summaryrefslogtreecommitdiffstats
path: root/include
Commit message (Collapse)AuthorAgeFilesLines
...
| * libxt_TOS: use guided option parserJan Engelhardt2011-05-011-0/+5
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* | Move common parts of libext{4,6}.a into libext.aMaciej ┼╗enczykowski2011-04-191-0/+1
| | | | | | | | Signed-off-by: Maciej Zenczykowski <maze@google.com>
* | Merge branch 'floating/opts' of git://dev.medozas.de/iptablesPatrick McHardy2011-04-181-1/+41
|\|
| * libxtables: XTTYPE_PORT supportJan Engelhardt2011-04-131-1/+5
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxtables: XTTYPE_ONEHOST supportJan Engelhardt2011-04-131-0/+3
| | | | | | | | | | | | | | | | The bonus of the POSIX socket API is that it is almost protocol-agnostic and that there are ready-made functions to take over the gist of address parsing and packing. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxtables: XTTYPE_SYSLOGLEVEL supportJan Engelhardt2011-04-131-1/+3
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxtables: pass struct xt_entry_{match,target} to x6 parserJan Engelhardt2011-04-131-0/+4
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxtables: XTTYPE_UINT16 supportJan Engelhardt2011-04-131-1/+2
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxtables: XTTYPE_UINT64RC supportJan Engelhardt2011-04-131-1/+2
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxtables: XTTYPE_UINT8RC supportJan Engelhardt2011-04-131-1/+2
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxtables: XTTYPE_UINT16RC supportJan Engelhardt2011-04-131-0/+2
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxtables: linked-list name<->id mapJan Engelhardt2011-04-131-0/+15
| | | | | | | | | | | | This consolidates the maps from libxt_devgroup and libxt_realm. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxtables: XTTYPE_UINT64 supportJan Engelhardt2011-04-131-0/+2
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxtables: XTTYPE_MARKMASK32 supportJan Engelhardt2011-04-131-0/+5
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* | SET target revision 2 addedJozsef Kadlecsik2011-04-171-3/+17
| | | | | | | | | | | | | | | | | | The new revision of the SET target supports the following new operations - specifying the timeout value of the entry to be added - flag to instruct the kernel that if the entry already exists then reset the timeout value to the specified one (or to the default from the set definition)
* | Merge branch 'opts' of git://dev.medozas.de/iptablesPatrick McHardy2011-04-131-1/+9
|\|
| * libxtables: XTTYPE_STRING supportJan Engelhardt2011-04-061-0/+2
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxtables: XTTYPE_UINT32RC supportJan Engelhardt2011-04-061-1/+5
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxtables: XTTYPE_UINT8 supportJan Engelhardt2011-04-061-0/+2
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* | Merge branch 'opts' of git://dev.medozas.de/iptablesPatrick McHardy2011-04-121-0/+111
|\|
| * libxtables: min-max option supportJan Engelhardt2011-04-061-0/+3
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxtables: XTTYPE_UINT32 supportJan Engelhardt2011-04-061-1/+3
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxtables: provide better final_checkJan Engelhardt2011-04-061-0/+15
| | | | | | | | | | | | | | | | This passes the per-extension data block to the new x6_fcheck function pointer, which can then do last alterations without using hacks like global variables (think libxt_statistic). Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxtables: guided option parserJan Engelhardt2011-04-061-0/+91
| | | | | | | | | | | | | | | | | | | | | | This patchset seeks to drastically reduce the code in the individual extensions by centralizing their argument parsing (breakdown of strings), validation, and in part, assignment. As a secondary goal, this reduces the number of static storage duration variables in flight. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* | v4: rename do_command() to do_command4()Maciej Zenczykowski2011-04-041-1/+1
| | | | | | | | | | Signed-off-by: Maciej Zenczykowski <maze@google.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
* | v6: rename print_rule() to print_rule6()Maciej Zenczykowski2011-04-041-1/+1
| | | | | | | | | | Signed-off-by: Maciej Zenczykowski <maze@google.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
* | v4: rename print_rule() to print_rule4()Maciej Zenczykowski2011-04-041-1/+1
| | | | | | | | | | Signed-off-by: Maciej Zenczykowski <maze@google.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
* | v6: rename delete_chain() to delete_chain6()Maciej Zenczykowski2011-04-041-1/+1
| | | | | | | | | | Signed-off-by: Maciej Zenczykowski <maze@google.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
* | v4: rename delete_chain() to delete_chain4()Maciej Zenczykowski2011-04-041-1/+1
| | | | | | | | | | Signed-off-by: Maciej Zenczykowski <maze@google.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
* | v6: rename flush_entries() to flush_entries6()Maciej Zenczykowski2011-04-041-1/+1
| | | | | | | | | | Signed-off-by: Maciej Zenczykowski <maze@google.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
