summaryrefslogtreecommitdiffstats
path: root/ip6tables.c
Commit message (Collapse)AuthorAgeFilesLines
* Fix -Wshadow warnings and clean up xt_sctp.hJan Engelhardt2008-04-061-6/+6
| | | | | Note: xt_sctp.h is still not merged upstream in the kernel as of this commit. But a refactoring was really needed.
* fix gcc warningsMax Kellermann2008-01-291-4/+5
| | | | Max Kellermann <max@duempel.org>
* whitespace cleanupMax Kellermann2008-01-291-15/+15
| | | | Max Kellermann <max@duempel.org>
* rename overlapping function namesJan Engelhardt2008-01-201-155/+4
| | | | | | Rename overlapping function names. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
* bunch o' renamesJan Engelhardt2008-01-201-81/+10
| | | | | | | | Move a few functions from iptables.c/ip6tables.c to xtables.c so they are available for combined (both AF_INET and AF_INET6) libxt modules. Rename overlapping function names. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
* [PATCH iptables] print warnings to stderrMax Kellermann2007-10-171-6/+8
| | | | | | | | iptables prints some of its error messages and warnings to stdout. This patch applies to svn r7075 and will make iptables print diagnostic messages to stderr instead. Signed-off-by: Max Kellermann <max@duempel.org>
* Fix sscanf type errorsPatrick McHardy2007-10-171-6/+6
|
* Delete empty ->final_check() functionsJan Engelhardt2007-10-041-2/+3
| | | | | | | Deletes empty ->final_check() functions, and makes ip[6]tables checks for NULL on these. Signed-off-by: Jan Engelhardt <jengelh@gmx.de>
* Fix more sparse warnings: non-C99 array declaration, incorrect function ↵Patrick McHardy2007-09-081-22/+22
| | | | prototypes
* Fix strict aliasing warningsPatrick McHardy2007-09-051-2/+5
|
* Remove last vestiges of NFC (Peter Riley <Peter.Riley@hotpop.com>)Peter Riley2007-09-021-5/+4
|
* Make @msg argument a const char *, just like printf().Jan Engelhardt2007-08-011-1/+1
| | | | Signed-off-by: Jan Engelhardt <jengelh@gmx.de>
* Makes it possible to omit extra_opts of matches/targets if unnecessary.Jan Engelhardt2007-07-301-0/+3
| | | | | | (Jan Engelhardt <jengelh@gmx.de>) A nice side effect is that merge_option() doesn't copy options in that case.
* Moves some duplicated functions in ip[6]tables.c to xtables.cYasuyuki KOZAKAI2007-07-241-106/+0
| | | | | string_to_number_ll, string_to_number_l, string_to_number, service_to_port, parse_port, parse_interface, are moved.
* Introduces xtables match/target registrationYasuyuki KOZAKAI2007-07-241-287/+21
| | | | | | | | | | | | | | | | | | | | | | | - moves lib_dir to xtables.c - introduces struct pfinfo which has protocol family dependent infomations. - unifies load_ip[6]tables_ko() and moves them as load_xtables_ko() - introduces xt_{match,match_rule,target,tryload} and replaces ip[6]t_* with them - unifies following functions and move them to xtables.c - find_{match,find_target} - compatible_revision, compatible_{match,target}_revision - introduces xtables_register_{match,target} and make register_{match,target}[6] call them. xtables_register_* register ONLY matches/targets matched protocol family Some concepts: - source compatibility for libip[6]t_xxx.c with warning on compilation not binary compatibility. - binary compatibility between 2.4/2.6 kernel and iptables/ip6tables, of cause. - xtables is enough to support only one address family at runtime. Then xtables keeps infomations of only the focused address famiy in struct afinfo.
* Moves ip[6]tables_insmod() to xtables.c as xtables_insmod()Yasuyuki KOZAKAI2007-07-241-80/+1
|
* Moves common fw_malloc() and fw_calloc() to xtables.cYasuyuki KOZAKAI2007-07-241-24/+1
|
* Fix "iptables getsockopt failed strangely" when querying revisions for ↵Patrick McHardy2007-06-261-1/+1
| | | | | | non-existant matches and targets Reported by Joseph Jezak <josejx@gentoo.org>.
* A white space fix in ip6tables.cYasuyuki KOZAKAI2007-06-121-1/+1
|
* '-p all' and '-p 0' should be allowed. And actually ip6tables in kernelYasuyuki KOZAKAI2007-06-111-7/+6
| | | | | allows '! -p xxx' where xxx is extension header. It matches all valid IPv6 packets.
* In fixing bug #446 [1], the output for unspecified proto was changed from ↵Phil Oester2007-04-301-0/+1
| | | | "all" to "0". This reverts to the original behaviour, and closes bugzilla #543. (Phil Oester)
* Fixes typos in the argument of ip[6]tables_insmod: quit -> quietYasuyuki KOZAKAI2007-03-201-4/+4
|
* Supress error message from modprobe on checking revision.Yasuyuki KOZAKAI2007-03-131-8/+14
|
* Add ip6tables mh extension (Masahide NAKAMURA <nakam@linux-ipv6.org>)Masahide NAKAMURA2007-02-091-0/+5
| | | | Kernel part will go in 2.6.21
* Add UDPLITE multiport supportPatrick McHardy2007-01-111-0/+1
|
* Fix -E (rename) in iptables/ip6tablesKrzysztof Piotr Oledzki2006-11-141-1/+0
| | | | | | | | | | Remove ununsed CHECK entry in commands_v_options. It makes -E (rename) working again - generic_opt_check expects options for RENAME not for CHECK at that table index. Signed-off-by: Krzysztof Piotr Oledzki <ole@ans.pl> Signed-off-by: Patrick McHardy <kaber@trash.net>
* load ip_[6]tables.ko just before checking revision support in kernel.Yasuyuki KOZAKAI2006-11-131-2/+19
|
* - Add revision support to ip6tables.Rémi Denis-Courmont2006-10-201-3/+79
| | | | | - Add support port range match to libip6t_multiport (R?mi Denis-Courmont <rdenis@simphalempin.com>)
* Use negative-list for "weird character in interface" warning instead of ↵Patrick McHardy2006-09-201-4/+4
| | | | warning for basically every non-alphanumeric character.
