summaryrefslogtreecommitdiffstats
path: root/extensions
Commit message (Collapse)AuthorAgeFilesLines
* libxtables: prefix/order - strtouiJan Engelhardt2009-01-2734-95/+108
| | | | | | This commit also throws out the redundant string_to_number_*. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* extensions: use UINT_MAX constants over open-coded numbers (2/2)Jan Engelhardt2009-01-2720-34/+34
| | | | | | Use the handy constants for ranges. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* extensions: use UINT_MAX constants over open-coded bits (1/2)Jan Engelhardt2009-01-278-33/+33
| | | | | | ~0 depends on the sizeof(int), so it is better to use UINT32_MAX. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxt_owner: use correct UID/GID boundariesJan Engelhardt2009-01-271-7/+7
| | | | | | | -1 is a reserved number (chown uses it to denote "do not change"), so the maximum libxt_owner should permit is up to UINT32_MAX-1. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* src: remove redundant castsJan Engelhardt2009-01-2718-27/+25
| | | | | | All of them are implicitly convertable without any wanted side effects. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* src: remove redundant returns at end of void-returning functionsJan Engelhardt2009-01-275-9/+0
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* man: fix physdev manpageBart De Schuymer2009-01-261-3/+3
| | | | | | | | A sentence of the physdev module's help entry was truncated by the man program because the line starts with a single quote. Signed-off-by: Bart De Schuymer <bdschuym@pandora.be> Signed-off-by: Patrick McHardy <kaber@trash.net>
* libxt_owner: add more spaces to outputDaniel Drake2009-01-191-2/+2
| | | | | | | | | | | | | Commit bb9284d1 ("libxt_owner: add spaces to output") moved the printing of spaces away from the owner_mt_print() function family, but forgot to add spaces in all of the print_item() functions that are called. This is likely to be at least the partial cause of https://bugs.gentoo.org/show_bug.cgi?id=254435 Signed-off-by: Daniel Drake <dsd@gentoo.org> Approves-of-this-patch: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* doc: augment ICMP manpage by type/code syntaxJan Engelhardt2009-01-142-3/+3
| | | | | | | | | The ICMP match module also allows numeric type/code as in "--icmp-type type/code". Document it. Based upon a patch by Victor Stinner <vstinner@inl.fr>. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* doc: escape minus sign in manpagesJan Engelhardt2009-01-1278-404/+400
| | | | | | | groff formats '-' as a hyphen, and '\-' is needed for a minus. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* rateest: guard against segfaultJan Engelhardt2008-12-301-0/+3
| | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* iptables-save: output ! in position according to manpageJan Engelhardt2008-12-0916-78/+54
| | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* doc: fix a typo in libip6t_REJECT.manJan Engelhardt2008-11-241-2/+1
| | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* src: remove inclusion of iptables.hJan Engelhardt2008-11-2040-38/+38
| | | | | | | | | iptables.h and ip6tables.h only include declarations internal to iptables (specifically iptables.c and ip6tables.c), as most of the public API has been moved to xtables.h a few months ago. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* state: report spaces in the state list parsingPablo Neira Ayuso2008-11-192-2/+8
| | | | | | | | | | | | | | | | | | | | | | | | This patch adds better error reporting when the user inserts a space between two states with the --state option. iptables -I INPUT -m state ESTABLISHED, RELATED ^ mind the space results in: iptables v1.4.2-rc1: Bad state `' Try `iptables -h' or 'iptables --help' for more information. Now this returns: iptables v1.4.2-rc1: `--state' requires a list of states with no spaces, e.g. ESTABLISHED,RELATED This patch also applies to libxt_conntrack which has a copy of the function. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: use NFPROTO_ constantsJan Engelhardt2008-11-1871-128/+128
| | | | | | | | Resync netfilter.h from the latest kernel and make use of the new NFPROTO_ constants that have been introduced. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* libxt_conntrack: dump ctdirJan Engelhardt2008-11-121-0/+15
| | | | | | | | Sent in as part of a larger private mail by Gáspár Lajos <swifty@freemail.hu>; I cherry-picked the ctdir part. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* libxt_conntrack: respect -n option during ruledumpJan Engelhardt2008-11-101-2/+8
