git.ipfire.org Git - thirdparty/iptables.git/log

]> git.ipfire.org Git - thirdparty/iptables.git/log

projects / thirdparty / iptables.git / log

commit | commitdiff | tree

Jan Engelhardt [Thu, 5 May 2011 10:53:14 +0000 (12:53 +0200)]

libxtables: flag invalid uses of XTOPT_PUT

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Wed, 4 May 2011 14:41:13 +0000 (16:41 +0200)]

libxtables: do not overlay addr and mask parts, and cleanup

XTTYPE_HOSTMASK will require that what has now become haddr,
hmask/hlen are not overlays of another. Thus relax the structure and
always set all members of the {haddr, hmask, hlen} triplet now for all
types that touch any of the members.

Add some more comments and clean out ONEHOST.

commit | commitdiff | tree

Jan Engelhardt [Wed, 4 May 2011 10:30:15 +0000 (12:30 +0200)]

libxt_recent: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Sun, 1 May 2011 19:52:25 +0000 (21:52 +0200)]

libxt_connlimit: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Mon, 2 May 2011 00:13:16 +0000 (02:13 +0200)]

libxtables: support for XTTYPE_PLENMASK

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Sun, 1 May 2011 14:27:46 +0000 (16:27 +0200)]

libxt_NFLOG: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Sun, 1 May 2011 14:11:31 +0000 (16:11 +0200)]

libxt_IDLETIMER: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Mon, 2 May 2011 16:26:31 +0000 (18:26 +0200)]

libxt_statistic: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Mon, 2 May 2011 16:09:59 +0000 (18:09 +0200)]

libxtables: XTTYPE_DOUBLE support

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Mon, 2 May 2011 14:38:11 +0000 (16:38 +0200)]

libxt_statistic: increase precision on create and dump

Currently, libxt_statistic only dumps the probability with a
granularity of 1/1000000. Assuming only stuffed packets with 1440
bytes payload, this would match approximately every 1.341 GB, which is
pretty low for a high-volume router. Trying to match any larger
interval than that (e.g. 2 GB) will cause libxt_statistic to output
"--probability 0.000000", and when restored, will cause it to never
match again.

Bump the dump precision to what xt_statistic can really do, and adjust
the manpage to include a word about it.

Furthermore, employ explicit rounding when reading the argument from
the command line, because the previous implicit conversion would use
truncation, which is not very exact.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Mon, 2 May 2011 14:29:18 +0000 (16:29 +0200)]

libxt_statistic: streamline and document possible placement of negation

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Fri, 6 May 2011 22:05:24 +0000 (00:05 +0200)]

extensions: const annotations

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Thu, 5 May 2011 10:54:52 +0000 (12:54 +0200)]

libxtables: output name of extension on rev detect failure

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Fri, 6 May 2011 19:58:38 +0000 (21:58 +0200)]

libxt_owner: remove ifdef IPT_COMM_OWNER

Ever since we keep a copy of the header files anyway, IPT_COMM_OWNER
is always available.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Sat, 7 May 2011 02:01:25 +0000 (04:01 +0200)]

extensions: remove bogus use of XT_GETOPT_TABLEEND

Commit v1.4.8-36-g32b8e61 added this end marker in a little too many
places: at non-getopt places. Fix that.

Also change the definition of XT_GETOPT_TABLEEND to reference a struct
getopt member by name so that this cannot happen again.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Fri, 6 May 2011 20:40:35 +0000 (22:40 +0200)]

libxt_u32: add missing call to xtables_option_parse

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Mon, 2 May 2011 00:43:15 +0000 (02:43 +0200)]

libxtables: fix assignment in wrong offset (XTTYPE_UINT*RC)

