summaryrefslogtreecommitdiffstats
path: root/extensions
Commit message (Collapse)AuthorAgeFilesLines
* extensions: remove redundant castsJan Engelhardt2009-06-082-8/+8
| | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* DNAT/SNAT: add manpage documentation for --persistent flagJan Engelhardt2009-06-083-4/+12
| | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* extensions: use NFPROTO_UNSPEC for .family fieldJan Engelhardt2009-06-0117-19/+19
| | | | | | | | This constant would be the designated one for the .family field; it also, given recent changes, makes grep for NFPROTO_UNSPEC work to finally recollect all manpages. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* build: fix manpage collectionJan Engelhardt2009-06-011-1/+4
| | | | | | | | | | | | Florian Westphal points out that v1.4.3.2-9-gc304d77 greps for the keyword in the wrong file, and that files with NFPROTO_UNSPEC are skipped. This patch corrects that part, and makes `make` now output the manpages it collected. Reported-by: Florian Westphal <fw@strlen.de> Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* policy: merge ipv6 and ipv4 variantJan Engelhardt2009-06-012-463/+114
| | | | | | | | The files duplicate most of their code, and struct ipt_policy_info being defined to xt_policy_info makes them actually have even more in common. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* policy: use direct xt_policy_info instead of ipt/ip6tJan Engelhardt2009-05-312-66/+66
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libip6t_policy: remove redundant functionsJan Engelhardt2009-05-311-40/+8
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* manpages: do not include v4-only modules in ip6tables manpageJan Engelhardt2009-05-261-5/+5
| | | | | References: http://bugs.debian.org/529954 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* addrtype: fix one manpage typeJan Engelhardt2009-05-261-1/+1
| | | | | References: http://bugs.debian.org/528457 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* iptables: replace open-coded sizeof by ARRAY_SIZEJan Engelhardt2009-05-2615-101/+44
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* extensions: add const qualifiers in print/save functionsJan Engelhardt2009-05-2628-80/+67
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* extensions: add `cluster' match supportPablo Neira Ayuso2009-05-062-0/+300
| | | | | | This patch adds support for the cluster match to iptables. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* SNAT/DNAT: add support for persistent multi-range NAT mappingsPatrick McHardy2009-04-172-2/+21
| | | | | | | Add support for persistent mappings (2.6.29-rc2+) as replacement for the removed SAME target. Signed-off-by: Patrick McHardy <kaber@trash.net>
* libxt_conntrack: properly output negation symbolJan Engelhardt2009-04-051-4/+4
| | | | | | | | | Because the wrong flag was checked, the "!" was either wrongly printed, or not printed at all. This was broken since v1.4.0-29-ga8ad34c. Reported-by: Steven Jan Springl <steven@springl.ukfsn.org> Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* CLASSIFY: document non-standard interpretation behaviorJan Engelhardt2009-04-042-2/+3
| | | | | | | | Most other extensions use strtoul (by means of xtables_strtoui) and would abide by the standard convention of hex/octal prefixes 0x/0, and decimal otherwise, but CLASSIFY is an exception. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* build: add configure option to disable ipv4 iptablesJan Engelhardt2009-04-031-1/+1
| | | | | | This patch complements the previous one. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* build: add configure option to disable ip6tablesJan Engelhardt2009-04-031-1/+1
| | | | | | | | This also skips building the IPv6 extensions. It does not #ifdef out all code however, I think that would make it too ugly. Inspired-by: http://bugzilla.netfilter.org/show_bug.cgi?id=560 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxt_tcpmss: fix an inversion while parsing --mssJan Engelhardt2009-03-241-1/+1
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxt_hashlimit: add missing space for iptables-save outputJan Engelhardt2009-03-241-1/+1
| | | | | Reference: http://bugzilla.netfilter.org/show_bug.cgi?id=568 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxt_comment: output quotes must be escaped inJan Engelhardt2009-03-191-1/+2
| | | | | Reference: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=519584 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxt_connbytes: document nf_ct_acct behaviorJan Engelhardt2009-03-171-0/+6
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxt_connbytes: minor manpage adustmentsJan Engelhardt2009-03-171-5/+5
| | | | | | Use explicit paragraph separator and conntrack(8). Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* Merge commit 'nf/master'Jan Engelhardt2009-03-151-4/+4
|\
| * string: fix wrong pattern length calculationPablo Neira Ayuso2009-03-021-4/+4
| | | | | | | | | | | | | | | | This fixes a problem introduced in 37b4bde745698bf140d74e59a2561f34deeb8726 that leads to the wrong calculation of the pattern length in the string match. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* | extensions: add missing limits.h includeJan Engelhardt2009-02-217-0/+7
| | | | | | | | | | | | Thanks to Stephen Hemminger for noticing. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* | include: resynchronize headers with 2.6.29-rc5Jan Engelhardt2009-02-216-54/+54
|/ | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxt_policy: use bounded strtouiJan Engelhardt2009-02-212-6/+14
