | Merge branch 'stable'Jan Engelhardt2011-12-186-40/+52
|\ \ | |/ |/|
| * libxt_recent: Add support for --reap optionTim Gardner2011-12-092-1/+21
| | | | | | | | | | | | | | | | Support for the reap option was merged in the kernel as of 2.6.35. Cc: Pablo Neira Ayuso <pablo@netfilter.org> Cc: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
| * Merge branch 'stable'Pablo Neira Ayuso2011-11-011-1/+1
| |\
| * | Improve readability of bitwise operationThomas Jarosch2011-09-281-2/+2
| | | | | | | | | | | | | | | | | | | | | CLUSTERIP: improve readability of bitwise operation Signed-off-by: Thomas Jarosch <thomas.jarosch@intra2net.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | Merge branch 'stable'Jan Engelhardt2011-09-191-4/+4
| |\ \
| * | | src: resolve old macro names that are indirectionsJan Engelhardt2011-09-111-5/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Command used: git grep -f <(pcregrep -hior '(?<=#define\s)IP6?(T_\w+)(?=\s+X\1)' include/) and then fix all occurrences. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * | | Merge branch 'stable'Jan Engelhardt2011-09-111-6/+6
| |\ \ \
| * \ \ \ Merge branch 'master' of git://dev.medozas.de/iptablesJan Engelhardt2011-09-082-32/+24
| |\ \ \ \
| | * | | | libxt_addrtype: add support for revision 1Jan Engelhardt2011-08-281-32/+24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Rev 1 was added to the kernel in commit v2.6.39-rc1~468^2~10^2~1 but there was no corresponding iptables patch so far. Cc: Florian Westphal <fw@strlen.de> Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| | * | | | libxt_addrtype: rename from libipt_addrtypeJan Engelhardt2011-08-282-0/+0
| | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* | | | | | libipt_SAME: set PROTO_RANDOM on all rangesJan Engelhardt2011-11-303-24/+34
| |_|_|_|/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Resolve the (justified) WTF remark to a clearer version of when/why PROTO_RANDOM needs to be set. Especially when --random is used before --to in SAME, it would have not been appleid.
* | | | | libxt_NFQUEUE: fix --queue-bypass ipt-save outputFlorian Westphal2011-11-011-1/+1
| |_|_|/ |/| | | | | | | | | | | | | | | | | | | | | | | else, this will print "--queue-num 0--queue-bypass ". Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* | | | build: make check stage not fail when building staticallyJan Engelhardt2011-09-191-2/+2
| | | | | | | | | | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* | | | build: restore build order of modulesJan Engelhardt2011-09-191-2/+2
| |_|/ |/| | | | | | | | | | | | | | | | | | | | iptables(exe) requires libext.a, but extensions/ require libxtables.la (in iptables/). This circular dependency does not work out, so separate libxtables into its own directory and put it in front. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* | | build: sort file list before buildJan Engelhardt2011-09-081-6/+6
|/ / | | | | | | | | | | | | | | | | Manpage subsections are already sorted for obvious reasons. Since $(wildcard) can actually return results unordered (just what the OS can do) do the sorting with the .o file list too, for developer comfort. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* | libxt_CONNSECMARK: fix spacing in outputTom Eastep2011-09-051-1/+1
| | | | | | | | | | | | | | | | | | ~# iptables -t mangle -A foo -j CONNSECMARK --save ~# iptables -t mangle -S [...] -A foo -j CONNSECMARK--save Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* | build: scan for unreferenced symbolsJan Engelhardt2011-09-031-1/+10
| | | | | | | | | | | | | | To be notified of occurrences where we are missing any libraries, run some ldd checks post building. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* | libxt_RATEEST: link with -lmJan Engelhardt2011-09-031-0/+1
| | | | | | | | | | | | | | $ ldd -r libxt_RATEEST.so undefined symbol: log (./libxt_RATEEST.so) Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* | libxt_statistic: link with -lmJan Engelhardt2011-09-031-1/+4