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Sun, 1 May 2011 17:58:56 +0000 (19:58 +0200)]

libxt_tos: add inversion support back again

It was unfortunately removed during the option parser switch.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Wed, 20 Apr 2011 08:17:33 +0000 (10:17 +0200)]

libxt_dccp: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Tue, 19 Apr 2011 13:44:48 +0000 (15:44 +0200)]

libxt_udp: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Sun, 17 Apr 2011 11:33:50 +0000 (13:33 +0200)]

libxtables: XTTYPE_PORTRC support

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Fri, 29 Apr 2011 00:19:52 +0000 (02:19 +0200)]

extensions: remove unused TOS code

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Fri, 29 Apr 2011 00:12:56 +0000 (02:12 +0200)]

libxt_tos: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Thu, 28 Apr 2011 23:25:14 +0000 (01:25 +0200)]

libxt_TOS: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Thu, 14 Apr 2011 11:54:24 +0000 (13:54 +0200)]

xtoptions: respect return value in xtables_getportbyname

If ret was negative, ntohs may make it positive, which is undesired.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Thu, 14 Apr 2011 11:42:43 +0000 (13:42 +0200)]

libxt_TEE: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Thu, 14 Apr 2011 11:34:18 +0000 (13:34 +0200)]

build: bump libxtables ABI version

Adding the x6_* members to struct xtables_{match,target} caused a
change requiring a bump.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Tue, 8 Mar 2011 00:24:26 +0000 (01:24 +0100)]

libipt_ULOG: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Wed, 9 Feb 2011 01:15:22 +0000 (02:15 +0100)]

libxt_TPROXY: use guided option parser

I am starting with a simple module here that does not require a
final_check function.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Mon, 14 Feb 2011 14:12:50 +0000 (15:12 +0100)]

libxtables: XTTYPE_PORT support

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Mon, 14 Feb 2011 14:10:15 +0000 (15:10 +0100)]

libxtables: XTTYPE_ONEHOST support

The bonus of the POSIX socket API is that it is almost protocol-agnostic
and that there are ready-made functions to take over the gist of address
parsing and packing.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Tue, 15 Feb 2011 11:05:12 +0000 (12:05 +0100)]

libip[6]t_LOG: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Tue, 15 Feb 2011 21:10:48 +0000 (22:10 +0100)]

libxtables: XTTYPE_SYSLOGLEVEL support

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Sun, 6 Mar 2011 17:12:04 +0000 (18:12 +0100)]

libxt_string: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Sun, 6 Mar 2011 17:11:58 +0000 (18:11 +0100)]

libxtables: pass struct xt_entry_{match,target} to x6 parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Sun, 6 Mar 2011 17:00:05 +0000 (18:00 +0100)]

libxt_TCPMSS: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Sun, 6 Mar 2011 16:54:50 +0000 (17:54 +0100)]

libxt_NFQUEUE: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Sun, 6 Mar 2011 16:47:03 +0000 (17:47 +0100)]

libxt_CT: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Sun, 6 Mar 2011 16:42:51 +0000 (17:42 +0100)]

libxtables: XTTYPE_UINT16 support

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Sun, 6 Mar 2011 16:19:10 +0000 (17:19 +0100)]

libxt_connbytes: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Sun, 6 Mar 2011 16:13:54 +0000 (17:13 +0100)]

libxtables: XTTYPE_UINT64RC support

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Sun, 6 Mar 2011 16:09:19 +0000 (17:09 +0100)]

libxtables: XTTYPE_UINT8RC support

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Sun, 6 Mar 2011 16:04:35 +0000 (17:04 +0100)]

libxt_tcpmss: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Sun, 6 Mar 2011 16:00:49 +0000 (17:00 +0100)]

libxt_length: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Sun, 6 Mar 2011 15:59:23 +0000 (16:59 +0100)]

libxtables: XTTYPE_UINT16RC support

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Sun, 6 Mar 2011 15:38:51 +0000 (16:38 +0100)]

libipt_realm: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Sun, 6 Mar 2011 15:02:03 +0000 (16:02 +0100)]

libxt_devgroup: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Sun, 6 Mar 2011 15:24:43 +0000 (16:24 +0100)]

libxtables: linked-list name<->id map

This consolidates the maps from libxt_devgroup and libxt_realm.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Sun, 6 Mar 2011 15:58:24 +0000 (16:58 +0100)]

libxt_quota: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Sun, 6 Mar 2011 15:56:53 +0000 (16:56 +0100)]

libxtables: XTTYPE_UINT64 support

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Sun, 6 Mar 2011 14:54:58 +0000 (15:54 +0100)]

libxt_CONNMARK: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Sun, 6 Mar 2011 14:21:24 +0000 (15:21 +0100)]

libxt_MARK: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Sun, 6 Mar 2011 13:57:44 +0000 (14:57 +0100)]

