summaryrefslogtreecommitdiffstats
path: root/xtables.c
Commit message (Collapse)AuthorAgeFilesLines
* xtables: remove unnecessary castJan Engelhardt2010-08-031-1/+1
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* xtables: remove xtables_set_revision functionJan Engelhardt2010-06-071-8/+0
| | | | | | | | Since iptables uses its own copies of the header files anyway where the revision field is exposed, there is no reach to access name[] beyond its size. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* xtables: another try at chain name length checkingJan Engelhardt2010-06-071-6/+4
| | | | | | | Since XT_EXTENSION_MAXNAMELEN is now available, make use of it and clear the confusion. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* xtables: fix compilation when debugging is enabledPatrick McHardy2010-05-201-1/+1
| | | | | | Reported by yang.xuhui@jfsys.com. Signed-off-by: Patrick McHardy <kaber@trash.net>
* iptables: correctly check for too-long chain/target/match namesJan Engelhardt2010-03-161-0/+5
| | | | | | | | | * iptables-restore was not checking for chain name length * iptables was not checking for match name length * target length was checked against 32, not 29. References: http://bugzilla.netfilter.org/show_bug.cgi?id=641 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* Lift restrictions on interface namesJan Engelhardt2010-02-091-6/+5
| | | | | | | The kernel has few restrictions. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* libxtables: hand argv to xtables_check_inverseJan Engelhardt2009-11-031-1/+2
| | | | | | | | | In going to fix NF bug #611, "argv" is needed in xtables_check_inverse to set "optarg" to the right spot in case of an intrapositional negation. References: http://bugzilla.netfilter.org/show_bug.cgi?id=611 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* style: reduce indent in xtables_check_inverseJan Engelhardt2009-10-291-16/+16
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* build: restore --disable-ipv6 functionality on system w/o v6 headersOlaf Rempel2009-10-291-1/+2
| | | | | | | | | Commit 332e4acc (iptables: accept multiple IP address specifications for -s, d) broke the --disable-ipv6 configure option. > ./.libs/libxtables.so: undefined reference to `in6addr_any' Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* Support for nommu archesJan Engelhardt2009-10-251-1/+1
| | | | | | | | | | Linux systems that lack a MMU cannot call fork(). Fortunately, the only place in iptables that uses fork() follows it by an exec(), so we can easily convert the code to vfork(). References: http://bugzilla.netfilter.org/show_bug.cgi?id=614 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* xtables: warn of missing version identifier in extensionsJan Engelhardt2009-06-261-0/+10
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* xtables: add multi-registration functionsJan Engelhardt2009-06-261-0/+14
| | | | | | Similar to the ones that are present in the kernel. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* iptables: accept multiple IP address specifications for -s, -dMichael Granzow2009-06-261-0/+175
| | | | | | | | | | | | | | libiptc already supports adding and deleting multiple rules with different addresses, so it only needs to be wired up to the options. # ip6tables -I INPUT -s 2001:db8::d,2001:db8::e -j DROP References: http://marc.info/?l=netfilter-devel&m=123929790719202&w=2 Adjustments made: syntax, removal of unneeded variables, manpage adjustment, soversion bump. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* xtables: fix segfault if incorrect protocol name is usedPablo Neira Ayuso2009-05-121-0/+3
| | | | | | | | | | | | | | | | This patch fixes a segfault that can be triggered if you use an incorrect protocol, e.g. # iptables -I PREROUTING -t nat -p lalala --dport 21 -j DNAT --to 192.168.1.2:21 Segmentation fault With this patch: # iptables -I PREROUTING -t nat -p lalala --dport 21 -j DNAT --to 192.168.1.2:21 iptables v1.4.3.2: unknown protocol `lala' specified Try `iptables -h' or 'iptables --help' for more information Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* libxtables: provide IPv6 zero address variableJan Engelhardt2009-04-031-1/+2
| | | | | | | | µClibc may not provide the in6addr_any variable when IPv6 is disabled. So just provide it ourselves. Reference: http://bugzilla.netfilter.org/show_bug.cgi?id=569 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxtables: fix compile error due to incomplete changePeter Volkov2009-03-241-1/+1
