summaryrefslogtreecommitdiffstats
path: root/include/xtables.h.in
Commit message (Collapse)AuthorAgeFilesLines
* libxtables: XTTYPE_PLEN supportJan Engelhardt2011-05-091-0/+2
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxtables: do not overlay addr and mask parts, and cleanupJan Engelhardt2011-05-091-4/+13
| | | | | | | | | XTTYPE_HOSTMASK will require that what has now become haddr, hmask/hlen are not overlays of another. Thus relax the structure and always set all members of the {haddr, hmask, hlen} triplet now for all types that touch any of the members. Add some more comments and clean out ONEHOST.
* libxtables: support for XTTYPE_PLENMASKJan Engelhardt2011-05-091-1/+3
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxtables: XTTYPE_DOUBLE supportJan Engelhardt2011-05-091-0/+3
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* extensions: remove bogus use of XT_GETOPT_TABLEENDJan Engelhardt2011-05-081-1/+1
| | | | | | | | | | Commit v1.4.8-36-g32b8e61 added this end marker in a little too many places: at non-getopt places. Fix that. Also change the definition of XT_GETOPT_TABLEEND to reference a struct getopt member by name so that this cannot happen again. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxtables: XTTYPE_PORTRC supportJan Engelhardt2011-05-011-1/+5
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxt_TOS: use guided option parserJan Engelhardt2011-05-011-0/+5
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxtables: XTTYPE_PORT supportJan Engelhardt2011-04-131-1/+5
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxtables: XTTYPE_ONEHOST supportJan Engelhardt2011-04-131-0/+3
| | | | | | | | The bonus of the POSIX socket API is that it is almost protocol-agnostic and that there are ready-made functions to take over the gist of address parsing and packing. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxtables: XTTYPE_SYSLOGLEVEL supportJan Engelhardt2011-04-131-1/+3
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxtables: pass struct xt_entry_{match,target} to x6 parserJan Engelhardt2011-04-131-0/+4
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxtables: XTTYPE_UINT16 supportJan Engelhardt2011-04-131-1/+2
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxtables: XTTYPE_UINT64RC supportJan Engelhardt2011-04-131-1/+2
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxtables: XTTYPE_UINT8RC supportJan Engelhardt2011-04-131-1/+2
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxtables: XTTYPE_UINT16RC supportJan Engelhardt2011-04-131-0/+2
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxtables: linked-list name<->id mapJan Engelhardt2011-04-131-0/+15
| | | | | | This consolidates the maps from libxt_devgroup and libxt_realm. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxtables: XTTYPE_UINT64 supportJan Engelhardt2011-04-131-0/+2
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxtables: XTTYPE_MARKMASK32 supportJan Engelhardt2011-04-131-0/+5
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxtables: XTTYPE_STRING supportJan Engelhardt2011-04-061-0/+2
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxtables: XTTYPE_UINT32RC supportJan Engelhardt2011-04-061-1/+5
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxtables: XTTYPE_UINT8 supportJan Engelhardt2011-04-061-0/+2
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxtables: min-max option supportJan Engelhardt2011-04-061-0/+3
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxtables: XTTYPE_UINT32 supportJan Engelhardt2011-04-061-1/+3
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxtables: provide better final_checkJan Engelhardt2011-04-061-0/+15
| | | | | | | | This passes the per-extension data block to the new x6_fcheck function pointer, which can then do last alterations without using hacks like global variables (think libxt_statistic). Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxtables: guided option parserJan Engelhardt2011-04-061-0/+91
| | | | | | | | | | | This patchset seeks to drastically reduce the code in the individual extensions by centralizing their argument parsing (breakdown of strings), validation, and in part, assignment. As a secondary goal, this reduces the number of static storage duration variables in flight. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* Revert "Revert "libxtables: change option precedence order to be intuitive""Jan Engelhardt2010-11-151-2/+3
| | | | | This reverts commit e84f131b5f992577119bd3679241f69ec394e0a7. Solution follows.
