git.ipfire.org Git - thirdparty/iptables.git/log

]> git.ipfire.org Git - thirdparty/iptables.git/log

projects / thirdparty / iptables.git / log

Mike Frysinger [Sun, 3 Apr 2011 02:13:23 +0000 (22:13 -0400)]

build: move remaining preprocessor flags to CPPFLAGS

References; http://bugzilla.netfilter.org/show_bug.cgi?id=713
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Wed, 1 Jun 2011 00:20:40 +0000 (02:20 +0200)]

build: move kinclude's preprocessor flags to kinclude_CPPFLAGS

References: http://bugzilla.netfilter.org/show_bug.cgi?id=713
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Wed, 1 Jun 2011 00:16:05 +0000 (02:16 +0200)]

build: move basic preprocessor flags to regular_CPPFLAGS

This is where they belong, after all.

References: http://bugzilla.netfilter.org/show_bug.cgi?id=713
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Mon, 30 May 2011 00:25:43 +0000 (02:25 +0200)]

doc: iptables-xml should be in manpage section 1

References: http://bugs.debian.org/623112
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Sun, 29 May 2011 23:54:28 +0000 (01:54 +0200)]

doc: update GPL license text

The Open Build Service/rpmlint flagged the outdated address in the
license text :-)

iptables.x86_64: W: incorrect-fsf-address
/usr/share/doc/packages/iptables/COPYING
The Free Software Foundation address in this file seems to be outdated
or misspelled. Ask upstream to update the address, or if this is a
license file, possibly the entire file with a new copy available from
the FSF.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Sun, 29 May 2011 23:47:38 +0000 (01:47 +0200)]

build: fix absence of xml translator in IPv6-only builds

Due to iptables-xml being listed under IPV4 only, its symlink was not
created on `./configure --disable-ipv4 && make install`.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Sun, 29 May 2011 23:45:14 +0000 (01:45 +0200)]

build: fix installation of symlinks

Commit v1.4.11~20 forgot to change the symlink target names to the new
executable name.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Sun, 29 May 2011 23:39:54 +0000 (01:39 +0200)]

build: remove dead code parts

gcc-4.6 has a new warning, -Wunused-but-set-variable, which flags
no-op code.

  CC     libiptc/libip4tc.lo
In file included from libiptc/libip4tc.c:118:0:
libiptc/libiptc.c: In function "iptcc_chain_index_delete_chain":
libiptc/libiptc.c:611:32: warning: variable "index_ptr2" set but not used
libiptc/libiptc.c: In function "alloc_handle":
libiptc/libiptc.c:1282:9: warning: variable "len" set but not used
  CC     libiptc/libip6tc.lo
In file included from libiptc/libip6tc.c:113:0:
libiptc/libiptc.c: In function "iptcc_chain_index_delete_chain":
libiptc/libiptc.c:611:32: warning: variable "index_ptr2" set but not used
libiptc/libiptc.c: In function "alloc_handle":
libiptc/libiptc.c:1282:9: warning: variable "len" set but not used
  CC     xtables_multi-iptables-xml.o
iptables-xml.c: In function "do_rule_part":
iptables-xml.c:376:8: warning: variable "thisChain" set but not used
  CC     xtables_multi-ip6tables.o
ip6tables.c: In function "print_firewall":
ip6tables.c:552:10: warning: variable "flags" set but not used

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Sun, 29 May 2011 14:43:25 +0000 (16:43 +0200)]

libxt_owner: restore inversion support

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Patrick McHardy [Thu, 26 May 2011 16:12:12 +0000 (18:12 +0200)]

Bump version to 1.4.11

Signed-off-by: Patrick McHardy <kaber@trash.net>

commit | commitdiff | tree

Patrick McHardy [Wed, 25 May 2011 03:34:04 +0000 (05:34 +0200)]

Merge branch 'master' of git://dev.medozas.de/iptables

commit | commitdiff | tree

Jan Engelhardt [Mon, 23 May 2011 16:38:09 +0000 (18:38 +0200)]

libxt_time: deprecate --localtz option, document kernel TZ caveats

Comparing against the kernel time zone has significant caveats. This
patch adds documentation about the issue, and makes --utc the default
setting for libxt_time.

