summaryrefslogtreecommitdiffstats
path: root/include/ip6tables.h
Commit message (Collapse)AuthorAgeFilesLines
* ip{6}tables-restore: fix breakage due to new locking approachPablo Neira Ayuso2013-07-081-1/+1
| | | | | | | | | | | | | | | | Since (93587a0 ip[6]tables: Add locking to prevent concurrent instances), ip{6}tables-restore does not work anymore: iptables-restore < x Another app is currently holding the xtables lock. Perhaps you want to use the -w option? do_command{6}(...) is called from ip{6}tables-restore for every iptables command contained in the rule-set file. Thus, hitting the lock error after the second command. Fix it by bypassing the locking in the ip{6}tables-restore path. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* libiptc: combine common types: _handleJan Engelhardt2011-09-111-5/+5
| | | | | | | No real API/ABI change incurred, since the definition of the structs' types is not visible anyhow. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libiptc: replace ipt_chainlabel by xt_chainlabelJan Engelhardt2011-09-111-3/+3
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* v6: rename print_rule() to print_rule6()Maciej Zenczykowski2011-04-041-1/+1
| | | | | Signed-off-by: Maciej Zenczykowski <maze@google.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
* v6: rename delete_chain() to delete_chain6()Maciej Zenczykowski2011-04-041-1/+1
| | | | | Signed-off-by: Maciej Zenczykowski <maze@google.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
* v6: rename flush_entries() to flush_entries6()Maciej Zenczykowski2011-04-041-1/+1
| | | | | Signed-off-by: Maciej Zenczykowski <maze@google.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
* v6: rename for_each_chain() to for_each_chain6()Maciej Zenczykowski2011-04-041-1/+1
| | | | | Signed-off-by: Maciej Zenczykowski <maze@google.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
* libxtables: set names of programsJamal Hadi Salim2009-02-121-0/+2
| | | | | | Set proper name of application. Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
* src: consolidate duplicate code in iptables/internal.hJan Engelhardt2009-02-101-2/+0
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxtables: move compat defines to xtables.cJan Engelhardt2009-02-101-5/+0
| | | | | | | Addendum to commit v1.4.3-rc1-41-g77f48c2 where the macro users got moved. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* src: remove unused ipt_tryload macroJan Engelhardt2009-02-101-2/+0
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* src: remove iptables_rule_match indirection macroJan Engelhardt2009-02-101-1/+0
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxtables: decouple non-xtables parts from headerJan Engelhardt2009-02-101-0/+1
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libiptc: remove indirectionsJan Engelhardt2008-11-101-4/+4
| | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* libiptc: remove typedef indirectionJan Engelhardt2008-11-101-5/+5
| | | | | | | | | | | Don't you hate it when iptc_handle_t *x actually is a double-indirection struct iptc_handle **? This also shows the broken constness model, since "const iptc_handle_t x" = "iptc_handle_t const x" = "struct iptc_handle *const x", which is like no const at all. Lots of things to do then. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* src: remove dependency on libiptc headersJan Engelhardt2008-08-041-2/+2
| | | | | | | | xtables.h does not need really need libxtc.h, and we can drop it from the install as it is internal-only. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* iptables --list-rules commandHenrik Nordstrom2008-05-131-0/+1
| | | | | | | | | | | | | | | | | | Adds iptables --list-rules (-S) command, acting as a combination of iptables --list and iptables-save. The primary motivation behind this patch is to get iptables-save like output capabilities in iptables-restore, allowing "iptables-restore -n" to be used as a consistent API to iptables for all kind of operations, not only blind updates.. As a bonus iptables also gets the capability of printing the rules as-is. This completely replaces the earlier patch which added the --rules option. Henrik Nordstrom <henrik@henriknordstrom.net>
* Remove old functions, constantsJan Engelhardt2008-04-151-5/+0
|
* Combine IP{,6}T_LIB_DIR into XTABLES_LIBDIRJan Engelhardt2008-04-131-4/+0
|
* Moves all declarations in iptables_common.h to xtables.h.Yasuyuki KOZAKAI2007-07-241-1/+0
|
* Moves IPPROTO_* and IP[6]T_LIB_DIR definitions to xtables.hYasuyuki KOZAKAI2007-07-241-11/+1
|
* Moves some duplicated functions in ip[6]tables.c to xtables.cYasuyuki KOZAKAI2007-07-241-3/+0
| | | | | string_to_number_ll, string_to_number_l, string_to_number, service_to_port, parse_port, parse_interface, are moved.