| | | | | | | Reference: http://bugs.debian.org/502548 Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* Add SCTP/DCCP support to NAT targetsPatrick McHardy2008-11-044-4/+12
| | | | Signed-off-by: Patrick McHardy <kaber@trash.net>
* Fix compile warnings using gcc 4.3.2Thomas Jarosch2008-10-234-0/+4
| | | | | | | | | | | | | | libxt_dccp.c: In function 'port_to_service': libxt_dccp.c:196: warning: implicit declaration of function 'htons' libxt_sctp.c: In function 'port_to_service': libxt_sctp.c:321: warning: implicit declaration of function 'htons' libxt_tcp.c: In function 'port_to_service': libxt_tcp.c:220: warning: implicit declaration of function 'htons' libxt_udp.c: In function 'port_to_service': libxt_udp.c:104: warning: implicit declaration of function 'htons' Signed-off-by: Thomas Jarosch <thomas.jarosch@intra2net.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
* Fix compile error in libxt_iprange.c using gcc 4.3.2Thomas Jarosch2008-10-231-0/+1
| | | | | | | | | | | | | | | | | | | | | In file included from libxt_iprange.c:9: ../include/linux/netfilter.h:43: error: field 'in' has incomplete type ../include/linux/netfilter.h:44: error: field 'in6' has incomplete type libxt_iprange.c: In function 'parse_iprange': libxt_iprange.c:46: error: dereferencing pointer to incomplete type libxt_iprange.c:53: error: dereferencing pointer to incomplete type libxt_iprange.c: In function 'iprange_mt4_parse': libxt_iprange.c:117: error: dereferencing pointer to incomplete type libxt_iprange.c:121: error: dereferencing pointer to incomplete type libxt_iprange.c:136: error: dereferencing pointer to incomplete type libxt_iprange.c:140: error: dereferencing pointer to incomplete type libxt_iprange.c: In function 'iprange_mt6_parse': libxt_iprange.c:167: error: dereferencing pointer to incomplete type libxt_iprange.c:171: error: dereferencing pointer to incomplete type libxt_iprange.c:186: error: dereferencing pointer to incomplete type libxt_iprange.c:190: error: dereferencing pointer to incomplete type Signed-off-by: Thomas Jarosch <thomas.jarosch@intra2net.com>
* libxt_recent: add IPv6 supportJan Engelhardt2008-10-222-60/+76
| | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* Move libipt_recent to libxt_recentJan Engelhardt2008-10-222-64/+65
| | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* libxt_TOS: fix compilation errorJirí Moravec2008-10-221-0/+1
| | | | | | | | | | | | | Fix compilation error caused by double definition of IPPROTO_SCTP: In file included from /usr/include/netinet/ip.h:25, from /usr/include/linux/ip.h:19, from tos_values.c:4, from libxt_TOS.c:15: /usr/include/netinet/in.h:84: error: expected identifier before numeric constant make[2]: *** [libxt_TOS.oo] Error 1 Signed-off-by: Patrick McHardy <kaber@trash.net>
* Add iptables support for the socket matchKOVACS Krisztian2008-10-152-0/+41
| | | | | | | Add user-space code for the socket match. Signed-off-by: KOVACS Krisztian <hidden@sch.bme.hu> Signed-off-by: Patrick McHardy <kaber@trash.net>
* Add iptables support for the TPROXY targetKOVACS Krisztian2008-10-152-0/+172
| | | | | Signed-off-by: KOVACS Krisztian <hidden@sch.bme.hu> Signed-off-by: Patrick McHardy <kaber@trash.net>
* mark: fix invalid iptables-save outputPablo Sebastian Greco2008-09-291-1/+1
| | | | | | | | | | When a neg mark is saved via iptables-save it is saved as !--mark, but this is not recognized by iptables-restore, just adding a space to the saved file to make it look like "! --mark" makes iptables-restore accept the file. Signed-off-by: Pablo Sebastian Greco <pablo@fliagreco.com.ar> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: update comments part IIJan Engelhardt2008-09-042-4/+4
| | | | | | | | A number of comments are redundant, some outdated and others outright wrong in their own way. Remove and fixup. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* manpages: fix another typo in tcp manpagePatrick McHardy2008-09-011-1/+1
|
* manpages: Fix a typo in tcp man pageWANG Cong2008-09-011-1/+1
| | | | | Signed-off-by: WANG Cong <wangcong@zeuux.org> Signed-off-by: Patrick McHardy <kaber@trash.net>
* src: Missing limits.h includesPhil Oester2008-09-013-0/+5
| | | | | | | | | Latest git doesn't compile for me on Fedora 9 due to various *MAX constants being undefined. Below adds the include in 3 files which need it (although I can't see why this isn't required in 1.4.1.1). Signed-off-by: Phil Oester <kernel@linuxace.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
