]> git.ipfire.org Git - thirdparty/iptables.git/log
thirdparty/iptables.git
14 years agodoc: add some coded option examples to libxt_hashlimit
Jan Engelhardt [Fri, 20 May 2011 22:59:11 +0000 (00:59 +0200)] 
doc: add some coded option examples to libxt_hashlimit

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxt_rateest: streamline case display of units
Jan Engelhardt [Thu, 12 May 2011 15:36:25 +0000 (17:36 +0200)] 
libxt_rateest: streamline case display of units

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxtables: check for negative numbers in xtables_strtou*
Jan Engelhardt [Fri, 20 May 2011 14:26:04 +0000 (16:26 +0200)] 
libxtables: check for negative numbers in xtables_strtou*

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxt_quota: make sure uint64 is not truncated
JP Abgrall [Thu, 19 May 2011 03:26:14 +0000 (20:26 -0700)] 
libxt_quota: make sure uint64 is not truncated

The xtables_strtoul() would cram a long long into a long.
The parse_int would try to cram a UINT64 into a long.

14 years agolibxt_quota: readd missing XTOPT_PUT request
Jan Engelhardt [Fri, 20 May 2011 14:01:18 +0000 (16:01 +0200)] 
libxt_quota: readd missing XTOPT_PUT request

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibipt_REDIRECT: "--to-ports" is not mandatory
Lutz Jaenicke [Wed, 18 May 2011 13:11:47 +0000 (15:11 +0200)] 
libipt_REDIRECT: "--to-ports" is not mandatory

The REDIRECT target can be called without the --to-ports option
being specified. From the manual page:
  ...without this, the destination port is never altered.

Signed-off-by: Lutz Jaenicke <ljaenicke@innominate.com>
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxtables: retract _NE types and use a flag instead
Jan Engelhardt [Wed, 18 May 2011 20:48:51 +0000 (22:48 +0200)] 
libxtables: retract _NE types and use a flag instead

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibip6t_rt: rt-0-not-strict should take no arg
Jan Engelhardt [Thu, 12 May 2011 23:53:07 +0000 (01:53 +0200)] 
libip6t_rt: rt-0-not-strict should take no arg

This unfortunately got mixed up during the getopt -> guided parser
move.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxt_conntrack: resolve erroneous rev-2 port range message
Jan Engelhardt [Thu, 12 May 2011 23:13:35 +0000 (01:13 +0200)] 
libxt_conntrack: resolve erroneous rev-2 port range message

  --ctorigdstport 13
ip6tables-restore v1.4.10: conntrack rev 2 does not support port ranges

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxt_conntrack: fix assignment to wrong member
Jan Engelhardt [Thu, 12 May 2011 23:12:05 +0000 (01:12 +0200)] 
libxt_conntrack: fix assignment to wrong member

Of course the range end ought to be set, not doing the start value
twice.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxt_conntrack: correct printed module name
Jan Engelhardt [Thu, 12 May 2011 23:06:31 +0000 (01:06 +0200)] 
libxt_conntrack: correct printed module name

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibipt_[SD]NAT: avoid false error about multiple destinations specified
Jan Engelhardt [Thu, 12 May 2011 22:15:45 +0000 (00:15 +0200)] 
libipt_[SD]NAT: avoid false error about multiple destinations specified

iptables-restore v1.4.10: DNAT: Multiple --to-destination not supported

xtables_option_parse sets cb->xflags already, so that it cannot be
directly used to test whether an option is being used for the second
time. Thus use a private option/flag (X_TO_DEST/SRC) that is not under
the control of xtables_option_parse.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibipt_[SD]NAT: flag up module name on error
Jan Engelhardt [Thu, 12 May 2011 22:11:00 +0000 (00:11 +0200)] 
libipt_[SD]NAT: flag up module name on error

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxtables: collapse double protocol parsing
Jan Engelhardt [Thu, 12 May 2011 12:03:36 +0000 (14:03 +0200)] 
libxtables: collapse double protocol parsing

