summaryrefslogtreecommitdiffstats
path: root/include
Commit message (Collapse)AuthorAgeFilesLines
* libxtables: set names of programsJamal Hadi Salim2009-02-122-0/+4
| | | | | | Set proper name of application. Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
* build: restructure Makefile for include/ directoryJan Engelhardt2009-02-121-0/+8
| | | | | | This patch will support adding libiptc to the headers list in future. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxtables: use const for vars holding literalsJan Engelhardt2009-02-121-2/+1
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* Merge branch 'master' of git://dev.medozas.de/iptablesPatrick McHardy2009-02-125-38/+21
|\
| * src: consolidate duplicate code in iptables/internal.hJan Engelhardt2009-02-103-4/+2
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxtables: move compat defines to xtables.cJan Engelhardt2009-02-102-10/+0
| | | | | | | | | | | | | | Addendum to commit v1.4.3-rc1-41-g77f48c2 where the macro users got moved. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * src: remove unused ipt_tryload macroJan Engelhardt2009-02-102-4/+0
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * src: remove iptables_rule_match indirection macroJan Engelhardt2009-02-102-2/+0
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxtables: decouple non-xtables parts from headerJan Engelhardt2009-02-104-6/+11
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxtables: remove unused XT_LIB_DIR macroJan Engelhardt2009-02-101-4/+0
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* | libxtables: simple aliasing macro for exit_errorJamal Hadi Salim2009-02-111-4/+4
| | | | | | | | | | | | | | | | | | | | | | Rename xtables_globals exit_error cb to exit_err and introduce a very simple aliasing macro to point to it. convert iptables, ip6tables and iptables_xml to use it. Note iptables_xml does not have to define its own exit_error() since it can use the basic one provided. Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca> Signed-off-by: Patrick McHardy <kaber@trash.net>
* | libxtables: Add exit_error cb to xtables_globalsJamal Hadi Salim2009-02-111-8/+9
| | | | | | | | | | | | | | | | | | | | Introduce exit_error() as part of xtables_globals structure. When an application registers its xtables_globals definition and does not specify its exit_error() it gets assigned a basic version Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca> Signed-off-by: Patrick McHardy <kaber@trash.net>
* | libxtables: define xtables_free_opts()Jamal Hadi Salim2009-02-111-0/+1
| | | | | | | | | | | | | | | | | | | | | | Introduce xtables_free_opts() an xtables variant of free_opts() which uses xtables_globals already set by xtables_set_params(). The end goal is to have all internal references in xtables.c use xtables_free_opts() instead of depending on external defined free_opts() Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca> Signed-off-by: Patrick McHardy <kaber@trash.net>
* | libxtables: Introduce global params structuringJamal Hadi Salim2009-02-111-0/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | introduce a new struct,xtables_globals, so as to localize the globals used and help in symbol renames. The applications must invoke xtables_set_params() before starting to use any iptables APIs. xtables_set_params() is intended to free xtables from depending (as it does right now) on existence of such externally definitions (from iptables/iptables6 etc). At the moment, xtables wont even compile without presence of at least one of {iptables/iptables6 etc} Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca> Signed-off-by: Patrick McHardy <kaber@trash.net>
* | Merge branch 'master' of git://dev.medozas.de/iptablesPatrick McHardy2009-02-093-88/+80
|\|
| * libxtables: move afinfo aroundJan Engelhardt2009-02-072-24/+1
| | | | | | | | | | | | | | libxtables should not rely on the program executable providing the magic constants for using [gs]etsockopt. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxtables: prefix/order - move parse_protocol to xtables.cJan Engelhardt2009-01-301-2/+19
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxtables: prefix/order - move check_inverse to xtables.cJan Engelhardt2009-01-301-1/+2