* libxt_recent: do allow --rttl for --updateJan Engelhardt2008-09-012-2/+2
| | | | | | | | Tony Ho noticed a too-strict check in xt_recent, so here is a fix. Reported-by: Tony Ho <iptables@iblink.com.cn> Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* src: Update commentsJan Engelhardt2008-09-0164-340/+13
| | | | | | | | A number of comments are redundant, some outdated and others outright wrong in their own way. Remove and fixup. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* src: use regular includesJan Engelhardt2008-09-019-10/+9
| | | | | | | | iptables ships with all header files and prioritized its own include directory over /usr/include/linux, so just use the normal brackets. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* libxt_iprange: fix option namesJan Engelhardt2008-09-011-16/+16
| | | | | | | There is no --src-ip, just --src-range. (Same for --dst-range.) Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* libxt_mac: flatten casts in libxt_macJan Engelhardt2008-09-011-5/+8
| | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* manpages: add missing rateest match documentationJan Engelhardt2008-08-151-0/+55
| | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* manpages: add missing rateest documentationJan Engelhardt2008-08-151-0/+1
| | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* manpages: add missing --rsource,--rdest options to libxt_recent.manJan Engelhardt2008-08-131-0/+7
| | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* build: fix initext.c dependencyJan Engelhardt2008-08-131-1/+1
| | | | | | | initext?.c is generated within the current directory, not in ${srcdir}. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* Synchronize invert flag order with manpagesJan Engelhardt2008-08-1320-34/+34
| | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* physdev: remove extra space in outputJan Engelhardt2008-08-131-11/+12
| | | | | | | | Just a cosmetic fix for `iptables -S` and `iptables-save` printing two spaces between arguments in the physdev match. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* manpages: correct erroneous markupJan Engelhardt2008-08-129-10/+10
| | | | | | | | Text paragraphs should use .PP, since .TP makes it a list item with indented description. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* libxt_dscp: fix save of negated dscp match rulesPhil Oester2008-08-041-1/+1
| | | | | | | | | | | | As pointed out by Vyacheslav Garashchenko, iptables-save does not save negated dscp matches properly. Fix below. This closes bugzilla #533. Phil Signed-off-by: Phil Oester <kernel@linuxace.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
* iptables-save: fix hashlimit outputPhil Oester2008-08-041-1/+1
| | | | | | | | | In bugzilla 550, Xeb notes that the --hashlimit-htable-gcinterval argument is saved incorrectly. Patch below corrects. Patch-from: Xeb <xeb@mail.ru> Signed-off-by: Phil Oester <kernel@linuxace.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
* libxt_recent: do not allow both --set and --rttlJan Engelhardt2008-08-041-10/+23
| | | | | | | | | | | | Reported-by: Erich Schubert <erich@debian.org> Reference: Debian bug #346034 "I was using the --rttl option in my --set line; this caused all incoming ssh connections to be rejected; --rttl is only to be used with --rcheck and --update." Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* src: remove dependency on libiptc headersJan Engelhardt2008-08-044-0/+4
| | | | | | | | xtables.h does not need really need libxtc.h, and we can drop it from the install as it is internal-only. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* xt_string: string extension case insensitive matchingJoonwoo Park2008-07-071-10/+60
| | | | | | | | | The string extension can search patterns case insensitively with --icase option. A new revision 1 was added, in the meantime invert of xt_string_info was moved into flags as a flag. Signed-off-by: Joonwoo Park <joonwpark81@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
* libxt_TOS: make sure --set-tos value/mask is recognizedJan Engelhardt2008-06-301-1/+2
| | | | | | | | | Only when a 'stop' pointer is passed, the string may consist of more than just a number. Reported-by: Anonymous Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* iprange: kernel flags were not setJan Engelhardt2008-06-131-0/+6
| | | | | | | | | The --src-range and --dst-range parameters did not set the IPRANGE_* flags in struct xt_iprange_mtinfo. Reported-by: Maxim Britov <maxim.britov@gmail.com> Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>