Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | load ip_[6]tables.ko just before checking revision support in kernel. | Yasuyuki KOZAKAI | 2006-11-13 | 1 | -2/+19 |
| | |||||
* | Fix spelling error | Patrick McHardy | 2006-10-11 | 1 | -1/+1 |
| | |||||
* | Use negative-list for "weird character in interface" warning instead of ↵ | Patrick McHardy | 2006-09-20 | 1 | -3/+3 |
| | | | | warning for basically every non-alphanumeric character. | ||||
* | Revert "proto_to_name duplication" patch, as noticed by Yasuyuki it can cause | Patrick McHardyJesper Brouer | 2006-07-25 | 1 | -2/+1 |
| | | | | invalid arguments to get accepted. | ||||
* | proto_to_name duplication (Phil Oester <kernel@linuxace.com>) | Phil Oester | 2006-07-22 | 1 | -1/+2 |
| | | | | | Update multiport match to use the iptables version of proto_to_name instead of reinventing the wheel. | ||||
* | reduce parse_*_port duplication (Phil Oester <kernel@linuxace.com>) | Phil Oester | 2006-07-20 | 1 | -0/+13 |
| | | | | | The below patch (dependent upon my 'reduce service_to_port duplication' patch) centralizes the parse_*_port functions into parse_port. | ||||
* | reduce service_to_port duplication (Phil Oester <kernel@linuxace.com>) | Phil Oester | 2006-07-20 | 1 | -0/+11 |
| | | | | | The service_to_port function is used in a number of places, and could benefit from some centralization instead of being duplicated everywhere. | ||||
* | iptables: handle cidr notation more sanely (Phil Oester <kernel@linuxace.com>) | Phil Oester | 2006-07-10 | 1 | -0/+30 |
| | | | | | | | | | | | | | | | | At present, a command such as iptables -A foo -s 10.10/16 will interpret 10.10/16 as 10.0.0.10/16, and after applying the mask end up with 10.0.0.0/16, which likely isn't what the user intended. Yet some people do expect 10.10 (without the cidr notation) to end up as 10.0.0.10. The below patch should satisfy all parties. It zero pads the missing octets only in the cidr case, leaving the IP untouched otherwise. This resolves bug #422 | ||||
* | In ip[6]tables.c, NUMBER_OF_OPT was increased to 12 for the OPT_COUNTERS | Patrick McHardyHarald Welte | 2006-04-22 | 1 | -15/+16 |
| | | | | | | option. However, the new array element is not initialized in either commands_v_options[NUMBER_OF_CMD][NUMBER_OF_OPT] or inverse_for_options[NUMBER_OF_OPT]. (Closes: #462) | ||||
* | cmdflags is used in cmd2char() to return the option for a command. It uses the | Harald Welte | 2006-04-21 | 1 | -2/+1 |
| | | | | | | bit position of the command mask as an index in the array. There's no entry for CMD_CHECK (0x0800U), so lookups for CMD_RENAME_CHAIN (0x1000U) index outside the array. (Closes: #463) | ||||
* | Multiple matches of the same type can be specified on the commandline. | Joszef Kadlecsik | 2006-03-03 | 1 | -7/+32 |
| | | | | | | | | | | If two or more matches of the same type are detected then the options are assumed to be grouped in order to tell which option belongs to which match: ... -m foo ... <options0> ... -m foo ... <options1> ... Otherwise the commandline parsing is unmodified. | ||||
* | Make '-p all' a special case that is handled before calling getprotoent() ↵ | Harald Welte | 2006-02-11 | 1 | -1/+7 |
| | | | | (Closes: #446) | ||||