Un-dent xtables_parse_protocol, and make xtopt_parse_protocol make use
of it.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxt_policy: use XTTYPE_PROTOCOL type
Jan Engelhardt [Thu, 12 May 2011 11:59:38 +0000 (13:59 +0200)] 
libxt_policy: use XTTYPE_PROTOCOL type

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxtables: avoid running into .also checks when option not used
Jan Engelhardt [Thu, 12 May 2011 11:20:00 +0000 (13:20 +0200)] 
libxtables: avoid running into .also checks when option not used

If a particular option was not specified, it should not be subject to
.also checks in xtables_option_fcheck2 either.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxt_policy: option table fixes, improved error tracking
Jan Engelhardt [Thu, 12 May 2011 10:46:40 +0000 (12:46 +0200)] 
libxt_policy: option table fixes, improved error tracking

Most of the flags are multi-use in this extension. Also transfer
--next => --strict requirement to option table.

Furthermore, augment the error messages emitted from fcheck to contain
the policy element number, and elaborate on what an "empty policy
element" is.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agosrc: combine default_command functions
Jan Engelhardt [Thu, 12 May 2011 10:21:59 +0000 (12:21 +0200)] 
src: combine default_command functions

14 years agosrc: replace old IP*T_ALIGN macros
Jan Engelhardt [Mon, 9 May 2011 17:32:05 +0000 (19:32 +0200)] 
src: replace old IP*T_ALIGN macros

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agoMerge branch 'floating/opts' of git://dev.medozas.de/iptables
Patrick McHardy [Thu, 12 May 2011 09:11:51 +0000 (11:11 +0200)] 
Merge branch 'floating/opts' of git://dev.medozas.de/iptables

14 years agoMerge branch 'opts' of git://dev.medozas.de/iptables
Patrick McHardy [Wed, 11 May 2011 11:43:44 +0000 (13:43 +0200)] 
Merge branch 'opts' of git://dev.medozas.de/iptables

14 years agoMerge branch 'master' of git://dev.medozas.de/iptables
Patrick McHardy [Wed, 11 May 2011 11:43:04 +0000 (13:43 +0200)] 
Merge branch 'master' of git://dev.medozas.de/iptables

14 years agoMerge branch 'opts' of git://dev.medozas.de/iptables
Patrick McHardy [Mon, 9 May 2011 18:23:21 +0000 (20:23 +0200)] 
Merge branch 'opts' of git://dev.medozas.de/iptables

14 years agolibipt_SAME: use guided option parser
Jan Engelhardt [Mon, 9 May 2011 00:29:02 +0000 (02:29 +0200)] 
libipt_SAME: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibipt_REDIRECT: use guided option parser
Jan Engelhardt [Sun, 8 May 2011 23:10:30 +0000 (01:10 +0200)] 
libipt_REDIRECT: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibipt_MASQUERADE: use guided option parser
Jan Engelhardt [Sun, 8 May 2011 17:46:17 +0000 (19:46 +0200)] 
libipt_MASQUERADE: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibipt_SNAT: use guided option parser
Jan Engelhardt [Sun, 8 May 2011 17:07:28 +0000 (19:07 +0200)] 
libipt_SNAT: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibipt_DNAT: use guided option parser
Jan Engelhardt [Sun, 8 May 2011 16:18:46 +0000 (18:18 +0200)] 
libipt_DNAT: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxt_iprange: use guided option parser
Jan Engelhardt [Sat, 7 May 2011 12:39:08 +0000 (14:39 +0200)] 
libxt_iprange: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibipt_CLUSTERIP: use guided option parser
Jan Engelhardt [Sun, 8 May 2011 12:43:55 +0000 (14:43 +0200)] 
libipt_CLUSTERIP: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxt_mac: use guided option parser
Jan Engelhardt [Sat, 7 May 2011 01:18:11 +0000 (03:18 +0200)] 
libxt_mac: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxtables: XTTYPE_ETHERMAC support
Jan Engelhardt [Sun, 8 May 2011 11:31:19 +0000 (13:31 +0200)] 
libxtables: XTTYPE_ETHERMAC support