* reduce parse_*_port duplication (Phil Oester <kernel@linuxace.com>)Phil Oester2006-07-201-0/+13
| | | | | The below patch (dependent upon my 'reduce service_to_port duplication' patch) centralizes the parse_*_port functions into parse_port.
* reduce service_to_port duplication (Phil Oester <kernel@linuxace.com>)Phil Oester2006-07-201-0/+11
| | | | | The service_to_port function is used in a number of places, and could benefit from some centralization instead of being duplicated everywhere.
* In ip[6]tables.c, NUMBER_OF_OPT was increased to 12 for the OPT_COUNTERSPatrick McHardyHarald Welte2006-04-221-15/+16
| | | | | | option. However, the new array element is not initialized in either commands_v_options[NUMBER_OF_CMD][NUMBER_OF_OPT] or inverse_for_options[NUMBER_OF_OPT]. (Closes: #462)
* cmdflags is used in cmd2char() to return the option for a command. It uses theHarald Welte2006-04-211-2/+1
| | | | | | bit position of the command mask as an index in the array. There's no entry for CMD_CHECK (0x0800U), so lookups for CMD_RENAME_CHAIN (0x1000U) index outside the array. (Closes: #463)
* [IP6TABLES] kill manual comparing protocol name with "ipv6-icmp".Yasuyuki KOZAKAI2006-04-151-3/+1
|
* don't allow to specify protocol of IPv6 extension header (Yasuyuki Kozakai)Yasuyuki KOZAKAI2006-03-291-0/+16
| | | | | | | Sometimes I hear that people do 'ip6tables -p ah ...' which never matches any packet. IPv6 extension headers except of ESP are skipped and invalid as argument of '-p'. Then I propose that ip6tables exits with error in such case.
* Multiple matches of the same type can be specified on the commandline.Joszef Kadlecsik2006-03-031-25/+44
| | | | | | | | | | If two or more matches of the same type are detected then the options are assumed to be grouped in order to tell which option belongs to which match: ... -m foo ... <options0> ... -m foo ... <options1> ... Otherwise the commandline parsing is unmodified.
* Make '-p all' a special case that is handled before calling getprotoent() ↵Harald Welte2006-02-111-1/+7
| | | | (Closes: #446)
* fix double-free if a single match is used multiple times within a signle ruleHarald Welte2006-02-111-1/+3
| | | | | | (Closes: #440). However, while this fixes the double-free, it still doesn't make iptables support two of the same matches within one rule. Apparently the last matchinfo is copied into all the previous matchinfo instances.
* Fix probing for supported revisions (Jones Desougi <jones@ingate.com>)Jones Desougi2005-12-221-4/+4
| | | | Bugzilla #413
* The call to free_opts() in merge_options() is invalid C. The oldoptsMarcus Sundberg2005-07-291-3/+1
| | | | | | | | | argument always refers to the memory pointed to by the opts global, which may be freed by the call to free_opts(), but oldopts is used after the free_opts() call. This patch makes sure we don't use freed memory. (Marcus Sundberg <marcus@ingate.com>) ip6tables merge by myself.
* get rid of numerous gcc-4 warningsHarald Welte2005-07-191-1/+2
|
* reduce code replication of parse_interface() (Yasuyuki Kozakai)Yasuyuki KOZAKAI2005-06-221-2/+1
|
* Chain name should not start with '!' (Yasuyuki Kozakai ↵Yasuyuki KOZAKAI2005-06-131-2/+2
| | | | <yasuyuki.kozakai@toshiba.co.jp>)
* Release previously merged options from merge_opts(), reduces memory-usage of ↵Pablo Neira2005-05-291-5/+17
| | | | iptables-restore dramatically (Pablo Neira)
* re-sync ip6tables with iptables (check for init functions) (Jonas Berlin)Jonas Berlin2005-04-011-8/+12
|
* the optflags array contains a '3' for the OPT_LINENUMBERS entry while ↵Jonas Berlin2005-04-011-1/+1
| | | | everywhere else '0' is used (Jonas Berlin)
* Kill NFC_* stuff in iptables (Pablo Neira <pablo@eurodev.net>)Pablo Neira2005-02-141-5/+0
| | | | Fixes build with conntrack event patch for 2.6
* Fix setting lib_dir in ip*tables-{save,restore}Martin Josefsson2004-12-271-10/+1
|
* Don't need ipt_entry_target()/ip6t_entry_target() now kernel uses static ↵Rusty Russell2004-12-221-15/+8
| | | | | | inline instead of extern inline (otherwise it doesn't compile without -O). Don't re-initialize libiptc/libip6t unless modprobe attempt actually succeeds. This makes nfsim run about 20 times faster, as it doesn't have to explore failures in the first iptc_init().
* Implement IPTABLES_LIB_DIR and IP6TABLES_LIB_DIR environment variables, and ↵Rusty Russell2004-12-201-5/+11
| | | | set them in testsuite if we're running iptables within tree.