* | fix double-free if a single match is used multiple times within a signle rule | Harald Welte | 2006-02-11 | 1 | -1/+3 |
| | | | | | | (Closes: #440). However, while this fixes the double-free, it still doesn't make iptables support two of the same matches within one rule. Apparently the last matchinfo is copied into all the previous matchinfo instances. | ||||
* | Fix probing for supported revisions (Jones Desougi <jones@ingate.com>) | Jones Desougi | 2005-12-22 | 1 | -4/+4 |
| | | | | Bugzilla #413 | ||||
* | fix compilation of iptables on [old] systems that don't have IPT_F_GOTO | Harald Welte | 2005-11-24 | 1 | -0/+2 |
| | |||||
* | only set revisions on real targets, not on jumps. (Pablo Neira) | Pablo Neira | 2005-11-17 | 1 | -1/+3 |
| | |||||
* | add 'goto' support (Henrik Nordstrom <hno@marasystems.com>) | Henrik Nordstrom | 2005-11-05 | 1 | -1/+23 |
| | |||||
* | Kernels higher than 2.6.10 don't support multiple --to arguments in | Phil Oester | 2005-09-19 | 1 | -0/+18 |
| | | | | | | | | | | | | | | | | | | | | | DNAT and SNAT targets. At present, the error is somewhat vague: # iptables -t nat -A foo -j SNAT --to 1.2.3.4 --to 2.3.4.5 iptables: Invalid argument But if we want current iptables to work with kernels <= 2.6.10, we cannot simply disallow this in all cases. So the below patch adds kernel version checking to iptables, and utilizes it in [DS]NAT. Now, users will see a more informative error: # iptables -t nat -A foo -j SNAT --to 1.2.3.4 --to 2.3.4.5 iptables v1.3.3: Multiple --to-source not supported This generic infrastructure (shamelessly lifted from procps btw) may come in handy in the future for other changes. This fixes bugzilla #367. (Phil Oester) | ||||
* | The call to free_opts() in merge_options() is invalid C. The oldopts | Marcus Sundberg | 2005-07-29 | 1 | -3/+1 |
| | | | | | | | | | argument always refers to the memory pointed to by the opts global, which may be freed by the call to free_opts(), but oldopts is used after the free_opts() call. This patch makes sure we don't use freed memory. (Marcus Sundberg <marcus@ingate.com>) ip6tables merge by myself. | ||||
* | get rid of numerous gcc-4 warnings | Harald Welte | 2005-07-19 | 1 | -1/+2 |
| | |||||
* | reduce code replication of parse_interface() (Yasuyuki Kozakai) | Yasuyuki KOZAKAI | 2005-06-22 | 1 | -2/+1 |
| | |||||
* | Chain name should not start with '!' (Yasuyuki Kozakai ↵ | Yasuyuki KOZAKAI | 2005-06-13 | 1 | -2/+2 |
| | | | | <yasuyuki.kozakai@toshiba.co.jp>) | ||||
* | Release previously merged options from merge_opts(), reduces memory-usage of ↵ | Pablo Neira | 2005-05-29 | 1 | -6/+17 |
| | | | | iptables-restore dramatically (Pablo Neira) | ||||
* | poll goto specific changes out of trunk | Harald WeltePablo Neira | 2005-04-15 | 1 | -3/+0 |
| | |||||
* | fix iptables-save/restore of goto (Jonas Berlin) | Jonas Berlin | 2005-04-15 | 1 | -0/+3 |
| | |||||
* | the optflags array contains a '3' for the OPT_LINENUMBERS entry while ↵ | Jonas Berlin | 2005-04-01 | 1 | -1/+1 |
| | | | | everywhere else '0' is used (Jonas Berlin) | ||||
* | Kill NFC_* stuff in iptables (Pablo Neira <pablo@eurodev.net>) | Pablo Neira | 2005-02-14 | 1 | -10/+8 |
| | | | | Fixes build with conntrack event patch for 2.6 | ||||
