summaryrefslogtreecommitdiffstats
path: root/extensions
Commit message (Collapse)AuthorAgeFilesLines
* doc: fix trivial typo in libipt_SNATElie De Brauwer2011-06-011-1/+1
| | | | | | | The word "occur" had ufortunately been removed in v1.3.8~23. References: http://bugzilla.netfilter.org/show_bug.cgi?id=707 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* build: move remaining preprocessor flags to CPPFLAGSMike Frysinger2011-06-011-2/+2
| | | | | References; http://bugzilla.netfilter.org/show_bug.cgi?id=713 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* build: move kinclude's preprocessor flags to kinclude_CPPFLAGSJan Engelhardt2011-06-011-3/+3
| | | | | References: http://bugzilla.netfilter.org/show_bug.cgi?id=713 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* build: move basic preprocessor flags to regular_CPPFLAGSJan Engelhardt2011-06-011-3/+6
| | | | | | | This is where they belong, after all. References: http://bugzilla.netfilter.org/show_bug.cgi?id=713 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxt_owner: restore inversion supportJan Engelhardt2011-05-291-2/+4
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* Merge branch 'master' of git://dev.medozas.de/iptablesPatrick McHardy2011-05-2519-188/+180
|\
| * libxt_time: deprecate --localtz option, document kernel TZ caveatsJan Engelhardt2011-05-252-18/+45
| | | | | | | | | | | | | | | | | | | | | | | | Comparing against the kernel time zone has significant caveats. This patch adds documentation about the issue, and makes --utc the default setting for libxt_time. Furthremore, throw a warning on using the "--localtz" option, to avoid confusion with one's shell TZ environment variable, and rename it to "--kerneltz" to be explicit about whose timezone will be used. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxt_time: --utc and --localtz are mutually exclusiveJan Engelhardt2011-05-251-2/+6
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxt_time: always ignore libc timezoneJan Engelhardt2011-05-251-1/+7
| | | | | | | | | | | | | | | | | | Since xt_time is meant to work across many months, libc doing automatic conversion from local time to UTC (during parse) is unwanted, especially when --utc is specified. The same goes for dumping. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxt_NFQUEUE: add mutual exclusion between qnum and qbalJan Engelhardt2011-05-251-2/+5
| | | | | | | | | | | | | | Only one is printed on save operation, which leads me to believe that only one is meant to be used. The manpage seems to corroborate. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxt_NFQUEUE: avoid double attempt at parsingJan Engelhardt2011-05-251-4/+1
| | | | | | | | | | | | | | | | Fixes this error: NFQUEUE: option "--queue-num" can only be used once. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxtables: have xtopt_parse_mint interpret partially-spec'd rangesJan Engelhardt2011-05-257-106/+23
| | | | | | | | | | | | | | | | | | | | | | | | | | When ":n" or "n:" is specified, it will now be interpreted as "0:n" and "n:<max>", respecitvely. nvals will always reflect the number of (expanded) components. This restores the functionality of options that take such partially-unspecified ranges. This makes it possible to nuke the per-matchdata init functions of some extensions and simply the extensions postparsing to the point where it only needs to check for nvals==1 or ==2. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libip6t_rt: restore --rt-type storingJan Engelhardt2011-05-241-2/+2
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxt_u32: --u32 option is requiredJan Engelhardt2011-05-241-1/+2
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxt_ipvs: restore network-byte orderJan Engelhardt2011-05-241-2/+4
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * doc: remove redundant .IP calls in libxt_timeJan Engelhardt2011-05-241-6/+0
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * doc: use .IP list for TCPMSSJan Engelhardt2011-05-241-10/+4
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * doc: make usage of libxt_rateest more obviousJan Engelhardt2011-05-221-15/+56
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * doc: add some coded option examples to libxt_hashlimitJan Engelhardt2011-05-221-10/+16
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxt_rateest: streamline case display of unitsJan Engelhardt2011-05-201-3/+3
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxt_quota: readd missing XTOPT_PUT requestJan Engelhardt2011-05-201-1/+2
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libipt_REDIRECT: "--to-ports" is not mandatoryLutz Jaenicke2011-05-181-2/+1