* Revert "libxtables: change option precedence order to be intuitive"Patrick McHardy2010-11-151-3/+2
| | | | | | | | | | | This reverts commit 600f38db82548a683775fd89b6e136673e924097. The commit breaks option parsing: iptables v1.4.9: host/network `port' not found Try `iptables -h' or 'iptables --help' for more information. Signed-off-by: Patrick McHardy <kaber@trash.net>
* libxtables: change option precedence order to be intuitiveJan Engelhardt2010-10-291-2/+3
| | | | | | | | | | | | | When using `-m mark --mark 2 -m connmark --mark 2`, the user currently gets an error about the (libxt_mark) --mark option being used twice. This is because libxt_connmark's option table does not override any previous options. This patch changes this behavior, since the current behavior does not allow connmark's option to be used at all, which is illogical. Cc: Florian Westphal <fw@strlen.de> Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* all: consistent syntax use in struct optionJan Engelhardt2010-07-231-0/+2
| | | | | | Try to inhibit copypasting old stuff. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* xtables: remove xtables_set_revision functionJan Engelhardt2010-06-071-1/+0
| | | | | | | | Since iptables uses its own copies of the header files anyway where the revision field is exposed, there is no reach to access name[] beyond its size. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxtables: hand argv to xtables_check_inverseJan Engelhardt2009-11-031-1/+1
| | | | | | | | | In going to fix NF bug #611, "argv" is needed in xtables_check_inverse to set "optarg" to the right spot in case of an intrapositional negation. References: http://bugzilla.netfilter.org/show_bug.cgi?id=611 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* build: combine iptables-multi and iptables-staticJan Engelhardt2009-07-251-1/+1
| | | | | | | | | | | | | | | Changed the Makefile so that: 1. --enable-shared / --disable-shared control the linkage against libdl (and thus the potential to use 3rd party extensions) 2. --enable-static / --disable-static controls whether shipped extensions are built-in or provided as modules iptables-static becomes redundant by this action; iptables-multi now has the feature. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* build: fix struct size mismatchJan Engelhardt2009-07-251-4/+0
| | | | | | | | | Mixing code compiled with and without -DNO_SHARED_LIBS is fine as long as the structs have the same layout. This patch prevents a potential (currently non-triggerable) "ip6tables: target (null)<123> is missing a version" error. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* xtables: add multi-registration functionsJan Engelhardt2009-06-261-0/+2
| | | | | | Similar to the ones that are present in the kernel. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* iptables: accept multiple IP address specifications for -s, -dMichael Granzow2009-06-261-0/+5
| | | | | | | | | | | | | | libiptc already supports adding and deleting multiple rules with different addresses, so it only needs to be wired up to the options. # ip6tables -I INPUT -s 2001:db8::d,2001:db8::e -j DROP References: http://marc.info/?l=netfilter-devel&m=123929790719202&w=2 Adjustments made: syntax, removal of unneeded variables, manpage adjustment, soversion bump. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* xtables: use extern "C"Jan Engelhardt2009-05-261-0/+8
| | | | | | This fixes linking errors for 3rd-party C++ code. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxtables: reorder .version memberJan Engelhardt2009-04-031-3/+13
| | | | | | | | | | | | | When the structure's layout changes, as it did between v1.4.1 and v1.4.2, trying to compare the version string makes iptables segfault while it tries to determine whether the module is compatible in the first place. By moving the member to a known offset in the struct and keeping it there, objects (both iptables and 3rd party) compiled from this commit onwards will avoid the segfault. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* iptables: Add limits.h to get INT_MIN, INT_MAX, ...Stephen Hemminger2009-02-251-0/+1
| | | | | | | | | | Fix build failure of iptables utilities on debian/ubuntu, maybe other distros. The values INT_MIN and INT_MAX are used by many filters and these are defined in limits.h --- patch against current iptables.git Signed-off-by: Patrick McHardy <kaber@trash.net>
* libxtables: prefix exit_error to xtables_errorJan Engelhardt2009-02-211-1/+1
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxtables: inline and remove unused OPTION_OFFSET macroJan Engelhardt2009-02-211-1/+0
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxtables: general follow-up cleanupJamal Hadi Salim2009-02-131-1/+0
| | | | | | Kill program_name, program_version and xtables_program_name. Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
* libxtables: consolidate init calls into one functionJamal Hadi Salim2009-02-131-0/+1
| | | | | | | | | | | Introduce xtables_init_all() which hides three calls xtables_init(), xtables_set_nfproto(), and xtables_set_params(). Make ip[6]tables-restore, ip[6]tables-save and ip[6]tables-standalone use it. I moved xtables_set_params around for readability reasons. Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
* libxtables: consolidate merge_options into xtables_merge_optionsJamal Hadi Salim2009-02-131-0/+4
| | | | | | | | Introduce xtables_merge_options() for re-use reasons. Apps can use it instead of each defining their own merge_options(). Made iptables and ip6tables use the new shared interface. Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
* libxtables: make iptables and ip6tables use xtables_free_optsJamal Hadi Salim2009-02-121-1/+2
| | | | | | | | The patch modifies xtables_globals to introduce orig_opts and xtables_free_opts() to emulate what free_opts used to do. We also get rid of the copies of free_opts() that iptables and ip6tables keep. Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
* libxtables: add xtables_set_revisionJamal Hadi Salim2009-02-121-0/+1
| | | | | | Introduce xtables_set_revision() and make iptables and ip6tables use it. Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
* libxtables: use const for vars holding literalsJan Engelhardt2009-02-121-2/+1
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* Merge branch 'master' of git://dev.medozas.de/iptablesPatrick McHardy2009-02-121-1/+6
|\
| * libxtables: decouple non-xtables parts from headerJan Engelhardt2009-02-101-1/+6
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* | libxtables: simple aliasing macro for exit_errorJamal Hadi Salim2009-02-111-4/+4
| | | | | | | | | | | | | | | | | | | | | | Rename xtables_globals exit_error cb to exit_err and introduce a very simple aliasing macro to point to it. convert iptables, ip6tables and iptables_xml to use it. Note iptables_xml does not have to define its own exit_error() since it can use the basic one provided. Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca> Signed-off-by: Patrick McHardy <kaber@trash.net>
* | libxtables: Add exit_error cb to xtables_globalsJamal Hadi Salim2009-02-111-8/+9
| | | | | | | | | | | | | | | | | | | | Introduce exit_error() as part of xtables_globals structure. When an application registers its xtables_globals definition and does not specify its exit_error() it gets assigned a basic version Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca> Signed-off-by: Patrick McHardy <kaber@trash.net>