| | | | | | | | | | | | | | This also adds a warning that intrapositional negation support is deprecated. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxtables: prefix - parse and escaped output funcJan Engelhardt2009-01-301-3/+3
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxtables: prefix - misc functionsJan Engelhardt2009-01-301-3/+3
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxtables: prefix/order - ascii to ipaddr/ipmask inputJan Engelhardt2009-01-301-3/+3
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxtables: prefix/order - ipaddr/ipmask to ascii outputJan Engelhardt2009-01-301-6/+6
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxtables: prefix/order - param_actJan Engelhardt2009-01-301-14/+14
| | | | | | | | | | | | | | | | Changes: exittype -> xtables_exittype P_* -> XTF_* flags Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxtables: prefix/order - program_nameJan Engelhardt2009-01-302-5/+15
| | | | | | | | | | | | | | | | | | Split XTABLES_VERSION into xtables and iptables, and encode the xtables soversion into the extensions instead. This makes it possible to upgrade iptables without having to recompile 3rd-party extensions (if the libxtables version matches, of course). Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxtables: prefix/order - strtouiJan Engelhardt2009-01-271-14/+2
| | | | | | | | | | | | This commit also throws out the redundant string_to_number_*. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxtables: prefix/order - libdirJan Engelhardt2009-01-272-2/+1
| | | | | | | | | | | | Consolidate the libdir variable initialization code into xtables.c. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxtables: prefix/order - match/target loadingJan Engelhardt2009-01-272-23/+22
| | | | | | | | | | | | | | | | | | This change affects: find_{match,target} -> xtables_find_{match,target} enum xt_tryload -> enum xtables_tryload loose flags like DONT_LOAD -> XTF_DONT_LOAD Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxtables: prefix/order - modprobe and xtables.ko loadingJan Engelhardt2009-01-272-4/+5
| | | | | | | | | | | | | | | | | | This change affects: load_xtables_ko -> xtables_load_ko modprobe_program -> xtables_modprobe_program Now uses bool for the "quiet" flag. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxtables: prefix/order - fw_xallocJan Engelhardt2009-01-272-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | It is good practice to prefix names in a library some way so that it does not clash with external programs' variable names right on the first try. This change: rename fw_[cm]alloc to xtables_[cm]alloc and move the definition from internal.h to xtables.h to avoid potential compiler warnings. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* | xt_NFLOG: Set default NFLOG qthreshold to 0Eric Leblond2009-02-091-1/+1
| | | | | | | | | | | | | | By setting default NFLOG qthreshold to 0, userspace does not overwrite the per-instance value. Signed-off-by: Patrick McHardy <kaber@trash.net>
* | libxtables: prefix names and order #3Jan Engelhardt2009-02-012-23/+22
| | | | | | | | | | | | | | | | | | | | This change affects: find_{match,target} -> xtables_find_{match,target} enum xt_tryload -> enum xtables_tryload loose flags like DONT_LOAD -> XTF_DONT_LOAD Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* | libxtables: prefix names and order it #2Jan Engelhardt2009-02-012-4/+5
| | | | | | | | | | | | | | | | | | | | This change affects: load_xtables_ko -> xtables_load_ko modprobe_program -> xtables_modprobe_program Now uses bool for the "quiet" flag. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* | libbxtables: prefix names and order it #1Jan Engelhardt2009-02-012-3/+3
|/ | | | | | | | | | | | | | | | It is good practice to prefix names in a library some way so that it does not clash with external programs' variable names right on the first try. This change: rename fw_[cm]alloc to xtables_[cm]alloc and move the definition from internal.h to xtables.h to avoid potential compiler warnings. These functions are intended to fix Jamal's dependency problem in his tc's ipt action. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: remove unused include filesJan Engelhardt2008-12-076-141/+0
| | | | | | | | No .c files include any of these - in fact they seem to be remnants missed during commit b1f568309a09e61f892dee3c23279cecff0b0ff4 - so remove them. Signed-off-by: Patrick McHardy <kaber@trash.net>