|/ | | | | | | | $ ldd -r libxt_statistic.so undefined symbol: lround (./libxt_statistic.so) References: https://bugs.archlinux.org/task/25358 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxt_conntrack: improve error message on parsing violationTom Eastep2011-08-271-4/+11
| | | | | | | | | | | | | | | Tom Eastep noted: $ iptables -A foo -m conntrack --ctorigdstport 22 iptables v1.4.12: conntrack rev 2 does not support port ranges Try `iptables -h' or 'iptables --help' for more information. Commit v1.4.12-41-g1ad6407 takes care of the actual cause of the bug, but let's include Tom's patch nevertheless for the better error message in case one actually does specify a range with rev 2. References: http://marc.info/?l=netfilter-devel&m=131370592105298&w=2 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxt_TOS: update linux kernel version list for backported fixFernando Luis Vázquez Cao2011-08-261-4/+4
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxt_string: escape the escaping char tooJan Engelhardt2011-08-261-1/+1
| | | | | References: http://bugzilla.netfilter.org/show_bug.cgi?id=740 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxt_string: replace hex codes by char equivalentsJan Engelhardt2011-08-251-3/+3
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxt_string: simplify hex output routineJan Engelhardt2011-08-251-7/+2
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxt_hashlimit: observe new default gc-expire time when savingJan Engelhardt2011-08-211-13/+20
| | | | | | | | Since a while, --htable-gc-expire defaults to the chosen time quantum instead of 10 fixed seconds, which leads the expiry value to be always printed, which is redundant. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxt_policy: remove superfluous inversionJan Engelhardt2011-08-211-2/+1
| | | | | | --dir cannot be inverted. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxt_physdev: restore inversion supportJan Engelhardt2011-08-211-3/+4
| | | | | | | | Bug origin is in commit v1.4.11~26^2~4. References: Dave Täht via netfilter-devel on 2011-08-20 14:40:11 -0700 References: <CAA93jw6mpDL6rLXM+9SpAhafkDdKoSfhAxU8UM87vUqjuzjYJw@mail.gmail.com> Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxt_owner: restore inversion supportJan Engelhardt2011-08-211-1/+2
| | | | | | | | Bug origin is in commit v1.4.11~16^2~7. References: Dave Täht via netfilter-devel on 2011-08-20 14:40:11 -0700 References: <CAA93jw6mpDL6rLXM+9SpAhafkDdKoSfhAxU8UM87vUqjuzjYJw@mail.gmail.com> Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libipt_ttl: document that negation is availableJan Engelhardt2011-08-212-2/+2
| | | | | | Glitch since commit v1.2.1~75. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libip6t_dst: restore setting IP6T_OPTS_LEN flagJan Engelhardt2011-08-211-0/+3
| | | | | | Bug origin is in commit v1.4.11~26^2~18. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libip6t_hbh: restore setting IP6T_OPTS_LEN flagJan Engelhardt2011-08-211-0/+1
| | | | | | Bug origin is in commit v1.4.11~26^2~17. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxt_hashlimit: remove inversion from hashlimit rev 0Jan Engelhardt2011-08-211-11/+2
| | | | | | | Revision 0 indeed did not have inversion support, nor presence of --hashlimit-above. This glitch was added in v1.4.11~16^2~10. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libip6t_frag: restore inversion supportJan Engelhardt2011-08-211-0/+16
| | | | | | | | --fraglen also was not printed since v1.4.11~26^2~22. References: Dave Täht via netfilter-devel on 2011-08-20 14:40:11 -0700 References: <CAA93jw6mpDL6rLXM+9SpAhafkDdKoSfhAxU8UM87vUqjuzjYJw@mail.gmail.com> Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxt_conntrack: fix --ctproto 0 outputJan Engelhardt2011-08-211-4/+5