* Introduces xtables match/target registrationYasuyuki KOZAKAI2007-07-241-136/+6
| | | | | | | | | | | | | | | | | | | | | | | - moves lib_dir to xtables.c - introduces struct pfinfo which has protocol family dependent infomations. - unifies load_ip[6]tables_ko() and moves them as load_xtables_ko() - introduces xt_{match,match_rule,target,tryload} and replaces ip[6]t_* with them - unifies following functions and move them to xtables.c - find_{match,find_target} - compatible_revision, compatible_{match,target}_revision - introduces xtables_register_{match,target} and make register_{match,target}[6] call them. xtables_register_* register ONLY matches/targets matched protocol family Some concepts: - source compatibility for libip[6]t_xxx.c with warning on compilation not binary compatibility. - binary compatibility between 2.4/2.6 kernel and iptables/ip6tables, of cause. - xtables is enough to support only one address family at runtime. Then xtables keeps infomations of only the focused address famiy in struct afinfo.
* Moves ip[6]tables_insmod() to xtables.c as xtables_insmod()Yasuyuki KOZAKAI2007-07-241-2/+0
|
* Fixes typos in the argument of ip[6]tables_insmod: quit -> quietYasuyuki KOZAKAI2007-03-201-2/+3
|
* Supress error message from modprobe on checking revision.Yasuyuki KOZAKAI2007-03-131-2/+2
|
* Add UDPLITE multiport supportPatrick McHardy2007-01-111-0/+3
|
* load ip_[6]tables.ko just before checking revision support in kernel.Yasuyuki KOZAKAI2006-11-131-0/+1
|
* changes IP6T_SO_GET_REVISION_{MATCH,TARGET} to 68,69Yasuyuki KOZAKAI2006-11-131-2/+2
| | | | 66 and 67 is conflicted with IPv6 Advanced API in kernel <= 2.6.18.
* - Add revision support to ip6tables.Rémi Denis-Courmont2006-10-201-0/+15
| | | | | - Add support port range match to libip6t_multiport (R?mi Denis-Courmont <rdenis@simphalempin.com>)
* reduce parse_*_port duplication (Phil Oester <kernel@linuxace.com>)Phil Oester2006-07-201-0/+1
| | | | | The below patch (dependent upon my 'reduce service_to_port duplication' patch) centralizes the parse_*_port functions into parse_port.
* reduce service_to_port duplication (Phil Oester <kernel@linuxace.com>)Phil Oester2006-07-201-0/+1
| | | | | The service_to_port function is used in a number of places, and could benefit from some centralization instead of being duplicated everywhere.
* Add DCCP/SCTP support to multiport. Patch for kernel will go in 2.6.18.Patrick McHardy2006-04-281-0/+7
|
* Multiple matches of the same type can be specified on the commandline.Joszef Kadlecsik2006-03-031-0/+4
| | | | | | | | | | If two or more matches of the same type are detected then the options are assumed to be grouped in order to tell which option belongs to which match: ... -m foo ... <options0> ... -m foo ... <options1> ... Otherwise the commandline parsing is unmodified.
* Fix probing for supported revisions (Jones Desougi <jones@ingate.com>)Jones Desougi2005-12-221-0/+1
| | | | Bugzilla #413
* reduce code replication of parse_interface() (Yasuyuki Kozakai)Yasuyuki KOZAKAI2005-06-221-0/+2
|
* Fix setting lib_dir in ip*tables-{save,restore}Martin Josefsson2004-12-271-0/+4
|
* Bloody copy-n-edit. Make sure to use matches in the order they are given...Martin Josefsson2004-02-021-2/+8
|
* port 'line number on error in iptables-restore' from ipv4Harald Welte2003-03-051-0/+2
|
* - added patch to support statically linking of iptablesHarald Welte2001-08-061-0/+6
| | | | - iptables-save/-restore is no longer experimental
* Added support for iptables-restore module-load-on-demand (a. van schie)Harald Welte2001-06-161-0/+1
|
* ip6tables fixes by Fabrice MaurieFabrice MARIE2001-05-051-2/+4
|
* ip6tables-save/-restore by Kis-Szabo AndrasAndrás Kis-Szabó2001-02-261-0/+5
|
* Jan Echternach's const tweak.Jan Echternach2000-08-271-1/+1
|
* Philip Blundell's IPv6 fixes.Philip Blundell2000-05-151-2/+14
|
* IPv6 enhancements.Rusty Russell2000-05-021-0/+107