summaryrefslogtreecommitdiffstats
path: root/extensions
Commit message (Collapse)AuthorAgeFilesLines
* libxt_TOS: make sure --set-tos value/mask is recognizedJan Engelhardt2008-06-301-1/+2
| | | | | | | | | Only when a 'stop' pointer is passed, the string may consist of more than just a number. Reported-by: Anonymous Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* iprange: kernel flags were not setJan Engelhardt2008-06-131-0/+6
| | | | | | | | | The --src-range and --dst-range parameters did not set the IPRANGE_* flags in struct xt_iprange_mtinfo. Reported-by: Maxim Britov <maxim.britov@gmail.com> Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* build: fix `make install` when --disable-shared is usedJan Engelhardt2008-06-121-1/+1
| | | | | | | | | When --disable-shared is used, there are no .so files to install, and the argument order for install would get messed up. Reported-by: Michael Teicher <mteicher@gmail.com> Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* manpage updatesJan Engelhardt2008-06-0818-43/+47
| | | | | | | | | A number of options support negation, but the manpage did not reflect this ("[!]" was absent). Also fix a few [] (optional arguments) to {} (required arguments) in the option-BNF. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* sparse warning fixes: integer used as pointerPatrick McHardy2008-06-075-9/+9
| | | | Signed-off-by: Patrick McHardy <kaber@trash.net>
* libxt_owner: add spaces to outputJan Engelhardt2008-06-061-23/+23
| | | | | | | | | | It could happen that --<arg><value> was printed on iptables-save with owner rules (owner_mt_save() function) without the obligatory space inbetween. Also transfer printing of the space character into owner_mt_print_item(). Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* addrtype match: added revision 1Laszlo Attila Toth2008-06-062-16/+206
| | | | | | | | | In revision 1 address type checking can be limited to either the incoming or outgoing interface depending on the current chain. In the FORWARD chain only one of them is allowed at the same time. Signed-off-by: Laszlo Attila Toth <panther@balabit.hu> Signed-off-by: Patrick McHardy <kaber@trash.net>
* Fix iptables-save output of libxt_owner matchLutz Jaenicke2008-06-061-9/+9
| | | | | The _save functions need to use the same syntax that is used for parsing the input instead of "user readable" output.
* build: check for missing feature filesJan Engelhardt2008-06-051-0/+3
| | | | | | | | | | linux/dccp.h is unlikely to be installed before 2.6.18 (which was when headers_install was introduced), and does not exist at all before 2.6.14. Add a compile-time check to skip compilation of libxt_dccp in case this was detected. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* manpages: consistent syntaxPatrick McHardy2008-06-0230-83/+90
| | | | | | | | | | In the manpages, bold is used to denote characters the user has to enter verbatim, italic denotes placeholders and non-highlighted pieces are used as a structure: "[]" specifying an optional part, "{}" a mandatory part, with "|" used for alternations. The "!" for negation is better supported before the option than after it, too. The patch makes a few files consistent with this style already used in manpages.
* REDIRECT: Allow symbolic port in REDIRECT --to-portKristof Provost2008-05-261-0/+3
| | | | | | Fixes Bugzilla 482. Signed-off-by: Kristof Provost <kristof@sigsegv.be>
* Don't assume /bin/sh is bashThomas Jacob2008-05-201-6/+8
| | | | | | | | The new iptables git version assumes /bin/sh is always GNU bash, that's not the case (Ubuntu 8.04 uses dash), see attachment for a fix. Signed-off-by: Patrick McHardy <kaber@trash.net>
* iptables out-of-tree build directoryJan Engelhardt2008-05-121-1/+3
| | | | | | | Reported by: Henrik Nordstrom When xtables.h is not already found in /usr/include, compilation would fail when ${top_srcdir} != ${top_builddir}.
* Remove old functions, constantsJan Engelhardt2008-04-1584-540/+481
|
* Resolve libipt_set warningsJan Engelhardt2008-04-151-9/+9
|
* Remove support for compilation of conditional extensionsJan Engelhardt2008-04-158-233/+3
|
* Combine ipt and ip6t manpagesJan Engelhardt2008-04-1415-204/+12
| | | | Combine ipt and ip6t manpages
* Implement AF_UNSPEC as a wildcard for extensionsJan Engelhardt2008-04-1416-275/+21
|
* RATEEST: add manpageJan Engelhardt2008-04-142-3/+13
|
* manpages: update to reflect fine-grained controlJan Engelhardt2008-04-1310-17/+17
|
* manpages: grammar and spellingJan Engelhardt2008-04-136-8/+8
|
* manpages: fix broken markup (missing close tags)Jan Engelhardt2008-04-138-11/+11
|
* Combine IP{,6}T_LIB_DIR into XTABLES_LIBDIRJan Engelhardt2008-04-131-3/+3
|
* Add support for xt_hashlimit match revision 1Jan Engelhardt2008-04-132-58/+426
|
* Fix all remaining warnings (missing declarations, missing prototypes)Jan Engelhardt2008-04-133-6/+3
|
* Update the libxt_owner manpage with the UID/GID-range featureJan Engelhardt2008-04-061-6/+9
|
* Fix -Wshadow warnings and clean up xt_sctp.hJan Engelhardt2008-04-067-44/+51
| | | | | Note: xt_sctp.h is still not merged upstream in the kernel as of this commit. But a refactoring was really needed.