* | Remove leftover debug printf | Martin Josefsson | 2005-01-03 | 1 | -3/+0 |
| | |||||
* | Replace memchr with strlen and fix up one of the statements. | Martin Josefsson | 2005-01-03 | 1 | -4/+4 |
| | |||||
* | Extension revision number support (if kernel supports the getsockopts). | Rusty Russell | 2005-01-03 | 1 | -5/+120 |
| | | | | | Enhance MARK match with second revision. Committed in anticipation of the kernel patch being applied. | ||||
* | Fix setting lib_dir in ip*tables-{save,restore} | Martin Josefsson | 2004-12-27 | 1 | -10/+1 |
| | |||||
* | Don't need ipt_entry_target()/ip6t_entry_target() now kernel uses static ↵ | Rusty Russell | 2004-12-22 | 1 | -15/+8 |
| | | | | | | inline instead of extern inline (otherwise it doesn't compile without -O). Don't re-initialize libiptc/libip6t unless modprobe attempt actually succeeds. This makes nfsim run about 20 times faster, as it doesn't have to explore failures in the first iptc_init(). | ||||
* | Implement IPTABLES_LIB_DIR and IP6TABLES_LIB_DIR environment variables, and ↵ | Rusty Russell | 2004-12-20 | 1 | -4/+10 |
| | | | | set them in testsuite if we're running iptables within tree. | ||||
* | Fix module-autoloading in certain cases (Fixse Debian Bug 219686) | Harald Welte | 2004-10-22 | 1 | -3/+5 |
| | |||||
* | fix slightly changed semantics of iptc_is_builtin | Harald Welte | 2004-08-30 | 1 | -1/+1 |
| | |||||
* | Allocate enough memory for addr-list in host_to_addr() | Patrick McHardy | 2004-08-03 | 1 | -1/+1 |
| | |||||
* | fix dual-free bug with multiple-A dns records (keso@klister.net) | keso | 2004-07-04 | 1 | -5/+2 |
| | |||||
* | Get rid of some warnings when compiling 64bit. | Martin Josefsson | 2004-05-26 | 1 | -13/+13 |
| | |||||
* | Add versions of string_to_number() for use in 32bit userspace with 64bit kernel. | Martin Josefsson | 2004-05-26 | 1 | -5/+30 |
| | |||||
* | When compiled static, don't show help-messages for all matches and targets, | Martin Josefsson | 2004-05-26 | 1 | -11/+13 |
| | | | | only show help for specified ones. | ||||
* | Get rid of some memoryleaks. | Martin Josefsson | 2004-05-18 | 1 | -3/+25 |
| | | | | Will make ip(6)tables-restore sessions use less memory. | ||||
* | fix case where somebody uses '-i +' as interface name (Ozgur AKAN) | Ozgur AKAN | 2004-04-07 | 1 | -1/+1 |
| | |||||
* | add userspace part of SCTP match | Harald Welte | 2004-02-21 | 1 | -0/+1 |
| | |||||
* | Make sure to use matches in the order they are given when calling ↵ | Martin Josefsson | 2004-02-02 | 1 | -62/+67 |
| | | | | do_command() multiple times. | ||||
* | Fix another possibly not zero-terminated string after copy (Karsten Desler) | Karsten Desler | 2004-01-31 | 1 | -0/+1 |
| | |||||
* | Fix possibly not zero-terminated string after copy (Karsten Desler) | Karsten Desler | 2004-01-31 | 1 | -0/+1 |
| | |||||
* | Fix '-L format bug' (Edward J. Huff) (Closes: #93) | Harald Welte | 2003-05-31 | 1 | -2/+2 |
| | |||||
* | Fix the previous fix | Martin Josefsson | 2003-05-05 | 1 | -7/+1 |
| | | | | No more segfaults or compilewarnings. | ||||
* | fix trivial typo | Harald Welte | 2003-05-03 | 1 | -1/+1 |
| | |||||
* | fix memory leak(s) in libiptc. Reverts the previous (wrong) patch. (Martin ↵ | Martin Josefsson | 2003-05-02 | 1 | -1/+7 |
| | | | | Josefsson) |