| | | | | | | | | | | First, we are missing XTOPT_PUT when trying to use XTOPT_POINTER. (Next commit will flag this.) Furthermore, l4proto is of type uint16_t, while XTTYPE_PROTOCOL wants a uint8_t so the idea would not work => revert v1.4.12~1^2. Bug goes back to v1.4.12~1^2. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxt_hashlimit: default htable-expire must be in millisecondsJan Engelhardt2011-08-211-2/+2
| | | | | | Bug goes back to v1.4.12~3^2~11. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxt_dscp: restore inversion supportJan Engelhardt2011-08-211-2/+3
| | | | | | References: Dave Täht via netfilter-devel on 2011-08-20 14:40:11 -0700 References: <CAA93jw6mpDL6rLXM+9SpAhafkDdKoSfhAxU8UM87vUqjuzjYJw@mail.gmail.com> Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxt_dccp: fix random output of ! on --dccp-optionJan Engelhardt2011-08-211-1/+1
| | | | | | | | | | | dccp-option tests info->typemask, but it really should look at info->invflags instead. This bug goes back to commit v1.3.4~11. References: Dave Täht via netfilter-devel on 2011-08-20 14:40:11 -0700 References: <CAA93jw6mpDL6rLXM+9SpAhafkDdKoSfhAxU8UM87vUqjuzjYJw@mail.gmail.com> Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxt_dccp: provide man pages options in short help tooJan Engelhardt2011-08-212-2/+5
| | | | | | | | This omission goes back to commit v1.3.4~11. References: Dave Täht via netfilter-devel on 2011-08-20 14:40:11 -0700 References: <CAA93jw6mpDL6rLXM+9SpAhafkDdKoSfhAxU8UM87vUqjuzjYJw@mail.gmail.com> Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxt_dccp: spell out option name on saveJan Engelhardt2011-08-211-1/+1
| | | | | | | | This glitch goes back to commit v1.3.4~11. References: Dave Täht via netfilter-devel on 2011-08-20 14:40:11 -0700 References: <CAA93jw6mpDL6rLXM+9SpAhafkDdKoSfhAxU8UM87vUqjuzjYJw@mail.gmail.com> Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxt_dccp: fix deprecated intrapositional ordering of !Jan Engelhardt2011-08-211-4/+5
| | | | | | | | This bug goes back to v1.4.3~63. References: Dave Täht via netfilter-devel on 2011-08-20 14:40:11 -0700 References: <CAA93jw6mpDL6rLXM+9SpAhafkDdKoSfhAxU8UM87vUqjuzjYJw@mail.gmail.com> Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxt_dccp: restore missing XTOPT_INVERT tags for optionsJan Engelhardt2011-08-211-2/+3
| | | | | | | | This regression goes back to v1.4.11~19^2. References: Dave Täht via netfilter-devel on 2011-08-20 14:40:11 -0700 References: <CAA93jw6mpDL6rLXM+9SpAhafkDdKoSfhAxU8UM87vUqjuzjYJw@mail.gmail.com> Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxt_conntrack: remove one misleading commentJan Engelhardt2011-08-211-2/+2
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* doc: clarify libxt_connlimit defaultsJan Engelhardt2011-08-211-1/+2
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxt_string: fix space around argumentsDwight Davis2011-08-201-2/+2
| | | | | | | Fix oversight from commit v1.4.11~80. References: http://bugs.debian.org/637499 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxt_set: put differing variable names in directlyJan Engelhardt2011-08-202-18/+6
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* doc: fix typo in libxt_TRACEBernard Massot2011-08-201-1/+1
| | | | | References: http://bugzilla.netfilter.org/show_bug.cgi?id=736 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxt_tcp: always print the mask partsJan Engelhardt2011-08-201-3/+1
| | | | | | | | | 0xFF is unlikely to happen (given that ALL translates to 0x3F at most), but assuming that through magic, 0xFF was put into memory, iptables -S/iptables-save would ignore printing it, practically outputting just one argument to --tcp-flags which currently wants two. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxt_set: update man page about kernel support on the featureJan Engelhardt2011-08-202-6/+4
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxt_u32: fix missing allowance for inversionJan Engelhardt2011-08-201-1/+1
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>