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibip6t_rt: use guided option parser
Jan Engelhardt [Sun, 8 May 2011 10:53:20 +0000 (12:53 +0200)] 
libip6t_rt: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibip6t_mh: use guided option parser
Jan Engelhardt [Sun, 8 May 2011 10:16:18 +0000 (12:16 +0200)] 
libip6t_mh: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxt_conntrack: use guided option parser
Jan Engelhardt [Sun, 8 May 2011 10:15:49 +0000 (12:15 +0200)] 
libxt_conntrack: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agodoc: S/DNAT allows to omit IP addresses
Jan Engelhardt [Mon, 9 May 2011 14:34:46 +0000 (16:34 +0200)] 
doc: S/DNAT allows to omit IP addresses

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agoiptables: fix the dead loop when meeting unknown options
Changli Gao [Mon, 14 Mar 2011 06:23:31 +0000 (14:23 +0800)] 
iptables: fix the dead loop when meeting unknown options

Signed-off-by: Changli Gao <xiaosuo@gmail.com>
14 years agoMerge branch 'opts' of git://dev.medozas.de/iptables
Patrick McHardy [Mon, 9 May 2011 09:26:32 +0000 (11:26 +0200)] 
Merge branch 'opts' of git://dev.medozas.de/iptables

14 years agolibxt_ipvs: use guided option parser
Jan Engelhardt [Sat, 7 May 2011 11:03:06 +0000 (13:03 +0200)] 
libxt_ipvs: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxtables: XTTYPE_PROTOCOL support
Jan Engelhardt [Sat, 7 May 2011 10:56:39 +0000 (12:56 +0200)] 
libxtables: XTTYPE_PROTOCOL support

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxt_limit: use guided option parser
Jan Engelhardt [Sat, 7 May 2011 01:26:08 +0000 (03:26 +0200)] 
libxt_limit: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibipt_NETMAP: use guided option parser
Jan Engelhardt [Sun, 8 May 2011 19:12:46 +0000 (21:12 +0200)] 
libipt_NETMAP: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxt_multiport: use guided option parser
Jan Engelhardt [Fri, 6 May 2011 22:15:49 +0000 (00:15 +0200)] 
libxt_multiport: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxt_osf: use guided option parser
Jan Engelhardt [Fri, 6 May 2011 20:59:07 +0000 (22:59 +0200)] 
libxt_osf: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxt_owner: use guided option parser
Jan Engelhardt [Fri, 6 May 2011 20:49:43 +0000 (22:49 +0200)] 
libxt_owner: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxt_policy: use guided option parser
Jan Engelhardt [Fri, 6 May 2011 15:45:12 +0000 (17:45 +0200)] 
libxt_policy: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxtables: XTTYPE_HOSTMASK support
Jan Engelhardt [Thu, 5 May 2011 12:19:25 +0000 (14:19 +0200)] 
libxtables: XTTYPE_HOSTMASK support

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxt_hashlimit: use guided option parser
Jan Engelhardt [Wed, 4 May 2011 21:18:57 +0000 (23:18 +0200)] 
libxt_hashlimit: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxtables: XTTYPE_PLEN support
Jan Engelhardt [Wed, 4 May 2011 15:25:54 +0000 (17:25 +0200)] 
libxtables: XTTYPE_PLEN support

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxtables: flag invalid uses of XTOPT_PUT
Jan Engelhardt [Thu, 5 May 2011 10:53:14 +0000 (12:53 +0200)] 
libxtables: flag invalid uses of XTOPT_PUT

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxtables: do not overlay addr and mask parts, and cleanup
Jan Engelhardt [Wed, 4 May 2011 14:41:13 +0000 (16:41 +0200)] 
libxtables: do not overlay addr and mask parts, and cleanup

XTTYPE_HOSTMASK will require that what has now become haddr,
hmask/hlen are not overlays of another. Thus relax the structure and
always set all members of the {haddr, hmask, hlen} triplet now for all
types that touch any of the members.

Add some more comments and clean out ONEHOST.