Furthremore, throw a warning on using the "--localtz" option, to avoid
confusion with one's shell TZ environment variable, and rename it to
"--kerneltz" to be explicit about whose timezone will be used.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Mon, 23 May 2011 15:48:20 +0000 (17:48 +0200)]

libxt_time: --utc and --localtz are mutually exclusive

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Mon, 23 May 2011 15:42:37 +0000 (17:42 +0200)]

libxt_time: always ignore libc timezone

Since xt_time is meant to work across many months, libc doing
automatic conversion from local time to UTC (during parse) is
unwanted, especially when --utc is specified. The same goes for
dumping.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Tue, 24 May 2011 22:26:01 +0000 (00:26 +0200)]

libxt_NFQUEUE: add mutual exclusion between qnum and qbal

Only one is printed on save operation, which leads me to believe that
only one is meant to be used. The manpage seems to corroborate.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Tue, 24 May 2011 22:11:48 +0000 (00:11 +0200)]

libxt_NFQUEUE: avoid double attempt at parsing

Fixes this error:

NFQUEUE: option "--queue-num" can only be used once.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Tue, 24 May 2011 21:50:29 +0000 (23:50 +0200)]

libxtables: have xtopt_parse_mint interpret partially-spec'd ranges

When ":n" or "n:" is specified, it will now be interpreted as "0:n"
and "n:<max>", respecitvely. nvals will always reflect the number of
(expanded) components. This restores the functionality of options that
take such partially-unspecified ranges.

This makes it possible to nuke the per-matchdata init functions of
some extensions and simply the extensions postparsing to the point
where it only needs to check for nvals==1 or ==2.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Tue, 24 May 2011 12:49:15 +0000 (14:49 +0200)]

libxtables: unclutter xtopt_parse_mint

..by moving type-based actions into their own function.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Tue, 24 May 2011 00:45:50 +0000 (02:45 +0200)]

libxtables: make multiint parser have greater range

Since parse_mint can handle XTTYPE_UINT64RC, it must allow numbers
larger than UINT32_MAX.

Cc: JP Abgrall <jpa@google.com>
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Tue, 24 May 2011 00:30:23 +0000 (02:30 +0200)]

libxtables: use uintmax for xtables_strtoul

Addendum to 2305d5fb42fc059f38fc1bdf53411dbeecdb310b.

I noticed that unsigned long long is not consistently used, for
example, min/max are still just unsigned long, and strtoul is being
called.

Instead of changing it to unsigned long long, just use uintmax
functions right away so this does not need size-related changing in
the future.

Cc: JP Abgrall <jpa@google.com>
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Tue, 24 May 2011 00:03:00 +0000 (02:03 +0200)]

libxtables: more detailed error message on multi-int parsing

Now shows where exactly the error is.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Mon, 23 May 2011 22:45:08 +0000 (00:45 +0200)]

libip6t_rt: restore --rt-type storing

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Mon, 23 May 2011 22:35:00 +0000 (00:35 +0200)]

libxt_u32: --u32 option is required

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Sun, 22 May 2011 22:22:27 +0000 (00:22 +0200)]

libxt_ipvs: restore network-byte order

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Mon, 23 May 2011 15:55:29 +0000 (17:55 +0200)]

doc: remove redundant .IP calls in libxt_time

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Mon, 23 May 2011 15:54:38 +0000 (17:54 +0200)]

doc: use .IP list for TCPMSS

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Lutz Jaenicke [Mon, 23 May 2011 14:28:25 +0000 (16:28 +0200)]

libxt_devgroup: actually set XT_DEVGROUP_OPT_???GROUP flags

Signed-off-by: Lutz Jaenicke <ljaenicke@innominate.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>

commit | commitdiff | tree

Jan Engelhardt [Fri, 20 May 2011 22:58:44 +0000 (00:58 +0200)]

doc: clarify that -p all is a special keyword only

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Tue, 17 May 2011 13:17:08 +0000 (15:17 +0200)]