* | v4: rename flush_entries() to flush_entries4()Maciej Zenczykowski2011-04-041-1/+1
| | | | | | | | | | Signed-off-by: Maciej Zenczykowski <maze@google.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
* | v6: rename for_each_chain() to for_each_chain6()Maciej Zenczykowski2011-04-041-1/+1
| | | | | | | | | | Signed-off-by: Maciej Zenczykowski <maze@google.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
* | v4: rename for_each_chain() to for_each_chain4()Maciej Zenczykowski2011-04-041-1/+1
| | | | | | | | | | Signed-off-by: Maciej Zenczykowski <maze@google.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
* | xtables.h: init_extensions() no longer existsMaciej Zenczykowski2011-04-041-1/+0
| | | | | | | | | | Signed-off-by: Maciej Zenczykowski <maze@google.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
* | v6: rename init_extensions() to init_extensions6()Maciej Zenczykowski2011-04-041-0/+1
| | | | | | | | | | Signed-off-by: Maciej Zenczykowski <maze@google.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
* | v4: rename init_extensions() to init_extensions4()Maciej Zenczykowski2011-04-041-0/+1
|/ | | | | Signed-off-by: Maciej Zenczykowski <maze@google.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
* iptables: add -C to check for existing rulesStefan Tomanek2011-03-082-0/+12
| | | | | | | | | | | | | | | | | It is often useful to check whether a specific rule is already present in a chain without actually modifying the iptables config. Services like fail2ban usually employ techniques like grepping through the output of "iptables -L" which is quite error prone. This patch adds a new operation -C to the iptables command which mostly works like -D; it can detect and indicate the existence of the specified rule by modifying the exit code. The new operation TC_CHECK_ENTRY uses the same code as the -D operation, whose functions got a dry-run parameter appended. Signed-off-by: Stefan Tomanek <stefan.tomanek@wertarbyte.de> Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* extensions: add extension for devgroup matchPatrick McHardy2011-02-031-0/+21
| | | | Signed-off-by: Patrick McHardy <kaber@trash.net>
* libxt_connlimit: remove duplicate member that caused size changeJan Engelhardt2011-01-201-1/+1
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* extensions: libxt_conntrack: add support for specifying port rangesPatrick McHardy2011-01-201-0/+15
| | | | | | | Add support for revision 3 of the conntrack match, which allows to specify port ranges for origsrc/origdst/replsrc/repldst. Signed-off-by: Patrick McHardy <kaber@trash.net>
* extensions: libxt_NFQUEUE: add v2 revision with --queue-bypass optionFlorian Westphal2011-01-201-0/+6
| | | | | | | | --queue-bypass: if no userpace program is listening on the queue, then allow packets to continue through the ruleset instead of dropping them. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* libxt_AUDIT: add AUDIT targetThomas Graf2011-01-201-0/+30
| | | | | | | | | libxt module for the AUDIT target. -j AUDIT --type (accept|reject|drop) Signed-off-by: Thomas Graf <tgraf@redhat.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
* libxt_connlimit: support for dstaddr-supporting revision 1Jan Engelhardt2011-01-191-2/+12
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* xt_comment: remove redundant castJan Engelhardt2011-01-071-1/+1
|
* include: update files with headers from Linux 2.6.37-rc1Jan Engelhardt2010-12-0316-48/+81
| | | | Also includes the type change to __u{8,16,32} kernel types already.
* Revert "Revert "libxtables: change option precedence order to be intuitive""Jan Engelhardt2010-11-151-2/+3
| | | | | This reverts commit e84f131b5f992577119bd3679241f69ec394e0a7. Solution follows.
* Revert "libxtables: change option precedence order to be intuitive"Patrick McHardy2010-11-151-3/+2
| | | | | | | | | | | This reverts commit 600f38db82548a683775fd89b6e136673e924097. The commit breaks option parsing: iptables v1.4.9: host/network `port' not found Try `iptables -h' or 'iptables --help' for more information. Signed-off-by: Patrick McHardy <kaber@trash.net>
* libxtables: change option precedence order to be intuitiveJan Engelhardt2010-10-291-2/+3
| | | | | | | | | | | | | When using `-m mark --mark 2 -m connmark --mark 2`, the user currently gets an error about the (libxt_mark) --mark option being used twice. This is because libxt_connmark's option table does not override any previous options. This patch changes this behavior, since the current behavior does not allow connmark's option to be used at all, which is illogical. Cc: Florian Westphal <fw@strlen.de> Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* libxt_quota: don't ignore the quota value on deletionChangli Gao2010-08-021-1/+1
| | | | | | | | Don't ignore the quota value on deletion, then we can remove a special rule everytime. Signed-off-by: Changli Gao <xiaosuo@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
* all: consistent syntax use in struct optionJan Engelhardt2010-07-231-0/+2
| | | | | | Try to inhibit copypasting old stuff. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>