14 years agolibxt_recent: use guided option parser
Jan Engelhardt [Wed, 4 May 2011 10:30:15 +0000 (12:30 +0200)] 
libxt_recent: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxt_connlimit: use guided option parser
Jan Engelhardt [Sun, 1 May 2011 19:52:25 +0000 (21:52 +0200)] 
libxt_connlimit: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxtables: support for XTTYPE_PLENMASK
Jan Engelhardt [Mon, 2 May 2011 00:13:16 +0000 (02:13 +0200)] 
libxtables: support for XTTYPE_PLENMASK

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxt_NFLOG: use guided option parser
Jan Engelhardt [Sun, 1 May 2011 14:27:46 +0000 (16:27 +0200)] 
libxt_NFLOG: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxt_IDLETIMER: use guided option parser
Jan Engelhardt [Sun, 1 May 2011 14:11:31 +0000 (16:11 +0200)] 
libxt_IDLETIMER: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxt_statistic: use guided option parser
Jan Engelhardt [Mon, 2 May 2011 16:26:31 +0000 (18:26 +0200)] 
libxt_statistic: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxtables: XTTYPE_DOUBLE support
Jan Engelhardt [Mon, 2 May 2011 16:09:59 +0000 (18:09 +0200)] 
libxtables: XTTYPE_DOUBLE support

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxt_statistic: increase precision on create and dump
Jan Engelhardt [Mon, 2 May 2011 14:38:11 +0000 (16:38 +0200)] 
libxt_statistic: increase precision on create and dump

Currently, libxt_statistic only dumps the probability with a
granularity of 1/1000000. Assuming only stuffed packets with 1440
bytes payload, this would match approximately every 1.341 GB, which is
pretty low for a high-volume router. Trying to match any larger
interval than that (e.g. 2 GB) will cause libxt_statistic to output
"--probability 0.000000", and when restored, will cause it to never
match again.

Bump the dump precision to what xt_statistic can really do, and adjust
the manpage to include a word about it.

Furthermore, employ explicit rounding when reading the argument from
the command line, because the previous implicit conversion would use
truncation, which is not very exact.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxt_statistic: streamline and document possible placement of negation
Jan Engelhardt [Mon, 2 May 2011 14:29:18 +0000 (16:29 +0200)] 
libxt_statistic: streamline and document possible placement of negation

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agoextensions: const annotations
Jan Engelhardt [Fri, 6 May 2011 22:05:24 +0000 (00:05 +0200)] 
extensions: const annotations

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxtables: output name of extension on rev detect failure
Jan Engelhardt [Thu, 5 May 2011 10:54:52 +0000 (12:54 +0200)] 
libxtables: output name of extension on rev detect failure

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxt_owner: remove ifdef IPT_COMM_OWNER
Jan Engelhardt [Fri, 6 May 2011 19:58:38 +0000 (21:58 +0200)] 
libxt_owner: remove ifdef IPT_COMM_OWNER

Ever since we keep a copy of the header files anyway, IPT_COMM_OWNER
is always available.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agoextensions: remove bogus use of XT_GETOPT_TABLEEND
Jan Engelhardt [Sat, 7 May 2011 02:01:25 +0000 (04:01 +0200)] 
extensions: remove bogus use of XT_GETOPT_TABLEEND

Commit v1.4.8-36-g32b8e61 added this end marker in a little too many
places: at non-getopt places. Fix that.

Also change the definition of XT_GETOPT_TABLEEND to reference a struct
getopt member by name so that this cannot happen again.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxt_u32: add missing call to xtables_option_parse
Jan Engelhardt [Fri, 6 May 2011 20:40:35 +0000 (22:40 +0200)] 
libxt_u32: add missing call to xtables_option_parse

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxtables: fix assignment in wrong offset (XTTYPE_UINT*RC)
Jan Engelhardt [Mon, 2 May 2011 00:43:15 +0000 (02:43 +0200)] 
libxtables: fix assignment in wrong offset (XTTYPE_UINT*RC)

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxt_tos: add inversion support back again
Jan Engelhardt [Sun, 1 May 2011 17:58:56 +0000 (19:58 +0200)] 
libxt_tos: add inversion support back again

