summaryrefslogtreecommitdiffstats
path: root/include
Commit message (Collapse)AuthorAgeFilesLines
* libxtables: prefix/order - program_nameJan Engelhardt2009-01-302-5/+15
| | | | | | | | | Split XTABLES_VERSION into xtables and iptables, and encode the xtables soversion into the extensions instead. This makes it possible to upgrade iptables without having to recompile 3rd-party extensions (if the libxtables version matches, of course). Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxtables: prefix/order - strtouiJan Engelhardt2009-01-271-14/+2
| | | | | | This commit also throws out the redundant string_to_number_*. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxtables: prefix/order - libdirJan Engelhardt2009-01-272-2/+1
| | | | | | Consolidate the libdir variable initialization code into xtables.c. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxtables: prefix/order - match/target loadingJan Engelhardt2009-01-272-23/+22
| | | | | | | | | This change affects: find_{match,target} -> xtables_find_{match,target} enum xt_tryload -> enum xtables_tryload loose flags like DONT_LOAD -> XTF_DONT_LOAD Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxtables: prefix/order - modprobe and xtables.ko loadingJan Engelhardt2009-01-272-4/+5
| | | | | | | | | This change affects: load_xtables_ko -> xtables_load_ko modprobe_program -> xtables_modprobe_program Now uses bool for the "quiet" flag. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxtables: prefix/order - fw_xallocJan Engelhardt2009-01-272-3/+3
| | | | | | | | | | | | It is good practice to prefix names in a library some way so that it does not clash with external programs' variable names right on the first try. This change: rename fw_[cm]alloc to xtables_[cm]alloc and move the definition from internal.h to xtables.h to avoid potential compiler warnings. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* src: remove unused include filesJan Engelhardt2008-12-076-141/+0
| | | | | | | | No .c files include any of these - in fact they seem to be remnants missed during commit b1f568309a09e61f892dee3c23279cecff0b0ff4 - so remove them. Signed-off-by: Patrick McHardy <kaber@trash.net>
* src: use NFPROTO_ constantsJan Engelhardt2008-11-182-0/+12
| | | | | | | | Resync netfilter.h from the latest kernel and make use of the new NFPROTO_ constants that have been introduced. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* libiptc: remove indirectionsJan Engelhardt2008-11-104-57/+57
| | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* libiptc: remove typedef indirectionJan Engelhardt2008-11-104-73/+71
| | | | | | | | | | | Don't you hate it when iptc_handle_t *x actually is a double-indirection struct iptc_handle **? This also shows the broken constness model, since "const iptc_handle_t x" = "iptc_handle_t const x" = "struct iptc_handle *const x", which is like no const at all. Lots of things to do then. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* Move libipt_recent to libxt_recentJan Engelhardt2008-10-222-27/+26
| | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* Add iptables support for the TPROXY targetKOVACS Krisztian2008-10-151-0/+14
| | | | | Signed-off-by: KOVACS Krisztian <hidden@sch.bme.hu> Signed-off-by: Patrick McHardy <kaber@trash.net>
* src: remove dependency on libiptc headersJan Engelhardt2008-08-044-10/+12
| | | | | | | | xtables.h does not need really need libxtc.h, and we can drop it from the install as it is internal-only. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* xt_string: string extension case insensitive matchingJoonwoo Park2008-07-071-1/+14
| | | | | | | | | The string extension can search patterns case insensitively with --icase option. A new revision 1 was added, in the meantime invert of xt_string_info was moved into flags as a flag. Signed-off-by: Joonwoo Park <joonwpark81@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
* addrtype match: added revision 1Laszlo Attila Toth2008-06-061-0/+14
| | | | | | | | | In revision 1 address type checking can be limited to either the incoming or outgoing interface depending on the current chain. In the FORWARD chain only one of them is allowed at the same time. Signed-off-by: Laszlo Attila Toth <panther@balabit.hu> Signed-off-by: Patrick McHardy <kaber@trash.net>
* Resync header files with kernelPatrick McHardy2008-06-0521-129/+473
| | | | | Resync headers and add types.h file for endian annotated types, which are not available with old headers.
* Add xtables version defines.Thomas Jarosch2008-06-031-0/+3
| | | | | | | | | | | | | Attached is a patch to add the new defines. The macro XTABLES_VERSION is already in use, so I named it XTABLES_VERSION_CHECK. I've also tested that an empty XTABLES_VERSION_EXTRA in configure.ac works. Now we can write code like this: #warning You are obselete and will be assimilated. Signed-off-by: Thomas Jarosch <thomas.jarosch@intra2net.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
* manpages: consistent syntaxPatrick McHardy2008-06-021-2/+2
| | | | | | | | | | In the manpages, bold is used to denote characters the user has to enter verbatim, italic denotes placeholders and non-highlighted pieces are used as a structure: "[]" specifying an optional part, "{}" a mandatory part, with "|" used for alternations. The "!" for negation is better supported before the option than after it, too. The patch makes a few files consistent with this style already used in manpages.