* Drop -W from CFLAGS and some tiny code cleanupsJan Engelhardt2008-04-067-9/+9
| | | | | - change "unsigned" to explicit "unsigned int" - remove some casts
* Correct the family member value of libxt_mark revision 1Jan Engelhardt2008-04-061-1/+1
| | | | | libxt_mark rev1 used AF_INET6 in the class structure where it should have used AF_INET.
* Fix compilation of iptables-static buildJan Engelhardt2008-04-061-3/+3
| | | | | | | | Adjust the _INIT macro and thus fix the build/linking procedure of the monolithic do-it-all binary (iptables-static). Also fix the Makefile since unfortunately, lib%.o does not seem to have a higher precedence than %.o
* [IPTABLES]: libxt_iprange: Fix IP validation logicJames King2008-04-021-2/+2
| | | | | | | IP address validation logic was inverted, causing valid addresses to be rejected. Signed-off-by: James King <t.james.king@gmail.com>
* Fix define value of SCTP chunk type.Naohiro Ooiwa2008-02-291-2/+2
| | | | | | | There are wrong chunk_type values in sctp table. The chunk_type of ASCONF and ASCNF_ACK must be 193 and 128, respectively. Naohiro Ooiwa <nooiwa@miraclelinux.com>
* fix gcc warningsMax Kellermann2008-01-2978-96/+98
| | | | Max Kellermann <max@duempel.org>
* escape stringsMax Kellermann2008-01-294-7/+14
| | | | Max Kellermann <max@duempel.org>
* use size_tMax Kellermann2008-01-291-4/+5
| | | | Max Kellermann <max@duempel.org>
* whitespace cleanupMax Kellermann2008-01-291-28/+28
| | | | Max Kellermann <max@duempel.org>
* Fix REDIRECT manpageMax Kellermann2008-01-291-2/+1
| | | | Max Kellermann <max@duempel.org>
* [IPTABLES]: libxt_owner: UID/GID range supportJan Engelhardt2008-01-291-21/+47
| | | | | | UID/GID range support for libxt_owner Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
* [IPTABLES]: libxt_conntrack revision 1Jan Engelhardt2008-01-292-17/+576
| | | | | | Add support for xt_conntrack match revision 1. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
* libxt_CONNMARK revision 1Jan Engelhardt2008-01-292-20/+305
| | | | | | Add support for xt_CONNMARK target revision 1. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
* Build adjustmentsJan Engelhardt2008-01-291-4/+4
| | | | | | | | | A few build system changes. * ip6tables needs IP6T_LIB_DIR * correctly trigger rebuild of master manpages when submanpages have been touched Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de.
* Give preference to iptables header filesJan Engelhardt2008-01-291-2/+3
| | | | | | | | Have the header files in the iptables source tree take precedence over those from the kernel source. Otherwise, building the current iptables from subversion just fails with kernels < 2.6.25. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
* libxt_TCPOPTSTRIPSven Schnelle2008-01-202-0/+219
| | | | | | | Import libxt_TCPOPTSTRIP into iptables. Signed-off-by: Sven Schnelle <svens@bitebene.org> Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
* libxt_iprange r1Jan Engelhardt2008-01-201-1/+222
| | | | | | Add support for xt_iprange revision 1 Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
* libxt_iprange r0Jan Engelhardt2008-01-203-51/+46
| | | | | | Move libipt_iprange to libxt_iprange. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
* libxt_mark r1Jan Engelhardt2008-01-201-28/+112
| | | | | | Introduce libxt_mark match revision 1 support. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
* libxt_hashlimit checksJan Engelhardt2008-01-201-0/+17
| | | | | | Add checks for libxt_hashlimit so that options cannot be passed twice Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
* rename overlapping function namesJan Engelhardt2008-01-208-25/+23
| | | | | | Rename overlapping function names. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
* bunch o' renamesJan Engelhardt2008-01-206-17/+18
| | | | | | | | Move a few functions from iptables.c/ip6tables.c to xtables.c so they are available for combined (both AF_INET and AF_INET6) libxt modules. Rename overlapping function names. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
* libxt_conntrack r0Jan Engelhardt2008-01-203-163/+188
| | | | | | Move libipt_conntrack to libxt_conntrack. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>