summaryrefslogtreecommitdiffstats
path: root/include/xtables.h
Commit message (Collapse)AuthorAgeFilesLines
* libxtables: add xtables_print_numPablo Neira Ayuso2013-01-041-0/+16
| | | | | | | | This function is used both by iptables and ip6tables, and refactorize to avoid longer than 80-chars per column lines of code. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* libxtables: add xtables_rule_matches_freePablo Neira Ayuso2013-01-041-0/+2
| | | | | | This function is shared by iptables and ip6tables. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* iptables: support for match aliasesJan Engelhardt2012-09-291-0/+1
| | | | | | | This patch allows for match names listed on the command line to be rewritten to new names and revisions, like we did for targets before. Signed-off-by: Jan Engelhardt <jengelh@inai.de>
* iptables: support for target aliasesJan Engelhardt2012-09-271-0/+3
| | | | | | | | | | | This patch allows for target names listed on the command line to be rewritten to new names and revisions. As before, we will pick a revision that is supported by the kernel - now including real_name in the search. This gives us the possibility to test for many action names. Signed-off-by: Jan Engelhardt <jengelh@inai.de>
* build: separate AC variable replacements from xtables.hJan Engelhardt2012-08-311-0/+526
| | | | | | | It was/is a bit annoying that modifying xtables.h.in causes configure to rerun. Split the @foo@ things into a separate file to bypass this. Signed-off-by: Jan Engelhardt <jengelh@inai.de>
* Dynamically create xtables.h.in with versionJan Engelhardt2008-04-151-216/+0
|
* xtables.h: move non-exported parts to internal.hJan Engelhardt2008-04-131-61/+0
|
* Fix all remaining warnings (missing declarations, missing prototypes)Jan Engelhardt2008-04-131-0/+7
|
* Fix -Wshadow warnings and clean up xt_sctp.hJan Engelhardt2008-04-061-2/+2
| | | | | Note: xt_sctp.h is still not merged upstream in the kernel as of this commit. But a refactoring was really needed.
* escape stringsMax Kellermann2008-01-291-0/+6
| | | | Max Kellermann <max@duempel.org>
* rename overlapping function namesJan Engelhardt2008-01-201-0/+7
| | | | | | Rename overlapping function names. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
* bunch o' renamesJan Engelhardt2008-01-201-0/+8
| | | | | | | | Move a few functions from iptables.c/ip6tables.c to xtables.c so they are available for combined (both AF_INET and AF_INET6) libxt modules. Rename overlapping function names. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
* common error messagesJan Engelhardt2008-01-201-1/+6
| | | | | | | | Error messages vary wildly among modules, and there is a lot of reundance in it too. Introduce a helper function that does all of the parameter checking boilerplate and gives unique messages. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
* Introduce strtonum(), which works like string_to_number(), but passesJan Engelhardt2008-01-201-0/+5
| | | | | | | | | | | | | | | | | | | | back the 'end' pointer. It is useful where you want to do boundary checking yet work with strings that are not entirely slurped by strtoul(), e.g.: s = "1/2"; /* one half */ if (!strtonum(s, &end, &value, 0, 5)) error("Zero-length string, or value out of bounds"); if (*end != '/') error("Malformed string"); info->param1 = value; if (!strtonum(end + 1, &end, &value, 2, 4)) error(".."); if (*end != '\0') error("Malformed string"); info->param2 = value; Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
* Converts the iptables build infrastructure to autotools.Jan Engelhardt2008-01-201-6/+7
| | | | | | | | | | | | | - Can build both static and dynamic at the same time - iptables-static will be a multi-binary, semi-static (link against libc but w/o dynamic plugins) - Always build IPv6 modules - consider INSTALL Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
* use <linux/types.h>Jan Engelhardt2007-12-171-5/+1
| | | | | | | | Remove our own definitions of the Linux types and use <linux/types.h> instead. libiptc needs it too, or otherwise will choke on union nf_inet_addr. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
* Fix more sparse warnings: non-C99 array declaration, incorrect function ↵Patrick McHardy2007-09-081-2/+0
| | | | prototypes
* Fix aligned_u64 type on 64 bit: its an unsigned long, not an unsigned long long.Patrick McHardy2007-09-051-1/+1
| | | | Fixes compiler warning in quota match.
* Remove last vestiges of NFC (Peter Riley <Peter.Riley@hotpop.com>)Peter Riley2007-09-021-3/+2
|
* Make @msg argument a const char *, just like printf().Jan Engelhardt2007-08-011-1/+1
| | | | Signed-off-by: Jan Engelhardt <jengelh@gmx.de>
* Make xtables_target->extra_opts const (xtables_match->extra_opts already is)Jan Engelhardt2007-07-301-1/+1
| | | | Signed-off-by: Jan Engelhardt <jengelh@gmx.de>
* Moves all declarations in iptables_common.h to xtables.h.Yasuyuki KOZAKAI2007-07-241-0/+31
|
* Moves IPPROTO_* and IP[6]T_LIB_DIR definitions to xtables.hYasuyuki KOZAKAI2007-07-241-0/+14
|
* Moves some duplicated functions in ip[6]tables.c to xtables.cYasuyuki KOZAKAI2007-07-241-0/+17
| | | | | string_to_number_ll, string_to_number_l, string_to_number, service_to_port, parse_port, parse_interface, are moved.
* Introduces xtables match/target registrationYasuyuki KOZAKAI2007-07-241-0/+173
| | | | | | | | | | | | | | | | | | | | | | | - moves lib_dir to xtables.c - introduces struct pfinfo which has protocol family dependent infomations. - unifies load_ip[6]tables_ko() and moves them as load_xtables_ko() - introduces xt_{match,match_rule,target,tryload} and replaces ip[6]t_* with them - unifies following functions and move them to xtables.c - find_{match,find_target} - compatible_revision, compatible_{match,target}_revision - introduces xtables_register_{match,target} and make register_{match,target}[6] call them. xtables_register_* register ONLY matches/targets matched protocol family Some concepts: - source compatibility for libip[6]t_xxx.c with warning on compilation not binary compatibility. - binary compatibility between 2.4/2.6 kernel and iptables/ip6tables, of cause. - xtables is enough to support only one address family at runtime. Then xtables keeps infomations of only the focused address famiy in struct afinfo.
* Moves ip[6]tables_insmod() to xtables.c as xtables_insmod()Yasuyuki KOZAKAI2007-07-241-0/+3
|
* Moves common fw_malloc() and fw_calloc() to xtables.cYasuyuki KOZAKAI2007-07-241-0/+3
|
* Adds xtables.[ch] and change Makefile to compile itYasuyuki KOZAKAI2007-07-241-0/+4