summaryrefslogtreecommitdiffstats
path: root/include
Commit message (Collapse)AuthorAgeFilesLines
* extensions: add nfacct matchPablo Neira Ayuso2012-03-271-0/+17
| | | | | | | | | | | | | | This patch provides the user-space iptables support for the nfacct match. This can be used as it follows: nfacct add http-traffic iptables -I INPUT -p tcp --sport 80 -m nfacct --nfacct-name http-traffic iptables -I OUTPUT -p tcp --dport 80 -m nfacct --nfacct-name http-traffic nfacct get http-traffic See also man nfacct(8) for more information. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* Revert "libiptc: Returns the position the entry was inserted"Pablo Neira Ayuso2012-03-011-2/+1
| | | | | | | | | This reverts commit d65702c5c5bbab0ef12298386fa4098c72584e6c. This is breaking my iptables scripts: iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT iptables: Incompatible with this kernel.
* libiptc: Returns the position the entry was insertedJonh Wendell2012-02-291-1/+2
| | | | Jan Engelhardt showed no objections to this patch.
* extensions: add IPv6 capable ECN match extensionPatrick McHardy2012-02-232-35/+33
| | | | | | | Patrick submitted this patch by 9th Jun 2011, I'm recovering and applying it to iptables. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* extensions: add rpfilter moduleFlorian Westphal2012-02-231-0/+17
| | | | | Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* libiptc: use a family-invariant xtc_ops struct for code reductionJan Engelhardt2011-09-113-0/+17
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* src: resolve old macro names that are indirectionsJan Engelhardt2011-09-112-8/+8
| | | | | | | | | | | Command used: git grep -f <(pcregrep -hior '(?<=#define\s)IP6?(T_\w+)(?=\s+X\1)' include/) and then fix all occurrences. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libiptc: combine common types: _handleJan Engelhardt2011-09-115-73/+72
| | | | | | | No real API/ABI change incurred, since the definition of the structs' types is not visible anyhow. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libiptc: replace ipt_chainlabel by xt_chainlabelJan Engelhardt2011-09-114-44/+44
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libiptc: combine common typesJan Engelhardt2011-09-114-3/+11
| | | | | | | | Make an xt_chainlabel type out of ipt_chainlabel and ip6t_chainlabel, and add backward-API #defines. The ABI naturally does not change either, so no soversion bump. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* Merge branch 'master' of git://dev.medozas.de/iptablesJan Engelhardt2011-09-0841-292/+519
|\
| * include: refresh include files from kernel 3.1-rc3Jan Engelhardt2011-08-3140-292/+475
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxt_addrtype: add support for revision 1Jan Engelhardt2011-08-281-0/+44
| | | | | | | | | | | | | | | | Rev 1 was added to the kernel in commit v2.6.39-rc1~468^2~10^2~1 but there was no corresponding iptables patch so far. Cc: Florian Westphal <fw@strlen.de> Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* | iptables: move kernel version find routing into libxtablesJan Engelhardt2011-09-032-8/+8
|/ | | | | | | | That way, the remaining unreferenced symbols that do appear in libipt_DNAT and libipt_SNAT as part of the new check can be resolved, and the ugly -rdynamic hack can finally be removed. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* option: remove last traces of intrapositional negationJan Engelhardt2011-07-101-2/+0
| | | | | | Intrapositional negation was deprecated in 1.4.3. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* extensions: support for per-extension instance "global" variable spaceJan Engelhardt2011-06-211-3/+15
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxtables: use uintmax for xtables_strtoulJan Engelhardt2011-05-241-2/+2
| | | | | | | | | | | | | | | Addendum to 2305d5fb42fc059f38fc1bdf53411dbeecdb310b. I noticed that unsigned long long is not consistently used, for example, min/max are still just unsigned long, and strtoul is being called. Instead of changing it to unsigned long long, just use uintmax functions right away so this does not need size-related changing in the future. Cc: JP Abgrall <jpa@google.com> Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxt_quota: make sure uint64 is not truncatedJP Abgrall2011-05-201-1/+1
| | | | | The xtables_strtoul() would cram a long long into a long. The parse_int would try to cram a UINT64 into a long.