| | | | | | | | | | reqid and SPI can only have a value in the range 0..UINT32_MAX, not the entire range of the "long" type. Also throw an error if the incoming string does not look like a pure number. "Replaces" commit 6db2ded2f22a7e78743c86af523b8430876582e9. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* extensions: remove unwanted/add needed includes for IPv4 extsJan Engelhardt2009-02-2116-15/+2
| | | | | | | Most touched files do not use anything from ip_tables.h, so remove that #include. multiport instead, does need it (ipt_entry). Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* extensions: remove unwanted/add needed includes for IPv6 extsJan Engelhardt2009-02-218-9/+3
| | | | | | | Most touched files do not use anything from ip6_tables.h, so remove that #include. multiport instead, does need it (ip6t_entry). Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxtables: prefix exit_error to xtables_errorJan Engelhardt2009-02-2182-629/+629
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxt_policy: cannot set spi/reqid numbers higher than 0x7fffffffChristian Perle2009-02-172-4/+4
| | | | | | | | | | | http://bugzilla.netfilter.org/show_bug.cgi?id=577 When using the -m policy match, the option argument for --spi is converted using strtol(), which returns a signed 32 bit value, so the highest positive value is 0x7fffffff. Instead strtoul() should be used. The same applies for the --reqid option argument. Signed-off-by: Patrick McHardy <kaber@trash.net>
* doc: do not put IPv4 doc into ip6tables.8Jan Engelhardt2009-02-171-11/+5
| | | | | Reference: http://bugs.debian.org/515752 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* doc: fix option typo in libxt_multiportMarc Fournier2009-02-121-2/+2
| | | | | Reference: http://bugs.debian.org/511891 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxt_string: fix undefined behavior/incorrect patlen calculationJan Engelhardt2009-02-121-1/+3
| | | | | | | strlen ran over the end of the string. Use strnlen to bound it. Reference: http://bugs.debian.org/513516 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxtables: prefix/order - move parse_protocol to xtables.cJan Engelhardt2009-01-304-5/+5
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxtables: prefix/order - move check_inverse to xtables.cJan Engelhardt2009-01-3060-124/+124
| | | | | | | This also adds a warning that intrapositional negation support is deprecated. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxtables: prefix - parse and escaped output funcJan Engelhardt2009-01-307-20/+20
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxtables: prefix - misc functionsJan Engelhardt2009-01-307-18/+18
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxtables: prefix/order - ascii to ipaddr/ipmask inputJan Engelhardt2009-01-306-19/+19
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxtables: prefix/order - ipaddr/ipmask to ascii outputJan Engelhardt2009-01-308-39/+39
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxtables: prefix/order - param_actJan Engelhardt2009-01-3011-140/+140
| | | | | | | | Changes: exittype -> xtables_exittype P_* -> XTF_* flags Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxtables: prefix/order - strtouiJan Engelhardt2009-01-2734-95/+108
| | | | | | This commit also throws out the redundant string_to_number_*. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* extensions: use UINT_MAX constants over open-coded numbers (2/2)Jan Engelhardt2009-01-2720-34/+34
| | | | | | Use the handy constants for ranges. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* extensions: use UINT_MAX constants over open-coded bits (1/2)Jan Engelhardt2009-01-278-33/+33
| | | | | | ~0 depends on the sizeof(int), so it is better to use UINT32_MAX. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxt_owner: use correct UID/GID boundariesJan Engelhardt2009-01-271-7/+7
| | | | | | | -1 is a reserved number (chown uses it to denote "do not change"), so the maximum libxt_owner should permit is up to UINT32_MAX-1. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* src: remove redundant castsJan Engelhardt2009-01-2718-27/+25
| | | | | | All of them are implicitly convertable without any wanted side effects. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* src: remove redundant returns at end of void-returning functionsJan Engelhardt2009-01-275-9/+0
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* man: fix physdev manpageBart De Schuymer2009-01-261-3/+3
| | | | | | | | A sentence of the physdev module's help entry was truncated by the man program because the line starts with a single quote. Signed-off-by: Bart De Schuymer <bdschuym@pandora.be> Signed-off-by: Patrick McHardy <kaber@trash.net>
* libxt_owner: add more spaces to outputDaniel Drake2009-01-191-2/+2
| | | | | | | | | | | | | Commit bb9284d1 ("libxt_owner: add spaces to output") moved the printing of spaces away from the owner_mt_print() function family, but forgot to add spaces in all of the print_item() functions that are called. This is likely to be at least the partial cause of https://bugs.gentoo.org/show_bug.cgi?id=254435 Signed-off-by: Daniel Drake <dsd@gentoo.org> Approves-of-this-patch: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* doc: augment ICMP manpage by type/code syntaxJan Engelhardt2009-01-142-3/+3
| | | | | | | | | The ICMP match module also allows numeric type/code as in "--icmp-type type/code". Document it. Based upon a patch by Victor Stinner <vstinner@inl.fr>. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>