* iptables --list-rules commandHenrik Nordstrom2008-05-132-0/+3
| | | | | | | | | | | | | | | | | | Adds iptables --list-rules (-S) command, acting as a combination of iptables --list and iptables-save. The primary motivation behind this patch is to get iptables-save like output capabilities in iptables-restore, allowing "iptables-restore -n" to be used as a consistent API to iptables for all kind of operations, not only blind updates.. As a bonus iptables also gets the capability of printing the rules as-is. This completely replaces the earlier patch which added the --rules option. Henrik Nordstrom <henrik@henriknordstrom.net>
* Remove old functions, constantsJan Engelhardt2008-04-152-10/+0
|
* Dynamically create xtables.h.in with versionJan Engelhardt2008-04-151-0/+2
|
* Remove support for compilation of conditional extensionsJan Engelhardt2008-04-152-0/+519
|
* Add all necessary header files - compilation fix for various casesJan Engelhardt2008-04-1413-96/+230
| | | | | | Allow iptables to compile without a kernel source tree. This implies fixing build for older kernels, such as 2.6.17 which lack xt_SECMARK.h.
* Combine IP{,6}T_LIB_DIR into XTABLES_LIBDIRJan Engelhardt2008-04-132-8/+0
|
* Add support for xt_hashlimit match revision 1Jan Engelhardt2008-04-131-6/+32
|
* xtables.h: move non-exported parts to internal.hJan Engelhardt2008-04-132-61/+60
|
* Fix all remaining warnings (missing declarations, missing prototypes)Jan Engelhardt2008-04-135-2/+17
|
* Fix -Wshadow warnings and clean up xt_sctp.hJan Engelhardt2008-04-062-52/+39
| | | | | Note: xt_sctp.h is still not merged upstream in the kernel as of this commit. But a refactoring was really needed.
* Remove compiler.h inclusions.Patrick McHardy2008-02-223-4/+0
|
* Add netfilter.hPatrick McHardy2008-01-291-0/+48
|
* fix gcc warningsMax Kellermann2008-01-292-2/+2
| | | | Max Kellermann <max@duempel.org>
* escape stringsMax Kellermann2008-01-291-0/+6
| | | | Max Kellermann <max@duempel.org>
* [IPTABLES]: libxt_owner: UID/GID range supportJan Engelhardt2008-01-291-2/+2
| | | | | | UID/GID range support for libxt_owner Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
* libxt_CONNMARK revision 1Jan Engelhardt2008-01-291-0/+5
| | | | | | Add support for xt_CONNMARK target revision 1. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
* libxt_TCPOPTSTRIPSven Schnelle2008-01-201-0/+13
| | | | | | | Import libxt_TCPOPTSTRIP into iptables. Signed-off-by: Sven Schnelle <svens@bitebene.org> Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
* libxt_iprange r0Jan Engelhardt2008-01-202-5/+20
| | | | | | Move libipt_iprange to libxt_iprange. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
* libxt_mark r1Jan Engelhardt2008-01-201-1/+6
| | | | | | Introduce libxt_mark match revision 1 support. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
* rename overlapping function namesJan Engelhardt2008-01-202-5/+7
| | | | | | Rename overlapping function names. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
* bunch o' renamesJan Engelhardt2008-01-202-3/+8
| | | | | | | | Move a few functions from iptables.c/ip6tables.c to xtables.c so they are available for combined (both AF_INET and AF_INET6) libxt modules. Rename overlapping function names. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
* libxt_conntrack r0Jan Engelhardt2008-01-202-77/+83
| | | | | | Move libipt_conntrack to libxt_conntrack. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
* libxt_connmark r1Jan Engelhardt2008-01-201-0/+5
| | | | | | Add support for xt_connmark match revision 1. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
* libxt_MARK r2Jan Engelhardt2008-01-201-0/+4
| | | | | | | Add support for xt_MARK target revision 2. Also consolidate libip6t_MARK.man and libipt_MARK.man. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
* libxt_TOSJan Engelhardt2008-01-201-0/+5
| | | | | | | Move libipt_TOS revision 0 to libxt_TOS revision 0 and add support for xt_TOS target revision 1. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
* libxt_tosJan Engelhardt2008-01-201-0/+6
| | | | | | | Move libipt_tos revision 0 to libxt_tos revision 0 and add support for xt_tos match revision 1. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
* libxt_ownerJan Engelhardt2008-01-201-0/+16
| | | | | | | libxt_owner merges libipt_owner and libip6t_owner, and adds support for the xt_owner match revision 1. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
* common error messagesJan Engelhardt2008-01-201-1/+6
| | | | | | | | Error messages vary wildly among modules, and there is a lot of reundance in it too. Introduce a helper function that does all of the parameter checking boilerplate and gives unique messages. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
* Introduce strtonum(), which works like string_to_number(), but passesJan Engelhardt2008-01-201-0/+5
| | | | | | | | | | | | | | | | | | | | back the 'end' pointer. It is useful where you want to do boundary checking yet work with strings that are not entirely slurped by strtoul(), e.g.: s = "1/2"; /* one half */ if (!strtonum(s, &end, &value, 0, 5)) error("Zero-length string, or value out of bounds"); if (*end != '/') error("Malformed string"); info->param1 = value; if (!strtonum(end + 1, &end, &value, 2, 4)) error(".."); if (*end != '\0') error("Malformed string"); info->param2 = value; Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
* Converts the iptables build infrastructure to autotools.Jan Engelhardt2008-01-201-6/+7
| | | | | | | | | | | | | - Can build both static and dynamic at the same time - iptables-static will be a multi-binary, semi-static (link against libc but w/o dynamic plugins) - Always build IPv6 modules - consider INSTALL Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
* Add rateest match extensionPatrick McHardy2008-01-151-0/+33
| | | | Signed-off-by: Patrick McHardy <kaber@trash.net>
* Add RATEEST target extensionPatrick McHardy2008-01-151-0/+11
| | | | Signed-off-by: Patrick McHardy <kaber@trash.net>