| | | | | | | | Commit 2338efd8f799d8373dc196c797bda9690283b698 forgot to update the constant in one place, and the compile error triggered only when -DNO_SHARED_LIBS (configure --disable-shared) was in effect. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* extensions: add missing limits.h includeJan Engelhardt2009-02-211-0/+1
| | | | | | Thanks to Stephen Hemminger for noticing. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxtables: inline and remove unused OPTION_OFFSET macroJan Engelhardt2009-02-211-1/+1
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxtables: general follow-up cleanupJamal Hadi Salim2009-02-131-15/+12
| | | | | | Kill program_name, program_version and xtables_program_name. Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
* libxtables: consolidate init calls into one functionJamal Hadi Salim2009-02-131-25/+32
| | | | | | | | | | | Introduce xtables_init_all() which hides three calls xtables_init(), xtables_set_nfproto(), and xtables_set_params(). Make ip[6]tables-restore, ip[6]tables-save and ip[6]tables-standalone use it. I moved xtables_set_params around for readability reasons. Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
* libxtables: consolidate merge_options into xtables_merge_optionsJamal Hadi Salim2009-02-131-0/+31
| | | | | | | | Introduce xtables_merge_options() for re-use reasons. Apps can use it instead of each defining their own merge_options(). Made iptables and ip6tables use the new shared interface. Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
* libxtables: make iptables and ip6tables use xtables_free_optsJamal Hadi Salim2009-02-121-5/+4
| | | | | | | | The patch modifies xtables_globals to introduce orig_opts and xtables_free_opts() to emulate what free_opts used to do. We also get rid of the copies of free_opts() that iptables and ip6tables keep. Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
* libxtables: add xtables_set_revisionJamal Hadi Salim2009-02-121-0/+8
| | | | | | Introduce xtables_set_revision() and make iptables and ip6tables use it. Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
* libxtables: flush before forkJan Engelhardt2009-02-121-0/+6
| | | | | Reference: http://bugs.debian.org/514869 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* Merge branch 'master' of git://dev.medozas.de/iptablesPatrick McHardy2009-02-121-0/+22
|\
| * libxtables: move compat defines to xtables.cJan Engelhardt2009-02-101-0/+9
| | | | | | | | | | | | | | Addendum to commit v1.4.3-rc1-41-g77f48c2 where the macro users got moved. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
| * libxtables: recognize IP6TABLES_LIB_DIR old-style environment variableJan Engelhardt2009-02-101-0/+13
| | | | | | | | | | | | | | | | Commit v1.4.3-rc1-47-g300e290 tried to consolidate the environment variable presence checking code into xtables.c, but missed adding IP6TABLES_LIB_DIR to libxtables. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* | libxtables: simple aliasing macro for exit_errorJamal Hadi Salim2009-02-111-21/+24
| | | | | | | | | | | | | | | | | | | | | | Rename xtables_globals exit_error cb to exit_err and introduce a very simple aliasing macro to point to it. convert iptables, ip6tables and iptables_xml to use it. Note iptables_xml does not have to define its own exit_error() since it can use the basic one provided. Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca> Signed-off-by: Patrick McHardy <kaber@trash.net>
* | libxtables: Replace direct exit_error() calls inside libxtablesJamal Hadi Salim2009-02-111-18/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Replace direct exit_error() calls inside libxtables with xt_params->exit_error(). With this change; i can now compile the useless app: ----- #include <xtables.h> int main(int argc, char **argv) { return 0; } ---- with "gcc useless.c -lxtables -ldl" Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca> Signed-off-by: Patrick McHardy <kaber@trash.net>
* | libxtables: Add exit_error cb to xtables_globalsJamal Hadi Salim2009-02-111-1/+18
| | | | | | | | | | | | | | | | | | | | Introduce exit_error() as part of xtables_globals structure. When an application registers its xtables_globals definition and does not specify its exit_error() it gets assigned a basic version Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca> Signed-off-by: Patrick McHardy <kaber@trash.net>
* | libxtables: define xtables_free_opts()Jamal Hadi Salim2009-02-111-0/+11
| | | | | | | | | | | | | | | | | | | | | | Introduce xtables_free_opts() an xtables variant of free_opts() which uses xtables_globals already set by xtables_set_params(). The end goal is to have all internal references in xtables.c use xtables_free_opts() instead of depending on external defined free_opts() Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca> Signed-off-by: Patrick McHardy <kaber@trash.net>