doc: make usage of libxt_rateest more obvious

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Fri, 20 May 2011 22:59:11 +0000 (00:59 +0200)]

doc: add some coded option examples to libxt_hashlimit

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Thu, 12 May 2011 15:36:25 +0000 (17:36 +0200)]

libxt_rateest: streamline case display of units

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Fri, 20 May 2011 14:26:04 +0000 (16:26 +0200)]

libxtables: check for negative numbers in xtables_strtou*

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

JP Abgrall [Thu, 19 May 2011 03:26:14 +0000 (20:26 -0700)]

libxt_quota: make sure uint64 is not truncated

The xtables_strtoul() would cram a long long into a long.
The parse_int would try to cram a UINT64 into a long.

commit | commitdiff | tree

Jan Engelhardt [Fri, 20 May 2011 14:01:18 +0000 (16:01 +0200)]

libxt_quota: readd missing XTOPT_PUT request

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Lutz Jaenicke [Wed, 18 May 2011 13:11:47 +0000 (15:11 +0200)]

libipt_REDIRECT: "--to-ports" is not mandatory

The REDIRECT target can be called without the --to-ports option
being specified. From the manual page:
...without this, the destination port is never altered.

Signed-off-by: Lutz Jaenicke <ljaenicke@innominate.com>
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Wed, 18 May 2011 20:48:51 +0000 (22:48 +0200)]

libxtables: retract _NE types and use a flag instead

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Thu, 12 May 2011 23:53:07 +0000 (01:53 +0200)]

libip6t_rt: rt-0-not-strict should take no arg

This unfortunately got mixed up during the getopt -> guided parser
move.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Thu, 12 May 2011 23:13:35 +0000 (01:13 +0200)]

libxt_conntrack: resolve erroneous rev-2 port range message

--ctorigdstport 13
ip6tables-restore v1.4.10: conntrack rev 2 does not support port ranges

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Thu, 12 May 2011 23:12:05 +0000 (01:12 +0200)]

libxt_conntrack: fix assignment to wrong member

Of course the range end ought to be set, not doing the start value
twice.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Thu, 12 May 2011 23:06:31 +0000 (01:06 +0200)]

libxt_conntrack: correct printed module name

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Thu, 12 May 2011 22:15:45 +0000 (00:15 +0200)]

libipt_[SD]NAT: avoid false error about multiple destinations specified

iptables-restore v1.4.10: DNAT: Multiple --to-destination not supported

xtables_option_parse sets cb->xflags already, so that it cannot be
directly used to test whether an option is being used for the second
time. Thus use a private option/flag (X_TO_DEST/SRC) that is not under
the control of xtables_option_parse.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Thu, 12 May 2011 22:11:00 +0000 (00:11 +0200)]

libipt_[SD]NAT: flag up module name on error

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Thu, 12 May 2011 12:03:36 +0000 (14:03 +0200)]

libxtables: collapse double protocol parsing

Un-dent xtables_parse_protocol, and make xtopt_parse_protocol make use
of it.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Thu, 12 May 2011 11:59:38 +0000 (13:59 +0200)]

libxt_policy: use XTTYPE_PROTOCOL type

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Thu, 12 May 2011 11:20:00 +0000 (13:20 +0200)]

libxtables: avoid running into .also checks when option not used

If a particular option was not specified, it should not be subject to
.also checks in xtables_option_fcheck2 either.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Thu, 12 May 2011 10:46:40 +0000 (12:46 +0200)]

libxt_policy: option table fixes, improved error tracking

Most of the flags are multi-use in this extension. Also transfer
--next => --strict requirement to option table.

