summaryrefslogtreecommitdiffstats
path: root/iptables-restore.c
Commit message (Collapse)AuthorAgeFilesLines
* src: move all iptables pieces into a separate directoryJan Engelhardt2011-06-071-471/+0
| | | | | | (Unclutter top-level dir) Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* Move common parts of libext{4,6}.a into libext.aMaciej Żenczykowski2011-04-191-0/+1
| | | | Signed-off-by: Maciej Zenczykowski <maze@google.com>
* v4: rename do_command() to do_command4()Maciej Zenczykowski2011-04-041-2/+2
| | | | | Signed-off-by: Maciej Zenczykowski <maze@google.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
* v4: rename delete_chain() to delete_chain4()Maciej Zenczykowski2011-04-041-1/+1
| | | | | Signed-off-by: Maciej Zenczykowski <maze@google.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
* v4: rename flush_entries() to flush_entries4()Maciej Zenczykowski2011-04-041-1/+1
| | | | | Signed-off-by: Maciej Zenczykowski <maze@google.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
* v4: rename for_each_chain() to for_each_chain4()Maciej Zenczykowski2011-04-041-2/+2
| | | | | Signed-off-by: Maciej Zenczykowski <maze@google.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
* v4: rename init_extensions() to init_extensions4()Maciej Zenczykowski2011-04-041-1/+1
| | | | | Signed-off-by: Maciej Zenczykowski <maze@google.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
* mark newly opened fds as FD_CLOEXEC (close on exec)Maciej Zenczykowski2011-04-041-1/+1
| | | | | | | (This is iptables-1.4.3.1-cloexec.patch from RedHat iptables.src.rpm) Signed-off-by: Maciej Zenczykowski <maze@google.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
* Remove unused CVS expanded keywordsJan Engelhardt2011-02-191-2/+0
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* iptables: remove more redundant castsJan Engelhardt2011-01-311-3/+1
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* iptables: remove bogus address-ofJan Engelhardt2011-01-311-1/+1
| | | | | | | Casts are bad. &curtable is actually of type char (*)[], which is quite different from what add_argv expects. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* iptables: warn when parameter limit is exceededJan Engelhardt2011-01-311-1/+4
| | | | | | | | | While testing many match extensions in a single rule, I ran into this error not warned about. Arguments were just ignored, causing surprising "Need to specify an argument to --whatever" when the argument was in fact given on the command line. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* iptables-restore: resolve confusing policy error messageRob Leslie2010-12-181-1/+1
| | | | | | | | | | | | | When iptables-restore (and ip6tables-restore) is unable to set a chain's policy, it responds with a confusing message, e.g.: iptables-restore v1.4.9: Can't set policy "PREROUTING" on "ACCEPT" line 16: Bad built-in chain name This is due to the chain and policy arguments being used in the wrong order. The attached patch corrects this problem. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* xtables: another try at chain name length checkingJan Engelhardt2010-06-071-2/+2
| | | | | | | Since XT_EXTENSION_MAXNAMELEN is now available, make use of it and clear the confusion. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* iptables: correctly check for too-long chain/target/match namesJan Engelhardt2010-03-161-0/+6
| | | | | | | | | * iptables-restore was not checking for chain name length * iptables was not checking for match name length * target length was checked against 32, not 29. References: http://bugzilla.netfilter.org/show_bug.cgi?id=641 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* build: combine iptables-multi and iptables-staticJan Engelhardt2009-07-251-1/+1
| | | | | | | | | | | | | | | Changed the Makefile so that: 1. --enable-shared / --disable-shared control the linkage against libdl (and thus the potential to use 3rd party extensions) 2. --enable-static / --disable-static controls whether shipped extensions are built-in or provided as modules iptables-static becomes redundant by this action; iptables-multi now has the feature. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* iptables: close open file descriptorsJan Engelhardt2009-06-101-0/+2
| | | | | | | Just for correctness, close some file descriptors that were opened. (E.g. ip6tables-save reading from procfs files.) Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* iptables: replace open-coded sizeof by ARRAY_SIZEJan Engelhardt2009-05-261-1/+1
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxtables: prefix exit_error to xtables_errorJan Engelhardt2009-02-211-13/+13
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxtables: general follow-up cleanupJamal Hadi Salim2009-02-131-9/+8
| | | | | | Kill program_name, program_version and xtables_program_name. Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
* libxtables: consolidate init calls into one functionJamal Hadi Salim2009-02-131-2/+7
| | | | | | | | | | | Introduce xtables_init_all() which hides three calls xtables_init(), xtables_set_nfproto(), and xtables_set_params(). Make ip[6]tables-restore, ip[6]tables-save and ip[6]tables-standalone use it. I moved xtables_set_params around for readability reasons. Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
* libxtables: set names of programsJamal Hadi Salim2009-02-121-0/+1
| | | | | | Set proper name of application. Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
* libxtables: move afinfo aroundJan Engelhardt2009-02-071-0/+1