* | libxtables: Introduce global params structuringJamal Hadi Salim2009-02-111-0/+22
|/ | | | | | | | | | | | | | introduce a new struct,xtables_globals, so as to localize the globals used and help in symbol renames. The applications must invoke xtables_set_params() before starting to use any iptables APIs. xtables_set_params() is intended to free xtables from depending (as it does right now) on existence of such externally definitions (from iptables/iptables6 etc). At the moment, xtables wont even compile without presence of at least one of {iptables/iptables6 etc} Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca> Signed-off-by: Patrick McHardy <kaber@trash.net>
* libxtables: move afinfo aroundJan Engelhardt2009-02-071-10/+64
| | | | | | | libxtables should not rely on the program executable providing the magic constants for using [gs]etsockopt. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxtables: prefix/order - move parse_protocol to xtables.cJan Engelhardt2009-01-301-0/+52
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxtables: prefix/order - move check_inverse to xtables.cJan Engelhardt2009-01-301-0/+28
| | | | | | | This also adds a warning that intrapositional negation support is deprecated. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxtables: prefix - parse and escaped output funcJan Engelhardt2009-01-301-5/+12
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxtables: prefix - misc functionsJan Engelhardt2009-01-301-4/+5
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxtables: prefix/order - ascii to ipaddr/ipmask inputJan Engelhardt2009-01-301-7/+7
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxtables: prefix/order - ipaddr/ipmask to ascii outputJan Engelhardt2009-01-301-10/+10
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxtables: prefix/order - param_actJan Engelhardt2009-01-301-5/+29
| | | | | | | | Changes: exittype -> xtables_exittype P_* -> XTF_* flags Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxtables: prefix/order - program_nameJan Engelhardt2009-01-301-14/+23
| | | | | | | | | Split XTABLES_VERSION into xtables and iptables, and encode the xtables soversion into the extensions instead. This makes it possible to upgrade iptables without having to recompile 3rd-party extensions (if the libxtables version matches, of course). Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxtables: prefix/order - strtouiJan Engelhardt2009-01-271-58/+25
| | | | | | This commit also throws out the redundant string_to_number_*. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxtables: prefix/order - libdirJan Engelhardt2009-01-271-3/+20
| | | | | | Consolidate the libdir variable initialization code into xtables.c. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxtables: prefix/order - match/target loadingJan Engelhardt2009-01-271-19/+22
| | | | | | | | | This change affects: find_{match,target} -> xtables_find_{match,target} enum xt_tryload -> enum xtables_tryload loose flags like DONT_LOAD -> XTF_DONT_LOAD Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxtables: prefix/order - modprobe and xtables.ko loadingJan Engelhardt2009-01-271-5/+5
| | | | | | | | | This change affects: load_xtables_ko -> xtables_load_ko modprobe_program -> xtables_modprobe_program Now uses bool for the "quiet" flag. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxtables: prefix/order - fw_xallocJan Engelhardt2009-01-271-8/+11
| | | | | | | | | | | | It is good practice to prefix names in a library some way so that it does not clash with external programs' variable names right on the first try. This change: rename fw_[cm]alloc to xtables_[cm]alloc and move the definition from internal.h to xtables.h to avoid potential compiler warnings. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* extensions: use UINT_MAX constants over open-coded numbers (2/2)Jan Engelhardt2009-01-271-4/+4
| | | | | | Use the handy constants for ranges. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* src: remove redundant castsJan Engelhardt2009-01-271-1/+1
| | | | | | All of them are implicitly convertable without any wanted side effects. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* src: remove dependency on libiptc headersJan Engelhardt2008-08-041-0/+1
| | | | | | | | xtables.h does not need really need libxtc.h, and we can drop it from the install as it is internal-only. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
* ip6tables: fix printing of ipv6 network masksJan Engelhardt2008-06-101-4/+4
| | | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>