libxtables: XTTYPE_MARKMASK32 support

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Wed, 2 Mar 2011 22:06:59 +0000 (23:06 +0100)]

libxt_u32: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Wed, 2 Mar 2011 22:03:36 +0000 (23:03 +0100)]

libxt_time: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Wed, 2 Mar 2011 21:52:04 +0000 (22:52 +0100)]

libxt_state: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Wed, 2 Mar 2011 18:19:16 +0000 (19:19 +0100)]

libxt_pkttype: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Wed, 2 Mar 2011 18:09:38 +0000 (19:09 +0100)]

libxt_physdev: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Wed, 2 Mar 2011 17:55:32 +0000 (18:55 +0100)]

libxt_helper: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Tue, 1 Mar 2011 19:16:22 +0000 (20:16 +0100)]

libxt_comment: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Wed, 2 Mar 2011 21:57:52 +0000 (22:57 +0100)]

libxt_TCPOPTSTRIP: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Wed, 2 Mar 2011 21:50:13 +0000 (22:50 +0100)]

libxt_SECMARK: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Sun, 6 Mar 2011 17:21:42 +0000 (18:21 +0100)]

libxt_LED: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Tue, 1 Mar 2011 19:28:24 +0000 (20:28 +0100)]

libxt_DSCP: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Tue, 1 Mar 2011 19:14:16 +0000 (20:14 +0100)]

libxt_CLASSIFY: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Tue, 1 Mar 2011 19:11:01 +0000 (20:11 +0100)]

libxt_AUDIT: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Tue, 1 Mar 2011 19:02:35 +0000 (20:02 +0100)]

libipt_addrtype: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Wed, 2 Mar 2011 23:51:16 +0000 (00:51 +0100)]

libipt_ECN: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Tue, 1 Mar 2011 18:51:16 +0000 (19:51 +0100)]

libip6t_ipv6header: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Tue, 1 Mar 2011 17:36:15 +0000 (18:36 +0100)]

libip[6]t_icmp: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Wed, 2 Mar 2011 23:40:43 +0000 (00:40 +0100)]

libip6t_hbh: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Fri, 18 Feb 2011 01:11:31 +0000 (02:11 +0100)]

libip6t_dst: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Wed, 16 Feb 2011 00:16:39 +0000 (01:16 +0100)]

libip[6]t_REJECT: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Tue, 15 Feb 2011 21:09:21 +0000 (22:09 +0100)]

libxtables: XTTYPE_STRING support

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Sun, 27 Feb 2011 22:56:28 +0000 (23:56 +0100)]

libxt_esp: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Fri, 18 Feb 2011 01:17:54 +0000 (02:17 +0100)]

libip6t_frag: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Wed, 16 Feb 2011 00:59:18 +0000 (01:59 +0100)]

libip[6]t_ah: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Sun, 27 Feb 2011 22:41:10 +0000 (23:41 +0100)]

libxtables: XTTYPE_UINT32RC support

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Fri, 18 Feb 2011 02:20:56 +0000 (03:20 +0100)]

libip[6]t_hl: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Sun, 13 Feb 2011 02:31:54 +0000 (03:31 +0100)]

libip[6]t_HL: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Sun, 27 Feb 2011 18:03:28 +0000 (19:03 +0100)]

libxtables: XTTYPE_UINT8 support

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Sun, 27 Feb 2011 16:52:23 +0000 (17:52 +0100)]

libxt_cluster: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Sun, 27 Feb 2011 16:38:34 +0000 (17:38 +0100)]

libxtables: min-max option support

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Fri, 18 Feb 2011 02:41:18 +0000 (03:41 +0100)]

libxt_cpu: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Wed, 16 Feb 2011 00:22:25 +0000 (01:22 +0100)]

libxtables: XTTYPE_UINT32 support

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Sun, 27 Feb 2011 15:50:22 +0000 (16:50 +0100)]

libxt_CONNSECMARK: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Thu, 10 Feb 2011 15:57:37 +0000 (16:57 +0100)]

libxtables: provide better final_check

This passes the per-extension data block to the new x6_fcheck function
pointer, which can then do last alterations without using hacks
like global variables (think libxt_statistic).