| | | | | | | libxtables should not rely on the program executable providing the magic constants for using [gs]etsockopt. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxtables: prefix/order - program_nameJan Engelhardt2009-01-301-2/+3
| | | | | | | | | Split XTABLES_VERSION into xtables and iptables, and encode the xtables soversion into the extensions instead. This makes it possible to upgrade iptables without having to recompile 3rd-party extensions (if the libxtables version matches, of course). Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxtables: prefix/order - libdirJan Engelhardt2009-01-271-10/+1
| | | | | | Consolidate the libdir variable initialization code into xtables.c. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxtables: prefix/order - modprobe and xtables.ko loadingJan Engelhardt2009-01-271-2/+3
| | | | | | | | | This change affects: load_xtables_ko -> xtables_load_ko modprobe_program -> xtables_modprobe_program Now uses bool for the "quiet" flag. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* env: augment deprecation noticeJan Engelhardt2009-01-071-1/+2
| | | | | | | Tell the user what to use instead of IP*TABLES_LIBDIR. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: reuse the global modprobe_program variableJan Engelhardt2008-11-181-5/+4
| | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* libiptc: remove indirectionsJan Engelhardt2008-11-101-7/+9
| | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* libiptc: remove typedef indirectionJan Engelhardt2008-11-101-3/+3
| | | | | | | | | | | Don't you hate it when iptc_handle_t *x actually is a double-indirection struct iptc_handle **? This also shows the broken constness model, since "const iptc_handle_t x" = "iptc_handle_t const x" = "struct iptc_handle *const x", which is like no const at all. Lots of things to do then. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* iptables-restore: fix segmentation fault with -tanythingJan Engelhardt2008-08-041-1/+1
| | | | | | | | | | | | | | | | | | | | Reference: Debian bug #458042 iptables-restore must not pass a table into do_command. It checks for "-t arg" and "--table arg", but not "-targ". (On a related note, using -targ does not work as expected). This should fail gracefully, but crashes: iptables-restore <(echo -e '*filter\n-A INPUT -tx\nCOMMIT') And this should use table "filter", or perhaps raise an error, but instead sets the table to (literally) "-tfilter": iptables -tfilter -A INPUT Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* sparse warning fixes: integer used as pointerPatrick McHardy2008-06-071-2/+2
| | | | Signed-off-by: Patrick McHardy <kaber@trash.net>
* Make iptables-restore usable over a pipeHenrik Nordstrom2008-05-121-0/+1
| | | | | | | | The attached patch flushes stdout between commands to make output operations (-L etc) in iptables-restore usable over a pipe. stdio by defaut buffers output if not connected to a terminal. Henrik Nordstrom <henrik@henriknordstrom.net>
* Remove old functions, constantsJan Engelhardt2008-04-151-2/+2
|
* iptables: use C99 lists for struct optionsGáspár Lajos2008-04-141-10/+10
|
* Combine IP{,6}T_LIB_DIR into XTABLES_LIBDIRJan Engelhardt2008-04-131-3/+8
|
* Fix all remaining warnings (missing declarations, missing prototypes)Jan Engelhardt2008-04-131-1/+2
|
* allow empty strings in argument parserMax Kellermann2008-01-291-7/+5
| | | | Max Kellermann <max@duempel.org>
* unescape parametersMax Kellermann2008-01-291-28/+21
| | | | Max Kellermann <max@duempel.org>
* use size_tMax Kellermann2008-01-291-1/+1
| | | | Max Kellermann <max@duempel.org>
* whitespace cleanupMax Kellermann2008-01-291-17/+17
| | | | Max Kellermann <max@duempel.org>
* iptables-edit: iptables-edit: adds --table to iptables-restorePeter Warasin2007-11-051-1/+11
| | | | | | adds --table to iptables-restore which allows to restore only the supplied table Signed-off-by: Peter Warasin <peter@endian.com>
* Fix sscanf type errorsPatrick McHardy2007-10-171-5/+9
|
* Fix strict aliasing warningsPatrick McHardy2007-09-051-1/+5
|
* Introduces xtables match/target registrationYasuyuki KOZAKAI2007-07-241-1/+1
| | | | | | | | | | | | | | | | | | | | | | | - moves lib_dir to xtables.c - introduces struct pfinfo which has protocol family dependent infomations. - unifies load_ip[6]tables_ko() and moves them as load_xtables_ko() - introduces xt_{match,match_rule,target,tryload} and replaces ip[6]t_* with them - unifies following functions and move them to xtables.c - find_{match,find_target} - compatible_revision, compatible_{match,target}_revision - introduces xtables_register_{match,target} and make register_{match,target}[6] call them. xtables_register_* register ONLY matches/targets matched protocol family Some concepts: - source compatibility for libip[6]t_xxx.c with warning on compilation not binary compatibility. - binary compatibility between 2.4/2.6 kernel and iptables/ip6tables, of cause. - xtables is enough to support only one address family at runtime. Then xtables keeps infomations of only the focused address famiy in struct afinfo.
* Moves ip[6]tables_insmod() to xtables.c as xtables_insmod()Yasuyuki KOZAKAI2007-07-241-1/+2
|
* Fix missing newlines in iptables-save/restore output (Pavol Rusnak ↵Pavel Rusnak2007-05-101-2/+2
| | | | | | <prusnak@suse.cz>) Bugzilla #568
* fix problem with iptables-restore and quotes (close bugzilla id 505)Pablo Neira Ayuso2007-04-181-15/+32
|
* revert some slipped through patchesPablo Neira AyusoMaurice van der Pot2007-04-161-32/+15
|
* prepare conntrack and conntrackd merge: rename conntrack to conntrack-toolsPablo Neira Ayuso2007-04-161-15/+32
|