summaryrefslogtreecommitdiffstats
path: root/extensions
Commit message (Collapse)AuthorAgeFilesLines
* ebtables-compat: build ebtables extensionsGiuseppe Longo2014-11-241-5/+35
| | | | | | | This permits to build extensions for ebtables-compat layer. Signed-off-by: Giuseppe Longo <giuseppelng@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* extensions: libxt_TEE: Trim kernel struct to allow deletionLoganaden Velvindron2014-11-091-2/+2
| | | | | | | | | | | | | | | Correct trimming of userspacesize to fix deletions. Fixes: Bugzilla #884. The rule having TEE target with '--oif' option cannot be deleted by iptables command. $ iptables -I INPUT -i foo -j TEE --gateway x.x.x.x --oif bar $ iptables -D INPUT -i foo -j TEE --gateway x.x.x.x --oif bar iptables: No chain/target/match by that name. Signed-off-by: Loganaden Velvindron <logan@elandsys.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* Merge branch 'ipset'Pablo Neira Ayuso2014-11-052-5/+209
|\ | | | | | | | | | | This provides the ipset skbinfo extension. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * xtables: SET target: Add mapping of meta informations (skbinfo ipset extension)Anton Danilov2014-09-142-5/+209
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This feature add support of mapping metainformation to packets like nftables maps or ipfw tables. Currently we can map firewall mark, tc priority and hardware NIC queue. Usage of this functionality allowed only from mangle table. We can map tc priority only in OUTPUT/FORWARD/POSTROUTING chains because it rewrite by route decision. If entry doesn't exist in the set nothing of fields changed. Example of classify by destination address: iptables -t mangle -A POSTROUTING -o eth0 -j SET --map-set DST2CLASS dst --map-prio Signed-off-by: Anton Danilov <littlesmilingcloud@gmail.com> Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
* | extensions: devgroup: fix showing and saving of dst-groupAna Rey2014-11-041-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Closes bugzilla: https://bugzilla.netfilter.org/show_bug.cgi?id=985 The --dst-group parameter in devgroup extensions lists and saves incorrectly its value. --dst-group always shows "0x0/0x0". This is an example: # iptables -I FORWARD -m devgroup --dst-group 200 -j ACCEPT # iptables -L FORWARD Chain FORWARD (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere src-group 0x64 dst-group 0x0/0x0 # iptables -S FORWARD -P FORWARD ACCEPT -A FORWARD -m devgroup --dst-group 0x0/0x0 -j ACCEPT Reporte-by: Axinchan <axinchan@cnrouter.com> Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* | Merge branch 'tests'Pablo Neira Ayuso2014-10-0159-0/+725
|\ \ | | | | | | | | | | | | This merges the iptables-test.py script and the corresponding test files.
| * | extensions: libxt_MARK: add unit testPablo Neira Ayuso2013-10-071-0/+7
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libxt_owner: add unit testPablo Neira Ayuso2013-10-071-0/+12
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libip6t_DNAT: add unit testPablo Neira Ayuso2013-10-071-0/+8
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libipt_SNAT: add unit testPablo Neira Ayuso2013-10-071-0/+8
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libxt_TEE: add unit testPablo Neira Ayuso2013-10-071-0/+4
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libxt_physdev: add unit testPablo Neira Ayuso2013-10-071-0/+14
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libxt_iprange: add unit testPablo Neira Ayuso2013-10-071-0/+11
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libxt_quota: add unit testPablo Neira Ayuso2013-10-071-0/+10
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libxt_cpu: add unit testPablo Neira Ayuso2013-10-071-0/+6
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libxt_dscp: add unit testPablo Neira Ayuso2013-10-071-0/+10
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libip6t_REJECT: add unit testPablo Neira Ayuso2013-10-071-0/+9
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libxt_multiport: add unit testPablo Neira Ayuso2013-10-071-0/+23
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libipt_ULOG: add unit testPablo Neira Ayuso2013-10-071-0/+19
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libxt_conntrack: add unit testPablo Neira Ayuso2013-10-071-0/+27
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libxt_limit: add unit testPablo Neira Ayuso2013-10-071-0/+6
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libip6t_eui64: add unit testPablo Neira Ayuso2013-10-071-0/+8
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libxt_DSCP: add unit testPablo Neira Ayuso2013-10-071-0/+11
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libxt_TOS: add unit testPablo Neira Ayuso2013-10-071-0/+16
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libxt_TRACE: add unit testPablo Neira Ayuso2013-10-071-0/+3
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libipt_ECN: add unit testPablo Neira Ayuso2013-10-071-0/+5
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libxt_standard: add unit testPablo Neira Ayuso2013-10-071-0/+4
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libipt_MASQUERADE: add unit testPablo Neira Ayuso2013-10-071-0/+8
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libxt_NOTRACK: add unit testPablo Neira Ayuso2013-10-071-0/+4
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libxt_sctp: add unit testPablo Neira Ayuso2013-10-071-0/+32
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libipt_REJECT: add unit testPablo Neira Ayuso2013-10-071-0/+9
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libxt_mark: add unit testPablo Neira Ayuso2013-10-071-0/+7
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libxt_nfacct: add unit testPablo Neira Ayuso2013-10-071-0/+10
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libxt_rateest: add unit testPablo Neira Ayuso2013-10-071-0/+16
| | | | | | | | | | | | | | | | | | based on tests/options-most.rules Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libxt_string: add unit testPablo Neira Ayuso2013-10-071-0/+18
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libxt_state: add unit testPablo Neira Ayuso2013-10-071-0/+6
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libxt_CT: add unit testPablo Neira Ayuso2013-10-071-0/+20
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libxt_pkttype: add unit testPablo Neira Ayuso2013-10-071-0/+6
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libipt_ttl.t: add unit testPablo Neira Ayuso2013-10-071-0/+15
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libxt_NFQUEUE: add unit testPablo Neira Ayuso2013-10-071-0/+12
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libipt_icmp: add unit testPablo Neira Ayuso2013-10-071-0/+15
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libxt_helper: add unit testPablo Neira Ayuso2013-10-071-0/+6
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libxt_esp: add unit testPablo Neira Ayuso2013-10-071-0/+9
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libxt_dccp: add unit testPablo Neira Ayuso2013-10-071-0/+30
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libxt_NFLOG: add unit testPablo Neira Ayuso2013-10-071-0/+19
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libxt_tos: add unit testPablo Neira Ayuso2013-10-071-0/+13
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libxt_tcp: add unit testPablo Neira Ayuso2013-10-071-0/+26
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libxt_udp: add unit testPablo Neira Ayuso2013-10-071-0/+22
| | | | | | | | | | | | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libxt_length: add unit testPablo Neira Ayuso2013-10-071-0/+10
| | | | | | | | | | | | | | | | | | based on tests/options-most.rules Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| * | extensions: libxt_time: add unit testPablo Neira Ayuso2013-10-071-0/+4
| | | | | | | | | | | | | | | | | | based on tests/options-most.rules Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>