| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
| |
This reverts commit 110c1e4502e21ea38e0980e6f8af857d24330099.
Revert the revert to restore the TEE target.
|
| |
|
|
|
|
|
| |
This reverts commit 65414babaebcd403e9bf2c27d9d74adb369bf3aa, reversing
changes made to 7278461dfad72e2008585dd0bac0e889e5bba99e.
Forgot to commit the version increase.
|
| |
|
|
|
|
| |
xt_TEE is firstly included in Linux 2.6.35.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
|
|
| |
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Update the shipped Linux kernel headers from 2.6.33-rc6, as
iptables's ipt_ECN.h for example references ipt_DSCP.h, which no
longer exists.
Since a number of old code pieces have been removed in the kernel in
that fashion, the structs for older versions are moved into the .c
file, to keep header updating simple.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
|
|
|
|
| |
From Evgeniy Polyakov <zbr@ioremap.net>
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
| |
|
|
|
|
|
|
|
| |
In going to fix NF bug #611, "argv" is needed in
xtables_check_inverse to set "optarg" to the right spot in case of an
intrapositional negation.
References: http://bugzilla.netfilter.org/show_bug.cgi?id=611
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
New version that adds support for specifying a queue range instead
of a single queue id.
The kernel will distribute flows across the given queue range.
This is useful for multicore systems, simply start multiple instances
of the userspace program on queues x, x+1, .. x+n and use
"--queue-balance x:x+n".
Packets belonging to the same connection are put into the same queue.
With fixes from Jan Engelhardt.
Signed-off-by: Florian Westphal <fwestphal@astaro.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
| |\
| |
| |
| |
| |
| |
| | |
Conflicts:
extensions/libxt_conntrack.c
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| | |
| |
| |
| |
| |
| | |
This complements the xt_conntrack revision 2 code added to the kenrel.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Changed the Makefile so that:
1. --enable-shared / --disable-shared control the linkage against
libdl (and thus the potential to use 3rd party extensions)
2. --enable-static / --disable-static controls whether shipped
extensions are built-in or provided as modules
iptables-static becomes redundant by this action; iptables-multi now
has the feature.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Mixing code compiled with and without -DNO_SHARED_LIBS is fine as
long as the structs have the same layout. This patch prevents a
potential (currently non-triggerable) "ip6tables: target (null)<123>
is missing a version" error.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| | |
| |
| |
| |
| |
| | |
Similar to the ones that are present in the kernel.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
| |
libiptc already supports adding and deleting multiple rules with
different addresses, so it only needs to be wired up to the options.
# ip6tables -I INPUT -s 2001:db8::d,2001:db8::e -j DROP
References: http://marc.info/?l=netfilter-devel&m=123929790719202&w=2
Adjustments made: syntax, removal of unneeded variables, manpage
adjustment, soversion bump.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
|
|
|
|
| |
This fixes linking errors for 3rd-party C++ code.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
|
|
|
|
| |
This patch adds support for the cluster match to iptables.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
| |
Add support for persistent mappings (2.6.29-rc2+) as replacement for the
removed SAME target.
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
When the structure's layout changes, as it did between v1.4.1 and
v1.4.2, trying to compare the version string makes iptables segfault
while it tries to determine whether the module is compatible in the
first place.
By moving the member to a known offset in the struct and keeping it
there, objects (both iptables and 3rd party) compiled from this
commit onwards will avoid the segfault.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fix build failure of iptables utilities on debian/ubuntu, maybe other distros.
The values INT_MIN and INT_MAX are used by many filters and these
are defined in limits.h
---
patch against current iptables.git
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
| | |
| |
| |
| |
| |
| | |
Thanks to Stephen Hemminger for noticing.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |/
|
|
| |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
|
|
| |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
|
|
| |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
|
|
|
| |
Tested-by: Jesper Dangaard Brouer <hawk@comx.dk>
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
|
|
|
|
| |
Kill program_name, program_version and xtables_program_name.
Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
|
| |
|
|
|
|
|
|
|
|
|
| |
Introduce xtables_init_all() which hides three calls xtables_init(),
xtables_set_nfproto(), and xtables_set_params(). Make
ip[6]tables-restore, ip[6]tables-save and ip[6]tables-standalone use
it.
I moved xtables_set_params around for readability reasons.
Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
|
| |
|
|
|
|
|
|
| |
Introduce xtables_merge_options() for re-use reasons. Apps can use it
instead of each defining their own merge_options(). Made iptables and
ip6tables use the new shared interface.
Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
|
| |
|
|
|
|
|
|
| |
The patch modifies xtables_globals to introduce orig_opts and
xtables_free_opts() to emulate what free_opts used to do. We also get
rid of the copies of free_opts() that iptables and ip6tables keep.
Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
|
| |
|
|
|
|
| |
Introduce xtables_set_revision() and make iptables and ip6tables use it.
Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
|
| |
|
|
|
|
| |
Set proper name of application.
Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
|
| |
|
|
|
|
| |
This patch will support adding libiptc to the headers list in future.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
|
|
| |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |\ |
|
| | |
| |
| |
| | |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| | |
| |
| |
| |
| |
| |
| | |
Addendum to commit v1.4.3-rc1-41-g77f48c2 where the macro users
got moved.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| | |
| |
| |
| | |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| | |
| |
| |
| | |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| | |
| |
| |
| | |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| | |
| |
| |
| | |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Rename xtables_globals exit_error cb to exit_err and introduce
a very simple aliasing macro to point to it.
convert iptables, ip6tables and iptables_xml to use it.
Note iptables_xml does not have to define its own exit_error()
since it can use the basic one provided.
Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Introduce exit_error() as part of xtables_globals structure.
When an application registers its xtables_globals definition
and does not specify its exit_error() it gets assigned a
basic version
Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Introduce xtables_free_opts() an xtables variant of
free_opts() which uses xtables_globals already set
by xtables_set_params(). The end goal is to have all internal
references in xtables.c use xtables_free_opts() instead of
depending on external defined free_opts()
Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
introduce a new struct,xtables_globals, so as to
localize the globals used and help in symbol renames.
The applications must invoke xtables_set_params() before starting
to use any iptables APIs.
xtables_set_params() is intended to free xtables from depending
(as it does right now) on existence of such externally definitions
(from iptables/iptables6 etc). At the moment, xtables wont even
compile without presence of at least one of {iptables/iptables6 etc}
Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
| |\| |
|
| | |
| |
| |
| |
| |
| |
| | |
libxtables should not rely on the program executable providing the
magic constants for using [gs]etsockopt.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| | |
| |
| |
| | |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| | |
| |
| |
| |
| |
| |
| | |
This also adds a warning that intrapositional negation support
is deprecated.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| | |
| |
| |
| | |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| | |
| |
| |
| | |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