It was unfortunately removed during the option parser switch.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxt_dccp: use guided option parser
Jan Engelhardt [Wed, 20 Apr 2011 08:17:33 +0000 (10:17 +0200)] 
libxt_dccp: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxt_udp: use guided option parser
Jan Engelhardt [Tue, 19 Apr 2011 13:44:48 +0000 (15:44 +0200)] 
libxt_udp: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxtables: XTTYPE_PORTRC support
Jan Engelhardt [Sun, 17 Apr 2011 11:33:50 +0000 (13:33 +0200)] 
libxtables: XTTYPE_PORTRC support

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agoextensions: remove unused TOS code
Jan Engelhardt [Fri, 29 Apr 2011 00:19:52 +0000 (02:19 +0200)] 
extensions: remove unused TOS code

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxt_tos: use guided option parser
Jan Engelhardt [Fri, 29 Apr 2011 00:12:56 +0000 (02:12 +0200)] 
libxt_tos: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxt_TOS: use guided option parser
Jan Engelhardt [Thu, 28 Apr 2011 23:25:14 +0000 (01:25 +0200)] 
libxt_TOS: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agocombine ip6?tables-multi into xtables-multi
Maciej Żenczykowski [Tue, 5 Apr 2011 05:30:16 +0000 (22:30 -0700)] 
combine ip6?tables-multi into xtables-multi

Signed-off-by: Maciej Zenczykowski <maze@google.com>
14 years agoMove common parts of libext{4,6}.a into libext.a
Maciej Żenczykowski [Wed, 6 Apr 2011 20:35:11 +0000 (13:35 -0700)] 
Move common parts of libext{4,6}.a into libext.a

Signed-off-by: Maciej Zenczykowski <maze@google.com>
14 years agoAdd --ipv4/-4 and --ipv6/-6 support to ip6?tables{,-restore}.
Maciej Żenczykowski [Thu, 14 Apr 2011 09:22:14 +0000 (02:22 -0700)] 
Add --ipv4/-4 and --ipv6/-6 support to ip6?tables{,-restore}.

This enables one to have a single configuration file for both ipv4 and ipv6
firewall rules.

Example:
  iptables-restore config
  ip6tables-restore config

Where the file 'config' contains:
  *filter
  :INPUT ACCEPT [0:0]
  :FORWARD ACCEPT [0:0]
  :OUTPUT ACCEPT [0:0]
  :ssh - [0:0]

  -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
  -A INPUT -m state --state INVALID -j DROP
  -A INPUT -i lo -j ACCEPT
  -A INPUT -4 -p icmp -j ACCEPT
  -A INPUT -6 -p icmpv6 -j ACCEPT
  -A INPUT -p tcp --dport 22 -m state --state NEW -j ssh
  -A ssh -j ACCEPT

  COMMIT

Signed-off-by: Maciej Zenczykowski <maze@google.com>
14 years agoDon't load ip6?_tables module when already loaded
Maciej Zenczykowski [Tue, 19 Apr 2011 07:14:04 +0000 (09:14 +0200)] 
Don't load ip6?_tables module when already loaded

Signed-off-by: Maciej Zenczykowski <maze@google.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
14 years agoMerge branch 'floating/opts' of git://dev.medozas.de/iptables
Patrick McHardy [Mon, 18 Apr 2011 13:03:22 +0000 (15:03 +0200)] 
Merge branch 'floating/opts' of git://dev.medozas.de/iptables

14 years agoSET target revision 2 added
Jozsef Kadlecsik [Sun, 17 Apr 2011 09:38:18 +0000 (11:38 +0200)] 
SET target revision 2 added

The new revision of the SET target supports the following new operations

- specifying the timeout value of the entry to be added
- flag to instruct the kernel that if the entry already
  exists then reset the timeout value to the specified one (or
  to the default from the set definition)

14 years agoxtoptions: respect return value in xtables_getportbyname
Jan Engelhardt [Thu, 14 Apr 2011 11:54:24 +0000 (13:54 +0200)] 
xtoptions: respect return value in xtables_getportbyname

