summaryrefslogtreecommitdiffstats
path: root/iptables.c
Commit message (Collapse)AuthorAgeFilesLines
* In ip[6]tables.c, NUMBER_OF_OPT was increased to 12 for the OPT_COUNTERSPatrick McHardyHarald Welte2006-04-221-15/+16
| | | | | | option. However, the new array element is not initialized in either commands_v_options[NUMBER_OF_CMD][NUMBER_OF_OPT] or inverse_for_options[NUMBER_OF_OPT]. (Closes: #462)
* cmdflags is used in cmd2char() to return the option for a command. It uses theHarald Welte2006-04-211-2/+1
| | | | | | bit position of the command mask as an index in the array. There's no entry for CMD_CHECK (0x0800U), so lookups for CMD_RENAME_CHAIN (0x1000U) index outside the array. (Closes: #463)
* Multiple matches of the same type can be specified on the commandline.Joszef Kadlecsik2006-03-031-7/+32
| | | | | | | | | | If two or more matches of the same type are detected then the options are assumed to be grouped in order to tell which option belongs to which match: ... -m foo ... <options0> ... -m foo ... <options1> ... Otherwise the commandline parsing is unmodified.
* Make '-p all' a special case that is handled before calling getprotoent() ↵Harald Welte2006-02-111-1/+7
| | | | (Closes: #446)
* fix double-free if a single match is used multiple times within a signle ruleHarald Welte2006-02-111-1/+3
| | | | | | (Closes: #440). However, while this fixes the double-free, it still doesn't make iptables support two of the same matches within one rule. Apparently the last matchinfo is copied into all the previous matchinfo instances.
* Fix probing for supported revisions (Jones Desougi <jones@ingate.com>)Jones Desougi2005-12-221-4/+4
| | | | Bugzilla #413
* fix compilation of iptables on [old] systems that don't have IPT_F_GOTOHarald Welte2005-11-241-0/+2
|
* only set revisions on real targets, not on jumps. (Pablo Neira)Pablo Neira2005-11-171-1/+3
|
* add 'goto' support (Henrik Nordstrom <hno@marasystems.com>)Henrik Nordstrom2005-11-051-1/+23
|
* Kernels higher than 2.6.10 don't support multiple --to arguments inPhil Oester2005-09-191-0/+18
| | | | | | | | | | | | | | | | | | | | | DNAT and SNAT targets. At present, the error is somewhat vague: # iptables -t nat -A foo -j SNAT --to 1.2.3.4 --to 2.3.4.5 iptables: Invalid argument But if we want current iptables to work with kernels <= 2.6.10, we cannot simply disallow this in all cases. So the below patch adds kernel version checking to iptables, and utilizes it in [DS]NAT. Now, users will see a more informative error: # iptables -t nat -A foo -j SNAT --to 1.2.3.4 --to 2.3.4.5 iptables v1.3.3: Multiple --to-source not supported This generic infrastructure (shamelessly lifted from procps btw) may come in handy in the future for other changes. This fixes bugzilla #367. (Phil Oester)
* The call to free_opts() in merge_options() is invalid C. The oldoptsMarcus Sundberg2005-07-291-3/+1
| | | | | | | | | argument always refers to the memory pointed to by the opts global, which may be freed by the call to free_opts(), but oldopts is used after the free_opts() call. This patch makes sure we don't use freed memory. (Marcus Sundberg <marcus@ingate.com>) ip6tables merge by myself.
* get rid of numerous gcc-4 warningsHarald Welte2005-07-191-1/+2
|
* reduce code replication of parse_interface() (Yasuyuki Kozakai)Yasuyuki KOZAKAI2005-06-221-2/+1
|
* Chain name should not start with '!' (Yasuyuki Kozakai ↵Yasuyuki KOZAKAI2005-06-131-2/+2
| | | | <yasuyuki.kozakai@toshiba.co.jp>)
* Release previously merged options from merge_opts(), reduces memory-usage of ↵Pablo Neira2005-05-291-6/+17
| | | | iptables-restore dramatically (Pablo Neira)
* poll goto specific changes out of trunkHarald WeltePablo Neira2005-04-151-3/+0
|
* fix iptables-save/restore of goto (Jonas Berlin)Jonas Berlin2005-04-151-0/+3
|
* the optflags array contains a '3' for the OPT_LINENUMBERS entry while ↵Jonas Berlin2005-04-011-1/+1
| | | | everywhere else '0' is used (Jonas Berlin)
* Kill NFC_* stuff in iptables (Pablo Neira <pablo@eurodev.net>)Pablo Neira2005-02-141-10/+8
| | | | Fixes build with conntrack event patch for 2.6
* Remove leftover debug printfMartin Josefsson2005-01-031-3/+0
|
* Replace memchr with strlen and fix up one of the statements.Martin Josefsson2005-01-031-4/+4
|
* Extension revision number support (if kernel supports the getsockopts).Rusty Russell2005-01-031-5/+120
| | | | | Enhance MARK match with second revision. Committed in anticipation of the kernel patch being applied.