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Fri, 18 Feb 2011 02:22:52 +0000 (03:22 +0100)]

libxt_socket: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Sun, 27 Feb 2011 15:54:27 +0000 (16:54 +0100)]

libxt_CHECKSUM: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Mon, 7 Feb 2011 03:00:50 +0000 (04:00 +0100)]

libxtables: guided option parser

This patchset seeks to drastically reduce the code in the individual
extensions by centralizing their argument parsing (breakdown of
strings), validation, and in part, assignment.

As a secondary goal, this reduces the number of static storage duration
variables in flight.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Tue, 1 Mar 2011 18:48:10 +0000 (19:48 +0100)]

extensions: add missing checks for specific flags (2)

Addendum to v1.4.10-75-g4e5d4bf. It does not make sense to use
ipv6header's --soft without specifying any options.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Maciej Zenczykowski [Mon, 4 Apr 2011 13:30:32 +0000 (15:30 +0200)]

mark newly opened fds as FD_CLOEXEC (close on exec)

(This is iptables-1.4.3.1-cloexec.patch from RedHat iptables.src.rpm)

Signed-off-by: Maciej Zenczykowski <maze@google.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>

commit | commitdiff | tree

Maciej Zenczykowski [Mon, 4 Apr 2011 13:29:40 +0000 (15:29 +0200)]

man pages: allow underscores in match and target names

Signed-off-by: Maciej Zenczykowski <maze@google.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>

commit | commitdiff | tree

Mark Montague [Mon, 4 Apr 2011 12:54:52 +0000 (14:54 +0200)]

iptables: documentation for iptables and ip6tables "security" tables

Add documentation for the iptables and ip6tables "security" tables.
Based on http://lwn.net/Articles/267140/ and kernel source.

Signed-off-by: Mark Montague <mark@catseye.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>

commit | commitdiff | tree

Thomas Graf [Wed, 16 Mar 2011 15:30:09 +0000 (16:30 +0100)]

iptables: add manual page section for AUDIT target

Signed-off-by: Thomas Graf <tgraf@redhat.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>

commit | commitdiff | tree

Stefan Tomanek [Tue, 8 Mar 2011 21:42:51 +0000 (22:42 +0100)]

iptables: add -C to check for existing rules

It is often useful to check whether a specific rule is already present
in a chain without actually modifying the iptables config.

Services like fail2ban usually employ techniques like grepping through
the output of "iptables -L" which is quite error prone.

This patch adds a new operation -C to the iptables command which
mostly works like -D; it can detect and indicate the existence of the
specified rule by modifying the exit code. The new operation
TC_CHECK_ENTRY uses the same code as the -D operation, whose functions
got a dry-run parameter appended.

Signed-off-by: Stefan Tomanek <stefan.tomanek@wertarbyte.de>
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Stefan Tomanek [Mon, 7 Mar 2011 17:30:27 +0000 (18:30 +0100)]

ip(6)tables-multi: unify subcommand handling

I found the subcommand handling and naming done by iptables-multi and
ip6tables-multi very confusing and complicated; this patch
reorganizes the subcommands in a single table, allowing both variants
of them to be used (iptables/main) and also prints a list of the
allowed commands if an unknown command is entered by the user.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Tue, 1 Mar 2011 11:51:21 +0000 (12:51 +0100)]

doc: add VERSION section to manpages

This shall make it easier to identify outdated HTML renditions on the
interwebs, since many of them do not display the .TH header like man(1)
does.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Tue, 1 Mar 2011 01:45:34 +0000 (02:45 +0100)]

iptables: fix an inversion

Revisiting the original condition (viewable in git log -1 -p
v1.4.10-57-gacef604), one can notice an unforuntate inversion. This
commit corrects this.

Testcase: -A INPUT -p tcp --dport 1

Reported-by: Florian Westphal
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Wes Campaigne [Tue, 22 Feb 2011 00:10:10 +0000 (19:10 -0500)]

xtables: use all IPv6 addresses resolved from a hostname

Fixes a long-standing issue where host_to_ip6addr would only ever
examine/return the first item of the address chain returned by
getaddrinfo, instead of traversing the chain and copying each of them.

This has always been how host_to_ip6addr behaves, and all of the other
related IPv6 code is already written to handle multiple possible
addresses.

[Style fixups. Removal of redundant i<*naddrs check. -j.eng]

Signed-off-by: Wes Campaigne <westacular@gmail.com>

Mirror of git://git.netfilter.org/iptables

RSS Atom