Furthermore, augment the error messages emitted from fcheck to contain
the policy element number, and elaborate on what an "empty policy
element" is.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Thu, 12 May 2011 10:21:59 +0000 (12:21 +0200)]

src: combine default_command functions

commit | commitdiff | tree

Jan Engelhardt [Mon, 9 May 2011 17:32:05 +0000 (19:32 +0200)]

src: replace old IP*T_ALIGN macros

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Patrick McHardy [Thu, 12 May 2011 09:11:51 +0000 (11:11 +0200)]

Merge branch 'floating/opts' of git://dev.medozas.de/iptables

commit | commitdiff | tree

Patrick McHardy [Wed, 11 May 2011 11:43:44 +0000 (13:43 +0200)]

Merge branch 'opts' of git://dev.medozas.de/iptables

commit | commitdiff | tree

Patrick McHardy [Wed, 11 May 2011 11:43:04 +0000 (13:43 +0200)]

Merge branch 'master' of git://dev.medozas.de/iptables

commit | commitdiff | tree

Patrick McHardy [Mon, 9 May 2011 18:23:21 +0000 (20:23 +0200)]

Merge branch 'opts' of git://dev.medozas.de/iptables

commit | commitdiff | tree

Jan Engelhardt [Mon, 9 May 2011 00:29:02 +0000 (02:29 +0200)]

libipt_SAME: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Sun, 8 May 2011 23:10:30 +0000 (01:10 +0200)]

libipt_REDIRECT: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Sun, 8 May 2011 17:46:17 +0000 (19:46 +0200)]

libipt_MASQUERADE: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Sun, 8 May 2011 17:07:28 +0000 (19:07 +0200)]

libipt_SNAT: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Sun, 8 May 2011 16:18:46 +0000 (18:18 +0200)]

libipt_DNAT: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Sat, 7 May 2011 12:39:08 +0000 (14:39 +0200)]

libxt_iprange: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Sun, 8 May 2011 12:43:55 +0000 (14:43 +0200)]

libipt_CLUSTERIP: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Sat, 7 May 2011 01:18:11 +0000 (03:18 +0200)]

libxt_mac: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Sun, 8 May 2011 11:31:19 +0000 (13:31 +0200)]

libxtables: XTTYPE_ETHERMAC support

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Sun, 8 May 2011 10:53:20 +0000 (12:53 +0200)]

libip6t_rt: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Sun, 8 May 2011 10:16:18 +0000 (12:16 +0200)]

libip6t_mh: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Sun, 8 May 2011 10:15:49 +0000 (12:15 +0200)]

libxt_conntrack: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Mon, 9 May 2011 14:34:46 +0000 (16:34 +0200)]

doc: S/DNAT allows to omit IP addresses

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Changli Gao [Mon, 14 Mar 2011 06:23:31 +0000 (14:23 +0800)]

iptables: fix the dead loop when meeting unknown options

Signed-off-by: Changli Gao <xiaosuo@gmail.com>

commit | commitdiff | tree

Patrick McHardy [Mon, 9 May 2011 09:26:32 +0000 (11:26 +0200)]

Merge branch 'opts' of git://dev.medozas.de/iptables

commit | commitdiff | tree

Jan Engelhardt [Sat, 7 May 2011 11:03:06 +0000 (13:03 +0200)]

libxt_ipvs: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Sat, 7 May 2011 10:56:39 +0000 (12:56 +0200)]

libxtables: XTTYPE_PROTOCOL support

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Sat, 7 May 2011 01:26:08 +0000 (03:26 +0200)]

libxt_limit: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Sun, 8 May 2011 19:12:46 +0000 (21:12 +0200)]

libipt_NETMAP: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Fri, 6 May 2011 22:15:49 +0000 (00:15 +0200)]

libxt_multiport: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Fri, 6 May 2011 20:59:07 +0000 (22:59 +0200)]

libxt_osf: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Fri, 6 May 2011 20:49:43 +0000 (22:49 +0200)]

libxt_owner: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Fri, 6 May 2011 15:45:12 +0000 (17:45 +0200)]

libxt_policy: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Thu, 5 May 2011 12:19:25 +0000 (14:19 +0200)]

libxtables: XTTYPE_HOSTMASK support

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Wed, 4 May 2011 21:18:57 +0000 (23:18 +0200)]

libxt_hashlimit: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Wed, 4 May 2011 15:25:54 +0000 (17:25 +0200)]

libxtables: XTTYPE_PLEN support

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Thu, 5 May 2011 10:53:14 +0000 (12:53 +0200)]

libxtables: flag invalid uses of XTOPT_PUT

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Wed, 4 May 2011 14:41:13 +0000 (16:41 +0200)]

libxtables: do not overlay addr and mask parts, and cleanup

XTTYPE_HOSTMASK will require that what has now become haddr,
hmask/hlen are not overlays of another. Thus relax the structure and
always set all members of the {haddr, hmask, hlen} triplet now for all
types that touch any of the members.