* Fix setting lib_dir in ip*tables-{save,restore}Martin Josefsson2004-12-271-10/+1
|
* Don't need ipt_entry_target()/ip6t_entry_target() now kernel uses static ↵Rusty Russell2004-12-221-15/+8
| | | | | | inline instead of extern inline (otherwise it doesn't compile without -O). Don't re-initialize libiptc/libip6t unless modprobe attempt actually succeeds. This makes nfsim run about 20 times faster, as it doesn't have to explore failures in the first iptc_init().
* Implement IPTABLES_LIB_DIR and IP6TABLES_LIB_DIR environment variables, and ↵Rusty Russell2004-12-201-4/+10
| | | | set them in testsuite if we're running iptables within tree.
* Fix module-autoloading in certain cases (Fixse Debian Bug 219686)Harald Welte2004-10-221-3/+5
|
* fix slightly changed semantics of iptc_is_builtinHarald Welte2004-08-301-1/+1
|
* Allocate enough memory for addr-list in host_to_addr()Patrick McHardy2004-08-031-1/+1
|
* fix dual-free bug with multiple-A dns records (keso@klister.net)keso2004-07-041-5/+2
|
* Get rid of some warnings when compiling 64bit.Martin Josefsson2004-05-261-13/+13
|
* Add versions of string_to_number() for use in 32bit userspace with 64bit kernel.Martin Josefsson2004-05-261-5/+30
|
* When compiled static, don't show help-messages for all matches and targets,Martin Josefsson2004-05-261-11/+13
| | | | only show help for specified ones.
* Get rid of some memoryleaks.Martin Josefsson2004-05-181-3/+25
| | | | Will make ip(6)tables-restore sessions use less memory.
* fix case where somebody uses '-i +' as interface name (Ozgur AKAN)Ozgur AKAN2004-04-071-1/+1
|
* add userspace part of SCTP matchHarald Welte2004-02-211-0/+1
|
* Make sure to use matches in the order they are given when calling ↵Martin Josefsson2004-02-021-62/+67
| | | | do_command() multiple times.
* Fix another possibly not zero-terminated string after copy (Karsten Desler)Karsten Desler2004-01-311-0/+1
|
* Fix possibly not zero-terminated string after copy (Karsten Desler)Karsten Desler2004-01-311-0/+1
|
* Fix '-L format bug' (Edward J. Huff) (Closes: #93)Harald Welte2003-05-311-2/+2
|
* Fix the previous fixMartin Josefsson2003-05-051-7/+1
| | | | No more segfaults or compilewarnings.
* fix trivial typoHarald Welte2003-05-031-1/+1
|
* fix memory leak(s) in libiptc. Reverts the previous (wrong) patch. (Martin ↵Martin Josefsson2003-05-021-1/+7
| | | | Josefsson)
* fix stupid typo (Maciej Soltysiak)Maciej Soltysiak2003-03-311-1/+1
|
* make iptables-restore print the line number in case of an errorIlles Marci2003-03-031-0/+8
| | | | (Illes Marci <marci@balabit.hu>)
* rename-chain has a mandatary argument, not an optional (Juergen Baumann)Harald Welte2002-11-021-1/+1
|
* fix long-standing bug with regard to protocol-on-demand-loading and ↵Harald Welte2002-08-261-15/+55
| | | | iptables-save/restore (1.2.7 release bug)
* minor fixes by kisza:András Kis-Szabó2002-08-141-1/+1
| | | | | | | | - remove -C(check) function from ip6tables - -M added to the getopts()'s list (missed) - small change in the iptables help - remove some unused code - some GPL notice added
* modify protocol-match-extension load behaviour to eliminate the twoHarald Welte2002-08-071-24/+21
| | | | outstanding bugs.
* chain name may not clash with target nameJoszef Kadlecsik2002-06-241-3/+4
|
* make -M (aka --modprobe) work [Bart De Schuymer]Bart De Schuymer2002-06-151-1/+1
|
generated by cgit v1.2.3 (git 2.25.0) at 2024-11-10 18:18:00 +0000