summaryrefslogtreecommitdiffstats
path: root/libiptc/libip6tc.c
Commit message (Collapse)AuthorAgeFilesLines
* libip6t_NETMAP: Use xtables_ip6mask_to_cidr and get rid of libip6tc dependencyPablo Neira Ayuso2013-03-291-1/+1
| | | | | | | | | This patch changes the NETMAP target extension (IPv6 side) to use the xtables_ip6mask_to_cidr available in libxtables. As a side effect, we get rid of the libip6tc dependency. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* libiptc: use a family-invariant xtc_ops struct for code reductionJan Engelhardt2011-09-111-0/+1
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* src: resolve old macro names that are indirectionsJan Engelhardt2011-09-111-15/+15
| | | | | | | | | | | Command used: git grep -f <(pcregrep -hior '(?<=#define\s)IP6?(T_\w+)(?=\s+X\1)' include/) and then fix all occurrences. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libiptc: combine common types: _handleJan Engelhardt2011-09-111-4/+1
| | | | | | | No real API/ABI change incurred, since the definition of the structs' types is not visible anyhow. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libiptc: replace ipt_chainlabel by xt_chainlabelJan Engelhardt2011-09-111-1/+1
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* src: replace old IP*T_ALIGN macrosJan Engelhardt2011-05-121-2/+2
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* iptables: add -C to check for existing rulesStefan Tomanek2011-03-081-0/+1
| | | | | | | | | | | | | | | | | It is often useful to check whether a specific rule is already present in a chain without actually modifying the iptables config. Services like fail2ban usually employ techniques like grepping through the output of "iptables -L" which is quite error prone. This patch adds a new operation -C to the iptables command which mostly works like -D; it can detect and indicate the existence of the specified rule by modifying the exit code. The new operation TC_CHECK_ENTRY uses the same code as the -D operation, whose functions got a dry-run parameter appended. Signed-off-by: Stefan Tomanek <stefan.tomanek@wertarbyte.de> Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libiptc: avoid strict-aliasing warningsJan Engelhardt2009-10-251-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | In file included from libiptc/libip4tc.c:117:0: libiptc/libiptc.c: In function ‘__iptcc_p_del_policy’: libiptc/libiptc.c:826:4: warning: dereferencing type-punned pointer will break strict-aliasing rules libiptc/libiptc.c: In function ‘iptc_get_target’: libiptc/libiptc.c:1650:4: warning: dereferencing type-punned pointer will break strict-aliasing rules libiptc/libip4tc.c: In function ‘dump_entry’: libiptc/libip4tc.c:157:3: warning: dereferencing type-punned pointer will break strict-aliasing rules CC libiptc/libip6tc.lo In file included from libiptc/libip6tc.c:112:0: libiptc/libiptc.c: In function ‘__iptcc_p_del_policy’: libiptc/libiptc.c:826:4: warning: dereferencing type-punned pointer will break strict-aliasing rules libiptc/libiptc.c: In function ‘ip6tc_get_target’: libiptc/libiptc.c:1650:4: warning: dereferencing type-punned pointer will break strict-aliasing rules libiptc/libip6tc.c: In function ‘dump_entry’: libiptc/libip6tc.c:188:3: warning: dereferencing type-punned pointer will break strict-aliasing rules Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libiptc: remove unused iptc_get_raw_socket and iptc_check_packetJan Engelhardt2008-11-101-1/+0
| | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* libiptc: remove typedef indirectionJan Engelhardt2008-11-101-3/+3
| | | | | | | | | | | Don't you hate it when iptc_handle_t *x actually is a double-indirection struct iptc_handle **? This also shows the broken constness model, since "const iptc_handle_t x" = "iptc_handle_t const x" = "struct iptc_handle *const x", which is like no const at all. Lots of things to do then. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* Use s6_addr32 to access bits in int6_addr instead of incompatible nameYasuyuki Kozakai2008-06-041-1/+1
| | | | | | | Spotted by Khem Raj <raj.khem@gmail.com> Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> Signed-off-by: Patrick McHardy <kaber@trash.net>
* Remove last vestiges of NFC (Peter Riley <Peter.Riley@hotpop.com>)Peter Riley2007-09-021-6/+2
|
* libiptc symbols clash (Phil Oester <kernel@linuxace.com>)Phil Oester2006-07-051-0/+2
| | | | | As reported by Dmitry Levin, the TC_NUM_RULES and TC_GET_RULE exports clash. His patch below, resolving bug #456
* fix deletion of targets where kernel size != userspace size (Pablo Neira)Pablo Neira2005-06-231-0/+1
|
* Kill NFC_* stuff in iptables (Pablo Neira <pablo@eurodev.net>)Pablo Neira2005-02-141-11/+0
| | | | Fixes build with conntrack event patch for 2.6
* Make "is_same" test basics and entries only: targets are generic.Rusty Russell2004-12-161-22/+9
| | | | | | | Make target testing aware of different kinds of rules. Change reverse logic: target_different now target_same. Set type to MODULE in iptcc_map_target. Add testcase for this.
* complete libiptc rewrite. Time to load 10k rules goes down from 2.20 ↵Harald Welte2004-08-291-4/+4
| | | | minutes to 1.255 seconds (!). Might still contain bugs, use with caution.
* Get rid of some warnings when compiling 64bit.Martin Josefsson2004-05-261-1/+1
|
* sorry, this one didn't make it in 1.2.9rc1 :(Harald Welte2003-10-071-0/+13
|
* fix ipv6_prefix_length endianness bugs (Closes: #103)Harald Welte2003-06-241-1/+1
|
* fix memory leak(s) in libiptc. Reverts the previous (wrong) patch. (Martin ↵Martin Josefsson2003-05-021-0/+1
| | | | Josefsson)
* explicitly check for two possible sets of hooks in case of nat and mangleHarald Welte2002-02-131-12/+28
|
* fix compatibility with mangle2hooks and mangle5hooksHarald Welte2002-02-131-5/+9
|
* first attempt in trying to make debug code work with mangle2hooks and ↵Harald Welte2002-02-131-18/+26
| | | | mangle5hooks
* - don't need -DNDEBUG anymore. Instead, use -DIPTC_DEBUG to enableHarald Welte2002-02-131-6/+20
| | | | | | | | libiptc debugging. This is to make people at RedHat and Mandrake happy. - add debugging code for mangle5hooks table (will break debugging of iptables >= 1.2.6 on old kernels <= 2.4.18-pre6. *sigh*
* update debugging code to mangle5hooks changesHarald Welte2002-02-081-1/+4
|
* Added #include <unistd.h> to eliminate close() warning.Marc Boucher2002-01-191-0/+1
|
* libiptc counter functionHarald Welte2001-01-051-0/+3
|
* Philip Blundell's IPv6 patches.Rusty Russell2000-06-021-3/+18
|
* Philip Blundell's IPv6 fixes.Philip Blundell2000-05-151-2/+121
|
* Philip Blundell's IPv6 fixes.Philip Blundell2000-05-101-12/+13
|
* IPv6 enhancements.Rusty Russell2000-05-021-0/+264