Add some more comments and clean out ONEHOST.

commit | commitdiff | tree

Jan Engelhardt [Wed, 4 May 2011 10:30:15 +0000 (12:30 +0200)]

libxt_recent: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Sun, 1 May 2011 19:52:25 +0000 (21:52 +0200)]

libxt_connlimit: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Mon, 2 May 2011 00:13:16 +0000 (02:13 +0200)]

libxtables: support for XTTYPE_PLENMASK

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Sun, 1 May 2011 14:27:46 +0000 (16:27 +0200)]

libxt_NFLOG: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Sun, 1 May 2011 14:11:31 +0000 (16:11 +0200)]

libxt_IDLETIMER: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Mon, 2 May 2011 16:26:31 +0000 (18:26 +0200)]

libxt_statistic: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Mon, 2 May 2011 16:09:59 +0000 (18:09 +0200)]

libxtables: XTTYPE_DOUBLE support

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Mon, 2 May 2011 14:38:11 +0000 (16:38 +0200)]

libxt_statistic: increase precision on create and dump

Currently, libxt_statistic only dumps the probability with a
granularity of 1/1000000. Assuming only stuffed packets with 1440
bytes payload, this would match approximately every 1.341 GB, which is
pretty low for a high-volume router. Trying to match any larger
interval than that (e.g. 2 GB) will cause libxt_statistic to output
"--probability 0.000000", and when restored, will cause it to never
match again.

Bump the dump precision to what xt_statistic can really do, and adjust
the manpage to include a word about it.

Furthermore, employ explicit rounding when reading the argument from
the command line, because the previous implicit conversion would use
truncation, which is not very exact.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Mon, 2 May 2011 14:29:18 +0000 (16:29 +0200)]

libxt_statistic: streamline and document possible placement of negation

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Fri, 6 May 2011 22:05:24 +0000 (00:05 +0200)]

extensions: const annotations

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Thu, 5 May 2011 10:54:52 +0000 (12:54 +0200)]

libxtables: output name of extension on rev detect failure

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Fri, 6 May 2011 19:58:38 +0000 (21:58 +0200)]

libxt_owner: remove ifdef IPT_COMM_OWNER

Ever since we keep a copy of the header files anyway, IPT_COMM_OWNER
is always available.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Sat, 7 May 2011 02:01:25 +0000 (04:01 +0200)]

extensions: remove bogus use of XT_GETOPT_TABLEEND

Commit v1.4.8-36-g32b8e61 added this end marker in a little too many
places: at non-getopt places. Fix that.

Also change the definition of XT_GETOPT_TABLEEND to reference a struct
getopt member by name so that this cannot happen again.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Fri, 6 May 2011 20:40:35 +0000 (22:40 +0200)]

libxt_u32: add missing call to xtables_option_parse

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Mon, 2 May 2011 00:43:15 +0000 (02:43 +0200)]

libxtables: fix assignment in wrong offset (XTTYPE_UINT*RC)

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Sun, 1 May 2011 17:58:56 +0000 (19:58 +0200)]

libxt_tos: add inversion support back again

It was unfortunately removed during the option parser switch.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Wed, 20 Apr 2011 08:17:33 +0000 (10:17 +0200)]

libxt_dccp: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Tue, 19 Apr 2011 13:44:48 +0000 (15:44 +0200)]

libxt_udp: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Sun, 17 Apr 2011 11:33:50 +0000 (13:33 +0200)]

libxtables: XTTYPE_PORTRC support

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

commit | commitdiff | tree

Jan Engelhardt [Fri, 29 Apr 2011 00:19:52 +0000 (02:19 +0200)]

extensions: remove unused TOS code

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

Mirror of git://git.netfilter.org/iptables

RSS Atom