| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
Addendum to commit v1.4.3-rc1-41-g77f48c2 where the macro users
got moved.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
|
|
|
|
|
|
| |
Commit v1.4.3-rc1-47-g300e290 tried to consolidate the environment
variable presence checking code into xtables.c, but missed
adding IP6TABLES_LIB_DIR to libxtables.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
|
|
|
|
|
| |
libxtables should not rely on the program executable providing the
magic constants for using [gs]etsockopt.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
|
|
| |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
|
|
|
|
|
| |
This also adds a warning that intrapositional negation support
is deprecated.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
|
|
| |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
|
|
| |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
|
|
| |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
|
|
| |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
|
|
|
|
|
|
| |
Changes:
exittype -> xtables_exittype
P_* -> XTF_* flags
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
|
|
|
|
|
|
|
| |
Split XTABLES_VERSION into xtables and iptables, and encode the
xtables soversion into the extensions instead. This makes it possible
to upgrade iptables without having to recompile 3rd-party extensions
(if the libxtables version matches, of course).
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
|
|
|
|
| |
This commit also throws out the redundant string_to_number_*.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
|
|
|
|
| |
Consolidate the libdir variable initialization code into xtables.c.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
|
|
|
|
|
|
|
| |
This change affects:
find_{match,target} -> xtables_find_{match,target}
enum xt_tryload -> enum xtables_tryload
loose flags like DONT_LOAD -> XTF_DONT_LOAD
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
|
|
|
|
|
|
|
| |
This change affects:
load_xtables_ko -> xtables_load_ko
modprobe_program -> xtables_modprobe_program
Now uses bool for the "quiet" flag.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
It is good practice to prefix names in a library some way so that
it does not clash with external programs' variable names right
on the first try.
This change: rename fw_[cm]alloc to xtables_[cm]alloc and
move the definition from internal.h to xtables.h to avoid
potential compiler warnings.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
|
|
|
|
| |
Use the handy constants for ranges.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
|
|
|
|
| |
All of them are implicitly convertable without any wanted side effects.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
| |
|
|
|
|
|
|
| |
xtables.h does not need really need libxtc.h, and we can drop it from
the install as it is internal-only.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
| |
|
|
|
| |
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
| |
|
|
|
|
|
| |
Spotted by Khem Raj <raj.khem@gmail.com>
Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>
Signed-off-by: Patrick McHardy <kaber@trash.net>
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
Note: xt_sctp.h is still not merged upstream in the kernel as of
this commit. But a refactoring was really needed.
|
| |
|
|
|
| |
- change "unsigned" to explicit "unsigned int"
- remove some casts
|
| |
|
|
| |
Max Kellermann <max@duempel.org>
|
| |
|
|
| |
Max Kellermann <max@duempel.org>
|
| |
|
|
|
|
| |
Rename overlapping function names.
Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
|
| |
|
|
|
|
|
|
| |
Move a few functions from iptables.c/ip6tables.c to xtables.c
so they are available for combined (both AF_INET and AF_INET6)
libxt modules. Rename overlapping function names.
Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
|
| |
|
|
|
|
|
| |
If the file exists but could not be loaded, print the dlerror().
Often it is a missing symbol.
Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
|
| |
|
|
|
|
|
|
| |
Error messages vary wildly among modules, and there is a lot of
reundance in it too. Introduce a helper function that does all of
the parameter checking boilerplate and gives unique messages.
Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
back the 'end' pointer. It is useful where you want to do boundary
checking yet work with strings that are not entirely slurped by
strtoul(), e.g.:
s = "1/2"; /* one half */
if (!strtonum(s, &end, &value, 0, 5))
error("Zero-length string, or value out of bounds");
if (*end != '/')
error("Malformed string");
info->param1 = value;
if (!strtonum(end + 1, &end, &value, 2, 4))
error("..");
if (*end != '\0')
error("Malformed string");
info->param2 = value;
Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
|
| |
|
|
|
|
|
|
| |
if NO_SHARED_LIBS is defined, then iptables shouldnt even include dlfcn.h.
otherwise you hit a build failure when using toolchains that do not provide
dlfcn.h because they do not support shared objects.
Signed-Off-By: Mike Frysinger <vapier@gentoo.org>
|
| |
|
|
|
|
|
| |
When running as a user iptables can't determine the highest supported
revision and exits. Assume all revision are supported in case we get
a EPERM. If the user is not showing the help text but trying to add
new rules he'll get EPERM later anyway.
|
| |
|
|
|
|
|
|
| |
iptables prints some of its error messages and warnings to stdout.
This patch applies to svn r7075 and will make iptables print
diagnostic messages to stderr instead.
Signed-off-by: Max Kellermann <max@duempel.org>
|
| |
|
|
| |
If failed, it tries libip[6]t_*.so.
|
| | |
|
| |
|
|
|
| |
string_to_number_ll, string_to_number_l, string_to_number,
service_to_port, parse_port, parse_interface, are moved.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- moves lib_dir to xtables.c
- introduces struct pfinfo which has protocol family dependent infomations.
- unifies load_ip[6]tables_ko() and moves them as load_xtables_ko()
- introduces xt_{match,match_rule,target,tryload} and replaces
ip[6]t_* with them
- unifies following functions and move them to xtables.c
- find_{match,find_target}
- compatible_revision, compatible_{match,target}_revision
- introduces xtables_register_{match,target} and make
register_{match,target}[6] call them. xtables_register_* register ONLY
matches/targets matched protocol family
Some concepts:
- source compatibility for libip[6]t_xxx.c with warning on compilation
not binary compatibility.
- binary compatibility between 2.4/2.6 kernel and iptables/ip6tables,
of cause.
- xtables is enough to support only one address family at runtime.
Then xtables keeps infomations of only the focused address famiy
in struct afinfo.
|
| | |
|
| | |
|
| |
|
