summaryrefslogtreecommitdiffstats
path: root/ip6tables.c
Commit message (Collapse)AuthorAgeFilesLines
* reduce parse_*_port duplication (Phil Oester <kernel@linuxace.com>)Phil Oester2006-07-201-0/+13
| | | | | The below patch (dependent upon my 'reduce service_to_port duplication' patch) centralizes the parse_*_port functions into parse_port.
* reduce service_to_port duplication (Phil Oester <kernel@linuxace.com>)Phil Oester2006-07-201-0/+11
| | | | | The service_to_port function is used in a number of places, and could benefit from some centralization instead of being duplicated everywhere.
* In ip[6]tables.c, NUMBER_OF_OPT was increased to 12 for the OPT_COUNTERSPatrick McHardyHarald Welte2006-04-221-15/+16
| | | | | | option. However, the new array element is not initialized in either commands_v_options[NUMBER_OF_CMD][NUMBER_OF_OPT] or inverse_for_options[NUMBER_OF_OPT]. (Closes: #462)
* cmdflags is used in cmd2char() to return the option for a command. It uses theHarald Welte2006-04-211-2/+1
| | | | | | bit position of the command mask as an index in the array. There's no entry for CMD_CHECK (0x0800U), so lookups for CMD_RENAME_CHAIN (0x1000U) index outside the array. (Closes: #463)
* [IP6TABLES] kill manual comparing protocol name with "ipv6-icmp".Yasuyuki KOZAKAI2006-04-151-3/+1
|
* don't allow to specify protocol of IPv6 extension header (Yasuyuki Kozakai)Yasuyuki KOZAKAI2006-03-291-0/+16
| | | | | | | Sometimes I hear that people do 'ip6tables -p ah ...' which never matches any packet. IPv6 extension headers except of ESP are skipped and invalid as argument of '-p'. Then I propose that ip6tables exits with error in such case.
* Multiple matches of the same type can be specified on the commandline.Joszef Kadlecsik2006-03-031-25/+44
| | | | | | | | | | If two or more matches of the same type are detected then the options are assumed to be grouped in order to tell which option belongs to which match: ... -m foo ... <options0> ... -m foo ... <options1> ... Otherwise the commandline parsing is unmodified.
* Make '-p all' a special case that is handled before calling getprotoent() ↵Harald Welte2006-02-111-1/+7
| | | | (Closes: #446)
* fix double-free if a single match is used multiple times within a signle ruleHarald Welte2006-02-111-1/+3
| | | | | | (Closes: #440). However, while this fixes the double-free, it still doesn't make iptables support two of the same matches within one rule. Apparently the last matchinfo is copied into all the previous matchinfo instances.
* Fix probing for supported revisions (Jones Desougi <jones@ingate.com>)Jones Desougi2005-12-221-4/+4
| | | | Bugzilla #413
* The call to free_opts() in merge_options() is invalid C. The oldoptsMarcus Sundberg2005-07-291-3/+1
| | | | | | | | | argument always refers to the memory pointed to by the opts global, which may be freed by the call to free_opts(), but oldopts is used after the free_opts() call. This patch makes sure we don't use freed memory. (Marcus Sundberg <marcus@ingate.com>) ip6tables merge by myself.
* get rid of numerous gcc-4 warningsHarald Welte2005-07-191-1/+2
|
* reduce code replication of parse_interface() (Yasuyuki Kozakai)Yasuyuki KOZAKAI2005-06-221-2/+1
|
* Chain name should not start with '!' (Yasuyuki Kozakai ↵Yasuyuki KOZAKAI2005-06-131-2/+2
| | | | <yasuyuki.kozakai@toshiba.co.jp>)
* Release previously merged options from merge_opts(), reduces memory-usage of ↵Pablo Neira2005-05-291-5/+17
| | | | iptables-restore dramatically (Pablo Neira)
* re-sync ip6tables with iptables (check for init functions) (Jonas Berlin)Jonas Berlin2005-04-011-8/+12
|
* the optflags array contains a '3' for the OPT_LINENUMBERS entry while ↵Jonas Berlin2005-04-011-1/+1
| | | | everywhere else '0' is used (Jonas Berlin)
* Kill NFC_* stuff in iptables (Pablo Neira <pablo@eurodev.net>)Pablo Neira2005-02-141-5/+0
| | | | Fixes build with conntrack event patch for 2.6
* Fix setting lib_dir in ip*tables-{save,restore}Martin Josefsson2004-12-271-10/+1
|
* Don't need ipt_entry_target()/ip6t_entry_target() now kernel uses static ↵Rusty Russell2004-12-221-15/+8
| | | | | | inline instead of extern inline (otherwise it doesn't compile without -O). Don't re-initialize libiptc/libip6t unless modprobe attempt actually succeeds. This makes nfsim run about 20 times faster, as it doesn't have to explore failures in the first iptc_init().