* src: use NFPROTO_ constantsJan Engelhardt2008-11-182-0/+12
| | | | | | | | Resync netfilter.h from the latest kernel and make use of the new NFPROTO_ constants that have been introduced. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* libiptc: remove indirectionsJan Engelhardt2008-11-104-57/+57
| | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* libiptc: remove typedef indirectionJan Engelhardt2008-11-104-73/+71
| | | | | | | | | | | Don't you hate it when iptc_handle_t *x actually is a double-indirection struct iptc_handle **? This also shows the broken constness model, since "const iptc_handle_t x" = "iptc_handle_t const x" = "struct iptc_handle *const x", which is like no const at all. Lots of things to do then. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* Move libipt_recent to libxt_recentJan Engelhardt2008-10-222-27/+26
| | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* Add iptables support for the TPROXY targetKOVACS Krisztian2008-10-151-0/+14
| | | | | Signed-off-by: KOVACS Krisztian <hidden@sch.bme.hu> Signed-off-by: Patrick McHardy <kaber@trash.net>
* src: remove dependency on libiptc headersJan Engelhardt2008-08-044-10/+12
| | | | | | | | xtables.h does not need really need libxtc.h, and we can drop it from the install as it is internal-only. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* xt_string: string extension case insensitive matchingJoonwoo Park2008-07-071-1/+14
| | | | | | | | | The string extension can search patterns case insensitively with --icase option. A new revision 1 was added, in the meantime invert of xt_string_info was moved into flags as a flag. Signed-off-by: Joonwoo Park <joonwpark81@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
* addrtype match: added revision 1Laszlo Attila Toth2008-06-061-0/+14
| | | | | | | | | In revision 1 address type checking can be limited to either the incoming or outgoing interface depending on the current chain. In the FORWARD chain only one of them is allowed at the same time. Signed-off-by: Laszlo Attila Toth <panther@balabit.hu> Signed-off-by: Patrick McHardy <kaber@trash.net>
* Resync header files with kernelPatrick McHardy2008-06-0521-129/+473
| | | | | Resync headers and add types.h file for endian annotated types, which are not available with old headers.
* Add xtables version defines.Thomas Jarosch2008-06-031-0/+3
| | | | | | | | | | | | | Attached is a patch to add the new defines. The macro XTABLES_VERSION is already in use, so I named it XTABLES_VERSION_CHECK. I've also tested that an empty XTABLES_VERSION_EXTRA in configure.ac works. Now we can write code like this: #warning You are obselete and will be assimilated. Signed-off-by: Thomas Jarosch <thomas.jarosch@intra2net.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
* manpages: consistent syntaxPatrick McHardy2008-06-021-2/+2
| | | | | | | | | | In the manpages, bold is used to denote characters the user has to enter verbatim, italic denotes placeholders and non-highlighted pieces are used as a structure: "[]" specifying an optional part, "{}" a mandatory part, with "|" used for alternations. The "!" for negation is better supported before the option than after it, too. The patch makes a few files consistent with this style already used in manpages.
* iptables --list-rules commandHenrik Nordstrom2008-05-132-0/+3
| | | | | | | | | | | | | | | | | | Adds iptables --list-rules (-S) command, acting as a combination of iptables --list and iptables-save. The primary motivation behind this patch is to get iptables-save like output capabilities in iptables-restore, allowing "iptables-restore -n" to be used as a consistent API to iptables for all kind of operations, not only blind updates.. As a bonus iptables also gets the capability of printing the rules as-is. This completely replaces the earlier patch which added the --rules option. Henrik Nordstrom <henrik@henriknordstrom.net>
* Remove old functions, constantsJan Engelhardt2008-04-152-10/+0
|
* Dynamically create xtables.h.in with versionJan Engelhardt2008-04-151-0/+2
|
* Remove support for compilation of conditional extensionsJan Engelhardt2008-04-152-0/+519
|
* Add all necessary header files - compilation fix for various casesJan Engelhardt2008-04-1413-96/+230
| | | | | | Allow iptables to compile without a kernel source tree. This implies fixing build for older kernels, such as 2.6.17 which lack xt_SECMARK.h.