| | | | | | | | | | | | | | | | | | The REDIRECT target can be called without the --to-ports option being specified. From the manual page: ...without this, the destination port is never altered. Signed-off-by: Lutz Jaenicke <ljaenicke@innominate.com> Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxtables: retract _NE types and use a flag insteadJan Engelhardt2011-05-181-4/+4
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* | libxt_devgroup: actually set XT_DEVGROUP_OPT_???GROUP flagsLutz Jaenicke2011-05-231-0/+2
|/ | | | | Signed-off-by: Lutz Jaenicke <ljaenicke@innominate.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
* libip6t_rt: rt-0-not-strict should take no argJan Engelhardt2011-05-131-1/+1
| | | | | | | This unfortunately got mixed up during the getopt -> guided parser move. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxt_conntrack: resolve erroneous rev-2 port range messageJan Engelhardt2011-05-131-0/+8
| | | | | | | --ctorigdstport 13 ip6tables-restore v1.4.10: conntrack rev 2 does not support port ranges Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxt_conntrack: fix assignment to wrong memberJan Engelhardt2011-05-131-8/+4
| | | | | | | Of course the range end ought to be set, not doing the start value twice. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxt_conntrack: correct printed module nameJan Engelhardt2011-05-131-2/+2
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libipt_[SD]NAT: avoid false error about multiple destinations specifiedJan Engelhardt2011-05-132-6/+12
| | | | | | | | | | | iptables-restore v1.4.10: DNAT: Multiple --to-destination not supported xtables_option_parse sets cb->xflags already, so that it cannot be directly used to test whether an option is being used for the second time. Thus use a private option/flag (X_TO_DEST/SRC) that is not under the control of xtables_option_parse. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libipt_[SD]NAT: flag up module name on errorJan Engelhardt2011-05-132-2/+2
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxt_policy: use XTTYPE_PROTOCOL typeJan Engelhardt2011-05-121-2/+2
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxt_policy: option table fixes, improved error trackingJan Engelhardt2011-05-122-10/+32
| | | | | | | | | | | Most of the flags are multi-use in this extension. Also transfer --next => --strict requirement to option table. Furthermore, augment the error messages emitted from fcheck to contain the policy element number, and elaborate on what an "empty policy element" is. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* Merge branch 'floating/opts' of git://dev.medozas.de/iptablesPatrick McHardy2011-05-1210-611/+341
|\
| * libipt_SAME: use guided option parserJan Engelhardt2011-05-091-52/+30
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libipt_REDIRECT: use guided option parserJan Engelhardt2011-05-091-37/+25
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libipt_MASQUERADE: use guided option parserJan Engelhardt2011-05-091-27/+21
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libipt_SNAT: use guided option parserJan Engelhardt2011-05-091-49/+39
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libipt_DNAT: use guided option parserJan Engelhardt2011-05-091-49/+39
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxt_iprange: use guided option parserJan Engelhardt2011-05-091-90/+54
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libipt_CLUSTERIP: use guided option parserJan Engelhardt2011-05-091-105/+52
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxt_mac: use guided option parserJan Engelhardt2011-05-091-60/+20
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libip6t_rt: use guided option parserJan Engelhardt2011-05-091-115/+44
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libip6t_mh: use guided option parserJan Engelhardt2011-05-091-27/+17
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* | Merge branch 'opts' of git://dev.medozas.de/iptablesPatrick McHardy2011-05-1113-1768/+890
|\|
| * libxt_conntrack: use guided option parserJan Engelhardt2011-05-091-451/+219
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxt_ipvs: use guided option parserJan Engelhardt2011-05-091-143/+65
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxt_limit: use guided option parserJan Engelhardt2011-05-091-32/+21
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libipt_NETMAP: use guided option parserJan Engelhardt2011-05-091-90/+16
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxt_multiport: use guided option parserJan Engelhardt2011-05-091-105/+73
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxt_osf: use guided option parserJan Engelhardt2011-05-091-68/+29
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>