If ret was negative, ntohs may make it positive, which is undesired.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxt_TEE: use guided option parser
Jan Engelhardt [Thu, 14 Apr 2011 11:42:43 +0000 (13:42 +0200)] 
libxt_TEE: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agobuild: bump libxtables ABI version
Jan Engelhardt [Thu, 14 Apr 2011 11:34:18 +0000 (13:34 +0200)] 
build: bump libxtables ABI version

Adding the x6_* members to struct xtables_{match,target} caused a
change requiring a bump.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibipt_ULOG: use guided option parser
Jan Engelhardt [Tue, 8 Mar 2011 00:24:26 +0000 (01:24 +0100)] 
libipt_ULOG: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxt_TPROXY: use guided option parser
Jan Engelhardt [Wed, 9 Feb 2011 01:15:22 +0000 (02:15 +0100)] 
libxt_TPROXY: use guided option parser

I am starting with a simple module here that does not require a
final_check function.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxtables: XTTYPE_PORT support
Jan Engelhardt [Mon, 14 Feb 2011 14:12:50 +0000 (15:12 +0100)] 
libxtables: XTTYPE_PORT support

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxtables: XTTYPE_ONEHOST support
Jan Engelhardt [Mon, 14 Feb 2011 14:10:15 +0000 (15:10 +0100)] 
libxtables: XTTYPE_ONEHOST support

The bonus of the POSIX socket API is that it is almost protocol-agnostic
and that there are ready-made functions to take over the gist of address
parsing and packing.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibip[6]t_LOG: use guided option parser
Jan Engelhardt [Tue, 15 Feb 2011 11:05:12 +0000 (12:05 +0100)] 
libip[6]t_LOG: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxtables: XTTYPE_SYSLOGLEVEL support
Jan Engelhardt [Tue, 15 Feb 2011 21:10:48 +0000 (22:10 +0100)] 
libxtables: XTTYPE_SYSLOGLEVEL support

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxt_string: use guided option parser
Jan Engelhardt [Sun, 6 Mar 2011 17:12:04 +0000 (18:12 +0100)] 
libxt_string: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxtables: pass struct xt_entry_{match,target} to x6 parser
Jan Engelhardt [Sun, 6 Mar 2011 17:11:58 +0000 (18:11 +0100)] 
libxtables: pass struct xt_entry_{match,target} to x6 parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxt_TCPMSS: use guided option parser
Jan Engelhardt [Sun, 6 Mar 2011 17:00:05 +0000 (18:00 +0100)] 
libxt_TCPMSS: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxt_NFQUEUE: use guided option parser
Jan Engelhardt [Sun, 6 Mar 2011 16:54:50 +0000 (17:54 +0100)] 
libxt_NFQUEUE: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxt_CT: use guided option parser
Jan Engelhardt [Sun, 6 Mar 2011 16:47:03 +0000 (17:47 +0100)] 
libxt_CT: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxtables: XTTYPE_UINT16 support
Jan Engelhardt [Sun, 6 Mar 2011 16:42:51 +0000 (17:42 +0100)] 
libxtables: XTTYPE_UINT16 support

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxt_connbytes: use guided option parser
Jan Engelhardt [Sun, 6 Mar 2011 16:19:10 +0000 (17:19 +0100)] 
libxt_connbytes: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxtables: XTTYPE_UINT64RC support
Jan Engelhardt [Sun, 6 Mar 2011 16:13:54 +0000 (17:13 +0100)] 
libxtables: XTTYPE_UINT64RC support

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxtables: XTTYPE_UINT8RC support
Jan Engelhardt [Sun, 6 Mar 2011 16:09:19 +0000 (17:09 +0100)] 
libxtables: XTTYPE_UINT8RC support

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxt_tcpmss: use guided option parser
Jan Engelhardt [Sun, 6 Mar 2011 16:04:35 +0000 (17:04 +0100)] 
libxt_tcpmss: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxt_length: use guided option parser
Jan Engelhardt [Sun, 6 Mar 2011 16:00:49 +0000 (17:00 +0100)] 
libxt_length: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxtables: XTTYPE_UINT16RC support
Jan Engelhardt [Sun, 6 Mar 2011 15:59:23 +0000 (16:59 +0100)] 
libxtables: XTTYPE_UINT16RC support

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>