* Implement IPTABLES_LIB_DIR and IP6TABLES_LIB_DIR environment variables, and ↵Rusty Russell2004-12-201-5/+11
| | | | set them in testsuite if we're running iptables within tree.
* Fix module-autoloading in certain cases (Fixse Debian Bug 219686)Harald Welte2004-10-221-3/+5
|
* slightly different semantics of iptc_builtinHarald Welte2004-08-301-1/+1
|
* Get rid of some warnings when compiling 64bit.Martin Josefsson2004-05-261-13/+13
|
* Add versions of string_to_number() for use in 32bit userspace with 64bit kernel.Martin Josefsson2004-05-261-5/+30
|
* When compiled static, don't show help-messages for all matches and targets,Martin Josefsson2004-05-261-11/+13
| | | | only show help for specified ones.
* Get rid of some memoryleaks.Martin Josefsson2004-05-181-3/+25
| | | | Will make ip(6)tables-restore sessions use less memory.
* fix case where somebody uses '-i +' as interface name (Ozgur AKAN)Ozgur AKAN2004-04-071-1/+1
|
* Bloody copy-n-edit. Make sure to use matches in the order they are given...Martin Josefsson2004-02-021-62/+67
|
* Fix even more possibly not zero-terminated strings after copy (Karsten Desler)Karsten Desler2004-01-311-0/+1
|
* Fix printing of odd ip6tables netmasks (Closes: #103)Harald Welte2003-06-241-3/+6
|
* Fix the previous fixMartin Josefsson2003-05-051-7/+1
| | | | No more segfaults or compilewarnings.
* fix memory leak(s) in libiptc. Reverts the previous (wrong) patch. (Martin ↵Martin Josefsson2003-05-021-1/+7
| | | | Josefsson)
* port 'line number on error in iptables-restore' from ipv4Harald Welte2003-03-051-0/+8
|
* rename-chain has a mandatary argument, not an optional (Juergen Baumann)Harald Welte2002-11-021-1/+1
|
* bring ip6tables up-to-date with recent iptables change (proto match ext)Harald Welte2002-08-261-0/+55
|
* minor fixes by kisza:András Kis-Szabó2002-08-141-94/+6
| | | | | | | | - remove -C(check) function from ip6tables - -M added to the getopts()'s list (missed) - small change in the iptables help - remove some unused code - some GPL notice added
* copyright / GPL noticeHarald Welte2002-08-071-0/+7
|
* chain name may not clash with target nameJoszef Kadlecsik2002-06-241-3/+8
|
* make find_target() and find_match() honor LOAD_MUST_SUCCEED when NO_SHARED_LIBSMarc Boucher2002-03-241-0/+8
| | | | is defined.
* Fix 'iptables -p !' bug (segfault when `!' used without argument)Harald Welte2002-03-141-12/+13
|
* sync ip6tables.c / ip6tables.8 with ipv4Harald Welte2002-03-031-238/+265
|
* IPv6 ICMP naming problem fixHarald Welte2001-10-041-8/+26
|
* - added patch to support statically linking of iptablesHarald Welte2001-08-061-0/+18
| | | | - iptables-save/-restore is no longer experimental
* string_to_number fixHarald Welte2001-07-231-15/+17
|
* small addition by kisza.András Kis-Szabó2001-06-271-0/+1
|
* Added support for iptables-restore module-load-on-demand (a. van schie)Harald Welte2001-06-161-1/+1
|
* name resolver patch (by kisza)András Kis-Szabó2001-06-161-47/+81
|
* ip6tables bug fixedHarald Welte2001-05-281-1/+1
|
* fixes '_' in interface names bug (iptables)Harald Welte2001-05-121-1/+1
| | | | fixes '+' in interface names bug (iptables-save)