* libxtables: retract _NE types and use a flag insteadJan Engelhardt2011-05-181-6/+6
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* src: replace old IP*T_ALIGN macrosJan Engelhardt2011-05-122-14/+0
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* Merge branch 'floating/opts' of git://dev.medozas.de/iptablesPatrick McHardy2011-05-121-0/+3
|\
| * libxtables: XTTYPE_ETHERMAC supportJan Engelhardt2011-05-091-0/+3
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* | Merge branch 'opts' of git://dev.medozas.de/iptablesPatrick McHardy2011-05-111-4/+24
|\|
| * libxtables: XTTYPE_PROTOCOL supportJan Engelhardt2011-05-091-1/+3
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxt_multiport: use guided option parserJan Engelhardt2011-05-091-0/+2
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxtables: XTTYPE_HOSTMASK supportJan Engelhardt2011-05-091-0/+3
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxtables: XTTYPE_PLEN supportJan Engelhardt2011-05-091-0/+2
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxtables: do not overlay addr and mask parts, and cleanupJan Engelhardt2011-05-091-4/+13
| | | | | | | | | | | | | | | | | | XTTYPE_HOSTMASK will require that what has now become haddr, hmask/hlen are not overlays of another. Thus relax the structure and always set all members of the {haddr, hmask, hlen} triplet now for all types that touch any of the members. Add some more comments and clean out ONEHOST.
| * libxtables: support for XTTYPE_PLENMASKJan Engelhardt2011-05-091-1/+3
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* | Merge branch 'opts' of git://dev.medozas.de/iptablesPatrick McHardy2011-05-091-1/+4
|\|
| * libxtables: XTTYPE_DOUBLE supportJan Engelhardt2011-05-091-0/+3
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * extensions: remove bogus use of XT_GETOPT_TABLEENDJan Engelhardt2011-05-081-1/+1
| | | | | | | | | | | | | | | | | | | | Commit v1.4.8-36-g32b8e61 added this end marker in a little too many places: at non-getopt places. Fix that. Also change the definition of XT_GETOPT_TABLEEND to reference a struct getopt member by name so that this cannot happen again. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* | Merge branch 'opts' of git://dev.medozas.de/iptablesPatrick McHardy2011-05-091-1/+10
|\|
| * libxtables: XTTYPE_PORTRC supportJan Engelhardt2011-05-011-1/+5
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxt_TOS: use guided option parserJan Engelhardt2011-05-011-0/+5
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* | Move common parts of libext{4,6}.a into libext.aMaciej Żenczykowski2011-04-191-0/+1
| | | | | | | | Signed-off-by: Maciej Zenczykowski <maze@google.com>
* | Merge branch 'floating/opts' of git://dev.medozas.de/iptablesPatrick McHardy2011-04-181-1/+41
|\|
| * libxtables: XTTYPE_PORT supportJan Engelhardt2011-04-131-1/+5
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxtables: XTTYPE_ONEHOST supportJan Engelhardt2011-04-131-0/+3
| | | | | | | | | | | | | | | | The bonus of the POSIX socket API is that it is almost protocol-agnostic and that there are ready-made functions to take over the gist of address parsing and packing. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxtables: XTTYPE_SYSLOGLEVEL supportJan Engelhardt2011-04-131-1/+3
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxtables: pass struct xt_entry_{match,target} to x6 parserJan Engelhardt2011-04-131-0/+4
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxtables: XTTYPE_UINT16 supportJan Engelhardt2011-04-131-1/+2
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxtables: XTTYPE_UINT64RC supportJan Engelhardt2011-04-131-1/+2
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxtables: XTTYPE_UINT8RC supportJan Engelhardt2011-04-131-1/+2
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxtables: XTTYPE_UINT16RC supportJan Engelhardt2011-04-131-0/+2
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxtables: linked-list name<->id mapJan Engelhardt2011-04-131-0/+15
| | | | | | | | | | | | This consolidates the maps from libxt_devgroup and libxt_realm. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxtables: XTTYPE_UINT64 supportJan Engelhardt2011-04-131-0/+2
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxtables: XTTYPE_MARKMASK32 supportJan Engelhardt2011-04-131-0/+5
| | | | | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* | SET target revision 2 addedJozsef Kadlecsik2011-04-171-3/+17
| | | | | | | | | | | | | | | | | | The new revision of the SET target supports the following new operations - specifying the timeout value of the entry to be added - flag to instruct the kernel that if the entry already exists then reset the timeout value to the specified one (or to the default from the set definition)
* | Merge branch 'opts' of git://dev.medozas.de/iptablesPatrick McHardy2011-04-131-1/+9
|\|